]> The Tcpdump Group git mirrors - libpcap/blob - gencode.c
projects / libpcap / blob


15099e5c18e4099b70f53bd5bbd93b2392cd34ec
[libpcap] / gencode.c
1 /*#define CHASE_CHAIN*/
2 /*
3 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998
4 * The Regents of the University of California. All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that: (1) source code distributions
8 * retain the above copyright notice and this paragraph in its entirety, (2)
9 * distributions including binary code include the above copyright notice and
10 * this paragraph in its entirety in the documentation or other materials
11 * provided with the distribution, and (3) all advertising materials mentioning
12 * features or use of this software display the following acknowledgement:
13 * ``This product includes software developed by the University of California,
14 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
15 * the University nor the names of its contributors may be used to endorse
16 * or promote products derived from this software without specific prior
17 * written permission.
18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
19 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
20 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
21 */
22 #ifndef lint
23 static const char rcsid[] =
24 "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.131 2000-10-28 10:05:46 guy Exp $ (LBL)";
25 #endif
26
27 #ifdef HAVE_CONFIG_H
28 #include "config.h"
29 #endif
30
31 #include <sys/types.h>
32 #include <sys/socket.h>
33 #include <sys/time.h>
34 #ifdef __NetBSD__
35 #include <sys/param.h>
36 #endif
37
38 struct mbuf;
39 struct rtentry;
40 #include <net/if.h>
41
42 #include <netinet/in.h>
43
44 #include <stdlib.h>
45 #include <string.h>
46 #include <memory.h>
47 #include <setjmp.h>
48 #include <stdarg.h>
49
50 #include "pcap-int.h"
51
52 #include "ethertype.h"
53 #include "nlpid.h"
54 #include "gencode.h"
55 #include "ppp.h"
56 #include <pcap-namedb.h>
57 #ifdef INET6
58 #include <netdb.h>
59 #include <sys/socket.h>
60 #endif /*INET6*/
61
62 #define LLC_ISO_LSAP 0xfe
63
64 #define ETHERMTU 1500
65
66 #ifdef HAVE_OS_PROTO_H
67 #include "os-proto.h"
68 #endif
69
70 #define JMP(c) ((c)|BPF_JMP|BPF_K)
71
72 /* Locals */
73 static jmp_buf top_ctx;
74 static pcap_t *bpf_pcap;
75
76 /* XXX */
77 #ifdef PCAP_FDDIPAD
78 int pcap_fddipad = PCAP_FDDIPAD;
79 #else
80 int pcap_fddipad;
81 #endif
82
83 /* VARARGS */
84 void
85 bpf_error(const char *fmt, ...)
86
87 {
88 va_list ap;
89
90 va_start(ap, fmt);
91 if (bpf_pcap != NULL)
92 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE,
93 fmt, ap);
94 va_end(ap);
95 longjmp(top_ctx, 1);
96 /* NOTREACHED */
97 }
98
99 static void init_linktype(int);
100
101 static int alloc_reg(void);
102 static void free_reg(int);
103
104 static struct block *root;
105
106 /*
107 * We divy out chunks of memory rather than call malloc each time so
108 * we don't have to worry about leaking memory. It's probably
109 * not a big deal if all this memory was wasted but it this ever
110 * goes into a library that would probably not be a good idea.
111 */
112 #define NCHUNKS 16
113 #define CHUNK0SIZE 1024
114 struct chunk {
115 u_int n_left;
116 void *m;
117 };
118
119 static struct chunk chunks[NCHUNKS];
120 static int cur_chunk;
121
122 static void *newchunk(u_int);
123 static void freechunks(void);
124 static inline struct block *new_block(int);
125 static inline struct slist *new_stmt(int);
126 static struct block *gen_retblk(int);
127 static inline void syntax(void);
128
129 static void backpatch(struct block *, struct block *);
130 static void merge(struct block *, struct block *);
131 static struct block *gen_cmp(u_int, u_int, bpf_int32);
132 static struct block *gen_cmp_gt(u_int, u_int, bpf_int32);
133 static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32);
134 static struct block *gen_bcmp(u_int, u_int, const u_char *);
135 static struct block *gen_uncond(int);
136 static inline struct block *gen_true(void);
137 static inline struct block *gen_false(void);
138 static struct block *gen_linktype(int);
139 static struct block *gen_snap(bpf_u_int32, bpf_u_int32, u_int);
140 static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int);
141 #ifdef INET6
142 static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int);
143 #endif
144 static struct block *gen_ehostop(const u_char *, int);
145 static struct block *gen_fhostop(const u_char *, int);
146 static struct block *gen_thostop(const u_char *, int);
147 static struct block *gen_dnhostop(bpf_u_int32, int, u_int);
148 static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int);
149 #ifdef INET6
150 static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int);
151 #endif
152 #ifndef INET6
153 static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int);
154 #endif
155 static struct block *gen_ipfrag(void);
156 static struct block *gen_portatom(int, bpf_int32);
157 #ifdef INET6
158 static struct block *gen_portatom6(int, bpf_int32);
159 #endif
160 struct block *gen_portop(int, int, int);
161 static struct block *gen_port(int, int, int);
162 #ifdef INET6
163 struct block *gen_portop6(int, int, int);
164 static struct block *gen_port6(int, int, int);
165 #endif
166 static int lookup_proto(const char *, int);
167 static struct block *gen_protochain(int, int, int);
168 static struct block *gen_proto(int, int, int);
169 static struct slist *xfer_to_x(struct arth *);
170 static struct slist *xfer_to_a(struct arth *);
171 static struct block *gen_len(int, int);
172
173 static void *
174 newchunk(n)
175 u_int n;
176 {
177 struct chunk *cp;
178 int k, size;
179
180 #ifndef __NetBSD__
181 /* XXX Round up to nearest long. */
182 n = (n + sizeof(long) - 1) & ~(sizeof(long) - 1);
183 #else
184 /* XXX Round up to structure boundary. */
185 n = ALIGN(n);
186 #endif
187
188 cp = &chunks[cur_chunk];
189 if (n > cp->n_left) {
190 ++cp, k = ++cur_chunk;
191 if (k >= NCHUNKS)
192 bpf_error("out of memory");
193 size = CHUNK0SIZE << k;
194 cp->m = (void *)malloc(size);
195 memset((char *)cp->m, 0, size);
196 cp->n_left = size;
197 if (n > size)
198 bpf_error("out of memory");
199 }
200 cp->n_left -= n;
201 return (void *)((char *)cp->m + cp->n_left);
202 }
203
204 static void
205 freechunks()
206 {
207 int i;
208
209 cur_chunk = 0;
210 for (i = 0; i < NCHUNKS; ++i)
211 if (chunks[i].m != NULL) {
212 free(chunks[i].m);
213 chunks[i].m = NULL;
214 }
215 }
216
217 /*
218 * A strdup whose allocations are freed after code generation is over.
219 */
220 char *
221 sdup(s)
222 register const char *s;
223 {
224 int n = strlen(s) + 1;
225 char *cp = newchunk(n);
226
227 strlcpy(cp, s, n);
228 return (cp);
229 }
230
231 static inline struct block *
232 new_block(code)
233 int code;
234 {
235 struct block *p;
236
237 p = (struct block *)newchunk(sizeof(*p));
238 p->s.code = code;
239 p->head = p;
240
241 return p;
242 }
243
244 static inline struct slist *
245 new_stmt(code)
246 int code;
247 {
248 struct slist *p;
249
250 p = (struct slist *)newchunk(sizeof(*p));
251 p->s.code = code;
252
253 return p;
254 }
255
256 static struct block *
257 gen_retblk(v)
258 int v;
259 {
260 struct block *b = new_block(BPF_RET|BPF_K);
261
262 b->s.k = v;
263 return b;
264 }
265
266 static inline void
267 syntax()
268 {
269 bpf_error("syntax error in filter expression");
270 }
271
272 static bpf_u_int32 netmask;
273 static int snaplen;
274 int no_optimize;
275
276 int
277 pcap_compile(pcap_t *p, struct bpf_program *program,
278 char *buf, int optimize, bpf_u_int32 mask)
279 {
280 extern int n_errors;
281 int len;
282
283 no_optimize = 0;
284 n_errors = 0;
285 root = NULL;
286 bpf_pcap = p;
287 if (setjmp(top_ctx)) {
288 lex_cleanup();
289 freechunks();
290 return (-1);
291 }
292
293 netmask = mask;
294
295 /* On Linux we do not use the BPF filter to truncate the packet
296 * since the kernel provides other ways for that. In fact if we
297 * are using the packet filter for that duty we will be unable
298 * to acquire the original packet size. -- Torsten */
299 #ifndef linux
300 snaplen = pcap_snapshot(p);
301 #else
302 snaplen = 0xffff;
303 #endif
304 if (snaplen == 0) {
305 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
306 "snaplen of 0 rejects all packets");
307 return -1;
308 }
309
310 lex_init(buf ? buf : "");
311 init_linktype(pcap_datalink(p));
312 (void)pcap_parse();
313
314 if (n_errors)
315 syntax();
316
317 if (root == NULL)
318 root = gen_retblk(snaplen);
319
320 if (optimize && !no_optimize) {
321 bpf_optimize(&root);
322 if (root == NULL ||
323 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0))
324 bpf_error("expression rejects all packets");
325 }
326 program->bf_insns = icode_to_fcode(root, &len);
327 program->bf_len = len;
328
329 lex_cleanup();
330 freechunks();
331 return (0);
332 }
333
334 /*
335 * entry point for using the compiler with no pcap open
336 * pass in all the stuff that is needed explicitly instead.
337 */
338 int
339 pcap_compile_nopcap(int snaplen_arg, int linktype_arg,
340 struct bpf_program *program,
341 char *buf, int optimize, bpf_u_int32 mask)
342 {
343 extern int n_errors;
344 int len;
345
346 n_errors = 0;
347 root = NULL;
348 bpf_pcap = NULL;
349 if (setjmp(top_ctx)) {
350 freechunks();
351 return (-1);
352 }
353
354 netmask = mask;
355
356 /* XXX needed? I don't grok the use of globals here. */
357 snaplen = snaplen_arg;
358
359 lex_init(buf ? buf : "");
360 init_linktype(linktype_arg);
361 (void)pcap_parse();
362
363 if (n_errors)
364 syntax();
365
366 if (root == NULL)
367 root = gen_retblk(snaplen_arg);
368
369 if (optimize) {
370 bpf_optimize(&root);
371 if (root == NULL ||
372 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0))
373 bpf_error("expression rejects all packets");
374 }
375 program->bf_insns = icode_to_fcode(root, &len);
376 program->bf_len = len;
377
378 freechunks();
379 return (0);
380 }
381
382 /*
383 * Clean up a "struct bpf_program" by freeing all the memory allocated
384 * in it.
385 */
386 void
387 pcap_freecode(struct bpf_program *program)
388 {
389 program->bf_len = 0;
390 if (program->bf_insns != NULL) {
391 free((char *)program->bf_insns);
392 program->bf_insns = NULL;
393 }
394 }
395
396 /*
397 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates
398 * which of the jt and jf fields has been resolved and which is a pointer
399 * back to another unresolved block (or nil). At least one of the fields
400 * in each block is already resolved.
401 */
402 static void
403 backpatch(list, target)
404 struct block *list, *target;
405 {
406 struct block *next;
407
408 while (list) {
409 if (!list->sense) {
410 next = JT(list);
411 JT(list) = target;
412 } else {
413 next = JF(list);
414 JF(list) = target;
415 }
416 list = next;
417 }
418 }
419
420 /*
421 * Merge the lists in b0 and b1, using the 'sense' field to indicate
422 * which of jt and jf is the link.
423 */
424 static void
425 merge(b0, b1)
426 struct block *b0, *b1;
427 {
428 register struct block **p = &b0;
429
430 /* Find end of list. */
431 while (*p)
432 p = !((*p)->sense) ? &JT(*p) : &JF(*p);
433
434 /* Concatenate the lists. */
435 *p = b1;
436 }
437
438 void
439 finish_parse(p)
440 struct block *p;
441 {
442 backpatch(p, gen_retblk(snaplen));
443 p->sense = !p->sense;
444 backpatch(p, gen_retblk(0));
445 root = p->head;
446 }
447
448 void
449 gen_and(b0, b1)
450 struct block *b0, *b1;
451 {
452 backpatch(b0, b1->head);
453 b0->sense = !b0->sense;
454 b1->sense = !b1->sense;
455 merge(b1, b0);
456 b1->sense = !b1->sense;
457 b1->head = b0->head;
458 }
459
460 void
461 gen_or(b0, b1)
462 struct block *b0, *b1;
463 {
464 b0->sense = !b0->sense;
465 backpatch(b0, b1->head);
466 b0->sense = !b0->sense;
467 merge(b1, b0);
468 b1->head = b0->head;
469 }
470
471 void
472 gen_not(b)
473 struct block *b;
474 {
475 b->sense = !b->sense;
476 }
477
478 static struct block *
479 gen_cmp(offset, size, v)
480 u_int offset, size;
481 bpf_int32 v;
482 {
483 struct slist *s;
484 struct block *b;
485
486 s = new_stmt(BPF_LD|BPF_ABS|size);
487 s->s.k = offset;
488
489 b = new_block(JMP(BPF_JEQ));
490 b->stmts = s;
491 b->s.k = v;
492
493 return b;
494 }
495
496 static struct block *
497 gen_cmp_gt(offset, size, v)
498 u_int offset, size;
499 bpf_int32 v;
500 {
501 struct slist *s;
502 struct block *b;
503
504 s = new_stmt(BPF_LD|BPF_ABS|size);
505 s->s.k = offset;
506
507 b = new_block(JMP(BPF_JGT));
508 b->stmts = s;
509 b->s.k = v;
510
511 return b;
512 }
513
514 static struct block *
515 gen_mcmp(offset, size, v, mask)
516 u_int offset, size;
517 bpf_int32 v;
518 bpf_u_int32 mask;
519 {
520 struct block *b = gen_cmp(offset, size, v);
521 struct slist *s;
522
523 if (mask != 0xffffffff) {
524 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
525 s->s.k = mask;
526 b->stmts->next = s;
527 }
528 return b;
529 }
530
531 static struct block *
532 gen_bcmp(offset, size, v)
533 register u_int offset, size;
534 register const u_char *v;
535 {
536 register struct block *b, *tmp;
537
538 b = NULL;
539 while (size >= 4) {
540 register const u_char *p = &v[size - 4];
541 bpf_int32 w = ((bpf_int32)p[0] << 24) |
542 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3];
543
544 tmp = gen_cmp(offset + size - 4, BPF_W, w);
545 if (b != NULL)
546 gen_and(b, tmp);
547 b = tmp;
548 size -= 4;
549 }
550 while (size >= 2) {
551 register const u_char *p = &v[size - 2];
552 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1];
553
554 tmp = gen_cmp(offset + size - 2, BPF_H, w);
555 if (b != NULL)
556 gen_and(b, tmp);
557 b = tmp;
558 size -= 2;
559 }
560 if (size > 0) {
561 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]);
562 if (b != NULL)
563 gen_and(b, tmp);
564 b = tmp;
565 }
566 return b;
567 }
568
569 /*
570 * Various code constructs need to know the layout of the data link
571 * layer. These variables give the necessary offsets. off_linktype
572 * is set to -1 for no encapsulation, in which case, IP is assumed.
573 */
574 static u_int off_linktype;
575 static u_int off_nl;
576 static int linktype;
577
578 static void
579 init_linktype(type)
580 int type;
581 {
582 linktype = type;
583
584 switch (type) {
585
586 case DLT_EN10MB:
587 off_linktype = 12;
588 off_nl = 14;
589 return;
590
591 case DLT_SLIP:
592 /*
593 * SLIP doesn't have a link level type. The 16 byte
594 * header is hacked into our SLIP driver.
595 */
596 off_linktype = -1;
597 off_nl = 16;
598 return;
599
600 case DLT_SLIP_BSDOS:
601 /* XXX this may be the same as the DLT_PPP_BSDOS case */
602 off_linktype = -1;
603 /* XXX end */
604 off_nl = 24;
605 return;
606
607 case DLT_NULL:
608 off_linktype = 0;
609 off_nl = 4;
610 return;
611
612 case DLT_PPP:
613 case DLT_C_HDLC:
614 case DLT_PPP_SERIAL:
615 off_linktype = 2;
616 off_nl = 4;
617 return;
618
619 case DLT_PPP_BSDOS:
620 off_linktype = 5;
621 off_nl = 24;
622 return;
623
624 case DLT_FDDI:
625 /*
626 * FDDI doesn't really have a link-level type field.
627 * We assume that SSAP = SNAP is being used and pick
628 * out the encapsulated Ethernet type.
629 *
630 * XXX - should we generate code to check for SNAP?
631 */
632 off_linktype = 19;
633 #ifdef PCAP_FDDIPAD
634 off_linktype += pcap_fddipad;
635 #endif
636 off_nl = 21;
637 #ifdef PCAP_FDDIPAD
638 off_nl += pcap_fddipad;
639 #endif
640 return;
641
642 case DLT_IEEE802:
643 /*
644 * Token Ring doesn't really have a link-level type field.
645 * We assume that SSAP = SNAP is being used and pick
646 * out the encapsulated Ethernet type.
647 *
648 * XXX - should we generate code to check for SNAP?
649 *
650 * XXX - the header is actually variable-length.
651 * Some various Linux patched versions gave 38
652 * as "off_linktype" and 40 as "off_nl"; however,
653 * if a token ring packet has *no* routing
654 * information, i.e. is not source-routed, the correct
655 * values are 20 and 22, as they are in the vanilla code.
656 *
657 * A packet is source-routed iff the uppermost bit
658 * of the first byte of the source address, at an
659 * offset of 8, has the uppermost bit set. If the
660 * packet is source-routed, the total number of bytes
661 * of routing information is 2 plus bits 0x1F00 of
662 * the 16-bit value at an offset of 14 (shifted right
663 * 8 - figure out which byte that is).
664 */
665 off_linktype = 20;
666 off_nl = 22;
667 return;
668
669 case DLT_ATM_RFC1483:
670 /*
671 * assume routed, non-ISO PDUs
672 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00)
673 */
674 off_linktype = 6;
675 off_nl = 8;
676 return;
677
678 case DLT_RAW:
679 off_linktype = -1;
680 off_nl = 0;
681 return;
682
683 case DLT_ATM_CLIP: /* Linux ATM defines this */
684 off_linktype = 6;
685 off_nl = 8;
686 return;
687 }
688 bpf_error("unknown data link type 0x%x", linktype);
689 /* NOTREACHED */
690 }
691
692 static struct block *
693 gen_uncond(rsense)
694 int rsense;
695 {
696 struct block *b;
697 struct slist *s;
698
699 s = new_stmt(BPF_LD|BPF_IMM);
700 s->s.k = !rsense;
701 b = new_block(JMP(BPF_JEQ));
702 b->stmts = s;
703
704 return b;
705 }
706
707 static inline struct block *
708 gen_true()
709 {
710 return gen_uncond(1);
711 }
712
713 static inline struct block *
714 gen_false()
715 {
716 return gen_uncond(0);
717 }
718
719 static struct block *
720 gen_linktype(proto)
721 register int proto;
722 {
723 struct block *b0, *b1;
724
725 /* If we're not using encapsulation, we're done */
726 if (off_linktype == -1)
727 return gen_true();
728
729 switch (linktype) {
730
731 case DLT_EN10MB:
732 /*
733 * XXX - handle other LLC-encapsulated protocols here
734 * (IPX, OSI)?
735 */
736 switch (proto) {
737
738 case LLC_ISO_LSAP:
739 /*
740 * OSI protocols always use 802.2 encapsulation.
741 */
742 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
743 gen_not(b0);
744 b1 = gen_cmp(off_linktype + 2, BPF_H, (long)
745 ((LLC_ISO_LSAP << 8) | LLC_ISO_LSAP));
746 gen_and(b0, b1);
747 return b1;
748
749 case ETHERTYPE_ATALK:
750 case ETHERTYPE_AARP:
751 /*
752 * EtherTalk (AppleTalk protocols on Ethernet link
753 * layer) may use 802.2 encapsulation.
754 */
755
756 /*
757 * Check for 802.2 encapsulation (EtherTalk phase 2?);
758 * we check for an Ethernet type field less than
759 * 1500, which means it's an 802.3 length field.
760 */
761 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
762 gen_not(b0);
763
764 /*
765 * 802.2-encapsulated ETHERTYPE_ATALK packets are
766 * SNAP packets with an organization code of
767 * 0x080007 (Apple, for Appletalk) and a protocol
768 * type of ETHERTYPE_ATALK (Appletalk).
769 *
770 * 802.2-encapsulated ETHERTYPE_AARP packets are
771 * SNAP packets with an organization code of
772 * 0x000000 (encapsulated Ethernet) and a protocol
773 * type of ETHERTYPE_AARP (Appletalk ARP).
774 */
775 if (proto == ETHERTYPE_ATALK)
776 b1 = gen_snap(0x080007, ETHERTYPE_ATALK, 14);
777 else /* proto == ETHERTYPE_AARP */
778 b1 = gen_snap(0x000000, ETHERTYPE_AARP, 14);
779 gen_and(b0, b1);
780
781 /*
782 * Check for Ethernet encapsulation (Ethertalk
783 * phase 1?); we just check for the Ethernet
784 * protocol type.
785 */
786 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
787
788 gen_or(b0, b1);
789 return b1;
790 }
791 break;
792
793 case DLT_SLIP:
794 return gen_false();
795
796 case DLT_PPP:
797 case DLT_PPP_SERIAL:
798 /*
799 * We use Ethernet protocol types inside libpcap;
800 * map them to the corresponding PPP protocol types.
801 */
802 switch (proto) {
803
804 case ETHERTYPE_IP:
805 proto = PPP_IP; /* XXX was 0x21 */
806 break;
807
808 #ifdef INET6
809 case ETHERTYPE_IPV6:
810 proto = PPP_IPV6;
811 break;
812 #endif
813
814 case ETHERTYPE_DN:
815 proto = PPP_DECNET;
816 break;
817
818 case ETHERTYPE_ATALK:
819 proto = PPP_APPLE;
820 break;
821
822 case ETHERTYPE_NS:
823 proto = PPP_NS;
824 break;
825 }
826 break;
827
828 case DLT_PPP_BSDOS:
829 /*
830 * We use Ethernet protocol types inside libpcap;
831 * map them to the corresponding PPP protocol types.
832 */
833 switch (proto) {
834
835 case ETHERTYPE_IP:
836 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP);
837 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC);
838 gen_or(b0, b1);
839 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC);
840 gen_or(b1, b0);
841 return b0;
842
843 #ifdef INET6
844 case ETHERTYPE_IPV6:
845 proto = PPP_IPV6;
846 /* more to go? */
847 break;
848 #endif
849
850 case ETHERTYPE_DN:
851 proto = PPP_DECNET;
852 break;
853
854 case ETHERTYPE_ATALK:
855 proto = PPP_APPLE;
856 break;
857
858 case ETHERTYPE_NS:
859 proto = PPP_NS;
860 break;
861 }
862 break;
863
864 case DLT_NULL:
865 /* XXX */
866 if (proto == ETHERTYPE_IP)
867 return (gen_cmp(0, BPF_W, (bpf_int32)htonl(AF_INET)));
868 #ifdef INET6
869 else if (proto == ETHERTYPE_IPV6)
870 return (gen_cmp(0, BPF_W, (bpf_int32)htonl(AF_INET6)));
871 #endif
872 else
873 return gen_false();
874 }
875 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
876 }
877
878 /*
879 * Check for an LLC SNAP packet with a given organization code and
880 * protocol type; we check the entire contents of the 802.2 LLC and
881 * snap headers, checking for a DSAP of 0xAA, an SSAP of 0xAA, and
882 * a control field of 0x03 in the LLC header, and for the specified
883 * organization code and protocol type in the SNAP header.
884 */
885 static struct block *
886 gen_snap(orgcode, ptype, offset)
887 bpf_u_int32 orgcode;
888 bpf_u_int32 ptype;
889 u_int offset;
890 {
891 u_char snapblock[8];
892
893 snapblock[0] = 0xAA; /* DSAP = SNAP */
894 snapblock[1] = 0xAA; /* SSAP = SNAP */
895 snapblock[2] = 0x03; /* control = UI */
896 snapblock[3] = (orgcode >> 16); /* upper 8 bits of organization code */
897 snapblock[4] = (orgcode >> 8); /* middle 8 bits of organization code */
898 snapblock[5] = (orgcode >> 0); /* lower 8 bits of organization code */
899 snapblock[6] = (ptype >> 8); /* upper 8 bits of protocol type */
900 snapblock[7] = (ptype >> 0); /* lower 8 bits of protocol type */
901 return gen_bcmp(offset, 8, snapblock);
902 }
903
904 static struct block *
905 gen_hostop(addr, mask, dir, proto, src_off, dst_off)
906 bpf_u_int32 addr;
907 bpf_u_int32 mask;
908 int dir, proto;
909 u_int src_off, dst_off;
910 {
911 struct block *b0, *b1;
912 u_int offset;
913
914 switch (dir) {
915
916 case Q_SRC:
917 offset = src_off;
918 break;
919
920 case Q_DST:
921 offset = dst_off;
922 break;
923
924 case Q_AND:
925 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
926 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
927 gen_and(b0, b1);
928 return b1;
929
930 case Q_OR:
931 case Q_DEFAULT:
932 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
933 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
934 gen_or(b0, b1);
935 return b1;
936
937 default:
938 abort();
939 }
940 b0 = gen_linktype(proto);
941 b1 = gen_mcmp(offset, BPF_W, (bpf_int32)addr, mask);
942 gen_and(b0, b1);
943 return b1;
944 }
945
946 #ifdef INET6
947 static struct block *
948 gen_hostop6(addr, mask, dir, proto, src_off, dst_off)
949 struct in6_addr *addr;
950 struct in6_addr *mask;
951 int dir, proto;
952 u_int src_off, dst_off;
953 {
954 struct block *b0, *b1;
955 u_int offset;
956 u_int32_t *a, *m;
957
958 switch (dir) {
959
960 case Q_SRC:
961 offset = src_off;
962 break;
963
964 case Q_DST:
965 offset = dst_off;
966 break;
967
968 case Q_AND:
969 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
970 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
971 gen_and(b0, b1);
972 return b1;
973
974 case Q_OR:
975 case Q_DEFAULT:
976 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
977 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
978 gen_or(b0, b1);
979 return b1;
980
981 default:
982 abort();
983 }
984 /* this order is important */
985 a = (u_int32_t *)addr;
986 m = (u_int32_t *)mask;
987 b1 = gen_mcmp(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3]));
988 b0 = gen_mcmp(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2]));
989 gen_and(b0, b1);
990 b0 = gen_mcmp(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1]));
991 gen_and(b0, b1);
992 b0 = gen_mcmp(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0]));
993 gen_and(b0, b1);
994 b0 = gen_linktype(proto);
995 gen_and(b0, b1);
996 return b1;
997 }
998 #endif /*INET6*/
999
1000 static struct block *
1001 gen_ehostop(eaddr, dir)
1002 register const u_char *eaddr;
1003 register int dir;
1004 {
1005 register struct block *b0, *b1;
1006
1007 switch (dir) {
1008 case Q_SRC:
1009 return gen_bcmp(6, 6, eaddr);
1010
1011 case Q_DST:
1012 return gen_bcmp(0, 6, eaddr);
1013
1014 case Q_AND:
1015 b0 = gen_ehostop(eaddr, Q_SRC);
1016 b1 = gen_ehostop(eaddr, Q_DST);
1017 gen_and(b0, b1);
1018 return b1;
1019
1020 case Q_DEFAULT:
1021 case Q_OR:
1022 b0 = gen_ehostop(eaddr, Q_SRC);
1023 b1 = gen_ehostop(eaddr, Q_DST);
1024 gen_or(b0, b1);
1025 return b1;
1026 }
1027 abort();
1028 /* NOTREACHED */
1029 }
1030
1031 /*
1032 * Like gen_ehostop, but for DLT_FDDI
1033 */
1034 static struct block *
1035 gen_fhostop(eaddr, dir)
1036 register const u_char *eaddr;
1037 register int dir;
1038 {
1039 struct block *b0, *b1;
1040
1041 switch (dir) {
1042 case Q_SRC:
1043 #ifdef PCAP_FDDIPAD
1044 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr);
1045 #else
1046 return gen_bcmp(6 + 1, 6, eaddr);
1047 #endif
1048
1049 case Q_DST:
1050 #ifdef PCAP_FDDIPAD
1051 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr);
1052 #else
1053 return gen_bcmp(0 + 1, 6, eaddr);
1054 #endif
1055
1056 case Q_AND:
1057 b0 = gen_fhostop(eaddr, Q_SRC);
1058 b1 = gen_fhostop(eaddr, Q_DST);
1059 gen_and(b0, b1);
1060 return b1;
1061
1062 case Q_DEFAULT:
1063 case Q_OR:
1064 b0 = gen_fhostop(eaddr, Q_SRC);
1065 b1 = gen_fhostop(eaddr, Q_DST);
1066 gen_or(b0, b1);
1067 return b1;
1068 }
1069 abort();
1070 /* NOTREACHED */
1071 }
1072
1073 /*
1074 * Like gen_ehostop, but for DLT_IEEE802 (Token Ring)
1075 */
1076 static struct block *
1077 gen_thostop(eaddr, dir)
1078 register const u_char *eaddr;
1079 register int dir;
1080 {
1081 register struct block *b0, *b1;
1082
1083 switch (dir) {
1084 case Q_SRC:
1085 return gen_bcmp(8, 6, eaddr);
1086
1087 case Q_DST:
1088 return gen_bcmp(2, 6, eaddr);
1089
1090 case Q_AND:
1091 b0 = gen_thostop(eaddr, Q_SRC);
1092 b1 = gen_thostop(eaddr, Q_DST);
1093 gen_and(b0, b1);
1094 return b1;
1095
1096 case Q_DEFAULT:
1097 case Q_OR:
1098 b0 = gen_thostop(eaddr, Q_SRC);
1099 b1 = gen_thostop(eaddr, Q_DST);
1100 gen_or(b0, b1);
1101 return b1;
1102 }
1103 abort();
1104 /* NOTREACHED */
1105 }
1106
1107 /*
1108 * This is quite tricky because there may be pad bytes in front of the
1109 * DECNET header, and then there are two possible data packet formats that
1110 * carry both src and dst addresses, plus 5 packet types in a format that
1111 * carries only the src node, plus 2 types that use a different format and
1112 * also carry just the src node.
1113 *
1114 * Yuck.
1115 *
1116 * Instead of doing those all right, we just look for data packets with
1117 * 0 or 1 bytes of padding. If you want to look at other packets, that
1118 * will require a lot more hacking.
1119 *
1120 * To add support for filtering on DECNET "areas" (network numbers)
1121 * one would want to add a "mask" argument to this routine. That would
1122 * make the filter even more inefficient, although one could be clever
1123 * and not generate masking instructions if the mask is 0xFFFF.
1124 */
1125 static struct block *
1126 gen_dnhostop(addr, dir, base_off)
1127 bpf_u_int32 addr;
1128 int dir;
1129 u_int base_off;
1130 {
1131 struct block *b0, *b1, *b2, *tmp;
1132 u_int offset_lh; /* offset if long header is received */
1133 u_int offset_sh; /* offset if short header is received */
1134
1135 switch (dir) {
1136
1137 case Q_DST:
1138 offset_sh = 1; /* follows flags */
1139 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */
1140 break;
1141
1142 case Q_SRC:
1143 offset_sh = 3; /* follows flags, dstnode */
1144 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */
1145 break;
1146
1147 case Q_AND:
1148 /* Inefficient because we do our Calvinball dance twice */
1149 b0 = gen_dnhostop(addr, Q_SRC, base_off);
1150 b1 = gen_dnhostop(addr, Q_DST, base_off);
1151 gen_and(b0, b1);
1152 return b1;
1153
1154 case Q_OR:
1155 case Q_DEFAULT:
1156 /* Inefficient because we do our Calvinball dance twice */
1157 b0 = gen_dnhostop(addr, Q_SRC, base_off);
1158 b1 = gen_dnhostop(addr, Q_DST, base_off);
1159 gen_or(b0, b1);
1160 return b1;
1161
1162 case Q_ISO:
1163 bpf_error("ISO host filtering not implemented");
1164
1165 default:
1166 abort();
1167 }
1168 b0 = gen_linktype(ETHERTYPE_DN);
1169 /* Check for pad = 1, long header case */
1170 tmp = gen_mcmp(base_off + 2, BPF_H,
1171 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF));
1172 b1 = gen_cmp(base_off + 2 + 1 + offset_lh,
1173 BPF_H, (bpf_int32)ntohs(addr));
1174 gen_and(tmp, b1);
1175 /* Check for pad = 0, long header case */
1176 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7);
1177 b2 = gen_cmp(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr));
1178 gen_and(tmp, b2);
1179 gen_or(b2, b1);
1180 /* Check for pad = 1, short header case */
1181 tmp = gen_mcmp(base_off + 2, BPF_H,
1182 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF));
1183 b2 = gen_cmp(base_off + 2 + 1 + offset_sh,
1184 BPF_H, (bpf_int32)ntohs(addr));
1185 gen_and(tmp, b2);
1186 gen_or(b2, b1);
1187 /* Check for pad = 0, short header case */
1188 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7);
1189 b2 = gen_cmp(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr));
1190 gen_and(tmp, b2);
1191 gen_or(b2, b1);
1192
1193 /* Combine with test for linktype */
1194 gen_and(b0, b1);
1195 return b1;
1196 }
1197
1198 static struct block *
1199 gen_host(addr, mask, proto, dir)
1200 bpf_u_int32 addr;
1201 bpf_u_int32 mask;
1202 int proto;
1203 int dir;
1204 {
1205 struct block *b0, *b1;
1206
1207 switch (proto) {
1208
1209 case Q_DEFAULT:
1210 b0 = gen_host(addr, mask, Q_IP, dir);
1211 if (off_linktype != -1) {
1212 b1 = gen_host(addr, mask, Q_ARP, dir);
1213 gen_or(b0, b1);
1214 b0 = gen_host(addr, mask, Q_RARP, dir);
1215 gen_or(b1, b0);
1216 }
1217 return b0;
1218
1219 case Q_IP:
1220 return gen_hostop(addr, mask, dir, ETHERTYPE_IP,
1221 off_nl + 12, off_nl + 16);
1222
1223 case Q_RARP:
1224 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP,
1225 off_nl + 14, off_nl + 24);
1226
1227 case Q_ARP:
1228 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP,
1229 off_nl + 14, off_nl + 24);
1230
1231 case Q_TCP:
1232 bpf_error("'tcp' modifier applied to host");
1233
1234 case Q_UDP:
1235 bpf_error("'udp' modifier applied to host");
1236
1237 case Q_ICMP:
1238 bpf_error("'icmp' modifier applied to host");
1239
1240 case Q_IGMP:
1241 bpf_error("'igmp' modifier applied to host");
1242
1243 case Q_IGRP:
1244 bpf_error("'igrp' modifier applied to host");
1245
1246 case Q_PIM:
1247 bpf_error("'pim' modifier applied to host");
1248
1249 case Q_ATALK:
1250 bpf_error("ATALK host filtering not implemented");
1251
1252 case Q_AARP:
1253 bpf_error("AARP host filtering not implemented");
1254
1255 case Q_DECNET:
1256 return gen_dnhostop(addr, dir, off_nl);
1257
1258 case Q_SCA:
1259 bpf_error("SCA host filtering not implemented");
1260
1261 case Q_LAT:
1262 bpf_error("LAT host filtering not implemented");
1263
1264 case Q_MOPDL:
1265 bpf_error("MOPDL host filtering not implemented");
1266
1267 case Q_MOPRC:
1268 bpf_error("MOPRC host filtering not implemented");
1269
1270 #ifdef INET6
1271 case Q_IPV6:
1272 bpf_error("'ip6' modifier applied to ip host");
1273
1274 case Q_ICMPV6:
1275 bpf_error("'icmp6' modifier applied to host");
1276 #endif /* INET6 */
1277
1278 case Q_AH:
1279 bpf_error("'ah' modifier applied to host");
1280
1281 case Q_ESP:
1282 bpf_error("'esp' modifier applied to host");
1283
1284 case Q_ISO:
1285 bpf_error("ISO host filtering not implemented");
1286
1287 case Q_ESIS:
1288 bpf_error("'esis' modifier applied to host");
1289
1290 case Q_ISIS:
1291 bpf_error("'isis' modifier applied to host");
1292
1293 default:
1294 abort();
1295 }
1296 /* NOTREACHED */
1297 }
1298
1299 #ifdef INET6
1300 static struct block *
1301 gen_host6(addr, mask, proto, dir)
1302 struct in6_addr *addr;
1303 struct in6_addr *mask;
1304 int proto;
1305 int dir;
1306 {
1307 switch (proto) {
1308
1309 case Q_DEFAULT:
1310 return gen_host6(addr, mask, Q_IPV6, dir);
1311
1312 case Q_IP:
1313 bpf_error("'ip' modifier applied to ip6 host");
1314
1315 case Q_RARP:
1316 bpf_error("'rarp' modifier applied to ip6 host");
1317
1318 case Q_ARP:
1319 bpf_error("'arp' modifier applied to ip6 host");
1320
1321 case Q_TCP:
1322 bpf_error("'tcp' modifier applied to host");
1323
1324 case Q_UDP:
1325 bpf_error("'udp' modifier applied to host");
1326
1327 case Q_ICMP:
1328 bpf_error("'icmp' modifier applied to host");
1329
1330 case Q_IGMP:
1331 bpf_error("'igmp' modifier applied to host");
1332
1333 case Q_IGRP:
1334 bpf_error("'igrp' modifier applied to host");
1335
1336 case Q_PIM:
1337 bpf_error("'pim' modifier applied to host");
1338
1339 case Q_ATALK:
1340 bpf_error("ATALK host filtering not implemented");
1341
1342 case Q_AARP:
1343 bpf_error("AARP host filtering not implemented");
1344
1345 case Q_DECNET:
1346 bpf_error("'decnet' modifier applied to ip6 host");
1347
1348 case Q_SCA:
1349 bpf_error("SCA host filtering not implemented");
1350
1351 case Q_LAT:
1352 bpf_error("LAT host filtering not implemented");
1353
1354 case Q_MOPDL:
1355 bpf_error("MOPDL host filtering not implemented");
1356
1357 case Q_MOPRC:
1358 bpf_error("MOPRC host filtering not implemented");
1359
1360 case Q_IPV6:
1361 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6,
1362 off_nl + 8, off_nl + 24);
1363
1364 case Q_ICMPV6:
1365 bpf_error("'icmp6' modifier applied to host");
1366
1367 case Q_AH:
1368 bpf_error("'ah' modifier applied to host");
1369
1370 case Q_ESP:
1371 bpf_error("'esp' modifier applied to host");
1372
1373 case Q_ISO:
1374 bpf_error("ISO host filtering not implemented");
1375
1376 case Q_ESIS:
1377 bpf_error("'esis' modifier applied to host");
1378
1379 case Q_ISIS:
1380 bpf_error("'isis' modifier applied to host");
1381
1382 default:
1383 abort();
1384 }
1385 /* NOTREACHED */
1386 }
1387 #endif /*INET6*/
1388
1389 #ifndef INET6
1390 static struct block *
1391 gen_gateway(eaddr, alist, proto, dir)
1392 const u_char *eaddr;
1393 bpf_u_int32 **alist;
1394 int proto;
1395 int dir;
1396 {
1397 struct block *b0, *b1, *tmp;
1398
1399 if (dir != 0)
1400 bpf_error("direction applied to 'gateway'");
1401
1402 switch (proto) {
1403 case Q_DEFAULT:
1404 case Q_IP:
1405 case Q_ARP:
1406 case Q_RARP:
1407 if (linktype == DLT_EN10MB)
1408 b0 = gen_ehostop(eaddr, Q_OR);
1409 else if (linktype == DLT_FDDI)
1410 b0 = gen_fhostop(eaddr, Q_OR);
1411 else if (linktype == DLT_IEEE802)
1412 b0 = gen_thostop(eaddr, Q_OR);
1413 else
1414 bpf_error(
1415 "'gateway' supported only on ethernet, FDDI or token ring");
1416
1417 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR);
1418 while (*alist) {
1419 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR);
1420 gen_or(b1, tmp);
1421 b1 = tmp;
1422 }
1423 gen_not(b1);
1424 gen_and(b0, b1);
1425 return b1;
1426 }
1427 bpf_error("illegal modifier of 'gateway'");
1428 /* NOTREACHED */
1429 }
1430 #endif
1431
1432 struct block *
1433 gen_proto_abbrev(proto)
1434 int proto;
1435 {
1436 #ifdef INET6
1437 struct block *b0;
1438 #endif
1439 struct block *b1;
1440
1441 switch (proto) {
1442
1443 case Q_TCP:
1444 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT);
1445 #ifdef INET6
1446 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT);
1447 gen_or(b0, b1);
1448 #endif
1449 break;
1450
1451 case Q_UDP:
1452 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT);
1453 #ifdef INET6
1454 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT);
1455 gen_or(b0, b1);
1456 #endif
1457 break;
1458
1459 case Q_ICMP:
1460 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT);
1461 break;
1462
1463 #ifndef IPPROTO_IGMP
1464 #define IPPROTO_IGMP 2
1465 #endif
1466
1467 case Q_IGMP:
1468 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT);
1469 break;
1470
1471 #ifndef IPPROTO_IGRP
1472 #define IPPROTO_IGRP 9
1473 #endif
1474 case Q_IGRP:
1475 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT);
1476 break;
1477
1478 #ifndef IPPROTO_PIM
1479 #define IPPROTO_PIM 103
1480 #endif
1481
1482 case Q_PIM:
1483 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT);
1484 #ifdef INET6
1485 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT);
1486 gen_or(b0, b1);
1487 #endif
1488 break;
1489
1490 case Q_IP:
1491 b1 = gen_linktype(ETHERTYPE_IP);
1492 break;
1493
1494 case Q_ARP:
1495 b1 = gen_linktype(ETHERTYPE_ARP);
1496 break;
1497
1498 case Q_RARP:
1499 b1 = gen_linktype(ETHERTYPE_REVARP);
1500 break;
1501
1502 case Q_LINK:
1503 bpf_error("link layer applied in wrong context");
1504
1505 case Q_ATALK:
1506 b1 = gen_linktype(ETHERTYPE_ATALK);
1507 break;
1508
1509 case Q_AARP:
1510 b1 = gen_linktype(ETHERTYPE_AARP);
1511 break;
1512
1513 case Q_DECNET:
1514 b1 = gen_linktype(ETHERTYPE_DN);
1515 break;
1516
1517 case Q_SCA:
1518 b1 = gen_linktype(ETHERTYPE_SCA);
1519 break;
1520
1521 case Q_LAT:
1522 b1 = gen_linktype(ETHERTYPE_LAT);
1523 break;
1524
1525 case Q_MOPDL:
1526 b1 = gen_linktype(ETHERTYPE_MOPDL);
1527 break;
1528
1529 case Q_MOPRC:
1530 b1 = gen_linktype(ETHERTYPE_MOPRC);
1531 break;
1532
1533 #ifdef INET6
1534 case Q_IPV6:
1535 b1 = gen_linktype(ETHERTYPE_IPV6);
1536 break;
1537
1538 #ifndef IPPROTO_ICMPV6
1539 #define IPPROTO_ICMPV6 58
1540 #endif
1541 case Q_ICMPV6:
1542 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT);
1543 break;
1544 #endif /* INET6 */
1545
1546 #ifndef IPPROTO_AH
1547 #define IPPROTO_AH 51
1548 #endif
1549 case Q_AH:
1550 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT);
1551 #ifdef INET6
1552 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT);
1553 gen_or(b0, b1);
1554 #endif
1555 break;
1556
1557 #ifndef IPPROTO_ESP
1558 #define IPPROTO_ESP 50
1559 #endif
1560 case Q_ESP:
1561 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT);
1562 #ifdef INET6
1563 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT);
1564 gen_or(b0, b1);
1565 #endif
1566 break;
1567
1568 case Q_ISO:
1569 b1 = gen_linktype(LLC_ISO_LSAP);
1570 break;
1571
1572 case Q_ESIS:
1573 b1 = gen_proto(ISO9542_ESIS, Q_ISO, Q_DEFAULT);
1574 break;
1575
1576 case Q_ISIS:
1577 b1 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT);
1578 break;
1579
1580 default:
1581 abort();
1582 }
1583 return b1;
1584 }
1585
1586 static struct block *
1587 gen_ipfrag()
1588 {
1589 struct slist *s;
1590 struct block *b;
1591
1592 /* not ip frag */
1593 s = new_stmt(BPF_LD|BPF_H|BPF_ABS);
1594 s->s.k = off_nl + 6;
1595 b = new_block(JMP(BPF_JSET));
1596 b->s.k = 0x1fff;
1597 b->stmts = s;
1598 gen_not(b);
1599
1600 return b;
1601 }
1602
1603 static struct block *
1604 gen_portatom(off, v)
1605 int off;
1606 bpf_int32 v;
1607 {
1608 struct slist *s;
1609 struct block *b;
1610
1611 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
1612 s->s.k = off_nl;
1613
1614 s->next = new_stmt(BPF_LD|BPF_IND|BPF_H);
1615 s->next->s.k = off_nl + off;
1616
1617 b = new_block(JMP(BPF_JEQ));
1618 b->stmts = s;
1619 b->s.k = v;
1620
1621 return b;
1622 }
1623
1624 #ifdef INET6
1625 static struct block *
1626 gen_portatom6(off, v)
1627 int off;
1628 bpf_int32 v;
1629 {
1630 return gen_cmp(off_nl + 40 + off, BPF_H, v);
1631 }
1632 #endif/*INET6*/
1633
1634 struct block *
1635 gen_portop(port, proto, dir)
1636 int port, proto, dir;
1637 {
1638 struct block *b0, *b1, *tmp;
1639
1640 /* ip proto 'proto' */
1641 tmp = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)proto);
1642 b0 = gen_ipfrag();
1643 gen_and(tmp, b0);
1644
1645 switch (dir) {
1646 case Q_SRC:
1647 b1 = gen_portatom(0, (bpf_int32)port);
1648 break;
1649
1650 case Q_DST:
1651 b1 = gen_portatom(2, (bpf_int32)port);
1652 break;
1653
1654 case Q_OR:
1655 case Q_DEFAULT:
1656 tmp = gen_portatom(0, (bpf_int32)port);
1657 b1 = gen_portatom(2, (bpf_int32)port);
1658 gen_or(tmp, b1);
1659 break;
1660
1661 case Q_AND:
1662 tmp = gen_portatom(0, (bpf_int32)port);
1663 b1 = gen_portatom(2, (bpf_int32)port);
1664 gen_and(tmp, b1);
1665 break;
1666
1667 default:
1668 abort();
1669 }
1670 gen_and(b0, b1);
1671
1672 return b1;
1673 }
1674
1675 static struct block *
1676 gen_port(port, ip_proto, dir)
1677 int port;
1678 int ip_proto;
1679 int dir;
1680 {
1681 struct block *b0, *b1, *tmp;
1682
1683 /* ether proto ip */
1684 b0 = gen_linktype(ETHERTYPE_IP);
1685
1686 switch (ip_proto) {
1687 case IPPROTO_UDP:
1688 case IPPROTO_TCP:
1689 b1 = gen_portop(port, ip_proto, dir);
1690 break;
1691
1692 case PROTO_UNDEF:
1693 tmp = gen_portop(port, IPPROTO_TCP, dir);
1694 b1 = gen_portop(port, IPPROTO_UDP, dir);
1695 gen_or(tmp, b1);
1696 break;
1697
1698 default:
1699 abort();
1700 }
1701 gen_and(b0, b1);
1702 return b1;
1703 }
1704
1705 #ifdef INET6
1706 struct block *
1707 gen_portop6(port, proto, dir)
1708 int port, proto, dir;
1709 {
1710 struct block *b0, *b1, *tmp;
1711
1712 /* ip proto 'proto' */
1713 b0 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)proto);
1714
1715 switch (dir) {
1716 case Q_SRC:
1717 b1 = gen_portatom6(0, (bpf_int32)port);
1718 break;
1719
1720 case Q_DST:
1721 b1 = gen_portatom6(2, (bpf_int32)port);
1722 break;
1723
1724 case Q_OR:
1725 case Q_DEFAULT:
1726 tmp = gen_portatom6(0, (bpf_int32)port);
1727 b1 = gen_portatom6(2, (bpf_int32)port);
1728 gen_or(tmp, b1);
1729 break;
1730
1731 case Q_AND:
1732 tmp = gen_portatom6(0, (bpf_int32)port);
1733 b1 = gen_portatom6(2, (bpf_int32)port);
1734 gen_and(tmp, b1);
1735 break;
1736
1737 default:
1738 abort();
1739 }
1740 gen_and(b0, b1);
1741
1742 return b1;
1743 }
1744
1745 static struct block *
1746 gen_port6(port, ip_proto, dir)
1747 int port;
1748 int ip_proto;
1749 int dir;
1750 {
1751 struct block *b0, *b1, *tmp;
1752
1753 /* ether proto ip */
1754 b0 = gen_linktype(ETHERTYPE_IPV6);
1755
1756 switch (ip_proto) {
1757 case IPPROTO_UDP:
1758 case IPPROTO_TCP:
1759 b1 = gen_portop6(port, ip_proto, dir);
1760 break;
1761
1762 case PROTO_UNDEF:
1763 tmp = gen_portop6(port, IPPROTO_TCP, dir);
1764 b1 = gen_portop6(port, IPPROTO_UDP, dir);
1765 gen_or(tmp, b1);
1766 break;
1767
1768 default:
1769 abort();
1770 }
1771 gen_and(b0, b1);
1772 return b1;
1773 }
1774 #endif /* INET6 */
1775
1776 static int
1777 lookup_proto(name, proto)
1778 register const char *name;
1779 register int proto;
1780 {
1781 register int v;
1782
1783 switch (proto) {
1784
1785 case Q_DEFAULT:
1786 case Q_IP:
1787 v = pcap_nametoproto(name);
1788 if (v == PROTO_UNDEF)
1789 bpf_error("unknown ip proto '%s'", name);
1790 break;
1791
1792 case Q_LINK:
1793 /* XXX should look up h/w protocol type based on linktype */
1794 v = pcap_nametoeproto(name);
1795 if (v == PROTO_UNDEF)
1796 bpf_error("unknown ether proto '%s'", name);
1797 break;
1798
1799 case Q_ISO:
1800 if (strcmp(name, "esis") == 0)
1801 v = ISO9542_ESIS;
1802 else if (strcmp(name, "isis") == 0)
1803 v = ISO10589_ISIS;
1804 else
1805 bpf_error("unknown osi proto '%s'", name);
1806 break;
1807
1808 default:
1809 v = PROTO_UNDEF;
1810 break;
1811 }
1812 return v;
1813 }
1814
1815 #if 0
1816 struct stmt *
1817 gen_joinsp(s, n)
1818 struct stmt **s;
1819 int n;
1820 {
1821 return NULL;
1822 }
1823 #endif
1824
1825 static struct block *
1826 gen_protochain(v, proto, dir)
1827 int v;
1828 int proto;
1829 int dir;
1830 {
1831 #ifdef NO_PROTOCHAIN
1832 return gen_proto(v, proto, dir);
1833 #else
1834 struct block *b0, *b;
1835 struct slist *s[100];
1836 int fix2, fix3, fix4, fix5;
1837 int ahcheck, again, end;
1838 int i, max;
1839 int reg1 = alloc_reg();
1840 int reg2 = alloc_reg();
1841
1842 memset(s, 0, sizeof(s));
1843 fix2 = fix3 = fix4 = fix5 = 0;
1844
1845 switch (proto) {
1846 case Q_IP:
1847 case Q_IPV6:
1848 break;
1849 case Q_DEFAULT:
1850 b0 = gen_protochain(v, Q_IP, dir);
1851 b = gen_protochain(v, Q_IPV6, dir);
1852 gen_or(b0, b);
1853 return b;
1854 default:
1855 bpf_error("bad protocol applied for 'protochain'");
1856 /*NOTREACHED*/
1857 }
1858
1859 no_optimize = 1; /*this code is not compatible with optimzer yet */
1860
1861 /*
1862 * s[0] is a dummy entry to protect other BPF insn from damaged
1863 * by s[fix] = foo with uninitialized variable "fix". It is somewhat
1864 * hard to find interdependency made by jump table fixup.
1865 */
1866 i = 0;
1867 s[i] = new_stmt(0); /*dummy*/
1868 i++;
1869
1870 switch (proto) {
1871 case Q_IP:
1872 b0 = gen_linktype(ETHERTYPE_IP);
1873
1874 /* A = ip->ip_p */
1875 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
1876 s[i]->s.k = off_nl + 9;
1877 i++;
1878 /* X = ip->ip_hl << 2 */
1879 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
1880 s[i]->s.k = off_nl;
1881 i++;
1882 break;
1883 #ifdef INET6
1884 case Q_IPV6:
1885 b0 = gen_linktype(ETHERTYPE_IPV6);
1886
1887 /* A = ip6->ip_nxt */
1888 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
1889 s[i]->s.k = off_nl + 6;
1890 i++;
1891 /* X = sizeof(struct ip6_hdr) */
1892 s[i] = new_stmt(BPF_LDX|BPF_IMM);
1893 s[i]->s.k = 40;
1894 i++;
1895 break;
1896 #endif
1897 default:
1898 bpf_error("unsupported proto to gen_protochain");
1899 /*NOTREACHED*/
1900 }
1901
1902 /* again: if (A == v) goto end; else fall through; */
1903 again = i;
1904 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
1905 s[i]->s.k = v;
1906 s[i]->s.jt = NULL; /*later*/
1907 s[i]->s.jf = NULL; /*update in next stmt*/
1908 fix5 = i;
1909 i++;
1910
1911 #ifndef IPPROTO_NONE
1912 #define IPPROTO_NONE 59
1913 #endif
1914 /* if (A == IPPROTO_NONE) goto end */
1915 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
1916 s[i]->s.jt = NULL; /*later*/
1917 s[i]->s.jf = NULL; /*update in next stmt*/
1918 s[i]->s.k = IPPROTO_NONE;
1919 s[fix5]->s.jf = s[i];
1920 fix2 = i;
1921 i++;
1922
1923 #ifdef INET6
1924 if (proto == Q_IPV6) {
1925 int v6start, v6end, v6advance, j;
1926
1927 v6start = i;
1928 /* if (A == IPPROTO_HOPOPTS) goto v6advance */
1929 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
1930 s[i]->s.jt = NULL; /*later*/
1931 s[i]->s.jf = NULL; /*update in next stmt*/
1932 s[i]->s.k = IPPROTO_HOPOPTS;
1933 s[fix2]->s.jf = s[i];
1934 i++;
1935 /* if (A == IPPROTO_DSTOPTS) goto v6advance */
1936 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
1937 s[i]->s.jt = NULL; /*later*/
1938 s[i]->s.jf = NULL; /*update in next stmt*/
1939 s[i]->s.k = IPPROTO_DSTOPTS;
1940 i++;
1941 /* if (A == IPPROTO_ROUTING) goto v6advance */
1942 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
1943 s[i]->s.jt = NULL; /*later*/
1944 s[i]->s.jf = NULL; /*update in next stmt*/
1945 s[i]->s.k = IPPROTO_ROUTING;
1946 i++;
1947 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */
1948 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
1949 s[i]->s.jt = NULL; /*later*/
1950 s[i]->s.jf = NULL; /*later*/
1951 s[i]->s.k = IPPROTO_FRAGMENT;
1952 fix3 = i;
1953 v6end = i;
1954 i++;
1955
1956 /* v6advance: */
1957 v6advance = i;
1958
1959 /*
1960 * in short,
1961 * A = P[X + 1];
1962 * X = X + (P[X] + 1) * 8;
1963 */
1964 /* A = X */
1965 s[i] = new_stmt(BPF_MISC|BPF_TXA);
1966 i++;
1967 /* MEM[reg1] = A */
1968 s[i] = new_stmt(BPF_ST);
1969 s[i]->s.k = reg1;
1970 i++;
1971 /* A += 1 */
1972 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
1973 s[i]->s.k = 1;
1974 i++;
1975 /* X = A */
1976 s[i] = new_stmt(BPF_MISC|BPF_TAX);
1977 i++;
1978 /* A = P[X + packet head]; */
1979 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
1980 s[i]->s.k = off_nl;
1981 i++;
1982 /* MEM[reg2] = A */
1983 s[i] = new_stmt(BPF_ST);
1984 s[i]->s.k = reg2;
1985 i++;
1986 /* X = MEM[reg1] */
1987 s[i] = new_stmt(BPF_LDX|BPF_MEM);
1988 s[i]->s.k = reg1;
1989 i++;
1990 /* A = P[X + packet head] */
1991 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
1992 s[i]->s.k = off_nl;
1993 i++;
1994 /* A += 1 */
1995 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
1996 s[i]->s.k = 1;
1997 i++;
1998 /* A *= 8 */
1999 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
2000 s[i]->s.k = 8;
2001 i++;
2002 /* X = A; */
2003 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2004 i++;
2005 /* A = MEM[reg2] */
2006 s[i] = new_stmt(BPF_LD|BPF_MEM);
2007 s[i]->s.k = reg2;
2008 i++;
2009
2010 /* goto again; (must use BPF_JA for backward jump) */
2011 s[i] = new_stmt(BPF_JMP|BPF_JA);
2012 s[i]->s.k = again - i - 1;
2013 s[i - 1]->s.jf = s[i];
2014 i++;
2015
2016 /* fixup */
2017 for (j = v6start; j <= v6end; j++)
2018 s[j]->s.jt = s[v6advance];
2019 } else
2020 #endif
2021 {
2022 /* nop */
2023 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2024 s[i]->s.k = 0;
2025 s[fix2]->s.jf = s[i];
2026 i++;
2027 }
2028
2029 /* ahcheck: */
2030 ahcheck = i;
2031 /* if (A == IPPROTO_AH) then fall through; else goto end; */
2032 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2033 s[i]->s.jt = NULL; /*later*/
2034 s[i]->s.jf = NULL; /*later*/
2035 s[i]->s.k = IPPROTO_AH;
2036 if (fix3)
2037 s[fix3]->s.jf = s[ahcheck];
2038 fix4 = i;
2039 i++;
2040
2041 /*
2042 * in short,
2043 * A = P[X + 1];
2044 * X = X + (P[X] + 2) * 4;
2045 */
2046 /* A = X */
2047 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
2048 i++;
2049 /* MEM[reg1] = A */
2050 s[i] = new_stmt(BPF_ST);
2051 s[i]->s.k = reg1;
2052 i++;
2053 /* A += 1 */
2054 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2055 s[i]->s.k = 1;
2056 i++;
2057 /* X = A */
2058 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2059 i++;
2060 /* A = P[X + packet head]; */
2061 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2062 s[i]->s.k = off_nl;
2063 i++;
2064 /* MEM[reg2] = A */
2065 s[i] = new_stmt(BPF_ST);
2066 s[i]->s.k = reg2;
2067 i++;
2068 /* X = MEM[reg1] */
2069 s[i] = new_stmt(BPF_LDX|BPF_MEM);
2070 s[i]->s.k = reg1;
2071 i++;
2072 /* A = P[X + packet head] */
2073 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2074 s[i]->s.k = off_nl;
2075 i++;
2076 /* A += 2 */
2077 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2078 s[i]->s.k = 2;
2079 i++;
2080 /* A *= 4 */
2081 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
2082 s[i]->s.k = 4;
2083 i++;
2084 /* X = A; */
2085 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2086 i++;
2087 /* A = MEM[reg2] */
2088 s[i] = new_stmt(BPF_LD|BPF_MEM);
2089 s[i]->s.k = reg2;
2090 i++;
2091
2092 /* goto again; (must use BPF_JA for backward jump) */
2093 s[i] = new_stmt(BPF_JMP|BPF_JA);
2094 s[i]->s.k = again - i - 1;
2095 i++;
2096
2097 /* end: nop */
2098 end = i;
2099 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2100 s[i]->s.k = 0;
2101 s[fix2]->s.jt = s[end];
2102 s[fix4]->s.jf = s[end];
2103 s[fix5]->s.jt = s[end];
2104 i++;
2105
2106 /*
2107 * make slist chain
2108 */
2109 max = i;
2110 for (i = 0; i < max - 1; i++)
2111 s[i]->next = s[i + 1];
2112 s[max - 1]->next = NULL;
2113
2114 /*
2115 * emit final check
2116 */
2117 b = new_block(JMP(BPF_JEQ));
2118 b->stmts = s[1]; /*remember, s[0] is dummy*/
2119 b->s.k = v;
2120
2121 free_reg(reg1);
2122 free_reg(reg2);
2123
2124 gen_and(b0, b);
2125 return b;
2126 #endif
2127 }
2128
2129 static struct block *
2130 gen_proto(v, proto, dir)
2131 int v;
2132 int proto;
2133 int dir;
2134 {
2135 struct block *b0, *b1;
2136
2137 if (dir != Q_DEFAULT)
2138 bpf_error("direction applied to 'proto'");
2139
2140 switch (proto) {
2141 case Q_DEFAULT:
2142 #ifdef INET6
2143 b0 = gen_proto(v, Q_IP, dir);
2144 b1 = gen_proto(v, Q_IPV6, dir);
2145 gen_or(b0, b1);
2146 return b1;
2147 #else
2148 /*FALLTHROUGH*/
2149 #endif
2150 case Q_IP:
2151 b0 = gen_linktype(ETHERTYPE_IP);
2152 #ifndef CHASE_CHAIN
2153 b1 = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)v);
2154 #else
2155 b1 = gen_protochain(v, Q_IP);
2156 #endif
2157 gen_and(b0, b1);
2158 return b1;
2159
2160 case Q_ISO:
2161 b0 = gen_linktype(LLC_ISO_LSAP);
2162 b1 = gen_cmp(off_nl + 3, BPF_B, (long)v);
2163 gen_and(b0, b1);
2164 return b1;
2165
2166 case Q_ARP:
2167 bpf_error("arp does not encapsulate another protocol");
2168 /* NOTREACHED */
2169
2170 case Q_RARP:
2171 bpf_error("rarp does not encapsulate another protocol");
2172 /* NOTREACHED */
2173
2174 case Q_ATALK:
2175 bpf_error("atalk encapsulation is not specifiable");
2176 /* NOTREACHED */
2177
2178 case Q_DECNET:
2179 bpf_error("decnet encapsulation is not specifiable");
2180 /* NOTREACHED */
2181
2182 case Q_SCA:
2183 bpf_error("sca does not encapsulate another protocol");
2184 /* NOTREACHED */
2185
2186 case Q_LAT:
2187 bpf_error("lat does not encapsulate another protocol");
2188 /* NOTREACHED */
2189
2190 case Q_MOPRC:
2191 bpf_error("moprc does not encapsulate another protocol");
2192 /* NOTREACHED */
2193
2194 case Q_MOPDL:
2195 bpf_error("mopdl does not encapsulate another protocol");
2196 /* NOTREACHED */
2197
2198 case Q_LINK:
2199 return gen_linktype(v);
2200
2201 case Q_UDP:
2202 bpf_error("'udp proto' is bogus");
2203 /* NOTREACHED */
2204
2205 case Q_TCP:
2206 bpf_error("'tcp proto' is bogus");
2207 /* NOTREACHED */
2208
2209 case Q_ICMP:
2210 bpf_error("'icmp proto' is bogus");
2211 /* NOTREACHED */
2212
2213 case Q_IGMP:
2214 bpf_error("'igmp proto' is bogus");
2215 /* NOTREACHED */
2216
2217 case Q_IGRP:
2218 bpf_error("'igrp proto' is bogus");
2219 /* NOTREACHED */
2220
2221 case Q_PIM:
2222 bpf_error("'pim proto' is bogus");
2223 /* NOTREACHED */
2224
2225 #ifdef INET6
2226 case Q_IPV6:
2227 b0 = gen_linktype(ETHERTYPE_IPV6);
2228 #ifndef CHASE_CHAIN
2229 b1 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)v);
2230 #else
2231 b1 = gen_protochain(v, Q_IPV6);
2232 #endif
2233 gen_and(b0, b1);
2234 return b1;
2235
2236 case Q_ICMPV6:
2237 bpf_error("'icmp6 proto' is bogus");
2238 #endif /* INET6 */
2239
2240 case Q_AH:
2241 bpf_error("'ah proto' is bogus");
2242
2243 case Q_ESP:
2244 bpf_error("'ah proto' is bogus");
2245
2246 default:
2247 abort();
2248 /* NOTREACHED */
2249 }
2250 /* NOTREACHED */
2251 }
2252
2253 struct block *
2254 gen_scode(name, q)
2255 register const char *name;
2256 struct qual q;
2257 {
2258 int proto = q.proto;
2259 int dir = q.dir;
2260 int tproto;
2261 u_char *eaddr;
2262 bpf_u_int32 mask, addr;
2263 #ifndef INET6
2264 bpf_u_int32 **alist;
2265 #else
2266 int tproto6;
2267 struct sockaddr_in *sin;
2268 struct sockaddr_in6 *sin6;
2269 struct addrinfo *res, *res0;
2270 struct in6_addr mask128;
2271 #endif /*INET6*/
2272 struct block *b, *tmp;
2273 int port, real_proto;
2274
2275 switch (q.addr) {
2276
2277 case Q_NET:
2278 addr = pcap_nametonetaddr(name);
2279 if (addr == 0)
2280 bpf_error("unknown network '%s'", name);
2281 /* Left justify network addr and calculate its network mask */
2282 mask = 0xffffffff;
2283 while (addr && (addr & 0xff000000) == 0) {
2284 addr <<= 8;
2285 mask <<= 8;
2286 }
2287 return gen_host(addr, mask, proto, dir);
2288
2289 case Q_DEFAULT:
2290 case Q_HOST:
2291 if (proto == Q_LINK) {
2292 switch (linktype) {
2293
2294 case DLT_EN10MB:
2295 eaddr = pcap_ether_hostton(name);
2296 if (eaddr == NULL)
2297 bpf_error(
2298 "unknown ether host '%s'", name);
2299 return gen_ehostop(eaddr, dir);
2300
2301 case DLT_FDDI:
2302 eaddr = pcap_ether_hostton(name);
2303 if (eaddr == NULL)
2304 bpf_error(
2305 "unknown FDDI host '%s'", name);
2306 return gen_fhostop(eaddr, dir);
2307
2308 case DLT_IEEE802:
2309 eaddr = pcap_ether_hostton(name);
2310 if (eaddr == NULL)
2311 bpf_error(
2312 "unknown token ring host '%s'", name);
2313 return gen_thostop(eaddr, dir);
2314
2315 default:
2316 bpf_error(
2317 "only ethernet/FDDI/token ring supports link-level host name");
2318 break;
2319 }
2320 } else if (proto == Q_DECNET) {
2321 unsigned short dn_addr = __pcap_nametodnaddr(name);
2322 /*
2323 * I don't think DECNET hosts can be multihomed, so
2324 * there is no need to build up a list of addresses
2325 */
2326 return (gen_host(dn_addr, 0, proto, dir));
2327 } else {
2328 #ifndef INET6
2329 alist = pcap_nametoaddr(name);
2330 if (alist == NULL || *alist == NULL)
2331 bpf_error("unknown host '%s'", name);
2332 tproto = proto;
2333 if (off_linktype == -1 && tproto == Q_DEFAULT)
2334 tproto = Q_IP;
2335 b = gen_host(**alist++, 0xffffffff, tproto, dir);
2336 while (*alist) {
2337 tmp = gen_host(**alist++, 0xffffffff,
2338 tproto, dir);
2339 gen_or(b, tmp);
2340 b = tmp;
2341 }
2342 return b;
2343 #else
2344 memset(&mask128, 0xff, sizeof(mask128));
2345 res0 = res = pcap_nametoaddrinfo(name);
2346 if (res == NULL)
2347 bpf_error("unknown host '%s'", name);
2348 b = tmp = NULL;
2349 tproto = tproto6 = proto;
2350 if (off_linktype == -1 && tproto == Q_DEFAULT) {
2351 tproto = Q_IP;
2352 tproto6 = Q_IPV6;
2353 }
2354 for (res = res0; res; res = res->ai_next) {
2355 switch (res->ai_family) {
2356 case AF_INET:
2357 if (tproto == Q_IPV6)
2358 continue;
2359
2360 sin = (struct sockaddr_in *)
2361 res->ai_addr;
2362 tmp = gen_host(ntohl(sin->sin_addr.s_addr),
2363 0xffffffff, tproto, dir);
2364 break;
2365 case AF_INET6:
2366 if (tproto6 == Q_IP)
2367 continue;
2368
2369 sin6 = (struct sockaddr_in6 *)
2370 res->ai_addr;
2371 tmp = gen_host6(&sin6->sin6_addr,
2372 &mask128, tproto6, dir);
2373 break;
2374 }
2375 if (b)
2376 gen_or(b, tmp);
2377 b = tmp;
2378 }
2379 freeaddrinfo(res0);
2380 if (b == NULL) {
2381 bpf_error("unknown host '%s'%s", name,
2382 (proto == Q_DEFAULT)
2383 ? ""
2384 : " for specified address family");
2385 }
2386 return b;
2387 #endif /*INET6*/
2388 }
2389
2390 case Q_PORT:
2391 if (proto != Q_DEFAULT && proto != Q_UDP && proto != Q_TCP)
2392 bpf_error("illegal qualifier of 'port'");
2393 if (pcap_nametoport(name, &port, &real_proto) == 0)
2394 bpf_error("unknown port '%s'", name);
2395 if (proto == Q_UDP) {
2396 if (real_proto == IPPROTO_TCP)
2397 bpf_error("port '%s' is tcp", name);
2398 else
2399 /* override PROTO_UNDEF */
2400 real_proto = IPPROTO_UDP;
2401 }
2402 if (proto == Q_TCP) {
2403 if (real_proto == IPPROTO_UDP)
2404 bpf_error("port '%s' is udp", name);
2405 else
2406 /* override PROTO_UNDEF */
2407 real_proto = IPPROTO_TCP;
2408 }
2409 #ifndef INET6
2410 return gen_port(port, real_proto, dir);
2411 #else
2412 {
2413 struct block *b;
2414 b = gen_port(port, real_proto, dir);
2415 gen_or(gen_port6(port, real_proto, dir), b);
2416 return b;
2417 }
2418 #endif /* INET6 */
2419
2420 case Q_GATEWAY:
2421 #ifndef INET6
2422 eaddr = pcap_ether_hostton(name);
2423 if (eaddr == NULL)
2424 bpf_error("unknown ether host: %s", name);
2425
2426 alist = pcap_nametoaddr(name);
2427 if (alist == NULL || *alist == NULL)
2428 bpf_error("unknown host '%s'", name);
2429 return gen_gateway(eaddr, alist, proto, dir);
2430 #else
2431 bpf_error("'gateway' not supported in this configuration");
2432 #endif /*INET6*/
2433
2434 case Q_PROTO:
2435 real_proto = lookup_proto(name, proto);
2436 if (real_proto >= 0)
2437 return gen_proto(real_proto, proto, dir);
2438 else
2439 bpf_error("unknown protocol: %s", name);
2440
2441 case Q_PROTOCHAIN:
2442 real_proto = lookup_proto(name, proto);
2443 if (real_proto >= 0)
2444 return gen_protochain(real_proto, proto, dir);
2445 else
2446 bpf_error("unknown protocol: %s", name);
2447
2448
2449 case Q_UNDEF:
2450 syntax();
2451 /* NOTREACHED */
2452 }
2453 abort();
2454 /* NOTREACHED */
2455 }
2456
2457 struct block *
2458 gen_mcode(s1, s2, masklen, q)
2459 register const char *s1, *s2;
2460 register int masklen;
2461 struct qual q;
2462 {
2463 register int nlen, mlen;
2464 bpf_u_int32 n, m;
2465
2466 nlen = __pcap_atoin(s1, &n);
2467 /* Promote short ipaddr */
2468 n <<= 32 - nlen;
2469
2470 if (s2 != NULL) {
2471 mlen = __pcap_atoin(s2, &m);
2472 /* Promote short ipaddr */
2473 m <<= 32 - mlen;
2474 if ((n & ~m) != 0)
2475 bpf_error("non-network bits set in \"%s mask %s\"",
2476 s1, s2);
2477 } else {
2478 /* Convert mask len to mask */
2479 if (masklen > 32)
2480 bpf_error("mask length must be <= 32");
2481 m = 0xffffffff << (32 - masklen);
2482 if ((n & ~m) != 0)
2483 bpf_error("non-network bits set in \"%s/%d\"",
2484 s1, masklen);
2485 }
2486
2487 switch (q.addr) {
2488
2489 case Q_NET:
2490 return gen_host(n, m, q.proto, q.dir);
2491
2492 default:
2493 bpf_error("Mask syntax for networks only");
2494 /* NOTREACHED */
2495 }
2496 }
2497
2498 struct block *
2499 gen_ncode(s, v, q)
2500 register const char *s;
2501 bpf_u_int32 v;
2502 struct qual q;
2503 {
2504 bpf_u_int32 mask;
2505 int proto = q.proto;
2506 int dir = q.dir;
2507 register int vlen;
2508
2509 if (s == NULL)
2510 vlen = 32;
2511 else if (q.proto == Q_DECNET)
2512 vlen = __pcap_atodn(s, &v);
2513 else
2514 vlen = __pcap_atoin(s, &v);
2515
2516 switch (q.addr) {
2517
2518 case Q_DEFAULT:
2519 case Q_HOST:
2520 case Q_NET:
2521 if (proto == Q_DECNET)
2522 return gen_host(v, 0, proto, dir);
2523 else if (proto == Q_LINK) {
2524 bpf_error("illegal link layer address");
2525 } else {
2526 mask = 0xffffffff;
2527 if (s == NULL && q.addr == Q_NET) {
2528 /* Promote short net number */
2529 while (v && (v & 0xff000000) == 0) {
2530 v <<= 8;
2531 mask <<= 8;
2532 }
2533 } else {
2534 /* Promote short ipaddr */
2535 v <<= 32 - vlen;
2536 mask <<= 32 - vlen;
2537 }
2538 return gen_host(v, mask, proto, dir);
2539 }
2540
2541 case Q_PORT:
2542 if (proto == Q_UDP)
2543 proto = IPPROTO_UDP;
2544 else if (proto == Q_TCP)
2545 proto = IPPROTO_TCP;
2546 else if (proto == Q_DEFAULT)
2547 proto = PROTO_UNDEF;
2548 else
2549 bpf_error("illegal qualifier of 'port'");
2550
2551 #ifndef INET6
2552 return gen_port((int)v, proto, dir);
2553 #else
2554 {
2555 struct block *b;
2556 b = gen_port((int)v, proto, dir);
2557 gen_or(gen_port6((int)v, proto, dir), b);
2558 return b;
2559 }
2560 #endif /* INET6 */
2561
2562 case Q_GATEWAY:
2563 bpf_error("'gateway' requires a name");
2564 /* NOTREACHED */
2565
2566 case Q_PROTO:
2567 return gen_proto((int)v, proto, dir);
2568
2569 case Q_PROTOCHAIN:
2570 return gen_protochain((int)v, proto, dir);
2571
2572 case Q_UNDEF:
2573 syntax();
2574 /* NOTREACHED */
2575
2576 default:
2577 abort();
2578 /* NOTREACHED */
2579 }
2580 /* NOTREACHED */
2581 }
2582
2583 #ifdef INET6
2584 struct block *
2585 gen_mcode6(s1, s2, masklen, q)
2586 register const char *s1, *s2;
2587 register int masklen;
2588 struct qual q;
2589 {
2590 struct addrinfo *res;
2591 struct in6_addr *addr;
2592 struct in6_addr mask;
2593 struct block *b;
2594 u_int32_t *a, *m;
2595
2596 if (s2)
2597 bpf_error("no mask %s supported", s2);
2598
2599 res = pcap_nametoaddrinfo(s1);
2600 if (!res)
2601 bpf_error("invalid ip6 address %s", s1);
2602 if (res->ai_next)
2603 bpf_error("%s resolved to multiple address", s1);
2604 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr;
2605
2606 if (sizeof(mask) * 8 < masklen)
2607 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8));
2608 memset(&mask, 0xff, masklen / 8);
2609 if (masklen % 8) {
2610 mask.s6_addr[masklen / 8] =
2611 (0xff << (8 - masklen % 8)) & 0xff;
2612 }
2613
2614 a = (u_int32_t *)addr;
2615 m = (u_int32_t *)&mask;
2616 if ((a[0] & ~m[0]) || (a[1] & ~m[1])
2617 || (a[2] & ~m[2]) || (a[3] & ~m[3])) {
2618 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen);
2619 }
2620
2621 switch (q.addr) {
2622
2623 case Q_DEFAULT:
2624 case Q_HOST:
2625 if (masklen != 128)
2626 bpf_error("Mask syntax for networks only");
2627 /* FALLTHROUGH */
2628
2629 case Q_NET:
2630 b = gen_host6(addr, &mask, q.proto, q.dir);
2631 freeaddrinfo(res);
2632 return b;
2633
2634 default:
2635 bpf_error("invalid qualifier against IPv6 address");
2636 /* NOTREACHED */
2637 }
2638 }
2639 #endif /*INET6*/
2640
2641 struct block *
2642 gen_ecode(eaddr, q)
2643 register const u_char *eaddr;
2644 struct qual q;
2645 {
2646 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
2647 if (linktype == DLT_EN10MB)
2648 return gen_ehostop(eaddr, (int)q.dir);
2649 if (linktype == DLT_FDDI)
2650 return gen_fhostop(eaddr, (int)q.dir);
2651 if (linktype == DLT_IEEE802)
2652 return gen_thostop(eaddr, (int)q.dir);
2653 }
2654 bpf_error("ethernet address used in non-ether expression");
2655 /* NOTREACHED */
2656 }
2657
2658 void
2659 sappend(s0, s1)
2660 struct slist *s0, *s1;
2661 {
2662 /*
2663 * This is definitely not the best way to do this, but the
2664 * lists will rarely get long.
2665 */
2666 while (s0->next)
2667 s0 = s0->next;
2668 s0->next = s1;
2669 }
2670
2671 static struct slist *
2672 xfer_to_x(a)
2673 struct arth *a;
2674 {
2675 struct slist *s;
2676
2677 s = new_stmt(BPF_LDX|BPF_MEM);
2678 s->s.k = a->regno;
2679 return s;
2680 }
2681
2682 static struct slist *
2683 xfer_to_a(a)
2684 struct arth *a;
2685 {
2686 struct slist *s;
2687
2688 s = new_stmt(BPF_LD|BPF_MEM);
2689 s->s.k = a->regno;
2690 return s;
2691 }
2692
2693 struct arth *
2694 gen_load(proto, index, size)
2695 int proto;
2696 struct arth *index;
2697 int size;
2698 {
2699 struct slist *s, *tmp;
2700 struct block *b;
2701 int regno = alloc_reg();
2702
2703 free_reg(index->regno);
2704 switch (size) {
2705
2706 default:
2707 bpf_error("data size must be 1, 2, or 4");
2708
2709 case 1:
2710 size = BPF_B;
2711 break;
2712
2713 case 2:
2714 size = BPF_H;
2715 break;
2716
2717 case 4:
2718 size = BPF_W;
2719 break;
2720 }
2721 switch (proto) {
2722 default:
2723 bpf_error("unsupported index operation");
2724
2725 case Q_LINK:
2726 s = xfer_to_x(index);
2727 tmp = new_stmt(BPF_LD|BPF_IND|size);
2728 sappend(s, tmp);
2729 sappend(index->s, s);
2730 break;
2731
2732 case Q_IP:
2733 case Q_ARP:
2734 case Q_RARP:
2735 case Q_ATALK:
2736 case Q_DECNET:
2737 case Q_SCA:
2738 case Q_LAT:
2739 case Q_MOPRC:
2740 case Q_MOPDL:
2741 #ifdef INET6
2742 case Q_IPV6:
2743 #endif
2744 /* XXX Note that we assume a fixed link header here. */
2745 s = xfer_to_x(index);
2746 tmp = new_stmt(BPF_LD|BPF_IND|size);
2747 tmp->s.k = off_nl;
2748 sappend(s, tmp);
2749 sappend(index->s, s);
2750
2751 b = gen_proto_abbrev(proto);
2752 if (index->b)
2753 gen_and(index->b, b);
2754 index->b = b;
2755 break;
2756
2757 case Q_TCP:
2758 case Q_UDP:
2759 case Q_ICMP:
2760 case Q_IGMP:
2761 case Q_IGRP:
2762 case Q_PIM:
2763 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
2764 s->s.k = off_nl;
2765 sappend(s, xfer_to_a(index));
2766 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X));
2767 sappend(s, new_stmt(BPF_MISC|BPF_TAX));
2768 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size));
2769 tmp->s.k = off_nl;
2770 sappend(index->s, s);
2771
2772 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag());
2773 if (index->b)
2774 gen_and(index->b, b);
2775 #ifdef INET6
2776 gen_and(gen_proto_abbrev(Q_IP), b);
2777 #endif
2778 index->b = b;
2779 break;
2780 #ifdef INET6
2781 case Q_ICMPV6:
2782 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]");
2783 /*NOTREACHED*/
2784 #endif
2785 }
2786 index->regno = regno;
2787 s = new_stmt(BPF_ST);
2788 s->s.k = regno;
2789 sappend(index->s, s);
2790
2791 return index;
2792 }
2793
2794 struct block *
2795 gen_relation(code, a0, a1, reversed)
2796 int code;
2797 struct arth *a0, *a1;
2798 int reversed;
2799 {
2800 struct slist *s0, *s1, *s2;
2801 struct block *b, *tmp;
2802
2803 s0 = xfer_to_x(a1);
2804 s1 = xfer_to_a(a0);
2805 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X);
2806 b = new_block(JMP(code));
2807 if (code == BPF_JGT || code == BPF_JGE) {
2808 reversed = !reversed;
2809 b->s.k = 0x80000000;
2810 }
2811 if (reversed)
2812 gen_not(b);
2813
2814 sappend(s1, s2);
2815 sappend(s0, s1);
2816 sappend(a1->s, s0);
2817 sappend(a0->s, a1->s);
2818
2819 b->stmts = a0->s;
2820
2821 free_reg(a0->regno);
2822 free_reg(a1->regno);
2823
2824 /* 'and' together protocol checks */
2825 if (a0->b) {
2826 if (a1->b) {
2827 gen_and(a0->b, tmp = a1->b);
2828 }
2829 else
2830 tmp = a0->b;
2831 } else
2832 tmp = a1->b;
2833
2834 if (tmp)
2835 gen_and(tmp, b);
2836
2837 return b;
2838 }
2839
2840 struct arth *
2841 gen_loadlen()
2842 {
2843 int regno = alloc_reg();
2844 struct arth *a = (struct arth *)newchunk(sizeof(*a));
2845 struct slist *s;
2846
2847 s = new_stmt(BPF_LD|BPF_LEN);
2848 s->next = new_stmt(BPF_ST);
2849 s->next->s.k = regno;
2850 a->s = s;
2851 a->regno = regno;
2852
2853 return a;
2854 }
2855
2856 struct arth *
2857 gen_loadi(val)
2858 int val;
2859 {
2860 struct arth *a;
2861 struct slist *s;
2862 int reg;
2863
2864 a = (struct arth *)newchunk(sizeof(*a));
2865
2866 reg = alloc_reg();
2867
2868 s = new_stmt(BPF_LD|BPF_IMM);
2869 s->s.k = val;
2870 s->next = new_stmt(BPF_ST);
2871 s->next->s.k = reg;
2872 a->s = s;
2873 a->regno = reg;
2874
2875 return a;
2876 }
2877
2878 struct arth *
2879 gen_neg(a)
2880 struct arth *a;
2881 {
2882 struct slist *s;
2883
2884 s = xfer_to_a(a);
2885 sappend(a->s, s);
2886 s = new_stmt(BPF_ALU|BPF_NEG);
2887 s->s.k = 0;
2888 sappend(a->s, s);
2889 s = new_stmt(BPF_ST);
2890 s->s.k = a->regno;
2891 sappend(a->s, s);
2892
2893 return a;
2894 }
2895
2896 struct arth *
2897 gen_arth(code, a0, a1)
2898 int code;
2899 struct arth *a0, *a1;
2900 {
2901 struct slist *s0, *s1, *s2;
2902
2903 s0 = xfer_to_x(a1);
2904 s1 = xfer_to_a(a0);
2905 s2 = new_stmt(BPF_ALU|BPF_X|code);
2906
2907 sappend(s1, s2);
2908 sappend(s0, s1);
2909 sappend(a1->s, s0);
2910 sappend(a0->s, a1->s);
2911
2912 free_reg(a1->regno);
2913
2914 s0 = new_stmt(BPF_ST);
2915 a0->regno = s0->s.k = alloc_reg();
2916 sappend(a0->s, s0);
2917
2918 return a0;
2919 }
2920
2921 /*
2922 * Here we handle simple allocation of the scratch registers.
2923 * If too many registers are alloc'd, the allocator punts.
2924 */
2925 static int regused[BPF_MEMWORDS];
2926 static int curreg;
2927
2928 /*
2929 * Return the next free register.
2930 */
2931 static int
2932 alloc_reg()
2933 {
2934 int n = BPF_MEMWORDS;
2935
2936 while (--n >= 0) {
2937 if (regused[curreg])
2938 curreg = (curreg + 1) % BPF_MEMWORDS;
2939 else {
2940 regused[curreg] = 1;
2941 return curreg;
2942 }
2943 }
2944 bpf_error("too many registers needed to evaluate expression");
2945 /* NOTREACHED */
2946 }
2947
2948 /*
2949 * Return a register to the table so it can
2950 * be used later.
2951 */
2952 static void
2953 free_reg(n)
2954 int n;
2955 {
2956 regused[n] = 0;
2957 }
2958
2959 static struct block *
2960 gen_len(jmp, n)
2961 int jmp, n;
2962 {
2963 struct slist *s;
2964 struct block *b;
2965
2966 s = new_stmt(BPF_LD|BPF_LEN);
2967 b = new_block(JMP(jmp));
2968 b->stmts = s;
2969 b->s.k = n;
2970
2971 return b;
2972 }
2973
2974 struct block *
2975 gen_greater(n)
2976 int n;
2977 {
2978 return gen_len(BPF_JGE, n);
2979 }
2980
2981 /*
2982 * Actually, this is less than or equal.
2983 */
2984 struct block *
2985 gen_less(n)
2986 int n;
2987 {
2988 struct block *b;
2989
2990 b = gen_len(BPF_JGT, n);
2991 gen_not(b);
2992
2993 return b;
2994 }
2995
2996 struct block *
2997 gen_byteop(op, idx, val)
2998 int op, idx, val;
2999 {
3000 struct block *b;
3001 struct slist *s;
3002
3003 switch (op) {
3004 default:
3005 abort();
3006
3007 case '=':
3008 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
3009
3010 case '<':
3011 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
3012 b->s.code = JMP(BPF_JGE);
3013 gen_not(b);
3014 return b;
3015
3016 case '>':
3017 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
3018 b->s.code = JMP(BPF_JGT);
3019 return b;
3020
3021 case '|':
3022 s = new_stmt(BPF_ALU|BPF_OR|BPF_K);
3023 break;
3024
3025 case '&':
3026 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
3027 break;
3028 }
3029 s->s.k = val;
3030 b = new_block(JMP(BPF_JEQ));
3031 b->stmts = s;
3032 gen_not(b);
3033
3034 return b;
3035 }
3036
3037 struct block *
3038 gen_broadcast(proto)
3039 int proto;
3040 {
3041 bpf_u_int32 hostmask;
3042 struct block *b0, *b1, *b2;
3043 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
3044
3045 switch (proto) {
3046
3047 case Q_DEFAULT:
3048 case Q_LINK:
3049 if (linktype == DLT_EN10MB)
3050 return gen_ehostop(ebroadcast, Q_DST);
3051 if (linktype == DLT_FDDI)
3052 return gen_fhostop(ebroadcast, Q_DST);
3053 if (linktype == DLT_IEEE802)
3054 return gen_thostop(ebroadcast, Q_DST);
3055 bpf_error("not a broadcast link");
3056 break;
3057
3058 case Q_IP:
3059 b0 = gen_linktype(ETHERTYPE_IP);
3060 hostmask = ~netmask;
3061 b1 = gen_mcmp(off_nl + 16, BPF_W, (bpf_int32)0, hostmask);
3062 b2 = gen_mcmp(off_nl + 16, BPF_W,
3063 (bpf_int32)(~0 & hostmask), hostmask);
3064 gen_or(b1, b2);
3065 gen_and(b0, b2);
3066 return b2;
3067 }
3068 bpf_error("only ether/ip broadcast filters supported");
3069 }
3070
3071 struct block *
3072 gen_multicast(proto)
3073 int proto;
3074 {
3075 register struct block *b0, *b1;
3076 register struct slist *s;
3077
3078 switch (proto) {
3079
3080 case Q_DEFAULT:
3081 case Q_LINK:
3082 if (linktype == DLT_EN10MB) {
3083 /* ether[0] & 1 != 0 */
3084 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
3085 s->s.k = 0;
3086 b0 = new_block(JMP(BPF_JSET));
3087 b0->s.k = 1;
3088 b0->stmts = s;
3089 return b0;
3090 }
3091
3092 if (linktype == DLT_FDDI) {
3093 /* XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX */
3094 /* fddi[1] & 1 != 0 */
3095 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
3096 s->s.k = 1;
3097 b0 = new_block(JMP(BPF_JSET));
3098 b0->s.k = 1;
3099 b0->stmts = s;
3100 return b0;
3101 }
3102
3103 /* TODO - check how token ring handles multicast */
3104 /* if (linktype == DLT_IEEE802) ... */
3105
3106 /* Link not known to support multicasts */
3107 break;
3108
3109 case Q_IP:
3110 b0 = gen_linktype(ETHERTYPE_IP);
3111 b1 = gen_cmp(off_nl + 16, BPF_B, (bpf_int32)224);
3112 b1->s.code = JMP(BPF_JGE);
3113 gen_and(b0, b1);
3114 return b1;
3115
3116 #ifdef INET6
3117 case Q_IPV6:
3118 b0 = gen_linktype(ETHERTYPE_IPV6);
3119 b1 = gen_cmp(off_nl + 24, BPF_B, (bpf_int32)255);
3120 gen_and(b0, b1);
3121 return b1;
3122 #endif /* INET6 */
3123 }
3124 bpf_error("only IP multicast filters supported on ethernet/FDDI");
3125 }
3126
3127 /*
3128 * generate command for inbound/outbound. It's here so we can
3129 * make it link-type specific. 'dir' = 0 implies "inbound",
3130 * = 1 implies "outbound".
3131 */
3132 struct block *
3133 gen_inbound(dir)
3134 int dir;
3135 {
3136 register struct block *b0;
3137
3138 b0 = gen_relation(BPF_JEQ,
3139 gen_load(Q_LINK, gen_loadi(0), 1),
3140 gen_loadi(0),
3141 dir);
3142 return (b0);
3143 }
3144
3145 /*
3146 * support IEEE 802.1Q VLAN trunk over ethernet
3147 */
3148 struct block *
3149 gen_vlan(vlan_num)
3150 int vlan_num;
3151 {
3152 static u_int orig_linktype = -1, orig_nl = -1;
3153 struct block *b0;
3154
3155 /*
3156 * Change the offsets to point to the type and data fields within
3157 * the VLAN packet. This is somewhat of a kludge.
3158 */
3159 if (orig_nl == (u_int)-1) {
3160 orig_linktype = off_linktype; /* save original values */
3161 orig_nl = off_nl;
3162
3163 switch (linktype) {
3164
3165 case DLT_EN10MB:
3166 off_linktype = 16;
3167 off_nl = 18;
3168 break;
3169
3170 default:
3171 bpf_error("no VLAN support for data link type %d",
3172 linktype);
3173 /*NOTREACHED*/
3174 }
3175 }
3176
3177 /* check for VLAN */
3178 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q);
3179
3180 /* If a specific VLAN is requested, check VLAN id */
3181 if (vlan_num >= 0) {
3182 struct block *b1;
3183
3184 b1 = gen_cmp(orig_nl, BPF_H, (bpf_int32)vlan_num);
3185 gen_and(b0, b1);
3186 b0 = b1;
3187 }
3188
3189 return (b0);
3190 }
[mirror] the LIBpcap interface to various kernel packet capture mechanism