2 * netsniff-ng - the packet sniffing beast
3 * By Daniel Borkmann <daniel@netsniff-ng.org>
4 * Copyright 2011 Daniel Borkmann <dborkma@tik.ee.ethz.ch>,
5 * Swiss federal institute of technology (ETH Zurich)
6 * Subject to the GPL, version 2.
9 /* yaac-func-prefix: yy */
22 #include "bpf_parser.tab.h"
26 #define MAX_INSTRUCTIONS 4096
28 int compile_filter
(char *file
, int verbose
, int bypass
);
30 static int curr_instr
= 0;
32 static struct sock_filter out
[MAX_INSTRUCTIONS
];
34 static char *labels
[MAX_INSTRUCTIONS
];
36 static char *labels_jt
[MAX_INSTRUCTIONS
];
37 static char *labels_jf
[MAX_INSTRUCTIONS
];
38 static char *labels_k
[MAX_INSTRUCTIONS
];
40 #define YYERROR_VERBOSE 0
42 #define YYENABLE_NLS 1
43 #define YYLTYPE_IS_TRIVIAL 1
47 extern
int yylex(void);
48 extern
void yyerror(const char *);
52 static inline
void set_curr_instr
(uint16_t code
, uint8_t jt
, uint8_t jf
, uint32_t k
)
54 if
(curr_instr
>= MAX_INSTRUCTIONS
)
55 panic
("Exceeded maximal number of instructions!\n");
57 out
[curr_instr
].code
= code
;
58 out
[curr_instr
].jt
= jt
;
59 out
[curr_instr
].jf
= jf
;
60 out
[curr_instr
].k
= k
;
65 static inline
void set_curr_label
(char *label
)
67 if
(curr_instr
>= MAX_INSTRUCTIONS
)
68 panic
("Exceeded maximal number of instructions!\n");
70 labels
[curr_instr
] = label
;
77 static inline
void set_jmp_label
(char *label
, int which
)
79 if
(curr_instr
>= MAX_INSTRUCTIONS
)
80 panic
("Exceeded maximal number of instructions!\n");
82 bug_on
(which
!= JTL
&& which
!= JFL
&& which
!= JKL
);
85 labels_jt
[curr_instr
] = label
;
86 else if
(which
== JFL
)
87 labels_jf
[curr_instr
] = label
;
89 labels_k
[curr_instr
] = label
;
92 static int find_intr_offset_or_panic
(char *label_to_search
)
94 int i
, max
= curr_instr
, ret
= -ENOENT
;
96 bug_on
(!label_to_search
);
98 for
(i
= 0; i
< max
; ++i
) {
99 if
(labels
[i
] != NULL
) {
100 /* Both are \0-terminated! */
101 if
(!strcmp
(label_to_search
, labels
[i
])) {
109 panic
("No such label!\n");
121 %token OP_LDB OP_LDH OP_LD OP_LDX OP_ST OP_STX OP_JMP OP_JEQ OP_JGT OP_JGE
122 %token OP_JSET OP_ADD OP_SUB OP_MUL OP_DIV OP_AND OP_OR OP_XOR OP_LSH OP_RSH
123 %token OP_RET OP_TAX OP_TXA OP_LDXB OP_MOD OP_NEG K_PKT_LEN K_PROTO K_TYPE
124 %token K_NLATTR K_NLATTR_NEST K_MARK K_QUEUE K_HATYPE K_RXHASH K_CPU K_IFIDX
126 %token
':' ',' '[' ']' '(' ')' 'x' 'a' '+' 'M' '*' '&' '#'
128 %token number_hex number_dec number_oct number_bin label
130 %type
<number
> number_hex number_dec number_oct number_bin number
178 : number_dec
{ $$
= $1; }
179 | number_hex
{ $$
= $1; }
180 | number_oct
{ $$
= $1; }
181 | number_bin
{ $$
= $1; }
185 : label
':' { set_curr_label
($1); }
189 : OP_LDB
'[' 'x' '+' number
']' {
190 set_curr_instr
(BPF_LD | BPF_B | BPF_IND
, 0, 0, $5); }
191 | OP_LDB
'[' number
']' {
192 set_curr_instr
(BPF_LD | BPF_B | BPF_ABS
, 0, 0, $3); }
193 | OP_LDB
'#' K_PROTO
{
194 set_curr_instr
(BPF_LD | BPF_B | BPF_ABS
, 0, 0,
195 SKF_AD_OFF
+ SKF_AD_PROTOCOL
); }
196 | OP_LDB
'#' K_TYPE
{
197 set_curr_instr
(BPF_LD | BPF_B | BPF_ABS
, 0, 0,
198 SKF_AD_OFF
+ SKF_AD_PKTTYPE
); }
199 | OP_LDB
'#' K_IFIDX
{
200 set_curr_instr
(BPF_LD | BPF_B | BPF_ABS
, 0, 0,
201 SKF_AD_OFF
+ SKF_AD_IFINDEX
); }
202 | OP_LDB
'#' K_NLATTR
{
203 set_curr_instr
(BPF_LD | BPF_B | BPF_ABS
, 0, 0,
204 SKF_AD_OFF
+ SKF_AD_NLATTR
); }
205 | OP_LDB
'#' K_NLATTR_NEST
{
206 set_curr_instr
(BPF_LD | BPF_B | BPF_ABS
, 0, 0,
207 SKF_AD_OFF
+ SKF_AD_NLATTR_NEST
); }
208 | OP_LDB
'#' K_MARK
{
209 set_curr_instr
(BPF_LD | BPF_B | BPF_ABS
, 0, 0,
210 SKF_AD_OFF
+ SKF_AD_MARK
); }
211 | OP_LDB
'#' K_QUEUE
{
212 set_curr_instr
(BPF_LD | BPF_B | BPF_ABS
, 0, 0,
213 SKF_AD_OFF
+ SKF_AD_QUEUE
); }
214 | OP_LDB
'#' K_HATYPE
{
215 set_curr_instr
(BPF_LD | BPF_B | BPF_ABS
, 0, 0,
216 SKF_AD_OFF
+ SKF_AD_HATYPE
); }
217 | OP_LDB
'#' K_RXHASH
{
218 set_curr_instr
(BPF_LD | BPF_B | BPF_ABS
, 0, 0,
219 SKF_AD_OFF
+ SKF_AD_RXHASH
); }
221 set_curr_instr
(BPF_LD | BPF_B | BPF_ABS
, 0, 0,
222 SKF_AD_OFF
+ SKF_AD_CPU
); }
226 : OP_LDH
'[' 'x' '+' number
']' {
227 set_curr_instr
(BPF_LD | BPF_H | BPF_IND
, 0, 0, $5); }
228 | OP_LDH
'[' number
']' {
229 set_curr_instr
(BPF_LD | BPF_H | BPF_ABS
, 0, 0, $3); }
230 | OP_LDH
'#' K_PROTO
{
231 set_curr_instr
(BPF_LD | BPF_H | BPF_ABS
, 0, 0,
232 SKF_AD_OFF
+ SKF_AD_PROTOCOL
); }
233 | OP_LDH
'#' K_TYPE
{
234 set_curr_instr
(BPF_LD | BPF_H | BPF_ABS
, 0, 0,
235 SKF_AD_OFF
+ SKF_AD_PKTTYPE
); }
236 | OP_LDH
'#' K_IFIDX
{
237 set_curr_instr
(BPF_LD | BPF_H | BPF_ABS
, 0, 0,
238 SKF_AD_OFF
+ SKF_AD_IFINDEX
); }
239 | OP_LDH
'#' K_NLATTR
{
240 set_curr_instr
(BPF_LD | BPF_H | BPF_ABS
, 0, 0,
241 SKF_AD_OFF
+ SKF_AD_NLATTR
); }
242 | OP_LDH
'#' K_NLATTR_NEST
{
243 set_curr_instr
(BPF_LD | BPF_H | BPF_ABS
, 0, 0,
244 SKF_AD_OFF
+ SKF_AD_NLATTR_NEST
); }
245 | OP_LDH
'#' K_MARK
{
246 set_curr_instr
(BPF_LD | BPF_H | BPF_ABS
, 0, 0,
247 SKF_AD_OFF
+ SKF_AD_MARK
); }
248 | OP_LDH
'#' K_QUEUE
{
249 set_curr_instr
(BPF_LD | BPF_H | BPF_ABS
, 0, 0,
250 SKF_AD_OFF
+ SKF_AD_QUEUE
); }
251 | OP_LDH
'#' K_HATYPE
{
252 set_curr_instr
(BPF_LD | BPF_H | BPF_ABS
, 0, 0,
253 SKF_AD_OFF
+ SKF_AD_HATYPE
); }
254 | OP_LDH
'#' K_RXHASH
{
255 set_curr_instr
(BPF_LD | BPF_H | BPF_ABS
, 0, 0,
256 SKF_AD_OFF
+ SKF_AD_RXHASH
); }
258 set_curr_instr
(BPF_LD | BPF_H | BPF_ABS
, 0, 0,
259 SKF_AD_OFF
+ SKF_AD_CPU
); }
264 set_curr_instr
(BPF_LD | BPF_IMM
, 0, 0, $3); }
265 | OP_LD
'#' K_PKT_LEN
{
266 set_curr_instr
(BPF_LD | BPF_W | BPF_LEN
, 0, 0, 0); }
267 | OP_LD
'#' K_PROTO
{
268 set_curr_instr
(BPF_LD | BPF_W | BPF_ABS
, 0, 0,
269 SKF_AD_OFF
+ SKF_AD_PROTOCOL
); }
271 set_curr_instr
(BPF_LD | BPF_W | BPF_ABS
, 0, 0,
272 SKF_AD_OFF
+ SKF_AD_PKTTYPE
); }
273 | OP_LD
'#' K_IFIDX
{
274 set_curr_instr
(BPF_LD | BPF_W | BPF_ABS
, 0, 0,
275 SKF_AD_OFF
+ SKF_AD_IFINDEX
); }
276 | OP_LD
'#' K_NLATTR
{
277 set_curr_instr
(BPF_LD | BPF_W | BPF_ABS
, 0, 0,
278 SKF_AD_OFF
+ SKF_AD_NLATTR
); }
279 | OP_LD
'#' K_NLATTR_NEST
{
280 set_curr_instr
(BPF_LD | BPF_W | BPF_ABS
, 0, 0,
281 SKF_AD_OFF
+ SKF_AD_NLATTR_NEST
); }
283 set_curr_instr
(BPF_LD | BPF_W | BPF_ABS
, 0, 0,
284 SKF_AD_OFF
+ SKF_AD_MARK
); }
285 | OP_LD
'#' K_QUEUE
{
286 set_curr_instr
(BPF_LD | BPF_W | BPF_ABS
, 0, 0,
287 SKF_AD_OFF
+ SKF_AD_QUEUE
); }
288 | OP_LD
'#' K_HATYPE
{
289 set_curr_instr
(BPF_LD | BPF_W | BPF_ABS
, 0, 0,
290 SKF_AD_OFF
+ SKF_AD_HATYPE
); }
291 | OP_LD
'#' K_RXHASH
{
292 set_curr_instr
(BPF_LD | BPF_W | BPF_ABS
, 0, 0,
293 SKF_AD_OFF
+ SKF_AD_RXHASH
); }
295 set_curr_instr
(BPF_LD | BPF_W | BPF_ABS
, 0, 0,
296 SKF_AD_OFF
+ SKF_AD_CPU
); }
297 | OP_LD
'M' '[' number
']' {
298 set_curr_instr
(BPF_LD | BPF_MEM
, 0, 0, $4); }
299 | OP_LD
'[' 'x' '+' number
']' {
300 set_curr_instr
(BPF_LD | BPF_W | BPF_IND
, 0, 0, $5); }
301 | OP_LD
'[' number
']' {
302 set_curr_instr
(BPF_LD | BPF_W | BPF_ABS
, 0, 0, $3); }
306 : OP_LDX
'#' number
{
307 set_curr_instr
(BPF_LDX | BPF_IMM
, 0, 0, $3); }
308 | OP_LDX
'M' '[' number
']' {
309 set_curr_instr
(BPF_LDX | BPF_MEM
, 0, 0, $4); }
310 | OP_LDXB number
'*' '(' '[' number
']' '&' number
')' {
311 if
($2 != 4 ||
$9 != 0xf) {
312 panic
("ldxb offset not supported!\n");
314 set_curr_instr
(BPF_LDX | BPF_MSH | BPF_B
, 0, 0, $6); } }
315 | OP_LDX number
'*' '(' '[' number
']' '&' number
')' {
316 if
($2 != 4 ||
$9 != 0xf) {
317 panic
("ldxb offset not supported!\n");
319 set_curr_instr
(BPF_LDX | BPF_MSH | BPF_B
, 0, 0, $6); } }
323 : OP_ST
'M' '[' number
']' {
324 set_curr_instr
(BPF_ST
, 0, 0, $4); }
328 : OP_STX
'M' '[' number
']' {
329 set_curr_instr
(BPF_STX
, 0, 0, $4); }
334 set_jmp_label
($2, JKL
);
335 set_curr_instr
(BPF_JMP | BPF_JA
, 0, 0, 0); }
339 : OP_JEQ
'#' number
',' label
',' label
{
340 set_jmp_label
($5, JTL
);
341 set_jmp_label
($7, JFL
);
342 set_curr_instr
(BPF_JMP | BPF_JEQ | BPF_K
, 0, 0, $3); }
343 | OP_JEQ
'x' ',' label
',' label
{
344 set_jmp_label
($4, JTL
);
345 set_jmp_label
($6, JFL
);
346 set_curr_instr
(BPF_JMP | BPF_JEQ | BPF_X
, 0, 0, 0); }
350 : OP_JGT
'#' number
',' label
',' label
{
351 set_jmp_label
($5, JTL
);
352 set_jmp_label
($7, JFL
);
353 set_curr_instr
(BPF_JMP | BPF_JGT | BPF_K
, 0, 0, $3); }
354 | OP_JGT
'x' ',' label
',' label
{
355 set_jmp_label
($4, JTL
);
356 set_jmp_label
($6, JFL
);
357 set_curr_instr
(BPF_JMP | BPF_JGT | BPF_X
, 0, 0, 0); }
361 : OP_JGE
'#' number
',' label
',' label
{
362 set_jmp_label
($5, JTL
);
363 set_jmp_label
($7, JFL
);
364 set_curr_instr
(BPF_JMP | BPF_JGE | BPF_K
, 0, 0, $3); }
365 | OP_JGE
'x' ',' label
',' label
{
366 set_jmp_label
($4, JTL
);
367 set_jmp_label
($6, JFL
);
368 set_curr_instr
(BPF_JMP | BPF_JGE | BPF_X
, 0, 0, 0); }
372 : OP_JSET
'#' number
',' label
',' label
{
373 set_jmp_label
($5, JTL
);
374 set_jmp_label
($7, JFL
);
375 set_curr_instr
(BPF_JMP | BPF_JSET | BPF_K
, 0, 0, $3); }
376 | OP_JSET
'x' ',' label
',' label
{
377 set_jmp_label
($4, JTL
);
378 set_jmp_label
($6, JFL
);
379 set_curr_instr
(BPF_JMP | BPF_JSET | BPF_X
, 0, 0, 0); }
383 : OP_ADD
'#' number
{
384 set_curr_instr
(BPF_ALU | BPF_ADD | BPF_K
, 0, 0, $3); }
386 set_curr_instr
(BPF_ALU | BPF_ADD | BPF_X
, 0, 0, 0); }
390 : OP_SUB
'#' number
{
391 set_curr_instr
(BPF_ALU | BPF_SUB | BPF_K
, 0, 0, $3); }
393 set_curr_instr
(BPF_ALU | BPF_SUB | BPF_X
, 0, 0, 0); }
397 : OP_MUL
'#' number
{
398 set_curr_instr
(BPF_ALU | BPF_MUL | BPF_K
, 0, 0, $3); }
400 set_curr_instr
(BPF_ALU | BPF_MUL | BPF_X
, 0, 0, 0); }
404 : OP_DIV
'#' number
{
405 set_curr_instr
(BPF_ALU | BPF_DIV | BPF_K
, 0, 0, $3); }
407 set_curr_instr
(BPF_ALU | BPF_DIV | BPF_X
, 0, 0, 0); }
411 : OP_MOD
'#' number
{
412 set_curr_instr
(BPF_ALU | BPF_MOD | BPF_K
, 0, 0, $3); }
414 set_curr_instr
(BPF_ALU | BPF_MOD | BPF_X
, 0, 0, 0); }
419 set_curr_instr
(BPF_ALU | BPF_NEG
, 0, 0, 0); }
423 : OP_AND
'#' number
{
424 set_curr_instr
(BPF_ALU | BPF_AND | BPF_K
, 0, 0, $3); }
426 set_curr_instr
(BPF_ALU | BPF_AND | BPF_X
, 0, 0, 0); }
431 set_curr_instr
(BPF_ALU | BPF_OR | BPF_K
, 0, 0, $3); }
433 set_curr_instr
(BPF_ALU | BPF_OR | BPF_X
, 0, 0, 0); }
437 : OP_XOR
'#' number
{
438 set_curr_instr
(BPF_ALU | BPF_XOR | BPF_K
, 0, 0, $3); }
440 set_curr_instr
(BPF_ALU | BPF_XOR | BPF_X
, 0, 0, 0); }
444 : OP_LSH
'#' number
{
445 set_curr_instr
(BPF_ALU | BPF_LSH | BPF_K
, 0, 0, $3); }
447 set_curr_instr
(BPF_ALU | BPF_LSH | BPF_X
, 0, 0, 0); }
451 : OP_RSH
'#' number
{
452 set_curr_instr
(BPF_ALU | BPF_RSH | BPF_K
, 0, 0, $3); }
454 set_curr_instr
(BPF_ALU | BPF_RSH | BPF_X
, 0, 0, 0); }
459 set_curr_instr
(BPF_RET | BPF_A
, 0, 0, 0); }
460 | OP_RET
'#' number
{
461 set_curr_instr
(BPF_RET | BPF_K
, 0, 0, $3); }
466 set_curr_instr
(BPF_MISC | BPF_TAX
, 0, 0, 0); }
471 set_curr_instr
(BPF_MISC | BPF_TXA
, 0, 0, 0); }
476 static void stage_1_inline
(void)
481 static void stage_2_label_reduce
(void)
483 int i
, max
= curr_instr
, off
;
485 /* 1. reduce k jumps */
486 for
(i
= 0; i
< max
; ++i
) {
487 if
(labels_k
[i
] != NULL
) {
488 off
= find_intr_offset_or_panic
(labels_k
[i
]);
489 out
[i
].k
= (uint32_t) (off
- i
- 1);
493 /* 1. reduce jt jumps */
494 for
(i
= 0; i
< max
; ++i
) {
495 if
(labels_jt
[i
] != NULL
) {
496 off
= find_intr_offset_or_panic
(labels_jt
[i
]);
497 out
[i
].jt
= (uint8_t) (off
- i
-1);
501 /* 1. reduce jf jumps */
502 for
(i
= 0; i
< max
; ++i
) {
503 if
(labels_jf
[i
] != NULL
) {
504 off
= find_intr_offset_or_panic
(labels_jf
[i
]);
505 out
[i
].jf
= (uint8_t) (off
- i
- 1);
510 int compile_filter
(char *file
, int verbose
, int bypass
)
513 struct sock_fprog res
;
515 if
(!strncmp
("-", file
, strlen
("-")))
518 yyin
= fopen
(file
, "r");
520 panic
("Cannot open file!\n");
522 memset
(out
, 0, sizeof
(out
));
523 memset
(labels
, 0, sizeof
(labels
));
524 memset
(labels_jf
, 0, sizeof
(labels_jf
));
525 memset
(labels_jt
, 0, sizeof
(labels_jt
));
526 memset
(labels_k
, 0, sizeof
(labels_k
));
529 stage_2_label_reduce
();
532 res.len
= curr_instr
;
535 printf
("Generated program:\n");
541 printf
("Validating: ");
545 if
(bpf_validate
(&res
) == 0) {
547 whine
("Semantic error! BPF validation "
550 panic
("Semantic error! BPF validation failed! "
551 "Try -V for debugging output!\n");
552 } else if
(verbose
) {
553 printf
("is runnable!\n");
559 for
(i
= 0; i
< res.len
; ++i
) {
560 printf
("{ 0x%x, %u, %u, 0x%08x },\n",
561 res.filter
[i
].code
, res.filter
[i
].jt
,
562 res.filter
[i
].jf
, res.filter
[i
].k
);
563 if
(labels
[i
] != NULL
)
565 if
(labels_jt
[i
] != NULL
)
567 if
(labels_jf
[i
] != NULL
)
569 if
(labels_k
[i
] != NULL
)
577 void yyerror(const char *err
)
579 panic
("Syntax error at line %d: %s! %s!\n",
580 yylineno
, yytext
, err
);