2 * netsniff-ng - the packet sniffing beast
3 * By Daniel Borkmann <daniel@netsniff-ng.org>
4 * Copyright 2012 Daniel Borkmann <dborkma@tik.ee.ethz.ch>,
5 * Swiss federal institute of technology (ETH Zurich)
6 * Subject to the GPL, version 2.
9 /* lex-func-prefix: yy */
18 #include <arpa/inet.h>
20 #include "trafgen_parser.tab.h"
25 extern void yyerror(const char *);
27 static char *try_convert_shellcode(char *sstr)
29 bool found_any = false;
30 char *bstr, *ostr = sstr, *hay, *orig = sstr;
31 size_t j = 0, blen, slen = strlen(sstr), tot = 0;
32 const char *needle = "\\x";
42 while ((hay = strstr(hay, needle)) != NULL ) {
43 hay += strlen(needle) + 2;
48 if (blen != tot || !found_any)
52 bstr = xzmalloc(blen);
56 bstr[j++] = (uint8_t) strtoul(sstr + 2, &sstr, 16);
74 number_oct ([0][0-9]+)
75 number_hex ([0]?[x][a-fA-F0-9]+)
76 number_bin ([0]?[b][0-1]+)
77 number_dec (([0])|([1-9][0-9]*))
78 number_ascii ([a-zA-Z])
80 /* rules taken from nftables scanner.l */
81 hex4 ([[:xdigit:]]{1,4})
82 v680 (({hex4}:){7}{hex4})
83 v670 ((:)((:{hex4}){7}))
84 v671 ((({hex4}:){1})((:{hex4}){6}))
85 v672 ((({hex4}:){2})((:{hex4}){5}))
86 v673 ((({hex4}:){3})((:{hex4}){4}))
87 v674 ((({hex4}:){4})((:{hex4}){3}))
88 v675 ((({hex4}:){5})((:{hex4}){2}))
89 v676 ((({hex4}:){6})(:{hex4}{1}))
90 v677 ((({hex4}:){7})(:))
91 v67 ({v670}|{v671}|{v672}|{v673}|{v674}|{v675}|{v676}|{v677})
92 v660 ((:)((:{hex4}){6}))
93 v661 ((({hex4}:){1})((:{hex4}){5}))
94 v662 ((({hex4}:){2})((:{hex4}){4}))
95 v663 ((({hex4}:){3})((:{hex4}){3}))
96 v664 ((({hex4}:){4})((:{hex4}){2}))
97 v665 ((({hex4}:){5})((:{hex4}){1}))
98 v666 ((({hex4}:){6})(:))
99 v66 ({v660}|{v661}|{v662}|{v663}|{v664}|{v665}|{v666})
100 v650 ((:)((:{hex4}){5}))
101 v651 ((({hex4}:){1})((:{hex4}){4}))
102 v652 ((({hex4}:){2})((:{hex4}){3}))
103 v653 ((({hex4}:){3})((:{hex4}){2}))
104 v654 ((({hex4}:){4})(:{hex4}{1}))
105 v655 ((({hex4}:){5})(:))
106 v65 ({v650}|{v651}|{v652}|{v653}|{v654}|{v655})
107 v640 ((:)((:{hex4}){4}))
108 v641 ((({hex4}:){1})((:{hex4}){3}))
109 v642 ((({hex4}:){2})((:{hex4}){2}))
110 v643 ((({hex4}:){3})((:{hex4}){1}))
111 v644 ((({hex4}:){4})(:))
112 v64 ({v640}|{v641}|{v642}|{v643}|{v644})
113 v630 ((:)((:{hex4}){3}))
114 v631 ((({hex4}:){1})((:{hex4}){2}))
115 v632 ((({hex4}:){2})((:{hex4}){1}))
116 v633 ((({hex4}:){3})(:))
117 v63 ({v630}|{v631}|{v632}|{v633})
118 v620 ((:)((:{hex4}){2}))
119 v621 ((({hex4}:){1})((:{hex4}){1}))
120 v622 ((({hex4}:){2})(:))
121 v62 ({v620}|{v621}|{v622})
122 v610 ((:)(:{hex4}{1}))
123 v611 ((({hex4}:){1})(:))
128 mac ({a_hex}:{a_hex}:{a_hex}:{a_hex}:{a_hex}:{a_hex})
129 ip4_addr ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)
130 ip6_addr ({v680}|{v67}|{v66}|{v65}|{v64}|{v63}|{v62}|{v61}|{v60})
134 "cpu" { return K_CPU; }
135 "fill" { return K_FILL; }
136 "rnd" { return K_RND; }
137 "csum16" { return K_CSUMIP; }
138 "csumip" { return K_CSUMIP; }
139 "csumip4" { return K_CSUMIP; }
140 "csumicmp" { return K_CSUMIP; }
141 "csumicmp4" { return K_CSUMIP; }
142 "csumudp" { return K_CSUMUDP; }
143 "csumtcp" { return K_CSUMTCP; }
144 "csumudp6" { return K_CSUMUDP6; }
145 "csumtcp6" { return K_CSUMTCP6; }
146 "drnd" { return K_DRND; }
147 "dinc" { return K_DINC; }
148 "ddec" { return K_DDEC; }
149 "seqinc" { return K_SEQINC; }
150 "seqdec" { return K_SEQDEC; }
151 "const8"|"c8" { return K_CONST8; }
152 "const16"|"c16" { return K_CONST16; }
153 "const32"|"c32" { return K_CONST32; }
154 "const64"|"c64" { return K_CONST64; }
156 "prot"[o]? { return K_PROT; }
157 "tc"|"tclass" { return K_TC; }
160 "daddr"|"da" { return K_DADDR; }
161 "saddr"|"sa" { return K_SADDR; }
162 "etype" { return K_ETYPE; }
163 "type" { return K_TYPE; }
165 /* PFC/IEEE 802.3X PAUSE */
166 "time" { return K_TIME; }
167 "pri"|"prio" { return K_PRIO; }
169 /* VLAN (802.1Q & 802.1ad) */
170 "tpid" { return K_TPID; }
171 "tci" { return K_TCI; }
172 "pcp" { return K_PCP; }
173 "dei"|"cfi" { return K_DEI; }
174 "1ad" { return K_1AD; }
175 "1q" { return K_1Q; }
177 /* MPLS (Multi Protocol Label Switching) */
178 "lbl"|"label" { return K_LABEL; }
179 "last" { return K_LAST; }
180 "exp" { return K_EXP; }
183 "sha"|"smac" { return K_SHA; }
184 "spa"|"sip" { return K_SPA; }
185 "tha"|"tmac" { return K_THA; }
186 "tpa"|"tip" { return K_TPA; }
187 "req"|"request" { return K_REQUEST; }
188 "reply" { return K_REPLY; }
189 "op"|"oper" { return K_OPER; }
190 "htype" { return K_HTYPE; }
191 "ptype" { return K_PTYPE; }
194 "ihl" { return K_IHL; }
195 "ver"|"version" { return K_VER; }
196 "ttl" { return K_TTL; }
197 "dscp" { return K_DSCP; }
198 "ecn" { return K_ECN; }
199 "tos" { return K_TOS; }
200 "len"|"length" { return K_LEN; }
201 "id" { return K_ID; }
202 "flags" { return K_FLAGS; }
203 "frag" { return K_FRAG; }
204 "csum" { return K_CSUM; }
205 "df" { return K_DF; }
206 "mf" { return K_MF; }
209 "fl"|"flow" { return K_FLOW; }
210 "nh"|"nexthdr" { return K_NEXT_HDR; }
211 "hl"|"hoplimit" { return K_HOP_LIMIT; }
215 "addr" { return K_ADDR; }
216 "mtu" { return K_MTU; }
219 "code" { return K_CODE; }
220 "echorequest" { return K_ECHO_REQUEST; }
221 "echoreply" { return K_ECHO_REPLY; }
224 "sp"|"sport" { return K_SPORT; }
225 "dp"|"dport" { return K_DPORT; }
228 "seq" { return K_SEQ; }
229 "ackseq"|"aseq" { return K_ACK_SEQ; }
230 "doff"|hlen { return K_DOFF; }
231 "cwr" { return K_CWR; }
232 "ece"|"ecn" { return K_ECE; }
233 "urg" { return K_URG; }
234 "ack" { return K_ACK; }
235 "psh" { return K_PSH; }
236 "rst" { return K_RST; }
237 "syn" { return K_SYN; }
238 "fin" { return K_FIN; }
239 "win"|"window" { return K_WINDOW; }
240 "urgptr" { return K_URG_PTR; }
243 "qr" { return K_QR; }
244 "aa"|"aanswer" { return K_AANSWER; }
245 "trunc" { return K_TRUNC; }
246 "ravail" { return K_RAVAIL; }
247 "rdesired" { return K_RDESIRED; }
248 "zero" { return K_ZERO; }
249 "rc"|"rcode" { return K_RCODE; }
250 "qdcount" { return K_QDCOUNT; }
251 "ancount" { return K_ANCOUNT; }
252 "nscount" { return K_NSCOUNT; }
253 "arcount" { return K_ARCOUNT; }
254 "name" { return K_NAME; }
255 "class" { return K_CLASS; }
256 "data" { return K_DATA; }
257 "qry"|"query" { return K_QUERY; }
258 "ans"|"answer" { return K_ANSWER; }
259 "auth" { return K_AUTH; }
260 "add" { return K_ADD; }
261 "ns" { return K_NS; }
262 "cname" { return K_CNAME; }
263 "ptr" { return K_PTR; }
265 "eth" { return K_ETH; }
266 "pause" { return K_PAUSE; }
267 "pfc" { return K_PFC; }
268 "vlan" { return K_VLAN; }
269 "mpls" { return K_MPLS; }
270 "arp" { return K_ARP; }
271 "ip4"|"ipv4" { return K_IP4; }
272 "ip6"|"ipv6" { return K_IP6; }
273 "icmp4"|"icmpv4" { return K_ICMP4; }
274 "icmp6"|"icmpv6" { return K_ICMP6; }
275 "udp" { return K_UDP; }
276 "tcp" { return K_TCP; }
277 "dns" { return K_DNS; }
279 [ ]*"-"[ ]* { return '-'; }
280 [ ]*"+"[ ]* { return '+'; }
281 [ ]*"*"[ ]* { return '*'; }
282 [ ]*"/"[ ]* { return '/'; }
283 [ ]*"%"[ ]* { return '%'; }
284 [ ]*"&"[ ]* { return '&'; }
285 [ ]*"|"[ ]* { return '|'; }
286 [ ]*"<"[ ]* { return '<'; }
287 [ ]*">"[ ]* { return '>'; }
288 [ ]*"^"[ ]* { return '^'; }
301 "\""[^\"]+"\"" { yylval.str = try_convert_shellcode(xstrdup(yytext));
304 ([ \t\n]+)? { return K_WHITE; }
306 "/*"([^\*]|\*[^/])*"*/" { return K_COMMENT; }
308 "#"[^\n]* { return K_COMMENT; }
310 {number_hex} { yylval.number = strtoul(yytext + (yytext[0] == 'x' ? 1 : 0),
314 {number_dec} { yylval.number = strtol(yytext, NULL, 10);
317 {number_oct} { yylval.number = strtol(yytext + 1, NULL, 8);
320 {number_bin} { yylval.number = strtol(yytext + (yytext[0] == 'b' ? 1 : 2),
324 {number_ascii} { yylval.number = (uint8_t) (*yytext);
327 {mac} { if (str2mac(yytext, yylval.mac, 6))
328 panic("Failed to parse MAC address %s\n", yytext);
331 {ip4_addr} { if (inet_pton(AF_INET, yytext, &yylval.ip4_addr) != 1)
332 panic("Failed to parse IPv4 address %s\n", yytext);
335 {ip6_addr} { if (inet_pton(AF_INET6, yytext, &yylval.ip6_addr) != 1)
336 panic("Failed to parse IPv6 address %s\n", yytext);
339 "'\\x"[a-fA-F0-9]{2}"'" { yylval.number = strtol(yytext + 3, NULL, 16);
342 "'"."'" { yylval.number = (uint8_t) (*(yytext + 1));
345 ";"[^\n]* {/* NOP */}
346 . { printf("Unknown character '%s'", yytext);
347 yyerror("lex Unknown character"); }