static gboolean
process_frame(frame_data *frame, column_info *cinfo, ph_stats_t* ps)
{
epan_dissect_t edt;
union wtap_pseudo_header phdr;
guint8 pd[WTAP_MAX_PACKET_SIZE];
double cur_time;
/* Load the frame from the capture file */
if (!cf_read_frame_r(&cfile, frame, &phdr, pd))
return FALSE; /* failure */
/* Dissect the frame tree not visible */
epan_dissect_init(&edt, TRUE, FALSE);
/* Don't fake protocols. We need them for the protocol hierarchy */
epan_dissect_fake_protocols(&edt, FALSE);
epan_dissect_run(&edt, &phdr, pd, frame, cinfo);
/* Get stats from this protocol tree */
process_tree(edt.tree, ps, frame->pkt_len);
/* Update times */
cur_time = nstime_to_sec(&frame->abs_ts);
if (cur_time < ps->first_time) {
ps->first_time = cur_time;
}
if (cur_time > ps->last_time) {
ps->last_time = cur_time;
}
/* Free our memory. */
epan_dissect_cleanup(&edt);
return TRUE; /* success */
}
QString &PacketList::getFilterFromRowAndColumn()
{
frame_data *fdata;
QString &filter = *new QString();
int row = currentIndex().row();
if (!cap_file_ || !packet_list_model_ || ctx_column_ < 0 || ctx_column_ >= cap_file_->cinfo.num_cols) return filter;
fdata = packet_list_model_->getRowFdata(row);
if (fdata != NULL) {
epan_dissect_t edt;
if (!cf_read_record(cap_file_, fdata))
return filter; /* error reading the record */
/* proto tree, visible. We need a proto tree if there's custom columns */
epan_dissect_init(&edt, cap_file_->epan, have_custom_cols(&cap_file_->cinfo), FALSE);
col_custom_prime_edt(&edt, &cap_file_->cinfo);
epan_dissect_run(&edt, cap_file_->cd_t, &cap_file_->phdr, frame_tvbuff_new_buffer(fdata, &cap_file_->buf), fdata, &cap_file_->cinfo);
epan_dissect_fill_in_columns(&edt, TRUE, TRUE);
if ((cap_file_->cinfo.col_custom_occurrence[ctx_column_]) ||
(strchr (cap_file_->cinfo.col_expr.col_expr_val[ctx_column_], ',') == NULL))
{
/* Only construct the filter when a single occurrence is displayed
* otherwise we might end up with a filter like "ip.proto==1,6".
*
* Or do we want to be able to filter on multiple occurrences so that
* the filter might be calculated as "ip.proto==1 && ip.proto==6"
* instead?
*/
if (strlen(cap_file_->cinfo.col_expr.col_expr[ctx_column_]) != 0 &&
strlen(cap_file_->cinfo.col_expr.col_expr_val[ctx_column_]) != 0) {
/* leak a little but safer than ep_ here */
if (cap_file_->cinfo.col_fmt[ctx_column_] == COL_CUSTOM) {
header_field_info *hfi = proto_registrar_get_byname(cap_file_->cinfo.col_custom_field[ctx_column_]);
if (hfi->parent == -1) {
/* Protocol only */
filter.append(cap_file_->cinfo.col_expr.col_expr[ctx_column_]);
} else if (hfi->type == FT_STRING) {
/* Custom string, add quotes */
filter.append(QString("%1 == \"%2\"")
.arg(cap_file_->cinfo.col_expr.col_expr[ctx_column_])
.arg(cap_file_->cinfo.col_expr.col_expr_val[ctx_column_]));
}
}
if (filter.isEmpty()) {
filter.append(QString("%1 == %2")
.arg(cap_file_->cinfo.col_expr.col_expr[ctx_column_])
.arg(cap_file_->cinfo.col_expr.col_expr_val[ctx_column_]));
}
}
}
epan_dissect_cleanup(&edt);
}
return filter;
}
static gboolean
finfo_window_refresh(struct FieldinfoWinData *DataPtr)
{
field_info *old_finfo = DataPtr->finfo;
field_info *finfo;
epan_dissect_t edt;
const guint8 *data;
GtkWidget *byte_view;
gchar label_str[ITEM_LABEL_LENGTH];
/* always update byteviews */
if (DataPtr->bv && (byte_view = get_notebook_bv_ptr(DataPtr->bv))) {
int pos_inside = DataPtr->pd_offset - DataPtr->start_offset - old_finfo->start;
if (pos_inside < 0 || pos_inside >= old_finfo->length)
pos_inside = -1;
data = DataPtr->pd + DataPtr->start_offset + old_finfo->start;
packet_hex_editor_print(byte_view, data, DataPtr->frame, pos_inside, DataPtr->pd_bitoffset, old_finfo->length);
}
if (DataPtr->app_bv && (byte_view = get_notebook_bv_ptr(DataPtr->app_bv))) {
int pos_inside = DataPtr->pd_offset - DataPtr->start_offset - old_finfo->appendix_start;
if (pos_inside < 0 || pos_inside >= old_finfo->appendix_length)
pos_inside = -1;
data = DataPtr->pd + DataPtr->start_offset + old_finfo->appendix_start;
packet_hex_editor_print(byte_view, data, DataPtr->frame, pos_inside, DataPtr->pd_bitoffset, old_finfo->appendix_length);
}
/* redisect */
epan_dissect_init(&edt, DataPtr->epan, TRUE, TRUE);
/* Makes any sense?
if (old_finfo->hfinfo)
proto_tree_prime_hfid(edt.tree, old_finfo->hfinfo->id);
*/
epan_dissect_run(&edt, &DataPtr->phdr, frame_tvbuff_new(DataPtr->frame, DataPtr->pd), DataPtr->frame, NULL);
/* Try to find finfo which looks like old_finfo.
* We might not found one, if protocol requires specific magic values, etc... */
if (!(finfo = proto_finfo_find(edt.tree, old_finfo))) {
epan_dissect_cleanup(&edt);
gtk_entry_set_text(GTK_ENTRY(DataPtr->repr), "[finfo not found, try with another value, or restore old. If you think it is bug, fill bugreport]");
return FALSE;
}
/* XXX, update fvalue_edit, e.g. when hexedit was changed */
if (finfo->rep == NULL) {
proto_item_fill_label(finfo, label_str);
gtk_entry_set_text(GTK_ENTRY(DataPtr->repr), label_str);
} else
gtk_entry_set_text(GTK_ENTRY(DataPtr->repr), finfo->rep->representation);
epan_dissect_cleanup(&edt);
return TRUE;
}
static void
redissect_packet_window(gpointer object, gpointer user_data _U_)
{
struct PacketWinData *DataPtr = (struct PacketWinData *)object;
char *title;
/* XXX, can be optimized? */
proto_tree_draw(NULL, DataPtr->tree_view);
epan_dissect_cleanup(&(DataPtr->edt));
epan_dissect_init(&(DataPtr->edt), DataPtr->epan, TRUE, TRUE);
epan_dissect_run(&(DataPtr->edt), &DataPtr->phdr, frame_tvbuff_new(DataPtr->frame, DataPtr->pd), DataPtr->frame, NULL);
add_byte_views(&(DataPtr->edt), DataPtr->tree_view, DataPtr->bv_nb_ptr);
proto_tree_draw(DataPtr->edt.tree, DataPtr->tree_view);
/* update the window title */
title = create_packet_window_title();
gtk_window_set_title(GTK_WINDOW(DataPtr->main), title);
g_free(title);
}
void FrameInformation::loadFrameTree()
{
if ( ! fi_ || ! cap_file_ || !cap_file_->capFile())
return;
if (!cf_read_record(cap_file_->capFile(), fi_))
return;
struct wtap_pkthdr phdr_ = cap_file_->capFile()->phdr;
packet_data_ = (guint8 *) g_memdup(ws_buffer_start_ptr(&(cap_file_->capFile()->buf)), fi_->cap_len);
/* proto tree, visible. We need a proto tree if there's custom columns */
epan_dissect_init(&edt_, cap_file_->capFile()->epan, TRUE, TRUE);
col_custom_prime_edt(&edt_, &(cap_file_->capFile()->cinfo));
epan_dissect_run(&edt_, cap_file_->capFile()->cd_t, &phdr_,
frame_tvbuff_new(&cap_file_->capFile()->provider, fi_, packet_data_),
fi_, &(cap_file_->capFile()->cinfo));
epan_dissect_fill_in_columns(&edt_, TRUE, TRUE);
}
static gboolean
process_record(capture_file *cf, frame_data *frame, column_info *cinfo, ph_stats_t* ps)
{
epan_dissect_t edt;
struct wtap_pkthdr phdr;
Buffer buf;
double cur_time;
wtap_phdr_init(&phdr);
/* Load the record from the capture file */
ws_buffer_init(&buf, 1500);
if (!cf_read_record_r(cf, frame, &phdr, &buf))
return FALSE; /* failure */
/* Dissect the record tree not visible */
epan_dissect_init(&edt, cf->epan, TRUE, FALSE);
/* Don't fake protocols. We need them for the protocol hierarchy */
epan_dissect_fake_protocols(&edt, FALSE);
epan_dissect_run(&edt, cf->cd_t, &phdr, frame_tvbuff_new_buffer(frame, &buf), frame, cinfo);
/* Get stats from this protocol tree */
process_tree(edt.tree, ps, frame->pkt_len);
if (frame->flags.has_ts) {
/* Update times */
cur_time = nstime_to_sec(&frame->abs_ts);
if (cur_time < ps->first_time)
ps->first_time = cur_time;
if (cur_time > ps->last_time)
ps->last_time = cur_time;
}
/* Free our memory. */
epan_dissect_cleanup(&edt);
wtap_phdr_cleanup(&phdr);
ws_buffer_free(&buf);
return TRUE; /* success */
}
static gboolean
process_record(capture_file *cf, frame_data *frame, column_info *cinfo,
wtap_rec *rec, Buffer *buf, ph_stats_t* ps)
{
epan_dissect_t edt;
double cur_time;
/* Load the record from the capture file */
if (!cf_read_record(cf, frame, rec, buf))
return FALSE; /* failure */
/* Dissect the record tree not visible */
epan_dissect_init(&edt, cf->epan, TRUE, FALSE);
/* Don't fake protocols. We need them for the protocol hierarchy */
epan_dissect_fake_protocols(&edt, FALSE);
epan_dissect_run(&edt, cf->cd_t, rec,
frame_tvbuff_new_buffer(&cf->provider, frame, buf),
frame, cinfo);
/* Get stats from this protocol tree */
process_tree(edt.tree, ps);
if (frame->has_ts) {
/* Update times */
cur_time = nstime_to_sec(&frame->abs_ts);
if (cur_time < ps->first_time)
ps->first_time = cur_time;
if (cur_time > ps->last_time)
ps->last_time = cur_time;
}
/* Free our memory. */
epan_dissect_cleanup(&edt);
return TRUE; /* success */
}
/**
* Given a handle on a capture file, and an offset within that file,
* this function will read a packet and decide if it matches the display
* filter. If it does, it calls proto_tree_get_fields() to read specific fields
* into stdata.
*
* @return passed a boolean describing whether the packet matched the filter.
*/
gboolean process_packet(capture_file *cf, gint64 offset, st_data_t *stdata)
{
frame_data fdata;
epan_dissect_t edt;
gboolean passed;
const struct wtap_pkthdr *whdr = wtap_phdr(cf->wth);
union wtap_pseudo_header *pseudo_header = wtap_pseudoheader(cf->wth);
const guchar *pd = wtap_buf_ptr(cf->wth);
/* Count this packet.
NB: the frame dissector uses this to determine frame.number
*/
cf->count++;
/**
* Initialize dissector tree
*/
epan_dissect_init(&edt, TRUE, TRUE);
frame_data_init(&fdata, cf->count, whdr, offset, cum_bytes);
frame_data_set_before_dissect(&fdata, &cf->elapsed_time,
&first_ts, &prev_dis_ts, &prev_cap_ts);
passed = TRUE;
// AB: prime the epan_dissect_t with the dfilter.
if(cf->rfcode)
{
epan_dissect_prime_dfilter(&edt, cf->rfcode);
}
tap_queue_init(&edt);
/**
* Run the dissector on this packet
*/
epan_dissect_run(&edt, pseudo_header, pd, &fdata, NULL);
tap_push_tapped_queue(&edt);
// AB: Run the read filter
if(cf->rfcode)
{
passed = dfilter_apply_edt(cf->rfcode, &edt);
}
else
{
passed = TRUE;
}
if(passed)
{
frame_data_set_after_dissect(&fdata, &cum_bytes, &prev_dis_ts);
// stdata could be NULL if we are just counting packets
if(stdata != NULL)
proto_tree_get_fields(stdata, &edt);
}
epan_dissect_cleanup(&edt);
frame_data_cleanup(&fdata);
return passed;
}
QVariant PacketListModel::data(const QModelIndex &index, int role) const
{
if (!index.isValid())
return QVariant();
PacketListRecord *record = static_cast<PacketListRecord*>(index.internalPointer());
if (!record)
return QVariant();
frame_data *fdata = record->getFdata();
if (!fdata)
return QVariant();
switch (role) {
case Qt::FontRole:
return wsApp->monospaceFont();
case Qt::TextAlignmentRole:
switch(recent_get_column_xalign(index.column())) {
case COLUMN_XALIGN_RIGHT:
return Qt::AlignRight;
break;
case COLUMN_XALIGN_CENTER:
return Qt::AlignCenter;
break;
case COLUMN_XALIGN_LEFT:
return Qt::AlignLeft;
break;
case COLUMN_XALIGN_DEFAULT:
default:
if (right_justify_column(index.column(), cap_file_)) {
return Qt::AlignRight;
}
break;
}
return Qt::AlignLeft;
case Qt::BackgroundRole:
const color_t *color;
if (fdata->flags.ignored) {
color = &prefs.gui_ignored_bg;
} else if (fdata->flags.marked) {
color = &prefs.gui_marked_bg;
} else if (fdata->color_filter) {
const color_filter_t *color_filter = (const color_filter_t *) fdata->color_filter;
color = &color_filter->bg_color;
} else {
return QVariant();
}
// g_log(NULL, G_LOG_LEVEL_DEBUG, "i: %d m: %d cf: %p bg: %d %d %d", fdata->flags.ignored, fdata->flags.marked, fdata->color_filter, color->red, color->green, color->blue);
return QColor(color->red >> 8, color->green >> 8, color->blue >> 8);
case Qt::ForegroundRole:
if (fdata->flags.ignored) {
color = &prefs.gui_ignored_fg;
} else if (fdata->flags.marked) {
color = &prefs.gui_marked_fg;
} else if (fdata->color_filter) {
const color_filter_t *color_filter = (const color_filter_t *) fdata->color_filter;
color = &color_filter->fg_color;
} else {
return QVariant();
}
return QColor(color->red >> 8, color->green >> 8, color->blue >> 8);
case Qt::DisplayRole:
// Need packet data -- fall through
break;
default:
return QVariant();
}
int col_num = index.column();
// g_log(NULL, G_LOG_LEVEL_DEBUG, "showing col %d", col_num);
if (!cap_file_ || col_num > cap_file_->cinfo.num_cols)
return QVariant();
epan_dissect_t edt;
column_info *cinfo;
gboolean create_proto_tree;
struct wtap_pkthdr phdr; /* Packet header */
Buffer buf; /* Packet data */
gboolean dissect_columns = TRUE; // XXX - Currently only a placeholder
if (dissect_columns && cap_file_)
cinfo = &cap_file_->cinfo;
else
cinfo = NULL;
buffer_init(&buf, 1500);
if (!cap_file_ || !cf_read_frame_r(cap_file_, fdata, &phdr, &buf)) {
/*
* Error reading the frame.
*
* Don't set the color filter for now (we might want
* to colorize it in some fashion to warn that the
* row couldn't be filled in or colorized), and
* set the columns to placeholder values, except
* for the Info column, where we'll put in an
* error message.
*/
if (dissect_columns) {
col_fill_in_error(cinfo, fdata, FALSE, FALSE /* fill_fd_columns */);
// for(gint col = 0; col < cinfo->num_cols; ++col) {
// /* Skip columns based on frame_data because we already store those. */
// if (!col_based_on_frame_data(cinfo, col))
// packet_list_change_record(packet_list, record->physical_pos, col, cinfo);
// }
// record->columnized = TRUE;
}
if (enable_color_) {
fdata->color_filter = NULL;
// record->colorized = TRUE;
}
buffer_free(&buf);
return QVariant(); /* error reading the frame */
}
create_proto_tree = (color_filters_used() && enable_color_) ||
(have_custom_cols(cinfo) && dissect_columns);
epan_dissect_init(&edt, cap_file_->epan,
create_proto_tree,
FALSE /* proto_tree_visible */);
if (enable_color_)
color_filters_prime_edt(&edt);
if (dissect_columns)
col_custom_prime_edt(&edt, cinfo);
epan_dissect_run(&edt, &phdr, frame_tvbuff_new_buffer(fdata, &buf), fdata, cinfo);
if (enable_color_)
fdata->color_filter = color_filters_colorize_packet(&edt);
if (dissect_columns) {
/* "Stringify" non frame_data vals */
epan_dissect_fill_in_columns(&edt, FALSE, FALSE /* fill_fd_columns */);
// for(col = 0; col < cinfo->num_cols; ++col) {
// /* Skip columns based on frame_data because we already store those. */
// if (!col_based_on_frame_data(cinfo, col))
// packet_list_change_record(packet_list, record->physical_pos, col, cinfo);
// }
// g_log(NULL, G_LOG_LEVEL_DEBUG, "d_c %d: %s", col_num, cinfo->col_data[col_num]);
}
// if (dissect_columns)
// record->columnized = TRUE;
// if (enable_color_)
// record->colorized = TRUE;
epan_dissect_cleanup(&edt);
buffer_free(&buf);
switch (role) {
case Qt::DisplayRole:
return record->data(col_num, cinfo);
break;
default:
break;
}
return QVariant();
}
/**
Does the dissection of one packet.
@param in_data raw binary data of the packet to be processed
@param mode specifies the debug mode
@return dissected packet payload in a form of hf_datanode tree if everything went OK, NULL otherwise
*/
extern "C" __declspec(dllexport) hf_datanode *hf_dissect_one_packet(unsigned char *in_data, int mode)
{
epan_dissect_t *pedt;
frame_data *fdata = g_slice_new(frame_data);
int count = 0;
nstime_t elapsed_time;
elapsed_time.secs = 0;
elapsed_time.nsecs = 100;
name_number = 1;
if(mode==DEBUG_MODE) {
printf("DEBUG mode on.\n");
debug_mode = mode;
}
if(fdata==NULL)
return NULL;
// create a wiretap header wrapper around the data
wtap *wth;
wth = hf_create_fakewth(in_data);
// this should happen only if we run out of memory!
if(wth==NULL)
return NULL;
// initilaize the values for fake time measurement
hf_init_timestructs();
// disecton process begins
// initialiation phase...set up the frame and dissection structures
frame_data_init(fdata,count,wtap_phdr(wth),wth->data_offset,cum_bytes);
pedt = epan_dissect_new(TRUE,TRUE);
frame_data_set_before_dissect(fdata,&(elapsed_time),&first_ts,&prev_dis_ts,&prev_cap_ts);
// the core of the dissection
epan_dissect_run(pedt,wtap_pseudoheader(wth),wtap_buf_ptr(wth),fdata,NULL);
// cleanup after the dissection
frame_data_set_after_dissect(fdata,&cum_bytes,&prev_dis_ts);
// transform the dissected data to the form of a hf_datanode tree
hf_datanode * returned_node = hf_transform_ptree_to_datamodel(pedt);
// free the one-packet dissection structure epan_dissect_t
epan_dissect_free(pedt);
// disecton process ends
// deallocation phase
g_slice_free(frame_data, fdata);
buffer_free(wth->frame_buffer);
g_free(wth->frame_buffer);
g_free(wth->capture.pcap);
g_free(wth);
hf_datanode *returned_payload = hf_return_only_payload(returned_node);
// fragmented packet or dissection failure should be noted
if(mode==DEBUG_MODE) {
if(!returned_payload)
fprintf(stderr, "Dissection returned NULL - either fragmented message or protocol unknown.\n");
}
// print the part that will be returned from the function after the duplicates were skipped etc.
if(debug_mode==DEBUG_MODE) {
hf_print_datamodel(returned_payload,1,1);
}
// if we were in debug mode, switch it off
debug_mode = NODEBUG_MODE;
return returned_payload;
}
void PacketListRecord::dissect(capture_file *cap_file, bool dissect_color)
{
// packet_list_store.c:packet_list_dissect_and_cache_record
epan_dissect_t edt;
column_info *cinfo = NULL;
gboolean create_proto_tree;
struct wtap_pkthdr phdr; /* Packet header */
Buffer buf; /* Packet data */
gboolean dissect_columns = col_text_.isEmpty() || data_ver_ != col_data_ver_;
if (!cap_file) {
return;
}
memset(&phdr, 0, sizeof(struct wtap_pkthdr));
if (dissect_columns) {
cinfo = &cap_file->cinfo;
}
ws_buffer_init(&buf, 1500);
if (!cf_read_record_r(cap_file, fdata_, &phdr, &buf)) {
/*
* Error reading the record.
*
* Don't set the color filter for now (we might want
* to colorize it in some fashion to warn that the
* row couldn't be filled in or colorized), and
* set the columns to placeholder values, except
* for the Info column, where we'll put in an
* error message.
*/
if (dissect_columns) {
col_fill_in_error(cinfo, fdata_, FALSE, FALSE /* fill_fd_columns */);
cacheColumnStrings(cinfo);
}
if (dissect_color) {
fdata_->color_filter = NULL;
colorized_ = true;
}
ws_buffer_free(&buf);
return; /* error reading the record */
}
create_proto_tree = (dissect_color && color_filters_used()) ||
(dissect_columns && have_custom_cols(cinfo));
epan_dissect_init(&edt, cap_file->epan,
create_proto_tree,
FALSE /* proto_tree_visible */);
/* Re-color when the coloring rules are changed via the UI. */
if (dissect_color) {
color_filters_prime_edt(&edt);
fdata_->flags.need_colorize = 1;
}
if (dissect_columns)
col_custom_prime_edt(&edt, cinfo);
/*
* XXX - need to catch an OutOfMemoryError exception and
* attempt to recover from it.
*/
epan_dissect_run(&edt, cap_file->cd_t, &phdr, frame_tvbuff_new_buffer(fdata_, &buf), fdata_, cinfo);
if (dissect_columns) {
/* "Stringify" non frame_data vals */
epan_dissect_fill_in_columns(&edt, FALSE, FALSE /* fill_fd_columns */);
cacheColumnStrings(cinfo);
}
if (dissect_color) {
colorized_ = true;
}
data_ver_ = col_data_ver_;
packet_info *pi = &edt.pi;
conv_ = find_conversation(pi->num, &pi->src, &pi->dst, pi->ptype,
pi->srcport, pi->destport, 0);
epan_dissect_cleanup(&edt);
ws_buffer_free(&buf);
}
Iax2AnalysisDialog::Iax2AnalysisDialog(QWidget &parent, CaptureFile &cf) :
WiresharkDialog(parent, cf),
ui(new Ui::Iax2AnalysisDialog),
port_src_fwd_(0),
port_dst_fwd_(0),
port_src_rev_(0),
port_dst_rev_(0)
{
ui->setupUi(this);
setWindowSubtitle(tr("IAX2 Stream Analysis"));
// XXX Use recent settings instead
resize(parent.width() * 4 / 5, parent.height() * 4 / 5);
ui->progressFrame->hide();
stream_ctx_menu_.addAction(ui->actionGoToPacket);
stream_ctx_menu_.addAction(ui->actionNextProblem);
stream_ctx_menu_.addSeparator();
stream_ctx_menu_.addAction(ui->actionSaveAudio);
stream_ctx_menu_.addAction(ui->actionSaveForwardAudio);
stream_ctx_menu_.addAction(ui->actionSaveReverseAudio);
stream_ctx_menu_.addSeparator();
stream_ctx_menu_.addAction(ui->actionSaveCsv);
stream_ctx_menu_.addAction(ui->actionSaveForwardCsv);
stream_ctx_menu_.addAction(ui->actionSaveReverseCsv);
stream_ctx_menu_.addSeparator();
stream_ctx_menu_.addAction(ui->actionSaveGraph);
ui->forwardTreeWidget->installEventFilter(this);
ui->forwardTreeWidget->setContextMenuPolicy(Qt::CustomContextMenu);
connect(ui->forwardTreeWidget, SIGNAL(customContextMenuRequested(QPoint)),
SLOT(showStreamMenu(QPoint)));
ui->reverseTreeWidget->installEventFilter(this);
ui->reverseTreeWidget->setContextMenuPolicy(Qt::CustomContextMenu);
connect(ui->reverseTreeWidget, SIGNAL(customContextMenuRequested(QPoint)),
SLOT(showStreamMenu(QPoint)));
connect(ui->streamGraph, SIGNAL(mousePress(QMouseEvent*)),
this, SLOT(graphClicked(QMouseEvent*)));
graph_ctx_menu_.addAction(ui->actionSaveGraph);
QStringList header_labels;
for (int i = 0; i < ui->forwardTreeWidget->columnCount(); i++) {
header_labels << ui->forwardTreeWidget->headerItem()->text(i);
}
ui->reverseTreeWidget->setHeaderLabels(header_labels);
memset(&src_fwd_, 0, sizeof(address));
memset(&dst_fwd_, 0, sizeof(address));
memset(&src_rev_, 0, sizeof(address));
memset(&dst_rev_, 0, sizeof(address));
QList<QCheckBox *> graph_cbs = QList<QCheckBox *>()
<< ui->fJitterCheckBox << ui->fDiffCheckBox
<< ui->rJitterCheckBox << ui->rDiffCheckBox;
for (int i = 0; i < num_graphs_; i++) {
QCPGraph *graph = ui->streamGraph->addGraph();
graph->setPen(QPen(ColorUtils::graph_colors_[i]));
graph->setName(graph_cbs[i]->text());
graphs_ << graph;
graph_cbs[i]->setChecked(true);
graph_cbs[i]->setIcon(StockIcon::colorIcon(ColorUtils::graph_colors_[i], QPalette::Text));
}
ui->streamGraph->xAxis->setLabel("Arrival Time");
ui->streamGraph->yAxis->setLabel("Value (ms)");
// We keep our temp files open for the lifetime of the dialog. The GTK+
// UI opens and closes at various points.
QString tempname = QString("%1/wireshark_iax2_f").arg(QDir::tempPath());
fwd_tempfile_ = new QTemporaryFile(tempname, this);
fwd_tempfile_->open();
tempname = QString("%1/wireshark_iax2_r").arg(QDir::tempPath());
rev_tempfile_ = new QTemporaryFile(tempname, this);
rev_tempfile_->open();
if (fwd_tempfile_->error() != QFile::NoError || rev_tempfile_->error() != QFile::NoError) {
err_str_ = tr("Unable to save RTP data.");
ui->actionSaveAudio->setEnabled(false);
ui->actionSaveForwardAudio->setEnabled(false);
ui->actionSaveReverseAudio->setEnabled(false);
}
QMenu *save_menu = new QMenu();
save_menu->addAction(ui->actionSaveAudio);
save_menu->addAction(ui->actionSaveForwardAudio);
save_menu->addAction(ui->actionSaveReverseAudio);
save_menu->addSeparator();
save_menu->addAction(ui->actionSaveCsv);
save_menu->addAction(ui->actionSaveForwardCsv);
save_menu->addAction(ui->actionSaveReverseCsv);
save_menu->addSeparator();
save_menu->addAction(ui->actionSaveGraph);
ui->buttonBox->button(QDialogButtonBox::Save)->setMenu(save_menu);
const gchar *filter_text = "iax2 && (ip || ipv6)";
dfilter_t *sfcode;
gchar *err_msg;
if (!dfilter_compile(filter_text, &sfcode, &err_msg)) {
QMessageBox::warning(this, tr("No IAX2 packets found"), QString("%1").arg(err_msg));
g_free(err_msg);
close();
}
if (!cap_file_.capFile() || !cap_file_.capFile()->current_frame) close();
frame_data *fdata = cap_file_.capFile()->current_frame;
if (!cf_read_record(cap_file_.capFile(), fdata)) close();
epan_dissect_t edt;
epan_dissect_init(&edt, cap_file_.capFile()->epan, TRUE, FALSE);
epan_dissect_prime_dfilter(&edt, sfcode);
epan_dissect_run(&edt, cap_file_.capFile()->cd_t, &cap_file_.capFile()->phdr,
frame_tvbuff_new_buffer(fdata, &cap_file_.capFile()->buf), fdata, NULL);
// This shouldn't happen (the menu item should be disabled) but check anyway
if (!dfilter_apply_edt(sfcode, &edt)) {
epan_dissect_cleanup(&edt);
dfilter_free(sfcode);
err_str_ = tr("Please select an IAX2 packet");
updateWidgets();
return;
}
dfilter_free(sfcode);
/* ok, it is a IAX2 frame, so let's get the ip and port values */
COPY_ADDRESS(&(src_fwd_), &(edt.pi.src));
COPY_ADDRESS(&(dst_fwd_), &(edt.pi.dst));
port_src_fwd_ = edt.pi.srcport;
port_dst_fwd_ = edt.pi.destport;
/* assume the inverse ip/port combination for the reverse direction */
COPY_ADDRESS(&(src_rev_), &(edt.pi.dst));
COPY_ADDRESS(&(dst_rev_), &(edt.pi.src));
port_src_rev_ = edt.pi.destport;
port_dst_rev_ = edt.pi.srcport;
#if 0
/* check if it is Voice or MiniPacket */
bool ok;
getIntFromProtoTree(edt.tree, "iax2", "iax2.call", &ok);
if (!ok) {
err_str_ = tr("Please select an IAX2 packet.");
updateWidgets();
return;
}
#endif
#ifdef IAX2_RTP_STREAM_CHECK
rtpstream_tapinfot tapinfo;
/* Register the tap listener */
memset(&tapinfo, 0, sizeof(rtpstream_tapinfot));
tapinfo.tap_data = this;
tapinfo.mode = TAP_ANALYSE;
// register_tap_listener_rtp_stream(&tapinfo, NULL);
/* Scan for RTP streams (redissect all packets) */
rtpstream_scan(&tapinfo, cap_file_.capFile(), NULL);
int num_streams = 0;
GList *filtered_list = NULL;
for (GList *strinfo_list = g_list_first(tapinfo.strinfo_list); strinfo_list; strinfo_list = g_list_next(strinfo_list)) {
rtp_stream_info_t * strinfo = (rtp_stream_info_t*)(strinfo_list->data);
<< address_to_qstring(&strinfo->dest_addr) << address_to_qstring(&src_rev_) << address_to_qstring(&dst_rev_);
if (ADDRESSES_EQUAL(&(strinfo->src_addr), &(src_fwd_))
&& (strinfo->src_port == port_src_fwd_)
&& (ADDRESSES_EQUAL(&(strinfo->dest_addr), &(dst_fwd_)))
&& (strinfo->dest_port == port_dst_fwd_))
{
++num_streams;
filtered_list = g_list_prepend(filtered_list, strinfo);
}
if (ADDRESSES_EQUAL(&(strinfo->src_addr), &(src_rev_))
&& (strinfo->src_port == port_src_rev_)
&& (ADDRESSES_EQUAL(&(strinfo->dest_addr), &(dst_rev_)))
&& (strinfo->dest_port == port_dst_rev_))
{
++num_streams;
filtered_list = g_list_append(filtered_list, strinfo);
}
}
void PacketListRecord::dissect(capture_file *cap_file, bool dissect_color)
{
// packet_list_store.c:packet_list_dissect_and_cache_record
epan_dissect_t edt;
column_info *cinfo = NULL;
gboolean create_proto_tree;
wtap_rec rec; /* Record metadata */
Buffer buf; /* Record data */
if (!col_text_) col_text_ = new ColumnTextList;
gboolean dissect_columns = col_text_->isEmpty() || data_ver_ != col_data_ver_;
if (!cap_file) {
return;
}
memset(&rec, 0, sizeof rec);
if (dissect_columns) {
cinfo = &cap_file->cinfo;
}
ws_buffer_init(&buf, 1500);
if (!cf_read_record_r(cap_file, fdata_, &rec, &buf)) {
/*
* Error reading the record.
*
* Don't set the color filter for now (we might want
* to colorize it in some fashion to warn that the
* row couldn't be filled in or colorized), and
* set the columns to placeholder values, except
* for the Info column, where we'll put in an
* error message.
*/
if (dissect_columns) {
col_fill_in_error(cinfo, fdata_, FALSE, FALSE /* fill_fd_columns */);
cacheColumnStrings(cinfo);
}
if (dissect_color) {
fdata_->color_filter = NULL;
colorized_ = true;
}
ws_buffer_free(&buf);
return; /* error reading the record */
}
/*
* Determine whether we need to create a protocol tree.
* We do if:
*
* we're going to apply a color filter to this packet;
*
* we're need to fill in the columns and we have custom columns
* (which require field values, which currently requires that
* we build a protocol tree).
*
* XXX - field extractors? (Not done for GTK+....)
*/
create_proto_tree = ((dissect_color && color_filters_used()) ||
(dissect_columns && (have_custom_cols(cinfo) ||
have_field_extractors())));
epan_dissect_init(&edt, cap_file->epan,
create_proto_tree,
FALSE /* proto_tree_visible */);
/* Re-color when the coloring rules are changed via the UI. */
if (dissect_color) {
color_filters_prime_edt(&edt);
fdata_->flags.need_colorize = 1;
}
if (dissect_columns)
col_custom_prime_edt(&edt, cinfo);
/*
* XXX - need to catch an OutOfMemoryError exception and
* attempt to recover from it.
*/
epan_dissect_run(&edt, cap_file->cd_t, &rec,
frame_tvbuff_new_buffer(&cap_file->provider, fdata_, &buf),
fdata_, cinfo);
if (dissect_columns) {
/* "Stringify" non frame_data vals */
epan_dissect_fill_in_columns(&edt, FALSE, FALSE /* fill_fd_columns */);
cacheColumnStrings(cinfo);
}
if (dissect_color) {
colorized_ = true;
}
data_ver_ = col_data_ver_;
packet_info *pi = &edt.pi;
conv_ = find_conversation_pinfo(pi, 0);
epan_dissect_cleanup(&edt);
ws_buffer_free(&buf);
}
PacketDialog::PacketDialog(QWidget &parent, CaptureFile &cf, frame_data *fdata) :
WiresharkDialog(parent, cf),
ui(new Ui::PacketDialog),
packet_data_(NULL)
{
ui->setupUi(this);
ui->hintLabel->setSmallText();
// XXX Use recent settings instead
resize(parent.width() * 4 / 5, parent.height() * 4 / 5);
setWindowSubtitle(tr("Packet %1").arg(fdata->num));
phdr_ = cap_file_.capFile()->phdr;
packet_data_ = (guint8 *) g_memdup(ws_buffer_start_ptr(&(cap_file_.capFile()->buf)), fdata->cap_len);
if (!cf_read_record(cap_file_.capFile(), fdata)) reject();
/* proto tree, visible. We need a proto tree if there's custom columns */
epan_dissect_init(&edt_, cap_file_.capFile()->epan, TRUE, TRUE);
col_custom_prime_edt(&edt_, &(cap_file_.capFile()->cinfo));
epan_dissect_run(&edt_, cap_file_.capFile()->cd_t, &phdr_,
frame_tvbuff_new(fdata, packet_data_),
fdata, &(cap_file_.capFile()->cinfo));
epan_dissect_fill_in_columns(&edt_, TRUE, TRUE);
proto_tree_ = new ProtoTree(ui->packetSplitter);
proto_tree_->fillProtocolTree(edt_.tree);
proto_tree_->expandAll();
byte_view_tab_ = new ByteViewTab(ui->packetSplitter);
byte_view_tab_->setCaptureFile(cap_file_.capFile());
byte_view_tab_->clear();
GSList *src_le;
for (src_le = edt_.pi.data_src; src_le != NULL; src_le = src_le->next) {
struct data_source *source;
char* source_name;
source = (struct data_source *)src_le->data;
source_name = get_data_source_name(source);
byte_view_tab_->addTab(source_name, get_data_source_tvb(source), edt_.tree, proto_tree_,
cap_file_.capFile()->current_frame->flags.encoding);
wmem_free(NULL, source_name);
}
byte_view_tab_->setCurrentIndex(0);
ui->packetSplitter->setStretchFactor(0, 5);
ui->packetSplitter->setStretchFactor(1, 1);
QStringList col_parts;
for (int i = 0; i < cap_file_.capFile()->cinfo.num_cols; ++i) {
// ElidedLabel doesn't support rich text / HTML
col_parts << QString("%1: %2")
.arg(get_column_title(i))
.arg(cap_file_.capFile()->cinfo.col_data[i]);
}
col_info_ = col_parts.join(" " UTF8_MIDDLE_DOT " ");
setHintText();
connect(this, SIGNAL(monospaceFontChanged(QFont)),
proto_tree_, SLOT(setMonospaceFont(QFont)));
connect(this, SIGNAL(monospaceFontChanged(QFont)),
byte_view_tab_, SLOT(setMonospaceFont(QFont)));
connect(proto_tree_, SIGNAL(currentItemChanged(QTreeWidgetItem*,QTreeWidgetItem*)),
byte_view_tab_, SLOT(protoTreeItemChanged(QTreeWidgetItem*)));
connect(byte_view_tab_, SIGNAL(byteFieldHovered(QString&)),
this, SLOT(setHintText(QString&)));
}
static gboolean
process_packet(capture_file *cf, gint64 offset, const struct wtap_pkthdr *whdr,
const guchar *pd)
{
frame_data fdata;
gboolean create_proto_tree;
epan_dissect_t edt;
gboolean passed;
union wtap_pseudo_header pseudo_header;
int i;
if(whdr->len == 0)
{
/* The user sends an empty packet when he wants to get output from us even if we don't currently have
packets to process. We spit out a line with the timestamp and the text "void"
*/
printf("%lu %lu %lu void -\n", (unsigned long int)cf->count,
(unsigned long int)whdr->ts.secs,
(unsigned long int)whdr->ts.nsecs);
fflush(stdout);
return FALSE;
}
memset(&pseudo_header, 0, sizeof(pseudo_header));
/* Count this packet. */
cf->count++;
/* If we're going to print packet information, or we're going to
run a read filter, or we're going to process taps, set up to
do a dissection and do so. */
fill_in_fdata(&fdata, cf, whdr, offset);
passed = TRUE;
create_proto_tree = TRUE;
/* The protocol tree will be "visible", i.e., printed, only if we're
printing packet details, which is true if we're in verbose mode ("verbose"
is true). */
epan_dissect_init(&edt, create_proto_tree, FALSE);
/* If we're running a read filter, prime the epan_dissect_t with that
filter. */
if (n_rfilters > 0) {
for(i = 0; i < n_rfcodes; i++) {
epan_dissect_prime_dfilter(&edt, rfcodes[i]);
}
}
tap_queue_init(&edt);
printf("%lu", (unsigned long int)cf->count);
/* We only need the columns if we're printing packet info but we're
*not* verbose; in verbose mode, we print the protocol tree, not
the protocol summary. */
epan_dissect_run(&edt, &pseudo_header, pd, &fdata, &cf->cinfo);
tap_push_tapped_queue(&edt);
for(i = 0; i < n_rfilters; i++) {
/* Run the read filter if we have one. */
if (rfcodes[i])
passed = dfilter_apply_edt(rfcodes[i], &edt);
else
passed = TRUE;
/* Print a one-line summary */
printf(" %u", passed ? 1 : 0);
}
printf(" -\n");
/* The ANSI C standard does not appear to *require* that a line-buffered
stream be flushed to the host environment whenever a newline is
written, it just says that, on such a stream, characters "are
intended to be transmitted to or from the host environment as a
block when a new-line character is encountered".
The Visual C++ 6.0 C implementation doesn't do what is intended;
even if you set a stream to be line-buffered, it still doesn't
flush the buffer at the end of every line.
So, if the "-l" flag was specified, we flush the standard output
at the end of a packet. This will do the right thing if we're
printing packet summary lines, and, as we print the entire protocol
tree for a single packet without waiting for anything to happen,
it should be as good as line-buffered mode if we're printing
protocol trees. (The whole reason for the "-l" flag in either
tcpdump or Rawshark is to allow the output of a live capture to
be piped to a program or script and to have that script see the
information for the packet as soon as it's printed, rather than
having to wait until a standard I/O buffer fills up. */
if (line_buffered)
fflush(stdout);
if (ferror(stdout)) {
show_print_file_io_error(errno);
exit(2);
}
epan_dissect_cleanup(&edt);
clear_fdata(&fdata);
return passed;
}
PacketDialog::PacketDialog(QWidget &parent, CaptureFile &cf, frame_data *fdata) :
WiresharkDialog(parent, cf),
ui(new Ui::PacketDialog),
phdr_(wtap_pkthdr()),
packet_data_(NULL)
{
ui->setupUi(this);
loadGeometry(parent.width() * 4 / 5, parent.height() * 4 / 5);
ui->hintLabel->setSmallText();
setWindowSubtitle(tr("Packet %1").arg(fdata->num));
if (!cf_read_record(cap_file_.capFile(), fdata)) {
reject();
return;
}
phdr_ = cap_file_.capFile()->phdr;
packet_data_ = (guint8 *) g_memdup(ws_buffer_start_ptr(&(cap_file_.capFile()->buf)), fdata->cap_len);
/* proto tree, visible. We need a proto tree if there's custom columns */
epan_dissect_init(&edt_, cap_file_.capFile()->epan, TRUE, TRUE);
col_custom_prime_edt(&edt_, &(cap_file_.capFile()->cinfo));
epan_dissect_run(&edt_, cap_file_.capFile()->cd_t, &phdr_,
frame_tvbuff_new(&cap_file_.capFile()->provider, fdata, packet_data_),
fdata, &(cap_file_.capFile()->cinfo));
epan_dissect_fill_in_columns(&edt_, TRUE, TRUE);
proto_tree_ = new ProtoTree(ui->packetSplitter);
proto_tree_->setRootNode(edt_.tree);
byte_view_tab_ = new ByteViewTab(ui->packetSplitter);
byte_view_tab_->setCaptureFile(cap_file_.capFile());
byte_view_tab_->selectedFrameChanged(0);
ui->packetSplitter->setStretchFactor(1, 0);
QStringList col_parts;
for (int i = 0; i < cap_file_.capFile()->cinfo.num_cols; ++i) {
// ElidedLabel doesn't support rich text / HTML
col_parts << QString("%1: %2")
.arg(get_column_title(i))
.arg(cap_file_.capFile()->cinfo.columns[i].col_data);
}
col_info_ = col_parts.join(" " UTF8_MIDDLE_DOT " ");
ui->hintLabel->setText(col_info_);
connect(wsApp, SIGNAL(zoomMonospaceFont(QFont)),
proto_tree_, SLOT(setMonospaceFont(QFont)));
connect(byte_view_tab_, SIGNAL(fieldSelected(FieldInformation *)),
proto_tree_, SLOT(selectedFieldChanged(FieldInformation *)));
connect(proto_tree_, SIGNAL(fieldSelected(FieldInformation *)),
byte_view_tab_, SLOT(selectedFieldChanged(FieldInformation *)));
connect(byte_view_tab_, SIGNAL(fieldHighlight(FieldInformation *)),
this, SLOT(setHintText(FieldInformation *)));
}
