Age | Commit message (Collapse) | Author | Files | Lines |
|
Neither the pattern nor the intended subject (a custom fields filter)
contain UTF-8, so set G_REGEX_RAW accordingly. While a filter such as
`tcp matches "foo\xff"` (with `\xff` being a single byte) was accepted,
it did not trigger a crash though even if the precondition was violated.
Change-Id: I45d76b9abbd942d186dcf70f581121769bbd2d0a
Ping-Bug: 14905
Reviewed-on: https://code.wireshark.org/review/31940
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Make the time stamp precision a 4-bit bitfield, so, when combined with
the other bitfields, we have 32 bits. That means we put the flags at
the same structure level as the time stamp precision, so they can be
combined; that gets rid of an extra "flags." for references to the flags.
Put the two pointers next to each other, and after a multiple of 8 bytes
worth of other fields, so that there's no padding before or between them.
It's still not down to 64 bytes, which is the next lower power of 2, so
there's more work to do.
Change-Id: I6f3e9d9f6f48137bbee8f100c152d2c42adb8fbe
Reviewed-on: https://code.wireshark.org/review/31213
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I47f8566c4410d6aac1111b35fff3b044c14bc70b
Reviewed-on: https://code.wireshark.org/review/27079
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: Iff833bf5c197959c8decb62d6ce794c6d0415fb7
Reviewed-on: https://code.wireshark.org/review/26978
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I72b125dd4c9d9033ce3e3d779bf28005ee6b52ad
Reviewed-on: https://code.wireshark.org/review/26482
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Add col_data_changed, which checks to see if we have updated column
info. Add col_append_frame_number, which adds a frame number and sets
col_data_changed. Call col_append_frame_number instead of
col_append_fstr from some dissectors.
Add PacketListRecord::invalidateAllRecords, which invalidates any cached
record data. Add PacketListModel::invalidateAllColumnStrings which calls
invalidateAllRecords and signals that our data has changed. Call
invalidateAllColumnStrings when we have new name resolution or column
information.
Bug: 11414
Bug: 11468
Change-Id: I2671594a722f4f9436fe1df84d43489a148e0cee
Reviewed-on: https://code.wireshark.org/review/26373
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
|
|
Skipping dissectors dir for now.
Change-Id: I717b66bfbc7cc81b83f8c2cbc011fcad643796aa
Reviewed-on: https://code.wireshark.org/review/25694
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
XXX_prime_with_YYY makes it a bit clearer than does XXX_prime_YYY that
we're not priming YYY, we're priming XXX *using* YYY.
Change-Id: I1686b8b5469bc0f0bd6db8551fb6301776a1b133
Reviewed-on: https://code.wireshark.org/review/21031
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Have the decimal point for sub-second values be locale specific.
Change-Id: I670471e8e5db6291e364d124eb48ddbaa6d8ff26
Ping-Bug: 12500
Reviewed-on: https://code.wireshark.org/review/20621
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
The cleanup routine has been added to exit section of the applications.
Those which required a exit restyle have been patched as well.
Change-Id: I3a8787f0718ac7fef00dc58176869c7510fda7b1
Reviewed-on: https://code.wireshark.org/review/19949
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
|
|
Change-Id: I950295c35fc67193d9825ebc741da151ad99e077
Reviewed-on: https://code.wireshark.org/review/19941
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
In tshark the UTF8 arrow overlaps the ports.
When pcap file has more than 999 packets the output is
no more aligned.
Bug: 12502
Change-Id: I07f90bbc0d2f065458bc07b7fde8f6a651951b60
Reviewed-on: https://code.wireshark.org/review/18109
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Balint Reczey <balint@balintreczey.hu>
|
|
Change-Id: I8764b67b5ab320323c96fe21e5ebaa03815905fd
Reviewed-on: https://code.wireshark.org/review/16591
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Copy wsutil/wsprintf.h from change 16537. Update it to use functions
appropriate to Visual C++ >= 2015, < 2015, and everything else. Add
notes about specific API issues.
Update epan/expert.c to use ws_snprintf, since the VS profiler shows it
as a minor hot spot. This reduces load time for a large-ish capture from
~14s to ~12s here.
Migrate a previous column-utils change.
Change-Id: Id4064b7c06c35fd447b63c73f731afee181df4f9
Reviewed-on: https://code.wireshark.org/review/16483
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
|
|
Fill in our port information using StringCchPrintf on Windows instead
of g_snprintf. Loading a large-ish test capture here under the VS 2013
profiler showed that we spent 620 samples in col_append_ports. Switching
from g_snprintf to StringCchPrintf reduced that to six samples.
Inline col_snprint_port while we're here.
Change-Id: I955e5baa66ebb9cc950fc0eb1682d3c015c7a55a
Reviewed-on: https://code.wireshark.org/review/16416
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Most protocols just want to limit COL_INFO or COL_PROTOCOL
so give that level of granularity.
Bug: 12144
Bug: 5117
Bug: 11144
Change-Id: I8de9b7d2c69e90d3fbfc0a52c2bd78c3de58e2f8
Reviewed-on: https://code.wireshark.org/review/15894
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
The proto tree is needed in several cases when using Lua field extractors,
because they fetch values from the tree. Without a valid field extractor
a Lua plugin may misbehave and display wrong column info.
This fixes column issues when:
- Calling resetColumns() in Qt. This involves adding a display filter,
change time display format, change name resolution and other changes
in UI which requires column updates.
- Print summary lines.
- Export as CSV and PSML.
Change-Id: Ieed6f8578cdf2759f1f836cd8413a4529b7bbd80
Reviewed-on: https://code.wireshark.org/review/13708
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Bug: 11559
Change-Id: I51836dc9a4fa399835c7bdabcba577ebd40327ad
Reviewed-on: https://code.wireshark.org/review/13538
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
By analogy to ipv4.h.
Change-Id: I147565b332024b1bb88e9cd15889255773d04524
Reviewed-on: https://code.wireshark.org/review/13034
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
The col_item->col_custom_fields_ids list does not change between
packet so this can be initialized in build_column_format_array().
Change-Id: I171b583912dbd1568c3d85159fac1ab435dcaa7c
Reviewed-on: https://code.wireshark.org/review/12801
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Use this as a common regex to split multi-field custom columns.
Change-Id: I40f76743284c5981c95d2e47d6d1d2a7f357d2ea
Reviewed-on: https://code.wireshark.org/review/12753
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
|
|
GTK already has it, but Qt forgot about it, so multi-field custom column
works ok if previously saved in GTK-shark. Invalid validation prevent from
modifying and saving multi-field custom column in Qt version.
While at it, rename "custom field" to "custom fields" to ensure
we think about multi-field custom column.
Change-Id: I99588150ccb38be11b75f5dd5b0f6443e7055ebb
Reviewed-on: https://code.wireshark.org/review/12685
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Having a single function call to format source-destination port column info serves the
current (and presently only) use case better by having a single place to manage the
display format.
This commit does not introduce any actual formatting changes.
Change-Id: I1d479d0fd5690d12afb47e538057fdc2dd369ca2
Reviewed-on: https://code.wireshark.org/review/11539
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Don't display duplicate ports if transport name resolution is not
enabled (for UDP/TCP/DCCP).
Also introduce col_append_port() to handle info column port display
with name resolution in a uniform format.
Change-Id: Icb8ac45f726b7c539b4534c62061473e9b582753
Reviewed-on: https://code.wireshark.org/review/10804
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I3f7a35db53a1ecc9d543b80f143eb6082616e458
Reviewed-on: https://code.wireshark.org/review/10702
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
The GTK+ UI sequentially dissects and caches column strings for all rows
before sorting a column. Do the same in the Qt UI, which can improve
performance considerably.
Don't colorize packets when sorting in the Qt UI unless it's necessary.
When sorting in the Qt UI, let the user cancel the initial packet
dissection. Note that we'll need to replace std::sort in order to
cancel out of sorting.
Use a pre-allocated and pre-compiled GRexex when we prime columns. Note
that we probably shouldn't parse a regular expression there.
Cache the last result of proto_registrar_get_byname.
Note performance hot spots elsewhere in the code.
To do:
GeoIP in packet-ip.c is pretty slow.
Bug: 11467
Change-Id: Ib34038fee08ef0319261faeffc4eca01e52f4bd3
Reviewed-on: https://code.wireshark.org/review/10275
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Have address_to_name() be a routine that takes an address and returns a
string with a "sufficiently long" lifetime for use in columns, using the
address type's addr_name_res_str routine for most address types, rather
than having a too-small set of address types wired into it. It replaces
both the internal solve_address_to_name() routine and get_addr_name(),
and can, for example, handle the special WLAN address types rather than
leaving them unresolved even with an ethers file.
Change-Id: Id09bc412adf5d2752155650a14a77c5378af2e42
Reviewed-on: https://code.wireshark.org/review/9475
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
It either points to col_item->col_buf (which we explicitly free) or to
a static string.
Change-Id: I4d6db3fa16e69a4321be9d01076026c024df9a00
Reviewed-on: https://code.wireshark.org/review/9219
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
columns" to share their own data structure.
Change-Id: Ib982662db6cf68730a7d121eac60d9bc5ae67429
Reviewed-on: https://code.wireshark.org/review/9195
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Using the new address type registration, dissectors can create their own address types with their own (column) filters attached to them, eliminating the need for an address to keep track of a hf_ field.
Change-Id: I2bbec256a056f403a7ac9880d5d76a0b2a21b221
Ping-Bug: 7728
Reviewed-on: https://code.wireshark.org/review/7037
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Information about dissector (filter) fields should be kept in a dissector as much as possible. Supporting "column filter string" also allows other dissectors to create their own "address types" with different column filters (because AT_ETHER isn't always an "Ethernet" address).
This feature also allowed a few "dissector specific" address types to be moved to their own dissector.
Change-Id: Ie9024af4db62bc2ee4f8c9d28a1d807f706f45bf
Ping-Bug:7728
Reviewed-on: https://code.wireshark.org/review/7029
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Now address types are setup just like field types and must be registered with a structure that provides its string representation (and more things in the future). Address types that are limited to a single dissector are registered by the dissector. More "common" ones are globally registered. There are still a few that really belong in a dissector, but have other dependencies currently not accounted for in the address type support.
Many of the "address to string" conversions that involved g_sprintf have be changed to use more "performance friendly" methods (some at the cost of needing to_str-int.h)
Leaving all comments regarding this "solution" in address_to_str.c in until all have been implemented
Change-Id: I494f413e016b22859c44675def11135f228796e0
Reviewed-on: https://code.wireshark.org/review/7019
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Id50ce3e707056cca8f30052f05c451ce431b39b5
Reviewed-on: https://code.wireshark.org/review/6632
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Most of the remaining ep_ uses are grouped with specific functionality.
Change-Id: I8fa64a17acc6bcdcf6891b2d28715ac0c58f1a4a
Reviewed-on: https://code.wireshark.org/review/6484
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
The functionality was suiting for address_to_str.c and the #defines belong in packet-atalk.h. Kept the address structure with the "address string conversion", but that can probably be better cleaned up when the address to str as a whole is cleaned up.
Would also consider making AT_ATALK an FT_ type as well.
Change-Id: Ia534096c707e6fb94acdfee0d332beda6571c371
Reviewed-on: https://code.wireshark.org/review/6417
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Adjust any other ep_ related APIs related to the transition.
Change-Id: I961b371c2c4bda557e0f1817705c27eef0dae66c
Reviewed-on: https://code.wireshark.org/review/6388
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I013c737c2cd62e3f1f49b113a7ce0c0616e1ecc4
Reviewed-on: https://code.wireshark.org/review/6119
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I74ddb6fc629ef32b217dede7a3ba652cbbf5ab12
Reviewed-on: https://code.wireshark.org/review/5932
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
This adds support for "field||field" without spaces.
Change-Id: Ia738d6642d12a188d1629bbdd9701cc8f8bb7a68
Reviewed-on: https://code.wireshark.org/review/5922
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Michal Labedzki <michal.labedzki@tieto.com>
|
|
Check for "or" or "||" (also ignore whitespaces)
and check both arguments of this operator to be
fieldname (character check), then check whole filter is valid
for dfilter compiler.
Change-Id: I412b5dc1fca16fcd2b640aa74af81167300fd11e
Reviewed-on: https://code.wireshark.org/review/5848
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Tested-by: Michal Labedzki <michal.labedzki@tieto.com>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
|
|
It's only in GLib 2.28 or later, but we don't require 2.28.
Instead, have col_custom_field_ids_free() do what g_slist_free_full() does -
and more.
Change-Id: I15768cfd2d26c847470b02ea6c51830dabcaa7ee
Reviewed-on: https://code.wireshark.org/review/5894
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
You can now add column with Custom type with more than one field
by using OR "||" splitter.
Bug: 9695
Change-Id: Ia82a91e7a35b867647d36cb9626e3870f46c0d85
Reviewed-on: https://code.wireshark.org/review/5804
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
|
|
Change-Id: I0cf6d04f5075ba1f064c40f4b39b32b6976b54c7
Reviewed-on: https://code.wireshark.org/review/5633
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
We do multiple va_start() calls using the first string in the list of
strings; do *not* use the first-string argument to iterate over all the
argument strings, as that means that only the first va_start() call will
do the right thing, use a separate variable.
Bug: 10755
Change-Id: Ic4a6c24f911e335d147883a25d30289628836875
Reviewed-on: https://code.wireshark.org/review/5630
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Several fields in cinfo is allocated memory and must be freed here
to avoid memory leakage when recreating the packet list.
Do not allocate memory for col_expr[] as this points to static strings
or other allocated strings.
Change-Id: I840377e3c590b1a3e2a38e0537465a028041d1e9
Reviewed-on: https://code.wireshark.org/review/5137
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Pcap-ng files don't have a per-file time stamp resolution, they have a
per-interface time stamp resolution. Add new time stamp resolution
types of "unknown" and "per-packet", add the time stamp resolution to
struct wtap_pkthdr, have the libwiretap core initialize it to the
per-file time stamp resolution, and have pcap-ng do the same thing with
the resolution that it does with the packet encapsulation.
Get rid of the TS_PREC_AUTO_XXX values; just have TS_PREC_AUTO, which
means "use the packet's resolution to determine how many significant
digits to display". Rename all the WTAP_FILE_TSPREC_XXX values to
WTAP_TSPREC_XXX, as they're also used for per-packet values.
Change-Id: If9fd8f799b19836a5104aaa0870a951498886c69
Reviewed-on: https://code.wireshark.org/review/4349
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
When dissecting with columns TCP dissector spends
around 1/4 time in col_append_fstr(), add col_append_lstr()
and do formatting by ourselves.
Change-Id: If90bc26242761884b4991e8db0db62c8f9e32690
Reviewed-on: https://code.wireshark.org/review/2527
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: Ic673525a05cd106677226a4063af825d0f22c97c
Reviewed-on: https://code.wireshark.org/review/1677
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
We have callgrind benchmarks which shows that col_add_fstr() takes
5% of Ir count cause of formatting done in g_vsnprintf().
New col_add_lstr() can be used in few dissectors without much ugliness,
and it should be a little faster.
Change-Id: Ifddd951063dfd3a27c2a7da4dafce9b242c0472c
Reviewed-on: https://code.wireshark.org/review/1629
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: Iee901ae56c796007821c1754056c61954e8a342f
Reviewed-on: https://code.wireshark.org/review/1526
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|