Merge pull request #52 from Igalia/low-port-number

Operators 'port' and 'portrange' can be prefixed by 'src' or 'dst'
Igalia · Sep 30, 2014 · 2bf88fa · 2bf88fa
2 parents 5aa6ec2 + 70951f1
commit 2bf88fa
Show file tree

Hide file tree

Showing 14 changed files with 436 additions and 84 deletions.
diff --git a/doc/Makefile b/doc/Makefile
@@ -10,7 +10,9 @@ EXAMPLES = \
 	net-ipv6-0-mask-16.md \
 	net-ipv6-ee.cc.9954.0-mask-111.md \
 	src-net-ffff.ffff.eeee.eeee.1.0.0.0-82.md \
-	src-net-ffff.ffff.eeee.eeee.0.0.0.0-72.md
+	src-net-ffff.ffff.eeee.eeee.0.0.0.0-72.md \
+	src-port-80.md \
+	dst-portrange-80-90.md
 
 PFLUA = \
 	../src/pf.lua \
@@ -54,3 +56,9 @@ src-net-ffff.ffff.eeee.eeee.1.0.0.0-82.md: $(PFLUA)
 
 src-net-ffff.ffff.eeee.eeee.0.0.0.0-72.md: $(PFLUA)
 	../tools/dump-markdown "src net ffff:ffff:eeee:eeee:0:0:0:0/72" > $@.tmp && mv $@.tmp $@
+
+src-port-80.md:
+	../tools/dump-markdown "src port 80" > $@.tmp && mv $@.tmp $@
+
+dst-portrange-80-90.md:
+	../tools/dump-markdown "dst portrange 80-90" > $@.tmp && mv $@.tmp $@
diff --git a/doc/dst-portrange-80-90.md b/doc/dst-portrange-80-90.md
@@ -0,0 +1,170 @@
+# dst portrange 80-90
+
+
+## BPF
+
+```
+000: A = P[12:2]
+001: if (A == 34525) goto 2 else goto 8
+002: A = P[20:1]
+003: if (A == 132) goto 6 else goto 4
+004: if (A == 6) goto 6 else goto 5
+005: if (A == 17) goto 6 else goto 20
+006: A = P[56:2]
+007: if (A >= 80) goto 18 else goto 20
+008: if (A == 2048) goto 9 else goto 20
+009: A = P[23:1]
+010: if (A == 132) goto 13 else goto 11
+011: if (A == 6) goto 13 else goto 12
+012: if (A == 17) goto 13 else goto 20
+013: A = P[20:2]
+014: if (A & 8191 != 0) goto 20 else goto 15
+015: X = (P[14:1] & 0xF) << 2
+016: A = P[X+16:2]
+017: if (A >= 80) goto 18 else goto 20
+018: if (A > 90) goto 20 else goto 19
+019: return 65535
+020: return 0
+```
+
+
+## BPF cross-compiled to Lua
+
+```
+return function (P, length)
+   local A = 0
+   local X = 0
+   local T = 0
+   if 14 > length then return 0 end
+   A = bit.bor(bit.lshift(P[12], 8), P[12+1])
+   if not (A==34525) then goto L7 end
+   if 21 > length then return 0 end
+   A = P[20]
+   if (A==132) then goto L5 end
+   if (A==6) then goto L5 end
+   if not (A==17) then goto L19 end
+   ::L5::
+   if 58 > length then return 0 end
+   A = bit.bor(bit.lshift(P[56], 8), P[56+1])
+   if (runtime_u32(A)>=80) then goto L17 end
+   goto L19
+   ::L7::
+   if not (A==2048) then goto L19 end
+   if 24 > length then return 0 end
+   A = P[23]
+   if (A==132) then goto L12 end
+   if (A==6) then goto L12 end
+   if not (A==17) then goto L19 end
+   ::L12::
+   if 22 > length then return 0 end
+   A = bit.bor(bit.lshift(P[20], 8), P[20+1])
+   if not (bit.band(A, 8191)==0) then goto L19 end
+   if 14 >= length then return 0 end
+   X = bit.lshift(bit.band(P[14], 15), 2)
+   T = bit.tobit((X+16))
+   if T < 0 or T + 2 > length then return 0 end
+   A = bit.bor(bit.lshift(P[T], 8), P[T+1])
+   if not (runtime_u32(A)>=80) then goto L19 end
+   ::L17::
+   if (runtime_u32(A)>90) then goto L19 end
+   do return 65535 end
+   ::L19::
+   do return 0 end
+   error("end of bpf")
+end
+```
+
+
+## Direct pflang compilation
+
+```
+return function(P,length)
+   if not (length >= 34) then do return false end end
+   do
+      local v1 = ffi.cast("uint16_t*", P+12)[0]
+      if not (v1 == 8) then goto L3 end
+      do
+         local v2 = P[23]
+         if v2 == 6 then goto L4 end
+         do
+            if v2 == 17 then goto L4 end
+            do
+               if not (v2 == 132) then do return false end end
+            end
+         end
+::L4::
+         do
+            local v3 = ffi.cast("uint16_t*", P+20)[0]
+            local v4 = bit.band(v3,65311)
+            if not (v4 == 0) then do return false end end
+            do
+               local v5 = P[14]
+               local v6 = bit.band(v5,15)
+               local v7 = bit.lshift(v6,2)
+               local v8 = v7 + 16
+               if not (v8 <= length) then do return false end end
+               do
+                  local v9 = v7 + 14
+                  local v10 = ffi.cast("uint16_t*", P+v9)[0]
+                  local v11 = bit.rshift(bit.bswap(v10), 16)
+                  if not (v11 >= 80) then do return false end end
+                  do
+                     do return v11 <= 90 end
+                  end
+               end
+            end
+         end
+      end
+::L3::
+      do
+         if not (length >= 58) then do return false end end
+         do
+            if not (v1 == 56710) then do return false end end
+            do
+               local v12 = P[20]
+               if v12 == 6 then goto L12 end
+               do
+                  if not (v12 == 44) then goto L13 end
+                  do
+                     local v13 = P[54]
+                     if v13 == 6 then goto L12 end
+                  end
+               end
+::L13::
+               do
+                  if v12 == 17 then goto L12 end
+                  do
+                     if not (v12 == 44) then goto L16 end
+                     do
+                        local v14 = P[54]
+                        if v14 == 17 then goto L12 end
+                     end
+                  end
+::L16::
+                  do
+                     if v12 == 132 then goto L12 end
+                     do
+                        if not (v12 == 44) then do return false end end
+                        do
+                           local v15 = P[54]
+                           if not (v15 == 132) then do return false end end
+                        end
+                     end
+                  end
+               end
+::L12::
+               do
+                  local v16 = ffi.cast("uint16_t*", P+56)[0]
+                  local v17 = bit.rshift(bit.bswap(v16), 16)
+                  if not (v17 >= 80) then do return false end end
+                  do
+                     do return v17 <= 90 end
+                  end
+               end
+            end
+         end
+      end
+   end
+end
+```
+
diff --git a/doc/host-127.0.0.1.md b/doc/host-127.0.0.1.md
@@ -59,30 +59,30 @@ end
 
 ```
 return function(P,length)
-   if not (length >= 34) then return false end
+   if not (length >= 34) then do return false end end
    do
       local v1 = ffi.cast("uint16_t*", P+12)[0]
       if not (v1 == 8) then goto L3 end
       do
          local v2 = ffi.cast("uint32_t*", P+26)[0]
-         if v2 == 16777343 then return true end
+         if v2 == 16777343 then do return true end end
          do
             local v3 = ffi.cast("uint32_t*", P+30)[0]
             do return v3 == 16777343 end
          end
       end
 ::L3::
       do
-         if not (length >= 42) then return false end
+         if not (length >= 42) then do return false end end
          do
             if v1 == 1544 then goto L6 end
             do
-               if not (v1 == 13696) then return false end
+               if not (v1 == 13696) then do return false end end
             end
 ::L6::
             do
                local v4 = ffi.cast("uint32_t*", P+28)[0]
-               if v4 == 16777343 then return true end
+               if v4 == 16777343 then do return true end end
                do
                   local v5 = ffi.cast("uint32_t*", P+38)[0]
                   do return v5 == 16777343 end

diff --git a/doc/host-ipv6-localhost.md b/doc/host-ipv6-localhost.md
@@ -73,10 +73,10 @@ end
 
 ```
 return function(P,length)
-   if not (length >= 54) then return false end
+   if not (length >= 54) then do return false end end
    do
       local v1 = ffi.cast("uint16_t*", P+12)[0]
-      if not (v1 == 56710) then return false end
+      if not (v1 == 56710) then do return false end end
       do
          local v2 = ffi.cast("uint32_t*", P+22)[0]
          if not (v2 == 0) then goto L3 end
@@ -88,20 +88,20 @@ return function(P,length)
                if not (v4 == 0) then goto L3 end
                do
                   local v5 = ffi.cast("uint32_t*", P+34)[0]
-                  if v5 == 16777216 then return true end
+                  if v5 == 16777216 then do return true end end
                end
             end
          end
 ::L3::
          do
             local v6 = ffi.cast("uint32_t*", P+38)[0]
-            if not (v6 == 0) then return false end
+            if not (v6 == 0) then do return false end end
             do
                local v7 = ffi.cast("uint32_t*", P+42)[0]
-               if not (v7 == 0) then return false end
+               if not (v7 == 0) then do return false end end
                do
                   local v8 = ffi.cast("uint32_t*", P+46)[0]
-                  if not (v8 == 0) then return false end
+                  if not (v8 == 0) then do return false end end
                   do
                      local v9 = ffi.cast("uint32_t*", P+50)[0]
                      do return v9 == 16777216 end

diff --git a/doc/icmp-or-tcp-or-udp.md b/doc/icmp-or-tcp-or-udp.md
@@ -58,58 +58,58 @@ end
 
 ```
 return function(P,length)
-   if not (length >= 34) then return false end
+   if not (length >= 34) then do return false end end
    do
       local v1 = ffi.cast("uint16_t*", P+12)[0]
       if not (v1 == 8) then goto L3 end
       do
          local v2 = P[23]
-         if v2 == 1 then return true end
+         if v2 == 1 then do return true end end
          do
-            if v2 == 6 then return true end
+            if v2 == 6 then do return true end end
             do
                do return v2 == 17 end
             end
          end
       end
 ::L3::
       do
-         if not (length >= 54) then return false end
+         if not (length >= 54) then do return false end end
          do
-            if not (v1 == 56710) then return false end
+            if not (v1 == 56710) then do return false end end
             do
                local v3 = P[20]
-               if v3 == 1 then return true end
+               if v3 == 1 then do return true end end
                do
-                  if not (length >= 55) then return false end
+                  if not (length >= 55) then do return false end end
                   do
                      if not (v3 == 44) then goto L8 end
                      do
                         local v4 = P[54]
-                        if v4 == 1 then return true end
+                        if v4 == 1 then do return true end end
                      end
                   end
                end
 ::L8::
                do
-                  if v3 == 6 then return true end
+                  if v3 == 6 then do return true end end
                   do
-                     if not (length >= 55) then return false end
+                     if not (length >= 55) then do return false end end
                      do
                         if not (v3 == 44) then goto L12 end
                         do
                            local v5 = P[54]
-                           if v5 == 6 then return true end
+                           if v5 == 6 then do return true end end
                         end
                      end
                   end
 ::L12::
                   do
-                     if v3 == 17 then return true end
+                     if v3 == 17 then do return true end end
                      do
-                        if not (length >= 55) then return false end
+                        if not (length >= 55) then do return false end end
                         do
-                           if not (v3 == 44) then return false end
+                           if not (v3 == 44) then do return false end end
                            do
                               local v6 = P[54]
                               do return v6 == 17 end

diff --git a/doc/net-127.0.0.0-8.md b/doc/net-127.0.0.0-8.md
@@ -67,14 +67,14 @@ end
 
 ```
 return function(P,length)
-   if not (length >= 34) then return false end
+   if not (length >= 34) then do return false end end
    do
       local v1 = ffi.cast("uint16_t*", P+12)[0]
       if not (v1 == 8) then goto L3 end
       do
          local v2 = ffi.cast("uint32_t*", P+26)[0]
          local v3 = bit.band(v2,255)
-         if v3 == 127 then return true end
+         if v3 == 127 then do return true end end
          do
             local v4 = ffi.cast("uint32_t*", P+30)[0]
             local v5 = bit.band(v4,255)
@@ -83,17 +83,17 @@ return function(P,length)
       end
 ::L3::
       do
-         if not (length >= 42) then return false end
+         if not (length >= 42) then do return false end end
          do
             if v1 == 1544 then goto L6 end
             do
-               if not (v1 == 13696) then return false end
+               if not (v1 == 13696) then do return false end end
             end
 ::L6::
             do
                local v6 = ffi.cast("uint32_t*", P+28)[0]
                local v7 = bit.band(v6,255)
-               if v7 == 127 then return true end
+               if v7 == 127 then do return true end end
                do
                   local v8 = ffi.cast("uint32_t*", P+38)[0]
                   local v9 = bit.band(v8,255)

diff --git a/doc/net-ipv6-0-mask-16.md b/doc/net-ipv6-0-mask-16.md
@@ -42,14 +42,14 @@ end
 
 ```
 return function(P,length)
-   if not (length >= 54) then return false end
+   if not (length >= 54) then do return false end end
    do
       local v1 = ffi.cast("uint16_t*", P+12)[0]
-      if not (v1 == 56710) then return false end
+      if not (v1 == 56710) then do return false end end
       do
          local v2 = ffi.cast("uint32_t*", P+22)[0]
          local v3 = bit.band(v2,65535)
-         if v3 == 0 then return true end
+         if v3 == 0 then do return true end end
          do
             local v4 = ffi.cast("uint32_t*", P+38)[0]
             local v5 = bit.band(v4,65535)