osmocom
/
wireshark
14
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity
wireshark/epan/dfilter/scanner.l

835 lines
21 KiB
Plaintext
Raw Normal View History

Include config.h at the very beginning of all Flex scanners. That way, if we #define anything for large file support, that's done before we include any system header files that either depend on that definition or that define it themselves if it's not already defined. Change-Id: I9b07344151103be337899dead44d6960715d6813 Reviewed-on: https://code.wireshark.org/review/19035 Petri-Dish: Guy Harris <guy@alum.mit.edu> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-12-02 19:18:50 +00:00
%top {
/* Include this before everything else, for various large-file definitions */
#include "config.h"
Windows: Fix warnings using flex Fix some warnings complaining of macro redefinitions with stdint.h. Include stdint.h via wireshark.h everywhere so it stays fixed.
2021-10-17 12:17:47 +00:00
#include <wireshark.h>
Windows: Fix stdint.h redefinition warnings We must include the headers, particulary stdint.h, at the top of scanner.l so that the stdint.h defintions precede flex's own replacements.
2021-10-06 15:03:19 +00:00
#include <stdlib.h>
#include <errno.h>
dfilter: Fix error message with non printable ASCII Before: Filter: http.user_agent == açaí dftest: "�" was unexpected in this context. After: Filter: http.user_agent == açaí dftest: Non-printable ASCII characters may only appear inside double-quotes. Related with #17770.
2022-02-19 17:49:29 +00:00
#include <wsutil/str_util.h>
Windows: Fix stdint.h redefinition warnings We must include the headers, particulary stdint.h, at the top of scanner.l so that the stdint.h defintions precede flex's own replacements.
2021-10-06 15:03:19 +00:00
#include "dfilter-int.h"
#include "syntax-tree.h"
#include "grammar.h"
#include "dfunctions.h"
Include config.h at the very beginning of all Flex scanners. That way, if we #define anything for large file support, that's done before we include any system header files that either depend on that definition or that define it themselves if it's not already defined. Change-Id: I9b07344151103be337899dead44d6960715d6813 Reviewed-on: https://code.wireshark.org/review/19035 Petri-Dish: Guy Harris <guy@alum.mit.edu> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-12-02 19:18:50 +00:00
}
Make the Flex scanners and YACC parser in libraries reentrant. master-branch libpcap now generates a reentrant Flex scanner and Bison/Berkeley YACC parser for capture filter expressions, so it requires versions of Flex and Bison/Berkeley YACC that support that. We might as well do the same. For libwiretap, it means we could actually have multiple K12 text or Ascend/Lucent text files open at the same time. For libwireshark, it might not be as useful, as we only read configuration files at startup (which should only happen once, in one thread) or on demand (in which case, if we ever support multiple threads running libwireshark, we'd need a mutex to ensure that only one file reads it), but it's still the right thing to do. We also require a version of Flex that can write out a header file, so we change the runlex script to generate the header file ourselves. This means we require a version of Flex new enough to support --header-file. Clean up some other stuff encountered in the process. Change-Id: Id23078c6acea549a52fc687779bb55d715b55c16 Reviewed-on: https://code.wireshark.org/review/14719 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-03-31 01:44:01 +00:00
/*
* We want a reentrant scanner.
*/
%option reentrant
Add %option noinput to a bunch of Flex files, as we aren't using the input() routine and thus don't need to have it generated - and as it produces warnings of a routine defined but not used, we don't want to have it generated. Squelch a casting-const-away warning. svn path=/trunk/; revision=47613
2013-02-10 19:13:07 +00:00
/*
* We don't use input, so don't generate code for it.
*/
%option noinput
Back out previous change - I guess the Solaris buildbot has a pre-2.5.30 flex. svn path=/trunk/; revision=36833
2011-04-23 19:03:05 +00:00
/*
* We don't use unput, so don't generate code for it.
*/
%option nounput
/*
Don't include io.h in Flex scanners - they're not interactive. We don't have any Flex scanners that support an interactive command-line interface, so none of our scanners are, or need to be, interactive. Mark text2pcap's scanner as not interactive. That means none of our scanners should call isatty(), so they don't have any need to include <io.h> on Windows; remove that include from the Lucent/Ascent text capture scanner. Update a comment to reflect that what matters isn't whether we can read from a terminal or whether we actually do so, what matters is whether they read *interactively* from a terminal (if you want to run text2pcap reading from the standard input and type at it, be my guest). Change-Id: I59979d1fdb37e1913125a400963ff7a3fa6b9bbd Reviewed-on: https://code.wireshark.org/review/11587 Petri-Dish: Guy Harris <guy@alum.mit.edu> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Guy Harris <guy@alum.mit.edu>
2015-11-05 23:35:04 +00:00
* We don't read interactively from the terminal.
Back out previous change - I guess the Solaris buildbot has a pre-2.5.30 flex. svn path=/trunk/; revision=36833
2011-04-23 19:03:05 +00:00
*/
%option never-interactive
/*
* Prefix scanner routines with "df_" rather than "yy", so this scanner
* can coexist with other scanners.
*/
%option prefix="df_"
Use noyywrap rather than defining our own yywrap functions. Tweak lemonflex-tail.inc to fix an issue this reveals. It appears that, at least on the buildbots, the Visual Studio compiler no longer issues warnings for the code generated with %option noyywrap. Change-Id: Id64d56f1ae8a79d0336488a4a50518da1f511497 Reviewed-on: https://code.wireshark.org/review/12433 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2015-12-05 03:52:51 +00:00
/*
* We're reading from a string, so we don't need yywrap.
*/
%option noyywrap
Make the Flex scanners and YACC parser in libraries reentrant. master-branch libpcap now generates a reentrant Flex scanner and Bison/Berkeley YACC parser for capture filter expressions, so it requires versions of Flex and Bison/Berkeley YACC that support that. We might as well do the same. For libwiretap, it means we could actually have multiple K12 text or Ascend/Lucent text files open at the same time. For libwireshark, it might not be as useful, as we only read configuration files at startup (which should only happen once, in one thread) or on demand (in which case, if we ever support multiple threads running libwireshark, we'd need a mutex to ensure that only one file reads it), but it's still the right thing to do. We also require a version of Flex that can write out a header file, so we change the runlex script to generate the header file ourselves. This means we require a version of Flex new enough to support --header-file. Clean up some other stuff encountered in the process. Change-Id: Id23078c6acea549a52fc687779bb55d715b55c16 Reviewed-on: https://code.wireshark.org/review/14719 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-03-31 01:44:01 +00:00
/*
* The type for the state we keep for a scanner.
*/
%option extra-type="df_scanner_state_t *"
/*
* We have to override the memory allocators so that we don't get
* "unused argument" warnings from the yyscanner argument (which
* we don't use, as we have a global memory allocator).
*
* We provide, as macros, our own versions of the routines generated by Flex,
* which just call malloc()/realloc()/free() (as the Flex versions do),
* discarding the extra argument.
*/
%option noyyalloc
%option noyyrealloc
%option noyyfree
Back out previous change - I guess the Solaris buildbot has a pre-2.5.30 flex. svn path=/trunk/; revision=36833
2011-04-23 19:03:05 +00:00
%{
Grumble, grumble. I forgot to add the license comment at the top of these files. svn path=/trunk/; revision=2968
2001-02-01 20:31:21 +00:00
/*
name change svn path=/trunk/; revision=18197
2006-05-21 05:12:17 +00:00
* Wireshark - Network traffic analyzer
* By Gerald Combs <gerald@wireshark.org>
Grumble, grumble. I forgot to add the license comment at the top of these files. svn path=/trunk/; revision=2968
2001-02-01 20:31:21 +00:00
* Copyright 2001 Gerald Combs
If "!=" or "ne" are used in a display filter, warn the user that the results may be unexpected. svn path=/trunk/; revision=24232
2008-01-31 19:50:38 +00:00
*
spdx: more licenses converted. Change-Id: I3861061ec261e63b23621799e020e811ed78a343 Reviewed-on: https://code.wireshark.org/review/26333 Petri-Dish: Dario Lombardo <lomato@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-03-06 14:31:02 +00:00
* SPDX-License-Identifier: GPL-2.0-or-later
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
*/
Add DIAG_OFF_FLEX and DIAG_ON_FLEX for use in Flex scanners. DIAG_OFF_FLEX turns off all warnings that we want to disable for Flex-generated code due to some versions of Flex generating code that triggers those warnings. DIAG_ON_FLEX restores those warnings, so we do the checks for code that *we* wrote. Use them in .l files. Change-Id: I613a20309a30cd4c61111a1edbe27a5d05fcbf59 Reviewed-on: https://code.wireshark.org/review/25815 Petri-Dish: Guy Harris <guy@alum.mit.edu> Tested-by: Petri Dish Buildbot Reviewed-by: Guy Harris <guy@alum.mit.edu>
2018-02-16 07:17:04 +00:00
/*
* Disable diagnostics in the code generated by Flex.
*/
DIAG_OFF_FLEX
Bug 2493: Fix (Part 3 of 3): To prevent Windows compiler errors when using flex 2.5.35. Ignore 'signed /unsigned mismatch' warnings svn path=/trunk/; revision=25174
2008-04-25 18:26:54 +00:00
dfilter: Create the syntax node in the scanner and pass that Revert to passing a syntax node from the lexical scanner to the grammar parser. Using a union is not having a discernible advantage and requires duplicating a lot of properties of syntax nodes.
2022-04-07 23:12:56 +00:00
stnode_t *df_lval;
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
dfilter: Add location tracking to scanner and use it to report errors Add location tracking as a column offset and length from offset to the scanner. Our input is a single line only so we don't need to track line offset. Record that information in the syntax tree. Return the error location in dfilter_compile(). Use it in dftest to mark the location of the error in the filter string. Later it would be nice to use the location in the GUI as well. $ dftest "ip.proto == aaaaaa and tcp.port == 123" Filter: ip.proto == aaaaaa and tcp.port == 123 dftest: "aaaaaa" cannot be found among the possible values for ip.proto. ip.proto == aaaaaa and tcp.port == 123 ^~~~~~
2022-04-07 12:57:39 +00:00
static int set_lval_simple(df_scanner_state_t *state, int token, const char *token_value, sttype_id_t type_id);
#define simple(token) (update_location(yyextra, yytext), set_lval_simple(yyextra, token, yytext, STTYPE_UNINITIALIZED))
#define test(token) (update_location(yyextra, yytext), set_lval_simple(yyextra, token, yytext, STTYPE_TEST))
#define math(token) (update_location(yyextra, yytext), set_lval_simple(yyextra, token, yytext, STTYPE_ARITHMETIC))
dfilter: Create the syntax node in the scanner and pass that Revert to passing a syntax node from the lexical scanner to the grammar parser. Using a union is not having a discernible advantage and requires duplicating a lot of properties of syntax nodes.
2022-04-07 23:12:56 +00:00
dfilter: Cleanup scanner value setters
2022-07-03 21:33:29 +00:00
static int set_lval_literal(df_scanner_state_t *state, const char *token_value);
static int set_lval_unparsed(df_scanner_state_t *state, const char *token_value);
static int set_lval_quoted_string(df_scanner_state_t *state, GString *quoted_string);
static int set_lval_charconst(df_scanner_state_t *state, GString *quoted_string);
static int set_lval_field(df_scanner_state_t *state, const char *token_value);
dfilter: Add location tracking to scanner and use it to report errors Add location tracking as a column offset and length from offset to the scanner. Our input is a single line only so we don't need to track line offset. Record that information in the syntax tree. Return the error location in dfilter_compile(). Use it in dftest to mark the location of the error in the filter string. Later it would be nice to use the location in the GUI as well. $ dftest "ip.proto == aaaaaa and tcp.port == 123" Filter: ip.proto == aaaaaa and tcp.port == 123 dftest: "aaaaaa" cannot be found among the possible values for ip.proto. ip.proto == aaaaaa and tcp.port == 123 ^~~~~~
2022-04-07 12:57:39 +00:00
static gboolean append_escaped_char(df_scanner_state_t *state, GString *str, char c);
dfilter: Add support for unicode escape sequences Add support for entering unicode codepoints as \uNNNN or \uNNNNNNNN for strings and charconsts (following the C standard).
2022-06-20 21:05:48 +00:00
static gboolean append_universal_character_name(df_scanner_state_t *state, GString *str, const char *ucn);
dfilter: Add location tracking to scanner and use it to report errors Add location tracking as a column offset and length from offset to the scanner. Our input is a single line only so we don't need to track line offset. Record that information in the syntax tree. Return the error location in dfilter_compile(). Use it in dftest to mark the location of the error in the filter string. Later it would be nice to use the location in the GUI as well. $ dftest "ip.proto == aaaaaa and tcp.port == 123" Filter: ip.proto == aaaaaa and tcp.port == 123 dftest: "aaaaaa" cannot be found among the possible values for ip.proto. ip.proto == aaaaaa and tcp.port == 123 ^~~~~~
2022-04-07 12:57:39 +00:00
static gboolean parse_charconst(df_scanner_state_t *state, const char *s, unsigned long *valuep);
static void update_location(df_scanner_state_t *state, const char *text);
static void update_string_loc(df_scanner_state_t *state, const char *text);
#define FAIL(...) dfilter_fail(yyextra->dfw, &yyextra->location, __VA_ARGS__)
Add to the fundamental types passed between the scanner and the parser. Besides "STRING", there is now "UNPARSED_STRING", where the distinction is that "STRING" was a double-quoted string and "UNPARSED_STRING" is just a sequence of characters that the scanner didn't know how to scan/parse, so it's up to the Ftype to parse it. This gives us more flexibility and prepares the dfilter parsing engine for the upcoming addition of the "contains" operator. In the process of doing this, I also re-did the double-quoted string support in the scanner, so that instead of the naively-simple support we used to have, double-quoted strings now can have embedded dobule-quotes, embedded octal sequences, and embedded hexadecimal sequences: "\"" embedded double-quote "\110" embedded octal "\x48" embedded hex Enhance the dfilter unit test script to be able to run a single collection of tests instead of having to run all of them all the time. svn path=/trunk/; revision=8083
2003-07-25 03:44:05 +00:00
Make the Flex scanners and YACC parser in libraries reentrant. master-branch libpcap now generates a reentrant Flex scanner and Bison/Berkeley YACC parser for capture filter expressions, so it requires versions of Flex and Bison/Berkeley YACC that support that. We might as well do the same. For libwiretap, it means we could actually have multiple K12 text or Ascend/Lucent text files open at the same time. For libwireshark, it might not be as useful, as we only read configuration files at startup (which should only happen once, in one thread) or on demand (in which case, if we ever support multiple threads running libwireshark, we'd need a mutex to ensure that only one file reads it), but it's still the right thing to do. We also require a version of Flex that can write out a header file, so we change the runlex script to generate the header file ourselves. This means we require a version of Flex new enough to support --header-file. Clean up some other stuff encountered in the process. Change-Id: Id23078c6acea549a52fc687779bb55d715b55c16 Reviewed-on: https://code.wireshark.org/review/14719 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-03-31 01:44:01 +00:00
/*
* Sleazy hack to suppress compiler warnings in yy_fatal_error().
*/
#define YY_EXIT_FAILURE ((void)yyscanner, 2)
/*
* Macros for the allocators, to discard the extra argument.
*/
#define df_alloc(size, yyscanner) (void *)malloc(size)
#define df_realloc(ptr, size, yyscanner) (void *)realloc((char *)(ptr), (size))
#define df_free(ptr, yyscanner) free((char *)ptr)
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
%}
dfilter: Create the syntax node in the scanner and pass that Revert to passing a syntax node from the lexical scanner to the grammar parser. Using a union is not having a discernible advantage and requires duplicating a lot of properties of syntax nodes.
2022-04-07 23:12:56 +00:00
Identifier [[:alnum:]_][[:alnum:]_-]*(\.[[:alnum:]_-]+)*
dfilter: Allow arithmetic expressions without spaces To allow an arithmetic expressions without spaces, such as "1+2", we cannot match the expression in other lexical rules using "+". Because of longest match this becomes the token LITERAL or UNPARSED with semantic value "1+2". The same goes for all the other arithmetic operators. So we need to remove [+-*/%] from "word chars" and add very specific patterns (that won't mistakenly match an arithmetic expression) for those literal or unparsed tokens we want to support using these characters. The plus was not a problem but right slash is used for CIDR, minus for mac address separator, etc. There are still some corner case. 11-22-33-44-55-66 is a mac address and not the arithmetic expression with six terms "eleven minus twenty two minus etc." (if we ever support more than two terms in the grammar, which we don't currently). We lift some patterns from the flex manual to match on IPv4 and IPv6 (ugly) and add MAC address. Other hypothetical literal lexical values using [+-*/%] are already supported enclosed in angle brackets but the cases of MAC/IPv4/IPv6 are are very common and moreover we need to do the utmost to not break backward compatibily here. Before: $ dftest "_ws.ftypes.int32 == 1+2" dftest: "1+2" is not a valid number. After: $ dftest "_ws.ftypes.int32 == 1+2" Filter: _ws.ftypes.int32 == 1+2 Instructions: 00000 READ_TREE _ws.ftypes.int32 -> reg#0 00001 IF_FALSE_GOTO 4 00002 ADD 1 <FT_INT32> + 2 <FT_INT32> -> reg#1 00003 ANY_EQ reg#0 == reg#1 00004 RETURN
2022-04-04 18:58:35 +00:00
hex2 [[:xdigit:]]{2}
MacAddress {hex2}:{hex2}:{hex2}:{hex2}:{hex2}:{hex2}|{hex2}-{hex2}-{hex2}-{hex2}-{hex2}-{hex2}|{hex2}\.{hex2}\.{hex2}\.{hex2}\.{hex2}\.{hex2}
hex4 [[:xdigit:]]{4}
QuadMacAddress {hex4}\.{hex4}\.{hex4}
dec-octet [0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]
IPv4address {dec-octet}\.{dec-octet}\.{dec-octet}\.{dec-octet}
h16 [0-9A-Fa-f]{1,4}
ls32 {h16}:{h16}|{IPv4address}
IPv6address ({h16}:){6}{ls32}|::({h16}:){5}{ls32}|({h16})?::({h16}:){4}{ls32}|(({h16}:){0,1}{h16})?::({h16}:){3}{ls32}|(({h16}:){0,2}{h16})?::({h16}:){2}{ls32}|(({h16}:){0,3}{h16})?::{h16}:{ls32}|(({h16}:){0,4}{h16})?::{ls32}|(({h16}:){0,5}{h16})?::{h16}|(({h16}:){0,6}{h16})?::
v4-cidr-prefix \/[[:digit:]]{1,2}
v6-cidr-prefix \/[[:digit:]]{1,3}
dfilter: Add special syntax for literals and names The syntax for protocols and some literals like numbers and bytes/addresses can be ambiguous. Some protocols can be parsed as a literal, for example the protocol "fc" (Fibre Channel) can be parsed as 0xFC. If a numeric protocol is registered that will also take precedence over any literal, according to the current rules, thereby breaking numerical comparisons to that number. The same for an hypothetical protocol named "true", etc. To allow the user to disambiguate this meaning introduce new syntax. Any value prefixed with ':' or enclosed in <,> will be treated as a literal value only. The value :fc or <fc> will always mean 0xFC, under any context. Never a protocol whose filter name is "fc". Likewise any value prefixed with a dot will always be parsed as an identifier (protocol or protocol field) in the language. Never any literal value parsed from the token "fc". This allows the user to be explicit about the meaning, and between the two explicit methods plus the ambiguous one it doesn't completely break any one meaning. The difference can be seen in the following two programs: Filter: frame == fc Constants: Instructions: 00000 READ_TREE frame -> reg#0 00001 IF-FALSE-GOTO 5 00002 READ_TREE fc -> reg#1 00003 IF-FALSE-GOTO 5 00004 ANY_EQ reg#0 == reg#1 00005 RETURN -------- Filter: frame == :fc Constants: 00000 PUT_FVALUE fc <FT_PROTOCOL> -> reg#1 Instructions: 00000 READ_TREE frame -> reg#0 00001 IF-FALSE-GOTO 3 00002 ANY_EQ reg#0 == reg#1 00003 RETURN The filter "frame == fc" is the same as "filter == .fc", according to the current heuristic, except the first form will try to parse it as a literal if the name does not correspond to any registered protocol. By treating a leading dot as a name in the language we necessarily disallow writing floats with a leading dot. We will also disallow writing with an ending dot when using unparsed values. This is a backward incompatibility but has the happy side effect of making the expression {1...2} unambiguous. This could either mean "1 .. .2" or "1. .. 2". If we require a leading and ending digit then the meaning is clear: 1.0..0.2 -> 1.0 .. 0.2 Fixes #17731.
2022-02-22 21:55:05 +00:00
dfilter: Remove leading colon special meaning Instead of saying a leading colon will make any token a literal value, say it is part of the syntax of bytes arrays. This is useful to write bytes without a separator, and other potentially ambiguous formats. The restriction in meaning to bytes and simple numeric values should make the rules for handling a leading colon (specifically ommiting it or not) saner without much loss of functionality.
2022-04-06 19:55:17 +00:00
colon-bytes {hex2}(:{hex2})+
dot-bytes {hex2}(\.{hex2})+
hyphen-bytes {hex2}(-{hex2})+
dfilter: Parse ranges in the drange node constructor Using a hand written tokenizer is simpler than using flex start conditions. Do the validation in the drange node constructor. Add validation for malformed ranges with different endpoint signs.
2021-10-25 20:27:40 +00:00
%x RANGE
dfilter: Add syntax to match specific layers in the protocol stack Add support to display filters for matching a specific layer within a frame. Layers are counted sequentially up the protocol stack. Each protocol (dissector) that appears in the stack is one layer. LINK-LAYER#1 <-> IP#1 <-> TCP#1 <-> IP#2 <-> TCP#2 <-> etc. The syntax allows for negative indexes and ranges with the usual semantics for slices (but note that counting starts at one): tcp.port#[2-4] == 1024 Matches layers 2 to 4 inclusive. Fixes #3791.
2022-04-09 22:03:40 +00:00
%x LAYER
Add to the fundamental types passed between the scanner and the parser. Besides "STRING", there is now "UNPARSED_STRING", where the distinction is that "STRING" was a double-quoted string and "UNPARSED_STRING" is just a sequence of characters that the scanner didn't know how to scan/parse, so it's up to the Ftype to parse it. This gives us more flexibility and prepares the dfilter parsing engine for the upcoming addition of the "contains" operator. In the process of doing this, I also re-did the double-quoted string support in the scanner, so that instead of the naively-simple support we used to have, double-quoted strings now can have embedded dobule-quotes, embedded octal sequences, and embedded hexadecimal sequences: "\"" embedded double-quote "\110" embedded octal "\x48" embedded hex Enhance the dfilter unit test script to be able to run a single collection of tests instead of having to run all of them all the time. svn path=/trunk/; revision=8083
2003-07-25 03:44:05 +00:00
%x DQUOTE
Improve support for single-character fields and filter expressions. Add an FT_CHAR type, which is like FT_UINT8 except that the value is displayed as a C-style character constant. Allow use of C-style character constants in filter expressions; they can be used in comparisons with all integral types, and in "contains" operators. Use that type for some fields that appear (based on the way they're displayed, or on the use of C-style character constants in their value_string tables) to be 1-byte characters rather than 8-bit numbers. Change-Id: I39a9f0dda0bd7f4fa02a9ca8373216206f4d7135 Reviewed-on: https://code.wireshark.org/review/17787 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-09-19 01:48:50 +00:00
%x SQUOTE
dfilter: Refactor macro tree references This replaces the current macro reference system with a completely different implementation. Instead of a macro a reference is a syntax element. A reference is a constant that can be filled in the dfilter code after compilation from an existing protocol tree. It is best understood as a field value that can be read from a fixed tree that is not the frame being filtered. Usually this fixed tree is the currently selected frame when the filter is applied. This allows comparing fields in the filtered frame with fields in the selected frame. Because the field reference syntax uses the same sigil notation as a macro we have to use a heuristic to distinguish them: if the name has a dot it is a field reference, otherwise it is a macro name. The reference is synctatically validated at compile time. There are two main advantages to this implementation (and a couple of minor ones): The protocol tree for each selected frame is only walked if we have a display filter and if the display filter uses references. Also only the actual reference values are copied, intead of loading the entire tree into a hash table (in textual form even). The other advantage is that the reference is tested like a protocol field against all the values in the selected frame (if there is more than one). Currently the reference fields are not "primed" during dissection, so the entire tree is walked to find a particular reference (this is similar to the previous implementation). If the display filter contains a valid reference and the reference is not loaded at the time the filter is run the result is the same as a non existing field for a regular READ_TREE instruction. Fixes #17599.
2022-03-27 14:26:46 +00:00
%x REFERENCE
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
%%
dfilter: treat carriage returns as whitespace Fixes #18595
2022-11-03 17:31:29 +00:00
[[:blank:]\n\r]+ {
dfilter: Add location tracking to scanner and use it to report errors Add location tracking as a column offset and length from offset to the scanner. Our input is a single line only so we don't need to track line offset. Record that information in the syntax tree. Return the error location in dfilter_compile(). Use it in dftest to mark the location of the error in the filter string. Later it would be nice to use the location in the GUI as well. $ dftest "ip.proto == aaaaaa and tcp.port == 123" Filter: ip.proto == aaaaaa and tcp.port == 123 dftest: "aaaaaa" cannot be found among the possible values for ip.proto. ip.proto == aaaaaa and tcp.port == 123 ^~~~~~
2022-04-07 12:57:39 +00:00
update_location(yyextra, yytext);
}
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
dfilter: Use lower case for a macro name Just a stylistic change.
2021-10-29 14:59:39 +00:00
"(" return simple(TOKEN_LPAREN);
")" return simple(TOKEN_RPAREN);
dfilter: Remove deprecated support for whitespace separator in sets
2021-10-25 17:33:17 +00:00
"," return simple(TOKEN_COMMA);
"{" return simple(TOKEN_LBRACE);
".." return simple(TOKEN_DOTDOT);
"}" return simple(TOKEN_RBRACE);
dfilter: Add layer support for references This adds support for using the layers filter with field references. Before: $ dftest 'ip.src != ${ip.src#2}' dftest: invalid character in macro name After: $ dftest 'ip.src != ${ip.src#2}' Filter: ip.src != ${ip.src#2} Syntax tree: 0 TEST_ALL_NE: 1 FIELD(ip.src <FT_IPv4>) 1 REFERENCE(ip.src#[2:1] <FT_IPv4>) Instructions: 00000 READ_TREE ip.src <FT_IPv4> -> reg#0 00001 IF_FALSE_GOTO 5 00002 READ_REFERENCE_R ${ip.src <FT_IPv4>} #[2:1] -> reg#1 00003 IF_FALSE_GOTO 5 00004 ALL_NE reg#0 != reg#1 00005 RETURN This requires adding another level of complexity to references. When loading references we need to copy the 'proto_layer_num' and add the logic to filter on that. The "layer" sttype is removed and replace by a new field sttype with support for a range. This is a nice cleanup for the semantic check and general simplification. The grammar is better too with this design. Range sttype is renamed to slice for clarity.
2022-06-23 23:07:42 +00:00
"$" return simple(TOKEN_DOLLAR);
dfilter: Add support for raw (bytes) addressing mode This adds new syntax to read a field from the tree as bytes, instead of the actual type. This is a useful extension for example to match matformed strings that contain unicode replacement characters. In this case it is not possible to match the raw value of the malformed string field. This extension fills this need and is generic enough that it should be useful in many other situations. The syntax used is to prefix the field name with "@". The following artificial example tests if the HTTP user agent contains a particular invalid UTF-8 sequence: @http.user_agent == "Mozill\xAA" Where simply using "http.user_agent" won't work because the invalid byte sequence will have been replaced with U+FFFD. Considering the following programs: $ dftest '_ws.ftypes.string == "ABC"' Filter: _ws.ftypes.string == "ABC" Syntax tree: 0 TEST_ANY_EQ: 1 FIELD(_ws.ftypes.string <FT_STRING>) 1 FVALUE("ABC" <FT_STRING>) Instructions: 00000 READ_TREE _ws.ftypes.string <FT_STRING> -> reg#0 00001 IF_FALSE_GOTO 3 00002 ANY_EQ reg#0 == "ABC" <FT_STRING> 00003 RETURN $ dftest '@_ws.ftypes.string == "ABC"' Filter: @_ws.ftypes.string == "ABC" Syntax tree: 0 TEST_ANY_EQ: 1 FIELD(_ws.ftypes.string <RAW>) 1 FVALUE(41:42:43 <FT_BYTES>) Instructions: 00000 READ_TREE @_ws.ftypes.string <FT_BYTES> -> reg#0 00001 IF_FALSE_GOTO 3 00002 ANY_EQ reg#0 == 41:42:43 <FT_BYTES> 00003 RETURN In the second case the field has a "raw" type, that equates directly to FT_BYTES, and the field value is read from the protocol raw data.
2022-10-25 03:20:18 +00:00
"@" return simple(TOKEN_ATSIGN);
dfilter: Add support for universal quantifiers Adds the keywords "any" and "all" to implement the quantification to any existing relational operator. Filter: all tcp.port in {100, 2000..3000} Syntax tree: 0 ALL TEST_IN: 1 FIELD(tcp.port) 1 SET(#2): 2 FVALUE(100 <FT_UINT16>) 2 FVALUE(2000 <FT_UINT16>) .. FVALUE(3000 <FT_UINT16>) Instructions: 00000 READ_TREE tcp.port -> reg#0 00001 IF_FALSE_GOTO 5 00002 ALL_EQ reg#0 === 100 <FT_UINT16> 00003 IF_TRUE_GOTO 5 00004 ALL_IN_RANGE reg#0 in { 2000 <FT_UINT16> .. 3000 <FT_UINT16> } 00005 RETURN
2022-04-19 23:04:05 +00:00
"any" return simple(TOKEN_ANY);
"all" return simple(TOKEN_ALL);
dfilter: Create the syntax node in the scanner and pass that Revert to passing a syntax node from the lexical scanner to the grammar parser. Using a union is not having a discernible advantage and requires duplicating a lot of properties of syntax nodes.
2022-04-07 23:12:56 +00:00
"==" return test(TOKEN_TEST_ANY_EQ);
"eq" return test(TOKEN_TEST_ANY_EQ);
"any_eq" return test(TOKEN_TEST_ANY_EQ);
"!=" return test(TOKEN_TEST_ALL_NE);
"ne" return test(TOKEN_TEST_ALL_NE);
"all_ne" return test(TOKEN_TEST_ALL_NE);
"===" return test(TOKEN_TEST_ALL_EQ);
"all_eq" return test(TOKEN_TEST_ALL_EQ);
"!==" return test(TOKEN_TEST_ANY_NE);
dfilter: Deprecate "~=" (any_ne) The representation "~= has been superseded by "!==" with the same meaning, making it superfluous and somewhat confusing. Deprecate "~=" and recommend "!==" instead.
2022-03-05 12:30:34 +00:00
"~=" {
add_deprecated_token(yyextra->dfw, "The operator \"~=\" is deprecated, use \"!==\" instead.");
dfilter: Create the syntax node in the scanner and pass that Revert to passing a syntax node from the lexical scanner to the grammar parser. Using a union is not having a discernible advantage and requires duplicating a lot of properties of syntax nodes.
2022-04-07 23:12:56 +00:00
return test(TOKEN_TEST_ANY_NE);
}
"any_ne" return test(TOKEN_TEST_ANY_NE);
">" return test(TOKEN_TEST_GT);
"gt" return test(TOKEN_TEST_GT);
">=" return test(TOKEN_TEST_GE);
"ge" return test(TOKEN_TEST_GE);
"<" return test(TOKEN_TEST_LT);
"lt" return test(TOKEN_TEST_LT);
"<=" return test(TOKEN_TEST_LE);
"le" return test(TOKEN_TEST_LE);
"contains" return test(TOKEN_TEST_CONTAINS);
"~" return test(TOKEN_TEST_MATCHES);
"matches" return test(TOKEN_TEST_MATCHES);
"!" return test(TOKEN_TEST_NOT);
"not" return test(TOKEN_TEST_NOT);
"&&" return test(TOKEN_TEST_AND);
"and" return test(TOKEN_TEST_AND);
"||" return test(TOKEN_TEST_OR);
"or" return test(TOKEN_TEST_OR);
"in" return test(TOKEN_TEST_IN);
"+" return math(TOKEN_PLUS);
"-" return math(TOKEN_MINUS);
"*" return math(TOKEN_STAR);
"/" return math(TOKEN_RSLASH);
"%" return math(TOKEN_PERCENT);
"&" return math(TOKEN_BITWISE_AND);
"bitwise_and" return math(TOKEN_BITWISE_AND);
dfilter: Refactor macro tree references This replaces the current macro reference system with a completely different implementation. Instead of a macro a reference is a syntax element. A reference is a constant that can be filled in the dfilter code after compilation from an existing protocol tree. It is best understood as a field value that can be read from a fixed tree that is not the frame being filtered. Usually this fixed tree is the currently selected frame when the filter is applied. This allows comparing fields in the filtered frame with fields in the selected frame. Because the field reference syntax uses the same sigil notation as a macro we have to use a heuristic to distinguish them: if the name has a dot it is a field reference, otherwise it is a macro name. The reference is synctatically validated at compile time. There are two main advantages to this implementation (and a couple of minor ones): The protocol tree for each selected frame is only walked if we have a display filter and if the display filter uses references. Also only the actual reference values are copied, intead of loading the entire tree into a hash table (in textual form even). The other advantage is that the reference is tested like a protocol field against all the values in the selected frame (if there is more than one). Currently the reference fields are not "primed" during dissection, so the entire tree is walked to find a particular reference (this is similar to the previous implementation). If the display filter contains a valid reference and the reference is not loaded at the time the filter is run the result is the same as a non existing field for a regular READ_TREE instruction. Fixes #17599.
2022-03-27 14:26:46 +00:00
dfilter: Add syntax to match specific layers in the protocol stack Add support to display filters for matching a specific layer within a frame. Layers are counted sequentially up the protocol stack. Each protocol (dissector) that appears in the stack is one layer. LINK-LAYER#1 <-> IP#1 <-> TCP#1 <-> IP#2 <-> TCP#2 <-> etc. The syntax allows for negative indexes and ranges with the usual semantics for slices (but note that counting starts at one): tcp.port#[2-4] == 1024 Matches layers 2 to 4 inclusive. Fixes #3791.
2022-04-09 22:03:40 +00:00
"#" {
BEGIN(LAYER);
return simple(TOKEN_HASH);
}
<LAYER>[[:digit:]]+ {
BEGIN(INITIAL);
update_location(yyextra, yytext);
return set_lval_simple(yyextra, TOKEN_INTEGER, yytext, STTYPE_UNINITIALIZED);
}
<LAYER>[^[:digit:][] {
update_location(yyextra, yytext);
FAIL("Expected digit or \"[\", not \"%s\"", yytext);
return SCAN_FAILED;
}
<INITIAL,LAYER>"[" {
dfilter: Parse ranges in the drange node constructor Using a hand written tokenizer is simpler than using flex start conditions. Do the validation in the drange node constructor. Add validation for malformed ranges with different endpoint signs.
2021-10-25 20:27:40 +00:00
BEGIN(RANGE);
dfilter: Use lower case for a macro name Just a stylistic change.
2021-10-29 14:59:39 +00:00
return simple(TOKEN_LBRACKET);
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
}
dfilter: Parse ranges in the drange node constructor Using a hand written tokenizer is simpler than using flex start conditions. Do the validation in the drange node constructor. Add validation for malformed ranges with different endpoint signs.
2021-10-25 20:27:40 +00:00
<RANGE>[^],]+ {
dfilter: Add location tracking to scanner and use it to report errors Add location tracking as a column offset and length from offset to the scanner. Our input is a single line only so we don't need to track line offset. Record that information in the syntax tree. Return the error location in dfilter_compile(). Use it in dftest to mark the location of the error in the filter string. Later it would be nice to use the location in the GUI as well. $ dftest "ip.proto == aaaaaa and tcp.port == 123" Filter: ip.proto == aaaaaa and tcp.port == 123 dftest: "aaaaaa" cannot be found among the possible values for ip.proto. ip.proto == aaaaaa and tcp.port == 123 ^~~~~~
2022-04-07 12:57:39 +00:00
update_location(yyextra, yytext);
dfilter: Remove STTYPE_RANGE_NODE STTYPE_RANGE_NODE is just a lexical token, it is not used withi the syntax tree so remove it.
2022-06-25 13:20:21 +00:00
return set_lval_simple(yyextra, TOKEN_RANGE_NODE, yytext, STTYPE_UNINITIALIZED);
Enable slices of [i-j], where i is start offset and j is end offset, inclusive. That is, [0-1] is a slice of 2 bytes. svn path=/trunk/; revision=3092
2001-03-02 17:04:25 +00:00
}
dfilter: Parse ranges in the drange node constructor Using a hand written tokenizer is simpler than using flex start conditions. Do the validation in the drange node constructor. Add validation for malformed ranges with different endpoint signs.
2021-10-25 20:27:40 +00:00
<RANGE>"," {
dfilter: Use lower case for a macro name Just a stylistic change.
2021-10-29 14:59:39 +00:00
return simple(TOKEN_COMMA);
Enable slices of [i-j], where i is start offset and j is end offset, inclusive. That is, [0-1] is a slice of 2 bytes. svn path=/trunk/; revision=3092
2001-03-02 17:04:25 +00:00
}
dfilter: Parse ranges in the drange node constructor Using a hand written tokenizer is simpler than using flex start conditions. Do the validation in the drange node constructor. Add validation for malformed ranges with different endpoint signs.
2021-10-25 20:27:40 +00:00
<RANGE>"]" {
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
BEGIN(INITIAL);
dfilter: Use lower case for a macro name Just a stylistic change.
2021-10-29 14:59:39 +00:00
return simple(TOKEN_RBRACKET);
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
}
dfilter: Parse ranges in the drange node constructor Using a hand written tokenizer is simpler than using flex start conditions. Do the validation in the drange node constructor. Add validation for malformed ranges with different endpoint signs.
2021-10-25 20:27:40 +00:00
<RANGE><<EOF>> {
dfilter: Add location tracking to scanner and use it to report errors Add location tracking as a column offset and length from offset to the scanner. Our input is a single line only so we don't need to track line offset. Record that information in the syntax tree. Return the error location in dfilter_compile(). Use it in dftest to mark the location of the error in the filter string. Later it would be nice to use the location in the GUI as well. $ dftest "ip.proto == aaaaaa and tcp.port == 123" Filter: ip.proto == aaaaaa and tcp.port == 123 dftest: "aaaaaa" cannot be found among the possible values for ip.proto. ip.proto == aaaaaa and tcp.port == 123 ^~~~~~
2022-04-07 12:57:39 +00:00
update_location(yyextra, yytext);
FAIL("The right bracket was missing from a slice.");
dfilter: Parse ranges in the drange node constructor Using a hand written tokenizer is simpler than using flex start conditions. Do the validation in the drange node constructor. Add validation for malformed ranges with different endpoint signs.
2021-10-25 20:27:40 +00:00
return SCAN_FAILED;
From Graeme Hewson: Use gint32 instead of guint32 and strtol() instead of strtoul() for signed integers. Pathological slice specifications could cause Flex default rule to be invoked, echoing characters to stdout. Example: frame[0foo]==1 svn path=/trunk/; revision=11082
2004-06-03 07:17:24 +00:00
}
dfilter: Add support for raw strings Add support for a literal string specification copied from Python raw strings[1]. Raw string literals are enclosed with r"..." or R"...". Double quotes can be include in the string but they must be escaped with backslash. In escape sequences backslashes are preserved in the final result. So for example the string "a\\\"b" is the same as r"a\"b". r"\\\a" is the same as "\\\\\\a". Raw strings should be used for convenience wherever a regular expression is used in a display filter expression. [1]https://docs.python.org/3/reference/lexical_analysis.html#string-and-bytes-literals
2021-05-30 02:38:12 +00:00
[rR]{0,1}\042 {
Improve support for single-character fields and filter expressions. Add an FT_CHAR type, which is like FT_UINT8 except that the value is displayed as a C-style character constant. Allow use of C-style character constants in filter expressions; they can be used in comparisons with all integral types, and in "contains" operators. Use that type for some fields that appear (based on the way they're displayed, or on the use of C-style character constants in their value_string tables) to be 1-byte characters rather than 8-bit numbers. Change-Id: I39a9f0dda0bd7f4fa02a9ca8373216206f4d7135 Reviewed-on: https://code.wireshark.org/review/17787 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-09-19 01:48:50 +00:00
/* start quote of a quoted string */
dfilter: Free a scanner string earlier
2021-10-31 15:52:05 +00:00
/*
* The example of how to scan for strings was taken from
* the flex manual, from the section "Start Conditions".
* See: https://westes.github.io/flex/manual/Start-Conditions.html
*/
Add to the fundamental types passed between the scanner and the parser. Besides "STRING", there is now "UNPARSED_STRING", where the distinction is that "STRING" was a double-quoted string and "UNPARSED_STRING" is just a sequence of characters that the scanner didn't know how to scan/parse, so it's up to the Ftype to parse it. This gives us more flexibility and prepares the dfilter parsing engine for the upcoming addition of the "contains" operator. In the process of doing this, I also re-did the double-quoted string support in the scanner, so that instead of the naively-simple support we used to have, double-quoted strings now can have embedded dobule-quotes, embedded octal sequences, and embedded hexadecimal sequences: "\"" embedded double-quote "\110" embedded octal "\x48" embedded hex Enhance the dfilter unit test script to be able to run a single collection of tests instead of having to run all of them all the time. svn path=/trunk/; revision=8083
2003-07-25 03:44:05 +00:00
BEGIN(DQUOTE);
dfilter: Add location tracking to scanner and use it to report errors Add location tracking as a column offset and length from offset to the scanner. Our input is a single line only so we don't need to track line offset. Record that information in the syntax tree. Return the error location in dfilter_compile(). Use it in dftest to mark the location of the error in the filter string. Later it would be nice to use the location in the GUI as well. $ dftest "ip.proto == aaaaaa and tcp.port == 123" Filter: ip.proto == aaaaaa and tcp.port == 123 dftest: "aaaaaa" cannot be found among the possible values for ip.proto. ip.proto == aaaaaa and tcp.port == 123 ^~~~~~
2022-04-07 12:57:39 +00:00
update_location(yyextra, yytext);
yyextra->string_loc = yyextra->location;
dfilter: Add support for literal strings with null bytes Before: Filter: frame matches "abc\x00def" dftest: \x00 (NUL byte) cannot be used with a regular string. frame matches "abc\x00def" ^~~~ Filter: _ws.ftypes.string == "a string with a \0 byte" dftest: \0 (NUL byte) cannot be used with a regular string. _ws.ftypes.string == "a string with a \0 byte" ^~ After: Filter: frame matches "abc\x00def" Syntax tree: 0 TEST_MATCHES: 1 FIELD(frame) 1 PCRE(abc\0def) Instructions: 00000 READ_TREE frame -> reg#0 00001 IF_FALSE_GOTO 3 00002 ANY_MATCHES reg#0 matches abc\0def 00003 RETURN Filter: _ws.ftypes.string == "a string with a \0 byte" Syntax tree: 0 TEST_ANY_EQ: 1 FIELD(_ws.ftypes.string) 1 FVALUE("a string with a \0 byte" <FT_STRING>) Instructions: 00000 READ_TREE _ws.ftypes.string -> reg#0 00001 IF_FALSE_GOTO 3 00002 ANY_EQ reg#0 == "a string with a \0 byte" <FT_STRING> 00003 RETURN Fixes issue #16156.
2022-06-18 09:43:24 +00:00
yyextra->quoted_string = g_string_new(NULL);
dfilter: Free a scanner string earlier
2021-10-31 15:52:05 +00:00
dfilter: Add support for raw strings Add support for a literal string specification copied from Python raw strings[1]. Raw string literals are enclosed with r"..." or R"...". Double quotes can be include in the string but they must be escaped with backslash. In escape sequences backslashes are preserved in the final result. So for example the string "a\\\"b" is the same as r"a\"b". r"\\\a" is the same as "\\\\\\a". Raw strings should be used for convenience wherever a regular expression is used in a display filter expression. [1]https://docs.python.org/3/reference/lexical_analysis.html#string-and-bytes-literals
2021-05-30 02:38:12 +00:00
if (yytext[0] == 'r' || yytext[0] == 'R') {
/*
* This is a raw string (like in Python). Rules: 1) The two
* escape sequences are \\ and \". 2) Backslashes are
* preserved. 3) Double quotes in the string must be escaped.
* Corollary: Strings cannot end with an odd number of
* backslashes.
* Example: r"a\b\x12\"\\" is the string (including the implicit NUL terminator)
* {'a', '\\', 'b', '\\', 'x', '1', '2', '\\', '"', '\\'. '\\', '\0'}
*/
yyextra->raw_string = TRUE;
}
else {
yyextra->raw_string = FALSE;
}
Add to the fundamental types passed between the scanner and the parser. Besides "STRING", there is now "UNPARSED_STRING", where the distinction is that "STRING" was a double-quoted string and "UNPARSED_STRING" is just a sequence of characters that the scanner didn't know how to scan/parse, so it's up to the Ftype to parse it. This gives us more flexibility and prepares the dfilter parsing engine for the upcoming addition of the "contains" operator. In the process of doing this, I also re-did the double-quoted string support in the scanner, so that instead of the naively-simple support we used to have, double-quoted strings now can have embedded dobule-quotes, embedded octal sequences, and embedded hexadecimal sequences: "\"" embedded double-quote "\110" embedded octal "\x48" embedded hex Enhance the dfilter unit test script to be able to run a single collection of tests instead of having to run all of them all the time. svn path=/trunk/; revision=8083
2003-07-25 03:44:05 +00:00
}
Use -1 rather than 0 as the SCAN_FAILED return value from the lexical analyzer on errors, and check for SCAN_FAILED from the lexical analyzer and abort the parse if we see it; 0 means "end of input", and we want to distinguish errors from end-of-input, so that we can report errors as such. If we see end-of-input while parsing a double-quoted string, report the error (missing closing quote). Fix the URL for the "Start conditions" section of the Flex manual. svn path=/trunk/; revision=10044
2004-02-11 22:52:54 +00:00
<DQUOTE><<EOF>> {
/* unterminated string */
dfilter: Add location tracking to scanner and use it to report errors Add location tracking as a column offset and length from offset to the scanner. Our input is a single line only so we don't need to track line offset. Record that information in the syntax tree. Return the error location in dfilter_compile(). Use it in dftest to mark the location of the error in the filter string. Later it would be nice to use the location in the GUI as well. $ dftest "ip.proto == aaaaaa and tcp.port == 123" Filter: ip.proto == aaaaaa and tcp.port == 123 dftest: "aaaaaa" cannot be found among the possible values for ip.proto. ip.proto == aaaaaa and tcp.port == 123 ^~~~~~
2022-04-07 12:57:39 +00:00
update_string_loc(yyextra, yytext);
dfilter: Free a scanner string earlier
2021-10-31 15:52:05 +00:00
g_string_free(yyextra->quoted_string, TRUE);
yyextra->quoted_string = NULL;
dfilter: Add location tracking to scanner and use it to report errors Add location tracking as a column offset and length from offset to the scanner. Our input is a single line only so we don't need to track line offset. Record that information in the syntax tree. Return the error location in dfilter_compile(). Use it in dftest to mark the location of the error in the filter string. Later it would be nice to use the location in the GUI as well. $ dftest "ip.proto == aaaaaa and tcp.port == 123" Filter: ip.proto == aaaaaa and tcp.port == 123 dftest: "aaaaaa" cannot be found among the possible values for ip.proto. ip.proto == aaaaaa and tcp.port == 123 ^~~~~~
2022-04-07 12:57:39 +00:00
FAIL("The final quote was missing from a quoted string.");
Use -1 rather than 0 as the SCAN_FAILED return value from the lexical analyzer on errors, and check for SCAN_FAILED from the lexical analyzer and abort the parse if we see it; 0 means "end of input", and we want to distinguish errors from end-of-input, so that we can report errors as such. If we see end-of-input while parsing a double-quoted string, report the error (missing closing quote). Fix the URL for the "Start conditions" section of the Flex manual. svn path=/trunk/; revision=10044
2004-02-11 22:52:54 +00:00
return SCAN_FAILED;
}
Use '~' as a synonim for "matches" replace rogue "s with \042 to avoid some text editors going wild svn path=/trunk/; revision=22486
2007-08-11 22:05:44 +00:00
<DQUOTE>\042 {
Add to the fundamental types passed between the scanner and the parser. Besides "STRING", there is now "UNPARSED_STRING", where the distinction is that "STRING" was a double-quoted string and "UNPARSED_STRING" is just a sequence of characters that the scanner didn't know how to scan/parse, so it's up to the Ftype to parse it. This gives us more flexibility and prepares the dfilter parsing engine for the upcoming addition of the "contains" operator. In the process of doing this, I also re-did the double-quoted string support in the scanner, so that instead of the naively-simple support we used to have, double-quoted strings now can have embedded dobule-quotes, embedded octal sequences, and embedded hexadecimal sequences: "\"" embedded double-quote "\110" embedded octal "\x48" embedded hex Enhance the dfilter unit test script to be able to run a single collection of tests instead of having to run all of them all the time. svn path=/trunk/; revision=8083
2003-07-25 03:44:05 +00:00
/* end quote */
BEGIN(INITIAL);
dfilter: Add location tracking to scanner and use it to report errors Add location tracking as a column offset and length from offset to the scanner. Our input is a single line only so we don't need to track line offset. Record that information in the syntax tree. Return the error location in dfilter_compile(). Use it in dftest to mark the location of the error in the filter string. Later it would be nice to use the location in the GUI as well. $ dftest "ip.proto == aaaaaa and tcp.port == 123" Filter: ip.proto == aaaaaa and tcp.port == 123 dftest: "aaaaaa" cannot be found among the possible values for ip.proto. ip.proto == aaaaaa and tcp.port == 123 ^~~~~~
2022-04-07 12:57:39 +00:00
update_string_loc(yyextra, yytext);
dfilter: Cleanup scanner value setters
2022-07-03 21:33:29 +00:00
int token = set_lval_quoted_string(yyextra, yyextra->quoted_string);
Make the Flex scanners and YACC parser in libraries reentrant. master-branch libpcap now generates a reentrant Flex scanner and Bison/Berkeley YACC parser for capture filter expressions, so it requires versions of Flex and Bison/Berkeley YACC that support that. We might as well do the same. For libwiretap, it means we could actually have multiple K12 text or Ascend/Lucent text files open at the same time. For libwireshark, it might not be as useful, as we only read configuration files at startup (which should only happen once, in one thread) or on demand (in which case, if we ever support multiple threads running libwireshark, we'd need a mutex to ensure that only one file reads it), but it's still the right thing to do. We also require a version of Flex that can write out a header file, so we change the runlex script to generate the header file ourselves. This means we require a version of Flex new enough to support --header-file. Clean up some other stuff encountered in the process. Change-Id: Id23078c6acea549a52fc687779bb55d715b55c16 Reviewed-on: https://code.wireshark.org/review/14719 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-03-31 01:44:01 +00:00
yyextra->quoted_string = NULL;
dfilter: Add location tracking to scanner and use it to report errors Add location tracking as a column offset and length from offset to the scanner. Our input is a single line only so we don't need to track line offset. Record that information in the syntax tree. Return the error location in dfilter_compile(). Use it in dftest to mark the location of the error in the filter string. Later it would be nice to use the location in the GUI as well. $ dftest "ip.proto == aaaaaa and tcp.port == 123" Filter: ip.proto == aaaaaa and tcp.port == 123 dftest: "aaaaaa" cannot be found among the possible values for ip.proto. ip.proto == aaaaaa and tcp.port == 123 ^~~~~~
2022-04-07 12:57:39 +00:00
yyextra->string_loc.col_start = -1;
dfilter: Fix scanning of strings The code was ignoring a SCAN_FAILED return value.
2022-04-15 17:59:13 +00:00
return token;
Add to the fundamental types passed between the scanner and the parser. Besides "STRING", there is now "UNPARSED_STRING", where the distinction is that "STRING" was a double-quoted string and "UNPARSED_STRING" is just a sequence of characters that the scanner didn't know how to scan/parse, so it's up to the Ftype to parse it. This gives us more flexibility and prepares the dfilter parsing engine for the upcoming addition of the "contains" operator. In the process of doing this, I also re-did the double-quoted string support in the scanner, so that instead of the naively-simple support we used to have, double-quoted strings now can have embedded dobule-quotes, embedded octal sequences, and embedded hexadecimal sequences: "\"" embedded double-quote "\110" embedded octal "\x48" embedded hex Enhance the dfilter unit test script to be able to run a single collection of tests instead of having to run all of them all the time. svn path=/trunk/; revision=8083
2003-07-25 03:44:05 +00:00
}
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
Add to the fundamental types passed between the scanner and the parser. Besides "STRING", there is now "UNPARSED_STRING", where the distinction is that "STRING" was a double-quoted string and "UNPARSED_STRING" is just a sequence of characters that the scanner didn't know how to scan/parse, so it's up to the Ftype to parse it. This gives us more flexibility and prepares the dfilter parsing engine for the upcoming addition of the "contains" operator. In the process of doing this, I also re-did the double-quoted string support in the scanner, so that instead of the naively-simple support we used to have, double-quoted strings now can have embedded dobule-quotes, embedded octal sequences, and embedded hexadecimal sequences: "\"" embedded double-quote "\110" embedded octal "\x48" embedded hex Enhance the dfilter unit test script to be able to run a single collection of tests instead of having to run all of them all the time. svn path=/trunk/; revision=8083
2003-07-25 03:44:05 +00:00
<DQUOTE>\\[0-7]{1,3} {
/* octal sequence */
dfilter: Add location tracking to scanner and use it to report errors Add location tracking as a column offset and length from offset to the scanner. Our input is a single line only so we don't need to track line offset. Record that information in the syntax tree. Return the error location in dfilter_compile(). Use it in dftest to mark the location of the error in the filter string. Later it would be nice to use the location in the GUI as well. $ dftest "ip.proto == aaaaaa and tcp.port == 123" Filter: ip.proto == aaaaaa and tcp.port == 123 dftest: "aaaaaa" cannot be found among the possible values for ip.proto. ip.proto == aaaaaa and tcp.port == 123 ^~~~~~
2022-04-07 12:57:39 +00:00
update_string_loc(yyextra, yytext);
dfilter: Add support for raw strings Add support for a literal string specification copied from Python raw strings[1]. Raw string literals are enclosed with r"..." or R"...". Double quotes can be include in the string but they must be escaped with backslash. In escape sequences backslashes are preserved in the final result. So for example the string "a\\\"b" is the same as r"a\"b". r"\\\a" is the same as "\\\\\\a". Raw strings should be used for convenience wherever a regular expression is used in a display filter expression. [1]https://docs.python.org/3/reference/lexical_analysis.html#string-and-bytes-literals
2021-05-30 02:38:12 +00:00
if (yyextra->raw_string) {
g_string_append(yyextra->quoted_string, yytext);
}
else {
unsigned long result;
result = strtoul(yytext + 1, NULL, 8);
if (result > 0xff) {
g_string_free(yyextra->quoted_string, TRUE);
yyextra->quoted_string = NULL;
dfilter: Add location tracking to scanner and use it to report errors Add location tracking as a column offset and length from offset to the scanner. Our input is a single line only so we don't need to track line offset. Record that information in the syntax tree. Return the error location in dfilter_compile(). Use it in dftest to mark the location of the error in the filter string. Later it would be nice to use the location in the GUI as well. $ dftest "ip.proto == aaaaaa and tcp.port == 123" Filter: ip.proto == aaaaaa and tcp.port == 123 dftest: "aaaaaa" cannot be found among the possible values for ip.proto. ip.proto == aaaaaa and tcp.port == 123 ^~~~~~
2022-04-07 12:57:39 +00:00
FAIL("%s is larger than 255.", yytext);
dfilter: Add support for raw strings Add support for a literal string specification copied from Python raw strings[1]. Raw string literals are enclosed with r"..." or R"...". Double quotes can be include in the string but they must be escaped with backslash. In escape sequences backslashes are preserved in the final result. So for example the string "a\\\"b" is the same as r"a\"b". r"\\\a" is the same as "\\\\\\a". Raw strings should be used for convenience wherever a regular expression is used in a display filter expression. [1]https://docs.python.org/3/reference/lexical_analysis.html#string-and-bytes-literals
2021-05-30 02:38:12 +00:00
return SCAN_FAILED;
}
g_string_append_c(yyextra->quoted_string, (gchar) result);
Add to the fundamental types passed between the scanner and the parser. Besides "STRING", there is now "UNPARSED_STRING", where the distinction is that "STRING" was a double-quoted string and "UNPARSED_STRING" is just a sequence of characters that the scanner didn't know how to scan/parse, so it's up to the Ftype to parse it. This gives us more flexibility and prepares the dfilter parsing engine for the upcoming addition of the "contains" operator. In the process of doing this, I also re-did the double-quoted string support in the scanner, so that instead of the naively-simple support we used to have, double-quoted strings now can have embedded dobule-quotes, embedded octal sequences, and embedded hexadecimal sequences: "\"" embedded double-quote "\110" embedded octal "\x48" embedded hex Enhance the dfilter unit test script to be able to run a single collection of tests instead of having to run all of them all the time. svn path=/trunk/; revision=8083
2003-07-25 03:44:05 +00:00
}
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
}
Add to the fundamental types passed between the scanner and the parser. Besides "STRING", there is now "UNPARSED_STRING", where the distinction is that "STRING" was a double-quoted string and "UNPARSED_STRING" is just a sequence of characters that the scanner didn't know how to scan/parse, so it's up to the Ftype to parse it. This gives us more flexibility and prepares the dfilter parsing engine for the upcoming addition of the "contains" operator. In the process of doing this, I also re-did the double-quoted string support in the scanner, so that instead of the naively-simple support we used to have, double-quoted strings now can have embedded dobule-quotes, embedded octal sequences, and embedded hexadecimal sequences: "\"" embedded double-quote "\110" embedded octal "\x48" embedded hex Enhance the dfilter unit test script to be able to run a single collection of tests instead of having to run all of them all the time. svn path=/trunk/; revision=8083
2003-07-25 03:44:05 +00:00
<DQUOTE>\\x[[:xdigit:]]{1,2} {
/* hex sequence */
dfilter: Support more C escape sequences in string literals Before: Filter: http.request.method == "\tHEAD" Constants: 00000 PUT_FVALUE "tHEAD" <FT_STRING> -> reg#1 (...) Filter: http.request.method == "\uHEAD" Constants: 00000 PUT_FVALUE "uHEAD" <FT_STRING> -> reg#1 (...) After: Filter: http.request.method == "\tHEAD" Constants: 00000 PUT_FVALUE "\x09HEAD" <FT_STRING> -> reg#1 (...) Filter: http.request.method == "\uHEAD" Constants: 00000 PUT_FVALUE "uHEAD" <FT_STRING> -> reg#1 (...)
2021-10-31 15:48:22 +00:00
/*
* C standard does not place a limit on the number of hex
* digits after \x... but we do. \xNN can have 1 or two Ns, not more.
*/
dfilter: Add location tracking to scanner and use it to report errors Add location tracking as a column offset and length from offset to the scanner. Our input is a single line only so we don't need to track line offset. Record that information in the syntax tree. Return the error location in dfilter_compile(). Use it in dftest to mark the location of the error in the filter string. Later it would be nice to use the location in the GUI as well. $ dftest "ip.proto == aaaaaa and tcp.port == 123" Filter: ip.proto == aaaaaa and tcp.port == 123 dftest: "aaaaaa" cannot be found among the possible values for ip.proto. ip.proto == aaaaaa and tcp.port == 123 ^~~~~~
2022-04-07 12:57:39 +00:00
update_string_loc(yyextra, yytext);
dfilter: Add support for raw strings Add support for a literal string specification copied from Python raw strings[1]. Raw string literals are enclosed with r"..." or R"...". Double quotes can be include in the string but they must be escaped with backslash. In escape sequences backslashes are preserved in the final result. So for example the string "a\\\"b" is the same as r"a\"b". r"\\\a" is the same as "\\\\\\a". Raw strings should be used for convenience wherever a regular expression is used in a display filter expression. [1]https://docs.python.org/3/reference/lexical_analysis.html#string-and-bytes-literals
2021-05-30 02:38:12 +00:00
if (yyextra->raw_string) {
g_string_append(yyextra->quoted_string, yytext);
}
else {
unsigned long result;
result = strtoul(yytext + 2, NULL, 16);
g_string_append_c(yyextra->quoted_string, (gchar) result);
}
Add to the fundamental types passed between the scanner and the parser. Besides "STRING", there is now "UNPARSED_STRING", where the distinction is that "STRING" was a double-quoted string and "UNPARSED_STRING" is just a sequence of characters that the scanner didn't know how to scan/parse, so it's up to the Ftype to parse it. This gives us more flexibility and prepares the dfilter parsing engine for the upcoming addition of the "contains" operator. In the process of doing this, I also re-did the double-quoted string support in the scanner, so that instead of the naively-simple support we used to have, double-quoted strings now can have embedded dobule-quotes, embedded octal sequences, and embedded hexadecimal sequences: "\"" embedded double-quote "\110" embedded octal "\x48" embedded hex Enhance the dfilter unit test script to be able to run a single collection of tests instead of having to run all of them all the time. svn path=/trunk/; revision=8083
2003-07-25 03:44:05 +00:00
}
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
dfilter: Add support for unicode escape sequences Add support for entering unicode codepoints as \uNNNN or \uNNNNNNNN for strings and charconsts (following the C standard).
2022-06-20 21:05:48 +00:00
<DQUOTE>\\u[[:xdigit:]]{0,4} {
/* universal character name */
update_string_loc(yyextra, yytext);
if (yyextra->raw_string) {
g_string_append(yyextra->quoted_string, yytext);
}
else if (!append_universal_character_name(yyextra, yyextra->quoted_string, yytext)) {
g_string_free(yyextra->quoted_string, TRUE);
yyextra->quoted_string = NULL;
return SCAN_FAILED;
}
}
<DQUOTE>\\U[[:xdigit:]]{0,8} {
/* universal character name */
update_string_loc(yyextra, yytext);
if (yyextra->raw_string) {
g_string_append(yyextra->quoted_string, yytext);
}
else if (!append_universal_character_name(yyextra, yyextra->quoted_string, yytext)) {
g_string_free(yyextra->quoted_string, TRUE);
yyextra->quoted_string = NULL;
return SCAN_FAILED;
}
}
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
Add to the fundamental types passed between the scanner and the parser. Besides "STRING", there is now "UNPARSED_STRING", where the distinction is that "STRING" was a double-quoted string and "UNPARSED_STRING" is just a sequence of characters that the scanner didn't know how to scan/parse, so it's up to the Ftype to parse it. This gives us more flexibility and prepares the dfilter parsing engine for the upcoming addition of the "contains" operator. In the process of doing this, I also re-did the double-quoted string support in the scanner, so that instead of the naively-simple support we used to have, double-quoted strings now can have embedded dobule-quotes, embedded octal sequences, and embedded hexadecimal sequences: "\"" embedded double-quote "\110" embedded octal "\x48" embedded hex Enhance the dfilter unit test script to be able to run a single collection of tests instead of having to run all of them all the time. svn path=/trunk/; revision=8083
2003-07-25 03:44:05 +00:00
<DQUOTE>\\. {
/* escaped character */
dfilter: Add location tracking to scanner and use it to report errors Add location tracking as a column offset and length from offset to the scanner. Our input is a single line only so we don't need to track line offset. Record that information in the syntax tree. Return the error location in dfilter_compile(). Use it in dftest to mark the location of the error in the filter string. Later it would be nice to use the location in the GUI as well. $ dftest "ip.proto == aaaaaa and tcp.port == 123" Filter: ip.proto == aaaaaa and tcp.port == 123 dftest: "aaaaaa" cannot be found among the possible values for ip.proto. ip.proto == aaaaaa and tcp.port == 123 ^~~~~~
2022-04-07 12:57:39 +00:00
update_string_loc(yyextra, yytext);
dfilter: Add support for raw strings Add support for a literal string specification copied from Python raw strings[1]. Raw string literals are enclosed with r"..." or R"...". Double quotes can be include in the string but they must be escaped with backslash. In escape sequences backslashes are preserved in the final result. So for example the string "a\\\"b" is the same as r"a\"b". r"\\\a" is the same as "\\\\\\a". Raw strings should be used for convenience wherever a regular expression is used in a display filter expression. [1]https://docs.python.org/3/reference/lexical_analysis.html#string-and-bytes-literals
2021-05-30 02:38:12 +00:00
if (yyextra->raw_string) {
g_string_append(yyextra->quoted_string, yytext);
}
dfilter: Add location tracking to scanner and use it to report errors Add location tracking as a column offset and length from offset to the scanner. Our input is a single line only so we don't need to track line offset. Record that information in the syntax tree. Return the error location in dfilter_compile(). Use it in dftest to mark the location of the error in the filter string. Later it would be nice to use the location in the GUI as well. $ dftest "ip.proto == aaaaaa and tcp.port == 123" Filter: ip.proto == aaaaaa and tcp.port == 123 dftest: "aaaaaa" cannot be found among the possible values for ip.proto. ip.proto == aaaaaa and tcp.port == 123 ^~~~~~
2022-04-07 12:57:39 +00:00
else if (!append_escaped_char(yyextra, yyextra->quoted_string, yytext[1])) {
dfilter: Free a scanner string
2021-11-24 09:54:17 +00:00
g_string_free(yyextra->quoted_string, TRUE);
yyextra->quoted_string = NULL;
dfilter: Reject invalid character escape sequences For double quoted strings. This is consistent with single quote character constants and the C standard. It also avoids common mistakes where the superfluous backslash is silently suppressed.
2021-11-23 13:40:14 +00:00
return SCAN_FAILED;
dfilter: Add support for raw strings Add support for a literal string specification copied from Python raw strings[1]. Raw string literals are enclosed with r"..." or R"...". Double quotes can be include in the string but they must be escaped with backslash. In escape sequences backslashes are preserved in the final result. So for example the string "a\\\"b" is the same as r"a\"b". r"\\\a" is the same as "\\\\\\a". Raw strings should be used for convenience wherever a regular expression is used in a display filter expression. [1]https://docs.python.org/3/reference/lexical_analysis.html#string-and-bytes-literals
2021-05-30 02:38:12 +00:00
}
Add to the fundamental types passed between the scanner and the parser. Besides "STRING", there is now "UNPARSED_STRING", where the distinction is that "STRING" was a double-quoted string and "UNPARSED_STRING" is just a sequence of characters that the scanner didn't know how to scan/parse, so it's up to the Ftype to parse it. This gives us more flexibility and prepares the dfilter parsing engine for the upcoming addition of the "contains" operator. In the process of doing this, I also re-did the double-quoted string support in the scanner, so that instead of the naively-simple support we used to have, double-quoted strings now can have embedded dobule-quotes, embedded octal sequences, and embedded hexadecimal sequences: "\"" embedded double-quote "\110" embedded octal "\x48" embedded hex Enhance the dfilter unit test script to be able to run a single collection of tests instead of having to run all of them all the time. svn path=/trunk/; revision=8083
2003-07-25 03:44:05 +00:00
}
Use '~' as a synonim for "matches" replace rogue "s with \042 to avoid some text editors going wild svn path=/trunk/; revision=22486
2007-08-11 22:05:44 +00:00
<DQUOTE>[^\\\042]+ {
Add to the fundamental types passed between the scanner and the parser. Besides "STRING", there is now "UNPARSED_STRING", where the distinction is that "STRING" was a double-quoted string and "UNPARSED_STRING" is just a sequence of characters that the scanner didn't know how to scan/parse, so it's up to the Ftype to parse it. This gives us more flexibility and prepares the dfilter parsing engine for the upcoming addition of the "contains" operator. In the process of doing this, I also re-did the double-quoted string support in the scanner, so that instead of the naively-simple support we used to have, double-quoted strings now can have embedded dobule-quotes, embedded octal sequences, and embedded hexadecimal sequences: "\"" embedded double-quote "\110" embedded octal "\x48" embedded hex Enhance the dfilter unit test script to be able to run a single collection of tests instead of having to run all of them all the time. svn path=/trunk/; revision=8083
2003-07-25 03:44:05 +00:00
/* non-escaped string */
dfilter: Add location tracking to scanner and use it to report errors Add location tracking as a column offset and length from offset to the scanner. Our input is a single line only so we don't need to track line offset. Record that information in the syntax tree. Return the error location in dfilter_compile(). Use it in dftest to mark the location of the error in the filter string. Later it would be nice to use the location in the GUI as well. $ dftest "ip.proto == aaaaaa and tcp.port == 123" Filter: ip.proto == aaaaaa and tcp.port == 123 dftest: "aaaaaa" cannot be found among the possible values for ip.proto. ip.proto == aaaaaa and tcp.port == 123 ^~~~~~
2022-04-07 12:57:39 +00:00
update_string_loc(yyextra, yytext);
Make the Flex scanners and YACC parser in libraries reentrant. master-branch libpcap now generates a reentrant Flex scanner and Bison/Berkeley YACC parser for capture filter expressions, so it requires versions of Flex and Bison/Berkeley YACC that support that. We might as well do the same. For libwiretap, it means we could actually have multiple K12 text or Ascend/Lucent text files open at the same time. For libwireshark, it might not be as useful, as we only read configuration files at startup (which should only happen once, in one thread) or on demand (in which case, if we ever support multiple threads running libwireshark, we'd need a mutex to ensure that only one file reads it), but it's still the right thing to do. We also require a version of Flex that can write out a header file, so we change the runlex script to generate the header file ourselves. This means we require a version of Flex new enough to support --header-file. Clean up some other stuff encountered in the process. Change-Id: Id23078c6acea549a52fc687779bb55d715b55c16 Reviewed-on: https://code.wireshark.org/review/14719 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-03-31 01:44:01 +00:00
g_string_append(yyextra->quoted_string, yytext);
Add to the fundamental types passed between the scanner and the parser. Besides "STRING", there is now "UNPARSED_STRING", where the distinction is that "STRING" was a double-quoted string and "UNPARSED_STRING" is just a sequence of characters that the scanner didn't know how to scan/parse, so it's up to the Ftype to parse it. This gives us more flexibility and prepares the dfilter parsing engine for the upcoming addition of the "contains" operator. In the process of doing this, I also re-did the double-quoted string support in the scanner, so that instead of the naively-simple support we used to have, double-quoted strings now can have embedded dobule-quotes, embedded octal sequences, and embedded hexadecimal sequences: "\"" embedded double-quote "\110" embedded octal "\x48" embedded hex Enhance the dfilter unit test script to be able to run a single collection of tests instead of having to run all of them all the time. svn path=/trunk/; revision=8083
2003-07-25 03:44:05 +00:00
}
Improve support for single-character fields and filter expressions. Add an FT_CHAR type, which is like FT_UINT8 except that the value is displayed as a C-style character constant. Allow use of C-style character constants in filter expressions; they can be used in comparisons with all integral types, and in "contains" operators. Use that type for some fields that appear (based on the way they're displayed, or on the use of C-style character constants in their value_string tables) to be 1-byte characters rather than 8-bit numbers. Change-Id: I39a9f0dda0bd7f4fa02a9ca8373216206f4d7135 Reviewed-on: https://code.wireshark.org/review/17787 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-09-19 01:48:50 +00:00
\047 {
/* start quote of a quoted character value */
BEGIN(SQUOTE);
dfilter: Add location tracking to scanner and use it to report errors Add location tracking as a column offset and length from offset to the scanner. Our input is a single line only so we don't need to track line offset. Record that information in the syntax tree. Return the error location in dfilter_compile(). Use it in dftest to mark the location of the error in the filter string. Later it would be nice to use the location in the GUI as well. $ dftest "ip.proto == aaaaaa and tcp.port == 123" Filter: ip.proto == aaaaaa and tcp.port == 123 dftest: "aaaaaa" cannot be found among the possible values for ip.proto. ip.proto == aaaaaa and tcp.port == 123 ^~~~~~
2022-04-07 12:57:39 +00:00
update_location(yyextra, yytext);
yyextra->string_loc = yyextra->location;
Improve support for single-character fields and filter expressions. Add an FT_CHAR type, which is like FT_UINT8 except that the value is displayed as a C-style character constant. Allow use of C-style character constants in filter expressions; they can be used in comparisons with all integral types, and in "contains" operators. Use that type for some fields that appear (based on the way they're displayed, or on the use of C-style character constants in their value_string tables) to be 1-byte characters rather than 8-bit numbers. Change-Id: I39a9f0dda0bd7f4fa02a9ca8373216206f4d7135 Reviewed-on: https://code.wireshark.org/review/17787 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-09-19 01:48:50 +00:00
yyextra->quoted_string = g_string_new("'");
}
<SQUOTE><<EOF>> {
/* unterminated character value */
dfilter: Add location tracking to scanner and use it to report errors Add location tracking as a column offset and length from offset to the scanner. Our input is a single line only so we don't need to track line offset. Record that information in the syntax tree. Return the error location in dfilter_compile(). Use it in dftest to mark the location of the error in the filter string. Later it would be nice to use the location in the GUI as well. $ dftest "ip.proto == aaaaaa and tcp.port == 123" Filter: ip.proto == aaaaaa and tcp.port == 123 dftest: "aaaaaa" cannot be found among the possible values for ip.proto. ip.proto == aaaaaa and tcp.port == 123 ^~~~~~
2022-04-07 12:57:39 +00:00
update_string_loc(yyextra, yytext);
dfilter: Free a scanner string earlier
2021-10-31 15:52:05 +00:00
g_string_free(yyextra->quoted_string, TRUE);
yyextra->quoted_string = NULL;
dfilter: Add location tracking to scanner and use it to report errors Add location tracking as a column offset and length from offset to the scanner. Our input is a single line only so we don't need to track line offset. Record that information in the syntax tree. Return the error location in dfilter_compile(). Use it in dftest to mark the location of the error in the filter string. Later it would be nice to use the location in the GUI as well. $ dftest "ip.proto == aaaaaa and tcp.port == 123" Filter: ip.proto == aaaaaa and tcp.port == 123 dftest: "aaaaaa" cannot be found among the possible values for ip.proto. ip.proto == aaaaaa and tcp.port == 123 ^~~~~~
2022-04-07 12:57:39 +00:00
FAIL("The final quote was missing from a character constant.");
Improve support for single-character fields and filter expressions. Add an FT_CHAR type, which is like FT_UINT8 except that the value is displayed as a C-style character constant. Allow use of C-style character constants in filter expressions; they can be used in comparisons with all integral types, and in "contains" operators. Use that type for some fields that appear (based on the way they're displayed, or on the use of C-style character constants in their value_string tables) to be 1-byte characters rather than 8-bit numbers. Change-Id: I39a9f0dda0bd7f4fa02a9ca8373216206f4d7135 Reviewed-on: https://code.wireshark.org/review/17787 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-09-19 01:48:50 +00:00
return SCAN_FAILED;
}
<SQUOTE>\047 {
/* end quote */
BEGIN(INITIAL);
dfilter: Add location tracking to scanner and use it to report errors Add location tracking as a column offset and length from offset to the scanner. Our input is a single line only so we don't need to track line offset. Record that information in the syntax tree. Return the error location in dfilter_compile(). Use it in dftest to mark the location of the error in the filter string. Later it would be nice to use the location in the GUI as well. $ dftest "ip.proto == aaaaaa and tcp.port == 123" Filter: ip.proto == aaaaaa and tcp.port == 123 dftest: "aaaaaa" cannot be found among the possible values for ip.proto. ip.proto == aaaaaa and tcp.port == 123 ^~~~~~
2022-04-07 12:57:39 +00:00
update_string_loc(yyextra, yytext);
Improve support for single-character fields and filter expressions. Add an FT_CHAR type, which is like FT_UINT8 except that the value is displayed as a C-style character constant. Allow use of C-style character constants in filter expressions; they can be used in comparisons with all integral types, and in "contains" operators. Use that type for some fields that appear (based on the way they're displayed, or on the use of C-style character constants in their value_string tables) to be 1-byte characters rather than 8-bit numbers. Change-Id: I39a9f0dda0bd7f4fa02a9ca8373216206f4d7135 Reviewed-on: https://code.wireshark.org/review/17787 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-09-19 01:48:50 +00:00
g_string_append_c(yyextra->quoted_string, '\'');
dfilter: Cleanup scanner value setters
2022-07-03 21:33:29 +00:00
int token = set_lval_charconst(yyextra, yyextra->quoted_string);
Improve support for single-character fields and filter expressions. Add an FT_CHAR type, which is like FT_UINT8 except that the value is displayed as a C-style character constant. Allow use of C-style character constants in filter expressions; they can be used in comparisons with all integral types, and in "contains" operators. Use that type for some fields that appear (based on the way they're displayed, or on the use of C-style character constants in their value_string tables) to be 1-byte characters rather than 8-bit numbers. Change-Id: I39a9f0dda0bd7f4fa02a9ca8373216206f4d7135 Reviewed-on: https://code.wireshark.org/review/17787 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-09-19 01:48:50 +00:00
yyextra->quoted_string = NULL;
dfilter: Add location tracking to scanner and use it to report errors Add location tracking as a column offset and length from offset to the scanner. Our input is a single line only so we don't need to track line offset. Record that information in the syntax tree. Return the error location in dfilter_compile(). Use it in dftest to mark the location of the error in the filter string. Later it would be nice to use the location in the GUI as well. $ dftest "ip.proto == aaaaaa and tcp.port == 123" Filter: ip.proto == aaaaaa and tcp.port == 123 dftest: "aaaaaa" cannot be found among the possible values for ip.proto. ip.proto == aaaaaa and tcp.port == 123 ^~~~~~
2022-04-07 12:57:39 +00:00
yyextra->string_loc.col_start = -1;
dfilter: Fix scanning of strings The code was ignoring a SCAN_FAILED return value.
2022-04-15 17:59:13 +00:00
return token;
Improve support for single-character fields and filter expressions. Add an FT_CHAR type, which is like FT_UINT8 except that the value is displayed as a C-style character constant. Allow use of C-style character constants in filter expressions; they can be used in comparisons with all integral types, and in "contains" operators. Use that type for some fields that appear (based on the way they're displayed, or on the use of C-style character constants in their value_string tables) to be 1-byte characters rather than 8-bit numbers. Change-Id: I39a9f0dda0bd7f4fa02a9ca8373216206f4d7135 Reviewed-on: https://code.wireshark.org/review/17787 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-09-19 01:48:50 +00:00
}
<SQUOTE>\\. {
/* escaped character */
dfilter: Add location tracking to scanner and use it to report errors Add location tracking as a column offset and length from offset to the scanner. Our input is a single line only so we don't need to track line offset. Record that information in the syntax tree. Return the error location in dfilter_compile(). Use it in dftest to mark the location of the error in the filter string. Later it would be nice to use the location in the GUI as well. $ dftest "ip.proto == aaaaaa and tcp.port == 123" Filter: ip.proto == aaaaaa and tcp.port == 123 dftest: "aaaaaa" cannot be found among the possible values for ip.proto. ip.proto == aaaaaa and tcp.port == 123 ^~~~~~
2022-04-07 12:57:39 +00:00
update_string_loc(yyextra, yytext);
Improve support for single-character fields and filter expressions. Add an FT_CHAR type, which is like FT_UINT8 except that the value is displayed as a C-style character constant. Allow use of C-style character constants in filter expressions; they can be used in comparisons with all integral types, and in "contains" operators. Use that type for some fields that appear (based on the way they're displayed, or on the use of C-style character constants in their value_string tables) to be 1-byte characters rather than 8-bit numbers. Change-Id: I39a9f0dda0bd7f4fa02a9ca8373216206f4d7135 Reviewed-on: https://code.wireshark.org/review/17787 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-09-19 01:48:50 +00:00
g_string_append(yyextra->quoted_string, yytext);
}
<SQUOTE>[^\\\047]+ {
/* non-escaped string */
dfilter: Add location tracking to scanner and use it to report errors Add location tracking as a column offset and length from offset to the scanner. Our input is a single line only so we don't need to track line offset. Record that information in the syntax tree. Return the error location in dfilter_compile(). Use it in dftest to mark the location of the error in the filter string. Later it would be nice to use the location in the GUI as well. $ dftest "ip.proto == aaaaaa and tcp.port == 123" Filter: ip.proto == aaaaaa and tcp.port == 123 dftest: "aaaaaa" cannot be found among the possible values for ip.proto. ip.proto == aaaaaa and tcp.port == 123 ^~~~~~
2022-04-07 12:57:39 +00:00
update_string_loc(yyextra, yytext);
Improve support for single-character fields and filter expressions. Add an FT_CHAR type, which is like FT_UINT8 except that the value is displayed as a C-style character constant. Allow use of C-style character constants in filter expressions; they can be used in comparisons with all integral types, and in "contains" operators. Use that type for some fields that appear (based on the way they're displayed, or on the use of C-style character constants in their value_string tables) to be 1-byte characters rather than 8-bit numbers. Change-Id: I39a9f0dda0bd7f4fa02a9ca8373216206f4d7135 Reviewed-on: https://code.wireshark.org/review/17787 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-09-19 01:48:50 +00:00
g_string_append(yyextra->quoted_string, yytext);
}
dfilter: Fixup some scanner comments and patterns Fixup comment to reflect that unparsed is the only token type for the pattern, there is no "match" or "no match". Tighten the CIDR patterns and make sure it cannot match a rogue "..". This is ambiguous with 80..90 and must be treated extra carefully to support floating point formats without leading or terminating digits before or after the point. Reject the default match as a syntax error. This pattern is just a pitfall to make testing and debugging harder. Matching a single arbitrary character is never a valid unparsed string, except by chance.
2021-10-27 18:19:36 +00:00
/* None of the patterns below can match ".." anywhere in the token string. */
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
dfilter: Allow arithmetic expressions without spaces To allow an arithmetic expressions without spaces, such as "1+2", we cannot match the expression in other lexical rules using "+". Because of longest match this becomes the token LITERAL or UNPARSED with semantic value "1+2". The same goes for all the other arithmetic operators. So we need to remove [+-*/%] from "word chars" and add very specific patterns (that won't mistakenly match an arithmetic expression) for those literal or unparsed tokens we want to support using these characters. The plus was not a problem but right slash is used for CIDR, minus for mac address separator, etc. There are still some corner case. 11-22-33-44-55-66 is a mac address and not the arithmetic expression with six terms "eleven minus twenty two minus etc." (if we ever support more than two terms in the grammar, which we don't currently). We lift some patterns from the flex manual to match on IPv4 and IPv6 (ugly) and add MAC address. Other hypothetical literal lexical values using [+-*/%] are already supported enclosed in angle brackets but the cases of MAC/IPv4/IPv6 are are very common and moreover we need to do the utmost to not break backward compatibily here. Before: $ dftest "_ws.ftypes.int32 == 1+2" dftest: "1+2" is not a valid number. After: $ dftest "_ws.ftypes.int32 == 1+2" Filter: _ws.ftypes.int32 == 1+2 Instructions: 00000 READ_TREE _ws.ftypes.int32 -> reg#0 00001 IF_FALSE_GOTO 4 00002 ADD 1 <FT_INT32> + 2 <FT_INT32> -> reg#1 00003 ANY_EQ reg#0 == reg#1 00004 RETURN
2022-04-04 18:58:35 +00:00
{MacAddress}|{QuadMacAddress} {
dfilter: Clean up lexical scanning
2022-04-06 13:58:10 +00:00
/* MAC Address. */
dfilter: Add location tracking to scanner and use it to report errors Add location tracking as a column offset and length from offset to the scanner. Our input is a single line only so we don't need to track line offset. Record that information in the syntax tree. Return the error location in dfilter_compile(). Use it in dftest to mark the location of the error in the filter string. Later it would be nice to use the location in the GUI as well. $ dftest "ip.proto == aaaaaa and tcp.port == 123" Filter: ip.proto == aaaaaa and tcp.port == 123 dftest: "aaaaaa" cannot be found among the possible values for ip.proto. ip.proto == aaaaaa and tcp.port == 123 ^~~~~~
2022-04-07 12:57:39 +00:00
update_location(yyextra, yytext);
dfilter: Remove unparsed syntax type and RHS literal bias This removes unparsed name resolution during the semantic check because it feels like a hack to work around limitations in the language syntax, that should be solved at the lexical level instead. We were interpreting unparsed differently on the LHS and RHS. Now an unparsed value is always a field if it matches a registered field name (this matches the implementation in 3.6 and before). This requires tightening a bit the allowed filter names for protocols to avoid some common and potentially weird conflicting cases. Incidentally this extends set grammar to accept all entities. That is experimental and may be reverted in the future.
2022-06-25 10:25:36 +00:00
return set_lval_simple(yyextra, TOKEN_UNPARSED, yytext, STTYPE_UNINITIALIZED);
dfilter: Allow arithmetic expressions without spaces To allow an arithmetic expressions without spaces, such as "1+2", we cannot match the expression in other lexical rules using "+". Because of longest match this becomes the token LITERAL or UNPARSED with semantic value "1+2". The same goes for all the other arithmetic operators. So we need to remove [+-*/%] from "word chars" and add very specific patterns (that won't mistakenly match an arithmetic expression) for those literal or unparsed tokens we want to support using these characters. The plus was not a problem but right slash is used for CIDR, minus for mac address separator, etc. There are still some corner case. 11-22-33-44-55-66 is a mac address and not the arithmetic expression with six terms "eleven minus twenty two minus etc." (if we ever support more than two terms in the grammar, which we don't currently). We lift some patterns from the flex manual to match on IPv4 and IPv6 (ugly) and add MAC address. Other hypothetical literal lexical values using [+-*/%] are already supported enclosed in angle brackets but the cases of MAC/IPv4/IPv6 are are very common and moreover we need to do the utmost to not break backward compatibily here. Before: $ dftest "_ws.ftypes.int32 == 1+2" dftest: "1+2" is not a valid number. After: $ dftest "_ws.ftypes.int32 == 1+2" Filter: _ws.ftypes.int32 == 1+2 Instructions: 00000 READ_TREE _ws.ftypes.int32 -> reg#0 00001 IF_FALSE_GOTO 4 00002 ADD 1 <FT_INT32> + 2 <FT_INT32> -> reg#1 00003 ANY_EQ reg#0 == reg#1 00004 RETURN
2022-04-04 18:58:35 +00:00
}
dfilter: Fix parsing of some IPv6 compressed addresses Fix parsing of some IPv6 addresses and add tests. Also pass tokens as unparsed unless the user was specfic about the semantic type. For example the IPv4 address 1.1.1.1 is also a valid field, but 1.1.1.1/128 is not (because of the slash). However choose not to enforce the distinction in the lexical scanner and pass everything as unparsed unless the meaning is explicit in the syntax with leading dot, colon, or between angle branckets.
2022-04-06 08:29:45 +00:00
{IPv4address}{v4-cidr-prefix}? {
/* IPv4 with or without prefix. */
dfilter: Add location tracking to scanner and use it to report errors Add location tracking as a column offset and length from offset to the scanner. Our input is a single line only so we don't need to track line offset. Record that information in the syntax tree. Return the error location in dfilter_compile(). Use it in dftest to mark the location of the error in the filter string. Later it would be nice to use the location in the GUI as well. $ dftest "ip.proto == aaaaaa and tcp.port == 123" Filter: ip.proto == aaaaaa and tcp.port == 123 dftest: "aaaaaa" cannot be found among the possible values for ip.proto. ip.proto == aaaaaa and tcp.port == 123 ^~~~~~
2022-04-07 12:57:39 +00:00
update_location(yyextra, yytext);
dfilter: Remove unparsed syntax type and RHS literal bias This removes unparsed name resolution during the semantic check because it feels like a hack to work around limitations in the language syntax, that should be solved at the lexical level instead. We were interpreting unparsed differently on the LHS and RHS. Now an unparsed value is always a field if it matches a registered field name (this matches the implementation in 3.6 and before). This requires tightening a bit the allowed filter names for protocols to avoid some common and potentially weird conflicting cases. Incidentally this extends set grammar to accept all entities. That is experimental and may be reverted in the future.
2022-06-25 10:25:36 +00:00
return set_lval_simple(yyextra, TOKEN_UNPARSED, yytext, STTYPE_UNINITIALIZED);
dfilter: Add special syntax for literals and names The syntax for protocols and some literals like numbers and bytes/addresses can be ambiguous. Some protocols can be parsed as a literal, for example the protocol "fc" (Fibre Channel) can be parsed as 0xFC. If a numeric protocol is registered that will also take precedence over any literal, according to the current rules, thereby breaking numerical comparisons to that number. The same for an hypothetical protocol named "true", etc. To allow the user to disambiguate this meaning introduce new syntax. Any value prefixed with ':' or enclosed in <,> will be treated as a literal value only. The value :fc or <fc> will always mean 0xFC, under any context. Never a protocol whose filter name is "fc". Likewise any value prefixed with a dot will always be parsed as an identifier (protocol or protocol field) in the language. Never any literal value parsed from the token "fc". This allows the user to be explicit about the meaning, and between the two explicit methods plus the ambiguous one it doesn't completely break any one meaning. The difference can be seen in the following two programs: Filter: frame == fc Constants: Instructions: 00000 READ_TREE frame -> reg#0 00001 IF-FALSE-GOTO 5 00002 READ_TREE fc -> reg#1 00003 IF-FALSE-GOTO 5 00004 ANY_EQ reg#0 == reg#1 00005 RETURN -------- Filter: frame == :fc Constants: 00000 PUT_FVALUE fc <FT_PROTOCOL> -> reg#1 Instructions: 00000 READ_TREE frame -> reg#0 00001 IF-FALSE-GOTO 3 00002 ANY_EQ reg#0 == reg#1 00003 RETURN The filter "frame == fc" is the same as "filter == .fc", according to the current heuristic, except the first form will try to parse it as a literal if the name does not correspond to any registered protocol. By treating a leading dot as a name in the language we necessarily disallow writing floats with a leading dot. We will also disallow writing with an ending dot when using unparsed values. This is a backward incompatibility but has the happy side effect of making the expression {1...2} unambiguous. This could either mean "1 .. .2" or "1. .. 2". If we require a leading and ending digit then the meaning is clear: 1.0..0.2 -> 1.0 .. 0.2 Fixes #17731.
2022-02-22 21:55:05 +00:00
}
dfilter: Fix parsing of some IPv6 compressed addresses Fix parsing of some IPv6 addresses and add tests. Also pass tokens as unparsed unless the user was specfic about the semantic type. For example the IPv4 address 1.1.1.1 is also a valid field, but 1.1.1.1/128 is not (because of the slash). However choose not to enforce the distinction in the lexical scanner and pass everything as unparsed unless the meaning is explicit in the syntax with leading dot, colon, or between angle branckets.
2022-04-06 08:29:45 +00:00
{IPv6address}{v6-cidr-prefix}? {
/* IPv6 with or without prefix. */
dfilter: Add location tracking to scanner and use it to report errors Add location tracking as a column offset and length from offset to the scanner. Our input is a single line only so we don't need to track line offset. Record that information in the syntax tree. Return the error location in dfilter_compile(). Use it in dftest to mark the location of the error in the filter string. Later it would be nice to use the location in the GUI as well. $ dftest "ip.proto == aaaaaa and tcp.port == 123" Filter: ip.proto == aaaaaa and tcp.port == 123 dftest: "aaaaaa" cannot be found among the possible values for ip.proto. ip.proto == aaaaaa and tcp.port == 123 ^~~~~~
2022-04-07 12:57:39 +00:00
update_location(yyextra, yytext);
dfilter: Remove unparsed syntax type and RHS literal bias This removes unparsed name resolution during the semantic check because it feels like a hack to work around limitations in the language syntax, that should be solved at the lexical level instead. We were interpreting unparsed differently on the LHS and RHS. Now an unparsed value is always a field if it matches a registered field name (this matches the implementation in 3.6 and before). This requires tightening a bit the allowed filter names for protocols to avoid some common and potentially weird conflicting cases. Incidentally this extends set grammar to accept all entities. That is experimental and may be reverted in the future.
2022-06-25 10:25:36 +00:00
return set_lval_simple(yyextra, TOKEN_UNPARSED, yytext, STTYPE_UNINITIALIZED);
dfilter: Add special syntax for literals and names The syntax for protocols and some literals like numbers and bytes/addresses can be ambiguous. Some protocols can be parsed as a literal, for example the protocol "fc" (Fibre Channel) can be parsed as 0xFC. If a numeric protocol is registered that will also take precedence over any literal, according to the current rules, thereby breaking numerical comparisons to that number. The same for an hypothetical protocol named "true", etc. To allow the user to disambiguate this meaning introduce new syntax. Any value prefixed with ':' or enclosed in <,> will be treated as a literal value only. The value :fc or <fc> will always mean 0xFC, under any context. Never a protocol whose filter name is "fc". Likewise any value prefixed with a dot will always be parsed as an identifier (protocol or protocol field) in the language. Never any literal value parsed from the token "fc". This allows the user to be explicit about the meaning, and between the two explicit methods plus the ambiguous one it doesn't completely break any one meaning. The difference can be seen in the following two programs: Filter: frame == fc Constants: Instructions: 00000 READ_TREE frame -> reg#0 00001 IF-FALSE-GOTO 5 00002 READ_TREE fc -> reg#1 00003 IF-FALSE-GOTO 5 00004 ANY_EQ reg#0 == reg#1 00005 RETURN -------- Filter: frame == :fc Constants: 00000 PUT_FVALUE fc <FT_PROTOCOL> -> reg#1 Instructions: 00000 READ_TREE frame -> reg#0 00001 IF-FALSE-GOTO 3 00002 ANY_EQ reg#0 == reg#1 00003 RETURN The filter "frame == fc" is the same as "filter == .fc", according to the current heuristic, except the first form will try to parse it as a literal if the name does not correspond to any registered protocol. By treating a leading dot as a name in the language we necessarily disallow writing floats with a leading dot. We will also disallow writing with an ending dot when using unparsed values. This is a backward incompatibility but has the happy side effect of making the expression {1...2} unambiguous. This could either mean "1 .. .2" or "1. .. 2". If we require a leading and ending digit then the meaning is clear: 1.0..0.2 -> 1.0 .. 0.2 Fixes #17731.
2022-02-22 21:55:05 +00:00
}
dfilter: Remove leading colon special meaning Instead of saying a leading colon will make any token a literal value, say it is part of the syntax of bytes arrays. This is useful to write bytes without a separator, and other potentially ambiguous formats. The restriction in meaning to bytes and simple numeric values should make the rules for handling a leading colon (specifically ommiting it or not) saner without much loss of functionality.
2022-04-06 19:55:17 +00:00
:?({colon-bytes}|{dot-bytes}|{hyphen-bytes}) {
dfilter: Fix parsing of some IPv6 compressed addresses Fix parsing of some IPv6 addresses and add tests. Also pass tokens as unparsed unless the user was specfic about the semantic type. For example the IPv4 address 1.1.1.1 is also a valid field, but 1.1.1.1/128 is not (because of the slash). However choose not to enforce the distinction in the lexical scanner and pass everything as unparsed unless the meaning is explicit in the syntax with leading dot, colon, or between angle branckets.
2022-04-06 08:29:45 +00:00
/* Bytes. */
dfilter: Add location tracking to scanner and use it to report errors Add location tracking as a column offset and length from offset to the scanner. Our input is a single line only so we don't need to track line offset. Record that information in the syntax tree. Return the error location in dfilter_compile(). Use it in dftest to mark the location of the error in the filter string. Later it would be nice to use the location in the GUI as well. $ dftest "ip.proto == aaaaaa and tcp.port == 123" Filter: ip.proto == aaaaaa and tcp.port == 123 dftest: "aaaaaa" cannot be found among the possible values for ip.proto. ip.proto == aaaaaa and tcp.port == 123 ^~~~~~
2022-04-07 12:57:39 +00:00
update_location(yyextra, yytext);
dfilter: Remove leading colon special meaning Instead of saying a leading colon will make any token a literal value, say it is part of the syntax of bytes arrays. This is useful to write bytes without a separator, and other potentially ambiguous formats. The restriction in meaning to bytes and simple numeric values should make the rules for handling a leading colon (specifically ommiting it or not) saner without much loss of functionality.
2022-04-06 19:55:17 +00:00
if (yytext[0] == ':')
dfilter: Cleanup scanner value setters
2022-07-03 21:33:29 +00:00
return set_lval_literal(yyextra, yytext); /* Keep leading colon. */
return set_lval_unparsed(yyextra, yytext);
dfilter: Allow arithmetic expressions without spaces To allow an arithmetic expressions without spaces, such as "1+2", we cannot match the expression in other lexical rules using "+". Because of longest match this becomes the token LITERAL or UNPARSED with semantic value "1+2". The same goes for all the other arithmetic operators. So we need to remove [+-*/%] from "word chars" and add very specific patterns (that won't mistakenly match an arithmetic expression) for those literal or unparsed tokens we want to support using these characters. The plus was not a problem but right slash is used for CIDR, minus for mac address separator, etc. There are still some corner case. 11-22-33-44-55-66 is a mac address and not the arithmetic expression with six terms "eleven minus twenty two minus etc." (if we ever support more than two terms in the grammar, which we don't currently). We lift some patterns from the flex manual to match on IPv4 and IPv6 (ugly) and add MAC address. Other hypothetical literal lexical values using [+-*/%] are already supported enclosed in angle brackets but the cases of MAC/IPv4/IPv6 are are very common and moreover we need to do the utmost to not break backward compatibily here. Before: $ dftest "_ws.ftypes.int32 == 1+2" dftest: "1+2" is not a valid number. After: $ dftest "_ws.ftypes.int32 == 1+2" Filter: _ws.ftypes.int32 == 1+2 Instructions: 00000 READ_TREE _ws.ftypes.int32 -> reg#0 00001 IF_FALSE_GOTO 4 00002 ADD 1 <FT_INT32> + 2 <FT_INT32> -> reg#1 00003 ANY_EQ reg#0 == reg#1 00004 RETURN
2022-04-04 18:58:35 +00:00
}
dfilter: Remove leading colon special meaning Instead of saying a leading colon will make any token a literal value, say it is part of the syntax of bytes arrays. This is useful to write bytes without a separator, and other potentially ambiguous formats. The restriction in meaning to bytes and simple numeric values should make the rules for handling a leading colon (specifically ommiting it or not) saner without much loss of functionality.
2022-04-06 19:55:17 +00:00
:[[:xdigit:]]+ {
/* Numeric. */
dfilter: Add location tracking to scanner and use it to report errors Add location tracking as a column offset and length from offset to the scanner. Our input is a single line only so we don't need to track line offset. Record that information in the syntax tree. Return the error location in dfilter_compile(). Use it in dftest to mark the location of the error in the filter string. Later it would be nice to use the location in the GUI as well. $ dftest "ip.proto == aaaaaa and tcp.port == 123" Filter: ip.proto == aaaaaa and tcp.port == 123 dftest: "aaaaaa" cannot be found among the possible values for ip.proto. ip.proto == aaaaaa and tcp.port == 123 ^~~~~~
2022-04-07 12:57:39 +00:00
update_location(yyextra, yytext);
dfilter: Amend a numeric pattern in the scanner We amend the :<numeric> pattern to not eat the leading colon. Because the colon can be part of the value (with IPv6 addresses for example) we want to avoid doing that. IPv6 addresses are covered by their own rules but this removes the requirement in the future to handle any special cases and avoids surprises. For this reason the colon-prefix syntax is already explicitly defined to work only for byte arrays and there is currently no universal syntax for all literal values or even all numbers. Other numbers can keep using the lexical type "unparsed". ``` run/dftest "_ws.ftypes.uint8 == :fd" Filter: _ws.ftypes.uint8 == :fd dftest: ":fd" is not a valid number. _ws.ftypes.uint8 == :fd ^~~ run/dftest "_ws.ftypes.uint8 == fd" Filter: _ws.ftypes.uint8 == fd dftest: "fd" is not a valid number. _ws.ftypes.uint8 == fd ^~ run/dftest "_ws.ftypes.uint8 == 0xfd" Filter: _ws.ftypes.uint8 == 0xfd Syntax tree: 0 TEST_ANY_EQ: 1 FIELD(_ws.ftypes.uint8 <FT_UINT8>) 1 FVALUE(253 <FT_UINT8>) Instructions: 00000 READ_TREE _ws.ftypes.uint8 <FT_UINT8> -> reg#0 00001 IF_FALSE_GOTO 3 00002 ANY_EQ reg#0 == 253 <FT_UINT8> 00003 RETURN run/dftest "_ws.ftypes.bytes == fd" Filter: _ws.ftypes.bytes == fd Syntax tree: 0 TEST_ANY_EQ: 1 FIELD(_ws.ftypes.bytes <FT_BYTES>) 1 FVALUE(fd <FT_BYTES>) Instructions: 00000 READ_TREE _ws.ftypes.bytes <FT_BYTES> -> reg#0 00001 IF_FALSE_GOTO 3 00002 ANY_EQ reg#0 == fd <FT_BYTES> 00003 RETURN run/dftest "_ws.ftypes.bytes == :fd" Filter: _ws.ftypes.bytes == :fd Syntax tree: 0 TEST_ANY_EQ: 1 FIELD(_ws.ftypes.bytes <FT_BYTES>) 1 FVALUE(fd <FT_BYTES>) Instructions: 00000 READ_TREE _ws.ftypes.bytes <FT_BYTES> -> reg#0 00001 IF_FALSE_GOTO 3 00002 ANY_EQ reg#0 == fd <FT_BYTES> 00003 RETURN ```
2022-10-07 11:18:51 +00:00
return set_lval_literal(yyextra, yytext); /* Keep leading colon. */
dfilter: Clean up lexical scanning
2022-04-06 13:58:10 +00:00
}
dfilter: Create the syntax node in the scanner and pass that Revert to passing a syntax node from the lexical scanner to the grammar parser. Using a union is not having a discernible advantage and requires duplicating a lot of properties of syntax nodes.
2022-04-07 23:12:56 +00:00
\.?{Identifier} {
dfilter: Clean up lexical scanning
2022-04-06 13:58:10 +00:00
/* Identifier or unparsed. */
dfilter: Add location tracking to scanner and use it to report errors Add location tracking as a column offset and length from offset to the scanner. Our input is a single line only so we don't need to track line offset. Record that information in the syntax tree. Return the error location in dfilter_compile(). Use it in dftest to mark the location of the error in the filter string. Later it would be nice to use the location in the GUI as well. $ dftest "ip.proto == aaaaaa and tcp.port == 123" Filter: ip.proto == aaaaaa and tcp.port == 123 dftest: "aaaaaa" cannot be found among the possible values for ip.proto. ip.proto == aaaaaa and tcp.port == 123 ^~~~~~
2022-04-07 12:57:39 +00:00
update_location(yyextra, yytext);
dfilter: Clean up lexical scanning
2022-04-06 13:58:10 +00:00
if (yytext[0] == '.') {
/* Skip leading dot. */
dfilter: Cleanup scanner value setters
2022-07-03 21:33:29 +00:00
return set_lval_field(yyextra, yytext + 1);
dfilter: Fix memory leak with leading colon When retrying fvalue_from_literal() we were leaking the error message string. Refactor the code to avoid the retry. This assumes the only valid use of a leading ':' with a literal is for an IPv6 address. Bytes with leading ':' are supported but the colon is skipped, so the parser doesn't see it. Fixes df0fc8b517b38f261e9d39515b57eed32bbd0347.
2022-04-06 16:29:56 +00:00
}
dfilter: Cleanup scanner value setters
2022-07-03 21:33:29 +00:00
return set_lval_unparsed(yyextra, yytext);
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
}
Support CIDR notation in IPv4 address filtering. svn path=/trunk/; revision=3601
2001-06-22 16:29:15 +00:00
. {
dfilter: Fix error message with non printable ASCII Before: Filter: http.user_agent == açaí dftest: "�" was unexpected in this context. After: Filter: http.user_agent == açaí dftest: Non-printable ASCII characters may only appear inside double-quotes. Related with #17770.
2022-02-19 17:49:29 +00:00
/* Default */
dfilter: Add location tracking to scanner and use it to report errors Add location tracking as a column offset and length from offset to the scanner. Our input is a single line only so we don't need to track line offset. Record that information in the syntax tree. Return the error location in dfilter_compile(). Use it in dftest to mark the location of the error in the filter string. Later it would be nice to use the location in the GUI as well. $ dftest "ip.proto == aaaaaa and tcp.port == 123" Filter: ip.proto == aaaaaa and tcp.port == 123 dftest: "aaaaaa" cannot be found among the possible values for ip.proto. ip.proto == aaaaaa and tcp.port == 123 ^~~~~~
2022-04-07 12:57:39 +00:00
update_location(yyextra, yytext);
dfilter: Fix error message with non printable ASCII Before: Filter: http.user_agent == açaí dftest: "�" was unexpected in this context. After: Filter: http.user_agent == açaí dftest: Non-printable ASCII characters may only appear inside double-quotes. Related with #17770.
2022-02-19 17:49:29 +00:00
if (isprint_string(yytext))
dfilter: Add location tracking to scanner and use it to report errors Add location tracking as a column offset and length from offset to the scanner. Our input is a single line only so we don't need to track line offset. Record that information in the syntax tree. Return the error location in dfilter_compile(). Use it in dftest to mark the location of the error in the filter string. Later it would be nice to use the location in the GUI as well. $ dftest "ip.proto == aaaaaa and tcp.port == 123" Filter: ip.proto == aaaaaa and tcp.port == 123 dftest: "aaaaaa" cannot be found among the possible values for ip.proto. ip.proto == aaaaaa and tcp.port == 123 ^~~~~~
2022-04-07 12:57:39 +00:00
FAIL("\"%s\" was unexpected in this context.", yytext);
dfilter: Fix error message with non printable ASCII Before: Filter: http.user_agent == açaí dftest: "�" was unexpected in this context. After: Filter: http.user_agent == açaí dftest: Non-printable ASCII characters may only appear inside double-quotes. Related with #17770.
2022-02-19 17:49:29 +00:00
else
dfilter: Add location tracking to scanner and use it to report errors Add location tracking as a column offset and length from offset to the scanner. Our input is a single line only so we don't need to track line offset. Record that information in the syntax tree. Return the error location in dfilter_compile(). Use it in dftest to mark the location of the error in the filter string. Later it would be nice to use the location in the GUI as well. $ dftest "ip.proto == aaaaaa and tcp.port == 123" Filter: ip.proto == aaaaaa and tcp.port == 123 dftest: "aaaaaa" cannot be found among the possible values for ip.proto. ip.proto == aaaaaa and tcp.port == 123 ^~~~~~
2022-04-07 12:57:39 +00:00
FAIL("Non-printable ASCII characters may only appear inside double-quotes.");
dfilter: Fixup some scanner comments and patterns Fixup comment to reflect that unparsed is the only token type for the pattern, there is no "match" or "no match". Tighten the CIDR patterns and make sure it cannot match a rogue "..". This is ambiguous with 80..90 and must be treated extra carefully to support floating point formats without leading or terminating digits before or after the point. Reject the default match as a syntax error. This pattern is just a pitfall to make testing and debugging harder. Matching a single arbitrary character is never a valid unparsed string, except by chance.
2021-10-27 18:19:36 +00:00
return SCAN_FAILED;
Support CIDR notation in IPv4 address filtering. svn path=/trunk/; revision=3601
2001-06-22 16:29:15 +00:00
}
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
%%
Add DIAG_OFF_FLEX and DIAG_ON_FLEX for use in Flex scanners. DIAG_OFF_FLEX turns off all warnings that we want to disable for Flex-generated code due to some versions of Flex generating code that triggers those warnings. DIAG_ON_FLEX restores those warnings, so we do the checks for code that *we* wrote. Use them in .l files. Change-Id: I613a20309a30cd4c61111a1edbe27a5d05fcbf59 Reviewed-on: https://code.wireshark.org/review/25815 Petri-Dish: Guy Harris <guy@alum.mit.edu> Tested-by: Petri Dish Buildbot Reviewed-by: Guy Harris <guy@alum.mit.edu>
2018-02-16 07:17:04 +00:00
/*
* Turn diagnostics back on, so we check the code that we've written.
*/
DIAG_ON_FLEX
Disable flex-generated [-Wsign-compare] warnings Change-Id: Iace0462e6bb50573f3e4603f7a19e4b7ee1f9733 Reviewed-on: https://code.wireshark.org/review/23541 Petri-Dish: João Valverde <j@v6e.pt> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: João Valverde <j@v6e.pt>
2017-08-18 19:11:47 +00:00
dfilter: Add location tracking to scanner and use it to report errors Add location tracking as a column offset and length from offset to the scanner. Our input is a single line only so we don't need to track line offset. Record that information in the syntax tree. Return the error location in dfilter_compile(). Use it in dftest to mark the location of the error in the filter string. Later it would be nice to use the location in the GUI as well. $ dftest "ip.proto == aaaaaa and tcp.port == 123" Filter: ip.proto == aaaaaa and tcp.port == 123 dftest: "aaaaaa" cannot be found among the possible values for ip.proto. ip.proto == aaaaaa and tcp.port == 123 ^~~~~~
2022-04-07 12:57:39 +00:00
static void
_update_location(df_scanner_state_t *state, size_t len)
{
Try to fix a narrowing warning "C:\Development\wsbuild64\Wireshark.sln" (default target) (1) -> "C:\Development\wsbuild64\epan\dfilter\dfilter.vcxproj.metaproj" (default target) (18) -> "C:\Development\wsbuild64\epan\dfilter\dfilter.vcxproj" (default target) (108) -> (ClCompile target) -> C:/Development/wireshark/epan/dfilter/scanner.l(463,54): warning C4267: '+=': conversion from 'size_t' to 'int ', possible loss of data [C:\Development\wsbuild64\epan\dfilter\dfilter.vcxproj] C:/Development/wireshark/epan/dfilter/scanner.l(463,54): warning C4267: state->location.col_start += sta te->location.col_len; [C:\Development\wsbuild64\epan\dfilter\dfilter.vcxproj] C:/Development/wireshark/epan/dfilter/scanner.l(463,54): warning C4267: ^ (compiling source file C:\Development\wsbuild64\epan\dfilter\scanner.c) [C:\Development\ws build64\epan\dfilter\dfilter.vcxproj]
2022-04-11 20:52:53 +00:00
state->location.col_start += (long)state->location.col_len;
dfilter: Add location tracking to scanner and use it to report errors Add location tracking as a column offset and length from offset to the scanner. Our input is a single line only so we don't need to track line offset. Record that information in the syntax tree. Return the error location in dfilter_compile(). Use it in dftest to mark the location of the error in the filter string. Later it would be nice to use the location in the GUI as well. $ dftest "ip.proto == aaaaaa and tcp.port == 123" Filter: ip.proto == aaaaaa and tcp.port == 123 dftest: "aaaaaa" cannot be found among the possible values for ip.proto. ip.proto == aaaaaa and tcp.port == 123 ^~~~~~
2022-04-07 12:57:39 +00:00
state->location.col_len = len;
}
static void
update_location(df_scanner_state_t *state, const char *text)
{
_update_location(state, strlen(text));
}
static void
update_string_loc(df_scanner_state_t *state, const char *text)
{
size_t len = strlen(text);
state->string_loc.col_len += len;
_update_location(state, len);
}
dfilter: Create the syntax node in the scanner and pass that Revert to passing a syntax node from the lexical scanner to the grammar parser. Using a union is not having a discernible advantage and requires duplicating a lot of properties of syntax nodes.
2022-04-07 23:12:56 +00:00
static int
dfilter: Add location tracking to scanner and use it to report errors Add location tracking as a column offset and length from offset to the scanner. Our input is a single line only so we don't need to track line offset. Record that information in the syntax tree. Return the error location in dfilter_compile(). Use it in dftest to mark the location of the error in the filter string. Later it would be nice to use the location in the GUI as well. $ dftest "ip.proto == aaaaaa and tcp.port == 123" Filter: ip.proto == aaaaaa and tcp.port == 123 dftest: "aaaaaa" cannot be found among the possible values for ip.proto. ip.proto == aaaaaa and tcp.port == 123 ^~~~~~
2022-04-07 12:57:39 +00:00
set_lval_simple(df_scanner_state_t *state, int token, const char *token_value, sttype_id_t type_id)
dfilter: Create the syntax node in the scanner and pass that Revert to passing a syntax node from the lexical scanner to the grammar parser. Using a union is not having a discernible advantage and requires duplicating a lot of properties of syntax nodes.
2022-04-07 23:12:56 +00:00
{
dfilter: Add location tracking to scanner and use it to report errors Add location tracking as a column offset and length from offset to the scanner. Our input is a single line only so we don't need to track line offset. Record that information in the syntax tree. Return the error location in dfilter_compile(). Use it in dftest to mark the location of the error in the filter string. Later it would be nice to use the location in the GUI as well. $ dftest "ip.proto == aaaaaa and tcp.port == 123" Filter: ip.proto == aaaaaa and tcp.port == 123 dftest: "aaaaaa" cannot be found among the possible values for ip.proto. ip.proto == aaaaaa and tcp.port == 123 ^~~~~~
2022-04-07 12:57:39 +00:00
stnode_init(df_lval, type_id, NULL, g_strdup(token_value), &state->location);
dfilter: Create the syntax node in the scanner and pass that Revert to passing a syntax node from the lexical scanner to the grammar parser. Using a union is not having a discernible advantage and requires duplicating a lot of properties of syntax nodes.
2022-04-07 23:12:56 +00:00
return token;
}
Add Ed Warnicke's drange code to the new dfilter system. Not supported yet: [i-j] (offset-offset) Supported: [i] index [i:j] offset:length [:j] 0:offset [i:] offset:end [x,y] concatenation of slices svn path=/trunk/; revision=3080
2001-02-27 19:23:30 +00:00
static int
dfilter: Cleanup scanner value setters
2022-07-03 21:33:29 +00:00
set_lval_literal(df_scanner_state_t *state, const char *token_value)
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
{
dfilter: Cleanup scanner value setters
2022-07-03 21:33:29 +00:00
stnode_init(df_lval, STTYPE_LITERAL, g_strdup(token_value), g_strdup(token_value), &state->location);
return TOKEN_LITERAL;
}
dfilter: Create the syntax node in the scanner and pass that Revert to passing a syntax node from the lexical scanner to the grammar parser. Using a union is not having a discernible advantage and requires duplicating a lot of properties of syntax nodes.
2022-04-07 23:12:56 +00:00
dfilter: Cleanup scanner value setters
2022-07-03 21:33:29 +00:00
static int
set_lval_unparsed(df_scanner_state_t *state, const char *token_value)
{
return set_lval_simple(state, TOKEN_UNPARSED, token_value, STTYPE_UNINITIALIZED);
dfilter: Create the syntax node in the scanner and pass that Revert to passing a syntax node from the lexical scanner to the grammar parser. Using a union is not having a discernible advantage and requires duplicating a lot of properties of syntax nodes.
2022-04-07 23:12:56 +00:00
}
static int
dfilter: Cleanup scanner value setters
2022-07-03 21:33:29 +00:00
set_lval_quoted_string(df_scanner_state_t *state, GString *quoted_string)
dfilter: Create the syntax node in the scanner and pass that Revert to passing a syntax node from the lexical scanner to the grammar parser. Using a union is not having a discernible advantage and requires duplicating a lot of properties of syntax nodes.
2022-04-07 23:12:56 +00:00
{
dfilter: Cleanup scanner value setters
2022-07-03 21:33:29 +00:00
char *token_value;
dfilter: Create the syntax node in the scanner and pass that Revert to passing a syntax node from the lexical scanner to the grammar parser. Using a union is not having a discernible advantage and requires duplicating a lot of properties of syntax nodes.
2022-04-07 23:12:56 +00:00
dfilter: Cleanup scanner value setters
2022-07-03 21:33:29 +00:00
token_value = ws_escape_string_len(NULL, quoted_string->str, quoted_string->len, true);
dfilter: Add support for literal strings with null bytes Before: Filter: frame matches "abc\x00def" dftest: \x00 (NUL byte) cannot be used with a regular string. frame matches "abc\x00def" ^~~~ Filter: _ws.ftypes.string == "a string with a \0 byte" dftest: \0 (NUL byte) cannot be used with a regular string. _ws.ftypes.string == "a string with a \0 byte" ^~ After: Filter: frame matches "abc\x00def" Syntax tree: 0 TEST_MATCHES: 1 FIELD(frame) 1 PCRE(abc\0def) Instructions: 00000 READ_TREE frame -> reg#0 00001 IF_FALSE_GOTO 3 00002 ANY_MATCHES reg#0 matches abc\0def 00003 RETURN Filter: _ws.ftypes.string == "a string with a \0 byte" Syntax tree: 0 TEST_ANY_EQ: 1 FIELD(_ws.ftypes.string) 1 FVALUE("a string with a \0 byte" <FT_STRING>) Instructions: 00000 READ_TREE _ws.ftypes.string -> reg#0 00001 IF_FALSE_GOTO 3 00002 ANY_EQ reg#0 == "a string with a \0 byte" <FT_STRING> 00003 RETURN Fixes issue #16156.
2022-06-18 09:43:24 +00:00
stnode_init(df_lval, STTYPE_STRING, quoted_string, token_value, &state->string_loc);
dfilter: Cleanup scanner value setters
2022-07-03 21:33:29 +00:00
return TOKEN_STRING;
dfilter: Create the syntax node in the scanner and pass that Revert to passing a syntax node from the lexical scanner to the grammar parser. Using a union is not having a discernible advantage and requires duplicating a lot of properties of syntax nodes.
2022-04-07 23:12:56 +00:00
}
static int
dfilter: Cleanup scanner value setters
2022-07-03 21:33:29 +00:00
set_lval_charconst(df_scanner_state_t *state, GString *quoted_string)
dfilter: Create the syntax node in the scanner and pass that Revert to passing a syntax node from the lexical scanner to the grammar parser. Using a union is not having a discernible advantage and requires duplicating a lot of properties of syntax nodes.
2022-04-07 23:12:56 +00:00
{
unsigned long number;
gboolean ok;
dfilter: Add location tracking to scanner and use it to report errors Add location tracking as a column offset and length from offset to the scanner. Our input is a single line only so we don't need to track line offset. Record that information in the syntax tree. Return the error location in dfilter_compile(). Use it in dftest to mark the location of the error in the filter string. Later it would be nice to use the location in the GUI as well. $ dftest "ip.proto == aaaaaa and tcp.port == 123" Filter: ip.proto == aaaaaa and tcp.port == 123 dftest: "aaaaaa" cannot be found among the possible values for ip.proto. ip.proto == aaaaaa and tcp.port == 123 ^~~~~~
2022-04-07 12:57:39 +00:00
char *token_value = g_string_free(quoted_string, FALSE);
ok = parse_charconst(state, token_value, &number);
dfilter: Create the syntax node in the scanner and pass that Revert to passing a syntax node from the lexical scanner to the grammar parser. Using a union is not having a discernible advantage and requires duplicating a lot of properties of syntax nodes.
2022-04-07 23:12:56 +00:00
if (!ok) {
dfilter: Add location tracking to scanner and use it to report errors Add location tracking as a column offset and length from offset to the scanner. Our input is a single line only so we don't need to track line offset. Record that information in the syntax tree. Return the error location in dfilter_compile(). Use it in dftest to mark the location of the error in the filter string. Later it would be nice to use the location in the GUI as well. $ dftest "ip.proto == aaaaaa and tcp.port == 123" Filter: ip.proto == aaaaaa and tcp.port == 123 dftest: "aaaaaa" cannot be found among the possible values for ip.proto. ip.proto == aaaaaa and tcp.port == 123 ^~~~~~
2022-04-07 12:57:39 +00:00
g_free(token_value);
dfilter: Create the syntax node in the scanner and pass that Revert to passing a syntax node from the lexical scanner to the grammar parser. Using a union is not having a discernible advantage and requires duplicating a lot of properties of syntax nodes.
2022-04-07 23:12:56 +00:00
return SCAN_FAILED;
}
dfilter: Add location tracking to scanner and use it to report errors Add location tracking as a column offset and length from offset to the scanner. Our input is a single line only so we don't need to track line offset. Record that information in the syntax tree. Return the error location in dfilter_compile(). Use it in dftest to mark the location of the error in the filter string. Later it would be nice to use the location in the GUI as well. $ dftest "ip.proto == aaaaaa and tcp.port == 123" Filter: ip.proto == aaaaaa and tcp.port == 123 dftest: "aaaaaa" cannot be found among the possible values for ip.proto. ip.proto == aaaaaa and tcp.port == 123 ^~~~~~
2022-04-07 12:57:39 +00:00
stnode_init(df_lval, STTYPE_CHARCONST, g_memdup2(&number, sizeof(number)), token_value, &state->string_loc);
dfilter: Cleanup scanner value setters
2022-07-03 21:33:29 +00:00
return TOKEN_CHARCONST;
dfilter: Create the syntax node in the scanner and pass that Revert to passing a syntax node from the lexical scanner to the grammar parser. Using a union is not having a discernible advantage and requires duplicating a lot of properties of syntax nodes.
2022-04-07 23:12:56 +00:00
}
static int
dfilter: Cleanup scanner value setters
2022-07-03 21:33:29 +00:00
set_lval_field(df_scanner_state_t *state, const char *token_value)
dfilter: Create the syntax node in the scanner and pass that Revert to passing a syntax node from the lexical scanner to the grammar parser. Using a union is not having a discernible advantage and requires duplicating a lot of properties of syntax nodes.
2022-04-07 23:12:56 +00:00
{
header_field_info *hfinfo;
dfilter: Add location tracking to scanner and use it to report errors Add location tracking as a column offset and length from offset to the scanner. Our input is a single line only so we don't need to track line offset. Record that information in the syntax tree. Return the error location in dfilter_compile(). Use it in dftest to mark the location of the error in the filter string. Later it would be nice to use the location in the GUI as well. $ dftest "ip.proto == aaaaaa and tcp.port == 123" Filter: ip.proto == aaaaaa and tcp.port == 123 dftest: "aaaaaa" cannot be found among the possible values for ip.proto. ip.proto == aaaaaa and tcp.port == 123 ^~~~~~
2022-04-07 12:57:39 +00:00
hfinfo = dfilter_resolve_unparsed(state->dfw, token_value);
dfilter: Create the syntax node in the scanner and pass that Revert to passing a syntax node from the lexical scanner to the grammar parser. Using a union is not having a discernible advantage and requires duplicating a lot of properties of syntax nodes.
2022-04-07 23:12:56 +00:00
if (hfinfo == NULL) {
dfilter: Add location tracking to scanner and use it to report errors Add location tracking as a column offset and length from offset to the scanner. Our input is a single line only so we don't need to track line offset. Record that information in the syntax tree. Return the error location in dfilter_compile(). Use it in dftest to mark the location of the error in the filter string. Later it would be nice to use the location in the GUI as well. $ dftest "ip.proto == aaaaaa and tcp.port == 123" Filter: ip.proto == aaaaaa and tcp.port == 123 dftest: "aaaaaa" cannot be found among the possible values for ip.proto. ip.proto == aaaaaa and tcp.port == 123 ^~~~~~
2022-04-07 12:57:39 +00:00
dfilter_fail(state->dfw, &state->location, "\"%s\" is not a valid protocol or protocol field.", token_value);
dfilter: Create the syntax node in the scanner and pass that Revert to passing a syntax node from the lexical scanner to the grammar parser. Using a union is not having a discernible advantage and requires duplicating a lot of properties of syntax nodes.
2022-04-07 23:12:56 +00:00
}
dfilter: Cleanup scanner value setters
2022-07-03 21:33:29 +00:00
stnode_init(df_lval, STTYPE_FIELD, hfinfo, g_strdup(token_value), &state->location);
return TOKEN_FIELD;
dfilter: Create the syntax node in the scanner and pass that Revert to passing a syntax node from the lexical scanner to the grammar parser. Using a union is not having a discernible advantage and requires duplicating a lot of properties of syntax nodes.
2022-04-07 23:12:56 +00:00
}
dfilter: Reject invalid character escape sequences For double quoted strings. This is consistent with single quote character constants and the C standard. It also avoids common mistakes where the superfluous backslash is silently suppressed.
2021-11-23 13:40:14 +00:00
static gboolean
dfilter: Add location tracking to scanner and use it to report errors Add location tracking as a column offset and length from offset to the scanner. Our input is a single line only so we don't need to track line offset. Record that information in the syntax tree. Return the error location in dfilter_compile(). Use it in dftest to mark the location of the error in the filter string. Later it would be nice to use the location in the GUI as well. $ dftest "ip.proto == aaaaaa and tcp.port == 123" Filter: ip.proto == aaaaaa and tcp.port == 123 dftest: "aaaaaa" cannot be found among the possible values for ip.proto. ip.proto == aaaaaa and tcp.port == 123 ^~~~~~
2022-04-07 12:57:39 +00:00
append_escaped_char(df_scanner_state_t *state, GString *str, char c)
dfilter: Support more C escape sequences in string literals Before: Filter: http.request.method == "\tHEAD" Constants: 00000 PUT_FVALUE "tHEAD" <FT_STRING> -> reg#1 (...) Filter: http.request.method == "\uHEAD" Constants: 00000 PUT_FVALUE "uHEAD" <FT_STRING> -> reg#1 (...) After: Filter: http.request.method == "\tHEAD" Constants: 00000 PUT_FVALUE "\x09HEAD" <FT_STRING> -> reg#1 (...) Filter: http.request.method == "\uHEAD" Constants: 00000 PUT_FVALUE "uHEAD" <FT_STRING> -> reg#1 (...)
2021-10-31 15:48:22 +00:00
{
switch (c) {
case 'a':
c = '\a';
break;
case 'b':
c = '\b';
break;
case 'f':
c = '\f';
break;
case 'n':
c = '\n';
break;
case 'r':
c = '\r';
break;
case 't':
c = '\t';
break;
case 'v':
c = '\v';
break;
dfilter: Reject invalid character escape sequences For double quoted strings. This is consistent with single quote character constants and the C standard. It also avoids common mistakes where the superfluous backslash is silently suppressed.
2021-11-23 13:40:14 +00:00
case '\\':
case '\'':
case '\"':
dfilter: Support more C escape sequences in string literals Before: Filter: http.request.method == "\tHEAD" Constants: 00000 PUT_FVALUE "tHEAD" <FT_STRING> -> reg#1 (...) Filter: http.request.method == "\uHEAD" Constants: 00000 PUT_FVALUE "uHEAD" <FT_STRING> -> reg#1 (...) After: Filter: http.request.method == "\tHEAD" Constants: 00000 PUT_FVALUE "\x09HEAD" <FT_STRING> -> reg#1 (...) Filter: http.request.method == "\uHEAD" Constants: 00000 PUT_FVALUE "uHEAD" <FT_STRING> -> reg#1 (...)
2021-10-31 15:48:22 +00:00
break;
dfilter: Reject invalid character escape sequences For double quoted strings. This is consistent with single quote character constants and the C standard. It also avoids common mistakes where the superfluous backslash is silently suppressed.
2021-11-23 13:40:14 +00:00
default:
dfilter: Add location tracking to scanner and use it to report errors Add location tracking as a column offset and length from offset to the scanner. Our input is a single line only so we don't need to track line offset. Record that information in the syntax tree. Return the error location in dfilter_compile(). Use it in dftest to mark the location of the error in the filter string. Later it would be nice to use the location in the GUI as well. $ dftest "ip.proto == aaaaaa and tcp.port == 123" Filter: ip.proto == aaaaaa and tcp.port == 123 dftest: "aaaaaa" cannot be found among the possible values for ip.proto. ip.proto == aaaaaa and tcp.port == 123 ^~~~~~
2022-04-07 12:57:39 +00:00
dfilter_fail(state->dfw, &state->location,
"\\%c is not a valid character escape sequence", c);
dfilter: Reject invalid character escape sequences For double quoted strings. This is consistent with single quote character constants and the C standard. It also avoids common mistakes where the superfluous backslash is silently suppressed.
2021-11-23 13:40:14 +00:00
return FALSE;
dfilter: Support more C escape sequences in string literals Before: Filter: http.request.method == "\tHEAD" Constants: 00000 PUT_FVALUE "tHEAD" <FT_STRING> -> reg#1 (...) Filter: http.request.method == "\uHEAD" Constants: 00000 PUT_FVALUE "uHEAD" <FT_STRING> -> reg#1 (...) After: Filter: http.request.method == "\tHEAD" Constants: 00000 PUT_FVALUE "\x09HEAD" <FT_STRING> -> reg#1 (...) Filter: http.request.method == "\uHEAD" Constants: 00000 PUT_FVALUE "uHEAD" <FT_STRING> -> reg#1 (...)
2021-10-31 15:48:22 +00:00
}
dfilter: Reject invalid character escape sequences For double quoted strings. This is consistent with single quote character constants and the C standard. It also avoids common mistakes where the superfluous backslash is silently suppressed.
2021-11-23 13:40:14 +00:00
g_string_append_c(str, c);
return TRUE;
dfilter: Support more C escape sequences in string literals Before: Filter: http.request.method == "\tHEAD" Constants: 00000 PUT_FVALUE "tHEAD" <FT_STRING> -> reg#1 (...) Filter: http.request.method == "\uHEAD" Constants: 00000 PUT_FVALUE "uHEAD" <FT_STRING> -> reg#1 (...) After: Filter: http.request.method == "\tHEAD" Constants: 00000 PUT_FVALUE "\x09HEAD" <FT_STRING> -> reg#1 (...) Filter: http.request.method == "\uHEAD" Constants: 00000 PUT_FVALUE "uHEAD" <FT_STRING> -> reg#1 (...)
2021-10-31 15:48:22 +00:00
}
dfilter: Parse character constants in lexer Invalid character constants should be handled in the lexical scanner. Todo: See if some code could be shared to parse double quoted strings. It also fixes some unintuitive type coercions to string. Character constants should be treated as characters, or maybe integers, or maybe even throw an invalid comparison error, but coverting to a literal string or byte array is surprising and not particularly useful: '\xFF' -> "'\xFF'" (equals) '\xFF' -> "FF" (contains) Before: Filter: http.request.method contains "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "63" <FT_STRING> -> reg#1 (...) Filter: http.request.method == "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "'\\x63'" <FT_STRING> -> reg#1 (...) After: Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...)
2021-11-23 21:20:34 +00:00
dfilter: Add support for unicode escape sequences Add support for entering unicode codepoints as \uNNNN or \uNNNNNNNN for strings and charconsts (following the C standard).
2022-06-20 21:05:48 +00:00
static gboolean
parse_universal_character_name(df_scanner_state_t *state _U_, const char *str, char **ret_endptr, gunichar *valuep)
{
guint64 val;
char *endptr;
int ndigits;
if (str[0] != '\\')
return FALSE;
if (str[1] == 'u')
ndigits = 4;
else if (str[1] == 'U')
ndigits = 8;
else
return FALSE;
for (int i = 2; i < ndigits + 2; i++) {
if (!g_ascii_isxdigit(str[i])) {
return FALSE;
}
}
errno = 0;
val = g_ascii_strtoull(str + 2, &endptr, 16); /* skip leading 'u' or 'U' */
if (errno != 0 || endptr == str || val > G_MAXUINT32) {
return FALSE;
}
/*
* Ref: https://en.cppreference.com/w/c/language/escape
* Range of universal character names
*
* If a universal character name corresponds to a code point that is
* not 0x24 ($), 0x40 (@), nor 0x60 (`) and less than 0xA0, or a
* surrogate code point (the range 0xD800-0xDFFF, inclusive), or
* greater than 0x10FFFF, i.e. not a Unicode code point (since C23),
* the program is ill-formed. In other words, members of basic source
* character set and control characters (in ranges 0x0-0x1F and
* 0x7F-0x9F) cannot be expressed in universal character names.
*/
if (val < 0xA0 && val != 0x24 && val != 0x40 && val != 0x60)
return FALSE;
else if (val >= 0xD800 && val <= 0xDFFF)
return FALSE;
else if (val > 0x10FFFF)
return FALSE;
*valuep = (gunichar)val;
if (ret_endptr)
*ret_endptr = endptr;
return TRUE;
}
static gboolean
append_universal_character_name(df_scanner_state_t *state, GString *str, const char *ucn)
{
gunichar val;
if (!parse_universal_character_name(state, ucn, NULL, &val)) {
dfilter_fail(state->dfw, &state->location, "%s is not a valid universal character name", ucn);
return FALSE;
}
g_string_append_unichar(str, val);
return TRUE;
}
dfilter: Parse character constants in lexer Invalid character constants should be handled in the lexical scanner. Todo: See if some code could be shared to parse double quoted strings. It also fixes some unintuitive type coercions to string. Character constants should be treated as characters, or maybe integers, or maybe even throw an invalid comparison error, but coverting to a literal string or byte array is surprising and not particularly useful: '\xFF' -> "'\xFF'" (equals) '\xFF' -> "FF" (contains) Before: Filter: http.request.method contains "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "63" <FT_STRING> -> reg#1 (...) Filter: http.request.method == "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "'\\x63'" <FT_STRING> -> reg#1 (...) After: Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...)
2021-11-23 21:20:34 +00:00
static gboolean
dfilter: Add location tracking to scanner and use it to report errors Add location tracking as a column offset and length from offset to the scanner. Our input is a single line only so we don't need to track line offset. Record that information in the syntax tree. Return the error location in dfilter_compile(). Use it in dftest to mark the location of the error in the filter string. Later it would be nice to use the location in the GUI as well. $ dftest "ip.proto == aaaaaa and tcp.port == 123" Filter: ip.proto == aaaaaa and tcp.port == 123 dftest: "aaaaaa" cannot be found among the possible values for ip.proto. ip.proto == aaaaaa and tcp.port == 123 ^~~~~~
2022-04-07 12:57:39 +00:00
parse_charconst(df_scanner_state_t *state, const char *s, unsigned long *valuep)
dfilter: Parse character constants in lexer Invalid character constants should be handled in the lexical scanner. Todo: See if some code could be shared to parse double quoted strings. It also fixes some unintuitive type coercions to string. Character constants should be treated as characters, or maybe integers, or maybe even throw an invalid comparison error, but coverting to a literal string or byte array is surprising and not particularly useful: '\xFF' -> "'\xFF'" (equals) '\xFF' -> "FF" (contains) Before: Filter: http.request.method contains "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "63" <FT_STRING> -> reg#1 (...) Filter: http.request.method == "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "'\\x63'" <FT_STRING> -> reg#1 (...) After: Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...)
2021-11-23 21:20:34 +00:00
{
const char *cp;
unsigned long value;
dfilter: Add support for unicode escape sequences Add support for entering unicode codepoints as \uNNNN or \uNNNNNNNN for strings and charconsts (following the C standard).
2022-06-20 21:05:48 +00:00
gunichar unival;
char *endptr;
dfilter: Parse character constants in lexer Invalid character constants should be handled in the lexical scanner. Todo: See if some code could be shared to parse double quoted strings. It also fixes some unintuitive type coercions to string. Character constants should be treated as characters, or maybe integers, or maybe even throw an invalid comparison error, but coverting to a literal string or byte array is surprising and not particularly useful: '\xFF' -> "'\xFF'" (equals) '\xFF' -> "FF" (contains) Before: Filter: http.request.method contains "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "63" <FT_STRING> -> reg#1 (...) Filter: http.request.method == "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "'\\x63'" <FT_STRING> -> reg#1 (...) After: Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...)
2021-11-23 21:20:34 +00:00
cp = s + 1; /* skip the leading ' */
dfilter: Clean up charconst error message
2021-11-24 09:29:24 +00:00
if (*cp == '\'') {
dfilter: Add location tracking to scanner and use it to report errors Add location tracking as a column offset and length from offset to the scanner. Our input is a single line only so we don't need to track line offset. Record that information in the syntax tree. Return the error location in dfilter_compile(). Use it in dftest to mark the location of the error in the filter string. Later it would be nice to use the location in the GUI as well. $ dftest "ip.proto == aaaaaa and tcp.port == 123" Filter: ip.proto == aaaaaa and tcp.port == 123 dftest: "aaaaaa" cannot be found among the possible values for ip.proto. ip.proto == aaaaaa and tcp.port == 123 ^~~~~~
2022-04-07 12:57:39 +00:00
dfilter_fail(state->dfw, &state->string_loc, "Empty character constant.");
dfilter: Clean up charconst error message
2021-11-24 09:29:24 +00:00
return FALSE;
}
dfilter: Parse character constants in lexer Invalid character constants should be handled in the lexical scanner. Todo: See if some code could be shared to parse double quoted strings. It also fixes some unintuitive type coercions to string. Character constants should be treated as characters, or maybe integers, or maybe even throw an invalid comparison error, but coverting to a literal string or byte array is surprising and not particularly useful: '\xFF' -> "'\xFF'" (equals) '\xFF' -> "FF" (contains) Before: Filter: http.request.method contains "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "63" <FT_STRING> -> reg#1 (...) Filter: http.request.method == "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "'\\x63'" <FT_STRING> -> reg#1 (...) After: Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...)
2021-11-23 21:20:34 +00:00
if (*cp == '\\') {
/*
* C escape sequence.
* An escape sequence is an octal number \NNN,
* an hex number \xNN, or one of \' \" \\ \a \b \f \n \r \t \v
* that stands for the byte value of the equivalent
* C-escape in ASCII encoding.
*/
cp++;
switch (*cp) {
case '\0':
dfilter: Add location tracking to scanner and use it to report errors Add location tracking as a column offset and length from offset to the scanner. Our input is a single line only so we don't need to track line offset. Record that information in the syntax tree. Return the error location in dfilter_compile(). Use it in dftest to mark the location of the error in the filter string. Later it would be nice to use the location in the GUI as well. $ dftest "ip.proto == aaaaaa and tcp.port == 123" Filter: ip.proto == aaaaaa and tcp.port == 123 dftest: "aaaaaa" cannot be found among the possible values for ip.proto. ip.proto == aaaaaa and tcp.port == 123 ^~~~~~
2022-04-07 12:57:39 +00:00
dfilter_fail(state->dfw, &state->string_loc, "%s isn't a valid character constant.", s);
dfilter: Parse character constants in lexer Invalid character constants should be handled in the lexical scanner. Todo: See if some code could be shared to parse double quoted strings. It also fixes some unintuitive type coercions to string. Character constants should be treated as characters, or maybe integers, or maybe even throw an invalid comparison error, but coverting to a literal string or byte array is surprising and not particularly useful: '\xFF' -> "'\xFF'" (equals) '\xFF' -> "FF" (contains) Before: Filter: http.request.method contains "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "63" <FT_STRING> -> reg#1 (...) Filter: http.request.method == "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "'\\x63'" <FT_STRING> -> reg#1 (...) After: Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...)
2021-11-23 21:20:34 +00:00
return FALSE;
case 'a':
value = '\a';
dfilter: Add support for unicode escape sequences Add support for entering unicode codepoints as \uNNNN or \uNNNNNNNN for strings and charconsts (following the C standard).
2022-06-20 21:05:48 +00:00
cp++;
dfilter: Parse character constants in lexer Invalid character constants should be handled in the lexical scanner. Todo: See if some code could be shared to parse double quoted strings. It also fixes some unintuitive type coercions to string. Character constants should be treated as characters, or maybe integers, or maybe even throw an invalid comparison error, but coverting to a literal string or byte array is surprising and not particularly useful: '\xFF' -> "'\xFF'" (equals) '\xFF' -> "FF" (contains) Before: Filter: http.request.method contains "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "63" <FT_STRING> -> reg#1 (...) Filter: http.request.method == "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "'\\x63'" <FT_STRING> -> reg#1 (...) After: Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...)
2021-11-23 21:20:34 +00:00
break;
case 'b':
value = '\b';
dfilter: Add support for unicode escape sequences Add support for entering unicode codepoints as \uNNNN or \uNNNNNNNN for strings and charconsts (following the C standard).
2022-06-20 21:05:48 +00:00
cp++;
dfilter: Parse character constants in lexer Invalid character constants should be handled in the lexical scanner. Todo: See if some code could be shared to parse double quoted strings. It also fixes some unintuitive type coercions to string. Character constants should be treated as characters, or maybe integers, or maybe even throw an invalid comparison error, but coverting to a literal string or byte array is surprising and not particularly useful: '\xFF' -> "'\xFF'" (equals) '\xFF' -> "FF" (contains) Before: Filter: http.request.method contains "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "63" <FT_STRING> -> reg#1 (...) Filter: http.request.method == "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "'\\x63'" <FT_STRING> -> reg#1 (...) After: Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...)
2021-11-23 21:20:34 +00:00
break;
case 'f':
value = '\f';
dfilter: Add support for unicode escape sequences Add support for entering unicode codepoints as \uNNNN or \uNNNNNNNN for strings and charconsts (following the C standard).
2022-06-20 21:05:48 +00:00
cp++;
dfilter: Parse character constants in lexer Invalid character constants should be handled in the lexical scanner. Todo: See if some code could be shared to parse double quoted strings. It also fixes some unintuitive type coercions to string. Character constants should be treated as characters, or maybe integers, or maybe even throw an invalid comparison error, but coverting to a literal string or byte array is surprising and not particularly useful: '\xFF' -> "'\xFF'" (equals) '\xFF' -> "FF" (contains) Before: Filter: http.request.method contains "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "63" <FT_STRING> -> reg#1 (...) Filter: http.request.method == "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "'\\x63'" <FT_STRING> -> reg#1 (...) After: Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...)
2021-11-23 21:20:34 +00:00
break;
case 'n':
value = '\n';
break;
case 'r':
value = '\r';
dfilter: Add support for unicode escape sequences Add support for entering unicode codepoints as \uNNNN or \uNNNNNNNN for strings and charconsts (following the C standard).
2022-06-20 21:05:48 +00:00
cp++;
dfilter: Parse character constants in lexer Invalid character constants should be handled in the lexical scanner. Todo: See if some code could be shared to parse double quoted strings. It also fixes some unintuitive type coercions to string. Character constants should be treated as characters, or maybe integers, or maybe even throw an invalid comparison error, but coverting to a literal string or byte array is surprising and not particularly useful: '\xFF' -> "'\xFF'" (equals) '\xFF' -> "FF" (contains) Before: Filter: http.request.method contains "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "63" <FT_STRING> -> reg#1 (...) Filter: http.request.method == "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "'\\x63'" <FT_STRING> -> reg#1 (...) After: Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...)
2021-11-23 21:20:34 +00:00
break;
case 't':
value = '\t';
dfilter: Add support for unicode escape sequences Add support for entering unicode codepoints as \uNNNN or \uNNNNNNNN for strings and charconsts (following the C standard).
2022-06-20 21:05:48 +00:00
cp++;
dfilter: Parse character constants in lexer Invalid character constants should be handled in the lexical scanner. Todo: See if some code could be shared to parse double quoted strings. It also fixes some unintuitive type coercions to string. Character constants should be treated as characters, or maybe integers, or maybe even throw an invalid comparison error, but coverting to a literal string or byte array is surprising and not particularly useful: '\xFF' -> "'\xFF'" (equals) '\xFF' -> "FF" (contains) Before: Filter: http.request.method contains "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "63" <FT_STRING> -> reg#1 (...) Filter: http.request.method == "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "'\\x63'" <FT_STRING> -> reg#1 (...) After: Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...)
2021-11-23 21:20:34 +00:00
break;
case 'v':
value = '\v';
dfilter: Add support for unicode escape sequences Add support for entering unicode codepoints as \uNNNN or \uNNNNNNNN for strings and charconsts (following the C standard).
2022-06-20 21:05:48 +00:00
cp++;
dfilter: Parse character constants in lexer Invalid character constants should be handled in the lexical scanner. Todo: See if some code could be shared to parse double quoted strings. It also fixes some unintuitive type coercions to string. Character constants should be treated as characters, or maybe integers, or maybe even throw an invalid comparison error, but coverting to a literal string or byte array is surprising and not particularly useful: '\xFF' -> "'\xFF'" (equals) '\xFF' -> "FF" (contains) Before: Filter: http.request.method contains "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "63" <FT_STRING> -> reg#1 (...) Filter: http.request.method == "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "'\\x63'" <FT_STRING> -> reg#1 (...) After: Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...)
2021-11-23 21:20:34 +00:00
break;
case '\'':
value = '\'';
dfilter: Add support for unicode escape sequences Add support for entering unicode codepoints as \uNNNN or \uNNNNNNNN for strings and charconsts (following the C standard).
2022-06-20 21:05:48 +00:00
cp++;
dfilter: Parse character constants in lexer Invalid character constants should be handled in the lexical scanner. Todo: See if some code could be shared to parse double quoted strings. It also fixes some unintuitive type coercions to string. Character constants should be treated as characters, or maybe integers, or maybe even throw an invalid comparison error, but coverting to a literal string or byte array is surprising and not particularly useful: '\xFF' -> "'\xFF'" (equals) '\xFF' -> "FF" (contains) Before: Filter: http.request.method contains "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "63" <FT_STRING> -> reg#1 (...) Filter: http.request.method == "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "'\\x63'" <FT_STRING> -> reg#1 (...) After: Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...)
2021-11-23 21:20:34 +00:00
break;
case '\\':
value = '\\';
dfilter: Add support for unicode escape sequences Add support for entering unicode codepoints as \uNNNN or \uNNNNNNNN for strings and charconsts (following the C standard).
2022-06-20 21:05:48 +00:00
cp++;
dfilter: Parse character constants in lexer Invalid character constants should be handled in the lexical scanner. Todo: See if some code could be shared to parse double quoted strings. It also fixes some unintuitive type coercions to string. Character constants should be treated as characters, or maybe integers, or maybe even throw an invalid comparison error, but coverting to a literal string or byte array is surprising and not particularly useful: '\xFF' -> "'\xFF'" (equals) '\xFF' -> "FF" (contains) Before: Filter: http.request.method contains "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "63" <FT_STRING> -> reg#1 (...) Filter: http.request.method == "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "'\\x63'" <FT_STRING> -> reg#1 (...) After: Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...)
2021-11-23 21:20:34 +00:00
break;
case '"':
value = '"';
dfilter: Add support for unicode escape sequences Add support for entering unicode codepoints as \uNNNN or \uNNNNNNNN for strings and charconsts (following the C standard).
2022-06-20 21:05:48 +00:00
cp++;
dfilter: Parse character constants in lexer Invalid character constants should be handled in the lexical scanner. Todo: See if some code could be shared to parse double quoted strings. It also fixes some unintuitive type coercions to string. Character constants should be treated as characters, or maybe integers, or maybe even throw an invalid comparison error, but coverting to a literal string or byte array is surprising and not particularly useful: '\xFF' -> "'\xFF'" (equals) '\xFF' -> "FF" (contains) Before: Filter: http.request.method contains "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "63" <FT_STRING> -> reg#1 (...) Filter: http.request.method == "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "'\\x63'" <FT_STRING> -> reg#1 (...) After: Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...)
2021-11-23 21:20:34 +00:00
break;
case 'x':
cp++;
if (*cp >= '0' && *cp <= '9')
value = *cp - '0';
else if (*cp >= 'A' && *cp <= 'F')
value = 10 + (*cp - 'A');
else if (*cp >= 'a' && *cp <= 'f')
value = 10 + (*cp - 'a');
else {
dfilter: Add location tracking to scanner and use it to report errors Add location tracking as a column offset and length from offset to the scanner. Our input is a single line only so we don't need to track line offset. Record that information in the syntax tree. Return the error location in dfilter_compile(). Use it in dftest to mark the location of the error in the filter string. Later it would be nice to use the location in the GUI as well. $ dftest "ip.proto == aaaaaa and tcp.port == 123" Filter: ip.proto == aaaaaa and tcp.port == 123 dftest: "aaaaaa" cannot be found among the possible values for ip.proto. ip.proto == aaaaaa and tcp.port == 123 ^~~~~~
2022-04-07 12:57:39 +00:00
dfilter_fail(state->dfw, &state->string_loc, "%s isn't a valid character constant.", s);
dfilter: Parse character constants in lexer Invalid character constants should be handled in the lexical scanner. Todo: See if some code could be shared to parse double quoted strings. It also fixes some unintuitive type coercions to string. Character constants should be treated as characters, or maybe integers, or maybe even throw an invalid comparison error, but coverting to a literal string or byte array is surprising and not particularly useful: '\xFF' -> "'\xFF'" (equals) '\xFF' -> "FF" (contains) Before: Filter: http.request.method contains "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "63" <FT_STRING> -> reg#1 (...) Filter: http.request.method == "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "'\\x63'" <FT_STRING> -> reg#1 (...) After: Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...)
2021-11-23 21:20:34 +00:00
return FALSE;
}
cp++;
if (*cp != '\'') {
value <<= 4;
if (*cp >= '0' && *cp <= '9')
value |= *cp - '0';
else if (*cp >= 'A' && *cp <= 'F')
value |= 10 + (*cp - 'A');
else if (*cp >= 'a' && *cp <= 'f')
value |= 10 + (*cp - 'a');
else {
dfilter: Add location tracking to scanner and use it to report errors Add location tracking as a column offset and length from offset to the scanner. Our input is a single line only so we don't need to track line offset. Record that information in the syntax tree. Return the error location in dfilter_compile(). Use it in dftest to mark the location of the error in the filter string. Later it would be nice to use the location in the GUI as well. $ dftest "ip.proto == aaaaaa and tcp.port == 123" Filter: ip.proto == aaaaaa and tcp.port == 123 dftest: "aaaaaa" cannot be found among the possible values for ip.proto. ip.proto == aaaaaa and tcp.port == 123 ^~~~~~
2022-04-07 12:57:39 +00:00
dfilter_fail(state->dfw, &state->string_loc, "%s isn't a valid character constant.", s);
dfilter: Parse character constants in lexer Invalid character constants should be handled in the lexical scanner. Todo: See if some code could be shared to parse double quoted strings. It also fixes some unintuitive type coercions to string. Character constants should be treated as characters, or maybe integers, or maybe even throw an invalid comparison error, but coverting to a literal string or byte array is surprising and not particularly useful: '\xFF' -> "'\xFF'" (equals) '\xFF' -> "FF" (contains) Before: Filter: http.request.method contains "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "63" <FT_STRING> -> reg#1 (...) Filter: http.request.method == "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "'\\x63'" <FT_STRING> -> reg#1 (...) After: Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...)
2021-11-23 21:20:34 +00:00
return FALSE;
}
}
dfilter: Add support for unicode escape sequences Add support for entering unicode codepoints as \uNNNN or \uNNNNNNNN for strings and charconsts (following the C standard).
2022-06-20 21:05:48 +00:00
cp++;
break;
case 'u':
case 'U':
if (!parse_universal_character_name(state, s+1, &endptr, &unival)) {
dfilter_fail(state->dfw, &state->string_loc, "%s is not a valid universal character name", s);
return FALSE;
}
value = (unsigned long)unival;
cp = endptr;
dfilter: Parse character constants in lexer Invalid character constants should be handled in the lexical scanner. Todo: See if some code could be shared to parse double quoted strings. It also fixes some unintuitive type coercions to string. Character constants should be treated as characters, or maybe integers, or maybe even throw an invalid comparison error, but coverting to a literal string or byte array is surprising and not particularly useful: '\xFF' -> "'\xFF'" (equals) '\xFF' -> "FF" (contains) Before: Filter: http.request.method contains "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "63" <FT_STRING> -> reg#1 (...) Filter: http.request.method == "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "'\\x63'" <FT_STRING> -> reg#1 (...) After: Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...)
2021-11-23 21:20:34 +00:00
break;
default:
/* Octal */
if (*cp >= '0' && *cp <= '7')
value = *cp - '0';
else {
dfilter: Add location tracking to scanner and use it to report errors Add location tracking as a column offset and length from offset to the scanner. Our input is a single line only so we don't need to track line offset. Record that information in the syntax tree. Return the error location in dfilter_compile(). Use it in dftest to mark the location of the error in the filter string. Later it would be nice to use the location in the GUI as well. $ dftest "ip.proto == aaaaaa and tcp.port == 123" Filter: ip.proto == aaaaaa and tcp.port == 123 dftest: "aaaaaa" cannot be found among the possible values for ip.proto. ip.proto == aaaaaa and tcp.port == 123 ^~~~~~
2022-04-07 12:57:39 +00:00
dfilter_fail(state->dfw, &state->string_loc, "%s isn't a valid character constant.", s);
dfilter: Parse character constants in lexer Invalid character constants should be handled in the lexical scanner. Todo: See if some code could be shared to parse double quoted strings. It also fixes some unintuitive type coercions to string. Character constants should be treated as characters, or maybe integers, or maybe even throw an invalid comparison error, but coverting to a literal string or byte array is surprising and not particularly useful: '\xFF' -> "'\xFF'" (equals) '\xFF' -> "FF" (contains) Before: Filter: http.request.method contains "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "63" <FT_STRING> -> reg#1 (...) Filter: http.request.method == "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "'\\x63'" <FT_STRING> -> reg#1 (...) After: Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...)
2021-11-23 21:20:34 +00:00
return FALSE;
}
if (*(cp + 1) != '\'') {
cp++;
value <<= 3;
if (*cp >= '0' && *cp <= '7')
value |= *cp - '0';
else {
dfilter: Add location tracking to scanner and use it to report errors Add location tracking as a column offset and length from offset to the scanner. Our input is a single line only so we don't need to track line offset. Record that information in the syntax tree. Return the error location in dfilter_compile(). Use it in dftest to mark the location of the error in the filter string. Later it would be nice to use the location in the GUI as well. $ dftest "ip.proto == aaaaaa and tcp.port == 123" Filter: ip.proto == aaaaaa and tcp.port == 123 dftest: "aaaaaa" cannot be found among the possible values for ip.proto. ip.proto == aaaaaa and tcp.port == 123 ^~~~~~
2022-04-07 12:57:39 +00:00
dfilter_fail(state->dfw, &state->string_loc, "%s isn't a valid character constant.", s);
dfilter: Parse character constants in lexer Invalid character constants should be handled in the lexical scanner. Todo: See if some code could be shared to parse double quoted strings. It also fixes some unintuitive type coercions to string. Character constants should be treated as characters, or maybe integers, or maybe even throw an invalid comparison error, but coverting to a literal string or byte array is surprising and not particularly useful: '\xFF' -> "'\xFF'" (equals) '\xFF' -> "FF" (contains) Before: Filter: http.request.method contains "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "63" <FT_STRING> -> reg#1 (...) Filter: http.request.method == "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "'\\x63'" <FT_STRING> -> reg#1 (...) After: Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...)
2021-11-23 21:20:34 +00:00
return FALSE;
}
if (*(cp + 1) != '\'') {
cp++;
value <<= 3;
if (*cp >= '0' && *cp <= '7')
value |= *cp - '0';
else {
dfilter: Add location tracking to scanner and use it to report errors Add location tracking as a column offset and length from offset to the scanner. Our input is a single line only so we don't need to track line offset. Record that information in the syntax tree. Return the error location in dfilter_compile(). Use it in dftest to mark the location of the error in the filter string. Later it would be nice to use the location in the GUI as well. $ dftest "ip.proto == aaaaaa and tcp.port == 123" Filter: ip.proto == aaaaaa and tcp.port == 123 dftest: "aaaaaa" cannot be found among the possible values for ip.proto. ip.proto == aaaaaa and tcp.port == 123 ^~~~~~
2022-04-07 12:57:39 +00:00
dfilter_fail(state->dfw, &state->string_loc, "%s isn't a valid character constant.", s);
dfilter: Parse character constants in lexer Invalid character constants should be handled in the lexical scanner. Todo: See if some code could be shared to parse double quoted strings. It also fixes some unintuitive type coercions to string. Character constants should be treated as characters, or maybe integers, or maybe even throw an invalid comparison error, but coverting to a literal string or byte array is surprising and not particularly useful: '\xFF' -> "'\xFF'" (equals) '\xFF' -> "FF" (contains) Before: Filter: http.request.method contains "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "63" <FT_STRING> -> reg#1 (...) Filter: http.request.method == "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "'\\x63'" <FT_STRING> -> reg#1 (...) After: Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...)
2021-11-23 21:20:34 +00:00
return FALSE;
}
}
}
if (value > 0xFF) {
dfilter: Add location tracking to scanner and use it to report errors Add location tracking as a column offset and length from offset to the scanner. Our input is a single line only so we don't need to track line offset. Record that information in the syntax tree. Return the error location in dfilter_compile(). Use it in dftest to mark the location of the error in the filter string. Later it would be nice to use the location in the GUI as well. $ dftest "ip.proto == aaaaaa and tcp.port == 123" Filter: ip.proto == aaaaaa and tcp.port == 123 dftest: "aaaaaa" cannot be found among the possible values for ip.proto. ip.proto == aaaaaa and tcp.port == 123 ^~~~~~
2022-04-07 12:57:39 +00:00
dfilter_fail(state->dfw, &state->string_loc, "%s is too large to be a valid character constant.", s);
dfilter: Parse character constants in lexer Invalid character constants should be handled in the lexical scanner. Todo: See if some code could be shared to parse double quoted strings. It also fixes some unintuitive type coercions to string. Character constants should be treated as characters, or maybe integers, or maybe even throw an invalid comparison error, but coverting to a literal string or byte array is surprising and not particularly useful: '\xFF' -> "'\xFF'" (equals) '\xFF' -> "FF" (contains) Before: Filter: http.request.method contains "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "63" <FT_STRING> -> reg#1 (...) Filter: http.request.method == "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "'\\x63'" <FT_STRING> -> reg#1 (...) After: Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...)
2021-11-23 21:20:34 +00:00
return FALSE;
}
dfilter: Add support for unicode escape sequences Add support for entering unicode codepoints as \uNNNN or \uNNNNNNNN for strings and charconsts (following the C standard).
2022-06-20 21:05:48 +00:00
cp++;
dfilter: Parse character constants in lexer Invalid character constants should be handled in the lexical scanner. Todo: See if some code could be shared to parse double quoted strings. It also fixes some unintuitive type coercions to string. Character constants should be treated as characters, or maybe integers, or maybe even throw an invalid comparison error, but coverting to a literal string or byte array is surprising and not particularly useful: '\xFF' -> "'\xFF'" (equals) '\xFF' -> "FF" (contains) Before: Filter: http.request.method contains "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "63" <FT_STRING> -> reg#1 (...) Filter: http.request.method == "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "'\\x63'" <FT_STRING> -> reg#1 (...) After: Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...)
2021-11-23 21:20:34 +00:00
}
} else {
dfilter: Add support for unicode escape sequences Add support for entering unicode codepoints as \uNNNN or \uNNNNNNNN for strings and charconsts (following the C standard).
2022-06-20 21:05:48 +00:00
value = *cp++;
dfilter: Parse character constants in lexer Invalid character constants should be handled in the lexical scanner. Todo: See if some code could be shared to parse double quoted strings. It also fixes some unintuitive type coercions to string. Character constants should be treated as characters, or maybe integers, or maybe even throw an invalid comparison error, but coverting to a literal string or byte array is surprising and not particularly useful: '\xFF' -> "'\xFF'" (equals) '\xFF' -> "FF" (contains) Before: Filter: http.request.method contains "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "63" <FT_STRING> -> reg#1 (...) Filter: http.request.method == "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "'\\x63'" <FT_STRING> -> reg#1 (...) After: Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...)
2021-11-23 21:20:34 +00:00
if (!g_ascii_isprint(value)) {
dfilter: Add location tracking to scanner and use it to report errors Add location tracking as a column offset and length from offset to the scanner. Our input is a single line only so we don't need to track line offset. Record that information in the syntax tree. Return the error location in dfilter_compile(). Use it in dftest to mark the location of the error in the filter string. Later it would be nice to use the location in the GUI as well. $ dftest "ip.proto == aaaaaa and tcp.port == 123" Filter: ip.proto == aaaaaa and tcp.port == 123 dftest: "aaaaaa" cannot be found among the possible values for ip.proto. ip.proto == aaaaaa and tcp.port == 123 ^~~~~~
2022-04-07 12:57:39 +00:00
dfilter_fail(state->dfw, &state->string_loc, "Non-printable value '0x%02lx' in character constant.", value);
dfilter: Parse character constants in lexer Invalid character constants should be handled in the lexical scanner. Todo: See if some code could be shared to parse double quoted strings. It also fixes some unintuitive type coercions to string. Character constants should be treated as characters, or maybe integers, or maybe even throw an invalid comparison error, but coverting to a literal string or byte array is surprising and not particularly useful: '\xFF' -> "'\xFF'" (equals) '\xFF' -> "FF" (contains) Before: Filter: http.request.method contains "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "63" <FT_STRING> -> reg#1 (...) Filter: http.request.method == "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "'\\x63'" <FT_STRING> -> reg#1 (...) After: Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...)
2021-11-23 21:20:34 +00:00
return FALSE;
}
}
dfilter: Add support for unicode escape sequences Add support for entering unicode codepoints as \uNNNN or \uNNNNNNNN for strings and charconsts (following the C standard).
2022-06-20 21:05:48 +00:00
dfilter: Parse character constants in lexer Invalid character constants should be handled in the lexical scanner. Todo: See if some code could be shared to parse double quoted strings. It also fixes some unintuitive type coercions to string. Character constants should be treated as characters, or maybe integers, or maybe even throw an invalid comparison error, but coverting to a literal string or byte array is surprising and not particularly useful: '\xFF' -> "'\xFF'" (equals) '\xFF' -> "FF" (contains) Before: Filter: http.request.method contains "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "63" <FT_STRING> -> reg#1 (...) Filter: http.request.method == "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "'\\x63'" <FT_STRING> -> reg#1 (...) After: Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...)
2021-11-23 21:20:34 +00:00
if ((*cp != '\'') || (*(cp + 1) != '\0')){
dfilter: Add location tracking to scanner and use it to report errors Add location tracking as a column offset and length from offset to the scanner. Our input is a single line only so we don't need to track line offset. Record that information in the syntax tree. Return the error location in dfilter_compile(). Use it in dftest to mark the location of the error in the filter string. Later it would be nice to use the location in the GUI as well. $ dftest "ip.proto == aaaaaa and tcp.port == 123" Filter: ip.proto == aaaaaa and tcp.port == 123 dftest: "aaaaaa" cannot be found among the possible values for ip.proto. ip.proto == aaaaaa and tcp.port == 123 ^~~~~~
2022-04-07 12:57:39 +00:00
dfilter_fail(state->dfw, &state->string_loc, "%s is too long to be a valid character constant.", s);
dfilter: Parse character constants in lexer Invalid character constants should be handled in the lexical scanner. Todo: See if some code could be shared to parse double quoted strings. It also fixes some unintuitive type coercions to string. Character constants should be treated as characters, or maybe integers, or maybe even throw an invalid comparison error, but coverting to a literal string or byte array is surprising and not particularly useful: '\xFF' -> "'\xFF'" (equals) '\xFF' -> "FF" (contains) Before: Filter: http.request.method contains "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "63" <FT_STRING> -> reg#1 (...) Filter: http.request.method == "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "'\\x63'" <FT_STRING> -> reg#1 (...) After: Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...)
2021-11-23 21:20:34 +00:00
return FALSE;
}
*valuep = value;
return TRUE;
}