UatTreeView had two functions:
1. Saner navigation functionality when pressing tab.
2. Start editing when the currently selected item changes.
Since this tab navigation functionality is desired in more places,
extract this functionality. Add more documentation while at it and use
an alternative, declarative style to connect signals.
Move the second functionality to the caller since not all views need it.
Change-Id: Ibe886f2c2763dbe024614203a44b72173fbbce06
Reviewed-on: https://code.wireshark.org/review/22639
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The IP address has been unused since 2.0. The port/protocol fields have
become unnecessary since 2.4 with the introduction of Decode As. Do not
require the user to specify these fields if they just want to set the
RSA key file.
In a future version, these three fields will be completely removed.
Change-Id: Iefc5a8778aa1122b76b707018c00b6ec429dc107
Reviewed-on: https://code.wireshark.org/review/22640
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I1332c63d59edf5b2a2ac8fe605d6f15cf6afa4ae
Reviewed-on: https://code.wireshark.org/review/22638
Reviewed-by: Yasuyuki Tanaka <yatch1.tanaka@toshiba.co.jp>
Reviewed-by: Jonathan M Munoz S <jonathan.munoz@inria.fr>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Be sure to display the extended description for UAT fields in the
tooltip for the column header like GTK+ did.
Change-Id: I294d2d3fb7f6d55df239129bea5d780b15deacc6
Reviewed-on: https://code.wireshark.org/review/22641
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
(A further fix should be "don't put the "Capture" section into the
welcome screen if we have neither libpcap nor extcap".)
Change-Id: I83e65e6dc31040292af7fe88ccd73e485613c76f
Reviewed-on: https://code.wireshark.org/review/22634
Reviewed-by: Guy Harris <guy@alum.mit.edu>
global_capture_opts is only defined when libpcap or extcap are enabled.
Change-Id: If692a7ac365b77d9efc52f589fef1aa906d5d14e
Fixes: v2.5.0rc0-425-ge036f4a282 ("Qt: Main Welcome behavior tweaks.")
Reviewed-on: https://code.wireshark.org/review/22629
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Update the recent item list and interface tree style sheets so that
hovered items have a different background color. This should make it
more obvious that they can be clicked.
Select the default interface (or failing that, the first interface) at
application startup and focus on the interface tree. This should make it
less likely that the user will start typing in a capture filter with the
wrong (or no) interface selected. Note that we should probably track
selected interfaces in the recent file instead of forcing the user to
select one via the preferences.
This should hopefully address some of the issues in bug 12636 and do so
without changing the layout (which we can do in another commit).
Change-Id: I96a417973f4270a70f41d04c40c4947a09613bdc
Ping-Bug: 12636
Reviewed-on: https://code.wireshark.org/review/22627
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Rename "enterprises" to "enterprises.tsv" so that its format is a bit more
obvious and so that double-clicking the file might do something useful.
Add it to the Windows packages.
Change-Id: I5ef54a04ce1b4926aa4535e756e04b3e2a56d463
Reviewed-on: https://code.wireshark.org/review/22616
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The default QTreeView/QTreeWidget behavior for (Shift-)Tab navigation is
to select the previous/next row. For data entries with multiple columns
(such as the UAT dialog or the coloring rules dialog), column
navigation is closer to what a user would expect, so implement that.
Bug: 13856
Change-Id: Ib585030380f894e0be214a95107cb264afac7eee
Reviewed-on: https://code.wireshark.org/review/22561
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The vsockmon packet header is defined in <linux/vsockmon.h> as follows:
struct af_vsockmon_hdr {
__le64 src_cid;
__le64 dst_cid;
__le32 src_port;
__le32 dst_port;
__le16 op; /* enum af_vsockmon_op */
__le16 transport; /* enum af_vsockmon_transport */
__le16 len; /* Transport header length */
__u8 reserved[2];
};
The vsock dissector forgot to include the 2-byte reserved field. This
caused the transport header and payload that follow the vsockmon header
to contain junk data.
Change-Id: I0e7e6f1d9ad96ab339bd070c1becf43bc7e6a6b1
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-on: https://code.wireshark.org/review/22612
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
A linktype was recently assigned to Linux vsock in libpcap commit
cfdded36ddcf5d01e1ed9f5d4db596b744a6cda5 ("added DLT_VSOCK for
http://qemu-project.org/Features/VirtioVsock").
The Wireshark vsock dissector can now be automatically applied when
wtap_encap matches the new WTAP_ENCAP_VSOCK constant.
This patch makes Wireshark dissect vsock packet captures without
manually specifying the dissector.
Change-Id: If252071499a61554f624c9ce0ce45a0ccfa88d7a
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-on: https://code.wireshark.org/review/22611
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Add table in SMB2 protocol options to store Session ID => Session Key
mappings. If we find a matching session id while dissecting, use session
key from the table to derive crypto keys used for decryption.
Sample from https://wiki.wireshark.org/SampleCaptures#SMB3_encryption
can be loaded as follows:
tshark -ouat:smb2_seskey_list:3d00009400480000,28f2847263c83dc00621f742dd3f2e7b -r smb3-aes-128-ccm.pcap
To obtain the session id and key you can compile your kernel with
CIFS_DEBUG_KEYS enabled and all the info should be printed on the
console when cifs.ko generates keys. The patch that adds this
config option was merged recently and should appear in the
not-yet-released 4.13 kernel.
Alternatively you can read the keys from live memory on a x86_64
system by running a gdb script as root (see email [1] for usage and
source [2]).
[1]: https://lists.samba.org/archive/samba-technical/2017-May/120755.html
[2]: http://lists.samba.org/pipermail/samba-technical/attachments/20170524/2950140e/cifs_dump_keys.py
Change-Id: I2709bb5fb316a4a3614901efe967196c2925609a
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-on: https://code.wireshark.org/review/21711
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
RFC 8197 defines the new status code 607 Unwanted
Change-Id: I61299788b25f5ada460c88949bed3cabddc3908f
Reviewed-on: https://code.wireshark.org/review/22618
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Still open: Reassembly and support for KMP payload dissection besides EAPOL
Bug: 13883
Change-Id: I48a1e6af5c6fb5594fb4e6a5258db0d8ebaf4a70
Reviewed-on: https://code.wireshark.org/review/22597
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Move all utility widgets to the widgets subdirectory and
add separate source_group for their files
Correct some alphabetization in ui/qt/CMakeLists.txt noticed
during compare.
Change-Id: I2d664edc2b32f126438fb673ea53a5ae94cd43d1
Reviewed-on: https://code.wireshark.org/review/22531
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Fix to dissect packets from certain implementations of this protocol which have
null padding at the end of otherwise valid packets.
Change-Id: Ic7790d9bbcf9467a9de0aa738e65a597802ce494
Reviewed-on: https://code.wireshark.org/review/22593
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
'zbee_zcl_se.met.publish_snapshot.payload_type' exists multiple times with NOT compatible types: FT_BYTES and FT_UINT8
Change-Id: I97bc7cb467508192a3597836b721778341bc756c
Reviewed-on: https://code.wireshark.org/review/22590
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
byte 64 bit BER encoded unsigned number.
Change-Id: I43e4a7f3103fac458a528022e0fdf6f0947804dc
Reviewed-on: https://code.wireshark.org/review/22585
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Added as option with the default value set to TRUE. Dissection is based on
file generated from Tektronix Monitoring Solution for Mobile Networks.
Change-Id: Iedb2e742d1d406bc68e41334cac4a15da443cf3f
Reviewed-on: https://code.wireshark.org/review/22507
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This code is borrowed from a patch proposed by altaf329@gmail.com in june 2015
(Ice136a9cb950bb97a11bee4486071b6883a0cad7) and adapted to fit current wireshark code (and minus the LTE MAC frame dissector).
Change-Id: Iaa1ea8b2d7a3e618f8aa14203449f2c77b4727f5
Reviewed-on: https://code.wireshark.org/review/22515
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
found by Robert Sauter
Change-Id: I8099797ae52bdee512c7dff0423717a5acb2d36f
Reviewed-on: https://code.wireshark.org/review/22582
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: I6a29e89eb18c737c257953f3dbe98727ad9815e9
Reviewed-on: https://code.wireshark.org/review/22556
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Isolate dissection of individual IEs to capture out-of-bound errors
and to continue with next IE on error.
More consistent display. Use dedicated HFs and ETTs.
More consistent code with fewer casts.
Add warning if IE dissection consumes less content than the
indicated length.
Change-Id: I1481145b9248eaa9f3d3ddf6c0e32d39b4a63861
Reviewed-on: https://code.wireshark.org/review/22577
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Many dissectors don't have an identifier to pass to a dissector table.
When using Decode As they all have a "value" function that returns 0
just so something is returned.
A first step to a cleaner refactor of the functionality is to allow
dissectors to provide a "prompt" function when registering Decode As
with register_decode_as_next_proto() so that the text exposed in
the GUI can vary, but the function that returns 0 (nothing) can be
consolidated under decode as registration functionality. This casts
a wider net for register_decode_as_next_proto() use.
Change-Id: I2995b3c251dae70f5f529b672473d25c6288ed5c
Reviewed-on: https://code.wireshark.org/review/22562
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
"Expert" has been treated as a protocol "internally", but I
doubt users would consider it one. Since the only preference
is a UAT, just make it its own leaf off of the main preference
tree (similar to Filter Expressions UAT) and not have it buried
with all of the protocols.
Change-Id: I385314d8791440e6ced3dbd71305ee75bc373e52
Reviewed-on: https://code.wireshark.org/review/22580
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Dario Lombardo