1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
|
/*
* Argus Client Software. Tools to read, analyze and manage Argus data.
* Copyright (c) 2000-2003 QoSient, LLC
* All rights reserved.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
*/
/*
* Copyright (c) 1990, 1991, 1992, 1993, 1994
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that: (1) source code distributions
* retain the above copyright notice and this paragraph in its entirety, (2)
* distributions including binary code include the above copyright notice and
* this paragraph in its entirety in the documentation or other materials
* provided with the distribution, and (3) all advertising materials mentioning
* features or use of this software display the following acknowledgement:
* ``This product includes software developed by the University of California,
* Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
* the University nor the names of its contributors may be used to endorse
* or promote products derived from this software without specific prior
* written permission.
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
* WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* @(#) $Header: /usr/local/cvsroot/argus-clients/include/gencode.h,v 1.5 2003/12/06 17:51:49 argus Exp $ (LBL)
*/
/*
* filter.h must be included before this file.
*/
#include <os.h>
#define BPF_MEMWORDS 16
/* Address qualifers. */
#define Q_HOST 1
#define Q_SRCID 2
#define Q_NET 3
#define Q_PORT 4
#define Q_GATEWAY 5
#define Q_PROTO 6
#define Q_TTL 7
#define Q_TOS 8
#define Q_VLANID 9
#define Q_MPLSID 10
/* Protocol qualifiers. */
#define Q_LINK 1
#define Q_MAN 2
#define Q_IP 3
#define Q_ARP 4
#define Q_RARP 5
#define Q_TCP 6
#define Q_UDP 7
#define Q_ICMP 8
#define Q_IGMP 9
#define Q_IGRP 10
#define Q_DECNET 11
#define Q_LAT 12
#define Q_MOPRC 13
#define Q_MOPDL 14
#define Q_ANON 15
#define Q_MERGED 16
/* TCP Protocol qualifiers. */
#define Q_NORMAL 17
#define Q_MULTIPATH 18
#define Q_RESET 19
#define Q_TIMEDOUT 20
#define Q_WINSHUT 21
#define Q_ESTABLISHED 22
#define Q_RETRANS 23
#define Q_SRCRETRANS 24
#define Q_DSTRETRANS 25
#define Q_OUTOFORDER 26
#define Q_SRCOUTOFORDER 27
#define Q_DSTOUTOFORDER 28
#define Q_FRAG 29
#define Q_FRAG_ONLY 30
#define Q_CONNECTED 31
#define Q_REJECT 32
#define Q_ECHO 33
#define Q_UNREACH 34
#define Q_REDIRECT 35
#define Q_TIMEXED 36
#define Q_LOOP 37
#define Q_CORRELATED 38
#define Q_SYN 40
#define Q_SYNACK 41
#define Q_DATA 42
#define Q_FIN 43
#define Q_FINACK 44
#define Q_WAIT 45
/* RTP Protocol qualifiers. */
#define Q_RTP 46
#define Q_RTCP 47
#define Q_ESP 48
#define Q_ECN 49
#define Q_MPLS 50
#define Q_VLAN 51
#define Q_RTR 52
#define Q_MBR 53
#define Q_LVG 54
/* Directional qualifers. */
#define Q_SRC 1
#define Q_DST 2
#define Q_OR 3
#define Q_AND 4
#define Q_DEFAULT 0
#define Q_UNDEF 255
struct stmt {
int code;
struct slist *jt; /*only for relative jump in ablock*/
struct slist *jf; /*only for relative jump in ablock*/
int k;
};
struct slist {
struct stmt s;
struct slist *next;
};
/*
* A bit vector to represent definition sets. We assume TOT_REGISTERS
* is smaller than 8*sizeof(atomset).
*/
typedef unsigned int atomset;
#define ATOMMASK(n) (1 << (n))
#define ATOMELEM(d, n) (d & ATOMMASK(n))
/*
* An unbounded set.
*/
typedef unsigned int *uset;
/*
* Total number of atomic entities, including accumulator (A) and index (X).
* We treat all these guys similarly during flow analysis.
*/
#define N_ATOMS (BPF_MEMWORDS+2)
struct edge {
int id;
int code;
uset edom;
struct ablock *succ;
struct ablock *pred;
struct edge *next; /* link list of incoming edges for a node */
};
struct ablock {
int id;
struct slist *stmts; /* side effect stmts */
struct stmt s; /* branch stmt */
int mark;
int longjt; /* jt branch requires long jump */
int longjf; /* jf branch requires long jump */
int level;
int offset;
int sense;
struct edge et;
struct edge ef;
struct ablock *head;
struct ablock *link; /* link field used by optimizer */
uset dom;
uset closure;
struct edge *in_edges;
atomset def, kill;
atomset in_use;
atomset out_use;
int oval;
int val[N_ATOMS];
};
struct arth {
struct ablock *b; /* protocol checks */
struct slist *s; /* stmt list */
int regno; /* virtual register number of result */
};
struct qual {
unsigned char addr;
unsigned char proto;
unsigned char dir;
unsigned char pad;
};
#ifndef __GNUC__
#define volatile
#endif
#define yylex argus_lex
#define yyparse argus_parse
extern int argus_lex(void);
extern int argus_parse (void);
extern void argus_lex_init(char *buf);
struct arth *Argusgen_loadi(int);
struct arth *Argusgen_load(int, struct arth *, int);
struct arth *Argusgen_loadlen(void);
struct arth *Argusgen_neg(struct arth *);
struct arth *Argusgen_arth(int, struct arth *, struct arth *);
void Argusgen_and(struct ablock *, struct ablock *);
void Argusgen_or(struct ablock *, struct ablock *);
void Argusgen_not(struct ablock *);
struct ablock *Argusgen_scode(char *, struct qual);
struct ablock *Argusgen_tcode(int, struct qual);
struct ablock *Argusgen_ecode(u_char *, struct qual);
struct ablock *Argusgen_mcode(char *, char *, int, struct qual);
struct ablock *Argusgen_ncode(char *, unsigned int, struct qual);
struct ablock *Argusgen_proto_abbrev(int);
struct ablock *Argusgen_relation(int, struct arth *, struct arth *, int);
struct ablock *Argusgen_less(int);
struct ablock *Argusgen_greater(int);
struct ablock *Argusgen_byteop(int, int, int);
struct ablock *Argusgen_broadcast(int);
struct ablock *Argusgen_multicast(int);
struct ablock *Argusgen_inbound(int);
void Argusbpf_optimize(struct ablock **);
void Argus_error(char *fmt, ...);
void Argusfinish_parse(struct ablock *);
char *Argussdup(char *);
struct bpf_insn *Argusicode_to_fcode(struct ablock *, int *);
int Arguspcap_parse(void);
void Arguslex_init(char *);
void Argussappend(struct slist *, struct slist *);
int ArgusFilterCompile(struct bpf_program *, char *, int, unsigned int);
/* XXX */
#define JT(b) ((b)->et.succ)
#define JF(b) ((b)->ef.succ)
|
