osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity
wireshark/epan/dfilter/scanner.l

606 lines
14 KiB
Plaintext
Raw Normal View History

Include config.h at the very beginning of all Flex scanners. That way, if we #define anything for large file support, that's done before we include any system header files that either depend on that definition or that define it themselves if it's not already defined. Change-Id: I9b07344151103be337899dead44d6960715d6813 Reviewed-on: https://code.wireshark.org/review/19035 Petri-Dish: Guy Harris <guy@alum.mit.edu> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-12-02 19:18:50 +00:00
%top {
/* Include this before everything else, for various large-file definitions */
#include "config.h"
Windows: Fix warnings using flex Fix some warnings complaining of macro redefinitions with stdint.h. Include stdint.h via wireshark.h everywhere so it stays fixed.
2021-10-17 12:17:47 +00:00
#include <wireshark.h>
Windows: Fix stdint.h redefinition warnings We must include the headers, particulary stdint.h, at the top of scanner.l so that the stdint.h defintions precede flex's own replacements.
2021-10-06 15:03:19 +00:00
#include <stdlib.h>
#include <errno.h>
dfilter: Fix error message with non printable ASCII Before: Filter: http.user_agent == açaí dftest: "�" was unexpected in this context. After: Filter: http.user_agent == açaí dftest: Non-printable ASCII characters may only appear inside double-quotes. Related with #17770.
2022-02-19 17:49:29 +00:00
#include <wsutil/str_util.h>
Windows: Fix stdint.h redefinition warnings We must include the headers, particulary stdint.h, at the top of scanner.l so that the stdint.h defintions precede flex's own replacements.
2021-10-06 15:03:19 +00:00
#include "dfilter-int.h"
#include "syntax-tree.h"
#include "grammar.h"
#include "dfunctions.h"
Include config.h at the very beginning of all Flex scanners. That way, if we #define anything for large file support, that's done before we include any system header files that either depend on that definition or that define it themselves if it's not already defined. Change-Id: I9b07344151103be337899dead44d6960715d6813 Reviewed-on: https://code.wireshark.org/review/19035 Petri-Dish: Guy Harris <guy@alum.mit.edu> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-12-02 19:18:50 +00:00
}
Make the Flex scanners and YACC parser in libraries reentrant. master-branch libpcap now generates a reentrant Flex scanner and Bison/Berkeley YACC parser for capture filter expressions, so it requires versions of Flex and Bison/Berkeley YACC that support that. We might as well do the same. For libwiretap, it means we could actually have multiple K12 text or Ascend/Lucent text files open at the same time. For libwireshark, it might not be as useful, as we only read configuration files at startup (which should only happen once, in one thread) or on demand (in which case, if we ever support multiple threads running libwireshark, we'd need a mutex to ensure that only one file reads it), but it's still the right thing to do. We also require a version of Flex that can write out a header file, so we change the runlex script to generate the header file ourselves. This means we require a version of Flex new enough to support --header-file. Clean up some other stuff encountered in the process. Change-Id: Id23078c6acea549a52fc687779bb55d715b55c16 Reviewed-on: https://code.wireshark.org/review/14719 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-03-31 01:44:01 +00:00
/*
* We want a reentrant scanner.
*/
%option reentrant
Add %option noinput to a bunch of Flex files, as we aren't using the input() routine and thus don't need to have it generated - and as it produces warnings of a routine defined but not used, we don't want to have it generated. Squelch a casting-const-away warning. svn path=/trunk/; revision=47613
2013-02-10 19:13:07 +00:00
/*
* We don't use input, so don't generate code for it.
*/
%option noinput
Back out previous change - I guess the Solaris buildbot has a pre-2.5.30 flex. svn path=/trunk/; revision=36833
2011-04-23 19:03:05 +00:00
/*
* We don't use unput, so don't generate code for it.
*/
%option nounput
/*
Don't include io.h in Flex scanners - they're not interactive. We don't have any Flex scanners that support an interactive command-line interface, so none of our scanners are, or need to be, interactive. Mark text2pcap's scanner as not interactive. That means none of our scanners should call isatty(), so they don't have any need to include <io.h> on Windows; remove that include from the Lucent/Ascent text capture scanner. Update a comment to reflect that what matters isn't whether we can read from a terminal or whether we actually do so, what matters is whether they read *interactively* from a terminal (if you want to run text2pcap reading from the standard input and type at it, be my guest). Change-Id: I59979d1fdb37e1913125a400963ff7a3fa6b9bbd Reviewed-on: https://code.wireshark.org/review/11587 Petri-Dish: Guy Harris <guy@alum.mit.edu> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Guy Harris <guy@alum.mit.edu>
2015-11-05 23:35:04 +00:00
* We don't read interactively from the terminal.
Back out previous change - I guess the Solaris buildbot has a pre-2.5.30 flex. svn path=/trunk/; revision=36833
2011-04-23 19:03:05 +00:00
*/
%option never-interactive
/*
* Prefix scanner routines with "df_" rather than "yy", so this scanner
* can coexist with other scanners.
*/
%option prefix="df_"
Use noyywrap rather than defining our own yywrap functions. Tweak lemonflex-tail.inc to fix an issue this reveals. It appears that, at least on the buildbots, the Visual Studio compiler no longer issues warnings for the code generated with %option noyywrap. Change-Id: Id64d56f1ae8a79d0336488a4a50518da1f511497 Reviewed-on: https://code.wireshark.org/review/12433 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2015-12-05 03:52:51 +00:00
/*
* We're reading from a string, so we don't need yywrap.
*/
%option noyywrap
Make the Flex scanners and YACC parser in libraries reentrant. master-branch libpcap now generates a reentrant Flex scanner and Bison/Berkeley YACC parser for capture filter expressions, so it requires versions of Flex and Bison/Berkeley YACC that support that. We might as well do the same. For libwiretap, it means we could actually have multiple K12 text or Ascend/Lucent text files open at the same time. For libwireshark, it might not be as useful, as we only read configuration files at startup (which should only happen once, in one thread) or on demand (in which case, if we ever support multiple threads running libwireshark, we'd need a mutex to ensure that only one file reads it), but it's still the right thing to do. We also require a version of Flex that can write out a header file, so we change the runlex script to generate the header file ourselves. This means we require a version of Flex new enough to support --header-file. Clean up some other stuff encountered in the process. Change-Id: Id23078c6acea549a52fc687779bb55d715b55c16 Reviewed-on: https://code.wireshark.org/review/14719 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-03-31 01:44:01 +00:00
/*
* The type for the state we keep for a scanner.
*/
%option extra-type="df_scanner_state_t *"
/*
* We have to override the memory allocators so that we don't get
* "unused argument" warnings from the yyscanner argument (which
* we don't use, as we have a global memory allocator).
*
* We provide, as macros, our own versions of the routines generated by Flex,
* which just call malloc()/realloc()/free() (as the Flex versions do),
* discarding the extra argument.
*/
%option noyyalloc
%option noyyrealloc
%option noyyfree
Back out previous change - I guess the Solaris buildbot has a pre-2.5.30 flex. svn path=/trunk/; revision=36833
2011-04-23 19:03:05 +00:00
%{
Grumble, grumble. I forgot to add the license comment at the top of these files. svn path=/trunk/; revision=2968
2001-02-01 20:31:21 +00:00
/*
name change svn path=/trunk/; revision=18197
2006-05-21 05:12:17 +00:00
* Wireshark - Network traffic analyzer
* By Gerald Combs <gerald@wireshark.org>
Grumble, grumble. I forgot to add the license comment at the top of these files. svn path=/trunk/; revision=2968
2001-02-01 20:31:21 +00:00
* Copyright 2001 Gerald Combs
If "!=" or "ne" are used in a display filter, warn the user that the results may be unexpected. svn path=/trunk/; revision=24232
2008-01-31 19:50:38 +00:00
*
spdx: more licenses converted. Change-Id: I3861061ec261e63b23621799e020e811ed78a343 Reviewed-on: https://code.wireshark.org/review/26333 Petri-Dish: Dario Lombardo <lomato@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-03-06 14:31:02 +00:00
* SPDX-License-Identifier: GPL-2.0-or-later
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
*/
Add DIAG_OFF_FLEX and DIAG_ON_FLEX for use in Flex scanners. DIAG_OFF_FLEX turns off all warnings that we want to disable for Flex-generated code due to some versions of Flex generating code that triggers those warnings. DIAG_ON_FLEX restores those warnings, so we do the checks for code that *we* wrote. Use them in .l files. Change-Id: I613a20309a30cd4c61111a1edbe27a5d05fcbf59 Reviewed-on: https://code.wireshark.org/review/25815 Petri-Dish: Guy Harris <guy@alum.mit.edu> Tested-by: Petri Dish Buildbot Reviewed-by: Guy Harris <guy@alum.mit.edu>
2018-02-16 07:17:04 +00:00
/*
* Disable diagnostics in the code generated by Flex.
*/
DIAG_OFF_FLEX
Bug 2493: Fix (Part 3 of 3): To prevent Windows compiler errors when using flex 2.5.35. Ignore 'signed /unsigned mismatch' warnings svn path=/trunk/; revision=25174
2008-04-25 18:26:54 +00:00
dfilter: Use a string lval type in scanner Minor change to decouple the AST data structures from the lexical scanner. We pass a structure to allow for some future enhancements.
2021-10-26 09:09:36 +00:00
df_lval_t *df_lval;
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
dfilter: Save token value to syntax tree When parsing we save the token value to the syntax tree. This is useful for better error reporting. Use it to report an invalid entity for the slice operation. Before only the memory location was reported, which is not a good error message. Before: % dftest '"01:02:03:04"[0:3] == foo' Filter: ""01:02:03:04"[0:3] == foo" dftest: Range is not supported for entity <0x7f6c84017740> of type STRING After: % dftest '"01:02:03:04"[0:3] == foo' Filter: ""01:02:03:04"[0:3] == foo" dftest: Range is not supported for entity 01:02:03:04 of type STRING When creating a new node from an old one we need to copy the token value. Simple tokens such as RBRACKET, COMMA and COLON are not part of the AST and don't have an associated semantic value.
2021-09-26 21:22:50 +00:00
static int set_lval_str(int token, const char *token_value);
dfilter: Use lower case for a macro name Just a stylistic change.
2021-10-29 14:59:39 +00:00
#define simple(token) set_lval_str(token, yytext)
dfilter: Reject invalid character escape sequences For double quoted strings. This is consistent with single quote character constants and the C standard. It also avoids common mistakes where the superfluous backslash is silently suppressed.
2021-11-23 13:40:14 +00:00
static gboolean append_escaped_char(dfwork_t *dfw, GString *str, char c);
dfilter: Parse character constants in lexer Invalid character constants should be handled in the lexical scanner. Todo: See if some code could be shared to parse double quoted strings. It also fixes some unintuitive type coercions to string. Character constants should be treated as characters, or maybe integers, or maybe even throw an invalid comparison error, but coverting to a literal string or byte array is surprising and not particularly useful: '\xFF' -> "'\xFF'" (equals) '\xFF' -> "FF" (contains) Before: Filter: http.request.method contains "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "63" <FT_STRING> -> reg#1 (...) Filter: http.request.method == "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "'\\x63'" <FT_STRING> -> reg#1 (...) After: Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...)
2021-11-23 21:20:34 +00:00
static gboolean parse_charconst(dfwork_t *dfw, const char *s, unsigned long *valuep);
Add to the fundamental types passed between the scanner and the parser. Besides "STRING", there is now "UNPARSED_STRING", where the distinction is that "STRING" was a double-quoted string and "UNPARSED_STRING" is just a sequence of characters that the scanner didn't know how to scan/parse, so it's up to the Ftype to parse it. This gives us more flexibility and prepares the dfilter parsing engine for the upcoming addition of the "contains" operator. In the process of doing this, I also re-did the double-quoted string support in the scanner, so that instead of the naively-simple support we used to have, double-quoted strings now can have embedded dobule-quotes, embedded octal sequences, and embedded hexadecimal sequences: "\"" embedded double-quote "\110" embedded octal "\x48" embedded hex Enhance the dfilter unit test script to be able to run a single collection of tests instead of having to run all of them all the time. svn path=/trunk/; revision=8083
2003-07-25 03:44:05 +00:00
Make the Flex scanners and YACC parser in libraries reentrant. master-branch libpcap now generates a reentrant Flex scanner and Bison/Berkeley YACC parser for capture filter expressions, so it requires versions of Flex and Bison/Berkeley YACC that support that. We might as well do the same. For libwiretap, it means we could actually have multiple K12 text or Ascend/Lucent text files open at the same time. For libwireshark, it might not be as useful, as we only read configuration files at startup (which should only happen once, in one thread) or on demand (in which case, if we ever support multiple threads running libwireshark, we'd need a mutex to ensure that only one file reads it), but it's still the right thing to do. We also require a version of Flex that can write out a header file, so we change the runlex script to generate the header file ourselves. This means we require a version of Flex new enough to support --header-file. Clean up some other stuff encountered in the process. Change-Id: Id23078c6acea549a52fc687779bb55d715b55c16 Reviewed-on: https://code.wireshark.org/review/14719 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-03-31 01:44:01 +00:00
/*
* Sleazy hack to suppress compiler warnings in yy_fatal_error().
*/
#define YY_EXIT_FAILURE ((void)yyscanner, 2)
/*
* Macros for the allocators, to discard the extra argument.
*/
#define df_alloc(size, yyscanner) (void *)malloc(size)
#define df_realloc(ptr, size, yyscanner) (void *)realloc((char *)(ptr), (size))
#define df_free(ptr, yyscanner) free((char *)ptr)
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
%}
dfilter: restore support for identifiers using hyphen Restores support for filters such as "mac-lte", that was broken in 330d40832848411da3c3d2646978e41240bf848b. This means we are not able to support arithmetic expressions with binary minus without spaces. $ dftest 'tcp.port == 1-2' dftest: "1-2" is not a valid number.
2022-04-05 14:38:20 +00:00
WORD_CHAR [[:alnum:]_-]
dfilter: Allow arithmetic expressions without spaces To allow an arithmetic expressions without spaces, such as "1+2", we cannot match the expression in other lexical rules using "+". Because of longest match this becomes the token LITERAL or UNPARSED with semantic value "1+2". The same goes for all the other arithmetic operators. So we need to remove [+-*/%] from "word chars" and add very specific patterns (that won't mistakenly match an arithmetic expression) for those literal or unparsed tokens we want to support using these characters. The plus was not a problem but right slash is used for CIDR, minus for mac address separator, etc. There are still some corner case. 11-22-33-44-55-66 is a mac address and not the arithmetic expression with six terms "eleven minus twenty two minus etc." (if we ever support more than two terms in the grammar, which we don't currently). We lift some patterns from the flex manual to match on IPv4 and IPv6 (ugly) and add MAC address. Other hypothetical literal lexical values using [+-*/%] are already supported enclosed in angle brackets but the cases of MAC/IPv4/IPv6 are are very common and moreover we need to do the utmost to not break backward compatibily here. Before: $ dftest "_ws.ftypes.int32 == 1+2" dftest: "1+2" is not a valid number. After: $ dftest "_ws.ftypes.int32 == 1+2" Filter: _ws.ftypes.int32 == 1+2 Instructions: 00000 READ_TREE _ws.ftypes.int32 -> reg#0 00001 IF_FALSE_GOTO 4 00002 ADD 1 <FT_INT32> + 2 <FT_INT32> -> reg#1 00003 ANY_EQ reg#0 == reg#1 00004 RETURN
2022-04-04 18:58:35 +00:00
hex2 [[:xdigit:]]{2}
MacAddress {hex2}:{hex2}:{hex2}:{hex2}:{hex2}:{hex2}|{hex2}-{hex2}-{hex2}-{hex2}-{hex2}-{hex2}|{hex2}\.{hex2}\.{hex2}\.{hex2}\.{hex2}\.{hex2}
hex4 [[:xdigit:]]{4}
QuadMacAddress {hex4}\.{hex4}\.{hex4}
dec-octet [0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]
IPv4address {dec-octet}\.{dec-octet}\.{dec-octet}\.{dec-octet}
h16 [0-9A-Fa-f]{1,4}
ls32 {h16}:{h16}|{IPv4address}
IPv6address ({h16}:){6}{ls32}|::({h16}:){5}{ls32}|({h16})?::({h16}:){4}{ls32}|(({h16}:){0,1}{h16})?::({h16}:){3}{ls32}|(({h16}:){0,2}{h16})?::({h16}:){2}{ls32}|(({h16}:){0,3}{h16})?::{h16}:{ls32}|(({h16}:){0,4}{h16})?::{ls32}|(({h16}:){0,5}{h16})?::{h16}|(({h16}:){0,6}{h16})?::
v4-cidr-prefix \/[[:digit:]]{1,2}
v6-cidr-prefix \/[[:digit:]]{1,3}
dfilter: Add special syntax for literals and names The syntax for protocols and some literals like numbers and bytes/addresses can be ambiguous. Some protocols can be parsed as a literal, for example the protocol "fc" (Fibre Channel) can be parsed as 0xFC. If a numeric protocol is registered that will also take precedence over any literal, according to the current rules, thereby breaking numerical comparisons to that number. The same for an hypothetical protocol named "true", etc. To allow the user to disambiguate this meaning introduce new syntax. Any value prefixed with ':' or enclosed in <,> will be treated as a literal value only. The value :fc or <fc> will always mean 0xFC, under any context. Never a protocol whose filter name is "fc". Likewise any value prefixed with a dot will always be parsed as an identifier (protocol or protocol field) in the language. Never any literal value parsed from the token "fc". This allows the user to be explicit about the meaning, and between the two explicit methods plus the ambiguous one it doesn't completely break any one meaning. The difference can be seen in the following two programs: Filter: frame == fc Constants: Instructions: 00000 READ_TREE frame -> reg#0 00001 IF-FALSE-GOTO 5 00002 READ_TREE fc -> reg#1 00003 IF-FALSE-GOTO 5 00004 ANY_EQ reg#0 == reg#1 00005 RETURN -------- Filter: frame == :fc Constants: 00000 PUT_FVALUE fc <FT_PROTOCOL> -> reg#1 Instructions: 00000 READ_TREE frame -> reg#0 00001 IF-FALSE-GOTO 3 00002 ANY_EQ reg#0 == reg#1 00003 RETURN The filter "frame == fc" is the same as "filter == .fc", according to the current heuristic, except the first form will try to parse it as a literal if the name does not correspond to any registered protocol. By treating a leading dot as a name in the language we necessarily disallow writing floats with a leading dot. We will also disallow writing with an ending dot when using unparsed values. This is a backward incompatibility but has the happy side effect of making the expression {1...2} unambiguous. This could either mean "1 .. .2" or "1. .. 2". If we require a leading and ending digit then the meaning is clear: 1.0..0.2 -> 1.0 .. 0.2 Fixes #17731.
2022-02-22 21:55:05 +00:00
dfilter: Parse ranges in the drange node constructor Using a hand written tokenizer is simpler than using flex start conditions. Do the validation in the drange node constructor. Add validation for malformed ranges with different endpoint signs.
2021-10-25 20:27:40 +00:00
%x RANGE
Add to the fundamental types passed between the scanner and the parser. Besides "STRING", there is now "UNPARSED_STRING", where the distinction is that "STRING" was a double-quoted string and "UNPARSED_STRING" is just a sequence of characters that the scanner didn't know how to scan/parse, so it's up to the Ftype to parse it. This gives us more flexibility and prepares the dfilter parsing engine for the upcoming addition of the "contains" operator. In the process of doing this, I also re-did the double-quoted string support in the scanner, so that instead of the naively-simple support we used to have, double-quoted strings now can have embedded dobule-quotes, embedded octal sequences, and embedded hexadecimal sequences: "\"" embedded double-quote "\110" embedded octal "\x48" embedded hex Enhance the dfilter unit test script to be able to run a single collection of tests instead of having to run all of them all the time. svn path=/trunk/; revision=8083
2003-07-25 03:44:05 +00:00
%x DQUOTE
Improve support for single-character fields and filter expressions. Add an FT_CHAR type, which is like FT_UINT8 except that the value is displayed as a C-style character constant. Allow use of C-style character constants in filter expressions; they can be used in comparisons with all integral types, and in "contains" operators. Use that type for some fields that appear (based on the way they're displayed, or on the use of C-style character constants in their value_string tables) to be 1-byte characters rather than 8-bit numbers. Change-Id: I39a9f0dda0bd7f4fa02a9ca8373216206f4d7135 Reviewed-on: https://code.wireshark.org/review/17787 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-09-19 01:48:50 +00:00
%x SQUOTE
dfilter: Refactor macro tree references This replaces the current macro reference system with a completely different implementation. Instead of a macro a reference is a syntax element. A reference is a constant that can be filled in the dfilter code after compilation from an existing protocol tree. It is best understood as a field value that can be read from a fixed tree that is not the frame being filtered. Usually this fixed tree is the currently selected frame when the filter is applied. This allows comparing fields in the filtered frame with fields in the selected frame. Because the field reference syntax uses the same sigil notation as a macro we have to use a heuristic to distinguish them: if the name has a dot it is a field reference, otherwise it is a macro name. The reference is synctatically validated at compile time. There are two main advantages to this implementation (and a couple of minor ones): The protocol tree for each selected frame is only walked if we have a display filter and if the display filter uses references. Also only the actual reference values are copied, intead of loading the entire tree into a hash table (in textual form even). The other advantage is that the reference is tested like a protocol field against all the values in the selected frame (if there is more than one). Currently the reference fields are not "primed" during dissection, so the entire tree is walked to find a particular reference (this is similar to the previous implementation). If the display filter contains a valid reference and the reference is not loaded at the time the filter is run the result is the same as a non existing field for a regular READ_TREE instruction. Fixes #17599.
2022-03-27 14:26:46 +00:00
%x REFERENCE
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
%%
dfilter: Remove deprecated support for whitespace separator in sets
2021-10-25 17:33:17 +00:00
[[:blank:]\n]+
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
dfilter: Use lower case for a macro name Just a stylistic change.
2021-10-29 14:59:39 +00:00
"(" return simple(TOKEN_LPAREN);
")" return simple(TOKEN_RPAREN);
dfilter: Remove deprecated support for whitespace separator in sets
2021-10-25 17:33:17 +00:00
"," return simple(TOKEN_COMMA);
"{" return simple(TOKEN_LBRACE);
".." return simple(TOKEN_DOTDOT);
"}" return simple(TOKEN_RBRACE);
dfilter: Add support for unary arithmetic This change implements a unary minus operator. Filter: tcp.window_size_scalefactor == -tcp.dstport Instructions: 00000 READ_TREE tcp.window_size_scalefactor -> reg#0 00001 IF_FALSE_GOTO 6 00002 READ_TREE tcp.dstport -> reg#1 00003 IF_FALSE_GOTO 6 00004 MK_MINUS -reg#1 -> reg#2 00005 ANY_EQ reg#0 == reg#2 00006 RETURN It is supported for integer types, floats and relative time values. The unsigned integer types are promoted to a 32 bit signed integer. Unary plus is implemented as a no-op. The plus sign is simply ignored. Constant arithmetic expressions are computed during compilation. Overflow with constants is a compile time error. Overflow with variables is a run time error and silently ignored. Only a debug message will be printed to the console. Related to #15504.
2022-02-27 09:56:41 +00:00
"+" return simple(TOKEN_PLUS);
"-" return simple(TOKEN_MINUS);
dfilter: Add remaining arithmetic integer ops
2022-03-31 13:50:20 +00:00
"*" return simple(TOKEN_STAR);
"/" return simple(TOKEN_RSLASH);
"%" return simple(TOKEN_PERCENT);
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
dfilter: Use lower case for a macro name Just a stylistic change.
2021-10-29 14:59:39 +00:00
"==" return simple(TOKEN_TEST_ANY_EQ);
"eq" return simple(TOKEN_TEST_ANY_EQ);
dfilter: Add aliases "any_eq" and "all_ne"
2021-12-22 09:36:46 +00:00
"any_eq" return simple(TOKEN_TEST_ANY_EQ);
dfilter: Use lower case for a macro name Just a stylistic change.
2021-10-29 14:59:39 +00:00
"!=" return simple(TOKEN_TEST_ALL_NE);
"ne" return simple(TOKEN_TEST_ALL_NE);
dfilter: Add aliases "any_eq" and "all_ne"
2021-12-22 09:36:46 +00:00
"all_ne" return simple(TOKEN_TEST_ALL_NE);
dfilter: Add an "all equal" operator To complete the set of equality operators add an "all equal" operator that matches a frame if all fields match the condition. The symbol chosen for "all_eq" is "===".
2021-12-13 01:06:01 +00:00
"===" return simple(TOKEN_TEST_ALL_EQ);
"all_eq" return simple(TOKEN_TEST_ALL_EQ);
"!==" return simple(TOKEN_TEST_ANY_NE);
dfilter: Deprecate "~=" (any_ne) The representation "~= has been superseded by "!==" with the same meaning, making it superfluous and somewhat confusing. Deprecate "~=" and recommend "!==" instead.
2022-03-05 12:30:34 +00:00
"~=" {
add_deprecated_token(yyextra->dfw, "The operator \"~=\" is deprecated, use \"!==\" instead.");
return simple(TOKEN_TEST_ANY_NE);
}
dfilter: Use lower case for a macro name Just a stylistic change.
2021-10-29 14:59:39 +00:00
"any_ne" return simple(TOKEN_TEST_ANY_NE);
">" return simple(TOKEN_TEST_GT);
"gt" return simple(TOKEN_TEST_GT);
">=" return simple(TOKEN_TEST_GE);
"ge" return simple(TOKEN_TEST_GE);
"<" return simple(TOKEN_TEST_LT);
"lt" return simple(TOKEN_TEST_LT);
"<=" return simple(TOKEN_TEST_LE);
"le" return simple(TOKEN_TEST_LE);
"contains" return simple(TOKEN_TEST_CONTAINS);
"~" return simple(TOKEN_TEST_MATCHES);
"matches" return simple(TOKEN_TEST_MATCHES);
"!" return simple(TOKEN_TEST_NOT);
"not" return simple(TOKEN_TEST_NOT);
"&&" return simple(TOKEN_TEST_AND);
"and" return simple(TOKEN_TEST_AND);
"||" return simple(TOKEN_TEST_OR);
"or" return simple(TOKEN_TEST_OR);
"in" return simple(TOKEN_TEST_IN);
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
dfilter: Add bitwise masking of bits Add support for masking of bits. Before the bitwise operator could only test bits, it did not support clearing bits. This allows testing if any combination of bits are set/unset more naturally with a single test. Previously this was only possible by combining several bitwise predicates. Bitwise is implemented as a test node, even though it is not. Maybe the test node should be renamed to something else. Fixes #17246.
2022-02-25 19:37:53 +00:00
"&" return simple(TOKEN_BITWISE_AND);
"bitwise_and" return simple(TOKEN_BITWISE_AND);
dfilter: Refactor macro tree references This replaces the current macro reference system with a completely different implementation. Instead of a macro a reference is a syntax element. A reference is a constant that can be filled in the dfilter code after compilation from an existing protocol tree. It is best understood as a field value that can be read from a fixed tree that is not the frame being filtered. Usually this fixed tree is the currently selected frame when the filter is applied. This allows comparing fields in the filtered frame with fields in the selected frame. Because the field reference syntax uses the same sigil notation as a macro we have to use a heuristic to distinguish them: if the name has a dot it is a field reference, otherwise it is a macro name. The reference is synctatically validated at compile time. There are two main advantages to this implementation (and a couple of minor ones): The protocol tree for each selected frame is only walked if we have a display filter and if the display filter uses references. Also only the actual reference values are copied, intead of loading the entire tree into a hash table (in textual form even). The other advantage is that the reference is tested like a protocol field against all the values in the selected frame (if there is more than one). Currently the reference fields are not "primed" during dissection, so the entire tree is walked to find a particular reference (this is similar to the previous implementation). If the display filter contains a valid reference and the reference is not loaded at the time the filter is run the result is the same as a non existing field for a regular READ_TREE instruction. Fixes #17599.
2022-03-27 14:26:46 +00:00
"${" {
BEGIN(REFERENCE);
return simple(TOKEN_REF_OPEN);
}
<REFERENCE>[^}]+ {
return set_lval_str(TOKEN_REFERENCE, yytext);
}
<REFERENCE>"}" {
BEGIN(INITIAL);
return simple(TOKEN_REF_CLOSE);
}
<REFERENCE><<EOF>> {
dfilter_fail(yyextra->dfw, "Right brace missing from field reference.");
return SCAN_FAILED;
}
dfilter: Parse ranges in the drange node constructor Using a hand written tokenizer is simpler than using flex start conditions. Do the validation in the drange node constructor. Add validation for malformed ranges with different endpoint signs.
2021-10-25 20:27:40 +00:00
"[" {
BEGIN(RANGE);
dfilter: Use lower case for a macro name Just a stylistic change.
2021-10-29 14:59:39 +00:00
return simple(TOKEN_LBRACKET);
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
}
dfilter: Parse ranges in the drange node constructor Using a hand written tokenizer is simpler than using flex start conditions. Do the validation in the drange node constructor. Add validation for malformed ranges with different endpoint signs.
2021-10-25 20:27:40 +00:00
<RANGE>[^],]+ {
return set_lval_str(TOKEN_RANGE, yytext);
Enable slices of [i-j], where i is start offset and j is end offset, inclusive. That is, [0-1] is a slice of 2 bytes. svn path=/trunk/; revision=3092
2001-03-02 17:04:25 +00:00
}
dfilter: Parse ranges in the drange node constructor Using a hand written tokenizer is simpler than using flex start conditions. Do the validation in the drange node constructor. Add validation for malformed ranges with different endpoint signs.
2021-10-25 20:27:40 +00:00
<RANGE>"," {
dfilter: Use lower case for a macro name Just a stylistic change.
2021-10-29 14:59:39 +00:00
return simple(TOKEN_COMMA);
Enable slices of [i-j], where i is start offset and j is end offset, inclusive. That is, [0-1] is a slice of 2 bytes. svn path=/trunk/; revision=3092
2001-03-02 17:04:25 +00:00
}
dfilter: Parse ranges in the drange node constructor Using a hand written tokenizer is simpler than using flex start conditions. Do the validation in the drange node constructor. Add validation for malformed ranges with different endpoint signs.
2021-10-25 20:27:40 +00:00
<RANGE>"]" {
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
BEGIN(INITIAL);
dfilter: Use lower case for a macro name Just a stylistic change.
2021-10-29 14:59:39 +00:00
return simple(TOKEN_RBRACKET);
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
}
dfilter: Parse ranges in the drange node constructor Using a hand written tokenizer is simpler than using flex start conditions. Do the validation in the drange node constructor. Add validation for malformed ranges with different endpoint signs.
2021-10-25 20:27:40 +00:00
<RANGE><<EOF>> {
dfilter_fail(yyextra->dfw, "The right bracket was missing from a slice.");
return SCAN_FAILED;
From Graeme Hewson: Use gint32 instead of guint32 and strtol() instead of strtoul() for signed integers. Pathological slice specifications could cause Flex default rule to be invoked, echoing characters to stdout. Example: frame[0foo]==1 svn path=/trunk/; revision=11082
2004-06-03 07:17:24 +00:00
}
dfilter: Add support for raw strings Add support for a literal string specification copied from Python raw strings[1]. Raw string literals are enclosed with r"..." or R"...". Double quotes can be include in the string but they must be escaped with backslash. In escape sequences backslashes are preserved in the final result. So for example the string "a\\\"b" is the same as r"a\"b". r"\\\a" is the same as "\\\\\\a". Raw strings should be used for convenience wherever a regular expression is used in a display filter expression. [1]https://docs.python.org/3/reference/lexical_analysis.html#string-and-bytes-literals
2021-05-30 02:38:12 +00:00
[rR]{0,1}\042 {
Improve support for single-character fields and filter expressions. Add an FT_CHAR type, which is like FT_UINT8 except that the value is displayed as a C-style character constant. Allow use of C-style character constants in filter expressions; they can be used in comparisons with all integral types, and in "contains" operators. Use that type for some fields that appear (based on the way they're displayed, or on the use of C-style character constants in their value_string tables) to be 1-byte characters rather than 8-bit numbers. Change-Id: I39a9f0dda0bd7f4fa02a9ca8373216206f4d7135 Reviewed-on: https://code.wireshark.org/review/17787 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-09-19 01:48:50 +00:00
/* start quote of a quoted string */
dfilter: Free a scanner string earlier
2021-10-31 15:52:05 +00:00
/*
* The example of how to scan for strings was taken from
* the flex manual, from the section "Start Conditions".
* See: https://westes.github.io/flex/manual/Start-Conditions.html
*/
Add to the fundamental types passed between the scanner and the parser. Besides "STRING", there is now "UNPARSED_STRING", where the distinction is that "STRING" was a double-quoted string and "UNPARSED_STRING" is just a sequence of characters that the scanner didn't know how to scan/parse, so it's up to the Ftype to parse it. This gives us more flexibility and prepares the dfilter parsing engine for the upcoming addition of the "contains" operator. In the process of doing this, I also re-did the double-quoted string support in the scanner, so that instead of the naively-simple support we used to have, double-quoted strings now can have embedded dobule-quotes, embedded octal sequences, and embedded hexadecimal sequences: "\"" embedded double-quote "\110" embedded octal "\x48" embedded hex Enhance the dfilter unit test script to be able to run a single collection of tests instead of having to run all of them all the time. svn path=/trunk/; revision=8083
2003-07-25 03:44:05 +00:00
BEGIN(DQUOTE);
Make the Flex scanners and YACC parser in libraries reentrant. master-branch libpcap now generates a reentrant Flex scanner and Bison/Berkeley YACC parser for capture filter expressions, so it requires versions of Flex and Bison/Berkeley YACC that support that. We might as well do the same. For libwiretap, it means we could actually have multiple K12 text or Ascend/Lucent text files open at the same time. For libwireshark, it might not be as useful, as we only read configuration files at startup (which should only happen once, in one thread) or on demand (in which case, if we ever support multiple threads running libwireshark, we'd need a mutex to ensure that only one file reads it), but it's still the right thing to do. We also require a version of Flex that can write out a header file, so we change the runlex script to generate the header file ourselves. This means we require a version of Flex new enough to support --header-file. Clean up some other stuff encountered in the process. Change-Id: Id23078c6acea549a52fc687779bb55d715b55c16 Reviewed-on: https://code.wireshark.org/review/14719 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-03-31 01:44:01 +00:00
yyextra->quoted_string = g_string_new("");
dfilter: Free a scanner string earlier
2021-10-31 15:52:05 +00:00
dfilter: Add support for raw strings Add support for a literal string specification copied from Python raw strings[1]. Raw string literals are enclosed with r"..." or R"...". Double quotes can be include in the string but they must be escaped with backslash. In escape sequences backslashes are preserved in the final result. So for example the string "a\\\"b" is the same as r"a\"b". r"\\\a" is the same as "\\\\\\a". Raw strings should be used for convenience wherever a regular expression is used in a display filter expression. [1]https://docs.python.org/3/reference/lexical_analysis.html#string-and-bytes-literals
2021-05-30 02:38:12 +00:00
if (yytext[0] == 'r' || yytext[0] == 'R') {
/*
* This is a raw string (like in Python). Rules: 1) The two
* escape sequences are \\ and \". 2) Backslashes are
* preserved. 3) Double quotes in the string must be escaped.
* Corollary: Strings cannot end with an odd number of
* backslashes.
* Example: r"a\b\x12\"\\" is the string (including the implicit NUL terminator)
* {'a', '\\', 'b', '\\', 'x', '1', '2', '\\', '"', '\\'. '\\', '\0'}
*/
yyextra->raw_string = TRUE;
}
else {
yyextra->raw_string = FALSE;
}
Add to the fundamental types passed between the scanner and the parser. Besides "STRING", there is now "UNPARSED_STRING", where the distinction is that "STRING" was a double-quoted string and "UNPARSED_STRING" is just a sequence of characters that the scanner didn't know how to scan/parse, so it's up to the Ftype to parse it. This gives us more flexibility and prepares the dfilter parsing engine for the upcoming addition of the "contains" operator. In the process of doing this, I also re-did the double-quoted string support in the scanner, so that instead of the naively-simple support we used to have, double-quoted strings now can have embedded dobule-quotes, embedded octal sequences, and embedded hexadecimal sequences: "\"" embedded double-quote "\110" embedded octal "\x48" embedded hex Enhance the dfilter unit test script to be able to run a single collection of tests instead of having to run all of them all the time. svn path=/trunk/; revision=8083
2003-07-25 03:44:05 +00:00
}
Use -1 rather than 0 as the SCAN_FAILED return value from the lexical analyzer on errors, and check for SCAN_FAILED from the lexical analyzer and abort the parse if we see it; 0 means "end of input", and we want to distinguish errors from end-of-input, so that we can report errors as such. If we see end-of-input while parsing a double-quoted string, report the error (missing closing quote). Fix the URL for the "Start conditions" section of the Flex manual. svn path=/trunk/; revision=10044
2004-02-11 22:52:54 +00:00
<DQUOTE><<EOF>> {
/* unterminated string */
dfilter: Free a scanner string earlier
2021-10-31 15:52:05 +00:00
g_string_free(yyextra->quoted_string, TRUE);
yyextra->quoted_string = NULL;
Make the Flex scanners and YACC parser in libraries reentrant. master-branch libpcap now generates a reentrant Flex scanner and Bison/Berkeley YACC parser for capture filter expressions, so it requires versions of Flex and Bison/Berkeley YACC that support that. We might as well do the same. For libwiretap, it means we could actually have multiple K12 text or Ascend/Lucent text files open at the same time. For libwireshark, it might not be as useful, as we only read configuration files at startup (which should only happen once, in one thread) or on demand (in which case, if we ever support multiple threads running libwireshark, we'd need a mutex to ensure that only one file reads it), but it's still the right thing to do. We also require a version of Flex that can write out a header file, so we change the runlex script to generate the header file ourselves. This means we require a version of Flex new enough to support --header-file. Clean up some other stuff encountered in the process. Change-Id: Id23078c6acea549a52fc687779bb55d715b55c16 Reviewed-on: https://code.wireshark.org/review/14719 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-03-31 01:44:01 +00:00
dfilter_fail(yyextra->dfw, "The final quote was missing from a quoted string.");
Use -1 rather than 0 as the SCAN_FAILED return value from the lexical analyzer on errors, and check for SCAN_FAILED from the lexical analyzer and abort the parse if we see it; 0 means "end of input", and we want to distinguish errors from end-of-input, so that we can report errors as such. If we see end-of-input while parsing a double-quoted string, report the error (missing closing quote). Fix the URL for the "Start conditions" section of the Flex manual. svn path=/trunk/; revision=10044
2004-02-11 22:52:54 +00:00
return SCAN_FAILED;
}
Use '~' as a synonim for "matches" replace rogue "s with \042 to avoid some text editors going wild svn path=/trunk/; revision=22486
2007-08-11 22:05:44 +00:00
<DQUOTE>\042 {
Add to the fundamental types passed between the scanner and the parser. Besides "STRING", there is now "UNPARSED_STRING", where the distinction is that "STRING" was a double-quoted string and "UNPARSED_STRING" is just a sequence of characters that the scanner didn't know how to scan/parse, so it's up to the Ftype to parse it. This gives us more flexibility and prepares the dfilter parsing engine for the upcoming addition of the "contains" operator. In the process of doing this, I also re-did the double-quoted string support in the scanner, so that instead of the naively-simple support we used to have, double-quoted strings now can have embedded dobule-quotes, embedded octal sequences, and embedded hexadecimal sequences: "\"" embedded double-quote "\110" embedded octal "\x48" embedded hex Enhance the dfilter unit test script to be able to run a single collection of tests instead of having to run all of them all the time. svn path=/trunk/; revision=8083
2003-07-25 03:44:05 +00:00
/* end quote */
BEGIN(INITIAL);
dfilter: Avoid an unnecessary strdup() Use the GString data directly to avoid a spurious strdup().
2021-10-29 12:53:32 +00:00
df_lval->value = g_string_free(yyextra->quoted_string, FALSE);
Make the Flex scanners and YACC parser in libraries reentrant. master-branch libpcap now generates a reentrant Flex scanner and Bison/Berkeley YACC parser for capture filter expressions, so it requires versions of Flex and Bison/Berkeley YACC that support that. We might as well do the same. For libwiretap, it means we could actually have multiple K12 text or Ascend/Lucent text files open at the same time. For libwireshark, it might not be as useful, as we only read configuration files at startup (which should only happen once, in one thread) or on demand (in which case, if we ever support multiple threads running libwireshark, we'd need a mutex to ensure that only one file reads it), but it's still the right thing to do. We also require a version of Flex that can write out a header file, so we change the runlex script to generate the header file ourselves. This means we require a version of Flex new enough to support --header-file. Clean up some other stuff encountered in the process. Change-Id: Id23078c6acea549a52fc687779bb55d715b55c16 Reviewed-on: https://code.wireshark.org/review/14719 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-03-31 01:44:01 +00:00
yyextra->quoted_string = NULL;
dfilter: Avoid an unnecessary strdup() Use the GString data directly to avoid a spurious strdup().
2021-10-29 12:53:32 +00:00
return TOKEN_STRING;
Add to the fundamental types passed between the scanner and the parser. Besides "STRING", there is now "UNPARSED_STRING", where the distinction is that "STRING" was a double-quoted string and "UNPARSED_STRING" is just a sequence of characters that the scanner didn't know how to scan/parse, so it's up to the Ftype to parse it. This gives us more flexibility and prepares the dfilter parsing engine for the upcoming addition of the "contains" operator. In the process of doing this, I also re-did the double-quoted string support in the scanner, so that instead of the naively-simple support we used to have, double-quoted strings now can have embedded dobule-quotes, embedded octal sequences, and embedded hexadecimal sequences: "\"" embedded double-quote "\110" embedded octal "\x48" embedded hex Enhance the dfilter unit test script to be able to run a single collection of tests instead of having to run all of them all the time. svn path=/trunk/; revision=8083
2003-07-25 03:44:05 +00:00
}
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
Add to the fundamental types passed between the scanner and the parser. Besides "STRING", there is now "UNPARSED_STRING", where the distinction is that "STRING" was a double-quoted string and "UNPARSED_STRING" is just a sequence of characters that the scanner didn't know how to scan/parse, so it's up to the Ftype to parse it. This gives us more flexibility and prepares the dfilter parsing engine for the upcoming addition of the "contains" operator. In the process of doing this, I also re-did the double-quoted string support in the scanner, so that instead of the naively-simple support we used to have, double-quoted strings now can have embedded dobule-quotes, embedded octal sequences, and embedded hexadecimal sequences: "\"" embedded double-quote "\110" embedded octal "\x48" embedded hex Enhance the dfilter unit test script to be able to run a single collection of tests instead of having to run all of them all the time. svn path=/trunk/; revision=8083
2003-07-25 03:44:05 +00:00
<DQUOTE>\\[0-7]{1,3} {
/* octal sequence */
dfilter: Add support for raw strings Add support for a literal string specification copied from Python raw strings[1]. Raw string literals are enclosed with r"..." or R"...". Double quotes can be include in the string but they must be escaped with backslash. In escape sequences backslashes are preserved in the final result. So for example the string "a\\\"b" is the same as r"a\"b". r"\\\a" is the same as "\\\\\\a". Raw strings should be used for convenience wherever a regular expression is used in a display filter expression. [1]https://docs.python.org/3/reference/lexical_analysis.html#string-and-bytes-literals
2021-05-30 02:38:12 +00:00
if (yyextra->raw_string) {
g_string_append(yyextra->quoted_string, yytext);
}
else {
unsigned long result;
result = strtoul(yytext + 1, NULL, 8);
dfilter: Disallow embedded NUL bytes in regular strings When byte escape sequences, that is hex \xhh or octal \0ddd, are interpreted at the lexical level it is not possible to use strings with embedded NUL bytes. The NUL byte is interpreted as a C string terminator. As a consequence, for example, the strings "AB" and "AB\x00CDE" compare as the same. This leads to unexpected false matches and a poor user experience. Disallow embedded NULs for regular strings (strings literals that do not begin with 'r' or 'R') for this reason. It is possible to use a raw string instead (eg: r"AB\x00C") to match embedded NUL bytes, although that only works with regular expressions. Normal escape rules would also work with regular expressions (eg: "AB\\x00C"). This is the same string as the previous one, written in an alternate form. What won't work is "AB\x00C", this string is synctatically invalid. So the expression: data matches r"AB\x00C" will match the bytes {'A', 'B', '\0', '\C'}. However the expression: data contains r"AB\x00C" won't match the fvalue above. Because the "contains" operator doesn't compile a regular expression it literally tries to contains-match the bytes {'A', 'B', '\\', 'x', '0', '0', 'C'}. Therefore raw strings are very convenient but it is still necessary to be aware that the matches operator has an extra level of indirection than other string operators (same as in Python). Fixes #16156.
2021-05-30 07:40:30 +00:00
if (result == 0) {
g_string_free(yyextra->quoted_string, TRUE);
yyextra->quoted_string = NULL;
dfilter_fail(yyextra->dfw, "%s (NUL byte) cannot be used with a regular string.", yytext);
return SCAN_FAILED;
}
dfilter: Add support for raw strings Add support for a literal string specification copied from Python raw strings[1]. Raw string literals are enclosed with r"..." or R"...". Double quotes can be include in the string but they must be escaped with backslash. In escape sequences backslashes are preserved in the final result. So for example the string "a\\\"b" is the same as r"a\"b". r"\\\a" is the same as "\\\\\\a". Raw strings should be used for convenience wherever a regular expression is used in a display filter expression. [1]https://docs.python.org/3/reference/lexical_analysis.html#string-and-bytes-literals
2021-05-30 02:38:12 +00:00
if (result > 0xff) {
g_string_free(yyextra->quoted_string, TRUE);
yyextra->quoted_string = NULL;
dfilter_fail(yyextra->dfw, "%s is larger than 255.", yytext);
return SCAN_FAILED;
}
g_string_append_c(yyextra->quoted_string, (gchar) result);
Add to the fundamental types passed between the scanner and the parser. Besides "STRING", there is now "UNPARSED_STRING", where the distinction is that "STRING" was a double-quoted string and "UNPARSED_STRING" is just a sequence of characters that the scanner didn't know how to scan/parse, so it's up to the Ftype to parse it. This gives us more flexibility and prepares the dfilter parsing engine for the upcoming addition of the "contains" operator. In the process of doing this, I also re-did the double-quoted string support in the scanner, so that instead of the naively-simple support we used to have, double-quoted strings now can have embedded dobule-quotes, embedded octal sequences, and embedded hexadecimal sequences: "\"" embedded double-quote "\110" embedded octal "\x48" embedded hex Enhance the dfilter unit test script to be able to run a single collection of tests instead of having to run all of them all the time. svn path=/trunk/; revision=8083
2003-07-25 03:44:05 +00:00
}
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
}
Add to the fundamental types passed between the scanner and the parser. Besides "STRING", there is now "UNPARSED_STRING", where the distinction is that "STRING" was a double-quoted string and "UNPARSED_STRING" is just a sequence of characters that the scanner didn't know how to scan/parse, so it's up to the Ftype to parse it. This gives us more flexibility and prepares the dfilter parsing engine for the upcoming addition of the "contains" operator. In the process of doing this, I also re-did the double-quoted string support in the scanner, so that instead of the naively-simple support we used to have, double-quoted strings now can have embedded dobule-quotes, embedded octal sequences, and embedded hexadecimal sequences: "\"" embedded double-quote "\110" embedded octal "\x48" embedded hex Enhance the dfilter unit test script to be able to run a single collection of tests instead of having to run all of them all the time. svn path=/trunk/; revision=8083
2003-07-25 03:44:05 +00:00
<DQUOTE>\\x[[:xdigit:]]{1,2} {
/* hex sequence */
dfilter: Support more C escape sequences in string literals Before: Filter: http.request.method == "\tHEAD" Constants: 00000 PUT_FVALUE "tHEAD" <FT_STRING> -> reg#1 (...) Filter: http.request.method == "\uHEAD" Constants: 00000 PUT_FVALUE "uHEAD" <FT_STRING> -> reg#1 (...) After: Filter: http.request.method == "\tHEAD" Constants: 00000 PUT_FVALUE "\x09HEAD" <FT_STRING> -> reg#1 (...) Filter: http.request.method == "\uHEAD" Constants: 00000 PUT_FVALUE "uHEAD" <FT_STRING> -> reg#1 (...)
2021-10-31 15:48:22 +00:00
/*
* C standard does not place a limit on the number of hex
* digits after \x... but we do. \xNN can have 1 or two Ns, not more.
*/
dfilter: Add support for raw strings Add support for a literal string specification copied from Python raw strings[1]. Raw string literals are enclosed with r"..." or R"...". Double quotes can be include in the string but they must be escaped with backslash. In escape sequences backslashes are preserved in the final result. So for example the string "a\\\"b" is the same as r"a\"b". r"\\\a" is the same as "\\\\\\a". Raw strings should be used for convenience wherever a regular expression is used in a display filter expression. [1]https://docs.python.org/3/reference/lexical_analysis.html#string-and-bytes-literals
2021-05-30 02:38:12 +00:00
if (yyextra->raw_string) {
g_string_append(yyextra->quoted_string, yytext);
}
else {
unsigned long result;
result = strtoul(yytext + 2, NULL, 16);
dfilter: Disallow embedded NUL bytes in regular strings When byte escape sequences, that is hex \xhh or octal \0ddd, are interpreted at the lexical level it is not possible to use strings with embedded NUL bytes. The NUL byte is interpreted as a C string terminator. As a consequence, for example, the strings "AB" and "AB\x00CDE" compare as the same. This leads to unexpected false matches and a poor user experience. Disallow embedded NULs for regular strings (strings literals that do not begin with 'r' or 'R') for this reason. It is possible to use a raw string instead (eg: r"AB\x00C") to match embedded NUL bytes, although that only works with regular expressions. Normal escape rules would also work with regular expressions (eg: "AB\\x00C"). This is the same string as the previous one, written in an alternate form. What won't work is "AB\x00C", this string is synctatically invalid. So the expression: data matches r"AB\x00C" will match the bytes {'A', 'B', '\0', '\C'}. However the expression: data contains r"AB\x00C" won't match the fvalue above. Because the "contains" operator doesn't compile a regular expression it literally tries to contains-match the bytes {'A', 'B', '\\', 'x', '0', '0', 'C'}. Therefore raw strings are very convenient but it is still necessary to be aware that the matches operator has an extra level of indirection than other string operators (same as in Python). Fixes #16156.
2021-05-30 07:40:30 +00:00
if (result == 0) {
g_string_free(yyextra->quoted_string, TRUE);
yyextra->quoted_string = NULL;
dfilter_fail(yyextra->dfw, "%s (NUL byte) cannot be used with a regular string.", yytext);
return SCAN_FAILED;
}
dfilter: Add support for raw strings Add support for a literal string specification copied from Python raw strings[1]. Raw string literals are enclosed with r"..." or R"...". Double quotes can be include in the string but they must be escaped with backslash. In escape sequences backslashes are preserved in the final result. So for example the string "a\\\"b" is the same as r"a\"b". r"\\\a" is the same as "\\\\\\a". Raw strings should be used for convenience wherever a regular expression is used in a display filter expression. [1]https://docs.python.org/3/reference/lexical_analysis.html#string-and-bytes-literals
2021-05-30 02:38:12 +00:00
g_string_append_c(yyextra->quoted_string, (gchar) result);
}
Add to the fundamental types passed between the scanner and the parser. Besides "STRING", there is now "UNPARSED_STRING", where the distinction is that "STRING" was a double-quoted string and "UNPARSED_STRING" is just a sequence of characters that the scanner didn't know how to scan/parse, so it's up to the Ftype to parse it. This gives us more flexibility and prepares the dfilter parsing engine for the upcoming addition of the "contains" operator. In the process of doing this, I also re-did the double-quoted string support in the scanner, so that instead of the naively-simple support we used to have, double-quoted strings now can have embedded dobule-quotes, embedded octal sequences, and embedded hexadecimal sequences: "\"" embedded double-quote "\110" embedded octal "\x48" embedded hex Enhance the dfilter unit test script to be able to run a single collection of tests instead of having to run all of them all the time. svn path=/trunk/; revision=8083
2003-07-25 03:44:05 +00:00
}
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
Add to the fundamental types passed between the scanner and the parser. Besides "STRING", there is now "UNPARSED_STRING", where the distinction is that "STRING" was a double-quoted string and "UNPARSED_STRING" is just a sequence of characters that the scanner didn't know how to scan/parse, so it's up to the Ftype to parse it. This gives us more flexibility and prepares the dfilter parsing engine for the upcoming addition of the "contains" operator. In the process of doing this, I also re-did the double-quoted string support in the scanner, so that instead of the naively-simple support we used to have, double-quoted strings now can have embedded dobule-quotes, embedded octal sequences, and embedded hexadecimal sequences: "\"" embedded double-quote "\110" embedded octal "\x48" embedded hex Enhance the dfilter unit test script to be able to run a single collection of tests instead of having to run all of them all the time. svn path=/trunk/; revision=8083
2003-07-25 03:44:05 +00:00
<DQUOTE>\\. {
/* escaped character */
dfilter: Add support for raw strings Add support for a literal string specification copied from Python raw strings[1]. Raw string literals are enclosed with r"..." or R"...". Double quotes can be include in the string but they must be escaped with backslash. In escape sequences backslashes are preserved in the final result. So for example the string "a\\\"b" is the same as r"a\"b". r"\\\a" is the same as "\\\\\\a". Raw strings should be used for convenience wherever a regular expression is used in a display filter expression. [1]https://docs.python.org/3/reference/lexical_analysis.html#string-and-bytes-literals
2021-05-30 02:38:12 +00:00
if (yyextra->raw_string) {
g_string_append(yyextra->quoted_string, yytext);
}
dfilter: Reject invalid character escape sequences For double quoted strings. This is consistent with single quote character constants and the C standard. It also avoids common mistakes where the superfluous backslash is silently suppressed.
2021-11-23 13:40:14 +00:00
else if (!append_escaped_char(yyextra->dfw, yyextra->quoted_string, yytext[1])) {
dfilter: Free a scanner string
2021-11-24 09:54:17 +00:00
g_string_free(yyextra->quoted_string, TRUE);
yyextra->quoted_string = NULL;
dfilter: Reject invalid character escape sequences For double quoted strings. This is consistent with single quote character constants and the C standard. It also avoids common mistakes where the superfluous backslash is silently suppressed.
2021-11-23 13:40:14 +00:00
return SCAN_FAILED;
dfilter: Add support for raw strings Add support for a literal string specification copied from Python raw strings[1]. Raw string literals are enclosed with r"..." or R"...". Double quotes can be include in the string but they must be escaped with backslash. In escape sequences backslashes are preserved in the final result. So for example the string "a\\\"b" is the same as r"a\"b". r"\\\a" is the same as "\\\\\\a". Raw strings should be used for convenience wherever a regular expression is used in a display filter expression. [1]https://docs.python.org/3/reference/lexical_analysis.html#string-and-bytes-literals
2021-05-30 02:38:12 +00:00
}
Add to the fundamental types passed between the scanner and the parser. Besides "STRING", there is now "UNPARSED_STRING", where the distinction is that "STRING" was a double-quoted string and "UNPARSED_STRING" is just a sequence of characters that the scanner didn't know how to scan/parse, so it's up to the Ftype to parse it. This gives us more flexibility and prepares the dfilter parsing engine for the upcoming addition of the "contains" operator. In the process of doing this, I also re-did the double-quoted string support in the scanner, so that instead of the naively-simple support we used to have, double-quoted strings now can have embedded dobule-quotes, embedded octal sequences, and embedded hexadecimal sequences: "\"" embedded double-quote "\110" embedded octal "\x48" embedded hex Enhance the dfilter unit test script to be able to run a single collection of tests instead of having to run all of them all the time. svn path=/trunk/; revision=8083
2003-07-25 03:44:05 +00:00
}
Use '~' as a synonim for "matches" replace rogue "s with \042 to avoid some text editors going wild svn path=/trunk/; revision=22486
2007-08-11 22:05:44 +00:00
<DQUOTE>[^\\\042]+ {
Add to the fundamental types passed between the scanner and the parser. Besides "STRING", there is now "UNPARSED_STRING", where the distinction is that "STRING" was a double-quoted string and "UNPARSED_STRING" is just a sequence of characters that the scanner didn't know how to scan/parse, so it's up to the Ftype to parse it. This gives us more flexibility and prepares the dfilter parsing engine for the upcoming addition of the "contains" operator. In the process of doing this, I also re-did the double-quoted string support in the scanner, so that instead of the naively-simple support we used to have, double-quoted strings now can have embedded dobule-quotes, embedded octal sequences, and embedded hexadecimal sequences: "\"" embedded double-quote "\110" embedded octal "\x48" embedded hex Enhance the dfilter unit test script to be able to run a single collection of tests instead of having to run all of them all the time. svn path=/trunk/; revision=8083
2003-07-25 03:44:05 +00:00
/* non-escaped string */
Make the Flex scanners and YACC parser in libraries reentrant. master-branch libpcap now generates a reentrant Flex scanner and Bison/Berkeley YACC parser for capture filter expressions, so it requires versions of Flex and Bison/Berkeley YACC that support that. We might as well do the same. For libwiretap, it means we could actually have multiple K12 text or Ascend/Lucent text files open at the same time. For libwireshark, it might not be as useful, as we only read configuration files at startup (which should only happen once, in one thread) or on demand (in which case, if we ever support multiple threads running libwireshark, we'd need a mutex to ensure that only one file reads it), but it's still the right thing to do. We also require a version of Flex that can write out a header file, so we change the runlex script to generate the header file ourselves. This means we require a version of Flex new enough to support --header-file. Clean up some other stuff encountered in the process. Change-Id: Id23078c6acea549a52fc687779bb55d715b55c16 Reviewed-on: https://code.wireshark.org/review/14719 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-03-31 01:44:01 +00:00
g_string_append(yyextra->quoted_string, yytext);
Add to the fundamental types passed between the scanner and the parser. Besides "STRING", there is now "UNPARSED_STRING", where the distinction is that "STRING" was a double-quoted string and "UNPARSED_STRING" is just a sequence of characters that the scanner didn't know how to scan/parse, so it's up to the Ftype to parse it. This gives us more flexibility and prepares the dfilter parsing engine for the upcoming addition of the "contains" operator. In the process of doing this, I also re-did the double-quoted string support in the scanner, so that instead of the naively-simple support we used to have, double-quoted strings now can have embedded dobule-quotes, embedded octal sequences, and embedded hexadecimal sequences: "\"" embedded double-quote "\110" embedded octal "\x48" embedded hex Enhance the dfilter unit test script to be able to run a single collection of tests instead of having to run all of them all the time. svn path=/trunk/; revision=8083
2003-07-25 03:44:05 +00:00
}
Improve support for single-character fields and filter expressions. Add an FT_CHAR type, which is like FT_UINT8 except that the value is displayed as a C-style character constant. Allow use of C-style character constants in filter expressions; they can be used in comparisons with all integral types, and in "contains" operators. Use that type for some fields that appear (based on the way they're displayed, or on the use of C-style character constants in their value_string tables) to be 1-byte characters rather than 8-bit numbers. Change-Id: I39a9f0dda0bd7f4fa02a9ca8373216206f4d7135 Reviewed-on: https://code.wireshark.org/review/17787 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-09-19 01:48:50 +00:00
\047 {
/* start quote of a quoted character value */
BEGIN(SQUOTE);
yyextra->quoted_string = g_string_new("'");
}
<SQUOTE><<EOF>> {
/* unterminated character value */
dfilter: Free a scanner string earlier
2021-10-31 15:52:05 +00:00
g_string_free(yyextra->quoted_string, TRUE);
yyextra->quoted_string = NULL;
Improve support for single-character fields and filter expressions. Add an FT_CHAR type, which is like FT_UINT8 except that the value is displayed as a C-style character constant. Allow use of C-style character constants in filter expressions; they can be used in comparisons with all integral types, and in "contains" operators. Use that type for some fields that appear (based on the way they're displayed, or on the use of C-style character constants in their value_string tables) to be 1-byte characters rather than 8-bit numbers. Change-Id: I39a9f0dda0bd7f4fa02a9ca8373216206f4d7135 Reviewed-on: https://code.wireshark.org/review/17787 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-09-19 01:48:50 +00:00
dfilter_fail(yyextra->dfw, "The final quote was missing from a character constant.");
return SCAN_FAILED;
}
<SQUOTE>\047 {
/* end quote */
BEGIN(INITIAL);
g_string_append_c(yyextra->quoted_string, '\'');
dfilter: Avoid an unnecessary strdup() Use the GString data directly to avoid a spurious strdup().
2021-10-29 12:53:32 +00:00
df_lval->value = g_string_free(yyextra->quoted_string, FALSE);
Improve support for single-character fields and filter expressions. Add an FT_CHAR type, which is like FT_UINT8 except that the value is displayed as a C-style character constant. Allow use of C-style character constants in filter expressions; they can be used in comparisons with all integral types, and in "contains" operators. Use that type for some fields that appear (based on the way they're displayed, or on the use of C-style character constants in their value_string tables) to be 1-byte characters rather than 8-bit numbers. Change-Id: I39a9f0dda0bd7f4fa02a9ca8373216206f4d7135 Reviewed-on: https://code.wireshark.org/review/17787 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-09-19 01:48:50 +00:00
yyextra->quoted_string = NULL;
dfilter: Parse character constants in lexer Invalid character constants should be handled in the lexical scanner. Todo: See if some code could be shared to parse double quoted strings. It also fixes some unintuitive type coercions to string. Character constants should be treated as characters, or maybe integers, or maybe even throw an invalid comparison error, but coverting to a literal string or byte array is surprising and not particularly useful: '\xFF' -> "'\xFF'" (equals) '\xFF' -> "FF" (contains) Before: Filter: http.request.method contains "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "63" <FT_STRING> -> reg#1 (...) Filter: http.request.method == "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "'\\x63'" <FT_STRING> -> reg#1 (...) After: Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...)
2021-11-23 21:20:34 +00:00
if (!parse_charconst(yyextra->dfw, df_lval->value, &df_lval->number)) {
return SCAN_FAILED;
}
dfilter: Avoid an unnecessary strdup() Use the GString data directly to avoid a spurious strdup().
2021-10-29 12:53:32 +00:00
return TOKEN_CHARCONST;
Improve support for single-character fields and filter expressions. Add an FT_CHAR type, which is like FT_UINT8 except that the value is displayed as a C-style character constant. Allow use of C-style character constants in filter expressions; they can be used in comparisons with all integral types, and in "contains" operators. Use that type for some fields that appear (based on the way they're displayed, or on the use of C-style character constants in their value_string tables) to be 1-byte characters rather than 8-bit numbers. Change-Id: I39a9f0dda0bd7f4fa02a9ca8373216206f4d7135 Reviewed-on: https://code.wireshark.org/review/17787 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-09-19 01:48:50 +00:00
}
<SQUOTE>\\. {
/* escaped character */
g_string_append(yyextra->quoted_string, yytext);
}
<SQUOTE>[^\\\047]+ {
/* non-escaped string */
g_string_append(yyextra->quoted_string, yytext);
}
dfilter: Fixup some scanner comments and patterns Fixup comment to reflect that unparsed is the only token type for the pattern, there is no "match" or "no match". Tighten the CIDR patterns and make sure it cannot match a rogue "..". This is ambiguous with 80..90 and must be treated extra carefully to support floating point formats without leading or terminating digits before or after the point. Reject the default match as a syntax error. This pattern is just a pitfall to make testing and debugging harder. Matching a single arbitrary character is never a valid unparsed string, except by chance.
2021-10-27 18:19:36 +00:00
/* None of the patterns below can match ".." anywhere in the token string. */
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
dfilter: Allow arithmetic expressions without spaces To allow an arithmetic expressions without spaces, such as "1+2", we cannot match the expression in other lexical rules using "+". Because of longest match this becomes the token LITERAL or UNPARSED with semantic value "1+2". The same goes for all the other arithmetic operators. So we need to remove [+-*/%] from "word chars" and add very specific patterns (that won't mistakenly match an arithmetic expression) for those literal or unparsed tokens we want to support using these characters. The plus was not a problem but right slash is used for CIDR, minus for mac address separator, etc. There are still some corner case. 11-22-33-44-55-66 is a mac address and not the arithmetic expression with six terms "eleven minus twenty two minus etc." (if we ever support more than two terms in the grammar, which we don't currently). We lift some patterns from the flex manual to match on IPv4 and IPv6 (ugly) and add MAC address. Other hypothetical literal lexical values using [+-*/%] are already supported enclosed in angle brackets but the cases of MAC/IPv4/IPv6 are are very common and moreover we need to do the utmost to not break backward compatibily here. Before: $ dftest "_ws.ftypes.int32 == 1+2" dftest: "1+2" is not a valid number. After: $ dftest "_ws.ftypes.int32 == 1+2" Filter: _ws.ftypes.int32 == 1+2 Instructions: 00000 READ_TREE _ws.ftypes.int32 -> reg#0 00001 IF_FALSE_GOTO 4 00002 ADD 1 <FT_INT32> + 2 <FT_INT32> -> reg#1 00003 ANY_EQ reg#0 == reg#1 00004 RETURN
2022-04-04 18:58:35 +00:00
{MacAddress}|{QuadMacAddress} {
dfilter: Fix parsing of some IPv6 compressed addresses Fix parsing of some IPv6 addresses and add tests. Also pass tokens as unparsed unless the user was specfic about the semantic type. For example the IPv4 address 1.1.1.1 is also a valid field, but 1.1.1.1/128 is not (because of the slash). However choose not to enforce the distinction in the lexical scanner and pass everything as unparsed unless the meaning is explicit in the syntax with leading dot, colon, or between angle branckets.
2022-04-06 08:29:45 +00:00
/* MAC Address literal. */
dfilter: Allow arithmetic expressions without spaces To allow an arithmetic expressions without spaces, such as "1+2", we cannot match the expression in other lexical rules using "+". Because of longest match this becomes the token LITERAL or UNPARSED with semantic value "1+2". The same goes for all the other arithmetic operators. So we need to remove [+-*/%] from "word chars" and add very specific patterns (that won't mistakenly match an arithmetic expression) for those literal or unparsed tokens we want to support using these characters. The plus was not a problem but right slash is used for CIDR, minus for mac address separator, etc. There are still some corner case. 11-22-33-44-55-66 is a mac address and not the arithmetic expression with six terms "eleven minus twenty two minus etc." (if we ever support more than two terms in the grammar, which we don't currently). We lift some patterns from the flex manual to match on IPv4 and IPv6 (ugly) and add MAC address. Other hypothetical literal lexical values using [+-*/%] are already supported enclosed in angle brackets but the cases of MAC/IPv4/IPv6 are are very common and moreover we need to do the utmost to not break backward compatibily here. Before: $ dftest "_ws.ftypes.int32 == 1+2" dftest: "1+2" is not a valid number. After: $ dftest "_ws.ftypes.int32 == 1+2" Filter: _ws.ftypes.int32 == 1+2 Instructions: 00000 READ_TREE _ws.ftypes.int32 -> reg#0 00001 IF_FALSE_GOTO 4 00002 ADD 1 <FT_INT32> + 2 <FT_INT32> -> reg#1 00003 ANY_EQ reg#0 == reg#1 00004 RETURN
2022-04-04 18:58:35 +00:00
return set_lval_str(TOKEN_UNPARSED, yytext);
}
dfilter: Fix parsing of some IPv6 compressed addresses Fix parsing of some IPv6 addresses and add tests. Also pass tokens as unparsed unless the user was specfic about the semantic type. For example the IPv4 address 1.1.1.1 is also a valid field, but 1.1.1.1/128 is not (because of the slash). However choose not to enforce the distinction in the lexical scanner and pass everything as unparsed unless the meaning is explicit in the syntax with leading dot, colon, or between angle branckets.
2022-04-06 08:29:45 +00:00
{IPv4address}{v4-cidr-prefix}? {
/* IPv4 with or without prefix. */
return set_lval_str(TOKEN_UNPARSED, yytext);
dfilter: Add special syntax for literals and names The syntax for protocols and some literals like numbers and bytes/addresses can be ambiguous. Some protocols can be parsed as a literal, for example the protocol "fc" (Fibre Channel) can be parsed as 0xFC. If a numeric protocol is registered that will also take precedence over any literal, according to the current rules, thereby breaking numerical comparisons to that number. The same for an hypothetical protocol named "true", etc. To allow the user to disambiguate this meaning introduce new syntax. Any value prefixed with ':' or enclosed in <,> will be treated as a literal value only. The value :fc or <fc> will always mean 0xFC, under any context. Never a protocol whose filter name is "fc". Likewise any value prefixed with a dot will always be parsed as an identifier (protocol or protocol field) in the language. Never any literal value parsed from the token "fc". This allows the user to be explicit about the meaning, and between the two explicit methods plus the ambiguous one it doesn't completely break any one meaning. The difference can be seen in the following two programs: Filter: frame == fc Constants: Instructions: 00000 READ_TREE frame -> reg#0 00001 IF-FALSE-GOTO 5 00002 READ_TREE fc -> reg#1 00003 IF-FALSE-GOTO 5 00004 ANY_EQ reg#0 == reg#1 00005 RETURN -------- Filter: frame == :fc Constants: 00000 PUT_FVALUE fc <FT_PROTOCOL> -> reg#1 Instructions: 00000 READ_TREE frame -> reg#0 00001 IF-FALSE-GOTO 3 00002 ANY_EQ reg#0 == reg#1 00003 RETURN The filter "frame == fc" is the same as "filter == .fc", according to the current heuristic, except the first form will try to parse it as a literal if the name does not correspond to any registered protocol. By treating a leading dot as a name in the language we necessarily disallow writing floats with a leading dot. We will also disallow writing with an ending dot when using unparsed values. This is a backward incompatibility but has the happy side effect of making the expression {1...2} unambiguous. This could either mean "1 .. .2" or "1. .. 2". If we require a leading and ending digit then the meaning is clear: 1.0..0.2 -> 1.0 .. 0.2 Fixes #17731.
2022-02-22 21:55:05 +00:00
}
dfilter: Fix parsing of some IPv6 compressed addresses Fix parsing of some IPv6 addresses and add tests. Also pass tokens as unparsed unless the user was specfic about the semantic type. For example the IPv4 address 1.1.1.1 is also a valid field, but 1.1.1.1/128 is not (because of the slash). However choose not to enforce the distinction in the lexical scanner and pass everything as unparsed unless the meaning is explicit in the syntax with leading dot, colon, or between angle branckets.
2022-04-06 08:29:45 +00:00
{IPv6address}{v6-cidr-prefix}? {
/* IPv6 with or without prefix. */
return set_lval_str(TOKEN_UNPARSED, yytext);
dfilter: Add special syntax for literals and names The syntax for protocols and some literals like numbers and bytes/addresses can be ambiguous. Some protocols can be parsed as a literal, for example the protocol "fc" (Fibre Channel) can be parsed as 0xFC. If a numeric protocol is registered that will also take precedence over any literal, according to the current rules, thereby breaking numerical comparisons to that number. The same for an hypothetical protocol named "true", etc. To allow the user to disambiguate this meaning introduce new syntax. Any value prefixed with ':' or enclosed in <,> will be treated as a literal value only. The value :fc or <fc> will always mean 0xFC, under any context. Never a protocol whose filter name is "fc". Likewise any value prefixed with a dot will always be parsed as an identifier (protocol or protocol field) in the language. Never any literal value parsed from the token "fc". This allows the user to be explicit about the meaning, and between the two explicit methods plus the ambiguous one it doesn't completely break any one meaning. The difference can be seen in the following two programs: Filter: frame == fc Constants: Instructions: 00000 READ_TREE frame -> reg#0 00001 IF-FALSE-GOTO 5 00002 READ_TREE fc -> reg#1 00003 IF-FALSE-GOTO 5 00004 ANY_EQ reg#0 == reg#1 00005 RETURN -------- Filter: frame == :fc Constants: 00000 PUT_FVALUE fc <FT_PROTOCOL> -> reg#1 Instructions: 00000 READ_TREE frame -> reg#0 00001 IF-FALSE-GOTO 3 00002 ANY_EQ reg#0 == reg#1 00003 RETURN The filter "frame == fc" is the same as "filter == .fc", according to the current heuristic, except the first form will try to parse it as a literal if the name does not correspond to any registered protocol. By treating a leading dot as a name in the language we necessarily disallow writing floats with a leading dot. We will also disallow writing with an ending dot when using unparsed values. This is a backward incompatibility but has the happy side effect of making the expression {1...2} unambiguous. This could either mean "1 .. .2" or "1. .. 2". If we require a leading and ending digit then the meaning is clear: 1.0..0.2 -> 1.0 .. 0.2 Fixes #17731.
2022-02-22 21:55:05 +00:00
}
dfilter: Allow arithmetic expressions without spaces To allow an arithmetic expressions without spaces, such as "1+2", we cannot match the expression in other lexical rules using "+". Because of longest match this becomes the token LITERAL or UNPARSED with semantic value "1+2". The same goes for all the other arithmetic operators. So we need to remove [+-*/%] from "word chars" and add very specific patterns (that won't mistakenly match an arithmetic expression) for those literal or unparsed tokens we want to support using these characters. The plus was not a problem but right slash is used for CIDR, minus for mac address separator, etc. There are still some corner case. 11-22-33-44-55-66 is a mac address and not the arithmetic expression with six terms "eleven minus twenty two minus etc." (if we ever support more than two terms in the grammar, which we don't currently). We lift some patterns from the flex manual to match on IPv4 and IPv6 (ugly) and add MAC address. Other hypothetical literal lexical values using [+-*/%] are already supported enclosed in angle brackets but the cases of MAC/IPv4/IPv6 are are very common and moreover we need to do the utmost to not break backward compatibily here. Before: $ dftest "_ws.ftypes.int32 == 1+2" dftest: "1+2" is not a valid number. After: $ dftest "_ws.ftypes.int32 == 1+2" Filter: _ws.ftypes.int32 == 1+2 Instructions: 00000 READ_TREE _ws.ftypes.int32 -> reg#0 00001 IF_FALSE_GOTO 4 00002 ADD 1 <FT_INT32> + 2 <FT_INT32> -> reg#1 00003 ANY_EQ reg#0 == reg#1 00004 RETURN
2022-04-04 18:58:35 +00:00
[[:xdigit:]]+:[[:xdigit:]:]* {
dfilter: Fix parsing of some IPv6 compressed addresses Fix parsing of some IPv6 addresses and add tests. Also pass tokens as unparsed unless the user was specfic about the semantic type. For example the IPv4 address 1.1.1.1 is also a valid field, but 1.1.1.1/128 is not (because of the slash). However choose not to enforce the distinction in the lexical scanner and pass everything as unparsed unless the meaning is explicit in the syntax with leading dot, colon, or between angle branckets.
2022-04-06 08:29:45 +00:00
/* Bytes. */
return set_lval_str(TOKEN_UNPARSED, yytext);
dfilter: Allow arithmetic expressions without spaces To allow an arithmetic expressions without spaces, such as "1+2", we cannot match the expression in other lexical rules using "+". Because of longest match this becomes the token LITERAL or UNPARSED with semantic value "1+2". The same goes for all the other arithmetic operators. So we need to remove [+-*/%] from "word chars" and add very specific patterns (that won't mistakenly match an arithmetic expression) for those literal or unparsed tokens we want to support using these characters. The plus was not a problem but right slash is used for CIDR, minus for mac address separator, etc. There are still some corner case. 11-22-33-44-55-66 is a mac address and not the arithmetic expression with six terms "eleven minus twenty two minus etc." (if we ever support more than two terms in the grammar, which we don't currently). We lift some patterns from the flex manual to match on IPv4 and IPv6 (ugly) and add MAC address. Other hypothetical literal lexical values using [+-*/%] are already supported enclosed in angle brackets but the cases of MAC/IPv4/IPv6 are are very common and moreover we need to do the utmost to not break backward compatibily here. Before: $ dftest "_ws.ftypes.int32 == 1+2" dftest: "1+2" is not a valid number. After: $ dftest "_ws.ftypes.int32 == 1+2" Filter: _ws.ftypes.int32 == 1+2 Instructions: 00000 READ_TREE _ws.ftypes.int32 -> reg#0 00001 IF_FALSE_GOTO 4 00002 ADD 1 <FT_INT32> + 2 <FT_INT32> -> reg#1 00003 ANY_EQ reg#0 == reg#1 00004 RETURN
2022-04-04 18:58:35 +00:00
}
"<"[^>=]+">" {
dfilter: Fix parsing of some IPv6 compressed addresses Fix parsing of some IPv6 addresses and add tests. Also pass tokens as unparsed unless the user was specfic about the semantic type. For example the IPv4 address 1.1.1.1 is also a valid field, but 1.1.1.1/128 is not (because of the slash). However choose not to enforce the distinction in the lexical scanner and pass everything as unparsed unless the meaning is explicit in the syntax with leading dot, colon, or between angle branckets.
2022-04-06 08:29:45 +00:00
/* Literal in-between angle brackets (cannot be parsed as a protocol field). */
dfilter: Allow arithmetic expressions without spaces To allow an arithmetic expressions without spaces, such as "1+2", we cannot match the expression in other lexical rules using "+". Because of longest match this becomes the token LITERAL or UNPARSED with semantic value "1+2". The same goes for all the other arithmetic operators. So we need to remove [+-*/%] from "word chars" and add very specific patterns (that won't mistakenly match an arithmetic expression) for those literal or unparsed tokens we want to support using these characters. The plus was not a problem but right slash is used for CIDR, minus for mac address separator, etc. There are still some corner case. 11-22-33-44-55-66 is a mac address and not the arithmetic expression with six terms "eleven minus twenty two minus etc." (if we ever support more than two terms in the grammar, which we don't currently). We lift some patterns from the flex manual to match on IPv4 and IPv6 (ugly) and add MAC address. Other hypothetical literal lexical values using [+-*/%] are already supported enclosed in angle brackets but the cases of MAC/IPv4/IPv6 are are very common and moreover we need to do the utmost to not break backward compatibily here. Before: $ dftest "_ws.ftypes.int32 == 1+2" dftest: "1+2" is not a valid number. After: $ dftest "_ws.ftypes.int32 == 1+2" Filter: _ws.ftypes.int32 == 1+2 Instructions: 00000 READ_TREE _ws.ftypes.int32 -> reg#0 00001 IF_FALSE_GOTO 4 00002 ADD 1 <FT_INT32> + 2 <FT_INT32> -> reg#1 00003 ANY_EQ reg#0 == reg#1 00004 RETURN
2022-04-04 18:58:35 +00:00
return set_lval_str(TOKEN_LITERAL, yytext);
dfilter: Add special syntax for literals and names The syntax for protocols and some literals like numbers and bytes/addresses can be ambiguous. Some protocols can be parsed as a literal, for example the protocol "fc" (Fibre Channel) can be parsed as 0xFC. If a numeric protocol is registered that will also take precedence over any literal, according to the current rules, thereby breaking numerical comparisons to that number. The same for an hypothetical protocol named "true", etc. To allow the user to disambiguate this meaning introduce new syntax. Any value prefixed with ':' or enclosed in <,> will be treated as a literal value only. The value :fc or <fc> will always mean 0xFC, under any context. Never a protocol whose filter name is "fc". Likewise any value prefixed with a dot will always be parsed as an identifier (protocol or protocol field) in the language. Never any literal value parsed from the token "fc". This allows the user to be explicit about the meaning, and between the two explicit methods plus the ambiguous one it doesn't completely break any one meaning. The difference can be seen in the following two programs: Filter: frame == fc Constants: Instructions: 00000 READ_TREE frame -> reg#0 00001 IF-FALSE-GOTO 5 00002 READ_TREE fc -> reg#1 00003 IF-FALSE-GOTO 5 00004 ANY_EQ reg#0 == reg#1 00005 RETURN -------- Filter: frame == :fc Constants: 00000 PUT_FVALUE fc <FT_PROTOCOL> -> reg#1 Instructions: 00000 READ_TREE frame -> reg#0 00001 IF-FALSE-GOTO 3 00002 ANY_EQ reg#0 == reg#1 00003 RETURN The filter "frame == fc" is the same as "filter == .fc", according to the current heuristic, except the first form will try to parse it as a literal if the name does not correspond to any registered protocol. By treating a leading dot as a name in the language we necessarily disallow writing floats with a leading dot. We will also disallow writing with an ending dot when using unparsed values. This is a backward incompatibility but has the happy side effect of making the expression {1...2} unambiguous. This could either mean "1 .. .2" or "1. .. 2". If we require a leading and ending digit then the meaning is clear: 1.0..0.2 -> 1.0 .. 0.2 Fixes #17731.
2022-02-22 21:55:05 +00:00
}
dfilter: make spaces around ".." optional in display filter For numeric values such as port numbers, "4430..4434" looks more natural than "4430 .. 4434", so support that. To make this possible, the display filter syntax needs to be restricted. Assume that neither field names nor values can contain "..". The display filter `data contains ..` will now be considered a syntax error and must be written as `data contains ".."` instead. More generally, all values that contain ".." must be quoted. Other than the ".." restriction, the scanner deliberately accepts more characters that can potentially form invalid input. This is to prevent accidentally splitting input in multiple tokens. For example, "9.2." in "frame.time_delta in {9.2.}" is currently parsed as one token and then rejected because it cannot be parsed as time. If the scanner was made stricter, it could treat it as two tokens (floats), "9." and "2." which has different meaning for the set membership operator. An unhandled edge case is "1....2" which is parsed as "1 .. .. 2" but could have been parsed as "1. .. .2" instead. A float with trailing dots followed by ".." seems sufficiently weird, so rejection is fine. Ping-Bug: 14180 Change-Id: Ibad8e851b49346c9d470f09d5d6a54defa21bcb9 Reviewed-on: https://code.wireshark.org/review/26960 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-04-16 11:02:41 +00:00
dfilter: restore support for identifiers using hyphen Restores support for filters such as "mac-lte", that was broken in 330d40832848411da3c3d2646978e41240bf848b. This means we are not able to support arithmetic expressions with binary minus without spaces. $ dftest 'tcp.port == 1-2' dftest: "1-2" is not a valid number.
2022-04-05 14:38:20 +00:00
[:.]?[[:alnum:]_]{WORD_CHAR}*(\.{WORD_CHAR}+)* {
dfilter: Allow arithmetic expressions without spaces To allow an arithmetic expressions without spaces, such as "1+2", we cannot match the expression in other lexical rules using "+". Because of longest match this becomes the token LITERAL or UNPARSED with semantic value "1+2". The same goes for all the other arithmetic operators. So we need to remove [+-*/%] from "word chars" and add very specific patterns (that won't mistakenly match an arithmetic expression) for those literal or unparsed tokens we want to support using these characters. The plus was not a problem but right slash is used for CIDR, minus for mac address separator, etc. There are still some corner case. 11-22-33-44-55-66 is a mac address and not the arithmetic expression with six terms "eleven minus twenty two minus etc." (if we ever support more than two terms in the grammar, which we don't currently). We lift some patterns from the flex manual to match on IPv4 and IPv6 (ugly) and add MAC address. Other hypothetical literal lexical values using [+-*/%] are already supported enclosed in angle brackets but the cases of MAC/IPv4/IPv6 are are very common and moreover we need to do the utmost to not break backward compatibily here. Before: $ dftest "_ws.ftypes.int32 == 1+2" dftest: "1+2" is not a valid number. After: $ dftest "_ws.ftypes.int32 == 1+2" Filter: _ws.ftypes.int32 == 1+2 Instructions: 00000 READ_TREE _ws.ftypes.int32 -> reg#0 00001 IF_FALSE_GOTO 4 00002 ADD 1 <FT_INT32> + 2 <FT_INT32> -> reg#1 00003 ANY_EQ reg#0 == reg#1 00004 RETURN
2022-04-04 18:58:35 +00:00
/* Identifier or literal or unparsed. */
if (yytext[0] == '.')
return set_lval_str(TOKEN_IDENTIFIER, yytext);
if (yytext[0] == ':')
return set_lval_str(TOKEN_LITERAL, yytext);
dfilter: Save token value to syntax tree When parsing we save the token value to the syntax tree. This is useful for better error reporting. Use it to report an invalid entity for the slice operation. Before only the memory location was reported, which is not a good error message. Before: % dftest '"01:02:03:04"[0:3] == foo' Filter: ""01:02:03:04"[0:3] == foo" dftest: Range is not supported for entity <0x7f6c84017740> of type STRING After: % dftest '"01:02:03:04"[0:3] == foo' Filter: ""01:02:03:04"[0:3] == foo" dftest: Range is not supported for entity 01:02:03:04 of type STRING When creating a new node from an old one we need to copy the token value. Simple tokens such as RBRACKET, COMMA and COLON are not part of the AST and don't have an associated semantic value.
2021-09-26 21:22:50 +00:00
return set_lval_str(TOKEN_UNPARSED, yytext);
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
}
Support CIDR notation in IPv4 address filtering. svn path=/trunk/; revision=3601
2001-06-22 16:29:15 +00:00
. {
dfilter: Fix error message with non printable ASCII Before: Filter: http.user_agent == açaí dftest: "�" was unexpected in this context. After: Filter: http.user_agent == açaí dftest: Non-printable ASCII characters may only appear inside double-quotes. Related with #17770.
2022-02-19 17:49:29 +00:00
/* Default */
if (isprint_string(yytext))
dfilter_fail(yyextra->dfw, "\"%s\" was unexpected in this context.", yytext);
else
dfilter_fail(yyextra->dfw, "Non-printable ASCII characters may only appear inside double-quotes.");
dfilter: Fixup some scanner comments and patterns Fixup comment to reflect that unparsed is the only token type for the pattern, there is no "match" or "no match". Tighten the CIDR patterns and make sure it cannot match a rogue "..". This is ambiguous with 80..90 and must be treated extra carefully to support floating point formats without leading or terminating digits before or after the point. Reject the default match as a syntax error. This pattern is just a pitfall to make testing and debugging harder. Matching a single arbitrary character is never a valid unparsed string, except by chance.
2021-10-27 18:19:36 +00:00
return SCAN_FAILED;
Support CIDR notation in IPv4 address filtering. svn path=/trunk/; revision=3601
2001-06-22 16:29:15 +00:00
}
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
%%
Add DIAG_OFF_FLEX and DIAG_ON_FLEX for use in Flex scanners. DIAG_OFF_FLEX turns off all warnings that we want to disable for Flex-generated code due to some versions of Flex generating code that triggers those warnings. DIAG_ON_FLEX restores those warnings, so we do the checks for code that *we* wrote. Use them in .l files. Change-Id: I613a20309a30cd4c61111a1edbe27a5d05fcbf59 Reviewed-on: https://code.wireshark.org/review/25815 Petri-Dish: Guy Harris <guy@alum.mit.edu> Tested-by: Petri Dish Buildbot Reviewed-by: Guy Harris <guy@alum.mit.edu>
2018-02-16 07:17:04 +00:00
/*
* Turn diagnostics back on, so we check the code that we've written.
*/
DIAG_ON_FLEX
Disable flex-generated [-Wsign-compare] warnings Change-Id: Iace0462e6bb50573f3e4603f7a19e4b7ee1f9733 Reviewed-on: https://code.wireshark.org/review/23541 Petri-Dish: João Valverde <j@v6e.pt> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: João Valverde <j@v6e.pt>
2017-08-18 19:11:47 +00:00
Add Ed Warnicke's drange code to the new dfilter system. Not supported yet: [i-j] (offset-offset) Supported: [i] index [i:j] offset:length [:j] 0:offset [i:] offset:end [x,y] concatenation of slices svn path=/trunk/; revision=3080
2001-02-27 19:23:30 +00:00
static int
dfilter: Save token value to syntax tree When parsing we save the token value to the syntax tree. This is useful for better error reporting. Use it to report an invalid entity for the slice operation. Before only the memory location was reported, which is not a good error message. Before: % dftest '"01:02:03:04"[0:3] == foo' Filter: ""01:02:03:04"[0:3] == foo" dftest: Range is not supported for entity <0x7f6c84017740> of type STRING After: % dftest '"01:02:03:04"[0:3] == foo' Filter: ""01:02:03:04"[0:3] == foo" dftest: Range is not supported for entity 01:02:03:04 of type STRING When creating a new node from an old one we need to copy the token value. Simple tokens such as RBRACKET, COMMA and COLON are not part of the AST and don't have an associated semantic value.
2021-09-26 21:22:50 +00:00
set_lval_str(int token, const char *token_value)
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
{
dfilter: Use a string lval type in scanner Minor change to decouple the AST data structures from the lexical scanner. We pass a structure to allow for some future enhancements.
2021-10-26 09:09:36 +00:00
df_lval->value = g_strdup(token_value);
dfilter: Save token value to syntax tree When parsing we save the token value to the syntax tree. This is useful for better error reporting. Use it to report an invalid entity for the slice operation. Before only the memory location was reported, which is not a good error message. Before: % dftest '"01:02:03:04"[0:3] == foo' Filter: ""01:02:03:04"[0:3] == foo" dftest: Range is not supported for entity <0x7f6c84017740> of type STRING After: % dftest '"01:02:03:04"[0:3] == foo' Filter: ""01:02:03:04"[0:3] == foo" dftest: Range is not supported for entity 01:02:03:04 of type STRING When creating a new node from an old one we need to copy the token value. Simple tokens such as RBRACKET, COMMA and COLON are not part of the AST and don't have an associated semantic value.
2021-09-26 21:22:50 +00:00
return token;
}
dfilter: Support more C escape sequences in string literals Before: Filter: http.request.method == "\tHEAD" Constants: 00000 PUT_FVALUE "tHEAD" <FT_STRING> -> reg#1 (...) Filter: http.request.method == "\uHEAD" Constants: 00000 PUT_FVALUE "uHEAD" <FT_STRING> -> reg#1 (...) After: Filter: http.request.method == "\tHEAD" Constants: 00000 PUT_FVALUE "\x09HEAD" <FT_STRING> -> reg#1 (...) Filter: http.request.method == "\uHEAD" Constants: 00000 PUT_FVALUE "uHEAD" <FT_STRING> -> reg#1 (...)
2021-10-31 15:48:22 +00:00
dfilter: Reject invalid character escape sequences For double quoted strings. This is consistent with single quote character constants and the C standard. It also avoids common mistakes where the superfluous backslash is silently suppressed.
2021-11-23 13:40:14 +00:00
static gboolean
append_escaped_char(dfwork_t *dfw, GString *str, char c)
dfilter: Support more C escape sequences in string literals Before: Filter: http.request.method == "\tHEAD" Constants: 00000 PUT_FVALUE "tHEAD" <FT_STRING> -> reg#1 (...) Filter: http.request.method == "\uHEAD" Constants: 00000 PUT_FVALUE "uHEAD" <FT_STRING> -> reg#1 (...) After: Filter: http.request.method == "\tHEAD" Constants: 00000 PUT_FVALUE "\x09HEAD" <FT_STRING> -> reg#1 (...) Filter: http.request.method == "\uHEAD" Constants: 00000 PUT_FVALUE "uHEAD" <FT_STRING> -> reg#1 (...)
2021-10-31 15:48:22 +00:00
{
switch (c) {
case 'a':
c = '\a';
break;
case 'b':
c = '\b';
break;
case 'f':
c = '\f';
break;
case 'n':
c = '\n';
break;
case 'r':
c = '\r';
break;
case 't':
c = '\t';
break;
case 'v':
c = '\v';
break;
dfilter: Reject invalid character escape sequences For double quoted strings. This is consistent with single quote character constants and the C standard. It also avoids common mistakes where the superfluous backslash is silently suppressed.
2021-11-23 13:40:14 +00:00
case '\\':
case '\'':
case '\"':
dfilter: Support more C escape sequences in string literals Before: Filter: http.request.method == "\tHEAD" Constants: 00000 PUT_FVALUE "tHEAD" <FT_STRING> -> reg#1 (...) Filter: http.request.method == "\uHEAD" Constants: 00000 PUT_FVALUE "uHEAD" <FT_STRING> -> reg#1 (...) After: Filter: http.request.method == "\tHEAD" Constants: 00000 PUT_FVALUE "\x09HEAD" <FT_STRING> -> reg#1 (...) Filter: http.request.method == "\uHEAD" Constants: 00000 PUT_FVALUE "uHEAD" <FT_STRING> -> reg#1 (...)
2021-10-31 15:48:22 +00:00
break;
dfilter: Reject invalid character escape sequences For double quoted strings. This is consistent with single quote character constants and the C standard. It also avoids common mistakes where the superfluous backslash is silently suppressed.
2021-11-23 13:40:14 +00:00
default:
dfilter_fail(dfw, "\\%c is not a valid character escape sequence", c);
return FALSE;
dfilter: Support more C escape sequences in string literals Before: Filter: http.request.method == "\tHEAD" Constants: 00000 PUT_FVALUE "tHEAD" <FT_STRING> -> reg#1 (...) Filter: http.request.method == "\uHEAD" Constants: 00000 PUT_FVALUE "uHEAD" <FT_STRING> -> reg#1 (...) After: Filter: http.request.method == "\tHEAD" Constants: 00000 PUT_FVALUE "\x09HEAD" <FT_STRING> -> reg#1 (...) Filter: http.request.method == "\uHEAD" Constants: 00000 PUT_FVALUE "uHEAD" <FT_STRING> -> reg#1 (...)
2021-10-31 15:48:22 +00:00
}
dfilter: Reject invalid character escape sequences For double quoted strings. This is consistent with single quote character constants and the C standard. It also avoids common mistakes where the superfluous backslash is silently suppressed.
2021-11-23 13:40:14 +00:00
g_string_append_c(str, c);
return TRUE;
dfilter: Support more C escape sequences in string literals Before: Filter: http.request.method == "\tHEAD" Constants: 00000 PUT_FVALUE "tHEAD" <FT_STRING> -> reg#1 (...) Filter: http.request.method == "\uHEAD" Constants: 00000 PUT_FVALUE "uHEAD" <FT_STRING> -> reg#1 (...) After: Filter: http.request.method == "\tHEAD" Constants: 00000 PUT_FVALUE "\x09HEAD" <FT_STRING> -> reg#1 (...) Filter: http.request.method == "\uHEAD" Constants: 00000 PUT_FVALUE "uHEAD" <FT_STRING> -> reg#1 (...)
2021-10-31 15:48:22 +00:00
}
dfilter: Parse character constants in lexer Invalid character constants should be handled in the lexical scanner. Todo: See if some code could be shared to parse double quoted strings. It also fixes some unintuitive type coercions to string. Character constants should be treated as characters, or maybe integers, or maybe even throw an invalid comparison error, but coverting to a literal string or byte array is surprising and not particularly useful: '\xFF' -> "'\xFF'" (equals) '\xFF' -> "FF" (contains) Before: Filter: http.request.method contains "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "63" <FT_STRING> -> reg#1 (...) Filter: http.request.method == "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "'\\x63'" <FT_STRING> -> reg#1 (...) After: Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...)
2021-11-23 21:20:34 +00:00
static gboolean
parse_charconst(dfwork_t *dfw, const char *s, unsigned long *valuep)
{
const char *cp;
unsigned long value;
cp = s + 1; /* skip the leading ' */
dfilter: Clean up charconst error message
2021-11-24 09:29:24 +00:00
if (*cp == '\'') {
dfilter_fail(dfw, "Empty character constant.");
return FALSE;
}
dfilter: Parse character constants in lexer Invalid character constants should be handled in the lexical scanner. Todo: See if some code could be shared to parse double quoted strings. It also fixes some unintuitive type coercions to string. Character constants should be treated as characters, or maybe integers, or maybe even throw an invalid comparison error, but coverting to a literal string or byte array is surprising and not particularly useful: '\xFF' -> "'\xFF'" (equals) '\xFF' -> "FF" (contains) Before: Filter: http.request.method contains "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "63" <FT_STRING> -> reg#1 (...) Filter: http.request.method == "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "'\\x63'" <FT_STRING> -> reg#1 (...) After: Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...)
2021-11-23 21:20:34 +00:00
if (*cp == '\\') {
/*
* C escape sequence.
* An escape sequence is an octal number \NNN,
* an hex number \xNN, or one of \' \" \\ \a \b \f \n \r \t \v
* that stands for the byte value of the equivalent
* C-escape in ASCII encoding.
*/
cp++;
switch (*cp) {
case '\0':
dfilter: Clean up charconst error message
2021-11-24 09:29:24 +00:00
dfilter_fail(dfw, "%s isn't a valid character constant.", s);
dfilter: Parse character constants in lexer Invalid character constants should be handled in the lexical scanner. Todo: See if some code could be shared to parse double quoted strings. It also fixes some unintuitive type coercions to string. Character constants should be treated as characters, or maybe integers, or maybe even throw an invalid comparison error, but coverting to a literal string or byte array is surprising and not particularly useful: '\xFF' -> "'\xFF'" (equals) '\xFF' -> "FF" (contains) Before: Filter: http.request.method contains "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "63" <FT_STRING> -> reg#1 (...) Filter: http.request.method == "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "'\\x63'" <FT_STRING> -> reg#1 (...) After: Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...)
2021-11-23 21:20:34 +00:00
return FALSE;
case 'a':
value = '\a';
break;
case 'b':
value = '\b';
break;
case 'f':
value = '\f';
break;
case 'n':
value = '\n';
break;
case 'r':
value = '\r';
break;
case 't':
value = '\t';
break;
case 'v':
value = '\v';
break;
case '\'':
value = '\'';
break;
case '\\':
value = '\\';
break;
case '"':
value = '"';
break;
case 'x':
cp++;
if (*cp >= '0' && *cp <= '9')
value = *cp - '0';
else if (*cp >= 'A' && *cp <= 'F')
value = 10 + (*cp - 'A');
else if (*cp >= 'a' && *cp <= 'f')
value = 10 + (*cp - 'a');
else {
dfilter: Clean up charconst error message
2021-11-24 09:29:24 +00:00
dfilter_fail(dfw, "%s isn't a valid character constant.", s);
dfilter: Parse character constants in lexer Invalid character constants should be handled in the lexical scanner. Todo: See if some code could be shared to parse double quoted strings. It also fixes some unintuitive type coercions to string. Character constants should be treated as characters, or maybe integers, or maybe even throw an invalid comparison error, but coverting to a literal string or byte array is surprising and not particularly useful: '\xFF' -> "'\xFF'" (equals) '\xFF' -> "FF" (contains) Before: Filter: http.request.method contains "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "63" <FT_STRING> -> reg#1 (...) Filter: http.request.method == "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "'\\x63'" <FT_STRING> -> reg#1 (...) After: Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...)
2021-11-23 21:20:34 +00:00
return FALSE;
}
cp++;
if (*cp != '\'') {
value <<= 4;
if (*cp >= '0' && *cp <= '9')
value |= *cp - '0';
else if (*cp >= 'A' && *cp <= 'F')
value |= 10 + (*cp - 'A');
else if (*cp >= 'a' && *cp <= 'f')
value |= 10 + (*cp - 'a');
else {
dfilter: Clean up charconst error message
2021-11-24 09:29:24 +00:00
dfilter_fail(dfw, "%s isn't a valid character constant.", s);
dfilter: Parse character constants in lexer Invalid character constants should be handled in the lexical scanner. Todo: See if some code could be shared to parse double quoted strings. It also fixes some unintuitive type coercions to string. Character constants should be treated as characters, or maybe integers, or maybe even throw an invalid comparison error, but coverting to a literal string or byte array is surprising and not particularly useful: '\xFF' -> "'\xFF'" (equals) '\xFF' -> "FF" (contains) Before: Filter: http.request.method contains "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "63" <FT_STRING> -> reg#1 (...) Filter: http.request.method == "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "'\\x63'" <FT_STRING> -> reg#1 (...) After: Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...)
2021-11-23 21:20:34 +00:00
return FALSE;
}
}
break;
default:
/* Octal */
if (*cp >= '0' && *cp <= '7')
value = *cp - '0';
else {
dfilter: Clean up charconst error message
2021-11-24 09:29:24 +00:00
dfilter_fail(dfw, "%s isn't a valid character constant.", s);
dfilter: Parse character constants in lexer Invalid character constants should be handled in the lexical scanner. Todo: See if some code could be shared to parse double quoted strings. It also fixes some unintuitive type coercions to string. Character constants should be treated as characters, or maybe integers, or maybe even throw an invalid comparison error, but coverting to a literal string or byte array is surprising and not particularly useful: '\xFF' -> "'\xFF'" (equals) '\xFF' -> "FF" (contains) Before: Filter: http.request.method contains "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "63" <FT_STRING> -> reg#1 (...) Filter: http.request.method == "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "'\\x63'" <FT_STRING> -> reg#1 (...) After: Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...)
2021-11-23 21:20:34 +00:00
return FALSE;
}
if (*(cp + 1) != '\'') {
cp++;
value <<= 3;
if (*cp >= '0' && *cp <= '7')
value |= *cp - '0';
else {
dfilter: Clean up charconst error message
2021-11-24 09:29:24 +00:00
dfilter_fail(dfw, "%s isn't a valid character constant.", s);
dfilter: Parse character constants in lexer Invalid character constants should be handled in the lexical scanner. Todo: See if some code could be shared to parse double quoted strings. It also fixes some unintuitive type coercions to string. Character constants should be treated as characters, or maybe integers, or maybe even throw an invalid comparison error, but coverting to a literal string or byte array is surprising and not particularly useful: '\xFF' -> "'\xFF'" (equals) '\xFF' -> "FF" (contains) Before: Filter: http.request.method contains "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "63" <FT_STRING> -> reg#1 (...) Filter: http.request.method == "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "'\\x63'" <FT_STRING> -> reg#1 (...) After: Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...)
2021-11-23 21:20:34 +00:00
return FALSE;
}
if (*(cp + 1) != '\'') {
cp++;
value <<= 3;
if (*cp >= '0' && *cp <= '7')
value |= *cp - '0';
else {
dfilter: Clean up charconst error message
2021-11-24 09:29:24 +00:00
dfilter_fail(dfw, "%s isn't a valid character constant.", s);
dfilter: Parse character constants in lexer Invalid character constants should be handled in the lexical scanner. Todo: See if some code could be shared to parse double quoted strings. It also fixes some unintuitive type coercions to string. Character constants should be treated as characters, or maybe integers, or maybe even throw an invalid comparison error, but coverting to a literal string or byte array is surprising and not particularly useful: '\xFF' -> "'\xFF'" (equals) '\xFF' -> "FF" (contains) Before: Filter: http.request.method contains "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "63" <FT_STRING> -> reg#1 (...) Filter: http.request.method == "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "'\\x63'" <FT_STRING> -> reg#1 (...) After: Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...)
2021-11-23 21:20:34 +00:00
return FALSE;
}
}
}
if (value > 0xFF) {
dfilter: Clean up charconst error message
2021-11-24 09:29:24 +00:00
dfilter_fail(dfw, "%s is too large to be a valid character constant.", s);
dfilter: Parse character constants in lexer Invalid character constants should be handled in the lexical scanner. Todo: See if some code could be shared to parse double quoted strings. It also fixes some unintuitive type coercions to string. Character constants should be treated as characters, or maybe integers, or maybe even throw an invalid comparison error, but coverting to a literal string or byte array is surprising and not particularly useful: '\xFF' -> "'\xFF'" (equals) '\xFF' -> "FF" (contains) Before: Filter: http.request.method contains "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "63" <FT_STRING> -> reg#1 (...) Filter: http.request.method == "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "'\\x63'" <FT_STRING> -> reg#1 (...) After: Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...)
2021-11-23 21:20:34 +00:00
return FALSE;
}
}
} else {
value = *cp;
if (!g_ascii_isprint(value)) {
dfilter: Better representation for charconst
2021-11-27 17:31:16 +00:00
dfilter_fail(dfw, "Non-printable value '0x%02lx' in character constant.", value);
dfilter: Parse character constants in lexer Invalid character constants should be handled in the lexical scanner. Todo: See if some code could be shared to parse double quoted strings. It also fixes some unintuitive type coercions to string. Character constants should be treated as characters, or maybe integers, or maybe even throw an invalid comparison error, but coverting to a literal string or byte array is surprising and not particularly useful: '\xFF' -> "'\xFF'" (equals) '\xFF' -> "FF" (contains) Before: Filter: http.request.method contains "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "63" <FT_STRING> -> reg#1 (...) Filter: http.request.method == "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "'\\x63'" <FT_STRING> -> reg#1 (...) After: Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...)
2021-11-23 21:20:34 +00:00
return FALSE;
}
}
cp++;
if ((*cp != '\'') || (*(cp + 1) != '\0')){
dfilter: Clean up charconst error message
2021-11-24 09:29:24 +00:00
dfilter_fail(dfw, "%s is too long to be a valid character constant.", s);
dfilter: Parse character constants in lexer Invalid character constants should be handled in the lexical scanner. Todo: See if some code could be shared to parse double quoted strings. It also fixes some unintuitive type coercions to string. Character constants should be treated as characters, or maybe integers, or maybe even throw an invalid comparison error, but coverting to a literal string or byte array is surprising and not particularly useful: '\xFF' -> "'\xFF'" (equals) '\xFF' -> "FF" (contains) Before: Filter: http.request.method contains "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "63" <FT_STRING> -> reg#1 (...) Filter: http.request.method == "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "'\\x63'" <FT_STRING> -> reg#1 (...) After: Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...)
2021-11-23 21:20:34 +00:00
return FALSE;
}
*valuep = value;
return TRUE;
}