]> The Tcpdump Group git mirrors - libpcap/blob - gencode.c
projects / libpcap / blob


08e89fed6e2bf06fe65e72152eb0b4038096d8fb
[libpcap] / gencode.c
1 /*#define CHASE_CHAIN*/
2 /*
3 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998
4 * The Regents of the University of California. All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that: (1) source code distributions
8 * retain the above copyright notice and this paragraph in its entirety, (2)
9 * distributions including binary code include the above copyright notice and
10 * this paragraph in its entirety in the documentation or other materials
11 * provided with the distribution, and (3) all advertising materials mentioning
12 * features or use of this software display the following acknowledgement:
13 * ``This product includes software developed by the University of California,
14 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
15 * the University nor the names of its contributors may be used to endorse
16 * or promote products derived from this software without specific prior
17 * written permission.
18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
19 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
20 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
21 */
22 #ifndef lint
23 static const char rcsid[] =
24 "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.180 2002-10-18 08:46:13 guy Exp $ (LBL)";
25 #endif
26
27 #ifdef HAVE_CONFIG_H
28 #include "config.h"
29 #endif
30
31 #ifdef WIN32
32 #include <pcap-stdinc.h>
33 #else /* WIN32 */
34 #include <sys/types.h>
35 #include <sys/socket.h>
36 #include <sys/time.h>
37 #endif /* WIN32 */
38
39 /*
40 * XXX - why was this included even on UNIX?
41 */
42 #ifdef __MINGW32__
43 #include "IP6_misc.h"
44 #endif
45
46 #ifndef WIN32
47
48 #ifdef __NetBSD__
49 #include <sys/param.h>
50 #endif
51
52 #include <netinet/in.h>
53
54 #endif /* WIN32 */
55
56 #include <stdlib.h>
57 #include <string.h>
58 #include <memory.h>
59 #include <setjmp.h>
60 #include <stdarg.h>
61
62 #include "pcap-int.h"
63
64 #include "ethertype.h"
65 #include "nlpid.h"
66 #include "llc.h"
67 #include "gencode.h"
68 #include "atmuni31.h"
69 #include "sunatmpos.h"
70 #include "ppp.h"
71 #include "sll.h"
72 #include "arcnet.h"
73 #ifdef INET6
74 #ifndef WIN32
75 #include <netdb.h> /* for "struct addrinfo" */
76 #endif /* WIN32 */
77 #endif /*INET6*/
78 #include <pcap-namedb.h>
79
80 #define ETHERMTU 1500
81
82 #ifndef IPPROTO_SCTP
83 #define IPPROTO_SCTP 132
84 #endif
85
86 #ifdef HAVE_OS_PROTO_H
87 #include "os-proto.h"
88 #endif
89
90 #define JMP(c) ((c)|BPF_JMP|BPF_K)
91
92 /* Locals */
93 static jmp_buf top_ctx;
94 static pcap_t *bpf_pcap;
95
96 /* Hack for updating VLAN offsets. */
97 static u_int orig_linktype = -1, orig_nl = -1, orig_nl_nosnap = -1;
98
99 /* XXX */
100 #ifdef PCAP_FDDIPAD
101 int pcap_fddipad = PCAP_FDDIPAD;
102 #else
103 int pcap_fddipad;
104 #endif
105
106 /* VARARGS */
107 void
108 bpf_error(const char *fmt, ...)
109
110 {
111 va_list ap;
112
113 va_start(ap, fmt);
114 if (bpf_pcap != NULL)
115 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE,
116 fmt, ap);
117 va_end(ap);
118 longjmp(top_ctx, 1);
119 /* NOTREACHED */
120 }
121
122 static void init_linktype(int);
123
124 static int alloc_reg(void);
125 static void free_reg(int);
126
127 static struct block *root;
128
129 /*
130 * We divy out chunks of memory rather than call malloc each time so
131 * we don't have to worry about leaking memory. It's probably
132 * not a big deal if all this memory was wasted but it this ever
133 * goes into a library that would probably not be a good idea.
134 */
135 #define NCHUNKS 16
136 #define CHUNK0SIZE 1024
137 struct chunk {
138 u_int n_left;
139 void *m;
140 };
141
142 static struct chunk chunks[NCHUNKS];
143 static int cur_chunk;
144
145 static void *newchunk(u_int);
146 static void freechunks(void);
147 static inline struct block *new_block(int);
148 static inline struct slist *new_stmt(int);
149 static struct block *gen_retblk(int);
150 static inline void syntax(void);
151
152 static void backpatch(struct block *, struct block *);
153 static void merge(struct block *, struct block *);
154 static struct block *gen_cmp(u_int, u_int, bpf_int32);
155 static struct block *gen_cmp_gt(u_int, u_int, bpf_int32);
156 static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32);
157 static struct block *gen_bcmp(u_int, u_int, const u_char *);
158 static struct block *gen_ncmp(bpf_u_int32, bpf_u_int32, bpf_u_int32,
159 bpf_u_int32, bpf_u_int32, int);
160 static struct block *gen_uncond(int);
161 static inline struct block *gen_true(void);
162 static inline struct block *gen_false(void);
163 static struct block *gen_ether_linktype(int);
164 static struct block *gen_linktype(int);
165 static struct block *gen_snap(bpf_u_int32, bpf_u_int32, u_int);
166 static struct block *gen_llc(int);
167 static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int);
168 #ifdef INET6
169 static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int);
170 #endif
171 static struct block *gen_ahostop(const u_char *, int);
172 static struct block *gen_ehostop(const u_char *, int);
173 static struct block *gen_fhostop(const u_char *, int);
174 static struct block *gen_thostop(const u_char *, int);
175 static struct block *gen_wlanhostop(const u_char *, int);
176 static struct block *gen_ipfchostop(const u_char *, int);
177 static struct block *gen_dnhostop(bpf_u_int32, int, u_int);
178 static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int);
179 #ifdef INET6
180 static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int);
181 #endif
182 #ifndef INET6
183 static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int);
184 #endif
185 static struct block *gen_ipfrag(void);
186 static struct block *gen_portatom(int, bpf_int32);
187 #ifdef INET6
188 static struct block *gen_portatom6(int, bpf_int32);
189 #endif
190 struct block *gen_portop(int, int, int);
191 static struct block *gen_port(int, int, int);
192 #ifdef INET6
193 struct block *gen_portop6(int, int, int);
194 static struct block *gen_port6(int, int, int);
195 #endif
196 static int lookup_proto(const char *, int);
197 static struct block *gen_protochain(int, int, int);
198 static struct block *gen_proto(int, int, int);
199 static struct slist *xfer_to_x(struct arth *);
200 static struct slist *xfer_to_a(struct arth *);
201 static struct block *gen_mac_multicast(int);
202 static struct block *gen_len(int, int);
203
204 static struct block *gen_msg_abbrev(int type);
205
206 static void *
207 newchunk(n)
208 u_int n;
209 {
210 struct chunk *cp;
211 int k, size;
212
213 #ifndef __NetBSD__
214 /* XXX Round up to nearest long. */
215 n = (n + sizeof(long) - 1) & ~(sizeof(long) - 1);
216 #else
217 /* XXX Round up to structure boundary. */
218 n = ALIGN(n);
219 #endif
220
221 cp = &chunks[cur_chunk];
222 if (n > cp->n_left) {
223 ++cp, k = ++cur_chunk;
224 if (k >= NCHUNKS)
225 bpf_error("out of memory");
226 size = CHUNK0SIZE << k;
227 cp->m = (void *)malloc(size);
228 memset((char *)cp->m, 0, size);
229 cp->n_left = size;
230 if (n > size)
231 bpf_error("out of memory");
232 }
233 cp->n_left -= n;
234 return (void *)((char *)cp->m + cp->n_left);
235 }
236
237 static void
238 freechunks()
239 {
240 int i;
241
242 cur_chunk = 0;
243 for (i = 0; i < NCHUNKS; ++i)
244 if (chunks[i].m != NULL) {
245 free(chunks[i].m);
246 chunks[i].m = NULL;
247 }
248 }
249
250 /*
251 * A strdup whose allocations are freed after code generation is over.
252 */
253 char *
254 sdup(s)
255 register const char *s;
256 {
257 int n = strlen(s) + 1;
258 char *cp = newchunk(n);
259
260 strlcpy(cp, s, n);
261 return (cp);
262 }
263
264 static inline struct block *
265 new_block(code)
266 int code;
267 {
268 struct block *p;
269
270 p = (struct block *)newchunk(sizeof(*p));
271 p->s.code = code;
272 p->head = p;
273
274 return p;
275 }
276
277 static inline struct slist *
278 new_stmt(code)
279 int code;
280 {
281 struct slist *p;
282
283 p = (struct slist *)newchunk(sizeof(*p));
284 p->s.code = code;
285
286 return p;
287 }
288
289 static struct block *
290 gen_retblk(v)
291 int v;
292 {
293 struct block *b = new_block(BPF_RET|BPF_K);
294
295 b->s.k = v;
296 return b;
297 }
298
299 static inline void
300 syntax()
301 {
302 bpf_error("syntax error in filter expression");
303 }
304
305 static bpf_u_int32 netmask;
306 static int snaplen;
307 int no_optimize;
308
309 int
310 pcap_compile(pcap_t *p, struct bpf_program *program,
311 char *buf, int optimize, bpf_u_int32 mask)
312 {
313 extern int n_errors;
314 int len;
315
316 no_optimize = 0;
317 n_errors = 0;
318 root = NULL;
319 bpf_pcap = p;
320 if (setjmp(top_ctx)) {
321 lex_cleanup();
322 freechunks();
323 return (-1);
324 }
325
326 netmask = mask;
327
328 snaplen = pcap_snapshot(p);
329 if (snaplen == 0) {
330 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
331 "snaplen of 0 rejects all packets");
332 return -1;
333 }
334
335 lex_init(buf ? buf : "");
336 init_linktype(pcap_datalink(p));
337 (void)pcap_parse();
338
339 if (n_errors)
340 syntax();
341
342 if (root == NULL)
343 root = gen_retblk(snaplen);
344
345 if (optimize && !no_optimize) {
346 bpf_optimize(&root);
347 if (root == NULL ||
348 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0))
349 bpf_error("expression rejects all packets");
350 }
351 program->bf_insns = icode_to_fcode(root, &len);
352 program->bf_len = len;
353
354 lex_cleanup();
355 freechunks();
356 return (0);
357 }
358
359 /*
360 * entry point for using the compiler with no pcap open
361 * pass in all the stuff that is needed explicitly instead.
362 */
363 int
364 pcap_compile_nopcap(int snaplen_arg, int linktype_arg,
365 struct bpf_program *program,
366 char *buf, int optimize, bpf_u_int32 mask)
367 {
368 pcap_t *p;
369 int ret;
370
371 p = pcap_open_dead(linktype_arg, snaplen_arg);
372 if (p == NULL)
373 return (-1);
374 ret = pcap_compile(p, program, buf, optimize, mask);
375 pcap_close(p);
376 return (ret);
377 }
378
379 /*
380 * Clean up a "struct bpf_program" by freeing all the memory allocated
381 * in it.
382 */
383 void
384 pcap_freecode(struct bpf_program *program)
385 {
386 program->bf_len = 0;
387 if (program->bf_insns != NULL) {
388 free((char *)program->bf_insns);
389 program->bf_insns = NULL;
390 }
391 }
392
393 /*
394 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates
395 * which of the jt and jf fields has been resolved and which is a pointer
396 * back to another unresolved block (or nil). At least one of the fields
397 * in each block is already resolved.
398 */
399 static void
400 backpatch(list, target)
401 struct block *list, *target;
402 {
403 struct block *next;
404
405 while (list) {
406 if (!list->sense) {
407 next = JT(list);
408 JT(list) = target;
409 } else {
410 next = JF(list);
411 JF(list) = target;
412 }
413 list = next;
414 }
415 }
416
417 /*
418 * Merge the lists in b0 and b1, using the 'sense' field to indicate
419 * which of jt and jf is the link.
420 */
421 static void
422 merge(b0, b1)
423 struct block *b0, *b1;
424 {
425 register struct block **p = &b0;
426
427 /* Find end of list. */
428 while (*p)
429 p = !((*p)->sense) ? &JT(*p) : &JF(*p);
430
431 /* Concatenate the lists. */
432 *p = b1;
433 }
434
435 void
436 finish_parse(p)
437 struct block *p;
438 {
439 backpatch(p, gen_retblk(snaplen));
440 p->sense = !p->sense;
441 backpatch(p, gen_retblk(0));
442 root = p->head;
443 }
444
445 void
446 gen_and(b0, b1)
447 struct block *b0, *b1;
448 {
449 backpatch(b0, b1->head);
450 b0->sense = !b0->sense;
451 b1->sense = !b1->sense;
452 merge(b1, b0);
453 b1->sense = !b1->sense;
454 b1->head = b0->head;
455 }
456
457 void
458 gen_or(b0, b1)
459 struct block *b0, *b1;
460 {
461 b0->sense = !b0->sense;
462 backpatch(b0, b1->head);
463 b0->sense = !b0->sense;
464 merge(b1, b0);
465 b1->head = b0->head;
466 }
467
468 void
469 gen_not(b)
470 struct block *b;
471 {
472 b->sense = !b->sense;
473 }
474
475 static struct block *
476 gen_cmp(offset, size, v)
477 u_int offset, size;
478 bpf_int32 v;
479 {
480 struct slist *s;
481 struct block *b;
482
483 s = new_stmt(BPF_LD|BPF_ABS|size);
484 s->s.k = offset;
485
486 b = new_block(JMP(BPF_JEQ));
487 b->stmts = s;
488 b->s.k = v;
489
490 return b;
491 }
492
493 static struct block *
494 gen_cmp_gt(offset, size, v)
495 u_int offset, size;
496 bpf_int32 v;
497 {
498 struct slist *s;
499 struct block *b;
500
501 s = new_stmt(BPF_LD|BPF_ABS|size);
502 s->s.k = offset;
503
504 b = new_block(JMP(BPF_JGT));
505 b->stmts = s;
506 b->s.k = v;
507
508 return b;
509 }
510
511 static struct block *
512 gen_mcmp(offset, size, v, mask)
513 u_int offset, size;
514 bpf_int32 v;
515 bpf_u_int32 mask;
516 {
517 struct block *b = gen_cmp(offset, size, v);
518 struct slist *s;
519
520 if (mask != 0xffffffff) {
521 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
522 s->s.k = mask;
523 b->stmts->next = s;
524 }
525 return b;
526 }
527
528 static struct block *
529 gen_bcmp(offset, size, v)
530 register u_int offset, size;
531 register const u_char *v;
532 {
533 register struct block *b, *tmp;
534
535 b = NULL;
536 while (size >= 4) {
537 register const u_char *p = &v[size - 4];
538 bpf_int32 w = ((bpf_int32)p[0] << 24) |
539 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3];
540
541 tmp = gen_cmp(offset + size - 4, BPF_W, w);
542 if (b != NULL)
543 gen_and(b, tmp);
544 b = tmp;
545 size -= 4;
546 }
547 while (size >= 2) {
548 register const u_char *p = &v[size - 2];
549 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1];
550
551 tmp = gen_cmp(offset + size - 2, BPF_H, w);
552 if (b != NULL)
553 gen_and(b, tmp);
554 b = tmp;
555 size -= 2;
556 }
557 if (size > 0) {
558 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]);
559 if (b != NULL)
560 gen_and(b, tmp);
561 b = tmp;
562 }
563 return b;
564 }
565
566 static struct block *
567 gen_ncmp(datasize, offset, mask, jtype, jvalue, reverse)
568 bpf_u_int32 datasize, offset, mask, jtype, jvalue;
569 int reverse;
570 {
571 struct slist *s;
572 struct block *b;
573
574 s = new_stmt(BPF_LD|datasize|BPF_ABS);
575 s->s.k = offset;
576
577 if (mask != 0xffffffff) {
578 s->next = new_stmt(BPF_ALU|BPF_AND|BPF_K);
579 s->next->s.k = mask;
580 }
581
582 b = new_block(JMP(jtype));
583 b->stmts = s;
584 b->s.k = jvalue;
585 if (reverse && (jtype == BPF_JGT || jtype == BPF_JGE))
586 gen_not(b);
587 return b;
588 }
589
590 /*
591 * Various code constructs need to know the layout of the data link
592 * layer. These variables give the necessary offsets.
593 */
594
595 /*
596 * This is the offset of the beginning of the MAC-layer header.
597 * It's usually 0, except for ATM LANE.
598 */
599 static u_int off_mac;
600
601 /*
602 * "off_linktype" is the offset to information in the link-layer header
603 * giving the packet type.
604 *
605 * For Ethernet, it's the offset of the Ethernet type field.
606 *
607 * For link-layer types that always use 802.2 headers, it's the
608 * offset of the LLC header.
609 *
610 * For PPP, it's the offset of the PPP type field.
611 *
612 * For Cisco HDLC, it's the offset of the CHDLC type field.
613 *
614 * For BSD loopback, it's the offset of the AF_ value.
615 *
616 * For Linux cooked sockets, it's the offset of the type field.
617 *
618 * It's set to -1 for no encapsulation, in which case, IP is assumed.
619 */
620 static u_int off_linktype;
621
622 /*
623 * TRUE if the link layer includes an ATM pseudo-header.
624 */
625 static int is_atm = 0;
626
627 /*
628 * TRUE if "lane" appeared in the filter; it causes us to generate
629 * code that assumes LANE rather than LLC-encapsulated traffic in SunATM.
630 */
631 static int is_lane = 0;
632
633 /*
634 * These are offsets for the ATM pseudo-header.
635 */
636 static u_int off_vpi;
637 static u_int off_vci;
638 static u_int off_proto;
639
640 /*
641 * This is the offset of the first byte after the ATM pseudo_header,
642 * or -1 if there is no ATM pseudo-header.
643 */
644 static u_int off_payload;
645
646 /*
647 * These are offsets to the beginning of the network-layer header.
648 *
649 * If the link layer never uses 802.2 LLC:
650 *
651 * "off_nl" and "off_nl_nosnap" are the same.
652 *
653 * If the link layer always uses 802.2 LLC:
654 *
655 * "off_nl" is the offset if there's a SNAP header following
656 * the 802.2 header;
657 *
658 * "off_nl_nosnap" is the offset if there's no SNAP header.
659 *
660 * If the link layer is Ethernet:
661 *
662 * "off_nl" is the offset if the packet is an Ethernet II packet
663 * (we assume no 802.3+802.2+SNAP);
664 *
665 * "off_nl_nosnap" is the offset if the packet is an 802.3 packet
666 * with an 802.2 header following it.
667 */
668 static u_int off_nl;
669 static u_int off_nl_nosnap;
670
671 static int linktype;
672
673 static void
674 init_linktype(type)
675 int type;
676 {
677 linktype = type;
678
679 /*
680 * Assume it's not raw ATM with a pseudo-header, for now.
681 */
682 off_mac = 0;
683 is_atm = 0;
684 is_lane = 0;
685 off_vpi = -1;
686 off_vci = -1;
687 off_proto = -1;
688 off_payload = -1;
689
690 orig_linktype = -1;
691 orig_nl = -1;
692 orig_nl_nosnap = -1;
693
694 switch (type) {
695
696 case DLT_ARCNET:
697 off_linktype = 2;
698 off_nl = 6; /* XXX in reality, variable! */
699 off_nl_nosnap = 6; /* no 802.2 LLC */
700 return;
701
702 case DLT_EN10MB:
703 off_linktype = 12;
704 off_nl = 14; /* Ethernet II */
705 off_nl_nosnap = 17; /* 802.3+802.2 */
706 return;
707
708 case DLT_SLIP:
709 /*
710 * SLIP doesn't have a link level type. The 16 byte
711 * header is hacked into our SLIP driver.
712 */
713 off_linktype = -1;
714 off_nl = 16;
715 off_nl_nosnap = 16; /* no 802.2 LLC */
716 return;
717
718 case DLT_SLIP_BSDOS:
719 /* XXX this may be the same as the DLT_PPP_BSDOS case */
720 off_linktype = -1;
721 /* XXX end */
722 off_nl = 24;
723 off_nl_nosnap = 24; /* no 802.2 LLC */
724 return;
725
726 case DLT_NULL:
727 case DLT_LOOP:
728 off_linktype = 0;
729 off_nl = 4;
730 off_nl_nosnap = 4; /* no 802.2 LLC */
731 return;
732
733 case DLT_PPP:
734 case DLT_C_HDLC: /* BSD/OS Cisco HDLC */
735 case DLT_PPP_SERIAL: /* NetBSD sync/async serial PPP */
736 off_linktype = 2;
737 off_nl = 4;
738 off_nl_nosnap = 4; /* no 802.2 LLC */
739 return;
740
741 case DLT_PPP_ETHER:
742 /*
743 * This does no include the Ethernet header, and
744 * only covers session state.
745 */
746 off_linktype = 6;
747 off_nl = 8;
748 off_nl_nosnap = 8; /* no 802.2 LLC */
749 return;
750
751 case DLT_PPP_BSDOS:
752 off_linktype = 5;
753 off_nl = 24;
754 off_nl_nosnap = 24; /* no 802.2 LLC */
755 return;
756
757 case DLT_FDDI:
758 /*
759 * FDDI doesn't really have a link-level type field.
760 * We set "off_linktype" to the offset of the LLC header.
761 *
762 * To check for Ethernet types, we assume that SSAP = SNAP
763 * is being used and pick out the encapsulated Ethernet type.
764 * XXX - should we generate code to check for SNAP?
765 */
766 off_linktype = 13;
767 #ifdef PCAP_FDDIPAD
768 off_linktype += pcap_fddipad;
769 #endif
770 off_nl = 21; /* FDDI+802.2+SNAP */
771 off_nl_nosnap = 16; /* FDDI+802.2 */
772 #ifdef PCAP_FDDIPAD
773 off_nl += pcap_fddipad;
774 off_nl_nosnap += pcap_fddipad;
775 #endif
776 return;
777
778 case DLT_IEEE802:
779 /*
780 * Token Ring doesn't really have a link-level type field.
781 * We set "off_linktype" to the offset of the LLC header.
782 *
783 * To check for Ethernet types, we assume that SSAP = SNAP
784 * is being used and pick out the encapsulated Ethernet type.
785 * XXX - should we generate code to check for SNAP?
786 *
787 * XXX - the header is actually variable-length.
788 * Some various Linux patched versions gave 38
789 * as "off_linktype" and 40 as "off_nl"; however,
790 * if a token ring packet has *no* routing
791 * information, i.e. is not source-routed, the correct
792 * values are 20 and 22, as they are in the vanilla code.
793 *
794 * A packet is source-routed iff the uppermost bit
795 * of the first byte of the source address, at an
796 * offset of 8, has the uppermost bit set. If the
797 * packet is source-routed, the total number of bytes
798 * of routing information is 2 plus bits 0x1F00 of
799 * the 16-bit value at an offset of 14 (shifted right
800 * 8 - figure out which byte that is).
801 */
802 off_linktype = 14;
803 off_nl = 22; /* Token Ring+802.2+SNAP */
804 off_nl_nosnap = 17; /* Token Ring+802.2 */
805 return;
806
807 case DLT_IEEE802_11:
808 /*
809 * 802.11 doesn't really have a link-level type field.
810 * We set "off_linktype" to the offset of the LLC header.
811 *
812 * To check for Ethernet types, we assume that SSAP = SNAP
813 * is being used and pick out the encapsulated Ethernet type.
814 * XXX - should we generate code to check for SNAP?
815 *
816 * XXX - the header is actually variable-length. We
817 * assume a 24-byte link-layer header, as appears in
818 * data frames in networks with no bridges.
819 */
820 off_linktype = 24;
821 off_nl = 32; /* 802.11+802.2+SNAP */
822 off_nl_nosnap = 27; /* 802.11+802.2 */
823 return;
824
825 case DLT_PRISM_HEADER:
826 /*
827 * Same as 802.11, but with an additional header before
828 * the 802.11 header, containing a bunch of additional
829 * information including radio-level information.
830 *
831 * The header is 144 bytes long.
832 *
833 * XXX - same variable-length header problem; at least
834 * the Prism header is fixed-length.
835 */
836 off_linktype = 144+24;
837 off_nl = 144+32; /* Prism+802.11+802.2+SNAP */
838 off_nl_nosnap = 144+27; /* Prism+802.11+802.2 */
839 return;
840
841 case DLT_ATM_RFC1483:
842 case DLT_ATM_CLIP: /* Linux ATM defines this */
843 /*
844 * assume routed, non-ISO PDUs
845 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00)
846 */
847 off_linktype = 0;
848 off_nl = 8; /* 802.2+SNAP */
849 off_nl_nosnap = 3; /* 802.2 */
850 return;
851
852 case DLT_SUNATM:
853 /*
854 * Full Frontal ATM; you get AALn PDUs with an ATM
855 * pseudo-header.
856 */
857 is_atm = 1;
858 off_vpi = SUNATM_VPI_POS;
859 off_vci = SUNATM_VCI_POS;
860 off_proto = PROTO_POS;
861 off_mac = -1; /* LLC-encapsulated, so no MAC-layer header */
862 off_payload = SUNATM_PKT_BEGIN_POS;
863 off_linktype = off_payload;
864 off_nl = off_payload+8; /* 802.2+SNAP */
865 off_nl_nosnap = off_payload+3; /* 802.2 */
866 return;
867
868 case DLT_RAW:
869 off_linktype = -1;
870 off_nl = 0;
871 off_nl_nosnap = 0; /* no 802.2 LLC */
872 return;
873
874 case DLT_LINUX_SLL: /* fake header for Linux cooked socket */
875 off_linktype = 14;
876 off_nl = 16;
877 off_nl_nosnap = 16; /* no 802.2 LLC */
878 return;
879
880 case DLT_LTALK:
881 /*
882 * LocalTalk does have a 1-byte type field in the LLAP header,
883 * but really it just indicates whether there is a "short" or
884 * "long" DDP packet following.
885 */
886 off_linktype = -1;
887 off_nl = 0;
888 off_nl_nosnap = 0; /* no 802.2 LLC */
889 return;
890
891 case DLT_IP_OVER_FC:
892 /*
893 * RFC 2625 IP-over-Fibre-Channel doesn't really have a
894 * link-level type field. We set "off_linktype" to the
895 * offset of the LLC header.
896 *
897 * To check for Ethernet types, we assume that SSAP = SNAP
898 * is being used and pick out the encapsulated Ethernet type.
899 * XXX - should we generate code to check for SNAP? RFC
900 * 2625 says SNAP should be used.
901 */
902 off_linktype = 16;
903 off_nl = 24; /* IPFC+802.2+SNAP */
904 off_nl_nosnap = 19; /* IPFC+802.2 */
905 return;
906
907 case DLT_FRELAY:
908 /*
909 * XXX - we should set this to handle SNAP-encapsulated
910 * frames (NLPID of 0x80).
911 */
912 off_linktype = -1;
913 off_nl = 0;
914 off_nl_nosnap = 0; /* no 802.2 LLC */
915 return;
916 }
917 bpf_error("unknown data link type %d", linktype);
918 /* NOTREACHED */
919 }
920
921 static struct block *
922 gen_uncond(rsense)
923 int rsense;
924 {
925 struct block *b;
926 struct slist *s;
927
928 s = new_stmt(BPF_LD|BPF_IMM);
929 s->s.k = !rsense;
930 b = new_block(JMP(BPF_JEQ));
931 b->stmts = s;
932
933 return b;
934 }
935
936 static inline struct block *
937 gen_true()
938 {
939 return gen_uncond(1);
940 }
941
942 static inline struct block *
943 gen_false()
944 {
945 return gen_uncond(0);
946 }
947
948 /*
949 * Byte-swap a 32-bit number.
950 * ("htonl()" or "ntohl()" won't work - we want to byte-swap even on
951 * big-endian platforms.)
952 */
953 #define SWAPLONG(y) \
954 ((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff))
955
956 static struct block *
957 gen_ether_linktype(proto)
958 register int proto;
959 {
960 struct block *b0, *b1;
961
962 switch (proto) {
963
964 case LLCSAP_ISONS:
965 /*
966 * OSI protocols always use 802.2 encapsulation.
967 * XXX - should we check both the DSAP and the
968 * SSAP, like this, or should we check just the
969 * DSAP?
970 */
971 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
972 gen_not(b0);
973 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
974 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
975 gen_and(b0, b1);
976 return b1;
977
978 case LLCSAP_NETBEUI:
979 /*
980 * NetBEUI always uses 802.2 encapsulation.
981 * XXX - should we check both the DSAP and the
982 * SSAP, like this, or should we check just the
983 * DSAP?
984 */
985 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
986 gen_not(b0);
987 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
988 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
989 gen_and(b0, b1);
990 return b1;
991
992 case LLCSAP_IPX:
993 /*
994 * Check for;
995 *
996 * Ethernet_II frames, which are Ethernet
997 * frames with a frame type of ETHERTYPE_IPX;
998 *
999 * Ethernet_802.3 frames, which are 802.3
1000 * frames (i.e., the type/length field is
1001 * a length field, <= ETHERMTU, rather than
1002 * a type field) with the first two bytes
1003 * after the Ethernet/802.3 header being
1004 * 0xFFFF;
1005 *
1006 * Ethernet_802.2 frames, which are 802.3
1007 * frames with an 802.2 LLC header and
1008 * with the IPX LSAP as the DSAP in the LLC
1009 * header;
1010 *
1011 * Ethernet_SNAP frames, which are 802.3
1012 * frames with an LLC header and a SNAP
1013 * header and with an OUI of 0x000000
1014 * (encapsulated Ethernet) and a protocol
1015 * ID of ETHERTYPE_IPX in the SNAP header.
1016 *
1017 * XXX - should we generate the same code both
1018 * for tests for LLCSAP_IPX and for ETHERTYPE_IPX?
1019 */
1020
1021 /*
1022 * This generates code to check both for the
1023 * IPX LSAP (Ethernet_802.2) and for Ethernet_802.3.
1024 */
1025 b0 = gen_cmp(off_linktype + 2, BPF_B, (bpf_int32)LLCSAP_IPX);
1026 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)0xFFFF);
1027 gen_or(b0, b1);
1028
1029 /*
1030 * Now we add code to check for SNAP frames with
1031 * ETHERTYPE_IPX, i.e. Ethernet_SNAP.
1032 */
1033 b0 = gen_snap(0x000000, ETHERTYPE_IPX, 14);
1034 gen_or(b0, b1);
1035
1036 /*
1037 * Now we generate code to check for 802.3
1038 * frames in general.
1039 */
1040 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1041 gen_not(b0);
1042
1043 /*
1044 * Now add the check for 802.3 frames before the
1045 * check for Ethernet_802.2 and Ethernet_802.3,
1046 * as those checks should only be done on 802.3
1047 * frames, not on Ethernet frames.
1048 */
1049 gen_and(b0, b1);
1050
1051 /*
1052 * Now add the check for Ethernet_II frames, and
1053 * do that before checking for the other frame
1054 * types.
1055 */
1056 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)ETHERTYPE_IPX);
1057 gen_or(b0, b1);
1058 return b1;
1059
1060 case ETHERTYPE_ATALK:
1061 case ETHERTYPE_AARP:
1062 /*
1063 * EtherTalk (AppleTalk protocols on Ethernet link
1064 * layer) may use 802.2 encapsulation.
1065 */
1066
1067 /*
1068 * Check for 802.2 encapsulation (EtherTalk phase 2?);
1069 * we check for an Ethernet type field less than
1070 * 1500, which means it's an 802.3 length field.
1071 */
1072 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1073 gen_not(b0);
1074
1075 /*
1076 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1077 * SNAP packets with an organization code of
1078 * 0x080007 (Apple, for Appletalk) and a protocol
1079 * type of ETHERTYPE_ATALK (Appletalk).
1080 *
1081 * 802.2-encapsulated ETHERTYPE_AARP packets are
1082 * SNAP packets with an organization code of
1083 * 0x000000 (encapsulated Ethernet) and a protocol
1084 * type of ETHERTYPE_AARP (Appletalk ARP).
1085 */
1086 if (proto == ETHERTYPE_ATALK)
1087 b1 = gen_snap(0x080007, ETHERTYPE_ATALK, 14);
1088 else /* proto == ETHERTYPE_AARP */
1089 b1 = gen_snap(0x000000, ETHERTYPE_AARP, 14);
1090 gen_and(b0, b1);
1091
1092 /*
1093 * Check for Ethernet encapsulation (Ethertalk
1094 * phase 1?); we just check for the Ethernet
1095 * protocol type.
1096 */
1097 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1098
1099 gen_or(b0, b1);
1100 return b1;
1101
1102 default:
1103 if (proto <= ETHERMTU) {
1104 /*
1105 * This is an LLC SAP value, so the frames
1106 * that match would be 802.2 frames.
1107 * Check that the frame is an 802.2 frame
1108 * (i.e., that the length/type field is
1109 * a length field, <= ETHERMTU) and
1110 * then check the DSAP.
1111 */
1112 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1113 gen_not(b0);
1114 b1 = gen_cmp(off_linktype + 2, BPF_B, (bpf_int32)proto);
1115 gen_and(b0, b1);
1116 return b1;
1117 } else {
1118 /*
1119 * This is an Ethernet type, so compare
1120 * the length/type field with it (if
1121 * the frame is an 802.2 frame, the length
1122 * field will be <= ETHERMTU, and, as
1123 * "proto" is > ETHERMTU, this test
1124 * will fail and the frame won't match,
1125 * which is what we want).
1126 */
1127 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1128 }
1129 }
1130 }
1131
1132 static struct block *
1133 gen_linktype(proto)
1134 register int proto;
1135 {
1136 struct block *b0, *b1, *b2;
1137
1138 switch (linktype) {
1139
1140 case DLT_EN10MB:
1141 return gen_ether_linktype(proto);
1142 break;
1143
1144 case DLT_IEEE802_11:
1145 case DLT_PRISM_HEADER:
1146 case DLT_FDDI:
1147 case DLT_IEEE802:
1148 case DLT_ATM_RFC1483:
1149 case DLT_ATM_CLIP:
1150 case DLT_IP_OVER_FC:
1151 return gen_llc(proto);
1152 break;
1153
1154 case DLT_SUNATM:
1155 /*
1156 * If "is_lane" is set, check for a LANE-encapsulated
1157 * version of this protocol, otherwise check for an
1158 * LLC-encapsulated version of this protocol.
1159 *
1160 * We assume LANE means Ethernet, not Token Ring.
1161 */
1162 if (is_lane) {
1163 /*
1164 * Check that the packet doesn't begin with an
1165 * LE Control marker. (We've already generated
1166 * a test for LANE.)
1167 */
1168 b0 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
1169 gen_not(b0);
1170
1171 /*
1172 * Now generate an Ethernet test.
1173 */
1174 b1 = gen_ether_linktype(proto);
1175 gen_and(b0, b1);
1176 return b1;
1177 } else {
1178 /*
1179 * Check for LLC encapsulation and then check the
1180 * protocol.
1181 */
1182 b0 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0);
1183 b1 = gen_llc(proto);
1184 gen_and(b0, b1);
1185 return b1;
1186 }
1187
1188 case DLT_LINUX_SLL:
1189 switch (proto) {
1190
1191 case LLCSAP_ISONS:
1192 /*
1193 * OSI protocols always use 802.2 encapsulation.
1194 * XXX - should we check both the DSAP and the
1195 * LSAP, like this, or should we check just the
1196 * DSAP?
1197 */
1198 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1199 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1200 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
1201 gen_and(b0, b1);
1202 return b1;
1203
1204 case LLCSAP_NETBEUI:
1205 /*
1206 * NetBEUI always uses 802.2 encapsulation.
1207 * XXX - should we check both the DSAP and the
1208 * LSAP, like this, or should we check just the
1209 * DSAP?
1210 */
1211 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1212 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1213 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
1214 gen_and(b0, b1);
1215 return b1;
1216
1217 case LLCSAP_IPX:
1218 /*
1219 * Ethernet_II frames, which are Ethernet
1220 * frames with a frame type of ETHERTYPE_IPX;
1221 *
1222 * Ethernet_802.3 frames, which have a frame
1223 * type of LINUX_SLL_P_802_3;
1224 *
1225 * Ethernet_802.2 frames, which are 802.3
1226 * frames with an 802.2 LLC header (i.e, have
1227 * a frame type of LINUX_SLL_P_802_2) and
1228 * with the IPX LSAP as the DSAP in the LLC
1229 * header;
1230 *
1231 * Ethernet_SNAP frames, which are 802.3
1232 * frames with an LLC header and a SNAP
1233 * header and with an OUI of 0x000000
1234 * (encapsulated Ethernet) and a protocol
1235 * ID of ETHERTYPE_IPX in the SNAP header.
1236 *
1237 * First, do the checks on LINUX_SLL_P_802_2
1238 * frames; generate the check for either
1239 * Ethernet_802.2 or Ethernet_SNAP frames, and
1240 * then put a check for LINUX_SLL_P_802_2 frames
1241 * before it.
1242 */
1243 b0 = gen_cmp(off_linktype + 2, BPF_B,
1244 (bpf_int32)LLCSAP_IPX);
1245 b1 = gen_snap(0x000000, ETHERTYPE_IPX,
1246 off_linktype + 2);
1247 gen_or(b0, b1);
1248 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1249 gen_and(b0, b1);
1250
1251 /*
1252 * Now check for 802.3 frames and OR that with
1253 * the previous test.
1254 */
1255 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_3);
1256 gen_or(b0, b1);
1257
1258 /*
1259 * Now add the check for Ethernet_II frames, and
1260 * do that before checking for the other frame
1261 * types.
1262 */
1263 b0 = gen_cmp(off_linktype, BPF_H,
1264 (bpf_int32)ETHERTYPE_IPX);
1265 gen_or(b0, b1);
1266 return b1;
1267
1268 case ETHERTYPE_ATALK:
1269 case ETHERTYPE_AARP:
1270 /*
1271 * EtherTalk (AppleTalk protocols on Ethernet link
1272 * layer) may use 802.2 encapsulation.
1273 */
1274
1275 /*
1276 * Check for 802.2 encapsulation (EtherTalk phase 2?);
1277 * we check for the 802.2 protocol type in the
1278 * "Ethernet type" field.
1279 */
1280 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1281
1282 /*
1283 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1284 * SNAP packets with an organization code of
1285 * 0x080007 (Apple, for Appletalk) and a protocol
1286 * type of ETHERTYPE_ATALK (Appletalk).
1287 *
1288 * 802.2-encapsulated ETHERTYPE_AARP packets are
1289 * SNAP packets with an organization code of
1290 * 0x000000 (encapsulated Ethernet) and a protocol
1291 * type of ETHERTYPE_AARP (Appletalk ARP).
1292 */
1293 if (proto == ETHERTYPE_ATALK)
1294 b1 = gen_snap(0x080007, ETHERTYPE_ATALK,
1295 off_linktype + 2);
1296 else /* proto == ETHERTYPE_AARP */
1297 b1 = gen_snap(0x000000, ETHERTYPE_AARP,
1298 off_linktype + 2);
1299 gen_and(b0, b1);
1300
1301 /*
1302 * Check for Ethernet encapsulation (Ethertalk
1303 * phase 1?); we just check for the Ethernet
1304 * protocol type.
1305 */
1306 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1307
1308 gen_or(b0, b1);
1309 return b1;
1310
1311 default:
1312 if (proto <= ETHERMTU) {
1313 /*
1314 * This is an LLC SAP value, so the frames
1315 * that match would be 802.2 frames.
1316 * Check for the 802.2 protocol type
1317 * in the "Ethernet type" field, and
1318 * then check the DSAP.
1319 */
1320 b0 = gen_cmp(off_linktype, BPF_H,
1321 LINUX_SLL_P_802_2);
1322 b1 = gen_cmp(off_linktype + 2, BPF_B,
1323 (bpf_int32)proto);
1324 gen_and(b0, b1);
1325 return b1;
1326 } else {
1327 /*
1328 * This is an Ethernet type, so compare
1329 * the length/type field with it (if
1330 * the frame is an 802.2 frame, the length
1331 * field will be <= ETHERMTU, and, as
1332 * "proto" is > ETHERMTU, this test
1333 * will fail and the frame won't match,
1334 * which is what we want).
1335 */
1336 return gen_cmp(off_linktype, BPF_H,
1337 (bpf_int32)proto);
1338 }
1339 }
1340 break;
1341
1342 case DLT_SLIP:
1343 case DLT_SLIP_BSDOS:
1344 case DLT_RAW:
1345 /*
1346 * These types don't provide any type field; packets
1347 * are always IP.
1348 *
1349 * XXX - for IPv4, check for a version number of 4, and,
1350 * for IPv6, check for a version number of 6?
1351 */
1352 switch (proto) {
1353
1354 case ETHERTYPE_IP:
1355 #ifdef INET6
1356 case ETHERTYPE_IPV6:
1357 #endif
1358 return gen_true(); /* always true */
1359
1360 default:
1361 return gen_false(); /* always false */
1362 }
1363 break;
1364
1365 case DLT_PPP:
1366 case DLT_PPP_SERIAL:
1367 case DLT_PPP_ETHER:
1368 /*
1369 * We use Ethernet protocol types inside libpcap;
1370 * map them to the corresponding PPP protocol types.
1371 */
1372 switch (proto) {
1373
1374 case ETHERTYPE_IP:
1375 proto = PPP_IP; /* XXX was 0x21 */
1376 break;
1377
1378 #ifdef INET6
1379 case ETHERTYPE_IPV6:
1380 proto = PPP_IPV6;
1381 break;
1382 #endif
1383
1384 case ETHERTYPE_DN:
1385 proto = PPP_DECNET;
1386 break;
1387
1388 case ETHERTYPE_ATALK:
1389 proto = PPP_APPLE;
1390 break;
1391
1392 case ETHERTYPE_NS:
1393 proto = PPP_NS;
1394 break;
1395
1396 case LLCSAP_ISONS:
1397 proto = PPP_OSI;
1398 break;
1399
1400 case LLCSAP_8021D:
1401 /*
1402 * I'm assuming the "Bridging PDU"s that go
1403 * over PPP are Spanning Tree Protocol
1404 * Bridging PDUs.
1405 */
1406 proto = PPP_BRPDU;
1407 break;
1408
1409 case LLCSAP_IPX:
1410 proto = PPP_IPX;
1411 break;
1412 }
1413 break;
1414
1415 case DLT_PPP_BSDOS:
1416 /*
1417 * We use Ethernet protocol types inside libpcap;
1418 * map them to the corresponding PPP protocol types.
1419 */
1420 switch (proto) {
1421
1422 case ETHERTYPE_IP:
1423 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP);
1424 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC);
1425 gen_or(b0, b1);
1426 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC);
1427 gen_or(b1, b0);
1428 return b0;
1429
1430 #ifdef INET6
1431 case ETHERTYPE_IPV6:
1432 proto = PPP_IPV6;
1433 /* more to go? */
1434 break;
1435 #endif
1436
1437 case ETHERTYPE_DN:
1438 proto = PPP_DECNET;
1439 break;
1440
1441 case ETHERTYPE_ATALK:
1442 proto = PPP_APPLE;
1443 break;
1444
1445 case ETHERTYPE_NS:
1446 proto = PPP_NS;
1447 break;
1448
1449 case LLCSAP_ISONS:
1450 proto = PPP_OSI;
1451 break;
1452
1453 case LLCSAP_8021D:
1454 /*
1455 * I'm assuming the "Bridging PDU"s that go
1456 * over PPP are Spanning Tree Protocol
1457 * Bridging PDUs.
1458 */
1459 proto = PPP_BRPDU;
1460 break;
1461
1462 case LLCSAP_IPX:
1463 proto = PPP_IPX;
1464 break;
1465 }
1466 break;
1467
1468 case DLT_NULL:
1469 case DLT_LOOP:
1470 /*
1471 * For DLT_NULL, the link-layer header is a 32-bit
1472 * word containing an AF_ value in *host* byte order.
1473 *
1474 * In addition, if we're reading a saved capture file,
1475 * the host byte order in the capture may not be the
1476 * same as the host byte order on this machine.
1477 *
1478 * For DLT_LOOP, the link-layer header is a 32-bit
1479 * word containing an AF_ value in *network* byte order.
1480 *
1481 * XXX - AF_ values may, unfortunately, be platform-
1482 * dependent; for example, FreeBSD's AF_INET6 is 24
1483 * whilst NetBSD's and OpenBSD's is 26.
1484 *
1485 * This means that, when reading a capture file, just
1486 * checking for our AF_INET6 value won't work if the
1487 * capture file came from another OS.
1488 */
1489 switch (proto) {
1490
1491 case ETHERTYPE_IP:
1492 proto = AF_INET;
1493 break;
1494
1495 #ifdef INET6
1496 case ETHERTYPE_IPV6:
1497 proto = AF_INET6;
1498 break;
1499 #endif
1500
1501 default:
1502 /*
1503 * Not a type on which we support filtering.
1504 * XXX - support those that have AF_ values
1505 * #defined on this platform, at least?
1506 */
1507 return gen_false();
1508 }
1509
1510 if (linktype == DLT_NULL) {
1511 /*
1512 * The AF_ value is in host byte order, but
1513 * the BPF interpreter will convert it to
1514 * network byte order.
1515 *
1516 * If this is a save file, and it's from a
1517 * machine with the opposite byte order to
1518 * ours, we byte-swap the AF_ value.
1519 *
1520 * Then we run it through "htonl()", and
1521 * generate code to compare against the result.
1522 */
1523 if (bpf_pcap->sf.rfile != NULL &&
1524 bpf_pcap->sf.swapped)
1525 proto = SWAPLONG(proto);
1526 proto = htonl(proto);
1527 }
1528 return (gen_cmp(0, BPF_W, (bpf_int32)proto));
1529
1530 case DLT_ARCNET:
1531 /*
1532 * XXX should we check for first fragment if the protocol
1533 * uses PHDS?
1534 */
1535 switch(proto) {
1536 default:
1537 return gen_false();
1538 #ifdef INET6
1539 case ETHERTYPE_IPV6:
1540 return(gen_cmp(2, BPF_B,
1541 (bpf_int32)htonl(ARCTYPE_INET6)));
1542 #endif /* INET6 */
1543 case ETHERTYPE_IP:
1544 b0 = gen_cmp(2, BPF_B, (bpf_int32)htonl(ARCTYPE_IP));
1545 b1 = gen_cmp(2, BPF_B,
1546 (bpf_int32)htonl(ARCTYPE_IP_OLD));
1547 gen_or(b0, b1);
1548 return(b1);
1549 case ETHERTYPE_ARP:
1550 b0 = gen_cmp(2, BPF_B, (bpf_int32)htonl(ARCTYPE_ARP));
1551 b1 = gen_cmp(2, BPF_B,
1552 (bpf_int32)htonl(ARCTYPE_ARP_OLD));
1553 gen_or(b0, b1);
1554 return(b1);
1555 case ETHERTYPE_REVARP:
1556 return(gen_cmp(2, BPF_B,
1557 (bpf_int32)htonl(ARCTYPE_REVARP)));
1558 case ETHERTYPE_ATALK:
1559 return(gen_cmp(2, BPF_B,
1560 (bpf_int32)htonl(ARCTYPE_ATALK)));
1561 }
1562 break;
1563
1564 case DLT_LTALK:
1565 switch (proto) {
1566 case ETHERTYPE_ATALK:
1567 return gen_true();
1568 default:
1569 return gen_false();
1570 }
1571 break;
1572
1573 case DLT_FRELAY:
1574 /*
1575 * XXX - assumes a 2-byte Frame Relay header with
1576 * DLCI and flags. What if the address is longer?
1577 */
1578 switch (proto) {
1579
1580 case ETHERTYPE_IP:
1581 /*
1582 * Check for the special NLPID for IP.
1583 */
1584 return gen_cmp(2, BPF_H, (0x03<<8) | 0xcc);
1585
1586 #ifdef INET6
1587 case ETHERTYPE_IPV6:
1588 /*
1589 * Check for the special NLPID for IPv6.
1590 */
1591 return gen_cmp(2, BPF_H, (0x03<<8) | 0x8e);
1592 #endif
1593
1594 case LLCSAP_ISONS:
1595 /*
1596 * Check for several OSI protocols.
1597 *
1598 * Frame Relay packets typically have an OSI
1599 * NLPID at the beginning; we check for each
1600 * of them.
1601 *
1602 * What we check for is the NLPID and a frame
1603 * control field of UI, i.e. 0x03 followed
1604 * by the NLPID.
1605 */
1606 b0 = gen_cmp(2, BPF_H, (0x03<<8) | ISO8473_CLNP);
1607 b1 = gen_cmp(2, BPF_H, (0x03<<8) | ISO9542_ESIS);
1608 b2 = gen_cmp(2, BPF_H, (0x03<<8) | ISO10589_ISIS);
1609 gen_or(b1, b2);
1610 gen_or(b0, b2);
1611 return b2;
1612
1613 default:
1614 return gen_false();
1615 }
1616 break;
1617 }
1618
1619 /*
1620 * All the types that have no encapsulation should either be
1621 * handled as DLT_SLIP, DLT_SLIP_BSDOS, and DLT_RAW are, if
1622 * all packets are IP packets, or should be handled in some
1623 * special case, if none of them are (if some are and some
1624 * aren't, the lack of encapsulation is a problem, as we'd
1625 * have to find some other way of determining the packet type).
1626 *
1627 * Therefore, if "off_linktype" is -1, there's an error.
1628 */
1629 if (off_linktype == -1)
1630 abort();
1631
1632 /*
1633 * Any type not handled above should always have an Ethernet
1634 * type at an offset of "off_linktype". (PPP is partially
1635 * handled above - the protocol type is mapped from the
1636 * Ethernet and LLC types we use internally to the corresponding
1637 * PPP type - but the PPP type is always specified by a value
1638 * at "off_linktype", so we don't have to do the code generation
1639 * above.)
1640 */
1641 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1642 }
1643
1644 /*
1645 * Check for an LLC SNAP packet with a given organization code and
1646 * protocol type; we check the entire contents of the 802.2 LLC and
1647 * snap headers, checking for DSAP and SSAP of SNAP and a control
1648 * field of 0x03 in the LLC header, and for the specified organization
1649 * code and protocol type in the SNAP header.
1650 */
1651 static struct block *
1652 gen_snap(orgcode, ptype, offset)
1653 bpf_u_int32 orgcode;
1654 bpf_u_int32 ptype;
1655 u_int offset;
1656 {
1657 u_char snapblock[8];
1658
1659 snapblock[0] = LLCSAP_SNAP; /* DSAP = SNAP */
1660 snapblock[1] = LLCSAP_SNAP; /* SSAP = SNAP */
1661 snapblock[2] = 0x03; /* control = UI */
1662 snapblock[3] = (orgcode >> 16); /* upper 8 bits of organization code */
1663 snapblock[4] = (orgcode >> 8); /* middle 8 bits of organization code */
1664 snapblock[5] = (orgcode >> 0); /* lower 8 bits of organization code */
1665 snapblock[6] = (ptype >> 8); /* upper 8 bits of protocol type */
1666 snapblock[7] = (ptype >> 0); /* lower 8 bits of protocol type */
1667 return gen_bcmp(offset, 8, snapblock);
1668 }
1669
1670 /*
1671 * Check for a given protocol value assuming an 802.2 LLC header.
1672 */
1673 static struct block *
1674 gen_llc(proto)
1675 int proto;
1676 {
1677 /*
1678 * XXX - handle token-ring variable-length header.
1679 */
1680 switch (proto) {
1681
1682 case LLCSAP_ISONS:
1683 return gen_cmp(off_linktype, BPF_H, (long)
1684 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
1685
1686 case LLCSAP_NETBEUI:
1687 return gen_cmp(off_linktype, BPF_H, (long)
1688 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
1689
1690 case LLCSAP_IPX:
1691 /*
1692 * XXX - are there ever SNAP frames for IPX on
1693 * non-Ethernet 802.x networks?
1694 */
1695 return gen_cmp(off_linktype, BPF_B, (bpf_int32)LLCSAP_IPX);
1696
1697 case ETHERTYPE_ATALK:
1698 /*
1699 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1700 * SNAP packets with an organization code of
1701 * 0x080007 (Apple, for Appletalk) and a protocol
1702 * type of ETHERTYPE_ATALK (Appletalk).
1703 *
1704 * XXX - check for an organization code of
1705 * encapsulated Ethernet as well?
1706 */
1707 return gen_snap(0x080007, ETHERTYPE_ATALK, off_linktype);
1708
1709 default:
1710 /*
1711 * XXX - we don't have to check for IPX 802.3
1712 * here, but should we check for the IPX Ethertype?
1713 */
1714 if (proto <= ETHERMTU) {
1715 /*
1716 * This is an LLC SAP value, so check
1717 * the DSAP.
1718 */
1719 return gen_cmp(off_linktype, BPF_B, (bpf_int32)proto);
1720 } else {
1721 /*
1722 * This is an Ethernet type; we assume that it's
1723 * unlikely that it'll appear in the right place
1724 * at random, and therefore check only the
1725 * location that would hold the Ethernet type
1726 * in a SNAP frame with an organization code of
1727 * 0x000000 (encapsulated Ethernet).
1728 *
1729 * XXX - if we were to check for the SNAP DSAP and
1730 * LSAP, as per XXX, and were also to check for an
1731 * organization code of 0x000000 (encapsulated
1732 * Ethernet), we'd do
1733 *
1734 * return gen_snap(0x000000, proto,
1735 * off_linktype);
1736 *
1737 * here; for now, we don't, as per the above.
1738 * I don't know whether it's worth the extra CPU
1739 * time to do the right check or not.
1740 */
1741 return gen_cmp(off_linktype+6, BPF_H, (bpf_int32)proto);
1742 }
1743 }
1744 }
1745
1746 static struct block *
1747 gen_hostop(addr, mask, dir, proto, src_off, dst_off)
1748 bpf_u_int32 addr;
1749 bpf_u_int32 mask;
1750 int dir, proto;
1751 u_int src_off, dst_off;
1752 {
1753 struct block *b0, *b1;
1754 u_int offset;
1755
1756 switch (dir) {
1757
1758 case Q_SRC:
1759 offset = src_off;
1760 break;
1761
1762 case Q_DST:
1763 offset = dst_off;
1764 break;
1765
1766 case Q_AND:
1767 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
1768 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
1769 gen_and(b0, b1);
1770 return b1;
1771
1772 case Q_OR:
1773 case Q_DEFAULT:
1774 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
1775 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
1776 gen_or(b0, b1);
1777 return b1;
1778
1779 default:
1780 abort();
1781 }
1782 b0 = gen_linktype(proto);
1783 b1 = gen_mcmp(offset, BPF_W, (bpf_int32)addr, mask);
1784 gen_and(b0, b1);
1785 return b1;
1786 }
1787
1788 #ifdef INET6
1789 static struct block *
1790 gen_hostop6(addr, mask, dir, proto, src_off, dst_off)
1791 struct in6_addr *addr;
1792 struct in6_addr *mask;
1793 int dir, proto;
1794 u_int src_off, dst_off;
1795 {
1796 struct block *b0, *b1;
1797 u_int offset;
1798 u_int32_t *a, *m;
1799
1800 switch (dir) {
1801
1802 case Q_SRC:
1803 offset = src_off;
1804 break;
1805
1806 case Q_DST:
1807 offset = dst_off;
1808 break;
1809
1810 case Q_AND:
1811 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
1812 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
1813 gen_and(b0, b1);
1814 return b1;
1815
1816 case Q_OR:
1817 case Q_DEFAULT:
1818 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
1819 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
1820 gen_or(b0, b1);
1821 return b1;
1822
1823 default:
1824 abort();
1825 }
1826 /* this order is important */
1827 a = (u_int32_t *)addr;
1828 m = (u_int32_t *)mask;
1829 b1 = gen_mcmp(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3]));
1830 b0 = gen_mcmp(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2]));
1831 gen_and(b0, b1);
1832 b0 = gen_mcmp(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1]));
1833 gen_and(b0, b1);
1834 b0 = gen_mcmp(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0]));
1835 gen_and(b0, b1);
1836 b0 = gen_linktype(proto);
1837 gen_and(b0, b1);
1838 return b1;
1839 }
1840 #endif /*INET6*/
1841
1842 static struct block *
1843 gen_ehostop(eaddr, dir)
1844 register const u_char *eaddr;
1845 register int dir;
1846 {
1847 register struct block *b0, *b1;
1848
1849 switch (dir) {
1850 case Q_SRC:
1851 return gen_bcmp(off_mac + 6, 6, eaddr);
1852
1853 case Q_DST:
1854 return gen_bcmp(off_mac + 0, 6, eaddr);
1855
1856 case Q_AND:
1857 b0 = gen_ehostop(eaddr, Q_SRC);
1858 b1 = gen_ehostop(eaddr, Q_DST);
1859 gen_and(b0, b1);
1860 return b1;
1861
1862 case Q_DEFAULT:
1863 case Q_OR:
1864 b0 = gen_ehostop(eaddr, Q_SRC);
1865 b1 = gen_ehostop(eaddr, Q_DST);
1866 gen_or(b0, b1);
1867 return b1;
1868 }
1869 abort();
1870 /* NOTREACHED */
1871 }
1872
1873 /*
1874 * Like gen_ehostop, but for DLT_FDDI
1875 */
1876 static struct block *
1877 gen_fhostop(eaddr, dir)
1878 register const u_char *eaddr;
1879 register int dir;
1880 {
1881 struct block *b0, *b1;
1882
1883 switch (dir) {
1884 case Q_SRC:
1885 #ifdef PCAP_FDDIPAD
1886 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr);
1887 #else
1888 return gen_bcmp(6 + 1, 6, eaddr);
1889 #endif
1890
1891 case Q_DST:
1892 #ifdef PCAP_FDDIPAD
1893 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr);
1894 #else
1895 return gen_bcmp(0 + 1, 6, eaddr);
1896 #endif
1897
1898 case Q_AND:
1899 b0 = gen_fhostop(eaddr, Q_SRC);
1900 b1 = gen_fhostop(eaddr, Q_DST);
1901 gen_and(b0, b1);
1902 return b1;
1903
1904 case Q_DEFAULT:
1905 case Q_OR:
1906 b0 = gen_fhostop(eaddr, Q_SRC);
1907 b1 = gen_fhostop(eaddr, Q_DST);
1908 gen_or(b0, b1);
1909 return b1;
1910 }
1911 abort();
1912 /* NOTREACHED */
1913 }
1914
1915 /*
1916 * Like gen_ehostop, but for DLT_IEEE802 (Token Ring)
1917 */
1918 static struct block *
1919 gen_thostop(eaddr, dir)
1920 register const u_char *eaddr;
1921 register int dir;
1922 {
1923 register struct block *b0, *b1;
1924
1925 switch (dir) {
1926 case Q_SRC:
1927 return gen_bcmp(8, 6, eaddr);
1928
1929 case Q_DST:
1930 return gen_bcmp(2, 6, eaddr);
1931
1932 case Q_AND:
1933 b0 = gen_thostop(eaddr, Q_SRC);
1934 b1 = gen_thostop(eaddr, Q_DST);
1935 gen_and(b0, b1);
1936 return b1;
1937
1938 case Q_DEFAULT:
1939 case Q_OR:
1940 b0 = gen_thostop(eaddr, Q_SRC);
1941 b1 = gen_thostop(eaddr, Q_DST);
1942 gen_or(b0, b1);
1943 return b1;
1944 }
1945 abort();
1946 /* NOTREACHED */
1947 }
1948
1949 /*
1950 * Like gen_ehostop, but for DLT_IEEE802_11 (802.11 wireless LAN)
1951 */
1952 static struct block *
1953 gen_wlanhostop(eaddr, dir)
1954 register const u_char *eaddr;
1955 register int dir;
1956 {
1957 register struct block *b0, *b1, *b2;
1958 register struct slist *s;
1959
1960 switch (dir) {
1961 case Q_SRC:
1962 /*
1963 * Oh, yuk.
1964 *
1965 * For control frames, there is no SA.
1966 *
1967 * For management frames, SA is at an
1968 * offset of 10 from the beginning of
1969 * the packet.
1970 *
1971 * For data frames, SA is at an offset
1972 * of 10 from the beginning of the packet
1973 * if From DS is clear, at an offset of
1974 * 16 from the beginning of the packet
1975 * if From DS is set and To DS is clear,
1976 * and an offset of 24 from the beginning
1977 * of the packet if From DS is set and To DS
1978 * is set.
1979 */
1980
1981 /*
1982 * Generate the tests to be done for data frames
1983 * with From DS set.
1984 *
1985 * First, check for To DS set, i.e. check "link[1] & 0x01".
1986 */
1987 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
1988 s->s.k = 1;
1989 b1 = new_block(JMP(BPF_JSET));
1990 b1->s.k = 0x01; /* To DS */
1991 b1->stmts = s;
1992
1993 /*
1994 * If To DS is set, the SA is at 24.
1995 */
1996 b0 = gen_bcmp(24, 6, eaddr);
1997 gen_and(b1, b0);
1998
1999 /*
2000 * Now, check for To DS not set, i.e. check
2001 * "!(link[1] & 0x01)".
2002 */
2003 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2004 s->s.k = 1;
2005 b2 = new_block(JMP(BPF_JSET));
2006 b2->s.k = 0x01; /* To DS */
2007 b2->stmts = s;
2008 gen_not(b2);
2009
2010 /*
2011 * If To DS is not set, the SA is at 16.
2012 */
2013 b1 = gen_bcmp(16, 6, eaddr);
2014 gen_and(b2, b1);
2015
2016 /*
2017 * Now OR together the last two checks. That gives
2018 * the complete set of checks for data frames with
2019 * From DS set.
2020 */
2021 gen_or(b1, b0);
2022
2023 /*
2024 * Now check for From DS being set, and AND that with
2025 * the ORed-together checks.
2026 */
2027 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2028 s->s.k = 1;
2029 b1 = new_block(JMP(BPF_JSET));
2030 b1->s.k = 0x02; /* From DS */
2031 b1->stmts = s;
2032 gen_and(b1, b0);
2033
2034 /*
2035 * Now check for data frames with From DS not set.
2036 */
2037 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2038 s->s.k = 1;
2039 b2 = new_block(JMP(BPF_JSET));
2040 b2->s.k = 0x02; /* From DS */
2041 b2->stmts = s;
2042 gen_not(b2);
2043
2044 /*
2045 * If From DS isn't set, the SA is at 10.
2046 */
2047 b1 = gen_bcmp(10, 6, eaddr);
2048 gen_and(b2, b1);
2049
2050 /*
2051 * Now OR together the checks for data frames with
2052 * From DS not set and for data frames with From DS
2053 * set; that gives the checks done for data frames.
2054 */
2055 gen_or(b1, b0);
2056
2057 /*
2058 * Now check for a data frame.
2059 * I.e, check "link[0] & 0x08".
2060 */
2061 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2062 s->s.k = 0;
2063 b1 = new_block(JMP(BPF_JSET));
2064 b1->s.k = 0x08;
2065 b1->stmts = s;
2066
2067 /*
2068 * AND that with the checks done for data frames.
2069 */
2070 gen_and(b1, b0);
2071
2072 /*
2073 * If the high-order bit of the type value is 0, this
2074 * is a management frame.
2075 * I.e, check "!(link[0] & 0x08)".
2076 */
2077 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2078 s->s.k = 0;
2079 b2 = new_block(JMP(BPF_JSET));
2080 b2->s.k = 0x08;
2081 b2->stmts = s;
2082 gen_not(b2);
2083
2084 /*
2085 * For management frames, the SA is at 10.
2086 */
2087 b1 = gen_bcmp(10, 6, eaddr);
2088 gen_and(b2, b1);
2089
2090 /*
2091 * OR that with the checks done for data frames.
2092 * That gives the checks done for management and
2093 * data frames.
2094 */
2095 gen_or(b1, b0);
2096
2097 /*
2098 * If the low-order bit of the type value is 1,
2099 * this is either a control frame or a frame
2100 * with a reserved type, and thus not a
2101 * frame with an SA.
2102 *
2103 * I.e., check "!(link[0] & 0x04)".
2104 */
2105 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2106 s->s.k = 0;
2107 b1 = new_block(JMP(BPF_JSET));
2108 b1->s.k = 0x04;
2109 b1->stmts = s;
2110 gen_not(b1);
2111
2112 /*
2113 * AND that with the checks for data and management
2114 * frames.
2115 */
2116 gen_and(b1, b0);
2117 return b0;
2118
2119 case Q_DST:
2120 /*
2121 * Oh, yuk.
2122 *
2123 * For control frames, there is no DA.
2124 *
2125 * For management frames, DA is at an
2126 * offset of 4 from the beginning of
2127 * the packet.
2128 *
2129 * For data frames, DA is at an offset
2130 * of 4 from the beginning of the packet
2131 * if To DS is clear and at an offset of
2132 * 16 from the beginning of the packet
2133 * if To DS is set.
2134 */
2135
2136 /*
2137 * Generate the tests to be done for data frames.
2138 *
2139 * First, check for To DS set, i.e. "link[1] & 0x01".
2140 */
2141 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2142 s->s.k = 1;
2143 b1 = new_block(JMP(BPF_JSET));
2144 b1->s.k = 0x01; /* To DS */
2145 b1->stmts = s;
2146
2147 /*
2148 * If To DS is set, the DA is at 16.
2149 */
2150 b0 = gen_bcmp(16, 6, eaddr);
2151 gen_and(b1, b0);
2152
2153 /*
2154 * Now, check for To DS not set, i.e. check
2155 * "!(link[1] & 0x01)".
2156 */
2157 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2158 s->s.k = 1;
2159 b2 = new_block(JMP(BPF_JSET));
2160 b2->s.k = 0x01; /* To DS */
2161 b2->stmts = s;
2162 gen_not(b2);
2163
2164 /*
2165 * If To DS is not set, the DA is at 4.
2166 */
2167 b1 = gen_bcmp(4, 6, eaddr);
2168 gen_and(b2, b1);
2169
2170 /*
2171 * Now OR together the last two checks. That gives
2172 * the complete set of checks for data frames.
2173 */
2174 gen_or(b1, b0);
2175
2176 /*
2177 * Now check for a data frame.
2178 * I.e, check "link[0] & 0x08".
2179 */
2180 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2181 s->s.k = 0;
2182 b1 = new_block(JMP(BPF_JSET));
2183 b1->s.k = 0x08;
2184 b1->stmts = s;
2185
2186 /*
2187 * AND that with the checks done for data frames.
2188 */
2189 gen_and(b1, b0);
2190
2191 /*
2192 * If the high-order bit of the type value is 0, this
2193 * is a management frame.
2194 * I.e, check "!(link[0] & 0x08)".
2195 */
2196 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2197 s->s.k = 0;
2198 b2 = new_block(JMP(BPF_JSET));
2199 b2->s.k = 0x08;
2200 b2->stmts = s;
2201 gen_not(b2);
2202
2203 /*
2204 * For management frames, the DA is at 4.
2205 */
2206 b1 = gen_bcmp(4, 6, eaddr);
2207 gen_and(b2, b1);
2208
2209 /*
2210 * OR that with the checks done for data frames.
2211 * That gives the checks done for management and
2212 * data frames.
2213 */
2214 gen_or(b1, b0);
2215
2216 /*
2217 * If the low-order bit of the type value is 1,
2218 * this is either a control frame or a frame
2219 * with a reserved type, and thus not a
2220 * frame with an SA.
2221 *
2222 * I.e., check "!(link[0] & 0x04)".
2223 */
2224 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2225 s->s.k = 0;
2226 b1 = new_block(JMP(BPF_JSET));
2227 b1->s.k = 0x04;
2228 b1->stmts = s;
2229 gen_not(b1);
2230
2231 /*
2232 * AND that with the checks for data and management
2233 * frames.
2234 */
2235 gen_and(b1, b0);
2236 return b0;
2237
2238 case Q_AND:
2239 b0 = gen_wlanhostop(eaddr, Q_SRC);
2240 b1 = gen_wlanhostop(eaddr, Q_DST);
2241 gen_and(b0, b1);
2242 return b1;
2243
2244 case Q_DEFAULT:
2245 case Q_OR:
2246 b0 = gen_wlanhostop(eaddr, Q_SRC);
2247 b1 = gen_wlanhostop(eaddr, Q_DST);
2248 gen_or(b0, b1);
2249 return b1;
2250 }
2251 abort();
2252 /* NOTREACHED */
2253 }
2254
2255 /*
2256 * Like gen_ehostop, but for RFC 2625 IP-over-Fibre-Channel.
2257 * (We assume that the addresses are IEEE 48-bit MAC addresses,
2258 * as the RFC states.)
2259 */
2260 static struct block *
2261 gen_ipfchostop(eaddr, dir)
2262 register const u_char *eaddr;
2263 register int dir;
2264 {
2265 register struct block *b0, *b1;
2266
2267 switch (dir) {
2268 case Q_SRC:
2269 return gen_bcmp(10, 6, eaddr);
2270
2271 case Q_DST:
2272 return gen_bcmp(2, 6, eaddr);
2273
2274 case Q_AND:
2275 b0 = gen_ipfchostop(eaddr, Q_SRC);
2276 b1 = gen_ipfchostop(eaddr, Q_DST);
2277 gen_and(b0, b1);
2278 return b1;
2279
2280 case Q_DEFAULT:
2281 case Q_OR:
2282 b0 = gen_ipfchostop(eaddr, Q_SRC);
2283 b1 = gen_ipfchostop(eaddr, Q_DST);
2284 gen_or(b0, b1);
2285 return b1;
2286 }
2287 abort();
2288 /* NOTREACHED */
2289 }
2290
2291 /*
2292 * This is quite tricky because there may be pad bytes in front of the
2293 * DECNET header, and then there are two possible data packet formats that
2294 * carry both src and dst addresses, plus 5 packet types in a format that
2295 * carries only the src node, plus 2 types that use a different format and
2296 * also carry just the src node.
2297 *
2298 * Yuck.
2299 *
2300 * Instead of doing those all right, we just look for data packets with
2301 * 0 or 1 bytes of padding. If you want to look at other packets, that
2302 * will require a lot more hacking.
2303 *
2304 * To add support for filtering on DECNET "areas" (network numbers)
2305 * one would want to add a "mask" argument to this routine. That would
2306 * make the filter even more inefficient, although one could be clever
2307 * and not generate masking instructions if the mask is 0xFFFF.
2308 */
2309 static struct block *
2310 gen_dnhostop(addr, dir, base_off)
2311 bpf_u_int32 addr;
2312 int dir;
2313 u_int base_off;
2314 {
2315 struct block *b0, *b1, *b2, *tmp;
2316 u_int offset_lh; /* offset if long header is received */
2317 u_int offset_sh; /* offset if short header is received */
2318
2319 switch (dir) {
2320
2321 case Q_DST:
2322 offset_sh = 1; /* follows flags */
2323 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */
2324 break;
2325
2326 case Q_SRC:
2327 offset_sh = 3; /* follows flags, dstnode */
2328 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */
2329 break;
2330
2331 case Q_AND:
2332 /* Inefficient because we do our Calvinball dance twice */
2333 b0 = gen_dnhostop(addr, Q_SRC, base_off);
2334 b1 = gen_dnhostop(addr, Q_DST, base_off);
2335 gen_and(b0, b1);
2336 return b1;
2337
2338 case Q_OR:
2339 case Q_DEFAULT:
2340 /* Inefficient because we do our Calvinball dance twice */
2341 b0 = gen_dnhostop(addr, Q_SRC, base_off);
2342 b1 = gen_dnhostop(addr, Q_DST, base_off);
2343 gen_or(b0, b1);
2344 return b1;
2345
2346 case Q_ISO:
2347 bpf_error("ISO host filtering not implemented");
2348
2349 default:
2350 abort();
2351 }
2352 b0 = gen_linktype(ETHERTYPE_DN);
2353 /* Check for pad = 1, long header case */
2354 tmp = gen_mcmp(base_off + 2, BPF_H,
2355 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF));
2356 b1 = gen_cmp(base_off + 2 + 1 + offset_lh,
2357 BPF_H, (bpf_int32)ntohs(addr));
2358 gen_and(tmp, b1);
2359 /* Check for pad = 0, long header case */
2360 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7);
2361 b2 = gen_cmp(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr));
2362 gen_and(tmp, b2);
2363 gen_or(b2, b1);
2364 /* Check for pad = 1, short header case */
2365 tmp = gen_mcmp(base_off + 2, BPF_H,
2366 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF));
2367 b2 = gen_cmp(base_off + 2 + 1 + offset_sh,
2368 BPF_H, (bpf_int32)ntohs(addr));
2369 gen_and(tmp, b2);
2370 gen_or(b2, b1);
2371 /* Check for pad = 0, short header case */
2372 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7);
2373 b2 = gen_cmp(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr));
2374 gen_and(tmp, b2);
2375 gen_or(b2, b1);
2376
2377 /* Combine with test for linktype */
2378 gen_and(b0, b1);
2379 return b1;
2380 }
2381
2382 static struct block *
2383 gen_host(addr, mask, proto, dir)
2384 bpf_u_int32 addr;
2385 bpf_u_int32 mask;
2386 int proto;
2387 int dir;
2388 {
2389 struct block *b0, *b1;
2390
2391 switch (proto) {
2392
2393 case Q_DEFAULT:
2394 b0 = gen_host(addr, mask, Q_IP, dir);
2395 if (off_linktype != -1) {
2396 b1 = gen_host(addr, mask, Q_ARP, dir);
2397 gen_or(b0, b1);
2398 b0 = gen_host(addr, mask, Q_RARP, dir);
2399 gen_or(b1, b0);
2400 }
2401 return b0;
2402
2403 case Q_IP:
2404 return gen_hostop(addr, mask, dir, ETHERTYPE_IP,
2405 off_nl + 12, off_nl + 16);
2406
2407 case Q_RARP:
2408 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP,
2409 off_nl + 14, off_nl + 24);
2410
2411 case Q_ARP:
2412 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP,
2413 off_nl + 14, off_nl + 24);
2414
2415 case Q_TCP:
2416 bpf_error("'tcp' modifier applied to host");
2417
2418 case Q_SCTP:
2419 bpf_error("'sctp' modifier applied to host");
2420
2421 case Q_UDP:
2422 bpf_error("'udp' modifier applied to host");
2423
2424 case Q_ICMP:
2425 bpf_error("'icmp' modifier applied to host");
2426
2427 case Q_IGMP:
2428 bpf_error("'igmp' modifier applied to host");
2429
2430 case Q_IGRP:
2431 bpf_error("'igrp' modifier applied to host");
2432
2433 case Q_PIM:
2434 bpf_error("'pim' modifier applied to host");
2435
2436 case Q_VRRP:
2437 bpf_error("'vrrp' modifier applied to host");
2438
2439 case Q_ATALK:
2440 bpf_error("ATALK host filtering not implemented");
2441
2442 case Q_AARP:
2443 bpf_error("AARP host filtering not implemented");
2444
2445 case Q_DECNET:
2446 return gen_dnhostop(addr, dir, off_nl);
2447
2448 case Q_SCA:
2449 bpf_error("SCA host filtering not implemented");
2450
2451 case Q_LAT:
2452 bpf_error("LAT host filtering not implemented");
2453
2454 case Q_MOPDL:
2455 bpf_error("MOPDL host filtering not implemented");
2456
2457 case Q_MOPRC:
2458 bpf_error("MOPRC host filtering not implemented");
2459
2460 #ifdef INET6
2461 case Q_IPV6:
2462 bpf_error("'ip6' modifier applied to ip host");
2463
2464 case Q_ICMPV6:
2465 bpf_error("'icmp6' modifier applied to host");
2466 #endif /* INET6 */
2467
2468 case Q_AH:
2469 bpf_error("'ah' modifier applied to host");
2470
2471 case Q_ESP:
2472 bpf_error("'esp' modifier applied to host");
2473
2474 case Q_ISO:
2475 bpf_error("ISO host filtering not implemented");
2476
2477 case Q_ESIS:
2478 bpf_error("'esis' modifier applied to host");
2479
2480 case Q_ISIS:
2481 bpf_error("'isis' modifier applied to host");
2482
2483 case Q_CLNP:
2484 bpf_error("'clnp' modifier applied to host");
2485
2486 case Q_STP:
2487 bpf_error("'stp' modifier applied to host");
2488
2489 case Q_IPX:
2490 bpf_error("IPX host filtering not implemented");
2491
2492 case Q_NETBEUI:
2493 bpf_error("'netbeui' modifier applied to host");
2494
2495 default:
2496 abort();
2497 }
2498 /* NOTREACHED */
2499 }
2500
2501 #ifdef INET6
2502 static struct block *
2503 gen_host6(addr, mask, proto, dir)
2504 struct in6_addr *addr;
2505 struct in6_addr *mask;
2506 int proto;
2507 int dir;
2508 {
2509 switch (proto) {
2510
2511 case Q_DEFAULT:
2512 return gen_host6(addr, mask, Q_IPV6, dir);
2513
2514 case Q_IP:
2515 bpf_error("'ip' modifier applied to ip6 host");
2516
2517 case Q_RARP:
2518 bpf_error("'rarp' modifier applied to ip6 host");
2519
2520 case Q_ARP:
2521 bpf_error("'arp' modifier applied to ip6 host");
2522
2523 case Q_SCTP:
2524 bpf_error("'sctp' modifier applied to host");
2525
2526 case Q_TCP:
2527 bpf_error("'tcp' modifier applied to host");
2528
2529 case Q_UDP:
2530 bpf_error("'udp' modifier applied to host");
2531
2532 case Q_ICMP:
2533 bpf_error("'icmp' modifier applied to host");
2534
2535 case Q_IGMP:
2536 bpf_error("'igmp' modifier applied to host");
2537
2538 case Q_IGRP:
2539 bpf_error("'igrp' modifier applied to host");
2540
2541 case Q_PIM:
2542 bpf_error("'pim' modifier applied to host");
2543
2544 case Q_VRRP:
2545 bpf_error("'vrrp' modifier applied to host");
2546
2547 case Q_ATALK:
2548 bpf_error("ATALK host filtering not implemented");
2549
2550 case Q_AARP:
2551 bpf_error("AARP host filtering not implemented");
2552
2553 case Q_DECNET:
2554 bpf_error("'decnet' modifier applied to ip6 host");
2555
2556 case Q_SCA:
2557 bpf_error("SCA host filtering not implemented");
2558
2559 case Q_LAT:
2560 bpf_error("LAT host filtering not implemented");
2561
2562 case Q_MOPDL:
2563 bpf_error("MOPDL host filtering not implemented");
2564
2565 case Q_MOPRC:
2566 bpf_error("MOPRC host filtering not implemented");
2567
2568 case Q_IPV6:
2569 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6,
2570 off_nl + 8, off_nl + 24);
2571
2572 case Q_ICMPV6:
2573 bpf_error("'icmp6' modifier applied to host");
2574
2575 case Q_AH:
2576 bpf_error("'ah' modifier applied to host");
2577
2578 case Q_ESP:
2579 bpf_error("'esp' modifier applied to host");
2580
2581 case Q_ISO:
2582 bpf_error("ISO host filtering not implemented");
2583
2584 case Q_ESIS:
2585 bpf_error("'esis' modifier applied to host");
2586
2587 case Q_ISIS:
2588 bpf_error("'isis' modifier applied to host");
2589
2590 case Q_CLNP:
2591 bpf_error("'clnp' modifier applied to host");
2592
2593 case Q_STP:
2594 bpf_error("'stp' modifier applied to host");
2595
2596 case Q_IPX:
2597 bpf_error("IPX host filtering not implemented");
2598
2599 case Q_NETBEUI:
2600 bpf_error("'netbeui' modifier applied to host");
2601
2602 default:
2603 abort();
2604 }
2605 /* NOTREACHED */
2606 }
2607 #endif /*INET6*/
2608
2609 #ifndef INET6
2610 static struct block *
2611 gen_gateway(eaddr, alist, proto, dir)
2612 const u_char *eaddr;
2613 bpf_u_int32 **alist;
2614 int proto;
2615 int dir;
2616 {
2617 struct block *b0, *b1, *tmp;
2618
2619 if (dir != 0)
2620 bpf_error("direction applied to 'gateway'");
2621
2622 switch (proto) {
2623 case Q_DEFAULT:
2624 case Q_IP:
2625 case Q_ARP:
2626 case Q_RARP:
2627 if (linktype == DLT_EN10MB)
2628 b0 = gen_ehostop(eaddr, Q_OR);
2629 else if (linktype == DLT_FDDI)
2630 b0 = gen_fhostop(eaddr, Q_OR);
2631 else if (linktype == DLT_IEEE802)
2632 b0 = gen_thostop(eaddr, Q_OR);
2633 else if (linktype == DLT_IEEE802_11)
2634 b0 = gen_wlanhostop(eaddr, Q_OR);
2635 else if (linktype == DLT_SUNATM && is_lane) {
2636 /*
2637 * Check that the packet doesn't begin with an
2638 * LE Control marker. (We've already generated
2639 * a test for LANE.)
2640 */
2641 b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
2642 gen_not(b1);
2643
2644 /*
2645 * Now check the MAC address.
2646 */
2647 b0 = gen_ehostop(eaddr, Q_OR);
2648 gen_and(b1, b0);
2649 } else if (linktype == DLT_IP_OVER_FC)
2650 b0 = gen_ipfchostop(eaddr, Q_OR);
2651 else
2652 bpf_error(
2653 "'gateway' supported only on ethernet/FDDI/token ring/802.11/Fibre Channel");
2654
2655 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR);
2656 while (*alist) {
2657 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR);
2658 gen_or(b1, tmp);
2659 b1 = tmp;
2660 }
2661 gen_not(b1);
2662 gen_and(b0, b1);
2663 return b1;
2664 }
2665 bpf_error("illegal modifier of 'gateway'");
2666 /* NOTREACHED */
2667 }
2668 #endif
2669
2670 struct block *
2671 gen_proto_abbrev(proto)
2672 int proto;
2673 {
2674 #ifdef INET6
2675 struct block *b0;
2676 #endif
2677 struct block *b1;
2678
2679 switch (proto) {
2680
2681 case Q_SCTP:
2682 b1 = gen_proto(IPPROTO_SCTP, Q_IP, Q_DEFAULT);
2683 #ifdef INET6
2684 b0 = gen_proto(IPPROTO_SCTP, Q_IPV6, Q_DEFAULT);
2685 gen_or(b0, b1);
2686 #endif
2687 break;
2688
2689 case Q_TCP:
2690 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT);
2691 #ifdef INET6
2692 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT);
2693 gen_or(b0, b1);
2694 #endif
2695 break;
2696
2697 case Q_UDP:
2698 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT);
2699 #ifdef INET6
2700 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT);
2701 gen_or(b0, b1);
2702 #endif
2703 break;
2704
2705 case Q_ICMP:
2706 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT);
2707 break;
2708
2709 #ifndef IPPROTO_IGMP
2710 #define IPPROTO_IGMP 2
2711 #endif
2712
2713 case Q_IGMP:
2714 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT);
2715 break;
2716
2717 #ifndef IPPROTO_IGRP
2718 #define IPPROTO_IGRP 9
2719 #endif
2720 case Q_IGRP:
2721 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT);
2722 break;
2723
2724 #ifndef IPPROTO_PIM
2725 #define IPPROTO_PIM 103
2726 #endif
2727
2728 case Q_PIM:
2729 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT);
2730 #ifdef INET6
2731 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT);
2732 gen_or(b0, b1);
2733 #endif
2734 break;
2735
2736 #ifndef IPPROTO_VRRP
2737 #define IPPROTO_VRRP 112
2738 #endif
2739
2740 case Q_VRRP:
2741 b1 = gen_proto(IPPROTO_VRRP, Q_IP, Q_DEFAULT);
2742 break;
2743
2744 case Q_IP:
2745 b1 = gen_linktype(ETHERTYPE_IP);
2746 break;
2747
2748 case Q_ARP:
2749 b1 = gen_linktype(ETHERTYPE_ARP);
2750 break;
2751
2752 case Q_RARP:
2753 b1 = gen_linktype(ETHERTYPE_REVARP);
2754 break;
2755
2756 case Q_LINK:
2757 bpf_error("link layer applied in wrong context");
2758
2759 case Q_ATALK:
2760 b1 = gen_linktype(ETHERTYPE_ATALK);
2761 break;
2762
2763 case Q_AARP:
2764 b1 = gen_linktype(ETHERTYPE_AARP);
2765 break;
2766
2767 case Q_DECNET:
2768 b1 = gen_linktype(ETHERTYPE_DN);
2769 break;
2770
2771 case Q_SCA:
2772 b1 = gen_linktype(ETHERTYPE_SCA);
2773 break;
2774
2775 case Q_LAT:
2776 b1 = gen_linktype(ETHERTYPE_LAT);
2777 break;
2778
2779 case Q_MOPDL:
2780 b1 = gen_linktype(ETHERTYPE_MOPDL);
2781 break;
2782
2783 case Q_MOPRC:
2784 b1 = gen_linktype(ETHERTYPE_MOPRC);
2785 break;
2786
2787 #ifdef INET6
2788 case Q_IPV6:
2789 b1 = gen_linktype(ETHERTYPE_IPV6);
2790 break;
2791
2792 #ifndef IPPROTO_ICMPV6
2793 #define IPPROTO_ICMPV6 58
2794 #endif
2795 case Q_ICMPV6:
2796 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT);
2797 break;
2798 #endif /* INET6 */
2799
2800 #ifndef IPPROTO_AH
2801 #define IPPROTO_AH 51
2802 #endif
2803 case Q_AH:
2804 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT);
2805 #ifdef INET6
2806 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT);
2807 gen_or(b0, b1);
2808 #endif
2809 break;
2810
2811 #ifndef IPPROTO_ESP
2812 #define IPPROTO_ESP 50
2813 #endif
2814 case Q_ESP:
2815 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT);
2816 #ifdef INET6
2817 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT);
2818 gen_or(b0, b1);
2819 #endif
2820 break;
2821
2822 case Q_ISO:
2823 b1 = gen_linktype(LLCSAP_ISONS);
2824 break;
2825
2826 case Q_ESIS:
2827 b1 = gen_proto(ISO9542_ESIS, Q_ISO, Q_DEFAULT);
2828 break;
2829
2830 case Q_ISIS:
2831 b1 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT);
2832 break;
2833
2834 case Q_CLNP:
2835 b1 = gen_proto(ISO8473_CLNP, Q_ISO, Q_DEFAULT);
2836 break;
2837
2838 case Q_STP:
2839 b1 = gen_linktype(LLCSAP_8021D);
2840 break;
2841
2842 case Q_IPX:
2843 b1 = gen_linktype(LLCSAP_IPX);
2844 break;
2845
2846 case Q_NETBEUI:
2847 b1 = gen_linktype(LLCSAP_NETBEUI);
2848 break;
2849
2850 default:
2851 abort();
2852 }
2853 return b1;
2854 }
2855
2856 static struct block *
2857 gen_ipfrag()
2858 {
2859 struct slist *s;
2860 struct block *b;
2861
2862 /* not ip frag */
2863 s = new_stmt(BPF_LD|BPF_H|BPF_ABS);
2864 s->s.k = off_nl + 6;
2865 b = new_block(JMP(BPF_JSET));
2866 b->s.k = 0x1fff;
2867 b->stmts = s;
2868 gen_not(b);
2869
2870 return b;
2871 }
2872
2873 static struct block *
2874 gen_portatom(off, v)
2875 int off;
2876 bpf_int32 v;
2877 {
2878 struct slist *s;
2879 struct block *b;
2880
2881 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
2882 s->s.k = off_nl;
2883
2884 s->next = new_stmt(BPF_LD|BPF_IND|BPF_H);
2885 s->next->s.k = off_nl + off;
2886
2887 b = new_block(JMP(BPF_JEQ));
2888 b->stmts = s;
2889 b->s.k = v;
2890
2891 return b;
2892 }
2893
2894 #ifdef INET6
2895 static struct block *
2896 gen_portatom6(off, v)
2897 int off;
2898 bpf_int32 v;
2899 {
2900 return gen_cmp(off_nl + 40 + off, BPF_H, v);
2901 }
2902 #endif/*INET6*/
2903
2904 struct block *
2905 gen_portop(port, proto, dir)
2906 int port, proto, dir;
2907 {
2908 struct block *b0, *b1, *tmp;
2909
2910 /* ip proto 'proto' */
2911 tmp = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)proto);
2912 b0 = gen_ipfrag();
2913 gen_and(tmp, b0);
2914
2915 switch (dir) {
2916 case Q_SRC:
2917 b1 = gen_portatom(0, (bpf_int32)port);
2918 break;
2919
2920 case Q_DST:
2921 b1 = gen_portatom(2, (bpf_int32)port);
2922 break;
2923
2924 case Q_OR:
2925 case Q_DEFAULT:
2926 tmp = gen_portatom(0, (bpf_int32)port);
2927 b1 = gen_portatom(2, (bpf_int32)port);
2928 gen_or(tmp, b1);
2929 break;
2930
2931 case Q_AND:
2932 tmp = gen_portatom(0, (bpf_int32)port);
2933 b1 = gen_portatom(2, (bpf_int32)port);
2934 gen_and(tmp, b1);
2935 break;
2936
2937 default:
2938 abort();
2939 }
2940 gen_and(b0, b1);
2941
2942 return b1;
2943 }
2944
2945 static struct block *
2946 gen_port(port, ip_proto, dir)
2947 int port;
2948 int ip_proto;
2949 int dir;
2950 {
2951 struct block *b0, *b1, *tmp;
2952
2953 /* ether proto ip */
2954 b0 = gen_linktype(ETHERTYPE_IP);
2955
2956 switch (ip_proto) {
2957 case IPPROTO_UDP:
2958 case IPPROTO_TCP:
2959 case IPPROTO_SCTP:
2960 b1 = gen_portop(port, ip_proto, dir);
2961 break;
2962
2963 case PROTO_UNDEF:
2964 tmp = gen_portop(port, IPPROTO_TCP, dir);
2965 b1 = gen_portop(port, IPPROTO_UDP, dir);
2966 gen_or(tmp, b1);
2967 tmp = gen_portop(port, IPPROTO_SCTP, dir);
2968 gen_or(tmp, b1);
2969 break;
2970
2971 default:
2972 abort();
2973 }
2974 gen_and(b0, b1);
2975 return b1;
2976 }
2977
2978 #ifdef INET6
2979 struct block *
2980 gen_portop6(port, proto, dir)
2981 int port, proto, dir;
2982 {
2983 struct block *b0, *b1, *tmp;
2984
2985 /* ip proto 'proto' */
2986 b0 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)proto);
2987
2988 switch (dir) {
2989 case Q_SRC:
2990 b1 = gen_portatom6(0, (bpf_int32)port);
2991 break;
2992
2993 case Q_DST:
2994 b1 = gen_portatom6(2, (bpf_int32)port);
2995 break;
2996
2997 case Q_OR:
2998 case Q_DEFAULT:
2999 tmp = gen_portatom6(0, (bpf_int32)port);
3000 b1 = gen_portatom6(2, (bpf_int32)port);
3001 gen_or(tmp, b1);
3002 break;
3003
3004 case Q_AND:
3005 tmp = gen_portatom6(0, (bpf_int32)port);
3006 b1 = gen_portatom6(2, (bpf_int32)port);
3007 gen_and(tmp, b1);
3008 break;
3009
3010 default:
3011 abort();
3012 }
3013 gen_and(b0, b1);
3014
3015 return b1;
3016 }
3017
3018 static struct block *
3019 gen_port6(port, ip_proto, dir)
3020 int port;
3021 int ip_proto;
3022 int dir;
3023 {
3024 struct block *b0, *b1, *tmp;
3025
3026 /* ether proto ip */
3027 b0 = gen_linktype(ETHERTYPE_IPV6);
3028
3029 switch (ip_proto) {
3030 case IPPROTO_UDP:
3031 case IPPROTO_TCP:
3032 case IPPROTO_SCTP:
3033 b1 = gen_portop6(port, ip_proto, dir);
3034 break;
3035
3036 case PROTO_UNDEF:
3037 tmp = gen_portop6(port, IPPROTO_TCP, dir);
3038 b1 = gen_portop6(port, IPPROTO_UDP, dir);
3039 gen_or(tmp, b1);
3040 tmp = gen_portop6(port, IPPROTO_SCTP, dir);
3041 gen_or(tmp, b1);
3042 break;
3043
3044 default:
3045 abort();
3046 }
3047 gen_and(b0, b1);
3048 return b1;
3049 }
3050 #endif /* INET6 */
3051
3052 static int
3053 lookup_proto(name, proto)
3054 register const char *name;
3055 register int proto;
3056 {
3057 register int v;
3058
3059 switch (proto) {
3060
3061 case Q_DEFAULT:
3062 case Q_IP:
3063 case Q_IPV6:
3064 v = pcap_nametoproto(name);
3065 if (v == PROTO_UNDEF)
3066 bpf_error("unknown ip proto '%s'", name);
3067 break;
3068
3069 case Q_LINK:
3070 /* XXX should look up h/w protocol type based on linktype */
3071 v = pcap_nametoeproto(name);
3072 if (v == PROTO_UNDEF)
3073 bpf_error("unknown ether proto '%s'", name);
3074 break;
3075
3076 case Q_ISO:
3077 if (strcmp(name, "esis") == 0)
3078 v = ISO9542_ESIS;
3079 else if (strcmp(name, "isis") == 0)
3080 v = ISO10589_ISIS;
3081 else if (strcmp(name, "clnp") == 0)
3082 v = ISO8473_CLNP;
3083 else
3084 bpf_error("unknown osi proto '%s'", name);
3085 break;
3086
3087 default:
3088 v = PROTO_UNDEF;
3089 break;
3090 }
3091 return v;
3092 }
3093
3094 #if 0
3095 struct stmt *
3096 gen_joinsp(s, n)
3097 struct stmt **s;
3098 int n;
3099 {
3100 return NULL;
3101 }
3102 #endif
3103
3104 static struct block *
3105 gen_protochain(v, proto, dir)
3106 int v;
3107 int proto;
3108 int dir;
3109 {
3110 #ifdef NO_PROTOCHAIN
3111 return gen_proto(v, proto, dir);
3112 #else
3113 struct block *b0, *b;
3114 struct slist *s[100];
3115 int fix2, fix3, fix4, fix5;
3116 int ahcheck, again, end;
3117 int i, max;
3118 int reg2 = alloc_reg();
3119
3120 memset(s, 0, sizeof(s));
3121 fix2 = fix3 = fix4 = fix5 = 0;
3122
3123 switch (proto) {
3124 case Q_IP:
3125 case Q_IPV6:
3126 break;
3127 case Q_DEFAULT:
3128 b0 = gen_protochain(v, Q_IP, dir);
3129 b = gen_protochain(v, Q_IPV6, dir);
3130 gen_or(b0, b);
3131 return b;
3132 default:
3133 bpf_error("bad protocol applied for 'protochain'");
3134 /*NOTREACHED*/
3135 }
3136
3137 no_optimize = 1; /*this code is not compatible with optimzer yet */
3138
3139 /*
3140 * s[0] is a dummy entry to protect other BPF insn from damaged
3141 * by s[fix] = foo with uninitialized variable "fix". It is somewhat
3142 * hard to find interdependency made by jump table fixup.
3143 */
3144 i = 0;
3145 s[i] = new_stmt(0); /*dummy*/
3146 i++;
3147
3148 switch (proto) {
3149 case Q_IP:
3150 b0 = gen_linktype(ETHERTYPE_IP);
3151
3152 /* A = ip->ip_p */
3153 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
3154 s[i]->s.k = off_nl + 9;
3155 i++;
3156 /* X = ip->ip_hl << 2 */
3157 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
3158 s[i]->s.k = off_nl;
3159 i++;
3160 break;
3161 #ifdef INET6
3162 case Q_IPV6:
3163 b0 = gen_linktype(ETHERTYPE_IPV6);
3164
3165 /* A = ip6->ip_nxt */
3166 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
3167 s[i]->s.k = off_nl + 6;
3168 i++;
3169 /* X = sizeof(struct ip6_hdr) */
3170 s[i] = new_stmt(BPF_LDX|BPF_IMM);
3171 s[i]->s.k = 40;
3172 i++;
3173 break;
3174 #endif
3175 default:
3176 bpf_error("unsupported proto to gen_protochain");
3177 /*NOTREACHED*/
3178 }
3179
3180 /* again: if (A == v) goto end; else fall through; */
3181 again = i;
3182 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3183 s[i]->s.k = v;
3184 s[i]->s.jt = NULL; /*later*/
3185 s[i]->s.jf = NULL; /*update in next stmt*/
3186 fix5 = i;
3187 i++;
3188
3189 #ifndef IPPROTO_NONE
3190 #define IPPROTO_NONE 59
3191 #endif
3192 /* if (A == IPPROTO_NONE) goto end */
3193 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3194 s[i]->s.jt = NULL; /*later*/
3195 s[i]->s.jf = NULL; /*update in next stmt*/
3196 s[i]->s.k = IPPROTO_NONE;
3197 s[fix5]->s.jf = s[i];
3198 fix2 = i;
3199 i++;
3200
3201 #ifdef INET6
3202 if (proto == Q_IPV6) {
3203 int v6start, v6end, v6advance, j;
3204
3205 v6start = i;
3206 /* if (A == IPPROTO_HOPOPTS) goto v6advance */
3207 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3208 s[i]->s.jt = NULL; /*later*/
3209 s[i]->s.jf = NULL; /*update in next stmt*/
3210 s[i]->s.k = IPPROTO_HOPOPTS;
3211 s[fix2]->s.jf = s[i];
3212 i++;
3213 /* if (A == IPPROTO_DSTOPTS) goto v6advance */
3214 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3215 s[i]->s.jt = NULL; /*later*/
3216 s[i]->s.jf = NULL; /*update in next stmt*/
3217 s[i]->s.k = IPPROTO_DSTOPTS;
3218 i++;
3219 /* if (A == IPPROTO_ROUTING) goto v6advance */
3220 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3221 s[i]->s.jt = NULL; /*later*/
3222 s[i]->s.jf = NULL; /*update in next stmt*/
3223 s[i]->s.k = IPPROTO_ROUTING;
3224 i++;
3225 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */
3226 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3227 s[i]->s.jt = NULL; /*later*/
3228 s[i]->s.jf = NULL; /*later*/
3229 s[i]->s.k = IPPROTO_FRAGMENT;
3230 fix3 = i;
3231 v6end = i;
3232 i++;
3233
3234 /* v6advance: */
3235 v6advance = i;
3236
3237 /*
3238 * in short,
3239 * A = P[X];
3240 * X = X + (P[X + 1] + 1) * 8;
3241 */
3242 /* A = X */
3243 s[i] = new_stmt(BPF_MISC|BPF_TXA);
3244 i++;
3245 /* A = P[X + packet head] */
3246 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
3247 s[i]->s.k = off_nl;
3248 i++;
3249 /* MEM[reg2] = A */
3250 s[i] = new_stmt(BPF_ST);
3251 s[i]->s.k = reg2;
3252 i++;
3253 /* A = X */
3254 s[i] = new_stmt(BPF_MISC|BPF_TXA);
3255 i++;
3256 /* A += 1 */
3257 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3258 s[i]->s.k = 1;
3259 i++;
3260 /* X = A */
3261 s[i] = new_stmt(BPF_MISC|BPF_TAX);
3262 i++;
3263 /* A = P[X + packet head]; */
3264 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
3265 s[i]->s.k = off_nl;
3266 i++;
3267 /* A += 1 */
3268 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3269 s[i]->s.k = 1;
3270 i++;
3271 /* A *= 8 */
3272 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
3273 s[i]->s.k = 8;
3274 i++;
3275 /* X = A; */
3276 s[i] = new_stmt(BPF_MISC|BPF_TAX);
3277 i++;
3278 /* A = MEM[reg2] */
3279 s[i] = new_stmt(BPF_LD|BPF_MEM);
3280 s[i]->s.k = reg2;
3281 i++;
3282
3283 /* goto again; (must use BPF_JA for backward jump) */
3284 s[i] = new_stmt(BPF_JMP|BPF_JA);
3285 s[i]->s.k = again - i - 1;
3286 s[i - 1]->s.jf = s[i];
3287 i++;
3288
3289 /* fixup */
3290 for (j = v6start; j <= v6end; j++)
3291 s[j]->s.jt = s[v6advance];
3292 } else
3293 #endif
3294 {
3295 /* nop */
3296 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3297 s[i]->s.k = 0;
3298 s[fix2]->s.jf = s[i];
3299 i++;
3300 }
3301
3302 /* ahcheck: */
3303 ahcheck = i;
3304 /* if (A == IPPROTO_AH) then fall through; else goto end; */
3305 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3306 s[i]->s.jt = NULL; /*later*/
3307 s[i]->s.jf = NULL; /*later*/
3308 s[i]->s.k = IPPROTO_AH;
3309 if (fix3)
3310 s[fix3]->s.jf = s[ahcheck];
3311 fix4 = i;
3312 i++;
3313
3314 /*
3315 * in short,
3316 * A = P[X];
3317 * X = X + (P[X + 1] + 2) * 4;
3318 */
3319 /* A = X */
3320 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
3321 i++;
3322 /* A = P[X + packet head]; */
3323 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
3324 s[i]->s.k = off_nl;
3325 i++;
3326 /* MEM[reg2] = A */
3327 s[i] = new_stmt(BPF_ST);
3328 s[i]->s.k = reg2;
3329 i++;
3330 /* A = X */
3331 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
3332 i++;
3333 /* A += 1 */
3334 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3335 s[i]->s.k = 1;
3336 i++;
3337 /* X = A */
3338 s[i] = new_stmt(BPF_MISC|BPF_TAX);
3339 i++;
3340 /* A = P[X + packet head] */
3341 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
3342 s[i]->s.k = off_nl;
3343 i++;
3344 /* A += 2 */
3345 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3346 s[i]->s.k = 2;
3347 i++;
3348 /* A *= 4 */
3349 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
3350 s[i]->s.k = 4;
3351 i++;
3352 /* X = A; */
3353 s[i] = new_stmt(BPF_MISC|BPF_TAX);
3354 i++;
3355 /* A = MEM[reg2] */
3356 s[i] = new_stmt(BPF_LD|BPF_MEM);
3357 s[i]->s.k = reg2;
3358 i++;
3359
3360 /* goto again; (must use BPF_JA for backward jump) */
3361 s[i] = new_stmt(BPF_JMP|BPF_JA);
3362 s[i]->s.k = again - i - 1;
3363 i++;
3364
3365 /* end: nop */
3366 end = i;
3367 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3368 s[i]->s.k = 0;
3369 s[fix2]->s.jt = s[end];
3370 s[fix4]->s.jf = s[end];
3371 s[fix5]->s.jt = s[end];
3372 i++;
3373
3374 /*
3375 * make slist chain
3376 */
3377 max = i;
3378 for (i = 0; i < max - 1; i++)
3379 s[i]->next = s[i + 1];
3380 s[max - 1]->next = NULL;
3381
3382 /*
3383 * emit final check
3384 */
3385 b = new_block(JMP(BPF_JEQ));
3386 b->stmts = s[1]; /*remember, s[0] is dummy*/
3387 b->s.k = v;
3388
3389 free_reg(reg2);
3390
3391 gen_and(b0, b);
3392 return b;
3393 #endif
3394 }
3395
3396 static struct block *
3397 gen_proto(v, proto, dir)
3398 int v;
3399 int proto;
3400 int dir;
3401 {
3402 struct block *b0, *b1;
3403
3404 if (dir != Q_DEFAULT)
3405 bpf_error("direction applied to 'proto'");
3406
3407 switch (proto) {
3408 case Q_DEFAULT:
3409 #ifdef INET6
3410 b0 = gen_proto(v, Q_IP, dir);
3411 b1 = gen_proto(v, Q_IPV6, dir);
3412 gen_or(b0, b1);
3413 return b1;
3414 #else
3415 /*FALLTHROUGH*/
3416 #endif
3417 case Q_IP:
3418 b0 = gen_linktype(ETHERTYPE_IP);
3419 #ifndef CHASE_CHAIN
3420 b1 = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)v);
3421 #else
3422 b1 = gen_protochain(v, Q_IP);
3423 #endif
3424 gen_and(b0, b1);
3425 return b1;
3426
3427 case Q_ISO:
3428 switch (linktype) {
3429
3430 case DLT_FRELAY:
3431 /*
3432 * Frame Relay packets typically have an OSI
3433 * NLPID at the beginning; "gen_linktype(LLCSAP_ISONS)"
3434 * generates code to check for all the OSI
3435 * NLPIDs, so calling it and then adding a check
3436 * for the particular NLPID for which we're
3437 * looking is bogus, as we can just check for
3438 * the NLPID.
3439 *
3440 * What we check for is the NLPID and a frame
3441 * control field value of UI, i.e. 0x03 followed
3442 * by the NLPID.
3443 *
3444 * XXX - assumes a 2-byte Frame Relay header with
3445 * DLCI and flags. What if the address is longer?
3446 *
3447 * XXX - what about SNAP-encapsulated frames?
3448 */
3449 return gen_cmp(2, BPF_H, (0x03<<8) | v);
3450 break;
3451
3452 default:
3453 b0 = gen_linktype(LLCSAP_ISONS);
3454 b1 = gen_cmp(off_nl_nosnap, BPF_B, (long)v);
3455 gen_and(b0, b1);
3456 return b1;
3457 }
3458
3459 case Q_ARP:
3460 bpf_error("arp does not encapsulate another protocol");
3461 /* NOTREACHED */
3462
3463 case Q_RARP:
3464 bpf_error("rarp does not encapsulate another protocol");
3465 /* NOTREACHED */
3466
3467 case Q_ATALK:
3468 bpf_error("atalk encapsulation is not specifiable");
3469 /* NOTREACHED */
3470
3471 case Q_DECNET:
3472 bpf_error("decnet encapsulation is not specifiable");
3473 /* NOTREACHED */
3474
3475 case Q_SCA:
3476 bpf_error("sca does not encapsulate another protocol");
3477 /* NOTREACHED */
3478
3479 case Q_LAT:
3480 bpf_error("lat does not encapsulate another protocol");
3481 /* NOTREACHED */
3482
3483 case Q_MOPRC:
3484 bpf_error("moprc does not encapsulate another protocol");
3485 /* NOTREACHED */
3486
3487 case Q_MOPDL:
3488 bpf_error("mopdl does not encapsulate another protocol");
3489 /* NOTREACHED */
3490
3491 case Q_LINK:
3492 return gen_linktype(v);
3493
3494 case Q_UDP:
3495 bpf_error("'udp proto' is bogus");
3496 /* NOTREACHED */
3497
3498 case Q_TCP:
3499 bpf_error("'tcp proto' is bogus");
3500 /* NOTREACHED */
3501
3502 case Q_SCTP:
3503 bpf_error("'sctp proto' is bogus");
3504 /* NOTREACHED */
3505
3506 case Q_ICMP:
3507 bpf_error("'icmp proto' is bogus");
3508 /* NOTREACHED */
3509
3510 case Q_IGMP:
3511 bpf_error("'igmp proto' is bogus");
3512 /* NOTREACHED */
3513
3514 case Q_IGRP:
3515 bpf_error("'igrp proto' is bogus");
3516 /* NOTREACHED */
3517
3518 case Q_PIM:
3519 bpf_error("'pim proto' is bogus");
3520 /* NOTREACHED */
3521
3522 case Q_VRRP:
3523 bpf_error("'vrrp proto' is bogus");
3524 /* NOTREACHED */
3525
3526 #ifdef INET6
3527 case Q_IPV6:
3528 b0 = gen_linktype(ETHERTYPE_IPV6);
3529 #ifndef CHASE_CHAIN
3530 b1 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)v);
3531 #else
3532 b1 = gen_protochain(v, Q_IPV6);
3533 #endif
3534 gen_and(b0, b1);
3535 return b1;
3536
3537 case Q_ICMPV6:
3538 bpf_error("'icmp6 proto' is bogus");
3539 #endif /* INET6 */
3540
3541 case Q_AH:
3542 bpf_error("'ah proto' is bogus");
3543
3544 case Q_ESP:
3545 bpf_error("'ah proto' is bogus");
3546
3547 case Q_STP:
3548 bpf_error("'stp proto' is bogus");
3549
3550 case Q_IPX:
3551 bpf_error("'ipx proto' is bogus");
3552
3553 case Q_NETBEUI:
3554 bpf_error("'netbeui proto' is bogus");
3555
3556 default:
3557 abort();
3558 /* NOTREACHED */
3559 }
3560 /* NOTREACHED */
3561 }
3562
3563 struct block *
3564 gen_scode(name, q)
3565 register const char *name;
3566 struct qual q;
3567 {
3568 int proto = q.proto;
3569 int dir = q.dir;
3570 int tproto;
3571 u_char *eaddr;
3572 bpf_u_int32 mask, addr;
3573 #ifndef INET6
3574 bpf_u_int32 **alist;
3575 #else
3576 int tproto6;
3577 struct sockaddr_in *sin;
3578 struct sockaddr_in6 *sin6;
3579 struct addrinfo *res, *res0;
3580 struct in6_addr mask128;
3581 #endif /*INET6*/
3582 struct block *b, *tmp;
3583 int port, real_proto;
3584
3585 switch (q.addr) {
3586
3587 case Q_NET:
3588 addr = pcap_nametonetaddr(name);
3589 if (addr == 0)
3590 bpf_error("unknown network '%s'", name);
3591 /* Left justify network addr and calculate its network mask */
3592 mask = 0xffffffff;
3593 while (addr && (addr & 0xff000000) == 0) {
3594 addr <<= 8;
3595 mask <<= 8;
3596 }
3597 return gen_host(addr, mask, proto, dir);
3598
3599 case Q_DEFAULT:
3600 case Q_HOST:
3601 if (proto == Q_LINK) {
3602 switch (linktype) {
3603
3604 case DLT_EN10MB:
3605 eaddr = pcap_ether_hostton(name);
3606 if (eaddr == NULL)
3607 bpf_error(
3608 "unknown ether host '%s'", name);
3609 b = gen_ehostop(eaddr, dir);
3610 free(eaddr);
3611 return b;
3612
3613 case DLT_FDDI:
3614 eaddr = pcap_ether_hostton(name);
3615 if (eaddr == NULL)
3616 bpf_error(
3617 "unknown FDDI host '%s'", name);
3618 b = gen_fhostop(eaddr, dir);
3619 free(eaddr);
3620 return b;
3621
3622 case DLT_IEEE802:
3623 eaddr = pcap_ether_hostton(name);
3624 if (eaddr == NULL)
3625 bpf_error(
3626 "unknown token ring host '%s'", name);
3627 b = gen_thostop(eaddr, dir);
3628 free(eaddr);
3629 return b;
3630
3631 case DLT_IEEE802_11:
3632 eaddr = pcap_ether_hostton(name);
3633 if (eaddr == NULL)
3634 bpf_error(
3635 "unknown 802.11 host '%s'", name);
3636 b = gen_wlanhostop(eaddr, dir);
3637 free(eaddr);
3638 return b;
3639
3640 case DLT_IP_OVER_FC:
3641 eaddr = pcap_ether_hostton(name);
3642 if (eaddr == NULL)
3643 bpf_error(
3644 "unknown Fibre Channel host '%s'", name);
3645 b = gen_ipfchostop(eaddr, dir);
3646 free(eaddr);
3647 return b;
3648
3649 case DLT_SUNATM:
3650 if (!is_lane)
3651 break;
3652
3653 /*
3654 * Check that the packet doesn't begin
3655 * with an LE Control marker. (We've
3656 * already generated a test for LANE.)
3657 */
3658 tmp = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H,
3659 0xFF00);
3660 gen_not(tmp);
3661
3662 eaddr = pcap_ether_hostton(name);
3663 if (eaddr == NULL)
3664 bpf_error(
3665 "unknown ether host '%s'", name);
3666 b = gen_ehostop(eaddr, dir);
3667 gen_and(tmp, b);
3668 free(eaddr);
3669 return b;
3670 }
3671
3672 bpf_error("only ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel supports link-level host name");
3673 } else if (proto == Q_DECNET) {
3674 unsigned short dn_addr = __pcap_nametodnaddr(name);
3675 /*
3676 * I don't think DECNET hosts can be multihomed, so
3677 * there is no need to build up a list of addresses
3678 */
3679 return (gen_host(dn_addr, 0, proto, dir));
3680 } else {
3681 #ifndef INET6
3682 alist = pcap_nametoaddr(name);
3683 if (alist == NULL || *alist == NULL)
3684 bpf_error("unknown host '%s'", name);
3685 tproto = proto;
3686 if (off_linktype == -1 && tproto == Q_DEFAULT)
3687 tproto = Q_IP;
3688 b = gen_host(**alist++, 0xffffffff, tproto, dir);
3689 while (*alist) {
3690 tmp = gen_host(**alist++, 0xffffffff,
3691 tproto, dir);
3692 gen_or(b, tmp);
3693 b = tmp;
3694 }
3695 return b;
3696 #else
3697 memset(&mask128, 0xff, sizeof(mask128));
3698 res0 = res = pcap_nametoaddrinfo(name);
3699 if (res == NULL)
3700 bpf_error("unknown host '%s'", name);
3701 b = tmp = NULL;
3702 tproto = tproto6 = proto;
3703 if (off_linktype == -1 && tproto == Q_DEFAULT) {
3704 tproto = Q_IP;
3705 tproto6 = Q_IPV6;
3706 }
3707 for (res = res0; res; res = res->ai_next) {
3708 switch (res->ai_family) {
3709 case AF_INET:
3710 if (tproto == Q_IPV6)
3711 continue;
3712
3713 sin = (struct sockaddr_in *)
3714 res->ai_addr;
3715 tmp = gen_host(ntohl(sin->sin_addr.s_addr),
3716 0xffffffff, tproto, dir);
3717 break;
3718 case AF_INET6:
3719 if (tproto6 == Q_IP)
3720 continue;
3721
3722 sin6 = (struct sockaddr_in6 *)
3723 res->ai_addr;
3724 tmp = gen_host6(&sin6->sin6_addr,
3725 &mask128, tproto6, dir);
3726 break;
3727 default:
3728 continue;
3729 }
3730 if (b)
3731 gen_or(b, tmp);
3732 b = tmp;
3733 }
3734 freeaddrinfo(res0);
3735 if (b == NULL) {
3736 bpf_error("unknown host '%s'%s", name,
3737 (proto == Q_DEFAULT)
3738 ? ""
3739 : " for specified address family");
3740 }
3741 return b;
3742 #endif /*INET6*/
3743 }
3744
3745 case Q_PORT:
3746 if (proto != Q_DEFAULT &&
3747 proto != Q_UDP && proto != Q_TCP && proto != Q_SCTP)
3748 bpf_error("illegal qualifier of 'port'");
3749 if (pcap_nametoport(name, &port, &real_proto) == 0)
3750 bpf_error("unknown port '%s'", name);
3751 if (proto == Q_UDP) {
3752 if (real_proto == IPPROTO_TCP)
3753 bpf_error("port '%s' is tcp", name);
3754 else if (real_proto == IPPROTO_SCTP)
3755 bpf_error("port '%s' is sctp", name);
3756 else
3757 /* override PROTO_UNDEF */
3758 real_proto = IPPROTO_UDP;
3759 }
3760 if (proto == Q_TCP) {
3761 if (real_proto == IPPROTO_UDP)
3762 bpf_error("port '%s' is udp", name);
3763
3764 else if (real_proto == IPPROTO_SCTP)
3765 bpf_error("port '%s' is sctp", name);
3766 else
3767 /* override PROTO_UNDEF */
3768 real_proto = IPPROTO_TCP;
3769 }
3770 if (proto == Q_SCTP) {
3771 if (real_proto == IPPROTO_UDP)
3772 bpf_error("port '%s' is udp", name);
3773
3774 else if (real_proto == IPPROTO_TCP)
3775 bpf_error("port '%s' is tcp", name);
3776 else
3777 /* override PROTO_UNDEF */
3778 real_proto = IPPROTO_SCTP;
3779 }
3780 #ifndef INET6
3781 return gen_port(port, real_proto, dir);
3782 #else
3783 {
3784 struct block *b;
3785 b = gen_port(port, real_proto, dir);
3786 gen_or(gen_port6(port, real_proto, dir), b);
3787 return b;
3788 }
3789 #endif /* INET6 */
3790
3791 case Q_GATEWAY:
3792 #ifndef INET6
3793 eaddr = pcap_ether_hostton(name);
3794 if (eaddr == NULL)
3795 bpf_error("unknown ether host: %s", name);
3796
3797 alist = pcap_nametoaddr(name);
3798 if (alist == NULL || *alist == NULL)
3799 bpf_error("unknown host '%s'", name);
3800 b = gen_gateway(eaddr, alist, proto, dir);
3801 free(eaddr);
3802 return b;
3803 #else
3804 bpf_error("'gateway' not supported in this configuration");
3805 #endif /*INET6*/
3806
3807 case Q_PROTO:
3808 real_proto = lookup_proto(name, proto);
3809 if (real_proto >= 0)
3810 return gen_proto(real_proto, proto, dir);
3811 else
3812 bpf_error("unknown protocol: %s", name);
3813
3814 case Q_PROTOCHAIN:
3815 real_proto = lookup_proto(name, proto);
3816 if (real_proto >= 0)
3817 return gen_protochain(real_proto, proto, dir);
3818 else
3819 bpf_error("unknown protocol: %s", name);
3820
3821
3822 case Q_UNDEF:
3823 syntax();
3824 /* NOTREACHED */
3825 }
3826 abort();
3827 /* NOTREACHED */
3828 }
3829
3830 struct block *
3831 gen_mcode(s1, s2, masklen, q)
3832 register const char *s1, *s2;
3833 register int masklen;
3834 struct qual q;
3835 {
3836 register int nlen, mlen;
3837 bpf_u_int32 n, m;
3838
3839 nlen = __pcap_atoin(s1, &n);
3840 /* Promote short ipaddr */
3841 n <<= 32 - nlen;
3842
3843 if (s2 != NULL) {
3844 mlen = __pcap_atoin(s2, &m);
3845 /* Promote short ipaddr */
3846 m <<= 32 - mlen;
3847 if ((n & ~m) != 0)
3848 bpf_error("non-network bits set in \"%s mask %s\"",
3849 s1, s2);
3850 } else {
3851 /* Convert mask len to mask */
3852 if (masklen > 32)
3853 bpf_error("mask length must be <= 32");
3854 m = 0xffffffff << (32 - masklen);
3855 if ((n & ~m) != 0)
3856 bpf_error("non-network bits set in \"%s/%d\"",
3857 s1, masklen);
3858 }
3859
3860 switch (q.addr) {
3861
3862 case Q_NET:
3863 return gen_host(n, m, q.proto, q.dir);
3864
3865 default:
3866 bpf_error("Mask syntax for networks only");
3867 /* NOTREACHED */
3868 }
3869 }
3870
3871 struct block *
3872 gen_ncode(s, v, q)
3873 register const char *s;
3874 bpf_u_int32 v;
3875 struct qual q;
3876 {
3877 bpf_u_int32 mask;
3878 int proto = q.proto;
3879 int dir = q.dir;
3880 register int vlen;
3881
3882 if (s == NULL)
3883 vlen = 32;
3884 else if (q.proto == Q_DECNET)
3885 vlen = __pcap_atodn(s, &v);
3886 else
3887 vlen = __pcap_atoin(s, &v);
3888
3889 switch (q.addr) {
3890
3891 case Q_DEFAULT:
3892 case Q_HOST:
3893 case Q_NET:
3894 if (proto == Q_DECNET)
3895 return gen_host(v, 0, proto, dir);
3896 else if (proto == Q_LINK) {
3897 bpf_error("illegal link layer address");
3898 } else {
3899 mask = 0xffffffff;
3900 if (s == NULL && q.addr == Q_NET) {
3901 /* Promote short net number */
3902 while (v && (v & 0xff000000) == 0) {
3903 v <<= 8;
3904 mask <<= 8;
3905 }
3906 } else {
3907 /* Promote short ipaddr */
3908 v <<= 32 - vlen;
3909 mask <<= 32 - vlen;
3910 }
3911 return gen_host(v, mask, proto, dir);
3912 }
3913
3914 case Q_PORT:
3915 if (proto == Q_UDP)
3916 proto = IPPROTO_UDP;
3917 else if (proto == Q_TCP)
3918 proto = IPPROTO_TCP;
3919 else if (proto == Q_SCTP)
3920 proto = IPPROTO_SCTP;
3921 else if (proto == Q_DEFAULT)
3922 proto = PROTO_UNDEF;
3923 else
3924 bpf_error("illegal qualifier of 'port'");
3925
3926 #ifndef INET6
3927 return gen_port((int)v, proto, dir);
3928 #else
3929 {
3930 struct block *b;
3931 b = gen_port((int)v, proto, dir);
3932 gen_or(gen_port6((int)v, proto, dir), b);
3933 return b;
3934 }
3935 #endif /* INET6 */
3936
3937 case Q_GATEWAY:
3938 bpf_error("'gateway' requires a name");
3939 /* NOTREACHED */
3940
3941 case Q_PROTO:
3942 return gen_proto((int)v, proto, dir);
3943
3944 case Q_PROTOCHAIN:
3945 return gen_protochain((int)v, proto, dir);
3946
3947 case Q_UNDEF:
3948 syntax();
3949 /* NOTREACHED */
3950
3951 default:
3952 abort();
3953 /* NOTREACHED */
3954 }
3955 /* NOTREACHED */
3956 }
3957
3958 #ifdef INET6
3959 struct block *
3960 gen_mcode6(s1, s2, masklen, q)
3961 register const char *s1, *s2;
3962 register int masklen;
3963 struct qual q;
3964 {
3965 struct addrinfo *res;
3966 struct in6_addr *addr;
3967 struct in6_addr mask;
3968 struct block *b;
3969 u_int32_t *a, *m;
3970
3971 if (s2)
3972 bpf_error("no mask %s supported", s2);
3973
3974 res = pcap_nametoaddrinfo(s1);
3975 if (!res)
3976 bpf_error("invalid ip6 address %s", s1);
3977 if (res->ai_next)
3978 bpf_error("%s resolved to multiple address", s1);
3979 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr;
3980
3981 if (sizeof(mask) * 8 < masklen)
3982 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8));
3983 memset(&mask, 0, sizeof(mask));
3984 memset(&mask, 0xff, masklen / 8);
3985 if (masklen % 8) {
3986 mask.s6_addr[masklen / 8] =
3987 (0xff << (8 - masklen % 8)) & 0xff;
3988 }
3989
3990 a = (u_int32_t *)addr;
3991 m = (u_int32_t *)&mask;
3992 if ((a[0] & ~m[0]) || (a[1] & ~m[1])
3993 || (a[2] & ~m[2]) || (a[3] & ~m[3])) {
3994 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen);
3995 }
3996
3997 switch (q.addr) {
3998
3999 case Q_DEFAULT:
4000 case Q_HOST:
4001 if (masklen != 128)
4002 bpf_error("Mask syntax for networks only");
4003 /* FALLTHROUGH */
4004
4005 case Q_NET:
4006 b = gen_host6(addr, &mask, q.proto, q.dir);
4007 freeaddrinfo(res);
4008 return b;
4009
4010 default:
4011 bpf_error("invalid qualifier against IPv6 address");
4012 /* NOTREACHED */
4013 }
4014 }
4015 #endif /*INET6*/
4016
4017 struct block *
4018 gen_ecode(eaddr, q)
4019 register const u_char *eaddr;
4020 struct qual q;
4021 {
4022 struct block *b, *tmp;
4023
4024 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
4025 if (linktype == DLT_EN10MB)
4026 return gen_ehostop(eaddr, (int)q.dir);
4027 if (linktype == DLT_FDDI)
4028 return gen_fhostop(eaddr, (int)q.dir);
4029 if (linktype == DLT_IEEE802)
4030 return gen_thostop(eaddr, (int)q.dir);
4031 if (linktype == DLT_IEEE802_11)
4032 return gen_wlanhostop(eaddr, (int)q.dir);
4033 if (linktype == DLT_SUNATM && is_lane) {
4034 /*
4035 * Check that the packet doesn't begin with an
4036 * LE Control marker. (We've already generated
4037 * a test for LANE.)
4038 */
4039 tmp = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
4040 gen_not(tmp);
4041
4042 /*
4043 * Now check the MAC address.
4044 */
4045 b = gen_ehostop(eaddr, (int)q.dir);
4046 gen_and(tmp, b);
4047 return b;
4048 }
4049 if (linktype == DLT_IP_OVER_FC)
4050 return gen_ipfchostop(eaddr, (int)q.dir);
4051 bpf_error("ethernet addresses supported only on ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel");
4052 }
4053 bpf_error("ethernet address used in non-ether expression");
4054 /* NOTREACHED */
4055 }
4056
4057 void
4058 sappend(s0, s1)
4059 struct slist *s0, *s1;
4060 {
4061 /*
4062 * This is definitely not the best way to do this, but the
4063 * lists will rarely get long.
4064 */
4065 while (s0->next)
4066 s0 = s0->next;
4067 s0->next = s1;
4068 }
4069
4070 static struct slist *
4071 xfer_to_x(a)
4072 struct arth *a;
4073 {
4074 struct slist *s;
4075
4076 s = new_stmt(BPF_LDX|BPF_MEM);
4077 s->s.k = a->regno;
4078 return s;
4079 }
4080
4081 static struct slist *
4082 xfer_to_a(a)
4083 struct arth *a;
4084 {
4085 struct slist *s;
4086
4087 s = new_stmt(BPF_LD|BPF_MEM);
4088 s->s.k = a->regno;
4089 return s;
4090 }
4091
4092 struct arth *
4093 gen_load(proto, index, size)
4094 int proto;
4095 struct arth *index;
4096 int size;
4097 {
4098 struct slist *s, *tmp;
4099 struct block *b;
4100 int regno = alloc_reg();
4101
4102 free_reg(index->regno);
4103 switch (size) {
4104
4105 default:
4106 bpf_error("data size must be 1, 2, or 4");
4107
4108 case 1:
4109 size = BPF_B;
4110 break;
4111
4112 case 2:
4113 size = BPF_H;
4114 break;
4115
4116 case 4:
4117 size = BPF_W;
4118 break;
4119 }
4120 switch (proto) {
4121 default:
4122 bpf_error("unsupported index operation");
4123
4124 case Q_LINK:
4125 /*
4126 * XXX - what about ATM LANE? Should the index be
4127 * relative to the beginning of the AAL5 frame, so
4128 * that 0 refers to the beginning of the LE Control
4129 * field, or relative to the beginning of the LAN
4130 * frame, so that 0 refers, for Ethernet LANE, to
4131 * the beginning of the destination address?
4132 */
4133 s = xfer_to_x(index);
4134 tmp = new_stmt(BPF_LD|BPF_IND|size);
4135 sappend(s, tmp);
4136 sappend(index->s, s);
4137 break;
4138
4139 case Q_IP:
4140 case Q_ARP:
4141 case Q_RARP:
4142 case Q_ATALK:
4143 case Q_DECNET:
4144 case Q_SCA:
4145 case Q_LAT:
4146 case Q_MOPRC:
4147 case Q_MOPDL:
4148 #ifdef INET6
4149 case Q_IPV6:
4150 #endif
4151 /* XXX Note that we assume a fixed link header here. */
4152 s = xfer_to_x(index);
4153 tmp = new_stmt(BPF_LD|BPF_IND|size);
4154 tmp->s.k = off_nl;
4155 sappend(s, tmp);
4156 sappend(index->s, s);
4157
4158 b = gen_proto_abbrev(proto);
4159 if (index->b)
4160 gen_and(index->b, b);
4161 index->b = b;
4162 break;
4163
4164 case Q_SCTP:
4165 case Q_TCP:
4166 case Q_UDP:
4167 case Q_ICMP:
4168 case Q_IGMP:
4169 case Q_IGRP:
4170 case Q_PIM:
4171 case Q_VRRP:
4172 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
4173 s->s.k = off_nl;
4174 sappend(s, xfer_to_a(index));
4175 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X));
4176 sappend(s, new_stmt(BPF_MISC|BPF_TAX));
4177 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size));
4178 tmp->s.k = off_nl;
4179 sappend(index->s, s);
4180
4181 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag());
4182 if (index->b)
4183 gen_and(index->b, b);
4184 #ifdef INET6
4185 gen_and(gen_proto_abbrev(Q_IP), b);
4186 #endif
4187 index->b = b;
4188 break;
4189 #ifdef INET6
4190 case Q_ICMPV6:
4191 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]");
4192 /*NOTREACHED*/
4193 #endif
4194 }
4195 index->regno = regno;
4196 s = new_stmt(BPF_ST);
4197 s->s.k = regno;
4198 sappend(index->s, s);
4199
4200 return index;
4201 }
4202
4203 struct block *
4204 gen_relation(code, a0, a1, reversed)
4205 int code;
4206 struct arth *a0, *a1;
4207 int reversed;
4208 {
4209 struct slist *s0, *s1, *s2;
4210 struct block *b, *tmp;
4211
4212 s0 = xfer_to_x(a1);
4213 s1 = xfer_to_a(a0);
4214 if (code == BPF_JEQ) {
4215 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X);
4216 b = new_block(JMP(code));
4217 sappend(s1, s2);
4218 }
4219 else
4220 b = new_block(BPF_JMP|code|BPF_X);
4221 if (reversed)
4222 gen_not(b);
4223
4224 sappend(s0, s1);
4225 sappend(a1->s, s0);
4226 sappend(a0->s, a1->s);
4227
4228 b->stmts = a0->s;
4229
4230 free_reg(a0->regno);
4231 free_reg(a1->regno);
4232
4233 /* 'and' together protocol checks */
4234 if (a0->b) {
4235 if (a1->b) {
4236 gen_and(a0->b, tmp = a1->b);
4237 }
4238 else
4239 tmp = a0->b;
4240 } else
4241 tmp = a1->b;
4242
4243 if (tmp)
4244 gen_and(tmp, b);
4245
4246 return b;
4247 }
4248
4249 struct arth *
4250 gen_loadlen()
4251 {
4252 int regno = alloc_reg();
4253 struct arth *a = (struct arth *)newchunk(sizeof(*a));
4254 struct slist *s;
4255
4256 s = new_stmt(BPF_LD|BPF_LEN);
4257 s->next = new_stmt(BPF_ST);
4258 s->next->s.k = regno;
4259 a->s = s;
4260 a->regno = regno;
4261
4262 return a;
4263 }
4264
4265 struct arth *
4266 gen_loadi(val)
4267 int val;
4268 {
4269 struct arth *a;
4270 struct slist *s;
4271 int reg;
4272
4273 a = (struct arth *)newchunk(sizeof(*a));
4274
4275 reg = alloc_reg();
4276
4277 s = new_stmt(BPF_LD|BPF_IMM);
4278 s->s.k = val;
4279 s->next = new_stmt(BPF_ST);
4280 s->next->s.k = reg;
4281 a->s = s;
4282 a->regno = reg;
4283
4284 return a;
4285 }
4286
4287 struct arth *
4288 gen_neg(a)
4289 struct arth *a;
4290 {
4291 struct slist *s;
4292
4293 s = xfer_to_a(a);
4294 sappend(a->s, s);
4295 s = new_stmt(BPF_ALU|BPF_NEG);
4296 s->s.k = 0;
4297 sappend(a->s, s);
4298 s = new_stmt(BPF_ST);
4299 s->s.k = a->regno;
4300 sappend(a->s, s);
4301
4302 return a;
4303 }
4304
4305 struct arth *
4306 gen_arth(code, a0, a1)
4307 int code;
4308 struct arth *a0, *a1;
4309 {
4310 struct slist *s0, *s1, *s2;
4311
4312 s0 = xfer_to_x(a1);
4313 s1 = xfer_to_a(a0);
4314 s2 = new_stmt(BPF_ALU|BPF_X|code);
4315
4316 sappend(s1, s2);
4317 sappend(s0, s1);
4318 sappend(a1->s, s0);
4319 sappend(a0->s, a1->s);
4320
4321 free_reg(a0->regno);
4322 free_reg(a1->regno);
4323
4324 s0 = new_stmt(BPF_ST);
4325 a0->regno = s0->s.k = alloc_reg();
4326 sappend(a0->s, s0);
4327
4328 return a0;
4329 }
4330
4331 /*
4332 * Here we handle simple allocation of the scratch registers.
4333 * If too many registers are alloc'd, the allocator punts.
4334 */
4335 static int regused[BPF_MEMWORDS];
4336 static int curreg;
4337
4338 /*
4339 * Return the next free register.
4340 */
4341 static int
4342 alloc_reg()
4343 {
4344 int n = BPF_MEMWORDS;
4345
4346 while (--n >= 0) {
4347 if (regused[curreg])
4348 curreg = (curreg + 1) % BPF_MEMWORDS;
4349 else {
4350 regused[curreg] = 1;
4351 return curreg;
4352 }
4353 }
4354 bpf_error("too many registers needed to evaluate expression");
4355 /* NOTREACHED */
4356 }
4357
4358 /*
4359 * Return a register to the table so it can
4360 * be used later.
4361 */
4362 static void
4363 free_reg(n)
4364 int n;
4365 {
4366 regused[n] = 0;
4367 }
4368
4369 static struct block *
4370 gen_len(jmp, n)
4371 int jmp, n;
4372 {
4373 struct slist *s;
4374 struct block *b;
4375
4376 s = new_stmt(BPF_LD|BPF_LEN);
4377 b = new_block(JMP(jmp));
4378 b->stmts = s;
4379 b->s.k = n;
4380
4381 return b;
4382 }
4383
4384 struct block *
4385 gen_greater(n)
4386 int n;
4387 {
4388 return gen_len(BPF_JGE, n);
4389 }
4390
4391 /*
4392 * Actually, this is less than or equal.
4393 */
4394 struct block *
4395 gen_less(n)
4396 int n;
4397 {
4398 struct block *b;
4399
4400 b = gen_len(BPF_JGT, n);
4401 gen_not(b);
4402
4403 return b;
4404 }
4405
4406 struct block *
4407 gen_byteop(op, idx, val)
4408 int op, idx, val;
4409 {
4410 struct block *b;
4411 struct slist *s;
4412
4413 switch (op) {
4414 default:
4415 abort();
4416
4417 case '=':
4418 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
4419
4420 case '<':
4421 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
4422 b->s.code = JMP(BPF_JGE);
4423 gen_not(b);
4424 return b;
4425
4426 case '>':
4427 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
4428 b->s.code = JMP(BPF_JGT);
4429 return b;
4430
4431 case '|':
4432 s = new_stmt(BPF_ALU|BPF_OR|BPF_K);
4433 break;
4434
4435 case '&':
4436 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
4437 break;
4438 }
4439 s->s.k = val;
4440 b = new_block(JMP(BPF_JEQ));
4441 b->stmts = s;
4442 gen_not(b);
4443
4444 return b;
4445 }
4446
4447 static u_char abroadcast[] = { 0x0 };
4448
4449 struct block *
4450 gen_broadcast(proto)
4451 int proto;
4452 {
4453 bpf_u_int32 hostmask;
4454 struct block *b0, *b1, *b2;
4455 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
4456
4457 switch (proto) {
4458
4459 case Q_DEFAULT:
4460 case Q_LINK:
4461 if (linktype == DLT_ARCNET)
4462 return gen_ahostop(abroadcast, Q_DST);
4463 if (linktype == DLT_EN10MB)
4464 return gen_ehostop(ebroadcast, Q_DST);
4465 if (linktype == DLT_FDDI)
4466 return gen_fhostop(ebroadcast, Q_DST);
4467 if (linktype == DLT_IEEE802)
4468 return gen_thostop(ebroadcast, Q_DST);
4469 if (linktype == DLT_IEEE802_11)
4470 return gen_wlanhostop(ebroadcast, Q_DST);
4471 if (linktype == DLT_SUNATM && is_lane) {
4472 /*
4473 * Check that the packet doesn't begin with an
4474 * LE Control marker. (We've already generated
4475 * a test for LANE.)
4476 */
4477 b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
4478 gen_not(b1);
4479
4480 /*
4481 * Now check the MAC address.
4482 */
4483 b0 = gen_ehostop(ebroadcast, Q_DST);
4484 gen_and(b1, b0);
4485 return b0;
4486 }
4487 bpf_error("not a broadcast link");
4488 break;
4489
4490 case Q_IP:
4491 b0 = gen_linktype(ETHERTYPE_IP);
4492 hostmask = ~netmask;
4493 b1 = gen_mcmp(off_nl + 16, BPF_W, (bpf_int32)0, hostmask);
4494 b2 = gen_mcmp(off_nl + 16, BPF_W,
4495 (bpf_int32)(~0 & hostmask), hostmask);
4496 gen_or(b1, b2);
4497 gen_and(b0, b2);
4498 return b2;
4499 }
4500 bpf_error("only ether/ip broadcast filters supported");
4501 }
4502
4503 /*
4504 * Generate code to test the low-order bit of a MAC address (that's
4505 * the bottom bit of the *first* byte).
4506 */
4507 static struct block *
4508 gen_mac_multicast(offset)
4509 int offset;
4510 {
4511 register struct block *b0;
4512 register struct slist *s;
4513
4514 /* link[offset] & 1 != 0 */
4515 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4516 s->s.k = offset;
4517 b0 = new_block(JMP(BPF_JSET));
4518 b0->s.k = 1;
4519 b0->stmts = s;
4520 return b0;
4521 }
4522
4523 struct block *
4524 gen_multicast(proto)
4525 int proto;
4526 {
4527 register struct block *b0, *b1, *b2;
4528 register struct slist *s;
4529
4530 switch (proto) {
4531
4532 case Q_DEFAULT:
4533 case Q_LINK:
4534 if (linktype == DLT_ARCNET)
4535 /* all ARCnet multicasts use the same address */
4536 return gen_ahostop(abroadcast, Q_DST);
4537
4538 if (linktype == DLT_EN10MB) {
4539 /* ether[0] & 1 != 0 */
4540 return gen_mac_multicast(0);
4541 }
4542
4543 if (linktype == DLT_FDDI) {
4544 /*
4545 * XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX
4546 *
4547 * XXX - was that referring to bit-order issues?
4548 */
4549 /* fddi[1] & 1 != 0 */
4550 return gen_mac_multicast(1);
4551 }
4552
4553 if (linktype == DLT_IEEE802) {
4554 /* tr[2] & 1 != 0 */
4555 return gen_mac_multicast(2);
4556 }
4557
4558 if (linktype == DLT_IEEE802_11) {
4559 /*
4560 * Oh, yuk.
4561 *
4562 * For control frames, there is no DA.
4563 *
4564 * For management frames, DA is at an
4565 * offset of 4 from the beginning of
4566 * the packet.
4567 *
4568 * For data frames, DA is at an offset
4569 * of 4 from the beginning of the packet
4570 * if To DS is clear and at an offset of
4571 * 16 from the beginning of the packet
4572 * if To DS is set.
4573 */
4574
4575 /*
4576 * Generate the tests to be done for data frames.
4577 *
4578 * First, check for To DS set, i.e. "link[1] & 0x01".
4579 */
4580 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4581 s->s.k = 1;
4582 b1 = new_block(JMP(BPF_JSET));
4583 b1->s.k = 0x01; /* To DS */
4584 b1->stmts = s;
4585
4586 /*
4587 * If To DS is set, the DA is at 16.
4588 */
4589 b0 = gen_mac_multicast(16);
4590 gen_and(b1, b0);
4591
4592 /*
4593 * Now, check for To DS not set, i.e. check
4594 * "!(link[1] & 0x01)".
4595 */
4596 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4597 s->s.k = 1;
4598 b2 = new_block(JMP(BPF_JSET));
4599 b2->s.k = 0x01; /* To DS */
4600 b2->stmts = s;
4601 gen_not(b2);
4602
4603 /*
4604 * If To DS is not set, the DA is at 4.
4605 */
4606 b1 = gen_mac_multicast(4);
4607 gen_and(b2, b1);
4608
4609 /*
4610 * Now OR together the last two checks. That gives
4611 * the complete set of checks for data frames.
4612 */
4613 gen_or(b1, b0);
4614
4615 /*
4616 * Now check for a data frame.
4617 * I.e, check "link[0] & 0x08".
4618 */
4619 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4620 s->s.k = 0;
4621 b1 = new_block(JMP(BPF_JSET));
4622 b1->s.k = 0x08;
4623 b1->stmts = s;
4624
4625 /*
4626 * AND that with the checks done for data frames.
4627 */
4628 gen_and(b1, b0);
4629
4630 /*
4631 * If the high-order bit of the type value is 0, this
4632 * is a management frame.
4633 * I.e, check "!(link[0] & 0x08)".
4634 */
4635 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4636 s->s.k = 0;
4637 b2 = new_block(JMP(BPF_JSET));
4638 b2->s.k = 0x08;
4639 b2->stmts = s;
4640 gen_not(b2);
4641
4642 /*
4643 * For management frames, the DA is at 4.
4644 */
4645 b1 = gen_mac_multicast(4);
4646 gen_and(b2, b1);
4647
4648 /*
4649 * OR that with the checks done for data frames.
4650 * That gives the checks done for management and
4651 * data frames.
4652 */
4653 gen_or(b1, b0);
4654
4655 /*
4656 * If the low-order bit of the type value is 1,
4657 * this is either a control frame or a frame
4658 * with a reserved type, and thus not a
4659 * frame with an SA.
4660 *
4661 * I.e., check "!(link[0] & 0x04)".
4662 */
4663 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4664 s->s.k = 0;
4665 b1 = new_block(JMP(BPF_JSET));
4666 b1->s.k = 0x04;
4667 b1->stmts = s;
4668 gen_not(b1);
4669
4670 /*
4671 * AND that with the checks for data and management
4672 * frames.
4673 */
4674 gen_and(b1, b0);
4675 return b0;
4676 }
4677
4678 if (linktype == DLT_SUNATM && is_lane) {
4679 /*
4680 * Check that the packet doesn't begin with an
4681 * LE Control marker. (We've already generated
4682 * a test for LANE.)
4683 */
4684 b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
4685 gen_not(b1);
4686
4687 /* ether[off_mac] & 1 != 0 */
4688 b0 = gen_mac_multicast(off_mac);
4689 gen_and(b1, b0);
4690 return b0;
4691 }
4692
4693 /* Link not known to support multicasts */
4694 break;
4695
4696 case Q_IP:
4697 b0 = gen_linktype(ETHERTYPE_IP);
4698 b1 = gen_cmp(off_nl + 16, BPF_B, (bpf_int32)224);
4699 b1->s.code = JMP(BPF_JGE);
4700 gen_and(b0, b1);
4701 return b1;
4702
4703 #ifdef INET6
4704 case Q_IPV6:
4705 b0 = gen_linktype(ETHERTYPE_IPV6);
4706 b1 = gen_cmp(off_nl + 24, BPF_B, (bpf_int32)255);
4707 gen_and(b0, b1);
4708 return b1;
4709 #endif /* INET6 */
4710 }
4711 bpf_error("only IP multicast filters supported on ethernet/FDDI");
4712 }
4713
4714 /*
4715 * generate command for inbound/outbound. It's here so we can
4716 * make it link-type specific. 'dir' = 0 implies "inbound",
4717 * = 1 implies "outbound".
4718 */
4719 struct block *
4720 gen_inbound(dir)
4721 int dir;
4722 {
4723 register struct block *b0;
4724
4725 /*
4726 * Only some data link types support inbound/outbound qualifiers.
4727 */
4728 switch (linktype) {
4729 case DLT_SLIP:
4730 case DLT_PPP:
4731 b0 = gen_relation(BPF_JEQ,
4732 gen_load(Q_LINK, gen_loadi(0), 1),
4733 gen_loadi(0),
4734 dir);
4735 break;
4736
4737 case DLT_LINUX_SLL:
4738 if (dir) {
4739 /*
4740 * Match packets sent by this machine.
4741 */
4742 b0 = gen_cmp(0, BPF_H, LINUX_SLL_OUTGOING);
4743 } else {
4744 /*
4745 * Match packets sent to this machine.
4746 * (No broadcast or multicast packets, or
4747 * packets sent to some other machine and
4748 * received promiscuously.)
4749 *
4750 * XXX - packets sent to other machines probably
4751 * shouldn't be matched, but what about broadcast
4752 * or multicast packets we received?
4753 */
4754 b0 = gen_cmp(0, BPF_H, LINUX_SLL_HOST);
4755 }
4756 break;
4757
4758 default:
4759 bpf_error("inbound/outbound not supported on linktype %d\n",
4760 linktype);
4761 b0 = NULL;
4762 /* NOTREACHED */
4763 }
4764 return (b0);
4765 }
4766
4767 struct block *
4768 gen_acode(eaddr, q)
4769 register const u_char *eaddr;
4770 struct qual q;
4771 {
4772 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
4773 if (linktype == DLT_ARCNET)
4774 return gen_ahostop(eaddr, (int)q.dir);
4775 }
4776 bpf_error("ARCnet address used in non-arc expression");
4777 /* NOTREACHED */
4778 }
4779
4780 static struct block *
4781 gen_ahostop(eaddr, dir)
4782 register const u_char *eaddr;
4783 register int dir;
4784 {
4785 register struct block *b0, *b1;
4786
4787 switch (dir) {
4788 /* src comes first, different from Ethernet */
4789 case Q_SRC:
4790 return gen_bcmp(0, 1, eaddr);
4791
4792 case Q_DST:
4793 return gen_bcmp(1, 1, eaddr);
4794
4795 case Q_AND:
4796 b0 = gen_ahostop(eaddr, Q_SRC);
4797 b1 = gen_ahostop(eaddr, Q_DST);
4798 gen_and(b0, b1);
4799 return b1;
4800
4801 case Q_DEFAULT:
4802 case Q_OR:
4803 b0 = gen_ahostop(eaddr, Q_SRC);
4804 b1 = gen_ahostop(eaddr, Q_DST);
4805 gen_or(b0, b1);
4806 return b1;
4807 }
4808 abort();
4809 /* NOTREACHED */
4810 }
4811
4812 /*
4813 * support IEEE 802.1Q VLAN trunk over ethernet
4814 */
4815 struct block *
4816 gen_vlan(vlan_num)
4817 int vlan_num;
4818 {
4819 struct block *b0;
4820
4821 /*
4822 * Change the offsets to point to the type and data fields within
4823 * the VLAN packet. This is somewhat of a kludge.
4824 */
4825 if (orig_nl == (u_int)-1) {
4826 orig_linktype = off_linktype; /* save original values */
4827 orig_nl = off_nl;
4828 orig_nl_nosnap = off_nl_nosnap;
4829
4830 switch (linktype) {
4831
4832 case DLT_EN10MB:
4833 off_linktype = 16;
4834 off_nl_nosnap = 18;
4835 off_nl = 18;
4836 break;
4837
4838 default:
4839 bpf_error("no VLAN support for data link type %d",
4840 linktype);
4841 /*NOTREACHED*/
4842 }
4843 }
4844
4845 /* check for VLAN */
4846 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q);
4847
4848 /* If a specific VLAN is requested, check VLAN id */
4849 if (vlan_num >= 0) {
4850 struct block *b1;
4851
4852 b1 = gen_cmp(orig_nl, BPF_H, (bpf_int32)vlan_num);
4853 gen_and(b0, b1);
4854 b0 = b1;
4855 }
4856
4857 return (b0);
4858 }
4859
4860 struct block *
4861 gen_atmfield_code(atmfield, jvalue, jtype, reverse)
4862 int atmfield;
4863 bpf_u_int32 jvalue;
4864 bpf_u_int32 jtype;
4865 int reverse;
4866 {
4867 struct block *b0;
4868
4869 switch (atmfield) {
4870
4871 case A_VPI:
4872 if (!is_atm)
4873 bpf_error("'vpi' supported only on raw ATM");
4874 if (off_vpi == -1)
4875 abort();
4876 b0 = gen_ncmp(BPF_B, off_vpi, 0xffffffff, (u_int)jtype,
4877 (u_int)jvalue, reverse);
4878 break;
4879
4880 case A_VCI:
4881 if (!is_atm)
4882 bpf_error("'vci' supported only on raw ATM");
4883 if (off_vci == -1)
4884 abort();
4885 b0 = gen_ncmp(BPF_H, off_vci, 0xffffffff, (u_int)jtype,
4886 (u_int)jvalue, reverse);
4887 break;
4888
4889 case A_PROTOTYPE:
4890 if (off_proto == -1)
4891 abort(); /* XXX - this isn't on FreeBSD */
4892 b0 = gen_ncmp(BPF_B, off_proto, 0x0f, (u_int)jtype,
4893 (u_int)jvalue, reverse);
4894 break;
4895
4896 case A_MSGTYPE:
4897 if (off_payload == -1)
4898 abort();
4899 b0 = gen_ncmp(BPF_B, off_payload + MSG_TYPE_POS, 0xffffffff,
4900 (u_int)jtype, (u_int)jvalue, reverse);
4901 break;
4902
4903 case A_CALLREFTYPE:
4904 if (!is_atm)
4905 bpf_error("'callref' supported only on raw ATM");
4906 if (off_proto == -1)
4907 abort();
4908 b0 = gen_ncmp(BPF_B, off_proto, 0xffffffff, (u_int)jtype,
4909 (u_int)jvalue, reverse);
4910 break;
4911
4912 default:
4913 abort();
4914 }
4915 return b0;
4916 }
4917
4918 struct block *
4919 gen_atmtype_abbrev(type)
4920 int type;
4921 {
4922 struct block *b0, *b1;
4923
4924 switch (type) {
4925
4926 case A_METAC:
4927 /* Get all packets in Meta signalling Circuit */
4928 if (!is_atm)
4929 bpf_error("'metac' supported only on raw ATM");
4930 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
4931 b1 = gen_atmfield_code(A_VCI, 1, BPF_JEQ, 0);
4932 gen_and(b0, b1);
4933 break;
4934
4935 case A_BCC:
4936 /* Get all packets in Broadcast Circuit*/
4937 if (!is_atm)
4938 bpf_error("'bcc' supported only on raw ATM");
4939 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
4940 b1 = gen_atmfield_code(A_VCI, 2, BPF_JEQ, 0);
4941 gen_and(b0, b1);
4942 break;
4943
4944 case A_OAMF4SC:
4945 /* Get all cells in Segment OAM F4 circuit*/
4946 if (!is_atm)
4947 bpf_error("'oam4sc' supported only on raw ATM");
4948 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
4949 b1 = gen_atmfield_code(A_VCI, 3, BPF_JEQ, 0);
4950 gen_and(b0, b1);
4951 break;
4952
4953 case A_OAMF4EC:
4954 /* Get all cells in End-to-End OAM F4 Circuit*/
4955 if (!is_atm)
4956 bpf_error("'oam4ec' supported only on raw ATM");
4957 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
4958 b1 = gen_atmfield_code(A_VCI, 4, BPF_JEQ, 0);
4959 gen_and(b0, b1);
4960 break;
4961
4962 case A_SC:
4963 /* Get all packets in connection Signalling Circuit */
4964 if (!is_atm)
4965 bpf_error("'sc' supported only on raw ATM");
4966 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
4967 b1 = gen_atmfield_code(A_VCI, 5, BPF_JEQ, 0);
4968 gen_and(b0, b1);
4969 break;
4970
4971 case A_ILMIC:
4972 /* Get all packets in ILMI Circuit */
4973 if (!is_atm)
4974 bpf_error("'ilmic' supported only on raw ATM");
4975 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
4976 b1 = gen_atmfield_code(A_VCI, 16, BPF_JEQ, 0);
4977 gen_and(b0, b1);
4978 break;
4979
4980 case A_LANE:
4981 /* Get all LANE packets */
4982 if (!is_atm)
4983 bpf_error("'lane' supported only on raw ATM");
4984 b1 = gen_atmfield_code(A_PROTOTYPE, PT_LANE, BPF_JEQ, 0);
4985
4986 /*
4987 * Arrange that all subsequent tests assume LANE
4988 * rather than LLC-encapsulated packets, and set
4989 * the offsets appropriately for LANE-encapsulated
4990 * Ethernet.
4991 *
4992 * "off_mac" is the offset of the Ethernet header,
4993 * which is 2 bytes past the ATM pseudo-header
4994 * (skipping the pseudo-header and 2-byte LE Client
4995 * field). The other offsets are Ethernet offsets
4996 * relative to "off_mac".
4997 */
4998 is_lane = 1;
4999 off_mac = off_payload + 2; /* MAC header */
5000 off_linktype = off_mac + 12;
5001 off_nl = off_mac + 14; /* Ethernet II */
5002 off_nl_nosnap = off_mac + 17; /* 802.3+802.2 */
5003 break;
5004
5005 case A_LLC:
5006 /* Get all LLC-encapsulated packets */
5007 if (!is_atm)
5008 bpf_error("'llc' supported only on raw ATM");
5009 b1 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0);
5010 is_lane = 0;
5011 break;
5012
5013 default:
5014 abort();
5015 }
5016 return b1;
5017 }
5018
5019
5020 static struct block *
5021 gen_msg_abbrev(type)
5022 int type;
5023 {
5024 struct block *b1;
5025
5026 /*
5027 * Q.2931 signalling protocol messages for handling virtual circuits
5028 * establishment and teardown
5029 */
5030 switch (type) {
5031
5032 case A_SETUP:
5033 b1 = gen_atmfield_code(A_MSGTYPE, SETUP, BPF_JEQ, 0);
5034 break;
5035
5036 case A_CALLPROCEED:
5037 b1 = gen_atmfield_code(A_MSGTYPE, CALL_PROCEED, BPF_JEQ, 0);
5038 break;
5039
5040 case A_CONNECT:
5041 b1 = gen_atmfield_code(A_MSGTYPE, CONNECT, BPF_JEQ, 0);
5042 break;
5043
5044 case A_CONNECTACK:
5045 b1 = gen_atmfield_code(A_MSGTYPE, CONNECT_ACK, BPF_JEQ, 0);
5046 break;
5047
5048 case A_RELEASE:
5049 b1 = gen_atmfield_code(A_MSGTYPE, RELEASE, BPF_JEQ, 0);
5050 break;
5051
5052 case A_RELEASE_DONE:
5053 b1 = gen_atmfield_code(A_MSGTYPE, RELEASE_DONE, BPF_JEQ, 0);
5054 break;
5055
5056 default:
5057 abort();
5058 }
5059 return b1;
5060 }
5061
5062 struct block *
5063 gen_atmmulti_abbrev(type)
5064 int type;
5065 {
5066 struct block *b0, *b1;
5067
5068 switch (type) {
5069
5070 case A_OAM:
5071 if (!is_atm)
5072 bpf_error("'oam' supported only on raw ATM");
5073 b1 = gen_atmmulti_abbrev(A_OAMF4);
5074 break;
5075
5076 case A_OAMF4:
5077 if (!is_atm)
5078 bpf_error("'oamf4' supported only on raw ATM");
5079 /* OAM F4 type */
5080 b0 = gen_atmfield_code(A_VCI, 3, BPF_JEQ, 0);
5081 b1 = gen_atmfield_code(A_VCI, 4, BPF_JEQ, 0);
5082 gen_or(b0, b1);
5083 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5084 gen_and(b0, b1);
5085 break;
5086
5087 case A_CONNECTMSG:
5088 /*
5089 * Get Q.2931 signalling messages for switched
5090 * virtual connection
5091 */
5092 if (!is_atm)
5093 bpf_error("'connectmsg' supported only on raw ATM");
5094 b0 = gen_msg_abbrev(A_SETUP);
5095 b1 = gen_msg_abbrev(A_CALLPROCEED);
5096 gen_or(b0, b1);
5097 b0 = gen_msg_abbrev(A_CONNECT);
5098 gen_or(b0, b1);
5099 b0 = gen_msg_abbrev(A_CONNECTACK);
5100 gen_or(b0, b1);
5101 b0 = gen_msg_abbrev(A_RELEASE);
5102 gen_or(b0, b1);
5103 b0 = gen_msg_abbrev(A_RELEASE_DONE);
5104 gen_or(b0, b1);
5105 b0 = gen_atmtype_abbrev(A_SC);
5106 gen_and(b0, b1);
5107 break;
5108
5109 case A_METACONNECT:
5110 if (!is_atm)
5111 bpf_error("'metaconnect' supported only on raw ATM");
5112 b0 = gen_msg_abbrev(A_SETUP);
5113 b1 = gen_msg_abbrev(A_CALLPROCEED);
5114 gen_or(b0, b1);
5115 b0 = gen_msg_abbrev(A_CONNECT);
5116 gen_or(b0, b1);
5117 b0 = gen_msg_abbrev(A_RELEASE);
5118 gen_or(b0, b1);
5119 b0 = gen_msg_abbrev(A_RELEASE_DONE);
5120 gen_or(b0, b1);
5121 b0 = gen_atmtype_abbrev(A_METAC);
5122 gen_and(b0, b1);
5123 break;
5124
5125 default:
5126 abort();
5127 }
5128 return b1;
5129 }
[mirror] the LIBpcap interface to various kernel packet capture mechanism