6d520addd1
The syntax for protocols and some literals like numbers
and bytes/addresses can be ambiguous. Some protocols can
be parsed as a literal, for example the protocol "fc"
(Fibre Channel) can be parsed as 0xFC.
If a numeric protocol is registered that will also take
precedence over any literal, according to the current
rules, thereby breaking numerical comparisons to that
number. The same for an hypothetical protocol named "true",
etc.
To allow the user to disambiguate this meaning introduce
new syntax.
Any value prefixed with ':' or enclosed in <,> will be treated
as a literal value only. The value :fc or <fc> will always
mean 0xFC, under any context. Never a protocol whose filter
name is "fc".
Likewise any value prefixed with a dot will always be parsed
as an identifier (protocol or protocol field) in the language.
Never any literal value parsed from the token "fc".
This allows the user to be explicit about the meaning,
and between the two explicit methods plus the ambiguous one
it doesn't completely break any one meaning.
The difference can be seen in the following two programs:
Filter: frame == fc
Constants:
Instructions:
00000 READ_TREE frame -> reg#0
00001 IF-FALSE-GOTO 5
00002 READ_TREE fc -> reg#1
00003 IF-FALSE-GOTO 5
00004 ANY_EQ reg#0 == reg#1
00005 RETURN
--------
Filter: frame == :fc
Constants:
00000 PUT_FVALUE fc <FT_PROTOCOL> -> reg#1
Instructions:
00000 READ_TREE frame -> reg#0
00001 IF-FALSE-GOTO 3
00002 ANY_EQ reg#0 == reg#1
00003 RETURN
The filter "frame == fc" is the same as "filter == .fc",
according to the current heuristic, except the first form
will try to parse it as a literal if the name does not
correspond to any registered protocol.
By treating a leading dot as a name in the language we
necessarily disallow writing floats with a leading dot. We
will also disallow writing with an ending dot when using
unparsed values. This is a backward incompatibility but has
the happy side effect of making the expression {1...2}
unambiguous.
This could either mean "1 .. .2" or "1. .. 2". If we require
a leading and ending digit then the meaning is clear:
1.0..0.2 -> 1.0 .. 0.2
Fixes #17731.
|
||
|---|---|---|
| .. | ||
| baseline | ||
| captures | ||
| config | ||
| keys | ||
| lua | ||
| protobuf_lang_files | ||
| suite_dfilter | ||
| suite_dissectors | ||
| README.test | ||
| conftest.py | ||
| fixtures.py | ||
| fixtures_ws.py | ||
| hosts.custom | ||
| hosts.global | ||
| hosts.personal | ||
| matchers.py | ||
| sampleif.py | ||
| subprocesstest.py | ||
| suite_capture.py | ||
| suite_clopts.py | ||
| suite_decryption.py | ||
| suite_dissection.py | ||
| suite_extcaps.py | ||
| suite_external.py | ||
| suite_fileformats.py | ||
| suite_follow.py | ||
| suite_follow_dccp.py | ||
| suite_follow_multistream.py | ||
| suite_io.py | ||
| suite_mergecap.py | ||
| suite_nameres.py | ||
| suite_netperfmeter.py | ||
| suite_outputformats.py | ||
| suite_release.py | ||
| suite_sharkd.py | ||
| suite_text2pcap.py | ||
| suite_unittests.py | ||
| suite_wslua.py | ||
| test.py | ||
| travis-upload-artifacts.sh | ||
| util_dump_dhcp_pcap.py | ||
README.test
Wireshark Tests The recommended steps to prepare for and to run tests: * Install two Python packages, pytest: `pip install pytest pytest-xdist` * Build programs (“wireshark”, “tshark”, etc.): `ninja` * Build additional programs for the “unittests” suite: `ninja test-programs` * Run tests in the build directory: `pytest` Replace `ninja test-programs` by `make test-programs` as needed. See the “Wireshark Tests” chapter of the Developer's Guide for details: https://www.wireshark.org/docs/wsdg_html_chunked/ChapterTests.html If you need to update the baseline files use the following commands (on a Linux system) mkdir ~/.config/wireshark/profiles/ctest TZ=UTC WIRESHARK_RUN_FROM_BUILD_DIRECTORY=1 build/run/tshark -C ctest -T ek -r test/captures/dhcp.pcap > test/baseline/dhcp.ek TZ=UTC WIRESHARK_RUN_FROM_BUILD_DIRECTORY=1 build/run/tshark -C ctest -T json -r test/captures/dhcp.pcap > test/baseline/dhcp.json TZ=UTC WIRESHARK_RUN_FROM_BUILD_DIRECTORY=1 build/run/tshark -C ctest -T jsonraw -r test/captures/dhcp.pcap > test/baseline/dhcp.jsonraw TZ=UTC WIRESHARK_RUN_FROM_BUILD_DIRECTORY=1 build/run/tshark -C ctest -T ek -r test/captures/dhcp.pcap -x > test/baseline/dhcp-raw.ek