1999-08-12 21:16:32 +00:00
|
|
|
/* dfilter-int.h
|
|
|
|
* Definitions for routines common to multiple modules in the display
|
|
|
|
* filter code, but not used outside that code.
|
|
|
|
*
|
1999-10-11 06:39:26 +00:00
|
|
|
* $Id: dfilter-int.h,v 1.8 1999/10/11 06:39:04 guy Exp $
|
1999-08-12 21:16:32 +00:00
|
|
|
*
|
|
|
|
* Ethereal - Network traffic analyzer
|
|
|
|
* By Gerald Combs <gerald@zing.org>
|
|
|
|
* Copyright 1998 Gerald Combs
|
|
|
|
*
|
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
* as published by the Free Software Foundation; either version 2
|
|
|
|
* of the License, or (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#ifndef __DFILTER_INT_H__
|
|
|
|
#define __DFILTER_INT_H__
|
|
|
|
|
|
|
|
/* in dfilter-scanner.l */
|
|
|
|
GByteArray *byte_str_to_guint8_array(const char *s);
|
1999-08-13 23:47:43 +00:00
|
|
|
void dfilter_scanner_text(char*);
|
|
|
|
void dfilter_scanner_cleanup(void);
|
1999-08-12 21:16:32 +00:00
|
|
|
|
|
|
|
/* in dfilter-grammar.y */
|
1999-08-13 23:47:43 +00:00
|
|
|
extern dfilter *global_df;
|
1999-08-12 21:16:32 +00:00
|
|
|
|
|
|
|
/* Here we provide interfaces to make our scanner act and look like lex */
|
1999-10-10 18:16:43 +00:00
|
|
|
int dfilter_lex(void);
|
|
|
|
void dfilter_error(char *s);
|
Make "dfilter_error()" available to the lexical analyzer.
Get rid of the declaration of the non-existent "dfilter_yyerror()", and
put in some #defines to work around the fact that the #defines to
replace "yy" with "dfilter_" in the names of Flex-generated and
Yacc-generated routines aren't put into a header file, they're put into
".c" files.
Have it remember the error message it was handed (unless it's Yacc's
boring "parse error" message).
When generating the message to be shown to the user on a parse error,
make it be the "Unable to parse filter string" message, and, if a
non-boring error message was supplied to "dfilter_error()", take that
error message onto the end.
Don't panic if a field type we don't yet support in the parser is seen;
generate an error, telling the user we don't support filter on that type
yet.
Don't assume that "global_df" has been set if we see an empty statement
(if the first token was the end-marker, because, say, the first token
the lexical analyzer found was a field of a type not yet supported in
filter expressions, "global_df" won't have been set).
svn path=/trunk/; revision=783
1999-10-07 21:47:20 +00:00
|
|
|
|
Have "get_host_ipaddr()" return a Boolean indicating whether it
succeeded or failed, and, if it succeeded, have it fill in the IP
address if found through a pointer passed as the second argument.
Have it first try interpreting its first argument as a dotted-quad IP
address, with "inet_aton()", and, if that fails, have it try to
interpret it as a host name with "gethostbyname()"; don't bother with
"gethostbyaddr()", as we should be allowed to filter on IP addresses
even if there's no host name associated with them (there's no guarantee
that "gethostbyaddr()" will succeed if handed an IP address with no
corresponding name - and it looks as if FreeBSD 3.2, at least, may not
succeed in that case).
Add a "dfilter_fail()" routine that takes "printf()"-like arguments and
uses them to set an error message for the parse; doing so means that
even if the filter expression is syntactically valid, we treat it as
being invalid. (Is there a better way to force a parse to fail from
arbitrary places in routines called by the parser?)
Use that routine in the lexical analyzer.
If that error message was set, use it as is as the failure message,
rather than adding "Unable to parse filter string XXX" to it.
Have the code to handle IP addresses and host names in display filters
check whether "get_host_ipaddr()" succeeded or failed and, if it failed,
arrange that the parse fail with an error message indicating the source
of the problem.
svn path=/trunk/; revision=802
1999-10-11 03:03:12 +00:00
|
|
|
/* Report an error during compilation of a filter; this is called by code
|
|
|
|
* other than parser code, so all it does is record that an error occurred,
|
|
|
|
* so that even if the filter is nominally syntactically valid, we still
|
|
|
|
* fail.
|
|
|
|
*/
|
|
|
|
#if __GNUC__ == 2
|
|
|
|
void dfilter_fail(char *fmt, ...)
|
|
|
|
__attribute__((format (printf, 1, 2)));
|
|
|
|
#else
|
|
|
|
void dfilter_fail(char *fmt, ...);
|
|
|
|
#endif
|
1999-08-12 21:16:32 +00:00
|
|
|
|
|
|
|
/* functions that dfilter-grammar.y needs during parsing*/
|
|
|
|
gboolean check_relation_numeric(gint operand, GArray *a, GArray *b);
|
|
|
|
gboolean check_relation_ether(gint operand, GArray *a, GArray *b);
|
|
|
|
gboolean check_relation_bytes(gint operand, GArray *a, GArray *b);
|
|
|
|
|
|
|
|
gboolean fill_array_numeric_value(GNode *gnode, gpointer data);
|
|
|
|
gboolean fill_array_numeric_variable(GNode *gnode, gpointer data);
|
|
|
|
gboolean fill_array_ether_value(GNode *gnode, gpointer data);
|
|
|
|
gboolean fill_array_ether_variable(GNode *gnode, gpointer data);
|
|
|
|
gboolean fill_array_bytes_value(GNode *gnode, gpointer data);
|
|
|
|
gboolean fill_array_bytes_variable(GNode *gnode, gpointer data);
|
|
|
|
|
1999-08-13 23:47:43 +00:00
|
|
|
#ifdef WIN32
|
|
|
|
#define boolean truth_value
|
|
|
|
#endif
|
|
|
|
|
1999-08-12 21:16:32 +00:00
|
|
|
enum node_type {
|
|
|
|
relation, /* eq, ne, gt, ge, lt, le */
|
|
|
|
logical, /* and, or, not, xor */
|
|
|
|
variable, /* protocol or header field id */
|
|
|
|
existence, /* existence of a variable (protocol or hf) */
|
|
|
|
alternation, /* &, | */
|
|
|
|
boolean, /* true, false */
|
|
|
|
numeric, /* uint8, uint16, or uint32 value */
|
|
|
|
abs_time,
|
|
|
|
string,
|
|
|
|
ether,
|
|
|
|
bytes,
|
|
|
|
ipv4,
|
|
|
|
ipxnet
|
|
|
|
};
|
|
|
|
|
|
|
|
typedef gboolean(*CheckRelationFunc) (gint operand, GArray *a, GArray *b);
|
|
|
|
|
|
|
|
/* This struct is the parse tree node created by this grammary and used
|
|
|
|
* directly in the display filter routines to filter packets.
|
|
|
|
*/
|
|
|
|
typedef struct dfilter_node {
|
|
|
|
enum node_type ntype; /* from dfilter-grammar.h */
|
|
|
|
int elem_size; /* computed at dfilter parse time rather than
|
|
|
|
when finding elements for each packet. Saves time
|
|
|
|
in get_values_from_ptree() */
|
|
|
|
CheckRelationFunc check_relation_func;
|
|
|
|
GNodeTraverseFunc fill_array_func;
|
|
|
|
|
|
|
|
/* copied from proto.h */
|
|
|
|
union {
|
|
|
|
gint relation; /* if type == relation (eq, ne, gt, ge, lt, le) */
|
|
|
|
gint logical; /* if type == logical (and, or, not, xor) */
|
|
|
|
gint variable; /* if type == variable (protocol or header field abbrev) */
|
|
|
|
gint alternation; /* if type == alternation (& or |) */
|
|
|
|
|
|
|
|
guint32 numeric;
|
|
|
|
struct timeval abs_time; /* the whole struct, not a pointer */
|
|
|
|
gchar *string;
|
|
|
|
guint8 ether[6];
|
|
|
|
GByteArray *bytes;
|
|
|
|
} value;
|
|
|
|
|
|
|
|
/* used for byte-ranges */
|
|
|
|
gint offset;
|
|
|
|
guint length;
|
|
|
|
} dfilter_node;
|
|
|
|
|
|
|
|
/* lookup an abbreviation in our token hash, returing the ID # */
|
|
|
|
int dfilter_lookup_token(char *abbrev);
|
|
|
|
|
|
|
|
#endif /* ! __DFILTER_INT_H__ */
|