]> The Tcpdump Group git mirrors - libpcap/blob - gencode.c
projects / libpcap / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Allow "clnp", as well as "esis" and "isis", as OSI protocols for which
[libpcap] / gencode.c
1 /*#define CHASE_CHAIN*/
2 /*
3 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998
4 * The Regents of the University of California. All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that: (1) source code distributions
8 * retain the above copyright notice and this paragraph in its entirety, (2)
9 * distributions including binary code include the above copyright notice and
10 * this paragraph in its entirety in the documentation or other materials
11 * provided with the distribution, and (3) all advertising materials mentioning
12 * features or use of this software display the following acknowledgement:
13 * ``This product includes software developed by the University of California,
14 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
15 * the University nor the names of its contributors may be used to endorse
16 * or promote products derived from this software without specific prior
17 * written permission.
18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
19 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
20 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
21 */
22 #ifndef lint
23 static const char rcsid[] =
24 "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.132 2000-10-28 10:18:39 guy Exp $ (LBL)";
25 #endif
26
27 #ifdef HAVE_CONFIG_H
28 #include "config.h"
29 #endif
30
31 #include <sys/types.h>
32 #include <sys/socket.h>
33 #include <sys/time.h>
34 #ifdef __NetBSD__
35 #include <sys/param.h>
36 #endif
37
38 struct mbuf;
39 struct rtentry;
40 #include <net/if.h>
41
42 #include <netinet/in.h>
43
44 #include <stdlib.h>
45 #include <string.h>
46 #include <memory.h>
47 #include <setjmp.h>
48 #include <stdarg.h>
49
50 #include "pcap-int.h"
51
52 #include "ethertype.h"
53 #include "nlpid.h"
54 #include "gencode.h"
55 #include "ppp.h"
56 #include <pcap-namedb.h>
57 #ifdef INET6
58 #include <netdb.h>
59 #include <sys/socket.h>
60 #endif /*INET6*/
61
62 #define LLC_ISO_LSAP 0xfe
63
64 #define ETHERMTU 1500
65
66 #ifdef HAVE_OS_PROTO_H
67 #include "os-proto.h"
68 #endif
69
70 #define JMP(c) ((c)|BPF_JMP|BPF_K)
71
72 /* Locals */
73 static jmp_buf top_ctx;
74 static pcap_t *bpf_pcap;
75
76 /* XXX */
77 #ifdef PCAP_FDDIPAD
78 int pcap_fddipad = PCAP_FDDIPAD;
79 #else
80 int pcap_fddipad;
81 #endif
82
83 /* VARARGS */
84 void
85 bpf_error(const char *fmt, ...)
86
87 {
88 va_list ap;
89
90 va_start(ap, fmt);
91 if (bpf_pcap != NULL)
92 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE,
93 fmt, ap);
94 va_end(ap);
95 longjmp(top_ctx, 1);
96 /* NOTREACHED */
97 }
98
99 static void init_linktype(int);
100
101 static int alloc_reg(void);
102 static void free_reg(int);
103
104 static struct block *root;
105
106 /*
107 * We divy out chunks of memory rather than call malloc each time so
108 * we don't have to worry about leaking memory. It's probably
109 * not a big deal if all this memory was wasted but it this ever
110 * goes into a library that would probably not be a good idea.
111 */
112 #define NCHUNKS 16
113 #define CHUNK0SIZE 1024
114 struct chunk {
115 u_int n_left;
116 void *m;
117 };
118
119 static struct chunk chunks[NCHUNKS];
120 static int cur_chunk;
121
122 static void *newchunk(u_int);
123 static void freechunks(void);
124 static inline struct block *new_block(int);
125 static inline struct slist *new_stmt(int);
126 static struct block *gen_retblk(int);
127 static inline void syntax(void);
128
129 static void backpatch(struct block *, struct block *);
130 static void merge(struct block *, struct block *);
131 static struct block *gen_cmp(u_int, u_int, bpf_int32);
132 static struct block *gen_cmp_gt(u_int, u_int, bpf_int32);
133 static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32);
134 static struct block *gen_bcmp(u_int, u_int, const u_char *);
135 static struct block *gen_uncond(int);
136 static inline struct block *gen_true(void);
137 static inline struct block *gen_false(void);
138 static struct block *gen_linktype(int);
139 static struct block *gen_snap(bpf_u_int32, bpf_u_int32, u_int);
140 static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int);
141 #ifdef INET6
142 static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int);
143 #endif
144 static struct block *gen_ehostop(const u_char *, int);
145 static struct block *gen_fhostop(const u_char *, int);
146 static struct block *gen_thostop(const u_char *, int);
147 static struct block *gen_dnhostop(bpf_u_int32, int, u_int);
148 static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int);
149 #ifdef INET6
150 static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int);
151 #endif
152 #ifndef INET6
153 static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int);
154 #endif
155 static struct block *gen_ipfrag(void);
156 static struct block *gen_portatom(int, bpf_int32);
157 #ifdef INET6
158 static struct block *gen_portatom6(int, bpf_int32);
159 #endif
160 struct block *gen_portop(int, int, int);
161 static struct block *gen_port(int, int, int);
162 #ifdef INET6
163 struct block *gen_portop6(int, int, int);
164 static struct block *gen_port6(int, int, int);
165 #endif
166 static int lookup_proto(const char *, int);
167 static struct block *gen_protochain(int, int, int);
168 static struct block *gen_proto(int, int, int);
169 static struct slist *xfer_to_x(struct arth *);
170 static struct slist *xfer_to_a(struct arth *);
171 static struct block *gen_len(int, int);
172
173 static void *
174 newchunk(n)
175 u_int n;
176 {
177 struct chunk *cp;
178 int k, size;
179
180 #ifndef __NetBSD__
181 /* XXX Round up to nearest long. */
182 n = (n + sizeof(long) - 1) & ~(sizeof(long) - 1);
183 #else
184 /* XXX Round up to structure boundary. */
185 n = ALIGN(n);
186 #endif
187
188 cp = &chunks[cur_chunk];
189 if (n > cp->n_left) {
190 ++cp, k = ++cur_chunk;
191 if (k >= NCHUNKS)
192 bpf_error("out of memory");
193 size = CHUNK0SIZE << k;
194 cp->m = (void *)malloc(size);
195 memset((char *)cp->m, 0, size);
196 cp->n_left = size;
197 if (n > size)
198 bpf_error("out of memory");
199 }
200 cp->n_left -= n;
201 return (void *)((char *)cp->m + cp->n_left);
202 }
203
204 static void
205 freechunks()
206 {
207 int i;
208
209 cur_chunk = 0;
210 for (i = 0; i < NCHUNKS; ++i)
211 if (chunks[i].m != NULL) {
212 free(chunks[i].m);
213 chunks[i].m = NULL;
214 }
215 }
216
217 /*
218 * A strdup whose allocations are freed after code generation is over.
219 */
220 char *
221 sdup(s)
222 register const char *s;
223 {
224 int n = strlen(s) + 1;
225 char *cp = newchunk(n);
226
227 strlcpy(cp, s, n);
228 return (cp);
229 }
230
231 static inline struct block *
232 new_block(code)
233 int code;
234 {
235 struct block *p;
236
237 p = (struct block *)newchunk(sizeof(*p));
238 p->s.code = code;
239 p->head = p;
240
241 return p;
242 }
243
244 static inline struct slist *
245 new_stmt(code)
246 int code;
247 {
248 struct slist *p;
249
250 p = (struct slist *)newchunk(sizeof(*p));
251 p->s.code = code;
252
253 return p;
254 }
255
256 static struct block *
257 gen_retblk(v)
258 int v;
259 {
260 struct block *b = new_block(BPF_RET|BPF_K);
261
262 b->s.k = v;
263 return b;
264 }
265
266 static inline void
267 syntax()
268 {
269 bpf_error("syntax error in filter expression");
270 }
271
272 static bpf_u_int32 netmask;
273 static int snaplen;
274 int no_optimize;
275
276 int
277 pcap_compile(pcap_t *p, struct bpf_program *program,
278 char *buf, int optimize, bpf_u_int32 mask)
279 {
280 extern int n_errors;
281 int len;
282
283 no_optimize = 0;
284 n_errors = 0;
285 root = NULL;
286 bpf_pcap = p;
287 if (setjmp(top_ctx)) {
288 lex_cleanup();
289 freechunks();
290 return (-1);
291 }
292
293 netmask = mask;
294
295 /* On Linux we do not use the BPF filter to truncate the packet
296 * since the kernel provides other ways for that. In fact if we
297 * are using the packet filter for that duty we will be unable
298 * to acquire the original packet size. -- Torsten */
299 #ifndef linux
300 snaplen = pcap_snapshot(p);
301 #else
302 snaplen = 0xffff;
303 #endif
304 if (snaplen == 0) {
305 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
306 "snaplen of 0 rejects all packets");
307 return -1;
308 }
309
310 lex_init(buf ? buf : "");
311 init_linktype(pcap_datalink(p));
312 (void)pcap_parse();
313
314 if (n_errors)
315 syntax();
316
317 if (root == NULL)
318 root = gen_retblk(snaplen);
319
320 if (optimize && !no_optimize) {
321 bpf_optimize(&root);
322 if (root == NULL ||
323 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0))
324 bpf_error("expression rejects all packets");
325 }
326 program->bf_insns = icode_to_fcode(root, &len);
327 program->bf_len = len;
328
329 lex_cleanup();
330 freechunks();
331 return (0);
332 }
333
334 /*
335 * entry point for using the compiler with no pcap open
336 * pass in all the stuff that is needed explicitly instead.
337 */
338 int
339 pcap_compile_nopcap(int snaplen_arg, int linktype_arg,
340 struct bpf_program *program,
341 char *buf, int optimize, bpf_u_int32 mask)
342 {
343 extern int n_errors;
344 int len;
345
346 n_errors = 0;
347 root = NULL;
348 bpf_pcap = NULL;
349 if (setjmp(top_ctx)) {
350 freechunks();
351 return (-1);
352 }
353
354 netmask = mask;
355
356 /* XXX needed? I don't grok the use of globals here. */
357 snaplen = snaplen_arg;
358
359 lex_init(buf ? buf : "");
360 init_linktype(linktype_arg);
361 (void)pcap_parse();
362
363 if (n_errors)
364 syntax();
365
366 if (root == NULL)
367 root = gen_retblk(snaplen_arg);
368
369 if (optimize) {
370 bpf_optimize(&root);
371 if (root == NULL ||
372 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0))
373 bpf_error("expression rejects all packets");
374 }
375 program->bf_insns = icode_to_fcode(root, &len);
376 program->bf_len = len;
377
378 freechunks();
379 return (0);
380 }
381
382 /*
383 * Clean up a "struct bpf_program" by freeing all the memory allocated
384 * in it.
385 */
386 void
387 pcap_freecode(struct bpf_program *program)
388 {
389 program->bf_len = 0;
390 if (program->bf_insns != NULL) {
391 free((char *)program->bf_insns);
392 program->bf_insns = NULL;
393 }
394 }
395
396 /*
397 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates
398 * which of the jt and jf fields has been resolved and which is a pointer
399 * back to another unresolved block (or nil). At least one of the fields
400 * in each block is already resolved.
401 */
402 static void
403 backpatch(list, target)
404 struct block *list, *target;
405 {
406 struct block *next;
407
408 while (list) {
409 if (!list->sense) {
410 next = JT(list);
411 JT(list) = target;
412 } else {
413 next = JF(list);
414 JF(list) = target;
415 }
416 list = next;
417 }
418 }
419
420 /*
421 * Merge the lists in b0 and b1, using the 'sense' field to indicate
422 * which of jt and jf is the link.
423 */
424 static void
425 merge(b0, b1)
426 struct block *b0, *b1;
427 {
428 register struct block **p = &b0;
429
430 /* Find end of list. */
431 while (*p)
432 p = !((*p)->sense) ? &JT(*p) : &JF(*p);
433
434 /* Concatenate the lists. */
435 *p = b1;
436 }
437
438 void
439 finish_parse(p)
440 struct block *p;
441 {
442 backpatch(p, gen_retblk(snaplen));
443 p->sense = !p->sense;
444 backpatch(p, gen_retblk(0));
445 root = p->head;
446 }
447
448 void
449 gen_and(b0, b1)
450 struct block *b0, *b1;
451 {
452 backpatch(b0, b1->head);
453 b0->sense = !b0->sense;
454 b1->sense = !b1->sense;
455 merge(b1, b0);
456 b1->sense = !b1->sense;
457 b1->head = b0->head;
458 }
459
460 void
461 gen_or(b0, b1)
462 struct block *b0, *b1;
463 {
464 b0->sense = !b0->sense;
465 backpatch(b0, b1->head);
466 b0->sense = !b0->sense;
467 merge(b1, b0);
468 b1->head = b0->head;
469 }
470
471 void
472 gen_not(b)
473 struct block *b;
474 {
475 b->sense = !b->sense;
476 }
477
478 static struct block *
479 gen_cmp(offset, size, v)
480 u_int offset, size;
481 bpf_int32 v;
482 {
483 struct slist *s;
484 struct block *b;
485
486 s = new_stmt(BPF_LD|BPF_ABS|size);
487 s->s.k = offset;
488
489 b = new_block(JMP(BPF_JEQ));
490 b->stmts = s;
491 b->s.k = v;
492
493 return b;
494 }
495
496 static struct block *
497 gen_cmp_gt(offset, size, v)
498 u_int offset, size;
499 bpf_int32 v;
500 {
501 struct slist *s;
502 struct block *b;
503
504 s = new_stmt(BPF_LD|BPF_ABS|size);
505 s->s.k = offset;
506
507 b = new_block(JMP(BPF_JGT));
508 b->stmts = s;
509 b->s.k = v;
510
511 return b;
512 }
513
514 static struct block *
515 gen_mcmp(offset, size, v, mask)
516 u_int offset, size;
517 bpf_int32 v;
518 bpf_u_int32 mask;
519 {
520 struct block *b = gen_cmp(offset, size, v);
521 struct slist *s;
522
523 if (mask != 0xffffffff) {
524 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
525 s->s.k = mask;
526 b->stmts->next = s;
527 }
528 return b;
529 }
530
531 static struct block *
532 gen_bcmp(offset, size, v)
533 register u_int offset, size;
534 register const u_char *v;
535 {
536 register struct block *b, *tmp;
537
538 b = NULL;
539 while (size >= 4) {
540 register const u_char *p = &v[size - 4];
541 bpf_int32 w = ((bpf_int32)p[0] << 24) |
542 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3];
543
544 tmp = gen_cmp(offset + size - 4, BPF_W, w);
545 if (b != NULL)
546 gen_and(b, tmp);
547 b = tmp;
548 size -= 4;
549 }
550 while (size >= 2) {
551 register const u_char *p = &v[size - 2];
552 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1];
553
554 tmp = gen_cmp(offset + size - 2, BPF_H, w);
555 if (b != NULL)
556 gen_and(b, tmp);
557 b = tmp;
558 size -= 2;
559 }
560 if (size > 0) {
561 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]);
562 if (b != NULL)
563 gen_and(b, tmp);
564 b = tmp;
565 }
566 return b;
567 }
568
569 /*
570 * Various code constructs need to know the layout of the data link
571 * layer. These variables give the necessary offsets. off_linktype
572 * is set to -1 for no encapsulation, in which case, IP is assumed.
573 */
574 static u_int off_linktype;
575 static u_int off_nl;
576 static int linktype;
577
578 static void
579 init_linktype(type)
580 int type;
581 {
582 linktype = type;
583
584 switch (type) {
585
586 case DLT_EN10MB:
587 off_linktype = 12;
588 off_nl = 14;
589 return;
590
591 case DLT_SLIP:
592 /*
593 * SLIP doesn't have a link level type. The 16 byte
594 * header is hacked into our SLIP driver.
595 */
596 off_linktype = -1;
597 off_nl = 16;
598 return;
599
600 case DLT_SLIP_BSDOS:
601 /* XXX this may be the same as the DLT_PPP_BSDOS case */
602 off_linktype = -1;
603 /* XXX end */
604 off_nl = 24;
605 return;
606
607 case DLT_NULL:
608 off_linktype = 0;
609 off_nl = 4;
610 return;
611
612 case DLT_PPP:
613 case DLT_C_HDLC:
614 case DLT_PPP_SERIAL:
615 off_linktype = 2;
616 off_nl = 4;
617 return;
618
619 case DLT_PPP_BSDOS:
620 off_linktype = 5;
621 off_nl = 24;
622 return;
623
624 case DLT_FDDI:
625 /*
626 * FDDI doesn't really have a link-level type field.
627 * We assume that SSAP = SNAP is being used and pick
628 * out the encapsulated Ethernet type.
629 *
630 * XXX - should we generate code to check for SNAP?
631 */
632 off_linktype = 19;
633 #ifdef PCAP_FDDIPAD
634 off_linktype += pcap_fddipad;
635 #endif
636 off_nl = 21;
637 #ifdef PCAP_FDDIPAD
638 off_nl += pcap_fddipad;
639 #endif
640 return;
641
642 case DLT_IEEE802:
643 /*
644 * Token Ring doesn't really have a link-level type field.
645 * We assume that SSAP = SNAP is being used and pick
646 * out the encapsulated Ethernet type.
647 *
648 * XXX - should we generate code to check for SNAP?
649 *
650 * XXX - the header is actually variable-length.
651 * Some various Linux patched versions gave 38
652 * as "off_linktype" and 40 as "off_nl"; however,
653 * if a token ring packet has *no* routing
654 * information, i.e. is not source-routed, the correct
655 * values are 20 and 22, as they are in the vanilla code.
656 *
657 * A packet is source-routed iff the uppermost bit
658 * of the first byte of the source address, at an
659 * offset of 8, has the uppermost bit set. If the
660 * packet is source-routed, the total number of bytes
661 * of routing information is 2 plus bits 0x1F00 of
662 * the 16-bit value at an offset of 14 (shifted right
663 * 8 - figure out which byte that is).
664 */
665 off_linktype = 20;
666 off_nl = 22;
667 return;
668
669 case DLT_ATM_RFC1483:
670 /*
671 * assume routed, non-ISO PDUs
672 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00)
673 */
674 off_linktype = 6;
675 off_nl = 8;
676 return;
677
678 case DLT_RAW:
679 off_linktype = -1;
680 off_nl = 0;
681 return;
682
683 case DLT_ATM_CLIP: /* Linux ATM defines this */
684 off_linktype = 6;
685 off_nl = 8;
686 return;
687 }
688 bpf_error("unknown data link type 0x%x", linktype);
689 /* NOTREACHED */
690 }
691
692 static struct block *
693 gen_uncond(rsense)
694 int rsense;
695 {
696 struct block *b;
697 struct slist *s;
698
699 s = new_stmt(BPF_LD|BPF_IMM);
700 s->s.k = !rsense;
701 b = new_block(JMP(BPF_JEQ));
702 b->stmts = s;
703
704 return b;
705 }
706
707 static inline struct block *
708 gen_true()
709 {
710 return gen_uncond(1);
711 }
712
713 static inline struct block *
714 gen_false()
715 {
716 return gen_uncond(0);
717 }
718
719 static struct block *
720 gen_linktype(proto)
721 register int proto;
722 {
723 struct block *b0, *b1;
724
725 /* If we're not using encapsulation, we're done */
726 if (off_linktype == -1)
727 return gen_true();
728
729 switch (linktype) {
730
731 case DLT_EN10MB:
732 /*
733 * XXX - handle other LLC-encapsulated protocols here
734 * (IPX, OSI)?
735 */
736 switch (proto) {
737
738 case LLC_ISO_LSAP:
739 /*
740 * OSI protocols always use 802.2 encapsulation.
741 */
742 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
743 gen_not(b0);
744 b1 = gen_cmp(off_linktype + 2, BPF_H, (long)
745 ((LLC_ISO_LSAP << 8) | LLC_ISO_LSAP));
746 gen_and(b0, b1);
747 return b1;
748
749 case ETHERTYPE_ATALK:
750 case ETHERTYPE_AARP:
751 /*
752 * EtherTalk (AppleTalk protocols on Ethernet link
753 * layer) may use 802.2 encapsulation.
754 */
755
756 /*
757 * Check for 802.2 encapsulation (EtherTalk phase 2?);
758 * we check for an Ethernet type field less than
759 * 1500, which means it's an 802.3 length field.
760 */
761 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
762 gen_not(b0);
763
764 /*
765 * 802.2-encapsulated ETHERTYPE_ATALK packets are
766 * SNAP packets with an organization code of
767 * 0x080007 (Apple, for Appletalk) and a protocol
768 * type of ETHERTYPE_ATALK (Appletalk).
769 *
770 * 802.2-encapsulated ETHERTYPE_AARP packets are
771 * SNAP packets with an organization code of
772 * 0x000000 (encapsulated Ethernet) and a protocol
773 * type of ETHERTYPE_AARP (Appletalk ARP).
774 */
775 if (proto == ETHERTYPE_ATALK)
776 b1 = gen_snap(0x080007, ETHERTYPE_ATALK, 14);
777 else /* proto == ETHERTYPE_AARP */
778 b1 = gen_snap(0x000000, ETHERTYPE_AARP, 14);
779 gen_and(b0, b1);
780
781 /*
782 * Check for Ethernet encapsulation (Ethertalk
783 * phase 1?); we just check for the Ethernet
784 * protocol type.
785 */
786 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
787
788 gen_or(b0, b1);
789 return b1;
790 }
791 break;
792
793 case DLT_SLIP:
794 return gen_false();
795
796 case DLT_PPP:
797 case DLT_PPP_SERIAL:
798 /*
799 * We use Ethernet protocol types inside libpcap;
800 * map them to the corresponding PPP protocol types.
801 */
802 switch (proto) {
803
804 case ETHERTYPE_IP:
805 proto = PPP_IP; /* XXX was 0x21 */
806 break;
807
808 #ifdef INET6
809 case ETHERTYPE_IPV6:
810 proto = PPP_IPV6;
811 break;
812 #endif
813
814 case ETHERTYPE_DN:
815 proto = PPP_DECNET;
816 break;
817
818 case ETHERTYPE_ATALK:
819 proto = PPP_APPLE;
820 break;
821
822 case ETHERTYPE_NS:
823 proto = PPP_NS;
824 break;
825 }
826 break;
827
828 case DLT_PPP_BSDOS:
829 /*
830 * We use Ethernet protocol types inside libpcap;
831 * map them to the corresponding PPP protocol types.
832 */
833 switch (proto) {
834
835 case ETHERTYPE_IP:
836 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP);
837 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC);
838 gen_or(b0, b1);
839 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC);
840 gen_or(b1, b0);
841 return b0;
842
843 #ifdef INET6
844 case ETHERTYPE_IPV6:
845 proto = PPP_IPV6;
846 /* more to go? */
847 break;
848 #endif
849
850 case ETHERTYPE_DN:
851 proto = PPP_DECNET;
852 break;
853
854 case ETHERTYPE_ATALK:
855 proto = PPP_APPLE;
856 break;
857
858 case ETHERTYPE_NS:
859 proto = PPP_NS;
860 break;
861 }
862 break;
863
864 case DLT_NULL:
865 /* XXX */
866 if (proto == ETHERTYPE_IP)
867 return (gen_cmp(0, BPF_W, (bpf_int32)htonl(AF_INET)));
868 #ifdef INET6
869 else if (proto == ETHERTYPE_IPV6)
870 return (gen_cmp(0, BPF_W, (bpf_int32)htonl(AF_INET6)));
871 #endif
872 else
873 return gen_false();
874 }
875 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
876 }
877
878 /*
879 * Check for an LLC SNAP packet with a given organization code and
880 * protocol type; we check the entire contents of the 802.2 LLC and
881 * snap headers, checking for a DSAP of 0xAA, an SSAP of 0xAA, and
882 * a control field of 0x03 in the LLC header, and for the specified
883 * organization code and protocol type in the SNAP header.
884 */
885 static struct block *
886 gen_snap(orgcode, ptype, offset)
887 bpf_u_int32 orgcode;
888 bpf_u_int32 ptype;
889 u_int offset;
890 {
891 u_char snapblock[8];
892
893 snapblock[0] = 0xAA; /* DSAP = SNAP */
894 snapblock[1] = 0xAA; /* SSAP = SNAP */
895 snapblock[2] = 0x03; /* control = UI */
896 snapblock[3] = (orgcode >> 16); /* upper 8 bits of organization code */
897 snapblock[4] = (orgcode >> 8); /* middle 8 bits of organization code */
898 snapblock[5] = (orgcode >> 0); /* lower 8 bits of organization code */
899 snapblock[6] = (ptype >> 8); /* upper 8 bits of protocol type */
900 snapblock[7] = (ptype >> 0); /* lower 8 bits of protocol type */
901 return gen_bcmp(offset, 8, snapblock);
902 }
903
904 static struct block *
905 gen_hostop(addr, mask, dir, proto, src_off, dst_off)
906 bpf_u_int32 addr;
907 bpf_u_int32 mask;
908 int dir, proto;
909 u_int src_off, dst_off;
910 {
911 struct block *b0, *b1;
912 u_int offset;
913
914 switch (dir) {
915
916 case Q_SRC:
917 offset = src_off;
918 break;
919
920 case Q_DST:
921 offset = dst_off;
922 break;
923
924 case Q_AND:
925 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
926 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
927 gen_and(b0, b1);
928 return b1;
929
930 case Q_OR:
931 case Q_DEFAULT:
932 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
933 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
934 gen_or(b0, b1);
935 return b1;
936
937 default:
938 abort();
939 }
940 b0 = gen_linktype(proto);
941 b1 = gen_mcmp(offset, BPF_W, (bpf_int32)addr, mask);
942 gen_and(b0, b1);
943 return b1;
944 }
945
946 #ifdef INET6
947 static struct block *
948 gen_hostop6(addr, mask, dir, proto, src_off, dst_off)
949 struct in6_addr *addr;
950 struct in6_addr *mask;
951 int dir, proto;
952 u_int src_off, dst_off;
953 {
954 struct block *b0, *b1;
955 u_int offset;
956 u_int32_t *a, *m;
957
958 switch (dir) {
959
960 case Q_SRC:
961 offset = src_off;
962 break;
963
964 case Q_DST:
965 offset = dst_off;
966 break;
967
968 case Q_AND:
969 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
970 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
971 gen_and(b0, b1);
972 return b1;
973
974 case Q_OR:
975 case Q_DEFAULT:
976 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
977 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
978 gen_or(b0, b1);
979 return b1;
980
981 default:
982 abort();
983 }
984 /* this order is important */
985 a = (u_int32_t *)addr;
986 m = (u_int32_t *)mask;
987 b1 = gen_mcmp(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3]));
988 b0 = gen_mcmp(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2]));
989 gen_and(b0, b1);
990 b0 = gen_mcmp(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1]));
991 gen_and(b0, b1);
992 b0 = gen_mcmp(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0]));
993 gen_and(b0, b1);
994 b0 = gen_linktype(proto);
995 gen_and(b0, b1);
996 return b1;
997 }
998 #endif /*INET6*/
999
1000 static struct block *
1001 gen_ehostop(eaddr, dir)
1002 register const u_char *eaddr;
1003 register int dir;
1004 {
1005 register struct block *b0, *b1;
1006
1007 switch (dir) {
1008 case Q_SRC:
1009 return gen_bcmp(6, 6, eaddr);
1010
1011 case Q_DST:
1012 return gen_bcmp(0, 6, eaddr);
1013
1014 case Q_AND:
1015 b0 = gen_ehostop(eaddr, Q_SRC);
1016 b1 = gen_ehostop(eaddr, Q_DST);
1017 gen_and(b0, b1);
1018 return b1;
1019
1020 case Q_DEFAULT:
1021 case Q_OR:
1022 b0 = gen_ehostop(eaddr, Q_SRC);
1023 b1 = gen_ehostop(eaddr, Q_DST);
1024 gen_or(b0, b1);
1025 return b1;
1026 }
1027 abort();
1028 /* NOTREACHED */
1029 }
1030
1031 /*
1032 * Like gen_ehostop, but for DLT_FDDI
1033 */
1034 static struct block *
1035 gen_fhostop(eaddr, dir)
1036 register const u_char *eaddr;
1037 register int dir;
1038 {
1039 struct block *b0, *b1;
1040
1041 switch (dir) {
1042 case Q_SRC:
1043 #ifdef PCAP_FDDIPAD
1044 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr);
1045 #else
1046 return gen_bcmp(6 + 1, 6, eaddr);
1047 #endif
1048
1049 case Q_DST:
1050 #ifdef PCAP_FDDIPAD
1051 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr);
1052 #else
1053 return gen_bcmp(0 + 1, 6, eaddr);
1054 #endif
1055
1056 case Q_AND:
1057 b0 = gen_fhostop(eaddr, Q_SRC);
1058 b1 = gen_fhostop(eaddr, Q_DST);
1059 gen_and(b0, b1);
1060 return b1;
1061
1062 case Q_DEFAULT:
1063 case Q_OR:
1064 b0 = gen_fhostop(eaddr, Q_SRC);
1065 b1 = gen_fhostop(eaddr, Q_DST);
1066 gen_or(b0, b1);
1067 return b1;
1068 }
1069 abort();
1070 /* NOTREACHED */
1071 }
1072
1073 /*
1074 * Like gen_ehostop, but for DLT_IEEE802 (Token Ring)
1075 */
1076 static struct block *
1077 gen_thostop(eaddr, dir)
1078 register const u_char *eaddr;
1079 register int dir;
1080 {
1081 register struct block *b0, *b1;
1082
1083 switch (dir) {
1084 case Q_SRC:
1085 return gen_bcmp(8, 6, eaddr);
1086
1087 case Q_DST:
1088 return gen_bcmp(2, 6, eaddr);
1089
1090 case Q_AND:
1091 b0 = gen_thostop(eaddr, Q_SRC);
1092 b1 = gen_thostop(eaddr, Q_DST);
1093 gen_and(b0, b1);
1094 return b1;
1095
1096 case Q_DEFAULT:
1097 case Q_OR:
1098 b0 = gen_thostop(eaddr, Q_SRC);
1099 b1 = gen_thostop(eaddr, Q_DST);
1100 gen_or(b0, b1);
1101 return b1;
1102 }
1103 abort();
1104 /* NOTREACHED */
1105 }
1106
1107 /*
1108 * This is quite tricky because there may be pad bytes in front of the
1109 * DECNET header, and then there are two possible data packet formats that
1110 * carry both src and dst addresses, plus 5 packet types in a format that
1111 * carries only the src node, plus 2 types that use a different format and
1112 * also carry just the src node.
1113 *
1114 * Yuck.
1115 *
1116 * Instead of doing those all right, we just look for data packets with
1117 * 0 or 1 bytes of padding. If you want to look at other packets, that
1118 * will require a lot more hacking.
1119 *
1120 * To add support for filtering on DECNET "areas" (network numbers)
1121 * one would want to add a "mask" argument to this routine. That would
1122 * make the filter even more inefficient, although one could be clever
1123 * and not generate masking instructions if the mask is 0xFFFF.
1124 */
1125 static struct block *
1126 gen_dnhostop(addr, dir, base_off)
1127 bpf_u_int32 addr;
1128 int dir;
1129 u_int base_off;
1130 {
1131 struct block *b0, *b1, *b2, *tmp;
1132 u_int offset_lh; /* offset if long header is received */
1133 u_int offset_sh; /* offset if short header is received */
1134
1135 switch (dir) {
1136
1137 case Q_DST:
1138 offset_sh = 1; /* follows flags */
1139 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */
1140 break;
1141
1142 case Q_SRC:
1143 offset_sh = 3; /* follows flags, dstnode */
1144 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */
1145 break;
1146
1147 case Q_AND:
1148 /* Inefficient because we do our Calvinball dance twice */
1149 b0 = gen_dnhostop(addr, Q_SRC, base_off);
1150 b1 = gen_dnhostop(addr, Q_DST, base_off);
1151 gen_and(b0, b1);
1152 return b1;
1153
1154 case Q_OR:
1155 case Q_DEFAULT:
1156 /* Inefficient because we do our Calvinball dance twice */
1157 b0 = gen_dnhostop(addr, Q_SRC, base_off);
1158 b1 = gen_dnhostop(addr, Q_DST, base_off);
1159 gen_or(b0, b1);
1160 return b1;
1161
1162 case Q_ISO:
1163 bpf_error("ISO host filtering not implemented");
1164
1165 default:
1166 abort();
1167 }
1168 b0 = gen_linktype(ETHERTYPE_DN);
1169 /* Check for pad = 1, long header case */
1170 tmp = gen_mcmp(base_off + 2, BPF_H,
1171 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF));
1172 b1 = gen_cmp(base_off + 2 + 1 + offset_lh,
1173 BPF_H, (bpf_int32)ntohs(addr));
1174 gen_and(tmp, b1);
1175 /* Check for pad = 0, long header case */
1176 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7);
1177 b2 = gen_cmp(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr));
1178 gen_and(tmp, b2);
1179 gen_or(b2, b1);
1180 /* Check for pad = 1, short header case */
1181 tmp = gen_mcmp(base_off + 2, BPF_H,
1182 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF));
1183 b2 = gen_cmp(base_off + 2 + 1 + offset_sh,
1184 BPF_H, (bpf_int32)ntohs(addr));
1185 gen_and(tmp, b2);
1186 gen_or(b2, b1);
1187 /* Check for pad = 0, short header case */
1188 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7);
1189 b2 = gen_cmp(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr));
1190 gen_and(tmp, b2);
1191 gen_or(b2, b1);
1192
1193 /* Combine with test for linktype */
1194 gen_and(b0, b1);
1195 return b1;
1196 }
1197
1198 static struct block *
1199 gen_host(addr, mask, proto, dir)
1200 bpf_u_int32 addr;
1201 bpf_u_int32 mask;
1202 int proto;
1203 int dir;
1204 {
1205 struct block *b0, *b1;
1206
1207 switch (proto) {
1208
1209 case Q_DEFAULT:
1210 b0 = gen_host(addr, mask, Q_IP, dir);
1211 if (off_linktype != -1) {
1212 b1 = gen_host(addr, mask, Q_ARP, dir);
1213 gen_or(b0, b1);
1214 b0 = gen_host(addr, mask, Q_RARP, dir);
1215 gen_or(b1, b0);
1216 }
1217 return b0;
1218
1219 case Q_IP:
1220 return gen_hostop(addr, mask, dir, ETHERTYPE_IP,
1221 off_nl + 12, off_nl + 16);
1222
1223 case Q_RARP:
1224 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP,
1225 off_nl + 14, off_nl + 24);
1226
1227 case Q_ARP:
1228 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP,
1229 off_nl + 14, off_nl + 24);
1230
1231 case Q_TCP:
1232 bpf_error("'tcp' modifier applied to host");
1233
1234 case Q_UDP:
1235 bpf_error("'udp' modifier applied to host");
1236
1237 case Q_ICMP:
1238 bpf_error("'icmp' modifier applied to host");
1239
1240 case Q_IGMP:
1241 bpf_error("'igmp' modifier applied to host");
1242
1243 case Q_IGRP:
1244 bpf_error("'igrp' modifier applied to host");
1245
1246 case Q_PIM:
1247 bpf_error("'pim' modifier applied to host");
1248
1249 case Q_ATALK:
1250 bpf_error("ATALK host filtering not implemented");
1251
1252 case Q_AARP:
1253 bpf_error("AARP host filtering not implemented");
1254
1255 case Q_DECNET:
1256 return gen_dnhostop(addr, dir, off_nl);
1257
1258 case Q_SCA:
1259 bpf_error("SCA host filtering not implemented");
1260
1261 case Q_LAT:
1262 bpf_error("LAT host filtering not implemented");
1263
1264 case Q_MOPDL:
1265 bpf_error("MOPDL host filtering not implemented");
1266
1267 case Q_MOPRC:
1268 bpf_error("MOPRC host filtering not implemented");
1269
1270 #ifdef INET6
1271 case Q_IPV6:
1272 bpf_error("'ip6' modifier applied to ip host");
1273
1274 case Q_ICMPV6:
1275 bpf_error("'icmp6' modifier applied to host");
1276 #endif /* INET6 */
1277
1278 case Q_AH:
1279 bpf_error("'ah' modifier applied to host");
1280
1281 case Q_ESP:
1282 bpf_error("'esp' modifier applied to host");
1283
1284 case Q_ISO:
1285 bpf_error("ISO host filtering not implemented");
1286
1287 case Q_ESIS:
1288 bpf_error("'esis' modifier applied to host");
1289
1290 case Q_ISIS:
1291 bpf_error("'isis' modifier applied to host");
1292
1293 case Q_CLNP:
1294 bpf_error("'clnp' modifier applied to host");
1295
1296 default:
1297 abort();
1298 }
1299 /* NOTREACHED */
1300 }
1301
1302 #ifdef INET6
1303 static struct block *
1304 gen_host6(addr, mask, proto, dir)
1305 struct in6_addr *addr;
1306 struct in6_addr *mask;
1307 int proto;
1308 int dir;
1309 {
1310 switch (proto) {
1311
1312 case Q_DEFAULT:
1313 return gen_host6(addr, mask, Q_IPV6, dir);
1314
1315 case Q_IP:
1316 bpf_error("'ip' modifier applied to ip6 host");
1317
1318 case Q_RARP:
1319 bpf_error("'rarp' modifier applied to ip6 host");
1320
1321 case Q_ARP:
1322 bpf_error("'arp' modifier applied to ip6 host");
1323
1324 case Q_TCP:
1325 bpf_error("'tcp' modifier applied to host");
1326
1327 case Q_UDP:
1328 bpf_error("'udp' modifier applied to host");
1329
1330 case Q_ICMP:
1331 bpf_error("'icmp' modifier applied to host");
1332
1333 case Q_IGMP:
1334 bpf_error("'igmp' modifier applied to host");
1335
1336 case Q_IGRP:
1337 bpf_error("'igrp' modifier applied to host");
1338
1339 case Q_PIM:
1340 bpf_error("'pim' modifier applied to host");
1341
1342 case Q_ATALK:
1343 bpf_error("ATALK host filtering not implemented");
1344
1345 case Q_AARP:
1346 bpf_error("AARP host filtering not implemented");
1347
1348 case Q_DECNET:
1349 bpf_error("'decnet' modifier applied to ip6 host");
1350
1351 case Q_SCA:
1352 bpf_error("SCA host filtering not implemented");
1353
1354 case Q_LAT:
1355 bpf_error("LAT host filtering not implemented");
1356
1357 case Q_MOPDL:
1358 bpf_error("MOPDL host filtering not implemented");
1359
1360 case Q_MOPRC:
1361 bpf_error("MOPRC host filtering not implemented");
1362
1363 case Q_IPV6:
1364 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6,
1365 off_nl + 8, off_nl + 24);
1366
1367 case Q_ICMPV6:
1368 bpf_error("'icmp6' modifier applied to host");
1369
1370 case Q_AH:
1371 bpf_error("'ah' modifier applied to host");
1372
1373 case Q_ESP:
1374 bpf_error("'esp' modifier applied to host");
1375
1376 case Q_ISO:
1377 bpf_error("ISO host filtering not implemented");
1378
1379 case Q_ESIS:
1380 bpf_error("'esis' modifier applied to host");
1381
1382 case Q_ISIS:
1383 bpf_error("'isis' modifier applied to host");
1384
1385 case Q_CLNP:
1386 bpf_error("'clnp' modifier applied to host");
1387
1388 default:
1389 abort();
1390 }
1391 /* NOTREACHED */
1392 }
1393 #endif /*INET6*/
1394
1395 #ifndef INET6
1396 static struct block *
1397 gen_gateway(eaddr, alist, proto, dir)
1398 const u_char *eaddr;
1399 bpf_u_int32 **alist;
1400 int proto;
1401 int dir;
1402 {
1403 struct block *b0, *b1, *tmp;
1404
1405 if (dir != 0)
1406 bpf_error("direction applied to 'gateway'");
1407
1408 switch (proto) {
1409 case Q_DEFAULT:
1410 case Q_IP:
1411 case Q_ARP:
1412 case Q_RARP:
1413 if (linktype == DLT_EN10MB)
1414 b0 = gen_ehostop(eaddr, Q_OR);
1415 else if (linktype == DLT_FDDI)
1416 b0 = gen_fhostop(eaddr, Q_OR);
1417 else if (linktype == DLT_IEEE802)
1418 b0 = gen_thostop(eaddr, Q_OR);
1419 else
1420 bpf_error(
1421 "'gateway' supported only on ethernet, FDDI or token ring");
1422
1423 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR);
1424 while (*alist) {
1425 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR);
1426 gen_or(b1, tmp);
1427 b1 = tmp;
1428 }
1429 gen_not(b1);
1430 gen_and(b0, b1);
1431 return b1;
1432 }
1433 bpf_error("illegal modifier of 'gateway'");
1434 /* NOTREACHED */
1435 }
1436 #endif
1437
1438 struct block *
1439 gen_proto_abbrev(proto)
1440 int proto;
1441 {
1442 #ifdef INET6
1443 struct block *b0;
1444 #endif
1445 struct block *b1;
1446
1447 switch (proto) {
1448
1449 case Q_TCP:
1450 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT);
1451 #ifdef INET6
1452 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT);
1453 gen_or(b0, b1);
1454 #endif
1455 break;
1456
1457 case Q_UDP:
1458 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT);
1459 #ifdef INET6
1460 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT);
1461 gen_or(b0, b1);
1462 #endif
1463 break;
1464
1465 case Q_ICMP:
1466 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT);
1467 break;
1468
1469 #ifndef IPPROTO_IGMP
1470 #define IPPROTO_IGMP 2
1471 #endif
1472
1473 case Q_IGMP:
1474 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT);
1475 break;
1476
1477 #ifndef IPPROTO_IGRP
1478 #define IPPROTO_IGRP 9
1479 #endif
1480 case Q_IGRP:
1481 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT);
1482 break;
1483
1484 #ifndef IPPROTO_PIM
1485 #define IPPROTO_PIM 103
1486 #endif
1487
1488 case Q_PIM:
1489 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT);
1490 #ifdef INET6
1491 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT);
1492 gen_or(b0, b1);
1493 #endif
1494 break;
1495
1496 case Q_IP:
1497 b1 = gen_linktype(ETHERTYPE_IP);
1498 break;
1499
1500 case Q_ARP:
1501 b1 = gen_linktype(ETHERTYPE_ARP);
1502 break;
1503
1504 case Q_RARP:
1505 b1 = gen_linktype(ETHERTYPE_REVARP);
1506 break;
1507
1508 case Q_LINK:
1509 bpf_error("link layer applied in wrong context");
1510
1511 case Q_ATALK:
1512 b1 = gen_linktype(ETHERTYPE_ATALK);
1513 break;
1514
1515 case Q_AARP:
1516 b1 = gen_linktype(ETHERTYPE_AARP);
1517 break;
1518
1519 case Q_DECNET:
1520 b1 = gen_linktype(ETHERTYPE_DN);
1521 break;
1522
1523 case Q_SCA:
1524 b1 = gen_linktype(ETHERTYPE_SCA);
1525 break;
1526
1527 case Q_LAT:
1528 b1 = gen_linktype(ETHERTYPE_LAT);
1529 break;
1530
1531 case Q_MOPDL:
1532 b1 = gen_linktype(ETHERTYPE_MOPDL);
1533 break;
1534
1535 case Q_MOPRC:
1536 b1 = gen_linktype(ETHERTYPE_MOPRC);
1537 break;
1538
1539 #ifdef INET6
1540 case Q_IPV6:
1541 b1 = gen_linktype(ETHERTYPE_IPV6);
1542 break;
1543
1544 #ifndef IPPROTO_ICMPV6
1545 #define IPPROTO_ICMPV6 58
1546 #endif
1547 case Q_ICMPV6:
1548 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT);
1549 break;
1550 #endif /* INET6 */
1551
1552 #ifndef IPPROTO_AH
1553 #define IPPROTO_AH 51
1554 #endif
1555 case Q_AH:
1556 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT);
1557 #ifdef INET6
1558 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT);
1559 gen_or(b0, b1);
1560 #endif
1561 break;
1562
1563 #ifndef IPPROTO_ESP
1564 #define IPPROTO_ESP 50
1565 #endif
1566 case Q_ESP:
1567 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT);
1568 #ifdef INET6
1569 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT);
1570 gen_or(b0, b1);
1571 #endif
1572 break;
1573
1574 case Q_ISO:
1575 b1 = gen_linktype(LLC_ISO_LSAP);
1576 break;
1577
1578 case Q_ESIS:
1579 b1 = gen_proto(ISO9542_ESIS, Q_ISO, Q_DEFAULT);
1580 break;
1581
1582 case Q_ISIS:
1583 b1 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT);
1584 break;
1585
1586 case Q_CLNP:
1587 b1 = gen_proto(ISO8473_CLNP, Q_ISO, Q_DEFAULT);
1588 break;
1589
1590 default:
1591 abort();
1592 }
1593 return b1;
1594 }
1595
1596 static struct block *
1597 gen_ipfrag()
1598 {
1599 struct slist *s;
1600 struct block *b;
1601
1602 /* not ip frag */
1603 s = new_stmt(BPF_LD|BPF_H|BPF_ABS);
1604 s->s.k = off_nl + 6;
1605 b = new_block(JMP(BPF_JSET));
1606 b->s.k = 0x1fff;
1607 b->stmts = s;
1608 gen_not(b);
1609
1610 return b;
1611 }
1612
1613 static struct block *
1614 gen_portatom(off, v)
1615 int off;
1616 bpf_int32 v;
1617 {
1618 struct slist *s;
1619 struct block *b;
1620
1621 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
1622 s->s.k = off_nl;
1623
1624 s->next = new_stmt(BPF_LD|BPF_IND|BPF_H);
1625 s->next->s.k = off_nl + off;
1626
1627 b = new_block(JMP(BPF_JEQ));
1628 b->stmts = s;
1629 b->s.k = v;
1630
1631 return b;
1632 }
1633
1634 #ifdef INET6
1635 static struct block *
1636 gen_portatom6(off, v)
1637 int off;
1638 bpf_int32 v;
1639 {
1640 return gen_cmp(off_nl + 40 + off, BPF_H, v);
1641 }
1642 #endif/*INET6*/
1643
1644 struct block *
1645 gen_portop(port, proto, dir)
1646 int port, proto, dir;
1647 {
1648 struct block *b0, *b1, *tmp;
1649
1650 /* ip proto 'proto' */
1651 tmp = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)proto);
1652 b0 = gen_ipfrag();
1653 gen_and(tmp, b0);
1654
1655 switch (dir) {
1656 case Q_SRC:
1657 b1 = gen_portatom(0, (bpf_int32)port);
1658 break;
1659
1660 case Q_DST:
1661 b1 = gen_portatom(2, (bpf_int32)port);
1662 break;
1663
1664 case Q_OR:
1665 case Q_DEFAULT:
1666 tmp = gen_portatom(0, (bpf_int32)port);
1667 b1 = gen_portatom(2, (bpf_int32)port);
1668 gen_or(tmp, b1);
1669 break;
1670
1671 case Q_AND:
1672 tmp = gen_portatom(0, (bpf_int32)port);
1673 b1 = gen_portatom(2, (bpf_int32)port);
1674 gen_and(tmp, b1);
1675 break;
1676
1677 default:
1678 abort();
1679 }
1680 gen_and(b0, b1);
1681
1682 return b1;
1683 }
1684
1685 static struct block *
1686 gen_port(port, ip_proto, dir)
1687 int port;
1688 int ip_proto;
1689 int dir;
1690 {
1691 struct block *b0, *b1, *tmp;
1692
1693 /* ether proto ip */
1694 b0 = gen_linktype(ETHERTYPE_IP);
1695
1696 switch (ip_proto) {
1697 case IPPROTO_UDP:
1698 case IPPROTO_TCP:
1699 b1 = gen_portop(port, ip_proto, dir);
1700 break;
1701
1702 case PROTO_UNDEF:
1703 tmp = gen_portop(port, IPPROTO_TCP, dir);
1704 b1 = gen_portop(port, IPPROTO_UDP, dir);
1705 gen_or(tmp, b1);
1706 break;
1707
1708 default:
1709 abort();
1710 }
1711 gen_and(b0, b1);
1712 return b1;
1713 }
1714
1715 #ifdef INET6
1716 struct block *
1717 gen_portop6(port, proto, dir)
1718 int port, proto, dir;
1719 {
1720 struct block *b0, *b1, *tmp;
1721
1722 /* ip proto 'proto' */
1723 b0 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)proto);
1724
1725 switch (dir) {
1726 case Q_SRC:
1727 b1 = gen_portatom6(0, (bpf_int32)port);
1728 break;
1729
1730 case Q_DST:
1731 b1 = gen_portatom6(2, (bpf_int32)port);
1732 break;
1733
1734 case Q_OR:
1735 case Q_DEFAULT:
1736 tmp = gen_portatom6(0, (bpf_int32)port);
1737 b1 = gen_portatom6(2, (bpf_int32)port);
1738 gen_or(tmp, b1);
1739 break;
1740
1741 case Q_AND:
1742 tmp = gen_portatom6(0, (bpf_int32)port);
1743 b1 = gen_portatom6(2, (bpf_int32)port);
1744 gen_and(tmp, b1);
1745 break;
1746
1747 default:
1748 abort();
1749 }
1750 gen_and(b0, b1);
1751
1752 return b1;
1753 }
1754
1755 static struct block *
1756 gen_port6(port, ip_proto, dir)
1757 int port;
1758 int ip_proto;
1759 int dir;
1760 {
1761 struct block *b0, *b1, *tmp;
1762
1763 /* ether proto ip */
1764 b0 = gen_linktype(ETHERTYPE_IPV6);
1765
1766 switch (ip_proto) {
1767 case IPPROTO_UDP:
1768 case IPPROTO_TCP:
1769 b1 = gen_portop6(port, ip_proto, dir);
1770 break;
1771
1772 case PROTO_UNDEF:
1773 tmp = gen_portop6(port, IPPROTO_TCP, dir);
1774 b1 = gen_portop6(port, IPPROTO_UDP, dir);
1775 gen_or(tmp, b1);
1776 break;
1777
1778 default:
1779 abort();
1780 }
1781 gen_and(b0, b1);
1782 return b1;
1783 }
1784 #endif /* INET6 */
1785
1786 static int
1787 lookup_proto(name, proto)
1788 register const char *name;
1789 register int proto;
1790 {
1791 register int v;
1792
1793 switch (proto) {
1794
1795 case Q_DEFAULT:
1796 case Q_IP:
1797 v = pcap_nametoproto(name);
1798 if (v == PROTO_UNDEF)
1799 bpf_error("unknown ip proto '%s'", name);
1800 break;
1801
1802 case Q_LINK:
1803 /* XXX should look up h/w protocol type based on linktype */
1804 v = pcap_nametoeproto(name);
1805 if (v == PROTO_UNDEF)
1806 bpf_error("unknown ether proto '%s'", name);
1807 break;
1808
1809 case Q_ISO:
1810 if (strcmp(name, "esis") == 0)
1811 v = ISO9542_ESIS;
1812 else if (strcmp(name, "isis") == 0)
1813 v = ISO10589_ISIS;
1814 else if (strcmp(name, "clnp") == 0)
1815 v = ISO8473_CLNP;
1816 else
1817 bpf_error("unknown osi proto '%s'", name);
1818 break;
1819
1820 default:
1821 v = PROTO_UNDEF;
1822 break;
1823 }
1824 return v;
1825 }
1826
1827 #if 0
1828 struct stmt *
1829 gen_joinsp(s, n)
1830 struct stmt **s;
1831 int n;
1832 {
1833 return NULL;
1834 }
1835 #endif
1836
1837 static struct block *
1838 gen_protochain(v, proto, dir)
1839 int v;
1840 int proto;
1841 int dir;
1842 {
1843 #ifdef NO_PROTOCHAIN
1844 return gen_proto(v, proto, dir);
1845 #else
1846 struct block *b0, *b;
1847 struct slist *s[100];
1848 int fix2, fix3, fix4, fix5;
1849 int ahcheck, again, end;
1850 int i, max;
1851 int reg1 = alloc_reg();
1852 int reg2 = alloc_reg();
1853
1854 memset(s, 0, sizeof(s));
1855 fix2 = fix3 = fix4 = fix5 = 0;
1856
1857 switch (proto) {
1858 case Q_IP:
1859 case Q_IPV6:
1860 break;
1861 case Q_DEFAULT:
1862 b0 = gen_protochain(v, Q_IP, dir);
1863 b = gen_protochain(v, Q_IPV6, dir);
1864 gen_or(b0, b);
1865 return b;
1866 default:
1867 bpf_error("bad protocol applied for 'protochain'");
1868 /*NOTREACHED*/
1869 }
1870
1871 no_optimize = 1; /*this code is not compatible with optimzer yet */
1872
1873 /*
1874 * s[0] is a dummy entry to protect other BPF insn from damaged
1875 * by s[fix] = foo with uninitialized variable "fix". It is somewhat
1876 * hard to find interdependency made by jump table fixup.
1877 */
1878 i = 0;
1879 s[i] = new_stmt(0); /*dummy*/
1880 i++;
1881
1882 switch (proto) {
1883 case Q_IP:
1884 b0 = gen_linktype(ETHERTYPE_IP);
1885
1886 /* A = ip->ip_p */
1887 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
1888 s[i]->s.k = off_nl + 9;
1889 i++;
1890 /* X = ip->ip_hl << 2 */
1891 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
1892 s[i]->s.k = off_nl;
1893 i++;
1894 break;
1895 #ifdef INET6
1896 case Q_IPV6:
1897 b0 = gen_linktype(ETHERTYPE_IPV6);
1898
1899 /* A = ip6->ip_nxt */
1900 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
1901 s[i]->s.k = off_nl + 6;
1902 i++;
1903 /* X = sizeof(struct ip6_hdr) */
1904 s[i] = new_stmt(BPF_LDX|BPF_IMM);
1905 s[i]->s.k = 40;
1906 i++;
1907 break;
1908 #endif
1909 default:
1910 bpf_error("unsupported proto to gen_protochain");
1911 /*NOTREACHED*/
1912 }
1913
1914 /* again: if (A == v) goto end; else fall through; */
1915 again = i;
1916 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
1917 s[i]->s.k = v;
1918 s[i]->s.jt = NULL; /*later*/
1919 s[i]->s.jf = NULL; /*update in next stmt*/
1920 fix5 = i;
1921 i++;
1922
1923 #ifndef IPPROTO_NONE
1924 #define IPPROTO_NONE 59
1925 #endif
1926 /* if (A == IPPROTO_NONE) goto end */
1927 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
1928 s[i]->s.jt = NULL; /*later*/
1929 s[i]->s.jf = NULL; /*update in next stmt*/
1930 s[i]->s.k = IPPROTO_NONE;
1931 s[fix5]->s.jf = s[i];
1932 fix2 = i;
1933 i++;
1934
1935 #ifdef INET6
1936 if (proto == Q_IPV6) {
1937 int v6start, v6end, v6advance, j;
1938
1939 v6start = i;
1940 /* if (A == IPPROTO_HOPOPTS) goto v6advance */
1941 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
1942 s[i]->s.jt = NULL; /*later*/
1943 s[i]->s.jf = NULL; /*update in next stmt*/
1944 s[i]->s.k = IPPROTO_HOPOPTS;
1945 s[fix2]->s.jf = s[i];
1946 i++;
1947 /* if (A == IPPROTO_DSTOPTS) goto v6advance */
1948 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
1949 s[i]->s.jt = NULL; /*later*/
1950 s[i]->s.jf = NULL; /*update in next stmt*/
1951 s[i]->s.k = IPPROTO_DSTOPTS;
1952 i++;
1953 /* if (A == IPPROTO_ROUTING) goto v6advance */
1954 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
1955 s[i]->s.jt = NULL; /*later*/
1956 s[i]->s.jf = NULL; /*update in next stmt*/
1957 s[i]->s.k = IPPROTO_ROUTING;
1958 i++;
1959 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */
1960 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
1961 s[i]->s.jt = NULL; /*later*/
1962 s[i]->s.jf = NULL; /*later*/
1963 s[i]->s.k = IPPROTO_FRAGMENT;
1964 fix3 = i;
1965 v6end = i;
1966 i++;
1967
1968 /* v6advance: */
1969 v6advance = i;
1970
1971 /*
1972 * in short,
1973 * A = P[X + 1];
1974 * X = X + (P[X] + 1) * 8;
1975 */
1976 /* A = X */
1977 s[i] = new_stmt(BPF_MISC|BPF_TXA);
1978 i++;
1979 /* MEM[reg1] = A */
1980 s[i] = new_stmt(BPF_ST);
1981 s[i]->s.k = reg1;
1982 i++;
1983 /* A += 1 */
1984 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
1985 s[i]->s.k = 1;
1986 i++;
1987 /* X = A */
1988 s[i] = new_stmt(BPF_MISC|BPF_TAX);
1989 i++;
1990 /* A = P[X + packet head]; */
1991 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
1992 s[i]->s.k = off_nl;
1993 i++;
1994 /* MEM[reg2] = A */
1995 s[i] = new_stmt(BPF_ST);
1996 s[i]->s.k = reg2;
1997 i++;
1998 /* X = MEM[reg1] */
1999 s[i] = new_stmt(BPF_LDX|BPF_MEM);
2000 s[i]->s.k = reg1;
2001 i++;
2002 /* A = P[X + packet head] */
2003 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2004 s[i]->s.k = off_nl;
2005 i++;
2006 /* A += 1 */
2007 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2008 s[i]->s.k = 1;
2009 i++;
2010 /* A *= 8 */
2011 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
2012 s[i]->s.k = 8;
2013 i++;
2014 /* X = A; */
2015 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2016 i++;
2017 /* A = MEM[reg2] */
2018 s[i] = new_stmt(BPF_LD|BPF_MEM);
2019 s[i]->s.k = reg2;
2020 i++;
2021
2022 /* goto again; (must use BPF_JA for backward jump) */
2023 s[i] = new_stmt(BPF_JMP|BPF_JA);
2024 s[i]->s.k = again - i - 1;
2025 s[i - 1]->s.jf = s[i];
2026 i++;
2027
2028 /* fixup */
2029 for (j = v6start; j <= v6end; j++)
2030 s[j]->s.jt = s[v6advance];
2031 } else
2032 #endif
2033 {
2034 /* nop */
2035 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2036 s[i]->s.k = 0;
2037 s[fix2]->s.jf = s[i];
2038 i++;
2039 }
2040
2041 /* ahcheck: */
2042 ahcheck = i;
2043 /* if (A == IPPROTO_AH) then fall through; else goto end; */
2044 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2045 s[i]->s.jt = NULL; /*later*/
2046 s[i]->s.jf = NULL; /*later*/
2047 s[i]->s.k = IPPROTO_AH;
2048 if (fix3)
2049 s[fix3]->s.jf = s[ahcheck];
2050 fix4 = i;
2051 i++;
2052
2053 /*
2054 * in short,
2055 * A = P[X + 1];
2056 * X = X + (P[X] + 2) * 4;
2057 */
2058 /* A = X */
2059 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
2060 i++;
2061 /* MEM[reg1] = A */
2062 s[i] = new_stmt(BPF_ST);
2063 s[i]->s.k = reg1;
2064 i++;
2065 /* A += 1 */
2066 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2067 s[i]->s.k = 1;
2068 i++;
2069 /* X = A */
2070 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2071 i++;
2072 /* A = P[X + packet head]; */
2073 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2074 s[i]->s.k = off_nl;
2075 i++;
2076 /* MEM[reg2] = A */
2077 s[i] = new_stmt(BPF_ST);
2078 s[i]->s.k = reg2;
2079 i++;
2080 /* X = MEM[reg1] */
2081 s[i] = new_stmt(BPF_LDX|BPF_MEM);
2082 s[i]->s.k = reg1;
2083 i++;
2084 /* A = P[X + packet head] */
2085 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2086 s[i]->s.k = off_nl;
2087 i++;
2088 /* A += 2 */
2089 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2090 s[i]->s.k = 2;
2091 i++;
2092 /* A *= 4 */
2093 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
2094 s[i]->s.k = 4;
2095 i++;
2096 /* X = A; */
2097 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2098 i++;
2099 /* A = MEM[reg2] */
2100 s[i] = new_stmt(BPF_LD|BPF_MEM);
2101 s[i]->s.k = reg2;
2102 i++;
2103
2104 /* goto again; (must use BPF_JA for backward jump) */
2105 s[i] = new_stmt(BPF_JMP|BPF_JA);
2106 s[i]->s.k = again - i - 1;
2107 i++;
2108
2109 /* end: nop */
2110 end = i;
2111 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2112 s[i]->s.k = 0;
2113 s[fix2]->s.jt = s[end];
2114 s[fix4]->s.jf = s[end];
2115 s[fix5]->s.jt = s[end];
2116 i++;
2117
2118 /*
2119 * make slist chain
2120 */
2121 max = i;
2122 for (i = 0; i < max - 1; i++)
2123 s[i]->next = s[i + 1];
2124 s[max - 1]->next = NULL;
2125
2126 /*
2127 * emit final check
2128 */
2129 b = new_block(JMP(BPF_JEQ));
2130 b->stmts = s[1]; /*remember, s[0] is dummy*/
2131 b->s.k = v;
2132
2133 free_reg(reg1);
2134 free_reg(reg2);
2135
2136 gen_and(b0, b);
2137 return b;
2138 #endif
2139 }
2140
2141 static struct block *
2142 gen_proto(v, proto, dir)
2143 int v;
2144 int proto;
2145 int dir;
2146 {
2147 struct block *b0, *b1;
2148
2149 if (dir != Q_DEFAULT)
2150 bpf_error("direction applied to 'proto'");
2151
2152 switch (proto) {
2153 case Q_DEFAULT:
2154 #ifdef INET6
2155 b0 = gen_proto(v, Q_IP, dir);
2156 b1 = gen_proto(v, Q_IPV6, dir);
2157 gen_or(b0, b1);
2158 return b1;
2159 #else
2160 /*FALLTHROUGH*/
2161 #endif
2162 case Q_IP:
2163 b0 = gen_linktype(ETHERTYPE_IP);
2164 #ifndef CHASE_CHAIN
2165 b1 = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)v);
2166 #else
2167 b1 = gen_protochain(v, Q_IP);
2168 #endif
2169 gen_and(b0, b1);
2170 return b1;
2171
2172 case Q_ISO:
2173 b0 = gen_linktype(LLC_ISO_LSAP);
2174 b1 = gen_cmp(off_nl + 3, BPF_B, (long)v);
2175 gen_and(b0, b1);
2176 return b1;
2177
2178 case Q_ARP:
2179 bpf_error("arp does not encapsulate another protocol");
2180 /* NOTREACHED */
2181
2182 case Q_RARP:
2183 bpf_error("rarp does not encapsulate another protocol");
2184 /* NOTREACHED */
2185
2186 case Q_ATALK:
2187 bpf_error("atalk encapsulation is not specifiable");
2188 /* NOTREACHED */
2189
2190 case Q_DECNET:
2191 bpf_error("decnet encapsulation is not specifiable");
2192 /* NOTREACHED */
2193
2194 case Q_SCA:
2195 bpf_error("sca does not encapsulate another protocol");
2196 /* NOTREACHED */
2197
2198 case Q_LAT:
2199 bpf_error("lat does not encapsulate another protocol");
2200 /* NOTREACHED */
2201
2202 case Q_MOPRC:
2203 bpf_error("moprc does not encapsulate another protocol");
2204 /* NOTREACHED */
2205
2206 case Q_MOPDL:
2207 bpf_error("mopdl does not encapsulate another protocol");
2208 /* NOTREACHED */
2209
2210 case Q_LINK:
2211 return gen_linktype(v);
2212
2213 case Q_UDP:
2214 bpf_error("'udp proto' is bogus");
2215 /* NOTREACHED */
2216
2217 case Q_TCP:
2218 bpf_error("'tcp proto' is bogus");
2219 /* NOTREACHED */
2220
2221 case Q_ICMP:
2222 bpf_error("'icmp proto' is bogus");
2223 /* NOTREACHED */
2224
2225 case Q_IGMP:
2226 bpf_error("'igmp proto' is bogus");
2227 /* NOTREACHED */
2228
2229 case Q_IGRP:
2230 bpf_error("'igrp proto' is bogus");
2231 /* NOTREACHED */
2232
2233 case Q_PIM:
2234 bpf_error("'pim proto' is bogus");
2235 /* NOTREACHED */
2236
2237 #ifdef INET6
2238 case Q_IPV6:
2239 b0 = gen_linktype(ETHERTYPE_IPV6);
2240 #ifndef CHASE_CHAIN
2241 b1 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)v);
2242 #else
2243 b1 = gen_protochain(v, Q_IPV6);
2244 #endif
2245 gen_and(b0, b1);
2246 return b1;
2247
2248 case Q_ICMPV6:
2249 bpf_error("'icmp6 proto' is bogus");
2250 #endif /* INET6 */
2251
2252 case Q_AH:
2253 bpf_error("'ah proto' is bogus");
2254
2255 case Q_ESP:
2256 bpf_error("'ah proto' is bogus");
2257
2258 default:
2259 abort();
2260 /* NOTREACHED */
2261 }
2262 /* NOTREACHED */
2263 }
2264
2265 struct block *
2266 gen_scode(name, q)
2267 register const char *name;
2268 struct qual q;
2269 {
2270 int proto = q.proto;
2271 int dir = q.dir;
2272 int tproto;
2273 u_char *eaddr;
2274 bpf_u_int32 mask, addr;
2275 #ifndef INET6
2276 bpf_u_int32 **alist;
2277 #else
2278 int tproto6;
2279 struct sockaddr_in *sin;
2280 struct sockaddr_in6 *sin6;
2281 struct addrinfo *res, *res0;
2282 struct in6_addr mask128;
2283 #endif /*INET6*/
2284 struct block *b, *tmp;
2285 int port, real_proto;
2286
2287 switch (q.addr) {
2288
2289 case Q_NET:
2290 addr = pcap_nametonetaddr(name);
2291 if (addr == 0)
2292 bpf_error("unknown network '%s'", name);
2293 /* Left justify network addr and calculate its network mask */
2294 mask = 0xffffffff;
2295 while (addr && (addr & 0xff000000) == 0) {
2296 addr <<= 8;
2297 mask <<= 8;
2298 }
2299 return gen_host(addr, mask, proto, dir);
2300
2301 case Q_DEFAULT:
2302 case Q_HOST:
2303 if (proto == Q_LINK) {
2304 switch (linktype) {
2305
2306 case DLT_EN10MB:
2307 eaddr = pcap_ether_hostton(name);
2308 if (eaddr == NULL)
2309 bpf_error(
2310 "unknown ether host '%s'", name);
2311 return gen_ehostop(eaddr, dir);
2312
2313 case DLT_FDDI:
2314 eaddr = pcap_ether_hostton(name);
2315 if (eaddr == NULL)
2316 bpf_error(
2317 "unknown FDDI host '%s'", name);
2318 return gen_fhostop(eaddr, dir);
2319
2320 case DLT_IEEE802:
2321 eaddr = pcap_ether_hostton(name);
2322 if (eaddr == NULL)
2323 bpf_error(
2324 "unknown token ring host '%s'", name);
2325 return gen_thostop(eaddr, dir);
2326
2327 default:
2328 bpf_error(
2329 "only ethernet/FDDI/token ring supports link-level host name");
2330 break;
2331 }
2332 } else if (proto == Q_DECNET) {
2333 unsigned short dn_addr = __pcap_nametodnaddr(name);
2334 /*
2335 * I don't think DECNET hosts can be multihomed, so
2336 * there is no need to build up a list of addresses
2337 */
2338 return (gen_host(dn_addr, 0, proto, dir));
2339 } else {
2340 #ifndef INET6
2341 alist = pcap_nametoaddr(name);
2342 if (alist == NULL || *alist == NULL)
2343 bpf_error("unknown host '%s'", name);
2344 tproto = proto;
2345 if (off_linktype == -1 && tproto == Q_DEFAULT)
2346 tproto = Q_IP;
2347 b = gen_host(**alist++, 0xffffffff, tproto, dir);
2348 while (*alist) {
2349 tmp = gen_host(**alist++, 0xffffffff,
2350 tproto, dir);
2351 gen_or(b, tmp);
2352 b = tmp;
2353 }
2354 return b;
2355 #else
2356 memset(&mask128, 0xff, sizeof(mask128));
2357 res0 = res = pcap_nametoaddrinfo(name);
2358 if (res == NULL)
2359 bpf_error("unknown host '%s'", name);
2360 b = tmp = NULL;
2361 tproto = tproto6 = proto;
2362 if (off_linktype == -1 && tproto == Q_DEFAULT) {
2363 tproto = Q_IP;
2364 tproto6 = Q_IPV6;
2365 }
2366 for (res = res0; res; res = res->ai_next) {
2367 switch (res->ai_family) {
2368 case AF_INET:
2369 if (tproto == Q_IPV6)
2370 continue;
2371
2372 sin = (struct sockaddr_in *)
2373 res->ai_addr;
2374 tmp = gen_host(ntohl(sin->sin_addr.s_addr),
2375 0xffffffff, tproto, dir);
2376 break;
2377 case AF_INET6:
2378 if (tproto6 == Q_IP)
2379 continue;
2380
2381 sin6 = (struct sockaddr_in6 *)
2382 res->ai_addr;
2383 tmp = gen_host6(&sin6->sin6_addr,
2384 &mask128, tproto6, dir);
2385 break;
2386 }
2387 if (b)
2388 gen_or(b, tmp);
2389 b = tmp;
2390 }
2391 freeaddrinfo(res0);
2392 if (b == NULL) {
2393 bpf_error("unknown host '%s'%s", name,
2394 (proto == Q_DEFAULT)
2395 ? ""
2396 : " for specified address family");
2397 }
2398 return b;
2399 #endif /*INET6*/
2400 }
2401
2402 case Q_PORT:
2403 if (proto != Q_DEFAULT && proto != Q_UDP && proto != Q_TCP)
2404 bpf_error("illegal qualifier of 'port'");
2405 if (pcap_nametoport(name, &port, &real_proto) == 0)
2406 bpf_error("unknown port '%s'", name);
2407 if (proto == Q_UDP) {
2408 if (real_proto == IPPROTO_TCP)
2409 bpf_error("port '%s' is tcp", name);
2410 else
2411 /* override PROTO_UNDEF */
2412 real_proto = IPPROTO_UDP;
2413 }
2414 if (proto == Q_TCP) {
2415 if (real_proto == IPPROTO_UDP)
2416 bpf_error("port '%s' is udp", name);
2417 else
2418 /* override PROTO_UNDEF */
2419 real_proto = IPPROTO_TCP;
2420 }
2421 #ifndef INET6
2422 return gen_port(port, real_proto, dir);
2423 #else
2424 {
2425 struct block *b;
2426 b = gen_port(port, real_proto, dir);
2427 gen_or(gen_port6(port, real_proto, dir), b);
2428 return b;
2429 }
2430 #endif /* INET6 */
2431
2432 case Q_GATEWAY:
2433 #ifndef INET6
2434 eaddr = pcap_ether_hostton(name);
2435 if (eaddr == NULL)
2436 bpf_error("unknown ether host: %s", name);
2437
2438 alist = pcap_nametoaddr(name);
2439 if (alist == NULL || *alist == NULL)
2440 bpf_error("unknown host '%s'", name);
2441 return gen_gateway(eaddr, alist, proto, dir);
2442 #else
2443 bpf_error("'gateway' not supported in this configuration");
2444 #endif /*INET6*/
2445
2446 case Q_PROTO:
2447 real_proto = lookup_proto(name, proto);
2448 if (real_proto >= 0)
2449 return gen_proto(real_proto, proto, dir);
2450 else
2451 bpf_error("unknown protocol: %s", name);
2452
2453 case Q_PROTOCHAIN:
2454 real_proto = lookup_proto(name, proto);
2455 if (real_proto >= 0)
2456 return gen_protochain(real_proto, proto, dir);
2457 else
2458 bpf_error("unknown protocol: %s", name);
2459
2460
2461 case Q_UNDEF:
2462 syntax();
2463 /* NOTREACHED */
2464 }
2465 abort();
2466 /* NOTREACHED */
2467 }
2468
2469 struct block *
2470 gen_mcode(s1, s2, masklen, q)
2471 register const char *s1, *s2;
2472 register int masklen;
2473 struct qual q;
2474 {
2475 register int nlen, mlen;
2476 bpf_u_int32 n, m;
2477
2478 nlen = __pcap_atoin(s1, &n);
2479 /* Promote short ipaddr */
2480 n <<= 32 - nlen;
2481
2482 if (s2 != NULL) {
2483 mlen = __pcap_atoin(s2, &m);
2484 /* Promote short ipaddr */
2485 m <<= 32 - mlen;
2486 if ((n & ~m) != 0)
2487 bpf_error("non-network bits set in \"%s mask %s\"",
2488 s1, s2);
2489 } else {
2490 /* Convert mask len to mask */
2491 if (masklen > 32)
2492 bpf_error("mask length must be <= 32");
2493 m = 0xffffffff << (32 - masklen);
2494 if ((n & ~m) != 0)
2495 bpf_error("non-network bits set in \"%s/%d\"",
2496 s1, masklen);
2497 }
2498
2499 switch (q.addr) {
2500
2501 case Q_NET:
2502 return gen_host(n, m, q.proto, q.dir);
2503
2504 default:
2505 bpf_error("Mask syntax for networks only");
2506 /* NOTREACHED */
2507 }
2508 }
2509
2510 struct block *
2511 gen_ncode(s, v, q)
2512 register const char *s;
2513 bpf_u_int32 v;
2514 struct qual q;
2515 {
2516 bpf_u_int32 mask;
2517 int proto = q.proto;
2518 int dir = q.dir;
2519 register int vlen;
2520
2521 if (s == NULL)
2522 vlen = 32;
2523 else if (q.proto == Q_DECNET)
2524 vlen = __pcap_atodn(s, &v);
2525 else
2526 vlen = __pcap_atoin(s, &v);
2527
2528 switch (q.addr) {
2529
2530 case Q_DEFAULT:
2531 case Q_HOST:
2532 case Q_NET:
2533 if (proto == Q_DECNET)
2534 return gen_host(v, 0, proto, dir);
2535 else if (proto == Q_LINK) {
2536 bpf_error("illegal link layer address");
2537 } else {
2538 mask = 0xffffffff;
2539 if (s == NULL && q.addr == Q_NET) {
2540 /* Promote short net number */
2541 while (v && (v & 0xff000000) == 0) {
2542 v <<= 8;
2543 mask <<= 8;
2544 }
2545 } else {
2546 /* Promote short ipaddr */
2547 v <<= 32 - vlen;
2548 mask <<= 32 - vlen;
2549 }
2550 return gen_host(v, mask, proto, dir);
2551 }
2552
2553 case Q_PORT:
2554 if (proto == Q_UDP)
2555 proto = IPPROTO_UDP;
2556 else if (proto == Q_TCP)
2557 proto = IPPROTO_TCP;
2558 else if (proto == Q_DEFAULT)
2559 proto = PROTO_UNDEF;
2560 else
2561 bpf_error("illegal qualifier of 'port'");
2562
2563 #ifndef INET6
2564 return gen_port((int)v, proto, dir);
2565 #else
2566 {
2567 struct block *b;
2568 b = gen_port((int)v, proto, dir);
2569 gen_or(gen_port6((int)v, proto, dir), b);
2570 return b;
2571 }
2572 #endif /* INET6 */
2573
2574 case Q_GATEWAY:
2575 bpf_error("'gateway' requires a name");
2576 /* NOTREACHED */
2577
2578 case Q_PROTO:
2579 return gen_proto((int)v, proto, dir);
2580
2581 case Q_PROTOCHAIN:
2582 return gen_protochain((int)v, proto, dir);
2583
2584 case Q_UNDEF:
2585 syntax();
2586 /* NOTREACHED */
2587
2588 default:
2589 abort();
2590 /* NOTREACHED */
2591 }
2592 /* NOTREACHED */
2593 }
2594
2595 #ifdef INET6
2596 struct block *
2597 gen_mcode6(s1, s2, masklen, q)
2598 register const char *s1, *s2;
2599 register int masklen;
2600 struct qual q;
2601 {
2602 struct addrinfo *res;
2603 struct in6_addr *addr;
2604 struct in6_addr mask;
2605 struct block *b;
2606 u_int32_t *a, *m;
2607
2608 if (s2)
2609 bpf_error("no mask %s supported", s2);
2610
2611 res = pcap_nametoaddrinfo(s1);
2612 if (!res)
2613 bpf_error("invalid ip6 address %s", s1);
2614 if (res->ai_next)
2615 bpf_error("%s resolved to multiple address", s1);
2616 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr;
2617
2618 if (sizeof(mask) * 8 < masklen)
2619 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8));
2620 memset(&mask, 0xff, masklen / 8);
2621 if (masklen % 8) {
2622 mask.s6_addr[masklen / 8] =
2623 (0xff << (8 - masklen % 8)) & 0xff;
2624 }
2625
2626 a = (u_int32_t *)addr;
2627 m = (u_int32_t *)&mask;
2628 if ((a[0] & ~m[0]) || (a[1] & ~m[1])
2629 || (a[2] & ~m[2]) || (a[3] & ~m[3])) {
2630 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen);
2631 }
2632
2633 switch (q.addr) {
2634
2635 case Q_DEFAULT:
2636 case Q_HOST:
2637 if (masklen != 128)
2638 bpf_error("Mask syntax for networks only");
2639 /* FALLTHROUGH */
2640
2641 case Q_NET:
2642 b = gen_host6(addr, &mask, q.proto, q.dir);
2643 freeaddrinfo(res);
2644 return b;
2645
2646 default:
2647 bpf_error("invalid qualifier against IPv6 address");
2648 /* NOTREACHED */
2649 }
2650 }
2651 #endif /*INET6*/
2652
2653 struct block *
2654 gen_ecode(eaddr, q)
2655 register const u_char *eaddr;
2656 struct qual q;
2657 {
2658 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
2659 if (linktype == DLT_EN10MB)
2660 return gen_ehostop(eaddr, (int)q.dir);
2661 if (linktype == DLT_FDDI)
2662 return gen_fhostop(eaddr, (int)q.dir);
2663 if (linktype == DLT_IEEE802)
2664 return gen_thostop(eaddr, (int)q.dir);
2665 }
2666 bpf_error("ethernet address used in non-ether expression");
2667 /* NOTREACHED */
2668 }
2669
2670 void
2671 sappend(s0, s1)
2672 struct slist *s0, *s1;
2673 {
2674 /*
2675 * This is definitely not the best way to do this, but the
2676 * lists will rarely get long.
2677 */
2678 while (s0->next)
2679 s0 = s0->next;
2680 s0->next = s1;
2681 }
2682
2683 static struct slist *
2684 xfer_to_x(a)
2685 struct arth *a;
2686 {
2687 struct slist *s;
2688
2689 s = new_stmt(BPF_LDX|BPF_MEM);
2690 s->s.k = a->regno;
2691 return s;
2692 }
2693
2694 static struct slist *
2695 xfer_to_a(a)
2696 struct arth *a;
2697 {
2698 struct slist *s;
2699
2700 s = new_stmt(BPF_LD|BPF_MEM);
2701 s->s.k = a->regno;
2702 return s;
2703 }
2704
2705 struct arth *
2706 gen_load(proto, index, size)
2707 int proto;
2708 struct arth *index;
2709 int size;
2710 {
2711 struct slist *s, *tmp;
2712 struct block *b;
2713 int regno = alloc_reg();
2714
2715 free_reg(index->regno);
2716 switch (size) {
2717
2718 default:
2719 bpf_error("data size must be 1, 2, or 4");
2720
2721 case 1:
2722 size = BPF_B;
2723 break;
2724
2725 case 2:
2726 size = BPF_H;
2727 break;
2728
2729 case 4:
2730 size = BPF_W;
2731 break;
2732 }
2733 switch (proto) {
2734 default:
2735 bpf_error("unsupported index operation");
2736
2737 case Q_LINK:
2738 s = xfer_to_x(index);
2739 tmp = new_stmt(BPF_LD|BPF_IND|size);
2740 sappend(s, tmp);
2741 sappend(index->s, s);
2742 break;
2743
2744 case Q_IP:
2745 case Q_ARP:
2746 case Q_RARP:
2747 case Q_ATALK:
2748 case Q_DECNET:
2749 case Q_SCA:
2750 case Q_LAT:
2751 case Q_MOPRC:
2752 case Q_MOPDL:
2753 #ifdef INET6
2754 case Q_IPV6:
2755 #endif
2756 /* XXX Note that we assume a fixed link header here. */
2757 s = xfer_to_x(index);
2758 tmp = new_stmt(BPF_LD|BPF_IND|size);
2759 tmp->s.k = off_nl;
2760 sappend(s, tmp);
2761 sappend(index->s, s);
2762
2763 b = gen_proto_abbrev(proto);
2764 if (index->b)
2765 gen_and(index->b, b);
2766 index->b = b;
2767 break;
2768
2769 case Q_TCP:
2770 case Q_UDP:
2771 case Q_ICMP:
2772 case Q_IGMP:
2773 case Q_IGRP:
2774 case Q_PIM:
2775 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
2776 s->s.k = off_nl;
2777 sappend(s, xfer_to_a(index));
2778 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X));
2779 sappend(s, new_stmt(BPF_MISC|BPF_TAX));
2780 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size));
2781 tmp->s.k = off_nl;
2782 sappend(index->s, s);
2783
2784 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag());
2785 if (index->b)
2786 gen_and(index->b, b);
2787 #ifdef INET6
2788 gen_and(gen_proto_abbrev(Q_IP), b);
2789 #endif
2790 index->b = b;
2791 break;
2792 #ifdef INET6
2793 case Q_ICMPV6:
2794 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]");
2795 /*NOTREACHED*/
2796 #endif
2797 }
2798 index->regno = regno;
2799 s = new_stmt(BPF_ST);
2800 s->s.k = regno;
2801 sappend(index->s, s);
2802
2803 return index;
2804 }
2805
2806 struct block *
2807 gen_relation(code, a0, a1, reversed)
2808 int code;
2809 struct arth *a0, *a1;
2810 int reversed;
2811 {
2812 struct slist *s0, *s1, *s2;
2813 struct block *b, *tmp;
2814
2815 s0 = xfer_to_x(a1);
2816 s1 = xfer_to_a(a0);
2817 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X);
2818 b = new_block(JMP(code));
2819 if (code == BPF_JGT || code == BPF_JGE) {
2820 reversed = !reversed;
2821 b->s.k = 0x80000000;
2822 }
2823 if (reversed)
2824 gen_not(b);
2825
2826 sappend(s1, s2);
2827 sappend(s0, s1);
2828 sappend(a1->s, s0);
2829 sappend(a0->s, a1->s);
2830
2831 b->stmts = a0->s;
2832
2833 free_reg(a0->regno);
2834 free_reg(a1->regno);
2835
2836 /* 'and' together protocol checks */
2837 if (a0->b) {
2838 if (a1->b) {
2839 gen_and(a0->b, tmp = a1->b);
2840 }
2841 else
2842 tmp = a0->b;
2843 } else
2844 tmp = a1->b;
2845
2846 if (tmp)
2847 gen_and(tmp, b);
2848
2849 return b;
2850 }
2851
2852 struct arth *
2853 gen_loadlen()
2854 {
2855 int regno = alloc_reg();
2856 struct arth *a = (struct arth *)newchunk(sizeof(*a));
2857 struct slist *s;
2858
2859 s = new_stmt(BPF_LD|BPF_LEN);
2860 s->next = new_stmt(BPF_ST);
2861 s->next->s.k = regno;
2862 a->s = s;
2863 a->regno = regno;
2864
2865 return a;
2866 }
2867
2868 struct arth *
2869 gen_loadi(val)
2870 int val;
2871 {
2872 struct arth *a;
2873 struct slist *s;
2874 int reg;
2875
2876 a = (struct arth *)newchunk(sizeof(*a));
2877
2878 reg = alloc_reg();
2879
2880 s = new_stmt(BPF_LD|BPF_IMM);
2881 s->s.k = val;
2882 s->next = new_stmt(BPF_ST);
2883 s->next->s.k = reg;
2884 a->s = s;
2885 a->regno = reg;
2886
2887 return a;
2888 }
2889
2890 struct arth *
2891 gen_neg(a)
2892 struct arth *a;
2893 {
2894 struct slist *s;
2895
2896 s = xfer_to_a(a);
2897 sappend(a->s, s);
2898 s = new_stmt(BPF_ALU|BPF_NEG);
2899 s->s.k = 0;
2900 sappend(a->s, s);
2901 s = new_stmt(BPF_ST);
2902 s->s.k = a->regno;
2903 sappend(a->s, s);
2904
2905 return a;
2906 }
2907
2908 struct arth *
2909 gen_arth(code, a0, a1)
2910 int code;
2911 struct arth *a0, *a1;
2912 {
2913 struct slist *s0, *s1, *s2;
2914
2915 s0 = xfer_to_x(a1);
2916 s1 = xfer_to_a(a0);
2917 s2 = new_stmt(BPF_ALU|BPF_X|code);
2918
2919 sappend(s1, s2);
2920 sappend(s0, s1);
2921 sappend(a1->s, s0);
2922 sappend(a0->s, a1->s);
2923
2924 free_reg(a1->regno);
2925
2926 s0 = new_stmt(BPF_ST);
2927 a0->regno = s0->s.k = alloc_reg();
2928 sappend(a0->s, s0);
2929
2930 return a0;
2931 }
2932
2933 /*
2934 * Here we handle simple allocation of the scratch registers.
2935 * If too many registers are alloc'd, the allocator punts.
2936 */
2937 static int regused[BPF_MEMWORDS];
2938 static int curreg;
2939
2940 /*
2941 * Return the next free register.
2942 */
2943 static int
2944 alloc_reg()
2945 {
2946 int n = BPF_MEMWORDS;
2947
2948 while (--n >= 0) {
2949 if (regused[curreg])
2950 curreg = (curreg + 1) % BPF_MEMWORDS;
2951 else {
2952 regused[curreg] = 1;
2953 return curreg;
2954 }
2955 }
2956 bpf_error("too many registers needed to evaluate expression");
2957 /* NOTREACHED */
2958 }
2959
2960 /*
2961 * Return a register to the table so it can
2962 * be used later.
2963 */
2964 static void
2965 free_reg(n)
2966 int n;
2967 {
2968 regused[n] = 0;
2969 }
2970
2971 static struct block *
2972 gen_len(jmp, n)
2973 int jmp, n;
2974 {
2975 struct slist *s;
2976 struct block *b;
2977
2978 s = new_stmt(BPF_LD|BPF_LEN);
2979 b = new_block(JMP(jmp));
2980 b->stmts = s;
2981 b->s.k = n;
2982
2983 return b;
2984 }
2985
2986 struct block *
2987 gen_greater(n)
2988 int n;
2989 {
2990 return gen_len(BPF_JGE, n);
2991 }
2992
2993 /*
2994 * Actually, this is less than or equal.
2995 */
2996 struct block *
2997 gen_less(n)
2998 int n;
2999 {
3000 struct block *b;
3001
3002 b = gen_len(BPF_JGT, n);
3003 gen_not(b);
3004
3005 return b;
3006 }
3007
3008 struct block *
3009 gen_byteop(op, idx, val)
3010 int op, idx, val;
3011 {
3012 struct block *b;
3013 struct slist *s;
3014
3015 switch (op) {
3016 default:
3017 abort();
3018
3019 case '=':
3020 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
3021
3022 case '<':
3023 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
3024 b->s.code = JMP(BPF_JGE);
3025 gen_not(b);
3026 return b;
3027
3028 case '>':
3029 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
3030 b->s.code = JMP(BPF_JGT);
3031 return b;
3032
3033 case '|':
3034 s = new_stmt(BPF_ALU|BPF_OR|BPF_K);
3035 break;
3036
3037 case '&':
3038 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
3039 break;
3040 }
3041 s->s.k = val;
3042 b = new_block(JMP(BPF_JEQ));
3043 b->stmts = s;
3044 gen_not(b);
3045
3046 return b;
3047 }
3048
3049 struct block *
3050 gen_broadcast(proto)
3051 int proto;
3052 {
3053 bpf_u_int32 hostmask;
3054 struct block *b0, *b1, *b2;
3055 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
3056
3057 switch (proto) {
3058
3059 case Q_DEFAULT:
3060 case Q_LINK:
3061 if (linktype == DLT_EN10MB)
3062 return gen_ehostop(ebroadcast, Q_DST);
3063 if (linktype == DLT_FDDI)
3064 return gen_fhostop(ebroadcast, Q_DST);
3065 if (linktype == DLT_IEEE802)
3066 return gen_thostop(ebroadcast, Q_DST);
3067 bpf_error("not a broadcast link");
3068 break;
3069
3070 case Q_IP:
3071 b0 = gen_linktype(ETHERTYPE_IP);
3072 hostmask = ~netmask;
3073 b1 = gen_mcmp(off_nl + 16, BPF_W, (bpf_int32)0, hostmask);
3074 b2 = gen_mcmp(off_nl + 16, BPF_W,
3075 (bpf_int32)(~0 & hostmask), hostmask);
3076 gen_or(b1, b2);
3077 gen_and(b0, b2);
3078 return b2;
3079 }
3080 bpf_error("only ether/ip broadcast filters supported");
3081 }
3082
3083 struct block *
3084 gen_multicast(proto)
3085 int proto;
3086 {
3087 register struct block *b0, *b1;
3088 register struct slist *s;
3089
3090 switch (proto) {
3091
3092 case Q_DEFAULT:
3093 case Q_LINK:
3094 if (linktype == DLT_EN10MB) {
3095 /* ether[0] & 1 != 0 */
3096 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
3097 s->s.k = 0;
3098 b0 = new_block(JMP(BPF_JSET));
3099 b0->s.k = 1;
3100 b0->stmts = s;
3101 return b0;
3102 }
3103
3104 if (linktype == DLT_FDDI) {
3105 /* XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX */
3106 /* fddi[1] & 1 != 0 */
3107 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
3108 s->s.k = 1;
3109 b0 = new_block(JMP(BPF_JSET));
3110 b0->s.k = 1;
3111 b0->stmts = s;
3112 return b0;
3113 }
3114
3115 /* TODO - check how token ring handles multicast */
3116 /* if (linktype == DLT_IEEE802) ... */
3117
3118 /* Link not known to support multicasts */
3119 break;
3120
3121 case Q_IP:
3122 b0 = gen_linktype(ETHERTYPE_IP);
3123 b1 = gen_cmp(off_nl + 16, BPF_B, (bpf_int32)224);
3124 b1->s.code = JMP(BPF_JGE);
3125 gen_and(b0, b1);
3126 return b1;
3127
3128 #ifdef INET6
3129 case Q_IPV6:
3130 b0 = gen_linktype(ETHERTYPE_IPV6);
3131 b1 = gen_cmp(off_nl + 24, BPF_B, (bpf_int32)255);
3132 gen_and(b0, b1);
3133 return b1;
3134 #endif /* INET6 */
3135 }
3136 bpf_error("only IP multicast filters supported on ethernet/FDDI");
3137 }
3138
3139 /*
3140 * generate command for inbound/outbound. It's here so we can
3141 * make it link-type specific. 'dir' = 0 implies "inbound",
3142 * = 1 implies "outbound".
3143 */
3144 struct block *
3145 gen_inbound(dir)
3146 int dir;
3147 {
3148 register struct block *b0;
3149
3150 b0 = gen_relation(BPF_JEQ,
3151 gen_load(Q_LINK, gen_loadi(0), 1),
3152 gen_loadi(0),
3153 dir);
3154 return (b0);
3155 }
3156
3157 /*
3158 * support IEEE 802.1Q VLAN trunk over ethernet
3159 */
3160 struct block *
3161 gen_vlan(vlan_num)
3162 int vlan_num;
3163 {
3164 static u_int orig_linktype = -1, orig_nl = -1;
3165 struct block *b0;
3166
3167 /*
3168 * Change the offsets to point to the type and data fields within
3169 * the VLAN packet. This is somewhat of a kludge.
3170 */
3171 if (orig_nl == (u_int)-1) {
3172 orig_linktype = off_linktype; /* save original values */
3173 orig_nl = off_nl;
3174
3175 switch (linktype) {
3176
3177 case DLT_EN10MB:
3178 off_linktype = 16;
3179 off_nl = 18;
3180 break;
3181
3182 default:
3183 bpf_error("no VLAN support for data link type %d",
3184 linktype);
3185 /*NOTREACHED*/
3186 }
3187 }
3188
3189 /* check for VLAN */
3190 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q);
3191
3192 /* If a specific VLAN is requested, check VLAN id */
3193 if (vlan_num >= 0) {
3194 struct block *b1;
3195
3196 b1 = gen_cmp(orig_nl, BPF_H, (bpf_int32)vlan_num);
3197 gen_and(b0, b1);
3198 b0 = b1;
3199 }
3200
3201 return (b0);
3202 }
[mirror] the LIBpcap interface to various kernel packet capture mechanism