Add support for display filter binary addition and subtraction.
The grammar is intentionally kept simple for now. The use case
is to add a constant to a protocol field, or (maybe) add two
fields in an expression.
We use signed arithmetic with unsigned numbers, checking for
overflow and casting where necessary to do the conversion.
We could legitimately opt to use traditional modular arithmetic
instead (like C) and if it turns out that that is more useful for
some reason we may want to in the future.
Fixes#15504.
This program generates complete pcap files containing the proposed U-SIG
radiotap TLVs along with enough else to make it readable. You cannot currently
read such packets with tshark or wireshark until I add U-SIG handling to
Wireshark.
We keep our various packaging assets in the "packaging" directory. Move
the Debian assets there. dpkg-buildpackage doesn't seem appear to have a
"debian directory path" option, but symlinking worked in my test
container.
macos-setup.sh:
- Fix filename of libtiff in existence test from "libtiff" to "tiff"
- Added fallback URL for libtiff when the downloaded file is not a valid gzip
archive. The host rotates older versions of libtiff into an "old"
subdirectory, so curl downloads a 404 Web page and exits without error. Then
the call to gzcat fails with an invalid gzip archive error. Maybe libtiff
version should be updated instead?
When checking is_dissector_file(), only match against files that
end in ".c" and not, e.g. ".c.swp" ".c~" or other such temporary
files that might be binary files (as with vim .swp files).
Prevents errors like "UnicodeDecodeError: 'utf-8' codec can't decode
byte 0xe4 in position 18: invalid continuation byte" with Python 3
when a dissector file is open in vim.
Repeated words were found with:
egrep "(\b[a-zA-Z]+) +\1\b" . -Ir
and then manually reviewed.
Non-displayed strings (e.g., in comments)
were also corrected, to ease future review.
The Enhanced Trading Interface (ETI) protocol and the Enhanced
Order Book Interface (EOBI) protocol are used by a few European
exchanges such as Eurex, Xetra and Börse Frankfurt.
Basically, a trader uses ETI to communicate with a matching
engine (over TCP), e.g. to add a new order, modify an existing
one, etc. while the matching engine also publicizes the current
state of the order book via EOBI over multicast UDP feeds.
ETI actually consists of two variants, i.e. ETI for derivatives
markets (such as Eurex) and ETI for cash markets (such as Xetra).
A common convention is to abbreviate them as ETI (for
derivatives) and XTI (for cash).
These protocols share the same encoding, i.e. messages start with
a length and a tag field and most messages and fields are fixed
size. See also
https://github.com/gsauthof/python-eti#protocol-introduction for
some more details.
The protocol specifications are openly available (cf.
https://github.com/gsauthof/python-eti#protocol-descriptions for
direct links) in human and machine-readable (XML) formats.
The Wireshark ETI/XTI/EOBI dissectors are code-generated by
`eti2wireshark.py`
(https://github.com/gsauthof/python-eti/blob/master/eti2wireshark.py)
which is GPL licensed. See also
https://github.com/gsauthof/python-eti#wireshark-protocol-dissectors
for usage examples and related work.
At least on Monterey, with Xcode 13.1, the linker whines that we weren't
granted the Sacred and Holy Right to link with the Python 2.7 framework.
As far as I know, we have no need to use that framework, so configure it
out.
Point it to fetch files from falcosecurity/libs repo.
Moreover, add support for blank spaces in param names.
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
Since we now support ISO 8601 Basic format, have asn2wrs.py
convert GeneralizedTime fields in BER to FT_ABSOLUTE_TIMEs and use
the new common code to convert them. This means that the fields
can be compared with other time fields in filters, etc.
C is notoriously difficult to bind from other languages
without additional metadata. The C ABI does not include
enums and macros that are an essential component of the
API.
To make Wireshark instrospectable and more binding friendly
include an introspection API to export enums and integer macros.
To avoid the tedious need to manually keep the code up to date
it uses the excellent pyclibrary python package to automatically
parse C headers and extract this data.
This is not a process that should be done automatically during
the build.
This could be used for example to replace most of the wslua
make-init-lua.pl perl script, which tries to do the same thing
using regular expressions.
Besides the downside of using Perl using regular expressions
is inferior to pyclibrary in 2 ways: 1) pyclibrary understands
most of C99 grammar so it is much more powerful; 2) pyclibrary
has a specific API to extract "values" (enums and constants)
automagically. We just need to take care to use only integer
values, for our purposes.
This was intentionally kept simple (matches the philosophy of Arch).
In particular I wasn't so concerned about what is a required build
dependency and what is an optional build dependency to compile the
programs. I don't know why one would ever wish to skip installation
of non-essential library dependencies. But others are very welcome
to extend this intentionally barebones effort.
The script also adds an "--install-all" flag to install everything
at once. I keep forgetting the name of the other options.
I used the build optional flag to install packages required to build
documentation and so on. Ancillary stuff.
PCRE2 is the future of PCRE. The only advantage of GRegex is that
it comes bundled with GLib, which is not an advantage at all.
PCRE2 is widely available, the GRegex abstractions layer are not a
good fit and abstract things that don't need abstracting or that we
could handle better ourselves, there are open bugs (#12997) and
maintenance is spotty at best.
GRegex comes with many of the problems of bundled code, aggravated by
the fact that it completely falls outside of our control.
The header ftypes-int.h should not be used outside of epan/ftypes
because it is a private header.
The functions fvalue_free() and fvalue_cleanup() need not and should
not be macros either.
Remove a duplicated argument to fix a warning:
Wrong number of arguments for string format.
Format ptvcursor_add(cursor, hf_skinny_%s, 6, ENC_NA);
takes 1, but 2 are provided.
Add tname as argument to Type eth_type_default_body() to fix a warning.
Call to method Type.eth_type_default_body with too many arguments;
should be no more than 1.
Add ID count sanity checks and make sure we don't update pci-ids.c
unless the checks pass. Fix a bunch of Pylint warnings. Strip leading
whitespace from our output strings.
I found that SkinnyProtocolOptimized.xml and packet-skinny.c.in are not in
sync with packet-skinny.c. Obviously packet-skinny.c file was modified
multiple times manually.
I made changes:
- synced all typos fixed in packet-skinny.c to SkinnyProtocolOptimized.xml
- improved parse_xml2skinny_dissector.py to be able to generate
additional information to flow sequence
- updated SkinnyProtocolOptimized.xml to mark where to generate
additional information
If fact the outcome is just refactoring of original code.
Asterix data format is a complex family of asterix categories,
where each individual category exists in multiple editions.
As a result of many variants, the epan/dissectors/packet-asterix.c
is one of the largest dissectors.
So far, the asterix dissector had been maintained manually, where the
generic decoding routines and category/edition specific definitions
were entangled in the same file (packet-asterix.c).
This commit preserves the overall dissector structure, but makes
it easy to update the dissector with new categories or editions as
they become available (via the update script from this commit).
See tools/asterix/README.md file for dissector update procedure.
This commit includes:
- tools/asterix/packet-asterix-template.c
Extraction of generic asterix decoding routines and
common data structures.
- tools/asterix/update-specs.py
Update script, to render the template with up-to-date asterix
specs files. The asterix specs files themselves are maintained in
a separate repository.
- epan/dissectors/packet-asterix.c
Automatically generated dissector for asterix data format.
Although generated, this file needs to remain in the repository,
to be able to build the project in a reproducible way.
The generated asterix dissector was additionally tested with:
- ./tools/check_typed_item_calls.py --mask
- ./tools/fuzz-test.sh
Sync with asterix-specs #cef694825c
Dylan Ulis