[unix-history] / usr / src / sys.386bsd / net / bpf_filter.c

/*-
 * Copyright (c) 1991 The Regents of the University of California.
 * All rights reserved.
 *
 * This code is derived from the Stanford/CMU enet packet filter,
 * (net/enet.c) distributed as part of 4.3BSD, and code contributed
 * to Berkeley by Steven McCanne of Lawrence Berkeley Laboratory.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *	This product includes software developed by the University of
 *	California, Berkeley and its contributors.
 * 4. Neither the name of the University nor the names of its contributors
 *    may be used to endorse or promote products derived from this software
 *    without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 *	@(#)bpf_filter.c	7.2 (Berkeley) 5/14/91
 *
 * static char rcsid[] =
 * "@(#) $Header: bpf_filter.c,v 1.10 91/04/24 22:07:07 mccanne Locked $ (LBL)";
 */

#include <sys/param.h>
#include <sys/types.h>
#include <sys/time.h>
#include <net/bpf.h>

#ifdef sun
#include <netinet/in.h>
#endif

#if defined(sparc) || defined(mips)
#define ALIGN
#endif

#ifndef ALIGN
#define EXTRACT_SHORT(p)	(ntohs(*(u_short *)p))
#define EXTRACT_LONG(p)		(ntohl(*(u_long *)p))
#else
#define EXTRACT_SHORT(p)\
	((u_short)\
		(*((u_char *)(p)+0)<<8|\
		 *((u_char *)(p)+1)<<0))
#define EXTRACT_LONG(p)\
		(*((u_char *)(p)+0)<<24|\
		 *((u_char *)(p)+1)<<16|\
		 *((u_char *)(p)+2)<<8|\
		 *((u_char *)(p)+3)<<0)
#endif

#ifdef KERNEL
#include <sys/mbuf.h>
#define MINDEX(m, k) \
{ \
	register int len = m->m_len; \
 \
	while (k >= len) { \
		k -= len; \
		m = m->m_next; \
		if (m == 0) \
			return 0; \
		len = m->m_len; \
	} \
}

static int
m_xword(m, k, err)
	register struct mbuf *m;
	register int k, *err;
{
	register int len;
	register u_char *cp, *np;
	register struct mbuf *m0;

	len = m->m_len;
	while (k >= len) {
		k -= len;
		m = m->m_next;
		if (m == 0)
			goto bad;
		len = m->m_len;
	}
	cp = mtod(m, u_char *) + k;
	if (len - k >= 4) {
		*err = 0;
		return EXTRACT_LONG(cp);
	}
	m0 = m->m_next;
	if (m0 == 0 || m0->m_len + len - k < 4)
		goto bad;
	*err = 0;
	np = mtod(m0, u_char *);
	switch (len - k) {

	case 1:
		return (cp[k] << 24) | (np[0] << 16) | (np[1] << 8) | np[2];

	case 2:
		return (cp[k] << 24) | (cp[k + 1] << 16) | (np[0] << 8) | 
			np[1];

	default:
		return (cp[k] << 24) | (cp[k + 1] << 16) | (cp[k + 2] << 8) |
			np[0];
	}
    bad:
	*err = 1;
	return 0;
}

static int
m_xhalf(m, k, err)
	register struct mbuf *m;
	register int k, *err;
{
	register int len;
	register u_char *cp, *np;
	register struct mbuf *m0;

	len = m->m_len;
	while (k >= len) {
		k -= len;
		m = m->m_next;
		if (m == 0)
			goto bad;
		len = m->m_len;
	}
	cp = mtod(m, u_char *) + k;
	if (len - k >= 2) {
		*err = 0;
		return EXTRACT_SHORT(cp);
	}
	m0 = m->m_next;
	if (m0 == 0)
		goto bad;
	*err = 0;
	return (cp[k] << 8) | mtod(m0, u_char *)[0];
 bad:
	*err = 1;
	return 0;
}


#endif

/*
 * Execute the filter program starting at pc on the packet p
 * wirelen is the length of the original packet
 * buflen is the amount of data present
 */
u_int
bpf_filter(pc, p, wirelen, buflen)
	register struct bpf_insn *pc;
	register u_char *p;
	u_int wirelen;
	register u_int buflen;
{
	register long A, X;
	register int k;
	long mem[BPF_MEMWORDS];

	if (pc == 0)
		/*
		 * No filter means accept all.
		 */
		return (u_int)-1;
#ifdef lint
	A = 0;
	X = 0;
#endif
	--pc;
	while (1) {
		++pc;
		switch (pc->code) {

		default:
#ifdef KERNEL
			return 0;
#else
			abort();
#endif			
		case BPF_RET|BPF_K:
			return (u_int)pc->k;

		case BPF_RET|BPF_A:
			return (u_int)A;

		case BPF_LD|BPF_W|BPF_ABS:
			k = pc->k;
			if (k + sizeof(long) > buflen) {
#ifdef KERNEL
				int merr;

				if (buflen != 0)
					return 0;
				A = m_xword((struct mbuf *)p, k, &merr);
				if (merr != 0)
					return 0;
				continue;
#else
				return 0;
#endif
			}
#ifdef ALIGN
			if (((int)(p + k) & 3) != 0)
				A = EXTRACT_LONG(&p[k]);
			else
#endif
				A = *(long *)(p + k);
			continue;

		case BPF_LD|BPF_H|BPF_ABS:
			k = pc->k;
			if (k + sizeof(short) > buflen) {
#ifdef KERNEL
				int merr;

				if (buflen != 0)
					return 0;
				A = m_xhalf((struct mbuf *)p, k, &merr);
				continue;
#else
				return 0;
#endif
			}
			A = EXTRACT_SHORT(&p[k]);
			continue;

		case BPF_LD|BPF_B|BPF_ABS:
			k = pc->k;
			if (k >= buflen) {
#ifdef KERNEL
				register struct mbuf *m;

				if (buflen != 0)
					return 0;
				m = (struct mbuf *)p;
				MINDEX(m, k);
				A = mtod(m, u_char *)[k];
				continue;
#else
				return 0;
#endif
			}
			A = p[k];
			continue;

		case BPF_LD|BPF_W|BPF_LEN:
			A = wirelen;
			continue;

		case BPF_LDX|BPF_W|BPF_LEN:
			X = wirelen;
			continue;

		case BPF_LD|BPF_W|BPF_IND:
			k = X + pc->k;
			if (k + sizeof(long) > buflen) {
#ifdef KERNEL
				int merr;

				if (buflen != 0)
					return 0;
				A = m_xword((struct mbuf *)p, k, &merr);
				if (merr != 0)
					return 0;
				continue;
#else
				return 0;
#endif
			}
#ifdef ALIGN
			if (((int)(p + k) & 3) != 0)
				A = EXTRACT_LONG(&p[k]);
			else
#endif
				A = *(long *)(p + k);
			continue;

		case BPF_LD|BPF_H|BPF_IND:
			k = X + pc->k;
			if (k + sizeof(short) > buflen) {
#ifdef KERNEL
				int merr;

				if (buflen != 0)
					return 0;
				A = m_xhalf((struct mbuf *)p, k, &merr);
				if (merr != 0)
					return 0;
				continue;
#else
				return 0;
#endif
			}
			A = EXTRACT_SHORT(&p[k]);
			continue;

		case BPF_LD|BPF_B|BPF_IND:
			k = X + pc->k;
			if (k >= buflen) {
#ifdef KERNEL
				register struct mbuf *m;

				if (buflen != 0)
					return 0;
				m = (struct mbuf *)p;
				MINDEX(m, k);
				A = mtod(m, char *)[k];
				continue;
#else
				return 0;
#endif
			}
			A = p[k];
			continue;

		case BPF_LDX|BPF_MSH|BPF_B:
			k = pc->k;
			if (k >= buflen) {
#ifdef KERNEL
				register struct mbuf *m;

				if (buflen != 0)
					return 0;
				m = (struct mbuf *)p;
				MINDEX(m, k);
				X = (mtod(m, char *)[k] & 0xf) << 2;
				continue;
#else
				return 0;
#endif
			}
			X = (p[pc->k] & 0xf) << 2;
			continue;

		case BPF_LD|BPF_IMM:
			A = pc->k;
			continue;

		case BPF_LDX|BPF_IMM:
			X = pc->k;
			continue;

		case BPF_LD|BPF_MEM:
			A = mem[pc->k];
			continue;
			
		case BPF_LDX|BPF_MEM:
			X = mem[pc->k];
			continue;

		case BPF_ST:
			mem[pc->k] = A;
			continue;

		case BPF_STX:
			mem[pc->k] = X;
			continue;

		case BPF_JMP|BPF_JA:
			pc += pc->k;
			continue;

		case BPF_JMP|BPF_JGT|BPF_K:
			pc += (A > pc->k) ? pc->jt : pc->jf;
			continue;

		case BPF_JMP|BPF_JGE|BPF_K:
			pc += (A >= pc->k) ? pc->jt : pc->jf;
			continue;

		case BPF_JMP|BPF_JEQ|BPF_K:
			pc += (A == pc->k) ? pc->jt : pc->jf;
			continue;

		case BPF_JMP|BPF_JSET|BPF_K:
			pc += (A & pc->k) ? pc->jt : pc->jf;
			continue;

		case BPF_JMP|BPF_JGT|BPF_X:
			pc += (A > X) ? pc->jt : pc->jf;
			continue;

		case BPF_JMP|BPF_JGE|BPF_X:
			pc += (A >= X) ? pc->jt : pc->jf;
			continue;

		case BPF_JMP|BPF_JEQ|BPF_X:
			pc += (A == X) ? pc->jt : pc->jf;
			continue;

		case BPF_JMP|BPF_JSET|BPF_X:
			pc += (A & X) ? pc->jt : pc->jf;
			continue;

		case BPF_ALU|BPF_ADD|BPF_X:
			A += X;
			continue;
			
		case BPF_ALU|BPF_SUB|BPF_X:
			A -= X;
			continue;
			
		case BPF_ALU|BPF_MUL|BPF_X:
			A *= X;
			continue;
			
		case BPF_ALU|BPF_DIV|BPF_X:
			if (X == 0)
				return 0;
			A /= X;
			continue;
			
		case BPF_ALU|BPF_AND|BPF_X:
			A &= X;
			continue;
			
		case BPF_ALU|BPF_OR|BPF_X:
			A |= X;
			continue;

		case BPF_ALU|BPF_LSH|BPF_X:
			A <<= X;
			continue;

		case BPF_ALU|BPF_RSH|BPF_X:
			A >>= X;
			continue;

		case BPF_ALU|BPF_ADD|BPF_K:
			A += pc->k;
			continue;
			
		case BPF_ALU|BPF_SUB|BPF_K:
			A -= pc->k;
			continue;
			
		case BPF_ALU|BPF_MUL|BPF_K:
			A *= pc->k;
			continue;
			
		case BPF_ALU|BPF_DIV|BPF_K:
			A /= pc->k;
			continue;
			
		case BPF_ALU|BPF_AND|BPF_K:
			A &= pc->k;
			continue;
			
		case BPF_ALU|BPF_OR|BPF_K:
			A |= pc->k;
			continue;

		case BPF_ALU|BPF_LSH|BPF_K:
			A <<= pc->k;
			continue;

		case BPF_ALU|BPF_RSH|BPF_K:
			A >>= pc->k;
			continue;

		case BPF_ALU|BPF_NEG:
			A = -A;
			continue;

		case BPF_MISC|BPF_TAX:
			X = A;
			continue;

		case BPF_MISC|BPF_TXA:
			A = X;
			continue;
		}
	}
}

#ifdef KERNEL
/*
 * Return true if the 'fcode' is a valid filter program.
 * The constraints are that each jump be forward and to a valid
 * code.  The code must terminate with either an accept or reject. 
 * 'valid' is an array for use by the routine (it must be at least
 * 'len' bytes long).  
 *
 * The kernel needs to be able to verify an application's filter code.
 * Otherwise, a bogus program could easily crash the system.
 */
int
bpf_validate(f, len)
	struct bpf_insn *f;
	int len;
{
	register int i;
	register struct bpf_insn *p;

	for (i = 0; i < len; ++i) {
		/*
		 * Check that that jumps are forward, and within 
		 * the code block.
		 */
		p = &f[i];
		if (BPF_CLASS(p->code) == BPF_JMP) {
			register int from = i + 1;

			if (BPF_OP(p->code) == BPF_JA) {
				if (from + p->k >= len)
					return 0;
			}
			else if (from + p->jt >= len || from + p->jf >= len)
				return 0;
		}
		/*
		 * Check that memory operations use valid addresses.
		 */
		if ((BPF_CLASS(p->code) == BPF_ST ||
		     (BPF_CLASS(p->code) == BPF_LD && 
		      (p->code & 0xe0) == BPF_MEM)) &&
		    (p->k >= BPF_MEMWORDS || p->k < 0))
			return 0;
		/*
		 * Check for constant division by 0.
		 */
		if (p->code == BPF_ALU|BPF_DIV|BPF_K && p->k == 0)
			return;
	}
	return BPF_CLASS(f[len - 1].code) == BPF_RET;
}
#endif
Commit	Line	Data
b688fc87 WJ	1	/*-
	2	* Copyright (c) 1991 The Regents of the University of California.
	3	* All rights reserved.
	4	*
	5	* This code is derived from the Stanford/CMU enet packet filter,
	6	* (net/enet.c) distributed as part of 4.3BSD, and code contributed
	7	* to Berkeley by Steven McCanne of Lawrence Berkeley Laboratory.
	8	*
	9	* Redistribution and use in source and binary forms, with or without
	10	* modification, are permitted provided that the following conditions
	11	* are met:
	12	* 1. Redistributions of source code must retain the above copyright
	13	* notice, this list of conditions and the following disclaimer.
	14	* 2. Redistributions in binary form must reproduce the above copyright
	15	* notice, this list of conditions and the following disclaimer in the
	16	* documentation and/or other materials provided with the distribution.
	17	* 3. All advertising materials mentioning features or use of this software
	18	* must display the following acknowledgement:
	19	* This product includes software developed by the University of
	20	* California, Berkeley and its contributors.
	21	* 4. Neither the name of the University nor the names of its contributors
	22	* may be used to endorse or promote products derived from this software
	23	* without specific prior written permission.
	24	*
	25	* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
	26	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	27	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	28	* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
	29	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	30	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	31	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	32	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	33	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	34	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	35	* SUCH DAMAGE.
	36	*
	37	* @(#)bpf_filter.c 7.2 (Berkeley) 5/14/91
	38	*
	39	* static char rcsid[] =
	40	* "@(#) $Header: bpf_filter.c,v 1.10 91/04/24 22:07:07 mccanne Locked $ (LBL)";
	41	*/
	42
	43	#include <sys/param.h>
	44	#include <sys/types.h>
	45	#include <sys/time.h>
	46	#include <net/bpf.h>
	47
	48	#ifdef sun
	49	#include <netinet/in.h>
	50	#endif
	51
	52	#if defined(sparc) \|\| defined(mips)
	53	#define ALIGN
	54	#endif
	55
	56	#ifndef ALIGN
	57	#define EXTRACT_SHORT(p) (ntohs((u_short )p))
	58	#define EXTRACT_LONG(p) (ntohl((u_long )p))
	59	#else
	60	#define EXTRACT_SHORT(p)\
	61	((u_short)\
	62	(((u_char )(p)+0)<<8\|\
	63	((u_char )(p)+1)<<0))
	64	#define EXTRACT_LONG(p)\
65	(((u_char )(p)+0)<<24\|\
66	((u_char )(p)+1)<<16\|\
67	((u_char )(p)+2)<<8\|\
68	((u_char )(p)+3)<<0)
69	#endif
70
71	#ifdef KERNEL
72	#include <sys/mbuf.h>
73	#define MINDEX(m, k) \
74	{ \
75	register int len = m->m_len; \
76	\
77	while (k >= len) { \
78	k -= len; \
79	m = m->m_next; \
80	if (m == 0) \
81	return 0; \
82	len = m->m_len; \
83	} \
84	}
85
86	static int
87	m_xword(m, k, err)
88	register struct mbuf *m;
89	register int k, *err;
90	{
91	register int len;
92	register u_char cp, np;
93	register struct mbuf *m0;
94
95	len = m->m_len;
96	while (k >= len) {
97	k -= len;
98	m = m->m_next;
99	if (m == 0)
100	goto bad;
101	len = m->m_len;
102	}
103	cp = mtod(m, u_char *) + k;
104	if (len - k >= 4) {
105	*err = 0;
106	return EXTRACT_LONG(cp);
107	}
108	m0 = m->m_next;
109	if (m0 == 0 \|\| m0->m_len + len - k < 4)
110	goto bad;
111	*err = 0;
112	np = mtod(m0, u_char *);
113	switch (len - k) {
114
115	case 1:
116	return (cp[k] << 24) \| (np[0] << 16) \| (np[1] << 8) \| np[2];
117
118	case 2:
119	return (cp[k] << 24) \| (cp[k + 1] << 16) \| (np[0] << 8) \|
120	np[1];
121
122	default:
123	return (cp[k] << 24) \| (cp[k + 1] << 16) \| (cp[k + 2] << 8) \|
124	np[0];
125	}
126	bad:
127	*err = 1;
128	return 0;
129	}
130
131	static int
132	m_xhalf(m, k, err)
133	register struct mbuf *m;
134	register int k, *err;
135	{
136	register int len;
137	register u_char cp, np;
138	register struct mbuf *m0;
139
140	len = m->m_len;
141	while (k >= len) {
142	k -= len;
143	m = m->m_next;
144	if (m == 0)
145	goto bad;
146	len = m->m_len;
147	}
148	cp = mtod(m, u_char *) + k;
149	if (len - k >= 2) {
150	*err = 0;
151	return EXTRACT_SHORT(cp);
152	}
153	m0 = m->m_next;
154	if (m0 == 0)
155	goto bad;
156	*err = 0;
157	return (cp[k] << 8) \| mtod(m0, u_char *)[0];
158	bad:
159	*err = 1;
160	return 0;
161	}
162
163
164	#endif
165
166	/*
167	* Execute the filter program starting at pc on the packet p
168	* wirelen is the length of the original packet
169	* buflen is the amount of data present
170	*/
171	u_int
172	bpf_filter(pc, p, wirelen, buflen)
173	register struct bpf_insn *pc;
174	register u_char *p;
175	u_int wirelen;
176	register u_int buflen;
177	{
178	register long A, X;
179	register int k;
180	long mem[BPF_MEMWORDS];
181
182	if (pc == 0)
183	/*
184	* No filter means accept all.
185	*/
186	return (u_int)-1;
187	#ifdef lint
188	A = 0;
189	X = 0;
190	#endif
191	--pc;
192	while (1) {
193	++pc;
194	switch (pc->code) {
195
196	default:
197	#ifdef KERNEL
198	return 0;
199	#else
200	abort();
201	#endif
202	case BPF_RET\|BPF_K:
203	return (u_int)pc->k;
204
205	case BPF_RET\|BPF_A:
206	return (u_int)A;
207
208	case BPF_LD\|BPF_W\|BPF_ABS:
209	k = pc->k;
210	if (k + sizeof(long) > buflen) {
211	#ifdef KERNEL
212	int merr;
213
214	if (buflen != 0)
215	return 0;
216	A = m_xword((struct mbuf *)p, k, &merr);
217	if (merr != 0)
218	return 0;
219	continue;
220	#else
221	return 0;
222	#endif
223	}
224	#ifdef ALIGN
225	if (((int)(p + k) & 3) != 0)
226	A = EXTRACT_LONG(&p[k]);
227	else
228	#endif
229	A = (long )(p + k);
230	continue;
231
232	case BPF_LD\|BPF_H\|BPF_ABS:
233	k = pc->k;
234	if (k + sizeof(short) > buflen) {
235	#ifdef KERNEL
236	int merr;
237
238	if (buflen != 0)
239	return 0;
240	A = m_xhalf((struct mbuf *)p, k, &merr);
241	continue;
242	#else
243	return 0;
244	#endif
245	}
246	A = EXTRACT_SHORT(&p[k]);
247	continue;
248
249	case BPF_LD\|BPF_B\|BPF_ABS:
250	k = pc->k;
251	if (k >= buflen) {
252	#ifdef KERNEL
253	register struct mbuf *m;
254
255	if (buflen != 0)
256	return 0;
257	m = (struct mbuf *)p;
258	MINDEX(m, k);
259	A = mtod(m, u_char *)[k];
260	continue;
261	#else
262	return 0;
263	#endif
264	}
265	A = p[k];
266	continue;
267
268	case BPF_LD\|BPF_W\|BPF_LEN:
269	A = wirelen;
270	continue;
271
272	case BPF_LDX\|BPF_W\|BPF_LEN:
273	X = wirelen;
274	continue;
275
276	case BPF_LD\|BPF_W\|BPF_IND:
277	k = X + pc->k;
278	if (k + sizeof(long) > buflen) {
279	#ifdef KERNEL
280	int merr;
281
282	if (buflen != 0)
283	return 0;
284	A = m_xword((struct mbuf *)p, k, &merr);
285	if (merr != 0)
286	return 0;
287	continue;
288	#else
289	return 0;
290	#endif
291	}
292	#ifdef ALIGN
293	if (((int)(p + k) & 3) != 0)
294	A = EXTRACT_LONG(&p[k]);
295	else
296	#endif
297	A = (long )(p + k);
298	continue;
299
300	case BPF_LD\|BPF_H\|BPF_IND:
301	k = X + pc->k;
302	if (k + sizeof(short) > buflen) {
303	#ifdef KERNEL
304	int merr;
305
306	if (buflen != 0)
307	return 0;
308	A = m_xhalf((struct mbuf *)p, k, &merr);
309	if (merr != 0)
310	return 0;
311	continue;
312	#else
313	return 0;
314	#endif
315	}
316	A = EXTRACT_SHORT(&p[k]);
317	continue;
318
319	case BPF_LD\|BPF_B\|BPF_IND:
320	k = X + pc->k;
321	if (k >= buflen) {
322	#ifdef KERNEL
323	register struct mbuf *m;
324
325	if (buflen != 0)
326	return 0;
327	m = (struct mbuf *)p;
328	MINDEX(m, k);
329	A = mtod(m, char *)[k];
330	continue;
331	#else
332	return 0;
333	#endif
334	}
335	A = p[k];
336	continue;
337
338	case BPF_LDX\|BPF_MSH\|BPF_B:
339	k = pc->k;
340	if (k >= buflen) {
341	#ifdef KERNEL
342	register struct mbuf *m;
343
344	if (buflen != 0)
345	return 0;
346	m = (struct mbuf *)p;
347	MINDEX(m, k);
348	X = (mtod(m, char *)[k] & 0xf) << 2;
349	continue;
350	#else
351	return 0;
352	#endif
353	}
354	X = (p[pc->k] & 0xf) << 2;
355	continue;
356
357	case BPF_LD\|BPF_IMM:
358	A = pc->k;
359	continue;
360
361	case BPF_LDX\|BPF_IMM:
362	X = pc->k;
363	continue;
364
365	case BPF_LD\|BPF_MEM:
366	A = mem[pc->k];
367	continue;
368
369	case BPF_LDX\|BPF_MEM:
370	X = mem[pc->k];
371	continue;
372
373	case BPF_ST:
374	mem[pc->k] = A;
375	continue;
376
377	case BPF_STX:
378	mem[pc->k] = X;
379	continue;
380
381	case BPF_JMP\|BPF_JA:
382	pc += pc->k;
383	continue;
384
385	case BPF_JMP\|BPF_JGT\|BPF_K:
386	pc += (A > pc->k) ? pc->jt : pc->jf;
387	continue;
388
389	case BPF_JMP\|BPF_JGE\|BPF_K:
390	pc += (A >= pc->k) ? pc->jt : pc->jf;
391	continue;
392
393	case BPF_JMP\|BPF_JEQ\|BPF_K:
394	pc += (A == pc->k) ? pc->jt : pc->jf;
395	continue;
396
397	case BPF_JMP\|BPF_JSET\|BPF_K:
398	pc += (A & pc->k) ? pc->jt : pc->jf;
399	continue;
400
401	case BPF_JMP\|BPF_JGT\|BPF_X:
402	pc += (A > X) ? pc->jt : pc->jf;
403	continue;
404
405	case BPF_JMP\|BPF_JGE\|BPF_X:
406	pc += (A >= X) ? pc->jt : pc->jf;
407	continue;
408
409	case BPF_JMP\|BPF_JEQ\|BPF_X:
410	pc += (A == X) ? pc->jt : pc->jf;
411	continue;
412
413	case BPF_JMP\|BPF_JSET\|BPF_X:
414	pc += (A & X) ? pc->jt : pc->jf;
415	continue;
416
417	case BPF_ALU\|BPF_ADD\|BPF_X:
418	A += X;
419	continue;
420
421	case BPF_ALU\|BPF_SUB\|BPF_X:
422	A -= X;
423	continue;
424
425	case BPF_ALU\|BPF_MUL\|BPF_X:
426	A *= X;
427	continue;
428
429	case BPF_ALU\|BPF_DIV\|BPF_X:
430	if (X == 0)
431	return 0;
432	A /= X;
433	continue;
434
435	case BPF_ALU\|BPF_AND\|BPF_X:
436	A &= X;
437	continue;
438
439	case BPF_ALU\|BPF_OR\|BPF_X:
440	A \|= X;
441	continue;
442
443	case BPF_ALU\|BPF_LSH\|BPF_X:
444	A <<= X;
445	continue;
446
447	case BPF_ALU\|BPF_RSH\|BPF_X:
448	A >>= X;
449	continue;
450
451	case BPF_ALU\|BPF_ADD\|BPF_K:
452	A += pc->k;
453	continue;
454
455	case BPF_ALU\|BPF_SUB\|BPF_K:
456	A -= pc->k;
457	continue;
458
459	case BPF_ALU\|BPF_MUL\|BPF_K:
460	A *= pc->k;
461	continue;
462
463	case BPF_ALU\|BPF_DIV\|BPF_K:
464	A /= pc->k;
465	continue;
466
467	case BPF_ALU\|BPF_AND\|BPF_K:
468	A &= pc->k;
469	continue;
470
471	case BPF_ALU\|BPF_OR\|BPF_K:
472	A \|= pc->k;
473	continue;
474
475	case BPF_ALU\|BPF_LSH\|BPF_K:
476	A <<= pc->k;
477	continue;
478
479	case BPF_ALU\|BPF_RSH\|BPF_K:
480	A >>= pc->k;
481	continue;
482
483	case BPF_ALU\|BPF_NEG:
484	A = -A;
485	continue;
486
487	case BPF_MISC\|BPF_TAX:
488	X = A;
489	continue;
490
491	case BPF_MISC\|BPF_TXA:
492	A = X;
493	continue;
494	}
495	}
496	}
497
498	#ifdef KERNEL
499	/*
500	* Return true if the 'fcode' is a valid filter program.
501	* The constraints are that each jump be forward and to a valid
502	* code. The code must terminate with either an accept or reject.
503	* 'valid' is an array for use by the routine (it must be at least
504	* 'len' bytes long).
505	*
506	* The kernel needs to be able to verify an application's filter code.
507	* Otherwise, a bogus program could easily crash the system.
508	*/
509	int
510	bpf_validate(f, len)
511	struct bpf_insn *f;
512	int len;
513	{
514	register int i;
515	register struct bpf_insn *p;
516
517	for (i = 0; i < len; ++i) {
518	/*
519	* Check that that jumps are forward, and within
520	* the code block.
521	*/
522	p = &f[i];
523	if (BPF_CLASS(p->code) == BPF_JMP) {
524	register int from = i + 1;
525
526	if (BPF_OP(p->code) == BPF_JA) {
527	if (from + p->k >= len)
528	return 0;
529	}
530	else if (from + p->jt >= len \|\| from + p->jf >= len)
531	return 0;
532	}
533	/*
534	* Check that memory operations use valid addresses.
535	*/
536	if ((BPF_CLASS(p->code) == BPF_ST \|\|
537	(BPF_CLASS(p->code) == BPF_LD &&
538	(p->code & 0xe0) == BPF_MEM)) &&
539	(p->k >= BPF_MEMWORDS \|\| p->k < 0))
540	return 0;
541	/*
542	* Check for constant division by 0.
543	*/
544	if (p->code == BPF_ALU\|BPF_DIV\|BPF_K && p->k == 0)
545	return;
546	}
547	return BPF_CLASS(f[len - 1].code) == BPF_RET;
548	}
549	#endif