]> The Tcpdump Group git mirrors - libpcap/blob - gencode.c
projects / libpcap / blob


4ada21b29b37ce2d7f95eda0a30d53adbad19088
[libpcap] / gencode.c
1 /*#define CHASE_CHAIN*/
2 /*
3 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998
4 * The Regents of the University of California. All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that: (1) source code distributions
8 * retain the above copyright notice and this paragraph in its entirety, (2)
9 * distributions including binary code include the above copyright notice and
10 * this paragraph in its entirety in the documentation or other materials
11 * provided with the distribution, and (3) all advertising materials mentioning
12 * features or use of this software display the following acknowledgement:
13 * ``This product includes software developed by the University of California,
14 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
15 * the University nor the names of its contributors may be used to endorse
16 * or promote products derived from this software without specific prior
17 * written permission.
18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
19 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
20 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
21 */
22 #ifndef lint
23 static const char rcsid[] =
24 "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.171 2002-08-02 03:44:19 guy Exp $ (LBL)";
25 #endif
26
27 #ifdef HAVE_CONFIG_H
28 #include "config.h"
29 #endif
30
31 #ifdef WIN32
32 #include <pcap-stdinc.h>
33
34 #ifdef __MINGW32__
35 #include "IP6_misc.h"
36 #endif
37
38 #else /* WIN32 */
39
40 #include <sys/types.h>
41 #include <sys/socket.h>
42 #include <sys/time.h>
43 #ifdef __NetBSD__
44 #include <sys/param.h>
45 #endif
46
47 struct mbuf; /* Squelch compiler warnings on some platforms for */
48 struct rtentry; /* declarations in <net/if.h> */
49 #include <net/if.h>
50
51 #include <netinet/in.h>
52
53 #endif /* WIN32 */
54
55 #include <stdlib.h>
56 #include <string.h>
57 #include <memory.h>
58 #include <setjmp.h>
59 #include <stdarg.h>
60
61 #include "pcap-int.h"
62
63 #include "ethertype.h"
64 #include "nlpid.h"
65 #include "llc.h"
66 #include "gencode.h"
67 #include "atmuni31.h"
68 #include "sunatmpos.h"
69 #include "ppp.h"
70 #include "sll.h"
71 #include "arcnet.h"
72 #ifndef WIN32
73 #ifdef INET6
74 #include <netdb.h> /* for "struct addrinfo" */
75 #endif /*INET6*/
76 #endif /* WIN32 */
77 #include <pcap-namedb.h>
78
79 #define ETHERMTU 1500
80
81 #ifndef IPPROTO_SCTP
82 #define IPPROTO_SCTP 132
83 #endif
84
85 #ifdef HAVE_OS_PROTO_H
86 #include "os-proto.h"
87 #endif
88
89 #define JMP(c) ((c)|BPF_JMP|BPF_K)
90
91 /* Locals */
92 static jmp_buf top_ctx;
93 static pcap_t *bpf_pcap;
94
95 /* Hack for updating VLAN offsets. */
96 static u_int orig_linktype = -1, orig_nl = -1, orig_nl_nosnap = -1;
97
98 /* XXX */
99 #ifdef PCAP_FDDIPAD
100 int pcap_fddipad = PCAP_FDDIPAD;
101 #else
102 int pcap_fddipad;
103 #endif
104
105 /* VARARGS */
106 void
107 bpf_error(const char *fmt, ...)
108
109 {
110 va_list ap;
111
112 va_start(ap, fmt);
113 if (bpf_pcap != NULL)
114 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE,
115 fmt, ap);
116 va_end(ap);
117 longjmp(top_ctx, 1);
118 /* NOTREACHED */
119 }
120
121 static void init_linktype(int);
122
123 static int alloc_reg(void);
124 static void free_reg(int);
125
126 static struct block *root;
127
128 /*
129 * We divy out chunks of memory rather than call malloc each time so
130 * we don't have to worry about leaking memory. It's probably
131 * not a big deal if all this memory was wasted but it this ever
132 * goes into a library that would probably not be a good idea.
133 */
134 #define NCHUNKS 16
135 #define CHUNK0SIZE 1024
136 struct chunk {
137 u_int n_left;
138 void *m;
139 };
140
141 static struct chunk chunks[NCHUNKS];
142 static int cur_chunk;
143
144 static void *newchunk(u_int);
145 static void freechunks(void);
146 static inline struct block *new_block(int);
147 static inline struct slist *new_stmt(int);
148 static struct block *gen_retblk(int);
149 static inline void syntax(void);
150
151 static void backpatch(struct block *, struct block *);
152 static void merge(struct block *, struct block *);
153 static struct block *gen_cmp(u_int, u_int, bpf_int32);
154 static struct block *gen_cmp_gt(u_int, u_int, bpf_int32);
155 static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32);
156 static struct block *gen_bcmp(u_int, u_int, const u_char *);
157 static struct block *gen_ncmp(bpf_u_int32, bpf_u_int32, bpf_u_int32,
158 bpf_u_int32, bpf_u_int32, int);
159 static struct block *gen_uncond(int);
160 static inline struct block *gen_true(void);
161 static inline struct block *gen_false(void);
162 static struct block *gen_linktype(int);
163 static struct block *gen_snap(bpf_u_int32, bpf_u_int32, u_int);
164 static struct block *gen_llc(int);
165 static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int);
166 #ifdef INET6
167 static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int);
168 #endif
169 static struct block *gen_ahostop(const u_char *, int);
170 static struct block *gen_ehostop(const u_char *, int);
171 static struct block *gen_fhostop(const u_char *, int);
172 static struct block *gen_thostop(const u_char *, int);
173 static struct block *gen_dnhostop(bpf_u_int32, int, u_int);
174 static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int);
175 #ifdef INET6
176 static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int);
177 #endif
178 #ifndef INET6
179 static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int);
180 #endif
181 static struct block *gen_ipfrag(void);
182 static struct block *gen_portatom(int, bpf_int32);
183 #ifdef INET6
184 static struct block *gen_portatom6(int, bpf_int32);
185 #endif
186 struct block *gen_portop(int, int, int);
187 static struct block *gen_port(int, int, int);
188 #ifdef INET6
189 struct block *gen_portop6(int, int, int);
190 static struct block *gen_port6(int, int, int);
191 #endif
192 static int lookup_proto(const char *, int);
193 static struct block *gen_protochain(int, int, int);
194 static struct block *gen_proto(int, int, int);
195 static struct slist *xfer_to_x(struct arth *);
196 static struct slist *xfer_to_a(struct arth *);
197 static struct block *gen_len(int, int);
198
199 static struct block *gen_msg_abbrev(int type);
200
201 static void *
202 newchunk(n)
203 u_int n;
204 {
205 struct chunk *cp;
206 int k, size;
207
208 #ifndef __NetBSD__
209 /* XXX Round up to nearest long. */
210 n = (n + sizeof(long) - 1) & ~(sizeof(long) - 1);
211 #else
212 /* XXX Round up to structure boundary. */
213 n = ALIGN(n);
214 #endif
215
216 cp = &chunks[cur_chunk];
217 if (n > cp->n_left) {
218 ++cp, k = ++cur_chunk;
219 if (k >= NCHUNKS)
220 bpf_error("out of memory");
221 size = CHUNK0SIZE << k;
222 cp->m = (void *)malloc(size);
223 memset((char *)cp->m, 0, size);
224 cp->n_left = size;
225 if (n > size)
226 bpf_error("out of memory");
227 }
228 cp->n_left -= n;
229 return (void *)((char *)cp->m + cp->n_left);
230 }
231
232 static void
233 freechunks()
234 {
235 int i;
236
237 cur_chunk = 0;
238 for (i = 0; i < NCHUNKS; ++i)
239 if (chunks[i].m != NULL) {
240 free(chunks[i].m);
241 chunks[i].m = NULL;
242 }
243 }
244
245 /*
246 * A strdup whose allocations are freed after code generation is over.
247 */
248 char *
249 sdup(s)
250 register const char *s;
251 {
252 int n = strlen(s) + 1;
253 char *cp = newchunk(n);
254
255 strlcpy(cp, s, n);
256 return (cp);
257 }
258
259 static inline struct block *
260 new_block(code)
261 int code;
262 {
263 struct block *p;
264
265 p = (struct block *)newchunk(sizeof(*p));
266 p->s.code = code;
267 p->head = p;
268
269 return p;
270 }
271
272 static inline struct slist *
273 new_stmt(code)
274 int code;
275 {
276 struct slist *p;
277
278 p = (struct slist *)newchunk(sizeof(*p));
279 p->s.code = code;
280
281 return p;
282 }
283
284 static struct block *
285 gen_retblk(v)
286 int v;
287 {
288 struct block *b = new_block(BPF_RET|BPF_K);
289
290 b->s.k = v;
291 return b;
292 }
293
294 static inline void
295 syntax()
296 {
297 bpf_error("syntax error in filter expression");
298 }
299
300 static bpf_u_int32 netmask;
301 static int snaplen;
302 int no_optimize;
303
304 int
305 pcap_compile(pcap_t *p, struct bpf_program *program,
306 char *buf, int optimize, bpf_u_int32 mask)
307 {
308 extern int n_errors;
309 int len;
310
311 no_optimize = 0;
312 n_errors = 0;
313 root = NULL;
314 bpf_pcap = p;
315 if (setjmp(top_ctx)) {
316 lex_cleanup();
317 freechunks();
318 return (-1);
319 }
320
321 netmask = mask;
322
323 snaplen = pcap_snapshot(p);
324 if (snaplen == 0) {
325 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
326 "snaplen of 0 rejects all packets");
327 return -1;
328 }
329
330 lex_init(buf ? buf : "");
331 init_linktype(pcap_datalink(p));
332 (void)pcap_parse();
333
334 if (n_errors)
335 syntax();
336
337 if (root == NULL)
338 root = gen_retblk(snaplen);
339
340 if (optimize && !no_optimize) {
341 bpf_optimize(&root);
342 if (root == NULL ||
343 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0))
344 bpf_error("expression rejects all packets");
345 }
346 program->bf_insns = icode_to_fcode(root, &len);
347 program->bf_len = len;
348
349 lex_cleanup();
350 freechunks();
351 return (0);
352 }
353
354 /*
355 * entry point for using the compiler with no pcap open
356 * pass in all the stuff that is needed explicitly instead.
357 */
358 int
359 pcap_compile_nopcap(int snaplen_arg, int linktype_arg,
360 struct bpf_program *program,
361 char *buf, int optimize, bpf_u_int32 mask)
362 {
363 pcap_t *p;
364 int ret;
365
366 p = pcap_open_dead(linktype_arg, snaplen_arg);
367 if (p == NULL)
368 return (-1);
369 ret = pcap_compile(p, program, buf, optimize, mask);
370 pcap_close(p);
371 return (ret);
372 }
373
374 /*
375 * Clean up a "struct bpf_program" by freeing all the memory allocated
376 * in it.
377 */
378 void
379 pcap_freecode(struct bpf_program *program)
380 {
381 program->bf_len = 0;
382 if (program->bf_insns != NULL) {
383 free((char *)program->bf_insns);
384 program->bf_insns = NULL;
385 }
386 }
387
388 /*
389 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates
390 * which of the jt and jf fields has been resolved and which is a pointer
391 * back to another unresolved block (or nil). At least one of the fields
392 * in each block is already resolved.
393 */
394 static void
395 backpatch(list, target)
396 struct block *list, *target;
397 {
398 struct block *next;
399
400 while (list) {
401 if (!list->sense) {
402 next = JT(list);
403 JT(list) = target;
404 } else {
405 next = JF(list);
406 JF(list) = target;
407 }
408 list = next;
409 }
410 }
411
412 /*
413 * Merge the lists in b0 and b1, using the 'sense' field to indicate
414 * which of jt and jf is the link.
415 */
416 static void
417 merge(b0, b1)
418 struct block *b0, *b1;
419 {
420 register struct block **p = &b0;
421
422 /* Find end of list. */
423 while (*p)
424 p = !((*p)->sense) ? &JT(*p) : &JF(*p);
425
426 /* Concatenate the lists. */
427 *p = b1;
428 }
429
430 void
431 finish_parse(p)
432 struct block *p;
433 {
434 backpatch(p, gen_retblk(snaplen));
435 p->sense = !p->sense;
436 backpatch(p, gen_retblk(0));
437 root = p->head;
438 }
439
440 void
441 gen_and(b0, b1)
442 struct block *b0, *b1;
443 {
444 backpatch(b0, b1->head);
445 b0->sense = !b0->sense;
446 b1->sense = !b1->sense;
447 merge(b1, b0);
448 b1->sense = !b1->sense;
449 b1->head = b0->head;
450 }
451
452 void
453 gen_or(b0, b1)
454 struct block *b0, *b1;
455 {
456 b0->sense = !b0->sense;
457 backpatch(b0, b1->head);
458 b0->sense = !b0->sense;
459 merge(b1, b0);
460 b1->head = b0->head;
461 }
462
463 void
464 gen_not(b)
465 struct block *b;
466 {
467 b->sense = !b->sense;
468 }
469
470 static struct block *
471 gen_cmp(offset, size, v)
472 u_int offset, size;
473 bpf_int32 v;
474 {
475 struct slist *s;
476 struct block *b;
477
478 s = new_stmt(BPF_LD|BPF_ABS|size);
479 s->s.k = offset;
480
481 b = new_block(JMP(BPF_JEQ));
482 b->stmts = s;
483 b->s.k = v;
484
485 return b;
486 }
487
488 static struct block *
489 gen_cmp_gt(offset, size, v)
490 u_int offset, size;
491 bpf_int32 v;
492 {
493 struct slist *s;
494 struct block *b;
495
496 s = new_stmt(BPF_LD|BPF_ABS|size);
497 s->s.k = offset;
498
499 b = new_block(JMP(BPF_JGT));
500 b->stmts = s;
501 b->s.k = v;
502
503 return b;
504 }
505
506 static struct block *
507 gen_mcmp(offset, size, v, mask)
508 u_int offset, size;
509 bpf_int32 v;
510 bpf_u_int32 mask;
511 {
512 struct block *b = gen_cmp(offset, size, v);
513 struct slist *s;
514
515 if (mask != 0xffffffff) {
516 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
517 s->s.k = mask;
518 b->stmts->next = s;
519 }
520 return b;
521 }
522
523 static struct block *
524 gen_bcmp(offset, size, v)
525 register u_int offset, size;
526 register const u_char *v;
527 {
528 register struct block *b, *tmp;
529
530 b = NULL;
531 while (size >= 4) {
532 register const u_char *p = &v[size - 4];
533 bpf_int32 w = ((bpf_int32)p[0] << 24) |
534 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3];
535
536 tmp = gen_cmp(offset + size - 4, BPF_W, w);
537 if (b != NULL)
538 gen_and(b, tmp);
539 b = tmp;
540 size -= 4;
541 }
542 while (size >= 2) {
543 register const u_char *p = &v[size - 2];
544 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1];
545
546 tmp = gen_cmp(offset + size - 2, BPF_H, w);
547 if (b != NULL)
548 gen_and(b, tmp);
549 b = tmp;
550 size -= 2;
551 }
552 if (size > 0) {
553 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]);
554 if (b != NULL)
555 gen_and(b, tmp);
556 b = tmp;
557 }
558 return b;
559 }
560
561 static struct block *
562 gen_ncmp(datasize, offset, mask, jtype, jvalue, reverse)
563 bpf_u_int32 datasize, offset, mask, jtype, jvalue;
564 int reverse;
565 {
566 struct slist *s;
567 struct block *b;
568
569 s = new_stmt(BPF_LD|datasize|BPF_ABS);
570 s->s.k = offset;
571
572 if (mask != 0xffffffff) {
573 s->next = new_stmt(BPF_ALU|BPF_AND|BPF_K);
574 s->next->s.k = mask;
575 }
576
577 b = new_block(JMP(jtype));
578 b->stmts = s;
579 b->s.k = jvalue;
580 if (reverse && (jtype == BPF_JGT || jtype == BPF_JGE))
581 gen_not(b);
582 return b;
583 }
584
585 /*
586 * Various code constructs need to know the layout of the data link
587 * layer. These variables give the necessary offsets.
588 */
589
590 /*
591 * "off_linktype" is the offset to information in the link-layer header
592 * giving the packet type.
593 *
594 * For Ethernet, it's the offset of the Ethernet type field.
595 *
596 * For link-layer types that always use 802.2 headers, it's the
597 * offset of the LLC header.
598 *
599 * For PPP, it's the offset of the PPP type field.
600 *
601 * For Cisco HDLC, it's the offset of the CHDLC type field.
602 *
603 * For BSD loopback, it's the offset of the AF_ value.
604 *
605 * For Linux cooked sockets, it's the offset of the type field.
606 *
607 * It's set to -1 for no encapsulation, in which case, IP is assumed.
608 */
609 static u_int off_linktype;
610
611 /*
612 * TRUE if the link layer includes an ATM pseudo-header.
613 */
614 static int is_atm = 0;
615
616 /*
617 * These are offsets for the ATM pseudo-header.
618 */
619 static u_int off_vpi;
620 static u_int off_vci;
621 static u_int off_proto;
622
623 /*
624 * This is the offset to the message type for Q.2931 messages.
625 */
626 static u_int off_msg_type;
627
628 /*
629 * These are offsets to the beginning of the network-layer header.
630 *
631 * If the link layer never uses 802.2 LLC:
632 *
633 * "off_nl" and "off_nl_nosnap" are the same.
634 *
635 * If the link layer always uses 802.2 LLC:
636 *
637 * "off_nl" is the offset if there's a SNAP header following
638 * the 802.2 header;
639 *
640 * "off_nl_nosnap" is the offset if there's no SNAP header.
641 *
642 * If the link layer is Ethernet:
643 *
644 * "off_nl" is the offset if the packet is an Ethernet II packet
645 * (we assume no 802.3+802.2+SNAP);
646 *
647 * "off_nl_nosnap" is the offset if the packet is an 802.3 packet
648 * with an 802.2 header following it.
649 */
650 static u_int off_nl;
651 static u_int off_nl_nosnap;
652
653 static int linktype;
654
655 static void
656 init_linktype(type)
657 int type;
658 {
659 linktype = type;
660
661 /*
662 * Assume it's not raw ATM with a pseudo-header, for now.
663 */
664 is_atm = 0;
665 off_vpi = -1;
666 off_vci = -1;
667 off_proto = -1;
668 off_msg_type = -1;
669
670 orig_linktype = -1;
671 orig_nl = -1;
672 orig_nl_nosnap = -1;
673
674 switch (type) {
675
676 case DLT_ARCNET:
677 off_linktype = 2;
678 off_nl = 6; /* XXX in reality, variable! */
679 off_nl_nosnap = 6; /* no 802.2 LLC */
680 return;
681
682 case DLT_EN10MB:
683 off_linktype = 12;
684 off_nl = 14; /* Ethernet II */
685 off_nl_nosnap = 17; /* 802.3+802.2 */
686 return;
687
688 case DLT_SLIP:
689 /*
690 * SLIP doesn't have a link level type. The 16 byte
691 * header is hacked into our SLIP driver.
692 */
693 off_linktype = -1;
694 off_nl = 16;
695 off_nl_nosnap = 16; /* no 802.2 LLC */
696 return;
697
698 case DLT_SLIP_BSDOS:
699 /* XXX this may be the same as the DLT_PPP_BSDOS case */
700 off_linktype = -1;
701 /* XXX end */
702 off_nl = 24;
703 off_nl_nosnap = 24; /* no 802.2 LLC */
704 return;
705
706 case DLT_NULL:
707 case DLT_LOOP:
708 off_linktype = 0;
709 off_nl = 4;
710 off_nl_nosnap = 4; /* no 802.2 LLC */
711 return;
712
713 case DLT_PPP:
714 case DLT_C_HDLC: /* BSD/OS Cisco HDLC */
715 case DLT_PPP_SERIAL: /* NetBSD sync/async serial PPP */
716 off_linktype = 2;
717 off_nl = 4;
718 off_nl_nosnap = 4; /* no 802.2 LLC */
719 return;
720
721 case DLT_PPP_ETHER:
722 /*
723 * This does no include the Ethernet header, and
724 * only covers session state.
725 */
726 off_linktype = 6;
727 off_nl = 8;
728 off_nl_nosnap = 8; /* no 802.2 LLC */
729 return;
730
731 case DLT_PPP_BSDOS:
732 off_linktype = 5;
733 off_nl = 24;
734 off_nl_nosnap = 24; /* no 802.2 LLC */
735 return;
736
737 case DLT_FDDI:
738 /*
739 * FDDI doesn't really have a link-level type field.
740 * We set "off_linktype" to the offset of the LLC header.
741 *
742 * To check for Ethernet types, we assume that SSAP = SNAP
743 * is being used and pick out the encapsulated Ethernet type.
744 * XXX - should we generate code to check for SNAP?
745 */
746 off_linktype = 13;
747 #ifdef PCAP_FDDIPAD
748 off_linktype += pcap_fddipad;
749 #endif
750 off_nl = 21; /* FDDI+802.2+SNAP */
751 off_nl_nosnap = 16; /* FDDI+802.2 */
752 #ifdef PCAP_FDDIPAD
753 off_nl += pcap_fddipad;
754 off_nl_nosnap += pcap_fddipad;
755 #endif
756 return;
757
758 case DLT_IEEE802:
759 /*
760 * Token Ring doesn't really have a link-level type field.
761 * We set "off_linktype" to the offset of the LLC header.
762 *
763 * To check for Ethernet types, we assume that SSAP = SNAP
764 * is being used and pick out the encapsulated Ethernet type.
765 * XXX - should we generate code to check for SNAP?
766 *
767 * XXX - the header is actually variable-length.
768 * Some various Linux patched versions gave 38
769 * as "off_linktype" and 40 as "off_nl"; however,
770 * if a token ring packet has *no* routing
771 * information, i.e. is not source-routed, the correct
772 * values are 20 and 22, as they are in the vanilla code.
773 *
774 * A packet is source-routed iff the uppermost bit
775 * of the first byte of the source address, at an
776 * offset of 8, has the uppermost bit set. If the
777 * packet is source-routed, the total number of bytes
778 * of routing information is 2 plus bits 0x1F00 of
779 * the 16-bit value at an offset of 14 (shifted right
780 * 8 - figure out which byte that is).
781 */
782 off_linktype = 14;
783 off_nl = 22; /* Token Ring+802.2+SNAP */
784 off_nl_nosnap = 17; /* Token Ring+802.2 */
785 return;
786
787 case DLT_IEEE802_11:
788 /*
789 * 802.11 doesn't really have a link-level type field.
790 * We set "off_linktype" to the offset of the LLC header.
791 *
792 * To check for Ethernet types, we assume that SSAP = SNAP
793 * is being used and pick out the encapsulated Ethernet type.
794 * XXX - should we generate code to check for SNAP?
795 *
796 * XXX - the header is actually variable-length. We
797 * assume a 24-byte link-layer header, as appears in
798 * data frames in networks with no bridges.
799 */
800 off_linktype = 24;
801 off_nl = 32; /* 802.11+802.2+SNAP */
802 off_nl_nosnap = 27; /* 802.22+802.2 */
803 return;
804
805 case DLT_PRISM_HEADER:
806 /*
807 * Same as 802.11, but with an additional header before
808 * the 802.11 header, containing a bunch of additional
809 * information including radio-level information.
810 *
811 * The header is 144 bytes long.
812 *
813 * XXX - same variable-length header problem; at least
814 * the Prism header is fixed-length.
815 */
816 off_linktype = 144+24;
817 off_nl = 144+32; /* Prism+802.11+802.2+SNAP */
818 off_nl_nosnap = 144+27; /* Prism+802.11+802.2 */
819 return;
820
821 case DLT_ATM_RFC1483:
822 case DLT_ATM_CLIP: /* Linux ATM defines this */
823 /*
824 * assume routed, non-ISO PDUs
825 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00)
826 */
827 off_linktype = 0;
828 off_nl = 8; /* 802.2+SNAP */
829 off_nl_nosnap = 3; /* 802.2 */
830 return;
831
832 case DLT_SUNATM:
833 /*
834 * Full Frontal ATM; you get AALn PDUs with an ATM
835 * pseudo-header.
836 */
837 is_atm = 1;
838 off_linktype = SUNATM_PKT_BEGIN_POS;
839 off_vpi = SUNATM_VPI_POS;
840 off_vci = SUNATM_VCI_POS;
841 off_proto = PROTO_POS;
842 off_msg_type = SUNATM_PKT_BEGIN_POS+MSG_TYPE_POS;
843 off_nl = SUNATM_PKT_BEGIN_POS+8; /* 802.2+SNAP */
844 off_nl_nosnap = SUNATM_PKT_BEGIN_POS+3; /* 802.2 */
845 return;
846
847 case DLT_RAW:
848 off_linktype = -1;
849 off_nl = 0;
850 off_nl_nosnap = 0; /* no 802.2 LLC */
851 return;
852
853 case DLT_LINUX_SLL: /* fake header for Linux cooked socket */
854 off_linktype = 14;
855 off_nl = 16;
856 off_nl_nosnap = 16; /* no 802.2 LLC */
857 return;
858
859 case DLT_LTALK:
860 /*
861 * LocalTalk does have a 1-byte type field in the LLAP header,
862 * but really it just indicates whether there is a "short" or
863 * "long" DDP packet following.
864 */
865 off_linktype = -1;
866 off_nl = 0;
867 off_nl_nosnap = 0; /* no 802.2 LLC */
868 return;
869
870 case DLT_FRELAY:
871 /*
872 * XXX - we should set this to handle SNAP-encapsulated
873 * frames (NLPID of 0x80).
874 */
875 off_linktype = -1;
876 off_nl = 0;
877 off_nl_nosnap = 0; /* no 802.2 LLC */
878 return;
879 }
880 bpf_error("unknown data link type %d", linktype);
881 /* NOTREACHED */
882 }
883
884 static struct block *
885 gen_uncond(rsense)
886 int rsense;
887 {
888 struct block *b;
889 struct slist *s;
890
891 s = new_stmt(BPF_LD|BPF_IMM);
892 s->s.k = !rsense;
893 b = new_block(JMP(BPF_JEQ));
894 b->stmts = s;
895
896 return b;
897 }
898
899 static inline struct block *
900 gen_true()
901 {
902 return gen_uncond(1);
903 }
904
905 static inline struct block *
906 gen_false()
907 {
908 return gen_uncond(0);
909 }
910
911 /*
912 * Byte-swap a 32-bit number.
913 * ("htonl()" or "ntohl()" won't work - we want to byte-swap even on
914 * big-endian platforms.)
915 */
916 #define SWAPLONG(y) \
917 ((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff))
918
919 static struct block *
920 gen_linktype(proto)
921 register int proto;
922 {
923 struct block *b0, *b1, *b2;
924
925 switch (linktype) {
926
927 case DLT_EN10MB:
928 switch (proto) {
929
930 case LLCSAP_ISONS:
931 /*
932 * OSI protocols always use 802.2 encapsulation.
933 * XXX - should we check both the DSAP and the
934 * SSAP, like this, or should we check just the
935 * DSAP?
936 */
937 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
938 gen_not(b0);
939 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
940 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
941 gen_and(b0, b1);
942 return b1;
943
944 case LLCSAP_NETBEUI:
945 /*
946 * NetBEUI always uses 802.2 encapsulation.
947 * XXX - should we check both the DSAP and the
948 * SSAP, like this, or should we check just the
949 * DSAP?
950 */
951 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
952 gen_not(b0);
953 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
954 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
955 gen_and(b0, b1);
956 return b1;
957
958 case LLCSAP_IPX:
959 /*
960 * Check for;
961 *
962 * Ethernet_II frames, which are Ethernet
963 * frames with a frame type of ETHERTYPE_IPX;
964 *
965 * Ethernet_802.3 frames, which are 802.3
966 * frames (i.e., the type/length field is
967 * a length field, <= ETHERMTU, rather than
968 * a type field) with the first two bytes
969 * after the Ethernet/802.3 header being
970 * 0xFFFF;
971 *
972 * Ethernet_802.2 frames, which are 802.3
973 * frames with an 802.2 LLC header and
974 * with the IPX LSAP as the DSAP in the LLC
975 * header;
976 *
977 * Ethernet_SNAP frames, which are 802.3
978 * frames with an LLC header and a SNAP
979 * header and with an OUI of 0x000000
980 * (encapsulated Ethernet) and a protocol
981 * ID of ETHERTYPE_IPX in the SNAP header.
982 *
983 * XXX - should we generate the same code both
984 * for tests for LLCSAP_IPX and for ETHERTYPE_IPX?
985 */
986
987 /*
988 * This generates code to check both for the
989 * IPX LSAP (Ethernet_802.2) and for Ethernet_802.3.
990 */
991 b0 = gen_cmp(off_linktype + 2, BPF_B,
992 (bpf_int32)LLCSAP_IPX);
993 b1 = gen_cmp(off_linktype + 2, BPF_H,
994 (bpf_int32)0xFFFF);
995 gen_or(b0, b1);
996
997 /*
998 * Now we add code to check for SNAP frames with
999 * ETHERTYPE_IPX, i.e. Ethernet_SNAP.
1000 */
1001 b0 = gen_snap(0x000000, ETHERTYPE_IPX, 14);
1002 gen_or(b0, b1);
1003
1004 /*
1005 * Now we generate code to check for 802.3
1006 * frames in general.
1007 */
1008 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1009 gen_not(b0);
1010
1011 /*
1012 * Now add the check for 802.3 frames before the
1013 * check for Ethernet_802.2 and Ethernet_802.3,
1014 * as those checks should only be done on 802.3
1015 * frames, not on Ethernet frames.
1016 */
1017 gen_and(b0, b1);
1018
1019 /*
1020 * Now add the check for Ethernet_II frames, and
1021 * do that before checking for the other frame
1022 * types.
1023 */
1024 b0 = gen_cmp(off_linktype, BPF_H,
1025 (bpf_int32)ETHERTYPE_IPX);
1026 gen_or(b0, b1);
1027 return b1;
1028
1029 case ETHERTYPE_ATALK:
1030 case ETHERTYPE_AARP:
1031 /*
1032 * EtherTalk (AppleTalk protocols on Ethernet link
1033 * layer) may use 802.2 encapsulation.
1034 */
1035
1036 /*
1037 * Check for 802.2 encapsulation (EtherTalk phase 2?);
1038 * we check for an Ethernet type field less than
1039 * 1500, which means it's an 802.3 length field.
1040 */
1041 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1042 gen_not(b0);
1043
1044 /*
1045 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1046 * SNAP packets with an organization code of
1047 * 0x080007 (Apple, for Appletalk) and a protocol
1048 * type of ETHERTYPE_ATALK (Appletalk).
1049 *
1050 * 802.2-encapsulated ETHERTYPE_AARP packets are
1051 * SNAP packets with an organization code of
1052 * 0x000000 (encapsulated Ethernet) and a protocol
1053 * type of ETHERTYPE_AARP (Appletalk ARP).
1054 */
1055 if (proto == ETHERTYPE_ATALK)
1056 b1 = gen_snap(0x080007, ETHERTYPE_ATALK, 14);
1057 else /* proto == ETHERTYPE_AARP */
1058 b1 = gen_snap(0x000000, ETHERTYPE_AARP, 14);
1059 gen_and(b0, b1);
1060
1061 /*
1062 * Check for Ethernet encapsulation (Ethertalk
1063 * phase 1?); we just check for the Ethernet
1064 * protocol type.
1065 */
1066 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1067
1068 gen_or(b0, b1);
1069 return b1;
1070
1071 default:
1072 if (proto <= ETHERMTU) {
1073 /*
1074 * This is an LLC SAP value, so the frames
1075 * that match would be 802.2 frames.
1076 * Check that the frame is an 802.2 frame
1077 * (i.e., that the length/type field is
1078 * a length field, <= ETHERMTU) and
1079 * then check the DSAP.
1080 */
1081 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1082 gen_not(b0);
1083 b1 = gen_cmp(off_linktype + 2, BPF_B,
1084 (bpf_int32)proto);
1085 gen_and(b0, b1);
1086 return b1;
1087 } else {
1088 /*
1089 * This is an Ethernet type, so compare
1090 * the length/type field with it (if
1091 * the frame is an 802.2 frame, the length
1092 * field will be <= ETHERMTU, and, as
1093 * "proto" is > ETHERMTU, this test
1094 * will fail and the frame won't match,
1095 * which is what we want).
1096 */
1097 return gen_cmp(off_linktype, BPF_H,
1098 (bpf_int32)proto);
1099 }
1100 }
1101 break;
1102
1103 case DLT_IEEE802_11:
1104 case DLT_PRISM_HEADER:
1105 case DLT_FDDI:
1106 case DLT_IEEE802:
1107 case DLT_ATM_RFC1483:
1108 case DLT_ATM_CLIP:
1109 return gen_llc(proto);
1110 break;
1111
1112 case DLT_SUNATM:
1113 /*
1114 * Check for LLC encapsulation and then check the protocol.
1115 * XXX - also check for LANE and then check for an Ethernet
1116 * type?
1117 */
1118 b0 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0);
1119 b1 = gen_llc(proto);
1120 gen_and(b0, b1);
1121 return b1;
1122
1123 case DLT_LINUX_SLL:
1124 switch (proto) {
1125
1126 case LLCSAP_ISONS:
1127 /*
1128 * OSI protocols always use 802.2 encapsulation.
1129 * XXX - should we check both the DSAP and the
1130 * LSAP, like this, or should we check just the
1131 * DSAP?
1132 */
1133 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1134 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1135 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
1136 gen_and(b0, b1);
1137 return b1;
1138
1139 case LLCSAP_NETBEUI:
1140 /*
1141 * NetBEUI always uses 802.2 encapsulation.
1142 * XXX - should we check both the DSAP and the
1143 * LSAP, like this, or should we check just the
1144 * DSAP?
1145 */
1146 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1147 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1148 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
1149 gen_and(b0, b1);
1150 return b1;
1151
1152 case LLCSAP_IPX:
1153 /*
1154 * Ethernet_II frames, which are Ethernet
1155 * frames with a frame type of ETHERTYPE_IPX;
1156 *
1157 * Ethernet_802.3 frames, which have a frame
1158 * type of LINUX_SLL_P_802_3;
1159 *
1160 * Ethernet_802.2 frames, which are 802.3
1161 * frames with an 802.2 LLC header (i.e, have
1162 * a frame type of LINUX_SLL_P_802_2) and
1163 * with the IPX LSAP as the DSAP in the LLC
1164 * header;
1165 *
1166 * Ethernet_SNAP frames, which are 802.3
1167 * frames with an LLC header and a SNAP
1168 * header and with an OUI of 0x000000
1169 * (encapsulated Ethernet) and a protocol
1170 * ID of ETHERTYPE_IPX in the SNAP header.
1171 *
1172 * First, do the checks on LINUX_SLL_P_802_2
1173 * frames; generate the check for either
1174 * Ethernet_802.2 or Ethernet_SNAP frames, and
1175 * then put a check for LINUX_SLL_P_802_2 frames
1176 * before it.
1177 */
1178 b0 = gen_cmp(off_linktype + 2, BPF_B,
1179 (bpf_int32)LLCSAP_IPX);
1180 b1 = gen_snap(0x000000, ETHERTYPE_IPX,
1181 off_linktype + 2);
1182 gen_or(b0, b1);
1183 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1184 gen_and(b0, b1);
1185
1186 /*
1187 * Now check for 802.3 frames and OR that with
1188 * the previous test.
1189 */
1190 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_3);
1191 gen_or(b0, b1);
1192
1193 /*
1194 * Now add the check for Ethernet_II frames, and
1195 * do that before checking for the other frame
1196 * types.
1197 */
1198 b0 = gen_cmp(off_linktype, BPF_H,
1199 (bpf_int32)ETHERTYPE_IPX);
1200 gen_or(b0, b1);
1201 return b1;
1202
1203 case ETHERTYPE_ATALK:
1204 case ETHERTYPE_AARP:
1205 /*
1206 * EtherTalk (AppleTalk protocols on Ethernet link
1207 * layer) may use 802.2 encapsulation.
1208 */
1209
1210 /*
1211 * Check for 802.2 encapsulation (EtherTalk phase 2?);
1212 * we check for the 802.2 protocol type in the
1213 * "Ethernet type" field.
1214 */
1215 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1216
1217 /*
1218 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1219 * SNAP packets with an organization code of
1220 * 0x080007 (Apple, for Appletalk) and a protocol
1221 * type of ETHERTYPE_ATALK (Appletalk).
1222 *
1223 * 802.2-encapsulated ETHERTYPE_AARP packets are
1224 * SNAP packets with an organization code of
1225 * 0x000000 (encapsulated Ethernet) and a protocol
1226 * type of ETHERTYPE_AARP (Appletalk ARP).
1227 */
1228 if (proto == ETHERTYPE_ATALK)
1229 b1 = gen_snap(0x080007, ETHERTYPE_ATALK,
1230 off_linktype + 2);
1231 else /* proto == ETHERTYPE_AARP */
1232 b1 = gen_snap(0x000000, ETHERTYPE_AARP,
1233 off_linktype + 2);
1234 gen_and(b0, b1);
1235
1236 /*
1237 * Check for Ethernet encapsulation (Ethertalk
1238 * phase 1?); we just check for the Ethernet
1239 * protocol type.
1240 */
1241 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1242
1243 gen_or(b0, b1);
1244 return b1;
1245
1246 default:
1247 if (proto <= ETHERMTU) {
1248 /*
1249 * This is an LLC SAP value, so the frames
1250 * that match would be 802.2 frames.
1251 * Check for the 802.2 protocol type
1252 * in the "Ethernet type" field, and
1253 * then check the DSAP.
1254 */
1255 b0 = gen_cmp(off_linktype, BPF_H,
1256 LINUX_SLL_P_802_2);
1257 b1 = gen_cmp(off_linktype + 2, BPF_B,
1258 (bpf_int32)proto);
1259 gen_and(b0, b1);
1260 return b1;
1261 } else {
1262 /*
1263 * This is an Ethernet type, so compare
1264 * the length/type field with it (if
1265 * the frame is an 802.2 frame, the length
1266 * field will be <= ETHERMTU, and, as
1267 * "proto" is > ETHERMTU, this test
1268 * will fail and the frame won't match,
1269 * which is what we want).
1270 */
1271 return gen_cmp(off_linktype, BPF_H,
1272 (bpf_int32)proto);
1273 }
1274 }
1275 break;
1276
1277 case DLT_SLIP:
1278 case DLT_SLIP_BSDOS:
1279 case DLT_RAW:
1280 /*
1281 * These types don't provide any type field; packets
1282 * are always IP.
1283 *
1284 * XXX - for IPv4, check for a version number of 4, and,
1285 * for IPv6, check for a version number of 6?
1286 */
1287 switch (proto) {
1288
1289 case ETHERTYPE_IP:
1290 #ifdef INET6
1291 case ETHERTYPE_IPV6:
1292 #endif
1293 return gen_true(); /* always true */
1294
1295 default:
1296 return gen_false(); /* always false */
1297 }
1298 break;
1299
1300 case DLT_PPP:
1301 case DLT_PPP_SERIAL:
1302 case DLT_PPP_ETHER:
1303 /*
1304 * We use Ethernet protocol types inside libpcap;
1305 * map them to the corresponding PPP protocol types.
1306 */
1307 switch (proto) {
1308
1309 case ETHERTYPE_IP:
1310 proto = PPP_IP; /* XXX was 0x21 */
1311 break;
1312
1313 #ifdef INET6
1314 case ETHERTYPE_IPV6:
1315 proto = PPP_IPV6;
1316 break;
1317 #endif
1318
1319 case ETHERTYPE_DN:
1320 proto = PPP_DECNET;
1321 break;
1322
1323 case ETHERTYPE_ATALK:
1324 proto = PPP_APPLE;
1325 break;
1326
1327 case ETHERTYPE_NS:
1328 proto = PPP_NS;
1329 break;
1330
1331 case LLCSAP_ISONS:
1332 proto = PPP_OSI;
1333 break;
1334
1335 case LLCSAP_8021D:
1336 /*
1337 * I'm assuming the "Bridging PDU"s that go
1338 * over PPP are Spanning Tree Protocol
1339 * Bridging PDUs.
1340 */
1341 proto = PPP_BRPDU;
1342 break;
1343
1344 case LLCSAP_IPX:
1345 proto = PPP_IPX;
1346 break;
1347 }
1348 break;
1349
1350 case DLT_PPP_BSDOS:
1351 /*
1352 * We use Ethernet protocol types inside libpcap;
1353 * map them to the corresponding PPP protocol types.
1354 */
1355 switch (proto) {
1356
1357 case ETHERTYPE_IP:
1358 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP);
1359 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC);
1360 gen_or(b0, b1);
1361 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC);
1362 gen_or(b1, b0);
1363 return b0;
1364
1365 #ifdef INET6
1366 case ETHERTYPE_IPV6:
1367 proto = PPP_IPV6;
1368 /* more to go? */
1369 break;
1370 #endif
1371
1372 case ETHERTYPE_DN:
1373 proto = PPP_DECNET;
1374 break;
1375
1376 case ETHERTYPE_ATALK:
1377 proto = PPP_APPLE;
1378 break;
1379
1380 case ETHERTYPE_NS:
1381 proto = PPP_NS;
1382 break;
1383
1384 case LLCSAP_ISONS:
1385 proto = PPP_OSI;
1386 break;
1387
1388 case LLCSAP_8021D:
1389 /*
1390 * I'm assuming the "Bridging PDU"s that go
1391 * over PPP are Spanning Tree Protocol
1392 * Bridging PDUs.
1393 */
1394 proto = PPP_BRPDU;
1395 break;
1396
1397 case LLCSAP_IPX:
1398 proto = PPP_IPX;
1399 break;
1400 }
1401 break;
1402
1403 case DLT_NULL:
1404 case DLT_LOOP:
1405 /*
1406 * For DLT_NULL, the link-layer header is a 32-bit
1407 * word containing an AF_ value in *host* byte order.
1408 *
1409 * In addition, if we're reading a saved capture file,
1410 * the host byte order in the capture may not be the
1411 * same as the host byte order on this machine.
1412 *
1413 * For DLT_LOOP, the link-layer header is a 32-bit
1414 * word containing an AF_ value in *network* byte order.
1415 *
1416 * XXX - AF_ values may, unfortunately, be platform-
1417 * dependent; for example, FreeBSD's AF_INET6 is 24
1418 * whilst NetBSD's and OpenBSD's is 26.
1419 *
1420 * This means that, when reading a capture file, just
1421 * checking for our AF_INET6 value won't work if the
1422 * capture file came from another OS.
1423 */
1424 switch (proto) {
1425
1426 case ETHERTYPE_IP:
1427 proto = AF_INET;
1428 break;
1429
1430 #ifdef INET6
1431 case ETHERTYPE_IPV6:
1432 proto = AF_INET6;
1433 break;
1434 #endif
1435
1436 default:
1437 /*
1438 * Not a type on which we support filtering.
1439 * XXX - support those that have AF_ values
1440 * #defined on this platform, at least?
1441 */
1442 return gen_false();
1443 }
1444
1445 if (linktype == DLT_NULL) {
1446 /*
1447 * The AF_ value is in host byte order, but
1448 * the BPF interpreter will convert it to
1449 * network byte order.
1450 *
1451 * If this is a save file, and it's from a
1452 * machine with the opposite byte order to
1453 * ours, we byte-swap the AF_ value.
1454 *
1455 * Then we run it through "htonl()", and
1456 * generate code to compare against the result.
1457 */
1458 if (bpf_pcap->sf.rfile != NULL &&
1459 bpf_pcap->sf.swapped)
1460 proto = SWAPLONG(proto);
1461 proto = htonl(proto);
1462 }
1463 return (gen_cmp(0, BPF_W, (bpf_int32)proto));
1464
1465 case DLT_ARCNET:
1466 /*
1467 * XXX should we check for first fragment if the protocol
1468 * uses PHDS?
1469 */
1470 switch(proto) {
1471 default:
1472 return gen_false();
1473 #ifdef INET6
1474 case ETHERTYPE_IPV6:
1475 return(gen_cmp(2, BPF_B,
1476 (bpf_int32)htonl(ARCTYPE_INET6)));
1477 #endif /* INET6 */
1478 case ETHERTYPE_IP:
1479 b0 = gen_cmp(2, BPF_B, (bpf_int32)htonl(ARCTYPE_IP));
1480 b1 = gen_cmp(2, BPF_B,
1481 (bpf_int32)htonl(ARCTYPE_IP_OLD));
1482 gen_or(b0, b1);
1483 return(b1);
1484 case ETHERTYPE_ARP:
1485 b0 = gen_cmp(2, BPF_B, (bpf_int32)htonl(ARCTYPE_ARP));
1486 b1 = gen_cmp(2, BPF_B,
1487 (bpf_int32)htonl(ARCTYPE_ARP_OLD));
1488 gen_or(b0, b1);
1489 return(b1);
1490 case ETHERTYPE_REVARP:
1491 return(gen_cmp(2, BPF_B,
1492 (bpf_int32)htonl(ARCTYPE_REVARP)));
1493 case ETHERTYPE_ATALK:
1494 return(gen_cmp(2, BPF_B,
1495 (bpf_int32)htonl(ARCTYPE_ATALK)));
1496 }
1497 break;
1498
1499 case DLT_LTALK:
1500 switch (proto) {
1501 case ETHERTYPE_ATALK:
1502 return gen_true();
1503 default:
1504 return gen_false();
1505 }
1506 break;
1507
1508 case DLT_FRELAY:
1509 /*
1510 * XXX - assumes a 2-byte Frame Relay header with
1511 * DLCI and flags. What if the address is longer?
1512 */
1513 switch (proto) {
1514
1515 case ETHERTYPE_IP:
1516 /*
1517 * Check for the special NLPID for IP.
1518 */
1519 return gen_cmp(2, BPF_H, (0x03<<8) | 0xcc);
1520
1521 #ifdef INET6
1522 case ETHERTYPE_IPV6:
1523 /*
1524 * Check for the special NLPID for IPv6.
1525 */
1526 return gen_cmp(2, BPF_H, (0x03<<8) | 0x8e);
1527 #endif
1528
1529 case LLCSAP_ISONS:
1530 /*
1531 * Check for several OSI protocols.
1532 *
1533 * Frame Relay packets typically have an OSI
1534 * NLPID at the beginning; we check for each
1535 * of them.
1536 *
1537 * What we check for is the NLPID and a frame
1538 * control field of UI, i.e. 0x03 followed
1539 * by the NLPID.
1540 */
1541 b0 = gen_cmp(2, BPF_H, (0x03<<8) | ISO8473_CLNP);
1542 b1 = gen_cmp(2, BPF_H, (0x03<<8) | ISO9542_ESIS);
1543 b2 = gen_cmp(2, BPF_H, (0x03<<8) | ISO10589_ISIS);
1544 gen_or(b1, b2);
1545 gen_or(b0, b2);
1546 return b2;
1547
1548 default:
1549 return gen_false();
1550 }
1551 break;
1552 }
1553
1554 /*
1555 * All the types that have no encapsulation should either be
1556 * handled as DLT_SLIP, DLT_SLIP_BSDOS, and DLT_RAW are, if
1557 * all packets are IP packets, or should be handled in some
1558 * special case, if none of them are (if some are and some
1559 * aren't, the lack of encapsulation is a problem, as we'd
1560 * have to find some other way of determining the packet type).
1561 *
1562 * Therefore, if "off_linktype" is -1, there's an error.
1563 */
1564 if (off_linktype == -1)
1565 abort();
1566
1567 /*
1568 * Any type not handled above should always have an Ethernet
1569 * type at an offset of "off_linktype". (PPP is partially
1570 * handled above - the protocol type is mapped from the
1571 * Ethernet and LLC types we use internally to the corresponding
1572 * PPP type - but the PPP type is always specified by a value
1573 * at "off_linktype", so we don't have to do the code generation
1574 * above.)
1575 */
1576 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1577 }
1578
1579 /*
1580 * Check for an LLC SNAP packet with a given organization code and
1581 * protocol type; we check the entire contents of the 802.2 LLC and
1582 * snap headers, checking for DSAP and SSAP of SNAP and a control
1583 * field of 0x03 in the LLC header, and for the specified organization
1584 * code and protocol type in the SNAP header.
1585 */
1586 static struct block *
1587 gen_snap(orgcode, ptype, offset)
1588 bpf_u_int32 orgcode;
1589 bpf_u_int32 ptype;
1590 u_int offset;
1591 {
1592 u_char snapblock[8];
1593
1594 snapblock[0] = LLCSAP_SNAP; /* DSAP = SNAP */
1595 snapblock[1] = LLCSAP_SNAP; /* SSAP = SNAP */
1596 snapblock[2] = 0x03; /* control = UI */
1597 snapblock[3] = (orgcode >> 16); /* upper 8 bits of organization code */
1598 snapblock[4] = (orgcode >> 8); /* middle 8 bits of organization code */
1599 snapblock[5] = (orgcode >> 0); /* lower 8 bits of organization code */
1600 snapblock[6] = (ptype >> 8); /* upper 8 bits of protocol type */
1601 snapblock[7] = (ptype >> 0); /* lower 8 bits of protocol type */
1602 return gen_bcmp(offset, 8, snapblock);
1603 }
1604
1605 /*
1606 * Check for a given protocol value assuming an 802.2 LLC header.
1607 */
1608 static struct block *
1609 gen_llc(proto)
1610 int proto;
1611 {
1612 /*
1613 * XXX - handle token-ring variable-length header.
1614 */
1615 switch (proto) {
1616
1617 case LLCSAP_ISONS:
1618 return gen_cmp(off_linktype, BPF_H, (long)
1619 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
1620
1621 case LLCSAP_NETBEUI:
1622 return gen_cmp(off_linktype, BPF_H, (long)
1623 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
1624
1625 case LLCSAP_IPX:
1626 /*
1627 * XXX - are there ever SNAP frames for IPX on
1628 * non-Ethernet 802.x networks?
1629 */
1630 return gen_cmp(off_linktype, BPF_B, (bpf_int32)LLCSAP_IPX);
1631
1632 case ETHERTYPE_ATALK:
1633 /*
1634 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1635 * SNAP packets with an organization code of
1636 * 0x080007 (Apple, for Appletalk) and a protocol
1637 * type of ETHERTYPE_ATALK (Appletalk).
1638 *
1639 * XXX - check for an organization code of
1640 * encapsulated Ethernet as well?
1641 */
1642 return gen_snap(0x080007, ETHERTYPE_ATALK, off_linktype);
1643
1644 default:
1645 /*
1646 * XXX - we don't have to check for IPX 802.3
1647 * here, but should we check for the IPX Ethertype?
1648 */
1649 if (proto <= ETHERMTU) {
1650 /*
1651 * This is an LLC SAP value, so check
1652 * the DSAP.
1653 */
1654 return gen_cmp(off_linktype, BPF_B, (bpf_int32)proto);
1655 } else {
1656 /*
1657 * This is an Ethernet type; we assume that it's
1658 * unlikely that it'll appear in the right place
1659 * at random, and therefore check only the
1660 * location that would hold the Ethernet type
1661 * in a SNAP frame with an organization code of
1662 * 0x000000 (encapsulated Ethernet).
1663 *
1664 * XXX - if we were to check for the SNAP DSAP and
1665 * LSAP, as per XXX, and were also to check for an
1666 * organization code of 0x000000 (encapsulated
1667 * Ethernet), we'd do
1668 *
1669 * return gen_snap(0x000000, proto,
1670 * off_linktype);
1671 *
1672 * here; for now, we don't, as per the above.
1673 * I don't know whether it's worth the extra CPU
1674 * time to do the right check or not.
1675 */
1676 return gen_cmp(off_linktype+6, BPF_H, (bpf_int32)proto);
1677 }
1678 }
1679 }
1680
1681 static struct block *
1682 gen_hostop(addr, mask, dir, proto, src_off, dst_off)
1683 bpf_u_int32 addr;
1684 bpf_u_int32 mask;
1685 int dir, proto;
1686 u_int src_off, dst_off;
1687 {
1688 struct block *b0, *b1;
1689 u_int offset;
1690
1691 switch (dir) {
1692
1693 case Q_SRC:
1694 offset = src_off;
1695 break;
1696
1697 case Q_DST:
1698 offset = dst_off;
1699 break;
1700
1701 case Q_AND:
1702 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
1703 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
1704 gen_and(b0, b1);
1705 return b1;
1706
1707 case Q_OR:
1708 case Q_DEFAULT:
1709 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
1710 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
1711 gen_or(b0, b1);
1712 return b1;
1713
1714 default:
1715 abort();
1716 }
1717 b0 = gen_linktype(proto);
1718 b1 = gen_mcmp(offset, BPF_W, (bpf_int32)addr, mask);
1719 gen_and(b0, b1);
1720 return b1;
1721 }
1722
1723 #ifdef INET6
1724 static struct block *
1725 gen_hostop6(addr, mask, dir, proto, src_off, dst_off)
1726 struct in6_addr *addr;
1727 struct in6_addr *mask;
1728 int dir, proto;
1729 u_int src_off, dst_off;
1730 {
1731 struct block *b0, *b1;
1732 u_int offset;
1733 u_int32_t *a, *m;
1734
1735 switch (dir) {
1736
1737 case Q_SRC:
1738 offset = src_off;
1739 break;
1740
1741 case Q_DST:
1742 offset = dst_off;
1743 break;
1744
1745 case Q_AND:
1746 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
1747 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
1748 gen_and(b0, b1);
1749 return b1;
1750
1751 case Q_OR:
1752 case Q_DEFAULT:
1753 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
1754 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
1755 gen_or(b0, b1);
1756 return b1;
1757
1758 default:
1759 abort();
1760 }
1761 /* this order is important */
1762 a = (u_int32_t *)addr;
1763 m = (u_int32_t *)mask;
1764 b1 = gen_mcmp(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3]));
1765 b0 = gen_mcmp(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2]));
1766 gen_and(b0, b1);
1767 b0 = gen_mcmp(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1]));
1768 gen_and(b0, b1);
1769 b0 = gen_mcmp(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0]));
1770 gen_and(b0, b1);
1771 b0 = gen_linktype(proto);
1772 gen_and(b0, b1);
1773 return b1;
1774 }
1775 #endif /*INET6*/
1776
1777 static struct block *
1778 gen_ehostop(eaddr, dir)
1779 register const u_char *eaddr;
1780 register int dir;
1781 {
1782 register struct block *b0, *b1;
1783
1784 switch (dir) {
1785 case Q_SRC:
1786 return gen_bcmp(6, 6, eaddr);
1787
1788 case Q_DST:
1789 return gen_bcmp(0, 6, eaddr);
1790
1791 case Q_AND:
1792 b0 = gen_ehostop(eaddr, Q_SRC);
1793 b1 = gen_ehostop(eaddr, Q_DST);
1794 gen_and(b0, b1);
1795 return b1;
1796
1797 case Q_DEFAULT:
1798 case Q_OR:
1799 b0 = gen_ehostop(eaddr, Q_SRC);
1800 b1 = gen_ehostop(eaddr, Q_DST);
1801 gen_or(b0, b1);
1802 return b1;
1803 }
1804 abort();
1805 /* NOTREACHED */
1806 }
1807
1808 /*
1809 * Like gen_ehostop, but for DLT_FDDI
1810 */
1811 static struct block *
1812 gen_fhostop(eaddr, dir)
1813 register const u_char *eaddr;
1814 register int dir;
1815 {
1816 struct block *b0, *b1;
1817
1818 switch (dir) {
1819 case Q_SRC:
1820 #ifdef PCAP_FDDIPAD
1821 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr);
1822 #else
1823 return gen_bcmp(6 + 1, 6, eaddr);
1824 #endif
1825
1826 case Q_DST:
1827 #ifdef PCAP_FDDIPAD
1828 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr);
1829 #else
1830 return gen_bcmp(0 + 1, 6, eaddr);
1831 #endif
1832
1833 case Q_AND:
1834 b0 = gen_fhostop(eaddr, Q_SRC);
1835 b1 = gen_fhostop(eaddr, Q_DST);
1836 gen_and(b0, b1);
1837 return b1;
1838
1839 case Q_DEFAULT:
1840 case Q_OR:
1841 b0 = gen_fhostop(eaddr, Q_SRC);
1842 b1 = gen_fhostop(eaddr, Q_DST);
1843 gen_or(b0, b1);
1844 return b1;
1845 }
1846 abort();
1847 /* NOTREACHED */
1848 }
1849
1850 /*
1851 * Like gen_ehostop, but for DLT_IEEE802 (Token Ring)
1852 */
1853 static struct block *
1854 gen_thostop(eaddr, dir)
1855 register const u_char *eaddr;
1856 register int dir;
1857 {
1858 register struct block *b0, *b1;
1859
1860 switch (dir) {
1861 case Q_SRC:
1862 return gen_bcmp(8, 6, eaddr);
1863
1864 case Q_DST:
1865 return gen_bcmp(2, 6, eaddr);
1866
1867 case Q_AND:
1868 b0 = gen_thostop(eaddr, Q_SRC);
1869 b1 = gen_thostop(eaddr, Q_DST);
1870 gen_and(b0, b1);
1871 return b1;
1872
1873 case Q_DEFAULT:
1874 case Q_OR:
1875 b0 = gen_thostop(eaddr, Q_SRC);
1876 b1 = gen_thostop(eaddr, Q_DST);
1877 gen_or(b0, b1);
1878 return b1;
1879 }
1880 abort();
1881 /* NOTREACHED */
1882 }
1883
1884 /*
1885 * This is quite tricky because there may be pad bytes in front of the
1886 * DECNET header, and then there are two possible data packet formats that
1887 * carry both src and dst addresses, plus 5 packet types in a format that
1888 * carries only the src node, plus 2 types that use a different format and
1889 * also carry just the src node.
1890 *
1891 * Yuck.
1892 *
1893 * Instead of doing those all right, we just look for data packets with
1894 * 0 or 1 bytes of padding. If you want to look at other packets, that
1895 * will require a lot more hacking.
1896 *
1897 * To add support for filtering on DECNET "areas" (network numbers)
1898 * one would want to add a "mask" argument to this routine. That would
1899 * make the filter even more inefficient, although one could be clever
1900 * and not generate masking instructions if the mask is 0xFFFF.
1901 */
1902 static struct block *
1903 gen_dnhostop(addr, dir, base_off)
1904 bpf_u_int32 addr;
1905 int dir;
1906 u_int base_off;
1907 {
1908 struct block *b0, *b1, *b2, *tmp;
1909 u_int offset_lh; /* offset if long header is received */
1910 u_int offset_sh; /* offset if short header is received */
1911
1912 switch (dir) {
1913
1914 case Q_DST:
1915 offset_sh = 1; /* follows flags */
1916 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */
1917 break;
1918
1919 case Q_SRC:
1920 offset_sh = 3; /* follows flags, dstnode */
1921 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */
1922 break;
1923
1924 case Q_AND:
1925 /* Inefficient because we do our Calvinball dance twice */
1926 b0 = gen_dnhostop(addr, Q_SRC, base_off);
1927 b1 = gen_dnhostop(addr, Q_DST, base_off);
1928 gen_and(b0, b1);
1929 return b1;
1930
1931 case Q_OR:
1932 case Q_DEFAULT:
1933 /* Inefficient because we do our Calvinball dance twice */
1934 b0 = gen_dnhostop(addr, Q_SRC, base_off);
1935 b1 = gen_dnhostop(addr, Q_DST, base_off);
1936 gen_or(b0, b1);
1937 return b1;
1938
1939 case Q_ISO:
1940 bpf_error("ISO host filtering not implemented");
1941
1942 default:
1943 abort();
1944 }
1945 b0 = gen_linktype(ETHERTYPE_DN);
1946 /* Check for pad = 1, long header case */
1947 tmp = gen_mcmp(base_off + 2, BPF_H,
1948 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF));
1949 b1 = gen_cmp(base_off + 2 + 1 + offset_lh,
1950 BPF_H, (bpf_int32)ntohs(addr));
1951 gen_and(tmp, b1);
1952 /* Check for pad = 0, long header case */
1953 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7);
1954 b2 = gen_cmp(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr));
1955 gen_and(tmp, b2);
1956 gen_or(b2, b1);
1957 /* Check for pad = 1, short header case */
1958 tmp = gen_mcmp(base_off + 2, BPF_H,
1959 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF));
1960 b2 = gen_cmp(base_off + 2 + 1 + offset_sh,
1961 BPF_H, (bpf_int32)ntohs(addr));
1962 gen_and(tmp, b2);
1963 gen_or(b2, b1);
1964 /* Check for pad = 0, short header case */
1965 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7);
1966 b2 = gen_cmp(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr));
1967 gen_and(tmp, b2);
1968 gen_or(b2, b1);
1969
1970 /* Combine with test for linktype */
1971 gen_and(b0, b1);
1972 return b1;
1973 }
1974
1975 static struct block *
1976 gen_host(addr, mask, proto, dir)
1977 bpf_u_int32 addr;
1978 bpf_u_int32 mask;
1979 int proto;
1980 int dir;
1981 {
1982 struct block *b0, *b1;
1983
1984 switch (proto) {
1985
1986 case Q_DEFAULT:
1987 b0 = gen_host(addr, mask, Q_IP, dir);
1988 if (off_linktype != -1) {
1989 b1 = gen_host(addr, mask, Q_ARP, dir);
1990 gen_or(b0, b1);
1991 b0 = gen_host(addr, mask, Q_RARP, dir);
1992 gen_or(b1, b0);
1993 }
1994 return b0;
1995
1996 case Q_IP:
1997 return gen_hostop(addr, mask, dir, ETHERTYPE_IP,
1998 off_nl + 12, off_nl + 16);
1999
2000 case Q_RARP:
2001 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP,
2002 off_nl + 14, off_nl + 24);
2003
2004 case Q_ARP:
2005 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP,
2006 off_nl + 14, off_nl + 24);
2007
2008 case Q_TCP:
2009 bpf_error("'tcp' modifier applied to host");
2010
2011 case Q_SCTP:
2012 bpf_error("'sctp' modifier applied to host");
2013
2014 case Q_UDP:
2015 bpf_error("'udp' modifier applied to host");
2016
2017 case Q_ICMP:
2018 bpf_error("'icmp' modifier applied to host");
2019
2020 case Q_IGMP:
2021 bpf_error("'igmp' modifier applied to host");
2022
2023 case Q_IGRP:
2024 bpf_error("'igrp' modifier applied to host");
2025
2026 case Q_PIM:
2027 bpf_error("'pim' modifier applied to host");
2028
2029 case Q_VRRP:
2030 bpf_error("'vrrp' modifier applied to host");
2031
2032 case Q_ATALK:
2033 bpf_error("ATALK host filtering not implemented");
2034
2035 case Q_AARP:
2036 bpf_error("AARP host filtering not implemented");
2037
2038 case Q_DECNET:
2039 return gen_dnhostop(addr, dir, off_nl);
2040
2041 case Q_SCA:
2042 bpf_error("SCA host filtering not implemented");
2043
2044 case Q_LAT:
2045 bpf_error("LAT host filtering not implemented");
2046
2047 case Q_MOPDL:
2048 bpf_error("MOPDL host filtering not implemented");
2049
2050 case Q_MOPRC:
2051 bpf_error("MOPRC host filtering not implemented");
2052
2053 #ifdef INET6
2054 case Q_IPV6:
2055 bpf_error("'ip6' modifier applied to ip host");
2056
2057 case Q_ICMPV6:
2058 bpf_error("'icmp6' modifier applied to host");
2059 #endif /* INET6 */
2060
2061 case Q_AH:
2062 bpf_error("'ah' modifier applied to host");
2063
2064 case Q_ESP:
2065 bpf_error("'esp' modifier applied to host");
2066
2067 case Q_ISO:
2068 bpf_error("ISO host filtering not implemented");
2069
2070 case Q_ESIS:
2071 bpf_error("'esis' modifier applied to host");
2072
2073 case Q_ISIS:
2074 bpf_error("'isis' modifier applied to host");
2075
2076 case Q_CLNP:
2077 bpf_error("'clnp' modifier applied to host");
2078
2079 case Q_STP:
2080 bpf_error("'stp' modifier applied to host");
2081
2082 case Q_IPX:
2083 bpf_error("IPX host filtering not implemented");
2084
2085 case Q_NETBEUI:
2086 bpf_error("'netbeui' modifier applied to host");
2087
2088 default:
2089 abort();
2090 }
2091 /* NOTREACHED */
2092 }
2093
2094 #ifdef INET6
2095 static struct block *
2096 gen_host6(addr, mask, proto, dir)
2097 struct in6_addr *addr;
2098 struct in6_addr *mask;
2099 int proto;
2100 int dir;
2101 {
2102 switch (proto) {
2103
2104 case Q_DEFAULT:
2105 return gen_host6(addr, mask, Q_IPV6, dir);
2106
2107 case Q_IP:
2108 bpf_error("'ip' modifier applied to ip6 host");
2109
2110 case Q_RARP:
2111 bpf_error("'rarp' modifier applied to ip6 host");
2112
2113 case Q_ARP:
2114 bpf_error("'arp' modifier applied to ip6 host");
2115
2116 case Q_SCTP:
2117 bpf_error("'sctp' modifier applied to host");
2118
2119 case Q_TCP:
2120 bpf_error("'tcp' modifier applied to host");
2121
2122 case Q_UDP:
2123 bpf_error("'udp' modifier applied to host");
2124
2125 case Q_ICMP:
2126 bpf_error("'icmp' modifier applied to host");
2127
2128 case Q_IGMP:
2129 bpf_error("'igmp' modifier applied to host");
2130
2131 case Q_IGRP:
2132 bpf_error("'igrp' modifier applied to host");
2133
2134 case Q_PIM:
2135 bpf_error("'pim' modifier applied to host");
2136
2137 case Q_VRRP:
2138 bpf_error("'vrrp' modifier applied to host");
2139
2140 case Q_ATALK:
2141 bpf_error("ATALK host filtering not implemented");
2142
2143 case Q_AARP:
2144 bpf_error("AARP host filtering not implemented");
2145
2146 case Q_DECNET:
2147 bpf_error("'decnet' modifier applied to ip6 host");
2148
2149 case Q_SCA:
2150 bpf_error("SCA host filtering not implemented");
2151
2152 case Q_LAT:
2153 bpf_error("LAT host filtering not implemented");
2154
2155 case Q_MOPDL:
2156 bpf_error("MOPDL host filtering not implemented");
2157
2158 case Q_MOPRC:
2159 bpf_error("MOPRC host filtering not implemented");
2160
2161 case Q_IPV6:
2162 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6,
2163 off_nl + 8, off_nl + 24);
2164
2165 case Q_ICMPV6:
2166 bpf_error("'icmp6' modifier applied to host");
2167
2168 case Q_AH:
2169 bpf_error("'ah' modifier applied to host");
2170
2171 case Q_ESP:
2172 bpf_error("'esp' modifier applied to host");
2173
2174 case Q_ISO:
2175 bpf_error("ISO host filtering not implemented");
2176
2177 case Q_ESIS:
2178 bpf_error("'esis' modifier applied to host");
2179
2180 case Q_ISIS:
2181 bpf_error("'isis' modifier applied to host");
2182
2183 case Q_CLNP:
2184 bpf_error("'clnp' modifier applied to host");
2185
2186 case Q_STP:
2187 bpf_error("'stp' modifier applied to host");
2188
2189 case Q_IPX:
2190 bpf_error("IPX host filtering not implemented");
2191
2192 case Q_NETBEUI:
2193 bpf_error("'netbeui' modifier applied to host");
2194
2195 default:
2196 abort();
2197 }
2198 /* NOTREACHED */
2199 }
2200 #endif /*INET6*/
2201
2202 #ifndef INET6
2203 static struct block *
2204 gen_gateway(eaddr, alist, proto, dir)
2205 const u_char *eaddr;
2206 bpf_u_int32 **alist;
2207 int proto;
2208 int dir;
2209 {
2210 struct block *b0, *b1, *tmp;
2211
2212 if (dir != 0)
2213 bpf_error("direction applied to 'gateway'");
2214
2215 switch (proto) {
2216 case Q_DEFAULT:
2217 case Q_IP:
2218 case Q_ARP:
2219 case Q_RARP:
2220 if (linktype == DLT_EN10MB)
2221 b0 = gen_ehostop(eaddr, Q_OR);
2222 else if (linktype == DLT_FDDI)
2223 b0 = gen_fhostop(eaddr, Q_OR);
2224 else if (linktype == DLT_IEEE802)
2225 b0 = gen_thostop(eaddr, Q_OR);
2226 else
2227 bpf_error(
2228 "'gateway' supported only on ethernet, FDDI or token ring");
2229
2230 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR);
2231 while (*alist) {
2232 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR);
2233 gen_or(b1, tmp);
2234 b1 = tmp;
2235 }
2236 gen_not(b1);
2237 gen_and(b0, b1);
2238 return b1;
2239 }
2240 bpf_error("illegal modifier of 'gateway'");
2241 /* NOTREACHED */
2242 }
2243 #endif
2244
2245 struct block *
2246 gen_proto_abbrev(proto)
2247 int proto;
2248 {
2249 #ifdef INET6
2250 struct block *b0;
2251 #endif
2252 struct block *b1;
2253
2254 switch (proto) {
2255
2256 case Q_SCTP:
2257 b1 = gen_proto(IPPROTO_SCTP, Q_IP, Q_DEFAULT);
2258 #ifdef INET6
2259 b0 = gen_proto(IPPROTO_SCTP, Q_IPV6, Q_DEFAULT);
2260 gen_or(b0, b1);
2261 #endif
2262 break;
2263
2264 case Q_TCP:
2265 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT);
2266 #ifdef INET6
2267 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT);
2268 gen_or(b0, b1);
2269 #endif
2270 break;
2271
2272 case Q_UDP:
2273 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT);
2274 #ifdef INET6
2275 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT);
2276 gen_or(b0, b1);
2277 #endif
2278 break;
2279
2280 case Q_ICMP:
2281 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT);
2282 break;
2283
2284 #ifndef IPPROTO_IGMP
2285 #define IPPROTO_IGMP 2
2286 #endif
2287
2288 case Q_IGMP:
2289 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT);
2290 break;
2291
2292 #ifndef IPPROTO_IGRP
2293 #define IPPROTO_IGRP 9
2294 #endif
2295 case Q_IGRP:
2296 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT);
2297 break;
2298
2299 #ifndef IPPROTO_PIM
2300 #define IPPROTO_PIM 103
2301 #endif
2302
2303 case Q_PIM:
2304 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT);
2305 #ifdef INET6
2306 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT);
2307 gen_or(b0, b1);
2308 #endif
2309 break;
2310
2311 #ifndef IPPROTO_VRRP
2312 #define IPPROTO_VRRP 112
2313 #endif
2314
2315 case Q_VRRP:
2316 b1 = gen_proto(IPPROTO_VRRP, Q_IP, Q_DEFAULT);
2317 break;
2318
2319 case Q_IP:
2320 b1 = gen_linktype(ETHERTYPE_IP);
2321 break;
2322
2323 case Q_ARP:
2324 b1 = gen_linktype(ETHERTYPE_ARP);
2325 break;
2326
2327 case Q_RARP:
2328 b1 = gen_linktype(ETHERTYPE_REVARP);
2329 break;
2330
2331 case Q_LINK:
2332 bpf_error("link layer applied in wrong context");
2333
2334 case Q_ATALK:
2335 b1 = gen_linktype(ETHERTYPE_ATALK);
2336 break;
2337
2338 case Q_AARP:
2339 b1 = gen_linktype(ETHERTYPE_AARP);
2340 break;
2341
2342 case Q_DECNET:
2343 b1 = gen_linktype(ETHERTYPE_DN);
2344 break;
2345
2346 case Q_SCA:
2347 b1 = gen_linktype(ETHERTYPE_SCA);
2348 break;
2349
2350 case Q_LAT:
2351 b1 = gen_linktype(ETHERTYPE_LAT);
2352 break;
2353
2354 case Q_MOPDL:
2355 b1 = gen_linktype(ETHERTYPE_MOPDL);
2356 break;
2357
2358 case Q_MOPRC:
2359 b1 = gen_linktype(ETHERTYPE_MOPRC);
2360 break;
2361
2362 #ifdef INET6
2363 case Q_IPV6:
2364 b1 = gen_linktype(ETHERTYPE_IPV6);
2365 break;
2366
2367 #ifndef IPPROTO_ICMPV6
2368 #define IPPROTO_ICMPV6 58
2369 #endif
2370 case Q_ICMPV6:
2371 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT);
2372 break;
2373 #endif /* INET6 */
2374
2375 #ifndef IPPROTO_AH
2376 #define IPPROTO_AH 51
2377 #endif
2378 case Q_AH:
2379 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT);
2380 #ifdef INET6
2381 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT);
2382 gen_or(b0, b1);
2383 #endif
2384 break;
2385
2386 #ifndef IPPROTO_ESP
2387 #define IPPROTO_ESP 50
2388 #endif
2389 case Q_ESP:
2390 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT);
2391 #ifdef INET6
2392 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT);
2393 gen_or(b0, b1);
2394 #endif
2395 break;
2396
2397 case Q_ISO:
2398 b1 = gen_linktype(LLCSAP_ISONS);
2399 break;
2400
2401 case Q_ESIS:
2402 b1 = gen_proto(ISO9542_ESIS, Q_ISO, Q_DEFAULT);
2403 break;
2404
2405 case Q_ISIS:
2406 b1 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT);
2407 break;
2408
2409 case Q_CLNP:
2410 b1 = gen_proto(ISO8473_CLNP, Q_ISO, Q_DEFAULT);
2411 break;
2412
2413 case Q_STP:
2414 b1 = gen_linktype(LLCSAP_8021D);
2415 break;
2416
2417 case Q_IPX:
2418 b1 = gen_linktype(LLCSAP_IPX);
2419 break;
2420
2421 case Q_NETBEUI:
2422 b1 = gen_linktype(LLCSAP_NETBEUI);
2423 break;
2424
2425 default:
2426 abort();
2427 }
2428 return b1;
2429 }
2430
2431 static struct block *
2432 gen_ipfrag()
2433 {
2434 struct slist *s;
2435 struct block *b;
2436
2437 /* not ip frag */
2438 s = new_stmt(BPF_LD|BPF_H|BPF_ABS);
2439 s->s.k = off_nl + 6;
2440 b = new_block(JMP(BPF_JSET));
2441 b->s.k = 0x1fff;
2442 b->stmts = s;
2443 gen_not(b);
2444
2445 return b;
2446 }
2447
2448 static struct block *
2449 gen_portatom(off, v)
2450 int off;
2451 bpf_int32 v;
2452 {
2453 struct slist *s;
2454 struct block *b;
2455
2456 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
2457 s->s.k = off_nl;
2458
2459 s->next = new_stmt(BPF_LD|BPF_IND|BPF_H);
2460 s->next->s.k = off_nl + off;
2461
2462 b = new_block(JMP(BPF_JEQ));
2463 b->stmts = s;
2464 b->s.k = v;
2465
2466 return b;
2467 }
2468
2469 #ifdef INET6
2470 static struct block *
2471 gen_portatom6(off, v)
2472 int off;
2473 bpf_int32 v;
2474 {
2475 return gen_cmp(off_nl + 40 + off, BPF_H, v);
2476 }
2477 #endif/*INET6*/
2478
2479 struct block *
2480 gen_portop(port, proto, dir)
2481 int port, proto, dir;
2482 {
2483 struct block *b0, *b1, *tmp;
2484
2485 /* ip proto 'proto' */
2486 tmp = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)proto);
2487 b0 = gen_ipfrag();
2488 gen_and(tmp, b0);
2489
2490 switch (dir) {
2491 case Q_SRC:
2492 b1 = gen_portatom(0, (bpf_int32)port);
2493 break;
2494
2495 case Q_DST:
2496 b1 = gen_portatom(2, (bpf_int32)port);
2497 break;
2498
2499 case Q_OR:
2500 case Q_DEFAULT:
2501 tmp = gen_portatom(0, (bpf_int32)port);
2502 b1 = gen_portatom(2, (bpf_int32)port);
2503 gen_or(tmp, b1);
2504 break;
2505
2506 case Q_AND:
2507 tmp = gen_portatom(0, (bpf_int32)port);
2508 b1 = gen_portatom(2, (bpf_int32)port);
2509 gen_and(tmp, b1);
2510 break;
2511
2512 default:
2513 abort();
2514 }
2515 gen_and(b0, b1);
2516
2517 return b1;
2518 }
2519
2520 static struct block *
2521 gen_port(port, ip_proto, dir)
2522 int port;
2523 int ip_proto;
2524 int dir;
2525 {
2526 struct block *b0, *b1, *tmp;
2527
2528 /* ether proto ip */
2529 b0 = gen_linktype(ETHERTYPE_IP);
2530
2531 switch (ip_proto) {
2532 case IPPROTO_UDP:
2533 case IPPROTO_TCP:
2534 case IPPROTO_SCTP:
2535 b1 = gen_portop(port, ip_proto, dir);
2536 break;
2537
2538 case PROTO_UNDEF:
2539 tmp = gen_portop(port, IPPROTO_TCP, dir);
2540 b1 = gen_portop(port, IPPROTO_UDP, dir);
2541 gen_or(tmp, b1);
2542 tmp = gen_portop(port, IPPROTO_SCTP, dir);
2543 gen_or(tmp, b1);
2544 break;
2545
2546 default:
2547 abort();
2548 }
2549 gen_and(b0, b1);
2550 return b1;
2551 }
2552
2553 #ifdef INET6
2554 struct block *
2555 gen_portop6(port, proto, dir)
2556 int port, proto, dir;
2557 {
2558 struct block *b0, *b1, *tmp;
2559
2560 /* ip proto 'proto' */
2561 b0 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)proto);
2562
2563 switch (dir) {
2564 case Q_SRC:
2565 b1 = gen_portatom6(0, (bpf_int32)port);
2566 break;
2567
2568 case Q_DST:
2569 b1 = gen_portatom6(2, (bpf_int32)port);
2570 break;
2571
2572 case Q_OR:
2573 case Q_DEFAULT:
2574 tmp = gen_portatom6(0, (bpf_int32)port);
2575 b1 = gen_portatom6(2, (bpf_int32)port);
2576 gen_or(tmp, b1);
2577 break;
2578
2579 case Q_AND:
2580 tmp = gen_portatom6(0, (bpf_int32)port);
2581 b1 = gen_portatom6(2, (bpf_int32)port);
2582 gen_and(tmp, b1);
2583 break;
2584
2585 default:
2586 abort();
2587 }
2588 gen_and(b0, b1);
2589
2590 return b1;
2591 }
2592
2593 static struct block *
2594 gen_port6(port, ip_proto, dir)
2595 int port;
2596 int ip_proto;
2597 int dir;
2598 {
2599 struct block *b0, *b1, *tmp;
2600
2601 /* ether proto ip */
2602 b0 = gen_linktype(ETHERTYPE_IPV6);
2603
2604 switch (ip_proto) {
2605 case IPPROTO_UDP:
2606 case IPPROTO_TCP:
2607 case IPPROTO_SCTP:
2608 b1 = gen_portop6(port, ip_proto, dir);
2609 break;
2610
2611 case PROTO_UNDEF:
2612 tmp = gen_portop6(port, IPPROTO_TCP, dir);
2613 b1 = gen_portop6(port, IPPROTO_UDP, dir);
2614 gen_or(tmp, b1);
2615 tmp = gen_portop6(port, IPPROTO_SCTP, dir);
2616 gen_or(tmp, b1);
2617 break;
2618
2619 default:
2620 abort();
2621 }
2622 gen_and(b0, b1);
2623 return b1;
2624 }
2625 #endif /* INET6 */
2626
2627 static int
2628 lookup_proto(name, proto)
2629 register const char *name;
2630 register int proto;
2631 {
2632 register int v;
2633
2634 switch (proto) {
2635
2636 case Q_DEFAULT:
2637 case Q_IP:
2638 case Q_IPV6:
2639 v = pcap_nametoproto(name);
2640 if (v == PROTO_UNDEF)
2641 bpf_error("unknown ip proto '%s'", name);
2642 break;
2643
2644 case Q_LINK:
2645 /* XXX should look up h/w protocol type based on linktype */
2646 v = pcap_nametoeproto(name);
2647 if (v == PROTO_UNDEF)
2648 bpf_error("unknown ether proto '%s'", name);
2649 break;
2650
2651 case Q_ISO:
2652 if (strcmp(name, "esis") == 0)
2653 v = ISO9542_ESIS;
2654 else if (strcmp(name, "isis") == 0)
2655 v = ISO10589_ISIS;
2656 else if (strcmp(name, "clnp") == 0)
2657 v = ISO8473_CLNP;
2658 else
2659 bpf_error("unknown osi proto '%s'", name);
2660 break;
2661
2662 default:
2663 v = PROTO_UNDEF;
2664 break;
2665 }
2666 return v;
2667 }
2668
2669 #if 0
2670 struct stmt *
2671 gen_joinsp(s, n)
2672 struct stmt **s;
2673 int n;
2674 {
2675 return NULL;
2676 }
2677 #endif
2678
2679 static struct block *
2680 gen_protochain(v, proto, dir)
2681 int v;
2682 int proto;
2683 int dir;
2684 {
2685 #ifdef NO_PROTOCHAIN
2686 return gen_proto(v, proto, dir);
2687 #else
2688 struct block *b0, *b;
2689 struct slist *s[100];
2690 int fix2, fix3, fix4, fix5;
2691 int ahcheck, again, end;
2692 int i, max;
2693 int reg2 = alloc_reg();
2694
2695 memset(s, 0, sizeof(s));
2696 fix2 = fix3 = fix4 = fix5 = 0;
2697
2698 switch (proto) {
2699 case Q_IP:
2700 case Q_IPV6:
2701 break;
2702 case Q_DEFAULT:
2703 b0 = gen_protochain(v, Q_IP, dir);
2704 b = gen_protochain(v, Q_IPV6, dir);
2705 gen_or(b0, b);
2706 return b;
2707 default:
2708 bpf_error("bad protocol applied for 'protochain'");
2709 /*NOTREACHED*/
2710 }
2711
2712 no_optimize = 1; /*this code is not compatible with optimzer yet */
2713
2714 /*
2715 * s[0] is a dummy entry to protect other BPF insn from damaged
2716 * by s[fix] = foo with uninitialized variable "fix". It is somewhat
2717 * hard to find interdependency made by jump table fixup.
2718 */
2719 i = 0;
2720 s[i] = new_stmt(0); /*dummy*/
2721 i++;
2722
2723 switch (proto) {
2724 case Q_IP:
2725 b0 = gen_linktype(ETHERTYPE_IP);
2726
2727 /* A = ip->ip_p */
2728 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
2729 s[i]->s.k = off_nl + 9;
2730 i++;
2731 /* X = ip->ip_hl << 2 */
2732 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
2733 s[i]->s.k = off_nl;
2734 i++;
2735 break;
2736 #ifdef INET6
2737 case Q_IPV6:
2738 b0 = gen_linktype(ETHERTYPE_IPV6);
2739
2740 /* A = ip6->ip_nxt */
2741 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
2742 s[i]->s.k = off_nl + 6;
2743 i++;
2744 /* X = sizeof(struct ip6_hdr) */
2745 s[i] = new_stmt(BPF_LDX|BPF_IMM);
2746 s[i]->s.k = 40;
2747 i++;
2748 break;
2749 #endif
2750 default:
2751 bpf_error("unsupported proto to gen_protochain");
2752 /*NOTREACHED*/
2753 }
2754
2755 /* again: if (A == v) goto end; else fall through; */
2756 again = i;
2757 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2758 s[i]->s.k = v;
2759 s[i]->s.jt = NULL; /*later*/
2760 s[i]->s.jf = NULL; /*update in next stmt*/
2761 fix5 = i;
2762 i++;
2763
2764 #ifndef IPPROTO_NONE
2765 #define IPPROTO_NONE 59
2766 #endif
2767 /* if (A == IPPROTO_NONE) goto end */
2768 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2769 s[i]->s.jt = NULL; /*later*/
2770 s[i]->s.jf = NULL; /*update in next stmt*/
2771 s[i]->s.k = IPPROTO_NONE;
2772 s[fix5]->s.jf = s[i];
2773 fix2 = i;
2774 i++;
2775
2776 #ifdef INET6
2777 if (proto == Q_IPV6) {
2778 int v6start, v6end, v6advance, j;
2779
2780 v6start = i;
2781 /* if (A == IPPROTO_HOPOPTS) goto v6advance */
2782 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2783 s[i]->s.jt = NULL; /*later*/
2784 s[i]->s.jf = NULL; /*update in next stmt*/
2785 s[i]->s.k = IPPROTO_HOPOPTS;
2786 s[fix2]->s.jf = s[i];
2787 i++;
2788 /* if (A == IPPROTO_DSTOPTS) goto v6advance */
2789 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2790 s[i]->s.jt = NULL; /*later*/
2791 s[i]->s.jf = NULL; /*update in next stmt*/
2792 s[i]->s.k = IPPROTO_DSTOPTS;
2793 i++;
2794 /* if (A == IPPROTO_ROUTING) goto v6advance */
2795 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2796 s[i]->s.jt = NULL; /*later*/
2797 s[i]->s.jf = NULL; /*update in next stmt*/
2798 s[i]->s.k = IPPROTO_ROUTING;
2799 i++;
2800 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */
2801 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2802 s[i]->s.jt = NULL; /*later*/
2803 s[i]->s.jf = NULL; /*later*/
2804 s[i]->s.k = IPPROTO_FRAGMENT;
2805 fix3 = i;
2806 v6end = i;
2807 i++;
2808
2809 /* v6advance: */
2810 v6advance = i;
2811
2812 /*
2813 * in short,
2814 * A = P[X];
2815 * X = X + (P[X + 1] + 1) * 8;
2816 */
2817 /* A = X */
2818 s[i] = new_stmt(BPF_MISC|BPF_TXA);
2819 i++;
2820 /* A = P[X + packet head] */
2821 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2822 s[i]->s.k = off_nl;
2823 i++;
2824 /* MEM[reg2] = A */
2825 s[i] = new_stmt(BPF_ST);
2826 s[i]->s.k = reg2;
2827 i++;
2828 /* A = X */
2829 s[i] = new_stmt(BPF_MISC|BPF_TXA);
2830 i++;
2831 /* A += 1 */
2832 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2833 s[i]->s.k = 1;
2834 i++;
2835 /* X = A */
2836 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2837 i++;
2838 /* A = P[X + packet head]; */
2839 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2840 s[i]->s.k = off_nl;
2841 i++;
2842 /* A += 1 */
2843 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2844 s[i]->s.k = 1;
2845 i++;
2846 /* A *= 8 */
2847 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
2848 s[i]->s.k = 8;
2849 i++;
2850 /* X = A; */
2851 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2852 i++;
2853 /* A = MEM[reg2] */
2854 s[i] = new_stmt(BPF_LD|BPF_MEM);
2855 s[i]->s.k = reg2;
2856 i++;
2857
2858 /* goto again; (must use BPF_JA for backward jump) */
2859 s[i] = new_stmt(BPF_JMP|BPF_JA);
2860 s[i]->s.k = again - i - 1;
2861 s[i - 1]->s.jf = s[i];
2862 i++;
2863
2864 /* fixup */
2865 for (j = v6start; j <= v6end; j++)
2866 s[j]->s.jt = s[v6advance];
2867 } else
2868 #endif
2869 {
2870 /* nop */
2871 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2872 s[i]->s.k = 0;
2873 s[fix2]->s.jf = s[i];
2874 i++;
2875 }
2876
2877 /* ahcheck: */
2878 ahcheck = i;
2879 /* if (A == IPPROTO_AH) then fall through; else goto end; */
2880 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2881 s[i]->s.jt = NULL; /*later*/
2882 s[i]->s.jf = NULL; /*later*/
2883 s[i]->s.k = IPPROTO_AH;
2884 if (fix3)
2885 s[fix3]->s.jf = s[ahcheck];
2886 fix4 = i;
2887 i++;
2888
2889 /*
2890 * in short,
2891 * A = P[X];
2892 * X = X + (P[X + 1] + 2) * 4;
2893 */
2894 /* A = X */
2895 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
2896 i++;
2897 /* A = P[X + packet head]; */
2898 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2899 s[i]->s.k = off_nl;
2900 i++;
2901 /* MEM[reg2] = A */
2902 s[i] = new_stmt(BPF_ST);
2903 s[i]->s.k = reg2;
2904 i++;
2905 /* A = X */
2906 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
2907 i++;
2908 /* A += 1 */
2909 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2910 s[i]->s.k = 1;
2911 i++;
2912 /* X = A */
2913 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2914 i++;
2915 /* A = P[X + packet head] */
2916 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2917 s[i]->s.k = off_nl;
2918 i++;
2919 /* A += 2 */
2920 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2921 s[i]->s.k = 2;
2922 i++;
2923 /* A *= 4 */
2924 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
2925 s[i]->s.k = 4;
2926 i++;
2927 /* X = A; */
2928 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2929 i++;
2930 /* A = MEM[reg2] */
2931 s[i] = new_stmt(BPF_LD|BPF_MEM);
2932 s[i]->s.k = reg2;
2933 i++;
2934
2935 /* goto again; (must use BPF_JA for backward jump) */
2936 s[i] = new_stmt(BPF_JMP|BPF_JA);
2937 s[i]->s.k = again - i - 1;
2938 i++;
2939
2940 /* end: nop */
2941 end = i;
2942 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2943 s[i]->s.k = 0;
2944 s[fix2]->s.jt = s[end];
2945 s[fix4]->s.jf = s[end];
2946 s[fix5]->s.jt = s[end];
2947 i++;
2948
2949 /*
2950 * make slist chain
2951 */
2952 max = i;
2953 for (i = 0; i < max - 1; i++)
2954 s[i]->next = s[i + 1];
2955 s[max - 1]->next = NULL;
2956
2957 /*
2958 * emit final check
2959 */
2960 b = new_block(JMP(BPF_JEQ));
2961 b->stmts = s[1]; /*remember, s[0] is dummy*/
2962 b->s.k = v;
2963
2964 free_reg(reg2);
2965
2966 gen_and(b0, b);
2967 return b;
2968 #endif
2969 }
2970
2971 static struct block *
2972 gen_proto(v, proto, dir)
2973 int v;
2974 int proto;
2975 int dir;
2976 {
2977 struct block *b0, *b1;
2978
2979 if (dir != Q_DEFAULT)
2980 bpf_error("direction applied to 'proto'");
2981
2982 switch (proto) {
2983 case Q_DEFAULT:
2984 #ifdef INET6
2985 b0 = gen_proto(v, Q_IP, dir);
2986 b1 = gen_proto(v, Q_IPV6, dir);
2987 gen_or(b0, b1);
2988 return b1;
2989 #else
2990 /*FALLTHROUGH*/
2991 #endif
2992 case Q_IP:
2993 b0 = gen_linktype(ETHERTYPE_IP);
2994 #ifndef CHASE_CHAIN
2995 b1 = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)v);
2996 #else
2997 b1 = gen_protochain(v, Q_IP);
2998 #endif
2999 gen_and(b0, b1);
3000 return b1;
3001
3002 case Q_ISO:
3003 switch (linktype) {
3004
3005 case DLT_FRELAY:
3006 /*
3007 * Frame Relay packets typically have an OSI
3008 * NLPID at the beginning; "gen_linktype(LLCSAP_ISONS)"
3009 * generates code to check for all the OSI
3010 * NLPIDs, so calling it and then adding a check
3011 * for the particular NLPID for which we're
3012 * looking is bogus, as we can just check for
3013 * the NLPID.
3014 *
3015 * What we check for is the NLPID and a frame
3016 * control field value of UI, i.e. 0x03 followed
3017 * by the NLPID.
3018 *
3019 * XXX - assumes a 2-byte Frame Relay header with
3020 * DLCI and flags. What if the address is longer?
3021 *
3022 * XXX - what about SNAP-encapsulated frames?
3023 */
3024 return gen_cmp(2, BPF_H, (0x03<<8) | v);
3025 break;
3026
3027 default:
3028 b0 = gen_linktype(LLCSAP_ISONS);
3029 b1 = gen_cmp(off_nl_nosnap, BPF_B, (long)v);
3030 gen_and(b0, b1);
3031 return b1;
3032 }
3033
3034 case Q_ARP:
3035 bpf_error("arp does not encapsulate another protocol");
3036 /* NOTREACHED */
3037
3038 case Q_RARP:
3039 bpf_error("rarp does not encapsulate another protocol");
3040 /* NOTREACHED */
3041
3042 case Q_ATALK:
3043 bpf_error("atalk encapsulation is not specifiable");
3044 /* NOTREACHED */
3045
3046 case Q_DECNET:
3047 bpf_error("decnet encapsulation is not specifiable");
3048 /* NOTREACHED */
3049
3050 case Q_SCA:
3051 bpf_error("sca does not encapsulate another protocol");
3052 /* NOTREACHED */
3053
3054 case Q_LAT:
3055 bpf_error("lat does not encapsulate another protocol");
3056 /* NOTREACHED */
3057
3058 case Q_MOPRC:
3059 bpf_error("moprc does not encapsulate another protocol");
3060 /* NOTREACHED */
3061
3062 case Q_MOPDL:
3063 bpf_error("mopdl does not encapsulate another protocol");
3064 /* NOTREACHED */
3065
3066 case Q_LINK:
3067 return gen_linktype(v);
3068
3069 case Q_UDP:
3070 bpf_error("'udp proto' is bogus");
3071 /* NOTREACHED */
3072
3073 case Q_TCP:
3074 bpf_error("'tcp proto' is bogus");
3075 /* NOTREACHED */
3076
3077 case Q_SCTP:
3078 bpf_error("'sctp proto' is bogus");
3079 /* NOTREACHED */
3080
3081 case Q_ICMP:
3082 bpf_error("'icmp proto' is bogus");
3083 /* NOTREACHED */
3084
3085 case Q_IGMP:
3086 bpf_error("'igmp proto' is bogus");
3087 /* NOTREACHED */
3088
3089 case Q_IGRP:
3090 bpf_error("'igrp proto' is bogus");
3091 /* NOTREACHED */
3092
3093 case Q_PIM:
3094 bpf_error("'pim proto' is bogus");
3095 /* NOTREACHED */
3096
3097 case Q_VRRP:
3098 bpf_error("'vrrp proto' is bogus");
3099 /* NOTREACHED */
3100
3101 #ifdef INET6
3102 case Q_IPV6:
3103 b0 = gen_linktype(ETHERTYPE_IPV6);
3104 #ifndef CHASE_CHAIN
3105 b1 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)v);
3106 #else
3107 b1 = gen_protochain(v, Q_IPV6);
3108 #endif
3109 gen_and(b0, b1);
3110 return b1;
3111
3112 case Q_ICMPV6:
3113 bpf_error("'icmp6 proto' is bogus");
3114 #endif /* INET6 */
3115
3116 case Q_AH:
3117 bpf_error("'ah proto' is bogus");
3118
3119 case Q_ESP:
3120 bpf_error("'ah proto' is bogus");
3121
3122 case Q_STP:
3123 bpf_error("'stp proto' is bogus");
3124
3125 case Q_IPX:
3126 bpf_error("'ipx proto' is bogus");
3127
3128 case Q_NETBEUI:
3129 bpf_error("'netbeui proto' is bogus");
3130
3131 default:
3132 abort();
3133 /* NOTREACHED */
3134 }
3135 /* NOTREACHED */
3136 }
3137
3138 struct block *
3139 gen_scode(name, q)
3140 register const char *name;
3141 struct qual q;
3142 {
3143 int proto = q.proto;
3144 int dir = q.dir;
3145 int tproto;
3146 u_char *eaddr;
3147 bpf_u_int32 mask, addr;
3148 #ifndef INET6
3149 bpf_u_int32 **alist;
3150 #else
3151 int tproto6;
3152 struct sockaddr_in *sin;
3153 struct sockaddr_in6 *sin6;
3154 struct addrinfo *res, *res0;
3155 struct in6_addr mask128;
3156 #endif /*INET6*/
3157 struct block *b, *tmp;
3158 int port, real_proto;
3159
3160 switch (q.addr) {
3161
3162 case Q_NET:
3163 addr = pcap_nametonetaddr(name);
3164 if (addr == 0)
3165 bpf_error("unknown network '%s'", name);
3166 /* Left justify network addr and calculate its network mask */
3167 mask = 0xffffffff;
3168 while (addr && (addr & 0xff000000) == 0) {
3169 addr <<= 8;
3170 mask <<= 8;
3171 }
3172 return gen_host(addr, mask, proto, dir);
3173
3174 case Q_DEFAULT:
3175 case Q_HOST:
3176 if (proto == Q_LINK) {
3177 switch (linktype) {
3178
3179 case DLT_EN10MB:
3180 eaddr = pcap_ether_hostton(name);
3181 if (eaddr == NULL)
3182 bpf_error(
3183 "unknown ether host '%s'", name);
3184 b = gen_ehostop(eaddr, dir);
3185 free(eaddr);
3186 return b;
3187
3188 case DLT_FDDI:
3189 eaddr = pcap_ether_hostton(name);
3190 if (eaddr == NULL)
3191 bpf_error(
3192 "unknown FDDI host '%s'", name);
3193 b = gen_fhostop(eaddr, dir);
3194 free(eaddr);
3195 return b;
3196
3197 case DLT_IEEE802:
3198 eaddr = pcap_ether_hostton(name);
3199 if (eaddr == NULL)
3200 bpf_error(
3201 "unknown token ring host '%s'", name);
3202 b = gen_thostop(eaddr, dir);
3203 free(eaddr);
3204 return b;
3205
3206 default:
3207 bpf_error(
3208 "only ethernet/FDDI/token ring supports link-level host name");
3209 break;
3210 }
3211 } else if (proto == Q_DECNET) {
3212 unsigned short dn_addr = __pcap_nametodnaddr(name);
3213 /*
3214 * I don't think DECNET hosts can be multihomed, so
3215 * there is no need to build up a list of addresses
3216 */
3217 return (gen_host(dn_addr, 0, proto, dir));
3218 } else {
3219 #ifndef INET6
3220 alist = pcap_nametoaddr(name);
3221 if (alist == NULL || *alist == NULL)
3222 bpf_error("unknown host '%s'", name);
3223 tproto = proto;
3224 if (off_linktype == -1 && tproto == Q_DEFAULT)
3225 tproto = Q_IP;
3226 b = gen_host(**alist++, 0xffffffff, tproto, dir);
3227 while (*alist) {
3228 tmp = gen_host(**alist++, 0xffffffff,
3229 tproto, dir);
3230 gen_or(b, tmp);
3231 b = tmp;
3232 }
3233 return b;
3234 #else
3235 memset(&mask128, 0xff, sizeof(mask128));
3236 res0 = res = pcap_nametoaddrinfo(name);
3237 if (res == NULL)
3238 bpf_error("unknown host '%s'", name);
3239 b = tmp = NULL;
3240 tproto = tproto6 = proto;
3241 if (off_linktype == -1 && tproto == Q_DEFAULT) {
3242 tproto = Q_IP;
3243 tproto6 = Q_IPV6;
3244 }
3245 for (res = res0; res; res = res->ai_next) {
3246 switch (res->ai_family) {
3247 case AF_INET:
3248 if (tproto == Q_IPV6)
3249 continue;
3250
3251 sin = (struct sockaddr_in *)
3252 res->ai_addr;
3253 tmp = gen_host(ntohl(sin->sin_addr.s_addr),
3254 0xffffffff, tproto, dir);
3255 break;
3256 case AF_INET6:
3257 if (tproto6 == Q_IP)
3258 continue;
3259
3260 sin6 = (struct sockaddr_in6 *)
3261 res->ai_addr;
3262 tmp = gen_host6(&sin6->sin6_addr,
3263 &mask128, tproto6, dir);
3264 break;
3265 default:
3266 continue;
3267 }
3268 if (b)
3269 gen_or(b, tmp);
3270 b = tmp;
3271 }
3272 freeaddrinfo(res0);
3273 if (b == NULL) {
3274 bpf_error("unknown host '%s'%s", name,
3275 (proto == Q_DEFAULT)
3276 ? ""
3277 : " for specified address family");
3278 }
3279 return b;
3280 #endif /*INET6*/
3281 }
3282
3283 case Q_PORT:
3284 if (proto != Q_DEFAULT &&
3285 proto != Q_UDP && proto != Q_TCP && proto != Q_SCTP)
3286 bpf_error("illegal qualifier of 'port'");
3287 if (pcap_nametoport(name, &port, &real_proto) == 0)
3288 bpf_error("unknown port '%s'", name);
3289 if (proto == Q_UDP) {
3290 if (real_proto == IPPROTO_TCP)
3291 bpf_error("port '%s' is tcp", name);
3292 else if (real_proto == IPPROTO_SCTP)
3293 bpf_error("port '%s' is sctp", name);
3294 else
3295 /* override PROTO_UNDEF */
3296 real_proto = IPPROTO_UDP;
3297 }
3298 if (proto == Q_TCP) {
3299 if (real_proto == IPPROTO_UDP)
3300 bpf_error("port '%s' is udp", name);
3301
3302 else if (real_proto == IPPROTO_SCTP)
3303 bpf_error("port '%s' is sctp", name);
3304 else
3305 /* override PROTO_UNDEF */
3306 real_proto = IPPROTO_TCP;
3307 }
3308 if (proto == Q_SCTP) {
3309 if (real_proto == IPPROTO_UDP)
3310 bpf_error("port '%s' is udp", name);
3311
3312 else if (real_proto == IPPROTO_TCP)
3313 bpf_error("port '%s' is tcp", name);
3314 else
3315 /* override PROTO_UNDEF */
3316 real_proto = IPPROTO_SCTP;
3317 }
3318 #ifndef INET6
3319 return gen_port(port, real_proto, dir);
3320 #else
3321 {
3322 struct block *b;
3323 b = gen_port(port, real_proto, dir);
3324 gen_or(gen_port6(port, real_proto, dir), b);
3325 return b;
3326 }
3327 #endif /* INET6 */
3328
3329 case Q_GATEWAY:
3330 #ifndef INET6
3331 eaddr = pcap_ether_hostton(name);
3332 if (eaddr == NULL)
3333 bpf_error("unknown ether host: %s", name);
3334
3335 alist = pcap_nametoaddr(name);
3336 if (alist == NULL || *alist == NULL)
3337 bpf_error("unknown host '%s'", name);
3338 b = gen_gateway(eaddr, alist, proto, dir);
3339 free(eaddr);
3340 return b;
3341 #else
3342 bpf_error("'gateway' not supported in this configuration");
3343 #endif /*INET6*/
3344
3345 case Q_PROTO:
3346 real_proto = lookup_proto(name, proto);
3347 if (real_proto >= 0)
3348 return gen_proto(real_proto, proto, dir);
3349 else
3350 bpf_error("unknown protocol: %s", name);
3351
3352 case Q_PROTOCHAIN:
3353 real_proto = lookup_proto(name, proto);
3354 if (real_proto >= 0)
3355 return gen_protochain(real_proto, proto, dir);
3356 else
3357 bpf_error("unknown protocol: %s", name);
3358
3359
3360 case Q_UNDEF:
3361 syntax();
3362 /* NOTREACHED */
3363 }
3364 abort();
3365 /* NOTREACHED */
3366 }
3367
3368 struct block *
3369 gen_mcode(s1, s2, masklen, q)
3370 register const char *s1, *s2;
3371 register int masklen;
3372 struct qual q;
3373 {
3374 register int nlen, mlen;
3375 bpf_u_int32 n, m;
3376
3377 nlen = __pcap_atoin(s1, &n);
3378 /* Promote short ipaddr */
3379 n <<= 32 - nlen;
3380
3381 if (s2 != NULL) {
3382 mlen = __pcap_atoin(s2, &m);
3383 /* Promote short ipaddr */
3384 m <<= 32 - mlen;
3385 if ((n & ~m) != 0)
3386 bpf_error("non-network bits set in \"%s mask %s\"",
3387 s1, s2);
3388 } else {
3389 /* Convert mask len to mask */
3390 if (masklen > 32)
3391 bpf_error("mask length must be <= 32");
3392 m = 0xffffffff << (32 - masklen);
3393 if ((n & ~m) != 0)
3394 bpf_error("non-network bits set in \"%s/%d\"",
3395 s1, masklen);
3396 }
3397
3398 switch (q.addr) {
3399
3400 case Q_NET:
3401 return gen_host(n, m, q.proto, q.dir);
3402
3403 default:
3404 bpf_error("Mask syntax for networks only");
3405 /* NOTREACHED */
3406 }
3407 }
3408
3409 struct block *
3410 gen_ncode(s, v, q)
3411 register const char *s;
3412 bpf_u_int32 v;
3413 struct qual q;
3414 {
3415 bpf_u_int32 mask;
3416 int proto = q.proto;
3417 int dir = q.dir;
3418 register int vlen;
3419
3420 if (s == NULL)
3421 vlen = 32;
3422 else if (q.proto == Q_DECNET)
3423 vlen = __pcap_atodn(s, &v);
3424 else
3425 vlen = __pcap_atoin(s, &v);
3426
3427 switch (q.addr) {
3428
3429 case Q_DEFAULT:
3430 case Q_HOST:
3431 case Q_NET:
3432 if (proto == Q_DECNET)
3433 return gen_host(v, 0, proto, dir);
3434 else if (proto == Q_LINK) {
3435 bpf_error("illegal link layer address");
3436 } else {
3437 mask = 0xffffffff;
3438 if (s == NULL && q.addr == Q_NET) {
3439 /* Promote short net number */
3440 while (v && (v & 0xff000000) == 0) {
3441 v <<= 8;
3442 mask <<= 8;
3443 }
3444 } else {
3445 /* Promote short ipaddr */
3446 v <<= 32 - vlen;
3447 mask <<= 32 - vlen;
3448 }
3449 return gen_host(v, mask, proto, dir);
3450 }
3451
3452 case Q_PORT:
3453 if (proto == Q_UDP)
3454 proto = IPPROTO_UDP;
3455 else if (proto == Q_TCP)
3456 proto = IPPROTO_TCP;
3457 else if (proto == Q_SCTP)
3458 proto = IPPROTO_SCTP;
3459 else if (proto == Q_DEFAULT)
3460 proto = PROTO_UNDEF;
3461 else
3462 bpf_error("illegal qualifier of 'port'");
3463
3464 #ifndef INET6
3465 return gen_port((int)v, proto, dir);
3466 #else
3467 {
3468 struct block *b;
3469 b = gen_port((int)v, proto, dir);
3470 gen_or(gen_port6((int)v, proto, dir), b);
3471 return b;
3472 }
3473 #endif /* INET6 */
3474
3475 case Q_GATEWAY:
3476 bpf_error("'gateway' requires a name");
3477 /* NOTREACHED */
3478
3479 case Q_PROTO:
3480 return gen_proto((int)v, proto, dir);
3481
3482 case Q_PROTOCHAIN:
3483 return gen_protochain((int)v, proto, dir);
3484
3485 case Q_UNDEF:
3486 syntax();
3487 /* NOTREACHED */
3488
3489 default:
3490 abort();
3491 /* NOTREACHED */
3492 }
3493 /* NOTREACHED */
3494 }
3495
3496 #ifdef INET6
3497 struct block *
3498 gen_mcode6(s1, s2, masklen, q)
3499 register const char *s1, *s2;
3500 register int masklen;
3501 struct qual q;
3502 {
3503 struct addrinfo *res;
3504 struct in6_addr *addr;
3505 struct in6_addr mask;
3506 struct block *b;
3507 u_int32_t *a, *m;
3508
3509 if (s2)
3510 bpf_error("no mask %s supported", s2);
3511
3512 res = pcap_nametoaddrinfo(s1);
3513 if (!res)
3514 bpf_error("invalid ip6 address %s", s1);
3515 if (res->ai_next)
3516 bpf_error("%s resolved to multiple address", s1);
3517 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr;
3518
3519 if (sizeof(mask) * 8 < masklen)
3520 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8));
3521 memset(&mask, 0, sizeof(mask));
3522 memset(&mask, 0xff, masklen / 8);
3523 if (masklen % 8) {
3524 mask.s6_addr[masklen / 8] =
3525 (0xff << (8 - masklen % 8)) & 0xff;
3526 }
3527
3528 a = (u_int32_t *)addr;
3529 m = (u_int32_t *)&mask;
3530 if ((a[0] & ~m[0]) || (a[1] & ~m[1])
3531 || (a[2] & ~m[2]) || (a[3] & ~m[3])) {
3532 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen);
3533 }
3534
3535 switch (q.addr) {
3536
3537 case Q_DEFAULT:
3538 case Q_HOST:
3539 if (masklen != 128)
3540 bpf_error("Mask syntax for networks only");
3541 /* FALLTHROUGH */
3542
3543 case Q_NET:
3544 b = gen_host6(addr, &mask, q.proto, q.dir);
3545 freeaddrinfo(res);
3546 return b;
3547
3548 default:
3549 bpf_error("invalid qualifier against IPv6 address");
3550 /* NOTREACHED */
3551 }
3552 }
3553 #endif /*INET6*/
3554
3555 struct block *
3556 gen_ecode(eaddr, q)
3557 register const u_char *eaddr;
3558 struct qual q;
3559 {
3560 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
3561 if (linktype == DLT_EN10MB)
3562 return gen_ehostop(eaddr, (int)q.dir);
3563 if (linktype == DLT_FDDI)
3564 return gen_fhostop(eaddr, (int)q.dir);
3565 if (linktype == DLT_IEEE802)
3566 return gen_thostop(eaddr, (int)q.dir);
3567 bpf_error("ethernet addresses supported only on ethernet, FDDI or token ring");
3568 }
3569 bpf_error("ethernet address used in non-ether expression");
3570 /* NOTREACHED */
3571 }
3572
3573 void
3574 sappend(s0, s1)
3575 struct slist *s0, *s1;
3576 {
3577 /*
3578 * This is definitely not the best way to do this, but the
3579 * lists will rarely get long.
3580 */
3581 while (s0->next)
3582 s0 = s0->next;
3583 s0->next = s1;
3584 }
3585
3586 static struct slist *
3587 xfer_to_x(a)
3588 struct arth *a;
3589 {
3590 struct slist *s;
3591
3592 s = new_stmt(BPF_LDX|BPF_MEM);
3593 s->s.k = a->regno;
3594 return s;
3595 }
3596
3597 static struct slist *
3598 xfer_to_a(a)
3599 struct arth *a;
3600 {
3601 struct slist *s;
3602
3603 s = new_stmt(BPF_LD|BPF_MEM);
3604 s->s.k = a->regno;
3605 return s;
3606 }
3607
3608 struct arth *
3609 gen_load(proto, index, size)
3610 int proto;
3611 struct arth *index;
3612 int size;
3613 {
3614 struct slist *s, *tmp;
3615 struct block *b;
3616 int regno = alloc_reg();
3617
3618 free_reg(index->regno);
3619 switch (size) {
3620
3621 default:
3622 bpf_error("data size must be 1, 2, or 4");
3623
3624 case 1:
3625 size = BPF_B;
3626 break;
3627
3628 case 2:
3629 size = BPF_H;
3630 break;
3631
3632 case 4:
3633 size = BPF_W;
3634 break;
3635 }
3636 switch (proto) {
3637 default:
3638 bpf_error("unsupported index operation");
3639
3640 case Q_LINK:
3641 s = xfer_to_x(index);
3642 tmp = new_stmt(BPF_LD|BPF_IND|size);
3643 sappend(s, tmp);
3644 sappend(index->s, s);
3645 break;
3646
3647 case Q_IP:
3648 case Q_ARP:
3649 case Q_RARP:
3650 case Q_ATALK:
3651 case Q_DECNET:
3652 case Q_SCA:
3653 case Q_LAT:
3654 case Q_MOPRC:
3655 case Q_MOPDL:
3656 #ifdef INET6
3657 case Q_IPV6:
3658 #endif
3659 /* XXX Note that we assume a fixed link header here. */
3660 s = xfer_to_x(index);
3661 tmp = new_stmt(BPF_LD|BPF_IND|size);
3662 tmp->s.k = off_nl;
3663 sappend(s, tmp);
3664 sappend(index->s, s);
3665
3666 b = gen_proto_abbrev(proto);
3667 if (index->b)
3668 gen_and(index->b, b);
3669 index->b = b;
3670 break;
3671
3672 case Q_SCTP:
3673 case Q_TCP:
3674 case Q_UDP:
3675 case Q_ICMP:
3676 case Q_IGMP:
3677 case Q_IGRP:
3678 case Q_PIM:
3679 case Q_VRRP:
3680 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
3681 s->s.k = off_nl;
3682 sappend(s, xfer_to_a(index));
3683 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X));
3684 sappend(s, new_stmt(BPF_MISC|BPF_TAX));
3685 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size));
3686 tmp->s.k = off_nl;
3687 sappend(index->s, s);
3688
3689 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag());
3690 if (index->b)
3691 gen_and(index->b, b);
3692 #ifdef INET6
3693 gen_and(gen_proto_abbrev(Q_IP), b);
3694 #endif
3695 index->b = b;
3696 break;
3697 #ifdef INET6
3698 case Q_ICMPV6:
3699 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]");
3700 /*NOTREACHED*/
3701 #endif
3702 }
3703 index->regno = regno;
3704 s = new_stmt(BPF_ST);
3705 s->s.k = regno;
3706 sappend(index->s, s);
3707
3708 return index;
3709 }
3710
3711 struct block *
3712 gen_relation(code, a0, a1, reversed)
3713 int code;
3714 struct arth *a0, *a1;
3715 int reversed;
3716 {
3717 struct slist *s0, *s1, *s2;
3718 struct block *b, *tmp;
3719
3720 s0 = xfer_to_x(a1);
3721 s1 = xfer_to_a(a0);
3722 if (code == BPF_JEQ) {
3723 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X);
3724 b = new_block(JMP(code));
3725 sappend(s1, s2);
3726 }
3727 else
3728 b = new_block(BPF_JMP|code|BPF_X);
3729 if (reversed)
3730 gen_not(b);
3731
3732 sappend(s0, s1);
3733 sappend(a1->s, s0);
3734 sappend(a0->s, a1->s);
3735
3736 b->stmts = a0->s;
3737
3738 free_reg(a0->regno);
3739 free_reg(a1->regno);
3740
3741 /* 'and' together protocol checks */
3742 if (a0->b) {
3743 if (a1->b) {
3744 gen_and(a0->b, tmp = a1->b);
3745 }
3746 else
3747 tmp = a0->b;
3748 } else
3749 tmp = a1->b;
3750
3751 if (tmp)
3752 gen_and(tmp, b);
3753
3754 return b;
3755 }
3756
3757 struct arth *
3758 gen_loadlen()
3759 {
3760 int regno = alloc_reg();
3761 struct arth *a = (struct arth *)newchunk(sizeof(*a));
3762 struct slist *s;
3763
3764 s = new_stmt(BPF_LD|BPF_LEN);
3765 s->next = new_stmt(BPF_ST);
3766 s->next->s.k = regno;
3767 a->s = s;
3768 a->regno = regno;
3769
3770 return a;
3771 }
3772
3773 struct arth *
3774 gen_loadi(val)
3775 int val;
3776 {
3777 struct arth *a;
3778 struct slist *s;
3779 int reg;
3780
3781 a = (struct arth *)newchunk(sizeof(*a));
3782
3783 reg = alloc_reg();
3784
3785 s = new_stmt(BPF_LD|BPF_IMM);
3786 s->s.k = val;
3787 s->next = new_stmt(BPF_ST);
3788 s->next->s.k = reg;
3789 a->s = s;
3790 a->regno = reg;
3791
3792 return a;
3793 }
3794
3795 struct arth *
3796 gen_neg(a)
3797 struct arth *a;
3798 {
3799 struct slist *s;
3800
3801 s = xfer_to_a(a);
3802 sappend(a->s, s);
3803 s = new_stmt(BPF_ALU|BPF_NEG);
3804 s->s.k = 0;
3805 sappend(a->s, s);
3806 s = new_stmt(BPF_ST);
3807 s->s.k = a->regno;
3808 sappend(a->s, s);
3809
3810 return a;
3811 }
3812
3813 struct arth *
3814 gen_arth(code, a0, a1)
3815 int code;
3816 struct arth *a0, *a1;
3817 {
3818 struct slist *s0, *s1, *s2;
3819
3820 s0 = xfer_to_x(a1);
3821 s1 = xfer_to_a(a0);
3822 s2 = new_stmt(BPF_ALU|BPF_X|code);
3823
3824 sappend(s1, s2);
3825 sappend(s0, s1);
3826 sappend(a1->s, s0);
3827 sappend(a0->s, a1->s);
3828
3829 free_reg(a0->regno);
3830 free_reg(a1->regno);
3831
3832 s0 = new_stmt(BPF_ST);
3833 a0->regno = s0->s.k = alloc_reg();
3834 sappend(a0->s, s0);
3835
3836 return a0;
3837 }
3838
3839 /*
3840 * Here we handle simple allocation of the scratch registers.
3841 * If too many registers are alloc'd, the allocator punts.
3842 */
3843 static int regused[BPF_MEMWORDS];
3844 static int curreg;
3845
3846 /*
3847 * Return the next free register.
3848 */
3849 static int
3850 alloc_reg()
3851 {
3852 int n = BPF_MEMWORDS;
3853
3854 while (--n >= 0) {
3855 if (regused[curreg])
3856 curreg = (curreg + 1) % BPF_MEMWORDS;
3857 else {
3858 regused[curreg] = 1;
3859 return curreg;
3860 }
3861 }
3862 bpf_error("too many registers needed to evaluate expression");
3863 /* NOTREACHED */
3864 }
3865
3866 /*
3867 * Return a register to the table so it can
3868 * be used later.
3869 */
3870 static void
3871 free_reg(n)
3872 int n;
3873 {
3874 regused[n] = 0;
3875 }
3876
3877 static struct block *
3878 gen_len(jmp, n)
3879 int jmp, n;
3880 {
3881 struct slist *s;
3882 struct block *b;
3883
3884 s = new_stmt(BPF_LD|BPF_LEN);
3885 b = new_block(JMP(jmp));
3886 b->stmts = s;
3887 b->s.k = n;
3888
3889 return b;
3890 }
3891
3892 struct block *
3893 gen_greater(n)
3894 int n;
3895 {
3896 return gen_len(BPF_JGE, n);
3897 }
3898
3899 /*
3900 * Actually, this is less than or equal.
3901 */
3902 struct block *
3903 gen_less(n)
3904 int n;
3905 {
3906 struct block *b;
3907
3908 b = gen_len(BPF_JGT, n);
3909 gen_not(b);
3910
3911 return b;
3912 }
3913
3914 struct block *
3915 gen_byteop(op, idx, val)
3916 int op, idx, val;
3917 {
3918 struct block *b;
3919 struct slist *s;
3920
3921 switch (op) {
3922 default:
3923 abort();
3924
3925 case '=':
3926 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
3927
3928 case '<':
3929 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
3930 b->s.code = JMP(BPF_JGE);
3931 gen_not(b);
3932 return b;
3933
3934 case '>':
3935 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
3936 b->s.code = JMP(BPF_JGT);
3937 return b;
3938
3939 case '|':
3940 s = new_stmt(BPF_ALU|BPF_OR|BPF_K);
3941 break;
3942
3943 case '&':
3944 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
3945 break;
3946 }
3947 s->s.k = val;
3948 b = new_block(JMP(BPF_JEQ));
3949 b->stmts = s;
3950 gen_not(b);
3951
3952 return b;
3953 }
3954
3955 static u_char abroadcast[] = { 0x0 };
3956
3957 struct block *
3958 gen_broadcast(proto)
3959 int proto;
3960 {
3961 bpf_u_int32 hostmask;
3962 struct block *b0, *b1, *b2;
3963 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
3964
3965 switch (proto) {
3966
3967 case Q_DEFAULT:
3968 case Q_LINK:
3969 if (linktype == DLT_ARCNET)
3970 return gen_ahostop(abroadcast, Q_DST);
3971 if (linktype == DLT_EN10MB)
3972 return gen_ehostop(ebroadcast, Q_DST);
3973 if (linktype == DLT_FDDI)
3974 return gen_fhostop(ebroadcast, Q_DST);
3975 if (linktype == DLT_IEEE802)
3976 return gen_thostop(ebroadcast, Q_DST);
3977 bpf_error("not a broadcast link");
3978 break;
3979
3980 case Q_IP:
3981 b0 = gen_linktype(ETHERTYPE_IP);
3982 hostmask = ~netmask;
3983 b1 = gen_mcmp(off_nl + 16, BPF_W, (bpf_int32)0, hostmask);
3984 b2 = gen_mcmp(off_nl + 16, BPF_W,
3985 (bpf_int32)(~0 & hostmask), hostmask);
3986 gen_or(b1, b2);
3987 gen_and(b0, b2);
3988 return b2;
3989 }
3990 bpf_error("only ether/ip broadcast filters supported");
3991 }
3992
3993 struct block *
3994 gen_multicast(proto)
3995 int proto;
3996 {
3997 register struct block *b0, *b1;
3998 register struct slist *s;
3999
4000 switch (proto) {
4001
4002 case Q_DEFAULT:
4003 case Q_LINK:
4004 if (linktype == DLT_ARCNET)
4005 /* all ARCnet multicasts use the same address */
4006 return gen_ahostop(abroadcast, Q_DST);
4007
4008 if (linktype == DLT_EN10MB) {
4009 /* ether[0] & 1 != 0 */
4010 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4011 s->s.k = 0;
4012 b0 = new_block(JMP(BPF_JSET));
4013 b0->s.k = 1;
4014 b0->stmts = s;
4015 return b0;
4016 }
4017
4018 if (linktype == DLT_FDDI) {
4019 /* XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX */
4020 /* fddi[1] & 1 != 0 */
4021 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4022 s->s.k = 1;
4023 b0 = new_block(JMP(BPF_JSET));
4024 b0->s.k = 1;
4025 b0->stmts = s;
4026 return b0;
4027 }
4028
4029 /* TODO - check how token ring handles multicast */
4030 /* if (linktype == DLT_IEEE802) ... */
4031
4032 /* Link not known to support multicasts */
4033 break;
4034
4035 case Q_IP:
4036 b0 = gen_linktype(ETHERTYPE_IP);
4037 b1 = gen_cmp(off_nl + 16, BPF_B, (bpf_int32)224);
4038 b1->s.code = JMP(BPF_JGE);
4039 gen_and(b0, b1);
4040 return b1;
4041
4042 #ifdef INET6
4043 case Q_IPV6:
4044 b0 = gen_linktype(ETHERTYPE_IPV6);
4045 b1 = gen_cmp(off_nl + 24, BPF_B, (bpf_int32)255);
4046 gen_and(b0, b1);
4047 return b1;
4048 #endif /* INET6 */
4049 }
4050 bpf_error("only IP multicast filters supported on ethernet/FDDI");
4051 }
4052
4053 /*
4054 * generate command for inbound/outbound. It's here so we can
4055 * make it link-type specific. 'dir' = 0 implies "inbound",
4056 * = 1 implies "outbound".
4057 */
4058 struct block *
4059 gen_inbound(dir)
4060 int dir;
4061 {
4062 register struct block *b0;
4063
4064 /*
4065 * Only some data link types support inbound/outbound qualifiers.
4066 */
4067 switch (linktype) {
4068 case DLT_SLIP:
4069 case DLT_PPP:
4070 b0 = gen_relation(BPF_JEQ,
4071 gen_load(Q_LINK, gen_loadi(0), 1),
4072 gen_loadi(0),
4073 dir);
4074 break;
4075
4076 default:
4077 bpf_error("inbound/outbound not supported on linktype %d\n",
4078 linktype);
4079 b0 = NULL;
4080 /* NOTREACHED */
4081 }
4082 return (b0);
4083 }
4084
4085 struct block *
4086 gen_acode(eaddr, q)
4087 register const u_char *eaddr;
4088 struct qual q;
4089 {
4090 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
4091 if (linktype == DLT_ARCNET)
4092 return gen_ahostop(eaddr, (int)q.dir);
4093 }
4094 bpf_error("ARCnet address used in non-arc expression");
4095 /* NOTREACHED */
4096 }
4097
4098 static struct block *
4099 gen_ahostop(eaddr, dir)
4100 register const u_char *eaddr;
4101 register int dir;
4102 {
4103 register struct block *b0, *b1;
4104
4105 switch (dir) {
4106 /* src comes first, different from Ethernet */
4107 case Q_SRC:
4108 return gen_bcmp(0, 1, eaddr);
4109
4110 case Q_DST:
4111 return gen_bcmp(1, 1, eaddr);
4112
4113 case Q_AND:
4114 b0 = gen_ahostop(eaddr, Q_SRC);
4115 b1 = gen_ahostop(eaddr, Q_DST);
4116 gen_and(b0, b1);
4117 return b1;
4118
4119 case Q_DEFAULT:
4120 case Q_OR:
4121 b0 = gen_ahostop(eaddr, Q_SRC);
4122 b1 = gen_ahostop(eaddr, Q_DST);
4123 gen_or(b0, b1);
4124 return b1;
4125 }
4126 abort();
4127 /* NOTREACHED */
4128 }
4129
4130 /*
4131 * support IEEE 802.1Q VLAN trunk over ethernet
4132 */
4133 struct block *
4134 gen_vlan(vlan_num)
4135 int vlan_num;
4136 {
4137 struct block *b0;
4138
4139 /*
4140 * Change the offsets to point to the type and data fields within
4141 * the VLAN packet. This is somewhat of a kludge.
4142 */
4143 if (orig_nl == (u_int)-1) {
4144 orig_linktype = off_linktype; /* save original values */
4145 orig_nl = off_nl;
4146 orig_nl_nosnap = off_nl_nosnap;
4147
4148 switch (linktype) {
4149
4150 case DLT_EN10MB:
4151 off_linktype = 16;
4152 off_nl_nosnap = 18;
4153 off_nl = 18;
4154 break;
4155
4156 default:
4157 bpf_error("no VLAN support for data link type %d",
4158 linktype);
4159 /*NOTREACHED*/
4160 }
4161 }
4162
4163 /* check for VLAN */
4164 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q);
4165
4166 /* If a specific VLAN is requested, check VLAN id */
4167 if (vlan_num >= 0) {
4168 struct block *b1;
4169
4170 b1 = gen_cmp(orig_nl, BPF_H, (bpf_int32)vlan_num);
4171 gen_and(b0, b1);
4172 b0 = b1;
4173 }
4174
4175 return (b0);
4176 }
4177
4178 struct block *
4179 gen_atmfield_code(atmfield, jvalue, jtype, reverse)
4180 int atmfield;
4181 bpf_u_int32 jvalue;
4182 bpf_u_int32 jtype;
4183 int reverse;
4184 {
4185 struct block *b0;
4186
4187 switch (atmfield) {
4188
4189 case A_VPI:
4190 if (!is_atm)
4191 bpf_error("'vpi' supported only on raw ATM");
4192 if (off_vpi == -1)
4193 abort();
4194 b0 = gen_ncmp(BPF_B, off_vpi, 0xffffffff, (u_int)jtype,
4195 (u_int)jvalue, reverse);
4196 break;
4197
4198 case A_VCI:
4199 if (!is_atm)
4200 bpf_error("'vci' supported only on raw ATM");
4201 if (off_vci == -1)
4202 abort();
4203 b0 = gen_ncmp(BPF_H, off_vci, 0xffffffff, (u_int)jtype,
4204 (u_int)jvalue, reverse);
4205 break;
4206
4207 case A_PROTOTYPE:
4208 if (off_proto == -1)
4209 abort(); /* XXX - this isn't on FreeBSD */
4210 b0 = gen_ncmp(BPF_B, off_proto, 0x0f, (u_int)jtype,
4211 (u_int)jvalue, reverse);
4212 break;
4213
4214 case A_MSGTYPE:
4215 if (off_msg_type == -1)
4216 abort();
4217 b0 = gen_ncmp(BPF_B, off_msg_type, 0xffffffff,
4218 (u_int)jtype, (u_int)jvalue, reverse);
4219 break;
4220
4221 case A_CALLREFTYPE:
4222 if (!is_atm)
4223 bpf_error("'callref' supported only on raw ATM");
4224 if (off_proto == -1)
4225 abort();
4226 b0 = gen_ncmp(BPF_B, off_proto, 0xffffffff, (u_int)jtype,
4227 (u_int)jvalue, reverse);
4228 break;
4229
4230 default:
4231 abort();
4232 }
4233 return b0;
4234 }
4235
4236 struct block *
4237 gen_atmtype_abbrev(type)
4238 int type;
4239 {
4240 struct block *b0, *b1;
4241
4242 switch (type) {
4243
4244 case A_METAC:
4245 /* Get all packets in Meta signalling Circuit */
4246 if (!is_atm)
4247 bpf_error("'metac' supported only on raw ATM");
4248 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
4249 b1 = gen_atmfield_code(A_VCI, 1, BPF_JEQ, 0);
4250 gen_and(b0, b1);
4251 break;
4252
4253 case A_BCC:
4254 /* Get all packets in Broadcast Circuit*/
4255 if (!is_atm)
4256 bpf_error("'bcc' supported only on raw ATM");
4257 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
4258 b1 = gen_atmfield_code(A_VCI, 2, BPF_JEQ, 0);
4259 gen_and(b0, b1);
4260 break;
4261
4262 case A_OAMF4SC:
4263 /* Get all cells in Segment OAM F4 circuit*/
4264 if (!is_atm)
4265 bpf_error("'oam4sc' supported only on raw ATM");
4266 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
4267 b1 = gen_atmfield_code(A_VCI, 3, BPF_JEQ, 0);
4268 gen_and(b0, b1);
4269 break;
4270
4271 case A_OAMF4EC:
4272 /* Get all cells in End-to-End OAM F4 Circuit*/
4273 if (!is_atm)
4274 bpf_error("'oam4ec' supported only on raw ATM");
4275 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
4276 b1 = gen_atmfield_code(A_VCI, 4, BPF_JEQ, 0);
4277 gen_and(b0, b1);
4278 break;
4279
4280 case A_SC:
4281 /* Get all packets in connection Signalling Circuit */
4282 if (!is_atm)
4283 bpf_error("'sc' supported only on raw ATM");
4284 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
4285 b1 = gen_atmfield_code(A_VCI, 5, BPF_JEQ, 0);
4286 gen_and(b0, b1);
4287 break;
4288
4289 case A_ILMIC:
4290 /* Get all packets in ILMI Circuit */
4291 if (!is_atm)
4292 bpf_error("'ilmic' supported only on raw ATM");
4293 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
4294 b1 = gen_atmfield_code(A_VCI, 16, BPF_JEQ, 0);
4295 gen_and(b0, b1);
4296 break;
4297
4298 case A_LANE:
4299 /* Get all LANE packets */
4300 if (!is_atm)
4301 bpf_error("'lane' supported only on raw ATM");
4302 b1 = gen_atmfield_code(A_PROTOTYPE, PT_LANE, BPF_JEQ, 0);
4303 break;
4304
4305 case A_LLC:
4306 /* Get all LLC-encapsulated packets */
4307 if (!is_atm)
4308 bpf_error("'llc' supported only on raw ATM");
4309 b1 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0);
4310 break;
4311
4312 default:
4313 abort();
4314 }
4315 return b1;
4316 }
4317
4318
4319 static struct block *
4320 gen_msg_abbrev(type)
4321 int type;
4322 {
4323 struct block *b1;
4324
4325 /*
4326 * Q.2931 signalling protocol messages for handling virtual circuits
4327 * establishment and teardown
4328 */
4329 switch (type) {
4330
4331 case A_SETUP:
4332 b1 = gen_atmfield_code(A_MSGTYPE, SETUP, BPF_JEQ, 0);
4333 break;
4334
4335 case A_CALLPROCEED:
4336 b1 = gen_atmfield_code(A_MSGTYPE, CALL_PROCEED, BPF_JEQ, 0);
4337 break;
4338
4339 case A_CONNECT:
4340 b1 = gen_atmfield_code(A_MSGTYPE, CONNECT, BPF_JEQ, 0);
4341 break;
4342
4343 case A_CONNECTACK:
4344 b1 = gen_atmfield_code(A_MSGTYPE, CONNECT_ACK, BPF_JEQ, 0);
4345 break;
4346
4347 case A_RELEASE:
4348 b1 = gen_atmfield_code(A_MSGTYPE, RELEASE, BPF_JEQ, 0);
4349 break;
4350
4351 case A_RELEASE_DONE:
4352 b1 = gen_atmfield_code(A_MSGTYPE, RELEASE_DONE, BPF_JEQ, 0);
4353 break;
4354
4355 default:
4356 abort();
4357 }
4358 return b1;
4359 }
4360
4361 struct block *
4362 gen_atmmulti_abbrev(type)
4363 int type;
4364 {
4365 struct block *b0, *b1;
4366
4367 switch (type) {
4368
4369 case A_OAM:
4370 if (!is_atm)
4371 bpf_error("'oam' supported only on raw ATM");
4372 b1 = gen_atmmulti_abbrev(A_OAMF4);
4373 break;
4374
4375 case A_OAMF4:
4376 if (!is_atm)
4377 bpf_error("'oamf4' supported only on raw ATM");
4378 /* OAM F4 type */
4379 b0 = gen_atmfield_code(A_VCI, 3, BPF_JEQ, 0);
4380 b1 = gen_atmfield_code(A_VCI, 4, BPF_JEQ, 0);
4381 gen_or(b0, b1);
4382 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
4383 gen_and(b0, b1);
4384 break;
4385
4386 case A_CONNECTMSG:
4387 /*
4388 * Get Q.2931 signalling messages for switched
4389 * virtual connection
4390 */
4391 if (!is_atm)
4392 bpf_error("'connectmsg' supported only on raw ATM");
4393 b0 = gen_msg_abbrev(A_SETUP);
4394 b1 = gen_msg_abbrev(A_CALLPROCEED);
4395 gen_or(b0, b1);
4396 b0 = gen_msg_abbrev(A_CONNECT);
4397 gen_or(b0, b1);
4398 b0 = gen_msg_abbrev(A_CONNECTACK);
4399 gen_or(b0, b1);
4400 b0 = gen_msg_abbrev(A_RELEASE);
4401 gen_or(b0, b1);
4402 b0 = gen_msg_abbrev(A_RELEASE_DONE);
4403 gen_or(b0, b1);
4404 b0 = gen_atmtype_abbrev(A_SC);
4405 gen_and(b0, b1);
4406 break;
4407
4408 case A_METACONNECT:
4409 if (!is_atm)
4410 bpf_error("'metaconnect' supported only on raw ATM");
4411 b0 = gen_msg_abbrev(A_SETUP);
4412 b1 = gen_msg_abbrev(A_CALLPROCEED);
4413 gen_or(b0, b1);
4414 b0 = gen_msg_abbrev(A_CONNECT);
4415 gen_or(b0, b1);
4416 b0 = gen_msg_abbrev(A_RELEASE);
4417 gen_or(b0, b1);
4418 b0 = gen_msg_abbrev(A_RELEASE_DONE);
4419 gen_or(b0, b1);
4420 b0 = gen_atmtype_abbrev(A_METAC);
4421 gen_and(b0, b1);
4422 break;
4423
4424 default:
4425 abort();
4426 }
4427 return b1;
4428 }
[mirror] the LIBpcap interface to various kernel packet capture mechanism