#include <wsutil/regex.h>
#include "dfilter-int.h"
#include "syntax-tree.h"
#include "drange.h"
#include "dfunctions.h"

Classes
struct	dfvm_value_t
	Represents a typed value used in display filter virtual machine (DFVM) operations. More...

struct	dfvm_insn_t

Macros
#define	ASSERT_DFVM_OP_NOT_REACHED(op) ws_error("Invalid dfvm opcode '%s'.", dfvm_opcode_tostr(op))

#define	dfvm_value_get_fvalue(val) ((val)->value.fvalue_p->pdata[0])

Enumerations
enum	dfvm_value_type_t { EMPTY , FVALUE , HFINFO , RAW_HFINFO , HFINFO_VS , INSN_NUMBER , REGISTER , INTEGER , DRANGE , FUNCTION_DEF , PCRE }

enum	dfvm_opcode_t { DFVM_NULL , DFVM_IF_TRUE_GOTO , DFVM_IF_FALSE_GOTO , DFVM_CHECK_EXISTS , DFVM_CHECK_EXISTS_R , DFVM_NOT , DFVM_RETURN , DFVM_READ_TREE , DFVM_READ_TREE_R , DFVM_READ_REFERENCE , DFVM_READ_REFERENCE_R , DFVM_PUT_FVALUE , DFVM_ALL_EQ , DFVM_ANY_EQ , DFVM_ALL_NE , DFVM_ANY_NE , DFVM_ALL_GT , DFVM_ANY_GT , DFVM_ALL_GE , DFVM_ANY_GE , DFVM_ALL_LT , DFVM_ANY_LT , DFVM_ALL_LE , DFVM_ANY_LE , DFVM_ALL_CONTAINS , DFVM_ANY_CONTAINS , DFVM_ALL_MATCHES , DFVM_ANY_MATCHES , DFVM_SET_ALL_IN , DFVM_SET_ANY_IN , DFVM_SET_ALL_NOT_IN , DFVM_SET_ANY_NOT_IN , DFVM_SET_ADD , DFVM_SET_ADD_RANGE , DFVM_SET_CLEAR , DFVM_SLICE , DFVM_LENGTH , DFVM_BITWISE_AND , DFVM_UNARY_MINUS , DFVM_ADD , DFVM_SUBTRACT , DFVM_MULTIPLY , DFVM_DIVIDE , DFVM_MODULO , DFVM_CALL_FUNCTION , DFVM_STACK_PUSH , DFVM_STACK_POP , DFVM_NOT_ALL_ZERO , DFVM_NO_OP }

Functions
const char *	dfvm_opcode_tostr (dfvm_opcode_t code)
	Converts a DFVM opcode to its string representation.

dfvm_insn_t *	dfvm_insn_new (dfvm_opcode_t op)
	Creates a new DFVM instruction with the specified opcode.

void	dfvm_insn_replace_no_op (dfvm_insn_t *insn)
	Replaces an instruction with a no-op.

void	dfvm_insn_free (dfvm_insn_t *insn)
	Free a DFVM instruction.

dfvm_value_t *	dfvm_value_new (dfvm_value_type_t type)
	Create a new DFVM value.

dfvm_value_t *	dfvm_value_ref (dfvm_value_t *v)
	Increment the reference count of a dfvm_value_t.

void	dfvm_value_unref (dfvm_value_t *v)
	Decrements the reference count of a dfvm_value_t object and frees it if the reference count reaches zero.

dfvm_value_t *	dfvm_value_new_fvalue (fvalue_t *fv)
	Creates a new DFVM value of type FVALUE.

dfvm_value_t *	dfvm_value_new_hfinfo (header_field_info *hfinfo, bool raw, bool val_str)
	Create a new dfvm_value_t with header field information.

dfvm_value_t *	dfvm_value_new_register (int reg)
	Creates a new dfvm_value_t representing a register.

dfvm_value_t *	dfvm_value_new_drange (drange_t *dr)
	Creates a new dfvm_value_t with type DRANGE.

dfvm_value_t *	dfvm_value_new_funcdef (df_func_def_t *funcdef)
	Create a new DFVM value of type FUNCTION_DEF.

dfvm_value_t *	dfvm_value_new_pcre (ws_regex_t *re)
	Creates a new PCRE value.

dfvm_value_t *	dfvm_value_new_uint (unsigned num)
	Create a new DFVM value with an unsigned integer.

void	dfvm_dump (FILE f, dfilter_t df, uint16_t flags)
	Dumps the bytecode of a dfilter_t to a file.

char *	dfvm_dump_str (wmem_allocator_t alloc, dfilter_t df, uint16_t flags)
	Dumps a string representation of a dfilter.

bool	dfvm_apply (dfilter_t df, proto_tree tree)
	Applies a display filter to a protocol tree.

bool	dfvm_apply_full (dfilter_t df, proto_tree tree, GPtrArray **fvals)
	Apply a full Dissector Filter VM (DFVM) to a protocol tree.

fvalue_t *	dfvm_get_raw_fvalue (const field_info *fi)
	Retrieves the raw value of a field as a GByteArray.

Detailed Description

SPDX-License-Identifier: GPL-2.0-or-later

Function Documentation

◆ dfvm_apply()

bool dfvm_apply	(	dfilter_t *	df,
		proto_tree *	tree
	)

Applies a display filter to a protocol tree.

Parameters

df	The display filter to apply.
tree	The protocol tree to which the filter will be applied.

Returns: true if the filter was successfully applied, false otherwise.

◆ dfvm_apply_full()

bool dfvm_apply_full	(	dfilter_t *	df,
		proto_tree *	tree,
		GPtrArray **	fvals
	)

Apply a full Dissector Filter VM (DFVM) to a protocol tree.

This function executes all instructions in the DFVM on the given protocol tree, updating the filter values accordingly.

Parameters

df	The Dissector Filter VM to apply.
tree	The protocol tree to process.
fvals	Pointer to an array of filter values, or NULL if not needed.

◆ dfvm_dump()

void dfvm_dump	(	FILE *	f,
		dfilter_t *	df,
		uint16_t	flags
	)

Dumps the bytecode of a dfilter_t to a file.

Parameters

f	The file pointer where the bytecode will be written.
df	The dfilter_t whose bytecode is to be dumped.
flags	Flags that control the dumping process.

◆ dfvm_dump_str()

char * dfvm_dump_str	(	wmem_allocator_t *	alloc,
		dfilter_t *	df,
		uint16_t	flags
	)

Dumps a string representation of a dfilter.

Parameters

alloc	Memory allocator for the buffer.
df	The dfilter to dump.
flags	Flags controlling what information is included in the dump.

Returns: A wmem_strbuf_t containing the dumped string.

◆ dfvm_get_raw_fvalue()

fvalue_t * dfvm_get_raw_fvalue ( const field_info * fi )

Retrieves the raw value of a field as a GByteArray.

Parameters

fi	Pointer to the field_info structure containing the field information.

Returns: A GByteArray containing the raw value of the field, or NULL if an error occurs.

◆ dfvm_insn_free()

void dfvm_insn_free ( dfvm_insn_t * insn )

Free a DFVM instruction.

This function frees a DFVM instruction and unrefs any arguments it may have.

Parameters

insn	The DFVM instruction to free.

◆ dfvm_insn_new()

dfvm_insn_t * dfvm_insn_new ( dfvm_opcode_t op )

Creates a new DFVM instruction with the specified opcode.

Parameters

op	The operation code for the new instruction.

Returns: A pointer to the newly created dfvm_insn_t structure.

◆ dfvm_insn_replace_no_op()

void dfvm_insn_replace_no_op ( dfvm_insn_t * insn )

Replaces an instruction with a no-op.

This function replaces the given instruction with a no-op (no operation) instruction. It unrefs any arguments associated with the original instruction before setting it to no-op.

Parameters

insn	Pointer to the instruction to be replaced.

◆ dfvm_opcode_tostr()

const char * dfvm_opcode_tostr ( dfvm_opcode_t code )

Converts a DFVM opcode to its string representation.

Parameters

code	The DFVM opcode to convert.

Returns: const char* A string representing the opcode.

◆ dfvm_value_new()

dfvm_value_t * dfvm_value_new ( dfvm_value_type_t type )

Create a new DFVM value.

Parameters

type	The type of the value to create.

Returns: A pointer to the newly created dfvm_value_t.

◆ dfvm_value_new_drange()

dfvm_value_t * dfvm_value_new_drange ( drange_t * dr )

Creates a new dfvm_value_t with type DRANGE.

Parameters

dr	Pointer to the drange_t structure.

Returns: A pointer to the newly created dfvm_value_t.

◆ dfvm_value_new_funcdef()

dfvm_value_t * dfvm_value_new_funcdef ( df_func_def_t * funcdef )

Create a new DFVM value of type FUNCTION_DEF.

Parameters

funcdef Pointer to the function definition.

Returns: dfvm_value_t* Pointer to the newly created DFVM value.

◆ dfvm_value_new_fvalue()

dfvm_value_t * dfvm_value_new_fvalue ( fvalue_t * fv )

Creates a new DFVM value of type FVALUE.

Parameters

fv	Pointer to the fvalue_t structure.

Returns: dfvm_value_t* Pointer to the newly created DFVM value.

◆ dfvm_value_new_hfinfo()

dfvm_value_t * dfvm_value_new_hfinfo	(	header_field_info *	hfinfo,
		bool	raw,
		bool	val_str
	)

Create a new dfvm_value_t with header field information.

Parameters

hfinfo	Pointer to the header field information.
raw	Flag indicating if the value is in raw format.
val_str	Flag indicating if the value is a string.

Returns: dfvm_value_t* Pointer to the newly created dfvm_value_t.

◆ dfvm_value_new_pcre()

dfvm_value_t * dfvm_value_new_pcre ( ws_regex_t * re )

Creates a new PCRE value.

Parameters

re	The PCRE regular expression to be stored in the value.

Returns: A pointer to the newly created PCRE value.

◆ dfvm_value_new_register()

dfvm_value_t * dfvm_value_new_register ( int reg )

Creates a new dfvm_value_t representing a register.

Parameters

reg	The register value to be stored in the dfvm_value_t.

Returns: A pointer to the newly created dfvm_value_t.

◆ dfvm_value_new_uint()

dfvm_value_t * dfvm_value_new_uint ( unsigned num )

Create a new DFVM value with an unsigned integer.

Parameters

num	The unsigned integer value to store in the new DFVM value.

Returns: dfvm_value_t* A pointer to the newly created DFVM value.

◆ dfvm_value_ref()

dfvm_value_t * dfvm_value_ref ( dfvm_value_t * v )

Increment the reference count of a dfvm_value_t.

Parameters

v	Pointer to the dfvm_value_t whose reference count is to be incremented.

Returns: The same pointer to the dfvm_value_t.

◆ dfvm_value_unref()

void dfvm_value_unref ( dfvm_value_t * v )

Decrements the reference count of a dfvm_value_t object and frees it if the reference count reaches zero.

Parameters

v	Pointer to the dfvm_value_t object to be unreferenced.

Classes

Macros

Enumerations

Functions

Detailed Description

Function Documentation

◆ dfvm_apply()

◆ dfvm_apply_full()

◆ dfvm_dump()

◆ dfvm_dump_str()

◆ dfvm_get_raw_fvalue()

◆ dfvm_insn_free()

◆ dfvm_insn_new()

◆ dfvm_insn_replace_no_op()

◆ dfvm_opcode_tostr()

◆ dfvm_value_new()

◆ dfvm_value_new_drange()

◆ dfvm_value_new_funcdef()

◆ dfvm_value_new_fvalue()

◆ dfvm_value_new_hfinfo()

◆ dfvm_value_new_pcre()

◆ dfvm_value_new_register()

◆ dfvm_value_new_uint()

◆ dfvm_value_ref()

◆ dfvm_value_unref()