wireshark SHOULD be able to filter on multiple hf's with the
same field-name, BUT there is a little bug in the code. I have pinpointed it to
the following in epan/dfilter/dfvm.c:
...
It actually loops through all the hf's with the same name, but only checks
against the original (first) hf.
svn path=/trunk/; revision=21372
Add a table of DPCs and SSNs that allow to override the protocol that would be choosen
so that the same SSN can use two different protocols in two different DPCs.
I did not believe it someone could have done it, then I saw the captures...
svn path=/trunk/; revision=21321
(Temporarily disable the warnings as errors default on Unix to get
to get the buildbots and people with gcc40 going again until those
additional warnings gcc40 generates can be fixed-I'm working on it
ASAP)
Patch for configure.in which disables by default the treatment of
warnings as errors.
It can be enabled with './configure --with-warnings-as-errors'.
The macro will test first if GCC is present. If it's the case,
HAVE_WARNINGS_AS_ERRORS is defined. All the USING_GCC have been replaced
by HAVE_WARNINGS_AS_ERRORS.
With this switch, people won't suffer from unexpected warnings when
downloading svn sources during the transition time ;)
svn path=/trunk/; revision=21153
* Remove macros_dlg, the DFMacros UAT goes in the menu with all the rest
* in packet-user_encap.c WTAP_ENCAP=XXX has become useless information for the user leave just the DLT#
svn path=/trunk/; revision=20753
* fields of an uat table now are passed using an array of uat_filed_t
* field callbacks take two more userdata arguments
* add some macros to define uat field callbacks.
* uats can be registered as preferences for a specific protocol
- the preference widget is a button that opens the uat's window
* dfilter-macro => reflect changes to API
svn path=/trunk/; revision=20695
32-bit numbers. Separate signed and unsigned accessors have been
added and used where appropriate.
Definitely not for 0.99.5.
svn path=/trunk/; revision=20472
this primarily removes code and simplifies (==eliminates) the need to track the data that is allocated and should potentially be slightly faster than a slab allocator.
however these functions are called A LOT so there might be a performance hit when using emem with full debugging canary values and all the bells and whistles activated.
this change also makes any future attempt to parallellize dissection of frames easier if we just make the ep allocator allocate from a threads specific ep pool.
(something we would have to do anyway to make ep allocations multithreaded)
this works in all my tests so far but needs more test coverage.
svn path=/trunk/; revision=20194
print register numbers as unsigned (they're guint32);
when printing a PUT_FVALUE instruction, show the value as well
as the type of the value.
That requires that a bunch of types get to_repr methods; add them for
PCRE (FTREPR_DFILTER-only - show the regular expression as text),
tvbuffs (FTREPR_DFILTER_only - show the data as a hex string), integral
types, string types other than FT_STRING, and FT_IPv6.
That means we can use fvalue_to_string_repr() for FT_IPXNET and FT_IPv6
in proto_construct_dfilter_string(), and that we don't need to handle
integer and floating types specially in MATE.
Fix some problems with the PCRE execution code for tvbuff types.
svn path=/trunk/; revision=16369
-use g_snprintf instead of sprintf and snprintf
-use g_strdup_printf where appropriate
-remove #include "snprintf.h" (as only g_snprintf should be used)
-replace some more alloc/realloc/calloc/free with their glib pendants
svn path=/trunk/; revision=15264
syntax-tree.c to syntax-tree.h.
This fixes some warning of type
sttype-integer.c:33: warning: no previous declaration for
'sttype_register_integer'
svn path=/trunk/; revision=15011
returned quite a list of files. Add them to MAINTAINERCLEANFILES.
Whitespace changes (replace multiple spaces by TABs, in a few cases this
needed to be done at the beginning of Makefile lines.
svn path=/trunk/; revision=14891
"strdup()" on the argument, so we don't need to do that ourselves (and,
in fact, as we're doing it ourselves but not freeing the result, we leak
memory).
svn path=/trunk/; revision=13892
files. Do this with GENERATED_HEADER_FILES, GENERATED_C_FILES, and
GENERATED_FILES macros in Makefile.common files, along the lines of what
wiretap/Makefile.common has.
Clean up "*~" files with "make clean" rather than only "make distclean"
in some additional places.
Add "maintainer-clean" rules to the Makefile.nmake files, paralelling
the ones in the automake-generated Makefile.in files, using the
GENERATED_FILES macros from Makefile.common files. In some cases, move
the cleanup of files from "make distclean" to "make maintainer-clean",
and in other cases, put in a comment indicating why we're not doing that
(because some files that are distributed in the source tarballs, namely
Flex output, were built with a UN*X Flex and won't compile on Windows,
so we get rid of them with "make distclean" so you can clean up stuff
that *has* to be re-generated for Windows).
Clean up some *CLEANFILES definitions - get rid of ones that no longer
apply as files were moved or that add to the definition a name that's
already there.
svn path=/trunk/; revision=13402
they have LF at the end of the line on UN*X and CR/LF on Windows;
hopefully this means that if a CR/LF version is checked in on Windows,
the CRs will be stripped so that they show up only when checked out on
Windows, not on UN*X.
svn path=/trunk/; revision=11400
on success, so we clear it before calling them.
Assign the value of "strtol()" to a "long" and assign the value of
"strtoul()" to an "unsigned long", as those are the return types for
those functions - "gint32" and "guint32" might not be large enough for
the return value on an LP64 platform.
Check for errno being EINVAL, as that can happen if the number isn't
valid.
Before assigning the value returned by "strtol()" or "strtoul()" to the
final destination, check whether it's in the right range for that
destination.
svn path=/trunk/; revision=11382
the parse finishes (forcing us to feed the parser an end-of-input even
after an error) is that we don't create a new parser object when we
start a new parse and don't destroy it when the parse finishes.
svn path=/trunk/; revision=11156
Add a #define to enable parser tracing.
Clean up parser state when finished parsing, even if we stopped
parsing due to a syntax error, so that there's nothing left
around to screw up the next parse.
svn path=/trunk/; revision=11152
Use gint32 instead of guint32 for node data.
Fix up some other signed-vs-unsigned issues in the display filter
parser and lexical analyzer.
svn path=/trunk/; revision=11085
Check slice lengths as well as offsets. Disallow negative/zero
lengths.
Range on RHS of display filter expression wasn't being checked in
every case.
svn path=/trunk/; revision=11083
Use gint32 instead of guint32 and strtol() instead of strtoul()
for signed integers.
Pathological slice specifications could cause Flex default rule
to be invoked, echoing characters to stdout.
Example: frame[0foo]==1
svn path=/trunk/; revision=11082
add a config.nmake option to control whether to build
libethereal.dll or not;
remove "./wiretap" from PATH to prevent problems due to
wrongly-loaded files;
build dissector.lib with MSVC;
move "print.c" and "ps.c" to the dissector helpers, as "print.c"
imports variables from packet-frame.c and packet-data.c, which
are in libethereal;
move "g711.c" out of the dissector helpers, as they're used only
by Ethereal in a tap, not in Tethereal or in any dissector;
add a .def file for libethereal;
arrange to declare global variables exported from libethereal
with "__declspec(dllimport)" when building programs that import
those variables;
update the NSIS installer.
Make the "configure" script define ETH_VAR_IMPORT as "extern".
svn path=/trunk/; revision=10834
Error if protocol specified on RHS of display filter comparison.
If user specified "fc", they probably intended a byte value rather than
the fibre channel protocol; fix makes mistake clear.
Fix assertion failure with range on LHS of display filter comparison
and field on RHS.
svn path=/trunk/; revision=10829
octal, as the maximum of 3 octal digits can be more than 0377, but not
necessary for hex, as the maximum of 2 hex digits can't be more than
0xff).
svn path=/trunk/; revision=10827
then make sure that the FIELD can participate in the relation that
is expressed in the display filter.
Note that tvbuff's *should* be able to participate in == comparisons, etc.,
but those functions need to be added to ftype-tvbuff.c first.
svn path=/trunk/; revision=10175
analyzer on errors, and check for SCAN_FAILED from the lexical analyzer
and abort the parse if we see it; 0 means "end of input", and we want to
distinguish errors from end-of-input, so that we can report errors as
such.
If we see end-of-input while parsing a double-quoted string, report the
error (missing closing quote).
Fix the URL for the "Start conditions" section of the Flex manual.
svn path=/trunk/; revision=10044
check, in the semantics-checking phase, that we're testing a field, so
that we can give a better message than, for example, "Unexpected end of
filter string." for an existence test with a misspelled field name.
svn path=/trunk/; revision=10043
../../epan/dfilter/drange.h:62: warning: function declaration isn't a prototype
../../epan/dfilter/drange.h:83: warning: function declaration isn't a prototype
svn path=/trunk/; revision=9719
New "matches" operater in display filter language. Uses PCRE.
If a "matches" operator is found in a dfilter
while libpcre has not been used to build the binary, then an
exception is thrown after using dfilter_fail() to set an apporporiate
error message.
svn path=/trunk/; revision=9182
structure, rather than separately allocating "fvalue_t"s and having the
"field_info" structure point to them - this appears to speed up protocol
tree construction a bit.
svn path=/trunk/; revision=9146
This function is also very small, so small that teh overhead for the actual function call and return is likely to be a significant part
of its execution time.
change it into a macro and make it thus slightly faster by eliminating the function call overhead.
svn path=/trunk/; revision=9083
recurse into subdirectories doing "nmake -f Makefile.nmake distclean".
Have "nmake -f Makefile.nmake clean" not remove stuff that "make clean"
doesn't remove (such as Flex/Bison output and config.h files) - and have
"nmake -f Makefile.nmake distclean" remove stuff that "make distclean"
removes, including "tethereal-tap-register.c" and
"ethereal-tap-register.c".
svn path=/trunk/; revision=8672
Besides "STRING", there is now "UNPARSED_STRING", where the distinction
is that "STRING" was a double-quoted string and "UNPARSED_STRING" is just
a sequence of characters that the scanner didn't know how to scan/parse,
so it's up to the Ftype to parse it.
This gives us more flexibility and prepares the dfilter parsing engine
for the upcoming addition of the "contains" operator.
In the process of doing this, I also re-did the double-quoted string
support in the scanner, so that instead of the naively-simple support we
used to have, double-quoted strings now can have embedded dobule-quotes,
embedded octal sequences, and embedded hexadecimal sequences:
"\"" embedded double-quote
"\110" embedded octal
"\x48" embedded hex
Enhance the dfilter unit test script to be able to run a single collection
of tests instead of having to run all of them all the time.
svn path=/trunk/; revision=8083
variables the user configures - the user isn't expected to change
GLIB_CFLAGS or GTK_CFLAGS, and there's a comment nothing that users
shouldn't have to do so), which contain the appropriate "/I" flags for
building stuff that requires only GLib, and stuff that required GTK+ and
GLib, respectively, and use those macros in the Makefile.nmake files.
svn path=/trunk/; revision=7884
frame number, which is always decimal. If you select an FT_FRAMENUM
field, there are menu items that let you go to the frame whose frame
number appears in that field.
Add FT_FRAMENUM fields for the ONC RPC "matching request is in this
frame" and "matching reply is in this frame" protocol tree items.
svn path=/trunk/; revision=6802
pointer, and put "const" into the casts in "VALS()" and "TFS()" macros,
so we don't un-constify pointers to "value_string" arrays and
"true_false_string" structures.
Make some things "const" to keep the compiler happy with the previous
change.
svn path=/trunk/; revision=6684
filter, as in "ip.src == x.x.x.x || ip.src == y.y.y.y". My previous
change to allow filtering on multiple fields of the same name moved
some code into the wrong block within the function, causing the error.
svn path=/trunk/; revision=6544
the same name (abbreviation). Thus, if multiple protocols or fields
are registered with the same name, you can still filter on the name
and have the filtering work as expected.
svn path=/trunk/; revision=6434
it's handed a pointer, which means that "epan_dissect_prime_dfilter()"
doesn't do so either; make that argument a "const dfilter_t *" in both
cases.
svn path=/trunk/; revision=6239
floating-point numbers, and display all the significant digits for both
single-precision and double-precision floating-point numbers in the
protocol tree, not just what "%g" does (6 digits).
Put in comments explaining how the length of filter strings is computed,
and fix some of the computations.
svn path=/trunk/; revision=6081
A little work still needs to be done on the new NCP dissector -- make
some of the COL_INFO texts more useful, handle a Unicode issue, and
modify some of the cases that use "request conditions".
But the NCP dissector as it stands is very usable now.
Note: I didn't merge in the PROTO_LENGTH_UNTIL_END macro... I wanted
to think about the various possible macros and review an email conversation
I had with Guy on the subject.
svn path=/trunk/; revision=5432
move the code from "dfilter_lookup_token()" into
"proto_registrar_get_byname()", and get rid of "dfilter_lookup_token()"
and have its callers call "proto_registrar_get_byname()" instead.
svn path=/trunk/; revision=5287
scripts, and check in changes to add _U_ to some unused arguments (some
other should perhaps be used, so we leave the _U_ out so that the
warnings serve as a reminder to check those).
svn path=/trunk/; revision=4848
In the "configure.in" files, add
-D_U_="__attribute__((unused))"
to CFLAGS if we're using GCC, and add
-D_U_=""
otherwise, so _U_ can be used to mark arguments as unused.
Add -D_U_="" arguments to the Makefile.nmake files as well, so _U_ works
with Microsoft Visual C++ as well.
Add comments and RCS IDs to the Makefile.nmake files that don't already
have them.
svn path=/trunk/; revision=4824
"epan/..." pathnames, so as to avoid collisions with header files in any
of the directories in which we look (e.g., "proto.h", as some other
package has its own "proto.h" file which it installs in the top-level
include directory).
Don't add "-I" flags to search "epan", as that's no longer necessary
(and we want includes of "epan" headers to fail if the "epan/" is left
out, so that we don't re-introduce includes lacking "epan/").
svn path=/trunk/; revision=4586
Additional Windows Makefile dependencies, so more stuff gets
built as needed.
Additional stuff cleaned up by "make clean" (well, "nmake -f
makefile.nmake clean", anyway)
Make PDB_FILE be "vc*.pdb", so it referes to the PDB files
either for VC++ 5.0 or VC++ 6.0.
svn path=/trunk/; revision=4481
Put a hash-table of "interesting" fields in the per-proto-tree data.
The dfilter code records which fields/protocols are "interesting" (by which
I mean, their value or existence is checked). Thus, the proto_tree routines
can create special arrays of field_info*'s that are ready for the dfilter
engine to use during a filter operation.
Also store the "proto_tree_is_visible" boolean, renamed "visible", in
the per-proto-tree data.
Move epan_dissect_t to its own header file to make #include dependencies
easier to handle.
Provide epan_dissect_fill_in_columns(), which accepts just the epan_dissect_t*
as an argument.
epan_dissect_new() needs to be followed by epan_dissect_run() for the
dissection to actually take place. Between those two calls,
epan_dissect_prime_dfilter() can be run 0, 1, or multiple times in order to
prime the empty proto_tree with the "intersesting" fields from the dfilter_t.
svn path=/trunk/; revision=4422
fix a bogus batch mode inference rule of make, so that
"vc60.pdb" files are created in the proper directory;
delete ".pdb" files in a "nmake -f Makefile.nmake clean";
include the text2pcap and mergecap ".pdb" files in the Windows
binary distribution.
svn path=/trunk/; revision=4385
FT_INT64 type, and make the Diameter dissector use it.
Handle the 64-bit integer types in the display filter semantics checks.
svn path=/trunk/; revision=4125
without requiring compiler support for them, and updates to the
Diameter, L2TP, NFS, and NLM dissectors to use it and to the ONC RPC
dissector to allow ONC RPC subdissectors to use it.
svn path=/trunk/; revision=4099
there were 2 functions which accepted 'maxlength' == -1, but the function
prototypes had maxlength as a guint --- fixed.
svn path=/trunk/; revision=4087
* gcc 3.0 warning fixes:
- text2pcap.c: The number of characters to scan should probably not be 0
- wiretap/csids.c: using preincrement on a variable used on both
sides of an assignment might be undefined by the C99(?) standard
* turn on additional warnings for epan and wiretap too
- epan/configure.in
- wiretap/configure.in
* Fix some warnings (missing includes, signed/unsigned, missing
initializers) found by turning on the warnings
- all other files :-)
svn path=/trunk/; revision=3709
require it. It makes more sense to either put cppmagic with lemon, or
in yet another common directory. I'll just put it with lemon.
svn path=/trunk/; revision=3083
take fully-prototyped function arguments with types appropriate to
"g_malloc()" and "g_free()", and change the calls to the functions
pointed to by those arguments not pass the extra __FILE__ and __LINE__
arguments.
svn path=/trunk/; revision=3039
in the output of "{ethereal,tethereal} -G", so that it appears only once
in the documentation.
Expand some comments to give more details.
svn path=/trunk/; revision=3024
into epan/ftypes.
Re-write display filter routines using Lemon parser instead of yacc.
Besides using a different tool, the new grammar is much simpler, while
the display filter engine itself is more powerful and more easily extended.
Add dftest executable, to test display filter "bytecode" generation.
Add option to "configure" to build dftest or randpkt, both of which are not
built by default.
Implement Ed Warnicke's ideas about dranges in the new display filter and
ftype code.
Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered
as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree,
while FT_PROTOCOL is used for protocols. This was necessary for being
able to make byte slices (ranges) out of protocols, like "frame[0:3]"
Win32 Makefile.nmake's will be added tonight.
svn path=/trunk/; revision=2967
Stephen Fisher