It won't work with embedded null bytes so don't try. This is
not an additional restriction, it just removes a hidden failure
mode. To support matching embedded NUL bytes we would have
to use an internal string representation other than
null-terminated C strings (which doesn't seem very onerous with
GString).
Before:
Filter: http.user_agent == 41:42:00:43
Constants:
00000 PUT_FVALUE "AB" <FT_STRING> -> reg#1
Instructions:
00000 READ_TREE http.user_agent -> reg#0
00001 IF-FALSE-GOTO 3
00002 ANY_EQ reg#0 == reg#1
00003 RETURN
After:
Filter: http.user_agent == 41:42:00:43
Constants:
00000 PUT_FVALUE "41:42:00:43" <FT_STRING> -> reg#1
Instructions:
00000 READ_TREE http.user_agent -> reg#0
00001 IF-FALSE-GOTO 3
00002 ANY_EQ reg#0 == reg#1
00003 RETURN
FT_PROTOCOL and FT_BYTES are the same semantic type, but one is
backed by a GByteArray and the other by a TVBuff. Use the same
semantic rules to parse both. In particular unparsed strings
are not converted to literal strings for protocols.
Before:
Filter: frame contains 0x0000
Constants:
00000 PUT_FVALUE 30:78:30:30:30:30 <FT_PROTOCOL> -> reg#1
Instructions:
00000 READ_TREE frame -> reg#0
00001 IF-FALSE-GOTO 3
00002 ANY_CONTAINS reg#0 contains reg#1
00003 RETURN
Filter: frame[5:] contains 0x0000
dftest: "0x0000" is not a valid byte string.
After:
Filter: frame contains 0x0000
dftest: "0x0000" is not a valid byte string.
Filter: frame[5:] contains 0x0000
dftest: "0x0000" is not a valid byte string.
Related to #17634.
For efficiency do the comparison in a single function call
instead of trying to preserving exactly the previous semantics.
Still I tried not to deviate much.
All the order operators can be defined in terms of 'lt'
and 'eq' so use that to reduce the number of required
methods from 6 to 2.
Further reduce to one by combining those two into a single
function that has memcmp semantics: negative return is
"less than", positive is "greater than" and zero is equal.
Octal escape sequences \NNN can have between 1 and 3 digits. If
the sequence had less than 3 digits the parser got out of sync
with an incorrect double increment of the pointer and errors out
parsing sequences like \0, \2 or \33.
Before:
Filter: ip.proto == '\33'
dftest: "'\33'" is too long to be a valid character constant.
After:
Filter: ip.proto == '\33'
Constants:
00000 PUT_FVALUE 27 <FT_UINT8> -> reg#1
Instructions:
00000 READ_TREE ip.proto -> reg#0
00001 IF-FALSE-GOTO 3
00002 ANY_EQ reg#0 == reg#1
00003 RETURN
Fixes#16525.
absolute_val_from_string() doesn't allow a time zone and always
assumes that time strings are in local time zone, so
absolute_val_to_repr() needs to produce that output for FTREPR_DFILTER
so that construct_match_selected_string() produces the correct filter
string for FT_ABSOLUTE_TIME fields that are not ABSOLUTE_TIME_LOCAL.
Fix#17617
This utility function is useful outside of epan. Move it to wsutil
and export the interface.
The move isn't completely clean as it requires duplicating two small
inline functions but that was necessary to avoiding moving too much at
once.
This header was installed incorrectly to epan/wmem_scopes.h.
Instead of creating additional installation rules for a single
header in a subfolder (kept for backward compatibility) just
rename the standard "epan/wmem/wmem.h" include to
"epan/wmem_scopes.h" and fix the documentation.
Now the header is installed *correctly* to epan/wmem_scopes.h.
The ftype-protocol has two components to its value - a tvb, which is
allowed to be be NULL (most notably in _ws.expert), and a string
description. They can also be created from string literals, such as
in display filters. It's possible to compare protocols with a NULL
tvb with protocol terms created from literals, e.g. entering the
display filter "_ws_expert < 1".
Partially revert 69e2603c48 so that
this doesn't crash, by assigning proto_string to the empty string
instead of null when creating from a literal. Fixes#17316
Most of the time, the return value tells us nothing useful, as we've
already decided that we're perfectly willing to live with string
truncation. Hopefully this keeps Coverity from whining that those
routines could return an error code (NARRATOR: They don't) and thus that
we're ignoring the possibility of failure (as indicated, we've already
decided that we can live with string truncation, so truncation is *NOT*
a failure).
Now that FT_PCRE is gone, a GRegex is not a valid value for a field. (A
field can be a *string* field whose value is supposed to be a PCRE, but
that's just FT_STRING/FT_STRINGZ/FT_STRINGZPAD/FT_STRINGZTRUNC, and the
value is the string text.)
It's not a valid field type, it's only a hack to support regular
expression matching in packet-matching expressions.
Instead, in the packet-matching code, have a separate syntax tree type
for Perl-compatible regular expressions, and a separate instruction to
load one into a register, and have the "matching" operator for field
types take a GRegex * as the second argument.
It's a fake "field" type, used only for "field" values in
packet-matching expressions to do regular-expression matching. There is
*no* reason to allow fields of that type.
Don't bother checking the representation type when generating the string
representation of a field value. If a developer manages to get past all
the tests for FT_PCRE to register and add an instance of that field to
the protocol tree, either 1) the one and only string representation of
an FT_PCRE value is what they want, in which case, whatever, or 2) it's
*not* what they want, in which case, if they file a bug, ask a question
on a mailing list, or ask a question on the Q&A site, we can explain to
them that what they're doing is bogus.
I believe this was the original intention, to use these API restricitons
with dissectors only (not that I necessarily agree with that policy either),
and through copy-paste and lack of clear guidelines it spread to other
parts of the build.
Rename the checkAPI groups to make it very clear that this is dissector-only.
This doesn't mean, of course, that good programming practices shouldn't be
followed everywhere. In particular assertions need to be used properly.
Don't use them to catch runtime errors or validate input data.
This commit will be followed by another removing the various ugly hacks
people have been using to get around the checkAPI hammer.
The include_directories documentation at
https://cmake.org/cmake/help/latest/command/include_directories.html
says:
"Note: Prefer the target_include_directories() command to add include
directories to individual targets and optionally propagate/export them
to dependents."
Switch from include_directories to target_include_directories in a bunch
of places.
Add "SYSTEM" to the remaining external include_directories calls in
order to minimize our compiler warning blast radius.
FT_STRINGZPAD is for null-*padded* strings, where the field is in an
area of specified length, and, if the string is shorter than that
length, all bytes past the end of the string are NULs.
FT_STRINGZTRUNC is for null-*truncated* strings, where the field is in
an area of specified length and, if the string is shorter than that
length, there's a null character (which might be more than one byte, for
UCS-2, UTF-16, or UTF-32), and anything after that is not guaranteed to
have any particular value.
Use IS_FT_STRING() in some places rather than enumerating all the string
types, so that those places get automatically changed if the set of
string types changes.
Remove the --check-addtext and --build flags. They were used for
checkAddTextCalls, which was removed in e2735ecfdd.
Add the sources in ui/qt except for qcustomplot.{cpp,h}. Fix issues in
main.cpp, rtp_audio_stream.cpp, and wireshark_zip_helper.cpp.
Rename "index"es in packet-usb-hid.c.
Fall back on the Wayback Machine for some links.
Change-Id: I6a44a2caaeb4fa521c2f08196e7c36069e3bb842
Reviewed-on: https://code.wireshark.org/review/34103
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change all wireshark.org URLs to use https.
Fix some broken links while we're at it.
Change-Id: I161bf8eeca43b8027605acea666032da86f5ea1c
Reviewed-on: https://code.wireshark.org/review/34089
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add header files lists to add_library() so that Visual Studio can pick them
up and include them in a "Header Files" folder for easier navigation within
Visual Studio.
Change-Id: I7cd8e39550f4db67eed8205593060ae8b4a5b1b9
Reviewed-on: https://code.wireshark.org/review/31289
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
GRegex is a thin wrapper around PCRE. Inputs (patterns and subjects) are
assumed to be UTF-8 by default (unless G_REGEX_RAW is set). If the
subject is not valid UTF-8, normally pcre_exec will immediately return a
failure. However, as GLib sets PCRE_NO_UTF8_CHECK when G_REGEX_RAW is
given, pcre_exec() will skip the safety check and crash instead.
Fix this by always assuming raw byte patterns. Regression risk: patterns
such as `ö.ï` will no longer match `öñï` since `ñ` is a multi-byte
sequence. Patterns such as `(GET|POST) /` remain functional though.
Bug: 14905
Change-Id: I6450bb83f565d377f82a5dbb01690c5f49acd96f
Reviewed-on: https://code.wireshark.org/review/31935
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Use a locale-independent glib routine to format floating point numbers.
This avoids displaying floating point numbers as "86399,9921875" with
LC_ALL=nl_NL.UTF-8.
This output is consistent with val_from_unparsed which is used for
parsing display filter values and is already locale-independent. Note
that the displayed node labels in the dissection tree is still
locale-dependent (see proto_item_fill_label for FT_DOUBLE).
Bug: 15437
Change-Id: I64dd2b7dbb453022edf88b3052e2f67066189427
Reviewed-on: https://code.wireshark.org/review/31869
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
User guides are installed to doc/Wireshark. Use doc/wireshark instead.
Remove leftover variable CPACK_PACKAGE_NAME.
Change-Id: I9a1d6bdc7d8f0b48c61e43679285d5ba83904a63
Reviewed-on: https://code.wireshark.org/review/31851
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
Do not rely on strptime("%b") to parse the month, it does not correctly
recognize English month abbreviations on non-English systems. While at
it, do not try to parse milliseconds if seconds are missing.
Change-Id: Ia049bf362195eef1eba2f04ff7217049fa6a7d9d
Reviewed-on: https://code.wireshark.org/review/31707
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Found by scan-build.
Change-Id: I07e8bf2099e08f3f544dd846572717044aa95f7c
Reviewed-on: https://code.wireshark.org/review/31487
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Install headers to support plugins development on Windows.
Change-Id: I3161bd2f730edf62ab44fee6ce4fedbb9aee0d31
Reviewed-on: https://code.wireshark.org/review/30776
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
SEP_SPACE and BASE_NONE both default to colon (:). Fix SEP_SPACE and add SEP_NONE
Bug: 15253
Change-Id: Ib5db997714414370b08ffb9458c73d4aeef6aacf
Reviewed-on: https://code.wireshark.org/review/30447
Reviewed-by: Jeremy Martin <boardermartin@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
TRY/CATCH are macros, before returning the ENDTRY block must be executed
or the weirdest crashes can occur.
Change-Id: Ic56871322f8567263e2b8a81cce5a3c7042301b7
Fixes: v2.1.0rc0-2939-g5493fe0167 ("Convert ftype-tvbuff.c to ftype-protocol.c")
Reviewed-on: https://code.wireshark.org/review/30095
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The value of a string in single quotes in dfilter must fit into one
byte. The parser correctly parsed the beginning of the string,
however it didn't check whether there are more characters to parse.
Bug: 14084
Change-Id: Ifa2d7a31052b2c1020d84c42637b9b7afc57d8c0
Reviewed-on: https://code.wireshark.org/review/28298
Reviewed-by: Guy Harris <guy@alum.mit.edu>
When converting byte array strings to a FT_PROTOCOL value (for example,
when using a display filter such as `eth contains aa:bb`), the converted
memory in GByteArray was not freed. If an error occurred (the value
cannot be parsed as hex string), then an error message was leaked.
Fix the above issues and avoid an unnecessary g_memdup.
Change-Id: I3a076b3a2384b1a0e15ea8518f2e0f66a7b6ea49
Reviewed-on: https://code.wireshark.org/review/27130
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It has been replaced by cmake.
Change-Id: I83a5eddb8645dbbf6bca9f026066d2e995d8e87a
Reviewed-on: https://code.wireshark.org/review/26969
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Missed out some that would probably result in too many links.
Added FT_FRAMENUM_RETRANS_PREV and FT_FRAMENUM_RETRANS_NEXT to enum,
these display as arrows like REQUEST and RESPONSE do.
Change-Id: I6e8d222955f2ba59a713e8a389837b55a1c7f262
Reviewed-on: https://code.wireshark.org/review/24600
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Match closer the behavior of autotools which does not include epan in
its include paths by default.
Change-Id: I885bc7942490a5674c6ac75f9a8ea221555e3784
Reviewed-on: https://code.wireshark.org/review/24639
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Fix a tpyo while we're at it.
Change-Id: I1bde763ec2bd188c0f8afd1069db5a9f23963e8e
Reviewed-on: https://code.wireshark.org/review/24186
Reviewed-by: Guy Harris <guy@alum.mit.edu>
João Valverde