• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 1990, 1991, 1992, 1994, 1995, 1996
3  *	The Regents of the University of California.  All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that: (1) source code distributions
7  * retain the above copyright notice and this paragraph in its entirety, (2)
8  * distributions including binary code include the above copyright notice and
9  * this paragraph in its entirety in the documentation or other materials
10  * provided with the distribution, and (3) all advertising materials mentioning
11  * features or use of this software display the following acknowledgement:
12  * ``This product includes software developed by the University of California,
13  * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14  * the University nor the names of its contributors may be used to endorse
15  * or promote products derived from this software without specific prior
16  * written permission.
17  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18  * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
20  */
21 
22 #ifndef lint
23 static const char rcsid[] _U_ =
24     "@(#) $Header: /tcpdump/master/libpcap/bpf_image.c,v 1.26.2.1 2007/06/11 09:52:04 guy Exp $ (LBL)";
25 #endif
26 
27 #ifdef HAVE_CONFIG_H
28 #include "config.h"
29 #endif
30 
31 #include <stdio.h>
32 #include <string.h>
33 
34 #include "pcap-int.h"
35 
36 #ifdef HAVE_OS_PROTO_H
37 #include "os-proto.h"
38 #endif
39 
40 char *
bpf_image(p,n)41 bpf_image(p, n)
42 	struct bpf_insn *p;
43 	int n;
44 {
45 	int v;
46 	const char *fmt, *op;
47 	static char image[256];
48 	char operand[64];
49 
50 	v = p->k;
51 	switch (p->code) {
52 
53 	default:
54 		op = "unimp";
55 		fmt = "0x%x";
56 		v = p->code;
57 		break;
58 
59 	case BPF_RET|BPF_K:
60 		op = "ret";
61 		fmt = "#%d";
62 		break;
63 
64 	case BPF_RET|BPF_A:
65 		op = "ret";
66 		fmt = "";
67 		break;
68 
69 	case BPF_LD|BPF_W|BPF_ABS:
70 		op = "ld";
71 		fmt = "[%d]";
72 		break;
73 
74 	case BPF_LD|BPF_H|BPF_ABS:
75 		op = "ldh";
76 		fmt = "[%d]";
77 		break;
78 
79 	case BPF_LD|BPF_B|BPF_ABS:
80 		op = "ldb";
81 		fmt = "[%d]";
82 		break;
83 
84 	case BPF_LD|BPF_W|BPF_LEN:
85 		op = "ld";
86 		fmt = "#pktlen";
87 		break;
88 
89 	case BPF_LD|BPF_W|BPF_IND:
90 		op = "ld";
91 		fmt = "[x + %d]";
92 		break;
93 
94 	case BPF_LD|BPF_H|BPF_IND:
95 		op = "ldh";
96 		fmt = "[x + %d]";
97 		break;
98 
99 	case BPF_LD|BPF_B|BPF_IND:
100 		op = "ldb";
101 		fmt = "[x + %d]";
102 		break;
103 
104 	case BPF_LD|BPF_IMM:
105 		op = "ld";
106 		fmt = "#0x%x";
107 		break;
108 
109 	case BPF_LDX|BPF_IMM:
110 		op = "ldx";
111 		fmt = "#0x%x";
112 		break;
113 
114 	case BPF_LDX|BPF_MSH|BPF_B:
115 		op = "ldxb";
116 		fmt = "4*([%d]&0xf)";
117 		break;
118 
119 	case BPF_LD|BPF_MEM:
120 		op = "ld";
121 		fmt = "M[%d]";
122 		break;
123 
124 	case BPF_LDX|BPF_MEM:
125 		op = "ldx";
126 		fmt = "M[%d]";
127 		break;
128 
129 	case BPF_ST:
130 		op = "st";
131 		fmt = "M[%d]";
132 		break;
133 
134 	case BPF_STX:
135 		op = "stx";
136 		fmt = "M[%d]";
137 		break;
138 
139 	case BPF_JMP|BPF_JA:
140 		op = "ja";
141 		fmt = "%d";
142 		v = n + 1 + p->k;
143 		break;
144 
145 	case BPF_JMP|BPF_JGT|BPF_K:
146 		op = "jgt";
147 		fmt = "#0x%x";
148 		break;
149 
150 	case BPF_JMP|BPF_JGE|BPF_K:
151 		op = "jge";
152 		fmt = "#0x%x";
153 		break;
154 
155 	case BPF_JMP|BPF_JEQ|BPF_K:
156 		op = "jeq";
157 		fmt = "#0x%x";
158 		break;
159 
160 	case BPF_JMP|BPF_JSET|BPF_K:
161 		op = "jset";
162 		fmt = "#0x%x";
163 		break;
164 
165 	case BPF_JMP|BPF_JGT|BPF_X:
166 		op = "jgt";
167 		fmt = "x";
168 		break;
169 
170 	case BPF_JMP|BPF_JGE|BPF_X:
171 		op = "jge";
172 		fmt = "x";
173 		break;
174 
175 	case BPF_JMP|BPF_JEQ|BPF_X:
176 		op = "jeq";
177 		fmt = "x";
178 		break;
179 
180 	case BPF_JMP|BPF_JSET|BPF_X:
181 		op = "jset";
182 		fmt = "x";
183 		break;
184 
185 	case BPF_ALU|BPF_ADD|BPF_X:
186 		op = "add";
187 		fmt = "x";
188 		break;
189 
190 	case BPF_ALU|BPF_SUB|BPF_X:
191 		op = "sub";
192 		fmt = "x";
193 		break;
194 
195 	case BPF_ALU|BPF_MUL|BPF_X:
196 		op = "mul";
197 		fmt = "x";
198 		break;
199 
200 	case BPF_ALU|BPF_DIV|BPF_X:
201 		op = "div";
202 		fmt = "x";
203 		break;
204 
205 	case BPF_ALU|BPF_AND|BPF_X:
206 		op = "and";
207 		fmt = "x";
208 		break;
209 
210 	case BPF_ALU|BPF_OR|BPF_X:
211 		op = "or";
212 		fmt = "x";
213 		break;
214 
215 	case BPF_ALU|BPF_LSH|BPF_X:
216 		op = "lsh";
217 		fmt = "x";
218 		break;
219 
220 	case BPF_ALU|BPF_RSH|BPF_X:
221 		op = "rsh";
222 		fmt = "x";
223 		break;
224 
225 	case BPF_ALU|BPF_ADD|BPF_K:
226 		op = "add";
227 		fmt = "#%d";
228 		break;
229 
230 	case BPF_ALU|BPF_SUB|BPF_K:
231 		op = "sub";
232 		fmt = "#%d";
233 		break;
234 
235 	case BPF_ALU|BPF_MUL|BPF_K:
236 		op = "mul";
237 		fmt = "#%d";
238 		break;
239 
240 	case BPF_ALU|BPF_DIV|BPF_K:
241 		op = "div";
242 		fmt = "#%d";
243 		break;
244 
245 	case BPF_ALU|BPF_AND|BPF_K:
246 		op = "and";
247 		fmt = "#0x%x";
248 		break;
249 
250 	case BPF_ALU|BPF_OR|BPF_K:
251 		op = "or";
252 		fmt = "#0x%x";
253 		break;
254 
255 	case BPF_ALU|BPF_LSH|BPF_K:
256 		op = "lsh";
257 		fmt = "#%d";
258 		break;
259 
260 	case BPF_ALU|BPF_RSH|BPF_K:
261 		op = "rsh";
262 		fmt = "#%d";
263 		break;
264 
265 	case BPF_ALU|BPF_NEG:
266 		op = "neg";
267 		fmt = "";
268 		break;
269 
270 	case BPF_MISC|BPF_TAX:
271 		op = "tax";
272 		fmt = "";
273 		break;
274 
275 	case BPF_MISC|BPF_TXA:
276 		op = "txa";
277 		fmt = "";
278 		break;
279 	}
280 	(void)snprintf(operand, sizeof operand, fmt, v);
281 	(void)snprintf(image, sizeof image,
282 		      (BPF_CLASS(p->code) == BPF_JMP &&
283 		       BPF_OP(p->code) != BPF_JA) ?
284 		      "(%03d) %-8s %-16s jt %d\tjf %d"
285 		      : "(%03d) %-8s %s",
286 		      n, op, operand, n + 1 + p->jt, n + 1 + p->jf);
287 	return image;
288 }
289