| blob | 926628a87fdbc2492935b309048abe3b43323be3 |
1 /*
2 * netsniff-ng - the packet sniffing beast
3 * By Daniel Borkmann <daniel@netsniff-ng.org>
4 * Copyright 2009, 2010 Daniel Borkmann.
5 * Copyright 2009, 2010 Emmanuel Roullit.
6 * Subject to the GPL, version 2.
7 */
9 /*
10 * Copyright (c) 1990, 1991, 1992, 1994, 1995, 1996
11 * The Regents of the University of California. All rights reserved.
12 *
13 * Redistribution and use in source and binary forms, with or without
14 * modification, are permitted provided that: (1) source code distributions
15 * retain the above copyright notice and this paragraph in its entirety, (2)
16 * distributions including binary code include the above copyright notice and
17 * this paragraph in its entirety in the documentation or other materials
18 * provided with the distribution, and (3) all advertising materials mentioning
19 * features or use of this software display the following acknowledgement:
20 * ``This product includes software developed by the University of California,
21 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
22 * the University nor the names of its contributors may be used to endorse
23 * or promote products derived from this software without specific prior
24 * written permission.
25 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
26 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
27 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
28 */
30 #include <stdint.h>
31 #include <stdio.h>
32 #include <assert.h>
33 #include <arpa/inet.h>
40 /* This is a bug in libpcap, they actually use 'unsigned long' instead
41 * of short! */
42 #define EXTRACT_SHORT(packet) \
43 ((unsigned short) ntohs(*(unsigned short *) packet))
44 #define EXTRACT_LONG(packet) \
45 (ntohl(*(unsigned long *) packet))
47 /*
48 * Number of scratch memory words for: BPF_ST and BPF_STX
49 */
50 #ifndef BPF_MEMWORDS
51 # define BPF_MEMWORDS 16
55 {
290 }
292 /* XXX: Tell gcc that this here is okay for us */
300 }
303 {
307 }
310 {
315 }
318 {
324 }
327 {
339 /*
340 * Check that memory operations use valid addresses.
341 */
350 /*
351 * There's no maximum packet data size
352 * in userland. The runtime packet length
353 * check suffices.
354 */
364 }
383 /*
384 * Check for constant division by 0.
385 */
391 }
394 /*
395 * Check that jumps are within the code block,
396 * and that unconditional branches don't go
397 * backwards as a result of an overflow.
398 * Unconditional branches have a 32-bit offset,
399 * so they could overflow; we check to make
400 * sure they don't. Conditional branches have
401 * an 8-bit offset, and the from address is <=
402 * BPF_MAXINSNS, and we assume that BPF_MAXINSNS
403 * is sufficiently small that adding 255 to it
404 * won't overflow.
405 *
406 * We know that len is <= BPF_MAXINSNS, and we
407 * assume that BPF_MAXINSNS is < the maximum size
408 * of a u_int, so that i + 1 doesn't overflow.
409 *
410 * For userland, we don't know that the from
411 * or len are <= BPF_MAXINSNS, but we know that
412 * from <= len, and, except on a 64-bit system,
413 * it's unlikely that len, if it truly reflects
414 * the size of the program we've been handed,
415 * will be anywhere near the maximum size of
416 * a u_int. We also don't check for backward
417 * branches, as we currently support them in
418 * userland for the protochain operation.
419 */
436 }
444 }
445 }
448 }
452 {
453 /* XXX: caplen == len */
675 }
676 }
677 }
680 {
690 }
701 /* A comment. Skip this line */
705 }
714 /* No valid bpf opcode format or a syntax error */
724 }
730 }