diff options
author | João Valverde <j@v6e.pt> | 2021-10-14 14:17:41 +0100 |
---|---|---|
committer | João Valverde <j@v6e.pt> | 2021-10-15 13:06:51 +0100 |
commit | 144dc1e2eefbb3e19b78ccb4a8c2c57bba9c212b (patch) | |
tree | 0a4895fea67ffbf3654c227722265e9f5cba2aea | |
parent | e46deda5cf0b70695d8bc5ac5c7365b20302ae7e (diff) |
dfilter: Use the same semantic rules for protocols and bytes
FT_PROTOCOL and FT_BYTES are the same semantic type, but one is
backed by a GByteArray and the other by a TVBuff. Use the same
semantic rules to parse both. In particular unparsed strings
are not converted to literal strings for protocols.
Before:
Filter: frame contains 0x0000
Constants:
00000 PUT_FVALUE 30:78:30:30:30:30 <FT_PROTOCOL> -> reg#1
Instructions:
00000 READ_TREE frame -> reg#0
00001 IF-FALSE-GOTO 3
00002 ANY_CONTAINS reg#0 contains reg#1
00003 RETURN
Filter: frame[5:] contains 0x0000
dftest: "0x0000" is not a valid byte string.
After:
Filter: frame contains 0x0000
dftest: "0x0000" is not a valid byte string.
Filter: frame[5:] contains 0x0000
dftest: "0x0000" is not a valid byte string.
Related to #17634.
-rw-r--r-- | docbook/release-notes.adoc | 4 | ||||
-rw-r--r-- | epan/ftypes/ftype-bytes.c | 18 | ||||
-rw-r--r-- | epan/ftypes/ftype-protocol.c | 10 | ||||
-rw-r--r-- | epan/ftypes/ftypes-int.h | 4 | ||||
-rw-r--r-- | test/suite_dfilter/group_tvb.py | 7 |
5 files changed, 33 insertions, 10 deletions
diff --git a/docbook/release-notes.adoc b/docbook/release-notes.adoc index 3b930f447f..00ec34b527 100644 --- a/docbook/release-notes.adoc +++ b/docbook/release-notes.adoc @@ -103,6 +103,10 @@ The following features are new (or have been significantly updated) since versio * Reload Lua plugins has been improved to properly support FileHandler. +* Display filter syntax: +** Protocols always parse unquoted strings as byte values. Before an expression such as "tcp contains ff.fg" would look for the string "ff.fg" if it does not + match a valid byte array specification. Now this is a syntax error. Use double-quotes to match literal strings. + // === Removed Features and Support // === Removed Dissectors diff --git a/epan/ftypes/ftype-bytes.c b/epan/ftypes/ftype-bytes.c index daeb74a826..5eed4868a2 100644 --- a/epan/ftypes/ftype-bytes.c +++ b/epan/ftypes/ftype-bytes.c @@ -233,8 +233,8 @@ bytes_from_string(fvalue_t *fv, const char *s, gchar **err_msg _U_) return TRUE; } -static gboolean -bytes_from_unparsed(fvalue_t *fv, const char *s, gboolean allow_partial_value _U_, gchar **err_msg) +GByteArray * +byte_array_from_unparsed(const char *s, gchar **err_msg) { GByteArray *bytes; gboolean res; @@ -256,9 +256,21 @@ bytes_from_unparsed(fvalue_t *fv, const char *s, gboolean allow_partial_value _U if (err_msg != NULL) *err_msg = g_strdup_printf("\"%s\" is not a valid byte string.", s); g_byte_array_free(bytes, TRUE); - return FALSE; + return NULL; } + return bytes; +} + +static gboolean +bytes_from_unparsed(fvalue_t *fv, const char *s, gboolean allow_partial_value _U_, gchar **err_msg) +{ + GByteArray *bytes; + + bytes = byte_array_from_unparsed(s, err_msg); + if (bytes == NULL) + return FALSE; + /* Free up the old value, if we have one */ bytes_fvalue_free(fv); diff --git a/epan/ftypes/ftype-protocol.c b/epan/ftypes/ftype-protocol.c index 7a65b61d77..98d38dcc7d 100644 --- a/epan/ftypes/ftype-protocol.c +++ b/epan/ftypes/ftype-protocol.c @@ -80,6 +80,7 @@ val_from_string(fvalue_t *fv, const char *s, gchar **err_msg _U_) static gboolean val_from_unparsed(fvalue_t *fv, const char *s, gboolean allow_partial_value _U_, gchar **err_msg) { + GByteArray *bytes; tvbuff_t *new_tvb; /* Free up the old value, if we have one */ @@ -88,8 +89,8 @@ val_from_unparsed(fvalue_t *fv, const char *s, gboolean allow_partial_value _U_, fv->value.protocol.proto_string = NULL; /* Does this look like a byte string? */ - GByteArray *bytes = g_byte_array_new(); - if (hex_str_to_bytes(s, bytes, TRUE)) { + bytes = byte_array_from_unparsed(s, err_msg); + if (bytes != NULL) { /* Make a tvbuff from the bytes */ new_tvb = tvb_new_real_data(bytes->data, bytes->len, bytes->len); @@ -111,10 +112,7 @@ val_from_unparsed(fvalue_t *fv, const char *s, gboolean allow_partial_value _U_, } /* Not a byte array, forget about it. */ - g_byte_array_free(bytes, TRUE); - - /* Treat it as a string. */ - return val_from_string(fv, s, err_msg); + return FALSE; } static int diff --git a/epan/ftypes/ftypes-int.h b/epan/ftypes/ftypes-int.h index 6b1300e53f..704b5d55cc 100644 --- a/epan/ftypes/ftypes-int.h +++ b/epan/ftypes/ftypes-int.h @@ -132,7 +132,9 @@ struct _ftype_t { g_slice_free(fvalue_t, fv); \ } -#endif +GByteArray *byte_array_from_unparsed(const char *s, gchar **err_msg); + +#endif /* FTYPES_INT_H */ /* * Editor modelines - https://www.wireshark.org/tools/modelines.html diff --git a/test/suite_dfilter/group_tvb.py b/test/suite_dfilter/group_tvb.py index 57fcfdb5a7..4070a8d5b3 100644 --- a/test/suite_dfilter/group_tvb.py +++ b/test/suite_dfilter/group_tvb.py @@ -63,4 +63,11 @@ class case_tvb(unittest.TestCase): dfilter = 'http contains "HEAD"' checkDFilterCount(dfilter, 1) + def test_protocol_1(self, checkDFilterSucceed): + dfilter = 'frame contains aa.bb.ff' + checkDFilterSucceed(dfilter) + + def test_protocol_1(self, checkDFilterFail): + dfilter = 'frame contains aa.bb.hh' + checkDFilterFail(dfilter, '"aa.bb.hh" is not a valid byte string.') |