don't do the switch when the capture can't be started
(e.g. because we didn't select any interface from which to capture)
Change-Id: Ibabd703863d546c95b9fbe9bd2280d67a22dfc26
Reviewed-on: https://code.wireshark.org/review/9072
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
... we go back to the main welcome screen like we do in GTK
Change-Id: I64ef29665af61da55c1971ca59d1fab25d205874
Reviewed-on: https://code.wireshark.org/review/9071
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Immediately release memory after using it, fixes a direct memleak
warning from ASAN.
Change-Id: Icd3ff19c607da790a4a093966e1966cb0df6bb9d
Reviewed-on: https://code.wireshark.org/review/9069
Reviewed-by: Anders Broman <a.broman58@gmail.com>
before hfinfo is actually used (coverity 1293631)
Change-Id: I270c30c4699cd6f831a38986e6c8024c2e9ef47a
Reviewed-on: https://code.wireshark.org/review/9061
Reviewed-by: Anders Broman <a.broman58@gmail.com>
to zero in the function call if the file does not exist. The general code
seems to work with MSVC2015 so use that.
Change-Id: Ic5360089f96be620fbe99ba4e819e0caa5ca0215
Reviewed-on: https://code.wireshark.org/review/9070
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It was already added to the clean dissectors list, but wasn't removed
from the dirty dissectors list, so it was built twice and linked in
twice, and hilarity ensued.
Change-Id: Ic4636f17b61e619546dc21a04ebbaace0296d583
Reviewed-on: https://code.wireshark.org/review/9067
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Up to know Qt 'Decode As' window was saving manual configuration automatically, contrary to GTK UI.
This can be misleading when decoding protocols without a fixed identifier (port number, USB bus/device id, ...).
Opening a new trace might lead to previous and now irrelevant settings being applied.
Make this optional and add a Save button to permanently store the current configuration.
Change-Id: I077c560f9e71cab16a74247e2e9d87523c0ed85e
Reviewed-on: https://code.wireshark.org/review/9058
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The return values of new-style dissectors always use the captured length, so
replace those automagically with sed.
Change-Id: Ic43072ee4a80d433cd4264444583a0e670adc26a
Reviewed-on: https://code.wireshark.org/review/9065
Reviewed-by: Evan Huus <eapache@gmail.com>
Don't reselect the current row in redrawVisiblePackets. That routine is
called in quite a few places, including ones where we don't want to
automatically scroll to the current packet.
Change-Id: Ia29a832235c0e260d8b17f1ce76745047700537b
Reviewed-on: https://code.wireshark.org/review/9064
Reviewed-by: Gerald Combs <gerald@wireshark.org>
distinguish between the length field in the packet and the current item's length
make sure that the length field fits into a gint variable
add a cast to the return value of tvb_strsize()
don't throw an exception manually
Change-Id: I2debab778be3e34d68b1be31963d2d9260a30e0e
Reviewed-on: https://code.wireshark.org/review/9056
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Also regenerate all to pick up the usage of https in some comment links.
Change-Id: Ic17b6368d2118627178b0b560031450d98e5b5e5
Reviewed-on: https://code.wireshark.org/review/9060
Reviewed-by: Evan Huus <eapache@gmail.com>
new function dissect_zvt_tlv_len(), use it for the total length
and for each tlv entry's length field
Change-Id: I2b7ba6939ddf0326b014c565ffbe5d16e3a88282
Reviewed-on: https://code.wireshark.org/review/9059
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
This got missed in the initial refactoring.
Change-Id: I98dcc0816e065efab9b497f753c8d2d388349ff3
Reviewed-on: https://code.wireshark.org/review/9044
Reviewed-by: Michael Mann <mmann78@netscape.net>
It's currently crashing in the Solaris buildbot when we do "tshark -v";
hopefully this will give us something more useful than
test.sh: line 144: 21543 Abort (core dumped) $TSHARK -v
"Version information" Failed!
Failed to print version information
Binary file ./core matches
as a diagnostic.
Change-Id: I278c8dd9f6acf5ddfa83bc0a7f3f7a3c48577ac2
Reviewed-on: https://code.wireshark.org/review/9052
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The radiotap and PPI specs don't call them type fields, and don't list
them as having type values, they call them flags fields and list the
individual bits.
Listing them as type fields is especially confusing with radiotap, as
you can have multiple fields giving *different* channel types, as per,
for example
https://ask.wireshark.org/questions/42888/multiple-channel-types-and-mcs-missing
where an 802.11ac packet has one "channel type" field claiming it's
802.11a and another one claiming it's 802.11n when it is, in fact,
*neither* 11a *nor* 11n.
If you want to know the channel type, look at the "802.11 radio
information" tree that comes before the 802.11 header tree; it gives a
reasonable summary of most of the radio metadata, giving the *correct*
channel type, and not showing any field multiple times. Look at the
radiotap or PPI or... tree only if either 1) you're debugging a driver
that creates those headers or 2) there's some data in the header that
*doesn't* show up in any form in the 802.11 radio information tree (in
which case the code for radio information probably needs to be changed
to show it).
Change-Id: I545b81b08a993dbb219fa7a4f54daac3637ea071
Reviewed-on: https://code.wireshark.org/review/9051
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Switch from a plain QProgressBar to a QFrame with a QProgressBar and a
stop button.
Add a stop_flag boolean to the capture_file struct.
To do:
- Start adding the progress bar to dialogs.
- Don't complain so loudly when the user stops a capture.
Change-Id: Iedd1d7d79f2044f1a53e4fb22186d25930a3ef03
Reviewed-on: https://code.wireshark.org/review/9029
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Calling g_list_remove_link(link, llink) does not free the removed
last link llink. g_list_next or g_list_foreach+g_free followed by
g_list_free should be used instead such that the data is freed before
and then dropped from the list.
This fixes a memleak in tshark -r dns.pcap detected by ASAN (single
packet).
Set pref->default_val.list = NULL just in case, and with symmetry with
capture_columns handling.
Change-Id: I3cc52e275784037ab40c0b42c68d0dd83b73cd98
Reviewed-on: https://code.wireshark.org/review/9026
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
It turns out that a heur_dissector_list_t structure was not released,
only the GSList inside it. Ensure that this list gets released as well.
Change-Id: If79deb5d011d306477d082368744addcee794ae1
Reviewed-on: https://code.wireshark.org/review/9040
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Part 2 !
Change-Id: Iaa46f3d785cbff6b397edf5bd54c0c3cf65a7264
Reviewed-on: https://code.wireshark.org/review/8822
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
tvb_strsize() returns guint
remove the if (tree) while we're at it
Change-Id: Icc24f166104a3e9b95fca2ef14a7bd8be2677cba
Reviewed-on: https://code.wireshark.org/review/9047
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I497b77dec1eb4617179d492838ecd7d267539ba4
Reviewed-on: https://code.wireshark.org/review/9043
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I6edda434d02a4926a2ec7a2580a7f684b6e96ee6
Reviewed-on: https://code.wireshark.org/review/9008
Reviewed-by: Michael Mann <mmann78@netscape.net>
Fetch the flags before using them; thanks to Peter Wu for catching that
one.
Fetch and use the frequency and channel.
Have cflags be the variable for the flags in Channel and xcflags be the
variable for the flags in XChannel.
Change-Id: If82f7adb448eef04b769186a90a8722d03a702a3
Reviewed-on: https://code.wireshark.org/review/9038
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Avoid accessing the first byte before an empty dirname. No idea why this
was not triggered before. Reproduced with an empty Wireshark profile and
wireshark and wireshark-qt.
Caught with ASAN.
Change-Id: I44f8fdab03ad0f24e663df63a1c54567996a3dfc
Reviewed-on: https://code.wireshark.org/review/9037
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
It is an implementation detail that the data pointer contains a GSList*.
Use the type that got inserted into function
register_heur_dissector_list.
Change-Id: I25b6414afa73818baa0c955a5c8aa7669f3058ee
Reviewed-on: https://code.wireshark.org/review/9035
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
This got reported with Perl 5.22:
Unescaped left brace in regex is deprecated, passed through in
regex; marked by <-- HERE in m/^typedef enum { <-- HERE / at
epan/wslua/make-init-lua.pl line 228.
The perldelta manual page says this about it:
"[..] a future version of Perl (tentatively v5.26) will consider
this to be a syntax error."
Change-Id: I7f23cc10dc3311a35d8c15faa4337e4d50d0bd61
Reviewed-on: https://code.wireshark.org/review/9034
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Provide that information so that the "802.11 radio information" protocol
can indicate whether a packet was 802.11 legacy/11b/11a/11g/11n/11ac,
and possibly whether it's 2.4 GHz or 5 GHz 11n. (Sometimes the center
frequency might not be supplied, so the band information can be useful.)
Also, provide some 11ac information, now that we can distinguish between
11n and 11ac. Don't calculate the data rate from the MCS index unless
it's 11n; we don't yet have code to calculate it for 11ac.
For radiotap, only provide guard interval information for 11n and 11ac,
not for earlier standards.
Handle the 11ac flag in the Peek remote protocol.
For Peek tagged files, the "extension flags" are 11n/11ac flags, so we
don't have to check for the "MCS used" bit in order to decide that the
packet is 11n or 11ac or to decide whether to provide the "bandwidth" or
"short GI" information.
Change-Id: Ia8a1a9b11a35243ed84eb4e72c384cc77512b098
Reviewed-on: https://code.wireshark.org/review/9032
Reviewed-by: Guy Harris <guy@alum.mit.edu>
parse_key_string reads from rec->string and rec->key (without
modifying those parameters), then returns a newly allocated
decryption_key_t struct which is not used except for reading the
type field. Release memory after copying that single field!
Change-Id: Iac19bea23dedb73cab9dd1ea09f98cc83556e96c
Reviewed-on: https://code.wireshark.org/review/9025
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
when no interfaces are available at startup, the number of columns in
the interface tree is set to 1
when new interfaces become available later, the column number is not
reset to the default value and we end up with an interface list whose
entries are not visible
reset the number of columns each time the interface list is updated
Change-Id: I267c5b47da6d5ae9e7769b1036622f79da4d97f2
Reviewed-on: https://code.wireshark.org/review/8996
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Change-Id: I47795fb9e1044f4319721c3bf1208c269a4b9c34
Reviewed-on: https://code.wireshark.org/review/9023
Reviewed-by: Michael Mann <mmann78@netscape.net>
Martin Mathieson