]> git.saurik.com Git - apple/xnu.git/blob - bsd/net/bpf_filter.c
xnu-4570.20.62.tar.gz
[apple/xnu.git] / bsd / net / bpf_filter.c
1 /*
2 * Copyright (c) 2000-2017 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28 /*
29 * Copyright (c) 1990, 1991, 1993
30 * The Regents of the University of California. All rights reserved.
31 *
32 * This code is derived from the Stanford/CMU enet packet filter,
33 * (net/enet.c) distributed as part of 4.3BSD, and code contributed
34 * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence
35 * Berkeley Laboratory.
36 *
37 * Redistribution and use in source and binary forms, with or without
38 * modification, are permitted provided that the following conditions
39 * are met:
40 * 1. Redistributions of source code must retain the above copyright
41 * notice, this list of conditions and the following disclaimer.
42 * 2. Redistributions in binary form must reproduce the above copyright
43 * notice, this list of conditions and the following disclaimer in the
44 * documentation and/or other materials provided with the distribution.
45 * 3. All advertising materials mentioning features or use of this software
46 * must display the following acknowledgement:
47 * This product includes software developed by the University of
48 * California, Berkeley and its contributors.
49 * 4. Neither the name of the University nor the names of its contributors
50 * may be used to endorse or promote products derived from this software
51 * without specific prior written permission.
52 *
53 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
54 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
55 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
56 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
57 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
58 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
59 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
60 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
61 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
62 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
63 * SUCH DAMAGE.
64 *
65 * @(#)bpf_filter.c 8.1 (Berkeley) 6/10/93
66 *
67 * $FreeBSD: src/sys/net/bpf_filter.c,v 1.17 1999/12/29 04:38:31 peter Exp $
68 */
69
70 #include <sys/param.h>
71 #include <string.h>
72
73 #ifdef sun
74 #include <netinet/in.h>
75 #endif
76
77 #if !defined(__i386__) && !defined(__x86_64__)
78 #define BPF_ALIGN 1
79 #else /* defined(__i386__) || defined(__x86_64__) */
80 #define BPF_ALIGN 0
81 #endif /* defined(__i386__) || defined(__x86_64__) */
82
83 #if !BPF_ALIGN
84 #define EXTRACT_SHORT(p) ((u_int16_t)ntohs(*(u_int16_t *)(void *)p))
85 #define EXTRACT_LONG(p) (ntohl(*(u_int32_t *)(void *)p))
86 #else
87 #define EXTRACT_SHORT(p)\
88 ((u_int16_t)\
89 ((u_int16_t)*((u_char *)p+0)<<8|\
90 (u_int16_t)*((u_char *)p+1)<<0))
91 #define EXTRACT_LONG(p)\
92 ((u_int32_t)*((u_char *)p+0)<<24|\
93 (u_int32_t)*((u_char *)p+1)<<16|\
94 (u_int32_t)*((u_char *)p+2)<<8|\
95 (u_int32_t)*((u_char *)p+3)<<0)
96 #endif
97
98 #ifdef KERNEL
99 #include <sys/mbuf.h>
100 #endif
101 #include <net/bpf.h>
102 #ifdef KERNEL
103
104 extern unsigned int bpf_maxbufsize;
105
106 static inline u_int32_t
107 get_word_from_buffers(u_char * cp, u_char * np, int num_from_cp)
108 {
109 u_int32_t val;
110
111 switch (num_from_cp) {
112 case 1:
113 val = ((u_int32_t)cp[0] << 24) |
114 ((u_int32_t)np[0] << 16) |
115 ((u_int32_t)np[1] << 8) |
116 (u_int32_t)np[2];
117 break;
118
119 case 2:
120 val = ((u_int32_t)cp[0] << 24) |
121 ((u_int32_t)cp[1] << 16) |
122 ((u_int32_t)np[0] << 8) |
123 (u_int32_t)np[1];
124 break;
125 default:
126 val = ((u_int32_t)cp[0] << 24) |
127 ((u_int32_t)cp[1] << 16) |
128 ((u_int32_t)cp[2] << 8) |
129 (u_int32_t)np[0];
130 break;
131 }
132 return (val);
133 }
134
135 static u_char *
136 m_hdr_offset(struct mbuf **m_p, void * hdr, size_t hdrlen, bpf_u_int32 * k_p,
137 size_t * len_p)
138 {
139 u_char *cp;
140 bpf_u_int32 k = *k_p;
141 size_t len;
142
143 if (k >= hdrlen) {
144 struct mbuf *m = *m_p;
145
146 /* there's no header or the offset we want is past the header */
147 k -= hdrlen;
148 len = m->m_len;
149 while (k >= len) {
150 k -= len;
151 m = m->m_next;
152 if (m == NULL)
153 return (NULL);
154 len = m->m_len;
155 }
156 cp = mtod(m, u_char *) + k;
157
158 /* return next mbuf, in case it's needed */
159 *m_p = m->m_next;
160
161 /* update the offset */
162 *k_p = k;
163 } else {
164 len = hdrlen;
165 cp = (u_char *)hdr + k;
166 }
167 *len_p = len;
168 return (cp);
169 }
170
171 static u_int32_t
172 m_xword(struct mbuf *m, void * hdr, size_t hdrlen, bpf_u_int32 k, int *err)
173 {
174 size_t len;
175 u_char *cp, *np;
176
177 cp = m_hdr_offset(&m, hdr, hdrlen, &k, &len);
178 if (cp == NULL)
179 goto bad;
180 if (len - k >= 4) {
181 *err = 0;
182 return EXTRACT_LONG(cp);
183 }
184 if (m == 0 || m->m_len + len - k < 4)
185 goto bad;
186 *err = 0;
187 np = mtod(m, u_char *);
188 return get_word_from_buffers(cp, np, len - k);
189
190 bad:
191 *err = 1;
192 return 0;
193 }
194
195 static u_int16_t
196 m_xhalf(struct mbuf *m, void * hdr, size_t hdrlen, bpf_u_int32 k, int *err)
197 {
198 size_t len;
199 u_char *cp;
200
201 cp = m_hdr_offset(&m, hdr, hdrlen, &k, &len);
202 if (cp == NULL)
203 goto bad;
204 if (len - k >= 2) {
205 *err = 0;
206 return EXTRACT_SHORT(cp);
207 }
208 if (m == 0)
209 goto bad;
210 *err = 0;
211 return (cp[0] << 8) | mtod(m, u_char *)[0];
212 bad:
213 *err = 1;
214 return 0;
215 }
216
217 static u_int8_t
218 m_xbyte(struct mbuf *m, void * hdr, size_t hdrlen, bpf_u_int32 k, int *err)
219 {
220 size_t len;
221 u_char *cp;
222
223 cp = m_hdr_offset(&m, hdr, hdrlen, &k, &len);
224 if (cp == NULL)
225 goto bad;
226 *err = 0;
227 return (*cp);
228 bad:
229 *err = 1;
230 return 0;
231
232 }
233
234
235 static u_int32_t
236 bp_xword(struct bpf_packet *bp, bpf_u_int32 k, int *err)
237 {
238 void * hdr = bp->bpfp_header;
239 size_t hdrlen = bp->bpfp_header_length;
240
241 switch (bp->bpfp_type) {
242 case BPF_PACKET_TYPE_MBUF:
243 return m_xword(bp->bpfp_mbuf, hdr, hdrlen, k, err);
244 default:
245 break;
246 }
247 *err = 1;
248 return 0;
249
250 }
251
252 static u_int16_t
253 bp_xhalf(struct bpf_packet *bp, bpf_u_int32 k, int *err)
254 {
255 void * hdr = bp->bpfp_header;
256 size_t hdrlen = bp->bpfp_header_length;
257
258 switch (bp->bpfp_type) {
259 case BPF_PACKET_TYPE_MBUF:
260 return m_xhalf(bp->bpfp_mbuf, hdr, hdrlen, k, err);
261 default:
262 break;
263 }
264 *err = 1;
265 return 0;
266
267 }
268
269 static u_int8_t
270 bp_xbyte(struct bpf_packet *bp, bpf_u_int32 k, int *err)
271 {
272 void * hdr = bp->bpfp_header;
273 size_t hdrlen = bp->bpfp_header_length;
274
275 switch (bp->bpfp_type) {
276 case BPF_PACKET_TYPE_MBUF:
277 return m_xbyte(bp->bpfp_mbuf, hdr, hdrlen, k, err);
278 default:
279 break;
280 }
281 *err = 1;
282 return 0;
283
284 }
285
286 #endif
287
288 /*
289 * Execute the filter program starting at pc on the packet p
290 * wirelen is the length of the original packet
291 * buflen is the amount of data present
292 */
293 u_int
294 bpf_filter(const struct bpf_insn *pc, u_char *p, u_int wirelen, u_int buflen)
295 {
296 u_int32_t A = 0, X = 0;
297 bpf_u_int32 k;
298 int32_t mem[BPF_MEMWORDS];
299 #ifdef KERNEL
300 int merr;
301 struct bpf_packet * bp = (struct bpf_packet *)(void *)p;
302 #endif /* KERNEL */
303
304 bzero(mem, sizeof(mem));
305
306 if (pc == 0)
307 /*
308 * No filter means accept all.
309 */
310 return (u_int)-1;
311
312 --pc;
313 while (1) {
314 ++pc;
315 switch (pc->code) {
316
317 default:
318 #ifdef KERNEL
319 return 0;
320 #else /* KERNEL */
321 abort();
322 #endif /* KERNEL */
323 case BPF_RET|BPF_K:
324 return (u_int)pc->k;
325
326 case BPF_RET|BPF_A:
327 return (u_int)A;
328
329 case BPF_LD|BPF_W|BPF_ABS:
330 k = pc->k;
331 if (k > buflen || sizeof(int32_t) > buflen - k) {
332 #ifdef KERNEL
333 if (buflen != 0)
334 return 0;
335 A = bp_xword(bp, k, &merr);
336 if (merr != 0)
337 return 0;
338 continue;
339 #else /* KERNEL */
340 return 0;
341 #endif /* KERNEL */
342 }
343 #if BPF_ALIGN
344 if (((intptr_t)(p + k) & 3) != 0)
345 A = EXTRACT_LONG(&p[k]);
346 else
347 #endif /* BPF_ALIGN */
348 A = ntohl(*(int32_t *)(void *)(p + k));
349 continue;
350
351 case BPF_LD|BPF_H|BPF_ABS:
352 k = pc->k;
353 if (k > buflen || sizeof(int16_t) > buflen - k) {
354 #ifdef KERNEL
355 if (buflen != 0)
356 return 0;
357 A = bp_xhalf(bp, k, &merr);
358 if (merr != 0)
359 return 0;
360 continue;
361 #else /* KERNEL */
362 return 0;
363 #endif /* KERNEL */
364 }
365 A = EXTRACT_SHORT(&p[k]);
366 continue;
367
368 case BPF_LD|BPF_B|BPF_ABS:
369 k = pc->k;
370 if (k >= buflen) {
371 #ifdef KERNEL
372 if (buflen != 0)
373 return 0;
374 A = bp_xbyte(bp, k, &merr);
375 if (merr != 0)
376 return 0;
377 continue;
378 #else /* KERNEL */
379 return 0;
380 #endif /* KERNEL */
381 }
382 A = p[k];
383 continue;
384
385 case BPF_LD|BPF_W|BPF_LEN:
386 A = wirelen;
387 continue;
388
389 case BPF_LDX|BPF_W|BPF_LEN:
390 X = wirelen;
391 continue;
392
393 case BPF_LD|BPF_W|BPF_IND:
394 k = X + pc->k;
395 if (pc->k > buflen || X > buflen - pc->k ||
396 sizeof(int32_t) > buflen - k) {
397 #ifdef KERNEL
398 if (buflen != 0)
399 return 0;
400 A = bp_xword(bp, k, &merr);
401 if (merr != 0)
402 return 0;
403 continue;
404 #else /* KERNEL */
405 return 0;
406 #endif /* KERNEL */
407 }
408 #if BPF_ALIGN
409 if (((intptr_t)(p + k) & 3) != 0)
410 A = EXTRACT_LONG(&p[k]);
411 else
412 #endif /* BPF_ALIGN */
413 A = ntohl(*(int32_t *)(void *)(p + k));
414 continue;
415
416 case BPF_LD|BPF_H|BPF_IND:
417 k = X + pc->k;
418 if (X > buflen || pc->k > buflen - X ||
419 sizeof(int16_t) > buflen - k) {
420 #ifdef KERNEL
421 if (buflen != 0)
422 return 0;
423 A = bp_xhalf(bp, k, &merr);
424 if (merr != 0)
425 return 0;
426 continue;
427 #else /* KERNEL */
428 return 0;
429 #endif /* KERNEL */
430 }
431 A = EXTRACT_SHORT(&p[k]);
432 continue;
433
434 case BPF_LD|BPF_B|BPF_IND:
435 k = X + pc->k;
436 if (pc->k >= buflen || X >= buflen - pc->k) {
437 #ifdef KERNEL
438 if (buflen != 0)
439 return 0;
440 A = bp_xbyte(bp, k, &merr);
441 if (merr != 0)
442 return 0;
443 continue;
444 #else /* KERNEL */
445 return 0;
446 #endif /* KERNEL */
447 }
448 A = p[k];
449 continue;
450
451 case BPF_LDX|BPF_MSH|BPF_B:
452 k = pc->k;
453 if (k >= buflen) {
454 #ifdef KERNEL
455 if (buflen != 0)
456 return 0;
457 X = bp_xbyte(bp, k, &merr);
458 if (merr != 0)
459 return 0;
460 X = (X & 0xf) << 2;
461 continue;
462 #else
463 return 0;
464 #endif
465 }
466 X = (p[pc->k] & 0xf) << 2;
467 continue;
468
469 case BPF_LD|BPF_IMM:
470 A = pc->k;
471 continue;
472
473 case BPF_LDX|BPF_IMM:
474 X = pc->k;
475 continue;
476
477 case BPF_LD|BPF_MEM:
478 A = mem[pc->k];
479 continue;
480
481 case BPF_LDX|BPF_MEM:
482 X = mem[pc->k];
483 continue;
484
485 case BPF_ST:
486 if (pc->k >= BPF_MEMWORDS)
487 return 0;
488 mem[pc->k] = A;
489 continue;
490
491 case BPF_STX:
492 if (pc->k >= BPF_MEMWORDS)
493 return 0;
494 mem[pc->k] = X;
495 continue;
496
497 case BPF_JMP|BPF_JA:
498 pc += pc->k;
499 continue;
500
501 case BPF_JMP|BPF_JGT|BPF_K:
502 pc += (A > pc->k) ? pc->jt : pc->jf;
503 continue;
504
505 case BPF_JMP|BPF_JGE|BPF_K:
506 pc += (A >= pc->k) ? pc->jt : pc->jf;
507 continue;
508
509 case BPF_JMP|BPF_JEQ|BPF_K:
510 pc += (A == pc->k) ? pc->jt : pc->jf;
511 continue;
512
513 case BPF_JMP|BPF_JSET|BPF_K:
514 pc += (A & pc->k) ? pc->jt : pc->jf;
515 continue;
516
517 case BPF_JMP|BPF_JGT|BPF_X:
518 pc += (A > X) ? pc->jt : pc->jf;
519 continue;
520
521 case BPF_JMP|BPF_JGE|BPF_X:
522 pc += (A >= X) ? pc->jt : pc->jf;
523 continue;
524
525 case BPF_JMP|BPF_JEQ|BPF_X:
526 pc += (A == X) ? pc->jt : pc->jf;
527 continue;
528
529 case BPF_JMP|BPF_JSET|BPF_X:
530 pc += (A & X) ? pc->jt : pc->jf;
531 continue;
532
533 case BPF_ALU|BPF_ADD|BPF_X:
534 A += X;
535 continue;
536
537 case BPF_ALU|BPF_SUB|BPF_X:
538 A -= X;
539 continue;
540
541 case BPF_ALU|BPF_MUL|BPF_X:
542 A *= X;
543 continue;
544
545 case BPF_ALU|BPF_DIV|BPF_X:
546 if (X == 0)
547 return 0;
548 A /= X;
549 continue;
550
551 case BPF_ALU|BPF_AND|BPF_X:
552 A &= X;
553 continue;
554
555 case BPF_ALU|BPF_OR|BPF_X:
556 A |= X;
557 continue;
558
559 case BPF_ALU|BPF_LSH|BPF_X:
560 A <<= X;
561 continue;
562
563 case BPF_ALU|BPF_RSH|BPF_X:
564 A >>= X;
565 continue;
566
567 case BPF_ALU|BPF_ADD|BPF_K:
568 A += pc->k;
569 continue;
570
571 case BPF_ALU|BPF_SUB|BPF_K:
572 A -= pc->k;
573 continue;
574
575 case BPF_ALU|BPF_MUL|BPF_K:
576 A *= pc->k;
577 continue;
578
579 case BPF_ALU|BPF_DIV|BPF_K:
580 A /= pc->k;
581 continue;
582
583 case BPF_ALU|BPF_AND|BPF_K:
584 A &= pc->k;
585 continue;
586
587 case BPF_ALU|BPF_OR|BPF_K:
588 A |= pc->k;
589 continue;
590
591 case BPF_ALU|BPF_LSH|BPF_K:
592 A <<= pc->k;
593 continue;
594
595 case BPF_ALU|BPF_RSH|BPF_K:
596 A >>= pc->k;
597 continue;
598
599 case BPF_ALU|BPF_NEG:
600 A = -A;
601 continue;
602
603 case BPF_MISC|BPF_TAX:
604 X = A;
605 continue;
606
607 case BPF_MISC|BPF_TXA:
608 A = X;
609 continue;
610 }
611 }
612 }
613
614 #ifdef KERNEL
615 /*
616 * Return true if the 'fcode' is a valid filter program.
617 * The constraints are that each jump be forward and to a valid
618 * code, that memory accesses are within valid ranges (to the
619 * extent that this can be checked statically; loads of packet data
620 * have to be, and are, also checked at run time), and that
621 * the code terminates with either an accept or reject.
622 *
623 * The kernel needs to be able to verify an application's filter code.
624 * Otherwise, a bogus program could easily crash the system.
625 */
626 int
627 bpf_validate(const struct bpf_insn *f, int len)
628 {
629 u_int i, from;
630 const struct bpf_insn *p;
631
632 if (len < 1 || len > BPF_MAXINSNS)
633 return 0;
634
635 for (i = 0; i < ((u_int)len); ++i) {
636 p = &f[i];
637 switch (BPF_CLASS(p->code)) {
638 /*
639 * Check that memory operations use valid addresses
640 */
641 case BPF_LD:
642 case BPF_LDX:
643 switch (BPF_MODE(p->code)) {
644 case BPF_IMM:
645 break;
646 case BPF_ABS:
647 case BPF_IND:
648 case BPF_MSH:
649 /*
650 * More strict check with actual packet length
651 * is done runtime.
652 */
653 if (p->k >= bpf_maxbufsize)
654 return 0;
655 break;
656 case BPF_MEM:
657 if (p->k >= BPF_MEMWORDS)
658 return 0;
659 break;
660 case BPF_LEN:
661 break;
662 default:
663 return 0;
664 }
665 break;
666 case BPF_ST:
667 case BPF_STX:
668 if (p->k >= BPF_MEMWORDS)
669 return 0;
670 break;
671 case BPF_ALU:
672 switch (BPF_OP(p->code)) {
673 case BPF_ADD:
674 case BPF_SUB:
675 case BPF_MUL:
676 case BPF_OR:
677 case BPF_AND:
678 case BPF_LSH:
679 case BPF_RSH:
680 case BPF_NEG:
681 break;
682 case BPF_DIV:
683 /*
684 * Check for constant division by 0
685 */
686 if(BPF_SRC(p->code) == BPF_K && p->k == 0)
687 return 0;
688 break;
689 default:
690 return 0;
691 }
692 break;
693 case BPF_JMP:
694 /*
695 * Check that jumps are within the code block,
696 * and that unconditional branches don't go
697 * backwards as a result of an overflow.
698 * Unconditional branches have a 32-bit offset,
699 * so they could overflow; we check to make
700 * sure they don't. Conditional branches have
701 * an 8-bit offset, and the from address is
702 * less than equal to BPF_MAXINSNS, and we assume that
703 * BPF_MAXINSNS is sufficiently small that adding 255
704 * to it won't overlflow
705 *
706 * We know that len is <= BPF_MAXINSNS, and we
707 * assume that BPF_MAXINSNS is less than the maximum
708 * size of a u_int, so that i+1 doesn't overflow
709 */
710 from = i+1;
711 switch (BPF_OP(p->code)) {
712 case BPF_JA:
713 if (from + p->k < from || from + p->k >= ((u_int)len))
714 return 0;
715 break;
716 case BPF_JEQ:
717 case BPF_JGT:
718 case BPF_JGE:
719 case BPF_JSET:
720 if (from + p->jt >= ((u_int)len) || from + p->jf >= ((u_int)len))
721 return 0;
722 break;
723 default:
724 return 0;
725 }
726 break;
727 case BPF_RET:
728 break;
729 case BPF_MISC:
730 break;
731 default:
732 return 0;
733 }
734 }
735 return BPF_CLASS(f[len - 1].code) == BPF_RET;
736 }
737 #endif