bpf_filter.c revision 17683
1/*- 2 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996 3 * The Regents of the University of California. All rights reserved. 4 * 5 * This code is derived from the Stanford/CMU enet packet filter, 6 * (net/enet.c) distributed as part of 4.3BSD, and code contributed 7 * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence 8 * Berkeley Laboratory. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. All advertising materials mentioning features or use of this software 19 * must display the following acknowledgement: 20 * This product includes software developed by the University of 21 * California, Berkeley and its contributors. 22 * 4. Neither the name of the University nor the names of its contributors 23 * may be used to endorse or promote products derived from this software 24 * without specific prior written permission. 25 * 26 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 29 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 * 38 * @(#)bpf.c 7.5 (Berkeley) 7/15/91 39 * 40 * static char rcsid[] = 41 * "$Header: bpf_filter.c,v 1.29 96/06/23 13:44:02 leres Exp $"; 42 */ 43#if !(defined(lint) || defined(KERNEL)) 44static char rcsid[] = 45 "@(#) $Header: bpf_filter.c,v 1.29 96/06/23 13:44:02 leres Exp $ (LBL)"; 46#endif 47 48#include <sys/param.h> 49#include <sys/types.h> 50#include <sys/time.h> 51#include <net/bpf.h> 52 53#ifndef KERNEL 54#include <stdlib.h> 55#endif 56 57#define int32 bpf_int32 58#define u_int32 bpf_u_int32 59 60#ifndef LBL_ALIGN 61#if defined(sparc) || defined(mips) || defined(ibm032) || \ 62 defined(__alpha) || defined(__hpux) 63#define LBL_ALIGN 64#endif 65#endif 66 67#ifndef LBL_ALIGN 68#include <netinet/in.h> 69 70#define EXTRACT_SHORT(p) ((u_short)ntohs(*(u_short *)p)) 71#define EXTRACT_LONG(p) (ntohl(*(u_int32 *)p)) 72#else 73#define EXTRACT_SHORT(p)\ 74 ((u_short)\ 75 ((u_short)*((u_char *)p+0)<<8|\ 76 (u_short)*((u_char *)p+1)<<0)) 77#define EXTRACT_LONG(p)\ 78 ((u_int32)*((u_char *)p+0)<<24|\ 79 (u_int32)*((u_char *)p+1)<<16|\ 80 (u_int32)*((u_char *)p+2)<<8|\ 81 (u_int32)*((u_char *)p+3)<<0) 82#endif 83 84#ifdef KERNEL 85#include <sys/mbuf.h> 86#define MINDEX(len, m, k) \ 87{ \ 88 len = m->m_len; \ 89 while (k >= len) { \ 90 k -= len; \ 91 m = m->m_next; \ 92 if (m == 0) \ 93 return 0; \ 94 len = m->m_len; \ 95 } \ 96} 97 98static int 99m_xword(m, k, err) 100 register struct mbuf *m; 101 register int k, *err; 102{ 103 register int len; 104 register u_char *cp, *np; 105 register struct mbuf *m0; 106 107 MINDEX(len, m, k); 108 cp = mtod(m, u_char *) + k; 109 if (len - k >= 4) { 110 *err = 0; 111 return EXTRACT_LONG(cp); 112 } 113 m0 = m->m_next; 114 if (m0 == 0 || m0->m_len + len - k < 4) 115 goto bad; 116 *err = 0; 117 np = mtod(m0, u_char *); 118 switch (len - k) { 119 120 case 1: 121 return (cp[0] << 24) | (np[0] << 16) | (np[1] << 8) | np[2]; 122 123 case 2: 124 return (cp[0] << 24) | (cp[1] << 16) | (np[0] << 8) | np[1]; 125 126 default: 127 return (cp[0] << 24) | (cp[1] << 16) | (cp[2] << 8) | np[0]; 128 } 129 bad: 130 *err = 1; 131 return 0; 132} 133 134static int 135m_xhalf(m, k, err) 136 register struct mbuf *m; 137 register int k, *err; 138{ 139 register int len; 140 register u_char *cp; 141 register struct mbuf *m0; 142 143 MINDEX(len, m, k); 144 cp = mtod(m, u_char *) + k; 145 if (len - k >= 2) { 146 *err = 0; 147 return EXTRACT_SHORT(cp); 148 } 149 m0 = m->m_next; 150 if (m0 == 0) 151 goto bad; 152 *err = 0; 153 return (cp[0] << 8) | mtod(m0, u_char *)[0]; 154 bad: 155 *err = 1; 156 return 0; 157} 158#endif 159 160/* 161 * Execute the filter program starting at pc on the packet p 162 * wirelen is the length of the original packet 163 * buflen is the amount of data present 164 */ 165u_int 166bpf_filter(pc, p, wirelen, buflen) 167 register struct bpf_insn *pc; 168 register u_char *p; 169 u_int wirelen; 170 register u_int buflen; 171{ 172 register u_int32 A, X; 173 register int k; 174 int32 mem[BPF_MEMWORDS]; 175 176 if (pc == 0) 177 /* 178 * No filter means accept all. 179 */ 180 return (u_int)-1; 181 A = 0; 182 X = 0; 183 --pc; 184 while (1) { 185 ++pc; 186 switch (pc->code) { 187 188 default: 189#ifdef KERNEL 190 return 0; 191#else 192 abort(); 193#endif 194 case BPF_RET|BPF_K: 195 return (u_int)pc->k; 196 197 case BPF_RET|BPF_A: 198 return (u_int)A; 199 200 case BPF_LD|BPF_W|BPF_ABS: 201 k = pc->k; 202 if (k + sizeof(int32) > buflen) { 203#ifdef KERNEL 204 int merr; 205 206 if (buflen != 0) 207 return 0; 208 A = m_xword((struct mbuf *)p, k, &merr); 209 if (merr != 0) 210 return 0; 211 continue; 212#else 213 return 0; 214#endif 215 } 216 A = EXTRACT_LONG(&p[k]); 217 continue; 218 219 case BPF_LD|BPF_H|BPF_ABS: 220 k = pc->k; 221 if (k + sizeof(short) > buflen) { 222#ifdef KERNEL 223 int merr; 224 225 if (buflen != 0) 226 return 0; 227 A = m_xhalf((struct mbuf *)p, k, &merr); 228 continue; 229#else 230 return 0; 231#endif 232 } 233 A = EXTRACT_SHORT(&p[k]); 234 continue; 235 236 case BPF_LD|BPF_B|BPF_ABS: 237 k = pc->k; 238 if (k >= buflen) { 239#ifdef KERNEL 240 register struct mbuf *m; 241 register int len; 242 243 if (buflen != 0) 244 return 0; 245 m = (struct mbuf *)p; 246 MINDEX(len, m, k); 247 A = mtod(m, u_char *)[k]; 248 continue; 249#else 250 return 0; 251#endif 252 } 253 A = p[k]; 254 continue; 255 256 case BPF_LD|BPF_W|BPF_LEN: 257 A = wirelen; 258 continue; 259 260 case BPF_LDX|BPF_W|BPF_LEN: 261 X = wirelen; 262 continue; 263 264 case BPF_LD|BPF_W|BPF_IND: 265 k = X + pc->k; 266 if (k + sizeof(int32) > buflen) { 267#ifdef KERNEL 268 int merr; 269 270 if (buflen != 0) 271 return 0; 272 A = m_xword((struct mbuf *)p, k, &merr); 273 if (merr != 0) 274 return 0; 275 continue; 276#else 277 return 0; 278#endif 279 } 280 A = EXTRACT_LONG(&p[k]); 281 continue; 282 283 case BPF_LD|BPF_H|BPF_IND: 284 k = X + pc->k; 285 if (k + sizeof(short) > buflen) { 286#ifdef KERNEL 287 int merr; 288 289 if (buflen != 0) 290 return 0; 291 A = m_xhalf((struct mbuf *)p, k, &merr); 292 if (merr != 0) 293 return 0; 294 continue; 295#else 296 return 0; 297#endif 298 } 299 A = EXTRACT_SHORT(&p[k]); 300 continue; 301 302 case BPF_LD|BPF_B|BPF_IND: 303 k = X + pc->k; 304 if (k >= buflen) { 305#ifdef KERNEL 306 register struct mbuf *m; 307 register int len; 308 309 if (buflen != 0) 310 return 0; 311 m = (struct mbuf *)p; 312 MINDEX(len, m, k); 313 A = mtod(m, u_char *)[k]; 314 continue; 315#else 316 return 0; 317#endif 318 } 319 A = p[k]; 320 continue; 321 322 case BPF_LDX|BPF_MSH|BPF_B: 323 k = pc->k; 324 if (k >= buflen) { 325#ifdef KERNEL 326 register struct mbuf *m; 327 register int len; 328 329 if (buflen != 0) 330 return 0; 331 m = (struct mbuf *)p; 332 MINDEX(len, m, k); 333 X = (mtod(m, char *)[k] & 0xf) << 2; 334 continue; 335#else 336 return 0; 337#endif 338 } 339 X = (p[pc->k] & 0xf) << 2; 340 continue; 341 342 case BPF_LD|BPF_IMM: 343 A = pc->k; 344 continue; 345 346 case BPF_LDX|BPF_IMM: 347 X = pc->k; 348 continue; 349 350 case BPF_LD|BPF_MEM: 351 A = mem[pc->k]; 352 continue; 353 354 case BPF_LDX|BPF_MEM: 355 X = mem[pc->k]; 356 continue; 357 358 case BPF_ST: 359 mem[pc->k] = A; 360 continue; 361 362 case BPF_STX: 363 mem[pc->k] = X; 364 continue; 365 366 case BPF_JMP|BPF_JA: 367 pc += pc->k; 368 continue; 369 370 case BPF_JMP|BPF_JGT|BPF_K: 371 pc += (A > pc->k) ? pc->jt : pc->jf; 372 continue; 373 374 case BPF_JMP|BPF_JGE|BPF_K: 375 pc += (A >= pc->k) ? pc->jt : pc->jf; 376 continue; 377 378 case BPF_JMP|BPF_JEQ|BPF_K: 379 pc += (A == pc->k) ? pc->jt : pc->jf; 380 continue; 381 382 case BPF_JMP|BPF_JSET|BPF_K: 383 pc += (A & pc->k) ? pc->jt : pc->jf; 384 continue; 385 386 case BPF_JMP|BPF_JGT|BPF_X: 387 pc += (A > X) ? pc->jt : pc->jf; 388 continue; 389 390 case BPF_JMP|BPF_JGE|BPF_X: 391 pc += (A >= X) ? pc->jt : pc->jf; 392 continue; 393 394 case BPF_JMP|BPF_JEQ|BPF_X: 395 pc += (A == X) ? pc->jt : pc->jf; 396 continue; 397 398 case BPF_JMP|BPF_JSET|BPF_X: 399 pc += (A & X) ? pc->jt : pc->jf; 400 continue; 401 402 case BPF_ALU|BPF_ADD|BPF_X: 403 A += X; 404 continue; 405 406 case BPF_ALU|BPF_SUB|BPF_X: 407 A -= X; 408 continue; 409 410 case BPF_ALU|BPF_MUL|BPF_X: 411 A *= X; 412 continue; 413 414 case BPF_ALU|BPF_DIV|BPF_X: 415 if (X == 0) 416 return 0; 417 A /= X; 418 continue; 419 420 case BPF_ALU|BPF_AND|BPF_X: 421 A &= X; 422 continue; 423 424 case BPF_ALU|BPF_OR|BPF_X: 425 A |= X; 426 continue; 427 428 case BPF_ALU|BPF_LSH|BPF_X: 429 A <<= X; 430 continue; 431 432 case BPF_ALU|BPF_RSH|BPF_X: 433 A >>= X; 434 continue; 435 436 case BPF_ALU|BPF_ADD|BPF_K: 437 A += pc->k; 438 continue; 439 440 case BPF_ALU|BPF_SUB|BPF_K: 441 A -= pc->k; 442 continue; 443 444 case BPF_ALU|BPF_MUL|BPF_K: 445 A *= pc->k; 446 continue; 447 448 case BPF_ALU|BPF_DIV|BPF_K: 449 A /= pc->k; 450 continue; 451 452 case BPF_ALU|BPF_AND|BPF_K: 453 A &= pc->k; 454 continue; 455 456 case BPF_ALU|BPF_OR|BPF_K: 457 A |= pc->k; 458 continue; 459 460 case BPF_ALU|BPF_LSH|BPF_K: 461 A <<= pc->k; 462 continue; 463 464 case BPF_ALU|BPF_RSH|BPF_K: 465 A >>= pc->k; 466 continue; 467 468 case BPF_ALU|BPF_NEG: 469 A = -A; 470 continue; 471 472 case BPF_MISC|BPF_TAX: 473 X = A; 474 continue; 475 476 case BPF_MISC|BPF_TXA: 477 A = X; 478 continue; 479 } 480 } 481} 482 483#ifdef KERNEL 484/* 485 * Return true if the 'fcode' is a valid filter program. 486 * The constraints are that each jump be forward and to a valid 487 * code. The code must terminate with either an accept or reject. 488 * 'valid' is an array for use by the routine (it must be at least 489 * 'len' bytes long). 490 * 491 * The kernel needs to be able to verify an application's filter code. 492 * Otherwise, a bogus program could easily crash the system. 493 */ 494int 495bpf_validate(f, len) 496 struct bpf_insn *f; 497 int len; 498{ 499 register int i; 500 register struct bpf_insn *p; 501 502 for (i = 0; i < len; ++i) { 503 /* 504 * Check that that jumps are forward, and within 505 * the code block. 506 */ 507 p = &f[i]; 508 if (BPF_CLASS(p->code) == BPF_JMP) { 509 register int from = i + 1; 510 511 if (BPF_OP(p->code) == BPF_JA) { 512 if (from + p->k >= len) 513 return 0; 514 } 515 else if (from + p->jt >= len || from + p->jf >= len) 516 return 0; 517 } 518 /* 519 * Check that memory operations use valid addresses. 520 */ 521 if ((BPF_CLASS(p->code) == BPF_ST || 522 (BPF_CLASS(p->code) == BPF_LD && 523 (p->code & 0xe0) == BPF_MEM)) && 524 (p->k >= BPF_MEMWORDS || p->k < 0)) 525 return 0; 526 /* 527 * Check for constant division by 0. 528 */ 529 if (p->code == (BPF_ALU|BPF_DIV|BPF_K) && p->k == 0) 530 return 0; 531 } 532 return BPF_CLASS(f[len - 1].code) == BPF_RET; 533} 534#endif 535