]> The Tcpdump Group git mirrors - libpcap/blob - gencode.c
projects / libpcap / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Put in very minimal support for DLT_LINUX_IRDA filters.
[libpcap] / gencode.c
1 /*#define CHASE_CHAIN*/
2 /*
3 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998
4 * The Regents of the University of California. All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that: (1) source code distributions
8 * retain the above copyright notice and this paragraph in its entirety, (2)
9 * distributions including binary code include the above copyright notice and
10 * this paragraph in its entirety in the documentation or other materials
11 * provided with the distribution, and (3) all advertising materials mentioning
12 * features or use of this software display the following acknowledgement:
13 * ``This product includes software developed by the University of California,
14 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
15 * the University nor the names of its contributors may be used to endorse
16 * or promote products derived from this software without specific prior
17 * written permission.
18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
19 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
20 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
21 */
22 #ifndef lint
23 static const char rcsid[] _U_ =
24 "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.195 2003-12-18 20:36:11 guy Exp $ (LBL)";
25 #endif
26
27 #ifdef HAVE_CONFIG_H
28 #include "config.h"
29 #endif
30
31 #ifdef WIN32
32 #include <pcap-stdinc.h>
33 #else /* WIN32 */
34 #include <sys/types.h>
35 #include <sys/socket.h>
36 #include <sys/time.h>
37 #endif /* WIN32 */
38
39 /*
40 * XXX - why was this included even on UNIX?
41 */
42 #ifdef __MINGW32__
43 #include "IP6_misc.h"
44 #endif
45
46 #ifndef WIN32
47
48 #ifdef __NetBSD__
49 #include <sys/param.h>
50 #endif
51
52 #include <netinet/in.h>
53
54 #endif /* WIN32 */
55
56 #include <stdlib.h>
57 #include <string.h>
58 #include <memory.h>
59 #include <setjmp.h>
60 #include <stdarg.h>
61
62 #include "pcap-int.h"
63
64 #include "ethertype.h"
65 #include "nlpid.h"
66 #include "llc.h"
67 #include "gencode.h"
68 #include "atmuni31.h"
69 #include "sunatmpos.h"
70 #include "ppp.h"
71 #include "sll.h"
72 #include "arcnet.h"
73 #include "pf.h"
74 #ifdef INET6
75 #ifndef WIN32
76 #include <netdb.h> /* for "struct addrinfo" */
77 #endif /* WIN32 */
78 #endif /*INET6*/
79 #include <pcap-namedb.h>
80
81 #define ETHERMTU 1500
82
83 #ifndef IPPROTO_SCTP
84 #define IPPROTO_SCTP 132
85 #endif
86
87 #ifdef HAVE_OS_PROTO_H
88 #include "os-proto.h"
89 #endif
90
91 #define JMP(c) ((c)|BPF_JMP|BPF_K)
92
93 /* Locals */
94 static jmp_buf top_ctx;
95 static pcap_t *bpf_pcap;
96
97 /* Hack for updating VLAN offsets. */
98 static u_int orig_linktype = -1, orig_nl = -1, orig_nl_nosnap = -1;
99
100 /* XXX */
101 #ifdef PCAP_FDDIPAD
102 int pcap_fddipad = PCAP_FDDIPAD;
103 #else
104 int pcap_fddipad;
105 #endif
106
107 /* VARARGS */
108 void
109 bpf_error(const char *fmt, ...)
110
111 {
112 va_list ap;
113
114 va_start(ap, fmt);
115 if (bpf_pcap != NULL)
116 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE,
117 fmt, ap);
118 va_end(ap);
119 longjmp(top_ctx, 1);
120 /* NOTREACHED */
121 }
122
123 static void init_linktype(int);
124
125 static int alloc_reg(void);
126 static void free_reg(int);
127
128 static struct block *root;
129
130 /*
131 * We divy out chunks of memory rather than call malloc each time so
132 * we don't have to worry about leaking memory. It's probably
133 * not a big deal if all this memory was wasted but it this ever
134 * goes into a library that would probably not be a good idea.
135 */
136 #define NCHUNKS 16
137 #define CHUNK0SIZE 1024
138 struct chunk {
139 u_int n_left;
140 void *m;
141 };
142
143 static struct chunk chunks[NCHUNKS];
144 static int cur_chunk;
145
146 static void *newchunk(u_int);
147 static void freechunks(void);
148 static inline struct block *new_block(int);
149 static inline struct slist *new_stmt(int);
150 static struct block *gen_retblk(int);
151 static inline void syntax(void);
152
153 static void backpatch(struct block *, struct block *);
154 static void merge(struct block *, struct block *);
155 static struct block *gen_cmp(u_int, u_int, bpf_int32);
156 static struct block *gen_cmp_gt(u_int, u_int, bpf_int32);
157 static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32);
158 static struct block *gen_bcmp(u_int, u_int, const u_char *);
159 static struct block *gen_ncmp(bpf_u_int32, bpf_u_int32, bpf_u_int32,
160 bpf_u_int32, bpf_u_int32, int);
161 static struct block *gen_uncond(int);
162 static inline struct block *gen_true(void);
163 static inline struct block *gen_false(void);
164 static struct block *gen_ether_linktype(int);
165 static struct block *gen_linktype(int);
166 static struct block *gen_snap(bpf_u_int32, bpf_u_int32, u_int);
167 static struct block *gen_llc(int);
168 static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int);
169 #ifdef INET6
170 static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int);
171 #endif
172 static struct block *gen_ahostop(const u_char *, int);
173 static struct block *gen_ehostop(const u_char *, int);
174 static struct block *gen_fhostop(const u_char *, int);
175 static struct block *gen_thostop(const u_char *, int);
176 static struct block *gen_wlanhostop(const u_char *, int);
177 static struct block *gen_ipfchostop(const u_char *, int);
178 static struct block *gen_dnhostop(bpf_u_int32, int, u_int);
179 static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int);
180 #ifdef INET6
181 static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int);
182 #endif
183 #ifndef INET6
184 static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int);
185 #endif
186 static struct block *gen_ipfrag(void);
187 static struct block *gen_portatom(int, bpf_int32);
188 #ifdef INET6
189 static struct block *gen_portatom6(int, bpf_int32);
190 #endif
191 struct block *gen_portop(int, int, int);
192 static struct block *gen_port(int, int, int);
193 #ifdef INET6
194 struct block *gen_portop6(int, int, int);
195 static struct block *gen_port6(int, int, int);
196 #endif
197 static int lookup_proto(const char *, int);
198 static struct block *gen_protochain(int, int, int);
199 static struct block *gen_proto(int, int, int);
200 static struct slist *xfer_to_x(struct arth *);
201 static struct slist *xfer_to_a(struct arth *);
202 static struct block *gen_mac_multicast(int);
203 static struct block *gen_len(int, int);
204
205 static struct block *gen_msg_abbrev(int type);
206
207 static void *
208 newchunk(n)
209 u_int n;
210 {
211 struct chunk *cp;
212 int k;
213 size_t size;
214
215 #ifndef __NetBSD__
216 /* XXX Round up to nearest long. */
217 n = (n + sizeof(long) - 1) & ~(sizeof(long) - 1);
218 #else
219 /* XXX Round up to structure boundary. */
220 n = ALIGN(n);
221 #endif
222
223 cp = &chunks[cur_chunk];
224 if (n > cp->n_left) {
225 ++cp, k = ++cur_chunk;
226 if (k >= NCHUNKS)
227 bpf_error("out of memory");
228 size = CHUNK0SIZE << k;
229 cp->m = (void *)malloc(size);
230 if (cp->m == NULL)
231 bpf_error("out of memory");
232 memset((char *)cp->m, 0, size);
233 cp->n_left = size;
234 if (n > size)
235 bpf_error("out of memory");
236 }
237 cp->n_left -= n;
238 return (void *)((char *)cp->m + cp->n_left);
239 }
240
241 static void
242 freechunks()
243 {
244 int i;
245
246 cur_chunk = 0;
247 for (i = 0; i < NCHUNKS; ++i)
248 if (chunks[i].m != NULL) {
249 free(chunks[i].m);
250 chunks[i].m = NULL;
251 }
252 }
253
254 /*
255 * A strdup whose allocations are freed after code generation is over.
256 */
257 char *
258 sdup(s)
259 register const char *s;
260 {
261 int n = strlen(s) + 1;
262 char *cp = newchunk(n);
263
264 strlcpy(cp, s, n);
265 return (cp);
266 }
267
268 static inline struct block *
269 new_block(code)
270 int code;
271 {
272 struct block *p;
273
274 p = (struct block *)newchunk(sizeof(*p));
275 p->s.code = code;
276 p->head = p;
277
278 return p;
279 }
280
281 static inline struct slist *
282 new_stmt(code)
283 int code;
284 {
285 struct slist *p;
286
287 p = (struct slist *)newchunk(sizeof(*p));
288 p->s.code = code;
289
290 return p;
291 }
292
293 static struct block *
294 gen_retblk(v)
295 int v;
296 {
297 struct block *b = new_block(BPF_RET|BPF_K);
298
299 b->s.k = v;
300 return b;
301 }
302
303 static inline void
304 syntax()
305 {
306 bpf_error("syntax error in filter expression");
307 }
308
309 static bpf_u_int32 netmask;
310 static int snaplen;
311 int no_optimize;
312
313 int
314 pcap_compile(pcap_t *p, struct bpf_program *program,
315 char *buf, int optimize, bpf_u_int32 mask)
316 {
317 extern int n_errors;
318 int len;
319
320 no_optimize = 0;
321 n_errors = 0;
322 root = NULL;
323 bpf_pcap = p;
324 if (setjmp(top_ctx)) {
325 lex_cleanup();
326 freechunks();
327 return (-1);
328 }
329
330 netmask = mask;
331
332 snaplen = pcap_snapshot(p);
333 if (snaplen == 0) {
334 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
335 "snaplen of 0 rejects all packets");
336 return -1;
337 }
338
339 lex_init(buf ? buf : "");
340 init_linktype(pcap_datalink(p));
341 (void)pcap_parse();
342
343 if (n_errors)
344 syntax();
345
346 if (root == NULL)
347 root = gen_retblk(snaplen);
348
349 if (optimize && !no_optimize) {
350 bpf_optimize(&root);
351 if (root == NULL ||
352 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0))
353 bpf_error("expression rejects all packets");
354 }
355 program->bf_insns = icode_to_fcode(root, &len);
356 program->bf_len = len;
357
358 lex_cleanup();
359 freechunks();
360 return (0);
361 }
362
363 /*
364 * entry point for using the compiler with no pcap open
365 * pass in all the stuff that is needed explicitly instead.
366 */
367 int
368 pcap_compile_nopcap(int snaplen_arg, int linktype_arg,
369 struct bpf_program *program,
370 char *buf, int optimize, bpf_u_int32 mask)
371 {
372 pcap_t *p;
373 int ret;
374
375 p = pcap_open_dead(linktype_arg, snaplen_arg);
376 if (p == NULL)
377 return (-1);
378 ret = pcap_compile(p, program, buf, optimize, mask);
379 pcap_close(p);
380 return (ret);
381 }
382
383 /*
384 * Clean up a "struct bpf_program" by freeing all the memory allocated
385 * in it.
386 */
387 void
388 pcap_freecode(struct bpf_program *program)
389 {
390 program->bf_len = 0;
391 if (program->bf_insns != NULL) {
392 free((char *)program->bf_insns);
393 program->bf_insns = NULL;
394 }
395 }
396
397 /*
398 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates
399 * which of the jt and jf fields has been resolved and which is a pointer
400 * back to another unresolved block (or nil). At least one of the fields
401 * in each block is already resolved.
402 */
403 static void
404 backpatch(list, target)
405 struct block *list, *target;
406 {
407 struct block *next;
408
409 while (list) {
410 if (!list->sense) {
411 next = JT(list);
412 JT(list) = target;
413 } else {
414 next = JF(list);
415 JF(list) = target;
416 }
417 list = next;
418 }
419 }
420
421 /*
422 * Merge the lists in b0 and b1, using the 'sense' field to indicate
423 * which of jt and jf is the link.
424 */
425 static void
426 merge(b0, b1)
427 struct block *b0, *b1;
428 {
429 register struct block **p = &b0;
430
431 /* Find end of list. */
432 while (*p)
433 p = !((*p)->sense) ? &JT(*p) : &JF(*p);
434
435 /* Concatenate the lists. */
436 *p = b1;
437 }
438
439 void
440 finish_parse(p)
441 struct block *p;
442 {
443 backpatch(p, gen_retblk(snaplen));
444 p->sense = !p->sense;
445 backpatch(p, gen_retblk(0));
446 root = p->head;
447 }
448
449 void
450 gen_and(b0, b1)
451 struct block *b0, *b1;
452 {
453 backpatch(b0, b1->head);
454 b0->sense = !b0->sense;
455 b1->sense = !b1->sense;
456 merge(b1, b0);
457 b1->sense = !b1->sense;
458 b1->head = b0->head;
459 }
460
461 void
462 gen_or(b0, b1)
463 struct block *b0, *b1;
464 {
465 b0->sense = !b0->sense;
466 backpatch(b0, b1->head);
467 b0->sense = !b0->sense;
468 merge(b1, b0);
469 b1->head = b0->head;
470 }
471
472 void
473 gen_not(b)
474 struct block *b;
475 {
476 b->sense = !b->sense;
477 }
478
479 static struct block *
480 gen_cmp(offset, size, v)
481 u_int offset, size;
482 bpf_int32 v;
483 {
484 struct slist *s;
485 struct block *b;
486
487 s = new_stmt(BPF_LD|BPF_ABS|size);
488 s->s.k = offset;
489
490 b = new_block(JMP(BPF_JEQ));
491 b->stmts = s;
492 b->s.k = v;
493
494 return b;
495 }
496
497 static struct block *
498 gen_cmp_gt(offset, size, v)
499 u_int offset, size;
500 bpf_int32 v;
501 {
502 struct slist *s;
503 struct block *b;
504
505 s = new_stmt(BPF_LD|BPF_ABS|size);
506 s->s.k = offset;
507
508 b = new_block(JMP(BPF_JGT));
509 b->stmts = s;
510 b->s.k = v;
511
512 return b;
513 }
514
515 static struct block *
516 gen_mcmp(offset, size, v, mask)
517 u_int offset, size;
518 bpf_int32 v;
519 bpf_u_int32 mask;
520 {
521 struct block *b = gen_cmp(offset, size, v);
522 struct slist *s;
523
524 if (mask != 0xffffffff) {
525 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
526 s->s.k = mask;
527 b->stmts->next = s;
528 }
529 return b;
530 }
531
532 static struct block *
533 gen_bcmp(offset, size, v)
534 register u_int offset, size;
535 register const u_char *v;
536 {
537 register struct block *b, *tmp;
538
539 b = NULL;
540 while (size >= 4) {
541 register const u_char *p = &v[size - 4];
542 bpf_int32 w = ((bpf_int32)p[0] << 24) |
543 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3];
544
545 tmp = gen_cmp(offset + size - 4, BPF_W, w);
546 if (b != NULL)
547 gen_and(b, tmp);
548 b = tmp;
549 size -= 4;
550 }
551 while (size >= 2) {
552 register const u_char *p = &v[size - 2];
553 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1];
554
555 tmp = gen_cmp(offset + size - 2, BPF_H, w);
556 if (b != NULL)
557 gen_and(b, tmp);
558 b = tmp;
559 size -= 2;
560 }
561 if (size > 0) {
562 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]);
563 if (b != NULL)
564 gen_and(b, tmp);
565 b = tmp;
566 }
567 return b;
568 }
569
570 static struct block *
571 gen_ncmp(datasize, offset, mask, jtype, jvalue, reverse)
572 bpf_u_int32 datasize, offset, mask, jtype, jvalue;
573 int reverse;
574 {
575 struct slist *s;
576 struct block *b;
577
578 s = new_stmt(BPF_LD|datasize|BPF_ABS);
579 s->s.k = offset;
580
581 if (mask != 0xffffffff) {
582 s->next = new_stmt(BPF_ALU|BPF_AND|BPF_K);
583 s->next->s.k = mask;
584 }
585
586 b = new_block(JMP(jtype));
587 b->stmts = s;
588 b->s.k = jvalue;
589 if (reverse && (jtype == BPF_JGT || jtype == BPF_JGE))
590 gen_not(b);
591 return b;
592 }
593
594 /*
595 * Various code constructs need to know the layout of the data link
596 * layer. These variables give the necessary offsets.
597 */
598
599 /*
600 * This is the offset of the beginning of the MAC-layer header.
601 * It's usually 0, except for ATM LANE.
602 */
603 static u_int off_mac;
604
605 /*
606 * "off_linktype" is the offset to information in the link-layer header
607 * giving the packet type.
608 *
609 * For Ethernet, it's the offset of the Ethernet type field.
610 *
611 * For link-layer types that always use 802.2 headers, it's the
612 * offset of the LLC header.
613 *
614 * For PPP, it's the offset of the PPP type field.
615 *
616 * For Cisco HDLC, it's the offset of the CHDLC type field.
617 *
618 * For BSD loopback, it's the offset of the AF_ value.
619 *
620 * For Linux cooked sockets, it's the offset of the type field.
621 *
622 * It's set to -1 for no encapsulation, in which case, IP is assumed.
623 */
624 static u_int off_linktype;
625
626 /*
627 * TRUE if the link layer includes an ATM pseudo-header.
628 */
629 static int is_atm = 0;
630
631 /*
632 * TRUE if "lane" appeared in the filter; it causes us to generate
633 * code that assumes LANE rather than LLC-encapsulated traffic in SunATM.
634 */
635 static int is_lane = 0;
636
637 /*
638 * These are offsets for the ATM pseudo-header.
639 */
640 static u_int off_vpi;
641 static u_int off_vci;
642 static u_int off_proto;
643
644 /*
645 * This is the offset of the first byte after the ATM pseudo_header,
646 * or -1 if there is no ATM pseudo-header.
647 */
648 static u_int off_payload;
649
650 /*
651 * These are offsets to the beginning of the network-layer header.
652 *
653 * If the link layer never uses 802.2 LLC:
654 *
655 * "off_nl" and "off_nl_nosnap" are the same.
656 *
657 * If the link layer always uses 802.2 LLC:
658 *
659 * "off_nl" is the offset if there's a SNAP header following
660 * the 802.2 header;
661 *
662 * "off_nl_nosnap" is the offset if there's no SNAP header.
663 *
664 * If the link layer is Ethernet:
665 *
666 * "off_nl" is the offset if the packet is an Ethernet II packet
667 * (we assume no 802.3+802.2+SNAP);
668 *
669 * "off_nl_nosnap" is the offset if the packet is an 802.3 packet
670 * with an 802.2 header following it.
671 */
672 static u_int off_nl;
673 static u_int off_nl_nosnap;
674
675 static int linktype;
676
677 static void
678 init_linktype(type)
679 int type;
680 {
681 linktype = type;
682
683 /*
684 * Assume it's not raw ATM with a pseudo-header, for now.
685 */
686 off_mac = 0;
687 is_atm = 0;
688 is_lane = 0;
689 off_vpi = -1;
690 off_vci = -1;
691 off_proto = -1;
692 off_payload = -1;
693
694 orig_linktype = -1;
695 orig_nl = -1;
696 orig_nl_nosnap = -1;
697
698 switch (type) {
699
700 case DLT_ARCNET:
701 off_linktype = 2;
702 off_nl = 6; /* XXX in reality, variable! */
703 off_nl_nosnap = 6; /* no 802.2 LLC */
704 return;
705
706 case DLT_ARCNET_LINUX:
707 off_linktype = 4;
708 off_nl = 8; /* XXX in reality, variable! */
709 off_nl_nosnap = 8; /* no 802.2 LLC */
710 return;
711
712 case DLT_EN10MB:
713 off_linktype = 12;
714 off_nl = 14; /* Ethernet II */
715 off_nl_nosnap = 17; /* 802.3+802.2 */
716 return;
717
718 case DLT_SLIP:
719 /*
720 * SLIP doesn't have a link level type. The 16 byte
721 * header is hacked into our SLIP driver.
722 */
723 off_linktype = -1;
724 off_nl = 16;
725 off_nl_nosnap = 16; /* no 802.2 LLC */
726 return;
727
728 case DLT_SLIP_BSDOS:
729 /* XXX this may be the same as the DLT_PPP_BSDOS case */
730 off_linktype = -1;
731 /* XXX end */
732 off_nl = 24;
733 off_nl_nosnap = 24; /* no 802.2 LLC */
734 return;
735
736 case DLT_NULL:
737 case DLT_LOOP:
738 off_linktype = 0;
739 off_nl = 4;
740 off_nl_nosnap = 4; /* no 802.2 LLC */
741 return;
742
743 case DLT_ENC:
744 off_linktype = 0;
745 off_nl = 12;
746 off_nl_nosnap = 12; /* no 802.2 LLC */
747 return;
748
749 case DLT_PFLOG:
750 off_linktype = 0;
751 off_nl = 28;
752 off_nl_nosnap = 28; /* no 802.2 LLC */
753 return;
754
755 case DLT_PPP:
756 case DLT_C_HDLC: /* BSD/OS Cisco HDLC */
757 case DLT_PPP_SERIAL: /* NetBSD sync/async serial PPP */
758 off_linktype = 2;
759 off_nl = 4;
760 off_nl_nosnap = 4; /* no 802.2 LLC */
761 return;
762
763 case DLT_PPP_ETHER:
764 /*
765 * This does no include the Ethernet header, and
766 * only covers session state.
767 */
768 off_linktype = 6;
769 off_nl = 8;
770 off_nl_nosnap = 8; /* no 802.2 LLC */
771 return;
772
773 case DLT_PPP_BSDOS:
774 off_linktype = 5;
775 off_nl = 24;
776 off_nl_nosnap = 24; /* no 802.2 LLC */
777 return;
778
779 case DLT_FDDI:
780 /*
781 * FDDI doesn't really have a link-level type field.
782 * We set "off_linktype" to the offset of the LLC header.
783 *
784 * To check for Ethernet types, we assume that SSAP = SNAP
785 * is being used and pick out the encapsulated Ethernet type.
786 * XXX - should we generate code to check for SNAP?
787 */
788 off_linktype = 13;
789 #ifdef PCAP_FDDIPAD
790 off_linktype += pcap_fddipad;
791 #endif
792 off_nl = 21; /* FDDI+802.2+SNAP */
793 off_nl_nosnap = 16; /* FDDI+802.2 */
794 #ifdef PCAP_FDDIPAD
795 off_nl += pcap_fddipad;
796 off_nl_nosnap += pcap_fddipad;
797 #endif
798 return;
799
800 case DLT_IEEE802:
801 /*
802 * Token Ring doesn't really have a link-level type field.
803 * We set "off_linktype" to the offset of the LLC header.
804 *
805 * To check for Ethernet types, we assume that SSAP = SNAP
806 * is being used and pick out the encapsulated Ethernet type.
807 * XXX - should we generate code to check for SNAP?
808 *
809 * XXX - the header is actually variable-length.
810 * Some various Linux patched versions gave 38
811 * as "off_linktype" and 40 as "off_nl"; however,
812 * if a token ring packet has *no* routing
813 * information, i.e. is not source-routed, the correct
814 * values are 20 and 22, as they are in the vanilla code.
815 *
816 * A packet is source-routed iff the uppermost bit
817 * of the first byte of the source address, at an
818 * offset of 8, has the uppermost bit set. If the
819 * packet is source-routed, the total number of bytes
820 * of routing information is 2 plus bits 0x1F00 of
821 * the 16-bit value at an offset of 14 (shifted right
822 * 8 - figure out which byte that is).
823 */
824 off_linktype = 14;
825 off_nl = 22; /* Token Ring+802.2+SNAP */
826 off_nl_nosnap = 17; /* Token Ring+802.2 */
827 return;
828
829 case DLT_IEEE802_11:
830 /*
831 * 802.11 doesn't really have a link-level type field.
832 * We set "off_linktype" to the offset of the LLC header.
833 *
834 * To check for Ethernet types, we assume that SSAP = SNAP
835 * is being used and pick out the encapsulated Ethernet type.
836 * XXX - should we generate code to check for SNAP?
837 *
838 * XXX - the header is actually variable-length. We
839 * assume a 24-byte link-layer header, as appears in
840 * data frames in networks with no bridges.
841 */
842 off_linktype = 24;
843 off_nl = 32; /* 802.11+802.2+SNAP */
844 off_nl_nosnap = 27; /* 802.11+802.2 */
845 return;
846
847 case DLT_PRISM_HEADER:
848 /*
849 * Same as 802.11, but with an additional header before
850 * the 802.11 header, containing a bunch of additional
851 * information including radio-level information.
852 *
853 * The header is 144 bytes long.
854 *
855 * XXX - same variable-length header problem; at least
856 * the Prism header is fixed-length.
857 */
858 off_linktype = 144+24;
859 off_nl = 144+32; /* Prism+802.11+802.2+SNAP */
860 off_nl_nosnap = 144+27; /* Prism+802.11+802.2 */
861 return;
862
863 case DLT_IEEE802_11_RADIO:
864 /*
865 * Same as 802.11, but with an additional header before
866 * the 802.11 header, containing a bunch of additional
867 * information including radio-level information.
868 *
869 * The header is 64 bytes long.
870 *
871 * XXX - same variable-length header problem, only
872 * more so; this header is also variable-length,
873 * with the length being the 32-bit big-endian
874 * number at an offset of 4 from the beginning
875 * of the radio header.
876 */
877 off_linktype = 64+24;
878 off_nl = 64+32; /* Radio+802.11+802.2+SNAP */
879 off_nl_nosnap = 64+27; /* Radio+802.11+802.2 */
880 return;
881
882 case DLT_ATM_RFC1483:
883 case DLT_ATM_CLIP: /* Linux ATM defines this */
884 /*
885 * assume routed, non-ISO PDUs
886 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00)
887 */
888 off_linktype = 0;
889 off_nl = 8; /* 802.2+SNAP */
890 off_nl_nosnap = 3; /* 802.2 */
891 return;
892
893 case DLT_SUNATM:
894 /*
895 * Full Frontal ATM; you get AALn PDUs with an ATM
896 * pseudo-header.
897 */
898 is_atm = 1;
899 off_vpi = SUNATM_VPI_POS;
900 off_vci = SUNATM_VCI_POS;
901 off_proto = PROTO_POS;
902 off_mac = -1; /* LLC-encapsulated, so no MAC-layer header */
903 off_payload = SUNATM_PKT_BEGIN_POS;
904 off_linktype = off_payload;
905 off_nl = off_payload+8; /* 802.2+SNAP */
906 off_nl_nosnap = off_payload+3; /* 802.2 */
907 return;
908
909 case DLT_RAW:
910 off_linktype = -1;
911 off_nl = 0;
912 off_nl_nosnap = 0; /* no 802.2 LLC */
913 return;
914
915 case DLT_LINUX_SLL: /* fake header for Linux cooked socket */
916 off_linktype = 14;
917 off_nl = 16;
918 off_nl_nosnap = 16; /* no 802.2 LLC */
919 return;
920
921 case DLT_LTALK:
922 /*
923 * LocalTalk does have a 1-byte type field in the LLAP header,
924 * but really it just indicates whether there is a "short" or
925 * "long" DDP packet following.
926 */
927 off_linktype = -1;
928 off_nl = 0;
929 off_nl_nosnap = 0; /* no 802.2 LLC */
930 return;
931
932 case DLT_IP_OVER_FC:
933 /*
934 * RFC 2625 IP-over-Fibre-Channel doesn't really have a
935 * link-level type field. We set "off_linktype" to the
936 * offset of the LLC header.
937 *
938 * To check for Ethernet types, we assume that SSAP = SNAP
939 * is being used and pick out the encapsulated Ethernet type.
940 * XXX - should we generate code to check for SNAP? RFC
941 * 2625 says SNAP should be used.
942 */
943 off_linktype = 16;
944 off_nl = 24; /* IPFC+802.2+SNAP */
945 off_nl_nosnap = 19; /* IPFC+802.2 */
946 return;
947
948 case DLT_FRELAY:
949 /*
950 * XXX - we should set this to handle SNAP-encapsulated
951 * frames (NLPID of 0x80).
952 */
953 off_linktype = -1;
954 off_nl = 0;
955 off_nl_nosnap = 0; /* no 802.2 LLC */
956 return;
957
958 case DLT_LINUX_IRDA:
959 /*
960 * Currently, only raw "link[N:M]" filtering is supported.
961 */
962 off_linktype = -1;
963 off_nl = -1;
964 off_nl_nosnap = -1;
965 return;
966 }
967 bpf_error("unknown data link type %d", linktype);
968 /* NOTREACHED */
969 }
970
971 static struct block *
972 gen_uncond(rsense)
973 int rsense;
974 {
975 struct block *b;
976 struct slist *s;
977
978 s = new_stmt(BPF_LD|BPF_IMM);
979 s->s.k = !rsense;
980 b = new_block(JMP(BPF_JEQ));
981 b->stmts = s;
982
983 return b;
984 }
985
986 static inline struct block *
987 gen_true()
988 {
989 return gen_uncond(1);
990 }
991
992 static inline struct block *
993 gen_false()
994 {
995 return gen_uncond(0);
996 }
997
998 /*
999 * Byte-swap a 32-bit number.
1000 * ("htonl()" or "ntohl()" won't work - we want to byte-swap even on
1001 * big-endian platforms.)
1002 */
1003 #define SWAPLONG(y) \
1004 ((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff))
1005
1006 static struct block *
1007 gen_ether_linktype(proto)
1008 register int proto;
1009 {
1010 struct block *b0, *b1;
1011
1012 switch (proto) {
1013
1014 case LLCSAP_ISONS:
1015 /*
1016 * OSI protocols always use 802.2 encapsulation.
1017 * XXX - should we check both the DSAP and the
1018 * SSAP, like this, or should we check just the
1019 * DSAP?
1020 */
1021 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1022 gen_not(b0);
1023 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1024 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
1025 gen_and(b0, b1);
1026 return b1;
1027
1028 case LLCSAP_IP:
1029 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1030 gen_not(b0);
1031 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1032 ((LLCSAP_IP << 8) | LLCSAP_IP));
1033 gen_and(b0, b1);
1034 return b1;
1035
1036 case LLCSAP_NETBEUI:
1037 /*
1038 * NetBEUI always uses 802.2 encapsulation.
1039 * XXX - should we check both the DSAP and the
1040 * SSAP, like this, or should we check just the
1041 * DSAP?
1042 */
1043 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1044 gen_not(b0);
1045 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1046 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
1047 gen_and(b0, b1);
1048 return b1;
1049
1050 case LLCSAP_IPX:
1051 /*
1052 * Check for;
1053 *
1054 * Ethernet_II frames, which are Ethernet
1055 * frames with a frame type of ETHERTYPE_IPX;
1056 *
1057 * Ethernet_802.3 frames, which are 802.3
1058 * frames (i.e., the type/length field is
1059 * a length field, <= ETHERMTU, rather than
1060 * a type field) with the first two bytes
1061 * after the Ethernet/802.3 header being
1062 * 0xFFFF;
1063 *
1064 * Ethernet_802.2 frames, which are 802.3
1065 * frames with an 802.2 LLC header and
1066 * with the IPX LSAP as the DSAP in the LLC
1067 * header;
1068 *
1069 * Ethernet_SNAP frames, which are 802.3
1070 * frames with an LLC header and a SNAP
1071 * header and with an OUI of 0x000000
1072 * (encapsulated Ethernet) and a protocol
1073 * ID of ETHERTYPE_IPX in the SNAP header.
1074 *
1075 * XXX - should we generate the same code both
1076 * for tests for LLCSAP_IPX and for ETHERTYPE_IPX?
1077 */
1078
1079 /*
1080 * This generates code to check both for the
1081 * IPX LSAP (Ethernet_802.2) and for Ethernet_802.3.
1082 */
1083 b0 = gen_cmp(off_linktype + 2, BPF_B, (bpf_int32)LLCSAP_IPX);
1084 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)0xFFFF);
1085 gen_or(b0, b1);
1086
1087 /*
1088 * Now we add code to check for SNAP frames with
1089 * ETHERTYPE_IPX, i.e. Ethernet_SNAP.
1090 */
1091 b0 = gen_snap(0x000000, ETHERTYPE_IPX, 14);
1092 gen_or(b0, b1);
1093
1094 /*
1095 * Now we generate code to check for 802.3
1096 * frames in general.
1097 */
1098 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1099 gen_not(b0);
1100
1101 /*
1102 * Now add the check for 802.3 frames before the
1103 * check for Ethernet_802.2 and Ethernet_802.3,
1104 * as those checks should only be done on 802.3
1105 * frames, not on Ethernet frames.
1106 */
1107 gen_and(b0, b1);
1108
1109 /*
1110 * Now add the check for Ethernet_II frames, and
1111 * do that before checking for the other frame
1112 * types.
1113 */
1114 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)ETHERTYPE_IPX);
1115 gen_or(b0, b1);
1116 return b1;
1117
1118 case ETHERTYPE_ATALK:
1119 case ETHERTYPE_AARP:
1120 /*
1121 * EtherTalk (AppleTalk protocols on Ethernet link
1122 * layer) may use 802.2 encapsulation.
1123 */
1124
1125 /*
1126 * Check for 802.2 encapsulation (EtherTalk phase 2?);
1127 * we check for an Ethernet type field less than
1128 * 1500, which means it's an 802.3 length field.
1129 */
1130 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1131 gen_not(b0);
1132
1133 /*
1134 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1135 * SNAP packets with an organization code of
1136 * 0x080007 (Apple, for Appletalk) and a protocol
1137 * type of ETHERTYPE_ATALK (Appletalk).
1138 *
1139 * 802.2-encapsulated ETHERTYPE_AARP packets are
1140 * SNAP packets with an organization code of
1141 * 0x000000 (encapsulated Ethernet) and a protocol
1142 * type of ETHERTYPE_AARP (Appletalk ARP).
1143 */
1144 if (proto == ETHERTYPE_ATALK)
1145 b1 = gen_snap(0x080007, ETHERTYPE_ATALK, 14);
1146 else /* proto == ETHERTYPE_AARP */
1147 b1 = gen_snap(0x000000, ETHERTYPE_AARP, 14);
1148 gen_and(b0, b1);
1149
1150 /*
1151 * Check for Ethernet encapsulation (Ethertalk
1152 * phase 1?); we just check for the Ethernet
1153 * protocol type.
1154 */
1155 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1156
1157 gen_or(b0, b1);
1158 return b1;
1159
1160 default:
1161 if (proto <= ETHERMTU) {
1162 /*
1163 * This is an LLC SAP value, so the frames
1164 * that match would be 802.2 frames.
1165 * Check that the frame is an 802.2 frame
1166 * (i.e., that the length/type field is
1167 * a length field, <= ETHERMTU) and
1168 * then check the DSAP.
1169 */
1170 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1171 gen_not(b0);
1172 b1 = gen_cmp(off_linktype + 2, BPF_B, (bpf_int32)proto);
1173 gen_and(b0, b1);
1174 return b1;
1175 } else {
1176 /*
1177 * This is an Ethernet type, so compare
1178 * the length/type field with it (if
1179 * the frame is an 802.2 frame, the length
1180 * field will be <= ETHERMTU, and, as
1181 * "proto" is > ETHERMTU, this test
1182 * will fail and the frame won't match,
1183 * which is what we want).
1184 */
1185 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1186 }
1187 }
1188 }
1189
1190 static struct block *
1191 gen_linktype(proto)
1192 register int proto;
1193 {
1194 struct block *b0, *b1, *b2;
1195
1196 switch (linktype) {
1197
1198 case DLT_EN10MB:
1199 return gen_ether_linktype(proto);
1200 break;
1201
1202 case DLT_C_HDLC:
1203 switch (proto) {
1204
1205 case LLCSAP_ISONS:
1206 proto = (proto << 8 | LLCSAP_ISONS);
1207 /* fall through */
1208
1209 default:
1210 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1211 break;
1212 }
1213 break;
1214
1215 case DLT_IEEE802_11:
1216 case DLT_PRISM_HEADER:
1217 case DLT_IEEE802_11_RADIO:
1218 case DLT_FDDI:
1219 case DLT_IEEE802:
1220 case DLT_ATM_RFC1483:
1221 case DLT_ATM_CLIP:
1222 case DLT_IP_OVER_FC:
1223 return gen_llc(proto);
1224 break;
1225
1226 case DLT_SUNATM:
1227 /*
1228 * If "is_lane" is set, check for a LANE-encapsulated
1229 * version of this protocol, otherwise check for an
1230 * LLC-encapsulated version of this protocol.
1231 *
1232 * We assume LANE means Ethernet, not Token Ring.
1233 */
1234 if (is_lane) {
1235 /*
1236 * Check that the packet doesn't begin with an
1237 * LE Control marker. (We've already generated
1238 * a test for LANE.)
1239 */
1240 b0 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
1241 gen_not(b0);
1242
1243 /*
1244 * Now generate an Ethernet test.
1245 */
1246 b1 = gen_ether_linktype(proto);
1247 gen_and(b0, b1);
1248 return b1;
1249 } else {
1250 /*
1251 * Check for LLC encapsulation and then check the
1252 * protocol.
1253 */
1254 b0 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0);
1255 b1 = gen_llc(proto);
1256 gen_and(b0, b1);
1257 return b1;
1258 }
1259
1260 case DLT_LINUX_SLL:
1261 switch (proto) {
1262
1263 case LLCSAP_IP:
1264 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1265 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1266 ((LLCSAP_IP << 8) | LLCSAP_IP));
1267 gen_and(b0, b1);
1268 return b1;
1269
1270 case LLCSAP_ISONS:
1271 /*
1272 * OSI protocols always use 802.2 encapsulation.
1273 * XXX - should we check both the DSAP and the
1274 * LSAP, like this, or should we check just the
1275 * DSAP?
1276 */
1277 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1278 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1279 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
1280 gen_and(b0, b1);
1281 return b1;
1282
1283 case LLCSAP_NETBEUI:
1284 /*
1285 * NetBEUI always uses 802.2 encapsulation.
1286 * XXX - should we check both the DSAP and the
1287 * LSAP, like this, or should we check just the
1288 * DSAP?
1289 */
1290 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1291 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1292 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
1293 gen_and(b0, b1);
1294 return b1;
1295
1296 case LLCSAP_IPX:
1297 /*
1298 * Ethernet_II frames, which are Ethernet
1299 * frames with a frame type of ETHERTYPE_IPX;
1300 *
1301 * Ethernet_802.3 frames, which have a frame
1302 * type of LINUX_SLL_P_802_3;
1303 *
1304 * Ethernet_802.2 frames, which are 802.3
1305 * frames with an 802.2 LLC header (i.e, have
1306 * a frame type of LINUX_SLL_P_802_2) and
1307 * with the IPX LSAP as the DSAP in the LLC
1308 * header;
1309 *
1310 * Ethernet_SNAP frames, which are 802.3
1311 * frames with an LLC header and a SNAP
1312 * header and with an OUI of 0x000000
1313 * (encapsulated Ethernet) and a protocol
1314 * ID of ETHERTYPE_IPX in the SNAP header.
1315 *
1316 * First, do the checks on LINUX_SLL_P_802_2
1317 * frames; generate the check for either
1318 * Ethernet_802.2 or Ethernet_SNAP frames, and
1319 * then put a check for LINUX_SLL_P_802_2 frames
1320 * before it.
1321 */
1322 b0 = gen_cmp(off_linktype + 2, BPF_B,
1323 (bpf_int32)LLCSAP_IPX);
1324 b1 = gen_snap(0x000000, ETHERTYPE_IPX,
1325 off_linktype + 2);
1326 gen_or(b0, b1);
1327 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1328 gen_and(b0, b1);
1329
1330 /*
1331 * Now check for 802.3 frames and OR that with
1332 * the previous test.
1333 */
1334 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_3);
1335 gen_or(b0, b1);
1336
1337 /*
1338 * Now add the check for Ethernet_II frames, and
1339 * do that before checking for the other frame
1340 * types.
1341 */
1342 b0 = gen_cmp(off_linktype, BPF_H,
1343 (bpf_int32)ETHERTYPE_IPX);
1344 gen_or(b0, b1);
1345 return b1;
1346
1347 case ETHERTYPE_ATALK:
1348 case ETHERTYPE_AARP:
1349 /*
1350 * EtherTalk (AppleTalk protocols on Ethernet link
1351 * layer) may use 802.2 encapsulation.
1352 */
1353
1354 /*
1355 * Check for 802.2 encapsulation (EtherTalk phase 2?);
1356 * we check for the 802.2 protocol type in the
1357 * "Ethernet type" field.
1358 */
1359 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1360
1361 /*
1362 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1363 * SNAP packets with an organization code of
1364 * 0x080007 (Apple, for Appletalk) and a protocol
1365 * type of ETHERTYPE_ATALK (Appletalk).
1366 *
1367 * 802.2-encapsulated ETHERTYPE_AARP packets are
1368 * SNAP packets with an organization code of
1369 * 0x000000 (encapsulated Ethernet) and a protocol
1370 * type of ETHERTYPE_AARP (Appletalk ARP).
1371 */
1372 if (proto == ETHERTYPE_ATALK)
1373 b1 = gen_snap(0x080007, ETHERTYPE_ATALK,
1374 off_linktype + 2);
1375 else /* proto == ETHERTYPE_AARP */
1376 b1 = gen_snap(0x000000, ETHERTYPE_AARP,
1377 off_linktype + 2);
1378 gen_and(b0, b1);
1379
1380 /*
1381 * Check for Ethernet encapsulation (Ethertalk
1382 * phase 1?); we just check for the Ethernet
1383 * protocol type.
1384 */
1385 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1386
1387 gen_or(b0, b1);
1388 return b1;
1389
1390 default:
1391 if (proto <= ETHERMTU) {
1392 /*
1393 * This is an LLC SAP value, so the frames
1394 * that match would be 802.2 frames.
1395 * Check for the 802.2 protocol type
1396 * in the "Ethernet type" field, and
1397 * then check the DSAP.
1398 */
1399 b0 = gen_cmp(off_linktype, BPF_H,
1400 LINUX_SLL_P_802_2);
1401 b1 = gen_cmp(off_linktype + 2, BPF_B,
1402 (bpf_int32)proto);
1403 gen_and(b0, b1);
1404 return b1;
1405 } else {
1406 /*
1407 * This is an Ethernet type, so compare
1408 * the length/type field with it (if
1409 * the frame is an 802.2 frame, the length
1410 * field will be <= ETHERMTU, and, as
1411 * "proto" is > ETHERMTU, this test
1412 * will fail and the frame won't match,
1413 * which is what we want).
1414 */
1415 return gen_cmp(off_linktype, BPF_H,
1416 (bpf_int32)proto);
1417 }
1418 }
1419 break;
1420
1421 case DLT_SLIP:
1422 case DLT_SLIP_BSDOS:
1423 case DLT_RAW:
1424 /*
1425 * These types don't provide any type field; packets
1426 * are always IP.
1427 *
1428 * XXX - for IPv4, check for a version number of 4, and,
1429 * for IPv6, check for a version number of 6?
1430 */
1431 switch (proto) {
1432
1433 case ETHERTYPE_IP:
1434 #ifdef INET6
1435 case ETHERTYPE_IPV6:
1436 #endif
1437 return gen_true(); /* always true */
1438
1439 default:
1440 return gen_false(); /* always false */
1441 }
1442 break;
1443
1444 case DLT_PPP:
1445 case DLT_PPP_SERIAL:
1446 case DLT_PPP_ETHER:
1447 /*
1448 * We use Ethernet protocol types inside libpcap;
1449 * map them to the corresponding PPP protocol types.
1450 */
1451 switch (proto) {
1452
1453 case ETHERTYPE_IP:
1454 proto = PPP_IP;
1455 break;
1456
1457 #ifdef INET6
1458 case ETHERTYPE_IPV6:
1459 proto = PPP_IPV6;
1460 break;
1461 #endif
1462
1463 case ETHERTYPE_DN:
1464 proto = PPP_DECNET;
1465 break;
1466
1467 case ETHERTYPE_ATALK:
1468 proto = PPP_APPLE;
1469 break;
1470
1471 case ETHERTYPE_NS:
1472 proto = PPP_NS;
1473 break;
1474
1475 case LLCSAP_ISONS:
1476 proto = PPP_OSI;
1477 break;
1478
1479 case LLCSAP_8021D:
1480 /*
1481 * I'm assuming the "Bridging PDU"s that go
1482 * over PPP are Spanning Tree Protocol
1483 * Bridging PDUs.
1484 */
1485 proto = PPP_BRPDU;
1486 break;
1487
1488 case LLCSAP_IPX:
1489 proto = PPP_IPX;
1490 break;
1491 }
1492 break;
1493
1494 case DLT_PPP_BSDOS:
1495 /*
1496 * We use Ethernet protocol types inside libpcap;
1497 * map them to the corresponding PPP protocol types.
1498 */
1499 switch (proto) {
1500
1501 case ETHERTYPE_IP:
1502 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP);
1503 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC);
1504 gen_or(b0, b1);
1505 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC);
1506 gen_or(b1, b0);
1507 return b0;
1508
1509 #ifdef INET6
1510 case ETHERTYPE_IPV6:
1511 proto = PPP_IPV6;
1512 /* more to go? */
1513 break;
1514 #endif
1515
1516 case ETHERTYPE_DN:
1517 proto = PPP_DECNET;
1518 break;
1519
1520 case ETHERTYPE_ATALK:
1521 proto = PPP_APPLE;
1522 break;
1523
1524 case ETHERTYPE_NS:
1525 proto = PPP_NS;
1526 break;
1527
1528 case LLCSAP_ISONS:
1529 proto = PPP_OSI;
1530 break;
1531
1532 case LLCSAP_8021D:
1533 /*
1534 * I'm assuming the "Bridging PDU"s that go
1535 * over PPP are Spanning Tree Protocol
1536 * Bridging PDUs.
1537 */
1538 proto = PPP_BRPDU;
1539 break;
1540
1541 case LLCSAP_IPX:
1542 proto = PPP_IPX;
1543 break;
1544 }
1545 break;
1546
1547 case DLT_NULL:
1548 case DLT_LOOP:
1549 case DLT_ENC:
1550 case DLT_PFLOG:
1551 /*
1552 * For DLT_NULL, the link-layer header is a 32-bit
1553 * word containing an AF_ value in *host* byte order,
1554 * and for DLT_ENC, the link-layer header begins
1555 * with a 32-bit work containing an AF_ value in
1556 * host byte order.
1557 *
1558 * In addition, if we're reading a saved capture file,
1559 * the host byte order in the capture may not be the
1560 * same as the host byte order on this machine.
1561 *
1562 * For DLT_LOOP, the link-layer header is a 32-bit
1563 * word containing an AF_ value in *network* byte order.
1564 *
1565 * XXX - AF_ values may, unfortunately, be platform-
1566 * dependent; for example, FreeBSD's AF_INET6 is 24
1567 * whilst NetBSD's and OpenBSD's is 26.
1568 *
1569 * This means that, when reading a capture file, just
1570 * checking for our AF_INET6 value won't work if the
1571 * capture file came from another OS.
1572 *
1573 * XXX - what's the byte order for DLT_PFLOG?
1574 */
1575 switch (proto) {
1576
1577 case ETHERTYPE_IP:
1578 proto = AF_INET;
1579 break;
1580
1581 #ifdef INET6
1582 case ETHERTYPE_IPV6:
1583 proto = AF_INET6;
1584 break;
1585 #endif
1586
1587 default:
1588 /*
1589 * Not a type on which we support filtering.
1590 * XXX - support those that have AF_ values
1591 * #defined on this platform, at least?
1592 */
1593 return gen_false();
1594 }
1595
1596 if (linktype == DLT_NULL || linktype == DLT_ENC) {
1597 /*
1598 * The AF_ value is in host byte order, but
1599 * the BPF interpreter will convert it to
1600 * network byte order.
1601 *
1602 * If this is a save file, and it's from a
1603 * machine with the opposite byte order to
1604 * ours, we byte-swap the AF_ value.
1605 *
1606 * Then we run it through "htonl()", and
1607 * generate code to compare against the result.
1608 */
1609 if (bpf_pcap->sf.rfile != NULL &&
1610 bpf_pcap->sf.swapped)
1611 proto = SWAPLONG(proto);
1612 proto = htonl(proto);
1613 }
1614 return (gen_cmp(0, BPF_W, (bpf_int32)proto));
1615
1616 case DLT_ARCNET:
1617 case DLT_ARCNET_LINUX:
1618 /*
1619 * XXX should we check for first fragment if the protocol
1620 * uses PHDS?
1621 */
1622 switch (proto) {
1623
1624 default:
1625 return gen_false();
1626
1627 #ifdef INET6
1628 case ETHERTYPE_IPV6:
1629 return (gen_cmp(off_linktype, BPF_B,
1630 (bpf_int32)ARCTYPE_INET6));
1631 #endif /* INET6 */
1632
1633 case ETHERTYPE_IP:
1634 b0 = gen_cmp(off_linktype, BPF_B,
1635 (bpf_int32)ARCTYPE_IP);
1636 b1 = gen_cmp(off_linktype, BPF_B,
1637 (bpf_int32)ARCTYPE_IP_OLD);
1638 gen_or(b0, b1);
1639 return (b1);
1640
1641 case ETHERTYPE_ARP:
1642 b0 = gen_cmp(off_linktype, BPF_B,
1643 (bpf_int32)ARCTYPE_ARP);
1644 b1 = gen_cmp(off_linktype, BPF_B,
1645 (bpf_int32)ARCTYPE_ARP_OLD);
1646 gen_or(b0, b1);
1647 return (b1);
1648
1649 case ETHERTYPE_REVARP:
1650 return (gen_cmp(off_linktype, BPF_B,
1651 (bpf_int32)ARCTYPE_REVARP));
1652
1653 case ETHERTYPE_ATALK:
1654 return (gen_cmp(off_linktype, BPF_B,
1655 (bpf_int32)ARCTYPE_ATALK));
1656 }
1657 break;
1658
1659 case DLT_LTALK:
1660 switch (proto) {
1661 case ETHERTYPE_ATALK:
1662 return gen_true();
1663 default:
1664 return gen_false();
1665 }
1666 break;
1667
1668 case DLT_FRELAY:
1669 /*
1670 * XXX - assumes a 2-byte Frame Relay header with
1671 * DLCI and flags. What if the address is longer?
1672 */
1673 switch (proto) {
1674
1675 case ETHERTYPE_IP:
1676 /*
1677 * Check for the special NLPID for IP.
1678 */
1679 return gen_cmp(2, BPF_H, (0x03<<8) | 0xcc);
1680
1681 #ifdef INET6
1682 case ETHERTYPE_IPV6:
1683 /*
1684 * Check for the special NLPID for IPv6.
1685 */
1686 return gen_cmp(2, BPF_H, (0x03<<8) | 0x8e);
1687 #endif
1688
1689 case LLCSAP_ISONS:
1690 /*
1691 * Check for several OSI protocols.
1692 *
1693 * Frame Relay packets typically have an OSI
1694 * NLPID at the beginning; we check for each
1695 * of them.
1696 *
1697 * What we check for is the NLPID and a frame
1698 * control field of UI, i.e. 0x03 followed
1699 * by the NLPID.
1700 */
1701 b0 = gen_cmp(2, BPF_H, (0x03<<8) | ISO8473_CLNP);
1702 b1 = gen_cmp(2, BPF_H, (0x03<<8) | ISO9542_ESIS);
1703 b2 = gen_cmp(2, BPF_H, (0x03<<8) | ISO10589_ISIS);
1704 gen_or(b1, b2);
1705 gen_or(b0, b2);
1706 return b2;
1707
1708 default:
1709 return gen_false();
1710 }
1711 break;
1712
1713 case DLT_LINUX_IRDA:
1714 bpf_error("IrDA link-layer type filtering not implemented");
1715 }
1716
1717 /*
1718 * All the types that have no encapsulation should either be
1719 * handled as DLT_SLIP, DLT_SLIP_BSDOS, and DLT_RAW are, if
1720 * all packets are IP packets, or should be handled in some
1721 * special case, if none of them are (if some are and some
1722 * aren't, the lack of encapsulation is a problem, as we'd
1723 * have to find some other way of determining the packet type).
1724 *
1725 * Therefore, if "off_linktype" is -1, there's an error.
1726 */
1727 if (off_linktype == (u_int)-1)
1728 abort();
1729
1730 /*
1731 * Any type not handled above should always have an Ethernet
1732 * type at an offset of "off_linktype". (PPP is partially
1733 * handled above - the protocol type is mapped from the
1734 * Ethernet and LLC types we use internally to the corresponding
1735 * PPP type - but the PPP type is always specified by a value
1736 * at "off_linktype", so we don't have to do the code generation
1737 * above.)
1738 */
1739 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1740 }
1741
1742 /*
1743 * Check for an LLC SNAP packet with a given organization code and
1744 * protocol type; we check the entire contents of the 802.2 LLC and
1745 * snap headers, checking for DSAP and SSAP of SNAP and a control
1746 * field of 0x03 in the LLC header, and for the specified organization
1747 * code and protocol type in the SNAP header.
1748 */
1749 static struct block *
1750 gen_snap(orgcode, ptype, offset)
1751 bpf_u_int32 orgcode;
1752 bpf_u_int32 ptype;
1753 u_int offset;
1754 {
1755 u_char snapblock[8];
1756
1757 snapblock[0] = LLCSAP_SNAP; /* DSAP = SNAP */
1758 snapblock[1] = LLCSAP_SNAP; /* SSAP = SNAP */
1759 snapblock[2] = 0x03; /* control = UI */
1760 snapblock[3] = (orgcode >> 16); /* upper 8 bits of organization code */
1761 snapblock[4] = (orgcode >> 8); /* middle 8 bits of organization code */
1762 snapblock[5] = (orgcode >> 0); /* lower 8 bits of organization code */
1763 snapblock[6] = (ptype >> 8); /* upper 8 bits of protocol type */
1764 snapblock[7] = (ptype >> 0); /* lower 8 bits of protocol type */
1765 return gen_bcmp(offset, 8, snapblock);
1766 }
1767
1768 /*
1769 * Check for a given protocol value assuming an 802.2 LLC header.
1770 */
1771 static struct block *
1772 gen_llc(proto)
1773 int proto;
1774 {
1775 /*
1776 * XXX - handle token-ring variable-length header.
1777 */
1778 switch (proto) {
1779
1780 case LLCSAP_IP:
1781 return gen_cmp(off_linktype, BPF_H, (long)
1782 ((LLCSAP_IP << 8) | LLCSAP_IP));
1783
1784 case LLCSAP_ISONS:
1785 return gen_cmp(off_linktype, BPF_H, (long)
1786 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
1787
1788 case LLCSAP_NETBEUI:
1789 return gen_cmp(off_linktype, BPF_H, (long)
1790 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
1791
1792 case LLCSAP_IPX:
1793 /*
1794 * XXX - are there ever SNAP frames for IPX on
1795 * non-Ethernet 802.x networks?
1796 */
1797 return gen_cmp(off_linktype, BPF_B, (bpf_int32)LLCSAP_IPX);
1798
1799 case ETHERTYPE_ATALK:
1800 /*
1801 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1802 * SNAP packets with an organization code of
1803 * 0x080007 (Apple, for Appletalk) and a protocol
1804 * type of ETHERTYPE_ATALK (Appletalk).
1805 *
1806 * XXX - check for an organization code of
1807 * encapsulated Ethernet as well?
1808 */
1809 return gen_snap(0x080007, ETHERTYPE_ATALK, off_linktype);
1810
1811 default:
1812 /*
1813 * XXX - we don't have to check for IPX 802.3
1814 * here, but should we check for the IPX Ethertype?
1815 */
1816 if (proto <= ETHERMTU) {
1817 /*
1818 * This is an LLC SAP value, so check
1819 * the DSAP.
1820 */
1821 return gen_cmp(off_linktype, BPF_B, (bpf_int32)proto);
1822 } else {
1823 /*
1824 * This is an Ethernet type; we assume that it's
1825 * unlikely that it'll appear in the right place
1826 * at random, and therefore check only the
1827 * location that would hold the Ethernet type
1828 * in a SNAP frame with an organization code of
1829 * 0x000000 (encapsulated Ethernet).
1830 *
1831 * XXX - if we were to check for the SNAP DSAP and
1832 * LSAP, as per XXX, and were also to check for an
1833 * organization code of 0x000000 (encapsulated
1834 * Ethernet), we'd do
1835 *
1836 * return gen_snap(0x000000, proto,
1837 * off_linktype);
1838 *
1839 * here; for now, we don't, as per the above.
1840 * I don't know whether it's worth the extra CPU
1841 * time to do the right check or not.
1842 */
1843 return gen_cmp(off_linktype+6, BPF_H, (bpf_int32)proto);
1844 }
1845 }
1846 }
1847
1848 static struct block *
1849 gen_hostop(addr, mask, dir, proto, src_off, dst_off)
1850 bpf_u_int32 addr;
1851 bpf_u_int32 mask;
1852 int dir, proto;
1853 u_int src_off, dst_off;
1854 {
1855 struct block *b0, *b1;
1856 u_int offset;
1857
1858 switch (dir) {
1859
1860 case Q_SRC:
1861 offset = src_off;
1862 break;
1863
1864 case Q_DST:
1865 offset = dst_off;
1866 break;
1867
1868 case Q_AND:
1869 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
1870 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
1871 gen_and(b0, b1);
1872 return b1;
1873
1874 case Q_OR:
1875 case Q_DEFAULT:
1876 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
1877 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
1878 gen_or(b0, b1);
1879 return b1;
1880
1881 default:
1882 abort();
1883 }
1884 b0 = gen_linktype(proto);
1885 b1 = gen_mcmp(offset, BPF_W, (bpf_int32)addr, mask);
1886 gen_and(b0, b1);
1887 return b1;
1888 }
1889
1890 #ifdef INET6
1891 static struct block *
1892 gen_hostop6(addr, mask, dir, proto, src_off, dst_off)
1893 struct in6_addr *addr;
1894 struct in6_addr *mask;
1895 int dir, proto;
1896 u_int src_off, dst_off;
1897 {
1898 struct block *b0, *b1;
1899 u_int offset;
1900 u_int32_t *a, *m;
1901
1902 switch (dir) {
1903
1904 case Q_SRC:
1905 offset = src_off;
1906 break;
1907
1908 case Q_DST:
1909 offset = dst_off;
1910 break;
1911
1912 case Q_AND:
1913 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
1914 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
1915 gen_and(b0, b1);
1916 return b1;
1917
1918 case Q_OR:
1919 case Q_DEFAULT:
1920 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
1921 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
1922 gen_or(b0, b1);
1923 return b1;
1924
1925 default:
1926 abort();
1927 }
1928 /* this order is important */
1929 a = (u_int32_t *)addr;
1930 m = (u_int32_t *)mask;
1931 b1 = gen_mcmp(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3]));
1932 b0 = gen_mcmp(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2]));
1933 gen_and(b0, b1);
1934 b0 = gen_mcmp(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1]));
1935 gen_and(b0, b1);
1936 b0 = gen_mcmp(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0]));
1937 gen_and(b0, b1);
1938 b0 = gen_linktype(proto);
1939 gen_and(b0, b1);
1940 return b1;
1941 }
1942 #endif /*INET6*/
1943
1944 static struct block *
1945 gen_ehostop(eaddr, dir)
1946 register const u_char *eaddr;
1947 register int dir;
1948 {
1949 register struct block *b0, *b1;
1950
1951 switch (dir) {
1952 case Q_SRC:
1953 return gen_bcmp(off_mac + 6, 6, eaddr);
1954
1955 case Q_DST:
1956 return gen_bcmp(off_mac + 0, 6, eaddr);
1957
1958 case Q_AND:
1959 b0 = gen_ehostop(eaddr, Q_SRC);
1960 b1 = gen_ehostop(eaddr, Q_DST);
1961 gen_and(b0, b1);
1962 return b1;
1963
1964 case Q_DEFAULT:
1965 case Q_OR:
1966 b0 = gen_ehostop(eaddr, Q_SRC);
1967 b1 = gen_ehostop(eaddr, Q_DST);
1968 gen_or(b0, b1);
1969 return b1;
1970 }
1971 abort();
1972 /* NOTREACHED */
1973 }
1974
1975 /*
1976 * Like gen_ehostop, but for DLT_FDDI
1977 */
1978 static struct block *
1979 gen_fhostop(eaddr, dir)
1980 register const u_char *eaddr;
1981 register int dir;
1982 {
1983 struct block *b0, *b1;
1984
1985 switch (dir) {
1986 case Q_SRC:
1987 #ifdef PCAP_FDDIPAD
1988 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr);
1989 #else
1990 return gen_bcmp(6 + 1, 6, eaddr);
1991 #endif
1992
1993 case Q_DST:
1994 #ifdef PCAP_FDDIPAD
1995 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr);
1996 #else
1997 return gen_bcmp(0 + 1, 6, eaddr);
1998 #endif
1999
2000 case Q_AND:
2001 b0 = gen_fhostop(eaddr, Q_SRC);
2002 b1 = gen_fhostop(eaddr, Q_DST);
2003 gen_and(b0, b1);
2004 return b1;
2005
2006 case Q_DEFAULT:
2007 case Q_OR:
2008 b0 = gen_fhostop(eaddr, Q_SRC);
2009 b1 = gen_fhostop(eaddr, Q_DST);
2010 gen_or(b0, b1);
2011 return b1;
2012 }
2013 abort();
2014 /* NOTREACHED */
2015 }
2016
2017 /*
2018 * Like gen_ehostop, but for DLT_IEEE802 (Token Ring)
2019 */
2020 static struct block *
2021 gen_thostop(eaddr, dir)
2022 register const u_char *eaddr;
2023 register int dir;
2024 {
2025 register struct block *b0, *b1;
2026
2027 switch (dir) {
2028 case Q_SRC:
2029 return gen_bcmp(8, 6, eaddr);
2030
2031 case Q_DST:
2032 return gen_bcmp(2, 6, eaddr);
2033
2034 case Q_AND:
2035 b0 = gen_thostop(eaddr, Q_SRC);
2036 b1 = gen_thostop(eaddr, Q_DST);
2037 gen_and(b0, b1);
2038 return b1;
2039
2040 case Q_DEFAULT:
2041 case Q_OR:
2042 b0 = gen_thostop(eaddr, Q_SRC);
2043 b1 = gen_thostop(eaddr, Q_DST);
2044 gen_or(b0, b1);
2045 return b1;
2046 }
2047 abort();
2048 /* NOTREACHED */
2049 }
2050
2051 /*
2052 * Like gen_ehostop, but for DLT_IEEE802_11 (802.11 wireless LAN)
2053 */
2054 static struct block *
2055 gen_wlanhostop(eaddr, dir)
2056 register const u_char *eaddr;
2057 register int dir;
2058 {
2059 register struct block *b0, *b1, *b2;
2060 register struct slist *s;
2061
2062 switch (dir) {
2063 case Q_SRC:
2064 /*
2065 * Oh, yuk.
2066 *
2067 * For control frames, there is no SA.
2068 *
2069 * For management frames, SA is at an
2070 * offset of 10 from the beginning of
2071 * the packet.
2072 *
2073 * For data frames, SA is at an offset
2074 * of 10 from the beginning of the packet
2075 * if From DS is clear, at an offset of
2076 * 16 from the beginning of the packet
2077 * if From DS is set and To DS is clear,
2078 * and an offset of 24 from the beginning
2079 * of the packet if From DS is set and To DS
2080 * is set.
2081 */
2082
2083 /*
2084 * Generate the tests to be done for data frames
2085 * with From DS set.
2086 *
2087 * First, check for To DS set, i.e. check "link[1] & 0x01".
2088 */
2089 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2090 s->s.k = 1;
2091 b1 = new_block(JMP(BPF_JSET));
2092 b1->s.k = 0x01; /* To DS */
2093 b1->stmts = s;
2094
2095 /*
2096 * If To DS is set, the SA is at 24.
2097 */
2098 b0 = gen_bcmp(24, 6, eaddr);
2099 gen_and(b1, b0);
2100
2101 /*
2102 * Now, check for To DS not set, i.e. check
2103 * "!(link[1] & 0x01)".
2104 */
2105 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2106 s->s.k = 1;
2107 b2 = new_block(JMP(BPF_JSET));
2108 b2->s.k = 0x01; /* To DS */
2109 b2->stmts = s;
2110 gen_not(b2);
2111
2112 /*
2113 * If To DS is not set, the SA is at 16.
2114 */
2115 b1 = gen_bcmp(16, 6, eaddr);
2116 gen_and(b2, b1);
2117
2118 /*
2119 * Now OR together the last two checks. That gives
2120 * the complete set of checks for data frames with
2121 * From DS set.
2122 */
2123 gen_or(b1, b0);
2124
2125 /*
2126 * Now check for From DS being set, and AND that with
2127 * the ORed-together checks.
2128 */
2129 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2130 s->s.k = 1;
2131 b1 = new_block(JMP(BPF_JSET));
2132 b1->s.k = 0x02; /* From DS */
2133 b1->stmts = s;
2134 gen_and(b1, b0);
2135
2136 /*
2137 * Now check for data frames with From DS not set.
2138 */
2139 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2140 s->s.k = 1;
2141 b2 = new_block(JMP(BPF_JSET));
2142 b2->s.k = 0x02; /* From DS */
2143 b2->stmts = s;
2144 gen_not(b2);
2145
2146 /*
2147 * If From DS isn't set, the SA is at 10.
2148 */
2149 b1 = gen_bcmp(10, 6, eaddr);
2150 gen_and(b2, b1);
2151
2152 /*
2153 * Now OR together the checks for data frames with
2154 * From DS not set and for data frames with From DS
2155 * set; that gives the checks done for data frames.
2156 */
2157 gen_or(b1, b0);
2158
2159 /*
2160 * Now check for a data frame.
2161 * I.e, check "link[0] & 0x08".
2162 */
2163 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2164 s->s.k = 0;
2165 b1 = new_block(JMP(BPF_JSET));
2166 b1->s.k = 0x08;
2167 b1->stmts = s;
2168
2169 /*
2170 * AND that with the checks done for data frames.
2171 */
2172 gen_and(b1, b0);
2173
2174 /*
2175 * If the high-order bit of the type value is 0, this
2176 * is a management frame.
2177 * I.e, check "!(link[0] & 0x08)".
2178 */
2179 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2180 s->s.k = 0;
2181 b2 = new_block(JMP(BPF_JSET));
2182 b2->s.k = 0x08;
2183 b2->stmts = s;
2184 gen_not(b2);
2185
2186 /*
2187 * For management frames, the SA is at 10.
2188 */
2189 b1 = gen_bcmp(10, 6, eaddr);
2190 gen_and(b2, b1);
2191
2192 /*
2193 * OR that with the checks done for data frames.
2194 * That gives the checks done for management and
2195 * data frames.
2196 */
2197 gen_or(b1, b0);
2198
2199 /*
2200 * If the low-order bit of the type value is 1,
2201 * this is either a control frame or a frame
2202 * with a reserved type, and thus not a
2203 * frame with an SA.
2204 *
2205 * I.e., check "!(link[0] & 0x04)".
2206 */
2207 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2208 s->s.k = 0;
2209 b1 = new_block(JMP(BPF_JSET));
2210 b1->s.k = 0x04;
2211 b1->stmts = s;
2212 gen_not(b1);
2213
2214 /*
2215 * AND that with the checks for data and management
2216 * frames.
2217 */
2218 gen_and(b1, b0);
2219 return b0;
2220
2221 case Q_DST:
2222 /*
2223 * Oh, yuk.
2224 *
2225 * For control frames, there is no DA.
2226 *
2227 * For management frames, DA is at an
2228 * offset of 4 from the beginning of
2229 * the packet.
2230 *
2231 * For data frames, DA is at an offset
2232 * of 4 from the beginning of the packet
2233 * if To DS is clear and at an offset of
2234 * 16 from the beginning of the packet
2235 * if To DS is set.
2236 */
2237
2238 /*
2239 * Generate the tests to be done for data frames.
2240 *
2241 * First, check for To DS set, i.e. "link[1] & 0x01".
2242 */
2243 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2244 s->s.k = 1;
2245 b1 = new_block(JMP(BPF_JSET));
2246 b1->s.k = 0x01; /* To DS */
2247 b1->stmts = s;
2248
2249 /*
2250 * If To DS is set, the DA is at 16.
2251 */
2252 b0 = gen_bcmp(16, 6, eaddr);
2253 gen_and(b1, b0);
2254
2255 /*
2256 * Now, check for To DS not set, i.e. check
2257 * "!(link[1] & 0x01)".
2258 */
2259 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2260 s->s.k = 1;
2261 b2 = new_block(JMP(BPF_JSET));
2262 b2->s.k = 0x01; /* To DS */
2263 b2->stmts = s;
2264 gen_not(b2);
2265
2266 /*
2267 * If To DS is not set, the DA is at 4.
2268 */
2269 b1 = gen_bcmp(4, 6, eaddr);
2270 gen_and(b2, b1);
2271
2272 /*
2273 * Now OR together the last two checks. That gives
2274 * the complete set of checks for data frames.
2275 */
2276 gen_or(b1, b0);
2277
2278 /*
2279 * Now check for a data frame.
2280 * I.e, check "link[0] & 0x08".
2281 */
2282 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2283 s->s.k = 0;
2284 b1 = new_block(JMP(BPF_JSET));
2285 b1->s.k = 0x08;
2286 b1->stmts = s;
2287
2288 /*
2289 * AND that with the checks done for data frames.
2290 */
2291 gen_and(b1, b0);
2292
2293 /*
2294 * If the high-order bit of the type value is 0, this
2295 * is a management frame.
2296 * I.e, check "!(link[0] & 0x08)".
2297 */
2298 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2299 s->s.k = 0;
2300 b2 = new_block(JMP(BPF_JSET));
2301 b2->s.k = 0x08;
2302 b2->stmts = s;
2303 gen_not(b2);
2304
2305 /*
2306 * For management frames, the DA is at 4.
2307 */
2308 b1 = gen_bcmp(4, 6, eaddr);
2309 gen_and(b2, b1);
2310
2311 /*
2312 * OR that with the checks done for data frames.
2313 * That gives the checks done for management and
2314 * data frames.
2315 */
2316 gen_or(b1, b0);
2317
2318 /*
2319 * If the low-order bit of the type value is 1,
2320 * this is either a control frame or a frame
2321 * with a reserved type, and thus not a
2322 * frame with an SA.
2323 *
2324 * I.e., check "!(link[0] & 0x04)".
2325 */
2326 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2327 s->s.k = 0;
2328 b1 = new_block(JMP(BPF_JSET));
2329 b1->s.k = 0x04;
2330 b1->stmts = s;
2331 gen_not(b1);
2332
2333 /*
2334 * AND that with the checks for data and management
2335 * frames.
2336 */
2337 gen_and(b1, b0);
2338 return b0;
2339
2340 case Q_AND:
2341 b0 = gen_wlanhostop(eaddr, Q_SRC);
2342 b1 = gen_wlanhostop(eaddr, Q_DST);
2343 gen_and(b0, b1);
2344 return b1;
2345
2346 case Q_DEFAULT:
2347 case Q_OR:
2348 b0 = gen_wlanhostop(eaddr, Q_SRC);
2349 b1 = gen_wlanhostop(eaddr, Q_DST);
2350 gen_or(b0, b1);
2351 return b1;
2352 }
2353 abort();
2354 /* NOTREACHED */
2355 }
2356
2357 /*
2358 * Like gen_ehostop, but for RFC 2625 IP-over-Fibre-Channel.
2359 * (We assume that the addresses are IEEE 48-bit MAC addresses,
2360 * as the RFC states.)
2361 */
2362 static struct block *
2363 gen_ipfchostop(eaddr, dir)
2364 register const u_char *eaddr;
2365 register int dir;
2366 {
2367 register struct block *b0, *b1;
2368
2369 switch (dir) {
2370 case Q_SRC:
2371 return gen_bcmp(10, 6, eaddr);
2372
2373 case Q_DST:
2374 return gen_bcmp(2, 6, eaddr);
2375
2376 case Q_AND:
2377 b0 = gen_ipfchostop(eaddr, Q_SRC);
2378 b1 = gen_ipfchostop(eaddr, Q_DST);
2379 gen_and(b0, b1);
2380 return b1;
2381
2382 case Q_DEFAULT:
2383 case Q_OR:
2384 b0 = gen_ipfchostop(eaddr, Q_SRC);
2385 b1 = gen_ipfchostop(eaddr, Q_DST);
2386 gen_or(b0, b1);
2387 return b1;
2388 }
2389 abort();
2390 /* NOTREACHED */
2391 }
2392
2393 /*
2394 * This is quite tricky because there may be pad bytes in front of the
2395 * DECNET header, and then there are two possible data packet formats that
2396 * carry both src and dst addresses, plus 5 packet types in a format that
2397 * carries only the src node, plus 2 types that use a different format and
2398 * also carry just the src node.
2399 *
2400 * Yuck.
2401 *
2402 * Instead of doing those all right, we just look for data packets with
2403 * 0 or 1 bytes of padding. If you want to look at other packets, that
2404 * will require a lot more hacking.
2405 *
2406 * To add support for filtering on DECNET "areas" (network numbers)
2407 * one would want to add a "mask" argument to this routine. That would
2408 * make the filter even more inefficient, although one could be clever
2409 * and not generate masking instructions if the mask is 0xFFFF.
2410 */
2411 static struct block *
2412 gen_dnhostop(addr, dir, base_off)
2413 bpf_u_int32 addr;
2414 int dir;
2415 u_int base_off;
2416 {
2417 struct block *b0, *b1, *b2, *tmp;
2418 u_int offset_lh; /* offset if long header is received */
2419 u_int offset_sh; /* offset if short header is received */
2420
2421 switch (dir) {
2422
2423 case Q_DST:
2424 offset_sh = 1; /* follows flags */
2425 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */
2426 break;
2427
2428 case Q_SRC:
2429 offset_sh = 3; /* follows flags, dstnode */
2430 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */
2431 break;
2432
2433 case Q_AND:
2434 /* Inefficient because we do our Calvinball dance twice */
2435 b0 = gen_dnhostop(addr, Q_SRC, base_off);
2436 b1 = gen_dnhostop(addr, Q_DST, base_off);
2437 gen_and(b0, b1);
2438 return b1;
2439
2440 case Q_OR:
2441 case Q_DEFAULT:
2442 /* Inefficient because we do our Calvinball dance twice */
2443 b0 = gen_dnhostop(addr, Q_SRC, base_off);
2444 b1 = gen_dnhostop(addr, Q_DST, base_off);
2445 gen_or(b0, b1);
2446 return b1;
2447
2448 case Q_ISO:
2449 bpf_error("ISO host filtering not implemented");
2450
2451 default:
2452 abort();
2453 }
2454 b0 = gen_linktype(ETHERTYPE_DN);
2455 /* Check for pad = 1, long header case */
2456 tmp = gen_mcmp(base_off + 2, BPF_H,
2457 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF));
2458 b1 = gen_cmp(base_off + 2 + 1 + offset_lh,
2459 BPF_H, (bpf_int32)ntohs(addr));
2460 gen_and(tmp, b1);
2461 /* Check for pad = 0, long header case */
2462 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7);
2463 b2 = gen_cmp(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr));
2464 gen_and(tmp, b2);
2465 gen_or(b2, b1);
2466 /* Check for pad = 1, short header case */
2467 tmp = gen_mcmp(base_off + 2, BPF_H,
2468 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF));
2469 b2 = gen_cmp(base_off + 2 + 1 + offset_sh,
2470 BPF_H, (bpf_int32)ntohs(addr));
2471 gen_and(tmp, b2);
2472 gen_or(b2, b1);
2473 /* Check for pad = 0, short header case */
2474 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7);
2475 b2 = gen_cmp(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr));
2476 gen_and(tmp, b2);
2477 gen_or(b2, b1);
2478
2479 /* Combine with test for linktype */
2480 gen_and(b0, b1);
2481 return b1;
2482 }
2483
2484 static struct block *
2485 gen_host(addr, mask, proto, dir)
2486 bpf_u_int32 addr;
2487 bpf_u_int32 mask;
2488 int proto;
2489 int dir;
2490 {
2491 struct block *b0, *b1;
2492
2493 switch (proto) {
2494
2495 case Q_DEFAULT:
2496 b0 = gen_host(addr, mask, Q_IP, dir);
2497 if (off_linktype != (u_int)-1) {
2498 b1 = gen_host(addr, mask, Q_ARP, dir);
2499 gen_or(b0, b1);
2500 b0 = gen_host(addr, mask, Q_RARP, dir);
2501 gen_or(b1, b0);
2502 }
2503 return b0;
2504
2505 case Q_IP:
2506 return gen_hostop(addr, mask, dir, ETHERTYPE_IP,
2507 off_nl + 12, off_nl + 16);
2508
2509 case Q_RARP:
2510 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP,
2511 off_nl + 14, off_nl + 24);
2512
2513 case Q_ARP:
2514 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP,
2515 off_nl + 14, off_nl + 24);
2516
2517 case Q_TCP:
2518 bpf_error("'tcp' modifier applied to host");
2519
2520 case Q_SCTP:
2521 bpf_error("'sctp' modifier applied to host");
2522
2523 case Q_UDP:
2524 bpf_error("'udp' modifier applied to host");
2525
2526 case Q_ICMP:
2527 bpf_error("'icmp' modifier applied to host");
2528
2529 case Q_IGMP:
2530 bpf_error("'igmp' modifier applied to host");
2531
2532 case Q_IGRP:
2533 bpf_error("'igrp' modifier applied to host");
2534
2535 case Q_PIM:
2536 bpf_error("'pim' modifier applied to host");
2537
2538 case Q_VRRP:
2539 bpf_error("'vrrp' modifier applied to host");
2540
2541 case Q_ATALK:
2542 bpf_error("ATALK host filtering not implemented");
2543
2544 case Q_AARP:
2545 bpf_error("AARP host filtering not implemented");
2546
2547 case Q_DECNET:
2548 return gen_dnhostop(addr, dir, off_nl);
2549
2550 case Q_SCA:
2551 bpf_error("SCA host filtering not implemented");
2552
2553 case Q_LAT:
2554 bpf_error("LAT host filtering not implemented");
2555
2556 case Q_MOPDL:
2557 bpf_error("MOPDL host filtering not implemented");
2558
2559 case Q_MOPRC:
2560 bpf_error("MOPRC host filtering not implemented");
2561
2562 #ifdef INET6
2563 case Q_IPV6:
2564 bpf_error("'ip6' modifier applied to ip host");
2565
2566 case Q_ICMPV6:
2567 bpf_error("'icmp6' modifier applied to host");
2568 #endif /* INET6 */
2569
2570 case Q_AH:
2571 bpf_error("'ah' modifier applied to host");
2572
2573 case Q_ESP:
2574 bpf_error("'esp' modifier applied to host");
2575
2576 case Q_ISO:
2577 bpf_error("ISO host filtering not implemented");
2578
2579 case Q_ESIS:
2580 bpf_error("'esis' modifier applied to host");
2581
2582 case Q_ISIS:
2583 bpf_error("'isis' modifier applied to host");
2584
2585 case Q_CLNP:
2586 bpf_error("'clnp' modifier applied to host");
2587
2588 case Q_STP:
2589 bpf_error("'stp' modifier applied to host");
2590
2591 case Q_IPX:
2592 bpf_error("IPX host filtering not implemented");
2593
2594 case Q_NETBEUI:
2595 bpf_error("'netbeui' modifier applied to host");
2596
2597 default:
2598 abort();
2599 }
2600 /* NOTREACHED */
2601 }
2602
2603 #ifdef INET6
2604 static struct block *
2605 gen_host6(addr, mask, proto, dir)
2606 struct in6_addr *addr;
2607 struct in6_addr *mask;
2608 int proto;
2609 int dir;
2610 {
2611 switch (proto) {
2612
2613 case Q_DEFAULT:
2614 return gen_host6(addr, mask, Q_IPV6, dir);
2615
2616 case Q_IP:
2617 bpf_error("'ip' modifier applied to ip6 host");
2618
2619 case Q_RARP:
2620 bpf_error("'rarp' modifier applied to ip6 host");
2621
2622 case Q_ARP:
2623 bpf_error("'arp' modifier applied to ip6 host");
2624
2625 case Q_SCTP:
2626 bpf_error("'sctp' modifier applied to host");
2627
2628 case Q_TCP:
2629 bpf_error("'tcp' modifier applied to host");
2630
2631 case Q_UDP:
2632 bpf_error("'udp' modifier applied to host");
2633
2634 case Q_ICMP:
2635 bpf_error("'icmp' modifier applied to host");
2636
2637 case Q_IGMP:
2638 bpf_error("'igmp' modifier applied to host");
2639
2640 case Q_IGRP:
2641 bpf_error("'igrp' modifier applied to host");
2642
2643 case Q_PIM:
2644 bpf_error("'pim' modifier applied to host");
2645
2646 case Q_VRRP:
2647 bpf_error("'vrrp' modifier applied to host");
2648
2649 case Q_ATALK:
2650 bpf_error("ATALK host filtering not implemented");
2651
2652 case Q_AARP:
2653 bpf_error("AARP host filtering not implemented");
2654
2655 case Q_DECNET:
2656 bpf_error("'decnet' modifier applied to ip6 host");
2657
2658 case Q_SCA:
2659 bpf_error("SCA host filtering not implemented");
2660
2661 case Q_LAT:
2662 bpf_error("LAT host filtering not implemented");
2663
2664 case Q_MOPDL:
2665 bpf_error("MOPDL host filtering not implemented");
2666
2667 case Q_MOPRC:
2668 bpf_error("MOPRC host filtering not implemented");
2669
2670 case Q_IPV6:
2671 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6,
2672 off_nl + 8, off_nl + 24);
2673
2674 case Q_ICMPV6:
2675 bpf_error("'icmp6' modifier applied to host");
2676
2677 case Q_AH:
2678 bpf_error("'ah' modifier applied to host");
2679
2680 case Q_ESP:
2681 bpf_error("'esp' modifier applied to host");
2682
2683 case Q_ISO:
2684 bpf_error("ISO host filtering not implemented");
2685
2686 case Q_ESIS:
2687 bpf_error("'esis' modifier applied to host");
2688
2689 case Q_ISIS:
2690 bpf_error("'isis' modifier applied to host");
2691
2692 case Q_CLNP:
2693 bpf_error("'clnp' modifier applied to host");
2694
2695 case Q_STP:
2696 bpf_error("'stp' modifier applied to host");
2697
2698 case Q_IPX:
2699 bpf_error("IPX host filtering not implemented");
2700
2701 case Q_NETBEUI:
2702 bpf_error("'netbeui' modifier applied to host");
2703
2704 default:
2705 abort();
2706 }
2707 /* NOTREACHED */
2708 }
2709 #endif /*INET6*/
2710
2711 #ifndef INET6
2712 static struct block *
2713 gen_gateway(eaddr, alist, proto, dir)
2714 const u_char *eaddr;
2715 bpf_u_int32 **alist;
2716 int proto;
2717 int dir;
2718 {
2719 struct block *b0, *b1, *tmp;
2720
2721 if (dir != 0)
2722 bpf_error("direction applied to 'gateway'");
2723
2724 switch (proto) {
2725 case Q_DEFAULT:
2726 case Q_IP:
2727 case Q_ARP:
2728 case Q_RARP:
2729 if (linktype == DLT_EN10MB)
2730 b0 = gen_ehostop(eaddr, Q_OR);
2731 else if (linktype == DLT_FDDI)
2732 b0 = gen_fhostop(eaddr, Q_OR);
2733 else if (linktype == DLT_IEEE802)
2734 b0 = gen_thostop(eaddr, Q_OR);
2735 else if (linktype == DLT_IEEE802_11)
2736 b0 = gen_wlanhostop(eaddr, Q_OR);
2737 else if (linktype == DLT_SUNATM && is_lane) {
2738 /*
2739 * Check that the packet doesn't begin with an
2740 * LE Control marker. (We've already generated
2741 * a test for LANE.)
2742 */
2743 b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
2744 gen_not(b1);
2745
2746 /*
2747 * Now check the MAC address.
2748 */
2749 b0 = gen_ehostop(eaddr, Q_OR);
2750 gen_and(b1, b0);
2751 } else if (linktype == DLT_IP_OVER_FC)
2752 b0 = gen_ipfchostop(eaddr, Q_OR);
2753 else
2754 bpf_error(
2755 "'gateway' supported only on ethernet/FDDI/token ring/802.11/Fibre Channel");
2756
2757 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR);
2758 while (*alist) {
2759 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR);
2760 gen_or(b1, tmp);
2761 b1 = tmp;
2762 }
2763 gen_not(b1);
2764 gen_and(b0, b1);
2765 return b1;
2766 }
2767 bpf_error("illegal modifier of 'gateway'");
2768 /* NOTREACHED */
2769 }
2770 #endif
2771
2772 struct block *
2773 gen_proto_abbrev(proto)
2774 int proto;
2775 {
2776 struct block *b0;
2777 struct block *b1;
2778
2779 switch (proto) {
2780
2781 case Q_SCTP:
2782 b1 = gen_proto(IPPROTO_SCTP, Q_IP, Q_DEFAULT);
2783 #ifdef INET6
2784 b0 = gen_proto(IPPROTO_SCTP, Q_IPV6, Q_DEFAULT);
2785 gen_or(b0, b1);
2786 #endif
2787 break;
2788
2789 case Q_TCP:
2790 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT);
2791 #ifdef INET6
2792 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT);
2793 gen_or(b0, b1);
2794 #endif
2795 break;
2796
2797 case Q_UDP:
2798 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT);
2799 #ifdef INET6
2800 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT);
2801 gen_or(b0, b1);
2802 #endif
2803 break;
2804
2805 case Q_ICMP:
2806 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT);
2807 break;
2808
2809 #ifndef IPPROTO_IGMP
2810 #define IPPROTO_IGMP 2
2811 #endif
2812
2813 case Q_IGMP:
2814 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT);
2815 break;
2816
2817 #ifndef IPPROTO_IGRP
2818 #define IPPROTO_IGRP 9
2819 #endif
2820 case Q_IGRP:
2821 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT);
2822 break;
2823
2824 #ifndef IPPROTO_PIM
2825 #define IPPROTO_PIM 103
2826 #endif
2827
2828 case Q_PIM:
2829 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT);
2830 #ifdef INET6
2831 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT);
2832 gen_or(b0, b1);
2833 #endif
2834 break;
2835
2836 #ifndef IPPROTO_VRRP
2837 #define IPPROTO_VRRP 112
2838 #endif
2839
2840 case Q_VRRP:
2841 b1 = gen_proto(IPPROTO_VRRP, Q_IP, Q_DEFAULT);
2842 break;
2843
2844 case Q_IP:
2845 b1 = gen_linktype(ETHERTYPE_IP);
2846 break;
2847
2848 case Q_ARP:
2849 b1 = gen_linktype(ETHERTYPE_ARP);
2850 break;
2851
2852 case Q_RARP:
2853 b1 = gen_linktype(ETHERTYPE_REVARP);
2854 break;
2855
2856 case Q_LINK:
2857 bpf_error("link layer applied in wrong context");
2858
2859 case Q_ATALK:
2860 b1 = gen_linktype(ETHERTYPE_ATALK);
2861 break;
2862
2863 case Q_AARP:
2864 b1 = gen_linktype(ETHERTYPE_AARP);
2865 break;
2866
2867 case Q_DECNET:
2868 b1 = gen_linktype(ETHERTYPE_DN);
2869 break;
2870
2871 case Q_SCA:
2872 b1 = gen_linktype(ETHERTYPE_SCA);
2873 break;
2874
2875 case Q_LAT:
2876 b1 = gen_linktype(ETHERTYPE_LAT);
2877 break;
2878
2879 case Q_MOPDL:
2880 b1 = gen_linktype(ETHERTYPE_MOPDL);
2881 break;
2882
2883 case Q_MOPRC:
2884 b1 = gen_linktype(ETHERTYPE_MOPRC);
2885 break;
2886
2887 #ifdef INET6
2888 case Q_IPV6:
2889 b1 = gen_linktype(ETHERTYPE_IPV6);
2890 break;
2891
2892 #ifndef IPPROTO_ICMPV6
2893 #define IPPROTO_ICMPV6 58
2894 #endif
2895 case Q_ICMPV6:
2896 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT);
2897 break;
2898 #endif /* INET6 */
2899
2900 #ifndef IPPROTO_AH
2901 #define IPPROTO_AH 51
2902 #endif
2903 case Q_AH:
2904 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT);
2905 #ifdef INET6
2906 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT);
2907 gen_or(b0, b1);
2908 #endif
2909 break;
2910
2911 #ifndef IPPROTO_ESP
2912 #define IPPROTO_ESP 50
2913 #endif
2914 case Q_ESP:
2915 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT);
2916 #ifdef INET6
2917 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT);
2918 gen_or(b0, b1);
2919 #endif
2920 break;
2921
2922 case Q_ISO:
2923 b1 = gen_linktype(LLCSAP_ISONS);
2924 break;
2925
2926 case Q_ESIS:
2927 b1 = gen_proto(ISO9542_ESIS, Q_ISO, Q_DEFAULT);
2928 break;
2929
2930 case Q_ISIS:
2931 b1 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT);
2932 break;
2933
2934 case Q_ISIS_L1: /* all IS-IS Level1 PDU-Types */
2935 b0 = gen_proto(ISIS_L1_LAN_IIH, Q_ISIS, Q_DEFAULT);
2936 b1 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT); /* FIXME extract the circuit-type bits */
2937 gen_or(b0, b1);
2938 b0 = gen_proto(ISIS_L1_LSP, Q_ISIS, Q_DEFAULT);
2939 gen_or(b0, b1);
2940 b0 = gen_proto(ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT);
2941 gen_or(b0, b1);
2942 b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT);
2943 gen_or(b0, b1);
2944 break;
2945
2946 case Q_ISIS_L2: /* all IS-IS Level2 PDU-Types */
2947 b0 = gen_proto(ISIS_L2_LAN_IIH, Q_ISIS, Q_DEFAULT);
2948 b1 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT); /* FIXME extract the circuit-type bits */
2949 gen_or(b0, b1);
2950 b0 = gen_proto(ISIS_L2_LSP, Q_ISIS, Q_DEFAULT);
2951 gen_or(b0, b1);
2952 b0 = gen_proto(ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT);
2953 gen_or(b0, b1);
2954 b0 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT);
2955 gen_or(b0, b1);
2956 break;
2957
2958 case Q_ISIS_IIH: /* all IS-IS Hello PDU-Types */
2959 b0 = gen_proto(ISIS_L1_LAN_IIH, Q_ISIS, Q_DEFAULT);
2960 b1 = gen_proto(ISIS_L2_LAN_IIH, Q_ISIS, Q_DEFAULT);
2961 gen_or(b0, b1);
2962 b0 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT);
2963 gen_or(b0, b1);
2964 break;
2965
2966 case Q_ISIS_LSP:
2967 b0 = gen_proto(ISIS_L1_LSP, Q_ISIS, Q_DEFAULT);
2968 b1 = gen_proto(ISIS_L2_LSP, Q_ISIS, Q_DEFAULT);
2969 gen_or(b0, b1);
2970 break;
2971
2972 case Q_ISIS_SNP:
2973 b0 = gen_proto(ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT);
2974 b1 = gen_proto(ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT);
2975 gen_or(b0, b1);
2976 b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT);
2977 gen_or(b0, b1);
2978 b0 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT);
2979 gen_or(b0, b1);
2980 break;
2981
2982 case Q_ISIS_CSNP:
2983 b0 = gen_proto(ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT);
2984 b1 = gen_proto(ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT);
2985 gen_or(b0, b1);
2986 break;
2987
2988 case Q_ISIS_PSNP:
2989 b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT);
2990 b1 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT);
2991 gen_or(b0, b1);
2992 break;
2993
2994 case Q_CLNP:
2995 b1 = gen_proto(ISO8473_CLNP, Q_ISO, Q_DEFAULT);
2996 break;
2997
2998 case Q_STP:
2999 b1 = gen_linktype(LLCSAP_8021D);
3000 break;
3001
3002 case Q_IPX:
3003 b1 = gen_linktype(LLCSAP_IPX);
3004 break;
3005
3006 case Q_NETBEUI:
3007 b1 = gen_linktype(LLCSAP_NETBEUI);
3008 break;
3009
3010 default:
3011 abort();
3012 }
3013 return b1;
3014 }
3015
3016 static struct block *
3017 gen_ipfrag()
3018 {
3019 struct slist *s;
3020 struct block *b;
3021
3022 /* not ip frag */
3023 s = new_stmt(BPF_LD|BPF_H|BPF_ABS);
3024 s->s.k = off_nl + 6;
3025 b = new_block(JMP(BPF_JSET));
3026 b->s.k = 0x1fff;
3027 b->stmts = s;
3028 gen_not(b);
3029
3030 return b;
3031 }
3032
3033 static struct block *
3034 gen_portatom(off, v)
3035 int off;
3036 bpf_int32 v;
3037 {
3038 struct slist *s;
3039 struct block *b;
3040
3041 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
3042 s->s.k = off_nl;
3043
3044 s->next = new_stmt(BPF_LD|BPF_IND|BPF_H);
3045 s->next->s.k = off_nl + off;
3046
3047 b = new_block(JMP(BPF_JEQ));
3048 b->stmts = s;
3049 b->s.k = v;
3050
3051 return b;
3052 }
3053
3054 #ifdef INET6
3055 static struct block *
3056 gen_portatom6(off, v)
3057 int off;
3058 bpf_int32 v;
3059 {
3060 return gen_cmp(off_nl + 40 + off, BPF_H, v);
3061 }
3062 #endif/*INET6*/
3063
3064 struct block *
3065 gen_portop(port, proto, dir)
3066 int port, proto, dir;
3067 {
3068 struct block *b0, *b1, *tmp;
3069
3070 /* ip proto 'proto' */
3071 tmp = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)proto);
3072 b0 = gen_ipfrag();
3073 gen_and(tmp, b0);
3074
3075 switch (dir) {
3076 case Q_SRC:
3077 b1 = gen_portatom(0, (bpf_int32)port);
3078 break;
3079
3080 case Q_DST:
3081 b1 = gen_portatom(2, (bpf_int32)port);
3082 break;
3083
3084 case Q_OR:
3085 case Q_DEFAULT:
3086 tmp = gen_portatom(0, (bpf_int32)port);
3087 b1 = gen_portatom(2, (bpf_int32)port);
3088 gen_or(tmp, b1);
3089 break;
3090
3091 case Q_AND:
3092 tmp = gen_portatom(0, (bpf_int32)port);
3093 b1 = gen_portatom(2, (bpf_int32)port);
3094 gen_and(tmp, b1);
3095 break;
3096
3097 default:
3098 abort();
3099 }
3100 gen_and(b0, b1);
3101
3102 return b1;
3103 }
3104
3105 static struct block *
3106 gen_port(port, ip_proto, dir)
3107 int port;
3108 int ip_proto;
3109 int dir;
3110 {
3111 struct block *b0, *b1, *tmp;
3112
3113 /*
3114 * ether proto ip
3115 *
3116 * For FDDI, RFC 1188 says that SNAP encapsulation is used,
3117 * not LLC encapsulation with LLCSAP_IP.
3118 *
3119 * For IEEE 802 networks - which includes 802.5 token ring
3120 * (which is what DLT_IEEE802 means) and 802.11 - RFC 1042
3121 * says that SNAP encapsulation is used, not LLC encapsulation
3122 * with LLCSAP_IP.
3123 *
3124 * For LLC-encapsulated ATM/"Classical IP", RFC 1483 and
3125 * RFC 2225 say that SNAP encapsulation is used, not LLC
3126 * encapsulation with LLCSAP_IP.
3127 *
3128 * So we always check for ETHERTYPE_IP.
3129 */
3130 b0 = gen_linktype(ETHERTYPE_IP);
3131
3132 switch (ip_proto) {
3133 case IPPROTO_UDP:
3134 case IPPROTO_TCP:
3135 case IPPROTO_SCTP:
3136 b1 = gen_portop(port, ip_proto, dir);
3137 break;
3138
3139 case PROTO_UNDEF:
3140 tmp = gen_portop(port, IPPROTO_TCP, dir);
3141 b1 = gen_portop(port, IPPROTO_UDP, dir);
3142 gen_or(tmp, b1);
3143 tmp = gen_portop(port, IPPROTO_SCTP, dir);
3144 gen_or(tmp, b1);
3145 break;
3146
3147 default:
3148 abort();
3149 }
3150 gen_and(b0, b1);
3151 return b1;
3152 }
3153
3154 #ifdef INET6
3155 struct block *
3156 gen_portop6(port, proto, dir)
3157 int port, proto, dir;
3158 {
3159 struct block *b0, *b1, *tmp;
3160
3161 /* ip proto 'proto' */
3162 b0 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)proto);
3163
3164 switch (dir) {
3165 case Q_SRC:
3166 b1 = gen_portatom6(0, (bpf_int32)port);
3167 break;
3168
3169 case Q_DST:
3170 b1 = gen_portatom6(2, (bpf_int32)port);
3171 break;
3172
3173 case Q_OR:
3174 case Q_DEFAULT:
3175 tmp = gen_portatom6(0, (bpf_int32)port);
3176 b1 = gen_portatom6(2, (bpf_int32)port);
3177 gen_or(tmp, b1);
3178 break;
3179
3180 case Q_AND:
3181 tmp = gen_portatom6(0, (bpf_int32)port);
3182 b1 = gen_portatom6(2, (bpf_int32)port);
3183 gen_and(tmp, b1);
3184 break;
3185
3186 default:
3187 abort();
3188 }
3189 gen_and(b0, b1);
3190
3191 return b1;
3192 }
3193
3194 static struct block *
3195 gen_port6(port, ip_proto, dir)
3196 int port;
3197 int ip_proto;
3198 int dir;
3199 {
3200 struct block *b0, *b1, *tmp;
3201
3202 /* ether proto ip */
3203 b0 = gen_linktype(ETHERTYPE_IPV6);
3204
3205 switch (ip_proto) {
3206 case IPPROTO_UDP:
3207 case IPPROTO_TCP:
3208 case IPPROTO_SCTP:
3209 b1 = gen_portop6(port, ip_proto, dir);
3210 break;
3211
3212 case PROTO_UNDEF:
3213 tmp = gen_portop6(port, IPPROTO_TCP, dir);
3214 b1 = gen_portop6(port, IPPROTO_UDP, dir);
3215 gen_or(tmp, b1);
3216 tmp = gen_portop6(port, IPPROTO_SCTP, dir);
3217 gen_or(tmp, b1);
3218 break;
3219
3220 default:
3221 abort();
3222 }
3223 gen_and(b0, b1);
3224 return b1;
3225 }
3226 #endif /* INET6 */
3227
3228 static int
3229 lookup_proto(name, proto)
3230 register const char *name;
3231 register int proto;
3232 {
3233 register int v;
3234
3235 switch (proto) {
3236
3237 case Q_DEFAULT:
3238 case Q_IP:
3239 case Q_IPV6:
3240 v = pcap_nametoproto(name);
3241 if (v == PROTO_UNDEF)
3242 bpf_error("unknown ip proto '%s'", name);
3243 break;
3244
3245 case Q_LINK:
3246 /* XXX should look up h/w protocol type based on linktype */
3247 v = pcap_nametoeproto(name);
3248 if (v == PROTO_UNDEF)
3249 bpf_error("unknown ether proto '%s'", name);
3250 break;
3251
3252 case Q_ISO:
3253 if (strcmp(name, "esis") == 0)
3254 v = ISO9542_ESIS;
3255 else if (strcmp(name, "isis") == 0)
3256 v = ISO10589_ISIS;
3257 else if (strcmp(name, "clnp") == 0)
3258 v = ISO8473_CLNP;
3259 else
3260 bpf_error("unknown osi proto '%s'", name);
3261 break;
3262
3263 default:
3264 v = PROTO_UNDEF;
3265 break;
3266 }
3267 return v;
3268 }
3269
3270 #if 0
3271 struct stmt *
3272 gen_joinsp(s, n)
3273 struct stmt **s;
3274 int n;
3275 {
3276 return NULL;
3277 }
3278 #endif
3279
3280 static struct block *
3281 gen_protochain(v, proto, dir)
3282 int v;
3283 int proto;
3284 int dir;
3285 {
3286 #ifdef NO_PROTOCHAIN
3287 return gen_proto(v, proto, dir);
3288 #else
3289 struct block *b0, *b;
3290 struct slist *s[100];
3291 int fix2, fix3, fix4, fix5;
3292 int ahcheck, again, end;
3293 int i, max;
3294 int reg2 = alloc_reg();
3295
3296 memset(s, 0, sizeof(s));
3297 fix2 = fix3 = fix4 = fix5 = 0;
3298
3299 switch (proto) {
3300 case Q_IP:
3301 case Q_IPV6:
3302 break;
3303 case Q_DEFAULT:
3304 b0 = gen_protochain(v, Q_IP, dir);
3305 b = gen_protochain(v, Q_IPV6, dir);
3306 gen_or(b0, b);
3307 return b;
3308 default:
3309 bpf_error("bad protocol applied for 'protochain'");
3310 /*NOTREACHED*/
3311 }
3312
3313 no_optimize = 1; /*this code is not compatible with optimzer yet */
3314
3315 /*
3316 * s[0] is a dummy entry to protect other BPF insn from damaged
3317 * by s[fix] = foo with uninitialized variable "fix". It is somewhat
3318 * hard to find interdependency made by jump table fixup.
3319 */
3320 i = 0;
3321 s[i] = new_stmt(0); /*dummy*/
3322 i++;
3323
3324 switch (proto) {
3325 case Q_IP:
3326 b0 = gen_linktype(ETHERTYPE_IP);
3327
3328 /* A = ip->ip_p */
3329 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
3330 s[i]->s.k = off_nl + 9;
3331 i++;
3332 /* X = ip->ip_hl << 2 */
3333 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
3334 s[i]->s.k = off_nl;
3335 i++;
3336 break;
3337 #ifdef INET6
3338 case Q_IPV6:
3339 b0 = gen_linktype(ETHERTYPE_IPV6);
3340
3341 /* A = ip6->ip_nxt */
3342 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
3343 s[i]->s.k = off_nl + 6;
3344 i++;
3345 /* X = sizeof(struct ip6_hdr) */
3346 s[i] = new_stmt(BPF_LDX|BPF_IMM);
3347 s[i]->s.k = 40;
3348 i++;
3349 break;
3350 #endif
3351 default:
3352 bpf_error("unsupported proto to gen_protochain");
3353 /*NOTREACHED*/
3354 }
3355
3356 /* again: if (A == v) goto end; else fall through; */
3357 again = i;
3358 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3359 s[i]->s.k = v;
3360 s[i]->s.jt = NULL; /*later*/
3361 s[i]->s.jf = NULL; /*update in next stmt*/
3362 fix5 = i;
3363 i++;
3364
3365 #ifndef IPPROTO_NONE
3366 #define IPPROTO_NONE 59
3367 #endif
3368 /* if (A == IPPROTO_NONE) goto end */
3369 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3370 s[i]->s.jt = NULL; /*later*/
3371 s[i]->s.jf = NULL; /*update in next stmt*/
3372 s[i]->s.k = IPPROTO_NONE;
3373 s[fix5]->s.jf = s[i];
3374 fix2 = i;
3375 i++;
3376
3377 #ifdef INET6
3378 if (proto == Q_IPV6) {
3379 int v6start, v6end, v6advance, j;
3380
3381 v6start = i;
3382 /* if (A == IPPROTO_HOPOPTS) goto v6advance */
3383 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3384 s[i]->s.jt = NULL; /*later*/
3385 s[i]->s.jf = NULL; /*update in next stmt*/
3386 s[i]->s.k = IPPROTO_HOPOPTS;
3387 s[fix2]->s.jf = s[i];
3388 i++;
3389 /* if (A == IPPROTO_DSTOPTS) goto v6advance */
3390 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3391 s[i]->s.jt = NULL; /*later*/
3392 s[i]->s.jf = NULL; /*update in next stmt*/
3393 s[i]->s.k = IPPROTO_DSTOPTS;
3394 i++;
3395 /* if (A == IPPROTO_ROUTING) goto v6advance */
3396 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3397 s[i]->s.jt = NULL; /*later*/
3398 s[i]->s.jf = NULL; /*update in next stmt*/
3399 s[i]->s.k = IPPROTO_ROUTING;
3400 i++;
3401 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */
3402 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3403 s[i]->s.jt = NULL; /*later*/
3404 s[i]->s.jf = NULL; /*later*/
3405 s[i]->s.k = IPPROTO_FRAGMENT;
3406 fix3 = i;
3407 v6end = i;
3408 i++;
3409
3410 /* v6advance: */
3411 v6advance = i;
3412
3413 /*
3414 * in short,
3415 * A = P[X];
3416 * X = X + (P[X + 1] + 1) * 8;
3417 */
3418 /* A = X */
3419 s[i] = new_stmt(BPF_MISC|BPF_TXA);
3420 i++;
3421 /* A = P[X + packet head] */
3422 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
3423 s[i]->s.k = off_nl;
3424 i++;
3425 /* MEM[reg2] = A */
3426 s[i] = new_stmt(BPF_ST);
3427 s[i]->s.k = reg2;
3428 i++;
3429 /* A = X */
3430 s[i] = new_stmt(BPF_MISC|BPF_TXA);
3431 i++;
3432 /* A += 1 */
3433 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3434 s[i]->s.k = 1;
3435 i++;
3436 /* X = A */
3437 s[i] = new_stmt(BPF_MISC|BPF_TAX);
3438 i++;
3439 /* A = P[X + packet head]; */
3440 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
3441 s[i]->s.k = off_nl;
3442 i++;
3443 /* A += 1 */
3444 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3445 s[i]->s.k = 1;
3446 i++;
3447 /* A *= 8 */
3448 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
3449 s[i]->s.k = 8;
3450 i++;
3451 /* X = A; */
3452 s[i] = new_stmt(BPF_MISC|BPF_TAX);
3453 i++;
3454 /* A = MEM[reg2] */
3455 s[i] = new_stmt(BPF_LD|BPF_MEM);
3456 s[i]->s.k = reg2;
3457 i++;
3458
3459 /* goto again; (must use BPF_JA for backward jump) */
3460 s[i] = new_stmt(BPF_JMP|BPF_JA);
3461 s[i]->s.k = again - i - 1;
3462 s[i - 1]->s.jf = s[i];
3463 i++;
3464
3465 /* fixup */
3466 for (j = v6start; j <= v6end; j++)
3467 s[j]->s.jt = s[v6advance];
3468 } else
3469 #endif
3470 {
3471 /* nop */
3472 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3473 s[i]->s.k = 0;
3474 s[fix2]->s.jf = s[i];
3475 i++;
3476 }
3477
3478 /* ahcheck: */
3479 ahcheck = i;
3480 /* if (A == IPPROTO_AH) then fall through; else goto end; */
3481 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3482 s[i]->s.jt = NULL; /*later*/
3483 s[i]->s.jf = NULL; /*later*/
3484 s[i]->s.k = IPPROTO_AH;
3485 if (fix3)
3486 s[fix3]->s.jf = s[ahcheck];
3487 fix4 = i;
3488 i++;
3489
3490 /*
3491 * in short,
3492 * A = P[X];
3493 * X = X + (P[X + 1] + 2) * 4;
3494 */
3495 /* A = X */
3496 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
3497 i++;
3498 /* A = P[X + packet head]; */
3499 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
3500 s[i]->s.k = off_nl;
3501 i++;
3502 /* MEM[reg2] = A */
3503 s[i] = new_stmt(BPF_ST);
3504 s[i]->s.k = reg2;
3505 i++;
3506 /* A = X */
3507 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
3508 i++;
3509 /* A += 1 */
3510 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3511 s[i]->s.k = 1;
3512 i++;
3513 /* X = A */
3514 s[i] = new_stmt(BPF_MISC|BPF_TAX);
3515 i++;
3516 /* A = P[X + packet head] */
3517 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
3518 s[i]->s.k = off_nl;
3519 i++;
3520 /* A += 2 */
3521 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3522 s[i]->s.k = 2;
3523 i++;
3524 /* A *= 4 */
3525 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
3526 s[i]->s.k = 4;
3527 i++;
3528 /* X = A; */
3529 s[i] = new_stmt(BPF_MISC|BPF_TAX);
3530 i++;
3531 /* A = MEM[reg2] */
3532 s[i] = new_stmt(BPF_LD|BPF_MEM);
3533 s[i]->s.k = reg2;
3534 i++;
3535
3536 /* goto again; (must use BPF_JA for backward jump) */
3537 s[i] = new_stmt(BPF_JMP|BPF_JA);
3538 s[i]->s.k = again - i - 1;
3539 i++;
3540
3541 /* end: nop */
3542 end = i;
3543 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3544 s[i]->s.k = 0;
3545 s[fix2]->s.jt = s[end];
3546 s[fix4]->s.jf = s[end];
3547 s[fix5]->s.jt = s[end];
3548 i++;
3549
3550 /*
3551 * make slist chain
3552 */
3553 max = i;
3554 for (i = 0; i < max - 1; i++)
3555 s[i]->next = s[i + 1];
3556 s[max - 1]->next = NULL;
3557
3558 /*
3559 * emit final check
3560 */
3561 b = new_block(JMP(BPF_JEQ));
3562 b->stmts = s[1]; /*remember, s[0] is dummy*/
3563 b->s.k = v;
3564
3565 free_reg(reg2);
3566
3567 gen_and(b0, b);
3568 return b;
3569 #endif
3570 }
3571
3572 static struct block *
3573 gen_proto(v, proto, dir)
3574 int v;
3575 int proto;
3576 int dir;
3577 {
3578 struct block *b0, *b1;
3579
3580 if (dir != Q_DEFAULT)
3581 bpf_error("direction applied to 'proto'");
3582
3583 switch (proto) {
3584 case Q_DEFAULT:
3585 #ifdef INET6
3586 b0 = gen_proto(v, Q_IP, dir);
3587 b1 = gen_proto(v, Q_IPV6, dir);
3588 gen_or(b0, b1);
3589 return b1;
3590 #else
3591 /*FALLTHROUGH*/
3592 #endif
3593 case Q_IP:
3594 /*
3595 * For FDDI, RFC 1188 says that SNAP encapsulation is used,
3596 * not LLC encapsulation with LLCSAP_IP.
3597 *
3598 * For IEEE 802 networks - which includes 802.5 token ring
3599 * (which is what DLT_IEEE802 means) and 802.11 - RFC 1042
3600 * says that SNAP encapsulation is used, not LLC encapsulation
3601 * with LLCSAP_IP.
3602 *
3603 * For LLC-encapsulated ATM/"Classical IP", RFC 1483 and
3604 * RFC 2225 say that SNAP encapsulation is used, not LLC
3605 * encapsulation with LLCSAP_IP.
3606 *
3607 * So we always check for ETHERTYPE_IP.
3608 */
3609 b0 = gen_linktype(ETHERTYPE_IP);
3610 #ifndef CHASE_CHAIN
3611 b1 = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)v);
3612 #else
3613 b1 = gen_protochain(v, Q_IP);
3614 #endif
3615 gen_and(b0, b1);
3616 return b1;
3617
3618 case Q_ISO:
3619 switch (linktype) {
3620
3621 case DLT_FRELAY:
3622 /*
3623 * Frame Relay packets typically have an OSI
3624 * NLPID at the beginning; "gen_linktype(LLCSAP_ISONS)"
3625 * generates code to check for all the OSI
3626 * NLPIDs, so calling it and then adding a check
3627 * for the particular NLPID for which we're
3628 * looking is bogus, as we can just check for
3629 * the NLPID.
3630 *
3631 * What we check for is the NLPID and a frame
3632 * control field value of UI, i.e. 0x03 followed
3633 * by the NLPID.
3634 *
3635 * XXX - assumes a 2-byte Frame Relay header with
3636 * DLCI and flags. What if the address is longer?
3637 *
3638 * XXX - what about SNAP-encapsulated frames?
3639 */
3640 return gen_cmp(2, BPF_H, (0x03<<8) | v);
3641 break;
3642
3643 case DLT_C_HDLC:
3644 /*
3645 * Cisco uses an Ethertype lookalike - for OSI,
3646 * it's 0xfefe.
3647 */
3648 b0 = gen_linktype(LLCSAP_ISONS<<8 | LLCSAP_ISONS);
3649 /* OSI in C-HDLC is stuffed with a fudge byte */
3650 b1 = gen_cmp(off_nl_nosnap+1, BPF_B, (long)v);
3651 gen_and(b0, b1);
3652 return b1;
3653
3654 default:
3655 b0 = gen_linktype(LLCSAP_ISONS);
3656 b1 = gen_cmp(off_nl_nosnap, BPF_B, (long)v);
3657 gen_and(b0, b1);
3658 return b1;
3659 }
3660
3661 case Q_ISIS:
3662 b0 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT);
3663 /*
3664 * 4 is the offset of the PDU type relative to the IS-IS
3665 * header.
3666 */
3667 b1 = gen_cmp(off_nl_nosnap+4, BPF_B, (long)v);
3668 gen_and(b0, b1);
3669 return b1;
3670
3671 case Q_ARP:
3672 bpf_error("arp does not encapsulate another protocol");
3673 /* NOTREACHED */
3674
3675 case Q_RARP:
3676 bpf_error("rarp does not encapsulate another protocol");
3677 /* NOTREACHED */
3678
3679 case Q_ATALK:
3680 bpf_error("atalk encapsulation is not specifiable");
3681 /* NOTREACHED */
3682
3683 case Q_DECNET:
3684 bpf_error("decnet encapsulation is not specifiable");
3685 /* NOTREACHED */
3686
3687 case Q_SCA:
3688 bpf_error("sca does not encapsulate another protocol");
3689 /* NOTREACHED */
3690
3691 case Q_LAT:
3692 bpf_error("lat does not encapsulate another protocol");
3693 /* NOTREACHED */
3694
3695 case Q_MOPRC:
3696 bpf_error("moprc does not encapsulate another protocol");
3697 /* NOTREACHED */
3698
3699 case Q_MOPDL:
3700 bpf_error("mopdl does not encapsulate another protocol");
3701 /* NOTREACHED */
3702
3703 case Q_LINK:
3704 return gen_linktype(v);
3705
3706 case Q_UDP:
3707 bpf_error("'udp proto' is bogus");
3708 /* NOTREACHED */
3709
3710 case Q_TCP:
3711 bpf_error("'tcp proto' is bogus");
3712 /* NOTREACHED */
3713
3714 case Q_SCTP:
3715 bpf_error("'sctp proto' is bogus");
3716 /* NOTREACHED */
3717
3718 case Q_ICMP:
3719 bpf_error("'icmp proto' is bogus");
3720 /* NOTREACHED */
3721
3722 case Q_IGMP:
3723 bpf_error("'igmp proto' is bogus");
3724 /* NOTREACHED */
3725
3726 case Q_IGRP:
3727 bpf_error("'igrp proto' is bogus");
3728 /* NOTREACHED */
3729
3730 case Q_PIM:
3731 bpf_error("'pim proto' is bogus");
3732 /* NOTREACHED */
3733
3734 case Q_VRRP:
3735 bpf_error("'vrrp proto' is bogus");
3736 /* NOTREACHED */
3737
3738 #ifdef INET6
3739 case Q_IPV6:
3740 b0 = gen_linktype(ETHERTYPE_IPV6);
3741 #ifndef CHASE_CHAIN
3742 b1 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)v);
3743 #else
3744 b1 = gen_protochain(v, Q_IPV6);
3745 #endif
3746 gen_and(b0, b1);
3747 return b1;
3748
3749 case Q_ICMPV6:
3750 bpf_error("'icmp6 proto' is bogus");
3751 #endif /* INET6 */
3752
3753 case Q_AH:
3754 bpf_error("'ah proto' is bogus");
3755
3756 case Q_ESP:
3757 bpf_error("'ah proto' is bogus");
3758
3759 case Q_STP:
3760 bpf_error("'stp proto' is bogus");
3761
3762 case Q_IPX:
3763 bpf_error("'ipx proto' is bogus");
3764
3765 case Q_NETBEUI:
3766 bpf_error("'netbeui proto' is bogus");
3767
3768 default:
3769 abort();
3770 /* NOTREACHED */
3771 }
3772 /* NOTREACHED */
3773 }
3774
3775 struct block *
3776 gen_scode(name, q)
3777 register const char *name;
3778 struct qual q;
3779 {
3780 int proto = q.proto;
3781 int dir = q.dir;
3782 int tproto;
3783 u_char *eaddr;
3784 bpf_u_int32 mask, addr;
3785 #ifndef INET6
3786 bpf_u_int32 **alist;
3787 #else
3788 int tproto6;
3789 struct sockaddr_in *sin;
3790 struct sockaddr_in6 *sin6;
3791 struct addrinfo *res, *res0;
3792 struct in6_addr mask128;
3793 #endif /*INET6*/
3794 struct block *b, *tmp;
3795 int port, real_proto;
3796
3797 switch (q.addr) {
3798
3799 case Q_NET:
3800 addr = pcap_nametonetaddr(name);
3801 if (addr == 0)
3802 bpf_error("unknown network '%s'", name);
3803 /* Left justify network addr and calculate its network mask */
3804 mask = 0xffffffff;
3805 while (addr && (addr & 0xff000000) == 0) {
3806 addr <<= 8;
3807 mask <<= 8;
3808 }
3809 return gen_host(addr, mask, proto, dir);
3810
3811 case Q_DEFAULT:
3812 case Q_HOST:
3813 if (proto == Q_LINK) {
3814 switch (linktype) {
3815
3816 case DLT_EN10MB:
3817 eaddr = pcap_ether_hostton(name);
3818 if (eaddr == NULL)
3819 bpf_error(
3820 "unknown ether host '%s'", name);
3821 b = gen_ehostop(eaddr, dir);
3822 free(eaddr);
3823 return b;
3824
3825 case DLT_FDDI:
3826 eaddr = pcap_ether_hostton(name);
3827 if (eaddr == NULL)
3828 bpf_error(
3829 "unknown FDDI host '%s'", name);
3830 b = gen_fhostop(eaddr, dir);
3831 free(eaddr);
3832 return b;
3833
3834 case DLT_IEEE802:
3835 eaddr = pcap_ether_hostton(name);
3836 if (eaddr == NULL)
3837 bpf_error(
3838 "unknown token ring host '%s'", name);
3839 b = gen_thostop(eaddr, dir);
3840 free(eaddr);
3841 return b;
3842
3843 case DLT_IEEE802_11:
3844 eaddr = pcap_ether_hostton(name);
3845 if (eaddr == NULL)
3846 bpf_error(
3847 "unknown 802.11 host '%s'", name);
3848 b = gen_wlanhostop(eaddr, dir);
3849 free(eaddr);
3850 return b;
3851
3852 case DLT_IP_OVER_FC:
3853 eaddr = pcap_ether_hostton(name);
3854 if (eaddr == NULL)
3855 bpf_error(
3856 "unknown Fibre Channel host '%s'", name);
3857 b = gen_ipfchostop(eaddr, dir);
3858 free(eaddr);
3859 return b;
3860
3861 case DLT_SUNATM:
3862 if (!is_lane)
3863 break;
3864
3865 /*
3866 * Check that the packet doesn't begin
3867 * with an LE Control marker. (We've
3868 * already generated a test for LANE.)
3869 */
3870 tmp = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H,
3871 0xFF00);
3872 gen_not(tmp);
3873
3874 eaddr = pcap_ether_hostton(name);
3875 if (eaddr == NULL)
3876 bpf_error(
3877 "unknown ether host '%s'", name);
3878 b = gen_ehostop(eaddr, dir);
3879 gen_and(tmp, b);
3880 free(eaddr);
3881 return b;
3882 }
3883
3884 bpf_error("only ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel supports link-level host name");
3885 } else if (proto == Q_DECNET) {
3886 unsigned short dn_addr = __pcap_nametodnaddr(name);
3887 /*
3888 * I don't think DECNET hosts can be multihomed, so
3889 * there is no need to build up a list of addresses
3890 */
3891 return (gen_host(dn_addr, 0, proto, dir));
3892 } else {
3893 #ifndef INET6
3894 alist = pcap_nametoaddr(name);
3895 if (alist == NULL || *alist == NULL)
3896 bpf_error("unknown host '%s'", name);
3897 tproto = proto;
3898 if (off_linktype == (u_int)-1 && tproto == Q_DEFAULT)
3899 tproto = Q_IP;
3900 b = gen_host(**alist++, 0xffffffff, tproto, dir);
3901 while (*alist) {
3902 tmp = gen_host(**alist++, 0xffffffff,
3903 tproto, dir);
3904 gen_or(b, tmp);
3905 b = tmp;
3906 }
3907 return b;
3908 #else
3909 memset(&mask128, 0xff, sizeof(mask128));
3910 res0 = res = pcap_nametoaddrinfo(name);
3911 if (res == NULL)
3912 bpf_error("unknown host '%s'", name);
3913 b = tmp = NULL;
3914 tproto = tproto6 = proto;
3915 if (off_linktype == -1 && tproto == Q_DEFAULT) {
3916 tproto = Q_IP;
3917 tproto6 = Q_IPV6;
3918 }
3919 for (res = res0; res; res = res->ai_next) {
3920 switch (res->ai_family) {
3921 case AF_INET:
3922 if (tproto == Q_IPV6)
3923 continue;
3924
3925 sin = (struct sockaddr_in *)
3926 res->ai_addr;
3927 tmp = gen_host(ntohl(sin->sin_addr.s_addr),
3928 0xffffffff, tproto, dir);
3929 break;
3930 case AF_INET6:
3931 if (tproto6 == Q_IP)
3932 continue;
3933
3934 sin6 = (struct sockaddr_in6 *)
3935 res->ai_addr;
3936 tmp = gen_host6(&sin6->sin6_addr,
3937 &mask128, tproto6, dir);
3938 break;
3939 default:
3940 continue;
3941 }
3942 if (b)
3943 gen_or(b, tmp);
3944 b = tmp;
3945 }
3946 freeaddrinfo(res0);
3947 if (b == NULL) {
3948 bpf_error("unknown host '%s'%s", name,
3949 (proto == Q_DEFAULT)
3950 ? ""
3951 : " for specified address family");
3952 }
3953 return b;
3954 #endif /*INET6*/
3955 }
3956
3957 case Q_PORT:
3958 if (proto != Q_DEFAULT &&
3959 proto != Q_UDP && proto != Q_TCP && proto != Q_SCTP)
3960 bpf_error("illegal qualifier of 'port'");
3961 if (pcap_nametoport(name, &port, &real_proto) == 0)
3962 bpf_error("unknown port '%s'", name);
3963 if (proto == Q_UDP) {
3964 if (real_proto == IPPROTO_TCP)
3965 bpf_error("port '%s' is tcp", name);
3966 else if (real_proto == IPPROTO_SCTP)
3967 bpf_error("port '%s' is sctp", name);
3968 else
3969 /* override PROTO_UNDEF */
3970 real_proto = IPPROTO_UDP;
3971 }
3972 if (proto == Q_TCP) {
3973 if (real_proto == IPPROTO_UDP)
3974 bpf_error("port '%s' is udp", name);
3975
3976 else if (real_proto == IPPROTO_SCTP)
3977 bpf_error("port '%s' is sctp", name);
3978 else
3979 /* override PROTO_UNDEF */
3980 real_proto = IPPROTO_TCP;
3981 }
3982 if (proto == Q_SCTP) {
3983 if (real_proto == IPPROTO_UDP)
3984 bpf_error("port '%s' is udp", name);
3985
3986 else if (real_proto == IPPROTO_TCP)
3987 bpf_error("port '%s' is tcp", name);
3988 else
3989 /* override PROTO_UNDEF */
3990 real_proto = IPPROTO_SCTP;
3991 }
3992 #ifndef INET6
3993 return gen_port(port, real_proto, dir);
3994 #else
3995 {
3996 struct block *b;
3997 b = gen_port(port, real_proto, dir);
3998 gen_or(gen_port6(port, real_proto, dir), b);
3999 return b;
4000 }
4001 #endif /* INET6 */
4002
4003 case Q_GATEWAY:
4004 #ifndef INET6
4005 eaddr = pcap_ether_hostton(name);
4006 if (eaddr == NULL)
4007 bpf_error("unknown ether host: %s", name);
4008
4009 alist = pcap_nametoaddr(name);
4010 if (alist == NULL || *alist == NULL)
4011 bpf_error("unknown host '%s'", name);
4012 b = gen_gateway(eaddr, alist, proto, dir);
4013 free(eaddr);
4014 return b;
4015 #else
4016 bpf_error("'gateway' not supported in this configuration");
4017 #endif /*INET6*/
4018
4019 case Q_PROTO:
4020 real_proto = lookup_proto(name, proto);
4021 if (real_proto >= 0)
4022 return gen_proto(real_proto, proto, dir);
4023 else
4024 bpf_error("unknown protocol: %s", name);
4025
4026 case Q_PROTOCHAIN:
4027 real_proto = lookup_proto(name, proto);
4028 if (real_proto >= 0)
4029 return gen_protochain(real_proto, proto, dir);
4030 else
4031 bpf_error("unknown protocol: %s", name);
4032
4033
4034 case Q_UNDEF:
4035 syntax();
4036 /* NOTREACHED */
4037 }
4038 abort();
4039 /* NOTREACHED */
4040 }
4041
4042 struct block *
4043 gen_mcode(s1, s2, masklen, q)
4044 register const char *s1, *s2;
4045 register int masklen;
4046 struct qual q;
4047 {
4048 register int nlen, mlen;
4049 bpf_u_int32 n, m;
4050
4051 nlen = __pcap_atoin(s1, &n);
4052 /* Promote short ipaddr */
4053 n <<= 32 - nlen;
4054
4055 if (s2 != NULL) {
4056 mlen = __pcap_atoin(s2, &m);
4057 /* Promote short ipaddr */
4058 m <<= 32 - mlen;
4059 if ((n & ~m) != 0)
4060 bpf_error("non-network bits set in \"%s mask %s\"",
4061 s1, s2);
4062 } else {
4063 /* Convert mask len to mask */
4064 if (masklen > 32)
4065 bpf_error("mask length must be <= 32");
4066 m = 0xffffffff << (32 - masklen);
4067 if ((n & ~m) != 0)
4068 bpf_error("non-network bits set in \"%s/%d\"",
4069 s1, masklen);
4070 }
4071
4072 switch (q.addr) {
4073
4074 case Q_NET:
4075 return gen_host(n, m, q.proto, q.dir);
4076
4077 default:
4078 bpf_error("Mask syntax for networks only");
4079 /* NOTREACHED */
4080 }
4081 }
4082
4083 struct block *
4084 gen_ncode(s, v, q)
4085 register const char *s;
4086 bpf_u_int32 v;
4087 struct qual q;
4088 {
4089 bpf_u_int32 mask;
4090 int proto = q.proto;
4091 int dir = q.dir;
4092 register int vlen;
4093
4094 if (s == NULL)
4095 vlen = 32;
4096 else if (q.proto == Q_DECNET)
4097 vlen = __pcap_atodn(s, &v);
4098 else
4099 vlen = __pcap_atoin(s, &v);
4100
4101 switch (q.addr) {
4102
4103 case Q_DEFAULT:
4104 case Q_HOST:
4105 case Q_NET:
4106 if (proto == Q_DECNET)
4107 return gen_host(v, 0, proto, dir);
4108 else if (proto == Q_LINK) {
4109 bpf_error("illegal link layer address");
4110 } else {
4111 mask = 0xffffffff;
4112 if (s == NULL && q.addr == Q_NET) {
4113 /* Promote short net number */
4114 while (v && (v & 0xff000000) == 0) {
4115 v <<= 8;
4116 mask <<= 8;
4117 }
4118 } else {
4119 /* Promote short ipaddr */
4120 v <<= 32 - vlen;
4121 mask <<= 32 - vlen;
4122 }
4123 return gen_host(v, mask, proto, dir);
4124 }
4125
4126 case Q_PORT:
4127 if (proto == Q_UDP)
4128 proto = IPPROTO_UDP;
4129 else if (proto == Q_TCP)
4130 proto = IPPROTO_TCP;
4131 else if (proto == Q_SCTP)
4132 proto = IPPROTO_SCTP;
4133 else if (proto == Q_DEFAULT)
4134 proto = PROTO_UNDEF;
4135 else
4136 bpf_error("illegal qualifier of 'port'");
4137
4138 #ifndef INET6
4139 return gen_port((int)v, proto, dir);
4140 #else
4141 {
4142 struct block *b;
4143 b = gen_port((int)v, proto, dir);
4144 gen_or(gen_port6((int)v, proto, dir), b);
4145 return b;
4146 }
4147 #endif /* INET6 */
4148
4149 case Q_GATEWAY:
4150 bpf_error("'gateway' requires a name");
4151 /* NOTREACHED */
4152
4153 case Q_PROTO:
4154 return gen_proto((int)v, proto, dir);
4155
4156 case Q_PROTOCHAIN:
4157 return gen_protochain((int)v, proto, dir);
4158
4159 case Q_UNDEF:
4160 syntax();
4161 /* NOTREACHED */
4162
4163 default:
4164 abort();
4165 /* NOTREACHED */
4166 }
4167 /* NOTREACHED */
4168 }
4169
4170 #ifdef INET6
4171 struct block *
4172 gen_mcode6(s1, s2, masklen, q)
4173 register const char *s1, *s2;
4174 register int masklen;
4175 struct qual q;
4176 {
4177 struct addrinfo *res;
4178 struct in6_addr *addr;
4179 struct in6_addr mask;
4180 struct block *b;
4181 u_int32_t *a, *m;
4182
4183 if (s2)
4184 bpf_error("no mask %s supported", s2);
4185
4186 res = pcap_nametoaddrinfo(s1);
4187 if (!res)
4188 bpf_error("invalid ip6 address %s", s1);
4189 if (res->ai_next)
4190 bpf_error("%s resolved to multiple address", s1);
4191 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr;
4192
4193 if (sizeof(mask) * 8 < masklen)
4194 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8));
4195 memset(&mask, 0, sizeof(mask));
4196 memset(&mask, 0xff, masklen / 8);
4197 if (masklen % 8) {
4198 mask.s6_addr[masklen / 8] =
4199 (0xff << (8 - masklen % 8)) & 0xff;
4200 }
4201
4202 a = (u_int32_t *)addr;
4203 m = (u_int32_t *)&mask;
4204 if ((a[0] & ~m[0]) || (a[1] & ~m[1])
4205 || (a[2] & ~m[2]) || (a[3] & ~m[3])) {
4206 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen);
4207 }
4208
4209 switch (q.addr) {
4210
4211 case Q_DEFAULT:
4212 case Q_HOST:
4213 if (masklen != 128)
4214 bpf_error("Mask syntax for networks only");
4215 /* FALLTHROUGH */
4216
4217 case Q_NET:
4218 b = gen_host6(addr, &mask, q.proto, q.dir);
4219 freeaddrinfo(res);
4220 return b;
4221
4222 default:
4223 bpf_error("invalid qualifier against IPv6 address");
4224 /* NOTREACHED */
4225 }
4226 }
4227 #endif /*INET6*/
4228
4229 struct block *
4230 gen_ecode(eaddr, q)
4231 register const u_char *eaddr;
4232 struct qual q;
4233 {
4234 struct block *b, *tmp;
4235
4236 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
4237 if (linktype == DLT_EN10MB)
4238 return gen_ehostop(eaddr, (int)q.dir);
4239 if (linktype == DLT_FDDI)
4240 return gen_fhostop(eaddr, (int)q.dir);
4241 if (linktype == DLT_IEEE802)
4242 return gen_thostop(eaddr, (int)q.dir);
4243 if (linktype == DLT_IEEE802_11)
4244 return gen_wlanhostop(eaddr, (int)q.dir);
4245 if (linktype == DLT_SUNATM && is_lane) {
4246 /*
4247 * Check that the packet doesn't begin with an
4248 * LE Control marker. (We've already generated
4249 * a test for LANE.)
4250 */
4251 tmp = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
4252 gen_not(tmp);
4253
4254 /*
4255 * Now check the MAC address.
4256 */
4257 b = gen_ehostop(eaddr, (int)q.dir);
4258 gen_and(tmp, b);
4259 return b;
4260 }
4261 if (linktype == DLT_IP_OVER_FC)
4262 return gen_ipfchostop(eaddr, (int)q.dir);
4263 bpf_error("ethernet addresses supported only on ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel");
4264 }
4265 bpf_error("ethernet address used in non-ether expression");
4266 /* NOTREACHED */
4267 }
4268
4269 void
4270 sappend(s0, s1)
4271 struct slist *s0, *s1;
4272 {
4273 /*
4274 * This is definitely not the best way to do this, but the
4275 * lists will rarely get long.
4276 */
4277 while (s0->next)
4278 s0 = s0->next;
4279 s0->next = s1;
4280 }
4281
4282 static struct slist *
4283 xfer_to_x(a)
4284 struct arth *a;
4285 {
4286 struct slist *s;
4287
4288 s = new_stmt(BPF_LDX|BPF_MEM);
4289 s->s.k = a->regno;
4290 return s;
4291 }
4292
4293 static struct slist *
4294 xfer_to_a(a)
4295 struct arth *a;
4296 {
4297 struct slist *s;
4298
4299 s = new_stmt(BPF_LD|BPF_MEM);
4300 s->s.k = a->regno;
4301 return s;
4302 }
4303
4304 struct arth *
4305 gen_load(proto, index, size)
4306 int proto;
4307 struct arth *index;
4308 int size;
4309 {
4310 struct slist *s, *tmp;
4311 struct block *b;
4312 int regno = alloc_reg();
4313
4314 free_reg(index->regno);
4315 switch (size) {
4316
4317 default:
4318 bpf_error("data size must be 1, 2, or 4");
4319
4320 case 1:
4321 size = BPF_B;
4322 break;
4323
4324 case 2:
4325 size = BPF_H;
4326 break;
4327
4328 case 4:
4329 size = BPF_W;
4330 break;
4331 }
4332 switch (proto) {
4333 default:
4334 bpf_error("unsupported index operation");
4335
4336 case Q_LINK:
4337 /*
4338 * XXX - what about ATM LANE? Should the index be
4339 * relative to the beginning of the AAL5 frame, so
4340 * that 0 refers to the beginning of the LE Control
4341 * field, or relative to the beginning of the LAN
4342 * frame, so that 0 refers, for Ethernet LANE, to
4343 * the beginning of the destination address?
4344 */
4345 s = xfer_to_x(index);
4346 tmp = new_stmt(BPF_LD|BPF_IND|size);
4347 sappend(s, tmp);
4348 sappend(index->s, s);
4349 break;
4350
4351 case Q_IP:
4352 case Q_ARP:
4353 case Q_RARP:
4354 case Q_ATALK:
4355 case Q_DECNET:
4356 case Q_SCA:
4357 case Q_LAT:
4358 case Q_MOPRC:
4359 case Q_MOPDL:
4360 #ifdef INET6
4361 case Q_IPV6:
4362 #endif
4363 /* XXX Note that we assume a fixed link header here. */
4364 s = xfer_to_x(index);
4365 tmp = new_stmt(BPF_LD|BPF_IND|size);
4366 tmp->s.k = off_nl;
4367 sappend(s, tmp);
4368 sappend(index->s, s);
4369
4370 b = gen_proto_abbrev(proto);
4371 if (index->b)
4372 gen_and(index->b, b);
4373 index->b = b;
4374 break;
4375
4376 case Q_SCTP:
4377 case Q_TCP:
4378 case Q_UDP:
4379 case Q_ICMP:
4380 case Q_IGMP:
4381 case Q_IGRP:
4382 case Q_PIM:
4383 case Q_VRRP:
4384 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
4385 s->s.k = off_nl;
4386 sappend(s, xfer_to_a(index));
4387 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X));
4388 sappend(s, new_stmt(BPF_MISC|BPF_TAX));
4389 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size));
4390 tmp->s.k = off_nl;
4391 sappend(index->s, s);
4392
4393 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag());
4394 if (index->b)
4395 gen_and(index->b, b);
4396 #ifdef INET6
4397 gen_and(gen_proto_abbrev(Q_IP), b);
4398 #endif
4399 index->b = b;
4400 break;
4401 #ifdef INET6
4402 case Q_ICMPV6:
4403 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]");
4404 /*NOTREACHED*/
4405 #endif
4406 }
4407 index->regno = regno;
4408 s = new_stmt(BPF_ST);
4409 s->s.k = regno;
4410 sappend(index->s, s);
4411
4412 return index;
4413 }
4414
4415 struct block *
4416 gen_relation(code, a0, a1, reversed)
4417 int code;
4418 struct arth *a0, *a1;
4419 int reversed;
4420 {
4421 struct slist *s0, *s1, *s2;
4422 struct block *b, *tmp;
4423
4424 s0 = xfer_to_x(a1);
4425 s1 = xfer_to_a(a0);
4426 if (code == BPF_JEQ) {
4427 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X);
4428 b = new_block(JMP(code));
4429 sappend(s1, s2);
4430 }
4431 else
4432 b = new_block(BPF_JMP|code|BPF_X);
4433 if (reversed)
4434 gen_not(b);
4435
4436 sappend(s0, s1);
4437 sappend(a1->s, s0);
4438 sappend(a0->s, a1->s);
4439
4440 b->stmts = a0->s;
4441
4442 free_reg(a0->regno);
4443 free_reg(a1->regno);
4444
4445 /* 'and' together protocol checks */
4446 if (a0->b) {
4447 if (a1->b) {
4448 gen_and(a0->b, tmp = a1->b);
4449 }
4450 else
4451 tmp = a0->b;
4452 } else
4453 tmp = a1->b;
4454
4455 if (tmp)
4456 gen_and(tmp, b);
4457
4458 return b;
4459 }
4460
4461 struct arth *
4462 gen_loadlen()
4463 {
4464 int regno = alloc_reg();
4465 struct arth *a = (struct arth *)newchunk(sizeof(*a));
4466 struct slist *s;
4467
4468 s = new_stmt(BPF_LD|BPF_LEN);
4469 s->next = new_stmt(BPF_ST);
4470 s->next->s.k = regno;
4471 a->s = s;
4472 a->regno = regno;
4473
4474 return a;
4475 }
4476
4477 struct arth *
4478 gen_loadi(val)
4479 int val;
4480 {
4481 struct arth *a;
4482 struct slist *s;
4483 int reg;
4484
4485 a = (struct arth *)newchunk(sizeof(*a));
4486
4487 reg = alloc_reg();
4488
4489 s = new_stmt(BPF_LD|BPF_IMM);
4490 s->s.k = val;
4491 s->next = new_stmt(BPF_ST);
4492 s->next->s.k = reg;
4493 a->s = s;
4494 a->regno = reg;
4495
4496 return a;
4497 }
4498
4499 struct arth *
4500 gen_neg(a)
4501 struct arth *a;
4502 {
4503 struct slist *s;
4504
4505 s = xfer_to_a(a);
4506 sappend(a->s, s);
4507 s = new_stmt(BPF_ALU|BPF_NEG);
4508 s->s.k = 0;
4509 sappend(a->s, s);
4510 s = new_stmt(BPF_ST);
4511 s->s.k = a->regno;
4512 sappend(a->s, s);
4513
4514 return a;
4515 }
4516
4517 struct arth *
4518 gen_arth(code, a0, a1)
4519 int code;
4520 struct arth *a0, *a1;
4521 {
4522 struct slist *s0, *s1, *s2;
4523
4524 s0 = xfer_to_x(a1);
4525 s1 = xfer_to_a(a0);
4526 s2 = new_stmt(BPF_ALU|BPF_X|code);
4527
4528 sappend(s1, s2);
4529 sappend(s0, s1);
4530 sappend(a1->s, s0);
4531 sappend(a0->s, a1->s);
4532
4533 free_reg(a0->regno);
4534 free_reg(a1->regno);
4535
4536 s0 = new_stmt(BPF_ST);
4537 a0->regno = s0->s.k = alloc_reg();
4538 sappend(a0->s, s0);
4539
4540 return a0;
4541 }
4542
4543 /*
4544 * Here we handle simple allocation of the scratch registers.
4545 * If too many registers are alloc'd, the allocator punts.
4546 */
4547 static int regused[BPF_MEMWORDS];
4548 static int curreg;
4549
4550 /*
4551 * Return the next free register.
4552 */
4553 static int
4554 alloc_reg()
4555 {
4556 int n = BPF_MEMWORDS;
4557
4558 while (--n >= 0) {
4559 if (regused[curreg])
4560 curreg = (curreg + 1) % BPF_MEMWORDS;
4561 else {
4562 regused[curreg] = 1;
4563 return curreg;
4564 }
4565 }
4566 bpf_error("too many registers needed to evaluate expression");
4567 /* NOTREACHED */
4568 }
4569
4570 /*
4571 * Return a register to the table so it can
4572 * be used later.
4573 */
4574 static void
4575 free_reg(n)
4576 int n;
4577 {
4578 regused[n] = 0;
4579 }
4580
4581 static struct block *
4582 gen_len(jmp, n)
4583 int jmp, n;
4584 {
4585 struct slist *s;
4586 struct block *b;
4587
4588 s = new_stmt(BPF_LD|BPF_LEN);
4589 b = new_block(JMP(jmp));
4590 b->stmts = s;
4591 b->s.k = n;
4592
4593 return b;
4594 }
4595
4596 struct block *
4597 gen_greater(n)
4598 int n;
4599 {
4600 return gen_len(BPF_JGE, n);
4601 }
4602
4603 /*
4604 * Actually, this is less than or equal.
4605 */
4606 struct block *
4607 gen_less(n)
4608 int n;
4609 {
4610 struct block *b;
4611
4612 b = gen_len(BPF_JGT, n);
4613 gen_not(b);
4614
4615 return b;
4616 }
4617
4618 struct block *
4619 gen_byteop(op, idx, val)
4620 int op, idx, val;
4621 {
4622 struct block *b;
4623 struct slist *s;
4624
4625 switch (op) {
4626 default:
4627 abort();
4628
4629 case '=':
4630 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
4631
4632 case '<':
4633 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
4634 b->s.code = JMP(BPF_JGE);
4635 gen_not(b);
4636 return b;
4637
4638 case '>':
4639 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
4640 b->s.code = JMP(BPF_JGT);
4641 return b;
4642
4643 case '|':
4644 s = new_stmt(BPF_ALU|BPF_OR|BPF_K);
4645 break;
4646
4647 case '&':
4648 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
4649 break;
4650 }
4651 s->s.k = val;
4652 b = new_block(JMP(BPF_JEQ));
4653 b->stmts = s;
4654 gen_not(b);
4655
4656 return b;
4657 }
4658
4659 static u_char abroadcast[] = { 0x0 };
4660
4661 struct block *
4662 gen_broadcast(proto)
4663 int proto;
4664 {
4665 bpf_u_int32 hostmask;
4666 struct block *b0, *b1, *b2;
4667 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
4668
4669 switch (proto) {
4670
4671 case Q_DEFAULT:
4672 case Q_LINK:
4673 if (linktype == DLT_ARCNET || linktype == DLT_ARCNET_LINUX)
4674 return gen_ahostop(abroadcast, Q_DST);
4675 if (linktype == DLT_EN10MB)
4676 return gen_ehostop(ebroadcast, Q_DST);
4677 if (linktype == DLT_FDDI)
4678 return gen_fhostop(ebroadcast, Q_DST);
4679 if (linktype == DLT_IEEE802)
4680 return gen_thostop(ebroadcast, Q_DST);
4681 if (linktype == DLT_IEEE802_11)
4682 return gen_wlanhostop(ebroadcast, Q_DST);
4683 if (linktype == DLT_IP_OVER_FC)
4684 return gen_ipfchostop(ebroadcast, Q_DST);
4685 if (linktype == DLT_SUNATM && is_lane) {
4686 /*
4687 * Check that the packet doesn't begin with an
4688 * LE Control marker. (We've already generated
4689 * a test for LANE.)
4690 */
4691 b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
4692 gen_not(b1);
4693
4694 /*
4695 * Now check the MAC address.
4696 */
4697 b0 = gen_ehostop(ebroadcast, Q_DST);
4698 gen_and(b1, b0);
4699 return b0;
4700 }
4701 bpf_error("not a broadcast link");
4702 break;
4703
4704 case Q_IP:
4705 b0 = gen_linktype(ETHERTYPE_IP);
4706 hostmask = ~netmask;
4707 b1 = gen_mcmp(off_nl + 16, BPF_W, (bpf_int32)0, hostmask);
4708 b2 = gen_mcmp(off_nl + 16, BPF_W,
4709 (bpf_int32)(~0 & hostmask), hostmask);
4710 gen_or(b1, b2);
4711 gen_and(b0, b2);
4712 return b2;
4713 }
4714 bpf_error("only link-layer/IP broadcast filters supported");
4715 }
4716
4717 /*
4718 * Generate code to test the low-order bit of a MAC address (that's
4719 * the bottom bit of the *first* byte).
4720 */
4721 static struct block *
4722 gen_mac_multicast(offset)
4723 int offset;
4724 {
4725 register struct block *b0;
4726 register struct slist *s;
4727
4728 /* link[offset] & 1 != 0 */
4729 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4730 s->s.k = offset;
4731 b0 = new_block(JMP(BPF_JSET));
4732 b0->s.k = 1;
4733 b0->stmts = s;
4734 return b0;
4735 }
4736
4737 struct block *
4738 gen_multicast(proto)
4739 int proto;
4740 {
4741 register struct block *b0, *b1, *b2;
4742 register struct slist *s;
4743
4744 switch (proto) {
4745
4746 case Q_DEFAULT:
4747 case Q_LINK:
4748 if (linktype == DLT_ARCNET || linktype == DLT_ARCNET_LINUX)
4749 /* all ARCnet multicasts use the same address */
4750 return gen_ahostop(abroadcast, Q_DST);
4751
4752 if (linktype == DLT_EN10MB) {
4753 /* ether[0] & 1 != 0 */
4754 return gen_mac_multicast(0);
4755 }
4756
4757 if (linktype == DLT_FDDI) {
4758 /*
4759 * XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX
4760 *
4761 * XXX - was that referring to bit-order issues?
4762 */
4763 /* fddi[1] & 1 != 0 */
4764 return gen_mac_multicast(1);
4765 }
4766
4767 if (linktype == DLT_IEEE802) {
4768 /* tr[2] & 1 != 0 */
4769 return gen_mac_multicast(2);
4770 }
4771
4772 if (linktype == DLT_IEEE802_11) {
4773 /*
4774 * Oh, yuk.
4775 *
4776 * For control frames, there is no DA.
4777 *
4778 * For management frames, DA is at an
4779 * offset of 4 from the beginning of
4780 * the packet.
4781 *
4782 * For data frames, DA is at an offset
4783 * of 4 from the beginning of the packet
4784 * if To DS is clear and at an offset of
4785 * 16 from the beginning of the packet
4786 * if To DS is set.
4787 */
4788
4789 /*
4790 * Generate the tests to be done for data frames.
4791 *
4792 * First, check for To DS set, i.e. "link[1] & 0x01".
4793 */
4794 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4795 s->s.k = 1;
4796 b1 = new_block(JMP(BPF_JSET));
4797 b1->s.k = 0x01; /* To DS */
4798 b1->stmts = s;
4799
4800 /*
4801 * If To DS is set, the DA is at 16.
4802 */
4803 b0 = gen_mac_multicast(16);
4804 gen_and(b1, b0);
4805
4806 /*
4807 * Now, check for To DS not set, i.e. check
4808 * "!(link[1] & 0x01)".
4809 */
4810 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4811 s->s.k = 1;
4812 b2 = new_block(JMP(BPF_JSET));
4813 b2->s.k = 0x01; /* To DS */
4814 b2->stmts = s;
4815 gen_not(b2);
4816
4817 /*
4818 * If To DS is not set, the DA is at 4.
4819 */
4820 b1 = gen_mac_multicast(4);
4821 gen_and(b2, b1);
4822
4823 /*
4824 * Now OR together the last two checks. That gives
4825 * the complete set of checks for data frames.
4826 */
4827 gen_or(b1, b0);
4828
4829 /*
4830 * Now check for a data frame.
4831 * I.e, check "link[0] & 0x08".
4832 */
4833 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4834 s->s.k = 0;
4835 b1 = new_block(JMP(BPF_JSET));
4836 b1->s.k = 0x08;
4837 b1->stmts = s;
4838
4839 /*
4840 * AND that with the checks done for data frames.
4841 */
4842 gen_and(b1, b0);
4843
4844 /*
4845 * If the high-order bit of the type value is 0, this
4846 * is a management frame.
4847 * I.e, check "!(link[0] & 0x08)".
4848 */
4849 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4850 s->s.k = 0;
4851 b2 = new_block(JMP(BPF_JSET));
4852 b2->s.k = 0x08;
4853 b2->stmts = s;
4854 gen_not(b2);
4855
4856 /*
4857 * For management frames, the DA is at 4.
4858 */
4859 b1 = gen_mac_multicast(4);
4860 gen_and(b2, b1);
4861
4862 /*
4863 * OR that with the checks done for data frames.
4864 * That gives the checks done for management and
4865 * data frames.
4866 */
4867 gen_or(b1, b0);
4868
4869 /*
4870 * If the low-order bit of the type value is 1,
4871 * this is either a control frame or a frame
4872 * with a reserved type, and thus not a
4873 * frame with an SA.
4874 *
4875 * I.e., check "!(link[0] & 0x04)".
4876 */
4877 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4878 s->s.k = 0;
4879 b1 = new_block(JMP(BPF_JSET));
4880 b1->s.k = 0x04;
4881 b1->stmts = s;
4882 gen_not(b1);
4883
4884 /*
4885 * AND that with the checks for data and management
4886 * frames.
4887 */
4888 gen_and(b1, b0);
4889 return b0;
4890 }
4891
4892 if (linktype == DLT_IP_OVER_FC) {
4893 b0 = gen_mac_multicast(2);
4894 return b0;
4895 }
4896
4897 if (linktype == DLT_SUNATM && is_lane) {
4898 /*
4899 * Check that the packet doesn't begin with an
4900 * LE Control marker. (We've already generated
4901 * a test for LANE.)
4902 */
4903 b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
4904 gen_not(b1);
4905
4906 /* ether[off_mac] & 1 != 0 */
4907 b0 = gen_mac_multicast(off_mac);
4908 gen_and(b1, b0);
4909 return b0;
4910 }
4911
4912 /* Link not known to support multicasts */
4913 break;
4914
4915 case Q_IP:
4916 b0 = gen_linktype(ETHERTYPE_IP);
4917 b1 = gen_cmp(off_nl + 16, BPF_B, (bpf_int32)224);
4918 b1->s.code = JMP(BPF_JGE);
4919 gen_and(b0, b1);
4920 return b1;
4921
4922 #ifdef INET6
4923 case Q_IPV6:
4924 b0 = gen_linktype(ETHERTYPE_IPV6);
4925 b1 = gen_cmp(off_nl + 24, BPF_B, (bpf_int32)255);
4926 gen_and(b0, b1);
4927 return b1;
4928 #endif /* INET6 */
4929 }
4930 bpf_error("link-layer multicast filters supported only on ethernet/FDDI/token ring/ARCNET/802.11/ATM LANE/Fibre Channel");
4931 }
4932
4933 /*
4934 * generate command for inbound/outbound. It's here so we can
4935 * make it link-type specific. 'dir' = 0 implies "inbound",
4936 * = 1 implies "outbound".
4937 */
4938 struct block *
4939 gen_inbound(dir)
4940 int dir;
4941 {
4942 register struct block *b0;
4943
4944 /*
4945 * Only some data link types support inbound/outbound qualifiers.
4946 */
4947 switch (linktype) {
4948 case DLT_SLIP:
4949 b0 = gen_relation(BPF_JEQ,
4950 gen_load(Q_LINK, gen_loadi(0), 1),
4951 gen_loadi(0),
4952 dir);
4953 break;
4954
4955 case DLT_LINUX_SLL:
4956 if (dir) {
4957 /*
4958 * Match packets sent by this machine.
4959 */
4960 b0 = gen_cmp(0, BPF_H, LINUX_SLL_OUTGOING);
4961 } else {
4962 /*
4963 * Match packets sent to this machine.
4964 * (No broadcast or multicast packets, or
4965 * packets sent to some other machine and
4966 * received promiscuously.)
4967 *
4968 * XXX - packets sent to other machines probably
4969 * shouldn't be matched, but what about broadcast
4970 * or multicast packets we received?
4971 */
4972 b0 = gen_cmp(0, BPF_H, LINUX_SLL_HOST);
4973 }
4974 break;
4975
4976 case DLT_PFLOG:
4977 b0 = gen_cmp(26, BPF_H,
4978 (bpf_int32)((dir == 0) ? PF_IN : PF_OUT));
4979 break;
4980
4981 default:
4982 bpf_error("inbound/outbound not supported on linktype %d",
4983 linktype);
4984 b0 = NULL;
4985 /* NOTREACHED */
4986 }
4987 return (b0);
4988 }
4989
4990 /* PF firewall log matched interface */
4991 struct block *
4992 gen_pf_ifname(const char *ifname)
4993 {
4994 if (linktype != DLT_PFLOG) {
4995 bpf_error("ifname supported only for DLT_PFLOG");
4996 /* NOTREACHED */
4997 }
4998 if (strlen(ifname) >= 16) {
4999 bpf_error("ifname interface names can't be larger than 16 characters");
5000 /* NOTREACHED */
5001 }
5002 return (gen_bcmp(4, strlen(ifname), (const u_char *)ifname));
5003 }
5004
5005
5006 /* PF firewall log rule number */
5007 struct block *
5008 gen_pf_rnr(int rnr)
5009 {
5010 if (linktype != DLT_PFLOG) {
5011 bpf_error("rnr supported only for DLT_PFLOG");
5012 /* NOTREACHED */
5013 }
5014
5015 return (gen_cmp(20, BPF_H, (bpf_int32)rnr));
5016 }
5017
5018 /* PF firewall log reason code */
5019 struct block *
5020 gen_pf_reason(int reason)
5021 {
5022 if (linktype != DLT_PFLOG) {
5023 bpf_error("reason supported only for DLT_PFLOG");
5024 /* NOTREACHED */
5025 }
5026
5027 return (gen_cmp(22, BPF_H, (bpf_int32)reason));
5028 }
5029
5030 /* PF firewall log action */
5031 struct block *
5032 gen_pf_action(int action)
5033 {
5034 if (linktype != DLT_PFLOG) {
5035 bpf_error("action supported only for DLT_PFLOG");
5036 /* NOTREACHED */
5037 }
5038
5039 return (gen_cmp(24, BPF_H, (bpf_int32)action));
5040 }
5041
5042 struct block *
5043 gen_acode(eaddr, q)
5044 register const u_char *eaddr;
5045 struct qual q;
5046 {
5047 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
5048 if (linktype == DLT_ARCNET || linktype == DLT_ARCNET_LINUX)
5049 return gen_ahostop(eaddr, (int)q.dir);
5050 }
5051 bpf_error("ARCnet address used in non-arc expression");
5052 /* NOTREACHED */
5053 }
5054
5055 static struct block *
5056 gen_ahostop(eaddr, dir)
5057 register const u_char *eaddr;
5058 register int dir;
5059 {
5060 register struct block *b0, *b1;
5061
5062 switch (dir) {
5063 /* src comes first, different from Ethernet */
5064 case Q_SRC:
5065 return gen_bcmp(0, 1, eaddr);
5066
5067 case Q_DST:
5068 return gen_bcmp(1, 1, eaddr);
5069
5070 case Q_AND:
5071 b0 = gen_ahostop(eaddr, Q_SRC);
5072 b1 = gen_ahostop(eaddr, Q_DST);
5073 gen_and(b0, b1);
5074 return b1;
5075
5076 case Q_DEFAULT:
5077 case Q_OR:
5078 b0 = gen_ahostop(eaddr, Q_SRC);
5079 b1 = gen_ahostop(eaddr, Q_DST);
5080 gen_or(b0, b1);
5081 return b1;
5082 }
5083 abort();
5084 /* NOTREACHED */
5085 }
5086
5087 /*
5088 * support IEEE 802.1Q VLAN trunk over ethernet
5089 */
5090 struct block *
5091 gen_vlan(vlan_num)
5092 int vlan_num;
5093 {
5094 struct block *b0;
5095
5096 /*
5097 * Change the offsets to point to the type and data fields within
5098 * the VLAN packet. This is somewhat of a kludge.
5099 */
5100 if (orig_nl == (u_int)-1) {
5101 orig_linktype = off_linktype; /* save original values */
5102 orig_nl = off_nl;
5103 orig_nl_nosnap = off_nl_nosnap;
5104
5105 switch (linktype) {
5106
5107 case DLT_EN10MB:
5108 off_linktype = 16;
5109 off_nl_nosnap = 18;
5110 off_nl = 18;
5111 break;
5112
5113 default:
5114 bpf_error("no VLAN support for data link type %d",
5115 linktype);
5116 /*NOTREACHED*/
5117 }
5118 }
5119
5120 /* check for VLAN */
5121 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q);
5122
5123 /* If a specific VLAN is requested, check VLAN id */
5124 if (vlan_num >= 0) {
5125 struct block *b1;
5126
5127 b1 = gen_cmp(orig_nl, BPF_H, (bpf_int32)vlan_num);
5128 gen_and(b0, b1);
5129 b0 = b1;
5130 }
5131
5132 return (b0);
5133 }
5134
5135 struct block *
5136 gen_atmfield_code(atmfield, jvalue, jtype, reverse)
5137 int atmfield;
5138 bpf_u_int32 jvalue;
5139 bpf_u_int32 jtype;
5140 int reverse;
5141 {
5142 struct block *b0;
5143
5144 switch (atmfield) {
5145
5146 case A_VPI:
5147 if (!is_atm)
5148 bpf_error("'vpi' supported only on raw ATM");
5149 if (off_vpi == (u_int)-1)
5150 abort();
5151 b0 = gen_ncmp(BPF_B, off_vpi, 0xffffffff, (u_int)jtype,
5152 (u_int)jvalue, reverse);
5153 break;
5154
5155 case A_VCI:
5156 if (!is_atm)
5157 bpf_error("'vci' supported only on raw ATM");
5158 if (off_vci == (u_int)-1)
5159 abort();
5160 b0 = gen_ncmp(BPF_H, off_vci, 0xffffffff, (u_int)jtype,
5161 (u_int)jvalue, reverse);
5162 break;
5163
5164 case A_PROTOTYPE:
5165 if (off_proto == (u_int)-1)
5166 abort(); /* XXX - this isn't on FreeBSD */
5167 b0 = gen_ncmp(BPF_B, off_proto, 0x0f, (u_int)jtype,
5168 (u_int)jvalue, reverse);
5169 break;
5170
5171 case A_MSGTYPE:
5172 if (off_payload == (u_int)-1)
5173 abort();
5174 b0 = gen_ncmp(BPF_B, off_payload + MSG_TYPE_POS, 0xffffffff,
5175 (u_int)jtype, (u_int)jvalue, reverse);
5176 break;
5177
5178 case A_CALLREFTYPE:
5179 if (!is_atm)
5180 bpf_error("'callref' supported only on raw ATM");
5181 if (off_proto == (u_int)-1)
5182 abort();
5183 b0 = gen_ncmp(BPF_B, off_proto, 0xffffffff, (u_int)jtype,
5184 (u_int)jvalue, reverse);
5185 break;
5186
5187 default:
5188 abort();
5189 }
5190 return b0;
5191 }
5192
5193 struct block *
5194 gen_atmtype_abbrev(type)
5195 int type;
5196 {
5197 struct block *b0, *b1;
5198
5199 switch (type) {
5200
5201 case A_METAC:
5202 /* Get all packets in Meta signalling Circuit */
5203 if (!is_atm)
5204 bpf_error("'metac' supported only on raw ATM");
5205 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5206 b1 = gen_atmfield_code(A_VCI, 1, BPF_JEQ, 0);
5207 gen_and(b0, b1);
5208 break;
5209
5210 case A_BCC:
5211 /* Get all packets in Broadcast Circuit*/
5212 if (!is_atm)
5213 bpf_error("'bcc' supported only on raw ATM");
5214 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5215 b1 = gen_atmfield_code(A_VCI, 2, BPF_JEQ, 0);
5216 gen_and(b0, b1);
5217 break;
5218
5219 case A_OAMF4SC:
5220 /* Get all cells in Segment OAM F4 circuit*/
5221 if (!is_atm)
5222 bpf_error("'oam4sc' supported only on raw ATM");
5223 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5224 b1 = gen_atmfield_code(A_VCI, 3, BPF_JEQ, 0);
5225 gen_and(b0, b1);
5226 break;
5227
5228 case A_OAMF4EC:
5229 /* Get all cells in End-to-End OAM F4 Circuit*/
5230 if (!is_atm)
5231 bpf_error("'oam4ec' supported only on raw ATM");
5232 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5233 b1 = gen_atmfield_code(A_VCI, 4, BPF_JEQ, 0);
5234 gen_and(b0, b1);
5235 break;
5236
5237 case A_SC:
5238 /* Get all packets in connection Signalling Circuit */
5239 if (!is_atm)
5240 bpf_error("'sc' supported only on raw ATM");
5241 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5242 b1 = gen_atmfield_code(A_VCI, 5, BPF_JEQ, 0);
5243 gen_and(b0, b1);
5244 break;
5245
5246 case A_ILMIC:
5247 /* Get all packets in ILMI Circuit */
5248 if (!is_atm)
5249 bpf_error("'ilmic' supported only on raw ATM");
5250 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5251 b1 = gen_atmfield_code(A_VCI, 16, BPF_JEQ, 0);
5252 gen_and(b0, b1);
5253 break;
5254
5255 case A_LANE:
5256 /* Get all LANE packets */
5257 if (!is_atm)
5258 bpf_error("'lane' supported only on raw ATM");
5259 b1 = gen_atmfield_code(A_PROTOTYPE, PT_LANE, BPF_JEQ, 0);
5260
5261 /*
5262 * Arrange that all subsequent tests assume LANE
5263 * rather than LLC-encapsulated packets, and set
5264 * the offsets appropriately for LANE-encapsulated
5265 * Ethernet.
5266 *
5267 * "off_mac" is the offset of the Ethernet header,
5268 * which is 2 bytes past the ATM pseudo-header
5269 * (skipping the pseudo-header and 2-byte LE Client
5270 * field). The other offsets are Ethernet offsets
5271 * relative to "off_mac".
5272 */
5273 is_lane = 1;
5274 off_mac = off_payload + 2; /* MAC header */
5275 off_linktype = off_mac + 12;
5276 off_nl = off_mac + 14; /* Ethernet II */
5277 off_nl_nosnap = off_mac + 17; /* 802.3+802.2 */
5278 break;
5279
5280 case A_LLC:
5281 /* Get all LLC-encapsulated packets */
5282 if (!is_atm)
5283 bpf_error("'llc' supported only on raw ATM");
5284 b1 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0);
5285 is_lane = 0;
5286 break;
5287
5288 default:
5289 abort();
5290 }
5291 return b1;
5292 }
5293
5294
5295 static struct block *
5296 gen_msg_abbrev(type)
5297 int type;
5298 {
5299 struct block *b1;
5300
5301 /*
5302 * Q.2931 signalling protocol messages for handling virtual circuits
5303 * establishment and teardown
5304 */
5305 switch (type) {
5306
5307 case A_SETUP:
5308 b1 = gen_atmfield_code(A_MSGTYPE, SETUP, BPF_JEQ, 0);
5309 break;
5310
5311 case A_CALLPROCEED:
5312 b1 = gen_atmfield_code(A_MSGTYPE, CALL_PROCEED, BPF_JEQ, 0);
5313 break;
5314
5315 case A_CONNECT:
5316 b1 = gen_atmfield_code(A_MSGTYPE, CONNECT, BPF_JEQ, 0);
5317 break;
5318
5319 case A_CONNECTACK:
5320 b1 = gen_atmfield_code(A_MSGTYPE, CONNECT_ACK, BPF_JEQ, 0);
5321 break;
5322
5323 case A_RELEASE:
5324 b1 = gen_atmfield_code(A_MSGTYPE, RELEASE, BPF_JEQ, 0);
5325 break;
5326
5327 case A_RELEASE_DONE:
5328 b1 = gen_atmfield_code(A_MSGTYPE, RELEASE_DONE, BPF_JEQ, 0);
5329 break;
5330
5331 default:
5332 abort();
5333 }
5334 return b1;
5335 }
5336
5337 struct block *
5338 gen_atmmulti_abbrev(type)
5339 int type;
5340 {
5341 struct block *b0, *b1;
5342
5343 switch (type) {
5344
5345 case A_OAM:
5346 if (!is_atm)
5347 bpf_error("'oam' supported only on raw ATM");
5348 b1 = gen_atmmulti_abbrev(A_OAMF4);
5349 break;
5350
5351 case A_OAMF4:
5352 if (!is_atm)
5353 bpf_error("'oamf4' supported only on raw ATM");
5354 /* OAM F4 type */
5355 b0 = gen_atmfield_code(A_VCI, 3, BPF_JEQ, 0);
5356 b1 = gen_atmfield_code(A_VCI, 4, BPF_JEQ, 0);
5357 gen_or(b0, b1);
5358 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5359 gen_and(b0, b1);
5360 break;
5361
5362 case A_CONNECTMSG:
5363 /*
5364 * Get Q.2931 signalling messages for switched
5365 * virtual connection
5366 */
5367 if (!is_atm)
5368 bpf_error("'connectmsg' supported only on raw ATM");
5369 b0 = gen_msg_abbrev(A_SETUP);
5370 b1 = gen_msg_abbrev(A_CALLPROCEED);
5371 gen_or(b0, b1);
5372 b0 = gen_msg_abbrev(A_CONNECT);
5373 gen_or(b0, b1);
5374 b0 = gen_msg_abbrev(A_CONNECTACK);
5375 gen_or(b0, b1);
5376 b0 = gen_msg_abbrev(A_RELEASE);
5377 gen_or(b0, b1);
5378 b0 = gen_msg_abbrev(A_RELEASE_DONE);
5379 gen_or(b0, b1);
5380 b0 = gen_atmtype_abbrev(A_SC);
5381 gen_and(b0, b1);
5382 break;
5383
5384 case A_METACONNECT:
5385 if (!is_atm)
5386 bpf_error("'metaconnect' supported only on raw ATM");
5387 b0 = gen_msg_abbrev(A_SETUP);
5388 b1 = gen_msg_abbrev(A_CALLPROCEED);
5389 gen_or(b0, b1);
5390 b0 = gen_msg_abbrev(A_CONNECT);
5391 gen_or(b0, b1);
5392 b0 = gen_msg_abbrev(A_RELEASE);
5393 gen_or(b0, b1);
5394 b0 = gen_msg_abbrev(A_RELEASE_DONE);
5395 gen_or(b0, b1);
5396 b0 = gen_atmtype_abbrev(A_METAC);
5397 gen_and(b0, b1);
5398 break;
5399
5400 default:
5401 abort();
5402 }
5403 return b1;
5404 }
[mirror] the LIBpcap interface to various kernel packet capture mechanism