]> The Tcpdump Group git mirrors - libpcap/blob - gencode.c
projects / libpcap / blob


0ff11fc97acb5d6b9d6c06b0ff3fb21567c91d09
[libpcap] / gencode.c
1 /*#define CHASE_CHAIN*/
2 /*
3 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998
4 * The Regents of the University of California. All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that: (1) source code distributions
8 * retain the above copyright notice and this paragraph in its entirety, (2)
9 * distributions including binary code include the above copyright notice and
10 * this paragraph in its entirety in the documentation or other materials
11 * provided with the distribution, and (3) all advertising materials mentioning
12 * features or use of this software display the following acknowledgement:
13 * ``This product includes software developed by the University of California,
14 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
15 * the University nor the names of its contributors may be used to endorse
16 * or promote products derived from this software without specific prior
17 * written permission.
18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
19 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
20 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
21 */
22 #ifndef lint
23 static const char rcsid[] =
24 "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.125 2000-10-25 07:28:22 guy Exp $ (LBL)";
25 #endif
26
27 #ifdef HAVE_CONFIG_H
28 #include "config.h"
29 #endif
30
31 #include <sys/types.h>
32 #include <sys/socket.h>
33 #include <sys/time.h>
34 #ifdef __NetBSD__
35 #include <sys/param.h>
36 #endif
37
38 struct mbuf;
39 struct rtentry;
40 #include <net/if.h>
41
42 #include <netinet/in.h>
43
44 #include <stdlib.h>
45 #include <string.h>
46 #include <memory.h>
47 #include <setjmp.h>
48 #include <stdarg.h>
49
50 #include "pcap-int.h"
51
52 #include "ethertype.h"
53 #include "gencode.h"
54 #include "ppp.h"
55 #include <pcap-namedb.h>
56 #ifdef INET6
57 #include <netdb.h>
58 #include <sys/socket.h>
59 #endif /*INET6*/
60
61 #ifdef HAVE_OS_PROTO_H
62 #include "os-proto.h"
63 #endif
64
65 #define JMP(c) ((c)|BPF_JMP|BPF_K)
66
67 /* Locals */
68 static jmp_buf top_ctx;
69 static pcap_t *bpf_pcap;
70
71 /* XXX */
72 #ifdef PCAP_FDDIPAD
73 int pcap_fddipad = PCAP_FDDIPAD;
74 #else
75 int pcap_fddipad;
76 #endif
77
78 /* VARARGS */
79 void
80 bpf_error(const char *fmt, ...)
81
82 {
83 va_list ap;
84
85 va_start(ap, fmt);
86 if (bpf_pcap != NULL)
87 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE,
88 fmt, ap);
89 va_end(ap);
90 longjmp(top_ctx, 1);
91 /* NOTREACHED */
92 }
93
94 static void init_linktype(int);
95
96 static int alloc_reg(void);
97 static void free_reg(int);
98
99 static struct block *root;
100
101 /*
102 * We divy out chunks of memory rather than call malloc each time so
103 * we don't have to worry about leaking memory. It's probably
104 * not a big deal if all this memory was wasted but it this ever
105 * goes into a library that would probably not be a good idea.
106 */
107 #define NCHUNKS 16
108 #define CHUNK0SIZE 1024
109 struct chunk {
110 u_int n_left;
111 void *m;
112 };
113
114 static struct chunk chunks[NCHUNKS];
115 static int cur_chunk;
116
117 static void *newchunk(u_int);
118 static void freechunks(void);
119 static inline struct block *new_block(int);
120 static inline struct slist *new_stmt(int);
121 static struct block *gen_retblk(int);
122 static inline void syntax(void);
123
124 static void backpatch(struct block *, struct block *);
125 static void merge(struct block *, struct block *);
126 static struct block *gen_cmp(u_int, u_int, bpf_int32);
127 static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32);
128 static struct block *gen_bcmp(u_int, u_int, const u_char *);
129 static struct block *gen_uncond(int);
130 static inline struct block *gen_true(void);
131 static inline struct block *gen_false(void);
132 static struct block *gen_linktype(int);
133 static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int);
134 #ifdef INET6
135 static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int);
136 #endif
137 static struct block *gen_ehostop(const u_char *, int);
138 static struct block *gen_fhostop(const u_char *, int);
139 static struct block *gen_thostop(const u_char *, int);
140 static struct block *gen_dnhostop(bpf_u_int32, int, u_int);
141 static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int);
142 #ifdef INET6
143 static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int);
144 #endif
145 #ifndef INET6
146 static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int);
147 #endif
148 static struct block *gen_ipfrag(void);
149 static struct block *gen_portatom(int, bpf_int32);
150 #ifdef INET6
151 static struct block *gen_portatom6(int, bpf_int32);
152 #endif
153 struct block *gen_portop(int, int, int);
154 static struct block *gen_port(int, int, int);
155 #ifdef INET6
156 struct block *gen_portop6(int, int, int);
157 static struct block *gen_port6(int, int, int);
158 #endif
159 static int lookup_proto(const char *, int);
160 static struct block *gen_protochain(int, int, int);
161 static struct block *gen_proto(int, int, int);
162 static struct slist *xfer_to_x(struct arth *);
163 static struct slist *xfer_to_a(struct arth *);
164 static struct block *gen_len(int, int);
165
166 static void *
167 newchunk(n)
168 u_int n;
169 {
170 struct chunk *cp;
171 int k, size;
172
173 #ifndef __NetBSD__
174 /* XXX Round up to nearest long. */
175 n = (n + sizeof(long) - 1) & ~(sizeof(long) - 1);
176 #else
177 /* XXX Round up to structure boundary. */
178 n = ALIGN(n);
179 #endif
180
181 cp = &chunks[cur_chunk];
182 if (n > cp->n_left) {
183 ++cp, k = ++cur_chunk;
184 if (k >= NCHUNKS)
185 bpf_error("out of memory");
186 size = CHUNK0SIZE << k;
187 cp->m = (void *)malloc(size);
188 memset((char *)cp->m, 0, size);
189 cp->n_left = size;
190 if (n > size)
191 bpf_error("out of memory");
192 }
193 cp->n_left -= n;
194 return (void *)((char *)cp->m + cp->n_left);
195 }
196
197 static void
198 freechunks()
199 {
200 int i;
201
202 cur_chunk = 0;
203 for (i = 0; i < NCHUNKS; ++i)
204 if (chunks[i].m != NULL) {
205 free(chunks[i].m);
206 chunks[i].m = NULL;
207 }
208 }
209
210 /*
211 * A strdup whose allocations are freed after code generation is over.
212 */
213 char *
214 sdup(s)
215 register const char *s;
216 {
217 int n = strlen(s) + 1;
218 char *cp = newchunk(n);
219
220 strlcpy(cp, s, n);
221 return (cp);
222 }
223
224 static inline struct block *
225 new_block(code)
226 int code;
227 {
228 struct block *p;
229
230 p = (struct block *)newchunk(sizeof(*p));
231 p->s.code = code;
232 p->head = p;
233
234 return p;
235 }
236
237 static inline struct slist *
238 new_stmt(code)
239 int code;
240 {
241 struct slist *p;
242
243 p = (struct slist *)newchunk(sizeof(*p));
244 p->s.code = code;
245
246 return p;
247 }
248
249 static struct block *
250 gen_retblk(v)
251 int v;
252 {
253 struct block *b = new_block(BPF_RET|BPF_K);
254
255 b->s.k = v;
256 return b;
257 }
258
259 static inline void
260 syntax()
261 {
262 bpf_error("syntax error in filter expression");
263 }
264
265 static bpf_u_int32 netmask;
266 static int snaplen;
267 int no_optimize;
268
269 int
270 pcap_compile(pcap_t *p, struct bpf_program *program,
271 char *buf, int optimize, bpf_u_int32 mask)
272 {
273 extern int n_errors;
274 int len;
275
276 no_optimize = 0;
277 n_errors = 0;
278 root = NULL;
279 bpf_pcap = p;
280 if (setjmp(top_ctx)) {
281 lex_cleanup();
282 freechunks();
283 return (-1);
284 }
285
286 netmask = mask;
287
288 /* On Linux we do not use the BPF filter to truncate the packet
289 * since the kernel provides other ways for that. In fact if we
290 * are using the packet filter for that duty we will be unable
291 * to acquire the original packet size. -- Torsten */
292 #ifndef linux
293 snaplen = pcap_snapshot(p);
294 #else
295 snaplen = 0xffff;
296 #endif
297 if (snaplen == 0) {
298 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
299 "snaplen of 0 rejects all packets");
300 return -1;
301 }
302
303 lex_init(buf ? buf : "");
304 init_linktype(pcap_datalink(p));
305 (void)pcap_parse();
306
307 if (n_errors)
308 syntax();
309
310 if (root == NULL)
311 root = gen_retblk(snaplen);
312
313 if (optimize && !no_optimize) {
314 bpf_optimize(&root);
315 if (root == NULL ||
316 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0))
317 bpf_error("expression rejects all packets");
318 }
319 program->bf_insns = icode_to_fcode(root, &len);
320 program->bf_len = len;
321
322 lex_cleanup();
323 freechunks();
324 return (0);
325 }
326
327 /*
328 * entry point for using the compiler with no pcap open
329 * pass in all the stuff that is needed explicitly instead.
330 */
331 int
332 pcap_compile_nopcap(int snaplen_arg, int linktype_arg,
333 struct bpf_program *program,
334 char *buf, int optimize, bpf_u_int32 mask)
335 {
336 extern int n_errors;
337 int len;
338
339 n_errors = 0;
340 root = NULL;
341 bpf_pcap = NULL;
342 if (setjmp(top_ctx)) {
343 freechunks();
344 return (-1);
345 }
346
347 netmask = mask;
348
349 /* XXX needed? I don't grok the use of globals here. */
350 snaplen = snaplen_arg;
351
352 lex_init(buf ? buf : "");
353 init_linktype(linktype_arg);
354 (void)pcap_parse();
355
356 if (n_errors)
357 syntax();
358
359 if (root == NULL)
360 root = gen_retblk(snaplen_arg);
361
362 if (optimize) {
363 bpf_optimize(&root);
364 if (root == NULL ||
365 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0))
366 bpf_error("expression rejects all packets");
367 }
368 program->bf_insns = icode_to_fcode(root, &len);
369 program->bf_len = len;
370
371 freechunks();
372 return (0);
373 }
374
375 /*
376 * Clean up a "struct bpf_program" by freeing all the memory allocated
377 * in it.
378 */
379 void
380 pcap_freecode(pcap_t *p, struct bpf_program *program)
381 {
382 program->bf_len = 0;
383 if (program->bf_insns != NULL) {
384 free((char *)program->bf_insns);
385 program->bf_insns = NULL;
386 }
387 }
388
389 /*
390 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates
391 * which of the jt and jf fields has been resolved and which is a pointer
392 * back to another unresolved block (or nil). At least one of the fields
393 * in each block is already resolved.
394 */
395 static void
396 backpatch(list, target)
397 struct block *list, *target;
398 {
399 struct block *next;
400
401 while (list) {
402 if (!list->sense) {
403 next = JT(list);
404 JT(list) = target;
405 } else {
406 next = JF(list);
407 JF(list) = target;
408 }
409 list = next;
410 }
411 }
412
413 /*
414 * Merge the lists in b0 and b1, using the 'sense' field to indicate
415 * which of jt and jf is the link.
416 */
417 static void
418 merge(b0, b1)
419 struct block *b0, *b1;
420 {
421 register struct block **p = &b0;
422
423 /* Find end of list. */
424 while (*p)
425 p = !((*p)->sense) ? &JT(*p) : &JF(*p);
426
427 /* Concatenate the lists. */
428 *p = b1;
429 }
430
431 void
432 finish_parse(p)
433 struct block *p;
434 {
435 backpatch(p, gen_retblk(snaplen));
436 p->sense = !p->sense;
437 backpatch(p, gen_retblk(0));
438 root = p->head;
439 }
440
441 void
442 gen_and(b0, b1)
443 struct block *b0, *b1;
444 {
445 backpatch(b0, b1->head);
446 b0->sense = !b0->sense;
447 b1->sense = !b1->sense;
448 merge(b1, b0);
449 b1->sense = !b1->sense;
450 b1->head = b0->head;
451 }
452
453 void
454 gen_or(b0, b1)
455 struct block *b0, *b1;
456 {
457 b0->sense = !b0->sense;
458 backpatch(b0, b1->head);
459 b0->sense = !b0->sense;
460 merge(b1, b0);
461 b1->head = b0->head;
462 }
463
464 void
465 gen_not(b)
466 struct block *b;
467 {
468 b->sense = !b->sense;
469 }
470
471 static struct block *
472 gen_cmp(offset, size, v)
473 u_int offset, size;
474 bpf_int32 v;
475 {
476 struct slist *s;
477 struct block *b;
478
479 s = new_stmt(BPF_LD|BPF_ABS|size);
480 s->s.k = offset;
481
482 b = new_block(JMP(BPF_JEQ));
483 b->stmts = s;
484 b->s.k = v;
485
486 return b;
487 }
488
489 static struct block *
490 gen_mcmp(offset, size, v, mask)
491 u_int offset, size;
492 bpf_int32 v;
493 bpf_u_int32 mask;
494 {
495 struct block *b = gen_cmp(offset, size, v);
496 struct slist *s;
497
498 if (mask != 0xffffffff) {
499 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
500 s->s.k = mask;
501 b->stmts->next = s;
502 }
503 return b;
504 }
505
506 static struct block *
507 gen_bcmp(offset, size, v)
508 register u_int offset, size;
509 register const u_char *v;
510 {
511 register struct block *b, *tmp;
512
513 b = NULL;
514 while (size >= 4) {
515 register const u_char *p = &v[size - 4];
516 bpf_int32 w = ((bpf_int32)p[0] << 24) |
517 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3];
518
519 tmp = gen_cmp(offset + size - 4, BPF_W, w);
520 if (b != NULL)
521 gen_and(b, tmp);
522 b = tmp;
523 size -= 4;
524 }
525 while (size >= 2) {
526 register const u_char *p = &v[size - 2];
527 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1];
528
529 tmp = gen_cmp(offset + size - 2, BPF_H, w);
530 if (b != NULL)
531 gen_and(b, tmp);
532 b = tmp;
533 size -= 2;
534 }
535 if (size > 0) {
536 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]);
537 if (b != NULL)
538 gen_and(b, tmp);
539 b = tmp;
540 }
541 return b;
542 }
543
544 /*
545 * Various code constructs need to know the layout of the data link
546 * layer. These variables give the necessary offsets. off_linktype
547 * is set to -1 for no encapsulation, in which case, IP is assumed.
548 */
549 static u_int off_linktype;
550 static u_int off_nl;
551 static int linktype;
552
553 static void
554 init_linktype(type)
555 int type;
556 {
557 linktype = type;
558
559 switch (type) {
560
561 case DLT_EN10MB:
562 off_linktype = 12;
563 off_nl = 14;
564 return;
565
566 case DLT_SLIP:
567 /*
568 * SLIP doesn't have a link level type. The 16 byte
569 * header is hacked into our SLIP driver.
570 */
571 off_linktype = -1;
572 off_nl = 16;
573 return;
574
575 case DLT_SLIP_BSDOS:
576 /* XXX this may be the same as the DLT_PPP_BSDOS case */
577 off_linktype = -1;
578 /* XXX end */
579 off_nl = 24;
580 return;
581
582 case DLT_NULL:
583 off_linktype = 0;
584 off_nl = 4;
585 return;
586
587 case DLT_PPP:
588 case DLT_C_HDLC:
589 case DLT_PPP_SERIAL:
590 off_linktype = 2;
591 off_nl = 4;
592 return;
593
594 case DLT_PPP_BSDOS:
595 off_linktype = 5;
596 off_nl = 24;
597 return;
598
599 case DLT_FDDI:
600 /*
601 * FDDI doesn't really have a link-level type field.
602 * We assume that SSAP = SNAP is being used and pick
603 * out the encapsulated Ethernet type.
604 *
605 * XXX - should we generate code to check for SNAP?
606 */
607 off_linktype = 19;
608 #ifdef PCAP_FDDIPAD
609 off_linktype += pcap_fddipad;
610 #endif
611 off_nl = 21;
612 #ifdef PCAP_FDDIPAD
613 off_nl += pcap_fddipad;
614 #endif
615 return;
616
617 case DLT_IEEE802:
618 /*
619 * Token Ring doesn't really have a link-level type field.
620 * We assume that SSAP = SNAP is being used and pick
621 * out the encapsulated Ethernet type.
622 *
623 * XXX - should we generate code to check for SNAP?
624 *
625 * XXX - the header is actually variable-length.
626 * Some various Linux patched versions gave 38
627 * as "off_linktype" and 40 as "off_nl"; however,
628 * if a token ring packet has *no* routing
629 * information, i.e. is not source-routed, the correct
630 * values are 20 and 22, as they are in the vanilla code.
631 *
632 * A packet is source-routed iff the uppermost bit
633 * of the first byte of the source address, at an
634 * offset of 8, has the uppermost bit set. If the
635 * packet is source-routed, the total number of bytes
636 * of routing information is 2 plus bits 0x1F00 of
637 * the 16-bit value at an offset of 14 (shifted right
638 * 8 - figure out which byte that is).
639 */
640 off_linktype = 20;
641 off_nl = 22;
642 return;
643
644 case DLT_ATM_RFC1483:
645 /*
646 * assume routed, non-ISO PDUs
647 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00)
648 */
649 off_linktype = 6;
650 off_nl = 8;
651 return;
652
653 case DLT_RAW:
654 off_linktype = -1;
655 off_nl = 0;
656 return;
657
658 case DLT_ATM_CLIP: /* Linux ATM defines this */
659 off_linktype = 6;
660 off_nl = 8;
661 return;
662 }
663 bpf_error("unknown data link type 0x%x", linktype);
664 /* NOTREACHED */
665 }
666
667 static struct block *
668 gen_uncond(rsense)
669 int rsense;
670 {
671 struct block *b;
672 struct slist *s;
673
674 s = new_stmt(BPF_LD|BPF_IMM);
675 s->s.k = !rsense;
676 b = new_block(JMP(BPF_JEQ));
677 b->stmts = s;
678
679 return b;
680 }
681
682 static inline struct block *
683 gen_true()
684 {
685 return gen_uncond(1);
686 }
687
688 static inline struct block *
689 gen_false()
690 {
691 return gen_uncond(0);
692 }
693
694 static struct block *
695 gen_linktype(proto)
696 register int proto;
697 {
698 struct block *b0, *b1;
699
700 /* If we're not using encapsulation, we're done */
701 if (off_linktype == -1)
702 return gen_true();
703
704 switch (linktype) {
705
706 case DLT_SLIP:
707 return gen_false();
708
709 case DLT_PPP:
710 case DLT_PPP_SERIAL:
711 if (proto == ETHERTYPE_IP)
712 proto = PPP_IP; /* XXX was 0x21 */
713 #ifdef INET6
714 else if (proto == ETHERTYPE_IPV6)
715 proto = PPP_IPV6;
716 #endif
717 break;
718
719 case DLT_PPP_BSDOS:
720 switch (proto) {
721
722 case ETHERTYPE_IP:
723 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP);
724 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC);
725 gen_or(b0, b1);
726 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC);
727 gen_or(b1, b0);
728 return b0;
729
730 #ifdef INET6
731 case ETHERTYPE_IPV6:
732 proto = PPP_IPV6;
733 /* more to go? */
734 break;
735 #endif
736
737 case ETHERTYPE_DN:
738 proto = PPP_DECNET;
739 break;
740
741 case ETHERTYPE_ATALK:
742 proto = PPP_APPLE;
743 break;
744
745 case ETHERTYPE_NS:
746 proto = PPP_NS;
747 break;
748 }
749 break;
750
751 case DLT_NULL:
752 /* XXX */
753 if (proto == ETHERTYPE_IP)
754 return (gen_cmp(0, BPF_W, (bpf_int32)htonl(AF_INET)));
755 #ifdef INET6
756 else if (proto == ETHERTYPE_IPV6)
757 return (gen_cmp(0, BPF_W, (bpf_int32)htonl(AF_INET6)));
758 #endif
759 else
760 return gen_false();
761 }
762 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
763 }
764
765 static struct block *
766 gen_hostop(addr, mask, dir, proto, src_off, dst_off)
767 bpf_u_int32 addr;
768 bpf_u_int32 mask;
769 int dir, proto;
770 u_int src_off, dst_off;
771 {
772 struct block *b0, *b1;
773 u_int offset;
774
775 switch (dir) {
776
777 case Q_SRC:
778 offset = src_off;
779 break;
780
781 case Q_DST:
782 offset = dst_off;
783 break;
784
785 case Q_AND:
786 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
787 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
788 gen_and(b0, b1);
789 return b1;
790
791 case Q_OR:
792 case Q_DEFAULT:
793 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
794 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
795 gen_or(b0, b1);
796 return b1;
797
798 default:
799 abort();
800 }
801 b0 = gen_linktype(proto);
802 b1 = gen_mcmp(offset, BPF_W, (bpf_int32)addr, mask);
803 gen_and(b0, b1);
804 return b1;
805 }
806
807 #ifdef INET6
808 static struct block *
809 gen_hostop6(addr, mask, dir, proto, src_off, dst_off)
810 struct in6_addr *addr;
811 struct in6_addr *mask;
812 int dir, proto;
813 u_int src_off, dst_off;
814 {
815 struct block *b0, *b1;
816 u_int offset;
817 u_int32_t *a, *m;
818
819 switch (dir) {
820
821 case Q_SRC:
822 offset = src_off;
823 break;
824
825 case Q_DST:
826 offset = dst_off;
827 break;
828
829 case Q_AND:
830 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
831 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
832 gen_and(b0, b1);
833 return b1;
834
835 case Q_OR:
836 case Q_DEFAULT:
837 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
838 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
839 gen_or(b0, b1);
840 return b1;
841
842 default:
843 abort();
844 }
845 /* this order is important */
846 a = (u_int32_t *)addr;
847 m = (u_int32_t *)mask;
848 b1 = gen_mcmp(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3]));
849 b0 = gen_mcmp(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2]));
850 gen_and(b0, b1);
851 b0 = gen_mcmp(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1]));
852 gen_and(b0, b1);
853 b0 = gen_mcmp(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0]));
854 gen_and(b0, b1);
855 b0 = gen_linktype(proto);
856 gen_and(b0, b1);
857 return b1;
858 }
859 #endif /*INET6*/
860
861 static struct block *
862 gen_ehostop(eaddr, dir)
863 register const u_char *eaddr;
864 register int dir;
865 {
866 register struct block *b0, *b1;
867
868 switch (dir) {
869 case Q_SRC:
870 return gen_bcmp(6, 6, eaddr);
871
872 case Q_DST:
873 return gen_bcmp(0, 6, eaddr);
874
875 case Q_AND:
876 b0 = gen_ehostop(eaddr, Q_SRC);
877 b1 = gen_ehostop(eaddr, Q_DST);
878 gen_and(b0, b1);
879 return b1;
880
881 case Q_DEFAULT:
882 case Q_OR:
883 b0 = gen_ehostop(eaddr, Q_SRC);
884 b1 = gen_ehostop(eaddr, Q_DST);
885 gen_or(b0, b1);
886 return b1;
887 }
888 abort();
889 /* NOTREACHED */
890 }
891
892 /*
893 * Like gen_ehostop, but for DLT_FDDI
894 */
895 static struct block *
896 gen_fhostop(eaddr, dir)
897 register const u_char *eaddr;
898 register int dir;
899 {
900 struct block *b0, *b1;
901
902 switch (dir) {
903 case Q_SRC:
904 #ifdef PCAP_FDDIPAD
905 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr);
906 #else
907 return gen_bcmp(6 + 1, 6, eaddr);
908 #endif
909
910 case Q_DST:
911 #ifdef PCAP_FDDIPAD
912 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr);
913 #else
914 return gen_bcmp(0 + 1, 6, eaddr);
915 #endif
916
917 case Q_AND:
918 b0 = gen_fhostop(eaddr, Q_SRC);
919 b1 = gen_fhostop(eaddr, Q_DST);
920 gen_and(b0, b1);
921 return b1;
922
923 case Q_DEFAULT:
924 case Q_OR:
925 b0 = gen_fhostop(eaddr, Q_SRC);
926 b1 = gen_fhostop(eaddr, Q_DST);
927 gen_or(b0, b1);
928 return b1;
929 }
930 abort();
931 /* NOTREACHED */
932 }
933
934 /*
935 * Like gen_ehostop, but for DLT_IEEE802 (Token Ring)
936 */
937 static struct block *
938 gen_thostop(eaddr, dir)
939 register const u_char *eaddr;
940 register int dir;
941 {
942 register struct block *b0, *b1;
943
944 switch (dir) {
945 case Q_SRC:
946 return gen_bcmp(8, 6, eaddr);
947
948 case Q_DST:
949 return gen_bcmp(2, 6, eaddr);
950
951 case Q_AND:
952 b0 = gen_thostop(eaddr, Q_SRC);
953 b1 = gen_thostop(eaddr, Q_DST);
954 gen_and(b0, b1);
955 return b1;
956
957 case Q_DEFAULT:
958 case Q_OR:
959 b0 = gen_thostop(eaddr, Q_SRC);
960 b1 = gen_thostop(eaddr, Q_DST);
961 gen_or(b0, b1);
962 return b1;
963 }
964 abort();
965 /* NOTREACHED */
966 }
967
968 /*
969 * This is quite tricky because there may be pad bytes in front of the
970 * DECNET header, and then there are two possible data packet formats that
971 * carry both src and dst addresses, plus 5 packet types in a format that
972 * carries only the src node, plus 2 types that use a different format and
973 * also carry just the src node.
974 *
975 * Yuck.
976 *
977 * Instead of doing those all right, we just look for data packets with
978 * 0 or 1 bytes of padding. If you want to look at other packets, that
979 * will require a lot more hacking.
980 *
981 * To add support for filtering on DECNET "areas" (network numbers)
982 * one would want to add a "mask" argument to this routine. That would
983 * make the filter even more inefficient, although one could be clever
984 * and not generate masking instructions if the mask is 0xFFFF.
985 */
986 static struct block *
987 gen_dnhostop(addr, dir, base_off)
988 bpf_u_int32 addr;
989 int dir;
990 u_int base_off;
991 {
992 struct block *b0, *b1, *b2, *tmp;
993 u_int offset_lh; /* offset if long header is received */
994 u_int offset_sh; /* offset if short header is received */
995
996 switch (dir) {
997
998 case Q_DST:
999 offset_sh = 1; /* follows flags */
1000 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */
1001 break;
1002
1003 case Q_SRC:
1004 offset_sh = 3; /* follows flags, dstnode */
1005 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */
1006 break;
1007
1008 case Q_AND:
1009 /* Inefficient because we do our Calvinball dance twice */
1010 b0 = gen_dnhostop(addr, Q_SRC, base_off);
1011 b1 = gen_dnhostop(addr, Q_DST, base_off);
1012 gen_and(b0, b1);
1013 return b1;
1014
1015 case Q_OR:
1016 case Q_DEFAULT:
1017 /* Inefficient because we do our Calvinball dance twice */
1018 b0 = gen_dnhostop(addr, Q_SRC, base_off);
1019 b1 = gen_dnhostop(addr, Q_DST, base_off);
1020 gen_or(b0, b1);
1021 return b1;
1022
1023 default:
1024 abort();
1025 }
1026 b0 = gen_linktype(ETHERTYPE_DN);
1027 /* Check for pad = 1, long header case */
1028 tmp = gen_mcmp(base_off + 2, BPF_H,
1029 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF));
1030 b1 = gen_cmp(base_off + 2 + 1 + offset_lh,
1031 BPF_H, (bpf_int32)ntohs(addr));
1032 gen_and(tmp, b1);
1033 /* Check for pad = 0, long header case */
1034 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7);
1035 b2 = gen_cmp(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr));
1036 gen_and(tmp, b2);
1037 gen_or(b2, b1);
1038 /* Check for pad = 1, short header case */
1039 tmp = gen_mcmp(base_off + 2, BPF_H,
1040 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF));
1041 b2 = gen_cmp(base_off + 2 + 1 + offset_sh,
1042 BPF_H, (bpf_int32)ntohs(addr));
1043 gen_and(tmp, b2);
1044 gen_or(b2, b1);
1045 /* Check for pad = 0, short header case */
1046 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7);
1047 b2 = gen_cmp(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr));
1048 gen_and(tmp, b2);
1049 gen_or(b2, b1);
1050
1051 /* Combine with test for linktype */
1052 gen_and(b0, b1);
1053 return b1;
1054 }
1055
1056 static struct block *
1057 gen_host(addr, mask, proto, dir)
1058 bpf_u_int32 addr;
1059 bpf_u_int32 mask;
1060 int proto;
1061 int dir;
1062 {
1063 struct block *b0, *b1;
1064
1065 switch (proto) {
1066
1067 case Q_DEFAULT:
1068 b0 = gen_host(addr, mask, Q_IP, dir);
1069 if (off_linktype != -1) {
1070 b1 = gen_host(addr, mask, Q_ARP, dir);
1071 gen_or(b0, b1);
1072 b0 = gen_host(addr, mask, Q_RARP, dir);
1073 gen_or(b1, b0);
1074 }
1075 return b0;
1076
1077 case Q_IP:
1078 return gen_hostop(addr, mask, dir, ETHERTYPE_IP,
1079 off_nl + 12, off_nl + 16);
1080
1081 case Q_RARP:
1082 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP,
1083 off_nl + 14, off_nl + 24);
1084
1085 case Q_ARP:
1086 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP,
1087 off_nl + 14, off_nl + 24);
1088
1089 case Q_TCP:
1090 bpf_error("'tcp' modifier applied to host");
1091
1092 case Q_UDP:
1093 bpf_error("'udp' modifier applied to host");
1094
1095 case Q_ICMP:
1096 bpf_error("'icmp' modifier applied to host");
1097
1098 case Q_IGMP:
1099 bpf_error("'igmp' modifier applied to host");
1100
1101 case Q_IGRP:
1102 bpf_error("'igrp' modifier applied to host");
1103
1104 case Q_PIM:
1105 bpf_error("'pim' modifier applied to host");
1106
1107 case Q_ATALK:
1108 bpf_error("ATALK host filtering not implemented");
1109
1110 case Q_DECNET:
1111 return gen_dnhostop(addr, dir, off_nl);
1112
1113 case Q_SCA:
1114 bpf_error("SCA host filtering not implemented");
1115
1116 case Q_LAT:
1117 bpf_error("LAT host filtering not implemented");
1118
1119 case Q_MOPDL:
1120 bpf_error("MOPDL host filtering not implemented");
1121
1122 case Q_MOPRC:
1123 bpf_error("MOPRC host filtering not implemented");
1124
1125 #ifdef INET6
1126 case Q_IPV6:
1127 bpf_error("'ip6' modifier applied to ip host");
1128
1129 case Q_ICMPV6:
1130 bpf_error("'icmp6' modifier applied to host");
1131 #endif /* INET6 */
1132
1133 case Q_AH:
1134 bpf_error("'ah' modifier applied to host");
1135
1136 case Q_ESP:
1137 bpf_error("'esp' modifier applied to host");
1138
1139 default:
1140 abort();
1141 }
1142 /* NOTREACHED */
1143 }
1144
1145 #ifdef INET6
1146 static struct block *
1147 gen_host6(addr, mask, proto, dir)
1148 struct in6_addr *addr;
1149 struct in6_addr *mask;
1150 int proto;
1151 int dir;
1152 {
1153 switch (proto) {
1154
1155 case Q_DEFAULT:
1156 return gen_host6(addr, mask, Q_IPV6, dir);
1157
1158 case Q_IP:
1159 bpf_error("'ip' modifier applied to ip6 host");
1160
1161 case Q_RARP:
1162 bpf_error("'rarp' modifier applied to ip6 host");
1163
1164 case Q_ARP:
1165 bpf_error("'arp' modifier applied to ip6 host");
1166
1167 case Q_TCP:
1168 bpf_error("'tcp' modifier applied to host");
1169
1170 case Q_UDP:
1171 bpf_error("'udp' modifier applied to host");
1172
1173 case Q_ICMP:
1174 bpf_error("'icmp' modifier applied to host");
1175
1176 case Q_IGMP:
1177 bpf_error("'igmp' modifier applied to host");
1178
1179 case Q_IGRP:
1180 bpf_error("'igrp' modifier applied to host");
1181
1182 case Q_PIM:
1183 bpf_error("'pim' modifier applied to host");
1184
1185 case Q_ATALK:
1186 bpf_error("ATALK host filtering not implemented");
1187
1188 case Q_DECNET:
1189 bpf_error("'decnet' modifier applied to ip6 host");
1190
1191 case Q_SCA:
1192 bpf_error("SCA host filtering not implemented");
1193
1194 case Q_LAT:
1195 bpf_error("LAT host filtering not implemented");
1196
1197 case Q_MOPDL:
1198 bpf_error("MOPDL host filtering not implemented");
1199
1200 case Q_MOPRC:
1201 bpf_error("MOPRC host filtering not implemented");
1202
1203 case Q_IPV6:
1204 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6,
1205 off_nl + 8, off_nl + 24);
1206
1207 case Q_ICMPV6:
1208 bpf_error("'icmp6' modifier applied to host");
1209
1210 case Q_AH:
1211 bpf_error("'ah' modifier applied to host");
1212
1213 case Q_ESP:
1214 bpf_error("'esp' modifier applied to host");
1215
1216 default:
1217 abort();
1218 }
1219 /* NOTREACHED */
1220 }
1221 #endif /*INET6*/
1222
1223 #ifndef INET6
1224 static struct block *
1225 gen_gateway(eaddr, alist, proto, dir)
1226 const u_char *eaddr;
1227 bpf_u_int32 **alist;
1228 int proto;
1229 int dir;
1230 {
1231 struct block *b0, *b1, *tmp;
1232
1233 if (dir != 0)
1234 bpf_error("direction applied to 'gateway'");
1235
1236 switch (proto) {
1237 case Q_DEFAULT:
1238 case Q_IP:
1239 case Q_ARP:
1240 case Q_RARP:
1241 if (linktype == DLT_EN10MB)
1242 b0 = gen_ehostop(eaddr, Q_OR);
1243 else if (linktype == DLT_FDDI)
1244 b0 = gen_fhostop(eaddr, Q_OR);
1245 else if (linktype == DLT_IEEE802)
1246 b0 = gen_thostop(eaddr, Q_OR);
1247 else
1248 bpf_error(
1249 "'gateway' supported only on ethernet, FDDI or token ring");
1250
1251 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR);
1252 while (*alist) {
1253 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR);
1254 gen_or(b1, tmp);
1255 b1 = tmp;
1256 }
1257 gen_not(b1);
1258 gen_and(b0, b1);
1259 return b1;
1260 }
1261 bpf_error("illegal modifier of 'gateway'");
1262 /* NOTREACHED */
1263 }
1264 #endif
1265
1266 struct block *
1267 gen_proto_abbrev(proto)
1268 int proto;
1269 {
1270 #ifdef INET6
1271 struct block *b0;
1272 #endif
1273 struct block *b1;
1274
1275 switch (proto) {
1276
1277 case Q_TCP:
1278 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT);
1279 #ifdef INET6
1280 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT);
1281 gen_or(b0, b1);
1282 #endif
1283 break;
1284
1285 case Q_UDP:
1286 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT);
1287 #ifdef INET6
1288 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT);
1289 gen_or(b0, b1);
1290 #endif
1291 break;
1292
1293 case Q_ICMP:
1294 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT);
1295 break;
1296
1297 #ifndef IPPROTO_IGMP
1298 #define IPPROTO_IGMP 2
1299 #endif
1300
1301 case Q_IGMP:
1302 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT);
1303 break;
1304
1305 #ifndef IPPROTO_IGRP
1306 #define IPPROTO_IGRP 9
1307 #endif
1308 case Q_IGRP:
1309 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT);
1310 break;
1311
1312 #ifndef IPPROTO_PIM
1313 #define IPPROTO_PIM 103
1314 #endif
1315
1316 case Q_PIM:
1317 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT);
1318 #ifdef INET6
1319 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT);
1320 gen_or(b0, b1);
1321 #endif
1322 break;
1323
1324 case Q_IP:
1325 b1 = gen_linktype(ETHERTYPE_IP);
1326 break;
1327
1328 case Q_ARP:
1329 b1 = gen_linktype(ETHERTYPE_ARP);
1330 break;
1331
1332 case Q_RARP:
1333 b1 = gen_linktype(ETHERTYPE_REVARP);
1334 break;
1335
1336 case Q_LINK:
1337 bpf_error("link layer applied in wrong context");
1338
1339 case Q_ATALK:
1340 b1 = gen_linktype(ETHERTYPE_ATALK);
1341 break;
1342
1343 case Q_DECNET:
1344 b1 = gen_linktype(ETHERTYPE_DN);
1345 break;
1346
1347 case Q_SCA:
1348 b1 = gen_linktype(ETHERTYPE_SCA);
1349 break;
1350
1351 case Q_LAT:
1352 b1 = gen_linktype(ETHERTYPE_LAT);
1353 break;
1354
1355 case Q_MOPDL:
1356 b1 = gen_linktype(ETHERTYPE_MOPDL);
1357 break;
1358
1359 case Q_MOPRC:
1360 b1 = gen_linktype(ETHERTYPE_MOPRC);
1361 break;
1362
1363 #ifdef INET6
1364 case Q_IPV6:
1365 b1 = gen_linktype(ETHERTYPE_IPV6);
1366 break;
1367
1368 #ifndef IPPROTO_ICMPV6
1369 #define IPPROTO_ICMPV6 58
1370 #endif
1371 case Q_ICMPV6:
1372 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT);
1373 break;
1374 #endif /* INET6 */
1375
1376 #ifndef IPPROTO_AH
1377 #define IPPROTO_AH 51
1378 #endif
1379 case Q_AH:
1380 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT);
1381 #ifdef INET6
1382 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT);
1383 gen_or(b0, b1);
1384 #endif
1385 break;
1386
1387 #ifndef IPPROTO_ESP
1388 #define IPPROTO_ESP 50
1389 #endif
1390 case Q_ESP:
1391 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT);
1392 #ifdef INET6
1393 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT);
1394 gen_or(b0, b1);
1395 #endif
1396 break;
1397
1398 default:
1399 abort();
1400 }
1401 return b1;
1402 }
1403
1404 static struct block *
1405 gen_ipfrag()
1406 {
1407 struct slist *s;
1408 struct block *b;
1409
1410 /* not ip frag */
1411 s = new_stmt(BPF_LD|BPF_H|BPF_ABS);
1412 s->s.k = off_nl + 6;
1413 b = new_block(JMP(BPF_JSET));
1414 b->s.k = 0x1fff;
1415 b->stmts = s;
1416 gen_not(b);
1417
1418 return b;
1419 }
1420
1421 static struct block *
1422 gen_portatom(off, v)
1423 int off;
1424 bpf_int32 v;
1425 {
1426 struct slist *s;
1427 struct block *b;
1428
1429 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
1430 s->s.k = off_nl;
1431
1432 s->next = new_stmt(BPF_LD|BPF_IND|BPF_H);
1433 s->next->s.k = off_nl + off;
1434
1435 b = new_block(JMP(BPF_JEQ));
1436 b->stmts = s;
1437 b->s.k = v;
1438
1439 return b;
1440 }
1441
1442 #ifdef INET6
1443 static struct block *
1444 gen_portatom6(off, v)
1445 int off;
1446 bpf_int32 v;
1447 {
1448 return gen_cmp(off_nl + 40 + off, BPF_H, v);
1449 }
1450 #endif/*INET6*/
1451
1452 struct block *
1453 gen_portop(port, proto, dir)
1454 int port, proto, dir;
1455 {
1456 struct block *b0, *b1, *tmp;
1457
1458 /* ip proto 'proto' */
1459 tmp = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)proto);
1460 b0 = gen_ipfrag();
1461 gen_and(tmp, b0);
1462
1463 switch (dir) {
1464 case Q_SRC:
1465 b1 = gen_portatom(0, (bpf_int32)port);
1466 break;
1467
1468 case Q_DST:
1469 b1 = gen_portatom(2, (bpf_int32)port);
1470 break;
1471
1472 case Q_OR:
1473 case Q_DEFAULT:
1474 tmp = gen_portatom(0, (bpf_int32)port);
1475 b1 = gen_portatom(2, (bpf_int32)port);
1476 gen_or(tmp, b1);
1477 break;
1478
1479 case Q_AND:
1480 tmp = gen_portatom(0, (bpf_int32)port);
1481 b1 = gen_portatom(2, (bpf_int32)port);
1482 gen_and(tmp, b1);
1483 break;
1484
1485 default:
1486 abort();
1487 }
1488 gen_and(b0, b1);
1489
1490 return b1;
1491 }
1492
1493 static struct block *
1494 gen_port(port, ip_proto, dir)
1495 int port;
1496 int ip_proto;
1497 int dir;
1498 {
1499 struct block *b0, *b1, *tmp;
1500
1501 /* ether proto ip */
1502 b0 = gen_linktype(ETHERTYPE_IP);
1503
1504 switch (ip_proto) {
1505 case IPPROTO_UDP:
1506 case IPPROTO_TCP:
1507 b1 = gen_portop(port, ip_proto, dir);
1508 break;
1509
1510 case PROTO_UNDEF:
1511 tmp = gen_portop(port, IPPROTO_TCP, dir);
1512 b1 = gen_portop(port, IPPROTO_UDP, dir);
1513 gen_or(tmp, b1);
1514 break;
1515
1516 default:
1517 abort();
1518 }
1519 gen_and(b0, b1);
1520 return b1;
1521 }
1522
1523 #ifdef INET6
1524 struct block *
1525 gen_portop6(port, proto, dir)
1526 int port, proto, dir;
1527 {
1528 struct block *b0, *b1, *tmp;
1529
1530 /* ip proto 'proto' */
1531 b0 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)proto);
1532
1533 switch (dir) {
1534 case Q_SRC:
1535 b1 = gen_portatom6(0, (bpf_int32)port);
1536 break;
1537
1538 case Q_DST:
1539 b1 = gen_portatom6(2, (bpf_int32)port);
1540 break;
1541
1542 case Q_OR:
1543 case Q_DEFAULT:
1544 tmp = gen_portatom6(0, (bpf_int32)port);
1545 b1 = gen_portatom6(2, (bpf_int32)port);
1546 gen_or(tmp, b1);
1547 break;
1548
1549 case Q_AND:
1550 tmp = gen_portatom6(0, (bpf_int32)port);
1551 b1 = gen_portatom6(2, (bpf_int32)port);
1552 gen_and(tmp, b1);
1553 break;
1554
1555 default:
1556 abort();
1557 }
1558 gen_and(b0, b1);
1559
1560 return b1;
1561 }
1562
1563 static struct block *
1564 gen_port6(port, ip_proto, dir)
1565 int port;
1566 int ip_proto;
1567 int dir;
1568 {
1569 struct block *b0, *b1, *tmp;
1570
1571 /* ether proto ip */
1572 b0 = gen_linktype(ETHERTYPE_IPV6);
1573
1574 switch (ip_proto) {
1575 case IPPROTO_UDP:
1576 case IPPROTO_TCP:
1577 b1 = gen_portop6(port, ip_proto, dir);
1578 break;
1579
1580 case PROTO_UNDEF:
1581 tmp = gen_portop6(port, IPPROTO_TCP, dir);
1582 b1 = gen_portop6(port, IPPROTO_UDP, dir);
1583 gen_or(tmp, b1);
1584 break;
1585
1586 default:
1587 abort();
1588 }
1589 gen_and(b0, b1);
1590 return b1;
1591 }
1592 #endif /* INET6 */
1593
1594 static int
1595 lookup_proto(name, proto)
1596 register const char *name;
1597 register int proto;
1598 {
1599 register int v;
1600
1601 switch (proto) {
1602
1603 case Q_DEFAULT:
1604 case Q_IP:
1605 v = pcap_nametoproto(name);
1606 if (v == PROTO_UNDEF)
1607 bpf_error("unknown ip proto '%s'", name);
1608 break;
1609
1610 case Q_LINK:
1611 /* XXX should look up h/w protocol type based on linktype */
1612 v = pcap_nametoeproto(name);
1613 if (v == PROTO_UNDEF)
1614 bpf_error("unknown ether proto '%s'", name);
1615 break;
1616
1617 default:
1618 v = PROTO_UNDEF;
1619 break;
1620 }
1621 return v;
1622 }
1623
1624 #if 0
1625 struct stmt *
1626 gen_joinsp(s, n)
1627 struct stmt **s;
1628 int n;
1629 {
1630 return NULL;
1631 }
1632 #endif
1633
1634 static struct block *
1635 gen_protochain(v, proto, dir)
1636 int v;
1637 int proto;
1638 int dir;
1639 {
1640 #ifdef NO_PROTOCHAIN
1641 return gen_proto(v, proto, dir);
1642 #else
1643 struct block *b0, *b;
1644 struct slist *s[100];
1645 int fix2, fix3, fix4, fix5;
1646 int ahcheck, again, end;
1647 int i, max;
1648 int reg1 = alloc_reg();
1649 int reg2 = alloc_reg();
1650
1651 memset(s, 0, sizeof(s));
1652 fix2 = fix3 = fix4 = fix5 = 0;
1653
1654 switch (proto) {
1655 case Q_IP:
1656 case Q_IPV6:
1657 break;
1658 case Q_DEFAULT:
1659 b0 = gen_protochain(v, Q_IP, dir);
1660 b = gen_protochain(v, Q_IPV6, dir);
1661 gen_or(b0, b);
1662 return b;
1663 default:
1664 bpf_error("bad protocol applied for 'protochain'");
1665 /*NOTREACHED*/
1666 }
1667
1668 no_optimize = 1; /*this code is not compatible with optimzer yet */
1669
1670 /*
1671 * s[0] is a dummy entry to protect other BPF insn from damaged
1672 * by s[fix] = foo with uninitialized variable "fix". It is somewhat
1673 * hard to find interdependency made by jump table fixup.
1674 */
1675 i = 0;
1676 s[i] = new_stmt(0); /*dummy*/
1677 i++;
1678
1679 switch (proto) {
1680 case Q_IP:
1681 b0 = gen_linktype(ETHERTYPE_IP);
1682
1683 /* A = ip->ip_p */
1684 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
1685 s[i]->s.k = off_nl + 9;
1686 i++;
1687 /* X = ip->ip_hl << 2 */
1688 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
1689 s[i]->s.k = off_nl;
1690 i++;
1691 break;
1692 #ifdef INET6
1693 case Q_IPV6:
1694 b0 = gen_linktype(ETHERTYPE_IPV6);
1695
1696 /* A = ip6->ip_nxt */
1697 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
1698 s[i]->s.k = off_nl + 6;
1699 i++;
1700 /* X = sizeof(struct ip6_hdr) */
1701 s[i] = new_stmt(BPF_LDX|BPF_IMM);
1702 s[i]->s.k = 40;
1703 i++;
1704 break;
1705 #endif
1706 default:
1707 bpf_error("unsupported proto to gen_protochain");
1708 /*NOTREACHED*/
1709 }
1710
1711 /* again: if (A == v) goto end; else fall through; */
1712 again = i;
1713 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
1714 s[i]->s.k = v;
1715 s[i]->s.jt = NULL; /*later*/
1716 s[i]->s.jf = NULL; /*update in next stmt*/
1717 fix5 = i;
1718 i++;
1719
1720 #ifndef IPPROTO_NONE
1721 #define IPPROTO_NONE 59
1722 #endif
1723 /* if (A == IPPROTO_NONE) goto end */
1724 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
1725 s[i]->s.jt = NULL; /*later*/
1726 s[i]->s.jf = NULL; /*update in next stmt*/
1727 s[i]->s.k = IPPROTO_NONE;
1728 s[fix5]->s.jf = s[i];
1729 fix2 = i;
1730 i++;
1731
1732 #ifdef INET6
1733 if (proto == Q_IPV6) {
1734 int v6start, v6end, v6advance, j;
1735
1736 v6start = i;
1737 /* if (A == IPPROTO_HOPOPTS) goto v6advance */
1738 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
1739 s[i]->s.jt = NULL; /*later*/
1740 s[i]->s.jf = NULL; /*update in next stmt*/
1741 s[i]->s.k = IPPROTO_HOPOPTS;
1742 s[fix2]->s.jf = s[i];
1743 i++;
1744 /* if (A == IPPROTO_DSTOPTS) goto v6advance */
1745 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
1746 s[i]->s.jt = NULL; /*later*/
1747 s[i]->s.jf = NULL; /*update in next stmt*/
1748 s[i]->s.k = IPPROTO_DSTOPTS;
1749 i++;
1750 /* if (A == IPPROTO_ROUTING) goto v6advance */
1751 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
1752 s[i]->s.jt = NULL; /*later*/
1753 s[i]->s.jf = NULL; /*update in next stmt*/
1754 s[i]->s.k = IPPROTO_ROUTING;
1755 i++;
1756 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */
1757 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
1758 s[i]->s.jt = NULL; /*later*/
1759 s[i]->s.jf = NULL; /*later*/
1760 s[i]->s.k = IPPROTO_FRAGMENT;
1761 fix3 = i;
1762 v6end = i;
1763 i++;
1764
1765 /* v6advance: */
1766 v6advance = i;
1767
1768 /*
1769 * in short,
1770 * A = P[X + 1];
1771 * X = X + (P[X] + 1) * 8;
1772 */
1773 /* A = X */
1774 s[i] = new_stmt(BPF_MISC|BPF_TXA);
1775 i++;
1776 /* MEM[reg1] = A */
1777 s[i] = new_stmt(BPF_ST);
1778 s[i]->s.k = reg1;
1779 i++;
1780 /* A += 1 */
1781 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
1782 s[i]->s.k = 1;
1783 i++;
1784 /* X = A */
1785 s[i] = new_stmt(BPF_MISC|BPF_TAX);
1786 i++;
1787 /* A = P[X + packet head]; */
1788 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
1789 s[i]->s.k = off_nl;
1790 i++;
1791 /* MEM[reg2] = A */
1792 s[i] = new_stmt(BPF_ST);
1793 s[i]->s.k = reg2;
1794 i++;
1795 /* X = MEM[reg1] */
1796 s[i] = new_stmt(BPF_LDX|BPF_MEM);
1797 s[i]->s.k = reg1;
1798 i++;
1799 /* A = P[X + packet head] */
1800 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
1801 s[i]->s.k = off_nl;
1802 i++;
1803 /* A += 1 */
1804 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
1805 s[i]->s.k = 1;
1806 i++;
1807 /* A *= 8 */
1808 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
1809 s[i]->s.k = 8;
1810 i++;
1811 /* X = A; */
1812 s[i] = new_stmt(BPF_MISC|BPF_TAX);
1813 i++;
1814 /* A = MEM[reg2] */
1815 s[i] = new_stmt(BPF_LD|BPF_MEM);
1816 s[i]->s.k = reg2;
1817 i++;
1818
1819 /* goto again; (must use BPF_JA for backward jump) */
1820 s[i] = new_stmt(BPF_JMP|BPF_JA);
1821 s[i]->s.k = again - i - 1;
1822 s[i - 1]->s.jf = s[i];
1823 i++;
1824
1825 /* fixup */
1826 for (j = v6start; j <= v6end; j++)
1827 s[j]->s.jt = s[v6advance];
1828 } else
1829 #endif
1830 {
1831 /* nop */
1832 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
1833 s[i]->s.k = 0;
1834 s[fix2]->s.jf = s[i];
1835 i++;
1836 }
1837
1838 /* ahcheck: */
1839 ahcheck = i;
1840 /* if (A == IPPROTO_AH) then fall through; else goto end; */
1841 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
1842 s[i]->s.jt = NULL; /*later*/
1843 s[i]->s.jf = NULL; /*later*/
1844 s[i]->s.k = IPPROTO_AH;
1845 if (fix3)
1846 s[fix3]->s.jf = s[ahcheck];
1847 fix4 = i;
1848 i++;
1849
1850 /*
1851 * in short,
1852 * A = P[X + 1];
1853 * X = X + (P[X] + 2) * 4;
1854 */
1855 /* A = X */
1856 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
1857 i++;
1858 /* MEM[reg1] = A */
1859 s[i] = new_stmt(BPF_ST);
1860 s[i]->s.k = reg1;
1861 i++;
1862 /* A += 1 */
1863 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
1864 s[i]->s.k = 1;
1865 i++;
1866 /* X = A */
1867 s[i] = new_stmt(BPF_MISC|BPF_TAX);
1868 i++;
1869 /* A = P[X + packet head]; */
1870 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
1871 s[i]->s.k = off_nl;
1872 i++;
1873 /* MEM[reg2] = A */
1874 s[i] = new_stmt(BPF_ST);
1875 s[i]->s.k = reg2;
1876 i++;
1877 /* X = MEM[reg1] */
1878 s[i] = new_stmt(BPF_LDX|BPF_MEM);
1879 s[i]->s.k = reg1;
1880 i++;
1881 /* A = P[X + packet head] */
1882 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
1883 s[i]->s.k = off_nl;
1884 i++;
1885 /* A += 2 */
1886 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
1887 s[i]->s.k = 2;
1888 i++;
1889 /* A *= 4 */
1890 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
1891 s[i]->s.k = 4;
1892 i++;
1893 /* X = A; */
1894 s[i] = new_stmt(BPF_MISC|BPF_TAX);
1895 i++;
1896 /* A = MEM[reg2] */
1897 s[i] = new_stmt(BPF_LD|BPF_MEM);
1898 s[i]->s.k = reg2;
1899 i++;
1900
1901 /* goto again; (must use BPF_JA for backward jump) */
1902 s[i] = new_stmt(BPF_JMP|BPF_JA);
1903 s[i]->s.k = again - i - 1;
1904 i++;
1905
1906 /* end: nop */
1907 end = i;
1908 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
1909 s[i]->s.k = 0;
1910 s[fix2]->s.jt = s[end];
1911 s[fix4]->s.jf = s[end];
1912 s[fix5]->s.jt = s[end];
1913 i++;
1914
1915 /*
1916 * make slist chain
1917 */
1918 max = i;
1919 for (i = 0; i < max - 1; i++)
1920 s[i]->next = s[i + 1];
1921 s[max - 1]->next = NULL;
1922
1923 /*
1924 * emit final check
1925 */
1926 b = new_block(JMP(BPF_JEQ));
1927 b->stmts = s[1]; /*remember, s[0] is dummy*/
1928 b->s.k = v;
1929
1930 free_reg(reg1);
1931 free_reg(reg2);
1932
1933 gen_and(b0, b);
1934 return b;
1935 #endif
1936 }
1937
1938 static struct block *
1939 gen_proto(v, proto, dir)
1940 int v;
1941 int proto;
1942 int dir;
1943 {
1944 struct block *b0, *b1;
1945
1946 if (dir != Q_DEFAULT)
1947 bpf_error("direction applied to 'proto'");
1948
1949 switch (proto) {
1950 case Q_DEFAULT:
1951 #ifdef INET6
1952 b0 = gen_proto(v, Q_IP, dir);
1953 b1 = gen_proto(v, Q_IPV6, dir);
1954 gen_or(b0, b1);
1955 return b1;
1956 #else
1957 /*FALLTHROUGH*/
1958 #endif
1959 case Q_IP:
1960 b0 = gen_linktype(ETHERTYPE_IP);
1961 #ifndef CHASE_CHAIN
1962 b1 = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)v);
1963 #else
1964 b1 = gen_protochain(v, Q_IP);
1965 #endif
1966 gen_and(b0, b1);
1967 return b1;
1968
1969 case Q_ARP:
1970 bpf_error("arp does not encapsulate another protocol");
1971 /* NOTREACHED */
1972
1973 case Q_RARP:
1974 bpf_error("rarp does not encapsulate another protocol");
1975 /* NOTREACHED */
1976
1977 case Q_ATALK:
1978 bpf_error("atalk encapsulation is not specifiable");
1979 /* NOTREACHED */
1980
1981 case Q_DECNET:
1982 bpf_error("decnet encapsulation is not specifiable");
1983 /* NOTREACHED */
1984
1985 case Q_SCA:
1986 bpf_error("sca does not encapsulate another protocol");
1987 /* NOTREACHED */
1988
1989 case Q_LAT:
1990 bpf_error("lat does not encapsulate another protocol");
1991 /* NOTREACHED */
1992
1993 case Q_MOPRC:
1994 bpf_error("moprc does not encapsulate another protocol");
1995 /* NOTREACHED */
1996
1997 case Q_MOPDL:
1998 bpf_error("mopdl does not encapsulate another protocol");
1999 /* NOTREACHED */
2000
2001 case Q_LINK:
2002 return gen_linktype(v);
2003
2004 case Q_UDP:
2005 bpf_error("'udp proto' is bogus");
2006 /* NOTREACHED */
2007
2008 case Q_TCP:
2009 bpf_error("'tcp proto' is bogus");
2010 /* NOTREACHED */
2011
2012 case Q_ICMP:
2013 bpf_error("'icmp proto' is bogus");
2014 /* NOTREACHED */
2015
2016 case Q_IGMP:
2017 bpf_error("'igmp proto' is bogus");
2018 /* NOTREACHED */
2019
2020 case Q_IGRP:
2021 bpf_error("'igrp proto' is bogus");
2022 /* NOTREACHED */
2023
2024 case Q_PIM:
2025 bpf_error("'pim proto' is bogus");
2026 /* NOTREACHED */
2027
2028 #ifdef INET6
2029 case Q_IPV6:
2030 b0 = gen_linktype(ETHERTYPE_IPV6);
2031 #ifndef CHASE_CHAIN
2032 b1 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)v);
2033 #else
2034 b1 = gen_protochain(v, Q_IPV6);
2035 #endif
2036 gen_and(b0, b1);
2037 return b1;
2038
2039 case Q_ICMPV6:
2040 bpf_error("'icmp6 proto' is bogus");
2041 #endif /* INET6 */
2042
2043 case Q_AH:
2044 bpf_error("'ah proto' is bogus");
2045
2046 case Q_ESP:
2047 bpf_error("'ah proto' is bogus");
2048
2049 default:
2050 abort();
2051 /* NOTREACHED */
2052 }
2053 /* NOTREACHED */
2054 }
2055
2056 struct block *
2057 gen_scode(name, q)
2058 register const char *name;
2059 struct qual q;
2060 {
2061 int proto = q.proto;
2062 int dir = q.dir;
2063 int tproto;
2064 u_char *eaddr;
2065 bpf_u_int32 mask, addr;
2066 #ifndef INET6
2067 bpf_u_int32 **alist;
2068 #else
2069 int tproto6;
2070 struct sockaddr_in *sin;
2071 struct sockaddr_in6 *sin6;
2072 struct addrinfo *res, *res0;
2073 struct in6_addr mask128;
2074 #endif /*INET6*/
2075 struct block *b, *tmp;
2076 int port, real_proto;
2077
2078 switch (q.addr) {
2079
2080 case Q_NET:
2081 addr = pcap_nametonetaddr(name);
2082 if (addr == 0)
2083 bpf_error("unknown network '%s'", name);
2084 /* Left justify network addr and calculate its network mask */
2085 mask = 0xffffffff;
2086 while (addr && (addr & 0xff000000) == 0) {
2087 addr <<= 8;
2088 mask <<= 8;
2089 }
2090 return gen_host(addr, mask, proto, dir);
2091
2092 case Q_DEFAULT:
2093 case Q_HOST:
2094 if (proto == Q_LINK) {
2095 switch (linktype) {
2096
2097 case DLT_EN10MB:
2098 eaddr = pcap_ether_hostton(name);
2099 if (eaddr == NULL)
2100 bpf_error(
2101 "unknown ether host '%s'", name);
2102 return gen_ehostop(eaddr, dir);
2103
2104 case DLT_FDDI:
2105 eaddr = pcap_ether_hostton(name);
2106 if (eaddr == NULL)
2107 bpf_error(
2108 "unknown FDDI host '%s'", name);
2109 return gen_fhostop(eaddr, dir);
2110
2111 case DLT_IEEE802:
2112 eaddr = pcap_ether_hostton(name);
2113 if (eaddr == NULL)
2114 bpf_error(
2115 "unknown token ring host '%s'", name);
2116 return gen_thostop(eaddr, dir);
2117
2118 default:
2119 bpf_error(
2120 "only ethernet/FDDI/token ring supports link-level host name");
2121 break;
2122 }
2123 } else if (proto == Q_DECNET) {
2124 unsigned short dn_addr = __pcap_nametodnaddr(name);
2125 /*
2126 * I don't think DECNET hosts can be multihomed, so
2127 * there is no need to build up a list of addresses
2128 */
2129 return (gen_host(dn_addr, 0, proto, dir));
2130 } else {
2131 #ifndef INET6
2132 alist = pcap_nametoaddr(name);
2133 if (alist == NULL || *alist == NULL)
2134 bpf_error("unknown host '%s'", name);
2135 tproto = proto;
2136 if (off_linktype == -1 && tproto == Q_DEFAULT)
2137 tproto = Q_IP;
2138 b = gen_host(**alist++, 0xffffffff, tproto, dir);
2139 while (*alist) {
2140 tmp = gen_host(**alist++, 0xffffffff,
2141 tproto, dir);
2142 gen_or(b, tmp);
2143 b = tmp;
2144 }
2145 return b;
2146 #else
2147 memset(&mask128, 0xff, sizeof(mask128));
2148 res0 = res = pcap_nametoaddrinfo(name);
2149 if (res == NULL)
2150 bpf_error("unknown host '%s'", name);
2151 b = tmp = NULL;
2152 tproto = tproto6 = proto;
2153 if (off_linktype == -1 && tproto == Q_DEFAULT) {
2154 tproto = Q_IP;
2155 tproto6 = Q_IPV6;
2156 }
2157 for (res = res0; res; res = res->ai_next) {
2158 switch (res->ai_family) {
2159 case AF_INET:
2160 if (tproto == Q_IPV6)
2161 continue;
2162
2163 sin = (struct sockaddr_in *)
2164 res->ai_addr;
2165 tmp = gen_host(ntohl(sin->sin_addr.s_addr),
2166 0xffffffff, tproto, dir);
2167 break;
2168 case AF_INET6:
2169 if (tproto6 == Q_IP)
2170 continue;
2171
2172 sin6 = (struct sockaddr_in6 *)
2173 res->ai_addr;
2174 tmp = gen_host6(&sin6->sin6_addr,
2175 &mask128, tproto6, dir);
2176 break;
2177 }
2178 if (b)
2179 gen_or(b, tmp);
2180 b = tmp;
2181 }
2182 freeaddrinfo(res0);
2183 if (b == NULL) {
2184 bpf_error("unknown host '%s'%s", name,
2185 (proto == Q_DEFAULT)
2186 ? ""
2187 : " for specified address family");
2188 }
2189 return b;
2190 #endif /*INET6*/
2191 }
2192
2193 case Q_PORT:
2194 if (proto != Q_DEFAULT && proto != Q_UDP && proto != Q_TCP)
2195 bpf_error("illegal qualifier of 'port'");
2196 if (pcap_nametoport(name, &port, &real_proto) == 0)
2197 bpf_error("unknown port '%s'", name);
2198 if (proto == Q_UDP) {
2199 if (real_proto == IPPROTO_TCP)
2200 bpf_error("port '%s' is tcp", name);
2201 else
2202 /* override PROTO_UNDEF */
2203 real_proto = IPPROTO_UDP;
2204 }
2205 if (proto == Q_TCP) {
2206 if (real_proto == IPPROTO_UDP)
2207 bpf_error("port '%s' is udp", name);
2208 else
2209 /* override PROTO_UNDEF */
2210 real_proto = IPPROTO_TCP;
2211 }
2212 #ifndef INET6
2213 return gen_port(port, real_proto, dir);
2214 #else
2215 {
2216 struct block *b;
2217 b = gen_port(port, real_proto, dir);
2218 gen_or(gen_port6(port, real_proto, dir), b);
2219 return b;
2220 }
2221 #endif /* INET6 */
2222
2223 case Q_GATEWAY:
2224 #ifndef INET6
2225 eaddr = pcap_ether_hostton(name);
2226 if (eaddr == NULL)
2227 bpf_error("unknown ether host: %s", name);
2228
2229 alist = pcap_nametoaddr(name);
2230 if (alist == NULL || *alist == NULL)
2231 bpf_error("unknown host '%s'", name);
2232 return gen_gateway(eaddr, alist, proto, dir);
2233 #else
2234 bpf_error("'gateway' not supported in this configuration");
2235 #endif /*INET6*/
2236
2237 case Q_PROTO:
2238 real_proto = lookup_proto(name, proto);
2239 if (real_proto >= 0)
2240 return gen_proto(real_proto, proto, dir);
2241 else
2242 bpf_error("unknown protocol: %s", name);
2243
2244 case Q_PROTOCHAIN:
2245 real_proto = lookup_proto(name, proto);
2246 if (real_proto >= 0)
2247 return gen_protochain(real_proto, proto, dir);
2248 else
2249 bpf_error("unknown protocol: %s", name);
2250
2251
2252 case Q_UNDEF:
2253 syntax();
2254 /* NOTREACHED */
2255 }
2256 abort();
2257 /* NOTREACHED */
2258 }
2259
2260 struct block *
2261 gen_mcode(s1, s2, masklen, q)
2262 register const char *s1, *s2;
2263 register int masklen;
2264 struct qual q;
2265 {
2266 register int nlen, mlen;
2267 bpf_u_int32 n, m;
2268
2269 nlen = __pcap_atoin(s1, &n);
2270 /* Promote short ipaddr */
2271 n <<= 32 - nlen;
2272
2273 if (s2 != NULL) {
2274 mlen = __pcap_atoin(s2, &m);
2275 /* Promote short ipaddr */
2276 m <<= 32 - mlen;
2277 if ((n & ~m) != 0)
2278 bpf_error("non-network bits set in \"%s mask %s\"",
2279 s1, s2);
2280 } else {
2281 /* Convert mask len to mask */
2282 if (masklen > 32)
2283 bpf_error("mask length must be <= 32");
2284 m = 0xffffffff << (32 - masklen);
2285 if ((n & ~m) != 0)
2286 bpf_error("non-network bits set in \"%s/%d\"",
2287 s1, masklen);
2288 }
2289
2290 switch (q.addr) {
2291
2292 case Q_NET:
2293 return gen_host(n, m, q.proto, q.dir);
2294
2295 default:
2296 bpf_error("Mask syntax for networks only");
2297 /* NOTREACHED */
2298 }
2299 }
2300
2301 struct block *
2302 gen_ncode(s, v, q)
2303 register const char *s;
2304 bpf_u_int32 v;
2305 struct qual q;
2306 {
2307 bpf_u_int32 mask;
2308 int proto = q.proto;
2309 int dir = q.dir;
2310 register int vlen;
2311
2312 if (s == NULL)
2313 vlen = 32;
2314 else if (q.proto == Q_DECNET)
2315 vlen = __pcap_atodn(s, &v);
2316 else
2317 vlen = __pcap_atoin(s, &v);
2318
2319 switch (q.addr) {
2320
2321 case Q_DEFAULT:
2322 case Q_HOST:
2323 case Q_NET:
2324 if (proto == Q_DECNET)
2325 return gen_host(v, 0, proto, dir);
2326 else if (proto == Q_LINK) {
2327 bpf_error("illegal link layer address");
2328 } else {
2329 mask = 0xffffffff;
2330 if (s == NULL && q.addr == Q_NET) {
2331 /* Promote short net number */
2332 while (v && (v & 0xff000000) == 0) {
2333 v <<= 8;
2334 mask <<= 8;
2335 }
2336 } else {
2337 /* Promote short ipaddr */
2338 v <<= 32 - vlen;
2339 mask <<= 32 - vlen;
2340 }
2341 return gen_host(v, mask, proto, dir);
2342 }
2343
2344 case Q_PORT:
2345 if (proto == Q_UDP)
2346 proto = IPPROTO_UDP;
2347 else if (proto == Q_TCP)
2348 proto = IPPROTO_TCP;
2349 else if (proto == Q_DEFAULT)
2350 proto = PROTO_UNDEF;
2351 else
2352 bpf_error("illegal qualifier of 'port'");
2353
2354 #ifndef INET6
2355 return gen_port((int)v, proto, dir);
2356 #else
2357 {
2358 struct block *b;
2359 b = gen_port((int)v, proto, dir);
2360 gen_or(gen_port6((int)v, proto, dir), b);
2361 return b;
2362 }
2363 #endif /* INET6 */
2364
2365 case Q_GATEWAY:
2366 bpf_error("'gateway' requires a name");
2367 /* NOTREACHED */
2368
2369 case Q_PROTO:
2370 return gen_proto((int)v, proto, dir);
2371
2372 case Q_PROTOCHAIN:
2373 return gen_protochain((int)v, proto, dir);
2374
2375 case Q_UNDEF:
2376 syntax();
2377 /* NOTREACHED */
2378
2379 default:
2380 abort();
2381 /* NOTREACHED */
2382 }
2383 /* NOTREACHED */
2384 }
2385
2386 #ifdef INET6
2387 struct block *
2388 gen_mcode6(s1, s2, masklen, q)
2389 register const char *s1, *s2;
2390 register int masklen;
2391 struct qual q;
2392 {
2393 struct addrinfo *res;
2394 struct in6_addr *addr;
2395 struct in6_addr mask;
2396 struct block *b;
2397 u_int32_t *a, *m;
2398
2399 if (s2)
2400 bpf_error("no mask %s supported", s2);
2401
2402 res = pcap_nametoaddrinfo(s1);
2403 if (!res)
2404 bpf_error("invalid ip6 address %s", s1);
2405 if (res->ai_next)
2406 bpf_error("%s resolved to multiple address", s1);
2407 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr;
2408
2409 if (sizeof(mask) * 8 < masklen)
2410 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8));
2411 memset(&mask, 0xff, masklen / 8);
2412 if (masklen % 8) {
2413 mask.s6_addr[masklen / 8] =
2414 (0xff << (8 - masklen % 8)) & 0xff;
2415 }
2416
2417 a = (u_int32_t *)addr;
2418 m = (u_int32_t *)&mask;
2419 if ((a[0] & ~m[0]) || (a[1] & ~m[1])
2420 || (a[2] & ~m[2]) || (a[3] & ~m[3])) {
2421 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen);
2422 }
2423
2424 switch (q.addr) {
2425
2426 case Q_DEFAULT:
2427 case Q_HOST:
2428 if (masklen != 128)
2429 bpf_error("Mask syntax for networks only");
2430 /* FALLTHROUGH */
2431
2432 case Q_NET:
2433 b = gen_host6(addr, &mask, q.proto, q.dir);
2434 freeaddrinfo(res);
2435 return b;
2436
2437 default:
2438 bpf_error("invalid qualifier against IPv6 address");
2439 /* NOTREACHED */
2440 }
2441 }
2442 #endif /*INET6*/
2443
2444 struct block *
2445 gen_ecode(eaddr, q)
2446 register const u_char *eaddr;
2447 struct qual q;
2448 {
2449 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
2450 if (linktype == DLT_EN10MB)
2451 return gen_ehostop(eaddr, (int)q.dir);
2452 if (linktype == DLT_FDDI)
2453 return gen_fhostop(eaddr, (int)q.dir);
2454 if (linktype == DLT_IEEE802)
2455 return gen_thostop(eaddr, (int)q.dir);
2456 }
2457 bpf_error("ethernet address used in non-ether expression");
2458 /* NOTREACHED */
2459 }
2460
2461 void
2462 sappend(s0, s1)
2463 struct slist *s0, *s1;
2464 {
2465 /*
2466 * This is definitely not the best way to do this, but the
2467 * lists will rarely get long.
2468 */
2469 while (s0->next)
2470 s0 = s0->next;
2471 s0->next = s1;
2472 }
2473
2474 static struct slist *
2475 xfer_to_x(a)
2476 struct arth *a;
2477 {
2478 struct slist *s;
2479
2480 s = new_stmt(BPF_LDX|BPF_MEM);
2481 s->s.k = a->regno;
2482 return s;
2483 }
2484
2485 static struct slist *
2486 xfer_to_a(a)
2487 struct arth *a;
2488 {
2489 struct slist *s;
2490
2491 s = new_stmt(BPF_LD|BPF_MEM);
2492 s->s.k = a->regno;
2493 return s;
2494 }
2495
2496 struct arth *
2497 gen_load(proto, index, size)
2498 int proto;
2499 struct arth *index;
2500 int size;
2501 {
2502 struct slist *s, *tmp;
2503 struct block *b;
2504 int regno = alloc_reg();
2505
2506 free_reg(index->regno);
2507 switch (size) {
2508
2509 default:
2510 bpf_error("data size must be 1, 2, or 4");
2511
2512 case 1:
2513 size = BPF_B;
2514 break;
2515
2516 case 2:
2517 size = BPF_H;
2518 break;
2519
2520 case 4:
2521 size = BPF_W;
2522 break;
2523 }
2524 switch (proto) {
2525 default:
2526 bpf_error("unsupported index operation");
2527
2528 case Q_LINK:
2529 s = xfer_to_x(index);
2530 tmp = new_stmt(BPF_LD|BPF_IND|size);
2531 sappend(s, tmp);
2532 sappend(index->s, s);
2533 break;
2534
2535 case Q_IP:
2536 case Q_ARP:
2537 case Q_RARP:
2538 case Q_ATALK:
2539 case Q_DECNET:
2540 case Q_SCA:
2541 case Q_LAT:
2542 case Q_MOPRC:
2543 case Q_MOPDL:
2544 #ifdef INET6
2545 case Q_IPV6:
2546 #endif
2547 /* XXX Note that we assume a fixed link header here. */
2548 s = xfer_to_x(index);
2549 tmp = new_stmt(BPF_LD|BPF_IND|size);
2550 tmp->s.k = off_nl;
2551 sappend(s, tmp);
2552 sappend(index->s, s);
2553
2554 b = gen_proto_abbrev(proto);
2555 if (index->b)
2556 gen_and(index->b, b);
2557 index->b = b;
2558 break;
2559
2560 case Q_TCP:
2561 case Q_UDP:
2562 case Q_ICMP:
2563 case Q_IGMP:
2564 case Q_IGRP:
2565 case Q_PIM:
2566 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
2567 s->s.k = off_nl;
2568 sappend(s, xfer_to_a(index));
2569 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X));
2570 sappend(s, new_stmt(BPF_MISC|BPF_TAX));
2571 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size));
2572 tmp->s.k = off_nl;
2573 sappend(index->s, s);
2574
2575 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag());
2576 if (index->b)
2577 gen_and(index->b, b);
2578 #ifdef INET6
2579 gen_and(gen_proto_abbrev(Q_IP), b);
2580 #endif
2581 index->b = b;
2582 break;
2583 #ifdef INET6
2584 case Q_ICMPV6:
2585 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]");
2586 /*NOTREACHED*/
2587 #endif
2588 }
2589 index->regno = regno;
2590 s = new_stmt(BPF_ST);
2591 s->s.k = regno;
2592 sappend(index->s, s);
2593
2594 return index;
2595 }
2596
2597 struct block *
2598 gen_relation(code, a0, a1, reversed)
2599 int code;
2600 struct arth *a0, *a1;
2601 int reversed;
2602 {
2603 struct slist *s0, *s1, *s2;
2604 struct block *b, *tmp;
2605
2606 s0 = xfer_to_x(a1);
2607 s1 = xfer_to_a(a0);
2608 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X);
2609 b = new_block(JMP(code));
2610 if (code == BPF_JGT || code == BPF_JGE) {
2611 reversed = !reversed;
2612 b->s.k = 0x80000000;
2613 }
2614 if (reversed)
2615 gen_not(b);
2616
2617 sappend(s1, s2);
2618 sappend(s0, s1);
2619 sappend(a1->s, s0);
2620 sappend(a0->s, a1->s);
2621
2622 b->stmts = a0->s;
2623
2624 free_reg(a0->regno);
2625 free_reg(a1->regno);
2626
2627 /* 'and' together protocol checks */
2628 if (a0->b) {
2629 if (a1->b) {
2630 gen_and(a0->b, tmp = a1->b);
2631 }
2632 else
2633 tmp = a0->b;
2634 } else
2635 tmp = a1->b;
2636
2637 if (tmp)
2638 gen_and(tmp, b);
2639
2640 return b;
2641 }
2642
2643 struct arth *
2644 gen_loadlen()
2645 {
2646 int regno = alloc_reg();
2647 struct arth *a = (struct arth *)newchunk(sizeof(*a));
2648 struct slist *s;
2649
2650 s = new_stmt(BPF_LD|BPF_LEN);
2651 s->next = new_stmt(BPF_ST);
2652 s->next->s.k = regno;
2653 a->s = s;
2654 a->regno = regno;
2655
2656 return a;
2657 }
2658
2659 struct arth *
2660 gen_loadi(val)
2661 int val;
2662 {
2663 struct arth *a;
2664 struct slist *s;
2665 int reg;
2666
2667 a = (struct arth *)newchunk(sizeof(*a));
2668
2669 reg = alloc_reg();
2670
2671 s = new_stmt(BPF_LD|BPF_IMM);
2672 s->s.k = val;
2673 s->next = new_stmt(BPF_ST);
2674 s->next->s.k = reg;
2675 a->s = s;
2676 a->regno = reg;
2677
2678 return a;
2679 }
2680
2681 struct arth *
2682 gen_neg(a)
2683 struct arth *a;
2684 {
2685 struct slist *s;
2686
2687 s = xfer_to_a(a);
2688 sappend(a->s, s);
2689 s = new_stmt(BPF_ALU|BPF_NEG);
2690 s->s.k = 0;
2691 sappend(a->s, s);
2692 s = new_stmt(BPF_ST);
2693 s->s.k = a->regno;
2694 sappend(a->s, s);
2695
2696 return a;
2697 }
2698
2699 struct arth *
2700 gen_arth(code, a0, a1)
2701 int code;
2702 struct arth *a0, *a1;
2703 {
2704 struct slist *s0, *s1, *s2;
2705
2706 s0 = xfer_to_x(a1);
2707 s1 = xfer_to_a(a0);
2708 s2 = new_stmt(BPF_ALU|BPF_X|code);
2709
2710 sappend(s1, s2);
2711 sappend(s0, s1);
2712 sappend(a1->s, s0);
2713 sappend(a0->s, a1->s);
2714
2715 free_reg(a1->regno);
2716
2717 s0 = new_stmt(BPF_ST);
2718 a0->regno = s0->s.k = alloc_reg();
2719 sappend(a0->s, s0);
2720
2721 return a0;
2722 }
2723
2724 /*
2725 * Here we handle simple allocation of the scratch registers.
2726 * If too many registers are alloc'd, the allocator punts.
2727 */
2728 static int regused[BPF_MEMWORDS];
2729 static int curreg;
2730
2731 /*
2732 * Return the next free register.
2733 */
2734 static int
2735 alloc_reg()
2736 {
2737 int n = BPF_MEMWORDS;
2738
2739 while (--n >= 0) {
2740 if (regused[curreg])
2741 curreg = (curreg + 1) % BPF_MEMWORDS;
2742 else {
2743 regused[curreg] = 1;
2744 return curreg;
2745 }
2746 }
2747 bpf_error("too many registers needed to evaluate expression");
2748 /* NOTREACHED */
2749 }
2750
2751 /*
2752 * Return a register to the table so it can
2753 * be used later.
2754 */
2755 static void
2756 free_reg(n)
2757 int n;
2758 {
2759 regused[n] = 0;
2760 }
2761
2762 static struct block *
2763 gen_len(jmp, n)
2764 int jmp, n;
2765 {
2766 struct slist *s;
2767 struct block *b;
2768
2769 s = new_stmt(BPF_LD|BPF_LEN);
2770 b = new_block(JMP(jmp));
2771 b->stmts = s;
2772 b->s.k = n;
2773
2774 return b;
2775 }
2776
2777 struct block *
2778 gen_greater(n)
2779 int n;
2780 {
2781 return gen_len(BPF_JGE, n);
2782 }
2783
2784 struct block *
2785 gen_less(n)
2786 int n;
2787 {
2788 struct block *b;
2789
2790 b = gen_len(BPF_JGT, n);
2791 gen_not(b);
2792
2793 return b;
2794 }
2795
2796 struct block *
2797 gen_byteop(op, idx, val)
2798 int op, idx, val;
2799 {
2800 struct block *b;
2801 struct slist *s;
2802
2803 switch (op) {
2804 default:
2805 abort();
2806
2807 case '=':
2808 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
2809
2810 case '<':
2811 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
2812 b->s.code = JMP(BPF_JGE);
2813 gen_not(b);
2814 return b;
2815
2816 case '>':
2817 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
2818 b->s.code = JMP(BPF_JGT);
2819 return b;
2820
2821 case '|':
2822 s = new_stmt(BPF_ALU|BPF_OR|BPF_K);
2823 break;
2824
2825 case '&':
2826 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
2827 break;
2828 }
2829 s->s.k = val;
2830 b = new_block(JMP(BPF_JEQ));
2831 b->stmts = s;
2832 gen_not(b);
2833
2834 return b;
2835 }
2836
2837 struct block *
2838 gen_broadcast(proto)
2839 int proto;
2840 {
2841 bpf_u_int32 hostmask;
2842 struct block *b0, *b1, *b2;
2843 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
2844
2845 switch (proto) {
2846
2847 case Q_DEFAULT:
2848 case Q_LINK:
2849 if (linktype == DLT_EN10MB)
2850 return gen_ehostop(ebroadcast, Q_DST);
2851 if (linktype == DLT_FDDI)
2852 return gen_fhostop(ebroadcast, Q_DST);
2853 if (linktype == DLT_IEEE802)
2854 return gen_thostop(ebroadcast, Q_DST);
2855 bpf_error("not a broadcast link");
2856 break;
2857
2858 case Q_IP:
2859 b0 = gen_linktype(ETHERTYPE_IP);
2860 hostmask = ~netmask;
2861 b1 = gen_mcmp(off_nl + 16, BPF_W, (bpf_int32)0, hostmask);
2862 b2 = gen_mcmp(off_nl + 16, BPF_W,
2863 (bpf_int32)(~0 & hostmask), hostmask);
2864 gen_or(b1, b2);
2865 gen_and(b0, b2);
2866 return b2;
2867 }
2868 bpf_error("only ether/ip broadcast filters supported");
2869 }
2870
2871 struct block *
2872 gen_multicast(proto)
2873 int proto;
2874 {
2875 register struct block *b0, *b1;
2876 register struct slist *s;
2877
2878 switch (proto) {
2879
2880 case Q_DEFAULT:
2881 case Q_LINK:
2882 if (linktype == DLT_EN10MB) {
2883 /* ether[0] & 1 != 0 */
2884 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2885 s->s.k = 0;
2886 b0 = new_block(JMP(BPF_JSET));
2887 b0->s.k = 1;
2888 b0->stmts = s;
2889 return b0;
2890 }
2891
2892 if (linktype == DLT_FDDI) {
2893 /* XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX */
2894 /* fddi[1] & 1 != 0 */
2895 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2896 s->s.k = 1;
2897 b0 = new_block(JMP(BPF_JSET));
2898 b0->s.k = 1;
2899 b0->stmts = s;
2900 return b0;
2901 }
2902
2903 /* TODO - check how token ring handles multicast */
2904 /* if (linktype == DLT_IEEE802) ... */
2905
2906 /* Link not known to support multicasts */
2907 break;
2908
2909 case Q_IP:
2910 b0 = gen_linktype(ETHERTYPE_IP);
2911 b1 = gen_cmp(off_nl + 16, BPF_B, (bpf_int32)224);
2912 b1->s.code = JMP(BPF_JGE);
2913 gen_and(b0, b1);
2914 return b1;
2915
2916 #ifdef INET6
2917 case Q_IPV6:
2918 b0 = gen_linktype(ETHERTYPE_IPV6);
2919 b1 = gen_cmp(off_nl + 24, BPF_B, (bpf_int32)255);
2920 gen_and(b0, b1);
2921 return b1;
2922 #endif /* INET6 */
2923 }
2924 bpf_error("only IP multicast filters supported on ethernet/FDDI");
2925 }
2926
2927 /*
2928 * generate command for inbound/outbound. It's here so we can
2929 * make it link-type specific. 'dir' = 0 implies "inbound",
2930 * = 1 implies "outbound".
2931 */
2932 struct block *
2933 gen_inbound(dir)
2934 int dir;
2935 {
2936 register struct block *b0;
2937
2938 b0 = gen_relation(BPF_JEQ,
2939 gen_load(Q_LINK, gen_loadi(0), 1),
2940 gen_loadi(0),
2941 dir);
2942 return (b0);
2943 }
2944
2945 /*
2946 * support IEEE 802.1Q VLAN trunk over ethernet
2947 */
2948 struct block *
2949 gen_vlan(vlan_num)
2950 int vlan_num;
2951 {
2952 static u_int orig_linktype = -1, orig_nl = -1;
2953 struct block *b0;
2954
2955 /*
2956 * Change the offsets to point to the type and data fields within
2957 * the VLAN packet. This is somewhat of a kludge.
2958 */
2959 if (orig_nl == (u_int)-1) {
2960 orig_linktype = off_linktype; /* save original values */
2961 orig_nl = off_nl;
2962
2963 switch (linktype) {
2964
2965 case DLT_EN10MB:
2966 off_linktype = 16;
2967 off_nl = 18;
2968 break;
2969
2970 default:
2971 bpf_error("no VLAN support for data link type %d",
2972 linktype);
2973 /*NOTREACHED*/
2974 }
2975 }
2976
2977 /* check for VLAN */
2978 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q);
2979
2980 /* If a specific VLAN is requested, check VLAN id */
2981 if (vlan_num >= 0) {
2982 struct block *b1;
2983
2984 b1 = gen_cmp(orig_nl, BPF_H, (bpf_int32)vlan_num);
2985 gen_and(b0, b1);
2986 b0 = b1;
2987 }
2988
2989 return (b0);
2990 }
[mirror] the LIBpcap interface to various kernel packet capture mechanism