search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
docs: minor: fix headline of mz
[netsniff-ng.git] / src / bpf_parser.y
blob946727f8a862f19b21251396d5d1e5a363fd294a
1 /*
2 * netsniff-ng - the packet sniffing beast
3 * By Daniel Borkmann <daniel@netsniff-ng.org>
4 * Copyright 2011 Daniel Borkmann <dborkma@tik.ee.ethz.ch>,
5 * Swiss federal institute of technology (ETH Zurich)
6 * Subject to the GPL, version 2.
7 */
8
9 %{
10
11 #include <stdio.h>
12 #include <stdlib.h>
13 #include <stdbool.h>
14 #include <signal.h>
15 #include <stdint.h>
16 #include <errno.h>
17
18 #include "bpf.h"
19 #include "xmalloc.h"
20 #include "bpf_parser.tab.h"
21 #include "built_in.h"
22 #include "die.h"
23
24 #define MAX_INSTRUCTIONS 4096
25
26 int compile_filter(char *file, int verbose, int bypass);
27
28 static int curr_instr = 0;
29
30 static struct sock_filter out[MAX_INSTRUCTIONS];
31
32 static char *labels[MAX_INSTRUCTIONS];
33
34 static char *labels_jt[MAX_INSTRUCTIONS];
35 static char *labels_jf[MAX_INSTRUCTIONS];
36 static char *labels_k[MAX_INSTRUCTIONS];
37
38 #define YYERROR_VERBOSE 0
39 #define YYDEBUG 0
40 #define YYENABLE_NLS 1
41 #define YYLTYPE_IS_TRIVIAL 1
42 #define ENABLE_NLS 1
43
44 extern FILE *yyin;
45 extern int yylex(void);
46 extern void yyerror(const char *);
47 extern int yylineno;
48 extern char *yytext;
49
50 static inline void set_curr_instr(uint16_t code, uint8_t jt, uint8_t jf, uint32_t k)
51 {
52 if (curr_instr >= MAX_INSTRUCTIONS)
53 panic("Exceeded maximal number of instructions!\n");
54
55 out[curr_instr].code = code;
56 out[curr_instr].jt = jt;
57 out[curr_instr].jf = jf;
58 out[curr_instr].k = k;
59
60 curr_instr++;
61 }
62
63 static inline void set_curr_label(char *label)
64 {
65 if (curr_instr >= MAX_INSTRUCTIONS)
66 panic("Exceeded maximal number of instructions!\n");
67
68 labels[curr_instr] = label;
69 }
70
71 #define JTL 1
72 #define JFL 2
73 #define JKL 3
74
75 static inline void set_jmp_label(char *label, int which)
76 {
77 if (curr_instr >= MAX_INSTRUCTIONS)
78 panic("Exceeded maximal number of instructions!\n");
79
80 bug_on(which != JTL && which != JFL && which != JKL);
81
82 if (which == JTL)
83 labels_jt[curr_instr] = label;
84 else if (which == JFL)
85 labels_jf[curr_instr] = label;
86 else
87 labels_k[curr_instr] = label;
88 }
89
90 static int find_intr_offset_or_panic(char *label_to_search)
91 {
92 int i, max = curr_instr, ret = -ENOENT;
93
94 bug_on(!label_to_search);
95
96 for (i = 0; i < max; ++i) {
97 if (labels[i] != NULL) {
98 /* Both are \0-terminated! */
99 if (!strcmp(label_to_search, labels[i])) {
100 ret = i;
101 break;
102 }
103 }
104 }
105
106 if (ret == -ENOENT)
107 panic("No such label!\n");
108
109 return ret;
110 }
111
112 %}
113
114 %union {
115 char *label;
116 long int number;
117 }
118
119 %token OP_LDB OP_LDH OP_LD OP_LDX OP_ST OP_STX OP_JMP OP_JEQ OP_JGT OP_JGE
120 %token OP_JSET OP_ADD OP_SUB OP_MUL OP_DIV OP_AND OP_OR OP_XOR OP_LSH OP_RSH
121 %token OP_RET OP_TAX OP_TXA OP_LDXB OP_MOD OP_NEG K_PKT_LEN K_PROTO K_TYPE
122 %token K_NLATTR K_NLATTR_NEST K_MARK K_QUEUE K_HATYPE K_RXHASH K_CPU K_IFIDX
123
124 %token ':' ',' '[' ']' '(' ')' 'x' 'a' '+' 'M' '*' '&' '#'
125
126 %token number_hex number_dec number_oct number_bin label
127
128 %type <number> number_hex number_dec number_oct number_bin number
129 %type <label> label
130
131 %%
132
133 prog
134 : line
135 | prog line
136 ;
137
138 line
139 : instr
140 | labeled_instr
141 ;
142
143 labeled_instr
144 : do_label instr
145 ;
146
147 instr
148 : do_ldb
149 | do_ldh
150 | do_ld
151 | do_ldx
152 | do_st
153 | do_stx
154 | do_jmp
155 | do_jeq
156 | do_jgt
157 | do_jge
158 | do_jset
159 | do_add
160 | do_sub
161 | do_mul
162 | do_div
163 | do_mod
164 | do_neg
165 | do_and
166 | do_or
167 | do_xor
168 | do_lsh
169 | do_rsh
170 | do_ret
171 | do_tax
172 | do_txa
173 ;
174
175 number
176 : number_dec { $$ = $1; }
177 | number_hex { $$ = $1; }
178 | number_oct { $$ = $1; }
179 | number_bin { $$ = $1; }
180 ;
181
182 do_label
183 : label ':' { set_curr_label($1); }
184 ;
185
186 do_ldb
187 : OP_LDB '[' 'x' '+' number ']' {
188 set_curr_instr(BPF_LD | BPF_B | BPF_IND, 0, 0, $5); }
189 | OP_LDB '[' number ']' {
190 set_curr_instr(BPF_LD | BPF_B | BPF_ABS, 0, 0, $3); }
191 | OP_LDB '#' K_PROTO {
192 set_curr_instr(BPF_LD | BPF_B | BPF_ABS, 0, 0,
193 SKF_AD_OFF + SKF_AD_PROTOCOL); }
194 | OP_LDB '#' K_TYPE {
195 set_curr_instr(BPF_LD | BPF_B | BPF_ABS, 0, 0,
196 SKF_AD_OFF + SKF_AD_PKTTYPE); }
197 | OP_LDB '#' K_IFIDX {
198 set_curr_instr(BPF_LD | BPF_B | BPF_ABS, 0, 0,
199 SKF_AD_OFF + SKF_AD_IFINDEX); }
200 | OP_LDB '#' K_NLATTR {
201 set_curr_instr(BPF_LD | BPF_B | BPF_ABS, 0, 0,
202 SKF_AD_OFF + SKF_AD_NLATTR); }
203 | OP_LDB '#' K_NLATTR_NEST {
204 set_curr_instr(BPF_LD | BPF_B | BPF_ABS, 0, 0,
205 SKF_AD_OFF + SKF_AD_NLATTR_NEST); }
206 | OP_LDB '#' K_MARK {
207 set_curr_instr(BPF_LD | BPF_B | BPF_ABS, 0, 0,
208 SKF_AD_OFF + SKF_AD_MARK); }
209 | OP_LDB '#' K_QUEUE {
210 set_curr_instr(BPF_LD | BPF_B | BPF_ABS, 0, 0,
211 SKF_AD_OFF + SKF_AD_QUEUE); }
212 | OP_LDB '#' K_HATYPE {
213 set_curr_instr(BPF_LD | BPF_B | BPF_ABS, 0, 0,
214 SKF_AD_OFF + SKF_AD_HATYPE); }
215 | OP_LDB '#' K_RXHASH {
216 set_curr_instr(BPF_LD | BPF_B | BPF_ABS, 0, 0,
217 SKF_AD_OFF + SKF_AD_RXHASH); }
218 | OP_LDB '#' K_CPU {
219 set_curr_instr(BPF_LD | BPF_B | BPF_ABS, 0, 0,
220 SKF_AD_OFF + SKF_AD_CPU); }
221 ;
222
223 do_ldh
224 : OP_LDH '[' 'x' '+' number ']' {
225 set_curr_instr(BPF_LD | BPF_H | BPF_IND, 0, 0, $5); }
226 | OP_LDH '[' number ']' {
227 set_curr_instr(BPF_LD | BPF_H | BPF_ABS, 0, 0, $3); }
228 | OP_LDH '#' K_PROTO {
229 set_curr_instr(BPF_LD | BPF_H | BPF_ABS, 0, 0,
230 SKF_AD_OFF + SKF_AD_PROTOCOL); }
231 | OP_LDH '#' K_TYPE {
232 set_curr_instr(BPF_LD | BPF_H | BPF_ABS, 0, 0,
233 SKF_AD_OFF + SKF_AD_PKTTYPE); }
234 | OP_LDH '#' K_IFIDX {
235 set_curr_instr(BPF_LD | BPF_H | BPF_ABS, 0, 0,
236 SKF_AD_OFF + SKF_AD_IFINDEX); }
237 | OP_LDH '#' K_NLATTR {
238 set_curr_instr(BPF_LD | BPF_H | BPF_ABS, 0, 0,
239 SKF_AD_OFF + SKF_AD_NLATTR); }
240 | OP_LDH '#' K_NLATTR_NEST {
241 set_curr_instr(BPF_LD | BPF_H | BPF_ABS, 0, 0,
242 SKF_AD_OFF + SKF_AD_NLATTR_NEST); }
243 | OP_LDH '#' K_MARK {
244 set_curr_instr(BPF_LD | BPF_H | BPF_ABS, 0, 0,
245 SKF_AD_OFF + SKF_AD_MARK); }
246 | OP_LDH '#' K_QUEUE {
247 set_curr_instr(BPF_LD | BPF_H | BPF_ABS, 0, 0,
248 SKF_AD_OFF + SKF_AD_QUEUE); }
249 | OP_LDH '#' K_HATYPE {
250 set_curr_instr(BPF_LD | BPF_H | BPF_ABS, 0, 0,
251 SKF_AD_OFF + SKF_AD_HATYPE); }
252 | OP_LDH '#' K_RXHASH {
253 set_curr_instr(BPF_LD | BPF_H | BPF_ABS, 0, 0,
254 SKF_AD_OFF + SKF_AD_RXHASH); }
255 | OP_LDH '#' K_CPU {
256 set_curr_instr(BPF_LD | BPF_H | BPF_ABS, 0, 0,
257 SKF_AD_OFF + SKF_AD_CPU); }
258 ;
259
260 do_ld
261 : OP_LD '#' number {
262 set_curr_instr(BPF_LD | BPF_IMM, 0, 0, $3); }
263 | OP_LD '#' K_PKT_LEN {
264 set_curr_instr(BPF_LD | BPF_W | BPF_LEN, 0, 0, 0); }
265 | OP_LD '#' K_PROTO {
266 set_curr_instr(BPF_LD | BPF_W | BPF_ABS, 0, 0,
267 SKF_AD_OFF + SKF_AD_PROTOCOL); }
268 | OP_LD '#' K_TYPE {
269 set_curr_instr(BPF_LD | BPF_W | BPF_ABS, 0, 0,
270 SKF_AD_OFF + SKF_AD_PKTTYPE); }
271 | OP_LD '#' K_IFIDX {
272 set_curr_instr(BPF_LD | BPF_W | BPF_ABS, 0, 0,
273 SKF_AD_OFF + SKF_AD_IFINDEX); }
274 | OP_LD '#' K_NLATTR {
275 set_curr_instr(BPF_LD | BPF_W | BPF_ABS, 0, 0,
276 SKF_AD_OFF + SKF_AD_NLATTR); }
277 | OP_LD '#' K_NLATTR_NEST {
278 set_curr_instr(BPF_LD | BPF_W | BPF_ABS, 0, 0,
279 SKF_AD_OFF + SKF_AD_NLATTR_NEST); }
280 | OP_LD '#' K_MARK {
281 set_curr_instr(BPF_LD | BPF_W | BPF_ABS, 0, 0,
282 SKF_AD_OFF + SKF_AD_MARK); }
283 | OP_LD '#' K_QUEUE {
284 set_curr_instr(BPF_LD | BPF_W | BPF_ABS, 0, 0,
285 SKF_AD_OFF + SKF_AD_QUEUE); }
286 | OP_LD '#' K_HATYPE {
287 set_curr_instr(BPF_LD | BPF_W | BPF_ABS, 0, 0,
288 SKF_AD_OFF + SKF_AD_HATYPE); }
289 | OP_LD '#' K_RXHASH {
290 set_curr_instr(BPF_LD | BPF_W | BPF_ABS, 0, 0,
291 SKF_AD_OFF + SKF_AD_RXHASH); }
292 | OP_LD '#' K_CPU {
293 set_curr_instr(BPF_LD | BPF_W | BPF_ABS, 0, 0,
294 SKF_AD_OFF + SKF_AD_CPU); }
295 | OP_LD 'M' '[' number ']' {
296 set_curr_instr(BPF_LD | BPF_MEM, 0, 0, $4); }
297 | OP_LD '[' 'x' '+' number ']' {
298 set_curr_instr(BPF_LD | BPF_W | BPF_IND, 0, 0, $5); }
299 | OP_LD '[' number ']' {
300 set_curr_instr(BPF_LD | BPF_W | BPF_ABS, 0, 0, $3); }
301 ;
302
303 do_ldx
304 : OP_LDX '#' number {
305 set_curr_instr(BPF_LDX | BPF_IMM, 0, 0, $3); }
306 | OP_LDX 'M' '[' number ']' {
307 set_curr_instr(BPF_LDX | BPF_MEM, 0, 0, $4); }
308 | OP_LDXB number '*' '(' '[' number ']' '&' number ')' {
309 if ($2 != 4 || $9 != 0xf) {
310 panic("ldxb offset not supported!\n");
311 } else {
312 set_curr_instr(BPF_LDX | BPF_MSH | BPF_B, 0, 0, $6); } }
313 | OP_LDX number '*' '(' '[' number ']' '&' number ')' {
314 if ($2 != 4 || $9 != 0xf) {
315 panic("ldxb offset not supported!\n");
316 } else {
317 set_curr_instr(BPF_LDX | BPF_MSH | BPF_B, 0, 0, $6); } }
318 ;
319
320 do_st
321 : OP_ST 'M' '[' number ']' {
322 set_curr_instr(BPF_ST, 0, 0, $4); }
323 ;
324
325 do_stx
326 : OP_STX 'M' '[' number ']' {
327 set_curr_instr(BPF_STX, 0, 0, $4); }
328 ;
329
330 do_jmp
331 : OP_JMP label {
332 set_jmp_label($2, JKL);
333 set_curr_instr(BPF_JMP | BPF_JA, 0, 0, 0); }
334 ;
335
336 do_jeq
337 : OP_JEQ '#' number ',' label ',' label {
338 set_jmp_label($5, JTL);
339 set_jmp_label($7, JFL);
340 set_curr_instr(BPF_JMP | BPF_JEQ | BPF_K, 0, 0, $3); }
341 | OP_JEQ 'x' ',' label ',' label {
342 set_jmp_label($4, JTL);
343 set_jmp_label($6, JFL);
344 set_curr_instr(BPF_JMP | BPF_JEQ | BPF_X, 0, 0, 0); }
345 ;
346
347 do_jgt
348 : OP_JGT '#' number ',' label ',' label {
349 set_jmp_label($5, JTL);
350 set_jmp_label($7, JFL);
351 set_curr_instr(BPF_JMP | BPF_JGT | BPF_K, 0, 0, $3); }
352 | OP_JGT 'x' ',' label ',' label {
353 set_jmp_label($4, JTL);
354 set_jmp_label($6, JFL);
355 set_curr_instr(BPF_JMP | BPF_JGT | BPF_X, 0, 0, 0); }
356 ;
357
358 do_jge
359 : OP_JGE '#' number ',' label ',' label {
360 set_jmp_label($5, JTL);
361 set_jmp_label($7, JFL);
362 set_curr_instr(BPF_JMP | BPF_JGE | BPF_K, 0, 0, $3); }
363 | OP_JGE 'x' ',' label ',' label {
364 set_jmp_label($4, JTL);
365 set_jmp_label($6, JFL);
366 set_curr_instr(BPF_JMP | BPF_JGE | BPF_X, 0, 0, 0); }
367 ;
368
369 do_jset
370 : OP_JSET '#' number ',' label ',' label {
371 set_jmp_label($5, JTL);
372 set_jmp_label($7, JFL);
373 set_curr_instr(BPF_JMP | BPF_JSET | BPF_K, 0, 0, $3); }
374 | OP_JSET 'x' ',' label ',' label {
375 set_jmp_label($4, JTL);
376 set_jmp_label($6, JFL);
377 set_curr_instr(BPF_JMP | BPF_JSET | BPF_X, 0, 0, 0); }
378 ;
379
380 do_add
381 : OP_ADD '#' number {
382 set_curr_instr(BPF_ALU | BPF_ADD | BPF_K, 0, 0, $3); }
383 | OP_ADD 'x' {
384 set_curr_instr(BPF_ALU | BPF_ADD | BPF_X, 0, 0, 0); }
385 ;
386
387 do_sub
388 : OP_SUB '#' number {
389 set_curr_instr(BPF_ALU | BPF_SUB | BPF_K, 0, 0, $3); }
390 | OP_SUB 'x' {
391 set_curr_instr(BPF_ALU | BPF_SUB | BPF_X, 0, 0, 0); }
392 ;
393
394 do_mul
395 : OP_MUL '#' number {
396 set_curr_instr(BPF_ALU | BPF_MUL | BPF_K, 0, 0, $3); }
397 | OP_MUL 'x' {
398 set_curr_instr(BPF_ALU | BPF_MUL | BPF_X, 0, 0, 0); }
399 ;
400
401 do_div
402 : OP_DIV '#' number {
403 set_curr_instr(BPF_ALU | BPF_DIV | BPF_K, 0, 0, $3); }
404 | OP_DIV 'x' {
405 set_curr_instr(BPF_ALU | BPF_DIV | BPF_X, 0, 0, 0); }
406 ;
407
408 do_mod
409 : OP_MOD '#' number {
410 set_curr_instr(BPF_ALU | BPF_MOD | BPF_K, 0, 0, $3); }
411 | OP_MOD 'x' {
412 set_curr_instr(BPF_ALU | BPF_MOD | BPF_X, 0, 0, 0); }
413 ;
414
415 do_neg
416 : OP_NEG {
417 set_curr_instr(BPF_ALU | BPF_NEG, 0, 0, 0); }
418 ;
419
420 do_and
421 : OP_AND '#' number {
422 set_curr_instr(BPF_ALU | BPF_AND | BPF_K, 0, 0, $3); }
423 | OP_AND 'x' {
424 set_curr_instr(BPF_ALU | BPF_AND | BPF_X, 0, 0, 0); }
425 ;
426
427 do_or
428 : OP_OR '#' number {
429 set_curr_instr(BPF_ALU | BPF_OR | BPF_K, 0, 0, $3); }
430 | OP_OR 'x' {
431 set_curr_instr(BPF_ALU | BPF_OR | BPF_X, 0, 0, 0); }
432 ;
433
434 do_xor
435 : OP_XOR '#' number {
436 set_curr_instr(BPF_ALU | BPF_XOR | BPF_K, 0, 0, $3); }
437 | OP_XOR 'x' {
438 set_curr_instr(BPF_ALU | BPF_XOR | BPF_X, 0, 0, 0); }
439 ;
440
441 do_lsh
442 : OP_LSH '#' number {
443 set_curr_instr(BPF_ALU | BPF_LSH | BPF_K, 0, 0, $3); }
444 | OP_LSH 'x' {
445 set_curr_instr(BPF_ALU | BPF_LSH | BPF_X, 0, 0, 0); }
446 ;
447
448 do_rsh
449 : OP_RSH '#' number {
450 set_curr_instr(BPF_ALU | BPF_RSH | BPF_K, 0, 0, $3); }
451 | OP_RSH 'x' {
452 set_curr_instr(BPF_ALU | BPF_RSH | BPF_X, 0, 0, 0); }
453 ;
454
455 do_ret
456 : OP_RET 'a' {
457 set_curr_instr(BPF_RET | BPF_A, 0, 0, 0); }
458 | OP_RET '#' number {
459 set_curr_instr(BPF_RET | BPF_K, 0, 0, $3); }
460 ;
461
462 do_tax
463 : OP_TAX {
464 set_curr_instr(BPF_MISC | BPF_TAX, 0, 0, 0); }
465 ;
466
467 do_txa
468 : OP_TXA {
469 set_curr_instr(BPF_MISC | BPF_TXA, 0, 0, 0); }
470 ;
471
472 %%
473
474 static void stage_1_inline(void)
475 {
476 yyparse();
477 }
478
479 static void stage_2_label_reduce(void)
480 {
481 int i, max = curr_instr, off;
482
483 /* 1. reduce k jumps */
484 for (i = 0; i < max; ++i) {
485 if (labels_k[i] != NULL) {
486 off = find_intr_offset_or_panic(labels_k[i]);
487 out[i].k = (uint32_t) (off - i - 1);
488 }
489 }
490
491 /* 1. reduce jt jumps */
492 for (i = 0; i < max; ++i) {
493 if (labels_jt[i] != NULL) {
494 off = find_intr_offset_or_panic(labels_jt[i]);
495 out[i].jt = (uint8_t) (off - i -1);
496 }
497 }
498
499 /* 1. reduce jf jumps */
500 for (i = 0; i < max; ++i) {
501 if (labels_jf[i] != NULL) {
502 off = find_intr_offset_or_panic(labels_jf[i]);
503 out[i].jf = (uint8_t) (off - i - 1);
504 }
505 }
506 }
507
508 int compile_filter(char *file, int verbose, int bypass)
509 {
510 int i;
511 struct sock_fprog res;
512
513 if (!strncmp("-", file, strlen("-")))
514 yyin = stdin;
515 else
516 yyin = fopen(file, "r");
517 if (!yyin)
518 panic("Cannot open file!\n");
519
520 memset(out, 0, sizeof(out));
521 memset(labels, 0, sizeof(labels));
522 memset(labels_jf, 0, sizeof(labels_jf));
523 memset(labels_jt, 0, sizeof(labels_jt));
524 memset(labels_k, 0, sizeof(labels_k));
525
526 stage_1_inline();
527 stage_2_label_reduce();
528
529 res.filter = out;
530 res.len = curr_instr;
531
532 if (verbose) {
533 printf("Generated program:\n");
534 bpf_dump_all(&res);
535 }
536
537 if (!bypass) {
538 if (verbose) {
539 printf("Validating: ");
540 fflush(stdout);
541 }
542
543 if (bpf_validate(&res) == 0) {
544 if (verbose)
545 whine("Semantic error! BPF validation "
546 "failed!\n");
547 else
548 panic("Semantic error! BPF validation failed! "
549 "Try -V for debugging output!\n");
550 } else if (verbose) {
551 printf("is runnable!\n");
552 }
553 }
554
555 if (verbose)
556 printf("Result:\n");
557 for (i = 0; i < res.len; ++i) {
558 printf("{ 0x%x, %u, %u, 0x%08x },\n",
559 res.filter[i].code, res.filter[i].jt,
560 res.filter[i].jf, res.filter[i].k);
561 if (labels[i] != NULL)
562 xfree(labels[i]);
563 if (labels_jt[i] != NULL)
564 xfree(labels_jt[i]);
565 if (labels_jf[i] != NULL)
566 xfree(labels_jf[i]);
567 if (labels_k[i] != NULL)
568 xfree(labels_k[i]);
569 }
570
571 fclose(yyin);
572 return 0;
573 }
574
575 void yyerror(const char *err)
576 {
577 panic("Syntax error at line %d: %s! %s!\n",
578 yylineno, yytext, err);
579 }
netsniff-ng toolkit, the packet sniffing beast, staging tree