xref: /freebsd/contrib/libpcap/scanner.l (revision 7fdf597e96a02165cfe22ff357b857d5fa15ed8a)
1 %top {
2 /* Must come first for _LARGE_FILE_API on AIX. */
3 #include <config.h>
4 
5 /*
6  * Must come first to avoid warnings on Windows.
7  *
8  * Flex-generated scanners may only include <inttypes.h> if __STDC_VERSION__
9  * is defined with a value >= 199901, meaning "full C99", and MSVC may not
10  * define it with that value, because it isn't 100% C99-compliant, even
11  * though it has an <inttypes.h> capable of defining everything the Flex
12  * scanner needs.
13  *
14  * We, however, will include it if we know we have an MSVC version that has
15  * it; this means that we may define the INTn_MAX and UINTn_MAX values in
16  * scanner.c, and then include <stdint.h>, which may define them differently
17  * (same value, but different string of characters), causing compiler warnings.
18  *
19  * If we include it here, and they're defined, that'll prevent scanner.c
20  * from defining them.  So we include <pcap/pcap-inttypes.h>, to get
21  * <inttypes.h> if we have it.
22  */
23 #include <pcap/pcap-inttypes.h>
24 
25 /*
26  * grammar.h requires gencode.h and sometimes breaks in a polluted namespace
27  * (see ftmacros.h), so include it early.
28  */
29 #include "gencode.h"
30 #include "grammar.h"
31 
32 #include "diag-control.h"
33 
34 /*
35  * Convert string to 32-bit unsigned integer; the string starts at
36  * string and is string_len bytes long.
37  *
38  * On success, sets *val to the value and returns 1.
39  * On failure, sets the BPF error string and returns 0.
40  *
41  * Also used in gencode.c
42  */
43 typedef enum {
44 	STOULEN_OK,
45 	STOULEN_NOT_HEX_NUMBER,
46 	STOULEN_NOT_OCTAL_NUMBER,
47 	STOULEN_NOT_DECIMAL_NUMBER,
48 	STOULEN_ERROR
49 } stoulen_ret;
50 
51 stoulen_ret stoulen(const char *string, size_t stringlen, bpf_u_int32 *val,
52     compiler_state_t *cstate);
53 }
54 
55 /*
56  * We want a reentrant scanner.
57  */
58 %option reentrant
59 
60 /*
61  * And we need to pass the compiler state to the scanner.
62  */
63 %option extra-type="compiler_state_t *"
64 
65 /*
66  * We don't use input, so don't generate code for it.
67  */
68 %option noinput
69 
70 /*
71  * We don't use unput, so don't generate code for it.
72  */
73 %option nounput
74 
75 /*
76  * We don't read from the terminal.
77  */
78 %option never-interactive
79 
80 /*
81  * We want to stop processing when we get to the end of the input.
82  */
83 %option noyywrap
84 
85 /*
86  * We want to generate code that can be used by a reentrant parser
87  * generated by Bison or Berkeley YACC.
88  */
89 %option bison-bridge
90 
91 %{
92 /*
93  * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
94  *	The Regents of the University of California.  All rights reserved.
95  *
96  * Redistribution and use in source and binary forms, with or without
97  * modification, are permitted provided that: (1) source code distributions
98  * retain the above copyright notice and this paragraph in its entirety, (2)
99  * distributions including binary code include the above copyright notice and
100  * this paragraph in its entirety in the documentation or other materials
101  * provided with the distribution, and (3) all advertising materials mentioning
102  * features or use of this software display the following acknowledgement:
103  * ``This product includes software developed by the University of California,
104  * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
105  * the University nor the names of its contributors may be used to endorse
106  * or promote products derived from this software without specific prior
107  * written permission.
108  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
109  * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
110  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
111  */
112 
113 #include <string.h>
114 
115 #include "pcap-int.h"
116 
117 /*
118  * Earlier versions of Flex don't declare these, so we declare them
119  * ourselves to squelch warnings.
120  */
121 int pcap_get_column(yyscan_t);
122 void pcap_set_column(int, yyscan_t);
123 
124 #ifdef INET6
125 
126 #ifdef _WIN32
127 #include <winsock2.h>
128 #include <ws2tcpip.h>
129 /*
130  * To quote the MSDN page for getaddrinfo() at
131  *
132  *    https://msdn.microsoft.com/en-us/library/windows/desktop/ms738520(v=vs.85).aspx
133  *
134  * "Support for getaddrinfo on Windows 2000 and older versions
135  * The getaddrinfo function was added to the Ws2_32.dll on Windows XP and
136  * later. To execute an application that uses this function on earlier
137  * versions of Windows, then you need to include the Ws2tcpip.h and
138  * Wspiapi.h files. When the Wspiapi.h include file is added, the
139  * getaddrinfo function is defined to the WspiapiGetAddrInfo inline
140  * function in the Wspiapi.h file. At runtime, the WspiapiGetAddrInfo
141  * function is implemented in such a way that if the Ws2_32.dll or the
142  * Wship6.dll (the file containing getaddrinfo in the IPv6 Technology
143  * Preview for Windows 2000) does not include getaddrinfo, then a
144  * version of getaddrinfo is implemented inline based on code in the
145  * Wspiapi.h header file. This inline code will be used on older Windows
146  * platforms that do not natively support the getaddrinfo function."
147  *
148  * We use getaddrinfo(), so we include Wspiapi.h here.
149  */
150 #include <wspiapi.h>
151 #else /* _WIN32 */
152 #include <sys/socket.h>	/* for "struct sockaddr" in "struct addrinfo" */
153 #include <netdb.h>	/* for "struct addrinfo" */
154 #endif /* _WIN32 */
155 
156 /* Workaround for AIX 4.3 */
157 #if !defined(AI_NUMERICHOST)
158 #define AI_NUMERICHOST 0x04
159 #endif
160 
161 #endif /*INET6*/
162 
163 #include <pcap/namedb.h>
164 #include "grammar.h"
165 
166 #ifdef HAVE_OS_PROTO_H
167 #include "os-proto.h"
168 #endif
169 
170 static int stou(const char *, YYSTYPE *, compiler_state_t *);
171 
172 /*
173  * Disable diagnostics in the code generated by Flex.
174  */
175 DIAG_OFF_FLEX
176 
177 %}
178 
179 N		([0-9]+|(0X|0x)[0-9A-Fa-f]+)
180 B		([0-9A-Fa-f][0-9A-Fa-f]?)
181 B2		([0-9A-Fa-f][0-9A-Fa-f][0-9A-Fa-f][0-9A-Fa-f])
182 W		([0-9A-Fa-f][0-9A-Fa-f]?[0-9A-Fa-f]?[0-9A-Fa-f]?)
183 
184 %a 18400
185 %o 21500
186 %e 7600
187 %k 4550
188 %p 27600
189 %n 2000
190 
191 V680		{W}:{W}:{W}:{W}:{W}:{W}:{W}:{W}
192 
193 V670		::{W}:{W}:{W}:{W}:{W}:{W}:{W}
194 V671		{W}::{W}:{W}:{W}:{W}:{W}:{W}
195 V672		{W}:{W}::{W}:{W}:{W}:{W}:{W}
196 V673		{W}:{W}:{W}::{W}:{W}:{W}:{W}
197 V674		{W}:{W}:{W}:{W}::{W}:{W}:{W}
198 V675		{W}:{W}:{W}:{W}:{W}::{W}:{W}
199 V676		{W}:{W}:{W}:{W}:{W}:{W}::{W}
200 V677		{W}:{W}:{W}:{W}:{W}:{W}:{W}::
201 
202 V660		::{W}:{W}:{W}:{W}:{W}:{W}
203 V661		{W}::{W}:{W}:{W}:{W}:{W}
204 V662		{W}:{W}::{W}:{W}:{W}:{W}
205 V663		{W}:{W}:{W}::{W}:{W}:{W}
206 V664		{W}:{W}:{W}:{W}::{W}:{W}
207 V665		{W}:{W}:{W}:{W}:{W}::{W}
208 V666		{W}:{W}:{W}:{W}:{W}:{W}::
209 
210 V650		::{W}:{W}:{W}:{W}:{W}
211 V651		{W}::{W}:{W}:{W}:{W}
212 V652		{W}:{W}::{W}:{W}:{W}
213 V653		{W}:{W}:{W}::{W}:{W}
214 V654		{W}:{W}:{W}:{W}::{W}
215 V655		{W}:{W}:{W}:{W}:{W}::
216 
217 V640		::{W}:{W}:{W}:{W}
218 V641		{W}::{W}:{W}:{W}
219 V642		{W}:{W}::{W}:{W}
220 V643		{W}:{W}:{W}::{W}
221 V644		{W}:{W}:{W}:{W}::
222 
223 V630		::{W}:{W}:{W}
224 V631		{W}::{W}:{W}
225 V632		{W}:{W}::{W}
226 V633		{W}:{W}:{W}::
227 
228 V620		::{W}:{W}
229 V621		{W}::{W}
230 V622		{W}:{W}::
231 
232 V610		::{W}
233 V611		{W}::
234 
235 V600		::
236 
237 V6604		{W}:{W}:{W}:{W}:{W}:{W}:{N}\.{N}\.{N}\.{N}
238 
239 V6504		::{W}:{W}:{W}:{W}:{W}:{N}\.{N}\.{N}\.{N}
240 V6514		{W}::{W}:{W}:{W}:{W}:{N}\.{N}\.{N}\.{N}
241 V6524		{W}:{W}::{W}:{W}:{W}:{N}\.{N}\.{N}\.{N}
242 V6534		{W}:{W}:{W}::{W}:{W}:{N}\.{N}\.{N}\.{N}
243 V6544		{W}:{W}:{W}:{W}::{W}:{N}\.{N}\.{N}\.{N}
244 V6554		{W}:{W}:{W}:{W}:{W}::{N}\.{N}\.{N}\.{N}
245 
246 V6404		::{W}:{W}:{W}:{W}:{N}\.{N}\.{N}\.{N}
247 V6414		{W}::{W}:{W}:{W}:{N}\.{N}\.{N}\.{N}
248 V6424		{W}:{W}::{W}:{W}:{N}\.{N}\.{N}\.{N}
249 V6434		{W}:{W}:{W}::{W}:{N}\.{N}\.{N}\.{N}
250 V6444		{W}:{W}:{W}:{W}::{N}\.{N}\.{N}\.{N}
251 
252 V6304		::{W}:{W}:{W}:{N}\.{N}\.{N}\.{N}
253 V6314		{W}::{W}:{W}:{N}\.{N}\.{N}\.{N}
254 V6324		{W}:{W}::{W}:{N}\.{N}\.{N}\.{N}
255 V6334		{W}:{W}:{W}::{N}\.{N}\.{N}\.{N}
256 
257 V6204		::{W}:{W}:{N}\.{N}\.{N}\.{N}
258 V6214		{W}::{W}:{N}\.{N}\.{N}\.{N}
259 V6224		{W}:{W}::{N}\.{N}\.{N}\.{N}
260 
261 V6104		::{W}:{N}\.{N}\.{N}\.{N}
262 V6114		{W}::{N}\.{N}\.{N}\.{N}
263 
264 V6004		::{N}\.{N}\.{N}\.{N}
265 
266 
267 V6		({V680}|{V670}|{V671}|{V672}|{V673}|{V674}|{V675}|{V676}|{V677}|{V660}|{V661}|{V662}|{V663}|{V664}|{V665}|{V666}|{V650}|{V651}|{V652}|{V653}|{V654}|{V655}|{V640}|{V641}|{V642}|{V643}|{V644}|{V630}|{V631}|{V632}|{V633}|{V620}|{V621}|{V622}|{V610}|{V611}|{V600}|{V6604}|{V6504}|{V6514}|{V6524}|{V6534}|{V6544}|{V6554}|{V6404}|{V6414}|{V6424}|{V6434}|{V6444}|{V6304}|{V6314}|{V6324}|{V6334}|{V6204}|{V6214}|{V6224}|{V6104}|{V6114}|{V6004})
268 
269 MAC		({B}:{B}:{B}:{B}:{B}:{B}|{B}\-{B}\-{B}\-{B}\-{B}\-{B}|{B}\.{B}\.{B}\.{B}\.{B}\.{B}|{B2}\.{B2}\.{B2}|{B2}{3})
270 
271 
272 
273 %%
274 dst		return DST;
275 src		return SRC;
276 
277 link|ether|ppp|slip  return LINK;
278 fddi|tr|wlan	return LINK;
279 arp		return ARP;
280 rarp		return RARP;
281 ip		return IP;
282 sctp		return SCTP;
283 tcp		return TCP;
284 udp		return UDP;
285 icmp		return ICMP;
286 igmp		return IGMP;
287 igrp		return IGRP;
288 pim		return PIM;
289 vrrp		return VRRP;
290 carp		return CARP;
291 radio		return RADIO;
292 
293 ip6		return IPV6;
294 icmp6		return ICMPV6;
295 ah		return AH;
296 esp		return ESP;
297 
298 atalk		return ATALK;
299 aarp		return AARP;
300 decnet		return DECNET;
301 lat		return LAT;
302 sca		return SCA;
303 moprc		return MOPRC;
304 mopdl		return MOPDL;
305 
306 iso		return ISO;
307 esis		return ESIS;
308 es-is		return ESIS;
309 isis		return ISIS;
310 is-is		return ISIS;
311 l1              return L1;
312 l2              return L2;
313 iih             return IIH;
314 lsp             return LSP;
315 snp             return SNP;
316 csnp            return CSNP;
317 psnp            return PSNP;
318 
319 clnp		return CLNP;
320 
321 stp		return STP;
322 
323 ipx		return IPX;
324 
325 netbeui		return NETBEUI;
326 
327 host		return HOST;
328 net		return NET;
329 mask		return NETMASK;
330 port		return PORT;
331 portrange	return PORTRANGE;
332 proto		return PROTO;
333 protochain	return PROTOCHAIN;
334 
335 gateway		return GATEWAY;
336 
337 type		return TYPE;
338 subtype		return SUBTYPE;
339 direction|dir	return DIR;
340 address1|addr1	return ADDR1;
341 address2|addr2	return ADDR2;
342 address3|addr3	return ADDR3;
343 address4|addr4	return ADDR4;
344 ra		return RA;
345 ta		return TA;
346 
347 less		return LESS;
348 greater		return GREATER;
349 byte		return CBYTE;
350 broadcast	return TK_BROADCAST;
351 multicast	return TK_MULTICAST;
352 
353 and|"&&"	return AND;
354 or|"||"		return OR;
355 not		return '!';
356 
357 len|length	return LEN;
358 inbound		return INBOUND;
359 outbound	return OUTBOUND;
360 
361 ifindex		return IFINDEX;
362 
363 vlan		return VLAN;
364 mpls		return MPLS;
365 pppoed		return PPPOED;
366 pppoes		return PPPOES;
367 geneve		return GENEVE;
368 
369 lane		return LANE;
370 llc		return LLC;
371 metac		return METAC;
372 bcc		return BCC;
373 oam		return OAM;
374 oamf4		return OAMF4;
375 oamf4ec		return OAMF4EC;
376 oamf4sc		return OAMF4SC;
377 sc		return SC;
378 ilmic		return ILMIC;
379 vpi		return VPI;
380 vci		return VCI;
381 connectmsg	return CONNECTMSG;
382 metaconnect	return METACONNECT;
383 
384 on|ifname	return PF_IFNAME;
385 rset|ruleset	return PF_RSET;
386 rnr|rulenum	return PF_RNR;
387 srnr|subrulenum	return PF_SRNR;
388 reason		return PF_REASON;
389 action		return PF_ACTION;
390 
391 fisu		return FISU;
392 lssu		return LSSU;
393 lsu		return LSSU;
394 msu		return MSU;
395 hfisu		return HFISU;
396 hlssu		return HLSSU;
397 hmsu		return HMSU;
398 sio		return SIO;
399 opc		return OPC;
400 dpc		return DPC;
401 sls		return SLS;
402 hsio		return HSIO;
403 hopc		return HOPC;
404 hdpc		return HDPC;
405 hsls		return HSLS;
406 
407 [ \r\n\t]		;
408 [+\-*/%:\[\]!<>()&|\^=]	return yytext[0];
409 ">="			return GEQ;
410 "<="			return LEQ;
411 "!="			return NEQ;
412 "=="			return '=';
413 "<<"			return LSH;
414 ">>"			return RSH;
415 ${B}			{ yylval->s = sdup(yyextra, yytext); return AID; }
416 {MAC}			{ yylval->s = sdup(yyextra, yytext); return EID; }
417 {N}			{ return stou(yytext, yylval, yyextra); }
418 ({N}\.{N})|({N}\.{N}\.{N})|({N}\.{N}\.{N}\.{N})	{
419 			yylval->s = sdup(yyextra, (char *)yytext); return HID; }
420 {V6}			{
421 #ifdef INET6
422 			  struct addrinfo hints, *res;
423 			  memset(&hints, 0, sizeof(hints));
424 			  hints.ai_family = AF_INET6;
425 			  hints.ai_flags = AI_NUMERICHOST;
426 			  if (getaddrinfo(yytext, NULL, &hints, &res)) {
427 				bpf_set_error(yyextra, "bogus IPv6 address %s", yytext);
428 				yylval->s = NULL;
429 			  } else {
430 				freeaddrinfo(res);
431 				yylval->s = sdup(yyextra, (char *)yytext);
432 			  }
433 #else
434 			  bpf_set_error(yyextra, "IPv6 address %s not supported", yytext);
435 			  yylval->s = NULL;
436 #endif /*INET6*/
437 			  return HID6;
438 			}
439 {B}:+({B}:+)+		{ bpf_set_error(yyextra, "bogus ethernet address %s", yytext); yylval->s = NULL; return EID; }
440 icmptype		{ yylval->h = 0; return NUM; }
441 icmpcode		{ yylval->h = 1; return NUM; }
442 icmp-echoreply		{ yylval->h = 0; return NUM; }
443 icmp-unreach		{ yylval->h = 3; return NUM; }
444 icmp-sourcequench	{ yylval->h = 4; return NUM; }
445 icmp-redirect		{ yylval->h = 5; return NUM; }
446 icmp-echo		{ yylval->h = 8; return NUM; }
447 icmp-routeradvert	{ yylval->h = 9; return NUM; }
448 icmp-routersolicit	{ yylval->h = 10; return NUM; }
449 icmp-timxceed		{ yylval->h = 11; return NUM; }
450 icmp-paramprob		{ yylval->h = 12; return NUM; }
451 icmp-tstamp		{ yylval->h = 13; return NUM; }
452 icmp-tstampreply	{ yylval->h = 14; return NUM; }
453 icmp-ireq		{ yylval->h = 15; return NUM; }
454 icmp-ireqreply		{ yylval->h = 16; return NUM; }
455 icmp-maskreq		{ yylval->h = 17; return NUM; }
456 icmp-maskreply		{ yylval->h = 18; return NUM; }
457 
458 icmp6type       { yylval->h = 0; return NUM; }
459 icmp6code       { yylval->h = 1; return NUM; }
460 
461 icmp6-destinationunreach	{ yylval->h = 1; return NUM; }
462 icmp6-packettoobig		{ yylval->h = 2; return NUM; }
463 icmp6-timeexceeded		{ yylval->h = 3; return NUM; }
464 icmp6-parameterproblem		{ yylval->h = 4; return NUM; }
465 icmp6-echo      { yylval->h = 128; return NUM; }
466 icmp6-echoreply { yylval->h = 129; return NUM; }
467 icmp6-multicastlistenerquery    { yylval->h = 130; return NUM; }
468 icmp6-multicastlistenerreportv1 { yylval->h = 131; return NUM; }
469 icmp6-multicastlistenerdone     { yylval->h = 132; return NUM; }
470 icmp6-routersolicit   { yylval->h = 133; return NUM; }
471 icmp6-routeradvert    { yylval->h = 134; return NUM; }
472 icmp6-neighborsolicit { yylval->h = 135; return NUM; }
473 icmp6-neighboradvert  { yylval->h = 136; return NUM; }
474 icmp6-redirect    { yylval->h = 137; return NUM; }
475 icmp6-routerrenum { yylval->h = 138; return NUM; }
476 icmp6-nodeinformationquery      { yylval->h = 139; return NUM; }
477 icmp6-nodeinformationresponse   { yylval->h = 140; return NUM; }
478 icmp6-ineighbordiscoverysolicit { yylval->h = 141; return NUM; }
479 icmp6-ineighbordiscoveryadvert  { yylval->h = 142; return NUM; }
480 icmp6-multicastlistenerreportv2 { yylval->h = 143; return NUM; }
481 icmp6-homeagentdiscoveryrequest { yylval->h = 144; return NUM; }
482 icmp6-homeagentdiscoveryreply   { yylval->h = 145; return NUM; }
483 icmp6-mobileprefixsolicit       { yylval->h = 146; return NUM; }
484 icmp6-mobileprefixadvert        { yylval->h = 147; return NUM; }
485 icmp6-certpathsolicit           { yylval->h = 148; return NUM; }
486 icmp6-certpathadvert            { yylval->h = 149; return NUM; }
487 icmp6-multicastrouteradvert     { yylval->h = 151; return NUM; }
488 icmp6-multicastroutersolicit    { yylval->h = 152; return NUM; }
489 icmp6-multicastrouterterm       { yylval->h = 153; return NUM; }
490 
491 tcpflags		{ yylval->h = 13; return NUM; }
492 tcp-fin			{ yylval->h = 0x01; return NUM; }
493 tcp-syn			{ yylval->h = 0x02; return NUM; }
494 tcp-rst			{ yylval->h = 0x04; return NUM; }
495 tcp-push		{ yylval->h = 0x08; return NUM; }
496 tcp-ack			{ yylval->h = 0x10; return NUM; }
497 tcp-urg			{ yylval->h = 0x20; return NUM; }
498 tcp-ece			{ yylval->h = 0x40; return NUM; }
499 tcp-cwr			{ yylval->h = 0x80; return NUM; }
500 [A-Za-z0-9]([-_.A-Za-z0-9]*[.A-Za-z0-9])? {
501 			 yylval->s = sdup(yyextra, (char *)yytext); return ID; }
502 "\\"[^ !()\n\t]+	{ yylval->s = sdup(yyextra, (char *)yytext + 1); return ID; }
503 .			{ return LEX_ERROR; }
504 %%
505 
506 /*
507  * Turn diagnostics back on, so we check the code that we've written.
508  */
509 DIAG_ON_FLEX
510 
511 stoulen_ret
512 stoulen(const char *string, size_t string_len, bpf_u_int32 *val,
513     compiler_state_t *cstate)
514 {
515 	bpf_u_int32 n = 0;
516 	unsigned int digit;
517 	const char *s = string;
518 
519 	/*
520 	 * string is guaranteed either to be a string of decimal digits
521 	 * or 0[xX] followed by a string of hex digits.
522 	 */
523 	if (string_len >= 1 && *s == '0') {
524 		if (string_len >= 2  && (s[1] == 'x' || s[1] == 'X')) {
525 			/*
526 			 * Begins with 0x or 0X, so hex.
527 			 * Guaranteed to be all hex digits following the
528 			 * prefix, so anything that's not 0-9 or a-f is
529 			 * A-F.
530 			 */
531 			s += 2;	/* skip the prefix */
532 			string_len -= 2;
533 			while (string_len != 0) {
534 				digit = *s++;
535 				string_len--;
536 				if (digit >= '0' && digit <= '9')
537 					digit = digit - '0';
538 				else if (digit >= 'a' && digit <= 'f')
539 					digit = digit - 'a' + 10;
540 				else if (digit >= 'A' && digit <= 'F')
541 					digit = digit - 'A' + 10;
542 				else {
543 					/*
544 					 * Not a valid hex number.
545 					 * Don't treat this as an error,
546 					 * in case the caller wants to
547 					 * interpret it as something else.
548 					 */
549 					return STOULEN_NOT_HEX_NUMBER;
550 				}
551 
552 				/*
553 				 * Check for overflow.
554 				 */
555 				if (n > 0xFFFFFFFU) {
556 					/*
557 					 * We have more than 28 bits of
558 					 * number, and are about to
559 					 * add 4 more; that won't fit
560 					 * in 32 bits.
561 					 */
562 					bpf_set_error(cstate,
563 					    "number %.*s overflows 32 bits",
564 					   (int)string_len, string);
565 					return STOULEN_ERROR;
566 				}
567 				n = (n << 4) + digit;
568 			}
569 		} else {
570 			/*
571 			 * Begins with 0, but not 0x or 0X, so octal.
572 			 * Guaranteed to be all *decimal* digits following
573 			 * the prefix, so we need to catch 8 and 9 and
574 			 * report an error.
575 			 */
576 			s += 1;
577 			string_len -= 1;
578 			while (string_len != 0) {
579 				digit = *s++;
580 				string_len--;
581 				if (digit >= '0' && digit <= '7')
582 					digit = digit - '0';
583 				else {
584 					/*
585 					 * Not a valid octal number.
586 					 * Don't treat this as an error,
587 					 * in case the caller wants to
588 					 * interpret it as something else.
589 					 */
590 					return STOULEN_NOT_OCTAL_NUMBER;
591 				}
592 				if (n > 03777777777U) {
593 					/*
594 					 * We have more than 29 bits of
595 					 * number, and are about to add
596 					 * 3 more; that won't fit in
597 					 * 32 bits.
598 					 */
599 					bpf_set_error(cstate,
600 					    "number %.*s overflows 32 bits",
601 					   (int)string_len, string);
602 					return STOULEN_ERROR;
603 				}
604 				n = (n << 3) + digit;
605 			}
606 		}
607 	} else {
608 		/*
609 		 * Decimal.
610 		 */
611 		while (string_len != 0) {
612 			digit = *s++;
613 			string_len--;
614 			if (digit >= '0' && digit <= '9')
615 				digit = digit - '0';
616 			else {
617 				/*
618 				 * Not a valid decimal number.
619 				 * Don't treat this as an error,
620 				 * in case the caller wants to
621 				 * interpret it as something else.
622 				 */
623 				return STOULEN_NOT_DECIMAL_NUMBER;
624 			}
625 #define CUTOFF_DEC	(0xFFFFFFFFU / 10U)
626 #define CUTLIM_DEC	(0xFFFFFFFFU % 10U)
627 			if (n > CUTOFF_DEC ||
628 			    (n == CUTOFF_DEC && digit > CUTLIM_DEC)) {
629 				/*
630 				 * Adding that digit will result in a
631 				 * number that won't fit in 32 bits.
632 				 */
633 				bpf_set_error(cstate,
634 				    "number %.*s overflows 32 bits",
635 				   (int)string_len, string);
636 				return STOULEN_ERROR;
637 			}
638 			n = (n * 10) + digit;
639 		}
640 	}
641 
642 	*val = n;
643 	return STOULEN_OK;
644 }
645 
646 /*
647  * Convert string to 32-bit unsigned integer.  Just like atoi(), but checks for
648  * preceding 0x or 0 and uses hex or octal instead of decimal.
649  *
650  * On success, sets yylval->h to the value and returns NUM.
651  * On failure, sets the BPF error string and returns LEX_ERROR, to force
652  * the parse to stop.
653  */
654 static int
655 stou(const char *yytext_arg, YYSTYPE *yylval_arg, compiler_state_t *yyextra_arg)
656 {
657 	stoulen_ret ret;
658 
659 	ret = stoulen(yytext_arg, strlen(yytext_arg), &yylval_arg->h,
660 	    yyextra_arg);
661 	switch (ret) {
662 
663 	case STOULEN_OK:
664 		return NUM;
665 
666 	case STOULEN_NOT_OCTAL_NUMBER:
667 		bpf_set_error(yyextra_arg, "number %s contains non-octal digit",
668 		    yytext_arg);
669 		return LEX_ERROR;
670 
671 	case STOULEN_NOT_HEX_NUMBER:
672 		bpf_set_error(yyextra_arg, "number %s contains non-hex digit",
673 		    yytext_arg);
674 		return LEX_ERROR;
675 
676 	case STOULEN_NOT_DECIMAL_NUMBER:
677 		bpf_set_error(yyextra_arg, "number %s contains non-decimal digit",
678 		    yytext_arg);
679 		return LEX_ERROR;
680 
681 	case STOULEN_ERROR:
682 		/* Error already set. */
683 		return LEX_ERROR;
684 
685 	default:
686 		/* Should not happen */
687 		bpf_set_error(yyextra_arg, "stoulen returned %d - this should not happen", ret);
688 		return LEX_ERROR;
689 	}
690 }
691