Allow an entity in the grammar as range body. Perform a stronger
sanity check during semantic analysis everywhere a range is used.
This is both safer (unless we want to allow FIELD bodies only, but
functions are allowed too) and also provides better error messages.
Previously a range of range only compiled on the RHS. Now it can
appear on both sides of a relation.
This fixes a crash with STRING entities similar to #10690 for
UNPARSED.
This also adds back support for slicing functions that was removed
in f3f833ccec (by accident presumably).
Ping #10690
This makes 'stnode_tostr()' more useful for end-user error reporting.
For debugging purposes we tack on the type name in the debug specific
code instead.
protocolID is packet scoped, so it can lead to hilarity if we add it to
the ROS dissector's epan scoped wmem_map. Add an epan-scoped copy of
protocolID instead. Blind attempt at fixing #16342.
Mostly straightforward. The only complication was
proto_tree_add_split_bits_crumb which needed some manipulation to
guarantee a non-null tree so we could use its memory scope.
This is one of the last non-dissector uses of wmem_packet_scope!
Detected by ./tools/check_typed_item_calls.py --mask
Error: epan/dissectors/packet-asterix.c filter= asterix.021_161_TN 0x0fff with len is 4 but type FT_UINT8 indicates max of 2 and extra digits are non-zero (0f)
Error: epan/dissectors/packet-capwap.c filter= capwap.control.message_element.ieee80211_station_session_key.flags_a 0x2000 with len is 4 but type FT_BOOLEAN indicates max of 1 and extra digits are non-zero (200)
Error: epan/dissectors/packet-capwap.c filter= capwap.control.message_element.ieee80211_station_session_key.flags_c 0x1000 with len is 4 but type FT_BOOLEAN indicates max of 1 and extra digits are non-zero (100)
Error: epan/dissectors/packet-cfdp.c filter= cfdp.trans_stat_2_b 0x6000 with len is 4 but type FT_UINT8 indicates max of 2 and extra digits are non-zero (60)
Error: epan/dissectors/packet-cfdp.c filter= cfdp.suspension_ind_b 0x8000 with len is 4 but type FT_UINT8 indicates max of 2 and extra digits are non-zero (80)
Error: epan/dissectors/packet-ixveriwave.c filter= ixveriwave.tx.factorydebug 0x7f80 with len is 4 but type FT_UINT8 indicates max of 2 and extra digits are non-zero (7f)
There are a bunch of near-identical macros here, but I'm gonna change
one at a time or else the builder times out at the number of files
changed in one merge.
BitTorrent clients use the same UDP conversation for both DHT and
uTP, switching back and forth between the two at connection start.
So even if the dissector has been set for the conversation or
ports to BT-DHT, test the packet and reject it if not DHT in order
to give the uTP dissector a chance. Fix#17626
packet-cose.c:1221:6: warning: no previous prototype for function 'proto_reg_handoff_cose' [-Wmissing-prototypes]
packet-cose.c:1185:6: warning: no previous prototype for function 'proto_register_cose' [-Wmissing-prototypes]
When FileHandler seek_read() is not implemented use a default
implementation which does the same as the provided example to
file_seek() and then call the FileHandler read().
This patch adds basic dissection for the egfx channel. It also fixes fragmentation
in the dynamic channel, and also introduces some of the decompressors involved in RDP
traffic.
When parsing we save the token value to the syntax tree. This is
useful for better error reporting. Use it to report an invalid
entity for the slice operation. Before only the memory location
was reported, which is not a good error message.
Before:
% dftest '"01:02:03:04"[0:3] == foo'
Filter: ""01:02:03:04"[0:3] == foo"
dftest: Range is not supported for entity <0x7f6c84017740> of type STRING
After:
% dftest '"01:02:03:04"[0:3] == foo'
Filter: ""01:02:03:04"[0:3] == foo"
dftest: Range is not supported for entity 01:02:03:04 of type STRING
When creating a new node from an old one we need to copy the token
value. Simple tokens such as RBRACKET, COMMA and COLON are
not part of the AST and don't have an associated semantic value.
Pass the deprecated data struture to the scanner and insert the deprecated
tokens there. This avoids having to keep a dedicated syntax node field
for this.
Pass the deprecated argument in dfwork_t instead of in a separate
argument. This is less cumbersome than adding an extra argument
to every level of the semantic checker.
Use wslog to output debug information. Being able to control
it at runtime is a big advantage.
We extend the syntax tree nodes with a method to return a
canonical string representation.
Add a routine to walk the tree and return an textual representation
for debugging purposes.
Support reloading a Lua FileHandler when this is in use for a
loaded capture file. Prompt to save the file if having unsaved
changes because the file must be reloaded.
Fixes#17615
Re-use the OK Error true false flag instead of defining a custom one
with OK Incorrect.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Add address resolved flag to Advertising PDUs. This indicates if the
sniffer was able to resolve the advertising address using an IRK.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
absolute_val_from_string() doesn't allow a time zone and always
assumes that time strings are in local time zone, so
absolute_val_to_repr() needs to produce that output for FTREPR_DFILTER
so that construct_match_selected_string() produces the correct filter
string for FT_ABSOLUTE_TIME fields that are not ABSOLUTE_TIME_LOCAL.
Fix#17617
The flags were used to identify the SID format, without regard for the
available size. Also in case of error in the flags the SID would not be
shown. Convert, like elsewhere, SID format identification based on size
and add flag validity checks, based on RFC 8667 section 2.1.1.
Closes#17610
Also changing keyboard and button disssectors to prefix values with ": ". This
matches how proto_tree_add_int_bits_format_value() displays values.
Concludes the last bits left: Closes#17550
Add the heur_dtbl_entry_t entry as deregistered when deleting a
heuristics dissector. The UDP dissector is storing a pointer to
this in proto_data and may access the entry during reload Lua
plugins until all packets are redissected.
Implement little endian support for tvb_get_bits family of functions.
The big/little endian refers to bit numbering within an octet. In big
endian, the most significant bit is considered bit 0, while in little
endian the least significant bit is considered bit 0.
Add encoding parameters to proto tree bits format family functions.
Specify ENC_BIG_ENDIAN in all dissectors using these functions except in
USB HID that requires ENC_LITTLE_ENDIAN to work correctly.
When formatting bits values, always display most significant bit on the
leftmost position regardless of the encoding. This results in no gaps
between octets and makes the displayed value comprehensible.
Close#4478Fix#17014
We only allow exp-Golomb coded values to be as large as 32 bit
integers. When packets encode too large a value (invalid content),
clamp the value and report it as malformed with an expert info,
reporting the number of bits consumed (which will probably lead to
a BoundsError later in the packet.)
The case with 32 leading zeroes is a special case because for both
unsigned and signed interpretation there is one non overflowing value.
This is better than using DISSECTOR_ASSERT for invalid packet content.
Avoid left shifting a 32 bit integer by 32, which is undefined.
Use DISSECTOR_ASSERT_FIELD_TYPE at the beginning of the function rather
than using DISSECTOR_ASSERT in the middle, since it's more descriptive
in its error message and clearer code to do it at the start.
Same issue as #17612, commit a7dfe53488.
Special case the situation with 32 leading zeroes, since in C it's
undefined to left shift a 32 bit integer by 32. Only one value with
32 leading zeroes is an encoded 32 bit integer.
Clamp too large values to G_MAX[U]INT32 and report it as a malformed
expert info. Also report the supposed amount of bits consumed,
which will probably lead to a BoundsError down the line (possibly
not for some bit errors).
This is better than using DISSECTOR_ASSERT for invalid packet content.
Use DISSECTOR_ASSERT_FIELD_TYPE for doing the checks on the hf_field
types, since it's more descriptive in its error message.
Fix#17612.
ETSI IP Datacast is another protocol that uses strings instead
of numeric payload types after the fmpt attribute. (ETSI TS 102 472,
ETSI TS 102 592). Since we're up to five special case strings to
check for, refactor the code a bit.
Protocol names can only be on the left hand side of filter expressions.
Commit ac0b1d42f3 (merge !4214) caused
unquoted strings that could be interpreted as either protocol names or
byte arrays to be parsed as the latter when on the RHS. Further
relax by allowing unquoted strings on the RHS that can be interpreted as
protocol names to be treated as any generic unquoted string. (The
semantic checker will still prefer interpreting the string as a byte
array, if possible, to a generic string.)
This is useful for filter expressions of the sort "frame contains data",
where data should be interpreted as "data", i.e. "\x64\x61\x74\x61".
Long run this ideally should be fixed earlier, at the lex parser or
grammar checker.
As per TS 12.21 section 8.1.4 "Manufacturer-Defined O&M messages",
NOTE 1:
"""
The Length Indicator gives the length of the Manufacturer-defined O&M data field in the message
segment being transported which is less than or equal to 255 octet.
"""
Where the "Manufacturer-defined O&M data field" is the content AFTER the
"ManId Length Indicator" + "Manuf. Identifier" as can be seen in the
table of the same section.
This fix was tested against osmo-bts, which implements the ipaccess
manufacturer extensions.
Adds a checkbox 'Automatic Update' to the IO Graph to enable or disable
rescans and recalculation of graph data temporarily. This is useful when
you want to modify settings of multiple graphs without triggering a rescan
with every change of a single setting. This becomes useful for large trace
files in particular.
Rescan or recalculation events are queued while 'Automatic Update' is not
active. Checking 'Automatic Update' triggers the queued updates.
The setting for 'Automatic Update' is stored in a preference.
A german translation for 'Automatic Update' is included.
Protocol names can only be on the left hand side of filter expressions.
If a protocol name with an even number of characters ("fc", "dc", "ff",
"fefd", etc.) is on the right hand side of a filter expressions and
can be interpreted as a byte string instead, do so. Fix#12810.
If a macro identifier is not defined it evaluates to zero in an
expression, so the outer #ifdef is unnecessary and should be
avoided (the less the better).
Add a missing CMake comment while here.
Added check on Command-Number on control message following
Accept-Session to detect the correct state. There are
various states possible after Accept-Session.