-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathbasic-dissect.h
164 lines (130 loc) · 4.78 KB
/
basic-dissect.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
/*
* This file is part of FAST Wireshark.
*
* FAST Wireshark is free software: you can redistribute it and/or modify
* it under the terms of the Lesser GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* FAST Wireshark is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* Lesser GNU General Public License for more details.
*
* You should have received a copy of the Lesser GNU General Public License
* along with FAST Wireshark. If not, see
* <http://www.gnu.org/licenses/lgpl.txt>.
*/
/*!
* \file basic-dissect.h
* \brief Primitive readers for the byte stream
* Basically these are helper functions for dissect.c functions.
* While dissect.c does the logic dissection, these functions
* deal with actually dissecting the data within the messages.
*/
#ifndef BASIC_DISSECT_H_INCLUDED_
#define BASIC_DISSECT_H_INCLUDED_
#include "basic-field.h"
/*! \brief The sign bit for a 5 byte encoded Int32 */
#define Int32SignBit 0x08
/*! \brief The sign bit for a 10 byte encoded Int64 */
#define Int64SignBit 0x01
/*! \brief The extra bits after the sign bit for an Int32 comprised of 5 bytes */
#define Int32ExtraBits 0x70
/*! \brief The extra bits after the sign bit for an Int64 comprised of 10 bytes */
#define Int64ExtraBits 0x7E
/*! \brief The maximum number of stop bit encoded bytes an Int32 can occupy */
#define Int32MaxBytes 5
/*! \brief The maximum number of stop bit encoded bytes an Int64 can occupy */
#define Int64MaxBytes 10
/*! \brief The different states a value can have throughout the application.
*/
enum field_status_enum
{
FieldExists,
FieldEmpty,
FieldUndefined,
FieldError
};
typedef enum field_status_enum FieldStatus;
/*! \brief Identify the position of this field in the stream.
*/
struct field_data_struct
{
guint start;
guint nbytes;
FieldStatus status;
FieldValue value;
};
typedef struct field_data_struct FieldData;
/*! \brief Hold current dissection state/position. */
struct dissect_position_struct
{
guint offjmp; /* Number of bytes to the next offset. */
guint offset; /* Current offset in the byte array. */
guint nbytes;
const guint8* bytes;
guint pmap_len;
guint pmap_idx;
gboolean* pmap;
};
typedef struct dissect_position_struct DissectPosition;
/*! \brief Throw a dynamic error
* \param err_no the dynamic error code
* \param fdata the field data
*/
void err_d(guint8 err_no, FieldData* fdata);
/*! \brief Shift the byte position of a dissection.
* \sa ShiftBuffer
*/
void ShiftBytes(DissectPosition* position);
/*! \brief Claim and retrieve a bit in the PMAP.
* \param position The dissector's current position.
* \return TRUE or FALSE depending on the PMAP bit value.
*/
gboolean dissect_shift_pmap (DissectPosition* position);
/*! \brief Retrieve a bit in the PMAP.
* \param position The dissector's current position.
* \return TRUE or FALSE depending on the PMAP bit value.
*/
gboolean dissect_peek_pmap (DissectPosition* position);
/*! \brief Detect and skip null values.
* \param position The dissector's currect position.
* \return TRUE if a null value was detected and skipped.
*/
gboolean dissect_shift_null (DissectPosition* position);
/*! \brief Copy current position to a nested one (with a new pmap).
*
* Both arguments may be the same.
*
* \param parent_position Position in the packet.
* \param position Return value. Moved position with a new pmap.
*/
void basic_dissect_pmap (const DissectPosition* parent_position,
DissectPosition* position);
/*! \brief Given a byte stream, dissect an unsigned 32bit integer.
* \param position Position in the packet.
* \param dnode Dissect tree node.
*/
void basic_dissect_uint32 (DissectPosition* position, FieldData* fdata);
/*! \brief Given a byte stream, dissect an unsigned 64bit integer.
* \param position Position in the packet.
* \param fdata Result data.
*/
void basic_dissect_uint64 (DissectPosition* position, FieldData* fdata);
/*! \brief Given a byte stream, dissect a signed 32bit integer.
* \param position Position in the packet.
* \param fdata Result data.
*/
void basic_dissect_int32 (DissectPosition* position, FieldData* fdata);
/*! \brief Given a byte stream, dissect a signed 64bit integer.
* \param position Position in the packet.
* \param fdata Result data.
*/
void basic_dissect_int64 (DissectPosition* position, FieldData* fdata);
/*! \brief Given a byte stream, dissect an ASCII string.
* \param position Position in the packet.
* \param fdata Result data.
*/
void basic_dissect_ascii_string (DissectPosition* position, FieldData* fdata);
#endif