1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
|
/** @file
*
* Wireshark - Network traffic analyzer
* By Gerald Combs <gerald@wireshark.org>
* Copyright 2001 Gerald Combs
*
* SPDX-License-Identifier: GPL-2.0-or-later
*/
#ifndef DFILTER_H
#define DFILTER_H
#include <wireshark.h>
#include "dfilter-loc.h"
#include <epan/proto.h>
/* Passed back to user */
typedef struct epan_dfilter dfilter_t;
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
struct epan_dissect;
#define DF_ERROR_GENERIC -1
#define DF_ERROR_UNEXPECTED_END -2
typedef struct {
int code;
char *msg;
df_loc_t loc;
} df_error_t;
df_error_t *
df_error_new(int code, char *msg, df_loc_t *loc);
df_error_t *
df_error_new_printf(int code, df_loc_t *loc, const char *fmt, ...)
G_GNUC_PRINTF(3, 4);
#define df_error_new_msg(msg) \
df_error_new_printf(DF_ERROR_GENERIC, NULL, "%s", msg)
df_error_t *
df_error_new_vprintf(int code, df_loc_t *loc, const char *fmt, va_list ap);
WS_DLL_PUBLIC
void
df_error_free(df_error_t **ep);
/* Module-level initialization */
void
dfilter_init(void);
/* Module-level cleanup */
void
dfilter_cleanup(void);
/* Perform macro expansion. */
WS_DLL_PUBLIC
char *
dfilter_expand(const char *expr, df_error_t **err_ret);
/* Save textual representation of syntax tree (for debugging purposes). */
#define DF_SAVE_TREE (1U << 0)
/* Perform macro substitution on filter text. */
#define DF_EXPAND_MACROS (1U << 1)
/* Do an optimization pass on the compiled filter. */
#define DF_OPTIMIZE (1U << 2)
/* Enable debug trace for flex. */
#define DF_DEBUG_FLEX (1U << 3)
/* Enable debug trace for lemon. */
#define DF_DEBUG_LEMON (1U << 4)
/* Compiles a string to a dfilter_t.
* On success, sets the dfilter* pointed to by dfp
* to either a NULL pointer (if the filter is a null
* filter, as generated by an all-blank string) or to
* a pointer to the newly-allocated dfilter_t
* structure.
*
* On failure, *err_msg is set to point to the error
* message. This error message is allocated with
* g_malloc(), and must be freed with g_free().
* The dfilter* will be set to NULL after a failure.
*
* Returns true on success, false on failure.
*/
WS_DLL_PUBLIC
bool
dfilter_compile_full(const char *text, dfilter_t **dfp,
df_error_t **errpp, unsigned flags,
const char *caller);
#define dfilter_compile(text, dfp, errp) \
dfilter_compile_full(text, dfp, errp, \
DF_EXPAND_MACROS|DF_OPTIMIZE, \
__func__)
/* Frees all memory used by dfilter, and frees
* the dfilter itself. */
WS_DLL_PUBLIC
void
dfilter_free(dfilter_t *df);
/* Apply compiled dfilter */
WS_DLL_PUBLIC
bool
dfilter_apply_edt(dfilter_t *df, struct epan_dissect *edt);
/* Apply compiled dfilter */
bool
dfilter_apply(dfilter_t *df, proto_tree *tree);
/* Prime a proto_tree using the fields/protocols used in a dfilter. */
void
dfilter_prime_proto_tree(const dfilter_t *df, proto_tree *tree);
/* Refresh references in a compiled display filter. */
WS_DLL_PUBLIC
void
dfilter_load_field_references(const dfilter_t *df, proto_tree *tree);
/* Refresh references in a compiled display filter. */
WS_DLL_PUBLIC
void
dfilter_load_field_references_edt(const dfilter_t *df, struct epan_dissect *edt);
/* Check if dfilter has interesting fields */
bool
dfilter_has_interesting_fields(const dfilter_t *df);
/* Check if dfilter is interested in a given field
*
* @param df The dfilter
* @param hfid The header field info ID to check
* @return true if the field is interesting to the dfilter
*/
bool
dfilter_interested_in_field(const dfilter_t *df, int hfid);
/* Check if dfilter is interested in a given protocol
*
* @param df The dfilter
* @param proto_id The protocol ID to check
* @return true if the dfilter is interested in a field whose
* parent is proto_id
*/
bool
dfilter_interested_in_proto(const dfilter_t *df, int proto_id);
WS_DLL_PUBLIC
bool
dfilter_requires_columns(const dfilter_t *df);
WS_DLL_PUBLIC
GPtrArray *
dfilter_deprecated_tokens(dfilter_t *df);
WS_DLL_PUBLIC
GSList *
dfilter_get_warnings(dfilter_t *df);
#define DF_DUMP_REFERENCES (1U << 0)
#define DF_DUMP_SHOW_FTYPE (1U << 1)
/* Print bytecode of dfilter to fp */
WS_DLL_PUBLIC
void
dfilter_dump(FILE *fp, dfilter_t *df, uint16_t flags);
/* Text after macro expansion. */
WS_DLL_PUBLIC
const char *
dfilter_text(dfilter_t *df);
/* Text representation of syntax tree (if it was saved, NULL oterwise). */
WS_DLL_PUBLIC
const char *
dfilter_syntax_tree(dfilter_t *df);
/* Print bytecode of dfilter to log */
WS_DLL_PUBLIC
void
dfilter_log_full(const char *domain, enum ws_log_level level,
const char *file, long line, const char *func,
dfilter_t *dfcode, const char *msg);
#ifdef WS_DEBUG
#define dfilter_log(dfcode, msg) \
dfilter_log_full(LOG_DOMAIN_DFILTER, LOG_LEVEL_NOISY, \
__FILE__, __LINE__, __func__, \
dfcode, msg)
#else
#define dfilter_log(dfcode, msg) (void)0
#endif
#define DFILTER_DEBUG_HERE(dfcode) \
dfilter_log_full(LOG_DOMAIN_DFILTER, LOG_LEVEL_ECHO, \
__FILE__, __LINE__, __func__, \
dfcode, #dfcode);
#ifdef __cplusplus
}
#endif /* __cplusplus */
#endif /* DFILTER_H */
|
