osmocom
/
wireshark
14
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity
wireshark/epan/dfilter/sttype-pointer.c

163 lines
3.1 KiB
C
Raw Normal View History

Grumble, grumble. I forgot to add the license comment at the top of these files. svn path=/trunk/; revision=2968
2001-02-01 20:31:21 +00:00
/*
name change svn path=/trunk/; revision=18197
2006-05-21 05:12:17 +00:00
* Wireshark - Network traffic analyzer
Changed email address for Gerald from zing.org to wireshark.org in a lot of files, which I suppose is correct. svn path=/trunk/; revision=24034
2008-01-08 22:54:51 +00:00
* By Gerald Combs <gerald@wireshark.org>
Grumble, grumble. I forgot to add the license comment at the top of these files. svn path=/trunk/; revision=2968
2001-02-01 20:31:21 +00:00
* Copyright 2001 Gerald Combs
*
Removed trailing whitespaces from .h and .c files using the winapi_cleanup tool written by Patrik Stridvall for the wine project. svn path=/trunk/; revision=6116
2002-08-28 20:41:00 +00:00
*
epan: use SPDX indentifiers. Skipping dissectors dir for now. Change-Id: I717b66bfbc7cc81b83f8c2cbc011fcad643796aa Reviewed-on: https://code.wireshark.org/review/25694 Petri-Dish: Dario Lombardo <lomato@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-02-08 16:59:17 +00:00
* SPDX-License-Identifier: GPL-2.0-or-later
Grumble, grumble. I forgot to add the license comment at the top of these files. svn path=/trunk/; revision=2968
2001-02-01 20:31:21 +00:00
*/
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
#include "config.h"
#include "ftypes/ftypes.h"
#include "syntax-tree.h"
ftypes: Internal headers need to be internal The header ftypes-int.h should not be used outside of epan/ftypes because it is a private header. The functions fvalue_free() and fvalue_cleanup() need not and should not be macros either.
2021-11-11 00:54:00 +00:00
#include <epan/proto.h> // For BASE_NONE
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
dfilter: fix memory leaks if a dfilter fails to compile A display filter can contain values such as strings, numbers, etc. These are internally stored in a fvalue_t structure. While compiling a display filter, it will store a fvalue_t in a node of type STTYPE_FVALUE. These nodes are created while parsing the dfilter in dfilter_compile(). If the semantic check and conversion (dfw_semcheck()) succeeds, it will transfer the values of the parsed tree to dfw_gencode(). After that, dfwork_free will dispose the tree while a compiled dfilter code remains. When the dfilter code is destroyed, it will free the values too. However, when dfw_semcheck() fails (for example, due to an illegal filter such as "len(badname)==1"), it will skip "dfw_gencode()" and consequently the fvalue data is not transferred nor freed. Fix this by always freeing the data (unless the data was stolen by dfw_gencode()). Fixes a memory leak reported for case_dfunction_string::test_fail_2 which was detected by ASAN. Bug: 15442 Change-Id: I9b1cb613659890c8ddcfa57f11f9d3f61a51a3f9 Reviewed-on: https://code.wireshark.org/review/31757 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot Reviewed-by: Peter Wu <peter@lekensteyn.nl>
2019-01-27 17:02:03 +00:00
static void
ftypes: Internal headers need to be internal The header ftypes-int.h should not be used outside of epan/ftypes because it is a private header. The functions fvalue_free() and fvalue_cleanup() need not and should not be macros either.
2021-11-11 00:54:00 +00:00
sttype_fvalue_free(gpointer value)
dfilter: fix memory leaks if a dfilter fails to compile A display filter can contain values such as strings, numbers, etc. These are internally stored in a fvalue_t structure. While compiling a display filter, it will store a fvalue_t in a node of type STTYPE_FVALUE. These nodes are created while parsing the dfilter in dfilter_compile(). If the semantic check and conversion (dfw_semcheck()) succeeds, it will transfer the values of the parsed tree to dfw_gencode(). After that, dfwork_free will dispose the tree while a compiled dfilter code remains. When the dfilter code is destroyed, it will free the values too. However, when dfw_semcheck() fails (for example, due to an illegal filter such as "len(badname)==1"), it will skip "dfw_gencode()" and consequently the fvalue data is not transferred nor freed. Fix this by always freeing the data (unless the data was stolen by dfw_gencode()). Fixes a memory leak reported for case_dfunction_string::test_fail_2 which was detected by ASAN. Bug: 15442 Change-Id: I9b1cb613659890c8ddcfa57f11f9d3f61a51a3f9 Reviewed-on: https://code.wireshark.org/review/31757 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot Reviewed-by: Peter Wu <peter@lekensteyn.nl>
2019-01-27 17:02:03 +00:00
{
Remove some unnecessary casts. Casts are best avoided unless they are truly required. Fix some constness mismatches this revealed.
2021-10-26 12:53:06 +00:00
fvalue_t *fvalue = value;
dfilter: fix memory leaks if a dfilter fails to compile A display filter can contain values such as strings, numbers, etc. These are internally stored in a fvalue_t structure. While compiling a display filter, it will store a fvalue_t in a node of type STTYPE_FVALUE. These nodes are created while parsing the dfilter in dfilter_compile(). If the semantic check and conversion (dfw_semcheck()) succeeds, it will transfer the values of the parsed tree to dfw_gencode(). After that, dfwork_free will dispose the tree while a compiled dfilter code remains. When the dfilter code is destroyed, it will free the values too. However, when dfw_semcheck() fails (for example, due to an illegal filter such as "len(badname)==1"), it will skip "dfw_gencode()" and consequently the fvalue data is not transferred nor freed. Fix this by always freeing the data (unless the data was stolen by dfw_gencode()). Fixes a memory leak reported for case_dfunction_string::test_fail_2 which was detected by ASAN. Bug: 15442 Change-Id: I9b1cb613659890c8ddcfa57f11f9d3f61a51a3f9 Reviewed-on: https://code.wireshark.org/review/31757 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot Reviewed-by: Peter Wu <peter@lekensteyn.nl>
2019-01-27 17:02:03 +00:00
/* If the data was not claimed with stnode_steal_data(), free it. */
if (fvalue) {
ftypes: Internal headers need to be internal The header ftypes-int.h should not be used outside of epan/ftypes because it is a private header. The functions fvalue_free() and fvalue_cleanup() need not and should not be macros either.
2021-11-11 00:54:00 +00:00
fvalue_free(fvalue);
dfilter: fix memory leaks if a dfilter fails to compile A display filter can contain values such as strings, numbers, etc. These are internally stored in a fvalue_t structure. While compiling a display filter, it will store a fvalue_t in a node of type STTYPE_FVALUE. These nodes are created while parsing the dfilter in dfilter_compile(). If the semantic check and conversion (dfw_semcheck()) succeeds, it will transfer the values of the parsed tree to dfw_gencode(). After that, dfwork_free will dispose the tree while a compiled dfilter code remains. When the dfilter code is destroyed, it will free the values too. However, when dfw_semcheck() fails (for example, due to an illegal filter such as "len(badname)==1"), it will skip "dfw_gencode()" and consequently the fvalue data is not transferred nor freed. Fix this by always freeing the data (unless the data was stolen by dfw_gencode()). Fixes a memory leak reported for case_dfunction_string::test_fail_2 which was detected by ASAN. Bug: 15442 Change-Id: I9b1cb613659890c8ddcfa57f11f9d3f61a51a3f9 Reviewed-on: https://code.wireshark.org/review/31757 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot Reviewed-by: Peter Wu <peter@lekensteyn.nl>
2019-01-27 17:02:03 +00:00
}
}
dfilter, ftypes: get rid of FT_PCRE. It's not a valid field type, it's only a hack to support regular expression matching in packet-matching expressions. Instead, in the packet-matching code, have a separate syntax tree type for Perl-compatible regular expressions, and a separate instruction to load one into a register, and have the "matching" operator for field types take a GRegex * as the second argument.
2021-03-21 10:06:17 +00:00
static void
pcre_free(gpointer value)
{
Move regex code to wsutil
2021-11-12 15:55:14 +00:00
ws_regex_t *pcre = value;
dfilter, ftypes: get rid of FT_PCRE. It's not a valid field type, it's only a hack to support regular expression matching in packet-matching expressions. Instead, in the packet-matching code, have a separate syntax tree type for Perl-compatible regular expressions, and a separate instruction to load one into a register, and have the "matching" operator for field types take a GRegex * as the second argument.
2021-03-21 10:06:17 +00:00
/* If the data was not claimed with stnode_steal_data(), free it. */
if (pcre) {
Move regex code to wsutil
2021-11-12 15:55:14 +00:00
ws_regex_free(pcre);
dfilter, ftypes: get rid of FT_PCRE. It's not a valid field type, it's only a hack to support regular expression matching in packet-matching expressions. Instead, in the packet-matching code, have a separate syntax tree type for Perl-compatible regular expressions, and a separate instruction to load one into a register, and have the "matching" operator for field types take a GRegex * as the second argument.
2021-03-21 10:06:17 +00:00
}
}
dfilter: Display syntax tree for debugging Use wslog to output debug information. Being able to control it at runtime is a big advantage. We extend the syntax tree nodes with a method to return a canonical string representation. Add a routine to walk the tree and return an textual representation for debugging purposes.
2021-09-26 15:28:39 +00:00
static char *
ftypes: Internal headers need to be internal The header ftypes-int.h should not be used outside of epan/ftypes because it is a private header. The functions fvalue_free() and fvalue_cleanup() need not and should not be macros either.
2021-11-11 00:54:00 +00:00
sttype_fvalue_tostr(const void *data, gboolean pretty)
dfilter: Display syntax tree for debugging Use wslog to output debug information. Being able to control it at runtime is a big advantage. We extend the syntax tree nodes with a method to return a canonical string representation. Add a routine to walk the tree and return an textual representation for debugging purposes.
2021-09-26 15:28:39 +00:00
{
Remove some unnecessary casts. Casts are best avoided unless they are truly required. Fix some constness mismatches this revealed.
2021-10-26 12:53:06 +00:00
const fvalue_t *fvalue = data;
dfilter: Display syntax tree for debugging Use wslog to output debug information. Being able to control it at runtime is a big advantage. We extend the syntax tree nodes with a method to return a canonical string representation. Add a routine to walk the tree and return an textual representation for debugging purposes.
2021-09-26 15:28:39 +00:00
char *s, *repr;
s = fvalue_to_string_repr(NULL, fvalue, FTREPR_DFILTER, BASE_NONE);
dfilter: Split tostr() into debug and pretty print
2021-10-11 11:45:13 +00:00
if (pretty)
repr = g_strdup(s);
else
epan: Convert to use stdio.h from GLib Replace: g_snprintf() -> snprintf() g_vsnprintf() -> vsnprintf() g_strdup_printf() -> ws_strdup_printf() g_strdup_vprintf() -> ws_strdup_vprintf() This is more portable, user-friendly and faster on platforms where GLib does not like the native I/O. Adjust the format string to use macros from intypes.h.
2021-12-16 18:06:18 +00:00
repr = ws_strdup_printf("%s[%s]", fvalue_type_name(fvalue), s);
dfilter: Display syntax tree for debugging Use wslog to output debug information. Being able to control it at runtime is a big advantage. We extend the syntax tree nodes with a method to return a canonical string representation. Add a routine to walk the tree and return an textual representation for debugging purposes.
2021-09-26 15:28:39 +00:00
g_free(s);
return repr;
}
static char *
dfilter: Split tostr() into debug and pretty print
2021-10-11 11:45:13 +00:00
field_tostr(const void *data, gboolean pretty _U_)
dfilter: Display syntax tree for debugging Use wslog to output debug information. Being able to control it at runtime is a big advantage. We extend the syntax tree nodes with a method to return a canonical string representation. Add a routine to walk the tree and return an textual representation for debugging purposes.
2021-09-26 15:28:39 +00:00
{
Remove some unnecessary casts. Casts are best avoided unless they are truly required. Fix some constness mismatches this revealed.
2021-10-26 12:53:06 +00:00
const header_field_info *hfinfo = data;
dfilter: Display syntax tree for debugging Use wslog to output debug information. Being able to control it at runtime is a big advantage. We extend the syntax tree nodes with a method to return a canonical string representation. Add a routine to walk the tree and return an textual representation for debugging purposes.
2021-09-26 15:28:39 +00:00
return g_strdup(hfinfo->abbrev);
}
static char *
Make PCRE2 a required dependency
2021-11-12 10:11:25 +00:00
pcre_tostr(const void *data, gboolean pretty _U_)
dfilter: Display syntax tree for debugging Use wslog to output debug information. Being able to control it at runtime is a big advantage. We extend the syntax tree nodes with a method to return a canonical string representation. Add a routine to walk the tree and return an textual representation for debugging purposes.
2021-09-26 15:28:39 +00:00
{
Move regex code to wsutil
2021-11-12 15:55:14 +00:00
return g_strdup(ws_regex_pattern(data));
dfilter: Display syntax tree for debugging Use wslog to output debug information. Being able to control it at runtime is a big advantage. We extend the syntax tree nodes with a method to return a canonical string representation. Add a routine to walk the tree and return an textual representation for debugging purposes.
2021-09-26 15:28:39 +00:00
}
dfilter: Parse character constants in lexer Invalid character constants should be handled in the lexical scanner. Todo: See if some code could be shared to parse double quoted strings. It also fixes some unintuitive type coercions to string. Character constants should be treated as characters, or maybe integers, or maybe even throw an invalid comparison error, but coverting to a literal string or byte array is surprising and not particularly useful: '\xFF' -> "'\xFF'" (equals) '\xFF' -> "FF" (contains) Before: Filter: http.request.method contains "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "63" <FT_STRING> -> reg#1 (...) Filter: http.request.method == "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "'\\x63'" <FT_STRING> -> reg#1 (...) After: Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...)
2021-11-23 21:20:34 +00:00
static char *
charconst_tostr(const void *data, gboolean pretty _U_)
{
dfilter: Better representation for charconst
2021-11-27 17:31:16 +00:00
unsigned long num = *(const unsigned long *)data;
if (num > 0x7f)
goto out;
switch (num) {
case 0: return g_strdup("'\\0'");
case '\a': return g_strdup("'\\a'");
case '\b': return g_strdup("'\\b'");
case '\f': return g_strdup("'\\f'");
case '\n': return g_strdup("'\\n'");
case '\r': return g_strdup("'\\r'");
case '\t': return g_strdup("'\\t'");
case '\v': return g_strdup("'\\v'");
case '\'': return g_strdup("'\\''");
case '\\': return g_strdup("'\\\\'");
default:
break;
}
if (g_ascii_isprint(num))
epan: Convert to use stdio.h from GLib Replace: g_snprintf() -> snprintf() g_vsnprintf() -> vsnprintf() g_strdup_printf() -> ws_strdup_printf() g_strdup_vprintf() -> ws_strdup_vprintf() This is more portable, user-friendly and faster on platforms where GLib does not like the native I/O. Adjust the format string to use macros from intypes.h.
2021-12-16 18:06:18 +00:00
return ws_strdup_printf("'%c'", (int)num);
dfilter: Better representation for charconst
2021-11-27 17:31:16 +00:00
out:
epan: Convert to use stdio.h from GLib Replace: g_snprintf() -> snprintf() g_vsnprintf() -> vsnprintf() g_strdup_printf() -> ws_strdup_printf() g_strdup_vprintf() -> ws_strdup_vprintf() This is more portable, user-friendly and faster on platforms where GLib does not like the native I/O. Adjust the format string to use macros from intypes.h.
2021-12-16 18:06:18 +00:00
return ws_strdup_printf("'\\x%02lx'", num);
dfilter: Parse character constants in lexer Invalid character constants should be handled in the lexical scanner. Todo: See if some code could be shared to parse double quoted strings. It also fixes some unintuitive type coercions to string. Character constants should be treated as characters, or maybe integers, or maybe even throw an invalid comparison error, but coverting to a literal string or byte array is surprising and not particularly useful: '\xFF' -> "'\xFF'" (equals) '\xFF' -> "FF" (contains) Before: Filter: http.request.method contains "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "63" <FT_STRING> -> reg#1 (...) Filter: http.request.method == "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "'\\x63'" <FT_STRING> -> reg#1 (...) After: Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...)
2021-11-23 21:20:34 +00:00
}
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
void
sttype_register_pointer(void)
{
static sttype_t field_type = {
STTYPE_FIELD,
"FIELD",
NULL,
NULL,
dfilter: Display syntax tree for debugging Use wslog to output debug information. Being able to control it at runtime is a big advantage. We extend the syntax tree nodes with a method to return a canonical string representation. Add a routine to walk the tree and return an textual representation for debugging purposes.
2021-09-26 15:28:39 +00:00
NULL,
field_tostr
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
};
dfilter: Refactor macro tree references This replaces the current macro reference system with a completely different implementation. Instead of a macro a reference is a syntax element. A reference is a constant that can be filled in the dfilter code after compilation from an existing protocol tree. It is best understood as a field value that can be read from a fixed tree that is not the frame being filtered. Usually this fixed tree is the currently selected frame when the filter is applied. This allows comparing fields in the filtered frame with fields in the selected frame. Because the field reference syntax uses the same sigil notation as a macro we have to use a heuristic to distinguish them: if the name has a dot it is a field reference, otherwise it is a macro name. The reference is synctatically validated at compile time. There are two main advantages to this implementation (and a couple of minor ones): The protocol tree for each selected frame is only walked if we have a display filter and if the display filter uses references. Also only the actual reference values are copied, intead of loading the entire tree into a hash table (in textual form even). The other advantage is that the reference is tested like a protocol field against all the values in the selected frame (if there is more than one). Currently the reference fields are not "primed" during dissection, so the entire tree is walked to find a particular reference (this is similar to the previous implementation). If the display filter contains a valid reference and the reference is not loaded at the time the filter is run the result is the same as a non existing field for a regular READ_TREE instruction. Fixes #17599.
2022-03-27 14:26:46 +00:00
/* A field reference is a *constant* prototocol field value read directly
* from the currently selected frame in the protocol tree when a filter is
* applied to it. */
static sttype_t reference_type = {
STTYPE_REFERENCE,
"REFERENCE",
NULL,
NULL,
NULL,
field_tostr
};
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
static sttype_t fvalue_type = {
STTYPE_FVALUE,
"FVALUE",
NULL,
ftypes: Internal headers need to be internal The header ftypes-int.h should not be used outside of epan/ftypes because it is a private header. The functions fvalue_free() and fvalue_cleanup() need not and should not be macros either.
2021-11-11 00:54:00 +00:00
sttype_fvalue_free,
dfilter: Display syntax tree for debugging Use wslog to output debug information. Being able to control it at runtime is a big advantage. We extend the syntax tree nodes with a method to return a canonical string representation. Add a routine to walk the tree and return an textual representation for debugging purposes.
2021-09-26 15:28:39 +00:00
NULL,
ftypes: Internal headers need to be internal The header ftypes-int.h should not be used outside of epan/ftypes because it is a private header. The functions fvalue_free() and fvalue_cleanup() need not and should not be macros either.
2021-11-11 00:54:00 +00:00
sttype_fvalue_tostr
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
};
dfilter, ftypes: get rid of FT_PCRE. It's not a valid field type, it's only a hack to support regular expression matching in packet-matching expressions. Instead, in the packet-matching code, have a separate syntax tree type for Perl-compatible regular expressions, and a separate instruction to load one into a register, and have the "matching" operator for field types take a GRegex * as the second argument.
2021-03-21 10:06:17 +00:00
static sttype_t pcre_type = {
STTYPE_PCRE,
"PCRE",
NULL,
pcre_free,
dfilter: Display syntax tree for debugging Use wslog to output debug information. Being able to control it at runtime is a big advantage. We extend the syntax tree nodes with a method to return a canonical string representation. Add a routine to walk the tree and return an textual representation for debugging purposes.
2021-09-26 15:28:39 +00:00
NULL,
pcre_tostr
dfilter, ftypes: get rid of FT_PCRE. It's not a valid field type, it's only a hack to support regular expression matching in packet-matching expressions. Instead, in the packet-matching code, have a separate syntax tree type for Perl-compatible regular expressions, and a separate instruction to load one into a register, and have the "matching" operator for field types take a GRegex * as the second argument.
2021-03-21 10:06:17 +00:00
};
dfilter: Parse character constants in lexer Invalid character constants should be handled in the lexical scanner. Todo: See if some code could be shared to parse double quoted strings. It also fixes some unintuitive type coercions to string. Character constants should be treated as characters, or maybe integers, or maybe even throw an invalid comparison error, but coverting to a literal string or byte array is surprising and not particularly useful: '\xFF' -> "'\xFF'" (equals) '\xFF' -> "FF" (contains) Before: Filter: http.request.method contains "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "63" <FT_STRING> -> reg#1 (...) Filter: http.request.method == "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "'\\x63'" <FT_STRING> -> reg#1 (...) After: Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...)
2021-11-23 21:20:34 +00:00
static sttype_t charconst_type = {
STTYPE_CHARCONST,
"CHARCONST",
NULL,
g_free,
NULL,
charconst_tostr
};
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
sttype_register(&field_type);
dfilter: Refactor macro tree references This replaces the current macro reference system with a completely different implementation. Instead of a macro a reference is a syntax element. A reference is a constant that can be filled in the dfilter code after compilation from an existing protocol tree. It is best understood as a field value that can be read from a fixed tree that is not the frame being filtered. Usually this fixed tree is the currently selected frame when the filter is applied. This allows comparing fields in the filtered frame with fields in the selected frame. Because the field reference syntax uses the same sigil notation as a macro we have to use a heuristic to distinguish them: if the name has a dot it is a field reference, otherwise it is a macro name. The reference is synctatically validated at compile time. There are two main advantages to this implementation (and a couple of minor ones): The protocol tree for each selected frame is only walked if we have a display filter and if the display filter uses references. Also only the actual reference values are copied, intead of loading the entire tree into a hash table (in textual form even). The other advantage is that the reference is tested like a protocol field against all the values in the selected frame (if there is more than one). Currently the reference fields are not "primed" during dissection, so the entire tree is walked to find a particular reference (this is similar to the previous implementation). If the display filter contains a valid reference and the reference is not loaded at the time the filter is run the result is the same as a non existing field for a regular READ_TREE instruction. Fixes #17599.
2022-03-27 14:26:46 +00:00
sttype_register(&reference_type);
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
sttype_register(&fvalue_type);
dfilter, ftypes: get rid of FT_PCRE. It's not a valid field type, it's only a hack to support regular expression matching in packet-matching expressions. Instead, in the packet-matching code, have a separate syntax tree type for Perl-compatible regular expressions, and a separate instruction to load one into a register, and have the "matching" operator for field types take a GRegex * as the second argument.
2021-03-21 10:06:17 +00:00
sttype_register(&pcre_type);
dfilter: Parse character constants in lexer Invalid character constants should be handled in the lexical scanner. Todo: See if some code could be shared to parse double quoted strings. It also fixes some unintuitive type coercions to string. Character constants should be treated as characters, or maybe integers, or maybe even throw an invalid comparison error, but coverting to a literal string or byte array is surprising and not particularly useful: '\xFF' -> "'\xFF'" (equals) '\xFF' -> "FF" (contains) Before: Filter: http.request.method contains "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "63" <FT_STRING> -> reg#1 (...) Filter: http.request.method == "\x63" Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "'\\x63'" <FT_STRING> -> reg#1 (...) After: Filter: http.request.method contains '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...) Filter: http.request.method == '\x63' Constants: 00000 PUT_FVALUE "c" <FT_STRING> -> reg#1 (...)
2021-11-23 21:20:34 +00:00
sttype_register(&charconst_type);
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
}
epan/dfilter/*.c: As needed: Add editor modelines & Fix indentation Change-Id: I410839329a98bd806c60961dfb9693d5eeeeb702 Reviewed-on: https://code.wireshark.org/review/7104 Reviewed-by: Bill Meier <wmeier@newsguy.com>
2015-02-13 19:02:43 +00:00
/*
HTTPS (almost) everywhere. Change all wireshark.org URLs to use https. Fix some broken links while we're at it. Change-Id: I161bf8eeca43b8027605acea666032da86f5ea1c Reviewed-on: https://code.wireshark.org/review/34089 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2019-07-26 18:43:17 +00:00
* Editor modelines - https://www.wireshark.org/tools/modelines.html
epan/dfilter/*.c: As needed: Add editor modelines & Fix indentation Change-Id: I410839329a98bd806c60961dfb9693d5eeeeb702 Reviewed-on: https://code.wireshark.org/review/7104 Reviewed-by: Bill Meier <wmeier@newsguy.com>
2015-02-13 19:02:43 +00:00
*
* Local variables:
* c-basic-offset: 8
* tab-width: 8
* indent-tabs-mode: t
* End:
*
* vi: set shiftwidth=8 tabstop=8 noexpandtab:
* :indentSize=8:tabSize=8:noTabs=false:
*/