]> The Tcpdump Group git mirrors - libpcap/blob - gencode.c
projects / libpcap / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Patch from Monroe Williams <[email protected]>, submitted with NetBSD PR
[libpcap] / gencode.c
1 /*#define CHASE_CHAIN*/
2 /*
3 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998
4 * The Regents of the University of California. All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that: (1) source code distributions
8 * retain the above copyright notice and this paragraph in its entirety, (2)
9 * distributions including binary code include the above copyright notice and
10 * this paragraph in its entirety in the documentation or other materials
11 * provided with the distribution, and (3) all advertising materials mentioning
12 * features or use of this software display the following acknowledgement:
13 * ``This product includes software developed by the University of California,
14 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
15 * the University nor the names of its contributors may be used to endorse
16 * or promote products derived from this software without specific prior
17 * written permission.
18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
19 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
20 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
21 */
22 #ifndef lint
23 static const char rcsid[] =
24 "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.127 2000-10-28 08:19:29 guy Exp $ (LBL)";
25 #endif
26
27 #ifdef HAVE_CONFIG_H
28 #include "config.h"
29 #endif
30
31 #include <sys/types.h>
32 #include <sys/socket.h>
33 #include <sys/time.h>
34 #ifdef __NetBSD__
35 #include <sys/param.h>
36 #endif
37
38 struct mbuf;
39 struct rtentry;
40 #include <net/if.h>
41
42 #include <netinet/in.h>
43
44 #include <stdlib.h>
45 #include <string.h>
46 #include <memory.h>
47 #include <setjmp.h>
48 #include <stdarg.h>
49
50 #include "pcap-int.h"
51
52 #include "ethertype.h"
53 #include "gencode.h"
54 #include "ppp.h"
55 #include <pcap-namedb.h>
56 #ifdef INET6
57 #include <netdb.h>
58 #include <sys/socket.h>
59 #endif /*INET6*/
60
61 #ifdef HAVE_OS_PROTO_H
62 #include "os-proto.h"
63 #endif
64
65 #define JMP(c) ((c)|BPF_JMP|BPF_K)
66
67 /* Locals */
68 static jmp_buf top_ctx;
69 static pcap_t *bpf_pcap;
70
71 /* XXX */
72 #ifdef PCAP_FDDIPAD
73 int pcap_fddipad = PCAP_FDDIPAD;
74 #else
75 int pcap_fddipad;
76 #endif
77
78 /* VARARGS */
79 void
80 bpf_error(const char *fmt, ...)
81
82 {
83 va_list ap;
84
85 va_start(ap, fmt);
86 if (bpf_pcap != NULL)
87 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE,
88 fmt, ap);
89 va_end(ap);
90 longjmp(top_ctx, 1);
91 /* NOTREACHED */
92 }
93
94 static void init_linktype(int);
95
96 static int alloc_reg(void);
97 static void free_reg(int);
98
99 static struct block *root;
100
101 /*
102 * We divy out chunks of memory rather than call malloc each time so
103 * we don't have to worry about leaking memory. It's probably
104 * not a big deal if all this memory was wasted but it this ever
105 * goes into a library that would probably not be a good idea.
106 */
107 #define NCHUNKS 16
108 #define CHUNK0SIZE 1024
109 struct chunk {
110 u_int n_left;
111 void *m;
112 };
113
114 static struct chunk chunks[NCHUNKS];
115 static int cur_chunk;
116
117 static void *newchunk(u_int);
118 static void freechunks(void);
119 static inline struct block *new_block(int);
120 static inline struct slist *new_stmt(int);
121 static struct block *gen_retblk(int);
122 static inline void syntax(void);
123
124 static void backpatch(struct block *, struct block *);
125 static void merge(struct block *, struct block *);
126 static struct block *gen_cmp(u_int, u_int, bpf_int32);
127 static struct block *gen_cmp_gt(u_int, u_int, bpf_int32);
128 static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32);
129 static struct block *gen_bcmp(u_int, u_int, const u_char *);
130 static struct block *gen_uncond(int);
131 static inline struct block *gen_true(void);
132 static inline struct block *gen_false(void);
133 static struct block *gen_linktype(int);
134 static struct block *gen_snap(bpf_u_int32, bpf_u_int32, u_int);
135 static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int);
136 #ifdef INET6
137 static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int);
138 #endif
139 static struct block *gen_ehostop(const u_char *, int);
140 static struct block *gen_fhostop(const u_char *, int);
141 static struct block *gen_thostop(const u_char *, int);
142 static struct block *gen_dnhostop(bpf_u_int32, int, u_int);
143 static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int);
144 #ifdef INET6
145 static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int);
146 #endif
147 #ifndef INET6
148 static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int);
149 #endif
150 static struct block *gen_ipfrag(void);
151 static struct block *gen_portatom(int, bpf_int32);
152 #ifdef INET6
153 static struct block *gen_portatom6(int, bpf_int32);
154 #endif
155 struct block *gen_portop(int, int, int);
156 static struct block *gen_port(int, int, int);
157 #ifdef INET6
158 struct block *gen_portop6(int, int, int);
159 static struct block *gen_port6(int, int, int);
160 #endif
161 static int lookup_proto(const char *, int);
162 static struct block *gen_protochain(int, int, int);
163 static struct block *gen_proto(int, int, int);
164 static struct slist *xfer_to_x(struct arth *);
165 static struct slist *xfer_to_a(struct arth *);
166 static struct block *gen_len(int, int);
167
168 static void *
169 newchunk(n)
170 u_int n;
171 {
172 struct chunk *cp;
173 int k, size;
174
175 #ifndef __NetBSD__
176 /* XXX Round up to nearest long. */
177 n = (n + sizeof(long) - 1) & ~(sizeof(long) - 1);
178 #else
179 /* XXX Round up to structure boundary. */
180 n = ALIGN(n);
181 #endif
182
183 cp = &chunks[cur_chunk];
184 if (n > cp->n_left) {
185 ++cp, k = ++cur_chunk;
186 if (k >= NCHUNKS)
187 bpf_error("out of memory");
188 size = CHUNK0SIZE << k;
189 cp->m = (void *)malloc(size);
190 memset((char *)cp->m, 0, size);
191 cp->n_left = size;
192 if (n > size)
193 bpf_error("out of memory");
194 }
195 cp->n_left -= n;
196 return (void *)((char *)cp->m + cp->n_left);
197 }
198
199 static void
200 freechunks()
201 {
202 int i;
203
204 cur_chunk = 0;
205 for (i = 0; i < NCHUNKS; ++i)
206 if (chunks[i].m != NULL) {
207 free(chunks[i].m);
208 chunks[i].m = NULL;
209 }
210 }
211
212 /*
213 * A strdup whose allocations are freed after code generation is over.
214 */
215 char *
216 sdup(s)
217 register const char *s;
218 {
219 int n = strlen(s) + 1;
220 char *cp = newchunk(n);
221
222 strlcpy(cp, s, n);
223 return (cp);
224 }
225
226 static inline struct block *
227 new_block(code)
228 int code;
229 {
230 struct block *p;
231
232 p = (struct block *)newchunk(sizeof(*p));
233 p->s.code = code;
234 p->head = p;
235
236 return p;
237 }
238
239 static inline struct slist *
240 new_stmt(code)
241 int code;
242 {
243 struct slist *p;
244
245 p = (struct slist *)newchunk(sizeof(*p));
246 p->s.code = code;
247
248 return p;
249 }
250
251 static struct block *
252 gen_retblk(v)
253 int v;
254 {
255 struct block *b = new_block(BPF_RET|BPF_K);
256
257 b->s.k = v;
258 return b;
259 }
260
261 static inline void
262 syntax()
263 {
264 bpf_error("syntax error in filter expression");
265 }
266
267 static bpf_u_int32 netmask;
268 static int snaplen;
269 int no_optimize;
270
271 int
272 pcap_compile(pcap_t *p, struct bpf_program *program,
273 char *buf, int optimize, bpf_u_int32 mask)
274 {
275 extern int n_errors;
276 int len;
277
278 no_optimize = 0;
279 n_errors = 0;
280 root = NULL;
281 bpf_pcap = p;
282 if (setjmp(top_ctx)) {
283 lex_cleanup();
284 freechunks();
285 return (-1);
286 }
287
288 netmask = mask;
289
290 /* On Linux we do not use the BPF filter to truncate the packet
291 * since the kernel provides other ways for that. In fact if we
292 * are using the packet filter for that duty we will be unable
293 * to acquire the original packet size. -- Torsten */
294 #ifndef linux
295 snaplen = pcap_snapshot(p);
296 #else
297 snaplen = 0xffff;
298 #endif
299 if (snaplen == 0) {
300 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
301 "snaplen of 0 rejects all packets");
302 return -1;
303 }
304
305 lex_init(buf ? buf : "");
306 init_linktype(pcap_datalink(p));
307 (void)pcap_parse();
308
309 if (n_errors)
310 syntax();
311
312 if (root == NULL)
313 root = gen_retblk(snaplen);
314
315 if (optimize && !no_optimize) {
316 bpf_optimize(&root);
317 if (root == NULL ||
318 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0))
319 bpf_error("expression rejects all packets");
320 }
321 program->bf_insns = icode_to_fcode(root, &len);
322 program->bf_len = len;
323
324 lex_cleanup();
325 freechunks();
326 return (0);
327 }
328
329 /*
330 * entry point for using the compiler with no pcap open
331 * pass in all the stuff that is needed explicitly instead.
332 */
333 int
334 pcap_compile_nopcap(int snaplen_arg, int linktype_arg,
335 struct bpf_program *program,
336 char *buf, int optimize, bpf_u_int32 mask)
337 {
338 extern int n_errors;
339 int len;
340
341 n_errors = 0;
342 root = NULL;
343 bpf_pcap = NULL;
344 if (setjmp(top_ctx)) {
345 freechunks();
346 return (-1);
347 }
348
349 netmask = mask;
350
351 /* XXX needed? I don't grok the use of globals here. */
352 snaplen = snaplen_arg;
353
354 lex_init(buf ? buf : "");
355 init_linktype(linktype_arg);
356 (void)pcap_parse();
357
358 if (n_errors)
359 syntax();
360
361 if (root == NULL)
362 root = gen_retblk(snaplen_arg);
363
364 if (optimize) {
365 bpf_optimize(&root);
366 if (root == NULL ||
367 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0))
368 bpf_error("expression rejects all packets");
369 }
370 program->bf_insns = icode_to_fcode(root, &len);
371 program->bf_len = len;
372
373 freechunks();
374 return (0);
375 }
376
377 /*
378 * Clean up a "struct bpf_program" by freeing all the memory allocated
379 * in it.
380 */
381 void
382 pcap_freecode(struct bpf_program *program)
383 {
384 program->bf_len = 0;
385 if (program->bf_insns != NULL) {
386 free((char *)program->bf_insns);
387 program->bf_insns = NULL;
388 }
389 }
390
391 /*
392 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates
393 * which of the jt and jf fields has been resolved and which is a pointer
394 * back to another unresolved block (or nil). At least one of the fields
395 * in each block is already resolved.
396 */
397 static void
398 backpatch(list, target)
399 struct block *list, *target;
400 {
401 struct block *next;
402
403 while (list) {
404 if (!list->sense) {
405 next = JT(list);
406 JT(list) = target;
407 } else {
408 next = JF(list);
409 JF(list) = target;
410 }
411 list = next;
412 }
413 }
414
415 /*
416 * Merge the lists in b0 and b1, using the 'sense' field to indicate
417 * which of jt and jf is the link.
418 */
419 static void
420 merge(b0, b1)
421 struct block *b0, *b1;
422 {
423 register struct block **p = &b0;
424
425 /* Find end of list. */
426 while (*p)
427 p = !((*p)->sense) ? &JT(*p) : &JF(*p);
428
429 /* Concatenate the lists. */
430 *p = b1;
431 }
432
433 void
434 finish_parse(p)
435 struct block *p;
436 {
437 backpatch(p, gen_retblk(snaplen));
438 p->sense = !p->sense;
439 backpatch(p, gen_retblk(0));
440 root = p->head;
441 }
442
443 void
444 gen_and(b0, b1)
445 struct block *b0, *b1;
446 {
447 backpatch(b0, b1->head);
448 b0->sense = !b0->sense;
449 b1->sense = !b1->sense;
450 merge(b1, b0);
451 b1->sense = !b1->sense;
452 b1->head = b0->head;
453 }
454
455 void
456 gen_or(b0, b1)
457 struct block *b0, *b1;
458 {
459 b0->sense = !b0->sense;
460 backpatch(b0, b1->head);
461 b0->sense = !b0->sense;
462 merge(b1, b0);
463 b1->head = b0->head;
464 }
465
466 void
467 gen_not(b)
468 struct block *b;
469 {
470 b->sense = !b->sense;
471 }
472
473 static struct block *
474 gen_cmp(offset, size, v)
475 u_int offset, size;
476 bpf_int32 v;
477 {
478 struct slist *s;
479 struct block *b;
480
481 s = new_stmt(BPF_LD|BPF_ABS|size);
482 s->s.k = offset;
483
484 b = new_block(JMP(BPF_JEQ));
485 b->stmts = s;
486 b->s.k = v;
487
488 return b;
489 }
490
491 static struct block *
492 gen_cmp_gt(offset, size, v)
493 u_int offset, size;
494 bpf_int32 v;
495 {
496 struct slist *s;
497 struct block *b;
498
499 s = new_stmt(BPF_LD|BPF_ABS|size);
500 s->s.k = offset;
501
502 b = new_block(JMP(BPF_JGT));
503 b->stmts = s;
504 b->s.k = v;
505
506 return b;
507 }
508
509 static struct block *
510 gen_mcmp(offset, size, v, mask)
511 u_int offset, size;
512 bpf_int32 v;
513 bpf_u_int32 mask;
514 {
515 struct block *b = gen_cmp(offset, size, v);
516 struct slist *s;
517
518 if (mask != 0xffffffff) {
519 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
520 s->s.k = mask;
521 b->stmts->next = s;
522 }
523 return b;
524 }
525
526 static struct block *
527 gen_bcmp(offset, size, v)
528 register u_int offset, size;
529 register const u_char *v;
530 {
531 register struct block *b, *tmp;
532
533 b = NULL;
534 while (size >= 4) {
535 register const u_char *p = &v[size - 4];
536 bpf_int32 w = ((bpf_int32)p[0] << 24) |
537 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3];
538
539 tmp = gen_cmp(offset + size - 4, BPF_W, w);
540 if (b != NULL)
541 gen_and(b, tmp);
542 b = tmp;
543 size -= 4;
544 }
545 while (size >= 2) {
546 register const u_char *p = &v[size - 2];
547 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1];
548
549 tmp = gen_cmp(offset + size - 2, BPF_H, w);
550 if (b != NULL)
551 gen_and(b, tmp);
552 b = tmp;
553 size -= 2;
554 }
555 if (size > 0) {
556 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]);
557 if (b != NULL)
558 gen_and(b, tmp);
559 b = tmp;
560 }
561 return b;
562 }
563
564 /*
565 * Various code constructs need to know the layout of the data link
566 * layer. These variables give the necessary offsets. off_linktype
567 * is set to -1 for no encapsulation, in which case, IP is assumed.
568 */
569 static u_int off_linktype;
570 static u_int off_nl;
571 static int linktype;
572
573 static void
574 init_linktype(type)
575 int type;
576 {
577 linktype = type;
578
579 switch (type) {
580
581 case DLT_EN10MB:
582 off_linktype = 12;
583 off_nl = 14;
584 return;
585
586 case DLT_SLIP:
587 /*
588 * SLIP doesn't have a link level type. The 16 byte
589 * header is hacked into our SLIP driver.
590 */
591 off_linktype = -1;
592 off_nl = 16;
593 return;
594
595 case DLT_SLIP_BSDOS:
596 /* XXX this may be the same as the DLT_PPP_BSDOS case */
597 off_linktype = -1;
598 /* XXX end */
599 off_nl = 24;
600 return;
601
602 case DLT_NULL:
603 off_linktype = 0;
604 off_nl = 4;
605 return;
606
607 case DLT_PPP:
608 case DLT_C_HDLC:
609 case DLT_PPP_SERIAL:
610 off_linktype = 2;
611 off_nl = 4;
612 return;
613
614 case DLT_PPP_BSDOS:
615 off_linktype = 5;
616 off_nl = 24;
617 return;
618
619 case DLT_FDDI:
620 /*
621 * FDDI doesn't really have a link-level type field.
622 * We assume that SSAP = SNAP is being used and pick
623 * out the encapsulated Ethernet type.
624 *
625 * XXX - should we generate code to check for SNAP?
626 */
627 off_linktype = 19;
628 #ifdef PCAP_FDDIPAD
629 off_linktype += pcap_fddipad;
630 #endif
631 off_nl = 21;
632 #ifdef PCAP_FDDIPAD
633 off_nl += pcap_fddipad;
634 #endif
635 return;
636
637 case DLT_IEEE802:
638 /*
639 * Token Ring doesn't really have a link-level type field.
640 * We assume that SSAP = SNAP is being used and pick
641 * out the encapsulated Ethernet type.
642 *
643 * XXX - should we generate code to check for SNAP?
644 *
645 * XXX - the header is actually variable-length.
646 * Some various Linux patched versions gave 38
647 * as "off_linktype" and 40 as "off_nl"; however,
648 * if a token ring packet has *no* routing
649 * information, i.e. is not source-routed, the correct
650 * values are 20 and 22, as they are in the vanilla code.
651 *
652 * A packet is source-routed iff the uppermost bit
653 * of the first byte of the source address, at an
654 * offset of 8, has the uppermost bit set. If the
655 * packet is source-routed, the total number of bytes
656 * of routing information is 2 plus bits 0x1F00 of
657 * the 16-bit value at an offset of 14 (shifted right
658 * 8 - figure out which byte that is).
659 */
660 off_linktype = 20;
661 off_nl = 22;
662 return;
663
664 case DLT_ATM_RFC1483:
665 /*
666 * assume routed, non-ISO PDUs
667 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00)
668 */
669 off_linktype = 6;
670 off_nl = 8;
671 return;
672
673 case DLT_RAW:
674 off_linktype = -1;
675 off_nl = 0;
676 return;
677
678 case DLT_ATM_CLIP: /* Linux ATM defines this */
679 off_linktype = 6;
680 off_nl = 8;
681 return;
682 }
683 bpf_error("unknown data link type 0x%x", linktype);
684 /* NOTREACHED */
685 }
686
687 static struct block *
688 gen_uncond(rsense)
689 int rsense;
690 {
691 struct block *b;
692 struct slist *s;
693
694 s = new_stmt(BPF_LD|BPF_IMM);
695 s->s.k = !rsense;
696 b = new_block(JMP(BPF_JEQ));
697 b->stmts = s;
698
699 return b;
700 }
701
702 static inline struct block *
703 gen_true()
704 {
705 return gen_uncond(1);
706 }
707
708 static inline struct block *
709 gen_false()
710 {
711 return gen_uncond(0);
712 }
713
714 static struct block *
715 gen_linktype(proto)
716 register int proto;
717 {
718 struct block *b0, *b1;
719
720 /* If we're not using encapsulation, we're done */
721 if (off_linktype == -1)
722 return gen_true();
723
724 switch (linktype) {
725
726 case DLT_EN10MB:
727 /*
728 * XXX - handle other LLC-encapsulated protocols here
729 * (IPX, OSI)?
730 */
731 switch (proto) {
732
733 case ETHERTYPE_ATALK:
734 case ETHERTYPE_AARP:
735 /*
736 * EtherTalk (AppleTalk protocols on Ethernet link
737 * layer) may use 802.2 encapsulation.
738 */
739
740 /*
741 * Check for 802.2 encapsulation (EtherTalk phase 2?);
742 * we check for an Ethernet type field less than
743 * 1500, which means it's an 802.3 length field.
744 */
745 b0 = gen_cmp_gt(off_linktype, BPF_H, 1500);
746 gen_not(b0);
747
748 /*
749 * 802.2-encapsulated ETHERTYPE_ATALK packets are
750 * SNAP packets with an organization code of
751 * 0x080007 (Apple, for Appletalk) and a protocol
752 * type of ETHERTYPE_ATALK (Appletalk).
753 *
754 * 802.2-encapsulated ETHERTYPE_AARP packets are
755 * SNAP packets with an organization code of
756 * 0x000000 (encapsulated Ethernet) and a protocol
757 * type of ETHERTYPE_AARP (Appletalk ARP).
758 */
759 if (proto == ETHERTYPE_ATALK)
760 b1 = gen_snap(0x080007, ETHERTYPE_ATALK, 14);
761 else /* proto == ETHERTYPE_AARP */
762 b1 = gen_snap(0x000000, ETHERTYPE_AARP, 14);
763 gen_and(b0, b1);
764
765 /*
766 * Check for Ethernet encapsulation (Ethertalk
767 * phase 1?); we just check for the Ethernet
768 * protocol type.
769 */
770 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
771
772 gen_or(b0, b1);
773 return b1;
774 }
775 break;
776
777 case DLT_SLIP:
778 return gen_false();
779
780 case DLT_PPP:
781 case DLT_PPP_SERIAL:
782 if (proto == ETHERTYPE_IP)
783 proto = PPP_IP; /* XXX was 0x21 */
784 #ifdef INET6
785 else if (proto == ETHERTYPE_IPV6)
786 proto = PPP_IPV6;
787 #endif
788 break;
789
790 case DLT_PPP_BSDOS:
791 switch (proto) {
792
793 case ETHERTYPE_IP:
794 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP);
795 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC);
796 gen_or(b0, b1);
797 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC);
798 gen_or(b1, b0);
799 return b0;
800
801 #ifdef INET6
802 case ETHERTYPE_IPV6:
803 proto = PPP_IPV6;
804 /* more to go? */
805 break;
806 #endif
807
808 case ETHERTYPE_DN:
809 proto = PPP_DECNET;
810 break;
811
812 case ETHERTYPE_ATALK:
813 proto = PPP_APPLE;
814 break;
815
816 case ETHERTYPE_NS:
817 proto = PPP_NS;
818 break;
819 }
820 break;
821
822 case DLT_NULL:
823 /* XXX */
824 if (proto == ETHERTYPE_IP)
825 return (gen_cmp(0, BPF_W, (bpf_int32)htonl(AF_INET)));
826 #ifdef INET6
827 else if (proto == ETHERTYPE_IPV6)
828 return (gen_cmp(0, BPF_W, (bpf_int32)htonl(AF_INET6)));
829 #endif
830 else
831 return gen_false();
832 }
833 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
834 }
835
836 /*
837 * Check for an LLC SNAP packet with a given organization code and
838 * protocol type; we check the entire contents of the 802.2 LLC and
839 * snap headers, checking for a DSAP of 0xAA, an SSAP of 0xAA, and
840 * a control field of 0x03 in the LLC header, and for the specified
841 * organization code and protocol type in the SNAP header.
842 */
843 static struct block *
844 gen_snap(orgcode, ptype, offset)
845 bpf_u_int32 orgcode;
846 bpf_u_int32 ptype;
847 u_int offset;
848 {
849 u_char snapblock[8];
850
851 snapblock[0] = 0xAA; /* DSAP = SNAP */
852 snapblock[1] = 0xAA; /* SSAP = SNAP */
853 snapblock[2] = 0x03; /* control = UI */
854 snapblock[3] = (orgcode >> 16); /* upper 8 bits of organization code */
855 snapblock[4] = (orgcode >> 8); /* middle 8 bits of organization code */
856 snapblock[5] = (orgcode >> 0); /* lower 8 bits of organization code */
857 snapblock[6] = (ptype >> 8); /* upper 8 bits of protocol type */
858 snapblock[7] = (ptype >> 0); /* lower 8 bits of protocol type */
859 return gen_bcmp(offset, 8, snapblock);
860 }
861
862 static struct block *
863 gen_hostop(addr, mask, dir, proto, src_off, dst_off)
864 bpf_u_int32 addr;
865 bpf_u_int32 mask;
866 int dir, proto;
867 u_int src_off, dst_off;
868 {
869 struct block *b0, *b1;
870 u_int offset;
871
872 switch (dir) {
873
874 case Q_SRC:
875 offset = src_off;
876 break;
877
878 case Q_DST:
879 offset = dst_off;
880 break;
881
882 case Q_AND:
883 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
884 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
885 gen_and(b0, b1);
886 return b1;
887
888 case Q_OR:
889 case Q_DEFAULT:
890 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
891 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
892 gen_or(b0, b1);
893 return b1;
894
895 default:
896 abort();
897 }
898 b0 = gen_linktype(proto);
899 b1 = gen_mcmp(offset, BPF_W, (bpf_int32)addr, mask);
900 gen_and(b0, b1);
901 return b1;
902 }
903
904 #ifdef INET6
905 static struct block *
906 gen_hostop6(addr, mask, dir, proto, src_off, dst_off)
907 struct in6_addr *addr;
908 struct in6_addr *mask;
909 int dir, proto;
910 u_int src_off, dst_off;
911 {
912 struct block *b0, *b1;
913 u_int offset;
914 u_int32_t *a, *m;
915
916 switch (dir) {
917
918 case Q_SRC:
919 offset = src_off;
920 break;
921
922 case Q_DST:
923 offset = dst_off;
924 break;
925
926 case Q_AND:
927 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
928 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
929 gen_and(b0, b1);
930 return b1;
931
932 case Q_OR:
933 case Q_DEFAULT:
934 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
935 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
936 gen_or(b0, b1);
937 return b1;
938
939 default:
940 abort();
941 }
942 /* this order is important */
943 a = (u_int32_t *)addr;
944 m = (u_int32_t *)mask;
945 b1 = gen_mcmp(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3]));
946 b0 = gen_mcmp(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2]));
947 gen_and(b0, b1);
948 b0 = gen_mcmp(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1]));
949 gen_and(b0, b1);
950 b0 = gen_mcmp(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0]));
951 gen_and(b0, b1);
952 b0 = gen_linktype(proto);
953 gen_and(b0, b1);
954 return b1;
955 }
956 #endif /*INET6*/
957
958 static struct block *
959 gen_ehostop(eaddr, dir)
960 register const u_char *eaddr;
961 register int dir;
962 {
963 register struct block *b0, *b1;
964
965 switch (dir) {
966 case Q_SRC:
967 return gen_bcmp(6, 6, eaddr);
968
969 case Q_DST:
970 return gen_bcmp(0, 6, eaddr);
971
972 case Q_AND:
973 b0 = gen_ehostop(eaddr, Q_SRC);
974 b1 = gen_ehostop(eaddr, Q_DST);
975 gen_and(b0, b1);
976 return b1;
977
978 case Q_DEFAULT:
979 case Q_OR:
980 b0 = gen_ehostop(eaddr, Q_SRC);
981 b1 = gen_ehostop(eaddr, Q_DST);
982 gen_or(b0, b1);
983 return b1;
984 }
985 abort();
986 /* NOTREACHED */
987 }
988
989 /*
990 * Like gen_ehostop, but for DLT_FDDI
991 */
992 static struct block *
993 gen_fhostop(eaddr, dir)
994 register const u_char *eaddr;
995 register int dir;
996 {
997 struct block *b0, *b1;
998
999 switch (dir) {
1000 case Q_SRC:
1001 #ifdef PCAP_FDDIPAD
1002 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr);
1003 #else
1004 return gen_bcmp(6 + 1, 6, eaddr);
1005 #endif
1006
1007 case Q_DST:
1008 #ifdef PCAP_FDDIPAD
1009 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr);
1010 #else
1011 return gen_bcmp(0 + 1, 6, eaddr);
1012 #endif
1013
1014 case Q_AND:
1015 b0 = gen_fhostop(eaddr, Q_SRC);
1016 b1 = gen_fhostop(eaddr, Q_DST);
1017 gen_and(b0, b1);
1018 return b1;
1019
1020 case Q_DEFAULT:
1021 case Q_OR:
1022 b0 = gen_fhostop(eaddr, Q_SRC);
1023 b1 = gen_fhostop(eaddr, Q_DST);
1024 gen_or(b0, b1);
1025 return b1;
1026 }
1027 abort();
1028 /* NOTREACHED */
1029 }
1030
1031 /*
1032 * Like gen_ehostop, but for DLT_IEEE802 (Token Ring)
1033 */
1034 static struct block *
1035 gen_thostop(eaddr, dir)
1036 register const u_char *eaddr;
1037 register int dir;
1038 {
1039 register struct block *b0, *b1;
1040
1041 switch (dir) {
1042 case Q_SRC:
1043 return gen_bcmp(8, 6, eaddr);
1044
1045 case Q_DST:
1046 return gen_bcmp(2, 6, eaddr);
1047
1048 case Q_AND:
1049 b0 = gen_thostop(eaddr, Q_SRC);
1050 b1 = gen_thostop(eaddr, Q_DST);
1051 gen_and(b0, b1);
1052 return b1;
1053
1054 case Q_DEFAULT:
1055 case Q_OR:
1056 b0 = gen_thostop(eaddr, Q_SRC);
1057 b1 = gen_thostop(eaddr, Q_DST);
1058 gen_or(b0, b1);
1059 return b1;
1060 }
1061 abort();
1062 /* NOTREACHED */
1063 }
1064
1065 /*
1066 * This is quite tricky because there may be pad bytes in front of the
1067 * DECNET header, and then there are two possible data packet formats that
1068 * carry both src and dst addresses, plus 5 packet types in a format that
1069 * carries only the src node, plus 2 types that use a different format and
1070 * also carry just the src node.
1071 *
1072 * Yuck.
1073 *
1074 * Instead of doing those all right, we just look for data packets with
1075 * 0 or 1 bytes of padding. If you want to look at other packets, that
1076 * will require a lot more hacking.
1077 *
1078 * To add support for filtering on DECNET "areas" (network numbers)
1079 * one would want to add a "mask" argument to this routine. That would
1080 * make the filter even more inefficient, although one could be clever
1081 * and not generate masking instructions if the mask is 0xFFFF.
1082 */
1083 static struct block *
1084 gen_dnhostop(addr, dir, base_off)
1085 bpf_u_int32 addr;
1086 int dir;
1087 u_int base_off;
1088 {
1089 struct block *b0, *b1, *b2, *tmp;
1090 u_int offset_lh; /* offset if long header is received */
1091 u_int offset_sh; /* offset if short header is received */
1092
1093 switch (dir) {
1094
1095 case Q_DST:
1096 offset_sh = 1; /* follows flags */
1097 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */
1098 break;
1099
1100 case Q_SRC:
1101 offset_sh = 3; /* follows flags, dstnode */
1102 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */
1103 break;
1104
1105 case Q_AND:
1106 /* Inefficient because we do our Calvinball dance twice */
1107 b0 = gen_dnhostop(addr, Q_SRC, base_off);
1108 b1 = gen_dnhostop(addr, Q_DST, base_off);
1109 gen_and(b0, b1);
1110 return b1;
1111
1112 case Q_OR:
1113 case Q_DEFAULT:
1114 /* Inefficient because we do our Calvinball dance twice */
1115 b0 = gen_dnhostop(addr, Q_SRC, base_off);
1116 b1 = gen_dnhostop(addr, Q_DST, base_off);
1117 gen_or(b0, b1);
1118 return b1;
1119
1120 default:
1121 abort();
1122 }
1123 b0 = gen_linktype(ETHERTYPE_DN);
1124 /* Check for pad = 1, long header case */
1125 tmp = gen_mcmp(base_off + 2, BPF_H,
1126 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF));
1127 b1 = gen_cmp(base_off + 2 + 1 + offset_lh,
1128 BPF_H, (bpf_int32)ntohs(addr));
1129 gen_and(tmp, b1);
1130 /* Check for pad = 0, long header case */
1131 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7);
1132 b2 = gen_cmp(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr));
1133 gen_and(tmp, b2);
1134 gen_or(b2, b1);
1135 /* Check for pad = 1, short header case */
1136 tmp = gen_mcmp(base_off + 2, BPF_H,
1137 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF));
1138 b2 = gen_cmp(base_off + 2 + 1 + offset_sh,
1139 BPF_H, (bpf_int32)ntohs(addr));
1140 gen_and(tmp, b2);
1141 gen_or(b2, b1);
1142 /* Check for pad = 0, short header case */
1143 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7);
1144 b2 = gen_cmp(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr));
1145 gen_and(tmp, b2);
1146 gen_or(b2, b1);
1147
1148 /* Combine with test for linktype */
1149 gen_and(b0, b1);
1150 return b1;
1151 }
1152
1153 static struct block *
1154 gen_host(addr, mask, proto, dir)
1155 bpf_u_int32 addr;
1156 bpf_u_int32 mask;
1157 int proto;
1158 int dir;
1159 {
1160 struct block *b0, *b1;
1161
1162 switch (proto) {
1163
1164 case Q_DEFAULT:
1165 b0 = gen_host(addr, mask, Q_IP, dir);
1166 if (off_linktype != -1) {
1167 b1 = gen_host(addr, mask, Q_ARP, dir);
1168 gen_or(b0, b1);
1169 b0 = gen_host(addr, mask, Q_RARP, dir);
1170 gen_or(b1, b0);
1171 }
1172 return b0;
1173
1174 case Q_IP:
1175 return gen_hostop(addr, mask, dir, ETHERTYPE_IP,
1176 off_nl + 12, off_nl + 16);
1177
1178 case Q_RARP:
1179 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP,
1180 off_nl + 14, off_nl + 24);
1181
1182 case Q_ARP:
1183 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP,
1184 off_nl + 14, off_nl + 24);
1185
1186 case Q_TCP:
1187 bpf_error("'tcp' modifier applied to host");
1188
1189 case Q_UDP:
1190 bpf_error("'udp' modifier applied to host");
1191
1192 case Q_ICMP:
1193 bpf_error("'icmp' modifier applied to host");
1194
1195 case Q_IGMP:
1196 bpf_error("'igmp' modifier applied to host");
1197
1198 case Q_IGRP:
1199 bpf_error("'igrp' modifier applied to host");
1200
1201 case Q_PIM:
1202 bpf_error("'pim' modifier applied to host");
1203
1204 case Q_ATALK:
1205 bpf_error("ATALK host filtering not implemented");
1206
1207 case Q_AARP:
1208 bpf_error("AARP host filtering not implemented");
1209
1210 case Q_DECNET:
1211 return gen_dnhostop(addr, dir, off_nl);
1212
1213 case Q_SCA:
1214 bpf_error("SCA host filtering not implemented");
1215
1216 case Q_LAT:
1217 bpf_error("LAT host filtering not implemented");
1218
1219 case Q_MOPDL:
1220 bpf_error("MOPDL host filtering not implemented");
1221
1222 case Q_MOPRC:
1223 bpf_error("MOPRC host filtering not implemented");
1224
1225 #ifdef INET6
1226 case Q_IPV6:
1227 bpf_error("'ip6' modifier applied to ip host");
1228
1229 case Q_ICMPV6:
1230 bpf_error("'icmp6' modifier applied to host");
1231 #endif /* INET6 */
1232
1233 case Q_AH:
1234 bpf_error("'ah' modifier applied to host");
1235
1236 case Q_ESP:
1237 bpf_error("'esp' modifier applied to host");
1238
1239 default:
1240 abort();
1241 }
1242 /* NOTREACHED */
1243 }
1244
1245 #ifdef INET6
1246 static struct block *
1247 gen_host6(addr, mask, proto, dir)
1248 struct in6_addr *addr;
1249 struct in6_addr *mask;
1250 int proto;
1251 int dir;
1252 {
1253 switch (proto) {
1254
1255 case Q_DEFAULT:
1256 return gen_host6(addr, mask, Q_IPV6, dir);
1257
1258 case Q_IP:
1259 bpf_error("'ip' modifier applied to ip6 host");
1260
1261 case Q_RARP:
1262 bpf_error("'rarp' modifier applied to ip6 host");
1263
1264 case Q_ARP:
1265 bpf_error("'arp' modifier applied to ip6 host");
1266
1267 case Q_TCP:
1268 bpf_error("'tcp' modifier applied to host");
1269
1270 case Q_UDP:
1271 bpf_error("'udp' modifier applied to host");
1272
1273 case Q_ICMP:
1274 bpf_error("'icmp' modifier applied to host");
1275
1276 case Q_IGMP:
1277 bpf_error("'igmp' modifier applied to host");
1278
1279 case Q_IGRP:
1280 bpf_error("'igrp' modifier applied to host");
1281
1282 case Q_PIM:
1283 bpf_error("'pim' modifier applied to host");
1284
1285 case Q_ATALK:
1286 bpf_error("ATALK host filtering not implemented");
1287
1288 case Q_AARP:
1289 bpf_error("AARP host filtering not implemented");
1290
1291 case Q_DECNET:
1292 bpf_error("'decnet' modifier applied to ip6 host");
1293
1294 case Q_SCA:
1295 bpf_error("SCA host filtering not implemented");
1296
1297 case Q_LAT:
1298 bpf_error("LAT host filtering not implemented");
1299
1300 case Q_MOPDL:
1301 bpf_error("MOPDL host filtering not implemented");
1302
1303 case Q_MOPRC:
1304 bpf_error("MOPRC host filtering not implemented");
1305
1306 case Q_IPV6:
1307 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6,
1308 off_nl + 8, off_nl + 24);
1309
1310 case Q_ICMPV6:
1311 bpf_error("'icmp6' modifier applied to host");
1312
1313 case Q_AH:
1314 bpf_error("'ah' modifier applied to host");
1315
1316 case Q_ESP:
1317 bpf_error("'esp' modifier applied to host");
1318
1319 default:
1320 abort();
1321 }
1322 /* NOTREACHED */
1323 }
1324 #endif /*INET6*/
1325
1326 #ifndef INET6
1327 static struct block *
1328 gen_gateway(eaddr, alist, proto, dir)
1329 const u_char *eaddr;
1330 bpf_u_int32 **alist;
1331 int proto;
1332 int dir;
1333 {
1334 struct block *b0, *b1, *tmp;
1335
1336 if (dir != 0)
1337 bpf_error("direction applied to 'gateway'");
1338
1339 switch (proto) {
1340 case Q_DEFAULT:
1341 case Q_IP:
1342 case Q_ARP:
1343 case Q_RARP:
1344 if (linktype == DLT_EN10MB)
1345 b0 = gen_ehostop(eaddr, Q_OR);
1346 else if (linktype == DLT_FDDI)
1347 b0 = gen_fhostop(eaddr, Q_OR);
1348 else if (linktype == DLT_IEEE802)
1349 b0 = gen_thostop(eaddr, Q_OR);
1350 else
1351 bpf_error(
1352 "'gateway' supported only on ethernet, FDDI or token ring");
1353
1354 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR);
1355 while (*alist) {
1356 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR);
1357 gen_or(b1, tmp);
1358 b1 = tmp;
1359 }
1360 gen_not(b1);
1361 gen_and(b0, b1);
1362 return b1;
1363 }
1364 bpf_error("illegal modifier of 'gateway'");
1365 /* NOTREACHED */
1366 }
1367 #endif
1368
1369 struct block *
1370 gen_proto_abbrev(proto)
1371 int proto;
1372 {
1373 #ifdef INET6
1374 struct block *b0;
1375 #endif
1376 struct block *b1;
1377
1378 switch (proto) {
1379
1380 case Q_TCP:
1381 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT);
1382 #ifdef INET6
1383 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT);
1384 gen_or(b0, b1);
1385 #endif
1386 break;
1387
1388 case Q_UDP:
1389 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT);
1390 #ifdef INET6
1391 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT);
1392 gen_or(b0, b1);
1393 #endif
1394 break;
1395
1396 case Q_ICMP:
1397 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT);
1398 break;
1399
1400 #ifndef IPPROTO_IGMP
1401 #define IPPROTO_IGMP 2
1402 #endif
1403
1404 case Q_IGMP:
1405 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT);
1406 break;
1407
1408 #ifndef IPPROTO_IGRP
1409 #define IPPROTO_IGRP 9
1410 #endif
1411 case Q_IGRP:
1412 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT);
1413 break;
1414
1415 #ifndef IPPROTO_PIM
1416 #define IPPROTO_PIM 103
1417 #endif
1418
1419 case Q_PIM:
1420 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT);
1421 #ifdef INET6
1422 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT);
1423 gen_or(b0, b1);
1424 #endif
1425 break;
1426
1427 case Q_IP:
1428 b1 = gen_linktype(ETHERTYPE_IP);
1429 break;
1430
1431 case Q_ARP:
1432 b1 = gen_linktype(ETHERTYPE_ARP);
1433 break;
1434
1435 case Q_RARP:
1436 b1 = gen_linktype(ETHERTYPE_REVARP);
1437 break;
1438
1439 case Q_LINK:
1440 bpf_error("link layer applied in wrong context");
1441
1442 case Q_ATALK:
1443 b1 = gen_linktype(ETHERTYPE_ATALK);
1444 break;
1445
1446 case Q_AARP:
1447 b1 = gen_linktype(ETHERTYPE_AARP);
1448 break;
1449
1450 case Q_DECNET:
1451 b1 = gen_linktype(ETHERTYPE_DN);
1452 break;
1453
1454 case Q_SCA:
1455 b1 = gen_linktype(ETHERTYPE_SCA);
1456 break;
1457
1458 case Q_LAT:
1459 b1 = gen_linktype(ETHERTYPE_LAT);
1460 break;
1461
1462 case Q_MOPDL:
1463 b1 = gen_linktype(ETHERTYPE_MOPDL);
1464 break;
1465
1466 case Q_MOPRC:
1467 b1 = gen_linktype(ETHERTYPE_MOPRC);
1468 break;
1469
1470 #ifdef INET6
1471 case Q_IPV6:
1472 b1 = gen_linktype(ETHERTYPE_IPV6);
1473 break;
1474
1475 #ifndef IPPROTO_ICMPV6
1476 #define IPPROTO_ICMPV6 58
1477 #endif
1478 case Q_ICMPV6:
1479 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT);
1480 break;
1481 #endif /* INET6 */
1482
1483 #ifndef IPPROTO_AH
1484 #define IPPROTO_AH 51
1485 #endif
1486 case Q_AH:
1487 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT);
1488 #ifdef INET6
1489 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT);
1490 gen_or(b0, b1);
1491 #endif
1492 break;
1493
1494 #ifndef IPPROTO_ESP
1495 #define IPPROTO_ESP 50
1496 #endif
1497 case Q_ESP:
1498 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT);
1499 #ifdef INET6
1500 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT);
1501 gen_or(b0, b1);
1502 #endif
1503 break;
1504
1505 default:
1506 abort();
1507 }
1508 return b1;
1509 }
1510
1511 static struct block *
1512 gen_ipfrag()
1513 {
1514 struct slist *s;
1515 struct block *b;
1516
1517 /* not ip frag */
1518 s = new_stmt(BPF_LD|BPF_H|BPF_ABS);
1519 s->s.k = off_nl + 6;
1520 b = new_block(JMP(BPF_JSET));
1521 b->s.k = 0x1fff;
1522 b->stmts = s;
1523 gen_not(b);
1524
1525 return b;
1526 }
1527
1528 static struct block *
1529 gen_portatom(off, v)
1530 int off;
1531 bpf_int32 v;
1532 {
1533 struct slist *s;
1534 struct block *b;
1535
1536 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
1537 s->s.k = off_nl;
1538
1539 s->next = new_stmt(BPF_LD|BPF_IND|BPF_H);
1540 s->next->s.k = off_nl + off;
1541
1542 b = new_block(JMP(BPF_JEQ));
1543 b->stmts = s;
1544 b->s.k = v;
1545
1546 return b;
1547 }
1548
1549 #ifdef INET6
1550 static struct block *
1551 gen_portatom6(off, v)
1552 int off;
1553 bpf_int32 v;
1554 {
1555 return gen_cmp(off_nl + 40 + off, BPF_H, v);
1556 }
1557 #endif/*INET6*/
1558
1559 struct block *
1560 gen_portop(port, proto, dir)
1561 int port, proto, dir;
1562 {
1563 struct block *b0, *b1, *tmp;
1564
1565 /* ip proto 'proto' */
1566 tmp = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)proto);
1567 b0 = gen_ipfrag();
1568 gen_and(tmp, b0);
1569
1570 switch (dir) {
1571 case Q_SRC:
1572 b1 = gen_portatom(0, (bpf_int32)port);
1573 break;
1574
1575 case Q_DST:
1576 b1 = gen_portatom(2, (bpf_int32)port);
1577 break;
1578
1579 case Q_OR:
1580 case Q_DEFAULT:
1581 tmp = gen_portatom(0, (bpf_int32)port);
1582 b1 = gen_portatom(2, (bpf_int32)port);
1583 gen_or(tmp, b1);
1584 break;
1585
1586 case Q_AND:
1587 tmp = gen_portatom(0, (bpf_int32)port);
1588 b1 = gen_portatom(2, (bpf_int32)port);
1589 gen_and(tmp, b1);
1590 break;
1591
1592 default:
1593 abort();
1594 }
1595 gen_and(b0, b1);
1596
1597 return b1;
1598 }
1599
1600 static struct block *
1601 gen_port(port, ip_proto, dir)
1602 int port;
1603 int ip_proto;
1604 int dir;
1605 {
1606 struct block *b0, *b1, *tmp;
1607
1608 /* ether proto ip */
1609 b0 = gen_linktype(ETHERTYPE_IP);
1610
1611 switch (ip_proto) {
1612 case IPPROTO_UDP:
1613 case IPPROTO_TCP:
1614 b1 = gen_portop(port, ip_proto, dir);
1615 break;
1616
1617 case PROTO_UNDEF:
1618 tmp = gen_portop(port, IPPROTO_TCP, dir);
1619 b1 = gen_portop(port, IPPROTO_UDP, dir);
1620 gen_or(tmp, b1);
1621 break;
1622
1623 default:
1624 abort();
1625 }
1626 gen_and(b0, b1);
1627 return b1;
1628 }
1629
1630 #ifdef INET6
1631 struct block *
1632 gen_portop6(port, proto, dir)
1633 int port, proto, dir;
1634 {
1635 struct block *b0, *b1, *tmp;
1636
1637 /* ip proto 'proto' */
1638 b0 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)proto);
1639
1640 switch (dir) {
1641 case Q_SRC:
1642 b1 = gen_portatom6(0, (bpf_int32)port);
1643 break;
1644
1645 case Q_DST:
1646 b1 = gen_portatom6(2, (bpf_int32)port);
1647 break;
1648
1649 case Q_OR:
1650 case Q_DEFAULT:
1651 tmp = gen_portatom6(0, (bpf_int32)port);
1652 b1 = gen_portatom6(2, (bpf_int32)port);
1653 gen_or(tmp, b1);
1654 break;
1655
1656 case Q_AND:
1657 tmp = gen_portatom6(0, (bpf_int32)port);
1658 b1 = gen_portatom6(2, (bpf_int32)port);
1659 gen_and(tmp, b1);
1660 break;
1661
1662 default:
1663 abort();
1664 }
1665 gen_and(b0, b1);
1666
1667 return b1;
1668 }
1669
1670 static struct block *
1671 gen_port6(port, ip_proto, dir)
1672 int port;
1673 int ip_proto;
1674 int dir;
1675 {
1676 struct block *b0, *b1, *tmp;
1677
1678 /* ether proto ip */
1679 b0 = gen_linktype(ETHERTYPE_IPV6);
1680
1681 switch (ip_proto) {
1682 case IPPROTO_UDP:
1683 case IPPROTO_TCP:
1684 b1 = gen_portop6(port, ip_proto, dir);
1685 break;
1686
1687 case PROTO_UNDEF:
1688 tmp = gen_portop6(port, IPPROTO_TCP, dir);
1689 b1 = gen_portop6(port, IPPROTO_UDP, dir);
1690 gen_or(tmp, b1);
1691 break;
1692
1693 default:
1694 abort();
1695 }
1696 gen_and(b0, b1);
1697 return b1;
1698 }
1699 #endif /* INET6 */
1700
1701 static int
1702 lookup_proto(name, proto)
1703 register const char *name;
1704 register int proto;
1705 {
1706 register int v;
1707
1708 switch (proto) {
1709
1710 case Q_DEFAULT:
1711 case Q_IP:
1712 v = pcap_nametoproto(name);
1713 if (v == PROTO_UNDEF)
1714 bpf_error("unknown ip proto '%s'", name);
1715 break;
1716
1717 case Q_LINK:
1718 /* XXX should look up h/w protocol type based on linktype */
1719 v = pcap_nametoeproto(name);
1720 if (v == PROTO_UNDEF)
1721 bpf_error("unknown ether proto '%s'", name);
1722 break;
1723
1724 default:
1725 v = PROTO_UNDEF;
1726 break;
1727 }
1728 return v;
1729 }
1730
1731 #if 0
1732 struct stmt *
1733 gen_joinsp(s, n)
1734 struct stmt **s;
1735 int n;
1736 {
1737 return NULL;
1738 }
1739 #endif
1740
1741 static struct block *
1742 gen_protochain(v, proto, dir)
1743 int v;
1744 int proto;
1745 int dir;
1746 {
1747 #ifdef NO_PROTOCHAIN
1748 return gen_proto(v, proto, dir);
1749 #else
1750 struct block *b0, *b;
1751 struct slist *s[100];
1752 int fix2, fix3, fix4, fix5;
1753 int ahcheck, again, end;
1754 int i, max;
1755 int reg1 = alloc_reg();
1756 int reg2 = alloc_reg();
1757
1758 memset(s, 0, sizeof(s));
1759 fix2 = fix3 = fix4 = fix5 = 0;
1760
1761 switch (proto) {
1762 case Q_IP:
1763 case Q_IPV6:
1764 break;
1765 case Q_DEFAULT:
1766 b0 = gen_protochain(v, Q_IP, dir);
1767 b = gen_protochain(v, Q_IPV6, dir);
1768 gen_or(b0, b);
1769 return b;
1770 default:
1771 bpf_error("bad protocol applied for 'protochain'");
1772 /*NOTREACHED*/
1773 }
1774
1775 no_optimize = 1; /*this code is not compatible with optimzer yet */
1776
1777 /*
1778 * s[0] is a dummy entry to protect other BPF insn from damaged
1779 * by s[fix] = foo with uninitialized variable "fix". It is somewhat
1780 * hard to find interdependency made by jump table fixup.
1781 */
1782 i = 0;
1783 s[i] = new_stmt(0); /*dummy*/
1784 i++;
1785
1786 switch (proto) {
1787 case Q_IP:
1788 b0 = gen_linktype(ETHERTYPE_IP);
1789
1790 /* A = ip->ip_p */
1791 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
1792 s[i]->s.k = off_nl + 9;
1793 i++;
1794 /* X = ip->ip_hl << 2 */
1795 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
1796 s[i]->s.k = off_nl;
1797 i++;
1798 break;
1799 #ifdef INET6
1800 case Q_IPV6:
1801 b0 = gen_linktype(ETHERTYPE_IPV6);
1802
1803 /* A = ip6->ip_nxt */
1804 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
1805 s[i]->s.k = off_nl + 6;
1806 i++;
1807 /* X = sizeof(struct ip6_hdr) */
1808 s[i] = new_stmt(BPF_LDX|BPF_IMM);
1809 s[i]->s.k = 40;
1810 i++;
1811 break;
1812 #endif
1813 default:
1814 bpf_error("unsupported proto to gen_protochain");
1815 /*NOTREACHED*/
1816 }
1817
1818 /* again: if (A == v) goto end; else fall through; */
1819 again = i;
1820 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
1821 s[i]->s.k = v;
1822 s[i]->s.jt = NULL; /*later*/
1823 s[i]->s.jf = NULL; /*update in next stmt*/
1824 fix5 = i;
1825 i++;
1826
1827 #ifndef IPPROTO_NONE
1828 #define IPPROTO_NONE 59
1829 #endif
1830 /* if (A == IPPROTO_NONE) goto end */
1831 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
1832 s[i]->s.jt = NULL; /*later*/
1833 s[i]->s.jf = NULL; /*update in next stmt*/
1834 s[i]->s.k = IPPROTO_NONE;
1835 s[fix5]->s.jf = s[i];
1836 fix2 = i;
1837 i++;
1838
1839 #ifdef INET6
1840 if (proto == Q_IPV6) {
1841 int v6start, v6end, v6advance, j;
1842
1843 v6start = i;
1844 /* if (A == IPPROTO_HOPOPTS) goto v6advance */
1845 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
1846 s[i]->s.jt = NULL; /*later*/
1847 s[i]->s.jf = NULL; /*update in next stmt*/
1848 s[i]->s.k = IPPROTO_HOPOPTS;
1849 s[fix2]->s.jf = s[i];
1850 i++;
1851 /* if (A == IPPROTO_DSTOPTS) goto v6advance */
1852 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
1853 s[i]->s.jt = NULL; /*later*/
1854 s[i]->s.jf = NULL; /*update in next stmt*/
1855 s[i]->s.k = IPPROTO_DSTOPTS;
1856 i++;
1857 /* if (A == IPPROTO_ROUTING) goto v6advance */
1858 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
1859 s[i]->s.jt = NULL; /*later*/
1860 s[i]->s.jf = NULL; /*update in next stmt*/
1861 s[i]->s.k = IPPROTO_ROUTING;
1862 i++;
1863 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */
1864 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
1865 s[i]->s.jt = NULL; /*later*/
1866 s[i]->s.jf = NULL; /*later*/
1867 s[i]->s.k = IPPROTO_FRAGMENT;
1868 fix3 = i;
1869 v6end = i;
1870 i++;
1871
1872 /* v6advance: */
1873 v6advance = i;
1874
1875 /*
1876 * in short,
1877 * A = P[X + 1];
1878 * X = X + (P[X] + 1) * 8;
1879 */
1880 /* A = X */
1881 s[i] = new_stmt(BPF_MISC|BPF_TXA);
1882 i++;
1883 /* MEM[reg1] = A */
1884 s[i] = new_stmt(BPF_ST);
1885 s[i]->s.k = reg1;
1886 i++;
1887 /* A += 1 */
1888 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
1889 s[i]->s.k = 1;
1890 i++;
1891 /* X = A */
1892 s[i] = new_stmt(BPF_MISC|BPF_TAX);
1893 i++;
1894 /* A = P[X + packet head]; */
1895 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
1896 s[i]->s.k = off_nl;
1897 i++;
1898 /* MEM[reg2] = A */
1899 s[i] = new_stmt(BPF_ST);
1900 s[i]->s.k = reg2;
1901 i++;
1902 /* X = MEM[reg1] */
1903 s[i] = new_stmt(BPF_LDX|BPF_MEM);
1904 s[i]->s.k = reg1;
1905 i++;
1906 /* A = P[X + packet head] */
1907 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
1908 s[i]->s.k = off_nl;
1909 i++;
1910 /* A += 1 */
1911 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
1912 s[i]->s.k = 1;
1913 i++;
1914 /* A *= 8 */
1915 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
1916 s[i]->s.k = 8;
1917 i++;
1918 /* X = A; */
1919 s[i] = new_stmt(BPF_MISC|BPF_TAX);
1920 i++;
1921 /* A = MEM[reg2] */
1922 s[i] = new_stmt(BPF_LD|BPF_MEM);
1923 s[i]->s.k = reg2;
1924 i++;
1925
1926 /* goto again; (must use BPF_JA for backward jump) */
1927 s[i] = new_stmt(BPF_JMP|BPF_JA);
1928 s[i]->s.k = again - i - 1;
1929 s[i - 1]->s.jf = s[i];
1930 i++;
1931
1932 /* fixup */
1933 for (j = v6start; j <= v6end; j++)
1934 s[j]->s.jt = s[v6advance];
1935 } else
1936 #endif
1937 {
1938 /* nop */
1939 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
1940 s[i]->s.k = 0;
1941 s[fix2]->s.jf = s[i];
1942 i++;
1943 }
1944
1945 /* ahcheck: */
1946 ahcheck = i;
1947 /* if (A == IPPROTO_AH) then fall through; else goto end; */
1948 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
1949 s[i]->s.jt = NULL; /*later*/
1950 s[i]->s.jf = NULL; /*later*/
1951 s[i]->s.k = IPPROTO_AH;
1952 if (fix3)
1953 s[fix3]->s.jf = s[ahcheck];
1954 fix4 = i;
1955 i++;
1956
1957 /*
1958 * in short,
1959 * A = P[X + 1];
1960 * X = X + (P[X] + 2) * 4;
1961 */
1962 /* A = X */
1963 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
1964 i++;
1965 /* MEM[reg1] = A */
1966 s[i] = new_stmt(BPF_ST);
1967 s[i]->s.k = reg1;
1968 i++;
1969 /* A += 1 */
1970 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
1971 s[i]->s.k = 1;
1972 i++;
1973 /* X = A */
1974 s[i] = new_stmt(BPF_MISC|BPF_TAX);
1975 i++;
1976 /* A = P[X + packet head]; */
1977 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
1978 s[i]->s.k = off_nl;
1979 i++;
1980 /* MEM[reg2] = A */
1981 s[i] = new_stmt(BPF_ST);
1982 s[i]->s.k = reg2;
1983 i++;
1984 /* X = MEM[reg1] */
1985 s[i] = new_stmt(BPF_LDX|BPF_MEM);
1986 s[i]->s.k = reg1;
1987 i++;
1988 /* A = P[X + packet head] */
1989 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
1990 s[i]->s.k = off_nl;
1991 i++;
1992 /* A += 2 */
1993 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
1994 s[i]->s.k = 2;
1995 i++;
1996 /* A *= 4 */
1997 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
1998 s[i]->s.k = 4;
1999 i++;
2000 /* X = A; */
2001 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2002 i++;
2003 /* A = MEM[reg2] */
2004 s[i] = new_stmt(BPF_LD|BPF_MEM);
2005 s[i]->s.k = reg2;
2006 i++;
2007
2008 /* goto again; (must use BPF_JA for backward jump) */
2009 s[i] = new_stmt(BPF_JMP|BPF_JA);
2010 s[i]->s.k = again - i - 1;
2011 i++;
2012
2013 /* end: nop */
2014 end = i;
2015 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2016 s[i]->s.k = 0;
2017 s[fix2]->s.jt = s[end];
2018 s[fix4]->s.jf = s[end];
2019 s[fix5]->s.jt = s[end];
2020 i++;
2021
2022 /*
2023 * make slist chain
2024 */
2025 max = i;
2026 for (i = 0; i < max - 1; i++)
2027 s[i]->next = s[i + 1];
2028 s[max - 1]->next = NULL;
2029
2030 /*
2031 * emit final check
2032 */
2033 b = new_block(JMP(BPF_JEQ));
2034 b->stmts = s[1]; /*remember, s[0] is dummy*/
2035 b->s.k = v;
2036
2037 free_reg(reg1);
2038 free_reg(reg2);
2039
2040 gen_and(b0, b);
2041 return b;
2042 #endif
2043 }
2044
2045 static struct block *
2046 gen_proto(v, proto, dir)
2047 int v;
2048 int proto;
2049 int dir;
2050 {
2051 struct block *b0, *b1;
2052
2053 if (dir != Q_DEFAULT)
2054 bpf_error("direction applied to 'proto'");
2055
2056 switch (proto) {
2057 case Q_DEFAULT:
2058 #ifdef INET6
2059 b0 = gen_proto(v, Q_IP, dir);
2060 b1 = gen_proto(v, Q_IPV6, dir);
2061 gen_or(b0, b1);
2062 return b1;
2063 #else
2064 /*FALLTHROUGH*/
2065 #endif
2066 case Q_IP:
2067 b0 = gen_linktype(ETHERTYPE_IP);
2068 #ifndef CHASE_CHAIN
2069 b1 = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)v);
2070 #else
2071 b1 = gen_protochain(v, Q_IP);
2072 #endif
2073 gen_and(b0, b1);
2074 return b1;
2075
2076 case Q_ARP:
2077 bpf_error("arp does not encapsulate another protocol");
2078 /* NOTREACHED */
2079
2080 case Q_RARP:
2081 bpf_error("rarp does not encapsulate another protocol");
2082 /* NOTREACHED */
2083
2084 case Q_ATALK:
2085 bpf_error("atalk encapsulation is not specifiable");
2086 /* NOTREACHED */
2087
2088 case Q_DECNET:
2089 bpf_error("decnet encapsulation is not specifiable");
2090 /* NOTREACHED */
2091
2092 case Q_SCA:
2093 bpf_error("sca does not encapsulate another protocol");
2094 /* NOTREACHED */
2095
2096 case Q_LAT:
2097 bpf_error("lat does not encapsulate another protocol");
2098 /* NOTREACHED */
2099
2100 case Q_MOPRC:
2101 bpf_error("moprc does not encapsulate another protocol");
2102 /* NOTREACHED */
2103
2104 case Q_MOPDL:
2105 bpf_error("mopdl does not encapsulate another protocol");
2106 /* NOTREACHED */
2107
2108 case Q_LINK:
2109 return gen_linktype(v);
2110
2111 case Q_UDP:
2112 bpf_error("'udp proto' is bogus");
2113 /* NOTREACHED */
2114
2115 case Q_TCP:
2116 bpf_error("'tcp proto' is bogus");
2117 /* NOTREACHED */
2118
2119 case Q_ICMP:
2120 bpf_error("'icmp proto' is bogus");
2121 /* NOTREACHED */
2122
2123 case Q_IGMP:
2124 bpf_error("'igmp proto' is bogus");
2125 /* NOTREACHED */
2126
2127 case Q_IGRP:
2128 bpf_error("'igrp proto' is bogus");
2129 /* NOTREACHED */
2130
2131 case Q_PIM:
2132 bpf_error("'pim proto' is bogus");
2133 /* NOTREACHED */
2134
2135 #ifdef INET6
2136 case Q_IPV6:
2137 b0 = gen_linktype(ETHERTYPE_IPV6);
2138 #ifndef CHASE_CHAIN
2139 b1 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)v);
2140 #else
2141 b1 = gen_protochain(v, Q_IPV6);
2142 #endif
2143 gen_and(b0, b1);
2144 return b1;
2145
2146 case Q_ICMPV6:
2147 bpf_error("'icmp6 proto' is bogus");
2148 #endif /* INET6 */
2149
2150 case Q_AH:
2151 bpf_error("'ah proto' is bogus");
2152
2153 case Q_ESP:
2154 bpf_error("'ah proto' is bogus");
2155
2156 default:
2157 abort();
2158 /* NOTREACHED */
2159 }
2160 /* NOTREACHED */
2161 }
2162
2163 struct block *
2164 gen_scode(name, q)
2165 register const char *name;
2166 struct qual q;
2167 {
2168 int proto = q.proto;
2169 int dir = q.dir;
2170 int tproto;
2171 u_char *eaddr;
2172 bpf_u_int32 mask, addr;
2173 #ifndef INET6
2174 bpf_u_int32 **alist;
2175 #else
2176 int tproto6;
2177 struct sockaddr_in *sin;
2178 struct sockaddr_in6 *sin6;
2179 struct addrinfo *res, *res0;
2180 struct in6_addr mask128;
2181 #endif /*INET6*/
2182 struct block *b, *tmp;
2183 int port, real_proto;
2184
2185 switch (q.addr) {
2186
2187 case Q_NET:
2188 addr = pcap_nametonetaddr(name);
2189 if (addr == 0)
2190 bpf_error("unknown network '%s'", name);
2191 /* Left justify network addr and calculate its network mask */
2192 mask = 0xffffffff;
2193 while (addr && (addr & 0xff000000) == 0) {
2194 addr <<= 8;
2195 mask <<= 8;
2196 }
2197 return gen_host(addr, mask, proto, dir);
2198
2199 case Q_DEFAULT:
2200 case Q_HOST:
2201 if (proto == Q_LINK) {
2202 switch (linktype) {
2203
2204 case DLT_EN10MB:
2205 eaddr = pcap_ether_hostton(name);
2206 if (eaddr == NULL)
2207 bpf_error(
2208 "unknown ether host '%s'", name);
2209 return gen_ehostop(eaddr, dir);
2210
2211 case DLT_FDDI:
2212 eaddr = pcap_ether_hostton(name);
2213 if (eaddr == NULL)
2214 bpf_error(
2215 "unknown FDDI host '%s'", name);
2216 return gen_fhostop(eaddr, dir);
2217
2218 case DLT_IEEE802:
2219 eaddr = pcap_ether_hostton(name);
2220 if (eaddr == NULL)
2221 bpf_error(
2222 "unknown token ring host '%s'", name);
2223 return gen_thostop(eaddr, dir);
2224
2225 default:
2226 bpf_error(
2227 "only ethernet/FDDI/token ring supports link-level host name");
2228 break;
2229 }
2230 } else if (proto == Q_DECNET) {
2231 unsigned short dn_addr = __pcap_nametodnaddr(name);
2232 /*
2233 * I don't think DECNET hosts can be multihomed, so
2234 * there is no need to build up a list of addresses
2235 */
2236 return (gen_host(dn_addr, 0, proto, dir));
2237 } else {
2238 #ifndef INET6
2239 alist = pcap_nametoaddr(name);
2240 if (alist == NULL || *alist == NULL)
2241 bpf_error("unknown host '%s'", name);
2242 tproto = proto;
2243 if (off_linktype == -1 && tproto == Q_DEFAULT)
2244 tproto = Q_IP;
2245 b = gen_host(**alist++, 0xffffffff, tproto, dir);
2246 while (*alist) {
2247 tmp = gen_host(**alist++, 0xffffffff,
2248 tproto, dir);
2249 gen_or(b, tmp);
2250 b = tmp;
2251 }
2252 return b;
2253 #else
2254 memset(&mask128, 0xff, sizeof(mask128));
2255 res0 = res = pcap_nametoaddrinfo(name);
2256 if (res == NULL)
2257 bpf_error("unknown host '%s'", name);
2258 b = tmp = NULL;
2259 tproto = tproto6 = proto;
2260 if (off_linktype == -1 && tproto == Q_DEFAULT) {
2261 tproto = Q_IP;
2262 tproto6 = Q_IPV6;
2263 }
2264 for (res = res0; res; res = res->ai_next) {
2265 switch (res->ai_family) {
2266 case AF_INET:
2267 if (tproto == Q_IPV6)
2268 continue;
2269
2270 sin = (struct sockaddr_in *)
2271 res->ai_addr;
2272 tmp = gen_host(ntohl(sin->sin_addr.s_addr),
2273 0xffffffff, tproto, dir);
2274 break;
2275 case AF_INET6:
2276 if (tproto6 == Q_IP)
2277 continue;
2278
2279 sin6 = (struct sockaddr_in6 *)
2280 res->ai_addr;
2281 tmp = gen_host6(&sin6->sin6_addr,
2282 &mask128, tproto6, dir);
2283 break;
2284 }
2285 if (b)
2286 gen_or(b, tmp);
2287 b = tmp;
2288 }
2289 freeaddrinfo(res0);
2290 if (b == NULL) {
2291 bpf_error("unknown host '%s'%s", name,
2292 (proto == Q_DEFAULT)
2293 ? ""
2294 : " for specified address family");
2295 }
2296 return b;
2297 #endif /*INET6*/
2298 }
2299
2300 case Q_PORT:
2301 if (proto != Q_DEFAULT && proto != Q_UDP && proto != Q_TCP)
2302 bpf_error("illegal qualifier of 'port'");
2303 if (pcap_nametoport(name, &port, &real_proto) == 0)
2304 bpf_error("unknown port '%s'", name);
2305 if (proto == Q_UDP) {
2306 if (real_proto == IPPROTO_TCP)
2307 bpf_error("port '%s' is tcp", name);
2308 else
2309 /* override PROTO_UNDEF */
2310 real_proto = IPPROTO_UDP;
2311 }
2312 if (proto == Q_TCP) {
2313 if (real_proto == IPPROTO_UDP)
2314 bpf_error("port '%s' is udp", name);
2315 else
2316 /* override PROTO_UNDEF */
2317 real_proto = IPPROTO_TCP;
2318 }
2319 #ifndef INET6
2320 return gen_port(port, real_proto, dir);
2321 #else
2322 {
2323 struct block *b;
2324 b = gen_port(port, real_proto, dir);
2325 gen_or(gen_port6(port, real_proto, dir), b);
2326 return b;
2327 }
2328 #endif /* INET6 */
2329
2330 case Q_GATEWAY:
2331 #ifndef INET6
2332 eaddr = pcap_ether_hostton(name);
2333 if (eaddr == NULL)
2334 bpf_error("unknown ether host: %s", name);
2335
2336 alist = pcap_nametoaddr(name);
2337 if (alist == NULL || *alist == NULL)
2338 bpf_error("unknown host '%s'", name);
2339 return gen_gateway(eaddr, alist, proto, dir);
2340 #else
2341 bpf_error("'gateway' not supported in this configuration");
2342 #endif /*INET6*/
2343
2344 case Q_PROTO:
2345 real_proto = lookup_proto(name, proto);
2346 if (real_proto >= 0)
2347 return gen_proto(real_proto, proto, dir);
2348 else
2349 bpf_error("unknown protocol: %s", name);
2350
2351 case Q_PROTOCHAIN:
2352 real_proto = lookup_proto(name, proto);
2353 if (real_proto >= 0)
2354 return gen_protochain(real_proto, proto, dir);
2355 else
2356 bpf_error("unknown protocol: %s", name);
2357
2358
2359 case Q_UNDEF:
2360 syntax();
2361 /* NOTREACHED */
2362 }
2363 abort();
2364 /* NOTREACHED */
2365 }
2366
2367 struct block *
2368 gen_mcode(s1, s2, masklen, q)
2369 register const char *s1, *s2;
2370 register int masklen;
2371 struct qual q;
2372 {
2373 register int nlen, mlen;
2374 bpf_u_int32 n, m;
2375
2376 nlen = __pcap_atoin(s1, &n);
2377 /* Promote short ipaddr */
2378 n <<= 32 - nlen;
2379
2380 if (s2 != NULL) {
2381 mlen = __pcap_atoin(s2, &m);
2382 /* Promote short ipaddr */
2383 m <<= 32 - mlen;
2384 if ((n & ~m) != 0)
2385 bpf_error("non-network bits set in \"%s mask %s\"",
2386 s1, s2);
2387 } else {
2388 /* Convert mask len to mask */
2389 if (masklen > 32)
2390 bpf_error("mask length must be <= 32");
2391 m = 0xffffffff << (32 - masklen);
2392 if ((n & ~m) != 0)
2393 bpf_error("non-network bits set in \"%s/%d\"",
2394 s1, masklen);
2395 }
2396
2397 switch (q.addr) {
2398
2399 case Q_NET:
2400 return gen_host(n, m, q.proto, q.dir);
2401
2402 default:
2403 bpf_error("Mask syntax for networks only");
2404 /* NOTREACHED */
2405 }
2406 }
2407
2408 struct block *
2409 gen_ncode(s, v, q)
2410 register const char *s;
2411 bpf_u_int32 v;
2412 struct qual q;
2413 {
2414 bpf_u_int32 mask;
2415 int proto = q.proto;
2416 int dir = q.dir;
2417 register int vlen;
2418
2419 if (s == NULL)
2420 vlen = 32;
2421 else if (q.proto == Q_DECNET)
2422 vlen = __pcap_atodn(s, &v);
2423 else
2424 vlen = __pcap_atoin(s, &v);
2425
2426 switch (q.addr) {
2427
2428 case Q_DEFAULT:
2429 case Q_HOST:
2430 case Q_NET:
2431 if (proto == Q_DECNET)
2432 return gen_host(v, 0, proto, dir);
2433 else if (proto == Q_LINK) {
2434 bpf_error("illegal link layer address");
2435 } else {
2436 mask = 0xffffffff;
2437 if (s == NULL && q.addr == Q_NET) {
2438 /* Promote short net number */
2439 while (v && (v & 0xff000000) == 0) {
2440 v <<= 8;
2441 mask <<= 8;
2442 }
2443 } else {
2444 /* Promote short ipaddr */
2445 v <<= 32 - vlen;
2446 mask <<= 32 - vlen;
2447 }
2448 return gen_host(v, mask, proto, dir);
2449 }
2450
2451 case Q_PORT:
2452 if (proto == Q_UDP)
2453 proto = IPPROTO_UDP;
2454 else if (proto == Q_TCP)
2455 proto = IPPROTO_TCP;
2456 else if (proto == Q_DEFAULT)
2457 proto = PROTO_UNDEF;
2458 else
2459 bpf_error("illegal qualifier of 'port'");
2460
2461 #ifndef INET6
2462 return gen_port((int)v, proto, dir);
2463 #else
2464 {
2465 struct block *b;
2466 b = gen_port((int)v, proto, dir);
2467 gen_or(gen_port6((int)v, proto, dir), b);
2468 return b;
2469 }
2470 #endif /* INET6 */
2471
2472 case Q_GATEWAY:
2473 bpf_error("'gateway' requires a name");
2474 /* NOTREACHED */
2475
2476 case Q_PROTO:
2477 return gen_proto((int)v, proto, dir);
2478
2479 case Q_PROTOCHAIN:
2480 return gen_protochain((int)v, proto, dir);
2481
2482 case Q_UNDEF:
2483 syntax();
2484 /* NOTREACHED */
2485
2486 default:
2487 abort();
2488 /* NOTREACHED */
2489 }
2490 /* NOTREACHED */
2491 }
2492
2493 #ifdef INET6
2494 struct block *
2495 gen_mcode6(s1, s2, masklen, q)
2496 register const char *s1, *s2;
2497 register int masklen;
2498 struct qual q;
2499 {
2500 struct addrinfo *res;
2501 struct in6_addr *addr;
2502 struct in6_addr mask;
2503 struct block *b;
2504 u_int32_t *a, *m;
2505
2506 if (s2)
2507 bpf_error("no mask %s supported", s2);
2508
2509 res = pcap_nametoaddrinfo(s1);
2510 if (!res)
2511 bpf_error("invalid ip6 address %s", s1);
2512 if (res->ai_next)
2513 bpf_error("%s resolved to multiple address", s1);
2514 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr;
2515
2516 if (sizeof(mask) * 8 < masklen)
2517 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8));
2518 memset(&mask, 0xff, masklen / 8);
2519 if (masklen % 8) {
2520 mask.s6_addr[masklen / 8] =
2521 (0xff << (8 - masklen % 8)) & 0xff;
2522 }
2523
2524 a = (u_int32_t *)addr;
2525 m = (u_int32_t *)&mask;
2526 if ((a[0] & ~m[0]) || (a[1] & ~m[1])
2527 || (a[2] & ~m[2]) || (a[3] & ~m[3])) {
2528 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen);
2529 }
2530
2531 switch (q.addr) {
2532
2533 case Q_DEFAULT:
2534 case Q_HOST:
2535 if (masklen != 128)
2536 bpf_error("Mask syntax for networks only");
2537 /* FALLTHROUGH */
2538
2539 case Q_NET:
2540 b = gen_host6(addr, &mask, q.proto, q.dir);
2541 freeaddrinfo(res);
2542 return b;
2543
2544 default:
2545 bpf_error("invalid qualifier against IPv6 address");
2546 /* NOTREACHED */
2547 }
2548 }
2549 #endif /*INET6*/
2550
2551 struct block *
2552 gen_ecode(eaddr, q)
2553 register const u_char *eaddr;
2554 struct qual q;
2555 {
2556 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
2557 if (linktype == DLT_EN10MB)
2558 return gen_ehostop(eaddr, (int)q.dir);
2559 if (linktype == DLT_FDDI)
2560 return gen_fhostop(eaddr, (int)q.dir);
2561 if (linktype == DLT_IEEE802)
2562 return gen_thostop(eaddr, (int)q.dir);
2563 }
2564 bpf_error("ethernet address used in non-ether expression");
2565 /* NOTREACHED */
2566 }
2567
2568 void
2569 sappend(s0, s1)
2570 struct slist *s0, *s1;
2571 {
2572 /*
2573 * This is definitely not the best way to do this, but the
2574 * lists will rarely get long.
2575 */
2576 while (s0->next)
2577 s0 = s0->next;
2578 s0->next = s1;
2579 }
2580
2581 static struct slist *
2582 xfer_to_x(a)
2583 struct arth *a;
2584 {
2585 struct slist *s;
2586
2587 s = new_stmt(BPF_LDX|BPF_MEM);
2588 s->s.k = a->regno;
2589 return s;
2590 }
2591
2592 static struct slist *
2593 xfer_to_a(a)
2594 struct arth *a;
2595 {
2596 struct slist *s;
2597
2598 s = new_stmt(BPF_LD|BPF_MEM);
2599 s->s.k = a->regno;
2600 return s;
2601 }
2602
2603 struct arth *
2604 gen_load(proto, index, size)
2605 int proto;
2606 struct arth *index;
2607 int size;
2608 {
2609 struct slist *s, *tmp;
2610 struct block *b;
2611 int regno = alloc_reg();
2612
2613 free_reg(index->regno);
2614 switch (size) {
2615
2616 default:
2617 bpf_error("data size must be 1, 2, or 4");
2618
2619 case 1:
2620 size = BPF_B;
2621 break;
2622
2623 case 2:
2624 size = BPF_H;
2625 break;
2626
2627 case 4:
2628 size = BPF_W;
2629 break;
2630 }
2631 switch (proto) {
2632 default:
2633 bpf_error("unsupported index operation");
2634
2635 case Q_LINK:
2636 s = xfer_to_x(index);
2637 tmp = new_stmt(BPF_LD|BPF_IND|size);
2638 sappend(s, tmp);
2639 sappend(index->s, s);
2640 break;
2641
2642 case Q_IP:
2643 case Q_ARP:
2644 case Q_RARP:
2645 case Q_ATALK:
2646 case Q_DECNET:
2647 case Q_SCA:
2648 case Q_LAT:
2649 case Q_MOPRC:
2650 case Q_MOPDL:
2651 #ifdef INET6
2652 case Q_IPV6:
2653 #endif
2654 /* XXX Note that we assume a fixed link header here. */
2655 s = xfer_to_x(index);
2656 tmp = new_stmt(BPF_LD|BPF_IND|size);
2657 tmp->s.k = off_nl;
2658 sappend(s, tmp);
2659 sappend(index->s, s);
2660
2661 b = gen_proto_abbrev(proto);
2662 if (index->b)
2663 gen_and(index->b, b);
2664 index->b = b;
2665 break;
2666
2667 case Q_TCP:
2668 case Q_UDP:
2669 case Q_ICMP:
2670 case Q_IGMP:
2671 case Q_IGRP:
2672 case Q_PIM:
2673 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
2674 s->s.k = off_nl;
2675 sappend(s, xfer_to_a(index));
2676 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X));
2677 sappend(s, new_stmt(BPF_MISC|BPF_TAX));
2678 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size));
2679 tmp->s.k = off_nl;
2680 sappend(index->s, s);
2681
2682 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag());
2683 if (index->b)
2684 gen_and(index->b, b);
2685 #ifdef INET6
2686 gen_and(gen_proto_abbrev(Q_IP), b);
2687 #endif
2688 index->b = b;
2689 break;
2690 #ifdef INET6
2691 case Q_ICMPV6:
2692 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]");
2693 /*NOTREACHED*/
2694 #endif
2695 }
2696 index->regno = regno;
2697 s = new_stmt(BPF_ST);
2698 s->s.k = regno;
2699 sappend(index->s, s);
2700
2701 return index;
2702 }
2703
2704 struct block *
2705 gen_relation(code, a0, a1, reversed)
2706 int code;
2707 struct arth *a0, *a1;
2708 int reversed;
2709 {
2710 struct slist *s0, *s1, *s2;
2711 struct block *b, *tmp;
2712
2713 s0 = xfer_to_x(a1);
2714 s1 = xfer_to_a(a0);
2715 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X);
2716 b = new_block(JMP(code));
2717 if (code == BPF_JGT || code == BPF_JGE) {
2718 reversed = !reversed;
2719 b->s.k = 0x80000000;
2720 }
2721 if (reversed)
2722 gen_not(b);
2723
2724 sappend(s1, s2);
2725 sappend(s0, s1);
2726 sappend(a1->s, s0);
2727 sappend(a0->s, a1->s);
2728
2729 b->stmts = a0->s;
2730
2731 free_reg(a0->regno);
2732 free_reg(a1->regno);
2733
2734 /* 'and' together protocol checks */
2735 if (a0->b) {
2736 if (a1->b) {
2737 gen_and(a0->b, tmp = a1->b);
2738 }
2739 else
2740 tmp = a0->b;
2741 } else
2742 tmp = a1->b;
2743
2744 if (tmp)
2745 gen_and(tmp, b);
2746
2747 return b;
2748 }
2749
2750 struct arth *
2751 gen_loadlen()
2752 {
2753 int regno = alloc_reg();
2754 struct arth *a = (struct arth *)newchunk(sizeof(*a));
2755 struct slist *s;
2756
2757 s = new_stmt(BPF_LD|BPF_LEN);
2758 s->next = new_stmt(BPF_ST);
2759 s->next->s.k = regno;
2760 a->s = s;
2761 a->regno = regno;
2762
2763 return a;
2764 }
2765
2766 struct arth *
2767 gen_loadi(val)
2768 int val;
2769 {
2770 struct arth *a;
2771 struct slist *s;
2772 int reg;
2773
2774 a = (struct arth *)newchunk(sizeof(*a));
2775
2776 reg = alloc_reg();
2777
2778 s = new_stmt(BPF_LD|BPF_IMM);
2779 s->s.k = val;
2780 s->next = new_stmt(BPF_ST);
2781 s->next->s.k = reg;
2782 a->s = s;
2783 a->regno = reg;
2784
2785 return a;
2786 }
2787
2788 struct arth *
2789 gen_neg(a)
2790 struct arth *a;
2791 {
2792 struct slist *s;
2793
2794 s = xfer_to_a(a);
2795 sappend(a->s, s);
2796 s = new_stmt(BPF_ALU|BPF_NEG);
2797 s->s.k = 0;
2798 sappend(a->s, s);
2799 s = new_stmt(BPF_ST);
2800 s->s.k = a->regno;
2801 sappend(a->s, s);
2802
2803 return a;
2804 }
2805
2806 struct arth *
2807 gen_arth(code, a0, a1)
2808 int code;
2809 struct arth *a0, *a1;
2810 {
2811 struct slist *s0, *s1, *s2;
2812
2813 s0 = xfer_to_x(a1);
2814 s1 = xfer_to_a(a0);
2815 s2 = new_stmt(BPF_ALU|BPF_X|code);
2816
2817 sappend(s1, s2);
2818 sappend(s0, s1);
2819 sappend(a1->s, s0);
2820 sappend(a0->s, a1->s);
2821
2822 free_reg(a1->regno);
2823
2824 s0 = new_stmt(BPF_ST);
2825 a0->regno = s0->s.k = alloc_reg();
2826 sappend(a0->s, s0);
2827
2828 return a0;
2829 }
2830
2831 /*
2832 * Here we handle simple allocation of the scratch registers.
2833 * If too many registers are alloc'd, the allocator punts.
2834 */
2835 static int regused[BPF_MEMWORDS];
2836 static int curreg;
2837
2838 /*
2839 * Return the next free register.
2840 */
2841 static int
2842 alloc_reg()
2843 {
2844 int n = BPF_MEMWORDS;
2845
2846 while (--n >= 0) {
2847 if (regused[curreg])
2848 curreg = (curreg + 1) % BPF_MEMWORDS;
2849 else {
2850 regused[curreg] = 1;
2851 return curreg;
2852 }
2853 }
2854 bpf_error("too many registers needed to evaluate expression");
2855 /* NOTREACHED */
2856 }
2857
2858 /*
2859 * Return a register to the table so it can
2860 * be used later.
2861 */
2862 static void
2863 free_reg(n)
2864 int n;
2865 {
2866 regused[n] = 0;
2867 }
2868
2869 static struct block *
2870 gen_len(jmp, n)
2871 int jmp, n;
2872 {
2873 struct slist *s;
2874 struct block *b;
2875
2876 s = new_stmt(BPF_LD|BPF_LEN);
2877 b = new_block(JMP(jmp));
2878 b->stmts = s;
2879 b->s.k = n;
2880
2881 return b;
2882 }
2883
2884 struct block *
2885 gen_greater(n)
2886 int n;
2887 {
2888 return gen_len(BPF_JGE, n);
2889 }
2890
2891 struct block *
2892 gen_less(n)
2893 int n;
2894 {
2895 struct block *b;
2896
2897 b = gen_len(BPF_JGT, n);
2898 gen_not(b);
2899
2900 return b;
2901 }
2902
2903 struct block *
2904 gen_byteop(op, idx, val)
2905 int op, idx, val;
2906 {
2907 struct block *b;
2908 struct slist *s;
2909
2910 switch (op) {
2911 default:
2912 abort();
2913
2914 case '=':
2915 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
2916
2917 case '<':
2918 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
2919 b->s.code = JMP(BPF_JGE);
2920 gen_not(b);
2921 return b;
2922
2923 case '>':
2924 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
2925 b->s.code = JMP(BPF_JGT);
2926 return b;
2927
2928 case '|':
2929 s = new_stmt(BPF_ALU|BPF_OR|BPF_K);
2930 break;
2931
2932 case '&':
2933 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
2934 break;
2935 }
2936 s->s.k = val;
2937 b = new_block(JMP(BPF_JEQ));
2938 b->stmts = s;
2939 gen_not(b);
2940
2941 return b;
2942 }
2943
2944 struct block *
2945 gen_broadcast(proto)
2946 int proto;
2947 {
2948 bpf_u_int32 hostmask;
2949 struct block *b0, *b1, *b2;
2950 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
2951
2952 switch (proto) {
2953
2954 case Q_DEFAULT:
2955 case Q_LINK:
2956 if (linktype == DLT_EN10MB)
2957 return gen_ehostop(ebroadcast, Q_DST);
2958 if (linktype == DLT_FDDI)
2959 return gen_fhostop(ebroadcast, Q_DST);
2960 if (linktype == DLT_IEEE802)
2961 return gen_thostop(ebroadcast, Q_DST);
2962 bpf_error("not a broadcast link");
2963 break;
2964
2965 case Q_IP:
2966 b0 = gen_linktype(ETHERTYPE_IP);
2967 hostmask = ~netmask;
2968 b1 = gen_mcmp(off_nl + 16, BPF_W, (bpf_int32)0, hostmask);
2969 b2 = gen_mcmp(off_nl + 16, BPF_W,
2970 (bpf_int32)(~0 & hostmask), hostmask);
2971 gen_or(b1, b2);
2972 gen_and(b0, b2);
2973 return b2;
2974 }
2975 bpf_error("only ether/ip broadcast filters supported");
2976 }
2977
2978 struct block *
2979 gen_multicast(proto)
2980 int proto;
2981 {
2982 register struct block *b0, *b1;
2983 register struct slist *s;
2984
2985 switch (proto) {
2986
2987 case Q_DEFAULT:
2988 case Q_LINK:
2989 if (linktype == DLT_EN10MB) {
2990 /* ether[0] & 1 != 0 */
2991 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2992 s->s.k = 0;
2993 b0 = new_block(JMP(BPF_JSET));
2994 b0->s.k = 1;
2995 b0->stmts = s;
2996 return b0;
2997 }
2998
2999 if (linktype == DLT_FDDI) {
3000 /* XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX */
3001 /* fddi[1] & 1 != 0 */
3002 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
3003 s->s.k = 1;
3004 b0 = new_block(JMP(BPF_JSET));
3005 b0->s.k = 1;
3006 b0->stmts = s;
3007 return b0;
3008 }
3009
3010 /* TODO - check how token ring handles multicast */
3011 /* if (linktype == DLT_IEEE802) ... */
3012
3013 /* Link not known to support multicasts */
3014 break;
3015
3016 case Q_IP:
3017 b0 = gen_linktype(ETHERTYPE_IP);
3018 b1 = gen_cmp(off_nl + 16, BPF_B, (bpf_int32)224);
3019 b1->s.code = JMP(BPF_JGE);
3020 gen_and(b0, b1);
3021 return b1;
3022
3023 #ifdef INET6
3024 case Q_IPV6:
3025 b0 = gen_linktype(ETHERTYPE_IPV6);
3026 b1 = gen_cmp(off_nl + 24, BPF_B, (bpf_int32)255);
3027 gen_and(b0, b1);
3028 return b1;
3029 #endif /* INET6 */
3030 }
3031 bpf_error("only IP multicast filters supported on ethernet/FDDI");
3032 }
3033
3034 /*
3035 * generate command for inbound/outbound. It's here so we can
3036 * make it link-type specific. 'dir' = 0 implies "inbound",
3037 * = 1 implies "outbound".
3038 */
3039 struct block *
3040 gen_inbound(dir)
3041 int dir;
3042 {
3043 register struct block *b0;
3044
3045 b0 = gen_relation(BPF_JEQ,
3046 gen_load(Q_LINK, gen_loadi(0), 1),
3047 gen_loadi(0),
3048 dir);
3049 return (b0);
3050 }
3051
3052 /*
3053 * support IEEE 802.1Q VLAN trunk over ethernet
3054 */
3055 struct block *
3056 gen_vlan(vlan_num)
3057 int vlan_num;
3058 {
3059 static u_int orig_linktype = -1, orig_nl = -1;
3060 struct block *b0;
3061
3062 /*
3063 * Change the offsets to point to the type and data fields within
3064 * the VLAN packet. This is somewhat of a kludge.
3065 */
3066 if (orig_nl == (u_int)-1) {
3067 orig_linktype = off_linktype; /* save original values */
3068 orig_nl = off_nl;
3069
3070 switch (linktype) {
3071
3072 case DLT_EN10MB:
3073 off_linktype = 16;
3074 off_nl = 18;
3075 break;
3076
3077 default:
3078 bpf_error("no VLAN support for data link type %d",
3079 linktype);
3080 /*NOTREACHED*/
3081 }
3082 }
3083
3084 /* check for VLAN */
3085 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q);
3086
3087 /* If a specific VLAN is requested, check VLAN id */
3088 if (vlan_num >= 0) {
3089 struct block *b1;
3090
3091 b1 = gen_cmp(orig_nl, BPF_H, (bpf_int32)vlan_num);
3092 gen_and(b0, b1);
3093 b0 = b1;
3094 }
3095
3096 return (b0);
3097 }
[mirror] the LIBpcap interface to various kernel packet capture mechanism