From e52eb31130d97b4ad784b6b3ea034689e469ffd4 Mon Sep 17 00:00:00 2001
From: Martin Teichmann <martin.teichmann@gmail.com>
Date: Wed, 15 Feb 2023 08:40:02 +0000
Subject: [PATCH] support huge immediate values

we were already able to use huge values in assignments, now
we can also use them in operations.
---
 ebpfcat/ebpf.py      | 10 ++++++++--
 ebpfcat/ebpf_test.py | 11 ++++++++++-
 2 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/ebpfcat/ebpf.py b/ebpfcat/ebpf.py
index d0a5d05..39abe09 100644
--- a/ebpfcat/ebpf.py
+++ b/ebpfcat/ebpf.py
@@ -579,9 +579,15 @@ class Binary(Expression):
                         + Opcode.LONG * ((r_long or l_long)
                                          if long is None else long),
                         dst, src, 0, 0)
-            else:
+            elif -0x80000000 <= self.right < 0x100000000:
                 self.ebpf.append(self.operator + Opcode.LONG * long,
                                  dst, 0, 0, self.right)
+            else:
+                with self.ebpf.get_free_register(None) as src:
+                    self.ebpf._load_value(src, self.right)
+                    self.ebpf.append(
+                        self.operator + Opcode.REG + Opcode.LONG,
+                        dst, src, 0, 0)
             if orig_dst is None or orig_dst == dst:
                 yield dst, long
                 return
@@ -1203,7 +1209,7 @@ class EBPF:
         raise AssembleError("not enough registers")
 
     def _load_value(self, no, value):
-        if -0x80000000 <= value < 0x80000000:
+        if -0x80000000 <= value < 0x100000000:
             self.append(Opcode.MOV + Opcode.LONG, no, 0, 0, value)
         else:
             self.append(Opcode.DW, no, 0, 0, value & 0xffffffff)
diff --git a/ebpfcat/ebpf_test.py b/ebpfcat/ebpf_test.py
index a4c33e6..19fadf2 100644
--- a/ebpfcat/ebpf_test.py
+++ b/ebpfcat/ebpf_test.py
@@ -487,11 +487,20 @@ class Tests(TestCase):
         e = EBPF()
         e.r3 = 0x1234567890
         e.r4 = e.get_fd(7)
+        e.r3 = e.r4 + 0x1234567890
+        e.r3 = 0x90000000
+
         self.assertEqual(e.opcodes, [
             Instruction(opcode=24, dst=3, src=0, off=0, imm=878082192),
             Instruction(opcode=0, dst=0, src=0, off=0, imm=18),
             Instruction(opcode=24, dst=4, src=1, off=0, imm=7),
-            Instruction(opcode=0, dst=0, src=0, off=0, imm=0)])
+            Instruction(opcode=0, dst=0, src=0, off=0, imm=0),
+            Instruction(opcode=O.REG+O.LONG+O.MOV, dst=3, src=4, off=0, imm=0),
+            Instruction(opcode=O.DW, dst=0, src=0, off=0, imm=878082192),
+            Instruction(opcode=O.W, dst=0, src=0, off=0, imm=18),
+            Instruction(opcode=O.LONG+O.REG+O.ADD, dst=3, src=0, off=0, imm=0),
+            Instruction(opcode=O.LONG+O.MOV, dst=3, src=0, off=0, imm=2415919104),
+        ])
 
     def test_simple_binary(self):
         e = EBPF()
-- 
GitLab