Avoid displaying duplicate port numbers with transport name resolution disabled and
make some dissector code simpler.
Introduces port_with_resolution_to_str_buf() function and amends UDP/TCP/DCCP/SCTP to
use the new field display type.
Change-Id: Ifb97810b9c669ccbb1a310a2c0ffd6e2b63af210
Reviewed-on: https://code.wireshark.org/review/10625
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Remove variadic macros restriction (c99, c++11 feature) from
README.developer. GCC, Clang, MSVC 2005 all support it.
Enable -Wno-variadic-macros in configure.ac and CMakeLists.txt when
-Wpedantic is enabled (which would enable -Wvariadic-macros).
For all files matching 'define\s*\w+[0-9]\(', replace "FOO[0-9]" by
"FOO" and adjust the macro definition accordingly. The nbap dissector
was regenerated after adjusting its template and .cnf file. The
generated code is the same since all files disabled the debug macros.
Discussed at:
https://www.wireshark.org/lists/wireshark-dev/201209/msg00142.htmlhttps://www.wireshark.org/lists/wireshark-dev/201510/msg00012.html
Change-Id: I3b2e22487db817cbbaac774a592669a4f44314b2
Reviewed-on: https://code.wireshark.org/review/10781
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We've been using QElapsedTimer for a while now with no complaints. It
was introduced in Qt 4.7, which was first released in September 2010.
Change-Id: I21ca768c6a7bab8a08626957583d81fd771c64b4
Reviewed-on: https://code.wireshark.org/review/10732
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
While IPv4 subnet masks are obviously related and similar to IPv4
addresses, they are distinct enough that they need to be treated
seperately in some aspects. For instance, there is no value in
attempting to resolve a subnet mask.
This change creates a new display type: BASE_NETMASK, which allows distinction from FT_IPv4
(and possible name resolution) where appropriate.
Change-Id: I99e19c9a58eb613f8e58d481af84c30e2e5e14d7
Reviewed-on: https://code.wireshark.org/review/10438
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
are registered.
Change-Id: I06f10d96916640cb9a782cae87898a5dd6c9c6e3
Reviewed-on: https://code.wireshark.org/review/10601
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Added a new relational test: 'x in {a b c}'. The only LHS entity
supported at this time is a field. The generated DFVM operations are
equivalent to an OR'ed series of =='s, but with the redundant existence
tests removed.
Change-Id: Iddc89b81cf7ad6319aef1a2a94f93314cb721a8a
Reviewed-on: https://code.wireshark.org/review/10246
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Make sure "-z multicast,stat[,filter]" and "-z wlan,stat[,filter]" work.
Add some missing "-z" items to the man page.
Try to fix some MSVC++ warnings.
Change-Id: Ie18e5355d595e351f000f14d82781dcdf33141c3
Reviewed-on: https://code.wireshark.org/review/10184
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Add more information about the capture file, and about the interface
descriptions in it. Also remove long-unused g_options code.
Change-Id: I93cbd70fc7b09ec1b8b2fd6c85bb885c7f749543
Reviewed-on: https://code.wireshark.org/review/10073
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add the UDP multicast stream dialog. Abuse TapParameterDialog a bit more
so that we can edit parameters.
Remove some unused struct members and an unused function.
Change-Id: I962c70344e792f0959527e4bcba8a20bd7e8acf9
Reviewed-on: https://code.wireshark.org/review/10084
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Refactor the file merging code by removing the duplicate logic from mergecap.c
and file.c's cf_merge_files(), into a new merge_files() function in merge.c.
Also the following user-visible changes:
* Removed the '-T' encap type option from mergecap, as it's illogical for
mergecap and would complicate common merge code.
* Input files with IDBs of different name, speed, tsprecision, etc., will produce
an output PCAPNG file with separate IDBs, even if their encap types are the same.
* Added a '-I' IDB merge mode option for mergecap, to control how IDBs are merged.
* Changed Wireshark's drag-and-drop merging to use PCAPNG instead of PCAP.
Bug: 8795
Bug: 7381
Change-Id: Icc30d217e093d6f40114422204afd2e332834f71
Reviewed-on: https://code.wireshark.org/review/10058
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This option skips some bytes when fuzzing, that prevents some headers from being changed. This focuses fuzzer to a smaller part of the packet.
Change-Id: I1db83235e93f2774a9991e3af70f633487b816fa
Reviewed-on: https://code.wireshark.org/review/9982
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add RpcServiceResponseTimeDialog, which handles DCE-RPC and ONC-RPC
service response time statistics. Try to make it as lightweight as
possible, since we might want to pull this into the RPC dissectors
similar to the other SRT statistics.
Allow program names on the command line in place of numbers or UUIDs. Make
matches case-insensitive. E.g. the following are equivalent:
-z rpc,srt,100003,3
-z rpc,srt,nfs,3
-z rpc,srt,NFS,3
as are the following:
-z dcerpc,srt,f5cc5a18-4264-101a-8c59-08002b2f8426,56
-z dcerpc,srt,nspi,56
-z dcerpc,srt,NSPI,56
Change-Id: Ie451c64bf6fbc776f27d81e3bc248435c5cbc9e4
Reviewed-on: https://code.wireshark.org/review/9981
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
The tap API changed the return type of per-packet listener callbacks
from int to gboolean back in 2009. Update a bunch of functions and some
documentation accordingly.
Change-Id: I79affe65db975caed3cc296a7e2985b7b9cdf4cc
Reviewed-on: https://code.wireshark.org/review/9853
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Move the boolean flag for using captured DNS packet info for name resolution
to the Name Resolution preferences settings, as it was rather surprising to
disable Name Resolution preferences and still have names being resolved. Also
disble them all if the '-n' command line switch is used, and re-enable it for
a 'd' character in the '-N' option.
Bug: 10337
Change-Id: Ie4d47bab0100db3360cc447cd3e446b2e39aa917
Reviewed-on: https://code.wireshark.org/review/9786
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Change-Id: Ia31326105cf559c2196d45369270552fb78da6c7
Reviewed-on: https://code.wireshark.org/review/9692
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The size of some of the wslua source files has grown large, and it's hard
to quickly find things. So split them up based on class name, as much as
seems reasonable. Also have the make-wsluarm.pl Perl script handle this.
Change-Id: Ib495ec5c2a4df90495c0a05504856288a0b09213
Reviewed-on: https://code.wireshark.org/review/9579
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Add ServiceResponseTimeDialog as a subclass of TapParameterDialog,
similar to StatsTreeDialog. Add initial plumbing for statistics menu
items and command line invocation.
Don't append "..." to menu item names. Don't add menu icons. In each
case this avoids repetitive UI clutter.
Change-Id: I463b95c93090160bb81d2e80b16aad389dc0bd6c
Reviewed-on: https://code.wireshark.org/review/8864
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Rename ext_menubar to a more appropriate plugin_if.
External menus can be implemented by plugins to present
additional menus for deep-packet analysis. One side-effect
of such menus being implemented as plugins is, that they
are being executed in different threads and therefore can
only use limited access to the main GUI. Also, there is
no safe cross-gui (GTK and Qt) way for many features.
This patch implements a first functionality, by which a
plugin implemented using ext_menubar can apply a display
filter to the main view.
For now the implementation supports filtering, as well as
saving a preference.
Change-Id: Iffe4caa954bbeb8ce356352de4dae348a50efba9
Reviewed-on: https://code.wireshark.org/review/8773
Reviewed-by: Roland Knall <rknall@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Update some (but not all) content to match current reality.
Change-Id: Id7618067ed49a309fdace4f1eaa2c5d12cbfb6ad
Reviewed-on: https://code.wireshark.org/review/8687
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Text adapted from that in the WSUG documentation of the same.
Ping-Bug: 1445
Ping-Bug: 11227
Change-Id: I4d07cba437e70324d19c5ae23e44b86c47b749a8
Reviewed-on: https://code.wireshark.org/review/8662
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Plugins may utilize the tap interface to provide special tools
or analysis options, not otherwise available in Wireshark, or
perhaps not allowed to be distributed freely. Up until now, those
tools either had to start automatically, or could not be started
at all, or had to be started separately.
It should be possible, that those tools may be started using a
menu entry directly from Wireshark. This interface tries to achieve
exactly that.
This interface uses a clean interface, which can be implemented in
any plugin or dissector. Documentation for this has been added to
README.plugins.
Separators are only supported for now in the Qt interface, but
URLs can now be added as a simple item, and the UI will use the
same methods used for other URL calls to open them.
Change-Id: I170107dafb66f6badaa864d05a9091e5cbbf52c2
Reviewed-on: https://code.wireshark.org/review/7865
Reviewed-by: Roland Knall <rknall@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add missing androiddump stuff like:
- release notes
- documentation
- Windows nmake support
- running androiddump as a windows application instead of console on Windows
- addition of androiddump to the Windows installer
Change-Id: I3bc6cc70e4dc96c0cd776f3d965dd2aa0309995d
Reviewed-on: https://code.wireshark.org/review/7981
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
We haven't used it in a while and we won't use in the CMake environment.
Change-Id: Iecfb8c418bddf1ed1fcd38b189babf082101662e
Reviewed-on: https://code.wireshark.org/review/8014
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Bug: 8985
Change-Id: I9245fb556a55da681fe53dd5c12bb549c83c89c6
Reviewed-on: https://code.wireshark.org/review/7926
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Support WS_BIN_PATH and SOURCE_DIR (modelled after test/config.sh) to
support out-of-tree builds (including cmake). Add Python 3 support and
mention this in the documentation.
Tested with Python 2.7.9, 3.2.6, 3.4.3:
WS_BIN_PATH=/tmp/wsbuild/run SOURCE_DIR=/tmp/wireshark \
tools/dfilter-test.py testBytesIPv6
(2.7.9 and 3.4.3 were also tested fully, but some cases seem to fail
even before this patch. 2.5.6 and 2.6.6 do not work because the unittest
module is outdated.)
Change-Id: I13074579f6f74206edb5cd7be8e7a8406de49c56
Reviewed-on: https://code.wireshark.org/review/7793
Reviewed-by: Anders Broman <a.broman58@gmail.com>
works as proto_tree_add_item(), but also returns the value of (u)ints
of 8,16,24 and 32 bits length in a 32 bit variable. It's based on Hadriels
previous work.
Change-Id: If3b4b8588b63251f1ee9b954a202acde7c02ce86
Reviewed-on: https://code.wireshark.org/review/7230
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Most of our sites are now HTTPS-only. Update URLs accordingly. Update
other URLs while we're at it. Remove or comment out dead links.
Change-Id: I7c4f323e6585d22760bb90bf28fc0faa6b893a33
Reviewed-on: https://code.wireshark.org/review/7621
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Originally suggested by Bill Meier for the MQTT protocol[1], but the
Websocket protocol can also benefit from this. Since
DESEGMENT_ONE_MORE_SEGMENT is a valid packet length, use the zero length
instead as an indicator that the length is not yet known.
Updated documentation too and remove the function documentation from
packet-tcp.c since it is duplicated in packet-tcp.h.
A noteworthy WSDG change is that the get_pdu_len parameter of
tcp_dissect_pdus gained another void pointer since
v1.99.2rc0-890-gceb8d95 ("Lua: Expose tcp_dissect_pdus() to Lua").
[1]: https://www.wireshark.org/lists/wireshark-dev/201405/msg00044.html
Change-Id: I4eba380e00cd757635eb5639c2857356dae3171e
Reviewed-on: https://code.wireshark.org/review/7279
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
Change-Id: I22780721dcc32caee0eae782142e7dad31e0ed07
Reviewed-on: https://code.wireshark.org/review/7313
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: I57354c309ecf3a0c8f0c7cff485638027f30bb19
Reviewed-on: https://code.wireshark.org/review/5813
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add a CF_FUNC macro to match VALS, TFS, etc. This should help us to avoid
the following warning:
warning: ISO C forbids initialization between function pointer and 'void *' [-Wpedantic]
We could start adding DIAG_OFF+DIAG_ON everywhere but this seems to be
more consistent with the other macros in proto.h. Update each instance
of BASE_CUSTOM to use CF_FUNC.
Adjust a dummy variable name generated by asn2wrs.py that was triggering
an invalid error in checkhf.pl.
Fix an encoding arguement in packet-elasticsearch.c found by
fix-encoding-args.pl.
Change-Id: Id0e75076c2d71736639d486f47b87bab84e07d22
Reviewed-on: https://code.wireshark.org/review/7150
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Move some text from README.qt to the Developer's Guide. Add an overview.
Change-Id: Ia20ed837939e34871b157566c38cd0c6e590bc38
Reviewed-on: https://code.wireshark.org/review/7087
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Change name from proto_tree_add_new_bytes to
proto_tree_add_bytes_with_length and other tweaks
pointed by Peter Wu.
Change-Id: I6058c28a74a154e2882e4eb04558bedcede6f508
Reviewed-on: https://code.wireshark.org/review/7039
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Remove emem's 8-byte-memory-alignment configure check as well as references
to all the environment variables emem used.
Change-Id: I897aec9e9c68e064454561e7a9f066b18892ec66
Reviewed-on: https://code.wireshark.org/review/6950
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Iddd1200e62bf3200cb1a68408378dd9d47120b77
Reviewed-on: https://code.wireshark.org/review/6939
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Evan Huus <eapache@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
frame_data has long been gone. struct _packet_info is the same as
packet_info, just use that for brevity.
Change-Id: Ieb02bf6b642d728a7f80087f5cd750b9691e34e9
Reviewed-on: https://code.wireshark.org/review/6865
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Add address_to_qstring and address_to_display_qstring, which wrap
address_to_string and address_to_display respectively and return
QStrings. Convert most of the instances in ui/qt to the new routines.
Fix a some memory leaks in the process.
Change-Id: Icda80bbfe0b2df723d54c8da84355255f819af89
Reviewed-on: https://code.wireshark.org/review/6848
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Provide a way for Lua-based dissectors to invoke tcp_dissect_pdus()
to make TCP-based dissection easier.
Bug: 9851
Change-Id: I91630ebf1f1fc1964118b6750cc34238e18a8ad3
Reviewed-on: https://code.wireshark.org/review/6778
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Hadriel Kaplan <hadrielk@yahoo.com>
Change-Id: I256fd5395b062fa954ebd60598721323ea1d7ff1
Bug: 10875
Reviewed-on: https://code.wireshark.org/review/6713
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Lua-created tvbuffs should be kept around for the duration of pinfo's
lifetime, instead of only for the duration of frame dissection. So
instead of using the frame dissector's frame_end_routine, we'll register
a callback to wmem for pinfo pool's allocator.
Bug: 10888
Change-Id: I3e9db671c3f2a7cab9e258aca17f3be8acaf2417
Reviewed-on: https://code.wireshark.org/review/6768
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Hadriel Kaplan <hadrielk@yahoo.com>
I.e., you don't need a trailing blank, at least not with the current
version (and there shouldn't be a requirement for such an extra trailing
blank).
Change-Id: Ia2b732c74fc6020acc01a2c0c52ed3567d36d762
Reviewed-on: https://code.wireshark.org/review/6575
Reviewed-by: Guy Harris <guy@alum.mit.edu>
There's no requirement for "display" field values to have names
beginning with BASE_; use SEP_, to indicate that they're separators.
(And, yes, we should introduce SEP_NONE, with a value of 0, and use it.)
While we're at it, fix BASE_SEMICOLON - the separator is a colon, not a
semicolon - and document SEP_SPACE in doc/README.dissector.
Change-Id: I856aafda2c60b8320dffe287f0deb06a9604a2bf
Reviewed-on: https://code.wireshark.org/review/6486
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I4a803d83844d937804849b2ad3b067381c9b96d0
Reviewed-on: https://code.wireshark.org/review/6448
Petri-Dish: Evan Huus <eapache@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
There isn't a legitimate use for the API, all cases can be covered with proto_tree_add_item. As a bonus, a few more tvb_get_ptr calls can be removed.
Change-Id: I3bb86ba8f05ef3363407bcfe9b059ee27ebc135d
Reviewed-on: https://code.wireshark.org/review/6429
Reviewed-by: Michael Mann <mmann78@netscape.net>
This affects both the dissector (that has been added with a tap interface and a stats generator) and the UI (to recall the stats menu).
Change-Id: I90658f7aa6707aa39bdd787a51b20fed4dbddc53
Reviewed-on: https://code.wireshark.org/review/6236
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
These "bases" will put a ".", "-", or ":" respectively between hexidecimal bytes in the field in packet view and display filter. FT_BYTES with BASE_NONE will have no separator in the packet view, but continue to have the ':' as a separator in the display filter.
Converted the "string" hf_ entries that used tvb_fc_to_str as a string to use proto_tree_add_item with FT_BYTES/BASE_DOT type.
Converted applicable tvb_bytes_to_ep_str_punct() calls to use the new BASE values.
Change-Id: I2442185bb314d04a3ff2ba57883652ecd738b5f9
Reviewed-on: https://code.wireshark.org/review/6098
Reviewed-by: Michael Mann <mmann78@netscape.net>
"stat name" has been official changed to "endpoints" for all dissectors, rather than a mixture of "host"/"endpoints" based on dissector.
Change-Id: If34bcb5165b493948e784ba038ab202803a59843
Reviewed-on: https://code.wireshark.org/review/6154
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
-z "follow,udp" tshark cli command now supports a stream index
It is now possible to select the UDP stream displayed in Qt GUI (like for TCP)
Change-Id: Ia367f36ea4f60db0fddb997a7e0903c09e172f2d
Reviewed-on: https://code.wireshark.org/review/6083
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Also, convert the "string" hf_ entries that used tvb_fcwwn_to_str as a string to use proto_tree_add_item with FT_FCWWN type.
Change-Id: I4ca77870499fd8239584a70874998b5d194a7167
Reviewed-on: https://code.wireshark.org/review/6036
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
- packet.h should be first Wireshark #include
after config.h and "system" includes.
- '#include <glib.h>' not needed.
Change-Id: Ibec076818f3f509aabb4d240e939ef719f3798d6
Reviewed-on: https://code.wireshark.org/review/5939
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Go back to a single view similar to the GTK+ UI. Apply layouts using Qt
Designer.
Rename the menu item and class to "Capture File Properties". It's not
really a summary if it contains details such as "marked average bits
per second". We might want to move this to a "Properties" item under
the "File" menu similar to other applications.
Add the GTK+ summary icon (for now) to the toolbar and open the
properties dialog on clicking.
Singleton dialogs delenda est[1]. Let the user open as many summaries on
as many capture files as he or she wishes. Also, global cfile delenda
est[2].
Don't blindly include QtGui. Add specific components instead.
Use consistent method names, variable names, and patterns. Try to
document what "consistent" means.
Adjust the way we display some statistics to match the summary bar, e.g.
displayed = captured if we don't have a filter applied.
[1] Not really.
[2] Yes, really.
Change-Id: I11793b1d79dd0c3f70414ac8592b86181da59916
Reviewed-on: https://code.wireshark.org/review/5274
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Specifically: show the use of tcp_dissect_pdus()
for a TCP heuristic dissector
Change-Id: I02f184b2c8ef6ed128ef3d0bc59eed759aae54bb
Reviewed-on: https://code.wireshark.org/review/5399
Reviewed-by: Bill Meier <wmeier@newsguy.com>
That list doesn't show the entries in the dissector tables, just
information about the tables themselves.
Clean up some tshark man page issues while we're at it.
Change-Id: I70beee34110f5c0d58105944dd71105a8400f5ca
Reviewed-on: https://code.wireshark.org/review/5360
Reviewed-by: Guy Harris <guy@alum.mit.edu>
- get language as soon as possible (before creating any Qt objects) to make all
translations working
- dynamic list of supported languages
- runtime change of GUI language (no need to restart application)
- add flags icons support
- search for *.qm languages in buildin resources, then
data dir called "languages" (main directory in sources or
/usr/share/wireshark/languages), then user directory
(UNIX: ~/.wireshark/languages); "languages" directory should contains
files wireshark_xx.qm where xx is language code (en, en_GB, etc.),
and optional xx.svg for flag icon
- try to fix some untranslated manually-created UI items
(need manual reset text of those components)
Change-Id: I62ca8a8cddce47cec9dbcad6b0bd68b6cfd92229
Reviewed-on: https://code.wireshark.org/review/5041
Tested-by: Michal Labedzki <michal.labedzki@tieto.com>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
- If boolflags are being used, an extra space is added
to the call of the extcap filter. This leads to the
argumentparser of python to exit with an error-code,
and the extcap filter will not start. This patch instead
catches the unknown arguments and prints them on stdout,
as well as running the dissection with the rest of the
arguments list.
Basically this is a work-around, for a behaviour not
yet fixed in extcap, but it stabilizes the usage of the demo
Change-Id: I7589292692b0b3c839909fd09d62a4714cbe869e
Reviewed-on: https://code.wireshark.org/review/4638
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Tomasz Moń <desowin@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
There are protocols out there that have 64-bit wide bit mask fields, so
make the internal representation and bitfield decoders 64-bit aware.
For this, the ws_ctz() fallback and bits_count_ones() have to be tweaked
slightly.
Change-Id: I19237b954a69c9e6c55864f281993c1e8731a233
Reviewed-on: https://code.wireshark.org/review/4158
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
There is regular expression that extracts only the number from
--extcap-interface argument and only that number (as string) is being
passed to extcap_dlts().
Change-Id: I5159f9405a766c1edff792213b2aef72b9a29ba4
Reviewed-on: https://code.wireshark.org/review/4550
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Description:
Ignore the specified bytes number at the beginning of the frame during MD5 hash calculation.
Useful to remove duplicated packets taken on several routers or SW(differents mac addresses for example).
e.g. -I 26 in case of Ether/IP/ will ignore ether(14) and IP header(20 - 4(src ip) - 4(dst ip)).
The default value is 0.
This option is only relevant when used with -d|-D|-w
Bug: 8511
Change-Id: I009a09d32778a182b2d88f372651f658a4938882
Reviewed-on: https://code.wireshark.org/review/4104
Tested-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
documents referring to the split out sections.
Remove trailing whitespace while at this.
Change-Id: I36cfe0ac55e8f653bffbf850e01f582aacf85557
Reviewed-on: https://code.wireshark.org/review/4094
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
Make sure the Qt UI is named "Wireshark" and its executable is named
"wireshark" or "wireshark.exe". Make sure the GTK+ UI is named
"Wireshark 1" or "Wireshark (GTK+)" depending on how much the target
audience is likely to care about UI toolkits. Make sure the GTK+
executable is named "wireshark-gtk" or "wireshark-gtk.exe".
It looks like moving to Qt 5.3 (g978faf3) broke the PortableApps
package. It's likely even more broken now.
Autotools out-of-tree builds also broke on Ubuntu 12.02 (automake
1.11.3) at some point. The first attempt to compile in ui/qt returns
"error: source_file.cpp: No such file or directory". The second attempt
works. Out-of-tree builds work fine on Ubuntu 14.04 (automake 1.14.1).
Tested:
- Nmake builds
- NSIS packaging
- CMake builds (Windows, OS X)
- Autotools build and distcheck
- RPM packaging
To do:
- Test Debian packaging
- Fix PortableApps
Change-Id: I66429870e05fd2d6fc901942477959ed6164fce2
Reviewed-on: https://code.wireshark.org/review/3919
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Convert QTableWidget to QTreeWidget.
It looks like the GTK+ version has a separate set of apply/save buttons
for each tab which *only* operates on that tab. This can result unexpected
behavior which throws away changes if the user updates more than one
tab. Use a single "OK" button that applies all of our changes instead.
Reorder the tabs. Put Local Interfaces first and select it by default.
Always show Remote Interfaces. Disable it on platforms that don't have
PCAP_REMOTE.
Automatically start editing when we add a new pipe. Don't immediately
update pipe interface settings. Wait until we hit "OK" instead.
Rename NewFileDelegate to PathChooserDelegate. Note that we might want
to move it use it elsewhere in the application.
Try switching the user-facing terminology from "Hide" to the more
positive "Show".
Tell the user that we don't save pipe or remote interface settings.
Add a help URL for the "Manage Interfaces" dialog box.
Use the GLib and Qt string functions and classes to split and join
comma-separated preferences. This makes sure capture_dev_user_descr_find
doesn't skip over the first interface. It also keeps the Qt code from
adding a leading comma to our capture preferences.
Add a note about strings to README.qt. Summary: Use QStrings.
For another day:
- If we *do* save remote settings we need to store credentials securely,
e.g. with CryptProtectData.
- Get rid of the remote settings dialogs. Their controls should fit in the
remote settings tab.
- Add an extcap tab.
- We need getter/setter functions for global_capture_opts.all_ifaces. We
iterate over it *way* too much.
Change-Id: Ib7b61972f3ece4325e0230f725e7f2678acbb24b
Reviewed-on: https://code.wireshark.org/review/3873
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
(This change needs to be approved Roland Knall--by the file's author--in
Gerrit.)
Change-Id: I58285cb1d773a57fe7d087799bf6d2ffbd962364
Reviewed-on: https://code.wireshark.org/review/3773
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Extcap is a plugin interface, which allows for the usage
of external capture interfaces via pipes using a predefined
configuration language which results in a graphical gui.
This implementation seeks for a generic implementation,
which results in a seamless integration with the current
system, and does add all external interfaces as simple
interfaces.
Windows Note: Due to limitations with GTK and Windows,
a gspawn-winXX-helper.exe, respective gspawn-winXX-helper-console.exe
is needed, which is part of any GTK windows installation.
The default installation directory from the build is an extcap
subdirectory underneath the run directory. The folder used by
extcap may be viewed in the folders tab of the about dialog.
The default installation directory for extcap plugins with
a pre-build or installer version of wireshark is the extcap
subdirectory underneath the main wireshark directory.
For more information see:
http://youtu.be/Nn84T506SwU
bug #9009
Also take a look in doc/extcap_example.py for a Python-example
and in extcap.pod for the arguments grammer.
Todo:
- Integrate with Qt - currently no GUI is generated, but
the interfaces are still usable
Change-Id: I4f1239b2f1ebd8b2969f73af137915f5be1ce50f
Signed-off-by: Mike Ryan <mikeryan+wireshark@lacklustre.net>
Signed-off-by: Mike Kershaw <dragorn@kismetwireless.net>
Signed-off-by: Roland Knall <rknall@gmail.com>
Reviewed-on: https://code.wireshark.org/review/359
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
- Specify that proto_register...() and proto_reg_handoff...() prototypes are required;
- Indicate that certain #includes should be used only as needed;
- Don't use CamelCase (or CAPS) in variable names;
- Do some reformatting of certain lines;
- Futz hf[] array entry so checkAPIs and checkhf tests don't fail.
Change-Id: Ie03846f4bebd2a9bece464c85cc3c2ef46dd4fe5
Reviewed-on: https://code.wireshark.org/review/3724
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
Change-Id: I2e8d18df71688c654f7acaff51fae7823c08aa6a
Reviewed-on: https://code.wireshark.org/review/3677
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
Files from the debian directory, documents from the doc directory,
graphics from the docbook/wsug_graphics directory, and the echld
Makefile.nmake.
Change-Id: Iccccc58811753581b0b180053defd937aea22f95
Reviewed-on: https://code.wireshark.org/review/3283
Reviewed-by: Guy Harris <guy@alum.mit.edu>
In some cases "-v" was already used so "-V" is the option.
Note that the version information in these utilities is much shorter than what
is presented by the big programs.
As requested by https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5804
Bug: 5804
Change-Id: I35db35a4eace2797afd895f9be7322ef39928480
Reviewed-on: https://code.wireshark.org/review/2489
Reviewed-by: Guy Harris <guy@alum.mit.edu>