]> The Tcpdump Group git mirrors - libpcap/blob - gencode.c
projects / libpcap / blob


465cba1fbcaed4f47debf589a1f02265a4ea8061
[libpcap] / gencode.c
1 /*#define CHASE_CHAIN*/
2 /*
3 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998
4 * The Regents of the University of California. All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that: (1) source code distributions
8 * retain the above copyright notice and this paragraph in its entirety, (2)
9 * distributions including binary code include the above copyright notice and
10 * this paragraph in its entirety in the documentation or other materials
11 * provided with the distribution, and (3) all advertising materials mentioning
12 * features or use of this software display the following acknowledgement:
13 * ``This product includes software developed by the University of California,
14 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
15 * the University nor the names of its contributors may be used to endorse
16 * or promote products derived from this software without specific prior
17 * written permission.
18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
19 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
20 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
21 */
22 #ifndef lint
23 static const char rcsid[] =
24 "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.142 2001-01-14 05:30:07 guy Exp $ (LBL)";
25 #endif
26
27 #ifdef HAVE_CONFIG_H
28 #include "config.h"
29 #endif
30
31 #include <sys/types.h>
32 #include <sys/socket.h>
33 #include <sys/time.h>
34 #ifdef __NetBSD__
35 #include <sys/param.h>
36 #endif
37
38 struct mbuf;
39 struct rtentry;
40 #include <net/if.h>
41
42 #include <netinet/in.h>
43
44 #include <stdlib.h>
45 #include <string.h>
46 #include <memory.h>
47 #include <setjmp.h>
48 #include <stdarg.h>
49
50 #include "pcap-int.h"
51
52 #include "ethertype.h"
53 #include "nlpid.h"
54 #include "gencode.h"
55 #include "ppp.h"
56 #include "sll.h"
57 #include <pcap-namedb.h>
58 #ifdef INET6
59 #include <netdb.h>
60 #include <sys/socket.h>
61 #endif /*INET6*/
62
63 /*
64 * LLC SAP values.
65 * Note that these fit in one byte, and are thus less than 1500, and
66 * are thus distinguishable from ETHERTYPE_ values, so we can use them
67 * as protocol types values.
68 */
69 #define LLC_SNAP_LSAP 0xaa
70 #define LLC_ISO_LSAP 0xfe
71 #define LLC_STP_LSAP 0x42
72
73 #define ETHERMTU 1500
74
75 #ifdef HAVE_OS_PROTO_H
76 #include "os-proto.h"
77 #endif
78
79 #define JMP(c) ((c)|BPF_JMP|BPF_K)
80
81 /* Locals */
82 static jmp_buf top_ctx;
83 static pcap_t *bpf_pcap;
84
85 /* XXX */
86 #ifdef PCAP_FDDIPAD
87 int pcap_fddipad = PCAP_FDDIPAD;
88 #else
89 int pcap_fddipad;
90 #endif
91
92 /* VARARGS */
93 void
94 bpf_error(const char *fmt, ...)
95
96 {
97 va_list ap;
98
99 va_start(ap, fmt);
100 if (bpf_pcap != NULL)
101 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE,
102 fmt, ap);
103 va_end(ap);
104 longjmp(top_ctx, 1);
105 /* NOTREACHED */
106 }
107
108 static void init_linktype(int);
109
110 static int alloc_reg(void);
111 static void free_reg(int);
112
113 static struct block *root;
114
115 /*
116 * We divy out chunks of memory rather than call malloc each time so
117 * we don't have to worry about leaking memory. It's probably
118 * not a big deal if all this memory was wasted but it this ever
119 * goes into a library that would probably not be a good idea.
120 */
121 #define NCHUNKS 16
122 #define CHUNK0SIZE 1024
123 struct chunk {
124 u_int n_left;
125 void *m;
126 };
127
128 static struct chunk chunks[NCHUNKS];
129 static int cur_chunk;
130
131 static void *newchunk(u_int);
132 static void freechunks(void);
133 static inline struct block *new_block(int);
134 static inline struct slist *new_stmt(int);
135 static struct block *gen_retblk(int);
136 static inline void syntax(void);
137
138 static void backpatch(struct block *, struct block *);
139 static void merge(struct block *, struct block *);
140 static struct block *gen_cmp(u_int, u_int, bpf_int32);
141 static struct block *gen_cmp_gt(u_int, u_int, bpf_int32);
142 static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32);
143 static struct block *gen_bcmp(u_int, u_int, const u_char *);
144 static struct block *gen_uncond(int);
145 static inline struct block *gen_true(void);
146 static inline struct block *gen_false(void);
147 static struct block *gen_linktype(int);
148 static struct block *gen_snap(bpf_u_int32, bpf_u_int32, u_int);
149 static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int);
150 #ifdef INET6
151 static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int);
152 #endif
153 static struct block *gen_ehostop(const u_char *, int);
154 static struct block *gen_fhostop(const u_char *, int);
155 static struct block *gen_thostop(const u_char *, int);
156 static struct block *gen_dnhostop(bpf_u_int32, int, u_int);
157 static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int);
158 #ifdef INET6
159 static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int);
160 #endif
161 #ifndef INET6
162 static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int);
163 #endif
164 static struct block *gen_ipfrag(void);
165 static struct block *gen_portatom(int, bpf_int32);
166 #ifdef INET6
167 static struct block *gen_portatom6(int, bpf_int32);
168 #endif
169 struct block *gen_portop(int, int, int);
170 static struct block *gen_port(int, int, int);
171 #ifdef INET6
172 struct block *gen_portop6(int, int, int);
173 static struct block *gen_port6(int, int, int);
174 #endif
175 static int lookup_proto(const char *, int);
176 static struct block *gen_protochain(int, int, int);
177 static struct block *gen_proto(int, int, int);
178 static struct slist *xfer_to_x(struct arth *);
179 static struct slist *xfer_to_a(struct arth *);
180 static struct block *gen_len(int, int);
181
182 static void *
183 newchunk(n)
184 u_int n;
185 {
186 struct chunk *cp;
187 int k, size;
188
189 #ifndef __NetBSD__
190 /* XXX Round up to nearest long. */
191 n = (n + sizeof(long) - 1) & ~(sizeof(long) - 1);
192 #else
193 /* XXX Round up to structure boundary. */
194 n = ALIGN(n);
195 #endif
196
197 cp = &chunks[cur_chunk];
198 if (n > cp->n_left) {
199 ++cp, k = ++cur_chunk;
200 if (k >= NCHUNKS)
201 bpf_error("out of memory");
202 size = CHUNK0SIZE << k;
203 cp->m = (void *)malloc(size);
204 memset((char *)cp->m, 0, size);
205 cp->n_left = size;
206 if (n > size)
207 bpf_error("out of memory");
208 }
209 cp->n_left -= n;
210 return (void *)((char *)cp->m + cp->n_left);
211 }
212
213 static void
214 freechunks()
215 {
216 int i;
217
218 cur_chunk = 0;
219 for (i = 0; i < NCHUNKS; ++i)
220 if (chunks[i].m != NULL) {
221 free(chunks[i].m);
222 chunks[i].m = NULL;
223 }
224 }
225
226 /*
227 * A strdup whose allocations are freed after code generation is over.
228 */
229 char *
230 sdup(s)
231 register const char *s;
232 {
233 int n = strlen(s) + 1;
234 char *cp = newchunk(n);
235
236 strlcpy(cp, s, n);
237 return (cp);
238 }
239
240 static inline struct block *
241 new_block(code)
242 int code;
243 {
244 struct block *p;
245
246 p = (struct block *)newchunk(sizeof(*p));
247 p->s.code = code;
248 p->head = p;
249
250 return p;
251 }
252
253 static inline struct slist *
254 new_stmt(code)
255 int code;
256 {
257 struct slist *p;
258
259 p = (struct slist *)newchunk(sizeof(*p));
260 p->s.code = code;
261
262 return p;
263 }
264
265 static struct block *
266 gen_retblk(v)
267 int v;
268 {
269 struct block *b = new_block(BPF_RET|BPF_K);
270
271 b->s.k = v;
272 return b;
273 }
274
275 static inline void
276 syntax()
277 {
278 bpf_error("syntax error in filter expression");
279 }
280
281 static bpf_u_int32 netmask;
282 static int snaplen;
283 int no_optimize;
284
285 int
286 pcap_compile(pcap_t *p, struct bpf_program *program,
287 char *buf, int optimize, bpf_u_int32 mask)
288 {
289 extern int n_errors;
290 int len;
291
292 no_optimize = 0;
293 n_errors = 0;
294 root = NULL;
295 bpf_pcap = p;
296 if (setjmp(top_ctx)) {
297 lex_cleanup();
298 freechunks();
299 return (-1);
300 }
301
302 netmask = mask;
303
304 snaplen = pcap_snapshot(p);
305 if (snaplen == 0) {
306 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
307 "snaplen of 0 rejects all packets");
308 return -1;
309 }
310
311 lex_init(buf ? buf : "");
312 init_linktype(pcap_datalink(p));
313 (void)pcap_parse();
314
315 if (n_errors)
316 syntax();
317
318 if (root == NULL)
319 root = gen_retblk(snaplen);
320
321 if (optimize && !no_optimize) {
322 bpf_optimize(&root);
323 if (root == NULL ||
324 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0))
325 bpf_error("expression rejects all packets");
326 }
327 program->bf_insns = icode_to_fcode(root, &len);
328 program->bf_len = len;
329
330 lex_cleanup();
331 freechunks();
332 return (0);
333 }
334
335 /*
336 * entry point for using the compiler with no pcap open
337 * pass in all the stuff that is needed explicitly instead.
338 */
339 int
340 pcap_compile_nopcap(int snaplen_arg, int linktype_arg,
341 struct bpf_program *program,
342 char *buf, int optimize, bpf_u_int32 mask)
343 {
344 pcap_t *p;
345 int ret;
346
347 p = pcap_open_dead(linktype_arg, snaplen_arg);
348 if (p == NULL)
349 return (-1);
350 ret = pcap_compile(p, program, buf, optimize, mask);
351 pcap_close(p);
352 return (ret);
353 }
354
355 /*
356 * Clean up a "struct bpf_program" by freeing all the memory allocated
357 * in it.
358 */
359 void
360 pcap_freecode(struct bpf_program *program)
361 {
362 program->bf_len = 0;
363 if (program->bf_insns != NULL) {
364 free((char *)program->bf_insns);
365 program->bf_insns = NULL;
366 }
367 }
368
369 /*
370 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates
371 * which of the jt and jf fields has been resolved and which is a pointer
372 * back to another unresolved block (or nil). At least one of the fields
373 * in each block is already resolved.
374 */
375 static void
376 backpatch(list, target)
377 struct block *list, *target;
378 {
379 struct block *next;
380
381 while (list) {
382 if (!list->sense) {
383 next = JT(list);
384 JT(list) = target;
385 } else {
386 next = JF(list);
387 JF(list) = target;
388 }
389 list = next;
390 }
391 }
392
393 /*
394 * Merge the lists in b0 and b1, using the 'sense' field to indicate
395 * which of jt and jf is the link.
396 */
397 static void
398 merge(b0, b1)
399 struct block *b0, *b1;
400 {
401 register struct block **p = &b0;
402
403 /* Find end of list. */
404 while (*p)
405 p = !((*p)->sense) ? &JT(*p) : &JF(*p);
406
407 /* Concatenate the lists. */
408 *p = b1;
409 }
410
411 void
412 finish_parse(p)
413 struct block *p;
414 {
415 backpatch(p, gen_retblk(snaplen));
416 p->sense = !p->sense;
417 backpatch(p, gen_retblk(0));
418 root = p->head;
419 }
420
421 void
422 gen_and(b0, b1)
423 struct block *b0, *b1;
424 {
425 backpatch(b0, b1->head);
426 b0->sense = !b0->sense;
427 b1->sense = !b1->sense;
428 merge(b1, b0);
429 b1->sense = !b1->sense;
430 b1->head = b0->head;
431 }
432
433 void
434 gen_or(b0, b1)
435 struct block *b0, *b1;
436 {
437 b0->sense = !b0->sense;
438 backpatch(b0, b1->head);
439 b0->sense = !b0->sense;
440 merge(b1, b0);
441 b1->head = b0->head;
442 }
443
444 void
445 gen_not(b)
446 struct block *b;
447 {
448 b->sense = !b->sense;
449 }
450
451 static struct block *
452 gen_cmp(offset, size, v)
453 u_int offset, size;
454 bpf_int32 v;
455 {
456 struct slist *s;
457 struct block *b;
458
459 s = new_stmt(BPF_LD|BPF_ABS|size);
460 s->s.k = offset;
461
462 b = new_block(JMP(BPF_JEQ));
463 b->stmts = s;
464 b->s.k = v;
465
466 return b;
467 }
468
469 static struct block *
470 gen_cmp_gt(offset, size, v)
471 u_int offset, size;
472 bpf_int32 v;
473 {
474 struct slist *s;
475 struct block *b;
476
477 s = new_stmt(BPF_LD|BPF_ABS|size);
478 s->s.k = offset;
479
480 b = new_block(JMP(BPF_JGT));
481 b->stmts = s;
482 b->s.k = v;
483
484 return b;
485 }
486
487 static struct block *
488 gen_mcmp(offset, size, v, mask)
489 u_int offset, size;
490 bpf_int32 v;
491 bpf_u_int32 mask;
492 {
493 struct block *b = gen_cmp(offset, size, v);
494 struct slist *s;
495
496 if (mask != 0xffffffff) {
497 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
498 s->s.k = mask;
499 b->stmts->next = s;
500 }
501 return b;
502 }
503
504 static struct block *
505 gen_bcmp(offset, size, v)
506 register u_int offset, size;
507 register const u_char *v;
508 {
509 register struct block *b, *tmp;
510
511 b = NULL;
512 while (size >= 4) {
513 register const u_char *p = &v[size - 4];
514 bpf_int32 w = ((bpf_int32)p[0] << 24) |
515 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3];
516
517 tmp = gen_cmp(offset + size - 4, BPF_W, w);
518 if (b != NULL)
519 gen_and(b, tmp);
520 b = tmp;
521 size -= 4;
522 }
523 while (size >= 2) {
524 register const u_char *p = &v[size - 2];
525 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1];
526
527 tmp = gen_cmp(offset + size - 2, BPF_H, w);
528 if (b != NULL)
529 gen_and(b, tmp);
530 b = tmp;
531 size -= 2;
532 }
533 if (size > 0) {
534 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]);
535 if (b != NULL)
536 gen_and(b, tmp);
537 b = tmp;
538 }
539 return b;
540 }
541
542 /*
543 * Various code constructs need to know the layout of the data link
544 * layer. These variables give the necessary offsets. off_linktype
545 * is set to -1 for no encapsulation, in which case, IP is assumed.
546 */
547 static u_int off_linktype;
548 static u_int off_nl;
549 static int linktype;
550
551 static void
552 init_linktype(type)
553 int type;
554 {
555 linktype = type;
556
557 switch (type) {
558
559 case DLT_EN10MB:
560 off_linktype = 12;
561 off_nl = 14;
562 return;
563
564 case DLT_SLIP:
565 /*
566 * SLIP doesn't have a link level type. The 16 byte
567 * header is hacked into our SLIP driver.
568 */
569 off_linktype = -1;
570 off_nl = 16;
571 return;
572
573 case DLT_SLIP_BSDOS:
574 /* XXX this may be the same as the DLT_PPP_BSDOS case */
575 off_linktype = -1;
576 /* XXX end */
577 off_nl = 24;
578 return;
579
580 case DLT_NULL:
581 case DLT_LOOP:
582 off_linktype = 0;
583 off_nl = 4;
584 return;
585
586 case DLT_PPP:
587 case DLT_C_HDLC:
588 case DLT_PPP_SERIAL:
589 off_linktype = 2;
590 off_nl = 4;
591 return;
592
593 case DLT_PPP_BSDOS:
594 off_linktype = 5;
595 off_nl = 24;
596 return;
597
598 case DLT_FDDI:
599 /*
600 * FDDI doesn't really have a link-level type field.
601 * We set "off_linktype" to the offset of the LLC header.
602 *
603 * To check for Ethernet types, we assume that SSAP = SNAP
604 * is being used and pick out the encapsulated Ethernet type.
605 * XXX - should we generate code to check for SNAP?
606 */
607 off_linktype = 13;
608 #ifdef PCAP_FDDIPAD
609 off_linktype += pcap_fddipad;
610 #endif
611 off_nl = 21;
612 #ifdef PCAP_FDDIPAD
613 off_nl += pcap_fddipad;
614 #endif
615 return;
616
617 case DLT_IEEE802:
618 /*
619 * Token Ring doesn't really have a link-level type field.
620 * We set "off_linktype" to the offset of the LLC header.
621 *
622 * To check for Ethernet types, we assume that SSAP = SNAP
623 * is being used and pick out the encapsulated Ethernet type.
624 * XXX - should we generate code to check for SNAP?
625 *
626 * XXX - the header is actually variable-length.
627 * Some various Linux patched versions gave 38
628 * as "off_linktype" and 40 as "off_nl"; however,
629 * if a token ring packet has *no* routing
630 * information, i.e. is not source-routed, the correct
631 * values are 20 and 22, as they are in the vanilla code.
632 *
633 * A packet is source-routed iff the uppermost bit
634 * of the first byte of the source address, at an
635 * offset of 8, has the uppermost bit set. If the
636 * packet is source-routed, the total number of bytes
637 * of routing information is 2 plus bits 0x1F00 of
638 * the 16-bit value at an offset of 14 (shifted right
639 * 8 - figure out which byte that is).
640 */
641 off_linktype = 14;
642 off_nl = 22;
643 return;
644
645 case DLT_ATM_RFC1483:
646 /*
647 * assume routed, non-ISO PDUs
648 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00)
649 */
650 off_linktype = 6;
651 off_nl = 8;
652 return;
653
654 case DLT_RAW:
655 off_linktype = -1;
656 off_nl = 0;
657 return;
658
659 case DLT_ATM_CLIP: /* Linux ATM defines this */
660 off_linktype = 6;
661 off_nl = 8;
662 return;
663
664 case DLT_LINUX_SLL: /* fake header for Linux cooked socket */
665 off_linktype = 14;
666 off_nl = 16;
667 return;
668 }
669 bpf_error("unknown data link type %d", linktype);
670 /* NOTREACHED */
671 }
672
673 static struct block *
674 gen_uncond(rsense)
675 int rsense;
676 {
677 struct block *b;
678 struct slist *s;
679
680 s = new_stmt(BPF_LD|BPF_IMM);
681 s->s.k = !rsense;
682 b = new_block(JMP(BPF_JEQ));
683 b->stmts = s;
684
685 return b;
686 }
687
688 static inline struct block *
689 gen_true()
690 {
691 return gen_uncond(1);
692 }
693
694 static inline struct block *
695 gen_false()
696 {
697 return gen_uncond(0);
698 }
699
700 /*
701 * Byte-swap a 32-bit number.
702 * ("htonl()" or "ntohl()" won't work - we want to byte-swap even on
703 * big-endian platforms.)
704 */
705 #define SWAPLONG(y) \
706 ((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff))
707
708 static struct block *
709 gen_linktype(proto)
710 register int proto;
711 {
712 struct block *b0, *b1;
713
714 switch (linktype) {
715
716 case DLT_EN10MB:
717 switch (proto) {
718
719 case LLC_ISO_LSAP:
720 /*
721 * OSI protocols always use 802.2 encapsulation.
722 * XXX - should we check both the DSAP and the
723 * LSAP, like this, or should we check just the
724 * DSAP?
725 */
726 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
727 gen_not(b0);
728 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
729 ((LLC_ISO_LSAP << 8) | LLC_ISO_LSAP));
730 gen_and(b0, b1);
731 return b1;
732
733 case ETHERTYPE_ATALK:
734 case ETHERTYPE_AARP:
735 /*
736 * EtherTalk (AppleTalk protocols on Ethernet link
737 * layer) may use 802.2 encapsulation.
738 */
739
740 /*
741 * Check for 802.2 encapsulation (EtherTalk phase 2?);
742 * we check for an Ethernet type field less than
743 * 1500, which means it's an 802.3 length field.
744 */
745 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
746 gen_not(b0);
747
748 /*
749 * 802.2-encapsulated ETHERTYPE_ATALK packets are
750 * SNAP packets with an organization code of
751 * 0x080007 (Apple, for Appletalk) and a protocol
752 * type of ETHERTYPE_ATALK (Appletalk).
753 *
754 * 802.2-encapsulated ETHERTYPE_AARP packets are
755 * SNAP packets with an organization code of
756 * 0x000000 (encapsulated Ethernet) and a protocol
757 * type of ETHERTYPE_AARP (Appletalk ARP).
758 */
759 if (proto == ETHERTYPE_ATALK)
760 b1 = gen_snap(0x080007, ETHERTYPE_ATALK, 14);
761 else /* proto == ETHERTYPE_AARP */
762 b1 = gen_snap(0x000000, ETHERTYPE_AARP, 14);
763 gen_and(b0, b1);
764
765 /*
766 * Check for Ethernet encapsulation (Ethertalk
767 * phase 1?); we just check for the Ethernet
768 * protocol type.
769 */
770 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
771
772 gen_or(b0, b1);
773 return b1;
774
775 default:
776 if (proto <= ETHERMTU) {
777 /*
778 * This is an LLC SAP value, so the frames
779 * that match would be 802.2 frames.
780 * Check that the frame is an 802.2 frame
781 * (i.e., that the length/type field is
782 * a length field, <= ETHERMTU) and
783 * then check the DSAP.
784 */
785 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
786 gen_not(b0);
787 b1 = gen_cmp(off_linktype + 2, BPF_B,
788 (bpf_int32)proto);
789 gen_and(b0, b1);
790 return b1;
791 } else {
792 /*
793 * This is an Ethernet type, so compare
794 * the length/type field with it (if
795 * the frame is an 802.2 frame, the length
796 * field will be <= ETHERMTU, and, as
797 * "proto" is > ETHERMTU, this test
798 * will fail and the frame won't match,
799 * which is what we want).
800 */
801 return gen_cmp(off_linktype, BPF_H,
802 (bpf_int32)proto);
803 }
804 }
805 break;
806
807 case DLT_FDDI:
808 case DLT_IEEE802:
809 case DLT_ATM_RFC1483:
810 case DLT_ATM_CLIP:
811 /*
812 * XXX - handle token-ring variable-length header.
813 */
814 switch (proto) {
815
816 case LLC_ISO_LSAP:
817 return gen_cmp(off_linktype, BPF_H, (long)
818 ((LLC_ISO_LSAP << 8) | LLC_ISO_LSAP));
819
820 case ETHERTYPE_ATALK:
821 /*
822 * 802.2-encapsulated ETHERTYPE_ATALK packets are
823 * SNAP packets with an organization code of
824 * 0x080007 (Apple, for Appletalk) and a protocol
825 * type of ETHERTYPE_ATALK (Appletalk).
826 *
827 * XXX - check for an organization code of
828 * encapsulated Ethernet as well?
829 */
830 return gen_snap(0x080007, ETHERTYPE_ATALK,
831 off_linktype);
832 break;
833
834 default:
835 if (proto <= ETHERMTU) {
836 /*
837 * This is an LLC SAP value, so check
838 * the DSAP.
839 */
840 return gen_cmp(off_linktype, BPF_B,
841 (bpf_int32)proto);
842 } else {
843 /*
844 * This is an Ethernet type; we assume
845 * that it's unlikely that it'll
846 * appear in the right place at random,
847 * and therefore check only the
848 * location that would hold the Ethernet
849 * type in a SNAP frame with an organization
850 * code of 0x000000 (encapsulated Ethernet).
851 *
852 * XXX - if we were to check for the SNAP DSAP
853 * and LSAP, as per XXX, and were also to check
854 * for an organization code of 0x000000
855 * (encapsulated Ethernet), we'd do
856 *
857 * return gen_snap(0x000000, proto,
858 * off_linktype);
859 *
860 * here; for now, we don't, as per the above.
861 * I don't know whether it's worth the
862 * extra CPU time to do the right check
863 * or not.
864 */
865 return gen_cmp(off_linktype+6, BPF_H,
866 (bpf_int32)proto);
867 }
868 }
869 break;
870
871 case DLT_LINUX_SLL:
872 switch (proto) {
873
874 case LLC_ISO_LSAP:
875 /*
876 * OSI protocols always use 802.2 encapsulation.
877 * XXX - should we check both the DSAP and the
878 * LSAP, like this, or should we check just the
879 * DSAP?
880 */
881 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
882 gen_not(b0);
883 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
884 ((LLC_ISO_LSAP << 8) | LLC_ISO_LSAP));
885 gen_and(b0, b1);
886 return b1;
887
888 case ETHERTYPE_ATALK:
889 case ETHERTYPE_AARP:
890 /*
891 * EtherTalk (AppleTalk protocols on Ethernet link
892 * layer) may use 802.2 encapsulation.
893 */
894
895 /*
896 * Check for 802.2 encapsulation (EtherTalk phase 2?);
897 * we check for the 802.2 protocol type in the
898 * "Ethernet type" field.
899 */
900 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
901
902 /*
903 * 802.2-encapsulated ETHERTYPE_ATALK packets are
904 * SNAP packets with an organization code of
905 * 0x080007 (Apple, for Appletalk) and a protocol
906 * type of ETHERTYPE_ATALK (Appletalk).
907 *
908 * 802.2-encapsulated ETHERTYPE_AARP packets are
909 * SNAP packets with an organization code of
910 * 0x000000 (encapsulated Ethernet) and a protocol
911 * type of ETHERTYPE_AARP (Appletalk ARP).
912 */
913 if (proto == ETHERTYPE_ATALK)
914 b1 = gen_snap(0x080007, ETHERTYPE_ATALK,
915 off_linktype + 2);
916 else /* proto == ETHERTYPE_AARP */
917 b1 = gen_snap(0x000000, ETHERTYPE_AARP,
918 off_linktype + 2);
919 gen_and(b0, b1);
920
921 /*
922 * Check for Ethernet encapsulation (Ethertalk
923 * phase 1?); we just check for the Ethernet
924 * protocol type.
925 */
926 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
927
928 gen_or(b0, b1);
929 return b1;
930
931 default:
932 if (proto <= ETHERMTU) {
933 /*
934 * This is an LLC SAP value, so the frames
935 * that match would be 802.2 frames.
936 * Check for the 802.2 protocol type
937 * in the "Ethernet type" field, and
938 * then check the DSAP.
939 */
940 b0 = gen_cmp(off_linktype, BPF_H,
941 LINUX_SLL_P_802_2);
942 b1 = gen_cmp(off_linktype + 2, BPF_B,
943 (bpf_int32)proto);
944 gen_and(b0, b1);
945 return b1;
946 } else {
947 /*
948 * This is an Ethernet type, so compare
949 * the length/type field with it (if
950 * the frame is an 802.2 frame, the length
951 * field will be <= ETHERMTU, and, as
952 * "proto" is > ETHERMTU, this test
953 * will fail and the frame won't match,
954 * which is what we want).
955 */
956 return gen_cmp(off_linktype, BPF_H,
957 (bpf_int32)proto);
958 }
959 }
960 break;
961
962 case DLT_SLIP:
963 case DLT_SLIP_BSDOS:
964 case DLT_RAW:
965 /*
966 * These types don't provide any type field; packets
967 * are always IP.
968 *
969 * XXX - for IPv4, check for a version number of 4, and,
970 * for IPv6, check for a version number of 6?
971 */
972 switch (proto) {
973
974 case ETHERTYPE_IP:
975 #ifdef INET6
976 case ETHERTYPE_IPV6:
977 #endif
978 return gen_true(); /* always true */
979
980 default:
981 return gen_false(); /* always false */
982 }
983 break;
984
985 case DLT_PPP:
986 case DLT_PPP_SERIAL:
987 /*
988 * We use Ethernet protocol types inside libpcap;
989 * map them to the corresponding PPP protocol types.
990 */
991 switch (proto) {
992
993 case ETHERTYPE_IP:
994 proto = PPP_IP; /* XXX was 0x21 */
995 break;
996
997 #ifdef INET6
998 case ETHERTYPE_IPV6:
999 proto = PPP_IPV6;
1000 break;
1001 #endif
1002
1003 case ETHERTYPE_DN:
1004 proto = PPP_DECNET;
1005 break;
1006
1007 case ETHERTYPE_ATALK:
1008 proto = PPP_APPLE;
1009 break;
1010
1011 case ETHERTYPE_NS:
1012 proto = PPP_NS;
1013 break;
1014
1015 case LLC_ISO_LSAP:
1016 proto = PPP_OSI;
1017 break;
1018 }
1019 break;
1020
1021 case DLT_PPP_BSDOS:
1022 /*
1023 * We use Ethernet protocol types inside libpcap;
1024 * map them to the corresponding PPP protocol types.
1025 */
1026 switch (proto) {
1027
1028 case ETHERTYPE_IP:
1029 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP);
1030 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC);
1031 gen_or(b0, b1);
1032 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC);
1033 gen_or(b1, b0);
1034 return b0;
1035
1036 #ifdef INET6
1037 case ETHERTYPE_IPV6:
1038 proto = PPP_IPV6;
1039 /* more to go? */
1040 break;
1041 #endif
1042
1043 case ETHERTYPE_DN:
1044 proto = PPP_DECNET;
1045 break;
1046
1047 case ETHERTYPE_ATALK:
1048 proto = PPP_APPLE;
1049 break;
1050
1051 case ETHERTYPE_NS:
1052 proto = PPP_NS;
1053 break;
1054
1055 case LLC_ISO_LSAP:
1056 proto = PPP_OSI;
1057 break;
1058 }
1059 break;
1060
1061 case DLT_NULL:
1062 case DLT_LOOP:
1063 /*
1064 * For DLT_NULL, the link-layer header is a 32-bit
1065 * word containing an AF_ value in *host* byte order.
1066 *
1067 * In addition, if we're reading a saved capture file,
1068 * the host byte order in the capture may not be the
1069 * same as the host byte order on this machine.
1070 *
1071 * For DLT_LOOP, the link-layer header is a 32-bit
1072 * word containing an AF_ value in *network* byte order.
1073 *
1074 * XXX - AF_ values may, unfortunately, be platform-
1075 * dependent; for example, FreeBSD's AF_INET6 is 24
1076 * whilst NetBSD's and OpenBSD's is 26.
1077 *
1078 * This means that, when reading a capture file, just
1079 * checking for our AF_INET6 value won't work if the
1080 * capture file came from another OS.
1081 */
1082 switch (proto) {
1083
1084 case ETHERTYPE_IP:
1085 proto = AF_INET;
1086 break;
1087
1088 #ifdef INET6
1089 case ETHERTYPE_IPV6:
1090 proto = AF_INET6;
1091 break;
1092 #endif
1093
1094 default:
1095 /*
1096 * Not a type on which we support filtering.
1097 * XXX - support those that have AF_ values
1098 * #defined on this platform, at least?
1099 */
1100 return gen_false();
1101 }
1102
1103 if (linktype == DLT_NULL) {
1104 /*
1105 * The AF_ value is in host byte order, but
1106 * the BPF interpreter will convert it to
1107 * network byte order.
1108 *
1109 * If this is a save file, and it's from a
1110 * machine with the opposite byte order to
1111 * ours, we byte-swap the AF_ value.
1112 *
1113 * Then we run it through "htonl()", and
1114 * generate code to compare against the result.
1115 */
1116 if (bpf_pcap->sf.rfile != NULL &&
1117 bpf_pcap->sf.swapped)
1118 proto = SWAPLONG(proto);
1119 proto = htonl(proto);
1120 }
1121 return (gen_cmp(0, BPF_W, (bpf_int32)proto));
1122 }
1123
1124 /*
1125 * All the types that have no encapsulation should either be
1126 * handled as DLT_SLIP, DLT_SLIP_BSDOS, and DLT_RAW are, if
1127 * all packets are IP packets, or should be handled in some
1128 * special case, if none of them are (if some are and some
1129 * aren't, the lack of encapsulation is a problem, as we'd
1130 * have to find some other way of determining the packet type).
1131 *
1132 * Therefore, if "off_linktype" is -1, there's an error.
1133 */
1134 if (off_linktype == -1)
1135 abort();
1136
1137 /*
1138 * Any type not handled above should always have an Ethernet
1139 * type at an offset of "off_linktype".
1140 */
1141 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1142 }
1143
1144 /*
1145 * Check for an LLC SNAP packet with a given organization code and
1146 * protocol type; we check the entire contents of the 802.2 LLC and
1147 * snap headers, checking for DSAP and SSAP of SNAP and a control
1148 * field of 0x03 in the LLC header, and for the specified organization
1149 * code and protocol type in the SNAP header.
1150 */
1151 static struct block *
1152 gen_snap(orgcode, ptype, offset)
1153 bpf_u_int32 orgcode;
1154 bpf_u_int32 ptype;
1155 u_int offset;
1156 {
1157 u_char snapblock[8];
1158
1159 snapblock[0] = LLC_SNAP_LSAP; /* DSAP = SNAP */
1160 snapblock[1] = LLC_SNAP_LSAP; /* SSAP = SNAP */
1161 snapblock[2] = 0x03; /* control = UI */
1162 snapblock[3] = (orgcode >> 16); /* upper 8 bits of organization code */
1163 snapblock[4] = (orgcode >> 8); /* middle 8 bits of organization code */
1164 snapblock[5] = (orgcode >> 0); /* lower 8 bits of organization code */
1165 snapblock[6] = (ptype >> 8); /* upper 8 bits of protocol type */
1166 snapblock[7] = (ptype >> 0); /* lower 8 bits of protocol type */
1167 return gen_bcmp(offset, 8, snapblock);
1168 }
1169
1170 static struct block *
1171 gen_hostop(addr, mask, dir, proto, src_off, dst_off)
1172 bpf_u_int32 addr;
1173 bpf_u_int32 mask;
1174 int dir, proto;
1175 u_int src_off, dst_off;
1176 {
1177 struct block *b0, *b1;
1178 u_int offset;
1179
1180 switch (dir) {
1181
1182 case Q_SRC:
1183 offset = src_off;
1184 break;
1185
1186 case Q_DST:
1187 offset = dst_off;
1188 break;
1189
1190 case Q_AND:
1191 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
1192 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
1193 gen_and(b0, b1);
1194 return b1;
1195
1196 case Q_OR:
1197 case Q_DEFAULT:
1198 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
1199 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
1200 gen_or(b0, b1);
1201 return b1;
1202
1203 default:
1204 abort();
1205 }
1206 b0 = gen_linktype(proto);
1207 b1 = gen_mcmp(offset, BPF_W, (bpf_int32)addr, mask);
1208 gen_and(b0, b1);
1209 return b1;
1210 }
1211
1212 #ifdef INET6
1213 static struct block *
1214 gen_hostop6(addr, mask, dir, proto, src_off, dst_off)
1215 struct in6_addr *addr;
1216 struct in6_addr *mask;
1217 int dir, proto;
1218 u_int src_off, dst_off;
1219 {
1220 struct block *b0, *b1;
1221 u_int offset;
1222 u_int32_t *a, *m;
1223
1224 switch (dir) {
1225
1226 case Q_SRC:
1227 offset = src_off;
1228 break;
1229
1230 case Q_DST:
1231 offset = dst_off;
1232 break;
1233
1234 case Q_AND:
1235 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
1236 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
1237 gen_and(b0, b1);
1238 return b1;
1239
1240 case Q_OR:
1241 case Q_DEFAULT:
1242 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
1243 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
1244 gen_or(b0, b1);
1245 return b1;
1246
1247 default:
1248 abort();
1249 }
1250 /* this order is important */
1251 a = (u_int32_t *)addr;
1252 m = (u_int32_t *)mask;
1253 b1 = gen_mcmp(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3]));
1254 b0 = gen_mcmp(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2]));
1255 gen_and(b0, b1);
1256 b0 = gen_mcmp(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1]));
1257 gen_and(b0, b1);
1258 b0 = gen_mcmp(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0]));
1259 gen_and(b0, b1);
1260 b0 = gen_linktype(proto);
1261 gen_and(b0, b1);
1262 return b1;
1263 }
1264 #endif /*INET6*/
1265
1266 static struct block *
1267 gen_ehostop(eaddr, dir)
1268 register const u_char *eaddr;
1269 register int dir;
1270 {
1271 register struct block *b0, *b1;
1272
1273 switch (dir) {
1274 case Q_SRC:
1275 return gen_bcmp(6, 6, eaddr);
1276
1277 case Q_DST:
1278 return gen_bcmp(0, 6, eaddr);
1279
1280 case Q_AND:
1281 b0 = gen_ehostop(eaddr, Q_SRC);
1282 b1 = gen_ehostop(eaddr, Q_DST);
1283 gen_and(b0, b1);
1284 return b1;
1285
1286 case Q_DEFAULT:
1287 case Q_OR:
1288 b0 = gen_ehostop(eaddr, Q_SRC);
1289 b1 = gen_ehostop(eaddr, Q_DST);
1290 gen_or(b0, b1);
1291 return b1;
1292 }
1293 abort();
1294 /* NOTREACHED */
1295 }
1296
1297 /*
1298 * Like gen_ehostop, but for DLT_FDDI
1299 */
1300 static struct block *
1301 gen_fhostop(eaddr, dir)
1302 register const u_char *eaddr;
1303 register int dir;
1304 {
1305 struct block *b0, *b1;
1306
1307 switch (dir) {
1308 case Q_SRC:
1309 #ifdef PCAP_FDDIPAD
1310 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr);
1311 #else
1312 return gen_bcmp(6 + 1, 6, eaddr);
1313 #endif
1314
1315 case Q_DST:
1316 #ifdef PCAP_FDDIPAD
1317 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr);
1318 #else
1319 return gen_bcmp(0 + 1, 6, eaddr);
1320 #endif
1321
1322 case Q_AND:
1323 b0 = gen_fhostop(eaddr, Q_SRC);
1324 b1 = gen_fhostop(eaddr, Q_DST);
1325 gen_and(b0, b1);
1326 return b1;
1327
1328 case Q_DEFAULT:
1329 case Q_OR:
1330 b0 = gen_fhostop(eaddr, Q_SRC);
1331 b1 = gen_fhostop(eaddr, Q_DST);
1332 gen_or(b0, b1);
1333 return b1;
1334 }
1335 abort();
1336 /* NOTREACHED */
1337 }
1338
1339 /*
1340 * Like gen_ehostop, but for DLT_IEEE802 (Token Ring)
1341 */
1342 static struct block *
1343 gen_thostop(eaddr, dir)
1344 register const u_char *eaddr;
1345 register int dir;
1346 {
1347 register struct block *b0, *b1;
1348
1349 switch (dir) {
1350 case Q_SRC:
1351 return gen_bcmp(8, 6, eaddr);
1352
1353 case Q_DST:
1354 return gen_bcmp(2, 6, eaddr);
1355
1356 case Q_AND:
1357 b0 = gen_thostop(eaddr, Q_SRC);
1358 b1 = gen_thostop(eaddr, Q_DST);
1359 gen_and(b0, b1);
1360 return b1;
1361
1362 case Q_DEFAULT:
1363 case Q_OR:
1364 b0 = gen_thostop(eaddr, Q_SRC);
1365 b1 = gen_thostop(eaddr, Q_DST);
1366 gen_or(b0, b1);
1367 return b1;
1368 }
1369 abort();
1370 /* NOTREACHED */
1371 }
1372
1373 /*
1374 * This is quite tricky because there may be pad bytes in front of the
1375 * DECNET header, and then there are two possible data packet formats that
1376 * carry both src and dst addresses, plus 5 packet types in a format that
1377 * carries only the src node, plus 2 types that use a different format and
1378 * also carry just the src node.
1379 *
1380 * Yuck.
1381 *
1382 * Instead of doing those all right, we just look for data packets with
1383 * 0 or 1 bytes of padding. If you want to look at other packets, that
1384 * will require a lot more hacking.
1385 *
1386 * To add support for filtering on DECNET "areas" (network numbers)
1387 * one would want to add a "mask" argument to this routine. That would
1388 * make the filter even more inefficient, although one could be clever
1389 * and not generate masking instructions if the mask is 0xFFFF.
1390 */
1391 static struct block *
1392 gen_dnhostop(addr, dir, base_off)
1393 bpf_u_int32 addr;
1394 int dir;
1395 u_int base_off;
1396 {
1397 struct block *b0, *b1, *b2, *tmp;
1398 u_int offset_lh; /* offset if long header is received */
1399 u_int offset_sh; /* offset if short header is received */
1400
1401 switch (dir) {
1402
1403 case Q_DST:
1404 offset_sh = 1; /* follows flags */
1405 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */
1406 break;
1407
1408 case Q_SRC:
1409 offset_sh = 3; /* follows flags, dstnode */
1410 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */
1411 break;
1412
1413 case Q_AND:
1414 /* Inefficient because we do our Calvinball dance twice */
1415 b0 = gen_dnhostop(addr, Q_SRC, base_off);
1416 b1 = gen_dnhostop(addr, Q_DST, base_off);
1417 gen_and(b0, b1);
1418 return b1;
1419
1420 case Q_OR:
1421 case Q_DEFAULT:
1422 /* Inefficient because we do our Calvinball dance twice */
1423 b0 = gen_dnhostop(addr, Q_SRC, base_off);
1424 b1 = gen_dnhostop(addr, Q_DST, base_off);
1425 gen_or(b0, b1);
1426 return b1;
1427
1428 case Q_ISO:
1429 bpf_error("ISO host filtering not implemented");
1430
1431 default:
1432 abort();
1433 }
1434 b0 = gen_linktype(ETHERTYPE_DN);
1435 /* Check for pad = 1, long header case */
1436 tmp = gen_mcmp(base_off + 2, BPF_H,
1437 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF));
1438 b1 = gen_cmp(base_off + 2 + 1 + offset_lh,
1439 BPF_H, (bpf_int32)ntohs(addr));
1440 gen_and(tmp, b1);
1441 /* Check for pad = 0, long header case */
1442 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7);
1443 b2 = gen_cmp(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr));
1444 gen_and(tmp, b2);
1445 gen_or(b2, b1);
1446 /* Check for pad = 1, short header case */
1447 tmp = gen_mcmp(base_off + 2, BPF_H,
1448 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF));
1449 b2 = gen_cmp(base_off + 2 + 1 + offset_sh,
1450 BPF_H, (bpf_int32)ntohs(addr));
1451 gen_and(tmp, b2);
1452 gen_or(b2, b1);
1453 /* Check for pad = 0, short header case */
1454 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7);
1455 b2 = gen_cmp(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr));
1456 gen_and(tmp, b2);
1457 gen_or(b2, b1);
1458
1459 /* Combine with test for linktype */
1460 gen_and(b0, b1);
1461 return b1;
1462 }
1463
1464 static struct block *
1465 gen_host(addr, mask, proto, dir)
1466 bpf_u_int32 addr;
1467 bpf_u_int32 mask;
1468 int proto;
1469 int dir;
1470 {
1471 struct block *b0, *b1;
1472
1473 switch (proto) {
1474
1475 case Q_DEFAULT:
1476 b0 = gen_host(addr, mask, Q_IP, dir);
1477 if (off_linktype != -1) {
1478 b1 = gen_host(addr, mask, Q_ARP, dir);
1479 gen_or(b0, b1);
1480 b0 = gen_host(addr, mask, Q_RARP, dir);
1481 gen_or(b1, b0);
1482 }
1483 return b0;
1484
1485 case Q_IP:
1486 return gen_hostop(addr, mask, dir, ETHERTYPE_IP,
1487 off_nl + 12, off_nl + 16);
1488
1489 case Q_RARP:
1490 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP,
1491 off_nl + 14, off_nl + 24);
1492
1493 case Q_ARP:
1494 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP,
1495 off_nl + 14, off_nl + 24);
1496
1497 case Q_TCP:
1498 bpf_error("'tcp' modifier applied to host");
1499
1500 case Q_UDP:
1501 bpf_error("'udp' modifier applied to host");
1502
1503 case Q_ICMP:
1504 bpf_error("'icmp' modifier applied to host");
1505
1506 case Q_IGMP:
1507 bpf_error("'igmp' modifier applied to host");
1508
1509 case Q_IGRP:
1510 bpf_error("'igrp' modifier applied to host");
1511
1512 case Q_PIM:
1513 bpf_error("'pim' modifier applied to host");
1514
1515 case Q_ATALK:
1516 bpf_error("ATALK host filtering not implemented");
1517
1518 case Q_AARP:
1519 bpf_error("AARP host filtering not implemented");
1520
1521 case Q_DECNET:
1522 return gen_dnhostop(addr, dir, off_nl);
1523
1524 case Q_SCA:
1525 bpf_error("SCA host filtering not implemented");
1526
1527 case Q_LAT:
1528 bpf_error("LAT host filtering not implemented");
1529
1530 case Q_MOPDL:
1531 bpf_error("MOPDL host filtering not implemented");
1532
1533 case Q_MOPRC:
1534 bpf_error("MOPRC host filtering not implemented");
1535
1536 #ifdef INET6
1537 case Q_IPV6:
1538 bpf_error("'ip6' modifier applied to ip host");
1539
1540 case Q_ICMPV6:
1541 bpf_error("'icmp6' modifier applied to host");
1542 #endif /* INET6 */
1543
1544 case Q_AH:
1545 bpf_error("'ah' modifier applied to host");
1546
1547 case Q_ESP:
1548 bpf_error("'esp' modifier applied to host");
1549
1550 case Q_ISO:
1551 bpf_error("ISO host filtering not implemented");
1552
1553 case Q_ESIS:
1554 bpf_error("'esis' modifier applied to host");
1555
1556 case Q_ISIS:
1557 bpf_error("'isis' modifier applied to host");
1558
1559 case Q_CLNP:
1560 bpf_error("'clnp' modifier applied to host");
1561
1562 case Q_STP:
1563 bpf_error("'stp' modifier applied to host");
1564
1565 default:
1566 abort();
1567 }
1568 /* NOTREACHED */
1569 }
1570
1571 #ifdef INET6
1572 static struct block *
1573 gen_host6(addr, mask, proto, dir)
1574 struct in6_addr *addr;
1575 struct in6_addr *mask;
1576 int proto;
1577 int dir;
1578 {
1579 switch (proto) {
1580
1581 case Q_DEFAULT:
1582 return gen_host6(addr, mask, Q_IPV6, dir);
1583
1584 case Q_IP:
1585 bpf_error("'ip' modifier applied to ip6 host");
1586
1587 case Q_RARP:
1588 bpf_error("'rarp' modifier applied to ip6 host");
1589
1590 case Q_ARP:
1591 bpf_error("'arp' modifier applied to ip6 host");
1592
1593 case Q_TCP:
1594 bpf_error("'tcp' modifier applied to host");
1595
1596 case Q_UDP:
1597 bpf_error("'udp' modifier applied to host");
1598
1599 case Q_ICMP:
1600 bpf_error("'icmp' modifier applied to host");
1601
1602 case Q_IGMP:
1603 bpf_error("'igmp' modifier applied to host");
1604
1605 case Q_IGRP:
1606 bpf_error("'igrp' modifier applied to host");
1607
1608 case Q_PIM:
1609 bpf_error("'pim' modifier applied to host");
1610
1611 case Q_ATALK:
1612 bpf_error("ATALK host filtering not implemented");
1613
1614 case Q_AARP:
1615 bpf_error("AARP host filtering not implemented");
1616
1617 case Q_DECNET:
1618 bpf_error("'decnet' modifier applied to ip6 host");
1619
1620 case Q_SCA:
1621 bpf_error("SCA host filtering not implemented");
1622
1623 case Q_LAT:
1624 bpf_error("LAT host filtering not implemented");
1625
1626 case Q_MOPDL:
1627 bpf_error("MOPDL host filtering not implemented");
1628
1629 case Q_MOPRC:
1630 bpf_error("MOPRC host filtering not implemented");
1631
1632 case Q_IPV6:
1633 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6,
1634 off_nl + 8, off_nl + 24);
1635
1636 case Q_ICMPV6:
1637 bpf_error("'icmp6' modifier applied to host");
1638
1639 case Q_AH:
1640 bpf_error("'ah' modifier applied to host");
1641
1642 case Q_ESP:
1643 bpf_error("'esp' modifier applied to host");
1644
1645 case Q_ISO:
1646 bpf_error("ISO host filtering not implemented");
1647
1648 case Q_ESIS:
1649 bpf_error("'esis' modifier applied to host");
1650
1651 case Q_ISIS:
1652 bpf_error("'isis' modifier applied to host");
1653
1654 case Q_CLNP:
1655 bpf_error("'clnp' modifier applied to host");
1656
1657 case Q_STP:
1658 bpf_error("'stp' modifier applied to host");
1659
1660 default:
1661 abort();
1662 }
1663 /* NOTREACHED */
1664 }
1665 #endif /*INET6*/
1666
1667 #ifndef INET6
1668 static struct block *
1669 gen_gateway(eaddr, alist, proto, dir)
1670 const u_char *eaddr;
1671 bpf_u_int32 **alist;
1672 int proto;
1673 int dir;
1674 {
1675 struct block *b0, *b1, *tmp;
1676
1677 if (dir != 0)
1678 bpf_error("direction applied to 'gateway'");
1679
1680 switch (proto) {
1681 case Q_DEFAULT:
1682 case Q_IP:
1683 case Q_ARP:
1684 case Q_RARP:
1685 if (linktype == DLT_EN10MB)
1686 b0 = gen_ehostop(eaddr, Q_OR);
1687 else if (linktype == DLT_FDDI)
1688 b0 = gen_fhostop(eaddr, Q_OR);
1689 else if (linktype == DLT_IEEE802)
1690 b0 = gen_thostop(eaddr, Q_OR);
1691 else
1692 bpf_error(
1693 "'gateway' supported only on ethernet, FDDI or token ring");
1694
1695 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR);
1696 while (*alist) {
1697 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR);
1698 gen_or(b1, tmp);
1699 b1 = tmp;
1700 }
1701 gen_not(b1);
1702 gen_and(b0, b1);
1703 return b1;
1704 }
1705 bpf_error("illegal modifier of 'gateway'");
1706 /* NOTREACHED */
1707 }
1708 #endif
1709
1710 struct block *
1711 gen_proto_abbrev(proto)
1712 int proto;
1713 {
1714 #ifdef INET6
1715 struct block *b0;
1716 #endif
1717 struct block *b1;
1718
1719 switch (proto) {
1720
1721 case Q_TCP:
1722 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT);
1723 #ifdef INET6
1724 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT);
1725 gen_or(b0, b1);
1726 #endif
1727 break;
1728
1729 case Q_UDP:
1730 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT);
1731 #ifdef INET6
1732 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT);
1733 gen_or(b0, b1);
1734 #endif
1735 break;
1736
1737 case Q_ICMP:
1738 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT);
1739 break;
1740
1741 #ifndef IPPROTO_IGMP
1742 #define IPPROTO_IGMP 2
1743 #endif
1744
1745 case Q_IGMP:
1746 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT);
1747 break;
1748
1749 #ifndef IPPROTO_IGRP
1750 #define IPPROTO_IGRP 9
1751 #endif
1752 case Q_IGRP:
1753 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT);
1754 break;
1755
1756 #ifndef IPPROTO_PIM
1757 #define IPPROTO_PIM 103
1758 #endif
1759
1760 case Q_PIM:
1761 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT);
1762 #ifdef INET6
1763 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT);
1764 gen_or(b0, b1);
1765 #endif
1766 break;
1767
1768 case Q_IP:
1769 b1 = gen_linktype(ETHERTYPE_IP);
1770 break;
1771
1772 case Q_ARP:
1773 b1 = gen_linktype(ETHERTYPE_ARP);
1774 break;
1775
1776 case Q_RARP:
1777 b1 = gen_linktype(ETHERTYPE_REVARP);
1778 break;
1779
1780 case Q_LINK:
1781 bpf_error("link layer applied in wrong context");
1782
1783 case Q_ATALK:
1784 b1 = gen_linktype(ETHERTYPE_ATALK);
1785 break;
1786
1787 case Q_AARP:
1788 b1 = gen_linktype(ETHERTYPE_AARP);
1789 break;
1790
1791 case Q_DECNET:
1792 b1 = gen_linktype(ETHERTYPE_DN);
1793 break;
1794
1795 case Q_SCA:
1796 b1 = gen_linktype(ETHERTYPE_SCA);
1797 break;
1798
1799 case Q_LAT:
1800 b1 = gen_linktype(ETHERTYPE_LAT);
1801 break;
1802
1803 case Q_MOPDL:
1804 b1 = gen_linktype(ETHERTYPE_MOPDL);
1805 break;
1806
1807 case Q_MOPRC:
1808 b1 = gen_linktype(ETHERTYPE_MOPRC);
1809 break;
1810
1811 #ifdef INET6
1812 case Q_IPV6:
1813 b1 = gen_linktype(ETHERTYPE_IPV6);
1814 break;
1815
1816 #ifndef IPPROTO_ICMPV6
1817 #define IPPROTO_ICMPV6 58
1818 #endif
1819 case Q_ICMPV6:
1820 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT);
1821 break;
1822 #endif /* INET6 */
1823
1824 #ifndef IPPROTO_AH
1825 #define IPPROTO_AH 51
1826 #endif
1827 case Q_AH:
1828 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT);
1829 #ifdef INET6
1830 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT);
1831 gen_or(b0, b1);
1832 #endif
1833 break;
1834
1835 #ifndef IPPROTO_ESP
1836 #define IPPROTO_ESP 50
1837 #endif
1838 case Q_ESP:
1839 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT);
1840 #ifdef INET6
1841 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT);
1842 gen_or(b0, b1);
1843 #endif
1844 break;
1845
1846 case Q_ISO:
1847 b1 = gen_linktype(LLC_ISO_LSAP);
1848 break;
1849
1850 case Q_ESIS:
1851 b1 = gen_proto(ISO9542_ESIS, Q_ISO, Q_DEFAULT);
1852 break;
1853
1854 case Q_ISIS:
1855 b1 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT);
1856 break;
1857
1858 case Q_CLNP:
1859 b1 = gen_proto(ISO8473_CLNP, Q_ISO, Q_DEFAULT);
1860 break;
1861
1862 case Q_STP:
1863 b1 = gen_linktype(LLC_STP_LSAP);
1864 break;
1865
1866 default:
1867 abort();
1868 }
1869 return b1;
1870 }
1871
1872 static struct block *
1873 gen_ipfrag()
1874 {
1875 struct slist *s;
1876 struct block *b;
1877
1878 /* not ip frag */
1879 s = new_stmt(BPF_LD|BPF_H|BPF_ABS);
1880 s->s.k = off_nl + 6;
1881 b = new_block(JMP(BPF_JSET));
1882 b->s.k = 0x1fff;
1883 b->stmts = s;
1884 gen_not(b);
1885
1886 return b;
1887 }
1888
1889 static struct block *
1890 gen_portatom(off, v)
1891 int off;
1892 bpf_int32 v;
1893 {
1894 struct slist *s;
1895 struct block *b;
1896
1897 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
1898 s->s.k = off_nl;
1899
1900 s->next = new_stmt(BPF_LD|BPF_IND|BPF_H);
1901 s->next->s.k = off_nl + off;
1902
1903 b = new_block(JMP(BPF_JEQ));
1904 b->stmts = s;
1905 b->s.k = v;
1906
1907 return b;
1908 }
1909
1910 #ifdef INET6
1911 static struct block *
1912 gen_portatom6(off, v)
1913 int off;
1914 bpf_int32 v;
1915 {
1916 return gen_cmp(off_nl + 40 + off, BPF_H, v);
1917 }
1918 #endif/*INET6*/
1919
1920 struct block *
1921 gen_portop(port, proto, dir)
1922 int port, proto, dir;
1923 {
1924 struct block *b0, *b1, *tmp;
1925
1926 /* ip proto 'proto' */
1927 tmp = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)proto);
1928 b0 = gen_ipfrag();
1929 gen_and(tmp, b0);
1930
1931 switch (dir) {
1932 case Q_SRC:
1933 b1 = gen_portatom(0, (bpf_int32)port);
1934 break;
1935
1936 case Q_DST:
1937 b1 = gen_portatom(2, (bpf_int32)port);
1938 break;
1939
1940 case Q_OR:
1941 case Q_DEFAULT:
1942 tmp = gen_portatom(0, (bpf_int32)port);
1943 b1 = gen_portatom(2, (bpf_int32)port);
1944 gen_or(tmp, b1);
1945 break;
1946
1947 case Q_AND:
1948 tmp = gen_portatom(0, (bpf_int32)port);
1949 b1 = gen_portatom(2, (bpf_int32)port);
1950 gen_and(tmp, b1);
1951 break;
1952
1953 default:
1954 abort();
1955 }
1956 gen_and(b0, b1);
1957
1958 return b1;
1959 }
1960
1961 static struct block *
1962 gen_port(port, ip_proto, dir)
1963 int port;
1964 int ip_proto;
1965 int dir;
1966 {
1967 struct block *b0, *b1, *tmp;
1968
1969 /* ether proto ip */
1970 b0 = gen_linktype(ETHERTYPE_IP);
1971
1972 switch (ip_proto) {
1973 case IPPROTO_UDP:
1974 case IPPROTO_TCP:
1975 b1 = gen_portop(port, ip_proto, dir);
1976 break;
1977
1978 case PROTO_UNDEF:
1979 tmp = gen_portop(port, IPPROTO_TCP, dir);
1980 b1 = gen_portop(port, IPPROTO_UDP, dir);
1981 gen_or(tmp, b1);
1982 break;
1983
1984 default:
1985 abort();
1986 }
1987 gen_and(b0, b1);
1988 return b1;
1989 }
1990
1991 #ifdef INET6
1992 struct block *
1993 gen_portop6(port, proto, dir)
1994 int port, proto, dir;
1995 {
1996 struct block *b0, *b1, *tmp;
1997
1998 /* ip proto 'proto' */
1999 b0 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)proto);
2000
2001 switch (dir) {
2002 case Q_SRC:
2003 b1 = gen_portatom6(0, (bpf_int32)port);
2004 break;
2005
2006 case Q_DST:
2007 b1 = gen_portatom6(2, (bpf_int32)port);
2008 break;
2009
2010 case Q_OR:
2011 case Q_DEFAULT:
2012 tmp = gen_portatom6(0, (bpf_int32)port);
2013 b1 = gen_portatom6(2, (bpf_int32)port);
2014 gen_or(tmp, b1);
2015 break;
2016
2017 case Q_AND:
2018 tmp = gen_portatom6(0, (bpf_int32)port);
2019 b1 = gen_portatom6(2, (bpf_int32)port);
2020 gen_and(tmp, b1);
2021 break;
2022
2023 default:
2024 abort();
2025 }
2026 gen_and(b0, b1);
2027
2028 return b1;
2029 }
2030
2031 static struct block *
2032 gen_port6(port, ip_proto, dir)
2033 int port;
2034 int ip_proto;
2035 int dir;
2036 {
2037 struct block *b0, *b1, *tmp;
2038
2039 /* ether proto ip */
2040 b0 = gen_linktype(ETHERTYPE_IPV6);
2041
2042 switch (ip_proto) {
2043 case IPPROTO_UDP:
2044 case IPPROTO_TCP:
2045 b1 = gen_portop6(port, ip_proto, dir);
2046 break;
2047
2048 case PROTO_UNDEF:
2049 tmp = gen_portop6(port, IPPROTO_TCP, dir);
2050 b1 = gen_portop6(port, IPPROTO_UDP, dir);
2051 gen_or(tmp, b1);
2052 break;
2053
2054 default:
2055 abort();
2056 }
2057 gen_and(b0, b1);
2058 return b1;
2059 }
2060 #endif /* INET6 */
2061
2062 static int
2063 lookup_proto(name, proto)
2064 register const char *name;
2065 register int proto;
2066 {
2067 register int v;
2068
2069 switch (proto) {
2070
2071 case Q_DEFAULT:
2072 case Q_IP:
2073 v = pcap_nametoproto(name);
2074 if (v == PROTO_UNDEF)
2075 bpf_error("unknown ip proto '%s'", name);
2076 break;
2077
2078 case Q_LINK:
2079 /* XXX should look up h/w protocol type based on linktype */
2080 v = pcap_nametoeproto(name);
2081 if (v == PROTO_UNDEF)
2082 bpf_error("unknown ether proto '%s'", name);
2083 break;
2084
2085 case Q_ISO:
2086 if (strcmp(name, "esis") == 0)
2087 v = ISO9542_ESIS;
2088 else if (strcmp(name, "isis") == 0)
2089 v = ISO10589_ISIS;
2090 else if (strcmp(name, "clnp") == 0)
2091 v = ISO8473_CLNP;
2092 else
2093 bpf_error("unknown osi proto '%s'", name);
2094 break;
2095
2096 default:
2097 v = PROTO_UNDEF;
2098 break;
2099 }
2100 return v;
2101 }
2102
2103 #if 0
2104 struct stmt *
2105 gen_joinsp(s, n)
2106 struct stmt **s;
2107 int n;
2108 {
2109 return NULL;
2110 }
2111 #endif
2112
2113 static struct block *
2114 gen_protochain(v, proto, dir)
2115 int v;
2116 int proto;
2117 int dir;
2118 {
2119 #ifdef NO_PROTOCHAIN
2120 return gen_proto(v, proto, dir);
2121 #else
2122 struct block *b0, *b;
2123 struct slist *s[100];
2124 int fix2, fix3, fix4, fix5;
2125 int ahcheck, again, end;
2126 int i, max;
2127 int reg2 = alloc_reg();
2128
2129 memset(s, 0, sizeof(s));
2130 fix2 = fix3 = fix4 = fix5 = 0;
2131
2132 switch (proto) {
2133 case Q_IP:
2134 case Q_IPV6:
2135 break;
2136 case Q_DEFAULT:
2137 b0 = gen_protochain(v, Q_IP, dir);
2138 b = gen_protochain(v, Q_IPV6, dir);
2139 gen_or(b0, b);
2140 return b;
2141 default:
2142 bpf_error("bad protocol applied for 'protochain'");
2143 /*NOTREACHED*/
2144 }
2145
2146 no_optimize = 1; /*this code is not compatible with optimzer yet */
2147
2148 /*
2149 * s[0] is a dummy entry to protect other BPF insn from damaged
2150 * by s[fix] = foo with uninitialized variable "fix". It is somewhat
2151 * hard to find interdependency made by jump table fixup.
2152 */
2153 i = 0;
2154 s[i] = new_stmt(0); /*dummy*/
2155 i++;
2156
2157 switch (proto) {
2158 case Q_IP:
2159 b0 = gen_linktype(ETHERTYPE_IP);
2160
2161 /* A = ip->ip_p */
2162 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
2163 s[i]->s.k = off_nl + 9;
2164 i++;
2165 /* X = ip->ip_hl << 2 */
2166 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
2167 s[i]->s.k = off_nl;
2168 i++;
2169 break;
2170 #ifdef INET6
2171 case Q_IPV6:
2172 b0 = gen_linktype(ETHERTYPE_IPV6);
2173
2174 /* A = ip6->ip_nxt */
2175 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
2176 s[i]->s.k = off_nl + 6;
2177 i++;
2178 /* X = sizeof(struct ip6_hdr) */
2179 s[i] = new_stmt(BPF_LDX|BPF_IMM);
2180 s[i]->s.k = 40;
2181 i++;
2182 break;
2183 #endif
2184 default:
2185 bpf_error("unsupported proto to gen_protochain");
2186 /*NOTREACHED*/
2187 }
2188
2189 /* again: if (A == v) goto end; else fall through; */
2190 again = i;
2191 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2192 s[i]->s.k = v;
2193 s[i]->s.jt = NULL; /*later*/
2194 s[i]->s.jf = NULL; /*update in next stmt*/
2195 fix5 = i;
2196 i++;
2197
2198 #ifndef IPPROTO_NONE
2199 #define IPPROTO_NONE 59
2200 #endif
2201 /* if (A == IPPROTO_NONE) goto end */
2202 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2203 s[i]->s.jt = NULL; /*later*/
2204 s[i]->s.jf = NULL; /*update in next stmt*/
2205 s[i]->s.k = IPPROTO_NONE;
2206 s[fix5]->s.jf = s[i];
2207 fix2 = i;
2208 i++;
2209
2210 #ifdef INET6
2211 if (proto == Q_IPV6) {
2212 int v6start, v6end, v6advance, j;
2213
2214 v6start = i;
2215 /* if (A == IPPROTO_HOPOPTS) goto v6advance */
2216 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2217 s[i]->s.jt = NULL; /*later*/
2218 s[i]->s.jf = NULL; /*update in next stmt*/
2219 s[i]->s.k = IPPROTO_HOPOPTS;
2220 s[fix2]->s.jf = s[i];
2221 i++;
2222 /* if (A == IPPROTO_DSTOPTS) goto v6advance */
2223 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2224 s[i]->s.jt = NULL; /*later*/
2225 s[i]->s.jf = NULL; /*update in next stmt*/
2226 s[i]->s.k = IPPROTO_DSTOPTS;
2227 i++;
2228 /* if (A == IPPROTO_ROUTING) goto v6advance */
2229 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2230 s[i]->s.jt = NULL; /*later*/
2231 s[i]->s.jf = NULL; /*update in next stmt*/
2232 s[i]->s.k = IPPROTO_ROUTING;
2233 i++;
2234 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */
2235 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2236 s[i]->s.jt = NULL; /*later*/
2237 s[i]->s.jf = NULL; /*later*/
2238 s[i]->s.k = IPPROTO_FRAGMENT;
2239 fix3 = i;
2240 v6end = i;
2241 i++;
2242
2243 /* v6advance: */
2244 v6advance = i;
2245
2246 /*
2247 * in short,
2248 * A = P[X];
2249 * X = X + (P[X + 1] + 1) * 8;
2250 */
2251 /* A = X */
2252 s[i] = new_stmt(BPF_MISC|BPF_TXA);
2253 i++;
2254 /* A = P[X + packet head] */
2255 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2256 s[i]->s.k = off_nl;
2257 i++;
2258 /* MEM[reg2] = A */
2259 s[i] = new_stmt(BPF_ST);
2260 s[i]->s.k = reg2;
2261 i++;
2262 /* A = X */
2263 s[i] = new_stmt(BPF_MISC|BPF_TXA);
2264 i++;
2265 /* A += 1 */
2266 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2267 s[i]->s.k = 1;
2268 i++;
2269 /* X = A */
2270 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2271 i++;
2272 /* A = P[X + packet head]; */
2273 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2274 s[i]->s.k = off_nl;
2275 i++;
2276 /* A += 1 */
2277 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2278 s[i]->s.k = 1;
2279 i++;
2280 /* A *= 8 */
2281 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
2282 s[i]->s.k = 8;
2283 i++;
2284 /* X = A; */
2285 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2286 i++;
2287 /* A = MEM[reg2] */
2288 s[i] = new_stmt(BPF_LD|BPF_MEM);
2289 s[i]->s.k = reg2;
2290 i++;
2291
2292 /* goto again; (must use BPF_JA for backward jump) */
2293 s[i] = new_stmt(BPF_JMP|BPF_JA);
2294 s[i]->s.k = again - i - 1;
2295 s[i - 1]->s.jf = s[i];
2296 i++;
2297
2298 /* fixup */
2299 for (j = v6start; j <= v6end; j++)
2300 s[j]->s.jt = s[v6advance];
2301 } else
2302 #endif
2303 {
2304 /* nop */
2305 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2306 s[i]->s.k = 0;
2307 s[fix2]->s.jf = s[i];
2308 i++;
2309 }
2310
2311 /* ahcheck: */
2312 ahcheck = i;
2313 /* if (A == IPPROTO_AH) then fall through; else goto end; */
2314 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2315 s[i]->s.jt = NULL; /*later*/
2316 s[i]->s.jf = NULL; /*later*/
2317 s[i]->s.k = IPPROTO_AH;
2318 if (fix3)
2319 s[fix3]->s.jf = s[ahcheck];
2320 fix4 = i;
2321 i++;
2322
2323 /*
2324 * in short,
2325 * A = P[X];
2326 * X = X + (P[X + 1] + 2) * 4;
2327 */
2328 /* A = X */
2329 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
2330 i++;
2331 /* A = P[X + packet head]; */
2332 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2333 s[i]->s.k = off_nl;
2334 i++;
2335 /* MEM[reg2] = A */
2336 s[i] = new_stmt(BPF_ST);
2337 s[i]->s.k = reg2;
2338 i++;
2339 /* A = X */
2340 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
2341 i++;
2342 /* A += 1 */
2343 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2344 s[i]->s.k = 1;
2345 i++;
2346 /* X = A */
2347 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2348 i++;
2349 /* A = P[X + packet head] */
2350 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2351 s[i]->s.k = off_nl;
2352 i++;
2353 /* A += 2 */
2354 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2355 s[i]->s.k = 2;
2356 i++;
2357 /* A *= 4 */
2358 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
2359 s[i]->s.k = 4;
2360 i++;
2361 /* X = A; */
2362 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2363 i++;
2364 /* A = MEM[reg2] */
2365 s[i] = new_stmt(BPF_LD|BPF_MEM);
2366 s[i]->s.k = reg2;
2367 i++;
2368
2369 /* goto again; (must use BPF_JA for backward jump) */
2370 s[i] = new_stmt(BPF_JMP|BPF_JA);
2371 s[i]->s.k = again - i - 1;
2372 i++;
2373
2374 /* end: nop */
2375 end = i;
2376 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2377 s[i]->s.k = 0;
2378 s[fix2]->s.jt = s[end];
2379 s[fix4]->s.jf = s[end];
2380 s[fix5]->s.jt = s[end];
2381 i++;
2382
2383 /*
2384 * make slist chain
2385 */
2386 max = i;
2387 for (i = 0; i < max - 1; i++)
2388 s[i]->next = s[i + 1];
2389 s[max - 1]->next = NULL;
2390
2391 /*
2392 * emit final check
2393 */
2394 b = new_block(JMP(BPF_JEQ));
2395 b->stmts = s[1]; /*remember, s[0] is dummy*/
2396 b->s.k = v;
2397
2398 free_reg(reg2);
2399
2400 gen_and(b0, b);
2401 return b;
2402 #endif
2403 }
2404
2405 static struct block *
2406 gen_proto(v, proto, dir)
2407 int v;
2408 int proto;
2409 int dir;
2410 {
2411 struct block *b0, *b1;
2412
2413 if (dir != Q_DEFAULT)
2414 bpf_error("direction applied to 'proto'");
2415
2416 switch (proto) {
2417 case Q_DEFAULT:
2418 #ifdef INET6
2419 b0 = gen_proto(v, Q_IP, dir);
2420 b1 = gen_proto(v, Q_IPV6, dir);
2421 gen_or(b0, b1);
2422 return b1;
2423 #else
2424 /*FALLTHROUGH*/
2425 #endif
2426 case Q_IP:
2427 b0 = gen_linktype(ETHERTYPE_IP);
2428 #ifndef CHASE_CHAIN
2429 b1 = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)v);
2430 #else
2431 b1 = gen_protochain(v, Q_IP);
2432 #endif
2433 gen_and(b0, b1);
2434 return b1;
2435
2436 case Q_ISO:
2437 b0 = gen_linktype(LLC_ISO_LSAP);
2438 b1 = gen_cmp(off_nl + 3, BPF_B, (long)v);
2439 gen_and(b0, b1);
2440 return b1;
2441
2442 case Q_ARP:
2443 bpf_error("arp does not encapsulate another protocol");
2444 /* NOTREACHED */
2445
2446 case Q_RARP:
2447 bpf_error("rarp does not encapsulate another protocol");
2448 /* NOTREACHED */
2449
2450 case Q_ATALK:
2451 bpf_error("atalk encapsulation is not specifiable");
2452 /* NOTREACHED */
2453
2454 case Q_DECNET:
2455 bpf_error("decnet encapsulation is not specifiable");
2456 /* NOTREACHED */
2457
2458 case Q_SCA:
2459 bpf_error("sca does not encapsulate another protocol");
2460 /* NOTREACHED */
2461
2462 case Q_LAT:
2463 bpf_error("lat does not encapsulate another protocol");
2464 /* NOTREACHED */
2465
2466 case Q_MOPRC:
2467 bpf_error("moprc does not encapsulate another protocol");
2468 /* NOTREACHED */
2469
2470 case Q_MOPDL:
2471 bpf_error("mopdl does not encapsulate another protocol");
2472 /* NOTREACHED */
2473
2474 case Q_LINK:
2475 return gen_linktype(v);
2476
2477 case Q_UDP:
2478 bpf_error("'udp proto' is bogus");
2479 /* NOTREACHED */
2480
2481 case Q_TCP:
2482 bpf_error("'tcp proto' is bogus");
2483 /* NOTREACHED */
2484
2485 case Q_ICMP:
2486 bpf_error("'icmp proto' is bogus");
2487 /* NOTREACHED */
2488
2489 case Q_IGMP:
2490 bpf_error("'igmp proto' is bogus");
2491 /* NOTREACHED */
2492
2493 case Q_IGRP:
2494 bpf_error("'igrp proto' is bogus");
2495 /* NOTREACHED */
2496
2497 case Q_PIM:
2498 bpf_error("'pim proto' is bogus");
2499 /* NOTREACHED */
2500
2501 #ifdef INET6
2502 case Q_IPV6:
2503 b0 = gen_linktype(ETHERTYPE_IPV6);
2504 #ifndef CHASE_CHAIN
2505 b1 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)v);
2506 #else
2507 b1 = gen_protochain(v, Q_IPV6);
2508 #endif
2509 gen_and(b0, b1);
2510 return b1;
2511
2512 case Q_ICMPV6:
2513 bpf_error("'icmp6 proto' is bogus");
2514 #endif /* INET6 */
2515
2516 case Q_AH:
2517 bpf_error("'ah proto' is bogus");
2518
2519 case Q_ESP:
2520 bpf_error("'ah proto' is bogus");
2521
2522 case Q_STP:
2523 bpf_error("'stp proto' is bogus");
2524
2525 default:
2526 abort();
2527 /* NOTREACHED */
2528 }
2529 /* NOTREACHED */
2530 }
2531
2532 struct block *
2533 gen_scode(name, q)
2534 register const char *name;
2535 struct qual q;
2536 {
2537 int proto = q.proto;
2538 int dir = q.dir;
2539 int tproto;
2540 u_char *eaddr;
2541 bpf_u_int32 mask, addr;
2542 #ifndef INET6
2543 bpf_u_int32 **alist;
2544 #else
2545 int tproto6;
2546 struct sockaddr_in *sin;
2547 struct sockaddr_in6 *sin6;
2548 struct addrinfo *res, *res0;
2549 struct in6_addr mask128;
2550 #endif /*INET6*/
2551 struct block *b, *tmp;
2552 int port, real_proto;
2553
2554 switch (q.addr) {
2555
2556 case Q_NET:
2557 addr = pcap_nametonetaddr(name);
2558 if (addr == 0)
2559 bpf_error("unknown network '%s'", name);
2560 /* Left justify network addr and calculate its network mask */
2561 mask = 0xffffffff;
2562 while (addr && (addr & 0xff000000) == 0) {
2563 addr <<= 8;
2564 mask <<= 8;
2565 }
2566 return gen_host(addr, mask, proto, dir);
2567
2568 case Q_DEFAULT:
2569 case Q_HOST:
2570 if (proto == Q_LINK) {
2571 switch (linktype) {
2572
2573 case DLT_EN10MB:
2574 eaddr = pcap_ether_hostton(name);
2575 if (eaddr == NULL)
2576 bpf_error(
2577 "unknown ether host '%s'", name);
2578 return gen_ehostop(eaddr, dir);
2579
2580 case DLT_FDDI:
2581 eaddr = pcap_ether_hostton(name);
2582 if (eaddr == NULL)
2583 bpf_error(
2584 "unknown FDDI host '%s'", name);
2585 return gen_fhostop(eaddr, dir);
2586
2587 case DLT_IEEE802:
2588 eaddr = pcap_ether_hostton(name);
2589 if (eaddr == NULL)
2590 bpf_error(
2591 "unknown token ring host '%s'", name);
2592 return gen_thostop(eaddr, dir);
2593
2594 default:
2595 bpf_error(
2596 "only ethernet/FDDI/token ring supports link-level host name");
2597 break;
2598 }
2599 } else if (proto == Q_DECNET) {
2600 unsigned short dn_addr = __pcap_nametodnaddr(name);
2601 /*
2602 * I don't think DECNET hosts can be multihomed, so
2603 * there is no need to build up a list of addresses
2604 */
2605 return (gen_host(dn_addr, 0, proto, dir));
2606 } else {
2607 #ifndef INET6
2608 alist = pcap_nametoaddr(name);
2609 if (alist == NULL || *alist == NULL)
2610 bpf_error("unknown host '%s'", name);
2611 tproto = proto;
2612 if (off_linktype == -1 && tproto == Q_DEFAULT)
2613 tproto = Q_IP;
2614 b = gen_host(**alist++, 0xffffffff, tproto, dir);
2615 while (*alist) {
2616 tmp = gen_host(**alist++, 0xffffffff,
2617 tproto, dir);
2618 gen_or(b, tmp);
2619 b = tmp;
2620 }
2621 return b;
2622 #else
2623 memset(&mask128, 0xff, sizeof(mask128));
2624 res0 = res = pcap_nametoaddrinfo(name);
2625 if (res == NULL)
2626 bpf_error("unknown host '%s'", name);
2627 b = tmp = NULL;
2628 tproto = tproto6 = proto;
2629 if (off_linktype == -1 && tproto == Q_DEFAULT) {
2630 tproto = Q_IP;
2631 tproto6 = Q_IPV6;
2632 }
2633 for (res = res0; res; res = res->ai_next) {
2634 switch (res->ai_family) {
2635 case AF_INET:
2636 if (tproto == Q_IPV6)
2637 continue;
2638
2639 sin = (struct sockaddr_in *)
2640 res->ai_addr;
2641 tmp = gen_host(ntohl(sin->sin_addr.s_addr),
2642 0xffffffff, tproto, dir);
2643 break;
2644 case AF_INET6:
2645 if (tproto6 == Q_IP)
2646 continue;
2647
2648 sin6 = (struct sockaddr_in6 *)
2649 res->ai_addr;
2650 tmp = gen_host6(&sin6->sin6_addr,
2651 &mask128, tproto6, dir);
2652 break;
2653 }
2654 if (b)
2655 gen_or(b, tmp);
2656 b = tmp;
2657 }
2658 freeaddrinfo(res0);
2659 if (b == NULL) {
2660 bpf_error("unknown host '%s'%s", name,
2661 (proto == Q_DEFAULT)
2662 ? ""
2663 : " for specified address family");
2664 }
2665 return b;
2666 #endif /*INET6*/
2667 }
2668
2669 case Q_PORT:
2670 if (proto != Q_DEFAULT && proto != Q_UDP && proto != Q_TCP)
2671 bpf_error("illegal qualifier of 'port'");
2672 if (pcap_nametoport(name, &port, &real_proto) == 0)
2673 bpf_error("unknown port '%s'", name);
2674 if (proto == Q_UDP) {
2675 if (real_proto == IPPROTO_TCP)
2676 bpf_error("port '%s' is tcp", name);
2677 else
2678 /* override PROTO_UNDEF */
2679 real_proto = IPPROTO_UDP;
2680 }
2681 if (proto == Q_TCP) {
2682 if (real_proto == IPPROTO_UDP)
2683 bpf_error("port '%s' is udp", name);
2684 else
2685 /* override PROTO_UNDEF */
2686 real_proto = IPPROTO_TCP;
2687 }
2688 #ifndef INET6
2689 return gen_port(port, real_proto, dir);
2690 #else
2691 {
2692 struct block *b;
2693 b = gen_port(port, real_proto, dir);
2694 gen_or(gen_port6(port, real_proto, dir), b);
2695 return b;
2696 }
2697 #endif /* INET6 */
2698
2699 case Q_GATEWAY:
2700 #ifndef INET6
2701 eaddr = pcap_ether_hostton(name);
2702 if (eaddr == NULL)
2703 bpf_error("unknown ether host: %s", name);
2704
2705 alist = pcap_nametoaddr(name);
2706 if (alist == NULL || *alist == NULL)
2707 bpf_error("unknown host '%s'", name);
2708 return gen_gateway(eaddr, alist, proto, dir);
2709 #else
2710 bpf_error("'gateway' not supported in this configuration");
2711 #endif /*INET6*/
2712
2713 case Q_PROTO:
2714 real_proto = lookup_proto(name, proto);
2715 if (real_proto >= 0)
2716 return gen_proto(real_proto, proto, dir);
2717 else
2718 bpf_error("unknown protocol: %s", name);
2719
2720 case Q_PROTOCHAIN:
2721 real_proto = lookup_proto(name, proto);
2722 if (real_proto >= 0)
2723 return gen_protochain(real_proto, proto, dir);
2724 else
2725 bpf_error("unknown protocol: %s", name);
2726
2727
2728 case Q_UNDEF:
2729 syntax();
2730 /* NOTREACHED */
2731 }
2732 abort();
2733 /* NOTREACHED */
2734 }
2735
2736 struct block *
2737 gen_mcode(s1, s2, masklen, q)
2738 register const char *s1, *s2;
2739 register int masklen;
2740 struct qual q;
2741 {
2742 register int nlen, mlen;
2743 bpf_u_int32 n, m;
2744
2745 nlen = __pcap_atoin(s1, &n);
2746 /* Promote short ipaddr */
2747 n <<= 32 - nlen;
2748
2749 if (s2 != NULL) {
2750 mlen = __pcap_atoin(s2, &m);
2751 /* Promote short ipaddr */
2752 m <<= 32 - mlen;
2753 if ((n & ~m) != 0)
2754 bpf_error("non-network bits set in \"%s mask %s\"",
2755 s1, s2);
2756 } else {
2757 /* Convert mask len to mask */
2758 if (masklen > 32)
2759 bpf_error("mask length must be <= 32");
2760 m = 0xffffffff << (32 - masklen);
2761 if ((n & ~m) != 0)
2762 bpf_error("non-network bits set in \"%s/%d\"",
2763 s1, masklen);
2764 }
2765
2766 switch (q.addr) {
2767
2768 case Q_NET:
2769 return gen_host(n, m, q.proto, q.dir);
2770
2771 default:
2772 bpf_error("Mask syntax for networks only");
2773 /* NOTREACHED */
2774 }
2775 }
2776
2777 struct block *
2778 gen_ncode(s, v, q)
2779 register const char *s;
2780 bpf_u_int32 v;
2781 struct qual q;
2782 {
2783 bpf_u_int32 mask;
2784 int proto = q.proto;
2785 int dir = q.dir;
2786 register int vlen;
2787
2788 if (s == NULL)
2789 vlen = 32;
2790 else if (q.proto == Q_DECNET)
2791 vlen = __pcap_atodn(s, &v);
2792 else
2793 vlen = __pcap_atoin(s, &v);
2794
2795 switch (q.addr) {
2796
2797 case Q_DEFAULT:
2798 case Q_HOST:
2799 case Q_NET:
2800 if (proto == Q_DECNET)
2801 return gen_host(v, 0, proto, dir);
2802 else if (proto == Q_LINK) {
2803 bpf_error("illegal link layer address");
2804 } else {
2805 mask = 0xffffffff;
2806 if (s == NULL && q.addr == Q_NET) {
2807 /* Promote short net number */
2808 while (v && (v & 0xff000000) == 0) {
2809 v <<= 8;
2810 mask <<= 8;
2811 }
2812 } else {
2813 /* Promote short ipaddr */
2814 v <<= 32 - vlen;
2815 mask <<= 32 - vlen;
2816 }
2817 return gen_host(v, mask, proto, dir);
2818 }
2819
2820 case Q_PORT:
2821 if (proto == Q_UDP)
2822 proto = IPPROTO_UDP;
2823 else if (proto == Q_TCP)
2824 proto = IPPROTO_TCP;
2825 else if (proto == Q_DEFAULT)
2826 proto = PROTO_UNDEF;
2827 else
2828 bpf_error("illegal qualifier of 'port'");
2829
2830 #ifndef INET6
2831 return gen_port((int)v, proto, dir);
2832 #else
2833 {
2834 struct block *b;
2835 b = gen_port((int)v, proto, dir);
2836 gen_or(gen_port6((int)v, proto, dir), b);
2837 return b;
2838 }
2839 #endif /* INET6 */
2840
2841 case Q_GATEWAY:
2842 bpf_error("'gateway' requires a name");
2843 /* NOTREACHED */
2844
2845 case Q_PROTO:
2846 return gen_proto((int)v, proto, dir);
2847
2848 case Q_PROTOCHAIN:
2849 return gen_protochain((int)v, proto, dir);
2850
2851 case Q_UNDEF:
2852 syntax();
2853 /* NOTREACHED */
2854
2855 default:
2856 abort();
2857 /* NOTREACHED */
2858 }
2859 /* NOTREACHED */
2860 }
2861
2862 #ifdef INET6
2863 struct block *
2864 gen_mcode6(s1, s2, masklen, q)
2865 register const char *s1, *s2;
2866 register int masklen;
2867 struct qual q;
2868 {
2869 struct addrinfo *res;
2870 struct in6_addr *addr;
2871 struct in6_addr mask;
2872 struct block *b;
2873 u_int32_t *a, *m;
2874
2875 if (s2)
2876 bpf_error("no mask %s supported", s2);
2877
2878 res = pcap_nametoaddrinfo(s1);
2879 if (!res)
2880 bpf_error("invalid ip6 address %s", s1);
2881 if (res->ai_next)
2882 bpf_error("%s resolved to multiple address", s1);
2883 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr;
2884
2885 if (sizeof(mask) * 8 < masklen)
2886 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8));
2887 memset(&mask, 0xff, masklen / 8);
2888 if (masklen % 8) {
2889 mask.s6_addr[masklen / 8] =
2890 (0xff << (8 - masklen % 8)) & 0xff;
2891 }
2892
2893 a = (u_int32_t *)addr;
2894 m = (u_int32_t *)&mask;
2895 if ((a[0] & ~m[0]) || (a[1] & ~m[1])
2896 || (a[2] & ~m[2]) || (a[3] & ~m[3])) {
2897 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen);
2898 }
2899
2900 switch (q.addr) {
2901
2902 case Q_DEFAULT:
2903 case Q_HOST:
2904 if (masklen != 128)
2905 bpf_error("Mask syntax for networks only");
2906 /* FALLTHROUGH */
2907
2908 case Q_NET:
2909 b = gen_host6(addr, &mask, q.proto, q.dir);
2910 freeaddrinfo(res);
2911 return b;
2912
2913 default:
2914 bpf_error("invalid qualifier against IPv6 address");
2915 /* NOTREACHED */
2916 }
2917 }
2918 #endif /*INET6*/
2919
2920 struct block *
2921 gen_ecode(eaddr, q)
2922 register const u_char *eaddr;
2923 struct qual q;
2924 {
2925 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
2926 if (linktype == DLT_EN10MB)
2927 return gen_ehostop(eaddr, (int)q.dir);
2928 if (linktype == DLT_FDDI)
2929 return gen_fhostop(eaddr, (int)q.dir);
2930 if (linktype == DLT_IEEE802)
2931 return gen_thostop(eaddr, (int)q.dir);
2932 bpf_error("ethernet addresses supported only on ethernet, FDDI or token ring");
2933 }
2934 bpf_error("ethernet address used in non-ether expression");
2935 /* NOTREACHED */
2936 }
2937
2938 void
2939 sappend(s0, s1)
2940 struct slist *s0, *s1;
2941 {
2942 /*
2943 * This is definitely not the best way to do this, but the
2944 * lists will rarely get long.
2945 */
2946 while (s0->next)
2947 s0 = s0->next;
2948 s0->next = s1;
2949 }
2950
2951 static struct slist *
2952 xfer_to_x(a)
2953 struct arth *a;
2954 {
2955 struct slist *s;
2956
2957 s = new_stmt(BPF_LDX|BPF_MEM);
2958 s->s.k = a->regno;
2959 return s;
2960 }
2961
2962 static struct slist *
2963 xfer_to_a(a)
2964 struct arth *a;
2965 {
2966 struct slist *s;
2967
2968 s = new_stmt(BPF_LD|BPF_MEM);
2969 s->s.k = a->regno;
2970 return s;
2971 }
2972
2973 struct arth *
2974 gen_load(proto, index, size)
2975 int proto;
2976 struct arth *index;
2977 int size;
2978 {
2979 struct slist *s, *tmp;
2980 struct block *b;
2981 int regno = alloc_reg();
2982
2983 free_reg(index->regno);
2984 switch (size) {
2985
2986 default:
2987 bpf_error("data size must be 1, 2, or 4");
2988
2989 case 1:
2990 size = BPF_B;
2991 break;
2992
2993 case 2:
2994 size = BPF_H;
2995 break;
2996
2997 case 4:
2998 size = BPF_W;
2999 break;
3000 }
3001 switch (proto) {
3002 default:
3003 bpf_error("unsupported index operation");
3004
3005 case Q_LINK:
3006 s = xfer_to_x(index);
3007 tmp = new_stmt(BPF_LD|BPF_IND|size);
3008 sappend(s, tmp);
3009 sappend(index->s, s);
3010 break;
3011
3012 case Q_IP:
3013 case Q_ARP:
3014 case Q_RARP:
3015 case Q_ATALK:
3016 case Q_DECNET:
3017 case Q_SCA:
3018 case Q_LAT:
3019 case Q_MOPRC:
3020 case Q_MOPDL:
3021 #ifdef INET6
3022 case Q_IPV6:
3023 #endif
3024 /* XXX Note that we assume a fixed link header here. */
3025 s = xfer_to_x(index);
3026 tmp = new_stmt(BPF_LD|BPF_IND|size);
3027 tmp->s.k = off_nl;
3028 sappend(s, tmp);
3029 sappend(index->s, s);
3030
3031 b = gen_proto_abbrev(proto);
3032 if (index->b)
3033 gen_and(index->b, b);
3034 index->b = b;
3035 break;
3036
3037 case Q_TCP:
3038 case Q_UDP:
3039 case Q_ICMP:
3040 case Q_IGMP:
3041 case Q_IGRP:
3042 case Q_PIM:
3043 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
3044 s->s.k = off_nl;
3045 sappend(s, xfer_to_a(index));
3046 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X));
3047 sappend(s, new_stmt(BPF_MISC|BPF_TAX));
3048 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size));
3049 tmp->s.k = off_nl;
3050 sappend(index->s, s);
3051
3052 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag());
3053 if (index->b)
3054 gen_and(index->b, b);
3055 #ifdef INET6
3056 gen_and(gen_proto_abbrev(Q_IP), b);
3057 #endif
3058 index->b = b;
3059 break;
3060 #ifdef INET6
3061 case Q_ICMPV6:
3062 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]");
3063 /*NOTREACHED*/
3064 #endif
3065 }
3066 index->regno = regno;
3067 s = new_stmt(BPF_ST);
3068 s->s.k = regno;
3069 sappend(index->s, s);
3070
3071 return index;
3072 }
3073
3074 struct block *
3075 gen_relation(code, a0, a1, reversed)
3076 int code;
3077 struct arth *a0, *a1;
3078 int reversed;
3079 {
3080 struct slist *s0, *s1, *s2;
3081 struct block *b, *tmp;
3082
3083 s0 = xfer_to_x(a1);
3084 s1 = xfer_to_a(a0);
3085 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X);
3086 b = new_block(JMP(code));
3087 if (code == BPF_JGT || code == BPF_JGE) {
3088 reversed = !reversed;
3089 b->s.k = 0x80000000;
3090 }
3091 if (reversed)
3092 gen_not(b);
3093
3094 sappend(s1, s2);
3095 sappend(s0, s1);
3096 sappend(a1->s, s0);
3097 sappend(a0->s, a1->s);
3098
3099 b->stmts = a0->s;
3100
3101 free_reg(a0->regno);
3102 free_reg(a1->regno);
3103
3104 /* 'and' together protocol checks */
3105 if (a0->b) {
3106 if (a1->b) {
3107 gen_and(a0->b, tmp = a1->b);
3108 }
3109 else
3110 tmp = a0->b;
3111 } else
3112 tmp = a1->b;
3113
3114 if (tmp)
3115 gen_and(tmp, b);
3116
3117 return b;
3118 }
3119
3120 struct arth *
3121 gen_loadlen()
3122 {
3123 int regno = alloc_reg();
3124 struct arth *a = (struct arth *)newchunk(sizeof(*a));
3125 struct slist *s;
3126
3127 s = new_stmt(BPF_LD|BPF_LEN);
3128 s->next = new_stmt(BPF_ST);
3129 s->next->s.k = regno;
3130 a->s = s;
3131 a->regno = regno;
3132
3133 return a;
3134 }
3135
3136 struct arth *
3137 gen_loadi(val)
3138 int val;
3139 {
3140 struct arth *a;
3141 struct slist *s;
3142 int reg;
3143
3144 a = (struct arth *)newchunk(sizeof(*a));
3145
3146 reg = alloc_reg();
3147
3148 s = new_stmt(BPF_LD|BPF_IMM);
3149 s->s.k = val;
3150 s->next = new_stmt(BPF_ST);
3151 s->next->s.k = reg;
3152 a->s = s;
3153 a->regno = reg;
3154
3155 return a;
3156 }
3157
3158 struct arth *
3159 gen_neg(a)
3160 struct arth *a;
3161 {
3162 struct slist *s;
3163
3164 s = xfer_to_a(a);
3165 sappend(a->s, s);
3166 s = new_stmt(BPF_ALU|BPF_NEG);
3167 s->s.k = 0;
3168 sappend(a->s, s);
3169 s = new_stmt(BPF_ST);
3170 s->s.k = a->regno;
3171 sappend(a->s, s);
3172
3173 return a;
3174 }
3175
3176 struct arth *
3177 gen_arth(code, a0, a1)
3178 int code;
3179 struct arth *a0, *a1;
3180 {
3181 struct slist *s0, *s1, *s2;
3182
3183 s0 = xfer_to_x(a1);
3184 s1 = xfer_to_a(a0);
3185 s2 = new_stmt(BPF_ALU|BPF_X|code);
3186
3187 sappend(s1, s2);
3188 sappend(s0, s1);
3189 sappend(a1->s, s0);
3190 sappend(a0->s, a1->s);
3191
3192 free_reg(a1->regno);
3193
3194 s0 = new_stmt(BPF_ST);
3195 a0->regno = s0->s.k = alloc_reg();
3196 sappend(a0->s, s0);
3197
3198 return a0;
3199 }
3200
3201 /*
3202 * Here we handle simple allocation of the scratch registers.
3203 * If too many registers are alloc'd, the allocator punts.
3204 */
3205 static int regused[BPF_MEMWORDS];
3206 static int curreg;
3207
3208 /*
3209 * Return the next free register.
3210 */
3211 static int
3212 alloc_reg()
3213 {
3214 int n = BPF_MEMWORDS;
3215
3216 while (--n >= 0) {
3217 if (regused[curreg])
3218 curreg = (curreg + 1) % BPF_MEMWORDS;
3219 else {
3220 regused[curreg] = 1;
3221 return curreg;
3222 }
3223 }
3224 bpf_error("too many registers needed to evaluate expression");
3225 /* NOTREACHED */
3226 }
3227
3228 /*
3229 * Return a register to the table so it can
3230 * be used later.
3231 */
3232 static void
3233 free_reg(n)
3234 int n;
3235 {
3236 regused[n] = 0;
3237 }
3238
3239 static struct block *
3240 gen_len(jmp, n)
3241 int jmp, n;
3242 {
3243 struct slist *s;
3244 struct block *b;
3245
3246 s = new_stmt(BPF_LD|BPF_LEN);
3247 b = new_block(JMP(jmp));
3248 b->stmts = s;
3249 b->s.k = n;
3250
3251 return b;
3252 }
3253
3254 struct block *
3255 gen_greater(n)
3256 int n;
3257 {
3258 return gen_len(BPF_JGE, n);
3259 }
3260
3261 /*
3262 * Actually, this is less than or equal.
3263 */
3264 struct block *
3265 gen_less(n)
3266 int n;
3267 {
3268 struct block *b;
3269
3270 b = gen_len(BPF_JGT, n);
3271 gen_not(b);
3272
3273 return b;
3274 }
3275
3276 struct block *
3277 gen_byteop(op, idx, val)
3278 int op, idx, val;
3279 {
3280 struct block *b;
3281 struct slist *s;
3282
3283 switch (op) {
3284 default:
3285 abort();
3286
3287 case '=':
3288 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
3289
3290 case '<':
3291 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
3292 b->s.code = JMP(BPF_JGE);
3293 gen_not(b);
3294 return b;
3295
3296 case '>':
3297 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
3298 b->s.code = JMP(BPF_JGT);
3299 return b;
3300
3301 case '|':
3302 s = new_stmt(BPF_ALU|BPF_OR|BPF_K);
3303 break;
3304
3305 case '&':
3306 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
3307 break;
3308 }
3309 s->s.k = val;
3310 b = new_block(JMP(BPF_JEQ));
3311 b->stmts = s;
3312 gen_not(b);
3313
3314 return b;
3315 }
3316
3317 struct block *
3318 gen_broadcast(proto)
3319 int proto;
3320 {
3321 bpf_u_int32 hostmask;
3322 struct block *b0, *b1, *b2;
3323 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
3324
3325 switch (proto) {
3326
3327 case Q_DEFAULT:
3328 case Q_LINK:
3329 if (linktype == DLT_EN10MB)
3330 return gen_ehostop(ebroadcast, Q_DST);
3331 if (linktype == DLT_FDDI)
3332 return gen_fhostop(ebroadcast, Q_DST);
3333 if (linktype == DLT_IEEE802)
3334 return gen_thostop(ebroadcast, Q_DST);
3335 bpf_error("not a broadcast link");
3336 break;
3337
3338 case Q_IP:
3339 b0 = gen_linktype(ETHERTYPE_IP);
3340 hostmask = ~netmask;
3341 b1 = gen_mcmp(off_nl + 16, BPF_W, (bpf_int32)0, hostmask);
3342 b2 = gen_mcmp(off_nl + 16, BPF_W,
3343 (bpf_int32)(~0 & hostmask), hostmask);
3344 gen_or(b1, b2);
3345 gen_and(b0, b2);
3346 return b2;
3347 }
3348 bpf_error("only ether/ip broadcast filters supported");
3349 }
3350
3351 struct block *
3352 gen_multicast(proto)
3353 int proto;
3354 {
3355 register struct block *b0, *b1;
3356 register struct slist *s;
3357
3358 switch (proto) {
3359
3360 case Q_DEFAULT:
3361 case Q_LINK:
3362 if (linktype == DLT_EN10MB) {
3363 /* ether[0] & 1 != 0 */
3364 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
3365 s->s.k = 0;
3366 b0 = new_block(JMP(BPF_JSET));
3367 b0->s.k = 1;
3368 b0->stmts = s;
3369 return b0;
3370 }
3371
3372 if (linktype == DLT_FDDI) {
3373 /* XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX */
3374 /* fddi[1] & 1 != 0 */
3375 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
3376 s->s.k = 1;
3377 b0 = new_block(JMP(BPF_JSET));
3378 b0->s.k = 1;
3379 b0->stmts = s;
3380 return b0;
3381 }
3382
3383 /* TODO - check how token ring handles multicast */
3384 /* if (linktype == DLT_IEEE802) ... */
3385
3386 /* Link not known to support multicasts */
3387 break;
3388
3389 case Q_IP:
3390 b0 = gen_linktype(ETHERTYPE_IP);
3391 b1 = gen_cmp(off_nl + 16, BPF_B, (bpf_int32)224);
3392 b1->s.code = JMP(BPF_JGE);
3393 gen_and(b0, b1);
3394 return b1;
3395
3396 #ifdef INET6
3397 case Q_IPV6:
3398 b0 = gen_linktype(ETHERTYPE_IPV6);
3399 b1 = gen_cmp(off_nl + 24, BPF_B, (bpf_int32)255);
3400 gen_and(b0, b1);
3401 return b1;
3402 #endif /* INET6 */
3403 }
3404 bpf_error("only IP multicast filters supported on ethernet/FDDI");
3405 }
3406
3407 /*
3408 * generate command for inbound/outbound. It's here so we can
3409 * make it link-type specific. 'dir' = 0 implies "inbound",
3410 * = 1 implies "outbound".
3411 */
3412 struct block *
3413 gen_inbound(dir)
3414 int dir;
3415 {
3416 register struct block *b0;
3417
3418 /*
3419 * Only some data link types support inbound/outbound qualifiers.
3420 */
3421 switch (linktype) {
3422 case DLT_SLIP:
3423 case DLT_PPP:
3424 b0 = gen_relation(BPF_JEQ,
3425 gen_load(Q_LINK, gen_loadi(0), 1),
3426 gen_loadi(0),
3427 dir);
3428 break;
3429
3430 default:
3431 bpf_error("inbound/outbound not supported on linktype %d\n",
3432 linktype);
3433 b0 = NULL;
3434 /* NOTREACHED */
3435 }
3436 return (b0);
3437 }
3438
3439 /*
3440 * support IEEE 802.1Q VLAN trunk over ethernet
3441 */
3442 struct block *
3443 gen_vlan(vlan_num)
3444 int vlan_num;
3445 {
3446 static u_int orig_linktype = -1, orig_nl = -1;
3447 struct block *b0;
3448
3449 /*
3450 * Change the offsets to point to the type and data fields within
3451 * the VLAN packet. This is somewhat of a kludge.
3452 */
3453 if (orig_nl == (u_int)-1) {
3454 orig_linktype = off_linktype; /* save original values */
3455 orig_nl = off_nl;
3456
3457 switch (linktype) {
3458
3459 case DLT_EN10MB:
3460 off_linktype = 16;
3461 off_nl = 18;
3462 break;
3463
3464 default:
3465 bpf_error("no VLAN support for data link type %d",
3466 linktype);
3467 /*NOTREACHED*/
3468 }
3469 }
3470
3471 /* check for VLAN */
3472 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q);
3473
3474 /* If a specific VLAN is requested, check VLAN id */
3475 if (vlan_num >= 0) {
3476 struct block *b1;
3477
3478 b1 = gen_cmp(orig_nl, BPF_H, (bpf_int32)vlan_num);
3479 gen_and(b0, b1);
3480 b0 = b1;
3481 }
3482
3483 return (b0);
3484 }
[mirror] the LIBpcap interface to various kernel packet capture mechanism