]> The Tcpdump Group git mirrors - libpcap/blob - gencode.c
projects / libpcap / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Add routines to generate code to load values relative to the beginning
[libpcap] / gencode.c
1 /*#define CHASE_CHAIN*/
2 /*
3 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998
4 * The Regents of the University of California. All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that: (1) source code distributions
8 * retain the above copyright notice and this paragraph in its entirety, (2)
9 * distributions including binary code include the above copyright notice and
10 * this paragraph in its entirety in the documentation or other materials
11 * provided with the distribution, and (3) all advertising materials mentioning
12 * features or use of this software display the following acknowledgement:
13 * ``This product includes software developed by the University of California,
14 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
15 * the University nor the names of its contributors may be used to endorse
16 * or promote products derived from this software without specific prior
17 * written permission.
18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
19 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
20 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
21 */
22 #ifndef lint
23 static const char rcsid[] _U_ =
24 "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.221.2.9 2005-05-01 00:38:34 guy Exp $ (LBL)";
25 #endif
26
27 #ifdef HAVE_CONFIG_H
28 #include "config.h"
29 #endif
30
31 #ifdef WIN32
32 #include <pcap-stdinc.h>
33 #else /* WIN32 */
34 #include <sys/types.h>
35 #include <sys/socket.h>
36 #endif /* WIN32 */
37
38 /*
39 * XXX - why was this included even on UNIX?
40 */
41 #ifdef __MINGW32__
42 #include "IP6_misc.h"
43 #endif
44
45 #ifndef WIN32
46
47 #ifdef __NetBSD__
48 #include <sys/param.h>
49 #endif
50
51 #include <netinet/in.h>
52
53 #endif /* WIN32 */
54
55 #include <stdlib.h>
56 #include <string.h>
57 #include <memory.h>
58 #include <setjmp.h>
59 #include <stdarg.h>
60
61 #ifdef MSDOS
62 #include "pcap-dos.h"
63 #endif
64
65 #include "pcap-int.h"
66
67 #include "ethertype.h"
68 #include "nlpid.h"
69 #include "llc.h"
70 #include "gencode.h"
71 #include "atmuni31.h"
72 #include "sunatmpos.h"
73 #include "ppp.h"
74 #include "sll.h"
75 #include "arcnet.h"
76 #include "pf.h"
77 #ifndef offsetof
78 #define offsetof(s, e) ((size_t)&((s *)0)->e)
79 #endif
80 #ifdef INET6
81 #ifndef WIN32
82 #include <netdb.h> /* for "struct addrinfo" */
83 #endif /* WIN32 */
84 #endif /*INET6*/
85 #include <pcap-namedb.h>
86
87 #define ETHERMTU 1500
88
89 #ifndef IPPROTO_SCTP
90 #define IPPROTO_SCTP 132
91 #endif
92
93 #ifdef HAVE_OS_PROTO_H
94 #include "os-proto.h"
95 #endif
96
97 #define JMP(c) ((c)|BPF_JMP|BPF_K)
98
99 /* Locals */
100 static jmp_buf top_ctx;
101 static pcap_t *bpf_pcap;
102
103 /* Hack for updating VLAN, MPLS offsets. */
104 static u_int orig_linktype = -1U, orig_nl = -1U;
105
106 /* XXX */
107 #ifdef PCAP_FDDIPAD
108 static int pcap_fddipad;
109 #endif
110
111 /* VARARGS */
112 void
113 bpf_error(const char *fmt, ...)
114 {
115 va_list ap;
116
117 va_start(ap, fmt);
118 if (bpf_pcap != NULL)
119 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE,
120 fmt, ap);
121 va_end(ap);
122 longjmp(top_ctx, 1);
123 /* NOTREACHED */
124 }
125
126 static void init_linktype(pcap_t *);
127
128 static int alloc_reg(void);
129 static void free_reg(int);
130
131 static struct block *root;
132
133 /*
134 * We divy out chunks of memory rather than call malloc each time so
135 * we don't have to worry about leaking memory. It's probably
136 * not a big deal if all this memory was wasted but if this ever
137 * goes into a library that would probably not be a good idea.
138 *
139 * XXX - this *is* in a library....
140 */
141 #define NCHUNKS 16
142 #define CHUNK0SIZE 1024
143 struct chunk {
144 u_int n_left;
145 void *m;
146 };
147
148 static struct chunk chunks[NCHUNKS];
149 static int cur_chunk;
150
151 static void *newchunk(u_int);
152 static void freechunks(void);
153 static inline struct block *new_block(int);
154 static inline struct slist *new_stmt(int);
155 static struct block *gen_retblk(int);
156 static inline void syntax(void);
157
158 static void backpatch(struct block *, struct block *);
159 static void merge(struct block *, struct block *);
160 static struct block *gen_cmp(u_int, u_int, bpf_int32);
161 static struct block *gen_cmp_gt(u_int, u_int, bpf_int32);
162 static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32);
163 static struct block *gen_bcmp(u_int, u_int, const u_char *);
164 static struct block *gen_ncmp(bpf_u_int32, bpf_u_int32, bpf_u_int32,
165 bpf_u_int32, bpf_u_int32, int);
166 static struct slist *gen_load_llrel(u_int, u_int);
167 static struct slist *gen_load_nlrel(u_int, u_int);
168 static struct slist *gen_load_ipv4tlrel(u_int, u_int);
169 static struct block *gen_uncond(int);
170 static inline struct block *gen_true(void);
171 static inline struct block *gen_false(void);
172 static struct block *gen_ether_linktype(int);
173 static struct block *gen_linux_sll_linktype(int);
174 static struct block *gen_linktype(int);
175 static struct block *gen_snap(bpf_u_int32, bpf_u_int32, u_int);
176 static struct block *gen_llc_linktype(int);
177 static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int);
178 #ifdef INET6
179 static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int);
180 #endif
181 static struct block *gen_ahostop(const u_char *, int);
182 static struct block *gen_ehostop(const u_char *, int);
183 static struct block *gen_fhostop(const u_char *, int);
184 static struct block *gen_thostop(const u_char *, int);
185 static struct block *gen_wlanhostop(const u_char *, int);
186 static struct block *gen_ipfchostop(const u_char *, int);
187 static struct block *gen_dnhostop(bpf_u_int32, int, u_int);
188 static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int);
189 #ifdef INET6
190 static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int);
191 #endif
192 #ifndef INET6
193 static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int);
194 #endif
195 static struct block *gen_ipfrag(void);
196 static struct block *gen_portatom(int, bpf_int32);
197 static struct block *gen_portrangeatom(int, bpf_int32, bpf_int32);
198 #ifdef INET6
199 static struct block *gen_portatom6(int, bpf_int32);
200 static struct block *gen_portrangeatom6(int, bpf_int32, bpf_int32);
201 #endif
202 struct block *gen_portop(int, int, int);
203 static struct block *gen_port(int, int, int);
204 struct block *gen_portrangeop(int, int, int, int);
205 static struct block *gen_portrange(int, int, int, int);
206 #ifdef INET6
207 struct block *gen_portop6(int, int, int);
208 static struct block *gen_port6(int, int, int);
209 struct block *gen_portrangeop6(int, int, int, int);
210 static struct block *gen_portrange6(int, int, int, int);
211 #endif
212 static int lookup_proto(const char *, int);
213 static struct block *gen_protochain(int, int, int);
214 static struct block *gen_proto(int, int, int);
215 static struct slist *xfer_to_x(struct arth *);
216 static struct slist *xfer_to_a(struct arth *);
217 static struct block *gen_mac_multicast(int);
218 static struct block *gen_len(int, int);
219
220 static struct block *gen_msg_abbrev(int type);
221
222 static void *
223 newchunk(n)
224 u_int n;
225 {
226 struct chunk *cp;
227 int k;
228 size_t size;
229
230 #ifndef __NetBSD__
231 /* XXX Round up to nearest long. */
232 n = (n + sizeof(long) - 1) & ~(sizeof(long) - 1);
233 #else
234 /* XXX Round up to structure boundary. */
235 n = ALIGN(n);
236 #endif
237
238 cp = &chunks[cur_chunk];
239 if (n > cp->n_left) {
240 ++cp, k = ++cur_chunk;
241 if (k >= NCHUNKS)
242 bpf_error("out of memory");
243 size = CHUNK0SIZE << k;
244 cp->m = (void *)malloc(size);
245 if (cp->m == NULL)
246 bpf_error("out of memory");
247 memset((char *)cp->m, 0, size);
248 cp->n_left = size;
249 if (n > size)
250 bpf_error("out of memory");
251 }
252 cp->n_left -= n;
253 return (void *)((char *)cp->m + cp->n_left);
254 }
255
256 static void
257 freechunks()
258 {
259 int i;
260
261 cur_chunk = 0;
262 for (i = 0; i < NCHUNKS; ++i)
263 if (chunks[i].m != NULL) {
264 free(chunks[i].m);
265 chunks[i].m = NULL;
266 }
267 }
268
269 /*
270 * A strdup whose allocations are freed after code generation is over.
271 */
272 char *
273 sdup(s)
274 register const char *s;
275 {
276 int n = strlen(s) + 1;
277 char *cp = newchunk(n);
278
279 strlcpy(cp, s, n);
280 return (cp);
281 }
282
283 static inline struct block *
284 new_block(code)
285 int code;
286 {
287 struct block *p;
288
289 p = (struct block *)newchunk(sizeof(*p));
290 p->s.code = code;
291 p->head = p;
292
293 return p;
294 }
295
296 static inline struct slist *
297 new_stmt(code)
298 int code;
299 {
300 struct slist *p;
301
302 p = (struct slist *)newchunk(sizeof(*p));
303 p->s.code = code;
304
305 return p;
306 }
307
308 static struct block *
309 gen_retblk(v)
310 int v;
311 {
312 struct block *b = new_block(BPF_RET|BPF_K);
313
314 b->s.k = v;
315 return b;
316 }
317
318 static inline void
319 syntax()
320 {
321 bpf_error("syntax error in filter expression");
322 }
323
324 static bpf_u_int32 netmask;
325 static int snaplen;
326 int no_optimize;
327
328 int
329 pcap_compile(pcap_t *p, struct bpf_program *program,
330 char *buf, int optimize, bpf_u_int32 mask)
331 {
332 extern int n_errors;
333 int len;
334
335 no_optimize = 0;
336 n_errors = 0;
337 root = NULL;
338 bpf_pcap = p;
339 if (setjmp(top_ctx)) {
340 lex_cleanup();
341 freechunks();
342 return (-1);
343 }
344
345 netmask = mask;
346
347 snaplen = pcap_snapshot(p);
348 if (snaplen == 0) {
349 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
350 "snaplen of 0 rejects all packets");
351 return -1;
352 }
353
354 lex_init(buf ? buf : "");
355 init_linktype(p);
356 (void)pcap_parse();
357
358 if (n_errors)
359 syntax();
360
361 if (root == NULL)
362 root = gen_retblk(snaplen);
363
364 if (optimize && !no_optimize) {
365 bpf_optimize(&root);
366 if (root == NULL ||
367 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0))
368 bpf_error("expression rejects all packets");
369 }
370 program->bf_insns = icode_to_fcode(root, &len);
371 program->bf_len = len;
372
373 lex_cleanup();
374 freechunks();
375 return (0);
376 }
377
378 /*
379 * entry point for using the compiler with no pcap open
380 * pass in all the stuff that is needed explicitly instead.
381 */
382 int
383 pcap_compile_nopcap(int snaplen_arg, int linktype_arg,
384 struct bpf_program *program,
385 char *buf, int optimize, bpf_u_int32 mask)
386 {
387 pcap_t *p;
388 int ret;
389
390 p = pcap_open_dead(linktype_arg, snaplen_arg);
391 if (p == NULL)
392 return (-1);
393 ret = pcap_compile(p, program, buf, optimize, mask);
394 pcap_close(p);
395 return (ret);
396 }
397
398 /*
399 * Clean up a "struct bpf_program" by freeing all the memory allocated
400 * in it.
401 */
402 void
403 pcap_freecode(struct bpf_program *program)
404 {
405 program->bf_len = 0;
406 if (program->bf_insns != NULL) {
407 free((char *)program->bf_insns);
408 program->bf_insns = NULL;
409 }
410 }
411
412 /*
413 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates
414 * which of the jt and jf fields has been resolved and which is a pointer
415 * back to another unresolved block (or nil). At least one of the fields
416 * in each block is already resolved.
417 */
418 static void
419 backpatch(list, target)
420 struct block *list, *target;
421 {
422 struct block *next;
423
424 while (list) {
425 if (!list->sense) {
426 next = JT(list);
427 JT(list) = target;
428 } else {
429 next = JF(list);
430 JF(list) = target;
431 }
432 list = next;
433 }
434 }
435
436 /*
437 * Merge the lists in b0 and b1, using the 'sense' field to indicate
438 * which of jt and jf is the link.
439 */
440 static void
441 merge(b0, b1)
442 struct block *b0, *b1;
443 {
444 register struct block **p = &b0;
445
446 /* Find end of list. */
447 while (*p)
448 p = !((*p)->sense) ? &JT(*p) : &JF(*p);
449
450 /* Concatenate the lists. */
451 *p = b1;
452 }
453
454 void
455 finish_parse(p)
456 struct block *p;
457 {
458 backpatch(p, gen_retblk(snaplen));
459 p->sense = !p->sense;
460 backpatch(p, gen_retblk(0));
461 root = p->head;
462 }
463
464 void
465 gen_and(b0, b1)
466 struct block *b0, *b1;
467 {
468 backpatch(b0, b1->head);
469 b0->sense = !b0->sense;
470 b1->sense = !b1->sense;
471 merge(b1, b0);
472 b1->sense = !b1->sense;
473 b1->head = b0->head;
474 }
475
476 void
477 gen_or(b0, b1)
478 struct block *b0, *b1;
479 {
480 b0->sense = !b0->sense;
481 backpatch(b0, b1->head);
482 b0->sense = !b0->sense;
483 merge(b1, b0);
484 b1->head = b0->head;
485 }
486
487 void
488 gen_not(b)
489 struct block *b;
490 {
491 b->sense = !b->sense;
492 }
493
494 static struct block *
495 gen_cmp(offset, size, v)
496 u_int offset, size;
497 bpf_int32 v;
498 {
499 struct slist *s;
500 struct block *b;
501
502 s = gen_load_llrel(offset, size);
503
504 b = new_block(JMP(BPF_JEQ));
505 b->stmts = s;
506 b->s.k = v;
507
508 return b;
509 }
510
511 static struct block *
512 gen_cmp_gt(offset, size, v)
513 u_int offset, size;
514 bpf_int32 v;
515 {
516 struct slist *s;
517 struct block *b;
518
519 s = gen_load_llrel(offset, size);
520
521 b = new_block(JMP(BPF_JGT));
522 b->stmts = s;
523 b->s.k = v;
524
525 return b;
526 }
527
528 static struct block *
529 gen_mcmp(offset, size, v, mask)
530 u_int offset, size;
531 bpf_int32 v;
532 bpf_u_int32 mask;
533 {
534 struct block *b = gen_cmp(offset, size, v);
535 struct slist *s;
536
537 if (mask != 0xffffffff) {
538 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
539 s->s.k = mask;
540 b->stmts->next = s;
541 }
542 return b;
543 }
544
545 static struct block *
546 gen_bcmp(offset, size, v)
547 register u_int offset, size;
548 register const u_char *v;
549 {
550 register struct block *b, *tmp;
551
552 b = NULL;
553 while (size >= 4) {
554 register const u_char *p = &v[size - 4];
555 bpf_int32 w = ((bpf_int32)p[0] << 24) |
556 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3];
557
558 tmp = gen_cmp(offset + size - 4, BPF_W, w);
559 if (b != NULL)
560 gen_and(b, tmp);
561 b = tmp;
562 size -= 4;
563 }
564 while (size >= 2) {
565 register const u_char *p = &v[size - 2];
566 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1];
567
568 tmp = gen_cmp(offset + size - 2, BPF_H, w);
569 if (b != NULL)
570 gen_and(b, tmp);
571 b = tmp;
572 size -= 2;
573 }
574 if (size > 0) {
575 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]);
576 if (b != NULL)
577 gen_and(b, tmp);
578 b = tmp;
579 }
580 return b;
581 }
582
583 static struct block *
584 gen_ncmp(datasize, offset, mask, jtype, jvalue, reverse)
585 bpf_u_int32 datasize, offset, mask, jtype, jvalue;
586 int reverse;
587 {
588 struct slist *s;
589 struct block *b;
590
591 s = new_stmt(BPF_LD|datasize|BPF_ABS);
592 s->s.k = offset;
593
594 if (mask != 0xffffffff) {
595 s->next = new_stmt(BPF_ALU|BPF_AND|BPF_K);
596 s->next->s.k = mask;
597 }
598
599 b = new_block(JMP(jtype));
600 b->stmts = s;
601 b->s.k = jvalue;
602 if (reverse && (jtype == BPF_JGT || jtype == BPF_JGE))
603 gen_not(b);
604 return b;
605 }
606
607 /*
608 * Various code constructs need to know the layout of the data link
609 * layer. These variables give the necessary offsets.
610 */
611
612 /*
613 * This is the offset of the beginning of the MAC-layer header.
614 * It's usually 0, except for ATM LANE.
615 */
616 static u_int off_mac;
617
618 /*
619 * "off_linktype" is the offset to information in the link-layer header
620 * giving the packet type.
621 *
622 * For Ethernet, it's the offset of the Ethernet type field.
623 *
624 * For link-layer types that always use 802.2 headers, it's the
625 * offset of the LLC header.
626 *
627 * For PPP, it's the offset of the PPP type field.
628 *
629 * For Cisco HDLC, it's the offset of the CHDLC type field.
630 *
631 * For BSD loopback, it's the offset of the AF_ value.
632 *
633 * For Linux cooked sockets, it's the offset of the type field.
634 *
635 * It's set to -1 for no encapsulation, in which case, IP is assumed.
636 */
637 static u_int off_linktype;
638
639 /*
640 * TRUE if the link layer includes an ATM pseudo-header.
641 */
642 static int is_atm = 0;
643
644 /*
645 * TRUE if "lane" appeared in the filter; it causes us to generate
646 * code that assumes LANE rather than LLC-encapsulated traffic in SunATM.
647 */
648 static int is_lane = 0;
649
650 /*
651 * These are offsets for the ATM pseudo-header.
652 */
653 static u_int off_vpi;
654 static u_int off_vci;
655 static u_int off_proto;
656
657 /*
658 * This is the offset of the first byte after the ATM pseudo_header,
659 * or -1 if there is no ATM pseudo-header.
660 */
661 static u_int off_payload;
662
663 /*
664 * These are offsets to the beginning of the network-layer header.
665 *
666 * If the link layer never uses 802.2 LLC:
667 *
668 * "off_nl" and "off_nl_nosnap" are the same.
669 *
670 * If the link layer always uses 802.2 LLC:
671 *
672 * "off_nl" is the offset if there's a SNAP header following
673 * the 802.2 header;
674 *
675 * "off_nl_nosnap" is the offset if there's no SNAP header.
676 *
677 * If the link layer is Ethernet:
678 *
679 * "off_nl" is the offset if the packet is an Ethernet II packet
680 * (we assume no 802.3+802.2+SNAP);
681 *
682 * "off_nl_nosnap" is the offset if the packet is an 802.3 packet
683 * with an 802.2 header following it.
684 */
685 static u_int off_nl;
686 static u_int off_nl_nosnap;
687
688 static int linktype;
689
690 static void
691 init_linktype(p)
692 pcap_t *p;
693 {
694 linktype = pcap_datalink(p);
695 #ifdef PCAP_FDDIPAD
696 pcap_fddipad = p->fddipad;
697 #endif
698
699 /*
700 * Assume it's not raw ATM with a pseudo-header, for now.
701 */
702 off_mac = 0;
703 is_atm = 0;
704 is_lane = 0;
705 off_vpi = -1;
706 off_vci = -1;
707 off_proto = -1;
708 off_payload = -1;
709
710 orig_linktype = -1;
711 orig_nl = -1;
712
713 switch (linktype) {
714
715 case DLT_ARCNET:
716 off_linktype = 2;
717 off_nl = 6; /* XXX in reality, variable! */
718 off_nl_nosnap = 6; /* no 802.2 LLC */
719 return;
720
721 case DLT_ARCNET_LINUX:
722 off_linktype = 4;
723 off_nl = 8; /* XXX in reality, variable! */
724 off_nl_nosnap = 8; /* no 802.2 LLC */
725 return;
726
727 case DLT_EN10MB:
728 off_linktype = 12;
729 off_nl = 14; /* Ethernet II */
730 off_nl_nosnap = 17; /* 802.3+802.2 */
731 return;
732
733 case DLT_SLIP:
734 /*
735 * SLIP doesn't have a link level type. The 16 byte
736 * header is hacked into our SLIP driver.
737 */
738 off_linktype = -1;
739 off_nl = 16;
740 off_nl_nosnap = 16; /* no 802.2 LLC */
741 return;
742
743 case DLT_SLIP_BSDOS:
744 /* XXX this may be the same as the DLT_PPP_BSDOS case */
745 off_linktype = -1;
746 /* XXX end */
747 off_nl = 24;
748 off_nl_nosnap = 24; /* no 802.2 LLC */
749 return;
750
751 case DLT_NULL:
752 case DLT_LOOP:
753 off_linktype = 0;
754 off_nl = 4;
755 off_nl_nosnap = 4; /* no 802.2 LLC */
756 return;
757
758 case DLT_ENC:
759 off_linktype = 0;
760 off_nl = 12;
761 off_nl_nosnap = 12; /* no 802.2 LLC */
762 return;
763
764 case DLT_PPP:
765 case DLT_PPP_PPPD:
766 case DLT_C_HDLC: /* BSD/OS Cisco HDLC */
767 case DLT_PPP_SERIAL: /* NetBSD sync/async serial PPP */
768 off_linktype = 2;
769 off_nl = 4;
770 off_nl_nosnap = 4; /* no 802.2 LLC */
771 return;
772
773 case DLT_PPP_ETHER:
774 /*
775 * This does no include the Ethernet header, and
776 * only covers session state.
777 */
778 off_linktype = 6;
779 off_nl = 8;
780 off_nl_nosnap = 8; /* no 802.2 LLC */
781 return;
782
783 case DLT_PPP_BSDOS:
784 off_linktype = 5;
785 off_nl = 24;
786 off_nl_nosnap = 24; /* no 802.2 LLC */
787 return;
788
789 case DLT_FDDI:
790 /*
791 * FDDI doesn't really have a link-level type field.
792 * We set "off_linktype" to the offset of the LLC header.
793 *
794 * To check for Ethernet types, we assume that SSAP = SNAP
795 * is being used and pick out the encapsulated Ethernet type.
796 * XXX - should we generate code to check for SNAP?
797 */
798 off_linktype = 13;
799 #ifdef PCAP_FDDIPAD
800 off_linktype += pcap_fddipad;
801 #endif
802 off_nl = 21; /* FDDI+802.2+SNAP */
803 off_nl_nosnap = 16; /* FDDI+802.2 */
804 #ifdef PCAP_FDDIPAD
805 off_nl += pcap_fddipad;
806 off_nl_nosnap += pcap_fddipad;
807 #endif
808 return;
809
810 case DLT_IEEE802:
811 /*
812 * Token Ring doesn't really have a link-level type field.
813 * We set "off_linktype" to the offset of the LLC header.
814 *
815 * To check for Ethernet types, we assume that SSAP = SNAP
816 * is being used and pick out the encapsulated Ethernet type.
817 * XXX - should we generate code to check for SNAP?
818 *
819 * XXX - the header is actually variable-length.
820 * Some various Linux patched versions gave 38
821 * as "off_linktype" and 40 as "off_nl"; however,
822 * if a token ring packet has *no* routing
823 * information, i.e. is not source-routed, the correct
824 * values are 20 and 22, as they are in the vanilla code.
825 *
826 * A packet is source-routed iff the uppermost bit
827 * of the first byte of the source address, at an
828 * offset of 8, has the uppermost bit set. If the
829 * packet is source-routed, the total number of bytes
830 * of routing information is 2 plus bits 0x1F00 of
831 * the 16-bit value at an offset of 14 (shifted right
832 * 8 - figure out which byte that is).
833 */
834 off_linktype = 14;
835 off_nl = 22; /* Token Ring+802.2+SNAP */
836 off_nl_nosnap = 17; /* Token Ring+802.2 */
837 return;
838
839 case DLT_IEEE802_11:
840 /*
841 * 802.11 doesn't really have a link-level type field.
842 * We set "off_linktype" to the offset of the LLC header.
843 *
844 * To check for Ethernet types, we assume that SSAP = SNAP
845 * is being used and pick out the encapsulated Ethernet type.
846 * XXX - should we generate code to check for SNAP?
847 *
848 * XXX - the header is actually variable-length. We
849 * assume a 24-byte link-layer header, as appears in
850 * data frames in networks with no bridges. If the
851 * fromds and tods 802.11 header bits are both set,
852 * it's actually supposed to be 30 bytes.
853 */
854 off_linktype = 24;
855 off_nl = 32; /* 802.11+802.2+SNAP */
856 off_nl_nosnap = 27; /* 802.11+802.2 */
857 return;
858
859 case DLT_PRISM_HEADER:
860 /*
861 * Same as 802.11, but with an additional header before
862 * the 802.11 header, containing a bunch of additional
863 * information including radio-level information.
864 *
865 * The header is 144 bytes long.
866 *
867 * XXX - same variable-length header problem; at least
868 * the Prism header is fixed-length.
869 */
870 off_linktype = 144+24;
871 off_nl = 144+32; /* Prism+802.11+802.2+SNAP */
872 off_nl_nosnap = 144+27; /* Prism+802.11+802.2 */
873 return;
874
875 case DLT_IEEE802_11_RADIO_AVS:
876 /*
877 * Same as 802.11, but with an additional header before
878 * the 802.11 header, containing a bunch of additional
879 * information including radio-level information.
880 *
881 * The header is 64 bytes long, at least in its
882 * current incarnation.
883 *
884 * XXX - same variable-length header problem, only
885 * more so; this header is also variable-length,
886 * with the length being the 32-bit big-endian
887 * number at an offset of 4 from the beginning
888 * of the radio header.
889 */
890 off_linktype = 64+24;
891 off_nl = 64+32; /* Radio+802.11+802.2+SNAP */
892 off_nl_nosnap = 64+27; /* Radio+802.11+802.2 */
893 return;
894
895 case DLT_IEEE802_11_RADIO:
896 /*
897 * Same as 802.11, but with an additional header before
898 * the 802.11 header, containing a bunch of additional
899 * information including radio-level information.
900 *
901 * XXX - same variable-length header problem, only
902 * even *more* so; this header is also variable-length,
903 * with the length being the 16-bit number at an offset
904 * of 2 from the beginning of the radio header, and it's
905 * device-dependent (different devices might supply
906 * different amounts of information), so we can't even
907 * assume a fixed length for the current version of the
908 * header.
909 *
910 * Therefore, currently, only raw "link[N:M]" filtering is
911 * supported.
912 */
913 off_linktype = -1;
914 off_nl = -1;
915 off_nl_nosnap = -1;
916 return;
917
918 case DLT_ATM_RFC1483:
919 case DLT_ATM_CLIP: /* Linux ATM defines this */
920 /*
921 * assume routed, non-ISO PDUs
922 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00)
923 */
924 off_linktype = 0;
925 off_nl = 8; /* 802.2+SNAP */
926 off_nl_nosnap = 3; /* 802.2 */
927 return;
928
929 case DLT_SUNATM:
930 /*
931 * Full Frontal ATM; you get AALn PDUs with an ATM
932 * pseudo-header.
933 */
934 is_atm = 1;
935 off_vpi = SUNATM_VPI_POS;
936 off_vci = SUNATM_VCI_POS;
937 off_proto = PROTO_POS;
938 off_mac = -1; /* LLC-encapsulated, so no MAC-layer header */
939 off_payload = SUNATM_PKT_BEGIN_POS;
940 off_linktype = off_payload;
941 off_nl = off_payload+8; /* 802.2+SNAP */
942 off_nl_nosnap = off_payload+3; /* 802.2 */
943 return;
944
945 case DLT_RAW:
946 off_linktype = -1;
947 off_nl = 0;
948 off_nl_nosnap = 0; /* no 802.2 LLC */
949 return;
950
951 case DLT_LINUX_SLL: /* fake header for Linux cooked socket */
952 off_linktype = 14;
953 off_nl = 16;
954 off_nl_nosnap = 16; /* no 802.2 LLC */
955 return;
956
957 case DLT_LTALK:
958 /*
959 * LocalTalk does have a 1-byte type field in the LLAP header,
960 * but really it just indicates whether there is a "short" or
961 * "long" DDP packet following.
962 */
963 off_linktype = -1;
964 off_nl = 0;
965 off_nl_nosnap = 0; /* no 802.2 LLC */
966 return;
967
968 case DLT_IP_OVER_FC:
969 /*
970 * RFC 2625 IP-over-Fibre-Channel doesn't really have a
971 * link-level type field. We set "off_linktype" to the
972 * offset of the LLC header.
973 *
974 * To check for Ethernet types, we assume that SSAP = SNAP
975 * is being used and pick out the encapsulated Ethernet type.
976 * XXX - should we generate code to check for SNAP? RFC
977 * 2625 says SNAP should be used.
978 */
979 off_linktype = 16;
980 off_nl = 24; /* IPFC+802.2+SNAP */
981 off_nl_nosnap = 19; /* IPFC+802.2 */
982 return;
983
984 case DLT_FRELAY:
985 /*
986 * XXX - we should set this to handle SNAP-encapsulated
987 * frames (NLPID of 0x80).
988 */
989 off_linktype = -1;
990 off_nl = 0;
991 off_nl_nosnap = 0; /* no 802.2 LLC */
992 return;
993
994 case DLT_APPLE_IP_OVER_IEEE1394:
995 off_linktype = 16;
996 off_nl = 18;
997 off_nl_nosnap = 18; /* no 802.2 LLC */
998 return;
999
1000 case DLT_LINUX_IRDA:
1001 /*
1002 * Currently, only raw "link[N:M]" filtering is supported.
1003 */
1004 off_linktype = -1;
1005 off_nl = -1;
1006 off_nl_nosnap = -1;
1007 return;
1008
1009 case DLT_DOCSIS:
1010 /*
1011 * Currently, only raw "link[N:M]" filtering is supported.
1012 */
1013 off_linktype = -1;
1014 off_nl = -1;
1015 off_nl_nosnap = -1;
1016 return;
1017
1018 case DLT_SYMANTEC_FIREWALL:
1019 off_linktype = 6;
1020 off_nl = 44; /* Ethernet II */
1021 off_nl_nosnap = 44; /* XXX - what does it do with 802.3 packets? */
1022 return;
1023
1024 case DLT_PFLOG:
1025 off_linktype = 0;
1026 /* XXX read this from pf.h? */
1027 off_nl = PFLOG_HDRLEN;
1028 off_nl_nosnap = PFLOG_HDRLEN; /* no 802.2 LLC */
1029 return;
1030
1031 case DLT_JUNIPER_MLFR:
1032 case DLT_JUNIPER_MLPPP:
1033 off_linktype = 4;
1034 off_nl = 4;
1035 off_nl_nosnap = -1; /* no 802.2 LLC */
1036 return;
1037
1038 case DLT_JUNIPER_ATM1:
1039 off_linktype = 4; /* in reality variable between 4-8 */
1040 off_nl = 4;
1041 off_nl_nosnap = 14;
1042 return;
1043
1044 case DLT_JUNIPER_ATM2:
1045 off_linktype = 8; /* in reality variable between 8-12 */
1046 off_nl = 8;
1047 off_nl_nosnap = 18;
1048 return;
1049
1050 #ifdef DLT_PFSYNC
1051 case DLT_PFSYNC:
1052 off_linktype = -1;
1053 off_nl = 4;
1054 off_nl_nosnap = 4;
1055 return;
1056 #endif
1057
1058 case DLT_LINUX_LAPD:
1059 /*
1060 * Currently, only raw "link[N:M]" filtering is supported.
1061 */
1062 off_linktype = -1;
1063 off_nl = -1;
1064 off_nl_nosnap = -1;
1065 return;
1066 }
1067 bpf_error("unknown data link type %d", linktype);
1068 /* NOTREACHED */
1069 }
1070
1071 /*
1072 * Load a value relative to the beginning of the link-layer header.
1073 */
1074 static struct slist *
1075 gen_load_llrel(offset, size)
1076 u_int offset, size;
1077 {
1078 struct slist *s;
1079
1080 s = new_stmt(BPF_LD|BPF_ABS|size);
1081 s->s.k = offset;
1082 return s;
1083 }
1084
1085 /*
1086 * Load a value relative to the beginning of the network-layer header.
1087 */
1088 static struct slist *
1089 gen_load_nlrel(offset, size)
1090 u_int offset, size;
1091 {
1092 return gen_load_llrel(off_nl + offset, size);
1093 }
1094
1095 /*
1096 * Load a value relative to the beginning of the transport-layer header,
1097 * where the network-layer header is an IPv4 header. (This doesn't handle
1098 * AH headers.)
1099 */
1100 static struct slist *
1101 gen_load_ipv4tlrel(offset, size)
1102 u_int offset, size;
1103 {
1104 struct slist *s;
1105
1106 /*
1107 * Load the X register with the length of the IPv4 header,
1108 * in bytes.
1109 */
1110 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
1111 s->s.k = off_nl;
1112
1113 /*
1114 * Load the item at {length of the link-layer header} + {length
1115 * of the IPv4 header} + {specified offset}.
1116 */
1117 s->next = new_stmt(BPF_LD|BPF_IND|size);
1118 s->next->s.k = off_nl + offset;
1119
1120 return s;
1121 }
1122
1123 static struct block *
1124 gen_uncond(rsense)
1125 int rsense;
1126 {
1127 struct block *b;
1128 struct slist *s;
1129
1130 s = new_stmt(BPF_LD|BPF_IMM);
1131 s->s.k = !rsense;
1132 b = new_block(JMP(BPF_JEQ));
1133 b->stmts = s;
1134
1135 return b;
1136 }
1137
1138 static inline struct block *
1139 gen_true()
1140 {
1141 return gen_uncond(1);
1142 }
1143
1144 static inline struct block *
1145 gen_false()
1146 {
1147 return gen_uncond(0);
1148 }
1149
1150 /*
1151 * Byte-swap a 32-bit number.
1152 * ("htonl()" or "ntohl()" won't work - we want to byte-swap even on
1153 * big-endian platforms.)
1154 */
1155 #define SWAPLONG(y) \
1156 ((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff))
1157
1158 /*
1159 * Generate code to match a particular packet type.
1160 *
1161 * "proto" is an Ethernet type value, if > ETHERMTU, or an LLC SAP
1162 * value, if <= ETHERMTU. We use that to determine whether to
1163 * match the type/length field or to check the type/length field for
1164 * a value <= ETHERMTU to see whether it's a type field and then do
1165 * the appropriate test.
1166 */
1167 static struct block *
1168 gen_ether_linktype(proto)
1169 register int proto;
1170 {
1171 struct block *b0, *b1;
1172
1173 switch (proto) {
1174
1175 case LLCSAP_ISONS:
1176 case LLCSAP_IP:
1177 case LLCSAP_NETBEUI:
1178 /*
1179 * OSI protocols and NetBEUI always use 802.2 encapsulation,
1180 * so we check the DSAP and SSAP.
1181 *
1182 * LLCSAP_IP checks for IP-over-802.2, rather
1183 * than IP-over-Ethernet or IP-over-SNAP.
1184 *
1185 * XXX - should we check both the DSAP and the
1186 * SSAP, like this, or should we check just the
1187 * DSAP, as we do for other types <= ETHERMTU
1188 * (i.e., other SAP values)?
1189 */
1190 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1191 gen_not(b0);
1192 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1193 ((proto << 8) | proto));
1194 gen_and(b0, b1);
1195 return b1;
1196
1197 case LLCSAP_IPX:
1198 /*
1199 * Check for;
1200 *
1201 * Ethernet_II frames, which are Ethernet
1202 * frames with a frame type of ETHERTYPE_IPX;
1203 *
1204 * Ethernet_802.3 frames, which are 802.3
1205 * frames (i.e., the type/length field is
1206 * a length field, <= ETHERMTU, rather than
1207 * a type field) with the first two bytes
1208 * after the Ethernet/802.3 header being
1209 * 0xFFFF;
1210 *
1211 * Ethernet_802.2 frames, which are 802.3
1212 * frames with an 802.2 LLC header and
1213 * with the IPX LSAP as the DSAP in the LLC
1214 * header;
1215 *
1216 * Ethernet_SNAP frames, which are 802.3
1217 * frames with an LLC header and a SNAP
1218 * header and with an OUI of 0x000000
1219 * (encapsulated Ethernet) and a protocol
1220 * ID of ETHERTYPE_IPX in the SNAP header.
1221 *
1222 * XXX - should we generate the same code both
1223 * for tests for LLCSAP_IPX and for ETHERTYPE_IPX?
1224 */
1225
1226 /*
1227 * This generates code to check both for the
1228 * IPX LSAP (Ethernet_802.2) and for Ethernet_802.3.
1229 */
1230 b0 = gen_cmp(off_linktype + 2, BPF_B, (bpf_int32)LLCSAP_IPX);
1231 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)0xFFFF);
1232 gen_or(b0, b1);
1233
1234 /*
1235 * Now we add code to check for SNAP frames with
1236 * ETHERTYPE_IPX, i.e. Ethernet_SNAP.
1237 */
1238 b0 = gen_snap(0x000000, ETHERTYPE_IPX, 14);
1239 gen_or(b0, b1);
1240
1241 /*
1242 * Now we generate code to check for 802.3
1243 * frames in general.
1244 */
1245 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1246 gen_not(b0);
1247
1248 /*
1249 * Now add the check for 802.3 frames before the
1250 * check for Ethernet_802.2 and Ethernet_802.3,
1251 * as those checks should only be done on 802.3
1252 * frames, not on Ethernet frames.
1253 */
1254 gen_and(b0, b1);
1255
1256 /*
1257 * Now add the check for Ethernet_II frames, and
1258 * do that before checking for the other frame
1259 * types.
1260 */
1261 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)ETHERTYPE_IPX);
1262 gen_or(b0, b1);
1263 return b1;
1264
1265 case ETHERTYPE_ATALK:
1266 case ETHERTYPE_AARP:
1267 /*
1268 * EtherTalk (AppleTalk protocols on Ethernet link
1269 * layer) may use 802.2 encapsulation.
1270 */
1271
1272 /*
1273 * Check for 802.2 encapsulation (EtherTalk phase 2?);
1274 * we check for an Ethernet type field less than
1275 * 1500, which means it's an 802.3 length field.
1276 */
1277 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1278 gen_not(b0);
1279
1280 /*
1281 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1282 * SNAP packets with an organization code of
1283 * 0x080007 (Apple, for Appletalk) and a protocol
1284 * type of ETHERTYPE_ATALK (Appletalk).
1285 *
1286 * 802.2-encapsulated ETHERTYPE_AARP packets are
1287 * SNAP packets with an organization code of
1288 * 0x000000 (encapsulated Ethernet) and a protocol
1289 * type of ETHERTYPE_AARP (Appletalk ARP).
1290 */
1291 if (proto == ETHERTYPE_ATALK)
1292 b1 = gen_snap(0x080007, ETHERTYPE_ATALK, 14);
1293 else /* proto == ETHERTYPE_AARP */
1294 b1 = gen_snap(0x000000, ETHERTYPE_AARP, 14);
1295 gen_and(b0, b1);
1296
1297 /*
1298 * Check for Ethernet encapsulation (Ethertalk
1299 * phase 1?); we just check for the Ethernet
1300 * protocol type.
1301 */
1302 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1303
1304 gen_or(b0, b1);
1305 return b1;
1306
1307 default:
1308 if (proto <= ETHERMTU) {
1309 /*
1310 * This is an LLC SAP value, so the frames
1311 * that match would be 802.2 frames.
1312 * Check that the frame is an 802.2 frame
1313 * (i.e., that the length/type field is
1314 * a length field, <= ETHERMTU) and
1315 * then check the DSAP.
1316 */
1317 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1318 gen_not(b0);
1319 b1 = gen_cmp(off_linktype + 2, BPF_B, (bpf_int32)proto);
1320 gen_and(b0, b1);
1321 return b1;
1322 } else {
1323 /*
1324 * This is an Ethernet type, so compare
1325 * the length/type field with it (if
1326 * the frame is an 802.2 frame, the length
1327 * field will be <= ETHERMTU, and, as
1328 * "proto" is > ETHERMTU, this test
1329 * will fail and the frame won't match,
1330 * which is what we want).
1331 */
1332 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1333 }
1334 }
1335 }
1336
1337 /*
1338 * Generate code to match a particular packet type.
1339 *
1340 * "proto" is an Ethernet type value, if > ETHERMTU, or an LLC SAP
1341 * value, if <= ETHERMTU. We use that to determine whether to
1342 * match the type field or to check the type field for the special
1343 * LINUX_SLL_P_802_2 value and then do the appropriate test.
1344 */
1345 static struct block *
1346 gen_linux_sll_linktype(proto)
1347 register int proto;
1348 {
1349 struct block *b0, *b1;
1350
1351 switch (proto) {
1352
1353 case LLCSAP_ISONS:
1354 case LLCSAP_IP:
1355 case LLCSAP_NETBEUI:
1356 /*
1357 * OSI protocols and NetBEUI always use 802.2 encapsulation,
1358 * so we check the DSAP and SSAP.
1359 *
1360 * LLCSAP_IP checks for IP-over-802.2, rather
1361 * than IP-over-Ethernet or IP-over-SNAP.
1362 *
1363 * XXX - should we check both the DSAP and the
1364 * SSAP, like this, or should we check just the
1365 * DSAP, as we do for other types <= ETHERMTU
1366 * (i.e., other SAP values)?
1367 */
1368 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1369 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1370 ((proto << 8) | proto));
1371 gen_and(b0, b1);
1372 return b1;
1373
1374 case LLCSAP_IPX:
1375 /*
1376 * Ethernet_II frames, which are Ethernet
1377 * frames with a frame type of ETHERTYPE_IPX;
1378 *
1379 * Ethernet_802.3 frames, which have a frame
1380 * type of LINUX_SLL_P_802_3;
1381 *
1382 * Ethernet_802.2 frames, which are 802.3
1383 * frames with an 802.2 LLC header (i.e, have
1384 * a frame type of LINUX_SLL_P_802_2) and
1385 * with the IPX LSAP as the DSAP in the LLC
1386 * header;
1387 *
1388 * Ethernet_SNAP frames, which are 802.3
1389 * frames with an LLC header and a SNAP
1390 * header and with an OUI of 0x000000
1391 * (encapsulated Ethernet) and a protocol
1392 * ID of ETHERTYPE_IPX in the SNAP header.
1393 *
1394 * First, do the checks on LINUX_SLL_P_802_2
1395 * frames; generate the check for either
1396 * Ethernet_802.2 or Ethernet_SNAP frames, and
1397 * then put a check for LINUX_SLL_P_802_2 frames
1398 * before it.
1399 */
1400 b0 = gen_cmp(off_linktype + 2, BPF_B,
1401 (bpf_int32)LLCSAP_IPX);
1402 b1 = gen_snap(0x000000, ETHERTYPE_IPX,
1403 off_linktype + 2);
1404 gen_or(b0, b1);
1405 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1406 gen_and(b0, b1);
1407
1408 /*
1409 * Now check for 802.3 frames and OR that with
1410 * the previous test.
1411 */
1412 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_3);
1413 gen_or(b0, b1);
1414
1415 /*
1416 * Now add the check for Ethernet_II frames, and
1417 * do that before checking for the other frame
1418 * types.
1419 */
1420 b0 = gen_cmp(off_linktype, BPF_H,
1421 (bpf_int32)ETHERTYPE_IPX);
1422 gen_or(b0, b1);
1423 return b1;
1424
1425 case ETHERTYPE_ATALK:
1426 case ETHERTYPE_AARP:
1427 /*
1428 * EtherTalk (AppleTalk protocols on Ethernet link
1429 * layer) may use 802.2 encapsulation.
1430 */
1431
1432 /*
1433 * Check for 802.2 encapsulation (EtherTalk phase 2?);
1434 * we check for the 802.2 protocol type in the
1435 * "Ethernet type" field.
1436 */
1437 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1438
1439 /*
1440 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1441 * SNAP packets with an organization code of
1442 * 0x080007 (Apple, for Appletalk) and a protocol
1443 * type of ETHERTYPE_ATALK (Appletalk).
1444 *
1445 * 802.2-encapsulated ETHERTYPE_AARP packets are
1446 * SNAP packets with an organization code of
1447 * 0x000000 (encapsulated Ethernet) and a protocol
1448 * type of ETHERTYPE_AARP (Appletalk ARP).
1449 */
1450 if (proto == ETHERTYPE_ATALK)
1451 b1 = gen_snap(0x080007, ETHERTYPE_ATALK,
1452 off_linktype + 2);
1453 else /* proto == ETHERTYPE_AARP */
1454 b1 = gen_snap(0x000000, ETHERTYPE_AARP,
1455 off_linktype + 2);
1456 gen_and(b0, b1);
1457
1458 /*
1459 * Check for Ethernet encapsulation (Ethertalk
1460 * phase 1?); we just check for the Ethernet
1461 * protocol type.
1462 */
1463 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1464
1465 gen_or(b0, b1);
1466 return b1;
1467
1468 default:
1469 if (proto <= ETHERMTU) {
1470 /*
1471 * This is an LLC SAP value, so the frames
1472 * that match would be 802.2 frames.
1473 * Check for the 802.2 protocol type
1474 * in the "Ethernet type" field, and
1475 * then check the DSAP.
1476 */
1477 b0 = gen_cmp(off_linktype, BPF_H,
1478 LINUX_SLL_P_802_2);
1479 b1 = gen_cmp(off_linktype + 2, BPF_B,
1480 (bpf_int32)proto);
1481 gen_and(b0, b1);
1482 return b1;
1483 } else {
1484 /*
1485 * This is an Ethernet type, so compare
1486 * the length/type field with it (if
1487 * the frame is an 802.2 frame, the length
1488 * field will be <= ETHERMTU, and, as
1489 * "proto" is > ETHERMTU, this test
1490 * will fail and the frame won't match,
1491 * which is what we want).
1492 */
1493 return gen_cmp(off_linktype, BPF_H,
1494 (bpf_int32)proto);
1495 }
1496 }
1497 }
1498
1499 /*
1500 * Generate code to match a particular packet type by matching the
1501 * link-layer type field or fields in the 802.2 LLC header.
1502 *
1503 * "proto" is an Ethernet type value, if > ETHERMTU, or an LLC SAP
1504 * value, if <= ETHERMTU.
1505 */
1506 static struct block *
1507 gen_linktype(proto)
1508 register int proto;
1509 {
1510 struct block *b0, *b1, *b2;
1511
1512 switch (linktype) {
1513
1514 case DLT_EN10MB:
1515 return gen_ether_linktype(proto);
1516 /*NOTREACHED*/
1517 break;
1518
1519 case DLT_C_HDLC:
1520 switch (proto) {
1521
1522 case LLCSAP_ISONS:
1523 proto = (proto << 8 | LLCSAP_ISONS);
1524 /* fall through */
1525
1526 default:
1527 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1528 /*NOTREACHED*/
1529 break;
1530 }
1531 break;
1532
1533 case DLT_IEEE802_11:
1534 case DLT_PRISM_HEADER:
1535 case DLT_IEEE802_11_RADIO:
1536 case DLT_FDDI:
1537 case DLT_IEEE802:
1538 case DLT_ATM_RFC1483:
1539 case DLT_ATM_CLIP:
1540 case DLT_IP_OVER_FC:
1541 return gen_llc_linktype(proto);
1542 /*NOTREACHED*/
1543 break;
1544
1545 case DLT_SUNATM:
1546 /*
1547 * If "is_lane" is set, check for a LANE-encapsulated
1548 * version of this protocol, otherwise check for an
1549 * LLC-encapsulated version of this protocol.
1550 *
1551 * We assume LANE means Ethernet, not Token Ring.
1552 */
1553 if (is_lane) {
1554 /*
1555 * Check that the packet doesn't begin with an
1556 * LE Control marker. (We've already generated
1557 * a test for LANE.)
1558 */
1559 b0 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
1560 gen_not(b0);
1561
1562 /*
1563 * Now generate an Ethernet test.
1564 */
1565 b1 = gen_ether_linktype(proto);
1566 gen_and(b0, b1);
1567 return b1;
1568 } else {
1569 /*
1570 * Check for LLC encapsulation and then check the
1571 * protocol.
1572 */
1573 b0 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0);
1574 b1 = gen_llc_linktype(proto);
1575 gen_and(b0, b1);
1576 return b1;
1577 }
1578 /*NOTREACHED*/
1579 break;
1580
1581 case DLT_LINUX_SLL:
1582 return gen_linux_sll_linktype(proto);
1583 /*NOTREACHED*/
1584 break;
1585
1586 case DLT_SLIP:
1587 case DLT_SLIP_BSDOS:
1588 case DLT_RAW:
1589 /*
1590 * These types don't provide any type field; packets
1591 * are always IP.
1592 *
1593 * XXX - for IPv4, check for a version number of 4, and,
1594 * for IPv6, check for a version number of 6?
1595 */
1596 switch (proto) {
1597
1598 case ETHERTYPE_IP:
1599 #ifdef INET6
1600 case ETHERTYPE_IPV6:
1601 #endif
1602 return gen_true(); /* always true */
1603
1604 default:
1605 return gen_false(); /* always false */
1606 }
1607 /*NOTREACHED*/
1608 break;
1609
1610 case DLT_PPP:
1611 case DLT_PPP_PPPD:
1612 case DLT_PPP_SERIAL:
1613 case DLT_PPP_ETHER:
1614 /*
1615 * We use Ethernet protocol types inside libpcap;
1616 * map them to the corresponding PPP protocol types.
1617 */
1618 switch (proto) {
1619
1620 case ETHERTYPE_IP:
1621 proto = PPP_IP;
1622 break;
1623
1624 #ifdef INET6
1625 case ETHERTYPE_IPV6:
1626 proto = PPP_IPV6;
1627 break;
1628 #endif
1629
1630 case ETHERTYPE_DN:
1631 proto = PPP_DECNET;
1632 break;
1633
1634 case ETHERTYPE_ATALK:
1635 proto = PPP_APPLE;
1636 break;
1637
1638 case ETHERTYPE_NS:
1639 proto = PPP_NS;
1640 break;
1641
1642 case LLCSAP_ISONS:
1643 proto = PPP_OSI;
1644 break;
1645
1646 case LLCSAP_8021D:
1647 /*
1648 * I'm assuming the "Bridging PDU"s that go
1649 * over PPP are Spanning Tree Protocol
1650 * Bridging PDUs.
1651 */
1652 proto = PPP_BRPDU;
1653 break;
1654
1655 case LLCSAP_IPX:
1656 proto = PPP_IPX;
1657 break;
1658 }
1659 break;
1660
1661 case DLT_PPP_BSDOS:
1662 /*
1663 * We use Ethernet protocol types inside libpcap;
1664 * map them to the corresponding PPP protocol types.
1665 */
1666 switch (proto) {
1667
1668 case ETHERTYPE_IP:
1669 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP);
1670 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC);
1671 gen_or(b0, b1);
1672 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC);
1673 gen_or(b1, b0);
1674 return b0;
1675
1676 #ifdef INET6
1677 case ETHERTYPE_IPV6:
1678 proto = PPP_IPV6;
1679 /* more to go? */
1680 break;
1681 #endif
1682
1683 case ETHERTYPE_DN:
1684 proto = PPP_DECNET;
1685 break;
1686
1687 case ETHERTYPE_ATALK:
1688 proto = PPP_APPLE;
1689 break;
1690
1691 case ETHERTYPE_NS:
1692 proto = PPP_NS;
1693 break;
1694
1695 case LLCSAP_ISONS:
1696 proto = PPP_OSI;
1697 break;
1698
1699 case LLCSAP_8021D:
1700 /*
1701 * I'm assuming the "Bridging PDU"s that go
1702 * over PPP are Spanning Tree Protocol
1703 * Bridging PDUs.
1704 */
1705 proto = PPP_BRPDU;
1706 break;
1707
1708 case LLCSAP_IPX:
1709 proto = PPP_IPX;
1710 break;
1711 }
1712 break;
1713
1714 case DLT_NULL:
1715 case DLT_LOOP:
1716 case DLT_ENC:
1717 /*
1718 * For DLT_NULL, the link-layer header is a 32-bit
1719 * word containing an AF_ value in *host* byte order,
1720 * and for DLT_ENC, the link-layer header begins
1721 * with a 32-bit work containing an AF_ value in
1722 * host byte order.
1723 *
1724 * In addition, if we're reading a saved capture file,
1725 * the host byte order in the capture may not be the
1726 * same as the host byte order on this machine.
1727 *
1728 * For DLT_LOOP, the link-layer header is a 32-bit
1729 * word containing an AF_ value in *network* byte order.
1730 *
1731 * XXX - AF_ values may, unfortunately, be platform-
1732 * dependent; for example, FreeBSD's AF_INET6 is 24
1733 * whilst NetBSD's and OpenBSD's is 26.
1734 *
1735 * This means that, when reading a capture file, just
1736 * checking for our AF_INET6 value won't work if the
1737 * capture file came from another OS.
1738 */
1739 switch (proto) {
1740
1741 case ETHERTYPE_IP:
1742 proto = AF_INET;
1743 break;
1744
1745 #ifdef INET6
1746 case ETHERTYPE_IPV6:
1747 proto = AF_INET6;
1748 break;
1749 #endif
1750
1751 default:
1752 /*
1753 * Not a type on which we support filtering.
1754 * XXX - support those that have AF_ values
1755 * #defined on this platform, at least?
1756 */
1757 return gen_false();
1758 }
1759
1760 if (linktype == DLT_NULL || linktype == DLT_ENC) {
1761 /*
1762 * The AF_ value is in host byte order, but
1763 * the BPF interpreter will convert it to
1764 * network byte order.
1765 *
1766 * If this is a save file, and it's from a
1767 * machine with the opposite byte order to
1768 * ours, we byte-swap the AF_ value.
1769 *
1770 * Then we run it through "htonl()", and
1771 * generate code to compare against the result.
1772 */
1773 if (bpf_pcap->sf.rfile != NULL &&
1774 bpf_pcap->sf.swapped)
1775 proto = SWAPLONG(proto);
1776 proto = htonl(proto);
1777 }
1778 return (gen_cmp(0, BPF_W, (bpf_int32)proto));
1779
1780 case DLT_PFLOG:
1781 /*
1782 * af field is host byte order in contrast to the rest of
1783 * the packet.
1784 */
1785 if (proto == ETHERTYPE_IP)
1786 return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B,
1787 (bpf_int32)AF_INET));
1788 #ifdef INET6
1789 else if (proto == ETHERTYPE_IPV6)
1790 return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B,
1791 (bpf_int32)AF_INET6));
1792 #endif /* INET6 */
1793 else
1794 return gen_false();
1795 /*NOTREACHED*/
1796 break;
1797
1798 case DLT_ARCNET:
1799 case DLT_ARCNET_LINUX:
1800 /*
1801 * XXX should we check for first fragment if the protocol
1802 * uses PHDS?
1803 */
1804 switch (proto) {
1805
1806 default:
1807 return gen_false();
1808
1809 #ifdef INET6
1810 case ETHERTYPE_IPV6:
1811 return (gen_cmp(off_linktype, BPF_B,
1812 (bpf_int32)ARCTYPE_INET6));
1813 #endif /* INET6 */
1814
1815 case ETHERTYPE_IP:
1816 b0 = gen_cmp(off_linktype, BPF_B,
1817 (bpf_int32)ARCTYPE_IP);
1818 b1 = gen_cmp(off_linktype, BPF_B,
1819 (bpf_int32)ARCTYPE_IP_OLD);
1820 gen_or(b0, b1);
1821 return (b1);
1822
1823 case ETHERTYPE_ARP:
1824 b0 = gen_cmp(off_linktype, BPF_B,
1825 (bpf_int32)ARCTYPE_ARP);
1826 b1 = gen_cmp(off_linktype, BPF_B,
1827 (bpf_int32)ARCTYPE_ARP_OLD);
1828 gen_or(b0, b1);
1829 return (b1);
1830
1831 case ETHERTYPE_REVARP:
1832 return (gen_cmp(off_linktype, BPF_B,
1833 (bpf_int32)ARCTYPE_REVARP));
1834
1835 case ETHERTYPE_ATALK:
1836 return (gen_cmp(off_linktype, BPF_B,
1837 (bpf_int32)ARCTYPE_ATALK));
1838 }
1839 /*NOTREACHED*/
1840 break;
1841
1842 case DLT_LTALK:
1843 switch (proto) {
1844 case ETHERTYPE_ATALK:
1845 return gen_true();
1846 default:
1847 return gen_false();
1848 }
1849 /*NOTREACHED*/
1850 break;
1851
1852 case DLT_FRELAY:
1853 /*
1854 * XXX - assumes a 2-byte Frame Relay header with
1855 * DLCI and flags. What if the address is longer?
1856 */
1857 switch (proto) {
1858
1859 case ETHERTYPE_IP:
1860 /*
1861 * Check for the special NLPID for IP.
1862 */
1863 return gen_cmp(2, BPF_H, (0x03<<8) | 0xcc);
1864
1865 #ifdef INET6
1866 case ETHERTYPE_IPV6:
1867 /*
1868 * Check for the special NLPID for IPv6.
1869 */
1870 return gen_cmp(2, BPF_H, (0x03<<8) | 0x8e);
1871 #endif
1872
1873 case LLCSAP_ISONS:
1874 /*
1875 * Check for several OSI protocols.
1876 *
1877 * Frame Relay packets typically have an OSI
1878 * NLPID at the beginning; we check for each
1879 * of them.
1880 *
1881 * What we check for is the NLPID and a frame
1882 * control field of UI, i.e. 0x03 followed
1883 * by the NLPID.
1884 */
1885 b0 = gen_cmp(2, BPF_H, (0x03<<8) | ISO8473_CLNP);
1886 b1 = gen_cmp(2, BPF_H, (0x03<<8) | ISO9542_ESIS);
1887 b2 = gen_cmp(2, BPF_H, (0x03<<8) | ISO10589_ISIS);
1888 gen_or(b1, b2);
1889 gen_or(b0, b2);
1890 return b2;
1891
1892 default:
1893 return gen_false();
1894 }
1895 /*NOTREACHED*/
1896 break;
1897
1898 case DLT_JUNIPER_MLFR:
1899 case DLT_JUNIPER_MLPPP:
1900 case DLT_JUNIPER_ATM1:
1901 case DLT_JUNIPER_ATM2:
1902 /* just lets verify the magic number for now -
1903 * on ATM we may have up to 6 different encapsulations on the wire
1904 * and need a lot of heuristics to figure out that the payload
1905 * might be;
1906 *
1907 * FIXME encapsulation specific BPF_ filters
1908 */
1909 return gen_mcmp(0, BPF_W, 0x4d474300, 0xffffff00); /* compare the magic number */
1910
1911 case DLT_LINUX_IRDA:
1912 bpf_error("IrDA link-layer type filtering not implemented");
1913
1914 case DLT_DOCSIS:
1915 bpf_error("DOCSIS link-layer type filtering not implemented");
1916
1917 case DLT_LINUX_LAPD:
1918 bpf_error("LAPD link-layer type filtering not implemented");
1919 }
1920
1921 /*
1922 * All the types that have no encapsulation should either be
1923 * handled as DLT_SLIP, DLT_SLIP_BSDOS, and DLT_RAW are, if
1924 * all packets are IP packets, or should be handled in some
1925 * special case, if none of them are (if some are and some
1926 * aren't, the lack of encapsulation is a problem, as we'd
1927 * have to find some other way of determining the packet type).
1928 *
1929 * Therefore, if "off_linktype" is -1, there's an error.
1930 */
1931 if (off_linktype == (u_int)-1)
1932 abort();
1933
1934 /*
1935 * Any type not handled above should always have an Ethernet
1936 * type at an offset of "off_linktype". (PPP is partially
1937 * handled above - the protocol type is mapped from the
1938 * Ethernet and LLC types we use internally to the corresponding
1939 * PPP type - but the PPP type is always specified by a value
1940 * at "off_linktype", so we don't have to do the code generation
1941 * above.)
1942 */
1943 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1944 }
1945
1946 /*
1947 * Check for an LLC SNAP packet with a given organization code and
1948 * protocol type; we check the entire contents of the 802.2 LLC and
1949 * snap headers, checking for DSAP and SSAP of SNAP and a control
1950 * field of 0x03 in the LLC header, and for the specified organization
1951 * code and protocol type in the SNAP header.
1952 */
1953 static struct block *
1954 gen_snap(orgcode, ptype, offset)
1955 bpf_u_int32 orgcode;
1956 bpf_u_int32 ptype;
1957 u_int offset;
1958 {
1959 u_char snapblock[8];
1960
1961 snapblock[0] = LLCSAP_SNAP; /* DSAP = SNAP */
1962 snapblock[1] = LLCSAP_SNAP; /* SSAP = SNAP */
1963 snapblock[2] = 0x03; /* control = UI */
1964 snapblock[3] = (orgcode >> 16); /* upper 8 bits of organization code */
1965 snapblock[4] = (orgcode >> 8); /* middle 8 bits of organization code */
1966 snapblock[5] = (orgcode >> 0); /* lower 8 bits of organization code */
1967 snapblock[6] = (ptype >> 8); /* upper 8 bits of protocol type */
1968 snapblock[7] = (ptype >> 0); /* lower 8 bits of protocol type */
1969 return gen_bcmp(offset, 8, snapblock);
1970 }
1971
1972 /*
1973 * Generate code to match a particular packet type, for link-layer types
1974 * using 802.2 LLC headers.
1975 *
1976 * This is *NOT* used for Ethernet; "gen_ether_linktype()" is used
1977 * for that - it handles the D/I/X Ethernet vs. 802.3+802.2 issues.
1978 *
1979 * "proto" is an Ethernet type value, if > ETHERMTU, or an LLC SAP
1980 * value, if <= ETHERMTU. We use that to determine whether to
1981 * match the DSAP or both DSAP and LSAP or to check the OUI and
1982 * protocol ID in a SNAP header.
1983 */
1984 static struct block *
1985 gen_llc_linktype(proto)
1986 int proto;
1987 {
1988 /*
1989 * XXX - handle token-ring variable-length header.
1990 */
1991 switch (proto) {
1992
1993 case LLCSAP_IP:
1994 case LLCSAP_ISONS:
1995 case LLCSAP_NETBEUI:
1996 /*
1997 * XXX - should we check both the DSAP and the
1998 * SSAP, like this, or should we check just the
1999 * DSAP, as we do for other types <= ETHERMTU
2000 * (i.e., other SAP values)?
2001 */
2002 return gen_cmp(off_linktype, BPF_H, (long)
2003 ((proto << 8) | proto));
2004
2005 case LLCSAP_IPX:
2006 /*
2007 * XXX - are there ever SNAP frames for IPX on
2008 * non-Ethernet 802.x networks?
2009 */
2010 return gen_cmp(off_linktype, BPF_B, (bpf_int32)LLCSAP_IPX);
2011
2012 case ETHERTYPE_ATALK:
2013 /*
2014 * 802.2-encapsulated ETHERTYPE_ATALK packets are
2015 * SNAP packets with an organization code of
2016 * 0x080007 (Apple, for Appletalk) and a protocol
2017 * type of ETHERTYPE_ATALK (Appletalk).
2018 *
2019 * XXX - check for an organization code of
2020 * encapsulated Ethernet as well?
2021 */
2022 return gen_snap(0x080007, ETHERTYPE_ATALK, off_linktype);
2023
2024 default:
2025 /*
2026 * XXX - we don't have to check for IPX 802.3
2027 * here, but should we check for the IPX Ethertype?
2028 */
2029 if (proto <= ETHERMTU) {
2030 /*
2031 * This is an LLC SAP value, so check
2032 * the DSAP.
2033 */
2034 return gen_cmp(off_linktype, BPF_B, (bpf_int32)proto);
2035 } else {
2036 /*
2037 * This is an Ethernet type; we assume that it's
2038 * unlikely that it'll appear in the right place
2039 * at random, and therefore check only the
2040 * location that would hold the Ethernet type
2041 * in a SNAP frame with an organization code of
2042 * 0x000000 (encapsulated Ethernet).
2043 *
2044 * XXX - if we were to check for the SNAP DSAP and
2045 * LSAP, as per XXX, and were also to check for an
2046 * organization code of 0x000000 (encapsulated
2047 * Ethernet), we'd do
2048 *
2049 * return gen_snap(0x000000, proto,
2050 * off_linktype);
2051 *
2052 * here; for now, we don't, as per the above.
2053 * I don't know whether it's worth the extra CPU
2054 * time to do the right check or not.
2055 */
2056 return gen_cmp(off_linktype+6, BPF_H, (bpf_int32)proto);
2057 }
2058 }
2059 }
2060
2061 static struct block *
2062 gen_hostop(addr, mask, dir, proto, src_off, dst_off)
2063 bpf_u_int32 addr;
2064 bpf_u_int32 mask;
2065 int dir, proto;
2066 u_int src_off, dst_off;
2067 {
2068 struct block *b0, *b1;
2069 u_int offset;
2070
2071 switch (dir) {
2072
2073 case Q_SRC:
2074 offset = src_off;
2075 break;
2076
2077 case Q_DST:
2078 offset = dst_off;
2079 break;
2080
2081 case Q_AND:
2082 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
2083 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
2084 gen_and(b0, b1);
2085 return b1;
2086
2087 case Q_OR:
2088 case Q_DEFAULT:
2089 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
2090 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
2091 gen_or(b0, b1);
2092 return b1;
2093
2094 default:
2095 abort();
2096 }
2097 b0 = gen_linktype(proto);
2098 b1 = gen_mcmp(offset, BPF_W, (bpf_int32)addr, mask);
2099 gen_and(b0, b1);
2100 return b1;
2101 }
2102
2103 #ifdef INET6
2104 static struct block *
2105 gen_hostop6(addr, mask, dir, proto, src_off, dst_off)
2106 struct in6_addr *addr;
2107 struct in6_addr *mask;
2108 int dir, proto;
2109 u_int src_off, dst_off;
2110 {
2111 struct block *b0, *b1;
2112 u_int offset;
2113 u_int32_t *a, *m;
2114
2115 switch (dir) {
2116
2117 case Q_SRC:
2118 offset = src_off;
2119 break;
2120
2121 case Q_DST:
2122 offset = dst_off;
2123 break;
2124
2125 case Q_AND:
2126 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
2127 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
2128 gen_and(b0, b1);
2129 return b1;
2130
2131 case Q_OR:
2132 case Q_DEFAULT:
2133 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
2134 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
2135 gen_or(b0, b1);
2136 return b1;
2137
2138 default:
2139 abort();
2140 }
2141 /* this order is important */
2142 a = (u_int32_t *)addr;
2143 m = (u_int32_t *)mask;
2144 b1 = gen_mcmp(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3]));
2145 b0 = gen_mcmp(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2]));
2146 gen_and(b0, b1);
2147 b0 = gen_mcmp(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1]));
2148 gen_and(b0, b1);
2149 b0 = gen_mcmp(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0]));
2150 gen_and(b0, b1);
2151 b0 = gen_linktype(proto);
2152 gen_and(b0, b1);
2153 return b1;
2154 }
2155 #endif /*INET6*/
2156
2157 static struct block *
2158 gen_ehostop(eaddr, dir)
2159 register const u_char *eaddr;
2160 register int dir;
2161 {
2162 register struct block *b0, *b1;
2163
2164 switch (dir) {
2165 case Q_SRC:
2166 return gen_bcmp(off_mac + 6, 6, eaddr);
2167
2168 case Q_DST:
2169 return gen_bcmp(off_mac + 0, 6, eaddr);
2170
2171 case Q_AND:
2172 b0 = gen_ehostop(eaddr, Q_SRC);
2173 b1 = gen_ehostop(eaddr, Q_DST);
2174 gen_and(b0, b1);
2175 return b1;
2176
2177 case Q_DEFAULT:
2178 case Q_OR:
2179 b0 = gen_ehostop(eaddr, Q_SRC);
2180 b1 = gen_ehostop(eaddr, Q_DST);
2181 gen_or(b0, b1);
2182 return b1;
2183 }
2184 abort();
2185 /* NOTREACHED */
2186 }
2187
2188 /*
2189 * Like gen_ehostop, but for DLT_FDDI
2190 */
2191 static struct block *
2192 gen_fhostop(eaddr, dir)
2193 register const u_char *eaddr;
2194 register int dir;
2195 {
2196 struct block *b0, *b1;
2197
2198 switch (dir) {
2199 case Q_SRC:
2200 #ifdef PCAP_FDDIPAD
2201 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr);
2202 #else
2203 return gen_bcmp(6 + 1, 6, eaddr);
2204 #endif
2205
2206 case Q_DST:
2207 #ifdef PCAP_FDDIPAD
2208 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr);
2209 #else
2210 return gen_bcmp(0 + 1, 6, eaddr);
2211 #endif
2212
2213 case Q_AND:
2214 b0 = gen_fhostop(eaddr, Q_SRC);
2215 b1 = gen_fhostop(eaddr, Q_DST);
2216 gen_and(b0, b1);
2217 return b1;
2218
2219 case Q_DEFAULT:
2220 case Q_OR:
2221 b0 = gen_fhostop(eaddr, Q_SRC);
2222 b1 = gen_fhostop(eaddr, Q_DST);
2223 gen_or(b0, b1);
2224 return b1;
2225 }
2226 abort();
2227 /* NOTREACHED */
2228 }
2229
2230 /*
2231 * Like gen_ehostop, but for DLT_IEEE802 (Token Ring)
2232 */
2233 static struct block *
2234 gen_thostop(eaddr, dir)
2235 register const u_char *eaddr;
2236 register int dir;
2237 {
2238 register struct block *b0, *b1;
2239
2240 switch (dir) {
2241 case Q_SRC:
2242 return gen_bcmp(8, 6, eaddr);
2243
2244 case Q_DST:
2245 return gen_bcmp(2, 6, eaddr);
2246
2247 case Q_AND:
2248 b0 = gen_thostop(eaddr, Q_SRC);
2249 b1 = gen_thostop(eaddr, Q_DST);
2250 gen_and(b0, b1);
2251 return b1;
2252
2253 case Q_DEFAULT:
2254 case Q_OR:
2255 b0 = gen_thostop(eaddr, Q_SRC);
2256 b1 = gen_thostop(eaddr, Q_DST);
2257 gen_or(b0, b1);
2258 return b1;
2259 }
2260 abort();
2261 /* NOTREACHED */
2262 }
2263
2264 /*
2265 * Like gen_ehostop, but for DLT_IEEE802_11 (802.11 wireless LAN)
2266 */
2267 static struct block *
2268 gen_wlanhostop(eaddr, dir)
2269 register const u_char *eaddr;
2270 register int dir;
2271 {
2272 register struct block *b0, *b1, *b2;
2273 register struct slist *s;
2274
2275 switch (dir) {
2276 case Q_SRC:
2277 /*
2278 * Oh, yuk.
2279 *
2280 * For control frames, there is no SA.
2281 *
2282 * For management frames, SA is at an
2283 * offset of 10 from the beginning of
2284 * the packet.
2285 *
2286 * For data frames, SA is at an offset
2287 * of 10 from the beginning of the packet
2288 * if From DS is clear, at an offset of
2289 * 16 from the beginning of the packet
2290 * if From DS is set and To DS is clear,
2291 * and an offset of 24 from the beginning
2292 * of the packet if From DS is set and To DS
2293 * is set.
2294 */
2295
2296 /*
2297 * Generate the tests to be done for data frames
2298 * with From DS set.
2299 *
2300 * First, check for To DS set, i.e. check "link[1] & 0x01".
2301 */
2302 s = gen_load_llrel(1, BPF_B);
2303 b1 = new_block(JMP(BPF_JSET));
2304 b1->s.k = 0x01; /* To DS */
2305 b1->stmts = s;
2306
2307 /*
2308 * If To DS is set, the SA is at 24.
2309 */
2310 b0 = gen_bcmp(24, 6, eaddr);
2311 gen_and(b1, b0);
2312
2313 /*
2314 * Now, check for To DS not set, i.e. check
2315 * "!(link[1] & 0x01)".
2316 */
2317 s = gen_load_llrel(1, BPF_B);
2318 b2 = new_block(JMP(BPF_JSET));
2319 b2->s.k = 0x01; /* To DS */
2320 b2->stmts = s;
2321 gen_not(b2);
2322
2323 /*
2324 * If To DS is not set, the SA is at 16.
2325 */
2326 b1 = gen_bcmp(16, 6, eaddr);
2327 gen_and(b2, b1);
2328
2329 /*
2330 * Now OR together the last two checks. That gives
2331 * the complete set of checks for data frames with
2332 * From DS set.
2333 */
2334 gen_or(b1, b0);
2335
2336 /*
2337 * Now check for From DS being set, and AND that with
2338 * the ORed-together checks.
2339 */
2340 s = gen_load_llrel(1, BPF_B);
2341 b1 = new_block(JMP(BPF_JSET));
2342 b1->s.k = 0x02; /* From DS */
2343 b1->stmts = s;
2344 gen_and(b1, b0);
2345
2346 /*
2347 * Now check for data frames with From DS not set.
2348 */
2349 s = gen_load_llrel(1, BPF_B);
2350 b2 = new_block(JMP(BPF_JSET));
2351 b2->s.k = 0x02; /* From DS */
2352 b2->stmts = s;
2353 gen_not(b2);
2354
2355 /*
2356 * If From DS isn't set, the SA is at 10.
2357 */
2358 b1 = gen_bcmp(10, 6, eaddr);
2359 gen_and(b2, b1);
2360
2361 /*
2362 * Now OR together the checks for data frames with
2363 * From DS not set and for data frames with From DS
2364 * set; that gives the checks done for data frames.
2365 */
2366 gen_or(b1, b0);
2367
2368 /*
2369 * Now check for a data frame.
2370 * I.e, check "link[0] & 0x08".
2371 */
2372 gen_load_llrel(0, BPF_B);
2373 b1 = new_block(JMP(BPF_JSET));
2374 b1->s.k = 0x08;
2375 b1->stmts = s;
2376
2377 /*
2378 * AND that with the checks done for data frames.
2379 */
2380 gen_and(b1, b0);
2381
2382 /*
2383 * If the high-order bit of the type value is 0, this
2384 * is a management frame.
2385 * I.e, check "!(link[0] & 0x08)".
2386 */
2387 s = gen_load_llrel(0, BPF_B);
2388 b2 = new_block(JMP(BPF_JSET));
2389 b2->s.k = 0x08;
2390 b2->stmts = s;
2391 gen_not(b2);
2392
2393 /*
2394 * For management frames, the SA is at 10.
2395 */
2396 b1 = gen_bcmp(10, 6, eaddr);
2397 gen_and(b2, b1);
2398
2399 /*
2400 * OR that with the checks done for data frames.
2401 * That gives the checks done for management and
2402 * data frames.
2403 */
2404 gen_or(b1, b0);
2405
2406 /*
2407 * If the low-order bit of the type value is 1,
2408 * this is either a control frame or a frame
2409 * with a reserved type, and thus not a
2410 * frame with an SA.
2411 *
2412 * I.e., check "!(link[0] & 0x04)".
2413 */
2414 s = gen_load_llrel(0, BPF_B);
2415 b1 = new_block(JMP(BPF_JSET));
2416 b1->s.k = 0x04;
2417 b1->stmts = s;
2418 gen_not(b1);
2419
2420 /*
2421 * AND that with the checks for data and management
2422 * frames.
2423 */
2424 gen_and(b1, b0);
2425 return b0;
2426
2427 case Q_DST:
2428 /*
2429 * Oh, yuk.
2430 *
2431 * For control frames, there is no DA.
2432 *
2433 * For management frames, DA is at an
2434 * offset of 4 from the beginning of
2435 * the packet.
2436 *
2437 * For data frames, DA is at an offset
2438 * of 4 from the beginning of the packet
2439 * if To DS is clear and at an offset of
2440 * 16 from the beginning of the packet
2441 * if To DS is set.
2442 */
2443
2444 /*
2445 * Generate the tests to be done for data frames.
2446 *
2447 * First, check for To DS set, i.e. "link[1] & 0x01".
2448 */
2449 s = gen_load_llrel(1, BPF_B);
2450 b1 = new_block(JMP(BPF_JSET));
2451 b1->s.k = 0x01; /* To DS */
2452 b1->stmts = s;
2453
2454 /*
2455 * If To DS is set, the DA is at 16.
2456 */
2457 b0 = gen_bcmp(16, 6, eaddr);
2458 gen_and(b1, b0);
2459
2460 /*
2461 * Now, check for To DS not set, i.e. check
2462 * "!(link[1] & 0x01)".
2463 */
2464 s = gen_load_llrel(1, BPF_B);
2465 b2 = new_block(JMP(BPF_JSET));
2466 b2->s.k = 0x01; /* To DS */
2467 b2->stmts = s;
2468 gen_not(b2);
2469
2470 /*
2471 * If To DS is not set, the DA is at 4.
2472 */
2473 b1 = gen_bcmp(4, 6, eaddr);
2474 gen_and(b2, b1);
2475
2476 /*
2477 * Now OR together the last two checks. That gives
2478 * the complete set of checks for data frames.
2479 */
2480 gen_or(b1, b0);
2481
2482 /*
2483 * Now check for a data frame.
2484 * I.e, check "link[0] & 0x08".
2485 */
2486 s = gen_load_llrel(0, BPF_B);
2487 b1 = new_block(JMP(BPF_JSET));
2488 b1->s.k = 0x08;
2489 b1->stmts = s;
2490
2491 /*
2492 * AND that with the checks done for data frames.
2493 */
2494 gen_and(b1, b0);
2495
2496 /*
2497 * If the high-order bit of the type value is 0, this
2498 * is a management frame.
2499 * I.e, check "!(link[0] & 0x08)".
2500 */
2501 s = gen_load_llrel(0, BPF_B);
2502 b2 = new_block(JMP(BPF_JSET));
2503 b2->s.k = 0x08;
2504 b2->stmts = s;
2505 gen_not(b2);
2506
2507 /*
2508 * For management frames, the DA is at 4.
2509 */
2510 b1 = gen_bcmp(4, 6, eaddr);
2511 gen_and(b2, b1);
2512
2513 /*
2514 * OR that with the checks done for data frames.
2515 * That gives the checks done for management and
2516 * data frames.
2517 */
2518 gen_or(b1, b0);
2519
2520 /*
2521 * If the low-order bit of the type value is 1,
2522 * this is either a control frame or a frame
2523 * with a reserved type, and thus not a
2524 * frame with an SA.
2525 *
2526 * I.e., check "!(link[0] & 0x04)".
2527 */
2528 s = gen_load_llrel(0, BPF_B);
2529 b1 = new_block(JMP(BPF_JSET));
2530 b1->s.k = 0x04;
2531 b1->stmts = s;
2532 gen_not(b1);
2533
2534 /*
2535 * AND that with the checks for data and management
2536 * frames.
2537 */
2538 gen_and(b1, b0);
2539 return b0;
2540
2541 case Q_AND:
2542 b0 = gen_wlanhostop(eaddr, Q_SRC);
2543 b1 = gen_wlanhostop(eaddr, Q_DST);
2544 gen_and(b0, b1);
2545 return b1;
2546
2547 case Q_DEFAULT:
2548 case Q_OR:
2549 b0 = gen_wlanhostop(eaddr, Q_SRC);
2550 b1 = gen_wlanhostop(eaddr, Q_DST);
2551 gen_or(b0, b1);
2552 return b1;
2553 }
2554 abort();
2555 /* NOTREACHED */
2556 }
2557
2558 /*
2559 * Like gen_ehostop, but for RFC 2625 IP-over-Fibre-Channel.
2560 * (We assume that the addresses are IEEE 48-bit MAC addresses,
2561 * as the RFC states.)
2562 */
2563 static struct block *
2564 gen_ipfchostop(eaddr, dir)
2565 register const u_char *eaddr;
2566 register int dir;
2567 {
2568 register struct block *b0, *b1;
2569
2570 switch (dir) {
2571 case Q_SRC:
2572 return gen_bcmp(10, 6, eaddr);
2573
2574 case Q_DST:
2575 return gen_bcmp(2, 6, eaddr);
2576
2577 case Q_AND:
2578 b0 = gen_ipfchostop(eaddr, Q_SRC);
2579 b1 = gen_ipfchostop(eaddr, Q_DST);
2580 gen_and(b0, b1);
2581 return b1;
2582
2583 case Q_DEFAULT:
2584 case Q_OR:
2585 b0 = gen_ipfchostop(eaddr, Q_SRC);
2586 b1 = gen_ipfchostop(eaddr, Q_DST);
2587 gen_or(b0, b1);
2588 return b1;
2589 }
2590 abort();
2591 /* NOTREACHED */
2592 }
2593
2594 /*
2595 * This is quite tricky because there may be pad bytes in front of the
2596 * DECNET header, and then there are two possible data packet formats that
2597 * carry both src and dst addresses, plus 5 packet types in a format that
2598 * carries only the src node, plus 2 types that use a different format and
2599 * also carry just the src node.
2600 *
2601 * Yuck.
2602 *
2603 * Instead of doing those all right, we just look for data packets with
2604 * 0 or 1 bytes of padding. If you want to look at other packets, that
2605 * will require a lot more hacking.
2606 *
2607 * To add support for filtering on DECNET "areas" (network numbers)
2608 * one would want to add a "mask" argument to this routine. That would
2609 * make the filter even more inefficient, although one could be clever
2610 * and not generate masking instructions if the mask is 0xFFFF.
2611 */
2612 static struct block *
2613 gen_dnhostop(addr, dir, base_off)
2614 bpf_u_int32 addr;
2615 int dir;
2616 u_int base_off;
2617 {
2618 struct block *b0, *b1, *b2, *tmp;
2619 u_int offset_lh; /* offset if long header is received */
2620 u_int offset_sh; /* offset if short header is received */
2621
2622 switch (dir) {
2623
2624 case Q_DST:
2625 offset_sh = 1; /* follows flags */
2626 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */
2627 break;
2628
2629 case Q_SRC:
2630 offset_sh = 3; /* follows flags, dstnode */
2631 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */
2632 break;
2633
2634 case Q_AND:
2635 /* Inefficient because we do our Calvinball dance twice */
2636 b0 = gen_dnhostop(addr, Q_SRC, base_off);
2637 b1 = gen_dnhostop(addr, Q_DST, base_off);
2638 gen_and(b0, b1);
2639 return b1;
2640
2641 case Q_OR:
2642 case Q_DEFAULT:
2643 /* Inefficient because we do our Calvinball dance twice */
2644 b0 = gen_dnhostop(addr, Q_SRC, base_off);
2645 b1 = gen_dnhostop(addr, Q_DST, base_off);
2646 gen_or(b0, b1);
2647 return b1;
2648
2649 case Q_ISO:
2650 bpf_error("ISO host filtering not implemented");
2651
2652 default:
2653 abort();
2654 }
2655 b0 = gen_linktype(ETHERTYPE_DN);
2656 /* Check for pad = 1, long header case */
2657 tmp = gen_mcmp(base_off + 2, BPF_H,
2658 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF));
2659 b1 = gen_cmp(base_off + 2 + 1 + offset_lh,
2660 BPF_H, (bpf_int32)ntohs(addr));
2661 gen_and(tmp, b1);
2662 /* Check for pad = 0, long header case */
2663 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7);
2664 b2 = gen_cmp(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr));
2665 gen_and(tmp, b2);
2666 gen_or(b2, b1);
2667 /* Check for pad = 1, short header case */
2668 tmp = gen_mcmp(base_off + 2, BPF_H,
2669 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF));
2670 b2 = gen_cmp(base_off + 2 + 1 + offset_sh,
2671 BPF_H, (bpf_int32)ntohs(addr));
2672 gen_and(tmp, b2);
2673 gen_or(b2, b1);
2674 /* Check for pad = 0, short header case */
2675 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7);
2676 b2 = gen_cmp(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr));
2677 gen_and(tmp, b2);
2678 gen_or(b2, b1);
2679
2680 /* Combine with test for linktype */
2681 gen_and(b0, b1);
2682 return b1;
2683 }
2684
2685 static struct block *
2686 gen_host(addr, mask, proto, dir)
2687 bpf_u_int32 addr;
2688 bpf_u_int32 mask;
2689 int proto;
2690 int dir;
2691 {
2692 struct block *b0, *b1;
2693
2694 switch (proto) {
2695
2696 case Q_DEFAULT:
2697 b0 = gen_host(addr, mask, Q_IP, dir);
2698 if (off_linktype != (u_int)-1) {
2699 b1 = gen_host(addr, mask, Q_ARP, dir);
2700 gen_or(b0, b1);
2701 b0 = gen_host(addr, mask, Q_RARP, dir);
2702 gen_or(b1, b0);
2703 }
2704 return b0;
2705
2706 case Q_IP:
2707 return gen_hostop(addr, mask, dir, ETHERTYPE_IP,
2708 off_nl + 12, off_nl + 16);
2709
2710 case Q_RARP:
2711 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP,
2712 off_nl + 14, off_nl + 24);
2713
2714 case Q_ARP:
2715 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP,
2716 off_nl + 14, off_nl + 24);
2717
2718 case Q_TCP:
2719 bpf_error("'tcp' modifier applied to host");
2720
2721 case Q_SCTP:
2722 bpf_error("'sctp' modifier applied to host");
2723
2724 case Q_UDP:
2725 bpf_error("'udp' modifier applied to host");
2726
2727 case Q_ICMP:
2728 bpf_error("'icmp' modifier applied to host");
2729
2730 case Q_IGMP:
2731 bpf_error("'igmp' modifier applied to host");
2732
2733 case Q_IGRP:
2734 bpf_error("'igrp' modifier applied to host");
2735
2736 case Q_PIM:
2737 bpf_error("'pim' modifier applied to host");
2738
2739 case Q_VRRP:
2740 bpf_error("'vrrp' modifier applied to host");
2741
2742 case Q_ATALK:
2743 bpf_error("ATALK host filtering not implemented");
2744
2745 case Q_AARP:
2746 bpf_error("AARP host filtering not implemented");
2747
2748 case Q_DECNET:
2749 return gen_dnhostop(addr, dir, off_nl);
2750
2751 case Q_SCA:
2752 bpf_error("SCA host filtering not implemented");
2753
2754 case Q_LAT:
2755 bpf_error("LAT host filtering not implemented");
2756
2757 case Q_MOPDL:
2758 bpf_error("MOPDL host filtering not implemented");
2759
2760 case Q_MOPRC:
2761 bpf_error("MOPRC host filtering not implemented");
2762
2763 #ifdef INET6
2764 case Q_IPV6:
2765 bpf_error("'ip6' modifier applied to ip host");
2766
2767 case Q_ICMPV6:
2768 bpf_error("'icmp6' modifier applied to host");
2769 #endif /* INET6 */
2770
2771 case Q_AH:
2772 bpf_error("'ah' modifier applied to host");
2773
2774 case Q_ESP:
2775 bpf_error("'esp' modifier applied to host");
2776
2777 case Q_ISO:
2778 bpf_error("ISO host filtering not implemented");
2779
2780 case Q_ESIS:
2781 bpf_error("'esis' modifier applied to host");
2782
2783 case Q_ISIS:
2784 bpf_error("'isis' modifier applied to host");
2785
2786 case Q_CLNP:
2787 bpf_error("'clnp' modifier applied to host");
2788
2789 case Q_STP:
2790 bpf_error("'stp' modifier applied to host");
2791
2792 case Q_IPX:
2793 bpf_error("IPX host filtering not implemented");
2794
2795 case Q_NETBEUI:
2796 bpf_error("'netbeui' modifier applied to host");
2797
2798 default:
2799 abort();
2800 }
2801 /* NOTREACHED */
2802 }
2803
2804 #ifdef INET6
2805 static struct block *
2806 gen_host6(addr, mask, proto, dir)
2807 struct in6_addr *addr;
2808 struct in6_addr *mask;
2809 int proto;
2810 int dir;
2811 {
2812 switch (proto) {
2813
2814 case Q_DEFAULT:
2815 return gen_host6(addr, mask, Q_IPV6, dir);
2816
2817 case Q_IP:
2818 bpf_error("'ip' modifier applied to ip6 host");
2819
2820 case Q_RARP:
2821 bpf_error("'rarp' modifier applied to ip6 host");
2822
2823 case Q_ARP:
2824 bpf_error("'arp' modifier applied to ip6 host");
2825
2826 case Q_SCTP:
2827 bpf_error("'sctp' modifier applied to host");
2828
2829 case Q_TCP:
2830 bpf_error("'tcp' modifier applied to host");
2831
2832 case Q_UDP:
2833 bpf_error("'udp' modifier applied to host");
2834
2835 case Q_ICMP:
2836 bpf_error("'icmp' modifier applied to host");
2837
2838 case Q_IGMP:
2839 bpf_error("'igmp' modifier applied to host");
2840
2841 case Q_IGRP:
2842 bpf_error("'igrp' modifier applied to host");
2843
2844 case Q_PIM:
2845 bpf_error("'pim' modifier applied to host");
2846
2847 case Q_VRRP:
2848 bpf_error("'vrrp' modifier applied to host");
2849
2850 case Q_ATALK:
2851 bpf_error("ATALK host filtering not implemented");
2852
2853 case Q_AARP:
2854 bpf_error("AARP host filtering not implemented");
2855
2856 case Q_DECNET:
2857 bpf_error("'decnet' modifier applied to ip6 host");
2858
2859 case Q_SCA:
2860 bpf_error("SCA host filtering not implemented");
2861
2862 case Q_LAT:
2863 bpf_error("LAT host filtering not implemented");
2864
2865 case Q_MOPDL:
2866 bpf_error("MOPDL host filtering not implemented");
2867
2868 case Q_MOPRC:
2869 bpf_error("MOPRC host filtering not implemented");
2870
2871 case Q_IPV6:
2872 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6,
2873 off_nl + 8, off_nl + 24);
2874
2875 case Q_ICMPV6:
2876 bpf_error("'icmp6' modifier applied to host");
2877
2878 case Q_AH:
2879 bpf_error("'ah' modifier applied to host");
2880
2881 case Q_ESP:
2882 bpf_error("'esp' modifier applied to host");
2883
2884 case Q_ISO:
2885 bpf_error("ISO host filtering not implemented");
2886
2887 case Q_ESIS:
2888 bpf_error("'esis' modifier applied to host");
2889
2890 case Q_ISIS:
2891 bpf_error("'isis' modifier applied to host");
2892
2893 case Q_CLNP:
2894 bpf_error("'clnp' modifier applied to host");
2895
2896 case Q_STP:
2897 bpf_error("'stp' modifier applied to host");
2898
2899 case Q_IPX:
2900 bpf_error("IPX host filtering not implemented");
2901
2902 case Q_NETBEUI:
2903 bpf_error("'netbeui' modifier applied to host");
2904
2905 default:
2906 abort();
2907 }
2908 /* NOTREACHED */
2909 }
2910 #endif /*INET6*/
2911
2912 #ifndef INET6
2913 static struct block *
2914 gen_gateway(eaddr, alist, proto, dir)
2915 const u_char *eaddr;
2916 bpf_u_int32 **alist;
2917 int proto;
2918 int dir;
2919 {
2920 struct block *b0, *b1, *tmp;
2921
2922 if (dir != 0)
2923 bpf_error("direction applied to 'gateway'");
2924
2925 switch (proto) {
2926 case Q_DEFAULT:
2927 case Q_IP:
2928 case Q_ARP:
2929 case Q_RARP:
2930 if (linktype == DLT_EN10MB)
2931 b0 = gen_ehostop(eaddr, Q_OR);
2932 else if (linktype == DLT_FDDI)
2933 b0 = gen_fhostop(eaddr, Q_OR);
2934 else if (linktype == DLT_IEEE802)
2935 b0 = gen_thostop(eaddr, Q_OR);
2936 else if (linktype == DLT_IEEE802_11)
2937 b0 = gen_wlanhostop(eaddr, Q_OR);
2938 else if (linktype == DLT_SUNATM && is_lane) {
2939 /*
2940 * Check that the packet doesn't begin with an
2941 * LE Control marker. (We've already generated
2942 * a test for LANE.)
2943 */
2944 b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
2945 gen_not(b1);
2946
2947 /*
2948 * Now check the MAC address.
2949 */
2950 b0 = gen_ehostop(eaddr, Q_OR);
2951 gen_and(b1, b0);
2952 } else if (linktype == DLT_IP_OVER_FC)
2953 b0 = gen_ipfchostop(eaddr, Q_OR);
2954 else
2955 bpf_error(
2956 "'gateway' supported only on ethernet/FDDI/token ring/802.11/Fibre Channel");
2957
2958 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR);
2959 while (*alist) {
2960 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR);
2961 gen_or(b1, tmp);
2962 b1 = tmp;
2963 }
2964 gen_not(b1);
2965 gen_and(b0, b1);
2966 return b1;
2967 }
2968 bpf_error("illegal modifier of 'gateway'");
2969 /* NOTREACHED */
2970 }
2971 #endif
2972
2973 struct block *
2974 gen_proto_abbrev(proto)
2975 int proto;
2976 {
2977 struct block *b0;
2978 struct block *b1;
2979
2980 switch (proto) {
2981
2982 case Q_SCTP:
2983 b1 = gen_proto(IPPROTO_SCTP, Q_IP, Q_DEFAULT);
2984 #ifdef INET6
2985 b0 = gen_proto(IPPROTO_SCTP, Q_IPV6, Q_DEFAULT);
2986 gen_or(b0, b1);
2987 #endif
2988 break;
2989
2990 case Q_TCP:
2991 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT);
2992 #ifdef INET6
2993 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT);
2994 gen_or(b0, b1);
2995 #endif
2996 break;
2997
2998 case Q_UDP:
2999 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT);
3000 #ifdef INET6
3001 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT);
3002 gen_or(b0, b1);
3003 #endif
3004 break;
3005
3006 case Q_ICMP:
3007 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT);
3008 break;
3009
3010 #ifndef IPPROTO_IGMP
3011 #define IPPROTO_IGMP 2
3012 #endif
3013
3014 case Q_IGMP:
3015 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT);
3016 break;
3017
3018 #ifndef IPPROTO_IGRP
3019 #define IPPROTO_IGRP 9
3020 #endif
3021 case Q_IGRP:
3022 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT);
3023 break;
3024
3025 #ifndef IPPROTO_PIM
3026 #define IPPROTO_PIM 103
3027 #endif
3028
3029 case Q_PIM:
3030 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT);
3031 #ifdef INET6
3032 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT);
3033 gen_or(b0, b1);
3034 #endif
3035 break;
3036
3037 #ifndef IPPROTO_VRRP
3038 #define IPPROTO_VRRP 112
3039 #endif
3040
3041 case Q_VRRP:
3042 b1 = gen_proto(IPPROTO_VRRP, Q_IP, Q_DEFAULT);
3043 break;
3044
3045 case Q_IP:
3046 b1 = gen_linktype(ETHERTYPE_IP);
3047 break;
3048
3049 case Q_ARP:
3050 b1 = gen_linktype(ETHERTYPE_ARP);
3051 break;
3052
3053 case Q_RARP:
3054 b1 = gen_linktype(ETHERTYPE_REVARP);
3055 break;
3056
3057 case Q_LINK:
3058 bpf_error("link layer applied in wrong context");
3059
3060 case Q_ATALK:
3061 b1 = gen_linktype(ETHERTYPE_ATALK);
3062 break;
3063
3064 case Q_AARP:
3065 b1 = gen_linktype(ETHERTYPE_AARP);
3066 break;
3067
3068 case Q_DECNET:
3069 b1 = gen_linktype(ETHERTYPE_DN);
3070 break;
3071
3072 case Q_SCA:
3073 b1 = gen_linktype(ETHERTYPE_SCA);
3074 break;
3075
3076 case Q_LAT:
3077 b1 = gen_linktype(ETHERTYPE_LAT);
3078 break;
3079
3080 case Q_MOPDL:
3081 b1 = gen_linktype(ETHERTYPE_MOPDL);
3082 break;
3083
3084 case Q_MOPRC:
3085 b1 = gen_linktype(ETHERTYPE_MOPRC);
3086 break;
3087
3088 #ifdef INET6
3089 case Q_IPV6:
3090 b1 = gen_linktype(ETHERTYPE_IPV6);
3091 break;
3092
3093 #ifndef IPPROTO_ICMPV6
3094 #define IPPROTO_ICMPV6 58
3095 #endif
3096 case Q_ICMPV6:
3097 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT);
3098 break;
3099 #endif /* INET6 */
3100
3101 #ifndef IPPROTO_AH
3102 #define IPPROTO_AH 51
3103 #endif
3104 case Q_AH:
3105 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT);
3106 #ifdef INET6
3107 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT);
3108 gen_or(b0, b1);
3109 #endif
3110 break;
3111
3112 #ifndef IPPROTO_ESP
3113 #define IPPROTO_ESP 50
3114 #endif
3115 case Q_ESP:
3116 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT);
3117 #ifdef INET6
3118 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT);
3119 gen_or(b0, b1);
3120 #endif
3121 break;
3122
3123 case Q_ISO:
3124 b1 = gen_linktype(LLCSAP_ISONS);
3125 break;
3126
3127 case Q_ESIS:
3128 b1 = gen_proto(ISO9542_ESIS, Q_ISO, Q_DEFAULT);
3129 break;
3130
3131 case Q_ISIS:
3132 b1 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT);
3133 break;
3134
3135 case Q_ISIS_L1: /* all IS-IS Level1 PDU-Types */
3136 b0 = gen_proto(ISIS_L1_LAN_IIH, Q_ISIS, Q_DEFAULT);
3137 b1 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT); /* FIXME extract the circuit-type bits */
3138 gen_or(b0, b1);
3139 b0 = gen_proto(ISIS_L1_LSP, Q_ISIS, Q_DEFAULT);
3140 gen_or(b0, b1);
3141 b0 = gen_proto(ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT);
3142 gen_or(b0, b1);
3143 b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT);
3144 gen_or(b0, b1);
3145 break;
3146
3147 case Q_ISIS_L2: /* all IS-IS Level2 PDU-Types */
3148 b0 = gen_proto(ISIS_L2_LAN_IIH, Q_ISIS, Q_DEFAULT);
3149 b1 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT); /* FIXME extract the circuit-type bits */
3150 gen_or(b0, b1);
3151 b0 = gen_proto(ISIS_L2_LSP, Q_ISIS, Q_DEFAULT);
3152 gen_or(b0, b1);
3153 b0 = gen_proto(ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT);
3154 gen_or(b0, b1);
3155 b0 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT);
3156 gen_or(b0, b1);
3157 break;
3158
3159 case Q_ISIS_IIH: /* all IS-IS Hello PDU-Types */
3160 b0 = gen_proto(ISIS_L1_LAN_IIH, Q_ISIS, Q_DEFAULT);
3161 b1 = gen_proto(ISIS_L2_LAN_IIH, Q_ISIS, Q_DEFAULT);
3162 gen_or(b0, b1);
3163 b0 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT);
3164 gen_or(b0, b1);
3165 break;
3166
3167 case Q_ISIS_LSP:
3168 b0 = gen_proto(ISIS_L1_LSP, Q_ISIS, Q_DEFAULT);
3169 b1 = gen_proto(ISIS_L2_LSP, Q_ISIS, Q_DEFAULT);
3170 gen_or(b0, b1);
3171 break;
3172
3173 case Q_ISIS_SNP:
3174 b0 = gen_proto(ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT);
3175 b1 = gen_proto(ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT);
3176 gen_or(b0, b1);
3177 b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT);
3178 gen_or(b0, b1);
3179 b0 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT);
3180 gen_or(b0, b1);
3181 break;
3182
3183 case Q_ISIS_CSNP:
3184 b0 = gen_proto(ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT);
3185 b1 = gen_proto(ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT);
3186 gen_or(b0, b1);
3187 break;
3188
3189 case Q_ISIS_PSNP:
3190 b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT);
3191 b1 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT);
3192 gen_or(b0, b1);
3193 break;
3194
3195 case Q_CLNP:
3196 b1 = gen_proto(ISO8473_CLNP, Q_ISO, Q_DEFAULT);
3197 break;
3198
3199 case Q_STP:
3200 b1 = gen_linktype(LLCSAP_8021D);
3201 break;
3202
3203 case Q_IPX:
3204 b1 = gen_linktype(LLCSAP_IPX);
3205 break;
3206
3207 case Q_NETBEUI:
3208 b1 = gen_linktype(LLCSAP_NETBEUI);
3209 break;
3210
3211 default:
3212 abort();
3213 }
3214 return b1;
3215 }
3216
3217 static struct block *
3218 gen_ipfrag()
3219 {
3220 struct slist *s;
3221 struct block *b;
3222
3223 /* not ip frag */
3224 s = gen_load_nlrel(6, BPF_H);
3225 b = new_block(JMP(BPF_JSET));
3226 b->s.k = 0x1fff;
3227 b->stmts = s;
3228 gen_not(b);
3229
3230 return b;
3231 }
3232
3233 static struct block *
3234 gen_portatom(off, v)
3235 int off;
3236 bpf_int32 v;
3237 {
3238 struct slist *s;
3239 struct block *b;
3240
3241 s = gen_load_ipv4tlrel(off, BPF_H);
3242
3243 b = new_block(JMP(BPF_JEQ));
3244 b->stmts = s;
3245 b->s.k = v;
3246
3247 return b;
3248 }
3249
3250 #ifdef INET6
3251 static struct block *
3252 gen_portatom6(off, v)
3253 int off;
3254 bpf_int32 v;
3255 {
3256 return gen_cmp(off_nl + 40 + off, BPF_H, v);
3257 }
3258 #endif/*INET6*/
3259
3260 struct block *
3261 gen_portop(port, proto, dir)
3262 int port, proto, dir;
3263 {
3264 struct block *b0, *b1, *tmp;
3265
3266 /* ip proto 'proto' */
3267 tmp = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)proto);
3268 b0 = gen_ipfrag();
3269 gen_and(tmp, b0);
3270
3271 switch (dir) {
3272 case Q_SRC:
3273 b1 = gen_portatom(0, (bpf_int32)port);
3274 break;
3275
3276 case Q_DST:
3277 b1 = gen_portatom(2, (bpf_int32)port);
3278 break;
3279
3280 case Q_OR:
3281 case Q_DEFAULT:
3282 tmp = gen_portatom(0, (bpf_int32)port);
3283 b1 = gen_portatom(2, (bpf_int32)port);
3284 gen_or(tmp, b1);
3285 break;
3286
3287 case Q_AND:
3288 tmp = gen_portatom(0, (bpf_int32)port);
3289 b1 = gen_portatom(2, (bpf_int32)port);
3290 gen_and(tmp, b1);
3291 break;
3292
3293 default:
3294 abort();
3295 }
3296 gen_and(b0, b1);
3297
3298 return b1;
3299 }
3300
3301 static struct block *
3302 gen_port(port, ip_proto, dir)
3303 int port;
3304 int ip_proto;
3305 int dir;
3306 {
3307 struct block *b0, *b1, *tmp;
3308
3309 /*
3310 * ether proto ip
3311 *
3312 * For FDDI, RFC 1188 says that SNAP encapsulation is used,
3313 * not LLC encapsulation with LLCSAP_IP.
3314 *
3315 * For IEEE 802 networks - which includes 802.5 token ring
3316 * (which is what DLT_IEEE802 means) and 802.11 - RFC 1042
3317 * says that SNAP encapsulation is used, not LLC encapsulation
3318 * with LLCSAP_IP.
3319 *
3320 * For LLC-encapsulated ATM/"Classical IP", RFC 1483 and
3321 * RFC 2225 say that SNAP encapsulation is used, not LLC
3322 * encapsulation with LLCSAP_IP.
3323 *
3324 * So we always check for ETHERTYPE_IP.
3325 */
3326 b0 = gen_linktype(ETHERTYPE_IP);
3327
3328 switch (ip_proto) {
3329 case IPPROTO_UDP:
3330 case IPPROTO_TCP:
3331 case IPPROTO_SCTP:
3332 b1 = gen_portop(port, ip_proto, dir);
3333 break;
3334
3335 case PROTO_UNDEF:
3336 tmp = gen_portop(port, IPPROTO_TCP, dir);
3337 b1 = gen_portop(port, IPPROTO_UDP, dir);
3338 gen_or(tmp, b1);
3339 tmp = gen_portop(port, IPPROTO_SCTP, dir);
3340 gen_or(tmp, b1);
3341 break;
3342
3343 default:
3344 abort();
3345 }
3346 gen_and(b0, b1);
3347 return b1;
3348 }
3349
3350 #ifdef INET6
3351 struct block *
3352 gen_portop6(port, proto, dir)
3353 int port, proto, dir;
3354 {
3355 struct block *b0, *b1, *tmp;
3356
3357 /* ip6 proto 'proto' */
3358 b0 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)proto);
3359
3360 switch (dir) {
3361 case Q_SRC:
3362 b1 = gen_portatom6(0, (bpf_int32)port);
3363 break;
3364
3365 case Q_DST:
3366 b1 = gen_portatom6(2, (bpf_int32)port);
3367 break;
3368
3369 case Q_OR:
3370 case Q_DEFAULT:
3371 tmp = gen_portatom6(0, (bpf_int32)port);
3372 b1 = gen_portatom6(2, (bpf_int32)port);
3373 gen_or(tmp, b1);
3374 break;
3375
3376 case Q_AND:
3377 tmp = gen_portatom6(0, (bpf_int32)port);
3378 b1 = gen_portatom6(2, (bpf_int32)port);
3379 gen_and(tmp, b1);
3380 break;
3381
3382 default:
3383 abort();
3384 }
3385 gen_and(b0, b1);
3386
3387 return b1;
3388 }
3389
3390 static struct block *
3391 gen_port6(port, ip_proto, dir)
3392 int port;
3393 int ip_proto;
3394 int dir;
3395 {
3396 struct block *b0, *b1, *tmp;
3397
3398 /* link proto ip6 */
3399 b0 = gen_linktype(ETHERTYPE_IPV6);
3400
3401 switch (ip_proto) {
3402 case IPPROTO_UDP:
3403 case IPPROTO_TCP:
3404 case IPPROTO_SCTP:
3405 b1 = gen_portop6(port, ip_proto, dir);
3406 break;
3407
3408 case PROTO_UNDEF:
3409 tmp = gen_portop6(port, IPPROTO_TCP, dir);
3410 b1 = gen_portop6(port, IPPROTO_UDP, dir);
3411 gen_or(tmp, b1);
3412 tmp = gen_portop6(port, IPPROTO_SCTP, dir);
3413 gen_or(tmp, b1);
3414 break;
3415
3416 default:
3417 abort();
3418 }
3419 gen_and(b0, b1);
3420 return b1;
3421 }
3422 #endif /* INET6 */
3423
3424 /* gen_portrange code */
3425 static struct block *
3426 gen_portrangeatom(off, v1, v2)
3427 int off;
3428 bpf_int32 v1, v2;
3429 {
3430 struct slist *s1, *s2;
3431 struct block *b1, *b2;
3432
3433 if (v1 > v2) {
3434 /*
3435 * Reverse the order of the ports, so v1 is the lower one.
3436 */
3437 bpf_int32 vtemp;
3438
3439 vtemp = v1;
3440 v1 = v2;
3441 v2 = vtemp;
3442 }
3443
3444 s1 = gen_load_ipv4tlrel(off, BPF_H);
3445
3446 b1 = new_block(JMP(BPF_JGE));
3447 b1->stmts = s1;
3448 b1->s.k = v1;
3449
3450 s2 = gen_load_ipv4tlrel(off, BPF_H);
3451
3452 b2 = new_block(JMP(BPF_JGT));
3453 gen_not(b2);
3454 b2->stmts = s2;
3455 b2->s.k = v2;
3456
3457 gen_and(b1, b2);
3458
3459 return b2;
3460 }
3461
3462 struct block *
3463 gen_portrangeop(port1, port2, proto, dir)
3464 int port1, port2;
3465 int proto;
3466 int dir;
3467 {
3468 struct block *b0, *b1, *tmp;
3469
3470 /* ip proto 'proto' */
3471 tmp = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)proto);
3472 b0 = gen_ipfrag();
3473 gen_and(tmp, b0);
3474
3475 switch (dir) {
3476 case Q_SRC:
3477 b1 = gen_portrangeatom(0, (bpf_int32)port1, (bpf_int32)port2);
3478 break;
3479
3480 case Q_DST:
3481 b1 = gen_portrangeatom(2, (bpf_int32)port1, (bpf_int32)port2);
3482 break;
3483
3484 case Q_OR:
3485 case Q_DEFAULT:
3486 tmp = gen_portrangeatom(0, (bpf_int32)port1, (bpf_int32)port2);
3487 b1 = gen_portrangeatom(2, (bpf_int32)port1, (bpf_int32)port2);
3488 gen_or(tmp, b1);
3489 break;
3490
3491 case Q_AND:
3492 tmp = gen_portrangeatom(0, (bpf_int32)port1, (bpf_int32)port2);
3493 b1 = gen_portrangeatom(2, (bpf_int32)port1, (bpf_int32)port2);
3494 gen_and(tmp, b1);
3495 break;
3496
3497 default:
3498 abort();
3499 }
3500 gen_and(b0, b1);
3501
3502 return b1;
3503 }
3504
3505 static struct block *
3506 gen_portrange(port1, port2, ip_proto, dir)
3507 int port1, port2;
3508 int ip_proto;
3509 int dir;
3510 {
3511 struct block *b0, *b1, *tmp;
3512
3513 /* link proto ip */
3514 b0 = gen_linktype(ETHERTYPE_IP);
3515
3516 switch (ip_proto) {
3517 case IPPROTO_UDP:
3518 case IPPROTO_TCP:
3519 case IPPROTO_SCTP:
3520 b1 = gen_portrangeop(port1, port2, ip_proto, dir);
3521 break;
3522
3523 case PROTO_UNDEF:
3524 tmp = gen_portrangeop(port1, port2, IPPROTO_TCP, dir);
3525 b1 = gen_portrangeop(port1, port2, IPPROTO_UDP, dir);
3526 gen_or(tmp, b1);
3527 tmp = gen_portrangeop(port1, port2, IPPROTO_SCTP, dir);
3528 gen_or(tmp, b1);
3529 break;
3530
3531 default:
3532 abort();
3533 }
3534 gen_and(b0, b1);
3535 return b1;
3536 }
3537
3538 #ifdef INET6
3539 static struct block *
3540 gen_portrangeatom6(off, v1, v2)
3541 int off;
3542 bpf_int32 v1, v2;
3543 {
3544 struct slist *s1, *s2;
3545 struct block *b1, *b2;
3546
3547 if (v1 > v2) {
3548 /*
3549 * Reverse the order of the ports, so v1 is the lower one.
3550 */
3551 bpf_int32 vtemp;
3552
3553 vtemp = v1;
3554 v1 = v2;
3555 v2 = vtemp;
3556 }
3557
3558 s1 = gen_load_nlrel(40 + off, BPF_H);
3559
3560 b1 = new_block(JMP(BPF_JGE));
3561 b1->stmts = s1;
3562 b1->s.k = v1;
3563
3564 s2 = gen_load_nlrel(40 + off, BPF_H);
3565
3566 b2 = new_block(JMP(BPF_JGT));
3567 gen_not(b2);
3568 b2->stmts = s2;
3569 b2->s.k = v2;
3570
3571 gen_and(b1, b2);
3572
3573 return b2;
3574 }
3575
3576 struct block *
3577 gen_portrangeop6(port1, port2, proto, dir)
3578 int port1, port2;
3579 int proto;
3580 int dir;
3581 {
3582 struct block *b0, *b1, *tmp;
3583
3584 /* ip6 proto 'proto' */
3585 b0 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)proto);
3586
3587 switch (dir) {
3588 case Q_SRC:
3589 b1 = gen_portrangeatom6(0, (bpf_int32)port1, (bpf_int32)port2);
3590 break;
3591
3592 case Q_DST:
3593 b1 = gen_portrangeatom6(2, (bpf_int32)port1, (bpf_int32)port2);
3594 break;
3595
3596 case Q_OR:
3597 case Q_DEFAULT:
3598 tmp = gen_portrangeatom6(0, (bpf_int32)port1, (bpf_int32)port2);
3599 b1 = gen_portrangeatom6(2, (bpf_int32)port1, (bpf_int32)port2);
3600 gen_or(tmp, b1);
3601 break;
3602
3603 case Q_AND:
3604 tmp = gen_portrangeatom6(0, (bpf_int32)port1, (bpf_int32)port2);
3605 b1 = gen_portrangeatom6(2, (bpf_int32)port1, (bpf_int32)port2);
3606 gen_and(tmp, b1);
3607 break;
3608
3609 default:
3610 abort();
3611 }
3612 gen_and(b0, b1);
3613
3614 return b1;
3615 }
3616
3617 static struct block *
3618 gen_portrange6(port1, port2, ip_proto, dir)
3619 int port1, port2;
3620 int ip_proto;
3621 int dir;
3622 {
3623 struct block *b0, *b1, *tmp;
3624
3625 /* link proto ip6 */
3626 b0 = gen_linktype(ETHERTYPE_IPV6);
3627
3628 switch (ip_proto) {
3629 case IPPROTO_UDP:
3630 case IPPROTO_TCP:
3631 case IPPROTO_SCTP:
3632 b1 = gen_portrangeop6(port1, port2, ip_proto, dir);
3633 break;
3634
3635 case PROTO_UNDEF:
3636 tmp = gen_portrangeop6(port1, port2, IPPROTO_TCP, dir);
3637 b1 = gen_portrangeop6(port1, port2, IPPROTO_UDP, dir);
3638 gen_or(tmp, b1);
3639 tmp = gen_portrangeop6(port1, port2, IPPROTO_SCTP, dir);
3640 gen_or(tmp, b1);
3641 break;
3642
3643 default:
3644 abort();
3645 }
3646 gen_and(b0, b1);
3647 return b1;
3648 }
3649 #endif /* INET6 */
3650
3651 static int
3652 lookup_proto(name, proto)
3653 register const char *name;
3654 register int proto;
3655 {
3656 register int v;
3657
3658 switch (proto) {
3659
3660 case Q_DEFAULT:
3661 case Q_IP:
3662 case Q_IPV6:
3663 v = pcap_nametoproto(name);
3664 if (v == PROTO_UNDEF)
3665 bpf_error("unknown ip proto '%s'", name);
3666 break;
3667
3668 case Q_LINK:
3669 /* XXX should look up h/w protocol type based on linktype */
3670 v = pcap_nametoeproto(name);
3671 if (v == PROTO_UNDEF) {
3672 v = pcap_nametollc(name);
3673 if (v == PROTO_UNDEF)
3674 bpf_error("unknown ether proto '%s'", name);
3675 }
3676 break;
3677
3678 case Q_ISO:
3679 if (strcmp(name, "esis") == 0)
3680 v = ISO9542_ESIS;
3681 else if (strcmp(name, "isis") == 0)
3682 v = ISO10589_ISIS;
3683 else if (strcmp(name, "clnp") == 0)
3684 v = ISO8473_CLNP;
3685 else
3686 bpf_error("unknown osi proto '%s'", name);
3687 break;
3688
3689 default:
3690 v = PROTO_UNDEF;
3691 break;
3692 }
3693 return v;
3694 }
3695
3696 #if 0
3697 struct stmt *
3698 gen_joinsp(s, n)
3699 struct stmt **s;
3700 int n;
3701 {
3702 return NULL;
3703 }
3704 #endif
3705
3706 static struct block *
3707 gen_protochain(v, proto, dir)
3708 int v;
3709 int proto;
3710 int dir;
3711 {
3712 #ifdef NO_PROTOCHAIN
3713 return gen_proto(v, proto, dir);
3714 #else
3715 struct block *b0, *b;
3716 struct slist *s[100];
3717 int fix2, fix3, fix4, fix5;
3718 int ahcheck, again, end;
3719 int i, max;
3720 int reg2 = alloc_reg();
3721
3722 memset(s, 0, sizeof(s));
3723 fix2 = fix3 = fix4 = fix5 = 0;
3724
3725 switch (proto) {
3726 case Q_IP:
3727 case Q_IPV6:
3728 break;
3729 case Q_DEFAULT:
3730 b0 = gen_protochain(v, Q_IP, dir);
3731 b = gen_protochain(v, Q_IPV6, dir);
3732 gen_or(b0, b);
3733 return b;
3734 default:
3735 bpf_error("bad protocol applied for 'protochain'");
3736 /*NOTREACHED*/
3737 }
3738
3739 no_optimize = 1; /*this code is not compatible with optimzer yet */
3740
3741 /*
3742 * s[0] is a dummy entry to protect other BPF insn from damage
3743 * by s[fix] = foo with uninitialized variable "fix". It is somewhat
3744 * hard to find interdependency made by jump table fixup.
3745 */
3746 i = 0;
3747 s[i] = new_stmt(0); /*dummy*/
3748 i++;
3749
3750 switch (proto) {
3751 case Q_IP:
3752 b0 = gen_linktype(ETHERTYPE_IP);
3753
3754 /* A = ip->ip_p */
3755 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
3756 s[i]->s.k = off_nl + 9;
3757 i++;
3758 /* X = ip->ip_hl << 2 */
3759 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
3760 s[i]->s.k = off_nl;
3761 i++;
3762 break;
3763 #ifdef INET6
3764 case Q_IPV6:
3765 b0 = gen_linktype(ETHERTYPE_IPV6);
3766
3767 /* A = ip6->ip_nxt */
3768 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
3769 s[i]->s.k = off_nl + 6;
3770 i++;
3771 /* X = sizeof(struct ip6_hdr) */
3772 s[i] = new_stmt(BPF_LDX|BPF_IMM);
3773 s[i]->s.k = 40;
3774 i++;
3775 break;
3776 #endif
3777 default:
3778 bpf_error("unsupported proto to gen_protochain");
3779 /*NOTREACHED*/
3780 }
3781
3782 /* again: if (A == v) goto end; else fall through; */
3783 again = i;
3784 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3785 s[i]->s.k = v;
3786 s[i]->s.jt = NULL; /*later*/
3787 s[i]->s.jf = NULL; /*update in next stmt*/
3788 fix5 = i;
3789 i++;
3790
3791 #ifndef IPPROTO_NONE
3792 #define IPPROTO_NONE 59
3793 #endif
3794 /* if (A == IPPROTO_NONE) goto end */
3795 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3796 s[i]->s.jt = NULL; /*later*/
3797 s[i]->s.jf = NULL; /*update in next stmt*/
3798 s[i]->s.k = IPPROTO_NONE;
3799 s[fix5]->s.jf = s[i];
3800 fix2 = i;
3801 i++;
3802
3803 #ifdef INET6
3804 if (proto == Q_IPV6) {
3805 int v6start, v6end, v6advance, j;
3806
3807 v6start = i;
3808 /* if (A == IPPROTO_HOPOPTS) goto v6advance */
3809 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3810 s[i]->s.jt = NULL; /*later*/
3811 s[i]->s.jf = NULL; /*update in next stmt*/
3812 s[i]->s.k = IPPROTO_HOPOPTS;
3813 s[fix2]->s.jf = s[i];
3814 i++;
3815 /* if (A == IPPROTO_DSTOPTS) goto v6advance */
3816 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3817 s[i]->s.jt = NULL; /*later*/
3818 s[i]->s.jf = NULL; /*update in next stmt*/
3819 s[i]->s.k = IPPROTO_DSTOPTS;
3820 i++;
3821 /* if (A == IPPROTO_ROUTING) goto v6advance */
3822 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3823 s[i]->s.jt = NULL; /*later*/
3824 s[i]->s.jf = NULL; /*update in next stmt*/
3825 s[i]->s.k = IPPROTO_ROUTING;
3826 i++;
3827 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */
3828 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3829 s[i]->s.jt = NULL; /*later*/
3830 s[i]->s.jf = NULL; /*later*/
3831 s[i]->s.k = IPPROTO_FRAGMENT;
3832 fix3 = i;
3833 v6end = i;
3834 i++;
3835
3836 /* v6advance: */
3837 v6advance = i;
3838
3839 /*
3840 * in short,
3841 * A = P[X];
3842 * X = X + (P[X + 1] + 1) * 8;
3843 */
3844 /* A = X */
3845 s[i] = new_stmt(BPF_MISC|BPF_TXA);
3846 i++;
3847 /* A = P[X + packet head] */
3848 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
3849 s[i]->s.k = off_nl;
3850 i++;
3851 /* MEM[reg2] = A */
3852 s[i] = new_stmt(BPF_ST);
3853 s[i]->s.k = reg2;
3854 i++;
3855 /* A = X */
3856 s[i] = new_stmt(BPF_MISC|BPF_TXA);
3857 i++;
3858 /* A += 1 */
3859 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3860 s[i]->s.k = 1;
3861 i++;
3862 /* X = A */
3863 s[i] = new_stmt(BPF_MISC|BPF_TAX);
3864 i++;
3865 /* A = P[X + packet head]; */
3866 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
3867 s[i]->s.k = off_nl;
3868 i++;
3869 /* A += 1 */
3870 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3871 s[i]->s.k = 1;
3872 i++;
3873 /* A *= 8 */
3874 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
3875 s[i]->s.k = 8;
3876 i++;
3877 /* X = A; */
3878 s[i] = new_stmt(BPF_MISC|BPF_TAX);
3879 i++;
3880 /* A = MEM[reg2] */
3881 s[i] = new_stmt(BPF_LD|BPF_MEM);
3882 s[i]->s.k = reg2;
3883 i++;
3884
3885 /* goto again; (must use BPF_JA for backward jump) */
3886 s[i] = new_stmt(BPF_JMP|BPF_JA);
3887 s[i]->s.k = again - i - 1;
3888 s[i - 1]->s.jf = s[i];
3889 i++;
3890
3891 /* fixup */
3892 for (j = v6start; j <= v6end; j++)
3893 s[j]->s.jt = s[v6advance];
3894 } else
3895 #endif
3896 {
3897 /* nop */
3898 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3899 s[i]->s.k = 0;
3900 s[fix2]->s.jf = s[i];
3901 i++;
3902 }
3903
3904 /* ahcheck: */
3905 ahcheck = i;
3906 /* if (A == IPPROTO_AH) then fall through; else goto end; */
3907 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3908 s[i]->s.jt = NULL; /*later*/
3909 s[i]->s.jf = NULL; /*later*/
3910 s[i]->s.k = IPPROTO_AH;
3911 if (fix3)
3912 s[fix3]->s.jf = s[ahcheck];
3913 fix4 = i;
3914 i++;
3915
3916 /*
3917 * in short,
3918 * A = P[X];
3919 * X = X + (P[X + 1] + 2) * 4;
3920 */
3921 /* A = X */
3922 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
3923 i++;
3924 /* A = P[X + packet head]; */
3925 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
3926 s[i]->s.k = off_nl;
3927 i++;
3928 /* MEM[reg2] = A */
3929 s[i] = new_stmt(BPF_ST);
3930 s[i]->s.k = reg2;
3931 i++;
3932 /* A = X */
3933 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
3934 i++;
3935 /* A += 1 */
3936 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3937 s[i]->s.k = 1;
3938 i++;
3939 /* X = A */
3940 s[i] = new_stmt(BPF_MISC|BPF_TAX);
3941 i++;
3942 /* A = P[X + packet head] */
3943 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
3944 s[i]->s.k = off_nl;
3945 i++;
3946 /* A += 2 */
3947 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3948 s[i]->s.k = 2;
3949 i++;
3950 /* A *= 4 */
3951 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
3952 s[i]->s.k = 4;
3953 i++;
3954 /* X = A; */
3955 s[i] = new_stmt(BPF_MISC|BPF_TAX);
3956 i++;
3957 /* A = MEM[reg2] */
3958 s[i] = new_stmt(BPF_LD|BPF_MEM);
3959 s[i]->s.k = reg2;
3960 i++;
3961
3962 /* goto again; (must use BPF_JA for backward jump) */
3963 s[i] = new_stmt(BPF_JMP|BPF_JA);
3964 s[i]->s.k = again - i - 1;
3965 i++;
3966
3967 /* end: nop */
3968 end = i;
3969 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3970 s[i]->s.k = 0;
3971 s[fix2]->s.jt = s[end];
3972 s[fix4]->s.jf = s[end];
3973 s[fix5]->s.jt = s[end];
3974 i++;
3975
3976 /*
3977 * make slist chain
3978 */
3979 max = i;
3980 for (i = 0; i < max - 1; i++)
3981 s[i]->next = s[i + 1];
3982 s[max - 1]->next = NULL;
3983
3984 /*
3985 * emit final check
3986 */
3987 b = new_block(JMP(BPF_JEQ));
3988 b->stmts = s[1]; /*remember, s[0] is dummy*/
3989 b->s.k = v;
3990
3991 free_reg(reg2);
3992
3993 gen_and(b0, b);
3994 return b;
3995 #endif
3996 }
3997
3998 /*
3999 * Generate code that checks whether the packet is a packet for protocol
4000 * <proto> and whether the type field in that protocol's header has
4001 * the value <v>, e.g. if <proto> is Q_IP, it checks whether it's an
4002 * IP packet and checks the protocol number in the IP header against <v>.
4003 *
4004 * If <proto> is Q_DEFAULT, i.e. just "proto" was specified, it checks
4005 * against Q_IP and Q_IPV6.
4006 */
4007 static struct block *
4008 gen_proto(v, proto, dir)
4009 int v;
4010 int proto;
4011 int dir;
4012 {
4013 struct block *b0, *b1;
4014
4015 if (dir != Q_DEFAULT)
4016 bpf_error("direction applied to 'proto'");
4017
4018 switch (proto) {
4019 case Q_DEFAULT:
4020 #ifdef INET6
4021 b0 = gen_proto(v, Q_IP, dir);
4022 b1 = gen_proto(v, Q_IPV6, dir);
4023 gen_or(b0, b1);
4024 return b1;
4025 #else
4026 /*FALLTHROUGH*/
4027 #endif
4028 case Q_IP:
4029 /*
4030 * For FDDI, RFC 1188 says that SNAP encapsulation is used,
4031 * not LLC encapsulation with LLCSAP_IP.
4032 *
4033 * For IEEE 802 networks - which includes 802.5 token ring
4034 * (which is what DLT_IEEE802 means) and 802.11 - RFC 1042
4035 * says that SNAP encapsulation is used, not LLC encapsulation
4036 * with LLCSAP_IP.
4037 *
4038 * For LLC-encapsulated ATM/"Classical IP", RFC 1483 and
4039 * RFC 2225 say that SNAP encapsulation is used, not LLC
4040 * encapsulation with LLCSAP_IP.
4041 *
4042 * So we always check for ETHERTYPE_IP.
4043 */
4044 b0 = gen_linktype(ETHERTYPE_IP);
4045 #ifndef CHASE_CHAIN
4046 b1 = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)v);
4047 #else
4048 b1 = gen_protochain(v, Q_IP);
4049 #endif
4050 gen_and(b0, b1);
4051 return b1;
4052
4053 case Q_ISO:
4054 switch (linktype) {
4055
4056 case DLT_FRELAY:
4057 /*
4058 * Frame Relay packets typically have an OSI
4059 * NLPID at the beginning; "gen_linktype(LLCSAP_ISONS)"
4060 * generates code to check for all the OSI
4061 * NLPIDs, so calling it and then adding a check
4062 * for the particular NLPID for which we're
4063 * looking is bogus, as we can just check for
4064 * the NLPID.
4065 *
4066 * What we check for is the NLPID and a frame
4067 * control field value of UI, i.e. 0x03 followed
4068 * by the NLPID.
4069 *
4070 * XXX - assumes a 2-byte Frame Relay header with
4071 * DLCI and flags. What if the address is longer?
4072 *
4073 * XXX - what about SNAP-encapsulated frames?
4074 */
4075 return gen_cmp(2, BPF_H, (0x03<<8) | v);
4076 /*NOTREACHED*/
4077 break;
4078
4079 case DLT_C_HDLC:
4080 /*
4081 * Cisco uses an Ethertype lookalike - for OSI,
4082 * it's 0xfefe.
4083 */
4084 b0 = gen_linktype(LLCSAP_ISONS<<8 | LLCSAP_ISONS);
4085 /* OSI in C-HDLC is stuffed with a fudge byte */
4086 b1 = gen_cmp(off_nl_nosnap+1, BPF_B, (long)v);
4087 gen_and(b0, b1);
4088 return b1;
4089
4090 default:
4091 b0 = gen_linktype(LLCSAP_ISONS);
4092 b1 = gen_cmp(off_nl_nosnap, BPF_B, (long)v);
4093 gen_and(b0, b1);
4094 return b1;
4095 }
4096
4097 case Q_ISIS:
4098 b0 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT);
4099 /*
4100 * 4 is the offset of the PDU type relative to the IS-IS
4101 * header.
4102 */
4103 b1 = gen_cmp(off_nl_nosnap+4, BPF_B, (long)v);
4104 gen_and(b0, b1);
4105 return b1;
4106
4107 case Q_ARP:
4108 bpf_error("arp does not encapsulate another protocol");
4109 /* NOTREACHED */
4110
4111 case Q_RARP:
4112 bpf_error("rarp does not encapsulate another protocol");
4113 /* NOTREACHED */
4114
4115 case Q_ATALK:
4116 bpf_error("atalk encapsulation is not specifiable");
4117 /* NOTREACHED */
4118
4119 case Q_DECNET:
4120 bpf_error("decnet encapsulation is not specifiable");
4121 /* NOTREACHED */
4122
4123 case Q_SCA:
4124 bpf_error("sca does not encapsulate another protocol");
4125 /* NOTREACHED */
4126
4127 case Q_LAT:
4128 bpf_error("lat does not encapsulate another protocol");
4129 /* NOTREACHED */
4130
4131 case Q_MOPRC:
4132 bpf_error("moprc does not encapsulate another protocol");
4133 /* NOTREACHED */
4134
4135 case Q_MOPDL:
4136 bpf_error("mopdl does not encapsulate another protocol");
4137 /* NOTREACHED */
4138
4139 case Q_LINK:
4140 return gen_linktype(v);
4141
4142 case Q_UDP:
4143 bpf_error("'udp proto' is bogus");
4144 /* NOTREACHED */
4145
4146 case Q_TCP:
4147 bpf_error("'tcp proto' is bogus");
4148 /* NOTREACHED */
4149
4150 case Q_SCTP:
4151 bpf_error("'sctp proto' is bogus");
4152 /* NOTREACHED */
4153
4154 case Q_ICMP:
4155 bpf_error("'icmp proto' is bogus");
4156 /* NOTREACHED */
4157
4158 case Q_IGMP:
4159 bpf_error("'igmp proto' is bogus");
4160 /* NOTREACHED */
4161
4162 case Q_IGRP:
4163 bpf_error("'igrp proto' is bogus");
4164 /* NOTREACHED */
4165
4166 case Q_PIM:
4167 bpf_error("'pim proto' is bogus");
4168 /* NOTREACHED */
4169
4170 case Q_VRRP:
4171 bpf_error("'vrrp proto' is bogus");
4172 /* NOTREACHED */
4173
4174 #ifdef INET6
4175 case Q_IPV6:
4176 b0 = gen_linktype(ETHERTYPE_IPV6);
4177 #ifndef CHASE_CHAIN
4178 b1 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)v);
4179 #else
4180 b1 = gen_protochain(v, Q_IPV6);
4181 #endif
4182 gen_and(b0, b1);
4183 return b1;
4184
4185 case Q_ICMPV6:
4186 bpf_error("'icmp6 proto' is bogus");
4187 #endif /* INET6 */
4188
4189 case Q_AH:
4190 bpf_error("'ah proto' is bogus");
4191
4192 case Q_ESP:
4193 bpf_error("'ah proto' is bogus");
4194
4195 case Q_STP:
4196 bpf_error("'stp proto' is bogus");
4197
4198 case Q_IPX:
4199 bpf_error("'ipx proto' is bogus");
4200
4201 case Q_NETBEUI:
4202 bpf_error("'netbeui proto' is bogus");
4203
4204 default:
4205 abort();
4206 /* NOTREACHED */
4207 }
4208 /* NOTREACHED */
4209 }
4210
4211 struct block *
4212 gen_scode(name, q)
4213 register const char *name;
4214 struct qual q;
4215 {
4216 int proto = q.proto;
4217 int dir = q.dir;
4218 int tproto;
4219 u_char *eaddr;
4220 bpf_u_int32 mask, addr;
4221 #ifndef INET6
4222 bpf_u_int32 **alist;
4223 #else
4224 int tproto6;
4225 struct sockaddr_in *sin;
4226 struct sockaddr_in6 *sin6;
4227 struct addrinfo *res, *res0;
4228 struct in6_addr mask128;
4229 #endif /*INET6*/
4230 struct block *b, *tmp;
4231 int port, real_proto;
4232 int port1, port2;
4233
4234 switch (q.addr) {
4235
4236 case Q_NET:
4237 addr = pcap_nametonetaddr(name);
4238 if (addr == 0)
4239 bpf_error("unknown network '%s'", name);
4240 /* Left justify network addr and calculate its network mask */
4241 mask = 0xffffffff;
4242 while (addr && (addr & 0xff000000) == 0) {
4243 addr <<= 8;
4244 mask <<= 8;
4245 }
4246 return gen_host(addr, mask, proto, dir);
4247
4248 case Q_DEFAULT:
4249 case Q_HOST:
4250 if (proto == Q_LINK) {
4251 switch (linktype) {
4252
4253 case DLT_EN10MB:
4254 eaddr = pcap_ether_hostton(name);
4255 if (eaddr == NULL)
4256 bpf_error(
4257 "unknown ether host '%s'", name);
4258 b = gen_ehostop(eaddr, dir);
4259 free(eaddr);
4260 return b;
4261
4262 case DLT_FDDI:
4263 eaddr = pcap_ether_hostton(name);
4264 if (eaddr == NULL)
4265 bpf_error(
4266 "unknown FDDI host '%s'", name);
4267 b = gen_fhostop(eaddr, dir);
4268 free(eaddr);
4269 return b;
4270
4271 case DLT_IEEE802:
4272 eaddr = pcap_ether_hostton(name);
4273 if (eaddr == NULL)
4274 bpf_error(
4275 "unknown token ring host '%s'", name);
4276 b = gen_thostop(eaddr, dir);
4277 free(eaddr);
4278 return b;
4279
4280 case DLT_IEEE802_11:
4281 eaddr = pcap_ether_hostton(name);
4282 if (eaddr == NULL)
4283 bpf_error(
4284 "unknown 802.11 host '%s'", name);
4285 b = gen_wlanhostop(eaddr, dir);
4286 free(eaddr);
4287 return b;
4288
4289 case DLT_IP_OVER_FC:
4290 eaddr = pcap_ether_hostton(name);
4291 if (eaddr == NULL)
4292 bpf_error(
4293 "unknown Fibre Channel host '%s'", name);
4294 b = gen_ipfchostop(eaddr, dir);
4295 free(eaddr);
4296 return b;
4297
4298 case DLT_SUNATM:
4299 if (!is_lane)
4300 break;
4301
4302 /*
4303 * Check that the packet doesn't begin
4304 * with an LE Control marker. (We've
4305 * already generated a test for LANE.)
4306 */
4307 tmp = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H,
4308 0xFF00);
4309 gen_not(tmp);
4310
4311 eaddr = pcap_ether_hostton(name);
4312 if (eaddr == NULL)
4313 bpf_error(
4314 "unknown ether host '%s'", name);
4315 b = gen_ehostop(eaddr, dir);
4316 gen_and(tmp, b);
4317 free(eaddr);
4318 return b;
4319 }
4320
4321 bpf_error("only ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel supports link-level host name");
4322 } else if (proto == Q_DECNET) {
4323 unsigned short dn_addr = __pcap_nametodnaddr(name);
4324 /*
4325 * I don't think DECNET hosts can be multihomed, so
4326 * there is no need to build up a list of addresses
4327 */
4328 return (gen_host(dn_addr, 0, proto, dir));
4329 } else {
4330 #ifndef INET6
4331 alist = pcap_nametoaddr(name);
4332 if (alist == NULL || *alist == NULL)
4333 bpf_error("unknown host '%s'", name);
4334 tproto = proto;
4335 if (off_linktype == (u_int)-1 && tproto == Q_DEFAULT)
4336 tproto = Q_IP;
4337 b = gen_host(**alist++, 0xffffffff, tproto, dir);
4338 while (*alist) {
4339 tmp = gen_host(**alist++, 0xffffffff,
4340 tproto, dir);
4341 gen_or(b, tmp);
4342 b = tmp;
4343 }
4344 return b;
4345 #else
4346 memset(&mask128, 0xff, sizeof(mask128));
4347 res0 = res = pcap_nametoaddrinfo(name);
4348 if (res == NULL)
4349 bpf_error("unknown host '%s'", name);
4350 b = tmp = NULL;
4351 tproto = tproto6 = proto;
4352 if (off_linktype == -1 && tproto == Q_DEFAULT) {
4353 tproto = Q_IP;
4354 tproto6 = Q_IPV6;
4355 }
4356 for (res = res0; res; res = res->ai_next) {
4357 switch (res->ai_family) {
4358 case AF_INET:
4359 if (tproto == Q_IPV6)
4360 continue;
4361
4362 sin = (struct sockaddr_in *)
4363 res->ai_addr;
4364 tmp = gen_host(ntohl(sin->sin_addr.s_addr),
4365 0xffffffff, tproto, dir);
4366 break;
4367 case AF_INET6:
4368 if (tproto6 == Q_IP)
4369 continue;
4370
4371 sin6 = (struct sockaddr_in6 *)
4372 res->ai_addr;
4373 tmp = gen_host6(&sin6->sin6_addr,
4374 &mask128, tproto6, dir);
4375 break;
4376 default:
4377 continue;
4378 }
4379 if (b)
4380 gen_or(b, tmp);
4381 b = tmp;
4382 }
4383 freeaddrinfo(res0);
4384 if (b == NULL) {
4385 bpf_error("unknown host '%s'%s", name,
4386 (proto == Q_DEFAULT)
4387 ? ""
4388 : " for specified address family");
4389 }
4390 return b;
4391 #endif /*INET6*/
4392 }
4393
4394 case Q_PORT:
4395 if (proto != Q_DEFAULT &&
4396 proto != Q_UDP && proto != Q_TCP && proto != Q_SCTP)
4397 bpf_error("illegal qualifier of 'port'");
4398 if (pcap_nametoport(name, &port, &real_proto) == 0)
4399 bpf_error("unknown port '%s'", name);
4400 if (proto == Q_UDP) {
4401 if (real_proto == IPPROTO_TCP)
4402 bpf_error("port '%s' is tcp", name);
4403 else if (real_proto == IPPROTO_SCTP)
4404 bpf_error("port '%s' is sctp", name);
4405 else
4406 /* override PROTO_UNDEF */
4407 real_proto = IPPROTO_UDP;
4408 }
4409 if (proto == Q_TCP) {
4410 if (real_proto == IPPROTO_UDP)
4411 bpf_error("port '%s' is udp", name);
4412
4413 else if (real_proto == IPPROTO_SCTP)
4414 bpf_error("port '%s' is sctp", name);
4415 else
4416 /* override PROTO_UNDEF */
4417 real_proto = IPPROTO_TCP;
4418 }
4419 if (proto == Q_SCTP) {
4420 if (real_proto == IPPROTO_UDP)
4421 bpf_error("port '%s' is udp", name);
4422
4423 else if (real_proto == IPPROTO_TCP)
4424 bpf_error("port '%s' is tcp", name);
4425 else
4426 /* override PROTO_UNDEF */
4427 real_proto = IPPROTO_SCTP;
4428 }
4429 #ifndef INET6
4430 return gen_port(port, real_proto, dir);
4431 #else
4432 {
4433 struct block *b;
4434 b = gen_port(port, real_proto, dir);
4435 gen_or(gen_port6(port, real_proto, dir), b);
4436 return b;
4437 }
4438 #endif /* INET6 */
4439
4440 case Q_PORTRANGE:
4441 if (proto != Q_DEFAULT &&
4442 proto != Q_UDP && proto != Q_TCP && proto != Q_SCTP)
4443 bpf_error("illegal qualifier of 'portrange'");
4444 if (pcap_nametoportrange(name, &port1, &port2, &real_proto) == 0)
4445 bpf_error("unknown port in range '%s'", name);
4446 if (proto == Q_UDP) {
4447 if (real_proto == IPPROTO_TCP)
4448 bpf_error("port in range '%s' is tcp", name);
4449 else if (real_proto == IPPROTO_SCTP)
4450 bpf_error("port in range '%s' is sctp", name);
4451 else
4452 /* override PROTO_UNDEF */
4453 real_proto = IPPROTO_UDP;
4454 }
4455 if (proto == Q_TCP) {
4456 if (real_proto == IPPROTO_UDP)
4457 bpf_error("port in range '%s' is udp", name);
4458 else if (real_proto == IPPROTO_SCTP)
4459 bpf_error("port in range '%s' is sctp", name);
4460 else
4461 /* override PROTO_UNDEF */
4462 real_proto = IPPROTO_TCP;
4463 }
4464 if (proto == Q_SCTP) {
4465 if (real_proto == IPPROTO_UDP)
4466 bpf_error("port in range '%s' is udp", name);
4467 else if (real_proto == IPPROTO_TCP)
4468 bpf_error("port in range '%s' is tcp", name);
4469 else
4470 /* override PROTO_UNDEF */
4471 real_proto = IPPROTO_SCTP;
4472 }
4473 #ifndef INET6
4474 return gen_portrange(port1, port2, real_proto, dir);
4475 #else
4476 {
4477 struct block *b;
4478 b = gen_portrange(port1, port2, real_proto, dir);
4479 gen_or(gen_portrange6(port1, port2, real_proto, dir), b);
4480 return b;
4481 }
4482 #endif /* INET6 */
4483
4484 case Q_GATEWAY:
4485 #ifndef INET6
4486 eaddr = pcap_ether_hostton(name);
4487 if (eaddr == NULL)
4488 bpf_error("unknown ether host: %s", name);
4489
4490 alist = pcap_nametoaddr(name);
4491 if (alist == NULL || *alist == NULL)
4492 bpf_error("unknown host '%s'", name);
4493 b = gen_gateway(eaddr, alist, proto, dir);
4494 free(eaddr);
4495 return b;
4496 #else
4497 bpf_error("'gateway' not supported in this configuration");
4498 #endif /*INET6*/
4499
4500 case Q_PROTO:
4501 real_proto = lookup_proto(name, proto);
4502 if (real_proto >= 0)
4503 return gen_proto(real_proto, proto, dir);
4504 else
4505 bpf_error("unknown protocol: %s", name);
4506
4507 case Q_PROTOCHAIN:
4508 real_proto = lookup_proto(name, proto);
4509 if (real_proto >= 0)
4510 return gen_protochain(real_proto, proto, dir);
4511 else
4512 bpf_error("unknown protocol: %s", name);
4513
4514
4515 case Q_UNDEF:
4516 syntax();
4517 /* NOTREACHED */
4518 }
4519 abort();
4520 /* NOTREACHED */
4521 }
4522
4523 struct block *
4524 gen_mcode(s1, s2, masklen, q)
4525 register const char *s1, *s2;
4526 register int masklen;
4527 struct qual q;
4528 {
4529 register int nlen, mlen;
4530 bpf_u_int32 n, m;
4531
4532 nlen = __pcap_atoin(s1, &n);
4533 /* Promote short ipaddr */
4534 n <<= 32 - nlen;
4535
4536 if (s2 != NULL) {
4537 mlen = __pcap_atoin(s2, &m);
4538 /* Promote short ipaddr */
4539 m <<= 32 - mlen;
4540 if ((n & ~m) != 0)
4541 bpf_error("non-network bits set in \"%s mask %s\"",
4542 s1, s2);
4543 } else {
4544 /* Convert mask len to mask */
4545 if (masklen > 32)
4546 bpf_error("mask length must be <= 32");
4547 m = 0xffffffff << (32 - masklen);
4548 if ((n & ~m) != 0)
4549 bpf_error("non-network bits set in \"%s/%d\"",
4550 s1, masklen);
4551 }
4552
4553 switch (q.addr) {
4554
4555 case Q_NET:
4556 return gen_host(n, m, q.proto, q.dir);
4557
4558 default:
4559 bpf_error("Mask syntax for networks only");
4560 /* NOTREACHED */
4561 }
4562 /* NOTREACHED */
4563 }
4564
4565 struct block *
4566 gen_ncode(s, v, q)
4567 register const char *s;
4568 bpf_u_int32 v;
4569 struct qual q;
4570 {
4571 bpf_u_int32 mask;
4572 int proto = q.proto;
4573 int dir = q.dir;
4574 register int vlen;
4575
4576 if (s == NULL)
4577 vlen = 32;
4578 else if (q.proto == Q_DECNET)
4579 vlen = __pcap_atodn(s, &v);
4580 else
4581 vlen = __pcap_atoin(s, &v);
4582
4583 switch (q.addr) {
4584
4585 case Q_DEFAULT:
4586 case Q_HOST:
4587 case Q_NET:
4588 if (proto == Q_DECNET)
4589 return gen_host(v, 0, proto, dir);
4590 else if (proto == Q_LINK) {
4591 bpf_error("illegal link layer address");
4592 } else {
4593 mask = 0xffffffff;
4594 if (s == NULL && q.addr == Q_NET) {
4595 /* Promote short net number */
4596 while (v && (v & 0xff000000) == 0) {
4597 v <<= 8;
4598 mask <<= 8;
4599 }
4600 } else {
4601 /* Promote short ipaddr */
4602 v <<= 32 - vlen;
4603 mask <<= 32 - vlen;
4604 }
4605 return gen_host(v, mask, proto, dir);
4606 }
4607
4608 case Q_PORT:
4609 if (proto == Q_UDP)
4610 proto = IPPROTO_UDP;
4611 else if (proto == Q_TCP)
4612 proto = IPPROTO_TCP;
4613 else if (proto == Q_SCTP)
4614 proto = IPPROTO_SCTP;
4615 else if (proto == Q_DEFAULT)
4616 proto = PROTO_UNDEF;
4617 else
4618 bpf_error("illegal qualifier of 'port'");
4619
4620 #ifndef INET6
4621 return gen_port((int)v, proto, dir);
4622 #else
4623 {
4624 struct block *b;
4625 b = gen_port((int)v, proto, dir);
4626 gen_or(gen_port6((int)v, proto, dir), b);
4627 return b;
4628 }
4629 #endif /* INET6 */
4630
4631 case Q_PORTRANGE:
4632 if (proto == Q_UDP)
4633 proto = IPPROTO_UDP;
4634 else if (proto == Q_TCP)
4635 proto = IPPROTO_TCP;
4636 else if (proto == Q_SCTP)
4637 proto = IPPROTO_SCTP;
4638 else if (proto == Q_DEFAULT)
4639 proto = PROTO_UNDEF;
4640 else
4641 bpf_error("illegal qualifier of 'portrange'");
4642
4643 #ifndef INET6
4644 return gen_portrange((int)v, (int)v, proto, dir);
4645 #else
4646 {
4647 struct block *b;
4648 b = gen_portrange((int)v, (int)v, proto, dir);
4649 gen_or(gen_portrange6((int)v, (int)v, proto, dir), b);
4650 return b;
4651 }
4652 #endif /* INET6 */
4653
4654 case Q_GATEWAY:
4655 bpf_error("'gateway' requires a name");
4656 /* NOTREACHED */
4657
4658 case Q_PROTO:
4659 return gen_proto((int)v, proto, dir);
4660
4661 case Q_PROTOCHAIN:
4662 return gen_protochain((int)v, proto, dir);
4663
4664 case Q_UNDEF:
4665 syntax();
4666 /* NOTREACHED */
4667
4668 default:
4669 abort();
4670 /* NOTREACHED */
4671 }
4672 /* NOTREACHED */
4673 }
4674
4675 #ifdef INET6
4676 struct block *
4677 gen_mcode6(s1, s2, masklen, q)
4678 register const char *s1, *s2;
4679 register int masklen;
4680 struct qual q;
4681 {
4682 struct addrinfo *res;
4683 struct in6_addr *addr;
4684 struct in6_addr mask;
4685 struct block *b;
4686 u_int32_t *a, *m;
4687
4688 if (s2)
4689 bpf_error("no mask %s supported", s2);
4690
4691 res = pcap_nametoaddrinfo(s1);
4692 if (!res)
4693 bpf_error("invalid ip6 address %s", s1);
4694 if (res->ai_next)
4695 bpf_error("%s resolved to multiple address", s1);
4696 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr;
4697
4698 if (sizeof(mask) * 8 < masklen)
4699 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8));
4700 memset(&mask, 0, sizeof(mask));
4701 memset(&mask, 0xff, masklen / 8);
4702 if (masklen % 8) {
4703 mask.s6_addr[masklen / 8] =
4704 (0xff << (8 - masklen % 8)) & 0xff;
4705 }
4706
4707 a = (u_int32_t *)addr;
4708 m = (u_int32_t *)&mask;
4709 if ((a[0] & ~m[0]) || (a[1] & ~m[1])
4710 || (a[2] & ~m[2]) || (a[3] & ~m[3])) {
4711 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen);
4712 }
4713
4714 switch (q.addr) {
4715
4716 case Q_DEFAULT:
4717 case Q_HOST:
4718 if (masklen != 128)
4719 bpf_error("Mask syntax for networks only");
4720 /* FALLTHROUGH */
4721
4722 case Q_NET:
4723 b = gen_host6(addr, &mask, q.proto, q.dir);
4724 freeaddrinfo(res);
4725 return b;
4726
4727 default:
4728 bpf_error("invalid qualifier against IPv6 address");
4729 /* NOTREACHED */
4730 }
4731 }
4732 #endif /*INET6*/
4733
4734 struct block *
4735 gen_ecode(eaddr, q)
4736 register const u_char *eaddr;
4737 struct qual q;
4738 {
4739 struct block *b, *tmp;
4740
4741 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
4742 if (linktype == DLT_EN10MB)
4743 return gen_ehostop(eaddr, (int)q.dir);
4744 if (linktype == DLT_FDDI)
4745 return gen_fhostop(eaddr, (int)q.dir);
4746 if (linktype == DLT_IEEE802)
4747 return gen_thostop(eaddr, (int)q.dir);
4748 if (linktype == DLT_IEEE802_11)
4749 return gen_wlanhostop(eaddr, (int)q.dir);
4750 if (linktype == DLT_SUNATM && is_lane) {
4751 /*
4752 * Check that the packet doesn't begin with an
4753 * LE Control marker. (We've already generated
4754 * a test for LANE.)
4755 */
4756 tmp = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
4757 gen_not(tmp);
4758
4759 /*
4760 * Now check the MAC address.
4761 */
4762 b = gen_ehostop(eaddr, (int)q.dir);
4763 gen_and(tmp, b);
4764 return b;
4765 }
4766 if (linktype == DLT_IP_OVER_FC)
4767 return gen_ipfchostop(eaddr, (int)q.dir);
4768 bpf_error("ethernet addresses supported only on ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel");
4769 }
4770 bpf_error("ethernet address used in non-ether expression");
4771 /* NOTREACHED */
4772 }
4773
4774 void
4775 sappend(s0, s1)
4776 struct slist *s0, *s1;
4777 {
4778 /*
4779 * This is definitely not the best way to do this, but the
4780 * lists will rarely get long.
4781 */
4782 while (s0->next)
4783 s0 = s0->next;
4784 s0->next = s1;
4785 }
4786
4787 static struct slist *
4788 xfer_to_x(a)
4789 struct arth *a;
4790 {
4791 struct slist *s;
4792
4793 s = new_stmt(BPF_LDX|BPF_MEM);
4794 s->s.k = a->regno;
4795 return s;
4796 }
4797
4798 static struct slist *
4799 xfer_to_a(a)
4800 struct arth *a;
4801 {
4802 struct slist *s;
4803
4804 s = new_stmt(BPF_LD|BPF_MEM);
4805 s->s.k = a->regno;
4806 return s;
4807 }
4808
4809 struct arth *
4810 gen_load(proto, index, size)
4811 int proto;
4812 struct arth *index;
4813 int size;
4814 {
4815 struct slist *s, *tmp;
4816 struct block *b;
4817 int regno = alloc_reg();
4818
4819 free_reg(index->regno);
4820 switch (size) {
4821
4822 default:
4823 bpf_error("data size must be 1, 2, or 4");
4824
4825 case 1:
4826 size = BPF_B;
4827 break;
4828
4829 case 2:
4830 size = BPF_H;
4831 break;
4832
4833 case 4:
4834 size = BPF_W;
4835 break;
4836 }
4837 switch (proto) {
4838 default:
4839 bpf_error("unsupported index operation");
4840
4841 case Q_LINK:
4842 /*
4843 * XXX - what about ATM LANE? Should the index be
4844 * relative to the beginning of the AAL5 frame, so
4845 * that 0 refers to the beginning of the LE Control
4846 * field, or relative to the beginning of the LAN
4847 * frame, so that 0 refers, for Ethernet LANE, to
4848 * the beginning of the destination address?
4849 */
4850 s = xfer_to_x(index);
4851 tmp = new_stmt(BPF_LD|BPF_IND|size);
4852 sappend(s, tmp);
4853 sappend(index->s, s);
4854 break;
4855
4856 case Q_IP:
4857 case Q_ARP:
4858 case Q_RARP:
4859 case Q_ATALK:
4860 case Q_DECNET:
4861 case Q_SCA:
4862 case Q_LAT:
4863 case Q_MOPRC:
4864 case Q_MOPDL:
4865 #ifdef INET6
4866 case Q_IPV6:
4867 #endif
4868 /* XXX Note that we assume a fixed link header here. */
4869 s = xfer_to_x(index);
4870 tmp = new_stmt(BPF_LD|BPF_IND|size);
4871 tmp->s.k = off_nl;
4872 sappend(s, tmp);
4873 sappend(index->s, s);
4874
4875 b = gen_proto_abbrev(proto);
4876 if (index->b)
4877 gen_and(index->b, b);
4878 index->b = b;
4879 break;
4880
4881 case Q_SCTP:
4882 case Q_TCP:
4883 case Q_UDP:
4884 case Q_ICMP:
4885 case Q_IGMP:
4886 case Q_IGRP:
4887 case Q_PIM:
4888 case Q_VRRP:
4889 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
4890 s->s.k = off_nl;
4891 sappend(s, xfer_to_a(index));
4892 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X));
4893 sappend(s, new_stmt(BPF_MISC|BPF_TAX));
4894 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size));
4895 tmp->s.k = off_nl;
4896 sappend(index->s, s);
4897
4898 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag());
4899 if (index->b)
4900 gen_and(index->b, b);
4901 #ifdef INET6
4902 gen_and(gen_proto_abbrev(Q_IP), b);
4903 #endif
4904 index->b = b;
4905 break;
4906 #ifdef INET6
4907 case Q_ICMPV6:
4908 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]");
4909 /*NOTREACHED*/
4910 #endif
4911 }
4912 index->regno = regno;
4913 s = new_stmt(BPF_ST);
4914 s->s.k = regno;
4915 sappend(index->s, s);
4916
4917 return index;
4918 }
4919
4920 struct block *
4921 gen_relation(code, a0, a1, reversed)
4922 int code;
4923 struct arth *a0, *a1;
4924 int reversed;
4925 {
4926 struct slist *s0, *s1, *s2;
4927 struct block *b, *tmp;
4928
4929 s0 = xfer_to_x(a1);
4930 s1 = xfer_to_a(a0);
4931 if (code == BPF_JEQ) {
4932 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X);
4933 b = new_block(JMP(code));
4934 sappend(s1, s2);
4935 }
4936 else
4937 b = new_block(BPF_JMP|code|BPF_X);
4938 if (reversed)
4939 gen_not(b);
4940
4941 sappend(s0, s1);
4942 sappend(a1->s, s0);
4943 sappend(a0->s, a1->s);
4944
4945 b->stmts = a0->s;
4946
4947 free_reg(a0->regno);
4948 free_reg(a1->regno);
4949
4950 /* 'and' together protocol checks */
4951 if (a0->b) {
4952 if (a1->b) {
4953 gen_and(a0->b, tmp = a1->b);
4954 }
4955 else
4956 tmp = a0->b;
4957 } else
4958 tmp = a1->b;
4959
4960 if (tmp)
4961 gen_and(tmp, b);
4962
4963 return b;
4964 }
4965
4966 struct arth *
4967 gen_loadlen()
4968 {
4969 int regno = alloc_reg();
4970 struct arth *a = (struct arth *)newchunk(sizeof(*a));
4971 struct slist *s;
4972
4973 s = new_stmt(BPF_LD|BPF_LEN);
4974 s->next = new_stmt(BPF_ST);
4975 s->next->s.k = regno;
4976 a->s = s;
4977 a->regno = regno;
4978
4979 return a;
4980 }
4981
4982 struct arth *
4983 gen_loadi(val)
4984 int val;
4985 {
4986 struct arth *a;
4987 struct slist *s;
4988 int reg;
4989
4990 a = (struct arth *)newchunk(sizeof(*a));
4991
4992 reg = alloc_reg();
4993
4994 s = new_stmt(BPF_LD|BPF_IMM);
4995 s->s.k = val;
4996 s->next = new_stmt(BPF_ST);
4997 s->next->s.k = reg;
4998 a->s = s;
4999 a->regno = reg;
5000
5001 return a;
5002 }
5003
5004 struct arth *
5005 gen_neg(a)
5006 struct arth *a;
5007 {
5008 struct slist *s;
5009
5010 s = xfer_to_a(a);
5011 sappend(a->s, s);
5012 s = new_stmt(BPF_ALU|BPF_NEG);
5013 s->s.k = 0;
5014 sappend(a->s, s);
5015 s = new_stmt(BPF_ST);
5016 s->s.k = a->regno;
5017 sappend(a->s, s);
5018
5019 return a;
5020 }
5021
5022 struct arth *
5023 gen_arth(code, a0, a1)
5024 int code;
5025 struct arth *a0, *a1;
5026 {
5027 struct slist *s0, *s1, *s2;
5028
5029 s0 = xfer_to_x(a1);
5030 s1 = xfer_to_a(a0);
5031 s2 = new_stmt(BPF_ALU|BPF_X|code);
5032
5033 sappend(s1, s2);
5034 sappend(s0, s1);
5035 sappend(a1->s, s0);
5036 sappend(a0->s, a1->s);
5037
5038 free_reg(a0->regno);
5039 free_reg(a1->regno);
5040
5041 s0 = new_stmt(BPF_ST);
5042 a0->regno = s0->s.k = alloc_reg();
5043 sappend(a0->s, s0);
5044
5045 return a0;
5046 }
5047
5048 /*
5049 * Here we handle simple allocation of the scratch registers.
5050 * If too many registers are alloc'd, the allocator punts.
5051 */
5052 static int regused[BPF_MEMWORDS];
5053 static int curreg;
5054
5055 /*
5056 * Return the next free register.
5057 */
5058 static int
5059 alloc_reg()
5060 {
5061 int n = BPF_MEMWORDS;
5062
5063 while (--n >= 0) {
5064 if (regused[curreg])
5065 curreg = (curreg + 1) % BPF_MEMWORDS;
5066 else {
5067 regused[curreg] = 1;
5068 return curreg;
5069 }
5070 }
5071 bpf_error("too many registers needed to evaluate expression");
5072 /* NOTREACHED */
5073 }
5074
5075 /*
5076 * Return a register to the table so it can
5077 * be used later.
5078 */
5079 static void
5080 free_reg(n)
5081 int n;
5082 {
5083 regused[n] = 0;
5084 }
5085
5086 static struct block *
5087 gen_len(jmp, n)
5088 int jmp, n;
5089 {
5090 struct slist *s;
5091 struct block *b;
5092
5093 s = new_stmt(BPF_LD|BPF_LEN);
5094 b = new_block(JMP(jmp));
5095 b->stmts = s;
5096 b->s.k = n;
5097
5098 return b;
5099 }
5100
5101 struct block *
5102 gen_greater(n)
5103 int n;
5104 {
5105 return gen_len(BPF_JGE, n);
5106 }
5107
5108 /*
5109 * Actually, this is less than or equal.
5110 */
5111 struct block *
5112 gen_less(n)
5113 int n;
5114 {
5115 struct block *b;
5116
5117 b = gen_len(BPF_JGT, n);
5118 gen_not(b);
5119
5120 return b;
5121 }
5122
5123 struct block *
5124 gen_byteop(op, idx, val)
5125 int op, idx, val;
5126 {
5127 struct block *b;
5128 struct slist *s;
5129
5130 switch (op) {
5131 default:
5132 abort();
5133
5134 case '=':
5135 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
5136
5137 case '<':
5138 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
5139 b->s.code = JMP(BPF_JGE);
5140 gen_not(b);
5141 return b;
5142
5143 case '>':
5144 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
5145 b->s.code = JMP(BPF_JGT);
5146 return b;
5147
5148 case '|':
5149 s = new_stmt(BPF_ALU|BPF_OR|BPF_K);
5150 break;
5151
5152 case '&':
5153 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
5154 break;
5155 }
5156 s->s.k = val;
5157 b = new_block(JMP(BPF_JEQ));
5158 b->stmts = s;
5159 gen_not(b);
5160
5161 return b;
5162 }
5163
5164 static u_char abroadcast[] = { 0x0 };
5165
5166 struct block *
5167 gen_broadcast(proto)
5168 int proto;
5169 {
5170 bpf_u_int32 hostmask;
5171 struct block *b0, *b1, *b2;
5172 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
5173
5174 switch (proto) {
5175
5176 case Q_DEFAULT:
5177 case Q_LINK:
5178 if (linktype == DLT_ARCNET || linktype == DLT_ARCNET_LINUX)
5179 return gen_ahostop(abroadcast, Q_DST);
5180 if (linktype == DLT_EN10MB)
5181 return gen_ehostop(ebroadcast, Q_DST);
5182 if (linktype == DLT_FDDI)
5183 return gen_fhostop(ebroadcast, Q_DST);
5184 if (linktype == DLT_IEEE802)
5185 return gen_thostop(ebroadcast, Q_DST);
5186 if (linktype == DLT_IEEE802_11)
5187 return gen_wlanhostop(ebroadcast, Q_DST);
5188 if (linktype == DLT_IP_OVER_FC)
5189 return gen_ipfchostop(ebroadcast, Q_DST);
5190 if (linktype == DLT_SUNATM && is_lane) {
5191 /*
5192 * Check that the packet doesn't begin with an
5193 * LE Control marker. (We've already generated
5194 * a test for LANE.)
5195 */
5196 b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
5197 gen_not(b1);
5198
5199 /*
5200 * Now check the MAC address.
5201 */
5202 b0 = gen_ehostop(ebroadcast, Q_DST);
5203 gen_and(b1, b0);
5204 return b0;
5205 }
5206 bpf_error("not a broadcast link");
5207 break;
5208
5209 case Q_IP:
5210 b0 = gen_linktype(ETHERTYPE_IP);
5211 hostmask = ~netmask;
5212 b1 = gen_mcmp(off_nl + 16, BPF_W, (bpf_int32)0, hostmask);
5213 b2 = gen_mcmp(off_nl + 16, BPF_W,
5214 (bpf_int32)(~0 & hostmask), hostmask);
5215 gen_or(b1, b2);
5216 gen_and(b0, b2);
5217 return b2;
5218 }
5219 bpf_error("only link-layer/IP broadcast filters supported");
5220 /* NOTREACHED */
5221 }
5222
5223 /*
5224 * Generate code to test the low-order bit of a MAC address (that's
5225 * the bottom bit of the *first* byte).
5226 */
5227 static struct block *
5228 gen_mac_multicast(offset)
5229 int offset;
5230 {
5231 register struct block *b0;
5232 register struct slist *s;
5233
5234 /* link[offset] & 1 != 0 */
5235 s = gen_load_llrel(offset, BPF_B);
5236 b0 = new_block(JMP(BPF_JSET));
5237 b0->s.k = 1;
5238 b0->stmts = s;
5239 return b0;
5240 }
5241
5242 struct block *
5243 gen_multicast(proto)
5244 int proto;
5245 {
5246 register struct block *b0, *b1, *b2;
5247 register struct slist *s;
5248
5249 switch (proto) {
5250
5251 case Q_DEFAULT:
5252 case Q_LINK:
5253 if (linktype == DLT_ARCNET || linktype == DLT_ARCNET_LINUX)
5254 /* all ARCnet multicasts use the same address */
5255 return gen_ahostop(abroadcast, Q_DST);
5256
5257 if (linktype == DLT_EN10MB) {
5258 /* ether[0] & 1 != 0 */
5259 return gen_mac_multicast(0);
5260 }
5261
5262 if (linktype == DLT_FDDI) {
5263 /*
5264 * XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX
5265 *
5266 * XXX - was that referring to bit-order issues?
5267 */
5268 /* fddi[1] & 1 != 0 */
5269 return gen_mac_multicast(1);
5270 }
5271
5272 if (linktype == DLT_IEEE802) {
5273 /* tr[2] & 1 != 0 */
5274 return gen_mac_multicast(2);
5275 }
5276
5277 if (linktype == DLT_IEEE802_11) {
5278 /*
5279 * Oh, yuk.
5280 *
5281 * For control frames, there is no DA.
5282 *
5283 * For management frames, DA is at an
5284 * offset of 4 from the beginning of
5285 * the packet.
5286 *
5287 * For data frames, DA is at an offset
5288 * of 4 from the beginning of the packet
5289 * if To DS is clear and at an offset of
5290 * 16 from the beginning of the packet
5291 * if To DS is set.
5292 */
5293
5294 /*
5295 * Generate the tests to be done for data frames.
5296 *
5297 * First, check for To DS set, i.e. "link[1] & 0x01".
5298 */
5299 s = gen_load_llrel(1, BPF_B);
5300 b1 = new_block(JMP(BPF_JSET));
5301 b1->s.k = 0x01; /* To DS */
5302 b1->stmts = s;
5303
5304 /*
5305 * If To DS is set, the DA is at 16.
5306 */
5307 b0 = gen_mac_multicast(16);
5308 gen_and(b1, b0);
5309
5310 /*
5311 * Now, check for To DS not set, i.e. check
5312 * "!(link[1] & 0x01)".
5313 */
5314 s = gen_load_llrel(1, BPF_B);
5315 b2 = new_block(JMP(BPF_JSET));
5316 b2->s.k = 0x01; /* To DS */
5317 b2->stmts = s;
5318 gen_not(b2);
5319
5320 /*
5321 * If To DS is not set, the DA is at 4.
5322 */
5323 b1 = gen_mac_multicast(4);
5324 gen_and(b2, b1);
5325
5326 /*
5327 * Now OR together the last two checks. That gives
5328 * the complete set of checks for data frames.
5329 */
5330 gen_or(b1, b0);
5331
5332 /*
5333 * Now check for a data frame.
5334 * I.e, check "link[0] & 0x08".
5335 */
5336 s = gen_load_llrel(0, BPF_B);
5337 b1 = new_block(JMP(BPF_JSET));
5338 b1->s.k = 0x08;
5339 b1->stmts = s;
5340
5341 /*
5342 * AND that with the checks done for data frames.
5343 */
5344 gen_and(b1, b0);
5345
5346 /*
5347 * If the high-order bit of the type value is 0, this
5348 * is a management frame.
5349 * I.e, check "!(link[0] & 0x08)".
5350 */
5351 s = gen_load_llrel(0, BPF_B);
5352 b2 = new_block(JMP(BPF_JSET));
5353 b2->s.k = 0x08;
5354 b2->stmts = s;
5355 gen_not(b2);
5356
5357 /*
5358 * For management frames, the DA is at 4.
5359 */
5360 b1 = gen_mac_multicast(4);
5361 gen_and(b2, b1);
5362
5363 /*
5364 * OR that with the checks done for data frames.
5365 * That gives the checks done for management and
5366 * data frames.
5367 */
5368 gen_or(b1, b0);
5369
5370 /*
5371 * If the low-order bit of the type value is 1,
5372 * this is either a control frame or a frame
5373 * with a reserved type, and thus not a
5374 * frame with an SA.
5375 *
5376 * I.e., check "!(link[0] & 0x04)".
5377 */
5378 s = gen_load_llrel(0, BPF_B);
5379 b1 = new_block(JMP(BPF_JSET));
5380 b1->s.k = 0x04;
5381 b1->stmts = s;
5382 gen_not(b1);
5383
5384 /*
5385 * AND that with the checks for data and management
5386 * frames.
5387 */
5388 gen_and(b1, b0);
5389 return b0;
5390 }
5391
5392 if (linktype == DLT_IP_OVER_FC) {
5393 b0 = gen_mac_multicast(2);
5394 return b0;
5395 }
5396
5397 if (linktype == DLT_SUNATM && is_lane) {
5398 /*
5399 * Check that the packet doesn't begin with an
5400 * LE Control marker. (We've already generated
5401 * a test for LANE.)
5402 */
5403 b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
5404 gen_not(b1);
5405
5406 /* ether[off_mac] & 1 != 0 */
5407 b0 = gen_mac_multicast(off_mac);
5408 gen_and(b1, b0);
5409 return b0;
5410 }
5411
5412 /* Link not known to support multicasts */
5413 break;
5414
5415 case Q_IP:
5416 b0 = gen_linktype(ETHERTYPE_IP);
5417 b1 = gen_cmp(off_nl + 16, BPF_B, (bpf_int32)224);
5418 b1->s.code = JMP(BPF_JGE);
5419 gen_and(b0, b1);
5420 return b1;
5421
5422 #ifdef INET6
5423 case Q_IPV6:
5424 b0 = gen_linktype(ETHERTYPE_IPV6);
5425 b1 = gen_cmp(off_nl + 24, BPF_B, (bpf_int32)255);
5426 gen_and(b0, b1);
5427 return b1;
5428 #endif /* INET6 */
5429 }
5430 bpf_error("link-layer multicast filters supported only on ethernet/FDDI/token ring/ARCNET/802.11/ATM LANE/Fibre Channel");
5431 /* NOTREACHED */
5432 }
5433
5434 /*
5435 * generate command for inbound/outbound. It's here so we can
5436 * make it link-type specific. 'dir' = 0 implies "inbound",
5437 * = 1 implies "outbound".
5438 */
5439 struct block *
5440 gen_inbound(dir)
5441 int dir;
5442 {
5443 register struct block *b0;
5444
5445 /*
5446 * Only some data link types support inbound/outbound qualifiers.
5447 */
5448 switch (linktype) {
5449 case DLT_SLIP:
5450 b0 = gen_relation(BPF_JEQ,
5451 gen_load(Q_LINK, gen_loadi(0), 1),
5452 gen_loadi(0),
5453 dir);
5454 break;
5455
5456 case DLT_LINUX_SLL:
5457 if (dir) {
5458 /*
5459 * Match packets sent by this machine.
5460 */
5461 b0 = gen_cmp(0, BPF_H, LINUX_SLL_OUTGOING);
5462 } else {
5463 /*
5464 * Match packets sent to this machine.
5465 * (No broadcast or multicast packets, or
5466 * packets sent to some other machine and
5467 * received promiscuously.)
5468 *
5469 * XXX - packets sent to other machines probably
5470 * shouldn't be matched, but what about broadcast
5471 * or multicast packets we received?
5472 */
5473 b0 = gen_cmp(0, BPF_H, LINUX_SLL_HOST);
5474 }
5475 break;
5476
5477 case DLT_PFLOG:
5478 b0 = gen_cmp(offsetof(struct pfloghdr, dir), BPF_B,
5479 (bpf_int32)((dir == 0) ? PF_IN : PF_OUT));
5480 break;
5481
5482 case DLT_PPP_PPPD:
5483 if (dir) {
5484 /* match outgoing packets */
5485 b0 = gen_cmp(0, BPF_B, PPP_PPPD_OUT);
5486 } else {
5487 /* match incoming packets */
5488 b0 = gen_cmp(0, BPF_B, PPP_PPPD_IN);
5489 }
5490 break;
5491
5492 case DLT_JUNIPER_MLFR:
5493 case DLT_JUNIPER_MLPPP:
5494 case DLT_JUNIPER_ATM1:
5495 case DLT_JUNIPER_ATM2:
5496 /* juniper flags (including direction) are stored
5497 * the byte after the 3-byte magic number */
5498 if (dir) {
5499 /* match outgoing packets */
5500 b0 = gen_mcmp(3, BPF_B, 0, 0x01);
5501 } else {
5502 /* match incoming packets */
5503 b0 = gen_mcmp(3, BPF_B, 1, 0x01);
5504 }
5505 break;
5506
5507 default:
5508 bpf_error("inbound/outbound not supported on linktype %d",
5509 linktype);
5510 b0 = NULL;
5511 /* NOTREACHED */
5512 }
5513 return (b0);
5514 }
5515
5516 /* PF firewall log matched interface */
5517 struct block *
5518 gen_pf_ifname(const char *ifname)
5519 {
5520 struct block *b0;
5521 u_int len, off;
5522
5523 if (linktype == DLT_PFLOG) {
5524 len = sizeof(((struct pfloghdr *)0)->ifname);
5525 off = offsetof(struct pfloghdr, ifname);
5526 } else {
5527 bpf_error("ifname not supported on linktype 0x%x", linktype);
5528 /* NOTREACHED */
5529 }
5530 if (strlen(ifname) >= len) {
5531 bpf_error("ifname interface names can only be %d characters",
5532 len-1);
5533 /* NOTREACHED */
5534 }
5535 b0 = gen_bcmp(off, strlen(ifname), (const u_char *)ifname);
5536 return (b0);
5537 }
5538
5539 /* PF firewall log matched interface */
5540 struct block *
5541 gen_pf_ruleset(char *ruleset)
5542 {
5543 struct block *b0;
5544
5545 if (linktype != DLT_PFLOG) {
5546 bpf_error("ruleset not supported on linktype 0x%x", linktype);
5547 /* NOTREACHED */
5548 }
5549 if (strlen(ruleset) >= sizeof(((struct pfloghdr *)0)->ruleset)) {
5550 bpf_error("ruleset names can only be %ld characters",
5551 (long)(sizeof(((struct pfloghdr *)0)->ruleset) - 1));
5552 /* NOTREACHED */
5553 }
5554 b0 = gen_bcmp(offsetof(struct pfloghdr, ruleset),
5555 strlen(ruleset), (const u_char *)ruleset);
5556 return (b0);
5557 }
5558
5559 /* PF firewall log rule number */
5560 struct block *
5561 gen_pf_rnr(int rnr)
5562 {
5563 struct block *b0;
5564
5565 if (linktype == DLT_PFLOG) {
5566 b0 = gen_cmp(offsetof(struct pfloghdr, rulenr), BPF_W,
5567 (bpf_int32)rnr);
5568 } else {
5569 bpf_error("rnr not supported on linktype 0x%x", linktype);
5570 /* NOTREACHED */
5571 }
5572
5573 return (b0);
5574 }
5575
5576 /* PF firewall log sub-rule number */
5577 struct block *
5578 gen_pf_srnr(int srnr)
5579 {
5580 struct block *b0;
5581
5582 if (linktype != DLT_PFLOG) {
5583 bpf_error("srnr not supported on linktype 0x%x", linktype);
5584 /* NOTREACHED */
5585 }
5586
5587 b0 = gen_cmp(offsetof(struct pfloghdr, subrulenr), BPF_W,
5588 (bpf_int32)srnr);
5589 return (b0);
5590 }
5591
5592 /* PF firewall log reason code */
5593 struct block *
5594 gen_pf_reason(int reason)
5595 {
5596 struct block *b0;
5597
5598 if (linktype == DLT_PFLOG) {
5599 b0 = gen_cmp(offsetof(struct pfloghdr, reason), BPF_B,
5600 (bpf_int32)reason);
5601 } else {
5602 bpf_error("reason not supported on linktype 0x%x", linktype);
5603 /* NOTREACHED */
5604 }
5605
5606 return (b0);
5607 }
5608
5609 /* PF firewall log action */
5610 struct block *
5611 gen_pf_action(int action)
5612 {
5613 struct block *b0;
5614
5615 if (linktype == DLT_PFLOG) {
5616 b0 = gen_cmp(offsetof(struct pfloghdr, action), BPF_B,
5617 (bpf_int32)action);
5618 } else {
5619 bpf_error("action not supported on linktype 0x%x", linktype);
5620 /* NOTREACHED */
5621 }
5622
5623 return (b0);
5624 }
5625
5626 struct block *
5627 gen_acode(eaddr, q)
5628 register const u_char *eaddr;
5629 struct qual q;
5630 {
5631 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
5632 if (linktype == DLT_ARCNET || linktype == DLT_ARCNET_LINUX)
5633 return gen_ahostop(eaddr, (int)q.dir);
5634 }
5635 bpf_error("ARCnet address used in non-arc expression");
5636 /* NOTREACHED */
5637 }
5638
5639 static struct block *
5640 gen_ahostop(eaddr, dir)
5641 register const u_char *eaddr;
5642 register int dir;
5643 {
5644 register struct block *b0, *b1;
5645
5646 switch (dir) {
5647 /* src comes first, different from Ethernet */
5648 case Q_SRC:
5649 return gen_bcmp(0, 1, eaddr);
5650
5651 case Q_DST:
5652 return gen_bcmp(1, 1, eaddr);
5653
5654 case Q_AND:
5655 b0 = gen_ahostop(eaddr, Q_SRC);
5656 b1 = gen_ahostop(eaddr, Q_DST);
5657 gen_and(b0, b1);
5658 return b1;
5659
5660 case Q_DEFAULT:
5661 case Q_OR:
5662 b0 = gen_ahostop(eaddr, Q_SRC);
5663 b1 = gen_ahostop(eaddr, Q_DST);
5664 gen_or(b0, b1);
5665 return b1;
5666 }
5667 abort();
5668 /* NOTREACHED */
5669 }
5670
5671 /*
5672 * support IEEE 802.1Q VLAN trunk over ethernet
5673 */
5674 struct block *
5675 gen_vlan(vlan_num)
5676 int vlan_num;
5677 {
5678 struct block *b0;
5679
5680 /*
5681 * Change the offsets to point to the type and data fields within
5682 * the VLAN packet. Just increment the offsets, so that we
5683 * can support a hierarchy, e.g. "vlan 300 && vlan 200" to
5684 * capture VLAN 200 encapsulated within VLAN 100.
5685 *
5686 * XXX - this is a bit of a kludge. If we were to split the
5687 * compiler into a parser that parses an expression and
5688 * generates an expression tree, and a code generator that
5689 * takes an expression tree (which could come from our
5690 * parser or from some other parser) and generates BPF code,
5691 * we could perhaps make the offsets parameters of routines
5692 * and, in the handler for an "AND" node, pass to subnodes
5693 * other than the VLAN node the adjusted offsets.
5694 *
5695 * This would mean that "vlan" would, instead of changing the
5696 * behavior of *all* tests after it, change only the behavior
5697 * of tests ANDed with it. That would change the documented
5698 * semantics of "vlan", which might break some expressions.
5699 * However, it would mean that "(vlan and ip) or ip" would check
5700 * both for VLAN-encapsulated IP and IP-over-Ethernet, rather than
5701 * checking only for VLAN-encapsulated IP, so that could still
5702 * be considered worth doing; it wouldn't break expressions
5703 * that are of the form "vlan and ..." or "vlan N and ...",
5704 * which I suspect are the most common expressions involving
5705 * "vlan". "vlan or ..." doesn't necessarily do what the user
5706 * would really want, now, as all the "or ..." tests would
5707 * be done assuming a VLAN, even though the "or" could be viewed
5708 * as meaning "or, if this isn't a VLAN packet...".
5709 */
5710 orig_linktype = off_linktype; /* save original values */
5711 orig_nl = off_nl;
5712
5713 switch (linktype) {
5714
5715 case DLT_EN10MB:
5716 off_linktype += 4;
5717 off_nl_nosnap += 4;
5718 off_nl += 4;
5719 break;
5720
5721 default:
5722 bpf_error("no VLAN support for data link type %d",
5723 linktype);
5724 /*NOTREACHED*/
5725 }
5726
5727 /* check for VLAN */
5728 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q);
5729
5730 /* If a specific VLAN is requested, check VLAN id */
5731 if (vlan_num >= 0) {
5732 struct block *b1;
5733
5734 b1 = gen_mcmp(orig_nl, BPF_H, (bpf_int32)vlan_num, 0x0fff);
5735 gen_and(b0, b1);
5736 b0 = b1;
5737 }
5738
5739 return (b0);
5740 }
5741
5742 /*
5743 * support for MPLS
5744 */
5745 struct block *
5746 gen_mpls(label_num)
5747 int label_num;
5748 {
5749 struct block *b0;
5750
5751 /*
5752 * Change the offsets to point to the type and data fields within
5753 * the MPLS packet. Just increment the offsets, so that we
5754 * can support a hierarchy, e.g. "mpls 100000 && mpls 1024" to
5755 * capture packets with an outer label of 100000 and an inner
5756 * label of 1024.
5757 *
5758 * XXX - this is a bit of a kludge. See comments in gen_vlan().
5759 */
5760 orig_linktype = off_linktype; /* save original values */
5761 orig_nl = off_nl;
5762
5763 switch (linktype) {
5764
5765 case DLT_C_HDLC: /* fall through */
5766 case DLT_EN10MB:
5767 off_linktype += 4;
5768 off_nl_nosnap += 4;
5769 off_nl += 4;
5770
5771 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_MPLS);
5772 break;
5773
5774 case DLT_PPP:
5775 off_linktype += 4;
5776 off_nl_nosnap += 4;
5777 off_nl += 4;
5778
5779 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)PPP_MPLS_UCAST);
5780 break;
5781
5782 /* FIXME add other DLT_s ...
5783 * for Frame-Relay/and ATM this may get messy due to SNAP headers
5784 * leave it for now */
5785
5786 default:
5787 bpf_error("no MPLS support for data link type %d",
5788 linktype);
5789 b0 = NULL;
5790 /*NOTREACHED*/
5791 break;
5792 }
5793
5794 /* If a specific MPLS label is requested, check it */
5795 if (label_num >= 0) {
5796 struct block *b1;
5797
5798 label_num = label_num << 12; /* label is shifted 12 bits on the wire */
5799 b1 = gen_mcmp(orig_nl, BPF_W, (bpf_int32)label_num, 0xfffff000); /* only compare the first 20 bits */
5800 gen_and(b0, b1);
5801 b0 = b1;
5802 }
5803
5804 return (b0);
5805 }
5806
5807 struct block *
5808 gen_atmfield_code(atmfield, jvalue, jtype, reverse)
5809 int atmfield;
5810 bpf_u_int32 jvalue;
5811 bpf_u_int32 jtype;
5812 int reverse;
5813 {
5814 struct block *b0;
5815
5816 switch (atmfield) {
5817
5818 case A_VPI:
5819 if (!is_atm)
5820 bpf_error("'vpi' supported only on raw ATM");
5821 if (off_vpi == (u_int)-1)
5822 abort();
5823 b0 = gen_ncmp(BPF_B, off_vpi, 0xffffffff, (u_int)jtype,
5824 (u_int)jvalue, reverse);
5825 break;
5826
5827 case A_VCI:
5828 if (!is_atm)
5829 bpf_error("'vci' supported only on raw ATM");
5830 if (off_vci == (u_int)-1)
5831 abort();
5832 b0 = gen_ncmp(BPF_H, off_vci, 0xffffffff, (u_int)jtype,
5833 (u_int)jvalue, reverse);
5834 break;
5835
5836 case A_PROTOTYPE:
5837 if (off_proto == (u_int)-1)
5838 abort(); /* XXX - this isn't on FreeBSD */
5839 b0 = gen_ncmp(BPF_B, off_proto, 0x0f, (u_int)jtype,
5840 (u_int)jvalue, reverse);
5841 break;
5842
5843 case A_MSGTYPE:
5844 if (off_payload == (u_int)-1)
5845 abort();
5846 b0 = gen_ncmp(BPF_B, off_payload + MSG_TYPE_POS, 0xffffffff,
5847 (u_int)jtype, (u_int)jvalue, reverse);
5848 break;
5849
5850 case A_CALLREFTYPE:
5851 if (!is_atm)
5852 bpf_error("'callref' supported only on raw ATM");
5853 if (off_proto == (u_int)-1)
5854 abort();
5855 b0 = gen_ncmp(BPF_B, off_proto, 0xffffffff, (u_int)jtype,
5856 (u_int)jvalue, reverse);
5857 break;
5858
5859 default:
5860 abort();
5861 }
5862 return b0;
5863 }
5864
5865 struct block *
5866 gen_atmtype_abbrev(type)
5867 int type;
5868 {
5869 struct block *b0, *b1;
5870
5871 switch (type) {
5872
5873 case A_METAC:
5874 /* Get all packets in Meta signalling Circuit */
5875 if (!is_atm)
5876 bpf_error("'metac' supported only on raw ATM");
5877 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5878 b1 = gen_atmfield_code(A_VCI, 1, BPF_JEQ, 0);
5879 gen_and(b0, b1);
5880 break;
5881
5882 case A_BCC:
5883 /* Get all packets in Broadcast Circuit*/
5884 if (!is_atm)
5885 bpf_error("'bcc' supported only on raw ATM");
5886 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5887 b1 = gen_atmfield_code(A_VCI, 2, BPF_JEQ, 0);
5888 gen_and(b0, b1);
5889 break;
5890
5891 case A_OAMF4SC:
5892 /* Get all cells in Segment OAM F4 circuit*/
5893 if (!is_atm)
5894 bpf_error("'oam4sc' supported only on raw ATM");
5895 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5896 b1 = gen_atmfield_code(A_VCI, 3, BPF_JEQ, 0);
5897 gen_and(b0, b1);
5898 break;
5899
5900 case A_OAMF4EC:
5901 /* Get all cells in End-to-End OAM F4 Circuit*/
5902 if (!is_atm)
5903 bpf_error("'oam4ec' supported only on raw ATM");
5904 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5905 b1 = gen_atmfield_code(A_VCI, 4, BPF_JEQ, 0);
5906 gen_and(b0, b1);
5907 break;
5908
5909 case A_SC:
5910 /* Get all packets in connection Signalling Circuit */
5911 if (!is_atm)
5912 bpf_error("'sc' supported only on raw ATM");
5913 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5914 b1 = gen_atmfield_code(A_VCI, 5, BPF_JEQ, 0);
5915 gen_and(b0, b1);
5916 break;
5917
5918 case A_ILMIC:
5919 /* Get all packets in ILMI Circuit */
5920 if (!is_atm)
5921 bpf_error("'ilmic' supported only on raw ATM");
5922 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5923 b1 = gen_atmfield_code(A_VCI, 16, BPF_JEQ, 0);
5924 gen_and(b0, b1);
5925 break;
5926
5927 case A_LANE:
5928 /* Get all LANE packets */
5929 if (!is_atm)
5930 bpf_error("'lane' supported only on raw ATM");
5931 b1 = gen_atmfield_code(A_PROTOTYPE, PT_LANE, BPF_JEQ, 0);
5932
5933 /*
5934 * Arrange that all subsequent tests assume LANE
5935 * rather than LLC-encapsulated packets, and set
5936 * the offsets appropriately for LANE-encapsulated
5937 * Ethernet.
5938 *
5939 * "off_mac" is the offset of the Ethernet header,
5940 * which is 2 bytes past the ATM pseudo-header
5941 * (skipping the pseudo-header and 2-byte LE Client
5942 * field). The other offsets are Ethernet offsets
5943 * relative to "off_mac".
5944 */
5945 is_lane = 1;
5946 off_mac = off_payload + 2; /* MAC header */
5947 off_linktype = off_mac + 12;
5948 off_nl = off_mac + 14; /* Ethernet II */
5949 off_nl_nosnap = off_mac + 17; /* 802.3+802.2 */
5950 break;
5951
5952 case A_LLC:
5953 /* Get all LLC-encapsulated packets */
5954 if (!is_atm)
5955 bpf_error("'llc' supported only on raw ATM");
5956 b1 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0);
5957 is_lane = 0;
5958 break;
5959
5960 default:
5961 abort();
5962 }
5963 return b1;
5964 }
5965
5966
5967 static struct block *
5968 gen_msg_abbrev(type)
5969 int type;
5970 {
5971 struct block *b1;
5972
5973 /*
5974 * Q.2931 signalling protocol messages for handling virtual circuits
5975 * establishment and teardown
5976 */
5977 switch (type) {
5978
5979 case A_SETUP:
5980 b1 = gen_atmfield_code(A_MSGTYPE, SETUP, BPF_JEQ, 0);
5981 break;
5982
5983 case A_CALLPROCEED:
5984 b1 = gen_atmfield_code(A_MSGTYPE, CALL_PROCEED, BPF_JEQ, 0);
5985 break;
5986
5987 case A_CONNECT:
5988 b1 = gen_atmfield_code(A_MSGTYPE, CONNECT, BPF_JEQ, 0);
5989 break;
5990
5991 case A_CONNECTACK:
5992 b1 = gen_atmfield_code(A_MSGTYPE, CONNECT_ACK, BPF_JEQ, 0);
5993 break;
5994
5995 case A_RELEASE:
5996 b1 = gen_atmfield_code(A_MSGTYPE, RELEASE, BPF_JEQ, 0);
5997 break;
5998
5999 case A_RELEASE_DONE:
6000 b1 = gen_atmfield_code(A_MSGTYPE, RELEASE_DONE, BPF_JEQ, 0);
6001 break;
6002
6003 default:
6004 abort();
6005 }
6006 return b1;
6007 }
6008
6009 struct block *
6010 gen_atmmulti_abbrev(type)
6011 int type;
6012 {
6013 struct block *b0, *b1;
6014
6015 switch (type) {
6016
6017 case A_OAM:
6018 if (!is_atm)
6019 bpf_error("'oam' supported only on raw ATM");
6020 b1 = gen_atmmulti_abbrev(A_OAMF4);
6021 break;
6022
6023 case A_OAMF4:
6024 if (!is_atm)
6025 bpf_error("'oamf4' supported only on raw ATM");
6026 /* OAM F4 type */
6027 b0 = gen_atmfield_code(A_VCI, 3, BPF_JEQ, 0);
6028 b1 = gen_atmfield_code(A_VCI, 4, BPF_JEQ, 0);
6029 gen_or(b0, b1);
6030 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
6031 gen_and(b0, b1);
6032 break;
6033
6034 case A_CONNECTMSG:
6035 /*
6036 * Get Q.2931 signalling messages for switched
6037 * virtual connection
6038 */
6039 if (!is_atm)
6040 bpf_error("'connectmsg' supported only on raw ATM");
6041 b0 = gen_msg_abbrev(A_SETUP);
6042 b1 = gen_msg_abbrev(A_CALLPROCEED);
6043 gen_or(b0, b1);
6044 b0 = gen_msg_abbrev(A_CONNECT);
6045 gen_or(b0, b1);
6046 b0 = gen_msg_abbrev(A_CONNECTACK);
6047 gen_or(b0, b1);
6048 b0 = gen_msg_abbrev(A_RELEASE);
6049 gen_or(b0, b1);
6050 b0 = gen_msg_abbrev(A_RELEASE_DONE);
6051 gen_or(b0, b1);
6052 b0 = gen_atmtype_abbrev(A_SC);
6053 gen_and(b0, b1);
6054 break;
6055
6056 case A_METACONNECT:
6057 if (!is_atm)
6058 bpf_error("'metaconnect' supported only on raw ATM");
6059 b0 = gen_msg_abbrev(A_SETUP);
6060 b1 = gen_msg_abbrev(A_CALLPROCEED);
6061 gen_or(b0, b1);
6062 b0 = gen_msg_abbrev(A_CONNECT);
6063 gen_or(b0, b1);
6064 b0 = gen_msg_abbrev(A_RELEASE);
6065 gen_or(b0, b1);
6066 b0 = gen_msg_abbrev(A_RELEASE_DONE);
6067 gen_or(b0, b1);
6068 b0 = gen_atmtype_abbrev(A_METAC);
6069 gen_and(b0, b1);
6070 break;
6071
6072 default:
6073 abort();
6074 }
6075 return b1;
6076 }
[mirror] the LIBpcap interface to various kernel packet capture mechanism