Coverage Report

Created: 2024-01-20 12:29

/src/libpcap/pcap/bpf.h
Line
Count
Source (jump to first uncovered line)
1
/*-
2
 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
3
 *  The Regents of the University of California.  All rights reserved.
4
 *
5
 * This code is derived from the Stanford/CMU enet packet filter,
6
 * (net/enet.c) distributed as part of 4.3BSD, and code contributed
7
 * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence
8
 * Berkeley Laboratory.
9
 *
10
 * Redistribution and use in source and binary forms, with or without
11
 * modification, are permitted provided that the following conditions
12
 * are met:
13
 * 1. Redistributions of source code must retain the above copyright
14
 *    notice, this list of conditions and the following disclaimer.
15
 * 2. Redistributions in binary form must reproduce the above copyright
16
 *    notice, this list of conditions and the following disclaimer in the
17
 *    documentation and/or other materials provided with the distribution.
18
 * 3. Neither the name of the University nor the names of its contributors
19
 *    may be used to endorse or promote products derived from this software
20
 *    without specific prior written permission.
21
 *
22
 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
23
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32
 * SUCH DAMAGE.
33
 *
34
 *      @(#)bpf.h       7.1 (Berkeley) 5/7/91
35
 */
36
37
/*
38
 * This is libpcap's cut-down version of bpf.h; it includes only
39
 * the stuff needed for the code generator and the userland BPF
40
 * interpreter, and the libpcap APIs for setting filters, etc..
41
 *
42
 * "pcap-bpf.c" will include the native OS version, as it deals with
43
 * the OS's BPF implementation.
44
 *
45
 * At least two programs found by Google Code Search explicitly includes
46
 * <pcap/bpf.h> (even though <pcap.h>/<pcap/pcap.h> includes it for you),
47
 * so moving that stuff to <pcap/pcap.h> would break the build for some
48
 * programs.
49
 */
50
51
/*
52
 * If we've already included <net/bpf.h>, don't re-define this stuff.
53
 * We assume BSD-style multiple-include protection in <net/bpf.h>,
54
 * which is true of all but the oldest versions of FreeBSD and NetBSD,
55
 * or Tru64 UNIX-style multiple-include protection (or, at least,
56
 * Tru64 UNIX 5.x-style; I don't have earlier versions available to check),
57
 * or AIX-style multiple-include protection (or, at least, AIX 5.x-style;
58
 * I don't have earlier versions available to check), or QNX-style
59
 * multiple-include protection (as per GitHub pull request #394).
60
 *
61
 * We trust that they will define structures and macros and types in
62
 * a fashion that's source-compatible and binary-compatible with our
63
 * definitions.
64
 *
65
 * We do not check for BPF_MAJOR_VERSION, as that's defined by
66
 * <linux/filter.h>, which is directly or indirectly included in some
67
 * programs that also include pcap.h, and <linux/filter.h> doesn't
68
 * define stuff we need.  We *do* protect against <linux/filter.h>
69
 * defining various macros for BPF code itself; <linux/filter.h> says
70
 *
71
 *  Try and keep these values and structures similar to BSD, especially
72
 *  the BPF code definitions which need to match so you can share filters
73
 *
74
 * so we trust that it will define them in a fashion that's source-compatible
75
 * and binary-compatible with our definitions.
76
 *
77
 * This also provides our own multiple-include protection.
78
 */
79
#if !defined(_NET_BPF_H_) && !defined(_NET_BPF_H_INCLUDED) && !defined(_BPF_H_) && !defined(_H_BPF) && !defined(lib_pcap_bpf_h)
80
#define lib_pcap_bpf_h
81
82
#include <pcap/funcattrs.h>
83
#include <pcap/dlt.h>
84
85
#ifdef __cplusplus
86
extern "C" {
87
#endif
88
89
/* BSD style release date */
90
#define BPF_RELEASE 199606
91
92
#ifdef MSDOS /* must be 32-bit */
93
typedef long          bpf_int32;
94
typedef unsigned long bpf_u_int32;
95
#else
96
typedef int bpf_int32;
97
typedef u_int bpf_u_int32;
98
#endif
99
100
/*
101
 * Alignment macros.  BPF_WORDALIGN rounds up to the next
102
 * even multiple of BPF_ALIGNMENT.
103
 *
104
 * Tcpdump's print-pflog.c uses this, so we define it here.
105
 */
106
#ifndef __NetBSD__
107
#define BPF_ALIGNMENT sizeof(bpf_int32)
108
#else
109
#define BPF_ALIGNMENT sizeof(long)
110
#endif
111
#define BPF_WORDALIGN(x) (((x)+(BPF_ALIGNMENT-1))&~(BPF_ALIGNMENT-1))
112
113
/*
114
 * Structure for "pcap_compile()", "pcap_setfilter()", etc..
115
 */
116
struct bpf_program {
117
  u_int bf_len;
118
  struct bpf_insn *bf_insns;
119
};
120
121
/*
122
 * The instruction encodings.
123
 *
124
 * Please inform tcpdump-workers@lists.tcpdump.org if you use any
125
 * of the reserved values, so that we can note that they're used
126
 * (and perhaps implement it in the reference BPF implementation
127
 * and encourage its implementation elsewhere).
128
 */
129
130
/*
131
 * The upper 8 bits of the opcode aren't used. BSD/OS used 0x8000.
132
 */
133
134
/* instruction classes */
135
0
#define BPF_CLASS(code) ((code) & 0x07)
136
0
#define   BPF_LD    0x00
137
0
#define   BPF_LDX   0x01
138
0
#define   BPF_ST    0x02
139
0
#define   BPF_STX   0x03
140
0
#define   BPF_ALU   0x04
141
0
#define   BPF_JMP   0x05
142
0
#define   BPF_RET   0x06
143
0
#define   BPF_MISC  0x07
144
145
/* ld/ldx fields */
146
0
#define BPF_SIZE(code)  ((code) & 0x18)
147
0
#define   BPF_W   0x00
148
0
#define   BPF_H   0x08
149
0
#define   BPF_B   0x10
150
/*        0x18  reserved; used by BSD/OS */
151
0
#define BPF_MODE(code)  ((code) & 0xe0)
152
0
#define   BPF_IMM   0x00
153
0
#define   BPF_ABS   0x20
154
0
#define   BPF_IND   0x40
155
0
#define   BPF_MEM   0x60
156
0
#define   BPF_LEN   0x80
157
0
#define   BPF_MSH   0xa0
158
/*        0xc0  reserved; used by BSD/OS */
159
/*        0xe0  reserved; used by BSD/OS */
160
161
/* alu/jmp fields */
162
0
#define BPF_OP(code)  ((code) & 0xf0)
163
0
#define   BPF_ADD   0x00
164
0
#define   BPF_SUB   0x10
165
0
#define   BPF_MUL   0x20
166
0
#define   BPF_DIV   0x30
167
0
#define   BPF_OR    0x40
168
0
#define   BPF_AND   0x50
169
0
#define   BPF_LSH   0x60
170
0
#define   BPF_RSH   0x70
171
0
#define   BPF_NEG   0x80
172
0
#define   BPF_MOD   0x90
173
0
#define   BPF_XOR   0xa0
174
/*        0xb0  reserved */
175
/*        0xc0  reserved */
176
/*        0xd0  reserved */
177
/*        0xe0  reserved */
178
/*        0xf0  reserved */
179
180
0
#define   BPF_JA    0x00
181
0
#define   BPF_JEQ   0x10
182
0
#define   BPF_JGT   0x20
183
0
#define   BPF_JGE   0x30
184
0
#define   BPF_JSET  0x40
185
/*        0x50  reserved; used on BSD/OS */
186
/*        0x60  reserved */
187
/*        0x70  reserved */
188
/*        0x80  reserved */
189
/*        0x90  reserved */
190
/*        0xa0  reserved */
191
/*        0xb0  reserved */
192
/*        0xc0  reserved */
193
/*        0xd0  reserved */
194
/*        0xe0  reserved */
195
/*        0xf0  reserved */
196
0
#define BPF_SRC(code) ((code) & 0x08)
197
0
#define   BPF_K   0x00
198
0
#define   BPF_X   0x08
199
200
/* ret - BPF_K and BPF_X also apply */
201
0
#define BPF_RVAL(code)  ((code) & 0x18)
202
0
#define   BPF_A   0x10
203
/*        0x18  reserved */
204
205
/* misc */
206
0
#define BPF_MISCOP(code) ((code) & 0xf8)
207
0
#define   BPF_TAX   0x00
208
/*        0x08  reserved */
209
/*        0x10  reserved */
210
/*        0x18  reserved */
211
/* #define  BPF_COP   0x20  NetBSD "coprocessor" extensions */
212
/*        0x28  reserved */
213
/*        0x30  reserved */
214
/*        0x38  reserved */
215
/* #define  BPF_COPX  0x40  NetBSD "coprocessor" extensions */
216
/*          also used on BSD/OS */
217
/*        0x48  reserved */
218
/*        0x50  reserved */
219
/*        0x58  reserved */
220
/*        0x60  reserved */
221
/*        0x68  reserved */
222
/*        0x70  reserved */
223
/*        0x78  reserved */
224
0
#define   BPF_TXA   0x80
225
/*        0x88  reserved */
226
/*        0x90  reserved */
227
/*        0x98  reserved */
228
/*        0xa0  reserved */
229
/*        0xa8  reserved */
230
/*        0xb0  reserved */
231
/*        0xb8  reserved */
232
/*        0xc0  reserved; used on BSD/OS */
233
/*        0xc8  reserved */
234
/*        0xd0  reserved */
235
/*        0xd8  reserved */
236
/*        0xe0  reserved */
237
/*        0xe8  reserved */
238
/*        0xf0  reserved */
239
/*        0xf8  reserved */
240
241
/*
242
 * The instruction data structure.
243
 */
244
struct bpf_insn {
245
  u_short code;
246
  u_char  jt;
247
  u_char  jf;
248
  bpf_u_int32 k;
249
};
250
251
/*
252
 * Macros for insn array initializers.
253
 *
254
 * In case somebody's included <linux/filter.h>, or something else that
255
 * gives the kernel's definitions of BPF statements, get rid of its
256
 * definitions, so we can supply ours instead.  If some kernel's
257
 * definitions aren't *binary-compatible* with what BPF has had
258
 * since it first sprung from the brows of Van Jacobson and Steve
259
 * McCanne, that kernel should be fixed.
260
 */
261
#ifdef BPF_STMT
262
#undef BPF_STMT
263
#endif
264
#define BPF_STMT(code, k) { (u_short)(code), 0, 0, k }
265
#ifdef BPF_JUMP
266
#undef BPF_JUMP
267
#endif
268
#define BPF_JUMP(code, k, jt, jf) { (u_short)(code), jt, jf, k }
269
270
PCAP_AVAILABLE_0_4
271
PCAP_API u_int  bpf_filter(const struct bpf_insn *, const u_char *, u_int, u_int);
272
273
PCAP_AVAILABLE_0_6
274
PCAP_API int  bpf_validate(const struct bpf_insn *f, int len);
275
276
PCAP_AVAILABLE_0_4
277
PCAP_API char *bpf_image(const struct bpf_insn *, int);
278
279
PCAP_AVAILABLE_0_6
280
PCAP_API void bpf_dump(const struct bpf_program *, int);
281
282
/*
283
 * Number of scratch memory words (for BPF_LD|BPF_MEM and BPF_ST).
284
 */
285
0
#define BPF_MEMWORDS 16
286
287
#ifdef __cplusplus
288
}
289
#endif
290
291
#endif /* !defined(_NET_BPF_H_) && !defined(_BPF_H_) && !defined(_H_BPF) && !defined(lib_pcap_bpf_h) */