makes arrays of ipv6 addressess correct, so that we can now filter on both
ipv6 headers in a tunnelled packet.
Removed ipv6_str_to_guint8_array() which was no longer used.
Fixed compiler warning regarding 2nd arg call to get_host_ipaddr6().
svn path=/trunk/; revision=846
as BGP is a protocol on top of TCP, it may have trouble parsing
out-of-sync data (in most cases data is aligned on packet, it seems).
svn path=/trunk/; revision=843
possible.
ipv6.nxt == 17
ipv6.dst == ff02::9
ipv6.src[0:2] == fe:80
modify dfilter lexical rule to allow standard IPv6 expression to be
passed up to parser.
XXX backward compat issue in lex rule, maybe
XXX IPv6 has chained headers. how will dfilter behave when we have
multiple protocol header of the same type?
XXX ipv6.nxt is not really useful due to IPv6 chained header. we need a
symbol to identify "final" protocol type on the chain (testing ipv6.final
but will SEGV).
svn path=/trunk/; revision=836
definition of "AF_INET6". Declare those functions and, if it's not
defined, define "AF_INET6" in "inet_v6defs.h", and arrange to include
it if "inet_ntop()" is missing. (Systems will probably have both of
them or lack both of them, and we may choose not to use the system's
"inet_pton()" because it's buggy, so base the decision on whether to
include "inet_v6defs.h" on whether we're using the system's
"inet_ntop()" or not.) Fix some macro references in "Makefile.am" and
"configure.in".
svn path=/trunk/; revision=830
for converting IPv[46] numeric notation to/from binary form.
recent BIND includes those functions so fallback is not necessary on
most of the platforms.
sorry if it raises any portability problem on other platforms.
remove partial inclusion of inet_ntop() in packet-ipv6.c.
move ip6_to_str() to packet.c, it fits better there than packet-ipv6.c.
svn path=/trunk/; revision=829
for ip.ip_p and ip6.ip6_nxt (and other IPv6 header chain).
use val_to_str() as much as possible in dissect_{ipv6,pim,ripng}().
make --disable-zlib a default for netbsd (temporary workaround).
svn path=/trunk/; revision=827
Field "XXX" has N byte[s] being compared, but M byte[s] were
supplied.
and the
The "XXX" field is only N byte[s] wide, but M byte[s] were
supplied.
messages to have "was supplied" if M is 1.
svn path=/trunk/; revision=821
the base for numbers to be displayed in, bitmasks for bitfields, and blurbs
(which are one or two sentences describing the field).
proto_tree_add*() routines now automatically handle bitfields. You tell
it which header field you are adding, and just pass it the value of the
entire field, and the proto_tree routines will do the masking and shifting
for you.
This means that bitfields are more naturally filtered via dfilter now.
Added Phil Techau's support for signed integers in dfilters/proto_tree.
Added the beginning of the SNA dissector. It's not complete, but I'm
committing it now because it has example after example of how to use
bitfields with the new header_field_info struct and proto_tree routines.
It was the impetus to change how header_field_info works.
svn path=/trunk/; revision=815
logical operators, e.g.:
NOT expression AND expression
expression AND expression AND expression
etc. The shift/reduce conflicts _are_resolved (according to the output
from bison -v), so the conflicts seem to be benign.
Right now I marked the 4 shift/reduce conflicts as expected, but perhaps
someone more knowledgable about yacc grammars could take a look at it?
svn path=/trunk/; revision=814
return the pointer to the compiled filter through a pointer argument.
Have it check whether the filter is a null filter and, if so, free up
the filter and supply a filter pointer, rather than obliging its callers
to check whether the filter actually has any code. (Well, they may want
to check if the filter is null, so that they don't save a pointer to the
filter text, e.g. so that the display filter displays as "none" rather
than as a blank string in the summary box.)
In the process, fix the check in "gtk/file_dlg.c" that tests whether the
read filter compiled successfully.
svn path=/trunk/; revision=812
the packet boundary. Now the field boundary is honored. The frame boundary
is ignored, but of course we put proper field lengths in the proto_tree,
right? :)
Implemented negative offsets in byte-strings:
frame[-4:4] will read the last 4 bytes of a frame.
Implemented "offset-only" byte-string comparisons, since the dfilter
compiler knows the length of the byte-string you supplied. These are
now legal:
frame[-4] == 0.0.0.1
tr.dst[0] == 00:06:29
Implemented the use of integers if you're comparing one byte. These are
legal:
llc[0] == 0xaa
llc[0:1] == 0xaa
All these forms check against the length of the field, so these will be
reported as bad to the user:
eth.src[5] == 00:06:29 (goes beyond field boundary)
eth.dst == 1.2.3.4.5.6.7 (too long, goes beyond field boundary)
Thes is also reported as bad:
eth.dst[0:3] == 1.2 (incorrect number of bytes specified)
eth.dst[0:1] == eth.src[0:2] (disparate lengths)
I had to add a new function, proto_registrar_get_length() in proto.c, which
reports the length of a field as can be determined at registration time.
There are some shift/reduce errors in the grammar that I need to get rid of.
svn path=/trunk/; revision=811
(Is there a better way to force a parse to fail from arbitrary
places in routines called by the parser?)
asked in an earlier checkin is "yes", which would've been obvious had I
seen the code that handles MAC addresses, as it returns NULL on an
error, and the YACC clause checks for a null return value and, if the
return value is null, uses YYERROR to make the parse fail.
Use that for IPv4 and IPv6 errors.
Also, use "dfilter_fail()" for the MAC address code.
svn path=/trunk/; revision=810
there is still some work to do in resolv.c (get_host_ipaddr6)
- add display filters of this kind in packet-ipv6.c just
for testing (display filtering is incomplete)
svn path=/trunk/; revision=808
OSes that don't have it.
(Yes, this is BSD code, not GPLed code. I tried getting it from Glibc,
but the glibc version is just the BSD version, so I guess it's OK to mix
BSD code in with GPLed code, or, at least, with LGPLed code....)
svn path=/trunk/; revision=805
what we set "node->value.numeric" to if we failed to convert a string to
an IP address (that failure means "dfilter_compile()" will throw the
filter away and return NULL), so just set it to 0.
svn path=/trunk/; revision=804
"cf.dfcode" if the new filter doesn't compile, because the filter
currently in effect will be the one that was last applied - just free up
the text of the new filter, and whatever memory was allocated for the
new filter code.
This means we allocate a new dfilter when a new filter is to be applied,
rather than recycling stuff from the old filter, as we want the old
filter code to remain around if the new filter doesn't compile.
This means that "cf.dfilter" and "cf.dfcode" will be null if there's no
filter in effect.
svn path=/trunk/; revision=803
succeeded or failed, and, if it succeeded, have it fill in the IP
address if found through a pointer passed as the second argument.
Have it first try interpreting its first argument as a dotted-quad IP
address, with "inet_aton()", and, if that fails, have it try to
interpret it as a host name with "gethostbyname()"; don't bother with
"gethostbyaddr()", as we should be allowed to filter on IP addresses
even if there's no host name associated with them (there's no guarantee
that "gethostbyaddr()" will succeed if handed an IP address with no
corresponding name - and it looks as if FreeBSD 3.2, at least, may not
succeed in that case).
Add a "dfilter_fail()" routine that takes "printf()"-like arguments and
uses them to set an error message for the parse; doing so means that
even if the filter expression is syntactically valid, we treat it as
being invalid. (Is there a better way to force a parse to fail from
arbitrary places in routines called by the parser?)
Use that routine in the lexical analyzer.
If that error message was set, use it as is as the failure message,
rather than adding "Unable to parse filter string XXX" to it.
Have the code to handle IP addresses and host names in display filters
check whether "get_host_ipaddr()" succeeded or failed and, if it failed,
arrange that the parse fail with an error message indicating the source
of the problem.
svn path=/trunk/; revision=802