Add upper() and lower() display filter functions for string fields.
svn path=/trunk/; revision=18071
makes lookup of those field_info structures during the filtering process
faster.
+5.4 Display Filter Functions
+
+You define a desplay filte function by adding an entry to
+the df_functions table in epan/dfilter/dfunctions.c. The record struct
+is defined in defunctions.h, and shown here:
+
+typedef struct {
+ char *name;
+ DFFuncType function;
+ ftenum_t retval_ftype;
+ guint min_nargs;
+ guint max_nargs;
+ DFSemCheckType semcheck_param_function;
+} df_func_def_t;
+
+name - the name of the function; this is how the user will call your
+ function in the display filter language
+
+function - this is the run-time processing of your function.
+
+retval_ftype - what type of FT_* type does your function return?
+
+min_nargs - minimum number of arguments your function accepts
+max_nargs - maximum number of arguments your function accepts
+
+semcheck_param_function - called during the semantic check of the
+ display filter string.
+
+DFFuncType function
+-------------------
+typedef gboolean (*DFFuncType)(GList *arg1list, GList *arg2list, GList **retval);
+
+The return value of your function is a gboolean; TRUE if processing went fine,
+or FALSE if there was some sort of exception.
+
+For now, display filter functions can accept a maximum of 2 arguments.
+The "arg1list" parameter is the GList for the first argument. The
+'arg2list" parameter is the GList for the second argument. All arguments
+to display filter functions are lists. This is because in the display
+filter language a protocol field may have multiple instances. For example,
+a field like "ip.addr" will exist more than once in a single frame. So
+when the user invokes this display filter:
+
+ somefunc(ip.addr) == TRUE
+
+even though "ip.addr" is a single argument, the "somefunc" function will
+receive a GList of *all* the values of "ip.addr" in the frame.
+
+Similarly, the return value of the function needs to be a GList, since all
+values in the display filter language are lists. The GList** retval argument
+is passed to your function so you can set the pointer to your return value.
+
+DFSemCheckType
+--------------
+typedef void (*DFSemCheckType)(int param_num, stnode_t *st_node);
+
+For each parameter in the syntax tree, this function will be called.
+"param_num" will indicate the number of the parameter, starting with 0.
+The "stnode_t" is the syntax-tree node representing that parameter.
+If everything is okay with the value of that stnode_t, your function
+does nothing --- it merely returns. If something is wrong, however,
+it should THROW a TypeError exception.
+
+
6.0 Adding new capabilities.
or selecting the "About Ethereal" item from the "Help" menu in B<Ethereal>.
+=head2 Functions
+
+The filter language has the following functions:
+
+ upper(string-field) - converts a string field to uppercase
+ lower(string-field) - converts a string field to lowercase
+
+upper() and lower() are useful for performing case-insensitive string
+comparisons. For example:
+
+ upper(ncp.nds_stream_name) contains "MACRO"
+ lower(mount.dump.hostname) == "angel"
+
=head2 Protocol field types
Each protocol field is typed. The types are:
dfilter.c \
dfilter.h \
dfilter-int.h \
+ dfunctions.c \
+ dfunctions.h \
dfvm.c \
dfvm.h \
drange.c \
scanner.c \
semcheck.c \
semcheck.h \
+ sttype-function.c \
+ sttype-function.h \
sttype-integer.c \
sttype-pointer.c \
sttype-range.c \
OBJECTS = \
dfilter.obj \
+ dfunctions.obj \
dfvm.obj \
drange.obj \
gencode.obj \
grammar.obj \
scanner.obj \
semcheck.obj \
+ sttype-function.obj \
sttype-integer.obj \
sttype-pointer.obj \
sttype-range.obj \
--- /dev/null
+/*
+ * $Id$
+ *
+ * Ethereal - Network traffic analyzer
+ *
+ * Copyright 2006 Gilbert Ramirez <gram@alumni.rice.edu>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <glib.h>
+
+#include "dfunctions.h"
+#include "dfilter-int.h"
+
+#include <string.h>
+#include <ctype.h>
+
+#include <ftypes/ftypes.h>
+#include <epan/exceptions.h>
+
+/* lowercase an ASCII character.
+ * (thanks to Guy Harris for the function) */
+static gchar
+string_ascii_to_lower(gchar c)
+{
+ return ((c & 0x80) ? c : tolower(c));
+}
+
+/* uppercase an ASCII character. */
+static gchar
+string_ascii_to_upper(gchar c)
+{
+ return ((c & 0x80) ? c : toupper(c));
+}
+
+
+/* Convert an FT_STRING using a callback function */
+static gboolean
+string_walk(GList* arg1list, GList **retval, gchar(*conv_func)(gchar))
+{
+ GList *arg1;
+ fvalue_t *arg_fvalue;
+ fvalue_t *new_ft_string;
+ char *s, *c;
+
+ arg1 = arg1list;
+ while (arg1) {
+ arg_fvalue = arg1->data;
+ switch (fvalue_ftype(arg_fvalue)->ftype) {
+ case FT_STRING:
+ s = g_strdup(fvalue_get(arg1->data));
+ for (c = s; *c; c++) {
+ /**c = string_ascii_to_lower(*c);*/
+ *c = conv_func(*c);
+ }
+
+ new_ft_string = fvalue_new(FT_STRING);
+ fvalue_set(new_ft_string, s, TRUE);
+ *retval = g_list_append(*retval, new_ft_string);
+ break;
+
+ /* XXX - it would be nice to handle FT_TVBUFF, too */
+
+ default:
+ break;
+ }
+ arg1 = arg1->next;
+ }
+
+ return TRUE;
+}
+
+/* dfilter function: lower() */
+static gboolean
+df_func_lower(GList* arg1list, GList *arg2junk _U_, GList **retval)
+{
+ return string_walk(arg1list, retval, string_ascii_to_lower);
+}
+
+/* dfilter function: upper() */
+static gboolean
+df_func_upper(GList* arg1list, GList *arg2junk _U_, GList **retval)
+{
+ return string_walk(arg1list, retval, string_ascii_to_upper);
+}
+
+/* For upper() and lower(), checks that the parameter passed to
+ * it is an FT_STRING */
+static void
+ul_semcheck_params(int param_num, stnode_t *st_node)
+{
+ sttype_id_t type;
+ ftenum_t ftype;
+ header_field_info *hfinfo;
+
+ type = stnode_type_id(st_node);
+
+ if (param_num == 0) {
+ switch(type) {
+ case STTYPE_FIELD:
+ hfinfo = stnode_data(st_node);
+ ftype = hfinfo->type;
+ if (ftype != FT_STRING && ftype != FT_STRINGZ
+ && ftype != FT_UINT_STRING) {
+ dfilter_fail("Only strings can be used in upper() or lower()");
+ THROW(TypeError);
+ }
+ break;
+ default:
+ dfilter_fail("Only string-type fields can be used in upper() or lower()");
+ THROW(TypeError);
+ }
+ }
+ else {
+ g_assert_not_reached();
+ }
+}
+
+/* The table of all display-filter functions */
+static df_func_def_t
+df_functions[] = {
+ { "lower", df_func_lower, FT_STRING, 1, 1, ul_semcheck_params },
+ { "upper", df_func_upper, FT_STRING, 1, 1, ul_semcheck_params },
+ { NULL, NULL, 0, 0, 0, NULL }
+};
+
+/* Lookup a display filter function record by name */
+df_func_def_t*
+df_func_lookup(char *name)
+{
+ df_func_def_t *func_def;
+
+ func_def = df_functions;
+ while (func_def->function != NULL) {
+ if (strcmp(func_def->name, name) == 0) {
+ return func_def;
+ }
+ func_def++;
+ }
+ return NULL;
+}
--- /dev/null
+/*
+ * $Id$
+ *
+ * Ethereal - Network traffic analyzer
+ *
+ * Copyright 2006 Gilbert Ramirez <gram@alumni.rice.edu>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ */
+
+#ifndef DFUNCTIONS_H
+#define DFUNCTIONS_H
+
+#include <glib.h>
+#include <ftypes/ftypes.h>
+#include "syntax-tree.h"
+
+/* The run-time logic of the dfilter function */
+typedef gboolean (*DFFuncType)(GList *arg1list, GList *arg2list, GList **retval);
+
+/* The semantic check for the dfilter function */
+typedef void (*DFSemCheckType)(int param_num, stnode_t *st_node);
+
+/* If a function needs more args than this, increase
+ * this macro and add more arg members to the dfvm_insn_t
+ * struct in dfvm.h, and add some logic to dfw_append_function()
+ * and dfvm_apply() */
+#define DFUNCTION_MAX_NARGS 2
+
+/* This is a "function definition" record, holding everything
+ * we need to know about a function */
+typedef struct {
+ char *name;
+ DFFuncType function;
+ ftenum_t retval_ftype;
+ guint min_nargs;
+ guint max_nargs;
+ DFSemCheckType semcheck_param_function;
+} df_func_def_t;
+
+/* Return the function definition record for a function of named "name" */
+df_func_def_t* df_func_lookup(char *name);
+
+#endif
arg2->value.numeric);
break;
+ case CALL_FUNCTION:
+ fprintf(f, "%05d CALL_FUNCTION\t%s (",
+ id, arg1->value.funcdef->name);
+ if (arg3) {
+ fprintf(f, "reg#%u", arg3->value.numeric);
+ }
+ if (arg4) {
+ fprintf(f, ", reg#%u", arg4->value.numeric);
+ }
+ fprintf(f, ") --> reg#%u\n", arg2->value.numeric);
+ break;
+
case PUT_FVALUE:
value_str = fvalue_to_string_repr(arg1->value.fvalue,
FTREPR_DFILTER, NULL);
dfvm_insn_t *insn;
dfvm_value_t *arg1;
dfvm_value_t *arg2;
- dfvm_value_t *arg3;
+ dfvm_value_t *arg3 = NULL;
+ dfvm_value_t *arg4 = NULL;
header_field_info *hfinfo;
+ GList *param1;
+ GList *param2;
g_assert(tree);
arg1->value.hfinfo, arg2->value.numeric);
break;
+ case CALL_FUNCTION:
+ arg3 = insn->arg3;
+ arg4 = insn->arg4;
+ param1 = NULL;
+ param2 = NULL;
+ if (arg3) {
+ param1 = df->registers[arg3->value.numeric];
+ }
+ if (arg4) {
+ param2 = df->registers[arg4->value.numeric];
+ }
+ accum = arg1->value.funcdef->function(param1, param2,
+ &df->registers[arg2->value.numeric]);
+ break;
+
case PUT_FVALUE:
accum = put_fvalue(df,
arg1->value.fvalue, arg2->value.numeric);
#include "dfilter-int.h"
#include "syntax-tree.h"
#include "drange.h"
+#include "dfunctions.h"
typedef enum {
EMPTY,
INSN_NUMBER,
REGISTER,
INTEGER,
- DRANGE
+ DRANGE,
+ FUNCTION_DEF
} dfvm_value_type_t;
typedef struct {
guint32 numeric;
drange *drange;
header_field_info *hfinfo;
+ df_func_def_t *funcdef;
} value;
} dfvm_value_t;
ANY_BITWISE_AND,
ANY_CONTAINS,
ANY_MATCHES,
- MK_RANGE
+ MK_RANGE,
+ CALL_FUNCTION
} dfvm_opcode_t;
typedef struct {
int id;
- int LHS;
dfvm_opcode_t op;
dfvm_value_t *arg1;
dfvm_value_t *arg2;
#include "syntax-tree.h"
#include "sttype-range.h"
#include "sttype-test.h"
+#include "sttype-function.h"
#include "ftypes/ftypes.h"
static void
gencode(dfwork_t *dfw, stnode_t *st_node);
+static int
+gen_entity(dfwork_t *dfw, stnode_t *st_arg, dfvm_value_t **p_jmp);
+
static void
dfw_append_insn(dfwork_t *dfw, dfvm_insn_t *insn)
{
return reg;
}
+/* returns register number that the functions's result will be in. */
+static int
+dfw_append_function(dfwork_t *dfw, stnode_t *node, dfvm_value_t **p_jmp)
+{
+ GSList *params;
+ int i, num_params, reg;
+ dfvm_value_t **jmps;
+ dfvm_insn_t *insn;
+ dfvm_value_t *val1, *val2, *val;
+
+ params = sttype_function_params(node);
+ num_params = g_slist_length(params);
+
+ /* Array to hold the instructions that need to jump to
+ * an instruction if they fail. */
+ jmps = g_malloc(num_params * sizeof(dfvm_value_t*));
+
+ /* Create the new DFVM instruction */
+ insn = dfvm_insn_new(CALL_FUNCTION);
+
+ val1 = dfvm_value_new(FUNCTION_DEF);
+ val1->value.funcdef = sttype_function_funcdef(node);
+ insn->arg1 = val1;
+ val2 = dfvm_value_new(REGISTER);
+ val2->value.numeric = dfw->next_register++;
+ insn->arg2 = val2;
+ insn->arg3 = NULL;
+ insn->arg4 = NULL;
+
+ i = 0;
+ while (params) {
+ jmps[i] = NULL;
+ reg = gen_entity(dfw, params->data, &jmps[i]);
+
+ val = dfvm_value_new(REGISTER);
+ val->value.numeric = reg;
+
+ switch(i) {
+ case 0:
+ insn->arg3 = val;
+ break;
+ case 1:
+ insn->arg4 = val;
+ break;
+ default:
+ g_assert_not_reached();
+ }
+
+ params = params->next;
+ i++;
+ }
+
+ dfw_append_insn(dfw, insn);
+
+ /* If any of our parameters failed, send them to
+ * our own failure instruction. This *has* to be done
+ * after we caled dfw_append_insn above so that
+ * we know what the next DFVM insruction is, via
+ * dfw->next_insn_id */
+ for (i = 0; i < num_params; i++) {
+ if (jmps[i]) {
+ jmps[i]->value.numeric = dfw->next_insn_id;
+ }
+ }
+
+ /* We need another instruction to jump to another exit
+ * place, if the call() of our function failed for some reaosn */
+ insn = dfvm_insn_new(IF_FALSE_GOTO);
+ g_assert(p_jmp);
+ *p_jmp = dfvm_value_new(INSN_NUMBER);
+ insn->arg1 = *p_jmp;
+ dfw_append_insn(dfw, insn);
+
+ g_free(jmps);
+
+ return val2->value.numeric;
+}
+
static void
gen_relation(dfwork_t *dfw, dfvm_opcode_t op, stnode_t *st_arg1, stnode_t *st_arg2)
{
- sttype_id_t type1, type2;
dfvm_insn_t *insn;
dfvm_value_t *val1, *val2;
dfvm_value_t *jmp1 = NULL, *jmp2 = NULL;
int reg1 = -1, reg2 = -1;
- header_field_info *hfinfo;
- type1 = stnode_type_id(st_arg1);
- type2 = stnode_type_id(st_arg2);
-
- if (type1 == STTYPE_FIELD) {
- hfinfo = stnode_data(st_arg1);
- reg1 = dfw_append_read_tree(dfw, hfinfo);
-
- insn = dfvm_insn_new(IF_FALSE_GOTO);
- jmp1 = dfvm_value_new(INSN_NUMBER);
- insn->arg1 = jmp1;
- dfw_append_insn(dfw, insn);
- }
- else if (type1 == STTYPE_FVALUE) {
- reg1 = dfw_append_put_fvalue(dfw, stnode_data(st_arg1));
- }
- else if (type1 == STTYPE_RANGE) {
- reg1 = dfw_append_mk_range(dfw, st_arg1);
- }
- else {
- g_assert_not_reached();
- }
-
- if (type2 == STTYPE_FIELD) {
- hfinfo = stnode_data(st_arg2);
- reg2 = dfw_append_read_tree(dfw, hfinfo);
-
- insn = dfvm_insn_new(IF_FALSE_GOTO);
- jmp2 = dfvm_value_new(INSN_NUMBER);
- insn->arg1 = jmp2;
- dfw_append_insn(dfw, insn);
- }
- else if (type2 == STTYPE_FVALUE) {
- reg2 = dfw_append_put_fvalue(dfw, stnode_data(st_arg2));
- }
- else if (type2 == STTYPE_RANGE) {
- reg2 = dfw_append_mk_range(dfw, st_arg2);
- }
- else {
- g_assert_not_reached();
- }
+ /* Create code for the LHS and RHS of the relation */
+ reg1 = gen_entity(dfw, st_arg1, &jmp1);
+ reg2 = gen_entity(dfw, st_arg2, &jmp2);
+ /* Then combine them in a DFVM insruction */
insn = dfvm_insn_new(op);
val1 = dfvm_value_new(REGISTER);
val1->value.numeric = reg1;
insn->arg2 = val2;
dfw_append_insn(dfw, insn);
+ /* If either of the relation argumnents need an "exit" instruction
+ * to jump to (on failure), mark them */
if (jmp1) {
jmp1->value.numeric = dfw->next_insn_id;
}
}
}
+/* Parse an entity, returning the reg that it gets put into.
+ * p_jmp will be set if it has to be set by the calling code; it should
+ * be set tothe place to jump to, to return to the calling code,
+ * if the load of a field from the proto_tree fails. */
+static int
+gen_entity(dfwork_t *dfw, stnode_t *st_arg, dfvm_value_t **p_jmp)
+{
+ sttype_id_t e_type;
+ dfvm_insn_t *insn;
+ header_field_info *hfinfo;
+ e_type = stnode_type_id(st_arg);
+ int reg = -1;
+
+ if (e_type == STTYPE_FIELD) {
+ hfinfo = stnode_data(st_arg);
+ reg = dfw_append_read_tree(dfw, hfinfo);
+
+ insn = dfvm_insn_new(IF_FALSE_GOTO);
+ g_assert(p_jmp);
+ *p_jmp = dfvm_value_new(INSN_NUMBER);
+ insn->arg1 = *p_jmp;
+ dfw_append_insn(dfw, insn);
+ }
+ else if (e_type == STTYPE_FVALUE) {
+ reg = dfw_append_put_fvalue(dfw, stnode_data(st_arg));
+ }
+ else if (e_type == STTYPE_RANGE) {
+ reg = dfw_append_mk_range(dfw, st_arg);
+ }
+ else if (e_type == STTYPE_FUNCTION) {
+ reg = dfw_append_function(dfw, st_arg, p_jmp);
+ }
+ else {
+ printf("sttype_id is %u\n", e_type);
+ g_assert_not_reached();
+ }
+ return reg;
+}
+
static void
gen_test(dfwork_t *dfw, stnode_t *st_node)
#include "syntax-tree.h"
#include "sttype-range.h"
#include "sttype-test.h"
+#include "sttype-function.h"
#include "drange.h"
#include "grammar.h"
%type drnode_list {GSList*}
%destructor drnode_list {drange_node_free_list($$);}
+%type funcparams {GSList*}
+%destructor funcparams {st_funcparams_free($$);}
+
/* This is called as soon as a syntax error happens. After that,
any "error" symbols are shifted, if possible. */
%syntax_error {
hfinfo = stnode_data(TOKEN);
dfilter_fail("Syntax error near \"%s\".", hfinfo->abbrev);
break;
+ case STTYPE_FUNCTION:
+ dfilter_fail("The function s was unexpected in this context.");
+ break;
/* These aren't handed to use as terminal tokens from
the scanner, so was can assert that we'll never
expr(X) ::= relation_test(R). { X = R; }
expr(X) ::= logical_test(L). { X = L; }
-expr(X) ::= LPAREN expr(Y) RPAREN.
-{
- X = Y;
-}
-
/* Logical tests */
logical_test(T) ::= expr(E) TEST_AND expr(F).
rel_op2(O) ::= TEST_MATCHES. { O = TEST_OP_MATCHES; }
+/* Functions */
+
+/* A function can have one or more parameters */
+entity(E) ::= FUNCTION(F) LPAREN funcparams(P) RPAREN.
+{
+ E = F;
+ sttype_function_set_params(E, P);
+}
+
+/* A function can have zero parameters. */
+entity(E) ::= FUNCTION(F) LPAREN RPAREN.
+{
+ E = F;
+}
+
+funcparams(P) ::= entity(E).
+{
+ P = g_slist_append(NULL, E);
+}
+
+funcparams(P) ::= funcparams(L) COMMA entity(E).
+{
+ P = g_slist_append(L, E);
+}
+
+
+/* Any expression inside parens is simply that expression */
+expr(X) ::= LPAREN expr(Y) RPAREN.
+{
+ X = Y;
+}
#include "dfilter-int.h"
#include "syntax-tree.h"
#include "grammar.h"
+#include "dfunctions.h"
/*
* GLib 1.2[.x] doesn't define G_MAXINT32 or G_MININT32; if they're not
"(" return simple(TOKEN_LPAREN);
")" return simple(TOKEN_RPAREN);
+"," return simple(TOKEN_COMMA);
"==" return simple(TOKEN_TEST_EQ);
"eq" return simple(TOKEN_TEST_EQ);
return set_lval(TOKEN_UNPARSED, yytext);
}
-[-\+[:alnum:]_.,:]+ {
+[-\+[:alnum:]_.:]+ {
/* Is it a field name? */
header_field_info *hfinfo;
+ df_func_def_t *df_func_def;
hfinfo = proto_registrar_get_byname(yytext);
if (hfinfo) {
return set_lval(TOKEN_FIELD, hfinfo);
}
else {
- /* No, so treat it as an unparsed string */
- return set_lval(TOKEN_UNPARSED, yytext);
+ /* Is it a function name? */
+ df_func_def = df_func_lookup(yytext);
+ if (df_func_def) {
+ /* yes, it's a dfilter function */
+ return set_lval(TOKEN_FUNCTION, df_func_def);
+ }
+ else {
+ /* No, so treat it as an unparsed string */
+ return set_lval(TOKEN_UNPARSED, yytext);
+ }
}
}
case TOKEN_UNPARSED:
type_id = STTYPE_UNPARSED;
break;
+ case TOKEN_FUNCTION:
+ type_id = STTYPE_FUNCTION;
+ break;
default:
g_assert_not_reached();
}
-
stnode_init(df_lval, type_id, data);
return token;
}
#include "syntax-tree.h"
#include "sttype-range.h"
#include "sttype-test.h"
+#include "sttype-function.h"
#include <epan/exceptions.h>
#include <epan/packet.h>
THROW(TypeError);
break;
+ case STTYPE_FUNCTION:
+ /* XXX - Maybe we should change functions so they can return fields,
+ * in which case the 'exist' should be fine. */
+ dfilter_fail("You cannot test whether a function is present.");
+ THROW(TypeError);
+ break;
+
case STTYPE_UNINITIALIZED:
case STTYPE_TEST:
case STTYPE_INTEGER:
}
}
+static stnode_t*
+check_param_entity(stnode_t *st_node)
+{
+ sttype_id_t e_type;
+ stnode_t *new_st;
+ fvalue_t *fvalue;
+ char *s;
+
+ e_type = stnode_type_id(st_node);
+ /* If there's an unparsed string, change it to an FT_STRING */
+ if (e_type == STTYPE_UNPARSED) {
+ s = stnode_data(st_node);
+ fvalue = fvalue_from_unparsed(FT_STRING, s, FALSE, dfilter_fail);
+ if (!fvalue) {
+ THROW(TypeError);
+ }
+
+ new_st = stnode_new(STTYPE_FVALUE, fvalue);
+ stnode_free(st_node);
+ return new_st;
+ }
+
+ return st_node;
+}
+
+
+/* If the LHS of a relation test is a FUNCTION, run some checks
+ * and possibly some modifications of syntax tree nodes. */
+static void
+check_relation_LHS_FUNCTION(const char *relation_string, FtypeCanFunc can_func,
+ gboolean allow_partial_value,
+ stnode_t *st_node, stnode_t *st_arg1, stnode_t *st_arg2)
+{
+ stnode_t *new_st;
+ sttype_id_t type2;
+ header_field_info *hfinfo2;
+ ftenum_t ftype1, ftype2;
+ fvalue_t *fvalue;
+ char *s;
+ int param_i;
+ drange_node *rn;
+ df_func_def_t *funcdef;
+ guint num_params;
+ GSList *params;
+
+ type2 = stnode_type_id(st_arg2);
+
+ funcdef = sttype_function_funcdef(st_arg1);
+ ftype1 = funcdef->retval_ftype;
+
+ params = sttype_function_params(st_arg1);
+ num_params = g_slist_length(params);
+ if (num_params < funcdef->min_nargs) {
+ dfilter_fail("Function %s needs at least %u arguments.",
+ funcdef->name, funcdef->min_nargs);
+ THROW(TypeError);
+ }
+ else if (num_params > funcdef->max_nargs) {
+ dfilter_fail("Function %s can only accept %u arguments.",
+ funcdef->name, funcdef->max_nargs);
+ THROW(TypeError);
+ }
+
+ param_i = 0;
+ while (params) {
+ params->data = check_param_entity(params->data);
+ funcdef->semcheck_param_function(param_i, params->data);
+ params = params->next;
+ }
+
+ DebugLog((" 5 check_relation_LHS_FUNCTION(%s)\n", relation_string));
+
+ if (!can_func(ftype1)) {
+ dfilter_fail("Function %s (type=%s) cannot participate in '%s' comparison.",
+ funcdef->name, ftype_pretty_name(ftype1),
+ relation_string);
+ THROW(TypeError);
+ }
+
+ if (type2 == STTYPE_FIELD) {
+ hfinfo2 = stnode_data(st_arg2);
+ ftype2 = hfinfo2->type;
+
+ if (!compatible_ftypes(ftype1, ftype2)) {
+ dfilter_fail("Function %s and %s are not of compatible types.",
+ funcdef->name, hfinfo2->abbrev);
+ THROW(TypeError);
+ }
+ /* Do this check even though you'd think that if
+ * they're compatible, then can_func() would pass. */
+ if (!can_func(ftype2)) {
+ dfilter_fail("%s (type=%s) cannot participate in specified comparison.",
+ hfinfo2->abbrev, ftype_pretty_name(ftype2));
+ THROW(TypeError);
+ }
+ }
+ else if (type2 == STTYPE_STRING) {
+ s = stnode_data(st_arg2);
+ if (strcmp(relation_string, "matches") == 0) {
+ /* Convert to a FT_PCRE */
+ fvalue = fvalue_from_string(FT_PCRE, s, dfilter_fail);
+ } else {
+ fvalue = fvalue_from_string(ftype1, s, dfilter_fail);
+ }
+ if (!fvalue) {
+ THROW(TypeError);
+ }
+
+ new_st = stnode_new(STTYPE_FVALUE, fvalue);
+ sttype_test_set2_args(st_node, st_arg1, new_st);
+ stnode_free(st_arg2);
+ }
+ else if (type2 == STTYPE_UNPARSED) {
+ s = stnode_data(st_arg2);
+ if (strcmp(relation_string, "matches") == 0) {
+ /* Convert to a FT_PCRE */
+ fvalue = fvalue_from_unparsed(FT_PCRE, s, FALSE, dfilter_fail);
+ } else {
+ fvalue = fvalue_from_unparsed(ftype1, s, allow_partial_value, dfilter_fail);
+ }
+ if (!fvalue) {
+ THROW(TypeError);
+ }
+
+ new_st = stnode_new(STTYPE_FVALUE, fvalue);
+ sttype_test_set2_args(st_node, st_arg1, new_st);
+ stnode_free(st_arg2);
+ }
+ else if (type2 == STTYPE_RANGE) {
+ check_drange_sanity(st_arg2);
+ if (!is_bytes_type(ftype1)) {
+ if (!ftype_can_slice(ftype1)) {
+ dfilter_fail("Function \"%s\" is a %s and cannot be converted into a sequence of bytes.",
+ funcdef->name,
+ ftype_pretty_name(ftype1));
+ THROW(TypeError);
+ }
+
+ /* Convert entire field to bytes */
+ new_st = stnode_new(STTYPE_RANGE, NULL);
+
+ rn = drange_node_new();
+ drange_node_set_start_offset(rn, 0);
+ drange_node_set_to_the_end(rn);
+ /* st_arg1 is freed in this step */
+ sttype_range_set1(new_st, st_arg1, rn);
+
+ sttype_test_set2_args(st_node, new_st, st_arg2);
+ }
+ }
+ else {
+ g_assert_not_reached();
+ }
+}
+
/* Check the semantics of any relational test. */
static void
check_relation_LHS_UNPARSED(relation_string, can_func,
allow_partial_value, st_node, st_arg1, st_arg2);
break;
+ case STTYPE_FUNCTION:
+ check_relation_LHS_FUNCTION(relation_string, can_func,
+ allow_partial_value, st_node, st_arg1, st_arg2);
+ break;
case STTYPE_UNINITIALIZED:
case STTYPE_TEST:
case STTYPE_INTEGER:
case STTYPE_FVALUE:
- case STTYPE_NUM_TYPES:
+ default:
g_assert_not_reached();
}
}
--- /dev/null
+/*
+ * $Id$
+ *
+ * Copyright (c) 2006 by Gilbert Ramirez <gram@alumni.rice.edu>
+ *
+ * Ethereal - Network traffic analyzer
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include "syntax-tree.h"
+#include "sttype-function.h"
+
+typedef struct {
+ guint32 magic;
+ df_func_def_t *funcdef;
+ GSList *params;
+} function_t;
+
+#define FUNCTION_MAGIC 0xe10f0f99
+
+static gpointer
+function_new(gpointer funcdef)
+{
+ function_t *stfuncrec;
+
+ g_assert(funcdef != NULL);
+
+ stfuncrec = g_new(function_t, 1);
+
+ stfuncrec->magic = FUNCTION_MAGIC;
+ stfuncrec->funcdef = funcdef;
+ stfuncrec->params = NULL;
+
+ return (gpointer) stfuncrec;
+}
+
+static void
+slist_stnode_free(gpointer data, gpointer user_data _U_)
+{
+ stnode_free(data);
+}
+
+void
+st_funcparams_free(GSList *params)
+{
+ g_slist_foreach(params, slist_stnode_free, NULL);
+ g_slist_free(params);
+}
+
+static void
+function_free(gpointer value)
+{
+ function_t *stfuncrec = value;
+ assert_magic(stfuncrec, FUNCTION_MAGIC);
+ st_funcparams_free(stfuncrec->params);
+ g_free(stfuncrec);
+}
+
+
+/* Set the parameters for a function stnode_t. */
+void
+sttype_function_set_params(stnode_t *node, GSList *params)
+{
+
+ function_t *stfuncrec;
+
+ stfuncrec = stnode_data(node);
+ assert_magic(stfuncrec, FUNCTION_MAGIC);
+
+ stfuncrec->params = params;
+}
+
+/* Get the function-definition record for a function stnode_t. */
+df_func_def_t*
+sttype_function_funcdef(stnode_t *node)
+{
+ function_t *stfuncrec;
+
+ stfuncrec = stnode_data(node);
+ assert_magic(stfuncrec, FUNCTION_MAGIC);
+ return stfuncrec->funcdef;
+}
+
+/* Get the parameters for a function stnode_t. */
+GSList*
+sttype_function_params(stnode_t *node)
+{
+ function_t *stfuncrec;
+
+ stfuncrec = stnode_data(node);
+ assert_magic(stfuncrec, FUNCTION_MAGIC);
+ return stfuncrec->params;
+}
+
+
+void
+sttype_register_function(void)
+{
+ static sttype_t function_type = {
+ STTYPE_FUNCTION,
+ "FUNCTION",
+ function_new,
+ function_free,
+ };
+
+ sttype_register(&function_type);
+}
+
--- /dev/null
+/*
+ * $Id: sttype-test.h 11400 2004-07-18 00:24:25Z guy $
+ *
+ * Ethereal - Network traffic analyzer
+ * By Gerald Combs <gerald@zing.org>
+ * Copyright 2001 Gerald Combs
+ *
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ */
+
+#ifndef STTYPE_FUNCTION_H
+#define STTYPE_FUNCTION_H
+
+#include "dfunctions.h"
+
+/* Set the parameters for a function stnode_t. */
+void
+sttype_function_set_params(stnode_t *node, GSList *params);
+
+/* Get the function-definition record for a function stnode_t. */
+df_func_def_t* sttype_function_funcdef(stnode_t *node);
+
+/* Get the parameters for a function stnode_t. */
+GSList* sttype_function_params(stnode_t *node);
+
+/* Free the memory of a param list */
+void st_funcparams_free(GSList *params);
+
+#endif
void
sttype_init(void)
{
+ sttype_register_function();
sttype_register_integer();
sttype_register_pointer();
sttype_register_range();
STTYPE_FVALUE,
STTYPE_INTEGER,
STTYPE_RANGE,
+ STTYPE_FUNCTION,
STTYPE_NUM_TYPES
} sttype_id_t;
} stnode_t;
/* These are the sttype_t registration function prototypes. */
+void sttype_register_function(void);
void sttype_register_integer(void);
void sttype_register_pointer(void);
void sttype_register_range(void);
{
static ftype_t bytes_type = {
+ FT_BYTES, /* ftype */
"FT_BYTES", /* name */
"sequence of bytes", /* pretty_name */
0, /* wire_size */
};
static ftype_t uint_bytes_type = {
+ FT_UINT_BYTES, /* ftype */
"FT_UINT_BYTES", /* name */
"sequence of bytes", /* pretty_name */
0, /* wire_size */
};
static ftype_t ether_type = {
+ FT_ETHER, /* ftype */
"FT_ETHER", /* name */
"Ethernet or other MAC address",/* pretty_name */
ETHER_LEN, /* wire_size */
};
static ftype_t ipv6_type = {
+ FT_IPv6, /* ftype */
"FT_IPv6", /* name */
"IPv6 address", /* pretty_name */
IPv6_LEN, /* wire_size */
};
static ftype_t oid_type = {
+ FT_OID, /* ftype */
"OID", /* name */
"OBJECT IDENTIFIER", /* pretty_name */
0, /* wire_size */
{
static ftype_t float_type = {
+ FT_FLOAT, /* ftype */
"FT_FLOAT", /* name */
"floating point (single-precision)", /* pretty_name */
0, /* wire_size */
};
static ftype_t double_type = {
+ FT_DOUBLE, /* ftype */
"FT_DOUBLE", /* name */
"floating point (double-precision)", /* pretty_name */
0, /* wire_size */
{
static ftype_t guid_type = {
+ FT_GUID, /* ftype */
"GUID", /* name */
"Globally Unique Identifier", /* pretty_name */
GUID_LEN, /* wire_size */
{
static ftype_t uint8_type = {
+ FT_UINT8, /* ftype */
"FT_UINT8", /* name */
"unsigned, 1 byte", /* pretty name */
1, /* wire_size */
NULL, /* slice */
};
static ftype_t uint16_type = {
+ FT_UINT16, /* ftype */
"FT_UINT16", /* name */
"unsigned, 2 bytes", /* pretty_name */
2, /* wire_size */
NULL, /* slice */
};
static ftype_t uint24_type = {
+ FT_UINT24, /* ftype */
"FT_UINT24", /* name */
"unsigned, 3 bytes", /* pretty_name */
3, /* wire_size */
NULL, /* slice */
};
static ftype_t uint32_type = {
+ FT_UINT32, /* ftype */
"FT_UINT32", /* name */
"unsigned, 4 bytes", /* pretty_name */
4, /* wire_size */
NULL, /* slice */
};
static ftype_t uint64_type = {
+ FT_UINT64, /* ftype */
"FT_UINT64", /* name */
"unsigned, 8 bytes", /* pretty_name */
8, /* wire_size */
NULL,
};
static ftype_t int8_type = {
+ FT_INT8, /* ftype */
"FT_INT8", /* name */
"signed, 1 byte", /* pretty_name */
1, /* wire_size */
NULL, /* slice */
};
static ftype_t int16_type = {
+ FT_INT16, /* ftype */
"FT_INT16", /* name */
"signed, 2 bytes", /* pretty_name */
2, /* wire_size */
NULL, /* slice */
};
static ftype_t int24_type = {
+ FT_INT24, /* ftype */
"FT_INT24", /* name */
"signed, 3 bytes", /* pretty_name */
3, /* wire_size */
NULL, /* slice */
};
static ftype_t int32_type = {
+ FT_INT32, /* ftype */
"FT_INT32", /* name */
"signed, 4 bytes", /* pretty_name */
4, /* wire_size */
NULL, /* slice */
};
static ftype_t int64_type = {
+ FT_INT64, /* ftype */
"FT_INT64", /* name */
"signed, 8 bytes", /* pretty_name */
8, /* wire_size */
NULL,
};
static ftype_t boolean_type = {
+ FT_BOOLEAN, /* ftype */
"FT_BOOLEAN", /* name */
"Boolean", /* pretty_name */
0, /* wire_size */
};
static ftype_t ipxnet_type = {
+ FT_IPXNET, /* ftype */
"FT_IPXNET", /* name */
"IPX network number", /* pretty_name */
4, /* wire_size */
};
static ftype_t framenum_type = {
+ FT_FRAMENUM, /* ftype */
"FT_FRAMENUM", /* name */
"frame number", /* pretty_name */
4, /* wire_size */
{
static ftype_t ipv4_type = {
+ FT_IPv4, /* ftype */
"FT_IPv4", /* name */
"IPv4 address", /* pretty_name */
4, /* wire_size */
{
static ftype_t none_type = {
+ FT_NONE, /* ftype */
"FT_NONE", /* name */
"label", /* pretty_name */
0, /* wire_size */
ftype_register_pcre(void)
{
static ftype_t pcre_type = {
+ FT_PCRE, /* ftype */
"FT_PCRE", /* name */
"Compiled Perl-Compatible Regular Expression object", /* pretty_name */
0, /* wire_size */
ftype_register_pcre(void)
{
static ftype_t pcre_type = {
+ FT_PCRE, /* ftype */
"FT_PCRE", /* name */
"Compiled Perl-Compatible Regular Expression object", /* pretty_name */
0, /* wire_size */
{
static ftype_t string_type = {
+ FT_STRING, /* ftype */
"FT_STRING", /* name */
"character string", /* pretty_name */
0, /* wire_size */
slice,
};
static ftype_t stringz_type = {
+ FT_STRINGZ, /* ftype */
"FT_STRINGZ", /* name */
"character string", /* pretty name */
0, /* wire_size */
slice,
};
static ftype_t uint_string_type = {
+ FT_UINT_STRING, /* ftype */
"FT_UINT_STRING", /* name */
"character string", /* pretty_name */
0, /* wire_size */
{
static ftype_t abstime_type = {
+ FT_ABSOLUTE_TIME, /* ftype */
"FT_ABSOLUTE_TIME", /* name */
"date/time", /* pretty_name */
0, /* wire_size */
NULL
};
static ftype_t reltime_type = {
+ FT_RELATIVE_TIME, /* ftype */
"FT_RELATIVE_TIME", /* name */
"time offset", /* pretty_name */
0, /* wire_size */
{
static ftype_t protocol_type = {
+ FT_PROTOCOL, /* ftype */
"FT_PROTOCOL", /* name */
"protocol", /* pretty_name */
0, /* wire_size */
{
/* Check input */
g_assert(ftype < FT_NUM_TYPES);
+ g_assert(ftype == ft->ftype);
/* Don't re-register. */
g_assert(type_list[ftype] == NULL);
return NULL;
}
+ftype_t*
+fvalue_ftype(fvalue_t *fv)
+{
+ return fv->ftype;
+}
+
const char*
fvalue_type_name(fvalue_t *fv)
{
typedef void (*FvalueSlice)(fvalue_t*, GByteArray *, guint offset, guint length);
struct _ftype_t {
+ ftenum_t ftype;
const char *name;
const char *pretty_name;
int wire_size;
extern char *
fvalue_to_string_repr(fvalue_t *fv, ftrepr_t rtype, char *buf);
+ftype_t*
+fvalue_ftype(fvalue_t *fv);
+
const char*
fvalue_type_name(fvalue_t *fv);
return self.DFilterCount(pkt_http,
'http.request.method contains 48:45:41:44"', 1) # "HEAD"
+ def ck_contains_fail_0(self):
+ return self.DFilterCount(pkt_http,
+ 'http.user_agent contains "update"', 0)
+
+ def ck_contains_fail_1(self):
+ return self.DFilterCount(pkt_http,
+ 'http.user_agent contains "UPDATE"', 0)
+
+ def ck_contains_upper_0(self):
+ return self.DFilterCount(pkt_http,
+ 'upper(http.user_agent) contains "UPDATE"', 1)
+
+ def ck_contains_upper_1(self):
+ return self.DFilterCount(pkt_http,
+ 'upper(http.user_agent) contains "update"', 0)
+
+ def ck_contains_upper_2(self):
+ return self.DFilterCount(pkt_http,
+ 'upper(tcp.seq) == 4', None)
+
+ def ck_contains_lower_0(self):
+ return self.DFilterCount(pkt_http,
+ 'lower(http.user_agent) contains "UPDATE"', 0)
+
+ def ck_contains_lower_1(self):
+ return self.DFilterCount(pkt_http,
+ 'lower(http.user_agent) contains "update"', 1)
+
+ def ck_contains_lower_2(self):
+ return self.DFilterCount(pkt_http,
+ 'lower(tcp.seq) == 4', None)
+
tests = [
ck_eq_1,
ck_contains_3,
ck_contains_4,
ck_contains_5,
+ ck_contains_fail_0,
+ ck_contains_fail_1,
+ ck_contains_upper_0,
+ ck_contains_upper_1,
+ ck_contains_upper_2,
+ ck_contains_lower_0,
+ ck_contains_lower_1,
+ ck_contains_lower_2,
]