]> The Tcpdump Group git mirrors - libpcap/blob - gencode.c
projects / libpcap / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Put the FDDI padding (if any) into the pcap_t structure on platforms
[libpcap] / gencode.c
1 /*#define CHASE_CHAIN*/
2 /*
3 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998
4 * The Regents of the University of California. All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that: (1) source code distributions
8 * retain the above copyright notice and this paragraph in its entirety, (2)
9 * distributions including binary code include the above copyright notice and
10 * this paragraph in its entirety in the documentation or other materials
11 * provided with the distribution, and (3) all advertising materials mentioning
12 * features or use of this software display the following acknowledgement:
13 * ``This product includes software developed by the University of California,
14 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
15 * the University nor the names of its contributors may be used to endorse
16 * or promote products derived from this software without specific prior
17 * written permission.
18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
19 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
20 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
21 */
22 #ifndef lint
23 static const char rcsid[] _U_ =
24 "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.213 2004-12-15 00:25:08 guy Exp $ (LBL)";
25 #endif
26
27 #ifdef HAVE_CONFIG_H
28 #include "config.h"
29 #endif
30
31 #ifdef WIN32
32 #include <pcap-stdinc.h>
33 #else /* WIN32 */
34 #include <sys/types.h>
35 #include <sys/socket.h>
36 #include <sys/time.h>
37 #endif /* WIN32 */
38
39 /*
40 * XXX - why was this included even on UNIX?
41 */
42 #ifdef __MINGW32__
43 #include "IP6_misc.h"
44 #endif
45
46 #ifndef WIN32
47
48 #ifdef __NetBSD__
49 #include <sys/param.h>
50 #endif
51
52 #include <netinet/in.h>
53
54 #endif /* WIN32 */
55
56 #include <stdlib.h>
57 #include <string.h>
58 #include <memory.h>
59 #include <setjmp.h>
60 #include <stdarg.h>
61
62 #include "pcap-int.h"
63
64 #include "ethertype.h"
65 #include "nlpid.h"
66 #include "llc.h"
67 #include "gencode.h"
68 #include "atmuni31.h"
69 #include "sunatmpos.h"
70 #include "ppp.h"
71 #include "sll.h"
72 #include "arcnet.h"
73 #include "pf.h"
74 #ifndef offsetof
75 #define offsetof(s, e) ((size_t)&((s *)0)->e)
76 #endif
77 #ifdef INET6
78 #ifndef WIN32
79 #include <netdb.h> /* for "struct addrinfo" */
80 #endif /* WIN32 */
81 #endif /*INET6*/
82 #include <pcap-namedb.h>
83
84 #define ETHERMTU 1500
85
86 #ifndef IPPROTO_SCTP
87 #define IPPROTO_SCTP 132
88 #endif
89
90 #ifdef HAVE_OS_PROTO_H
91 #include "os-proto.h"
92 #endif
93
94 #define JMP(c) ((c)|BPF_JMP|BPF_K)
95
96 /* Locals */
97 static jmp_buf top_ctx;
98 static pcap_t *bpf_pcap;
99
100 /* Hack for updating VLAN, MPLS offsets. */
101 static u_int orig_linktype = -1U, orig_nl = -1U, orig_nl_nosnap = -1U;
102
103 /* XXX */
104 #ifdef PCAP_FDDIPAD
105 static int pcap_fddipad;
106 #endif
107
108 /* VARARGS */
109 void
110 bpf_error(const char *fmt, ...)
111
112 {
113 va_list ap;
114
115 va_start(ap, fmt);
116 if (bpf_pcap != NULL)
117 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE,
118 fmt, ap);
119 va_end(ap);
120 longjmp(top_ctx, 1);
121 /* NOTREACHED */
122 }
123
124 static void init_linktype(pcap_t *);
125
126 static int alloc_reg(void);
127 static void free_reg(int);
128
129 static struct block *root;
130
131 /*
132 * We divy out chunks of memory rather than call malloc each time so
133 * we don't have to worry about leaking memory. It's probably
134 * not a big deal if all this memory was wasted but if this ever
135 * goes into a library that would probably not be a good idea.
136 *
137 * XXX - this *is* in a library....
138 */
139 #define NCHUNKS 16
140 #define CHUNK0SIZE 1024
141 struct chunk {
142 u_int n_left;
143 void *m;
144 };
145
146 static struct chunk chunks[NCHUNKS];
147 static int cur_chunk;
148
149 static void *newchunk(u_int);
150 static void freechunks(void);
151 static inline struct block *new_block(int);
152 static inline struct slist *new_stmt(int);
153 static struct block *gen_retblk(int);
154 static inline void syntax(void);
155
156 static void backpatch(struct block *, struct block *);
157 static void merge(struct block *, struct block *);
158 static struct block *gen_cmp(u_int, u_int, bpf_int32);
159 static struct block *gen_cmp_gt(u_int, u_int, bpf_int32);
160 static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32);
161 static struct block *gen_bcmp(u_int, u_int, const u_char *);
162 static struct block *gen_ncmp(bpf_u_int32, bpf_u_int32, bpf_u_int32,
163 bpf_u_int32, bpf_u_int32, int);
164 static struct block *gen_uncond(int);
165 static inline struct block *gen_true(void);
166 static inline struct block *gen_false(void);
167 static struct block *gen_ether_linktype(int);
168 static struct block *gen_linux_sll_linktype(int);
169 static struct block *gen_linktype(int);
170 static struct block *gen_snap(bpf_u_int32, bpf_u_int32, u_int);
171 static struct block *gen_llc(int);
172 static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int);
173 #ifdef INET6
174 static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int);
175 #endif
176 static struct block *gen_ahostop(const u_char *, int);
177 static struct block *gen_ehostop(const u_char *, int);
178 static struct block *gen_fhostop(const u_char *, int);
179 static struct block *gen_thostop(const u_char *, int);
180 static struct block *gen_wlanhostop(const u_char *, int);
181 static struct block *gen_ipfchostop(const u_char *, int);
182 static struct block *gen_dnhostop(bpf_u_int32, int, u_int);
183 static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int);
184 #ifdef INET6
185 static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int);
186 #endif
187 #ifndef INET6
188 static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int);
189 #endif
190 static struct block *gen_ipfrag(void);
191 static struct block *gen_portatom(int, bpf_int32);
192 #ifdef INET6
193 static struct block *gen_portatom6(int, bpf_int32);
194 #endif
195 struct block *gen_portop(int, int, int);
196 static struct block *gen_port(int, int, int);
197 #ifdef INET6
198 struct block *gen_portop6(int, int, int);
199 static struct block *gen_port6(int, int, int);
200 #endif
201 static int lookup_proto(const char *, int);
202 static struct block *gen_protochain(int, int, int);
203 static struct block *gen_proto(int, int, int);
204 static struct slist *xfer_to_x(struct arth *);
205 static struct slist *xfer_to_a(struct arth *);
206 static struct block *gen_mac_multicast(int);
207 static struct block *gen_len(int, int);
208
209 static struct block *gen_msg_abbrev(int type);
210
211 static void *
212 newchunk(n)
213 u_int n;
214 {
215 struct chunk *cp;
216 int k;
217 size_t size;
218
219 #ifndef __NetBSD__
220 /* XXX Round up to nearest long. */
221 n = (n + sizeof(long) - 1) & ~(sizeof(long) - 1);
222 #else
223 /* XXX Round up to structure boundary. */
224 n = ALIGN(n);
225 #endif
226
227 cp = &chunks[cur_chunk];
228 if (n > cp->n_left) {
229 ++cp, k = ++cur_chunk;
230 if (k >= NCHUNKS)
231 bpf_error("out of memory");
232 size = CHUNK0SIZE << k;
233 cp->m = (void *)malloc(size);
234 if (cp->m == NULL)
235 bpf_error("out of memory");
236 memset((char *)cp->m, 0, size);
237 cp->n_left = size;
238 if (n > size)
239 bpf_error("out of memory");
240 }
241 cp->n_left -= n;
242 return (void *)((char *)cp->m + cp->n_left);
243 }
244
245 static void
246 freechunks()
247 {
248 int i;
249
250 cur_chunk = 0;
251 for (i = 0; i < NCHUNKS; ++i)
252 if (chunks[i].m != NULL) {
253 free(chunks[i].m);
254 chunks[i].m = NULL;
255 }
256 }
257
258 /*
259 * A strdup whose allocations are freed after code generation is over.
260 */
261 char *
262 sdup(s)
263 register const char *s;
264 {
265 int n = strlen(s) + 1;
266 char *cp = newchunk(n);
267
268 strlcpy(cp, s, n);
269 return (cp);
270 }
271
272 static inline struct block *
273 new_block(code)
274 int code;
275 {
276 struct block *p;
277
278 p = (struct block *)newchunk(sizeof(*p));
279 p->s.code = code;
280 p->head = p;
281
282 return p;
283 }
284
285 static inline struct slist *
286 new_stmt(code)
287 int code;
288 {
289 struct slist *p;
290
291 p = (struct slist *)newchunk(sizeof(*p));
292 p->s.code = code;
293
294 return p;
295 }
296
297 static struct block *
298 gen_retblk(v)
299 int v;
300 {
301 struct block *b = new_block(BPF_RET|BPF_K);
302
303 b->s.k = v;
304 return b;
305 }
306
307 static inline void
308 syntax()
309 {
310 bpf_error("syntax error in filter expression");
311 }
312
313 static bpf_u_int32 netmask;
314 static int snaplen;
315 int no_optimize;
316
317 int
318 pcap_compile(pcap_t *p, struct bpf_program *program,
319 char *buf, int optimize, bpf_u_int32 mask)
320 {
321 extern int n_errors;
322 int len;
323
324 no_optimize = 0;
325 n_errors = 0;
326 root = NULL;
327 bpf_pcap = p;
328 if (setjmp(top_ctx)) {
329 lex_cleanup();
330 freechunks();
331 return (-1);
332 }
333
334 netmask = mask;
335
336 snaplen = pcap_snapshot(p);
337 if (snaplen == 0) {
338 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
339 "snaplen of 0 rejects all packets");
340 return -1;
341 }
342
343 lex_init(buf ? buf : "");
344 init_linktype(p);
345 (void)pcap_parse();
346
347 if (n_errors)
348 syntax();
349
350 if (root == NULL)
351 root = gen_retblk(snaplen);
352
353 if (optimize && !no_optimize) {
354 bpf_optimize(&root);
355 if (root == NULL ||
356 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0))
357 bpf_error("expression rejects all packets");
358 }
359 program->bf_insns = icode_to_fcode(root, &len);
360 program->bf_len = len;
361
362 lex_cleanup();
363 freechunks();
364 return (0);
365 }
366
367 /*
368 * entry point for using the compiler with no pcap open
369 * pass in all the stuff that is needed explicitly instead.
370 */
371 int
372 pcap_compile_nopcap(int snaplen_arg, int linktype_arg,
373 struct bpf_program *program,
374 char *buf, int optimize, bpf_u_int32 mask)
375 {
376 pcap_t *p;
377 int ret;
378
379 p = pcap_open_dead(linktype_arg, snaplen_arg);
380 if (p == NULL)
381 return (-1);
382 ret = pcap_compile(p, program, buf, optimize, mask);
383 pcap_close(p);
384 return (ret);
385 }
386
387 /*
388 * Clean up a "struct bpf_program" by freeing all the memory allocated
389 * in it.
390 */
391 void
392 pcap_freecode(struct bpf_program *program)
393 {
394 program->bf_len = 0;
395 if (program->bf_insns != NULL) {
396 free((char *)program->bf_insns);
397 program->bf_insns = NULL;
398 }
399 }
400
401 /*
402 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates
403 * which of the jt and jf fields has been resolved and which is a pointer
404 * back to another unresolved block (or nil). At least one of the fields
405 * in each block is already resolved.
406 */
407 static void
408 backpatch(list, target)
409 struct block *list, *target;
410 {
411 struct block *next;
412
413 while (list) {
414 if (!list->sense) {
415 next = JT(list);
416 JT(list) = target;
417 } else {
418 next = JF(list);
419 JF(list) = target;
420 }
421 list = next;
422 }
423 }
424
425 /*
426 * Merge the lists in b0 and b1, using the 'sense' field to indicate
427 * which of jt and jf is the link.
428 */
429 static void
430 merge(b0, b1)
431 struct block *b0, *b1;
432 {
433 register struct block **p = &b0;
434
435 /* Find end of list. */
436 while (*p)
437 p = !((*p)->sense) ? &JT(*p) : &JF(*p);
438
439 /* Concatenate the lists. */
440 *p = b1;
441 }
442
443 void
444 finish_parse(p)
445 struct block *p;
446 {
447 backpatch(p, gen_retblk(snaplen));
448 p->sense = !p->sense;
449 backpatch(p, gen_retblk(0));
450 root = p->head;
451 }
452
453 void
454 gen_and(b0, b1)
455 struct block *b0, *b1;
456 {
457 backpatch(b0, b1->head);
458 b0->sense = !b0->sense;
459 b1->sense = !b1->sense;
460 merge(b1, b0);
461 b1->sense = !b1->sense;
462 b1->head = b0->head;
463 }
464
465 void
466 gen_or(b0, b1)
467 struct block *b0, *b1;
468 {
469 b0->sense = !b0->sense;
470 backpatch(b0, b1->head);
471 b0->sense = !b0->sense;
472 merge(b1, b0);
473 b1->head = b0->head;
474 }
475
476 void
477 gen_not(b)
478 struct block *b;
479 {
480 b->sense = !b->sense;
481 }
482
483 static struct block *
484 gen_cmp(offset, size, v)
485 u_int offset, size;
486 bpf_int32 v;
487 {
488 struct slist *s;
489 struct block *b;
490
491 s = new_stmt(BPF_LD|BPF_ABS|size);
492 s->s.k = offset;
493
494 b = new_block(JMP(BPF_JEQ));
495 b->stmts = s;
496 b->s.k = v;
497
498 return b;
499 }
500
501 static struct block *
502 gen_cmp_gt(offset, size, v)
503 u_int offset, size;
504 bpf_int32 v;
505 {
506 struct slist *s;
507 struct block *b;
508
509 s = new_stmt(BPF_LD|BPF_ABS|size);
510 s->s.k = offset;
511
512 b = new_block(JMP(BPF_JGT));
513 b->stmts = s;
514 b->s.k = v;
515
516 return b;
517 }
518
519 static struct block *
520 gen_mcmp(offset, size, v, mask)
521 u_int offset, size;
522 bpf_int32 v;
523 bpf_u_int32 mask;
524 {
525 struct block *b = gen_cmp(offset, size, v);
526 struct slist *s;
527
528 if (mask != 0xffffffff) {
529 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
530 s->s.k = mask;
531 b->stmts->next = s;
532 }
533 return b;
534 }
535
536 static struct block *
537 gen_bcmp(offset, size, v)
538 register u_int offset, size;
539 register const u_char *v;
540 {
541 register struct block *b, *tmp;
542
543 b = NULL;
544 while (size >= 4) {
545 register const u_char *p = &v[size - 4];
546 bpf_int32 w = ((bpf_int32)p[0] << 24) |
547 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3];
548
549 tmp = gen_cmp(offset + size - 4, BPF_W, w);
550 if (b != NULL)
551 gen_and(b, tmp);
552 b = tmp;
553 size -= 4;
554 }
555 while (size >= 2) {
556 register const u_char *p = &v[size - 2];
557 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1];
558
559 tmp = gen_cmp(offset + size - 2, BPF_H, w);
560 if (b != NULL)
561 gen_and(b, tmp);
562 b = tmp;
563 size -= 2;
564 }
565 if (size > 0) {
566 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]);
567 if (b != NULL)
568 gen_and(b, tmp);
569 b = tmp;
570 }
571 return b;
572 }
573
574 static struct block *
575 gen_ncmp(datasize, offset, mask, jtype, jvalue, reverse)
576 bpf_u_int32 datasize, offset, mask, jtype, jvalue;
577 int reverse;
578 {
579 struct slist *s;
580 struct block *b;
581
582 s = new_stmt(BPF_LD|datasize|BPF_ABS);
583 s->s.k = offset;
584
585 if (mask != 0xffffffff) {
586 s->next = new_stmt(BPF_ALU|BPF_AND|BPF_K);
587 s->next->s.k = mask;
588 }
589
590 b = new_block(JMP(jtype));
591 b->stmts = s;
592 b->s.k = jvalue;
593 if (reverse && (jtype == BPF_JGT || jtype == BPF_JGE))
594 gen_not(b);
595 return b;
596 }
597
598 /*
599 * Various code constructs need to know the layout of the data link
600 * layer. These variables give the necessary offsets.
601 */
602
603 /*
604 * This is the offset of the beginning of the MAC-layer header.
605 * It's usually 0, except for ATM LANE.
606 */
607 static u_int off_mac;
608
609 /*
610 * "off_linktype" is the offset to information in the link-layer header
611 * giving the packet type.
612 *
613 * For Ethernet, it's the offset of the Ethernet type field.
614 *
615 * For link-layer types that always use 802.2 headers, it's the
616 * offset of the LLC header.
617 *
618 * For PPP, it's the offset of the PPP type field.
619 *
620 * For Cisco HDLC, it's the offset of the CHDLC type field.
621 *
622 * For BSD loopback, it's the offset of the AF_ value.
623 *
624 * For Linux cooked sockets, it's the offset of the type field.
625 *
626 * It's set to -1 for no encapsulation, in which case, IP is assumed.
627 */
628 static u_int off_linktype;
629
630 /*
631 * TRUE if the link layer includes an ATM pseudo-header.
632 */
633 static int is_atm = 0;
634
635 /*
636 * TRUE if "lane" appeared in the filter; it causes us to generate
637 * code that assumes LANE rather than LLC-encapsulated traffic in SunATM.
638 */
639 static int is_lane = 0;
640
641 /*
642 * These are offsets for the ATM pseudo-header.
643 */
644 static u_int off_vpi;
645 static u_int off_vci;
646 static u_int off_proto;
647
648 /*
649 * This is the offset of the first byte after the ATM pseudo_header,
650 * or -1 if there is no ATM pseudo-header.
651 */
652 static u_int off_payload;
653
654 /*
655 * These are offsets to the beginning of the network-layer header.
656 *
657 * If the link layer never uses 802.2 LLC:
658 *
659 * "off_nl" and "off_nl_nosnap" are the same.
660 *
661 * If the link layer always uses 802.2 LLC:
662 *
663 * "off_nl" is the offset if there's a SNAP header following
664 * the 802.2 header;
665 *
666 * "off_nl_nosnap" is the offset if there's no SNAP header.
667 *
668 * If the link layer is Ethernet:
669 *
670 * "off_nl" is the offset if the packet is an Ethernet II packet
671 * (we assume no 802.3+802.2+SNAP);
672 *
673 * "off_nl_nosnap" is the offset if the packet is an 802.3 packet
674 * with an 802.2 header following it.
675 */
676 static u_int off_nl;
677 static u_int off_nl_nosnap;
678
679 static int linktype;
680
681 static void
682 init_linktype(p)
683 pcap_t *p;
684 {
685 linktype = pcap_datalink(p);
686 #ifdef PCAP_FDDIPAD
687 pcap_fddipad = p->fddipad;
688 #endif
689
690 /*
691 * Assume it's not raw ATM with a pseudo-header, for now.
692 */
693 off_mac = 0;
694 is_atm = 0;
695 is_lane = 0;
696 off_vpi = -1;
697 off_vci = -1;
698 off_proto = -1;
699 off_payload = -1;
700
701 orig_linktype = -1;
702 orig_nl = -1;
703 orig_nl_nosnap = -1;
704
705 switch (linktype) {
706
707 case DLT_ARCNET:
708 off_linktype = 2;
709 off_nl = 6; /* XXX in reality, variable! */
710 off_nl_nosnap = 6; /* no 802.2 LLC */
711 return;
712
713 case DLT_ARCNET_LINUX:
714 off_linktype = 4;
715 off_nl = 8; /* XXX in reality, variable! */
716 off_nl_nosnap = 8; /* no 802.2 LLC */
717 return;
718
719 case DLT_EN10MB:
720 off_linktype = 12;
721 off_nl = 14; /* Ethernet II */
722 off_nl_nosnap = 17; /* 802.3+802.2 */
723 return;
724
725 case DLT_SLIP:
726 /*
727 * SLIP doesn't have a link level type. The 16 byte
728 * header is hacked into our SLIP driver.
729 */
730 off_linktype = -1;
731 off_nl = 16;
732 off_nl_nosnap = 16; /* no 802.2 LLC */
733 return;
734
735 case DLT_SLIP_BSDOS:
736 /* XXX this may be the same as the DLT_PPP_BSDOS case */
737 off_linktype = -1;
738 /* XXX end */
739 off_nl = 24;
740 off_nl_nosnap = 24; /* no 802.2 LLC */
741 return;
742
743 case DLT_NULL:
744 case DLT_LOOP:
745 off_linktype = 0;
746 off_nl = 4;
747 off_nl_nosnap = 4; /* no 802.2 LLC */
748 return;
749
750 case DLT_ENC:
751 off_linktype = 0;
752 off_nl = 12;
753 off_nl_nosnap = 12; /* no 802.2 LLC */
754 return;
755
756 case DLT_PPP:
757 case DLT_PPP_WITHDIRECTION:
758 case DLT_C_HDLC: /* BSD/OS Cisco HDLC */
759 case DLT_PPP_SERIAL: /* NetBSD sync/async serial PPP */
760 off_linktype = 2;
761 off_nl = 4;
762 off_nl_nosnap = 4; /* no 802.2 LLC */
763 return;
764
765 case DLT_PPP_ETHER:
766 /*
767 * This does no include the Ethernet header, and
768 * only covers session state.
769 */
770 off_linktype = 6;
771 off_nl = 8;
772 off_nl_nosnap = 8; /* no 802.2 LLC */
773 return;
774
775 case DLT_PPP_BSDOS:
776 off_linktype = 5;
777 off_nl = 24;
778 off_nl_nosnap = 24; /* no 802.2 LLC */
779 return;
780
781 case DLT_FDDI:
782 /*
783 * FDDI doesn't really have a link-level type field.
784 * We set "off_linktype" to the offset of the LLC header.
785 *
786 * To check for Ethernet types, we assume that SSAP = SNAP
787 * is being used and pick out the encapsulated Ethernet type.
788 * XXX - should we generate code to check for SNAP?
789 */
790 off_linktype = 13;
791 #ifdef PCAP_FDDIPAD
792 off_linktype += pcap_fddipad;
793 #endif
794 off_nl = 21; /* FDDI+802.2+SNAP */
795 off_nl_nosnap = 16; /* FDDI+802.2 */
796 #ifdef PCAP_FDDIPAD
797 off_nl += pcap_fddipad;
798 off_nl_nosnap += pcap_fddipad;
799 #endif
800 return;
801
802 case DLT_IEEE802:
803 /*
804 * Token Ring doesn't really have a link-level type field.
805 * We set "off_linktype" to the offset of the LLC header.
806 *
807 * To check for Ethernet types, we assume that SSAP = SNAP
808 * is being used and pick out the encapsulated Ethernet type.
809 * XXX - should we generate code to check for SNAP?
810 *
811 * XXX - the header is actually variable-length.
812 * Some various Linux patched versions gave 38
813 * as "off_linktype" and 40 as "off_nl"; however,
814 * if a token ring packet has *no* routing
815 * information, i.e. is not source-routed, the correct
816 * values are 20 and 22, as they are in the vanilla code.
817 *
818 * A packet is source-routed iff the uppermost bit
819 * of the first byte of the source address, at an
820 * offset of 8, has the uppermost bit set. If the
821 * packet is source-routed, the total number of bytes
822 * of routing information is 2 plus bits 0x1F00 of
823 * the 16-bit value at an offset of 14 (shifted right
824 * 8 - figure out which byte that is).
825 */
826 off_linktype = 14;
827 off_nl = 22; /* Token Ring+802.2+SNAP */
828 off_nl_nosnap = 17; /* Token Ring+802.2 */
829 return;
830
831 case DLT_IEEE802_11:
832 /*
833 * 802.11 doesn't really have a link-level type field.
834 * We set "off_linktype" to the offset of the LLC header.
835 *
836 * To check for Ethernet types, we assume that SSAP = SNAP
837 * is being used and pick out the encapsulated Ethernet type.
838 * XXX - should we generate code to check for SNAP?
839 *
840 * XXX - the header is actually variable-length. We
841 * assume a 24-byte link-layer header, as appears in
842 * data frames in networks with no bridges. If the
843 * fromds and tods 802.11 header bits are both set,
844 * it's actually supposed to be 30 bytes.
845 */
846 off_linktype = 24;
847 off_nl = 32; /* 802.11+802.2+SNAP */
848 off_nl_nosnap = 27; /* 802.11+802.2 */
849 return;
850
851 case DLT_PRISM_HEADER:
852 /*
853 * Same as 802.11, but with an additional header before
854 * the 802.11 header, containing a bunch of additional
855 * information including radio-level information.
856 *
857 * The header is 144 bytes long.
858 *
859 * XXX - same variable-length header problem; at least
860 * the Prism header is fixed-length.
861 */
862 off_linktype = 144+24;
863 off_nl = 144+32; /* Prism+802.11+802.2+SNAP */
864 off_nl_nosnap = 144+27; /* Prism+802.11+802.2 */
865 return;
866
867 case DLT_IEEE802_11_RADIO_AVS:
868 /*
869 * Same as 802.11, but with an additional header before
870 * the 802.11 header, containing a bunch of additional
871 * information including radio-level information.
872 *
873 * The header is 64 bytes long, at least in its
874 * current incarnation.
875 *
876 * XXX - same variable-length header problem, only
877 * more so; this header is also variable-length,
878 * with the length being the 32-bit big-endian
879 * number at an offset of 4 from the beginning
880 * of the radio header.
881 */
882 off_linktype = 64+24;
883 off_nl = 64+32; /* Radio+802.11+802.2+SNAP */
884 off_nl_nosnap = 64+27; /* Radio+802.11+802.2 */
885 return;
886
887 case DLT_IEEE802_11_RADIO:
888 /*
889 * Same as 802.11, but with an additional header before
890 * the 802.11 header, containing a bunch of additional
891 * information including radio-level information.
892 *
893 * XXX - same variable-length header problem, only
894 * even *more* so; this header is also variable-length,
895 * with the length being the 16-bit number at an offset
896 * of 2 from the beginning of the radio header, and it's
897 * device-dependent (different devices might supply
898 * different amounts of information), so we can't even
899 * assume a fixed length for the current version of the
900 * header.
901 *
902 * Therefore, currently, only raw "link[N:M]" filtering is
903 * supported.
904 */
905 off_linktype = -1;
906 off_nl = -1;
907 off_nl_nosnap = -1;
908 return;
909
910 case DLT_ATM_RFC1483:
911 case DLT_ATM_CLIP: /* Linux ATM defines this */
912 /*
913 * assume routed, non-ISO PDUs
914 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00)
915 */
916 off_linktype = 0;
917 off_nl = 8; /* 802.2+SNAP */
918 off_nl_nosnap = 3; /* 802.2 */
919 return;
920
921 case DLT_SUNATM:
922 /*
923 * Full Frontal ATM; you get AALn PDUs with an ATM
924 * pseudo-header.
925 */
926 is_atm = 1;
927 off_vpi = SUNATM_VPI_POS;
928 off_vci = SUNATM_VCI_POS;
929 off_proto = PROTO_POS;
930 off_mac = -1; /* LLC-encapsulated, so no MAC-layer header */
931 off_payload = SUNATM_PKT_BEGIN_POS;
932 off_linktype = off_payload;
933 off_nl = off_payload+8; /* 802.2+SNAP */
934 off_nl_nosnap = off_payload+3; /* 802.2 */
935 return;
936
937 case DLT_RAW:
938 off_linktype = -1;
939 off_nl = 0;
940 off_nl_nosnap = 0; /* no 802.2 LLC */
941 return;
942
943 case DLT_LINUX_SLL: /* fake header for Linux cooked socket */
944 off_linktype = 14;
945 off_nl = 16;
946 off_nl_nosnap = 16; /* no 802.2 LLC */
947 return;
948
949 case DLT_LTALK:
950 /*
951 * LocalTalk does have a 1-byte type field in the LLAP header,
952 * but really it just indicates whether there is a "short" or
953 * "long" DDP packet following.
954 */
955 off_linktype = -1;
956 off_nl = 0;
957 off_nl_nosnap = 0; /* no 802.2 LLC */
958 return;
959
960 case DLT_IP_OVER_FC:
961 /*
962 * RFC 2625 IP-over-Fibre-Channel doesn't really have a
963 * link-level type field. We set "off_linktype" to the
964 * offset of the LLC header.
965 *
966 * To check for Ethernet types, we assume that SSAP = SNAP
967 * is being used and pick out the encapsulated Ethernet type.
968 * XXX - should we generate code to check for SNAP? RFC
969 * 2625 says SNAP should be used.
970 */
971 off_linktype = 16;
972 off_nl = 24; /* IPFC+802.2+SNAP */
973 off_nl_nosnap = 19; /* IPFC+802.2 */
974 return;
975
976 case DLT_FRELAY:
977 /*
978 * XXX - we should set this to handle SNAP-encapsulated
979 * frames (NLPID of 0x80).
980 */
981 off_linktype = -1;
982 off_nl = 0;
983 off_nl_nosnap = 0; /* no 802.2 LLC */
984 return;
985
986 case DLT_APPLE_IP_OVER_IEEE1394:
987 off_linktype = 16;
988 off_nl = 18;
989 off_nl_nosnap = 0; /* no 802.2 LLC */
990 return;
991
992 case DLT_LINUX_IRDA:
993 /*
994 * Currently, only raw "link[N:M]" filtering is supported.
995 */
996 off_linktype = -1;
997 off_nl = -1;
998 off_nl_nosnap = -1;
999 return;
1000
1001 case DLT_DOCSIS:
1002 /*
1003 * Currently, only raw "link[N:M]" filtering is supported.
1004 */
1005 off_linktype = -1;
1006 off_nl = -1;
1007 off_nl_nosnap = -1;
1008 return;
1009
1010 case DLT_SYMANTEC_FIREWALL:
1011 off_linktype = 6;
1012 off_nl = 44; /* Ethernet II */
1013 off_nl_nosnap = 44; /* XXX - what does it do with 802.3 packets? */
1014 return;
1015
1016 case DLT_PFLOG:
1017 off_linktype = 0;
1018 /* XXX read from header? */
1019 off_nl = PFLOG_HDRLEN;
1020 off_nl_nosnap = PFLOG_HDRLEN;
1021 return;
1022
1023 case DLT_JUNIPER_ATM1:
1024 off_linktype = 4; /* in reality variable between 4-8 */
1025 off_nl = 4;
1026 off_nl_nosnap = 14;
1027 return;
1028
1029 case DLT_JUNIPER_ATM2:
1030 off_linktype = 8; /* in reality variable between 8-12 */
1031 off_nl = 8;
1032 off_nl_nosnap = 18;
1033 return;
1034
1035 #ifdef DLT_PFSYNC
1036 case DLT_PFSYNC:
1037 off_linktype = -1;
1038 off_nl = 4;
1039 off_nl_nosnap = 4;
1040 return;
1041 #endif
1042 }
1043 bpf_error("unknown data link type %d", linktype);
1044 /* NOTREACHED */
1045 }
1046
1047 static struct block *
1048 gen_uncond(rsense)
1049 int rsense;
1050 {
1051 struct block *b;
1052 struct slist *s;
1053
1054 s = new_stmt(BPF_LD|BPF_IMM);
1055 s->s.k = !rsense;
1056 b = new_block(JMP(BPF_JEQ));
1057 b->stmts = s;
1058
1059 return b;
1060 }
1061
1062 static inline struct block *
1063 gen_true()
1064 {
1065 return gen_uncond(1);
1066 }
1067
1068 static inline struct block *
1069 gen_false()
1070 {
1071 return gen_uncond(0);
1072 }
1073
1074 /*
1075 * Byte-swap a 32-bit number.
1076 * ("htonl()" or "ntohl()" won't work - we want to byte-swap even on
1077 * big-endian platforms.)
1078 */
1079 #define SWAPLONG(y) \
1080 ((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff))
1081
1082 static struct block *
1083 gen_ether_linktype(proto)
1084 register int proto;
1085 {
1086 struct block *b0, *b1;
1087
1088 switch (proto) {
1089
1090 case LLCSAP_ISONS:
1091 /*
1092 * OSI protocols always use 802.2 encapsulation.
1093 * XXX - should we check both the DSAP and the
1094 * SSAP, like this, or should we check just the
1095 * DSAP?
1096 */
1097 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1098 gen_not(b0);
1099 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1100 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
1101 gen_and(b0, b1);
1102 return b1;
1103
1104 case LLCSAP_IP:
1105 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1106 gen_not(b0);
1107 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1108 ((LLCSAP_IP << 8) | LLCSAP_IP));
1109 gen_and(b0, b1);
1110 return b1;
1111
1112 case LLCSAP_NETBEUI:
1113 /*
1114 * NetBEUI always uses 802.2 encapsulation.
1115 * XXX - should we check both the DSAP and the
1116 * SSAP, like this, or should we check just the
1117 * DSAP?
1118 */
1119 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1120 gen_not(b0);
1121 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1122 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
1123 gen_and(b0, b1);
1124 return b1;
1125
1126 case LLCSAP_IPX:
1127 /*
1128 * Check for;
1129 *
1130 * Ethernet_II frames, which are Ethernet
1131 * frames with a frame type of ETHERTYPE_IPX;
1132 *
1133 * Ethernet_802.3 frames, which are 802.3
1134 * frames (i.e., the type/length field is
1135 * a length field, <= ETHERMTU, rather than
1136 * a type field) with the first two bytes
1137 * after the Ethernet/802.3 header being
1138 * 0xFFFF;
1139 *
1140 * Ethernet_802.2 frames, which are 802.3
1141 * frames with an 802.2 LLC header and
1142 * with the IPX LSAP as the DSAP in the LLC
1143 * header;
1144 *
1145 * Ethernet_SNAP frames, which are 802.3
1146 * frames with an LLC header and a SNAP
1147 * header and with an OUI of 0x000000
1148 * (encapsulated Ethernet) and a protocol
1149 * ID of ETHERTYPE_IPX in the SNAP header.
1150 *
1151 * XXX - should we generate the same code both
1152 * for tests for LLCSAP_IPX and for ETHERTYPE_IPX?
1153 */
1154
1155 /*
1156 * This generates code to check both for the
1157 * IPX LSAP (Ethernet_802.2) and for Ethernet_802.3.
1158 */
1159 b0 = gen_cmp(off_linktype + 2, BPF_B, (bpf_int32)LLCSAP_IPX);
1160 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)0xFFFF);
1161 gen_or(b0, b1);
1162
1163 /*
1164 * Now we add code to check for SNAP frames with
1165 * ETHERTYPE_IPX, i.e. Ethernet_SNAP.
1166 */
1167 b0 = gen_snap(0x000000, ETHERTYPE_IPX, 14);
1168 gen_or(b0, b1);
1169
1170 /*
1171 * Now we generate code to check for 802.3
1172 * frames in general.
1173 */
1174 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1175 gen_not(b0);
1176
1177 /*
1178 * Now add the check for 802.3 frames before the
1179 * check for Ethernet_802.2 and Ethernet_802.3,
1180 * as those checks should only be done on 802.3
1181 * frames, not on Ethernet frames.
1182 */
1183 gen_and(b0, b1);
1184
1185 /*
1186 * Now add the check for Ethernet_II frames, and
1187 * do that before checking for the other frame
1188 * types.
1189 */
1190 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)ETHERTYPE_IPX);
1191 gen_or(b0, b1);
1192 return b1;
1193
1194 case ETHERTYPE_ATALK:
1195 case ETHERTYPE_AARP:
1196 /*
1197 * EtherTalk (AppleTalk protocols on Ethernet link
1198 * layer) may use 802.2 encapsulation.
1199 */
1200
1201 /*
1202 * Check for 802.2 encapsulation (EtherTalk phase 2?);
1203 * we check for an Ethernet type field less than
1204 * 1500, which means it's an 802.3 length field.
1205 */
1206 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1207 gen_not(b0);
1208
1209 /*
1210 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1211 * SNAP packets with an organization code of
1212 * 0x080007 (Apple, for Appletalk) and a protocol
1213 * type of ETHERTYPE_ATALK (Appletalk).
1214 *
1215 * 802.2-encapsulated ETHERTYPE_AARP packets are
1216 * SNAP packets with an organization code of
1217 * 0x000000 (encapsulated Ethernet) and a protocol
1218 * type of ETHERTYPE_AARP (Appletalk ARP).
1219 */
1220 if (proto == ETHERTYPE_ATALK)
1221 b1 = gen_snap(0x080007, ETHERTYPE_ATALK, 14);
1222 else /* proto == ETHERTYPE_AARP */
1223 b1 = gen_snap(0x000000, ETHERTYPE_AARP, 14);
1224 gen_and(b0, b1);
1225
1226 /*
1227 * Check for Ethernet encapsulation (Ethertalk
1228 * phase 1?); we just check for the Ethernet
1229 * protocol type.
1230 */
1231 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1232
1233 gen_or(b0, b1);
1234 return b1;
1235
1236 default:
1237 if (proto <= ETHERMTU) {
1238 /*
1239 * This is an LLC SAP value, so the frames
1240 * that match would be 802.2 frames.
1241 * Check that the frame is an 802.2 frame
1242 * (i.e., that the length/type field is
1243 * a length field, <= ETHERMTU) and
1244 * then check the DSAP.
1245 */
1246 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1247 gen_not(b0);
1248 b1 = gen_cmp(off_linktype + 2, BPF_B, (bpf_int32)proto);
1249 gen_and(b0, b1);
1250 return b1;
1251 } else {
1252 /*
1253 * This is an Ethernet type, so compare
1254 * the length/type field with it (if
1255 * the frame is an 802.2 frame, the length
1256 * field will be <= ETHERMTU, and, as
1257 * "proto" is > ETHERMTU, this test
1258 * will fail and the frame won't match,
1259 * which is what we want).
1260 */
1261 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1262 }
1263 }
1264 }
1265
1266 static struct block *
1267 gen_linux_sll_linktype(proto)
1268 register int proto;
1269 {
1270 struct block *b0, *b1;
1271
1272 switch (proto) {
1273
1274 case LLCSAP_IP:
1275 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1276 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1277 ((LLCSAP_IP << 8) | LLCSAP_IP));
1278 gen_and(b0, b1);
1279 return b1;
1280
1281 case LLCSAP_ISONS:
1282 /*
1283 * OSI protocols always use 802.2 encapsulation.
1284 * XXX - should we check both the DSAP and the
1285 * SSAP, like this, or should we check just the
1286 * DSAP?
1287 */
1288 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1289 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1290 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
1291 gen_and(b0, b1);
1292 return b1;
1293
1294 case LLCSAP_NETBEUI:
1295 /*
1296 * NetBEUI always uses 802.2 encapsulation.
1297 * XXX - should we check both the DSAP and the
1298 * LSAP, like this, or should we check just the
1299 * DSAP?
1300 */
1301 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1302 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1303 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
1304 gen_and(b0, b1);
1305 return b1;
1306
1307 case LLCSAP_IPX:
1308 /*
1309 * Ethernet_II frames, which are Ethernet
1310 * frames with a frame type of ETHERTYPE_IPX;
1311 *
1312 * Ethernet_802.3 frames, which have a frame
1313 * type of LINUX_SLL_P_802_3;
1314 *
1315 * Ethernet_802.2 frames, which are 802.3
1316 * frames with an 802.2 LLC header (i.e, have
1317 * a frame type of LINUX_SLL_P_802_2) and
1318 * with the IPX LSAP as the DSAP in the LLC
1319 * header;
1320 *
1321 * Ethernet_SNAP frames, which are 802.3
1322 * frames with an LLC header and a SNAP
1323 * header and with an OUI of 0x000000
1324 * (encapsulated Ethernet) and a protocol
1325 * ID of ETHERTYPE_IPX in the SNAP header.
1326 *
1327 * First, do the checks on LINUX_SLL_P_802_2
1328 * frames; generate the check for either
1329 * Ethernet_802.2 or Ethernet_SNAP frames, and
1330 * then put a check for LINUX_SLL_P_802_2 frames
1331 * before it.
1332 */
1333 b0 = gen_cmp(off_linktype + 2, BPF_B,
1334 (bpf_int32)LLCSAP_IPX);
1335 b1 = gen_snap(0x000000, ETHERTYPE_IPX,
1336 off_linktype + 2);
1337 gen_or(b0, b1);
1338 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1339 gen_and(b0, b1);
1340
1341 /*
1342 * Now check for 802.3 frames and OR that with
1343 * the previous test.
1344 */
1345 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_3);
1346 gen_or(b0, b1);
1347
1348 /*
1349 * Now add the check for Ethernet_II frames, and
1350 * do that before checking for the other frame
1351 * types.
1352 */
1353 b0 = gen_cmp(off_linktype, BPF_H,
1354 (bpf_int32)ETHERTYPE_IPX);
1355 gen_or(b0, b1);
1356 return b1;
1357
1358 case ETHERTYPE_ATALK:
1359 case ETHERTYPE_AARP:
1360 /*
1361 * EtherTalk (AppleTalk protocols on Ethernet link
1362 * layer) may use 802.2 encapsulation.
1363 */
1364
1365 /*
1366 * Check for 802.2 encapsulation (EtherTalk phase 2?);
1367 * we check for the 802.2 protocol type in the
1368 * "Ethernet type" field.
1369 */
1370 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1371
1372 /*
1373 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1374 * SNAP packets with an organization code of
1375 * 0x080007 (Apple, for Appletalk) and a protocol
1376 * type of ETHERTYPE_ATALK (Appletalk).
1377 *
1378 * 802.2-encapsulated ETHERTYPE_AARP packets are
1379 * SNAP packets with an organization code of
1380 * 0x000000 (encapsulated Ethernet) and a protocol
1381 * type of ETHERTYPE_AARP (Appletalk ARP).
1382 */
1383 if (proto == ETHERTYPE_ATALK)
1384 b1 = gen_snap(0x080007, ETHERTYPE_ATALK,
1385 off_linktype + 2);
1386 else /* proto == ETHERTYPE_AARP */
1387 b1 = gen_snap(0x000000, ETHERTYPE_AARP,
1388 off_linktype + 2);
1389 gen_and(b0, b1);
1390
1391 /*
1392 * Check for Ethernet encapsulation (Ethertalk
1393 * phase 1?); we just check for the Ethernet
1394 * protocol type.
1395 */
1396 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1397
1398 gen_or(b0, b1);
1399 return b1;
1400
1401 default:
1402 if (proto <= ETHERMTU) {
1403 /*
1404 * This is an LLC SAP value, so the frames
1405 * that match would be 802.2 frames.
1406 * Check for the 802.2 protocol type
1407 * in the "Ethernet type" field, and
1408 * then check the DSAP.
1409 */
1410 b0 = gen_cmp(off_linktype, BPF_H,
1411 LINUX_SLL_P_802_2);
1412 b1 = gen_cmp(off_linktype + 2, BPF_B,
1413 (bpf_int32)proto);
1414 gen_and(b0, b1);
1415 return b1;
1416 } else {
1417 /*
1418 * This is an Ethernet type, so compare
1419 * the length/type field with it (if
1420 * the frame is an 802.2 frame, the length
1421 * field will be <= ETHERMTU, and, as
1422 * "proto" is > ETHERMTU, this test
1423 * will fail and the frame won't match,
1424 * which is what we want).
1425 */
1426 return gen_cmp(off_linktype, BPF_H,
1427 (bpf_int32)proto);
1428 }
1429 }
1430 }
1431
1432 static struct block *
1433 gen_linktype(proto)
1434 register int proto;
1435 {
1436 struct block *b0, *b1, *b2;
1437
1438 switch (linktype) {
1439
1440 case DLT_EN10MB:
1441 return gen_ether_linktype(proto);
1442 /*NOTREACHED*/
1443 break;
1444
1445 case DLT_C_HDLC:
1446 switch (proto) {
1447
1448 case LLCSAP_ISONS:
1449 proto = (proto << 8 | LLCSAP_ISONS);
1450 /* fall through */
1451
1452 default:
1453 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1454 /*NOTREACHED*/
1455 break;
1456 }
1457 break;
1458
1459 case DLT_IEEE802_11:
1460 case DLT_PRISM_HEADER:
1461 case DLT_IEEE802_11_RADIO:
1462 case DLT_FDDI:
1463 case DLT_IEEE802:
1464 case DLT_ATM_RFC1483:
1465 case DLT_ATM_CLIP:
1466 case DLT_IP_OVER_FC:
1467 return gen_llc(proto);
1468 /*NOTREACHED*/
1469 break;
1470
1471 case DLT_SUNATM:
1472 /*
1473 * If "is_lane" is set, check for a LANE-encapsulated
1474 * version of this protocol, otherwise check for an
1475 * LLC-encapsulated version of this protocol.
1476 *
1477 * We assume LANE means Ethernet, not Token Ring.
1478 */
1479 if (is_lane) {
1480 /*
1481 * Check that the packet doesn't begin with an
1482 * LE Control marker. (We've already generated
1483 * a test for LANE.)
1484 */
1485 b0 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
1486 gen_not(b0);
1487
1488 /*
1489 * Now generate an Ethernet test.
1490 */
1491 b1 = gen_ether_linktype(proto);
1492 gen_and(b0, b1);
1493 return b1;
1494 } else {
1495 /*
1496 * Check for LLC encapsulation and then check the
1497 * protocol.
1498 */
1499 b0 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0);
1500 b1 = gen_llc(proto);
1501 gen_and(b0, b1);
1502 return b1;
1503 }
1504
1505 case DLT_LINUX_SLL:
1506 return gen_linux_sll_linktype(proto);
1507 /*NOTREACHED*/
1508 break;
1509
1510 case DLT_SLIP:
1511 case DLT_SLIP_BSDOS:
1512 case DLT_RAW:
1513 /*
1514 * These types don't provide any type field; packets
1515 * are always IP.
1516 *
1517 * XXX - for IPv4, check for a version number of 4, and,
1518 * for IPv6, check for a version number of 6?
1519 */
1520 switch (proto) {
1521
1522 case ETHERTYPE_IP:
1523 #ifdef INET6
1524 case ETHERTYPE_IPV6:
1525 #endif
1526 return gen_true(); /* always true */
1527
1528 default:
1529 return gen_false(); /* always false */
1530 }
1531 /*NOTREACHED*/
1532 break;
1533
1534 case DLT_PPP:
1535 case DLT_PPP_WITHDIRECTION:
1536 case DLT_PPP_SERIAL:
1537 case DLT_PPP_ETHER:
1538 /*
1539 * We use Ethernet protocol types inside libpcap;
1540 * map them to the corresponding PPP protocol types.
1541 */
1542 switch (proto) {
1543
1544 case ETHERTYPE_IP:
1545 proto = PPP_IP;
1546 break;
1547
1548 #ifdef INET6
1549 case ETHERTYPE_IPV6:
1550 proto = PPP_IPV6;
1551 break;
1552 #endif
1553
1554 case ETHERTYPE_DN:
1555 proto = PPP_DECNET;
1556 break;
1557
1558 case ETHERTYPE_ATALK:
1559 proto = PPP_APPLE;
1560 break;
1561
1562 case ETHERTYPE_NS:
1563 proto = PPP_NS;
1564 break;
1565
1566 case LLCSAP_ISONS:
1567 proto = PPP_OSI;
1568 break;
1569
1570 case LLCSAP_8021D:
1571 /*
1572 * I'm assuming the "Bridging PDU"s that go
1573 * over PPP are Spanning Tree Protocol
1574 * Bridging PDUs.
1575 */
1576 proto = PPP_BRPDU;
1577 break;
1578
1579 case LLCSAP_IPX:
1580 proto = PPP_IPX;
1581 break;
1582 }
1583 break;
1584
1585 case DLT_PPP_BSDOS:
1586 /*
1587 * We use Ethernet protocol types inside libpcap;
1588 * map them to the corresponding PPP protocol types.
1589 */
1590 switch (proto) {
1591
1592 case ETHERTYPE_IP:
1593 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP);
1594 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC);
1595 gen_or(b0, b1);
1596 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC);
1597 gen_or(b1, b0);
1598 return b0;
1599
1600 #ifdef INET6
1601 case ETHERTYPE_IPV6:
1602 proto = PPP_IPV6;
1603 /* more to go? */
1604 break;
1605 #endif
1606
1607 case ETHERTYPE_DN:
1608 proto = PPP_DECNET;
1609 break;
1610
1611 case ETHERTYPE_ATALK:
1612 proto = PPP_APPLE;
1613 break;
1614
1615 case ETHERTYPE_NS:
1616 proto = PPP_NS;
1617 break;
1618
1619 case LLCSAP_ISONS:
1620 proto = PPP_OSI;
1621 break;
1622
1623 case LLCSAP_8021D:
1624 /*
1625 * I'm assuming the "Bridging PDU"s that go
1626 * over PPP are Spanning Tree Protocol
1627 * Bridging PDUs.
1628 */
1629 proto = PPP_BRPDU;
1630 break;
1631
1632 case LLCSAP_IPX:
1633 proto = PPP_IPX;
1634 break;
1635 }
1636 break;
1637
1638 case DLT_NULL:
1639 case DLT_LOOP:
1640 case DLT_ENC:
1641 /*
1642 * For DLT_NULL, the link-layer header is a 32-bit
1643 * word containing an AF_ value in *host* byte order,
1644 * and for DLT_ENC, the link-layer header begins
1645 * with a 32-bit work containing an AF_ value in
1646 * host byte order.
1647 *
1648 * In addition, if we're reading a saved capture file,
1649 * the host byte order in the capture may not be the
1650 * same as the host byte order on this machine.
1651 *
1652 * For DLT_LOOP, the link-layer header is a 32-bit
1653 * word containing an AF_ value in *network* byte order.
1654 *
1655 * XXX - AF_ values may, unfortunately, be platform-
1656 * dependent; for example, FreeBSD's AF_INET6 is 24
1657 * whilst NetBSD's and OpenBSD's is 26.
1658 *
1659 * This means that, when reading a capture file, just
1660 * checking for our AF_INET6 value won't work if the
1661 * capture file came from another OS.
1662 */
1663 switch (proto) {
1664
1665 case ETHERTYPE_IP:
1666 proto = AF_INET;
1667 break;
1668
1669 #ifdef INET6
1670 case ETHERTYPE_IPV6:
1671 proto = AF_INET6;
1672 break;
1673 #endif
1674
1675 default:
1676 /*
1677 * Not a type on which we support filtering.
1678 * XXX - support those that have AF_ values
1679 * #defined on this platform, at least?
1680 */
1681 return gen_false();
1682 }
1683
1684 if (linktype == DLT_NULL || linktype == DLT_ENC) {
1685 /*
1686 * The AF_ value is in host byte order, but
1687 * the BPF interpreter will convert it to
1688 * network byte order.
1689 *
1690 * If this is a save file, and it's from a
1691 * machine with the opposite byte order to
1692 * ours, we byte-swap the AF_ value.
1693 *
1694 * Then we run it through "htonl()", and
1695 * generate code to compare against the result.
1696 */
1697 if (bpf_pcap->sf.rfile != NULL &&
1698 bpf_pcap->sf.swapped)
1699 proto = SWAPLONG(proto);
1700 proto = htonl(proto);
1701 }
1702 return (gen_cmp(0, BPF_W, (bpf_int32)proto));
1703
1704 case DLT_PFLOG:
1705 /*
1706 * af field is host byte order in contrast to the rest of
1707 * the packet.
1708 */
1709 if (proto == ETHERTYPE_IP)
1710 return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B,
1711 (bpf_int32)AF_INET));
1712 #ifdef INET6
1713 else if (proto == ETHERTYPE_IPV6)
1714 return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B,
1715 (bpf_int32)AF_INET6));
1716 #endif /* INET6 */
1717 else
1718 return gen_false();
1719 /*NOTREACHED*/
1720 break;
1721
1722 case DLT_ARCNET:
1723 case DLT_ARCNET_LINUX:
1724 /*
1725 * XXX should we check for first fragment if the protocol
1726 * uses PHDS?
1727 */
1728 switch (proto) {
1729
1730 default:
1731 return gen_false();
1732
1733 #ifdef INET6
1734 case ETHERTYPE_IPV6:
1735 return (gen_cmp(off_linktype, BPF_B,
1736 (bpf_int32)ARCTYPE_INET6));
1737 #endif /* INET6 */
1738
1739 case ETHERTYPE_IP:
1740 b0 = gen_cmp(off_linktype, BPF_B,
1741 (bpf_int32)ARCTYPE_IP);
1742 b1 = gen_cmp(off_linktype, BPF_B,
1743 (bpf_int32)ARCTYPE_IP_OLD);
1744 gen_or(b0, b1);
1745 return (b1);
1746
1747 case ETHERTYPE_ARP:
1748 b0 = gen_cmp(off_linktype, BPF_B,
1749 (bpf_int32)ARCTYPE_ARP);
1750 b1 = gen_cmp(off_linktype, BPF_B,
1751 (bpf_int32)ARCTYPE_ARP_OLD);
1752 gen_or(b0, b1);
1753 return (b1);
1754
1755 case ETHERTYPE_REVARP:
1756 return (gen_cmp(off_linktype, BPF_B,
1757 (bpf_int32)ARCTYPE_REVARP));
1758
1759 case ETHERTYPE_ATALK:
1760 return (gen_cmp(off_linktype, BPF_B,
1761 (bpf_int32)ARCTYPE_ATALK));
1762 }
1763 /*NOTREACHED*/
1764 break;
1765
1766 case DLT_LTALK:
1767 switch (proto) {
1768 case ETHERTYPE_ATALK:
1769 return gen_true();
1770 default:
1771 return gen_false();
1772 }
1773 /*NOTREACHED*/
1774 break;
1775
1776 case DLT_FRELAY:
1777 /*
1778 * XXX - assumes a 2-byte Frame Relay header with
1779 * DLCI and flags. What if the address is longer?
1780 */
1781 switch (proto) {
1782
1783 case ETHERTYPE_IP:
1784 /*
1785 * Check for the special NLPID for IP.
1786 */
1787 return gen_cmp(2, BPF_H, (0x03<<8) | 0xcc);
1788
1789 #ifdef INET6
1790 case ETHERTYPE_IPV6:
1791 /*
1792 * Check for the special NLPID for IPv6.
1793 */
1794 return gen_cmp(2, BPF_H, (0x03<<8) | 0x8e);
1795 #endif
1796
1797 case LLCSAP_ISONS:
1798 /*
1799 * Check for several OSI protocols.
1800 *
1801 * Frame Relay packets typically have an OSI
1802 * NLPID at the beginning; we check for each
1803 * of them.
1804 *
1805 * What we check for is the NLPID and a frame
1806 * control field of UI, i.e. 0x03 followed
1807 * by the NLPID.
1808 */
1809 b0 = gen_cmp(2, BPF_H, (0x03<<8) | ISO8473_CLNP);
1810 b1 = gen_cmp(2, BPF_H, (0x03<<8) | ISO9542_ESIS);
1811 b2 = gen_cmp(2, BPF_H, (0x03<<8) | ISO10589_ISIS);
1812 gen_or(b1, b2);
1813 gen_or(b0, b2);
1814 return b2;
1815
1816 default:
1817 return gen_false();
1818 }
1819 /*NOTREACHED*/
1820 break;
1821
1822 case DLT_JUNIPER_ATM1:
1823 case DLT_JUNIPER_ATM2:
1824 /* just lets verify the magic number for now -
1825 * we may have up to 6 different encapsulations on the wire
1826 * and need a lot of heuristics to figure out that the payload
1827 * might be;
1828 *
1829 * FIXME encapsulation specific BPF_ filters
1830 */
1831 return gen_mcmp(0, BPF_W, 0x4d474300, 0xffffff00); /* compare the magic number */
1832
1833 case DLT_LINUX_IRDA:
1834 bpf_error("IrDA link-layer type filtering not implemented");
1835
1836 case DLT_DOCSIS:
1837 bpf_error("DOCSIS link-layer type filtering not implemented");
1838 }
1839
1840 /*
1841 * All the types that have no encapsulation should either be
1842 * handled as DLT_SLIP, DLT_SLIP_BSDOS, and DLT_RAW are, if
1843 * all packets are IP packets, or should be handled in some
1844 * special case, if none of them are (if some are and some
1845 * aren't, the lack of encapsulation is a problem, as we'd
1846 * have to find some other way of determining the packet type).
1847 *
1848 * Therefore, if "off_linktype" is -1, there's an error.
1849 */
1850 if (off_linktype == (u_int)-1)
1851 abort();
1852
1853 /*
1854 * Any type not handled above should always have an Ethernet
1855 * type at an offset of "off_linktype". (PPP is partially
1856 * handled above - the protocol type is mapped from the
1857 * Ethernet and LLC types we use internally to the corresponding
1858 * PPP type - but the PPP type is always specified by a value
1859 * at "off_linktype", so we don't have to do the code generation
1860 * above.)
1861 */
1862 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1863 }
1864
1865 /*
1866 * Check for an LLC SNAP packet with a given organization code and
1867 * protocol type; we check the entire contents of the 802.2 LLC and
1868 * snap headers, checking for DSAP and SSAP of SNAP and a control
1869 * field of 0x03 in the LLC header, and for the specified organization
1870 * code and protocol type in the SNAP header.
1871 */
1872 static struct block *
1873 gen_snap(orgcode, ptype, offset)
1874 bpf_u_int32 orgcode;
1875 bpf_u_int32 ptype;
1876 u_int offset;
1877 {
1878 u_char snapblock[8];
1879
1880 snapblock[0] = LLCSAP_SNAP; /* DSAP = SNAP */
1881 snapblock[1] = LLCSAP_SNAP; /* SSAP = SNAP */
1882 snapblock[2] = 0x03; /* control = UI */
1883 snapblock[3] = (orgcode >> 16); /* upper 8 bits of organization code */
1884 snapblock[4] = (orgcode >> 8); /* middle 8 bits of organization code */
1885 snapblock[5] = (orgcode >> 0); /* lower 8 bits of organization code */
1886 snapblock[6] = (ptype >> 8); /* upper 8 bits of protocol type */
1887 snapblock[7] = (ptype >> 0); /* lower 8 bits of protocol type */
1888 return gen_bcmp(offset, 8, snapblock);
1889 }
1890
1891 /*
1892 * Check for a given protocol value assuming an 802.2 LLC header.
1893 */
1894 static struct block *
1895 gen_llc(proto)
1896 int proto;
1897 {
1898 /*
1899 * XXX - handle token-ring variable-length header.
1900 */
1901 switch (proto) {
1902
1903 case LLCSAP_IP:
1904 return gen_cmp(off_linktype, BPF_H, (long)
1905 ((LLCSAP_IP << 8) | LLCSAP_IP));
1906
1907 case LLCSAP_ISONS:
1908 return gen_cmp(off_linktype, BPF_H, (long)
1909 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
1910
1911 case LLCSAP_NETBEUI:
1912 return gen_cmp(off_linktype, BPF_H, (long)
1913 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
1914
1915 case LLCSAP_IPX:
1916 /*
1917 * XXX - are there ever SNAP frames for IPX on
1918 * non-Ethernet 802.x networks?
1919 */
1920 return gen_cmp(off_linktype, BPF_B, (bpf_int32)LLCSAP_IPX);
1921
1922 case ETHERTYPE_ATALK:
1923 /*
1924 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1925 * SNAP packets with an organization code of
1926 * 0x080007 (Apple, for Appletalk) and a protocol
1927 * type of ETHERTYPE_ATALK (Appletalk).
1928 *
1929 * XXX - check for an organization code of
1930 * encapsulated Ethernet as well?
1931 */
1932 return gen_snap(0x080007, ETHERTYPE_ATALK, off_linktype);
1933
1934 default:
1935 /*
1936 * XXX - we don't have to check for IPX 802.3
1937 * here, but should we check for the IPX Ethertype?
1938 */
1939 if (proto <= ETHERMTU) {
1940 /*
1941 * This is an LLC SAP value, so check
1942 * the DSAP.
1943 */
1944 return gen_cmp(off_linktype, BPF_B, (bpf_int32)proto);
1945 } else {
1946 /*
1947 * This is an Ethernet type; we assume that it's
1948 * unlikely that it'll appear in the right place
1949 * at random, and therefore check only the
1950 * location that would hold the Ethernet type
1951 * in a SNAP frame with an organization code of
1952 * 0x000000 (encapsulated Ethernet).
1953 *
1954 * XXX - if we were to check for the SNAP DSAP and
1955 * LSAP, as per XXX, and were also to check for an
1956 * organization code of 0x000000 (encapsulated
1957 * Ethernet), we'd do
1958 *
1959 * return gen_snap(0x000000, proto,
1960 * off_linktype);
1961 *
1962 * here; for now, we don't, as per the above.
1963 * I don't know whether it's worth the extra CPU
1964 * time to do the right check or not.
1965 */
1966 return gen_cmp(off_linktype+6, BPF_H, (bpf_int32)proto);
1967 }
1968 }
1969 }
1970
1971 static struct block *
1972 gen_hostop(addr, mask, dir, proto, src_off, dst_off)
1973 bpf_u_int32 addr;
1974 bpf_u_int32 mask;
1975 int dir, proto;
1976 u_int src_off, dst_off;
1977 {
1978 struct block *b0, *b1;
1979 u_int offset;
1980
1981 switch (dir) {
1982
1983 case Q_SRC:
1984 offset = src_off;
1985 break;
1986
1987 case Q_DST:
1988 offset = dst_off;
1989 break;
1990
1991 case Q_AND:
1992 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
1993 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
1994 gen_and(b0, b1);
1995 return b1;
1996
1997 case Q_OR:
1998 case Q_DEFAULT:
1999 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
2000 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
2001 gen_or(b0, b1);
2002 return b1;
2003
2004 default:
2005 abort();
2006 }
2007 b0 = gen_linktype(proto);
2008 b1 = gen_mcmp(offset, BPF_W, (bpf_int32)addr, mask);
2009 gen_and(b0, b1);
2010 return b1;
2011 }
2012
2013 #ifdef INET6
2014 static struct block *
2015 gen_hostop6(addr, mask, dir, proto, src_off, dst_off)
2016 struct in6_addr *addr;
2017 struct in6_addr *mask;
2018 int dir, proto;
2019 u_int src_off, dst_off;
2020 {
2021 struct block *b0, *b1;
2022 u_int offset;
2023 u_int32_t *a, *m;
2024
2025 switch (dir) {
2026
2027 case Q_SRC:
2028 offset = src_off;
2029 break;
2030
2031 case Q_DST:
2032 offset = dst_off;
2033 break;
2034
2035 case Q_AND:
2036 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
2037 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
2038 gen_and(b0, b1);
2039 return b1;
2040
2041 case Q_OR:
2042 case Q_DEFAULT:
2043 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
2044 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
2045 gen_or(b0, b1);
2046 return b1;
2047
2048 default:
2049 abort();
2050 }
2051 /* this order is important */
2052 a = (u_int32_t *)addr;
2053 m = (u_int32_t *)mask;
2054 b1 = gen_mcmp(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3]));
2055 b0 = gen_mcmp(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2]));
2056 gen_and(b0, b1);
2057 b0 = gen_mcmp(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1]));
2058 gen_and(b0, b1);
2059 b0 = gen_mcmp(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0]));
2060 gen_and(b0, b1);
2061 b0 = gen_linktype(proto);
2062 gen_and(b0, b1);
2063 return b1;
2064 }
2065 #endif /*INET6*/
2066
2067 static struct block *
2068 gen_ehostop(eaddr, dir)
2069 register const u_char *eaddr;
2070 register int dir;
2071 {
2072 register struct block *b0, *b1;
2073
2074 switch (dir) {
2075 case Q_SRC:
2076 return gen_bcmp(off_mac + 6, 6, eaddr);
2077
2078 case Q_DST:
2079 return gen_bcmp(off_mac + 0, 6, eaddr);
2080
2081 case Q_AND:
2082 b0 = gen_ehostop(eaddr, Q_SRC);
2083 b1 = gen_ehostop(eaddr, Q_DST);
2084 gen_and(b0, b1);
2085 return b1;
2086
2087 case Q_DEFAULT:
2088 case Q_OR:
2089 b0 = gen_ehostop(eaddr, Q_SRC);
2090 b1 = gen_ehostop(eaddr, Q_DST);
2091 gen_or(b0, b1);
2092 return b1;
2093 }
2094 abort();
2095 /* NOTREACHED */
2096 }
2097
2098 /*
2099 * Like gen_ehostop, but for DLT_FDDI
2100 */
2101 static struct block *
2102 gen_fhostop(eaddr, dir)
2103 register const u_char *eaddr;
2104 register int dir;
2105 {
2106 struct block *b0, *b1;
2107
2108 switch (dir) {
2109 case Q_SRC:
2110 #ifdef PCAP_FDDIPAD
2111 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr);
2112 #else
2113 return gen_bcmp(6 + 1, 6, eaddr);
2114 #endif
2115
2116 case Q_DST:
2117 #ifdef PCAP_FDDIPAD
2118 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr);
2119 #else
2120 return gen_bcmp(0 + 1, 6, eaddr);
2121 #endif
2122
2123 case Q_AND:
2124 b0 = gen_fhostop(eaddr, Q_SRC);
2125 b1 = gen_fhostop(eaddr, Q_DST);
2126 gen_and(b0, b1);
2127 return b1;
2128
2129 case Q_DEFAULT:
2130 case Q_OR:
2131 b0 = gen_fhostop(eaddr, Q_SRC);
2132 b1 = gen_fhostop(eaddr, Q_DST);
2133 gen_or(b0, b1);
2134 return b1;
2135 }
2136 abort();
2137 /* NOTREACHED */
2138 }
2139
2140 /*
2141 * Like gen_ehostop, but for DLT_IEEE802 (Token Ring)
2142 */
2143 static struct block *
2144 gen_thostop(eaddr, dir)
2145 register const u_char *eaddr;
2146 register int dir;
2147 {
2148 register struct block *b0, *b1;
2149
2150 switch (dir) {
2151 case Q_SRC:
2152 return gen_bcmp(8, 6, eaddr);
2153
2154 case Q_DST:
2155 return gen_bcmp(2, 6, eaddr);
2156
2157 case Q_AND:
2158 b0 = gen_thostop(eaddr, Q_SRC);
2159 b1 = gen_thostop(eaddr, Q_DST);
2160 gen_and(b0, b1);
2161 return b1;
2162
2163 case Q_DEFAULT:
2164 case Q_OR:
2165 b0 = gen_thostop(eaddr, Q_SRC);
2166 b1 = gen_thostop(eaddr, Q_DST);
2167 gen_or(b0, b1);
2168 return b1;
2169 }
2170 abort();
2171 /* NOTREACHED */
2172 }
2173
2174 /*
2175 * Like gen_ehostop, but for DLT_IEEE802_11 (802.11 wireless LAN)
2176 */
2177 static struct block *
2178 gen_wlanhostop(eaddr, dir)
2179 register const u_char *eaddr;
2180 register int dir;
2181 {
2182 register struct block *b0, *b1, *b2;
2183 register struct slist *s;
2184
2185 switch (dir) {
2186 case Q_SRC:
2187 /*
2188 * Oh, yuk.
2189 *
2190 * For control frames, there is no SA.
2191 *
2192 * For management frames, SA is at an
2193 * offset of 10 from the beginning of
2194 * the packet.
2195 *
2196 * For data frames, SA is at an offset
2197 * of 10 from the beginning of the packet
2198 * if From DS is clear, at an offset of
2199 * 16 from the beginning of the packet
2200 * if From DS is set and To DS is clear,
2201 * and an offset of 24 from the beginning
2202 * of the packet if From DS is set and To DS
2203 * is set.
2204 */
2205
2206 /*
2207 * Generate the tests to be done for data frames
2208 * with From DS set.
2209 *
2210 * First, check for To DS set, i.e. check "link[1] & 0x01".
2211 */
2212 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2213 s->s.k = 1;
2214 b1 = new_block(JMP(BPF_JSET));
2215 b1->s.k = 0x01; /* To DS */
2216 b1->stmts = s;
2217
2218 /*
2219 * If To DS is set, the SA is at 24.
2220 */
2221 b0 = gen_bcmp(24, 6, eaddr);
2222 gen_and(b1, b0);
2223
2224 /*
2225 * Now, check for To DS not set, i.e. check
2226 * "!(link[1] & 0x01)".
2227 */
2228 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2229 s->s.k = 1;
2230 b2 = new_block(JMP(BPF_JSET));
2231 b2->s.k = 0x01; /* To DS */
2232 b2->stmts = s;
2233 gen_not(b2);
2234
2235 /*
2236 * If To DS is not set, the SA is at 16.
2237 */
2238 b1 = gen_bcmp(16, 6, eaddr);
2239 gen_and(b2, b1);
2240
2241 /*
2242 * Now OR together the last two checks. That gives
2243 * the complete set of checks for data frames with
2244 * From DS set.
2245 */
2246 gen_or(b1, b0);
2247
2248 /*
2249 * Now check for From DS being set, and AND that with
2250 * the ORed-together checks.
2251 */
2252 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2253 s->s.k = 1;
2254 b1 = new_block(JMP(BPF_JSET));
2255 b1->s.k = 0x02; /* From DS */
2256 b1->stmts = s;
2257 gen_and(b1, b0);
2258
2259 /*
2260 * Now check for data frames with From DS not set.
2261 */
2262 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2263 s->s.k = 1;
2264 b2 = new_block(JMP(BPF_JSET));
2265 b2->s.k = 0x02; /* From DS */
2266 b2->stmts = s;
2267 gen_not(b2);
2268
2269 /*
2270 * If From DS isn't set, the SA is at 10.
2271 */
2272 b1 = gen_bcmp(10, 6, eaddr);
2273 gen_and(b2, b1);
2274
2275 /*
2276 * Now OR together the checks for data frames with
2277 * From DS not set and for data frames with From DS
2278 * set; that gives the checks done for data frames.
2279 */
2280 gen_or(b1, b0);
2281
2282 /*
2283 * Now check for a data frame.
2284 * I.e, check "link[0] & 0x08".
2285 */
2286 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2287 s->s.k = 0;
2288 b1 = new_block(JMP(BPF_JSET));
2289 b1->s.k = 0x08;
2290 b1->stmts = s;
2291
2292 /*
2293 * AND that with the checks done for data frames.
2294 */
2295 gen_and(b1, b0);
2296
2297 /*
2298 * If the high-order bit of the type value is 0, this
2299 * is a management frame.
2300 * I.e, check "!(link[0] & 0x08)".
2301 */
2302 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2303 s->s.k = 0;
2304 b2 = new_block(JMP(BPF_JSET));
2305 b2->s.k = 0x08;
2306 b2->stmts = s;
2307 gen_not(b2);
2308
2309 /*
2310 * For management frames, the SA is at 10.
2311 */
2312 b1 = gen_bcmp(10, 6, eaddr);
2313 gen_and(b2, b1);
2314
2315 /*
2316 * OR that with the checks done for data frames.
2317 * That gives the checks done for management and
2318 * data frames.
2319 */
2320 gen_or(b1, b0);
2321
2322 /*
2323 * If the low-order bit of the type value is 1,
2324 * this is either a control frame or a frame
2325 * with a reserved type, and thus not a
2326 * frame with an SA.
2327 *
2328 * I.e., check "!(link[0] & 0x04)".
2329 */
2330 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2331 s->s.k = 0;
2332 b1 = new_block(JMP(BPF_JSET));
2333 b1->s.k = 0x04;
2334 b1->stmts = s;
2335 gen_not(b1);
2336
2337 /*
2338 * AND that with the checks for data and management
2339 * frames.
2340 */
2341 gen_and(b1, b0);
2342 return b0;
2343
2344 case Q_DST:
2345 /*
2346 * Oh, yuk.
2347 *
2348 * For control frames, there is no DA.
2349 *
2350 * For management frames, DA is at an
2351 * offset of 4 from the beginning of
2352 * the packet.
2353 *
2354 * For data frames, DA is at an offset
2355 * of 4 from the beginning of the packet
2356 * if To DS is clear and at an offset of
2357 * 16 from the beginning of the packet
2358 * if To DS is set.
2359 */
2360
2361 /*
2362 * Generate the tests to be done for data frames.
2363 *
2364 * First, check for To DS set, i.e. "link[1] & 0x01".
2365 */
2366 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2367 s->s.k = 1;
2368 b1 = new_block(JMP(BPF_JSET));
2369 b1->s.k = 0x01; /* To DS */
2370 b1->stmts = s;
2371
2372 /*
2373 * If To DS is set, the DA is at 16.
2374 */
2375 b0 = gen_bcmp(16, 6, eaddr);
2376 gen_and(b1, b0);
2377
2378 /*
2379 * Now, check for To DS not set, i.e. check
2380 * "!(link[1] & 0x01)".
2381 */
2382 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2383 s->s.k = 1;
2384 b2 = new_block(JMP(BPF_JSET));
2385 b2->s.k = 0x01; /* To DS */
2386 b2->stmts = s;
2387 gen_not(b2);
2388
2389 /*
2390 * If To DS is not set, the DA is at 4.
2391 */
2392 b1 = gen_bcmp(4, 6, eaddr);
2393 gen_and(b2, b1);
2394
2395 /*
2396 * Now OR together the last two checks. That gives
2397 * the complete set of checks for data frames.
2398 */
2399 gen_or(b1, b0);
2400
2401 /*
2402 * Now check for a data frame.
2403 * I.e, check "link[0] & 0x08".
2404 */
2405 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2406 s->s.k = 0;
2407 b1 = new_block(JMP(BPF_JSET));
2408 b1->s.k = 0x08;
2409 b1->stmts = s;
2410
2411 /*
2412 * AND that with the checks done for data frames.
2413 */
2414 gen_and(b1, b0);
2415
2416 /*
2417 * If the high-order bit of the type value is 0, this
2418 * is a management frame.
2419 * I.e, check "!(link[0] & 0x08)".
2420 */
2421 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2422 s->s.k = 0;
2423 b2 = new_block(JMP(BPF_JSET));
2424 b2->s.k = 0x08;
2425 b2->stmts = s;
2426 gen_not(b2);
2427
2428 /*
2429 * For management frames, the DA is at 4.
2430 */
2431 b1 = gen_bcmp(4, 6, eaddr);
2432 gen_and(b2, b1);
2433
2434 /*
2435 * OR that with the checks done for data frames.
2436 * That gives the checks done for management and
2437 * data frames.
2438 */
2439 gen_or(b1, b0);
2440
2441 /*
2442 * If the low-order bit of the type value is 1,
2443 * this is either a control frame or a frame
2444 * with a reserved type, and thus not a
2445 * frame with an SA.
2446 *
2447 * I.e., check "!(link[0] & 0x04)".
2448 */
2449 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2450 s->s.k = 0;
2451 b1 = new_block(JMP(BPF_JSET));
2452 b1->s.k = 0x04;
2453 b1->stmts = s;
2454 gen_not(b1);
2455
2456 /*
2457 * AND that with the checks for data and management
2458 * frames.
2459 */
2460 gen_and(b1, b0);
2461 return b0;
2462
2463 case Q_AND:
2464 b0 = gen_wlanhostop(eaddr, Q_SRC);
2465 b1 = gen_wlanhostop(eaddr, Q_DST);
2466 gen_and(b0, b1);
2467 return b1;
2468
2469 case Q_DEFAULT:
2470 case Q_OR:
2471 b0 = gen_wlanhostop(eaddr, Q_SRC);
2472 b1 = gen_wlanhostop(eaddr, Q_DST);
2473 gen_or(b0, b1);
2474 return b1;
2475 }
2476 abort();
2477 /* NOTREACHED */
2478 }
2479
2480 /*
2481 * Like gen_ehostop, but for RFC 2625 IP-over-Fibre-Channel.
2482 * (We assume that the addresses are IEEE 48-bit MAC addresses,
2483 * as the RFC states.)
2484 */
2485 static struct block *
2486 gen_ipfchostop(eaddr, dir)
2487 register const u_char *eaddr;
2488 register int dir;
2489 {
2490 register struct block *b0, *b1;
2491
2492 switch (dir) {
2493 case Q_SRC:
2494 return gen_bcmp(10, 6, eaddr);
2495
2496 case Q_DST:
2497 return gen_bcmp(2, 6, eaddr);
2498
2499 case Q_AND:
2500 b0 = gen_ipfchostop(eaddr, Q_SRC);
2501 b1 = gen_ipfchostop(eaddr, Q_DST);
2502 gen_and(b0, b1);
2503 return b1;
2504
2505 case Q_DEFAULT:
2506 case Q_OR:
2507 b0 = gen_ipfchostop(eaddr, Q_SRC);
2508 b1 = gen_ipfchostop(eaddr, Q_DST);
2509 gen_or(b0, b1);
2510 return b1;
2511 }
2512 abort();
2513 /* NOTREACHED */
2514 }
2515
2516 /*
2517 * This is quite tricky because there may be pad bytes in front of the
2518 * DECNET header, and then there are two possible data packet formats that
2519 * carry both src and dst addresses, plus 5 packet types in a format that
2520 * carries only the src node, plus 2 types that use a different format and
2521 * also carry just the src node.
2522 *
2523 * Yuck.
2524 *
2525 * Instead of doing those all right, we just look for data packets with
2526 * 0 or 1 bytes of padding. If you want to look at other packets, that
2527 * will require a lot more hacking.
2528 *
2529 * To add support for filtering on DECNET "areas" (network numbers)
2530 * one would want to add a "mask" argument to this routine. That would
2531 * make the filter even more inefficient, although one could be clever
2532 * and not generate masking instructions if the mask is 0xFFFF.
2533 */
2534 static struct block *
2535 gen_dnhostop(addr, dir, base_off)
2536 bpf_u_int32 addr;
2537 int dir;
2538 u_int base_off;
2539 {
2540 struct block *b0, *b1, *b2, *tmp;
2541 u_int offset_lh; /* offset if long header is received */
2542 u_int offset_sh; /* offset if short header is received */
2543
2544 switch (dir) {
2545
2546 case Q_DST:
2547 offset_sh = 1; /* follows flags */
2548 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */
2549 break;
2550
2551 case Q_SRC:
2552 offset_sh = 3; /* follows flags, dstnode */
2553 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */
2554 break;
2555
2556 case Q_AND:
2557 /* Inefficient because we do our Calvinball dance twice */
2558 b0 = gen_dnhostop(addr, Q_SRC, base_off);
2559 b1 = gen_dnhostop(addr, Q_DST, base_off);
2560 gen_and(b0, b1);
2561 return b1;
2562
2563 case Q_OR:
2564 case Q_DEFAULT:
2565 /* Inefficient because we do our Calvinball dance twice */
2566 b0 = gen_dnhostop(addr, Q_SRC, base_off);
2567 b1 = gen_dnhostop(addr, Q_DST, base_off);
2568 gen_or(b0, b1);
2569 return b1;
2570
2571 case Q_ISO:
2572 bpf_error("ISO host filtering not implemented");
2573
2574 default:
2575 abort();
2576 }
2577 b0 = gen_linktype(ETHERTYPE_DN);
2578 /* Check for pad = 1, long header case */
2579 tmp = gen_mcmp(base_off + 2, BPF_H,
2580 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF));
2581 b1 = gen_cmp(base_off + 2 + 1 + offset_lh,
2582 BPF_H, (bpf_int32)ntohs(addr));
2583 gen_and(tmp, b1);
2584 /* Check for pad = 0, long header case */
2585 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7);
2586 b2 = gen_cmp(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr));
2587 gen_and(tmp, b2);
2588 gen_or(b2, b1);
2589 /* Check for pad = 1, short header case */
2590 tmp = gen_mcmp(base_off + 2, BPF_H,
2591 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF));
2592 b2 = gen_cmp(base_off + 2 + 1 + offset_sh,
2593 BPF_H, (bpf_int32)ntohs(addr));
2594 gen_and(tmp, b2);
2595 gen_or(b2, b1);
2596 /* Check for pad = 0, short header case */
2597 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7);
2598 b2 = gen_cmp(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr));
2599 gen_and(tmp, b2);
2600 gen_or(b2, b1);
2601
2602 /* Combine with test for linktype */
2603 gen_and(b0, b1);
2604 return b1;
2605 }
2606
2607 static struct block *
2608 gen_host(addr, mask, proto, dir)
2609 bpf_u_int32 addr;
2610 bpf_u_int32 mask;
2611 int proto;
2612 int dir;
2613 {
2614 struct block *b0, *b1;
2615
2616 switch (proto) {
2617
2618 case Q_DEFAULT:
2619 b0 = gen_host(addr, mask, Q_IP, dir);
2620 if (off_linktype != (u_int)-1) {
2621 b1 = gen_host(addr, mask, Q_ARP, dir);
2622 gen_or(b0, b1);
2623 b0 = gen_host(addr, mask, Q_RARP, dir);
2624 gen_or(b1, b0);
2625 }
2626 return b0;
2627
2628 case Q_IP:
2629 return gen_hostop(addr, mask, dir, ETHERTYPE_IP,
2630 off_nl + 12, off_nl + 16);
2631
2632 case Q_RARP:
2633 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP,
2634 off_nl + 14, off_nl + 24);
2635
2636 case Q_ARP:
2637 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP,
2638 off_nl + 14, off_nl + 24);
2639
2640 case Q_TCP:
2641 bpf_error("'tcp' modifier applied to host");
2642
2643 case Q_SCTP:
2644 bpf_error("'sctp' modifier applied to host");
2645
2646 case Q_UDP:
2647 bpf_error("'udp' modifier applied to host");
2648
2649 case Q_ICMP:
2650 bpf_error("'icmp' modifier applied to host");
2651
2652 case Q_IGMP:
2653 bpf_error("'igmp' modifier applied to host");
2654
2655 case Q_IGRP:
2656 bpf_error("'igrp' modifier applied to host");
2657
2658 case Q_PIM:
2659 bpf_error("'pim' modifier applied to host");
2660
2661 case Q_VRRP:
2662 bpf_error("'vrrp' modifier applied to host");
2663
2664 case Q_ATALK:
2665 bpf_error("ATALK host filtering not implemented");
2666
2667 case Q_AARP:
2668 bpf_error("AARP host filtering not implemented");
2669
2670 case Q_DECNET:
2671 return gen_dnhostop(addr, dir, off_nl);
2672
2673 case Q_SCA:
2674 bpf_error("SCA host filtering not implemented");
2675
2676 case Q_LAT:
2677 bpf_error("LAT host filtering not implemented");
2678
2679 case Q_MOPDL:
2680 bpf_error("MOPDL host filtering not implemented");
2681
2682 case Q_MOPRC:
2683 bpf_error("MOPRC host filtering not implemented");
2684
2685 #ifdef INET6
2686 case Q_IPV6:
2687 bpf_error("'ip6' modifier applied to ip host");
2688
2689 case Q_ICMPV6:
2690 bpf_error("'icmp6' modifier applied to host");
2691 #endif /* INET6 */
2692
2693 case Q_AH:
2694 bpf_error("'ah' modifier applied to host");
2695
2696 case Q_ESP:
2697 bpf_error("'esp' modifier applied to host");
2698
2699 case Q_ISO:
2700 bpf_error("ISO host filtering not implemented");
2701
2702 case Q_ESIS:
2703 bpf_error("'esis' modifier applied to host");
2704
2705 case Q_ISIS:
2706 bpf_error("'isis' modifier applied to host");
2707
2708 case Q_CLNP:
2709 bpf_error("'clnp' modifier applied to host");
2710
2711 case Q_STP:
2712 bpf_error("'stp' modifier applied to host");
2713
2714 case Q_IPX:
2715 bpf_error("IPX host filtering not implemented");
2716
2717 case Q_NETBEUI:
2718 bpf_error("'netbeui' modifier applied to host");
2719
2720 default:
2721 abort();
2722 }
2723 /* NOTREACHED */
2724 }
2725
2726 #ifdef INET6
2727 static struct block *
2728 gen_host6(addr, mask, proto, dir)
2729 struct in6_addr *addr;
2730 struct in6_addr *mask;
2731 int proto;
2732 int dir;
2733 {
2734 switch (proto) {
2735
2736 case Q_DEFAULT:
2737 return gen_host6(addr, mask, Q_IPV6, dir);
2738
2739 case Q_IP:
2740 bpf_error("'ip' modifier applied to ip6 host");
2741
2742 case Q_RARP:
2743 bpf_error("'rarp' modifier applied to ip6 host");
2744
2745 case Q_ARP:
2746 bpf_error("'arp' modifier applied to ip6 host");
2747
2748 case Q_SCTP:
2749 bpf_error("'sctp' modifier applied to host");
2750
2751 case Q_TCP:
2752 bpf_error("'tcp' modifier applied to host");
2753
2754 case Q_UDP:
2755 bpf_error("'udp' modifier applied to host");
2756
2757 case Q_ICMP:
2758 bpf_error("'icmp' modifier applied to host");
2759
2760 case Q_IGMP:
2761 bpf_error("'igmp' modifier applied to host");
2762
2763 case Q_IGRP:
2764 bpf_error("'igrp' modifier applied to host");
2765
2766 case Q_PIM:
2767 bpf_error("'pim' modifier applied to host");
2768
2769 case Q_VRRP:
2770 bpf_error("'vrrp' modifier applied to host");
2771
2772 case Q_ATALK:
2773 bpf_error("ATALK host filtering not implemented");
2774
2775 case Q_AARP:
2776 bpf_error("AARP host filtering not implemented");
2777
2778 case Q_DECNET:
2779 bpf_error("'decnet' modifier applied to ip6 host");
2780
2781 case Q_SCA:
2782 bpf_error("SCA host filtering not implemented");
2783
2784 case Q_LAT:
2785 bpf_error("LAT host filtering not implemented");
2786
2787 case Q_MOPDL:
2788 bpf_error("MOPDL host filtering not implemented");
2789
2790 case Q_MOPRC:
2791 bpf_error("MOPRC host filtering not implemented");
2792
2793 case Q_IPV6:
2794 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6,
2795 off_nl + 8, off_nl + 24);
2796
2797 case Q_ICMPV6:
2798 bpf_error("'icmp6' modifier applied to host");
2799
2800 case Q_AH:
2801 bpf_error("'ah' modifier applied to host");
2802
2803 case Q_ESP:
2804 bpf_error("'esp' modifier applied to host");
2805
2806 case Q_ISO:
2807 bpf_error("ISO host filtering not implemented");
2808
2809 case Q_ESIS:
2810 bpf_error("'esis' modifier applied to host");
2811
2812 case Q_ISIS:
2813 bpf_error("'isis' modifier applied to host");
2814
2815 case Q_CLNP:
2816 bpf_error("'clnp' modifier applied to host");
2817
2818 case Q_STP:
2819 bpf_error("'stp' modifier applied to host");
2820
2821 case Q_IPX:
2822 bpf_error("IPX host filtering not implemented");
2823
2824 case Q_NETBEUI:
2825 bpf_error("'netbeui' modifier applied to host");
2826
2827 default:
2828 abort();
2829 }
2830 /* NOTREACHED */
2831 }
2832 #endif /*INET6*/
2833
2834 #ifndef INET6
2835 static struct block *
2836 gen_gateway(eaddr, alist, proto, dir)
2837 const u_char *eaddr;
2838 bpf_u_int32 **alist;
2839 int proto;
2840 int dir;
2841 {
2842 struct block *b0, *b1, *tmp;
2843
2844 if (dir != 0)
2845 bpf_error("direction applied to 'gateway'");
2846
2847 switch (proto) {
2848 case Q_DEFAULT:
2849 case Q_IP:
2850 case Q_ARP:
2851 case Q_RARP:
2852 if (linktype == DLT_EN10MB)
2853 b0 = gen_ehostop(eaddr, Q_OR);
2854 else if (linktype == DLT_FDDI)
2855 b0 = gen_fhostop(eaddr, Q_OR);
2856 else if (linktype == DLT_IEEE802)
2857 b0 = gen_thostop(eaddr, Q_OR);
2858 else if (linktype == DLT_IEEE802_11)
2859 b0 = gen_wlanhostop(eaddr, Q_OR);
2860 else if (linktype == DLT_SUNATM && is_lane) {
2861 /*
2862 * Check that the packet doesn't begin with an
2863 * LE Control marker. (We've already generated
2864 * a test for LANE.)
2865 */
2866 b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
2867 gen_not(b1);
2868
2869 /*
2870 * Now check the MAC address.
2871 */
2872 b0 = gen_ehostop(eaddr, Q_OR);
2873 gen_and(b1, b0);
2874 } else if (linktype == DLT_IP_OVER_FC)
2875 b0 = gen_ipfchostop(eaddr, Q_OR);
2876 else
2877 bpf_error(
2878 "'gateway' supported only on ethernet/FDDI/token ring/802.11/Fibre Channel");
2879
2880 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR);
2881 while (*alist) {
2882 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR);
2883 gen_or(b1, tmp);
2884 b1 = tmp;
2885 }
2886 gen_not(b1);
2887 gen_and(b0, b1);
2888 return b1;
2889 }
2890 bpf_error("illegal modifier of 'gateway'");
2891 /* NOTREACHED */
2892 }
2893 #endif
2894
2895 struct block *
2896 gen_proto_abbrev(proto)
2897 int proto;
2898 {
2899 struct block *b0;
2900 struct block *b1;
2901
2902 switch (proto) {
2903
2904 case Q_SCTP:
2905 b1 = gen_proto(IPPROTO_SCTP, Q_IP, Q_DEFAULT);
2906 #ifdef INET6
2907 b0 = gen_proto(IPPROTO_SCTP, Q_IPV6, Q_DEFAULT);
2908 gen_or(b0, b1);
2909 #endif
2910 break;
2911
2912 case Q_TCP:
2913 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT);
2914 #ifdef INET6
2915 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT);
2916 gen_or(b0, b1);
2917 #endif
2918 break;
2919
2920 case Q_UDP:
2921 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT);
2922 #ifdef INET6
2923 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT);
2924 gen_or(b0, b1);
2925 #endif
2926 break;
2927
2928 case Q_ICMP:
2929 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT);
2930 break;
2931
2932 #ifndef IPPROTO_IGMP
2933 #define IPPROTO_IGMP 2
2934 #endif
2935
2936 case Q_IGMP:
2937 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT);
2938 break;
2939
2940 #ifndef IPPROTO_IGRP
2941 #define IPPROTO_IGRP 9
2942 #endif
2943 case Q_IGRP:
2944 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT);
2945 break;
2946
2947 #ifndef IPPROTO_PIM
2948 #define IPPROTO_PIM 103
2949 #endif
2950
2951 case Q_PIM:
2952 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT);
2953 #ifdef INET6
2954 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT);
2955 gen_or(b0, b1);
2956 #endif
2957 break;
2958
2959 #ifndef IPPROTO_VRRP
2960 #define IPPROTO_VRRP 112
2961 #endif
2962
2963 case Q_VRRP:
2964 b1 = gen_proto(IPPROTO_VRRP, Q_IP, Q_DEFAULT);
2965 break;
2966
2967 case Q_IP:
2968 b1 = gen_linktype(ETHERTYPE_IP);
2969 break;
2970
2971 case Q_ARP:
2972 b1 = gen_linktype(ETHERTYPE_ARP);
2973 break;
2974
2975 case Q_RARP:
2976 b1 = gen_linktype(ETHERTYPE_REVARP);
2977 break;
2978
2979 case Q_LINK:
2980 bpf_error("link layer applied in wrong context");
2981
2982 case Q_ATALK:
2983 b1 = gen_linktype(ETHERTYPE_ATALK);
2984 break;
2985
2986 case Q_AARP:
2987 b1 = gen_linktype(ETHERTYPE_AARP);
2988 break;
2989
2990 case Q_DECNET:
2991 b1 = gen_linktype(ETHERTYPE_DN);
2992 break;
2993
2994 case Q_SCA:
2995 b1 = gen_linktype(ETHERTYPE_SCA);
2996 break;
2997
2998 case Q_LAT:
2999 b1 = gen_linktype(ETHERTYPE_LAT);
3000 break;
3001
3002 case Q_MOPDL:
3003 b1 = gen_linktype(ETHERTYPE_MOPDL);
3004 break;
3005
3006 case Q_MOPRC:
3007 b1 = gen_linktype(ETHERTYPE_MOPRC);
3008 break;
3009
3010 #ifdef INET6
3011 case Q_IPV6:
3012 b1 = gen_linktype(ETHERTYPE_IPV6);
3013 break;
3014
3015 #ifndef IPPROTO_ICMPV6
3016 #define IPPROTO_ICMPV6 58
3017 #endif
3018 case Q_ICMPV6:
3019 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT);
3020 break;
3021 #endif /* INET6 */
3022
3023 #ifndef IPPROTO_AH
3024 #define IPPROTO_AH 51
3025 #endif
3026 case Q_AH:
3027 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT);
3028 #ifdef INET6
3029 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT);
3030 gen_or(b0, b1);
3031 #endif
3032 break;
3033
3034 #ifndef IPPROTO_ESP
3035 #define IPPROTO_ESP 50
3036 #endif
3037 case Q_ESP:
3038 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT);
3039 #ifdef INET6
3040 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT);
3041 gen_or(b0, b1);
3042 #endif
3043 break;
3044
3045 case Q_ISO:
3046 b1 = gen_linktype(LLCSAP_ISONS);
3047 break;
3048
3049 case Q_ESIS:
3050 b1 = gen_proto(ISO9542_ESIS, Q_ISO, Q_DEFAULT);
3051 break;
3052
3053 case Q_ISIS:
3054 b1 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT);
3055 break;
3056
3057 case Q_ISIS_L1: /* all IS-IS Level1 PDU-Types */
3058 b0 = gen_proto(ISIS_L1_LAN_IIH, Q_ISIS, Q_DEFAULT);
3059 b1 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT); /* FIXME extract the circuit-type bits */
3060 gen_or(b0, b1);
3061 b0 = gen_proto(ISIS_L1_LSP, Q_ISIS, Q_DEFAULT);
3062 gen_or(b0, b1);
3063 b0 = gen_proto(ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT);
3064 gen_or(b0, b1);
3065 b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT);
3066 gen_or(b0, b1);
3067 break;
3068
3069 case Q_ISIS_L2: /* all IS-IS Level2 PDU-Types */
3070 b0 = gen_proto(ISIS_L2_LAN_IIH, Q_ISIS, Q_DEFAULT);
3071 b1 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT); /* FIXME extract the circuit-type bits */
3072 gen_or(b0, b1);
3073 b0 = gen_proto(ISIS_L2_LSP, Q_ISIS, Q_DEFAULT);
3074 gen_or(b0, b1);
3075 b0 = gen_proto(ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT);
3076 gen_or(b0, b1);
3077 b0 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT);
3078 gen_or(b0, b1);
3079 break;
3080
3081 case Q_ISIS_IIH: /* all IS-IS Hello PDU-Types */
3082 b0 = gen_proto(ISIS_L1_LAN_IIH, Q_ISIS, Q_DEFAULT);
3083 b1 = gen_proto(ISIS_L2_LAN_IIH, Q_ISIS, Q_DEFAULT);
3084 gen_or(b0, b1);
3085 b0 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT);
3086 gen_or(b0, b1);
3087 break;
3088
3089 case Q_ISIS_LSP:
3090 b0 = gen_proto(ISIS_L1_LSP, Q_ISIS, Q_DEFAULT);
3091 b1 = gen_proto(ISIS_L2_LSP, Q_ISIS, Q_DEFAULT);
3092 gen_or(b0, b1);
3093 break;
3094
3095 case Q_ISIS_SNP:
3096 b0 = gen_proto(ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT);
3097 b1 = gen_proto(ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT);
3098 gen_or(b0, b1);
3099 b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT);
3100 gen_or(b0, b1);
3101 b0 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT);
3102 gen_or(b0, b1);
3103 break;
3104
3105 case Q_ISIS_CSNP:
3106 b0 = gen_proto(ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT);
3107 b1 = gen_proto(ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT);
3108 gen_or(b0, b1);
3109 break;
3110
3111 case Q_ISIS_PSNP:
3112 b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT);
3113 b1 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT);
3114 gen_or(b0, b1);
3115 break;
3116
3117 case Q_CLNP:
3118 b1 = gen_proto(ISO8473_CLNP, Q_ISO, Q_DEFAULT);
3119 break;
3120
3121 case Q_STP:
3122 b1 = gen_linktype(LLCSAP_8021D);
3123 break;
3124
3125 case Q_IPX:
3126 b1 = gen_linktype(LLCSAP_IPX);
3127 break;
3128
3129 case Q_NETBEUI:
3130 b1 = gen_linktype(LLCSAP_NETBEUI);
3131 break;
3132
3133 default:
3134 abort();
3135 }
3136 return b1;
3137 }
3138
3139 static struct block *
3140 gen_ipfrag()
3141 {
3142 struct slist *s;
3143 struct block *b;
3144
3145 /* not ip frag */
3146 s = new_stmt(BPF_LD|BPF_H|BPF_ABS);
3147 s->s.k = off_nl + 6;
3148 b = new_block(JMP(BPF_JSET));
3149 b->s.k = 0x1fff;
3150 b->stmts = s;
3151 gen_not(b);
3152
3153 return b;
3154 }
3155
3156 static struct block *
3157 gen_portatom(off, v)
3158 int off;
3159 bpf_int32 v;
3160 {
3161 struct slist *s;
3162 struct block *b;
3163
3164 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
3165 s->s.k = off_nl;
3166
3167 s->next = new_stmt(BPF_LD|BPF_IND|BPF_H);
3168 s->next->s.k = off_nl + off;
3169
3170 b = new_block(JMP(BPF_JEQ));
3171 b->stmts = s;
3172 b->s.k = v;
3173
3174 return b;
3175 }
3176
3177 #ifdef INET6
3178 static struct block *
3179 gen_portatom6(off, v)
3180 int off;
3181 bpf_int32 v;
3182 {
3183 return gen_cmp(off_nl + 40 + off, BPF_H, v);
3184 }
3185 #endif/*INET6*/
3186
3187 struct block *
3188 gen_portop(port, proto, dir)
3189 int port, proto, dir;
3190 {
3191 struct block *b0, *b1, *tmp;
3192
3193 /* ip proto 'proto' */
3194 tmp = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)proto);
3195 b0 = gen_ipfrag();
3196 gen_and(tmp, b0);
3197
3198 switch (dir) {
3199 case Q_SRC:
3200 b1 = gen_portatom(0, (bpf_int32)port);
3201 break;
3202
3203 case Q_DST:
3204 b1 = gen_portatom(2, (bpf_int32)port);
3205 break;
3206
3207 case Q_OR:
3208 case Q_DEFAULT:
3209 tmp = gen_portatom(0, (bpf_int32)port);
3210 b1 = gen_portatom(2, (bpf_int32)port);
3211 gen_or(tmp, b1);
3212 break;
3213
3214 case Q_AND:
3215 tmp = gen_portatom(0, (bpf_int32)port);
3216 b1 = gen_portatom(2, (bpf_int32)port);
3217 gen_and(tmp, b1);
3218 break;
3219
3220 default:
3221 abort();
3222 }
3223 gen_and(b0, b1);
3224
3225 return b1;
3226 }
3227
3228 static struct block *
3229 gen_port(port, ip_proto, dir)
3230 int port;
3231 int ip_proto;
3232 int dir;
3233 {
3234 struct block *b0, *b1, *tmp;
3235
3236 /*
3237 * ether proto ip
3238 *
3239 * For FDDI, RFC 1188 says that SNAP encapsulation is used,
3240 * not LLC encapsulation with LLCSAP_IP.
3241 *
3242 * For IEEE 802 networks - which includes 802.5 token ring
3243 * (which is what DLT_IEEE802 means) and 802.11 - RFC 1042
3244 * says that SNAP encapsulation is used, not LLC encapsulation
3245 * with LLCSAP_IP.
3246 *
3247 * For LLC-encapsulated ATM/"Classical IP", RFC 1483 and
3248 * RFC 2225 say that SNAP encapsulation is used, not LLC
3249 * encapsulation with LLCSAP_IP.
3250 *
3251 * So we always check for ETHERTYPE_IP.
3252 */
3253 b0 = gen_linktype(ETHERTYPE_IP);
3254
3255 switch (ip_proto) {
3256 case IPPROTO_UDP:
3257 case IPPROTO_TCP:
3258 case IPPROTO_SCTP:
3259 b1 = gen_portop(port, ip_proto, dir);
3260 break;
3261
3262 case PROTO_UNDEF:
3263 tmp = gen_portop(port, IPPROTO_TCP, dir);
3264 b1 = gen_portop(port, IPPROTO_UDP, dir);
3265 gen_or(tmp, b1);
3266 tmp = gen_portop(port, IPPROTO_SCTP, dir);
3267 gen_or(tmp, b1);
3268 break;
3269
3270 default:
3271 abort();
3272 }
3273 gen_and(b0, b1);
3274 return b1;
3275 }
3276
3277 #ifdef INET6
3278 struct block *
3279 gen_portop6(port, proto, dir)
3280 int port, proto, dir;
3281 {
3282 struct block *b0, *b1, *tmp;
3283
3284 /* ip proto 'proto' */
3285 b0 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)proto);
3286
3287 switch (dir) {
3288 case Q_SRC:
3289 b1 = gen_portatom6(0, (bpf_int32)port);
3290 break;
3291
3292 case Q_DST:
3293 b1 = gen_portatom6(2, (bpf_int32)port);
3294 break;
3295
3296 case Q_OR:
3297 case Q_DEFAULT:
3298 tmp = gen_portatom6(0, (bpf_int32)port);
3299 b1 = gen_portatom6(2, (bpf_int32)port);
3300 gen_or(tmp, b1);
3301 break;
3302
3303 case Q_AND:
3304 tmp = gen_portatom6(0, (bpf_int32)port);
3305 b1 = gen_portatom6(2, (bpf_int32)port);
3306 gen_and(tmp, b1);
3307 break;
3308
3309 default:
3310 abort();
3311 }
3312 gen_and(b0, b1);
3313
3314 return b1;
3315 }
3316
3317 static struct block *
3318 gen_port6(port, ip_proto, dir)
3319 int port;
3320 int ip_proto;
3321 int dir;
3322 {
3323 struct block *b0, *b1, *tmp;
3324
3325 /* ether proto ip */
3326 b0 = gen_linktype(ETHERTYPE_IPV6);
3327
3328 switch (ip_proto) {
3329 case IPPROTO_UDP:
3330 case IPPROTO_TCP:
3331 case IPPROTO_SCTP:
3332 b1 = gen_portop6(port, ip_proto, dir);
3333 break;
3334
3335 case PROTO_UNDEF:
3336 tmp = gen_portop6(port, IPPROTO_TCP, dir);
3337 b1 = gen_portop6(port, IPPROTO_UDP, dir);
3338 gen_or(tmp, b1);
3339 tmp = gen_portop6(port, IPPROTO_SCTP, dir);
3340 gen_or(tmp, b1);
3341 break;
3342
3343 default:
3344 abort();
3345 }
3346 gen_and(b0, b1);
3347 return b1;
3348 }
3349 #endif /* INET6 */
3350
3351 static int
3352 lookup_proto(name, proto)
3353 register const char *name;
3354 register int proto;
3355 {
3356 register int v;
3357
3358 switch (proto) {
3359
3360 case Q_DEFAULT:
3361 case Q_IP:
3362 case Q_IPV6:
3363 v = pcap_nametoproto(name);
3364 if (v == PROTO_UNDEF)
3365 bpf_error("unknown ip proto '%s'", name);
3366 break;
3367
3368 case Q_LINK:
3369 /* XXX should look up h/w protocol type based on linktype */
3370 v = pcap_nametoeproto(name);
3371 if (v == PROTO_UNDEF)
3372 bpf_error("unknown ether proto '%s'", name);
3373 break;
3374
3375 case Q_ISO:
3376 if (strcmp(name, "esis") == 0)
3377 v = ISO9542_ESIS;
3378 else if (strcmp(name, "isis") == 0)
3379 v = ISO10589_ISIS;
3380 else if (strcmp(name, "clnp") == 0)
3381 v = ISO8473_CLNP;
3382 else
3383 bpf_error("unknown osi proto '%s'", name);
3384 break;
3385
3386 default:
3387 v = PROTO_UNDEF;
3388 break;
3389 }
3390 return v;
3391 }
3392
3393 #if 0
3394 struct stmt *
3395 gen_joinsp(s, n)
3396 struct stmt **s;
3397 int n;
3398 {
3399 return NULL;
3400 }
3401 #endif
3402
3403 static struct block *
3404 gen_protochain(v, proto, dir)
3405 int v;
3406 int proto;
3407 int dir;
3408 {
3409 #ifdef NO_PROTOCHAIN
3410 return gen_proto(v, proto, dir);
3411 #else
3412 struct block *b0, *b;
3413 struct slist *s[100];
3414 int fix2, fix3, fix4, fix5;
3415 int ahcheck, again, end;
3416 int i, max;
3417 int reg2 = alloc_reg();
3418
3419 memset(s, 0, sizeof(s));
3420 fix2 = fix3 = fix4 = fix5 = 0;
3421
3422 switch (proto) {
3423 case Q_IP:
3424 case Q_IPV6:
3425 break;
3426 case Q_DEFAULT:
3427 b0 = gen_protochain(v, Q_IP, dir);
3428 b = gen_protochain(v, Q_IPV6, dir);
3429 gen_or(b0, b);
3430 return b;
3431 default:
3432 bpf_error("bad protocol applied for 'protochain'");
3433 /*NOTREACHED*/
3434 }
3435
3436 no_optimize = 1; /*this code is not compatible with optimzer yet */
3437
3438 /*
3439 * s[0] is a dummy entry to protect other BPF insn from damaged
3440 * by s[fix] = foo with uninitialized variable "fix". It is somewhat
3441 * hard to find interdependency made by jump table fixup.
3442 */
3443 i = 0;
3444 s[i] = new_stmt(0); /*dummy*/
3445 i++;
3446
3447 switch (proto) {
3448 case Q_IP:
3449 b0 = gen_linktype(ETHERTYPE_IP);
3450
3451 /* A = ip->ip_p */
3452 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
3453 s[i]->s.k = off_nl + 9;
3454 i++;
3455 /* X = ip->ip_hl << 2 */
3456 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
3457 s[i]->s.k = off_nl;
3458 i++;
3459 break;
3460 #ifdef INET6
3461 case Q_IPV6:
3462 b0 = gen_linktype(ETHERTYPE_IPV6);
3463
3464 /* A = ip6->ip_nxt */
3465 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
3466 s[i]->s.k = off_nl + 6;
3467 i++;
3468 /* X = sizeof(struct ip6_hdr) */
3469 s[i] = new_stmt(BPF_LDX|BPF_IMM);
3470 s[i]->s.k = 40;
3471 i++;
3472 break;
3473 #endif
3474 default:
3475 bpf_error("unsupported proto to gen_protochain");
3476 /*NOTREACHED*/
3477 }
3478
3479 /* again: if (A == v) goto end; else fall through; */
3480 again = i;
3481 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3482 s[i]->s.k = v;
3483 s[i]->s.jt = NULL; /*later*/
3484 s[i]->s.jf = NULL; /*update in next stmt*/
3485 fix5 = i;
3486 i++;
3487
3488 #ifndef IPPROTO_NONE
3489 #define IPPROTO_NONE 59
3490 #endif
3491 /* if (A == IPPROTO_NONE) goto end */
3492 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3493 s[i]->s.jt = NULL; /*later*/
3494 s[i]->s.jf = NULL; /*update in next stmt*/
3495 s[i]->s.k = IPPROTO_NONE;
3496 s[fix5]->s.jf = s[i];
3497 fix2 = i;
3498 i++;
3499
3500 #ifdef INET6
3501 if (proto == Q_IPV6) {
3502 int v6start, v6end, v6advance, j;
3503
3504 v6start = i;
3505 /* if (A == IPPROTO_HOPOPTS) goto v6advance */
3506 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3507 s[i]->s.jt = NULL; /*later*/
3508 s[i]->s.jf = NULL; /*update in next stmt*/
3509 s[i]->s.k = IPPROTO_HOPOPTS;
3510 s[fix2]->s.jf = s[i];
3511 i++;
3512 /* if (A == IPPROTO_DSTOPTS) goto v6advance */
3513 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3514 s[i]->s.jt = NULL; /*later*/
3515 s[i]->s.jf = NULL; /*update in next stmt*/
3516 s[i]->s.k = IPPROTO_DSTOPTS;
3517 i++;
3518 /* if (A == IPPROTO_ROUTING) goto v6advance */
3519 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3520 s[i]->s.jt = NULL; /*later*/
3521 s[i]->s.jf = NULL; /*update in next stmt*/
3522 s[i]->s.k = IPPROTO_ROUTING;
3523 i++;
3524 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */
3525 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3526 s[i]->s.jt = NULL; /*later*/
3527 s[i]->s.jf = NULL; /*later*/
3528 s[i]->s.k = IPPROTO_FRAGMENT;
3529 fix3 = i;
3530 v6end = i;
3531 i++;
3532
3533 /* v6advance: */
3534 v6advance = i;
3535
3536 /*
3537 * in short,
3538 * A = P[X];
3539 * X = X + (P[X + 1] + 1) * 8;
3540 */
3541 /* A = X */
3542 s[i] = new_stmt(BPF_MISC|BPF_TXA);
3543 i++;
3544 /* A = P[X + packet head] */
3545 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
3546 s[i]->s.k = off_nl;
3547 i++;
3548 /* MEM[reg2] = A */
3549 s[i] = new_stmt(BPF_ST);
3550 s[i]->s.k = reg2;
3551 i++;
3552 /* A = X */
3553 s[i] = new_stmt(BPF_MISC|BPF_TXA);
3554 i++;
3555 /* A += 1 */
3556 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3557 s[i]->s.k = 1;
3558 i++;
3559 /* X = A */
3560 s[i] = new_stmt(BPF_MISC|BPF_TAX);
3561 i++;
3562 /* A = P[X + packet head]; */
3563 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
3564 s[i]->s.k = off_nl;
3565 i++;
3566 /* A += 1 */
3567 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3568 s[i]->s.k = 1;
3569 i++;
3570 /* A *= 8 */
3571 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
3572 s[i]->s.k = 8;
3573 i++;
3574 /* X = A; */
3575 s[i] = new_stmt(BPF_MISC|BPF_TAX);
3576 i++;
3577 /* A = MEM[reg2] */
3578 s[i] = new_stmt(BPF_LD|BPF_MEM);
3579 s[i]->s.k = reg2;
3580 i++;
3581
3582 /* goto again; (must use BPF_JA for backward jump) */
3583 s[i] = new_stmt(BPF_JMP|BPF_JA);
3584 s[i]->s.k = again - i - 1;
3585 s[i - 1]->s.jf = s[i];
3586 i++;
3587
3588 /* fixup */
3589 for (j = v6start; j <= v6end; j++)
3590 s[j]->s.jt = s[v6advance];
3591 } else
3592 #endif
3593 {
3594 /* nop */
3595 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3596 s[i]->s.k = 0;
3597 s[fix2]->s.jf = s[i];
3598 i++;
3599 }
3600
3601 /* ahcheck: */
3602 ahcheck = i;
3603 /* if (A == IPPROTO_AH) then fall through; else goto end; */
3604 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3605 s[i]->s.jt = NULL; /*later*/
3606 s[i]->s.jf = NULL; /*later*/
3607 s[i]->s.k = IPPROTO_AH;
3608 if (fix3)
3609 s[fix3]->s.jf = s[ahcheck];
3610 fix4 = i;
3611 i++;
3612
3613 /*
3614 * in short,
3615 * A = P[X];
3616 * X = X + (P[X + 1] + 2) * 4;
3617 */
3618 /* A = X */
3619 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
3620 i++;
3621 /* A = P[X + packet head]; */
3622 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
3623 s[i]->s.k = off_nl;
3624 i++;
3625 /* MEM[reg2] = A */
3626 s[i] = new_stmt(BPF_ST);
3627 s[i]->s.k = reg2;
3628 i++;
3629 /* A = X */
3630 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
3631 i++;
3632 /* A += 1 */
3633 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3634 s[i]->s.k = 1;
3635 i++;
3636 /* X = A */
3637 s[i] = new_stmt(BPF_MISC|BPF_TAX);
3638 i++;
3639 /* A = P[X + packet head] */
3640 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
3641 s[i]->s.k = off_nl;
3642 i++;
3643 /* A += 2 */
3644 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3645 s[i]->s.k = 2;
3646 i++;
3647 /* A *= 4 */
3648 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
3649 s[i]->s.k = 4;
3650 i++;
3651 /* X = A; */
3652 s[i] = new_stmt(BPF_MISC|BPF_TAX);
3653 i++;
3654 /* A = MEM[reg2] */
3655 s[i] = new_stmt(BPF_LD|BPF_MEM);
3656 s[i]->s.k = reg2;
3657 i++;
3658
3659 /* goto again; (must use BPF_JA for backward jump) */
3660 s[i] = new_stmt(BPF_JMP|BPF_JA);
3661 s[i]->s.k = again - i - 1;
3662 i++;
3663
3664 /* end: nop */
3665 end = i;
3666 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3667 s[i]->s.k = 0;
3668 s[fix2]->s.jt = s[end];
3669 s[fix4]->s.jf = s[end];
3670 s[fix5]->s.jt = s[end];
3671 i++;
3672
3673 /*
3674 * make slist chain
3675 */
3676 max = i;
3677 for (i = 0; i < max - 1; i++)
3678 s[i]->next = s[i + 1];
3679 s[max - 1]->next = NULL;
3680
3681 /*
3682 * emit final check
3683 */
3684 b = new_block(JMP(BPF_JEQ));
3685 b->stmts = s[1]; /*remember, s[0] is dummy*/
3686 b->s.k = v;
3687
3688 free_reg(reg2);
3689
3690 gen_and(b0, b);
3691 return b;
3692 #endif
3693 }
3694
3695 static struct block *
3696 gen_proto(v, proto, dir)
3697 int v;
3698 int proto;
3699 int dir;
3700 {
3701 struct block *b0, *b1;
3702
3703 if (dir != Q_DEFAULT)
3704 bpf_error("direction applied to 'proto'");
3705
3706 switch (proto) {
3707 case Q_DEFAULT:
3708 #ifdef INET6
3709 b0 = gen_proto(v, Q_IP, dir);
3710 b1 = gen_proto(v, Q_IPV6, dir);
3711 gen_or(b0, b1);
3712 return b1;
3713 #else
3714 /*FALLTHROUGH*/
3715 #endif
3716 case Q_IP:
3717 /*
3718 * For FDDI, RFC 1188 says that SNAP encapsulation is used,
3719 * not LLC encapsulation with LLCSAP_IP.
3720 *
3721 * For IEEE 802 networks - which includes 802.5 token ring
3722 * (which is what DLT_IEEE802 means) and 802.11 - RFC 1042
3723 * says that SNAP encapsulation is used, not LLC encapsulation
3724 * with LLCSAP_IP.
3725 *
3726 * For LLC-encapsulated ATM/"Classical IP", RFC 1483 and
3727 * RFC 2225 say that SNAP encapsulation is used, not LLC
3728 * encapsulation with LLCSAP_IP.
3729 *
3730 * So we always check for ETHERTYPE_IP.
3731 */
3732 b0 = gen_linktype(ETHERTYPE_IP);
3733 #ifndef CHASE_CHAIN
3734 b1 = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)v);
3735 #else
3736 b1 = gen_protochain(v, Q_IP);
3737 #endif
3738 gen_and(b0, b1);
3739 return b1;
3740
3741 case Q_ISO:
3742 switch (linktype) {
3743
3744 case DLT_FRELAY:
3745 /*
3746 * Frame Relay packets typically have an OSI
3747 * NLPID at the beginning; "gen_linktype(LLCSAP_ISONS)"
3748 * generates code to check for all the OSI
3749 * NLPIDs, so calling it and then adding a check
3750 * for the particular NLPID for which we're
3751 * looking is bogus, as we can just check for
3752 * the NLPID.
3753 *
3754 * What we check for is the NLPID and a frame
3755 * control field value of UI, i.e. 0x03 followed
3756 * by the NLPID.
3757 *
3758 * XXX - assumes a 2-byte Frame Relay header with
3759 * DLCI and flags. What if the address is longer?
3760 *
3761 * XXX - what about SNAP-encapsulated frames?
3762 */
3763 return gen_cmp(2, BPF_H, (0x03<<8) | v);
3764 /*NOTREACHED*/
3765 break;
3766
3767 case DLT_C_HDLC:
3768 /*
3769 * Cisco uses an Ethertype lookalike - for OSI,
3770 * it's 0xfefe.
3771 */
3772 b0 = gen_linktype(LLCSAP_ISONS<<8 | LLCSAP_ISONS);
3773 /* OSI in C-HDLC is stuffed with a fudge byte */
3774 b1 = gen_cmp(off_nl_nosnap+1, BPF_B, (long)v);
3775 gen_and(b0, b1);
3776 return b1;
3777
3778 default:
3779 b0 = gen_linktype(LLCSAP_ISONS);
3780 b1 = gen_cmp(off_nl_nosnap, BPF_B, (long)v);
3781 gen_and(b0, b1);
3782 return b1;
3783 }
3784
3785 case Q_ISIS:
3786 b0 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT);
3787 /*
3788 * 4 is the offset of the PDU type relative to the IS-IS
3789 * header.
3790 */
3791 b1 = gen_cmp(off_nl_nosnap+4, BPF_B, (long)v);
3792 gen_and(b0, b1);
3793 return b1;
3794
3795 case Q_ARP:
3796 bpf_error("arp does not encapsulate another protocol");
3797 /* NOTREACHED */
3798
3799 case Q_RARP:
3800 bpf_error("rarp does not encapsulate another protocol");
3801 /* NOTREACHED */
3802
3803 case Q_ATALK:
3804 bpf_error("atalk encapsulation is not specifiable");
3805 /* NOTREACHED */
3806
3807 case Q_DECNET:
3808 bpf_error("decnet encapsulation is not specifiable");
3809 /* NOTREACHED */
3810
3811 case Q_SCA:
3812 bpf_error("sca does not encapsulate another protocol");
3813 /* NOTREACHED */
3814
3815 case Q_LAT:
3816 bpf_error("lat does not encapsulate another protocol");
3817 /* NOTREACHED */
3818
3819 case Q_MOPRC:
3820 bpf_error("moprc does not encapsulate another protocol");
3821 /* NOTREACHED */
3822
3823 case Q_MOPDL:
3824 bpf_error("mopdl does not encapsulate another protocol");
3825 /* NOTREACHED */
3826
3827 case Q_LINK:
3828 return gen_linktype(v);
3829
3830 case Q_UDP:
3831 bpf_error("'udp proto' is bogus");
3832 /* NOTREACHED */
3833
3834 case Q_TCP:
3835 bpf_error("'tcp proto' is bogus");
3836 /* NOTREACHED */
3837
3838 case Q_SCTP:
3839 bpf_error("'sctp proto' is bogus");
3840 /* NOTREACHED */
3841
3842 case Q_ICMP:
3843 bpf_error("'icmp proto' is bogus");
3844 /* NOTREACHED */
3845
3846 case Q_IGMP:
3847 bpf_error("'igmp proto' is bogus");
3848 /* NOTREACHED */
3849
3850 case Q_IGRP:
3851 bpf_error("'igrp proto' is bogus");
3852 /* NOTREACHED */
3853
3854 case Q_PIM:
3855 bpf_error("'pim proto' is bogus");
3856 /* NOTREACHED */
3857
3858 case Q_VRRP:
3859 bpf_error("'vrrp proto' is bogus");
3860 /* NOTREACHED */
3861
3862 #ifdef INET6
3863 case Q_IPV6:
3864 b0 = gen_linktype(ETHERTYPE_IPV6);
3865 #ifndef CHASE_CHAIN
3866 b1 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)v);
3867 #else
3868 b1 = gen_protochain(v, Q_IPV6);
3869 #endif
3870 gen_and(b0, b1);
3871 return b1;
3872
3873 case Q_ICMPV6:
3874 bpf_error("'icmp6 proto' is bogus");
3875 #endif /* INET6 */
3876
3877 case Q_AH:
3878 bpf_error("'ah proto' is bogus");
3879
3880 case Q_ESP:
3881 bpf_error("'ah proto' is bogus");
3882
3883 case Q_STP:
3884 bpf_error("'stp proto' is bogus");
3885
3886 case Q_IPX:
3887 bpf_error("'ipx proto' is bogus");
3888
3889 case Q_NETBEUI:
3890 bpf_error("'netbeui proto' is bogus");
3891
3892 default:
3893 abort();
3894 /* NOTREACHED */
3895 }
3896 /* NOTREACHED */
3897 }
3898
3899 struct block *
3900 gen_scode(name, q)
3901 register const char *name;
3902 struct qual q;
3903 {
3904 int proto = q.proto;
3905 int dir = q.dir;
3906 int tproto;
3907 u_char *eaddr;
3908 bpf_u_int32 mask, addr;
3909 #ifndef INET6
3910 bpf_u_int32 **alist;
3911 #else
3912 int tproto6;
3913 struct sockaddr_in *sin;
3914 struct sockaddr_in6 *sin6;
3915 struct addrinfo *res, *res0;
3916 struct in6_addr mask128;
3917 #endif /*INET6*/
3918 struct block *b, *tmp;
3919 int port, real_proto;
3920
3921 switch (q.addr) {
3922
3923 case Q_NET:
3924 addr = pcap_nametonetaddr(name);
3925 if (addr == 0)
3926 bpf_error("unknown network '%s'", name);
3927 /* Left justify network addr and calculate its network mask */
3928 mask = 0xffffffff;
3929 while (addr && (addr & 0xff000000) == 0) {
3930 addr <<= 8;
3931 mask <<= 8;
3932 }
3933 return gen_host(addr, mask, proto, dir);
3934
3935 case Q_DEFAULT:
3936 case Q_HOST:
3937 if (proto == Q_LINK) {
3938 switch (linktype) {
3939
3940 case DLT_EN10MB:
3941 eaddr = pcap_ether_hostton(name);
3942 if (eaddr == NULL)
3943 bpf_error(
3944 "unknown ether host '%s'", name);
3945 b = gen_ehostop(eaddr, dir);
3946 free(eaddr);
3947 return b;
3948
3949 case DLT_FDDI:
3950 eaddr = pcap_ether_hostton(name);
3951 if (eaddr == NULL)
3952 bpf_error(
3953 "unknown FDDI host '%s'", name);
3954 b = gen_fhostop(eaddr, dir);
3955 free(eaddr);
3956 return b;
3957
3958 case DLT_IEEE802:
3959 eaddr = pcap_ether_hostton(name);
3960 if (eaddr == NULL)
3961 bpf_error(
3962 "unknown token ring host '%s'", name);
3963 b = gen_thostop(eaddr, dir);
3964 free(eaddr);
3965 return b;
3966
3967 case DLT_IEEE802_11:
3968 eaddr = pcap_ether_hostton(name);
3969 if (eaddr == NULL)
3970 bpf_error(
3971 "unknown 802.11 host '%s'", name);
3972 b = gen_wlanhostop(eaddr, dir);
3973 free(eaddr);
3974 return b;
3975
3976 case DLT_IP_OVER_FC:
3977 eaddr = pcap_ether_hostton(name);
3978 if (eaddr == NULL)
3979 bpf_error(
3980 "unknown Fibre Channel host '%s'", name);
3981 b = gen_ipfchostop(eaddr, dir);
3982 free(eaddr);
3983 return b;
3984
3985 case DLT_SUNATM:
3986 if (!is_lane)
3987 break;
3988
3989 /*
3990 * Check that the packet doesn't begin
3991 * with an LE Control marker. (We've
3992 * already generated a test for LANE.)
3993 */
3994 tmp = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H,
3995 0xFF00);
3996 gen_not(tmp);
3997
3998 eaddr = pcap_ether_hostton(name);
3999 if (eaddr == NULL)
4000 bpf_error(
4001 "unknown ether host '%s'", name);
4002 b = gen_ehostop(eaddr, dir);
4003 gen_and(tmp, b);
4004 free(eaddr);
4005 return b;
4006 }
4007
4008 bpf_error("only ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel supports link-level host name");
4009 } else if (proto == Q_DECNET) {
4010 unsigned short dn_addr = __pcap_nametodnaddr(name);
4011 /*
4012 * I don't think DECNET hosts can be multihomed, so
4013 * there is no need to build up a list of addresses
4014 */
4015 return (gen_host(dn_addr, 0, proto, dir));
4016 } else {
4017 #ifndef INET6
4018 alist = pcap_nametoaddr(name);
4019 if (alist == NULL || *alist == NULL)
4020 bpf_error("unknown host '%s'", name);
4021 tproto = proto;
4022 if (off_linktype == (u_int)-1 && tproto == Q_DEFAULT)
4023 tproto = Q_IP;
4024 b = gen_host(**alist++, 0xffffffff, tproto, dir);
4025 while (*alist) {
4026 tmp = gen_host(**alist++, 0xffffffff,
4027 tproto, dir);
4028 gen_or(b, tmp);
4029 b = tmp;
4030 }
4031 return b;
4032 #else
4033 memset(&mask128, 0xff, sizeof(mask128));
4034 res0 = res = pcap_nametoaddrinfo(name);
4035 if (res == NULL)
4036 bpf_error("unknown host '%s'", name);
4037 b = tmp = NULL;
4038 tproto = tproto6 = proto;
4039 if (off_linktype == -1 && tproto == Q_DEFAULT) {
4040 tproto = Q_IP;
4041 tproto6 = Q_IPV6;
4042 }
4043 for (res = res0; res; res = res->ai_next) {
4044 switch (res->ai_family) {
4045 case AF_INET:
4046 if (tproto == Q_IPV6)
4047 continue;
4048
4049 sin = (struct sockaddr_in *)
4050 res->ai_addr;
4051 tmp = gen_host(ntohl(sin->sin_addr.s_addr),
4052 0xffffffff, tproto, dir);
4053 break;
4054 case AF_INET6:
4055 if (tproto6 == Q_IP)
4056 continue;
4057
4058 sin6 = (struct sockaddr_in6 *)
4059 res->ai_addr;
4060 tmp = gen_host6(&sin6->sin6_addr,
4061 &mask128, tproto6, dir);
4062 break;
4063 default:
4064 continue;
4065 }
4066 if (b)
4067 gen_or(b, tmp);
4068 b = tmp;
4069 }
4070 freeaddrinfo(res0);
4071 if (b == NULL) {
4072 bpf_error("unknown host '%s'%s", name,
4073 (proto == Q_DEFAULT)
4074 ? ""
4075 : " for specified address family");
4076 }
4077 return b;
4078 #endif /*INET6*/
4079 }
4080
4081 case Q_PORT:
4082 if (proto != Q_DEFAULT &&
4083 proto != Q_UDP && proto != Q_TCP && proto != Q_SCTP)
4084 bpf_error("illegal qualifier of 'port'");
4085 if (pcap_nametoport(name, &port, &real_proto) == 0)
4086 bpf_error("unknown port '%s'", name);
4087 if (proto == Q_UDP) {
4088 if (real_proto == IPPROTO_TCP)
4089 bpf_error("port '%s' is tcp", name);
4090 else if (real_proto == IPPROTO_SCTP)
4091 bpf_error("port '%s' is sctp", name);
4092 else
4093 /* override PROTO_UNDEF */
4094 real_proto = IPPROTO_UDP;
4095 }
4096 if (proto == Q_TCP) {
4097 if (real_proto == IPPROTO_UDP)
4098 bpf_error("port '%s' is udp", name);
4099
4100 else if (real_proto == IPPROTO_SCTP)
4101 bpf_error("port '%s' is sctp", name);
4102 else
4103 /* override PROTO_UNDEF */
4104 real_proto = IPPROTO_TCP;
4105 }
4106 if (proto == Q_SCTP) {
4107 if (real_proto == IPPROTO_UDP)
4108 bpf_error("port '%s' is udp", name);
4109
4110 else if (real_proto == IPPROTO_TCP)
4111 bpf_error("port '%s' is tcp", name);
4112 else
4113 /* override PROTO_UNDEF */
4114 real_proto = IPPROTO_SCTP;
4115 }
4116 #ifndef INET6
4117 return gen_port(port, real_proto, dir);
4118 #else
4119 {
4120 struct block *b;
4121 b = gen_port(port, real_proto, dir);
4122 gen_or(gen_port6(port, real_proto, dir), b);
4123 return b;
4124 }
4125 #endif /* INET6 */
4126
4127 case Q_GATEWAY:
4128 #ifndef INET6
4129 eaddr = pcap_ether_hostton(name);
4130 if (eaddr == NULL)
4131 bpf_error("unknown ether host: %s", name);
4132
4133 alist = pcap_nametoaddr(name);
4134 if (alist == NULL || *alist == NULL)
4135 bpf_error("unknown host '%s'", name);
4136 b = gen_gateway(eaddr, alist, proto, dir);
4137 free(eaddr);
4138 return b;
4139 #else
4140 bpf_error("'gateway' not supported in this configuration");
4141 #endif /*INET6*/
4142
4143 case Q_PROTO:
4144 real_proto = lookup_proto(name, proto);
4145 if (real_proto >= 0)
4146 return gen_proto(real_proto, proto, dir);
4147 else
4148 bpf_error("unknown protocol: %s", name);
4149
4150 case Q_PROTOCHAIN:
4151 real_proto = lookup_proto(name, proto);
4152 if (real_proto >= 0)
4153 return gen_protochain(real_proto, proto, dir);
4154 else
4155 bpf_error("unknown protocol: %s", name);
4156
4157
4158 case Q_UNDEF:
4159 syntax();
4160 /* NOTREACHED */
4161 }
4162 abort();
4163 /* NOTREACHED */
4164 }
4165
4166 struct block *
4167 gen_mcode(s1, s2, masklen, q)
4168 register const char *s1, *s2;
4169 register int masklen;
4170 struct qual q;
4171 {
4172 register int nlen, mlen;
4173 bpf_u_int32 n, m;
4174
4175 nlen = __pcap_atoin(s1, &n);
4176 /* Promote short ipaddr */
4177 n <<= 32 - nlen;
4178
4179 if (s2 != NULL) {
4180 mlen = __pcap_atoin(s2, &m);
4181 /* Promote short ipaddr */
4182 m <<= 32 - mlen;
4183 if ((n & ~m) != 0)
4184 bpf_error("non-network bits set in \"%s mask %s\"",
4185 s1, s2);
4186 } else {
4187 /* Convert mask len to mask */
4188 if (masklen > 32)
4189 bpf_error("mask length must be <= 32");
4190 m = 0xffffffff << (32 - masklen);
4191 if ((n & ~m) != 0)
4192 bpf_error("non-network bits set in \"%s/%d\"",
4193 s1, masklen);
4194 }
4195
4196 switch (q.addr) {
4197
4198 case Q_NET:
4199 return gen_host(n, m, q.proto, q.dir);
4200
4201 default:
4202 bpf_error("Mask syntax for networks only");
4203 /* NOTREACHED */
4204 }
4205 /* NOTREACHED */
4206 }
4207
4208 struct block *
4209 gen_ncode(s, v, q)
4210 register const char *s;
4211 bpf_u_int32 v;
4212 struct qual q;
4213 {
4214 bpf_u_int32 mask;
4215 int proto = q.proto;
4216 int dir = q.dir;
4217 register int vlen;
4218
4219 if (s == NULL)
4220 vlen = 32;
4221 else if (q.proto == Q_DECNET)
4222 vlen = __pcap_atodn(s, &v);
4223 else
4224 vlen = __pcap_atoin(s, &v);
4225
4226 switch (q.addr) {
4227
4228 case Q_DEFAULT:
4229 case Q_HOST:
4230 case Q_NET:
4231 if (proto == Q_DECNET)
4232 return gen_host(v, 0, proto, dir);
4233 else if (proto == Q_LINK) {
4234 bpf_error("illegal link layer address");
4235 } else {
4236 mask = 0xffffffff;
4237 if (s == NULL && q.addr == Q_NET) {
4238 /* Promote short net number */
4239 while (v && (v & 0xff000000) == 0) {
4240 v <<= 8;
4241 mask <<= 8;
4242 }
4243 } else {
4244 /* Promote short ipaddr */
4245 v <<= 32 - vlen;
4246 mask <<= 32 - vlen;
4247 }
4248 return gen_host(v, mask, proto, dir);
4249 }
4250
4251 case Q_PORT:
4252 if (proto == Q_UDP)
4253 proto = IPPROTO_UDP;
4254 else if (proto == Q_TCP)
4255 proto = IPPROTO_TCP;
4256 else if (proto == Q_SCTP)
4257 proto = IPPROTO_SCTP;
4258 else if (proto == Q_DEFAULT)
4259 proto = PROTO_UNDEF;
4260 else
4261 bpf_error("illegal qualifier of 'port'");
4262
4263 #ifndef INET6
4264 return gen_port((int)v, proto, dir);
4265 #else
4266 {
4267 struct block *b;
4268 b = gen_port((int)v, proto, dir);
4269 gen_or(gen_port6((int)v, proto, dir), b);
4270 return b;
4271 }
4272 #endif /* INET6 */
4273
4274 case Q_GATEWAY:
4275 bpf_error("'gateway' requires a name");
4276 /* NOTREACHED */
4277
4278 case Q_PROTO:
4279 return gen_proto((int)v, proto, dir);
4280
4281 case Q_PROTOCHAIN:
4282 return gen_protochain((int)v, proto, dir);
4283
4284 case Q_UNDEF:
4285 syntax();
4286 /* NOTREACHED */
4287
4288 default:
4289 abort();
4290 /* NOTREACHED */
4291 }
4292 /* NOTREACHED */
4293 }
4294
4295 #ifdef INET6
4296 struct block *
4297 gen_mcode6(s1, s2, masklen, q)
4298 register const char *s1, *s2;
4299 register int masklen;
4300 struct qual q;
4301 {
4302 struct addrinfo *res;
4303 struct in6_addr *addr;
4304 struct in6_addr mask;
4305 struct block *b;
4306 u_int32_t *a, *m;
4307
4308 if (s2)
4309 bpf_error("no mask %s supported", s2);
4310
4311 res = pcap_nametoaddrinfo(s1);
4312 if (!res)
4313 bpf_error("invalid ip6 address %s", s1);
4314 if (res->ai_next)
4315 bpf_error("%s resolved to multiple address", s1);
4316 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr;
4317
4318 if (sizeof(mask) * 8 < masklen)
4319 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8));
4320 memset(&mask, 0, sizeof(mask));
4321 memset(&mask, 0xff, masklen / 8);
4322 if (masklen % 8) {
4323 mask.s6_addr[masklen / 8] =
4324 (0xff << (8 - masklen % 8)) & 0xff;
4325 }
4326
4327 a = (u_int32_t *)addr;
4328 m = (u_int32_t *)&mask;
4329 if ((a[0] & ~m[0]) || (a[1] & ~m[1])
4330 || (a[2] & ~m[2]) || (a[3] & ~m[3])) {
4331 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen);
4332 }
4333
4334 switch (q.addr) {
4335
4336 case Q_DEFAULT:
4337 case Q_HOST:
4338 if (masklen != 128)
4339 bpf_error("Mask syntax for networks only");
4340 /* FALLTHROUGH */
4341
4342 case Q_NET:
4343 b = gen_host6(addr, &mask, q.proto, q.dir);
4344 freeaddrinfo(res);
4345 return b;
4346
4347 default:
4348 bpf_error("invalid qualifier against IPv6 address");
4349 /* NOTREACHED */
4350 }
4351 }
4352 #endif /*INET6*/
4353
4354 struct block *
4355 gen_ecode(eaddr, q)
4356 register const u_char *eaddr;
4357 struct qual q;
4358 {
4359 struct block *b, *tmp;
4360
4361 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
4362 if (linktype == DLT_EN10MB)
4363 return gen_ehostop(eaddr, (int)q.dir);
4364 if (linktype == DLT_FDDI)
4365 return gen_fhostop(eaddr, (int)q.dir);
4366 if (linktype == DLT_IEEE802)
4367 return gen_thostop(eaddr, (int)q.dir);
4368 if (linktype == DLT_IEEE802_11)
4369 return gen_wlanhostop(eaddr, (int)q.dir);
4370 if (linktype == DLT_SUNATM && is_lane) {
4371 /*
4372 * Check that the packet doesn't begin with an
4373 * LE Control marker. (We've already generated
4374 * a test for LANE.)
4375 */
4376 tmp = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
4377 gen_not(tmp);
4378
4379 /*
4380 * Now check the MAC address.
4381 */
4382 b = gen_ehostop(eaddr, (int)q.dir);
4383 gen_and(tmp, b);
4384 return b;
4385 }
4386 if (linktype == DLT_IP_OVER_FC)
4387 return gen_ipfchostop(eaddr, (int)q.dir);
4388 bpf_error("ethernet addresses supported only on ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel");
4389 }
4390 bpf_error("ethernet address used in non-ether expression");
4391 /* NOTREACHED */
4392 }
4393
4394 void
4395 sappend(s0, s1)
4396 struct slist *s0, *s1;
4397 {
4398 /*
4399 * This is definitely not the best way to do this, but the
4400 * lists will rarely get long.
4401 */
4402 while (s0->next)
4403 s0 = s0->next;
4404 s0->next = s1;
4405 }
4406
4407 static struct slist *
4408 xfer_to_x(a)
4409 struct arth *a;
4410 {
4411 struct slist *s;
4412
4413 s = new_stmt(BPF_LDX|BPF_MEM);
4414 s->s.k = a->regno;
4415 return s;
4416 }
4417
4418 static struct slist *
4419 xfer_to_a(a)
4420 struct arth *a;
4421 {
4422 struct slist *s;
4423
4424 s = new_stmt(BPF_LD|BPF_MEM);
4425 s->s.k = a->regno;
4426 return s;
4427 }
4428
4429 struct arth *
4430 gen_load(proto, index, size)
4431 int proto;
4432 struct arth *index;
4433 int size;
4434 {
4435 struct slist *s, *tmp;
4436 struct block *b;
4437 int regno = alloc_reg();
4438
4439 free_reg(index->regno);
4440 switch (size) {
4441
4442 default:
4443 bpf_error("data size must be 1, 2, or 4");
4444
4445 case 1:
4446 size = BPF_B;
4447 break;
4448
4449 case 2:
4450 size = BPF_H;
4451 break;
4452
4453 case 4:
4454 size = BPF_W;
4455 break;
4456 }
4457 switch (proto) {
4458 default:
4459 bpf_error("unsupported index operation");
4460
4461 case Q_LINK:
4462 /*
4463 * XXX - what about ATM LANE? Should the index be
4464 * relative to the beginning of the AAL5 frame, so
4465 * that 0 refers to the beginning of the LE Control
4466 * field, or relative to the beginning of the LAN
4467 * frame, so that 0 refers, for Ethernet LANE, to
4468 * the beginning of the destination address?
4469 */
4470 s = xfer_to_x(index);
4471 tmp = new_stmt(BPF_LD|BPF_IND|size);
4472 sappend(s, tmp);
4473 sappend(index->s, s);
4474 break;
4475
4476 case Q_IP:
4477 case Q_ARP:
4478 case Q_RARP:
4479 case Q_ATALK:
4480 case Q_DECNET:
4481 case Q_SCA:
4482 case Q_LAT:
4483 case Q_MOPRC:
4484 case Q_MOPDL:
4485 #ifdef INET6
4486 case Q_IPV6:
4487 #endif
4488 /* XXX Note that we assume a fixed link header here. */
4489 s = xfer_to_x(index);
4490 tmp = new_stmt(BPF_LD|BPF_IND|size);
4491 tmp->s.k = off_nl;
4492 sappend(s, tmp);
4493 sappend(index->s, s);
4494
4495 b = gen_proto_abbrev(proto);
4496 if (index->b)
4497 gen_and(index->b, b);
4498 index->b = b;
4499 break;
4500
4501 case Q_SCTP:
4502 case Q_TCP:
4503 case Q_UDP:
4504 case Q_ICMP:
4505 case Q_IGMP:
4506 case Q_IGRP:
4507 case Q_PIM:
4508 case Q_VRRP:
4509 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
4510 s->s.k = off_nl;
4511 sappend(s, xfer_to_a(index));
4512 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X));
4513 sappend(s, new_stmt(BPF_MISC|BPF_TAX));
4514 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size));
4515 tmp->s.k = off_nl;
4516 sappend(index->s, s);
4517
4518 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag());
4519 if (index->b)
4520 gen_and(index->b, b);
4521 #ifdef INET6
4522 gen_and(gen_proto_abbrev(Q_IP), b);
4523 #endif
4524 index->b = b;
4525 break;
4526 #ifdef INET6
4527 case Q_ICMPV6:
4528 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]");
4529 /*NOTREACHED*/
4530 #endif
4531 }
4532 index->regno = regno;
4533 s = new_stmt(BPF_ST);
4534 s->s.k = regno;
4535 sappend(index->s, s);
4536
4537 return index;
4538 }
4539
4540 struct block *
4541 gen_relation(code, a0, a1, reversed)
4542 int code;
4543 struct arth *a0, *a1;
4544 int reversed;
4545 {
4546 struct slist *s0, *s1, *s2;
4547 struct block *b, *tmp;
4548
4549 s0 = xfer_to_x(a1);
4550 s1 = xfer_to_a(a0);
4551 if (code == BPF_JEQ) {
4552 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X);
4553 b = new_block(JMP(code));
4554 sappend(s1, s2);
4555 }
4556 else
4557 b = new_block(BPF_JMP|code|BPF_X);
4558 if (reversed)
4559 gen_not(b);
4560
4561 sappend(s0, s1);
4562 sappend(a1->s, s0);
4563 sappend(a0->s, a1->s);
4564
4565 b->stmts = a0->s;
4566
4567 free_reg(a0->regno);
4568 free_reg(a1->regno);
4569
4570 /* 'and' together protocol checks */
4571 if (a0->b) {
4572 if (a1->b) {
4573 gen_and(a0->b, tmp = a1->b);
4574 }
4575 else
4576 tmp = a0->b;
4577 } else
4578 tmp = a1->b;
4579
4580 if (tmp)
4581 gen_and(tmp, b);
4582
4583 return b;
4584 }
4585
4586 struct arth *
4587 gen_loadlen()
4588 {
4589 int regno = alloc_reg();
4590 struct arth *a = (struct arth *)newchunk(sizeof(*a));
4591 struct slist *s;
4592
4593 s = new_stmt(BPF_LD|BPF_LEN);
4594 s->next = new_stmt(BPF_ST);
4595 s->next->s.k = regno;
4596 a->s = s;
4597 a->regno = regno;
4598
4599 return a;
4600 }
4601
4602 struct arth *
4603 gen_loadi(val)
4604 int val;
4605 {
4606 struct arth *a;
4607 struct slist *s;
4608 int reg;
4609
4610 a = (struct arth *)newchunk(sizeof(*a));
4611
4612 reg = alloc_reg();
4613
4614 s = new_stmt(BPF_LD|BPF_IMM);
4615 s->s.k = val;
4616 s->next = new_stmt(BPF_ST);
4617 s->next->s.k = reg;
4618 a->s = s;
4619 a->regno = reg;
4620
4621 return a;
4622 }
4623
4624 struct arth *
4625 gen_neg(a)
4626 struct arth *a;
4627 {
4628 struct slist *s;
4629
4630 s = xfer_to_a(a);
4631 sappend(a->s, s);
4632 s = new_stmt(BPF_ALU|BPF_NEG);
4633 s->s.k = 0;
4634 sappend(a->s, s);
4635 s = new_stmt(BPF_ST);
4636 s->s.k = a->regno;
4637 sappend(a->s, s);
4638
4639 return a;
4640 }
4641
4642 struct arth *
4643 gen_arth(code, a0, a1)
4644 int code;
4645 struct arth *a0, *a1;
4646 {
4647 struct slist *s0, *s1, *s2;
4648
4649 s0 = xfer_to_x(a1);
4650 s1 = xfer_to_a(a0);
4651 s2 = new_stmt(BPF_ALU|BPF_X|code);
4652
4653 sappend(s1, s2);
4654 sappend(s0, s1);
4655 sappend(a1->s, s0);
4656 sappend(a0->s, a1->s);
4657
4658 free_reg(a0->regno);
4659 free_reg(a1->regno);
4660
4661 s0 = new_stmt(BPF_ST);
4662 a0->regno = s0->s.k = alloc_reg();
4663 sappend(a0->s, s0);
4664
4665 return a0;
4666 }
4667
4668 /*
4669 * Here we handle simple allocation of the scratch registers.
4670 * If too many registers are alloc'd, the allocator punts.
4671 */
4672 static int regused[BPF_MEMWORDS];
4673 static int curreg;
4674
4675 /*
4676 * Return the next free register.
4677 */
4678 static int
4679 alloc_reg()
4680 {
4681 int n = BPF_MEMWORDS;
4682
4683 while (--n >= 0) {
4684 if (regused[curreg])
4685 curreg = (curreg + 1) % BPF_MEMWORDS;
4686 else {
4687 regused[curreg] = 1;
4688 return curreg;
4689 }
4690 }
4691 bpf_error("too many registers needed to evaluate expression");
4692 /* NOTREACHED */
4693 }
4694
4695 /*
4696 * Return a register to the table so it can
4697 * be used later.
4698 */
4699 static void
4700 free_reg(n)
4701 int n;
4702 {
4703 regused[n] = 0;
4704 }
4705
4706 static struct block *
4707 gen_len(jmp, n)
4708 int jmp, n;
4709 {
4710 struct slist *s;
4711 struct block *b;
4712
4713 s = new_stmt(BPF_LD|BPF_LEN);
4714 b = new_block(JMP(jmp));
4715 b->stmts = s;
4716 b->s.k = n;
4717
4718 return b;
4719 }
4720
4721 struct block *
4722 gen_greater(n)
4723 int n;
4724 {
4725 return gen_len(BPF_JGE, n);
4726 }
4727
4728 /*
4729 * Actually, this is less than or equal.
4730 */
4731 struct block *
4732 gen_less(n)
4733 int n;
4734 {
4735 struct block *b;
4736
4737 b = gen_len(BPF_JGT, n);
4738 gen_not(b);
4739
4740 return b;
4741 }
4742
4743 struct block *
4744 gen_byteop(op, idx, val)
4745 int op, idx, val;
4746 {
4747 struct block *b;
4748 struct slist *s;
4749
4750 switch (op) {
4751 default:
4752 abort();
4753
4754 case '=':
4755 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
4756
4757 case '<':
4758 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
4759 b->s.code = JMP(BPF_JGE);
4760 gen_not(b);
4761 return b;
4762
4763 case '>':
4764 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
4765 b->s.code = JMP(BPF_JGT);
4766 return b;
4767
4768 case '|':
4769 s = new_stmt(BPF_ALU|BPF_OR|BPF_K);
4770 break;
4771
4772 case '&':
4773 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
4774 break;
4775 }
4776 s->s.k = val;
4777 b = new_block(JMP(BPF_JEQ));
4778 b->stmts = s;
4779 gen_not(b);
4780
4781 return b;
4782 }
4783
4784 static u_char abroadcast[] = { 0x0 };
4785
4786 struct block *
4787 gen_broadcast(proto)
4788 int proto;
4789 {
4790 bpf_u_int32 hostmask;
4791 struct block *b0, *b1, *b2;
4792 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
4793
4794 switch (proto) {
4795
4796 case Q_DEFAULT:
4797 case Q_LINK:
4798 if (linktype == DLT_ARCNET || linktype == DLT_ARCNET_LINUX)
4799 return gen_ahostop(abroadcast, Q_DST);
4800 if (linktype == DLT_EN10MB)
4801 return gen_ehostop(ebroadcast, Q_DST);
4802 if (linktype == DLT_FDDI)
4803 return gen_fhostop(ebroadcast, Q_DST);
4804 if (linktype == DLT_IEEE802)
4805 return gen_thostop(ebroadcast, Q_DST);
4806 if (linktype == DLT_IEEE802_11)
4807 return gen_wlanhostop(ebroadcast, Q_DST);
4808 if (linktype == DLT_IP_OVER_FC)
4809 return gen_ipfchostop(ebroadcast, Q_DST);
4810 if (linktype == DLT_SUNATM && is_lane) {
4811 /*
4812 * Check that the packet doesn't begin with an
4813 * LE Control marker. (We've already generated
4814 * a test for LANE.)
4815 */
4816 b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
4817 gen_not(b1);
4818
4819 /*
4820 * Now check the MAC address.
4821 */
4822 b0 = gen_ehostop(ebroadcast, Q_DST);
4823 gen_and(b1, b0);
4824 return b0;
4825 }
4826 bpf_error("not a broadcast link");
4827 break;
4828
4829 case Q_IP:
4830 b0 = gen_linktype(ETHERTYPE_IP);
4831 hostmask = ~netmask;
4832 b1 = gen_mcmp(off_nl + 16, BPF_W, (bpf_int32)0, hostmask);
4833 b2 = gen_mcmp(off_nl + 16, BPF_W,
4834 (bpf_int32)(~0 & hostmask), hostmask);
4835 gen_or(b1, b2);
4836 gen_and(b0, b2);
4837 return b2;
4838 }
4839 bpf_error("only link-layer/IP broadcast filters supported");
4840 /* NOTREACHED */
4841 }
4842
4843 /*
4844 * Generate code to test the low-order bit of a MAC address (that's
4845 * the bottom bit of the *first* byte).
4846 */
4847 static struct block *
4848 gen_mac_multicast(offset)
4849 int offset;
4850 {
4851 register struct block *b0;
4852 register struct slist *s;
4853
4854 /* link[offset] & 1 != 0 */
4855 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4856 s->s.k = offset;
4857 b0 = new_block(JMP(BPF_JSET));
4858 b0->s.k = 1;
4859 b0->stmts = s;
4860 return b0;
4861 }
4862
4863 struct block *
4864 gen_multicast(proto)
4865 int proto;
4866 {
4867 register struct block *b0, *b1, *b2;
4868 register struct slist *s;
4869
4870 switch (proto) {
4871
4872 case Q_DEFAULT:
4873 case Q_LINK:
4874 if (linktype == DLT_ARCNET || linktype == DLT_ARCNET_LINUX)
4875 /* all ARCnet multicasts use the same address */
4876 return gen_ahostop(abroadcast, Q_DST);
4877
4878 if (linktype == DLT_EN10MB) {
4879 /* ether[0] & 1 != 0 */
4880 return gen_mac_multicast(0);
4881 }
4882
4883 if (linktype == DLT_FDDI) {
4884 /*
4885 * XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX
4886 *
4887 * XXX - was that referring to bit-order issues?
4888 */
4889 /* fddi[1] & 1 != 0 */
4890 return gen_mac_multicast(1);
4891 }
4892
4893 if (linktype == DLT_IEEE802) {
4894 /* tr[2] & 1 != 0 */
4895 return gen_mac_multicast(2);
4896 }
4897
4898 if (linktype == DLT_IEEE802_11) {
4899 /*
4900 * Oh, yuk.
4901 *
4902 * For control frames, there is no DA.
4903 *
4904 * For management frames, DA is at an
4905 * offset of 4 from the beginning of
4906 * the packet.
4907 *
4908 * For data frames, DA is at an offset
4909 * of 4 from the beginning of the packet
4910 * if To DS is clear and at an offset of
4911 * 16 from the beginning of the packet
4912 * if To DS is set.
4913 */
4914
4915 /*
4916 * Generate the tests to be done for data frames.
4917 *
4918 * First, check for To DS set, i.e. "link[1] & 0x01".
4919 */
4920 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4921 s->s.k = 1;
4922 b1 = new_block(JMP(BPF_JSET));
4923 b1->s.k = 0x01; /* To DS */
4924 b1->stmts = s;
4925
4926 /*
4927 * If To DS is set, the DA is at 16.
4928 */
4929 b0 = gen_mac_multicast(16);
4930 gen_and(b1, b0);
4931
4932 /*
4933 * Now, check for To DS not set, i.e. check
4934 * "!(link[1] & 0x01)".
4935 */
4936 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4937 s->s.k = 1;
4938 b2 = new_block(JMP(BPF_JSET));
4939 b2->s.k = 0x01; /* To DS */
4940 b2->stmts = s;
4941 gen_not(b2);
4942
4943 /*
4944 * If To DS is not set, the DA is at 4.
4945 */
4946 b1 = gen_mac_multicast(4);
4947 gen_and(b2, b1);
4948
4949 /*
4950 * Now OR together the last two checks. That gives
4951 * the complete set of checks for data frames.
4952 */
4953 gen_or(b1, b0);
4954
4955 /*
4956 * Now check for a data frame.
4957 * I.e, check "link[0] & 0x08".
4958 */
4959 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4960 s->s.k = 0;
4961 b1 = new_block(JMP(BPF_JSET));
4962 b1->s.k = 0x08;
4963 b1->stmts = s;
4964
4965 /*
4966 * AND that with the checks done for data frames.
4967 */
4968 gen_and(b1, b0);
4969
4970 /*
4971 * If the high-order bit of the type value is 0, this
4972 * is a management frame.
4973 * I.e, check "!(link[0] & 0x08)".
4974 */
4975 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4976 s->s.k = 0;
4977 b2 = new_block(JMP(BPF_JSET));
4978 b2->s.k = 0x08;
4979 b2->stmts = s;
4980 gen_not(b2);
4981
4982 /*
4983 * For management frames, the DA is at 4.
4984 */
4985 b1 = gen_mac_multicast(4);
4986 gen_and(b2, b1);
4987
4988 /*
4989 * OR that with the checks done for data frames.
4990 * That gives the checks done for management and
4991 * data frames.
4992 */
4993 gen_or(b1, b0);
4994
4995 /*
4996 * If the low-order bit of the type value is 1,
4997 * this is either a control frame or a frame
4998 * with a reserved type, and thus not a
4999 * frame with an SA.
5000 *
5001 * I.e., check "!(link[0] & 0x04)".
5002 */
5003 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
5004 s->s.k = 0;
5005 b1 = new_block(JMP(BPF_JSET));
5006 b1->s.k = 0x04;
5007 b1->stmts = s;
5008 gen_not(b1);
5009
5010 /*
5011 * AND that with the checks for data and management
5012 * frames.
5013 */
5014 gen_and(b1, b0);
5015 return b0;
5016 }
5017
5018 if (linktype == DLT_IP_OVER_FC) {
5019 b0 = gen_mac_multicast(2);
5020 return b0;
5021 }
5022
5023 if (linktype == DLT_SUNATM && is_lane) {
5024 /*
5025 * Check that the packet doesn't begin with an
5026 * LE Control marker. (We've already generated
5027 * a test for LANE.)
5028 */
5029 b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
5030 gen_not(b1);
5031
5032 /* ether[off_mac] & 1 != 0 */
5033 b0 = gen_mac_multicast(off_mac);
5034 gen_and(b1, b0);
5035 return b0;
5036 }
5037
5038 /* Link not known to support multicasts */
5039 break;
5040
5041 case Q_IP:
5042 b0 = gen_linktype(ETHERTYPE_IP);
5043 b1 = gen_cmp(off_nl + 16, BPF_B, (bpf_int32)224);
5044 b1->s.code = JMP(BPF_JGE);
5045 gen_and(b0, b1);
5046 return b1;
5047
5048 #ifdef INET6
5049 case Q_IPV6:
5050 b0 = gen_linktype(ETHERTYPE_IPV6);
5051 b1 = gen_cmp(off_nl + 24, BPF_B, (bpf_int32)255);
5052 gen_and(b0, b1);
5053 return b1;
5054 #endif /* INET6 */
5055 }
5056 bpf_error("link-layer multicast filters supported only on ethernet/FDDI/token ring/ARCNET/802.11/ATM LANE/Fibre Channel");
5057 /* NOTREACHED */
5058 }
5059
5060 /*
5061 * generate command for inbound/outbound. It's here so we can
5062 * make it link-type specific. 'dir' = 0 implies "inbound",
5063 * = 1 implies "outbound".
5064 */
5065 struct block *
5066 gen_inbound(dir)
5067 int dir;
5068 {
5069 register struct block *b0;
5070
5071 /*
5072 * Only some data link types support inbound/outbound qualifiers.
5073 */
5074 switch (linktype) {
5075 case DLT_SLIP:
5076 b0 = gen_relation(BPF_JEQ,
5077 gen_load(Q_LINK, gen_loadi(0), 1),
5078 gen_loadi(0),
5079 dir);
5080 break;
5081
5082 case DLT_LINUX_SLL:
5083 if (dir) {
5084 /*
5085 * Match packets sent by this machine.
5086 */
5087 b0 = gen_cmp(0, BPF_H, LINUX_SLL_OUTGOING);
5088 } else {
5089 /*
5090 * Match packets sent to this machine.
5091 * (No broadcast or multicast packets, or
5092 * packets sent to some other machine and
5093 * received promiscuously.)
5094 *
5095 * XXX - packets sent to other machines probably
5096 * shouldn't be matched, but what about broadcast
5097 * or multicast packets we received?
5098 */
5099 b0 = gen_cmp(0, BPF_H, LINUX_SLL_HOST);
5100 }
5101 break;
5102
5103 case DLT_PFLOG:
5104 b0 = gen_cmp(offsetof(struct pfloghdr, dir), BPF_B,
5105 (bpf_int32)((dir == 0) ? PF_IN : PF_OUT));
5106 break;
5107
5108 case DLT_PPP_WITHDIRECTION:
5109 if (dir) {
5110 /* match outgoing packets */
5111 b0 = gen_cmp(0, BPF_B, PPP_WITHDIRECTION_OUT);
5112 } else {
5113 /* match incoming packets */
5114 b0 = gen_cmp(0, BPF_B, PPP_WITHDIRECTION_IN);
5115 }
5116 break;
5117
5118 case DLT_JUNIPER_ATM1:
5119 case DLT_JUNIPER_ATM2:
5120 /* juniper flags (including direction) are stored
5121 * the byte after the 3-byte magic number */
5122 if (dir) {
5123 /* match outgoing packets */
5124 b0 = gen_mcmp(3, BPF_B, 0, 0x01);
5125 } else {
5126 /* match incoming packets */
5127 b0 = gen_mcmp(3, BPF_B, 1, 0x01);
5128 }
5129 break;
5130
5131 default:
5132 bpf_error("inbound/outbound not supported on linktype %d",
5133 linktype);
5134 b0 = NULL;
5135 /* NOTREACHED */
5136 }
5137 return (b0);
5138 }
5139
5140 /* PF firewall log matched interface */
5141 struct block *
5142 gen_pf_ifname(const char *ifname)
5143 {
5144 struct block *b0;
5145 u_int len, off;
5146
5147 if (linktype == DLT_PFLOG) {
5148 len = sizeof(((struct pfloghdr *)0)->ifname);
5149 off = offsetof(struct pfloghdr, ifname);
5150 } else {
5151 bpf_error("ifname not supported on linktype 0x%x", linktype);
5152 /* NOTREACHED */
5153 }
5154 if (strlen(ifname) >= len) {
5155 bpf_error("ifname interface names can only be %d characters",
5156 len-1);
5157 /* NOTREACHED */
5158 }
5159 b0 = gen_bcmp(off, strlen(ifname), (const u_char *)ifname);
5160 return (b0);
5161 }
5162
5163 /* PF firewall log matched interface */
5164 struct block *
5165 gen_pf_ruleset(char *ruleset)
5166 {
5167 struct block *b0;
5168
5169 if (linktype != DLT_PFLOG) {
5170 bpf_error("ruleset not supported on linktype 0x%x", linktype);
5171 /* NOTREACHED */
5172 }
5173 if (strlen(ruleset) >= sizeof(((struct pfloghdr *)0)->ruleset)) {
5174 bpf_error("ruleset names can only be %ld characters",
5175 (long)(sizeof(((struct pfloghdr *)0)->ruleset) - 1));
5176 /* NOTREACHED */
5177 }
5178 b0 = gen_bcmp(offsetof(struct pfloghdr, ruleset),
5179 strlen(ruleset), (const u_char *)ruleset);
5180 return (b0);
5181 }
5182
5183 /* PF firewall log rule number */
5184 struct block *
5185 gen_pf_rnr(int rnr)
5186 {
5187 struct block *b0;
5188
5189 if (linktype == DLT_PFLOG) {
5190 b0 = gen_cmp(offsetof(struct pfloghdr, rulenr), BPF_W,
5191 (bpf_int32)rnr);
5192 } else {
5193 bpf_error("rnr not supported on linktype 0x%x", linktype);
5194 /* NOTREACHED */
5195 }
5196
5197 return (b0);
5198 }
5199
5200 /* PF firewall log sub-rule number */
5201 struct block *
5202 gen_pf_srnr(int srnr)
5203 {
5204 struct block *b0;
5205
5206 if (linktype != DLT_PFLOG) {
5207 bpf_error("srnr not supported on linktype 0x%x", linktype);
5208 /* NOTREACHED */
5209 }
5210
5211 b0 = gen_cmp(offsetof(struct pfloghdr, subrulenr), BPF_W,
5212 (bpf_int32)srnr);
5213 return (b0);
5214 }
5215
5216 /* PF firewall log reason code */
5217 struct block *
5218 gen_pf_reason(int reason)
5219 {
5220 struct block *b0;
5221
5222 if (linktype == DLT_PFLOG) {
5223 b0 = gen_cmp(offsetof(struct pfloghdr, reason), BPF_B,
5224 (bpf_int32)reason);
5225 } else {
5226 bpf_error("reason not supported on linktype 0x%x", linktype);
5227 /* NOTREACHED */
5228 }
5229
5230 return (b0);
5231 }
5232
5233 /* PF firewall log action */
5234 struct block *
5235 gen_pf_action(int action)
5236 {
5237 struct block *b0;
5238
5239 if (linktype == DLT_PFLOG) {
5240 b0 = gen_cmp(offsetof(struct pfloghdr, action), BPF_B,
5241 (bpf_int32)action);
5242 } else {
5243 bpf_error("action not supported on linktype 0x%x", linktype);
5244 /* NOTREACHED */
5245 }
5246
5247 return (b0);
5248 }
5249
5250 struct block *
5251 gen_acode(eaddr, q)
5252 register const u_char *eaddr;
5253 struct qual q;
5254 {
5255 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
5256 if (linktype == DLT_ARCNET || linktype == DLT_ARCNET_LINUX)
5257 return gen_ahostop(eaddr, (int)q.dir);
5258 }
5259 bpf_error("ARCnet address used in non-arc expression");
5260 /* NOTREACHED */
5261 }
5262
5263 static struct block *
5264 gen_ahostop(eaddr, dir)
5265 register const u_char *eaddr;
5266 register int dir;
5267 {
5268 register struct block *b0, *b1;
5269
5270 switch (dir) {
5271 /* src comes first, different from Ethernet */
5272 case Q_SRC:
5273 return gen_bcmp(0, 1, eaddr);
5274
5275 case Q_DST:
5276 return gen_bcmp(1, 1, eaddr);
5277
5278 case Q_AND:
5279 b0 = gen_ahostop(eaddr, Q_SRC);
5280 b1 = gen_ahostop(eaddr, Q_DST);
5281 gen_and(b0, b1);
5282 return b1;
5283
5284 case Q_DEFAULT:
5285 case Q_OR:
5286 b0 = gen_ahostop(eaddr, Q_SRC);
5287 b1 = gen_ahostop(eaddr, Q_DST);
5288 gen_or(b0, b1);
5289 return b1;
5290 }
5291 abort();
5292 /* NOTREACHED */
5293 }
5294
5295 /*
5296 * support IEEE 802.1Q VLAN trunk over ethernet
5297 */
5298 struct block *
5299 gen_vlan(vlan_num)
5300 int vlan_num;
5301 {
5302 struct block *b0;
5303
5304 /*
5305 * Change the offsets to point to the type and data fields within
5306 * the VLAN packet. This is somewhat of a kludge.
5307 */
5308 if (orig_nl == (u_int)-1) {
5309 orig_linktype = off_linktype; /* save original values */
5310 orig_nl = off_nl;
5311 orig_nl_nosnap = off_nl_nosnap;
5312
5313 switch (linktype) {
5314
5315 case DLT_EN10MB:
5316 off_linktype = 16;
5317 off_nl_nosnap = 18;
5318 off_nl = 18;
5319 break;
5320
5321 default:
5322 bpf_error("no VLAN support for data link type %d",
5323 linktype);
5324 /*NOTREACHED*/
5325 }
5326 }
5327
5328 /* check for VLAN */
5329 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q);
5330
5331 /* If a specific VLAN is requested, check VLAN id */
5332 if (vlan_num >= 0) {
5333 struct block *b1;
5334
5335 b1 = gen_mcmp(orig_nl, BPF_H, (bpf_int32)vlan_num, 0x0fff);
5336 gen_and(b0, b1);
5337 b0 = b1;
5338 }
5339
5340 return (b0);
5341 }
5342
5343 /*
5344 * support for MPLS
5345 */
5346 struct block *
5347 gen_mpls(label_num)
5348 int label_num;
5349 {
5350 struct block *b0;
5351
5352 /*
5353 * Change the offsets to point to the type and data fields within
5354 * the MPLS packet. This is somewhat of a kludge.
5355 */
5356 if (orig_nl == (u_int)-1) {
5357 orig_linktype = off_linktype; /* save original values */
5358 orig_nl = off_nl;
5359 orig_nl_nosnap = off_nl_nosnap;
5360
5361 switch (linktype) {
5362
5363 case DLT_EN10MB:
5364 off_linktype = 16;
5365 off_nl_nosnap = 18;
5366 off_nl = 18;
5367
5368 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_MPLS);
5369 break;
5370
5371 case DLT_PPP:
5372 off_linktype = 6;
5373 off_nl_nosnap = 8;
5374 off_nl = 8;
5375
5376 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)PPP_MPLS_UCAST);
5377 break;
5378
5379 case DLT_C_HDLC:
5380 off_linktype = 6;
5381 off_nl_nosnap = 8;
5382 off_nl = 8;
5383
5384 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_MPLS);
5385 break;
5386
5387 /* FIXME add other DLT_s ...
5388 * for Frame-Relay/and ATM this may get messy due to SNAP headers
5389 * leave it for now */
5390
5391 default:
5392 bpf_error("no MPLS support for data link type %d",
5393 linktype);
5394 /*NOTREACHED*/
5395 }
5396 } else {
5397 bpf_error("'mpls' can't be combined with 'vlan' or another 'mpls'");
5398 /*NOTREACHED*/
5399 }
5400
5401 /* If a specific MPLS label is requested, check it */
5402 if (label_num >= 0) {
5403 struct block *b1;
5404
5405 label_num = label_num << 12; /* label is shifted 12 bits on the wire */
5406 b1 = gen_mcmp(orig_nl, BPF_W, (bpf_int32)label_num, 0xfffff000); /* only compare the first 20 bits */
5407 gen_and(b0, b1);
5408 b0 = b1;
5409 }
5410
5411 return (b0);
5412 }
5413
5414 struct block *
5415 gen_atmfield_code(atmfield, jvalue, jtype, reverse)
5416 int atmfield;
5417 bpf_u_int32 jvalue;
5418 bpf_u_int32 jtype;
5419 int reverse;
5420 {
5421 struct block *b0;
5422
5423 switch (atmfield) {
5424
5425 case A_VPI:
5426 if (!is_atm)
5427 bpf_error("'vpi' supported only on raw ATM");
5428 if (off_vpi == (u_int)-1)
5429 abort();
5430 b0 = gen_ncmp(BPF_B, off_vpi, 0xffffffff, (u_int)jtype,
5431 (u_int)jvalue, reverse);
5432 break;
5433
5434 case A_VCI:
5435 if (!is_atm)
5436 bpf_error("'vci' supported only on raw ATM");
5437 if (off_vci == (u_int)-1)
5438 abort();
5439 b0 = gen_ncmp(BPF_H, off_vci, 0xffffffff, (u_int)jtype,
5440 (u_int)jvalue, reverse);
5441 break;
5442
5443 case A_PROTOTYPE:
5444 if (off_proto == (u_int)-1)
5445 abort(); /* XXX - this isn't on FreeBSD */
5446 b0 = gen_ncmp(BPF_B, off_proto, 0x0f, (u_int)jtype,
5447 (u_int)jvalue, reverse);
5448 break;
5449
5450 case A_MSGTYPE:
5451 if (off_payload == (u_int)-1)
5452 abort();
5453 b0 = gen_ncmp(BPF_B, off_payload + MSG_TYPE_POS, 0xffffffff,
5454 (u_int)jtype, (u_int)jvalue, reverse);
5455 break;
5456
5457 case A_CALLREFTYPE:
5458 if (!is_atm)
5459 bpf_error("'callref' supported only on raw ATM");
5460 if (off_proto == (u_int)-1)
5461 abort();
5462 b0 = gen_ncmp(BPF_B, off_proto, 0xffffffff, (u_int)jtype,
5463 (u_int)jvalue, reverse);
5464 break;
5465
5466 default:
5467 abort();
5468 }
5469 return b0;
5470 }
5471
5472 struct block *
5473 gen_atmtype_abbrev(type)
5474 int type;
5475 {
5476 struct block *b0, *b1;
5477
5478 switch (type) {
5479
5480 case A_METAC:
5481 /* Get all packets in Meta signalling Circuit */
5482 if (!is_atm)
5483 bpf_error("'metac' supported only on raw ATM");
5484 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5485 b1 = gen_atmfield_code(A_VCI, 1, BPF_JEQ, 0);
5486 gen_and(b0, b1);
5487 break;
5488
5489 case A_BCC:
5490 /* Get all packets in Broadcast Circuit*/
5491 if (!is_atm)
5492 bpf_error("'bcc' supported only on raw ATM");
5493 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5494 b1 = gen_atmfield_code(A_VCI, 2, BPF_JEQ, 0);
5495 gen_and(b0, b1);
5496 break;
5497
5498 case A_OAMF4SC:
5499 /* Get all cells in Segment OAM F4 circuit*/
5500 if (!is_atm)
5501 bpf_error("'oam4sc' supported only on raw ATM");
5502 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5503 b1 = gen_atmfield_code(A_VCI, 3, BPF_JEQ, 0);
5504 gen_and(b0, b1);
5505 break;
5506
5507 case A_OAMF4EC:
5508 /* Get all cells in End-to-End OAM F4 Circuit*/
5509 if (!is_atm)
5510 bpf_error("'oam4ec' supported only on raw ATM");
5511 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5512 b1 = gen_atmfield_code(A_VCI, 4, BPF_JEQ, 0);
5513 gen_and(b0, b1);
5514 break;
5515
5516 case A_SC:
5517 /* Get all packets in connection Signalling Circuit */
5518 if (!is_atm)
5519 bpf_error("'sc' supported only on raw ATM");
5520 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5521 b1 = gen_atmfield_code(A_VCI, 5, BPF_JEQ, 0);
5522 gen_and(b0, b1);
5523 break;
5524
5525 case A_ILMIC:
5526 /* Get all packets in ILMI Circuit */
5527 if (!is_atm)
5528 bpf_error("'ilmic' supported only on raw ATM");
5529 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5530 b1 = gen_atmfield_code(A_VCI, 16, BPF_JEQ, 0);
5531 gen_and(b0, b1);
5532 break;
5533
5534 case A_LANE:
5535 /* Get all LANE packets */
5536 if (!is_atm)
5537 bpf_error("'lane' supported only on raw ATM");
5538 b1 = gen_atmfield_code(A_PROTOTYPE, PT_LANE, BPF_JEQ, 0);
5539
5540 /*
5541 * Arrange that all subsequent tests assume LANE
5542 * rather than LLC-encapsulated packets, and set
5543 * the offsets appropriately for LANE-encapsulated
5544 * Ethernet.
5545 *
5546 * "off_mac" is the offset of the Ethernet header,
5547 * which is 2 bytes past the ATM pseudo-header
5548 * (skipping the pseudo-header and 2-byte LE Client
5549 * field). The other offsets are Ethernet offsets
5550 * relative to "off_mac".
5551 */
5552 is_lane = 1;
5553 off_mac = off_payload + 2; /* MAC header */
5554 off_linktype = off_mac + 12;
5555 off_nl = off_mac + 14; /* Ethernet II */
5556 off_nl_nosnap = off_mac + 17; /* 802.3+802.2 */
5557 break;
5558
5559 case A_LLC:
5560 /* Get all LLC-encapsulated packets */
5561 if (!is_atm)
5562 bpf_error("'llc' supported only on raw ATM");
5563 b1 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0);
5564 is_lane = 0;
5565 break;
5566
5567 default:
5568 abort();
5569 }
5570 return b1;
5571 }
5572
5573
5574 static struct block *
5575 gen_msg_abbrev(type)
5576 int type;
5577 {
5578 struct block *b1;
5579
5580 /*
5581 * Q.2931 signalling protocol messages for handling virtual circuits
5582 * establishment and teardown
5583 */
5584 switch (type) {
5585
5586 case A_SETUP:
5587 b1 = gen_atmfield_code(A_MSGTYPE, SETUP, BPF_JEQ, 0);
5588 break;
5589
5590 case A_CALLPROCEED:
5591 b1 = gen_atmfield_code(A_MSGTYPE, CALL_PROCEED, BPF_JEQ, 0);
5592 break;
5593
5594 case A_CONNECT:
5595 b1 = gen_atmfield_code(A_MSGTYPE, CONNECT, BPF_JEQ, 0);
5596 break;
5597
5598 case A_CONNECTACK:
5599 b1 = gen_atmfield_code(A_MSGTYPE, CONNECT_ACK, BPF_JEQ, 0);
5600 break;
5601
5602 case A_RELEASE:
5603 b1 = gen_atmfield_code(A_MSGTYPE, RELEASE, BPF_JEQ, 0);
5604 break;
5605
5606 case A_RELEASE_DONE:
5607 b1 = gen_atmfield_code(A_MSGTYPE, RELEASE_DONE, BPF_JEQ, 0);
5608 break;
5609
5610 default:
5611 abort();
5612 }
5613 return b1;
5614 }
5615
5616 struct block *
5617 gen_atmmulti_abbrev(type)
5618 int type;
5619 {
5620 struct block *b0, *b1;
5621
5622 switch (type) {
5623
5624 case A_OAM:
5625 if (!is_atm)
5626 bpf_error("'oam' supported only on raw ATM");
5627 b1 = gen_atmmulti_abbrev(A_OAMF4);
5628 break;
5629
5630 case A_OAMF4:
5631 if (!is_atm)
5632 bpf_error("'oamf4' supported only on raw ATM");
5633 /* OAM F4 type */
5634 b0 = gen_atmfield_code(A_VCI, 3, BPF_JEQ, 0);
5635 b1 = gen_atmfield_code(A_VCI, 4, BPF_JEQ, 0);
5636 gen_or(b0, b1);
5637 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5638 gen_and(b0, b1);
5639 break;
5640
5641 case A_CONNECTMSG:
5642 /*
5643 * Get Q.2931 signalling messages for switched
5644 * virtual connection
5645 */
5646 if (!is_atm)
5647 bpf_error("'connectmsg' supported only on raw ATM");
5648 b0 = gen_msg_abbrev(A_SETUP);
5649 b1 = gen_msg_abbrev(A_CALLPROCEED);
5650 gen_or(b0, b1);
5651 b0 = gen_msg_abbrev(A_CONNECT);
5652 gen_or(b0, b1);
5653 b0 = gen_msg_abbrev(A_CONNECTACK);
5654 gen_or(b0, b1);
5655 b0 = gen_msg_abbrev(A_RELEASE);
5656 gen_or(b0, b1);
5657 b0 = gen_msg_abbrev(A_RELEASE_DONE);
5658 gen_or(b0, b1);
5659 b0 = gen_atmtype_abbrev(A_SC);
5660 gen_and(b0, b1);
5661 break;
5662
5663 case A_METACONNECT:
5664 if (!is_atm)
5665 bpf_error("'metaconnect' supported only on raw ATM");
5666 b0 = gen_msg_abbrev(A_SETUP);
5667 b1 = gen_msg_abbrev(A_CALLPROCEED);
5668 gen_or(b0, b1);
5669 b0 = gen_msg_abbrev(A_CONNECT);
5670 gen_or(b0, b1);
5671 b0 = gen_msg_abbrev(A_RELEASE);
5672 gen_or(b0, b1);
5673 b0 = gen_msg_abbrev(A_RELEASE_DONE);
5674 gen_or(b0, b1);
5675 b0 = gen_atmtype_abbrev(A_METAC);
5676 gen_and(b0, b1);
5677 break;
5678
5679 default:
5680 abort();
5681 }
5682 return b1;
5683 }
[mirror] the LIBpcap interface to various kernel packet capture mechanism