like:
udp.srcport == udp.dstport
frame.cap_len != frame.len
(probably you can use it for better ones)
part of bug #7263
svn path=/trunk/; revision=43069
in README.devloper. Remove g_gnuc.h since it's no longer needed. Remove
tvbuff_init(), tvbuff_cleanup(), reassemble_init(), and
reassemble_cleanup() since they were only used for older GLib versions
which didn't support GSlices. Assume we always support the "matches"
operator.
svn path=/trunk/; revision=37978
make FT_STRING and FT_UINT_STRING handle string encodings.
Get rid of FT_EBCDIC in favor of FT_STRING with ENC_EBCDIC.
Add some URLs for DRDA.
Clean up some stuff in TN3270 and TN5250, including using ENC_ values
for proto_tree_add_item().
svn path=/trunk/; revision=37909
* Remove proto_tree_add_eui64 function from 802.15.4 Dissector
* Replace print_eui64/print_eui64 by eui64_to_str/get_eui64_name
* Update Documentation (README.dev)
* Add new function in libwireshark.def
* Support of encoding for tvb_eui64_to_str
* Use FT_EUI64 for ICMPv6, CAPWAP, Zbee ... dissector
svn path=/trunk/; revision=37015
In semcheck.c the display filter string of an expression is checked against the
header_field_info.display value BASE_CUSTOM. But the value of BASE_CUSTOM is
applied as bitmask while the actual type is an enum (BASE_CUSTOM = 6).
With this BASE_DEC, BASE_DEC_HEX and BASE_HEX_DEC are also matching and are not
accepted as filter expression.
Actually: BASE_DEC works but not BASE_HEX. And the problem only shows up when
trying to match a field in one of these bases against a string (from a
value_string).
svn path=/trunk/; revision=35621
- Allow direct access when a range of values begins with a value other than 0;
- Provide value_string_ext_new() for creating extended value strings at runtime;
- Do access to value_string_ext members via a macro (all but value_string.c);
- Update documentation.
svn path=/trunk/; revision=34514
(plus some additional changes by me).
Handle BASE_RANGE_STRING display types properly
We always treat header field info strings as value_string's undiscriminated.
However, if the header field info display is marked as BASE_RANGE_STRING, we
need to treat them as range_string's. This wasn't properly handled in the
filter expression dialog and in the filter toolbar which would cause a crash
upon referencing any fields marked as BASE_RANGE_STRING.
svn path=/trunk/; revision=28931
Try to resolve a crash issue when having a function on the RHS
of a filter test which does not return the same type as the LHS.
svn path=/trunk/; revision=28550
est. Use g_ascii_strcasecmp() and g_ascii_strncasecmp(), and supply our
own versions if they're missing from GLib (as is the case with GLib
1.x).
In the code to build the list of named fields for Diameter, don't use
g_strdown(); do our own g_ascii_-style upper-case to lower-case mapping
in the hash function and use g_ascii_strcasecmp() in the compare
function.
We do this because there is no guarantee that toupper(), tolower(), and
functions that use them will, for example, map between "I" and "i" in
all locales; in Turkish locales, for example, there are, in both
upper case and lower case, versions of "i" with and without a dot, and
the upper-case version of "i" is "I"-with-a-dot and the lower-case
version of "I" is "i"-without-a-dot. This causes strings that should
match not to match.
This finishes fixing bug 2010 - an earlier checkin prevented the crash
(as there are other ways to produce the same crash, e.g. a bogus
dictionary.xml file), but didn't fix the case-insensitive string matching.
svn path=/trunk/; revision=23623
32-bit numbers. Separate signed and unsigned accessors have been
added and used where appropriate.
Definitely not for 0.99.5.
svn path=/trunk/; revision=20472
they have LF at the end of the line on UN*X and CR/LF on Windows;
hopefully this means that if a CR/LF version is checked in on Windows,
the CRs will be stripped so that they show up only when checked out on
Windows, not on UN*X.
svn path=/trunk/; revision=11400
Check slice lengths as well as offsets. Disallow negative/zero
lengths.
Range on RHS of display filter expression wasn't being checked in
every case.
svn path=/trunk/; revision=11083
Error if protocol specified on RHS of display filter comparison.
If user specified "fc", they probably intended a byte value rather than
the fibre channel protocol; fix makes mistake clear.
Fix assertion failure with range on LHS of display filter comparison
and field on RHS.
svn path=/trunk/; revision=10829
then make sure that the FIELD can participate in the relation that
is expressed in the display filter.
Note that tvbuff's *should* be able to participate in == comparisons, etc.,
but those functions need to be added to ftype-tvbuff.c first.
svn path=/trunk/; revision=10175
check, in the semantics-checking phase, that we're testing a field, so
that we can give a better message than, for example, "Unexpected end of
filter string." for an existence test with a misspelled field name.
svn path=/trunk/; revision=10043
New "matches" operater in display filter language. Uses PCRE.
If a "matches" operator is found in a dfilter
while libpcre has not been used to build the binary, then an
exception is thrown after using dfilter_fail() to set an apporporiate
error message.
svn path=/trunk/; revision=9182
Besides "STRING", there is now "UNPARSED_STRING", where the distinction
is that "STRING" was a double-quoted string and "UNPARSED_STRING" is just
a sequence of characters that the scanner didn't know how to scan/parse,
so it's up to the Ftype to parse it.
This gives us more flexibility and prepares the dfilter parsing engine
for the upcoming addition of the "contains" operator.
In the process of doing this, I also re-did the double-quoted string
support in the scanner, so that instead of the naively-simple support we
used to have, double-quoted strings now can have embedded dobule-quotes,
embedded octal sequences, and embedded hexadecimal sequences:
"\"" embedded double-quote
"\110" embedded octal
"\x48" embedded hex
Enhance the dfilter unit test script to be able to run a single collection
of tests instead of having to run all of them all the time.
svn path=/trunk/; revision=8083
frame number, which is always decimal. If you select an FT_FRAMENUM
field, there are menu items that let you go to the frame whose frame
number appears in that field.
Add FT_FRAMENUM fields for the ONC RPC "matching request is in this
frame" and "matching reply is in this frame" protocol tree items.
svn path=/trunk/; revision=6802
pointer, and put "const" into the casts in "VALS()" and "TFS()" macros,
so we don't un-constify pointers to "value_string" arrays and
"true_false_string" structures.
Make some things "const" to keep the compiler happy with the previous
change.
svn path=/trunk/; revision=6684
floating-point numbers, and display all the significant digits for both
single-precision and double-precision floating-point numbers in the
protocol tree, not just what "%g" does (6 digits).
Put in comments explaining how the length of filter strings is computed,
and fix some of the computations.
svn path=/trunk/; revision=6081
A little work still needs to be done on the new NCP dissector -- make
some of the COL_INFO texts more useful, handle a Unicode issue, and
modify some of the cases that use "request conditions".
But the NCP dissector as it stands is very usable now.
Note: I didn't merge in the PROTO_LENGTH_UNTIL_END macro... I wanted
to think about the various possible macros and review an email conversation
I had with Guy on the subject.
svn path=/trunk/; revision=5432
scripts, and check in changes to add _U_ to some unused arguments (some
other should perhaps be used, so we leave the _U_ out so that the
warnings serve as a reminder to check those).
svn path=/trunk/; revision=4848
"epan/..." pathnames, so as to avoid collisions with header files in any
of the directories in which we look (e.g., "proto.h", as some other
package has its own "proto.h" file which it installs in the top-level
include directory).
Don't add "-I" flags to search "epan", as that's no longer necessary
(and we want includes of "epan" headers to fail if the "epan/" is left
out, so that we don't re-introduce includes lacking "epan/").
svn path=/trunk/; revision=4586
Put a hash-table of "interesting" fields in the per-proto-tree data.
The dfilter code records which fields/protocols are "interesting" (by which
I mean, their value or existence is checked). Thus, the proto_tree routines
can create special arrays of field_info*'s that are ready for the dfilter
engine to use during a filter operation.
Also store the "proto_tree_is_visible" boolean, renamed "visible", in
the per-proto-tree data.
Move epan_dissect_t to its own header file to make #include dependencies
easier to handle.
Provide epan_dissect_fill_in_columns(), which accepts just the epan_dissect_t*
as an argument.
epan_dissect_new() needs to be followed by epan_dissect_run() for the
dissection to actually take place. Between those two calls,
epan_dissect_prime_dfilter() can be run 0, 1, or multiple times in order to
prime the empty proto_tree with the "intersesting" fields from the dfilter_t.
svn path=/trunk/; revision=4422
FT_INT64 type, and make the Diameter dissector use it.
Handle the 64-bit integer types in the display filter semantics checks.
svn path=/trunk/; revision=4125
without requiring compiler support for them, and updates to the
Diameter, L2TP, NFS, and NLM dissectors to use it and to the ONC RPC
dissector to allow ONC RPC subdissectors to use it.
svn path=/trunk/; revision=4099
into epan/ftypes.
Re-write display filter routines using Lemon parser instead of yacc.
Besides using a different tool, the new grammar is much simpler, while
the display filter engine itself is more powerful and more easily extended.
Add dftest executable, to test display filter "bytecode" generation.
Add option to "configure" to build dftest or randpkt, both of which are not
built by default.
Implement Ed Warnicke's ideas about dranges in the new display filter and
ftype code.
Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered
as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree,
while FT_PROTOCOL is used for protocols. This was necessary for being
able to make byte slices (ranges) out of protocols, like "frame[0:3]"
Win32 Makefile.nmake's will be added tonight.
svn path=/trunk/; revision=2967
Jakub Zawadzki