1a85e14b0SPeter Avalos /*- 2a85e14b0SPeter Avalos * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 3a85e14b0SPeter Avalos * The Regents of the University of California. All rights reserved. 4a85e14b0SPeter Avalos * 5a85e14b0SPeter Avalos * This code is derived from the Stanford/CMU enet packet filter, 6a85e14b0SPeter Avalos * (net/enet.c) distributed as part of 4.3BSD, and code contributed 7a85e14b0SPeter Avalos * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence 8a85e14b0SPeter Avalos * Berkeley Laboratory. 9a85e14b0SPeter Avalos * 10a85e14b0SPeter Avalos * Redistribution and use in source and binary forms, with or without 11a85e14b0SPeter Avalos * modification, are permitted provided that the following conditions 12a85e14b0SPeter Avalos * are met: 13a85e14b0SPeter Avalos * 1. Redistributions of source code must retain the above copyright 14a85e14b0SPeter Avalos * notice, this list of conditions and the following disclaimer. 15a85e14b0SPeter Avalos * 2. Redistributions in binary form must reproduce the above copyright 16a85e14b0SPeter Avalos * notice, this list of conditions and the following disclaimer in the 17a85e14b0SPeter Avalos * documentation and/or other materials provided with the distribution. 183a289941SAaron LI * 3. Neither the name of the University nor the names of its contributors 19a85e14b0SPeter Avalos * may be used to endorse or promote products derived from this software 20a85e14b0SPeter Avalos * without specific prior written permission. 21a85e14b0SPeter Avalos * 22a85e14b0SPeter Avalos * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 23a85e14b0SPeter Avalos * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24a85e14b0SPeter Avalos * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25a85e14b0SPeter Avalos * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 26a85e14b0SPeter Avalos * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27a85e14b0SPeter Avalos * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28a85e14b0SPeter Avalos * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29a85e14b0SPeter Avalos * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30a85e14b0SPeter Avalos * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31a85e14b0SPeter Avalos * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32a85e14b0SPeter Avalos * SUCH DAMAGE. 33a85e14b0SPeter Avalos * 34a85e14b0SPeter Avalos * @(#)bpf.h 7.1 (Berkeley) 5/7/91 35a85e14b0SPeter Avalos */ 36a85e14b0SPeter Avalos 37a85e14b0SPeter Avalos /* 38a85e14b0SPeter Avalos * This is libpcap's cut-down version of bpf.h; it includes only 39a85e14b0SPeter Avalos * the stuff needed for the code generator and the userland BPF 40a85e14b0SPeter Avalos * interpreter, and the libpcap APIs for setting filters, etc.. 41a85e14b0SPeter Avalos * 42a85e14b0SPeter Avalos * "pcap-bpf.c" will include the native OS version, as it deals with 43a85e14b0SPeter Avalos * the OS's BPF implementation. 44a85e14b0SPeter Avalos * 45a85e14b0SPeter Avalos * At least two programs found by Google Code Search explicitly includes 46a85e14b0SPeter Avalos * <pcap/bpf.h> (even though <pcap.h>/<pcap/pcap.h> includes it for you), 47a85e14b0SPeter Avalos * so moving that stuff to <pcap/pcap.h> would break the build for some 48a85e14b0SPeter Avalos * programs. 49a85e14b0SPeter Avalos */ 50a85e14b0SPeter Avalos 51a85e14b0SPeter Avalos /* 52a85e14b0SPeter Avalos * If we've already included <net/bpf.h>, don't re-define this stuff. 53a85e14b0SPeter Avalos * We assume BSD-style multiple-include protection in <net/bpf.h>, 54a85e14b0SPeter Avalos * which is true of all but the oldest versions of FreeBSD and NetBSD, 55a85e14b0SPeter Avalos * or Tru64 UNIX-style multiple-include protection (or, at least, 56a85e14b0SPeter Avalos * Tru64 UNIX 5.x-style; I don't have earlier versions available to check), 57a85e14b0SPeter Avalos * or AIX-style multiple-include protection (or, at least, AIX 5.x-style; 5897a9217aSAntonio Huete Jimenez * I don't have earlier versions available to check), or QNX-style 5997a9217aSAntonio Huete Jimenez * multiple-include protection (as per GitHub pull request #394). 60a85e14b0SPeter Avalos * 61*ea16f64eSAntonio Huete Jimenez * We trust that they will define structures and macros and types in 62*ea16f64eSAntonio Huete Jimenez * a fashion that's source-compatible and binary-compatible with our 63*ea16f64eSAntonio Huete Jimenez * definitions. 64*ea16f64eSAntonio Huete Jimenez * 65a85e14b0SPeter Avalos * We do not check for BPF_MAJOR_VERSION, as that's defined by 66a85e14b0SPeter Avalos * <linux/filter.h>, which is directly or indirectly included in some 67a85e14b0SPeter Avalos * programs that also include pcap.h, and <linux/filter.h> doesn't 68*ea16f64eSAntonio Huete Jimenez * define stuff we need. We *do* protect against <linux/filter.h> 69*ea16f64eSAntonio Huete Jimenez * defining various macros for BPF code itself; <linux/filter.h> says 70*ea16f64eSAntonio Huete Jimenez * 71*ea16f64eSAntonio Huete Jimenez * Try and keep these values and structures similar to BSD, especially 72*ea16f64eSAntonio Huete Jimenez * the BPF code definitions which need to match so you can share filters 73*ea16f64eSAntonio Huete Jimenez * 74*ea16f64eSAntonio Huete Jimenez * so we trust that it will define them in a fashion that's source-compatible 75*ea16f64eSAntonio Huete Jimenez * and binary-compatible with our definitions. 76a85e14b0SPeter Avalos * 77a85e14b0SPeter Avalos * This also provides our own multiple-include protection. 78a85e14b0SPeter Avalos */ 7997a9217aSAntonio Huete Jimenez #if !defined(_NET_BPF_H_) && !defined(_NET_BPF_H_INCLUDED) && !defined(_BPF_H_) && !defined(_H_BPF) && !defined(lib_pcap_bpf_h) 80a85e14b0SPeter Avalos #define lib_pcap_bpf_h 81a85e14b0SPeter Avalos 823a289941SAaron LI #include <pcap/funcattrs.h> 8397a9217aSAntonio Huete Jimenez 84*ea16f64eSAntonio Huete Jimenez #include <pcap/dlt.h> 85*ea16f64eSAntonio Huete Jimenez 86a85e14b0SPeter Avalos #ifdef __cplusplus 87a85e14b0SPeter Avalos extern "C" { 88a85e14b0SPeter Avalos #endif 89a85e14b0SPeter Avalos 90a85e14b0SPeter Avalos /* BSD style release date */ 91a85e14b0SPeter Avalos #define BPF_RELEASE 199606 92a85e14b0SPeter Avalos 93a85e14b0SPeter Avalos #ifdef MSDOS /* must be 32-bit */ 94a85e14b0SPeter Avalos typedef long bpf_int32; 95a85e14b0SPeter Avalos typedef unsigned long bpf_u_int32; 96a85e14b0SPeter Avalos #else 97a85e14b0SPeter Avalos typedef int bpf_int32; 98a85e14b0SPeter Avalos typedef u_int bpf_u_int32; 99a85e14b0SPeter Avalos #endif 100a85e14b0SPeter Avalos 101a85e14b0SPeter Avalos /* 102a85e14b0SPeter Avalos * Alignment macros. BPF_WORDALIGN rounds up to the next 103a85e14b0SPeter Avalos * even multiple of BPF_ALIGNMENT. 104a85e14b0SPeter Avalos * 105a85e14b0SPeter Avalos * Tcpdump's print-pflog.c uses this, so we define it here. 106a85e14b0SPeter Avalos */ 107a85e14b0SPeter Avalos #ifndef __NetBSD__ 108a85e14b0SPeter Avalos #define BPF_ALIGNMENT sizeof(bpf_int32) 109a85e14b0SPeter Avalos #else 110a85e14b0SPeter Avalos #define BPF_ALIGNMENT sizeof(long) 111a85e14b0SPeter Avalos #endif 112a85e14b0SPeter Avalos #define BPF_WORDALIGN(x) (((x)+(BPF_ALIGNMENT-1))&~(BPF_ALIGNMENT-1)) 113a85e14b0SPeter Avalos 114a85e14b0SPeter Avalos /* 115a85e14b0SPeter Avalos * Structure for "pcap_compile()", "pcap_setfilter()", etc.. 116a85e14b0SPeter Avalos */ 117a85e14b0SPeter Avalos struct bpf_program { 118a85e14b0SPeter Avalos u_int bf_len; 119a85e14b0SPeter Avalos struct bpf_insn *bf_insns; 120a85e14b0SPeter Avalos }; 121a85e14b0SPeter Avalos 122a85e14b0SPeter Avalos /* 123a85e14b0SPeter Avalos * The instruction encodings. 12497a9217aSAntonio Huete Jimenez * 12597a9217aSAntonio Huete Jimenez * Please inform tcpdump-workers@lists.tcpdump.org if you use any 12697a9217aSAntonio Huete Jimenez * of the reserved values, so that we can note that they're used 12797a9217aSAntonio Huete Jimenez * (and perhaps implement it in the reference BPF implementation 12897a9217aSAntonio Huete Jimenez * and encourage its implementation elsewhere). 129a85e14b0SPeter Avalos */ 13097a9217aSAntonio Huete Jimenez 13197a9217aSAntonio Huete Jimenez /* 13297a9217aSAntonio Huete Jimenez * The upper 8 bits of the opcode aren't used. BSD/OS used 0x8000. 13397a9217aSAntonio Huete Jimenez */ 13497a9217aSAntonio Huete Jimenez 135a85e14b0SPeter Avalos /* instruction classes */ 136a85e14b0SPeter Avalos #define BPF_CLASS(code) ((code) & 0x07) 137a85e14b0SPeter Avalos #define BPF_LD 0x00 138a85e14b0SPeter Avalos #define BPF_LDX 0x01 139a85e14b0SPeter Avalos #define BPF_ST 0x02 140a85e14b0SPeter Avalos #define BPF_STX 0x03 141a85e14b0SPeter Avalos #define BPF_ALU 0x04 142a85e14b0SPeter Avalos #define BPF_JMP 0x05 143a85e14b0SPeter Avalos #define BPF_RET 0x06 144a85e14b0SPeter Avalos #define BPF_MISC 0x07 145a85e14b0SPeter Avalos 146a85e14b0SPeter Avalos /* ld/ldx fields */ 147a85e14b0SPeter Avalos #define BPF_SIZE(code) ((code) & 0x18) 148a85e14b0SPeter Avalos #define BPF_W 0x00 149a85e14b0SPeter Avalos #define BPF_H 0x08 150a85e14b0SPeter Avalos #define BPF_B 0x10 15197a9217aSAntonio Huete Jimenez /* 0x18 reserved; used by BSD/OS */ 152a85e14b0SPeter Avalos #define BPF_MODE(code) ((code) & 0xe0) 153a85e14b0SPeter Avalos #define BPF_IMM 0x00 154a85e14b0SPeter Avalos #define BPF_ABS 0x20 155a85e14b0SPeter Avalos #define BPF_IND 0x40 156a85e14b0SPeter Avalos #define BPF_MEM 0x60 157a85e14b0SPeter Avalos #define BPF_LEN 0x80 158a85e14b0SPeter Avalos #define BPF_MSH 0xa0 15997a9217aSAntonio Huete Jimenez /* 0xc0 reserved; used by BSD/OS */ 16097a9217aSAntonio Huete Jimenez /* 0xe0 reserved; used by BSD/OS */ 161a85e14b0SPeter Avalos 162a85e14b0SPeter Avalos /* alu/jmp fields */ 163a85e14b0SPeter Avalos #define BPF_OP(code) ((code) & 0xf0) 164a85e14b0SPeter Avalos #define BPF_ADD 0x00 165a85e14b0SPeter Avalos #define BPF_SUB 0x10 166a85e14b0SPeter Avalos #define BPF_MUL 0x20 167a85e14b0SPeter Avalos #define BPF_DIV 0x30 168a85e14b0SPeter Avalos #define BPF_OR 0x40 169a85e14b0SPeter Avalos #define BPF_AND 0x50 170a85e14b0SPeter Avalos #define BPF_LSH 0x60 171a85e14b0SPeter Avalos #define BPF_RSH 0x70 172a85e14b0SPeter Avalos #define BPF_NEG 0x80 17397a9217aSAntonio Huete Jimenez #define BPF_MOD 0x90 17497a9217aSAntonio Huete Jimenez #define BPF_XOR 0xa0 17597a9217aSAntonio Huete Jimenez /* 0xb0 reserved */ 17697a9217aSAntonio Huete Jimenez /* 0xc0 reserved */ 17797a9217aSAntonio Huete Jimenez /* 0xd0 reserved */ 17897a9217aSAntonio Huete Jimenez /* 0xe0 reserved */ 17997a9217aSAntonio Huete Jimenez /* 0xf0 reserved */ 18097a9217aSAntonio Huete Jimenez 181a85e14b0SPeter Avalos #define BPF_JA 0x00 182a85e14b0SPeter Avalos #define BPF_JEQ 0x10 183a85e14b0SPeter Avalos #define BPF_JGT 0x20 184a85e14b0SPeter Avalos #define BPF_JGE 0x30 185a85e14b0SPeter Avalos #define BPF_JSET 0x40 18697a9217aSAntonio Huete Jimenez /* 0x50 reserved; used on BSD/OS */ 18797a9217aSAntonio Huete Jimenez /* 0x60 reserved */ 18897a9217aSAntonio Huete Jimenez /* 0x70 reserved */ 18997a9217aSAntonio Huete Jimenez /* 0x80 reserved */ 19097a9217aSAntonio Huete Jimenez /* 0x90 reserved */ 19197a9217aSAntonio Huete Jimenez /* 0xa0 reserved */ 19297a9217aSAntonio Huete Jimenez /* 0xb0 reserved */ 19397a9217aSAntonio Huete Jimenez /* 0xc0 reserved */ 19497a9217aSAntonio Huete Jimenez /* 0xd0 reserved */ 19597a9217aSAntonio Huete Jimenez /* 0xe0 reserved */ 19697a9217aSAntonio Huete Jimenez /* 0xf0 reserved */ 197a85e14b0SPeter Avalos #define BPF_SRC(code) ((code) & 0x08) 198a85e14b0SPeter Avalos #define BPF_K 0x00 199a85e14b0SPeter Avalos #define BPF_X 0x08 200a85e14b0SPeter Avalos 201a85e14b0SPeter Avalos /* ret - BPF_K and BPF_X also apply */ 202a85e14b0SPeter Avalos #define BPF_RVAL(code) ((code) & 0x18) 203a85e14b0SPeter Avalos #define BPF_A 0x10 20497a9217aSAntonio Huete Jimenez /* 0x18 reserved */ 205a85e14b0SPeter Avalos 206a85e14b0SPeter Avalos /* misc */ 207a85e14b0SPeter Avalos #define BPF_MISCOP(code) ((code) & 0xf8) 208a85e14b0SPeter Avalos #define BPF_TAX 0x00 20997a9217aSAntonio Huete Jimenez /* 0x08 reserved */ 21097a9217aSAntonio Huete Jimenez /* 0x10 reserved */ 21197a9217aSAntonio Huete Jimenez /* 0x18 reserved */ 21297a9217aSAntonio Huete Jimenez /* #define BPF_COP 0x20 NetBSD "coprocessor" extensions */ 21397a9217aSAntonio Huete Jimenez /* 0x28 reserved */ 21497a9217aSAntonio Huete Jimenez /* 0x30 reserved */ 21597a9217aSAntonio Huete Jimenez /* 0x38 reserved */ 21697a9217aSAntonio Huete Jimenez /* #define BPF_COPX 0x40 NetBSD "coprocessor" extensions */ 21797a9217aSAntonio Huete Jimenez /* also used on BSD/OS */ 21897a9217aSAntonio Huete Jimenez /* 0x48 reserved */ 21997a9217aSAntonio Huete Jimenez /* 0x50 reserved */ 22097a9217aSAntonio Huete Jimenez /* 0x58 reserved */ 22197a9217aSAntonio Huete Jimenez /* 0x60 reserved */ 22297a9217aSAntonio Huete Jimenez /* 0x68 reserved */ 22397a9217aSAntonio Huete Jimenez /* 0x70 reserved */ 22497a9217aSAntonio Huete Jimenez /* 0x78 reserved */ 225a85e14b0SPeter Avalos #define BPF_TXA 0x80 22697a9217aSAntonio Huete Jimenez /* 0x88 reserved */ 22797a9217aSAntonio Huete Jimenez /* 0x90 reserved */ 22897a9217aSAntonio Huete Jimenez /* 0x98 reserved */ 22997a9217aSAntonio Huete Jimenez /* 0xa0 reserved */ 23097a9217aSAntonio Huete Jimenez /* 0xa8 reserved */ 23197a9217aSAntonio Huete Jimenez /* 0xb0 reserved */ 23297a9217aSAntonio Huete Jimenez /* 0xb8 reserved */ 23397a9217aSAntonio Huete Jimenez /* 0xc0 reserved; used on BSD/OS */ 23497a9217aSAntonio Huete Jimenez /* 0xc8 reserved */ 23597a9217aSAntonio Huete Jimenez /* 0xd0 reserved */ 23697a9217aSAntonio Huete Jimenez /* 0xd8 reserved */ 23797a9217aSAntonio Huete Jimenez /* 0xe0 reserved */ 23897a9217aSAntonio Huete Jimenez /* 0xe8 reserved */ 23997a9217aSAntonio Huete Jimenez /* 0xf0 reserved */ 24097a9217aSAntonio Huete Jimenez /* 0xf8 reserved */ 241a85e14b0SPeter Avalos 242a85e14b0SPeter Avalos /* 243a85e14b0SPeter Avalos * The instruction data structure. 244a85e14b0SPeter Avalos */ 245a85e14b0SPeter Avalos struct bpf_insn { 246a85e14b0SPeter Avalos u_short code; 247a85e14b0SPeter Avalos u_char jt; 248a85e14b0SPeter Avalos u_char jf; 249a85e14b0SPeter Avalos bpf_u_int32 k; 250a85e14b0SPeter Avalos }; 251a85e14b0SPeter Avalos 252a85e14b0SPeter Avalos /* 253a85e14b0SPeter Avalos * Macros for insn array initializers. 254*ea16f64eSAntonio Huete Jimenez * 255*ea16f64eSAntonio Huete Jimenez * In case somebody's included <linux/filter.h>, or something else that 256*ea16f64eSAntonio Huete Jimenez * gives the kernel's definitions of BPF statements, get rid of its 257*ea16f64eSAntonio Huete Jimenez * definitions, so we can supply ours instead. If some kernel's 258*ea16f64eSAntonio Huete Jimenez * definitions aren't *binary-compatible* with what BPF has had 259*ea16f64eSAntonio Huete Jimenez * since it first sprung from the brows of Van Jacobson and Steve 260*ea16f64eSAntonio Huete Jimenez * McCanne, that kernel should be fixed. 261a85e14b0SPeter Avalos */ 262*ea16f64eSAntonio Huete Jimenez #ifdef BPF_STMT 263*ea16f64eSAntonio Huete Jimenez #undef BPF_STMT 264*ea16f64eSAntonio Huete Jimenez #endif 265a85e14b0SPeter Avalos #define BPF_STMT(code, k) { (u_short)(code), 0, 0, k } 266*ea16f64eSAntonio Huete Jimenez #ifdef BPF_JUMP 267*ea16f64eSAntonio Huete Jimenez #undef BPF_JUMP 268*ea16f64eSAntonio Huete Jimenez #endif 269a85e14b0SPeter Avalos #define BPF_JUMP(code, k, jt, jf) { (u_short)(code), jt, jf, k } 270a85e14b0SPeter Avalos 271*ea16f64eSAntonio Huete Jimenez PCAP_AVAILABLE_0_4 27297a9217aSAntonio Huete Jimenez PCAP_API u_int bpf_filter(const struct bpf_insn *, const u_char *, u_int, u_int); 273a85e14b0SPeter Avalos 274*ea16f64eSAntonio Huete Jimenez PCAP_AVAILABLE_0_6 275*ea16f64eSAntonio Huete Jimenez PCAP_API int bpf_validate(const struct bpf_insn *f, int len); 276*ea16f64eSAntonio Huete Jimenez 277*ea16f64eSAntonio Huete Jimenez PCAP_AVAILABLE_0_4 278*ea16f64eSAntonio Huete Jimenez PCAP_API char *bpf_image(const struct bpf_insn *, int); 279*ea16f64eSAntonio Huete Jimenez 280*ea16f64eSAntonio Huete Jimenez PCAP_AVAILABLE_0_6 281*ea16f64eSAntonio Huete Jimenez PCAP_API void bpf_dump(const struct bpf_program *, int); 282*ea16f64eSAntonio Huete Jimenez 283a85e14b0SPeter Avalos /* 284a85e14b0SPeter Avalos * Number of scratch memory words (for BPF_LD|BPF_MEM and BPF_ST). 285a85e14b0SPeter Avalos */ 286a85e14b0SPeter Avalos #define BPF_MEMWORDS 16 287a85e14b0SPeter Avalos 288a85e14b0SPeter Avalos #ifdef __cplusplus 289a85e14b0SPeter Avalos } 290a85e14b0SPeter Avalos #endif 291a85e14b0SPeter Avalos 292a85e14b0SPeter Avalos #endif /* !defined(_NET_BPF_H_) && !defined(_BPF_H_) && !defined(_H_BPF) && !defined(lib_pcap_bpf_h) */ 293