Previously, Wireshark was sorting all packets in a capture,
regardless whether they were actually visible or not. If you
are working with large PCAPs & filters, this is a MASSIVE
performance drag. Therefore, this commit changes this
by only sorting the visible packets which boosts the
sorting performance in filtered views massively.
Generate filter expressions for columns with multiple occurrences
by using the membership operator (which is semantically OR).
It's not clear if this approach makes more sense than AND;
there's use cases for both.
Don't do this for multifield custom columns, since we don't know
which values were found by which field. That takes changing
the column logic in several places.
Ping #18001
When running the profiles dialog from the main status bar,
some objects appear to be not cleaned up properly with Qt 6.
This will circumvent this, by creating an object for the
dialog and cleaning it on closing.
Fixes#18525
The context menu falsely assigns the proxied index to the context menu
entries, therefore always selecting the wrong model index for the
resulting functions.
Fixes #18xxx
Qt5's QFont::fromString() isn't compatible with Qt6's QFont::toString().
If we were built with Qt5, don't try to process a font preference that
was created by Qt6.
Fixes#18553
1) In English-language menus, menu item text should use title case, with
most words capitalized. (I leave it to the Transifexors to capitalize
appropriately for other languages.)
2) Menu items that pop up dialogs should have "..." at the end of the
text.
The C language does not guarantee that "char" is signed or unsigned; it
just states that it's "implementation-dependent".
At least some C compilers for some architectures make it unsigned, so
you need "signed char" to get a signed value. In particular, it's
unsigned for most ARM compilers (compilers for Darwin-based OSes such as
macOS make it signed on all platforms, including ARM), which causes a
warning about "ba[i] < '\0'" always being false.
The purpose of that test is to check for octets that correspond neither
to ASCII printable characters nor ASCII control characters; just test
with !g_ascii_isprint(ba[i]) && !g_ascii_iscntrl(ba[i]). (Those are
macros, so it's not as if that adds any subroutine call overhead.)
Add some comments to explain what's being done in
ShowPacketBytesDialog::symbolizeBuffer() while we're at it. (Not one of
the better uses of C++ polymorphism, giving "replace the octet at this
location with this sequence of octets" and "replace all octets equal to
this value with this sequence of octets" the same name, even though what
they do differs significantly. I would have called one replace_at and
the other replace_all or something such as that, but the Qt developers
didn't ask me....)
QFontMetrics::leading() was zero for Consolas on Windows in Qt5, but is
nonzero in Qt6. This revealed that we were inconsistently using height()
and leading() to calculate our line height. Just use lineSpacing()
instead.
Fixes#18438.
This change adds computed values for reports, sequence analysis between
segments, conversation and endpoint taps, and a new statistics menu
and dialog.
MS-DOS Date and MS-DOS Time are packed 16-bit values
(https://learn.microsoft.com/en-us/windows/win32/sysinfo/ms-dos-date-and-time)
and when combined they make a 32-bit value.
In the original minizip that comes with zlib, the combined dosDate
parameter is a uLong, which is 64 bits on LP64 platforms. In minizip-ng,
it is a uint32_t.
At one point, minizip-ng renamed the dosDate struct member of
zip_fileinfo to dos_date, but more recent versions changed it back
to dosDate for compatibility, except the size remains different,
so our compatibility check can't distinguish the size.
clang (and possibly other compilers) complain about shortening a 64 bit
unsigned long to a uint32_t so make the return value from our
qDateToDosDate a uint32_t as it should be to avoid warnings on
distributions with minizip-ng
Also the maximum year value that can be stored in the format is
127, since it occupies bits 9-15 of the MS-DOS Date. (There was
probably some confusion since the maximum year is 2107, but its
offset from 1980, not 1900.)
As the Qt6 QString::QString(const QByteArray &ba) documenation says:
"Note: any null ('\0') bytes in the byte array will be included in this
string, converted to Unicode null characters (U+0000). This behavior is
different from Qt 5.x."
Make sure FieldInformation::toString() truncates its display label byte
array before converting it to a QString.
Fixes#18428
This removes the last dependency of the logging subsystem on the
preferences module. The latter is started much later than the former
and this is an issue.
The Windows-only preference "gui.console_open" is stored in the
registry as HKEY_LOCAL_USER\Software\Wireshark\ConsoleOpen. The semantics
are exactly the same. The preference is read by the logging subsystem
for initialization and then again by the preferences (read/write) so
the user can configure it as before.
The code to store the preference also in the preferences file was
kept, for backward compatibility and because it is not incompatible
with using the Registry concurrently.
The elimination of the prefs dependency also allows moving the Windows
console logic to wsutil and add the functionality to wslog directly,
thereby eliminating the superfluous Wireshark/Logray custom log handler.
To be able to read the ws_log_console_open global variable from
libwireshark it becomes necessary to add a new export macro
symbol called WSUTIL_EXPORT.
This adds a new attribute that allows declaring Wireshark
functions as deprecated.
Also disabe -Werror with deprecated declarations Deprecated
declarations can be introduced suddenly with a new version
of an external dependency or a new internal deprecation and
that has its own timeline to fix. We should still be able to
build with -Werror in that case.
There are many screens with a display filter edit box but they should
not wallop the status line on the main window. Display syntax errors
on the local window in "hints" area.
Only update Status Line message when editing a display filter in the
Filter toolbar or Find Packet toolbar.
All source files should have COMPILE_FLAGS applied, not just
ui/qt/*.cpp.
This fixes setting -Werror on the Qt build, since that is
the only custom C++ compilation flag we are using at the moment.
Use size() instead, which is exactly the same as count(), and
is not deprecated. Seems to exist in all out supported Qt
versions, as far as I can tell.
warning: ‘qsizetype QByteArray::count() const’ is deprecated: Use size() or length() instead. [-Wdeprecated-declarations]
257 | while ((int) (row_y + line_height_) < widget_height && offset < (int) data_.count()) {
| ~~~~~~~~~~~^~
Cast away bogus deprecation created by deprecating
setTextAlignment(int, int) without fixing textAlignment()
to not return int.
```
error: ‘void QTreeWidgetItem::setTextAlignment(int, int)’ is deprecated: Use the overload taking Qt::Alignment [-Werror=deprecated-declarations]
597 | wn_ti->setTextAlignment(col, ws_dlg->statsTreeWidget()->headerItem()->textAlignment(col));
| ~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/include/qt6/QtWidgets/qtreewidget.h:105:17: note: declared here
105 | inline void setTextAlignment(int column, int alignment)
| ^~~~~~~~~~~~~~~~
```
error: conversion function from 'gchar *' (aka 'char *') to 'QVariant' invokes a deleted function
return entry->hostname;
^~~~~~~~~~~~~~~
/usr/include/qt6/QtCore/qvariant.h:199:5: note: 'QVariant<char *, false>' has been explicitly marked deleted here
QVariant(T) = delete;
^
Follow up to !8151
Calls to setData are wrapped with beginResetModel/endResetModel
so don't call emit dataChanged() (per Qt suggestion)
Fixes "As the loop is worked, the size of the parents shrinks
with each item processed."
Set a minimum width for the stream and substream number spinboxes in the
"Follow" and "TCP Stream Graphs" dialogs. This provides a larger click
target and should make editing easier.
Fixes#18265.
Change anything that matches
grep -Eir '(signal|slot) *\( *on_action' ui
to new-style connections so that we can catch any future direct
connection conversion issues at compile time.
Change a connection from on_actionCaptureOptions_triggered to
showCaptureOptionsDialog and make showCaptureOptionsDialog public. Fixes
an issue introduced in fcdb77dc.
Search is tried as user enter regex string. Regex will be
invalid as they type it (starts with "\" or fat fingered "*")
If Wireshark is run from command line, error line is generated
for every attempted match in the search list.
** (wireshark:8344) 00:29:15.353028 [GUI WARNING] --
QString::contains: invalid QRegularExpression object
This reverts commit 248955d614.
It speeds up the loop when type_ is EveryWhere (see: enum SearchType)
but a hang or crash for other combinations of type_ and protocolType_.
In Only enabled/disabled protocols lists, the rowCount decreases
as item state is changed in the parent. An equlibrium point is
reached at halfway when rows processed == remaining size of list.
Grab a static rowcount before entering the loop.
The correct place to delete the dissector_info_t pointers added
to the editor is when destroyEditor is called. Override the
virtual function and delete the pointers for the colProtocol
index before calling the inherited function.
Fix#17127
Instead of having the UI have to know about each type of follow
stream, and how to retrieve its total number of streams, have
each follow type register a function that returns the total
number of stream. (The function can be NULL, for protocols like
SIP that do not use this.)
This gets us closer to making follow stream registration generic.
Rename dissector_handle_get_long_name() and
dissector_handle_get_short_name() to
dissector_handle_get_protocol_long_name() and
dissector_handle_get_protocol_short_name(), to clarify that they fetch
names for the protocol that the dissector dissects, not for the
dissector *itself*. Leave a deprecated
dissector_handle_get_short_name() wrapper, and export
dissector_handle_get_protocol_long_name(), as it's now used in some
dissectors.
Change some calls to dissector_handle_get_description() back to
dissector_handle_get_protocol_short_name(), as they appear to be made in
order to display a *protocol* name.
Rename some methods, variables, enums, and table column names to reflect
cases where the dissector description is being used.
Similar to work done in !8070 and !8072 to move off a function
that was deprecated in Qt5 and obsoleted in Qt6. Also migrate to
syntax laid out in !4560 and !4565.
It defaults to the short name of the protocol dissected by the
descriptor, but it's now possible to register a dissector with an
explicit description.
This is mainly for use in the Decode As UI. It handles the case where
the same protocol might have different "Decode As..."-specifiable
dissectors for different situations.
Prevent crash due to premature menu object deletion caused by call to
QCoreApplication::processEvents() by executing the slot only after menu
handling has finished.
Fixes#18251 and #18270
Qt6 removed QComboBox:currentIndexChanged(QString), which had
previously been deprecated in favor of the version with an int.
Switch to using the supported function, so that the comboboxes
work.
The models used for the resolved addresses require that the
source models be set first before setting other properties,
so do that so that filtering works.
For some reason the portTypeModel has to indicate that the
port number column is numeric in order for the ports to
numerically sort instead of lexicographically, so do that too.
Add the Ethernet addresses in their specific groups (Addresses,
Manufacturers, Well-Known Hosts) instead of adding them all
to the Well-Known hosts groups, so that that filtering works.
Fix#18087
QComboBox::currentIndexChanged(QString) has been marked
obsolete for a while and finally removed in Qt 6 in favor
of currentIndexChanged(int) and currentTextChanged(const QString)
Use QComboBox::currentTextChanged(const QString) instead.
Also do a little bit of checking to see if the return value
of dcerpc_get_proto_sub_dissector is NULL.
Fix#18319.
QFileDialog.accept() emits the filesSelected signal when the
dialog is accepted but before it calls QDialog.accept().
Connect our dialogAccepted function the filesSelected signal
instead of the accepted signal, so that all the exporting
happens sooner, before the ExportDissectionDialog gets
closed (and then deleted, since DeleteOnClose is set on the
dialog.)
This fixes use-after-free and segfaults in Qt 6.3 (which changed
things so that QDialog and widgets that inherit from it get closed
earlier.) Fix#18318
Add lricon.svg and lriconinst.svg, which provide the core graphic
element for the various Logray icons. Add lricon*.png, which were
created using the templates at
https://developer.apple.com/design/resources/. Add Logray.icns,
logray.ico, and lograyinst.ico, and use them in various packaging
resources.
Add Percent-encoding to the list of encoding types that Show
Packet Bytes can handle.
There's a function added to glib 2.66 to handle this for arbitrary
bytes that might have internal nulls (and which allows the result
to be non UTF-8), but we don't require that version yet, so extend
the existing function.
Related to #1084
A conversation in Wireshark might have two endpoints or might have no
endpoints; few if any have one endpoint. Distinguish between
conversations and endpoints.
In the case that this is being called with an address type that
is neither IPv4 or IPv6, make sure that the char array used
to construct the QString is null terminated so that there's no
warning about using addr uninitialized or a possible strlen running
off the end.
gcc 12.1 thinks that there's a signed/unsigned qsize issue with
the Qt6 sources. Enable compilation until this gets fixed upstream.
/usr/include/qt6/QtCore/qarraydataops.h:98:17: error: ‘void* memcpy(void*, const void*, size_t)’ specified size between 9223372036854775808 and 18446744073709551615 exceeds maximum object size 9223372036854775807 [-Werror=stringop-overflow=]
98 | ::memcpy(static_cast<void *>(this->end()), static_cast<const void *>(b), (e - b) * sizeof(T));
| ~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The "conversation table" mechanism supports two types of tables, one for
the "Conversations" menu item under "Statistics" and one for the
"Endpoints" menu item under "Statistics". The first of them shows
statistics for conversations at various layers of the networking stack;
the second of them shows statistics for endpoints at various layers of
the networking stack.
The latter is *not* a table of hosts; an endpoint might be a host,
identified by an address at some network level (MAC, IP, etc.), or it
might be a port on a host, identified by an address/port pair.
Some data types, function names, etc. use "host" or "hostlist" or other
terms that imply that an endpoint is a host; change them to speak of
endpoints rather than hosts, using names similar to the corresponding
functions for conversations.
Provide wrapper functions and typedefs for backwards source and binary
compatibility; mark them as deprecated in favor of the new names.
Clean up some comment errors found in the process.
If display filter compilation fails and the expression has a syntax
error and associated location, it will be displayed in the filter
tooltip, using a textual underline.
As far as I can tell using a graphical squiggly underline seems extremely
difficult for an object inheriting from QLineEdit, so the tooltip
textual method was used instead.
Move all the declarations of routines that are internal and
not for use by dissectors from column-utils.h column-info.h
Move the column max length defines into column-utils.h because
dissectors might need that
Since packet.h already includes column-utils.h, dissectors don't
need to include column-utils.h anymore.
Remove or downgrade a few other column header includes that are
unnecessary.
Any time an expert info is added to the Expert Info tap, the
Expert Info GUI tap listener needs to set TAP_PACKET_REDRAW.
draw_tap_listeners(FALSE) is called from MainApplication::updateTaps()
on a timer (controlled by a preference, defaulting to 3 seconds),
and that clears the Expert Info tap's need_redraw flag. The larger
a capture and the more expert infos, the more likely that the timer
can trigger while epan_dissect_run_with_taps() is still generating
more EI entries, but has already generated EIs of all severities
that are present in the capture. This prevents the expertInfoTreeView
from being redrawn at the end when the captureEvent is finished
retapping the packets.
Fix#18232. Fix#16591.
Allow conversation/endpoint tabs that include IP address and
port number to resolve either or both. Currently IP address
(network) resolution is required to resolve tcp/udp ports.
The signal attached "currentIndexChanged" takes only int as argument,
the correct signal is "currentTextChanged". This also fixes a crash
whenever you changed the visible/nonvisible setting for an interface
Check in both editcap and Wireshark to make sure that comments have
fewer than 65536 bytes before accepting them.
This shoudl fix#18235, although there should also be checks in
libwiretap to catch cases where the user interface code doesn't do the
check (it should be done in the UI so that the user gets notified
appropriately).
The TCP and UDP follow conversation filter functions should
only retrieve a conversation and conversation data, not
create new conversations or new stream numbers. (That should
only happen during actual packet processing.) So they should
match on the endpoint type and not look up endpoints (since
TCP and UDP don't use the endpoint API.)
They still don't work with tunneling, or any other situation where
the addresses and ports have been changed (see #18231), but this
at least works when some other protocol _has_ used the endpoint
API, and also avoids creating nonsensical streams.
Making them work properly with tunneling either requires adding
packet info to each packet with the stream information, or using
the endpoint API (after finishing it to allow more than one endpoint
on the packet, and a way of searching for endpoints other than
the most recent.)
Uncapitalize Open Source Software. Prefer the well established umbrella
term "free and open source software". Add specifics about the license
version.
Most references use an hyphen with "open-source". Do that as well.
To maintain familiarity and keep to expectations do an exact copy.
The last sentence to check the man page is an exception because it
is an addenda and recognizing that this clipboard information will
be used mostly in bug reports, it might get annoying.
Move Acknowledgements to a separate file to enable some code
simplification and improve maintenance and discoverability
for acknowlegements.
Convert the Acknowledgements file to Github flavored markdown
and display it in rich text using QTextBrowser.
Add Acknowledgements.md to NSIS installer
GLib watches and timeouts require GLib mainloop iterations. If the GLib
mainloop is not running, then GLib watches and timeouts won't trigger.
Back in the GTK+ days, then GLib mainloop was running on all systems.
Since the Qt transition, GLib mainloop only runs on Linux when Qt does
support it and environment variable QT_NO_GLIB=1 is not set.
Start polling GLib mainloop in separate thread if Qt is not running GLib
mainloop. Note that only the polling is handled in separate thread, the
dispatch and thus all user callbacks execute in the main thread.
Running GLib mainloop when needed enables full GLib functionality on all
platforms and thus allows us to simplify our code by using GLib platform
specific code.
Changes:
- audio rates are fixed, I selected common ones
- fixed signal names - they didn't matched expected autogenerated ones
- first play notification delay on Qt6 compensated
Add the text of the GPLv2 in HTML, taken from the FSF website,
and use rich text to display the license in the GUI.
Move the introductory note about the GPL from the COPYING
license text file to the README.
Remove various other license callouts at the end of the COPYING file
as unnecessary and unhelpful. This information is present in
each source file, where it belongs.
If the packetlist is navigated via the up/down keys, the viewport
may jump, if the cell that is being navigated to, has content that
is greated than what is currently displayed
Fixes#16363
In order to phase out older versions, we recommed 5.12 as a
minimum Qt version going forward. Although build support for
5.10 and 5.11 is not being removed at this point, it might
be for 4.x at a later time.
Add a function to get the column text of the nth column, taking
into account whether the column is resolved or unresolved. Use
this function in the GUI, as well as in tshark, when writing
PSML, exporting dissection to PSML, etc., instead of accessing
col_data directly.
This removes the direct accesses of col_data from outside
column.c and column-utils.c
Fix#18168.
Use QtConcurrent to create and sort widget items. The dialog window is
immediately visible and usable. Search becomes available once all items
are added to the tree.
When compiled with Qt5, all items are added in bulk. Qt6 features new
QPromise interface that makes it possible to add tree items one by one.
Pass comparator function so the list gets sorted alphabetically. Without
the comparator function, the pointer values were sorted. Insert already
sorted data into tree widget and thus remove the redundant sort call.
Use std::stable_sort() instead of std::sort() as stable sort is actually
faster here. The std::stable_sort() tends to do fewer comparisons and
more moves than std::sort(). When sorting QTreeWidgetItem pointers, the
move is very low cost (only the pointer itself is moved) and string
comparison is quite heavy (especially because the strings share common
prefix).
This enables the traffic dialogs to filter data based on the
context menu entries. For instance, one can only show rows,
where the number of packets is not greater than 10
It looks like 1eafee6566 wasn't sufficient to fix the Qt 6 background
paint issue, at least for Qt 6.2.3. Explicitly set our background brush
before filling our rect.
Fixes#18175.
There is no need for nesting event loops when showing menus. Show menus
asynchronously to limit possibilities of hard to debug problems related
to re-entering event loop.
Make it so that "Edit->Preferences->Columns" can also set the
resolved/unresolved status of custom columns. Hide the checkbox
when the fields don't support it (including any non custom
columns.) Also make the checkbox entries in the column list model
not editable.
Fix#15394
Add a textbox to allow for filtering the traffic types
in the conversation and endpoint dialog. The current implementation
allows for an easier growth of the list entries. To ensure that
the user can find the entry he/she/they is looking for fast, add
a textbox for filtering
Not all display filters are valid for custom columns (see #15990).
Use the validation function for custom columns instead of the
display filter validation when adding or editing a custom column
through Edit->Preferences, as the Edit Column in the packet list
header already does.
Revisit this if we ever do expand the list of possible custom
columns.
Nils Hanke
Pau Espin