Line | Count | Source (jump to first uncovered line) |
1 | | /*- |
2 | | * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 |
3 | | * The Regents of the University of California. All rights reserved. |
4 | | * |
5 | | * This code is derived from the Stanford/CMU enet packet filter, |
6 | | * (net/enet.c) distributed as part of 4.3BSD, and code contributed |
7 | | * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence |
8 | | * Berkeley Laboratory. |
9 | | * |
10 | | * Redistribution and use in source and binary forms, with or without |
11 | | * modification, are permitted provided that the following conditions |
12 | | * are met: |
13 | | * 1. Redistributions of source code must retain the above copyright |
14 | | * notice, this list of conditions and the following disclaimer. |
15 | | * 2. Redistributions in binary form must reproduce the above copyright |
16 | | * notice, this list of conditions and the following disclaimer in the |
17 | | * documentation and/or other materials provided with the distribution. |
18 | | * 3. Neither the name of the University nor the names of its contributors |
19 | | * may be used to endorse or promote products derived from this software |
20 | | * without specific prior written permission. |
21 | | * |
22 | | * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND |
23 | | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
24 | | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
25 | | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE |
26 | | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
27 | | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
28 | | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
29 | | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
30 | | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
31 | | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
32 | | * SUCH DAMAGE. |
33 | | * |
34 | | * @(#)bpf.h 7.1 (Berkeley) 5/7/91 |
35 | | */ |
36 | | |
37 | | /* |
38 | | * This is libpcap's cut-down version of bpf.h; it includes only |
39 | | * the stuff needed for the code generator and the userland BPF |
40 | | * interpreter, and the libpcap APIs for setting filters, etc.. |
41 | | * |
42 | | * "pcap-bpf.c" will include the native OS version, as it deals with |
43 | | * the OS's BPF implementation. |
44 | | * |
45 | | * At least two programs found by Google Code Search explicitly includes |
46 | | * <pcap/bpf.h> (even though <pcap.h>/<pcap/pcap.h> includes it for you), |
47 | | * so moving that stuff to <pcap/pcap.h> would break the build for some |
48 | | * programs. |
49 | | */ |
50 | | |
51 | | /* |
52 | | * If we've already included <net/bpf.h>, don't re-define this stuff. |
53 | | * We assume BSD-style multiple-include protection in <net/bpf.h>, |
54 | | * which is true of all but the oldest versions of FreeBSD and NetBSD, |
55 | | * or Tru64 UNIX-style multiple-include protection (or, at least, |
56 | | * Tru64 UNIX 5.x-style; I don't have earlier versions available to check), |
57 | | * or AIX-style multiple-include protection (or, at least, AIX 5.x-style; |
58 | | * I don't have earlier versions available to check), or QNX-style |
59 | | * multiple-include protection (as per GitHub pull request #394). |
60 | | * |
61 | | * We trust that they will define structures and macros and types in |
62 | | * a fashion that's source-compatible and binary-compatible with our |
63 | | * definitions. |
64 | | * |
65 | | * We do not check for BPF_MAJOR_VERSION, as that's defined by |
66 | | * <linux/filter.h>, which is directly or indirectly included in some |
67 | | * programs that also include pcap.h, and <linux/filter.h> doesn't |
68 | | * define stuff we need. We *do* protect against <linux/filter.h> |
69 | | * defining various macros for BPF code itself; <linux/filter.h> says |
70 | | * |
71 | | * Try and keep these values and structures similar to BSD, especially |
72 | | * the BPF code definitions which need to match so you can share filters |
73 | | * |
74 | | * so we trust that it will define them in a fashion that's source-compatible |
75 | | * and binary-compatible with our definitions. |
76 | | * |
77 | | * This also provides our own multiple-include protection. |
78 | | */ |
79 | | #if !defined(_NET_BPF_H_) && !defined(_NET_BPF_H_INCLUDED) && !defined(_BPF_H_) && !defined(_H_BPF) && !defined(lib_pcap_bpf_h) |
80 | | #define lib_pcap_bpf_h |
81 | | |
82 | | #include <pcap/funcattrs.h> |
83 | | #include <pcap/dlt.h> |
84 | | |
85 | | #ifdef __cplusplus |
86 | | extern "C" { |
87 | | #endif |
88 | | |
89 | | /* BSD style release date */ |
90 | | #define BPF_RELEASE 199606 |
91 | | |
92 | | #ifdef MSDOS /* must be 32-bit */ |
93 | | typedef long bpf_int32; |
94 | | typedef unsigned long bpf_u_int32; |
95 | | #else |
96 | | typedef int bpf_int32; |
97 | | typedef u_int bpf_u_int32; |
98 | | #endif |
99 | | |
100 | | /* |
101 | | * Alignment macros. BPF_WORDALIGN rounds up to the next |
102 | | * even multiple of BPF_ALIGNMENT. |
103 | | * |
104 | | * Tcpdump's print-pflog.c uses this, so we define it here. |
105 | | */ |
106 | | #ifndef __NetBSD__ |
107 | | #define BPF_ALIGNMENT sizeof(bpf_int32) |
108 | | #else |
109 | | #define BPF_ALIGNMENT sizeof(long) |
110 | | #endif |
111 | | #define BPF_WORDALIGN(x) (((x)+(BPF_ALIGNMENT-1))&~(BPF_ALIGNMENT-1)) |
112 | | |
113 | | /* |
114 | | * Structure for "pcap_compile()", "pcap_setfilter()", etc.. |
115 | | */ |
116 | | struct bpf_program { |
117 | | u_int bf_len; |
118 | | struct bpf_insn *bf_insns; |
119 | | }; |
120 | | |
121 | | /* |
122 | | * The instruction encodings. |
123 | | * |
124 | | * Please inform tcpdump-workers@lists.tcpdump.org if you use any |
125 | | * of the reserved values, so that we can note that they're used |
126 | | * (and perhaps implement it in the reference BPF implementation |
127 | | * and encourage its implementation elsewhere). |
128 | | */ |
129 | | |
130 | | /* |
131 | | * The upper 8 bits of the opcode aren't used. BSD/OS used 0x8000. |
132 | | */ |
133 | | |
134 | | /* instruction classes */ |
135 | 736k | #define BPF_CLASS(code) ((code) & 0x07) |
136 | 694k | #define BPF_LD 0x00 |
137 | 225k | #define BPF_LDX 0x01 |
138 | 316k | #define BPF_ST 0x02 |
139 | 50.0k | #define BPF_STX 0x03 |
140 | 429k | #define BPF_ALU 0x04 |
141 | 205k | #define BPF_JMP 0x05 |
142 | 32.0k | #define BPF_RET 0x06 |
143 | 88.5k | #define BPF_MISC 0x07 |
144 | | |
145 | | /* ld/ldx fields */ |
146 | 0 | #define BPF_SIZE(code) ((code) & 0x18) |
147 | 78.5k | #define BPF_W 0x00 |
148 | 6.29k | #define BPF_H 0x08 |
149 | 39.8k | #define BPF_B 0x10 |
150 | | /* 0x18 reserved; used by BSD/OS */ |
151 | 352k | #define BPF_MODE(code) ((code) & 0xe0) |
152 | 453k | #define BPF_IMM 0x00 |
153 | 26.9k | #define BPF_ABS 0x20 |
154 | 140k | #define BPF_IND 0x40 |
155 | 189k | #define BPF_MEM 0x60 |
156 | 0 | #define BPF_LEN 0x80 |
157 | 22.2k | #define BPF_MSH 0xa0 |
158 | | /* 0xc0 reserved; used by BSD/OS */ |
159 | | /* 0xe0 reserved; used by BSD/OS */ |
160 | | |
161 | | /* alu/jmp fields */ |
162 | 24.8k | #define BPF_OP(code) ((code) & 0xf0) |
163 | 27.5k | #define BPF_ADD 0x00 |
164 | 42.9k | #define BPF_SUB 0x10 |
165 | 6.86k | #define BPF_MUL 0x20 |
166 | 10.2k | #define BPF_DIV 0x30 |
167 | 14.4k | #define BPF_OR 0x40 |
168 | 32.6k | #define BPF_AND 0x50 |
169 | 16.8k | #define BPF_LSH 0x60 |
170 | 16.8k | #define BPF_RSH 0x70 |
171 | 1.58k | #define BPF_NEG 0x80 |
172 | 10.6k | #define BPF_MOD 0x90 |
173 | 17.1k | #define BPF_XOR 0xa0 |
174 | | /* 0xb0 reserved */ |
175 | | /* 0xc0 reserved */ |
176 | | /* 0xd0 reserved */ |
177 | | /* 0xe0 reserved */ |
178 | | /* 0xf0 reserved */ |
179 | | |
180 | 1.90k | #define BPF_JA 0x00 |
181 | 28.4k | #define BPF_JEQ 0x10 |
182 | 1.45k | #define BPF_JGT 0x20 |
183 | 2.05k | #define BPF_JGE 0x30 |
184 | 24.7k | #define BPF_JSET 0x40 |
185 | | /* 0x50 reserved; used on BSD/OS */ |
186 | | /* 0x60 reserved */ |
187 | | /* 0x70 reserved */ |
188 | | /* 0x80 reserved */ |
189 | | /* 0x90 reserved */ |
190 | | /* 0xa0 reserved */ |
191 | | /* 0xb0 reserved */ |
192 | | /* 0xc0 reserved */ |
193 | | /* 0xd0 reserved */ |
194 | | /* 0xe0 reserved */ |
195 | | /* 0xf0 reserved */ |
196 | 133k | #define BPF_SRC(code) ((code) & 0x08) |
197 | 146k | #define BPF_K 0x00 |
198 | 240k | #define BPF_X 0x08 |
199 | | |
200 | | /* ret - BPF_K and BPF_X also apply */ |
201 | 19.0k | #define BPF_RVAL(code) ((code) & 0x18) |
202 | 9.53k | #define BPF_A 0x10 |
203 | | /* 0x18 reserved */ |
204 | | |
205 | | /* misc */ |
206 | 44.9k | #define BPF_MISCOP(code) ((code) & 0xf8) |
207 | 62.1k | #define BPF_TAX 0x00 |
208 | | /* 0x08 reserved */ |
209 | | /* 0x10 reserved */ |
210 | | /* 0x18 reserved */ |
211 | | /* #define BPF_COP 0x20 NetBSD "coprocessor" extensions */ |
212 | | /* 0x28 reserved */ |
213 | | /* 0x30 reserved */ |
214 | | /* 0x38 reserved */ |
215 | | /* #define BPF_COPX 0x40 NetBSD "coprocessor" extensions */ |
216 | | /* also used on BSD/OS */ |
217 | | /* 0x48 reserved */ |
218 | | /* 0x50 reserved */ |
219 | | /* 0x58 reserved */ |
220 | | /* 0x60 reserved */ |
221 | | /* 0x68 reserved */ |
222 | | /* 0x70 reserved */ |
223 | | /* 0x78 reserved */ |
224 | 26.3k | #define BPF_TXA 0x80 |
225 | | /* 0x88 reserved */ |
226 | | /* 0x90 reserved */ |
227 | | /* 0x98 reserved */ |
228 | | /* 0xa0 reserved */ |
229 | | /* 0xa8 reserved */ |
230 | | /* 0xb0 reserved */ |
231 | | /* 0xb8 reserved */ |
232 | | /* 0xc0 reserved; used on BSD/OS */ |
233 | | /* 0xc8 reserved */ |
234 | | /* 0xd0 reserved */ |
235 | | /* 0xd8 reserved */ |
236 | | /* 0xe0 reserved */ |
237 | | /* 0xe8 reserved */ |
238 | | /* 0xf0 reserved */ |
239 | | /* 0xf8 reserved */ |
240 | | |
241 | | /* |
242 | | * The instruction data structure. |
243 | | */ |
244 | | struct bpf_insn { |
245 | | u_short code; |
246 | | u_char jt; |
247 | | u_char jf; |
248 | | bpf_u_int32 k; |
249 | | }; |
250 | | |
251 | | /* |
252 | | * Macros for insn array initializers. |
253 | | * |
254 | | * In case somebody's included <linux/filter.h>, or something else that |
255 | | * gives the kernel's definitions of BPF statements, get rid of its |
256 | | * definitions, so we can supply ours instead. If some kernel's |
257 | | * definitions aren't *binary-compatible* with what BPF has had |
258 | | * since it first sprung from the brows of Van Jacobson and Steve |
259 | | * McCanne, that kernel should be fixed. |
260 | | */ |
261 | | #ifdef BPF_STMT |
262 | | #undef BPF_STMT |
263 | | #endif |
264 | | #define BPF_STMT(code, k) { (u_short)(code), 0, 0, k } |
265 | | #ifdef BPF_JUMP |
266 | | #undef BPF_JUMP |
267 | | #endif |
268 | | #define BPF_JUMP(code, k, jt, jf) { (u_short)(code), jt, jf, k } |
269 | | |
270 | | PCAP_AVAILABLE_0_4 |
271 | | PCAP_API u_int bpf_filter(const struct bpf_insn *, const u_char *, u_int, u_int); |
272 | | |
273 | | PCAP_AVAILABLE_0_6 |
274 | | PCAP_API int bpf_validate(const struct bpf_insn *f, int len); |
275 | | |
276 | | PCAP_AVAILABLE_0_4 |
277 | | PCAP_API char *bpf_image(const struct bpf_insn *, int); |
278 | | |
279 | | PCAP_AVAILABLE_0_6 |
280 | | PCAP_API void bpf_dump(const struct bpf_program *, int); |
281 | | |
282 | | /* |
283 | | * Number of scratch memory words (for BPF_LD|BPF_MEM and BPF_ST). |
284 | | */ |
285 | 2.10M | #define BPF_MEMWORDS 16 |
286 | | |
287 | | #ifdef __cplusplus |
288 | | } |
289 | | #endif |
290 | | |
291 | | #endif /* !defined(_NET_BPF_H_) && !defined(_BPF_H_) && !defined(_H_BPF) && !defined(lib_pcap_bpf_h) */ |