]>
git.saurik.com Git - apple/xnu.git/blob - bsd/net/bpf_filter.c
2 * Copyright (c) 2000-2017 Apple Inc. All rights reserved.
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
29 * Copyright (c) 1990, 1991, 1993
30 * The Regents of the University of California. All rights reserved.
32 * This code is derived from the Stanford/CMU enet packet filter,
33 * (net/enet.c) distributed as part of 4.3BSD, and code contributed
34 * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence
35 * Berkeley Laboratory.
37 * Redistribution and use in source and binary forms, with or without
38 * modification, are permitted provided that the following conditions
40 * 1. Redistributions of source code must retain the above copyright
41 * notice, this list of conditions and the following disclaimer.
42 * 2. Redistributions in binary form must reproduce the above copyright
43 * notice, this list of conditions and the following disclaimer in the
44 * documentation and/or other materials provided with the distribution.
45 * 3. All advertising materials mentioning features or use of this software
46 * must display the following acknowledgement:
47 * This product includes software developed by the University of
48 * California, Berkeley and its contributors.
49 * 4. Neither the name of the University nor the names of its contributors
50 * may be used to endorse or promote products derived from this software
51 * without specific prior written permission.
53 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
54 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
55 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
56 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
57 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
58 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
59 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
60 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
61 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
62 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
65 * @(#)bpf_filter.c 8.1 (Berkeley) 6/10/93
67 * $FreeBSD: src/sys/net/bpf_filter.c,v 1.17 1999/12/29 04:38:31 peter Exp $
70 #include <sys/param.h>
74 #include <netinet/in.h>
77 #if !defined(__i386__) && !defined(__x86_64__)
79 #else /* defined(__i386__) || defined(__x86_64__) */
81 #endif /* defined(__i386__) || defined(__x86_64__) */
84 #define EXTRACT_SHORT(p) ((u_int16_t)ntohs(*(u_int16_t *)(void *)p))
85 #define EXTRACT_LONG(p) (ntohl(*(u_int32_t *)(void *)p))
87 #define EXTRACT_SHORT(p)\
89 ((u_int16_t)*((u_char *)p+0)<<8|\
90 (u_int16_t)*((u_char *)p+1)<<0))
91 #define EXTRACT_LONG(p)\
92 ((u_int32_t)*((u_char *)p+0)<<24|\
93 (u_int32_t)*((u_char *)p+1)<<16|\
94 (u_int32_t)*((u_char *)p+2)<<8|\
95 (u_int32_t)*((u_char *)p+3)<<0)
104 extern unsigned int bpf_maxbufsize
;
106 static inline u_int32_t
107 get_word_from_buffers(u_char
* cp
, u_char
* np
, int num_from_cp
)
111 switch (num_from_cp
) {
113 val
= ((u_int32_t
)cp
[0] << 24) |
114 ((u_int32_t
)np
[0] << 16) |
115 ((u_int32_t
)np
[1] << 8) |
120 val
= ((u_int32_t
)cp
[0] << 24) |
121 ((u_int32_t
)cp
[1] << 16) |
122 ((u_int32_t
)np
[0] << 8) |
126 val
= ((u_int32_t
)cp
[0] << 24) |
127 ((u_int32_t
)cp
[1] << 16) |
128 ((u_int32_t
)cp
[2] << 8) |
136 m_hdr_offset(struct mbuf
**m_p
, void * hdr
, size_t hdrlen
, bpf_u_int32
* k_p
,
140 bpf_u_int32 k
= *k_p
;
144 struct mbuf
*m
= *m_p
;
146 /* there's no header or the offset we want is past the header */
156 cp
= mtod(m
, u_char
*) + k
;
158 /* return next mbuf, in case it's needed */
161 /* update the offset */
165 cp
= (u_char
*)hdr
+ k
;
172 m_xword(struct mbuf
*m
, void * hdr
, size_t hdrlen
, bpf_u_int32 k
, int *err
)
177 cp
= m_hdr_offset(&m
, hdr
, hdrlen
, &k
, &len
);
182 return EXTRACT_LONG(cp
);
184 if (m
== 0 || m
->m_len
+ len
- k
< 4)
187 np
= mtod(m
, u_char
*);
188 return get_word_from_buffers(cp
, np
, len
- k
);
196 m_xhalf(struct mbuf
*m
, void * hdr
, size_t hdrlen
, bpf_u_int32 k
, int *err
)
201 cp
= m_hdr_offset(&m
, hdr
, hdrlen
, &k
, &len
);
206 return EXTRACT_SHORT(cp
);
211 return (cp
[0] << 8) | mtod(m
, u_char
*)[0];
218 m_xbyte(struct mbuf
*m
, void * hdr
, size_t hdrlen
, bpf_u_int32 k
, int *err
)
223 cp
= m_hdr_offset(&m
, hdr
, hdrlen
, &k
, &len
);
236 bp_xword(struct bpf_packet
*bp
, bpf_u_int32 k
, int *err
)
238 void * hdr
= bp
->bpfp_header
;
239 size_t hdrlen
= bp
->bpfp_header_length
;
241 switch (bp
->bpfp_type
) {
242 case BPF_PACKET_TYPE_MBUF
:
243 return m_xword(bp
->bpfp_mbuf
, hdr
, hdrlen
, k
, err
);
253 bp_xhalf(struct bpf_packet
*bp
, bpf_u_int32 k
, int *err
)
255 void * hdr
= bp
->bpfp_header
;
256 size_t hdrlen
= bp
->bpfp_header_length
;
258 switch (bp
->bpfp_type
) {
259 case BPF_PACKET_TYPE_MBUF
:
260 return m_xhalf(bp
->bpfp_mbuf
, hdr
, hdrlen
, k
, err
);
270 bp_xbyte(struct bpf_packet
*bp
, bpf_u_int32 k
, int *err
)
272 void * hdr
= bp
->bpfp_header
;
273 size_t hdrlen
= bp
->bpfp_header_length
;
275 switch (bp
->bpfp_type
) {
276 case BPF_PACKET_TYPE_MBUF
:
277 return m_xbyte(bp
->bpfp_mbuf
, hdr
, hdrlen
, k
, err
);
289 * Execute the filter program starting at pc on the packet p
290 * wirelen is the length of the original packet
291 * buflen is the amount of data present
294 bpf_filter(const struct bpf_insn
*pc
, u_char
*p
, u_int wirelen
, u_int buflen
)
296 u_int32_t A
= 0, X
= 0;
298 int32_t mem
[BPF_MEMWORDS
];
301 struct bpf_packet
* bp
= (struct bpf_packet
*)(void *)p
;
304 bzero(mem
, sizeof(mem
));
308 * No filter means accept all.
329 case BPF_LD
|BPF_W
|BPF_ABS
:
331 if (k
> buflen
|| sizeof(int32_t) > buflen
- k
) {
335 A
= bp_xword(bp
, k
, &merr
);
344 if (((intptr_t)(p
+ k
) & 3) != 0)
345 A
= EXTRACT_LONG(&p
[k
]);
347 #endif /* BPF_ALIGN */
348 A
= ntohl(*(int32_t *)(void *)(p
+ k
));
351 case BPF_LD
|BPF_H
|BPF_ABS
:
353 if (k
> buflen
|| sizeof(int16_t) > buflen
- k
) {
357 A
= bp_xhalf(bp
, k
, &merr
);
365 A
= EXTRACT_SHORT(&p
[k
]);
368 case BPF_LD
|BPF_B
|BPF_ABS
:
374 A
= bp_xbyte(bp
, k
, &merr
);
385 case BPF_LD
|BPF_W
|BPF_LEN
:
389 case BPF_LDX
|BPF_W
|BPF_LEN
:
393 case BPF_LD
|BPF_W
|BPF_IND
:
395 if (pc
->k
> buflen
|| X
> buflen
- pc
->k
||
396 sizeof(int32_t) > buflen
- k
) {
400 A
= bp_xword(bp
, k
, &merr
);
409 if (((intptr_t)(p
+ k
) & 3) != 0)
410 A
= EXTRACT_LONG(&p
[k
]);
412 #endif /* BPF_ALIGN */
413 A
= ntohl(*(int32_t *)(void *)(p
+ k
));
416 case BPF_LD
|BPF_H
|BPF_IND
:
418 if (X
> buflen
|| pc
->k
> buflen
- X
||
419 sizeof(int16_t) > buflen
- k
) {
423 A
= bp_xhalf(bp
, k
, &merr
);
431 A
= EXTRACT_SHORT(&p
[k
]);
434 case BPF_LD
|BPF_B
|BPF_IND
:
436 if (pc
->k
>= buflen
|| X
>= buflen
- pc
->k
) {
440 A
= bp_xbyte(bp
, k
, &merr
);
451 case BPF_LDX
|BPF_MSH
|BPF_B
:
457 X
= bp_xbyte(bp
, k
, &merr
);
466 X
= (p
[pc
->k
] & 0xf) << 2;
473 case BPF_LDX
|BPF_IMM
:
481 case BPF_LDX
|BPF_MEM
:
486 if (pc
->k
>= BPF_MEMWORDS
)
492 if (pc
->k
>= BPF_MEMWORDS
)
501 case BPF_JMP
|BPF_JGT
|BPF_K
:
502 pc
+= (A
> pc
->k
) ? pc
->jt
: pc
->jf
;
505 case BPF_JMP
|BPF_JGE
|BPF_K
:
506 pc
+= (A
>= pc
->k
) ? pc
->jt
: pc
->jf
;
509 case BPF_JMP
|BPF_JEQ
|BPF_K
:
510 pc
+= (A
== pc
->k
) ? pc
->jt
: pc
->jf
;
513 case BPF_JMP
|BPF_JSET
|BPF_K
:
514 pc
+= (A
& pc
->k
) ? pc
->jt
: pc
->jf
;
517 case BPF_JMP
|BPF_JGT
|BPF_X
:
518 pc
+= (A
> X
) ? pc
->jt
: pc
->jf
;
521 case BPF_JMP
|BPF_JGE
|BPF_X
:
522 pc
+= (A
>= X
) ? pc
->jt
: pc
->jf
;
525 case BPF_JMP
|BPF_JEQ
|BPF_X
:
526 pc
+= (A
== X
) ? pc
->jt
: pc
->jf
;
529 case BPF_JMP
|BPF_JSET
|BPF_X
:
530 pc
+= (A
& X
) ? pc
->jt
: pc
->jf
;
533 case BPF_ALU
|BPF_ADD
|BPF_X
:
537 case BPF_ALU
|BPF_SUB
|BPF_X
:
541 case BPF_ALU
|BPF_MUL
|BPF_X
:
545 case BPF_ALU
|BPF_DIV
|BPF_X
:
551 case BPF_ALU
|BPF_AND
|BPF_X
:
555 case BPF_ALU
|BPF_OR
|BPF_X
:
559 case BPF_ALU
|BPF_LSH
|BPF_X
:
563 case BPF_ALU
|BPF_RSH
|BPF_X
:
567 case BPF_ALU
|BPF_ADD
|BPF_K
:
571 case BPF_ALU
|BPF_SUB
|BPF_K
:
575 case BPF_ALU
|BPF_MUL
|BPF_K
:
579 case BPF_ALU
|BPF_DIV
|BPF_K
:
583 case BPF_ALU
|BPF_AND
|BPF_K
:
587 case BPF_ALU
|BPF_OR
|BPF_K
:
591 case BPF_ALU
|BPF_LSH
|BPF_K
:
595 case BPF_ALU
|BPF_RSH
|BPF_K
:
599 case BPF_ALU
|BPF_NEG
:
603 case BPF_MISC
|BPF_TAX
:
607 case BPF_MISC
|BPF_TXA
:
616 * Return true if the 'fcode' is a valid filter program.
617 * The constraints are that each jump be forward and to a valid
618 * code, that memory accesses are within valid ranges (to the
619 * extent that this can be checked statically; loads of packet data
620 * have to be, and are, also checked at run time), and that
621 * the code terminates with either an accept or reject.
623 * The kernel needs to be able to verify an application's filter code.
624 * Otherwise, a bogus program could easily crash the system.
627 bpf_validate(const struct bpf_insn
*f
, int len
)
630 const struct bpf_insn
*p
;
632 if (len
< 1 || len
> BPF_MAXINSNS
)
635 for (i
= 0; i
< ((u_int
)len
); ++i
) {
637 switch (BPF_CLASS(p
->code
)) {
639 * Check that memory operations use valid addresses
643 switch (BPF_MODE(p
->code
)) {
650 * More strict check with actual packet length
653 if (p
->k
>= bpf_maxbufsize
)
657 if (p
->k
>= BPF_MEMWORDS
)
668 if (p
->k
>= BPF_MEMWORDS
)
672 switch (BPF_OP(p
->code
)) {
684 * Check for constant division by 0
686 if(BPF_SRC(p
->code
) == BPF_K
&& p
->k
== 0)
695 * Check that jumps are within the code block,
696 * and that unconditional branches don't go
697 * backwards as a result of an overflow.
698 * Unconditional branches have a 32-bit offset,
699 * so they could overflow; we check to make
700 * sure they don't. Conditional branches have
701 * an 8-bit offset, and the from address is
702 * less than equal to BPF_MAXINSNS, and we assume that
703 * BPF_MAXINSNS is sufficiently small that adding 255
704 * to it won't overlflow
706 * We know that len is <= BPF_MAXINSNS, and we
707 * assume that BPF_MAXINSNS is less than the maximum
708 * size of a u_int, so that i+1 doesn't overflow
711 switch (BPF_OP(p
->code
)) {
713 if (from
+ p
->k
< from
|| from
+ p
->k
>= ((u_int
)len
))
720 if (from
+ p
->jt
>= ((u_int
)len
) || from
+ p
->jf
>= ((u_int
)len
))
735 return BPF_CLASS(f
[len
- 1].code
) == BPF_RET
;