tcpdump mailing list archives
Bug in libpcap filter optimizator (optimize.c)
From: "Gianluca Varenni" <gianluca.varenni () cacetech com>
Date: Tue, 12 Jun 2007 11:57:59 -0700
Guys,it looks like the optimizer for the BPF compiler has a bug and removes some needed LD instructions. This happens on the HEAD and 0.9.x branch (I tested it with optimize.c 1.87 and 1.85.2.1 as well as older versions).
Details Linktype: DLT_802_11_RADIO (802.11 + radiotap) or DLT_802_11 Filter: "wlan src addr 1:2:3:4:5:6"The following BPF dumps are generated with DLT_802_11, in the radiotap case the difference is that instead of being immediate loads from the packets (LD[0]), the index register X is used (LD[x+0]).
Un-optimized code (000) ldb [0] (001) jset #0x4 jt 31 jf 2 (002) ldb [0] (003) jset #0x8 jt 8 jf 4 (004) ld [12] (005) jeq #0x3040506 jt 6 jf 8 (006) ldh [10] (007) jeq #0x102 jt 30 jf 8 (008) ldb [1] (009) jset #0x8 jt 10 jf 31 (010) ldb [1] (011) jset #0x2 jt 16 jf 12 (012) ld [12] (013) jeq #0x3040506 jt 14 jf 16 (014) ldh [10] (015) jeq #0x102 jt 30 jf 16 (016) ldb [1] (017) jset #0x2 jt 18 jf 31 (018) ldb [1] (019) jset #0x1 jt 24 jf 20 (020) ld [18] (021) jeq #0x3040506 jt 22 jf 24 (022) ldh [16] (023) jeq #0x102 jt 30 jf 24 (024) ldb [1] (025) jset #0x1 jt 26 jf 31 (026) ld [26] (027) jeq #0x3040506 jt 28 jf 31 (028) ldh [24] (029) jeq #0x102 jt 30 jf 31 (030) ret #96 (031) ret #0 Optimized code (000) ldb [0] (001) jset #0x4 jt 23 jf 2 (002) jset #0x8 jt 7 jf 3 (003) ld [12] (004) jeq #0x3040506 jt 5 jf 7 (005) ldh [10] (006) jeq #0x102 jt 22 jf 7 (007) jset #0x8 jt 8 jf 23 <-- WRONG (008) jset #0x2 jt 9 jf 18 <-- WRONG (009) jset #0x1 jt 10 jf 14 (010) ld [26] (011) jeq #0x3040506 jt 12 jf 23 (012) ldh [24] (013) jeq #0x102 jt 22 jf 23 (014) ld [18] (015) jeq #0x3040506 jt 16 jf 23 (016) ldh [16] (017) jeq #0x102 jt 22 jf 23 (018) ld [12] (019) jeq #0x3040506 jt 20 jf 23 (020) ldh [10] (021) jeq #0x102 jt 22 jf 23 (022) ret #96 (023) ret #0If instruction (007) is reached from instruction (006), the accumulator contains the value read in (005), that is packet[10] (2bytes). The optimizer is clearly removing a "ldb[1]" before the jset at (007). In the un-optimized code the ldb[1] instruction is (008) and it's repeated at (010), (016), (018).
I have no idea where this optimization takes place :-(. Anyone willing to help? Have a nice day GV - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- Bug in libpcap filter optimizator (optimize.c) Gianluca Varenni (Jun 12)