Home page logo
/

wireshark logo Wireshark mailing list archives

Taps should not use fd->flags.passed_dfilter (rtp, iax2, flow_analysis)
From: Jakub Zawadzki <darkjames-ws () darkjames pl>
Date: Thu, 15 Aug 2013 14:04:27 +0200

Hi,

Few GTK taps are using fd->flags.passed_dfilter as information whether
given packet is displayed, this is little broken and might not work as intended.

From grep:
  ./ui/gtk/rtp_analysis.c
  ./ui/gtk/iax2_analysis.c
  ./ui/gtk/flow_graph.c

flow_graph requres clicking OK to trigger graph_analysis_update() 
so it doesn't change when refiltering 
(but if you close file and click some packet it'll nicely crash :)).


but if you are doing some rtp analysis and do refiltering like:
  frame.number == 1
  ## nothing changes

  frame.number == 2 
  ## only frame #1 shows in stream analysis

  frame
  ## only frame #2 shows in stream analysis

  empty filter
  ## all frames from rtp stream shows up


I don't have any iax2 capture file but it's probably broken like above.

Conversations tap and 'limit to display filter' is implemented properly (gratz!)
Attaching patch based on it.

I'm not doing any rtp analysis, so please advice if it's proper way.
Thanks.

Attachment: rtp-tap-remove-passed_dfilter.patch
Description:

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]