]> The Tcpdump Group git mirrors - libpcap/blob - gencode.c
projects / libpcap / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
From Krzysztof Halasa <[email protected]>:
[libpcap] / gencode.c
1 /*#define CHASE_CHAIN*/
2 /*
3 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998
4 * The Regents of the University of California. All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that: (1) source code distributions
8 * retain the above copyright notice and this paragraph in its entirety, (2)
9 * distributions including binary code include the above copyright notice and
10 * this paragraph in its entirety in the documentation or other materials
11 * provided with the distribution, and (3) all advertising materials mentioning
12 * features or use of this software display the following acknowledgement:
13 * ``This product includes software developed by the University of California,
14 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
15 * the University nor the names of its contributors may be used to endorse
16 * or promote products derived from this software without specific prior
17 * written permission.
18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
19 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
20 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
21 */
22 #ifndef lint
23 static const char rcsid[] =
24 "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.193 2003-08-18 22:09:30 guy Exp $ (LBL)";
25 #endif
26
27 #ifdef HAVE_CONFIG_H
28 #include "config.h"
29 #endif
30
31 #ifdef WIN32
32 #include <pcap-stdinc.h>
33 #else /* WIN32 */
34 #include <sys/types.h>
35 #include <sys/socket.h>
36 #include <sys/time.h>
37 #endif /* WIN32 */
38
39 /*
40 * XXX - why was this included even on UNIX?
41 */
42 #ifdef __MINGW32__
43 #include "IP6_misc.h"
44 #endif
45
46 #ifndef WIN32
47
48 #ifdef __NetBSD__
49 #include <sys/param.h>
50 #endif
51
52 #include <netinet/in.h>
53
54 #endif /* WIN32 */
55
56 #include <stdlib.h>
57 #include <string.h>
58 #include <memory.h>
59 #include <setjmp.h>
60 #include <stdarg.h>
61
62 #include "pcap-int.h"
63
64 #include "ethertype.h"
65 #include "nlpid.h"
66 #include "llc.h"
67 #include "gencode.h"
68 #include "atmuni31.h"
69 #include "sunatmpos.h"
70 #include "ppp.h"
71 #include "sll.h"
72 #include "arcnet.h"
73 #include "pf.h"
74 #ifdef INET6
75 #ifndef WIN32
76 #include <netdb.h> /* for "struct addrinfo" */
77 #endif /* WIN32 */
78 #endif /*INET6*/
79 #include <pcap-namedb.h>
80
81 #define ETHERMTU 1500
82
83 #ifndef IPPROTO_SCTP
84 #define IPPROTO_SCTP 132
85 #endif
86
87 #ifdef HAVE_OS_PROTO_H
88 #include "os-proto.h"
89 #endif
90
91 #define JMP(c) ((c)|BPF_JMP|BPF_K)
92
93 /* Locals */
94 static jmp_buf top_ctx;
95 static pcap_t *bpf_pcap;
96
97 /* Hack for updating VLAN offsets. */
98 static u_int orig_linktype = -1, orig_nl = -1, orig_nl_nosnap = -1;
99
100 /* XXX */
101 #ifdef PCAP_FDDIPAD
102 int pcap_fddipad = PCAP_FDDIPAD;
103 #else
104 int pcap_fddipad;
105 #endif
106
107 /* VARARGS */
108 void
109 bpf_error(const char *fmt, ...)
110
111 {
112 va_list ap;
113
114 va_start(ap, fmt);
115 if (bpf_pcap != NULL)
116 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE,
117 fmt, ap);
118 va_end(ap);
119 longjmp(top_ctx, 1);
120 /* NOTREACHED */
121 }
122
123 static void init_linktype(int);
124
125 static int alloc_reg(void);
126 static void free_reg(int);
127
128 static struct block *root;
129
130 /*
131 * We divy out chunks of memory rather than call malloc each time so
132 * we don't have to worry about leaking memory. It's probably
133 * not a big deal if all this memory was wasted but it this ever
134 * goes into a library that would probably not be a good idea.
135 */
136 #define NCHUNKS 16
137 #define CHUNK0SIZE 1024
138 struct chunk {
139 u_int n_left;
140 void *m;
141 };
142
143 static struct chunk chunks[NCHUNKS];
144 static int cur_chunk;
145
146 static void *newchunk(u_int);
147 static void freechunks(void);
148 static inline struct block *new_block(int);
149 static inline struct slist *new_stmt(int);
150 static struct block *gen_retblk(int);
151 static inline void syntax(void);
152
153 static void backpatch(struct block *, struct block *);
154 static void merge(struct block *, struct block *);
155 static struct block *gen_cmp(u_int, u_int, bpf_int32);
156 static struct block *gen_cmp_gt(u_int, u_int, bpf_int32);
157 static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32);
158 static struct block *gen_bcmp(u_int, u_int, const u_char *);
159 static struct block *gen_ncmp(bpf_u_int32, bpf_u_int32, bpf_u_int32,
160 bpf_u_int32, bpf_u_int32, int);
161 static struct block *gen_uncond(int);
162 static inline struct block *gen_true(void);
163 static inline struct block *gen_false(void);
164 static struct block *gen_ether_linktype(int);
165 static struct block *gen_linktype(int);
166 static struct block *gen_snap(bpf_u_int32, bpf_u_int32, u_int);
167 static struct block *gen_llc(int);
168 static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int);
169 #ifdef INET6
170 static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int);
171 #endif
172 static struct block *gen_ahostop(const u_char *, int);
173 static struct block *gen_ehostop(const u_char *, int);
174 static struct block *gen_fhostop(const u_char *, int);
175 static struct block *gen_thostop(const u_char *, int);
176 static struct block *gen_wlanhostop(const u_char *, int);
177 static struct block *gen_ipfchostop(const u_char *, int);
178 static struct block *gen_dnhostop(bpf_u_int32, int, u_int);
179 static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int);
180 #ifdef INET6
181 static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int);
182 #endif
183 #ifndef INET6
184 static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int);
185 #endif
186 static struct block *gen_ipfrag(void);
187 static struct block *gen_portatom(int, bpf_int32);
188 #ifdef INET6
189 static struct block *gen_portatom6(int, bpf_int32);
190 #endif
191 struct block *gen_portop(int, int, int);
192 static struct block *gen_port(int, int, int);
193 #ifdef INET6
194 struct block *gen_portop6(int, int, int);
195 static struct block *gen_port6(int, int, int);
196 #endif
197 static int lookup_proto(const char *, int);
198 static struct block *gen_protochain(int, int, int);
199 static struct block *gen_proto(int, int, int);
200 static struct slist *xfer_to_x(struct arth *);
201 static struct slist *xfer_to_a(struct arth *);
202 static struct block *gen_mac_multicast(int);
203 static struct block *gen_len(int, int);
204
205 static struct block *gen_msg_abbrev(int type);
206
207 static void *
208 newchunk(n)
209 u_int n;
210 {
211 struct chunk *cp;
212 int k;
213 size_t size;
214
215 #ifndef __NetBSD__
216 /* XXX Round up to nearest long. */
217 n = (n + sizeof(long) - 1) & ~(sizeof(long) - 1);
218 #else
219 /* XXX Round up to structure boundary. */
220 n = ALIGN(n);
221 #endif
222
223 cp = &chunks[cur_chunk];
224 if (n > cp->n_left) {
225 ++cp, k = ++cur_chunk;
226 if (k >= NCHUNKS)
227 bpf_error("out of memory");
228 size = CHUNK0SIZE << k;
229 cp->m = (void *)malloc(size);
230 if (cp->m == NULL)
231 bpf_error("out of memory");
232 memset((char *)cp->m, 0, size);
233 cp->n_left = size;
234 if (n > size)
235 bpf_error("out of memory");
236 }
237 cp->n_left -= n;
238 return (void *)((char *)cp->m + cp->n_left);
239 }
240
241 static void
242 freechunks()
243 {
244 int i;
245
246 cur_chunk = 0;
247 for (i = 0; i < NCHUNKS; ++i)
248 if (chunks[i].m != NULL) {
249 free(chunks[i].m);
250 chunks[i].m = NULL;
251 }
252 }
253
254 /*
255 * A strdup whose allocations are freed after code generation is over.
256 */
257 char *
258 sdup(s)
259 register const char *s;
260 {
261 int n = strlen(s) + 1;
262 char *cp = newchunk(n);
263
264 strlcpy(cp, s, n);
265 return (cp);
266 }
267
268 static inline struct block *
269 new_block(code)
270 int code;
271 {
272 struct block *p;
273
274 p = (struct block *)newchunk(sizeof(*p));
275 p->s.code = code;
276 p->head = p;
277
278 return p;
279 }
280
281 static inline struct slist *
282 new_stmt(code)
283 int code;
284 {
285 struct slist *p;
286
287 p = (struct slist *)newchunk(sizeof(*p));
288 p->s.code = code;
289
290 return p;
291 }
292
293 static struct block *
294 gen_retblk(v)
295 int v;
296 {
297 struct block *b = new_block(BPF_RET|BPF_K);
298
299 b->s.k = v;
300 return b;
301 }
302
303 static inline void
304 syntax()
305 {
306 bpf_error("syntax error in filter expression");
307 }
308
309 static bpf_u_int32 netmask;
310 static int snaplen;
311 int no_optimize;
312
313 int
314 pcap_compile(pcap_t *p, struct bpf_program *program,
315 char *buf, int optimize, bpf_u_int32 mask)
316 {
317 extern int n_errors;
318 int len;
319
320 no_optimize = 0;
321 n_errors = 0;
322 root = NULL;
323 bpf_pcap = p;
324 if (setjmp(top_ctx)) {
325 lex_cleanup();
326 freechunks();
327 return (-1);
328 }
329
330 netmask = mask;
331
332 snaplen = pcap_snapshot(p);
333 if (snaplen == 0) {
334 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
335 "snaplen of 0 rejects all packets");
336 return -1;
337 }
338
339 lex_init(buf ? buf : "");
340 init_linktype(pcap_datalink(p));
341 (void)pcap_parse();
342
343 if (n_errors)
344 syntax();
345
346 if (root == NULL)
347 root = gen_retblk(snaplen);
348
349 if (optimize && !no_optimize) {
350 bpf_optimize(&root);
351 if (root == NULL ||
352 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0))
353 bpf_error("expression rejects all packets");
354 }
355 program->bf_insns = icode_to_fcode(root, &len);
356 program->bf_len = len;
357
358 lex_cleanup();
359 freechunks();
360 return (0);
361 }
362
363 /*
364 * entry point for using the compiler with no pcap open
365 * pass in all the stuff that is needed explicitly instead.
366 */
367 int
368 pcap_compile_nopcap(int snaplen_arg, int linktype_arg,
369 struct bpf_program *program,
370 char *buf, int optimize, bpf_u_int32 mask)
371 {
372 pcap_t *p;
373 int ret;
374
375 p = pcap_open_dead(linktype_arg, snaplen_arg);
376 if (p == NULL)
377 return (-1);
378 ret = pcap_compile(p, program, buf, optimize, mask);
379 pcap_close(p);
380 return (ret);
381 }
382
383 /*
384 * Clean up a "struct bpf_program" by freeing all the memory allocated
385 * in it.
386 */
387 void
388 pcap_freecode(struct bpf_program *program)
389 {
390 program->bf_len = 0;
391 if (program->bf_insns != NULL) {
392 free((char *)program->bf_insns);
393 program->bf_insns = NULL;
394 }
395 }
396
397 /*
398 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates
399 * which of the jt and jf fields has been resolved and which is a pointer
400 * back to another unresolved block (or nil). At least one of the fields
401 * in each block is already resolved.
402 */
403 static void
404 backpatch(list, target)
405 struct block *list, *target;
406 {
407 struct block *next;
408
409 while (list) {
410 if (!list->sense) {
411 next = JT(list);
412 JT(list) = target;
413 } else {
414 next = JF(list);
415 JF(list) = target;
416 }
417 list = next;
418 }
419 }
420
421 /*
422 * Merge the lists in b0 and b1, using the 'sense' field to indicate
423 * which of jt and jf is the link.
424 */
425 static void
426 merge(b0, b1)
427 struct block *b0, *b1;
428 {
429 register struct block **p = &b0;
430
431 /* Find end of list. */
432 while (*p)
433 p = !((*p)->sense) ? &JT(*p) : &JF(*p);
434
435 /* Concatenate the lists. */
436 *p = b1;
437 }
438
439 void
440 finish_parse(p)
441 struct block *p;
442 {
443 backpatch(p, gen_retblk(snaplen));
444 p->sense = !p->sense;
445 backpatch(p, gen_retblk(0));
446 root = p->head;
447 }
448
449 void
450 gen_and(b0, b1)
451 struct block *b0, *b1;
452 {
453 backpatch(b0, b1->head);
454 b0->sense = !b0->sense;
455 b1->sense = !b1->sense;
456 merge(b1, b0);
457 b1->sense = !b1->sense;
458 b1->head = b0->head;
459 }
460
461 void
462 gen_or(b0, b1)
463 struct block *b0, *b1;
464 {
465 b0->sense = !b0->sense;
466 backpatch(b0, b1->head);
467 b0->sense = !b0->sense;
468 merge(b1, b0);
469 b1->head = b0->head;
470 }
471
472 void
473 gen_not(b)
474 struct block *b;
475 {
476 b->sense = !b->sense;
477 }
478
479 static struct block *
480 gen_cmp(offset, size, v)
481 u_int offset, size;
482 bpf_int32 v;
483 {
484 struct slist *s;
485 struct block *b;
486
487 s = new_stmt(BPF_LD|BPF_ABS|size);
488 s->s.k = offset;
489
490 b = new_block(JMP(BPF_JEQ));
491 b->stmts = s;
492 b->s.k = v;
493
494 return b;
495 }
496
497 static struct block *
498 gen_cmp_gt(offset, size, v)
499 u_int offset, size;
500 bpf_int32 v;
501 {
502 struct slist *s;
503 struct block *b;
504
505 s = new_stmt(BPF_LD|BPF_ABS|size);
506 s->s.k = offset;
507
508 b = new_block(JMP(BPF_JGT));
509 b->stmts = s;
510 b->s.k = v;
511
512 return b;
513 }
514
515 static struct block *
516 gen_mcmp(offset, size, v, mask)
517 u_int offset, size;
518 bpf_int32 v;
519 bpf_u_int32 mask;
520 {
521 struct block *b = gen_cmp(offset, size, v);
522 struct slist *s;
523
524 if (mask != 0xffffffff) {
525 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
526 s->s.k = mask;
527 b->stmts->next = s;
528 }
529 return b;
530 }
531
532 static struct block *
533 gen_bcmp(offset, size, v)
534 register u_int offset, size;
535 register const u_char *v;
536 {
537 register struct block *b, *tmp;
538
539 b = NULL;
540 while (size >= 4) {
541 register const u_char *p = &v[size - 4];
542 bpf_int32 w = ((bpf_int32)p[0] << 24) |
543 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3];
544
545 tmp = gen_cmp(offset + size - 4, BPF_W, w);
546 if (b != NULL)
547 gen_and(b, tmp);
548 b = tmp;
549 size -= 4;
550 }
551 while (size >= 2) {
552 register const u_char *p = &v[size - 2];
553 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1];
554
555 tmp = gen_cmp(offset + size - 2, BPF_H, w);
556 if (b != NULL)
557 gen_and(b, tmp);
558 b = tmp;
559 size -= 2;
560 }
561 if (size > 0) {
562 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]);
563 if (b != NULL)
564 gen_and(b, tmp);
565 b = tmp;
566 }
567 return b;
568 }
569
570 static struct block *
571 gen_ncmp(datasize, offset, mask, jtype, jvalue, reverse)
572 bpf_u_int32 datasize, offset, mask, jtype, jvalue;
573 int reverse;
574 {
575 struct slist *s;
576 struct block *b;
577
578 s = new_stmt(BPF_LD|datasize|BPF_ABS);
579 s->s.k = offset;
580
581 if (mask != 0xffffffff) {
582 s->next = new_stmt(BPF_ALU|BPF_AND|BPF_K);
583 s->next->s.k = mask;
584 }
585
586 b = new_block(JMP(jtype));
587 b->stmts = s;
588 b->s.k = jvalue;
589 if (reverse && (jtype == BPF_JGT || jtype == BPF_JGE))
590 gen_not(b);
591 return b;
592 }
593
594 /*
595 * Various code constructs need to know the layout of the data link
596 * layer. These variables give the necessary offsets.
597 */
598
599 /*
600 * This is the offset of the beginning of the MAC-layer header.
601 * It's usually 0, except for ATM LANE.
602 */
603 static u_int off_mac;
604
605 /*
606 * "off_linktype" is the offset to information in the link-layer header
607 * giving the packet type.
608 *
609 * For Ethernet, it's the offset of the Ethernet type field.
610 *
611 * For link-layer types that always use 802.2 headers, it's the
612 * offset of the LLC header.
613 *
614 * For PPP, it's the offset of the PPP type field.
615 *
616 * For Cisco HDLC, it's the offset of the CHDLC type field.
617 *
618 * For BSD loopback, it's the offset of the AF_ value.
619 *
620 * For Linux cooked sockets, it's the offset of the type field.
621 *
622 * It's set to -1 for no encapsulation, in which case, IP is assumed.
623 */
624 static u_int off_linktype;
625
626 /*
627 * TRUE if the link layer includes an ATM pseudo-header.
628 */
629 static int is_atm = 0;
630
631 /*
632 * TRUE if "lane" appeared in the filter; it causes us to generate
633 * code that assumes LANE rather than LLC-encapsulated traffic in SunATM.
634 */
635 static int is_lane = 0;
636
637 /*
638 * These are offsets for the ATM pseudo-header.
639 */
640 static u_int off_vpi;
641 static u_int off_vci;
642 static u_int off_proto;
643
644 /*
645 * This is the offset of the first byte after the ATM pseudo_header,
646 * or -1 if there is no ATM pseudo-header.
647 */
648 static u_int off_payload;
649
650 /*
651 * These are offsets to the beginning of the network-layer header.
652 *
653 * If the link layer never uses 802.2 LLC:
654 *
655 * "off_nl" and "off_nl_nosnap" are the same.
656 *
657 * If the link layer always uses 802.2 LLC:
658 *
659 * "off_nl" is the offset if there's a SNAP header following
660 * the 802.2 header;
661 *
662 * "off_nl_nosnap" is the offset if there's no SNAP header.
663 *
664 * If the link layer is Ethernet:
665 *
666 * "off_nl" is the offset if the packet is an Ethernet II packet
667 * (we assume no 802.3+802.2+SNAP);
668 *
669 * "off_nl_nosnap" is the offset if the packet is an 802.3 packet
670 * with an 802.2 header following it.
671 */
672 static u_int off_nl;
673 static u_int off_nl_nosnap;
674
675 static int linktype;
676
677 static void
678 init_linktype(type)
679 int type;
680 {
681 linktype = type;
682
683 /*
684 * Assume it's not raw ATM with a pseudo-header, for now.
685 */
686 off_mac = 0;
687 is_atm = 0;
688 is_lane = 0;
689 off_vpi = -1;
690 off_vci = -1;
691 off_proto = -1;
692 off_payload = -1;
693
694 orig_linktype = -1;
695 orig_nl = -1;
696 orig_nl_nosnap = -1;
697
698 switch (type) {
699
700 case DLT_ARCNET:
701 off_linktype = 2;
702 off_nl = 6; /* XXX in reality, variable! */
703 off_nl_nosnap = 6; /* no 802.2 LLC */
704 return;
705
706 case DLT_ARCNET_LINUX:
707 off_linktype = 4;
708 off_nl = 8; /* XXX in reality, variable! */
709 off_nl_nosnap = 8; /* no 802.2 LLC */
710 return;
711
712 case DLT_EN10MB:
713 off_linktype = 12;
714 off_nl = 14; /* Ethernet II */
715 off_nl_nosnap = 17; /* 802.3+802.2 */
716 return;
717
718 case DLT_SLIP:
719 /*
720 * SLIP doesn't have a link level type. The 16 byte
721 * header is hacked into our SLIP driver.
722 */
723 off_linktype = -1;
724 off_nl = 16;
725 off_nl_nosnap = 16; /* no 802.2 LLC */
726 return;
727
728 case DLT_SLIP_BSDOS:
729 /* XXX this may be the same as the DLT_PPP_BSDOS case */
730 off_linktype = -1;
731 /* XXX end */
732 off_nl = 24;
733 off_nl_nosnap = 24; /* no 802.2 LLC */
734 return;
735
736 case DLT_NULL:
737 case DLT_LOOP:
738 off_linktype = 0;
739 off_nl = 4;
740 off_nl_nosnap = 4; /* no 802.2 LLC */
741 return;
742
743 case DLT_ENC:
744 off_linktype = 0;
745 off_nl = 12;
746 off_nl_nosnap = 12; /* no 802.2 LLC */
747 return;
748
749 case DLT_PFLOG:
750 off_linktype = 0;
751 off_nl = 28;
752 off_nl_nosnap = 28; /* no 802.2 LLC */
753 return;
754
755 case DLT_PPP:
756 case DLT_C_HDLC: /* BSD/OS Cisco HDLC */
757 case DLT_PPP_SERIAL: /* NetBSD sync/async serial PPP */
758 off_linktype = 2;
759 off_nl = 4;
760 off_nl_nosnap = 4; /* no 802.2 LLC */
761 return;
762
763 case DLT_PPP_ETHER:
764 /*
765 * This does no include the Ethernet header, and
766 * only covers session state.
767 */
768 off_linktype = 6;
769 off_nl = 8;
770 off_nl_nosnap = 8; /* no 802.2 LLC */
771 return;
772
773 case DLT_PPP_BSDOS:
774 off_linktype = 5;
775 off_nl = 24;
776 off_nl_nosnap = 24; /* no 802.2 LLC */
777 return;
778
779 case DLT_FDDI:
780 /*
781 * FDDI doesn't really have a link-level type field.
782 * We set "off_linktype" to the offset of the LLC header.
783 *
784 * To check for Ethernet types, we assume that SSAP = SNAP
785 * is being used and pick out the encapsulated Ethernet type.
786 * XXX - should we generate code to check for SNAP?
787 */
788 off_linktype = 13;
789 #ifdef PCAP_FDDIPAD
790 off_linktype += pcap_fddipad;
791 #endif
792 off_nl = 21; /* FDDI+802.2+SNAP */
793 off_nl_nosnap = 16; /* FDDI+802.2 */
794 #ifdef PCAP_FDDIPAD
795 off_nl += pcap_fddipad;
796 off_nl_nosnap += pcap_fddipad;
797 #endif
798 return;
799
800 case DLT_IEEE802:
801 /*
802 * Token Ring doesn't really have a link-level type field.
803 * We set "off_linktype" to the offset of the LLC header.
804 *
805 * To check for Ethernet types, we assume that SSAP = SNAP
806 * is being used and pick out the encapsulated Ethernet type.
807 * XXX - should we generate code to check for SNAP?
808 *
809 * XXX - the header is actually variable-length.
810 * Some various Linux patched versions gave 38
811 * as "off_linktype" and 40 as "off_nl"; however,
812 * if a token ring packet has *no* routing
813 * information, i.e. is not source-routed, the correct
814 * values are 20 and 22, as they are in the vanilla code.
815 *
816 * A packet is source-routed iff the uppermost bit
817 * of the first byte of the source address, at an
818 * offset of 8, has the uppermost bit set. If the
819 * packet is source-routed, the total number of bytes
820 * of routing information is 2 plus bits 0x1F00 of
821 * the 16-bit value at an offset of 14 (shifted right
822 * 8 - figure out which byte that is).
823 */
824 off_linktype = 14;
825 off_nl = 22; /* Token Ring+802.2+SNAP */
826 off_nl_nosnap = 17; /* Token Ring+802.2 */
827 return;
828
829 case DLT_IEEE802_11:
830 /*
831 * 802.11 doesn't really have a link-level type field.
832 * We set "off_linktype" to the offset of the LLC header.
833 *
834 * To check for Ethernet types, we assume that SSAP = SNAP
835 * is being used and pick out the encapsulated Ethernet type.
836 * XXX - should we generate code to check for SNAP?
837 *
838 * XXX - the header is actually variable-length. We
839 * assume a 24-byte link-layer header, as appears in
840 * data frames in networks with no bridges.
841 */
842 off_linktype = 24;
843 off_nl = 32; /* 802.11+802.2+SNAP */
844 off_nl_nosnap = 27; /* 802.11+802.2 */
845 return;
846
847 case DLT_PRISM_HEADER:
848 /*
849 * Same as 802.11, but with an additional header before
850 * the 802.11 header, containing a bunch of additional
851 * information including radio-level information.
852 *
853 * The header is 144 bytes long.
854 *
855 * XXX - same variable-length header problem; at least
856 * the Prism header is fixed-length.
857 */
858 off_linktype = 144+24;
859 off_nl = 144+32; /* Prism+802.11+802.2+SNAP */
860 off_nl_nosnap = 144+27; /* Prism+802.11+802.2 */
861 return;
862
863 case DLT_IEEE802_11_RADIO:
864 /*
865 * Same as 802.11, but with an additional header before
866 * the 802.11 header, containing a bunch of additional
867 * information including radio-level information.
868 *
869 * The header is 64 bytes long.
870 *
871 * XXX - same variable-length header problem, only
872 * more so; this header is also variable-length,
873 * with the length being the 32-bit big-endian
874 * number at an offset of 4 from the beginning
875 * of the radio header.
876 */
877 off_linktype = 64+24;
878 off_nl = 64+32; /* Radio+802.11+802.2+SNAP */
879 off_nl_nosnap = 64+27; /* Radio+802.11+802.2 */
880 return;
881
882 case DLT_ATM_RFC1483:
883 case DLT_ATM_CLIP: /* Linux ATM defines this */
884 /*
885 * assume routed, non-ISO PDUs
886 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00)
887 */
888 off_linktype = 0;
889 off_nl = 8; /* 802.2+SNAP */
890 off_nl_nosnap = 3; /* 802.2 */
891 return;
892
893 case DLT_SUNATM:
894 /*
895 * Full Frontal ATM; you get AALn PDUs with an ATM
896 * pseudo-header.
897 */
898 is_atm = 1;
899 off_vpi = SUNATM_VPI_POS;
900 off_vci = SUNATM_VCI_POS;
901 off_proto = PROTO_POS;
902 off_mac = -1; /* LLC-encapsulated, so no MAC-layer header */
903 off_payload = SUNATM_PKT_BEGIN_POS;
904 off_linktype = off_payload;
905 off_nl = off_payload+8; /* 802.2+SNAP */
906 off_nl_nosnap = off_payload+3; /* 802.2 */
907 return;
908
909 case DLT_RAW:
910 off_linktype = -1;
911 off_nl = 0;
912 off_nl_nosnap = 0; /* no 802.2 LLC */
913 return;
914
915 case DLT_LINUX_SLL: /* fake header for Linux cooked socket */
916 off_linktype = 14;
917 off_nl = 16;
918 off_nl_nosnap = 16; /* no 802.2 LLC */
919 return;
920
921 case DLT_LTALK:
922 /*
923 * LocalTalk does have a 1-byte type field in the LLAP header,
924 * but really it just indicates whether there is a "short" or
925 * "long" DDP packet following.
926 */
927 off_linktype = -1;
928 off_nl = 0;
929 off_nl_nosnap = 0; /* no 802.2 LLC */
930 return;
931
932 case DLT_IP_OVER_FC:
933 /*
934 * RFC 2625 IP-over-Fibre-Channel doesn't really have a
935 * link-level type field. We set "off_linktype" to the
936 * offset of the LLC header.
937 *
938 * To check for Ethernet types, we assume that SSAP = SNAP
939 * is being used and pick out the encapsulated Ethernet type.
940 * XXX - should we generate code to check for SNAP? RFC
941 * 2625 says SNAP should be used.
942 */
943 off_linktype = 16;
944 off_nl = 24; /* IPFC+802.2+SNAP */
945 off_nl_nosnap = 19; /* IPFC+802.2 */
946 return;
947
948 case DLT_FRELAY:
949 /*
950 * XXX - we should set this to handle SNAP-encapsulated
951 * frames (NLPID of 0x80).
952 */
953 off_linktype = -1;
954 off_nl = 0;
955 off_nl_nosnap = 0; /* no 802.2 LLC */
956 return;
957 }
958 bpf_error("unknown data link type %d", linktype);
959 /* NOTREACHED */
960 }
961
962 static struct block *
963 gen_uncond(rsense)
964 int rsense;
965 {
966 struct block *b;
967 struct slist *s;
968
969 s = new_stmt(BPF_LD|BPF_IMM);
970 s->s.k = !rsense;
971 b = new_block(JMP(BPF_JEQ));
972 b->stmts = s;
973
974 return b;
975 }
976
977 static inline struct block *
978 gen_true()
979 {
980 return gen_uncond(1);
981 }
982
983 static inline struct block *
984 gen_false()
985 {
986 return gen_uncond(0);
987 }
988
989 /*
990 * Byte-swap a 32-bit number.
991 * ("htonl()" or "ntohl()" won't work - we want to byte-swap even on
992 * big-endian platforms.)
993 */
994 #define SWAPLONG(y) \
995 ((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff))
996
997 static struct block *
998 gen_ether_linktype(proto)
999 register int proto;
1000 {
1001 struct block *b0, *b1;
1002
1003 switch (proto) {
1004
1005 case LLCSAP_ISONS:
1006 /*
1007 * OSI protocols always use 802.2 encapsulation.
1008 * XXX - should we check both the DSAP and the
1009 * SSAP, like this, or should we check just the
1010 * DSAP?
1011 */
1012 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1013 gen_not(b0);
1014 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1015 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
1016 gen_and(b0, b1);
1017 return b1;
1018
1019 case LLCSAP_IP:
1020 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1021 gen_not(b0);
1022 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1023 ((LLCSAP_IP << 8) | LLCSAP_IP));
1024 gen_and(b0, b1);
1025 return b1;
1026
1027 case LLCSAP_NETBEUI:
1028 /*
1029 * NetBEUI always uses 802.2 encapsulation.
1030 * XXX - should we check both the DSAP and the
1031 * SSAP, like this, or should we check just the
1032 * DSAP?
1033 */
1034 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1035 gen_not(b0);
1036 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1037 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
1038 gen_and(b0, b1);
1039 return b1;
1040
1041 case LLCSAP_IPX:
1042 /*
1043 * Check for;
1044 *
1045 * Ethernet_II frames, which are Ethernet
1046 * frames with a frame type of ETHERTYPE_IPX;
1047 *
1048 * Ethernet_802.3 frames, which are 802.3
1049 * frames (i.e., the type/length field is
1050 * a length field, <= ETHERMTU, rather than
1051 * a type field) with the first two bytes
1052 * after the Ethernet/802.3 header being
1053 * 0xFFFF;
1054 *
1055 * Ethernet_802.2 frames, which are 802.3
1056 * frames with an 802.2 LLC header and
1057 * with the IPX LSAP as the DSAP in the LLC
1058 * header;
1059 *
1060 * Ethernet_SNAP frames, which are 802.3
1061 * frames with an LLC header and a SNAP
1062 * header and with an OUI of 0x000000
1063 * (encapsulated Ethernet) and a protocol
1064 * ID of ETHERTYPE_IPX in the SNAP header.
1065 *
1066 * XXX - should we generate the same code both
1067 * for tests for LLCSAP_IPX and for ETHERTYPE_IPX?
1068 */
1069
1070 /*
1071 * This generates code to check both for the
1072 * IPX LSAP (Ethernet_802.2) and for Ethernet_802.3.
1073 */
1074 b0 = gen_cmp(off_linktype + 2, BPF_B, (bpf_int32)LLCSAP_IPX);
1075 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)0xFFFF);
1076 gen_or(b0, b1);
1077
1078 /*
1079 * Now we add code to check for SNAP frames with
1080 * ETHERTYPE_IPX, i.e. Ethernet_SNAP.
1081 */
1082 b0 = gen_snap(0x000000, ETHERTYPE_IPX, 14);
1083 gen_or(b0, b1);
1084
1085 /*
1086 * Now we generate code to check for 802.3
1087 * frames in general.
1088 */
1089 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1090 gen_not(b0);
1091
1092 /*
1093 * Now add the check for 802.3 frames before the
1094 * check for Ethernet_802.2 and Ethernet_802.3,
1095 * as those checks should only be done on 802.3
1096 * frames, not on Ethernet frames.
1097 */
1098 gen_and(b0, b1);
1099
1100 /*
1101 * Now add the check for Ethernet_II frames, and
1102 * do that before checking for the other frame
1103 * types.
1104 */
1105 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)ETHERTYPE_IPX);
1106 gen_or(b0, b1);
1107 return b1;
1108
1109 case ETHERTYPE_ATALK:
1110 case ETHERTYPE_AARP:
1111 /*
1112 * EtherTalk (AppleTalk protocols on Ethernet link
1113 * layer) may use 802.2 encapsulation.
1114 */
1115
1116 /*
1117 * Check for 802.2 encapsulation (EtherTalk phase 2?);
1118 * we check for an Ethernet type field less than
1119 * 1500, which means it's an 802.3 length field.
1120 */
1121 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1122 gen_not(b0);
1123
1124 /*
1125 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1126 * SNAP packets with an organization code of
1127 * 0x080007 (Apple, for Appletalk) and a protocol
1128 * type of ETHERTYPE_ATALK (Appletalk).
1129 *
1130 * 802.2-encapsulated ETHERTYPE_AARP packets are
1131 * SNAP packets with an organization code of
1132 * 0x000000 (encapsulated Ethernet) and a protocol
1133 * type of ETHERTYPE_AARP (Appletalk ARP).
1134 */
1135 if (proto == ETHERTYPE_ATALK)
1136 b1 = gen_snap(0x080007, ETHERTYPE_ATALK, 14);
1137 else /* proto == ETHERTYPE_AARP */
1138 b1 = gen_snap(0x000000, ETHERTYPE_AARP, 14);
1139 gen_and(b0, b1);
1140
1141 /*
1142 * Check for Ethernet encapsulation (Ethertalk
1143 * phase 1?); we just check for the Ethernet
1144 * protocol type.
1145 */
1146 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1147
1148 gen_or(b0, b1);
1149 return b1;
1150
1151 default:
1152 if (proto <= ETHERMTU) {
1153 /*
1154 * This is an LLC SAP value, so the frames
1155 * that match would be 802.2 frames.
1156 * Check that the frame is an 802.2 frame
1157 * (i.e., that the length/type field is
1158 * a length field, <= ETHERMTU) and
1159 * then check the DSAP.
1160 */
1161 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1162 gen_not(b0);
1163 b1 = gen_cmp(off_linktype + 2, BPF_B, (bpf_int32)proto);
1164 gen_and(b0, b1);
1165 return b1;
1166 } else {
1167 /*
1168 * This is an Ethernet type, so compare
1169 * the length/type field with it (if
1170 * the frame is an 802.2 frame, the length
1171 * field will be <= ETHERMTU, and, as
1172 * "proto" is > ETHERMTU, this test
1173 * will fail and the frame won't match,
1174 * which is what we want).
1175 */
1176 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1177 }
1178 }
1179 }
1180
1181 static struct block *
1182 gen_linktype(proto)
1183 register int proto;
1184 {
1185 struct block *b0, *b1, *b2;
1186
1187 switch (linktype) {
1188
1189 case DLT_EN10MB:
1190 return gen_ether_linktype(proto);
1191 break;
1192
1193 case DLT_C_HDLC:
1194 switch (proto) {
1195
1196 case LLCSAP_ISONS:
1197 proto = (proto << 8 | LLCSAP_ISONS);
1198 /* fall through */
1199
1200 default:
1201 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1202 break;
1203 }
1204 break;
1205
1206 case DLT_IEEE802_11:
1207 case DLT_PRISM_HEADER:
1208 case DLT_IEEE802_11_RADIO:
1209 case DLT_FDDI:
1210 case DLT_IEEE802:
1211 case DLT_ATM_RFC1483:
1212 case DLT_ATM_CLIP:
1213 case DLT_IP_OVER_FC:
1214 return gen_llc(proto);
1215 break;
1216
1217 case DLT_SUNATM:
1218 /*
1219 * If "is_lane" is set, check for a LANE-encapsulated
1220 * version of this protocol, otherwise check for an
1221 * LLC-encapsulated version of this protocol.
1222 *
1223 * We assume LANE means Ethernet, not Token Ring.
1224 */
1225 if (is_lane) {
1226 /*
1227 * Check that the packet doesn't begin with an
1228 * LE Control marker. (We've already generated
1229 * a test for LANE.)
1230 */
1231 b0 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
1232 gen_not(b0);
1233
1234 /*
1235 * Now generate an Ethernet test.
1236 */
1237 b1 = gen_ether_linktype(proto);
1238 gen_and(b0, b1);
1239 return b1;
1240 } else {
1241 /*
1242 * Check for LLC encapsulation and then check the
1243 * protocol.
1244 */
1245 b0 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0);
1246 b1 = gen_llc(proto);
1247 gen_and(b0, b1);
1248 return b1;
1249 }
1250
1251 case DLT_LINUX_SLL:
1252 switch (proto) {
1253
1254 case LLCSAP_IP:
1255 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1256 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1257 ((LLCSAP_IP << 8) | LLCSAP_IP));
1258 gen_and(b0, b1);
1259 return b1;
1260
1261 case LLCSAP_ISONS:
1262 /*
1263 * OSI protocols always use 802.2 encapsulation.
1264 * XXX - should we check both the DSAP and the
1265 * LSAP, like this, or should we check just the
1266 * DSAP?
1267 */
1268 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1269 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1270 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
1271 gen_and(b0, b1);
1272 return b1;
1273
1274 case LLCSAP_NETBEUI:
1275 /*
1276 * NetBEUI always uses 802.2 encapsulation.
1277 * XXX - should we check both the DSAP and the
1278 * LSAP, like this, or should we check just the
1279 * DSAP?
1280 */
1281 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1282 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1283 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
1284 gen_and(b0, b1);
1285 return b1;
1286
1287 case LLCSAP_IPX:
1288 /*
1289 * Ethernet_II frames, which are Ethernet
1290 * frames with a frame type of ETHERTYPE_IPX;
1291 *
1292 * Ethernet_802.3 frames, which have a frame
1293 * type of LINUX_SLL_P_802_3;
1294 *
1295 * Ethernet_802.2 frames, which are 802.3
1296 * frames with an 802.2 LLC header (i.e, have
1297 * a frame type of LINUX_SLL_P_802_2) and
1298 * with the IPX LSAP as the DSAP in the LLC
1299 * header;
1300 *
1301 * Ethernet_SNAP frames, which are 802.3
1302 * frames with an LLC header and a SNAP
1303 * header and with an OUI of 0x000000
1304 * (encapsulated Ethernet) and a protocol
1305 * ID of ETHERTYPE_IPX in the SNAP header.
1306 *
1307 * First, do the checks on LINUX_SLL_P_802_2
1308 * frames; generate the check for either
1309 * Ethernet_802.2 or Ethernet_SNAP frames, and
1310 * then put a check for LINUX_SLL_P_802_2 frames
1311 * before it.
1312 */
1313 b0 = gen_cmp(off_linktype + 2, BPF_B,
1314 (bpf_int32)LLCSAP_IPX);
1315 b1 = gen_snap(0x000000, ETHERTYPE_IPX,
1316 off_linktype + 2);
1317 gen_or(b0, b1);
1318 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1319 gen_and(b0, b1);
1320
1321 /*
1322 * Now check for 802.3 frames and OR that with
1323 * the previous test.
1324 */
1325 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_3);
1326 gen_or(b0, b1);
1327
1328 /*
1329 * Now add the check for Ethernet_II frames, and
1330 * do that before checking for the other frame
1331 * types.
1332 */
1333 b0 = gen_cmp(off_linktype, BPF_H,
1334 (bpf_int32)ETHERTYPE_IPX);
1335 gen_or(b0, b1);
1336 return b1;
1337
1338 case ETHERTYPE_ATALK:
1339 case ETHERTYPE_AARP:
1340 /*
1341 * EtherTalk (AppleTalk protocols on Ethernet link
1342 * layer) may use 802.2 encapsulation.
1343 */
1344
1345 /*
1346 * Check for 802.2 encapsulation (EtherTalk phase 2?);
1347 * we check for the 802.2 protocol type in the
1348 * "Ethernet type" field.
1349 */
1350 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1351
1352 /*
1353 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1354 * SNAP packets with an organization code of
1355 * 0x080007 (Apple, for Appletalk) and a protocol
1356 * type of ETHERTYPE_ATALK (Appletalk).
1357 *
1358 * 802.2-encapsulated ETHERTYPE_AARP packets are
1359 * SNAP packets with an organization code of
1360 * 0x000000 (encapsulated Ethernet) and a protocol
1361 * type of ETHERTYPE_AARP (Appletalk ARP).
1362 */
1363 if (proto == ETHERTYPE_ATALK)
1364 b1 = gen_snap(0x080007, ETHERTYPE_ATALK,
1365 off_linktype + 2);
1366 else /* proto == ETHERTYPE_AARP */
1367 b1 = gen_snap(0x000000, ETHERTYPE_AARP,
1368 off_linktype + 2);
1369 gen_and(b0, b1);
1370
1371 /*
1372 * Check for Ethernet encapsulation (Ethertalk
1373 * phase 1?); we just check for the Ethernet
1374 * protocol type.
1375 */
1376 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1377
1378 gen_or(b0, b1);
1379 return b1;
1380
1381 default:
1382 if (proto <= ETHERMTU) {
1383 /*
1384 * This is an LLC SAP value, so the frames
1385 * that match would be 802.2 frames.
1386 * Check for the 802.2 protocol type
1387 * in the "Ethernet type" field, and
1388 * then check the DSAP.
1389 */
1390 b0 = gen_cmp(off_linktype, BPF_H,
1391 LINUX_SLL_P_802_2);
1392 b1 = gen_cmp(off_linktype + 2, BPF_B,
1393 (bpf_int32)proto);
1394 gen_and(b0, b1);
1395 return b1;
1396 } else {
1397 /*
1398 * This is an Ethernet type, so compare
1399 * the length/type field with it (if
1400 * the frame is an 802.2 frame, the length
1401 * field will be <= ETHERMTU, and, as
1402 * "proto" is > ETHERMTU, this test
1403 * will fail and the frame won't match,
1404 * which is what we want).
1405 */
1406 return gen_cmp(off_linktype, BPF_H,
1407 (bpf_int32)proto);
1408 }
1409 }
1410 break;
1411
1412 case DLT_SLIP:
1413 case DLT_SLIP_BSDOS:
1414 case DLT_RAW:
1415 /*
1416 * These types don't provide any type field; packets
1417 * are always IP.
1418 *
1419 * XXX - for IPv4, check for a version number of 4, and,
1420 * for IPv6, check for a version number of 6?
1421 */
1422 switch (proto) {
1423
1424 case ETHERTYPE_IP:
1425 #ifdef INET6
1426 case ETHERTYPE_IPV6:
1427 #endif
1428 return gen_true(); /* always true */
1429
1430 default:
1431 return gen_false(); /* always false */
1432 }
1433 break;
1434
1435 case DLT_PPP:
1436 case DLT_PPP_SERIAL:
1437 case DLT_PPP_ETHER:
1438 /*
1439 * We use Ethernet protocol types inside libpcap;
1440 * map them to the corresponding PPP protocol types.
1441 */
1442 switch (proto) {
1443
1444 case ETHERTYPE_IP:
1445 proto = PPP_IP;
1446 break;
1447
1448 #ifdef INET6
1449 case ETHERTYPE_IPV6:
1450 proto = PPP_IPV6;
1451 break;
1452 #endif
1453
1454 case ETHERTYPE_DN:
1455 proto = PPP_DECNET;
1456 break;
1457
1458 case ETHERTYPE_ATALK:
1459 proto = PPP_APPLE;
1460 break;
1461
1462 case ETHERTYPE_NS:
1463 proto = PPP_NS;
1464 break;
1465
1466 case LLCSAP_ISONS:
1467 proto = PPP_OSI;
1468 break;
1469
1470 case LLCSAP_8021D:
1471 /*
1472 * I'm assuming the "Bridging PDU"s that go
1473 * over PPP are Spanning Tree Protocol
1474 * Bridging PDUs.
1475 */
1476 proto = PPP_BRPDU;
1477 break;
1478
1479 case LLCSAP_IPX:
1480 proto = PPP_IPX;
1481 break;
1482 }
1483 break;
1484
1485 case DLT_PPP_BSDOS:
1486 /*
1487 * We use Ethernet protocol types inside libpcap;
1488 * map them to the corresponding PPP protocol types.
1489 */
1490 switch (proto) {
1491
1492 case ETHERTYPE_IP:
1493 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP);
1494 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC);
1495 gen_or(b0, b1);
1496 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC);
1497 gen_or(b1, b0);
1498 return b0;
1499
1500 #ifdef INET6
1501 case ETHERTYPE_IPV6:
1502 proto = PPP_IPV6;
1503 /* more to go? */
1504 break;
1505 #endif
1506
1507 case ETHERTYPE_DN:
1508 proto = PPP_DECNET;
1509 break;
1510
1511 case ETHERTYPE_ATALK:
1512 proto = PPP_APPLE;
1513 break;
1514
1515 case ETHERTYPE_NS:
1516 proto = PPP_NS;
1517 break;
1518
1519 case LLCSAP_ISONS:
1520 proto = PPP_OSI;
1521 break;
1522
1523 case LLCSAP_8021D:
1524 /*
1525 * I'm assuming the "Bridging PDU"s that go
1526 * over PPP are Spanning Tree Protocol
1527 * Bridging PDUs.
1528 */
1529 proto = PPP_BRPDU;
1530 break;
1531
1532 case LLCSAP_IPX:
1533 proto = PPP_IPX;
1534 break;
1535 }
1536 break;
1537
1538 case DLT_NULL:
1539 case DLT_LOOP:
1540 case DLT_ENC:
1541 case DLT_PFLOG:
1542 /*
1543 * For DLT_NULL, the link-layer header is a 32-bit
1544 * word containing an AF_ value in *host* byte order,
1545 * and for DLT_ENC, the link-layer header begins
1546 * with a 32-bit work containing an AF_ value in
1547 * host byte order.
1548 *
1549 * In addition, if we're reading a saved capture file,
1550 * the host byte order in the capture may not be the
1551 * same as the host byte order on this machine.
1552 *
1553 * For DLT_LOOP, the link-layer header is a 32-bit
1554 * word containing an AF_ value in *network* byte order.
1555 *
1556 * XXX - AF_ values may, unfortunately, be platform-
1557 * dependent; for example, FreeBSD's AF_INET6 is 24
1558 * whilst NetBSD's and OpenBSD's is 26.
1559 *
1560 * This means that, when reading a capture file, just
1561 * checking for our AF_INET6 value won't work if the
1562 * capture file came from another OS.
1563 *
1564 * XXX - what's the byte order for DLT_PFLOG?
1565 */
1566 switch (proto) {
1567
1568 case ETHERTYPE_IP:
1569 proto = AF_INET;
1570 break;
1571
1572 #ifdef INET6
1573 case ETHERTYPE_IPV6:
1574 proto = AF_INET6;
1575 break;
1576 #endif
1577
1578 default:
1579 /*
1580 * Not a type on which we support filtering.
1581 * XXX - support those that have AF_ values
1582 * #defined on this platform, at least?
1583 */
1584 return gen_false();
1585 }
1586
1587 if (linktype == DLT_NULL || linktype == DLT_ENC) {
1588 /*
1589 * The AF_ value is in host byte order, but
1590 * the BPF interpreter will convert it to
1591 * network byte order.
1592 *
1593 * If this is a save file, and it's from a
1594 * machine with the opposite byte order to
1595 * ours, we byte-swap the AF_ value.
1596 *
1597 * Then we run it through "htonl()", and
1598 * generate code to compare against the result.
1599 */
1600 if (bpf_pcap->sf.rfile != NULL &&
1601 bpf_pcap->sf.swapped)
1602 proto = SWAPLONG(proto);
1603 proto = htonl(proto);
1604 }
1605 return (gen_cmp(0, BPF_W, (bpf_int32)proto));
1606
1607 case DLT_ARCNET:
1608 case DLT_ARCNET_LINUX:
1609 /*
1610 * XXX should we check for first fragment if the protocol
1611 * uses PHDS?
1612 */
1613 switch (proto) {
1614
1615 default:
1616 return gen_false();
1617
1618 #ifdef INET6
1619 case ETHERTYPE_IPV6:
1620 return (gen_cmp(off_linktype, BPF_B,
1621 (bpf_int32)ARCTYPE_INET6));
1622 #endif /* INET6 */
1623
1624 case ETHERTYPE_IP:
1625 b0 = gen_cmp(off_linktype, BPF_B,
1626 (bpf_int32)ARCTYPE_IP);
1627 b1 = gen_cmp(off_linktype, BPF_B,
1628 (bpf_int32)ARCTYPE_IP_OLD);
1629 gen_or(b0, b1);
1630 return (b1);
1631
1632 case ETHERTYPE_ARP:
1633 b0 = gen_cmp(off_linktype, BPF_B,
1634 (bpf_int32)ARCTYPE_ARP);
1635 b1 = gen_cmp(off_linktype, BPF_B,
1636 (bpf_int32)ARCTYPE_ARP_OLD);
1637 gen_or(b0, b1);
1638 return (b1);
1639
1640 case ETHERTYPE_REVARP:
1641 return (gen_cmp(off_linktype, BPF_B,
1642 (bpf_int32)ARCTYPE_REVARP));
1643
1644 case ETHERTYPE_ATALK:
1645 return (gen_cmp(off_linktype, BPF_B,
1646 (bpf_int32)ARCTYPE_ATALK));
1647 }
1648 break;
1649
1650 case DLT_LTALK:
1651 switch (proto) {
1652 case ETHERTYPE_ATALK:
1653 return gen_true();
1654 default:
1655 return gen_false();
1656 }
1657 break;
1658
1659 case DLT_FRELAY:
1660 /*
1661 * XXX - assumes a 2-byte Frame Relay header with
1662 * DLCI and flags. What if the address is longer?
1663 */
1664 switch (proto) {
1665
1666 case ETHERTYPE_IP:
1667 /*
1668 * Check for the special NLPID for IP.
1669 */
1670 return gen_cmp(2, BPF_H, (0x03<<8) | 0xcc);
1671
1672 #ifdef INET6
1673 case ETHERTYPE_IPV6:
1674 /*
1675 * Check for the special NLPID for IPv6.
1676 */
1677 return gen_cmp(2, BPF_H, (0x03<<8) | 0x8e);
1678 #endif
1679
1680 case LLCSAP_ISONS:
1681 /*
1682 * Check for several OSI protocols.
1683 *
1684 * Frame Relay packets typically have an OSI
1685 * NLPID at the beginning; we check for each
1686 * of them.
1687 *
1688 * What we check for is the NLPID and a frame
1689 * control field of UI, i.e. 0x03 followed
1690 * by the NLPID.
1691 */
1692 b0 = gen_cmp(2, BPF_H, (0x03<<8) | ISO8473_CLNP);
1693 b1 = gen_cmp(2, BPF_H, (0x03<<8) | ISO9542_ESIS);
1694 b2 = gen_cmp(2, BPF_H, (0x03<<8) | ISO10589_ISIS);
1695 gen_or(b1, b2);
1696 gen_or(b0, b2);
1697 return b2;
1698
1699 default:
1700 return gen_false();
1701 }
1702 break;
1703 }
1704
1705 /*
1706 * All the types that have no encapsulation should either be
1707 * handled as DLT_SLIP, DLT_SLIP_BSDOS, and DLT_RAW are, if
1708 * all packets are IP packets, or should be handled in some
1709 * special case, if none of them are (if some are and some
1710 * aren't, the lack of encapsulation is a problem, as we'd
1711 * have to find some other way of determining the packet type).
1712 *
1713 * Therefore, if "off_linktype" is -1, there's an error.
1714 */
1715 if (off_linktype == (u_int)-1)
1716 abort();
1717
1718 /*
1719 * Any type not handled above should always have an Ethernet
1720 * type at an offset of "off_linktype". (PPP is partially
1721 * handled above - the protocol type is mapped from the
1722 * Ethernet and LLC types we use internally to the corresponding
1723 * PPP type - but the PPP type is always specified by a value
1724 * at "off_linktype", so we don't have to do the code generation
1725 * above.)
1726 */
1727 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1728 }
1729
1730 /*
1731 * Check for an LLC SNAP packet with a given organization code and
1732 * protocol type; we check the entire contents of the 802.2 LLC and
1733 * snap headers, checking for DSAP and SSAP of SNAP and a control
1734 * field of 0x03 in the LLC header, and for the specified organization
1735 * code and protocol type in the SNAP header.
1736 */
1737 static struct block *
1738 gen_snap(orgcode, ptype, offset)
1739 bpf_u_int32 orgcode;
1740 bpf_u_int32 ptype;
1741 u_int offset;
1742 {
1743 u_char snapblock[8];
1744
1745 snapblock[0] = LLCSAP_SNAP; /* DSAP = SNAP */
1746 snapblock[1] = LLCSAP_SNAP; /* SSAP = SNAP */
1747 snapblock[2] = 0x03; /* control = UI */
1748 snapblock[3] = (orgcode >> 16); /* upper 8 bits of organization code */
1749 snapblock[4] = (orgcode >> 8); /* middle 8 bits of organization code */
1750 snapblock[5] = (orgcode >> 0); /* lower 8 bits of organization code */
1751 snapblock[6] = (ptype >> 8); /* upper 8 bits of protocol type */
1752 snapblock[7] = (ptype >> 0); /* lower 8 bits of protocol type */
1753 return gen_bcmp(offset, 8, snapblock);
1754 }
1755
1756 /*
1757 * Check for a given protocol value assuming an 802.2 LLC header.
1758 */
1759 static struct block *
1760 gen_llc(proto)
1761 int proto;
1762 {
1763 /*
1764 * XXX - handle token-ring variable-length header.
1765 */
1766 switch (proto) {
1767
1768 case LLCSAP_IP:
1769 return gen_cmp(off_linktype, BPF_H, (long)
1770 ((LLCSAP_IP << 8) | LLCSAP_IP));
1771
1772 case LLCSAP_ISONS:
1773 return gen_cmp(off_linktype, BPF_H, (long)
1774 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
1775
1776 case LLCSAP_NETBEUI:
1777 return gen_cmp(off_linktype, BPF_H, (long)
1778 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
1779
1780 case LLCSAP_IPX:
1781 /*
1782 * XXX - are there ever SNAP frames for IPX on
1783 * non-Ethernet 802.x networks?
1784 */
1785 return gen_cmp(off_linktype, BPF_B, (bpf_int32)LLCSAP_IPX);
1786
1787 case ETHERTYPE_ATALK:
1788 /*
1789 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1790 * SNAP packets with an organization code of
1791 * 0x080007 (Apple, for Appletalk) and a protocol
1792 * type of ETHERTYPE_ATALK (Appletalk).
1793 *
1794 * XXX - check for an organization code of
1795 * encapsulated Ethernet as well?
1796 */
1797 return gen_snap(0x080007, ETHERTYPE_ATALK, off_linktype);
1798
1799 default:
1800 /*
1801 * XXX - we don't have to check for IPX 802.3
1802 * here, but should we check for the IPX Ethertype?
1803 */
1804 if (proto <= ETHERMTU) {
1805 /*
1806 * This is an LLC SAP value, so check
1807 * the DSAP.
1808 */
1809 return gen_cmp(off_linktype, BPF_B, (bpf_int32)proto);
1810 } else {
1811 /*
1812 * This is an Ethernet type; we assume that it's
1813 * unlikely that it'll appear in the right place
1814 * at random, and therefore check only the
1815 * location that would hold the Ethernet type
1816 * in a SNAP frame with an organization code of
1817 * 0x000000 (encapsulated Ethernet).
1818 *
1819 * XXX - if we were to check for the SNAP DSAP and
1820 * LSAP, as per XXX, and were also to check for an
1821 * organization code of 0x000000 (encapsulated
1822 * Ethernet), we'd do
1823 *
1824 * return gen_snap(0x000000, proto,
1825 * off_linktype);
1826 *
1827 * here; for now, we don't, as per the above.
1828 * I don't know whether it's worth the extra CPU
1829 * time to do the right check or not.
1830 */
1831 return gen_cmp(off_linktype+6, BPF_H, (bpf_int32)proto);
1832 }
1833 }
1834 }
1835
1836 static struct block *
1837 gen_hostop(addr, mask, dir, proto, src_off, dst_off)
1838 bpf_u_int32 addr;
1839 bpf_u_int32 mask;
1840 int dir, proto;
1841 u_int src_off, dst_off;
1842 {
1843 struct block *b0, *b1;
1844 u_int offset;
1845
1846 switch (dir) {
1847
1848 case Q_SRC:
1849 offset = src_off;
1850 break;
1851
1852 case Q_DST:
1853 offset = dst_off;
1854 break;
1855
1856 case Q_AND:
1857 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
1858 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
1859 gen_and(b0, b1);
1860 return b1;
1861
1862 case Q_OR:
1863 case Q_DEFAULT:
1864 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
1865 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
1866 gen_or(b0, b1);
1867 return b1;
1868
1869 default:
1870 abort();
1871 }
1872 b0 = gen_linktype(proto);
1873 b1 = gen_mcmp(offset, BPF_W, (bpf_int32)addr, mask);
1874 gen_and(b0, b1);
1875 return b1;
1876 }
1877
1878 #ifdef INET6
1879 static struct block *
1880 gen_hostop6(addr, mask, dir, proto, src_off, dst_off)
1881 struct in6_addr *addr;
1882 struct in6_addr *mask;
1883 int dir, proto;
1884 u_int src_off, dst_off;
1885 {
1886 struct block *b0, *b1;
1887 u_int offset;
1888 u_int32_t *a, *m;
1889
1890 switch (dir) {
1891
1892 case Q_SRC:
1893 offset = src_off;
1894 break;
1895
1896 case Q_DST:
1897 offset = dst_off;
1898 break;
1899
1900 case Q_AND:
1901 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
1902 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
1903 gen_and(b0, b1);
1904 return b1;
1905
1906 case Q_OR:
1907 case Q_DEFAULT:
1908 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
1909 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
1910 gen_or(b0, b1);
1911 return b1;
1912
1913 default:
1914 abort();
1915 }
1916 /* this order is important */
1917 a = (u_int32_t *)addr;
1918 m = (u_int32_t *)mask;
1919 b1 = gen_mcmp(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3]));
1920 b0 = gen_mcmp(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2]));
1921 gen_and(b0, b1);
1922 b0 = gen_mcmp(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1]));
1923 gen_and(b0, b1);
1924 b0 = gen_mcmp(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0]));
1925 gen_and(b0, b1);
1926 b0 = gen_linktype(proto);
1927 gen_and(b0, b1);
1928 return b1;
1929 }
1930 #endif /*INET6*/
1931
1932 static struct block *
1933 gen_ehostop(eaddr, dir)
1934 register const u_char *eaddr;
1935 register int dir;
1936 {
1937 register struct block *b0, *b1;
1938
1939 switch (dir) {
1940 case Q_SRC:
1941 return gen_bcmp(off_mac + 6, 6, eaddr);
1942
1943 case Q_DST:
1944 return gen_bcmp(off_mac + 0, 6, eaddr);
1945
1946 case Q_AND:
1947 b0 = gen_ehostop(eaddr, Q_SRC);
1948 b1 = gen_ehostop(eaddr, Q_DST);
1949 gen_and(b0, b1);
1950 return b1;
1951
1952 case Q_DEFAULT:
1953 case Q_OR:
1954 b0 = gen_ehostop(eaddr, Q_SRC);
1955 b1 = gen_ehostop(eaddr, Q_DST);
1956 gen_or(b0, b1);
1957 return b1;
1958 }
1959 abort();
1960 /* NOTREACHED */
1961 }
1962
1963 /*
1964 * Like gen_ehostop, but for DLT_FDDI
1965 */
1966 static struct block *
1967 gen_fhostop(eaddr, dir)
1968 register const u_char *eaddr;
1969 register int dir;
1970 {
1971 struct block *b0, *b1;
1972
1973 switch (dir) {
1974 case Q_SRC:
1975 #ifdef PCAP_FDDIPAD
1976 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr);
1977 #else
1978 return gen_bcmp(6 + 1, 6, eaddr);
1979 #endif
1980
1981 case Q_DST:
1982 #ifdef PCAP_FDDIPAD
1983 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr);
1984 #else
1985 return gen_bcmp(0 + 1, 6, eaddr);
1986 #endif
1987
1988 case Q_AND:
1989 b0 = gen_fhostop(eaddr, Q_SRC);
1990 b1 = gen_fhostop(eaddr, Q_DST);
1991 gen_and(b0, b1);
1992 return b1;
1993
1994 case Q_DEFAULT:
1995 case Q_OR:
1996 b0 = gen_fhostop(eaddr, Q_SRC);
1997 b1 = gen_fhostop(eaddr, Q_DST);
1998 gen_or(b0, b1);
1999 return b1;
2000 }
2001 abort();
2002 /* NOTREACHED */
2003 }
2004
2005 /*
2006 * Like gen_ehostop, but for DLT_IEEE802 (Token Ring)
2007 */
2008 static struct block *
2009 gen_thostop(eaddr, dir)
2010 register const u_char *eaddr;
2011 register int dir;
2012 {
2013 register struct block *b0, *b1;
2014
2015 switch (dir) {
2016 case Q_SRC:
2017 return gen_bcmp(8, 6, eaddr);
2018
2019 case Q_DST:
2020 return gen_bcmp(2, 6, eaddr);
2021
2022 case Q_AND:
2023 b0 = gen_thostop(eaddr, Q_SRC);
2024 b1 = gen_thostop(eaddr, Q_DST);
2025 gen_and(b0, b1);
2026 return b1;
2027
2028 case Q_DEFAULT:
2029 case Q_OR:
2030 b0 = gen_thostop(eaddr, Q_SRC);
2031 b1 = gen_thostop(eaddr, Q_DST);
2032 gen_or(b0, b1);
2033 return b1;
2034 }
2035 abort();
2036 /* NOTREACHED */
2037 }
2038
2039 /*
2040 * Like gen_ehostop, but for DLT_IEEE802_11 (802.11 wireless LAN)
2041 */
2042 static struct block *
2043 gen_wlanhostop(eaddr, dir)
2044 register const u_char *eaddr;
2045 register int dir;
2046 {
2047 register struct block *b0, *b1, *b2;
2048 register struct slist *s;
2049
2050 switch (dir) {
2051 case Q_SRC:
2052 /*
2053 * Oh, yuk.
2054 *
2055 * For control frames, there is no SA.
2056 *
2057 * For management frames, SA is at an
2058 * offset of 10 from the beginning of
2059 * the packet.
2060 *
2061 * For data frames, SA is at an offset
2062 * of 10 from the beginning of the packet
2063 * if From DS is clear, at an offset of
2064 * 16 from the beginning of the packet
2065 * if From DS is set and To DS is clear,
2066 * and an offset of 24 from the beginning
2067 * of the packet if From DS is set and To DS
2068 * is set.
2069 */
2070
2071 /*
2072 * Generate the tests to be done for data frames
2073 * with From DS set.
2074 *
2075 * First, check for To DS set, i.e. check "link[1] & 0x01".
2076 */
2077 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2078 s->s.k = 1;
2079 b1 = new_block(JMP(BPF_JSET));
2080 b1->s.k = 0x01; /* To DS */
2081 b1->stmts = s;
2082
2083 /*
2084 * If To DS is set, the SA is at 24.
2085 */
2086 b0 = gen_bcmp(24, 6, eaddr);
2087 gen_and(b1, b0);
2088
2089 /*
2090 * Now, check for To DS not set, i.e. check
2091 * "!(link[1] & 0x01)".
2092 */
2093 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2094 s->s.k = 1;
2095 b2 = new_block(JMP(BPF_JSET));
2096 b2->s.k = 0x01; /* To DS */
2097 b2->stmts = s;
2098 gen_not(b2);
2099
2100 /*
2101 * If To DS is not set, the SA is at 16.
2102 */
2103 b1 = gen_bcmp(16, 6, eaddr);
2104 gen_and(b2, b1);
2105
2106 /*
2107 * Now OR together the last two checks. That gives
2108 * the complete set of checks for data frames with
2109 * From DS set.
2110 */
2111 gen_or(b1, b0);
2112
2113 /*
2114 * Now check for From DS being set, and AND that with
2115 * the ORed-together checks.
2116 */
2117 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2118 s->s.k = 1;
2119 b1 = new_block(JMP(BPF_JSET));
2120 b1->s.k = 0x02; /* From DS */
2121 b1->stmts = s;
2122 gen_and(b1, b0);
2123
2124 /*
2125 * Now check for data frames with From DS not set.
2126 */
2127 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2128 s->s.k = 1;
2129 b2 = new_block(JMP(BPF_JSET));
2130 b2->s.k = 0x02; /* From DS */
2131 b2->stmts = s;
2132 gen_not(b2);
2133
2134 /*
2135 * If From DS isn't set, the SA is at 10.
2136 */
2137 b1 = gen_bcmp(10, 6, eaddr);
2138 gen_and(b2, b1);
2139
2140 /*
2141 * Now OR together the checks for data frames with
2142 * From DS not set and for data frames with From DS
2143 * set; that gives the checks done for data frames.
2144 */
2145 gen_or(b1, b0);
2146
2147 /*
2148 * Now check for a data frame.
2149 * I.e, check "link[0] & 0x08".
2150 */
2151 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2152 s->s.k = 0;
2153 b1 = new_block(JMP(BPF_JSET));
2154 b1->s.k = 0x08;
2155 b1->stmts = s;
2156
2157 /*
2158 * AND that with the checks done for data frames.
2159 */
2160 gen_and(b1, b0);
2161
2162 /*
2163 * If the high-order bit of the type value is 0, this
2164 * is a management frame.
2165 * I.e, check "!(link[0] & 0x08)".
2166 */
2167 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2168 s->s.k = 0;
2169 b2 = new_block(JMP(BPF_JSET));
2170 b2->s.k = 0x08;
2171 b2->stmts = s;
2172 gen_not(b2);
2173
2174 /*
2175 * For management frames, the SA is at 10.
2176 */
2177 b1 = gen_bcmp(10, 6, eaddr);
2178 gen_and(b2, b1);
2179
2180 /*
2181 * OR that with the checks done for data frames.
2182 * That gives the checks done for management and
2183 * data frames.
2184 */
2185 gen_or(b1, b0);
2186
2187 /*
2188 * If the low-order bit of the type value is 1,
2189 * this is either a control frame or a frame
2190 * with a reserved type, and thus not a
2191 * frame with an SA.
2192 *
2193 * I.e., check "!(link[0] & 0x04)".
2194 */
2195 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2196 s->s.k = 0;
2197 b1 = new_block(JMP(BPF_JSET));
2198 b1->s.k = 0x04;
2199 b1->stmts = s;
2200 gen_not(b1);
2201
2202 /*
2203 * AND that with the checks for data and management
2204 * frames.
2205 */
2206 gen_and(b1, b0);
2207 return b0;
2208
2209 case Q_DST:
2210 /*
2211 * Oh, yuk.
2212 *
2213 * For control frames, there is no DA.
2214 *
2215 * For management frames, DA is at an
2216 * offset of 4 from the beginning of
2217 * the packet.
2218 *
2219 * For data frames, DA is at an offset
2220 * of 4 from the beginning of the packet
2221 * if To DS is clear and at an offset of
2222 * 16 from the beginning of the packet
2223 * if To DS is set.
2224 */
2225
2226 /*
2227 * Generate the tests to be done for data frames.
2228 *
2229 * First, check for To DS set, i.e. "link[1] & 0x01".
2230 */
2231 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2232 s->s.k = 1;
2233 b1 = new_block(JMP(BPF_JSET));
2234 b1->s.k = 0x01; /* To DS */
2235 b1->stmts = s;
2236
2237 /*
2238 * If To DS is set, the DA is at 16.
2239 */
2240 b0 = gen_bcmp(16, 6, eaddr);
2241 gen_and(b1, b0);
2242
2243 /*
2244 * Now, check for To DS not set, i.e. check
2245 * "!(link[1] & 0x01)".
2246 */
2247 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2248 s->s.k = 1;
2249 b2 = new_block(JMP(BPF_JSET));
2250 b2->s.k = 0x01; /* To DS */
2251 b2->stmts = s;
2252 gen_not(b2);
2253
2254 /*
2255 * If To DS is not set, the DA is at 4.
2256 */
2257 b1 = gen_bcmp(4, 6, eaddr);
2258 gen_and(b2, b1);
2259
2260 /*
2261 * Now OR together the last two checks. That gives
2262 * the complete set of checks for data frames.
2263 */
2264 gen_or(b1, b0);
2265
2266 /*
2267 * Now check for a data frame.
2268 * I.e, check "link[0] & 0x08".
2269 */
2270 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2271 s->s.k = 0;
2272 b1 = new_block(JMP(BPF_JSET));
2273 b1->s.k = 0x08;
2274 b1->stmts = s;
2275
2276 /*
2277 * AND that with the checks done for data frames.
2278 */
2279 gen_and(b1, b0);
2280
2281 /*
2282 * If the high-order bit of the type value is 0, this
2283 * is a management frame.
2284 * I.e, check "!(link[0] & 0x08)".
2285 */
2286 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2287 s->s.k = 0;
2288 b2 = new_block(JMP(BPF_JSET));
2289 b2->s.k = 0x08;
2290 b2->stmts = s;
2291 gen_not(b2);
2292
2293 /*
2294 * For management frames, the DA is at 4.
2295 */
2296 b1 = gen_bcmp(4, 6, eaddr);
2297 gen_and(b2, b1);
2298
2299 /*
2300 * OR that with the checks done for data frames.
2301 * That gives the checks done for management and
2302 * data frames.
2303 */
2304 gen_or(b1, b0);
2305
2306 /*
2307 * If the low-order bit of the type value is 1,
2308 * this is either a control frame or a frame
2309 * with a reserved type, and thus not a
2310 * frame with an SA.
2311 *
2312 * I.e., check "!(link[0] & 0x04)".
2313 */
2314 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2315 s->s.k = 0;
2316 b1 = new_block(JMP(BPF_JSET));
2317 b1->s.k = 0x04;
2318 b1->stmts = s;
2319 gen_not(b1);
2320
2321 /*
2322 * AND that with the checks for data and management
2323 * frames.
2324 */
2325 gen_and(b1, b0);
2326 return b0;
2327
2328 case Q_AND:
2329 b0 = gen_wlanhostop(eaddr, Q_SRC);
2330 b1 = gen_wlanhostop(eaddr, Q_DST);
2331 gen_and(b0, b1);
2332 return b1;
2333
2334 case Q_DEFAULT:
2335 case Q_OR:
2336 b0 = gen_wlanhostop(eaddr, Q_SRC);
2337 b1 = gen_wlanhostop(eaddr, Q_DST);
2338 gen_or(b0, b1);
2339 return b1;
2340 }
2341 abort();
2342 /* NOTREACHED */
2343 }
2344
2345 /*
2346 * Like gen_ehostop, but for RFC 2625 IP-over-Fibre-Channel.
2347 * (We assume that the addresses are IEEE 48-bit MAC addresses,
2348 * as the RFC states.)
2349 */
2350 static struct block *
2351 gen_ipfchostop(eaddr, dir)
2352 register const u_char *eaddr;
2353 register int dir;
2354 {
2355 register struct block *b0, *b1;
2356
2357 switch (dir) {
2358 case Q_SRC:
2359 return gen_bcmp(10, 6, eaddr);
2360
2361 case Q_DST:
2362 return gen_bcmp(2, 6, eaddr);
2363
2364 case Q_AND:
2365 b0 = gen_ipfchostop(eaddr, Q_SRC);
2366 b1 = gen_ipfchostop(eaddr, Q_DST);
2367 gen_and(b0, b1);
2368 return b1;
2369
2370 case Q_DEFAULT:
2371 case Q_OR:
2372 b0 = gen_ipfchostop(eaddr, Q_SRC);
2373 b1 = gen_ipfchostop(eaddr, Q_DST);
2374 gen_or(b0, b1);
2375 return b1;
2376 }
2377 abort();
2378 /* NOTREACHED */
2379 }
2380
2381 /*
2382 * This is quite tricky because there may be pad bytes in front of the
2383 * DECNET header, and then there are two possible data packet formats that
2384 * carry both src and dst addresses, plus 5 packet types in a format that
2385 * carries only the src node, plus 2 types that use a different format and
2386 * also carry just the src node.
2387 *
2388 * Yuck.
2389 *
2390 * Instead of doing those all right, we just look for data packets with
2391 * 0 or 1 bytes of padding. If you want to look at other packets, that
2392 * will require a lot more hacking.
2393 *
2394 * To add support for filtering on DECNET "areas" (network numbers)
2395 * one would want to add a "mask" argument to this routine. That would
2396 * make the filter even more inefficient, although one could be clever
2397 * and not generate masking instructions if the mask is 0xFFFF.
2398 */
2399 static struct block *
2400 gen_dnhostop(addr, dir, base_off)
2401 bpf_u_int32 addr;
2402 int dir;
2403 u_int base_off;
2404 {
2405 struct block *b0, *b1, *b2, *tmp;
2406 u_int offset_lh; /* offset if long header is received */
2407 u_int offset_sh; /* offset if short header is received */
2408
2409 switch (dir) {
2410
2411 case Q_DST:
2412 offset_sh = 1; /* follows flags */
2413 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */
2414 break;
2415
2416 case Q_SRC:
2417 offset_sh = 3; /* follows flags, dstnode */
2418 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */
2419 break;
2420
2421 case Q_AND:
2422 /* Inefficient because we do our Calvinball dance twice */
2423 b0 = gen_dnhostop(addr, Q_SRC, base_off);
2424 b1 = gen_dnhostop(addr, Q_DST, base_off);
2425 gen_and(b0, b1);
2426 return b1;
2427
2428 case Q_OR:
2429 case Q_DEFAULT:
2430 /* Inefficient because we do our Calvinball dance twice */
2431 b0 = gen_dnhostop(addr, Q_SRC, base_off);
2432 b1 = gen_dnhostop(addr, Q_DST, base_off);
2433 gen_or(b0, b1);
2434 return b1;
2435
2436 case Q_ISO:
2437 bpf_error("ISO host filtering not implemented");
2438
2439 default:
2440 abort();
2441 }
2442 b0 = gen_linktype(ETHERTYPE_DN);
2443 /* Check for pad = 1, long header case */
2444 tmp = gen_mcmp(base_off + 2, BPF_H,
2445 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF));
2446 b1 = gen_cmp(base_off + 2 + 1 + offset_lh,
2447 BPF_H, (bpf_int32)ntohs(addr));
2448 gen_and(tmp, b1);
2449 /* Check for pad = 0, long header case */
2450 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7);
2451 b2 = gen_cmp(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr));
2452 gen_and(tmp, b2);
2453 gen_or(b2, b1);
2454 /* Check for pad = 1, short header case */
2455 tmp = gen_mcmp(base_off + 2, BPF_H,
2456 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF));
2457 b2 = gen_cmp(base_off + 2 + 1 + offset_sh,
2458 BPF_H, (bpf_int32)ntohs(addr));
2459 gen_and(tmp, b2);
2460 gen_or(b2, b1);
2461 /* Check for pad = 0, short header case */
2462 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7);
2463 b2 = gen_cmp(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr));
2464 gen_and(tmp, b2);
2465 gen_or(b2, b1);
2466
2467 /* Combine with test for linktype */
2468 gen_and(b0, b1);
2469 return b1;
2470 }
2471
2472 static struct block *
2473 gen_host(addr, mask, proto, dir)
2474 bpf_u_int32 addr;
2475 bpf_u_int32 mask;
2476 int proto;
2477 int dir;
2478 {
2479 struct block *b0, *b1;
2480
2481 switch (proto) {
2482
2483 case Q_DEFAULT:
2484 b0 = gen_host(addr, mask, Q_IP, dir);
2485 if (off_linktype != (u_int)-1) {
2486 b1 = gen_host(addr, mask, Q_ARP, dir);
2487 gen_or(b0, b1);
2488 b0 = gen_host(addr, mask, Q_RARP, dir);
2489 gen_or(b1, b0);
2490 }
2491 return b0;
2492
2493 case Q_IP:
2494 return gen_hostop(addr, mask, dir, ETHERTYPE_IP,
2495 off_nl + 12, off_nl + 16);
2496
2497 case Q_RARP:
2498 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP,
2499 off_nl + 14, off_nl + 24);
2500
2501 case Q_ARP:
2502 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP,
2503 off_nl + 14, off_nl + 24);
2504
2505 case Q_TCP:
2506 bpf_error("'tcp' modifier applied to host");
2507
2508 case Q_SCTP:
2509 bpf_error("'sctp' modifier applied to host");
2510
2511 case Q_UDP:
2512 bpf_error("'udp' modifier applied to host");
2513
2514 case Q_ICMP:
2515 bpf_error("'icmp' modifier applied to host");
2516
2517 case Q_IGMP:
2518 bpf_error("'igmp' modifier applied to host");
2519
2520 case Q_IGRP:
2521 bpf_error("'igrp' modifier applied to host");
2522
2523 case Q_PIM:
2524 bpf_error("'pim' modifier applied to host");
2525
2526 case Q_VRRP:
2527 bpf_error("'vrrp' modifier applied to host");
2528
2529 case Q_ATALK:
2530 bpf_error("ATALK host filtering not implemented");
2531
2532 case Q_AARP:
2533 bpf_error("AARP host filtering not implemented");
2534
2535 case Q_DECNET:
2536 return gen_dnhostop(addr, dir, off_nl);
2537
2538 case Q_SCA:
2539 bpf_error("SCA host filtering not implemented");
2540
2541 case Q_LAT:
2542 bpf_error("LAT host filtering not implemented");
2543
2544 case Q_MOPDL:
2545 bpf_error("MOPDL host filtering not implemented");
2546
2547 case Q_MOPRC:
2548 bpf_error("MOPRC host filtering not implemented");
2549
2550 #ifdef INET6
2551 case Q_IPV6:
2552 bpf_error("'ip6' modifier applied to ip host");
2553
2554 case Q_ICMPV6:
2555 bpf_error("'icmp6' modifier applied to host");
2556 #endif /* INET6 */
2557
2558 case Q_AH:
2559 bpf_error("'ah' modifier applied to host");
2560
2561 case Q_ESP:
2562 bpf_error("'esp' modifier applied to host");
2563
2564 case Q_ISO:
2565 bpf_error("ISO host filtering not implemented");
2566
2567 case Q_ESIS:
2568 bpf_error("'esis' modifier applied to host");
2569
2570 case Q_ISIS:
2571 bpf_error("'isis' modifier applied to host");
2572
2573 case Q_CLNP:
2574 bpf_error("'clnp' modifier applied to host");
2575
2576 case Q_STP:
2577 bpf_error("'stp' modifier applied to host");
2578
2579 case Q_IPX:
2580 bpf_error("IPX host filtering not implemented");
2581
2582 case Q_NETBEUI:
2583 bpf_error("'netbeui' modifier applied to host");
2584
2585 default:
2586 abort();
2587 }
2588 /* NOTREACHED */
2589 }
2590
2591 #ifdef INET6
2592 static struct block *
2593 gen_host6(addr, mask, proto, dir)
2594 struct in6_addr *addr;
2595 struct in6_addr *mask;
2596 int proto;
2597 int dir;
2598 {
2599 switch (proto) {
2600
2601 case Q_DEFAULT:
2602 return gen_host6(addr, mask, Q_IPV6, dir);
2603
2604 case Q_IP:
2605 bpf_error("'ip' modifier applied to ip6 host");
2606
2607 case Q_RARP:
2608 bpf_error("'rarp' modifier applied to ip6 host");
2609
2610 case Q_ARP:
2611 bpf_error("'arp' modifier applied to ip6 host");
2612
2613 case Q_SCTP:
2614 bpf_error("'sctp' modifier applied to host");
2615
2616 case Q_TCP:
2617 bpf_error("'tcp' modifier applied to host");
2618
2619 case Q_UDP:
2620 bpf_error("'udp' modifier applied to host");
2621
2622 case Q_ICMP:
2623 bpf_error("'icmp' modifier applied to host");
2624
2625 case Q_IGMP:
2626 bpf_error("'igmp' modifier applied to host");
2627
2628 case Q_IGRP:
2629 bpf_error("'igrp' modifier applied to host");
2630
2631 case Q_PIM:
2632 bpf_error("'pim' modifier applied to host");
2633
2634 case Q_VRRP:
2635 bpf_error("'vrrp' modifier applied to host");
2636
2637 case Q_ATALK:
2638 bpf_error("ATALK host filtering not implemented");
2639
2640 case Q_AARP:
2641 bpf_error("AARP host filtering not implemented");
2642
2643 case Q_DECNET:
2644 bpf_error("'decnet' modifier applied to ip6 host");
2645
2646 case Q_SCA:
2647 bpf_error("SCA host filtering not implemented");
2648
2649 case Q_LAT:
2650 bpf_error("LAT host filtering not implemented");
2651
2652 case Q_MOPDL:
2653 bpf_error("MOPDL host filtering not implemented");
2654
2655 case Q_MOPRC:
2656 bpf_error("MOPRC host filtering not implemented");
2657
2658 case Q_IPV6:
2659 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6,
2660 off_nl + 8, off_nl + 24);
2661
2662 case Q_ICMPV6:
2663 bpf_error("'icmp6' modifier applied to host");
2664
2665 case Q_AH:
2666 bpf_error("'ah' modifier applied to host");
2667
2668 case Q_ESP:
2669 bpf_error("'esp' modifier applied to host");
2670
2671 case Q_ISO:
2672 bpf_error("ISO host filtering not implemented");
2673
2674 case Q_ESIS:
2675 bpf_error("'esis' modifier applied to host");
2676
2677 case Q_ISIS:
2678 bpf_error("'isis' modifier applied to host");
2679
2680 case Q_CLNP:
2681 bpf_error("'clnp' modifier applied to host");
2682
2683 case Q_STP:
2684 bpf_error("'stp' modifier applied to host");
2685
2686 case Q_IPX:
2687 bpf_error("IPX host filtering not implemented");
2688
2689 case Q_NETBEUI:
2690 bpf_error("'netbeui' modifier applied to host");
2691
2692 default:
2693 abort();
2694 }
2695 /* NOTREACHED */
2696 }
2697 #endif /*INET6*/
2698
2699 #ifndef INET6
2700 static struct block *
2701 gen_gateway(eaddr, alist, proto, dir)
2702 const u_char *eaddr;
2703 bpf_u_int32 **alist;
2704 int proto;
2705 int dir;
2706 {
2707 struct block *b0, *b1, *tmp;
2708
2709 if (dir != 0)
2710 bpf_error("direction applied to 'gateway'");
2711
2712 switch (proto) {
2713 case Q_DEFAULT:
2714 case Q_IP:
2715 case Q_ARP:
2716 case Q_RARP:
2717 if (linktype == DLT_EN10MB)
2718 b0 = gen_ehostop(eaddr, Q_OR);
2719 else if (linktype == DLT_FDDI)
2720 b0 = gen_fhostop(eaddr, Q_OR);
2721 else if (linktype == DLT_IEEE802)
2722 b0 = gen_thostop(eaddr, Q_OR);
2723 else if (linktype == DLT_IEEE802_11)
2724 b0 = gen_wlanhostop(eaddr, Q_OR);
2725 else if (linktype == DLT_SUNATM && is_lane) {
2726 /*
2727 * Check that the packet doesn't begin with an
2728 * LE Control marker. (We've already generated
2729 * a test for LANE.)
2730 */
2731 b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
2732 gen_not(b1);
2733
2734 /*
2735 * Now check the MAC address.
2736 */
2737 b0 = gen_ehostop(eaddr, Q_OR);
2738 gen_and(b1, b0);
2739 } else if (linktype == DLT_IP_OVER_FC)
2740 b0 = gen_ipfchostop(eaddr, Q_OR);
2741 else
2742 bpf_error(
2743 "'gateway' supported only on ethernet/FDDI/token ring/802.11/Fibre Channel");
2744
2745 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR);
2746 while (*alist) {
2747 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR);
2748 gen_or(b1, tmp);
2749 b1 = tmp;
2750 }
2751 gen_not(b1);
2752 gen_and(b0, b1);
2753 return b1;
2754 }
2755 bpf_error("illegal modifier of 'gateway'");
2756 /* NOTREACHED */
2757 }
2758 #endif
2759
2760 struct block *
2761 gen_proto_abbrev(proto)
2762 int proto;
2763 {
2764 struct block *b0;
2765 struct block *b1;
2766
2767 switch (proto) {
2768
2769 case Q_SCTP:
2770 b1 = gen_proto(IPPROTO_SCTP, Q_IP, Q_DEFAULT);
2771 #ifdef INET6
2772 b0 = gen_proto(IPPROTO_SCTP, Q_IPV6, Q_DEFAULT);
2773 gen_or(b0, b1);
2774 #endif
2775 break;
2776
2777 case Q_TCP:
2778 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT);
2779 #ifdef INET6
2780 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT);
2781 gen_or(b0, b1);
2782 #endif
2783 break;
2784
2785 case Q_UDP:
2786 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT);
2787 #ifdef INET6
2788 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT);
2789 gen_or(b0, b1);
2790 #endif
2791 break;
2792
2793 case Q_ICMP:
2794 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT);
2795 break;
2796
2797 #ifndef IPPROTO_IGMP
2798 #define IPPROTO_IGMP 2
2799 #endif
2800
2801 case Q_IGMP:
2802 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT);
2803 break;
2804
2805 #ifndef IPPROTO_IGRP
2806 #define IPPROTO_IGRP 9
2807 #endif
2808 case Q_IGRP:
2809 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT);
2810 break;
2811
2812 #ifndef IPPROTO_PIM
2813 #define IPPROTO_PIM 103
2814 #endif
2815
2816 case Q_PIM:
2817 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT);
2818 #ifdef INET6
2819 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT);
2820 gen_or(b0, b1);
2821 #endif
2822 break;
2823
2824 #ifndef IPPROTO_VRRP
2825 #define IPPROTO_VRRP 112
2826 #endif
2827
2828 case Q_VRRP:
2829 b1 = gen_proto(IPPROTO_VRRP, Q_IP, Q_DEFAULT);
2830 break;
2831
2832 case Q_IP:
2833 b1 = gen_linktype(ETHERTYPE_IP);
2834 break;
2835
2836 case Q_ARP:
2837 b1 = gen_linktype(ETHERTYPE_ARP);
2838 break;
2839
2840 case Q_RARP:
2841 b1 = gen_linktype(ETHERTYPE_REVARP);
2842 break;
2843
2844 case Q_LINK:
2845 bpf_error("link layer applied in wrong context");
2846
2847 case Q_ATALK:
2848 b1 = gen_linktype(ETHERTYPE_ATALK);
2849 break;
2850
2851 case Q_AARP:
2852 b1 = gen_linktype(ETHERTYPE_AARP);
2853 break;
2854
2855 case Q_DECNET:
2856 b1 = gen_linktype(ETHERTYPE_DN);
2857 break;
2858
2859 case Q_SCA:
2860 b1 = gen_linktype(ETHERTYPE_SCA);
2861 break;
2862
2863 case Q_LAT:
2864 b1 = gen_linktype(ETHERTYPE_LAT);
2865 break;
2866
2867 case Q_MOPDL:
2868 b1 = gen_linktype(ETHERTYPE_MOPDL);
2869 break;
2870
2871 case Q_MOPRC:
2872 b1 = gen_linktype(ETHERTYPE_MOPRC);
2873 break;
2874
2875 #ifdef INET6
2876 case Q_IPV6:
2877 b1 = gen_linktype(ETHERTYPE_IPV6);
2878 break;
2879
2880 #ifndef IPPROTO_ICMPV6
2881 #define IPPROTO_ICMPV6 58
2882 #endif
2883 case Q_ICMPV6:
2884 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT);
2885 break;
2886 #endif /* INET6 */
2887
2888 #ifndef IPPROTO_AH
2889 #define IPPROTO_AH 51
2890 #endif
2891 case Q_AH:
2892 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT);
2893 #ifdef INET6
2894 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT);
2895 gen_or(b0, b1);
2896 #endif
2897 break;
2898
2899 #ifndef IPPROTO_ESP
2900 #define IPPROTO_ESP 50
2901 #endif
2902 case Q_ESP:
2903 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT);
2904 #ifdef INET6
2905 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT);
2906 gen_or(b0, b1);
2907 #endif
2908 break;
2909
2910 case Q_ISO:
2911 b1 = gen_linktype(LLCSAP_ISONS);
2912 break;
2913
2914 case Q_ESIS:
2915 b1 = gen_proto(ISO9542_ESIS, Q_ISO, Q_DEFAULT);
2916 break;
2917
2918 case Q_ISIS:
2919 b1 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT);
2920 break;
2921
2922 case Q_ISIS_L1: /* all IS-IS Level1 PDU-Types */
2923 b0 = gen_proto(ISIS_L1_LAN_IIH, Q_ISIS, Q_DEFAULT);
2924 b1 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT); /* FIXME extract the circuit-type bits */
2925 gen_or(b0, b1);
2926 b0 = gen_proto(ISIS_L1_LSP, Q_ISIS, Q_DEFAULT);
2927 gen_or(b0, b1);
2928 b0 = gen_proto(ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT);
2929 gen_or(b0, b1);
2930 b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT);
2931 gen_or(b0, b1);
2932 break;
2933
2934 case Q_ISIS_L2: /* all IS-IS Level2 PDU-Types */
2935 b0 = gen_proto(ISIS_L2_LAN_IIH, Q_ISIS, Q_DEFAULT);
2936 b1 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT); /* FIXME extract the circuit-type bits */
2937 gen_or(b0, b1);
2938 b0 = gen_proto(ISIS_L2_LSP, Q_ISIS, Q_DEFAULT);
2939 gen_or(b0, b1);
2940 b0 = gen_proto(ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT);
2941 gen_or(b0, b1);
2942 b0 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT);
2943 gen_or(b0, b1);
2944 break;
2945
2946 case Q_ISIS_IIH: /* all IS-IS Hello PDU-Types */
2947 b0 = gen_proto(ISIS_L1_LAN_IIH, Q_ISIS, Q_DEFAULT);
2948 b1 = gen_proto(ISIS_L2_LAN_IIH, Q_ISIS, Q_DEFAULT);
2949 gen_or(b0, b1);
2950 b0 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT);
2951 gen_or(b0, b1);
2952 break;
2953
2954 case Q_ISIS_LSP:
2955 b0 = gen_proto(ISIS_L1_LSP, Q_ISIS, Q_DEFAULT);
2956 b1 = gen_proto(ISIS_L2_LSP, Q_ISIS, Q_DEFAULT);
2957 gen_or(b0, b1);
2958 break;
2959
2960 case Q_ISIS_SNP:
2961 b0 = gen_proto(ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT);
2962 b1 = gen_proto(ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT);
2963 gen_or(b0, b1);
2964 b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT);
2965 gen_or(b0, b1);
2966 b0 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT);
2967 gen_or(b0, b1);
2968 break;
2969
2970 case Q_ISIS_CSNP:
2971 b0 = gen_proto(ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT);
2972 b1 = gen_proto(ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT);
2973 gen_or(b0, b1);
2974 break;
2975
2976 case Q_ISIS_PSNP:
2977 b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT);
2978 b1 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT);
2979 gen_or(b0, b1);
2980 break;
2981
2982 case Q_CLNP:
2983 b1 = gen_proto(ISO8473_CLNP, Q_ISO, Q_DEFAULT);
2984 break;
2985
2986 case Q_STP:
2987 b1 = gen_linktype(LLCSAP_8021D);
2988 break;
2989
2990 case Q_IPX:
2991 b1 = gen_linktype(LLCSAP_IPX);
2992 break;
2993
2994 case Q_NETBEUI:
2995 b1 = gen_linktype(LLCSAP_NETBEUI);
2996 break;
2997
2998 default:
2999 abort();
3000 }
3001 return b1;
3002 }
3003
3004 static struct block *
3005 gen_ipfrag()
3006 {
3007 struct slist *s;
3008 struct block *b;
3009
3010 /* not ip frag */
3011 s = new_stmt(BPF_LD|BPF_H|BPF_ABS);
3012 s->s.k = off_nl + 6;
3013 b = new_block(JMP(BPF_JSET));
3014 b->s.k = 0x1fff;
3015 b->stmts = s;
3016 gen_not(b);
3017
3018 return b;
3019 }
3020
3021 static struct block *
3022 gen_portatom(off, v)
3023 int off;
3024 bpf_int32 v;
3025 {
3026 struct slist *s;
3027 struct block *b;
3028
3029 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
3030 s->s.k = off_nl;
3031
3032 s->next = new_stmt(BPF_LD|BPF_IND|BPF_H);
3033 s->next->s.k = off_nl + off;
3034
3035 b = new_block(JMP(BPF_JEQ));
3036 b->stmts = s;
3037 b->s.k = v;
3038
3039 return b;
3040 }
3041
3042 #ifdef INET6
3043 static struct block *
3044 gen_portatom6(off, v)
3045 int off;
3046 bpf_int32 v;
3047 {
3048 return gen_cmp(off_nl + 40 + off, BPF_H, v);
3049 }
3050 #endif/*INET6*/
3051
3052 struct block *
3053 gen_portop(port, proto, dir)
3054 int port, proto, dir;
3055 {
3056 struct block *b0, *b1, *tmp;
3057
3058 /* ip proto 'proto' */
3059 tmp = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)proto);
3060 b0 = gen_ipfrag();
3061 gen_and(tmp, b0);
3062
3063 switch (dir) {
3064 case Q_SRC:
3065 b1 = gen_portatom(0, (bpf_int32)port);
3066 break;
3067
3068 case Q_DST:
3069 b1 = gen_portatom(2, (bpf_int32)port);
3070 break;
3071
3072 case Q_OR:
3073 case Q_DEFAULT:
3074 tmp = gen_portatom(0, (bpf_int32)port);
3075 b1 = gen_portatom(2, (bpf_int32)port);
3076 gen_or(tmp, b1);
3077 break;
3078
3079 case Q_AND:
3080 tmp = gen_portatom(0, (bpf_int32)port);
3081 b1 = gen_portatom(2, (bpf_int32)port);
3082 gen_and(tmp, b1);
3083 break;
3084
3085 default:
3086 abort();
3087 }
3088 gen_and(b0, b1);
3089
3090 return b1;
3091 }
3092
3093 static struct block *
3094 gen_port(port, ip_proto, dir)
3095 int port;
3096 int ip_proto;
3097 int dir;
3098 {
3099 struct block *b0, *b1, *tmp;
3100
3101 /*
3102 * ether proto ip
3103 *
3104 * For FDDI, RFC 1188 says that SNAP encapsulation is used,
3105 * not LLC encapsulation with LLCSAP_IP.
3106 *
3107 * For IEEE 802 networks - which includes 802.5 token ring
3108 * (which is what DLT_IEEE802 means) and 802.11 - RFC 1042
3109 * says that SNAP encapsulation is used, not LLC encapsulation
3110 * with LLCSAP_IP.
3111 *
3112 * For LLC-encapsulated ATM/"Classical IP", RFC 1483 and
3113 * RFC 2225 say that SNAP encapsulation is used, not LLC
3114 * encapsulation with LLCSAP_IP.
3115 *
3116 * So we always check for ETHERTYPE_IP.
3117 */
3118 b0 = gen_linktype(ETHERTYPE_IP);
3119
3120 switch (ip_proto) {
3121 case IPPROTO_UDP:
3122 case IPPROTO_TCP:
3123 case IPPROTO_SCTP:
3124 b1 = gen_portop(port, ip_proto, dir);
3125 break;
3126
3127 case PROTO_UNDEF:
3128 tmp = gen_portop(port, IPPROTO_TCP, dir);
3129 b1 = gen_portop(port, IPPROTO_UDP, dir);
3130 gen_or(tmp, b1);
3131 tmp = gen_portop(port, IPPROTO_SCTP, dir);
3132 gen_or(tmp, b1);
3133 break;
3134
3135 default:
3136 abort();
3137 }
3138 gen_and(b0, b1);
3139 return b1;
3140 }
3141
3142 #ifdef INET6
3143 struct block *
3144 gen_portop6(port, proto, dir)
3145 int port, proto, dir;
3146 {
3147 struct block *b0, *b1, *tmp;
3148
3149 /* ip proto 'proto' */
3150 b0 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)proto);
3151
3152 switch (dir) {
3153 case Q_SRC:
3154 b1 = gen_portatom6(0, (bpf_int32)port);
3155 break;
3156
3157 case Q_DST:
3158 b1 = gen_portatom6(2, (bpf_int32)port);
3159 break;
3160
3161 case Q_OR:
3162 case Q_DEFAULT:
3163 tmp = gen_portatom6(0, (bpf_int32)port);
3164 b1 = gen_portatom6(2, (bpf_int32)port);
3165 gen_or(tmp, b1);
3166 break;
3167
3168 case Q_AND:
3169 tmp = gen_portatom6(0, (bpf_int32)port);
3170 b1 = gen_portatom6(2, (bpf_int32)port);
3171 gen_and(tmp, b1);
3172 break;
3173
3174 default:
3175 abort();
3176 }
3177 gen_and(b0, b1);
3178
3179 return b1;
3180 }
3181
3182 static struct block *
3183 gen_port6(port, ip_proto, dir)
3184 int port;
3185 int ip_proto;
3186 int dir;
3187 {
3188 struct block *b0, *b1, *tmp;
3189
3190 /* ether proto ip */
3191 b0 = gen_linktype(ETHERTYPE_IPV6);
3192
3193 switch (ip_proto) {
3194 case IPPROTO_UDP:
3195 case IPPROTO_TCP:
3196 case IPPROTO_SCTP:
3197 b1 = gen_portop6(port, ip_proto, dir);
3198 break;
3199
3200 case PROTO_UNDEF:
3201 tmp = gen_portop6(port, IPPROTO_TCP, dir);
3202 b1 = gen_portop6(port, IPPROTO_UDP, dir);
3203 gen_or(tmp, b1);
3204 tmp = gen_portop6(port, IPPROTO_SCTP, dir);
3205 gen_or(tmp, b1);
3206 break;
3207
3208 default:
3209 abort();
3210 }
3211 gen_and(b0, b1);
3212 return b1;
3213 }
3214 #endif /* INET6 */
3215
3216 static int
3217 lookup_proto(name, proto)
3218 register const char *name;
3219 register int proto;
3220 {
3221 register int v;
3222
3223 switch (proto) {
3224
3225 case Q_DEFAULT:
3226 case Q_IP:
3227 case Q_IPV6:
3228 v = pcap_nametoproto(name);
3229 if (v == PROTO_UNDEF)
3230 bpf_error("unknown ip proto '%s'", name);
3231 break;
3232
3233 case Q_LINK:
3234 /* XXX should look up h/w protocol type based on linktype */
3235 v = pcap_nametoeproto(name);
3236 if (v == PROTO_UNDEF)
3237 bpf_error("unknown ether proto '%s'", name);
3238 break;
3239
3240 case Q_ISO:
3241 if (strcmp(name, "esis") == 0)
3242 v = ISO9542_ESIS;
3243 else if (strcmp(name, "isis") == 0)
3244 v = ISO10589_ISIS;
3245 else if (strcmp(name, "clnp") == 0)
3246 v = ISO8473_CLNP;
3247 else
3248 bpf_error("unknown osi proto '%s'", name);
3249 break;
3250
3251 default:
3252 v = PROTO_UNDEF;
3253 break;
3254 }
3255 return v;
3256 }
3257
3258 #if 0
3259 struct stmt *
3260 gen_joinsp(s, n)
3261 struct stmt **s;
3262 int n;
3263 {
3264 return NULL;
3265 }
3266 #endif
3267
3268 static struct block *
3269 gen_protochain(v, proto, dir)
3270 int v;
3271 int proto;
3272 int dir;
3273 {
3274 #ifdef NO_PROTOCHAIN
3275 return gen_proto(v, proto, dir);
3276 #else
3277 struct block *b0, *b;
3278 struct slist *s[100];
3279 int fix2, fix3, fix4, fix5;
3280 int ahcheck, again, end;
3281 int i, max;
3282 int reg2 = alloc_reg();
3283
3284 memset(s, 0, sizeof(s));
3285 fix2 = fix3 = fix4 = fix5 = 0;
3286
3287 switch (proto) {
3288 case Q_IP:
3289 case Q_IPV6:
3290 break;
3291 case Q_DEFAULT:
3292 b0 = gen_protochain(v, Q_IP, dir);
3293 b = gen_protochain(v, Q_IPV6, dir);
3294 gen_or(b0, b);
3295 return b;
3296 default:
3297 bpf_error("bad protocol applied for 'protochain'");
3298 /*NOTREACHED*/
3299 }
3300
3301 no_optimize = 1; /*this code is not compatible with optimzer yet */
3302
3303 /*
3304 * s[0] is a dummy entry to protect other BPF insn from damaged
3305 * by s[fix] = foo with uninitialized variable "fix". It is somewhat
3306 * hard to find interdependency made by jump table fixup.
3307 */
3308 i = 0;
3309 s[i] = new_stmt(0); /*dummy*/
3310 i++;
3311
3312 switch (proto) {
3313 case Q_IP:
3314 b0 = gen_linktype(ETHERTYPE_IP);
3315
3316 /* A = ip->ip_p */
3317 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
3318 s[i]->s.k = off_nl + 9;
3319 i++;
3320 /* X = ip->ip_hl << 2 */
3321 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
3322 s[i]->s.k = off_nl;
3323 i++;
3324 break;
3325 #ifdef INET6
3326 case Q_IPV6:
3327 b0 = gen_linktype(ETHERTYPE_IPV6);
3328
3329 /* A = ip6->ip_nxt */
3330 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
3331 s[i]->s.k = off_nl + 6;
3332 i++;
3333 /* X = sizeof(struct ip6_hdr) */
3334 s[i] = new_stmt(BPF_LDX|BPF_IMM);
3335 s[i]->s.k = 40;
3336 i++;
3337 break;
3338 #endif
3339 default:
3340 bpf_error("unsupported proto to gen_protochain");
3341 /*NOTREACHED*/
3342 }
3343
3344 /* again: if (A == v) goto end; else fall through; */
3345 again = i;
3346 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3347 s[i]->s.k = v;
3348 s[i]->s.jt = NULL; /*later*/
3349 s[i]->s.jf = NULL; /*update in next stmt*/
3350 fix5 = i;
3351 i++;
3352
3353 #ifndef IPPROTO_NONE
3354 #define IPPROTO_NONE 59
3355 #endif
3356 /* if (A == IPPROTO_NONE) goto end */
3357 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3358 s[i]->s.jt = NULL; /*later*/
3359 s[i]->s.jf = NULL; /*update in next stmt*/
3360 s[i]->s.k = IPPROTO_NONE;
3361 s[fix5]->s.jf = s[i];
3362 fix2 = i;
3363 i++;
3364
3365 #ifdef INET6
3366 if (proto == Q_IPV6) {
3367 int v6start, v6end, v6advance, j;
3368
3369 v6start = i;
3370 /* if (A == IPPROTO_HOPOPTS) goto v6advance */
3371 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3372 s[i]->s.jt = NULL; /*later*/
3373 s[i]->s.jf = NULL; /*update in next stmt*/
3374 s[i]->s.k = IPPROTO_HOPOPTS;
3375 s[fix2]->s.jf = s[i];
3376 i++;
3377 /* if (A == IPPROTO_DSTOPTS) goto v6advance */
3378 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3379 s[i]->s.jt = NULL; /*later*/
3380 s[i]->s.jf = NULL; /*update in next stmt*/
3381 s[i]->s.k = IPPROTO_DSTOPTS;
3382 i++;
3383 /* if (A == IPPROTO_ROUTING) goto v6advance */
3384 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3385 s[i]->s.jt = NULL; /*later*/
3386 s[i]->s.jf = NULL; /*update in next stmt*/
3387 s[i]->s.k = IPPROTO_ROUTING;
3388 i++;
3389 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */
3390 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3391 s[i]->s.jt = NULL; /*later*/
3392 s[i]->s.jf = NULL; /*later*/
3393 s[i]->s.k = IPPROTO_FRAGMENT;
3394 fix3 = i;
3395 v6end = i;
3396 i++;
3397
3398 /* v6advance: */
3399 v6advance = i;
3400
3401 /*
3402 * in short,
3403 * A = P[X];
3404 * X = X + (P[X + 1] + 1) * 8;
3405 */
3406 /* A = X */
3407 s[i] = new_stmt(BPF_MISC|BPF_TXA);
3408 i++;
3409 /* A = P[X + packet head] */
3410 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
3411 s[i]->s.k = off_nl;
3412 i++;
3413 /* MEM[reg2] = A */
3414 s[i] = new_stmt(BPF_ST);
3415 s[i]->s.k = reg2;
3416 i++;
3417 /* A = X */
3418 s[i] = new_stmt(BPF_MISC|BPF_TXA);
3419 i++;
3420 /* A += 1 */
3421 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3422 s[i]->s.k = 1;
3423 i++;
3424 /* X = A */
3425 s[i] = new_stmt(BPF_MISC|BPF_TAX);
3426 i++;
3427 /* A = P[X + packet head]; */
3428 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
3429 s[i]->s.k = off_nl;
3430 i++;
3431 /* A += 1 */
3432 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3433 s[i]->s.k = 1;
3434 i++;
3435 /* A *= 8 */
3436 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
3437 s[i]->s.k = 8;
3438 i++;
3439 /* X = A; */
3440 s[i] = new_stmt(BPF_MISC|BPF_TAX);
3441 i++;
3442 /* A = MEM[reg2] */
3443 s[i] = new_stmt(BPF_LD|BPF_MEM);
3444 s[i]->s.k = reg2;
3445 i++;
3446
3447 /* goto again; (must use BPF_JA for backward jump) */
3448 s[i] = new_stmt(BPF_JMP|BPF_JA);
3449 s[i]->s.k = again - i - 1;
3450 s[i - 1]->s.jf = s[i];
3451 i++;
3452
3453 /* fixup */
3454 for (j = v6start; j <= v6end; j++)
3455 s[j]->s.jt = s[v6advance];
3456 } else
3457 #endif
3458 {
3459 /* nop */
3460 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3461 s[i]->s.k = 0;
3462 s[fix2]->s.jf = s[i];
3463 i++;
3464 }
3465
3466 /* ahcheck: */
3467 ahcheck = i;
3468 /* if (A == IPPROTO_AH) then fall through; else goto end; */
3469 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3470 s[i]->s.jt = NULL; /*later*/
3471 s[i]->s.jf = NULL; /*later*/
3472 s[i]->s.k = IPPROTO_AH;
3473 if (fix3)
3474 s[fix3]->s.jf = s[ahcheck];
3475 fix4 = i;
3476 i++;
3477
3478 /*
3479 * in short,
3480 * A = P[X];
3481 * X = X + (P[X + 1] + 2) * 4;
3482 */
3483 /* A = X */
3484 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
3485 i++;
3486 /* A = P[X + packet head]; */
3487 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
3488 s[i]->s.k = off_nl;
3489 i++;
3490 /* MEM[reg2] = A */
3491 s[i] = new_stmt(BPF_ST);
3492 s[i]->s.k = reg2;
3493 i++;
3494 /* A = X */
3495 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
3496 i++;
3497 /* A += 1 */
3498 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3499 s[i]->s.k = 1;
3500 i++;
3501 /* X = A */
3502 s[i] = new_stmt(BPF_MISC|BPF_TAX);
3503 i++;
3504 /* A = P[X + packet head] */
3505 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
3506 s[i]->s.k = off_nl;
3507 i++;
3508 /* A += 2 */
3509 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3510 s[i]->s.k = 2;
3511 i++;
3512 /* A *= 4 */
3513 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
3514 s[i]->s.k = 4;
3515 i++;
3516 /* X = A; */
3517 s[i] = new_stmt(BPF_MISC|BPF_TAX);
3518 i++;
3519 /* A = MEM[reg2] */
3520 s[i] = new_stmt(BPF_LD|BPF_MEM);
3521 s[i]->s.k = reg2;
3522 i++;
3523
3524 /* goto again; (must use BPF_JA for backward jump) */
3525 s[i] = new_stmt(BPF_JMP|BPF_JA);
3526 s[i]->s.k = again - i - 1;
3527 i++;
3528
3529 /* end: nop */
3530 end = i;
3531 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3532 s[i]->s.k = 0;
3533 s[fix2]->s.jt = s[end];
3534 s[fix4]->s.jf = s[end];
3535 s[fix5]->s.jt = s[end];
3536 i++;
3537
3538 /*
3539 * make slist chain
3540 */
3541 max = i;
3542 for (i = 0; i < max - 1; i++)
3543 s[i]->next = s[i + 1];
3544 s[max - 1]->next = NULL;
3545
3546 /*
3547 * emit final check
3548 */
3549 b = new_block(JMP(BPF_JEQ));
3550 b->stmts = s[1]; /*remember, s[0] is dummy*/
3551 b->s.k = v;
3552
3553 free_reg(reg2);
3554
3555 gen_and(b0, b);
3556 return b;
3557 #endif
3558 }
3559
3560 static struct block *
3561 gen_proto(v, proto, dir)
3562 int v;
3563 int proto;
3564 int dir;
3565 {
3566 struct block *b0, *b1;
3567
3568 if (dir != Q_DEFAULT)
3569 bpf_error("direction applied to 'proto'");
3570
3571 switch (proto) {
3572 case Q_DEFAULT:
3573 #ifdef INET6
3574 b0 = gen_proto(v, Q_IP, dir);
3575 b1 = gen_proto(v, Q_IPV6, dir);
3576 gen_or(b0, b1);
3577 return b1;
3578 #else
3579 /*FALLTHROUGH*/
3580 #endif
3581 case Q_IP:
3582 /*
3583 * For FDDI, RFC 1188 says that SNAP encapsulation is used,
3584 * not LLC encapsulation with LLCSAP_IP.
3585 *
3586 * For IEEE 802 networks - which includes 802.5 token ring
3587 * (which is what DLT_IEEE802 means) and 802.11 - RFC 1042
3588 * says that SNAP encapsulation is used, not LLC encapsulation
3589 * with LLCSAP_IP.
3590 *
3591 * For LLC-encapsulated ATM/"Classical IP", RFC 1483 and
3592 * RFC 2225 say that SNAP encapsulation is used, not LLC
3593 * encapsulation with LLCSAP_IP.
3594 *
3595 * So we always check for ETHERTYPE_IP.
3596 */
3597 b0 = gen_linktype(ETHERTYPE_IP);
3598 #ifndef CHASE_CHAIN
3599 b1 = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)v);
3600 #else
3601 b1 = gen_protochain(v, Q_IP);
3602 #endif
3603 gen_and(b0, b1);
3604 return b1;
3605
3606 case Q_ISO:
3607 switch (linktype) {
3608
3609 case DLT_FRELAY:
3610 /*
3611 * Frame Relay packets typically have an OSI
3612 * NLPID at the beginning; "gen_linktype(LLCSAP_ISONS)"
3613 * generates code to check for all the OSI
3614 * NLPIDs, so calling it and then adding a check
3615 * for the particular NLPID for which we're
3616 * looking is bogus, as we can just check for
3617 * the NLPID.
3618 *
3619 * What we check for is the NLPID and a frame
3620 * control field value of UI, i.e. 0x03 followed
3621 * by the NLPID.
3622 *
3623 * XXX - assumes a 2-byte Frame Relay header with
3624 * DLCI and flags. What if the address is longer?
3625 *
3626 * XXX - what about SNAP-encapsulated frames?
3627 */
3628 return gen_cmp(2, BPF_H, (0x03<<8) | v);
3629 break;
3630
3631 case DLT_C_HDLC:
3632 /*
3633 * Cisco uses an Ethertype lookalike - for OSI,
3634 * it's 0xfefe.
3635 */
3636 b0 = gen_linktype(LLCSAP_ISONS<<8 | LLCSAP_ISONS);
3637 /* OSI in C-HDLC is stuffed with a fudge byte */
3638 b1 = gen_cmp(off_nl_nosnap+1, BPF_B, (long)v);
3639 gen_and(b0, b1);
3640 return b1;
3641
3642 default:
3643 b0 = gen_linktype(LLCSAP_ISONS);
3644 b1 = gen_cmp(off_nl_nosnap, BPF_B, (long)v);
3645 gen_and(b0, b1);
3646 return b1;
3647 }
3648
3649 case Q_ISIS:
3650 b0 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT);
3651 /*
3652 * 4 is the offset of the PDU type relative to the IS-IS
3653 * header.
3654 */
3655 b1 = gen_cmp(off_nl_nosnap+4, BPF_B, (long)v);
3656 gen_and(b0, b1);
3657 return b1;
3658
3659 case Q_ARP:
3660 bpf_error("arp does not encapsulate another protocol");
3661 /* NOTREACHED */
3662
3663 case Q_RARP:
3664 bpf_error("rarp does not encapsulate another protocol");
3665 /* NOTREACHED */
3666
3667 case Q_ATALK:
3668 bpf_error("atalk encapsulation is not specifiable");
3669 /* NOTREACHED */
3670
3671 case Q_DECNET:
3672 bpf_error("decnet encapsulation is not specifiable");
3673 /* NOTREACHED */
3674
3675 case Q_SCA:
3676 bpf_error("sca does not encapsulate another protocol");
3677 /* NOTREACHED */
3678
3679 case Q_LAT:
3680 bpf_error("lat does not encapsulate another protocol");
3681 /* NOTREACHED */
3682
3683 case Q_MOPRC:
3684 bpf_error("moprc does not encapsulate another protocol");
3685 /* NOTREACHED */
3686
3687 case Q_MOPDL:
3688 bpf_error("mopdl does not encapsulate another protocol");
3689 /* NOTREACHED */
3690
3691 case Q_LINK:
3692 return gen_linktype(v);
3693
3694 case Q_UDP:
3695 bpf_error("'udp proto' is bogus");
3696 /* NOTREACHED */
3697
3698 case Q_TCP:
3699 bpf_error("'tcp proto' is bogus");
3700 /* NOTREACHED */
3701
3702 case Q_SCTP:
3703 bpf_error("'sctp proto' is bogus");
3704 /* NOTREACHED */
3705
3706 case Q_ICMP:
3707 bpf_error("'icmp proto' is bogus");
3708 /* NOTREACHED */
3709
3710 case Q_IGMP:
3711 bpf_error("'igmp proto' is bogus");
3712 /* NOTREACHED */
3713
3714 case Q_IGRP:
3715 bpf_error("'igrp proto' is bogus");
3716 /* NOTREACHED */
3717
3718 case Q_PIM:
3719 bpf_error("'pim proto' is bogus");
3720 /* NOTREACHED */
3721
3722 case Q_VRRP:
3723 bpf_error("'vrrp proto' is bogus");
3724 /* NOTREACHED */
3725
3726 #ifdef INET6
3727 case Q_IPV6:
3728 b0 = gen_linktype(ETHERTYPE_IPV6);
3729 #ifndef CHASE_CHAIN
3730 b1 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)v);
3731 #else
3732 b1 = gen_protochain(v, Q_IPV6);
3733 #endif
3734 gen_and(b0, b1);
3735 return b1;
3736
3737 case Q_ICMPV6:
3738 bpf_error("'icmp6 proto' is bogus");
3739 #endif /* INET6 */
3740
3741 case Q_AH:
3742 bpf_error("'ah proto' is bogus");
3743
3744 case Q_ESP:
3745 bpf_error("'ah proto' is bogus");
3746
3747 case Q_STP:
3748 bpf_error("'stp proto' is bogus");
3749
3750 case Q_IPX:
3751 bpf_error("'ipx proto' is bogus");
3752
3753 case Q_NETBEUI:
3754 bpf_error("'netbeui proto' is bogus");
3755
3756 default:
3757 abort();
3758 /* NOTREACHED */
3759 }
3760 /* NOTREACHED */
3761 }
3762
3763 struct block *
3764 gen_scode(name, q)
3765 register const char *name;
3766 struct qual q;
3767 {
3768 int proto = q.proto;
3769 int dir = q.dir;
3770 int tproto;
3771 u_char *eaddr;
3772 bpf_u_int32 mask, addr;
3773 #ifndef INET6
3774 bpf_u_int32 **alist;
3775 #else
3776 int tproto6;
3777 struct sockaddr_in *sin;
3778 struct sockaddr_in6 *sin6;
3779 struct addrinfo *res, *res0;
3780 struct in6_addr mask128;
3781 #endif /*INET6*/
3782 struct block *b, *tmp;
3783 int port, real_proto;
3784
3785 switch (q.addr) {
3786
3787 case Q_NET:
3788 addr = pcap_nametonetaddr(name);
3789 if (addr == 0)
3790 bpf_error("unknown network '%s'", name);
3791 /* Left justify network addr and calculate its network mask */
3792 mask = 0xffffffff;
3793 while (addr && (addr & 0xff000000) == 0) {
3794 addr <<= 8;
3795 mask <<= 8;
3796 }
3797 return gen_host(addr, mask, proto, dir);
3798
3799 case Q_DEFAULT:
3800 case Q_HOST:
3801 if (proto == Q_LINK) {
3802 switch (linktype) {
3803
3804 case DLT_EN10MB:
3805 eaddr = pcap_ether_hostton(name);
3806 if (eaddr == NULL)
3807 bpf_error(
3808 "unknown ether host '%s'", name);
3809 b = gen_ehostop(eaddr, dir);
3810 free(eaddr);
3811 return b;
3812
3813 case DLT_FDDI:
3814 eaddr = pcap_ether_hostton(name);
3815 if (eaddr == NULL)
3816 bpf_error(
3817 "unknown FDDI host '%s'", name);
3818 b = gen_fhostop(eaddr, dir);
3819 free(eaddr);
3820 return b;
3821
3822 case DLT_IEEE802:
3823 eaddr = pcap_ether_hostton(name);
3824 if (eaddr == NULL)
3825 bpf_error(
3826 "unknown token ring host '%s'", name);
3827 b = gen_thostop(eaddr, dir);
3828 free(eaddr);
3829 return b;
3830
3831 case DLT_IEEE802_11:
3832 eaddr = pcap_ether_hostton(name);
3833 if (eaddr == NULL)
3834 bpf_error(
3835 "unknown 802.11 host '%s'", name);
3836 b = gen_wlanhostop(eaddr, dir);
3837 free(eaddr);
3838 return b;
3839
3840 case DLT_IP_OVER_FC:
3841 eaddr = pcap_ether_hostton(name);
3842 if (eaddr == NULL)
3843 bpf_error(
3844 "unknown Fibre Channel host '%s'", name);
3845 b = gen_ipfchostop(eaddr, dir);
3846 free(eaddr);
3847 return b;
3848
3849 case DLT_SUNATM:
3850 if (!is_lane)
3851 break;
3852
3853 /*
3854 * Check that the packet doesn't begin
3855 * with an LE Control marker. (We've
3856 * already generated a test for LANE.)
3857 */
3858 tmp = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H,
3859 0xFF00);
3860 gen_not(tmp);
3861
3862 eaddr = pcap_ether_hostton(name);
3863 if (eaddr == NULL)
3864 bpf_error(
3865 "unknown ether host '%s'", name);
3866 b = gen_ehostop(eaddr, dir);
3867 gen_and(tmp, b);
3868 free(eaddr);
3869 return b;
3870 }
3871
3872 bpf_error("only ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel supports link-level host name");
3873 } else if (proto == Q_DECNET) {
3874 unsigned short dn_addr = __pcap_nametodnaddr(name);
3875 /*
3876 * I don't think DECNET hosts can be multihomed, so
3877 * there is no need to build up a list of addresses
3878 */
3879 return (gen_host(dn_addr, 0, proto, dir));
3880 } else {
3881 #ifndef INET6
3882 alist = pcap_nametoaddr(name);
3883 if (alist == NULL || *alist == NULL)
3884 bpf_error("unknown host '%s'", name);
3885 tproto = proto;
3886 if (off_linktype == (u_int)-1 && tproto == Q_DEFAULT)
3887 tproto = Q_IP;
3888 b = gen_host(**alist++, 0xffffffff, tproto, dir);
3889 while (*alist) {
3890 tmp = gen_host(**alist++, 0xffffffff,
3891 tproto, dir);
3892 gen_or(b, tmp);
3893 b = tmp;
3894 }
3895 return b;
3896 #else
3897 memset(&mask128, 0xff, sizeof(mask128));
3898 res0 = res = pcap_nametoaddrinfo(name);
3899 if (res == NULL)
3900 bpf_error("unknown host '%s'", name);
3901 b = tmp = NULL;
3902 tproto = tproto6 = proto;
3903 if (off_linktype == -1 && tproto == Q_DEFAULT) {
3904 tproto = Q_IP;
3905 tproto6 = Q_IPV6;
3906 }
3907 for (res = res0; res; res = res->ai_next) {
3908 switch (res->ai_family) {
3909 case AF_INET:
3910 if (tproto == Q_IPV6)
3911 continue;
3912
3913 sin = (struct sockaddr_in *)
3914 res->ai_addr;
3915 tmp = gen_host(ntohl(sin->sin_addr.s_addr),
3916 0xffffffff, tproto, dir);
3917 break;
3918 case AF_INET6:
3919 if (tproto6 == Q_IP)
3920 continue;
3921
3922 sin6 = (struct sockaddr_in6 *)
3923 res->ai_addr;
3924 tmp = gen_host6(&sin6->sin6_addr,
3925 &mask128, tproto6, dir);
3926 break;
3927 default:
3928 continue;
3929 }
3930 if (b)
3931 gen_or(b, tmp);
3932 b = tmp;
3933 }
3934 freeaddrinfo(res0);
3935 if (b == NULL) {
3936 bpf_error("unknown host '%s'%s", name,
3937 (proto == Q_DEFAULT)
3938 ? ""
3939 : " for specified address family");
3940 }
3941 return b;
3942 #endif /*INET6*/
3943 }
3944
3945 case Q_PORT:
3946 if (proto != Q_DEFAULT &&
3947 proto != Q_UDP && proto != Q_TCP && proto != Q_SCTP)
3948 bpf_error("illegal qualifier of 'port'");
3949 if (pcap_nametoport(name, &port, &real_proto) == 0)
3950 bpf_error("unknown port '%s'", name);
3951 if (proto == Q_UDP) {
3952 if (real_proto == IPPROTO_TCP)
3953 bpf_error("port '%s' is tcp", name);
3954 else if (real_proto == IPPROTO_SCTP)
3955 bpf_error("port '%s' is sctp", name);
3956 else
3957 /* override PROTO_UNDEF */
3958 real_proto = IPPROTO_UDP;
3959 }
3960 if (proto == Q_TCP) {
3961 if (real_proto == IPPROTO_UDP)
3962 bpf_error("port '%s' is udp", name);
3963
3964 else if (real_proto == IPPROTO_SCTP)
3965 bpf_error("port '%s' is sctp", name);
3966 else
3967 /* override PROTO_UNDEF */
3968 real_proto = IPPROTO_TCP;
3969 }
3970 if (proto == Q_SCTP) {
3971 if (real_proto == IPPROTO_UDP)
3972 bpf_error("port '%s' is udp", name);
3973
3974 else if (real_proto == IPPROTO_TCP)
3975 bpf_error("port '%s' is tcp", name);
3976 else
3977 /* override PROTO_UNDEF */
3978 real_proto = IPPROTO_SCTP;
3979 }
3980 #ifndef INET6
3981 return gen_port(port, real_proto, dir);
3982 #else
3983 {
3984 struct block *b;
3985 b = gen_port(port, real_proto, dir);
3986 gen_or(gen_port6(port, real_proto, dir), b);
3987 return b;
3988 }
3989 #endif /* INET6 */
3990
3991 case Q_GATEWAY:
3992 #ifndef INET6
3993 eaddr = pcap_ether_hostton(name);
3994 if (eaddr == NULL)
3995 bpf_error("unknown ether host: %s", name);
3996
3997 alist = pcap_nametoaddr(name);
3998 if (alist == NULL || *alist == NULL)
3999 bpf_error("unknown host '%s'", name);
4000 b = gen_gateway(eaddr, alist, proto, dir);
4001 free(eaddr);
4002 return b;
4003 #else
4004 bpf_error("'gateway' not supported in this configuration");
4005 #endif /*INET6*/
4006
4007 case Q_PROTO:
4008 real_proto = lookup_proto(name, proto);
4009 if (real_proto >= 0)
4010 return gen_proto(real_proto, proto, dir);
4011 else
4012 bpf_error("unknown protocol: %s", name);
4013
4014 case Q_PROTOCHAIN:
4015 real_proto = lookup_proto(name, proto);
4016 if (real_proto >= 0)
4017 return gen_protochain(real_proto, proto, dir);
4018 else
4019 bpf_error("unknown protocol: %s", name);
4020
4021
4022 case Q_UNDEF:
4023 syntax();
4024 /* NOTREACHED */
4025 }
4026 abort();
4027 /* NOTREACHED */
4028 }
4029
4030 struct block *
4031 gen_mcode(s1, s2, masklen, q)
4032 register const char *s1, *s2;
4033 register int masklen;
4034 struct qual q;
4035 {
4036 register int nlen, mlen;
4037 bpf_u_int32 n, m;
4038
4039 nlen = __pcap_atoin(s1, &n);
4040 /* Promote short ipaddr */
4041 n <<= 32 - nlen;
4042
4043 if (s2 != NULL) {
4044 mlen = __pcap_atoin(s2, &m);
4045 /* Promote short ipaddr */
4046 m <<= 32 - mlen;
4047 if ((n & ~m) != 0)
4048 bpf_error("non-network bits set in \"%s mask %s\"",
4049 s1, s2);
4050 } else {
4051 /* Convert mask len to mask */
4052 if (masklen > 32)
4053 bpf_error("mask length must be <= 32");
4054 m = 0xffffffff << (32 - masklen);
4055 if ((n & ~m) != 0)
4056 bpf_error("non-network bits set in \"%s/%d\"",
4057 s1, masklen);
4058 }
4059
4060 switch (q.addr) {
4061
4062 case Q_NET:
4063 return gen_host(n, m, q.proto, q.dir);
4064
4065 default:
4066 bpf_error("Mask syntax for networks only");
4067 /* NOTREACHED */
4068 }
4069 }
4070
4071 struct block *
4072 gen_ncode(s, v, q)
4073 register const char *s;
4074 bpf_u_int32 v;
4075 struct qual q;
4076 {
4077 bpf_u_int32 mask;
4078 int proto = q.proto;
4079 int dir = q.dir;
4080 register int vlen;
4081
4082 if (s == NULL)
4083 vlen = 32;
4084 else if (q.proto == Q_DECNET)
4085 vlen = __pcap_atodn(s, &v);
4086 else
4087 vlen = __pcap_atoin(s, &v);
4088
4089 switch (q.addr) {
4090
4091 case Q_DEFAULT:
4092 case Q_HOST:
4093 case Q_NET:
4094 if (proto == Q_DECNET)
4095 return gen_host(v, 0, proto, dir);
4096 else if (proto == Q_LINK) {
4097 bpf_error("illegal link layer address");
4098 } else {
4099 mask = 0xffffffff;
4100 if (s == NULL && q.addr == Q_NET) {
4101 /* Promote short net number */
4102 while (v && (v & 0xff000000) == 0) {
4103 v <<= 8;
4104 mask <<= 8;
4105 }
4106 } else {
4107 /* Promote short ipaddr */
4108 v <<= 32 - vlen;
4109 mask <<= 32 - vlen;
4110 }
4111 return gen_host(v, mask, proto, dir);
4112 }
4113
4114 case Q_PORT:
4115 if (proto == Q_UDP)
4116 proto = IPPROTO_UDP;
4117 else if (proto == Q_TCP)
4118 proto = IPPROTO_TCP;
4119 else if (proto == Q_SCTP)
4120 proto = IPPROTO_SCTP;
4121 else if (proto == Q_DEFAULT)
4122 proto = PROTO_UNDEF;
4123 else
4124 bpf_error("illegal qualifier of 'port'");
4125
4126 #ifndef INET6
4127 return gen_port((int)v, proto, dir);
4128 #else
4129 {
4130 struct block *b;
4131 b = gen_port((int)v, proto, dir);
4132 gen_or(gen_port6((int)v, proto, dir), b);
4133 return b;
4134 }
4135 #endif /* INET6 */
4136
4137 case Q_GATEWAY:
4138 bpf_error("'gateway' requires a name");
4139 /* NOTREACHED */
4140
4141 case Q_PROTO:
4142 return gen_proto((int)v, proto, dir);
4143
4144 case Q_PROTOCHAIN:
4145 return gen_protochain((int)v, proto, dir);
4146
4147 case Q_UNDEF:
4148 syntax();
4149 /* NOTREACHED */
4150
4151 default:
4152 abort();
4153 /* NOTREACHED */
4154 }
4155 /* NOTREACHED */
4156 }
4157
4158 #ifdef INET6
4159 struct block *
4160 gen_mcode6(s1, s2, masklen, q)
4161 register const char *s1, *s2;
4162 register int masklen;
4163 struct qual q;
4164 {
4165 struct addrinfo *res;
4166 struct in6_addr *addr;
4167 struct in6_addr mask;
4168 struct block *b;
4169 u_int32_t *a, *m;
4170
4171 if (s2)
4172 bpf_error("no mask %s supported", s2);
4173
4174 res = pcap_nametoaddrinfo(s1);
4175 if (!res)
4176 bpf_error("invalid ip6 address %s", s1);
4177 if (res->ai_next)
4178 bpf_error("%s resolved to multiple address", s1);
4179 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr;
4180
4181 if (sizeof(mask) * 8 < masklen)
4182 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8));
4183 memset(&mask, 0, sizeof(mask));
4184 memset(&mask, 0xff, masklen / 8);
4185 if (masklen % 8) {
4186 mask.s6_addr[masklen / 8] =
4187 (0xff << (8 - masklen % 8)) & 0xff;
4188 }
4189
4190 a = (u_int32_t *)addr;
4191 m = (u_int32_t *)&mask;
4192 if ((a[0] & ~m[0]) || (a[1] & ~m[1])
4193 || (a[2] & ~m[2]) || (a[3] & ~m[3])) {
4194 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen);
4195 }
4196
4197 switch (q.addr) {
4198
4199 case Q_DEFAULT:
4200 case Q_HOST:
4201 if (masklen != 128)
4202 bpf_error("Mask syntax for networks only");
4203 /* FALLTHROUGH */
4204
4205 case Q_NET:
4206 b = gen_host6(addr, &mask, q.proto, q.dir);
4207 freeaddrinfo(res);
4208 return b;
4209
4210 default:
4211 bpf_error("invalid qualifier against IPv6 address");
4212 /* NOTREACHED */
4213 }
4214 }
4215 #endif /*INET6*/
4216
4217 struct block *
4218 gen_ecode(eaddr, q)
4219 register const u_char *eaddr;
4220 struct qual q;
4221 {
4222 struct block *b, *tmp;
4223
4224 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
4225 if (linktype == DLT_EN10MB)
4226 return gen_ehostop(eaddr, (int)q.dir);
4227 if (linktype == DLT_FDDI)
4228 return gen_fhostop(eaddr, (int)q.dir);
4229 if (linktype == DLT_IEEE802)
4230 return gen_thostop(eaddr, (int)q.dir);
4231 if (linktype == DLT_IEEE802_11)
4232 return gen_wlanhostop(eaddr, (int)q.dir);
4233 if (linktype == DLT_SUNATM && is_lane) {
4234 /*
4235 * Check that the packet doesn't begin with an
4236 * LE Control marker. (We've already generated
4237 * a test for LANE.)
4238 */
4239 tmp = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
4240 gen_not(tmp);
4241
4242 /*
4243 * Now check the MAC address.
4244 */
4245 b = gen_ehostop(eaddr, (int)q.dir);
4246 gen_and(tmp, b);
4247 return b;
4248 }
4249 if (linktype == DLT_IP_OVER_FC)
4250 return gen_ipfchostop(eaddr, (int)q.dir);
4251 bpf_error("ethernet addresses supported only on ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel");
4252 }
4253 bpf_error("ethernet address used in non-ether expression");
4254 /* NOTREACHED */
4255 }
4256
4257 void
4258 sappend(s0, s1)
4259 struct slist *s0, *s1;
4260 {
4261 /*
4262 * This is definitely not the best way to do this, but the
4263 * lists will rarely get long.
4264 */
4265 while (s0->next)
4266 s0 = s0->next;
4267 s0->next = s1;
4268 }
4269
4270 static struct slist *
4271 xfer_to_x(a)
4272 struct arth *a;
4273 {
4274 struct slist *s;
4275
4276 s = new_stmt(BPF_LDX|BPF_MEM);
4277 s->s.k = a->regno;
4278 return s;
4279 }
4280
4281 static struct slist *
4282 xfer_to_a(a)
4283 struct arth *a;
4284 {
4285 struct slist *s;
4286
4287 s = new_stmt(BPF_LD|BPF_MEM);
4288 s->s.k = a->regno;
4289 return s;
4290 }
4291
4292 struct arth *
4293 gen_load(proto, index, size)
4294 int proto;
4295 struct arth *index;
4296 int size;
4297 {
4298 struct slist *s, *tmp;
4299 struct block *b;
4300 int regno = alloc_reg();
4301
4302 free_reg(index->regno);
4303 switch (size) {
4304
4305 default:
4306 bpf_error("data size must be 1, 2, or 4");
4307
4308 case 1:
4309 size = BPF_B;
4310 break;
4311
4312 case 2:
4313 size = BPF_H;
4314 break;
4315
4316 case 4:
4317 size = BPF_W;
4318 break;
4319 }
4320 switch (proto) {
4321 default:
4322 bpf_error("unsupported index operation");
4323
4324 case Q_LINK:
4325 /*
4326 * XXX - what about ATM LANE? Should the index be
4327 * relative to the beginning of the AAL5 frame, so
4328 * that 0 refers to the beginning of the LE Control
4329 * field, or relative to the beginning of the LAN
4330 * frame, so that 0 refers, for Ethernet LANE, to
4331 * the beginning of the destination address?
4332 */
4333 s = xfer_to_x(index);
4334 tmp = new_stmt(BPF_LD|BPF_IND|size);
4335 sappend(s, tmp);
4336 sappend(index->s, s);
4337 break;
4338
4339 case Q_IP:
4340 case Q_ARP:
4341 case Q_RARP:
4342 case Q_ATALK:
4343 case Q_DECNET:
4344 case Q_SCA:
4345 case Q_LAT:
4346 case Q_MOPRC:
4347 case Q_MOPDL:
4348 #ifdef INET6
4349 case Q_IPV6:
4350 #endif
4351 /* XXX Note that we assume a fixed link header here. */
4352 s = xfer_to_x(index);
4353 tmp = new_stmt(BPF_LD|BPF_IND|size);
4354 tmp->s.k = off_nl;
4355 sappend(s, tmp);
4356 sappend(index->s, s);
4357
4358 b = gen_proto_abbrev(proto);
4359 if (index->b)
4360 gen_and(index->b, b);
4361 index->b = b;
4362 break;
4363
4364 case Q_SCTP:
4365 case Q_TCP:
4366 case Q_UDP:
4367 case Q_ICMP:
4368 case Q_IGMP:
4369 case Q_IGRP:
4370 case Q_PIM:
4371 case Q_VRRP:
4372 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
4373 s->s.k = off_nl;
4374 sappend(s, xfer_to_a(index));
4375 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X));
4376 sappend(s, new_stmt(BPF_MISC|BPF_TAX));
4377 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size));
4378 tmp->s.k = off_nl;
4379 sappend(index->s, s);
4380
4381 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag());
4382 if (index->b)
4383 gen_and(index->b, b);
4384 #ifdef INET6
4385 gen_and(gen_proto_abbrev(Q_IP), b);
4386 #endif
4387 index->b = b;
4388 break;
4389 #ifdef INET6
4390 case Q_ICMPV6:
4391 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]");
4392 /*NOTREACHED*/
4393 #endif
4394 }
4395 index->regno = regno;
4396 s = new_stmt(BPF_ST);
4397 s->s.k = regno;
4398 sappend(index->s, s);
4399
4400 return index;
4401 }
4402
4403 struct block *
4404 gen_relation(code, a0, a1, reversed)
4405 int code;
4406 struct arth *a0, *a1;
4407 int reversed;
4408 {
4409 struct slist *s0, *s1, *s2;
4410 struct block *b, *tmp;
4411
4412 s0 = xfer_to_x(a1);
4413 s1 = xfer_to_a(a0);
4414 if (code == BPF_JEQ) {
4415 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X);
4416 b = new_block(JMP(code));
4417 sappend(s1, s2);
4418 }
4419 else
4420 b = new_block(BPF_JMP|code|BPF_X);
4421 if (reversed)
4422 gen_not(b);
4423
4424 sappend(s0, s1);
4425 sappend(a1->s, s0);
4426 sappend(a0->s, a1->s);
4427
4428 b->stmts = a0->s;
4429
4430 free_reg(a0->regno);
4431 free_reg(a1->regno);
4432
4433 /* 'and' together protocol checks */
4434 if (a0->b) {
4435 if (a1->b) {
4436 gen_and(a0->b, tmp = a1->b);
4437 }
4438 else
4439 tmp = a0->b;
4440 } else
4441 tmp = a1->b;
4442
4443 if (tmp)
4444 gen_and(tmp, b);
4445
4446 return b;
4447 }
4448
4449 struct arth *
4450 gen_loadlen()
4451 {
4452 int regno = alloc_reg();
4453 struct arth *a = (struct arth *)newchunk(sizeof(*a));
4454 struct slist *s;
4455
4456 s = new_stmt(BPF_LD|BPF_LEN);
4457 s->next = new_stmt(BPF_ST);
4458 s->next->s.k = regno;
4459 a->s = s;
4460 a->regno = regno;
4461
4462 return a;
4463 }
4464
4465 struct arth *
4466 gen_loadi(val)
4467 int val;
4468 {
4469 struct arth *a;
4470 struct slist *s;
4471 int reg;
4472
4473 a = (struct arth *)newchunk(sizeof(*a));
4474
4475 reg = alloc_reg();
4476
4477 s = new_stmt(BPF_LD|BPF_IMM);
4478 s->s.k = val;
4479 s->next = new_stmt(BPF_ST);
4480 s->next->s.k = reg;
4481 a->s = s;
4482 a->regno = reg;
4483
4484 return a;
4485 }
4486
4487 struct arth *
4488 gen_neg(a)
4489 struct arth *a;
4490 {
4491 struct slist *s;
4492
4493 s = xfer_to_a(a);
4494 sappend(a->s, s);
4495 s = new_stmt(BPF_ALU|BPF_NEG);
4496 s->s.k = 0;
4497 sappend(a->s, s);
4498 s = new_stmt(BPF_ST);
4499 s->s.k = a->regno;
4500 sappend(a->s, s);
4501
4502 return a;
4503 }
4504
4505 struct arth *
4506 gen_arth(code, a0, a1)
4507 int code;
4508 struct arth *a0, *a1;
4509 {
4510 struct slist *s0, *s1, *s2;
4511
4512 s0 = xfer_to_x(a1);
4513 s1 = xfer_to_a(a0);
4514 s2 = new_stmt(BPF_ALU|BPF_X|code);
4515
4516 sappend(s1, s2);
4517 sappend(s0, s1);
4518 sappend(a1->s, s0);
4519 sappend(a0->s, a1->s);
4520
4521 free_reg(a0->regno);
4522 free_reg(a1->regno);
4523
4524 s0 = new_stmt(BPF_ST);
4525 a0->regno = s0->s.k = alloc_reg();
4526 sappend(a0->s, s0);
4527
4528 return a0;
4529 }
4530
4531 /*
4532 * Here we handle simple allocation of the scratch registers.
4533 * If too many registers are alloc'd, the allocator punts.
4534 */
4535 static int regused[BPF_MEMWORDS];
4536 static int curreg;
4537
4538 /*
4539 * Return the next free register.
4540 */
4541 static int
4542 alloc_reg()
4543 {
4544 int n = BPF_MEMWORDS;
4545
4546 while (--n >= 0) {
4547 if (regused[curreg])
4548 curreg = (curreg + 1) % BPF_MEMWORDS;
4549 else {
4550 regused[curreg] = 1;
4551 return curreg;
4552 }
4553 }
4554 bpf_error("too many registers needed to evaluate expression");
4555 /* NOTREACHED */
4556 }
4557
4558 /*
4559 * Return a register to the table so it can
4560 * be used later.
4561 */
4562 static void
4563 free_reg(n)
4564 int n;
4565 {
4566 regused[n] = 0;
4567 }
4568
4569 static struct block *
4570 gen_len(jmp, n)
4571 int jmp, n;
4572 {
4573 struct slist *s;
4574 struct block *b;
4575
4576 s = new_stmt(BPF_LD|BPF_LEN);
4577 b = new_block(JMP(jmp));
4578 b->stmts = s;
4579 b->s.k = n;
4580
4581 return b;
4582 }
4583
4584 struct block *
4585 gen_greater(n)
4586 int n;
4587 {
4588 return gen_len(BPF_JGE, n);
4589 }
4590
4591 /*
4592 * Actually, this is less than or equal.
4593 */
4594 struct block *
4595 gen_less(n)
4596 int n;
4597 {
4598 struct block *b;
4599
4600 b = gen_len(BPF_JGT, n);
4601 gen_not(b);
4602
4603 return b;
4604 }
4605
4606 struct block *
4607 gen_byteop(op, idx, val)
4608 int op, idx, val;
4609 {
4610 struct block *b;
4611 struct slist *s;
4612
4613 switch (op) {
4614 default:
4615 abort();
4616
4617 case '=':
4618 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
4619
4620 case '<':
4621 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
4622 b->s.code = JMP(BPF_JGE);
4623 gen_not(b);
4624 return b;
4625
4626 case '>':
4627 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
4628 b->s.code = JMP(BPF_JGT);
4629 return b;
4630
4631 case '|':
4632 s = new_stmt(BPF_ALU|BPF_OR|BPF_K);
4633 break;
4634
4635 case '&':
4636 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
4637 break;
4638 }
4639 s->s.k = val;
4640 b = new_block(JMP(BPF_JEQ));
4641 b->stmts = s;
4642 gen_not(b);
4643
4644 return b;
4645 }
4646
4647 static u_char abroadcast[] = { 0x0 };
4648
4649 struct block *
4650 gen_broadcast(proto)
4651 int proto;
4652 {
4653 bpf_u_int32 hostmask;
4654 struct block *b0, *b1, *b2;
4655 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
4656
4657 switch (proto) {
4658
4659 case Q_DEFAULT:
4660 case Q_LINK:
4661 if (linktype == DLT_ARCNET || linktype == DLT_ARCNET_LINUX)
4662 return gen_ahostop(abroadcast, Q_DST);
4663 if (linktype == DLT_EN10MB)
4664 return gen_ehostop(ebroadcast, Q_DST);
4665 if (linktype == DLT_FDDI)
4666 return gen_fhostop(ebroadcast, Q_DST);
4667 if (linktype == DLT_IEEE802)
4668 return gen_thostop(ebroadcast, Q_DST);
4669 if (linktype == DLT_IEEE802_11)
4670 return gen_wlanhostop(ebroadcast, Q_DST);
4671 if (linktype == DLT_IP_OVER_FC)
4672 return gen_ipfchostop(ebroadcast, Q_DST);
4673 if (linktype == DLT_SUNATM && is_lane) {
4674 /*
4675 * Check that the packet doesn't begin with an
4676 * LE Control marker. (We've already generated
4677 * a test for LANE.)
4678 */
4679 b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
4680 gen_not(b1);
4681
4682 /*
4683 * Now check the MAC address.
4684 */
4685 b0 = gen_ehostop(ebroadcast, Q_DST);
4686 gen_and(b1, b0);
4687 return b0;
4688 }
4689 bpf_error("not a broadcast link");
4690 break;
4691
4692 case Q_IP:
4693 b0 = gen_linktype(ETHERTYPE_IP);
4694 hostmask = ~netmask;
4695 b1 = gen_mcmp(off_nl + 16, BPF_W, (bpf_int32)0, hostmask);
4696 b2 = gen_mcmp(off_nl + 16, BPF_W,
4697 (bpf_int32)(~0 & hostmask), hostmask);
4698 gen_or(b1, b2);
4699 gen_and(b0, b2);
4700 return b2;
4701 }
4702 bpf_error("only link-layer/IP broadcast filters supported");
4703 }
4704
4705 /*
4706 * Generate code to test the low-order bit of a MAC address (that's
4707 * the bottom bit of the *first* byte).
4708 */
4709 static struct block *
4710 gen_mac_multicast(offset)
4711 int offset;
4712 {
4713 register struct block *b0;
4714 register struct slist *s;
4715
4716 /* link[offset] & 1 != 0 */
4717 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4718 s->s.k = offset;
4719 b0 = new_block(JMP(BPF_JSET));
4720 b0->s.k = 1;
4721 b0->stmts = s;
4722 return b0;
4723 }
4724
4725 struct block *
4726 gen_multicast(proto)
4727 int proto;
4728 {
4729 register struct block *b0, *b1, *b2;
4730 register struct slist *s;
4731
4732 switch (proto) {
4733
4734 case Q_DEFAULT:
4735 case Q_LINK:
4736 if (linktype == DLT_ARCNET || linktype == DLT_ARCNET_LINUX)
4737 /* all ARCnet multicasts use the same address */
4738 return gen_ahostop(abroadcast, Q_DST);
4739
4740 if (linktype == DLT_EN10MB) {
4741 /* ether[0] & 1 != 0 */
4742 return gen_mac_multicast(0);
4743 }
4744
4745 if (linktype == DLT_FDDI) {
4746 /*
4747 * XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX
4748 *
4749 * XXX - was that referring to bit-order issues?
4750 */
4751 /* fddi[1] & 1 != 0 */
4752 return gen_mac_multicast(1);
4753 }
4754
4755 if (linktype == DLT_IEEE802) {
4756 /* tr[2] & 1 != 0 */
4757 return gen_mac_multicast(2);
4758 }
4759
4760 if (linktype == DLT_IEEE802_11) {
4761 /*
4762 * Oh, yuk.
4763 *
4764 * For control frames, there is no DA.
4765 *
4766 * For management frames, DA is at an
4767 * offset of 4 from the beginning of
4768 * the packet.
4769 *
4770 * For data frames, DA is at an offset
4771 * of 4 from the beginning of the packet
4772 * if To DS is clear and at an offset of
4773 * 16 from the beginning of the packet
4774 * if To DS is set.
4775 */
4776
4777 /*
4778 * Generate the tests to be done for data frames.
4779 *
4780 * First, check for To DS set, i.e. "link[1] & 0x01".
4781 */
4782 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4783 s->s.k = 1;
4784 b1 = new_block(JMP(BPF_JSET));
4785 b1->s.k = 0x01; /* To DS */
4786 b1->stmts = s;
4787
4788 /*
4789 * If To DS is set, the DA is at 16.
4790 */
4791 b0 = gen_mac_multicast(16);
4792 gen_and(b1, b0);
4793
4794 /*
4795 * Now, check for To DS not set, i.e. check
4796 * "!(link[1] & 0x01)".
4797 */
4798 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4799 s->s.k = 1;
4800 b2 = new_block(JMP(BPF_JSET));
4801 b2->s.k = 0x01; /* To DS */
4802 b2->stmts = s;
4803 gen_not(b2);
4804
4805 /*
4806 * If To DS is not set, the DA is at 4.
4807 */
4808 b1 = gen_mac_multicast(4);
4809 gen_and(b2, b1);
4810
4811 /*
4812 * Now OR together the last two checks. That gives
4813 * the complete set of checks for data frames.
4814 */
4815 gen_or(b1, b0);
4816
4817 /*
4818 * Now check for a data frame.
4819 * I.e, check "link[0] & 0x08".
4820 */
4821 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4822 s->s.k = 0;
4823 b1 = new_block(JMP(BPF_JSET));
4824 b1->s.k = 0x08;
4825 b1->stmts = s;
4826
4827 /*
4828 * AND that with the checks done for data frames.
4829 */
4830 gen_and(b1, b0);
4831
4832 /*
4833 * If the high-order bit of the type value is 0, this
4834 * is a management frame.
4835 * I.e, check "!(link[0] & 0x08)".
4836 */
4837 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4838 s->s.k = 0;
4839 b2 = new_block(JMP(BPF_JSET));
4840 b2->s.k = 0x08;
4841 b2->stmts = s;
4842 gen_not(b2);
4843
4844 /*
4845 * For management frames, the DA is at 4.
4846 */
4847 b1 = gen_mac_multicast(4);
4848 gen_and(b2, b1);
4849
4850 /*
4851 * OR that with the checks done for data frames.
4852 * That gives the checks done for management and
4853 * data frames.
4854 */
4855 gen_or(b1, b0);
4856
4857 /*
4858 * If the low-order bit of the type value is 1,
4859 * this is either a control frame or a frame
4860 * with a reserved type, and thus not a
4861 * frame with an SA.
4862 *
4863 * I.e., check "!(link[0] & 0x04)".
4864 */
4865 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4866 s->s.k = 0;
4867 b1 = new_block(JMP(BPF_JSET));
4868 b1->s.k = 0x04;
4869 b1->stmts = s;
4870 gen_not(b1);
4871
4872 /*
4873 * AND that with the checks for data and management
4874 * frames.
4875 */
4876 gen_and(b1, b0);
4877 return b0;
4878 }
4879
4880 if (linktype == DLT_IP_OVER_FC) {
4881 b0 = gen_mac_multicast(2);
4882 return b0;
4883 }
4884
4885 if (linktype == DLT_SUNATM && is_lane) {
4886 /*
4887 * Check that the packet doesn't begin with an
4888 * LE Control marker. (We've already generated
4889 * a test for LANE.)
4890 */
4891 b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
4892 gen_not(b1);
4893
4894 /* ether[off_mac] & 1 != 0 */
4895 b0 = gen_mac_multicast(off_mac);
4896 gen_and(b1, b0);
4897 return b0;
4898 }
4899
4900 /* Link not known to support multicasts */
4901 break;
4902
4903 case Q_IP:
4904 b0 = gen_linktype(ETHERTYPE_IP);
4905 b1 = gen_cmp(off_nl + 16, BPF_B, (bpf_int32)224);
4906 b1->s.code = JMP(BPF_JGE);
4907 gen_and(b0, b1);
4908 return b1;
4909
4910 #ifdef INET6
4911 case Q_IPV6:
4912 b0 = gen_linktype(ETHERTYPE_IPV6);
4913 b1 = gen_cmp(off_nl + 24, BPF_B, (bpf_int32)255);
4914 gen_and(b0, b1);
4915 return b1;
4916 #endif /* INET6 */
4917 }
4918 bpf_error("link-layer multicast filters supported only on ethernet/FDDI/token ring/ARCNET/802.11/ATM LANE/Fibre Channel");
4919 }
4920
4921 /*
4922 * generate command for inbound/outbound. It's here so we can
4923 * make it link-type specific. 'dir' = 0 implies "inbound",
4924 * = 1 implies "outbound".
4925 */
4926 struct block *
4927 gen_inbound(dir)
4928 int dir;
4929 {
4930 register struct block *b0;
4931
4932 /*
4933 * Only some data link types support inbound/outbound qualifiers.
4934 */
4935 switch (linktype) {
4936 case DLT_SLIP:
4937 b0 = gen_relation(BPF_JEQ,
4938 gen_load(Q_LINK, gen_loadi(0), 1),
4939 gen_loadi(0),
4940 dir);
4941 break;
4942
4943 case DLT_LINUX_SLL:
4944 if (dir) {
4945 /*
4946 * Match packets sent by this machine.
4947 */
4948 b0 = gen_cmp(0, BPF_H, LINUX_SLL_OUTGOING);
4949 } else {
4950 /*
4951 * Match packets sent to this machine.
4952 * (No broadcast or multicast packets, or
4953 * packets sent to some other machine and
4954 * received promiscuously.)
4955 *
4956 * XXX - packets sent to other machines probably
4957 * shouldn't be matched, but what about broadcast
4958 * or multicast packets we received?
4959 */
4960 b0 = gen_cmp(0, BPF_H, LINUX_SLL_HOST);
4961 }
4962 break;
4963
4964 case DLT_PFLOG:
4965 b0 = gen_cmp(26, BPF_H,
4966 (bpf_int32)((dir == 0) ? PF_IN : PF_OUT));
4967 break;
4968
4969 default:
4970 bpf_error("inbound/outbound not supported on linktype %d",
4971 linktype);
4972 b0 = NULL;
4973 /* NOTREACHED */
4974 }
4975 return (b0);
4976 }
4977
4978 /* PF firewall log matched interface */
4979 struct block *
4980 gen_pf_ifname(const char *ifname)
4981 {
4982 if (linktype != DLT_PFLOG) {
4983 bpf_error("ifname supported only for DLT_PFLOG");
4984 /* NOTREACHED */
4985 }
4986 if (strlen(ifname) >= 16) {
4987 bpf_error("ifname interface names can't be larger than 16 characters");
4988 /* NOTREACHED */
4989 }
4990 return (gen_bcmp(4, strlen(ifname), (const u_char *)ifname));
4991 }
4992
4993
4994 /* PF firewall log rule number */
4995 struct block *
4996 gen_pf_rnr(int rnr)
4997 {
4998 if (linktype != DLT_PFLOG) {
4999 bpf_error("rnr supported only for DLT_PFLOG");
5000 /* NOTREACHED */
5001 }
5002
5003 return (gen_cmp(20, BPF_H, (bpf_int32)rnr));
5004 }
5005
5006 /* PF firewall log reason code */
5007 struct block *
5008 gen_pf_reason(int reason)
5009 {
5010 if (linktype != DLT_PFLOG) {
5011 bpf_error("reason supported only for DLT_PFLOG");
5012 /* NOTREACHED */
5013 }
5014
5015 return (gen_cmp(22, BPF_H, (bpf_int32)reason));
5016 }
5017
5018 /* PF firewall log action */
5019 struct block *
5020 gen_pf_action(int action)
5021 {
5022 if (linktype != DLT_PFLOG) {
5023 bpf_error("action supported only for DLT_PFLOG");
5024 /* NOTREACHED */
5025 }
5026
5027 return (gen_cmp(24, BPF_H, (bpf_int32)action));
5028 }
5029
5030 struct block *
5031 gen_acode(eaddr, q)
5032 register const u_char *eaddr;
5033 struct qual q;
5034 {
5035 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
5036 if (linktype == DLT_ARCNET || linktype == DLT_ARCNET_LINUX)
5037 return gen_ahostop(eaddr, (int)q.dir);
5038 }
5039 bpf_error("ARCnet address used in non-arc expression");
5040 /* NOTREACHED */
5041 }
5042
5043 static struct block *
5044 gen_ahostop(eaddr, dir)
5045 register const u_char *eaddr;
5046 register int dir;
5047 {
5048 register struct block *b0, *b1;
5049
5050 switch (dir) {
5051 /* src comes first, different from Ethernet */
5052 case Q_SRC:
5053 return gen_bcmp(0, 1, eaddr);
5054
5055 case Q_DST:
5056 return gen_bcmp(1, 1, eaddr);
5057
5058 case Q_AND:
5059 b0 = gen_ahostop(eaddr, Q_SRC);
5060 b1 = gen_ahostop(eaddr, Q_DST);
5061 gen_and(b0, b1);
5062 return b1;
5063
5064 case Q_DEFAULT:
5065 case Q_OR:
5066 b0 = gen_ahostop(eaddr, Q_SRC);
5067 b1 = gen_ahostop(eaddr, Q_DST);
5068 gen_or(b0, b1);
5069 return b1;
5070 }
5071 abort();
5072 /* NOTREACHED */
5073 }
5074
5075 /*
5076 * support IEEE 802.1Q VLAN trunk over ethernet
5077 */
5078 struct block *
5079 gen_vlan(vlan_num)
5080 int vlan_num;
5081 {
5082 struct block *b0;
5083
5084 /*
5085 * Change the offsets to point to the type and data fields within
5086 * the VLAN packet. This is somewhat of a kludge.
5087 */
5088 if (orig_nl == (u_int)-1) {
5089 orig_linktype = off_linktype; /* save original values */
5090 orig_nl = off_nl;
5091 orig_nl_nosnap = off_nl_nosnap;
5092
5093 switch (linktype) {
5094
5095 case DLT_EN10MB:
5096 off_linktype = 16;
5097 off_nl_nosnap = 18;
5098 off_nl = 18;
5099 break;
5100
5101 default:
5102 bpf_error("no VLAN support for data link type %d",
5103 linktype);
5104 /*NOTREACHED*/
5105 }
5106 }
5107
5108 /* check for VLAN */
5109 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q);
5110
5111 /* If a specific VLAN is requested, check VLAN id */
5112 if (vlan_num >= 0) {
5113 struct block *b1;
5114
5115 b1 = gen_cmp(orig_nl, BPF_H, (bpf_int32)vlan_num);
5116 gen_and(b0, b1);
5117 b0 = b1;
5118 }
5119
5120 return (b0);
5121 }
5122
5123 struct block *
5124 gen_atmfield_code(atmfield, jvalue, jtype, reverse)
5125 int atmfield;
5126 bpf_u_int32 jvalue;
5127 bpf_u_int32 jtype;
5128 int reverse;
5129 {
5130 struct block *b0;
5131
5132 switch (atmfield) {
5133
5134 case A_VPI:
5135 if (!is_atm)
5136 bpf_error("'vpi' supported only on raw ATM");
5137 if (off_vpi == (u_int)-1)
5138 abort();
5139 b0 = gen_ncmp(BPF_B, off_vpi, 0xffffffff, (u_int)jtype,
5140 (u_int)jvalue, reverse);
5141 break;
5142
5143 case A_VCI:
5144 if (!is_atm)
5145 bpf_error("'vci' supported only on raw ATM");
5146 if (off_vci == (u_int)-1)
5147 abort();
5148 b0 = gen_ncmp(BPF_H, off_vci, 0xffffffff, (u_int)jtype,
5149 (u_int)jvalue, reverse);
5150 break;
5151
5152 case A_PROTOTYPE:
5153 if (off_proto == (u_int)-1)
5154 abort(); /* XXX - this isn't on FreeBSD */
5155 b0 = gen_ncmp(BPF_B, off_proto, 0x0f, (u_int)jtype,
5156 (u_int)jvalue, reverse);
5157 break;
5158
5159 case A_MSGTYPE:
5160 if (off_payload == (u_int)-1)
5161 abort();
5162 b0 = gen_ncmp(BPF_B, off_payload + MSG_TYPE_POS, 0xffffffff,
5163 (u_int)jtype, (u_int)jvalue, reverse);
5164 break;
5165
5166 case A_CALLREFTYPE:
5167 if (!is_atm)
5168 bpf_error("'callref' supported only on raw ATM");
5169 if (off_proto == (u_int)-1)
5170 abort();
5171 b0 = gen_ncmp(BPF_B, off_proto, 0xffffffff, (u_int)jtype,
5172 (u_int)jvalue, reverse);
5173 break;
5174
5175 default:
5176 abort();
5177 }
5178 return b0;
5179 }
5180
5181 struct block *
5182 gen_atmtype_abbrev(type)
5183 int type;
5184 {
5185 struct block *b0, *b1;
5186
5187 switch (type) {
5188
5189 case A_METAC:
5190 /* Get all packets in Meta signalling Circuit */
5191 if (!is_atm)
5192 bpf_error("'metac' supported only on raw ATM");
5193 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5194 b1 = gen_atmfield_code(A_VCI, 1, BPF_JEQ, 0);
5195 gen_and(b0, b1);
5196 break;
5197
5198 case A_BCC:
5199 /* Get all packets in Broadcast Circuit*/
5200 if (!is_atm)
5201 bpf_error("'bcc' supported only on raw ATM");
5202 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5203 b1 = gen_atmfield_code(A_VCI, 2, BPF_JEQ, 0);
5204 gen_and(b0, b1);
5205 break;
5206
5207 case A_OAMF4SC:
5208 /* Get all cells in Segment OAM F4 circuit*/
5209 if (!is_atm)
5210 bpf_error("'oam4sc' supported only on raw ATM");
5211 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5212 b1 = gen_atmfield_code(A_VCI, 3, BPF_JEQ, 0);
5213 gen_and(b0, b1);
5214 break;
5215
5216 case A_OAMF4EC:
5217 /* Get all cells in End-to-End OAM F4 Circuit*/
5218 if (!is_atm)
5219 bpf_error("'oam4ec' supported only on raw ATM");
5220 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5221 b1 = gen_atmfield_code(A_VCI, 4, BPF_JEQ, 0);
5222 gen_and(b0, b1);
5223 break;
5224
5225 case A_SC:
5226 /* Get all packets in connection Signalling Circuit */
5227 if (!is_atm)
5228 bpf_error("'sc' supported only on raw ATM");
5229 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5230 b1 = gen_atmfield_code(A_VCI, 5, BPF_JEQ, 0);
5231 gen_and(b0, b1);
5232 break;
5233
5234 case A_ILMIC:
5235 /* Get all packets in ILMI Circuit */
5236 if (!is_atm)
5237 bpf_error("'ilmic' supported only on raw ATM");
5238 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5239 b1 = gen_atmfield_code(A_VCI, 16, BPF_JEQ, 0);
5240 gen_and(b0, b1);
5241 break;
5242
5243 case A_LANE:
5244 /* Get all LANE packets */
5245 if (!is_atm)
5246 bpf_error("'lane' supported only on raw ATM");
5247 b1 = gen_atmfield_code(A_PROTOTYPE, PT_LANE, BPF_JEQ, 0);
5248
5249 /*
5250 * Arrange that all subsequent tests assume LANE
5251 * rather than LLC-encapsulated packets, and set
5252 * the offsets appropriately for LANE-encapsulated
5253 * Ethernet.
5254 *
5255 * "off_mac" is the offset of the Ethernet header,
5256 * which is 2 bytes past the ATM pseudo-header
5257 * (skipping the pseudo-header and 2-byte LE Client
5258 * field). The other offsets are Ethernet offsets
5259 * relative to "off_mac".
5260 */
5261 is_lane = 1;
5262 off_mac = off_payload + 2; /* MAC header */
5263 off_linktype = off_mac + 12;
5264 off_nl = off_mac + 14; /* Ethernet II */
5265 off_nl_nosnap = off_mac + 17; /* 802.3+802.2 */
5266 break;
5267
5268 case A_LLC:
5269 /* Get all LLC-encapsulated packets */
5270 if (!is_atm)
5271 bpf_error("'llc' supported only on raw ATM");
5272 b1 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0);
5273 is_lane = 0;
5274 break;
5275
5276 default:
5277 abort();
5278 }
5279 return b1;
5280 }
5281
5282
5283 static struct block *
5284 gen_msg_abbrev(type)
5285 int type;
5286 {
5287 struct block *b1;
5288
5289 /*
5290 * Q.2931 signalling protocol messages for handling virtual circuits
5291 * establishment and teardown
5292 */
5293 switch (type) {
5294
5295 case A_SETUP:
5296 b1 = gen_atmfield_code(A_MSGTYPE, SETUP, BPF_JEQ, 0);
5297 break;
5298
5299 case A_CALLPROCEED:
5300 b1 = gen_atmfield_code(A_MSGTYPE, CALL_PROCEED, BPF_JEQ, 0);
5301 break;
5302
5303 case A_CONNECT:
5304 b1 = gen_atmfield_code(A_MSGTYPE, CONNECT, BPF_JEQ, 0);
5305 break;
5306
5307 case A_CONNECTACK:
5308 b1 = gen_atmfield_code(A_MSGTYPE, CONNECT_ACK, BPF_JEQ, 0);
5309 break;
5310
5311 case A_RELEASE:
5312 b1 = gen_atmfield_code(A_MSGTYPE, RELEASE, BPF_JEQ, 0);
5313 break;
5314
5315 case A_RELEASE_DONE:
5316 b1 = gen_atmfield_code(A_MSGTYPE, RELEASE_DONE, BPF_JEQ, 0);
5317 break;
5318
5319 default:
5320 abort();
5321 }
5322 return b1;
5323 }
5324
5325 struct block *
5326 gen_atmmulti_abbrev(type)
5327 int type;
5328 {
5329 struct block *b0, *b1;
5330
5331 switch (type) {
5332
5333 case A_OAM:
5334 if (!is_atm)
5335 bpf_error("'oam' supported only on raw ATM");
5336 b1 = gen_atmmulti_abbrev(A_OAMF4);
5337 break;
5338
5339 case A_OAMF4:
5340 if (!is_atm)
5341 bpf_error("'oamf4' supported only on raw ATM");
5342 /* OAM F4 type */
5343 b0 = gen_atmfield_code(A_VCI, 3, BPF_JEQ, 0);
5344 b1 = gen_atmfield_code(A_VCI, 4, BPF_JEQ, 0);
5345 gen_or(b0, b1);
5346 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5347 gen_and(b0, b1);
5348 break;
5349
5350 case A_CONNECTMSG:
5351 /*
5352 * Get Q.2931 signalling messages for switched
5353 * virtual connection
5354 */
5355 if (!is_atm)
5356 bpf_error("'connectmsg' supported only on raw ATM");
5357 b0 = gen_msg_abbrev(A_SETUP);
5358 b1 = gen_msg_abbrev(A_CALLPROCEED);
5359 gen_or(b0, b1);
5360 b0 = gen_msg_abbrev(A_CONNECT);
5361 gen_or(b0, b1);
5362 b0 = gen_msg_abbrev(A_CONNECTACK);
5363 gen_or(b0, b1);
5364 b0 = gen_msg_abbrev(A_RELEASE);
5365 gen_or(b0, b1);
5366 b0 = gen_msg_abbrev(A_RELEASE_DONE);
5367 gen_or(b0, b1);
5368 b0 = gen_atmtype_abbrev(A_SC);
5369 gen_and(b0, b1);
5370 break;
5371
5372 case A_METACONNECT:
5373 if (!is_atm)
5374 bpf_error("'metaconnect' supported only on raw ATM");
5375 b0 = gen_msg_abbrev(A_SETUP);
5376 b1 = gen_msg_abbrev(A_CALLPROCEED);
5377 gen_or(b0, b1);
5378 b0 = gen_msg_abbrev(A_CONNECT);
5379 gen_or(b0, b1);
5380 b0 = gen_msg_abbrev(A_RELEASE);
5381 gen_or(b0, b1);
5382 b0 = gen_msg_abbrev(A_RELEASE_DONE);
5383 gen_or(b0, b1);
5384 b0 = gen_atmtype_abbrev(A_METAC);
5385 gen_and(b0, b1);
5386 break;
5387
5388 default:
5389 abort();
5390 }
5391 return b1;
5392 }
[mirror] the LIBpcap interface to various kernel packet capture mechanism