4 * Wireshark - Network traffic analyzer
5 * By Gerald Combs <gerald@wireshark.org>
6 * Copyright 2001 Gerald Combs
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public License
10 * as published by the Free Software Foundation; either version 2
11 * of the License, or (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
29 #include "dfilter-int.h"
31 #include "syntax-tree.h"
32 #include "sttype-range.h"
33 #include "sttype-test.h"
34 #include "sttype-function.h"
36 #include <epan/exceptions.h>
37 #include <epan/packet.h>
39 #ifdef NEED_G_ASCII_STRCASECMP_H
40 #include "g_ascii_strcasecmp.h"
43 /* Enable debug logging by defining AM_CFLAGS
44 * so that it contains "-DDEBUG_dfilter".
45 * Usage: DebugLog(("Error: string=%s\n", str)); */
49 printf("%s:%u: ", __FILE__, __LINE__); \
57 semcheck(stnode_t *st_node);
59 typedef gboolean (*FtypeCanFunc)(enum ftenum);
61 /* Compares to ftenum_t's and decides if they're
62 * compatible or not (if they're the same basic type) */
64 compatible_ftypes(ftenum_t a, ftenum_t b)
69 case FT_FLOAT: /* XXX - should be able to compare with INT */
70 case FT_DOUBLE: /* XXX - should be able to compare with INT */
71 case FT_ABSOLUTE_TIME:
72 case FT_RELATIVE_TIME:
76 case FT_INT64: /* XXX - should be able to compare with INT */
77 case FT_UINT64: /* XXX - should be able to compare with INT */
85 return (b == FT_ETHER || b == FT_BYTES || b == FT_UINT_BYTES || b == FT_GUID || b == FT_OID);
128 g_assert_not_reached();
131 g_assert_not_reached();
135 /* Creates a FT_UINT32 fvalue with a given value. */
137 mk_uint32_fvalue(guint32 val)
141 fv = fvalue_new(FT_UINT32);
142 fvalue_set_uinteger(fv, val);
147 /* Try to make an fvalue from a string using a value_string or true_false_string.
148 * This works only for ftypes that are integers. Returns the created fvalue_t*
149 * or NULL if impossible. */
151 mk_fvalue_from_val_string(header_field_info *hfinfo, char *s)
153 static const true_false_string default_tf = { "True", "False" };
154 const true_false_string *tf = &default_tf;
155 const value_string *vals;
158 switch(hfinfo->type) {
163 case FT_ABSOLUTE_TIME:
164 case FT_RELATIVE_TIME:
195 g_assert_not_reached();
198 /* Reset the dfilter error message, since *something* interesting
199 * will happen, and the error message will be more interesting than
200 * any error message I happen to have now. */
201 dfilter_error_msg = NULL;
203 /* TRUE/FALSE *always* exist for FT_BOOLEAN. */
204 if (hfinfo->type == FT_BOOLEAN) {
205 if (hfinfo->strings) {
206 tf = hfinfo->strings;
209 if (g_ascii_strcasecmp(s, tf->true_string) == 0) {
210 return mk_uint32_fvalue(TRUE);
212 else if (g_ascii_strcasecmp(s, tf->false_string) == 0) {
213 return mk_uint32_fvalue(FALSE);
216 dfilter_fail("\"%s\" cannot be found among the possible values for %s.",
222 /* Do val_strings exist? */
223 if (!hfinfo->strings) {
224 dfilter_fail("%s cannot accept strings as values.",
229 vals = hfinfo->strings;
230 while (vals->strptr != NULL) {
231 if (g_ascii_strcasecmp(s, vals->strptr) == 0) {
232 return mk_uint32_fvalue(vals->value);
236 dfilter_fail("\"%s\" cannot be found among the possible values for %s.",
242 is_bytes_type(enum ftenum type)
257 case FT_ABSOLUTE_TIME:
258 case FT_RELATIVE_TIME:
281 g_assert_not_reached();
284 g_assert_not_reached();
288 /* Check the semantics of an existence test. */
290 check_exists(stnode_t *st_arg1)
296 DebugLog((" 4 check_exists() [%u]\n", i++));
297 switch (stnode_type_id(st_arg1)) {
302 case STTYPE_UNPARSED:
303 dfilter_fail("\"%s\" is neither a field nor a protocol name.",
304 stnode_data(st_arg1));
310 * XXX - why not? Shouldn't "eth[3:2]" mean
311 * "check whether the 'eth' field is present and
312 * has at least 2 bytes starting at an offset of
315 dfilter_fail("You cannot test whether a range is present.");
319 case STTYPE_FUNCTION:
320 /* XXX - Maybe we should change functions so they can return fields,
321 * in which case the 'exist' should be fine. */
322 dfilter_fail("You cannot test whether a function is present.");
326 case STTYPE_UNINITIALIZED:
330 case STTYPE_NUM_TYPES:
331 g_assert_not_reached();
335 struct check_drange_sanity_args {
340 /* Q: Where are sttype_range_drange() and sttype_range_hfinfo() defined?
342 * A: Those functions are defined by macros in epan/dfilter/sttype-range.h
344 * The macro which creates them, STTYPE_ACCESSOR, is defined in
345 * epan/dfilter/syntax-tree.h.
347 * From http://www.ethereal.com/lists/ethereal-dev/200308/msg00070.html
351 check_drange_node_sanity(gpointer data, gpointer user_data)
353 drange_node* drnode = data;
354 struct check_drange_sanity_args *args = user_data;
355 gint start_offset, end_offset, length;
356 header_field_info *hfinfo;
358 switch (drange_node_get_ending(drnode)) {
361 length = drange_node_get_length(drnode);
365 start_offset = drange_node_get_start_offset(drnode);
366 hfinfo = sttype_range_hfinfo(args->st);
367 dfilter_fail("Range %d:%d specified for \"%s\" isn't valid, "
368 "as length %d isn't positive",
369 start_offset, length,
378 * Make sure the start offset isn't beyond the end
379 * offset. This applies to negative offsets too.
382 /* XXX - [-ve - +ve] is probably pathological, but isn't
384 * [+ve - -ve] is probably pathological too, and happens to be
387 start_offset = drange_node_get_start_offset(drnode);
388 end_offset = drange_node_get_end_offset(drnode);
389 if (start_offset > end_offset) {
392 hfinfo = sttype_range_hfinfo(args->st);
393 dfilter_fail("Range %d-%d specified for \"%s\" isn't valid, "
394 "as %d is greater than %d",
395 start_offset, end_offset,
397 start_offset, end_offset);
407 g_assert_not_reached();
412 check_drange_sanity(stnode_t *st)
414 struct check_drange_sanity_args args;
419 drange_foreach_drange_node(sttype_range_drange(st),
420 check_drange_node_sanity, &args);
427 /* If the LHS of a relation test is a FIELD, run some checks
428 * and possibly some modifications of syntax tree nodes. */
430 check_relation_LHS_FIELD(const char *relation_string, FtypeCanFunc can_func,
431 gboolean allow_partial_value,
432 stnode_t *st_node, stnode_t *st_arg1, stnode_t *st_arg2)
435 sttype_id_t type1, type2;
436 header_field_info *hfinfo1, *hfinfo2;
437 ftenum_t ftype1, ftype2;
442 type1 = stnode_type_id(st_arg1);
443 type2 = stnode_type_id(st_arg2);
445 hfinfo1 = stnode_data(st_arg1);
446 ftype1 = hfinfo1->type;
448 DebugLog((" 5 check_relation_LHS_FIELD(%s)\n", relation_string));
450 if (!can_func(ftype1)) {
451 dfilter_fail("%s (type=%s) cannot participate in '%s' comparison.",
452 hfinfo1->abbrev, ftype_pretty_name(ftype1),
457 if (type2 == STTYPE_FIELD) {
458 hfinfo2 = stnode_data(st_arg2);
459 ftype2 = hfinfo2->type;
461 if (!compatible_ftypes(ftype1, ftype2)) {
462 dfilter_fail("%s and %s are not of compatible types.",
463 hfinfo1->abbrev, hfinfo2->abbrev);
466 /* Do this check even though you'd think that if
467 * they're compatible, then can_func() would pass. */
468 if (!can_func(ftype2)) {
469 dfilter_fail("%s (type=%s) cannot participate in specified comparison.",
470 hfinfo2->abbrev, ftype_pretty_name(ftype2));
474 else if (type2 == STTYPE_STRING) {
475 s = stnode_data(st_arg2);
476 if (strcmp(relation_string, "matches") == 0) {
477 /* Convert to a FT_PCRE */
478 fvalue = fvalue_from_string(FT_PCRE, s, dfilter_fail);
480 fvalue = fvalue_from_string(ftype1, s, dfilter_fail);
482 /* check value_string */
483 fvalue = mk_fvalue_from_val_string(hfinfo1, s);
490 new_st = stnode_new(STTYPE_FVALUE, fvalue);
491 sttype_test_set2_args(st_node, st_arg1, new_st);
492 stnode_free(st_arg2);
494 else if (type2 == STTYPE_UNPARSED) {
495 s = stnode_data(st_arg2);
496 if (strcmp(relation_string, "matches") == 0) {
497 /* Convert to a FT_PCRE */
498 fvalue = fvalue_from_unparsed(FT_PCRE, s, FALSE, dfilter_fail);
500 fvalue = fvalue_from_unparsed(ftype1, s, allow_partial_value, dfilter_fail);
502 /* check value_string */
503 fvalue = mk_fvalue_from_val_string(hfinfo1, s);
510 new_st = stnode_new(STTYPE_FVALUE, fvalue);
511 sttype_test_set2_args(st_node, st_arg1, new_st);
512 stnode_free(st_arg2);
514 else if (type2 == STTYPE_RANGE) {
515 check_drange_sanity(st_arg2);
516 if (!is_bytes_type(ftype1)) {
517 if (!ftype_can_slice(ftype1)) {
518 dfilter_fail("\"%s\" is a %s and cannot be converted into a sequence of bytes.",
520 ftype_pretty_name(ftype1));
524 /* Convert entire field to bytes */
525 new_st = stnode_new(STTYPE_RANGE, NULL);
527 rn = drange_node_new();
528 drange_node_set_start_offset(rn, 0);
529 drange_node_set_to_the_end(rn);
530 /* st_arg1 is freed in this step */
531 sttype_range_set1(new_st, st_arg1, rn);
533 sttype_test_set2_args(st_node, new_st, st_arg2);
537 g_assert_not_reached();
542 check_relation_LHS_STRING(const char* relation_string,
543 FtypeCanFunc can_func _U_, gboolean allow_partial_value _U_,
545 stnode_t *st_arg1, stnode_t *st_arg2)
548 sttype_id_t type1, type2;
549 header_field_info *hfinfo2;
554 type1 = stnode_type_id(st_arg1);
555 type2 = stnode_type_id(st_arg2);
557 DebugLog((" 5 check_relation_LHS_STRING()\n"));
559 if (type2 == STTYPE_FIELD) {
560 hfinfo2 = stnode_data(st_arg2);
561 ftype2 = hfinfo2->type;
563 if (!can_func(ftype2)) {
564 dfilter_fail("%s (type=%s) cannot participate in '%s' comparison.",
565 hfinfo2->abbrev, ftype_pretty_name(ftype2),
570 s = stnode_data(st_arg1);
571 fvalue = fvalue_from_string(ftype2, s, dfilter_fail);
573 /* check value_string */
574 fvalue = mk_fvalue_from_val_string(hfinfo2, s);
580 new_st = stnode_new(STTYPE_FVALUE, fvalue);
581 sttype_test_set2_args(st_node, new_st, st_arg2);
582 stnode_free(st_arg1);
584 else if (type2 == STTYPE_STRING || type2 == STTYPE_UNPARSED) {
585 /* Well now that's silly... */
586 dfilter_fail("Neither \"%s\" nor \"%s\" are field or protocol names.",
587 stnode_data(st_arg1),
588 stnode_data(st_arg2));
591 else if (type2 == STTYPE_RANGE) {
592 check_drange_sanity(st_arg2);
593 s = stnode_data(st_arg1);
594 fvalue = fvalue_from_string(FT_BYTES, s, dfilter_fail);
598 new_st = stnode_new(STTYPE_FVALUE, fvalue);
599 sttype_test_set2_args(st_node, new_st, st_arg2);
600 stnode_free(st_arg1);
603 g_assert_not_reached();
608 check_relation_LHS_UNPARSED(const char* relation_string,
609 FtypeCanFunc can_func, gboolean allow_partial_value,
611 stnode_t *st_arg1, stnode_t *st_arg2)
614 sttype_id_t type1, type2;
615 header_field_info *hfinfo2;
620 type1 = stnode_type_id(st_arg1);
621 type2 = stnode_type_id(st_arg2);
623 DebugLog((" 5 check_relation_LHS_UNPARSED()\n"));
625 if (type2 == STTYPE_FIELD) {
626 hfinfo2 = stnode_data(st_arg2);
627 ftype2 = hfinfo2->type;
629 if (!can_func(ftype2)) {
630 dfilter_fail("%s (type=%s) cannot participate in '%s' comparison.",
631 hfinfo2->abbrev, ftype_pretty_name(ftype2),
636 s = stnode_data(st_arg1);
637 fvalue = fvalue_from_unparsed(ftype2, s, allow_partial_value, dfilter_fail);
639 /* check value_string */
640 fvalue = mk_fvalue_from_val_string(hfinfo2, s);
646 new_st = stnode_new(STTYPE_FVALUE, fvalue);
647 sttype_test_set2_args(st_node, new_st, st_arg2);
648 stnode_free(st_arg1);
650 else if (type2 == STTYPE_STRING || type2 == STTYPE_UNPARSED) {
651 /* Well now that's silly... */
652 dfilter_fail("Neither \"%s\" nor \"%s\" are field or protocol names.",
653 stnode_data(st_arg1),
654 stnode_data(st_arg2));
657 else if (type2 == STTYPE_RANGE) {
658 check_drange_sanity(st_arg2);
659 s = stnode_data(st_arg1);
660 fvalue = fvalue_from_unparsed(FT_BYTES, s, allow_partial_value, dfilter_fail);
664 new_st = stnode_new(STTYPE_FVALUE, fvalue);
665 sttype_test_set2_args(st_node, new_st, st_arg2);
666 stnode_free(st_arg1);
669 g_assert_not_reached();
674 check_relation_LHS_RANGE(const char *relation_string, FtypeCanFunc can_func _U_,
675 gboolean allow_partial_value,
677 stnode_t *st_arg1, stnode_t *st_arg2)
680 sttype_id_t type1, type2;
681 header_field_info *hfinfo1, *hfinfo2;
682 ftenum_t ftype1, ftype2;
687 type1 = stnode_type_id(st_arg1);
688 type2 = stnode_type_id(st_arg2);
689 hfinfo1 = sttype_range_hfinfo(st_arg1);
690 ftype1 = hfinfo1->type;
692 DebugLog((" 5 check_relation_LHS_RANGE(%s)\n", relation_string));
694 if (!ftype_can_slice(ftype1)) {
695 dfilter_fail("\"%s\" is a %s and cannot be sliced into a sequence of bytes.",
696 hfinfo1->abbrev, ftype_pretty_name(ftype1));
700 check_drange_sanity(st_arg1);
702 if (type2 == STTYPE_FIELD) {
703 DebugLog((" 5 check_relation_LHS_RANGE(type2 = STTYPE_FIELD)\n"));
704 hfinfo2 = stnode_data(st_arg2);
705 ftype2 = hfinfo2->type;
707 if (!is_bytes_type(ftype2)) {
708 if (!ftype_can_slice(ftype2)) {
709 dfilter_fail("\"%s\" is a %s and cannot be converted into a sequence of bytes.",
711 ftype_pretty_name(ftype2));
715 /* Convert entire field to bytes */
716 new_st = stnode_new(STTYPE_RANGE, NULL);
718 rn = drange_node_new();
719 drange_node_set_start_offset(rn, 0);
720 drange_node_set_to_the_end(rn);
721 /* st_arg2 is freed in this step */
722 sttype_range_set1(new_st, st_arg2, rn);
724 sttype_test_set2_args(st_node, st_arg1, new_st);
727 else if (type2 == STTYPE_STRING) {
728 DebugLog((" 5 check_relation_LHS_RANGE(type2 = STTYPE_STRING)\n"));
729 s = stnode_data(st_arg2);
730 if (strcmp(relation_string, "matches") == 0) {
731 /* Convert to a FT_PCRE */
732 fvalue = fvalue_from_string(FT_PCRE, s, dfilter_fail);
734 fvalue = fvalue_from_string(FT_BYTES, s, dfilter_fail);
737 DebugLog((" 5 check_relation_LHS_RANGE(type2 = STTYPE_STRING): Could not convert from string!\n"));
740 new_st = stnode_new(STTYPE_FVALUE, fvalue);
741 sttype_test_set2_args(st_node, st_arg1, new_st);
742 stnode_free(st_arg2);
744 else if (type2 == STTYPE_UNPARSED) {
745 DebugLog((" 5 check_relation_LHS_RANGE(type2 = STTYPE_UNPARSED)\n"));
746 s = stnode_data(st_arg2);
747 if (strcmp(relation_string, "matches") == 0) {
748 /* Convert to a FT_PCRE */
749 fvalue = fvalue_from_unparsed(FT_PCRE, s, FALSE, dfilter_fail);
751 fvalue = fvalue_from_unparsed(FT_BYTES, s, allow_partial_value, dfilter_fail);
754 DebugLog((" 5 check_relation_LHS_RANGE(type2 = STTYPE_UNPARSED): Could not convert from string!\n"));
757 new_st = stnode_new(STTYPE_FVALUE, fvalue);
758 sttype_test_set2_args(st_node, st_arg1, new_st);
759 stnode_free(st_arg2);
761 else if (type2 == STTYPE_RANGE) {
762 DebugLog((" 5 check_relation_LHS_RANGE(type2 = STTYPE_RANGE)\n"));
763 check_drange_sanity(st_arg2);
766 g_assert_not_reached();
771 check_param_entity(stnode_t *st_node)
778 e_type = stnode_type_id(st_node);
779 /* If there's an unparsed string, change it to an FT_STRING */
780 if (e_type == STTYPE_UNPARSED) {
781 s = stnode_data(st_node);
782 fvalue = fvalue_from_unparsed(FT_STRING, s, FALSE, dfilter_fail);
787 new_st = stnode_new(STTYPE_FVALUE, fvalue);
788 stnode_free(st_node);
796 /* If the LHS of a relation test is a FUNCTION, run some checks
797 * and possibly some modifications of syntax tree nodes. */
799 check_relation_LHS_FUNCTION(const char *relation_string, FtypeCanFunc can_func,
800 gboolean allow_partial_value,
801 stnode_t *st_node, stnode_t *st_arg1, stnode_t *st_arg2)
805 header_field_info *hfinfo2;
806 ftenum_t ftype1, ftype2;
811 df_func_def_t *funcdef;
815 type2 = stnode_type_id(st_arg2);
817 funcdef = sttype_function_funcdef(st_arg1);
818 ftype1 = funcdef->retval_ftype;
820 params = sttype_function_params(st_arg1);
821 num_params = g_slist_length(params);
822 if (num_params < funcdef->min_nargs) {
823 dfilter_fail("Function %s needs at least %u arguments.",
824 funcdef->name, funcdef->min_nargs);
827 else if (num_params > funcdef->max_nargs) {
828 dfilter_fail("Function %s can only accept %u arguments.",
829 funcdef->name, funcdef->max_nargs);
835 params->data = check_param_entity(params->data);
836 funcdef->semcheck_param_function(param_i, params->data);
837 params = params->next;
840 DebugLog((" 5 check_relation_LHS_FUNCTION(%s)\n", relation_string));
842 if (!can_func(ftype1)) {
843 dfilter_fail("Function %s (type=%s) cannot participate in '%s' comparison.",
844 funcdef->name, ftype_pretty_name(ftype1),
849 if (type2 == STTYPE_FIELD) {
850 hfinfo2 = stnode_data(st_arg2);
851 ftype2 = hfinfo2->type;
853 if (!compatible_ftypes(ftype1, ftype2)) {
854 dfilter_fail("Function %s and %s are not of compatible types.",
855 funcdef->name, hfinfo2->abbrev);
858 /* Do this check even though you'd think that if
859 * they're compatible, then can_func() would pass. */
860 if (!can_func(ftype2)) {
861 dfilter_fail("%s (type=%s) cannot participate in specified comparison.",
862 hfinfo2->abbrev, ftype_pretty_name(ftype2));
866 else if (type2 == STTYPE_STRING) {
867 s = stnode_data(st_arg2);
868 if (strcmp(relation_string, "matches") == 0) {
869 /* Convert to a FT_PCRE */
870 fvalue = fvalue_from_string(FT_PCRE, s, dfilter_fail);
872 fvalue = fvalue_from_string(ftype1, s, dfilter_fail);
878 new_st = stnode_new(STTYPE_FVALUE, fvalue);
879 sttype_test_set2_args(st_node, st_arg1, new_st);
880 stnode_free(st_arg2);
882 else if (type2 == STTYPE_UNPARSED) {
883 s = stnode_data(st_arg2);
884 if (strcmp(relation_string, "matches") == 0) {
885 /* Convert to a FT_PCRE */
886 fvalue = fvalue_from_unparsed(FT_PCRE, s, FALSE, dfilter_fail);
888 fvalue = fvalue_from_unparsed(ftype1, s, allow_partial_value, dfilter_fail);
894 new_st = stnode_new(STTYPE_FVALUE, fvalue);
895 sttype_test_set2_args(st_node, st_arg1, new_st);
896 stnode_free(st_arg2);
898 else if (type2 == STTYPE_RANGE) {
899 check_drange_sanity(st_arg2);
900 if (!is_bytes_type(ftype1)) {
901 if (!ftype_can_slice(ftype1)) {
902 dfilter_fail("Function \"%s\" is a %s and cannot be converted into a sequence of bytes.",
904 ftype_pretty_name(ftype1));
908 /* Convert entire field to bytes */
909 new_st = stnode_new(STTYPE_RANGE, NULL);
911 rn = drange_node_new();
912 drange_node_set_start_offset(rn, 0);
913 drange_node_set_to_the_end(rn);
914 /* st_arg1 is freed in this step */
915 sttype_range_set1(new_st, st_arg1, rn);
917 sttype_test_set2_args(st_node, new_st, st_arg2);
921 g_assert_not_reached();
926 /* Check the semantics of any relational test. */
928 check_relation(const char *relation_string, gboolean allow_partial_value,
929 FtypeCanFunc can_func, stnode_t *st_node,
930 stnode_t *st_arg1, stnode_t *st_arg2)
935 header_field_info *hfinfo;
937 DebugLog((" 4 check_relation(\"%s\") [%u]\n", relation_string, i++));
939 /* Protocol can only be on LHS (for "contains" or "matches" operators).
940 * Check to see if protocol is on RHS. This catches the case where the
941 * user has written "fc" on the RHS, probably intending a byte value
942 * rather than the fibre channel protocol.
945 if (stnode_type_id(st_arg2) == STTYPE_FIELD) {
946 hfinfo = stnode_data(st_arg2);
947 if (hfinfo->type == FT_PROTOCOL)
948 dfilter_fail("Protocol (\"%s\") cannot appear on right-hand side of comparison.", hfinfo->abbrev);
952 switch (stnode_type_id(st_arg1)) {
954 check_relation_LHS_FIELD(relation_string, can_func,
955 allow_partial_value, st_node, st_arg1, st_arg2);
958 check_relation_LHS_STRING(relation_string, can_func,
959 allow_partial_value, st_node, st_arg1, st_arg2);
962 check_relation_LHS_RANGE(relation_string, can_func,
963 allow_partial_value, st_node, st_arg1, st_arg2);
965 case STTYPE_UNPARSED:
966 check_relation_LHS_UNPARSED(relation_string, can_func,
967 allow_partial_value, st_node, st_arg1, st_arg2);
969 case STTYPE_FUNCTION:
970 check_relation_LHS_FUNCTION(relation_string, can_func,
971 allow_partial_value, st_node, st_arg1, st_arg2);
974 case STTYPE_UNINITIALIZED:
979 g_assert_not_reached();
983 /* Check the semantics of any type of TEST */
985 check_test(stnode_t *st_node)
988 stnode_t *st_arg1, *st_arg2;
993 DebugLog((" 3 check_test(stnode_t *st_node = %p) [%u]\n", st_node, i));
995 sttype_test_get(st_node, &st_op, &st_arg1, &st_arg2);
998 case TEST_OP_UNINITIALIZED:
999 g_assert_not_reached();
1002 case TEST_OP_EXISTS:
1003 check_exists(st_arg1);
1017 check_relation("==", FALSE, ftype_can_eq, st_node, st_arg1, st_arg2);
1020 check_relation("!=", FALSE, ftype_can_ne, st_node, st_arg1, st_arg2);
1023 check_relation(">", FALSE, ftype_can_gt, st_node, st_arg1, st_arg2);
1026 check_relation(">=", FALSE, ftype_can_ge, st_node, st_arg1, st_arg2);
1029 check_relation("<", FALSE, ftype_can_lt, st_node, st_arg1, st_arg2);
1032 check_relation("<=", FALSE, ftype_can_le, st_node, st_arg1, st_arg2);
1034 case TEST_OP_BITWISE_AND:
1035 check_relation("&", FALSE, ftype_can_bitwise_and, st_node, st_arg1, st_arg2);
1037 case TEST_OP_CONTAINS:
1038 check_relation("contains", TRUE, ftype_can_contains, st_node, st_arg1, st_arg2);
1040 case TEST_OP_MATCHES:
1042 check_relation("matches", TRUE, ftype_can_matches, st_node, st_arg1, st_arg2);
1044 dfilter_fail("This Wireshark version does not support the \"matches\" operation.");
1050 g_assert_not_reached();
1052 DebugLog((" 3 check_test(stnode_t *st_node = %p) [%u] - End\n", st_node, i++));
1056 /* Check the entire syntax tree. */
1058 semcheck(stnode_t *st_node)
1060 #ifdef DEBUG_dfilter
1063 DebugLog((" 2 semcheck(stnode_t *st_node = %p) [%u]\n", st_node, i++));
1064 /* The parser assures that the top-most syntax-tree
1065 * node will be a TEST node, no matter what. So assert that. */
1066 switch (stnode_type_id(st_node)) {
1068 check_test(st_node);
1071 g_assert_not_reached();
1076 /* Check the syntax tree for semantic errors, and convert
1077 * some of the nodes into the form they need to be in order to
1078 * later generate the DFVM bytecode. */
1080 dfw_semcheck(dfwork_t *dfw)
1082 volatile gboolean ok_filter = TRUE;
1083 #ifdef DEBUG_dfilter
1087 DebugLog(("1 dfw_semcheck(dfwork_t *dfw = %p) [%u]\n", dfw, i));
1088 /* Instead of having to check for errors at every stage of
1089 * the semantic-checking, the semantic-checking code will
1090 * throw an exception if a problem is found. */
1092 semcheck(dfw->st_root);
1099 DebugLog(("1 dfw_semcheck(dfwork_t *dfw = %p) [%u] - Returns %d\n",
1100 dfw, i++,ok_filter));