osmocom
/
wireshark
11
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity
wireshark/epan/dfilter/dfilter.h

172 lines
3.9 KiB
C
Raw Normal View History

Add files with WS_DLL_PUBLIC to Doxygen part2 Add @file markers for remaining non-dissector files that contain functions exported with WS_DLL_PUBLIC so that Doxygen will generate documentation for them.
2021-11-30 02:36:21 +00:00
/** @file
*
name change svn path=/trunk/; revision=18197
2006-05-21 05:12:17 +00:00
* Wireshark - Network traffic analyzer
* By Gerald Combs <gerald@wireshark.org>
Grumble, grumble. I forgot to add the license comment at the top of these files. svn path=/trunk/; revision=2968
2001-02-01 20:31:21 +00:00
* Copyright 2001 Gerald Combs
Removed trailing whitespaces from .h and .c files using the winapi_cleanup tool written by Patrik Stridvall for the wine project. svn path=/trunk/; revision=6116
2002-08-28 20:41:00 +00:00
*
epan: use SPDX indentifiers. Skipping dissectors dir for now. Change-Id: I717b66bfbc7cc81b83f8c2cbc011fcad643796aa Reviewed-on: https://code.wireshark.org/review/25694 Petri-Dish: Dario Lombardo <lomato@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-02-08 16:59:17 +00:00
* SPDX-License-Identifier: GPL-2.0-or-later
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
*/
#ifndef DFILTER_H
#define DFILTER_H
#include <glib.h>
Export libwireshark symbols using WS_DLL_PUBLIC define Also remove old WS_VAR_IMPORT define and related Makefile magic everywhere in the project. svn path=/trunk/; revision=47992
2013-03-01 23:53:11 +00:00
#include "ws_symbol_export.h"
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
dfilter: Refactor error location tracking Remove duplicate location struct by adding a new header. Pass around a structure instead of a pointer.
2022-12-22 10:44:33 +00:00
#include "dfilter-loc.h"
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
/* Passed back to user */
struct _dfilter_t: rename to epan_dfilter. typedef (dfilter_t) not renamed. svn path=/trunk/; revision=53765
2013-12-03 20:59:25 +00:00
typedef struct epan_dfilter dfilter_t;
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
Include files from the "epan" directory and subdirectories thereof with "epan/..." pathnames, so as to avoid collisions with header files in any of the directories in which we look (e.g., "proto.h", as some other package has its own "proto.h" file which it installs in the top-level include directory). Don't add "-I" flags to search "epan", as that's no longer necessary (and we want includes of "epan" headers to fail if the "epan/" is left out, so that we don't re-introduce includes lacking "epan/"). svn path=/trunk/; revision=4586
2002-01-21 07:37:49 +00:00
#include <epan/proto.h>
Provide for per-protocol-tree data in the proto_tree code. Put a hash-table of "interesting" fields in the per-proto-tree data. The dfilter code records which fields/protocols are "interesting" (by which I mean, their value or existence is checked). Thus, the proto_tree routines can create special arrays of field_info*'s that are ready for the dfilter engine to use during a filter operation. Also store the "proto_tree_is_visible" boolean, renamed "visible", in the per-proto-tree data. Move epan_dissect_t to its own header file to make #include dependencies easier to handle. Provide epan_dissect_fill_in_columns(), which accepts just the epan_dissect_t* as an argument. epan_dissect_new() needs to be followed by epan_dissect_run() for the dissection to actually take place. Between those two calls, epan_dissect_prime_dfilter() can be run 0, 1, or multiple times in order to prime the empty proto_tree with the "intersesting" fields from the dfilter_t. svn path=/trunk/; revision=4422
2001-12-18 19:09:08 +00:00
More C++ updates. svn path=/trunk/; revision=40377
2012-01-04 21:26:51 +00:00
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
Provide for per-protocol-tree data in the proto_tree code. Put a hash-table of "interesting" fields in the per-proto-tree data. The dfilter code records which fields/protocols are "interesting" (by which I mean, their value or existence is checked). Thus, the proto_tree routines can create special arrays of field_info*'s that are ready for the dfilter engine to use during a filter operation. Also store the "proto_tree_is_visible" boolean, renamed "visible", in the per-proto-tree data. Move epan_dissect_t to its own header file to make #include dependencies easier to handle. Provide epan_dissect_fill_in_columns(), which accepts just the epan_dissect_t* as an argument. epan_dissect_new() needs to be followed by epan_dissect_run() for the dissection to actually take place. Between those two calls, epan_dissect_prime_dfilter() can be run 0, 1, or multiple times in order to prime the empty proto_tree with the "intersesting" fields from the dfilter_t. svn path=/trunk/; revision=4422
2001-12-18 19:09:08 +00:00
Avoid including <epan/epan.h> in dissectors. svn path=/trunk/; revision=53774
2013-12-03 23:49:51 +00:00
struct epan_dissect;
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
/* Module-level initialization */
void
dfilter_init(void);
/* Module-level cleanup */
void
dfilter_cleanup(void);
dfilter: Add location tracking to scanner and use it to report errors Add location tracking as a column offset and length from offset to the scanner. Our input is a single line only so we don't need to track line offset. Record that information in the syntax tree. Return the error location in dfilter_compile(). Use it in dftest to mark the location of the error in the filter string. Later it would be nice to use the location in the GUI as well. $ dftest "ip.proto == aaaaaa and tcp.port == 123" Filter: ip.proto == aaaaaa and tcp.port == 123 dftest: "aaaaaa" cannot be found among the possible values for ip.proto. ip.proto == aaaaaa and tcp.port == 123 ^~~~~~
2022-04-07 12:57:39 +00:00
/* Perform macro expansion. */
WS_DLL_PUBLIC
char *
dfilter_expand(const char *expr, char **err_ret);
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
/* Compiles a string to a dfilter_t.
* On success, sets the dfilter* pointed to by dfp
* to either a NULL pointer (if the filter is a null
* filter, as generated by an all-blank string) or to
* a pointer to the newly-allocated dfilter_t
* structure.
*
Clean up ftype-conversion and dfilter error message string handling. Have dfilter_compile() take an additional gchar ** argument, pointing to a gchar * item that, on error, gets set to point to a g_malloc()ed error string. That removes one bit of global state from the display filter parser, and doesn't impose a fixed limit on the error message strings. Have fvalue_from_string() and fvalue_from_unparsed() take a gchar ** argument, pointer to a gchar * item, rather than an error-reporting function, and set the gchar * item to point to a g_malloc()ed error string on an error. Allow either gchar ** argument to be null; if the argument is null, no error message is allocated or provided. Change-Id: Ibd36b8aaa9bf4234aa6efa1e7fb95f7037493b4c Reviewed-on: https://code.wireshark.org/review/6608 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2015-01-18 10:22:19 +00:00
* On failure, *err_msg is set to point to the error
* message. This error message is allocated with
* g_malloc(), and must be freed with g_free().
* The dfilter* will be set to NULL after a failure.
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
*
* Returns TRUE on success, FALSE on failure.
*/
dfilter: Add location tracking to scanner and use it to report errors Add location tracking as a column offset and length from offset to the scanner. Our input is a single line only so we don't need to track line offset. Record that information in the syntax tree. Return the error location in dfilter_compile(). Use it in dftest to mark the location of the error in the filter string. Later it would be nice to use the location in the GUI as well. $ dftest "ip.proto == aaaaaa and tcp.port == 123" Filter: ip.proto == aaaaaa and tcp.port == 123 dftest: "aaaaaa" cannot be found among the possible values for ip.proto. ip.proto == aaaaaa and tcp.port == 123 ^~~~~~
2022-04-07 12:57:39 +00:00
dfilter: Return an error object instead of string Return an struct containing error information. This simplifies the interface to more easily provide richer diagnostics in the future. Add an error code besides a human-readable error string to allow checking programmatically for errors in a robust manner. Currently there is only a generic error code, it is expected to increase in the future. Move error location information to the struct. Change callers and implementation to use the new interface.
2022-11-19 19:21:19 +00:00
#define DF_ERROR_GENERIC -1
Qt: Check field autocomplete for syntactical validity Currently the autocompletion engine always suggests a protocol field completion, even in places where it isn't syntactically valid. Fix that by compiling the preamble to the token under the cursor and checking the returned error. If it is DF_ERROR_UNEXPECTED_END that indicates a field or literal value was expected. Otherwise a field replacement is not valid in this position. Fixes #12811.
2022-11-19 11:14:57 +00:00
#define DF_ERROR_UNEXPECTED_END -2
dfilter: Return an error object instead of string Return an struct containing error information. This simplifies the interface to more easily provide richer diagnostics in the future. Add an error code besides a human-readable error string to allow checking programmatically for errors in a robust manner. Currently there is only a generic error code, it is expected to increase in the future. Move error location information to the struct. Change callers and implementation to use the new interface.
2022-11-19 19:21:19 +00:00
typedef struct {
int code;
char *msg;
dfilter: Refactor error location tracking Remove duplicate location struct by adding a new header. Pass around a structure instead of a pointer.
2022-12-22 10:44:33 +00:00
df_loc_t loc;
dfilter: Return an error object instead of string Return an struct containing error information. This simplifies the interface to more easily provide richer diagnostics in the future. Add an error code besides a human-readable error string to allow checking programmatically for errors in a robust manner. Currently there is only a generic error code, it is expected to increase in the future. Move error location information to the struct. Change callers and implementation to use the new interface.
2022-11-19 19:21:19 +00:00
} df_error_t;
WS_DLL_PUBLIC
void
dfilter_error_free(df_error_t *);
dfilter: Replace compile booleans arguments with a bit flag
2022-11-30 17:24:09 +00:00
/* Save textual representation of syntax tree (for debugging purposes). */
#define DF_SAVE_TREE (1U << 0)
/* Perform macro substitution on filter text. */
#define DF_EXPAND_MACROS (1U << 1)
/* Do an optimization pass on the compiled filter. */
#define DF_OPTIMIZE (1U << 2)
dftest: Add debug command-line options
2022-12-30 04:00:22 +00:00
/* Enable debug trace for flex. */
#define DF_DEBUG_FLEX (1U << 3)
/* Enable debug trace for lemon. */
#define DF_DEBUG_LEMON (1U << 4)
dfilter: Replace compile booleans arguments with a bit flag
2022-11-30 17:24:09 +00:00
Export libwireshark symbols using WS_DLL_PUBLIC define Also remove old WS_VAR_IMPORT define and related Makefile magic everywhere in the project. svn path=/trunk/; revision=47992
2013-03-01 23:53:11 +00:00
WS_DLL_PUBLIC
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
gboolean
dfilter: Add compilation result to log output Add result output to console log, in addition to intermediate debug information. This allows tracing the result using the log only.
2021-11-16 00:54:42 +00:00
dfilter_compile_real(const gchar *text, dfilter_t **dfp,
dfilter: Replace compile booleans arguments with a bit flag
2022-11-30 17:24:09 +00:00
df_error_t **errpp, unsigned flags,
const char *caller);
dfilter: Add compilation result to log output Add result output to console log, in addition to intermediate debug information. This allows tracing the result using the log only.
2021-11-16 00:54:42 +00:00
dfilter: Return an error object instead of string Return an struct containing error information. This simplifies the interface to more easily provide richer diagnostics in the future. Add an error code besides a human-readable error string to allow checking programmatically for errors in a robust manner. Currently there is only a generic error code, it is expected to increase in the future. Move error location information to the struct. Change callers and implementation to use the new interface.
2022-11-19 19:21:19 +00:00
#define dfilter_compile(text, dfp, errp) \
dfilter: Replace compile booleans arguments with a bit flag
2022-11-30 17:24:09 +00:00
dfilter_compile_real(text, dfp, errp, \
DF_EXPAND_MACROS|DF_OPTIMIZE, \
__func__)
tshark: Add underline to dfilter errors $ tshark -Y 'frame.number == 123foobar and ip' -r /dev/null tshark: "123foobar" is not a valid number. frame.number == 123foobar and ip ^~~~~~~~~
2022-04-10 17:19:45 +00:00
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
/* Frees all memory used by dfilter, and frees
* the dfilter itself. */
Export libwireshark symbols using WS_DLL_PUBLIC define Also remove old WS_VAR_IMPORT define and related Makefile magic everywhere in the project. svn path=/trunk/; revision=47992
2013-03-01 23:53:11 +00:00
WS_DLL_PUBLIC
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
void
dfilter_free(dfilter_t *df);
/* Apply compiled dfilter */
Export libwireshark symbols using WS_DLL_PUBLIC define Also remove old WS_VAR_IMPORT define and related Makefile magic everywhere in the project. svn path=/trunk/; revision=47992
2013-03-01 23:53:11 +00:00
WS_DLL_PUBLIC
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
gboolean
Avoid including <epan/epan.h> in dissectors. svn path=/trunk/; revision=53774
2013-12-03 23:49:51 +00:00
dfilter_apply_edt(dfilter_t *df, struct epan_dissect *edt);
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
/* Apply compiled dfilter */
gboolean
Merge the work in Novell_NCP_branch into the mainline code. A little work still needs to be done on the new NCP dissector -- make some of the COL_INFO texts more useful, handle a Unicode issue, and modify some of the cases that use "request conditions". But the NCP dissector as it stands is very usable now. Note: I didn't merge in the PROTO_LENGTH_UNTIL_END macro... I wanted to think about the various possible macros and review an email conversation I had with Guy on the subject. svn path=/trunk/; revision=5432
2002-05-09 23:50:34 +00:00
dfilter_apply(dfilter_t *df, proto_tree *tree);
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
Merge the work in Novell_NCP_branch into the mainline code. A little work still needs to be done on the new NCP dissector -- make some of the COL_INFO texts more useful, handle a Unicode issue, and modify some of the cases that use "request conditions". But the NCP dissector as it stands is very usable now. Note: I didn't merge in the PROTO_LENGTH_UNTIL_END macro... I wanted to think about the various possible macros and review an email conversation I had with Guy on the subject. svn path=/trunk/; revision=5432
2002-05-09 23:50:34 +00:00
/* Prime a proto_tree using the fields/protocols used in a dfilter. */
Provide for per-protocol-tree data in the proto_tree code. Put a hash-table of "interesting" fields in the per-proto-tree data. The dfilter code records which fields/protocols are "interesting" (by which I mean, their value or existence is checked). Thus, the proto_tree routines can create special arrays of field_info*'s that are ready for the dfilter engine to use during a filter operation. Also store the "proto_tree_is_visible" boolean, renamed "visible", in the per-proto-tree data. Move epan_dissect_t to its own header file to make #include dependencies easier to handle. Provide epan_dissect_fill_in_columns(), which accepts just the epan_dissect_t* as an argument. epan_dissect_new() needs to be followed by epan_dissect_run() for the dissection to actually take place. Between those two calls, epan_dissect_prime_dfilter() can be run 0, 1, or multiple times in order to prime the empty proto_tree with the "intersesting" fields from the dfilter_t. svn path=/trunk/; revision=4422
2001-12-18 19:09:08 +00:00
void
"dfilter_prime_proto_tree()" doesn't modify the "dfilter_t" to which it's handed a pointer, which means that "epan_dissect_prime_dfilter()" doesn't do so either; make that argument a "const dfilter_t *" in both cases. svn path=/trunk/; revision=6239
2002-09-09 21:04:15 +00:00
dfilter_prime_proto_tree(const dfilter_t *df, proto_tree *tree);
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
dfilter: Refactor macro tree references This replaces the current macro reference system with a completely different implementation. Instead of a macro a reference is a syntax element. A reference is a constant that can be filled in the dfilter code after compilation from an existing protocol tree. It is best understood as a field value that can be read from a fixed tree that is not the frame being filtered. Usually this fixed tree is the currently selected frame when the filter is applied. This allows comparing fields in the filtered frame with fields in the selected frame. Because the field reference syntax uses the same sigil notation as a macro we have to use a heuristic to distinguish them: if the name has a dot it is a field reference, otherwise it is a macro name. The reference is synctatically validated at compile time. There are two main advantages to this implementation (and a couple of minor ones): The protocol tree for each selected frame is only walked if we have a display filter and if the display filter uses references. Also only the actual reference values are copied, intead of loading the entire tree into a hash table (in textual form even). The other advantage is that the reference is tested like a protocol field against all the values in the selected frame (if there is more than one). Currently the reference fields are not "primed" during dissection, so the entire tree is walked to find a particular reference (this is similar to the previous implementation). If the display filter contains a valid reference and the reference is not loaded at the time the filter is run the result is the same as a non existing field for a regular READ_TREE instruction. Fixes #17599.
2022-03-27 14:26:46 +00:00
/* Refresh references in a compiled display filter. */
WS_DLL_PUBLIC
void
dfilter_load_field_references(const dfilter_t *df, proto_tree *tree);
Qt: Add check for field extractors The proto tree is needed in several cases when using Lua field extractors, because they fetch values from the tree. Without a valid field extractor a Lua plugin may misbehave and display wrong column info. This fixes column issues when: - Calling resetColumns() in Qt. This involves adding a display filter, change time display format, change name resolution and other changes in UI which requires column updates. - Print summary lines. - Export as CSV and PSML. Change-Id: Ieed6f8578cdf2759f1f836cd8413a4529b7bbd80 Reviewed-on: https://code.wireshark.org/review/13708 Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2016-02-03 22:10:40 +00:00
/* Check if dfilter has interesting fields */
gboolean
dfilter_has_interesting_fields(const dfilter_t *df);
Export libwireshark symbols using WS_DLL_PUBLIC define Also remove old WS_VAR_IMPORT define and related Makefile magic everywhere in the project. svn path=/trunk/; revision=47992
2013-03-01 23:53:11 +00:00
WS_DLL_PUBLIC
If "!=" or "ne" are used in a display filter, warn the user that the results may be unexpected. svn path=/trunk/; revision=24232
2008-01-31 19:50:38 +00:00
GPtrArray *
dfilter_deprecated_tokens(dfilter_t *df);
dfilter: Add compilation warning for ambiguous syntax $ dfilter 'frame contains fc' Filter: frame contains fc Warning: Interpreting "fc" as "Fibre Channel". Consider writing :fc or .fc. (...)
2022-12-29 20:06:19 +00:00
WS_DLL_PUBLIC
GSList *
dfilter_get_warnings(dfilter_t *df);
dftest: Add --types option
2023-01-10 15:42:32 +00:00
#define DF_DUMP_REFERENCES (1U << 0)
#define DF_DUMP_SHOW_FTYPE (1U << 1)
dftest: More CLI options and improve output format
2023-01-05 17:37:59 +00:00
/* Print bytecode of dfilter to fp */
Export libwireshark symbols using WS_DLL_PUBLIC define Also remove old WS_VAR_IMPORT define and related Makefile magic everywhere in the project. svn path=/trunk/; revision=47992
2013-03-01 23:53:11 +00:00
WS_DLL_PUBLIC
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
void
dftest: Add --types option
2023-01-10 15:42:32 +00:00
dfilter_dump(FILE *fp, dfilter_t *df, uint16_t flags);
Create a more modular type system for the FT_* types. Put them into epan/ftypes. Re-write display filter routines using Lemon parser instead of yacc. Besides using a different tool, the new grammar is much simpler, while the display filter engine itself is more powerful and more easily extended. Add dftest executable, to test display filter "bytecode" generation. Add option to "configure" to build dftest or randpkt, both of which are not built by default. Implement Ed Warnicke's ideas about dranges in the new display filter and ftype code. Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree, while FT_PROTOCOL is used for protocols. This was necessary for being able to make byte slices (ranges) out of protocols, like "frame[0:3]" Win32 Makefile.nmake's will be added tonight. svn path=/trunk/; revision=2967
2001-02-01 20:21:25 +00:00
dfilter: Print syntax tree using dftest + format enhancements Add argument to dfilter_compile_real() to save syntax tree text representation. Use it with dftest to print syntax tree. Misc debug output format improvements.
2022-04-04 22:42:52 +00:00
/* Text after macro expansion. */
WS_DLL_PUBLIC
const char *
dfilter_text(dfilter_t *df);
/* Text representation of syntax tree (if it was saved, NULL oterwise). */
WS_DLL_PUBLIC
const char *
dfilter_syntax_tree(dfilter_t *df);
dfilter: Add more logging for bytecode
2022-03-27 15:38:39 +00:00
/* Print bytecode of dfilter to log */
WS_DLL_PUBLIC
void
dfilter_log_full(const char *domain, enum ws_log_level level,
const char *file, long line, const char *func,
dfilter_t *dfcode, const char *msg);
CMake: Reverse debug macros Originally WS_DISABLE_DEBUG was chosen to be similar to G_DISABLE_ASSERT and NDEBUG. However generator expressions are essential for modern CMake but the syntax is weird and having to use negations makes it ten-fold worse. Remove the negation. Instead of changing the CMake variable reverse the macro definition for WS_DISABLE_DEBUG. The $<CONFIG:cgs> generator expression with multiple config arguments requires CMake >= 3.19 so we can't use that yet for a further syntactical simplification.
2023-01-09 12:58:45 +00:00
#ifdef WS_DEBUG
dfilter: Add more logging for bytecode
2022-03-27 15:38:39 +00:00
#define dfilter_log(dfcode, msg) \
dfilter_log_full(LOG_DOMAIN_DFILTER, LOG_LEVEL_NOISY, \
__FILE__, __LINE__, __func__, \
dfcode, msg)
#else
#define dfilter_log(dfcode, msg) (void)0
#endif
#define DFILTER_DEBUG_HERE(dfcode) \
dfilter_log_full(LOG_DOMAIN_DFILTER, LOG_LEVEL_ECHO, \
__FILE__, __LINE__, __func__, \
dfcode, #dfcode);
More C++ updates. svn path=/trunk/; revision=40377
2012-01-04 21:26:51 +00:00
#ifdef __cplusplus
}
#endif /* __cplusplus */
#endif /* DFILTER_H */