]> The Tcpdump Group git mirrors - libpcap/blob - gencode.c
projects / libpcap / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Add a routine to generate code to load a value relative to the beginning
[libpcap] / gencode.c
1 /*#define CHASE_CHAIN*/
2 /*
3 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998
4 * The Regents of the University of California. All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that: (1) source code distributions
8 * retain the above copyright notice and this paragraph in its entirety, (2)
9 * distributions including binary code include the above copyright notice and
10 * this paragraph in its entirety in the documentation or other materials
11 * provided with the distribution, and (3) all advertising materials mentioning
12 * features or use of this software display the following acknowledgement:
13 * ``This product includes software developed by the University of California,
14 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
15 * the University nor the names of its contributors may be used to endorse
16 * or promote products derived from this software without specific prior
17 * written permission.
18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
19 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
20 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
21 */
22 #ifndef lint
23 static const char rcsid[] _U_ =
24 "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.236 2005-05-01 00:55:42 guy Exp $ (LBL)";
25 #endif
26
27 #ifdef HAVE_CONFIG_H
28 #include "config.h"
29 #endif
30
31 #ifdef WIN32
32 #include <pcap-stdinc.h>
33 #else /* WIN32 */
34 #include <sys/types.h>
35 #include <sys/socket.h>
36 #endif /* WIN32 */
37
38 /*
39 * XXX - why was this included even on UNIX?
40 */
41 #ifdef __MINGW32__
42 #include "IP6_misc.h"
43 #endif
44
45 #ifndef WIN32
46
47 #ifdef __NetBSD__
48 #include <sys/param.h>
49 #endif
50
51 #include <netinet/in.h>
52
53 #endif /* WIN32 */
54
55 #include <stdlib.h>
56 #include <string.h>
57 #include <memory.h>
58 #include <setjmp.h>
59 #include <stdarg.h>
60
61 #ifdef MSDOS
62 #include "pcap-dos.h"
63 #endif
64
65 #include "pcap-int.h"
66
67 #include "ethertype.h"
68 #include "nlpid.h"
69 #include "llc.h"
70 #include "gencode.h"
71 #include "atmuni31.h"
72 #include "sunatmpos.h"
73 #include "ppp.h"
74 #include "sll.h"
75 #include "arcnet.h"
76 #include "pf.h"
77 #ifndef offsetof
78 #define offsetof(s, e) ((size_t)&((s *)0)->e)
79 #endif
80 #ifdef INET6
81 #ifndef WIN32
82 #include <netdb.h> /* for "struct addrinfo" */
83 #endif /* WIN32 */
84 #endif /*INET6*/
85 #include <pcap-namedb.h>
86
87 #define ETHERMTU 1500
88
89 #ifndef IPPROTO_SCTP
90 #define IPPROTO_SCTP 132
91 #endif
92
93 #ifdef HAVE_OS_PROTO_H
94 #include "os-proto.h"
95 #endif
96
97 #define JMP(c) ((c)|BPF_JMP|BPF_K)
98
99 /* Locals */
100 static jmp_buf top_ctx;
101 static pcap_t *bpf_pcap;
102
103 /* Hack for updating VLAN, MPLS offsets. */
104 static u_int orig_linktype = -1U, orig_nl = -1U;
105
106 /* XXX */
107 #ifdef PCAP_FDDIPAD
108 static int pcap_fddipad;
109 #endif
110
111 /* VARARGS */
112 void
113 bpf_error(const char *fmt, ...)
114 {
115 va_list ap;
116
117 va_start(ap, fmt);
118 if (bpf_pcap != NULL)
119 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE,
120 fmt, ap);
121 va_end(ap);
122 longjmp(top_ctx, 1);
123 /* NOTREACHED */
124 }
125
126 static void init_linktype(pcap_t *);
127
128 static int alloc_reg(void);
129 static void free_reg(int);
130
131 static struct block *root;
132
133 /*
134 * We divy out chunks of memory rather than call malloc each time so
135 * we don't have to worry about leaking memory. It's probably
136 * not a big deal if all this memory was wasted but if this ever
137 * goes into a library that would probably not be a good idea.
138 *
139 * XXX - this *is* in a library....
140 */
141 #define NCHUNKS 16
142 #define CHUNK0SIZE 1024
143 struct chunk {
144 u_int n_left;
145 void *m;
146 };
147
148 static struct chunk chunks[NCHUNKS];
149 static int cur_chunk;
150
151 static void *newchunk(u_int);
152 static void freechunks(void);
153 static inline struct block *new_block(int);
154 static inline struct slist *new_stmt(int);
155 static struct block *gen_retblk(int);
156 static inline void syntax(void);
157
158 static void backpatch(struct block *, struct block *);
159 static void merge(struct block *, struct block *);
160 static struct block *gen_cmp(u_int, u_int, bpf_int32);
161 static struct block *gen_cmp_gt(u_int, u_int, bpf_int32);
162 static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32);
163 static struct block *gen_bcmp(u_int, u_int, const u_char *);
164 static struct block *gen_ncmp(bpf_u_int32, bpf_u_int32, bpf_u_int32,
165 bpf_u_int32, bpf_u_int32, int);
166 static struct slist *gen_load_llrel(u_int, u_int);
167 static struct slist *gen_load_nlrel(u_int, u_int);
168 static struct slist *gen_load_ipv4tlrel(u_int, u_int);
169 #ifdef INET6
170 static struct slist *gen_load_ipv6tlrel(u_int, u_int);
171 #endif
172 static struct block *gen_uncond(int);
173 static inline struct block *gen_true(void);
174 static inline struct block *gen_false(void);
175 static struct block *gen_ether_linktype(int);
176 static struct block *gen_linux_sll_linktype(int);
177 static struct block *gen_linktype(int);
178 static struct block *gen_snap(bpf_u_int32, bpf_u_int32, u_int);
179 static struct block *gen_llc_linktype(int);
180 static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int);
181 #ifdef INET6
182 static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int);
183 #endif
184 static struct block *gen_ahostop(const u_char *, int);
185 static struct block *gen_ehostop(const u_char *, int);
186 static struct block *gen_fhostop(const u_char *, int);
187 static struct block *gen_thostop(const u_char *, int);
188 static struct block *gen_wlanhostop(const u_char *, int);
189 static struct block *gen_ipfchostop(const u_char *, int);
190 static struct block *gen_dnhostop(bpf_u_int32, int, u_int);
191 static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int);
192 #ifdef INET6
193 static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int);
194 #endif
195 #ifndef INET6
196 static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int);
197 #endif
198 static struct block *gen_ipfrag(void);
199 static struct block *gen_portatom(int, bpf_int32);
200 static struct block *gen_portrangeatom(int, bpf_int32, bpf_int32);
201 #ifdef INET6
202 static struct block *gen_portatom6(int, bpf_int32);
203 static struct block *gen_portrangeatom6(int, bpf_int32, bpf_int32);
204 #endif
205 struct block *gen_portop(int, int, int);
206 static struct block *gen_port(int, int, int);
207 struct block *gen_portrangeop(int, int, int, int);
208 static struct block *gen_portrange(int, int, int, int);
209 #ifdef INET6
210 struct block *gen_portop6(int, int, int);
211 static struct block *gen_port6(int, int, int);
212 struct block *gen_portrangeop6(int, int, int, int);
213 static struct block *gen_portrange6(int, int, int, int);
214 #endif
215 static int lookup_proto(const char *, int);
216 static struct block *gen_protochain(int, int, int);
217 static struct block *gen_proto(int, int, int);
218 static struct slist *xfer_to_x(struct arth *);
219 static struct slist *xfer_to_a(struct arth *);
220 static struct block *gen_mac_multicast(int);
221 static struct block *gen_len(int, int);
222
223 static struct block *gen_msg_abbrev(int type);
224
225 static void *
226 newchunk(n)
227 u_int n;
228 {
229 struct chunk *cp;
230 int k;
231 size_t size;
232
233 #ifndef __NetBSD__
234 /* XXX Round up to nearest long. */
235 n = (n + sizeof(long) - 1) & ~(sizeof(long) - 1);
236 #else
237 /* XXX Round up to structure boundary. */
238 n = ALIGN(n);
239 #endif
240
241 cp = &chunks[cur_chunk];
242 if (n > cp->n_left) {
243 ++cp, k = ++cur_chunk;
244 if (k >= NCHUNKS)
245 bpf_error("out of memory");
246 size = CHUNK0SIZE << k;
247 cp->m = (void *)malloc(size);
248 if (cp->m == NULL)
249 bpf_error("out of memory");
250 memset((char *)cp->m, 0, size);
251 cp->n_left = size;
252 if (n > size)
253 bpf_error("out of memory");
254 }
255 cp->n_left -= n;
256 return (void *)((char *)cp->m + cp->n_left);
257 }
258
259 static void
260 freechunks()
261 {
262 int i;
263
264 cur_chunk = 0;
265 for (i = 0; i < NCHUNKS; ++i)
266 if (chunks[i].m != NULL) {
267 free(chunks[i].m);
268 chunks[i].m = NULL;
269 }
270 }
271
272 /*
273 * A strdup whose allocations are freed after code generation is over.
274 */
275 char *
276 sdup(s)
277 register const char *s;
278 {
279 int n = strlen(s) + 1;
280 char *cp = newchunk(n);
281
282 strlcpy(cp, s, n);
283 return (cp);
284 }
285
286 static inline struct block *
287 new_block(code)
288 int code;
289 {
290 struct block *p;
291
292 p = (struct block *)newchunk(sizeof(*p));
293 p->s.code = code;
294 p->head = p;
295
296 return p;
297 }
298
299 static inline struct slist *
300 new_stmt(code)
301 int code;
302 {
303 struct slist *p;
304
305 p = (struct slist *)newchunk(sizeof(*p));
306 p->s.code = code;
307
308 return p;
309 }
310
311 static struct block *
312 gen_retblk(v)
313 int v;
314 {
315 struct block *b = new_block(BPF_RET|BPF_K);
316
317 b->s.k = v;
318 return b;
319 }
320
321 static inline void
322 syntax()
323 {
324 bpf_error("syntax error in filter expression");
325 }
326
327 static bpf_u_int32 netmask;
328 static int snaplen;
329 int no_optimize;
330
331 int
332 pcap_compile(pcap_t *p, struct bpf_program *program,
333 char *buf, int optimize, bpf_u_int32 mask)
334 {
335 extern int n_errors;
336 int len;
337
338 no_optimize = 0;
339 n_errors = 0;
340 root = NULL;
341 bpf_pcap = p;
342 if (setjmp(top_ctx)) {
343 lex_cleanup();
344 freechunks();
345 return (-1);
346 }
347
348 netmask = mask;
349
350 snaplen = pcap_snapshot(p);
351 if (snaplen == 0) {
352 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
353 "snaplen of 0 rejects all packets");
354 return -1;
355 }
356
357 lex_init(buf ? buf : "");
358 init_linktype(p);
359 (void)pcap_parse();
360
361 if (n_errors)
362 syntax();
363
364 if (root == NULL)
365 root = gen_retblk(snaplen);
366
367 if (optimize && !no_optimize) {
368 bpf_optimize(&root);
369 if (root == NULL ||
370 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0))
371 bpf_error("expression rejects all packets");
372 }
373 program->bf_insns = icode_to_fcode(root, &len);
374 program->bf_len = len;
375
376 lex_cleanup();
377 freechunks();
378 return (0);
379 }
380
381 /*
382 * entry point for using the compiler with no pcap open
383 * pass in all the stuff that is needed explicitly instead.
384 */
385 int
386 pcap_compile_nopcap(int snaplen_arg, int linktype_arg,
387 struct bpf_program *program,
388 char *buf, int optimize, bpf_u_int32 mask)
389 {
390 pcap_t *p;
391 int ret;
392
393 p = pcap_open_dead(linktype_arg, snaplen_arg);
394 if (p == NULL)
395 return (-1);
396 ret = pcap_compile(p, program, buf, optimize, mask);
397 pcap_close(p);
398 return (ret);
399 }
400
401 /*
402 * Clean up a "struct bpf_program" by freeing all the memory allocated
403 * in it.
404 */
405 void
406 pcap_freecode(struct bpf_program *program)
407 {
408 program->bf_len = 0;
409 if (program->bf_insns != NULL) {
410 free((char *)program->bf_insns);
411 program->bf_insns = NULL;
412 }
413 }
414
415 /*
416 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates
417 * which of the jt and jf fields has been resolved and which is a pointer
418 * back to another unresolved block (or nil). At least one of the fields
419 * in each block is already resolved.
420 */
421 static void
422 backpatch(list, target)
423 struct block *list, *target;
424 {
425 struct block *next;
426
427 while (list) {
428 if (!list->sense) {
429 next = JT(list);
430 JT(list) = target;
431 } else {
432 next = JF(list);
433 JF(list) = target;
434 }
435 list = next;
436 }
437 }
438
439 /*
440 * Merge the lists in b0 and b1, using the 'sense' field to indicate
441 * which of jt and jf is the link.
442 */
443 static void
444 merge(b0, b1)
445 struct block *b0, *b1;
446 {
447 register struct block **p = &b0;
448
449 /* Find end of list. */
450 while (*p)
451 p = !((*p)->sense) ? &JT(*p) : &JF(*p);
452
453 /* Concatenate the lists. */
454 *p = b1;
455 }
456
457 void
458 finish_parse(p)
459 struct block *p;
460 {
461 backpatch(p, gen_retblk(snaplen));
462 p->sense = !p->sense;
463 backpatch(p, gen_retblk(0));
464 root = p->head;
465 }
466
467 void
468 gen_and(b0, b1)
469 struct block *b0, *b1;
470 {
471 backpatch(b0, b1->head);
472 b0->sense = !b0->sense;
473 b1->sense = !b1->sense;
474 merge(b1, b0);
475 b1->sense = !b1->sense;
476 b1->head = b0->head;
477 }
478
479 void
480 gen_or(b0, b1)
481 struct block *b0, *b1;
482 {
483 b0->sense = !b0->sense;
484 backpatch(b0, b1->head);
485 b0->sense = !b0->sense;
486 merge(b1, b0);
487 b1->head = b0->head;
488 }
489
490 void
491 gen_not(b)
492 struct block *b;
493 {
494 b->sense = !b->sense;
495 }
496
497 static struct block *
498 gen_cmp(offset, size, v)
499 u_int offset, size;
500 bpf_int32 v;
501 {
502 struct slist *s;
503 struct block *b;
504
505 s = gen_load_llrel(offset, size);
506
507 b = new_block(JMP(BPF_JEQ));
508 b->stmts = s;
509 b->s.k = v;
510
511 return b;
512 }
513
514 static struct block *
515 gen_cmp_gt(offset, size, v)
516 u_int offset, size;
517 bpf_int32 v;
518 {
519 struct slist *s;
520 struct block *b;
521
522 s = gen_load_llrel(offset, size);
523
524 b = new_block(JMP(BPF_JGT));
525 b->stmts = s;
526 b->s.k = v;
527
528 return b;
529 }
530
531 static struct block *
532 gen_mcmp(offset, size, v, mask)
533 u_int offset, size;
534 bpf_int32 v;
535 bpf_u_int32 mask;
536 {
537 struct block *b = gen_cmp(offset, size, v);
538 struct slist *s;
539
540 if (mask != 0xffffffff) {
541 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
542 s->s.k = mask;
543 b->stmts->next = s;
544 }
545 return b;
546 }
547
548 static struct block *
549 gen_bcmp(offset, size, v)
550 register u_int offset, size;
551 register const u_char *v;
552 {
553 register struct block *b, *tmp;
554
555 b = NULL;
556 while (size >= 4) {
557 register const u_char *p = &v[size - 4];
558 bpf_int32 w = ((bpf_int32)p[0] << 24) |
559 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3];
560
561 tmp = gen_cmp(offset + size - 4, BPF_W, w);
562 if (b != NULL)
563 gen_and(b, tmp);
564 b = tmp;
565 size -= 4;
566 }
567 while (size >= 2) {
568 register const u_char *p = &v[size - 2];
569 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1];
570
571 tmp = gen_cmp(offset + size - 2, BPF_H, w);
572 if (b != NULL)
573 gen_and(b, tmp);
574 b = tmp;
575 size -= 2;
576 }
577 if (size > 0) {
578 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]);
579 if (b != NULL)
580 gen_and(b, tmp);
581 b = tmp;
582 }
583 return b;
584 }
585
586 static struct block *
587 gen_ncmp(datasize, offset, mask, jtype, jvalue, reverse)
588 bpf_u_int32 datasize, offset, mask, jtype, jvalue;
589 int reverse;
590 {
591 struct slist *s;
592 struct block *b;
593
594 s = new_stmt(BPF_LD|datasize|BPF_ABS);
595 s->s.k = offset;
596
597 if (mask != 0xffffffff) {
598 s->next = new_stmt(BPF_ALU|BPF_AND|BPF_K);
599 s->next->s.k = mask;
600 }
601
602 b = new_block(JMP(jtype));
603 b->stmts = s;
604 b->s.k = jvalue;
605 if (reverse && (jtype == BPF_JGT || jtype == BPF_JGE))
606 gen_not(b);
607 return b;
608 }
609
610 /*
611 * Various code constructs need to know the layout of the data link
612 * layer. These variables give the necessary offsets.
613 */
614
615 /*
616 * This is the offset of the beginning of the MAC-layer header.
617 * It's usually 0, except for ATM LANE.
618 */
619 static u_int off_mac;
620
621 /*
622 * "off_linktype" is the offset to information in the link-layer header
623 * giving the packet type.
624 *
625 * For Ethernet, it's the offset of the Ethernet type field.
626 *
627 * For link-layer types that always use 802.2 headers, it's the
628 * offset of the LLC header.
629 *
630 * For PPP, it's the offset of the PPP type field.
631 *
632 * For Cisco HDLC, it's the offset of the CHDLC type field.
633 *
634 * For BSD loopback, it's the offset of the AF_ value.
635 *
636 * For Linux cooked sockets, it's the offset of the type field.
637 *
638 * It's set to -1 for no encapsulation, in which case, IP is assumed.
639 */
640 static u_int off_linktype;
641
642 /*
643 * TRUE if the link layer includes an ATM pseudo-header.
644 */
645 static int is_atm = 0;
646
647 /*
648 * TRUE if "lane" appeared in the filter; it causes us to generate
649 * code that assumes LANE rather than LLC-encapsulated traffic in SunATM.
650 */
651 static int is_lane = 0;
652
653 /*
654 * These are offsets for the ATM pseudo-header.
655 */
656 static u_int off_vpi;
657 static u_int off_vci;
658 static u_int off_proto;
659
660 /*
661 * This is the offset of the first byte after the ATM pseudo_header,
662 * or -1 if there is no ATM pseudo-header.
663 */
664 static u_int off_payload;
665
666 /*
667 * These are offsets to the beginning of the network-layer header.
668 *
669 * If the link layer never uses 802.2 LLC:
670 *
671 * "off_nl" and "off_nl_nosnap" are the same.
672 *
673 * If the link layer always uses 802.2 LLC:
674 *
675 * "off_nl" is the offset if there's a SNAP header following
676 * the 802.2 header;
677 *
678 * "off_nl_nosnap" is the offset if there's no SNAP header.
679 *
680 * If the link layer is Ethernet:
681 *
682 * "off_nl" is the offset if the packet is an Ethernet II packet
683 * (we assume no 802.3+802.2+SNAP);
684 *
685 * "off_nl_nosnap" is the offset if the packet is an 802.3 packet
686 * with an 802.2 header following it.
687 */
688 static u_int off_nl;
689 static u_int off_nl_nosnap;
690
691 static int linktype;
692
693 static void
694 init_linktype(p)
695 pcap_t *p;
696 {
697 linktype = pcap_datalink(p);
698 #ifdef PCAP_FDDIPAD
699 pcap_fddipad = p->fddipad;
700 #endif
701
702 /*
703 * Assume it's not raw ATM with a pseudo-header, for now.
704 */
705 off_mac = 0;
706 is_atm = 0;
707 is_lane = 0;
708 off_vpi = -1;
709 off_vci = -1;
710 off_proto = -1;
711 off_payload = -1;
712
713 orig_linktype = -1;
714 orig_nl = -1;
715
716 switch (linktype) {
717
718 case DLT_ARCNET:
719 off_linktype = 2;
720 off_nl = 6; /* XXX in reality, variable! */
721 off_nl_nosnap = 6; /* no 802.2 LLC */
722 return;
723
724 case DLT_ARCNET_LINUX:
725 off_linktype = 4;
726 off_nl = 8; /* XXX in reality, variable! */
727 off_nl_nosnap = 8; /* no 802.2 LLC */
728 return;
729
730 case DLT_EN10MB:
731 off_linktype = 12;
732 off_nl = 14; /* Ethernet II */
733 off_nl_nosnap = 17; /* 802.3+802.2 */
734 return;
735
736 case DLT_SLIP:
737 /*
738 * SLIP doesn't have a link level type. The 16 byte
739 * header is hacked into our SLIP driver.
740 */
741 off_linktype = -1;
742 off_nl = 16;
743 off_nl_nosnap = 16; /* no 802.2 LLC */
744 return;
745
746 case DLT_SLIP_BSDOS:
747 /* XXX this may be the same as the DLT_PPP_BSDOS case */
748 off_linktype = -1;
749 /* XXX end */
750 off_nl = 24;
751 off_nl_nosnap = 24; /* no 802.2 LLC */
752 return;
753
754 case DLT_NULL:
755 case DLT_LOOP:
756 off_linktype = 0;
757 off_nl = 4;
758 off_nl_nosnap = 4; /* no 802.2 LLC */
759 return;
760
761 case DLT_ENC:
762 off_linktype = 0;
763 off_nl = 12;
764 off_nl_nosnap = 12; /* no 802.2 LLC */
765 return;
766
767 case DLT_PPP:
768 case DLT_PPP_PPPD:
769 case DLT_C_HDLC: /* BSD/OS Cisco HDLC */
770 case DLT_PPP_SERIAL: /* NetBSD sync/async serial PPP */
771 off_linktype = 2;
772 off_nl = 4;
773 off_nl_nosnap = 4; /* no 802.2 LLC */
774 return;
775
776 case DLT_PPP_ETHER:
777 /*
778 * This does no include the Ethernet header, and
779 * only covers session state.
780 */
781 off_linktype = 6;
782 off_nl = 8;
783 off_nl_nosnap = 8; /* no 802.2 LLC */
784 return;
785
786 case DLT_PPP_BSDOS:
787 off_linktype = 5;
788 off_nl = 24;
789 off_nl_nosnap = 24; /* no 802.2 LLC */
790 return;
791
792 case DLT_FDDI:
793 /*
794 * FDDI doesn't really have a link-level type field.
795 * We set "off_linktype" to the offset of the LLC header.
796 *
797 * To check for Ethernet types, we assume that SSAP = SNAP
798 * is being used and pick out the encapsulated Ethernet type.
799 * XXX - should we generate code to check for SNAP?
800 */
801 off_linktype = 13;
802 #ifdef PCAP_FDDIPAD
803 off_linktype += pcap_fddipad;
804 #endif
805 off_nl = 21; /* FDDI+802.2+SNAP */
806 off_nl_nosnap = 16; /* FDDI+802.2 */
807 #ifdef PCAP_FDDIPAD
808 off_nl += pcap_fddipad;
809 off_nl_nosnap += pcap_fddipad;
810 #endif
811 return;
812
813 case DLT_IEEE802:
814 /*
815 * Token Ring doesn't really have a link-level type field.
816 * We set "off_linktype" to the offset of the LLC header.
817 *
818 * To check for Ethernet types, we assume that SSAP = SNAP
819 * is being used and pick out the encapsulated Ethernet type.
820 * XXX - should we generate code to check for SNAP?
821 *
822 * XXX - the header is actually variable-length.
823 * Some various Linux patched versions gave 38
824 * as "off_linktype" and 40 as "off_nl"; however,
825 * if a token ring packet has *no* routing
826 * information, i.e. is not source-routed, the correct
827 * values are 20 and 22, as they are in the vanilla code.
828 *
829 * A packet is source-routed iff the uppermost bit
830 * of the first byte of the source address, at an
831 * offset of 8, has the uppermost bit set. If the
832 * packet is source-routed, the total number of bytes
833 * of routing information is 2 plus bits 0x1F00 of
834 * the 16-bit value at an offset of 14 (shifted right
835 * 8 - figure out which byte that is).
836 */
837 off_linktype = 14;
838 off_nl = 22; /* Token Ring+802.2+SNAP */
839 off_nl_nosnap = 17; /* Token Ring+802.2 */
840 return;
841
842 case DLT_IEEE802_11:
843 /*
844 * 802.11 doesn't really have a link-level type field.
845 * We set "off_linktype" to the offset of the LLC header.
846 *
847 * To check for Ethernet types, we assume that SSAP = SNAP
848 * is being used and pick out the encapsulated Ethernet type.
849 * XXX - should we generate code to check for SNAP?
850 *
851 * XXX - the header is actually variable-length. We
852 * assume a 24-byte link-layer header, as appears in
853 * data frames in networks with no bridges. If the
854 * fromds and tods 802.11 header bits are both set,
855 * it's actually supposed to be 30 bytes.
856 */
857 off_linktype = 24;
858 off_nl = 32; /* 802.11+802.2+SNAP */
859 off_nl_nosnap = 27; /* 802.11+802.2 */
860 return;
861
862 case DLT_PRISM_HEADER:
863 /*
864 * Same as 802.11, but with an additional header before
865 * the 802.11 header, containing a bunch of additional
866 * information including radio-level information.
867 *
868 * The header is 144 bytes long.
869 *
870 * XXX - same variable-length header problem; at least
871 * the Prism header is fixed-length.
872 */
873 off_linktype = 144+24;
874 off_nl = 144+32; /* Prism+802.11+802.2+SNAP */
875 off_nl_nosnap = 144+27; /* Prism+802.11+802.2 */
876 return;
877
878 case DLT_IEEE802_11_RADIO_AVS:
879 /*
880 * Same as 802.11, but with an additional header before
881 * the 802.11 header, containing a bunch of additional
882 * information including radio-level information.
883 *
884 * The header is 64 bytes long, at least in its
885 * current incarnation.
886 *
887 * XXX - same variable-length header problem, only
888 * more so; this header is also variable-length,
889 * with the length being the 32-bit big-endian
890 * number at an offset of 4 from the beginning
891 * of the radio header.
892 */
893 off_linktype = 64+24;
894 off_nl = 64+32; /* Radio+802.11+802.2+SNAP */
895 off_nl_nosnap = 64+27; /* Radio+802.11+802.2 */
896 return;
897
898 case DLT_IEEE802_11_RADIO:
899 /*
900 * Same as 802.11, but with an additional header before
901 * the 802.11 header, containing a bunch of additional
902 * information including radio-level information.
903 *
904 * XXX - same variable-length header problem, only
905 * even *more* so; this header is also variable-length,
906 * with the length being the 16-bit number at an offset
907 * of 2 from the beginning of the radio header, and it's
908 * device-dependent (different devices might supply
909 * different amounts of information), so we can't even
910 * assume a fixed length for the current version of the
911 * header.
912 *
913 * Therefore, currently, only raw "link[N:M]" filtering is
914 * supported.
915 */
916 off_linktype = -1;
917 off_nl = -1;
918 off_nl_nosnap = -1;
919 return;
920
921 case DLT_ATM_RFC1483:
922 case DLT_ATM_CLIP: /* Linux ATM defines this */
923 /*
924 * assume routed, non-ISO PDUs
925 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00)
926 */
927 off_linktype = 0;
928 off_nl = 8; /* 802.2+SNAP */
929 off_nl_nosnap = 3; /* 802.2 */
930 return;
931
932 case DLT_SUNATM:
933 /*
934 * Full Frontal ATM; you get AALn PDUs with an ATM
935 * pseudo-header.
936 */
937 is_atm = 1;
938 off_vpi = SUNATM_VPI_POS;
939 off_vci = SUNATM_VCI_POS;
940 off_proto = PROTO_POS;
941 off_mac = -1; /* LLC-encapsulated, so no MAC-layer header */
942 off_payload = SUNATM_PKT_BEGIN_POS;
943 off_linktype = off_payload;
944 off_nl = off_payload+8; /* 802.2+SNAP */
945 off_nl_nosnap = off_payload+3; /* 802.2 */
946 return;
947
948 case DLT_RAW:
949 off_linktype = -1;
950 off_nl = 0;
951 off_nl_nosnap = 0; /* no 802.2 LLC */
952 return;
953
954 case DLT_LINUX_SLL: /* fake header for Linux cooked socket */
955 off_linktype = 14;
956 off_nl = 16;
957 off_nl_nosnap = 16; /* no 802.2 LLC */
958 return;
959
960 case DLT_LTALK:
961 /*
962 * LocalTalk does have a 1-byte type field in the LLAP header,
963 * but really it just indicates whether there is a "short" or
964 * "long" DDP packet following.
965 */
966 off_linktype = -1;
967 off_nl = 0;
968 off_nl_nosnap = 0; /* no 802.2 LLC */
969 return;
970
971 case DLT_IP_OVER_FC:
972 /*
973 * RFC 2625 IP-over-Fibre-Channel doesn't really have a
974 * link-level type field. We set "off_linktype" to the
975 * offset of the LLC header.
976 *
977 * To check for Ethernet types, we assume that SSAP = SNAP
978 * is being used and pick out the encapsulated Ethernet type.
979 * XXX - should we generate code to check for SNAP? RFC
980 * 2625 says SNAP should be used.
981 */
982 off_linktype = 16;
983 off_nl = 24; /* IPFC+802.2+SNAP */
984 off_nl_nosnap = 19; /* IPFC+802.2 */
985 return;
986
987 case DLT_FRELAY:
988 /*
989 * XXX - we should set this to handle SNAP-encapsulated
990 * frames (NLPID of 0x80).
991 */
992 off_linktype = -1;
993 off_nl = 0;
994 off_nl_nosnap = 0; /* no 802.2 LLC */
995 return;
996
997 case DLT_APPLE_IP_OVER_IEEE1394:
998 off_linktype = 16;
999 off_nl = 18;
1000 off_nl_nosnap = 18; /* no 802.2 LLC */
1001 return;
1002
1003 case DLT_LINUX_IRDA:
1004 /*
1005 * Currently, only raw "link[N:M]" filtering is supported.
1006 */
1007 off_linktype = -1;
1008 off_nl = -1;
1009 off_nl_nosnap = -1;
1010 return;
1011
1012 case DLT_DOCSIS:
1013 /*
1014 * Currently, only raw "link[N:M]" filtering is supported.
1015 */
1016 off_linktype = -1;
1017 off_nl = -1;
1018 off_nl_nosnap = -1;
1019 return;
1020
1021 case DLT_SYMANTEC_FIREWALL:
1022 off_linktype = 6;
1023 off_nl = 44; /* Ethernet II */
1024 off_nl_nosnap = 44; /* XXX - what does it do with 802.3 packets? */
1025 return;
1026
1027 case DLT_PFLOG:
1028 off_linktype = 0;
1029 /* XXX read this from pf.h? */
1030 off_nl = PFLOG_HDRLEN;
1031 off_nl_nosnap = PFLOG_HDRLEN; /* no 802.2 LLC */
1032 return;
1033
1034 case DLT_JUNIPER_MLFR:
1035 case DLT_JUNIPER_MLPPP:
1036 off_linktype = 4;
1037 off_nl = 4;
1038 off_nl_nosnap = -1; /* no 802.2 LLC */
1039 return;
1040
1041 case DLT_JUNIPER_ATM1:
1042 off_linktype = 4; /* in reality variable between 4-8 */
1043 off_nl = 4;
1044 off_nl_nosnap = 14;
1045 return;
1046
1047 case DLT_JUNIPER_ATM2:
1048 off_linktype = 8; /* in reality variable between 8-12 */
1049 off_nl = 8;
1050 off_nl_nosnap = 18;
1051 return;
1052
1053 #ifdef DLT_PFSYNC
1054 case DLT_PFSYNC:
1055 off_linktype = -1;
1056 off_nl = 4;
1057 off_nl_nosnap = 4;
1058 return;
1059 #endif
1060
1061 case DLT_LINUX_LAPD:
1062 /*
1063 * Currently, only raw "link[N:M]" filtering is supported.
1064 */
1065 off_linktype = -1;
1066 off_nl = -1;
1067 off_nl_nosnap = -1;
1068 return;
1069 }
1070 bpf_error("unknown data link type %d", linktype);
1071 /* NOTREACHED */
1072 }
1073
1074 /*
1075 * Load a value relative to the beginning of the link-layer header.
1076 */
1077 static struct slist *
1078 gen_load_llrel(offset, size)
1079 u_int offset, size;
1080 {
1081 struct slist *s;
1082
1083 s = new_stmt(BPF_LD|BPF_ABS|size);
1084 s->s.k = offset;
1085 return s;
1086 }
1087
1088 /*
1089 * Load a value relative to the beginning of the network-layer header.
1090 */
1091 static struct slist *
1092 gen_load_nlrel(offset, size)
1093 u_int offset, size;
1094 {
1095 return gen_load_llrel(off_nl + offset, size);
1096 }
1097
1098 /*
1099 * Load a value relative to the beginning of the transport-layer header,
1100 * where the network-layer header is an IPv4 header. (This doesn't handle
1101 * AH headers.)
1102 */
1103 static struct slist *
1104 gen_load_ipv4tlrel(offset, size)
1105 u_int offset, size;
1106 {
1107 struct slist *s;
1108
1109 /*
1110 * Load the X register with the length of the IPv4 header,
1111 * in bytes.
1112 */
1113 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
1114 s->s.k = off_nl;
1115
1116 /*
1117 * Load the item at {length of the link-layer header} + {length
1118 * of the IPv4 header} + {specified offset}.
1119 */
1120 s->next = new_stmt(BPF_LD|BPF_IND|size);
1121 s->next->s.k = off_nl + offset;
1122
1123 return s;
1124 }
1125
1126 #ifdef INET6
1127 /*
1128 * Load a value relative to the beginning of the transport-layer header,
1129 * where the network-layer header is an IPv6 header. (This doesn't handle
1130 * extension headers.)
1131 */
1132 static struct slist *
1133 gen_load_ipv6tlrel(offset, size)
1134 u_int offset, size;
1135 {
1136 struct slist *s;
1137
1138 s = gen_load_nlrel(40 + offset, size);
1139 return s;
1140 }
1141 #endif
1142
1143 static struct block *
1144 gen_uncond(rsense)
1145 int rsense;
1146 {
1147 struct block *b;
1148 struct slist *s;
1149
1150 s = new_stmt(BPF_LD|BPF_IMM);
1151 s->s.k = !rsense;
1152 b = new_block(JMP(BPF_JEQ));
1153 b->stmts = s;
1154
1155 return b;
1156 }
1157
1158 static inline struct block *
1159 gen_true()
1160 {
1161 return gen_uncond(1);
1162 }
1163
1164 static inline struct block *
1165 gen_false()
1166 {
1167 return gen_uncond(0);
1168 }
1169
1170 /*
1171 * Byte-swap a 32-bit number.
1172 * ("htonl()" or "ntohl()" won't work - we want to byte-swap even on
1173 * big-endian platforms.)
1174 */
1175 #define SWAPLONG(y) \
1176 ((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff))
1177
1178 /*
1179 * Generate code to match a particular packet type.
1180 *
1181 * "proto" is an Ethernet type value, if > ETHERMTU, or an LLC SAP
1182 * value, if <= ETHERMTU. We use that to determine whether to
1183 * match the type/length field or to check the type/length field for
1184 * a value <= ETHERMTU to see whether it's a type field and then do
1185 * the appropriate test.
1186 */
1187 static struct block *
1188 gen_ether_linktype(proto)
1189 register int proto;
1190 {
1191 struct block *b0, *b1;
1192
1193 switch (proto) {
1194
1195 case LLCSAP_ISONS:
1196 case LLCSAP_IP:
1197 case LLCSAP_NETBEUI:
1198 /*
1199 * OSI protocols and NetBEUI always use 802.2 encapsulation,
1200 * so we check the DSAP and SSAP.
1201 *
1202 * LLCSAP_IP checks for IP-over-802.2, rather
1203 * than IP-over-Ethernet or IP-over-SNAP.
1204 *
1205 * XXX - should we check both the DSAP and the
1206 * SSAP, like this, or should we check just the
1207 * DSAP, as we do for other types <= ETHERMTU
1208 * (i.e., other SAP values)?
1209 */
1210 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1211 gen_not(b0);
1212 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1213 ((proto << 8) | proto));
1214 gen_and(b0, b1);
1215 return b1;
1216
1217 case LLCSAP_IPX:
1218 /*
1219 * Check for;
1220 *
1221 * Ethernet_II frames, which are Ethernet
1222 * frames with a frame type of ETHERTYPE_IPX;
1223 *
1224 * Ethernet_802.3 frames, which are 802.3
1225 * frames (i.e., the type/length field is
1226 * a length field, <= ETHERMTU, rather than
1227 * a type field) with the first two bytes
1228 * after the Ethernet/802.3 header being
1229 * 0xFFFF;
1230 *
1231 * Ethernet_802.2 frames, which are 802.3
1232 * frames with an 802.2 LLC header and
1233 * with the IPX LSAP as the DSAP in the LLC
1234 * header;
1235 *
1236 * Ethernet_SNAP frames, which are 802.3
1237 * frames with an LLC header and a SNAP
1238 * header and with an OUI of 0x000000
1239 * (encapsulated Ethernet) and a protocol
1240 * ID of ETHERTYPE_IPX in the SNAP header.
1241 *
1242 * XXX - should we generate the same code both
1243 * for tests for LLCSAP_IPX and for ETHERTYPE_IPX?
1244 */
1245
1246 /*
1247 * This generates code to check both for the
1248 * IPX LSAP (Ethernet_802.2) and for Ethernet_802.3.
1249 */
1250 b0 = gen_cmp(off_linktype + 2, BPF_B, (bpf_int32)LLCSAP_IPX);
1251 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)0xFFFF);
1252 gen_or(b0, b1);
1253
1254 /*
1255 * Now we add code to check for SNAP frames with
1256 * ETHERTYPE_IPX, i.e. Ethernet_SNAP.
1257 */
1258 b0 = gen_snap(0x000000, ETHERTYPE_IPX, 14);
1259 gen_or(b0, b1);
1260
1261 /*
1262 * Now we generate code to check for 802.3
1263 * frames in general.
1264 */
1265 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1266 gen_not(b0);
1267
1268 /*
1269 * Now add the check for 802.3 frames before the
1270 * check for Ethernet_802.2 and Ethernet_802.3,
1271 * as those checks should only be done on 802.3
1272 * frames, not on Ethernet frames.
1273 */
1274 gen_and(b0, b1);
1275
1276 /*
1277 * Now add the check for Ethernet_II frames, and
1278 * do that before checking for the other frame
1279 * types.
1280 */
1281 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)ETHERTYPE_IPX);
1282 gen_or(b0, b1);
1283 return b1;
1284
1285 case ETHERTYPE_ATALK:
1286 case ETHERTYPE_AARP:
1287 /*
1288 * EtherTalk (AppleTalk protocols on Ethernet link
1289 * layer) may use 802.2 encapsulation.
1290 */
1291
1292 /*
1293 * Check for 802.2 encapsulation (EtherTalk phase 2?);
1294 * we check for an Ethernet type field less than
1295 * 1500, which means it's an 802.3 length field.
1296 */
1297 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1298 gen_not(b0);
1299
1300 /*
1301 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1302 * SNAP packets with an organization code of
1303 * 0x080007 (Apple, for Appletalk) and a protocol
1304 * type of ETHERTYPE_ATALK (Appletalk).
1305 *
1306 * 802.2-encapsulated ETHERTYPE_AARP packets are
1307 * SNAP packets with an organization code of
1308 * 0x000000 (encapsulated Ethernet) and a protocol
1309 * type of ETHERTYPE_AARP (Appletalk ARP).
1310 */
1311 if (proto == ETHERTYPE_ATALK)
1312 b1 = gen_snap(0x080007, ETHERTYPE_ATALK, 14);
1313 else /* proto == ETHERTYPE_AARP */
1314 b1 = gen_snap(0x000000, ETHERTYPE_AARP, 14);
1315 gen_and(b0, b1);
1316
1317 /*
1318 * Check for Ethernet encapsulation (Ethertalk
1319 * phase 1?); we just check for the Ethernet
1320 * protocol type.
1321 */
1322 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1323
1324 gen_or(b0, b1);
1325 return b1;
1326
1327 default:
1328 if (proto <= ETHERMTU) {
1329 /*
1330 * This is an LLC SAP value, so the frames
1331 * that match would be 802.2 frames.
1332 * Check that the frame is an 802.2 frame
1333 * (i.e., that the length/type field is
1334 * a length field, <= ETHERMTU) and
1335 * then check the DSAP.
1336 */
1337 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1338 gen_not(b0);
1339 b1 = gen_cmp(off_linktype + 2, BPF_B, (bpf_int32)proto);
1340 gen_and(b0, b1);
1341 return b1;
1342 } else {
1343 /*
1344 * This is an Ethernet type, so compare
1345 * the length/type field with it (if
1346 * the frame is an 802.2 frame, the length
1347 * field will be <= ETHERMTU, and, as
1348 * "proto" is > ETHERMTU, this test
1349 * will fail and the frame won't match,
1350 * which is what we want).
1351 */
1352 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1353 }
1354 }
1355 }
1356
1357 /*
1358 * Generate code to match a particular packet type.
1359 *
1360 * "proto" is an Ethernet type value, if > ETHERMTU, or an LLC SAP
1361 * value, if <= ETHERMTU. We use that to determine whether to
1362 * match the type field or to check the type field for the special
1363 * LINUX_SLL_P_802_2 value and then do the appropriate test.
1364 */
1365 static struct block *
1366 gen_linux_sll_linktype(proto)
1367 register int proto;
1368 {
1369 struct block *b0, *b1;
1370
1371 switch (proto) {
1372
1373 case LLCSAP_ISONS:
1374 case LLCSAP_IP:
1375 case LLCSAP_NETBEUI:
1376 /*
1377 * OSI protocols and NetBEUI always use 802.2 encapsulation,
1378 * so we check the DSAP and SSAP.
1379 *
1380 * LLCSAP_IP checks for IP-over-802.2, rather
1381 * than IP-over-Ethernet or IP-over-SNAP.
1382 *
1383 * XXX - should we check both the DSAP and the
1384 * SSAP, like this, or should we check just the
1385 * DSAP, as we do for other types <= ETHERMTU
1386 * (i.e., other SAP values)?
1387 */
1388 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1389 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1390 ((proto << 8) | proto));
1391 gen_and(b0, b1);
1392 return b1;
1393
1394 case LLCSAP_IPX:
1395 /*
1396 * Ethernet_II frames, which are Ethernet
1397 * frames with a frame type of ETHERTYPE_IPX;
1398 *
1399 * Ethernet_802.3 frames, which have a frame
1400 * type of LINUX_SLL_P_802_3;
1401 *
1402 * Ethernet_802.2 frames, which are 802.3
1403 * frames with an 802.2 LLC header (i.e, have
1404 * a frame type of LINUX_SLL_P_802_2) and
1405 * with the IPX LSAP as the DSAP in the LLC
1406 * header;
1407 *
1408 * Ethernet_SNAP frames, which are 802.3
1409 * frames with an LLC header and a SNAP
1410 * header and with an OUI of 0x000000
1411 * (encapsulated Ethernet) and a protocol
1412 * ID of ETHERTYPE_IPX in the SNAP header.
1413 *
1414 * First, do the checks on LINUX_SLL_P_802_2
1415 * frames; generate the check for either
1416 * Ethernet_802.2 or Ethernet_SNAP frames, and
1417 * then put a check for LINUX_SLL_P_802_2 frames
1418 * before it.
1419 */
1420 b0 = gen_cmp(off_linktype + 2, BPF_B,
1421 (bpf_int32)LLCSAP_IPX);
1422 b1 = gen_snap(0x000000, ETHERTYPE_IPX,
1423 off_linktype + 2);
1424 gen_or(b0, b1);
1425 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1426 gen_and(b0, b1);
1427
1428 /*
1429 * Now check for 802.3 frames and OR that with
1430 * the previous test.
1431 */
1432 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_3);
1433 gen_or(b0, b1);
1434
1435 /*
1436 * Now add the check for Ethernet_II frames, and
1437 * do that before checking for the other frame
1438 * types.
1439 */
1440 b0 = gen_cmp(off_linktype, BPF_H,
1441 (bpf_int32)ETHERTYPE_IPX);
1442 gen_or(b0, b1);
1443 return b1;
1444
1445 case ETHERTYPE_ATALK:
1446 case ETHERTYPE_AARP:
1447 /*
1448 * EtherTalk (AppleTalk protocols on Ethernet link
1449 * layer) may use 802.2 encapsulation.
1450 */
1451
1452 /*
1453 * Check for 802.2 encapsulation (EtherTalk phase 2?);
1454 * we check for the 802.2 protocol type in the
1455 * "Ethernet type" field.
1456 */
1457 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1458
1459 /*
1460 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1461 * SNAP packets with an organization code of
1462 * 0x080007 (Apple, for Appletalk) and a protocol
1463 * type of ETHERTYPE_ATALK (Appletalk).
1464 *
1465 * 802.2-encapsulated ETHERTYPE_AARP packets are
1466 * SNAP packets with an organization code of
1467 * 0x000000 (encapsulated Ethernet) and a protocol
1468 * type of ETHERTYPE_AARP (Appletalk ARP).
1469 */
1470 if (proto == ETHERTYPE_ATALK)
1471 b1 = gen_snap(0x080007, ETHERTYPE_ATALK,
1472 off_linktype + 2);
1473 else /* proto == ETHERTYPE_AARP */
1474 b1 = gen_snap(0x000000, ETHERTYPE_AARP,
1475 off_linktype + 2);
1476 gen_and(b0, b1);
1477
1478 /*
1479 * Check for Ethernet encapsulation (Ethertalk
1480 * phase 1?); we just check for the Ethernet
1481 * protocol type.
1482 */
1483 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1484
1485 gen_or(b0, b1);
1486 return b1;
1487
1488 default:
1489 if (proto <= ETHERMTU) {
1490 /*
1491 * This is an LLC SAP value, so the frames
1492 * that match would be 802.2 frames.
1493 * Check for the 802.2 protocol type
1494 * in the "Ethernet type" field, and
1495 * then check the DSAP.
1496 */
1497 b0 = gen_cmp(off_linktype, BPF_H,
1498 LINUX_SLL_P_802_2);
1499 b1 = gen_cmp(off_linktype + 2, BPF_B,
1500 (bpf_int32)proto);
1501 gen_and(b0, b1);
1502 return b1;
1503 } else {
1504 /*
1505 * This is an Ethernet type, so compare
1506 * the length/type field with it (if
1507 * the frame is an 802.2 frame, the length
1508 * field will be <= ETHERMTU, and, as
1509 * "proto" is > ETHERMTU, this test
1510 * will fail and the frame won't match,
1511 * which is what we want).
1512 */
1513 return gen_cmp(off_linktype, BPF_H,
1514 (bpf_int32)proto);
1515 }
1516 }
1517 }
1518
1519 /*
1520 * Generate code to match a particular packet type by matching the
1521 * link-layer type field or fields in the 802.2 LLC header.
1522 *
1523 * "proto" is an Ethernet type value, if > ETHERMTU, or an LLC SAP
1524 * value, if <= ETHERMTU.
1525 */
1526 static struct block *
1527 gen_linktype(proto)
1528 register int proto;
1529 {
1530 struct block *b0, *b1, *b2;
1531
1532 switch (linktype) {
1533
1534 case DLT_EN10MB:
1535 return gen_ether_linktype(proto);
1536 /*NOTREACHED*/
1537 break;
1538
1539 case DLT_C_HDLC:
1540 switch (proto) {
1541
1542 case LLCSAP_ISONS:
1543 proto = (proto << 8 | LLCSAP_ISONS);
1544 /* fall through */
1545
1546 default:
1547 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1548 /*NOTREACHED*/
1549 break;
1550 }
1551 break;
1552
1553 case DLT_IEEE802_11:
1554 case DLT_PRISM_HEADER:
1555 case DLT_IEEE802_11_RADIO:
1556 case DLT_FDDI:
1557 case DLT_IEEE802:
1558 case DLT_ATM_RFC1483:
1559 case DLT_ATM_CLIP:
1560 case DLT_IP_OVER_FC:
1561 return gen_llc_linktype(proto);
1562 /*NOTREACHED*/
1563 break;
1564
1565 case DLT_SUNATM:
1566 /*
1567 * If "is_lane" is set, check for a LANE-encapsulated
1568 * version of this protocol, otherwise check for an
1569 * LLC-encapsulated version of this protocol.
1570 *
1571 * We assume LANE means Ethernet, not Token Ring.
1572 */
1573 if (is_lane) {
1574 /*
1575 * Check that the packet doesn't begin with an
1576 * LE Control marker. (We've already generated
1577 * a test for LANE.)
1578 */
1579 b0 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
1580 gen_not(b0);
1581
1582 /*
1583 * Now generate an Ethernet test.
1584 */
1585 b1 = gen_ether_linktype(proto);
1586 gen_and(b0, b1);
1587 return b1;
1588 } else {
1589 /*
1590 * Check for LLC encapsulation and then check the
1591 * protocol.
1592 */
1593 b0 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0);
1594 b1 = gen_llc_linktype(proto);
1595 gen_and(b0, b1);
1596 return b1;
1597 }
1598 /*NOTREACHED*/
1599 break;
1600
1601 case DLT_LINUX_SLL:
1602 return gen_linux_sll_linktype(proto);
1603 /*NOTREACHED*/
1604 break;
1605
1606 case DLT_SLIP:
1607 case DLT_SLIP_BSDOS:
1608 case DLT_RAW:
1609 /*
1610 * These types don't provide any type field; packets
1611 * are always IP.
1612 *
1613 * XXX - for IPv4, check for a version number of 4, and,
1614 * for IPv6, check for a version number of 6?
1615 */
1616 switch (proto) {
1617
1618 case ETHERTYPE_IP:
1619 #ifdef INET6
1620 case ETHERTYPE_IPV6:
1621 #endif
1622 return gen_true(); /* always true */
1623
1624 default:
1625 return gen_false(); /* always false */
1626 }
1627 /*NOTREACHED*/
1628 break;
1629
1630 case DLT_PPP:
1631 case DLT_PPP_PPPD:
1632 case DLT_PPP_SERIAL:
1633 case DLT_PPP_ETHER:
1634 /*
1635 * We use Ethernet protocol types inside libpcap;
1636 * map them to the corresponding PPP protocol types.
1637 */
1638 switch (proto) {
1639
1640 case ETHERTYPE_IP:
1641 proto = PPP_IP;
1642 break;
1643
1644 #ifdef INET6
1645 case ETHERTYPE_IPV6:
1646 proto = PPP_IPV6;
1647 break;
1648 #endif
1649
1650 case ETHERTYPE_DN:
1651 proto = PPP_DECNET;
1652 break;
1653
1654 case ETHERTYPE_ATALK:
1655 proto = PPP_APPLE;
1656 break;
1657
1658 case ETHERTYPE_NS:
1659 proto = PPP_NS;
1660 break;
1661
1662 case LLCSAP_ISONS:
1663 proto = PPP_OSI;
1664 break;
1665
1666 case LLCSAP_8021D:
1667 /*
1668 * I'm assuming the "Bridging PDU"s that go
1669 * over PPP are Spanning Tree Protocol
1670 * Bridging PDUs.
1671 */
1672 proto = PPP_BRPDU;
1673 break;
1674
1675 case LLCSAP_IPX:
1676 proto = PPP_IPX;
1677 break;
1678 }
1679 break;
1680
1681 case DLT_PPP_BSDOS:
1682 /*
1683 * We use Ethernet protocol types inside libpcap;
1684 * map them to the corresponding PPP protocol types.
1685 */
1686 switch (proto) {
1687
1688 case ETHERTYPE_IP:
1689 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP);
1690 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC);
1691 gen_or(b0, b1);
1692 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC);
1693 gen_or(b1, b0);
1694 return b0;
1695
1696 #ifdef INET6
1697 case ETHERTYPE_IPV6:
1698 proto = PPP_IPV6;
1699 /* more to go? */
1700 break;
1701 #endif
1702
1703 case ETHERTYPE_DN:
1704 proto = PPP_DECNET;
1705 break;
1706
1707 case ETHERTYPE_ATALK:
1708 proto = PPP_APPLE;
1709 break;
1710
1711 case ETHERTYPE_NS:
1712 proto = PPP_NS;
1713 break;
1714
1715 case LLCSAP_ISONS:
1716 proto = PPP_OSI;
1717 break;
1718
1719 case LLCSAP_8021D:
1720 /*
1721 * I'm assuming the "Bridging PDU"s that go
1722 * over PPP are Spanning Tree Protocol
1723 * Bridging PDUs.
1724 */
1725 proto = PPP_BRPDU;
1726 break;
1727
1728 case LLCSAP_IPX:
1729 proto = PPP_IPX;
1730 break;
1731 }
1732 break;
1733
1734 case DLT_NULL:
1735 case DLT_LOOP:
1736 case DLT_ENC:
1737 /*
1738 * For DLT_NULL, the link-layer header is a 32-bit
1739 * word containing an AF_ value in *host* byte order,
1740 * and for DLT_ENC, the link-layer header begins
1741 * with a 32-bit work containing an AF_ value in
1742 * host byte order.
1743 *
1744 * In addition, if we're reading a saved capture file,
1745 * the host byte order in the capture may not be the
1746 * same as the host byte order on this machine.
1747 *
1748 * For DLT_LOOP, the link-layer header is a 32-bit
1749 * word containing an AF_ value in *network* byte order.
1750 *
1751 * XXX - AF_ values may, unfortunately, be platform-
1752 * dependent; for example, FreeBSD's AF_INET6 is 24
1753 * whilst NetBSD's and OpenBSD's is 26.
1754 *
1755 * This means that, when reading a capture file, just
1756 * checking for our AF_INET6 value won't work if the
1757 * capture file came from another OS.
1758 */
1759 switch (proto) {
1760
1761 case ETHERTYPE_IP:
1762 proto = AF_INET;
1763 break;
1764
1765 #ifdef INET6
1766 case ETHERTYPE_IPV6:
1767 proto = AF_INET6;
1768 break;
1769 #endif
1770
1771 default:
1772 /*
1773 * Not a type on which we support filtering.
1774 * XXX - support those that have AF_ values
1775 * #defined on this platform, at least?
1776 */
1777 return gen_false();
1778 }
1779
1780 if (linktype == DLT_NULL || linktype == DLT_ENC) {
1781 /*
1782 * The AF_ value is in host byte order, but
1783 * the BPF interpreter will convert it to
1784 * network byte order.
1785 *
1786 * If this is a save file, and it's from a
1787 * machine with the opposite byte order to
1788 * ours, we byte-swap the AF_ value.
1789 *
1790 * Then we run it through "htonl()", and
1791 * generate code to compare against the result.
1792 */
1793 if (bpf_pcap->sf.rfile != NULL &&
1794 bpf_pcap->sf.swapped)
1795 proto = SWAPLONG(proto);
1796 proto = htonl(proto);
1797 }
1798 return (gen_cmp(0, BPF_W, (bpf_int32)proto));
1799
1800 case DLT_PFLOG:
1801 /*
1802 * af field is host byte order in contrast to the rest of
1803 * the packet.
1804 */
1805 if (proto == ETHERTYPE_IP)
1806 return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B,
1807 (bpf_int32)AF_INET));
1808 #ifdef INET6
1809 else if (proto == ETHERTYPE_IPV6)
1810 return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B,
1811 (bpf_int32)AF_INET6));
1812 #endif /* INET6 */
1813 else
1814 return gen_false();
1815 /*NOTREACHED*/
1816 break;
1817
1818 case DLT_ARCNET:
1819 case DLT_ARCNET_LINUX:
1820 /*
1821 * XXX should we check for first fragment if the protocol
1822 * uses PHDS?
1823 */
1824 switch (proto) {
1825
1826 default:
1827 return gen_false();
1828
1829 #ifdef INET6
1830 case ETHERTYPE_IPV6:
1831 return (gen_cmp(off_linktype, BPF_B,
1832 (bpf_int32)ARCTYPE_INET6));
1833 #endif /* INET6 */
1834
1835 case ETHERTYPE_IP:
1836 b0 = gen_cmp(off_linktype, BPF_B,
1837 (bpf_int32)ARCTYPE_IP);
1838 b1 = gen_cmp(off_linktype, BPF_B,
1839 (bpf_int32)ARCTYPE_IP_OLD);
1840 gen_or(b0, b1);
1841 return (b1);
1842
1843 case ETHERTYPE_ARP:
1844 b0 = gen_cmp(off_linktype, BPF_B,
1845 (bpf_int32)ARCTYPE_ARP);
1846 b1 = gen_cmp(off_linktype, BPF_B,
1847 (bpf_int32)ARCTYPE_ARP_OLD);
1848 gen_or(b0, b1);
1849 return (b1);
1850
1851 case ETHERTYPE_REVARP:
1852 return (gen_cmp(off_linktype, BPF_B,
1853 (bpf_int32)ARCTYPE_REVARP));
1854
1855 case ETHERTYPE_ATALK:
1856 return (gen_cmp(off_linktype, BPF_B,
1857 (bpf_int32)ARCTYPE_ATALK));
1858 }
1859 /*NOTREACHED*/
1860 break;
1861
1862 case DLT_LTALK:
1863 switch (proto) {
1864 case ETHERTYPE_ATALK:
1865 return gen_true();
1866 default:
1867 return gen_false();
1868 }
1869 /*NOTREACHED*/
1870 break;
1871
1872 case DLT_FRELAY:
1873 /*
1874 * XXX - assumes a 2-byte Frame Relay header with
1875 * DLCI and flags. What if the address is longer?
1876 */
1877 switch (proto) {
1878
1879 case ETHERTYPE_IP:
1880 /*
1881 * Check for the special NLPID for IP.
1882 */
1883 return gen_cmp(2, BPF_H, (0x03<<8) | 0xcc);
1884
1885 #ifdef INET6
1886 case ETHERTYPE_IPV6:
1887 /*
1888 * Check for the special NLPID for IPv6.
1889 */
1890 return gen_cmp(2, BPF_H, (0x03<<8) | 0x8e);
1891 #endif
1892
1893 case LLCSAP_ISONS:
1894 /*
1895 * Check for several OSI protocols.
1896 *
1897 * Frame Relay packets typically have an OSI
1898 * NLPID at the beginning; we check for each
1899 * of them.
1900 *
1901 * What we check for is the NLPID and a frame
1902 * control field of UI, i.e. 0x03 followed
1903 * by the NLPID.
1904 */
1905 b0 = gen_cmp(2, BPF_H, (0x03<<8) | ISO8473_CLNP);
1906 b1 = gen_cmp(2, BPF_H, (0x03<<8) | ISO9542_ESIS);
1907 b2 = gen_cmp(2, BPF_H, (0x03<<8) | ISO10589_ISIS);
1908 gen_or(b1, b2);
1909 gen_or(b0, b2);
1910 return b2;
1911
1912 default:
1913 return gen_false();
1914 }
1915 /*NOTREACHED*/
1916 break;
1917
1918 case DLT_JUNIPER_MLFR:
1919 case DLT_JUNIPER_MLPPP:
1920 case DLT_JUNIPER_ATM1:
1921 case DLT_JUNIPER_ATM2:
1922 /* just lets verify the magic number for now -
1923 * on ATM we may have up to 6 different encapsulations on the wire
1924 * and need a lot of heuristics to figure out that the payload
1925 * might be;
1926 *
1927 * FIXME encapsulation specific BPF_ filters
1928 */
1929 return gen_mcmp(0, BPF_W, 0x4d474300, 0xffffff00); /* compare the magic number */
1930
1931 case DLT_LINUX_IRDA:
1932 bpf_error("IrDA link-layer type filtering not implemented");
1933
1934 case DLT_DOCSIS:
1935 bpf_error("DOCSIS link-layer type filtering not implemented");
1936
1937 case DLT_LINUX_LAPD:
1938 bpf_error("LAPD link-layer type filtering not implemented");
1939 }
1940
1941 /*
1942 * All the types that have no encapsulation should either be
1943 * handled as DLT_SLIP, DLT_SLIP_BSDOS, and DLT_RAW are, if
1944 * all packets are IP packets, or should be handled in some
1945 * special case, if none of them are (if some are and some
1946 * aren't, the lack of encapsulation is a problem, as we'd
1947 * have to find some other way of determining the packet type).
1948 *
1949 * Therefore, if "off_linktype" is -1, there's an error.
1950 */
1951 if (off_linktype == (u_int)-1)
1952 abort();
1953
1954 /*
1955 * Any type not handled above should always have an Ethernet
1956 * type at an offset of "off_linktype". (PPP is partially
1957 * handled above - the protocol type is mapped from the
1958 * Ethernet and LLC types we use internally to the corresponding
1959 * PPP type - but the PPP type is always specified by a value
1960 * at "off_linktype", so we don't have to do the code generation
1961 * above.)
1962 */
1963 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1964 }
1965
1966 /*
1967 * Check for an LLC SNAP packet with a given organization code and
1968 * protocol type; we check the entire contents of the 802.2 LLC and
1969 * snap headers, checking for DSAP and SSAP of SNAP and a control
1970 * field of 0x03 in the LLC header, and for the specified organization
1971 * code and protocol type in the SNAP header.
1972 */
1973 static struct block *
1974 gen_snap(orgcode, ptype, offset)
1975 bpf_u_int32 orgcode;
1976 bpf_u_int32 ptype;
1977 u_int offset;
1978 {
1979 u_char snapblock[8];
1980
1981 snapblock[0] = LLCSAP_SNAP; /* DSAP = SNAP */
1982 snapblock[1] = LLCSAP_SNAP; /* SSAP = SNAP */
1983 snapblock[2] = 0x03; /* control = UI */
1984 snapblock[3] = (orgcode >> 16); /* upper 8 bits of organization code */
1985 snapblock[4] = (orgcode >> 8); /* middle 8 bits of organization code */
1986 snapblock[5] = (orgcode >> 0); /* lower 8 bits of organization code */
1987 snapblock[6] = (ptype >> 8); /* upper 8 bits of protocol type */
1988 snapblock[7] = (ptype >> 0); /* lower 8 bits of protocol type */
1989 return gen_bcmp(offset, 8, snapblock);
1990 }
1991
1992 /*
1993 * Generate code to match a particular packet type, for link-layer types
1994 * using 802.2 LLC headers.
1995 *
1996 * This is *NOT* used for Ethernet; "gen_ether_linktype()" is used
1997 * for that - it handles the D/I/X Ethernet vs. 802.3+802.2 issues.
1998 *
1999 * "proto" is an Ethernet type value, if > ETHERMTU, or an LLC SAP
2000 * value, if <= ETHERMTU. We use that to determine whether to
2001 * match the DSAP or both DSAP and LSAP or to check the OUI and
2002 * protocol ID in a SNAP header.
2003 */
2004 static struct block *
2005 gen_llc_linktype(proto)
2006 int proto;
2007 {
2008 /*
2009 * XXX - handle token-ring variable-length header.
2010 */
2011 switch (proto) {
2012
2013 case LLCSAP_IP:
2014 case LLCSAP_ISONS:
2015 case LLCSAP_NETBEUI:
2016 /*
2017 * XXX - should we check both the DSAP and the
2018 * SSAP, like this, or should we check just the
2019 * DSAP, as we do for other types <= ETHERMTU
2020 * (i.e., other SAP values)?
2021 */
2022 return gen_cmp(off_linktype, BPF_H, (long)
2023 ((proto << 8) | proto));
2024
2025 case LLCSAP_IPX:
2026 /*
2027 * XXX - are there ever SNAP frames for IPX on
2028 * non-Ethernet 802.x networks?
2029 */
2030 return gen_cmp(off_linktype, BPF_B, (bpf_int32)LLCSAP_IPX);
2031
2032 case ETHERTYPE_ATALK:
2033 /*
2034 * 802.2-encapsulated ETHERTYPE_ATALK packets are
2035 * SNAP packets with an organization code of
2036 * 0x080007 (Apple, for Appletalk) and a protocol
2037 * type of ETHERTYPE_ATALK (Appletalk).
2038 *
2039 * XXX - check for an organization code of
2040 * encapsulated Ethernet as well?
2041 */
2042 return gen_snap(0x080007, ETHERTYPE_ATALK, off_linktype);
2043
2044 default:
2045 /*
2046 * XXX - we don't have to check for IPX 802.3
2047 * here, but should we check for the IPX Ethertype?
2048 */
2049 if (proto <= ETHERMTU) {
2050 /*
2051 * This is an LLC SAP value, so check
2052 * the DSAP.
2053 */
2054 return gen_cmp(off_linktype, BPF_B, (bpf_int32)proto);
2055 } else {
2056 /*
2057 * This is an Ethernet type; we assume that it's
2058 * unlikely that it'll appear in the right place
2059 * at random, and therefore check only the
2060 * location that would hold the Ethernet type
2061 * in a SNAP frame with an organization code of
2062 * 0x000000 (encapsulated Ethernet).
2063 *
2064 * XXX - if we were to check for the SNAP DSAP and
2065 * LSAP, as per XXX, and were also to check for an
2066 * organization code of 0x000000 (encapsulated
2067 * Ethernet), we'd do
2068 *
2069 * return gen_snap(0x000000, proto,
2070 * off_linktype);
2071 *
2072 * here; for now, we don't, as per the above.
2073 * I don't know whether it's worth the extra CPU
2074 * time to do the right check or not.
2075 */
2076 return gen_cmp(off_linktype+6, BPF_H, (bpf_int32)proto);
2077 }
2078 }
2079 }
2080
2081 static struct block *
2082 gen_hostop(addr, mask, dir, proto, src_off, dst_off)
2083 bpf_u_int32 addr;
2084 bpf_u_int32 mask;
2085 int dir, proto;
2086 u_int src_off, dst_off;
2087 {
2088 struct block *b0, *b1;
2089 u_int offset;
2090
2091 switch (dir) {
2092
2093 case Q_SRC:
2094 offset = src_off;
2095 break;
2096
2097 case Q_DST:
2098 offset = dst_off;
2099 break;
2100
2101 case Q_AND:
2102 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
2103 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
2104 gen_and(b0, b1);
2105 return b1;
2106
2107 case Q_OR:
2108 case Q_DEFAULT:
2109 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
2110 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
2111 gen_or(b0, b1);
2112 return b1;
2113
2114 default:
2115 abort();
2116 }
2117 b0 = gen_linktype(proto);
2118 b1 = gen_mcmp(offset, BPF_W, (bpf_int32)addr, mask);
2119 gen_and(b0, b1);
2120 return b1;
2121 }
2122
2123 #ifdef INET6
2124 static struct block *
2125 gen_hostop6(addr, mask, dir, proto, src_off, dst_off)
2126 struct in6_addr *addr;
2127 struct in6_addr *mask;
2128 int dir, proto;
2129 u_int src_off, dst_off;
2130 {
2131 struct block *b0, *b1;
2132 u_int offset;
2133 u_int32_t *a, *m;
2134
2135 switch (dir) {
2136
2137 case Q_SRC:
2138 offset = src_off;
2139 break;
2140
2141 case Q_DST:
2142 offset = dst_off;
2143 break;
2144
2145 case Q_AND:
2146 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
2147 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
2148 gen_and(b0, b1);
2149 return b1;
2150
2151 case Q_OR:
2152 case Q_DEFAULT:
2153 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
2154 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
2155 gen_or(b0, b1);
2156 return b1;
2157
2158 default:
2159 abort();
2160 }
2161 /* this order is important */
2162 a = (u_int32_t *)addr;
2163 m = (u_int32_t *)mask;
2164 b1 = gen_mcmp(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3]));
2165 b0 = gen_mcmp(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2]));
2166 gen_and(b0, b1);
2167 b0 = gen_mcmp(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1]));
2168 gen_and(b0, b1);
2169 b0 = gen_mcmp(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0]));
2170 gen_and(b0, b1);
2171 b0 = gen_linktype(proto);
2172 gen_and(b0, b1);
2173 return b1;
2174 }
2175 #endif /*INET6*/
2176
2177 static struct block *
2178 gen_ehostop(eaddr, dir)
2179 register const u_char *eaddr;
2180 register int dir;
2181 {
2182 register struct block *b0, *b1;
2183
2184 switch (dir) {
2185 case Q_SRC:
2186 return gen_bcmp(off_mac + 6, 6, eaddr);
2187
2188 case Q_DST:
2189 return gen_bcmp(off_mac + 0, 6, eaddr);
2190
2191 case Q_AND:
2192 b0 = gen_ehostop(eaddr, Q_SRC);
2193 b1 = gen_ehostop(eaddr, Q_DST);
2194 gen_and(b0, b1);
2195 return b1;
2196
2197 case Q_DEFAULT:
2198 case Q_OR:
2199 b0 = gen_ehostop(eaddr, Q_SRC);
2200 b1 = gen_ehostop(eaddr, Q_DST);
2201 gen_or(b0, b1);
2202 return b1;
2203 }
2204 abort();
2205 /* NOTREACHED */
2206 }
2207
2208 /*
2209 * Like gen_ehostop, but for DLT_FDDI
2210 */
2211 static struct block *
2212 gen_fhostop(eaddr, dir)
2213 register const u_char *eaddr;
2214 register int dir;
2215 {
2216 struct block *b0, *b1;
2217
2218 switch (dir) {
2219 case Q_SRC:
2220 #ifdef PCAP_FDDIPAD
2221 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr);
2222 #else
2223 return gen_bcmp(6 + 1, 6, eaddr);
2224 #endif
2225
2226 case Q_DST:
2227 #ifdef PCAP_FDDIPAD
2228 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr);
2229 #else
2230 return gen_bcmp(0 + 1, 6, eaddr);
2231 #endif
2232
2233 case Q_AND:
2234 b0 = gen_fhostop(eaddr, Q_SRC);
2235 b1 = gen_fhostop(eaddr, Q_DST);
2236 gen_and(b0, b1);
2237 return b1;
2238
2239 case Q_DEFAULT:
2240 case Q_OR:
2241 b0 = gen_fhostop(eaddr, Q_SRC);
2242 b1 = gen_fhostop(eaddr, Q_DST);
2243 gen_or(b0, b1);
2244 return b1;
2245 }
2246 abort();
2247 /* NOTREACHED */
2248 }
2249
2250 /*
2251 * Like gen_ehostop, but for DLT_IEEE802 (Token Ring)
2252 */
2253 static struct block *
2254 gen_thostop(eaddr, dir)
2255 register const u_char *eaddr;
2256 register int dir;
2257 {
2258 register struct block *b0, *b1;
2259
2260 switch (dir) {
2261 case Q_SRC:
2262 return gen_bcmp(8, 6, eaddr);
2263
2264 case Q_DST:
2265 return gen_bcmp(2, 6, eaddr);
2266
2267 case Q_AND:
2268 b0 = gen_thostop(eaddr, Q_SRC);
2269 b1 = gen_thostop(eaddr, Q_DST);
2270 gen_and(b0, b1);
2271 return b1;
2272
2273 case Q_DEFAULT:
2274 case Q_OR:
2275 b0 = gen_thostop(eaddr, Q_SRC);
2276 b1 = gen_thostop(eaddr, Q_DST);
2277 gen_or(b0, b1);
2278 return b1;
2279 }
2280 abort();
2281 /* NOTREACHED */
2282 }
2283
2284 /*
2285 * Like gen_ehostop, but for DLT_IEEE802_11 (802.11 wireless LAN)
2286 */
2287 static struct block *
2288 gen_wlanhostop(eaddr, dir)
2289 register const u_char *eaddr;
2290 register int dir;
2291 {
2292 register struct block *b0, *b1, *b2;
2293 register struct slist *s;
2294
2295 switch (dir) {
2296 case Q_SRC:
2297 /*
2298 * Oh, yuk.
2299 *
2300 * For control frames, there is no SA.
2301 *
2302 * For management frames, SA is at an
2303 * offset of 10 from the beginning of
2304 * the packet.
2305 *
2306 * For data frames, SA is at an offset
2307 * of 10 from the beginning of the packet
2308 * if From DS is clear, at an offset of
2309 * 16 from the beginning of the packet
2310 * if From DS is set and To DS is clear,
2311 * and an offset of 24 from the beginning
2312 * of the packet if From DS is set and To DS
2313 * is set.
2314 */
2315
2316 /*
2317 * Generate the tests to be done for data frames
2318 * with From DS set.
2319 *
2320 * First, check for To DS set, i.e. check "link[1] & 0x01".
2321 */
2322 s = gen_load_llrel(1, BPF_B);
2323 b1 = new_block(JMP(BPF_JSET));
2324 b1->s.k = 0x01; /* To DS */
2325 b1->stmts = s;
2326
2327 /*
2328 * If To DS is set, the SA is at 24.
2329 */
2330 b0 = gen_bcmp(24, 6, eaddr);
2331 gen_and(b1, b0);
2332
2333 /*
2334 * Now, check for To DS not set, i.e. check
2335 * "!(link[1] & 0x01)".
2336 */
2337 s = gen_load_llrel(1, BPF_B);
2338 b2 = new_block(JMP(BPF_JSET));
2339 b2->s.k = 0x01; /* To DS */
2340 b2->stmts = s;
2341 gen_not(b2);
2342
2343 /*
2344 * If To DS is not set, the SA is at 16.
2345 */
2346 b1 = gen_bcmp(16, 6, eaddr);
2347 gen_and(b2, b1);
2348
2349 /*
2350 * Now OR together the last two checks. That gives
2351 * the complete set of checks for data frames with
2352 * From DS set.
2353 */
2354 gen_or(b1, b0);
2355
2356 /*
2357 * Now check for From DS being set, and AND that with
2358 * the ORed-together checks.
2359 */
2360 s = gen_load_llrel(1, BPF_B);
2361 b1 = new_block(JMP(BPF_JSET));
2362 b1->s.k = 0x02; /* From DS */
2363 b1->stmts = s;
2364 gen_and(b1, b0);
2365
2366 /*
2367 * Now check for data frames with From DS not set.
2368 */
2369 s = gen_load_llrel(1, BPF_B);
2370 b2 = new_block(JMP(BPF_JSET));
2371 b2->s.k = 0x02; /* From DS */
2372 b2->stmts = s;
2373 gen_not(b2);
2374
2375 /*
2376 * If From DS isn't set, the SA is at 10.
2377 */
2378 b1 = gen_bcmp(10, 6, eaddr);
2379 gen_and(b2, b1);
2380
2381 /*
2382 * Now OR together the checks for data frames with
2383 * From DS not set and for data frames with From DS
2384 * set; that gives the checks done for data frames.
2385 */
2386 gen_or(b1, b0);
2387
2388 /*
2389 * Now check for a data frame.
2390 * I.e, check "link[0] & 0x08".
2391 */
2392 gen_load_llrel(0, BPF_B);
2393 b1 = new_block(JMP(BPF_JSET));
2394 b1->s.k = 0x08;
2395 b1->stmts = s;
2396
2397 /*
2398 * AND that with the checks done for data frames.
2399 */
2400 gen_and(b1, b0);
2401
2402 /*
2403 * If the high-order bit of the type value is 0, this
2404 * is a management frame.
2405 * I.e, check "!(link[0] & 0x08)".
2406 */
2407 s = gen_load_llrel(0, BPF_B);
2408 b2 = new_block(JMP(BPF_JSET));
2409 b2->s.k = 0x08;
2410 b2->stmts = s;
2411 gen_not(b2);
2412
2413 /*
2414 * For management frames, the SA is at 10.
2415 */
2416 b1 = gen_bcmp(10, 6, eaddr);
2417 gen_and(b2, b1);
2418
2419 /*
2420 * OR that with the checks done for data frames.
2421 * That gives the checks done for management and
2422 * data frames.
2423 */
2424 gen_or(b1, b0);
2425
2426 /*
2427 * If the low-order bit of the type value is 1,
2428 * this is either a control frame or a frame
2429 * with a reserved type, and thus not a
2430 * frame with an SA.
2431 *
2432 * I.e., check "!(link[0] & 0x04)".
2433 */
2434 s = gen_load_llrel(0, BPF_B);
2435 b1 = new_block(JMP(BPF_JSET));
2436 b1->s.k = 0x04;
2437 b1->stmts = s;
2438 gen_not(b1);
2439
2440 /*
2441 * AND that with the checks for data and management
2442 * frames.
2443 */
2444 gen_and(b1, b0);
2445 return b0;
2446
2447 case Q_DST:
2448 /*
2449 * Oh, yuk.
2450 *
2451 * For control frames, there is no DA.
2452 *
2453 * For management frames, DA is at an
2454 * offset of 4 from the beginning of
2455 * the packet.
2456 *
2457 * For data frames, DA is at an offset
2458 * of 4 from the beginning of the packet
2459 * if To DS is clear and at an offset of
2460 * 16 from the beginning of the packet
2461 * if To DS is set.
2462 */
2463
2464 /*
2465 * Generate the tests to be done for data frames.
2466 *
2467 * First, check for To DS set, i.e. "link[1] & 0x01".
2468 */
2469 s = gen_load_llrel(1, BPF_B);
2470 b1 = new_block(JMP(BPF_JSET));
2471 b1->s.k = 0x01; /* To DS */
2472 b1->stmts = s;
2473
2474 /*
2475 * If To DS is set, the DA is at 16.
2476 */
2477 b0 = gen_bcmp(16, 6, eaddr);
2478 gen_and(b1, b0);
2479
2480 /*
2481 * Now, check for To DS not set, i.e. check
2482 * "!(link[1] & 0x01)".
2483 */
2484 s = gen_load_llrel(1, BPF_B);
2485 b2 = new_block(JMP(BPF_JSET));
2486 b2->s.k = 0x01; /* To DS */
2487 b2->stmts = s;
2488 gen_not(b2);
2489
2490 /*
2491 * If To DS is not set, the DA is at 4.
2492 */
2493 b1 = gen_bcmp(4, 6, eaddr);
2494 gen_and(b2, b1);
2495
2496 /*
2497 * Now OR together the last two checks. That gives
2498 * the complete set of checks for data frames.
2499 */
2500 gen_or(b1, b0);
2501
2502 /*
2503 * Now check for a data frame.
2504 * I.e, check "link[0] & 0x08".
2505 */
2506 s = gen_load_llrel(0, BPF_B);
2507 b1 = new_block(JMP(BPF_JSET));
2508 b1->s.k = 0x08;
2509 b1->stmts = s;
2510
2511 /*
2512 * AND that with the checks done for data frames.
2513 */
2514 gen_and(b1, b0);
2515
2516 /*
2517 * If the high-order bit of the type value is 0, this
2518 * is a management frame.
2519 * I.e, check "!(link[0] & 0x08)".
2520 */
2521 s = gen_load_llrel(0, BPF_B);
2522 b2 = new_block(JMP(BPF_JSET));
2523 b2->s.k = 0x08;
2524 b2->stmts = s;
2525 gen_not(b2);
2526
2527 /*
2528 * For management frames, the DA is at 4.
2529 */
2530 b1 = gen_bcmp(4, 6, eaddr);
2531 gen_and(b2, b1);
2532
2533 /*
2534 * OR that with the checks done for data frames.
2535 * That gives the checks done for management and
2536 * data frames.
2537 */
2538 gen_or(b1, b0);
2539
2540 /*
2541 * If the low-order bit of the type value is 1,
2542 * this is either a control frame or a frame
2543 * with a reserved type, and thus not a
2544 * frame with an SA.
2545 *
2546 * I.e., check "!(link[0] & 0x04)".
2547 */
2548 s = gen_load_llrel(0, BPF_B);
2549 b1 = new_block(JMP(BPF_JSET));
2550 b1->s.k = 0x04;
2551 b1->stmts = s;
2552 gen_not(b1);
2553
2554 /*
2555 * AND that with the checks for data and management
2556 * frames.
2557 */
2558 gen_and(b1, b0);
2559 return b0;
2560
2561 case Q_AND:
2562 b0 = gen_wlanhostop(eaddr, Q_SRC);
2563 b1 = gen_wlanhostop(eaddr, Q_DST);
2564 gen_and(b0, b1);
2565 return b1;
2566
2567 case Q_DEFAULT:
2568 case Q_OR:
2569 b0 = gen_wlanhostop(eaddr, Q_SRC);
2570 b1 = gen_wlanhostop(eaddr, Q_DST);
2571 gen_or(b0, b1);
2572 return b1;
2573 }
2574 abort();
2575 /* NOTREACHED */
2576 }
2577
2578 /*
2579 * Like gen_ehostop, but for RFC 2625 IP-over-Fibre-Channel.
2580 * (We assume that the addresses are IEEE 48-bit MAC addresses,
2581 * as the RFC states.)
2582 */
2583 static struct block *
2584 gen_ipfchostop(eaddr, dir)
2585 register const u_char *eaddr;
2586 register int dir;
2587 {
2588 register struct block *b0, *b1;
2589
2590 switch (dir) {
2591 case Q_SRC:
2592 return gen_bcmp(10, 6, eaddr);
2593
2594 case Q_DST:
2595 return gen_bcmp(2, 6, eaddr);
2596
2597 case Q_AND:
2598 b0 = gen_ipfchostop(eaddr, Q_SRC);
2599 b1 = gen_ipfchostop(eaddr, Q_DST);
2600 gen_and(b0, b1);
2601 return b1;
2602
2603 case Q_DEFAULT:
2604 case Q_OR:
2605 b0 = gen_ipfchostop(eaddr, Q_SRC);
2606 b1 = gen_ipfchostop(eaddr, Q_DST);
2607 gen_or(b0, b1);
2608 return b1;
2609 }
2610 abort();
2611 /* NOTREACHED */
2612 }
2613
2614 /*
2615 * This is quite tricky because there may be pad bytes in front of the
2616 * DECNET header, and then there are two possible data packet formats that
2617 * carry both src and dst addresses, plus 5 packet types in a format that
2618 * carries only the src node, plus 2 types that use a different format and
2619 * also carry just the src node.
2620 *
2621 * Yuck.
2622 *
2623 * Instead of doing those all right, we just look for data packets with
2624 * 0 or 1 bytes of padding. If you want to look at other packets, that
2625 * will require a lot more hacking.
2626 *
2627 * To add support for filtering on DECNET "areas" (network numbers)
2628 * one would want to add a "mask" argument to this routine. That would
2629 * make the filter even more inefficient, although one could be clever
2630 * and not generate masking instructions if the mask is 0xFFFF.
2631 */
2632 static struct block *
2633 gen_dnhostop(addr, dir, base_off)
2634 bpf_u_int32 addr;
2635 int dir;
2636 u_int base_off;
2637 {
2638 struct block *b0, *b1, *b2, *tmp;
2639 u_int offset_lh; /* offset if long header is received */
2640 u_int offset_sh; /* offset if short header is received */
2641
2642 switch (dir) {
2643
2644 case Q_DST:
2645 offset_sh = 1; /* follows flags */
2646 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */
2647 break;
2648
2649 case Q_SRC:
2650 offset_sh = 3; /* follows flags, dstnode */
2651 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */
2652 break;
2653
2654 case Q_AND:
2655 /* Inefficient because we do our Calvinball dance twice */
2656 b0 = gen_dnhostop(addr, Q_SRC, base_off);
2657 b1 = gen_dnhostop(addr, Q_DST, base_off);
2658 gen_and(b0, b1);
2659 return b1;
2660
2661 case Q_OR:
2662 case Q_DEFAULT:
2663 /* Inefficient because we do our Calvinball dance twice */
2664 b0 = gen_dnhostop(addr, Q_SRC, base_off);
2665 b1 = gen_dnhostop(addr, Q_DST, base_off);
2666 gen_or(b0, b1);
2667 return b1;
2668
2669 case Q_ISO:
2670 bpf_error("ISO host filtering not implemented");
2671
2672 default:
2673 abort();
2674 }
2675 b0 = gen_linktype(ETHERTYPE_DN);
2676 /* Check for pad = 1, long header case */
2677 tmp = gen_mcmp(base_off + 2, BPF_H,
2678 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF));
2679 b1 = gen_cmp(base_off + 2 + 1 + offset_lh,
2680 BPF_H, (bpf_int32)ntohs(addr));
2681 gen_and(tmp, b1);
2682 /* Check for pad = 0, long header case */
2683 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7);
2684 b2 = gen_cmp(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr));
2685 gen_and(tmp, b2);
2686 gen_or(b2, b1);
2687 /* Check for pad = 1, short header case */
2688 tmp = gen_mcmp(base_off + 2, BPF_H,
2689 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF));
2690 b2 = gen_cmp(base_off + 2 + 1 + offset_sh,
2691 BPF_H, (bpf_int32)ntohs(addr));
2692 gen_and(tmp, b2);
2693 gen_or(b2, b1);
2694 /* Check for pad = 0, short header case */
2695 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7);
2696 b2 = gen_cmp(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr));
2697 gen_and(tmp, b2);
2698 gen_or(b2, b1);
2699
2700 /* Combine with test for linktype */
2701 gen_and(b0, b1);
2702 return b1;
2703 }
2704
2705 static struct block *
2706 gen_host(addr, mask, proto, dir)
2707 bpf_u_int32 addr;
2708 bpf_u_int32 mask;
2709 int proto;
2710 int dir;
2711 {
2712 struct block *b0, *b1;
2713
2714 switch (proto) {
2715
2716 case Q_DEFAULT:
2717 b0 = gen_host(addr, mask, Q_IP, dir);
2718 if (off_linktype != (u_int)-1) {
2719 b1 = gen_host(addr, mask, Q_ARP, dir);
2720 gen_or(b0, b1);
2721 b0 = gen_host(addr, mask, Q_RARP, dir);
2722 gen_or(b1, b0);
2723 }
2724 return b0;
2725
2726 case Q_IP:
2727 return gen_hostop(addr, mask, dir, ETHERTYPE_IP,
2728 off_nl + 12, off_nl + 16);
2729
2730 case Q_RARP:
2731 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP,
2732 off_nl + 14, off_nl + 24);
2733
2734 case Q_ARP:
2735 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP,
2736 off_nl + 14, off_nl + 24);
2737
2738 case Q_TCP:
2739 bpf_error("'tcp' modifier applied to host");
2740
2741 case Q_SCTP:
2742 bpf_error("'sctp' modifier applied to host");
2743
2744 case Q_UDP:
2745 bpf_error("'udp' modifier applied to host");
2746
2747 case Q_ICMP:
2748 bpf_error("'icmp' modifier applied to host");
2749
2750 case Q_IGMP:
2751 bpf_error("'igmp' modifier applied to host");
2752
2753 case Q_IGRP:
2754 bpf_error("'igrp' modifier applied to host");
2755
2756 case Q_PIM:
2757 bpf_error("'pim' modifier applied to host");
2758
2759 case Q_VRRP:
2760 bpf_error("'vrrp' modifier applied to host");
2761
2762 case Q_ATALK:
2763 bpf_error("ATALK host filtering not implemented");
2764
2765 case Q_AARP:
2766 bpf_error("AARP host filtering not implemented");
2767
2768 case Q_DECNET:
2769 return gen_dnhostop(addr, dir, off_nl);
2770
2771 case Q_SCA:
2772 bpf_error("SCA host filtering not implemented");
2773
2774 case Q_LAT:
2775 bpf_error("LAT host filtering not implemented");
2776
2777 case Q_MOPDL:
2778 bpf_error("MOPDL host filtering not implemented");
2779
2780 case Q_MOPRC:
2781 bpf_error("MOPRC host filtering not implemented");
2782
2783 #ifdef INET6
2784 case Q_IPV6:
2785 bpf_error("'ip6' modifier applied to ip host");
2786
2787 case Q_ICMPV6:
2788 bpf_error("'icmp6' modifier applied to host");
2789 #endif /* INET6 */
2790
2791 case Q_AH:
2792 bpf_error("'ah' modifier applied to host");
2793
2794 case Q_ESP:
2795 bpf_error("'esp' modifier applied to host");
2796
2797 case Q_ISO:
2798 bpf_error("ISO host filtering not implemented");
2799
2800 case Q_ESIS:
2801 bpf_error("'esis' modifier applied to host");
2802
2803 case Q_ISIS:
2804 bpf_error("'isis' modifier applied to host");
2805
2806 case Q_CLNP:
2807 bpf_error("'clnp' modifier applied to host");
2808
2809 case Q_STP:
2810 bpf_error("'stp' modifier applied to host");
2811
2812 case Q_IPX:
2813 bpf_error("IPX host filtering not implemented");
2814
2815 case Q_NETBEUI:
2816 bpf_error("'netbeui' modifier applied to host");
2817
2818 default:
2819 abort();
2820 }
2821 /* NOTREACHED */
2822 }
2823
2824 #ifdef INET6
2825 static struct block *
2826 gen_host6(addr, mask, proto, dir)
2827 struct in6_addr *addr;
2828 struct in6_addr *mask;
2829 int proto;
2830 int dir;
2831 {
2832 switch (proto) {
2833
2834 case Q_DEFAULT:
2835 return gen_host6(addr, mask, Q_IPV6, dir);
2836
2837 case Q_IP:
2838 bpf_error("'ip' modifier applied to ip6 host");
2839
2840 case Q_RARP:
2841 bpf_error("'rarp' modifier applied to ip6 host");
2842
2843 case Q_ARP:
2844 bpf_error("'arp' modifier applied to ip6 host");
2845
2846 case Q_SCTP:
2847 bpf_error("'sctp' modifier applied to host");
2848
2849 case Q_TCP:
2850 bpf_error("'tcp' modifier applied to host");
2851
2852 case Q_UDP:
2853 bpf_error("'udp' modifier applied to host");
2854
2855 case Q_ICMP:
2856 bpf_error("'icmp' modifier applied to host");
2857
2858 case Q_IGMP:
2859 bpf_error("'igmp' modifier applied to host");
2860
2861 case Q_IGRP:
2862 bpf_error("'igrp' modifier applied to host");
2863
2864 case Q_PIM:
2865 bpf_error("'pim' modifier applied to host");
2866
2867 case Q_VRRP:
2868 bpf_error("'vrrp' modifier applied to host");
2869
2870 case Q_ATALK:
2871 bpf_error("ATALK host filtering not implemented");
2872
2873 case Q_AARP:
2874 bpf_error("AARP host filtering not implemented");
2875
2876 case Q_DECNET:
2877 bpf_error("'decnet' modifier applied to ip6 host");
2878
2879 case Q_SCA:
2880 bpf_error("SCA host filtering not implemented");
2881
2882 case Q_LAT:
2883 bpf_error("LAT host filtering not implemented");
2884
2885 case Q_MOPDL:
2886 bpf_error("MOPDL host filtering not implemented");
2887
2888 case Q_MOPRC:
2889 bpf_error("MOPRC host filtering not implemented");
2890
2891 case Q_IPV6:
2892 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6,
2893 off_nl + 8, off_nl + 24);
2894
2895 case Q_ICMPV6:
2896 bpf_error("'icmp6' modifier applied to host");
2897
2898 case Q_AH:
2899 bpf_error("'ah' modifier applied to host");
2900
2901 case Q_ESP:
2902 bpf_error("'esp' modifier applied to host");
2903
2904 case Q_ISO:
2905 bpf_error("ISO host filtering not implemented");
2906
2907 case Q_ESIS:
2908 bpf_error("'esis' modifier applied to host");
2909
2910 case Q_ISIS:
2911 bpf_error("'isis' modifier applied to host");
2912
2913 case Q_CLNP:
2914 bpf_error("'clnp' modifier applied to host");
2915
2916 case Q_STP:
2917 bpf_error("'stp' modifier applied to host");
2918
2919 case Q_IPX:
2920 bpf_error("IPX host filtering not implemented");
2921
2922 case Q_NETBEUI:
2923 bpf_error("'netbeui' modifier applied to host");
2924
2925 default:
2926 abort();
2927 }
2928 /* NOTREACHED */
2929 }
2930 #endif /*INET6*/
2931
2932 #ifndef INET6
2933 static struct block *
2934 gen_gateway(eaddr, alist, proto, dir)
2935 const u_char *eaddr;
2936 bpf_u_int32 **alist;
2937 int proto;
2938 int dir;
2939 {
2940 struct block *b0, *b1, *tmp;
2941
2942 if (dir != 0)
2943 bpf_error("direction applied to 'gateway'");
2944
2945 switch (proto) {
2946 case Q_DEFAULT:
2947 case Q_IP:
2948 case Q_ARP:
2949 case Q_RARP:
2950 if (linktype == DLT_EN10MB)
2951 b0 = gen_ehostop(eaddr, Q_OR);
2952 else if (linktype == DLT_FDDI)
2953 b0 = gen_fhostop(eaddr, Q_OR);
2954 else if (linktype == DLT_IEEE802)
2955 b0 = gen_thostop(eaddr, Q_OR);
2956 else if (linktype == DLT_IEEE802_11)
2957 b0 = gen_wlanhostop(eaddr, Q_OR);
2958 else if (linktype == DLT_SUNATM && is_lane) {
2959 /*
2960 * Check that the packet doesn't begin with an
2961 * LE Control marker. (We've already generated
2962 * a test for LANE.)
2963 */
2964 b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
2965 gen_not(b1);
2966
2967 /*
2968 * Now check the MAC address.
2969 */
2970 b0 = gen_ehostop(eaddr, Q_OR);
2971 gen_and(b1, b0);
2972 } else if (linktype == DLT_IP_OVER_FC)
2973 b0 = gen_ipfchostop(eaddr, Q_OR);
2974 else
2975 bpf_error(
2976 "'gateway' supported only on ethernet/FDDI/token ring/802.11/Fibre Channel");
2977
2978 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR);
2979 while (*alist) {
2980 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR);
2981 gen_or(b1, tmp);
2982 b1 = tmp;
2983 }
2984 gen_not(b1);
2985 gen_and(b0, b1);
2986 return b1;
2987 }
2988 bpf_error("illegal modifier of 'gateway'");
2989 /* NOTREACHED */
2990 }
2991 #endif
2992
2993 struct block *
2994 gen_proto_abbrev(proto)
2995 int proto;
2996 {
2997 struct block *b0;
2998 struct block *b1;
2999
3000 switch (proto) {
3001
3002 case Q_SCTP:
3003 b1 = gen_proto(IPPROTO_SCTP, Q_IP, Q_DEFAULT);
3004 #ifdef INET6
3005 b0 = gen_proto(IPPROTO_SCTP, Q_IPV6, Q_DEFAULT);
3006 gen_or(b0, b1);
3007 #endif
3008 break;
3009
3010 case Q_TCP:
3011 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT);
3012 #ifdef INET6
3013 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT);
3014 gen_or(b0, b1);
3015 #endif
3016 break;
3017
3018 case Q_UDP:
3019 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT);
3020 #ifdef INET6
3021 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT);
3022 gen_or(b0, b1);
3023 #endif
3024 break;
3025
3026 case Q_ICMP:
3027 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT);
3028 break;
3029
3030 #ifndef IPPROTO_IGMP
3031 #define IPPROTO_IGMP 2
3032 #endif
3033
3034 case Q_IGMP:
3035 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT);
3036 break;
3037
3038 #ifndef IPPROTO_IGRP
3039 #define IPPROTO_IGRP 9
3040 #endif
3041 case Q_IGRP:
3042 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT);
3043 break;
3044
3045 #ifndef IPPROTO_PIM
3046 #define IPPROTO_PIM 103
3047 #endif
3048
3049 case Q_PIM:
3050 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT);
3051 #ifdef INET6
3052 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT);
3053 gen_or(b0, b1);
3054 #endif
3055 break;
3056
3057 #ifndef IPPROTO_VRRP
3058 #define IPPROTO_VRRP 112
3059 #endif
3060
3061 case Q_VRRP:
3062 b1 = gen_proto(IPPROTO_VRRP, Q_IP, Q_DEFAULT);
3063 break;
3064
3065 case Q_IP:
3066 b1 = gen_linktype(ETHERTYPE_IP);
3067 break;
3068
3069 case Q_ARP:
3070 b1 = gen_linktype(ETHERTYPE_ARP);
3071 break;
3072
3073 case Q_RARP:
3074 b1 = gen_linktype(ETHERTYPE_REVARP);
3075 break;
3076
3077 case Q_LINK:
3078 bpf_error("link layer applied in wrong context");
3079
3080 case Q_ATALK:
3081 b1 = gen_linktype(ETHERTYPE_ATALK);
3082 break;
3083
3084 case Q_AARP:
3085 b1 = gen_linktype(ETHERTYPE_AARP);
3086 break;
3087
3088 case Q_DECNET:
3089 b1 = gen_linktype(ETHERTYPE_DN);
3090 break;
3091
3092 case Q_SCA:
3093 b1 = gen_linktype(ETHERTYPE_SCA);
3094 break;
3095
3096 case Q_LAT:
3097 b1 = gen_linktype(ETHERTYPE_LAT);
3098 break;
3099
3100 case Q_MOPDL:
3101 b1 = gen_linktype(ETHERTYPE_MOPDL);
3102 break;
3103
3104 case Q_MOPRC:
3105 b1 = gen_linktype(ETHERTYPE_MOPRC);
3106 break;
3107
3108 #ifdef INET6
3109 case Q_IPV6:
3110 b1 = gen_linktype(ETHERTYPE_IPV6);
3111 break;
3112
3113 #ifndef IPPROTO_ICMPV6
3114 #define IPPROTO_ICMPV6 58
3115 #endif
3116 case Q_ICMPV6:
3117 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT);
3118 break;
3119 #endif /* INET6 */
3120
3121 #ifndef IPPROTO_AH
3122 #define IPPROTO_AH 51
3123 #endif
3124 case Q_AH:
3125 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT);
3126 #ifdef INET6
3127 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT);
3128 gen_or(b0, b1);
3129 #endif
3130 break;
3131
3132 #ifndef IPPROTO_ESP
3133 #define IPPROTO_ESP 50
3134 #endif
3135 case Q_ESP:
3136 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT);
3137 #ifdef INET6
3138 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT);
3139 gen_or(b0, b1);
3140 #endif
3141 break;
3142
3143 case Q_ISO:
3144 b1 = gen_linktype(LLCSAP_ISONS);
3145 break;
3146
3147 case Q_ESIS:
3148 b1 = gen_proto(ISO9542_ESIS, Q_ISO, Q_DEFAULT);
3149 break;
3150
3151 case Q_ISIS:
3152 b1 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT);
3153 break;
3154
3155 case Q_ISIS_L1: /* all IS-IS Level1 PDU-Types */
3156 b0 = gen_proto(ISIS_L1_LAN_IIH, Q_ISIS, Q_DEFAULT);
3157 b1 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT); /* FIXME extract the circuit-type bits */
3158 gen_or(b0, b1);
3159 b0 = gen_proto(ISIS_L1_LSP, Q_ISIS, Q_DEFAULT);
3160 gen_or(b0, b1);
3161 b0 = gen_proto(ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT);
3162 gen_or(b0, b1);
3163 b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT);
3164 gen_or(b0, b1);
3165 break;
3166
3167 case Q_ISIS_L2: /* all IS-IS Level2 PDU-Types */
3168 b0 = gen_proto(ISIS_L2_LAN_IIH, Q_ISIS, Q_DEFAULT);
3169 b1 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT); /* FIXME extract the circuit-type bits */
3170 gen_or(b0, b1);
3171 b0 = gen_proto(ISIS_L2_LSP, Q_ISIS, Q_DEFAULT);
3172 gen_or(b0, b1);
3173 b0 = gen_proto(ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT);
3174 gen_or(b0, b1);
3175 b0 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT);
3176 gen_or(b0, b1);
3177 break;
3178
3179 case Q_ISIS_IIH: /* all IS-IS Hello PDU-Types */
3180 b0 = gen_proto(ISIS_L1_LAN_IIH, Q_ISIS, Q_DEFAULT);
3181 b1 = gen_proto(ISIS_L2_LAN_IIH, Q_ISIS, Q_DEFAULT);
3182 gen_or(b0, b1);
3183 b0 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT);
3184 gen_or(b0, b1);
3185 break;
3186
3187 case Q_ISIS_LSP:
3188 b0 = gen_proto(ISIS_L1_LSP, Q_ISIS, Q_DEFAULT);
3189 b1 = gen_proto(ISIS_L2_LSP, Q_ISIS, Q_DEFAULT);
3190 gen_or(b0, b1);
3191 break;
3192
3193 case Q_ISIS_SNP:
3194 b0 = gen_proto(ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT);
3195 b1 = gen_proto(ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT);
3196 gen_or(b0, b1);
3197 b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT);
3198 gen_or(b0, b1);
3199 b0 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT);
3200 gen_or(b0, b1);
3201 break;
3202
3203 case Q_ISIS_CSNP:
3204 b0 = gen_proto(ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT);
3205 b1 = gen_proto(ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT);
3206 gen_or(b0, b1);
3207 break;
3208
3209 case Q_ISIS_PSNP:
3210 b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT);
3211 b1 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT);
3212 gen_or(b0, b1);
3213 break;
3214
3215 case Q_CLNP:
3216 b1 = gen_proto(ISO8473_CLNP, Q_ISO, Q_DEFAULT);
3217 break;
3218
3219 case Q_STP:
3220 b1 = gen_linktype(LLCSAP_8021D);
3221 break;
3222
3223 case Q_IPX:
3224 b1 = gen_linktype(LLCSAP_IPX);
3225 break;
3226
3227 case Q_NETBEUI:
3228 b1 = gen_linktype(LLCSAP_NETBEUI);
3229 break;
3230
3231 default:
3232 abort();
3233 }
3234 return b1;
3235 }
3236
3237 static struct block *
3238 gen_ipfrag()
3239 {
3240 struct slist *s;
3241 struct block *b;
3242
3243 /* not ip frag */
3244 s = gen_load_nlrel(6, BPF_H);
3245 b = new_block(JMP(BPF_JSET));
3246 b->s.k = 0x1fff;
3247 b->stmts = s;
3248 gen_not(b);
3249
3250 return b;
3251 }
3252
3253 static struct block *
3254 gen_portatom(off, v)
3255 int off;
3256 bpf_int32 v;
3257 {
3258 struct slist *s;
3259 struct block *b;
3260
3261 s = gen_load_ipv4tlrel(off, BPF_H);
3262
3263 b = new_block(JMP(BPF_JEQ));
3264 b->stmts = s;
3265 b->s.k = v;
3266
3267 return b;
3268 }
3269
3270 #ifdef INET6
3271 static struct block *
3272 gen_portatom6(off, v)
3273 int off;
3274 bpf_int32 v;
3275 {
3276 return gen_cmp(off_nl + 40 + off, BPF_H, v);
3277 }
3278 #endif/*INET6*/
3279
3280 struct block *
3281 gen_portop(port, proto, dir)
3282 int port, proto, dir;
3283 {
3284 struct block *b0, *b1, *tmp;
3285
3286 /* ip proto 'proto' */
3287 tmp = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)proto);
3288 b0 = gen_ipfrag();
3289 gen_and(tmp, b0);
3290
3291 switch (dir) {
3292 case Q_SRC:
3293 b1 = gen_portatom(0, (bpf_int32)port);
3294 break;
3295
3296 case Q_DST:
3297 b1 = gen_portatom(2, (bpf_int32)port);
3298 break;
3299
3300 case Q_OR:
3301 case Q_DEFAULT:
3302 tmp = gen_portatom(0, (bpf_int32)port);
3303 b1 = gen_portatom(2, (bpf_int32)port);
3304 gen_or(tmp, b1);
3305 break;
3306
3307 case Q_AND:
3308 tmp = gen_portatom(0, (bpf_int32)port);
3309 b1 = gen_portatom(2, (bpf_int32)port);
3310 gen_and(tmp, b1);
3311 break;
3312
3313 default:
3314 abort();
3315 }
3316 gen_and(b0, b1);
3317
3318 return b1;
3319 }
3320
3321 static struct block *
3322 gen_port(port, ip_proto, dir)
3323 int port;
3324 int ip_proto;
3325 int dir;
3326 {
3327 struct block *b0, *b1, *tmp;
3328
3329 /*
3330 * ether proto ip
3331 *
3332 * For FDDI, RFC 1188 says that SNAP encapsulation is used,
3333 * not LLC encapsulation with LLCSAP_IP.
3334 *
3335 * For IEEE 802 networks - which includes 802.5 token ring
3336 * (which is what DLT_IEEE802 means) and 802.11 - RFC 1042
3337 * says that SNAP encapsulation is used, not LLC encapsulation
3338 * with LLCSAP_IP.
3339 *
3340 * For LLC-encapsulated ATM/"Classical IP", RFC 1483 and
3341 * RFC 2225 say that SNAP encapsulation is used, not LLC
3342 * encapsulation with LLCSAP_IP.
3343 *
3344 * So we always check for ETHERTYPE_IP.
3345 */
3346 b0 = gen_linktype(ETHERTYPE_IP);
3347
3348 switch (ip_proto) {
3349 case IPPROTO_UDP:
3350 case IPPROTO_TCP:
3351 case IPPROTO_SCTP:
3352 b1 = gen_portop(port, ip_proto, dir);
3353 break;
3354
3355 case PROTO_UNDEF:
3356 tmp = gen_portop(port, IPPROTO_TCP, dir);
3357 b1 = gen_portop(port, IPPROTO_UDP, dir);
3358 gen_or(tmp, b1);
3359 tmp = gen_portop(port, IPPROTO_SCTP, dir);
3360 gen_or(tmp, b1);
3361 break;
3362
3363 default:
3364 abort();
3365 }
3366 gen_and(b0, b1);
3367 return b1;
3368 }
3369
3370 #ifdef INET6
3371 struct block *
3372 gen_portop6(port, proto, dir)
3373 int port, proto, dir;
3374 {
3375 struct block *b0, *b1, *tmp;
3376
3377 /* ip6 proto 'proto' */
3378 b0 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)proto);
3379
3380 switch (dir) {
3381 case Q_SRC:
3382 b1 = gen_portatom6(0, (bpf_int32)port);
3383 break;
3384
3385 case Q_DST:
3386 b1 = gen_portatom6(2, (bpf_int32)port);
3387 break;
3388
3389 case Q_OR:
3390 case Q_DEFAULT:
3391 tmp = gen_portatom6(0, (bpf_int32)port);
3392 b1 = gen_portatom6(2, (bpf_int32)port);
3393 gen_or(tmp, b1);
3394 break;
3395
3396 case Q_AND:
3397 tmp = gen_portatom6(0, (bpf_int32)port);
3398 b1 = gen_portatom6(2, (bpf_int32)port);
3399 gen_and(tmp, b1);
3400 break;
3401
3402 default:
3403 abort();
3404 }
3405 gen_and(b0, b1);
3406
3407 return b1;
3408 }
3409
3410 static struct block *
3411 gen_port6(port, ip_proto, dir)
3412 int port;
3413 int ip_proto;
3414 int dir;
3415 {
3416 struct block *b0, *b1, *tmp;
3417
3418 /* link proto ip6 */
3419 b0 = gen_linktype(ETHERTYPE_IPV6);
3420
3421 switch (ip_proto) {
3422 case IPPROTO_UDP:
3423 case IPPROTO_TCP:
3424 case IPPROTO_SCTP:
3425 b1 = gen_portop6(port, ip_proto, dir);
3426 break;
3427
3428 case PROTO_UNDEF:
3429 tmp = gen_portop6(port, IPPROTO_TCP, dir);
3430 b1 = gen_portop6(port, IPPROTO_UDP, dir);
3431 gen_or(tmp, b1);
3432 tmp = gen_portop6(port, IPPROTO_SCTP, dir);
3433 gen_or(tmp, b1);
3434 break;
3435
3436 default:
3437 abort();
3438 }
3439 gen_and(b0, b1);
3440 return b1;
3441 }
3442 #endif /* INET6 */
3443
3444 /* gen_portrange code */
3445 static struct block *
3446 gen_portrangeatom(off, v1, v2)
3447 int off;
3448 bpf_int32 v1, v2;
3449 {
3450 struct slist *s1, *s2;
3451 struct block *b1, *b2;
3452
3453 if (v1 > v2) {
3454 /*
3455 * Reverse the order of the ports, so v1 is the lower one.
3456 */
3457 bpf_int32 vtemp;
3458
3459 vtemp = v1;
3460 v1 = v2;
3461 v2 = vtemp;
3462 }
3463
3464 s1 = gen_load_ipv4tlrel(off, BPF_H);
3465
3466 b1 = new_block(JMP(BPF_JGE));
3467 b1->stmts = s1;
3468 b1->s.k = v1;
3469
3470 s2 = gen_load_ipv4tlrel(off, BPF_H);
3471
3472 b2 = new_block(JMP(BPF_JGT));
3473 gen_not(b2);
3474 b2->stmts = s2;
3475 b2->s.k = v2;
3476
3477 gen_and(b1, b2);
3478
3479 return b2;
3480 }
3481
3482 struct block *
3483 gen_portrangeop(port1, port2, proto, dir)
3484 int port1, port2;
3485 int proto;
3486 int dir;
3487 {
3488 struct block *b0, *b1, *tmp;
3489
3490 /* ip proto 'proto' */
3491 tmp = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)proto);
3492 b0 = gen_ipfrag();
3493 gen_and(tmp, b0);
3494
3495 switch (dir) {
3496 case Q_SRC:
3497 b1 = gen_portrangeatom(0, (bpf_int32)port1, (bpf_int32)port2);
3498 break;
3499
3500 case Q_DST:
3501 b1 = gen_portrangeatom(2, (bpf_int32)port1, (bpf_int32)port2);
3502 break;
3503
3504 case Q_OR:
3505 case Q_DEFAULT:
3506 tmp = gen_portrangeatom(0, (bpf_int32)port1, (bpf_int32)port2);
3507 b1 = gen_portrangeatom(2, (bpf_int32)port1, (bpf_int32)port2);
3508 gen_or(tmp, b1);
3509 break;
3510
3511 case Q_AND:
3512 tmp = gen_portrangeatom(0, (bpf_int32)port1, (bpf_int32)port2);
3513 b1 = gen_portrangeatom(2, (bpf_int32)port1, (bpf_int32)port2);
3514 gen_and(tmp, b1);
3515 break;
3516
3517 default:
3518 abort();
3519 }
3520 gen_and(b0, b1);
3521
3522 return b1;
3523 }
3524
3525 static struct block *
3526 gen_portrange(port1, port2, ip_proto, dir)
3527 int port1, port2;
3528 int ip_proto;
3529 int dir;
3530 {
3531 struct block *b0, *b1, *tmp;
3532
3533 /* link proto ip */
3534 b0 = gen_linktype(ETHERTYPE_IP);
3535
3536 switch (ip_proto) {
3537 case IPPROTO_UDP:
3538 case IPPROTO_TCP:
3539 case IPPROTO_SCTP:
3540 b1 = gen_portrangeop(port1, port2, ip_proto, dir);
3541 break;
3542
3543 case PROTO_UNDEF:
3544 tmp = gen_portrangeop(port1, port2, IPPROTO_TCP, dir);
3545 b1 = gen_portrangeop(port1, port2, IPPROTO_UDP, dir);
3546 gen_or(tmp, b1);
3547 tmp = gen_portrangeop(port1, port2, IPPROTO_SCTP, dir);
3548 gen_or(tmp, b1);
3549 break;
3550
3551 default:
3552 abort();
3553 }
3554 gen_and(b0, b1);
3555 return b1;
3556 }
3557
3558 #ifdef INET6
3559 static struct block *
3560 gen_portrangeatom6(off, v1, v2)
3561 int off;
3562 bpf_int32 v1, v2;
3563 {
3564 struct slist *s1, *s2;
3565 struct block *b1, *b2;
3566
3567 if (v1 > v2) {
3568 /*
3569 * Reverse the order of the ports, so v1 is the lower one.
3570 */
3571 bpf_int32 vtemp;
3572
3573 vtemp = v1;
3574 v1 = v2;
3575 v2 = vtemp;
3576 }
3577
3578 s1 = gen_load_ipv6tlrel(off, BPF_H);
3579
3580 b1 = new_block(JMP(BPF_JGE));
3581 b1->stmts = s1;
3582 b1->s.k = v1;
3583
3584 s2 = gen_load_ipv6tlrel(off, BPF_H);
3585
3586 b2 = new_block(JMP(BPF_JGT));
3587 gen_not(b2);
3588 b2->stmts = s2;
3589 b2->s.k = v2;
3590
3591 gen_and(b1, b2);
3592
3593 return b2;
3594 }
3595
3596 struct block *
3597 gen_portrangeop6(port1, port2, proto, dir)
3598 int port1, port2;
3599 int proto;
3600 int dir;
3601 {
3602 struct block *b0, *b1, *tmp;
3603
3604 /* ip6 proto 'proto' */
3605 b0 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)proto);
3606
3607 switch (dir) {
3608 case Q_SRC:
3609 b1 = gen_portrangeatom6(0, (bpf_int32)port1, (bpf_int32)port2);
3610 break;
3611
3612 case Q_DST:
3613 b1 = gen_portrangeatom6(2, (bpf_int32)port1, (bpf_int32)port2);
3614 break;
3615
3616 case Q_OR:
3617 case Q_DEFAULT:
3618 tmp = gen_portrangeatom6(0, (bpf_int32)port1, (bpf_int32)port2);
3619 b1 = gen_portrangeatom6(2, (bpf_int32)port1, (bpf_int32)port2);
3620 gen_or(tmp, b1);
3621 break;
3622
3623 case Q_AND:
3624 tmp = gen_portrangeatom6(0, (bpf_int32)port1, (bpf_int32)port2);
3625 b1 = gen_portrangeatom6(2, (bpf_int32)port1, (bpf_int32)port2);
3626 gen_and(tmp, b1);
3627 break;
3628
3629 default:
3630 abort();
3631 }
3632 gen_and(b0, b1);
3633
3634 return b1;
3635 }
3636
3637 static struct block *
3638 gen_portrange6(port1, port2, ip_proto, dir)
3639 int port1, port2;
3640 int ip_proto;
3641 int dir;
3642 {
3643 struct block *b0, *b1, *tmp;
3644
3645 /* link proto ip6 */
3646 b0 = gen_linktype(ETHERTYPE_IPV6);
3647
3648 switch (ip_proto) {
3649 case IPPROTO_UDP:
3650 case IPPROTO_TCP:
3651 case IPPROTO_SCTP:
3652 b1 = gen_portrangeop6(port1, port2, ip_proto, dir);
3653 break;
3654
3655 case PROTO_UNDEF:
3656 tmp = gen_portrangeop6(port1, port2, IPPROTO_TCP, dir);
3657 b1 = gen_portrangeop6(port1, port2, IPPROTO_UDP, dir);
3658 gen_or(tmp, b1);
3659 tmp = gen_portrangeop6(port1, port2, IPPROTO_SCTP, dir);
3660 gen_or(tmp, b1);
3661 break;
3662
3663 default:
3664 abort();
3665 }
3666 gen_and(b0, b1);
3667 return b1;
3668 }
3669 #endif /* INET6 */
3670
3671 static int
3672 lookup_proto(name, proto)
3673 register const char *name;
3674 register int proto;
3675 {
3676 register int v;
3677
3678 switch (proto) {
3679
3680 case Q_DEFAULT:
3681 case Q_IP:
3682 case Q_IPV6:
3683 v = pcap_nametoproto(name);
3684 if (v == PROTO_UNDEF)
3685 bpf_error("unknown ip proto '%s'", name);
3686 break;
3687
3688 case Q_LINK:
3689 /* XXX should look up h/w protocol type based on linktype */
3690 v = pcap_nametoeproto(name);
3691 if (v == PROTO_UNDEF) {
3692 v = pcap_nametollc(name);
3693 if (v == PROTO_UNDEF)
3694 bpf_error("unknown ether proto '%s'", name);
3695 }
3696 break;
3697
3698 case Q_ISO:
3699 if (strcmp(name, "esis") == 0)
3700 v = ISO9542_ESIS;
3701 else if (strcmp(name, "isis") == 0)
3702 v = ISO10589_ISIS;
3703 else if (strcmp(name, "clnp") == 0)
3704 v = ISO8473_CLNP;
3705 else
3706 bpf_error("unknown osi proto '%s'", name);
3707 break;
3708
3709 default:
3710 v = PROTO_UNDEF;
3711 break;
3712 }
3713 return v;
3714 }
3715
3716 #if 0
3717 struct stmt *
3718 gen_joinsp(s, n)
3719 struct stmt **s;
3720 int n;
3721 {
3722 return NULL;
3723 }
3724 #endif
3725
3726 static struct block *
3727 gen_protochain(v, proto, dir)
3728 int v;
3729 int proto;
3730 int dir;
3731 {
3732 #ifdef NO_PROTOCHAIN
3733 return gen_proto(v, proto, dir);
3734 #else
3735 struct block *b0, *b;
3736 struct slist *s[100];
3737 int fix2, fix3, fix4, fix5;
3738 int ahcheck, again, end;
3739 int i, max;
3740 int reg2 = alloc_reg();
3741
3742 memset(s, 0, sizeof(s));
3743 fix2 = fix3 = fix4 = fix5 = 0;
3744
3745 switch (proto) {
3746 case Q_IP:
3747 case Q_IPV6:
3748 break;
3749 case Q_DEFAULT:
3750 b0 = gen_protochain(v, Q_IP, dir);
3751 b = gen_protochain(v, Q_IPV6, dir);
3752 gen_or(b0, b);
3753 return b;
3754 default:
3755 bpf_error("bad protocol applied for 'protochain'");
3756 /*NOTREACHED*/
3757 }
3758
3759 no_optimize = 1; /*this code is not compatible with optimzer yet */
3760
3761 /*
3762 * s[0] is a dummy entry to protect other BPF insn from damage
3763 * by s[fix] = foo with uninitialized variable "fix". It is somewhat
3764 * hard to find interdependency made by jump table fixup.
3765 */
3766 i = 0;
3767 s[i] = new_stmt(0); /*dummy*/
3768 i++;
3769
3770 switch (proto) {
3771 case Q_IP:
3772 b0 = gen_linktype(ETHERTYPE_IP);
3773
3774 /* A = ip->ip_p */
3775 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
3776 s[i]->s.k = off_nl + 9;
3777 i++;
3778 /* X = ip->ip_hl << 2 */
3779 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
3780 s[i]->s.k = off_nl;
3781 i++;
3782 break;
3783 #ifdef INET6
3784 case Q_IPV6:
3785 b0 = gen_linktype(ETHERTYPE_IPV6);
3786
3787 /* A = ip6->ip_nxt */
3788 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
3789 s[i]->s.k = off_nl + 6;
3790 i++;
3791 /* X = sizeof(struct ip6_hdr) */
3792 s[i] = new_stmt(BPF_LDX|BPF_IMM);
3793 s[i]->s.k = 40;
3794 i++;
3795 break;
3796 #endif
3797 default:
3798 bpf_error("unsupported proto to gen_protochain");
3799 /*NOTREACHED*/
3800 }
3801
3802 /* again: if (A == v) goto end; else fall through; */
3803 again = i;
3804 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3805 s[i]->s.k = v;
3806 s[i]->s.jt = NULL; /*later*/
3807 s[i]->s.jf = NULL; /*update in next stmt*/
3808 fix5 = i;
3809 i++;
3810
3811 #ifndef IPPROTO_NONE
3812 #define IPPROTO_NONE 59
3813 #endif
3814 /* if (A == IPPROTO_NONE) goto end */
3815 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3816 s[i]->s.jt = NULL; /*later*/
3817 s[i]->s.jf = NULL; /*update in next stmt*/
3818 s[i]->s.k = IPPROTO_NONE;
3819 s[fix5]->s.jf = s[i];
3820 fix2 = i;
3821 i++;
3822
3823 #ifdef INET6
3824 if (proto == Q_IPV6) {
3825 int v6start, v6end, v6advance, j;
3826
3827 v6start = i;
3828 /* if (A == IPPROTO_HOPOPTS) goto v6advance */
3829 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3830 s[i]->s.jt = NULL; /*later*/
3831 s[i]->s.jf = NULL; /*update in next stmt*/
3832 s[i]->s.k = IPPROTO_HOPOPTS;
3833 s[fix2]->s.jf = s[i];
3834 i++;
3835 /* if (A == IPPROTO_DSTOPTS) goto v6advance */
3836 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3837 s[i]->s.jt = NULL; /*later*/
3838 s[i]->s.jf = NULL; /*update in next stmt*/
3839 s[i]->s.k = IPPROTO_DSTOPTS;
3840 i++;
3841 /* if (A == IPPROTO_ROUTING) goto v6advance */
3842 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3843 s[i]->s.jt = NULL; /*later*/
3844 s[i]->s.jf = NULL; /*update in next stmt*/
3845 s[i]->s.k = IPPROTO_ROUTING;
3846 i++;
3847 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */
3848 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3849 s[i]->s.jt = NULL; /*later*/
3850 s[i]->s.jf = NULL; /*later*/
3851 s[i]->s.k = IPPROTO_FRAGMENT;
3852 fix3 = i;
3853 v6end = i;
3854 i++;
3855
3856 /* v6advance: */
3857 v6advance = i;
3858
3859 /*
3860 * in short,
3861 * A = P[X];
3862 * X = X + (P[X + 1] + 1) * 8;
3863 */
3864 /* A = X */
3865 s[i] = new_stmt(BPF_MISC|BPF_TXA);
3866 i++;
3867 /* A = P[X + packet head] */
3868 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
3869 s[i]->s.k = off_nl;
3870 i++;
3871 /* MEM[reg2] = A */
3872 s[i] = new_stmt(BPF_ST);
3873 s[i]->s.k = reg2;
3874 i++;
3875 /* A = X */
3876 s[i] = new_stmt(BPF_MISC|BPF_TXA);
3877 i++;
3878 /* A += 1 */
3879 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3880 s[i]->s.k = 1;
3881 i++;
3882 /* X = A */
3883 s[i] = new_stmt(BPF_MISC|BPF_TAX);
3884 i++;
3885 /* A = P[X + packet head]; */
3886 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
3887 s[i]->s.k = off_nl;
3888 i++;
3889 /* A += 1 */
3890 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3891 s[i]->s.k = 1;
3892 i++;
3893 /* A *= 8 */
3894 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
3895 s[i]->s.k = 8;
3896 i++;
3897 /* X = A; */
3898 s[i] = new_stmt(BPF_MISC|BPF_TAX);
3899 i++;
3900 /* A = MEM[reg2] */
3901 s[i] = new_stmt(BPF_LD|BPF_MEM);
3902 s[i]->s.k = reg2;
3903 i++;
3904
3905 /* goto again; (must use BPF_JA for backward jump) */
3906 s[i] = new_stmt(BPF_JMP|BPF_JA);
3907 s[i]->s.k = again - i - 1;
3908 s[i - 1]->s.jf = s[i];
3909 i++;
3910
3911 /* fixup */
3912 for (j = v6start; j <= v6end; j++)
3913 s[j]->s.jt = s[v6advance];
3914 } else
3915 #endif
3916 {
3917 /* nop */
3918 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3919 s[i]->s.k = 0;
3920 s[fix2]->s.jf = s[i];
3921 i++;
3922 }
3923
3924 /* ahcheck: */
3925 ahcheck = i;
3926 /* if (A == IPPROTO_AH) then fall through; else goto end; */
3927 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3928 s[i]->s.jt = NULL; /*later*/
3929 s[i]->s.jf = NULL; /*later*/
3930 s[i]->s.k = IPPROTO_AH;
3931 if (fix3)
3932 s[fix3]->s.jf = s[ahcheck];
3933 fix4 = i;
3934 i++;
3935
3936 /*
3937 * in short,
3938 * A = P[X];
3939 * X = X + (P[X + 1] + 2) * 4;
3940 */
3941 /* A = X */
3942 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
3943 i++;
3944 /* A = P[X + packet head]; */
3945 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
3946 s[i]->s.k = off_nl;
3947 i++;
3948 /* MEM[reg2] = A */
3949 s[i] = new_stmt(BPF_ST);
3950 s[i]->s.k = reg2;
3951 i++;
3952 /* A = X */
3953 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
3954 i++;
3955 /* A += 1 */
3956 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3957 s[i]->s.k = 1;
3958 i++;
3959 /* X = A */
3960 s[i] = new_stmt(BPF_MISC|BPF_TAX);
3961 i++;
3962 /* A = P[X + packet head] */
3963 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
3964 s[i]->s.k = off_nl;
3965 i++;
3966 /* A += 2 */
3967 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3968 s[i]->s.k = 2;
3969 i++;
3970 /* A *= 4 */
3971 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
3972 s[i]->s.k = 4;
3973 i++;
3974 /* X = A; */
3975 s[i] = new_stmt(BPF_MISC|BPF_TAX);
3976 i++;
3977 /* A = MEM[reg2] */
3978 s[i] = new_stmt(BPF_LD|BPF_MEM);
3979 s[i]->s.k = reg2;
3980 i++;
3981
3982 /* goto again; (must use BPF_JA for backward jump) */
3983 s[i] = new_stmt(BPF_JMP|BPF_JA);
3984 s[i]->s.k = again - i - 1;
3985 i++;
3986
3987 /* end: nop */
3988 end = i;
3989 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3990 s[i]->s.k = 0;
3991 s[fix2]->s.jt = s[end];
3992 s[fix4]->s.jf = s[end];
3993 s[fix5]->s.jt = s[end];
3994 i++;
3995
3996 /*
3997 * make slist chain
3998 */
3999 max = i;
4000 for (i = 0; i < max - 1; i++)
4001 s[i]->next = s[i + 1];
4002 s[max - 1]->next = NULL;
4003
4004 /*
4005 * emit final check
4006 */
4007 b = new_block(JMP(BPF_JEQ));
4008 b->stmts = s[1]; /*remember, s[0] is dummy*/
4009 b->s.k = v;
4010
4011 free_reg(reg2);
4012
4013 gen_and(b0, b);
4014 return b;
4015 #endif
4016 }
4017
4018 /*
4019 * Generate code that checks whether the packet is a packet for protocol
4020 * <proto> and whether the type field in that protocol's header has
4021 * the value <v>, e.g. if <proto> is Q_IP, it checks whether it's an
4022 * IP packet and checks the protocol number in the IP header against <v>.
4023 *
4024 * If <proto> is Q_DEFAULT, i.e. just "proto" was specified, it checks
4025 * against Q_IP and Q_IPV6.
4026 */
4027 static struct block *
4028 gen_proto(v, proto, dir)
4029 int v;
4030 int proto;
4031 int dir;
4032 {
4033 struct block *b0, *b1;
4034
4035 if (dir != Q_DEFAULT)
4036 bpf_error("direction applied to 'proto'");
4037
4038 switch (proto) {
4039 case Q_DEFAULT:
4040 #ifdef INET6
4041 b0 = gen_proto(v, Q_IP, dir);
4042 b1 = gen_proto(v, Q_IPV6, dir);
4043 gen_or(b0, b1);
4044 return b1;
4045 #else
4046 /*FALLTHROUGH*/
4047 #endif
4048 case Q_IP:
4049 /*
4050 * For FDDI, RFC 1188 says that SNAP encapsulation is used,
4051 * not LLC encapsulation with LLCSAP_IP.
4052 *
4053 * For IEEE 802 networks - which includes 802.5 token ring
4054 * (which is what DLT_IEEE802 means) and 802.11 - RFC 1042
4055 * says that SNAP encapsulation is used, not LLC encapsulation
4056 * with LLCSAP_IP.
4057 *
4058 * For LLC-encapsulated ATM/"Classical IP", RFC 1483 and
4059 * RFC 2225 say that SNAP encapsulation is used, not LLC
4060 * encapsulation with LLCSAP_IP.
4061 *
4062 * So we always check for ETHERTYPE_IP.
4063 */
4064 b0 = gen_linktype(ETHERTYPE_IP);
4065 #ifndef CHASE_CHAIN
4066 b1 = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)v);
4067 #else
4068 b1 = gen_protochain(v, Q_IP);
4069 #endif
4070 gen_and(b0, b1);
4071 return b1;
4072
4073 case Q_ISO:
4074 switch (linktype) {
4075
4076 case DLT_FRELAY:
4077 /*
4078 * Frame Relay packets typically have an OSI
4079 * NLPID at the beginning; "gen_linktype(LLCSAP_ISONS)"
4080 * generates code to check for all the OSI
4081 * NLPIDs, so calling it and then adding a check
4082 * for the particular NLPID for which we're
4083 * looking is bogus, as we can just check for
4084 * the NLPID.
4085 *
4086 * What we check for is the NLPID and a frame
4087 * control field value of UI, i.e. 0x03 followed
4088 * by the NLPID.
4089 *
4090 * XXX - assumes a 2-byte Frame Relay header with
4091 * DLCI and flags. What if the address is longer?
4092 *
4093 * XXX - what about SNAP-encapsulated frames?
4094 */
4095 return gen_cmp(2, BPF_H, (0x03<<8) | v);
4096 /*NOTREACHED*/
4097 break;
4098
4099 case DLT_C_HDLC:
4100 /*
4101 * Cisco uses an Ethertype lookalike - for OSI,
4102 * it's 0xfefe.
4103 */
4104 b0 = gen_linktype(LLCSAP_ISONS<<8 | LLCSAP_ISONS);
4105 /* OSI in C-HDLC is stuffed with a fudge byte */
4106 b1 = gen_cmp(off_nl_nosnap+1, BPF_B, (long)v);
4107 gen_and(b0, b1);
4108 return b1;
4109
4110 default:
4111 b0 = gen_linktype(LLCSAP_ISONS);
4112 b1 = gen_cmp(off_nl_nosnap, BPF_B, (long)v);
4113 gen_and(b0, b1);
4114 return b1;
4115 }
4116
4117 case Q_ISIS:
4118 b0 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT);
4119 /*
4120 * 4 is the offset of the PDU type relative to the IS-IS
4121 * header.
4122 */
4123 b1 = gen_cmp(off_nl_nosnap+4, BPF_B, (long)v);
4124 gen_and(b0, b1);
4125 return b1;
4126
4127 case Q_ARP:
4128 bpf_error("arp does not encapsulate another protocol");
4129 /* NOTREACHED */
4130
4131 case Q_RARP:
4132 bpf_error("rarp does not encapsulate another protocol");
4133 /* NOTREACHED */
4134
4135 case Q_ATALK:
4136 bpf_error("atalk encapsulation is not specifiable");
4137 /* NOTREACHED */
4138
4139 case Q_DECNET:
4140 bpf_error("decnet encapsulation is not specifiable");
4141 /* NOTREACHED */
4142
4143 case Q_SCA:
4144 bpf_error("sca does not encapsulate another protocol");
4145 /* NOTREACHED */
4146
4147 case Q_LAT:
4148 bpf_error("lat does not encapsulate another protocol");
4149 /* NOTREACHED */
4150
4151 case Q_MOPRC:
4152 bpf_error("moprc does not encapsulate another protocol");
4153 /* NOTREACHED */
4154
4155 case Q_MOPDL:
4156 bpf_error("mopdl does not encapsulate another protocol");
4157 /* NOTREACHED */
4158
4159 case Q_LINK:
4160 return gen_linktype(v);
4161
4162 case Q_UDP:
4163 bpf_error("'udp proto' is bogus");
4164 /* NOTREACHED */
4165
4166 case Q_TCP:
4167 bpf_error("'tcp proto' is bogus");
4168 /* NOTREACHED */
4169
4170 case Q_SCTP:
4171 bpf_error("'sctp proto' is bogus");
4172 /* NOTREACHED */
4173
4174 case Q_ICMP:
4175 bpf_error("'icmp proto' is bogus");
4176 /* NOTREACHED */
4177
4178 case Q_IGMP:
4179 bpf_error("'igmp proto' is bogus");
4180 /* NOTREACHED */
4181
4182 case Q_IGRP:
4183 bpf_error("'igrp proto' is bogus");
4184 /* NOTREACHED */
4185
4186 case Q_PIM:
4187 bpf_error("'pim proto' is bogus");
4188 /* NOTREACHED */
4189
4190 case Q_VRRP:
4191 bpf_error("'vrrp proto' is bogus");
4192 /* NOTREACHED */
4193
4194 #ifdef INET6
4195 case Q_IPV6:
4196 b0 = gen_linktype(ETHERTYPE_IPV6);
4197 #ifndef CHASE_CHAIN
4198 b1 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)v);
4199 #else
4200 b1 = gen_protochain(v, Q_IPV6);
4201 #endif
4202 gen_and(b0, b1);
4203 return b1;
4204
4205 case Q_ICMPV6:
4206 bpf_error("'icmp6 proto' is bogus");
4207 #endif /* INET6 */
4208
4209 case Q_AH:
4210 bpf_error("'ah proto' is bogus");
4211
4212 case Q_ESP:
4213 bpf_error("'ah proto' is bogus");
4214
4215 case Q_STP:
4216 bpf_error("'stp proto' is bogus");
4217
4218 case Q_IPX:
4219 bpf_error("'ipx proto' is bogus");
4220
4221 case Q_NETBEUI:
4222 bpf_error("'netbeui proto' is bogus");
4223
4224 default:
4225 abort();
4226 /* NOTREACHED */
4227 }
4228 /* NOTREACHED */
4229 }
4230
4231 struct block *
4232 gen_scode(name, q)
4233 register const char *name;
4234 struct qual q;
4235 {
4236 int proto = q.proto;
4237 int dir = q.dir;
4238 int tproto;
4239 u_char *eaddr;
4240 bpf_u_int32 mask, addr;
4241 #ifndef INET6
4242 bpf_u_int32 **alist;
4243 #else
4244 int tproto6;
4245 struct sockaddr_in *sin;
4246 struct sockaddr_in6 *sin6;
4247 struct addrinfo *res, *res0;
4248 struct in6_addr mask128;
4249 #endif /*INET6*/
4250 struct block *b, *tmp;
4251 int port, real_proto;
4252 int port1, port2;
4253
4254 switch (q.addr) {
4255
4256 case Q_NET:
4257 addr = pcap_nametonetaddr(name);
4258 if (addr == 0)
4259 bpf_error("unknown network '%s'", name);
4260 /* Left justify network addr and calculate its network mask */
4261 mask = 0xffffffff;
4262 while (addr && (addr & 0xff000000) == 0) {
4263 addr <<= 8;
4264 mask <<= 8;
4265 }
4266 return gen_host(addr, mask, proto, dir);
4267
4268 case Q_DEFAULT:
4269 case Q_HOST:
4270 if (proto == Q_LINK) {
4271 switch (linktype) {
4272
4273 case DLT_EN10MB:
4274 eaddr = pcap_ether_hostton(name);
4275 if (eaddr == NULL)
4276 bpf_error(
4277 "unknown ether host '%s'", name);
4278 b = gen_ehostop(eaddr, dir);
4279 free(eaddr);
4280 return b;
4281
4282 case DLT_FDDI:
4283 eaddr = pcap_ether_hostton(name);
4284 if (eaddr == NULL)
4285 bpf_error(
4286 "unknown FDDI host '%s'", name);
4287 b = gen_fhostop(eaddr, dir);
4288 free(eaddr);
4289 return b;
4290
4291 case DLT_IEEE802:
4292 eaddr = pcap_ether_hostton(name);
4293 if (eaddr == NULL)
4294 bpf_error(
4295 "unknown token ring host '%s'", name);
4296 b = gen_thostop(eaddr, dir);
4297 free(eaddr);
4298 return b;
4299
4300 case DLT_IEEE802_11:
4301 eaddr = pcap_ether_hostton(name);
4302 if (eaddr == NULL)
4303 bpf_error(
4304 "unknown 802.11 host '%s'", name);
4305 b = gen_wlanhostop(eaddr, dir);
4306 free(eaddr);
4307 return b;
4308
4309 case DLT_IP_OVER_FC:
4310 eaddr = pcap_ether_hostton(name);
4311 if (eaddr == NULL)
4312 bpf_error(
4313 "unknown Fibre Channel host '%s'", name);
4314 b = gen_ipfchostop(eaddr, dir);
4315 free(eaddr);
4316 return b;
4317
4318 case DLT_SUNATM:
4319 if (!is_lane)
4320 break;
4321
4322 /*
4323 * Check that the packet doesn't begin
4324 * with an LE Control marker. (We've
4325 * already generated a test for LANE.)
4326 */
4327 tmp = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H,
4328 0xFF00);
4329 gen_not(tmp);
4330
4331 eaddr = pcap_ether_hostton(name);
4332 if (eaddr == NULL)
4333 bpf_error(
4334 "unknown ether host '%s'", name);
4335 b = gen_ehostop(eaddr, dir);
4336 gen_and(tmp, b);
4337 free(eaddr);
4338 return b;
4339 }
4340
4341 bpf_error("only ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel supports link-level host name");
4342 } else if (proto == Q_DECNET) {
4343 unsigned short dn_addr = __pcap_nametodnaddr(name);
4344 /*
4345 * I don't think DECNET hosts can be multihomed, so
4346 * there is no need to build up a list of addresses
4347 */
4348 return (gen_host(dn_addr, 0, proto, dir));
4349 } else {
4350 #ifndef INET6
4351 alist = pcap_nametoaddr(name);
4352 if (alist == NULL || *alist == NULL)
4353 bpf_error("unknown host '%s'", name);
4354 tproto = proto;
4355 if (off_linktype == (u_int)-1 && tproto == Q_DEFAULT)
4356 tproto = Q_IP;
4357 b = gen_host(**alist++, 0xffffffff, tproto, dir);
4358 while (*alist) {
4359 tmp = gen_host(**alist++, 0xffffffff,
4360 tproto, dir);
4361 gen_or(b, tmp);
4362 b = tmp;
4363 }
4364 return b;
4365 #else
4366 memset(&mask128, 0xff, sizeof(mask128));
4367 res0 = res = pcap_nametoaddrinfo(name);
4368 if (res == NULL)
4369 bpf_error("unknown host '%s'", name);
4370 b = tmp = NULL;
4371 tproto = tproto6 = proto;
4372 if (off_linktype == -1 && tproto == Q_DEFAULT) {
4373 tproto = Q_IP;
4374 tproto6 = Q_IPV6;
4375 }
4376 for (res = res0; res; res = res->ai_next) {
4377 switch (res->ai_family) {
4378 case AF_INET:
4379 if (tproto == Q_IPV6)
4380 continue;
4381
4382 sin = (struct sockaddr_in *)
4383 res->ai_addr;
4384 tmp = gen_host(ntohl(sin->sin_addr.s_addr),
4385 0xffffffff, tproto, dir);
4386 break;
4387 case AF_INET6:
4388 if (tproto6 == Q_IP)
4389 continue;
4390
4391 sin6 = (struct sockaddr_in6 *)
4392 res->ai_addr;
4393 tmp = gen_host6(&sin6->sin6_addr,
4394 &mask128, tproto6, dir);
4395 break;
4396 default:
4397 continue;
4398 }
4399 if (b)
4400 gen_or(b, tmp);
4401 b = tmp;
4402 }
4403 freeaddrinfo(res0);
4404 if (b == NULL) {
4405 bpf_error("unknown host '%s'%s", name,
4406 (proto == Q_DEFAULT)
4407 ? ""
4408 : " for specified address family");
4409 }
4410 return b;
4411 #endif /*INET6*/
4412 }
4413
4414 case Q_PORT:
4415 if (proto != Q_DEFAULT &&
4416 proto != Q_UDP && proto != Q_TCP && proto != Q_SCTP)
4417 bpf_error("illegal qualifier of 'port'");
4418 if (pcap_nametoport(name, &port, &real_proto) == 0)
4419 bpf_error("unknown port '%s'", name);
4420 if (proto == Q_UDP) {
4421 if (real_proto == IPPROTO_TCP)
4422 bpf_error("port '%s' is tcp", name);
4423 else if (real_proto == IPPROTO_SCTP)
4424 bpf_error("port '%s' is sctp", name);
4425 else
4426 /* override PROTO_UNDEF */
4427 real_proto = IPPROTO_UDP;
4428 }
4429 if (proto == Q_TCP) {
4430 if (real_proto == IPPROTO_UDP)
4431 bpf_error("port '%s' is udp", name);
4432
4433 else if (real_proto == IPPROTO_SCTP)
4434 bpf_error("port '%s' is sctp", name);
4435 else
4436 /* override PROTO_UNDEF */
4437 real_proto = IPPROTO_TCP;
4438 }
4439 if (proto == Q_SCTP) {
4440 if (real_proto == IPPROTO_UDP)
4441 bpf_error("port '%s' is udp", name);
4442
4443 else if (real_proto == IPPROTO_TCP)
4444 bpf_error("port '%s' is tcp", name);
4445 else
4446 /* override PROTO_UNDEF */
4447 real_proto = IPPROTO_SCTP;
4448 }
4449 #ifndef INET6
4450 return gen_port(port, real_proto, dir);
4451 #else
4452 {
4453 struct block *b;
4454 b = gen_port(port, real_proto, dir);
4455 gen_or(gen_port6(port, real_proto, dir), b);
4456 return b;
4457 }
4458 #endif /* INET6 */
4459
4460 case Q_PORTRANGE:
4461 if (proto != Q_DEFAULT &&
4462 proto != Q_UDP && proto != Q_TCP && proto != Q_SCTP)
4463 bpf_error("illegal qualifier of 'portrange'");
4464 if (pcap_nametoportrange(name, &port1, &port2, &real_proto) == 0)
4465 bpf_error("unknown port in range '%s'", name);
4466 if (proto == Q_UDP) {
4467 if (real_proto == IPPROTO_TCP)
4468 bpf_error("port in range '%s' is tcp", name);
4469 else if (real_proto == IPPROTO_SCTP)
4470 bpf_error("port in range '%s' is sctp", name);
4471 else
4472 /* override PROTO_UNDEF */
4473 real_proto = IPPROTO_UDP;
4474 }
4475 if (proto == Q_TCP) {
4476 if (real_proto == IPPROTO_UDP)
4477 bpf_error("port in range '%s' is udp", name);
4478 else if (real_proto == IPPROTO_SCTP)
4479 bpf_error("port in range '%s' is sctp", name);
4480 else
4481 /* override PROTO_UNDEF */
4482 real_proto = IPPROTO_TCP;
4483 }
4484 if (proto == Q_SCTP) {
4485 if (real_proto == IPPROTO_UDP)
4486 bpf_error("port in range '%s' is udp", name);
4487 else if (real_proto == IPPROTO_TCP)
4488 bpf_error("port in range '%s' is tcp", name);
4489 else
4490 /* override PROTO_UNDEF */
4491 real_proto = IPPROTO_SCTP;
4492 }
4493 #ifndef INET6
4494 return gen_portrange(port1, port2, real_proto, dir);
4495 #else
4496 {
4497 struct block *b;
4498 b = gen_portrange(port1, port2, real_proto, dir);
4499 gen_or(gen_portrange6(port1, port2, real_proto, dir), b);
4500 return b;
4501 }
4502 #endif /* INET6 */
4503
4504 case Q_GATEWAY:
4505 #ifndef INET6
4506 eaddr = pcap_ether_hostton(name);
4507 if (eaddr == NULL)
4508 bpf_error("unknown ether host: %s", name);
4509
4510 alist = pcap_nametoaddr(name);
4511 if (alist == NULL || *alist == NULL)
4512 bpf_error("unknown host '%s'", name);
4513 b = gen_gateway(eaddr, alist, proto, dir);
4514 free(eaddr);
4515 return b;
4516 #else
4517 bpf_error("'gateway' not supported in this configuration");
4518 #endif /*INET6*/
4519
4520 case Q_PROTO:
4521 real_proto = lookup_proto(name, proto);
4522 if (real_proto >= 0)
4523 return gen_proto(real_proto, proto, dir);
4524 else
4525 bpf_error("unknown protocol: %s", name);
4526
4527 case Q_PROTOCHAIN:
4528 real_proto = lookup_proto(name, proto);
4529 if (real_proto >= 0)
4530 return gen_protochain(real_proto, proto, dir);
4531 else
4532 bpf_error("unknown protocol: %s", name);
4533
4534
4535 case Q_UNDEF:
4536 syntax();
4537 /* NOTREACHED */
4538 }
4539 abort();
4540 /* NOTREACHED */
4541 }
4542
4543 struct block *
4544 gen_mcode(s1, s2, masklen, q)
4545 register const char *s1, *s2;
4546 register int masklen;
4547 struct qual q;
4548 {
4549 register int nlen, mlen;
4550 bpf_u_int32 n, m;
4551
4552 nlen = __pcap_atoin(s1, &n);
4553 /* Promote short ipaddr */
4554 n <<= 32 - nlen;
4555
4556 if (s2 != NULL) {
4557 mlen = __pcap_atoin(s2, &m);
4558 /* Promote short ipaddr */
4559 m <<= 32 - mlen;
4560 if ((n & ~m) != 0)
4561 bpf_error("non-network bits set in \"%s mask %s\"",
4562 s1, s2);
4563 } else {
4564 /* Convert mask len to mask */
4565 if (masklen > 32)
4566 bpf_error("mask length must be <= 32");
4567 m = 0xffffffff << (32 - masklen);
4568 if ((n & ~m) != 0)
4569 bpf_error("non-network bits set in \"%s/%d\"",
4570 s1, masklen);
4571 }
4572
4573 switch (q.addr) {
4574
4575 case Q_NET:
4576 return gen_host(n, m, q.proto, q.dir);
4577
4578 default:
4579 bpf_error("Mask syntax for networks only");
4580 /* NOTREACHED */
4581 }
4582 /* NOTREACHED */
4583 }
4584
4585 struct block *
4586 gen_ncode(s, v, q)
4587 register const char *s;
4588 bpf_u_int32 v;
4589 struct qual q;
4590 {
4591 bpf_u_int32 mask;
4592 int proto = q.proto;
4593 int dir = q.dir;
4594 register int vlen;
4595
4596 if (s == NULL)
4597 vlen = 32;
4598 else if (q.proto == Q_DECNET)
4599 vlen = __pcap_atodn(s, &v);
4600 else
4601 vlen = __pcap_atoin(s, &v);
4602
4603 switch (q.addr) {
4604
4605 case Q_DEFAULT:
4606 case Q_HOST:
4607 case Q_NET:
4608 if (proto == Q_DECNET)
4609 return gen_host(v, 0, proto, dir);
4610 else if (proto == Q_LINK) {
4611 bpf_error("illegal link layer address");
4612 } else {
4613 mask = 0xffffffff;
4614 if (s == NULL && q.addr == Q_NET) {
4615 /* Promote short net number */
4616 while (v && (v & 0xff000000) == 0) {
4617 v <<= 8;
4618 mask <<= 8;
4619 }
4620 } else {
4621 /* Promote short ipaddr */
4622 v <<= 32 - vlen;
4623 mask <<= 32 - vlen;
4624 }
4625 return gen_host(v, mask, proto, dir);
4626 }
4627
4628 case Q_PORT:
4629 if (proto == Q_UDP)
4630 proto = IPPROTO_UDP;
4631 else if (proto == Q_TCP)
4632 proto = IPPROTO_TCP;
4633 else if (proto == Q_SCTP)
4634 proto = IPPROTO_SCTP;
4635 else if (proto == Q_DEFAULT)
4636 proto = PROTO_UNDEF;
4637 else
4638 bpf_error("illegal qualifier of 'port'");
4639
4640 #ifndef INET6
4641 return gen_port((int)v, proto, dir);
4642 #else
4643 {
4644 struct block *b;
4645 b = gen_port((int)v, proto, dir);
4646 gen_or(gen_port6((int)v, proto, dir), b);
4647 return b;
4648 }
4649 #endif /* INET6 */
4650
4651 case Q_PORTRANGE:
4652 if (proto == Q_UDP)
4653 proto = IPPROTO_UDP;
4654 else if (proto == Q_TCP)
4655 proto = IPPROTO_TCP;
4656 else if (proto == Q_SCTP)
4657 proto = IPPROTO_SCTP;
4658 else if (proto == Q_DEFAULT)
4659 proto = PROTO_UNDEF;
4660 else
4661 bpf_error("illegal qualifier of 'portrange'");
4662
4663 #ifndef INET6
4664 return gen_portrange((int)v, (int)v, proto, dir);
4665 #else
4666 {
4667 struct block *b;
4668 b = gen_portrange((int)v, (int)v, proto, dir);
4669 gen_or(gen_portrange6((int)v, (int)v, proto, dir), b);
4670 return b;
4671 }
4672 #endif /* INET6 */
4673
4674 case Q_GATEWAY:
4675 bpf_error("'gateway' requires a name");
4676 /* NOTREACHED */
4677
4678 case Q_PROTO:
4679 return gen_proto((int)v, proto, dir);
4680
4681 case Q_PROTOCHAIN:
4682 return gen_protochain((int)v, proto, dir);
4683
4684 case Q_UNDEF:
4685 syntax();
4686 /* NOTREACHED */
4687
4688 default:
4689 abort();
4690 /* NOTREACHED */
4691 }
4692 /* NOTREACHED */
4693 }
4694
4695 #ifdef INET6
4696 struct block *
4697 gen_mcode6(s1, s2, masklen, q)
4698 register const char *s1, *s2;
4699 register int masklen;
4700 struct qual q;
4701 {
4702 struct addrinfo *res;
4703 struct in6_addr *addr;
4704 struct in6_addr mask;
4705 struct block *b;
4706 u_int32_t *a, *m;
4707
4708 if (s2)
4709 bpf_error("no mask %s supported", s2);
4710
4711 res = pcap_nametoaddrinfo(s1);
4712 if (!res)
4713 bpf_error("invalid ip6 address %s", s1);
4714 if (res->ai_next)
4715 bpf_error("%s resolved to multiple address", s1);
4716 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr;
4717
4718 if (sizeof(mask) * 8 < masklen)
4719 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8));
4720 memset(&mask, 0, sizeof(mask));
4721 memset(&mask, 0xff, masklen / 8);
4722 if (masklen % 8) {
4723 mask.s6_addr[masklen / 8] =
4724 (0xff << (8 - masklen % 8)) & 0xff;
4725 }
4726
4727 a = (u_int32_t *)addr;
4728 m = (u_int32_t *)&mask;
4729 if ((a[0] & ~m[0]) || (a[1] & ~m[1])
4730 || (a[2] & ~m[2]) || (a[3] & ~m[3])) {
4731 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen);
4732 }
4733
4734 switch (q.addr) {
4735
4736 case Q_DEFAULT:
4737 case Q_HOST:
4738 if (masklen != 128)
4739 bpf_error("Mask syntax for networks only");
4740 /* FALLTHROUGH */
4741
4742 case Q_NET:
4743 b = gen_host6(addr, &mask, q.proto, q.dir);
4744 freeaddrinfo(res);
4745 return b;
4746
4747 default:
4748 bpf_error("invalid qualifier against IPv6 address");
4749 /* NOTREACHED */
4750 }
4751 }
4752 #endif /*INET6*/
4753
4754 struct block *
4755 gen_ecode(eaddr, q)
4756 register const u_char *eaddr;
4757 struct qual q;
4758 {
4759 struct block *b, *tmp;
4760
4761 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
4762 if (linktype == DLT_EN10MB)
4763 return gen_ehostop(eaddr, (int)q.dir);
4764 if (linktype == DLT_FDDI)
4765 return gen_fhostop(eaddr, (int)q.dir);
4766 if (linktype == DLT_IEEE802)
4767 return gen_thostop(eaddr, (int)q.dir);
4768 if (linktype == DLT_IEEE802_11)
4769 return gen_wlanhostop(eaddr, (int)q.dir);
4770 if (linktype == DLT_SUNATM && is_lane) {
4771 /*
4772 * Check that the packet doesn't begin with an
4773 * LE Control marker. (We've already generated
4774 * a test for LANE.)
4775 */
4776 tmp = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
4777 gen_not(tmp);
4778
4779 /*
4780 * Now check the MAC address.
4781 */
4782 b = gen_ehostop(eaddr, (int)q.dir);
4783 gen_and(tmp, b);
4784 return b;
4785 }
4786 if (linktype == DLT_IP_OVER_FC)
4787 return gen_ipfchostop(eaddr, (int)q.dir);
4788 bpf_error("ethernet addresses supported only on ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel");
4789 }
4790 bpf_error("ethernet address used in non-ether expression");
4791 /* NOTREACHED */
4792 }
4793
4794 void
4795 sappend(s0, s1)
4796 struct slist *s0, *s1;
4797 {
4798 /*
4799 * This is definitely not the best way to do this, but the
4800 * lists will rarely get long.
4801 */
4802 while (s0->next)
4803 s0 = s0->next;
4804 s0->next = s1;
4805 }
4806
4807 static struct slist *
4808 xfer_to_x(a)
4809 struct arth *a;
4810 {
4811 struct slist *s;
4812
4813 s = new_stmt(BPF_LDX|BPF_MEM);
4814 s->s.k = a->regno;
4815 return s;
4816 }
4817
4818 static struct slist *
4819 xfer_to_a(a)
4820 struct arth *a;
4821 {
4822 struct slist *s;
4823
4824 s = new_stmt(BPF_LD|BPF_MEM);
4825 s->s.k = a->regno;
4826 return s;
4827 }
4828
4829 struct arth *
4830 gen_load(proto, index, size)
4831 int proto;
4832 struct arth *index;
4833 int size;
4834 {
4835 struct slist *s, *tmp;
4836 struct block *b;
4837 int regno = alloc_reg();
4838
4839 free_reg(index->regno);
4840 switch (size) {
4841
4842 default:
4843 bpf_error("data size must be 1, 2, or 4");
4844
4845 case 1:
4846 size = BPF_B;
4847 break;
4848
4849 case 2:
4850 size = BPF_H;
4851 break;
4852
4853 case 4:
4854 size = BPF_W;
4855 break;
4856 }
4857 switch (proto) {
4858 default:
4859 bpf_error("unsupported index operation");
4860
4861 case Q_LINK:
4862 /*
4863 * XXX - what about ATM LANE? Should the index be
4864 * relative to the beginning of the AAL5 frame, so
4865 * that 0 refers to the beginning of the LE Control
4866 * field, or relative to the beginning of the LAN
4867 * frame, so that 0 refers, for Ethernet LANE, to
4868 * the beginning of the destination address?
4869 */
4870 s = xfer_to_x(index);
4871 tmp = new_stmt(BPF_LD|BPF_IND|size);
4872 sappend(s, tmp);
4873 sappend(index->s, s);
4874 break;
4875
4876 case Q_IP:
4877 case Q_ARP:
4878 case Q_RARP:
4879 case Q_ATALK:
4880 case Q_DECNET:
4881 case Q_SCA:
4882 case Q_LAT:
4883 case Q_MOPRC:
4884 case Q_MOPDL:
4885 #ifdef INET6
4886 case Q_IPV6:
4887 #endif
4888 /* XXX Note that we assume a fixed link header here. */
4889 s = xfer_to_x(index);
4890 tmp = new_stmt(BPF_LD|BPF_IND|size);
4891 tmp->s.k = off_nl;
4892 sappend(s, tmp);
4893 sappend(index->s, s);
4894
4895 b = gen_proto_abbrev(proto);
4896 if (index->b)
4897 gen_and(index->b, b);
4898 index->b = b;
4899 break;
4900
4901 case Q_SCTP:
4902 case Q_TCP:
4903 case Q_UDP:
4904 case Q_ICMP:
4905 case Q_IGMP:
4906 case Q_IGRP:
4907 case Q_PIM:
4908 case Q_VRRP:
4909 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
4910 s->s.k = off_nl;
4911 sappend(s, xfer_to_a(index));
4912 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X));
4913 sappend(s, new_stmt(BPF_MISC|BPF_TAX));
4914 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size));
4915 tmp->s.k = off_nl;
4916 sappend(index->s, s);
4917
4918 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag());
4919 if (index->b)
4920 gen_and(index->b, b);
4921 #ifdef INET6
4922 gen_and(gen_proto_abbrev(Q_IP), b);
4923 #endif
4924 index->b = b;
4925 break;
4926 #ifdef INET6
4927 case Q_ICMPV6:
4928 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]");
4929 /*NOTREACHED*/
4930 #endif
4931 }
4932 index->regno = regno;
4933 s = new_stmt(BPF_ST);
4934 s->s.k = regno;
4935 sappend(index->s, s);
4936
4937 return index;
4938 }
4939
4940 struct block *
4941 gen_relation(code, a0, a1, reversed)
4942 int code;
4943 struct arth *a0, *a1;
4944 int reversed;
4945 {
4946 struct slist *s0, *s1, *s2;
4947 struct block *b, *tmp;
4948
4949 s0 = xfer_to_x(a1);
4950 s1 = xfer_to_a(a0);
4951 if (code == BPF_JEQ) {
4952 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X);
4953 b = new_block(JMP(code));
4954 sappend(s1, s2);
4955 }
4956 else
4957 b = new_block(BPF_JMP|code|BPF_X);
4958 if (reversed)
4959 gen_not(b);
4960
4961 sappend(s0, s1);
4962 sappend(a1->s, s0);
4963 sappend(a0->s, a1->s);
4964
4965 b->stmts = a0->s;
4966
4967 free_reg(a0->regno);
4968 free_reg(a1->regno);
4969
4970 /* 'and' together protocol checks */
4971 if (a0->b) {
4972 if (a1->b) {
4973 gen_and(a0->b, tmp = a1->b);
4974 }
4975 else
4976 tmp = a0->b;
4977 } else
4978 tmp = a1->b;
4979
4980 if (tmp)
4981 gen_and(tmp, b);
4982
4983 return b;
4984 }
4985
4986 struct arth *
4987 gen_loadlen()
4988 {
4989 int regno = alloc_reg();
4990 struct arth *a = (struct arth *)newchunk(sizeof(*a));
4991 struct slist *s;
4992
4993 s = new_stmt(BPF_LD|BPF_LEN);
4994 s->next = new_stmt(BPF_ST);
4995 s->next->s.k = regno;
4996 a->s = s;
4997 a->regno = regno;
4998
4999 return a;
5000 }
5001
5002 struct arth *
5003 gen_loadi(val)
5004 int val;
5005 {
5006 struct arth *a;
5007 struct slist *s;
5008 int reg;
5009
5010 a = (struct arth *)newchunk(sizeof(*a));
5011
5012 reg = alloc_reg();
5013
5014 s = new_stmt(BPF_LD|BPF_IMM);
5015 s->s.k = val;
5016 s->next = new_stmt(BPF_ST);
5017 s->next->s.k = reg;
5018 a->s = s;
5019 a->regno = reg;
5020
5021 return a;
5022 }
5023
5024 struct arth *
5025 gen_neg(a)
5026 struct arth *a;
5027 {
5028 struct slist *s;
5029
5030 s = xfer_to_a(a);
5031 sappend(a->s, s);
5032 s = new_stmt(BPF_ALU|BPF_NEG);
5033 s->s.k = 0;
5034 sappend(a->s, s);
5035 s = new_stmt(BPF_ST);
5036 s->s.k = a->regno;
5037 sappend(a->s, s);
5038
5039 return a;
5040 }
5041
5042 struct arth *
5043 gen_arth(code, a0, a1)
5044 int code;
5045 struct arth *a0, *a1;
5046 {
5047 struct slist *s0, *s1, *s2;
5048
5049 s0 = xfer_to_x(a1);
5050 s1 = xfer_to_a(a0);
5051 s2 = new_stmt(BPF_ALU|BPF_X|code);
5052
5053 sappend(s1, s2);
5054 sappend(s0, s1);
5055 sappend(a1->s, s0);
5056 sappend(a0->s, a1->s);
5057
5058 free_reg(a0->regno);
5059 free_reg(a1->regno);
5060
5061 s0 = new_stmt(BPF_ST);
5062 a0->regno = s0->s.k = alloc_reg();
5063 sappend(a0->s, s0);
5064
5065 return a0;
5066 }
5067
5068 /*
5069 * Here we handle simple allocation of the scratch registers.
5070 * If too many registers are alloc'd, the allocator punts.
5071 */
5072 static int regused[BPF_MEMWORDS];
5073 static int curreg;
5074
5075 /*
5076 * Return the next free register.
5077 */
5078 static int
5079 alloc_reg()
5080 {
5081 int n = BPF_MEMWORDS;
5082
5083 while (--n >= 0) {
5084 if (regused[curreg])
5085 curreg = (curreg + 1) % BPF_MEMWORDS;
5086 else {
5087 regused[curreg] = 1;
5088 return curreg;
5089 }
5090 }
5091 bpf_error("too many registers needed to evaluate expression");
5092 /* NOTREACHED */
5093 }
5094
5095 /*
5096 * Return a register to the table so it can
5097 * be used later.
5098 */
5099 static void
5100 free_reg(n)
5101 int n;
5102 {
5103 regused[n] = 0;
5104 }
5105
5106 static struct block *
5107 gen_len(jmp, n)
5108 int jmp, n;
5109 {
5110 struct slist *s;
5111 struct block *b;
5112
5113 s = new_stmt(BPF_LD|BPF_LEN);
5114 b = new_block(JMP(jmp));
5115 b->stmts = s;
5116 b->s.k = n;
5117
5118 return b;
5119 }
5120
5121 struct block *
5122 gen_greater(n)
5123 int n;
5124 {
5125 return gen_len(BPF_JGE, n);
5126 }
5127
5128 /*
5129 * Actually, this is less than or equal.
5130 */
5131 struct block *
5132 gen_less(n)
5133 int n;
5134 {
5135 struct block *b;
5136
5137 b = gen_len(BPF_JGT, n);
5138 gen_not(b);
5139
5140 return b;
5141 }
5142
5143 struct block *
5144 gen_byteop(op, idx, val)
5145 int op, idx, val;
5146 {
5147 struct block *b;
5148 struct slist *s;
5149
5150 switch (op) {
5151 default:
5152 abort();
5153
5154 case '=':
5155 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
5156
5157 case '<':
5158 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
5159 b->s.code = JMP(BPF_JGE);
5160 gen_not(b);
5161 return b;
5162
5163 case '>':
5164 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
5165 b->s.code = JMP(BPF_JGT);
5166 return b;
5167
5168 case '|':
5169 s = new_stmt(BPF_ALU|BPF_OR|BPF_K);
5170 break;
5171
5172 case '&':
5173 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
5174 break;
5175 }
5176 s->s.k = val;
5177 b = new_block(JMP(BPF_JEQ));
5178 b->stmts = s;
5179 gen_not(b);
5180
5181 return b;
5182 }
5183
5184 static u_char abroadcast[] = { 0x0 };
5185
5186 struct block *
5187 gen_broadcast(proto)
5188 int proto;
5189 {
5190 bpf_u_int32 hostmask;
5191 struct block *b0, *b1, *b2;
5192 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
5193
5194 switch (proto) {
5195
5196 case Q_DEFAULT:
5197 case Q_LINK:
5198 if (linktype == DLT_ARCNET || linktype == DLT_ARCNET_LINUX)
5199 return gen_ahostop(abroadcast, Q_DST);
5200 if (linktype == DLT_EN10MB)
5201 return gen_ehostop(ebroadcast, Q_DST);
5202 if (linktype == DLT_FDDI)
5203 return gen_fhostop(ebroadcast, Q_DST);
5204 if (linktype == DLT_IEEE802)
5205 return gen_thostop(ebroadcast, Q_DST);
5206 if (linktype == DLT_IEEE802_11)
5207 return gen_wlanhostop(ebroadcast, Q_DST);
5208 if (linktype == DLT_IP_OVER_FC)
5209 return gen_ipfchostop(ebroadcast, Q_DST);
5210 if (linktype == DLT_SUNATM && is_lane) {
5211 /*
5212 * Check that the packet doesn't begin with an
5213 * LE Control marker. (We've already generated
5214 * a test for LANE.)
5215 */
5216 b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
5217 gen_not(b1);
5218
5219 /*
5220 * Now check the MAC address.
5221 */
5222 b0 = gen_ehostop(ebroadcast, Q_DST);
5223 gen_and(b1, b0);
5224 return b0;
5225 }
5226 bpf_error("not a broadcast link");
5227 break;
5228
5229 case Q_IP:
5230 b0 = gen_linktype(ETHERTYPE_IP);
5231 hostmask = ~netmask;
5232 b1 = gen_mcmp(off_nl + 16, BPF_W, (bpf_int32)0, hostmask);
5233 b2 = gen_mcmp(off_nl + 16, BPF_W,
5234 (bpf_int32)(~0 & hostmask), hostmask);
5235 gen_or(b1, b2);
5236 gen_and(b0, b2);
5237 return b2;
5238 }
5239 bpf_error("only link-layer/IP broadcast filters supported");
5240 /* NOTREACHED */
5241 }
5242
5243 /*
5244 * Generate code to test the low-order bit of a MAC address (that's
5245 * the bottom bit of the *first* byte).
5246 */
5247 static struct block *
5248 gen_mac_multicast(offset)
5249 int offset;
5250 {
5251 register struct block *b0;
5252 register struct slist *s;
5253
5254 /* link[offset] & 1 != 0 */
5255 s = gen_load_llrel(offset, BPF_B);
5256 b0 = new_block(JMP(BPF_JSET));
5257 b0->s.k = 1;
5258 b0->stmts = s;
5259 return b0;
5260 }
5261
5262 struct block *
5263 gen_multicast(proto)
5264 int proto;
5265 {
5266 register struct block *b0, *b1, *b2;
5267 register struct slist *s;
5268
5269 switch (proto) {
5270
5271 case Q_DEFAULT:
5272 case Q_LINK:
5273 if (linktype == DLT_ARCNET || linktype == DLT_ARCNET_LINUX)
5274 /* all ARCnet multicasts use the same address */
5275 return gen_ahostop(abroadcast, Q_DST);
5276
5277 if (linktype == DLT_EN10MB) {
5278 /* ether[0] & 1 != 0 */
5279 return gen_mac_multicast(0);
5280 }
5281
5282 if (linktype == DLT_FDDI) {
5283 /*
5284 * XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX
5285 *
5286 * XXX - was that referring to bit-order issues?
5287 */
5288 /* fddi[1] & 1 != 0 */
5289 return gen_mac_multicast(1);
5290 }
5291
5292 if (linktype == DLT_IEEE802) {
5293 /* tr[2] & 1 != 0 */
5294 return gen_mac_multicast(2);
5295 }
5296
5297 if (linktype == DLT_IEEE802_11) {
5298 /*
5299 * Oh, yuk.
5300 *
5301 * For control frames, there is no DA.
5302 *
5303 * For management frames, DA is at an
5304 * offset of 4 from the beginning of
5305 * the packet.
5306 *
5307 * For data frames, DA is at an offset
5308 * of 4 from the beginning of the packet
5309 * if To DS is clear and at an offset of
5310 * 16 from the beginning of the packet
5311 * if To DS is set.
5312 */
5313
5314 /*
5315 * Generate the tests to be done for data frames.
5316 *
5317 * First, check for To DS set, i.e. "link[1] & 0x01".
5318 */
5319 s = gen_load_llrel(1, BPF_B);
5320 b1 = new_block(JMP(BPF_JSET));
5321 b1->s.k = 0x01; /* To DS */
5322 b1->stmts = s;
5323
5324 /*
5325 * If To DS is set, the DA is at 16.
5326 */
5327 b0 = gen_mac_multicast(16);
5328 gen_and(b1, b0);
5329
5330 /*
5331 * Now, check for To DS not set, i.e. check
5332 * "!(link[1] & 0x01)".
5333 */
5334 s = gen_load_llrel(1, BPF_B);
5335 b2 = new_block(JMP(BPF_JSET));
5336 b2->s.k = 0x01; /* To DS */
5337 b2->stmts = s;
5338 gen_not(b2);
5339
5340 /*
5341 * If To DS is not set, the DA is at 4.
5342 */
5343 b1 = gen_mac_multicast(4);
5344 gen_and(b2, b1);
5345
5346 /*
5347 * Now OR together the last two checks. That gives
5348 * the complete set of checks for data frames.
5349 */
5350 gen_or(b1, b0);
5351
5352 /*
5353 * Now check for a data frame.
5354 * I.e, check "link[0] & 0x08".
5355 */
5356 s = gen_load_llrel(0, BPF_B);
5357 b1 = new_block(JMP(BPF_JSET));
5358 b1->s.k = 0x08;
5359 b1->stmts = s;
5360
5361 /*
5362 * AND that with the checks done for data frames.
5363 */
5364 gen_and(b1, b0);
5365
5366 /*
5367 * If the high-order bit of the type value is 0, this
5368 * is a management frame.
5369 * I.e, check "!(link[0] & 0x08)".
5370 */
5371 s = gen_load_llrel(0, BPF_B);
5372 b2 = new_block(JMP(BPF_JSET));
5373 b2->s.k = 0x08;
5374 b2->stmts = s;
5375 gen_not(b2);
5376
5377 /*
5378 * For management frames, the DA is at 4.
5379 */
5380 b1 = gen_mac_multicast(4);
5381 gen_and(b2, b1);
5382
5383 /*
5384 * OR that with the checks done for data frames.
5385 * That gives the checks done for management and
5386 * data frames.
5387 */
5388 gen_or(b1, b0);
5389
5390 /*
5391 * If the low-order bit of the type value is 1,
5392 * this is either a control frame or a frame
5393 * with a reserved type, and thus not a
5394 * frame with an SA.
5395 *
5396 * I.e., check "!(link[0] & 0x04)".
5397 */
5398 s = gen_load_llrel(0, BPF_B);
5399 b1 = new_block(JMP(BPF_JSET));
5400 b1->s.k = 0x04;
5401 b1->stmts = s;
5402 gen_not(b1);
5403
5404 /*
5405 * AND that with the checks for data and management
5406 * frames.
5407 */
5408 gen_and(b1, b0);
5409 return b0;
5410 }
5411
5412 if (linktype == DLT_IP_OVER_FC) {
5413 b0 = gen_mac_multicast(2);
5414 return b0;
5415 }
5416
5417 if (linktype == DLT_SUNATM && is_lane) {
5418 /*
5419 * Check that the packet doesn't begin with an
5420 * LE Control marker. (We've already generated
5421 * a test for LANE.)
5422 */
5423 b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
5424 gen_not(b1);
5425
5426 /* ether[off_mac] & 1 != 0 */
5427 b0 = gen_mac_multicast(off_mac);
5428 gen_and(b1, b0);
5429 return b0;
5430 }
5431
5432 /* Link not known to support multicasts */
5433 break;
5434
5435 case Q_IP:
5436 b0 = gen_linktype(ETHERTYPE_IP);
5437 b1 = gen_cmp(off_nl + 16, BPF_B, (bpf_int32)224);
5438 b1->s.code = JMP(BPF_JGE);
5439 gen_and(b0, b1);
5440 return b1;
5441
5442 #ifdef INET6
5443 case Q_IPV6:
5444 b0 = gen_linktype(ETHERTYPE_IPV6);
5445 b1 = gen_cmp(off_nl + 24, BPF_B, (bpf_int32)255);
5446 gen_and(b0, b1);
5447 return b1;
5448 #endif /* INET6 */
5449 }
5450 bpf_error("link-layer multicast filters supported only on ethernet/FDDI/token ring/ARCNET/802.11/ATM LANE/Fibre Channel");
5451 /* NOTREACHED */
5452 }
5453
5454 /*
5455 * generate command for inbound/outbound. It's here so we can
5456 * make it link-type specific. 'dir' = 0 implies "inbound",
5457 * = 1 implies "outbound".
5458 */
5459 struct block *
5460 gen_inbound(dir)
5461 int dir;
5462 {
5463 register struct block *b0;
5464
5465 /*
5466 * Only some data link types support inbound/outbound qualifiers.
5467 */
5468 switch (linktype) {
5469 case DLT_SLIP:
5470 b0 = gen_relation(BPF_JEQ,
5471 gen_load(Q_LINK, gen_loadi(0), 1),
5472 gen_loadi(0),
5473 dir);
5474 break;
5475
5476 case DLT_LINUX_SLL:
5477 if (dir) {
5478 /*
5479 * Match packets sent by this machine.
5480 */
5481 b0 = gen_cmp(0, BPF_H, LINUX_SLL_OUTGOING);
5482 } else {
5483 /*
5484 * Match packets sent to this machine.
5485 * (No broadcast or multicast packets, or
5486 * packets sent to some other machine and
5487 * received promiscuously.)
5488 *
5489 * XXX - packets sent to other machines probably
5490 * shouldn't be matched, but what about broadcast
5491 * or multicast packets we received?
5492 */
5493 b0 = gen_cmp(0, BPF_H, LINUX_SLL_HOST);
5494 }
5495 break;
5496
5497 case DLT_PFLOG:
5498 b0 = gen_cmp(offsetof(struct pfloghdr, dir), BPF_B,
5499 (bpf_int32)((dir == 0) ? PF_IN : PF_OUT));
5500 break;
5501
5502 case DLT_PPP_PPPD:
5503 if (dir) {
5504 /* match outgoing packets */
5505 b0 = gen_cmp(0, BPF_B, PPP_PPPD_OUT);
5506 } else {
5507 /* match incoming packets */
5508 b0 = gen_cmp(0, BPF_B, PPP_PPPD_IN);
5509 }
5510 break;
5511
5512 case DLT_JUNIPER_MLFR:
5513 case DLT_JUNIPER_MLPPP:
5514 case DLT_JUNIPER_ATM1:
5515 case DLT_JUNIPER_ATM2:
5516 /* juniper flags (including direction) are stored
5517 * the byte after the 3-byte magic number */
5518 if (dir) {
5519 /* match outgoing packets */
5520 b0 = gen_mcmp(3, BPF_B, 0, 0x01);
5521 } else {
5522 /* match incoming packets */
5523 b0 = gen_mcmp(3, BPF_B, 1, 0x01);
5524 }
5525 break;
5526
5527 default:
5528 bpf_error("inbound/outbound not supported on linktype %d",
5529 linktype);
5530 b0 = NULL;
5531 /* NOTREACHED */
5532 }
5533 return (b0);
5534 }
5535
5536 /* PF firewall log matched interface */
5537 struct block *
5538 gen_pf_ifname(const char *ifname)
5539 {
5540 struct block *b0;
5541 u_int len, off;
5542
5543 if (linktype == DLT_PFLOG) {
5544 len = sizeof(((struct pfloghdr *)0)->ifname);
5545 off = offsetof(struct pfloghdr, ifname);
5546 } else {
5547 bpf_error("ifname not supported on linktype 0x%x", linktype);
5548 /* NOTREACHED */
5549 }
5550 if (strlen(ifname) >= len) {
5551 bpf_error("ifname interface names can only be %d characters",
5552 len-1);
5553 /* NOTREACHED */
5554 }
5555 b0 = gen_bcmp(off, strlen(ifname), (const u_char *)ifname);
5556 return (b0);
5557 }
5558
5559 /* PF firewall log matched interface */
5560 struct block *
5561 gen_pf_ruleset(char *ruleset)
5562 {
5563 struct block *b0;
5564
5565 if (linktype != DLT_PFLOG) {
5566 bpf_error("ruleset not supported on linktype 0x%x", linktype);
5567 /* NOTREACHED */
5568 }
5569 if (strlen(ruleset) >= sizeof(((struct pfloghdr *)0)->ruleset)) {
5570 bpf_error("ruleset names can only be %ld characters",
5571 (long)(sizeof(((struct pfloghdr *)0)->ruleset) - 1));
5572 /* NOTREACHED */
5573 }
5574 b0 = gen_bcmp(offsetof(struct pfloghdr, ruleset),
5575 strlen(ruleset), (const u_char *)ruleset);
5576 return (b0);
5577 }
5578
5579 /* PF firewall log rule number */
5580 struct block *
5581 gen_pf_rnr(int rnr)
5582 {
5583 struct block *b0;
5584
5585 if (linktype == DLT_PFLOG) {
5586 b0 = gen_cmp(offsetof(struct pfloghdr, rulenr), BPF_W,
5587 (bpf_int32)rnr);
5588 } else {
5589 bpf_error("rnr not supported on linktype 0x%x", linktype);
5590 /* NOTREACHED */
5591 }
5592
5593 return (b0);
5594 }
5595
5596 /* PF firewall log sub-rule number */
5597 struct block *
5598 gen_pf_srnr(int srnr)
5599 {
5600 struct block *b0;
5601
5602 if (linktype != DLT_PFLOG) {
5603 bpf_error("srnr not supported on linktype 0x%x", linktype);
5604 /* NOTREACHED */
5605 }
5606
5607 b0 = gen_cmp(offsetof(struct pfloghdr, subrulenr), BPF_W,
5608 (bpf_int32)srnr);
5609 return (b0);
5610 }
5611
5612 /* PF firewall log reason code */
5613 struct block *
5614 gen_pf_reason(int reason)
5615 {
5616 struct block *b0;
5617
5618 if (linktype == DLT_PFLOG) {
5619 b0 = gen_cmp(offsetof(struct pfloghdr, reason), BPF_B,
5620 (bpf_int32)reason);
5621 } else {
5622 bpf_error("reason not supported on linktype 0x%x", linktype);
5623 /* NOTREACHED */
5624 }
5625
5626 return (b0);
5627 }
5628
5629 /* PF firewall log action */
5630 struct block *
5631 gen_pf_action(int action)
5632 {
5633 struct block *b0;
5634
5635 if (linktype == DLT_PFLOG) {
5636 b0 = gen_cmp(offsetof(struct pfloghdr, action), BPF_B,
5637 (bpf_int32)action);
5638 } else {
5639 bpf_error("action not supported on linktype 0x%x", linktype);
5640 /* NOTREACHED */
5641 }
5642
5643 return (b0);
5644 }
5645
5646 struct block *
5647 gen_acode(eaddr, q)
5648 register const u_char *eaddr;
5649 struct qual q;
5650 {
5651 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
5652 if (linktype == DLT_ARCNET || linktype == DLT_ARCNET_LINUX)
5653 return gen_ahostop(eaddr, (int)q.dir);
5654 }
5655 bpf_error("ARCnet address used in non-arc expression");
5656 /* NOTREACHED */
5657 }
5658
5659 static struct block *
5660 gen_ahostop(eaddr, dir)
5661 register const u_char *eaddr;
5662 register int dir;
5663 {
5664 register struct block *b0, *b1;
5665
5666 switch (dir) {
5667 /* src comes first, different from Ethernet */
5668 case Q_SRC:
5669 return gen_bcmp(0, 1, eaddr);
5670
5671 case Q_DST:
5672 return gen_bcmp(1, 1, eaddr);
5673
5674 case Q_AND:
5675 b0 = gen_ahostop(eaddr, Q_SRC);
5676 b1 = gen_ahostop(eaddr, Q_DST);
5677 gen_and(b0, b1);
5678 return b1;
5679
5680 case Q_DEFAULT:
5681 case Q_OR:
5682 b0 = gen_ahostop(eaddr, Q_SRC);
5683 b1 = gen_ahostop(eaddr, Q_DST);
5684 gen_or(b0, b1);
5685 return b1;
5686 }
5687 abort();
5688 /* NOTREACHED */
5689 }
5690
5691 /*
5692 * support IEEE 802.1Q VLAN trunk over ethernet
5693 */
5694 struct block *
5695 gen_vlan(vlan_num)
5696 int vlan_num;
5697 {
5698 struct block *b0;
5699
5700 /*
5701 * Change the offsets to point to the type and data fields within
5702 * the VLAN packet. Just increment the offsets, so that we
5703 * can support a hierarchy, e.g. "vlan 300 && vlan 200" to
5704 * capture VLAN 200 encapsulated within VLAN 100.
5705 *
5706 * XXX - this is a bit of a kludge. If we were to split the
5707 * compiler into a parser that parses an expression and
5708 * generates an expression tree, and a code generator that
5709 * takes an expression tree (which could come from our
5710 * parser or from some other parser) and generates BPF code,
5711 * we could perhaps make the offsets parameters of routines
5712 * and, in the handler for an "AND" node, pass to subnodes
5713 * other than the VLAN node the adjusted offsets.
5714 *
5715 * This would mean that "vlan" would, instead of changing the
5716 * behavior of *all* tests after it, change only the behavior
5717 * of tests ANDed with it. That would change the documented
5718 * semantics of "vlan", which might break some expressions.
5719 * However, it would mean that "(vlan and ip) or ip" would check
5720 * both for VLAN-encapsulated IP and IP-over-Ethernet, rather than
5721 * checking only for VLAN-encapsulated IP, so that could still
5722 * be considered worth doing; it wouldn't break expressions
5723 * that are of the form "vlan and ..." or "vlan N and ...",
5724 * which I suspect are the most common expressions involving
5725 * "vlan". "vlan or ..." doesn't necessarily do what the user
5726 * would really want, now, as all the "or ..." tests would
5727 * be done assuming a VLAN, even though the "or" could be viewed
5728 * as meaning "or, if this isn't a VLAN packet...".
5729 */
5730 orig_linktype = off_linktype; /* save original values */
5731 orig_nl = off_nl;
5732
5733 switch (linktype) {
5734
5735 case DLT_EN10MB:
5736 off_linktype += 4;
5737 off_nl_nosnap += 4;
5738 off_nl += 4;
5739 break;
5740
5741 default:
5742 bpf_error("no VLAN support for data link type %d",
5743 linktype);
5744 /*NOTREACHED*/
5745 }
5746
5747 /* check for VLAN */
5748 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q);
5749
5750 /* If a specific VLAN is requested, check VLAN id */
5751 if (vlan_num >= 0) {
5752 struct block *b1;
5753
5754 b1 = gen_mcmp(orig_nl, BPF_H, (bpf_int32)vlan_num, 0x0fff);
5755 gen_and(b0, b1);
5756 b0 = b1;
5757 }
5758
5759 return (b0);
5760 }
5761
5762 /*
5763 * support for MPLS
5764 */
5765 struct block *
5766 gen_mpls(label_num)
5767 int label_num;
5768 {
5769 struct block *b0;
5770
5771 /*
5772 * Change the offsets to point to the type and data fields within
5773 * the MPLS packet. Just increment the offsets, so that we
5774 * can support a hierarchy, e.g. "mpls 100000 && mpls 1024" to
5775 * capture packets with an outer label of 100000 and an inner
5776 * label of 1024.
5777 *
5778 * XXX - this is a bit of a kludge. See comments in gen_vlan().
5779 */
5780 orig_linktype = off_linktype; /* save original values */
5781 orig_nl = off_nl;
5782
5783 switch (linktype) {
5784
5785 case DLT_C_HDLC: /* fall through */
5786 case DLT_EN10MB:
5787 off_linktype += 4;
5788 off_nl_nosnap += 4;
5789 off_nl += 4;
5790
5791 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_MPLS);
5792 break;
5793
5794 case DLT_PPP:
5795 off_linktype += 4;
5796 off_nl_nosnap += 4;
5797 off_nl += 4;
5798
5799 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)PPP_MPLS_UCAST);
5800 break;
5801
5802 /* FIXME add other DLT_s ...
5803 * for Frame-Relay/and ATM this may get messy due to SNAP headers
5804 * leave it for now */
5805
5806 default:
5807 bpf_error("no MPLS support for data link type %d",
5808 linktype);
5809 b0 = NULL;
5810 /*NOTREACHED*/
5811 break;
5812 }
5813
5814 /* If a specific MPLS label is requested, check it */
5815 if (label_num >= 0) {
5816 struct block *b1;
5817
5818 label_num = label_num << 12; /* label is shifted 12 bits on the wire */
5819 b1 = gen_mcmp(orig_nl, BPF_W, (bpf_int32)label_num, 0xfffff000); /* only compare the first 20 bits */
5820 gen_and(b0, b1);
5821 b0 = b1;
5822 }
5823
5824 return (b0);
5825 }
5826
5827 struct block *
5828 gen_atmfield_code(atmfield, jvalue, jtype, reverse)
5829 int atmfield;
5830 bpf_u_int32 jvalue;
5831 bpf_u_int32 jtype;
5832 int reverse;
5833 {
5834 struct block *b0;
5835
5836 switch (atmfield) {
5837
5838 case A_VPI:
5839 if (!is_atm)
5840 bpf_error("'vpi' supported only on raw ATM");
5841 if (off_vpi == (u_int)-1)
5842 abort();
5843 b0 = gen_ncmp(BPF_B, off_vpi, 0xffffffff, (u_int)jtype,
5844 (u_int)jvalue, reverse);
5845 break;
5846
5847 case A_VCI:
5848 if (!is_atm)
5849 bpf_error("'vci' supported only on raw ATM");
5850 if (off_vci == (u_int)-1)
5851 abort();
5852 b0 = gen_ncmp(BPF_H, off_vci, 0xffffffff, (u_int)jtype,
5853 (u_int)jvalue, reverse);
5854 break;
5855
5856 case A_PROTOTYPE:
5857 if (off_proto == (u_int)-1)
5858 abort(); /* XXX - this isn't on FreeBSD */
5859 b0 = gen_ncmp(BPF_B, off_proto, 0x0f, (u_int)jtype,
5860 (u_int)jvalue, reverse);
5861 break;
5862
5863 case A_MSGTYPE:
5864 if (off_payload == (u_int)-1)
5865 abort();
5866 b0 = gen_ncmp(BPF_B, off_payload + MSG_TYPE_POS, 0xffffffff,
5867 (u_int)jtype, (u_int)jvalue, reverse);
5868 break;
5869
5870 case A_CALLREFTYPE:
5871 if (!is_atm)
5872 bpf_error("'callref' supported only on raw ATM");
5873 if (off_proto == (u_int)-1)
5874 abort();
5875 b0 = gen_ncmp(BPF_B, off_proto, 0xffffffff, (u_int)jtype,
5876 (u_int)jvalue, reverse);
5877 break;
5878
5879 default:
5880 abort();
5881 }
5882 return b0;
5883 }
5884
5885 struct block *
5886 gen_atmtype_abbrev(type)
5887 int type;
5888 {
5889 struct block *b0, *b1;
5890
5891 switch (type) {
5892
5893 case A_METAC:
5894 /* Get all packets in Meta signalling Circuit */
5895 if (!is_atm)
5896 bpf_error("'metac' supported only on raw ATM");
5897 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5898 b1 = gen_atmfield_code(A_VCI, 1, BPF_JEQ, 0);
5899 gen_and(b0, b1);
5900 break;
5901
5902 case A_BCC:
5903 /* Get all packets in Broadcast Circuit*/
5904 if (!is_atm)
5905 bpf_error("'bcc' supported only on raw ATM");
5906 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5907 b1 = gen_atmfield_code(A_VCI, 2, BPF_JEQ, 0);
5908 gen_and(b0, b1);
5909 break;
5910
5911 case A_OAMF4SC:
5912 /* Get all cells in Segment OAM F4 circuit*/
5913 if (!is_atm)
5914 bpf_error("'oam4sc' supported only on raw ATM");
5915 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5916 b1 = gen_atmfield_code(A_VCI, 3, BPF_JEQ, 0);
5917 gen_and(b0, b1);
5918 break;
5919
5920 case A_OAMF4EC:
5921 /* Get all cells in End-to-End OAM F4 Circuit*/
5922 if (!is_atm)
5923 bpf_error("'oam4ec' supported only on raw ATM");
5924 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5925 b1 = gen_atmfield_code(A_VCI, 4, BPF_JEQ, 0);
5926 gen_and(b0, b1);
5927 break;
5928
5929 case A_SC:
5930 /* Get all packets in connection Signalling Circuit */
5931 if (!is_atm)
5932 bpf_error("'sc' supported only on raw ATM");
5933 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5934 b1 = gen_atmfield_code(A_VCI, 5, BPF_JEQ, 0);
5935 gen_and(b0, b1);
5936 break;
5937
5938 case A_ILMIC:
5939 /* Get all packets in ILMI Circuit */
5940 if (!is_atm)
5941 bpf_error("'ilmic' supported only on raw ATM");
5942 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5943 b1 = gen_atmfield_code(A_VCI, 16, BPF_JEQ, 0);
5944 gen_and(b0, b1);
5945 break;
5946
5947 case A_LANE:
5948 /* Get all LANE packets */
5949 if (!is_atm)
5950 bpf_error("'lane' supported only on raw ATM");
5951 b1 = gen_atmfield_code(A_PROTOTYPE, PT_LANE, BPF_JEQ, 0);
5952
5953 /*
5954 * Arrange that all subsequent tests assume LANE
5955 * rather than LLC-encapsulated packets, and set
5956 * the offsets appropriately for LANE-encapsulated
5957 * Ethernet.
5958 *
5959 * "off_mac" is the offset of the Ethernet header,
5960 * which is 2 bytes past the ATM pseudo-header
5961 * (skipping the pseudo-header and 2-byte LE Client
5962 * field). The other offsets are Ethernet offsets
5963 * relative to "off_mac".
5964 */
5965 is_lane = 1;
5966 off_mac = off_payload + 2; /* MAC header */
5967 off_linktype = off_mac + 12;
5968 off_nl = off_mac + 14; /* Ethernet II */
5969 off_nl_nosnap = off_mac + 17; /* 802.3+802.2 */
5970 break;
5971
5972 case A_LLC:
5973 /* Get all LLC-encapsulated packets */
5974 if (!is_atm)
5975 bpf_error("'llc' supported only on raw ATM");
5976 b1 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0);
5977 is_lane = 0;
5978 break;
5979
5980 default:
5981 abort();
5982 }
5983 return b1;
5984 }
5985
5986
5987 static struct block *
5988 gen_msg_abbrev(type)
5989 int type;
5990 {
5991 struct block *b1;
5992
5993 /*
5994 * Q.2931 signalling protocol messages for handling virtual circuits
5995 * establishment and teardown
5996 */
5997 switch (type) {
5998
5999 case A_SETUP:
6000 b1 = gen_atmfield_code(A_MSGTYPE, SETUP, BPF_JEQ, 0);
6001 break;
6002
6003 case A_CALLPROCEED:
6004 b1 = gen_atmfield_code(A_MSGTYPE, CALL_PROCEED, BPF_JEQ, 0);
6005 break;
6006
6007 case A_CONNECT:
6008 b1 = gen_atmfield_code(A_MSGTYPE, CONNECT, BPF_JEQ, 0);
6009 break;
6010
6011 case A_CONNECTACK:
6012 b1 = gen_atmfield_code(A_MSGTYPE, CONNECT_ACK, BPF_JEQ, 0);
6013 break;
6014
6015 case A_RELEASE:
6016 b1 = gen_atmfield_code(A_MSGTYPE, RELEASE, BPF_JEQ, 0);
6017 break;
6018
6019 case A_RELEASE_DONE:
6020 b1 = gen_atmfield_code(A_MSGTYPE, RELEASE_DONE, BPF_JEQ, 0);
6021 break;
6022
6023 default:
6024 abort();
6025 }
6026 return b1;
6027 }
6028
6029 struct block *
6030 gen_atmmulti_abbrev(type)
6031 int type;
6032 {
6033 struct block *b0, *b1;
6034
6035 switch (type) {
6036
6037 case A_OAM:
6038 if (!is_atm)
6039 bpf_error("'oam' supported only on raw ATM");
6040 b1 = gen_atmmulti_abbrev(A_OAMF4);
6041 break;
6042
6043 case A_OAMF4:
6044 if (!is_atm)
6045 bpf_error("'oamf4' supported only on raw ATM");
6046 /* OAM F4 type */
6047 b0 = gen_atmfield_code(A_VCI, 3, BPF_JEQ, 0);
6048 b1 = gen_atmfield_code(A_VCI, 4, BPF_JEQ, 0);
6049 gen_or(b0, b1);
6050 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
6051 gen_and(b0, b1);
6052 break;
6053
6054 case A_CONNECTMSG:
6055 /*
6056 * Get Q.2931 signalling messages for switched
6057 * virtual connection
6058 */
6059 if (!is_atm)
6060 bpf_error("'connectmsg' supported only on raw ATM");
6061 b0 = gen_msg_abbrev(A_SETUP);
6062 b1 = gen_msg_abbrev(A_CALLPROCEED);
6063 gen_or(b0, b1);
6064 b0 = gen_msg_abbrev(A_CONNECT);
6065 gen_or(b0, b1);
6066 b0 = gen_msg_abbrev(A_CONNECTACK);
6067 gen_or(b0, b1);
6068 b0 = gen_msg_abbrev(A_RELEASE);
6069 gen_or(b0, b1);
6070 b0 = gen_msg_abbrev(A_RELEASE_DONE);
6071 gen_or(b0, b1);
6072 b0 = gen_atmtype_abbrev(A_SC);
6073 gen_and(b0, b1);
6074 break;
6075
6076 case A_METACONNECT:
6077 if (!is_atm)
6078 bpf_error("'metaconnect' supported only on raw ATM");
6079 b0 = gen_msg_abbrev(A_SETUP);
6080 b1 = gen_msg_abbrev(A_CALLPROCEED);
6081 gen_or(b0, b1);
6082 b0 = gen_msg_abbrev(A_CONNECT);
6083 gen_or(b0, b1);
6084 b0 = gen_msg_abbrev(A_RELEASE);
6085 gen_or(b0, b1);
6086 b0 = gen_msg_abbrev(A_RELEASE_DONE);
6087 gen_or(b0, b1);
6088 b0 = gen_atmtype_abbrev(A_METAC);
6089 gen_and(b0, b1);
6090 break;
6091
6092 default:
6093 abort();
6094 }
6095 return b1;
6096 }
[mirror] the LIBpcap interface to various kernel packet capture mechanism