Wireshark · Wireshark-dev: [Wireshark-dev] Taps should not use fd->flags.passed_dfilter (rtp, iax2, flow_analysis)

[Jakub Zawadzki <darkjames-ws@xxxxxxxxxxxx>]

Hi,

Few GTK taps are using fd->flags.passed_dfilter as information whether
given packet is displayed, this is little broken and might not work as intended.

>From grep:
  ./ui/gtk/rtp_analysis.c
  ./ui/gtk/iax2_analysis.c
  ./ui/gtk/flow_graph.c

flow_graph requres clicking OK to trigger graph_analysis_update() 
so it doesn't change when refiltering 
(but if you close file and click some packet it'll nicely crash :)).


but if you are doing some rtp analysis and do refiltering like:
  frame.number == 1
  ## nothing changes

  frame.number == 2 
  ## only frame #1 shows in stream analysis

  frame
  ## only frame #2 shows in stream analysis

  empty filter
  ## all frames from rtp stream shows up


I don't have any iax2 capture file but it's probably broken like above.

Conversations tap and 'limit to display filter' is implemented properly (gratz!)
Attaching patch based on it.

I'm not doing any rtp analysis, so please advice if it's proper way.
Thanks.

diff --git a/ui/gtk/rtp_analysis.c b/ui/gtk/rtp_analysis.c
index 8f92958..fe72b66 100644
--- a/ui/gtk/rtp_analysis.c
+++ b/ui/gtk/rtp_analysis.c
@@ -314,6 +314,18 @@ rtp_reset(void *user_data_arg)
 {
 	user_data_t *user_data = (user_data_t *)user_data_arg;
 
+	GString *error_string;
+	const char *filter;
+	
+	filter = gtk_entry_get_text(GTK_ENTRY(main_display_filter_widget));
+
+	error_string = set_tap_dfilter(user_data_arg, filter);
+	if (error_string) {
+		simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK, "%s", error_string->str);
+		g_string_free(error_string, TRUE);
+		return;
+	}
+
 	user_data->forward.statinfo.first_packet    = TRUE;
 	user_data->reversed.statinfo.first_packet   = TRUE;
 	user_data->forward.statinfo.max_delta       = 0;
@@ -492,11 +504,8 @@ rtp_packet(void *user_data_arg, packet_info *pinfo, epan_dissect_t *edt _U_, con
 	const struct _rtp_info *rtpinfo	     = (struct _rtp_info *)rtpinfo_arg;
 	gboolean		rtp_selected = FALSE;
 
-	/* we ignore packets that are not displayed */
-	if (pinfo->fd->flags.passed_dfilter == 0)
-		return 0;
 	/* also ignore RTP Version != 2 */
-	else if (rtpinfo->info_version != 2)
+	if (rtpinfo->info_version != 2)
 		return 0;
 	/* is it the forward direction?  */
 	else if (user_data->ssrc_fwd == rtpinfo->info_sync_src
@@ -2033,12 +2042,15 @@ static void
 on_refresh_bt_clicked(GtkWidget *bt _U_, user_data_t *user_data)
 {
 	GString *error_string;
+	const char *filter;
 
 	/* remove tap listener */
 	remove_tap_listener(user_data);
 
+	filter = gtk_entry_get_text(GTK_ENTRY(main_display_filter_widget));
+
 	/* register tap listener */
-	error_string = register_tap_listener("rtp", user_data, NULL, 0,
+	error_string = register_tap_listener("rtp", user_data, filter, 0,
 		rtp_reset, rtp_packet, rtp_draw);
 	if (error_string != NULL) {
 		simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK, "%s", error_string->str);