260942e170
This replaces the current macro reference system with a completely different implementation. Instead of a macro a reference is a syntax element. A reference is a constant that can be filled in the dfilter code after compilation from an existing protocol tree. It is best understood as a field value that can be read from a fixed tree that is not the frame being filtered. Usually this fixed tree is the currently selected frame when the filter is applied. This allows comparing fields in the filtered frame with fields in the selected frame. Because the field reference syntax uses the same sigil notation as a macro we have to use a heuristic to distinguish them: if the name has a dot it is a field reference, otherwise it is a macro name. The reference is synctatically validated at compile time. There are two main advantages to this implementation (and a couple of minor ones): The protocol tree for each selected frame is only walked if we have a display filter and if the display filter uses references. Also only the actual reference values are copied, intead of loading the entire tree into a hash table (in textual form even). The other advantage is that the reference is tested like a protocol field against all the values in the selected frame (if there is more than one). Currently the reference fields are not "primed" during dissection, so the entire tree is walked to find a particular reference (this is similar to the previous implementation). If the display filter contains a valid reference and the reference is not loaded at the time the filter is run the result is the same as a non existing field for a regular READ_TREE instruction. Fixes #17599.
49 lines
1.1 KiB
C
49 lines
1.1 KiB
C
/** @file
|
|
*
|
|
* Wireshark - Network traffic analyzer
|
|
* By Gerald Combs <gerald@wireshark.org>
|
|
* Copyright 2001 Gerald Combs
|
|
*
|
|
* SPDX-License-Identifier: GPL-2.0-or-later
|
|
*/
|
|
|
|
#ifndef _DFILTER_MACRO_H
|
|
#define _DFILTER_MACRO_H
|
|
|
|
#include "ws_symbol_export.h"
|
|
|
|
|
|
#define DFILTER_MACRO_FILENAME "dfilter_macros"
|
|
|
|
#ifdef __cplusplus
|
|
extern "C" {
|
|
#endif /* __cplusplus */
|
|
|
|
typedef struct _dfilter_macro_t {
|
|
gchar* name; /* the macro id */
|
|
gchar* text; /* raw data from file */
|
|
gboolean usable; /* macro is usable */
|
|
gchar** parts; /* various segments of text between insertion targets */
|
|
int* args_pos; /* what's to be inserted */
|
|
int argc; /* the expected number of arguments */
|
|
void* priv; /* a copy of text that contains every c-string in parts */
|
|
} dfilter_macro_t;
|
|
|
|
/* applies all macros to the given text and returns the resulting string or NULL on failure */
|
|
gchar* dfilter_macro_apply(const gchar* text, gchar** error);
|
|
|
|
void dfilter_macro_init(void);
|
|
|
|
struct epan_uat;
|
|
|
|
WS_DLL_PUBLIC
|
|
void dfilter_macro_get_uat(struct epan_uat **dfmu_ptr_ptr);
|
|
|
|
void dfilter_macro_cleanup(void);
|
|
|
|
#ifdef __cplusplus
|
|
}
|
|
#endif /* __cplusplus */
|
|
|
|
#endif /* _DFILTER_MACRO_H */
|