2 * Copyright (c) 1990, 1991, 1993
3 * The Regents of the University of California. All rights reserved.
5 * This code is derived from the Stanford/CMU enet packet filter,
6 * (net/enet.c) distributed as part of 4.3BSD, and code contributed
7 * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. All advertising materials mentioning features or use of this software
19 * must display the following acknowledgement:
20 * This product includes software developed by the University of
21 * California, Berkeley and its contributors.
22 * 4. Neither the name of the University nor the names of its contributors
23 * may be used to endorse or promote products derived from this software
24 * without specific prior written permission.
26 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
29 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
38 * @(#)bpf_filter.c 8.1 (Berkeley) 6/10/93
40 * $FreeBSD: src/sys/net/bpf_filter.c,v 1.17 1999/12/29 04:38:31 peter Exp $
41 * $DragonFly: src/sys/net/bpf_filter.c,v 1.10 2008/01/02 12:30:34 sephe Exp $
44 #include <sys/systm.h>
45 #include <sys/param.h>
47 #if defined(sparc) || defined(mips) || defined(ibm032)
52 #define EXTRACT_SHORT(p) ((u_int16_t)ntohs(*(u_int16_t *)p))
53 #define EXTRACT_LONG(p) (ntohl(*(u_int32_t *)p))
55 #define EXTRACT_SHORT(p)\
57 ((u_int16_t)*((u_char *)p+0)<<8|\
58 (u_int16_t)*((u_char *)p+1)<<0))
59 #define EXTRACT_LONG(p)\
60 ((u_int32_t)*((u_char *)p+0)<<24|\
61 (u_int32_t)*((u_char *)p+1)<<16|\
62 (u_int32_t)*((u_char *)p+2)<<8|\
63 (u_int32_t)*((u_char *)p+3)<<0)
71 #define MINDEX(m, k) \
84 extern int bpf_maxbufsize;
86 static u_int16_t m_xhalf (struct mbuf *m, bpf_u_int32 k, int *err);
87 static u_int32_t m_xword (struct mbuf *m, bpf_u_int32 k, int *err);
90 m_xword(struct mbuf *m, bpf_u_int32 k, int *err)
104 cp = mtod(m, u_char *) + k;
107 return EXTRACT_LONG(cp);
110 if (m0 == 0 || m0->m_len + len - k < 4)
113 np = mtod(m0, u_char *);
118 ((u_int32_t)cp[0] << 24) |
119 ((u_int32_t)np[0] << 16) |
120 ((u_int32_t)np[1] << 8) |
125 ((u_int32_t)cp[0] << 24) |
126 ((u_int32_t)cp[1] << 16) |
127 ((u_int32_t)np[0] << 8) |
132 ((u_int32_t)cp[0] << 24) |
133 ((u_int32_t)cp[1] << 16) |
134 ((u_int32_t)cp[2] << 8) |
143 m_xhalf(struct mbuf *m, bpf_u_int32 k, int *err)
157 cp = mtod(m, u_char *) + k;
160 return EXTRACT_SHORT(cp);
166 return (cp[0] << 8) | mtod(m0, u_char *)[0];
174 * Execute the filter program starting at pc on the packet p
175 * wirelen is the length of the original packet
176 * buflen is the amount of data present
179 bpf_filter(const struct bpf_insn *pc, u_char *p, u_int wirelen, u_int buflen)
181 u_int32_t A = 0, X = 0;
183 int32_t mem[BPF_MEMWORDS];
185 bzero(mem, sizeof(mem));
189 * No filter means accept all.
211 case BPF_LD|BPF_W|BPF_ABS:
213 if (k > buflen || sizeof(int32_t) > buflen - k) {
219 A = m_xword((struct mbuf *)p, k, &merr);
228 if (((intptr_t)(p + k) & 3) != 0)
229 A = EXTRACT_LONG(&p[k]);
232 A = ntohl(*(int32_t *)(p + k));
235 case BPF_LD|BPF_H|BPF_ABS:
237 if (k > buflen || sizeof(int16_t) > buflen - k) {
243 A = m_xhalf((struct mbuf *)p, k, &merr);
249 A = EXTRACT_SHORT(&p[k]);
252 case BPF_LD|BPF_B|BPF_ABS:
260 m = (struct mbuf *)p;
262 A = mtod(m, u_char *)[k];
271 case BPF_LD|BPF_W|BPF_LEN:
275 case BPF_LDX|BPF_W|BPF_LEN:
279 case BPF_LD|BPF_W|BPF_IND:
281 if (pc->k > buflen || X > buflen - pc->k ||
282 sizeof(int32_t) > buflen - k) {
288 A = m_xword((struct mbuf *)p, k, &merr);
297 if (((intptr_t)(p + k) & 3) != 0)
298 A = EXTRACT_LONG(&p[k]);
301 A = ntohl(*(int32_t *)(p + k));
304 case BPF_LD|BPF_H|BPF_IND:
306 if (X > buflen || pc->k > buflen - X ||
307 sizeof(int16_t) > buflen - k) {
313 A = m_xhalf((struct mbuf *)p, k, &merr);
321 A = EXTRACT_SHORT(&p[k]);
324 case BPF_LD|BPF_B|BPF_IND:
326 if (pc->k >= buflen || X >= buflen - pc->k) {
332 m = (struct mbuf *)p;
334 A = mtod(m, u_char *)[k];
343 case BPF_LDX|BPF_MSH|BPF_B:
351 m = (struct mbuf *)p;
353 X = (mtod(m, char *)[k] & 0xf) << 2;
359 X = (p[pc->k] & 0xf) << 2;
366 case BPF_LDX|BPF_IMM:
374 case BPF_LDX|BPF_MEM:
390 case BPF_JMP|BPF_JGT|BPF_K:
391 pc += (A > pc->k) ? pc->jt : pc->jf;
394 case BPF_JMP|BPF_JGE|BPF_K:
395 pc += (A >= pc->k) ? pc->jt : pc->jf;
398 case BPF_JMP|BPF_JEQ|BPF_K:
399 pc += (A == pc->k) ? pc->jt : pc->jf;
402 case BPF_JMP|BPF_JSET|BPF_K:
403 pc += (A & pc->k) ? pc->jt : pc->jf;
406 case BPF_JMP|BPF_JGT|BPF_X:
407 pc += (A > X) ? pc->jt : pc->jf;
410 case BPF_JMP|BPF_JGE|BPF_X:
411 pc += (A >= X) ? pc->jt : pc->jf;
414 case BPF_JMP|BPF_JEQ|BPF_X:
415 pc += (A == X) ? pc->jt : pc->jf;
418 case BPF_JMP|BPF_JSET|BPF_X:
419 pc += (A & X) ? pc->jt : pc->jf;
422 case BPF_ALU|BPF_ADD|BPF_X:
426 case BPF_ALU|BPF_SUB|BPF_X:
430 case BPF_ALU|BPF_MUL|BPF_X:
434 case BPF_ALU|BPF_DIV|BPF_X:
440 case BPF_ALU|BPF_AND|BPF_X:
444 case BPF_ALU|BPF_OR|BPF_X:
448 case BPF_ALU|BPF_LSH|BPF_X:
452 case BPF_ALU|BPF_RSH|BPF_X:
456 case BPF_ALU|BPF_ADD|BPF_K:
460 case BPF_ALU|BPF_SUB|BPF_K:
464 case BPF_ALU|BPF_MUL|BPF_K:
468 case BPF_ALU|BPF_DIV|BPF_K:
472 case BPF_ALU|BPF_AND|BPF_K:
476 case BPF_ALU|BPF_OR|BPF_K:
480 case BPF_ALU|BPF_LSH|BPF_K:
484 case BPF_ALU|BPF_RSH|BPF_K:
488 case BPF_ALU|BPF_NEG:
492 case BPF_MISC|BPF_TAX:
496 case BPF_MISC|BPF_TXA:
505 * Return true if the 'fcode' is a valid filter program.
506 * The constraints are that each jump be forward and to a valid
507 * code, that memory accesses are within valid ranges (to the
508 * extent that this can be checked statically; loads of packet
509 * data have to be, and are, also checked at run time), and that
510 * the code terminates with either an accept or reject.
512 * The kernel needs to be able to verify an application's filter code.
513 * Otherwise, a bogus program could easily crash the system.
516 bpf_validate(const struct bpf_insn *f, int len)
519 const struct bpf_insn *p;
521 if (len < 1 || len > BPF_MAXINSNS)
524 for (i = 0; i < len; ++i) {
526 switch (BPF_CLASS(p->code)) {
528 * Check that memory operations use valid addresses.
532 switch (BPF_MODE(p->code)) {
539 * More strict check with actual packet length
542 if (p->k >= bpf_maxbufsize)
546 if (p->k >= BPF_MEMWORDS)
557 if (p->k >= BPF_MEMWORDS)
561 switch (BPF_OP(p->code)) {
573 * Check for constant division by 0.
575 if (BPF_SRC(p->code) == BPF_K && p->k == 0)
584 * Check that jumps are within the code block,
585 * and that unconditional branches don't go
586 * backwards as a result of an overflow.
587 * Unconditional branches have a 32-bit offset,
588 * so they could overflow; we check to make
589 * sure they don't. Conditional branches have
590 * an 8-bit offset, and the from address is <=
591 * BPF_MAXINSNS, and we assume that BPF_MAXINSNS
592 * is sufficiently small that adding 255 to it
595 * We know that len is <= BPF_MAXINSNS, and we
596 * assume that BPF_MAXINSNS is < the maximum size
597 * of a u_int, so that i + 1 doesn't overflow.
600 switch (BPF_OP(p->code)) {
602 if (from + p->k < from || from + p->k >= len)
609 if (from + p->jt >= len || from + p->jf >= len)
624 return BPF_CLASS(f[len - 1].code) == BPF_RET;
projects / dragonfly.git / blob