1 /*- 2 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Some portions Copyright (C) 2010-2013 Sourcefire, Inc. 6 * 7 * This code is derived from the Stanford/CMU enet packet filter, 8 * (net/enet.c) distributed as part of 4.3BSD, and code contributed 9 * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence 10 * Berkeley Laboratory. 11 * 12 * Redistribution and use in source and binary forms, with or without 13 * modification, are permitted provided that the following conditions 14 * are met: 15 * 1. Redistributions of source code must retain the above copyright 16 * notice, this list of conditions and the following disclaimer. 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in the 19 * documentation and/or other materials provided with the distribution. 20 * 3. All advertising materials mentioning features or use of this software 21 * must display the following acknowledgement: 22 * This product includes software developed by the University of 23 * California, Berkeley and its contributors. 24 * 4. Neither the name of the University nor the names of its contributors 25 * may be used to endorse or promote products derived from this software 26 * without specific prior written permission. 27 * 28 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 29 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 30 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 31 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 32 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 33 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 34 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 35 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 36 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 37 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 38 * SUCH DAMAGE. 39 * 40 * @(#)bpf.h 7.1 (Berkeley) 5/7/91 41 * 42 * @(#) $Header: /usr/cvsroot/sfeng/ims/src/libraries/daq/daq/sfbpf/sfbpf.h,v 1.3 2013/06/28 14:57:30 rcombs Exp $ (LBL) 43 */ 44 45 /* 46 * This is libDAQ's cut-down version of libpcap's cut-down version of bpf.h; 47 * it includes only the stuff needed for the code generator and the userland 48 * BPF interpreter, and the libDAQ APIs for setting filters, etc.. 49 * 50 * Mostly things have been renamed so as to not conflict with the original 51 * libpcap BPF headers. 52 * 53 * Datalink type definitions have been extracted and placed in sfbpf_dlt.h. 54 */ 55 56 #ifndef _SFBPF_H 57 #define _SFBPF_H 58 59 #include <sys/types.h> 60 61 #ifdef __cplusplus 62 extern "C" { 63 #endif 64 65 /* BSD style release date */ 66 #define SFBPF_RELEASE 199606 67 68 typedef int sfbpf_int32; 69 typedef u_int sfbpf_u_int32; 70 71 /* 72 * Alignment macros. SFBPF_WORDALIGN rounds up to the next 73 * even multiple of SFBPF_ALIGNMENT. 74 */ 75 #define SFBPF_ALIGNMENT sizeof(sfbpf_int32) 76 #define SFBPF_WORDALIGN(x) (((x)+(SFBPF_ALIGNMENT-1))&~(SFBPF_ALIGNMENT-1)) 77 78 #define SFBPF_MAXBUFSIZE 0x8000 79 #define SFBPF_MINBUFSIZE 32 80 81 #define ISSET_BPFFILTER(x) (x.bf_insns) 82 #define CLR_BPFFILTER(x) x.bf_insns = 0 83 #define SET_BPFFILTER(x, y) sfbpf_compile(ETH_FRAME_LEN, DLT_EN10MB, x, y, 1, 0) 84 #define EVAL_BPFFILTER(x, y, z) sfbpf_filter(x.bf_insns, y, z, z) 85 86 /* 87 * Structure for "pcap_compile()", "pcap_setfilter()", etc.. 88 */ 89 struct sfbpf_program { 90 u_int bf_len; 91 struct sfbpf_insn *bf_insns; 92 }; 93 94 /* 95 * Struct return by BIOCVERSION. This represents the version number of 96 * the filter language described by the instruction encodings below. 97 * bpf understands a program iff kernel_major == filter_major && 98 * kernel_minor >= filter_minor, that is, if the value returned by the 99 * running kernel has the same major number and a minor number equal 100 * equal to or less than the filter being downloaded. Otherwise, the 101 * results are undefined, meaning an error may be returned or packets 102 * may be accepted haphazardly. 103 * It has nothing to do with the source code version. 104 */ 105 struct sfbpf_version { 106 u_short bv_major; 107 u_short bv_minor; 108 }; 109 /* Current version number of filter architecture. */ 110 #define SFBPF_MAJOR_VERSION 1 111 #define SFBPF_MINOR_VERSION 1 112 113 #include "sfbpf_dlt.h" 114 115 /* 116 * The instruction encodings. 117 */ 118 /* instruction classes */ 119 #define SFBPF_CLASS(code) ((code) & 0x07) 120 #define SFBPF_LD 0x00 121 #define SFBPF_LDX 0x01 122 #define SFBPF_ST 0x02 123 #define SFBPF_STX 0x03 124 #define SFBPF_ALU 0x04 125 #define SFBPF_JMP 0x05 126 #define SFBPF_RET 0x06 127 #define SFBPF_MISC 0x07 128 129 /* ld/ldx fields */ 130 #define SFBPF_SIZE(code) ((code) & 0x18) 131 #define SFBPF_W 0x00 132 #define SFBPF_H 0x08 133 #define SFBPF_B 0x10 134 #define SFBPF_MODE(code) ((code) & 0xe0) 135 #define SFBPF_IMM 0x00 136 #define SFBPF_ABS 0x20 137 #define SFBPF_IND 0x40 138 #define SFBPF_MEM 0x60 139 #define SFBPF_LEN 0x80 140 #define SFBPF_MSH 0xa0 141 142 /* alu/jmp fields */ 143 #define SFBPF_OP(code) ((code) & 0xf0) 144 #define SFBPF_ADD 0x00 145 #define SFBPF_SUB 0x10 146 #define SFBPF_MUL 0x20 147 #define SFBPF_DIV 0x30 148 #define SFBPF_OR 0x40 149 #define SFBPF_AND 0x50 150 #define SFBPF_LSH 0x60 151 #define SFBPF_RSH 0x70 152 #define SFBPF_NEG 0x80 153 #define SFBPF_JA 0x00 154 #define SFBPF_JEQ 0x10 155 #define SFBPF_JGT 0x20 156 #define SFBPF_JGE 0x30 157 #define SFBPF_JSET 0x40 158 #define SFBPF_SRC(code) ((code) & 0x08) 159 #define SFBPF_K 0x00 160 #define SFBPF_X 0x08 161 162 /* ret - SFBPF_K and SFBPF_X also apply */ 163 #define SFBPF_RVAL(code) ((code) & 0x18) 164 #define SFBPF_A 0x10 165 166 /* misc */ 167 #define SFBPF_MISCOP(code) ((code) & 0xf8) 168 #define SFBPF_TAX 0x00 169 #define SFBPF_TXA 0x80 170 171 /* 172 * The instruction data structure. 173 */ 174 struct sfbpf_insn { 175 u_short code; 176 u_char jt; 177 u_char jf; 178 sfbpf_u_int32 k; 179 }; 180 181 /* 182 * Macros for insn array initializers. 183 */ 184 #define SFBPF_STMT(code, k) { (u_short)(code), 0, 0, k } 185 #define SFBPF_JUMP(code, k, jt, jf) { (u_short)(code), jt, jf, k } 186 187 //#if __STDC__ || defined(__cplusplus) 188 int sfbpf_compile(int snaplen_arg, int linktype_arg, struct sfbpf_program *program, const char *buf, int optimize, sfbpf_u_int32 mask); 189 int sfbpf_validate(const struct sfbpf_insn *f, int len); 190 u_int sfbpf_filter(const struct sfbpf_insn *pc, const u_char *p, u_int wirelen, u_int buflen); 191 void sfbpf_freecode(struct sfbpf_program *program); 192 void sfbpf_print(struct sfbpf_program *fp, int verbose); 193 /* 194 #else 195 int sfbpf_compile(); 196 int sfbpf_validate(); 197 u_int sfbpf_filter(); 198 void sfbpf_freecode(); 199 #endif 200 */ 201 /* 202 * Number of scratch memory words (for SFBPF_LD|SFBPF_MEM and SFBPF_ST). 203 */ 204 #define SFBPF_MEMWORDS 16 205 206 #ifdef __cplusplus 207 } 208 #endif 209 210 #endif 211