bpf_filter.c revision 1.14
1 /* $NetBSD: bpf_filter.c,v 1.14 1997/10/09 18:20:04 christos Exp $ */ 2 3 /*- 4 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 5 * The Regents of the University of California. All rights reserved. 6 * 7 * This code is derived from the Stanford/CMU enet packet filter, 8 * (net/enet.c) distributed as part of 4.3BSD, and code contributed 9 * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence 10 * Berkeley Laboratory. 11 * 12 * Redistribution and use in source and binary forms, with or without 13 * modification, are permitted provided that the following conditions 14 * are met: 15 * 1. Redistributions of source code must retain the above copyright 16 * notice, this list of conditions and the following disclaimer. 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in the 19 * documentation and/or other materials provided with the distribution. 20 * 3. All advertising materials mentioning features or use of this software 21 * must display the following acknowledgement: 22 * This product includes software developed by the University of 23 * California, Berkeley and its contributors. 24 * 4. Neither the name of the University nor the names of its contributors 25 * may be used to endorse or promote products derived from this software 26 * without specific prior written permission. 27 * 28 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 29 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 30 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 31 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 32 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 33 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 34 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 35 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 36 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 37 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 38 * SUCH DAMAGE. 39 * 40 * @(#)bpf_filter.c 8.1 (Berkeley) 6/10/93 41 */ 42 43 #if 0 44 #if !(defined(lint) || defined(KERNEL)) 45 static const char rcsid[] = 46 "@(#) Header: bpf_filter.c,v 1.33 97/04/26 13:37:18 leres Exp (LBL)"; 47 #endif 48 #endif 49 50 #include <sys/param.h> 51 #include <sys/types.h> 52 #include <sys/time.h> 53 54 #ifdef sun 55 #include <netinet/in.h> 56 #endif 57 58 #if defined(sparc) || defined(mips) || defined(ibm032) || \ 59 (defined(__NetBSD__) && !defined(UNALIGNED_ACCESS)) 60 #define BPF_ALIGN 61 #endif 62 63 #ifndef BPF_ALIGN 64 #define EXTRACT_SHORT(p) ((u_int16_t)ntohs(*(u_int16_t *)p)) 65 #define EXTRACT_LONG(p) (ntohl(*(u_int32_t *)p)) 66 #else 67 #define EXTRACT_SHORT(p)\ 68 ((u_int16_t)\ 69 ((u_int16_t)*((u_char *)p+0)<<8|\ 70 (u_int16_t)*((u_char *)p+1)<<0)) 71 #define EXTRACT_LONG(p)\ 72 ((u_int32_t)*((u_char *)p+0)<<24|\ 73 (u_int32_t)*((u_char *)p+1)<<16|\ 74 (u_int32_t)*((u_char *)p+2)<<8|\ 75 (u_int32_t)*((u_char *)p+3)<<0) 76 #endif 77 78 #ifdef _KERNEL 79 #include <sys/mbuf.h> 80 #define MINDEX(len, m, k) \ 81 { \ 82 len = m->m_len; \ 83 while (k >= len) { \ 84 k -= len; \ 85 m = m->m_next; \ 86 if (m == 0) \ 87 return 0; \ 88 len = m->m_len; \ 89 } \ 90 } 91 92 static int m_xword __P((struct mbuf *, int, int *)); 93 static int m_xhalf __P((struct mbuf *, int, int *)); 94 95 static int 96 m_xword(m, k, err) 97 register struct mbuf *m; 98 register int k, *err; 99 { 100 register int len; 101 register u_char *cp, *np; 102 register struct mbuf *m0; 103 104 MINDEX(len, m, k); 105 cp = mtod(m, u_char *) + k; 106 if (len - k >= 4) { 107 *err = 0; 108 return EXTRACT_LONG(cp); 109 } 110 m0 = m->m_next; 111 if (m0 == 0 || m0->m_len + len - k < 4) 112 goto bad; 113 *err = 0; 114 np = mtod(m0, u_char *); 115 switch (len - k) { 116 117 case 1: 118 return (cp[0] << 24) | (np[0] << 16) | (np[1] << 8) | np[2]; 119 120 case 2: 121 return (cp[0] << 24) | (cp[1] << 16) | (np[0] << 8) | np[1]; 122 123 default: 124 return (cp[0] << 24) | (cp[1] << 16) | (cp[2] << 8) | np[0]; 125 } 126 bad: 127 *err = 1; 128 return 0; 129 } 130 131 static int 132 m_xhalf(m, k, err) 133 register struct mbuf *m; 134 register int k, *err; 135 { 136 register int len; 137 register u_char *cp; 138 register struct mbuf *m0; 139 140 MINDEX(len, m, k); 141 cp = mtod(m, u_char *) + k; 142 if (len - k >= 2) { 143 *err = 0; 144 return EXTRACT_SHORT(cp); 145 } 146 m0 = m->m_next; 147 if (m0 == 0) 148 goto bad; 149 *err = 0; 150 return (cp[0] << 8) | mtod(m0, u_char *)[0]; 151 bad: 152 *err = 1; 153 return 0; 154 } 155 #endif 156 157 #include <net/bpf.h> 158 159 /* 160 * Execute the filter program starting at pc on the packet p 161 * wirelen is the length of the original packet 162 * buflen is the amount of data present 163 */ 164 u_int 165 bpf_filter(pc, p, wirelen, buflen) 166 register struct bpf_insn *pc; 167 register u_char *p; 168 u_int wirelen; 169 register u_int buflen; 170 { 171 register u_int32_t A, X; 172 register int k; 173 int32_t mem[BPF_MEMWORDS]; 174 175 if (pc == 0) 176 /* 177 * No filter means accept all. 178 */ 179 return (u_int)-1; 180 A = 0; 181 X = 0; 182 --pc; 183 while (1) { 184 ++pc; 185 switch (pc->code) { 186 187 default: 188 #ifdef _KERNEL 189 return 0; 190 #else 191 abort(); 192 #endif 193 case BPF_RET|BPF_K: 194 return (u_int)pc->k; 195 196 case BPF_RET|BPF_A: 197 return (u_int)A; 198 199 case BPF_LD|BPF_W|BPF_ABS: 200 k = pc->k; 201 if (k + sizeof(int32_t) > buflen) { 202 #ifdef _KERNEL 203 int merr; 204 205 if (buflen != 0) 206 return 0; 207 A = m_xword((struct mbuf *)p, k, &merr); 208 if (merr != 0) 209 return 0; 210 continue; 211 #else 212 return 0; 213 #endif 214 } 215 A = EXTRACT_LONG(&p[k]); 216 continue; 217 218 case BPF_LD|BPF_H|BPF_ABS: 219 k = pc->k; 220 if (k + sizeof(int16_t) > buflen) { 221 #ifdef _KERNEL 222 int merr; 223 224 if (buflen != 0) 225 return 0; 226 A = m_xhalf((struct mbuf *)p, k, &merr); 227 continue; 228 #else 229 return 0; 230 #endif 231 } 232 A = EXTRACT_SHORT(&p[k]); 233 continue; 234 235 case BPF_LD|BPF_B|BPF_ABS: 236 k = pc->k; 237 if (k >= buflen) { 238 #ifdef _KERNEL 239 register struct mbuf *m; 240 register int len; 241 242 if (buflen != 0) 243 return 0; 244 m = (struct mbuf *)p; 245 MINDEX(len, m, k); 246 A = mtod(m, u_char *)[k]; 247 continue; 248 #else 249 return 0; 250 #endif 251 } 252 A = p[k]; 253 continue; 254 255 case BPF_LD|BPF_W|BPF_LEN: 256 A = wirelen; 257 continue; 258 259 case BPF_LDX|BPF_W|BPF_LEN: 260 X = wirelen; 261 continue; 262 263 case BPF_LD|BPF_W|BPF_IND: 264 k = X + pc->k; 265 if (k + sizeof(int32_t) > buflen) { 266 #ifdef _KERNEL 267 int merr; 268 269 if (buflen != 0) 270 return 0; 271 A = m_xword((struct mbuf *)p, k, &merr); 272 if (merr != 0) 273 return 0; 274 continue; 275 #else 276 return 0; 277 #endif 278 } 279 A = EXTRACT_LONG(&p[k]); 280 continue; 281 282 case BPF_LD|BPF_H|BPF_IND: 283 k = X + pc->k; 284 if (k + sizeof(int16_t) > buflen) { 285 #ifdef _KERNEL 286 int merr; 287 288 if (buflen != 0) 289 return 0; 290 A = m_xhalf((struct mbuf *)p, k, &merr); 291 if (merr != 0) 292 return 0; 293 continue; 294 #else 295 return 0; 296 #endif 297 } 298 A = EXTRACT_SHORT(&p[k]); 299 continue; 300 301 case BPF_LD|BPF_B|BPF_IND: 302 k = X + pc->k; 303 if (k >= buflen) { 304 #ifdef _KERNEL 305 register struct mbuf *m; 306 register int len; 307 308 if (buflen != 0) 309 return 0; 310 m = (struct mbuf *)p; 311 MINDEX(len, m, k); 312 A = mtod(m, u_char *)[k]; 313 continue; 314 #else 315 return 0; 316 #endif 317 } 318 A = p[k]; 319 continue; 320 321 case BPF_LDX|BPF_MSH|BPF_B: 322 k = pc->k; 323 if (k >= buflen) { 324 #ifdef _KERNEL 325 register struct mbuf *m; 326 register int len; 327 328 if (buflen != 0) 329 return 0; 330 m = (struct mbuf *)p; 331 MINDEX(len, m, k); 332 X = (mtod(m, char *)[k] & 0xf) << 2; 333 continue; 334 #else 335 return 0; 336 #endif 337 } 338 X = (p[pc->k] & 0xf) << 2; 339 continue; 340 341 case BPF_LD|BPF_IMM: 342 A = pc->k; 343 continue; 344 345 case BPF_LDX|BPF_IMM: 346 X = pc->k; 347 continue; 348 349 case BPF_LD|BPF_MEM: 350 A = mem[pc->k]; 351 continue; 352 353 case BPF_LDX|BPF_MEM: 354 X = mem[pc->k]; 355 continue; 356 357 case BPF_ST: 358 mem[pc->k] = A; 359 continue; 360 361 case BPF_STX: 362 mem[pc->k] = X; 363 continue; 364 365 case BPF_JMP|BPF_JA: 366 pc += pc->k; 367 continue; 368 369 case BPF_JMP|BPF_JGT|BPF_K: 370 pc += (A > pc->k) ? pc->jt : pc->jf; 371 continue; 372 373 case BPF_JMP|BPF_JGE|BPF_K: 374 pc += (A >= pc->k) ? pc->jt : pc->jf; 375 continue; 376 377 case BPF_JMP|BPF_JEQ|BPF_K: 378 pc += (A == pc->k) ? pc->jt : pc->jf; 379 continue; 380 381 case BPF_JMP|BPF_JSET|BPF_K: 382 pc += (A & pc->k) ? pc->jt : pc->jf; 383 continue; 384 385 case BPF_JMP|BPF_JGT|BPF_X: 386 pc += (A > X) ? pc->jt : pc->jf; 387 continue; 388 389 case BPF_JMP|BPF_JGE|BPF_X: 390 pc += (A >= X) ? pc->jt : pc->jf; 391 continue; 392 393 case BPF_JMP|BPF_JEQ|BPF_X: 394 pc += (A == X) ? pc->jt : pc->jf; 395 continue; 396 397 case BPF_JMP|BPF_JSET|BPF_X: 398 pc += (A & X) ? pc->jt : pc->jf; 399 continue; 400 401 case BPF_ALU|BPF_ADD|BPF_X: 402 A += X; 403 continue; 404 405 case BPF_ALU|BPF_SUB|BPF_X: 406 A -= X; 407 continue; 408 409 case BPF_ALU|BPF_MUL|BPF_X: 410 A *= X; 411 continue; 412 413 case BPF_ALU|BPF_DIV|BPF_X: 414 if (X == 0) 415 return 0; 416 A /= X; 417 continue; 418 419 case BPF_ALU|BPF_AND|BPF_X: 420 A &= X; 421 continue; 422 423 case BPF_ALU|BPF_OR|BPF_X: 424 A |= X; 425 continue; 426 427 case BPF_ALU|BPF_LSH|BPF_X: 428 A <<= X; 429 continue; 430 431 case BPF_ALU|BPF_RSH|BPF_X: 432 A >>= X; 433 continue; 434 435 case BPF_ALU|BPF_ADD|BPF_K: 436 A += pc->k; 437 continue; 438 439 case BPF_ALU|BPF_SUB|BPF_K: 440 A -= pc->k; 441 continue; 442 443 case BPF_ALU|BPF_MUL|BPF_K: 444 A *= pc->k; 445 continue; 446 447 case BPF_ALU|BPF_DIV|BPF_K: 448 A /= pc->k; 449 continue; 450 451 case BPF_ALU|BPF_AND|BPF_K: 452 A &= pc->k; 453 continue; 454 455 case BPF_ALU|BPF_OR|BPF_K: 456 A |= pc->k; 457 continue; 458 459 case BPF_ALU|BPF_LSH|BPF_K: 460 A <<= pc->k; 461 continue; 462 463 case BPF_ALU|BPF_RSH|BPF_K: 464 A >>= pc->k; 465 continue; 466 467 case BPF_ALU|BPF_NEG: 468 A = -A; 469 continue; 470 471 case BPF_MISC|BPF_TAX: 472 X = A; 473 continue; 474 475 case BPF_MISC|BPF_TXA: 476 A = X; 477 continue; 478 } 479 } 480 } 481 482 #ifdef _KERNEL 483 /* 484 * Return true if the 'fcode' is a valid filter program. 485 * The constraints are that each jump be forward and to a valid 486 * code. The code must terminate with either an accept or reject. 487 * 'valid' is an array for use by the routine (it must be at least 488 * 'len' bytes long). 489 * 490 * The kernel needs to be able to verify an application's filter code. 491 * Otherwise, a bogus program could easily crash the system. 492 */ 493 int 494 bpf_validate(f, len) 495 struct bpf_insn *f; 496 int len; 497 { 498 register int i; 499 register struct bpf_insn *p; 500 501 for (i = 0; i < len; ++i) { 502 /* 503 * Check that that jumps are forward, and within 504 * the code block. 505 */ 506 p = &f[i]; 507 if (BPF_CLASS(p->code) == BPF_JMP) { 508 register int from = i + 1; 509 510 if (BPF_OP(p->code) == BPF_JA) { 511 if ((p->k < 0) || 512 (from + p->k >= len) || 513 (from + p->k < 0)) 514 return 0; 515 } 516 else if (from + p->jt >= len || from + p->jf >= len) 517 return 0; 518 } 519 /* 520 * Check that memory operations use valid addresses. 521 */ 522 if ((BPF_CLASS(p->code) == BPF_ST || 523 (BPF_CLASS(p->code) == BPF_LD && 524 (p->code & 0xe0) == BPF_MEM)) && 525 (p->k >= BPF_MEMWORDS || p->k < 0)) 526 return 0; 527 /* 528 * Check for constant division by 0. 529 */ 530 if (p->code == (BPF_ALU|BPF_DIV|BPF_K) && p->k == 0) 531 return 0; 532 } 533 return BPF_CLASS(f[len - 1].code) == BPF_RET; 534 } 535 #endif 536
Indexes created Tue Sep 30 07:10:03 GMT 2025