docs/wsar_html.zip:wsar_html/dfilter_8h_source.html

#ifndef DFILTER_H

#define DFILTER_H


#include <wireshark.h>


#include "dfilter-loc.h"

#include <epan/proto.h>


/* Passed back to user */

typedef struct epan_dfilter dfilter_t;


#ifdef __cplusplus

extern "C" {

#endif /* __cplusplus */


struct epan_dissect;


#define DF_ERROR_GENERIC        -1

#define DF_ERROR_UNEXPECTED_END     -2


typedef struct {

    int      code;

    char*    msg;

    df_loc_t loc;

} df_error_t;


df_error_t *

df_error_new(int code, char *msg, df_loc_t *loc);


df_error_t *

df_error_new_printf(int code, df_loc_t *loc, const char *fmt, ...)

G_GNUC_PRINTF(3, 4);


#define df_error_new_msg(msg) \

    df_error_new_printf(DF_ERROR_GENERIC, NULL, "%s", msg)


df_error_t *

df_error_new_vprintf(int code, df_loc_t *loc, const char *fmt, va_list ap);


WS_DLL_PUBLIC

void

df_error_free(df_error_t **ep);


/* Module-level initialization */


void

dfilter_init(const char* app_env_var_prefix);


/* Module-level cleanup */

void

 dfilter_cleanup(void);


/* Perform macro expansion. */

WS_DLL_PUBLIC

char *

dfilter_expand(const char *expr, df_error_t **err_ret);


/* Save textual representation of syntax tree (for debugging purposes). */

#define DF_SAVE_TREE        (1U << 0)

/* Perform macro substitution on filter text. */

#define DF_EXPAND_MACROS    (1U << 1)

/* Do an optimization pass on the compiled filter. */

#define DF_OPTIMIZE     (1U << 2)

/* Enable debug trace for flex. */

#define DF_DEBUG_FLEX       (1U << 3)

/* Enable debug trace for lemon. */

#define DF_DEBUG_LEMON      (1U << 4)

/* If the root of the syntax tree is a field, load and return the field values.

 * By default the field is only checked for existence. */

#define DF_RETURN_VALUES        (1U << 5)


WS_DLL_PUBLIC

bool

dfilter_compile_full(const char *text, dfilter_t **dfp,

            df_error_t **errpp, unsigned flags,

            const char *caller);


#define dfilter_compile(text, dfp, errp) \

    dfilter_compile_full(text, dfp, errp, \

                DF_EXPAND_MACROS|DF_OPTIMIZE, \

                __func__)


struct stnode;


WS_DLL_PUBLIC

struct stnode *dfilter_get_syntax_tree(const char *text);


WS_DLL_PUBLIC

void

dfilter_free(dfilter_t *df);


WS_DLL_PUBLIC

bool

dfilter_apply_edt(dfilter_t *df, struct epan_dissect *edt);


bool

dfilter_apply(dfilter_t *df, proto_tree *tree);


bool

dfilter_apply_full(dfilter_t *df, proto_tree *tree, GPtrArray **fvals);


void

dfilter_prime_proto_tree(const dfilter_t *df, proto_tree *tree);


void

dfilter_prime_proto_tree_print(const dfilter_t *df, proto_tree *tree);


WS_DLL_PUBLIC

void

dfilter_load_field_references(const dfilter_t *df, proto_tree *tree);


WS_DLL_PUBLIC

void

dfilter_load_field_references_edt(const dfilter_t *df, struct epan_dissect *edt);


bool

dfilter_has_interesting_fields(const dfilter_t *df);


bool

dfilter_interested_in_field(const dfilter_t *df, int hfid);


bool

dfilter_interested_in_proto(const dfilter_t *df, int proto_id);


WS_DLL_PUBLIC

bool

dfilter_requires_columns(const dfilter_t *df);


WS_DLL_PUBLIC

GPtrArray *

dfilter_deprecated_tokens(dfilter_t *df);


WS_DLL_PUBLIC

GSList *

dfilter_get_warnings(dfilter_t *df);


#define DF_DUMP_REFERENCES  (1U << 0)

#define DF_DUMP_SHOW_FTYPE  (1U << 1)


/* Print bytecode of dfilter to fp */

WS_DLL_PUBLIC

void

dfilter_dump(FILE *fp, dfilter_t *df, uint16_t flags);


/* Text after macro expansion. */

WS_DLL_PUBLIC

const char *

dfilter_text(dfilter_t *df);


WS_DLL_PUBLIC

const char *

dfilter_syntax_tree(dfilter_t *df);


WS_DLL_PUBLIC

ftenum_t

dfilter_get_return_type(dfilter_t *df);


/* Print bytecode of dfilter to log */

WS_DLL_PUBLIC

void

dfilter_log_full(const char *domain, enum ws_log_level level,

            const char *file, long line, const char *func,

            dfilter_t *dfcode, const char *msg);


#ifdef WS_DEBUG

#define dfilter_log(dfcode, msg) \

    dfilter_log_full(LOG_DOMAIN_DFILTER, LOG_LEVEL_NOISY,   \

                __FILE__, __LINE__, __func__,   \

                dfcode, msg)

#else

#define dfilter_log(dfcode, msg) (void)0

#endif


#define DFILTER_DEBUG_HERE(dfcode) \

    dfilter_log_full(LOG_DOMAIN_DFILTER, LOG_LEVEL_ECHO,    \

                __FILE__, __LINE__, __func__,   \

                dfcode, #dfcode);


#ifdef __cplusplus

}

#endif /* __cplusplus */


#endif /* DFILTER_H */

dfilter-loc.h

dfilter_has_interesting_fields
bool dfilter_has_interesting_fields(const dfilter_t *df)
Check if a display filter has any interesting fields.
Definition dfilter.c:729

df_error_new_printf
df_error_t * df_error_new_printf(int code, df_loc_t *loc, const char *fmt,...)
Create a new error with formatted message.
Definition dfilter.c:963

dfilter_requires_columns
WS_DLL_PUBLIC bool dfilter_requires_columns(const dfilter_t *df)
Check if a display filter requires specific columns.
Definition dfilter.c:772

dfilter_deprecated_tokens
WS_DLL_PUBLIC GPtrArray * dfilter_deprecated_tokens(dfilter_t *df)
Get deprecated tokens from a dfilter.
Definition dfilter.c:789

dfilter_interested_in_proto
bool dfilter_interested_in_proto(const dfilter_t *df, int proto_id)
Check if dfilter is interested in a given protocol.
Definition dfilter.c:748

dfilter_init
void dfilter_init(const char *app_env_var_prefix)
Initialize the display filter module.
Definition dfilter.c:105

dfilter_apply
bool dfilter_apply(dfilter_t *df, proto_tree *tree)
Apply a compiled dfilter to a protocol tree.
Definition dfilter.c:693

dfilter_apply_full
bool dfilter_apply_full(dfilter_t *df, proto_tree *tree, GPtrArray **fvals)
Apply a dfilter to a proto_tree and populate fvals.
Definition dfilter.c:705

dfilter_free
WS_DLL_PUBLIC void dfilter_free(dfilter_t *df)
Free a compiled dfilter.
Definition dfilter.c:171

dfilter_load_field_references_edt
WS_DLL_PUBLIC void dfilter_load_field_references_edt(const dfilter_t *df, struct epan_dissect *edt)
Load field references for a display filter into an epan_dissect_t structure.
Definition dfilter.c:901

dfilter_text
WS_DLL_PUBLIC const char * dfilter_text(dfilter_t *df)
Get the text representation of a syntax tree.
Definition dfilter.c:809

df_error_new_vprintf
df_error_t * df_error_new_vprintf(int code, df_loc_t *loc, const char *fmt, va_list ap)
Create a new error with formatted message and location information.
Definition dfilter.c:946

dfilter_prime_proto_tree_print
void dfilter_prime_proto_tree_print(const dfilter_t *df, proto_tree *tree)
Prime a proto_tree using the fields/protocols used in a dfilter, marked for print.
Definition dfilter.c:721

dfilter_load_field_references
WS_DLL_PUBLIC void dfilter_load_field_references(const dfilter_t *df, proto_tree *tree)
Refresh references in a compiled display filter.
Definition dfilter.c:894

dfilter_get_warnings
WS_DLL_PUBLIC GSList * dfilter_get_warnings(dfilter_t *df)
Get warnings associated with a display filter.
Definition dfilter.c:797

dfilter_cleanup
void dfilter_cleanup(void)
Perform module-level cleanup for the dfilter subsystem.
Definition dfilter.c:125

dfilter_apply_edt
WS_DLL_PUBLIC bool dfilter_apply_edt(dfilter_t *df, struct epan_dissect *edt)
Apply a compiled display filter to an epan_dissect structure.
Definition dfilter.c:699

df_error_free
WS_DLL_PUBLIC void df_error_free(df_error_t **ep)
Frees a df_error_t structure.
Definition dfilter.c:973

df_error_new
df_error_t * df_error_new(int code, char *msg, df_loc_t *loc)
Create a new error object with a specific code and message.
Definition dfilter.c:929

dfilter_get_syntax_tree
WS_DLL_PUBLIC struct stnode * dfilter_get_syntax_tree(const char *text)
Build a syntax tree for a filter.
Definition dfilter.c:654

dfilter_syntax_tree
WS_DLL_PUBLIC const char * dfilter_syntax_tree(dfilter_t *df)
Get the syntax tree of a dfilter.
Definition dfilter.c:815

dfilter_interested_in_field
bool dfilter_interested_in_field(const dfilter_t *df, int hfid)
Check if dfilter is interested in a given field.
Definition dfilter.c:735

dfilter_prime_proto_tree
void dfilter_prime_proto_tree(const dfilter_t *df, proto_tree *tree)
Prime a proto_tree using the fields/protocols used in a dfilter.
Definition dfilter.c:711

dfilter_log_full
WS_DLL_PUBLIC void dfilter_log_full(const char *domain, enum ws_log_level level, const char *file, long line, const char *func, dfilter_t *dfcode, const char *msg)
Log a display filter with full details.
Definition dfilter.c:827

dfilter_dump
WS_DLL_PUBLIC void dfilter_dump(FILE *fp, dfilter_t *df, uint16_t flags)
Dump a dfilter to a file.
Definition dfilter.c:803

dfilter_compile_full
WS_DLL_PUBLIC bool dfilter_compile_full(const char *text, dfilter_t **dfp, df_error_t **errpp, unsigned flags, const char *caller)
Compiles a string to a dfilter_t.
Definition dfilter.c:605

dfilter_get_return_type
WS_DLL_PUBLIC ftenum_t dfilter_get_return_type(dfilter_t *df)
Get the return type of a display filter.
Definition dfilter.c:821

ftenum_t
enum ftenum ftenum_t
Convenience typedef for ftenum.
Definition ftypes.h:190

proto.h

_dfilter_loc
Represents a location (column start and length) within a display filter string.
Definition dfilter-loc.h:19

_proto_node
Definition proto.h:909

df_error_t
Represents a display filter error, including an error code, message, and source location.
Definition dfilter.h:33

df_error_t::msg
char * msg
Definition dfilter.h:35

df_error_t::code
int code
Definition dfilter.h:34

df_error_t::loc
df_loc_t loc
Definition dfilter.h:36

epan_dfilter
The compiled display filter object passed back to the user.
Definition dfilter-int.h:46

epan_dissect
Holds all state for the dissection of a single byte array, including session, buffer,...
Definition epan_dissect.h:28

stnode
A single node instance in the display filter syntax tree.
Definition syntax-tree.h:115

stnode::flags
uint16_t flags
Definition syntax-tree.h:122