The signals related to capture events were refactored recently. Adjust
the follow stream dialogue to use the new CaptureEvent signal instead of
the now removed signal CaptureFileClosing.
Filter for context==file, event==closing in the signal handler.
Change-Id: I2d75b424fbf0a6734b0290aa205dd3d0c1ce053f
Reviewed-on: https://code.wireshark.org/review/24980
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
621498f88e fixed a crash that's caused by
closing the follow stream dialogue multiple times. Another way to get a
similar crash is to press the Back or "Filter out this stream" buttons
again while we're already about to close.
Ignore the two buttons in this case.
Change-Id: Ia8d7b3ca500db2519a784b42c0744e2527b9d5f6
Reviewed-on: https://code.wireshark.org/review/24839
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
The Follow Stream dialogue's button "Filter out this stream" filters out
the stream's packets and then closes the Follow Stream dialogue. This may
take a moment. If the user presses the Close button while the filtering
is still running, the dialogue will be closed twice. This causes a crash
which can be seen in ASAN builds.
==9485==ERROR: AddressSanitizer: SEGV on unknown address 0x60205e80001b (pc 0x7f923e672b8c sp 0x7fff73104600 bp 0x7fff73104600 T0)
#0 0x7f923e672b8b in QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject*, QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2d9b8b)
#1 0x7f924f46010b in QApplicationPrivate::notify_helper(QObject*, QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x13f10b)
#2 0x7f924f4655ff in QApplication::notify(QObject*, QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x1445ff)
#3 0x7f923e672dca in QCoreApplication::notifyInternal(QObject*, QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2d9dca)
#4 0x7f924f49ae54 in QWidgetPrivate::close_helper(QWidgetPrivate::CloseMode) (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x179e54)
#5 0x55f3e249582f in FollowStreamDialog::close() /media/sf_wireshark.git/ui/qt/follow_stream_dialog.cpp:327
#6 0x55f3e236e534 in FollowStreamDialog::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) ui/qt/moc_follow_stream_dialog.cpp:155
...
SUMMARY: AddressSanitizer: SEGV ??:0 QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject*, QEvent*)
==9485==ABORTING
Ignore the Close button if we know that we'll be closing the dialogue shortly.
Change-Id: Ibf1684fd75937e6b24fcb9ea62ae6acb038260e6
Reviewed-on: https://code.wireshark.org/review/24777
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
The split isn't necessary now that epan no longer uses the capture_file
structure.
Change-Id: Ia232712a2fb5db511865805518e8d03509b2167f
Reviewed-on: https://code.wireshark.org/review/24693
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have cfile-int.h declare the structure, and use it in files that
directly access the structure.
Have cfile.h just incompletely declare the structure and include it
rather than explicitly declaring it in source files or other header
files.
Never directly refer to struct _capture_file except when typedeffing
capture_file.
Add #includes as necessary, now that cfile.h doesn't drag in a ton of
Change-Id: I7931c8039d75ff7c980b0f2a6e221f20e602a556
Reviewed-on: https://code.wireshark.org/review/24686
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Added new user preference 'restore_filter_after_following_stream',
defaults to false.
When true, the current display filter is restored after following a stream.
Change-Id: I153107761003658c6d7f1464711da7b3adeb60a8
Reviewed-on: https://code.wireshark.org/review/22455
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It's not installed so like most other files it doesn't need or benefit
from the prefix.
Change-Id: I01517e06f12b3101fee21b68cba3bc6842bbef5c
Reviewed-on: https://code.wireshark.org/review/23751
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Following the move for widgets directory, moving utils
to the utils directory. Guidelines for this directory are:
- Generic use but not a widget
- Utility functionality used by many classes
Note: additionally all includes affected by this move have been changed
to absolute path includes, instead of relative ones.
Change-Id: I019ae4b6e6f6d06a5745a63ed195edbd36fb936b
Reviewed-on: https://code.wireshark.org/review/22602
Petri-Dish: Roland Knall <rknall@gmail.com>
Reviewed-by: Roland Knall <rknall@gmail.com>
Use the model from the 2.0 branch and earlier that only "tapped" the
follow data in a single location. This fixes duplicate data for
reassembled data and handles out-of-order packets.
Bug: 12855
Change-Id: I5268f13e3c08e9271acf026b859de693ad794c94
Reviewed-on: https://code.wireshark.org/review/18368
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
... Otherwise the user will see an empty stream after the Save-As operation.
Change-Id: Ibafcb4e4b670807702a8d8a5756544471f2eccc3
Reviewed-on: https://code.wireshark.org/review/16521
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
... rather than a structure (SslDecryptedRecord) which looks (mostly) like a
follow_record_t. (The biggest different is the former carries its data in a
StringInfo while the latter uses a GByteArray.)
With this change following SSL no longer needs its own special code.
This also fixes a crash after saving a followed SSL stream (in the Qt UI).
Bug: 12616
Change-Id: Ibdb2b85f8a6a30712743a5da420be1e6b78f5b92
Reviewed-on: https://code.wireshark.org/review/16516
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Update main filter after follow stream dialog is closed - Use:
previous_filter if new 'Back' button (passed in follow() method)
filter_out_filter_ if 'Filter Out This Stream' button (built by appending !current_stream to previous_filter)
leave filter alone if window closed using Close button or window close. (current stream)
Change-Id: Ic02edeaffdc65ff0f33cac4cb9afb8cde28963c7
Reviewed-on: https://code.wireshark.org/review/16277
Reviewed-by: Jim Young <jim.young.ws@gmail.com>
Petri-Dish: Jim Young <jim.young.ws@gmail.com>
Tested-by: Jim Young <jim.young.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
abort if it is -1
Change-Id: Ie14c18679ff74529731558d6742f63ebfb9fe97b
Reviewed-on: https://code.wireshark.org/review/15958
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add an option to display the "follow" data as UTF-16.
Bug: 237
Change-Id: Id95ffc014b8ef718f3b6e9f3415806ada309c3a2
Reviewed-on: https://code.wireshark.org/review/15702
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
If we don't, Save As will always fail.
(I broke this in 6a992182ce)
Change-Id: I4abfe495af3aee470331ae5464acbd7d08028bf0
Reviewed-on: https://code.wireshark.org/review/15547
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
When the user clicks Save As in the Follow Stream window, check that the
selected target file can be opened for writing. Bring up a warning box
if the file is not writable.
Change-Id: I76e67b064377dd432d3b14592f5096b99d9968c0
Reviewed-on: https://code.wireshark.org/review/15536
Reviewed-by: Michael Mann <mmann78@netscape.net>
This allows keeping the code-sharing with the static linking.
This "fixes" a hypothetical ABI mismatch with wsutil and avoids pulling more
external dependencies to wsutil than strictly necessary.
A nice side-effect is that libwsutil no longer depends on version.h.
Follow up to f95976eefc.
Change-Id: I8f0d6a557ab3f7ce6f0e2c269124c89f29d6ad23
Reviewed-on: https://code.wireshark.org/review/15002
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Replace some function calls with their non-deprecated equivalents so
that we can remove _CRT_NONSTDC_NO_DEPRECATE from CMakeLists.txt and
config.nmake.
Leave _CRT_SECURE_NO_DEPRECATE in place. Removing it failed with 145
warnings and 72 errors.
Note that we could probably improve startup performance by using wmem
in diam_dict.*.
Change-Id: I6e130003de838aebedbdd1aa78c50de8a339ddcb
Reviewed-on: https://code.wireshark.org/review/14883
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Alas, QByteArray's constructor takes an int, not a size_t, as a size.
Explicitly cast the size down to an int.
Change-Id: Idc24b5920e8e417dd8555628d685f94224fe47e1
Reviewed-on: https://code.wireshark.org/review/14836
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Make FollowStreamText a subclass of QPlainTextEdit instead of QTextEdit.
For large amounts of text, the former should be less unbearably slow
than the latter. Increase the maximum stream size to 500MB. This isn't
perfect but it's much more usable than 2MB and much easier than the next
step, which is to write our own text display widget.
Process UI events while we fill in the stream data. This gives us
behavior similar to the GTK+ UI and is similar to what we do in other
dialogs.
Switch from g_memdup+g_free to a QByteArray in the Qt UI and GByteArray
in the GTK+ UI.
Don't call readStream twice.
Make sure we free all of our stream data in the Qt UI. This fixes a
serious memory leak.
Ping-Bug: 11777
Change-Id: Ibad9bde86692ae07a80660566d1e661ab8b64601
Reviewed-on: https://code.wireshark.org/review/14271
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Add GeometryStateDialog class to handle load and save dialog geometry.
The QDialog class name will be used as window name. For shared
classes the UAT name or the statistics title or abbr will be used.
Change-Id: I5a019598307fb3861518f41e733de834788184d8
Reviewed-on: https://code.wireshark.org/review/14139
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Add settings to the QLineEdit context menu to use textual or regular
expression search. Use this in Follow Stream and Show Packet Bytes.
Change-Id: I3a9f5a923f616629aa40a334921871f98b518f30
Reviewed-on: https://code.wireshark.org/review/13942
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Put some extra spaces between hex and text output in follow stream
hex dump to align with the layout used in ByteViewText.
Change-Id: Ie2743ccf46a8941595580878955e96b9ada56de9
Reviewed-on: https://code.wireshark.org/review/13867
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Change required because functionality is now the same between two windowing systems (Hide vs. Filter)
Change-Id: Iec321c93cfe8eefe15bb287ea3267956146255c7
Reviewed-on: https://code.wireshark.org/review/13321
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Fixed code layout to use common style in the file.
Mostly whitespace changes.
Change-Id: Id37b57717a9e26248fad07322dff09b1d1f45ac2
Reviewed-on: https://code.wireshark.org/review/13504
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Create a "registration" system for Follow functionality so most of the work can be abstracted into a dissector and GUI can just be responsible for "display".
This also removes the global variables in follow.c to open up multithreading possibilities.
TCP, UDP and HTTP all have the same "tap interface" for Follow functionality (passing a tvb with byte data to "follow"). SSL still has it's own behavior, so Follow structures have to take that into account.
TShark through the Follow registration now has support for HTTP.
The only thing possibly missing is dynamic menu generation to further reduce explicit knowledge of Follow "type" (and rely on registration)
Bug: 11988
Change-Id: I559d9ee1312406ad0986d4dce9fa67ea2103b339
Reviewed-on: https://code.wireshark.org/review/13161
Reviewed-by: Michael Mann <mmann78@netscape.net>
No need for the GTK dependency on dissectors/packet-ipv6.h.
Add the stream_addr typedef in follow.h to make some code simpler.
Change-Id: I1cf906f58734a90263141362f2da33a140f93533
Reviewed-on: https://code.wireshark.org/review/13063
Reviewed-by: João Valverde <j@v6e.pt>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
[KISS - Keep It Simple, Stupid]
Convert the Follow TCP functionality to use a tap from the TCP dissector that passes the tvb of the payload. This makes things A LOT simpler, but relies on the TCP dissector to make all decisions.
The "tap" logic passes tvb data
1. Before calls to process_tcp_payload
2. Before hf_tcp_segment_data fields (that aren't retransmissions or otherwise handled)
Follow up patches will be necessary to clean up all of the supporting "follow" functionality that is now useless.
Bug: 6925
Bug: 9780
Change-Id: I4e7f5d453519be839de39a109bafa899b9987139
Reviewed-on: https://code.wireshark.org/review/13038
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I23806012fc4f7f3a791e380de0c364b5825f8951
Reviewed-on: https://code.wireshark.org/review/13037
Reviewed-by: David Morsberger <dave@morsberger.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
1. Populate packet number on follow HTTP handler.
2. Remove stream navigation (until its a little less buggy). This follows the convention of SSL which runs on top of a stream protocol (TCP), it's not a stream itself, which seems to be why its buggy.
Change-Id: Idf21be2a00a8fde0fbf16f40ca8c36a2a44b8993
Reviewed-on: https://code.wireshark.org/review/13027
Reviewed-by: David Morsberger <dave@morsberger.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I3817d12e473b67e26159e1562a08169e91f51d46
Reviewed-on: https://code.wireshark.org/review/13019
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This automatically detects and decompresses HTTP along a TCP stream through the use of taps.
Bug: 3528
Change-Id: I8ab832d509700d0da8eabf3c3e514d8511c598d3
Reviewed-on: https://code.wireshark.org/review/13009
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Don't set WA_DeleteOnClose. This keeps the dialog from deleting itself
when we're inside a nested event loop (i.e. when we're reassembling
(TCP) or retapping (UDP or TLS)).
Make sure our beginRetapPackets() and endRetapPackets() calls are
balanced. Move updateWidgets() calls to follow() so that we update on
the first run.
Bug: 11711
Change-Id: Id585be410a315b914b27f1a116d451c863087b00
Reviewed-on: https://code.wireshark.org/review/11892
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
If capture file was closed and we have some WiresharkDialogs opened,
then we still need to know filename of capture file
related to specific dialog.
Change-Id: I15f0e5176b87713bf747eead64021619d0bdf039
Reviewed-on: https://code.wireshark.org/review/11025
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Tested-by: Gerald Combs <gerald@wireshark.org>
Replace CMP_ADDRESS, COPY_ADDRESS, et al with their lower-case
equivalents in the ui directory.
Change-Id: I10e95e66c8da5b880133452ebc484c53046e87ba
Reviewed-on: https://code.wireshark.org/review/11199
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I6298b3de5f0a1cb988014ff16082eaf8c2a3c3c0
Reviewed-on: https://code.wireshark.org/review/10786
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add cf_cb_file_retap_started and cf_cb_file_retap_finished to file.[ch].
Add their associated signals to CaptureFile.
Add registerTapListener and removeTapListeners to WiresharkDialog, which
collect and automatically remove tap listeners. Add beginRetapPackets
and endRetapPackets, which can be used to wrap critical sections so that
we don't delete ourselves while tapping. Don't cancel tapping on close
in WiresharkDialog.
Use beginRetapPackets and endRetapPackets in WiresharkDialog and
FollowStreamDialog. We will likely need to add them elsewhere.
Update comments.
Change-Id: I1788a6ade0817c31aa3419216df96be5e36b2178
Reviewed-on: https://code.wireshark.org/review/10261
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Add ProgressFame::addToButtonBox, which violates the UX guidelines on
every platform we support by inserting a ProgressFrame into a
QDialogButtonBox.
Call addToButtonBox in the constructors of a bunch of dialogs.
Change-Id: I33ac5fd7a976ee6e0527de569a5c4b528980dae1
Reviewed-on: https://code.wireshark.org/review/10242
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
The tap API changed the return type of per-packet listener callbacks
from int to gboolean back in 2009. Update a bunch of functions and some
documentation accordingly.
Change-Id: I79affe65db975caed3cc296a7e2985b7b9cdf4cc
Reviewed-on: https://code.wireshark.org/review/9853
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
The OS X Human Interface Guidelines at
https://developer.apple.com/library/mac/documentation/UserExperience/Conceptual/OSXHIGuidelines/TerminologyWording.html#//apple_ref/doc/uid/20000957-CH15-SW3
says:
"Be sure to create the ellipsis character using the key combination
Option-; (Option-semicolon). This ensures that an assistive app can
provide the correct interpretation of the character to a disabled user.
If you use three period characters to simulate an ellipsis, many
assistive apps will be unable to make sense of them. Also, three period
characters and an ellipsis don't look the same because the periods are
spaced differently than the points of an ellipsis."
The Windows desktop applications guidelines has a section on ellipses:
https://msdn.microsoft.com/en-us/library/windows/desktop/dn742478.aspx
but doesn't specify the a single glyph vs three dots.
The GNOME HIG at
https://developer.gnome.org/hig/stable/typography.html.en
says "Take Advantage of Unicode" then specifically says to use U+2026
HORIZONTAL ELLIPSIS.
Remove the ellipsis from "Find Next" and "Find Previous". Neither
requires user interaction.
Change-Id: I0e6c28bb8b3a84b242731e2ca96f1a6f6f42c303
Reviewed-on: https://code.wireshark.org/review/9833
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Combine the GTK+ RTP Stream Analysis and RTP Graph Analysis dialogs into
one. Yell at the user less. Disable the Analyze RTP Stream menu item if
we don't have an RTP stream selected.
There are a *lot* of moving parts in this dialog. I've tested with the
few RTP captures I have but it's by no means complete.
"To do" items are listed at the top of rtp_analysis.cpp.
Change-Id: Id503977f069bebc46cc68bc749f0c9cbf4d37bf6
Reviewed-on: https://code.wireshark.org/review/9650
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
this should make Visual Studio pick up the generated include files
from the build directory instead of the source directory (which may
contain lefovers from an in-tree build)
Change-Id: Ie3de4cdd85a2865e203118a42ab10f443372f03b
Reviewed-on: https://code.wireshark.org/review/9129
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Reviewed-by: Anders Broman <a.broman58@gmail.com>