Sometimes you have a capture file that has many duplicate frames
because of how the capture was made, and its convenient to ignore
the duplicates so you can concentrate on the data and not all
the TCP warnings.
This adds a preference in the "Protocols" section to ignore
duplicates. This currently only works while reading a capture file
*not* during a live capture.
The Column prefs were moved to a submodule, so the name needs to
be obtained from the parent module instead of the module found,
unlike other modules.
The Column preference names themselves were also changed in addition
to the module. Wait until checking both the module name and the
preference name before printing a warning to the user that a preference
has been converted to a new name, so that the correct name is displayed.
This also means that we print the warning message now for the preferences
that just had their names changed, not the modules.
Fix#19043
Move the deprecated column check functions from the prefs
file to the (Wireshark internal use) column files. Make
them public so that the recent file checking can use them.
This keeps column handling in one place.
Make the recent file column width checking able to convert
a deprecated column to a custom column the same as the main
prefs file.
Allows the user to hide the legend of the IO Graph.
This becomes handy as the legend may hide some graphs and it is
unfortunately not very helpful in many cases.
Move MaxMind lookups to a global Name Resolution preference.
That's a bit of a misnomer (it's not name resolution, but it
is using external sources of data to update information about
a network object), but the MaxMind DB path location is already there.
This means that MaxMind lookups can be disabled with the '-n'
option, and enabled with a 'g' for the '-N' option. This is
significant for tshark, because MaxMind lookups are now synchronous.
Disabling the new global preference also keeps the Endpoints window
from doing MaxMind lookups; currently, even if the IPv4 and IPv6 GeoIP
prefs are disabled the data is still looked up and inserted in the
Endpoints window.
Fix#14692
Reduce the default update interval for dumpcap to notify its parent
of new packets (or to check if we've met file duration, etc.) from
500 ms to 100 ms, and put in the capture options.
This makes the GUI appear to update more in real time rather than
in visible batches of packets.
This also reduces the amount of ring buffer space needed in cases
where we're doing dissection, and dissection is able to keep up,
but the files can be deleted before tshark gets to them because of
the notification lag. (See #1650.)
Introduce a preference for the number of rows whose column text can
be cached, and allow sorting of the packet list only when the
number of displayed rows can fit in the cache. This preference only has
an effect for sorting based on columns that require dissection and
caching the column text. This reduces the number of dissections from
O(N log N) to N. Subsequent sorts are even faster.
Columns based on frame data are unaffected, as they sort much faster
as dissection is not required.
Set the size of the QCache introduced in 8c6854fb65 based
on this preference.
Send a temporary status message to the status bar if we try to sort
but there are too many rows, explaining why sorting did not happen and
that the layout preferences can be changed.
Ping #18741
This removes the last dependency of the logging subsystem on the
preferences module. The latter is started much later than the former
and this is an issue.
The Windows-only preference "gui.console_open" is stored in the
registry as HKEY_LOCAL_USER\Software\Wireshark\ConsoleOpen. The semantics
are exactly the same. The preference is read by the logging subsystem
for initialization and then again by the preferences (read/write) so
the user can configure it as before.
The code to store the preference also in the preferences file was
kept, for backward compatibility and because it is not incompatible
with using the Registry concurrently.
The elimination of the prefs dependency also allows moving the Windows
console logic to wsutil and add the functionality to wslog directly,
thereby eliminating the superfluous Wireshark/Logray custom log handler.
To be able to read the ws_log_console_open global variable from
libwireshark it becomes necessary to add a new export macro
symbol called WSUTIL_EXPORT.
Modernize the handling of experimental TCP options based on
RFC 6994. In particular use ExID instead of magic (which
in the context of RFC 6994 are the last two bytes of a
32-bit ExID) and add a desciption of ExID based on the
current state of the IANA registry.
Remove callback function from pref registrations for dissectors that
don't need a callback. In other dissectors, move registration that
only needs to be done once inside the check for initialization,
avoiding some console messages when preferences are changed
("Duplicate dissectors (anonymous) and (anonymous) for protocol...")
and the like.
Add a couple auto preferences for dissectors missed in previous waves.
Ping #14319
Convert SCTP port preferences in dissectors starting m-z.
Preferences that were already the name of the table can just
be removed from the dissector and they will migrate. Preferences
with a different name are added to deprecated_port_prefs in
epan/prefs.c (Since that function handles them there is no
need to mark them as obsolete.)
Also change a few TCP and UDP single ports reigstered with
preferences and callbacks that used the sample dissector as
a template.
Uses more auto preferences, makes more port preferences ranges,
and reduces the number of preference callbacks. Ping #14319
Similar to commit 2eb7b05b8c,
replace the RTP payload type preferences with automatic
dissectors.
This reduces the number of preference module callbacks.
prefs_find_module() looks up a module by module name, which is
the same as the protocol filter name, case-insensitively.
dissector_table_get_dissector_handle() looks up a dissector handle
in the table by the protocol short name (which is the module _title_)
deprecated_port_pref() used the same string for both lookups.
For some protocols this worked, because the short name is the same
as the filter name only with different capitalization. For others,
it either wouldn't find the module to add to the migrated preference,
or wouldn't find the dissector handle in order to set Decode As
properly.
Fix this, by using the module title for the second lookup, and
changing all the module_name values to be correct. For good
measure, change all the module names that happened to work because
they're differently-cased versions of the filter name in order
to avoid confusion when new entries are added.
Custom column expressions do not need to be limited to COL_MAX_LEN.
The size of the expression does not have any necessary relationship
to the size of the column contents, especially in the common case of
many semantically equivalent different fields from different protocols,
only one of which appears in any given frame.
The only place that actually does limit the length of custom
custom expressions is in reading the preferences. Use a GString
instead of allocating a buffer to COL_MAX_LEN when constructing
the string. In normal cases, this should decrease temporary
memory usage. Fix#16905
Make the default UI layout "packet list on top, packet detail and bytes
side by side". This is more space efficient on modern displays and is
the first thing I change when using the default profile.
Replace:
g_snprintf() -> snprintf()
g_vsnprintf() -> vsnprintf()
g_strdup_printf() -> ws_strdup_printf()
g_strdup_vprintf() -> ws_strdup_vprintf()
This is more portable, user-friendly and faster on platforms
where GLib does not like the native I/O.
Adjust the format string to use macros from intypes.h.
This adds some custom logic to check if we were given
the obsolete 'console.log.level' setting from the CLI
arguments, that specified the log level using a bitmask
copied from GLib. If we find that map the bitmask to a
wslog log level.
In any case the option is not removed from the argv (unlike
other wslog arguments like --log-level, etc.).
Adds deprecation warning for 'console.log.level' printed to
the console.
Related to #17763.
Registering a preference module for a protocol filter name with
upper case letters aborts the program. Relax this restriction to
conform with the rules for protocols. The recommendation is still
to use all lower-case letters.
Fixes 070aeddf76.
Adds a checkbox 'Automatic Update' to the IO Graph to enable or disable
rescans and recalculation of graph data temporarily. This is useful when
you want to modify settings of multiple graphs without triggering a rescan
with every change of a single setting. This becomes useful for large trace
files in particular.
Rescan or recalculation events are queued while 'Automatic Update' is not
active. Checking 'Automatic Update' triggers the queued updates.
The setting for 'Automatic Update' is stored in a preference.
A german translation for 'Automatic Update' is included.
This header was installed incorrectly to epan/wmem_scopes.h.
Instead of creating additional installation rules for a single
header in a subfolder (kept for backward compatibility) just
rename the standard "epan/wmem/wmem.h" include to
"epan/wmem_scopes.h" and fix the documentation.
Now the header is installed *correctly* to epan/wmem_scopes.h.
Experience has shown that:
1. The current logging methods are not very reliable or practical.
A logging bitmask makes little sense as the user-facing interface (who
would want debug but not crtical messages for example?); it's
computer-friendly and user-unfriendly. More importantly the console
log level preference is initialized too late in the startup process
to be used for the logging subsystem and that fact raises a number
of annoying and hard-to-fix usability issues.
2. Coding around G_MESSAGES_DEBUG to comply with our log level mask
and not clobber the user's settings or not create unexpected log misses
is unworkable and generally follows the principle of most surprise.
The fact that G_MESSAGES_DEBUG="all" can leak to other programs using
GLib is also annoying.
3. The non-structured GLib logging API is very opinionated and lacks
configurability beyond replacing the log handler.
4. Windows GUI has some special code to attach to a console,
but it would be nice to abstract away the rest under a single
interface.
5. Using this logger seems to be noticeably faster.
Deprecate the console log level preference and extend our API to
implement a log handler in wsutil/wslog.h to provide easy-to-use,
flexible and dependable logging during all execution phases.
Log levels have a hierarchy, from most verbose to least verbose
(debug to error). When a given level is set everything above that
is also enabled.
The log level can be set with an environment variable or a command
line option (parsed as soon as possible but still later than the
environment). The default log level is "message".
Dissector logging is not included because it is not clear what log
domain they should use. An explosion to thousands of domains is
not desirable and putting everything in a single domain is probably
too coarse and noisy. For now I think it makes sense to let them do
their own thing using g_log_default_handler() and continue using the
G_MESSAGES_DEBUG mechanism with specific domains for each individual
dissector.
In the future a mechanism may be added to selectively enable these
domains at runtime while trying to avoid the problems introduced
by G_MESSAGES_DEBUG.
Default to taking the VLAN ID into account when reassembling only
for private IPv4 addresses as defined by RFC 1918 and for link-local
addresses. Otherwise, do not take the VLAN ID into account unless
the "Enable stricter conversation tracking heuristics" preference
is enabled. Fixes#14356.
prefs_set_pref should allow the value of a preference argument set with
'-o pref:value' to be an empty string. Some of the types, like string
and range preferences, can and should be set to empty strings in some
cases. For types that wish to reject empty strings as a syntax error,
that can happen later in set_pref based on type, as already done for
PREF_UINT. Fixes#17199
New advanced settings are created:
- rtp_player_use_disk1 - controls if decoded samples are stored in
memory or on disk.
- rtp_player_use_disk2 - controls if dictionary for decoded samples
is stored in memory or on disk.
- documentation updated
At times the presence of the packet-list hover_style colorization can make
it difficult to determine the state of the packet directly under the mouse
cursor. This forces the user to move the mouse cursor away from the
packet-list row to reveal the next colorization state. The packet-list row
colorization style precedence, from highest to lowest, is: hover_style,
Selected, Ignored, Marked and then coloring rules.
This patch adds a new 'Packet List settings:' checkbox option 'Enable
mouse-over colorization'. By default the supporting preference
`gui.packet_list_hover_style.enabled` will be enabled (TRUE). When this
checkbox is disabled, the packet-list hover_style (mouse-over)
colorization will not be used.
In our first pass through our options, look for ones that might require
extcap. Call extcap_register_preferences() only when that's the case.
Warn about missing extcap preferences only when we've loaded them.
Preferences are extended with advanced settings:
gui.decimal_places1 - 2
gui.decimal_places2 - 4
gui.decimal_places3 - 6
rtp_analysis_dialog, rtp_player_dialog and rtp_stream_dialog uses new settings
for formating numbers. Same information in all dialogs uses same settings.
It solves request #15481.
Note: Other UI dialogs can be adapted later.
Adds a pre-commit hook for detecting and replacing
occurrences of `g_malloc()` and `wmem_alloc()` with
`g_new()` and `wmem_new()`, to improve the
readability of Wireshark's code, and
occurrences of
`g_malloc(sizeof(struct myobj) * foo)`
with
`g_new(struct myobj, foo)`
to prevent integer overflows
Also fixes all existing occurrences across
the codebase.
Move the maximum number of tree items and maximum tree depth to
preferences instead of hardcoded values. Refer to issue #12584 for
an example VNC capture where real data exceeds the current limit.