1 /*
2 * Copyright (c) 1990, 1991, 1992, 1994, 1995, 1996
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that: (1) source code distributions
7 * retain the above copyright notice and this paragraph in its entirety, (2)
8 * distributions including binary code include the above copyright notice and
9 * this paragraph in its entirety in the documentation or other materials
10 * provided with the distribution, and (3) all advertising materials mentioning
11 * features or use of this software display the following acknowledgement:
12 * ``This product includes software developed by the University of California,
13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14 * the University nor the names of its contributors may be used to endorse
15 * or promote products derived from this software without specific prior
16 * written permission.
17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
20 */
21
22 #ifdef HAVE_CONFIG_H
23 #include "config.h"
24 #endif
25
26 #ifdef WIN32
27 #include <pcap-stdinc.h>
28 #else /* WIN32 */
29 #if HAVE_INTTYPES_H
30 #include <inttypes.h>
31 #elif HAVE_STDINT_H
32 #include <stdint.h>
33 #endif
34 #ifdef HAVE_SYS_BITYPES_H
35 #include <sys/bitypes.h>
36 #endif
37 #include <sys/types.h>
38 #endif /* WIN32 */
39
40 #include <stdio.h>
41 #include <string.h>
42
43 #include "pcap-int.h"
44
45 #ifdef HAVE_OS_PROTO_H
46 #include "os-proto.h"
47 #endif
48
49 char *
bpf_image(p,n)50 bpf_image(p, n)
51 const struct bpf_insn *p;
52 int n;
53 {
54 int v;
55 const char *fmt, *op;
56 static char image[256];
57 char operand[64];
58
59 v = p->k;
60 switch (p->code) {
61
62 default:
63 op = "unimp";
64 fmt = "0x%x";
65 v = p->code;
66 break;
67
68 case BPF_RET|BPF_K:
69 op = "ret";
70 fmt = "#%d";
71 break;
72
73 case BPF_RET|BPF_A:
74 op = "ret";
75 fmt = "";
76 break;
77
78 case BPF_LD|BPF_W|BPF_ABS:
79 op = "ld";
80 fmt = "[%d]";
81 break;
82
83 case BPF_LD|BPF_H|BPF_ABS:
84 op = "ldh";
85 fmt = "[%d]";
86 break;
87
88 case BPF_LD|BPF_B|BPF_ABS:
89 op = "ldb";
90 fmt = "[%d]";
91 break;
92
93 case BPF_LD|BPF_W|BPF_LEN:
94 op = "ld";
95 fmt = "#pktlen";
96 break;
97
98 case BPF_LD|BPF_W|BPF_IND:
99 op = "ld";
100 fmt = "[x + %d]";
101 break;
102
103 case BPF_LD|BPF_H|BPF_IND:
104 op = "ldh";
105 fmt = "[x + %d]";
106 break;
107
108 case BPF_LD|BPF_B|BPF_IND:
109 op = "ldb";
110 fmt = "[x + %d]";
111 break;
112
113 case BPF_LD|BPF_IMM:
114 op = "ld";
115 fmt = "#0x%x";
116 break;
117
118 case BPF_LDX|BPF_IMM:
119 op = "ldx";
120 fmt = "#0x%x";
121 break;
122
123 case BPF_LDX|BPF_MSH|BPF_B:
124 op = "ldxb";
125 fmt = "4*([%d]&0xf)";
126 break;
127
128 case BPF_LD|BPF_MEM:
129 op = "ld";
130 fmt = "M[%d]";
131 break;
132
133 case BPF_LDX|BPF_MEM:
134 op = "ldx";
135 fmt = "M[%d]";
136 break;
137
138 case BPF_ST:
139 op = "st";
140 fmt = "M[%d]";
141 break;
142
143 case BPF_STX:
144 op = "stx";
145 fmt = "M[%d]";
146 break;
147
148 case BPF_JMP|BPF_JA:
149 op = "ja";
150 fmt = "%d";
151 v = n + 1 + p->k;
152 break;
153
154 case BPF_JMP|BPF_JGT|BPF_K:
155 op = "jgt";
156 fmt = "#0x%x";
157 break;
158
159 case BPF_JMP|BPF_JGE|BPF_K:
160 op = "jge";
161 fmt = "#0x%x";
162 break;
163
164 case BPF_JMP|BPF_JEQ|BPF_K:
165 op = "jeq";
166 fmt = "#0x%x";
167 break;
168
169 case BPF_JMP|BPF_JSET|BPF_K:
170 op = "jset";
171 fmt = "#0x%x";
172 break;
173
174 case BPF_JMP|BPF_JGT|BPF_X:
175 op = "jgt";
176 fmt = "x";
177 break;
178
179 case BPF_JMP|BPF_JGE|BPF_X:
180 op = "jge";
181 fmt = "x";
182 break;
183
184 case BPF_JMP|BPF_JEQ|BPF_X:
185 op = "jeq";
186 fmt = "x";
187 break;
188
189 case BPF_JMP|BPF_JSET|BPF_X:
190 op = "jset";
191 fmt = "x";
192 break;
193
194 case BPF_ALU|BPF_ADD|BPF_X:
195 op = "add";
196 fmt = "x";
197 break;
198
199 case BPF_ALU|BPF_SUB|BPF_X:
200 op = "sub";
201 fmt = "x";
202 break;
203
204 case BPF_ALU|BPF_MUL|BPF_X:
205 op = "mul";
206 fmt = "x";
207 break;
208
209 case BPF_ALU|BPF_DIV|BPF_X:
210 op = "div";
211 fmt = "x";
212 break;
213
214 case BPF_ALU|BPF_MOD|BPF_X:
215 op = "mod";
216 fmt = "x";
217 break;
218
219 case BPF_ALU|BPF_AND|BPF_X:
220 op = "and";
221 fmt = "x";
222 break;
223
224 case BPF_ALU|BPF_OR|BPF_X:
225 op = "or";
226 fmt = "x";
227 break;
228
229 case BPF_ALU|BPF_XOR|BPF_X:
230 op = "xor";
231 fmt = "x";
232 break;
233
234 case BPF_ALU|BPF_LSH|BPF_X:
235 op = "lsh";
236 fmt = "x";
237 break;
238
239 case BPF_ALU|BPF_RSH|BPF_X:
240 op = "rsh";
241 fmt = "x";
242 break;
243
244 case BPF_ALU|BPF_ADD|BPF_K:
245 op = "add";
246 fmt = "#%d";
247 break;
248
249 case BPF_ALU|BPF_SUB|BPF_K:
250 op = "sub";
251 fmt = "#%d";
252 break;
253
254 case BPF_ALU|BPF_MUL|BPF_K:
255 op = "mul";
256 fmt = "#%d";
257 break;
258
259 case BPF_ALU|BPF_DIV|BPF_K:
260 op = "div";
261 fmt = "#%d";
262 break;
263
264 case BPF_ALU|BPF_MOD|BPF_K:
265 op = "mod";
266 fmt = "#%d";
267 break;
268
269 case BPF_ALU|BPF_AND|BPF_K:
270 op = "and";
271 fmt = "#0x%x";
272 break;
273
274 case BPF_ALU|BPF_OR|BPF_K:
275 op = "or";
276 fmt = "#0x%x";
277 break;
278
279 case BPF_ALU|BPF_XOR|BPF_K:
280 op = "xor";
281 fmt = "#0x%x";
282 break;
283
284 case BPF_ALU|BPF_LSH|BPF_K:
285 op = "lsh";
286 fmt = "#%d";
287 break;
288
289 case BPF_ALU|BPF_RSH|BPF_K:
290 op = "rsh";
291 fmt = "#%d";
292 break;
293
294 case BPF_ALU|BPF_NEG:
295 op = "neg";
296 fmt = "";
297 break;
298
299 case BPF_MISC|BPF_TAX:
300 op = "tax";
301 fmt = "";
302 break;
303
304 case BPF_MISC|BPF_TXA:
305 op = "txa";
306 fmt = "";
307 break;
308 }
309 (void)snprintf(operand, sizeof operand, fmt, v);
310 if (BPF_CLASS(p->code) == BPF_JMP && BPF_OP(p->code) != BPF_JA) {
311 (void)snprintf(image, sizeof image,
312 "(%03d) %-8s %-16s jt %d\tjf %d",
313 n, op, operand, n + 1 + p->jt, n + 1 + p->jf);
314 } else {
315 (void)snprintf(image, sizeof image,
316 "(%03d) %-8s %s",
317 n, op, operand);
318 }
319 return image;
320 }
321