| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
1 | /* $NetBSD: npf_bpf_comp.c,v 1.3 2014/02/13 00:42:01 rmind Exp $ */ | | 1 | /* $NetBSD: npf_bpf_comp.c,v 1.4 2014/03/15 08:46:01 rmind Exp $ */ |
2 | | | 2 | |
3 | /*- | | 3 | /*- |
4 | * Copyright (c) 2010-2013 The NetBSD Foundation, Inc. | | 4 | * Copyright (c) 2010-2013 The NetBSD Foundation, Inc. |
5 | * All rights reserved. | | 5 | * All rights reserved. |
6 | * | | 6 | * |
7 | * This material is based upon work partially supported by The | | 7 | * This material is based upon work partially supported by The |
8 | * NetBSD Foundation under a contract with Mindaugas Rasiukevicius. | | 8 | * NetBSD Foundation under a contract with Mindaugas Rasiukevicius. |
9 | * | | 9 | * |
10 | * Redistribution and use in source and binary forms, with or without | | 10 | * Redistribution and use in source and binary forms, with or without |
11 | * modification, are permitted provided that the following conditions | | 11 | * modification, are permitted provided that the following conditions |
12 | * are met: | | 12 | * are met: |
13 | * 1. Redistributions of source code must retain the above copyright | | 13 | * 1. Redistributions of source code must retain the above copyright |
14 | * notice, this list of conditions and the following disclaimer. | | 14 | * notice, this list of conditions and the following disclaimer. |
| @@ -24,27 +24,27 @@ | | | @@ -24,27 +24,27 @@ |
24 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | | 24 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
25 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | | 25 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS |
26 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | | 26 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN |
27 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | | 27 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
28 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | | 28 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
29 | * POSSIBILITY OF SUCH DAMAGE. | | 29 | * POSSIBILITY OF SUCH DAMAGE. |
30 | */ | | 30 | */ |
31 | | | 31 | |
32 | /* | | 32 | /* |
33 | * BPF byte-code generation for NPF rules. | | 33 | * BPF byte-code generation for NPF rules. |
34 | */ | | 34 | */ |
35 | | | 35 | |
36 | #include <sys/cdefs.h> | | 36 | #include <sys/cdefs.h> |
37 | __RCSID("$NetBSD: npf_bpf_comp.c,v 1.3 2014/02/13 00:42:01 rmind Exp $"); | | 37 | __RCSID("$NetBSD: npf_bpf_comp.c,v 1.4 2014/03/15 08:46:01 rmind Exp $"); |
38 | | | 38 | |
39 | #include <stdlib.h> | | 39 | #include <stdlib.h> |
40 | #include <stdbool.h> | | 40 | #include <stdbool.h> |
41 | #include <stddef.h> | | 41 | #include <stddef.h> |
42 | #include <string.h> | | 42 | #include <string.h> |
43 | #include <inttypes.h> | | 43 | #include <inttypes.h> |
44 | #include <err.h> | | 44 | #include <err.h> |
45 | #include <assert.h> | | 45 | #include <assert.h> |
46 | | | 46 | |
47 | #include <netinet/in.h> | | 47 | #include <netinet/in.h> |
48 | #include <netinet/in_systm.h> | | 48 | #include <netinet/in_systm.h> |
49 | #include <netinet/ip.h> | | 49 | #include <netinet/ip.h> |
50 | #include <netinet/ip6.h> | | 50 | #include <netinet/ip6.h> |
| @@ -411,27 +411,27 @@ npfctl_bpf_cidr(npf_bpf_t *ctx, u_int op | | | @@ -411,27 +411,27 @@ npfctl_bpf_cidr(npf_bpf_t *ctx, u_int op |
411 | length = (mask == NPF_NO_NETMASK) ? maxmask : mask; | | 411 | length = (mask == NPF_NO_NETMASK) ? maxmask : mask; |
412 | | | 412 | |
413 | /* CAUTION: BPF operates in host byte-order. */ | | 413 | /* CAUTION: BPF operates in host byte-order. */ |
414 | for (u_int i = 0; i < nwords; i++) { | | 414 | for (u_int i = 0; i < nwords; i++) { |
415 | const u_int woff = i * sizeof(uint32_t); | | 415 | const u_int woff = i * sizeof(uint32_t); |
416 | uint32_t word = ntohl(awords[i]); | | 416 | uint32_t word = ntohl(awords[i]); |
417 | uint32_t wordmask; | | 417 | uint32_t wordmask; |
418 | | | 418 | |
419 | if (length >= 32) { | | 419 | if (length >= 32) { |
420 | /* The mask is a full word - do not apply it. */ | | 420 | /* The mask is a full word - do not apply it. */ |
421 | wordmask = 0; | | 421 | wordmask = 0; |
422 | length -= 32; | | 422 | length -= 32; |
423 | } else if (length) { | | 423 | } else if (length) { |
424 | wordmask = 0xffffffff << (maxmask - length); | | 424 | wordmask = 0xffffffff << (32 - length); |
425 | length = 0; | | 425 | length = 0; |
426 | } else { | | 426 | } else { |
427 | /* The mask became zero - skip the rest. */ | | 427 | /* The mask became zero - skip the rest. */ |
428 | break; | | 428 | break; |
429 | } | | 429 | } |
430 | | | 430 | |
431 | /* A <- IP address (or one word of it) */ | | 431 | /* A <- IP address (or one word of it) */ |
432 | struct bpf_insn insns_ip[] = { | | 432 | struct bpf_insn insns_ip[] = { |
433 | BPF_STMT(BPF_LD+BPF_W+BPF_ABS, off + woff), | | 433 | BPF_STMT(BPF_LD+BPF_W+BPF_ABS, off + woff), |
434 | }; | | 434 | }; |
435 | add_insns(ctx, insns_ip, __arraycount(insns_ip)); | | 435 | add_insns(ctx, insns_ip, __arraycount(insns_ip)); |
436 | | | 436 | |
437 | /* A <- (A & MASK) */ | | 437 | /* A <- (A & MASK) */ |