| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
| 1 | /* $NetBSD: npf_bpf_comp.c,v 1.3 2014/02/13 00:42:01 rmind Exp $ */ | | 1 | /* $NetBSD: npf_bpf_comp.c,v 1.4 2014/03/15 08:46:01 rmind Exp $ */ |
| 2 | | | 2 | |
| 3 | /*- | | 3 | /*- |
| 4 | * Copyright (c) 2010-2013 The NetBSD Foundation, Inc. | | 4 | * Copyright (c) 2010-2013 The NetBSD Foundation, Inc. |
| 5 | * All rights reserved. | | 5 | * All rights reserved. |
| 6 | * | | 6 | * |
| 7 | * This material is based upon work partially supported by The | | 7 | * This material is based upon work partially supported by The |
| 8 | * NetBSD Foundation under a contract with Mindaugas Rasiukevicius. | | 8 | * NetBSD Foundation under a contract with Mindaugas Rasiukevicius. |
| 9 | * | | 9 | * |
| 10 | * Redistribution and use in source and binary forms, with or without | | 10 | * Redistribution and use in source and binary forms, with or without |
| 11 | * modification, are permitted provided that the following conditions | | 11 | * modification, are permitted provided that the following conditions |
| 12 | * are met: | | 12 | * are met: |
| 13 | * 1. Redistributions of source code must retain the above copyright | | 13 | * 1. Redistributions of source code must retain the above copyright |
| 14 | * notice, this list of conditions and the following disclaimer. | | 14 | * notice, this list of conditions and the following disclaimer. |
| @@ -24,27 +24,27 @@ | | | @@ -24,27 +24,27 @@ |
| 24 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | | 24 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
| 25 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | | 25 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS |
| 26 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | | 26 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN |
| 27 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | | 27 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
| 28 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | | 28 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
| 29 | * POSSIBILITY OF SUCH DAMAGE. | | 29 | * POSSIBILITY OF SUCH DAMAGE. |
| 30 | */ | | 30 | */ |
| 31 | | | 31 | |
| 32 | /* | | 32 | /* |
| 33 | * BPF byte-code generation for NPF rules. | | 33 | * BPF byte-code generation for NPF rules. |
| 34 | */ | | 34 | */ |
| 35 | | | 35 | |
| 36 | #include <sys/cdefs.h> | | 36 | #include <sys/cdefs.h> |
| 37 | __RCSID("$NetBSD: npf_bpf_comp.c,v 1.3 2014/02/13 00:42:01 rmind Exp $"); | | 37 | __RCSID("$NetBSD: npf_bpf_comp.c,v 1.4 2014/03/15 08:46:01 rmind Exp $"); |
| 38 | | | 38 | |
| 39 | #include <stdlib.h> | | 39 | #include <stdlib.h> |
| 40 | #include <stdbool.h> | | 40 | #include <stdbool.h> |
| 41 | #include <stddef.h> | | 41 | #include <stddef.h> |
| 42 | #include <string.h> | | 42 | #include <string.h> |
| 43 | #include <inttypes.h> | | 43 | #include <inttypes.h> |
| 44 | #include <err.h> | | 44 | #include <err.h> |
| 45 | #include <assert.h> | | 45 | #include <assert.h> |
| 46 | | | 46 | |
| 47 | #include <netinet/in.h> | | 47 | #include <netinet/in.h> |
| 48 | #include <netinet/in_systm.h> | | 48 | #include <netinet/in_systm.h> |
| 49 | #include <netinet/ip.h> | | 49 | #include <netinet/ip.h> |
| 50 | #include <netinet/ip6.h> | | 50 | #include <netinet/ip6.h> |
| @@ -411,27 +411,27 @@ npfctl_bpf_cidr(npf_bpf_t *ctx, u_int op | | | @@ -411,27 +411,27 @@ npfctl_bpf_cidr(npf_bpf_t *ctx, u_int op |
| 411 | length = (mask == NPF_NO_NETMASK) ? maxmask : mask; | | 411 | length = (mask == NPF_NO_NETMASK) ? maxmask : mask; |
| 412 | | | 412 | |
| 413 | /* CAUTION: BPF operates in host byte-order. */ | | 413 | /* CAUTION: BPF operates in host byte-order. */ |
| 414 | for (u_int i = 0; i < nwords; i++) { | | 414 | for (u_int i = 0; i < nwords; i++) { |
| 415 | const u_int woff = i * sizeof(uint32_t); | | 415 | const u_int woff = i * sizeof(uint32_t); |
| 416 | uint32_t word = ntohl(awords[i]); | | 416 | uint32_t word = ntohl(awords[i]); |
| 417 | uint32_t wordmask; | | 417 | uint32_t wordmask; |
| 418 | | | 418 | |
| 419 | if (length >= 32) { | | 419 | if (length >= 32) { |
| 420 | /* The mask is a full word - do not apply it. */ | | 420 | /* The mask is a full word - do not apply it. */ |
| 421 | wordmask = 0; | | 421 | wordmask = 0; |
| 422 | length -= 32; | | 422 | length -= 32; |
| 423 | } else if (length) { | | 423 | } else if (length) { |
| 424 | wordmask = 0xffffffff << (maxmask - length); | | 424 | wordmask = 0xffffffff << (32 - length); |
| 425 | length = 0; | | 425 | length = 0; |
| 426 | } else { | | 426 | } else { |
| 427 | /* The mask became zero - skip the rest. */ | | 427 | /* The mask became zero - skip the rest. */ |
| 428 | break; | | 428 | break; |
| 429 | } | | 429 | } |
| 430 | | | 430 | |
| 431 | /* A <- IP address (or one word of it) */ | | 431 | /* A <- IP address (or one word of it) */ |
| 432 | struct bpf_insn insns_ip[] = { | | 432 | struct bpf_insn insns_ip[] = { |
| 433 | BPF_STMT(BPF_LD+BPF_W+BPF_ABS, off + woff), | | 433 | BPF_STMT(BPF_LD+BPF_W+BPF_ABS, off + woff), |
| 434 | }; | | 434 | }; |
| 435 | add_insns(ctx, insns_ip, __arraycount(insns_ip)); | | 435 | add_insns(ctx, insns_ip, __arraycount(insns_ip)); |
| 436 | | | 436 | |
| 437 | /* A <- (A & MASK) */ | | 437 | /* A <- (A & MASK) */ |