The intent here is to centralize more UI information so that we can move
more tap UI stuff to common code. This is a beginning.
Change-Id: Ic35ac0c01bc7b942aab88177db4065847a5e6c30
Reviewed-on: https://code.wireshark.org/review/5301
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The only place where the packet list column precision should be set is
in the code for the column precision menu item, the code for the recent
file item for that precision, and, if we were to provide it, code for a
command-line optpion to set it. It's not up to some tap to change it.
Change-Id: I547e606fb346b4c21674a66e883cbbe382055a37
Reviewed-on: https://code.wireshark.org/review/4336
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Create a TrafficTableDialog (for lack of a better name) parent class
from the general parts of ConversationDialog. Use it to create
EndpointsDialog.
Move the contents of conversation_tree_widget.{cpp,h} to
conversation_dialog.{cpp,h} to match endpoint_dialog and
traffic_table_dialog.
Fill in GeoIP columns dynamically instead of using a hard-coded limit.
Use "endp_" and "ENDP_" prefixes for a lot of endpoint variables and
defines.
Try to make geoip_db_lookup_ipv4 and geoip_db_lookup_ipv6 more robust.
Clean up some includes. Fix a shadowed variable.
Change-Id: I23054816ac7f8c6edb3b1f01c8536db37ba4122d
Reviewed-on: https://code.wireshark.org/review/3462
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Also use %u instead of %d for these unsigned numbers.
Change-Id: I3d1df3bdcc3c68193b49ba8daf1dc56171356290
Reviewed-on: https://code.wireshark.org/review/3266
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
I intentionally left the fields displayed alone (so they don't exactly match Wireshark GUI), because as Guy points out in bug 6310, not sure its A Bug or A Feature. But at least all types of conversations allowed are in sync with Wireshark GUI.
Bug:6310
Change-Id: I722837df510a39dadc1f9a07a99275509516698c
Reviewed-on: https://code.wireshark.org/review/3212
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
setlocale returns a statically-allocated memory which can be modified by
subsequent calls of setlocale. This triggers a heap-use-after free in
ASAN when the setlocale function is called again with the previous
pointer.
This was found when trying to use the "Show All Streams" option via
the Telephony -> RTP menu.
While at it, add some modelines
Change-Id: Ide47e877ce828734fd8c5c1b064d9c505ba2b37a
Reviewed-on: https://code.wireshark.org/review/3234
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Evan Huus <eapache@gmail.com>
With tshark stats are being configured before the file gets loaded and the number of TCP streams are computed
Bug: 9541
Change-Id: I42c2891124f1781b05967d5f071ad40df2d6d9f5
Reviewed-on: https://code.wireshark.org/review/1598
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Always call $(top_srcdir)/tools/checkAPIs.pl with -sourcedir=$(srcdir)
from Makefile.am to allow out-of-source 'make checkapi'.
Change-Id: I60d7e0079984a8ededdacf4517a0738486fa7973
Reviewed-on: https://code.wireshark.org/review/1294
Reviewed-by: Anders Broman <a.broman58@gmail.com>
ei_array is supposed to be an array of expert_entry items. However, it
was initialized of an array of expert_info_t items which is much larger.
This caused an ASAN error when running `tshark -z expert` because
expert_stat_packet wants to read past the stack.
Fix this by correcting the type. While at it, reduce the size of
expert_entry for 64-bit systems (reduces initial memory usage by 8
kilobytes) and avoid a redundant g_array_index call.
Change-Id: I2e08676a5e242743ed502dd2836806604ea75cc0
Reviewed-on: https://code.wireshark.org/review/1275
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add ep_ to routines that may return ephemeral strings.
Change "get_XXX" to "XXX_to_display" if the routine returns a formatted
string if it can't get a name.
Change-Id: Ia0e82784349752cf4285bf82788316c9588fdd88
Reviewed-on: https://code.wireshark.org/review/1217
Reviewed-by: Guy Harris <guy@alum.mit.edu>
"get_addr_name()" -> "ep_address_to_display()", to 1) indicate that it
returns a string with ephemeral scope and 2) indicate that it maps an
address to a "displayable" form - a name if possible, an address string
if not.
"se_get_addr_name()" -> "get_addr_name()", to indicate that its strings
have the same scope as "get_ether_name()", "get_hostname()", and
"get_hostname6()".
Change-Id: If2ab776395c7a4a163fef031d92b7757b5d23838
Reviewed-on: https://code.wireshark.org/review/1216
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(Using sed : sed -i '/^\# \$Id\$/,+1 d') (start with dash)
Change-Id: Ia4b5a6c2302f6a531f6a86c1ec3a2f8205c8c2dd
Reviewed-on: https://code.wireshark.org/review/881
Reviewed-by: Anders Broman <a.broman58@gmail.com>
tap-comparestat.c:321:55: error: taking the absolute value of unsigned type 'unsigned int' has no effect [-Werror,-Wabsolute-value]
tap-comparestat.c:321:55: note: remove the call to 'abs' since unsigned values cannot be negative
tap-comparestat.c:347:56: error: taking the absolute value of unsigned type 'unsigned int' has no effect [-Werror,-Wabsolute-value]
tap-comparestat.c:347:56: note: remove the call to 'abs' since unsigned values cannot be negative
Change-Id: Ice950228d844373abcbd0cdc8ea05079b8b933d0
Reviewed-on: https://code.wireshark.org/review/676
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(Copyright or info about file...)
Change-Id: I90ba8b1c3ec8406b0c3365a69a8555837fc4bbb1
Reviewed-on: https://code.wireshark.org/review/515
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I1cedc611c9b7888eb671cf858c6f7819d37afba9
Reviewed-on: https://code.wireshark.org/review/219
Reviewed-by: Michael Mann <mmann78@netscape.net>
Remove or comment out dups from several value-string arrays;
Sort a number of value-string arrays;
Reformat many hf[] entries;
Remove some unneeded initializers;
Add editor-modelines;
Use consistent indentation;
Reformat whitespace.
svn path=/trunk/; revision=53968
From Deon van der Westhuysen
- Bug fix: object leak in stats_tree after a tap reset (for example apply statistics preferences with a stats_tree window open)
- Bug fix: correct sample code in README.stats_tree
- Add: slash in plug-in name now creates submenu as docs describe (was a bug?)
- Add: menu separator before the stat_tree registered plug-ins
- Add: stats_tree can now calculate averages for nodes; automatically calculated for range nodes. Add section in README.stats_tree describing averages.
- Add: stats_tree can now calculate burst rate of each node (like rate but with a shorter, sliding time window)
- Add: sorting for stats_tree plug-ins. Can sort on node name, count, average, min, max values and burst rate.
- Add: preferences for stats_tree system (default sort column, burst calc params)
- Add: stats_tree window copy to clipboard and export and plain text, csv and XML.
- Added sample of new functionality in $srcdir/plugins/stats_tree/pinfo_stats_tree.c
- Moved all stats_tree sample plug-ins to "IP Statistics" submenu.
svn path=/trunk/; revision=53657
I'm not sold on the name or module the proto_data functions live in, but I believe the function arguments are solid and gives us the most flexibility for the future. And search/replace of a function name is easy enough to do.
The big driving force for getting this in sooner rather than later is the saved memory on ethernet packets (and IP packets soon), that used to have file_scope() proto data when all it needed was packet_scope() data (technically packet_info->pool scoped), strictly for Decode As.
All dissectors that use p_add_proto_data() only for Decode As functionality have been converted to using packet_scope(). All other dissectors were converted to using file_scope() which was the original scope for "proto" data.
svn path=/trunk/; revision=53520
the ftenum_t for the fvalue's ftype, rather than a pointer to the ftype
(which isn't all that useful except as a handle, unless you import the
internal header).
Have fvalue_to_string_repr() return NULL, rather than failing, if the
fvalue's ftype has no val_to_string_repr method.
This lets us not include the ftypes internal header in
ui/cli/tap-diameter-avp.c.
svn path=/trunk/; revision=53290
In the process, fix various man page descriptions of the -t flag,
and add support for UTC absolute times in the iousers and iostat TShark
taps.
svn path=/trunk/; revision=53114
time_t. (That also lets us not care how big a time_t is, except that we
have a not-fixable Y2.038K problem with 32-bit time_t, about which we
merely warn in a comment.)
svn path=/trunk/; revision=50502
Don't nest g_strconcat() calls: g_strconcat(a, g_strconcat(b, c, NULL), NULL)
is equivalent to g_strconcat(a, b, c, NULL). (And g_strconcat(b, c) is
incorrect - you need a NULL at the end of the list.)
Checking whether a pointer is "> 0" is useful only in platform-dependent
situations or if you're doing a really greasy hack such as stuffing a
flag into the uppermost bit of the pointer; the test should just check
whether the pointer is null or not.
svn path=/trunk/; revision=50500
- tshark -q -z io,stat,1 causes core dump for files larger than ~2MB
(with this fix it will still overflow on 32-bits for frame time > 4294s)
- In tshark's "io,stat" eliminate the unrequested "Frames and bytes" col, fix formatting, and add "Duration"
From me:
Added casts to squelch compiler warnings on win7 64bit
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8839
svn path=/trunk/; revision=50488
We're allocating an array of pointers, not an array of objects, so make the
sizeof() reflect that to avoid over-allocating.
svn path=/trunk/; revision=50423
n^2 time on the number of packets). Just prepend to the list, then sort
it when we actually need to calculate the statistics.
Should fix https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8721
svn path=/trunk/; revision=49606
It is useful to see not only the minimal, maximum and average service time for
RPC procedures, but also the total time these took.
From me: add it to the man page.
svn path=/trunk/; revision=49144
was done using textual search+replace, not anything syntax-aware, so presumably
it got most comments as well (except where there were typos).
Use a consistent coding style, and make proper use of the WS_DLL_* defines.
Group the functions appropriately in the header.
I ended up getting rid of most of the explanatory comments since many of them
duplicated what was in the value_string.c file (and were out of sync with the
recent updates I made to those in r48633). Presumably most of the comments
should be in the .h file not the .c file, but there's enough churn ahead that
it's not worth fixing yet.
Part of https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8467
svn path=/trunk/; revision=48634
Cast away some implicit 64-bit-to-32-bit conversion errors due to use of
sizeof.
Cast away some implicit 64-bit-to-32-bit conversion errors due to use of
strtol() and strtoul().
Change some data types to avoid those implicit conversion warnings.
When assigning a constant to a float, make sure the constant isn't a
double, by appending "f" to the constant.
Constify a bunch of variables, parameters, and return values to
eliminate warnings due to strings being given const qualifiers. Cast
away those warnings in some cases where an API we don't control forces
us to do so.
Enable a bunch of additional warnings by default. Note why at least
some of the other warnings aren't enabled.
randpkt.c and text2pcap.c are used to build programs, so they don't need
to be in EXTRA_DIST.
If the user specifies --enable-warnings-as-errors, add -Werror *even if
the user specified --enable-extra-gcc-flags; assume they know what
they're doing and are willing to have the compile fail due to the extra
GCC warnings being treated as errors.
svn path=/trunk/; revision=46748
Fix leaks
- don't g_strdup a string just to use it in a g_strdup_printf
- clean up properly in error cases in lua bindings
- misc. other missing g_free() calls
- one missing fclose() in the new 80211_utils
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7454
svn path=/trunk/; revision=43617
there's three coverity defects about division by zero in ui/cli/tap-iostat.c,
function iostat_packet()
This can be triggered from the command line
martin@greta# ./tshark -z io,stat,0.2,AVG\(frame.number\)
Capturing on eth0
Floating point exception
it->num is 0, wireshark crashes in
parent->max_vals[it->colnum] =
MAX(parent->max_vals[it->colnum], it->counter/it->num);
(and similar for other data types)
My proposal for a fix is to not update parent->max_vals[it->colnum] when
it->num==0, see the attached patch.
svn path=/trunk/; revision=42952
from makefiles (and thus from the buildbot).
The intention is to be able to tell when a human is running the tool so we
can provide more code-review guidance.
As a starter, enable the "too many proto_tree_add_text() calls" check when
a human is running the tool.
svn path=/trunk/; revision=41943
Bugs in the tshark '-z io,stat' output:
1: The LOAD stat in the last row of the output is inaccurate because rpc.time
is divided by the full interval rather than limiting it to the capture
duration.
2: An The empty comma field (for outputting total frames and bytes) is ignored
when it is the first field in the command.
3: Intervals at the end of capture that contain no data are not displayed. Such
intervals are as important to see as those (zero data intervals) that occur
earlier in the capture.
4: Floating point numbers are not properly aligned under their column headers.
Enhancements to '-z io,stat' output:
1. Column widths are determined by the maximum magnitude of their values rather
than set to a fixed width of 15 chars which allows for more stats to be
displayed per row without wrapping.
2. To improve readability, filters wrap at 102 chars or the table width,
whichever is greater, and wrap on the nearest space. An option can be added to
alter the 102-char limit.
3. Column numbers begin at 1 instead of 0.
4. The columns and entire output are enclosed in a border for improved
presentability in reports. The table can be imported into a spreadsheet by
specifying the vertical bar as the data delimiter.
"Fixed" compiling on Ubuntu
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6883
svn path=/trunk/; revision=41355
tap-iostat.c: In function ‘iostat_draw’:
tap-iostat.c:542:5: error: implicit declaration of function ‘itoa’
tap-iostat.c:756:9: error: too few arguments for format
tap-iostat.c:756:9: error: too few arguments for format
itoa() could be converted into a g_snprintf(), but the buffer used is only
one character long. Is that right?
For the printf() format one, I'm not sure what was intended.
svn path=/trunk/; revision=41234
GENERATED_H_FILES.
If we have DIRTY_GENERATED_C_FILES, use it the same way we use
GENERATED_C_FILES.
GENERATED_FILES is "everything to nuke on a "make maintainer-clean"",
not "everything to put into the distribution".
svn path=/trunk/; revision=41075
stuff in ui/cli can be stuffed into a libcliui library to link with
TShark, and all of the source files containing main() (except for
Wireshark) are in the top-level directory (dftest isn't any more special
than TShark or capinfos or mergecap or editcap or...).
svn path=/trunk/; revision=41064
Guy Harris