1 /* 2 * Copyright (c) 1990, 1991, 1992, 1994, 1995, 1996 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that: (1) source code distributions 7 * retain the above copyright notice and this paragraph in its entirety, (2) 8 * distributions including binary code include the above copyright notice and 9 * this paragraph in its entirety in the documentation or other materials 10 * provided with the distribution, and (3) all advertising materials mentioning 11 * features or use of this software display the following acknowledgement: 12 * ``This product includes software developed by the University of California, 13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 14 * the University nor the names of its contributors may be used to endorse 15 * or promote products derived from this software without specific prior 16 * written permission. 17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 20 */ 21 22 #ifndef lint 23 static const char rcsid[] _U_ = 24 "@(#) $Header: /tcpdump/master/libpcap/bpf_image.c,v 1.28 2008-01-02 04:16:46 guy Exp $ (LBL)"; 25 #endif 26 27 #ifdef HAVE_CONFIG_H 28 #include "config.h" 29 #endif 30 31 #ifdef WIN32 32 #include <pcap-stdinc.h> 33 #else /* WIN32 */ 34 #if HAVE_INTTYPES_H 35 #include <inttypes.h> 36 #elif HAVE_STDINT_H 37 #include <stdint.h> 38 #endif 39 #ifdef HAVE_SYS_BITYPES_H 40 #include <sys/bitypes.h> 41 #endif 42 #include <sys/types.h> 43 #endif /* WIN32 */ 44 45 #include <stdio.h> 46 #include <string.h> 47 48 #include "pcap-int.h" 49 50 #ifdef HAVE_OS_PROTO_H 51 #include "os-proto.h" 52 #endif 53 54 char * 55 bpf_image(p, n) 56 const struct bpf_insn *p; 57 int n; 58 { 59 int v; 60 const char *fmt, *op; 61 static char image[256]; 62 char operand[64]; 63 64 v = p->k; 65 switch (p->code) { 66 67 default: 68 op = "unimp"; 69 fmt = "0x%x"; 70 v = p->code; 71 break; 72 73 case BPF_RET|BPF_K: 74 op = "ret"; 75 fmt = "#%d"; 76 break; 77 78 case BPF_RET|BPF_A: 79 op = "ret"; 80 fmt = ""; 81 break; 82 83 case BPF_LD|BPF_W|BPF_ABS: 84 op = "ld"; 85 fmt = "[%d]"; 86 break; 87 88 case BPF_LD|BPF_H|BPF_ABS: 89 op = "ldh"; 90 fmt = "[%d]"; 91 break; 92 93 case BPF_LD|BPF_B|BPF_ABS: 94 op = "ldb"; 95 fmt = "[%d]"; 96 break; 97 98 case BPF_LD|BPF_W|BPF_LEN: 99 op = "ld"; 100 fmt = "#pktlen"; 101 break; 102 103 case BPF_LD|BPF_W|BPF_IND: 104 op = "ld"; 105 fmt = "[x + %d]"; 106 break; 107 108 case BPF_LD|BPF_H|BPF_IND: 109 op = "ldh"; 110 fmt = "[x + %d]"; 111 break; 112 113 case BPF_LD|BPF_B|BPF_IND: 114 op = "ldb"; 115 fmt = "[x + %d]"; 116 break; 117 118 case BPF_LD|BPF_IMM: 119 op = "ld"; 120 fmt = "#0x%x"; 121 break; 122 123 case BPF_LDX|BPF_IMM: 124 op = "ldx"; 125 fmt = "#0x%x"; 126 break; 127 128 case BPF_LDX|BPF_MSH|BPF_B: 129 op = "ldxb"; 130 fmt = "4*([%d]&0xf)"; 131 break; 132 133 case BPF_LD|BPF_MEM: 134 op = "ld"; 135 fmt = "M[%d]"; 136 break; 137 138 case BPF_LDX|BPF_MEM: 139 op = "ldx"; 140 fmt = "M[%d]"; 141 break; 142 143 case BPF_ST: 144 op = "st"; 145 fmt = "M[%d]"; 146 break; 147 148 case BPF_STX: 149 op = "stx"; 150 fmt = "M[%d]"; 151 break; 152 153 case BPF_JMP|BPF_JA: 154 op = "ja"; 155 fmt = "%d"; 156 v = n + 1 + p->k; 157 break; 158 159 case BPF_JMP|BPF_JGT|BPF_K: 160 op = "jgt"; 161 fmt = "#0x%x"; 162 break; 163 164 case BPF_JMP|BPF_JGE|BPF_K: 165 op = "jge"; 166 fmt = "#0x%x"; 167 break; 168 169 case BPF_JMP|BPF_JEQ|BPF_K: 170 op = "jeq"; 171 fmt = "#0x%x"; 172 break; 173 174 case BPF_JMP|BPF_JSET|BPF_K: 175 op = "jset"; 176 fmt = "#0x%x"; 177 break; 178 179 case BPF_JMP|BPF_JGT|BPF_X: 180 op = "jgt"; 181 fmt = "x"; 182 break; 183 184 case BPF_JMP|BPF_JGE|BPF_X: 185 op = "jge"; 186 fmt = "x"; 187 break; 188 189 case BPF_JMP|BPF_JEQ|BPF_X: 190 op = "jeq"; 191 fmt = "x"; 192 break; 193 194 case BPF_JMP|BPF_JSET|BPF_X: 195 op = "jset"; 196 fmt = "x"; 197 break; 198 199 case BPF_ALU|BPF_ADD|BPF_X: 200 op = "add"; 201 fmt = "x"; 202 break; 203 204 case BPF_ALU|BPF_SUB|BPF_X: 205 op = "sub"; 206 fmt = "x"; 207 break; 208 209 case BPF_ALU|BPF_MUL|BPF_X: 210 op = "mul"; 211 fmt = "x"; 212 break; 213 214 case BPF_ALU|BPF_DIV|BPF_X: 215 op = "div"; 216 fmt = "x"; 217 break; 218 219 case BPF_ALU|BPF_AND|BPF_X: 220 op = "and"; 221 fmt = "x"; 222 break; 223 224 case BPF_ALU|BPF_OR|BPF_X: 225 op = "or"; 226 fmt = "x"; 227 break; 228 229 case BPF_ALU|BPF_LSH|BPF_X: 230 op = "lsh"; 231 fmt = "x"; 232 break; 233 234 case BPF_ALU|BPF_RSH|BPF_X: 235 op = "rsh"; 236 fmt = "x"; 237 break; 238 239 case BPF_ALU|BPF_ADD|BPF_K: 240 op = "add"; 241 fmt = "#%d"; 242 break; 243 244 case BPF_ALU|BPF_SUB|BPF_K: 245 op = "sub"; 246 fmt = "#%d"; 247 break; 248 249 case BPF_ALU|BPF_MUL|BPF_K: 250 op = "mul"; 251 fmt = "#%d"; 252 break; 253 254 case BPF_ALU|BPF_DIV|BPF_K: 255 op = "div"; 256 fmt = "#%d"; 257 break; 258 259 case BPF_ALU|BPF_AND|BPF_K: 260 op = "and"; 261 fmt = "#0x%x"; 262 break; 263 264 case BPF_ALU|BPF_OR|BPF_K: 265 op = "or"; 266 fmt = "#0x%x"; 267 break; 268 269 case BPF_ALU|BPF_LSH|BPF_K: 270 op = "lsh"; 271 fmt = "#%d"; 272 break; 273 274 case BPF_ALU|BPF_RSH|BPF_K: 275 op = "rsh"; 276 fmt = "#%d"; 277 break; 278 279 case BPF_ALU|BPF_NEG: 280 op = "neg"; 281 fmt = ""; 282 break; 283 284 case BPF_MISC|BPF_TAX: 285 op = "tax"; 286 fmt = ""; 287 break; 288 289 case BPF_MISC|BPF_TXA: 290 op = "txa"; 291 fmt = ""; 292 break; 293 } 294 (void)snprintf(operand, sizeof operand, fmt, v); 295 if (BPF_CLASS(p->code) == BPF_JMP && BPF_OP(p->code) != BPF_JA) { 296 (void)snprintf(image, sizeof image, 297 "(%03d) %-8s %-16s jt %d\tjf %d", 298 n, op, operand, n + 1 + p->jt, n + 1 + p->jf); 299 } else { 300 (void)snprintf(image, sizeof image, 301 "(%03d) %-8s %s", 302 n, op, operand); 303 } 304 return image; 305 } 306