]> The Tcpdump Group git mirrors - libpcap/blob - gencode.c
projects / libpcap / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Make "pcap_compile_nopcap()" a wrapper around "pcap_open_dead()" and
[libpcap] / gencode.c
1 /*#define CHASE_CHAIN*/
2 /*
3 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998
4 * The Regents of the University of California. All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that: (1) source code distributions
8 * retain the above copyright notice and this paragraph in its entirety, (2)
9 * distributions including binary code include the above copyright notice and
10 * this paragraph in its entirety in the documentation or other materials
11 * provided with the distribution, and (3) all advertising materials mentioning
12 * features or use of this software display the following acknowledgement:
13 * ``This product includes software developed by the University of California,
14 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
15 * the University nor the names of its contributors may be used to endorse
16 * or promote products derived from this software without specific prior
17 * written permission.
18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
19 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
20 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
21 */
22 #ifndef lint
23 static const char rcsid[] =
24 "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.137 2000-12-12 03:26:16 guy Exp $ (LBL)";
25 #endif
26
27 #ifdef HAVE_CONFIG_H
28 #include "config.h"
29 #endif
30
31 #include <sys/types.h>
32 #include <sys/socket.h>
33 #include <sys/time.h>
34 #ifdef __NetBSD__
35 #include <sys/param.h>
36 #endif
37
38 struct mbuf;
39 struct rtentry;
40 #include <net/if.h>
41
42 #include <netinet/in.h>
43
44 #include <stdlib.h>
45 #include <string.h>
46 #include <memory.h>
47 #include <setjmp.h>
48 #include <stdarg.h>
49
50 #include "pcap-int.h"
51
52 #include "ethertype.h"
53 #include "nlpid.h"
54 #include "gencode.h"
55 #include "ppp.h"
56 #include <pcap-namedb.h>
57 #ifdef INET6
58 #include <netdb.h>
59 #include <sys/socket.h>
60 #endif /*INET6*/
61
62 #define LLC_SNAP_LSAP 0xaa
63 #define LLC_ISO_LSAP 0xfe
64
65 #define ETHERMTU 1500
66
67 #ifdef HAVE_OS_PROTO_H
68 #include "os-proto.h"
69 #endif
70
71 #define JMP(c) ((c)|BPF_JMP|BPF_K)
72
73 /* Locals */
74 static jmp_buf top_ctx;
75 static pcap_t *bpf_pcap;
76
77 /* XXX */
78 #ifdef PCAP_FDDIPAD
79 int pcap_fddipad = PCAP_FDDIPAD;
80 #else
81 int pcap_fddipad;
82 #endif
83
84 /* VARARGS */
85 void
86 bpf_error(const char *fmt, ...)
87
88 {
89 va_list ap;
90
91 va_start(ap, fmt);
92 if (bpf_pcap != NULL)
93 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE,
94 fmt, ap);
95 va_end(ap);
96 longjmp(top_ctx, 1);
97 /* NOTREACHED */
98 }
99
100 static void init_linktype(int);
101
102 static int alloc_reg(void);
103 static void free_reg(int);
104
105 static struct block *root;
106
107 /*
108 * We divy out chunks of memory rather than call malloc each time so
109 * we don't have to worry about leaking memory. It's probably
110 * not a big deal if all this memory was wasted but it this ever
111 * goes into a library that would probably not be a good idea.
112 */
113 #define NCHUNKS 16
114 #define CHUNK0SIZE 1024
115 struct chunk {
116 u_int n_left;
117 void *m;
118 };
119
120 static struct chunk chunks[NCHUNKS];
121 static int cur_chunk;
122
123 static void *newchunk(u_int);
124 static void freechunks(void);
125 static inline struct block *new_block(int);
126 static inline struct slist *new_stmt(int);
127 static struct block *gen_retblk(int);
128 static inline void syntax(void);
129
130 static void backpatch(struct block *, struct block *);
131 static void merge(struct block *, struct block *);
132 static struct block *gen_cmp(u_int, u_int, bpf_int32);
133 static struct block *gen_cmp_gt(u_int, u_int, bpf_int32);
134 static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32);
135 static struct block *gen_bcmp(u_int, u_int, const u_char *);
136 static struct block *gen_uncond(int);
137 static inline struct block *gen_true(void);
138 static inline struct block *gen_false(void);
139 static struct block *gen_linktype(int);
140 static struct block *gen_snap(bpf_u_int32, bpf_u_int32, u_int);
141 static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int);
142 #ifdef INET6
143 static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int);
144 #endif
145 static struct block *gen_ehostop(const u_char *, int);
146 static struct block *gen_fhostop(const u_char *, int);
147 static struct block *gen_thostop(const u_char *, int);
148 static struct block *gen_dnhostop(bpf_u_int32, int, u_int);
149 static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int);
150 #ifdef INET6
151 static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int);
152 #endif
153 #ifndef INET6
154 static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int);
155 #endif
156 static struct block *gen_ipfrag(void);
157 static struct block *gen_portatom(int, bpf_int32);
158 #ifdef INET6
159 static struct block *gen_portatom6(int, bpf_int32);
160 #endif
161 struct block *gen_portop(int, int, int);
162 static struct block *gen_port(int, int, int);
163 #ifdef INET6
164 struct block *gen_portop6(int, int, int);
165 static struct block *gen_port6(int, int, int);
166 #endif
167 static int lookup_proto(const char *, int);
168 static struct block *gen_protochain(int, int, int);
169 static struct block *gen_proto(int, int, int);
170 static struct slist *xfer_to_x(struct arth *);
171 static struct slist *xfer_to_a(struct arth *);
172 static struct block *gen_len(int, int);
173
174 static void *
175 newchunk(n)
176 u_int n;
177 {
178 struct chunk *cp;
179 int k, size;
180
181 #ifndef __NetBSD__
182 /* XXX Round up to nearest long. */
183 n = (n + sizeof(long) - 1) & ~(sizeof(long) - 1);
184 #else
185 /* XXX Round up to structure boundary. */
186 n = ALIGN(n);
187 #endif
188
189 cp = &chunks[cur_chunk];
190 if (n > cp->n_left) {
191 ++cp, k = ++cur_chunk;
192 if (k >= NCHUNKS)
193 bpf_error("out of memory");
194 size = CHUNK0SIZE << k;
195 cp->m = (void *)malloc(size);
196 memset((char *)cp->m, 0, size);
197 cp->n_left = size;
198 if (n > size)
199 bpf_error("out of memory");
200 }
201 cp->n_left -= n;
202 return (void *)((char *)cp->m + cp->n_left);
203 }
204
205 static void
206 freechunks()
207 {
208 int i;
209
210 cur_chunk = 0;
211 for (i = 0; i < NCHUNKS; ++i)
212 if (chunks[i].m != NULL) {
213 free(chunks[i].m);
214 chunks[i].m = NULL;
215 }
216 }
217
218 /*
219 * A strdup whose allocations are freed after code generation is over.
220 */
221 char *
222 sdup(s)
223 register const char *s;
224 {
225 int n = strlen(s) + 1;
226 char *cp = newchunk(n);
227
228 strlcpy(cp, s, n);
229 return (cp);
230 }
231
232 static inline struct block *
233 new_block(code)
234 int code;
235 {
236 struct block *p;
237
238 p = (struct block *)newchunk(sizeof(*p));
239 p->s.code = code;
240 p->head = p;
241
242 return p;
243 }
244
245 static inline struct slist *
246 new_stmt(code)
247 int code;
248 {
249 struct slist *p;
250
251 p = (struct slist *)newchunk(sizeof(*p));
252 p->s.code = code;
253
254 return p;
255 }
256
257 static struct block *
258 gen_retblk(v)
259 int v;
260 {
261 struct block *b = new_block(BPF_RET|BPF_K);
262
263 b->s.k = v;
264 return b;
265 }
266
267 static inline void
268 syntax()
269 {
270 bpf_error("syntax error in filter expression");
271 }
272
273 static bpf_u_int32 netmask;
274 static int snaplen;
275 int no_optimize;
276
277 int
278 pcap_compile(pcap_t *p, struct bpf_program *program,
279 char *buf, int optimize, bpf_u_int32 mask)
280 {
281 extern int n_errors;
282 int len;
283
284 no_optimize = 0;
285 n_errors = 0;
286 root = NULL;
287 bpf_pcap = p;
288 if (setjmp(top_ctx)) {
289 lex_cleanup();
290 freechunks();
291 return (-1);
292 }
293
294 netmask = mask;
295
296 /* On Linux we do not use the BPF filter to truncate the packet
297 * since the kernel provides other ways for that. In fact if we
298 * are using the packet filter for that duty we will be unable
299 * to acquire the original packet size. -- Torsten */
300 #ifndef linux
301 snaplen = pcap_snapshot(p);
302 #else
303 snaplen = 0xffff;
304 #endif
305 if (snaplen == 0) {
306 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
307 "snaplen of 0 rejects all packets");
308 return -1;
309 }
310
311 lex_init(buf ? buf : "");
312 init_linktype(pcap_datalink(p));
313 (void)pcap_parse();
314
315 if (n_errors)
316 syntax();
317
318 if (root == NULL)
319 root = gen_retblk(snaplen);
320
321 if (optimize && !no_optimize) {
322 bpf_optimize(&root);
323 if (root == NULL ||
324 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0))
325 bpf_error("expression rejects all packets");
326 }
327 program->bf_insns = icode_to_fcode(root, &len);
328 program->bf_len = len;
329
330 lex_cleanup();
331 freechunks();
332 return (0);
333 }
334
335 /*
336 * entry point for using the compiler with no pcap open
337 * pass in all the stuff that is needed explicitly instead.
338 */
339 int
340 pcap_compile_nopcap(int snaplen_arg, int linktype_arg,
341 struct bpf_program *program,
342 char *buf, int optimize, bpf_u_int32 mask)
343 {
344 pcap_t *p;
345 int ret;
346
347 p = pcap_open_dead(linktype_arg, snaplen_arg);
348 if (p == NULL)
349 return (-1);
350 ret = pcap_compile(p, program, buf, optimize, mask);
351 pcap_close(p);
352 return (ret);
353 }
354
355 /*
356 * Clean up a "struct bpf_program" by freeing all the memory allocated
357 * in it.
358 */
359 void
360 pcap_freecode(struct bpf_program *program)
361 {
362 program->bf_len = 0;
363 if (program->bf_insns != NULL) {
364 free((char *)program->bf_insns);
365 program->bf_insns = NULL;
366 }
367 }
368
369 /*
370 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates
371 * which of the jt and jf fields has been resolved and which is a pointer
372 * back to another unresolved block (or nil). At least one of the fields
373 * in each block is already resolved.
374 */
375 static void
376 backpatch(list, target)
377 struct block *list, *target;
378 {
379 struct block *next;
380
381 while (list) {
382 if (!list->sense) {
383 next = JT(list);
384 JT(list) = target;
385 } else {
386 next = JF(list);
387 JF(list) = target;
388 }
389 list = next;
390 }
391 }
392
393 /*
394 * Merge the lists in b0 and b1, using the 'sense' field to indicate
395 * which of jt and jf is the link.
396 */
397 static void
398 merge(b0, b1)
399 struct block *b0, *b1;
400 {
401 register struct block **p = &b0;
402
403 /* Find end of list. */
404 while (*p)
405 p = !((*p)->sense) ? &JT(*p) : &JF(*p);
406
407 /* Concatenate the lists. */
408 *p = b1;
409 }
410
411 void
412 finish_parse(p)
413 struct block *p;
414 {
415 backpatch(p, gen_retblk(snaplen));
416 p->sense = !p->sense;
417 backpatch(p, gen_retblk(0));
418 root = p->head;
419 }
420
421 void
422 gen_and(b0, b1)
423 struct block *b0, *b1;
424 {
425 backpatch(b0, b1->head);
426 b0->sense = !b0->sense;
427 b1->sense = !b1->sense;
428 merge(b1, b0);
429 b1->sense = !b1->sense;
430 b1->head = b0->head;
431 }
432
433 void
434 gen_or(b0, b1)
435 struct block *b0, *b1;
436 {
437 b0->sense = !b0->sense;
438 backpatch(b0, b1->head);
439 b0->sense = !b0->sense;
440 merge(b1, b0);
441 b1->head = b0->head;
442 }
443
444 void
445 gen_not(b)
446 struct block *b;
447 {
448 b->sense = !b->sense;
449 }
450
451 static struct block *
452 gen_cmp(offset, size, v)
453 u_int offset, size;
454 bpf_int32 v;
455 {
456 struct slist *s;
457 struct block *b;
458
459 s = new_stmt(BPF_LD|BPF_ABS|size);
460 s->s.k = offset;
461
462 b = new_block(JMP(BPF_JEQ));
463 b->stmts = s;
464 b->s.k = v;
465
466 return b;
467 }
468
469 static struct block *
470 gen_cmp_gt(offset, size, v)
471 u_int offset, size;
472 bpf_int32 v;
473 {
474 struct slist *s;
475 struct block *b;
476
477 s = new_stmt(BPF_LD|BPF_ABS|size);
478 s->s.k = offset;
479
480 b = new_block(JMP(BPF_JGT));
481 b->stmts = s;
482 b->s.k = v;
483
484 return b;
485 }
486
487 static struct block *
488 gen_mcmp(offset, size, v, mask)
489 u_int offset, size;
490 bpf_int32 v;
491 bpf_u_int32 mask;
492 {
493 struct block *b = gen_cmp(offset, size, v);
494 struct slist *s;
495
496 if (mask != 0xffffffff) {
497 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
498 s->s.k = mask;
499 b->stmts->next = s;
500 }
501 return b;
502 }
503
504 static struct block *
505 gen_bcmp(offset, size, v)
506 register u_int offset, size;
507 register const u_char *v;
508 {
509 register struct block *b, *tmp;
510
511 b = NULL;
512 while (size >= 4) {
513 register const u_char *p = &v[size - 4];
514 bpf_int32 w = ((bpf_int32)p[0] << 24) |
515 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3];
516
517 tmp = gen_cmp(offset + size - 4, BPF_W, w);
518 if (b != NULL)
519 gen_and(b, tmp);
520 b = tmp;
521 size -= 4;
522 }
523 while (size >= 2) {
524 register const u_char *p = &v[size - 2];
525 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1];
526
527 tmp = gen_cmp(offset + size - 2, BPF_H, w);
528 if (b != NULL)
529 gen_and(b, tmp);
530 b = tmp;
531 size -= 2;
532 }
533 if (size > 0) {
534 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]);
535 if (b != NULL)
536 gen_and(b, tmp);
537 b = tmp;
538 }
539 return b;
540 }
541
542 /*
543 * Various code constructs need to know the layout of the data link
544 * layer. These variables give the necessary offsets. off_linktype
545 * is set to -1 for no encapsulation, in which case, IP is assumed.
546 */
547 static u_int off_linktype;
548 static u_int off_nl;
549 static int linktype;
550
551 static void
552 init_linktype(type)
553 int type;
554 {
555 linktype = type;
556
557 switch (type) {
558
559 case DLT_EN10MB:
560 off_linktype = 12;
561 off_nl = 14;
562 return;
563
564 case DLT_SLIP:
565 /*
566 * SLIP doesn't have a link level type. The 16 byte
567 * header is hacked into our SLIP driver.
568 */
569 off_linktype = -1;
570 off_nl = 16;
571 return;
572
573 case DLT_SLIP_BSDOS:
574 /* XXX this may be the same as the DLT_PPP_BSDOS case */
575 off_linktype = -1;
576 /* XXX end */
577 off_nl = 24;
578 return;
579
580 case DLT_NULL:
581 off_linktype = 0;
582 off_nl = 4;
583 return;
584
585 case DLT_PPP:
586 case DLT_C_HDLC:
587 case DLT_PPP_SERIAL:
588 off_linktype = 2;
589 off_nl = 4;
590 return;
591
592 case DLT_PPP_BSDOS:
593 off_linktype = 5;
594 off_nl = 24;
595 return;
596
597 case DLT_FDDI:
598 /*
599 * FDDI doesn't really have a link-level type field.
600 * We assume that SSAP = SNAP is being used and pick
601 * out the encapsulated Ethernet type.
602 *
603 * XXX - should we generate code to check for SNAP?
604 */
605 off_linktype = 19;
606 #ifdef PCAP_FDDIPAD
607 off_linktype += pcap_fddipad;
608 #endif
609 off_nl = 21;
610 #ifdef PCAP_FDDIPAD
611 off_nl += pcap_fddipad;
612 #endif
613 return;
614
615 case DLT_IEEE802:
616 /*
617 * Token Ring doesn't really have a link-level type field.
618 * We assume that SSAP = SNAP is being used and pick
619 * out the encapsulated Ethernet type.
620 *
621 * XXX - should we generate code to check for SNAP?
622 *
623 * XXX - the header is actually variable-length.
624 * Some various Linux patched versions gave 38
625 * as "off_linktype" and 40 as "off_nl"; however,
626 * if a token ring packet has *no* routing
627 * information, i.e. is not source-routed, the correct
628 * values are 20 and 22, as they are in the vanilla code.
629 *
630 * A packet is source-routed iff the uppermost bit
631 * of the first byte of the source address, at an
632 * offset of 8, has the uppermost bit set. If the
633 * packet is source-routed, the total number of bytes
634 * of routing information is 2 plus bits 0x1F00 of
635 * the 16-bit value at an offset of 14 (shifted right
636 * 8 - figure out which byte that is).
637 */
638 off_linktype = 20;
639 off_nl = 22;
640 return;
641
642 case DLT_ATM_RFC1483:
643 /*
644 * assume routed, non-ISO PDUs
645 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00)
646 */
647 off_linktype = 6;
648 off_nl = 8;
649 return;
650
651 case DLT_RAW:
652 off_linktype = -1;
653 off_nl = 0;
654 return;
655
656 case DLT_ATM_CLIP: /* Linux ATM defines this */
657 off_linktype = 6;
658 off_nl = 8;
659 return;
660 }
661 bpf_error("unknown data link type %d", linktype);
662 /* NOTREACHED */
663 }
664
665 static struct block *
666 gen_uncond(rsense)
667 int rsense;
668 {
669 struct block *b;
670 struct slist *s;
671
672 s = new_stmt(BPF_LD|BPF_IMM);
673 s->s.k = !rsense;
674 b = new_block(JMP(BPF_JEQ));
675 b->stmts = s;
676
677 return b;
678 }
679
680 static inline struct block *
681 gen_true()
682 {
683 return gen_uncond(1);
684 }
685
686 static inline struct block *
687 gen_false()
688 {
689 return gen_uncond(0);
690 }
691
692 static struct block *
693 gen_linktype(proto)
694 register int proto;
695 {
696 struct block *b0, *b1;
697
698 /* If we're not using encapsulation, we're done */
699 if (off_linktype == -1)
700 return gen_true();
701
702 switch (linktype) {
703
704 case DLT_EN10MB:
705 /*
706 * XXX - handle other LLC-encapsulated protocols here
707 * (IPX, OSI)?
708 */
709 switch (proto) {
710
711 case LLC_ISO_LSAP:
712 /*
713 * OSI protocols always use 802.2 encapsulation.
714 */
715 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
716 gen_not(b0);
717 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
718 ((LLC_ISO_LSAP << 8) | LLC_ISO_LSAP));
719 gen_and(b0, b1);
720 return b1;
721
722 case ETHERTYPE_ATALK:
723 case ETHERTYPE_AARP:
724 /*
725 * EtherTalk (AppleTalk protocols on Ethernet link
726 * layer) may use 802.2 encapsulation.
727 */
728
729 /*
730 * Check for 802.2 encapsulation (EtherTalk phase 2?);
731 * we check for an Ethernet type field less than
732 * 1500, which means it's an 802.3 length field.
733 */
734 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
735 gen_not(b0);
736
737 /*
738 * 802.2-encapsulated ETHERTYPE_ATALK packets are
739 * SNAP packets with an organization code of
740 * 0x080007 (Apple, for Appletalk) and a protocol
741 * type of ETHERTYPE_ATALK (Appletalk).
742 *
743 * 802.2-encapsulated ETHERTYPE_AARP packets are
744 * SNAP packets with an organization code of
745 * 0x000000 (encapsulated Ethernet) and a protocol
746 * type of ETHERTYPE_AARP (Appletalk ARP).
747 */
748 if (proto == ETHERTYPE_ATALK)
749 b1 = gen_snap(0x080007, ETHERTYPE_ATALK, 14);
750 else /* proto == ETHERTYPE_AARP */
751 b1 = gen_snap(0x000000, ETHERTYPE_AARP, 14);
752 gen_and(b0, b1);
753
754 /*
755 * Check for Ethernet encapsulation (Ethertalk
756 * phase 1?); we just check for the Ethernet
757 * protocol type.
758 */
759 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
760
761 gen_or(b0, b1);
762 return b1;
763 }
764 break;
765
766 case DLT_SLIP:
767 return gen_false();
768
769 case DLT_PPP:
770 case DLT_PPP_SERIAL:
771 /*
772 * We use Ethernet protocol types inside libpcap;
773 * map them to the corresponding PPP protocol types.
774 */
775 switch (proto) {
776
777 case ETHERTYPE_IP:
778 proto = PPP_IP; /* XXX was 0x21 */
779 break;
780
781 #ifdef INET6
782 case ETHERTYPE_IPV6:
783 proto = PPP_IPV6;
784 break;
785 #endif
786
787 case ETHERTYPE_DN:
788 proto = PPP_DECNET;
789 break;
790
791 case ETHERTYPE_ATALK:
792 proto = PPP_APPLE;
793 break;
794
795 case ETHERTYPE_NS:
796 proto = PPP_NS;
797 break;
798
799 case LLC_ISO_LSAP:
800 proto = PPP_OSI;
801 break;
802 }
803 break;
804
805 case DLT_PPP_BSDOS:
806 /*
807 * We use Ethernet protocol types inside libpcap;
808 * map them to the corresponding PPP protocol types.
809 */
810 switch (proto) {
811
812 case ETHERTYPE_IP:
813 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP);
814 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC);
815 gen_or(b0, b1);
816 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC);
817 gen_or(b1, b0);
818 return b0;
819
820 #ifdef INET6
821 case ETHERTYPE_IPV6:
822 proto = PPP_IPV6;
823 /* more to go? */
824 break;
825 #endif
826
827 case ETHERTYPE_DN:
828 proto = PPP_DECNET;
829 break;
830
831 case ETHERTYPE_ATALK:
832 proto = PPP_APPLE;
833 break;
834
835 case ETHERTYPE_NS:
836 proto = PPP_NS;
837 break;
838
839 case LLC_ISO_LSAP:
840 proto = PPP_OSI;
841 break;
842 }
843 break;
844
845 case DLT_NULL:
846 /* XXX */
847 if (proto == ETHERTYPE_IP)
848 return (gen_cmp(0, BPF_W, (bpf_int32)htonl(AF_INET)));
849 #ifdef INET6
850 else if (proto == ETHERTYPE_IPV6)
851 return (gen_cmp(0, BPF_W, (bpf_int32)htonl(AF_INET6)));
852 #endif
853 else
854 return gen_false();
855 }
856 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
857 }
858
859 /*
860 * Check for an LLC SNAP packet with a given organization code and
861 * protocol type; we check the entire contents of the 802.2 LLC and
862 * snap headers, checking for DSAP and SSAP of SNAP and a control
863 * field of 0x03 in the LLC header, and for the specified organization
864 * code and protocol type in the SNAP header.
865 */
866 static struct block *
867 gen_snap(orgcode, ptype, offset)
868 bpf_u_int32 orgcode;
869 bpf_u_int32 ptype;
870 u_int offset;
871 {
872 u_char snapblock[8];
873
874 snapblock[0] = LLC_SNAP_LSAP; /* DSAP = SNAP */
875 snapblock[1] = LLC_SNAP_LSAP; /* SSAP = SNAP */
876 snapblock[2] = 0x03; /* control = UI */
877 snapblock[3] = (orgcode >> 16); /* upper 8 bits of organization code */
878 snapblock[4] = (orgcode >> 8); /* middle 8 bits of organization code */
879 snapblock[5] = (orgcode >> 0); /* lower 8 bits of organization code */
880 snapblock[6] = (ptype >> 8); /* upper 8 bits of protocol type */
881 snapblock[7] = (ptype >> 0); /* lower 8 bits of protocol type */
882 return gen_bcmp(offset, 8, snapblock);
883 }
884
885 static struct block *
886 gen_hostop(addr, mask, dir, proto, src_off, dst_off)
887 bpf_u_int32 addr;
888 bpf_u_int32 mask;
889 int dir, proto;
890 u_int src_off, dst_off;
891 {
892 struct block *b0, *b1;
893 u_int offset;
894
895 switch (dir) {
896
897 case Q_SRC:
898 offset = src_off;
899 break;
900
901 case Q_DST:
902 offset = dst_off;
903 break;
904
905 case Q_AND:
906 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
907 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
908 gen_and(b0, b1);
909 return b1;
910
911 case Q_OR:
912 case Q_DEFAULT:
913 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
914 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
915 gen_or(b0, b1);
916 return b1;
917
918 default:
919 abort();
920 }
921 b0 = gen_linktype(proto);
922 b1 = gen_mcmp(offset, BPF_W, (bpf_int32)addr, mask);
923 gen_and(b0, b1);
924 return b1;
925 }
926
927 #ifdef INET6
928 static struct block *
929 gen_hostop6(addr, mask, dir, proto, src_off, dst_off)
930 struct in6_addr *addr;
931 struct in6_addr *mask;
932 int dir, proto;
933 u_int src_off, dst_off;
934 {
935 struct block *b0, *b1;
936 u_int offset;
937 u_int32_t *a, *m;
938
939 switch (dir) {
940
941 case Q_SRC:
942 offset = src_off;
943 break;
944
945 case Q_DST:
946 offset = dst_off;
947 break;
948
949 case Q_AND:
950 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
951 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
952 gen_and(b0, b1);
953 return b1;
954
955 case Q_OR:
956 case Q_DEFAULT:
957 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
958 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
959 gen_or(b0, b1);
960 return b1;
961
962 default:
963 abort();
964 }
965 /* this order is important */
966 a = (u_int32_t *)addr;
967 m = (u_int32_t *)mask;
968 b1 = gen_mcmp(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3]));
969 b0 = gen_mcmp(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2]));
970 gen_and(b0, b1);
971 b0 = gen_mcmp(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1]));
972 gen_and(b0, b1);
973 b0 = gen_mcmp(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0]));
974 gen_and(b0, b1);
975 b0 = gen_linktype(proto);
976 gen_and(b0, b1);
977 return b1;
978 }
979 #endif /*INET6*/
980
981 static struct block *
982 gen_ehostop(eaddr, dir)
983 register const u_char *eaddr;
984 register int dir;
985 {
986 register struct block *b0, *b1;
987
988 switch (dir) {
989 case Q_SRC:
990 return gen_bcmp(6, 6, eaddr);
991
992 case Q_DST:
993 return gen_bcmp(0, 6, eaddr);
994
995 case Q_AND:
996 b0 = gen_ehostop(eaddr, Q_SRC);
997 b1 = gen_ehostop(eaddr, Q_DST);
998 gen_and(b0, b1);
999 return b1;
1000
1001 case Q_DEFAULT:
1002 case Q_OR:
1003 b0 = gen_ehostop(eaddr, Q_SRC);
1004 b1 = gen_ehostop(eaddr, Q_DST);
1005 gen_or(b0, b1);
1006 return b1;
1007 }
1008 abort();
1009 /* NOTREACHED */
1010 }
1011
1012 /*
1013 * Like gen_ehostop, but for DLT_FDDI
1014 */
1015 static struct block *
1016 gen_fhostop(eaddr, dir)
1017 register const u_char *eaddr;
1018 register int dir;
1019 {
1020 struct block *b0, *b1;
1021
1022 switch (dir) {
1023 case Q_SRC:
1024 #ifdef PCAP_FDDIPAD
1025 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr);
1026 #else
1027 return gen_bcmp(6 + 1, 6, eaddr);
1028 #endif
1029
1030 case Q_DST:
1031 #ifdef PCAP_FDDIPAD
1032 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr);
1033 #else
1034 return gen_bcmp(0 + 1, 6, eaddr);
1035 #endif
1036
1037 case Q_AND:
1038 b0 = gen_fhostop(eaddr, Q_SRC);
1039 b1 = gen_fhostop(eaddr, Q_DST);
1040 gen_and(b0, b1);
1041 return b1;
1042
1043 case Q_DEFAULT:
1044 case Q_OR:
1045 b0 = gen_fhostop(eaddr, Q_SRC);
1046 b1 = gen_fhostop(eaddr, Q_DST);
1047 gen_or(b0, b1);
1048 return b1;
1049 }
1050 abort();
1051 /* NOTREACHED */
1052 }
1053
1054 /*
1055 * Like gen_ehostop, but for DLT_IEEE802 (Token Ring)
1056 */
1057 static struct block *
1058 gen_thostop(eaddr, dir)
1059 register const u_char *eaddr;
1060 register int dir;
1061 {
1062 register struct block *b0, *b1;
1063
1064 switch (dir) {
1065 case Q_SRC:
1066 return gen_bcmp(8, 6, eaddr);
1067
1068 case Q_DST:
1069 return gen_bcmp(2, 6, eaddr);
1070
1071 case Q_AND:
1072 b0 = gen_thostop(eaddr, Q_SRC);
1073 b1 = gen_thostop(eaddr, Q_DST);
1074 gen_and(b0, b1);
1075 return b1;
1076
1077 case Q_DEFAULT:
1078 case Q_OR:
1079 b0 = gen_thostop(eaddr, Q_SRC);
1080 b1 = gen_thostop(eaddr, Q_DST);
1081 gen_or(b0, b1);
1082 return b1;
1083 }
1084 abort();
1085 /* NOTREACHED */
1086 }
1087
1088 /*
1089 * This is quite tricky because there may be pad bytes in front of the
1090 * DECNET header, and then there are two possible data packet formats that
1091 * carry both src and dst addresses, plus 5 packet types in a format that
1092 * carries only the src node, plus 2 types that use a different format and
1093 * also carry just the src node.
1094 *
1095 * Yuck.
1096 *
1097 * Instead of doing those all right, we just look for data packets with
1098 * 0 or 1 bytes of padding. If you want to look at other packets, that
1099 * will require a lot more hacking.
1100 *
1101 * To add support for filtering on DECNET "areas" (network numbers)
1102 * one would want to add a "mask" argument to this routine. That would
1103 * make the filter even more inefficient, although one could be clever
1104 * and not generate masking instructions if the mask is 0xFFFF.
1105 */
1106 static struct block *
1107 gen_dnhostop(addr, dir, base_off)
1108 bpf_u_int32 addr;
1109 int dir;
1110 u_int base_off;
1111 {
1112 struct block *b0, *b1, *b2, *tmp;
1113 u_int offset_lh; /* offset if long header is received */
1114 u_int offset_sh; /* offset if short header is received */
1115
1116 switch (dir) {
1117
1118 case Q_DST:
1119 offset_sh = 1; /* follows flags */
1120 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */
1121 break;
1122
1123 case Q_SRC:
1124 offset_sh = 3; /* follows flags, dstnode */
1125 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */
1126 break;
1127
1128 case Q_AND:
1129 /* Inefficient because we do our Calvinball dance twice */
1130 b0 = gen_dnhostop(addr, Q_SRC, base_off);
1131 b1 = gen_dnhostop(addr, Q_DST, base_off);
1132 gen_and(b0, b1);
1133 return b1;
1134
1135 case Q_OR:
1136 case Q_DEFAULT:
1137 /* Inefficient because we do our Calvinball dance twice */
1138 b0 = gen_dnhostop(addr, Q_SRC, base_off);
1139 b1 = gen_dnhostop(addr, Q_DST, base_off);
1140 gen_or(b0, b1);
1141 return b1;
1142
1143 case Q_ISO:
1144 bpf_error("ISO host filtering not implemented");
1145
1146 default:
1147 abort();
1148 }
1149 b0 = gen_linktype(ETHERTYPE_DN);
1150 /* Check for pad = 1, long header case */
1151 tmp = gen_mcmp(base_off + 2, BPF_H,
1152 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF));
1153 b1 = gen_cmp(base_off + 2 + 1 + offset_lh,
1154 BPF_H, (bpf_int32)ntohs(addr));
1155 gen_and(tmp, b1);
1156 /* Check for pad = 0, long header case */
1157 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7);
1158 b2 = gen_cmp(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr));
1159 gen_and(tmp, b2);
1160 gen_or(b2, b1);
1161 /* Check for pad = 1, short header case */
1162 tmp = gen_mcmp(base_off + 2, BPF_H,
1163 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF));
1164 b2 = gen_cmp(base_off + 2 + 1 + offset_sh,
1165 BPF_H, (bpf_int32)ntohs(addr));
1166 gen_and(tmp, b2);
1167 gen_or(b2, b1);
1168 /* Check for pad = 0, short header case */
1169 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7);
1170 b2 = gen_cmp(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr));
1171 gen_and(tmp, b2);
1172 gen_or(b2, b1);
1173
1174 /* Combine with test for linktype */
1175 gen_and(b0, b1);
1176 return b1;
1177 }
1178
1179 static struct block *
1180 gen_host(addr, mask, proto, dir)
1181 bpf_u_int32 addr;
1182 bpf_u_int32 mask;
1183 int proto;
1184 int dir;
1185 {
1186 struct block *b0, *b1;
1187
1188 switch (proto) {
1189
1190 case Q_DEFAULT:
1191 b0 = gen_host(addr, mask, Q_IP, dir);
1192 if (off_linktype != -1) {
1193 b1 = gen_host(addr, mask, Q_ARP, dir);
1194 gen_or(b0, b1);
1195 b0 = gen_host(addr, mask, Q_RARP, dir);
1196 gen_or(b1, b0);
1197 }
1198 return b0;
1199
1200 case Q_IP:
1201 return gen_hostop(addr, mask, dir, ETHERTYPE_IP,
1202 off_nl + 12, off_nl + 16);
1203
1204 case Q_RARP:
1205 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP,
1206 off_nl + 14, off_nl + 24);
1207
1208 case Q_ARP:
1209 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP,
1210 off_nl + 14, off_nl + 24);
1211
1212 case Q_TCP:
1213 bpf_error("'tcp' modifier applied to host");
1214
1215 case Q_UDP:
1216 bpf_error("'udp' modifier applied to host");
1217
1218 case Q_ICMP:
1219 bpf_error("'icmp' modifier applied to host");
1220
1221 case Q_IGMP:
1222 bpf_error("'igmp' modifier applied to host");
1223
1224 case Q_IGRP:
1225 bpf_error("'igrp' modifier applied to host");
1226
1227 case Q_PIM:
1228 bpf_error("'pim' modifier applied to host");
1229
1230 case Q_ATALK:
1231 bpf_error("ATALK host filtering not implemented");
1232
1233 case Q_AARP:
1234 bpf_error("AARP host filtering not implemented");
1235
1236 case Q_DECNET:
1237 return gen_dnhostop(addr, dir, off_nl);
1238
1239 case Q_SCA:
1240 bpf_error("SCA host filtering not implemented");
1241
1242 case Q_LAT:
1243 bpf_error("LAT host filtering not implemented");
1244
1245 case Q_MOPDL:
1246 bpf_error("MOPDL host filtering not implemented");
1247
1248 case Q_MOPRC:
1249 bpf_error("MOPRC host filtering not implemented");
1250
1251 #ifdef INET6
1252 case Q_IPV6:
1253 bpf_error("'ip6' modifier applied to ip host");
1254
1255 case Q_ICMPV6:
1256 bpf_error("'icmp6' modifier applied to host");
1257 #endif /* INET6 */
1258
1259 case Q_AH:
1260 bpf_error("'ah' modifier applied to host");
1261
1262 case Q_ESP:
1263 bpf_error("'esp' modifier applied to host");
1264
1265 case Q_ISO:
1266 bpf_error("ISO host filtering not implemented");
1267
1268 case Q_ESIS:
1269 bpf_error("'esis' modifier applied to host");
1270
1271 case Q_ISIS:
1272 bpf_error("'isis' modifier applied to host");
1273
1274 case Q_CLNP:
1275 bpf_error("'clnp' modifier applied to host");
1276
1277 default:
1278 abort();
1279 }
1280 /* NOTREACHED */
1281 }
1282
1283 #ifdef INET6
1284 static struct block *
1285 gen_host6(addr, mask, proto, dir)
1286 struct in6_addr *addr;
1287 struct in6_addr *mask;
1288 int proto;
1289 int dir;
1290 {
1291 switch (proto) {
1292
1293 case Q_DEFAULT:
1294 return gen_host6(addr, mask, Q_IPV6, dir);
1295
1296 case Q_IP:
1297 bpf_error("'ip' modifier applied to ip6 host");
1298
1299 case Q_RARP:
1300 bpf_error("'rarp' modifier applied to ip6 host");
1301
1302 case Q_ARP:
1303 bpf_error("'arp' modifier applied to ip6 host");
1304
1305 case Q_TCP:
1306 bpf_error("'tcp' modifier applied to host");
1307
1308 case Q_UDP:
1309 bpf_error("'udp' modifier applied to host");
1310
1311 case Q_ICMP:
1312 bpf_error("'icmp' modifier applied to host");
1313
1314 case Q_IGMP:
1315 bpf_error("'igmp' modifier applied to host");
1316
1317 case Q_IGRP:
1318 bpf_error("'igrp' modifier applied to host");
1319
1320 case Q_PIM:
1321 bpf_error("'pim' modifier applied to host");
1322
1323 case Q_ATALK:
1324 bpf_error("ATALK host filtering not implemented");
1325
1326 case Q_AARP:
1327 bpf_error("AARP host filtering not implemented");
1328
1329 case Q_DECNET:
1330 bpf_error("'decnet' modifier applied to ip6 host");
1331
1332 case Q_SCA:
1333 bpf_error("SCA host filtering not implemented");
1334
1335 case Q_LAT:
1336 bpf_error("LAT host filtering not implemented");
1337
1338 case Q_MOPDL:
1339 bpf_error("MOPDL host filtering not implemented");
1340
1341 case Q_MOPRC:
1342 bpf_error("MOPRC host filtering not implemented");
1343
1344 case Q_IPV6:
1345 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6,
1346 off_nl + 8, off_nl + 24);
1347
1348 case Q_ICMPV6:
1349 bpf_error("'icmp6' modifier applied to host");
1350
1351 case Q_AH:
1352 bpf_error("'ah' modifier applied to host");
1353
1354 case Q_ESP:
1355 bpf_error("'esp' modifier applied to host");
1356
1357 case Q_ISO:
1358 bpf_error("ISO host filtering not implemented");
1359
1360 case Q_ESIS:
1361 bpf_error("'esis' modifier applied to host");
1362
1363 case Q_ISIS:
1364 bpf_error("'isis' modifier applied to host");
1365
1366 case Q_CLNP:
1367 bpf_error("'clnp' modifier applied to host");
1368
1369 default:
1370 abort();
1371 }
1372 /* NOTREACHED */
1373 }
1374 #endif /*INET6*/
1375
1376 #ifndef INET6
1377 static struct block *
1378 gen_gateway(eaddr, alist, proto, dir)
1379 const u_char *eaddr;
1380 bpf_u_int32 **alist;
1381 int proto;
1382 int dir;
1383 {
1384 struct block *b0, *b1, *tmp;
1385
1386 if (dir != 0)
1387 bpf_error("direction applied to 'gateway'");
1388
1389 switch (proto) {
1390 case Q_DEFAULT:
1391 case Q_IP:
1392 case Q_ARP:
1393 case Q_RARP:
1394 if (linktype == DLT_EN10MB)
1395 b0 = gen_ehostop(eaddr, Q_OR);
1396 else if (linktype == DLT_FDDI)
1397 b0 = gen_fhostop(eaddr, Q_OR);
1398 else if (linktype == DLT_IEEE802)
1399 b0 = gen_thostop(eaddr, Q_OR);
1400 else
1401 bpf_error(
1402 "'gateway' supported only on ethernet, FDDI or token ring");
1403
1404 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR);
1405 while (*alist) {
1406 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR);
1407 gen_or(b1, tmp);
1408 b1 = tmp;
1409 }
1410 gen_not(b1);
1411 gen_and(b0, b1);
1412 return b1;
1413 }
1414 bpf_error("illegal modifier of 'gateway'");
1415 /* NOTREACHED */
1416 }
1417 #endif
1418
1419 struct block *
1420 gen_proto_abbrev(proto)
1421 int proto;
1422 {
1423 #ifdef INET6
1424 struct block *b0;
1425 #endif
1426 struct block *b1;
1427
1428 switch (proto) {
1429
1430 case Q_TCP:
1431 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT);
1432 #ifdef INET6
1433 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT);
1434 gen_or(b0, b1);
1435 #endif
1436 break;
1437
1438 case Q_UDP:
1439 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT);
1440 #ifdef INET6
1441 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT);
1442 gen_or(b0, b1);
1443 #endif
1444 break;
1445
1446 case Q_ICMP:
1447 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT);
1448 break;
1449
1450 #ifndef IPPROTO_IGMP
1451 #define IPPROTO_IGMP 2
1452 #endif
1453
1454 case Q_IGMP:
1455 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT);
1456 break;
1457
1458 #ifndef IPPROTO_IGRP
1459 #define IPPROTO_IGRP 9
1460 #endif
1461 case Q_IGRP:
1462 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT);
1463 break;
1464
1465 #ifndef IPPROTO_PIM
1466 #define IPPROTO_PIM 103
1467 #endif
1468
1469 case Q_PIM:
1470 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT);
1471 #ifdef INET6
1472 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT);
1473 gen_or(b0, b1);
1474 #endif
1475 break;
1476
1477 case Q_IP:
1478 b1 = gen_linktype(ETHERTYPE_IP);
1479 break;
1480
1481 case Q_ARP:
1482 b1 = gen_linktype(ETHERTYPE_ARP);
1483 break;
1484
1485 case Q_RARP:
1486 b1 = gen_linktype(ETHERTYPE_REVARP);
1487 break;
1488
1489 case Q_LINK:
1490 bpf_error("link layer applied in wrong context");
1491
1492 case Q_ATALK:
1493 b1 = gen_linktype(ETHERTYPE_ATALK);
1494 break;
1495
1496 case Q_AARP:
1497 b1 = gen_linktype(ETHERTYPE_AARP);
1498 break;
1499
1500 case Q_DECNET:
1501 b1 = gen_linktype(ETHERTYPE_DN);
1502 break;
1503
1504 case Q_SCA:
1505 b1 = gen_linktype(ETHERTYPE_SCA);
1506 break;
1507
1508 case Q_LAT:
1509 b1 = gen_linktype(ETHERTYPE_LAT);
1510 break;
1511
1512 case Q_MOPDL:
1513 b1 = gen_linktype(ETHERTYPE_MOPDL);
1514 break;
1515
1516 case Q_MOPRC:
1517 b1 = gen_linktype(ETHERTYPE_MOPRC);
1518 break;
1519
1520 #ifdef INET6
1521 case Q_IPV6:
1522 b1 = gen_linktype(ETHERTYPE_IPV6);
1523 break;
1524
1525 #ifndef IPPROTO_ICMPV6
1526 #define IPPROTO_ICMPV6 58
1527 #endif
1528 case Q_ICMPV6:
1529 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT);
1530 break;
1531 #endif /* INET6 */
1532
1533 #ifndef IPPROTO_AH
1534 #define IPPROTO_AH 51
1535 #endif
1536 case Q_AH:
1537 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT);
1538 #ifdef INET6
1539 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT);
1540 gen_or(b0, b1);
1541 #endif
1542 break;
1543
1544 #ifndef IPPROTO_ESP
1545 #define IPPROTO_ESP 50
1546 #endif
1547 case Q_ESP:
1548 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT);
1549 #ifdef INET6
1550 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT);
1551 gen_or(b0, b1);
1552 #endif
1553 break;
1554
1555 case Q_ISO:
1556 b1 = gen_linktype(LLC_ISO_LSAP);
1557 break;
1558
1559 case Q_ESIS:
1560 b1 = gen_proto(ISO9542_ESIS, Q_ISO, Q_DEFAULT);
1561 break;
1562
1563 case Q_ISIS:
1564 b1 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT);
1565 break;
1566
1567 case Q_CLNP:
1568 b1 = gen_proto(ISO8473_CLNP, Q_ISO, Q_DEFAULT);
1569 break;
1570
1571 default:
1572 abort();
1573 }
1574 return b1;
1575 }
1576
1577 static struct block *
1578 gen_ipfrag()
1579 {
1580 struct slist *s;
1581 struct block *b;
1582
1583 /* not ip frag */
1584 s = new_stmt(BPF_LD|BPF_H|BPF_ABS);
1585 s->s.k = off_nl + 6;
1586 b = new_block(JMP(BPF_JSET));
1587 b->s.k = 0x1fff;
1588 b->stmts = s;
1589 gen_not(b);
1590
1591 return b;
1592 }
1593
1594 static struct block *
1595 gen_portatom(off, v)
1596 int off;
1597 bpf_int32 v;
1598 {
1599 struct slist *s;
1600 struct block *b;
1601
1602 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
1603 s->s.k = off_nl;
1604
1605 s->next = new_stmt(BPF_LD|BPF_IND|BPF_H);
1606 s->next->s.k = off_nl + off;
1607
1608 b = new_block(JMP(BPF_JEQ));
1609 b->stmts = s;
1610 b->s.k = v;
1611
1612 return b;
1613 }
1614
1615 #ifdef INET6
1616 static struct block *
1617 gen_portatom6(off, v)
1618 int off;
1619 bpf_int32 v;
1620 {
1621 return gen_cmp(off_nl + 40 + off, BPF_H, v);
1622 }
1623 #endif/*INET6*/
1624
1625 struct block *
1626 gen_portop(port, proto, dir)
1627 int port, proto, dir;
1628 {
1629 struct block *b0, *b1, *tmp;
1630
1631 /* ip proto 'proto' */
1632 tmp = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)proto);
1633 b0 = gen_ipfrag();
1634 gen_and(tmp, b0);
1635
1636 switch (dir) {
1637 case Q_SRC:
1638 b1 = gen_portatom(0, (bpf_int32)port);
1639 break;
1640
1641 case Q_DST:
1642 b1 = gen_portatom(2, (bpf_int32)port);
1643 break;
1644
1645 case Q_OR:
1646 case Q_DEFAULT:
1647 tmp = gen_portatom(0, (bpf_int32)port);
1648 b1 = gen_portatom(2, (bpf_int32)port);
1649 gen_or(tmp, b1);
1650 break;
1651
1652 case Q_AND:
1653 tmp = gen_portatom(0, (bpf_int32)port);
1654 b1 = gen_portatom(2, (bpf_int32)port);
1655 gen_and(tmp, b1);
1656 break;
1657
1658 default:
1659 abort();
1660 }
1661 gen_and(b0, b1);
1662
1663 return b1;
1664 }
1665
1666 static struct block *
1667 gen_port(port, ip_proto, dir)
1668 int port;
1669 int ip_proto;
1670 int dir;
1671 {
1672 struct block *b0, *b1, *tmp;
1673
1674 /* ether proto ip */
1675 b0 = gen_linktype(ETHERTYPE_IP);
1676
1677 switch (ip_proto) {
1678 case IPPROTO_UDP:
1679 case IPPROTO_TCP:
1680 b1 = gen_portop(port, ip_proto, dir);
1681 break;
1682
1683 case PROTO_UNDEF:
1684 tmp = gen_portop(port, IPPROTO_TCP, dir);
1685 b1 = gen_portop(port, IPPROTO_UDP, dir);
1686 gen_or(tmp, b1);
1687 break;
1688
1689 default:
1690 abort();
1691 }
1692 gen_and(b0, b1);
1693 return b1;
1694 }
1695
1696 #ifdef INET6
1697 struct block *
1698 gen_portop6(port, proto, dir)
1699 int port, proto, dir;
1700 {
1701 struct block *b0, *b1, *tmp;
1702
1703 /* ip proto 'proto' */
1704 b0 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)proto);
1705
1706 switch (dir) {
1707 case Q_SRC:
1708 b1 = gen_portatom6(0, (bpf_int32)port);
1709 break;
1710
1711 case Q_DST:
1712 b1 = gen_portatom6(2, (bpf_int32)port);
1713 break;
1714
1715 case Q_OR:
1716 case Q_DEFAULT:
1717 tmp = gen_portatom6(0, (bpf_int32)port);
1718 b1 = gen_portatom6(2, (bpf_int32)port);
1719 gen_or(tmp, b1);
1720 break;
1721
1722 case Q_AND:
1723 tmp = gen_portatom6(0, (bpf_int32)port);
1724 b1 = gen_portatom6(2, (bpf_int32)port);
1725 gen_and(tmp, b1);
1726 break;
1727
1728 default:
1729 abort();
1730 }
1731 gen_and(b0, b1);
1732
1733 return b1;
1734 }
1735
1736 static struct block *
1737 gen_port6(port, ip_proto, dir)
1738 int port;
1739 int ip_proto;
1740 int dir;
1741 {
1742 struct block *b0, *b1, *tmp;
1743
1744 /* ether proto ip */
1745 b0 = gen_linktype(ETHERTYPE_IPV6);
1746
1747 switch (ip_proto) {
1748 case IPPROTO_UDP:
1749 case IPPROTO_TCP:
1750 b1 = gen_portop6(port, ip_proto, dir);
1751 break;
1752
1753 case PROTO_UNDEF:
1754 tmp = gen_portop6(port, IPPROTO_TCP, dir);
1755 b1 = gen_portop6(port, IPPROTO_UDP, dir);
1756 gen_or(tmp, b1);
1757 break;
1758
1759 default:
1760 abort();
1761 }
1762 gen_and(b0, b1);
1763 return b1;
1764 }
1765 #endif /* INET6 */
1766
1767 static int
1768 lookup_proto(name, proto)
1769 register const char *name;
1770 register int proto;
1771 {
1772 register int v;
1773
1774 switch (proto) {
1775
1776 case Q_DEFAULT:
1777 case Q_IP:
1778 v = pcap_nametoproto(name);
1779 if (v == PROTO_UNDEF)
1780 bpf_error("unknown ip proto '%s'", name);
1781 break;
1782
1783 case Q_LINK:
1784 /* XXX should look up h/w protocol type based on linktype */
1785 v = pcap_nametoeproto(name);
1786 if (v == PROTO_UNDEF)
1787 bpf_error("unknown ether proto '%s'", name);
1788 break;
1789
1790 case Q_ISO:
1791 if (strcmp(name, "esis") == 0)
1792 v = ISO9542_ESIS;
1793 else if (strcmp(name, "isis") == 0)
1794 v = ISO10589_ISIS;
1795 else if (strcmp(name, "clnp") == 0)
1796 v = ISO8473_CLNP;
1797 else
1798 bpf_error("unknown osi proto '%s'", name);
1799 break;
1800
1801 default:
1802 v = PROTO_UNDEF;
1803 break;
1804 }
1805 return v;
1806 }
1807
1808 #if 0
1809 struct stmt *
1810 gen_joinsp(s, n)
1811 struct stmt **s;
1812 int n;
1813 {
1814 return NULL;
1815 }
1816 #endif
1817
1818 static struct block *
1819 gen_protochain(v, proto, dir)
1820 int v;
1821 int proto;
1822 int dir;
1823 {
1824 #ifdef NO_PROTOCHAIN
1825 return gen_proto(v, proto, dir);
1826 #else
1827 struct block *b0, *b;
1828 struct slist *s[100];
1829 int fix2, fix3, fix4, fix5;
1830 int ahcheck, again, end;
1831 int i, max;
1832 int reg2 = alloc_reg();
1833
1834 memset(s, 0, sizeof(s));
1835 fix2 = fix3 = fix4 = fix5 = 0;
1836
1837 switch (proto) {
1838 case Q_IP:
1839 case Q_IPV6:
1840 break;
1841 case Q_DEFAULT:
1842 b0 = gen_protochain(v, Q_IP, dir);
1843 b = gen_protochain(v, Q_IPV6, dir);
1844 gen_or(b0, b);
1845 return b;
1846 default:
1847 bpf_error("bad protocol applied for 'protochain'");
1848 /*NOTREACHED*/
1849 }
1850
1851 no_optimize = 1; /*this code is not compatible with optimzer yet */
1852
1853 /*
1854 * s[0] is a dummy entry to protect other BPF insn from damaged
1855 * by s[fix] = foo with uninitialized variable "fix". It is somewhat
1856 * hard to find interdependency made by jump table fixup.
1857 */
1858 i = 0;
1859 s[i] = new_stmt(0); /*dummy*/
1860 i++;
1861
1862 switch (proto) {
1863 case Q_IP:
1864 b0 = gen_linktype(ETHERTYPE_IP);
1865
1866 /* A = ip->ip_p */
1867 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
1868 s[i]->s.k = off_nl + 9;
1869 i++;
1870 /* X = ip->ip_hl << 2 */
1871 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
1872 s[i]->s.k = off_nl;
1873 i++;
1874 break;
1875 #ifdef INET6
1876 case Q_IPV6:
1877 b0 = gen_linktype(ETHERTYPE_IPV6);
1878
1879 /* A = ip6->ip_nxt */
1880 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
1881 s[i]->s.k = off_nl + 6;
1882 i++;
1883 /* X = sizeof(struct ip6_hdr) */
1884 s[i] = new_stmt(BPF_LDX|BPF_IMM);
1885 s[i]->s.k = 40;
1886 i++;
1887 break;
1888 #endif
1889 default:
1890 bpf_error("unsupported proto to gen_protochain");
1891 /*NOTREACHED*/
1892 }
1893
1894 /* again: if (A == v) goto end; else fall through; */
1895 again = i;
1896 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
1897 s[i]->s.k = v;
1898 s[i]->s.jt = NULL; /*later*/
1899 s[i]->s.jf = NULL; /*update in next stmt*/
1900 fix5 = i;
1901 i++;
1902
1903 #ifndef IPPROTO_NONE
1904 #define IPPROTO_NONE 59
1905 #endif
1906 /* if (A == IPPROTO_NONE) goto end */
1907 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
1908 s[i]->s.jt = NULL; /*later*/
1909 s[i]->s.jf = NULL; /*update in next stmt*/
1910 s[i]->s.k = IPPROTO_NONE;
1911 s[fix5]->s.jf = s[i];
1912 fix2 = i;
1913 i++;
1914
1915 #ifdef INET6
1916 if (proto == Q_IPV6) {
1917 int v6start, v6end, v6advance, j;
1918
1919 v6start = i;
1920 /* if (A == IPPROTO_HOPOPTS) goto v6advance */
1921 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
1922 s[i]->s.jt = NULL; /*later*/
1923 s[i]->s.jf = NULL; /*update in next stmt*/
1924 s[i]->s.k = IPPROTO_HOPOPTS;
1925 s[fix2]->s.jf = s[i];
1926 i++;
1927 /* if (A == IPPROTO_DSTOPTS) goto v6advance */
1928 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
1929 s[i]->s.jt = NULL; /*later*/
1930 s[i]->s.jf = NULL; /*update in next stmt*/
1931 s[i]->s.k = IPPROTO_DSTOPTS;
1932 i++;
1933 /* if (A == IPPROTO_ROUTING) goto v6advance */
1934 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
1935 s[i]->s.jt = NULL; /*later*/
1936 s[i]->s.jf = NULL; /*update in next stmt*/
1937 s[i]->s.k = IPPROTO_ROUTING;
1938 i++;
1939 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */
1940 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
1941 s[i]->s.jt = NULL; /*later*/
1942 s[i]->s.jf = NULL; /*later*/
1943 s[i]->s.k = IPPROTO_FRAGMENT;
1944 fix3 = i;
1945 v6end = i;
1946 i++;
1947
1948 /* v6advance: */
1949 v6advance = i;
1950
1951 /*
1952 * in short,
1953 * A = P[X];
1954 * X = X + (P[X + 1] + 1) * 8;
1955 */
1956 /* A = X */
1957 s[i] = new_stmt(BPF_MISC|BPF_TXA);
1958 i++;
1959 /* A = P[X + packet head] */
1960 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
1961 s[i]->s.k = off_nl;
1962 i++;
1963 /* MEM[reg2] = A */
1964 s[i] = new_stmt(BPF_ST);
1965 s[i]->s.k = reg2;
1966 i++;
1967 /* A = X */
1968 s[i] = new_stmt(BPF_MISC|BPF_TXA);
1969 i++;
1970 /* A += 1 */
1971 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
1972 s[i]->s.k = 1;
1973 i++;
1974 /* X = A */
1975 s[i] = new_stmt(BPF_MISC|BPF_TAX);
1976 i++;
1977 /* A = P[X + packet head]; */
1978 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
1979 s[i]->s.k = off_nl;
1980 i++;
1981 /* A += 1 */
1982 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
1983 s[i]->s.k = 1;
1984 i++;
1985 /* A *= 8 */
1986 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
1987 s[i]->s.k = 8;
1988 i++;
1989 /* X = A; */
1990 s[i] = new_stmt(BPF_MISC|BPF_TAX);
1991 i++;
1992 /* A = MEM[reg2] */
1993 s[i] = new_stmt(BPF_LD|BPF_MEM);
1994 s[i]->s.k = reg2;
1995 i++;
1996
1997 /* goto again; (must use BPF_JA for backward jump) */
1998 s[i] = new_stmt(BPF_JMP|BPF_JA);
1999 s[i]->s.k = again - i - 1;
2000 s[i - 1]->s.jf = s[i];
2001 i++;
2002
2003 /* fixup */
2004 for (j = v6start; j <= v6end; j++)
2005 s[j]->s.jt = s[v6advance];
2006 } else
2007 #endif
2008 {
2009 /* nop */
2010 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2011 s[i]->s.k = 0;
2012 s[fix2]->s.jf = s[i];
2013 i++;
2014 }
2015
2016 /* ahcheck: */
2017 ahcheck = i;
2018 /* if (A == IPPROTO_AH) then fall through; else goto end; */
2019 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2020 s[i]->s.jt = NULL; /*later*/
2021 s[i]->s.jf = NULL; /*later*/
2022 s[i]->s.k = IPPROTO_AH;
2023 if (fix3)
2024 s[fix3]->s.jf = s[ahcheck];
2025 fix4 = i;
2026 i++;
2027
2028 /*
2029 * in short,
2030 * A = P[X];
2031 * X = X + (P[X + 1] + 2) * 4;
2032 */
2033 /* A = X */
2034 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
2035 i++;
2036 /* A = P[X + packet head]; */
2037 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2038 s[i]->s.k = off_nl;
2039 i++;
2040 /* MEM[reg2] = A */
2041 s[i] = new_stmt(BPF_ST);
2042 s[i]->s.k = reg2;
2043 i++;
2044 /* A = X */
2045 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
2046 i++;
2047 /* A += 1 */
2048 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2049 s[i]->s.k = 1;
2050 i++;
2051 /* X = A */
2052 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2053 i++;
2054 /* A = P[X + packet head] */
2055 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2056 s[i]->s.k = off_nl;
2057 i++;
2058 /* A += 2 */
2059 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2060 s[i]->s.k = 2;
2061 i++;
2062 /* A *= 4 */
2063 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
2064 s[i]->s.k = 4;
2065 i++;
2066 /* X = A; */
2067 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2068 i++;
2069 /* A = MEM[reg2] */
2070 s[i] = new_stmt(BPF_LD|BPF_MEM);
2071 s[i]->s.k = reg2;
2072 i++;
2073
2074 /* goto again; (must use BPF_JA for backward jump) */
2075 s[i] = new_stmt(BPF_JMP|BPF_JA);
2076 s[i]->s.k = again - i - 1;
2077 i++;
2078
2079 /* end: nop */
2080 end = i;
2081 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2082 s[i]->s.k = 0;
2083 s[fix2]->s.jt = s[end];
2084 s[fix4]->s.jf = s[end];
2085 s[fix5]->s.jt = s[end];
2086 i++;
2087
2088 /*
2089 * make slist chain
2090 */
2091 max = i;
2092 for (i = 0; i < max - 1; i++)
2093 s[i]->next = s[i + 1];
2094 s[max - 1]->next = NULL;
2095
2096 /*
2097 * emit final check
2098 */
2099 b = new_block(JMP(BPF_JEQ));
2100 b->stmts = s[1]; /*remember, s[0] is dummy*/
2101 b->s.k = v;
2102
2103 free_reg(reg2);
2104
2105 gen_and(b0, b);
2106 return b;
2107 #endif
2108 }
2109
2110 static struct block *
2111 gen_proto(v, proto, dir)
2112 int v;
2113 int proto;
2114 int dir;
2115 {
2116 struct block *b0, *b1;
2117
2118 if (dir != Q_DEFAULT)
2119 bpf_error("direction applied to 'proto'");
2120
2121 switch (proto) {
2122 case Q_DEFAULT:
2123 #ifdef INET6
2124 b0 = gen_proto(v, Q_IP, dir);
2125 b1 = gen_proto(v, Q_IPV6, dir);
2126 gen_or(b0, b1);
2127 return b1;
2128 #else
2129 /*FALLTHROUGH*/
2130 #endif
2131 case Q_IP:
2132 b0 = gen_linktype(ETHERTYPE_IP);
2133 #ifndef CHASE_CHAIN
2134 b1 = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)v);
2135 #else
2136 b1 = gen_protochain(v, Q_IP);
2137 #endif
2138 gen_and(b0, b1);
2139 return b1;
2140
2141 case Q_ISO:
2142 b0 = gen_linktype(LLC_ISO_LSAP);
2143 b1 = gen_cmp(off_nl + 3, BPF_B, (long)v);
2144 gen_and(b0, b1);
2145 return b1;
2146
2147 case Q_ARP:
2148 bpf_error("arp does not encapsulate another protocol");
2149 /* NOTREACHED */
2150
2151 case Q_RARP:
2152 bpf_error("rarp does not encapsulate another protocol");
2153 /* NOTREACHED */
2154
2155 case Q_ATALK:
2156 bpf_error("atalk encapsulation is not specifiable");
2157 /* NOTREACHED */
2158
2159 case Q_DECNET:
2160 bpf_error("decnet encapsulation is not specifiable");
2161 /* NOTREACHED */
2162
2163 case Q_SCA:
2164 bpf_error("sca does not encapsulate another protocol");
2165 /* NOTREACHED */
2166
2167 case Q_LAT:
2168 bpf_error("lat does not encapsulate another protocol");
2169 /* NOTREACHED */
2170
2171 case Q_MOPRC:
2172 bpf_error("moprc does not encapsulate another protocol");
2173 /* NOTREACHED */
2174
2175 case Q_MOPDL:
2176 bpf_error("mopdl does not encapsulate another protocol");
2177 /* NOTREACHED */
2178
2179 case Q_LINK:
2180 return gen_linktype(v);
2181
2182 case Q_UDP:
2183 bpf_error("'udp proto' is bogus");
2184 /* NOTREACHED */
2185
2186 case Q_TCP:
2187 bpf_error("'tcp proto' is bogus");
2188 /* NOTREACHED */
2189
2190 case Q_ICMP:
2191 bpf_error("'icmp proto' is bogus");
2192 /* NOTREACHED */
2193
2194 case Q_IGMP:
2195 bpf_error("'igmp proto' is bogus");
2196 /* NOTREACHED */
2197
2198 case Q_IGRP:
2199 bpf_error("'igrp proto' is bogus");
2200 /* NOTREACHED */
2201
2202 case Q_PIM:
2203 bpf_error("'pim proto' is bogus");
2204 /* NOTREACHED */
2205
2206 #ifdef INET6
2207 case Q_IPV6:
2208 b0 = gen_linktype(ETHERTYPE_IPV6);
2209 #ifndef CHASE_CHAIN
2210 b1 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)v);
2211 #else
2212 b1 = gen_protochain(v, Q_IPV6);
2213 #endif
2214 gen_and(b0, b1);
2215 return b1;
2216
2217 case Q_ICMPV6:
2218 bpf_error("'icmp6 proto' is bogus");
2219 #endif /* INET6 */
2220
2221 case Q_AH:
2222 bpf_error("'ah proto' is bogus");
2223
2224 case Q_ESP:
2225 bpf_error("'ah proto' is bogus");
2226
2227 default:
2228 abort();
2229 /* NOTREACHED */
2230 }
2231 /* NOTREACHED */
2232 }
2233
2234 struct block *
2235 gen_scode(name, q)
2236 register const char *name;
2237 struct qual q;
2238 {
2239 int proto = q.proto;
2240 int dir = q.dir;
2241 int tproto;
2242 u_char *eaddr;
2243 bpf_u_int32 mask, addr;
2244 #ifndef INET6
2245 bpf_u_int32 **alist;
2246 #else
2247 int tproto6;
2248 struct sockaddr_in *sin;
2249 struct sockaddr_in6 *sin6;
2250 struct addrinfo *res, *res0;
2251 struct in6_addr mask128;
2252 #endif /*INET6*/
2253 struct block *b, *tmp;
2254 int port, real_proto;
2255
2256 switch (q.addr) {
2257
2258 case Q_NET:
2259 addr = pcap_nametonetaddr(name);
2260 if (addr == 0)
2261 bpf_error("unknown network '%s'", name);
2262 /* Left justify network addr and calculate its network mask */
2263 mask = 0xffffffff;
2264 while (addr && (addr & 0xff000000) == 0) {
2265 addr <<= 8;
2266 mask <<= 8;
2267 }
2268 return gen_host(addr, mask, proto, dir);
2269
2270 case Q_DEFAULT:
2271 case Q_HOST:
2272 if (proto == Q_LINK) {
2273 switch (linktype) {
2274
2275 case DLT_EN10MB:
2276 eaddr = pcap_ether_hostton(name);
2277 if (eaddr == NULL)
2278 bpf_error(
2279 "unknown ether host '%s'", name);
2280 return gen_ehostop(eaddr, dir);
2281
2282 case DLT_FDDI:
2283 eaddr = pcap_ether_hostton(name);
2284 if (eaddr == NULL)
2285 bpf_error(
2286 "unknown FDDI host '%s'", name);
2287 return gen_fhostop(eaddr, dir);
2288
2289 case DLT_IEEE802:
2290 eaddr = pcap_ether_hostton(name);
2291 if (eaddr == NULL)
2292 bpf_error(
2293 "unknown token ring host '%s'", name);
2294 return gen_thostop(eaddr, dir);
2295
2296 default:
2297 bpf_error(
2298 "only ethernet/FDDI/token ring supports link-level host name");
2299 break;
2300 }
2301 } else if (proto == Q_DECNET) {
2302 unsigned short dn_addr = __pcap_nametodnaddr(name);
2303 /*
2304 * I don't think DECNET hosts can be multihomed, so
2305 * there is no need to build up a list of addresses
2306 */
2307 return (gen_host(dn_addr, 0, proto, dir));
2308 } else {
2309 #ifndef INET6
2310 alist = pcap_nametoaddr(name);
2311 if (alist == NULL || *alist == NULL)
2312 bpf_error("unknown host '%s'", name);
2313 tproto = proto;
2314 if (off_linktype == -1 && tproto == Q_DEFAULT)
2315 tproto = Q_IP;
2316 b = gen_host(**alist++, 0xffffffff, tproto, dir);
2317 while (*alist) {
2318 tmp = gen_host(**alist++, 0xffffffff,
2319 tproto, dir);
2320 gen_or(b, tmp);
2321 b = tmp;
2322 }
2323 return b;
2324 #else
2325 memset(&mask128, 0xff, sizeof(mask128));
2326 res0 = res = pcap_nametoaddrinfo(name);
2327 if (res == NULL)
2328 bpf_error("unknown host '%s'", name);
2329 b = tmp = NULL;
2330 tproto = tproto6 = proto;
2331 if (off_linktype == -1 && tproto == Q_DEFAULT) {
2332 tproto = Q_IP;
2333 tproto6 = Q_IPV6;
2334 }
2335 for (res = res0; res; res = res->ai_next) {
2336 switch (res->ai_family) {
2337 case AF_INET:
2338 if (tproto == Q_IPV6)
2339 continue;
2340
2341 sin = (struct sockaddr_in *)
2342 res->ai_addr;
2343 tmp = gen_host(ntohl(sin->sin_addr.s_addr),
2344 0xffffffff, tproto, dir);
2345 break;
2346 case AF_INET6:
2347 if (tproto6 == Q_IP)
2348 continue;
2349
2350 sin6 = (struct sockaddr_in6 *)
2351 res->ai_addr;
2352 tmp = gen_host6(&sin6->sin6_addr,
2353 &mask128, tproto6, dir);
2354 break;
2355 }
2356 if (b)
2357 gen_or(b, tmp);
2358 b = tmp;
2359 }
2360 freeaddrinfo(res0);
2361 if (b == NULL) {
2362 bpf_error("unknown host '%s'%s", name,
2363 (proto == Q_DEFAULT)
2364 ? ""
2365 : " for specified address family");
2366 }
2367 return b;
2368 #endif /*INET6*/
2369 }
2370
2371 case Q_PORT:
2372 if (proto != Q_DEFAULT && proto != Q_UDP && proto != Q_TCP)
2373 bpf_error("illegal qualifier of 'port'");
2374 if (pcap_nametoport(name, &port, &real_proto) == 0)
2375 bpf_error("unknown port '%s'", name);
2376 if (proto == Q_UDP) {
2377 if (real_proto == IPPROTO_TCP)
2378 bpf_error("port '%s' is tcp", name);
2379 else
2380 /* override PROTO_UNDEF */
2381 real_proto = IPPROTO_UDP;
2382 }
2383 if (proto == Q_TCP) {
2384 if (real_proto == IPPROTO_UDP)
2385 bpf_error("port '%s' is udp", name);
2386 else
2387 /* override PROTO_UNDEF */
2388 real_proto = IPPROTO_TCP;
2389 }
2390 #ifndef INET6
2391 return gen_port(port, real_proto, dir);
2392 #else
2393 {
2394 struct block *b;
2395 b = gen_port(port, real_proto, dir);
2396 gen_or(gen_port6(port, real_proto, dir), b);
2397 return b;
2398 }
2399 #endif /* INET6 */
2400
2401 case Q_GATEWAY:
2402 #ifndef INET6
2403 eaddr = pcap_ether_hostton(name);
2404 if (eaddr == NULL)
2405 bpf_error("unknown ether host: %s", name);
2406
2407 alist = pcap_nametoaddr(name);
2408 if (alist == NULL || *alist == NULL)
2409 bpf_error("unknown host '%s'", name);
2410 return gen_gateway(eaddr, alist, proto, dir);
2411 #else
2412 bpf_error("'gateway' not supported in this configuration");
2413 #endif /*INET6*/
2414
2415 case Q_PROTO:
2416 real_proto = lookup_proto(name, proto);
2417 if (real_proto >= 0)
2418 return gen_proto(real_proto, proto, dir);
2419 else
2420 bpf_error("unknown protocol: %s", name);
2421
2422 case Q_PROTOCHAIN:
2423 real_proto = lookup_proto(name, proto);
2424 if (real_proto >= 0)
2425 return gen_protochain(real_proto, proto, dir);
2426 else
2427 bpf_error("unknown protocol: %s", name);
2428
2429
2430 case Q_UNDEF:
2431 syntax();
2432 /* NOTREACHED */
2433 }
2434 abort();
2435 /* NOTREACHED */
2436 }
2437
2438 struct block *
2439 gen_mcode(s1, s2, masklen, q)
2440 register const char *s1, *s2;
2441 register int masklen;
2442 struct qual q;
2443 {
2444 register int nlen, mlen;
2445 bpf_u_int32 n, m;
2446
2447 nlen = __pcap_atoin(s1, &n);
2448 /* Promote short ipaddr */
2449 n <<= 32 - nlen;
2450
2451 if (s2 != NULL) {
2452 mlen = __pcap_atoin(s2, &m);
2453 /* Promote short ipaddr */
2454 m <<= 32 - mlen;
2455 if ((n & ~m) != 0)
2456 bpf_error("non-network bits set in \"%s mask %s\"",
2457 s1, s2);
2458 } else {
2459 /* Convert mask len to mask */
2460 if (masklen > 32)
2461 bpf_error("mask length must be <= 32");
2462 m = 0xffffffff << (32 - masklen);
2463 if ((n & ~m) != 0)
2464 bpf_error("non-network bits set in \"%s/%d\"",
2465 s1, masklen);
2466 }
2467
2468 switch (q.addr) {
2469
2470 case Q_NET:
2471 return gen_host(n, m, q.proto, q.dir);
2472
2473 default:
2474 bpf_error("Mask syntax for networks only");
2475 /* NOTREACHED */
2476 }
2477 }
2478
2479 struct block *
2480 gen_ncode(s, v, q)
2481 register const char *s;
2482 bpf_u_int32 v;
2483 struct qual q;
2484 {
2485 bpf_u_int32 mask;
2486 int proto = q.proto;
2487 int dir = q.dir;
2488 register int vlen;
2489
2490 if (s == NULL)
2491 vlen = 32;
2492 else if (q.proto == Q_DECNET)
2493 vlen = __pcap_atodn(s, &v);
2494 else
2495 vlen = __pcap_atoin(s, &v);
2496
2497 switch (q.addr) {
2498
2499 case Q_DEFAULT:
2500 case Q_HOST:
2501 case Q_NET:
2502 if (proto == Q_DECNET)
2503 return gen_host(v, 0, proto, dir);
2504 else if (proto == Q_LINK) {
2505 bpf_error("illegal link layer address");
2506 } else {
2507 mask = 0xffffffff;
2508 if (s == NULL && q.addr == Q_NET) {
2509 /* Promote short net number */
2510 while (v && (v & 0xff000000) == 0) {
2511 v <<= 8;
2512 mask <<= 8;
2513 }
2514 } else {
2515 /* Promote short ipaddr */
2516 v <<= 32 - vlen;
2517 mask <<= 32 - vlen;
2518 }
2519 return gen_host(v, mask, proto, dir);
2520 }
2521
2522 case Q_PORT:
2523 if (proto == Q_UDP)
2524 proto = IPPROTO_UDP;
2525 else if (proto == Q_TCP)
2526 proto = IPPROTO_TCP;
2527 else if (proto == Q_DEFAULT)
2528 proto = PROTO_UNDEF;
2529 else
2530 bpf_error("illegal qualifier of 'port'");
2531
2532 #ifndef INET6
2533 return gen_port((int)v, proto, dir);
2534 #else
2535 {
2536 struct block *b;
2537 b = gen_port((int)v, proto, dir);
2538 gen_or(gen_port6((int)v, proto, dir), b);
2539 return b;
2540 }
2541 #endif /* INET6 */
2542
2543 case Q_GATEWAY:
2544 bpf_error("'gateway' requires a name");
2545 /* NOTREACHED */
2546
2547 case Q_PROTO:
2548 return gen_proto((int)v, proto, dir);
2549
2550 case Q_PROTOCHAIN:
2551 return gen_protochain((int)v, proto, dir);
2552
2553 case Q_UNDEF:
2554 syntax();
2555 /* NOTREACHED */
2556
2557 default:
2558 abort();
2559 /* NOTREACHED */
2560 }
2561 /* NOTREACHED */
2562 }
2563
2564 #ifdef INET6
2565 struct block *
2566 gen_mcode6(s1, s2, masklen, q)
2567 register const char *s1, *s2;
2568 register int masklen;
2569 struct qual q;
2570 {
2571 struct addrinfo *res;
2572 struct in6_addr *addr;
2573 struct in6_addr mask;
2574 struct block *b;
2575 u_int32_t *a, *m;
2576
2577 if (s2)
2578 bpf_error("no mask %s supported", s2);
2579
2580 res = pcap_nametoaddrinfo(s1);
2581 if (!res)
2582 bpf_error("invalid ip6 address %s", s1);
2583 if (res->ai_next)
2584 bpf_error("%s resolved to multiple address", s1);
2585 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr;
2586
2587 if (sizeof(mask) * 8 < masklen)
2588 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8));
2589 memset(&mask, 0xff, masklen / 8);
2590 if (masklen % 8) {
2591 mask.s6_addr[masklen / 8] =
2592 (0xff << (8 - masklen % 8)) & 0xff;
2593 }
2594
2595 a = (u_int32_t *)addr;
2596 m = (u_int32_t *)&mask;
2597 if ((a[0] & ~m[0]) || (a[1] & ~m[1])
2598 || (a[2] & ~m[2]) || (a[3] & ~m[3])) {
2599 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen);
2600 }
2601
2602 switch (q.addr) {
2603
2604 case Q_DEFAULT:
2605 case Q_HOST:
2606 if (masklen != 128)
2607 bpf_error("Mask syntax for networks only");
2608 /* FALLTHROUGH */
2609
2610 case Q_NET:
2611 b = gen_host6(addr, &mask, q.proto, q.dir);
2612 freeaddrinfo(res);
2613 return b;
2614
2615 default:
2616 bpf_error("invalid qualifier against IPv6 address");
2617 /* NOTREACHED */
2618 }
2619 }
2620 #endif /*INET6*/
2621
2622 struct block *
2623 gen_ecode(eaddr, q)
2624 register const u_char *eaddr;
2625 struct qual q;
2626 {
2627 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
2628 if (linktype == DLT_EN10MB)
2629 return gen_ehostop(eaddr, (int)q.dir);
2630 if (linktype == DLT_FDDI)
2631 return gen_fhostop(eaddr, (int)q.dir);
2632 if (linktype == DLT_IEEE802)
2633 return gen_thostop(eaddr, (int)q.dir);
2634 }
2635 bpf_error("ethernet address used in non-ether expression");
2636 /* NOTREACHED */
2637 }
2638
2639 void
2640 sappend(s0, s1)
2641 struct slist *s0, *s1;
2642 {
2643 /*
2644 * This is definitely not the best way to do this, but the
2645 * lists will rarely get long.
2646 */
2647 while (s0->next)
2648 s0 = s0->next;
2649 s0->next = s1;
2650 }
2651
2652 static struct slist *
2653 xfer_to_x(a)
2654 struct arth *a;
2655 {
2656 struct slist *s;
2657
2658 s = new_stmt(BPF_LDX|BPF_MEM);
2659 s->s.k = a->regno;
2660 return s;
2661 }
2662
2663 static struct slist *
2664 xfer_to_a(a)
2665 struct arth *a;
2666 {
2667 struct slist *s;
2668
2669 s = new_stmt(BPF_LD|BPF_MEM);
2670 s->s.k = a->regno;
2671 return s;
2672 }
2673
2674 struct arth *
2675 gen_load(proto, index, size)
2676 int proto;
2677 struct arth *index;
2678 int size;
2679 {
2680 struct slist *s, *tmp;
2681 struct block *b;
2682 int regno = alloc_reg();
2683
2684 free_reg(index->regno);
2685 switch (size) {
2686
2687 default:
2688 bpf_error("data size must be 1, 2, or 4");
2689
2690 case 1:
2691 size = BPF_B;
2692 break;
2693
2694 case 2:
2695 size = BPF_H;
2696 break;
2697
2698 case 4:
2699 size = BPF_W;
2700 break;
2701 }
2702 switch (proto) {
2703 default:
2704 bpf_error("unsupported index operation");
2705
2706 case Q_LINK:
2707 s = xfer_to_x(index);
2708 tmp = new_stmt(BPF_LD|BPF_IND|size);
2709 sappend(s, tmp);
2710 sappend(index->s, s);
2711 break;
2712
2713 case Q_IP:
2714 case Q_ARP:
2715 case Q_RARP:
2716 case Q_ATALK:
2717 case Q_DECNET:
2718 case Q_SCA:
2719 case Q_LAT:
2720 case Q_MOPRC:
2721 case Q_MOPDL:
2722 #ifdef INET6
2723 case Q_IPV6:
2724 #endif
2725 /* XXX Note that we assume a fixed link header here. */
2726 s = xfer_to_x(index);
2727 tmp = new_stmt(BPF_LD|BPF_IND|size);
2728 tmp->s.k = off_nl;
2729 sappend(s, tmp);
2730 sappend(index->s, s);
2731
2732 b = gen_proto_abbrev(proto);
2733 if (index->b)
2734 gen_and(index->b, b);
2735 index->b = b;
2736 break;
2737
2738 case Q_TCP:
2739 case Q_UDP:
2740 case Q_ICMP:
2741 case Q_IGMP:
2742 case Q_IGRP:
2743 case Q_PIM:
2744 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
2745 s->s.k = off_nl;
2746 sappend(s, xfer_to_a(index));
2747 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X));
2748 sappend(s, new_stmt(BPF_MISC|BPF_TAX));
2749 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size));
2750 tmp->s.k = off_nl;
2751 sappend(index->s, s);
2752
2753 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag());
2754 if (index->b)
2755 gen_and(index->b, b);
2756 #ifdef INET6
2757 gen_and(gen_proto_abbrev(Q_IP), b);
2758 #endif
2759 index->b = b;
2760 break;
2761 #ifdef INET6
2762 case Q_ICMPV6:
2763 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]");
2764 /*NOTREACHED*/
2765 #endif
2766 }
2767 index->regno = regno;
2768 s = new_stmt(BPF_ST);
2769 s->s.k = regno;
2770 sappend(index->s, s);
2771
2772 return index;
2773 }
2774
2775 struct block *
2776 gen_relation(code, a0, a1, reversed)
2777 int code;
2778 struct arth *a0, *a1;
2779 int reversed;
2780 {
2781 struct slist *s0, *s1, *s2;
2782 struct block *b, *tmp;
2783
2784 s0 = xfer_to_x(a1);
2785 s1 = xfer_to_a(a0);
2786 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X);
2787 b = new_block(JMP(code));
2788 if (code == BPF_JGT || code == BPF_JGE) {
2789 reversed = !reversed;
2790 b->s.k = 0x80000000;
2791 }
2792 if (reversed)
2793 gen_not(b);
2794
2795 sappend(s1, s2);
2796 sappend(s0, s1);
2797 sappend(a1->s, s0);
2798 sappend(a0->s, a1->s);
2799
2800 b->stmts = a0->s;
2801
2802 free_reg(a0->regno);
2803 free_reg(a1->regno);
2804
2805 /* 'and' together protocol checks */
2806 if (a0->b) {
2807 if (a1->b) {
2808 gen_and(a0->b, tmp = a1->b);
2809 }
2810 else
2811 tmp = a0->b;
2812 } else
2813 tmp = a1->b;
2814
2815 if (tmp)
2816 gen_and(tmp, b);
2817
2818 return b;
2819 }
2820
2821 struct arth *
2822 gen_loadlen()
2823 {
2824 int regno = alloc_reg();
2825 struct arth *a = (struct arth *)newchunk(sizeof(*a));
2826 struct slist *s;
2827
2828 s = new_stmt(BPF_LD|BPF_LEN);
2829 s->next = new_stmt(BPF_ST);
2830 s->next->s.k = regno;
2831 a->s = s;
2832 a->regno = regno;
2833
2834 return a;
2835 }
2836
2837 struct arth *
2838 gen_loadi(val)
2839 int val;
2840 {
2841 struct arth *a;
2842 struct slist *s;
2843 int reg;
2844
2845 a = (struct arth *)newchunk(sizeof(*a));
2846
2847 reg = alloc_reg();
2848
2849 s = new_stmt(BPF_LD|BPF_IMM);
2850 s->s.k = val;
2851 s->next = new_stmt(BPF_ST);
2852 s->next->s.k = reg;
2853 a->s = s;
2854 a->regno = reg;
2855
2856 return a;
2857 }
2858
2859 struct arth *
2860 gen_neg(a)
2861 struct arth *a;
2862 {
2863 struct slist *s;
2864
2865 s = xfer_to_a(a);
2866 sappend(a->s, s);
2867 s = new_stmt(BPF_ALU|BPF_NEG);
2868 s->s.k = 0;
2869 sappend(a->s, s);
2870 s = new_stmt(BPF_ST);
2871 s->s.k = a->regno;
2872 sappend(a->s, s);
2873
2874 return a;
2875 }
2876
2877 struct arth *
2878 gen_arth(code, a0, a1)
2879 int code;
2880 struct arth *a0, *a1;
2881 {
2882 struct slist *s0, *s1, *s2;
2883
2884 s0 = xfer_to_x(a1);
2885 s1 = xfer_to_a(a0);
2886 s2 = new_stmt(BPF_ALU|BPF_X|code);
2887
2888 sappend(s1, s2);
2889 sappend(s0, s1);
2890 sappend(a1->s, s0);
2891 sappend(a0->s, a1->s);
2892
2893 free_reg(a1->regno);
2894
2895 s0 = new_stmt(BPF_ST);
2896 a0->regno = s0->s.k = alloc_reg();
2897 sappend(a0->s, s0);
2898
2899 return a0;
2900 }
2901
2902 /*
2903 * Here we handle simple allocation of the scratch registers.
2904 * If too many registers are alloc'd, the allocator punts.
2905 */
2906 static int regused[BPF_MEMWORDS];
2907 static int curreg;
2908
2909 /*
2910 * Return the next free register.
2911 */
2912 static int
2913 alloc_reg()
2914 {
2915 int n = BPF_MEMWORDS;
2916
2917 while (--n >= 0) {
2918 if (regused[curreg])
2919 curreg = (curreg + 1) % BPF_MEMWORDS;
2920 else {
2921 regused[curreg] = 1;
2922 return curreg;
2923 }
2924 }
2925 bpf_error("too many registers needed to evaluate expression");
2926 /* NOTREACHED */
2927 }
2928
2929 /*
2930 * Return a register to the table so it can
2931 * be used later.
2932 */
2933 static void
2934 free_reg(n)
2935 int n;
2936 {
2937 regused[n] = 0;
2938 }
2939
2940 static struct block *
2941 gen_len(jmp, n)
2942 int jmp, n;
2943 {
2944 struct slist *s;
2945 struct block *b;
2946
2947 s = new_stmt(BPF_LD|BPF_LEN);
2948 b = new_block(JMP(jmp));
2949 b->stmts = s;
2950 b->s.k = n;
2951
2952 return b;
2953 }
2954
2955 struct block *
2956 gen_greater(n)
2957 int n;
2958 {
2959 return gen_len(BPF_JGE, n);
2960 }
2961
2962 /*
2963 * Actually, this is less than or equal.
2964 */
2965 struct block *
2966 gen_less(n)
2967 int n;
2968 {
2969 struct block *b;
2970
2971 b = gen_len(BPF_JGT, n);
2972 gen_not(b);
2973
2974 return b;
2975 }
2976
2977 struct block *
2978 gen_byteop(op, idx, val)
2979 int op, idx, val;
2980 {
2981 struct block *b;
2982 struct slist *s;
2983
2984 switch (op) {
2985 default:
2986 abort();
2987
2988 case '=':
2989 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
2990
2991 case '<':
2992 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
2993 b->s.code = JMP(BPF_JGE);
2994 gen_not(b);
2995 return b;
2996
2997 case '>':
2998 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
2999 b->s.code = JMP(BPF_JGT);
3000 return b;
3001
3002 case '|':
3003 s = new_stmt(BPF_ALU|BPF_OR|BPF_K);
3004 break;
3005
3006 case '&':
3007 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
3008 break;
3009 }
3010 s->s.k = val;
3011 b = new_block(JMP(BPF_JEQ));
3012 b->stmts = s;
3013 gen_not(b);
3014
3015 return b;
3016 }
3017
3018 struct block *
3019 gen_broadcast(proto)
3020 int proto;
3021 {
3022 bpf_u_int32 hostmask;
3023 struct block *b0, *b1, *b2;
3024 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
3025
3026 switch (proto) {
3027
3028 case Q_DEFAULT:
3029 case Q_LINK:
3030 if (linktype == DLT_EN10MB)
3031 return gen_ehostop(ebroadcast, Q_DST);
3032 if (linktype == DLT_FDDI)
3033 return gen_fhostop(ebroadcast, Q_DST);
3034 if (linktype == DLT_IEEE802)
3035 return gen_thostop(ebroadcast, Q_DST);
3036 bpf_error("not a broadcast link");
3037 break;
3038
3039 case Q_IP:
3040 b0 = gen_linktype(ETHERTYPE_IP);
3041 hostmask = ~netmask;
3042 b1 = gen_mcmp(off_nl + 16, BPF_W, (bpf_int32)0, hostmask);
3043 b2 = gen_mcmp(off_nl + 16, BPF_W,
3044 (bpf_int32)(~0 & hostmask), hostmask);
3045 gen_or(b1, b2);
3046 gen_and(b0, b2);
3047 return b2;
3048 }
3049 bpf_error("only ether/ip broadcast filters supported");
3050 }
3051
3052 struct block *
3053 gen_multicast(proto)
3054 int proto;
3055 {
3056 register struct block *b0, *b1;
3057 register struct slist *s;
3058
3059 switch (proto) {
3060
3061 case Q_DEFAULT:
3062 case Q_LINK:
3063 if (linktype == DLT_EN10MB) {
3064 /* ether[0] & 1 != 0 */
3065 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
3066 s->s.k = 0;
3067 b0 = new_block(JMP(BPF_JSET));
3068 b0->s.k = 1;
3069 b0->stmts = s;
3070 return b0;
3071 }
3072
3073 if (linktype == DLT_FDDI) {
3074 /* XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX */
3075 /* fddi[1] & 1 != 0 */
3076 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
3077 s->s.k = 1;
3078 b0 = new_block(JMP(BPF_JSET));
3079 b0->s.k = 1;
3080 b0->stmts = s;
3081 return b0;
3082 }
3083
3084 /* TODO - check how token ring handles multicast */
3085 /* if (linktype == DLT_IEEE802) ... */
3086
3087 /* Link not known to support multicasts */
3088 break;
3089
3090 case Q_IP:
3091 b0 = gen_linktype(ETHERTYPE_IP);
3092 b1 = gen_cmp(off_nl + 16, BPF_B, (bpf_int32)224);
3093 b1->s.code = JMP(BPF_JGE);
3094 gen_and(b0, b1);
3095 return b1;
3096
3097 #ifdef INET6
3098 case Q_IPV6:
3099 b0 = gen_linktype(ETHERTYPE_IPV6);
3100 b1 = gen_cmp(off_nl + 24, BPF_B, (bpf_int32)255);
3101 gen_and(b0, b1);
3102 return b1;
3103 #endif /* INET6 */
3104 }
3105 bpf_error("only IP multicast filters supported on ethernet/FDDI");
3106 }
3107
3108 /*
3109 * generate command for inbound/outbound. It's here so we can
3110 * make it link-type specific. 'dir' = 0 implies "inbound",
3111 * = 1 implies "outbound".
3112 */
3113 struct block *
3114 gen_inbound(dir)
3115 int dir;
3116 {
3117 register struct block *b0;
3118
3119 b0 = gen_relation(BPF_JEQ,
3120 gen_load(Q_LINK, gen_loadi(0), 1),
3121 gen_loadi(0),
3122 dir);
3123 return (b0);
3124 }
3125
3126 /*
3127 * support IEEE 802.1Q VLAN trunk over ethernet
3128 */
3129 struct block *
3130 gen_vlan(vlan_num)
3131 int vlan_num;
3132 {
3133 static u_int orig_linktype = -1, orig_nl = -1;
3134 struct block *b0;
3135
3136 /*
3137 * Change the offsets to point to the type and data fields within
3138 * the VLAN packet. This is somewhat of a kludge.
3139 */
3140 if (orig_nl == (u_int)-1) {
3141 orig_linktype = off_linktype; /* save original values */
3142 orig_nl = off_nl;
3143
3144 switch (linktype) {
3145
3146 case DLT_EN10MB:
3147 off_linktype = 16;
3148 off_nl = 18;
3149 break;
3150
3151 default:
3152 bpf_error("no VLAN support for data link type %d",
3153 linktype);
3154 /*NOTREACHED*/
3155 }
3156 }
3157
3158 /* check for VLAN */
3159 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q);
3160
3161 /* If a specific VLAN is requested, check VLAN id */
3162 if (vlan_num >= 0) {
3163 struct block *b1;
3164
3165 b1 = gen_cmp(orig_nl, BPF_H, (bpf_int32)vlan_num);
3166 gen_and(b0, b1);
3167 b0 = b1;
3168 }
3169
3170 return (b0);
3171 }
[mirror] the LIBpcap interface to various kernel packet capture mechanism