| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
but will be in the future, and it's easier for me to keep my local branch
in sync with the source with the calls to dfilter_apply() already modified
tothe 4-arg format.
Add a CPP macro to ipv4.h to define ipv4_addr_ne(). Use it in dfilter.c
svn path=/trunk/; revision=1854
|
|
with MSVC 6.0 and 'nmake', the make tool that comes with MSVC.
It compiles, links, and runs. It doesn't run correctly. There's a problem
when reading files. I'm getting short reads. I'm not linking in zlib or
libsnmp because it first needs to be debugged.
I changed the plugin code to use gmodule instead of libltdl, but the
Unix build still links ethereal against libltdl. I'll fix that tonight; sorry
about leaving it in such a sad state, but I wanted to check in this code
before I left work on a Friday night. Ethereal still works, but the
building is less than optimal.
svn path=/trunk/; revision=1479
|
|
return the pointer to the compiled filter through a pointer argument.
Have it check whether the filter is a null filter and, if so, free up
the filter and supply a filter pointer, rather than obliging its callers
to check whether the filter actually has any code. (Well, they may want
to check if the filter is null, so that they don't save a pointer to the
filter text, e.g. so that the display filter displays as "none" rather
than as a blank string in the summary box.)
In the process, fix the check in "gtk/file_dlg.c" that tests whether the
read filter compiled successfully.
svn path=/trunk/; revision=812
|
|
the packet boundary. Now the field boundary is honored. The frame boundary
is ignored, but of course we put proper field lengths in the proto_tree,
right? :)
Implemented negative offsets in byte-strings:
frame[-4:4] will read the last 4 bytes of a frame.
Implemented "offset-only" byte-string comparisons, since the dfilter
compiler knows the length of the byte-string you supplied. These are
now legal:
frame[-4] == 0.0.0.1
tr.dst[0] == 00:06:29
Implemented the use of integers if you're comparing one byte. These are
legal:
llc[0] == 0xaa
llc[0:1] == 0xaa
All these forms check against the length of the field, so these will be
reported as bad to the user:
eth.src[5] == 00:06:29 (goes beyond field boundary)
eth.dst == 1.2.3.4.5.6.7 (too long, goes beyond field boundary)
Thes is also reported as bad:
eth.dst[0:3] == 1.2 (incorrect number of bytes specified)
eth.dst[0:1] == eth.src[0:2] (disparate lengths)
I had to add a new function, proto_registrar_get_length() in proto.c, which
reports the length of a field as can be determined at registration time.
There are some shift/reduce errors in the grammar that I need to get rid of.
svn path=/trunk/; revision=811
|
|
checking the length of the packet before copying bytes from the packet.
svn path=/trunk/; revision=807
|
|
"cf.dfcode" if the new filter doesn't compile, because the filter
currently in effect will be the one that was last applied - just free up
the text of the new filter, and whatever memory was allocated for the
new filter code.
This means we allocate a new dfilter when a new filter is to be applied,
rather than recycling stuff from the old filter, as we want the old
filter code to remain around if the new filter doesn't compile.
This means that "cf.dfilter" and "cf.dfcode" will be null if there's no
filter in effect.
svn path=/trunk/; revision=803
|
|
After a bad parse, instead of leaking this memory, the memory used for
those GNodes is now freed.
Added some memory-freeing "cleanup" routines for the dfilter and proto_tree
modules, which are called right before ethereal exits. Maybe once we get
a complete set of cleanup routines, we'll be able to better check if
memory is leaking.
svn path=/trunk/; revision=582
|
|
global variable, dfilter_error_msg is now available, being NULL when there
was no error, or pointing to a string when an error occurred. The three
places that dfilter_compile() is called now use this global variable to
report the error message to the user. A default error message is put
in that string if no context-specific error message is available (since
I only have one context-specifici error message, namely, ETHER values,
that will be most of the time).
svn path=/trunk/; revision=530
|
|
improving size of grammar and creating the possibility of dfilter_compile
reporting errors back to user. In this case, if an ETHER variable is
compared against a byte string that is not 6 bytes, an error condition is
flagged appropriately. I have not put in the code to conver that error flag
to a message to the user, but that's what I'm working on next.
Also, fixed sample debug session in README to show correct gdb prompt.
svn path=/trunk/; revision=522
|
|
in dfilter-grammar.y) to a new struct dfilter. Display filters now have
their own struct, rather than simply being GNode's. This allows multiple
display filters to exist at once, aiding John McDermott in his
work on colorization.
svn path=/trunk/; revision=480
|
|
display filter code but not outside it (and not static to one of the
modules in the display filter code), with most of that stuff moved there
from "dfilter.h".
Add a declaration of "byte_str_to_guint8_array()" to "dfilter-int.h".
svn path=/trunk/; revision=479
|
|
field by itself assumes you are checking for the existence of that protocol
or field.
Changed the format of the list of filterable fields in the man page.
Developers: run "./configure" so that your configure script will re-create
dfilter2pod from the new dfilter2pod.in
svn path=/trunk/; revision=426
|
|
as it standed depends on your lex being flex, but that only matters if you're
a developer. The distribution will include the dfilter-scanner.c file, so
that if the user doesn't modify dfilter-scanner.l, he won't need flex to
re-create the *.c file.
The new lex scanner gives me better syntax checking for ether addresses. I
thought I could get by using GScanner, but it simply wasn't powerful enough.
All operands have English-like abbreviations and C-like syntax:
and, && ; or, || ; eq, == ; ne, != ; , etc.
I removed the ETHER_VENDOR type in favor of letting the user use the [x:y]
notation: ether.src[0:3] == 0:6:29 instead of ether.srcvendor == 00:06:29
I implemented the IPXNET field type; it had been there before, but was
not implemented. I chose to make it use integer values rather than byte
ranges, since an IPX Network is 4 bytes. So a display filter looks like this:
ipx.srcnet == 0xc0a82c00
rather than this:
ipx.srcnet == c0:a8:2c:00
I can supposrt the byte-range type IPXNET in the future, very trivially.
I still have more work to do on the parser though. It needs to check ranges
when extracting byte ranges ([x:y]) from packets. And I need to get rid
of those reduce/reduce errors from yacc!
svn path=/trunk/; revision=414
|
|
but does not link. Perhaps someone who understands the MS tools can help
out. I made it link a few months ago, but with different version of glib/gtk+.
I can't remember how I made it link.
Most of the compatibility issues were resolved with adding
#ifdef HAVE_UNISTD_H the the source code. Please be sure to add this to all
future code.
svn path=/trunk/; revision=359
|
|
out the declaration of a variable used only by "#if 0"ed out code, to
eliminate some compiler warnings.
svn path=/trunk/; revision=344
|
|
mechanism that is built into ethereal. Wiretap is now used to read all
file formats. Libpcap is used only for capturing.
svn path=/trunk/; revision=342
|
