Add Support for BPF arch

capstone-rs/src/arch/bpf.rs

@@ -0,0 +1,102 @@
+//! Contains bpf specific types
+
+use core::convert::From;
+use core::{cmp, fmt, slice};
+
+pub use capstone_sys::bpf_insn_group as BpfInsnGroup;
+pub use capstone_sys::bpf_insn as BpfInsn;
+pub use capstone_sys::bpf_reg as BpfReg;
+use capstone_sys::{cs_bpf, cs_bpf_op, bpf_op_mem, bpf_op_type};
+
+pub use crate::arch::arch_builder::bpf::*;
+use crate::arch::DetailsArchInsn;
+use crate::instruction::{RegId, RegIdInt};
+
+/// Contains BPF-specific details for an instruction
+pub struct BpfInsnDetail<'a>(pub(crate) &'a cs_bpf);
+
+impl_PartialEq_repr_fields!(BpfInsnDetail<'a> [ 'a ];
+    operands
+);
+
+/// BPF operand
+#[derive(Clone, Debug, Eq, PartialEq)]
+pub enum BpfOperand {
+    /// Register
+    Reg(RegId),
+
+    /// Immediate
+    Imm(u64),
+
+    /// Memory
+    Mem(BpfOpMem),
+
+    /// Offset
+    Off(u32),
+
+    /// Mmem
+    Mmem(u32),
+
+    /// Msh
+    Msh(u32),
+
+    /// Ext
+    Ext(u32),
+
+    /// Invalid
+    Invalid,
+}
+
+impl Default for BpfOperand {
+    fn default() -> Self {
+        BpfOperand::Invalid
+    }
+}
+
+
+/// Bpf memory operand
+#[derive(Debug, Copy, Clone)]
+pub struct BpfOpMem(pub(crate) bpf_op_mem);
+
+impl BpfOpMem {
+    /// Base register
+    pub fn base(&self) -> RegId {
+        RegId(self.0.base as RegIdInt)
+    }
+
+    /// Disp value
+    pub fn disp(&self) -> u32 {
+        self.0.disp
+    }
+}
+
+impl_PartialEq_repr_fields!(BpfOpMem;
+    base, disp
+);
+
+impl cmp::Eq for BpfOpMem {}
+
+impl<'a> From<&'a cs_bpf_op> for BpfOperand {
+    fn from(insn: &cs_bpf_op) -> BpfOperand {
+        match insn.type_ {
+            bpf_op_type::BPF_OP_EXT => BpfOperand::Ext(unsafe { insn.__bindgen_anon_1.ext }),
+            bpf_op_type::BPF_OP_INVALID => BpfOperand::Invalid,
+            bpf_op_type::BPF_OP_REG => BpfOperand::Reg(RegId(unsafe {insn.__bindgen_anon_1.reg} as RegIdInt)),
+            bpf_op_type::BPF_OP_IMM => BpfOperand::Imm(unsafe { insn.__bindgen_anon_1.imm }),
+            bpf_op_type::BPF_OP_MEM => BpfOperand::Mem(BpfOpMem(unsafe { insn.__bindgen_anon_1.mem})),
+            bpf_op_type::BPF_OP_OFF => BpfOperand::Off(unsafe { insn.__bindgen_anon_1.off }),
+            bpf_op_type::BPF_OP_MMEM => BpfOperand::Mmem(unsafe { insn.__bindgen_anon_1.mmem }),
+            bpf_op_type::BPF_OP_MSH => BpfOperand::Msh(unsafe { insn.__bindgen_anon_1.msh }),
+        }
+    }
+}
+
+def_arch_details_struct!(
+    InsnDetail = BpfInsnDetail;
+    Operand = BpfOperand;
+    OperandIterator = BpfOperandIterator;
+    OperandIteratorLife = BpfOperandIterator<'a>;
+    [ pub struct BpfOperandIterator<'a>(slice::Iter<'a, cs_bpf_op>); ]
+    cs_arch_op = cs_bpf_op;
+    cs_arch = cs_bpf;
+);

capstone-rs/src/arch/mod.rs

@@ -352,6 +352,16 @@ macro_rules! arch_info_base {
                 ( syntax: )
                 ( both_endian: false  )
             ]
+            [
+                ( bpf, BPF )
+                ( mode:
+                    Cbpf,
+                    Ebpf,
+                )
+                ( extra_modes: )
+                ( syntax: )
+                ( both_endian: true  )
+            ]
         );
     };
 }
@@ -534,6 +544,13 @@ macro_rules! detail_arch_base {
                 /// Returns the XCore details, if any
                 => arch_name = xcore,
             ]
+            [
+                detail = BpfDetail,
+                insn_detail = BpfInsnDetail<'a>,
+                op = BpfOperand,
+                /// Returns the XCore details, if any
+                => arch_name = bpf,
+            ]
         );
     };
 }

capstone-rs/src/constants.rs

@@ -221,6 +221,8 @@ define_cs_enum_wrapper!(
     => EVM = CS_ARCH_EVM;
     /// RISC-V
     => RISCV = CS_ARCH_RISCV;
+    /// BPF
+    => BPF = CS_ARCH_BPF;
 );
 
 define_cs_enum_wrapper!(
@@ -286,6 +288,10 @@ define_cs_enum_wrapper!(
     => RiscV32 = CS_MODE_RISCV32;
     /// RISC-V 64-bit mode
     => RiscV64 = CS_MODE_RISCV64;
+    /// Classic BPF mode
+    => Cbpf = CS_MODE_BPF_CLASSIC;
+    /// Extended BPF mode
+    => Ebpf = CS_MODE_BPF_EXTENDED;
     /// Default mode for little-endian
     => Default = CS_MODE_LITTLE_ENDIAN;
 );

capstone-rs/src/instruction.rs

@@ -440,6 +440,7 @@ impl<'a> InsnDetail<'a> {
             [TMS320C64X, Tms320c64xDetail, Tms320c64xInsnDetail, tms320c64x]
             [X86, X86Detail, X86InsnDetail, x86]
             [XCORE, XcoreDetail, XcoreInsnDetail, xcore]
+            [BPF, BpfDetail, BpfInsnDetail, bpf]
         );
     }
 }

capstone-sys/Cargo.toml

@@ -26,7 +26,7 @@ travis-ci = { repository = "capstone-rust/capstone-sys" }
 libc = { version = "0.2.59", default-features = false }
 
 [build-dependencies]
-bindgen = { optional = true, version = "0.59.1" }
+bindgen = { optional = true, version = "0.62.0" }
 regex = { optional = true, version = "1.3.1" }
 cc = "1.0"
 

capstone-sys/build.rs

@@ -132,6 +132,7 @@ fn build_capstone_cc() {
         .define("CAPSTONE_HAS_WASM", None)
         .define("CAPSTONE_HAS_X86", None)
         .define("CAPSTONE_HAS_XCORE", None)
+        .define("CAPSTONE_HAS_BPF", None)
         // No need to display any warnings from the C library
         .flag_if_supported("-w")
         .static_crt(use_static_crt);
@@ -282,7 +283,7 @@ fn write_bindgen_bindings(
     bindings
         .write_to_file(&out_bindings_path)
         .expect("Unable to write bindings");
-
+ 
     // Parse bindings and impl fn to cast u32 to <arch>_insn, write output to file
     let bindings_impl_str = impl_insid_to_insenum(&bindings.to_string());
     let mut bindings_impl = File::create(&out_impl_path).expect("Unable to open file");

capstone-sys/common.rs

@@ -77,6 +77,10 @@ pub static ARCH_INCLUDES: &[CapstoneArchInfo<'static>] = &[
         header_name: "xcore.h",
         cs_name: "xcore",
     },
+    CapstoneArchInfo {
+        header_name: "bpf.h",
+        cs_name: "bpf"
+    }
 ];
 
 pub static BINDINGS_FILE: &str = "capstone.rs";