Register the pcap and pcapng file types/subtypes rather than hardwiring
them into the table.
Call the registration routines for them directly, rather than through a
generated table; they're always supposed to be there, as some code in
Wireshark either writes only one of those formats or defaults to writing
one of those formats. Don't run their source code through the
registration-routine-finder script.
Have the file type/subtype codes for them be directly exported to the
libwiretap core, and provide routines to return each of them, to be used
by the aforementioned code.
When reporting errors with cfile_write_failure_message(), use
wtap_dump_file_type_subtype() to get the file type/subtype value for the
wtap_dumper to which we're writing, rather than hardcoding it.
Have the "export PDU" code capable of supporting arbitrary file
types/subtypes, although we currently only use pcapng.
Get rid of declarations of now-static can_write_encap and
dump_open routines in various headers.
This pull request includes:
* The "Follow DCCP stream" feature.
* Updated docbook documentation for the "Follow DCCP stream" feature.
* Test for the feature.
* Corresponding packet trace for the test.
Instead of a "supports name resolution" Boolean and bitflags for types of
comments supported, provide a list of block types that the file
type/subtype supports, with each block type having a list of options
supported. Indicate whether "supported" means "one instance" or
"multiple instances".
"Supports" doesn't just mean "can be written", it also means "could be
read".
Rename WTAP_BLOCK_IF_DESCRIPTION to WTAP_BLOCK_IF_ID_AND_INFO, to
indicate that it provides, in addition to information about the
interface, an ID (implicitly, in pcapng files, by its ordinal number)
that is associated with every packet in the file. Emphasize that in
comments - just because your capture file format can list the interfaces
on which a capture was done, that doesn't mean it supports this; it
doesn't do so if the file doesn't indicate, for every packet, on which
of those interfaces it was captured (I'm looking at *you*, Microsoft
Network Monitor...).
Use APIs to query that information to do what the "does this file
type/subtype support name resolution information", "does this file
type/subtype support all of these comment types", and "does this file
type/subtype support - and require - interface IDs" APIs did.
Provide backwards compatibility for Lua.
This allows us to eliminate the WTAP_FILE_TYPE_SUBTYPE_ values for IBM's
iptrace; do so.
We allocate a QMimeData object at the beginning of PacketList::mouseMoveEvent.
Usually, this object is passed to a QDrag object by calling drag->setMimeData.
In this case, the QDrag object owns the mime data object and frees it when
it's no longer required.
If the mime data object contains no data that can be dragged and dropped, we
reach the end of PacketList::mouseMoveEvent without anyone taking care of
the mime object. We have to free it ourselves in this case.
The problem can be reproduced if you add a custom column for an element that
does not exist in your capture file. Left-click onto the empty column and
drag the empty column entry somewhere. An asan build will then show the
memory leak
Indirect leak of 240 byte(s) in 2 object(s) allocated from:
#0 0x7f351e153d30 in operator new(unsigned long) (...)
#1 0x7f3500b79802 in QMimeData::QMimeData() (...)
Indirect leak of 32 byte(s) in 2 object(s) allocated from:
#0 0x7f351e153d30 in operator new(unsigned long) (...)
#1 0x5635156dfbc7 in PacketList::mouseMoveEvent(QMouseEvent*) ...
#2 0x7f3502eb94d7 in QWidget::event(QEvent*) (...)
For QT >5.11, stringWidth() uses horizontalAdvance, which gives different
(longer) widths than the old boundingRect().width() method.
Other locations use the boundRect().width() method directly, resulting
in underestimating line widths and clipping the last characters in
the byte view window.
Fix by forcing all width calculations to use stringWidth().
Closes#17087.
Eliminate WTAP_FILE_TYPE_SUBTYPE_ERF and
WTAP_FILE_TYPE_SUBTYPE_SYSTEMD_JOURNAL - instead, fetch the values by
name, using wtap_name_to_file_type_subtype().
This requires that wtap_init() be called before epan_init(); that's
currently the case, but put in comments to indicate why it must continue
to be the case.
Increase the minimum required version of Qt from 5.3 to 5.6. The various
Linux distribution versions that shipped with earlier Qt versions (RHEL
6, Fedora 23, openSUSE 13.2, Debian jessie, Ubuntu 16.04) have either
reached end of support or will do so soon.
The official Qt 5.6 releases for macOS require 10.8, so make that the
minimum macOS version.
Remove a bunch of no-longer-needed version checks.
The include_directories documentation at
https://cmake.org/cmake/help/latest/command/include_directories.html
says:
"Note: Prefer the target_include_directories() command to add include
directories to individual targets and optionally propagate/export them
to dependents."
Switch from include_directories to target_include_directories in a bunch
of places.
Add "SYSTEM" to the remaining external include_directories calls in
order to minimize our compiler warning blast radius.
Provide a wiretap routine to get an array of all savable file
type/subtypes, sorted with pcap and pcapng at the top, followed by the
other types, sorted either by the name or the description.
Use that routine to list options for the -F flag for various commands
Rename wtap_get_savable_file_types_subtypes() to
wtap_get_savable_file_types_subtypes_for_file(), to indicate that it
provides an array of all file type/subtypes in which a given file can be
saved. Have it sort all types, other than the default type/subtype and,
if there is one, the "other" type (both of which are put at the top), by
the name or the description.
Don't allow wtap_register_file_type_subtypes() to override any existing
registrations; have them always register a new type. In that routine,
if there are any emply slots in the table, due to an entry being
unregistered, use it rather than allocating a new slot.
Don't allow unregistration of built-in types.
Rename the "dump open table" to the "file type/subtype table", as it has
entries for all types/subtypes, even if we can't write them.
Initialize that table in a routine that pre-allocates the GArray before
filling it with built-in types/subtypes, so it doesn't keep getting
reallocated.
Get rid of wtap_num_file_types_subtypes - it's just a copy of the size
of the GArray.
Don't have wtap_file_type_subtype_description() crash if handed an
file type/subtype that isn't a valid array index - just return NULL, as
we do with wtap_file_type_subtype_name().
In wtap_name_to_file_type_subtype(), don't use WTAP_FILE_TYPE_SUBTYPE_
names for the backwards-compatibility names - map those names to the
current names, and then look them up. This reduces the number of
uses of hardwired WTAP_FILE_TYPE_SUBTYPE_ values.
Clean up the type of wtap_module_count - it has no need to be a gulong.
Have built-in wiretap file handlers register names to be used for their
file type/subtypes, rather than building the table in init.lua.
Add a new Lua C function get_wtap_filetypes() to construct the
wtap_filetypes table, based on the registered names, and use it in
init.lua.
Add a #define WSLUA_INTERNAL_FUNCTION to register functions intended
only for internal use in init.lua, so they can be made available from
Lua without being documented.
Get rid of WTAP_NUM_FILE_TYPES_SUBTYPES - most code has no need to use
it, as it can just request arrays of types, and the space of
type/subtype codes can be sparse due to registration in any case, so
code has to be careful using it.
wtap_get_num_file_types_subtypes() is no longer used, so remove it. It
returns the number of elements in the file type/subtype array, which is
not necessarily the name of known file type/subtypes, as there may have
been some deregistered types, and those types do *not* get removed from
the array, they just get cleared so that they're available for future
allocation (we don't want the indices of any registered types to changes
if another type is deregistered, as those indicates are the type/subtype
values, so we can't shrink the array).
Clean up white space and remove some comments that shouldn't have been
added.
QDateTime to/from Time_t functions are deprecated in favor of 64-bit
to/from seconds since epoch introduced in Qt 5.8.
QLayout::setMargin() is deprecated in favor of setContentsMargin().
In the proto tree, copy URLs instead of opening them.
In the export dialog, enable previews only if the advertised MIME type
*and* the contents of the file are plain text, GIF, JPEG, or PNG.
Add warnings to the wslua browser_open_url and browser_open_data_file
documentation.
Fixes#17232.
Use target_include_directories instead of include_directories in a few
places as recommended at
https://cmake.org/cmake/help/latest/command/include_directories.html
Doing so lets us mark a bunch of dependency includes SYSTEM PRIVATE, in
particular LIBXML2_INCLUDE_DIRS. On macOS this keeps us from triggering
the nullability warnings described at
https://www.wireshark.org/lists/wireshark-dev/202004/msg00056.html
(This might also keep the Visual Studio code analyzer from complaining
about various Qt headers, but I haven't tested this.)
The "short name" is really just the name, used to look it up. The
"name" is really a description intended solely for human consumption.
Rename the fields, and the functions that access them, to match.
The "description" maintained by Lua for file type handlers is used
*only* for one debugging message; we should probably just eliminate it.
Call it an "internal description" for now.
Remove NG from the names - it adds nothing.
Don't use the abbreviations for pcapng block names, spell out what the
block does (e.g. "WTAP_BLOCK_DECRYPTION_SECRETS" rather than
"WTAP_BLOCK_DSB"), to make it more obvious what the block does.
Spell out some other abbreviations.
Add WTAP_BLOCK_PACKET for future use for packet blocks; there's no need
to distinguish between the Enhanced Packet Block, the Simple Packet
Block, and the deprecated Packet Block here.
When recap is initated, list in RTP Stream dialog is cleared and new list
is read from capture so previously selected rows are deselected.
Patch solves it.
Functional changes:
Audio routing information is now stored in audio stream and not in table. It
is handled by separate utils/rtp_audio_routing.cpp class which is able to
convert it between mono/stereo etc.
There is new utils/rtp_audio_routing_filter.cpp class which is able to
route mono audio stream to any audio channel.
Sample file separated from audio stream file - sample file is generated only
during recap. So when we need new waveform, we just use existing sample file
and no recap required - it is much faster.
Audio stream exports just mono audio. Mono audio is then expanded to stereo
and correct channel by AudioRoutingFilter during play as required. So when
audio routing is changed, no recap and no audio export is required.
When audio stream is muted, no audio is produced nor played.
Most of signals between RtpPlayerDialog and RtpAudioStream were removed.
Start/Pause/Stop is processed in RtpPlayDialog (just for non muted streams).
Play possition is not received from every playing stream but from independent
silence stream.
Added Mute/Unmute function.
Optimalization:
When audio routing is changed, just graphs are updated. No retap nor audio
decoding is required.
When TOD is changed, just graphs are updated. No retap nor audio decoding is
required.
Currently, only pcapng has one, and it does nothing, but this mechanism
will be used more in the future.
Update comments in epan/dissectors/CMakeLists.txt and ui/taps.h while
we're at it.
When many streams are analyzed, some streams can be found as useless during
replay. Patch adds option to remove it from list in RTP player.
Once stream is removed, it can't be returned except close/reopen RTP player
with new selection.
When there is many waveforms, it is not clear which one is selected in list.
It is important for selecting packets from graph.
Patch emphasis selected waveform. In addition, it allows to select waveform
by clicking on it.
Change the data structure for that option to have a type field,
indicating that it's either a pcap filter string or a BPF program,
followed by a union with a string-pointer member for pcap filter strings
and an instruction-count-and-pointer-to-instructions structure for BPF
programs.
Have routines to add, set, and fetch that option that handle that
structure; discard the "generic structured option" routines. That means
there's more type checking possible at compile time.
Add more code to handle BPF programs.
When writing pcapng files, check, both for that option and for string
options, whether the option length is too big for the data to fit in a
pcapng option, and don't write it if it is. (XXX - truncate the data?
Report an error?)
Patch solves issue for case when QT plays audio faster than reads it from file.
The change looks strange because there is no way how to get buffer size before
starting the play. So code start the play, reads buffer and stop it. Then
increases buffer size and start play again.
Note: You still can receive ALSA notifications like:
ALSA lib pcm.c:8545:(snd_pcm_recover) underrun occurred
but it do not stop audio replay.
Pull the code to register plugin taps, and the loop to register built-in
taps, into a single register_all_tap_listeners() routine.
This leaves it up to libwireshark, not to the programs using it, to know
how to register them.
If, for example, you run out of file descriptors, dup() can fail, and
ws_dup() is a wrapper around it on UN*X. Don't just pass the result of
ws_dup() to ws_fdopen(); instead, save its result, check against -1 and,
if it's -1, give up, otherwise pass it to ws_fdopen().
This addresses Coverity CID 1471708.
Also, if ws_fdopen() fails, close the descriptor we got from ws_dup();
this closes a possible FD leak.
Fix various warnings with the following changes:
Pass a list of include directories to lupdate. Fixes:
ui/qt/proto_tree.cpp:57: Qualifying with unknown namespace/class ::ProtoTree
and similar warnings.
Use QT_TRANSLATE_NOOP instead of QT_TR_NOOP. Fixes:
ui/qt/lte_rlc_statistics_dialog.cpp:993: tr() cannot be called without context
ui/qt/lte_mac_statistics_dialog.cpp:911: tr() cannot be called without context
ui/qt/font_color_preferences_frame.cpp:28: tr() cannot be called without context
ui/qt/font_color_preferences_frame.cpp:29: tr() cannot be called without context
ui/qt/font_color_preferences_frame.cpp:30: Discarding unconsumed meta data
Add Q_OBJECT to the class definition. Fixes:
ui/qt/models/filter_list_model.cpp:120: Class 'FilterListModel' lacks Q_OBJECT macro
The following warnings were not fixed. This might require moving IOGraph
to its own file:
ui/qt/io_graph_dialog.cpp:320: Qualifying with unknown namespace/class ::IOGraphDialog
ui/qt/io_graph_dialog.cpp:555: Qualifying with unknown namespace/class ::IOGraphDialog
ui/qt/io_graph_dialog.cpp:1059: Qualifying with unknown namespace/class ::IOGraphDialog
ui/qt/io_graph_dialog.cpp:1485: Qualifying with unknown namespace/class ::IOGraphDialog
Displaying statistics with tshark results in a memory leak.
tshark -r <any pcap file> -z dhcp,stat -q
==26971==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 24 byte(s) in 1 object(s) allocated from:
#0 0x7f89a4bae518 in calloc (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xe9518)
#1 0x7f8989af2918 in g_malloc0 (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x53918)
init_stat_table allocates a table_stat_t. This is used as private data while
the tap listener is running but it's not freed afterwards.
This patch adds a finish callback for the tap listener where the
table_stat_t is freed.
qt-5.12.2/include/QtCore/qstring.h:291:31: note: candidate 1: QString
QString::arg(double, int, char, int, QChar) const
Q_REQUIRED_RESULT QString arg(double a, int fieldWidth = 0, char
fmt = 'g', int prec = -1,
qt-5.12.2/include/QtCore/qstring.h:975:16:
note: candidate 2: QString QString::arg(int, int, int, QChar) const
inline QString QString::arg(int a, int fieldWidth, int base, QChar
fillChar) const
wireshark/ui/qt/rtp_analysis_dialog.cpp:926:77:
error: ISO C++ says that these are ambiguous, even though the worst
conversion for the first is better than the worst conversion for the
second: [-Werror]
.arg(abs(r_calc.start_time_ms - f_calc.start_time_ms), 0,
'f', 6)
Change-Id: I6a27adff3b03bcfeac8fb56ceb0833d2707000b5
As running pd_ui_->advancedView->expandAll() takes a noticeable amount
of time and so would introduce significant lag while typing a string
into the Search box, we instead debounce the call to
updateSearchLineEdit(), so that it doesn't run until a set amount of
time has elapsed with no updates to the Search field.
If the user types something before the timer elapses, the timer restarts
the countdown.
Fixes#17107
Set the parent of the QMessageBox in the constructor instead of calling
QMessageBox::setParent(). The latter inherits from QDialog, and it
"clear[s] the window flags specifying the window-system properties for
the widget (in particular it will reset the Qt::Dialog flag)."
(See https://doc.qt.io/qt-5/qdialog.html#details )
This makes the dialog properly appear instead of attempting to save a file
with comments to a file type that does not support comments silently failing.
Fixes#17146.
The patch reintroduces WiresharkDialog::captureFileClosed() method and
calls captureFileClosing() and captureFileClosed() in right order.
Both methods call updateWidgets() at its end.
All dialogs were reviewed and captureFileClosing/Closed methods updated
when appropriate.
captureEvent() method in multiple dialogs changed to captureFileClosing/Closed
as it does same actions - looks like old style of detecting of capture
file closing.
Guy Harris