Plugins may utilize the tap interface to provide special tools
or analysis options, not otherwise available in Wireshark, or
perhaps not allowed to be distributed freely. Up until now, those
tools either had to start automatically, or could not be started
at all, or had to be started separately.
It should be possible, that those tools may be started using a
menu entry directly from Wireshark. This interface tries to achieve
exactly that.
This interface uses a clean interface, which can be implemented in
any plugin or dissector. Documentation for this has been added to
README.plugins.
Separators are only supported for now in the Qt interface, but
URLs can now be added as a simple item, and the UI will use the
same methods used for other URL calls to open them.
Change-Id: I170107dafb66f6badaa864d05a9091e5cbbf52c2
Reviewed-on: https://code.wireshark.org/review/7865
Reviewed-by: Roland Knall <rknall@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I11c805b285d277ecb963622385154c310f6d1c67
Reviewed-on: https://code.wireshark.org/review/7032
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ib13d9391b64dad19321a4399c95b95d7fb791284
Reviewed-on: https://code.wireshark.org/review/6421
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: I256fd5395b062fa954ebd60598721323ea1d7ff1
Bug: 10875
Reviewed-on: https://code.wireshark.org/review/6713
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add by commit g43f09e67b (Remove unneeded includes from ui folder)
Change-Id: I66eb113430bde97e18bb3d2b00f6bac46a01797e
Reviewed-on: https://code.wireshark.org/review/6809
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add by commit g43f09e67b (Remove unneeded includes from ui folder)
Change-Id: I7c9d9e2bbd76d062f96422c74ee8eb8c6ecd328b
Reviewed-on: https://code.wireshark.org/review/6808
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Have dfilter_compile() take an additional gchar ** argument, pointing to
a gchar * item that, on error, gets set to point to a g_malloc()ed error
string. That removes one bit of global state from the display filter
parser, and doesn't impose a fixed limit on the error message strings.
Have fvalue_from_string() and fvalue_from_unparsed() take a gchar **
argument, pointer to a gchar * item, rather than an error-reporting
function, and set the gchar * item to point to a g_malloc()ed error
string on an error.
Allow either gchar ** argument to be null; if the argument is null, no
error message is allocated or provided.
Change-Id: Ibd36b8aaa9bf4234aa6efa1e7fb95f7037493b4c
Reviewed-on: https://code.wireshark.org/review/6608
Reviewed-by: Guy Harris <guy@alum.mit.edu>
g_string_free(str, FALSE) frees the GString container but not the
underlying g_malloc()ed string; instead, it returns a pointer to the
g_malloc()ed string.
Fix those places that didn't already get the string pointer from
g_string_free() to do so rather than manually extracting the string
themselves.
And fix one place that didn't even need to use a string - it was just
scanning a C string without even modifying it.
Change-Id: Ibbf4872bf5b9935b9907f539b6edb1013f3053a5
Reviewed-on: https://code.wireshark.org/review/6532
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I009c09f25d170e5c9aaaef713eaacb3252817856
Reviewed-on: https://code.wireshark.org/review/6460
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Evan Huus <eapache@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Most of the remaining ep_ uses are grouped with specific functionality.
Change-Id: I8fa64a17acc6bcdcf6891b2d28715ac0c58f1a4a
Reviewed-on: https://code.wireshark.org/review/6484
Reviewed-by: Michael Mann <mmann78@netscape.net>
This affects both the dissector (that has been added with a tap interface and a stats generator) and the UI (to recall the stats menu).
Change-Id: I90658f7aa6707aa39bdd787a51b20fed4dbddc53
Reviewed-on: https://code.wireshark.org/review/6236
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Right now eth filter (the last one tried) is always applied
Change-Id: Ibe5d3c30033bd2d385bd1e68b20388114673cb5c
Reviewed-on: https://code.wireshark.org/review/6064
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Also use proto_get_frame_protocols in main_menubar.c instead of doing it "manually".
Change-Id: Ie7a365c538700f2cebdd1e3d253f2fd9b189f5cf
Reviewed-on: https://code.wireshark.org/review/5851
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I5868a40b71a989a3a1522cb091064bb0aaec6daf
Reviewed-on: https://code.wireshark.org/review/5828
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reselect the current packet when we redraw the packet list.
Don't crash if we try to mark when no frame is selected. Try to
invalidate cached packet list strings when needed. Rename
PacketList::updateAll to redrawVisiblePackets so that its purpose is
more clear. When changing the font size, call redrawVisiblePackets
instead of rebuilding the entire list of visible rows.
Change-Id: I6e7a15067e7063d0efc26082170e1795ae3c0779
Reviewed-on: https://code.wireshark.org/review/4901
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Pcap-ng files don't have a per-file time stamp resolution, they have a
per-interface time stamp resolution. Add new time stamp resolution
types of "unknown" and "per-packet", add the time stamp resolution to
struct wtap_pkthdr, have the libwiretap core initialize it to the
per-file time stamp resolution, and have pcap-ng do the same thing with
the resolution that it does with the packet encapsulation.
Get rid of the TS_PREC_AUTO_XXX values; just have TS_PREC_AUTO, which
means "use the packet's resolution to determine how many significant
digits to display". Rename all the WTAP_FILE_TSPREC_XXX values to
WTAP_TSPREC_XXX, as they're also used for per-packet values.
Change-Id: If9fd8f799b19836a5104aaa0870a951498886c69
Reviewed-on: https://code.wireshark.org/review/4349
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This is very similar in architecture to the changes made to the Conversation table functionality. Since all conversations have endpoints/hostlists, the "registered" list is shared for both.
Change-Id: Ie8c6910a68a1b3f27c5b18c4494f49b9404a7b31
Reviewed-on: https://code.wireshark.org/review/3214
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Refactor (non-GUI) conversation table functionality from gtk/Qt to epan. Also refactor "common GUI" conversation table functionality.
The idea is to not have to modify the GUI when a dissector adds a new "conversation type"
Change-Id: I11f08d0d7edd631218663ba4b902c4a4c849acda
Reviewed-on: https://code.wireshark.org/review/3113
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Also, capitalize "File" in the GTK+ version (it's already capitalized in
the Qt version).
Change-Id: I27eb27022930b1c0e0321cd1a1446c3b9dc1bd17
Reviewed-on: https://code.wireshark.org/review/3072
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The groups are, technically, independent of the notion of a menu, and,
if we have mechanisms by which taps that are not only GUI
toolkit-independent but independent of the *existence* of a GUI can be
registered, they might want to register themselves in a group just in
case they're running in a program that has a GUI.
Also, this might fix the Debian package build.
Change-Id: I29435681e79748fd4f2e0c5ac872cd11f831d172
Reviewed-on: https://code.wireshark.org/review/2830
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add SIP Flows menu option beside VoIP Calls.
Flow for all SIP message types (which have a call-id) is shown in SIP Flow.
Add useful info(original flow method, response code, cseq) to comment field in conversation and flow dialogs.
Change-Id: I4801a633ed9b6594b2d89629c9d6fec6352da150
Reviewed-on: https://code.wireshark.org/review/2479
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: James Coleman <gaoithe@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
bug: 10204
Change-Id: Ie21cc07b0ac9a56648ec72062ce58a1ac800318e
Reviewed-on: https://code.wireshark.org/review/2420
Reviewed-by: Michael Mann <mmann78@netscape.net>
GtkStockItem usage is deprecated with all the GTK_STOCK_.* stock ids.
We keep a stock id based approach but without relying on GTK's
GtkStockItem system.
We create our own internal stock ids for {icon, label} tuples and keep
the original GTK stock id #define-s and values to preserve backward
compatibility.
Change-Id: Ia0b35a5903f079e92c8026e3df21bbf0be2d06b0
Reviewed-on: https://code.wireshark.org/review/302
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The best heuristic can fail, so add possibility to manually choose
capture file format type, so not correctly recognize file format can be
loaded in Wireshark.
On the other side now it is possible to open capture file
as file format to be dissected.
Change-Id: I5a9f662b32ff7e042f753a92eaaa86c6e41f400a
Reviewed-on: https://code.wireshark.org/review/16
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
Tested-by: Evan Huus <eapache@gmail.com>
knowledge of particular types of plugins. Instead, let particular types
of plugins register with the common plugin code, giving a name and a
routine to recognize that type of plugin.
In particular applications, only process the relevant plugin types.
Add a Makefile.common to the codecs directory.
svn path=/trunk/; revision=53710
From Deon van der Westhuysen
- Bug fix: object leak in stats_tree after a tap reset (for example apply statistics preferences with a stats_tree window open)
- Bug fix: correct sample code in README.stats_tree
- Add: slash in plug-in name now creates submenu as docs describe (was a bug?)
- Add: menu separator before the stat_tree registered plug-ins
- Add: stats_tree can now calculate averages for nodes; automatically calculated for range nodes. Add section in README.stats_tree describing averages.
- Add: stats_tree can now calculate burst rate of each node (like rate but with a shorter, sliding time window)
- Add: sorting for stats_tree plug-ins. Can sort on node name, count, average, min, max values and burst rate.
- Add: preferences for stats_tree system (default sort column, burst calc params)
- Add: stats_tree window copy to clipboard and export and plain text, csv and XML.
- Added sample of new functionality in $srcdir/plugins/stats_tree/pinfo_stats_tree.c
- Moved all stats_tree sample plug-ins to "IP Statistics" submenu.
svn path=/trunk/; revision=53657
say "you checked it here, but you dereferenced it later even if it was
null when you checked it".
This obviates the need for some checks of frame_selected, as cf->edt
will be non-null iff cf->current_frame is non-null.
Always check *cf, not cfile, in set_menus_for_selected_packet().
Currently, cf always == &cfile, but we aren't guaranteeing that will be
true forever.
svn path=/trunk/; revision=53523
I may eventually switch this to use proto_* values instead of strings, but just the addition of the loop is more jarring as compared to the simple comparing of ip or ethernet values. But it should lead to a smaller (less protocol specific) packet_info structure.
svn path=/trunk/; revision=53476
In the process, fix various man page descriptions of the -t flag,
and add support for UTC absolute times in the iousers and iostat TShark
taps.
svn path=/trunk/; revision=53114