Age | Commit message (Collapse) | Author | Files | Lines |
|
The RTP timestamp is incremented with a 48000 Hz clock rate for all modes of
Opus and all sampling rates. This fixes jitter calculations.
https://datatracker.ietf.org/doc/html/rfc7587#section-4.1
|
|
When calling openCaptureFile() after importing a hexdump,
call it with the is_tempfile parameter set to true, as done
after a merge. That means that the imported file (which is
already written to a temporary directory) is treated like
other temporary capture files and:
* Is deleted if closed without saving
* Is marked as having changes
* Pops up a warning if closed without saving
* Doesn't have its temporary filename shown
* Isn't added to the recent capture file list
When openCaptureFile() is called with is_tempfile set to true,
don't call setLastOpenDirFromFilename. Just like with a new
live capture, temporary files from any source shouldn't change
what directory opens in the file chooser.
Also don't call setLastOpenDir from the separate mergeCaptureFile()
function that handles the merge dialog of two files (unlike the
drag and drop merge) for the same reason.
*Do* call setLastOpenDirFromFilename with the filename of the
hexdump chosen in ImportTextDialog; that's the directory the
user last opened a file from.
Fix #15559
|
|
Commit 9c75c1dc18199ea6b282177e21fe1d445af5bbb3 introduced
a new eventFilter function for FilterExpressionToolBar but
called the wrong base class function in it, removing the
drag and drop buttons.
Fix #19447
|
|
Saving only the dfilter text and recompiling the code when
[re]dissecting or scanning groups of packets operates on the
explicit assumption that previously validated filter text will
always compile to valid filter code
That assumption is not true; while we invalidate the filter and
replace the text with NULL if display filter macros change or
other aspects of the packet matching expressions change so that
the previous text is no longer valid, display filters that match
FT_IPv4 or FT_IPv6 fields to resolved hostnames require a host
name lookup each time they are compiled, which can timeout, especially
if there are too many requests in flight at once. This is particularly
likely if a recompilation is performed each time additional frames
arrive during a live capture.
It is important to stress that the stronger, implicit assumption that
the display filter will compile to the same code is also false.
1) Display filters that require host name lookup can change even if
it doesn't timeout.
2) Display filter macros can change.
3) Display filters with field references will change if the selected
frame has changed.
In the case of a rescan, redissection, reload, retap, or opening a
new file, we want the new dfcode. For cf_continue_tail and
cf_finish_tail, when a new batch of frames have arrived, we might
be able to cache the host lookup for 1), and a user might want the
new macro definitions in 2) (but in that case, why not a rescan of
all packets?), but almost surely for 3) wants the field references
of the frame selected in the GUI when the filter was applied, not
whatever frame is currently selected when new packets arrive. So
we keep the old dfcode, and also reduce recompilation (which becomes
more important as the default update interval can be reduced, cf.
f0712606a3d014a915e585997f624640b326b9c0 ).
Currently filters with field references don't work at all with
newly arrived frames in live captures, because the references
aren't loaded to the code. This fixes that by using the field
references from the original frame.
Cf. 1370d2f738f4ec4b7a00f63e5f04fe916da79533
Fix #19612. Fix #12517.
|
|
Instead of requiring ${macro:arg1;...;argN}, allow the format
${macro;arg1;...;argN}.
The semicolon isn't used anywhere else, it's simple to support,
and already used in the macro syntax. It's easier to remember
if all the separators in a macro are the same.
The colon is allowed in literals, which is why it's not used
between the arguments in the macro argument list, and allowing
it after the name makes the grammar more complicated, including
tokenizing when having pop-ups of potential field matches in
the display filter line edit (#19499.)
Update the documentation for this. Also edit the documentation
for macro syntax in a few places where it implies that whitespace
in macro arguments would be ignored; in fact, it's significant.
|
|
Add a syscall-oriented follow window to logray, which shows the read/write buffers of the currently selected file descriptor.
|
|
While ':' is not a character used in fields, it should be added
to the set of token characters in DisplayFilterEdit. It appears
inside byte literals (including addresses), IPv6 literals, and
date and time literals. It is used to separate two literals in
slice notation. It is also now used as a prefix to force ambiguous
values that could be either fields or byte arrays to be interpreted
as byte arrays.
In all those cases, we want to include the ':' in the tokens used
for completion rather than using it as a token separator - since
it is used in literals but not fields, that will prevent field
completion from being offered for literals that include it.
Since there are a number of protocol names that beging with numbers,
and other that begin with hex digits (or even match hex bytes, like
"fc" and "ff"),
The other place in the grammar where ':' is used is to separate
display filter macros from their argument lists in the
${macro:arg1;arg2} format. This change will mean that autocompletion
will no longer be offered for arg1 when typing.
However, it seems likely that that format could be changed to
use all semicolons without harm.
Fix #19499
|
|
As it turns out, "Copy as Printable Text" is useful for copying
text-based protocol data.
Paritally revert 2a96b3e1d1 and add it back to DataPrinter::copyActions.
Fixes #19607
|
|
Update manuf, services enterprise numbers, translations, and other items.
services failed.
|
|
In capture input closed, the msg passed along can have
several log messages from extcap concatenated together,
whether from one interface or many.
Remove the logging prefix from each message for display
in the GUI, instead of just from the first message.
|
|
The changes in bc64efa5382960245fac31a3316a600b8af4fd0c reverted
issue #13753. The main application needs to signal that the
display filter (packet matching expressions) grammar has changed
after reloading the display filter macros so that the display filter
line edit updates its status, we don't try to apply an invalid filter
if we're doing a live capture, etc.
Fix #13753 again
|
|
|
|
ssh_pki_import_privkey_file can return SSH_OK ("import good, go ahead
and try to connect") or two types of errors, SSH_EOF ("file doesn't exist
or permission denied") or SSH_ERROR (any other error). Unfortunately
ssh_get_error() is called on the session, and doesn't provide anything
when importing the key failed.
When we get one of those two errors, add a log message explaining
what's going on. Unfortunately ssh_get_error() is called on the
session, not a key, and doesn't provide anything more when importing
the key failed, so we'll have to be somewhat generic in our error
mssage. It's a user-correctible error, so it's worth putting in the GUI.
When importing the key succeeded but authentication failed, keep
doing what we've been doing, as other methods might still succeed.
Fix #17888
|
|
|
|
|
|
Gitlab Bug #19597
The preference capture.auto_scroll was moved to a 'recent' value and marked obsolete.
It was not possible to set the recent value with -o because values marked as obsolete preferences were not checked to see if they were valid 'recent' values.
Garbage values passed to -o were not reported as unknown preferences because the 'recent' code returned PREFS_SET_OK for any value.
Changed commandline handling of -o to pass obsolete prefs to 'recent' in case they were moved there.
Return PREFS_SET_NO_SUCH_PREF for unmatched 'recent' values.
|
|
The capture session sometimes calls the error handler with an
empty error message. This is generally on extcap errors, because
extcap errors aren't reported from dumpcap over the sync pipe
but instead gathered from the extcap stderr only after the session
closes. They're reported a bit later in the closed function.
Avoid console messages like:
** [Capture MESSAGE] -- Error message from child: "", ""
and
tshark:
|
|
Disabling them breaks discoverability.
|
|
Add a field to `struct heur_dissector_list` to hold a human-readable
description of the heuristic dissector list. The field is named
`ui_name` to parallel `struct dissector_table`.
Add `register_heur_dissector_list_with_description()` to register a new heuristic
dissector list with a description as well as a name. Change
`register_heur_dissector_list()` to be a thin wrapper which passes a
null description.
Add `heur_dissector_list_get_description()` to get the description from
a `heur_dissector_list_t` (which is an opaque type).
Modify the Qt user interface so that heuristic tables listed in *View →
Internals → Dissector Tables* show the description in the left column
and the short name in the right column, as is the case for other
dissector table types. For heuristic dissector lists which do not have a
description, repeat the short name in the left column to resemble how
the dialog was presented before this change.
Revise function name based on feedback
|
|
Only show the "Displayed: x (y%)" packet list info if we have a display
filter set, similar to the other statistics. This avoids showing the
same number twice followed by "100.0%".
QObject::tr() returns a QString, so there's no need to wrap it in
QString(). (We do this a *lot*, which is probably my fault.)
Clean up some QString::arg calls.
Use the modern signal + slot syntax.
|
|
Add buttons to select the infix pattern in multiple file mode,
using the new option for having the date and time before the
file index number (which provides more natural sorting, and
keeps different groups of captures together) added for tshark
and the capture options in 8bc52f542bfa25f7de15c9df90c323ab2d195917
Fix #12371
|
|
interface_t contains an if_info_t as its member. It
doesn't need to copy the friendly name, vendor description,
and type from the if_info_t into separate members. The vast
majority of the time, we're already using the member from
the embedded if_info_t, but change a couple of cases.
The display name is a unique transformation of the name, friendly
name (OS name), and vendor description (hardware name) that depends
somewhat on the OS, so that needsto be seprate. The addresses and
links are also transformed from the if_info format. The name is
copied as well, but at least that's the primary key for the interface.
|
|
When rescanning the interface list (e.g. when manually refreshing
or a new device is added or removed), do not destroy old devices
but instead reuse it and preserve the user-set options.
Do check the monitor mode and active dlt setting against the
retrieved values to make sure that they are still supported.
In particular this means that the capture filter is not reset.
For many of the options, the value when creating a new device is
taken from the prefs, and the prefs are updated when the Capture
Options Dialog is closed (monitor mode, promiscuous mode, link layer
type, snapshot length, buffer size), or when the Manage Interfaces
Dialog is closed (hidden, user description), which mostly worked,
unless a refresh occurred when those dialogs were open and changes
had not been saved to prefs.
Fix #16418
|
|
|
|
Mark unused parameter to prevent warning
Fixup f01e345749583794fe323cb66fa4b1390a6c9ef0
|
|
Due to how QSortFilterProxyModel, when sorting, creates its own
mapping from proxy columns to source coumns instead of using
mapToSource, and that mapping, while omitting columns that are
not visible, is always done in order, it is much easier if all
View of the InterfaceTreeModel omit columns but do not reorder
them. (If the order really needs to be changed,
QHeaderView::swapSections() is available.)
Reorder the InterfaceTreeColumns to put the columns used by
ManageInterfaceDialog localView in relative order. Otherwise,
when enabling sorting clicking on the "Hide/Show" column actually
sorts via the device name, and clicking on the device name does
nothing because it maps to column six (and ManageInterfaceDialog
only uses 4 columns).
Then enable sorting.
Fix #16425
|
|
This reverts commit 3aafecb7b95a12e4b1cf52f36c1e1e51e30805ee.
The problem in #17781 was caused by udpdump not flushing after writing
the header, meaning that when no packets were captured, the capture
file wasn't written yet and thus the check in testCaptureFileClose
wouldn't do anything.
This was a workaround for the issue, but the underlying problem
was solved by 9ad1ec1651689a39e86562d083a0794d6fcbc2c2 which ensures
that udpdump and other extcaps flush after writing the pcap header.
The workaround had the downside of requiring the user to enter
the Quit command again (particularly confusing in the case where
closing the capture doesn't result in a dialog, as there's relatively
little notification of what happened outside the icons.)
Fix #19572
|
|
Manually revert cd9f7b64c7 and update it to match the changes in
537b49ee41.
Disable the packet list and detail follow menus if we don't have any
matching protocols.
|
|
The current code assumes that if deserialize_interface_list sets `err`
to non-zero, then it also sets `err_msg`. This is not always the case,
e.g.
```
GList *
deserialize_interface_list(char *data, int *err, char **err_str)
{
/* ... */
if (data == NULL) {
ws_info("Passed NULL capture interface list");
*err = CANT_GET_INTERFACE_LIST; // sets *err, but not *err_str
return if_list;
}
/* ... */
}
```
This change works around the crash by initializing err_msg to NULL in
the calling code.
Fixes https://gitlab.com/wireshark/wireshark/-/issues/19586.
|
|
In scan_local_interfaces(), we copying the information in the
if_info_t from the discovered interface list to the list of all
interfaces. Since we destroy the list of interfaces immediately
afterwards, rather than deep copying the if_info, we can shallow
copy it and remove it from the list.
|
|
When retrieving link layer types and/or time stamp types and
exiting in Wireshark and Logray, retrieve them in a single
dumpcap call to reduce the number of possible privileged calls.
Related to #15082
|
|
When stopping (but not restarting) a capture, we free the save file
name so that if another capture is started immediately without
opening the Capture Options dialog (e.g., via the Start button or
double-clicking the interface from the welcome screen list) we
don't overwrite the most recently captured file.
However, multiple file mode (ring buffer or not) requires a permanent
file name. When stopping a capture in multiple file mode, restore the
original save file name template, so that a new capture uses the
template instead of failing with the error message:
"Ring buffer requested, but capture isn't being saved to a permanent file."
Since multiple file mode inserts the time and file number into the file
name, this won't overwrite any files already created. We could instead
clear multiple file mode when stopping the capture, but that would
alter the behavior when reopening the Capture Options dialog from
currently (the user would have to re-enable multiple file mode), whereas
currently the template is restored if the dialog is opened.
Fix #16759
|
|
Batch up the interface capability retrieval in tshark -L
into a single dumpcap call.
Related to #15082
|
|
Update manuf, services enterprise numbers, translations, and other items.
|
|
There are other situations where we want vertical Packet List
autoscroll (like keyboard navigation, which is implemented that way),
so a1b2a14ad3e185f17042689f817d88b8df3a9c52 isn't quite right.
There doesn't seem to be a way to have QTreeView (or anything that
inherits QAbstractItemView) scroll vertically but not horizontally.
So, let the Packet List autoscroll, and when scrolling just
restore the horizontal value back to whatever it was before.
|
|
[skip ci]
|
|
Apparently in Qt6 closing the main window can exit the Qt event loop,
which means that WinSparkle never gets the notifications it needs to
proceed.
WinSparkle will call quit() shortly thereafter via the shutdown
request callback, so the main window will still close at approximately
the same time.
See discussion in https://github.com/vslavik/winsparkle/issues/237
Fix #19568
|
|
|
|
Add custom title option %C to show the first capture comment from
command line argument.
Ping: #19296
|
|
If the message when closing a capture session is an empty string,
don't print a warning message to the console.
We already have the message like:
** (wireshark:1938687) 11:33:39.555100 [Capture MESSAGE] -- Capture stopped.
We don't need an additional:
** (wireshark:1938687) 11:33:39.555116 [Capture WARNING] ui/capture.c:723 -- capture_input_closed():
|
|
Update manuf, services enterprise numbers, translations, and other items.
services failed.
|
|
The underlying source model for the InterfaceSortFilterModel can
be an InterfaceTreeModel or a InterfaceTreeCacheModel (which do
not inherit from each other), so don't always cast it to an
InterfaceTreeModel pointer and call a member of that on systems
that support remote capture.
It's still impossible to add a pipe when the interface list isn't
loaded on any OS, presumably because of some issues with using
a QIdentityProxyModel when the source model has no entries.
(We don't actually use it as an identity, because the newly added
devices are included too.) However, at least it doesn't crash.
Fix #17928
|
|
Update manuf, services enterprise numbers, translations, and other items.
|
|
We generally want Qt (horizontal) auto scroll off in the Packet List
(56625dd4562d89f711ab68caa8cf849509b0970f) but reverted that change
in (df83e45084f7a8430225f646a03d1974b188d3ca) because we needed to
scroll vertically for Go To Packet and a few other cases when selecting
a packet, and auto scrolling did that for us.
Commit 97ae7cdf2fa1172ae6e0bcb6533bcb8a6b3b085e made it so that
we manually position the selected packet at the center, so we
can turn autoScroll off since we're doing it ourselves.
By doing so, we can remove our workarounds for preventing horizontal
autoscroll.
Fix #19551
|
|
Use the welcome mode to fill in the interface list and start
the stats at the same time, instead of two calls.
Also now restart the stats when refreshing the interface list
because an interface has changed.
Add a comment that there are still some situations where we don't
trigger an interface refresh on a interface monitor notification
on Linux
Related to #15082
|
|
|
|
The filterPackets signal takes a QString by value, not by
reference (which is fine in Qt due to implicit sharing), and
must be connected correctly to work (at least on Qt6):
** (wireshark:829501) 10:56:20.423294 [GUI WARNING] -- QObject::connect: No such signal SCTPAssocAnalyseDialog::filterPackets(QString&,bool) in ui/qt/sctp_all_assocs_dialog.cpp:98
** (wireshark:829501) 10:56:20.423357 [GUI WARNING] -- QObject::connect: (sender name: 'SCTPAssocAnalyseDialog')
** (wireshark:829501) 10:56:20.423382 [GUI WARNING] -- QObject::connect: (receiver name: 'WiresharkMainWindow')
Related to #19544
|
|
Allow dumpcap to have the "-D" "-L" and "-S" flags all specified.
This is a "welcome mode" that prints out the interfaces and their
capabilities, and then prints out the running statistics.
("-L" and "-S" without "-D" will just print the statistics, but
doesn't give an error.)
In capture child mode, the interface information is sent as a
message on the sync pipe before the success message; the statistics
are sent on the data pipe as usual.
Actually using this in Wireshark will be added next.
Related to #15082
|
|
Use layoutAboutToBeChanged() and layoutChanged() instead of
beginResetModel() / endResetModel(). It still causes a sort
but doesn't clear the selected item.
Fix #19133
|
|
|