2001-02-01 20:31:21 +00:00
|
|
|
/*
|
2004-07-18 00:24:25 +00:00
|
|
|
* $Id$
|
2001-02-01 20:31:21 +00:00
|
|
|
*
|
2006-05-21 05:12:17 +00:00
|
|
|
* Wireshark - Network traffic analyzer
|
|
|
|
* By Gerald Combs <gerald@wireshark.org>
|
2001-02-01 20:31:21 +00:00
|
|
|
* Copyright 2001 Gerald Combs
|
2002-08-28 20:41:00 +00:00
|
|
|
*
|
2001-02-01 20:31:21 +00:00
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
* as published by the Free Software Foundation; either version 2
|
|
|
|
* of the License, or (at your option) any later version.
|
2002-08-28 20:41:00 +00:00
|
|
|
*
|
2001-02-01 20:31:21 +00:00
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
2002-08-28 20:41:00 +00:00
|
|
|
*
|
2001-02-01 20:31:21 +00:00
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
|
|
|
*/
|
2001-02-01 20:21:25 +00:00
|
|
|
|
|
|
|
#ifdef HAVE_CONFIG_H
|
|
|
|
#include "config.h"
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#include <ftypes-int.h>
|
2003-08-27 21:11:39 +00:00
|
|
|
#include <string.h>
|
2001-02-01 20:21:25 +00:00
|
|
|
|
2003-12-17 22:42:02 +00:00
|
|
|
#ifdef HAVE_LIBPCRE
|
|
|
|
#include <pcre.h>
|
|
|
|
#define CMP_MATCHES cmp_matches
|
|
|
|
#else
|
|
|
|
#define CMP_MATCHES NULL
|
|
|
|
#endif
|
|
|
|
|
2003-08-27 15:23:11 +00:00
|
|
|
#define tvb_is_private fvalue_gboolean1
|
|
|
|
|
2001-02-01 20:21:25 +00:00
|
|
|
static void
|
|
|
|
value_new(fvalue_t *fv)
|
|
|
|
{
|
|
|
|
fv->value.tvb = NULL;
|
2003-08-27 15:23:11 +00:00
|
|
|
fv->tvb_is_private = FALSE;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
value_free(fvalue_t *fv)
|
|
|
|
{
|
2003-10-29 23:48:14 +00:00
|
|
|
if (fv->value.tvb && fv->tvb_is_private) {
|
2003-08-27 15:23:11 +00:00
|
|
|
tvb_free_chain(fv->value.tvb);
|
|
|
|
}
|
2001-02-01 20:21:25 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
value_set(fvalue_t *fv, gpointer value, gboolean already_copied)
|
|
|
|
{
|
|
|
|
g_assert(already_copied);
|
2003-10-29 23:48:14 +00:00
|
|
|
|
|
|
|
/* Free up the old value, if we have one */
|
|
|
|
value_free(fv);
|
|
|
|
|
2001-02-01 20:21:25 +00:00
|
|
|
fv->value.tvb = value;
|
|
|
|
}
|
|
|
|
|
2003-08-27 15:23:11 +00:00
|
|
|
static void
|
|
|
|
free_tvb_data(void *data)
|
|
|
|
{
|
|
|
|
g_free(data);
|
|
|
|
}
|
|
|
|
|
|
|
|
static gboolean
|
|
|
|
val_from_string(fvalue_t *fv, char *s, LogFunc logfunc _U_)
|
|
|
|
{
|
|
|
|
tvbuff_t *new_tvb;
|
|
|
|
guint8 *private_data;
|
|
|
|
|
2003-10-29 23:48:14 +00:00
|
|
|
/* Free up the old value, if we have one */
|
|
|
|
value_free(fv);
|
|
|
|
|
2003-08-27 15:23:11 +00:00
|
|
|
/* Make a tvbuff from the string. We can drop the
|
|
|
|
* terminating NUL. */
|
|
|
|
private_data = g_memdup(s, strlen(s));
|
|
|
|
new_tvb = tvb_new_real_data(private_data,
|
|
|
|
strlen(s), strlen(s));
|
|
|
|
|
|
|
|
/* Let the tvbuff know how to delete the data. */
|
|
|
|
tvb_set_free_cb(new_tvb, free_tvb_data);
|
|
|
|
|
|
|
|
/* And let us know that we need to free the tvbuff */
|
|
|
|
fv->tvb_is_private = TRUE;
|
|
|
|
fv->value.tvb = new_tvb;
|
|
|
|
return TRUE;
|
|
|
|
}
|
|
|
|
|
|
|
|
static gboolean
|
|
|
|
val_from_unparsed(fvalue_t *fv, char *s, gboolean allow_partial_value _U_, LogFunc logfunc)
|
|
|
|
{
|
|
|
|
fvalue_t *fv_bytes;
|
|
|
|
tvbuff_t *new_tvb;
|
|
|
|
guint8 *private_data;
|
|
|
|
|
2003-10-29 23:48:14 +00:00
|
|
|
/* Free up the old value, if we have one */
|
|
|
|
value_free(fv);
|
|
|
|
|
2003-08-27 15:23:11 +00:00
|
|
|
/* Does this look like a byte string? */
|
|
|
|
fv_bytes = fvalue_from_unparsed(FT_BYTES, s, TRUE, NULL);
|
|
|
|
if (fv_bytes) {
|
|
|
|
/* Make a tvbuff from the bytes */
|
|
|
|
private_data = g_memdup(fv_bytes->value.bytes->data,
|
|
|
|
fv_bytes->value.bytes->len);
|
|
|
|
new_tvb = tvb_new_real_data(private_data,
|
|
|
|
fv_bytes->value.bytes->len,
|
|
|
|
fv_bytes->value.bytes->len);
|
|
|
|
|
|
|
|
/* Let the tvbuff know how to delete the data. */
|
|
|
|
tvb_set_free_cb(new_tvb, free_tvb_data);
|
|
|
|
|
|
|
|
/* And let us know that we need to free the tvbuff */
|
|
|
|
fv->tvb_is_private = TRUE;
|
|
|
|
fv->value.tvb = new_tvb;
|
|
|
|
return TRUE;
|
|
|
|
}
|
2008-02-07 15:44:45 +00:00
|
|
|
|
|
|
|
/* Treat it as a string. */
|
|
|
|
return val_from_string(fv, s, logfunc);
|
2003-08-27 15:23:11 +00:00
|
|
|
}
|
|
|
|
|
2005-10-31 02:42:22 +00:00
|
|
|
static int
|
|
|
|
val_repr_len(fvalue_t *fv, ftrepr_t rtype)
|
|
|
|
{
|
|
|
|
guint length;
|
|
|
|
|
|
|
|
g_assert(rtype == FTREPR_DFILTER);
|
|
|
|
length = tvb_length(fv->value.tvb);
|
|
|
|
/* 3 bytes for each byte of the byte "NN:" minus 1 byte
|
|
|
|
* as there's no trailing ":". */
|
|
|
|
return length * 3 - 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
val_to_repr(fvalue_t *fv, ftrepr_t rtype, char *buf)
|
|
|
|
{
|
|
|
|
guint length;
|
|
|
|
const guint8 *c;
|
|
|
|
char *write_cursor;
|
|
|
|
unsigned int i;
|
|
|
|
|
|
|
|
g_assert(rtype == FTREPR_DFILTER);
|
|
|
|
length = tvb_length(fv->value.tvb);
|
|
|
|
c = tvb_get_ptr(fv->value.tvb, 0, length);
|
|
|
|
write_cursor = buf;
|
|
|
|
|
|
|
|
for (i = 0; i < length; i++) {
|
|
|
|
if (i == 0) {
|
|
|
|
sprintf(write_cursor, "%02x", *c++);
|
|
|
|
write_cursor += 2;
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
sprintf(write_cursor, ":%02x", *c++);
|
|
|
|
write_cursor += 3;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2001-02-01 20:21:25 +00:00
|
|
|
static gpointer
|
|
|
|
value_get(fvalue_t *fv)
|
|
|
|
{
|
|
|
|
return fv->value.tvb;
|
|
|
|
}
|
|
|
|
|
|
|
|
static guint
|
|
|
|
len(fvalue_t *fv)
|
|
|
|
{
|
|
|
|
if (fv->value.tvb)
|
|
|
|
return tvb_length(fv->value.tvb);
|
|
|
|
else
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
slice(fvalue_t *fv, GByteArray *bytes, guint offset, guint length)
|
|
|
|
{
|
2001-03-13 21:34:28 +00:00
|
|
|
const guint8* data;
|
2001-02-01 20:21:25 +00:00
|
|
|
|
|
|
|
if (fv->value.tvb) {
|
2001-02-01 23:39:18 +00:00
|
|
|
TRY {
|
|
|
|
data = tvb_get_ptr(fv->value.tvb, offset, length);
|
|
|
|
g_byte_array_append(bytes, data, length);
|
|
|
|
}
|
|
|
|
CATCH_ALL {
|
|
|
|
/* nothing */
|
|
|
|
}
|
|
|
|
ENDTRY;
|
|
|
|
|
2001-02-01 20:21:25 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2008-04-21 21:36:11 +00:00
|
|
|
static gboolean
|
|
|
|
cmp_eq(fvalue_t *fv_a, fvalue_t *fv_b)
|
|
|
|
{
|
|
|
|
tvbuff_t *a = fv_a->value.tvb;
|
|
|
|
tvbuff_t *b = fv_b->value.tvb;
|
|
|
|
guint a_len = tvb_length(a);
|
|
|
|
|
|
|
|
if (a_len != tvb_length(b)) {
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
|
|
|
return (memcmp(tvb_get_ptr(a, 0, a_len), tvb_get_ptr(b, 0, a_len), a_len) == 0);
|
|
|
|
}
|
|
|
|
|
|
|
|
static gboolean
|
|
|
|
cmp_ne(fvalue_t *fv_a, fvalue_t *fv_b)
|
|
|
|
{
|
|
|
|
tvbuff_t *a = fv_a->value.tvb;
|
|
|
|
tvbuff_t *b = fv_b->value.tvb;
|
|
|
|
guint a_len = tvb_length(a);
|
|
|
|
|
|
|
|
if (a_len != tvb_length(b)) {
|
|
|
|
return TRUE;
|
|
|
|
}
|
|
|
|
|
|
|
|
return (memcmp(tvb_get_ptr(a, 0, a_len), tvb_get_ptr(b, 0, a_len), a_len) != 0);
|
|
|
|
}
|
|
|
|
|
|
|
|
static gboolean
|
|
|
|
cmp_gt(fvalue_t *fv_a, fvalue_t *fv_b)
|
|
|
|
{
|
|
|
|
tvbuff_t *a = fv_a->value.tvb;
|
|
|
|
tvbuff_t *b = fv_b->value.tvb;
|
|
|
|
guint a_len = tvb_length(a);
|
|
|
|
guint b_len = tvb_length(b);
|
|
|
|
|
|
|
|
if (a_len > b_len) {
|
|
|
|
return TRUE;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (a_len < b_len) {
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
|
|
|
return (memcmp(tvb_get_ptr(a, 0, a_len), tvb_get_ptr(b, 0, a_len), a_len) > 0);
|
|
|
|
}
|
|
|
|
|
|
|
|
static gboolean
|
|
|
|
cmp_ge(fvalue_t *fv_a, fvalue_t *fv_b)
|
|
|
|
{
|
|
|
|
tvbuff_t *a = fv_a->value.tvb;
|
|
|
|
tvbuff_t *b = fv_b->value.tvb;
|
|
|
|
guint a_len = tvb_length(a);
|
|
|
|
guint b_len = tvb_length(b);
|
|
|
|
|
|
|
|
if (a_len > b_len) {
|
|
|
|
return TRUE;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (a_len < b_len) {
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
|
|
|
return (memcmp(tvb_get_ptr(a, 0, a_len), tvb_get_ptr(b, 0, a_len), a_len) >= 0);
|
|
|
|
}
|
|
|
|
|
|
|
|
static gboolean
|
|
|
|
cmp_lt(fvalue_t *fv_a, fvalue_t *fv_b)
|
|
|
|
{
|
|
|
|
tvbuff_t *a = fv_a->value.tvb;
|
|
|
|
tvbuff_t *b = fv_b->value.tvb;
|
|
|
|
guint a_len = tvb_length(a);
|
|
|
|
guint b_len = tvb_length(b);
|
|
|
|
|
|
|
|
if (a_len < b_len) {
|
|
|
|
return TRUE;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (a_len > b_len) {
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
|
|
|
return (memcmp(tvb_get_ptr(a, 0, a_len), tvb_get_ptr(b, 0, a_len), a_len) < 0);
|
|
|
|
}
|
|
|
|
|
|
|
|
static gboolean
|
|
|
|
cmp_le(fvalue_t *fv_a, fvalue_t *fv_b)
|
|
|
|
{
|
|
|
|
tvbuff_t *a = fv_a->value.tvb;
|
|
|
|
tvbuff_t *b = fv_b->value.tvb;
|
|
|
|
guint a_len = tvb_length(a);
|
|
|
|
guint b_len = tvb_length(b);
|
|
|
|
|
|
|
|
if (a_len < b_len) {
|
|
|
|
return TRUE;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (a_len > b_len) {
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
|
|
|
return (memcmp(tvb_get_ptr(a, 0, a_len), tvb_get_ptr(b, 0, a_len), a_len) <= 0);
|
|
|
|
}
|
|
|
|
|
2003-08-27 15:23:11 +00:00
|
|
|
static gboolean
|
|
|
|
cmp_contains(fvalue_t *fv_a, fvalue_t *fv_b)
|
|
|
|
{
|
|
|
|
if (tvb_find_tvb(fv_a->value.tvb, fv_b->value.tvb, 0) > -1) {
|
|
|
|
return TRUE;
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2003-12-17 22:42:02 +00:00
|
|
|
#ifdef HAVE_LIBPCRE
|
|
|
|
static gboolean
|
|
|
|
cmp_matches(fvalue_t *fv_a, fvalue_t *fv_b)
|
|
|
|
{
|
2003-12-18 13:02:19 +00:00
|
|
|
tvbuff_t *tvb = fv_a->value.tvb;
|
|
|
|
pcre_tuple_t *pcre = fv_b->value.re;
|
2003-12-17 22:42:02 +00:00
|
|
|
int options = 0;
|
2005-10-31 02:42:22 +00:00
|
|
|
volatile int rc = 1;
|
2003-12-18 13:02:19 +00:00
|
|
|
const char *data = NULL; /* tvb data */
|
|
|
|
guint32 tvb_len; /* tvb length */
|
2003-12-17 22:42:02 +00:00
|
|
|
|
|
|
|
/* fv_b is always a FT_PCRE, otherwise the dfilter semcheck() would have
|
|
|
|
* warned us. For the same reason (and because we're using g_malloc()),
|
|
|
|
* fv_b->value.re is not NULL.
|
|
|
|
*/
|
|
|
|
if (strcmp(fv_b->ftype->name, "FT_PCRE") != 0) {
|
|
|
|
return FALSE;
|
|
|
|
}
|
2003-12-18 13:02:19 +00:00
|
|
|
if (! pcre) {
|
2003-12-17 22:42:02 +00:00
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
TRY {
|
2003-12-18 13:02:19 +00:00
|
|
|
tvb_len = tvb_length(tvb);
|
2004-02-01 22:42:24 +00:00
|
|
|
data = (const char *)tvb_get_ptr(tvb, 0, tvb_len);
|
2003-12-17 22:42:02 +00:00
|
|
|
rc = pcre_exec(
|
2003-12-18 13:02:19 +00:00
|
|
|
pcre->re, /* Compiled PCRE */
|
|
|
|
pcre->ex, /* PCRE extra from pcre_study() */
|
2003-12-17 22:42:02 +00:00
|
|
|
data, /* The data to check for the pattern... */
|
|
|
|
tvb_len, /* ... and its length */
|
2005-10-31 02:42:22 +00:00
|
|
|
0, /* Start offset within data */
|
2003-12-17 22:42:02 +00:00
|
|
|
options, /* PCRE options */
|
|
|
|
NULL, /* We are not interested in the matched string */
|
2005-10-31 02:42:22 +00:00
|
|
|
0 /* of the pattern; only in success or failure. */
|
2003-12-17 22:42:02 +00:00
|
|
|
);
|
|
|
|
/* NOTE - DO NOT g_free(data) */
|
|
|
|
}
|
|
|
|
CATCH_ALL {
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
ENDTRY;
|
|
|
|
if (rc == 0) {
|
|
|
|
return TRUE;
|
|
|
|
}
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2001-02-01 20:21:25 +00:00
|
|
|
void
|
|
|
|
ftype_register_tvbuff(void)
|
|
|
|
{
|
|
|
|
|
|
|
|
static ftype_t protocol_type = {
|
2006-05-02 14:26:17 +00:00
|
|
|
FT_PROTOCOL, /* ftype */
|
2003-08-27 15:23:11 +00:00
|
|
|
"FT_PROTOCOL", /* name */
|
|
|
|
"protocol", /* pretty_name */
|
|
|
|
0, /* wire_size */
|
|
|
|
value_new, /* new_value */
|
|
|
|
value_free, /* free_value */
|
|
|
|
val_from_unparsed, /* val_from_unparsed */
|
|
|
|
val_from_string, /* val_from_string */
|
2005-10-31 02:42:22 +00:00
|
|
|
val_to_repr, /* val_to_string_repr */
|
|
|
|
val_repr_len, /* len_string_repr */
|
2001-02-01 20:21:25 +00:00
|
|
|
|
2004-08-22 00:31:58 +00:00
|
|
|
value_set, /* set_value */
|
2007-01-18 11:02:26 +00:00
|
|
|
NULL, /* set_value_uinteger */
|
|
|
|
NULL, /* set_value_sinteger */
|
2004-08-22 00:31:58 +00:00
|
|
|
NULL, /* set_value_integer64 */
|
|
|
|
NULL, /* set_value_floating */
|
|
|
|
|
|
|
|
value_get, /* get_value */
|
2007-01-18 11:02:26 +00:00
|
|
|
NULL, /* get_value_uinteger */
|
|
|
|
NULL, /* get_value_sinteger */
|
2004-08-22 00:31:58 +00:00
|
|
|
NULL, /* get_value_integer64 */
|
|
|
|
NULL, /* get_value_floating */
|
2001-02-01 20:21:25 +00:00
|
|
|
|
2008-04-21 21:36:11 +00:00
|
|
|
cmp_eq,
|
|
|
|
cmp_ne,
|
|
|
|
cmp_gt,
|
|
|
|
cmp_ge,
|
|
|
|
cmp_lt,
|
|
|
|
cmp_le,
|
2004-02-27 12:00:32 +00:00
|
|
|
NULL, /* cmp_bitwise_and */
|
2003-12-06 16:35:20 +00:00
|
|
|
cmp_contains,
|
2003-12-17 22:42:02 +00:00
|
|
|
CMP_MATCHES,
|
2001-02-01 20:21:25 +00:00
|
|
|
|
|
|
|
len,
|
|
|
|
slice,
|
|
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
ftype_register(FT_PROTOCOL, &protocol_type);
|
|
|
|
}
|