4 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
5 * The Regents of the University of California. All rights reserved.
7 * This code is derived from the Stanford/CMU enet packet filter,
8 * (net/enet.c) distributed as part of 4.3BSD, and code contributed
9 * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence
10 * Berkeley Laboratory.
12 * Redistribution and use in source and binary forms, with or without
13 * modification, are permitted provided that the following conditions
15 * 1. Redistributions of source code must retain the above copyright
16 * notice, this list of conditions and the following disclaimer.
17 * 2. Redistributions in binary form must reproduce the above copyright
18 * notice, this list of conditions and the following disclaimer in the
19 * documentation and/or other materials provided with the distribution.
20 * 3. All advertising materials mentioning features or use of this software
21 * must display the following acknowledgement:
22 * This product includes software developed by the University of
23 * California, Berkeley and its contributors.
24 * 4. Neither the name of the University nor the names of its contributors
25 * may be used to endorse or promote products derived from this software
26 * without specific prior written permission.
28 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
29 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
30 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
31 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
32 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
33 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
34 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
35 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
36 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
37 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
40 * @(#)bpf.c 7.5 (Berkeley) 7/15/91
43 #if !(defined(lint) || defined(KERNEL) || defined(_KERNEL))
44 static const char rcsid[] =
45 "@(#) $Header: /devel/CVS/IP-Filter/bpf_filter.c,v 2.2.2.3 2006/10/03 11:25:56 darrenr Exp $ (LBL)";
48 #include <sys/param.h>
49 #include <sys/types.h>
51 #include <sys/socket.h>
53 #include <netinet/in.h>
56 #include "netinet/ip_compat.h"
60 #if (defined(__hpux) || SOLARIS) && (defined(_KERNEL) || defined(KERNEL))
61 # include <sys/sysmacros.h>
62 # include <sys/stream.h>
67 #if !defined(KERNEL) && !defined(_KERNEL)
71 #define int32 bpf_int32
72 #define u_int32 bpf_u_int32
74 static int m_xword __P((mb_t *, int, int *));
75 static int m_xhalf __P((mb_t *, int, int *));
79 * XXX - IA-64? If not, this probably won't work on Win64 IA-64
80 * systems, unless LBL_ALIGN is defined elsewhere for them.
81 * XXX - SuperH? If not, this probably won't work on WinCE SuperH
82 * systems, unless LBL_ALIGN is defined elsewhere for them.
84 #if defined(sparc) || defined(__sparc__) || defined(mips) || \
85 defined(ibm032) || defined(__alpha) || defined(__hpux) || \
93 #define EXTRACT_SHORT(p) ((u_short)ntohs(*(u_short *)p))
94 #define EXTRACT_LONG(p) (ntohl(*(u_int32 *)p))
96 #define EXTRACT_SHORT(p)\
98 ((u_short)*((u_char *)p+0)<<8|\
99 (u_short)*((u_char *)p+1)<<0))
100 #define EXTRACT_LONG(p)\
101 ((u_int32)*((u_char *)p+0)<<24|\
102 (u_int32)*((u_char *)p+1)<<16|\
103 (u_int32)*((u_char *)p+2)<<8|\
104 (u_int32)*((u_char *)p+3)<<0)
107 #define MINDEX(len, _m, _k) \
110 while ((_k) >= len) { \
112 (_m) = (_m)->m_next; \
122 register int k, *err;
125 register u_char *cp, *np;
129 cp = MTOD(m, u_char *) + k;
132 return EXTRACT_LONG(cp);
135 if (m0 == NULL || M_LEN(m0) + len - k < 4)
138 np = MTOD(m0, u_char *);
142 return (cp[0] << 24) | (np[0] << 16) | (np[1] << 8) | np[2];
145 return (cp[0] << 24) | (cp[1] << 16) | (np[0] << 8) | np[1];
148 return (cp[0] << 24) | (cp[1] << 16) | (cp[2] << 8) | np[0];
158 register int k, *err;
165 cp = MTOD(m, u_char *) + k;
168 return EXTRACT_SHORT(cp);
174 return (cp[0] << 8) | MTOD(m0, u_char *)[0];
181 * Execute the filter program starting at pc on the packet p
182 * wirelen is the length of the original packet
183 * buflen is the amount of data present
184 * For the kernel, p is assumed to be a pointer to an mbuf if buflen is 0,
185 * in all other cases, p is a pointer to a buffer and buflen is its size.
188 bpf_filter(pc, p, wirelen, buflen)
189 register struct bpf_insn *pc;
192 register u_int buflen;
194 register u_int32 A, X;
196 int32 mem[BPF_MEMWORDS];
198 int merr = 0; /* XXX: GCC */
203 p = MTOD(m, u_char *);
210 * No filter means accept all.
228 case BPF_LD|BPF_W|BPF_ABS:
230 if (k + sizeof(int32) > buflen) {
233 A = m_xword(m, k, &merr);
238 A = EXTRACT_LONG(&p[k]);
241 case BPF_LD|BPF_H|BPF_ABS:
243 if (k + sizeof(short) > buflen) {
246 A = m_xhalf(m, k, &merr);
251 A = EXTRACT_SHORT(&p[k]);
254 case BPF_LD|BPF_B|BPF_ABS:
261 A = MTOD(n, u_char *)[k];
267 case BPF_LD|BPF_W|BPF_LEN:
271 case BPF_LDX|BPF_W|BPF_LEN:
275 case BPF_LD|BPF_W|BPF_IND:
277 if (k + sizeof(int32) > buflen) {
280 A = m_xword(m, k, &merr);
285 A = EXTRACT_LONG(&p[k]);
288 case BPF_LD|BPF_H|BPF_IND:
290 if (k + sizeof(short) > buflen) {
293 A = m_xhalf(m, k, &merr);
298 A = EXTRACT_SHORT(&p[k]);
301 case BPF_LD|BPF_B|BPF_IND:
308 A = MTOD(n, u_char *)[k];
314 case BPF_LDX|BPF_MSH|BPF_B:
321 X = (MTOD(n, char *)[k] & 0xf) << 2;
324 X = (p[pc->k] & 0xf) << 2;
331 case BPF_LDX|BPF_IMM:
339 case BPF_LDX|BPF_MEM:
355 case BPF_JMP|BPF_JGT|BPF_K:
356 pc += (A > pc->k) ? pc->jt : pc->jf;
359 case BPF_JMP|BPF_JGE|BPF_K:
360 pc += (A >= pc->k) ? pc->jt : pc->jf;
363 case BPF_JMP|BPF_JEQ|BPF_K:
364 pc += (A == pc->k) ? pc->jt : pc->jf;
367 case BPF_JMP|BPF_JSET|BPF_K:
368 pc += (A & pc->k) ? pc->jt : pc->jf;
371 case BPF_JMP|BPF_JGT|BPF_X:
372 pc += (A > X) ? pc->jt : pc->jf;
375 case BPF_JMP|BPF_JGE|BPF_X:
376 pc += (A >= X) ? pc->jt : pc->jf;
379 case BPF_JMP|BPF_JEQ|BPF_X:
380 pc += (A == X) ? pc->jt : pc->jf;
383 case BPF_JMP|BPF_JSET|BPF_X:
384 pc += (A & X) ? pc->jt : pc->jf;
387 case BPF_ALU|BPF_ADD|BPF_X:
391 case BPF_ALU|BPF_SUB|BPF_X:
395 case BPF_ALU|BPF_MUL|BPF_X:
399 case BPF_ALU|BPF_DIV|BPF_X:
405 case BPF_ALU|BPF_AND|BPF_X:
409 case BPF_ALU|BPF_OR|BPF_X:
413 case BPF_ALU|BPF_LSH|BPF_X:
417 case BPF_ALU|BPF_RSH|BPF_X:
421 case BPF_ALU|BPF_ADD|BPF_K:
425 case BPF_ALU|BPF_SUB|BPF_K:
429 case BPF_ALU|BPF_MUL|BPF_K:
433 case BPF_ALU|BPF_DIV|BPF_K:
437 case BPF_ALU|BPF_AND|BPF_K:
441 case BPF_ALU|BPF_OR|BPF_K:
445 case BPF_ALU|BPF_LSH|BPF_K:
449 case BPF_ALU|BPF_RSH|BPF_K:
453 case BPF_ALU|BPF_NEG:
457 case BPF_MISC|BPF_TAX:
461 case BPF_MISC|BPF_TXA:
470 * Return true if the 'fcode' is a valid filter program.
471 * The constraints are that each jump be forward and to a valid
472 * code, that memory accesses are within valid ranges (to the
473 * extent that this can be checked statically; loads of packet
474 * data have to be, and are, also checked at run time), and that
475 * the code terminates with either an accept or reject.
477 * The kernel needs to be able to verify an application's filter code.
478 * Otherwise, a bogus program could easily crash the system.
486 const struct bpf_insn *p;
491 if (len < 1 || len > BPF_MAXINSNS)
494 for (i = 0; i < len; ++i) {
496 switch (BPF_CLASS(p->code)) {
498 * Check that memory operations use valid addresses.
502 switch (BPF_MODE(p->code)) {
509 * More strict check with actual packet length
513 if (p->k >= bpf_maxbufsize)
518 if (p->k >= BPF_MEMWORDS)
529 if (p->k >= BPF_MEMWORDS)
533 switch (BPF_OP(p->code)) {
544 * Check for constant division by 0.
546 if (BPF_RVAL(p->code) == BPF_K && p->k == 0)
554 * Check that jumps are within the code block,
555 * and that unconditional branches don't go
556 * backwards as a result of an overflow.
557 * Unconditional branches have a 32-bit offset,
558 * so they could overflow; we check to make
559 * sure they don't. Conditional branches have
560 * an 8-bit offset, and the from address is <=
561 * BPF_MAXINSNS, and we assume that BPF_MAXINSNS
562 * is sufficiently small that adding 255 to it
565 * We know that len is <= BPF_MAXINSNS, and we
566 * assume that BPF_MAXINSNS is < the maximum size
567 * of a u_int, so that i + 1 doesn't overflow.
570 switch (BPF_OP(p->code)) {
572 if (from + p->k < from || from + p->k >= len)
579 if (from + p->jt >= len || from + p->jf >= len)
594 return BPF_CLASS(f[len - 1].code) == BPF_RET;