Update main filter after follow stream dialog is closed - Use:
previous_filter if new 'Back' button (passed in follow() method)
filter_out_filter_ if 'Filter Out This Stream' button (built by appending !current_stream to previous_filter)
leave filter alone if window closed using Close button or window close. (current stream)
Change-Id: Ic02edeaffdc65ff0f33cac4cb9afb8cde28963c7
Reviewed-on: https://code.wireshark.org/review/16277
Reviewed-by: Jim Young <jim.young.ws@gmail.com>
Petri-Dish: Jim Young <jim.young.ws@gmail.com>
Tested-by: Jim Young <jim.young.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add settings to the QLineEdit context menu to use textual or regular
expression search. Use this in Follow Stream and Show Packet Bytes.
Change-Id: I3a9f5a923f616629aa40a334921871f98b518f30
Reviewed-on: https://code.wireshark.org/review/13942
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Create a "registration" system for Follow functionality so most of the work can be abstracted into a dissector and GUI can just be responsible for "display".
This also removes the global variables in follow.c to open up multithreading possibilities.
TCP, UDP and HTTP all have the same "tap interface" for Follow functionality (passing a tvb with byte data to "follow"). SSL still has it's own behavior, so Follow structures have to take that into account.
TShark through the Follow registration now has support for HTTP.
The only thing possibly missing is dynamic menu generation to further reduce explicit knowledge of Follow "type" (and rely on registration)
Bug: 11988
Change-Id: I559d9ee1312406ad0986d4dce9fa67ea2103b339
Reviewed-on: https://code.wireshark.org/review/13161
Reviewed-by: Michael Mann <mmann78@netscape.net>
[KISS - Keep It Simple, Stupid]
Convert the Follow TCP functionality to use a tap from the TCP dissector that passes the tvb of the payload. This makes things A LOT simpler, but relies on the TCP dissector to make all decisions.
The "tap" logic passes tvb data
1. Before calls to process_tcp_payload
2. Before hf_tcp_segment_data fields (that aren't retransmissions or otherwise handled)
Follow up patches will be necessary to clean up all of the supporting "follow" functionality that is now useless.
Bug: 6925
Bug: 9780
Change-Id: I4e7f5d453519be839de39a109bafa899b9987139
Reviewed-on: https://code.wireshark.org/review/13038
Reviewed-by: Michael Mann <mmann78@netscape.net>
This automatically detects and decompresses HTTP along a TCP stream through the use of taps.
Bug: 3528
Change-Id: I8ab832d509700d0da8eabf3c3e514d8511c598d3
Reviewed-on: https://code.wireshark.org/review/13009
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
If a file in the same directory as config.h, e.g. wireshark-qt.cpp
has a #include "config.h", or another header it includes also has
a #include "config.h", then an out-of-tree build, e.g. CMake will
pick up any in-tree config.h and odd things may happen. The correct
form is #include <config.h> which will pick up the out-of-tree
version.
To find this, introduce a deliberate error and then make an out-of-tree
build, noting where it fails and fix that file. If that file includes
other files that still cause the build to fail, set the compiler
to emit the pre-processed version so you can locate the include with
the next errant "config.h". Repeat ad nauseum.
Possibly all includes of "config.h" should be changed to <config.h>
Revert "CMake: Clobber the top-level config.h before we build."
This reverts commit 1f3849ce61.
Ping-Bug: 10301
Change-Id: Ie567e7cc696fd48f3e730fc27032c5d2a7d8f341
Reviewed-on: https://code.wireshark.org/review/6285
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
-z "follow,udp" tshark cli command now supports a stream index
It is now possible to select the UDP stream displayed in Qt GUI (like for TCP)
Change-Id: Ia367f36ea4f60db0fddb997a7e0903c09e172f2d
Reviewed-on: https://code.wireshark.org/review/6083
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
QTextEdit + QTextDocument don't handle large amounts of data very well.
Truncate our displayed text after 2 MB.
Change-Id: I0b549a0b05a490272bc0d34af0f2c6661c548d0f
Reviewed-on: https://code.wireshark.org/review/5042
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Prevents a crash when changing the spinbox value during the middle of a
follow.
Change-Id: I07cea883c72c5975633e4b7046155f9b6de9cc4a
Reviewed-on: https://code.wireshark.org/review/5034
Reviewed-by: Gerald Combs <gerald@wireshark.org>
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change the "Raw" character type to UTF-8. I'm not sure it's possible
to show true raw data in a QTextEdit widget and calling it UTF-8 more
accurately repesents what happens when you pass a char * to a QString.
Add a YAML display. Hopefully Scapy users will find it useful.
Sort the the character display items alphabetically. Make sure we go
back to the top of the buffer when we change the direction or character
set. Be less aggressive about setting focus on the "find text" entry.
svn path=/trunk/; revision=53421
Collect packet numbers when following streams so that we can correlate
text positions with packets. Add a FollowStreamText class so that we can
track mouse events. Add a hint label that shows the packet under the
cursor along with packet counts and the number of "turns".
Add the packet number to the C array dump. Note that dumping to YAML
might be useful for Scapy users.
svn path=/trunk/; revision=53314
Create a new dialog each time the user follows a stream. A lot of the
follow code seems to assume one and only one dialog so there are likely
outstanding bugs.
Don't use the global cfile (should we deprecate its usage?). We want to
move closer to multiple documents, not further away.
Clean up after ourselves. Free our payload list and unlink our temp
file. Make a bunch of gchar*s QStrings. Make sure our destructor gets
called and use it.
Make member variable and method names more consistent.
svn path=/trunk/; revision=53306
resizable. Get rid of the group box -- the OS X and Windows HIGs
discourage its use and I'm not sure if it fits the GNOME HIG in this
case either. Make the stream contents monospace. Set the cursor to the
beginning of the text when we follow a stream.
Continue the War On Unnecessary Dialogs. Move "Find"ing from a pop-up
window to the main Follow dialog. Wrap back to the beginning as needed.
Add a "Cancel" button. Make sure it and the escape key work as expected.
svn path=/trunk/; revision=52607
follow_stream_dialog.cpp. Remove the ones that we don't use. Use
QMessageBox in place of simple_dialog.
Move IP6OPT_HOME_ADDRESS and related definitions to packet-ipv6.c. It
looks like we only use it there and it conflicts with WinPcap.
Mark some items unused.
svn path=/trunk/; revision=51951
Add TCP/UDP/SSL Follow feature to QtShark
Known issue :
* Duplicate code with GTK (function need follow_info_t struct but in GTK there is some GWidget variable in struct)
* Sometimes TCP Follow fail...
svn path=/trunk/; revision=51883