| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Adds the --no-duplicate-keys option to tshark. If -T json is specified,
this option can be specified in order to transform the duplicate keys
produced by -T json into single keys with as value a json array of all
separate values.
Specifying --no-duplicate-keys changes the function which groups node
children that is passed to write_json_proto_tree. Instead of a function
that puts each node in a separate group (proto_node_group_children_by_unique)
a function is passed that groups children that have the same json key
together (proto_node_group_children_by_json_key). This will lead to
some groups having multiple values. Groups with multiple values are
written to the output as a json array. This includes normal json keys
but also keys with the "_raw" and "_tree" suffix.
If --no-duplicate-keys is specified with an option other than "-T json"
or "-T jsonraw" or without -T an error is shown and tshark will exit.
"Export Packet Dissections -> As JSON" in the GUI is hardcoded to use
the duplicated keys format.
Fixes one regression in the output where a filtered json key (-j) with
both a value and children would not have the "_tree" suffix added to the
json key containing the children.
Includes a little code cleanup (removes one instance of code
duplication and simplifies a while loop).
Fixes a memory leak (I thought this fix was already included in the
previous refactor patch but something must have gone wrong when updating
the patch so I'm including it again in this patch).
Bug: 12958
Change-Id: I401f8fc877b5c590686567c3c44cdb832e9e7dfe
Reviewed-on: https://code.wireshark.org/review/22166
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
The Qt UI doesn't have a popup that tells you how long your file has been
loading. So let's set the load time each time we update the packets bar.
(Obviously this is only useful when you're waiting a long time for a file to
load...)
Change-Id: I9da372800a12454888439e2baf3d2a848c611501
Reviewed-on: https://code.wireshark.org/review/22234
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
testCaptureFileClose can also be invoked while reading an existing
capture file (the original comment only applied to GTK+, not Qt). When
the user quits Wireshark while reading an offline pcap, this could
result in a confusing "Unsaved packets" dialog. Fix this by checking the
actual capture session state.
After fixing this, the next issue is that cf_close trips on an assertion
("cf->state != FILE_READ_IN_PROGRESS"). To address this problem, do not
close the capture file immediately, but signal to the reader (cf_read)
that this should be done (similar to the quit logic in GTK+).
Bug: 13563
Change-Id: I12d4b813557bf354199320df2ed8609070fdc58a
Reviewed-on: https://code.wireshark.org/review/22096
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Bug: 6682
Change-Id: I19330d06aa3d5692503c61369c3c650d595971f5
Reviewed-on: https://code.wireshark.org/review/22077
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stephen Donnelly <stephen.donnelly@endace.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Use WTAP_MAX_PACKET_SIZE_STANDARD, set to 256KB, for everything except
for D-Bus captures. Use WTAP_MAX_PACKET_SIZE_DBUS, set to 128MB, for
them, because that's the largest possible D-Bus message size. See
https://bugs.freedesktop.org/show_bug.cgi?id=100220
for an example of the problems caused by limiting the snapshot length to
256KB for D-Bus.
Have a snapshot length of 0 in a capture_file structure mean "there is
no snapshot length for the file"; we don't need the has_snap field in
that case, a value of 0 mean "no, we don't have a snapshot length".
In dumpcap, start out with a pipe buffer size of 2KB, and grow it as
necessary. When checking for a too-big packet from a pipe, check
against the appropriate maximum - 128MB for DLT_DBUS, 256KB for
everything else.
Change-Id: Ib2ce7a0cf37b971fbc0318024fd011e18add8b20
Reviewed-on: https://code.wireshark.org/review/21952
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I2ace2a6847ca01435651a48934acf9c1c6d2f23d
Reviewed-on: https://code.wireshark.org/review/21444
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
|
|
The cfile_ error-reporting routines free err_info; the caller doesn't
have to and, in fact, mustn't do so themselves.
While we're at it, make sure wtap_seek_read() always zeroes out *err and
nulls out *err_info, so the latter either points to a freshly-allocated
string or is null.
Change-Id: Idfe05a3ba2fbf2647ba14e483187617ee53e3c69
Reviewed-on: https://code.wireshark.org/review/21407
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Packet ranges are used only in the UI; move the packet range stuff into
libui.
Don't pass a print_args_t structure to libwireshark packet-printing
routines, just pass the few parameters they need. Move the declaration
of print_args_t into file.h.
Change-Id: Icff5991eea7d7d56f33b4716105895263d275bcf
Reviewed-on: https://code.wireshark.org/review/21308
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Have them just return the information needed for the caller to produce
an error message, and have the callers use the new cfile_ routines for
reporting errors.
This requires that the "write failure alert box" routine take the
*input* file name as an argument, so that, on a merge, if the problem is
that a record from a given input file can't be written out to the type
of output file we're generating, the input file name can be given, along
with the record number in that file.
Change-Id: If5a5e00539e7e652008a523dec92c0b359a48e71
Reviewed-on: https://code.wireshark.org/review/21257
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Expand comments while we're at it.
Change-Id: I6dcc791eab1c9e323a9572f3d54720d223bdd64b
Reviewed-on: https://code.wireshark.org/review/21252
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Take the code from save_record() to pop up an alert box and put it into
libui, with the name cfile_write_failure_alert_box().
While we're at it, clean up some variable names and comments.
Change-Id: If56e649e5afe50e7a20b39720ec96e8fe2983b24
Reviewed-on: https://code.wireshark.org/review/21233
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Take the code from cf_read() to pop up an alert box and put it into
libui, with the name cfile_read_failure_alert_box(). Use it in a couple
of places where we pop up such an error dialog.
While we're at it, get rid of the "err" argument to rescan_file();
nobody uses what it returns.
Change-Id: Iba7099b95de24309359d94eb96f606020e2ff2c3
Reviewed-on: https://code.wireshark.org/review/21232
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Take cf_close_failure_alert_box() and put it into libui, with the name
cfile_close_failure_alert_box(). Use it not only in file.c but also
in ui/export_pdu_ui_utils.c, ui/gtk/file_import_dlg.c, and
ui/qt/import_text_dialog.cpp where the error we get back isn't
necessarily an errno.
Have ui/gtk/file_import_dlg.c and ui/qt/import_text_dialog.cpp also use
cfile_open_failure_alert_box() on open errors.
Change-Id: I987f339a23ea58609390306a319923e7f92d5c07
Reviewed-on: https://code.wireshark.org/review/21203
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Take cf_open_failure_alert_box() and put it into libui, with the name
cfile_open_failure_alert_box(). Use it not only in file.c but also in
ui/export_pdu_ui_utils.c, where the error we get back isn't necessarily
an errno.
Change-Id: Ia053f3e403ba464d446bd9530778d5ed302796d2
Reviewed-on: https://code.wireshark.org/review/21174
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
If fdata->flags.visited *isn't* set, this is the first pass over the
packets since opening a file or starting a redissection.
Change-Id: Ib72d122c9291ce5ac9c3a3df1b6dfb4db163698e
Reviewed-on: https://code.wireshark.org/review/21155
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
They deal with sets of hfids, which can belong to protocols as well as
fields (I guess you could argue that a protocol is a field, but...).
Change-Id: Ibd103cfa26427ead4ef54be89f1251908004cfae
Reviewed-on: https://code.wireshark.org/review/21154
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
This makes sure that postdissectors that indicate that they need certain
fields in the first pass will get them.
While we're at it:
Fix the field-fetching code in TRANSUM not to assume it got any
instances of the field being fetched.
Rename process_packet_first_pass() in sharkd to process_packet(), as
it's the only routine in sharkd that processes packets.
Rename process_packet() in tshark and tfshark to
process_packet_single_pass(), as it's what's used if we're only doing
one-pass analysis.
Clean up comments and whitespace.
Change-Id: I3769af952c66f5ca4b68002ad6213858ab9cab9b
Reviewed-on: https://code.wireshark.org/review/21063
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
XXX_prime_with_YYY makes it a bit clearer than does XXX_prime_YYY that
we're not priming YYY, we're priming XXX *using* YYY.
Change-Id: I1686b8b5469bc0f0bd6db8551fb6301776a1b133
Reviewed-on: https://code.wireshark.org/review/21031
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Currently, this is only used to determine whether a protocol tree needs
to be built on the first pass or not - if there are postdissectors that
need fields, it does - but eventually we should be able to use it to
prime the dissection to deliver those fields in cases where we don't
need the *entire* protocol tree (rather than using a hack such as
cooking up a fake tap with a fake filter to do that).
Update MATE and TRANSUM to use it.
Clean up code to check whether we need a protocol tree, and add comments
before that code indicating, in each case, what the criteria are.
The array of postdissectors includes a length, so we don't need to
separately keep track of the number of postdissectors.
Clean up indentation while we're at it.
Change-Id: I71d4025848206d144bc54cc82941089a50e80ab7
Reviewed-on: https://code.wireshark.org/review/21029
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
This patch introduces the frame.interface_description field.
While testing this new functionality it became obvious that we have
a non-optimal interaction between the existing cfile.c's
cap_file_get_interface_name(), the recently added frame.interface_name
field and this new frame.interface_description field.
The string returned from cap_file_get_interface_name() may in fact
come from one of three different sources: the idb's interface name
(if it exists) or the idb's interface description (if that exists)
or a default text of "unknown". The string ultimately becomes the
rame.interface_name whether or not the idb had an interface name
option to begin with. This behavior does not allow one to test for
the simple presence of frame.interface_name. The new peer function
cap_file_get_interface_description() added by this patch returns
NULL instead of "unknown" if the idb does not have an interface
description. Should cap_file_get_interface_name() be similarly
modified to return NULL if the idb does not have an interface name?
Bug: 9781
Change-Id: Ie479f373c5080c004dd22bd88919838feca71e95
Reviewed-on: https://code.wireshark.org/review/19861
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Bug: 12847
Change-Id: I8a560dc44dceb06123d8bcecd512d132ee4ebb0d
Reviewed-on: https://code.wireshark.org/review/19671
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Add "file merge" callback plumbing. Use it to display "Merging files" in
the main statusbar.
Make sure we have a usable window pointer when we merge files.
Change-Id: I236b6edb30685f0b06703ab8304bc88ae592f83c
Reviewed-on: https://code.wireshark.org/review/19716
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Remove some comments and hopefully-no-longer-necessary code specific to
GtkCList.
Change-Id: Ib62387f87e662798afba282cf95cbd215d60075e
Reviewed-on: https://code.wireshark.org/review/19227
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Just directly call the packet_list_select_ routine from the GTK+ code.
Change-Id: I9146fb968c407d6186b146a86aa34678765f7352
Reviewed-on: https://code.wireshark.org/review/19225
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Mark packet_list_select_last_row and cf_goto_bottom_frame GTK+ only.
Change-Id: I158814c2fa8c5fa8021b7156dded0945535c978a
Reviewed-on: https://code.wireshark.org/review/19223
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
This is similar to what we have for opening a dump file - one API that
uses the file name as specified, one that creates a temporary file and
provides the file name, and one that uses the standard output.
All of those APIs handle closing the output file.
Change-Id: I56beea7be347402773460b9148ab31a8f8bc51e1
Reviewed-on: https://code.wireshark.org/review/19059
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Setting our compiler warning flags in CMAKE_C_FLAGS does not allow
using different flags per target.
Allow for that possibility by setting the internal WS_WARNINGS_{C,CXX}_FLAGS
and using the COMPILE_OPTIONS property to set them.
This change is just setting mechanism and there should be no difference
in generated warnings.
The check_X_compiler_flag cmake test is changed to test each flag individually.
We need a list, not a space separated string, and the aggregate test is not
significant.
Change-Id: I59fc5cd7e130c7a5e001c598e3df3e13f83a6a25
Reviewed-on: https://code.wireshark.org/review/17150
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
|
|
A string option, if present, always has a value; it might be a null
*string*, but you won't get a null pointer (if the option isn't present,
it simply isn't present).
Fix some comments while we're at it.
Change-Id: I9c1420f56998a7d04de5c5cc2e92631b181f303a
Reviewed-on: https://code.wireshark.org/review/16564
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
That information can, and will, get saved in some file formats, so mark
the file as changed so it can and will get saved by "Save".
XXX - we need to treat it as a type of data that can be discarded when
saving in some file formats, just like comments.
Bug: 12629
Change-Id: I1fd69b95f4f7345c339961b4c53c28b98b364e4e
Reviewed-on: https://code.wireshark.org/review/16538
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
In file.c, update our UI based on the time elapsed since we last
finished updating the UI instead of on the number of packets we've
processed. Remove the timer code from progress_frame.cpp since it's now
redundant.
This makes the UI more responsive here for captures with large numbers
of packets and it should mean that packets_bar_update spends less time
repainting, at least on Windows.
Change-Id: I9edfa944c44192350bef75b8c0c3ad63bae9c131
Reviewed-on: https://code.wireshark.org/review/16476
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
A block can have zero or more instances of a given option. We
distinguish between "one instance only" options, where a block can have
zero or one instance, and "multiple instances allowed" options, where a
block can have zero or more instances.
For "one instance only" options:
"add" routines add an instance if there isn't one already
and fail if there is;
"set" routines add an instance if there isn't one already
and change the value of the existing instance if there is one;
"set nth" routines fail;
"get" routines return the value of the instance if there is one
and fail if there isn't;
"get nth" routines fail.
For "multiple instances allowed" options:
"add" routines add an instance;
"set" routines fail;
"set nth" routines set the value of the nth instance if there is
one and fail otherwise;
"get" routines fail;
"get nth" routines get the value if the nth instance if there is
one and fail otherwise.
Rename "optionblock" to just "block"; it describes the contents of a
block, including both mandatory items and options.
Add some support for NRB options, including IPv4 and IPv6 option types.
Change-Id: Iad184f668626c3d1498b2ed00c7f1672e4abf52e
Reviewed-on: https://code.wireshark.org/review/16444
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
-e fields filter addded to ek|json|pdml output.
Bug: 12529
Change-Id: I1f0f8772eefceb5b71927925ce0c34af483571b9
Reviewed-on: https://code.wireshark.org/review/16193
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Fixed json and ek escape function
Fixed -j protocol filter to do exact match
Fixed -T json to correctly close json
Added -j protocol filter also to pdml output
Bug: 11754
Change-Id: I02f274e4a5a02346922b37bbe946c10340c242ea
Reviewed-on: https://code.wireshark.org/review/16034
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I5ff46a40cdb1f8f41565d2aa54c6f9e61d397e3a
Reviewed-on: https://code.wireshark.org/review/16013
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
This doesn't try to use any data from multiple Name Resolution blocks, it
just converts single Name Resolution block usage into a GArray, so the
potential is there to then use/support multiple Name Resolution blocks
within a file format (like pcapng)
Change-Id: Ib0b584af0bd263f183bd6d31ba18275ab0577d0c
Reviewed-on: https://code.wireshark.org/review/15684
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
This doesn't try to use any data from multiple Section Header blocks, it
just converts single Section Header block usage into a GArray, so the
potential is there to then use/support multiple Section Header blocks
within a file format (like pcapng)
Change-Id: I6ad1f7b8daf4b1ad7ba0eb1ecf2e170421505486
Reviewed-on: https://code.wireshark.org/review/15636
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Ping-Bug: 10203
Change-Id: Ifa24870d711449b87e9839dd46af614e4aa28fde
Reviewed-on: https://code.wireshark.org/review/15608
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
|
|
This allows keeping the code-sharing with the static linking.
This "fixes" a hypothetical ABI mismatch with wsutil and avoids pulling more
external dependencies to wsutil than strictly necessary.
A nice side-effect is that libwsutil no longer depends on version.h.
Follow up to f95976eefcbeb5d24df383c29d29ef888b503945.
Change-Id: I8f0d6a557ab3f7ce6f0e2c269124c89f29d6ad23
Reviewed-on: https://code.wireshark.org/review/15002
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
|
|
Reset wslua_dfilter and remove the Field tap_listener when
reloading plugins.
Check for tap listeners in rescan_packets() after ws_epan_new()
because Lua may register the Lua field tap when adding Fields.
Bug: 12328
Change-Id: Ibbd8339033132c6f3b61d7e9c9ced9ed2b9affec
Reviewed-on: https://code.wireshark.org/review/14871
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
|
|
We don't do much work to do that - we don't print anything before the
first selected page, and once we're finished generating that page, we
terminate the printing process - so it shouldn't need a progress bar.
(If it needs a progress bar, We Have A Problem, as that slows down the
drawing of the dialog box.)
This should prevent the problem seen in bug 12040.
Bug: 12040
Change-Id: I129191e06fff3e1eb59a9631c7395b9e7f650809
Reviewed-on: https://code.wireshark.org/review/14255
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Highlight the matching tree item and matching packet bytes when
doing a Find Packet. Added cf->search_len to correctly highlight
the matching bytes when doing a regex search.
Bug: 12157
Change-Id: I84fbdb9b43be4355e24aff3cf5f8850f1119e2bf
Reviewed-on: https://code.wireshark.org/review/14086
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
|
|
This was inspired by https://code.wireshark.org/review/9729/, but takes it in a different direction where all options are put into an array, regardless of whether they are "standard" or "custom". It should be easier to add "custom" options in this design. Some, but not all blocks have been converted.
Descriptions of some of the block options have been moved from wtap.h to pcapng.h as it seems to be the one that implements the description of the blocks.
Also what could be added/refactored is registering block behavior.
Change-Id: I3dffa38f0bb088f98749a4f97a3b7655baa4aa6a
Reviewed-on: https://code.wireshark.org/review/13667
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Add support for using regular expressions in the Search Frame
when searching in packet list, packet details and packet bytes.
This search is in many cases faster than plain string search.
Change-Id: I2d8a709046f90d7b278fb39547fc4e2e420623bc
Reviewed-on: https://code.wireshark.org/review/13981
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
|
|
‘vfork’ [-Werror=clobbered] found by gcc6
Change-Id: I24a2d48968826c079e696b8136d32929508a26dd
Reviewed-on: https://code.wireshark.org/review/13921
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: Ie531e5c24c32ca86abbe0c2b5d3526014e5fb831
Reviewed-on: https://code.wireshark.org/review/13897
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
The time column widths should not be adjusted in cf_open() because
we don’t have any packets yet and Qt resizeColumnToContents() will
not adjust any widths but emits a sectionResized() with invalid or
default values (new_width seems to always be 32). This will in some
cases (when start capturing packets) give wrong width values which
is later stored in the recent file, and the time columns may end up
narrow the next time the recent file is read.
This fix is related to the column with issues previously compensated
for in PacketList::sectionResized() (g4980d505).
Change-Id: Id3b49069fe5d2b55d608cc7a6d32fe7851369bf9
Reviewed-on: https://code.wireshark.org/review/13712
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
The proto tree is needed in several cases when using Lua field extractors,
because they fetch values from the tree. Without a valid field extractor
a Lua plugin may misbehave and display wrong column info.
This fixes column issues when:
- Calling resetColumns() in Qt. This involves adding a display filter,
change time display format, change name resolution and other changes
in UI which requires column updates.
- Print summary lines.
- Export as CSV and PSML.
Change-Id: Ieed6f8578cdf2759f1f836cd8413a4529b7bbd80
Reviewed-on: https://code.wireshark.org/review/13708
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Add fields for the absolute time stamp (and another field for a presence
flag for the absolute time stamp) and the packet encapsulation for the
packet.
This lets us remove the field for the packet encapsulation in the
frame_data structure; do so.
Change-Id: Ifb910a9a192414e2a53086f3f7b97f39ed36aa39
Reviewed-on: https://code.wireshark.org/review/13499
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Introduce a frame_data flag "need_colorize" to indicate that coloring
rules need to be evaluated and set it for the GUI (not tshark). This
restores the original performance characteristics.
It additionally fixes a regression where the color filter name and
filter is not shown anymore in the tree (I guess it is related to the
edt->tree being NULL when re-selected, resulting in empty color_filter).
Remaining problems:
- Display filter cannot contain frame.coloring_rule.* fields. Code is
present to enable this, but then a method is needed to avoid an
expensive second calculation (which is why it is disabled).
- The columns are still not updated after coloring rule change.
- The two frame.coloring_rule fields in the tree are not updated when
the coloring rule is changed (e.g. Ctrl-1).
The last two issues were supposed to be fixed by the previous patch, but
there is probably some missing code... Tested with GTK and Qt.
Bug: 11980
Change-Id: I3ef7713b28db242e178d20f6a5f333374718b52e
Reviewed-on: https://code.wireshark.org/review/13170
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
This is a fix for bug 11989. This patch fixes the problem for the
GTK variant of Wireshark and matches the Qt bug reported by
bug 11810 and fixed by change 12306.
Bug: 11989
Change-Id: Ib9af8ba745394ebd31825003361ec637c45d75d6
Reviewed-on: https://code.wireshark.org/review/13152
Petri-Dish: Roland Knall <rknall@gmail.com>
Reviewed-by: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
|
