]> The Tcpdump Group git mirrors - libpcap/blob - gencode.c
projects / libpcap / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
add support for DLT_JUNIPER_ATM1 (137) and DLT_JUNIPER_ATM2 (135)
[libpcap] / gencode.c
1 /*#define CHASE_CHAIN*/
2 /*
3 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998
4 * The Regents of the University of California. All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that: (1) source code distributions
8 * retain the above copyright notice and this paragraph in its entirety, (2)
9 * distributions including binary code include the above copyright notice and
10 * this paragraph in its entirety in the documentation or other materials
11 * provided with the distribution, and (3) all advertising materials mentioning
12 * features or use of this software display the following acknowledgement:
13 * ``This product includes software developed by the University of California,
14 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
15 * the University nor the names of its contributors may be used to endorse
16 * or promote products derived from this software without specific prior
17 * written permission.
18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
19 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
20 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
21 */
22 #ifndef lint
23 static const char rcsid[] _U_ =
24 "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.210 2004-10-19 15:55:28 hannes Exp $ (LBL)";
25 #endif
26
27 #ifdef HAVE_CONFIG_H
28 #include "config.h"
29 #endif
30
31 #ifdef WIN32
32 #include <pcap-stdinc.h>
33 #else /* WIN32 */
34 #include <sys/types.h>
35 #include <sys/socket.h>
36 #include <sys/time.h>
37 #endif /* WIN32 */
38
39 /*
40 * XXX - why was this included even on UNIX?
41 */
42 #ifdef __MINGW32__
43 #include "IP6_misc.h"
44 #endif
45
46 #ifndef WIN32
47
48 #ifdef __NetBSD__
49 #include <sys/param.h>
50 #endif
51
52 #include <netinet/in.h>
53
54 #endif /* WIN32 */
55
56 #include <stdlib.h>
57 #include <string.h>
58 #include <memory.h>
59 #include <setjmp.h>
60 #include <stdarg.h>
61
62 #include "pcap-int.h"
63
64 #include "ethertype.h"
65 #include "nlpid.h"
66 #include "llc.h"
67 #include "gencode.h"
68 #include "atmuni31.h"
69 #include "sunatmpos.h"
70 #include "ppp.h"
71 #include "sll.h"
72 #include "arcnet.h"
73 #include "pf.h"
74 #ifndef offsetof
75 #define offsetof(s, e) ((size_t)&((s *)0)->e)
76 #endif
77 #ifdef INET6
78 #ifndef WIN32
79 #include <netdb.h> /* for "struct addrinfo" */
80 #endif /* WIN32 */
81 #endif /*INET6*/
82 #include <pcap-namedb.h>
83
84 #define ETHERMTU 1500
85
86 #ifndef IPPROTO_SCTP
87 #define IPPROTO_SCTP 132
88 #endif
89
90 #ifdef HAVE_OS_PROTO_H
91 #include "os-proto.h"
92 #endif
93
94 #define JMP(c) ((c)|BPF_JMP|BPF_K)
95
96 /* Locals */
97 static jmp_buf top_ctx;
98 static pcap_t *bpf_pcap;
99
100 /* Hack for updating VLAN, MPLS offsets. */
101 static u_int orig_linktype = -1U, orig_nl = -1U, orig_nl_nosnap = -1U;
102
103 /* XXX */
104 #ifdef PCAP_FDDIPAD
105 int pcap_fddipad = PCAP_FDDIPAD;
106 #else
107 int pcap_fddipad;
108 #endif
109
110 /* VARARGS */
111 void
112 bpf_error(const char *fmt, ...)
113
114 {
115 va_list ap;
116
117 va_start(ap, fmt);
118 if (bpf_pcap != NULL)
119 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE,
120 fmt, ap);
121 va_end(ap);
122 longjmp(top_ctx, 1);
123 /* NOTREACHED */
124 }
125
126 static void init_linktype(int);
127
128 static int alloc_reg(void);
129 static void free_reg(int);
130
131 static struct block *root;
132
133 /*
134 * We divy out chunks of memory rather than call malloc each time so
135 * we don't have to worry about leaking memory. It's probably
136 * not a big deal if all this memory was wasted but it this ever
137 * goes into a library that would probably not be a good idea.
138 */
139 #define NCHUNKS 16
140 #define CHUNK0SIZE 1024
141 struct chunk {
142 u_int n_left;
143 void *m;
144 };
145
146 static struct chunk chunks[NCHUNKS];
147 static int cur_chunk;
148
149 static void *newchunk(u_int);
150 static void freechunks(void);
151 static inline struct block *new_block(int);
152 static inline struct slist *new_stmt(int);
153 static struct block *gen_retblk(int);
154 static inline void syntax(void);
155
156 static void backpatch(struct block *, struct block *);
157 static void merge(struct block *, struct block *);
158 static struct block *gen_cmp(u_int, u_int, bpf_int32);
159 static struct block *gen_cmp_gt(u_int, u_int, bpf_int32);
160 static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32);
161 static struct block *gen_bcmp(u_int, u_int, const u_char *);
162 static struct block *gen_ncmp(bpf_u_int32, bpf_u_int32, bpf_u_int32,
163 bpf_u_int32, bpf_u_int32, int);
164 static struct block *gen_uncond(int);
165 static inline struct block *gen_true(void);
166 static inline struct block *gen_false(void);
167 static struct block *gen_ether_linktype(int);
168 static struct block *gen_linktype(int);
169 static struct block *gen_snap(bpf_u_int32, bpf_u_int32, u_int);
170 static struct block *gen_llc(int);
171 static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int);
172 #ifdef INET6
173 static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int);
174 #endif
175 static struct block *gen_ahostop(const u_char *, int);
176 static struct block *gen_ehostop(const u_char *, int);
177 static struct block *gen_fhostop(const u_char *, int);
178 static struct block *gen_thostop(const u_char *, int);
179 static struct block *gen_wlanhostop(const u_char *, int);
180 static struct block *gen_ipfchostop(const u_char *, int);
181 static struct block *gen_dnhostop(bpf_u_int32, int, u_int);
182 static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int);
183 #ifdef INET6
184 static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int);
185 #endif
186 #ifndef INET6
187 static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int);
188 #endif
189 static struct block *gen_ipfrag(void);
190 static struct block *gen_portatom(int, bpf_int32);
191 #ifdef INET6
192 static struct block *gen_portatom6(int, bpf_int32);
193 #endif
194 struct block *gen_portop(int, int, int);
195 static struct block *gen_port(int, int, int);
196 #ifdef INET6
197 struct block *gen_portop6(int, int, int);
198 static struct block *gen_port6(int, int, int);
199 #endif
200 static int lookup_proto(const char *, int);
201 static struct block *gen_protochain(int, int, int);
202 static struct block *gen_proto(int, int, int);
203 static struct slist *xfer_to_x(struct arth *);
204 static struct slist *xfer_to_a(struct arth *);
205 static struct block *gen_mac_multicast(int);
206 static struct block *gen_len(int, int);
207
208 static struct block *gen_msg_abbrev(int type);
209
210 static void *
211 newchunk(n)
212 u_int n;
213 {
214 struct chunk *cp;
215 int k;
216 size_t size;
217
218 #ifndef __NetBSD__
219 /* XXX Round up to nearest long. */
220 n = (n + sizeof(long) - 1) & ~(sizeof(long) - 1);
221 #else
222 /* XXX Round up to structure boundary. */
223 n = ALIGN(n);
224 #endif
225
226 cp = &chunks[cur_chunk];
227 if (n > cp->n_left) {
228 ++cp, k = ++cur_chunk;
229 if (k >= NCHUNKS)
230 bpf_error("out of memory");
231 size = CHUNK0SIZE << k;
232 cp->m = (void *)malloc(size);
233 if (cp->m == NULL)
234 bpf_error("out of memory");
235 memset((char *)cp->m, 0, size);
236 cp->n_left = size;
237 if (n > size)
238 bpf_error("out of memory");
239 }
240 cp->n_left -= n;
241 return (void *)((char *)cp->m + cp->n_left);
242 }
243
244 static void
245 freechunks()
246 {
247 int i;
248
249 cur_chunk = 0;
250 for (i = 0; i < NCHUNKS; ++i)
251 if (chunks[i].m != NULL) {
252 free(chunks[i].m);
253 chunks[i].m = NULL;
254 }
255 }
256
257 /*
258 * A strdup whose allocations are freed after code generation is over.
259 */
260 char *
261 sdup(s)
262 register const char *s;
263 {
264 int n = strlen(s) + 1;
265 char *cp = newchunk(n);
266
267 strlcpy(cp, s, n);
268 return (cp);
269 }
270
271 static inline struct block *
272 new_block(code)
273 int code;
274 {
275 struct block *p;
276
277 p = (struct block *)newchunk(sizeof(*p));
278 p->s.code = code;
279 p->head = p;
280
281 return p;
282 }
283
284 static inline struct slist *
285 new_stmt(code)
286 int code;
287 {
288 struct slist *p;
289
290 p = (struct slist *)newchunk(sizeof(*p));
291 p->s.code = code;
292
293 return p;
294 }
295
296 static struct block *
297 gen_retblk(v)
298 int v;
299 {
300 struct block *b = new_block(BPF_RET|BPF_K);
301
302 b->s.k = v;
303 return b;
304 }
305
306 static inline void
307 syntax()
308 {
309 bpf_error("syntax error in filter expression");
310 }
311
312 static bpf_u_int32 netmask;
313 static int snaplen;
314 int no_optimize;
315
316 int
317 pcap_compile(pcap_t *p, struct bpf_program *program,
318 char *buf, int optimize, bpf_u_int32 mask)
319 {
320 extern int n_errors;
321 int len;
322
323 no_optimize = 0;
324 n_errors = 0;
325 root = NULL;
326 bpf_pcap = p;
327 if (setjmp(top_ctx)) {
328 lex_cleanup();
329 freechunks();
330 return (-1);
331 }
332
333 netmask = mask;
334
335 snaplen = pcap_snapshot(p);
336 if (snaplen == 0) {
337 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
338 "snaplen of 0 rejects all packets");
339 return -1;
340 }
341
342 lex_init(buf ? buf : "");
343 init_linktype(pcap_datalink(p));
344 (void)pcap_parse();
345
346 if (n_errors)
347 syntax();
348
349 if (root == NULL)
350 root = gen_retblk(snaplen);
351
352 if (optimize && !no_optimize) {
353 bpf_optimize(&root);
354 if (root == NULL ||
355 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0))
356 bpf_error("expression rejects all packets");
357 }
358 program->bf_insns = icode_to_fcode(root, &len);
359 program->bf_len = len;
360
361 lex_cleanup();
362 freechunks();
363 return (0);
364 }
365
366 /*
367 * entry point for using the compiler with no pcap open
368 * pass in all the stuff that is needed explicitly instead.
369 */
370 int
371 pcap_compile_nopcap(int snaplen_arg, int linktype_arg,
372 struct bpf_program *program,
373 char *buf, int optimize, bpf_u_int32 mask)
374 {
375 pcap_t *p;
376 int ret;
377
378 p = pcap_open_dead(linktype_arg, snaplen_arg);
379 if (p == NULL)
380 return (-1);
381 ret = pcap_compile(p, program, buf, optimize, mask);
382 pcap_close(p);
383 return (ret);
384 }
385
386 /*
387 * Clean up a "struct bpf_program" by freeing all the memory allocated
388 * in it.
389 */
390 void
391 pcap_freecode(struct bpf_program *program)
392 {
393 program->bf_len = 0;
394 if (program->bf_insns != NULL) {
395 free((char *)program->bf_insns);
396 program->bf_insns = NULL;
397 }
398 }
399
400 /*
401 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates
402 * which of the jt and jf fields has been resolved and which is a pointer
403 * back to another unresolved block (or nil). At least one of the fields
404 * in each block is already resolved.
405 */
406 static void
407 backpatch(list, target)
408 struct block *list, *target;
409 {
410 struct block *next;
411
412 while (list) {
413 if (!list->sense) {
414 next = JT(list);
415 JT(list) = target;
416 } else {
417 next = JF(list);
418 JF(list) = target;
419 }
420 list = next;
421 }
422 }
423
424 /*
425 * Merge the lists in b0 and b1, using the 'sense' field to indicate
426 * which of jt and jf is the link.
427 */
428 static void
429 merge(b0, b1)
430 struct block *b0, *b1;
431 {
432 register struct block **p = &b0;
433
434 /* Find end of list. */
435 while (*p)
436 p = !((*p)->sense) ? &JT(*p) : &JF(*p);
437
438 /* Concatenate the lists. */
439 *p = b1;
440 }
441
442 void
443 finish_parse(p)
444 struct block *p;
445 {
446 backpatch(p, gen_retblk(snaplen));
447 p->sense = !p->sense;
448 backpatch(p, gen_retblk(0));
449 root = p->head;
450 }
451
452 void
453 gen_and(b0, b1)
454 struct block *b0, *b1;
455 {
456 backpatch(b0, b1->head);
457 b0->sense = !b0->sense;
458 b1->sense = !b1->sense;
459 merge(b1, b0);
460 b1->sense = !b1->sense;
461 b1->head = b0->head;
462 }
463
464 void
465 gen_or(b0, b1)
466 struct block *b0, *b1;
467 {
468 b0->sense = !b0->sense;
469 backpatch(b0, b1->head);
470 b0->sense = !b0->sense;
471 merge(b1, b0);
472 b1->head = b0->head;
473 }
474
475 void
476 gen_not(b)
477 struct block *b;
478 {
479 b->sense = !b->sense;
480 }
481
482 static struct block *
483 gen_cmp(offset, size, v)
484 u_int offset, size;
485 bpf_int32 v;
486 {
487 struct slist *s;
488 struct block *b;
489
490 s = new_stmt(BPF_LD|BPF_ABS|size);
491 s->s.k = offset;
492
493 b = new_block(JMP(BPF_JEQ));
494 b->stmts = s;
495 b->s.k = v;
496
497 return b;
498 }
499
500 static struct block *
501 gen_cmp_gt(offset, size, v)
502 u_int offset, size;
503 bpf_int32 v;
504 {
505 struct slist *s;
506 struct block *b;
507
508 s = new_stmt(BPF_LD|BPF_ABS|size);
509 s->s.k = offset;
510
511 b = new_block(JMP(BPF_JGT));
512 b->stmts = s;
513 b->s.k = v;
514
515 return b;
516 }
517
518 static struct block *
519 gen_mcmp(offset, size, v, mask)
520 u_int offset, size;
521 bpf_int32 v;
522 bpf_u_int32 mask;
523 {
524 struct block *b = gen_cmp(offset, size, v);
525 struct slist *s;
526
527 if (mask != 0xffffffff) {
528 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
529 s->s.k = mask;
530 b->stmts->next = s;
531 }
532 return b;
533 }
534
535 static struct block *
536 gen_bcmp(offset, size, v)
537 register u_int offset, size;
538 register const u_char *v;
539 {
540 register struct block *b, *tmp;
541
542 b = NULL;
543 while (size >= 4) {
544 register const u_char *p = &v[size - 4];
545 bpf_int32 w = ((bpf_int32)p[0] << 24) |
546 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3];
547
548 tmp = gen_cmp(offset + size - 4, BPF_W, w);
549 if (b != NULL)
550 gen_and(b, tmp);
551 b = tmp;
552 size -= 4;
553 }
554 while (size >= 2) {
555 register const u_char *p = &v[size - 2];
556 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1];
557
558 tmp = gen_cmp(offset + size - 2, BPF_H, w);
559 if (b != NULL)
560 gen_and(b, tmp);
561 b = tmp;
562 size -= 2;
563 }
564 if (size > 0) {
565 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]);
566 if (b != NULL)
567 gen_and(b, tmp);
568 b = tmp;
569 }
570 return b;
571 }
572
573 static struct block *
574 gen_ncmp(datasize, offset, mask, jtype, jvalue, reverse)
575 bpf_u_int32 datasize, offset, mask, jtype, jvalue;
576 int reverse;
577 {
578 struct slist *s;
579 struct block *b;
580
581 s = new_stmt(BPF_LD|datasize|BPF_ABS);
582 s->s.k = offset;
583
584 if (mask != 0xffffffff) {
585 s->next = new_stmt(BPF_ALU|BPF_AND|BPF_K);
586 s->next->s.k = mask;
587 }
588
589 b = new_block(JMP(jtype));
590 b->stmts = s;
591 b->s.k = jvalue;
592 if (reverse && (jtype == BPF_JGT || jtype == BPF_JGE))
593 gen_not(b);
594 return b;
595 }
596
597 /*
598 * Various code constructs need to know the layout of the data link
599 * layer. These variables give the necessary offsets.
600 */
601
602 /*
603 * This is the offset of the beginning of the MAC-layer header.
604 * It's usually 0, except for ATM LANE.
605 */
606 static u_int off_mac;
607
608 /*
609 * "off_linktype" is the offset to information in the link-layer header
610 * giving the packet type.
611 *
612 * For Ethernet, it's the offset of the Ethernet type field.
613 *
614 * For link-layer types that always use 802.2 headers, it's the
615 * offset of the LLC header.
616 *
617 * For PPP, it's the offset of the PPP type field.
618 *
619 * For Cisco HDLC, it's the offset of the CHDLC type field.
620 *
621 * For BSD loopback, it's the offset of the AF_ value.
622 *
623 * For Linux cooked sockets, it's the offset of the type field.
624 *
625 * It's set to -1 for no encapsulation, in which case, IP is assumed.
626 */
627 static u_int off_linktype;
628
629 /*
630 * TRUE if the link layer includes an ATM pseudo-header.
631 */
632 static int is_atm = 0;
633
634 /*
635 * TRUE if "lane" appeared in the filter; it causes us to generate
636 * code that assumes LANE rather than LLC-encapsulated traffic in SunATM.
637 */
638 static int is_lane = 0;
639
640 /*
641 * These are offsets for the ATM pseudo-header.
642 */
643 static u_int off_vpi;
644 static u_int off_vci;
645 static u_int off_proto;
646
647 /*
648 * This is the offset of the first byte after the ATM pseudo_header,
649 * or -1 if there is no ATM pseudo-header.
650 */
651 static u_int off_payload;
652
653 /*
654 * These are offsets to the beginning of the network-layer header.
655 *
656 * If the link layer never uses 802.2 LLC:
657 *
658 * "off_nl" and "off_nl_nosnap" are the same.
659 *
660 * If the link layer always uses 802.2 LLC:
661 *
662 * "off_nl" is the offset if there's a SNAP header following
663 * the 802.2 header;
664 *
665 * "off_nl_nosnap" is the offset if there's no SNAP header.
666 *
667 * If the link layer is Ethernet:
668 *
669 * "off_nl" is the offset if the packet is an Ethernet II packet
670 * (we assume no 802.3+802.2+SNAP);
671 *
672 * "off_nl_nosnap" is the offset if the packet is an 802.3 packet
673 * with an 802.2 header following it.
674 */
675 static u_int off_nl;
676 static u_int off_nl_nosnap;
677
678 static int linktype;
679
680 static void
681 init_linktype(type)
682 int type;
683 {
684 linktype = type;
685
686 /*
687 * Assume it's not raw ATM with a pseudo-header, for now.
688 */
689 off_mac = 0;
690 is_atm = 0;
691 is_lane = 0;
692 off_vpi = -1;
693 off_vci = -1;
694 off_proto = -1;
695 off_payload = -1;
696
697 orig_linktype = -1;
698 orig_nl = -1;
699 orig_nl_nosnap = -1;
700
701 switch (type) {
702
703 case DLT_ARCNET:
704 off_linktype = 2;
705 off_nl = 6; /* XXX in reality, variable! */
706 off_nl_nosnap = 6; /* no 802.2 LLC */
707 return;
708
709 case DLT_ARCNET_LINUX:
710 off_linktype = 4;
711 off_nl = 8; /* XXX in reality, variable! */
712 off_nl_nosnap = 8; /* no 802.2 LLC */
713 return;
714
715 case DLT_EN10MB:
716 off_linktype = 12;
717 off_nl = 14; /* Ethernet II */
718 off_nl_nosnap = 17; /* 802.3+802.2 */
719 return;
720
721 case DLT_SLIP:
722 /*
723 * SLIP doesn't have a link level type. The 16 byte
724 * header is hacked into our SLIP driver.
725 */
726 off_linktype = -1;
727 off_nl = 16;
728 off_nl_nosnap = 16; /* no 802.2 LLC */
729 return;
730
731 case DLT_SLIP_BSDOS:
732 /* XXX this may be the same as the DLT_PPP_BSDOS case */
733 off_linktype = -1;
734 /* XXX end */
735 off_nl = 24;
736 off_nl_nosnap = 24; /* no 802.2 LLC */
737 return;
738
739 case DLT_NULL:
740 case DLT_LOOP:
741 off_linktype = 0;
742 off_nl = 4;
743 off_nl_nosnap = 4; /* no 802.2 LLC */
744 return;
745
746 case DLT_ENC:
747 off_linktype = 0;
748 off_nl = 12;
749 off_nl_nosnap = 12; /* no 802.2 LLC */
750 return;
751
752 case DLT_PPP:
753 case DLT_PPP_WITHDIRECTION:
754 case DLT_C_HDLC: /* BSD/OS Cisco HDLC */
755 case DLT_PPP_SERIAL: /* NetBSD sync/async serial PPP */
756 off_linktype = 2;
757 off_nl = 4;
758 off_nl_nosnap = 4; /* no 802.2 LLC */
759 return;
760
761 case DLT_PPP_ETHER:
762 /*
763 * This does no include the Ethernet header, and
764 * only covers session state.
765 */
766 off_linktype = 6;
767 off_nl = 8;
768 off_nl_nosnap = 8; /* no 802.2 LLC */
769 return;
770
771 case DLT_PPP_BSDOS:
772 off_linktype = 5;
773 off_nl = 24;
774 off_nl_nosnap = 24; /* no 802.2 LLC */
775 return;
776
777 case DLT_FDDI:
778 /*
779 * FDDI doesn't really have a link-level type field.
780 * We set "off_linktype" to the offset of the LLC header.
781 *
782 * To check for Ethernet types, we assume that SSAP = SNAP
783 * is being used and pick out the encapsulated Ethernet type.
784 * XXX - should we generate code to check for SNAP?
785 */
786 off_linktype = 13;
787 #ifdef PCAP_FDDIPAD
788 off_linktype += pcap_fddipad;
789 #endif
790 off_nl = 21; /* FDDI+802.2+SNAP */
791 off_nl_nosnap = 16; /* FDDI+802.2 */
792 #ifdef PCAP_FDDIPAD
793 off_nl += pcap_fddipad;
794 off_nl_nosnap += pcap_fddipad;
795 #endif
796 return;
797
798 case DLT_IEEE802:
799 /*
800 * Token Ring doesn't really have a link-level type field.
801 * We set "off_linktype" to the offset of the LLC header.
802 *
803 * To check for Ethernet types, we assume that SSAP = SNAP
804 * is being used and pick out the encapsulated Ethernet type.
805 * XXX - should we generate code to check for SNAP?
806 *
807 * XXX - the header is actually variable-length.
808 * Some various Linux patched versions gave 38
809 * as "off_linktype" and 40 as "off_nl"; however,
810 * if a token ring packet has *no* routing
811 * information, i.e. is not source-routed, the correct
812 * values are 20 and 22, as they are in the vanilla code.
813 *
814 * A packet is source-routed iff the uppermost bit
815 * of the first byte of the source address, at an
816 * offset of 8, has the uppermost bit set. If the
817 * packet is source-routed, the total number of bytes
818 * of routing information is 2 plus bits 0x1F00 of
819 * the 16-bit value at an offset of 14 (shifted right
820 * 8 - figure out which byte that is).
821 */
822 off_linktype = 14;
823 off_nl = 22; /* Token Ring+802.2+SNAP */
824 off_nl_nosnap = 17; /* Token Ring+802.2 */
825 return;
826
827 case DLT_IEEE802_11:
828 /*
829 * 802.11 doesn't really have a link-level type field.
830 * We set "off_linktype" to the offset of the LLC header.
831 *
832 * To check for Ethernet types, we assume that SSAP = SNAP
833 * is being used and pick out the encapsulated Ethernet type.
834 * XXX - should we generate code to check for SNAP?
835 *
836 * XXX - the header is actually variable-length. We
837 * assume a 24-byte link-layer header, as appears in
838 * data frames in networks with no bridges. If the
839 * fromds and tods 802.11 header bits are both set,
840 * it's actually supposed to be 30 bytes.
841 */
842 off_linktype = 24;
843 off_nl = 32; /* 802.11+802.2+SNAP */
844 off_nl_nosnap = 27; /* 802.11+802.2 */
845 return;
846
847 case DLT_PRISM_HEADER:
848 /*
849 * Same as 802.11, but with an additional header before
850 * the 802.11 header, containing a bunch of additional
851 * information including radio-level information.
852 *
853 * The header is 144 bytes long.
854 *
855 * XXX - same variable-length header problem; at least
856 * the Prism header is fixed-length.
857 */
858 off_linktype = 144+24;
859 off_nl = 144+32; /* Prism+802.11+802.2+SNAP */
860 off_nl_nosnap = 144+27; /* Prism+802.11+802.2 */
861 return;
862
863 case DLT_IEEE802_11_RADIO_AVS:
864 /*
865 * Same as 802.11, but with an additional header before
866 * the 802.11 header, containing a bunch of additional
867 * information including radio-level information.
868 *
869 * The header is 64 bytes long, at least in its
870 * current incarnation.
871 *
872 * XXX - same variable-length header problem, only
873 * more so; this header is also variable-length,
874 * with the length being the 32-bit big-endian
875 * number at an offset of 4 from the beginning
876 * of the radio header.
877 */
878 off_linktype = 64+24;
879 off_nl = 64+32; /* Radio+802.11+802.2+SNAP */
880 off_nl_nosnap = 64+27; /* Radio+802.11+802.2 */
881 return;
882
883 case DLT_IEEE802_11_RADIO:
884 /*
885 * Same as 802.11, but with an additional header before
886 * the 802.11 header, containing a bunch of additional
887 * information including radio-level information.
888 *
889 * XXX - same variable-length header problem, only
890 * even *more* so; this header is also variable-length,
891 * with the length being the 16-bit number at an offset
892 * of 2 from the beginning of the radio header, and it's
893 * device-dependent (different devices might supply
894 * different amounts of information), so we can't even
895 * assume a fixed length for the current version of the
896 * header.
897 *
898 * Therefore, currently, only raw "link[N:M]" filtering is
899 * supported.
900 */
901 off_linktype = -1;
902 off_nl = -1;
903 off_nl_nosnap = -1;
904 return;
905
906 case DLT_ATM_RFC1483:
907 case DLT_ATM_CLIP: /* Linux ATM defines this */
908 /*
909 * assume routed, non-ISO PDUs
910 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00)
911 */
912 off_linktype = 0;
913 off_nl = 8; /* 802.2+SNAP */
914 off_nl_nosnap = 3; /* 802.2 */
915 return;
916
917 case DLT_SUNATM:
918 /*
919 * Full Frontal ATM; you get AALn PDUs with an ATM
920 * pseudo-header.
921 */
922 is_atm = 1;
923 off_vpi = SUNATM_VPI_POS;
924 off_vci = SUNATM_VCI_POS;
925 off_proto = PROTO_POS;
926 off_mac = -1; /* LLC-encapsulated, so no MAC-layer header */
927 off_payload = SUNATM_PKT_BEGIN_POS;
928 off_linktype = off_payload;
929 off_nl = off_payload+8; /* 802.2+SNAP */
930 off_nl_nosnap = off_payload+3; /* 802.2 */
931 return;
932
933 case DLT_RAW:
934 off_linktype = -1;
935 off_nl = 0;
936 off_nl_nosnap = 0; /* no 802.2 LLC */
937 return;
938
939 case DLT_LINUX_SLL: /* fake header for Linux cooked socket */
940 off_linktype = 14;
941 off_nl = 16;
942 off_nl_nosnap = 16; /* no 802.2 LLC */
943 return;
944
945 case DLT_LTALK:
946 /*
947 * LocalTalk does have a 1-byte type field in the LLAP header,
948 * but really it just indicates whether there is a "short" or
949 * "long" DDP packet following.
950 */
951 off_linktype = -1;
952 off_nl = 0;
953 off_nl_nosnap = 0; /* no 802.2 LLC */
954 return;
955
956 case DLT_IP_OVER_FC:
957 /*
958 * RFC 2625 IP-over-Fibre-Channel doesn't really have a
959 * link-level type field. We set "off_linktype" to the
960 * offset of the LLC header.
961 *
962 * To check for Ethernet types, we assume that SSAP = SNAP
963 * is being used and pick out the encapsulated Ethernet type.
964 * XXX - should we generate code to check for SNAP? RFC
965 * 2625 says SNAP should be used.
966 */
967 off_linktype = 16;
968 off_nl = 24; /* IPFC+802.2+SNAP */
969 off_nl_nosnap = 19; /* IPFC+802.2 */
970 return;
971
972 case DLT_FRELAY:
973 /*
974 * XXX - we should set this to handle SNAP-encapsulated
975 * frames (NLPID of 0x80).
976 */
977 off_linktype = -1;
978 off_nl = 0;
979 off_nl_nosnap = 0; /* no 802.2 LLC */
980 return;
981
982 case DLT_APPLE_IP_OVER_IEEE1394:
983 off_linktype = 16;
984 off_nl = 18;
985 off_nl_nosnap = 0; /* no 802.2 LLC */
986 return;
987
988 case DLT_LINUX_IRDA:
989 /*
990 * Currently, only raw "link[N:M]" filtering is supported.
991 */
992 off_linktype = -1;
993 off_nl = -1;
994 off_nl_nosnap = -1;
995 return;
996
997 case DLT_DOCSIS:
998 /*
999 * Currently, only raw "link[N:M]" filtering is supported.
1000 */
1001 off_linktype = -1;
1002 off_nl = -1;
1003 off_nl_nosnap = -1;
1004 return;
1005
1006 case DLT_SYMANTEC_FIREWALL:
1007 off_linktype = 6;
1008 off_nl = 44; /* Ethernet II */
1009 off_nl_nosnap = 44; /* XXX - what does it do with 802.3 packets? */
1010 return;
1011
1012 case DLT_PFLOG:
1013 off_linktype = 0;
1014 /* XXX read from header? */
1015 off_nl = PFLOG_HDRLEN;
1016 off_nl_nosnap = PFLOG_HDRLEN;
1017 return;
1018
1019 case DLT_JUNIPER_ATM1:
1020 off_linktype = 4; /* in reality variable between 4-8 */
1021 off_nl = 4;
1022 off_nl_nosnap = 14;
1023 return;
1024
1025 case DLT_JUNIPER_ATM2:
1026 off_linktype = 8; /* in reality variable between 8-12 */
1027 off_nl = 8;
1028 off_nl_nosnap = 18;
1029 return;
1030
1031 #ifdef DLT_PFSYNC
1032 case DLT_PFSYNC:
1033 off_linktype = -1;
1034 off_nl = 4;
1035 off_nl_nosnap = 4;
1036 return;
1037 #endif
1038 }
1039 bpf_error("unknown data link type %d", linktype);
1040 /* NOTREACHED */
1041 }
1042
1043 static struct block *
1044 gen_uncond(rsense)
1045 int rsense;
1046 {
1047 struct block *b;
1048 struct slist *s;
1049
1050 s = new_stmt(BPF_LD|BPF_IMM);
1051 s->s.k = !rsense;
1052 b = new_block(JMP(BPF_JEQ));
1053 b->stmts = s;
1054
1055 return b;
1056 }
1057
1058 static inline struct block *
1059 gen_true()
1060 {
1061 return gen_uncond(1);
1062 }
1063
1064 static inline struct block *
1065 gen_false()
1066 {
1067 return gen_uncond(0);
1068 }
1069
1070 /*
1071 * Byte-swap a 32-bit number.
1072 * ("htonl()" or "ntohl()" won't work - we want to byte-swap even on
1073 * big-endian platforms.)
1074 */
1075 #define SWAPLONG(y) \
1076 ((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff))
1077
1078 static struct block *
1079 gen_ether_linktype(proto)
1080 register int proto;
1081 {
1082 struct block *b0, *b1;
1083
1084 switch (proto) {
1085
1086 case LLCSAP_ISONS:
1087 /*
1088 * OSI protocols always use 802.2 encapsulation.
1089 * XXX - should we check both the DSAP and the
1090 * SSAP, like this, or should we check just the
1091 * DSAP?
1092 */
1093 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1094 gen_not(b0);
1095 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1096 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
1097 gen_and(b0, b1);
1098 return b1;
1099
1100 case LLCSAP_IP:
1101 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1102 gen_not(b0);
1103 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1104 ((LLCSAP_IP << 8) | LLCSAP_IP));
1105 gen_and(b0, b1);
1106 return b1;
1107
1108 case LLCSAP_NETBEUI:
1109 /*
1110 * NetBEUI always uses 802.2 encapsulation.
1111 * XXX - should we check both the DSAP and the
1112 * SSAP, like this, or should we check just the
1113 * DSAP?
1114 */
1115 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1116 gen_not(b0);
1117 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1118 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
1119 gen_and(b0, b1);
1120 return b1;
1121
1122 case LLCSAP_IPX:
1123 /*
1124 * Check for;
1125 *
1126 * Ethernet_II frames, which are Ethernet
1127 * frames with a frame type of ETHERTYPE_IPX;
1128 *
1129 * Ethernet_802.3 frames, which are 802.3
1130 * frames (i.e., the type/length field is
1131 * a length field, <= ETHERMTU, rather than
1132 * a type field) with the first two bytes
1133 * after the Ethernet/802.3 header being
1134 * 0xFFFF;
1135 *
1136 * Ethernet_802.2 frames, which are 802.3
1137 * frames with an 802.2 LLC header and
1138 * with the IPX LSAP as the DSAP in the LLC
1139 * header;
1140 *
1141 * Ethernet_SNAP frames, which are 802.3
1142 * frames with an LLC header and a SNAP
1143 * header and with an OUI of 0x000000
1144 * (encapsulated Ethernet) and a protocol
1145 * ID of ETHERTYPE_IPX in the SNAP header.
1146 *
1147 * XXX - should we generate the same code both
1148 * for tests for LLCSAP_IPX and for ETHERTYPE_IPX?
1149 */
1150
1151 /*
1152 * This generates code to check both for the
1153 * IPX LSAP (Ethernet_802.2) and for Ethernet_802.3.
1154 */
1155 b0 = gen_cmp(off_linktype + 2, BPF_B, (bpf_int32)LLCSAP_IPX);
1156 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)0xFFFF);
1157 gen_or(b0, b1);
1158
1159 /*
1160 * Now we add code to check for SNAP frames with
1161 * ETHERTYPE_IPX, i.e. Ethernet_SNAP.
1162 */
1163 b0 = gen_snap(0x000000, ETHERTYPE_IPX, 14);
1164 gen_or(b0, b1);
1165
1166 /*
1167 * Now we generate code to check for 802.3
1168 * frames in general.
1169 */
1170 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1171 gen_not(b0);
1172
1173 /*
1174 * Now add the check for 802.3 frames before the
1175 * check for Ethernet_802.2 and Ethernet_802.3,
1176 * as those checks should only be done on 802.3
1177 * frames, not on Ethernet frames.
1178 */
1179 gen_and(b0, b1);
1180
1181 /*
1182 * Now add the check for Ethernet_II frames, and
1183 * do that before checking for the other frame
1184 * types.
1185 */
1186 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)ETHERTYPE_IPX);
1187 gen_or(b0, b1);
1188 return b1;
1189
1190 case ETHERTYPE_ATALK:
1191 case ETHERTYPE_AARP:
1192 /*
1193 * EtherTalk (AppleTalk protocols on Ethernet link
1194 * layer) may use 802.2 encapsulation.
1195 */
1196
1197 /*
1198 * Check for 802.2 encapsulation (EtherTalk phase 2?);
1199 * we check for an Ethernet type field less than
1200 * 1500, which means it's an 802.3 length field.
1201 */
1202 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1203 gen_not(b0);
1204
1205 /*
1206 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1207 * SNAP packets with an organization code of
1208 * 0x080007 (Apple, for Appletalk) and a protocol
1209 * type of ETHERTYPE_ATALK (Appletalk).
1210 *
1211 * 802.2-encapsulated ETHERTYPE_AARP packets are
1212 * SNAP packets with an organization code of
1213 * 0x000000 (encapsulated Ethernet) and a protocol
1214 * type of ETHERTYPE_AARP (Appletalk ARP).
1215 */
1216 if (proto == ETHERTYPE_ATALK)
1217 b1 = gen_snap(0x080007, ETHERTYPE_ATALK, 14);
1218 else /* proto == ETHERTYPE_AARP */
1219 b1 = gen_snap(0x000000, ETHERTYPE_AARP, 14);
1220 gen_and(b0, b1);
1221
1222 /*
1223 * Check for Ethernet encapsulation (Ethertalk
1224 * phase 1?); we just check for the Ethernet
1225 * protocol type.
1226 */
1227 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1228
1229 gen_or(b0, b1);
1230 return b1;
1231
1232 default:
1233 if (proto <= ETHERMTU) {
1234 /*
1235 * This is an LLC SAP value, so the frames
1236 * that match would be 802.2 frames.
1237 * Check that the frame is an 802.2 frame
1238 * (i.e., that the length/type field is
1239 * a length field, <= ETHERMTU) and
1240 * then check the DSAP.
1241 */
1242 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1243 gen_not(b0);
1244 b1 = gen_cmp(off_linktype + 2, BPF_B, (bpf_int32)proto);
1245 gen_and(b0, b1);
1246 return b1;
1247 } else {
1248 /*
1249 * This is an Ethernet type, so compare
1250 * the length/type field with it (if
1251 * the frame is an 802.2 frame, the length
1252 * field will be <= ETHERMTU, and, as
1253 * "proto" is > ETHERMTU, this test
1254 * will fail and the frame won't match,
1255 * which is what we want).
1256 */
1257 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1258 }
1259 }
1260 }
1261
1262 static struct block *
1263 gen_linktype(proto)
1264 register int proto;
1265 {
1266 struct block *b0, *b1, *b2;
1267
1268 switch (linktype) {
1269
1270 case DLT_EN10MB:
1271 return gen_ether_linktype(proto);
1272 /*NOTREACHED*/
1273 break;
1274
1275 case DLT_C_HDLC:
1276 switch (proto) {
1277
1278 case LLCSAP_ISONS:
1279 proto = (proto << 8 | LLCSAP_ISONS);
1280 /* fall through */
1281
1282 default:
1283 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1284 /*NOTREACHED*/
1285 break;
1286 }
1287 break;
1288
1289 case DLT_IEEE802_11:
1290 case DLT_PRISM_HEADER:
1291 case DLT_IEEE802_11_RADIO:
1292 case DLT_FDDI:
1293 case DLT_IEEE802:
1294 case DLT_ATM_RFC1483:
1295 case DLT_ATM_CLIP:
1296 case DLT_IP_OVER_FC:
1297 return gen_llc(proto);
1298 /*NOTREACHED*/
1299 break;
1300
1301 case DLT_SUNATM:
1302 /*
1303 * If "is_lane" is set, check for a LANE-encapsulated
1304 * version of this protocol, otherwise check for an
1305 * LLC-encapsulated version of this protocol.
1306 *
1307 * We assume LANE means Ethernet, not Token Ring.
1308 */
1309 if (is_lane) {
1310 /*
1311 * Check that the packet doesn't begin with an
1312 * LE Control marker. (We've already generated
1313 * a test for LANE.)
1314 */
1315 b0 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
1316 gen_not(b0);
1317
1318 /*
1319 * Now generate an Ethernet test.
1320 */
1321 b1 = gen_ether_linktype(proto);
1322 gen_and(b0, b1);
1323 return b1;
1324 } else {
1325 /*
1326 * Check for LLC encapsulation and then check the
1327 * protocol.
1328 */
1329 b0 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0);
1330 b1 = gen_llc(proto);
1331 gen_and(b0, b1);
1332 return b1;
1333 }
1334
1335 case DLT_LINUX_SLL:
1336 switch (proto) {
1337
1338 case LLCSAP_IP:
1339 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1340 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1341 ((LLCSAP_IP << 8) | LLCSAP_IP));
1342 gen_and(b0, b1);
1343 return b1;
1344
1345 case LLCSAP_ISONS:
1346 /*
1347 * OSI protocols always use 802.2 encapsulation.
1348 * XXX - should we check both the DSAP and the
1349 * LSAP, like this, or should we check just the
1350 * DSAP?
1351 */
1352 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1353 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1354 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
1355 gen_and(b0, b1);
1356 return b1;
1357
1358 case LLCSAP_NETBEUI:
1359 /*
1360 * NetBEUI always uses 802.2 encapsulation.
1361 * XXX - should we check both the DSAP and the
1362 * LSAP, like this, or should we check just the
1363 * DSAP?
1364 */
1365 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1366 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1367 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
1368 gen_and(b0, b1);
1369 return b1;
1370
1371 case LLCSAP_IPX:
1372 /*
1373 * Ethernet_II frames, which are Ethernet
1374 * frames with a frame type of ETHERTYPE_IPX;
1375 *
1376 * Ethernet_802.3 frames, which have a frame
1377 * type of LINUX_SLL_P_802_3;
1378 *
1379 * Ethernet_802.2 frames, which are 802.3
1380 * frames with an 802.2 LLC header (i.e, have
1381 * a frame type of LINUX_SLL_P_802_2) and
1382 * with the IPX LSAP as the DSAP in the LLC
1383 * header;
1384 *
1385 * Ethernet_SNAP frames, which are 802.3
1386 * frames with an LLC header and a SNAP
1387 * header and with an OUI of 0x000000
1388 * (encapsulated Ethernet) and a protocol
1389 * ID of ETHERTYPE_IPX in the SNAP header.
1390 *
1391 * First, do the checks on LINUX_SLL_P_802_2
1392 * frames; generate the check for either
1393 * Ethernet_802.2 or Ethernet_SNAP frames, and
1394 * then put a check for LINUX_SLL_P_802_2 frames
1395 * before it.
1396 */
1397 b0 = gen_cmp(off_linktype + 2, BPF_B,
1398 (bpf_int32)LLCSAP_IPX);
1399 b1 = gen_snap(0x000000, ETHERTYPE_IPX,
1400 off_linktype + 2);
1401 gen_or(b0, b1);
1402 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1403 gen_and(b0, b1);
1404
1405 /*
1406 * Now check for 802.3 frames and OR that with
1407 * the previous test.
1408 */
1409 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_3);
1410 gen_or(b0, b1);
1411
1412 /*
1413 * Now add the check for Ethernet_II frames, and
1414 * do that before checking for the other frame
1415 * types.
1416 */
1417 b0 = gen_cmp(off_linktype, BPF_H,
1418 (bpf_int32)ETHERTYPE_IPX);
1419 gen_or(b0, b1);
1420 return b1;
1421
1422 case ETHERTYPE_ATALK:
1423 case ETHERTYPE_AARP:
1424 /*
1425 * EtherTalk (AppleTalk protocols on Ethernet link
1426 * layer) may use 802.2 encapsulation.
1427 */
1428
1429 /*
1430 * Check for 802.2 encapsulation (EtherTalk phase 2?);
1431 * we check for the 802.2 protocol type in the
1432 * "Ethernet type" field.
1433 */
1434 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1435
1436 /*
1437 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1438 * SNAP packets with an organization code of
1439 * 0x080007 (Apple, for Appletalk) and a protocol
1440 * type of ETHERTYPE_ATALK (Appletalk).
1441 *
1442 * 802.2-encapsulated ETHERTYPE_AARP packets are
1443 * SNAP packets with an organization code of
1444 * 0x000000 (encapsulated Ethernet) and a protocol
1445 * type of ETHERTYPE_AARP (Appletalk ARP).
1446 */
1447 if (proto == ETHERTYPE_ATALK)
1448 b1 = gen_snap(0x080007, ETHERTYPE_ATALK,
1449 off_linktype + 2);
1450 else /* proto == ETHERTYPE_AARP */
1451 b1 = gen_snap(0x000000, ETHERTYPE_AARP,
1452 off_linktype + 2);
1453 gen_and(b0, b1);
1454
1455 /*
1456 * Check for Ethernet encapsulation (Ethertalk
1457 * phase 1?); we just check for the Ethernet
1458 * protocol type.
1459 */
1460 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1461
1462 gen_or(b0, b1);
1463 return b1;
1464
1465 default:
1466 if (proto <= ETHERMTU) {
1467 /*
1468 * This is an LLC SAP value, so the frames
1469 * that match would be 802.2 frames.
1470 * Check for the 802.2 protocol type
1471 * in the "Ethernet type" field, and
1472 * then check the DSAP.
1473 */
1474 b0 = gen_cmp(off_linktype, BPF_H,
1475 LINUX_SLL_P_802_2);
1476 b1 = gen_cmp(off_linktype + 2, BPF_B,
1477 (bpf_int32)proto);
1478 gen_and(b0, b1);
1479 return b1;
1480 } else {
1481 /*
1482 * This is an Ethernet type, so compare
1483 * the length/type field with it (if
1484 * the frame is an 802.2 frame, the length
1485 * field will be <= ETHERMTU, and, as
1486 * "proto" is > ETHERMTU, this test
1487 * will fail and the frame won't match,
1488 * which is what we want).
1489 */
1490 return gen_cmp(off_linktype, BPF_H,
1491 (bpf_int32)proto);
1492 }
1493 }
1494 /*NOTREACHED*/
1495 break;
1496
1497 case DLT_SLIP:
1498 case DLT_SLIP_BSDOS:
1499 case DLT_RAW:
1500 /*
1501 * These types don't provide any type field; packets
1502 * are always IP.
1503 *
1504 * XXX - for IPv4, check for a version number of 4, and,
1505 * for IPv6, check for a version number of 6?
1506 */
1507 switch (proto) {
1508
1509 case ETHERTYPE_IP:
1510 #ifdef INET6
1511 case ETHERTYPE_IPV6:
1512 #endif
1513 return gen_true(); /* always true */
1514
1515 default:
1516 return gen_false(); /* always false */
1517 }
1518 /*NOTREACHED*/
1519 break;
1520
1521 case DLT_PPP:
1522 case DLT_PPP_WITHDIRECTION:
1523 case DLT_PPP_SERIAL:
1524 case DLT_PPP_ETHER:
1525 /*
1526 * We use Ethernet protocol types inside libpcap;
1527 * map them to the corresponding PPP protocol types.
1528 */
1529 switch (proto) {
1530
1531 case ETHERTYPE_IP:
1532 proto = PPP_IP;
1533 break;
1534
1535 #ifdef INET6
1536 case ETHERTYPE_IPV6:
1537 proto = PPP_IPV6;
1538 break;
1539 #endif
1540
1541 case ETHERTYPE_DN:
1542 proto = PPP_DECNET;
1543 break;
1544
1545 case ETHERTYPE_ATALK:
1546 proto = PPP_APPLE;
1547 break;
1548
1549 case ETHERTYPE_NS:
1550 proto = PPP_NS;
1551 break;
1552
1553 case LLCSAP_ISONS:
1554 proto = PPP_OSI;
1555 break;
1556
1557 case LLCSAP_8021D:
1558 /*
1559 * I'm assuming the "Bridging PDU"s that go
1560 * over PPP are Spanning Tree Protocol
1561 * Bridging PDUs.
1562 */
1563 proto = PPP_BRPDU;
1564 break;
1565
1566 case LLCSAP_IPX:
1567 proto = PPP_IPX;
1568 break;
1569 }
1570 break;
1571
1572 case DLT_PPP_BSDOS:
1573 /*
1574 * We use Ethernet protocol types inside libpcap;
1575 * map them to the corresponding PPP protocol types.
1576 */
1577 switch (proto) {
1578
1579 case ETHERTYPE_IP:
1580 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP);
1581 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC);
1582 gen_or(b0, b1);
1583 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC);
1584 gen_or(b1, b0);
1585 return b0;
1586
1587 #ifdef INET6
1588 case ETHERTYPE_IPV6:
1589 proto = PPP_IPV6;
1590 /* more to go? */
1591 break;
1592 #endif
1593
1594 case ETHERTYPE_DN:
1595 proto = PPP_DECNET;
1596 break;
1597
1598 case ETHERTYPE_ATALK:
1599 proto = PPP_APPLE;
1600 break;
1601
1602 case ETHERTYPE_NS:
1603 proto = PPP_NS;
1604 break;
1605
1606 case LLCSAP_ISONS:
1607 proto = PPP_OSI;
1608 break;
1609
1610 case LLCSAP_8021D:
1611 /*
1612 * I'm assuming the "Bridging PDU"s that go
1613 * over PPP are Spanning Tree Protocol
1614 * Bridging PDUs.
1615 */
1616 proto = PPP_BRPDU;
1617 break;
1618
1619 case LLCSAP_IPX:
1620 proto = PPP_IPX;
1621 break;
1622 }
1623 break;
1624
1625 case DLT_NULL:
1626 case DLT_LOOP:
1627 case DLT_ENC:
1628 /*
1629 * For DLT_NULL, the link-layer header is a 32-bit
1630 * word containing an AF_ value in *host* byte order,
1631 * and for DLT_ENC, the link-layer header begins
1632 * with a 32-bit work containing an AF_ value in
1633 * host byte order.
1634 *
1635 * In addition, if we're reading a saved capture file,
1636 * the host byte order in the capture may not be the
1637 * same as the host byte order on this machine.
1638 *
1639 * For DLT_LOOP, the link-layer header is a 32-bit
1640 * word containing an AF_ value in *network* byte order.
1641 *
1642 * XXX - AF_ values may, unfortunately, be platform-
1643 * dependent; for example, FreeBSD's AF_INET6 is 24
1644 * whilst NetBSD's and OpenBSD's is 26.
1645 *
1646 * This means that, when reading a capture file, just
1647 * checking for our AF_INET6 value won't work if the
1648 * capture file came from another OS.
1649 */
1650 switch (proto) {
1651
1652 case ETHERTYPE_IP:
1653 proto = AF_INET;
1654 break;
1655
1656 #ifdef INET6
1657 case ETHERTYPE_IPV6:
1658 proto = AF_INET6;
1659 break;
1660 #endif
1661
1662 default:
1663 /*
1664 * Not a type on which we support filtering.
1665 * XXX - support those that have AF_ values
1666 * #defined on this platform, at least?
1667 */
1668 return gen_false();
1669 }
1670
1671 if (linktype == DLT_NULL || linktype == DLT_ENC) {
1672 /*
1673 * The AF_ value is in host byte order, but
1674 * the BPF interpreter will convert it to
1675 * network byte order.
1676 *
1677 * If this is a save file, and it's from a
1678 * machine with the opposite byte order to
1679 * ours, we byte-swap the AF_ value.
1680 *
1681 * Then we run it through "htonl()", and
1682 * generate code to compare against the result.
1683 */
1684 if (bpf_pcap->sf.rfile != NULL &&
1685 bpf_pcap->sf.swapped)
1686 proto = SWAPLONG(proto);
1687 proto = htonl(proto);
1688 }
1689 return (gen_cmp(0, BPF_W, (bpf_int32)proto));
1690
1691 case DLT_PFLOG:
1692 /*
1693 * af field is host byte order in contrast to the rest of
1694 * the packet.
1695 */
1696 if (proto == ETHERTYPE_IP)
1697 return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B,
1698 (bpf_int32)AF_INET));
1699 #ifdef INET6
1700 else if (proto == ETHERTYPE_IPV6)
1701 return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B,
1702 (bpf_int32)AF_INET6));
1703 #endif /* INET6 */
1704 else
1705 return gen_false();
1706 /*NOTREACHED*/
1707 break;
1708
1709 case DLT_ARCNET:
1710 case DLT_ARCNET_LINUX:
1711 /*
1712 * XXX should we check for first fragment if the protocol
1713 * uses PHDS?
1714 */
1715 switch (proto) {
1716
1717 default:
1718 return gen_false();
1719
1720 #ifdef INET6
1721 case ETHERTYPE_IPV6:
1722 return (gen_cmp(off_linktype, BPF_B,
1723 (bpf_int32)ARCTYPE_INET6));
1724 #endif /* INET6 */
1725
1726 case ETHERTYPE_IP:
1727 b0 = gen_cmp(off_linktype, BPF_B,
1728 (bpf_int32)ARCTYPE_IP);
1729 b1 = gen_cmp(off_linktype, BPF_B,
1730 (bpf_int32)ARCTYPE_IP_OLD);
1731 gen_or(b0, b1);
1732 return (b1);
1733
1734 case ETHERTYPE_ARP:
1735 b0 = gen_cmp(off_linktype, BPF_B,
1736 (bpf_int32)ARCTYPE_ARP);
1737 b1 = gen_cmp(off_linktype, BPF_B,
1738 (bpf_int32)ARCTYPE_ARP_OLD);
1739 gen_or(b0, b1);
1740 return (b1);
1741
1742 case ETHERTYPE_REVARP:
1743 return (gen_cmp(off_linktype, BPF_B,
1744 (bpf_int32)ARCTYPE_REVARP));
1745
1746 case ETHERTYPE_ATALK:
1747 return (gen_cmp(off_linktype, BPF_B,
1748 (bpf_int32)ARCTYPE_ATALK));
1749 }
1750 /*NOTREACHED*/
1751 break;
1752
1753 case DLT_LTALK:
1754 switch (proto) {
1755 case ETHERTYPE_ATALK:
1756 return gen_true();
1757 default:
1758 return gen_false();
1759 }
1760 /*NOTREACHED*/
1761 break;
1762
1763 case DLT_FRELAY:
1764 /*
1765 * XXX - assumes a 2-byte Frame Relay header with
1766 * DLCI and flags. What if the address is longer?
1767 */
1768 switch (proto) {
1769
1770 case ETHERTYPE_IP:
1771 /*
1772 * Check for the special NLPID for IP.
1773 */
1774 return gen_cmp(2, BPF_H, (0x03<<8) | 0xcc);
1775
1776 #ifdef INET6
1777 case ETHERTYPE_IPV6:
1778 /*
1779 * Check for the special NLPID for IPv6.
1780 */
1781 return gen_cmp(2, BPF_H, (0x03<<8) | 0x8e);
1782 #endif
1783
1784 case LLCSAP_ISONS:
1785 /*
1786 * Check for several OSI protocols.
1787 *
1788 * Frame Relay packets typically have an OSI
1789 * NLPID at the beginning; we check for each
1790 * of them.
1791 *
1792 * What we check for is the NLPID and a frame
1793 * control field of UI, i.e. 0x03 followed
1794 * by the NLPID.
1795 */
1796 b0 = gen_cmp(2, BPF_H, (0x03<<8) | ISO8473_CLNP);
1797 b1 = gen_cmp(2, BPF_H, (0x03<<8) | ISO9542_ESIS);
1798 b2 = gen_cmp(2, BPF_H, (0x03<<8) | ISO10589_ISIS);
1799 gen_or(b1, b2);
1800 gen_or(b0, b2);
1801 return b2;
1802
1803 default:
1804 return gen_false();
1805 }
1806 /*NOTREACHED*/
1807 break;
1808
1809 case DLT_JUNIPER_ATM1:
1810 case DLT_JUNIPER_ATM2:
1811 /* just lets verify the magic number for now -
1812 * we may have upto 6 different encapsulations on the wire
1813 * and need a lot of heuristics to figure out that the payload
1814 * might be;
1815 *
1816 * FIXME encapsulation specific BPF_ filters
1817 */
1818 return gen_mcmp(0, BPF_W, 0x4d474300, 0xffffff00); /* compare the magic number */
1819
1820 case DLT_LINUX_IRDA:
1821 bpf_error("IrDA link-layer type filtering not implemented");
1822
1823 case DLT_DOCSIS:
1824 bpf_error("DOCSIS link-layer type filtering not implemented");
1825 }
1826
1827 /*
1828 * All the types that have no encapsulation should either be
1829 * handled as DLT_SLIP, DLT_SLIP_BSDOS, and DLT_RAW are, if
1830 * all packets are IP packets, or should be handled in some
1831 * special case, if none of them are (if some are and some
1832 * aren't, the lack of encapsulation is a problem, as we'd
1833 * have to find some other way of determining the packet type).
1834 *
1835 * Therefore, if "off_linktype" is -1, there's an error.
1836 */
1837 if (off_linktype == (u_int)-1)
1838 abort();
1839
1840 /*
1841 * Any type not handled above should always have an Ethernet
1842 * type at an offset of "off_linktype". (PPP is partially
1843 * handled above - the protocol type is mapped from the
1844 * Ethernet and LLC types we use internally to the corresponding
1845 * PPP type - but the PPP type is always specified by a value
1846 * at "off_linktype", so we don't have to do the code generation
1847 * above.)
1848 */
1849 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1850 }
1851
1852 /*
1853 * Check for an LLC SNAP packet with a given organization code and
1854 * protocol type; we check the entire contents of the 802.2 LLC and
1855 * snap headers, checking for DSAP and SSAP of SNAP and a control
1856 * field of 0x03 in the LLC header, and for the specified organization
1857 * code and protocol type in the SNAP header.
1858 */
1859 static struct block *
1860 gen_snap(orgcode, ptype, offset)
1861 bpf_u_int32 orgcode;
1862 bpf_u_int32 ptype;
1863 u_int offset;
1864 {
1865 u_char snapblock[8];
1866
1867 snapblock[0] = LLCSAP_SNAP; /* DSAP = SNAP */
1868 snapblock[1] = LLCSAP_SNAP; /* SSAP = SNAP */
1869 snapblock[2] = 0x03; /* control = UI */
1870 snapblock[3] = (orgcode >> 16); /* upper 8 bits of organization code */
1871 snapblock[4] = (orgcode >> 8); /* middle 8 bits of organization code */
1872 snapblock[5] = (orgcode >> 0); /* lower 8 bits of organization code */
1873 snapblock[6] = (ptype >> 8); /* upper 8 bits of protocol type */
1874 snapblock[7] = (ptype >> 0); /* lower 8 bits of protocol type */
1875 return gen_bcmp(offset, 8, snapblock);
1876 }
1877
1878 /*
1879 * Check for a given protocol value assuming an 802.2 LLC header.
1880 */
1881 static struct block *
1882 gen_llc(proto)
1883 int proto;
1884 {
1885 /*
1886 * XXX - handle token-ring variable-length header.
1887 */
1888 switch (proto) {
1889
1890 case LLCSAP_IP:
1891 return gen_cmp(off_linktype, BPF_H, (long)
1892 ((LLCSAP_IP << 8) | LLCSAP_IP));
1893
1894 case LLCSAP_ISONS:
1895 return gen_cmp(off_linktype, BPF_H, (long)
1896 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
1897
1898 case LLCSAP_NETBEUI:
1899 return gen_cmp(off_linktype, BPF_H, (long)
1900 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
1901
1902 case LLCSAP_IPX:
1903 /*
1904 * XXX - are there ever SNAP frames for IPX on
1905 * non-Ethernet 802.x networks?
1906 */
1907 return gen_cmp(off_linktype, BPF_B, (bpf_int32)LLCSAP_IPX);
1908
1909 case ETHERTYPE_ATALK:
1910 /*
1911 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1912 * SNAP packets with an organization code of
1913 * 0x080007 (Apple, for Appletalk) and a protocol
1914 * type of ETHERTYPE_ATALK (Appletalk).
1915 *
1916 * XXX - check for an organization code of
1917 * encapsulated Ethernet as well?
1918 */
1919 return gen_snap(0x080007, ETHERTYPE_ATALK, off_linktype);
1920
1921 default:
1922 /*
1923 * XXX - we don't have to check for IPX 802.3
1924 * here, but should we check for the IPX Ethertype?
1925 */
1926 if (proto <= ETHERMTU) {
1927 /*
1928 * This is an LLC SAP value, so check
1929 * the DSAP.
1930 */
1931 return gen_cmp(off_linktype, BPF_B, (bpf_int32)proto);
1932 } else {
1933 /*
1934 * This is an Ethernet type; we assume that it's
1935 * unlikely that it'll appear in the right place
1936 * at random, and therefore check only the
1937 * location that would hold the Ethernet type
1938 * in a SNAP frame with an organization code of
1939 * 0x000000 (encapsulated Ethernet).
1940 *
1941 * XXX - if we were to check for the SNAP DSAP and
1942 * LSAP, as per XXX, and were also to check for an
1943 * organization code of 0x000000 (encapsulated
1944 * Ethernet), we'd do
1945 *
1946 * return gen_snap(0x000000, proto,
1947 * off_linktype);
1948 *
1949 * here; for now, we don't, as per the above.
1950 * I don't know whether it's worth the extra CPU
1951 * time to do the right check or not.
1952 */
1953 return gen_cmp(off_linktype+6, BPF_H, (bpf_int32)proto);
1954 }
1955 }
1956 }
1957
1958 static struct block *
1959 gen_hostop(addr, mask, dir, proto, src_off, dst_off)
1960 bpf_u_int32 addr;
1961 bpf_u_int32 mask;
1962 int dir, proto;
1963 u_int src_off, dst_off;
1964 {
1965 struct block *b0, *b1;
1966 u_int offset;
1967
1968 switch (dir) {
1969
1970 case Q_SRC:
1971 offset = src_off;
1972 break;
1973
1974 case Q_DST:
1975 offset = dst_off;
1976 break;
1977
1978 case Q_AND:
1979 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
1980 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
1981 gen_and(b0, b1);
1982 return b1;
1983
1984 case Q_OR:
1985 case Q_DEFAULT:
1986 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
1987 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
1988 gen_or(b0, b1);
1989 return b1;
1990
1991 default:
1992 abort();
1993 }
1994 b0 = gen_linktype(proto);
1995 b1 = gen_mcmp(offset, BPF_W, (bpf_int32)addr, mask);
1996 gen_and(b0, b1);
1997 return b1;
1998 }
1999
2000 #ifdef INET6
2001 static struct block *
2002 gen_hostop6(addr, mask, dir, proto, src_off, dst_off)
2003 struct in6_addr *addr;
2004 struct in6_addr *mask;
2005 int dir, proto;
2006 u_int src_off, dst_off;
2007 {
2008 struct block *b0, *b1;
2009 u_int offset;
2010 u_int32_t *a, *m;
2011
2012 switch (dir) {
2013
2014 case Q_SRC:
2015 offset = src_off;
2016 break;
2017
2018 case Q_DST:
2019 offset = dst_off;
2020 break;
2021
2022 case Q_AND:
2023 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
2024 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
2025 gen_and(b0, b1);
2026 return b1;
2027
2028 case Q_OR:
2029 case Q_DEFAULT:
2030 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
2031 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
2032 gen_or(b0, b1);
2033 return b1;
2034
2035 default:
2036 abort();
2037 }
2038 /* this order is important */
2039 a = (u_int32_t *)addr;
2040 m = (u_int32_t *)mask;
2041 b1 = gen_mcmp(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3]));
2042 b0 = gen_mcmp(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2]));
2043 gen_and(b0, b1);
2044 b0 = gen_mcmp(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1]));
2045 gen_and(b0, b1);
2046 b0 = gen_mcmp(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0]));
2047 gen_and(b0, b1);
2048 b0 = gen_linktype(proto);
2049 gen_and(b0, b1);
2050 return b1;
2051 }
2052 #endif /*INET6*/
2053
2054 static struct block *
2055 gen_ehostop(eaddr, dir)
2056 register const u_char *eaddr;
2057 register int dir;
2058 {
2059 register struct block *b0, *b1;
2060
2061 switch (dir) {
2062 case Q_SRC:
2063 return gen_bcmp(off_mac + 6, 6, eaddr);
2064
2065 case Q_DST:
2066 return gen_bcmp(off_mac + 0, 6, eaddr);
2067
2068 case Q_AND:
2069 b0 = gen_ehostop(eaddr, Q_SRC);
2070 b1 = gen_ehostop(eaddr, Q_DST);
2071 gen_and(b0, b1);
2072 return b1;
2073
2074 case Q_DEFAULT:
2075 case Q_OR:
2076 b0 = gen_ehostop(eaddr, Q_SRC);
2077 b1 = gen_ehostop(eaddr, Q_DST);
2078 gen_or(b0, b1);
2079 return b1;
2080 }
2081 abort();
2082 /* NOTREACHED */
2083 }
2084
2085 /*
2086 * Like gen_ehostop, but for DLT_FDDI
2087 */
2088 static struct block *
2089 gen_fhostop(eaddr, dir)
2090 register const u_char *eaddr;
2091 register int dir;
2092 {
2093 struct block *b0, *b1;
2094
2095 switch (dir) {
2096 case Q_SRC:
2097 #ifdef PCAP_FDDIPAD
2098 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr);
2099 #else
2100 return gen_bcmp(6 + 1, 6, eaddr);
2101 #endif
2102
2103 case Q_DST:
2104 #ifdef PCAP_FDDIPAD
2105 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr);
2106 #else
2107 return gen_bcmp(0 + 1, 6, eaddr);
2108 #endif
2109
2110 case Q_AND:
2111 b0 = gen_fhostop(eaddr, Q_SRC);
2112 b1 = gen_fhostop(eaddr, Q_DST);
2113 gen_and(b0, b1);
2114 return b1;
2115
2116 case Q_DEFAULT:
2117 case Q_OR:
2118 b0 = gen_fhostop(eaddr, Q_SRC);
2119 b1 = gen_fhostop(eaddr, Q_DST);
2120 gen_or(b0, b1);
2121 return b1;
2122 }
2123 abort();
2124 /* NOTREACHED */
2125 }
2126
2127 /*
2128 * Like gen_ehostop, but for DLT_IEEE802 (Token Ring)
2129 */
2130 static struct block *
2131 gen_thostop(eaddr, dir)
2132 register const u_char *eaddr;
2133 register int dir;
2134 {
2135 register struct block *b0, *b1;
2136
2137 switch (dir) {
2138 case Q_SRC:
2139 return gen_bcmp(8, 6, eaddr);
2140
2141 case Q_DST:
2142 return gen_bcmp(2, 6, eaddr);
2143
2144 case Q_AND:
2145 b0 = gen_thostop(eaddr, Q_SRC);
2146 b1 = gen_thostop(eaddr, Q_DST);
2147 gen_and(b0, b1);
2148 return b1;
2149
2150 case Q_DEFAULT:
2151 case Q_OR:
2152 b0 = gen_thostop(eaddr, Q_SRC);
2153 b1 = gen_thostop(eaddr, Q_DST);
2154 gen_or(b0, b1);
2155 return b1;
2156 }
2157 abort();
2158 /* NOTREACHED */
2159 }
2160
2161 /*
2162 * Like gen_ehostop, but for DLT_IEEE802_11 (802.11 wireless LAN)
2163 */
2164 static struct block *
2165 gen_wlanhostop(eaddr, dir)
2166 register const u_char *eaddr;
2167 register int dir;
2168 {
2169 register struct block *b0, *b1, *b2;
2170 register struct slist *s;
2171
2172 switch (dir) {
2173 case Q_SRC:
2174 /*
2175 * Oh, yuk.
2176 *
2177 * For control frames, there is no SA.
2178 *
2179 * For management frames, SA is at an
2180 * offset of 10 from the beginning of
2181 * the packet.
2182 *
2183 * For data frames, SA is at an offset
2184 * of 10 from the beginning of the packet
2185 * if From DS is clear, at an offset of
2186 * 16 from the beginning of the packet
2187 * if From DS is set and To DS is clear,
2188 * and an offset of 24 from the beginning
2189 * of the packet if From DS is set and To DS
2190 * is set.
2191 */
2192
2193 /*
2194 * Generate the tests to be done for data frames
2195 * with From DS set.
2196 *
2197 * First, check for To DS set, i.e. check "link[1] & 0x01".
2198 */
2199 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2200 s->s.k = 1;
2201 b1 = new_block(JMP(BPF_JSET));
2202 b1->s.k = 0x01; /* To DS */
2203 b1->stmts = s;
2204
2205 /*
2206 * If To DS is set, the SA is at 24.
2207 */
2208 b0 = gen_bcmp(24, 6, eaddr);
2209 gen_and(b1, b0);
2210
2211 /*
2212 * Now, check for To DS not set, i.e. check
2213 * "!(link[1] & 0x01)".
2214 */
2215 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2216 s->s.k = 1;
2217 b2 = new_block(JMP(BPF_JSET));
2218 b2->s.k = 0x01; /* To DS */
2219 b2->stmts = s;
2220 gen_not(b2);
2221
2222 /*
2223 * If To DS is not set, the SA is at 16.
2224 */
2225 b1 = gen_bcmp(16, 6, eaddr);
2226 gen_and(b2, b1);
2227
2228 /*
2229 * Now OR together the last two checks. That gives
2230 * the complete set of checks for data frames with
2231 * From DS set.
2232 */
2233 gen_or(b1, b0);
2234
2235 /*
2236 * Now check for From DS being set, and AND that with
2237 * the ORed-together checks.
2238 */
2239 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2240 s->s.k = 1;
2241 b1 = new_block(JMP(BPF_JSET));
2242 b1->s.k = 0x02; /* From DS */
2243 b1->stmts = s;
2244 gen_and(b1, b0);
2245
2246 /*
2247 * Now check for data frames with From DS not set.
2248 */
2249 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2250 s->s.k = 1;
2251 b2 = new_block(JMP(BPF_JSET));
2252 b2->s.k = 0x02; /* From DS */
2253 b2->stmts = s;
2254 gen_not(b2);
2255
2256 /*
2257 * If From DS isn't set, the SA is at 10.
2258 */
2259 b1 = gen_bcmp(10, 6, eaddr);
2260 gen_and(b2, b1);
2261
2262 /*
2263 * Now OR together the checks for data frames with
2264 * From DS not set and for data frames with From DS
2265 * set; that gives the checks done for data frames.
2266 */
2267 gen_or(b1, b0);
2268
2269 /*
2270 * Now check for a data frame.
2271 * I.e, check "link[0] & 0x08".
2272 */
2273 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2274 s->s.k = 0;
2275 b1 = new_block(JMP(BPF_JSET));
2276 b1->s.k = 0x08;
2277 b1->stmts = s;
2278
2279 /*
2280 * AND that with the checks done for data frames.
2281 */
2282 gen_and(b1, b0);
2283
2284 /*
2285 * If the high-order bit of the type value is 0, this
2286 * is a management frame.
2287 * I.e, check "!(link[0] & 0x08)".
2288 */
2289 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2290 s->s.k = 0;
2291 b2 = new_block(JMP(BPF_JSET));
2292 b2->s.k = 0x08;
2293 b2->stmts = s;
2294 gen_not(b2);
2295
2296 /*
2297 * For management frames, the SA is at 10.
2298 */
2299 b1 = gen_bcmp(10, 6, eaddr);
2300 gen_and(b2, b1);
2301
2302 /*
2303 * OR that with the checks done for data frames.
2304 * That gives the checks done for management and
2305 * data frames.
2306 */
2307 gen_or(b1, b0);
2308
2309 /*
2310 * If the low-order bit of the type value is 1,
2311 * this is either a control frame or a frame
2312 * with a reserved type, and thus not a
2313 * frame with an SA.
2314 *
2315 * I.e., check "!(link[0] & 0x04)".
2316 */
2317 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2318 s->s.k = 0;
2319 b1 = new_block(JMP(BPF_JSET));
2320 b1->s.k = 0x04;
2321 b1->stmts = s;
2322 gen_not(b1);
2323
2324 /*
2325 * AND that with the checks for data and management
2326 * frames.
2327 */
2328 gen_and(b1, b0);
2329 return b0;
2330
2331 case Q_DST:
2332 /*
2333 * Oh, yuk.
2334 *
2335 * For control frames, there is no DA.
2336 *
2337 * For management frames, DA is at an
2338 * offset of 4 from the beginning of
2339 * the packet.
2340 *
2341 * For data frames, DA is at an offset
2342 * of 4 from the beginning of the packet
2343 * if To DS is clear and at an offset of
2344 * 16 from the beginning of the packet
2345 * if To DS is set.
2346 */
2347
2348 /*
2349 * Generate the tests to be done for data frames.
2350 *
2351 * First, check for To DS set, i.e. "link[1] & 0x01".
2352 */
2353 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2354 s->s.k = 1;
2355 b1 = new_block(JMP(BPF_JSET));
2356 b1->s.k = 0x01; /* To DS */
2357 b1->stmts = s;
2358
2359 /*
2360 * If To DS is set, the DA is at 16.
2361 */
2362 b0 = gen_bcmp(16, 6, eaddr);
2363 gen_and(b1, b0);
2364
2365 /*
2366 * Now, check for To DS not set, i.e. check
2367 * "!(link[1] & 0x01)".
2368 */
2369 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2370 s->s.k = 1;
2371 b2 = new_block(JMP(BPF_JSET));
2372 b2->s.k = 0x01; /* To DS */
2373 b2->stmts = s;
2374 gen_not(b2);
2375
2376 /*
2377 * If To DS is not set, the DA is at 4.
2378 */
2379 b1 = gen_bcmp(4, 6, eaddr);
2380 gen_and(b2, b1);
2381
2382 /*
2383 * Now OR together the last two checks. That gives
2384 * the complete set of checks for data frames.
2385 */
2386 gen_or(b1, b0);
2387
2388 /*
2389 * Now check for a data frame.
2390 * I.e, check "link[0] & 0x08".
2391 */
2392 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2393 s->s.k = 0;
2394 b1 = new_block(JMP(BPF_JSET));
2395 b1->s.k = 0x08;
2396 b1->stmts = s;
2397
2398 /*
2399 * AND that with the checks done for data frames.
2400 */
2401 gen_and(b1, b0);
2402
2403 /*
2404 * If the high-order bit of the type value is 0, this
2405 * is a management frame.
2406 * I.e, check "!(link[0] & 0x08)".
2407 */
2408 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2409 s->s.k = 0;
2410 b2 = new_block(JMP(BPF_JSET));
2411 b2->s.k = 0x08;
2412 b2->stmts = s;
2413 gen_not(b2);
2414
2415 /*
2416 * For management frames, the DA is at 4.
2417 */
2418 b1 = gen_bcmp(4, 6, eaddr);
2419 gen_and(b2, b1);
2420
2421 /*
2422 * OR that with the checks done for data frames.
2423 * That gives the checks done for management and
2424 * data frames.
2425 */
2426 gen_or(b1, b0);
2427
2428 /*
2429 * If the low-order bit of the type value is 1,
2430 * this is either a control frame or a frame
2431 * with a reserved type, and thus not a
2432 * frame with an SA.
2433 *
2434 * I.e., check "!(link[0] & 0x04)".
2435 */
2436 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2437 s->s.k = 0;
2438 b1 = new_block(JMP(BPF_JSET));
2439 b1->s.k = 0x04;
2440 b1->stmts = s;
2441 gen_not(b1);
2442
2443 /*
2444 * AND that with the checks for data and management
2445 * frames.
2446 */
2447 gen_and(b1, b0);
2448 return b0;
2449
2450 case Q_AND:
2451 b0 = gen_wlanhostop(eaddr, Q_SRC);
2452 b1 = gen_wlanhostop(eaddr, Q_DST);
2453 gen_and(b0, b1);
2454 return b1;
2455
2456 case Q_DEFAULT:
2457 case Q_OR:
2458 b0 = gen_wlanhostop(eaddr, Q_SRC);
2459 b1 = gen_wlanhostop(eaddr, Q_DST);
2460 gen_or(b0, b1);
2461 return b1;
2462 }
2463 abort();
2464 /* NOTREACHED */
2465 }
2466
2467 /*
2468 * Like gen_ehostop, but for RFC 2625 IP-over-Fibre-Channel.
2469 * (We assume that the addresses are IEEE 48-bit MAC addresses,
2470 * as the RFC states.)
2471 */
2472 static struct block *
2473 gen_ipfchostop(eaddr, dir)
2474 register const u_char *eaddr;
2475 register int dir;
2476 {
2477 register struct block *b0, *b1;
2478
2479 switch (dir) {
2480 case Q_SRC:
2481 return gen_bcmp(10, 6, eaddr);
2482
2483 case Q_DST:
2484 return gen_bcmp(2, 6, eaddr);
2485
2486 case Q_AND:
2487 b0 = gen_ipfchostop(eaddr, Q_SRC);
2488 b1 = gen_ipfchostop(eaddr, Q_DST);
2489 gen_and(b0, b1);
2490 return b1;
2491
2492 case Q_DEFAULT:
2493 case Q_OR:
2494 b0 = gen_ipfchostop(eaddr, Q_SRC);
2495 b1 = gen_ipfchostop(eaddr, Q_DST);
2496 gen_or(b0, b1);
2497 return b1;
2498 }
2499 abort();
2500 /* NOTREACHED */
2501 }
2502
2503 /*
2504 * This is quite tricky because there may be pad bytes in front of the
2505 * DECNET header, and then there are two possible data packet formats that
2506 * carry both src and dst addresses, plus 5 packet types in a format that
2507 * carries only the src node, plus 2 types that use a different format and
2508 * also carry just the src node.
2509 *
2510 * Yuck.
2511 *
2512 * Instead of doing those all right, we just look for data packets with
2513 * 0 or 1 bytes of padding. If you want to look at other packets, that
2514 * will require a lot more hacking.
2515 *
2516 * To add support for filtering on DECNET "areas" (network numbers)
2517 * one would want to add a "mask" argument to this routine. That would
2518 * make the filter even more inefficient, although one could be clever
2519 * and not generate masking instructions if the mask is 0xFFFF.
2520 */
2521 static struct block *
2522 gen_dnhostop(addr, dir, base_off)
2523 bpf_u_int32 addr;
2524 int dir;
2525 u_int base_off;
2526 {
2527 struct block *b0, *b1, *b2, *tmp;
2528 u_int offset_lh; /* offset if long header is received */
2529 u_int offset_sh; /* offset if short header is received */
2530
2531 switch (dir) {
2532
2533 case Q_DST:
2534 offset_sh = 1; /* follows flags */
2535 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */
2536 break;
2537
2538 case Q_SRC:
2539 offset_sh = 3; /* follows flags, dstnode */
2540 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */
2541 break;
2542
2543 case Q_AND:
2544 /* Inefficient because we do our Calvinball dance twice */
2545 b0 = gen_dnhostop(addr, Q_SRC, base_off);
2546 b1 = gen_dnhostop(addr, Q_DST, base_off);
2547 gen_and(b0, b1);
2548 return b1;
2549
2550 case Q_OR:
2551 case Q_DEFAULT:
2552 /* Inefficient because we do our Calvinball dance twice */
2553 b0 = gen_dnhostop(addr, Q_SRC, base_off);
2554 b1 = gen_dnhostop(addr, Q_DST, base_off);
2555 gen_or(b0, b1);
2556 return b1;
2557
2558 case Q_ISO:
2559 bpf_error("ISO host filtering not implemented");
2560
2561 default:
2562 abort();
2563 }
2564 b0 = gen_linktype(ETHERTYPE_DN);
2565 /* Check for pad = 1, long header case */
2566 tmp = gen_mcmp(base_off + 2, BPF_H,
2567 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF));
2568 b1 = gen_cmp(base_off + 2 + 1 + offset_lh,
2569 BPF_H, (bpf_int32)ntohs(addr));
2570 gen_and(tmp, b1);
2571 /* Check for pad = 0, long header case */
2572 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7);
2573 b2 = gen_cmp(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr));
2574 gen_and(tmp, b2);
2575 gen_or(b2, b1);
2576 /* Check for pad = 1, short header case */
2577 tmp = gen_mcmp(base_off + 2, BPF_H,
2578 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF));
2579 b2 = gen_cmp(base_off + 2 + 1 + offset_sh,
2580 BPF_H, (bpf_int32)ntohs(addr));
2581 gen_and(tmp, b2);
2582 gen_or(b2, b1);
2583 /* Check for pad = 0, short header case */
2584 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7);
2585 b2 = gen_cmp(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr));
2586 gen_and(tmp, b2);
2587 gen_or(b2, b1);
2588
2589 /* Combine with test for linktype */
2590 gen_and(b0, b1);
2591 return b1;
2592 }
2593
2594 static struct block *
2595 gen_host(addr, mask, proto, dir)
2596 bpf_u_int32 addr;
2597 bpf_u_int32 mask;
2598 int proto;
2599 int dir;
2600 {
2601 struct block *b0, *b1;
2602
2603 switch (proto) {
2604
2605 case Q_DEFAULT:
2606 b0 = gen_host(addr, mask, Q_IP, dir);
2607 if (off_linktype != (u_int)-1) {
2608 b1 = gen_host(addr, mask, Q_ARP, dir);
2609 gen_or(b0, b1);
2610 b0 = gen_host(addr, mask, Q_RARP, dir);
2611 gen_or(b1, b0);
2612 }
2613 return b0;
2614
2615 case Q_IP:
2616 return gen_hostop(addr, mask, dir, ETHERTYPE_IP,
2617 off_nl + 12, off_nl + 16);
2618
2619 case Q_RARP:
2620 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP,
2621 off_nl + 14, off_nl + 24);
2622
2623 case Q_ARP:
2624 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP,
2625 off_nl + 14, off_nl + 24);
2626
2627 case Q_TCP:
2628 bpf_error("'tcp' modifier applied to host");
2629
2630 case Q_SCTP:
2631 bpf_error("'sctp' modifier applied to host");
2632
2633 case Q_UDP:
2634 bpf_error("'udp' modifier applied to host");
2635
2636 case Q_ICMP:
2637 bpf_error("'icmp' modifier applied to host");
2638
2639 case Q_IGMP:
2640 bpf_error("'igmp' modifier applied to host");
2641
2642 case Q_IGRP:
2643 bpf_error("'igrp' modifier applied to host");
2644
2645 case Q_PIM:
2646 bpf_error("'pim' modifier applied to host");
2647
2648 case Q_VRRP:
2649 bpf_error("'vrrp' modifier applied to host");
2650
2651 case Q_ATALK:
2652 bpf_error("ATALK host filtering not implemented");
2653
2654 case Q_AARP:
2655 bpf_error("AARP host filtering not implemented");
2656
2657 case Q_DECNET:
2658 return gen_dnhostop(addr, dir, off_nl);
2659
2660 case Q_SCA:
2661 bpf_error("SCA host filtering not implemented");
2662
2663 case Q_LAT:
2664 bpf_error("LAT host filtering not implemented");
2665
2666 case Q_MOPDL:
2667 bpf_error("MOPDL host filtering not implemented");
2668
2669 case Q_MOPRC:
2670 bpf_error("MOPRC host filtering not implemented");
2671
2672 #ifdef INET6
2673 case Q_IPV6:
2674 bpf_error("'ip6' modifier applied to ip host");
2675
2676 case Q_ICMPV6:
2677 bpf_error("'icmp6' modifier applied to host");
2678 #endif /* INET6 */
2679
2680 case Q_AH:
2681 bpf_error("'ah' modifier applied to host");
2682
2683 case Q_ESP:
2684 bpf_error("'esp' modifier applied to host");
2685
2686 case Q_ISO:
2687 bpf_error("ISO host filtering not implemented");
2688
2689 case Q_ESIS:
2690 bpf_error("'esis' modifier applied to host");
2691
2692 case Q_ISIS:
2693 bpf_error("'isis' modifier applied to host");
2694
2695 case Q_CLNP:
2696 bpf_error("'clnp' modifier applied to host");
2697
2698 case Q_STP:
2699 bpf_error("'stp' modifier applied to host");
2700
2701 case Q_IPX:
2702 bpf_error("IPX host filtering not implemented");
2703
2704 case Q_NETBEUI:
2705 bpf_error("'netbeui' modifier applied to host");
2706
2707 default:
2708 abort();
2709 }
2710 /* NOTREACHED */
2711 }
2712
2713 #ifdef INET6
2714 static struct block *
2715 gen_host6(addr, mask, proto, dir)
2716 struct in6_addr *addr;
2717 struct in6_addr *mask;
2718 int proto;
2719 int dir;
2720 {
2721 switch (proto) {
2722
2723 case Q_DEFAULT:
2724 return gen_host6(addr, mask, Q_IPV6, dir);
2725
2726 case Q_IP:
2727 bpf_error("'ip' modifier applied to ip6 host");
2728
2729 case Q_RARP:
2730 bpf_error("'rarp' modifier applied to ip6 host");
2731
2732 case Q_ARP:
2733 bpf_error("'arp' modifier applied to ip6 host");
2734
2735 case Q_SCTP:
2736 bpf_error("'sctp' modifier applied to host");
2737
2738 case Q_TCP:
2739 bpf_error("'tcp' modifier applied to host");
2740
2741 case Q_UDP:
2742 bpf_error("'udp' modifier applied to host");
2743
2744 case Q_ICMP:
2745 bpf_error("'icmp' modifier applied to host");
2746
2747 case Q_IGMP:
2748 bpf_error("'igmp' modifier applied to host");
2749
2750 case Q_IGRP:
2751 bpf_error("'igrp' modifier applied to host");
2752
2753 case Q_PIM:
2754 bpf_error("'pim' modifier applied to host");
2755
2756 case Q_VRRP:
2757 bpf_error("'vrrp' modifier applied to host");
2758
2759 case Q_ATALK:
2760 bpf_error("ATALK host filtering not implemented");
2761
2762 case Q_AARP:
2763 bpf_error("AARP host filtering not implemented");
2764
2765 case Q_DECNET:
2766 bpf_error("'decnet' modifier applied to ip6 host");
2767
2768 case Q_SCA:
2769 bpf_error("SCA host filtering not implemented");
2770
2771 case Q_LAT:
2772 bpf_error("LAT host filtering not implemented");
2773
2774 case Q_MOPDL:
2775 bpf_error("MOPDL host filtering not implemented");
2776
2777 case Q_MOPRC:
2778 bpf_error("MOPRC host filtering not implemented");
2779
2780 case Q_IPV6:
2781 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6,
2782 off_nl + 8, off_nl + 24);
2783
2784 case Q_ICMPV6:
2785 bpf_error("'icmp6' modifier applied to host");
2786
2787 case Q_AH:
2788 bpf_error("'ah' modifier applied to host");
2789
2790 case Q_ESP:
2791 bpf_error("'esp' modifier applied to host");
2792
2793 case Q_ISO:
2794 bpf_error("ISO host filtering not implemented");
2795
2796 case Q_ESIS:
2797 bpf_error("'esis' modifier applied to host");
2798
2799 case Q_ISIS:
2800 bpf_error("'isis' modifier applied to host");
2801
2802 case Q_CLNP:
2803 bpf_error("'clnp' modifier applied to host");
2804
2805 case Q_STP:
2806 bpf_error("'stp' modifier applied to host");
2807
2808 case Q_IPX:
2809 bpf_error("IPX host filtering not implemented");
2810
2811 case Q_NETBEUI:
2812 bpf_error("'netbeui' modifier applied to host");
2813
2814 default:
2815 abort();
2816 }
2817 /* NOTREACHED */
2818 }
2819 #endif /*INET6*/
2820
2821 #ifndef INET6
2822 static struct block *
2823 gen_gateway(eaddr, alist, proto, dir)
2824 const u_char *eaddr;
2825 bpf_u_int32 **alist;
2826 int proto;
2827 int dir;
2828 {
2829 struct block *b0, *b1, *tmp;
2830
2831 if (dir != 0)
2832 bpf_error("direction applied to 'gateway'");
2833
2834 switch (proto) {
2835 case Q_DEFAULT:
2836 case Q_IP:
2837 case Q_ARP:
2838 case Q_RARP:
2839 if (linktype == DLT_EN10MB)
2840 b0 = gen_ehostop(eaddr, Q_OR);
2841 else if (linktype == DLT_FDDI)
2842 b0 = gen_fhostop(eaddr, Q_OR);
2843 else if (linktype == DLT_IEEE802)
2844 b0 = gen_thostop(eaddr, Q_OR);
2845 else if (linktype == DLT_IEEE802_11)
2846 b0 = gen_wlanhostop(eaddr, Q_OR);
2847 else if (linktype == DLT_SUNATM && is_lane) {
2848 /*
2849 * Check that the packet doesn't begin with an
2850 * LE Control marker. (We've already generated
2851 * a test for LANE.)
2852 */
2853 b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
2854 gen_not(b1);
2855
2856 /*
2857 * Now check the MAC address.
2858 */
2859 b0 = gen_ehostop(eaddr, Q_OR);
2860 gen_and(b1, b0);
2861 } else if (linktype == DLT_IP_OVER_FC)
2862 b0 = gen_ipfchostop(eaddr, Q_OR);
2863 else
2864 bpf_error(
2865 "'gateway' supported only on ethernet/FDDI/token ring/802.11/Fibre Channel");
2866
2867 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR);
2868 while (*alist) {
2869 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR);
2870 gen_or(b1, tmp);
2871 b1 = tmp;
2872 }
2873 gen_not(b1);
2874 gen_and(b0, b1);
2875 return b1;
2876 }
2877 bpf_error("illegal modifier of 'gateway'");
2878 /* NOTREACHED */
2879 }
2880 #endif
2881
2882 struct block *
2883 gen_proto_abbrev(proto)
2884 int proto;
2885 {
2886 struct block *b0;
2887 struct block *b1;
2888
2889 switch (proto) {
2890
2891 case Q_SCTP:
2892 b1 = gen_proto(IPPROTO_SCTP, Q_IP, Q_DEFAULT);
2893 #ifdef INET6
2894 b0 = gen_proto(IPPROTO_SCTP, Q_IPV6, Q_DEFAULT);
2895 gen_or(b0, b1);
2896 #endif
2897 break;
2898
2899 case Q_TCP:
2900 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT);
2901 #ifdef INET6
2902 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT);
2903 gen_or(b0, b1);
2904 #endif
2905 break;
2906
2907 case Q_UDP:
2908 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT);
2909 #ifdef INET6
2910 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT);
2911 gen_or(b0, b1);
2912 #endif
2913 break;
2914
2915 case Q_ICMP:
2916 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT);
2917 break;
2918
2919 #ifndef IPPROTO_IGMP
2920 #define IPPROTO_IGMP 2
2921 #endif
2922
2923 case Q_IGMP:
2924 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT);
2925 break;
2926
2927 #ifndef IPPROTO_IGRP
2928 #define IPPROTO_IGRP 9
2929 #endif
2930 case Q_IGRP:
2931 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT);
2932 break;
2933
2934 #ifndef IPPROTO_PIM
2935 #define IPPROTO_PIM 103
2936 #endif
2937
2938 case Q_PIM:
2939 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT);
2940 #ifdef INET6
2941 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT);
2942 gen_or(b0, b1);
2943 #endif
2944 break;
2945
2946 #ifndef IPPROTO_VRRP
2947 #define IPPROTO_VRRP 112
2948 #endif
2949
2950 case Q_VRRP:
2951 b1 = gen_proto(IPPROTO_VRRP, Q_IP, Q_DEFAULT);
2952 break;
2953
2954 case Q_IP:
2955 b1 = gen_linktype(ETHERTYPE_IP);
2956 break;
2957
2958 case Q_ARP:
2959 b1 = gen_linktype(ETHERTYPE_ARP);
2960 break;
2961
2962 case Q_RARP:
2963 b1 = gen_linktype(ETHERTYPE_REVARP);
2964 break;
2965
2966 case Q_LINK:
2967 bpf_error("link layer applied in wrong context");
2968
2969 case Q_ATALK:
2970 b1 = gen_linktype(ETHERTYPE_ATALK);
2971 break;
2972
2973 case Q_AARP:
2974 b1 = gen_linktype(ETHERTYPE_AARP);
2975 break;
2976
2977 case Q_DECNET:
2978 b1 = gen_linktype(ETHERTYPE_DN);
2979 break;
2980
2981 case Q_SCA:
2982 b1 = gen_linktype(ETHERTYPE_SCA);
2983 break;
2984
2985 case Q_LAT:
2986 b1 = gen_linktype(ETHERTYPE_LAT);
2987 break;
2988
2989 case Q_MOPDL:
2990 b1 = gen_linktype(ETHERTYPE_MOPDL);
2991 break;
2992
2993 case Q_MOPRC:
2994 b1 = gen_linktype(ETHERTYPE_MOPRC);
2995 break;
2996
2997 #ifdef INET6
2998 case Q_IPV6:
2999 b1 = gen_linktype(ETHERTYPE_IPV6);
3000 break;
3001
3002 #ifndef IPPROTO_ICMPV6
3003 #define IPPROTO_ICMPV6 58
3004 #endif
3005 case Q_ICMPV6:
3006 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT);
3007 break;
3008 #endif /* INET6 */
3009
3010 #ifndef IPPROTO_AH
3011 #define IPPROTO_AH 51
3012 #endif
3013 case Q_AH:
3014 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT);
3015 #ifdef INET6
3016 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT);
3017 gen_or(b0, b1);
3018 #endif
3019 break;
3020
3021 #ifndef IPPROTO_ESP
3022 #define IPPROTO_ESP 50
3023 #endif
3024 case Q_ESP:
3025 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT);
3026 #ifdef INET6
3027 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT);
3028 gen_or(b0, b1);
3029 #endif
3030 break;
3031
3032 case Q_ISO:
3033 b1 = gen_linktype(LLCSAP_ISONS);
3034 break;
3035
3036 case Q_ESIS:
3037 b1 = gen_proto(ISO9542_ESIS, Q_ISO, Q_DEFAULT);
3038 break;
3039
3040 case Q_ISIS:
3041 b1 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT);
3042 break;
3043
3044 case Q_ISIS_L1: /* all IS-IS Level1 PDU-Types */
3045 b0 = gen_proto(ISIS_L1_LAN_IIH, Q_ISIS, Q_DEFAULT);
3046 b1 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT); /* FIXME extract the circuit-type bits */
3047 gen_or(b0, b1);
3048 b0 = gen_proto(ISIS_L1_LSP, Q_ISIS, Q_DEFAULT);
3049 gen_or(b0, b1);
3050 b0 = gen_proto(ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT);
3051 gen_or(b0, b1);
3052 b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT);
3053 gen_or(b0, b1);
3054 break;
3055
3056 case Q_ISIS_L2: /* all IS-IS Level2 PDU-Types */
3057 b0 = gen_proto(ISIS_L2_LAN_IIH, Q_ISIS, Q_DEFAULT);
3058 b1 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT); /* FIXME extract the circuit-type bits */
3059 gen_or(b0, b1);
3060 b0 = gen_proto(ISIS_L2_LSP, Q_ISIS, Q_DEFAULT);
3061 gen_or(b0, b1);
3062 b0 = gen_proto(ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT);
3063 gen_or(b0, b1);
3064 b0 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT);
3065 gen_or(b0, b1);
3066 break;
3067
3068 case Q_ISIS_IIH: /* all IS-IS Hello PDU-Types */
3069 b0 = gen_proto(ISIS_L1_LAN_IIH, Q_ISIS, Q_DEFAULT);
3070 b1 = gen_proto(ISIS_L2_LAN_IIH, Q_ISIS, Q_DEFAULT);
3071 gen_or(b0, b1);
3072 b0 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT);
3073 gen_or(b0, b1);
3074 break;
3075
3076 case Q_ISIS_LSP:
3077 b0 = gen_proto(ISIS_L1_LSP, Q_ISIS, Q_DEFAULT);
3078 b1 = gen_proto(ISIS_L2_LSP, Q_ISIS, Q_DEFAULT);
3079 gen_or(b0, b1);
3080 break;
3081
3082 case Q_ISIS_SNP:
3083 b0 = gen_proto(ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT);
3084 b1 = gen_proto(ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT);
3085 gen_or(b0, b1);
3086 b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT);
3087 gen_or(b0, b1);
3088 b0 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT);
3089 gen_or(b0, b1);
3090 break;
3091
3092 case Q_ISIS_CSNP:
3093 b0 = gen_proto(ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT);
3094 b1 = gen_proto(ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT);
3095 gen_or(b0, b1);
3096 break;
3097
3098 case Q_ISIS_PSNP:
3099 b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT);
3100 b1 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT);
3101 gen_or(b0, b1);
3102 break;
3103
3104 case Q_CLNP:
3105 b1 = gen_proto(ISO8473_CLNP, Q_ISO, Q_DEFAULT);
3106 break;
3107
3108 case Q_STP:
3109 b1 = gen_linktype(LLCSAP_8021D);
3110 break;
3111
3112 case Q_IPX:
3113 b1 = gen_linktype(LLCSAP_IPX);
3114 break;
3115
3116 case Q_NETBEUI:
3117 b1 = gen_linktype(LLCSAP_NETBEUI);
3118 break;
3119
3120 default:
3121 abort();
3122 }
3123 return b1;
3124 }
3125
3126 static struct block *
3127 gen_ipfrag()
3128 {
3129 struct slist *s;
3130 struct block *b;
3131
3132 /* not ip frag */
3133 s = new_stmt(BPF_LD|BPF_H|BPF_ABS);
3134 s->s.k = off_nl + 6;
3135 b = new_block(JMP(BPF_JSET));
3136 b->s.k = 0x1fff;
3137 b->stmts = s;
3138 gen_not(b);
3139
3140 return b;
3141 }
3142
3143 static struct block *
3144 gen_portatom(off, v)
3145 int off;
3146 bpf_int32 v;
3147 {
3148 struct slist *s;
3149 struct block *b;
3150
3151 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
3152 s->s.k = off_nl;
3153
3154 s->next = new_stmt(BPF_LD|BPF_IND|BPF_H);
3155 s->next->s.k = off_nl + off;
3156
3157 b = new_block(JMP(BPF_JEQ));
3158 b->stmts = s;
3159 b->s.k = v;
3160
3161 return b;
3162 }
3163
3164 #ifdef INET6
3165 static struct block *
3166 gen_portatom6(off, v)
3167 int off;
3168 bpf_int32 v;
3169 {
3170 return gen_cmp(off_nl + 40 + off, BPF_H, v);
3171 }
3172 #endif/*INET6*/
3173
3174 struct block *
3175 gen_portop(port, proto, dir)
3176 int port, proto, dir;
3177 {
3178 struct block *b0, *b1, *tmp;
3179
3180 /* ip proto 'proto' */
3181 tmp = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)proto);
3182 b0 = gen_ipfrag();
3183 gen_and(tmp, b0);
3184
3185 switch (dir) {
3186 case Q_SRC:
3187 b1 = gen_portatom(0, (bpf_int32)port);
3188 break;
3189
3190 case Q_DST:
3191 b1 = gen_portatom(2, (bpf_int32)port);
3192 break;
3193
3194 case Q_OR:
3195 case Q_DEFAULT:
3196 tmp = gen_portatom(0, (bpf_int32)port);
3197 b1 = gen_portatom(2, (bpf_int32)port);
3198 gen_or(tmp, b1);
3199 break;
3200
3201 case Q_AND:
3202 tmp = gen_portatom(0, (bpf_int32)port);
3203 b1 = gen_portatom(2, (bpf_int32)port);
3204 gen_and(tmp, b1);
3205 break;
3206
3207 default:
3208 abort();
3209 }
3210 gen_and(b0, b1);
3211
3212 return b1;
3213 }
3214
3215 static struct block *
3216 gen_port(port, ip_proto, dir)
3217 int port;
3218 int ip_proto;
3219 int dir;
3220 {
3221 struct block *b0, *b1, *tmp;
3222
3223 /*
3224 * ether proto ip
3225 *
3226 * For FDDI, RFC 1188 says that SNAP encapsulation is used,
3227 * not LLC encapsulation with LLCSAP_IP.
3228 *
3229 * For IEEE 802 networks - which includes 802.5 token ring
3230 * (which is what DLT_IEEE802 means) and 802.11 - RFC 1042
3231 * says that SNAP encapsulation is used, not LLC encapsulation
3232 * with LLCSAP_IP.
3233 *
3234 * For LLC-encapsulated ATM/"Classical IP", RFC 1483 and
3235 * RFC 2225 say that SNAP encapsulation is used, not LLC
3236 * encapsulation with LLCSAP_IP.
3237 *
3238 * So we always check for ETHERTYPE_IP.
3239 */
3240 b0 = gen_linktype(ETHERTYPE_IP);
3241
3242 switch (ip_proto) {
3243 case IPPROTO_UDP:
3244 case IPPROTO_TCP:
3245 case IPPROTO_SCTP:
3246 b1 = gen_portop(port, ip_proto, dir);
3247 break;
3248
3249 case PROTO_UNDEF:
3250 tmp = gen_portop(port, IPPROTO_TCP, dir);
3251 b1 = gen_portop(port, IPPROTO_UDP, dir);
3252 gen_or(tmp, b1);
3253 tmp = gen_portop(port, IPPROTO_SCTP, dir);
3254 gen_or(tmp, b1);
3255 break;
3256
3257 default:
3258 abort();
3259 }
3260 gen_and(b0, b1);
3261 return b1;
3262 }
3263
3264 #ifdef INET6
3265 struct block *
3266 gen_portop6(port, proto, dir)
3267 int port, proto, dir;
3268 {
3269 struct block *b0, *b1, *tmp;
3270
3271 /* ip proto 'proto' */
3272 b0 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)proto);
3273
3274 switch (dir) {
3275 case Q_SRC:
3276 b1 = gen_portatom6(0, (bpf_int32)port);
3277 break;
3278
3279 case Q_DST:
3280 b1 = gen_portatom6(2, (bpf_int32)port);
3281 break;
3282
3283 case Q_OR:
3284 case Q_DEFAULT:
3285 tmp = gen_portatom6(0, (bpf_int32)port);
3286 b1 = gen_portatom6(2, (bpf_int32)port);
3287 gen_or(tmp, b1);
3288 break;
3289
3290 case Q_AND:
3291 tmp = gen_portatom6(0, (bpf_int32)port);
3292 b1 = gen_portatom6(2, (bpf_int32)port);
3293 gen_and(tmp, b1);
3294 break;
3295
3296 default:
3297 abort();
3298 }
3299 gen_and(b0, b1);
3300
3301 return b1;
3302 }
3303
3304 static struct block *
3305 gen_port6(port, ip_proto, dir)
3306 int port;
3307 int ip_proto;
3308 int dir;
3309 {
3310 struct block *b0, *b1, *tmp;
3311
3312 /* ether proto ip */
3313 b0 = gen_linktype(ETHERTYPE_IPV6);
3314
3315 switch (ip_proto) {
3316 case IPPROTO_UDP:
3317 case IPPROTO_TCP:
3318 case IPPROTO_SCTP:
3319 b1 = gen_portop6(port, ip_proto, dir);
3320 break;
3321
3322 case PROTO_UNDEF:
3323 tmp = gen_portop6(port, IPPROTO_TCP, dir);
3324 b1 = gen_portop6(port, IPPROTO_UDP, dir);
3325 gen_or(tmp, b1);
3326 tmp = gen_portop6(port, IPPROTO_SCTP, dir);
3327 gen_or(tmp, b1);
3328 break;
3329
3330 default:
3331 abort();
3332 }
3333 gen_and(b0, b1);
3334 return b1;
3335 }
3336 #endif /* INET6 */
3337
3338 static int
3339 lookup_proto(name, proto)
3340 register const char *name;
3341 register int proto;
3342 {
3343 register int v;
3344
3345 switch (proto) {
3346
3347 case Q_DEFAULT:
3348 case Q_IP:
3349 case Q_IPV6:
3350 v = pcap_nametoproto(name);
3351 if (v == PROTO_UNDEF)
3352 bpf_error("unknown ip proto '%s'", name);
3353 break;
3354
3355 case Q_LINK:
3356 /* XXX should look up h/w protocol type based on linktype */
3357 v = pcap_nametoeproto(name);
3358 if (v == PROTO_UNDEF)
3359 bpf_error("unknown ether proto '%s'", name);
3360 break;
3361
3362 case Q_ISO:
3363 if (strcmp(name, "esis") == 0)
3364 v = ISO9542_ESIS;
3365 else if (strcmp(name, "isis") == 0)
3366 v = ISO10589_ISIS;
3367 else if (strcmp(name, "clnp") == 0)
3368 v = ISO8473_CLNP;
3369 else
3370 bpf_error("unknown osi proto '%s'", name);
3371 break;
3372
3373 default:
3374 v = PROTO_UNDEF;
3375 break;
3376 }
3377 return v;
3378 }
3379
3380 #if 0
3381 struct stmt *
3382 gen_joinsp(s, n)
3383 struct stmt **s;
3384 int n;
3385 {
3386 return NULL;
3387 }
3388 #endif
3389
3390 static struct block *
3391 gen_protochain(v, proto, dir)
3392 int v;
3393 int proto;
3394 int dir;
3395 {
3396 #ifdef NO_PROTOCHAIN
3397 return gen_proto(v, proto, dir);
3398 #else
3399 struct block *b0, *b;
3400 struct slist *s[100];
3401 int fix2, fix3, fix4, fix5;
3402 int ahcheck, again, end;
3403 int i, max;
3404 int reg2 = alloc_reg();
3405
3406 memset(s, 0, sizeof(s));
3407 fix2 = fix3 = fix4 = fix5 = 0;
3408
3409 switch (proto) {
3410 case Q_IP:
3411 case Q_IPV6:
3412 break;
3413 case Q_DEFAULT:
3414 b0 = gen_protochain(v, Q_IP, dir);
3415 b = gen_protochain(v, Q_IPV6, dir);
3416 gen_or(b0, b);
3417 return b;
3418 default:
3419 bpf_error("bad protocol applied for 'protochain'");
3420 /*NOTREACHED*/
3421 }
3422
3423 no_optimize = 1; /*this code is not compatible with optimzer yet */
3424
3425 /*
3426 * s[0] is a dummy entry to protect other BPF insn from damaged
3427 * by s[fix] = foo with uninitialized variable "fix". It is somewhat
3428 * hard to find interdependency made by jump table fixup.
3429 */
3430 i = 0;
3431 s[i] = new_stmt(0); /*dummy*/
3432 i++;
3433
3434 switch (proto) {
3435 case Q_IP:
3436 b0 = gen_linktype(ETHERTYPE_IP);
3437
3438 /* A = ip->ip_p */
3439 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
3440 s[i]->s.k = off_nl + 9;
3441 i++;
3442 /* X = ip->ip_hl << 2 */
3443 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
3444 s[i]->s.k = off_nl;
3445 i++;
3446 break;
3447 #ifdef INET6
3448 case Q_IPV6:
3449 b0 = gen_linktype(ETHERTYPE_IPV6);
3450
3451 /* A = ip6->ip_nxt */
3452 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
3453 s[i]->s.k = off_nl + 6;
3454 i++;
3455 /* X = sizeof(struct ip6_hdr) */
3456 s[i] = new_stmt(BPF_LDX|BPF_IMM);
3457 s[i]->s.k = 40;
3458 i++;
3459 break;
3460 #endif
3461 default:
3462 bpf_error("unsupported proto to gen_protochain");
3463 /*NOTREACHED*/
3464 }
3465
3466 /* again: if (A == v) goto end; else fall through; */
3467 again = i;
3468 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3469 s[i]->s.k = v;
3470 s[i]->s.jt = NULL; /*later*/
3471 s[i]->s.jf = NULL; /*update in next stmt*/
3472 fix5 = i;
3473 i++;
3474
3475 #ifndef IPPROTO_NONE
3476 #define IPPROTO_NONE 59
3477 #endif
3478 /* if (A == IPPROTO_NONE) goto end */
3479 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3480 s[i]->s.jt = NULL; /*later*/
3481 s[i]->s.jf = NULL; /*update in next stmt*/
3482 s[i]->s.k = IPPROTO_NONE;
3483 s[fix5]->s.jf = s[i];
3484 fix2 = i;
3485 i++;
3486
3487 #ifdef INET6
3488 if (proto == Q_IPV6) {
3489 int v6start, v6end, v6advance, j;
3490
3491 v6start = i;
3492 /* if (A == IPPROTO_HOPOPTS) goto v6advance */
3493 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3494 s[i]->s.jt = NULL; /*later*/
3495 s[i]->s.jf = NULL; /*update in next stmt*/
3496 s[i]->s.k = IPPROTO_HOPOPTS;
3497 s[fix2]->s.jf = s[i];
3498 i++;
3499 /* if (A == IPPROTO_DSTOPTS) goto v6advance */
3500 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3501 s[i]->s.jt = NULL; /*later*/
3502 s[i]->s.jf = NULL; /*update in next stmt*/
3503 s[i]->s.k = IPPROTO_DSTOPTS;
3504 i++;
3505 /* if (A == IPPROTO_ROUTING) goto v6advance */
3506 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3507 s[i]->s.jt = NULL; /*later*/
3508 s[i]->s.jf = NULL; /*update in next stmt*/
3509 s[i]->s.k = IPPROTO_ROUTING;
3510 i++;
3511 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */
3512 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3513 s[i]->s.jt = NULL; /*later*/
3514 s[i]->s.jf = NULL; /*later*/
3515 s[i]->s.k = IPPROTO_FRAGMENT;
3516 fix3 = i;
3517 v6end = i;
3518 i++;
3519
3520 /* v6advance: */
3521 v6advance = i;
3522
3523 /*
3524 * in short,
3525 * A = P[X];
3526 * X = X + (P[X + 1] + 1) * 8;
3527 */
3528 /* A = X */
3529 s[i] = new_stmt(BPF_MISC|BPF_TXA);
3530 i++;
3531 /* A = P[X + packet head] */
3532 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
3533 s[i]->s.k = off_nl;
3534 i++;
3535 /* MEM[reg2] = A */
3536 s[i] = new_stmt(BPF_ST);
3537 s[i]->s.k = reg2;
3538 i++;
3539 /* A = X */
3540 s[i] = new_stmt(BPF_MISC|BPF_TXA);
3541 i++;
3542 /* A += 1 */
3543 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3544 s[i]->s.k = 1;
3545 i++;
3546 /* X = A */
3547 s[i] = new_stmt(BPF_MISC|BPF_TAX);
3548 i++;
3549 /* A = P[X + packet head]; */
3550 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
3551 s[i]->s.k = off_nl;
3552 i++;
3553 /* A += 1 */
3554 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3555 s[i]->s.k = 1;
3556 i++;
3557 /* A *= 8 */
3558 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
3559 s[i]->s.k = 8;
3560 i++;
3561 /* X = A; */
3562 s[i] = new_stmt(BPF_MISC|BPF_TAX);
3563 i++;
3564 /* A = MEM[reg2] */
3565 s[i] = new_stmt(BPF_LD|BPF_MEM);
3566 s[i]->s.k = reg2;
3567 i++;
3568
3569 /* goto again; (must use BPF_JA for backward jump) */
3570 s[i] = new_stmt(BPF_JMP|BPF_JA);
3571 s[i]->s.k = again - i - 1;
3572 s[i - 1]->s.jf = s[i];
3573 i++;
3574
3575 /* fixup */
3576 for (j = v6start; j <= v6end; j++)
3577 s[j]->s.jt = s[v6advance];
3578 } else
3579 #endif
3580 {
3581 /* nop */
3582 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3583 s[i]->s.k = 0;
3584 s[fix2]->s.jf = s[i];
3585 i++;
3586 }
3587
3588 /* ahcheck: */
3589 ahcheck = i;
3590 /* if (A == IPPROTO_AH) then fall through; else goto end; */
3591 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3592 s[i]->s.jt = NULL; /*later*/
3593 s[i]->s.jf = NULL; /*later*/
3594 s[i]->s.k = IPPROTO_AH;
3595 if (fix3)
3596 s[fix3]->s.jf = s[ahcheck];
3597 fix4 = i;
3598 i++;
3599
3600 /*
3601 * in short,
3602 * A = P[X];
3603 * X = X + (P[X + 1] + 2) * 4;
3604 */
3605 /* A = X */
3606 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
3607 i++;
3608 /* A = P[X + packet head]; */
3609 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
3610 s[i]->s.k = off_nl;
3611 i++;
3612 /* MEM[reg2] = A */
3613 s[i] = new_stmt(BPF_ST);
3614 s[i]->s.k = reg2;
3615 i++;
3616 /* A = X */
3617 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
3618 i++;
3619 /* A += 1 */
3620 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3621 s[i]->s.k = 1;
3622 i++;
3623 /* X = A */
3624 s[i] = new_stmt(BPF_MISC|BPF_TAX);
3625 i++;
3626 /* A = P[X + packet head] */
3627 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
3628 s[i]->s.k = off_nl;
3629 i++;
3630 /* A += 2 */
3631 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3632 s[i]->s.k = 2;
3633 i++;
3634 /* A *= 4 */
3635 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
3636 s[i]->s.k = 4;
3637 i++;
3638 /* X = A; */
3639 s[i] = new_stmt(BPF_MISC|BPF_TAX);
3640 i++;
3641 /* A = MEM[reg2] */
3642 s[i] = new_stmt(BPF_LD|BPF_MEM);
3643 s[i]->s.k = reg2;
3644 i++;
3645
3646 /* goto again; (must use BPF_JA for backward jump) */
3647 s[i] = new_stmt(BPF_JMP|BPF_JA);
3648 s[i]->s.k = again - i - 1;
3649 i++;
3650
3651 /* end: nop */
3652 end = i;
3653 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3654 s[i]->s.k = 0;
3655 s[fix2]->s.jt = s[end];
3656 s[fix4]->s.jf = s[end];
3657 s[fix5]->s.jt = s[end];
3658 i++;
3659
3660 /*
3661 * make slist chain
3662 */
3663 max = i;
3664 for (i = 0; i < max - 1; i++)
3665 s[i]->next = s[i + 1];
3666 s[max - 1]->next = NULL;
3667
3668 /*
3669 * emit final check
3670 */
3671 b = new_block(JMP(BPF_JEQ));
3672 b->stmts = s[1]; /*remember, s[0] is dummy*/
3673 b->s.k = v;
3674
3675 free_reg(reg2);
3676
3677 gen_and(b0, b);
3678 return b;
3679 #endif
3680 }
3681
3682 static struct block *
3683 gen_proto(v, proto, dir)
3684 int v;
3685 int proto;
3686 int dir;
3687 {
3688 struct block *b0, *b1;
3689
3690 if (dir != Q_DEFAULT)
3691 bpf_error("direction applied to 'proto'");
3692
3693 switch (proto) {
3694 case Q_DEFAULT:
3695 #ifdef INET6
3696 b0 = gen_proto(v, Q_IP, dir);
3697 b1 = gen_proto(v, Q_IPV6, dir);
3698 gen_or(b0, b1);
3699 return b1;
3700 #else
3701 /*FALLTHROUGH*/
3702 #endif
3703 case Q_IP:
3704 /*
3705 * For FDDI, RFC 1188 says that SNAP encapsulation is used,
3706 * not LLC encapsulation with LLCSAP_IP.
3707 *
3708 * For IEEE 802 networks - which includes 802.5 token ring
3709 * (which is what DLT_IEEE802 means) and 802.11 - RFC 1042
3710 * says that SNAP encapsulation is used, not LLC encapsulation
3711 * with LLCSAP_IP.
3712 *
3713 * For LLC-encapsulated ATM/"Classical IP", RFC 1483 and
3714 * RFC 2225 say that SNAP encapsulation is used, not LLC
3715 * encapsulation with LLCSAP_IP.
3716 *
3717 * So we always check for ETHERTYPE_IP.
3718 */
3719 b0 = gen_linktype(ETHERTYPE_IP);
3720 #ifndef CHASE_CHAIN
3721 b1 = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)v);
3722 #else
3723 b1 = gen_protochain(v, Q_IP);
3724 #endif
3725 gen_and(b0, b1);
3726 return b1;
3727
3728 case Q_ISO:
3729 switch (linktype) {
3730
3731 case DLT_FRELAY:
3732 /*
3733 * Frame Relay packets typically have an OSI
3734 * NLPID at the beginning; "gen_linktype(LLCSAP_ISONS)"
3735 * generates code to check for all the OSI
3736 * NLPIDs, so calling it and then adding a check
3737 * for the particular NLPID for which we're
3738 * looking is bogus, as we can just check for
3739 * the NLPID.
3740 *
3741 * What we check for is the NLPID and a frame
3742 * control field value of UI, i.e. 0x03 followed
3743 * by the NLPID.
3744 *
3745 * XXX - assumes a 2-byte Frame Relay header with
3746 * DLCI and flags. What if the address is longer?
3747 *
3748 * XXX - what about SNAP-encapsulated frames?
3749 */
3750 return gen_cmp(2, BPF_H, (0x03<<8) | v);
3751 /*NOTREACHED*/
3752 break;
3753
3754 case DLT_C_HDLC:
3755 /*
3756 * Cisco uses an Ethertype lookalike - for OSI,
3757 * it's 0xfefe.
3758 */
3759 b0 = gen_linktype(LLCSAP_ISONS<<8 | LLCSAP_ISONS);
3760 /* OSI in C-HDLC is stuffed with a fudge byte */
3761 b1 = gen_cmp(off_nl_nosnap+1, BPF_B, (long)v);
3762 gen_and(b0, b1);
3763 return b1;
3764
3765 default:
3766 b0 = gen_linktype(LLCSAP_ISONS);
3767 b1 = gen_cmp(off_nl_nosnap, BPF_B, (long)v);
3768 gen_and(b0, b1);
3769 return b1;
3770 }
3771
3772 case Q_ISIS:
3773 b0 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT);
3774 /*
3775 * 4 is the offset of the PDU type relative to the IS-IS
3776 * header.
3777 */
3778 b1 = gen_cmp(off_nl_nosnap+4, BPF_B, (long)v);
3779 gen_and(b0, b1);
3780 return b1;
3781
3782 case Q_ARP:
3783 bpf_error("arp does not encapsulate another protocol");
3784 /* NOTREACHED */
3785
3786 case Q_RARP:
3787 bpf_error("rarp does not encapsulate another protocol");
3788 /* NOTREACHED */
3789
3790 case Q_ATALK:
3791 bpf_error("atalk encapsulation is not specifiable");
3792 /* NOTREACHED */
3793
3794 case Q_DECNET:
3795 bpf_error("decnet encapsulation is not specifiable");
3796 /* NOTREACHED */
3797
3798 case Q_SCA:
3799 bpf_error("sca does not encapsulate another protocol");
3800 /* NOTREACHED */
3801
3802 case Q_LAT:
3803 bpf_error("lat does not encapsulate another protocol");
3804 /* NOTREACHED */
3805
3806 case Q_MOPRC:
3807 bpf_error("moprc does not encapsulate another protocol");
3808 /* NOTREACHED */
3809
3810 case Q_MOPDL:
3811 bpf_error("mopdl does not encapsulate another protocol");
3812 /* NOTREACHED */
3813
3814 case Q_LINK:
3815 return gen_linktype(v);
3816
3817 case Q_UDP:
3818 bpf_error("'udp proto' is bogus");
3819 /* NOTREACHED */
3820
3821 case Q_TCP:
3822 bpf_error("'tcp proto' is bogus");
3823 /* NOTREACHED */
3824
3825 case Q_SCTP:
3826 bpf_error("'sctp proto' is bogus");
3827 /* NOTREACHED */
3828
3829 case Q_ICMP:
3830 bpf_error("'icmp proto' is bogus");
3831 /* NOTREACHED */
3832
3833 case Q_IGMP:
3834 bpf_error("'igmp proto' is bogus");
3835 /* NOTREACHED */
3836
3837 case Q_IGRP:
3838 bpf_error("'igrp proto' is bogus");
3839 /* NOTREACHED */
3840
3841 case Q_PIM:
3842 bpf_error("'pim proto' is bogus");
3843 /* NOTREACHED */
3844
3845 case Q_VRRP:
3846 bpf_error("'vrrp proto' is bogus");
3847 /* NOTREACHED */
3848
3849 #ifdef INET6
3850 case Q_IPV6:
3851 b0 = gen_linktype(ETHERTYPE_IPV6);
3852 #ifndef CHASE_CHAIN
3853 b1 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)v);
3854 #else
3855 b1 = gen_protochain(v, Q_IPV6);
3856 #endif
3857 gen_and(b0, b1);
3858 return b1;
3859
3860 case Q_ICMPV6:
3861 bpf_error("'icmp6 proto' is bogus");
3862 #endif /* INET6 */
3863
3864 case Q_AH:
3865 bpf_error("'ah proto' is bogus");
3866
3867 case Q_ESP:
3868 bpf_error("'ah proto' is bogus");
3869
3870 case Q_STP:
3871 bpf_error("'stp proto' is bogus");
3872
3873 case Q_IPX:
3874 bpf_error("'ipx proto' is bogus");
3875
3876 case Q_NETBEUI:
3877 bpf_error("'netbeui proto' is bogus");
3878
3879 default:
3880 abort();
3881 /* NOTREACHED */
3882 }
3883 /* NOTREACHED */
3884 }
3885
3886 struct block *
3887 gen_scode(name, q)
3888 register const char *name;
3889 struct qual q;
3890 {
3891 int proto = q.proto;
3892 int dir = q.dir;
3893 int tproto;
3894 u_char *eaddr;
3895 bpf_u_int32 mask, addr;
3896 #ifndef INET6
3897 bpf_u_int32 **alist;
3898 #else
3899 int tproto6;
3900 struct sockaddr_in *sin;
3901 struct sockaddr_in6 *sin6;
3902 struct addrinfo *res, *res0;
3903 struct in6_addr mask128;
3904 #endif /*INET6*/
3905 struct block *b, *tmp;
3906 int port, real_proto;
3907
3908 switch (q.addr) {
3909
3910 case Q_NET:
3911 addr = pcap_nametonetaddr(name);
3912 if (addr == 0)
3913 bpf_error("unknown network '%s'", name);
3914 /* Left justify network addr and calculate its network mask */
3915 mask = 0xffffffff;
3916 while (addr && (addr & 0xff000000) == 0) {
3917 addr <<= 8;
3918 mask <<= 8;
3919 }
3920 return gen_host(addr, mask, proto, dir);
3921
3922 case Q_DEFAULT:
3923 case Q_HOST:
3924 if (proto == Q_LINK) {
3925 switch (linktype) {
3926
3927 case DLT_EN10MB:
3928 eaddr = pcap_ether_hostton(name);
3929 if (eaddr == NULL)
3930 bpf_error(
3931 "unknown ether host '%s'", name);
3932 b = gen_ehostop(eaddr, dir);
3933 free(eaddr);
3934 return b;
3935
3936 case DLT_FDDI:
3937 eaddr = pcap_ether_hostton(name);
3938 if (eaddr == NULL)
3939 bpf_error(
3940 "unknown FDDI host '%s'", name);
3941 b = gen_fhostop(eaddr, dir);
3942 free(eaddr);
3943 return b;
3944
3945 case DLT_IEEE802:
3946 eaddr = pcap_ether_hostton(name);
3947 if (eaddr == NULL)
3948 bpf_error(
3949 "unknown token ring host '%s'", name);
3950 b = gen_thostop(eaddr, dir);
3951 free(eaddr);
3952 return b;
3953
3954 case DLT_IEEE802_11:
3955 eaddr = pcap_ether_hostton(name);
3956 if (eaddr == NULL)
3957 bpf_error(
3958 "unknown 802.11 host '%s'", name);
3959 b = gen_wlanhostop(eaddr, dir);
3960 free(eaddr);
3961 return b;
3962
3963 case DLT_IP_OVER_FC:
3964 eaddr = pcap_ether_hostton(name);
3965 if (eaddr == NULL)
3966 bpf_error(
3967 "unknown Fibre Channel host '%s'", name);
3968 b = gen_ipfchostop(eaddr, dir);
3969 free(eaddr);
3970 return b;
3971
3972 case DLT_SUNATM:
3973 if (!is_lane)
3974 break;
3975
3976 /*
3977 * Check that the packet doesn't begin
3978 * with an LE Control marker. (We've
3979 * already generated a test for LANE.)
3980 */
3981 tmp = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H,
3982 0xFF00);
3983 gen_not(tmp);
3984
3985 eaddr = pcap_ether_hostton(name);
3986 if (eaddr == NULL)
3987 bpf_error(
3988 "unknown ether host '%s'", name);
3989 b = gen_ehostop(eaddr, dir);
3990 gen_and(tmp, b);
3991 free(eaddr);
3992 return b;
3993 }
3994
3995 bpf_error("only ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel supports link-level host name");
3996 } else if (proto == Q_DECNET) {
3997 unsigned short dn_addr = __pcap_nametodnaddr(name);
3998 /*
3999 * I don't think DECNET hosts can be multihomed, so
4000 * there is no need to build up a list of addresses
4001 */
4002 return (gen_host(dn_addr, 0, proto, dir));
4003 } else {
4004 #ifndef INET6
4005 alist = pcap_nametoaddr(name);
4006 if (alist == NULL || *alist == NULL)
4007 bpf_error("unknown host '%s'", name);
4008 tproto = proto;
4009 if (off_linktype == (u_int)-1 && tproto == Q_DEFAULT)
4010 tproto = Q_IP;
4011 b = gen_host(**alist++, 0xffffffff, tproto, dir);
4012 while (*alist) {
4013 tmp = gen_host(**alist++, 0xffffffff,
4014 tproto, dir);
4015 gen_or(b, tmp);
4016 b = tmp;
4017 }
4018 return b;
4019 #else
4020 memset(&mask128, 0xff, sizeof(mask128));
4021 res0 = res = pcap_nametoaddrinfo(name);
4022 if (res == NULL)
4023 bpf_error("unknown host '%s'", name);
4024 b = tmp = NULL;
4025 tproto = tproto6 = proto;
4026 if (off_linktype == -1 && tproto == Q_DEFAULT) {
4027 tproto = Q_IP;
4028 tproto6 = Q_IPV6;
4029 }
4030 for (res = res0; res; res = res->ai_next) {
4031 switch (res->ai_family) {
4032 case AF_INET:
4033 if (tproto == Q_IPV6)
4034 continue;
4035
4036 sin = (struct sockaddr_in *)
4037 res->ai_addr;
4038 tmp = gen_host(ntohl(sin->sin_addr.s_addr),
4039 0xffffffff, tproto, dir);
4040 break;
4041 case AF_INET6:
4042 if (tproto6 == Q_IP)
4043 continue;
4044
4045 sin6 = (struct sockaddr_in6 *)
4046 res->ai_addr;
4047 tmp = gen_host6(&sin6->sin6_addr,
4048 &mask128, tproto6, dir);
4049 break;
4050 default:
4051 continue;
4052 }
4053 if (b)
4054 gen_or(b, tmp);
4055 b = tmp;
4056 }
4057 freeaddrinfo(res0);
4058 if (b == NULL) {
4059 bpf_error("unknown host '%s'%s", name,
4060 (proto == Q_DEFAULT)
4061 ? ""
4062 : " for specified address family");
4063 }
4064 return b;
4065 #endif /*INET6*/
4066 }
4067
4068 case Q_PORT:
4069 if (proto != Q_DEFAULT &&
4070 proto != Q_UDP && proto != Q_TCP && proto != Q_SCTP)
4071 bpf_error("illegal qualifier of 'port'");
4072 if (pcap_nametoport(name, &port, &real_proto) == 0)
4073 bpf_error("unknown port '%s'", name);
4074 if (proto == Q_UDP) {
4075 if (real_proto == IPPROTO_TCP)
4076 bpf_error("port '%s' is tcp", name);
4077 else if (real_proto == IPPROTO_SCTP)
4078 bpf_error("port '%s' is sctp", name);
4079 else
4080 /* override PROTO_UNDEF */
4081 real_proto = IPPROTO_UDP;
4082 }
4083 if (proto == Q_TCP) {
4084 if (real_proto == IPPROTO_UDP)
4085 bpf_error("port '%s' is udp", name);
4086
4087 else if (real_proto == IPPROTO_SCTP)
4088 bpf_error("port '%s' is sctp", name);
4089 else
4090 /* override PROTO_UNDEF */
4091 real_proto = IPPROTO_TCP;
4092 }
4093 if (proto == Q_SCTP) {
4094 if (real_proto == IPPROTO_UDP)
4095 bpf_error("port '%s' is udp", name);
4096
4097 else if (real_proto == IPPROTO_TCP)
4098 bpf_error("port '%s' is tcp", name);
4099 else
4100 /* override PROTO_UNDEF */
4101 real_proto = IPPROTO_SCTP;
4102 }
4103 #ifndef INET6
4104 return gen_port(port, real_proto, dir);
4105 #else
4106 {
4107 struct block *b;
4108 b = gen_port(port, real_proto, dir);
4109 gen_or(gen_port6(port, real_proto, dir), b);
4110 return b;
4111 }
4112 #endif /* INET6 */
4113
4114 case Q_GATEWAY:
4115 #ifndef INET6
4116 eaddr = pcap_ether_hostton(name);
4117 if (eaddr == NULL)
4118 bpf_error("unknown ether host: %s", name);
4119
4120 alist = pcap_nametoaddr(name);
4121 if (alist == NULL || *alist == NULL)
4122 bpf_error("unknown host '%s'", name);
4123 b = gen_gateway(eaddr, alist, proto, dir);
4124 free(eaddr);
4125 return b;
4126 #else
4127 bpf_error("'gateway' not supported in this configuration");
4128 #endif /*INET6*/
4129
4130 case Q_PROTO:
4131 real_proto = lookup_proto(name, proto);
4132 if (real_proto >= 0)
4133 return gen_proto(real_proto, proto, dir);
4134 else
4135 bpf_error("unknown protocol: %s", name);
4136
4137 case Q_PROTOCHAIN:
4138 real_proto = lookup_proto(name, proto);
4139 if (real_proto >= 0)
4140 return gen_protochain(real_proto, proto, dir);
4141 else
4142 bpf_error("unknown protocol: %s", name);
4143
4144
4145 case Q_UNDEF:
4146 syntax();
4147 /* NOTREACHED */
4148 }
4149 abort();
4150 /* NOTREACHED */
4151 }
4152
4153 struct block *
4154 gen_mcode(s1, s2, masklen, q)
4155 register const char *s1, *s2;
4156 register int masklen;
4157 struct qual q;
4158 {
4159 register int nlen, mlen;
4160 bpf_u_int32 n, m;
4161
4162 nlen = __pcap_atoin(s1, &n);
4163 /* Promote short ipaddr */
4164 n <<= 32 - nlen;
4165
4166 if (s2 != NULL) {
4167 mlen = __pcap_atoin(s2, &m);
4168 /* Promote short ipaddr */
4169 m <<= 32 - mlen;
4170 if ((n & ~m) != 0)
4171 bpf_error("non-network bits set in \"%s mask %s\"",
4172 s1, s2);
4173 } else {
4174 /* Convert mask len to mask */
4175 if (masklen > 32)
4176 bpf_error("mask length must be <= 32");
4177 m = 0xffffffff << (32 - masklen);
4178 if ((n & ~m) != 0)
4179 bpf_error("non-network bits set in \"%s/%d\"",
4180 s1, masklen);
4181 }
4182
4183 switch (q.addr) {
4184
4185 case Q_NET:
4186 return gen_host(n, m, q.proto, q.dir);
4187
4188 default:
4189 bpf_error("Mask syntax for networks only");
4190 /* NOTREACHED */
4191 }
4192 /* NOTREACHED */
4193 }
4194
4195 struct block *
4196 gen_ncode(s, v, q)
4197 register const char *s;
4198 bpf_u_int32 v;
4199 struct qual q;
4200 {
4201 bpf_u_int32 mask;
4202 int proto = q.proto;
4203 int dir = q.dir;
4204 register int vlen;
4205
4206 if (s == NULL)
4207 vlen = 32;
4208 else if (q.proto == Q_DECNET)
4209 vlen = __pcap_atodn(s, &v);
4210 else
4211 vlen = __pcap_atoin(s, &v);
4212
4213 switch (q.addr) {
4214
4215 case Q_DEFAULT:
4216 case Q_HOST:
4217 case Q_NET:
4218 if (proto == Q_DECNET)
4219 return gen_host(v, 0, proto, dir);
4220 else if (proto == Q_LINK) {
4221 bpf_error("illegal link layer address");
4222 } else {
4223 mask = 0xffffffff;
4224 if (s == NULL && q.addr == Q_NET) {
4225 /* Promote short net number */
4226 while (v && (v & 0xff000000) == 0) {
4227 v <<= 8;
4228 mask <<= 8;
4229 }
4230 } else {
4231 /* Promote short ipaddr */
4232 v <<= 32 - vlen;
4233 mask <<= 32 - vlen;
4234 }
4235 return gen_host(v, mask, proto, dir);
4236 }
4237
4238 case Q_PORT:
4239 if (proto == Q_UDP)
4240 proto = IPPROTO_UDP;
4241 else if (proto == Q_TCP)
4242 proto = IPPROTO_TCP;
4243 else if (proto == Q_SCTP)
4244 proto = IPPROTO_SCTP;
4245 else if (proto == Q_DEFAULT)
4246 proto = PROTO_UNDEF;
4247 else
4248 bpf_error("illegal qualifier of 'port'");
4249
4250 #ifndef INET6
4251 return gen_port((int)v, proto, dir);
4252 #else
4253 {
4254 struct block *b;
4255 b = gen_port((int)v, proto, dir);
4256 gen_or(gen_port6((int)v, proto, dir), b);
4257 return b;
4258 }
4259 #endif /* INET6 */
4260
4261 case Q_GATEWAY:
4262 bpf_error("'gateway' requires a name");
4263 /* NOTREACHED */
4264
4265 case Q_PROTO:
4266 return gen_proto((int)v, proto, dir);
4267
4268 case Q_PROTOCHAIN:
4269 return gen_protochain((int)v, proto, dir);
4270
4271 case Q_UNDEF:
4272 syntax();
4273 /* NOTREACHED */
4274
4275 default:
4276 abort();
4277 /* NOTREACHED */
4278 }
4279 /* NOTREACHED */
4280 }
4281
4282 #ifdef INET6
4283 struct block *
4284 gen_mcode6(s1, s2, masklen, q)
4285 register const char *s1, *s2;
4286 register int masklen;
4287 struct qual q;
4288 {
4289 struct addrinfo *res;
4290 struct in6_addr *addr;
4291 struct in6_addr mask;
4292 struct block *b;
4293 u_int32_t *a, *m;
4294
4295 if (s2)
4296 bpf_error("no mask %s supported", s2);
4297
4298 res = pcap_nametoaddrinfo(s1);
4299 if (!res)
4300 bpf_error("invalid ip6 address %s", s1);
4301 if (res->ai_next)
4302 bpf_error("%s resolved to multiple address", s1);
4303 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr;
4304
4305 if (sizeof(mask) * 8 < masklen)
4306 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8));
4307 memset(&mask, 0, sizeof(mask));
4308 memset(&mask, 0xff, masklen / 8);
4309 if (masklen % 8) {
4310 mask.s6_addr[masklen / 8] =
4311 (0xff << (8 - masklen % 8)) & 0xff;
4312 }
4313
4314 a = (u_int32_t *)addr;
4315 m = (u_int32_t *)&mask;
4316 if ((a[0] & ~m[0]) || (a[1] & ~m[1])
4317 || (a[2] & ~m[2]) || (a[3] & ~m[3])) {
4318 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen);
4319 }
4320
4321 switch (q.addr) {
4322
4323 case Q_DEFAULT:
4324 case Q_HOST:
4325 if (masklen != 128)
4326 bpf_error("Mask syntax for networks only");
4327 /* FALLTHROUGH */
4328
4329 case Q_NET:
4330 b = gen_host6(addr, &mask, q.proto, q.dir);
4331 freeaddrinfo(res);
4332 return b;
4333
4334 default:
4335 bpf_error("invalid qualifier against IPv6 address");
4336 /* NOTREACHED */
4337 }
4338 }
4339 #endif /*INET6*/
4340
4341 struct block *
4342 gen_ecode(eaddr, q)
4343 register const u_char *eaddr;
4344 struct qual q;
4345 {
4346 struct block *b, *tmp;
4347
4348 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
4349 if (linktype == DLT_EN10MB)
4350 return gen_ehostop(eaddr, (int)q.dir);
4351 if (linktype == DLT_FDDI)
4352 return gen_fhostop(eaddr, (int)q.dir);
4353 if (linktype == DLT_IEEE802)
4354 return gen_thostop(eaddr, (int)q.dir);
4355 if (linktype == DLT_IEEE802_11)
4356 return gen_wlanhostop(eaddr, (int)q.dir);
4357 if (linktype == DLT_SUNATM && is_lane) {
4358 /*
4359 * Check that the packet doesn't begin with an
4360 * LE Control marker. (We've already generated
4361 * a test for LANE.)
4362 */
4363 tmp = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
4364 gen_not(tmp);
4365
4366 /*
4367 * Now check the MAC address.
4368 */
4369 b = gen_ehostop(eaddr, (int)q.dir);
4370 gen_and(tmp, b);
4371 return b;
4372 }
4373 if (linktype == DLT_IP_OVER_FC)
4374 return gen_ipfchostop(eaddr, (int)q.dir);
4375 bpf_error("ethernet addresses supported only on ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel");
4376 }
4377 bpf_error("ethernet address used in non-ether expression");
4378 /* NOTREACHED */
4379 }
4380
4381 void
4382 sappend(s0, s1)
4383 struct slist *s0, *s1;
4384 {
4385 /*
4386 * This is definitely not the best way to do this, but the
4387 * lists will rarely get long.
4388 */
4389 while (s0->next)
4390 s0 = s0->next;
4391 s0->next = s1;
4392 }
4393
4394 static struct slist *
4395 xfer_to_x(a)
4396 struct arth *a;
4397 {
4398 struct slist *s;
4399
4400 s = new_stmt(BPF_LDX|BPF_MEM);
4401 s->s.k = a->regno;
4402 return s;
4403 }
4404
4405 static struct slist *
4406 xfer_to_a(a)
4407 struct arth *a;
4408 {
4409 struct slist *s;
4410
4411 s = new_stmt(BPF_LD|BPF_MEM);
4412 s->s.k = a->regno;
4413 return s;
4414 }
4415
4416 struct arth *
4417 gen_load(proto, index, size)
4418 int proto;
4419 struct arth *index;
4420 int size;
4421 {
4422 struct slist *s, *tmp;
4423 struct block *b;
4424 int regno = alloc_reg();
4425
4426 free_reg(index->regno);
4427 switch (size) {
4428
4429 default:
4430 bpf_error("data size must be 1, 2, or 4");
4431
4432 case 1:
4433 size = BPF_B;
4434 break;
4435
4436 case 2:
4437 size = BPF_H;
4438 break;
4439
4440 case 4:
4441 size = BPF_W;
4442 break;
4443 }
4444 switch (proto) {
4445 default:
4446 bpf_error("unsupported index operation");
4447
4448 case Q_LINK:
4449 /*
4450 * XXX - what about ATM LANE? Should the index be
4451 * relative to the beginning of the AAL5 frame, so
4452 * that 0 refers to the beginning of the LE Control
4453 * field, or relative to the beginning of the LAN
4454 * frame, so that 0 refers, for Ethernet LANE, to
4455 * the beginning of the destination address?
4456 */
4457 s = xfer_to_x(index);
4458 tmp = new_stmt(BPF_LD|BPF_IND|size);
4459 sappend(s, tmp);
4460 sappend(index->s, s);
4461 break;
4462
4463 case Q_IP:
4464 case Q_ARP:
4465 case Q_RARP:
4466 case Q_ATALK:
4467 case Q_DECNET:
4468 case Q_SCA:
4469 case Q_LAT:
4470 case Q_MOPRC:
4471 case Q_MOPDL:
4472 #ifdef INET6
4473 case Q_IPV6:
4474 #endif
4475 /* XXX Note that we assume a fixed link header here. */
4476 s = xfer_to_x(index);
4477 tmp = new_stmt(BPF_LD|BPF_IND|size);
4478 tmp->s.k = off_nl;
4479 sappend(s, tmp);
4480 sappend(index->s, s);
4481
4482 b = gen_proto_abbrev(proto);
4483 if (index->b)
4484 gen_and(index->b, b);
4485 index->b = b;
4486 break;
4487
4488 case Q_SCTP:
4489 case Q_TCP:
4490 case Q_UDP:
4491 case Q_ICMP:
4492 case Q_IGMP:
4493 case Q_IGRP:
4494 case Q_PIM:
4495 case Q_VRRP:
4496 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
4497 s->s.k = off_nl;
4498 sappend(s, xfer_to_a(index));
4499 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X));
4500 sappend(s, new_stmt(BPF_MISC|BPF_TAX));
4501 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size));
4502 tmp->s.k = off_nl;
4503 sappend(index->s, s);
4504
4505 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag());
4506 if (index->b)
4507 gen_and(index->b, b);
4508 #ifdef INET6
4509 gen_and(gen_proto_abbrev(Q_IP), b);
4510 #endif
4511 index->b = b;
4512 break;
4513 #ifdef INET6
4514 case Q_ICMPV6:
4515 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]");
4516 /*NOTREACHED*/
4517 #endif
4518 }
4519 index->regno = regno;
4520 s = new_stmt(BPF_ST);
4521 s->s.k = regno;
4522 sappend(index->s, s);
4523
4524 return index;
4525 }
4526
4527 struct block *
4528 gen_relation(code, a0, a1, reversed)
4529 int code;
4530 struct arth *a0, *a1;
4531 int reversed;
4532 {
4533 struct slist *s0, *s1, *s2;
4534 struct block *b, *tmp;
4535
4536 s0 = xfer_to_x(a1);
4537 s1 = xfer_to_a(a0);
4538 if (code == BPF_JEQ) {
4539 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X);
4540 b = new_block(JMP(code));
4541 sappend(s1, s2);
4542 }
4543 else
4544 b = new_block(BPF_JMP|code|BPF_X);
4545 if (reversed)
4546 gen_not(b);
4547
4548 sappend(s0, s1);
4549 sappend(a1->s, s0);
4550 sappend(a0->s, a1->s);
4551
4552 b->stmts = a0->s;
4553
4554 free_reg(a0->regno);
4555 free_reg(a1->regno);
4556
4557 /* 'and' together protocol checks */
4558 if (a0->b) {
4559 if (a1->b) {
4560 gen_and(a0->b, tmp = a1->b);
4561 }
4562 else
4563 tmp = a0->b;
4564 } else
4565 tmp = a1->b;
4566
4567 if (tmp)
4568 gen_and(tmp, b);
4569
4570 return b;
4571 }
4572
4573 struct arth *
4574 gen_loadlen()
4575 {
4576 int regno = alloc_reg();
4577 struct arth *a = (struct arth *)newchunk(sizeof(*a));
4578 struct slist *s;
4579
4580 s = new_stmt(BPF_LD|BPF_LEN);
4581 s->next = new_stmt(BPF_ST);
4582 s->next->s.k = regno;
4583 a->s = s;
4584 a->regno = regno;
4585
4586 return a;
4587 }
4588
4589 struct arth *
4590 gen_loadi(val)
4591 int val;
4592 {
4593 struct arth *a;
4594 struct slist *s;
4595 int reg;
4596
4597 a = (struct arth *)newchunk(sizeof(*a));
4598
4599 reg = alloc_reg();
4600
4601 s = new_stmt(BPF_LD|BPF_IMM);
4602 s->s.k = val;
4603 s->next = new_stmt(BPF_ST);
4604 s->next->s.k = reg;
4605 a->s = s;
4606 a->regno = reg;
4607
4608 return a;
4609 }
4610
4611 struct arth *
4612 gen_neg(a)
4613 struct arth *a;
4614 {
4615 struct slist *s;
4616
4617 s = xfer_to_a(a);
4618 sappend(a->s, s);
4619 s = new_stmt(BPF_ALU|BPF_NEG);
4620 s->s.k = 0;
4621 sappend(a->s, s);
4622 s = new_stmt(BPF_ST);
4623 s->s.k = a->regno;
4624 sappend(a->s, s);
4625
4626 return a;
4627 }
4628
4629 struct arth *
4630 gen_arth(code, a0, a1)
4631 int code;
4632 struct arth *a0, *a1;
4633 {
4634 struct slist *s0, *s1, *s2;
4635
4636 s0 = xfer_to_x(a1);
4637 s1 = xfer_to_a(a0);
4638 s2 = new_stmt(BPF_ALU|BPF_X|code);
4639
4640 sappend(s1, s2);
4641 sappend(s0, s1);
4642 sappend(a1->s, s0);
4643 sappend(a0->s, a1->s);
4644
4645 free_reg(a0->regno);
4646 free_reg(a1->regno);
4647
4648 s0 = new_stmt(BPF_ST);
4649 a0->regno = s0->s.k = alloc_reg();
4650 sappend(a0->s, s0);
4651
4652 return a0;
4653 }
4654
4655 /*
4656 * Here we handle simple allocation of the scratch registers.
4657 * If too many registers are alloc'd, the allocator punts.
4658 */
4659 static int regused[BPF_MEMWORDS];
4660 static int curreg;
4661
4662 /*
4663 * Return the next free register.
4664 */
4665 static int
4666 alloc_reg()
4667 {
4668 int n = BPF_MEMWORDS;
4669
4670 while (--n >= 0) {
4671 if (regused[curreg])
4672 curreg = (curreg + 1) % BPF_MEMWORDS;
4673 else {
4674 regused[curreg] = 1;
4675 return curreg;
4676 }
4677 }
4678 bpf_error("too many registers needed to evaluate expression");
4679 /* NOTREACHED */
4680 }
4681
4682 /*
4683 * Return a register to the table so it can
4684 * be used later.
4685 */
4686 static void
4687 free_reg(n)
4688 int n;
4689 {
4690 regused[n] = 0;
4691 }
4692
4693 static struct block *
4694 gen_len(jmp, n)
4695 int jmp, n;
4696 {
4697 struct slist *s;
4698 struct block *b;
4699
4700 s = new_stmt(BPF_LD|BPF_LEN);
4701 b = new_block(JMP(jmp));
4702 b->stmts = s;
4703 b->s.k = n;
4704
4705 return b;
4706 }
4707
4708 struct block *
4709 gen_greater(n)
4710 int n;
4711 {
4712 return gen_len(BPF_JGE, n);
4713 }
4714
4715 /*
4716 * Actually, this is less than or equal.
4717 */
4718 struct block *
4719 gen_less(n)
4720 int n;
4721 {
4722 struct block *b;
4723
4724 b = gen_len(BPF_JGT, n);
4725 gen_not(b);
4726
4727 return b;
4728 }
4729
4730 struct block *
4731 gen_byteop(op, idx, val)
4732 int op, idx, val;
4733 {
4734 struct block *b;
4735 struct slist *s;
4736
4737 switch (op) {
4738 default:
4739 abort();
4740
4741 case '=':
4742 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
4743
4744 case '<':
4745 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
4746 b->s.code = JMP(BPF_JGE);
4747 gen_not(b);
4748 return b;
4749
4750 case '>':
4751 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
4752 b->s.code = JMP(BPF_JGT);
4753 return b;
4754
4755 case '|':
4756 s = new_stmt(BPF_ALU|BPF_OR|BPF_K);
4757 break;
4758
4759 case '&':
4760 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
4761 break;
4762 }
4763 s->s.k = val;
4764 b = new_block(JMP(BPF_JEQ));
4765 b->stmts = s;
4766 gen_not(b);
4767
4768 return b;
4769 }
4770
4771 static u_char abroadcast[] = { 0x0 };
4772
4773 struct block *
4774 gen_broadcast(proto)
4775 int proto;
4776 {
4777 bpf_u_int32 hostmask;
4778 struct block *b0, *b1, *b2;
4779 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
4780
4781 switch (proto) {
4782
4783 case Q_DEFAULT:
4784 case Q_LINK:
4785 if (linktype == DLT_ARCNET || linktype == DLT_ARCNET_LINUX)
4786 return gen_ahostop(abroadcast, Q_DST);
4787 if (linktype == DLT_EN10MB)
4788 return gen_ehostop(ebroadcast, Q_DST);
4789 if (linktype == DLT_FDDI)
4790 return gen_fhostop(ebroadcast, Q_DST);
4791 if (linktype == DLT_IEEE802)
4792 return gen_thostop(ebroadcast, Q_DST);
4793 if (linktype == DLT_IEEE802_11)
4794 return gen_wlanhostop(ebroadcast, Q_DST);
4795 if (linktype == DLT_IP_OVER_FC)
4796 return gen_ipfchostop(ebroadcast, Q_DST);
4797 if (linktype == DLT_SUNATM && is_lane) {
4798 /*
4799 * Check that the packet doesn't begin with an
4800 * LE Control marker. (We've already generated
4801 * a test for LANE.)
4802 */
4803 b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
4804 gen_not(b1);
4805
4806 /*
4807 * Now check the MAC address.
4808 */
4809 b0 = gen_ehostop(ebroadcast, Q_DST);
4810 gen_and(b1, b0);
4811 return b0;
4812 }
4813 bpf_error("not a broadcast link");
4814 break;
4815
4816 case Q_IP:
4817 b0 = gen_linktype(ETHERTYPE_IP);
4818 hostmask = ~netmask;
4819 b1 = gen_mcmp(off_nl + 16, BPF_W, (bpf_int32)0, hostmask);
4820 b2 = gen_mcmp(off_nl + 16, BPF_W,
4821 (bpf_int32)(~0 & hostmask), hostmask);
4822 gen_or(b1, b2);
4823 gen_and(b0, b2);
4824 return b2;
4825 }
4826 bpf_error("only link-layer/IP broadcast filters supported");
4827 /* NOTREACHED */
4828 }
4829
4830 /*
4831 * Generate code to test the low-order bit of a MAC address (that's
4832 * the bottom bit of the *first* byte).
4833 */
4834 static struct block *
4835 gen_mac_multicast(offset)
4836 int offset;
4837 {
4838 register struct block *b0;
4839 register struct slist *s;
4840
4841 /* link[offset] & 1 != 0 */
4842 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4843 s->s.k = offset;
4844 b0 = new_block(JMP(BPF_JSET));
4845 b0->s.k = 1;
4846 b0->stmts = s;
4847 return b0;
4848 }
4849
4850 struct block *
4851 gen_multicast(proto)
4852 int proto;
4853 {
4854 register struct block *b0, *b1, *b2;
4855 register struct slist *s;
4856
4857 switch (proto) {
4858
4859 case Q_DEFAULT:
4860 case Q_LINK:
4861 if (linktype == DLT_ARCNET || linktype == DLT_ARCNET_LINUX)
4862 /* all ARCnet multicasts use the same address */
4863 return gen_ahostop(abroadcast, Q_DST);
4864
4865 if (linktype == DLT_EN10MB) {
4866 /* ether[0] & 1 != 0 */
4867 return gen_mac_multicast(0);
4868 }
4869
4870 if (linktype == DLT_FDDI) {
4871 /*
4872 * XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX
4873 *
4874 * XXX - was that referring to bit-order issues?
4875 */
4876 /* fddi[1] & 1 != 0 */
4877 return gen_mac_multicast(1);
4878 }
4879
4880 if (linktype == DLT_IEEE802) {
4881 /* tr[2] & 1 != 0 */
4882 return gen_mac_multicast(2);
4883 }
4884
4885 if (linktype == DLT_IEEE802_11) {
4886 /*
4887 * Oh, yuk.
4888 *
4889 * For control frames, there is no DA.
4890 *
4891 * For management frames, DA is at an
4892 * offset of 4 from the beginning of
4893 * the packet.
4894 *
4895 * For data frames, DA is at an offset
4896 * of 4 from the beginning of the packet
4897 * if To DS is clear and at an offset of
4898 * 16 from the beginning of the packet
4899 * if To DS is set.
4900 */
4901
4902 /*
4903 * Generate the tests to be done for data frames.
4904 *
4905 * First, check for To DS set, i.e. "link[1] & 0x01".
4906 */
4907 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4908 s->s.k = 1;
4909 b1 = new_block(JMP(BPF_JSET));
4910 b1->s.k = 0x01; /* To DS */
4911 b1->stmts = s;
4912
4913 /*
4914 * If To DS is set, the DA is at 16.
4915 */
4916 b0 = gen_mac_multicast(16);
4917 gen_and(b1, b0);
4918
4919 /*
4920 * Now, check for To DS not set, i.e. check
4921 * "!(link[1] & 0x01)".
4922 */
4923 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4924 s->s.k = 1;
4925 b2 = new_block(JMP(BPF_JSET));
4926 b2->s.k = 0x01; /* To DS */
4927 b2->stmts = s;
4928 gen_not(b2);
4929
4930 /*
4931 * If To DS is not set, the DA is at 4.
4932 */
4933 b1 = gen_mac_multicast(4);
4934 gen_and(b2, b1);
4935
4936 /*
4937 * Now OR together the last two checks. That gives
4938 * the complete set of checks for data frames.
4939 */
4940 gen_or(b1, b0);
4941
4942 /*
4943 * Now check for a data frame.
4944 * I.e, check "link[0] & 0x08".
4945 */
4946 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4947 s->s.k = 0;
4948 b1 = new_block(JMP(BPF_JSET));
4949 b1->s.k = 0x08;
4950 b1->stmts = s;
4951
4952 /*
4953 * AND that with the checks done for data frames.
4954 */
4955 gen_and(b1, b0);
4956
4957 /*
4958 * If the high-order bit of the type value is 0, this
4959 * is a management frame.
4960 * I.e, check "!(link[0] & 0x08)".
4961 */
4962 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4963 s->s.k = 0;
4964 b2 = new_block(JMP(BPF_JSET));
4965 b2->s.k = 0x08;
4966 b2->stmts = s;
4967 gen_not(b2);
4968
4969 /*
4970 * For management frames, the DA is at 4.
4971 */
4972 b1 = gen_mac_multicast(4);
4973 gen_and(b2, b1);
4974
4975 /*
4976 * OR that with the checks done for data frames.
4977 * That gives the checks done for management and
4978 * data frames.
4979 */
4980 gen_or(b1, b0);
4981
4982 /*
4983 * If the low-order bit of the type value is 1,
4984 * this is either a control frame or a frame
4985 * with a reserved type, and thus not a
4986 * frame with an SA.
4987 *
4988 * I.e., check "!(link[0] & 0x04)".
4989 */
4990 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4991 s->s.k = 0;
4992 b1 = new_block(JMP(BPF_JSET));
4993 b1->s.k = 0x04;
4994 b1->stmts = s;
4995 gen_not(b1);
4996
4997 /*
4998 * AND that with the checks for data and management
4999 * frames.
5000 */
5001 gen_and(b1, b0);
5002 return b0;
5003 }
5004
5005 if (linktype == DLT_IP_OVER_FC) {
5006 b0 = gen_mac_multicast(2);
5007 return b0;
5008 }
5009
5010 if (linktype == DLT_SUNATM && is_lane) {
5011 /*
5012 * Check that the packet doesn't begin with an
5013 * LE Control marker. (We've already generated
5014 * a test for LANE.)
5015 */
5016 b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
5017 gen_not(b1);
5018
5019 /* ether[off_mac] & 1 != 0 */
5020 b0 = gen_mac_multicast(off_mac);
5021 gen_and(b1, b0);
5022 return b0;
5023 }
5024
5025 /* Link not known to support multicasts */
5026 break;
5027
5028 case Q_IP:
5029 b0 = gen_linktype(ETHERTYPE_IP);
5030 b1 = gen_cmp(off_nl + 16, BPF_B, (bpf_int32)224);
5031 b1->s.code = JMP(BPF_JGE);
5032 gen_and(b0, b1);
5033 return b1;
5034
5035 #ifdef INET6
5036 case Q_IPV6:
5037 b0 = gen_linktype(ETHERTYPE_IPV6);
5038 b1 = gen_cmp(off_nl + 24, BPF_B, (bpf_int32)255);
5039 gen_and(b0, b1);
5040 return b1;
5041 #endif /* INET6 */
5042 }
5043 bpf_error("link-layer multicast filters supported only on ethernet/FDDI/token ring/ARCNET/802.11/ATM LANE/Fibre Channel");
5044 /* NOTREACHED */
5045 }
5046
5047 /*
5048 * generate command for inbound/outbound. It's here so we can
5049 * make it link-type specific. 'dir' = 0 implies "inbound",
5050 * = 1 implies "outbound".
5051 */
5052 struct block *
5053 gen_inbound(dir)
5054 int dir;
5055 {
5056 register struct block *b0;
5057
5058 /*
5059 * Only some data link types support inbound/outbound qualifiers.
5060 */
5061 switch (linktype) {
5062 case DLT_SLIP:
5063 b0 = gen_relation(BPF_JEQ,
5064 gen_load(Q_LINK, gen_loadi(0), 1),
5065 gen_loadi(0),
5066 dir);
5067 break;
5068
5069 case DLT_LINUX_SLL:
5070 if (dir) {
5071 /*
5072 * Match packets sent by this machine.
5073 */
5074 b0 = gen_cmp(0, BPF_H, LINUX_SLL_OUTGOING);
5075 } else {
5076 /*
5077 * Match packets sent to this machine.
5078 * (No broadcast or multicast packets, or
5079 * packets sent to some other machine and
5080 * received promiscuously.)
5081 *
5082 * XXX - packets sent to other machines probably
5083 * shouldn't be matched, but what about broadcast
5084 * or multicast packets we received?
5085 */
5086 b0 = gen_cmp(0, BPF_H, LINUX_SLL_HOST);
5087 }
5088 break;
5089
5090 case DLT_PFLOG:
5091 b0 = gen_cmp(offsetof(struct pfloghdr, dir), BPF_B,
5092 (bpf_int32)((dir == 0) ? PF_IN : PF_OUT));
5093 break;
5094
5095 case DLT_PPP_WITHDIRECTION:
5096 if (dir) {
5097 /* match outgoing packets */
5098 b0 = gen_cmp(0, BPF_B, PPP_WITHDIRECTION_OUT);
5099 } else {
5100 /* match incoming packets */
5101 b0 = gen_cmp(0, BPF_B, PPP_WITHDIRECTION_IN);
5102 }
5103 break;
5104
5105 case DLT_JUNIPER_ATM1:
5106 case DLT_JUNIPER_ATM2:
5107 /* juniper flags (including direction) are stored
5108 * the byte after the 3-byte magic number */
5109 if (dir) {
5110 /* match outgoing packets */
5111 b0 = gen_mcmp(3, BPF_B, 0, 0x01);
5112 } else {
5113 /* match incoming packets */
5114 b0 = gen_mcmp(3, BPF_B, 1, 0x01);
5115 }
5116 break;
5117
5118 default:
5119 bpf_error("inbound/outbound not supported on linktype %d",
5120 linktype);
5121 b0 = NULL;
5122 /* NOTREACHED */
5123 }
5124 return (b0);
5125 }
5126
5127 /* PF firewall log matched interface */
5128 struct block *
5129 gen_pf_ifname(const char *ifname)
5130 {
5131 struct block *b0;
5132 u_int len, off;
5133
5134 if (linktype == DLT_PFLOG) {
5135 len = sizeof(((struct pfloghdr *)0)->ifname);
5136 off = offsetof(struct pfloghdr, ifname);
5137 } else {
5138 bpf_error("ifname not supported on linktype 0x%x", linktype);
5139 /* NOTREACHED */
5140 }
5141 if (strlen(ifname) >= len) {
5142 bpf_error("ifname interface names can only be %d characters",
5143 len-1);
5144 /* NOTREACHED */
5145 }
5146 b0 = gen_bcmp(off, strlen(ifname), (const u_char *)ifname);
5147 return (b0);
5148 }
5149
5150 /* PF firewall log matched interface */
5151 struct block *
5152 gen_pf_ruleset(char *ruleset)
5153 {
5154 struct block *b0;
5155
5156 if (linktype != DLT_PFLOG) {
5157 bpf_error("ruleset not supported on linktype 0x%x", linktype);
5158 /* NOTREACHED */
5159 }
5160 if (strlen(ruleset) >= sizeof(((struct pfloghdr *)0)->ruleset)) {
5161 bpf_error("ruleset names can only be %ld characters",
5162 (long)(sizeof(((struct pfloghdr *)0)->ruleset) - 1));
5163 /* NOTREACHED */
5164 }
5165 b0 = gen_bcmp(offsetof(struct pfloghdr, ruleset),
5166 strlen(ruleset), (const u_char *)ruleset);
5167 return (b0);
5168 }
5169
5170 /* PF firewall log rule number */
5171 struct block *
5172 gen_pf_rnr(int rnr)
5173 {
5174 struct block *b0;
5175
5176 if (linktype == DLT_PFLOG) {
5177 b0 = gen_cmp(offsetof(struct pfloghdr, rulenr), BPF_W,
5178 (bpf_int32)rnr);
5179 } else {
5180 bpf_error("rnr not supported on linktype 0x%x", linktype);
5181 /* NOTREACHED */
5182 }
5183
5184 return (b0);
5185 }
5186
5187 /* PF firewall log sub-rule number */
5188 struct block *
5189 gen_pf_srnr(int srnr)
5190 {
5191 struct block *b0;
5192
5193 if (linktype != DLT_PFLOG) {
5194 bpf_error("srnr not supported on linktype 0x%x", linktype);
5195 /* NOTREACHED */
5196 }
5197
5198 b0 = gen_cmp(offsetof(struct pfloghdr, subrulenr), BPF_W,
5199 (bpf_int32)srnr);
5200 return (b0);
5201 }
5202
5203 /* PF firewall log reason code */
5204 struct block *
5205 gen_pf_reason(int reason)
5206 {
5207 struct block *b0;
5208
5209 if (linktype == DLT_PFLOG) {
5210 b0 = gen_cmp(offsetof(struct pfloghdr, reason), BPF_B,
5211 (bpf_int32)reason);
5212 } else {
5213 bpf_error("reason not supported on linktype 0x%x", linktype);
5214 /* NOTREACHED */
5215 }
5216
5217 return (b0);
5218 }
5219
5220 /* PF firewall log action */
5221 struct block *
5222 gen_pf_action(int action)
5223 {
5224 struct block *b0;
5225
5226 if (linktype == DLT_PFLOG) {
5227 b0 = gen_cmp(offsetof(struct pfloghdr, action), BPF_B,
5228 (bpf_int32)action);
5229 } else {
5230 bpf_error("action not supported on linktype 0x%x", linktype);
5231 /* NOTREACHED */
5232 }
5233
5234 return (b0);
5235 }
5236
5237 struct block *
5238 gen_acode(eaddr, q)
5239 register const u_char *eaddr;
5240 struct qual q;
5241 {
5242 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
5243 if (linktype == DLT_ARCNET || linktype == DLT_ARCNET_LINUX)
5244 return gen_ahostop(eaddr, (int)q.dir);
5245 }
5246 bpf_error("ARCnet address used in non-arc expression");
5247 /* NOTREACHED */
5248 }
5249
5250 static struct block *
5251 gen_ahostop(eaddr, dir)
5252 register const u_char *eaddr;
5253 register int dir;
5254 {
5255 register struct block *b0, *b1;
5256
5257 switch (dir) {
5258 /* src comes first, different from Ethernet */
5259 case Q_SRC:
5260 return gen_bcmp(0, 1, eaddr);
5261
5262 case Q_DST:
5263 return gen_bcmp(1, 1, eaddr);
5264
5265 case Q_AND:
5266 b0 = gen_ahostop(eaddr, Q_SRC);
5267 b1 = gen_ahostop(eaddr, Q_DST);
5268 gen_and(b0, b1);
5269 return b1;
5270
5271 case Q_DEFAULT:
5272 case Q_OR:
5273 b0 = gen_ahostop(eaddr, Q_SRC);
5274 b1 = gen_ahostop(eaddr, Q_DST);
5275 gen_or(b0, b1);
5276 return b1;
5277 }
5278 abort();
5279 /* NOTREACHED */
5280 }
5281
5282 /*
5283 * support IEEE 802.1Q VLAN trunk over ethernet
5284 */
5285 struct block *
5286 gen_vlan(vlan_num)
5287 int vlan_num;
5288 {
5289 struct block *b0;
5290
5291 /*
5292 * Change the offsets to point to the type and data fields within
5293 * the VLAN packet. This is somewhat of a kludge.
5294 */
5295 if (orig_nl == (u_int)-1) {
5296 orig_linktype = off_linktype; /* save original values */
5297 orig_nl = off_nl;
5298 orig_nl_nosnap = off_nl_nosnap;
5299
5300 switch (linktype) {
5301
5302 case DLT_EN10MB:
5303 off_linktype = 16;
5304 off_nl_nosnap = 18;
5305 off_nl = 18;
5306 break;
5307
5308 default:
5309 bpf_error("no VLAN support for data link type %d",
5310 linktype);
5311 /*NOTREACHED*/
5312 }
5313 }
5314
5315 /* check for VLAN */
5316 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q);
5317
5318 /* If a specific VLAN is requested, check VLAN id */
5319 if (vlan_num >= 0) {
5320 struct block *b1;
5321
5322 b1 = gen_mcmp(orig_nl, BPF_H, (bpf_int32)vlan_num, 0x0fff);
5323 gen_and(b0, b1);
5324 b0 = b1;
5325 }
5326
5327 return (b0);
5328 }
5329
5330 /*
5331 * support for MPLS
5332 */
5333 struct block *
5334 gen_mpls(label_num)
5335 int label_num;
5336 {
5337 struct block *b0;
5338
5339 /*
5340 * Change the offsets to point to the type and data fields within
5341 * the MPLS packet. This is somewhat of a kludge.
5342 */
5343 if (orig_nl == (u_int)-1) {
5344 orig_linktype = off_linktype; /* save original values */
5345 orig_nl = off_nl;
5346 orig_nl_nosnap = off_nl_nosnap;
5347
5348 switch (linktype) {
5349
5350 case DLT_EN10MB:
5351 off_linktype = 16;
5352 off_nl_nosnap = 18;
5353 off_nl = 18;
5354
5355 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_MPLS);
5356 break;
5357
5358 case DLT_PPP:
5359 off_linktype = 6;
5360 off_nl_nosnap = 8;
5361 off_nl = 8;
5362
5363 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)PPP_MPLS_UCAST);
5364 break;
5365
5366 case DLT_C_HDLC:
5367 off_linktype = 6;
5368 off_nl_nosnap = 8;
5369 off_nl = 8;
5370
5371 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_MPLS);
5372 break;
5373
5374 /* FIXME add other DLT_s ...
5375 * for Frame-Relay/and ATM this may get messy due to SNAP headers
5376 * leave it for now */
5377
5378 default:
5379 bpf_error("no MPLS support for data link type %d",
5380 linktype);
5381 /*NOTREACHED*/
5382 }
5383 } else {
5384 bpf_error("'mpls' can't be combined with 'vlan' or another 'mpls'");
5385 /*NOTREACHED*/
5386 }
5387
5388 /* If a specific MPLS label is requested, check it */
5389 if (label_num >= 0) {
5390 struct block *b1;
5391
5392 label_num = label_num << 12; /* label is shifted 12 bits on the wire */
5393 b1 = gen_mcmp(orig_nl, BPF_W, (bpf_int32)label_num, 0xfffff000); /* only compare the first 20 bits */
5394 gen_and(b0, b1);
5395 b0 = b1;
5396 }
5397
5398 return (b0);
5399 }
5400
5401 struct block *
5402 gen_atmfield_code(atmfield, jvalue, jtype, reverse)
5403 int atmfield;
5404 bpf_u_int32 jvalue;
5405 bpf_u_int32 jtype;
5406 int reverse;
5407 {
5408 struct block *b0;
5409
5410 switch (atmfield) {
5411
5412 case A_VPI:
5413 if (!is_atm)
5414 bpf_error("'vpi' supported only on raw ATM");
5415 if (off_vpi == (u_int)-1)
5416 abort();
5417 b0 = gen_ncmp(BPF_B, off_vpi, 0xffffffff, (u_int)jtype,
5418 (u_int)jvalue, reverse);
5419 break;
5420
5421 case A_VCI:
5422 if (!is_atm)
5423 bpf_error("'vci' supported only on raw ATM");
5424 if (off_vci == (u_int)-1)
5425 abort();
5426 b0 = gen_ncmp(BPF_H, off_vci, 0xffffffff, (u_int)jtype,
5427 (u_int)jvalue, reverse);
5428 break;
5429
5430 case A_PROTOTYPE:
5431 if (off_proto == (u_int)-1)
5432 abort(); /* XXX - this isn't on FreeBSD */
5433 b0 = gen_ncmp(BPF_B, off_proto, 0x0f, (u_int)jtype,
5434 (u_int)jvalue, reverse);
5435 break;
5436
5437 case A_MSGTYPE:
5438 if (off_payload == (u_int)-1)
5439 abort();
5440 b0 = gen_ncmp(BPF_B, off_payload + MSG_TYPE_POS, 0xffffffff,
5441 (u_int)jtype, (u_int)jvalue, reverse);
5442 break;
5443
5444 case A_CALLREFTYPE:
5445 if (!is_atm)
5446 bpf_error("'callref' supported only on raw ATM");
5447 if (off_proto == (u_int)-1)
5448 abort();
5449 b0 = gen_ncmp(BPF_B, off_proto, 0xffffffff, (u_int)jtype,
5450 (u_int)jvalue, reverse);
5451 break;
5452
5453 default:
5454 abort();
5455 }
5456 return b0;
5457 }
5458
5459 struct block *
5460 gen_atmtype_abbrev(type)
5461 int type;
5462 {
5463 struct block *b0, *b1;
5464
5465 switch (type) {
5466
5467 case A_METAC:
5468 /* Get all packets in Meta signalling Circuit */
5469 if (!is_atm)
5470 bpf_error("'metac' supported only on raw ATM");
5471 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5472 b1 = gen_atmfield_code(A_VCI, 1, BPF_JEQ, 0);
5473 gen_and(b0, b1);
5474 break;
5475
5476 case A_BCC:
5477 /* Get all packets in Broadcast Circuit*/
5478 if (!is_atm)
5479 bpf_error("'bcc' supported only on raw ATM");
5480 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5481 b1 = gen_atmfield_code(A_VCI, 2, BPF_JEQ, 0);
5482 gen_and(b0, b1);
5483 break;
5484
5485 case A_OAMF4SC:
5486 /* Get all cells in Segment OAM F4 circuit*/
5487 if (!is_atm)
5488 bpf_error("'oam4sc' supported only on raw ATM");
5489 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5490 b1 = gen_atmfield_code(A_VCI, 3, BPF_JEQ, 0);
5491 gen_and(b0, b1);
5492 break;
5493
5494 case A_OAMF4EC:
5495 /* Get all cells in End-to-End OAM F4 Circuit*/
5496 if (!is_atm)
5497 bpf_error("'oam4ec' supported only on raw ATM");
5498 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5499 b1 = gen_atmfield_code(A_VCI, 4, BPF_JEQ, 0);
5500 gen_and(b0, b1);
5501 break;
5502
5503 case A_SC:
5504 /* Get all packets in connection Signalling Circuit */
5505 if (!is_atm)
5506 bpf_error("'sc' supported only on raw ATM");
5507 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5508 b1 = gen_atmfield_code(A_VCI, 5, BPF_JEQ, 0);
5509 gen_and(b0, b1);
5510 break;
5511
5512 case A_ILMIC:
5513 /* Get all packets in ILMI Circuit */
5514 if (!is_atm)
5515 bpf_error("'ilmic' supported only on raw ATM");
5516 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5517 b1 = gen_atmfield_code(A_VCI, 16, BPF_JEQ, 0);
5518 gen_and(b0, b1);
5519 break;
5520
5521 case A_LANE:
5522 /* Get all LANE packets */
5523 if (!is_atm)
5524 bpf_error("'lane' supported only on raw ATM");
5525 b1 = gen_atmfield_code(A_PROTOTYPE, PT_LANE, BPF_JEQ, 0);
5526
5527 /*
5528 * Arrange that all subsequent tests assume LANE
5529 * rather than LLC-encapsulated packets, and set
5530 * the offsets appropriately for LANE-encapsulated
5531 * Ethernet.
5532 *
5533 * "off_mac" is the offset of the Ethernet header,
5534 * which is 2 bytes past the ATM pseudo-header
5535 * (skipping the pseudo-header and 2-byte LE Client
5536 * field). The other offsets are Ethernet offsets
5537 * relative to "off_mac".
5538 */
5539 is_lane = 1;
5540 off_mac = off_payload + 2; /* MAC header */
5541 off_linktype = off_mac + 12;
5542 off_nl = off_mac + 14; /* Ethernet II */
5543 off_nl_nosnap = off_mac + 17; /* 802.3+802.2 */
5544 break;
5545
5546 case A_LLC:
5547 /* Get all LLC-encapsulated packets */
5548 if (!is_atm)
5549 bpf_error("'llc' supported only on raw ATM");
5550 b1 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0);
5551 is_lane = 0;
5552 break;
5553
5554 default:
5555 abort();
5556 }
5557 return b1;
5558 }
5559
5560
5561 static struct block *
5562 gen_msg_abbrev(type)
5563 int type;
5564 {
5565 struct block *b1;
5566
5567 /*
5568 * Q.2931 signalling protocol messages for handling virtual circuits
5569 * establishment and teardown
5570 */
5571 switch (type) {
5572
5573 case A_SETUP:
5574 b1 = gen_atmfield_code(A_MSGTYPE, SETUP, BPF_JEQ, 0);
5575 break;
5576
5577 case A_CALLPROCEED:
5578 b1 = gen_atmfield_code(A_MSGTYPE, CALL_PROCEED, BPF_JEQ, 0);
5579 break;
5580
5581 case A_CONNECT:
5582 b1 = gen_atmfield_code(A_MSGTYPE, CONNECT, BPF_JEQ, 0);
5583 break;
5584
5585 case A_CONNECTACK:
5586 b1 = gen_atmfield_code(A_MSGTYPE, CONNECT_ACK, BPF_JEQ, 0);
5587 break;
5588
5589 case A_RELEASE:
5590 b1 = gen_atmfield_code(A_MSGTYPE, RELEASE, BPF_JEQ, 0);
5591 break;
5592
5593 case A_RELEASE_DONE:
5594 b1 = gen_atmfield_code(A_MSGTYPE, RELEASE_DONE, BPF_JEQ, 0);
5595 break;
5596
5597 default:
5598 abort();
5599 }
5600 return b1;
5601 }
5602
5603 struct block *
5604 gen_atmmulti_abbrev(type)
5605 int type;
5606 {
5607 struct block *b0, *b1;
5608
5609 switch (type) {
5610
5611 case A_OAM:
5612 if (!is_atm)
5613 bpf_error("'oam' supported only on raw ATM");
5614 b1 = gen_atmmulti_abbrev(A_OAMF4);
5615 break;
5616
5617 case A_OAMF4:
5618 if (!is_atm)
5619 bpf_error("'oamf4' supported only on raw ATM");
5620 /* OAM F4 type */
5621 b0 = gen_atmfield_code(A_VCI, 3, BPF_JEQ, 0);
5622 b1 = gen_atmfield_code(A_VCI, 4, BPF_JEQ, 0);
5623 gen_or(b0, b1);
5624 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5625 gen_and(b0, b1);
5626 break;
5627
5628 case A_CONNECTMSG:
5629 /*
5630 * Get Q.2931 signalling messages for switched
5631 * virtual connection
5632 */
5633 if (!is_atm)
5634 bpf_error("'connectmsg' supported only on raw ATM");
5635 b0 = gen_msg_abbrev(A_SETUP);
5636 b1 = gen_msg_abbrev(A_CALLPROCEED);
5637 gen_or(b0, b1);
5638 b0 = gen_msg_abbrev(A_CONNECT);
5639 gen_or(b0, b1);
5640 b0 = gen_msg_abbrev(A_CONNECTACK);
5641 gen_or(b0, b1);
5642 b0 = gen_msg_abbrev(A_RELEASE);
5643 gen_or(b0, b1);
5644 b0 = gen_msg_abbrev(A_RELEASE_DONE);
5645 gen_or(b0, b1);
5646 b0 = gen_atmtype_abbrev(A_SC);
5647 gen_and(b0, b1);
5648 break;
5649
5650 case A_METACONNECT:
5651 if (!is_atm)
5652 bpf_error("'metaconnect' supported only on raw ATM");
5653 b0 = gen_msg_abbrev(A_SETUP);
5654 b1 = gen_msg_abbrev(A_CALLPROCEED);
5655 gen_or(b0, b1);
5656 b0 = gen_msg_abbrev(A_CONNECT);
5657 gen_or(b0, b1);
5658 b0 = gen_msg_abbrev(A_RELEASE);
5659 gen_or(b0, b1);
5660 b0 = gen_msg_abbrev(A_RELEASE_DONE);
5661 gen_or(b0, b1);
5662 b0 = gen_atmtype_abbrev(A_METAC);
5663 gen_and(b0, b1);
5664 break;
5665
5666 default:
5667 abort();
5668 }
5669 return b1;
5670 }
[mirror] the LIBpcap interface to various kernel packet capture mechanism