Split ws_regex_matches() into two functions with better semantics
and remove the WS_REGEX_ZERO_TERMINATED symbol.
ws_regex_matches() matches zero terminated strings.
ws_regex_matches_length() matches a string length in code units.
Replace:
g_snprintf() -> snprintf()
g_vsnprintf() -> vsnprintf()
g_strdup_printf() -> ws_strdup_printf()
g_strdup_vprintf() -> ws_strdup_vprintf()
This is more portable, user-friendly and faster on platforms
where GLib does not like the native I/O.
Adjust the format string to use macros from intypes.h.
Move epan_memmem() and epan_strcasestr() to wsutil/str_util.
Rename to ws_memmem() and ws_strcasestr(). Add compile time
check for a system implementation and use that if available.
We invoke those functions using a wrapper to avoid exposing
_GNU_SOURCE outside of the implementation.
Invalid character constants should be handled in the lexical scanner.
Todo: See if some code could be shared to parse double quoted strings.
It also fixes some unintuitive type coercions to string. Character
constants should be treated as characters, or maybe integers, or
maybe even throw an invalid comparison error, but coverting to a
literal string or byte array is surprising and not particularly
useful:
'\xFF' -> "'\xFF'" (equals)
'\xFF' -> "FF" (contains)
Before:
Filter: http.request.method contains "\x63"
Constants:
00000 PUT_FVALUE "c" <FT_STRING> -> reg#1
(...)
Filter: http.request.method contains '\x63'
Constants:
00000 PUT_FVALUE "63" <FT_STRING> -> reg#1
(...)
Filter: http.request.method == "\x63"
Constants:
00000 PUT_FVALUE "c" <FT_STRING> -> reg#1
(...)
Filter: http.request.method == '\x63'
Constants:
00000 PUT_FVALUE "'\\x63'" <FT_STRING> -> reg#1
(...)
After:
Filter: http.request.method contains '\x63'
Constants:
00000 PUT_FVALUE "c" <FT_STRING> -> reg#1
(...)
Filter: http.request.method == '\x63'
Constants:
00000 PUT_FVALUE "c" <FT_STRING> -> reg#1
(...)
This reverts commit d635ff4933.
A charconst cannot be a value string, for that reason it is not
redundant with unparsed.
Maybe character constants should be parsed in the lexical scanner
instead.
Before:
Filter: ip.proto == '\g'
dftest: "'\g'" cannot be found among the possible values for ip.proto.
After:
Filter: ip.proto == '\g'
dftest: "'\g'" isn't a valid character constant.
The implementation is pre-computing the length and using that
to allocate a buffer. This doesn't have any practical advantage
and is inefficient because the code is mostly doing the same work
twice. Remove the unnecessary length pre-computation step.
A charconst uses the same semantic rules as unparsed so just
use the latter to avoid redundancies.
We keep the use of TOKEN_CHARCONST as an optimization to avoid
an unnecessary name resolution (lookup for a registered field with
the same name as the charconst).
FT_PROTOCOL and FT_BYTES are the same semantic type, but one is
backed by a GByteArray and the other by a TVBuff. Use the same
semantic rules to parse both. In particular unparsed strings
are not converted to literal strings for protocols.
Before:
Filter: frame contains 0x0000
Constants:
00000 PUT_FVALUE 30:78:30:30:30:30 <FT_PROTOCOL> -> reg#1
Instructions:
00000 READ_TREE frame -> reg#0
00001 IF-FALSE-GOTO 3
00002 ANY_CONTAINS reg#0 contains reg#1
00003 RETURN
Filter: frame[5:] contains 0x0000
dftest: "0x0000" is not a valid byte string.
After:
Filter: frame contains 0x0000
dftest: "0x0000" is not a valid byte string.
Filter: frame[5:] contains 0x0000
dftest: "0x0000" is not a valid byte string.
Related to #17634.
All the order operators can be defined in terms of 'lt'
and 'eq' so use that to reduce the number of required
methods from 6 to 2.
Further reduce to one by combining those two into a single
function that has memcmp semantics: negative return is
"less than", positive is "greater than" and zero is equal.
Most of the time, the return value tells us nothing useful, as we've
already decided that we're perfectly willing to live with string
truncation. Hopefully this keeps Coverity from whining that those
routines could return an error code (NARRATOR: They don't) and thus that
we're ignoring the possibility of failure (as indicated, we've already
decided that we can live with string truncation, so truncation is *NOT*
a failure).
It's not a valid field type, it's only a hack to support regular
expression matching in packet-matching expressions.
Instead, in the packet-matching code, have a separate syntax tree type
for Perl-compatible regular expressions, and a separate instruction to
load one into a register, and have the "matching" operator for field
types take a GRegex * as the second argument.
Change all wireshark.org URLs to use https.
Fix some broken links while we're at it.
Change-Id: I161bf8eeca43b8027605acea666032da86f5ea1c
Reviewed-on: https://code.wireshark.org/review/34089
Reviewed-by: Guy Harris <guy@alum.mit.edu>
GRegex is a thin wrapper around PCRE. Inputs (patterns and subjects) are
assumed to be UTF-8 by default (unless G_REGEX_RAW is set). If the
subject is not valid UTF-8, normally pcre_exec will immediately return a
failure. However, as GLib sets PCRE_NO_UTF8_CHECK when G_REGEX_RAW is
given, pcre_exec() will skip the safety check and crash instead.
Fix this by always assuming raw byte patterns. Regression risk: patterns
such as `ö.ï` will no longer match `öñï` since `ñ` is a multi-byte
sequence. Patterns such as `(GET|POST) /` remain functional though.
Bug: 14905
Change-Id: I6450bb83f565d377f82a5dbb01690c5f49acd96f
Reviewed-on: https://code.wireshark.org/review/31935
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
SEP_SPACE and BASE_NONE both default to colon (:). Fix SEP_SPACE and add SEP_NONE
Bug: 15253
Change-Id: Ib5db997714414370b08ffb9458c73d4aeef6aacf
Reviewed-on: https://code.wireshark.org/review/30447
Reviewed-by: Jeremy Martin <boardermartin@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Removed get_ipxnet_addr(), get_ether_addr(). If this feature is desired at
a minimum it should use an efficent data structure (and no disk-based
lookups mid-dissection).
Change-Id: Ie72449c631f21f4a3d82ec435bb5e1d7892f122c
Reviewed-on: https://code.wireshark.org/review/22729
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Delete get_value_ptr from struct _ftype_t, make it
part of the get_value union.
Change-Id: I947331069662a7043bd838e622d286629cc7be9a
Reviewed-on: https://code.wireshark.org/review/20647
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Delete get_value_uinteger from struct _ftype_t, make it
part of the get_value union.
Change-Id: I4a6c8341676c442e2bf8ae3b8f771b72161d133c
Reviewed-on: https://code.wireshark.org/review/20640
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Delete get_value_sinteger from struct _ftype_t, make it
part of the get_value union.
Change-Id: I3127252cafc62389ce426639992f1d59f7ac9731
Reviewed-on: https://code.wireshark.org/review/20637
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Delete get_value_uinteger64 from struct _ftype_t, make it
part of the get_value union.
Change-Id: I2b06efb7691c1bd4089994849373ab8b5ff0bcc7
Reviewed-on: https://code.wireshark.org/review/20618
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Delete get_value_sinteger64 from struct _ftype_t, make it
part of the get_value union.
Change-Id: I0113f70ab0aadd1aa655466e896e3acce6c8faeb
Reviewed-on: https://code.wireshark.org/review/20617
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I6bbaf6a7c8a3124e5eab7a7b97c6be082fe8beff
Reviewed-on: https://code.wireshark.org/review/20611
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This is in preparation for introducing a get_value union, similar to
set_value.
Change-Id: Id0cf913a616e0314638f1531836c3136ed02631d
Reviewed-on: https://code.wireshark.org/review/20610
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Delete set_value_floating from struct _ftype_t, make it
part of the set_value union.
Change-Id: Ic00e1c70488ddc4422c34657c62af7dc07db02d9
Reviewed-on: https://code.wireshark.org/review/20556
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Delete set_value_sinteger64 from struct _ftype_t, make it
part of the set_value union.
Change-Id: I76668f0a6455c5d75c703cd4f440757601246bdb
Reviewed-on: https://code.wireshark.org/review/20551
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Delete set_value_uinteger64 from struct _ftype_t, make it
part of the set_value union.
Change-Id: I12407b7336282daa60fe6e0e742d65e205dc84fd
Reviewed-on: https://code.wireshark.org/review/20539
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Delete set_value_sinteger from struct _ftype_t, make it part of the
set_value union.
Change-Id: I084c4c9beba9978b538d359ebaac21391ebd7f82
Reviewed-on: https://code.wireshark.org/review/20523
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Delete set_value_uinteger from struct _ftype_t, make it part of the
set_value union.
Change-Id: I26de15be8ea0ede76236a8f8a4958bfd97ad9d52
Reviewed-on: https://code.wireshark.org/review/20521
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The comments give the name of the struct _ftype_t component that is
initialized. They are wrong in two places. This confuses my script that
deletes the initializers for the components which were moved into the
union.
Change-Id: I876fb29305a94b241df07c97064f31378752b559
Reviewed-on: https://code.wireshark.org/review/20520
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Delete set_value_protocol from struct _ftype_t, make it part of the
set_value union.
Change-Id: Iae55388b8a2c965944028499619282c3232c31f3
Reviewed-on: https://code.wireshark.org/review/20475
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Delete set_value_string from struct _ftype_t, make it part of the
set_value union.
Change-Id: Ia3a57245330ed0d158c8c3e4552ec5d80752fe0f
Reviewed-on: https://code.wireshark.org/review/20474
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Delete set_value_time from struct _ftype_t, make it part of the
set_value union.
Change-Id: Ieee3b083d52afdd608e31e8ca75b50016fec8a69
Reviewed-on: https://code.wireshark.org/review/20442
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Delete set_value_guid from struct _ftype_t, make it part of the
set_value union.
Change-Id: I3a04ff6b1ab179063ef77a3c475809df0bde5c68
Reviewed-on: https://code.wireshark.org/review/20441
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Delete set_value_bytes from struct _ftype_t, make it part of the
set_value union.
Change-Id: I3ee6a9f68b269ee083794947816e13ea6c1b9d29
Reviewed-on: https://code.wireshark.org/review/20440
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
struct _ftype_t contains a number of pointers to set_value_...()
functions. For each pre-defined ftype_t, only one of these pointers
is != NULL.
As the comment already says, we should move these functions into a
union. ftenum_t ftype will be used for selecting the correct function
pointer from the union.
Create a set_value union and move the FvalueSetByteArrayFunc pointer
into the union. Update fvalue_set_byte_array() accordingly. Check
that the fvalue_t parameter is of the correct type.
Change-Id: I6568d8f47108311289c0cd425f28ea8b38046141
Reviewed-on: https://code.wireshark.org/review/20433
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
This allows the conversion of a few straggler strcpy calls
in ftype library. Also provides a more accurate size value
instead of the many hard coded values the ftypes were using.
Change-Id: Ia6273980432e16ad3a6233816a6054d9fed5d2a4
Reviewed-on: https://code.wireshark.org/review/15344
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
As noted in https://www.wireshark.org/lists/wireshark-dev/201604/msg00103.html
a protocol field isn't really a tv_buff, so allow for the possibility
of a NULL tv_buff in a "protocol type". If the tvb is NULL, use the
string of the protocol field for comparison
Bug: 12335
Change-Id: Ie12a5f7b31c7293c61006b0f70135d100a97c4e0
Reviewed-on: https://code.wireshark.org/review/15261
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
<MISSING> implies that the field should be there and isn't. Allow dissectors to specify when a zero-sized array for a field is perfectly valid.
Ping-Bug: 11803
Change-Id: I3fd60e3c6f832c6b4a3a8837ebc52c3e74e795ae
Reviewed-on: https://code.wireshark.org/review/12271
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: João Valverde <j@v6e.pt>
Reviewed-by: Michael Mann <mmann78@netscape.net>
by default, an empty byte array (FT_BYTES) is represented as an empty string
thus, using "Apply as Filter / Selected" on such an item creates an
invalid display filter expression, e.g. dvb-ci.mmi.char_tbl==
represent an empty byte array as "" if we're compiling a display filter
expression
Bug: 11526
Change-Id: Ie94507a24a496e0c25bcdadfab72fdf9fb35958a
Reviewed-on: https://code.wireshark.org/review/10540
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Since commit v1.99.4rc0-70-g0bec885 (Remove use of sprintf for ftype
string formatting), Wireshark aborts with "Null pointer passed to
bytes_to_hexstr_punct()". This happened with a SSL capture where the
ssl.handshake.extensions_padding_data had a zero length.
Fix it by producing a zero-length string instead (as done by the
previous implementation).
Change-Id: I711d786a9ae692eb44c5e49a30d5fea41c5af31e
Reviewed-on: https://code.wireshark.org/review/7649
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I656d6193aad740ab88bf16fb25c202e766e3092a
Reviewed-on: https://code.wireshark.org/review/7616
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I57354c309ecf3a0c8f0c7cff485638027f30bb19
Reviewed-on: https://code.wireshark.org/review/5813
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>