/* * Wireshark - Network traffic analyzer * By Gerald Combs * Copyright 2001 Gerald Combs * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ #include "config.h" #include #include #include #define CMP_MATCHES cmp_matches #include static void string_fvalue_new(fvalue_t *fv) { fv->value.string = NULL; } static void string_fvalue_free(fvalue_t *fv) { g_free(fv->value.string); } static void string_fvalue_set_string(fvalue_t *fv, const gchar *value) { DISSECTOR_ASSERT(value != NULL); /* Free up the old value, if we have one */ string_fvalue_free(fv); fv->value.string = (gchar *)g_strdup(value); } static int string_repr_len(fvalue_t *fv, ftrepr_t rtype, int field_display _U_) { switch (rtype) { case FTREPR_DISPLAY: return (int)strlen(fv->value.string); case FTREPR_DFILTER: return escape_string_len(fv->value.string); } g_assert_not_reached(); return -1; } static void string_to_repr(fvalue_t *fv, ftrepr_t rtype, int field_display _U_, char *buf, unsigned int size) { switch (rtype) { case FTREPR_DISPLAY: g_strlcpy(buf, fv->value.string, size); return; case FTREPR_DFILTER: escape_string(buf, fv->value.string); return; } g_assert_not_reached(); } static gpointer value_get(fvalue_t *fv) { return fv->value.string; } static gboolean val_from_string(fvalue_t *fv, const char *s, gchar **err_msg _U_) { /* Free up the old value, if we have one */ string_fvalue_free(fv); fv->value.string = g_strdup(s); return TRUE; } static gboolean val_from_unparsed(fvalue_t *fv, const char *s, gboolean allow_partial_value _U_, gchar **err_msg) { fvalue_t *fv_bytes; /* Free up the old value, if we have one */ string_fvalue_free(fv); /* Does this look like a byte-string? */ fv_bytes = fvalue_from_unparsed(FT_BYTES, s, TRUE, NULL); if (fv_bytes) { /* Copy the bytes over to a string and terminate it * with a NUL. XXX - what if the user embeds a NUL * in the middle of the byte string? */ int num_bytes = fv_bytes->value.bytes->len; fv->value.string = (gchar *)g_malloc(num_bytes + 1); memcpy(fv->value.string, fv_bytes->value.bytes->data, num_bytes); fv->value.string[num_bytes] = '\0'; FVALUE_FREE(fv_bytes); return TRUE; } /* Just turn it into a string */ return val_from_string(fv, s, err_msg); } static guint len(fvalue_t *fv) { return (guint)strlen(fv->value.string); } static void slice(fvalue_t *fv, GByteArray *bytes, guint offset, guint length) { guint8* data; data = fv->value.ustring + offset; g_byte_array_append(bytes, data, length); } static gboolean cmp_eq(const fvalue_t *a, const fvalue_t *b) { return (strcmp(a->value.string, b->value.string) == 0); } static gboolean cmp_ne(const fvalue_t *a, const fvalue_t *b) { return (strcmp(a->value.string, b->value.string) != 0); } static gboolean cmp_gt(const fvalue_t *a, const fvalue_t *b) { return (strcmp(a->value.string, b->value.string) > 0); } static gboolean cmp_ge(const fvalue_t *a, const fvalue_t *b) { return (strcmp(a->value.string, b->value.string) >= 0); } static gboolean cmp_lt(const fvalue_t *a, const fvalue_t *b) { return (strcmp(a->value.string, b->value.string) < 0); } static gboolean cmp_le(const fvalue_t *a, const fvalue_t *b) { return (strcmp(a->value.string, b->value.string) <= 0); } static gboolean cmp_contains(const fvalue_t *fv_a, const fvalue_t *fv_b) { /* According to * http://www.introl.com/introl-demo/Libraries/C/ANSI_C/string/strstr.html * strstr() returns a non-NULL value if needle is an empty * string. We don't that behavior for cmp_contains. */ if (strlen(fv_b->value.string) == 0) { return FALSE; } if (strstr(fv_a->value.string, fv_b->value.string)) { return TRUE; } else { return FALSE; } } static gboolean cmp_matches(const fvalue_t *fv_a, const fvalue_t *fv_b) { char *str = fv_a->value.string; GRegex *regex = fv_b->value.re; /* fv_b is always a FT_PCRE, otherwise the dfilter semcheck() would have * warned us. For the same reason (and because we're using g_malloc()), * fv_b->value.re is not NULL. */ if (strcmp(fv_b->ftype->name, "FT_PCRE") != 0) { return FALSE; } if (! regex) { return FALSE; } return g_regex_match_full( regex, /* Compiled PCRE */ str, /* The data to check for the pattern... */ (int)strlen(str), /* ... and its length */ 0, /* Start offset within data */ (GRegexMatchFlags)0, /* GRegexMatchFlags */ NULL, /* We are not interested in the match information */ NULL /* We don't want error information */ ); } void ftype_register_string(void) { static ftype_t string_type = { FT_STRING, /* ftype */ "FT_STRING", /* name */ "Character string", /* pretty_name */ 0, /* wire_size */ string_fvalue_new, /* new_value */ string_fvalue_free, /* free_value */ val_from_unparsed, /* val_from_unparsed */ val_from_string, /* val_from_string */ string_to_repr, /* val_to_string_repr */ string_repr_len, /* len_string_repr */ NULL, /* set_value_byte_array */ NULL, /* set_value_bytes */ NULL, /* set_value_guid */ NULL, /* set_value_time */ string_fvalue_set_string, /* set_value_string */ NULL, /* set_value_protocol */ NULL, /* set_value_uinteger */ NULL, /* set_value_sinteger */ NULL, /* set_value_uinteger64 */ NULL, /* set_value_sinteger64 */ NULL, /* set_value_floating */ value_get, /* get_value */ NULL, /* get_value_uinteger */ NULL, /* get_value_sinteger */ NULL, /* get_value_uinteger64 */ NULL, /* get_value_sinteger64 */ NULL, /* get_value_floating */ cmp_eq, cmp_ne, cmp_gt, cmp_ge, cmp_lt, cmp_le, NULL, /* cmp_bitwise_and */ cmp_contains, CMP_MATCHES, len, slice, }; static ftype_t stringz_type = { FT_STRINGZ, /* ftype */ "FT_STRINGZ", /* name */ "Character string", /* pretty name */ 0, /* wire_size */ string_fvalue_new, /* new_value */ string_fvalue_free, /* free_value */ val_from_unparsed, /* val_from_unparsed */ val_from_string, /* val_from_string */ string_to_repr, /* val_to_string_repr */ string_repr_len, /* len_string_repr */ NULL, /* set_value_byte_array */ NULL, /* set_value_bytes */ NULL, /* set_value_guid */ NULL, /* set_value_time */ string_fvalue_set_string, /* set_value_string */ NULL, /* set_value_protocol */ NULL, /* set_value_uinteger */ NULL, /* set_value_sinteger */ NULL, /* set_value_uinteger64 */ NULL, /* set_value_sinteger64 */ NULL, /* set_value_floating */ value_get, /* get_value */ NULL, /* get_value_uinteger */ NULL, /* get_value_sinteger */ NULL, /* get_value_uinteger64 */ NULL, /* get_value_sinteger64 */ NULL, /* get_value_floating */ cmp_eq, cmp_ne, cmp_gt, cmp_ge, cmp_lt, cmp_le, NULL, /* cmp_bitwise_and */ cmp_contains, /* cmp_contains */ CMP_MATCHES, len, slice, }; static ftype_t uint_string_type = { FT_UINT_STRING, /* ftype */ "FT_UINT_STRING", /* name */ "Character string", /* pretty_name */ 0, /* wire_size */ string_fvalue_new, /* new_value */ string_fvalue_free, /* free_value */ val_from_unparsed, /* val_from_unparsed */ val_from_string, /* val_from_string */ string_to_repr, /* val_to_string_repr */ string_repr_len, /* len_string_repr */ NULL, /* set_value_byte_array */ NULL, /* set_value_bytes */ NULL, /* set_value_guid */ NULL, /* set_value_time */ string_fvalue_set_string, /* set_value_string */ NULL, /* set_value_protocol */ NULL, /* set_value_uinteger */ NULL, /* set_value_sinteger */ NULL, /* set_value_uinteger64 */ NULL, /* set_value_sinteger64 */ NULL, /* set_value_floating */ value_get, /* get_value */ NULL, /* get_value_uinteger */ NULL, /* get_value_sinteger */ NULL, /* get_value_uinteger64 */ NULL, /* get_value_sinteger64 */ NULL, /* get_value_floating */ cmp_eq, cmp_ne, cmp_gt, cmp_ge, cmp_lt, cmp_le, NULL, /* cmp_bitwise_and */ cmp_contains, /* cmp_contains */ CMP_MATCHES, len, slice, }; static ftype_t stringzpad_type = { FT_STRINGZPAD, /* ftype */ "FT_STRINGZPAD", /* name */ "Character string", /* pretty name */ 0, /* wire_size */ string_fvalue_new, /* new_value */ string_fvalue_free, /* free_value */ val_from_unparsed, /* val_from_unparsed */ val_from_string, /* val_from_string */ string_to_repr, /* val_to_string_repr */ string_repr_len, /* len_string_repr */ NULL, /* set_value_byte_array */ NULL, /* set_value_bytes */ NULL, /* set_value_guid */ NULL, /* set_value_time */ string_fvalue_set_string, /* set_value_string */ NULL, /* set_value_protocol */ NULL, /* set_value_uinteger */ NULL, /* set_value_sinteger */ NULL, /* set_value_uinteger64 */ NULL, /* set_value_sinteger64 */ NULL, /* set_value_floating */ value_get, /* get_value */ NULL, /* get_value_uinteger */ NULL, /* get_value_sinteger */ NULL, /* get_value_uinteger64 */ NULL, /* get_value_sinteger64 */ NULL, /* get_value_floating */ cmp_eq, cmp_ne, cmp_gt, cmp_ge, cmp_lt, cmp_le, NULL, /* cmp_bitwise_and */ cmp_contains, /* cmp_contains */ CMP_MATCHES, len, slice, }; ftype_register(FT_STRING, &string_type); ftype_register(FT_STRINGZ, &stringz_type); ftype_register(FT_UINT_STRING, &uint_string_type); ftype_register(FT_STRINGZPAD, &stringzpad_type); } /* * Editor modelines - http://www.wireshark.org/tools/modelines.html * * Local variables: * c-basic-offset: 8 * tab-width: 8 * indent-tabs-mode: t * End: * * vi: set shiftwidth=8 tabstop=8 noexpandtab: * :indentSize=8:tabSize=8:noTabs=false: */