4 * Wireshark - Network traffic analyzer
5 * By Gerald Combs <gerald@wireshark.org>
6 * Copyright 2001 Gerald Combs
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public License
10 * as published by the Free Software Foundation; either version 2
11 * of the License, or (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
30 dfvm_insn_new(dfvm_opcode_t op)
34 insn = g_new(dfvm_insn_t, 1);
43 dfvm_value_free(dfvm_value_t *v)
47 FVALUE_FREE(v->value.fvalue);
50 drange_free(v->value.drange);
60 dfvm_insn_free(dfvm_insn_t *insn)
63 dfvm_value_free(insn->arg1);
66 dfvm_value_free(insn->arg2);
69 dfvm_value_free(insn->arg3);
76 dfvm_value_new(dfvm_value_type_t type)
80 v = g_new(dfvm_value_t, 1);
87 dfvm_dump(FILE *f, GPtrArray *insns)
97 drange_node *range_item;
101 for (id = 0; id < length; id++) {
103 insn = g_ptr_array_index(insns, id);
111 fprintf(f, "%05d CHECK_EXISTS\t%s\n",
112 id, arg1->value.hfinfo->abbrev);
116 fprintf(f, "%05d READ_TREE\t\t%s -> reg#%u\n",
117 id, arg1->value.hfinfo->abbrev,
118 arg2->value.numeric);
122 fprintf(f, "%05d CALL_FUNCTION\t%s (",
123 id, arg1->value.funcdef->name);
125 fprintf(f, "reg#%u", arg3->value.numeric);
128 fprintf(f, ", reg#%u", arg4->value.numeric);
130 fprintf(f, ") --> reg#%u\n", arg2->value.numeric);
134 value_str = fvalue_to_string_repr(arg1->value.fvalue,
135 FTREPR_DFILTER, NULL);
136 fprintf(f, "%05d PUT_FVALUE\t%s <%s> -> reg#%u\n",
138 fvalue_type_name(arg1->value.fvalue),
139 arg2->value.numeric);
145 fprintf(f, "%05d MK_RANGE\t\treg#%u[",
147 arg1->value.numeric);
148 for (range_list = arg3->value.drange->range_list;
150 range_list = range_list->next) {
151 range_item = range_list->data;
152 switch (range_item->ending) {
160 range_item->start_offset,
166 range_item->start_offset,
167 range_item->end_offset);
172 range_item->start_offset);
175 if (range_list->next != NULL)
178 fprintf(f, "] -> reg#%u\n",
179 arg2->value.numeric);
183 fprintf(f, "%05d ANY_EQ\t\treg#%u == reg#%u\n",
184 id, arg1->value.numeric, arg2->value.numeric);
188 fprintf(f, "%05d ANY_NE\t\treg#%u == reg#%u\n",
189 id, arg1->value.numeric, arg2->value.numeric);
193 fprintf(f, "%05d ANY_GT\t\treg#%u == reg#%u\n",
194 id, arg1->value.numeric, arg2->value.numeric);
198 fprintf(f, "%05d ANY_GE\t\treg#%u == reg#%u\n",
199 id, arg1->value.numeric, arg2->value.numeric);
203 fprintf(f, "%05d ANY_LT\t\treg#%u == reg#%u\n",
204 id, arg1->value.numeric, arg2->value.numeric);
208 fprintf(f, "%05d ANY_LE\t\treg#%u == reg#%u\n",
209 id, arg1->value.numeric, arg2->value.numeric);
212 case ANY_BITWISE_AND:
213 fprintf(f, "%05d ANY_BITWISE_AND\t\treg#%u == reg#%u\n",
214 id, arg1->value.numeric, arg2->value.numeric);
218 fprintf(f, "%05d ANY_CONTAINS\treg#%u contains reg#%u\n",
219 id, arg1->value.numeric, arg2->value.numeric);
223 fprintf(f, "%05d ANY_MATCHES\treg#%u matches reg#%u\n",
224 id, arg1->value.numeric, arg2->value.numeric);
228 fprintf(f, "%05d NOT\n", id);
232 fprintf(f, "%05d RETURN\n", id);
236 fprintf(f, "%05d IF-TRUE-GOTO\t%d\n",
237 id, arg1->value.numeric);
241 fprintf(f, "%05d IF-FALSE-GOTO\t%d\n",
242 id, arg1->value.numeric);
246 g_assert_not_reached();
252 /* Reads a field from the proto_tree and loads the fvalues into a register,
253 * if that field has not already been read. */
255 read_tree(dfilter_t *df, proto_tree *tree, header_field_info *hfinfo, int reg)
260 GList *fvalues = NULL;
261 gboolean found_something = FALSE;
263 /* Already loaded in this run of the dfilter? */
264 if (df->attempted_load[reg]) {
265 if (df->registers[reg]) {
273 df->attempted_load[reg] = TRUE;
276 finfos = proto_get_finfo_ptr_array(tree, hfinfo->id);
278 hfinfo = hfinfo->same_name_next;
281 else if (g_ptr_array_len(finfos) == 0) {
282 hfinfo = hfinfo->same_name_next;
286 found_something = TRUE;
290 for (i = 0; i < len; i++) {
291 finfo = g_ptr_array_index(finfos, i);
292 fvalues = g_list_prepend(fvalues, &finfo->value);
295 hfinfo = hfinfo->same_name_next;
298 if (!found_something) {
302 df->registers[reg] = fvalues;
308 put_fvalue(dfilter_t *df, fvalue_t *fv, int reg)
310 df->registers[reg] = g_list_append(NULL, fv);
314 typedef gboolean (*FvalueCmpFunc)(fvalue_t*, fvalue_t*);
317 any_test(dfilter_t *df, FvalueCmpFunc cmp, int reg1, int reg2)
319 GList *list_a, *list_b;
321 list_a = df->registers[reg1];
324 list_b = df->registers[reg2];
326 if (cmp(list_a->data, list_b->data)) {
329 list_b = g_list_next(list_b);
331 list_a = g_list_next(list_a);
337 /* Free the list nodes w/o freeing the memory that each
338 * list node points to. */
340 free_register_overhead(dfilter_t* df)
344 for (i = 0; i < df->num_registers; i++) {
345 if (df->registers[i]) {
346 g_list_free(df->registers[i]);
351 /* Takes the list of fvalue_t's in a register, uses fvalue_slice()
352 * to make a new list of fvalue_t's (which are ranges, or byte-slices),
353 * and puts the new list into a new register. */
355 mk_range(dfilter_t *df, int from_reg, int to_reg, drange *drange)
357 GList *from_list, *to_list;
358 fvalue_t *old_fv, *new_fv;
361 from_list = df->registers[from_reg];
364 old_fv = from_list->data;
365 new_fv = fvalue_slice(old_fv, drange);
366 /* Assert here because semcheck.c should have
367 * already caught the cases in which a slice
370 to_list = g_list_append(to_list, new_fv);
372 from_list = g_list_next(from_list);
375 df->registers[to_reg] = to_list;
381 dfvm_apply(dfilter_t *df, proto_tree *tree)
384 gboolean accum = TRUE;
388 dfvm_value_t *arg3 = NULL;
389 dfvm_value_t *arg4 = NULL;
390 header_field_info *hfinfo;
397 /* Clear registers */
398 for (i = 0; i < df->num_registers; i++) {
399 df->registers[i] = NULL;
400 df->attempted_load[i] = FALSE;
403 length = df->insns->len;
405 for (id = 0; id < length; id++) {
408 insn = g_ptr_array_index(df->insns, id);
414 hfinfo = arg1->value.hfinfo;
416 accum = proto_check_for_protocol_or_field(tree,
417 arg1->value.hfinfo->id);
422 hfinfo = hfinfo->same_name_next;
428 accum = read_tree(df, tree,
429 arg1->value.hfinfo, arg2->value.numeric);
438 param1 = df->registers[arg3->value.numeric];
441 param2 = df->registers[arg4->value.numeric];
443 accum = arg1->value.funcdef->function(param1, param2,
444 &df->registers[arg2->value.numeric]);
448 accum = put_fvalue(df,
449 arg1->value.fvalue, arg2->value.numeric);
455 arg1->value.numeric, arg2->value.numeric,
460 accum = any_test(df, fvalue_eq,
461 arg1->value.numeric, arg2->value.numeric);
465 accum = any_test(df, fvalue_ne,
466 arg1->value.numeric, arg2->value.numeric);
470 accum = any_test(df, fvalue_gt,
471 arg1->value.numeric, arg2->value.numeric);
475 accum = any_test(df, fvalue_ge,
476 arg1->value.numeric, arg2->value.numeric);
480 accum = any_test(df, fvalue_lt,
481 arg1->value.numeric, arg2->value.numeric);
485 accum = any_test(df, fvalue_le,
486 arg1->value.numeric, arg2->value.numeric);
489 case ANY_BITWISE_AND:
490 accum = any_test(df, fvalue_bitwise_and,
491 arg1->value.numeric, arg2->value.numeric);
495 accum = any_test(df, fvalue_contains,
496 arg1->value.numeric, arg2->value.numeric);
500 accum = any_test(df, fvalue_matches,
501 arg1->value.numeric, arg2->value.numeric);
509 free_register_overhead(df);
514 id = arg1->value.numeric;
521 id = arg1->value.numeric;
528 g_assert_not_reached();
533 g_assert_not_reached();
534 return FALSE; /* to appease the compiler */
git.samba.org / obnox / wireshark / wip.git / blob