QString &PacketList::getFilterFromRowAndColumn() { frame_data *fdata; QString &filter = *new QString(); int row = currentIndex().row(); if (!cap_file_ || !packet_list_model_ || ctx_column_ < 0 || ctx_column_ >= cap_file_->cinfo.num_cols) return filter; fdata = packet_list_model_->getRowFdata(row); if (fdata != NULL) { epan_dissect_t edt; if (!cf_read_record(cap_file_, fdata)) return filter; /* error reading the record */ /* proto tree, visible. We need a proto tree if there's custom columns */ epan_dissect_init(&edt, cap_file_->epan, have_custom_cols(&cap_file_->cinfo), FALSE); col_custom_prime_edt(&edt, &cap_file_->cinfo); epan_dissect_run(&edt, cap_file_->cd_t, &cap_file_->phdr, frame_tvbuff_new_buffer(fdata, &cap_file_->buf), fdata, &cap_file_->cinfo); epan_dissect_fill_in_columns(&edt, TRUE, TRUE); if ((cap_file_->cinfo.col_custom_occurrence[ctx_column_]) || (strchr (cap_file_->cinfo.col_expr.col_expr_val[ctx_column_], ',') == NULL)) { /* Only construct the filter when a single occurrence is displayed * otherwise we might end up with a filter like "ip.proto==1,6". * * Or do we want to be able to filter on multiple occurrences so that * the filter might be calculated as "ip.proto==1 && ip.proto==6" * instead? */ if (strlen(cap_file_->cinfo.col_expr.col_expr[ctx_column_]) != 0 && strlen(cap_file_->cinfo.col_expr.col_expr_val[ctx_column_]) != 0) { /* leak a little but safer than ep_ here */ if (cap_file_->cinfo.col_fmt[ctx_column_] == COL_CUSTOM) { header_field_info *hfi = proto_registrar_get_byname(cap_file_->cinfo.col_custom_field[ctx_column_]); if (hfi->parent == -1) { /* Protocol only */ filter.append(cap_file_->cinfo.col_expr.col_expr[ctx_column_]); } else if (hfi->type == FT_STRING) { /* Custom string, add quotes */ filter.append(QString("%1 == \"%2\"") .arg(cap_file_->cinfo.col_expr.col_expr[ctx_column_]) .arg(cap_file_->cinfo.col_expr.col_expr_val[ctx_column_])); } } if (filter.isEmpty()) { filter.append(QString("%1 == %2") .arg(cap_file_->cinfo.col_expr.col_expr[ctx_column_]) .arg(cap_file_->cinfo.col_expr.col_expr_val[ctx_column_])); } } } epan_dissect_cleanup(&edt); } return filter; }
static gboolean process_frame(frame_data *frame, column_info *cinfo, ph_stats_t* ps) { epan_dissect_t edt; union wtap_pseudo_header phdr; guint8 pd[WTAP_MAX_PACKET_SIZE]; double cur_time; /* Load the frame from the capture file */ if (!cf_read_frame_r(&cfile, frame, &phdr, pd)) return FALSE; /* failure */ /* Dissect the frame tree not visible */ epan_dissect_init(&edt, TRUE, FALSE); /* Don't fake protocols. We need them for the protocol hierarchy */ epan_dissect_fake_protocols(&edt, FALSE); epan_dissect_run(&edt, &phdr, pd, frame, cinfo); /* Get stats from this protocol tree */ process_tree(edt.tree, ps, frame->pkt_len); /* Update times */ cur_time = nstime_to_sec(&frame->abs_ts); if (cur_time < ps->first_time) { ps->first_time = cur_time; } if (cur_time > ps->last_time) { ps->last_time = cur_time; } /* Free our memory. */ epan_dissect_cleanup(&edt); return TRUE; /* success */ }
static gboolean finfo_window_refresh(struct FieldinfoWinData *DataPtr) { field_info *old_finfo = DataPtr->finfo; field_info *finfo; epan_dissect_t edt; const guint8 *data; GtkWidget *byte_view; gchar label_str[ITEM_LABEL_LENGTH]; /* always update byteviews */ if (DataPtr->bv && (byte_view = get_notebook_bv_ptr(DataPtr->bv))) { int pos_inside = DataPtr->pd_offset - DataPtr->start_offset - old_finfo->start; if (pos_inside < 0 || pos_inside >= old_finfo->length) pos_inside = -1; data = DataPtr->pd + DataPtr->start_offset + old_finfo->start; packet_hex_editor_print(byte_view, data, DataPtr->frame, pos_inside, DataPtr->pd_bitoffset, old_finfo->length); } if (DataPtr->app_bv && (byte_view = get_notebook_bv_ptr(DataPtr->app_bv))) { int pos_inside = DataPtr->pd_offset - DataPtr->start_offset - old_finfo->appendix_start; if (pos_inside < 0 || pos_inside >= old_finfo->appendix_length) pos_inside = -1; data = DataPtr->pd + DataPtr->start_offset + old_finfo->appendix_start; packet_hex_editor_print(byte_view, data, DataPtr->frame, pos_inside, DataPtr->pd_bitoffset, old_finfo->appendix_length); } /* redisect */ epan_dissect_init(&edt, DataPtr->epan, TRUE, TRUE); /* Makes any sense? if (old_finfo->hfinfo) proto_tree_prime_hfid(edt.tree, old_finfo->hfinfo->id); */ epan_dissect_run(&edt, &DataPtr->phdr, frame_tvbuff_new(DataPtr->frame, DataPtr->pd), DataPtr->frame, NULL); /* Try to find finfo which looks like old_finfo. * We might not found one, if protocol requires specific magic values, etc... */ if (!(finfo = proto_finfo_find(edt.tree, old_finfo))) { epan_dissect_cleanup(&edt); gtk_entry_set_text(GTK_ENTRY(DataPtr->repr), "[finfo not found, try with another value, or restore old. If you think it is bug, fill bugreport]"); return FALSE; } /* XXX, update fvalue_edit, e.g. when hexedit was changed */ if (finfo->rep == NULL) { proto_item_fill_label(finfo, label_str); gtk_entry_set_text(GTK_ENTRY(DataPtr->repr), label_str); } else gtk_entry_set_text(GTK_ENTRY(DataPtr->repr), finfo->rep->representation); epan_dissect_cleanup(&edt); return TRUE; }
epan_dissect_t* epan_dissect_new(gboolean create_proto_tree, gboolean proto_tree_visible) { epan_dissect_t *edt; edt = g_new(epan_dissect_t, 1); return epan_dissect_init(edt, create_proto_tree, proto_tree_visible); }
epan_dissect_t* epan_dissect_new(epan_t *session, const gboolean create_proto_tree, const gboolean proto_tree_visible) { epan_dissect_t *edt; edt = g_new0(epan_dissect_t, 1); return epan_dissect_init(edt, session, create_proto_tree, proto_tree_visible); }
static void redissect_packet_window(gpointer object, gpointer user_data _U_) { struct PacketWinData *DataPtr = (struct PacketWinData *)object; char *title; /* XXX, can be optimized? */ proto_tree_draw(NULL, DataPtr->tree_view); epan_dissect_cleanup(&(DataPtr->edt)); epan_dissect_init(&(DataPtr->edt), DataPtr->epan, TRUE, TRUE); epan_dissect_run(&(DataPtr->edt), &DataPtr->phdr, frame_tvbuff_new(DataPtr->frame, DataPtr->pd), DataPtr->frame, NULL); add_byte_views(&(DataPtr->edt), DataPtr->tree_view, DataPtr->bv_nb_ptr); proto_tree_draw(DataPtr->edt.tree, DataPtr->tree_view); /* update the window title */ title = create_packet_window_title(); gtk_window_set_title(GTK_WINDOW(DataPtr->main), title); g_free(title); }
void FrameInformation::loadFrameTree() { if ( ! fi_ || ! cap_file_ || !cap_file_->capFile()) return; if (!cf_read_record(cap_file_->capFile(), fi_)) return; struct wtap_pkthdr phdr_ = cap_file_->capFile()->phdr; packet_data_ = (guint8 *) g_memdup(ws_buffer_start_ptr(&(cap_file_->capFile()->buf)), fi_->cap_len); /* proto tree, visible. We need a proto tree if there's custom columns */ epan_dissect_init(&edt_, cap_file_->capFile()->epan, TRUE, TRUE); col_custom_prime_edt(&edt_, &(cap_file_->capFile()->cinfo)); epan_dissect_run(&edt_, cap_file_->capFile()->cd_t, &phdr_, frame_tvbuff_new(&cap_file_->capFile()->provider, fi_, packet_data_), fi_, &(cap_file_->capFile()->cinfo)); epan_dissect_fill_in_columns(&edt_, TRUE, TRUE); }
static gboolean process_record(capture_file *cf, frame_data *frame, column_info *cinfo, ph_stats_t* ps) { epan_dissect_t edt; struct wtap_pkthdr phdr; Buffer buf; double cur_time; wtap_phdr_init(&phdr); /* Load the record from the capture file */ ws_buffer_init(&buf, 1500); if (!cf_read_record_r(cf, frame, &phdr, &buf)) return FALSE; /* failure */ /* Dissect the record tree not visible */ epan_dissect_init(&edt, cf->epan, TRUE, FALSE); /* Don't fake protocols. We need them for the protocol hierarchy */ epan_dissect_fake_protocols(&edt, FALSE); epan_dissect_run(&edt, cf->cd_t, &phdr, frame_tvbuff_new_buffer(frame, &buf), frame, cinfo); /* Get stats from this protocol tree */ process_tree(edt.tree, ps, frame->pkt_len); if (frame->flags.has_ts) { /* Update times */ cur_time = nstime_to_sec(&frame->abs_ts); if (cur_time < ps->first_time) ps->first_time = cur_time; if (cur_time > ps->last_time) ps->last_time = cur_time; } /* Free our memory. */ epan_dissect_cleanup(&edt); wtap_phdr_cleanup(&phdr); ws_buffer_free(&buf); return TRUE; /* success */ }
static gboolean process_record(capture_file *cf, frame_data *frame, column_info *cinfo, wtap_rec *rec, Buffer *buf, ph_stats_t* ps) { epan_dissect_t edt; double cur_time; /* Load the record from the capture file */ if (!cf_read_record(cf, frame, rec, buf)) return FALSE; /* failure */ /* Dissect the record tree not visible */ epan_dissect_init(&edt, cf->epan, TRUE, FALSE); /* Don't fake protocols. We need them for the protocol hierarchy */ epan_dissect_fake_protocols(&edt, FALSE); epan_dissect_run(&edt, cf->cd_t, rec, frame_tvbuff_new_buffer(&cf->provider, frame, buf), frame, cinfo); /* Get stats from this protocol tree */ process_tree(edt.tree, ps); if (frame->has_ts) { /* Update times */ cur_time = nstime_to_sec(&frame->abs_ts); if (cur_time < ps->first_time) ps->first_time = cur_time; if (cur_time > ps->last_time) ps->last_time = cur_time; } /* Free our memory. */ epan_dissect_cleanup(&edt); return TRUE; /* success */ }
void PacketListRecord::dissect(capture_file *cap_file, bool dissect_color) { // packet_list_store.c:packet_list_dissect_and_cache_record epan_dissect_t edt; column_info *cinfo = NULL; gboolean create_proto_tree; struct wtap_pkthdr phdr; /* Packet header */ Buffer buf; /* Packet data */ gboolean dissect_columns = col_text_.isEmpty() || data_ver_ != col_data_ver_; if (!cap_file) { return; } memset(&phdr, 0, sizeof(struct wtap_pkthdr)); if (dissect_columns) { cinfo = &cap_file->cinfo; } ws_buffer_init(&buf, 1500); if (!cf_read_record_r(cap_file, fdata_, &phdr, &buf)) { /* * Error reading the record. * * Don't set the color filter for now (we might want * to colorize it in some fashion to warn that the * row couldn't be filled in or colorized), and * set the columns to placeholder values, except * for the Info column, where we'll put in an * error message. */ if (dissect_columns) { col_fill_in_error(cinfo, fdata_, FALSE, FALSE /* fill_fd_columns */); cacheColumnStrings(cinfo); } if (dissect_color) { fdata_->color_filter = NULL; colorized_ = true; } ws_buffer_free(&buf); return; /* error reading the record */ } create_proto_tree = (dissect_color && color_filters_used()) || (dissect_columns && have_custom_cols(cinfo)); epan_dissect_init(&edt, cap_file->epan, create_proto_tree, FALSE /* proto_tree_visible */); /* Re-color when the coloring rules are changed via the UI. */ if (dissect_color) { color_filters_prime_edt(&edt); fdata_->flags.need_colorize = 1; } if (dissect_columns) col_custom_prime_edt(&edt, cinfo); /* * XXX - need to catch an OutOfMemoryError exception and * attempt to recover from it. */ epan_dissect_run(&edt, cap_file->cd_t, &phdr, frame_tvbuff_new_buffer(fdata_, &buf), fdata_, cinfo); if (dissect_columns) { /* "Stringify" non frame_data vals */ epan_dissect_fill_in_columns(&edt, FALSE, FALSE /* fill_fd_columns */); cacheColumnStrings(cinfo); } if (dissect_color) { colorized_ = true; } data_ver_ = col_data_ver_; packet_info *pi = &edt.pi; conv_ = find_conversation(pi->num, &pi->src, &pi->dst, pi->ptype, pi->srcport, pi->destport, 0); epan_dissect_cleanup(&edt); ws_buffer_free(&buf); }
static gboolean process_packet(capture_file *cf, gint64 offset, const struct wtap_pkthdr *whdr, const guchar *pd) { frame_data fdata; gboolean create_proto_tree; epan_dissect_t edt; gboolean passed; union wtap_pseudo_header pseudo_header; int i; if(whdr->len == 0) { /* The user sends an empty packet when he wants to get output from us even if we don't currently have packets to process. We spit out a line with the timestamp and the text "void" */ printf("%lu %lu %lu void -\n", (unsigned long int)cf->count, (unsigned long int)whdr->ts.secs, (unsigned long int)whdr->ts.nsecs); fflush(stdout); return FALSE; } memset(&pseudo_header, 0, sizeof(pseudo_header)); /* Count this packet. */ cf->count++; /* If we're going to print packet information, or we're going to run a read filter, or we're going to process taps, set up to do a dissection and do so. */ fill_in_fdata(&fdata, cf, whdr, offset); passed = TRUE; create_proto_tree = TRUE; /* The protocol tree will be "visible", i.e., printed, only if we're printing packet details, which is true if we're in verbose mode ("verbose" is true). */ epan_dissect_init(&edt, create_proto_tree, FALSE); /* If we're running a read filter, prime the epan_dissect_t with that filter. */ if (n_rfilters > 0) { for(i = 0; i < n_rfcodes; i++) { epan_dissect_prime_dfilter(&edt, rfcodes[i]); } } tap_queue_init(&edt); printf("%lu", (unsigned long int)cf->count); /* We only need the columns if we're printing packet info but we're *not* verbose; in verbose mode, we print the protocol tree, not the protocol summary. */ epan_dissect_run(&edt, &pseudo_header, pd, &fdata, &cf->cinfo); tap_push_tapped_queue(&edt); for(i = 0; i < n_rfilters; i++) { /* Run the read filter if we have one. */ if (rfcodes[i]) passed = dfilter_apply_edt(rfcodes[i], &edt); else passed = TRUE; /* Print a one-line summary */ printf(" %u", passed ? 1 : 0); } printf(" -\n"); /* The ANSI C standard does not appear to *require* that a line-buffered stream be flushed to the host environment whenever a newline is written, it just says that, on such a stream, characters "are intended to be transmitted to or from the host environment as a block when a new-line character is encountered". The Visual C++ 6.0 C implementation doesn't do what is intended; even if you set a stream to be line-buffered, it still doesn't flush the buffer at the end of every line. So, if the "-l" flag was specified, we flush the standard output at the end of a packet. This will do the right thing if we're printing packet summary lines, and, as we print the entire protocol tree for a single packet without waiting for anything to happen, it should be as good as line-buffered mode if we're printing protocol trees. (The whole reason for the "-l" flag in either tcpdump or Rawshark is to allow the output of a live capture to be piped to a program or script and to have that script see the information for the packet as soon as it's printed, rather than having to wait until a standard I/O buffer fills up. */ if (line_buffered) fflush(stdout); if (ferror(stdout)) { show_print_file_io_error(errno); exit(2); } epan_dissect_cleanup(&edt); clear_fdata(&fdata); return passed; }
/** * Given a handle on a capture file, and an offset within that file, * this function will read a packet and decide if it matches the display * filter. If it does, it calls proto_tree_get_fields() to read specific fields * into stdata. * * @return passed a boolean describing whether the packet matched the filter. */ gboolean process_packet(capture_file *cf, gint64 offset, st_data_t *stdata) { frame_data fdata; epan_dissect_t edt; gboolean passed; const struct wtap_pkthdr *whdr = wtap_phdr(cf->wth); union wtap_pseudo_header *pseudo_header = wtap_pseudoheader(cf->wth); const guchar *pd = wtap_buf_ptr(cf->wth); /* Count this packet. NB: the frame dissector uses this to determine frame.number */ cf->count++; /** * Initialize dissector tree */ epan_dissect_init(&edt, TRUE, TRUE); frame_data_init(&fdata, cf->count, whdr, offset, cum_bytes); frame_data_set_before_dissect(&fdata, &cf->elapsed_time, &first_ts, &prev_dis_ts, &prev_cap_ts); passed = TRUE; // AB: prime the epan_dissect_t with the dfilter. if(cf->rfcode) { epan_dissect_prime_dfilter(&edt, cf->rfcode); } tap_queue_init(&edt); /** * Run the dissector on this packet */ epan_dissect_run(&edt, pseudo_header, pd, &fdata, NULL); tap_push_tapped_queue(&edt); // AB: Run the read filter if(cf->rfcode) { passed = dfilter_apply_edt(cf->rfcode, &edt); } else { passed = TRUE; } if(passed) { frame_data_set_after_dissect(&fdata, &cum_bytes, &prev_dis_ts); // stdata could be NULL if we are just counting packets if(stdata != NULL) proto_tree_get_fields(stdata, &edt); } epan_dissect_cleanup(&edt); frame_data_cleanup(&fdata); return passed; }
PacketDialog::PacketDialog(QWidget &parent, CaptureFile &cf, frame_data *fdata) : WiresharkDialog(parent, cf), ui(new Ui::PacketDialog), packet_data_(NULL) { ui->setupUi(this); ui->hintLabel->setSmallText(); // XXX Use recent settings instead resize(parent.width() * 4 / 5, parent.height() * 4 / 5); setWindowSubtitle(tr("Packet %1").arg(fdata->num)); phdr_ = cap_file_.capFile()->phdr; packet_data_ = (guint8 *) g_memdup(ws_buffer_start_ptr(&(cap_file_.capFile()->buf)), fdata->cap_len); if (!cf_read_record(cap_file_.capFile(), fdata)) reject(); /* proto tree, visible. We need a proto tree if there's custom columns */ epan_dissect_init(&edt_, cap_file_.capFile()->epan, TRUE, TRUE); col_custom_prime_edt(&edt_, &(cap_file_.capFile()->cinfo)); epan_dissect_run(&edt_, cap_file_.capFile()->cd_t, &phdr_, frame_tvbuff_new(fdata, packet_data_), fdata, &(cap_file_.capFile()->cinfo)); epan_dissect_fill_in_columns(&edt_, TRUE, TRUE); proto_tree_ = new ProtoTree(ui->packetSplitter); proto_tree_->fillProtocolTree(edt_.tree); proto_tree_->expandAll(); byte_view_tab_ = new ByteViewTab(ui->packetSplitter); byte_view_tab_->setCaptureFile(cap_file_.capFile()); byte_view_tab_->clear(); GSList *src_le; for (src_le = edt_.pi.data_src; src_le != NULL; src_le = src_le->next) { struct data_source *source; char* source_name; source = (struct data_source *)src_le->data; source_name = get_data_source_name(source); byte_view_tab_->addTab(source_name, get_data_source_tvb(source), edt_.tree, proto_tree_, cap_file_.capFile()->current_frame->flags.encoding); wmem_free(NULL, source_name); } byte_view_tab_->setCurrentIndex(0); ui->packetSplitter->setStretchFactor(0, 5); ui->packetSplitter->setStretchFactor(1, 1); QStringList col_parts; for (int i = 0; i < cap_file_.capFile()->cinfo.num_cols; ++i) { // ElidedLabel doesn't support rich text / HTML col_parts << QString("%1: %2") .arg(get_column_title(i)) .arg(cap_file_.capFile()->cinfo.col_data[i]); } col_info_ = col_parts.join(" " UTF8_MIDDLE_DOT " "); setHintText(); connect(this, SIGNAL(monospaceFontChanged(QFont)), proto_tree_, SLOT(setMonospaceFont(QFont))); connect(this, SIGNAL(monospaceFontChanged(QFont)), byte_view_tab_, SLOT(setMonospaceFont(QFont))); connect(proto_tree_, SIGNAL(currentItemChanged(QTreeWidgetItem*,QTreeWidgetItem*)), byte_view_tab_, SLOT(protoTreeItemChanged(QTreeWidgetItem*))); connect(byte_view_tab_, SIGNAL(byteFieldHovered(QString&)), this, SLOT(setHintText(QString&))); }
QVariant PacketListModel::data(const QModelIndex &index, int role) const { if (!index.isValid()) return QVariant(); PacketListRecord *record = static_cast<PacketListRecord*>(index.internalPointer()); if (!record) return QVariant(); frame_data *fdata = record->getFdata(); if (!fdata) return QVariant(); switch (role) { case Qt::FontRole: return wsApp->monospaceFont(); case Qt::TextAlignmentRole: switch(recent_get_column_xalign(index.column())) { case COLUMN_XALIGN_RIGHT: return Qt::AlignRight; break; case COLUMN_XALIGN_CENTER: return Qt::AlignCenter; break; case COLUMN_XALIGN_LEFT: return Qt::AlignLeft; break; case COLUMN_XALIGN_DEFAULT: default: if (right_justify_column(index.column(), cap_file_)) { return Qt::AlignRight; } break; } return Qt::AlignLeft; case Qt::BackgroundRole: const color_t *color; if (fdata->flags.ignored) { color = &prefs.gui_ignored_bg; } else if (fdata->flags.marked) { color = &prefs.gui_marked_bg; } else if (fdata->color_filter) { const color_filter_t *color_filter = (const color_filter_t *) fdata->color_filter; color = &color_filter->bg_color; } else { return QVariant(); } // g_log(NULL, G_LOG_LEVEL_DEBUG, "i: %d m: %d cf: %p bg: %d %d %d", fdata->flags.ignored, fdata->flags.marked, fdata->color_filter, color->red, color->green, color->blue); return QColor(color->red >> 8, color->green >> 8, color->blue >> 8); case Qt::ForegroundRole: if (fdata->flags.ignored) { color = &prefs.gui_ignored_fg; } else if (fdata->flags.marked) { color = &prefs.gui_marked_fg; } else if (fdata->color_filter) { const color_filter_t *color_filter = (const color_filter_t *) fdata->color_filter; color = &color_filter->fg_color; } else { return QVariant(); } return QColor(color->red >> 8, color->green >> 8, color->blue >> 8); case Qt::DisplayRole: // Need packet data -- fall through break; default: return QVariant(); } int col_num = index.column(); // g_log(NULL, G_LOG_LEVEL_DEBUG, "showing col %d", col_num); if (!cap_file_ || col_num > cap_file_->cinfo.num_cols) return QVariant(); epan_dissect_t edt; column_info *cinfo; gboolean create_proto_tree; struct wtap_pkthdr phdr; /* Packet header */ Buffer buf; /* Packet data */ gboolean dissect_columns = TRUE; // XXX - Currently only a placeholder if (dissect_columns && cap_file_) cinfo = &cap_file_->cinfo; else cinfo = NULL; buffer_init(&buf, 1500); if (!cap_file_ || !cf_read_frame_r(cap_file_, fdata, &phdr, &buf)) { /* * Error reading the frame. * * Don't set the color filter for now (we might want * to colorize it in some fashion to warn that the * row couldn't be filled in or colorized), and * set the columns to placeholder values, except * for the Info column, where we'll put in an * error message. */ if (dissect_columns) { col_fill_in_error(cinfo, fdata, FALSE, FALSE /* fill_fd_columns */); // for(gint col = 0; col < cinfo->num_cols; ++col) { // /* Skip columns based on frame_data because we already store those. */ // if (!col_based_on_frame_data(cinfo, col)) // packet_list_change_record(packet_list, record->physical_pos, col, cinfo); // } // record->columnized = TRUE; } if (enable_color_) { fdata->color_filter = NULL; // record->colorized = TRUE; } buffer_free(&buf); return QVariant(); /* error reading the frame */ } create_proto_tree = (color_filters_used() && enable_color_) || (have_custom_cols(cinfo) && dissect_columns); epan_dissect_init(&edt, cap_file_->epan, create_proto_tree, FALSE /* proto_tree_visible */); if (enable_color_) color_filters_prime_edt(&edt); if (dissect_columns) col_custom_prime_edt(&edt, cinfo); epan_dissect_run(&edt, &phdr, frame_tvbuff_new_buffer(fdata, &buf), fdata, cinfo); if (enable_color_) fdata->color_filter = color_filters_colorize_packet(&edt); if (dissect_columns) { /* "Stringify" non frame_data vals */ epan_dissect_fill_in_columns(&edt, FALSE, FALSE /* fill_fd_columns */); // for(col = 0; col < cinfo->num_cols; ++col) { // /* Skip columns based on frame_data because we already store those. */ // if (!col_based_on_frame_data(cinfo, col)) // packet_list_change_record(packet_list, record->physical_pos, col, cinfo); // } // g_log(NULL, G_LOG_LEVEL_DEBUG, "d_c %d: %s", col_num, cinfo->col_data[col_num]); } // if (dissect_columns) // record->columnized = TRUE; // if (enable_color_) // record->colorized = TRUE; epan_dissect_cleanup(&edt); buffer_free(&buf); switch (role) { case Qt::DisplayRole: return record->data(col_num, cinfo); break; default: break; } return QVariant(); }
void PacketListRecord::dissect(capture_file *cap_file, bool dissect_color) { // packet_list_store.c:packet_list_dissect_and_cache_record epan_dissect_t edt; column_info *cinfo = NULL; gboolean create_proto_tree; wtap_rec rec; /* Record metadata */ Buffer buf; /* Record data */ if (!col_text_) col_text_ = new ColumnTextList; gboolean dissect_columns = col_text_->isEmpty() || data_ver_ != col_data_ver_; if (!cap_file) { return; } memset(&rec, 0, sizeof rec); if (dissect_columns) { cinfo = &cap_file->cinfo; } ws_buffer_init(&buf, 1500); if (!cf_read_record_r(cap_file, fdata_, &rec, &buf)) { /* * Error reading the record. * * Don't set the color filter for now (we might want * to colorize it in some fashion to warn that the * row couldn't be filled in or colorized), and * set the columns to placeholder values, except * for the Info column, where we'll put in an * error message. */ if (dissect_columns) { col_fill_in_error(cinfo, fdata_, FALSE, FALSE /* fill_fd_columns */); cacheColumnStrings(cinfo); } if (dissect_color) { fdata_->color_filter = NULL; colorized_ = true; } ws_buffer_free(&buf); return; /* error reading the record */ } /* * Determine whether we need to create a protocol tree. * We do if: * * we're going to apply a color filter to this packet; * * we're need to fill in the columns and we have custom columns * (which require field values, which currently requires that * we build a protocol tree). * * XXX - field extractors? (Not done for GTK+....) */ create_proto_tree = ((dissect_color && color_filters_used()) || (dissect_columns && (have_custom_cols(cinfo) || have_field_extractors()))); epan_dissect_init(&edt, cap_file->epan, create_proto_tree, FALSE /* proto_tree_visible */); /* Re-color when the coloring rules are changed via the UI. */ if (dissect_color) { color_filters_prime_edt(&edt); fdata_->flags.need_colorize = 1; } if (dissect_columns) col_custom_prime_edt(&edt, cinfo); /* * XXX - need to catch an OutOfMemoryError exception and * attempt to recover from it. */ epan_dissect_run(&edt, cap_file->cd_t, &rec, frame_tvbuff_new_buffer(&cap_file->provider, fdata_, &buf), fdata_, cinfo); if (dissect_columns) { /* "Stringify" non frame_data vals */ epan_dissect_fill_in_columns(&edt, FALSE, FALSE /* fill_fd_columns */); cacheColumnStrings(cinfo); } if (dissect_color) { colorized_ = true; } data_ver_ = col_data_ver_; packet_info *pi = &edt.pi; conv_ = find_conversation_pinfo(pi, 0); epan_dissect_cleanup(&edt); ws_buffer_free(&buf); }
PacketDialog::PacketDialog(QWidget &parent, CaptureFile &cf, frame_data *fdata) : WiresharkDialog(parent, cf), ui(new Ui::PacketDialog), phdr_(wtap_pkthdr()), packet_data_(NULL) { ui->setupUi(this); loadGeometry(parent.width() * 4 / 5, parent.height() * 4 / 5); ui->hintLabel->setSmallText(); setWindowSubtitle(tr("Packet %1").arg(fdata->num)); if (!cf_read_record(cap_file_.capFile(), fdata)) { reject(); return; } phdr_ = cap_file_.capFile()->phdr; packet_data_ = (guint8 *) g_memdup(ws_buffer_start_ptr(&(cap_file_.capFile()->buf)), fdata->cap_len); /* proto tree, visible. We need a proto tree if there's custom columns */ epan_dissect_init(&edt_, cap_file_.capFile()->epan, TRUE, TRUE); col_custom_prime_edt(&edt_, &(cap_file_.capFile()->cinfo)); epan_dissect_run(&edt_, cap_file_.capFile()->cd_t, &phdr_, frame_tvbuff_new(&cap_file_.capFile()->provider, fdata, packet_data_), fdata, &(cap_file_.capFile()->cinfo)); epan_dissect_fill_in_columns(&edt_, TRUE, TRUE); proto_tree_ = new ProtoTree(ui->packetSplitter); proto_tree_->setRootNode(edt_.tree); byte_view_tab_ = new ByteViewTab(ui->packetSplitter); byte_view_tab_->setCaptureFile(cap_file_.capFile()); byte_view_tab_->selectedFrameChanged(0); ui->packetSplitter->setStretchFactor(1, 0); QStringList col_parts; for (int i = 0; i < cap_file_.capFile()->cinfo.num_cols; ++i) { // ElidedLabel doesn't support rich text / HTML col_parts << QString("%1: %2") .arg(get_column_title(i)) .arg(cap_file_.capFile()->cinfo.columns[i].col_data); } col_info_ = col_parts.join(" " UTF8_MIDDLE_DOT " "); ui->hintLabel->setText(col_info_); connect(wsApp, SIGNAL(zoomMonospaceFont(QFont)), proto_tree_, SLOT(setMonospaceFont(QFont))); connect(byte_view_tab_, SIGNAL(fieldSelected(FieldInformation *)), proto_tree_, SLOT(selectedFieldChanged(FieldInformation *))); connect(proto_tree_, SIGNAL(fieldSelected(FieldInformation *)), byte_view_tab_, SLOT(selectedFieldChanged(FieldInformation *))); connect(byte_view_tab_, SIGNAL(fieldHighlight(FieldInformation *)), this, SLOT(setHintText(FieldInformation *))); }
Iax2AnalysisDialog::Iax2AnalysisDialog(QWidget &parent, CaptureFile &cf) : WiresharkDialog(parent, cf), ui(new Ui::Iax2AnalysisDialog), port_src_fwd_(0), port_dst_fwd_(0), port_src_rev_(0), port_dst_rev_(0) { ui->setupUi(this); setWindowSubtitle(tr("IAX2 Stream Analysis")); // XXX Use recent settings instead resize(parent.width() * 4 / 5, parent.height() * 4 / 5); ui->progressFrame->hide(); stream_ctx_menu_.addAction(ui->actionGoToPacket); stream_ctx_menu_.addAction(ui->actionNextProblem); stream_ctx_menu_.addSeparator(); stream_ctx_menu_.addAction(ui->actionSaveAudio); stream_ctx_menu_.addAction(ui->actionSaveForwardAudio); stream_ctx_menu_.addAction(ui->actionSaveReverseAudio); stream_ctx_menu_.addSeparator(); stream_ctx_menu_.addAction(ui->actionSaveCsv); stream_ctx_menu_.addAction(ui->actionSaveForwardCsv); stream_ctx_menu_.addAction(ui->actionSaveReverseCsv); stream_ctx_menu_.addSeparator(); stream_ctx_menu_.addAction(ui->actionSaveGraph); ui->forwardTreeWidget->installEventFilter(this); ui->forwardTreeWidget->setContextMenuPolicy(Qt::CustomContextMenu); connect(ui->forwardTreeWidget, SIGNAL(customContextMenuRequested(QPoint)), SLOT(showStreamMenu(QPoint))); ui->reverseTreeWidget->installEventFilter(this); ui->reverseTreeWidget->setContextMenuPolicy(Qt::CustomContextMenu); connect(ui->reverseTreeWidget, SIGNAL(customContextMenuRequested(QPoint)), SLOT(showStreamMenu(QPoint))); connect(ui->streamGraph, SIGNAL(mousePress(QMouseEvent*)), this, SLOT(graphClicked(QMouseEvent*))); graph_ctx_menu_.addAction(ui->actionSaveGraph); QStringList header_labels; for (int i = 0; i < ui->forwardTreeWidget->columnCount(); i++) { header_labels << ui->forwardTreeWidget->headerItem()->text(i); } ui->reverseTreeWidget->setHeaderLabels(header_labels); memset(&src_fwd_, 0, sizeof(address)); memset(&dst_fwd_, 0, sizeof(address)); memset(&src_rev_, 0, sizeof(address)); memset(&dst_rev_, 0, sizeof(address)); QList<QCheckBox *> graph_cbs = QList<QCheckBox *>() << ui->fJitterCheckBox << ui->fDiffCheckBox << ui->rJitterCheckBox << ui->rDiffCheckBox; for (int i = 0; i < num_graphs_; i++) { QCPGraph *graph = ui->streamGraph->addGraph(); graph->setPen(QPen(ColorUtils::graph_colors_[i])); graph->setName(graph_cbs[i]->text()); graphs_ << graph; graph_cbs[i]->setChecked(true); graph_cbs[i]->setIcon(StockIcon::colorIcon(ColorUtils::graph_colors_[i], QPalette::Text)); } ui->streamGraph->xAxis->setLabel("Arrival Time"); ui->streamGraph->yAxis->setLabel("Value (ms)"); // We keep our temp files open for the lifetime of the dialog. The GTK+ // UI opens and closes at various points. QString tempname = QString("%1/wireshark_iax2_f").arg(QDir::tempPath()); fwd_tempfile_ = new QTemporaryFile(tempname, this); fwd_tempfile_->open(); tempname = QString("%1/wireshark_iax2_r").arg(QDir::tempPath()); rev_tempfile_ = new QTemporaryFile(tempname, this); rev_tempfile_->open(); if (fwd_tempfile_->error() != QFile::NoError || rev_tempfile_->error() != QFile::NoError) { err_str_ = tr("Unable to save RTP data."); ui->actionSaveAudio->setEnabled(false); ui->actionSaveForwardAudio->setEnabled(false); ui->actionSaveReverseAudio->setEnabled(false); } QMenu *save_menu = new QMenu(); save_menu->addAction(ui->actionSaveAudio); save_menu->addAction(ui->actionSaveForwardAudio); save_menu->addAction(ui->actionSaveReverseAudio); save_menu->addSeparator(); save_menu->addAction(ui->actionSaveCsv); save_menu->addAction(ui->actionSaveForwardCsv); save_menu->addAction(ui->actionSaveReverseCsv); save_menu->addSeparator(); save_menu->addAction(ui->actionSaveGraph); ui->buttonBox->button(QDialogButtonBox::Save)->setMenu(save_menu); const gchar *filter_text = "iax2 && (ip || ipv6)"; dfilter_t *sfcode; gchar *err_msg; if (!dfilter_compile(filter_text, &sfcode, &err_msg)) { QMessageBox::warning(this, tr("No IAX2 packets found"), QString("%1").arg(err_msg)); g_free(err_msg); close(); } if (!cap_file_.capFile() || !cap_file_.capFile()->current_frame) close(); frame_data *fdata = cap_file_.capFile()->current_frame; if (!cf_read_record(cap_file_.capFile(), fdata)) close(); epan_dissect_t edt; epan_dissect_init(&edt, cap_file_.capFile()->epan, TRUE, FALSE); epan_dissect_prime_dfilter(&edt, sfcode); epan_dissect_run(&edt, cap_file_.capFile()->cd_t, &cap_file_.capFile()->phdr, frame_tvbuff_new_buffer(fdata, &cap_file_.capFile()->buf), fdata, NULL); // This shouldn't happen (the menu item should be disabled) but check anyway if (!dfilter_apply_edt(sfcode, &edt)) { epan_dissect_cleanup(&edt); dfilter_free(sfcode); err_str_ = tr("Please select an IAX2 packet"); updateWidgets(); return; } dfilter_free(sfcode); /* ok, it is a IAX2 frame, so let's get the ip and port values */ COPY_ADDRESS(&(src_fwd_), &(edt.pi.src)); COPY_ADDRESS(&(dst_fwd_), &(edt.pi.dst)); port_src_fwd_ = edt.pi.srcport; port_dst_fwd_ = edt.pi.destport; /* assume the inverse ip/port combination for the reverse direction */ COPY_ADDRESS(&(src_rev_), &(edt.pi.dst)); COPY_ADDRESS(&(dst_rev_), &(edt.pi.src)); port_src_rev_ = edt.pi.destport; port_dst_rev_ = edt.pi.srcport; #if 0 /* check if it is Voice or MiniPacket */ bool ok; getIntFromProtoTree(edt.tree, "iax2", "iax2.call", &ok); if (!ok) { err_str_ = tr("Please select an IAX2 packet."); updateWidgets(); return; } #endif #ifdef IAX2_RTP_STREAM_CHECK rtpstream_tapinfot tapinfo; /* Register the tap listener */ memset(&tapinfo, 0, sizeof(rtpstream_tapinfot)); tapinfo.tap_data = this; tapinfo.mode = TAP_ANALYSE; // register_tap_listener_rtp_stream(&tapinfo, NULL); /* Scan for RTP streams (redissect all packets) */ rtpstream_scan(&tapinfo, cap_file_.capFile(), NULL); int num_streams = 0; GList *filtered_list = NULL; for (GList *strinfo_list = g_list_first(tapinfo.strinfo_list); strinfo_list; strinfo_list = g_list_next(strinfo_list)) { rtp_stream_info_t * strinfo = (rtp_stream_info_t*)(strinfo_list->data); << address_to_qstring(&strinfo->dest_addr) << address_to_qstring(&src_rev_) << address_to_qstring(&dst_rev_); if (ADDRESSES_EQUAL(&(strinfo->src_addr), &(src_fwd_)) && (strinfo->src_port == port_src_fwd_) && (ADDRESSES_EQUAL(&(strinfo->dest_addr), &(dst_fwd_))) && (strinfo->dest_port == port_dst_fwd_)) { ++num_streams; filtered_list = g_list_prepend(filtered_list, strinfo); } if (ADDRESSES_EQUAL(&(strinfo->src_addr), &(src_rev_)) && (strinfo->src_port == port_src_rev_) && (ADDRESSES_EQUAL(&(strinfo->dest_addr), &(dst_rev_))) && (strinfo->dest_port == port_dst_rev_)) { ++num_streams; filtered_list = g_list_append(filtered_list, strinfo); } }