xref: /openbsd-src/lib/libpcap/bpf_image.c (revision 3d61058aa5c692477b6d18acfbbdb653a9930ff9) 
1 /*	$OpenBSD: bpf_image.c,v 1.12 2024/04/05 18:01:56 deraadt Exp $	*/
2 
3 /*
4  * Copyright (c) 1990, 1991, 1992, 1994, 1995, 1996
5  *	The Regents of the University of California.  All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that: (1) source code distributions
9  * retain the above copyright notice and this paragraph in its entirety, (2)
10  * distributions including binary code include the above copyright notice and
11  * this paragraph in its entirety in the documentation or other materials
12  * provided with the distribution, and (3) all advertising materials mentioning
13  * features or use of this software display the following acknowledgement:
14  * ``This product includes software developed by the University of California,
15  * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
16  * the University nor the names of its contributors may be used to endorse
17  * or promote products derived from this software without specific prior
18  * written permission.
19  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
20  * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
21  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
22  */
23 
24 #include <sys/types.h>
25 #include <sys/time.h>
26 
27 #include <stdio.h>
28 #include <string.h>
29 
30 #include "pcap-int.h"
31 
32 #ifdef HAVE_OS_PROTO_H
33 #include "os-proto.h"
34 #endif
35 
36 char *
37 bpf_image(const struct bpf_insn *p, int n)
38 {
39 	int v;
40 	char *fmt, *op;
41 	static char image[256];
42 	char operand[64];
43 
44 	v = p->k;
45 	switch (p->code) {
46 
47 	default:
48 		op = "unimp";
49 		fmt = "0x%x";
50 		v = p->code;
51 		break;
52 
53 	case BPF_RET|BPF_K:
54 		op = "ret";
55 		fmt = "#%d";
56 		break;
57 
58 	case BPF_RET|BPF_A:
59 		op = "ret";
60 		fmt = "";
61 		break;
62 
63 	case BPF_LD|BPF_W|BPF_ABS:
64 		op = "ld";
65 		fmt = "[%d]";
66 		break;
67 
68 	case BPF_LD|BPF_H|BPF_ABS:
69 		op = "ldh";
70 		fmt = "[%d]";
71 		break;
72 
73 	case BPF_LD|BPF_B|BPF_ABS:
74 		op = "ldb";
75 		fmt = "[%d]";
76 		break;
77 
78 	case BPF_LD|BPF_W|BPF_LEN:
79 		op = "ld";
80 		fmt = "#pktlen";
81 		break;
82 
83 	case BPF_LD|BPF_W|BPF_RND:
84 		op = "ld";
85 		fmt = "#random";
86 		break;
87 
88 	case BPF_LD|BPF_W|BPF_IND:
89 		op = "ld";
90 		fmt = "[x + %d]";
91 		break;
92 
93 	case BPF_LD|BPF_H|BPF_IND:
94 		op = "ldh";
95 		fmt = "[x + %d]";
96 		break;
97 
98 	case BPF_LD|BPF_B|BPF_IND:
99 		op = "ldb";
100 		fmt = "[x + %d]";
101 		break;
102 
103 	case BPF_LD|BPF_IMM:
104 		op = "ld";
105 		fmt = "#0x%x";
106 		break;
107 
108 	case BPF_LDX|BPF_IMM:
109 		op = "ldx";
110 		fmt = "#0x%x";
111 		break;
112 
113 	case BPF_LDX|BPF_MSH|BPF_B:
114 		op = "ldxb";
115 		fmt = "4*([%d]&0xf)";
116 		break;
117 
118 	case BPF_LD|BPF_MEM:
119 		op = "ld";
120 		fmt = "M[%d]";
121 		break;
122 
123 	case BPF_LDX|BPF_MEM:
124 		op = "ldx";
125 		fmt = "M[%d]";
126 		break;
127 
128 	case BPF_ST:
129 		op = "st";
130 		fmt = "M[%d]";
131 		break;
132 
133 	case BPF_STX:
134 		op = "stx";
135 		fmt = "M[%d]";
136 		break;
137 
138 	case BPF_JMP|BPF_JA:
139 		op = "ja";
140 		fmt = "%d";
141 		v = n + 1 + p->k;
142 		break;
143 
144 	case BPF_JMP|BPF_JGT|BPF_K:
145 		op = "jgt";
146 		fmt = "#0x%x";
147 		break;
148 
149 	case BPF_JMP|BPF_JGE|BPF_K:
150 		op = "jge";
151 		fmt = "#0x%x";
152 		break;
153 
154 	case BPF_JMP|BPF_JEQ|BPF_K:
155 		op = "jeq";
156 		fmt = "#0x%x";
157 		break;
158 
159 	case BPF_JMP|BPF_JSET|BPF_K:
160 		op = "jset";
161 		fmt = "#0x%x";
162 		break;
163 
164 	case BPF_JMP|BPF_JGT|BPF_X:
165 		op = "jgt";
166 		fmt = "x";
167 		break;
168 
169 	case BPF_JMP|BPF_JGE|BPF_X:
170 		op = "jge";
171 		fmt = "x";
172 		break;
173 
174 	case BPF_JMP|BPF_JEQ|BPF_X:
175 		op = "jeq";
176 		fmt = "x";
177 		break;
178 
179 	case BPF_JMP|BPF_JSET|BPF_X:
180 		op = "jset";
181 		fmt = "x";
182 		break;
183 
184 	case BPF_ALU|BPF_ADD|BPF_X:
185 		op = "add";
186 		fmt = "x";
187 		break;
188 
189 	case BPF_ALU|BPF_SUB|BPF_X:
190 		op = "sub";
191 		fmt = "x";
192 		break;
193 
194 	case BPF_ALU|BPF_MUL|BPF_X:
195 		op = "mul";
196 		fmt = "x";
197 		break;
198 
199 	case BPF_ALU|BPF_DIV|BPF_X:
200 		op = "div";
201 		fmt = "x";
202 		break;
203 
204 	case BPF_ALU|BPF_AND|BPF_X:
205 		op = "and";
206 		fmt = "x";
207 		break;
208 
209 	case BPF_ALU|BPF_OR|BPF_X:
210 		op = "or";
211 		fmt = "x";
212 		break;
213 
214 	case BPF_ALU|BPF_LSH|BPF_X:
215 		op = "lsh";
216 		fmt = "x";
217 		break;
218 
219 	case BPF_ALU|BPF_RSH|BPF_X:
220 		op = "rsh";
221 		fmt = "x";
222 		break;
223 
224 	case BPF_ALU|BPF_ADD|BPF_K:
225 		op = "add";
226 		fmt = "#%d";
227 		break;
228 
229 	case BPF_ALU|BPF_SUB|BPF_K:
230 		op = "sub";
231 		fmt = "#%d";
232 		break;
233 
234 	case BPF_ALU|BPF_MUL|BPF_K:
235 		op = "mul";
236 		fmt = "#%d";
237 		break;
238 
239 	case BPF_ALU|BPF_DIV|BPF_K:
240 		op = "div";
241 		fmt = "#%d";
242 		break;
243 
244 	case BPF_ALU|BPF_AND|BPF_K:
245 		op = "and";
246 		fmt = "#0x%x";
247 		break;
248 
249 	case BPF_ALU|BPF_OR|BPF_K:
250 		op = "or";
251 		fmt = "#0x%x";
252 		break;
253 
254 	case BPF_ALU|BPF_LSH|BPF_K:
255 		op = "lsh";
256 		fmt = "#%d";
257 		break;
258 
259 	case BPF_ALU|BPF_RSH|BPF_K:
260 		op = "rsh";
261 		fmt = "#%d";
262 		break;
263 
264 	case BPF_ALU|BPF_NEG:
265 		op = "neg";
266 		fmt = "";
267 		break;
268 
269 	case BPF_MISC|BPF_TAX:
270 		op = "tax";
271 		fmt = "";
272 		break;
273 
274 	case BPF_MISC|BPF_TXA:
275 		op = "txa";
276 		fmt = "";
277 		break;
278 	}
279 	(void)snprintf(operand, sizeof operand, fmt, v);
280 	(void)snprintf(image, sizeof image,
281 		      (BPF_CLASS(p->code) == BPF_JMP &&
282 		       BPF_OP(p->code) != BPF_JA) ?
283 		      "(%03d) %-8s %-16s jt %d\tjf %d"
284 		      : "(%03d) %-8s %s",
285 		      n, op, operand, n + 1 + p->jt, n + 1 + p->jf);
286 	return image;
287 }
288