osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity
wireshark/epan/dfilter/grammar.lemon

516 lines
11 KiB
Plaintext
Raw Normal View History

Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
%include {
#include "config.h"
dfilter: Replace unparsed lexical type and simplify grammar Remove unparsed lexical type and replace it with identifier and constant. This separation is still necessary to differentiate names (fields and function) from literals that look like names but it has some advantages to do it at the lexical level. The main advantage is a much cleaner and simplified grammar, because we only have a single token type for field names, without any loss of generality (the same name is valid for fields and function names for example). The CONSTANT token type is necessary to be different from literal to provide errors for function rules.
2022-12-28 22:12:36 +00:00
#define WS_LOG_DOMAIN LOG_DOMAIN_DFILTER
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
Add missing includes in order to remove exceptions.h from proto.h (next commit). svn path=/trunk/; revision=53230
2013-11-10 15:59:37 +00:00
#include <assert.h>
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
#include "dfilter-int.h"
#include "syntax-tree.h"
dfilter: Add layer support for references This adds support for using the layers filter with field references. Before: $ dftest 'ip.src != ${ip.src#2}' dftest: invalid character in macro name After: $ dftest 'ip.src != ${ip.src#2}' Filter: ip.src != ${ip.src#2} Syntax tree: 0 TEST_ALL_NE: 1 FIELD(ip.src <FT_IPv4>) 1 REFERENCE(ip.src#[2:1] <FT_IPv4>) Instructions: 00000 READ_TREE ip.src <FT_IPv4> -> reg#0 00001 IF_FALSE_GOTO 5 00002 READ_REFERENCE_R ${ip.src <FT_IPv4>} #[2:1] -> reg#1 00003 IF_FALSE_GOTO 5 00004 ALL_NE reg#0 != reg#1 00005 RETURN This requires adding another level of complexity to references. When loading references we need to copy the 'proto_layer_num' and add the logic to filter on that. The "layer" sttype is removed and replace by a new field sttype with support for a range. This is a nice cleanup for the semantic check and general simplification. The grammar is better too with this design. Range sttype is renamed to slice for clarity.
2022-06-23 23:07:42 +00:00
#include "sttype-field.h"
#include "sttype-slice.h"
dfilter: Rename test syntax tree node Test node also includes arithmetic operations so rename it to a generic "operator" node.
2022-06-27 05:37:45 +00:00
#include "sttype-op.h"
Add infrastructure for display filter functions. Add upper() and lower() display filter functions for string fields. svn path=/trunk/; revision=18071
2006-05-02 14:26:17 +00:00
#include "sttype-function.h"
dfilter: Add membership operator Added a new relational test: 'x in {a b c}'. The only LHS entity supported at this time is a field. The generated DFVM operations are equivalent to an OR'ed series of =='s, but with the redundant existence tests removed. Change-Id: Iddc89b81cf7ad6319aef1a2a94f93314cb721a8a Reviewed-on: https://code.wireshark.org/review/10246 Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com> Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2015-08-19 03:03:41 +00:00
#include "sttype-set.h"
Add Ed Warnicke's drange code to the new dfilter system. Not supported yet: [i-j] (offset-offset) Supported: [i] index [i:j] offset:length [:j] 0:offset [i:] offset:end [x,y] concatenation of slices svn path=/trunk/; revision=3080
2001-02-27 19:23:30 +00:00
#include "drange.h"
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
- Include the .h files in their .c files. - Remove epan/dissectors/packet-sna.h, it isn't used anywhere. svn path=/trunk/; revision=15475
2005-08-20 16:19:22 +00:00
#include "grammar.h"
Implement a proposal from Elefterios Gabriel for SCCP: Add a table of DPCs and SSNs that allow to override the protocol that would be choosen so that the same SSN can use two different protocols in two different DPCs. I did not believe it someone could have done it, then I saw the captures... svn path=/trunk/; revision=21321
2007-04-03 19:08:00 +00:00
#ifdef _WIN32
#pragma warning(disable:4671)
#endif
Lemon grammar: fix indent (use tabs) Change-Id: I6fa38d5d85b25ac6c55fcfa67d6c8dba8482cc8c Reviewed-on: https://code.wireshark.org/review/10266 Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2015-08-26 08:32:52 +00:00
dfilter: Move a constructor to the grammar file
2021-11-05 06:41:41 +00:00
static stnode_t *
dfilter: Create the syntax node in the scanner and pass that Revert to passing a syntax node from the lexical scanner to the grammar parser. Using a union is not having a discernible advantage and requires duplicating a lot of properties of syntax nodes.
2022-04-07 23:12:56 +00:00
new_function(dfwork_t *dfw, stnode_t *node);
dfilter: Minor grammar cleanup Remove duplication for arithmetic expressions.
2022-04-04 11:52:41 +00:00
dfilter: Replace unparsed lexical type and simplify grammar Remove unparsed lexical type and replace it with identifier and constant. This separation is still necessary to differentiate names (fields and function) from literals that look like names but it has some advantages to do it at the lexical level. The main advantage is a much cleaner and simplified grammar, because we only have a single token type for field names, without any loss of generality (the same name is valid for fields and function names for example). The CONSTANT token type is necessary to be different from literal to provide errors for function rules.
2022-12-28 22:12:36 +00:00
#define FAIL(dfw, node, ...) \
do { \
ws_noisy("Parsing failed here."); \
dfilter_fail(dfw, DF_ERROR_GENERIC, stnode_location(node), __VA_ARGS__); \
} while (0)
dfilter: Add location tracking to scanner and use it to report errors Add location tracking as a column offset and length from offset to the scanner. Our input is a single line only so we don't need to track line offset. Record that information in the syntax tree. Return the error location in dfilter_compile(). Use it in dftest to mark the location of the error in the filter string. Later it would be nice to use the location in the GUI as well. $ dftest "ip.proto == aaaaaa and tcp.port == 123" Filter: ip.proto == aaaaaa and tcp.port == 123 dftest: "aaaaaa" cannot be found among the possible values for ip.proto. ip.proto == aaaaaa and tcp.port == 123 ^~~~~~
2022-04-07 12:57:39 +00:00
Add macros to control lemon diagnostics Rename flex macros using parenthesis (mostly a style issue): DIAG_OFF_FLEX -> DIAG_OFF_FLEX() DIAG_ON_FLEX -> DIAG_ON_FLEX() Use the same kind of construct with lemon generated code using DIAG_OFF_LEMON() and DIAG_ON_LEMON(). Use %include and %code directives to enforce the desired order with generated code in the middle in between pragmas. Fix a clang-specific pragma to use DIAG_OFF_CLANG(). DIAG_OFF(unreachable-code) -> DIAG_OFF_CLANG(unreachable-code). Apparently GCC is ignoring the -Wunreachable flag, that's why it did not trigger an unknown pragma warning. From [1}: The -Wunreachable-code has been removed, because it was unstable: it relied on the optimizer, and so different versions of gcc would warn about different code. The compiler still accepts and ignores the command line option so that existing Makefiles are not broken. In some future release the option will be removed entirely. - Ian [1] https://gcc.gnu.org/legacy-ml/gcc-help/2011-05/msg00360.html
2022-11-19 22:52:09 +00:00
DIAG_OFF_LEMON()
} /* end of %include */
%code {
DIAG_ON_LEMON()
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
}
/* Parser Information */
dfilter: Convert grammar.lemon to 4-space indentation Add global EditorConfig settings for lemon files. Add exceptions for the two grammar files that use tab indentation.
2021-12-01 19:45:30 +00:00
%name Dfilter
%token_prefix TOKEN_
%extra_argument {dfwork_t *dfw}
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
/* Terminal and Non-Terminal types and destructors */
dfilter: Create the syntax node in the scanner and pass that Revert to passing a syntax node from the lexical scanner to the grammar parser. Using a union is not having a discernible advantage and requires duplicating a lot of properties of syntax nodes.
2022-04-07 23:12:56 +00:00
%token_type {stnode_t*}
dfilter: Convert grammar.lemon to 4-space indentation Add global EditorConfig settings for lemon files. Add exceptions for the two grammar files that use tab indentation.
2021-12-01 19:45:30 +00:00
%token_destructor {
(void)dfw;
dfilter: Create the syntax node in the scanner and pass that Revert to passing a syntax node from the lexical scanner to the grammar parser. Using a union is not having a discernible advantage and requires duplicating a lot of properties of syntax nodes.
2022-04-07 23:12:56 +00:00
stnode_free($$);
Use "(void) <variable/>" to avoid unused variable warnings similar to Qt's Q_UNUSED macro. svn path=/trunk/; revision=54110
2013-12-14 23:44:25 +00:00
}
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
dfilter: Convert grammar.lemon to 4-space indentation Add global EditorConfig settings for lemon files. Add exceptions for the two grammar files that use tab indentation.
2021-12-01 19:45:30 +00:00
%default_type {stnode_t*}
%default_destructor {stnode_free($$);}
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
dfilter: Convert grammar.lemon to 4-space indentation Add global EditorConfig settings for lemon files. Add exceptions for the two grammar files that use tab indentation.
2021-12-01 19:45:30 +00:00
%type range_node_list {GSList*}
%destructor range_node_list {drange_node_free_list($$);}
Add Ed Warnicke's drange code to the new dfilter system. Not supported yet: [i-j] (offset-offset) Supported: [i] index [i:j] offset:length [:j] 0:offset [i:] offset:end [x,y] concatenation of slices svn path=/trunk/; revision=3080
2001-02-27 19:23:30 +00:00
dfilter: Rename grammar rules
2022-12-29 02:22:53 +00:00
%type func_params_list {GSList*}
%destructor func_params_list {st_funcparams_free($$);}
Add infrastructure for display filter functions. Add upper() and lower() display filter functions for string fields. svn path=/trunk/; revision=18071
2006-05-02 14:26:17 +00:00
dfilter: Convert grammar.lemon to 4-space indentation Add global EditorConfig settings for lemon files. Add exceptions for the two grammar files that use tab indentation.
2021-12-01 19:45:30 +00:00
%type set_list {GSList*}
%destructor set_list {set_nodelist_free($$);}
dfilter: Minor set grammar cleanup
2021-10-26 09:35:12 +00:00
dfilter: Rename grammar rules
2022-12-29 02:22:53 +00:00
%type set_element_list {GSList*}
%destructor set_element_list {set_nodelist_free($$);}
dfilter: Add membership operator Added a new relational test: 'x in {a b c}'. The only LHS entity supported at this time is a field. The generated DFVM operations are equivalent to an OR'ed series of =='s, but with the redundant existence tests removed. Change-Id: Iddc89b81cf7ad6319aef1a2a94f93314cb721a8a Reviewed-on: https://code.wireshark.org/review/10246 Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com> Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2015-08-19 03:03:41 +00:00
dfilter: Refactor error location tracking Remove duplicate location struct by adding a new header. Pass around a structure instead of a pointer.
2022-12-22 10:44:33 +00:00
/* This is called as soon as a syntax error happens. After that,
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
any "error" symbols are shifted, if possible. */
%syntax_error {
dfilter: Convert grammar.lemon to 4-space indentation Add global EditorConfig settings for lemon files. Add exceptions for the two grammar files that use tab indentation.
2021-12-01 19:45:30 +00:00
if (!TOKEN) {
dfilter: Refactor error location tracking Remove duplicate location struct by adding a new header. Pass around a structure instead of a pointer.
2022-12-22 10:44:33 +00:00
dfilter_fail(dfw, DF_ERROR_UNEXPECTED_END, DFILTER_LOC_EMPTY, "Unexpected end of filter expression.");
dfilter: Convert grammar.lemon to 4-space indentation Add global EditorConfig settings for lemon files. Add exceptions for the two grammar files that use tab indentation.
2021-12-01 19:45:30 +00:00
return;
}
dfilter: Add location tracking to scanner and use it to report errors Add location tracking as a column offset and length from offset to the scanner. Our input is a single line only so we don't need to track line offset. Record that information in the syntax tree. Return the error location in dfilter_compile(). Use it in dftest to mark the location of the error in the filter string. Later it would be nice to use the location in the GUI as well. $ dftest "ip.proto == aaaaaa and tcp.port == 123" Filter: ip.proto == aaaaaa and tcp.port == 123 dftest: "aaaaaa" cannot be found among the possible values for ip.proto. ip.proto == aaaaaa and tcp.port == 123 ^~~~~~
2022-04-07 12:57:39 +00:00
FAIL(dfw, TOKEN, "\"%s\" was unexpected in this context.", stnode_token(TOKEN));
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
}
/* When a parse fails, mark an error. This occurs after
the above syntax_error code and after the parser fails to
use error recovery, shifting an "error" symbol and successfully
shifting 3 more symbols. */
%parse_failure {
dfilter: Return an error object instead of string Return an struct containing error information. This simplifies the interface to more easily provide richer diagnostics in the future. Add an error code besides a human-readable error string to allow checking programmatically for errors in a robust manner. Currently there is only a generic error code, it is expected to increase in the future. Move error location information to the struct. Change callers and implementation to use the new interface.
2022-11-19 19:21:19 +00:00
dfw->parse_failure = TRUE;
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
}
/* ----------------- The grammar -------------- */
/* Associativity */
%left TEST_OR.
dfilter: Make logical AND higher precedence than logical OR In most, if not all, programming languages logical AND has higher precedence than logical OR. Apply the principle of least surprise and do the same for Wireshark display filters. Before: ip and tcp or udp => ip and (tcp or udp) Filter: ip and tcp or udp Instructions: 00000 CHECK_EXISTS ip 00001 IF_FALSE_GOTO 5 00002 CHECK_EXISTS tcp 00003 IF_TRUE_GOTO 5 00004 CHECK_EXISTS udp 00005 RETURN After: ip and tcp or udp => (ip and tcp) or udp Filter: ip and tcp or udp Instructions: 00000 CHECK_EXISTS ip 00001 IF_FALSE_GOTO 4 00002 CHECK_EXISTS tcp 00003 IF_TRUE_GOTO 5 00004 CHECK_EXISTS udp 00005 RETURN
2022-04-03 16:57:23 +00:00
%left TEST_AND.
%right TEST_NOT.
dfilter: Add an "all equal" operator To complete the set of equality operators add an "all equal" operator that matches a frame if all fields match the condition. The symbol chosen for "all_eq" is "===".
2021-12-13 01:06:01 +00:00
%nonassoc TEST_ALL_EQ TEST_ANY_EQ TEST_ALL_NE TEST_ANY_NE TEST_LT TEST_LE TEST_GT TEST_GE
dfilter: Minor grammar cleanup Remove duplication for arithmetic expressions.
2022-04-04 11:52:41 +00:00
TEST_CONTAINS TEST_MATCHES.
%left BITWISE_AND.
%left PLUS MINUS.
%left STAR RSLASH PERCENT.
dfilter: Allow grouping arithmetical expressions with { } This removes the limitation of having only two terms in an arithmetic expression and allows setting the precedence using curly braces (like any basic calculator). Our grammar currently does not allow grouping arithmetic expressions using parenthesis, because boolean expressions and arithmetic expressions are different and parenthesis are used with the former.
2022-04-04 15:52:11 +00:00
%nonassoc UNARY_PLUS UNARY_MINUS.
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
/* Top-level targets */
dfilter: Convert grammar.lemon to 4-space indentation Add global EditorConfig settings for lemon files. Add exceptions for the two grammar files that use tab indentation.
2021-12-01 19:45:30 +00:00
sentence ::= expr(X). { dfw->st_root = X; }
sentence ::= . { dfw->st_root = NULL; }
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
dfilter: Add support for universal quantifiers Adds the keywords "any" and "all" to implement the quantification to any existing relational operator. Filter: all tcp.port in {100, 2000..3000} Syntax tree: 0 ALL TEST_IN: 1 FIELD(tcp.port) 1 SET(#2): 2 FVALUE(100 <FT_UINT16>) 2 FVALUE(2000 <FT_UINT16>) .. FVALUE(3000 <FT_UINT16>) Instructions: 00000 READ_TREE tcp.port -> reg#0 00001 IF_FALSE_GOTO 5 00002 ALL_EQ reg#0 === 100 <FT_UINT16> 00003 IF_TRUE_GOTO 5 00004 ALL_IN_RANGE reg#0 in { 2000 <FT_UINT16> .. 3000 <FT_UINT16> } 00005 RETURN
2022-04-19 23:04:05 +00:00
expr(X) ::= relation(R). { X = R; }
dfilter: Allow grouping arithmetical expressions with { } This removes the limitation of having only two terms in an arithmetic expression and allows setting the precedence using curly braces (like any basic calculator). Our grammar currently does not allow grouping arithmetic expressions using parenthesis, because boolean expressions and arithmetic expressions are different and parenthesis are used with the former.
2022-04-04 15:52:11 +00:00
expr(X) ::= arithmetic_expr(E). { X = E; }
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
/* Logical tests */
dfilter: Allow grouping arithmetical expressions with { } This removes the limitation of having only two terms in an arithmetic expression and allows setting the precedence using curly braces (like any basic calculator). Our grammar currently does not allow grouping arithmetic expressions using parenthesis, because boolean expressions and arithmetic expressions are different and parenthesis are used with the former.
2022-04-04 15:52:11 +00:00
expr(X) ::= expr(Y) TEST_AND(T) expr(Z).
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
{
dfilter: Create the syntax node in the scanner and pass that Revert to passing a syntax node from the lexical scanner to the grammar parser. Using a union is not having a discernible advantage and requires duplicating a lot of properties of syntax nodes.
2022-04-07 23:12:56 +00:00
X = T;
dfilter: Rename test syntax tree node Test node also includes arithmetic operations so rename it to a generic "operator" node.
2022-06-27 05:37:45 +00:00
sttype_oper_set2(X, STNODE_OP_AND, Y, Z);
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
}
dfilter: Allow grouping arithmetical expressions with { } This removes the limitation of having only two terms in an arithmetic expression and allows setting the precedence using curly braces (like any basic calculator). Our grammar currently does not allow grouping arithmetic expressions using parenthesis, because boolean expressions and arithmetic expressions are different and parenthesis are used with the former.
2022-04-04 15:52:11 +00:00
expr(X) ::= expr(Y) TEST_OR(T) expr(Z).
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
{
dfilter: Create the syntax node in the scanner and pass that Revert to passing a syntax node from the lexical scanner to the grammar parser. Using a union is not having a discernible advantage and requires duplicating a lot of properties of syntax nodes.
2022-04-07 23:12:56 +00:00
X = T;
dfilter: Rename test syntax tree node Test node also includes arithmetic operations so rename it to a generic "operator" node.
2022-06-27 05:37:45 +00:00
sttype_oper_set2(X, STNODE_OP_OR, Y, Z);
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
}
dfilter: Allow grouping arithmetical expressions with { } This removes the limitation of having only two terms in an arithmetic expression and allows setting the precedence using curly braces (like any basic calculator). Our grammar currently does not allow grouping arithmetic expressions using parenthesis, because boolean expressions and arithmetic expressions are different and parenthesis are used with the former.
2022-04-04 15:52:11 +00:00
expr(X) ::= TEST_NOT(T) expr(Y).
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
{
dfilter: Create the syntax node in the scanner and pass that Revert to passing a syntax node from the lexical scanner to the grammar parser. Using a union is not having a discernible advantage and requires duplicating a lot of properties of syntax nodes.
2022-04-07 23:12:56 +00:00
X = T;
dfilter: Rename test syntax tree node Test node also includes arithmetic operations so rename it to a generic "operator" node.
2022-06-27 05:37:45 +00:00
sttype_oper_set1(X, STNODE_OP_NOT, Y);
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
}
dfilter: Allow grouping arithmetical expressions with { } This removes the limitation of having only two terms in an arithmetic expression and allows setting the precedence using curly braces (like any basic calculator). Our grammar currently does not allow grouping arithmetic expressions using parenthesis, because boolean expressions and arithmetic expressions are different and parenthesis are used with the former.
2022-04-04 15:52:11 +00:00
/* Any expression inside parens is simply that expression */
dfilter: Improve error location for parenthesized expressions
2022-12-25 21:49:44 +00:00
expr(X) ::= LPAREN(L) expr(Y) RPAREN(R).
{
X = Y;
df_loc_t loc = stnode_merge_location(L, Y, R, (stnode_t *)NULL);
stnode_set_location(X, loc);
dfilter: Fix grammar memory leak
2022-12-26 18:48:54 +00:00
stnode_free(L);
stnode_free(R);
dfilter: Improve error location for parenthesized expressions
2022-12-25 21:49:44 +00:00
}
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
/* Entities, or things that can be compared/tested/checked */
dfilter: Create the syntax node in the scanner and pass that Revert to passing a syntax node from the lexical scanner to the grammar parser. Using a union is not having a discernible advantage and requires duplicating a lot of properties of syntax nodes.
2022-04-07 23:12:56 +00:00
atom(A) ::= STRING(S). { A = S; }
atom(A) ::= CHARCONST(N). { A = N; }
atom(A) ::= LITERAL(S). { A = S; }
dfilter: Replace unparsed lexical type and simplify grammar Remove unparsed lexical type and replace it with identifier and constant. This separation is still necessary to differentiate names (fields and function) from literals that look like names but it has some advantages to do it at the lexical level. The main advantage is a much cleaner and simplified grammar, because we only have a single token type for field names, without any loss of generality (the same name is valid for fields and function names for example). The CONSTANT token type is necessary to be different from literal to provide errors for function rules.
2022-12-28 22:12:36 +00:00
atom(A) ::= CONSTANT(C). { A = C; }
dfilter: Allow grouping arithmetical expressions with { } This removes the limitation of having only two terms in an arithmetic expression and allows setting the precedence using curly braces (like any basic calculator). Our grammar currently does not allow grouping arithmetic expressions using parenthesis, because boolean expressions and arithmetic expressions are different and parenthesis are used with the former.
2022-04-04 15:52:11 +00:00
dfilter: Replace unparsed lexical type and simplify grammar Remove unparsed lexical type and replace it with identifier and constant. This separation is still necessary to differentiate names (fields and function) from literals that look like names but it has some advantages to do it at the lexical level. The main advantage is a much cleaner and simplified grammar, because we only have a single token type for field names, without any loss of generality (the same name is valid for fields and function names for example). The CONSTANT token type is necessary to be different from literal to provide errors for function rules.
2022-12-28 22:12:36 +00:00
named_field(X) ::= FIELD(F).
dfilter: Add syntax to match specific layers in the protocol stack Add support to display filters for matching a specific layer within a frame. Layers are counted sequentially up the protocol stack. Each protocol (dissector) that appears in the stack is one layer. LINK-LAYER#1 <-> IP#1 <-> TCP#1 <-> IP#2 <-> TCP#2 <-> etc. The syntax allows for negative indexes and ranges with the usual semantics for slices (but note that counting starts at one): tcp.port#[2-4] == 1024 Matches layers 2 to 4 inclusive. Fixes #3791.
2022-04-09 22:03:40 +00:00
{
dfilter: Replace unparsed lexical type and simplify grammar Remove unparsed lexical type and replace it with identifier and constant. This separation is still necessary to differentiate names (fields and function) from literals that look like names but it has some advantages to do it at the lexical level. The main advantage is a much cleaner and simplified grammar, because we only have a single token type for field names, without any loss of generality (the same name is valid for fields and function names for example). The CONSTANT token type is necessary to be different from literal to provide errors for function rules.
2022-12-28 22:12:36 +00:00
X = F;
dfilter: Add syntax to match specific layers in the protocol stack Add support to display filters for matching a specific layer within a frame. Layers are counted sequentially up the protocol stack. Each protocol (dissector) that appears in the stack is one layer. LINK-LAYER#1 <-> IP#1 <-> TCP#1 <-> IP#2 <-> TCP#2 <-> etc. The syntax allows for negative indexes and ranges with the usual semantics for slices (but note that counting starts at one): tcp.port#[2-4] == 1024 Matches layers 2 to 4 inclusive. Fixes #3791.
2022-04-09 22:03:40 +00:00
}
dfilter: Replace unparsed lexical type and simplify grammar Remove unparsed lexical type and replace it with identifier and constant. This separation is still necessary to differentiate names (fields and function) from literals that look like names but it has some advantages to do it at the lexical level. The main advantage is a much cleaner and simplified grammar, because we only have a single token type for field names, without any loss of generality (the same name is valid for fields and function names for example). The CONSTANT token type is necessary to be different from literal to provide errors for function rules.
2022-12-28 22:12:36 +00:00
named_field(X) ::= IDENTIFIER(U).
dfilter: Add syntax to match specific layers in the protocol stack Add support to display filters for matching a specific layer within a frame. Layers are counted sequentially up the protocol stack. Each protocol (dissector) that appears in the stack is one layer. LINK-LAYER#1 <-> IP#1 <-> TCP#1 <-> IP#2 <-> TCP#2 <-> etc. The syntax allows for negative indexes and ranges with the usual semantics for slices (but note that counting starts at one): tcp.port#[2-4] == 1024 Matches layers 2 to 4 inclusive. Fixes #3791.
2022-04-09 22:03:40 +00:00
{
dfilter: Replace unparsed lexical type and simplify grammar Remove unparsed lexical type and replace it with identifier and constant. This separation is still necessary to differentiate names (fields and function) from literals that look like names but it has some advantages to do it at the lexical level. The main advantage is a much cleaner and simplified grammar, because we only have a single token type for field names, without any loss of generality (the same name is valid for fields and function names for example). The CONSTANT token type is necessary to be different from literal to provide errors for function rules.
2022-12-28 22:12:36 +00:00
X = U;
const char *name = stnode_token(U);
header_field_info *hfinfo = dfilter_resolve_unparsed(dfw, name);
if (hfinfo == NULL) {
FAIL(dfw, U, "\"%s\" is not a valid protocol or protocol field.", name);
dfilter: Add syntax to match specific layers in the protocol stack Add support to display filters for matching a specific layer within a frame. Layers are counted sequentially up the protocol stack. Each protocol (dissector) that appears in the stack is one layer. LINK-LAYER#1 <-> IP#1 <-> TCP#1 <-> IP#2 <-> TCP#2 <-> etc. The syntax allows for negative indexes and ranges with the usual semantics for slices (but note that counting starts at one): tcp.port#[2-4] == 1024 Matches layers 2 to 4 inclusive. Fixes #3791.
2022-04-09 22:03:40 +00:00
}
dfilter: Replace unparsed lexical type and simplify grammar Remove unparsed lexical type and replace it with identifier and constant. This separation is still necessary to differentiate names (fields and function) from literals that look like names but it has some advantages to do it at the lexical level. The main advantage is a much cleaner and simplified grammar, because we only have a single token type for field names, without any loss of generality (the same name is valid for fields and function names for example). The CONSTANT token type is necessary to be different from literal to provide errors for function rules.
2022-12-28 22:12:36 +00:00
stnode_replace(X, STTYPE_FIELD, hfinfo);
dfilter: Add layer support for references This adds support for using the layers filter with field references. Before: $ dftest 'ip.src != ${ip.src#2}' dftest: invalid character in macro name After: $ dftest 'ip.src != ${ip.src#2}' Filter: ip.src != ${ip.src#2} Syntax tree: 0 TEST_ALL_NE: 1 FIELD(ip.src <FT_IPv4>) 1 REFERENCE(ip.src#[2:1] <FT_IPv4>) Instructions: 00000 READ_TREE ip.src <FT_IPv4> -> reg#0 00001 IF_FALSE_GOTO 5 00002 READ_REFERENCE_R ${ip.src <FT_IPv4>} #[2:1] -> reg#1 00003 IF_FALSE_GOTO 5 00004 ALL_NE reg#0 != reg#1 00005 RETURN This requires adding another level of complexity to references. When loading references we need to copy the 'proto_layer_num' and add the logic to filter on that. The "layer" sttype is removed and replace by a new field sttype with support for a range. This is a nice cleanup for the semantic check and general simplification. The grammar is better too with this design. Range sttype is renamed to slice for clarity.
2022-06-23 23:07:42 +00:00
}
dfilter: Replace unparsed lexical type and simplify grammar Remove unparsed lexical type and replace it with identifier and constant. This separation is still necessary to differentiate names (fields and function) from literals that look like names but it has some advantages to do it at the lexical level. The main advantage is a much cleaner and simplified grammar, because we only have a single token type for field names, without any loss of generality (the same name is valid for fields and function names for example). The CONSTANT token type is necessary to be different from literal to provide errors for function rules.
2022-12-28 22:12:36 +00:00
layered_field(R) ::= named_field(F).
dfilter: Add layer support for references This adds support for using the layers filter with field references. Before: $ dftest 'ip.src != ${ip.src#2}' dftest: invalid character in macro name After: $ dftest 'ip.src != ${ip.src#2}' Filter: ip.src != ${ip.src#2} Syntax tree: 0 TEST_ALL_NE: 1 FIELD(ip.src <FT_IPv4>) 1 REFERENCE(ip.src#[2:1] <FT_IPv4>) Instructions: 00000 READ_TREE ip.src <FT_IPv4> -> reg#0 00001 IF_FALSE_GOTO 5 00002 READ_REFERENCE_R ${ip.src <FT_IPv4>} #[2:1] -> reg#1 00003 IF_FALSE_GOTO 5 00004 ALL_NE reg#0 != reg#1 00005 RETURN This requires adding another level of complexity to references. When loading references we need to copy the 'proto_layer_num' and add the logic to filter on that. The "layer" sttype is removed and replace by a new field sttype with support for a range. This is a nice cleanup for the semantic check and general simplification. The grammar is better too with this design. Range sttype is renamed to slice for clarity.
2022-06-23 23:07:42 +00:00
{
R = F;
}
dfilter: Replace unparsed lexical type and simplify grammar Remove unparsed lexical type and replace it with identifier and constant. This separation is still necessary to differentiate names (fields and function) from literals that look like names but it has some advantages to do it at the lexical level. The main advantage is a much cleaner and simplified grammar, because we only have a single token type for field names, without any loss of generality (the same name is valid for fields and function names for example). The CONSTANT token type is necessary to be different from literal to provide errors for function rules.
2022-12-28 22:12:36 +00:00
layered_field(R) ::= named_field(F) HASH LBRACKET range_node_list(L) RBRACKET.
dfilter: Add layer support for references This adds support for using the layers filter with field references. Before: $ dftest 'ip.src != ${ip.src#2}' dftest: invalid character in macro name After: $ dftest 'ip.src != ${ip.src#2}' Filter: ip.src != ${ip.src#2} Syntax tree: 0 TEST_ALL_NE: 1 FIELD(ip.src <FT_IPv4>) 1 REFERENCE(ip.src#[2:1] <FT_IPv4>) Instructions: 00000 READ_TREE ip.src <FT_IPv4> -> reg#0 00001 IF_FALSE_GOTO 5 00002 READ_REFERENCE_R ${ip.src <FT_IPv4>} #[2:1] -> reg#1 00003 IF_FALSE_GOTO 5 00004 ALL_NE reg#0 != reg#1 00005 RETURN This requires adding another level of complexity to references. When loading references we need to copy the 'proto_layer_num' and add the logic to filter on that. The "layer" sttype is removed and replace by a new field sttype with support for a range. This is a nice cleanup for the semantic check and general simplification. The grammar is better too with this design. Range sttype is renamed to slice for clarity.
2022-06-23 23:07:42 +00:00
{
R = F;
sttype_field_set_range(R, L);
g_slist_free(L);
}
dfilter: Replace unparsed lexical type and simplify grammar Remove unparsed lexical type and replace it with identifier and constant. This separation is still necessary to differentiate names (fields and function) from literals that look like names but it has some advantages to do it at the lexical level. The main advantage is a much cleaner and simplified grammar, because we only have a single token type for field names, without any loss of generality (the same name is valid for fields and function names for example). The CONSTANT token type is necessary to be different from literal to provide errors for function rules.
2022-12-28 22:12:36 +00:00
layered_field(R) ::= named_field(F) HASH INTEGER(N).
dfilter: Add layer support for references This adds support for using the layers filter with field references. Before: $ dftest 'ip.src != ${ip.src#2}' dftest: invalid character in macro name After: $ dftest 'ip.src != ${ip.src#2}' Filter: ip.src != ${ip.src#2} Syntax tree: 0 TEST_ALL_NE: 1 FIELD(ip.src <FT_IPv4>) 1 REFERENCE(ip.src#[2:1] <FT_IPv4>) Instructions: 00000 READ_TREE ip.src <FT_IPv4> -> reg#0 00001 IF_FALSE_GOTO 5 00002 READ_REFERENCE_R ${ip.src <FT_IPv4>} #[2:1] -> reg#1 00003 IF_FALSE_GOTO 5 00004 ALL_NE reg#0 != reg#1 00005 RETURN This requires adding another level of complexity to references. When loading references we need to copy the 'proto_layer_num' and add the logic to filter on that. The "layer" sttype is removed and replace by a new field sttype with support for a range. This is a nice cleanup for the semantic check and general simplification. The grammar is better too with this design. Range sttype is renamed to slice for clarity.
2022-06-23 23:07:42 +00:00
{
dfilter: Replace unparsed lexical type and simplify grammar Remove unparsed lexical type and replace it with identifier and constant. This separation is still necessary to differentiate names (fields and function) from literals that look like names but it has some advantages to do it at the lexical level. The main advantage is a much cleaner and simplified grammar, because we only have a single token type for field names, without any loss of generality (the same name is valid for fields and function names for example). The CONSTANT token type is necessary to be different from literal to provide errors for function rules.
2022-12-28 22:12:36 +00:00
R = F;
char *err_msg = NULL;
drange_node *range = drange_node_from_str(stnode_token(N), &err_msg);
if (err_msg != NULL) {
FAIL(dfw, N, "%s", err_msg);
g_free(err_msg);
dfilter: Add layer support for references This adds support for using the layers filter with field references. Before: $ dftest 'ip.src != ${ip.src#2}' dftest: invalid character in macro name After: $ dftest 'ip.src != ${ip.src#2}' Filter: ip.src != ${ip.src#2} Syntax tree: 0 TEST_ALL_NE: 1 FIELD(ip.src <FT_IPv4>) 1 REFERENCE(ip.src#[2:1] <FT_IPv4>) Instructions: 00000 READ_TREE ip.src <FT_IPv4> -> reg#0 00001 IF_FALSE_GOTO 5 00002 READ_REFERENCE_R ${ip.src <FT_IPv4>} #[2:1] -> reg#1 00003 IF_FALSE_GOTO 5 00004 ALL_NE reg#0 != reg#1 00005 RETURN This requires adding another level of complexity to references. When loading references we need to copy the 'proto_layer_num' and add the logic to filter on that. The "layer" sttype is removed and replace by a new field sttype with support for a range. This is a nice cleanup for the semantic check and general simplification. The grammar is better too with this design. Range sttype is renamed to slice for clarity.
2022-06-23 23:07:42 +00:00
}
dfilter: Replace unparsed lexical type and simplify grammar Remove unparsed lexical type and replace it with identifier and constant. This separation is still necessary to differentiate names (fields and function) from literals that look like names but it has some advantages to do it at the lexical level. The main advantage is a much cleaner and simplified grammar, because we only have a single token type for field names, without any loss of generality (the same name is valid for fields and function names for example). The CONSTANT token type is necessary to be different from literal to provide errors for function rules.
2022-12-28 22:12:36 +00:00
sttype_field_set_range1(R, range);
stnode_free(N);
dfilter: Add layer support for references This adds support for using the layers filter with field references. Before: $ dftest 'ip.src != ${ip.src#2}' dftest: invalid character in macro name After: $ dftest 'ip.src != ${ip.src#2}' Filter: ip.src != ${ip.src#2} Syntax tree: 0 TEST_ALL_NE: 1 FIELD(ip.src <FT_IPv4>) 1 REFERENCE(ip.src#[2:1] <FT_IPv4>) Instructions: 00000 READ_TREE ip.src <FT_IPv4> -> reg#0 00001 IF_FALSE_GOTO 5 00002 READ_REFERENCE_R ${ip.src <FT_IPv4>} #[2:1] -> reg#1 00003 IF_FALSE_GOTO 5 00004 ALL_NE reg#0 != reg#1 00005 RETURN This requires adding another level of complexity to references. When loading references we need to copy the 'proto_layer_num' and add the logic to filter on that. The "layer" sttype is removed and replace by a new field sttype with support for a range. This is a nice cleanup for the semantic check and general simplification. The grammar is better too with this design. Range sttype is renamed to slice for clarity.
2022-06-23 23:07:42 +00:00
}
dfilter: Replace unparsed lexical type and simplify grammar Remove unparsed lexical type and replace it with identifier and constant. This separation is still necessary to differentiate names (fields and function) from literals that look like names but it has some advantages to do it at the lexical level. The main advantage is a much cleaner and simplified grammar, because we only have a single token type for field names, without any loss of generality (the same name is valid for fields and function names for example). The CONSTANT token type is necessary to be different from literal to provide errors for function rules.
2022-12-28 22:12:36 +00:00
rawable_field(R) ::= layered_field(F).
dfilter: Add support for raw (bytes) addressing mode This adds new syntax to read a field from the tree as bytes, instead of the actual type. This is a useful extension for example to match matformed strings that contain unicode replacement characters. In this case it is not possible to match the raw value of the malformed string field. This extension fills this need and is generic enough that it should be useful in many other situations. The syntax used is to prefix the field name with "@". The following artificial example tests if the HTTP user agent contains a particular invalid UTF-8 sequence: @http.user_agent == "Mozill\xAA" Where simply using "http.user_agent" won't work because the invalid byte sequence will have been replaced with U+FFFD. Considering the following programs: $ dftest '_ws.ftypes.string == "ABC"' Filter: _ws.ftypes.string == "ABC" Syntax tree: 0 TEST_ANY_EQ: 1 FIELD(_ws.ftypes.string <FT_STRING>) 1 FVALUE("ABC" <FT_STRING>) Instructions: 00000 READ_TREE _ws.ftypes.string <FT_STRING> -> reg#0 00001 IF_FALSE_GOTO 3 00002 ANY_EQ reg#0 == "ABC" <FT_STRING> 00003 RETURN $ dftest '@_ws.ftypes.string == "ABC"' Filter: @_ws.ftypes.string == "ABC" Syntax tree: 0 TEST_ANY_EQ: 1 FIELD(_ws.ftypes.string <RAW>) 1 FVALUE(41:42:43 <FT_BYTES>) Instructions: 00000 READ_TREE @_ws.ftypes.string <FT_BYTES> -> reg#0 00001 IF_FALSE_GOTO 3 00002 ANY_EQ reg#0 == 41:42:43 <FT_BYTES> 00003 RETURN In the second case the field has a "raw" type, that equates directly to FT_BYTES, and the field value is read from the protocol raw data.
2022-10-25 03:20:18 +00:00
{
R = F;
}
dfilter: Replace unparsed lexical type and simplify grammar Remove unparsed lexical type and replace it with identifier and constant. This separation is still necessary to differentiate names (fields and function) from literals that look like names but it has some advantages to do it at the lexical level. The main advantage is a much cleaner and simplified grammar, because we only have a single token type for field names, without any loss of generality (the same name is valid for fields and function names for example). The CONSTANT token type is necessary to be different from literal to provide errors for function rules.
2022-12-28 22:12:36 +00:00
rawable_field(R) ::= ATSIGN layered_field(F).
dfilter: Add support for raw (bytes) addressing mode This adds new syntax to read a field from the tree as bytes, instead of the actual type. This is a useful extension for example to match matformed strings that contain unicode replacement characters. In this case it is not possible to match the raw value of the malformed string field. This extension fills this need and is generic enough that it should be useful in many other situations. The syntax used is to prefix the field name with "@". The following artificial example tests if the HTTP user agent contains a particular invalid UTF-8 sequence: @http.user_agent == "Mozill\xAA" Where simply using "http.user_agent" won't work because the invalid byte sequence will have been replaced with U+FFFD. Considering the following programs: $ dftest '_ws.ftypes.string == "ABC"' Filter: _ws.ftypes.string == "ABC" Syntax tree: 0 TEST_ANY_EQ: 1 FIELD(_ws.ftypes.string <FT_STRING>) 1 FVALUE("ABC" <FT_STRING>) Instructions: 00000 READ_TREE _ws.ftypes.string <FT_STRING> -> reg#0 00001 IF_FALSE_GOTO 3 00002 ANY_EQ reg#0 == "ABC" <FT_STRING> 00003 RETURN $ dftest '@_ws.ftypes.string == "ABC"' Filter: @_ws.ftypes.string == "ABC" Syntax tree: 0 TEST_ANY_EQ: 1 FIELD(_ws.ftypes.string <RAW>) 1 FVALUE(41:42:43 <FT_BYTES>) Instructions: 00000 READ_TREE @_ws.ftypes.string <FT_BYTES> -> reg#0 00001 IF_FALSE_GOTO 3 00002 ANY_EQ reg#0 == 41:42:43 <FT_BYTES> 00003 RETURN In the second case the field has a "raw" type, that equates directly to FT_BYTES, and the field value is read from the protocol raw data.
2022-10-25 03:20:18 +00:00
{
R = F;
sttype_field_set_raw(R, TRUE);
}
dfilter: Replace unparsed lexical type and simplify grammar Remove unparsed lexical type and replace it with identifier and constant. This separation is still necessary to differentiate names (fields and function) from literals that look like names but it has some advantages to do it at the lexical level. The main advantage is a much cleaner and simplified grammar, because we only have a single token type for field names, without any loss of generality (the same name is valid for fields and function names for example). The CONSTANT token type is necessary to be different from literal to provide errors for function rules.
2022-12-28 22:12:36 +00:00
reference(R) ::= DOLLAR LBRACE rawable_field(F) RBRACE.
dfilter: Add layer support for references This adds support for using the layers filter with field references. Before: $ dftest 'ip.src != ${ip.src#2}' dftest: invalid character in macro name After: $ dftest 'ip.src != ${ip.src#2}' Filter: ip.src != ${ip.src#2} Syntax tree: 0 TEST_ALL_NE: 1 FIELD(ip.src <FT_IPv4>) 1 REFERENCE(ip.src#[2:1] <FT_IPv4>) Instructions: 00000 READ_TREE ip.src <FT_IPv4> -> reg#0 00001 IF_FALSE_GOTO 5 00002 READ_REFERENCE_R ${ip.src <FT_IPv4>} #[2:1] -> reg#1 00003 IF_FALSE_GOTO 5 00004 ALL_NE reg#0 != reg#1 00005 RETURN This requires adding another level of complexity to references. When loading references we need to copy the 'proto_layer_num' and add the logic to filter on that. The "layer" sttype is removed and replace by a new field sttype with support for a range. This is a nice cleanup for the semantic check and general simplification. The grammar is better too with this design. Range sttype is renamed to slice for clarity.
2022-06-23 23:07:42 +00:00
{
/* convert field to reference */
R = stnode_new(STTYPE_REFERENCE, sttype_field_hfinfo(F), NULL, stnode_location(F));
sttype_field_set_drange(R, sttype_field_drange_steal(F));
dfilter: Add suport for raw addressing with references Extends raw adressing syntax to wok with references. The syntax is @field1 == ${@field2} This requires replicating the logic to load field references, but using raw values instead. We use separate hash tables for that, namely "references" vs "raw_references".
2022-10-25 12:03:08 +00:00
sttype_field_set_raw(R, sttype_field_raw(F));
dfilter: Add layer support for references This adds support for using the layers filter with field references. Before: $ dftest 'ip.src != ${ip.src#2}' dftest: invalid character in macro name After: $ dftest 'ip.src != ${ip.src#2}' Filter: ip.src != ${ip.src#2} Syntax tree: 0 TEST_ALL_NE: 1 FIELD(ip.src <FT_IPv4>) 1 REFERENCE(ip.src#[2:1] <FT_IPv4>) Instructions: 00000 READ_TREE ip.src <FT_IPv4> -> reg#0 00001 IF_FALSE_GOTO 5 00002 READ_REFERENCE_R ${ip.src <FT_IPv4>} #[2:1] -> reg#1 00003 IF_FALSE_GOTO 5 00004 ALL_NE reg#0 != reg#1 00005 RETURN This requires adding another level of complexity to references. When loading references we need to copy the 'proto_layer_num' and add the logic to filter on that. The "layer" sttype is removed and replace by a new field sttype with support for a range. This is a nice cleanup for the semantic check and general simplification. The grammar is better too with this design. Range sttype is renamed to slice for clarity.
2022-06-23 23:07:42 +00:00
stnode_free(F);
}
dfilter: Allow grouping arithmetical expressions with { } This removes the limitation of having only two terms in an arithmetic expression and allows setting the precedence using curly braces (like any basic calculator). Our grammar currently does not allow grouping arithmetic expressions using parenthesis, because boolean expressions and arithmetic expressions are different and parenthesis are used with the former.
2022-04-04 15:52:11 +00:00
entity(E) ::= atom(A). { E = A; }
dfilter: Rename "range" to "slice" The word range is used for different things with different meanings and that is confusing. Avoid using "range" in code to mean "slice". A range is one or more intervals with a lower and upper bound. A slice is a range applied to a bytes field. Replace range with slice wherever appropriate. This usage of "slice" instead of range is generally correct and consistent in the documentation.
2022-04-11 19:06:49 +00:00
entity(E) ::= slice(R). { E = R; }
dfilter: Convert grammar.lemon to 4-space indentation Add global EditorConfig settings for lemon files. Add exceptions for the two grammar files that use tab indentation.
2021-12-01 19:45:30 +00:00
entity(E) ::= function(F). { E = F; }
dfilter: Replace unparsed lexical type and simplify grammar Remove unparsed lexical type and replace it with identifier and constant. This separation is still necessary to differentiate names (fields and function) from literals that look like names but it has some advantages to do it at the lexical level. The main advantage is a much cleaner and simplified grammar, because we only have a single token type for field names, without any loss of generality (the same name is valid for fields and function names for example). The CONSTANT token type is necessary to be different from literal to provide errors for function rules.
2022-12-28 22:12:36 +00:00
entity(E) ::= rawable_field(F). { E = F; }
dfilter: Add layer support for references This adds support for using the layers filter with field references. Before: $ dftest 'ip.src != ${ip.src#2}' dftest: invalid character in macro name After: $ dftest 'ip.src != ${ip.src#2}' Filter: ip.src != ${ip.src#2} Syntax tree: 0 TEST_ALL_NE: 1 FIELD(ip.src <FT_IPv4>) 1 REFERENCE(ip.src#[2:1] <FT_IPv4>) Instructions: 00000 READ_TREE ip.src <FT_IPv4> -> reg#0 00001 IF_FALSE_GOTO 5 00002 READ_REFERENCE_R ${ip.src <FT_IPv4>} #[2:1] -> reg#1 00003 IF_FALSE_GOTO 5 00004 ALL_NE reg#0 != reg#1 00005 RETURN This requires adding another level of complexity to references. When loading references we need to copy the 'proto_layer_num' and add the logic to filter on that. The "layer" sttype is removed and replace by a new field sttype with support for a range. This is a nice cleanup for the semantic check and general simplification. The grammar is better too with this design. Range sttype is renamed to slice for clarity.
2022-06-23 23:07:42 +00:00
entity(E) ::= reference(R). { E = R; }
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
dfilter: Allow grouping arithmetical expressions with { } This removes the limitation of having only two terms in an arithmetic expression and allows setting the precedence using curly braces (like any basic calculator). Our grammar currently does not allow grouping arithmetic expressions using parenthesis, because boolean expressions and arithmetic expressions are different and parenthesis are used with the former.
2022-04-04 15:52:11 +00:00
arithmetic_expr(T) ::= entity(N).
{
T = N;
}
dfilter: Add bitwise masking of bits Add support for masking of bits. Before the bitwise operator could only test bits, it did not support clearing bits. This allows testing if any combination of bits are set/unset more naturally with a single test. Previously this was only possible by combining several bitwise predicates. Bitwise is implemented as a test node, even though it is not. Maybe the test node should be renamed to something else. Fixes #17246.
2022-02-25 19:37:53 +00:00
dfilter: Add support for negation of arithmetic expressions
2022-12-22 18:31:32 +00:00
arithmetic_expr(T) ::= PLUS arithmetic_expr(N). [UNARY_PLUS]
dfilter: Add support for unary arithmetic This change implements a unary minus operator. Filter: tcp.window_size_scalefactor == -tcp.dstport Instructions: 00000 READ_TREE tcp.window_size_scalefactor -> reg#0 00001 IF_FALSE_GOTO 6 00002 READ_TREE tcp.dstport -> reg#1 00003 IF_FALSE_GOTO 6 00004 MK_MINUS -reg#1 -> reg#2 00005 ANY_EQ reg#0 == reg#2 00006 RETURN It is supported for integer types, floats and relative time values. The unsigned integer types are promoted to a 32 bit signed integer. Unary plus is implemented as a no-op. The plus sign is simply ignored. Constant arithmetic expressions are computed during compilation. Overflow with constants is a compile time error. Overflow with variables is a run time error and silently ignored. Only a debug message will be printed to the console. Related to #15504.
2022-02-27 09:56:41 +00:00
{
T = N;
}
dfilter: Add support for negation of arithmetic expressions
2022-12-22 18:31:32 +00:00
arithmetic_expr(T) ::= MINUS(M) arithmetic_expr(N). [UNARY_MINUS]
dfilter: Add support for unary arithmetic This change implements a unary minus operator. Filter: tcp.window_size_scalefactor == -tcp.dstport Instructions: 00000 READ_TREE tcp.window_size_scalefactor -> reg#0 00001 IF_FALSE_GOTO 6 00002 READ_TREE tcp.dstport -> reg#1 00003 IF_FALSE_GOTO 6 00004 MK_MINUS -reg#1 -> reg#2 00005 ANY_EQ reg#0 == reg#2 00006 RETURN It is supported for integer types, floats and relative time values. The unsigned integer types are promoted to a 32 bit signed integer. Unary plus is implemented as a no-op. The plus sign is simply ignored. Constant arithmetic expressions are computed during compilation. Overflow with constants is a compile time error. Overflow with variables is a run time error and silently ignored. Only a debug message will be printed to the console. Related to #15504.
2022-02-27 09:56:41 +00:00
{
dfilter: Create the syntax node in the scanner and pass that Revert to passing a syntax node from the lexical scanner to the grammar parser. Using a union is not having a discernible advantage and requires duplicating a lot of properties of syntax nodes.
2022-04-07 23:12:56 +00:00
T = M;
dfilter: Rename test syntax tree node Test node also includes arithmetic operations so rename it to a generic "operator" node.
2022-06-27 05:37:45 +00:00
sttype_oper_set1(T, STNODE_OP_UNARY_MINUS, N);
dfilter: Add support for unary arithmetic This change implements a unary minus operator. Filter: tcp.window_size_scalefactor == -tcp.dstport Instructions: 00000 READ_TREE tcp.window_size_scalefactor -> reg#0 00001 IF_FALSE_GOTO 6 00002 READ_TREE tcp.dstport -> reg#1 00003 IF_FALSE_GOTO 6 00004 MK_MINUS -reg#1 -> reg#2 00005 ANY_EQ reg#0 == reg#2 00006 RETURN It is supported for integer types, floats and relative time values. The unsigned integer types are promoted to a 32 bit signed integer. Unary plus is implemented as a no-op. The plus sign is simply ignored. Constant arithmetic expressions are computed during compilation. Overflow with constants is a compile time error. Overflow with variables is a run time error and silently ignored. Only a debug message will be printed to the console. Related to #15504.
2022-02-27 09:56:41 +00:00
}
dfilter: Add bitwise masking of bits Add support for masking of bits. Before the bitwise operator could only test bits, it did not support clearing bits. This allows testing if any combination of bits are set/unset more naturally with a single test. Previously this was only possible by combining several bitwise predicates. Bitwise is implemented as a test node, even though it is not. Maybe the test node should be renamed to something else. Fixes #17246.
2022-02-25 19:37:53 +00:00
dfilter: Allow grouping arithmetical expressions with { } This removes the limitation of having only two terms in an arithmetic expression and allows setting the precedence using curly braces (like any basic calculator). Our grammar currently does not allow grouping arithmetic expressions using parenthesis, because boolean expressions and arithmetic expressions are different and parenthesis are used with the former.
2022-04-04 15:52:11 +00:00
arithmetic_expr(T) ::= arithmetic_expr(F) BITWISE_AND(O) arithmetic_expr(M).
dfilter: Add remaining arithmetic integer ops
2022-03-31 13:50:20 +00:00
{
dfilter: Create the syntax node in the scanner and pass that Revert to passing a syntax node from the lexical scanner to the grammar parser. Using a union is not having a discernible advantage and requires duplicating a lot of properties of syntax nodes.
2022-04-07 23:12:56 +00:00
T = O;
dfilter: Rename test syntax tree node Test node also includes arithmetic operations so rename it to a generic "operator" node.
2022-06-27 05:37:45 +00:00
sttype_oper_set2(T, STNODE_OP_BITWISE_AND, F, M);
dfilter: Add remaining arithmetic integer ops
2022-03-31 13:50:20 +00:00
}
dfilter: Allow grouping arithmetical expressions with { } This removes the limitation of having only two terms in an arithmetic expression and allows setting the precedence using curly braces (like any basic calculator). Our grammar currently does not allow grouping arithmetic expressions using parenthesis, because boolean expressions and arithmetic expressions are different and parenthesis are used with the former.
2022-04-04 15:52:11 +00:00
arithmetic_expr(T) ::= arithmetic_expr(F) PLUS(O) arithmetic_expr(M).
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
{
dfilter: Create the syntax node in the scanner and pass that Revert to passing a syntax node from the lexical scanner to the grammar parser. Using a union is not having a discernible advantage and requires duplicating a lot of properties of syntax nodes.
2022-04-07 23:12:56 +00:00
T = O;
dfilter: Rename test syntax tree node Test node also includes arithmetic operations so rename it to a generic "operator" node.
2022-06-27 05:37:45 +00:00
sttype_oper_set2(T, STNODE_OP_ADD, F, M);
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
}
dfilter: Allow grouping arithmetical expressions with { } This removes the limitation of having only two terms in an arithmetic expression and allows setting the precedence using curly braces (like any basic calculator). Our grammar currently does not allow grouping arithmetic expressions using parenthesis, because boolean expressions and arithmetic expressions are different and parenthesis are used with the former.
2022-04-04 15:52:11 +00:00
arithmetic_expr(T) ::= arithmetic_expr(F) MINUS(O) arithmetic_expr(M).
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
{
dfilter: Create the syntax node in the scanner and pass that Revert to passing a syntax node from the lexical scanner to the grammar parser. Using a union is not having a discernible advantage and requires duplicating a lot of properties of syntax nodes.
2022-04-07 23:12:56 +00:00
T = O;
dfilter: Rename test syntax tree node Test node also includes arithmetic operations so rename it to a generic "operator" node.
2022-06-27 05:37:45 +00:00
sttype_oper_set2(T, STNODE_OP_SUBTRACT, F, M);
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
}
dfilter: Allow grouping arithmetical expressions with { } This removes the limitation of having only two terms in an arithmetic expression and allows setting the precedence using curly braces (like any basic calculator). Our grammar currently does not allow grouping arithmetic expressions using parenthesis, because boolean expressions and arithmetic expressions are different and parenthesis are used with the former.
2022-04-04 15:52:11 +00:00
arithmetic_expr(T) ::= arithmetic_expr(F) STAR(O) arithmetic_expr(M).
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
{
dfilter: Create the syntax node in the scanner and pass that Revert to passing a syntax node from the lexical scanner to the grammar parser. Using a union is not having a discernible advantage and requires duplicating a lot of properties of syntax nodes.
2022-04-07 23:12:56 +00:00
T = O;
dfilter: Rename test syntax tree node Test node also includes arithmetic operations so rename it to a generic "operator" node.
2022-06-27 05:37:45 +00:00
sttype_oper_set2(T, STNODE_OP_MULTIPLY, F, M);
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
}
dfilter: Allow grouping arithmetical expressions with { } This removes the limitation of having only two terms in an arithmetic expression and allows setting the precedence using curly braces (like any basic calculator). Our grammar currently does not allow grouping arithmetic expressions using parenthesis, because boolean expressions and arithmetic expressions are different and parenthesis are used with the former.
2022-04-04 15:52:11 +00:00
arithmetic_expr(T) ::= arithmetic_expr(F) RSLASH(O) arithmetic_expr(M).
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
{
dfilter: Create the syntax node in the scanner and pass that Revert to passing a syntax node from the lexical scanner to the grammar parser. Using a union is not having a discernible advantage and requires duplicating a lot of properties of syntax nodes.
2022-04-07 23:12:56 +00:00
T = O;
dfilter: Rename test syntax tree node Test node also includes arithmetic operations so rename it to a generic "operator" node.
2022-06-27 05:37:45 +00:00
sttype_oper_set2(T, STNODE_OP_DIVIDE, F, M);
dfilter: Allow grouping arithmetical expressions with { } This removes the limitation of having only two terms in an arithmetic expression and allows setting the precedence using curly braces (like any basic calculator). Our grammar currently does not allow grouping arithmetic expressions using parenthesis, because boolean expressions and arithmetic expressions are different and parenthesis are used with the former.
2022-04-04 15:52:11 +00:00
}
dfilter: Improve grammar to parse ranges Do the integer conversion for ranges in the parser. This is more conventional, I think, and allows removing the unnecessary integer syntax tree node type. Try to minimize the number and complexity of lexical rules for ranges. But it seems we need to keep different states for integer and punctuation because of the need to disambiguate the ranges [-n-n] and [-n--n].
2021-10-08 12:26:53 +00:00
dfilter: Allow grouping arithmetical expressions with { } This removes the limitation of having only two terms in an arithmetic expression and allows setting the precedence using curly braces (like any basic calculator). Our grammar currently does not allow grouping arithmetic expressions using parenthesis, because boolean expressions and arithmetic expressions are different and parenthesis are used with the former.
2022-04-04 15:52:11 +00:00
arithmetic_expr(T) ::= arithmetic_expr(F) PERCENT(O) arithmetic_expr(M).
{
dfilter: Create the syntax node in the scanner and pass that Revert to passing a syntax node from the lexical scanner to the grammar parser. Using a union is not having a discernible advantage and requires duplicating a lot of properties of syntax nodes.
2022-04-07 23:12:56 +00:00
T = O;
dfilter: Rename test syntax tree node Test node also includes arithmetic operations so rename it to a generic "operator" node.
2022-06-27 05:37:45 +00:00
sttype_oper_set2(T, STNODE_OP_MODULO, F, M);
dfilter: Allow grouping arithmetical expressions with { } This removes the limitation of having only two terms in an arithmetic expression and allows setting the precedence using curly braces (like any basic calculator). Our grammar currently does not allow grouping arithmetic expressions using parenthesis, because boolean expressions and arithmetic expressions are different and parenthesis are used with the former.
2022-04-04 15:52:11 +00:00
}
Add Ed Warnicke's drange code to the new dfilter system. Not supported yet: [i-j] (offset-offset) Supported: [i] index [i:j] offset:length [:j] 0:offset [i:] offset:end [x,y] concatenation of slices svn path=/trunk/; revision=3080
2001-02-27 19:23:30 +00:00
dfilter: Improve error location for parenthesized expressions
2022-12-25 21:49:44 +00:00
arithmetic_expr(T) ::= LBRACE(L) arithmetic_expr(F) RBRACE(R).
dfilter: Allow grouping arithmetical expressions with { } This removes the limitation of having only two terms in an arithmetic expression and allows setting the precedence using curly braces (like any basic calculator). Our grammar currently does not allow grouping arithmetic expressions using parenthesis, because boolean expressions and arithmetic expressions are different and parenthesis are used with the former.
2022-04-04 15:52:11 +00:00
{
T = F;
dfilter: Improve error location for parenthesized expressions
2022-12-25 21:49:44 +00:00
df_loc_t loc = stnode_merge_location(L, F, R, (stnode_t *)NULL);
stnode_set_location(T, loc);
dfilter: Fix grammar memory leak
2022-12-26 18:48:54 +00:00
stnode_free(L);
stnode_free(R);
Add Ed Warnicke's drange code to the new dfilter system. Not supported yet: [i-j] (offset-offset) Supported: [i] index [i:j] offset:length [:j] 0:offset [i:] offset:end [x,y] concatenation of slices svn path=/trunk/; revision=3080
2001-02-27 19:23:30 +00:00
}
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
/* Relational tests */
dfilter: Reformat grammar code Use a consistent style for grammar rules. Remove a comment that is too generic. The current code should conform to how Python operates and does not need additional error checking.
2022-12-23 00:51:32 +00:00
cmp_op(O) ::= TEST_ALL_EQ(L).
{
O = L;
sttype_oper_set_op(O, STNODE_OP_ALL_EQ);
}
cmp_op(O) ::= TEST_ANY_EQ(L).
{
O = L;
sttype_oper_set_op(O, STNODE_OP_ANY_EQ);
}
cmp_op(O) ::= TEST_ALL_NE(L).
{
O = L;
sttype_oper_set_op(O, STNODE_OP_ALL_NE);
}
cmp_op(O) ::= TEST_ANY_NE(L).
{
O = L;
sttype_oper_set_op(O, STNODE_OP_ANY_NE);
}
cmp_op(O) ::= TEST_GT(L).
{
O = L;
sttype_oper_set_op(O, STNODE_OP_GT);
}
cmp_op(O) ::= TEST_GE(L).
{
O = L;
sttype_oper_set_op(O, STNODE_OP_GE);
}
cmp_op(O) ::= TEST_LT(L).
{
O = L;
sttype_oper_set_op(O, STNODE_OP_LT);
}
cmp_op(O) ::= TEST_LE(L).
{
O = L;
sttype_oper_set_op(O, STNODE_OP_LE);
}
dfilter: Fix corner case with matches Previously a chained expression like "a == b matches c" would be considered syntactically valid. Fix that to be a syntax error. Only math-like comparisons can be chained. This also disallows chaining contains expressions.
2021-11-05 06:30:40 +00:00
dfilter: Allow grouping arithmetical expressions with { } This removes the limitation of having only two terms in an arithmetic expression and allows setting the precedence using curly braces (like any basic calculator). Our grammar currently does not allow grouping arithmetic expressions using parenthesis, because boolean expressions and arithmetic expressions are different and parenthesis are used with the former.
2022-04-04 15:52:11 +00:00
comparison_test(T) ::= arithmetic_expr(E) cmp_op(O) arithmetic_expr(F).
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
{
dfilter: Convert grammar.lemon to 4-space indentation Add global EditorConfig settings for lemon files. Add exceptions for the two grammar files that use tab indentation.
2021-12-01 19:45:30 +00:00
T = O;
dfilter: Rename test syntax tree node Test node also includes arithmetic operations so rename it to a generic "operator" node.
2022-06-27 05:37:45 +00:00
sttype_oper_set2_args(O, E, F);
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
}
Support multiple relation test without logic and (python-like) Like: a == b == c or a < b <= c <= d < e Real life example: 6660 <= tcp.port <= 6669 Just syntactic sugar, this is *NOT* optimized. svn path=/trunk/; revision=43353
2012-06-19 12:12:41 +00:00
/* 'a == b == c' or 'a < b <= c <= d < e' */
dfilter: Allow grouping arithmetical expressions with { } This removes the limitation of having only two terms in an arithmetic expression and allows setting the precedence using curly braces (like any basic calculator). Our grammar currently does not allow grouping arithmetic expressions using parenthesis, because boolean expressions and arithmetic expressions are different and parenthesis are used with the former.
2022-04-04 15:52:11 +00:00
comparison_test(T) ::= arithmetic_expr(E) cmp_op(O) comparison_test(R).
Support multiple relation test without logic and (python-like) Like: a == b == c or a < b <= c <= d < e Real life example: 6660 <= tcp.port <= 6669 Just syntactic sugar, this is *NOT* optimized. svn path=/trunk/; revision=43353
2012-06-19 12:12:41 +00:00
{
dfilter: Convert grammar.lemon to 4-space indentation Add global EditorConfig settings for lemon files. Add exceptions for the two grammar files that use tab indentation.
2021-12-01 19:45:30 +00:00
stnode_t *L, *F;
Support multiple relation test without logic and (python-like) Like: a == b == c or a < b <= c <= d < e Real life example: 6660 <= tcp.port <= 6669 Just syntactic sugar, this is *NOT* optimized. svn path=/trunk/; revision=43353
2012-06-19 12:12:41 +00:00
dfilter: Convert grammar.lemon to 4-space indentation Add global EditorConfig settings for lemon files. Add exceptions for the two grammar files that use tab indentation.
2021-12-01 19:45:30 +00:00
F = R;
dfilter: Reformat grammar code Use a consistent style for grammar rules. Remove a comment that is too generic. The current code should conform to how Python operates and does not need additional error checking.
2022-12-23 00:51:32 +00:00
while (stnode_type_id(F) == STTYPE_TEST) {
dfilter: Rename test syntax tree node Test node also includes arithmetic operations so rename it to a generic "operator" node.
2022-06-27 05:37:45 +00:00
sttype_oper_get(F, NULL, &F, NULL);
dfilter: Reformat grammar code Use a consistent style for grammar rules. Remove a comment that is too generic. The current code should conform to how Python operates and does not need additional error checking.
2022-12-23 00:51:32 +00:00
}
Support multiple relation test without logic and (python-like) Like: a == b == c or a < b <= c <= d < e Real life example: 6660 <= tcp.port <= 6669 Just syntactic sugar, this is *NOT* optimized. svn path=/trunk/; revision=43353
2012-06-19 12:12:41 +00:00
dfilter: Convert grammar.lemon to 4-space indentation Add global EditorConfig settings for lemon files. Add exceptions for the two grammar files that use tab indentation.
2021-12-01 19:45:30 +00:00
L = O;
dfilter: Rename test syntax tree node Test node also includes arithmetic operations so rename it to a generic "operator" node.
2022-06-27 05:37:45 +00:00
sttype_oper_set2_args(L, E, stnode_dup(F));
Support multiple relation test without logic and (python-like) Like: a == b == c or a < b <= c <= d < e Real life example: 6660 <= tcp.port <= 6669 Just syntactic sugar, this is *NOT* optimized. svn path=/trunk/; revision=43353
2012-06-19 12:12:41 +00:00
dfilter: Refactor error location tracking Remove duplicate location struct by adding a new header. Pass around a structure instead of a pointer.
2022-12-22 10:44:33 +00:00
T = stnode_new_empty(STTYPE_TEST);
dfilter: Rename test syntax tree node Test node also includes arithmetic operations so rename it to a generic "operator" node.
2022-06-27 05:37:45 +00:00
sttype_oper_set2(T, STNODE_OP_AND, L, R);
Support multiple relation test without logic and (python-like) Like: a == b == c or a < b <= c <= d < e Real life example: 6660 <= tcp.port <= 6669 Just syntactic sugar, this is *NOT* optimized. svn path=/trunk/; revision=43353
2012-06-19 12:12:41 +00:00
}
dfilter: Convert grammar.lemon to 4-space indentation Add global EditorConfig settings for lemon files. Add exceptions for the two grammar files that use tab indentation.
2021-12-01 19:45:30 +00:00
relation_test(T) ::= comparison_test(C). { T = C; }
dfilter: Fix corner case with matches Previously a chained expression like "a == b matches c" would be considered syntactically valid. Fix that to be a syntax error. Only math-like comparisons can be chained. This also disallows chaining contains expressions.
2021-11-05 06:30:40 +00:00
dfilter: Allow grouping arithmetical expressions with { } This removes the limitation of having only two terms in an arithmetic expression and allows setting the precedence using curly braces (like any basic calculator). Our grammar currently does not allow grouping arithmetic expressions using parenthesis, because boolean expressions and arithmetic expressions are different and parenthesis are used with the former.
2022-04-04 15:52:11 +00:00
relation_test(T) ::= entity(E) TEST_CONTAINS(L) entity(F).
{
dfilter: Create the syntax node in the scanner and pass that Revert to passing a syntax node from the lexical scanner to the grammar parser. Using a union is not having a discernible advantage and requires duplicating a lot of properties of syntax nodes.
2022-04-07 23:12:56 +00:00
T = L;
dfilter: Rename test syntax tree node Test node also includes arithmetic operations so rename it to a generic "operator" node.
2022-06-27 05:37:45 +00:00
sttype_oper_set2(T, STNODE_OP_CONTAINS, E, F);
dfilter: Allow grouping arithmetical expressions with { } This removes the limitation of having only two terms in an arithmetic expression and allows setting the precedence using curly braces (like any basic calculator). Our grammar currently does not allow grouping arithmetic expressions using parenthesis, because boolean expressions and arithmetic expressions are different and parenthesis are used with the former.
2022-04-04 15:52:11 +00:00
}
dfilter: Fix corner case with matches Previously a chained expression like "a == b matches c" would be considered syntactically valid. Fix that to be a syntax error. Only math-like comparisons can be chained. This also disallows chaining contains expressions.
2021-11-05 06:30:40 +00:00
dfilter: Allow grouping arithmetical expressions with { } This removes the limitation of having only two terms in an arithmetic expression and allows setting the precedence using curly braces (like any basic calculator). Our grammar currently does not allow grouping arithmetic expressions using parenthesis, because boolean expressions and arithmetic expressions are different and parenthesis are used with the former.
2022-04-04 15:52:11 +00:00
relation_test(T) ::= entity(E) TEST_MATCHES(L) entity(F).
dfilter: Do not chain matches expressions It is always an error to chain regexes using the logic for "le" and "eq". var matches "regex1" matches "regex2" => var matches "regex1" and "regex1" matches "regex2" Before: Filter: tcp matches "abc$" matches "^cde" dftest: Neither "abc$" nor "^cde" are field or protocol names. Filter: "abc$" matches tcp matches "^cde" dftest: Neither "abc$" nor "tcp" are field or protocol names. After: Filter: tcp matches "abc$" matches "^cde" dftest: "matches" was unexpected in this context. Filter: "abc$" matches tcp matches "^cde" dftest: "matches" was unexpected in this context.
2021-10-14 16:21:10 +00:00
{
dfilter: Create the syntax node in the scanner and pass that Revert to passing a syntax node from the lexical scanner to the grammar parser. Using a union is not having a discernible advantage and requires duplicating a lot of properties of syntax nodes.
2022-04-07 23:12:56 +00:00
T = L;
dfilter: Rename test syntax tree node Test node also includes arithmetic operations so rename it to a generic "operator" node.
2022-06-27 05:37:45 +00:00
sttype_oper_set2(T, STNODE_OP_MATCHES, E, F);
dfilter: Do not chain matches expressions It is always an error to chain regexes using the logic for "le" and "eq". var matches "regex1" matches "regex2" => var matches "regex1" and "regex1" matches "regex2" Before: Filter: tcp matches "abc$" matches "^cde" dftest: Neither "abc$" nor "^cde" are field or protocol names. Filter: "abc$" matches tcp matches "^cde" dftest: Neither "abc$" nor "tcp" are field or protocol names. After: Filter: tcp matches "abc$" matches "^cde" dftest: "matches" was unexpected in this context. Filter: "abc$" matches tcp matches "^cde" dftest: "matches" was unexpected in this context.
2021-10-14 16:21:10 +00:00
}
dfilter: Save lexical token value to syntax tree Use that for error messages, including any using test operators. This allows to always use the same name as the user. It avoids cases where the user write "a && b" and the message is "a and b" is syntactically invalid. It should also allow us to be more consistent with the use of double quotes.
2021-11-28 01:10:11 +00:00
relation_test(T) ::= entity(E) TEST_IN(O) set(S).
dfilter: Add membership operator Added a new relational test: 'x in {a b c}'. The only LHS entity supported at this time is a field. The generated DFVM operations are equivalent to an OR'ed series of =='s, but with the redundant existence tests removed. Change-Id: Iddc89b81cf7ad6319aef1a2a94f93314cb721a8a Reviewed-on: https://code.wireshark.org/review/10246 Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com> Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2015-08-19 03:03:41 +00:00
{
dfilter: Create the syntax node in the scanner and pass that Revert to passing a syntax node from the lexical scanner to the grammar parser. Using a union is not having a discernible advantage and requires duplicating a lot of properties of syntax nodes.
2022-04-07 23:12:56 +00:00
T = O;
dfilter: Rename test syntax tree node Test node also includes arithmetic operations so rename it to a generic "operator" node.
2022-06-27 05:37:45 +00:00
sttype_oper_set2(T, STNODE_OP_IN, E, S);
dfilter: Add membership operator Added a new relational test: 'x in {a b c}'. The only LHS entity supported at this time is a field. The generated DFVM operations are equivalent to an OR'ed series of =='s, but with the redundant existence tests removed. Change-Id: Iddc89b81cf7ad6319aef1a2a94f93314cb721a8a Reviewed-on: https://code.wireshark.org/review/10246 Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com> Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2015-08-19 03:03:41 +00:00
}
dfilter: Save lexical token value to syntax tree Use that for error messages, including any using test operators. This allows to always use the same name as the user. It avoids cases where the user write "a && b" and the message is "a and b" is syntactically invalid. It should also allow us to be more consistent with the use of double quotes.
2021-11-28 01:10:11 +00:00
relation_test(T) ::= entity(E) TEST_NOT(P) TEST_IN(O) set(S).
dfilter: Add synctatic sugar for "not in" test
2021-10-18 17:31:59 +00:00
{
dfilter: Create the syntax node in the scanner and pass that Revert to passing a syntax node from the lexical scanner to the grammar parser. Using a union is not having a discernible advantage and requires duplicating a lot of properties of syntax nodes.
2022-04-07 23:12:56 +00:00
T = P;
dfilter: Rename test syntax tree node Test node also includes arithmetic operations so rename it to a generic "operator" node.
2022-06-27 05:37:45 +00:00
sttype_oper_set2(O, STNODE_OP_IN, E, S);
sttype_oper_set1(T, STNODE_OP_NOT, O);
dfilter: Add synctatic sugar for "not in" test
2021-10-18 17:31:59 +00:00
}
dfilter: Add support for universal quantifiers Adds the keywords "any" and "all" to implement the quantification to any existing relational operator. Filter: all tcp.port in {100, 2000..3000} Syntax tree: 0 ALL TEST_IN: 1 FIELD(tcp.port) 1 SET(#2): 2 FVALUE(100 <FT_UINT16>) 2 FVALUE(2000 <FT_UINT16>) .. FVALUE(3000 <FT_UINT16>) Instructions: 00000 READ_TREE tcp.port -> reg#0 00001 IF_FALSE_GOTO 5 00002 ALL_EQ reg#0 === 100 <FT_UINT16> 00003 IF_TRUE_GOTO 5 00004 ALL_IN_RANGE reg#0 in { 2000 <FT_UINT16> .. 3000 <FT_UINT16> } 00005 RETURN
2022-04-19 23:04:05 +00:00
relation(R) ::= relation_test(T). { R = T; }
relation(R) ::= ANY relation_test(T).
{
R = T;
dfilter: Rename test syntax tree node Test node also includes arithmetic operations so rename it to a generic "operator" node.
2022-06-27 05:37:45 +00:00
sttype_test_set_match(R, STNODE_MATCH_ANY);
dfilter: Add support for universal quantifiers Adds the keywords "any" and "all" to implement the quantification to any existing relational operator. Filter: all tcp.port in {100, 2000..3000} Syntax tree: 0 ALL TEST_IN: 1 FIELD(tcp.port) 1 SET(#2): 2 FVALUE(100 <FT_UINT16>) 2 FVALUE(2000 <FT_UINT16>) .. FVALUE(3000 <FT_UINT16>) Instructions: 00000 READ_TREE tcp.port -> reg#0 00001 IF_FALSE_GOTO 5 00002 ALL_EQ reg#0 === 100 <FT_UINT16> 00003 IF_TRUE_GOTO 5 00004 ALL_IN_RANGE reg#0 in { 2000 <FT_UINT16> .. 3000 <FT_UINT16> } 00005 RETURN
2022-04-19 23:04:05 +00:00
}
relation(R) ::= ALL relation_test(T).
{
R = T;
dfilter: Rename test syntax tree node Test node also includes arithmetic operations so rename it to a generic "operator" node.
2022-06-27 05:37:45 +00:00
sttype_test_set_match(R, STNODE_MATCH_ALL);
dfilter: Add support for universal quantifiers Adds the keywords "any" and "all" to implement the quantification to any existing relational operator. Filter: all tcp.port in {100, 2000..3000} Syntax tree: 0 ALL TEST_IN: 1 FIELD(tcp.port) 1 SET(#2): 2 FVALUE(100 <FT_UINT16>) 2 FVALUE(2000 <FT_UINT16>) .. FVALUE(3000 <FT_UINT16>) Instructions: 00000 READ_TREE tcp.port -> reg#0 00001 IF_FALSE_GOTO 5 00002 ALL_EQ reg#0 === 100 <FT_UINT16> 00003 IF_TRUE_GOTO 5 00004 ALL_IN_RANGE reg#0 in { 2000 <FT_UINT16> .. 3000 <FT_UINT16> } 00005 RETURN
2022-04-19 23:04:05 +00:00
}
dfilter: Add synctatic sugar for "not in" test
2021-10-18 17:31:59 +00:00
dfilter: Minor set grammar cleanup
2021-10-26 09:35:12 +00:00
set(S) ::= LBRACE set_list(L) RBRACE.
{
dfilter: Refactor error location tracking Remove duplicate location struct by adding a new header. Pass around a structure instead of a pointer.
2022-12-22 10:44:33 +00:00
S = stnode_new(STTYPE_SET, L, NULL, DFILTER_LOC_EMPTY);
dfilter: Minor set grammar cleanup
2021-10-26 09:35:12 +00:00
}
dfilter: Rename grammar rules
2022-12-29 02:22:53 +00:00
set_list(L) ::= set_element_list(N).
dfilter: Add membership operator Added a new relational test: 'x in {a b c}'. The only LHS entity supported at this time is a field. The generated DFVM operations are equivalent to an OR'ed series of =='s, but with the redundant existence tests removed. Change-Id: Iddc89b81cf7ad6319aef1a2a94f93314cb721a8a Reviewed-on: https://code.wireshark.org/review/10246 Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com> Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2015-08-19 03:03:41 +00:00
{
dfilter: Convert grammar.lemon to 4-space indentation Add global EditorConfig settings for lemon files. Add exceptions for the two grammar files that use tab indentation.
2021-12-01 19:45:30 +00:00
L = g_slist_concat(NULL, N);
dfilter: Add membership operator Added a new relational test: 'x in {a b c}'. The only LHS entity supported at this time is a field. The generated DFVM operations are equivalent to an OR'ed series of =='s, but with the redundant existence tests removed. Change-Id: Iddc89b81cf7ad6319aef1a2a94f93314cb721a8a Reviewed-on: https://code.wireshark.org/review/10246 Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com> Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2015-08-19 03:03:41 +00:00
}
dfilter: Rename grammar rules
2022-12-29 02:22:53 +00:00
set_list(L) ::= set_list(P) COMMA set_element_list(N).
dfilter: Add membership operator Added a new relational test: 'x in {a b c}'. The only LHS entity supported at this time is a field. The generated DFVM operations are equivalent to an OR'ed series of =='s, but with the redundant existence tests removed. Change-Id: Iddc89b81cf7ad6319aef1a2a94f93314cb721a8a Reviewed-on: https://code.wireshark.org/review/10246 Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com> Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2015-08-19 03:03:41 +00:00
{
dfilter: Convert grammar.lemon to 4-space indentation Add global EditorConfig settings for lemon files. Add exceptions for the two grammar files that use tab indentation.
2021-12-01 19:45:30 +00:00
L = g_slist_concat(P, N);
dfilter: add range support to set membership operator ("f in {x .. y}") Allow "tcp.srcport in {1662 1663 1664}" to be abbreviated to "tcp.srcport in {1662 .. 1664}". The range operator is supported for any field value which supports the "<=" and "=>" operators and thus works for integers, IP addresses, etc. The naive mapping "tcp.srcport >= 1662 and tcp.srcport <= 1664" is not used because it does not have the intended effect with fields that have multiple occurrences (e.g. tcp.port). Each condition could be satisfied by an other value. Therefore a new DVFM instruction (ANY_IN_RANGE) is added to test the range condition against each individual field value. Bug: 14180 Change-Id: I53c2d0f9bc9d4f0ffaabde9a83442122965c95f7 Reviewed-on: https://code.wireshark.org/review/26945 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-04-14 16:07:22 +00:00
}
dfilter: Remove unparsed syntax type and RHS literal bias This removes unparsed name resolution during the semantic check because it feels like a hack to work around limitations in the language syntax, that should be solved at the lexical level instead. We were interpreting unparsed differently on the LHS and RHS. Now an unparsed value is always a field if it matches a registered field name (this matches the implementation in 3.6 and before). This requires tightening a bit the allowed filter names for protocols to avoid some common and potentially weird conflicting cases. Incidentally this extends set grammar to accept all entities. That is experimental and may be reverted in the future.
2022-06-25 10:25:36 +00:00
set_entity(N) ::= entity(E).
dfilter: Add support for unary arithmetic This change implements a unary minus operator. Filter: tcp.window_size_scalefactor == -tcp.dstport Instructions: 00000 READ_TREE tcp.window_size_scalefactor -> reg#0 00001 IF_FALSE_GOTO 6 00002 READ_TREE tcp.dstport -> reg#1 00003 IF_FALSE_GOTO 6 00004 MK_MINUS -reg#1 -> reg#2 00005 ANY_EQ reg#0 == reg#2 00006 RETURN It is supported for integer types, floats and relative time values. The unsigned integer types are promoted to a 32 bit signed integer. Unary plus is implemented as a no-op. The plus sign is simply ignored. Constant arithmetic expressions are computed during compilation. Overflow with constants is a compile time error. Overflow with variables is a run time error and silently ignored. Only a debug message will be printed to the console. Related to #15504.
2022-02-27 09:56:41 +00:00
{
dfilter: Remove unparsed syntax type and RHS literal bias This removes unparsed name resolution during the semantic check because it feels like a hack to work around limitations in the language syntax, that should be solved at the lexical level instead. We were interpreting unparsed differently on the LHS and RHS. Now an unparsed value is always a field if it matches a registered field name (this matches the implementation in 3.6 and before). This requires tightening a bit the allowed filter names for protocols to avoid some common and potentially weird conflicting cases. Incidentally this extends set grammar to accept all entities. That is experimental and may be reverted in the future.
2022-06-25 10:25:36 +00:00
N = E;
dfilter: Add support for unary arithmetic This change implements a unary minus operator. Filter: tcp.window_size_scalefactor == -tcp.dstport Instructions: 00000 READ_TREE tcp.window_size_scalefactor -> reg#0 00001 IF_FALSE_GOTO 6 00002 READ_TREE tcp.dstport -> reg#1 00003 IF_FALSE_GOTO 6 00004 MK_MINUS -reg#1 -> reg#2 00005 ANY_EQ reg#0 == reg#2 00006 RETURN It is supported for integer types, floats and relative time values. The unsigned integer types are promoted to a 32 bit signed integer. Unary plus is implemented as a no-op. The plus sign is simply ignored. Constant arithmetic expressions are computed during compilation. Overflow with constants is a compile time error. Overflow with variables is a run time error and silently ignored. Only a debug message will be printed to the console. Related to #15504.
2022-02-27 09:56:41 +00:00
}
dfilter: Remove unparsed syntax type and RHS literal bias This removes unparsed name resolution during the semantic check because it feels like a hack to work around limitations in the language syntax, that should be solved at the lexical level instead. We were interpreting unparsed differently on the LHS and RHS. Now an unparsed value is always a field if it matches a registered field name (this matches the implementation in 3.6 and before). This requires tightening a bit the allowed filter names for protocols to avoid some common and potentially weird conflicting cases. Incidentally this extends set grammar to accept all entities. That is experimental and may be reverted in the future.
2022-06-25 10:25:36 +00:00
set_entity(N) ::= MINUS(M) entity(E).
dfilter: Add support for unary arithmetic This change implements a unary minus operator. Filter: tcp.window_size_scalefactor == -tcp.dstport Instructions: 00000 READ_TREE tcp.window_size_scalefactor -> reg#0 00001 IF_FALSE_GOTO 6 00002 READ_TREE tcp.dstport -> reg#1 00003 IF_FALSE_GOTO 6 00004 MK_MINUS -reg#1 -> reg#2 00005 ANY_EQ reg#0 == reg#2 00006 RETURN It is supported for integer types, floats and relative time values. The unsigned integer types are promoted to a 32 bit signed integer. Unary plus is implemented as a no-op. The plus sign is simply ignored. Constant arithmetic expressions are computed during compilation. Overflow with constants is a compile time error. Overflow with variables is a run time error and silently ignored. Only a debug message will be printed to the console. Related to #15504.
2022-02-27 09:56:41 +00:00
{
dfilter: Create the syntax node in the scanner and pass that Revert to passing a syntax node from the lexical scanner to the grammar parser. Using a union is not having a discernible advantage and requires duplicating a lot of properties of syntax nodes.
2022-04-07 23:12:56 +00:00
N = M;
dfilter: Rename test syntax tree node Test node also includes arithmetic operations so rename it to a generic "operator" node.
2022-06-27 05:37:45 +00:00
sttype_oper_set1(N, STNODE_OP_UNARY_MINUS, E);
dfilter: Add support for unary arithmetic This change implements a unary minus operator. Filter: tcp.window_size_scalefactor == -tcp.dstport Instructions: 00000 READ_TREE tcp.window_size_scalefactor -> reg#0 00001 IF_FALSE_GOTO 6 00002 READ_TREE tcp.dstport -> reg#1 00003 IF_FALSE_GOTO 6 00004 MK_MINUS -reg#1 -> reg#2 00005 ANY_EQ reg#0 == reg#2 00006 RETURN It is supported for integer types, floats and relative time values. The unsigned integer types are promoted to a 32 bit signed integer. Unary plus is implemented as a no-op. The plus sign is simply ignored. Constant arithmetic expressions are computed during compilation. Overflow with constants is a compile time error. Overflow with variables is a run time error and silently ignored. Only a debug message will be printed to the console. Related to #15504.
2022-02-27 09:56:41 +00:00
}
dfilter: Remove unparsed syntax type and RHS literal bias This removes unparsed name resolution during the semantic check because it feels like a hack to work around limitations in the language syntax, that should be solved at the lexical level instead. We were interpreting unparsed differently on the LHS and RHS. Now an unparsed value is always a field if it matches a registered field name (this matches the implementation in 3.6 and before). This requires tightening a bit the allowed filter names for protocols to avoid some common and potentially weird conflicting cases. Incidentally this extends set grammar to accept all entities. That is experimental and may be reverted in the future.
2022-06-25 10:25:36 +00:00
set_entity(N) ::= PLUS entity(E).
dfilter: Add support for unary arithmetic This change implements a unary minus operator. Filter: tcp.window_size_scalefactor == -tcp.dstport Instructions: 00000 READ_TREE tcp.window_size_scalefactor -> reg#0 00001 IF_FALSE_GOTO 6 00002 READ_TREE tcp.dstport -> reg#1 00003 IF_FALSE_GOTO 6 00004 MK_MINUS -reg#1 -> reg#2 00005 ANY_EQ reg#0 == reg#2 00006 RETURN It is supported for integer types, floats and relative time values. The unsigned integer types are promoted to a 32 bit signed integer. Unary plus is implemented as a no-op. The plus sign is simply ignored. Constant arithmetic expressions are computed during compilation. Overflow with constants is a compile time error. Overflow with variables is a run time error and silently ignored. Only a debug message will be printed to the console. Related to #15504.
2022-02-27 09:56:41 +00:00
{
dfilter: Remove unparsed syntax type and RHS literal bias This removes unparsed name resolution during the semantic check because it feels like a hack to work around limitations in the language syntax, that should be solved at the lexical level instead. We were interpreting unparsed differently on the LHS and RHS. Now an unparsed value is always a field if it matches a registered field name (this matches the implementation in 3.6 and before). This requires tightening a bit the allowed filter names for protocols to avoid some common and potentially weird conflicting cases. Incidentally this extends set grammar to accept all entities. That is experimental and may be reverted in the future.
2022-06-25 10:25:36 +00:00
N = E;
dfilter: Add support for unary arithmetic This change implements a unary minus operator. Filter: tcp.window_size_scalefactor == -tcp.dstport Instructions: 00000 READ_TREE tcp.window_size_scalefactor -> reg#0 00001 IF_FALSE_GOTO 6 00002 READ_TREE tcp.dstport -> reg#1 00003 IF_FALSE_GOTO 6 00004 MK_MINUS -reg#1 -> reg#2 00005 ANY_EQ reg#0 == reg#2 00006 RETURN It is supported for integer types, floats and relative time values. The unsigned integer types are promoted to a 32 bit signed integer. Unary plus is implemented as a no-op. The plus sign is simply ignored. Constant arithmetic expressions are computed during compilation. Overflow with constants is a compile time error. Overflow with variables is a run time error and silently ignored. Only a debug message will be printed to the console. Related to #15504.
2022-02-27 09:56:41 +00:00
}
dfilter: Rename grammar rules
2022-12-29 02:22:53 +00:00
set_element_list(N) ::= set_entity(X).
dfilter: add range support to set membership operator ("f in {x .. y}") Allow "tcp.srcport in {1662 1663 1664}" to be abbreviated to "tcp.srcport in {1662 .. 1664}". The range operator is supported for any field value which supports the "<=" and "=>" operators and thus works for integers, IP addresses, etc. The naive mapping "tcp.srcport >= 1662 and tcp.srcport <= 1664" is not used because it does not have the intended effect with fields that have multiple occurrences (e.g. tcp.port). Each condition could be satisfied by an other value. Therefore a new DVFM instruction (ANY_IN_RANGE) is added to test the range condition against each individual field value. Bug: 14180 Change-Id: I53c2d0f9bc9d4f0ffaabde9a83442122965c95f7 Reviewed-on: https://code.wireshark.org/review/26945 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-04-14 16:07:22 +00:00
{
dfilter: Convert grammar.lemon to 4-space indentation Add global EditorConfig settings for lemon files. Add exceptions for the two grammar files that use tab indentation.
2021-12-01 19:45:30 +00:00
N = g_slist_append(NULL, X);
N = g_slist_append(N, NULL);
dfilter: add range support to set membership operator ("f in {x .. y}") Allow "tcp.srcport in {1662 1663 1664}" to be abbreviated to "tcp.srcport in {1662 .. 1664}". The range operator is supported for any field value which supports the "<=" and "=>" operators and thus works for integers, IP addresses, etc. The naive mapping "tcp.srcport >= 1662 and tcp.srcport <= 1664" is not used because it does not have the intended effect with fields that have multiple occurrences (e.g. tcp.port). Each condition could be satisfied by an other value. Therefore a new DVFM instruction (ANY_IN_RANGE) is added to test the range condition against each individual field value. Bug: 14180 Change-Id: I53c2d0f9bc9d4f0ffaabde9a83442122965c95f7 Reviewed-on: https://code.wireshark.org/review/26945 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-04-14 16:07:22 +00:00
}
dfilter: Rename grammar rules
2022-12-29 02:22:53 +00:00
set_element_list(N) ::= set_entity(X) DOTDOT set_entity(Y).
dfilter: add range support to set membership operator ("f in {x .. y}") Allow "tcp.srcport in {1662 1663 1664}" to be abbreviated to "tcp.srcport in {1662 .. 1664}". The range operator is supported for any field value which supports the "<=" and "=>" operators and thus works for integers, IP addresses, etc. The naive mapping "tcp.srcport >= 1662 and tcp.srcport <= 1664" is not used because it does not have the intended effect with fields that have multiple occurrences (e.g. tcp.port). Each condition could be satisfied by an other value. Therefore a new DVFM instruction (ANY_IN_RANGE) is added to test the range condition against each individual field value. Bug: 14180 Change-Id: I53c2d0f9bc9d4f0ffaabde9a83442122965c95f7 Reviewed-on: https://code.wireshark.org/review/26945 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-04-14 16:07:22 +00:00
{
dfilter: Convert grammar.lemon to 4-space indentation Add global EditorConfig settings for lemon files. Add exceptions for the two grammar files that use tab indentation.
2021-12-01 19:45:30 +00:00
N = g_slist_append(NULL, X);
N = g_slist_append(N, Y);
dfilter: Add membership operator Added a new relational test: 'x in {a b c}'. The only LHS entity supported at this time is a field. The generated DFVM operations are equivalent to an OR'ed series of =='s, but with the redundant existence tests removed. Change-Id: Iddc89b81cf7ad6319aef1a2a94f93314cb721a8a Reviewed-on: https://code.wireshark.org/review/10246 Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com> Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2015-08-19 03:03:41 +00:00
}
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
dfilter: Rename "range" to "slice" The word range is used for different things with different meanings and that is confusing. Avoid using "range" in code to mean "slice". A range is one or more intervals with a lower and upper bound. A slice is a range applied to a bytes field. Replace range with slice wherever appropriate. This usage of "slice" instead of range is generally correct and consistent in the documentation.
2022-04-11 19:06:49 +00:00
/* Slices */
dfilter: Allow grouping arithmetical expressions with { } This removes the limitation of having only two terms in an arithmetic expression and allows setting the precedence using curly braces (like any basic calculator). Our grammar currently does not allow grouping arithmetic expressions using parenthesis, because boolean expressions and arithmetic expressions are different and parenthesis are used with the former.
2022-04-04 15:52:11 +00:00
dfilter: Rename "range" to "slice" The word range is used for different things with different meanings and that is confusing. Avoid using "range" in code to mean "slice". A range is one or more intervals with a lower and upper bound. A slice is a range applied to a bytes field. Replace range with slice wherever appropriate. This usage of "slice" instead of range is generally correct and consistent in the documentation.
2022-04-11 19:06:49 +00:00
slice(R) ::= entity(E) LBRACKET range_node_list(L) RBRACKET.
dfilter: Allow grouping arithmetical expressions with { } This removes the limitation of having only two terms in an arithmetic expression and allows setting the precedence using curly braces (like any basic calculator). Our grammar currently does not allow grouping arithmetic expressions using parenthesis, because boolean expressions and arithmetic expressions are different and parenthesis are used with the former.
2022-04-04 15:52:11 +00:00
{
dfilter: Refactor error location tracking Remove duplicate location struct by adding a new header. Pass around a structure instead of a pointer.
2022-12-22 10:44:33 +00:00
R = stnode_new(STTYPE_SLICE, NULL, NULL, DFILTER_LOC_EMPTY);
dfilter: Add layer support for references This adds support for using the layers filter with field references. Before: $ dftest 'ip.src != ${ip.src#2}' dftest: invalid character in macro name After: $ dftest 'ip.src != ${ip.src#2}' Filter: ip.src != ${ip.src#2} Syntax tree: 0 TEST_ALL_NE: 1 FIELD(ip.src <FT_IPv4>) 1 REFERENCE(ip.src#[2:1] <FT_IPv4>) Instructions: 00000 READ_TREE ip.src <FT_IPv4> -> reg#0 00001 IF_FALSE_GOTO 5 00002 READ_REFERENCE_R ${ip.src <FT_IPv4>} #[2:1] -> reg#1 00003 IF_FALSE_GOTO 5 00004 ALL_NE reg#0 != reg#1 00005 RETURN This requires adding another level of complexity to references. When loading references we need to copy the 'proto_layer_num' and add the logic to filter on that. The "layer" sttype is removed and replace by a new field sttype with support for a range. This is a nice cleanup for the semantic check and general simplification. The grammar is better too with this design. Range sttype is renamed to slice for clarity.
2022-06-23 23:07:42 +00:00
sttype_slice_set(R, E, L);
dfilter: Allow grouping arithmetical expressions with { } This removes the limitation of having only two terms in an arithmetic expression and allows setting the precedence using curly braces (like any basic calculator). Our grammar currently does not allow grouping arithmetic expressions using parenthesis, because boolean expressions and arithmetic expressions are different and parenthesis are used with the former.
2022-04-04 15:52:11 +00:00
/* Delete the list, but not the drange_nodes that
* the list contains. */
g_slist_free(L);
}
dfilter: Create the syntax node in the scanner and pass that Revert to passing a syntax node from the lexical scanner to the grammar parser. Using a union is not having a discernible advantage and requires duplicating a lot of properties of syntax nodes.
2022-04-07 23:12:56 +00:00
range_node_list(L) ::= RANGE_NODE(N).
dfilter: Allow grouping arithmetical expressions with { } This removes the limitation of having only two terms in an arithmetic expression and allows setting the precedence using curly braces (like any basic calculator). Our grammar currently does not allow grouping arithmetic expressions using parenthesis, because boolean expressions and arithmetic expressions are different and parenthesis are used with the former.
2022-04-04 15:52:11 +00:00
{
dfilter: Remove STTYPE_RANGE_NODE STTYPE_RANGE_NODE is just a lexical token, it is not used withi the syntax tree so remove it.
2022-06-25 13:20:21 +00:00
char *err_msg = NULL;
drange_node *rn = drange_node_from_str(stnode_token(N), &err_msg);
if (err_msg != NULL) {
FAIL(dfw, N, "%s", err_msg);
g_free(err_msg);
}
L = g_slist_append(NULL, rn);
dfilter: Create the syntax node in the scanner and pass that Revert to passing a syntax node from the lexical scanner to the grammar parser. Using a union is not having a discernible advantage and requires duplicating a lot of properties of syntax nodes.
2022-04-07 23:12:56 +00:00
stnode_free(N);
dfilter: Allow grouping arithmetical expressions with { } This removes the limitation of having only two terms in an arithmetic expression and allows setting the precedence using curly braces (like any basic calculator). Our grammar currently does not allow grouping arithmetic expressions using parenthesis, because boolean expressions and arithmetic expressions are different and parenthesis are used with the former.
2022-04-04 15:52:11 +00:00
}
dfilter: Create the syntax node in the scanner and pass that Revert to passing a syntax node from the lexical scanner to the grammar parser. Using a union is not having a discernible advantage and requires duplicating a lot of properties of syntax nodes.
2022-04-07 23:12:56 +00:00
range_node_list(L) ::= range_node_list(P) COMMA RANGE_NODE(N).
dfilter: Allow grouping arithmetical expressions with { } This removes the limitation of having only two terms in an arithmetic expression and allows setting the precedence using curly braces (like any basic calculator). Our grammar currently does not allow grouping arithmetic expressions using parenthesis, because boolean expressions and arithmetic expressions are different and parenthesis are used with the former.
2022-04-04 15:52:11 +00:00
{
dfilter: Remove STTYPE_RANGE_NODE STTYPE_RANGE_NODE is just a lexical token, it is not used withi the syntax tree so remove it.
2022-06-25 13:20:21 +00:00
char *err_msg = NULL;
drange_node *rn = drange_node_from_str(stnode_token(N), &err_msg);
if (err_msg != NULL) {
FAIL(dfw, N, "%s", err_msg);
g_free(err_msg);
}
L = g_slist_append(P, rn);
dfilter: Create the syntax node in the scanner and pass that Revert to passing a syntax node from the lexical scanner to the grammar parser. Using a union is not having a discernible advantage and requires duplicating a lot of properties of syntax nodes.
2022-04-07 23:12:56 +00:00
stnode_free(N);
dfilter: Allow grouping arithmetical expressions with { } This removes the limitation of having only two terms in an arithmetic expression and allows setting the precedence using curly braces (like any basic calculator). Our grammar currently does not allow grouping arithmetic expressions using parenthesis, because boolean expressions and arithmetic expressions are different and parenthesis are used with the former.
2022-04-04 15:52:11 +00:00
}
Add infrastructure for display filter functions. Add upper() and lower() display filter functions for string fields. svn path=/trunk/; revision=18071
2006-05-02 14:26:17 +00:00
/* Functions */
dfilter: Move a constructor to the grammar file
2021-11-05 06:41:41 +00:00
%code {
dfilter: Convert grammar.lemon to 4-space indentation Add global EditorConfig settings for lemon files. Add exceptions for the two grammar files that use tab indentation.
2021-12-01 19:45:30 +00:00
static stnode_t *
dfilter: Create the syntax node in the scanner and pass that Revert to passing a syntax node from the lexical scanner to the grammar parser. Using a union is not having a discernible advantage and requires duplicating a lot of properties of syntax nodes.
2022-04-07 23:12:56 +00:00
new_function(dfwork_t *dfw, stnode_t *node)
dfilter: Convert grammar.lemon to 4-space indentation Add global EditorConfig settings for lemon files. Add exceptions for the two grammar files that use tab indentation.
2021-12-01 19:45:30 +00:00
{
dfilter: Remove unparsed syntax type and RHS literal bias This removes unparsed name resolution during the semantic check because it feels like a hack to work around limitations in the language syntax, that should be solved at the lexical level instead. We were interpreting unparsed differently on the LHS and RHS. Now an unparsed value is always a field if it matches a registered field name (this matches the implementation in 3.6 and before). This requires tightening a bit the allowed filter names for protocols to avoid some common and potentially weird conflicting cases. Incidentally this extends set grammar to accept all entities. That is experimental and may be reverted in the future.
2022-06-25 10:25:36 +00:00
const char *name = stnode_token(node);
dfilter: Create the syntax node in the scanner and pass that Revert to passing a syntax node from the lexical scanner to the grammar parser. Using a union is not having a discernible advantage and requires duplicating a lot of properties of syntax nodes.
2022-04-07 23:12:56 +00:00
dfilter: Convert grammar.lemon to 4-space indentation Add global EditorConfig settings for lemon files. Add exceptions for the two grammar files that use tab indentation.
2021-12-01 19:45:30 +00:00
df_func_def_t *def = df_func_lookup(name);
if (!def) {
dfilter: Add location tracking to scanner and use it to report errors Add location tracking as a column offset and length from offset to the scanner. Our input is a single line only so we don't need to track line offset. Record that information in the syntax tree. Return the error location in dfilter_compile(). Use it in dftest to mark the location of the error in the filter string. Later it would be nice to use the location in the GUI as well. $ dftest "ip.proto == aaaaaa and tcp.port == 123" Filter: ip.proto == aaaaaa and tcp.port == 123 dftest: "aaaaaa" cannot be found among the possible values for ip.proto. ip.proto == aaaaaa and tcp.port == 123 ^~~~~~
2022-04-07 12:57:39 +00:00
FAIL(dfw, node, "Function '%s' does not exist", name);
dfilter: Convert grammar.lemon to 4-space indentation Add global EditorConfig settings for lemon files. Add exceptions for the two grammar files that use tab indentation.
2021-12-01 19:45:30 +00:00
}
dfilter: Create the syntax node in the scanner and pass that Revert to passing a syntax node from the lexical scanner to the grammar parser. Using a union is not having a discernible advantage and requires duplicating a lot of properties of syntax nodes.
2022-04-07 23:12:56 +00:00
stnode_replace(node, STTYPE_FUNCTION, def);
dfilter: Convert grammar.lemon to 4-space indentation Add global EditorConfig settings for lemon files. Add exceptions for the two grammar files that use tab indentation.
2021-12-01 19:45:30 +00:00
return node;
}
dfilter: Move a constructor to the grammar file
2021-11-05 06:41:41 +00:00
}
Add infrastructure for display filter functions. Add upper() and lower() display filter functions for string fields. svn path=/trunk/; revision=18071
2006-05-02 14:26:17 +00:00
/* A function can have one or more parameters */
dfilter: Replace unparsed lexical type and simplify grammar Remove unparsed lexical type and replace it with identifier and constant. This separation is still necessary to differentiate names (fields and function) from literals that look like names but it has some advantages to do it at the lexical level. The main advantage is a much cleaner and simplified grammar, because we only have a single token type for field names, without any loss of generality (the same name is valid for fields and function names for example). The CONSTANT token type is necessary to be different from literal to provide errors for function rules.
2022-12-28 22:12:36 +00:00
function(F) ::= IDENTIFIER(U) LPAREN(L) func_params_list(P) RPAREN(R).
Add infrastructure for display filter functions. Add upper() and lower() display filter functions for string fields. svn path=/trunk/; revision=18071
2006-05-02 14:26:17 +00:00
{
dfilter: Convert grammar.lemon to 4-space indentation Add global EditorConfig settings for lemon files. Add exceptions for the two grammar files that use tab indentation.
2021-12-01 19:45:30 +00:00
F = new_function(dfw, U);
sttype_function_set_params(F, P);
dfilter: Improve error location for functions Underline the whole expression if the error is for the function. Before: Filter: frame.number == abs(1, 2) dftest: Function abs can only accept 1 arguments. frame.number == abs(1, 2) ^~~ After: Filter: frame.number == abs(1, 2) dftest: Function abs can only accept 1 arguments. frame.number == abs(1, 2) ^~~~~~~~~
2022-12-28 00:06:30 +00:00
df_loc_t loc = stnode_merge_location(F, L, R, (stnode_t *)NULL);
stnode_set_location(F, loc);
stnode_free(L);
stnode_free(R);
Add infrastructure for display filter functions. Add upper() and lower() display filter functions for string fields. svn path=/trunk/; revision=18071
2006-05-02 14:26:17 +00:00
}
dfilter: Replace unparsed lexical type and simplify grammar Remove unparsed lexical type and replace it with identifier and constant. This separation is still necessary to differentiate names (fields and function) from literals that look like names but it has some advantages to do it at the lexical level. The main advantage is a much cleaner and simplified grammar, because we only have a single token type for field names, without any loss of generality (the same name is valid for fields and function names for example). The CONSTANT token type is necessary to be different from literal to provide errors for function rules.
2022-12-28 22:12:36 +00:00
function ::= CONSTANT(U) LPAREN func_params_list RPAREN.
{
FAIL(dfw, U, "Function '%s' does not exist", stnode_token(U));
}
Add infrastructure for display filter functions. Add upper() and lower() display filter functions for string fields. svn path=/trunk/; revision=18071
2006-05-02 14:26:17 +00:00
/* A function can have zero parameters. */
dfilter: Replace unparsed lexical type and simplify grammar Remove unparsed lexical type and replace it with identifier and constant. This separation is still necessary to differentiate names (fields and function) from literals that look like names but it has some advantages to do it at the lexical level. The main advantage is a much cleaner and simplified grammar, because we only have a single token type for field names, without any loss of generality (the same name is valid for fields and function names for example). The CONSTANT token type is necessary to be different from literal to provide errors for function rules.
2022-12-28 22:12:36 +00:00
function(F) ::= IDENTIFIER(U) LPAREN(L) RPAREN(R).
Add infrastructure for display filter functions. Add upper() and lower() display filter functions for string fields. svn path=/trunk/; revision=18071
2006-05-02 14:26:17 +00:00
{
dfilter: Convert grammar.lemon to 4-space indentation Add global EditorConfig settings for lemon files. Add exceptions for the two grammar files that use tab indentation.
2021-12-01 19:45:30 +00:00
F = new_function(dfw, U);
dfilter: Improve error location for functions Underline the whole expression if the error is for the function. Before: Filter: frame.number == abs(1, 2) dftest: Function abs can only accept 1 arguments. frame.number == abs(1, 2) ^~~ After: Filter: frame.number == abs(1, 2) dftest: Function abs can only accept 1 arguments. frame.number == abs(1, 2) ^~~~~~~~~
2022-12-28 00:06:30 +00:00
df_loc_t loc = stnode_merge_location(F, L, R, (stnode_t *)NULL);
stnode_set_location(F, loc);
stnode_free(L);
stnode_free(R);
Add infrastructure for display filter functions. Add upper() and lower() display filter functions for string fields. svn path=/trunk/; revision=18071
2006-05-02 14:26:17 +00:00
}
dfilter: Replace unparsed lexical type and simplify grammar Remove unparsed lexical type and replace it with identifier and constant. This separation is still necessary to differentiate names (fields and function) from literals that look like names but it has some advantages to do it at the lexical level. The main advantage is a much cleaner and simplified grammar, because we only have a single token type for field names, without any loss of generality (the same name is valid for fields and function names for example). The CONSTANT token type is necessary to be different from literal to provide errors for function rules.
2022-12-28 22:12:36 +00:00
function ::= CONSTANT(U) LPAREN RPAREN.
{
FAIL(dfw, U, "Function '%s' does not exist", stnode_token(U));
}
dfilter: Rename grammar rules
2022-12-29 02:22:53 +00:00
func_params_list(P) ::= arithmetic_expr(E).
Add infrastructure for display filter functions. Add upper() and lower() display filter functions for string fields. svn path=/trunk/; revision=18071
2006-05-02 14:26:17 +00:00
{
dfilter: Convert grammar.lemon to 4-space indentation Add global EditorConfig settings for lemon files. Add exceptions for the two grammar files that use tab indentation.
2021-12-01 19:45:30 +00:00
P = g_slist_append(NULL, E);
Add infrastructure for display filter functions. Add upper() and lower() display filter functions for string fields. svn path=/trunk/; revision=18071
2006-05-02 14:26:17 +00:00
}
dfilter: Rename grammar rules
2022-12-29 02:22:53 +00:00
func_params_list(P) ::= func_params_list(L) COMMA arithmetic_expr(E).
Add infrastructure for display filter functions. Add upper() and lower() display filter functions for string fields. svn path=/trunk/; revision=18071
2006-05-02 14:26:17 +00:00
{
dfilter: Convert grammar.lemon to 4-space indentation Add global EditorConfig settings for lemon files. Add exceptions for the two grammar files that use tab indentation.
2021-12-01 19:45:30 +00:00
P = g_slist_append(L, E);
Add infrastructure for display filter functions. Add upper() and lower() display filter functions for string fields. svn path=/trunk/; revision=18071
2006-05-02 14:26:17 +00:00
}