1 /* 2 * Copyright (c) 1990, 1991, 1992, 1994, 1995, 1996 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that: (1) source code distributions 7 * retain the above copyright notice and this paragraph in its entirety, (2) 8 * distributions including binary code include the above copyright notice and 9 * this paragraph in its entirety in the documentation or other materials 10 * provided with the distribution, and (3) all advertising materials mentioning 11 * features or use of this software display the following acknowledgement: 12 * ``This product includes software developed by the University of California, 13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 14 * the University nor the names of its contributors may be used to endorse 15 * or promote products derived from this software without specific prior 16 * written permission. 17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 20 */ 21 22 #ifdef HAVE_CONFIG_H 23 #include "config.h" 24 #endif 25 26 #ifdef _WIN32 27 #include <pcap-stdinc.h> 28 #else /* _WIN32 */ 29 #if HAVE_INTTYPES_H 30 #include <inttypes.h> 31 #elif HAVE_STDINT_H 32 #include <stdint.h> 33 #endif 34 #ifdef HAVE_SYS_BITYPES_H 35 #include <sys/bitypes.h> 36 #endif 37 #include <sys/types.h> 38 #endif /* _WIN32 */ 39 40 #include <stdio.h> 41 #include <string.h> 42 43 #include "pcap-int.h" 44 45 #ifdef HAVE_OS_PROTO_H 46 #include "os-proto.h" 47 #endif 48 49 char * 50 bpf_image(p, n) 51 const struct bpf_insn *p; 52 int n; 53 { 54 int v; 55 const char *fmt, *op; 56 static char image[256]; 57 char operand[64]; 58 59 v = p->k; 60 switch (p->code) { 61 62 default: 63 op = "unimp"; 64 fmt = "0x%x"; 65 v = p->code; 66 break; 67 68 case BPF_RET|BPF_K: 69 op = "ret"; 70 fmt = "#%d"; 71 break; 72 73 case BPF_RET|BPF_A: 74 op = "ret"; 75 fmt = ""; 76 break; 77 78 case BPF_LD|BPF_W|BPF_ABS: 79 op = "ld"; 80 fmt = "[%d]"; 81 break; 82 83 case BPF_LD|BPF_H|BPF_ABS: 84 op = "ldh"; 85 fmt = "[%d]"; 86 break; 87 88 case BPF_LD|BPF_B|BPF_ABS: 89 op = "ldb"; 90 fmt = "[%d]"; 91 break; 92 93 case BPF_LD|BPF_W|BPF_LEN: 94 op = "ld"; 95 fmt = "#pktlen"; 96 break; 97 98 case BPF_LD|BPF_W|BPF_IND: 99 op = "ld"; 100 fmt = "[x + %d]"; 101 break; 102 103 case BPF_LD|BPF_H|BPF_IND: 104 op = "ldh"; 105 fmt = "[x + %d]"; 106 break; 107 108 case BPF_LD|BPF_B|BPF_IND: 109 op = "ldb"; 110 fmt = "[x + %d]"; 111 break; 112 113 case BPF_LD|BPF_IMM: 114 op = "ld"; 115 fmt = "#0x%x"; 116 break; 117 118 case BPF_LDX|BPF_IMM: 119 op = "ldx"; 120 fmt = "#0x%x"; 121 break; 122 123 case BPF_LDX|BPF_MSH|BPF_B: 124 op = "ldxb"; 125 fmt = "4*([%d]&0xf)"; 126 break; 127 128 case BPF_LD|BPF_MEM: 129 op = "ld"; 130 fmt = "M[%d]"; 131 break; 132 133 case BPF_LDX|BPF_MEM: 134 op = "ldx"; 135 fmt = "M[%d]"; 136 break; 137 138 case BPF_ST: 139 op = "st"; 140 fmt = "M[%d]"; 141 break; 142 143 case BPF_STX: 144 op = "stx"; 145 fmt = "M[%d]"; 146 break; 147 148 case BPF_JMP|BPF_JA: 149 op = "ja"; 150 fmt = "%d"; 151 v = n + 1 + p->k; 152 break; 153 154 case BPF_JMP|BPF_JGT|BPF_K: 155 op = "jgt"; 156 fmt = "#0x%x"; 157 break; 158 159 case BPF_JMP|BPF_JGE|BPF_K: 160 op = "jge"; 161 fmt = "#0x%x"; 162 break; 163 164 case BPF_JMP|BPF_JEQ|BPF_K: 165 op = "jeq"; 166 fmt = "#0x%x"; 167 break; 168 169 case BPF_JMP|BPF_JSET|BPF_K: 170 op = "jset"; 171 fmt = "#0x%x"; 172 break; 173 174 case BPF_JMP|BPF_JGT|BPF_X: 175 op = "jgt"; 176 fmt = "x"; 177 break; 178 179 case BPF_JMP|BPF_JGE|BPF_X: 180 op = "jge"; 181 fmt = "x"; 182 break; 183 184 case BPF_JMP|BPF_JEQ|BPF_X: 185 op = "jeq"; 186 fmt = "x"; 187 break; 188 189 case BPF_JMP|BPF_JSET|BPF_X: 190 op = "jset"; 191 fmt = "x"; 192 break; 193 194 case BPF_ALU|BPF_ADD|BPF_X: 195 op = "add"; 196 fmt = "x"; 197 break; 198 199 case BPF_ALU|BPF_SUB|BPF_X: 200 op = "sub"; 201 fmt = "x"; 202 break; 203 204 case BPF_ALU|BPF_MUL|BPF_X: 205 op = "mul"; 206 fmt = "x"; 207 break; 208 209 case BPF_ALU|BPF_DIV|BPF_X: 210 op = "div"; 211 fmt = "x"; 212 break; 213 214 case BPF_ALU|BPF_MOD|BPF_X: 215 op = "mod"; 216 fmt = "x"; 217 break; 218 219 case BPF_ALU|BPF_AND|BPF_X: 220 op = "and"; 221 fmt = "x"; 222 break; 223 224 case BPF_ALU|BPF_OR|BPF_X: 225 op = "or"; 226 fmt = "x"; 227 break; 228 229 case BPF_ALU|BPF_XOR|BPF_X: 230 op = "xor"; 231 fmt = "x"; 232 break; 233 234 case BPF_ALU|BPF_LSH|BPF_X: 235 op = "lsh"; 236 fmt = "x"; 237 break; 238 239 case BPF_ALU|BPF_RSH|BPF_X: 240 op = "rsh"; 241 fmt = "x"; 242 break; 243 244 case BPF_ALU|BPF_ADD|BPF_K: 245 op = "add"; 246 fmt = "#%d"; 247 break; 248 249 case BPF_ALU|BPF_SUB|BPF_K: 250 op = "sub"; 251 fmt = "#%d"; 252 break; 253 254 case BPF_ALU|BPF_MUL|BPF_K: 255 op = "mul"; 256 fmt = "#%d"; 257 break; 258 259 case BPF_ALU|BPF_DIV|BPF_K: 260 op = "div"; 261 fmt = "#%d"; 262 break; 263 264 case BPF_ALU|BPF_MOD|BPF_K: 265 op = "mod"; 266 fmt = "#%d"; 267 break; 268 269 case BPF_ALU|BPF_AND|BPF_K: 270 op = "and"; 271 fmt = "#0x%x"; 272 break; 273 274 case BPF_ALU|BPF_OR|BPF_K: 275 op = "or"; 276 fmt = "#0x%x"; 277 break; 278 279 case BPF_ALU|BPF_XOR|BPF_K: 280 op = "xor"; 281 fmt = "#0x%x"; 282 break; 283 284 case BPF_ALU|BPF_LSH|BPF_K: 285 op = "lsh"; 286 fmt = "#%d"; 287 break; 288 289 case BPF_ALU|BPF_RSH|BPF_K: 290 op = "rsh"; 291 fmt = "#%d"; 292 break; 293 294 case BPF_ALU|BPF_NEG: 295 op = "neg"; 296 fmt = ""; 297 break; 298 299 case BPF_MISC|BPF_TAX: 300 op = "tax"; 301 fmt = ""; 302 break; 303 304 case BPF_MISC|BPF_TXA: 305 op = "txa"; 306 fmt = ""; 307 break; 308 } 309 (void)pcap_snprintf(operand, sizeof operand, fmt, v); 310 if (BPF_CLASS(p->code) == BPF_JMP && BPF_OP(p->code) != BPF_JA) { 311 (void)pcap_snprintf(image, sizeof image, 312 "(%03d) %-8s %-16s jt %d\tjf %d", 313 n, op, operand, n + 1 + p->jt, n + 1 + p->jf); 314 } else { 315 (void)pcap_snprintf(image, sizeof image, 316 "(%03d) %-8s %s", 317 n, op, operand); 318 } 319 return image; 320 } 321