Add a generic function to write content to file. Use this on write
TLS session keys from UI and tshark, and for export objects.
Remove the now unused export_object_ui.[ch].
Analyze -> SCTP -> Filter this Association was missing in the menu, but available in the context menu for packets. This MR fixes the issue by adding Analyze -> SCTP -> Filter this Association again.
Analyze -> Follow -> DCCP Stream was missing in the menu, but available
in the context menu for packets. This MR fixes the issue by adding
Analyze -> Follow -> DCCP Stream again.
Modify YAML output format so it includes information about peers and
absolute timestamps for each packet.
This also adds yaml output to tshark: -z follow,tcp,yaml,X
Don't allocate the rtpstream_id_t's until we know we have enough
information to fill them in and use them.
Keep trace of whether we have used them and, if not, free them.
Singletons moved from main_window to each class's static open<NameOfClass>
method:
- RtpPlayerDialog
- RtpStreamDialog
- VoipCallsDialog
- RtpAnalysisDialog
Fixed issue with selecting RTP stream in sequence dialog. When user
selected a stream and moved mouse to Rtp Player button and pressed it,
incorrect RTP stream was sent to it.
When enumerating port-to-name entries, the callback to
wmem_map_foreach() gets passed:
- a key, which is the port number for the entry;
- a value, which is a pointer to a structure containing pointers to port
names for various transport protocols;
- a user data pointer.
That's sufficient (if you work around some C++ annoyances) to append a
row to a PortsModel, if the user data pointer is a pointer to the
PortsModel.
The existing code, instead, appended to a QStringList of lines (in
effect, undoing the effort of the code that read the services file and
filled in the wmem_map, re-generating a set of lines) in the callback,
and then iterated over all the lines, splitting them with blanks and
appending rows.
Looking at that made my eyeballs bleed so badly that I decided not to
spend any time figuring out why it wasn't working.
So I just make the callback just append rows, avoiding all the
string-pushing.
Fixes#17395.
It looks like multi-configuration generators (notably MSBuild) need
Qt autogen properties set on the wireshark target as well as qtui. Do
so unconditionally in both cases. (We were doing so conditionally for
qtui before.)
Set CMAKE_AUTO{MOC,UIC,RCC} if we're running CMake 3.20.0 or 3.20.1 in
order to work around CMake issue 22085, otherwise set the AUTOMOC,
AUTOUIC, and AUTORCC properties for the qtui target. The latter is
preferred since it keeps us from running Qt's meta-object, user
interface, or resource compilers on code outside of ui/qt. Ping #17314.
When button is pressed or triggered by shortcut, it opens same
window as before.
User can click small arrow next to button and it open menu with all
new actions e.g. Set/Add/Remove for RTP Player.
Documentation updated.
Code is NOT able to do VAD (Voice Activity Detection) so audio silence
(sequence of equal samples) nor noise are not recognized as silence. Just
missing RTP (Confort Noise, interupted RTP, ...) and muted streams are
recognized as silence for this feature.
User can control duration of shortest silence to skip.
Updated documentation.
Most of the time, the return value tells us nothing useful, as we've
already decided that we're perfectly willing to live with string
truncation. Hopefully this keeps Coverity from whining that those
routines could return an error code (NARRATOR: They don't) and thus that
we're ignoring the possibility of failure (as indicated, we've already
decided that we can live with string truncation, so truncation is *NOT*
a failure).
New advanced settings are created:
- rtp_player_use_disk1 - controls if decoded samples are stored in
memory or on disk.
- rtp_player_use_disk2 - controls if dictionary for decoded samples
is stored in memory or on disk.
- documentation updated
Audio for play is now decoded and stored without silence parts.
Changes:
- ui/qt/utils/rtp_audio_file.cpp created to handle silence skipping
- ui/qt/rtp_audio_stream.cpp refactored to support it
- Fixed issue with exporting streams: File synchronized export was missing
leading silence.
- No line is shown in waveform graph if there is silence
At times the presence of the packet-list hover_style colorization can make
it difficult to determine the state of the packet directly under the mouse
cursor. This forces the user to move the mouse cursor away from the
packet-list row to reveal the next colorization state. The packet-list row
colorization style precedence, from highest to lowest, is: hover_style,
Selected, Ignored, Marked and then coloring rules.
This patch adds a new 'Packet List settings:' checkbox option 'Enable
mouse-over colorization'. By default the supporting preference
`gui.packet_list_hover_style.enabled` will be enabled (TRUE). When this
checkbox is disabled, the packet-list hover_style (mouse-over)
colorization will not be used.
Remove the editor modeline blocks from the source files in ui that use 4
space indentation by running
perl -i -p0e 's{ \n+ /[ *\n]+ editor \s+ modelines .* shiftwidth= .* \*/ \s+ } {\n}gsix' $( ag -l shiftwidth=4 $( ag -g '\.(c|cpp|h|m|mm)') )
This gives us one source of indentation truth for these files, and it
*shouldn't* affect anyone since
- These files match the default in our top-level .editorconfig.
- The one notable editor that's likely to be used on these files and
*doesn't* support EditorConfig (Qt Creator) defaults to 4 space
indentation.
When user press S(elect)/D(eselect) key, all RTP streams related to
selected call/calls are selected/deselected in RTP Streams window. If
window is not shown, it is opened.
Documentation updated.
1. In order to keep error bars and scatterplot in-sync for segment and
SACK graphs, tell QCustomPlot that the data is already sorted when
adding it to scatter plots. [ Otherwise it will re-sort the data and
potentially get out-of-sync with the error bars graphs ]
2. Clear and hide error bars plottables in fillGraph() similar to what
is done for other graphs. [ otherwise QCustomPlot may attempt to draw
error bars on graphs where they are not relevant ]
3. Do not mark window update packets as duplicate acks.
Changes:
- RTP Player added to Telephony/RTP menu.
- When openning RTP Analysis or RTP Player from RTP menu, just selected
stream is added. When Ctrl is hold during opening, reverse stream is
searched and added too.
- RTP Player: Added tool to select/deselect all inaudible streams
- RTP Player: Added Prepare Filter button
- RTP Player: Added Analyze button
- RTP Analysis: Added Prepare Filter button
- documentation updated
Code changes:
- RTP Player::rescanPacket() is not fired multiple times during rate change and during dialog creation
- Error shown in RTP player is cleared after every new decode of streams
- RTP Player handles case when Qt do not emit stop stream event
- "Select" menu code unified between dialogs>
- RTP Player: Audio routing menu unified
- buttons are connected to actions by signals()
- Analyze dialog is called by list of rtpstream_id, not rtpstream_info
QCustomPlot's adaptive sampling decimates the data to be plotted based
on the screen resolution. Specifically, if many data points fit within
the same pixel on the X (key) axis, then QCustomPlot attempts to plot
only the min value, the max value, and a few values in-between to
maintain a good "density" on the Y (value) axis.
The density QCustomPlot wants is about one datapoint for every 4 pixels
covered by the value range of a single X (key) pixel. Unfortunately,
this calculation is flawed if all values also fit within a single pixel
on the Y (value) axis - so this change fixes that bug.
Initialize the exit status before the loop, and just break out of the
loop if something fails, so that the code following the loop can destroy
the console in Wireshark on Windows and then go to the clean exit code.
On Windows, rather than creating and destroying the console twice for
each interface, just create it when we start printing and destroy it
when we finish printing.
Retap and UI response are much faster when many RTP streams are
processed. RTP Streams/Analyse 1000+, RTP Player 500+.
Changes:
- RTP streams are searched with hash, not by iterating over list.
- UI operations do not redraw screen after every change, just after all
changes. UI is locked when rereading packets.
- Sample list during RTP decoding is stored in memory so wireshark uses
just half of opened files for audio decoding than before.
- Analysis window checkbox area is limited in height
- Dialogs shows shows count of streams, count of selected streams and
count of unmuted streams
- Documentation extended with chapter about RTP decoding parameters
- Documentation extended with performance estimates
In dumpcap, if we're being run by TShark or Wireshark, if there are no
link-layer types, just provide an empty list to our caller; let them
construct an empty list of link-layer types when they read our output.
In the code that reads that list, don't report an error if the list is
empty, rely on the caller to do so.
Have capture_opts_print_if_capabilities() do more work, moving some
functions from its callers to it.
Replace the Wireshark code for that with code that matches what TShark
does.
Update a comment in TShark while we're at it.
Fixes#14215.
(Still leaves it popping up the full window, but that's a bigger
change.)
"Commonly-used" meaning "used by more than one source file".
Clean up the exit codes, combining some duplicates with different names,
and using some instead of raw numbers in some places.
Changes:
- Added description of playlist idea and related operations
- Added description of RTP Player dialog
- Added description of VoIP Calls dialog
- Added description of Flow Graph dialog
- Added help link to Flow Graph dialog
- Added description of RTP Streams window
- Added description of RTP Stream Analysis window
- Updated related past images
Calling cmake with -DENABLE_VLD=ON when building with Visual Studio,
results in debug configuration being linked to Visual Leak Detector.
By default, Visual Leak Detector outputs the leak summary to Visual
Studio debug window. When ENABLE_VLD is active, VLD is linked to all
wireshark libraries and executables.
Changes:
- Fixed issue with hanging the player. The issue is in Qt - internal
Mutex is locked when Qt calls outputStateChanged() and you can't call
any other action on the audio object
- Fixed issue when play marker stream was running forever
- Removed !1855 because it introduces delay on play on Windows platform
QPainter::HighQualityAntialiasing is obsolete and ignored
(https://doc.qt.io/qt-5/qpainter.html#RenderHint-enum) since
at least 5.6, so use Antialiasing instead, as indicated by the docs.
(https://doc.qt.io/archives/qt-5.6/qpainter.html#RenderHint-enum)
Explicitly cast a long to an int, like already done on line 21080.
Put in a break to suppress an overly aggressive fallthrough warning
on g++ (all values of an enum are tested, so it cannot actually fall
through.)
Add redrawVisiblePackets() to respond to user triggered event to
promptly trigger updates to the frame.marked field text when displayed
in the packet list.
Without this patch, if frame.marked is added as a custom column, updates
to the packet lists's frame.marked field text of packets will not be
immediately reflected in the packet list until some other event such as
adding a packet comment or ignoring a frame ultimately triggers
redrawVisiblePackets().
QCustomPlot 2.1.0 was just released (Mar 29, 2021) and officially supports
Qt 5.12-6.0, which in order to support we've been patching it
internally. Update to this latest external version (after removing
the whitespace at the end of a bunch of lines internal to comments.)
(https://www.qcustomplot.com/index.php/download) Edited to include
the permission from the author Emanuel Eichhammer to use the GPLv2.
(Does someone need to ask if that permission applies to 2.1.0?)
Ping #17144 and #17163 but those bugs appear to still be here.
Features:
- saves multiple streams (all selected and unmuted)
- saves streams same way they are played (jitter buffer, sampling, ...)
- only streams with audio (play rate >0) are exported
- streams with play rate == 0 are silently ignored even selected for
export
- all exported streams must use same play rate (user can change it
before save)
As noted in be2b0fc810, we need to set CMAKE_AUTO* before searching for
Qt packages when using 3.20.0 and later. However, this fails if we're
using CMake 3.9.6 or earlier. Set CMAKE_AUTO* where needed depending on
our CMake version.
Ping #17314.
Features:
- saves multiple streams (all selected and unmuted)
- saves streams same way they are played (jitter buffer, sampling, ...)
- only streams with audio (play rate >0) are exported
- streams with play rate == 0 are silently ignored even selected for
export
- all exported streams must use same play rate (user can change it
before save)
Tool allows a user to replay at specific rate when there is any issue
with autodetected rate by payloads.
Offered rates are provided by selected audio device.
Changes:
- refactored main_dialog handling of telephony dialogs
- RTP Player dialog is nonmodal now and can be left open
- it is possible to issue three actions on RTP Player dialog from other
dialogs (other dialog have selected set of RTP streams before action)
- replace - removes existing streams from RTP dialog and shows new set
- add - adds new set to existing list in RTP dialog
- remove - remove streams in set from list in RTP dialog
- Sequence Dialog:
- was modified to hold rtpstream_info_t for RTP streams
- added Play button
- VoIP features (RTP Play button, select/deselect RTP stream) are
disabled after creation and must be enabled. It handles that RTP
Play button is not shown e.g. in TCP sequence show
The distinction between the different kinds of capture utility
may not warrant a special subfolfer for each, and sometimes the
distinction is not be clear or some functions could stradle
multiple "categories" (like capture_ifinfo.[ch]).
Simplify by having only a generic 'capture' subfolder. The
separate CMake libraries are kept as a way to reuse object code
efficiently.
Changes:
In nearly all cases decoding match content of capture. The exception is #2270,
where timestamps do not match recorded time which causes discrepancy in
decoding.
Decoding of audio correctly follows different soundcard rates.
RTP Player shows first sample rate in each stream in place of rate of playing.
Fixed incorrect time axis calculation
Fixes#16837Fixes#4960Fixes#2270
Changes:
- epan/follow.c: follow_conv_filter_func has new parameter
epan_dissect_t *edt, so filter can be generated based on decoded tree
of packet below the cursor
- menu Follow/SIP Call is enabled when sip packet is selected
- value of sip.Call-ID is used as filter for SIP call
- for sharkd it generates filter just 'sip.Call-ID' with no value
When RTP stream has no setup frame, but is decoded by Decode as or
with rtp_udp active, setup frame was shown as SETUP <number>, but
correct is RTP <number>.
Enable CMAKE_AUTOMOC, CMAKE_AUTOUIC, and CMAKE_AUTORCC before searching
for Qt packages. This is apparently required for CMake 3.20.0 and later.
Fixes#17314.
disabled RichText in regex text input, to prevent invisible
formatting from getting passed to the regex engine
fixed a issue where fields matched by duplicate groups would
not be parsed
Modularized the parser backend slightly to have the needed hooks
Modified the timestamp format slightly to enable arbitrary postion for
second fractions
Added a regex based seeking parser for textfiles as frontend alternative
to text_import_scanner.l
Regex is using the GLib implementation
Supported frame-data formats are bin, hex, oct and base64
Regex based importing UI
Fixed Meory-leak in ImportTextDialog::exec()
A new tab was added to the text_import ui to accomodate the new fields
Hints are available and styled accordingly
Changes:
- all waveforms has common scale therefore louder/quiter signal is visible
- when stream/streams are deleted from view, Y axis is rescaled and
waveforms are rearranged to reuse empty space
Legend and it's elements were shown only when first waveform requires it.
Patch fixes it and all legend elements are shown when required by any
waveform.
Visual waveform is derived from decoded audio. When audio is decoded
incorrectly, waveform now shows it.
E.g. on issue 14401 is now audio play aligned with waveform, but it
exhibits that decoded audio is incorrect - about two times longer than
pcap!
Changes:
- samplefile_ renamed to sample_file_
- tempfile_ is renamed to temp_file_
- decode() is separated to decodeAudio and decodeVisual
- Frame info stores frame len and frame_num for every frame. We must hold
it per frame as it may change in time. Info is stored in separate temp file
as waveform samples.
Give details on what happens when running Wireshark from a GUI on
UN*Xes, or, at least, on {macOS,Ubuntu+GNOME,Ubuntu+KDE}, although
it's probably similar on other UN*Xes and on other desktop environments.
Have routines to report capture-file errors, using libwireshark error
codes and strings, that call through a pointer, so they can pop up
dialogs in GUI apps, print a message to the standard error on
command-line apps, and possibly do something different on server
programs.
Have init_report_message() take a pointer to structure containing those
function pointers, rather than the function pointers themselves, as
arguments.
Make other API changes to make that work.