diff options
| author | Gilbert Ramirez <gram@alumni.rice.edu> | 1999-10-12 04:21:13 +0000 |
|---|---|---|
| committer | Gilbert Ramirez <gram@alumni.rice.edu> | 1999-10-12 04:21:13 +0000 |
| commit | 1efcb7b2cfc60043e672d5cc4c78aabbe50f5416 (patch) | |
| tree | 8cd2fc805be40ddf06f39ad6ccdfb858df0be348 /proto.c | |
| parent | 0faf7339147a90ae176d10932e14b4170241734a (diff) | |
Re-implemented fix to keep display filter from reading data from outside
the packet boundary. Now the field boundary is honored. The frame boundary
is ignored, but of course we put proper field lengths in the proto_tree,
right? :)
Implemented negative offsets in byte-strings:
frame[-4:4] will read the last 4 bytes of a frame.
Implemented "offset-only" byte-string comparisons, since the dfilter
compiler knows the length of the byte-string you supplied. These are
now legal:
frame[-4] == 0.0.0.1
tr.dst[0] == 00:06:29
Implemented the use of integers if you're comparing one byte. These are
legal:
llc[0] == 0xaa
llc[0:1] == 0xaa
All these forms check against the length of the field, so these will be
reported as bad to the user:
eth.src[5] == 00:06:29 (goes beyond field boundary)
eth.dst == 1.2.3.4.5.6.7 (too long, goes beyond field boundary)
Thes is also reported as bad:
eth.dst[0:3] == 1.2 (incorrect number of bytes specified)
eth.dst[0:1] == eth.src[0:2] (disparate lengths)
I had to add a new function, proto_registrar_get_length() in proto.c, which
reports the length of a field as can be determined at registration time.
There are some shift/reduce errors in the grammar that I need to get rid of.
svn path=/trunk/; revision=811
Diffstat (limited to 'proto.c')
| -rw-r--r-- | proto.c | 55 |
1 files changed, 54 insertions, 1 deletions
@@ -1,7 +1,7 @@ /* proto.c * Routines for protocol tree * - * $Id: proto.c,v 1.33 1999/10/11 17:02:06 deniel Exp $ + * $Id: proto.c,v 1.34 1999/10/12 04:21:12 gram Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@zing.org> @@ -725,6 +725,59 @@ proto_registrar_is_protocol(int n) return FALSE; } +/* Returns length of field. + * 0 means undeterminable at time of registration + * -1 means the field is not registered. */ +gint +proto_registrar_get_length(int n) +{ + struct header_field_info *hfinfo; + + hfinfo = find_hfinfo_record(n); + if (!hfinfo) + return -1; + + switch (hfinfo->type) { + case FT_TEXT_ONLY: /* not filterable */ + case NUM_FIELD_TYPES: /* satisfy picky compilers */ + return -1; + + case FT_NONE: + case FT_BYTES: + case FT_BOOLEAN: + case FT_STRING: + case FT_DOUBLE: + case FT_ABSOLUTE_TIME: + case FT_RELATIVE_TIME: + return 0; + + case FT_UINT8: + case FT_VALS_UINT8: + return 1; + + case FT_UINT16: + case FT_VALS_UINT16: + return 2; + + case FT_VALS_UINT24: + return 3; + + case FT_UINT32: + case FT_VALS_UINT32: + case FT_IPXNET: + case FT_IPv4: + return 4; + + case FT_ETHER: + return 6; + + case FT_IPv6: + return 128; + } + g_assert_not_reached(); + return -1; +} + /* Looks for a protocol or a field in a proto_tree. Returns TRUE if * it exists anywhere, or FALSE if it exists nowhere. */ gboolean |