]> The Tcpdump Group git mirrors - libpcap/blob - gencode.c
projects / libpcap / blob


60fb3276fb138827ae988be64e02c66451fcb49b
[libpcap] / gencode.c
1 /*#define CHASE_CHAIN*/
2 /*
3 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998
4 * The Regents of the University of California. All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that: (1) source code distributions
8 * retain the above copyright notice and this paragraph in its entirety, (2)
9 * distributions including binary code include the above copyright notice and
10 * this paragraph in its entirety in the documentation or other materials
11 * provided with the distribution, and (3) all advertising materials mentioning
12 * features or use of this software display the following acknowledgement:
13 * ``This product includes software developed by the University of California,
14 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
15 * the University nor the names of its contributors may be used to endorse
16 * or promote products derived from this software without specific prior
17 * written permission.
18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
19 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
20 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
21 */
22 #ifndef lint
23 static const char rcsid[] =
24 "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.172 2002-08-02 05:53:53 guy Exp $ (LBL)";
25 #endif
26
27 #ifdef HAVE_CONFIG_H
28 #include "config.h"
29 #endif
30
31 #ifdef WIN32
32 #include <pcap-stdinc.h>
33 #else /* WIN32 */
34 #include <sys/types.h>
35 #include <sys/socket.h>
36 #include <sys/time.h>
37 #endif /* WIN32 */
38
39 /*
40 * XXX - why was this included even on UNIX?
41 */
42 #ifdef __MINGW32__
43 #include "IP6_misc.h"
44 #endif
45
46 #ifndef WIN32
47
48 #ifdef __NetBSD__
49 #include <sys/param.h>
50 #endif
51
52 struct mbuf; /* Squelch compiler warnings on some platforms for */
53 struct rtentry; /* declarations in <net/if.h> */
54 #include <net/if.h>
55
56 #include <netinet/in.h>
57
58 #endif /* WIN32 */
59
60 #include <stdlib.h>
61 #include <string.h>
62 #include <memory.h>
63 #include <setjmp.h>
64 #include <stdarg.h>
65
66 #include "pcap-int.h"
67
68 #include "ethertype.h"
69 #include "nlpid.h"
70 #include "llc.h"
71 #include "gencode.h"
72 #include "atmuni31.h"
73 #include "sunatmpos.h"
74 #include "ppp.h"
75 #include "sll.h"
76 #include "arcnet.h"
77 #ifdef INET6
78 #ifndef WIN32
79 #include <netdb.h> /* for "struct addrinfo" */
80 #endif /* WIN32 */
81 #endif /*INET6*/
82 #include <pcap-namedb.h>
83
84 #define ETHERMTU 1500
85
86 #ifndef IPPROTO_SCTP
87 #define IPPROTO_SCTP 132
88 #endif
89
90 #ifdef HAVE_OS_PROTO_H
91 #include "os-proto.h"
92 #endif
93
94 #define JMP(c) ((c)|BPF_JMP|BPF_K)
95
96 /* Locals */
97 static jmp_buf top_ctx;
98 static pcap_t *bpf_pcap;
99
100 /* Hack for updating VLAN offsets. */
101 static u_int orig_linktype = -1, orig_nl = -1, orig_nl_nosnap = -1;
102
103 /* XXX */
104 #ifdef PCAP_FDDIPAD
105 int pcap_fddipad = PCAP_FDDIPAD;
106 #else
107 int pcap_fddipad;
108 #endif
109
110 /* VARARGS */
111 void
112 bpf_error(const char *fmt, ...)
113
114 {
115 va_list ap;
116
117 va_start(ap, fmt);
118 if (bpf_pcap != NULL)
119 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE,
120 fmt, ap);
121 va_end(ap);
122 longjmp(top_ctx, 1);
123 /* NOTREACHED */
124 }
125
126 static void init_linktype(int);
127
128 static int alloc_reg(void);
129 static void free_reg(int);
130
131 static struct block *root;
132
133 /*
134 * We divy out chunks of memory rather than call malloc each time so
135 * we don't have to worry about leaking memory. It's probably
136 * not a big deal if all this memory was wasted but it this ever
137 * goes into a library that would probably not be a good idea.
138 */
139 #define NCHUNKS 16
140 #define CHUNK0SIZE 1024
141 struct chunk {
142 u_int n_left;
143 void *m;
144 };
145
146 static struct chunk chunks[NCHUNKS];
147 static int cur_chunk;
148
149 static void *newchunk(u_int);
150 static void freechunks(void);
151 static inline struct block *new_block(int);
152 static inline struct slist *new_stmt(int);
153 static struct block *gen_retblk(int);
154 static inline void syntax(void);
155
156 static void backpatch(struct block *, struct block *);
157 static void merge(struct block *, struct block *);
158 static struct block *gen_cmp(u_int, u_int, bpf_int32);
159 static struct block *gen_cmp_gt(u_int, u_int, bpf_int32);
160 static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32);
161 static struct block *gen_bcmp(u_int, u_int, const u_char *);
162 static struct block *gen_ncmp(bpf_u_int32, bpf_u_int32, bpf_u_int32,
163 bpf_u_int32, bpf_u_int32, int);
164 static struct block *gen_uncond(int);
165 static inline struct block *gen_true(void);
166 static inline struct block *gen_false(void);
167 static struct block *gen_linktype(int);
168 static struct block *gen_snap(bpf_u_int32, bpf_u_int32, u_int);
169 static struct block *gen_llc(int);
170 static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int);
171 #ifdef INET6
172 static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int);
173 #endif
174 static struct block *gen_ahostop(const u_char *, int);
175 static struct block *gen_ehostop(const u_char *, int);
176 static struct block *gen_fhostop(const u_char *, int);
177 static struct block *gen_thostop(const u_char *, int);
178 static struct block *gen_dnhostop(bpf_u_int32, int, u_int);
179 static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int);
180 #ifdef INET6
181 static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int);
182 #endif
183 #ifndef INET6
184 static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int);
185 #endif
186 static struct block *gen_ipfrag(void);
187 static struct block *gen_portatom(int, bpf_int32);
188 #ifdef INET6
189 static struct block *gen_portatom6(int, bpf_int32);
190 #endif
191 struct block *gen_portop(int, int, int);
192 static struct block *gen_port(int, int, int);
193 #ifdef INET6
194 struct block *gen_portop6(int, int, int);
195 static struct block *gen_port6(int, int, int);
196 #endif
197 static int lookup_proto(const char *, int);
198 static struct block *gen_protochain(int, int, int);
199 static struct block *gen_proto(int, int, int);
200 static struct slist *xfer_to_x(struct arth *);
201 static struct slist *xfer_to_a(struct arth *);
202 static struct block *gen_len(int, int);
203
204 static struct block *gen_msg_abbrev(int type);
205
206 static void *
207 newchunk(n)
208 u_int n;
209 {
210 struct chunk *cp;
211 int k, size;
212
213 #ifndef __NetBSD__
214 /* XXX Round up to nearest long. */
215 n = (n + sizeof(long) - 1) & ~(sizeof(long) - 1);
216 #else
217 /* XXX Round up to structure boundary. */
218 n = ALIGN(n);
219 #endif
220
221 cp = &chunks[cur_chunk];
222 if (n > cp->n_left) {
223 ++cp, k = ++cur_chunk;
224 if (k >= NCHUNKS)
225 bpf_error("out of memory");
226 size = CHUNK0SIZE << k;
227 cp->m = (void *)malloc(size);
228 memset((char *)cp->m, 0, size);
229 cp->n_left = size;
230 if (n > size)
231 bpf_error("out of memory");
232 }
233 cp->n_left -= n;
234 return (void *)((char *)cp->m + cp->n_left);
235 }
236
237 static void
238 freechunks()
239 {
240 int i;
241
242 cur_chunk = 0;
243 for (i = 0; i < NCHUNKS; ++i)
244 if (chunks[i].m != NULL) {
245 free(chunks[i].m);
246 chunks[i].m = NULL;
247 }
248 }
249
250 /*
251 * A strdup whose allocations are freed after code generation is over.
252 */
253 char *
254 sdup(s)
255 register const char *s;
256 {
257 int n = strlen(s) + 1;
258 char *cp = newchunk(n);
259
260 strlcpy(cp, s, n);
261 return (cp);
262 }
263
264 static inline struct block *
265 new_block(code)
266 int code;
267 {
268 struct block *p;
269
270 p = (struct block *)newchunk(sizeof(*p));
271 p->s.code = code;
272 p->head = p;
273
274 return p;
275 }
276
277 static inline struct slist *
278 new_stmt(code)
279 int code;
280 {
281 struct slist *p;
282
283 p = (struct slist *)newchunk(sizeof(*p));
284 p->s.code = code;
285
286 return p;
287 }
288
289 static struct block *
290 gen_retblk(v)
291 int v;
292 {
293 struct block *b = new_block(BPF_RET|BPF_K);
294
295 b->s.k = v;
296 return b;
297 }
298
299 static inline void
300 syntax()
301 {
302 bpf_error("syntax error in filter expression");
303 }
304
305 static bpf_u_int32 netmask;
306 static int snaplen;
307 int no_optimize;
308
309 int
310 pcap_compile(pcap_t *p, struct bpf_program *program,
311 char *buf, int optimize, bpf_u_int32 mask)
312 {
313 extern int n_errors;
314 int len;
315
316 no_optimize = 0;
317 n_errors = 0;
318 root = NULL;
319 bpf_pcap = p;
320 if (setjmp(top_ctx)) {
321 lex_cleanup();
322 freechunks();
323 return (-1);
324 }
325
326 netmask = mask;
327
328 snaplen = pcap_snapshot(p);
329 if (snaplen == 0) {
330 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
331 "snaplen of 0 rejects all packets");
332 return -1;
333 }
334
335 lex_init(buf ? buf : "");
336 init_linktype(pcap_datalink(p));
337 (void)pcap_parse();
338
339 if (n_errors)
340 syntax();
341
342 if (root == NULL)
343 root = gen_retblk(snaplen);
344
345 if (optimize && !no_optimize) {
346 bpf_optimize(&root);
347 if (root == NULL ||
348 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0))
349 bpf_error("expression rejects all packets");
350 }
351 program->bf_insns = icode_to_fcode(root, &len);
352 program->bf_len = len;
353
354 lex_cleanup();
355 freechunks();
356 return (0);
357 }
358
359 /*
360 * entry point for using the compiler with no pcap open
361 * pass in all the stuff that is needed explicitly instead.
362 */
363 int
364 pcap_compile_nopcap(int snaplen_arg, int linktype_arg,
365 struct bpf_program *program,
366 char *buf, int optimize, bpf_u_int32 mask)
367 {
368 pcap_t *p;
369 int ret;
370
371 p = pcap_open_dead(linktype_arg, snaplen_arg);
372 if (p == NULL)
373 return (-1);
374 ret = pcap_compile(p, program, buf, optimize, mask);
375 pcap_close(p);
376 return (ret);
377 }
378
379 /*
380 * Clean up a "struct bpf_program" by freeing all the memory allocated
381 * in it.
382 */
383 void
384 pcap_freecode(struct bpf_program *program)
385 {
386 program->bf_len = 0;
387 if (program->bf_insns != NULL) {
388 free((char *)program->bf_insns);
389 program->bf_insns = NULL;
390 }
391 }
392
393 /*
394 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates
395 * which of the jt and jf fields has been resolved and which is a pointer
396 * back to another unresolved block (or nil). At least one of the fields
397 * in each block is already resolved.
398 */
399 static void
400 backpatch(list, target)
401 struct block *list, *target;
402 {
403 struct block *next;
404
405 while (list) {
406 if (!list->sense) {
407 next = JT(list);
408 JT(list) = target;
409 } else {
410 next = JF(list);
411 JF(list) = target;
412 }
413 list = next;
414 }
415 }
416
417 /*
418 * Merge the lists in b0 and b1, using the 'sense' field to indicate
419 * which of jt and jf is the link.
420 */
421 static void
422 merge(b0, b1)
423 struct block *b0, *b1;
424 {
425 register struct block **p = &b0;
426
427 /* Find end of list. */
428 while (*p)
429 p = !((*p)->sense) ? &JT(*p) : &JF(*p);
430
431 /* Concatenate the lists. */
432 *p = b1;
433 }
434
435 void
436 finish_parse(p)
437 struct block *p;
438 {
439 backpatch(p, gen_retblk(snaplen));
440 p->sense = !p->sense;
441 backpatch(p, gen_retblk(0));
442 root = p->head;
443 }
444
445 void
446 gen_and(b0, b1)
447 struct block *b0, *b1;
448 {
449 backpatch(b0, b1->head);
450 b0->sense = !b0->sense;
451 b1->sense = !b1->sense;
452 merge(b1, b0);
453 b1->sense = !b1->sense;
454 b1->head = b0->head;
455 }
456
457 void
458 gen_or(b0, b1)
459 struct block *b0, *b1;
460 {
461 b0->sense = !b0->sense;
462 backpatch(b0, b1->head);
463 b0->sense = !b0->sense;
464 merge(b1, b0);
465 b1->head = b0->head;
466 }
467
468 void
469 gen_not(b)
470 struct block *b;
471 {
472 b->sense = !b->sense;
473 }
474
475 static struct block *
476 gen_cmp(offset, size, v)
477 u_int offset, size;
478 bpf_int32 v;
479 {
480 struct slist *s;
481 struct block *b;
482
483 s = new_stmt(BPF_LD|BPF_ABS|size);
484 s->s.k = offset;
485
486 b = new_block(JMP(BPF_JEQ));
487 b->stmts = s;
488 b->s.k = v;
489
490 return b;
491 }
492
493 static struct block *
494 gen_cmp_gt(offset, size, v)
495 u_int offset, size;
496 bpf_int32 v;
497 {
498 struct slist *s;
499 struct block *b;
500
501 s = new_stmt(BPF_LD|BPF_ABS|size);
502 s->s.k = offset;
503
504 b = new_block(JMP(BPF_JGT));
505 b->stmts = s;
506 b->s.k = v;
507
508 return b;
509 }
510
511 static struct block *
512 gen_mcmp(offset, size, v, mask)
513 u_int offset, size;
514 bpf_int32 v;
515 bpf_u_int32 mask;
516 {
517 struct block *b = gen_cmp(offset, size, v);
518 struct slist *s;
519
520 if (mask != 0xffffffff) {
521 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
522 s->s.k = mask;
523 b->stmts->next = s;
524 }
525 return b;
526 }
527
528 static struct block *
529 gen_bcmp(offset, size, v)
530 register u_int offset, size;
531 register const u_char *v;
532 {
533 register struct block *b, *tmp;
534
535 b = NULL;
536 while (size >= 4) {
537 register const u_char *p = &v[size - 4];
538 bpf_int32 w = ((bpf_int32)p[0] << 24) |
539 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3];
540
541 tmp = gen_cmp(offset + size - 4, BPF_W, w);
542 if (b != NULL)
543 gen_and(b, tmp);
544 b = tmp;
545 size -= 4;
546 }
547 while (size >= 2) {
548 register const u_char *p = &v[size - 2];
549 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1];
550
551 tmp = gen_cmp(offset + size - 2, BPF_H, w);
552 if (b != NULL)
553 gen_and(b, tmp);
554 b = tmp;
555 size -= 2;
556 }
557 if (size > 0) {
558 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]);
559 if (b != NULL)
560 gen_and(b, tmp);
561 b = tmp;
562 }
563 return b;
564 }
565
566 static struct block *
567 gen_ncmp(datasize, offset, mask, jtype, jvalue, reverse)
568 bpf_u_int32 datasize, offset, mask, jtype, jvalue;
569 int reverse;
570 {
571 struct slist *s;
572 struct block *b;
573
574 s = new_stmt(BPF_LD|datasize|BPF_ABS);
575 s->s.k = offset;
576
577 if (mask != 0xffffffff) {
578 s->next = new_stmt(BPF_ALU|BPF_AND|BPF_K);
579 s->next->s.k = mask;
580 }
581
582 b = new_block(JMP(jtype));
583 b->stmts = s;
584 b->s.k = jvalue;
585 if (reverse && (jtype == BPF_JGT || jtype == BPF_JGE))
586 gen_not(b);
587 return b;
588 }
589
590 /*
591 * Various code constructs need to know the layout of the data link
592 * layer. These variables give the necessary offsets.
593 */
594
595 /*
596 * "off_linktype" is the offset to information in the link-layer header
597 * giving the packet type.
598 *
599 * For Ethernet, it's the offset of the Ethernet type field.
600 *
601 * For link-layer types that always use 802.2 headers, it's the
602 * offset of the LLC header.
603 *
604 * For PPP, it's the offset of the PPP type field.
605 *
606 * For Cisco HDLC, it's the offset of the CHDLC type field.
607 *
608 * For BSD loopback, it's the offset of the AF_ value.
609 *
610 * For Linux cooked sockets, it's the offset of the type field.
611 *
612 * It's set to -1 for no encapsulation, in which case, IP is assumed.
613 */
614 static u_int off_linktype;
615
616 /*
617 * TRUE if the link layer includes an ATM pseudo-header.
618 */
619 static int is_atm = 0;
620
621 /*
622 * These are offsets for the ATM pseudo-header.
623 */
624 static u_int off_vpi;
625 static u_int off_vci;
626 static u_int off_proto;
627
628 /*
629 * This is the offset to the message type for Q.2931 messages.
630 */
631 static u_int off_msg_type;
632
633 /*
634 * These are offsets to the beginning of the network-layer header.
635 *
636 * If the link layer never uses 802.2 LLC:
637 *
638 * "off_nl" and "off_nl_nosnap" are the same.
639 *
640 * If the link layer always uses 802.2 LLC:
641 *
642 * "off_nl" is the offset if there's a SNAP header following
643 * the 802.2 header;
644 *
645 * "off_nl_nosnap" is the offset if there's no SNAP header.
646 *
647 * If the link layer is Ethernet:
648 *
649 * "off_nl" is the offset if the packet is an Ethernet II packet
650 * (we assume no 802.3+802.2+SNAP);
651 *
652 * "off_nl_nosnap" is the offset if the packet is an 802.3 packet
653 * with an 802.2 header following it.
654 */
655 static u_int off_nl;
656 static u_int off_nl_nosnap;
657
658 static int linktype;
659
660 static void
661 init_linktype(type)
662 int type;
663 {
664 linktype = type;
665
666 /*
667 * Assume it's not raw ATM with a pseudo-header, for now.
668 */
669 is_atm = 0;
670 off_vpi = -1;
671 off_vci = -1;
672 off_proto = -1;
673 off_msg_type = -1;
674
675 orig_linktype = -1;
676 orig_nl = -1;
677 orig_nl_nosnap = -1;
678
679 switch (type) {
680
681 case DLT_ARCNET:
682 off_linktype = 2;
683 off_nl = 6; /* XXX in reality, variable! */
684 off_nl_nosnap = 6; /* no 802.2 LLC */
685 return;
686
687 case DLT_EN10MB:
688 off_linktype = 12;
689 off_nl = 14; /* Ethernet II */
690 off_nl_nosnap = 17; /* 802.3+802.2 */
691 return;
692
693 case DLT_SLIP:
694 /*
695 * SLIP doesn't have a link level type. The 16 byte
696 * header is hacked into our SLIP driver.
697 */
698 off_linktype = -1;
699 off_nl = 16;
700 off_nl_nosnap = 16; /* no 802.2 LLC */
701 return;
702
703 case DLT_SLIP_BSDOS:
704 /* XXX this may be the same as the DLT_PPP_BSDOS case */
705 off_linktype = -1;
706 /* XXX end */
707 off_nl = 24;
708 off_nl_nosnap = 24; /* no 802.2 LLC */
709 return;
710
711 case DLT_NULL:
712 case DLT_LOOP:
713 off_linktype = 0;
714 off_nl = 4;
715 off_nl_nosnap = 4; /* no 802.2 LLC */
716 return;
717
718 case DLT_PPP:
719 case DLT_C_HDLC: /* BSD/OS Cisco HDLC */
720 case DLT_PPP_SERIAL: /* NetBSD sync/async serial PPP */
721 off_linktype = 2;
722 off_nl = 4;
723 off_nl_nosnap = 4; /* no 802.2 LLC */
724 return;
725
726 case DLT_PPP_ETHER:
727 /*
728 * This does no include the Ethernet header, and
729 * only covers session state.
730 */
731 off_linktype = 6;
732 off_nl = 8;
733 off_nl_nosnap = 8; /* no 802.2 LLC */
734 return;
735
736 case DLT_PPP_BSDOS:
737 off_linktype = 5;
738 off_nl = 24;
739 off_nl_nosnap = 24; /* no 802.2 LLC */
740 return;
741
742 case DLT_FDDI:
743 /*
744 * FDDI doesn't really have a link-level type field.
745 * We set "off_linktype" to the offset of the LLC header.
746 *
747 * To check for Ethernet types, we assume that SSAP = SNAP
748 * is being used and pick out the encapsulated Ethernet type.
749 * XXX - should we generate code to check for SNAP?
750 */
751 off_linktype = 13;
752 #ifdef PCAP_FDDIPAD
753 off_linktype += pcap_fddipad;
754 #endif
755 off_nl = 21; /* FDDI+802.2+SNAP */
756 off_nl_nosnap = 16; /* FDDI+802.2 */
757 #ifdef PCAP_FDDIPAD
758 off_nl += pcap_fddipad;
759 off_nl_nosnap += pcap_fddipad;
760 #endif
761 return;
762
763 case DLT_IEEE802:
764 /*
765 * Token Ring doesn't really have a link-level type field.
766 * We set "off_linktype" to the offset of the LLC header.
767 *
768 * To check for Ethernet types, we assume that SSAP = SNAP
769 * is being used and pick out the encapsulated Ethernet type.
770 * XXX - should we generate code to check for SNAP?
771 *
772 * XXX - the header is actually variable-length.
773 * Some various Linux patched versions gave 38
774 * as "off_linktype" and 40 as "off_nl"; however,
775 * if a token ring packet has *no* routing
776 * information, i.e. is not source-routed, the correct
777 * values are 20 and 22, as they are in the vanilla code.
778 *
779 * A packet is source-routed iff the uppermost bit
780 * of the first byte of the source address, at an
781 * offset of 8, has the uppermost bit set. If the
782 * packet is source-routed, the total number of bytes
783 * of routing information is 2 plus bits 0x1F00 of
784 * the 16-bit value at an offset of 14 (shifted right
785 * 8 - figure out which byte that is).
786 */
787 off_linktype = 14;
788 off_nl = 22; /* Token Ring+802.2+SNAP */
789 off_nl_nosnap = 17; /* Token Ring+802.2 */
790 return;
791
792 case DLT_IEEE802_11:
793 /*
794 * 802.11 doesn't really have a link-level type field.
795 * We set "off_linktype" to the offset of the LLC header.
796 *
797 * To check for Ethernet types, we assume that SSAP = SNAP
798 * is being used and pick out the encapsulated Ethernet type.
799 * XXX - should we generate code to check for SNAP?
800 *
801 * XXX - the header is actually variable-length. We
802 * assume a 24-byte link-layer header, as appears in
803 * data frames in networks with no bridges.
804 */
805 off_linktype = 24;
806 off_nl = 32; /* 802.11+802.2+SNAP */
807 off_nl_nosnap = 27; /* 802.22+802.2 */
808 return;
809
810 case DLT_PRISM_HEADER:
811 /*
812 * Same as 802.11, but with an additional header before
813 * the 802.11 header, containing a bunch of additional
814 * information including radio-level information.
815 *
816 * The header is 144 bytes long.
817 *
818 * XXX - same variable-length header problem; at least
819 * the Prism header is fixed-length.
820 */
821 off_linktype = 144+24;
822 off_nl = 144+32; /* Prism+802.11+802.2+SNAP */
823 off_nl_nosnap = 144+27; /* Prism+802.11+802.2 */
824 return;
825
826 case DLT_ATM_RFC1483:
827 case DLT_ATM_CLIP: /* Linux ATM defines this */
828 /*
829 * assume routed, non-ISO PDUs
830 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00)
831 */
832 off_linktype = 0;
833 off_nl = 8; /* 802.2+SNAP */
834 off_nl_nosnap = 3; /* 802.2 */
835 return;
836
837 case DLT_SUNATM:
838 /*
839 * Full Frontal ATM; you get AALn PDUs with an ATM
840 * pseudo-header.
841 */
842 is_atm = 1;
843 off_linktype = SUNATM_PKT_BEGIN_POS;
844 off_vpi = SUNATM_VPI_POS;
845 off_vci = SUNATM_VCI_POS;
846 off_proto = PROTO_POS;
847 off_msg_type = SUNATM_PKT_BEGIN_POS+MSG_TYPE_POS;
848 off_nl = SUNATM_PKT_BEGIN_POS+8; /* 802.2+SNAP */
849 off_nl_nosnap = SUNATM_PKT_BEGIN_POS+3; /* 802.2 */
850 return;
851
852 case DLT_RAW:
853 off_linktype = -1;
854 off_nl = 0;
855 off_nl_nosnap = 0; /* no 802.2 LLC */
856 return;
857
858 case DLT_LINUX_SLL: /* fake header for Linux cooked socket */
859 off_linktype = 14;
860 off_nl = 16;
861 off_nl_nosnap = 16; /* no 802.2 LLC */
862 return;
863
864 case DLT_LTALK:
865 /*
866 * LocalTalk does have a 1-byte type field in the LLAP header,
867 * but really it just indicates whether there is a "short" or
868 * "long" DDP packet following.
869 */
870 off_linktype = -1;
871 off_nl = 0;
872 off_nl_nosnap = 0; /* no 802.2 LLC */
873 return;
874
875 case DLT_FRELAY:
876 /*
877 * XXX - we should set this to handle SNAP-encapsulated
878 * frames (NLPID of 0x80).
879 */
880 off_linktype = -1;
881 off_nl = 0;
882 off_nl_nosnap = 0; /* no 802.2 LLC */
883 return;
884 }
885 bpf_error("unknown data link type %d", linktype);
886 /* NOTREACHED */
887 }
888
889 static struct block *
890 gen_uncond(rsense)
891 int rsense;
892 {
893 struct block *b;
894 struct slist *s;
895
896 s = new_stmt(BPF_LD|BPF_IMM);
897 s->s.k = !rsense;
898 b = new_block(JMP(BPF_JEQ));
899 b->stmts = s;
900
901 return b;
902 }
903
904 static inline struct block *
905 gen_true()
906 {
907 return gen_uncond(1);
908 }
909
910 static inline struct block *
911 gen_false()
912 {
913 return gen_uncond(0);
914 }
915
916 /*
917 * Byte-swap a 32-bit number.
918 * ("htonl()" or "ntohl()" won't work - we want to byte-swap even on
919 * big-endian platforms.)
920 */
921 #define SWAPLONG(y) \
922 ((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff))
923
924 static struct block *
925 gen_linktype(proto)
926 register int proto;
927 {
928 struct block *b0, *b1, *b2;
929
930 switch (linktype) {
931
932 case DLT_EN10MB:
933 switch (proto) {
934
935 case LLCSAP_ISONS:
936 /*
937 * OSI protocols always use 802.2 encapsulation.
938 * XXX - should we check both the DSAP and the
939 * SSAP, like this, or should we check just the
940 * DSAP?
941 */
942 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
943 gen_not(b0);
944 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
945 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
946 gen_and(b0, b1);
947 return b1;
948
949 case LLCSAP_NETBEUI:
950 /*
951 * NetBEUI always uses 802.2 encapsulation.
952 * XXX - should we check both the DSAP and the
953 * SSAP, like this, or should we check just the
954 * DSAP?
955 */
956 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
957 gen_not(b0);
958 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
959 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
960 gen_and(b0, b1);
961 return b1;
962
963 case LLCSAP_IPX:
964 /*
965 * Check for;
966 *
967 * Ethernet_II frames, which are Ethernet
968 * frames with a frame type of ETHERTYPE_IPX;
969 *
970 * Ethernet_802.3 frames, which are 802.3
971 * frames (i.e., the type/length field is
972 * a length field, <= ETHERMTU, rather than
973 * a type field) with the first two bytes
974 * after the Ethernet/802.3 header being
975 * 0xFFFF;
976 *
977 * Ethernet_802.2 frames, which are 802.3
978 * frames with an 802.2 LLC header and
979 * with the IPX LSAP as the DSAP in the LLC
980 * header;
981 *
982 * Ethernet_SNAP frames, which are 802.3
983 * frames with an LLC header and a SNAP
984 * header and with an OUI of 0x000000
985 * (encapsulated Ethernet) and a protocol
986 * ID of ETHERTYPE_IPX in the SNAP header.
987 *
988 * XXX - should we generate the same code both
989 * for tests for LLCSAP_IPX and for ETHERTYPE_IPX?
990 */
991
992 /*
993 * This generates code to check both for the
994 * IPX LSAP (Ethernet_802.2) and for Ethernet_802.3.
995 */
996 b0 = gen_cmp(off_linktype + 2, BPF_B,
997 (bpf_int32)LLCSAP_IPX);
998 b1 = gen_cmp(off_linktype + 2, BPF_H,
999 (bpf_int32)0xFFFF);
1000 gen_or(b0, b1);
1001
1002 /*
1003 * Now we add code to check for SNAP frames with
1004 * ETHERTYPE_IPX, i.e. Ethernet_SNAP.
1005 */
1006 b0 = gen_snap(0x000000, ETHERTYPE_IPX, 14);
1007 gen_or(b0, b1);
1008
1009 /*
1010 * Now we generate code to check for 802.3
1011 * frames in general.
1012 */
1013 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1014 gen_not(b0);
1015
1016 /*
1017 * Now add the check for 802.3 frames before the
1018 * check for Ethernet_802.2 and Ethernet_802.3,
1019 * as those checks should only be done on 802.3
1020 * frames, not on Ethernet frames.
1021 */
1022 gen_and(b0, b1);
1023
1024 /*
1025 * Now add the check for Ethernet_II frames, and
1026 * do that before checking for the other frame
1027 * types.
1028 */
1029 b0 = gen_cmp(off_linktype, BPF_H,
1030 (bpf_int32)ETHERTYPE_IPX);
1031 gen_or(b0, b1);
1032 return b1;
1033
1034 case ETHERTYPE_ATALK:
1035 case ETHERTYPE_AARP:
1036 /*
1037 * EtherTalk (AppleTalk protocols on Ethernet link
1038 * layer) may use 802.2 encapsulation.
1039 */
1040
1041 /*
1042 * Check for 802.2 encapsulation (EtherTalk phase 2?);
1043 * we check for an Ethernet type field less than
1044 * 1500, which means it's an 802.3 length field.
1045 */
1046 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1047 gen_not(b0);
1048
1049 /*
1050 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1051 * SNAP packets with an organization code of
1052 * 0x080007 (Apple, for Appletalk) and a protocol
1053 * type of ETHERTYPE_ATALK (Appletalk).
1054 *
1055 * 802.2-encapsulated ETHERTYPE_AARP packets are
1056 * SNAP packets with an organization code of
1057 * 0x000000 (encapsulated Ethernet) and a protocol
1058 * type of ETHERTYPE_AARP (Appletalk ARP).
1059 */
1060 if (proto == ETHERTYPE_ATALK)
1061 b1 = gen_snap(0x080007, ETHERTYPE_ATALK, 14);
1062 else /* proto == ETHERTYPE_AARP */
1063 b1 = gen_snap(0x000000, ETHERTYPE_AARP, 14);
1064 gen_and(b0, b1);
1065
1066 /*
1067 * Check for Ethernet encapsulation (Ethertalk
1068 * phase 1?); we just check for the Ethernet
1069 * protocol type.
1070 */
1071 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1072
1073 gen_or(b0, b1);
1074 return b1;
1075
1076 default:
1077 if (proto <= ETHERMTU) {
1078 /*
1079 * This is an LLC SAP value, so the frames
1080 * that match would be 802.2 frames.
1081 * Check that the frame is an 802.2 frame
1082 * (i.e., that the length/type field is
1083 * a length field, <= ETHERMTU) and
1084 * then check the DSAP.
1085 */
1086 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1087 gen_not(b0);
1088 b1 = gen_cmp(off_linktype + 2, BPF_B,
1089 (bpf_int32)proto);
1090 gen_and(b0, b1);
1091 return b1;
1092 } else {
1093 /*
1094 * This is an Ethernet type, so compare
1095 * the length/type field with it (if
1096 * the frame is an 802.2 frame, the length
1097 * field will be <= ETHERMTU, and, as
1098 * "proto" is > ETHERMTU, this test
1099 * will fail and the frame won't match,
1100 * which is what we want).
1101 */
1102 return gen_cmp(off_linktype, BPF_H,
1103 (bpf_int32)proto);
1104 }
1105 }
1106 break;
1107
1108 case DLT_IEEE802_11:
1109 case DLT_PRISM_HEADER:
1110 case DLT_FDDI:
1111 case DLT_IEEE802:
1112 case DLT_ATM_RFC1483:
1113 case DLT_ATM_CLIP:
1114 return gen_llc(proto);
1115 break;
1116
1117 case DLT_SUNATM:
1118 /*
1119 * Check for LLC encapsulation and then check the protocol.
1120 * XXX - also check for LANE and then check for an Ethernet
1121 * type?
1122 */
1123 b0 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0);
1124 b1 = gen_llc(proto);
1125 gen_and(b0, b1);
1126 return b1;
1127
1128 case DLT_LINUX_SLL:
1129 switch (proto) {
1130
1131 case LLCSAP_ISONS:
1132 /*
1133 * OSI protocols always use 802.2 encapsulation.
1134 * XXX - should we check both the DSAP and the
1135 * LSAP, like this, or should we check just the
1136 * DSAP?
1137 */
1138 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1139 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1140 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
1141 gen_and(b0, b1);
1142 return b1;
1143
1144 case LLCSAP_NETBEUI:
1145 /*
1146 * NetBEUI always uses 802.2 encapsulation.
1147 * XXX - should we check both the DSAP and the
1148 * LSAP, like this, or should we check just the
1149 * DSAP?
1150 */
1151 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1152 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1153 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
1154 gen_and(b0, b1);
1155 return b1;
1156
1157 case LLCSAP_IPX:
1158 /*
1159 * Ethernet_II frames, which are Ethernet
1160 * frames with a frame type of ETHERTYPE_IPX;
1161 *
1162 * Ethernet_802.3 frames, which have a frame
1163 * type of LINUX_SLL_P_802_3;
1164 *
1165 * Ethernet_802.2 frames, which are 802.3
1166 * frames with an 802.2 LLC header (i.e, have
1167 * a frame type of LINUX_SLL_P_802_2) and
1168 * with the IPX LSAP as the DSAP in the LLC
1169 * header;
1170 *
1171 * Ethernet_SNAP frames, which are 802.3
1172 * frames with an LLC header and a SNAP
1173 * header and with an OUI of 0x000000
1174 * (encapsulated Ethernet) and a protocol
1175 * ID of ETHERTYPE_IPX in the SNAP header.
1176 *
1177 * First, do the checks on LINUX_SLL_P_802_2
1178 * frames; generate the check for either
1179 * Ethernet_802.2 or Ethernet_SNAP frames, and
1180 * then put a check for LINUX_SLL_P_802_2 frames
1181 * before it.
1182 */
1183 b0 = gen_cmp(off_linktype + 2, BPF_B,
1184 (bpf_int32)LLCSAP_IPX);
1185 b1 = gen_snap(0x000000, ETHERTYPE_IPX,
1186 off_linktype + 2);
1187 gen_or(b0, b1);
1188 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1189 gen_and(b0, b1);
1190
1191 /*
1192 * Now check for 802.3 frames and OR that with
1193 * the previous test.
1194 */
1195 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_3);
1196 gen_or(b0, b1);
1197
1198 /*
1199 * Now add the check for Ethernet_II frames, and
1200 * do that before checking for the other frame
1201 * types.
1202 */
1203 b0 = gen_cmp(off_linktype, BPF_H,
1204 (bpf_int32)ETHERTYPE_IPX);
1205 gen_or(b0, b1);
1206 return b1;
1207
1208 case ETHERTYPE_ATALK:
1209 case ETHERTYPE_AARP:
1210 /*
1211 * EtherTalk (AppleTalk protocols on Ethernet link
1212 * layer) may use 802.2 encapsulation.
1213 */
1214
1215 /*
1216 * Check for 802.2 encapsulation (EtherTalk phase 2?);
1217 * we check for the 802.2 protocol type in the
1218 * "Ethernet type" field.
1219 */
1220 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1221
1222 /*
1223 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1224 * SNAP packets with an organization code of
1225 * 0x080007 (Apple, for Appletalk) and a protocol
1226 * type of ETHERTYPE_ATALK (Appletalk).
1227 *
1228 * 802.2-encapsulated ETHERTYPE_AARP packets are
1229 * SNAP packets with an organization code of
1230 * 0x000000 (encapsulated Ethernet) and a protocol
1231 * type of ETHERTYPE_AARP (Appletalk ARP).
1232 */
1233 if (proto == ETHERTYPE_ATALK)
1234 b1 = gen_snap(0x080007, ETHERTYPE_ATALK,
1235 off_linktype + 2);
1236 else /* proto == ETHERTYPE_AARP */
1237 b1 = gen_snap(0x000000, ETHERTYPE_AARP,
1238 off_linktype + 2);
1239 gen_and(b0, b1);
1240
1241 /*
1242 * Check for Ethernet encapsulation (Ethertalk
1243 * phase 1?); we just check for the Ethernet
1244 * protocol type.
1245 */
1246 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1247
1248 gen_or(b0, b1);
1249 return b1;
1250
1251 default:
1252 if (proto <= ETHERMTU) {
1253 /*
1254 * This is an LLC SAP value, so the frames
1255 * that match would be 802.2 frames.
1256 * Check for the 802.2 protocol type
1257 * in the "Ethernet type" field, and
1258 * then check the DSAP.
1259 */
1260 b0 = gen_cmp(off_linktype, BPF_H,
1261 LINUX_SLL_P_802_2);
1262 b1 = gen_cmp(off_linktype + 2, BPF_B,
1263 (bpf_int32)proto);
1264 gen_and(b0, b1);
1265 return b1;
1266 } else {
1267 /*
1268 * This is an Ethernet type, so compare
1269 * the length/type field with it (if
1270 * the frame is an 802.2 frame, the length
1271 * field will be <= ETHERMTU, and, as
1272 * "proto" is > ETHERMTU, this test
1273 * will fail and the frame won't match,
1274 * which is what we want).
1275 */
1276 return gen_cmp(off_linktype, BPF_H,
1277 (bpf_int32)proto);
1278 }
1279 }
1280 break;
1281
1282 case DLT_SLIP:
1283 case DLT_SLIP_BSDOS:
1284 case DLT_RAW:
1285 /*
1286 * These types don't provide any type field; packets
1287 * are always IP.
1288 *
1289 * XXX - for IPv4, check for a version number of 4, and,
1290 * for IPv6, check for a version number of 6?
1291 */
1292 switch (proto) {
1293
1294 case ETHERTYPE_IP:
1295 #ifdef INET6
1296 case ETHERTYPE_IPV6:
1297 #endif
1298 return gen_true(); /* always true */
1299
1300 default:
1301 return gen_false(); /* always false */
1302 }
1303 break;
1304
1305 case DLT_PPP:
1306 case DLT_PPP_SERIAL:
1307 case DLT_PPP_ETHER:
1308 /*
1309 * We use Ethernet protocol types inside libpcap;
1310 * map them to the corresponding PPP protocol types.
1311 */
1312 switch (proto) {
1313
1314 case ETHERTYPE_IP:
1315 proto = PPP_IP; /* XXX was 0x21 */
1316 break;
1317
1318 #ifdef INET6
1319 case ETHERTYPE_IPV6:
1320 proto = PPP_IPV6;
1321 break;
1322 #endif
1323
1324 case ETHERTYPE_DN:
1325 proto = PPP_DECNET;
1326 break;
1327
1328 case ETHERTYPE_ATALK:
1329 proto = PPP_APPLE;
1330 break;
1331
1332 case ETHERTYPE_NS:
1333 proto = PPP_NS;
1334 break;
1335
1336 case LLCSAP_ISONS:
1337 proto = PPP_OSI;
1338 break;
1339
1340 case LLCSAP_8021D:
1341 /*
1342 * I'm assuming the "Bridging PDU"s that go
1343 * over PPP are Spanning Tree Protocol
1344 * Bridging PDUs.
1345 */
1346 proto = PPP_BRPDU;
1347 break;
1348
1349 case LLCSAP_IPX:
1350 proto = PPP_IPX;
1351 break;
1352 }
1353 break;
1354
1355 case DLT_PPP_BSDOS:
1356 /*
1357 * We use Ethernet protocol types inside libpcap;
1358 * map them to the corresponding PPP protocol types.
1359 */
1360 switch (proto) {
1361
1362 case ETHERTYPE_IP:
1363 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP);
1364 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC);
1365 gen_or(b0, b1);
1366 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC);
1367 gen_or(b1, b0);
1368 return b0;
1369
1370 #ifdef INET6
1371 case ETHERTYPE_IPV6:
1372 proto = PPP_IPV6;
1373 /* more to go? */
1374 break;
1375 #endif
1376
1377 case ETHERTYPE_DN:
1378 proto = PPP_DECNET;
1379 break;
1380
1381 case ETHERTYPE_ATALK:
1382 proto = PPP_APPLE;
1383 break;
1384
1385 case ETHERTYPE_NS:
1386 proto = PPP_NS;
1387 break;
1388
1389 case LLCSAP_ISONS:
1390 proto = PPP_OSI;
1391 break;
1392
1393 case LLCSAP_8021D:
1394 /*
1395 * I'm assuming the "Bridging PDU"s that go
1396 * over PPP are Spanning Tree Protocol
1397 * Bridging PDUs.
1398 */
1399 proto = PPP_BRPDU;
1400 break;
1401
1402 case LLCSAP_IPX:
1403 proto = PPP_IPX;
1404 break;
1405 }
1406 break;
1407
1408 case DLT_NULL:
1409 case DLT_LOOP:
1410 /*
1411 * For DLT_NULL, the link-layer header is a 32-bit
1412 * word containing an AF_ value in *host* byte order.
1413 *
1414 * In addition, if we're reading a saved capture file,
1415 * the host byte order in the capture may not be the
1416 * same as the host byte order on this machine.
1417 *
1418 * For DLT_LOOP, the link-layer header is a 32-bit
1419 * word containing an AF_ value in *network* byte order.
1420 *
1421 * XXX - AF_ values may, unfortunately, be platform-
1422 * dependent; for example, FreeBSD's AF_INET6 is 24
1423 * whilst NetBSD's and OpenBSD's is 26.
1424 *
1425 * This means that, when reading a capture file, just
1426 * checking for our AF_INET6 value won't work if the
1427 * capture file came from another OS.
1428 */
1429 switch (proto) {
1430
1431 case ETHERTYPE_IP:
1432 proto = AF_INET;
1433 break;
1434
1435 #ifdef INET6
1436 case ETHERTYPE_IPV6:
1437 proto = AF_INET6;
1438 break;
1439 #endif
1440
1441 default:
1442 /*
1443 * Not a type on which we support filtering.
1444 * XXX - support those that have AF_ values
1445 * #defined on this platform, at least?
1446 */
1447 return gen_false();
1448 }
1449
1450 if (linktype == DLT_NULL) {
1451 /*
1452 * The AF_ value is in host byte order, but
1453 * the BPF interpreter will convert it to
1454 * network byte order.
1455 *
1456 * If this is a save file, and it's from a
1457 * machine with the opposite byte order to
1458 * ours, we byte-swap the AF_ value.
1459 *
1460 * Then we run it through "htonl()", and
1461 * generate code to compare against the result.
1462 */
1463 if (bpf_pcap->sf.rfile != NULL &&
1464 bpf_pcap->sf.swapped)
1465 proto = SWAPLONG(proto);
1466 proto = htonl(proto);
1467 }
1468 return (gen_cmp(0, BPF_W, (bpf_int32)proto));
1469
1470 case DLT_ARCNET:
1471 /*
1472 * XXX should we check for first fragment if the protocol
1473 * uses PHDS?
1474 */
1475 switch(proto) {
1476 default:
1477 return gen_false();
1478 #ifdef INET6
1479 case ETHERTYPE_IPV6:
1480 return(gen_cmp(2, BPF_B,
1481 (bpf_int32)htonl(ARCTYPE_INET6)));
1482 #endif /* INET6 */
1483 case ETHERTYPE_IP:
1484 b0 = gen_cmp(2, BPF_B, (bpf_int32)htonl(ARCTYPE_IP));
1485 b1 = gen_cmp(2, BPF_B,
1486 (bpf_int32)htonl(ARCTYPE_IP_OLD));
1487 gen_or(b0, b1);
1488 return(b1);
1489 case ETHERTYPE_ARP:
1490 b0 = gen_cmp(2, BPF_B, (bpf_int32)htonl(ARCTYPE_ARP));
1491 b1 = gen_cmp(2, BPF_B,
1492 (bpf_int32)htonl(ARCTYPE_ARP_OLD));
1493 gen_or(b0, b1);
1494 return(b1);
1495 case ETHERTYPE_REVARP:
1496 return(gen_cmp(2, BPF_B,
1497 (bpf_int32)htonl(ARCTYPE_REVARP)));
1498 case ETHERTYPE_ATALK:
1499 return(gen_cmp(2, BPF_B,
1500 (bpf_int32)htonl(ARCTYPE_ATALK)));
1501 }
1502 break;
1503
1504 case DLT_LTALK:
1505 switch (proto) {
1506 case ETHERTYPE_ATALK:
1507 return gen_true();
1508 default:
1509 return gen_false();
1510 }
1511 break;
1512
1513 case DLT_FRELAY:
1514 /*
1515 * XXX - assumes a 2-byte Frame Relay header with
1516 * DLCI and flags. What if the address is longer?
1517 */
1518 switch (proto) {
1519
1520 case ETHERTYPE_IP:
1521 /*
1522 * Check for the special NLPID for IP.
1523 */
1524 return gen_cmp(2, BPF_H, (0x03<<8) | 0xcc);
1525
1526 #ifdef INET6
1527 case ETHERTYPE_IPV6:
1528 /*
1529 * Check for the special NLPID for IPv6.
1530 */
1531 return gen_cmp(2, BPF_H, (0x03<<8) | 0x8e);
1532 #endif
1533
1534 case LLCSAP_ISONS:
1535 /*
1536 * Check for several OSI protocols.
1537 *
1538 * Frame Relay packets typically have an OSI
1539 * NLPID at the beginning; we check for each
1540 * of them.
1541 *
1542 * What we check for is the NLPID and a frame
1543 * control field of UI, i.e. 0x03 followed
1544 * by the NLPID.
1545 */
1546 b0 = gen_cmp(2, BPF_H, (0x03<<8) | ISO8473_CLNP);
1547 b1 = gen_cmp(2, BPF_H, (0x03<<8) | ISO9542_ESIS);
1548 b2 = gen_cmp(2, BPF_H, (0x03<<8) | ISO10589_ISIS);
1549 gen_or(b1, b2);
1550 gen_or(b0, b2);
1551 return b2;
1552
1553 default:
1554 return gen_false();
1555 }
1556 break;
1557 }
1558
1559 /*
1560 * All the types that have no encapsulation should either be
1561 * handled as DLT_SLIP, DLT_SLIP_BSDOS, and DLT_RAW are, if
1562 * all packets are IP packets, or should be handled in some
1563 * special case, if none of them are (if some are and some
1564 * aren't, the lack of encapsulation is a problem, as we'd
1565 * have to find some other way of determining the packet type).
1566 *
1567 * Therefore, if "off_linktype" is -1, there's an error.
1568 */
1569 if (off_linktype == -1)
1570 abort();
1571
1572 /*
1573 * Any type not handled above should always have an Ethernet
1574 * type at an offset of "off_linktype". (PPP is partially
1575 * handled above - the protocol type is mapped from the
1576 * Ethernet and LLC types we use internally to the corresponding
1577 * PPP type - but the PPP type is always specified by a value
1578 * at "off_linktype", so we don't have to do the code generation
1579 * above.)
1580 */
1581 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1582 }
1583
1584 /*
1585 * Check for an LLC SNAP packet with a given organization code and
1586 * protocol type; we check the entire contents of the 802.2 LLC and
1587 * snap headers, checking for DSAP and SSAP of SNAP and a control
1588 * field of 0x03 in the LLC header, and for the specified organization
1589 * code and protocol type in the SNAP header.
1590 */
1591 static struct block *
1592 gen_snap(orgcode, ptype, offset)
1593 bpf_u_int32 orgcode;
1594 bpf_u_int32 ptype;
1595 u_int offset;
1596 {
1597 u_char snapblock[8];
1598
1599 snapblock[0] = LLCSAP_SNAP; /* DSAP = SNAP */
1600 snapblock[1] = LLCSAP_SNAP; /* SSAP = SNAP */
1601 snapblock[2] = 0x03; /* control = UI */
1602 snapblock[3] = (orgcode >> 16); /* upper 8 bits of organization code */
1603 snapblock[4] = (orgcode >> 8); /* middle 8 bits of organization code */
1604 snapblock[5] = (orgcode >> 0); /* lower 8 bits of organization code */
1605 snapblock[6] = (ptype >> 8); /* upper 8 bits of protocol type */
1606 snapblock[7] = (ptype >> 0); /* lower 8 bits of protocol type */
1607 return gen_bcmp(offset, 8, snapblock);
1608 }
1609
1610 /*
1611 * Check for a given protocol value assuming an 802.2 LLC header.
1612 */
1613 static struct block *
1614 gen_llc(proto)
1615 int proto;
1616 {
1617 /*
1618 * XXX - handle token-ring variable-length header.
1619 */
1620 switch (proto) {
1621
1622 case LLCSAP_ISONS:
1623 return gen_cmp(off_linktype, BPF_H, (long)
1624 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
1625
1626 case LLCSAP_NETBEUI:
1627 return gen_cmp(off_linktype, BPF_H, (long)
1628 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
1629
1630 case LLCSAP_IPX:
1631 /*
1632 * XXX - are there ever SNAP frames for IPX on
1633 * non-Ethernet 802.x networks?
1634 */
1635 return gen_cmp(off_linktype, BPF_B, (bpf_int32)LLCSAP_IPX);
1636
1637 case ETHERTYPE_ATALK:
1638 /*
1639 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1640 * SNAP packets with an organization code of
1641 * 0x080007 (Apple, for Appletalk) and a protocol
1642 * type of ETHERTYPE_ATALK (Appletalk).
1643 *
1644 * XXX - check for an organization code of
1645 * encapsulated Ethernet as well?
1646 */
1647 return gen_snap(0x080007, ETHERTYPE_ATALK, off_linktype);
1648
1649 default:
1650 /*
1651 * XXX - we don't have to check for IPX 802.3
1652 * here, but should we check for the IPX Ethertype?
1653 */
1654 if (proto <= ETHERMTU) {
1655 /*
1656 * This is an LLC SAP value, so check
1657 * the DSAP.
1658 */
1659 return gen_cmp(off_linktype, BPF_B, (bpf_int32)proto);
1660 } else {
1661 /*
1662 * This is an Ethernet type; we assume that it's
1663 * unlikely that it'll appear in the right place
1664 * at random, and therefore check only the
1665 * location that would hold the Ethernet type
1666 * in a SNAP frame with an organization code of
1667 * 0x000000 (encapsulated Ethernet).
1668 *
1669 * XXX - if we were to check for the SNAP DSAP and
1670 * LSAP, as per XXX, and were also to check for an
1671 * organization code of 0x000000 (encapsulated
1672 * Ethernet), we'd do
1673 *
1674 * return gen_snap(0x000000, proto,
1675 * off_linktype);
1676 *
1677 * here; for now, we don't, as per the above.
1678 * I don't know whether it's worth the extra CPU
1679 * time to do the right check or not.
1680 */
1681 return gen_cmp(off_linktype+6, BPF_H, (bpf_int32)proto);
1682 }
1683 }
1684 }
1685
1686 static struct block *
1687 gen_hostop(addr, mask, dir, proto, src_off, dst_off)
1688 bpf_u_int32 addr;
1689 bpf_u_int32 mask;
1690 int dir, proto;
1691 u_int src_off, dst_off;
1692 {
1693 struct block *b0, *b1;
1694 u_int offset;
1695
1696 switch (dir) {
1697
1698 case Q_SRC:
1699 offset = src_off;
1700 break;
1701
1702 case Q_DST:
1703 offset = dst_off;
1704 break;
1705
1706 case Q_AND:
1707 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
1708 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
1709 gen_and(b0, b1);
1710 return b1;
1711
1712 case Q_OR:
1713 case Q_DEFAULT:
1714 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
1715 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
1716 gen_or(b0, b1);
1717 return b1;
1718
1719 default:
1720 abort();
1721 }
1722 b0 = gen_linktype(proto);
1723 b1 = gen_mcmp(offset, BPF_W, (bpf_int32)addr, mask);
1724 gen_and(b0, b1);
1725 return b1;
1726 }
1727
1728 #ifdef INET6
1729 static struct block *
1730 gen_hostop6(addr, mask, dir, proto, src_off, dst_off)
1731 struct in6_addr *addr;
1732 struct in6_addr *mask;
1733 int dir, proto;
1734 u_int src_off, dst_off;
1735 {
1736 struct block *b0, *b1;
1737 u_int offset;
1738 u_int32_t *a, *m;
1739
1740 switch (dir) {
1741
1742 case Q_SRC:
1743 offset = src_off;
1744 break;
1745
1746 case Q_DST:
1747 offset = dst_off;
1748 break;
1749
1750 case Q_AND:
1751 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
1752 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
1753 gen_and(b0, b1);
1754 return b1;
1755
1756 case Q_OR:
1757 case Q_DEFAULT:
1758 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
1759 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
1760 gen_or(b0, b1);
1761 return b1;
1762
1763 default:
1764 abort();
1765 }
1766 /* this order is important */
1767 a = (u_int32_t *)addr;
1768 m = (u_int32_t *)mask;
1769 b1 = gen_mcmp(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3]));
1770 b0 = gen_mcmp(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2]));
1771 gen_and(b0, b1);
1772 b0 = gen_mcmp(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1]));
1773 gen_and(b0, b1);
1774 b0 = gen_mcmp(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0]));
1775 gen_and(b0, b1);
1776 b0 = gen_linktype(proto);
1777 gen_and(b0, b1);
1778 return b1;
1779 }
1780 #endif /*INET6*/
1781
1782 static struct block *
1783 gen_ehostop(eaddr, dir)
1784 register const u_char *eaddr;
1785 register int dir;
1786 {
1787 register struct block *b0, *b1;
1788
1789 switch (dir) {
1790 case Q_SRC:
1791 return gen_bcmp(6, 6, eaddr);
1792
1793 case Q_DST:
1794 return gen_bcmp(0, 6, eaddr);
1795
1796 case Q_AND:
1797 b0 = gen_ehostop(eaddr, Q_SRC);
1798 b1 = gen_ehostop(eaddr, Q_DST);
1799 gen_and(b0, b1);
1800 return b1;
1801
1802 case Q_DEFAULT:
1803 case Q_OR:
1804 b0 = gen_ehostop(eaddr, Q_SRC);
1805 b1 = gen_ehostop(eaddr, Q_DST);
1806 gen_or(b0, b1);
1807 return b1;
1808 }
1809 abort();
1810 /* NOTREACHED */
1811 }
1812
1813 /*
1814 * Like gen_ehostop, but for DLT_FDDI
1815 */
1816 static struct block *
1817 gen_fhostop(eaddr, dir)
1818 register const u_char *eaddr;
1819 register int dir;
1820 {
1821 struct block *b0, *b1;
1822
1823 switch (dir) {
1824 case Q_SRC:
1825 #ifdef PCAP_FDDIPAD
1826 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr);
1827 #else
1828 return gen_bcmp(6 + 1, 6, eaddr);
1829 #endif
1830
1831 case Q_DST:
1832 #ifdef PCAP_FDDIPAD
1833 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr);
1834 #else
1835 return gen_bcmp(0 + 1, 6, eaddr);
1836 #endif
1837
1838 case Q_AND:
1839 b0 = gen_fhostop(eaddr, Q_SRC);
1840 b1 = gen_fhostop(eaddr, Q_DST);
1841 gen_and(b0, b1);
1842 return b1;
1843
1844 case Q_DEFAULT:
1845 case Q_OR:
1846 b0 = gen_fhostop(eaddr, Q_SRC);
1847 b1 = gen_fhostop(eaddr, Q_DST);
1848 gen_or(b0, b1);
1849 return b1;
1850 }
1851 abort();
1852 /* NOTREACHED */
1853 }
1854
1855 /*
1856 * Like gen_ehostop, but for DLT_IEEE802 (Token Ring)
1857 */
1858 static struct block *
1859 gen_thostop(eaddr, dir)
1860 register const u_char *eaddr;
1861 register int dir;
1862 {
1863 register struct block *b0, *b1;
1864
1865 switch (dir) {
1866 case Q_SRC:
1867 return gen_bcmp(8, 6, eaddr);
1868
1869 case Q_DST:
1870 return gen_bcmp(2, 6, eaddr);
1871
1872 case Q_AND:
1873 b0 = gen_thostop(eaddr, Q_SRC);
1874 b1 = gen_thostop(eaddr, Q_DST);
1875 gen_and(b0, b1);
1876 return b1;
1877
1878 case Q_DEFAULT:
1879 case Q_OR:
1880 b0 = gen_thostop(eaddr, Q_SRC);
1881 b1 = gen_thostop(eaddr, Q_DST);
1882 gen_or(b0, b1);
1883 return b1;
1884 }
1885 abort();
1886 /* NOTREACHED */
1887 }
1888
1889 /*
1890 * This is quite tricky because there may be pad bytes in front of the
1891 * DECNET header, and then there are two possible data packet formats that
1892 * carry both src and dst addresses, plus 5 packet types in a format that
1893 * carries only the src node, plus 2 types that use a different format and
1894 * also carry just the src node.
1895 *
1896 * Yuck.
1897 *
1898 * Instead of doing those all right, we just look for data packets with
1899 * 0 or 1 bytes of padding. If you want to look at other packets, that
1900 * will require a lot more hacking.
1901 *
1902 * To add support for filtering on DECNET "areas" (network numbers)
1903 * one would want to add a "mask" argument to this routine. That would
1904 * make the filter even more inefficient, although one could be clever
1905 * and not generate masking instructions if the mask is 0xFFFF.
1906 */
1907 static struct block *
1908 gen_dnhostop(addr, dir, base_off)
1909 bpf_u_int32 addr;
1910 int dir;
1911 u_int base_off;
1912 {
1913 struct block *b0, *b1, *b2, *tmp;
1914 u_int offset_lh; /* offset if long header is received */
1915 u_int offset_sh; /* offset if short header is received */
1916
1917 switch (dir) {
1918
1919 case Q_DST:
1920 offset_sh = 1; /* follows flags */
1921 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */
1922 break;
1923
1924 case Q_SRC:
1925 offset_sh = 3; /* follows flags, dstnode */
1926 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */
1927 break;
1928
1929 case Q_AND:
1930 /* Inefficient because we do our Calvinball dance twice */
1931 b0 = gen_dnhostop(addr, Q_SRC, base_off);
1932 b1 = gen_dnhostop(addr, Q_DST, base_off);
1933 gen_and(b0, b1);
1934 return b1;
1935
1936 case Q_OR:
1937 case Q_DEFAULT:
1938 /* Inefficient because we do our Calvinball dance twice */
1939 b0 = gen_dnhostop(addr, Q_SRC, base_off);
1940 b1 = gen_dnhostop(addr, Q_DST, base_off);
1941 gen_or(b0, b1);
1942 return b1;
1943
1944 case Q_ISO:
1945 bpf_error("ISO host filtering not implemented");
1946
1947 default:
1948 abort();
1949 }
1950 b0 = gen_linktype(ETHERTYPE_DN);
1951 /* Check for pad = 1, long header case */
1952 tmp = gen_mcmp(base_off + 2, BPF_H,
1953 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF));
1954 b1 = gen_cmp(base_off + 2 + 1 + offset_lh,
1955 BPF_H, (bpf_int32)ntohs(addr));
1956 gen_and(tmp, b1);
1957 /* Check for pad = 0, long header case */
1958 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7);
1959 b2 = gen_cmp(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr));
1960 gen_and(tmp, b2);
1961 gen_or(b2, b1);
1962 /* Check for pad = 1, short header case */
1963 tmp = gen_mcmp(base_off + 2, BPF_H,
1964 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF));
1965 b2 = gen_cmp(base_off + 2 + 1 + offset_sh,
1966 BPF_H, (bpf_int32)ntohs(addr));
1967 gen_and(tmp, b2);
1968 gen_or(b2, b1);
1969 /* Check for pad = 0, short header case */
1970 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7);
1971 b2 = gen_cmp(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr));
1972 gen_and(tmp, b2);
1973 gen_or(b2, b1);
1974
1975 /* Combine with test for linktype */
1976 gen_and(b0, b1);
1977 return b1;
1978 }
1979
1980 static struct block *
1981 gen_host(addr, mask, proto, dir)
1982 bpf_u_int32 addr;
1983 bpf_u_int32 mask;
1984 int proto;
1985 int dir;
1986 {
1987 struct block *b0, *b1;
1988
1989 switch (proto) {
1990
1991 case Q_DEFAULT:
1992 b0 = gen_host(addr, mask, Q_IP, dir);
1993 if (off_linktype != -1) {
1994 b1 = gen_host(addr, mask, Q_ARP, dir);
1995 gen_or(b0, b1);
1996 b0 = gen_host(addr, mask, Q_RARP, dir);
1997 gen_or(b1, b0);
1998 }
1999 return b0;
2000
2001 case Q_IP:
2002 return gen_hostop(addr, mask, dir, ETHERTYPE_IP,
2003 off_nl + 12, off_nl + 16);
2004
2005 case Q_RARP:
2006 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP,
2007 off_nl + 14, off_nl + 24);
2008
2009 case Q_ARP:
2010 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP,
2011 off_nl + 14, off_nl + 24);
2012
2013 case Q_TCP:
2014 bpf_error("'tcp' modifier applied to host");
2015
2016 case Q_SCTP:
2017 bpf_error("'sctp' modifier applied to host");
2018
2019 case Q_UDP:
2020 bpf_error("'udp' modifier applied to host");
2021
2022 case Q_ICMP:
2023 bpf_error("'icmp' modifier applied to host");
2024
2025 case Q_IGMP:
2026 bpf_error("'igmp' modifier applied to host");
2027
2028 case Q_IGRP:
2029 bpf_error("'igrp' modifier applied to host");
2030
2031 case Q_PIM:
2032 bpf_error("'pim' modifier applied to host");
2033
2034 case Q_VRRP:
2035 bpf_error("'vrrp' modifier applied to host");
2036
2037 case Q_ATALK:
2038 bpf_error("ATALK host filtering not implemented");
2039
2040 case Q_AARP:
2041 bpf_error("AARP host filtering not implemented");
2042
2043 case Q_DECNET:
2044 return gen_dnhostop(addr, dir, off_nl);
2045
2046 case Q_SCA:
2047 bpf_error("SCA host filtering not implemented");
2048
2049 case Q_LAT:
2050 bpf_error("LAT host filtering not implemented");
2051
2052 case Q_MOPDL:
2053 bpf_error("MOPDL host filtering not implemented");
2054
2055 case Q_MOPRC:
2056 bpf_error("MOPRC host filtering not implemented");
2057
2058 #ifdef INET6
2059 case Q_IPV6:
2060 bpf_error("'ip6' modifier applied to ip host");
2061
2062 case Q_ICMPV6:
2063 bpf_error("'icmp6' modifier applied to host");
2064 #endif /* INET6 */
2065
2066 case Q_AH:
2067 bpf_error("'ah' modifier applied to host");
2068
2069 case Q_ESP:
2070 bpf_error("'esp' modifier applied to host");
2071
2072 case Q_ISO:
2073 bpf_error("ISO host filtering not implemented");
2074
2075 case Q_ESIS:
2076 bpf_error("'esis' modifier applied to host");
2077
2078 case Q_ISIS:
2079 bpf_error("'isis' modifier applied to host");
2080
2081 case Q_CLNP:
2082 bpf_error("'clnp' modifier applied to host");
2083
2084 case Q_STP:
2085 bpf_error("'stp' modifier applied to host");
2086
2087 case Q_IPX:
2088 bpf_error("IPX host filtering not implemented");
2089
2090 case Q_NETBEUI:
2091 bpf_error("'netbeui' modifier applied to host");
2092
2093 default:
2094 abort();
2095 }
2096 /* NOTREACHED */
2097 }
2098
2099 #ifdef INET6
2100 static struct block *
2101 gen_host6(addr, mask, proto, dir)
2102 struct in6_addr *addr;
2103 struct in6_addr *mask;
2104 int proto;
2105 int dir;
2106 {
2107 switch (proto) {
2108
2109 case Q_DEFAULT:
2110 return gen_host6(addr, mask, Q_IPV6, dir);
2111
2112 case Q_IP:
2113 bpf_error("'ip' modifier applied to ip6 host");
2114
2115 case Q_RARP:
2116 bpf_error("'rarp' modifier applied to ip6 host");
2117
2118 case Q_ARP:
2119 bpf_error("'arp' modifier applied to ip6 host");
2120
2121 case Q_SCTP:
2122 bpf_error("'sctp' modifier applied to host");
2123
2124 case Q_TCP:
2125 bpf_error("'tcp' modifier applied to host");
2126
2127 case Q_UDP:
2128 bpf_error("'udp' modifier applied to host");
2129
2130 case Q_ICMP:
2131 bpf_error("'icmp' modifier applied to host");
2132
2133 case Q_IGMP:
2134 bpf_error("'igmp' modifier applied to host");
2135
2136 case Q_IGRP:
2137 bpf_error("'igrp' modifier applied to host");
2138
2139 case Q_PIM:
2140 bpf_error("'pim' modifier applied to host");
2141
2142 case Q_VRRP:
2143 bpf_error("'vrrp' modifier applied to host");
2144
2145 case Q_ATALK:
2146 bpf_error("ATALK host filtering not implemented");
2147
2148 case Q_AARP:
2149 bpf_error("AARP host filtering not implemented");
2150
2151 case Q_DECNET:
2152 bpf_error("'decnet' modifier applied to ip6 host");
2153
2154 case Q_SCA:
2155 bpf_error("SCA host filtering not implemented");
2156
2157 case Q_LAT:
2158 bpf_error("LAT host filtering not implemented");
2159
2160 case Q_MOPDL:
2161 bpf_error("MOPDL host filtering not implemented");
2162
2163 case Q_MOPRC:
2164 bpf_error("MOPRC host filtering not implemented");
2165
2166 case Q_IPV6:
2167 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6,
2168 off_nl + 8, off_nl + 24);
2169
2170 case Q_ICMPV6:
2171 bpf_error("'icmp6' modifier applied to host");
2172
2173 case Q_AH:
2174 bpf_error("'ah' modifier applied to host");
2175
2176 case Q_ESP:
2177 bpf_error("'esp' modifier applied to host");
2178
2179 case Q_ISO:
2180 bpf_error("ISO host filtering not implemented");
2181
2182 case Q_ESIS:
2183 bpf_error("'esis' modifier applied to host");
2184
2185 case Q_ISIS:
2186 bpf_error("'isis' modifier applied to host");
2187
2188 case Q_CLNP:
2189 bpf_error("'clnp' modifier applied to host");
2190
2191 case Q_STP:
2192 bpf_error("'stp' modifier applied to host");
2193
2194 case Q_IPX:
2195 bpf_error("IPX host filtering not implemented");
2196
2197 case Q_NETBEUI:
2198 bpf_error("'netbeui' modifier applied to host");
2199
2200 default:
2201 abort();
2202 }
2203 /* NOTREACHED */
2204 }
2205 #endif /*INET6*/
2206
2207 #ifndef INET6
2208 static struct block *
2209 gen_gateway(eaddr, alist, proto, dir)
2210 const u_char *eaddr;
2211 bpf_u_int32 **alist;
2212 int proto;
2213 int dir;
2214 {
2215 struct block *b0, *b1, *tmp;
2216
2217 if (dir != 0)
2218 bpf_error("direction applied to 'gateway'");
2219
2220 switch (proto) {
2221 case Q_DEFAULT:
2222 case Q_IP:
2223 case Q_ARP:
2224 case Q_RARP:
2225 if (linktype == DLT_EN10MB)
2226 b0 = gen_ehostop(eaddr, Q_OR);
2227 else if (linktype == DLT_FDDI)
2228 b0 = gen_fhostop(eaddr, Q_OR);
2229 else if (linktype == DLT_IEEE802)
2230 b0 = gen_thostop(eaddr, Q_OR);
2231 else
2232 bpf_error(
2233 "'gateway' supported only on ethernet, FDDI or token ring");
2234
2235 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR);
2236 while (*alist) {
2237 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR);
2238 gen_or(b1, tmp);
2239 b1 = tmp;
2240 }
2241 gen_not(b1);
2242 gen_and(b0, b1);
2243 return b1;
2244 }
2245 bpf_error("illegal modifier of 'gateway'");
2246 /* NOTREACHED */
2247 }
2248 #endif
2249
2250 struct block *
2251 gen_proto_abbrev(proto)
2252 int proto;
2253 {
2254 #ifdef INET6
2255 struct block *b0;
2256 #endif
2257 struct block *b1;
2258
2259 switch (proto) {
2260
2261 case Q_SCTP:
2262 b1 = gen_proto(IPPROTO_SCTP, Q_IP, Q_DEFAULT);
2263 #ifdef INET6
2264 b0 = gen_proto(IPPROTO_SCTP, Q_IPV6, Q_DEFAULT);
2265 gen_or(b0, b1);
2266 #endif
2267 break;
2268
2269 case Q_TCP:
2270 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT);
2271 #ifdef INET6
2272 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT);
2273 gen_or(b0, b1);
2274 #endif
2275 break;
2276
2277 case Q_UDP:
2278 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT);
2279 #ifdef INET6
2280 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT);
2281 gen_or(b0, b1);
2282 #endif
2283 break;
2284
2285 case Q_ICMP:
2286 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT);
2287 break;
2288
2289 #ifndef IPPROTO_IGMP
2290 #define IPPROTO_IGMP 2
2291 #endif
2292
2293 case Q_IGMP:
2294 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT);
2295 break;
2296
2297 #ifndef IPPROTO_IGRP
2298 #define IPPROTO_IGRP 9
2299 #endif
2300 case Q_IGRP:
2301 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT);
2302 break;
2303
2304 #ifndef IPPROTO_PIM
2305 #define IPPROTO_PIM 103
2306 #endif
2307
2308 case Q_PIM:
2309 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT);
2310 #ifdef INET6
2311 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT);
2312 gen_or(b0, b1);
2313 #endif
2314 break;
2315
2316 #ifndef IPPROTO_VRRP
2317 #define IPPROTO_VRRP 112
2318 #endif
2319
2320 case Q_VRRP:
2321 b1 = gen_proto(IPPROTO_VRRP, Q_IP, Q_DEFAULT);
2322 break;
2323
2324 case Q_IP:
2325 b1 = gen_linktype(ETHERTYPE_IP);
2326 break;
2327
2328 case Q_ARP:
2329 b1 = gen_linktype(ETHERTYPE_ARP);
2330 break;
2331
2332 case Q_RARP:
2333 b1 = gen_linktype(ETHERTYPE_REVARP);
2334 break;
2335
2336 case Q_LINK:
2337 bpf_error("link layer applied in wrong context");
2338
2339 case Q_ATALK:
2340 b1 = gen_linktype(ETHERTYPE_ATALK);
2341 break;
2342
2343 case Q_AARP:
2344 b1 = gen_linktype(ETHERTYPE_AARP);
2345 break;
2346
2347 case Q_DECNET:
2348 b1 = gen_linktype(ETHERTYPE_DN);
2349 break;
2350
2351 case Q_SCA:
2352 b1 = gen_linktype(ETHERTYPE_SCA);
2353 break;
2354
2355 case Q_LAT:
2356 b1 = gen_linktype(ETHERTYPE_LAT);
2357 break;
2358
2359 case Q_MOPDL:
2360 b1 = gen_linktype(ETHERTYPE_MOPDL);
2361 break;
2362
2363 case Q_MOPRC:
2364 b1 = gen_linktype(ETHERTYPE_MOPRC);
2365 break;
2366
2367 #ifdef INET6
2368 case Q_IPV6:
2369 b1 = gen_linktype(ETHERTYPE_IPV6);
2370 break;
2371
2372 #ifndef IPPROTO_ICMPV6
2373 #define IPPROTO_ICMPV6 58
2374 #endif
2375 case Q_ICMPV6:
2376 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT);
2377 break;
2378 #endif /* INET6 */
2379
2380 #ifndef IPPROTO_AH
2381 #define IPPROTO_AH 51
2382 #endif
2383 case Q_AH:
2384 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT);
2385 #ifdef INET6
2386 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT);
2387 gen_or(b0, b1);
2388 #endif
2389 break;
2390
2391 #ifndef IPPROTO_ESP
2392 #define IPPROTO_ESP 50
2393 #endif
2394 case Q_ESP:
2395 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT);
2396 #ifdef INET6
2397 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT);
2398 gen_or(b0, b1);
2399 #endif
2400 break;
2401
2402 case Q_ISO:
2403 b1 = gen_linktype(LLCSAP_ISONS);
2404 break;
2405
2406 case Q_ESIS:
2407 b1 = gen_proto(ISO9542_ESIS, Q_ISO, Q_DEFAULT);
2408 break;
2409
2410 case Q_ISIS:
2411 b1 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT);
2412 break;
2413
2414 case Q_CLNP:
2415 b1 = gen_proto(ISO8473_CLNP, Q_ISO, Q_DEFAULT);
2416 break;
2417
2418 case Q_STP:
2419 b1 = gen_linktype(LLCSAP_8021D);
2420 break;
2421
2422 case Q_IPX:
2423 b1 = gen_linktype(LLCSAP_IPX);
2424 break;
2425
2426 case Q_NETBEUI:
2427 b1 = gen_linktype(LLCSAP_NETBEUI);
2428 break;
2429
2430 default:
2431 abort();
2432 }
2433 return b1;
2434 }
2435
2436 static struct block *
2437 gen_ipfrag()
2438 {
2439 struct slist *s;
2440 struct block *b;
2441
2442 /* not ip frag */
2443 s = new_stmt(BPF_LD|BPF_H|BPF_ABS);
2444 s->s.k = off_nl + 6;
2445 b = new_block(JMP(BPF_JSET));
2446 b->s.k = 0x1fff;
2447 b->stmts = s;
2448 gen_not(b);
2449
2450 return b;
2451 }
2452
2453 static struct block *
2454 gen_portatom(off, v)
2455 int off;
2456 bpf_int32 v;
2457 {
2458 struct slist *s;
2459 struct block *b;
2460
2461 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
2462 s->s.k = off_nl;
2463
2464 s->next = new_stmt(BPF_LD|BPF_IND|BPF_H);
2465 s->next->s.k = off_nl + off;
2466
2467 b = new_block(JMP(BPF_JEQ));
2468 b->stmts = s;
2469 b->s.k = v;
2470
2471 return b;
2472 }
2473
2474 #ifdef INET6
2475 static struct block *
2476 gen_portatom6(off, v)
2477 int off;
2478 bpf_int32 v;
2479 {
2480 return gen_cmp(off_nl + 40 + off, BPF_H, v);
2481 }
2482 #endif/*INET6*/
2483
2484 struct block *
2485 gen_portop(port, proto, dir)
2486 int port, proto, dir;
2487 {
2488 struct block *b0, *b1, *tmp;
2489
2490 /* ip proto 'proto' */
2491 tmp = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)proto);
2492 b0 = gen_ipfrag();
2493 gen_and(tmp, b0);
2494
2495 switch (dir) {
2496 case Q_SRC:
2497 b1 = gen_portatom(0, (bpf_int32)port);
2498 break;
2499
2500 case Q_DST:
2501 b1 = gen_portatom(2, (bpf_int32)port);
2502 break;
2503
2504 case Q_OR:
2505 case Q_DEFAULT:
2506 tmp = gen_portatom(0, (bpf_int32)port);
2507 b1 = gen_portatom(2, (bpf_int32)port);
2508 gen_or(tmp, b1);
2509 break;
2510
2511 case Q_AND:
2512 tmp = gen_portatom(0, (bpf_int32)port);
2513 b1 = gen_portatom(2, (bpf_int32)port);
2514 gen_and(tmp, b1);
2515 break;
2516
2517 default:
2518 abort();
2519 }
2520 gen_and(b0, b1);
2521
2522 return b1;
2523 }
2524
2525 static struct block *
2526 gen_port(port, ip_proto, dir)
2527 int port;
2528 int ip_proto;
2529 int dir;
2530 {
2531 struct block *b0, *b1, *tmp;
2532
2533 /* ether proto ip */
2534 b0 = gen_linktype(ETHERTYPE_IP);
2535
2536 switch (ip_proto) {
2537 case IPPROTO_UDP:
2538 case IPPROTO_TCP:
2539 case IPPROTO_SCTP:
2540 b1 = gen_portop(port, ip_proto, dir);
2541 break;
2542
2543 case PROTO_UNDEF:
2544 tmp = gen_portop(port, IPPROTO_TCP, dir);
2545 b1 = gen_portop(port, IPPROTO_UDP, dir);
2546 gen_or(tmp, b1);
2547 tmp = gen_portop(port, IPPROTO_SCTP, dir);
2548 gen_or(tmp, b1);
2549 break;
2550
2551 default:
2552 abort();
2553 }
2554 gen_and(b0, b1);
2555 return b1;
2556 }
2557
2558 #ifdef INET6
2559 struct block *
2560 gen_portop6(port, proto, dir)
2561 int port, proto, dir;
2562 {
2563 struct block *b0, *b1, *tmp;
2564
2565 /* ip proto 'proto' */
2566 b0 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)proto);
2567
2568 switch (dir) {
2569 case Q_SRC:
2570 b1 = gen_portatom6(0, (bpf_int32)port);
2571 break;
2572
2573 case Q_DST:
2574 b1 = gen_portatom6(2, (bpf_int32)port);
2575 break;
2576
2577 case Q_OR:
2578 case Q_DEFAULT:
2579 tmp = gen_portatom6(0, (bpf_int32)port);
2580 b1 = gen_portatom6(2, (bpf_int32)port);
2581 gen_or(tmp, b1);
2582 break;
2583
2584 case Q_AND:
2585 tmp = gen_portatom6(0, (bpf_int32)port);
2586 b1 = gen_portatom6(2, (bpf_int32)port);
2587 gen_and(tmp, b1);
2588 break;
2589
2590 default:
2591 abort();
2592 }
2593 gen_and(b0, b1);
2594
2595 return b1;
2596 }
2597
2598 static struct block *
2599 gen_port6(port, ip_proto, dir)
2600 int port;
2601 int ip_proto;
2602 int dir;
2603 {
2604 struct block *b0, *b1, *tmp;
2605
2606 /* ether proto ip */
2607 b0 = gen_linktype(ETHERTYPE_IPV6);
2608
2609 switch (ip_proto) {
2610 case IPPROTO_UDP:
2611 case IPPROTO_TCP:
2612 case IPPROTO_SCTP:
2613 b1 = gen_portop6(port, ip_proto, dir);
2614 break;
2615
2616 case PROTO_UNDEF:
2617 tmp = gen_portop6(port, IPPROTO_TCP, dir);
2618 b1 = gen_portop6(port, IPPROTO_UDP, dir);
2619 gen_or(tmp, b1);
2620 tmp = gen_portop6(port, IPPROTO_SCTP, dir);
2621 gen_or(tmp, b1);
2622 break;
2623
2624 default:
2625 abort();
2626 }
2627 gen_and(b0, b1);
2628 return b1;
2629 }
2630 #endif /* INET6 */
2631
2632 static int
2633 lookup_proto(name, proto)
2634 register const char *name;
2635 register int proto;
2636 {
2637 register int v;
2638
2639 switch (proto) {
2640
2641 case Q_DEFAULT:
2642 case Q_IP:
2643 case Q_IPV6:
2644 v = pcap_nametoproto(name);
2645 if (v == PROTO_UNDEF)
2646 bpf_error("unknown ip proto '%s'", name);
2647 break;
2648
2649 case Q_LINK:
2650 /* XXX should look up h/w protocol type based on linktype */
2651 v = pcap_nametoeproto(name);
2652 if (v == PROTO_UNDEF)
2653 bpf_error("unknown ether proto '%s'", name);
2654 break;
2655
2656 case Q_ISO:
2657 if (strcmp(name, "esis") == 0)
2658 v = ISO9542_ESIS;
2659 else if (strcmp(name, "isis") == 0)
2660 v = ISO10589_ISIS;
2661 else if (strcmp(name, "clnp") == 0)
2662 v = ISO8473_CLNP;
2663 else
2664 bpf_error("unknown osi proto '%s'", name);
2665 break;
2666
2667 default:
2668 v = PROTO_UNDEF;
2669 break;
2670 }
2671 return v;
2672 }
2673
2674 #if 0
2675 struct stmt *
2676 gen_joinsp(s, n)
2677 struct stmt **s;
2678 int n;
2679 {
2680 return NULL;
2681 }
2682 #endif
2683
2684 static struct block *
2685 gen_protochain(v, proto, dir)
2686 int v;
2687 int proto;
2688 int dir;
2689 {
2690 #ifdef NO_PROTOCHAIN
2691 return gen_proto(v, proto, dir);
2692 #else
2693 struct block *b0, *b;
2694 struct slist *s[100];
2695 int fix2, fix3, fix4, fix5;
2696 int ahcheck, again, end;
2697 int i, max;
2698 int reg2 = alloc_reg();
2699
2700 memset(s, 0, sizeof(s));
2701 fix2 = fix3 = fix4 = fix5 = 0;
2702
2703 switch (proto) {
2704 case Q_IP:
2705 case Q_IPV6:
2706 break;
2707 case Q_DEFAULT:
2708 b0 = gen_protochain(v, Q_IP, dir);
2709 b = gen_protochain(v, Q_IPV6, dir);
2710 gen_or(b0, b);
2711 return b;
2712 default:
2713 bpf_error("bad protocol applied for 'protochain'");
2714 /*NOTREACHED*/
2715 }
2716
2717 no_optimize = 1; /*this code is not compatible with optimzer yet */
2718
2719 /*
2720 * s[0] is a dummy entry to protect other BPF insn from damaged
2721 * by s[fix] = foo with uninitialized variable "fix". It is somewhat
2722 * hard to find interdependency made by jump table fixup.
2723 */
2724 i = 0;
2725 s[i] = new_stmt(0); /*dummy*/
2726 i++;
2727
2728 switch (proto) {
2729 case Q_IP:
2730 b0 = gen_linktype(ETHERTYPE_IP);
2731
2732 /* A = ip->ip_p */
2733 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
2734 s[i]->s.k = off_nl + 9;
2735 i++;
2736 /* X = ip->ip_hl << 2 */
2737 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
2738 s[i]->s.k = off_nl;
2739 i++;
2740 break;
2741 #ifdef INET6
2742 case Q_IPV6:
2743 b0 = gen_linktype(ETHERTYPE_IPV6);
2744
2745 /* A = ip6->ip_nxt */
2746 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
2747 s[i]->s.k = off_nl + 6;
2748 i++;
2749 /* X = sizeof(struct ip6_hdr) */
2750 s[i] = new_stmt(BPF_LDX|BPF_IMM);
2751 s[i]->s.k = 40;
2752 i++;
2753 break;
2754 #endif
2755 default:
2756 bpf_error("unsupported proto to gen_protochain");
2757 /*NOTREACHED*/
2758 }
2759
2760 /* again: if (A == v) goto end; else fall through; */
2761 again = i;
2762 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2763 s[i]->s.k = v;
2764 s[i]->s.jt = NULL; /*later*/
2765 s[i]->s.jf = NULL; /*update in next stmt*/
2766 fix5 = i;
2767 i++;
2768
2769 #ifndef IPPROTO_NONE
2770 #define IPPROTO_NONE 59
2771 #endif
2772 /* if (A == IPPROTO_NONE) goto end */
2773 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2774 s[i]->s.jt = NULL; /*later*/
2775 s[i]->s.jf = NULL; /*update in next stmt*/
2776 s[i]->s.k = IPPROTO_NONE;
2777 s[fix5]->s.jf = s[i];
2778 fix2 = i;
2779 i++;
2780
2781 #ifdef INET6
2782 if (proto == Q_IPV6) {
2783 int v6start, v6end, v6advance, j;
2784
2785 v6start = i;
2786 /* if (A == IPPROTO_HOPOPTS) goto v6advance */
2787 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2788 s[i]->s.jt = NULL; /*later*/
2789 s[i]->s.jf = NULL; /*update in next stmt*/
2790 s[i]->s.k = IPPROTO_HOPOPTS;
2791 s[fix2]->s.jf = s[i];
2792 i++;
2793 /* if (A == IPPROTO_DSTOPTS) goto v6advance */
2794 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2795 s[i]->s.jt = NULL; /*later*/
2796 s[i]->s.jf = NULL; /*update in next stmt*/
2797 s[i]->s.k = IPPROTO_DSTOPTS;
2798 i++;
2799 /* if (A == IPPROTO_ROUTING) goto v6advance */
2800 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2801 s[i]->s.jt = NULL; /*later*/
2802 s[i]->s.jf = NULL; /*update in next stmt*/
2803 s[i]->s.k = IPPROTO_ROUTING;
2804 i++;
2805 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */
2806 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2807 s[i]->s.jt = NULL; /*later*/
2808 s[i]->s.jf = NULL; /*later*/
2809 s[i]->s.k = IPPROTO_FRAGMENT;
2810 fix3 = i;
2811 v6end = i;
2812 i++;
2813
2814 /* v6advance: */
2815 v6advance = i;
2816
2817 /*
2818 * in short,
2819 * A = P[X];
2820 * X = X + (P[X + 1] + 1) * 8;
2821 */
2822 /* A = X */
2823 s[i] = new_stmt(BPF_MISC|BPF_TXA);
2824 i++;
2825 /* A = P[X + packet head] */
2826 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2827 s[i]->s.k = off_nl;
2828 i++;
2829 /* MEM[reg2] = A */
2830 s[i] = new_stmt(BPF_ST);
2831 s[i]->s.k = reg2;
2832 i++;
2833 /* A = X */
2834 s[i] = new_stmt(BPF_MISC|BPF_TXA);
2835 i++;
2836 /* A += 1 */
2837 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2838 s[i]->s.k = 1;
2839 i++;
2840 /* X = A */
2841 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2842 i++;
2843 /* A = P[X + packet head]; */
2844 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2845 s[i]->s.k = off_nl;
2846 i++;
2847 /* A += 1 */
2848 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2849 s[i]->s.k = 1;
2850 i++;
2851 /* A *= 8 */
2852 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
2853 s[i]->s.k = 8;
2854 i++;
2855 /* X = A; */
2856 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2857 i++;
2858 /* A = MEM[reg2] */
2859 s[i] = new_stmt(BPF_LD|BPF_MEM);
2860 s[i]->s.k = reg2;
2861 i++;
2862
2863 /* goto again; (must use BPF_JA for backward jump) */
2864 s[i] = new_stmt(BPF_JMP|BPF_JA);
2865 s[i]->s.k = again - i - 1;
2866 s[i - 1]->s.jf = s[i];
2867 i++;
2868
2869 /* fixup */
2870 for (j = v6start; j <= v6end; j++)
2871 s[j]->s.jt = s[v6advance];
2872 } else
2873 #endif
2874 {
2875 /* nop */
2876 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2877 s[i]->s.k = 0;
2878 s[fix2]->s.jf = s[i];
2879 i++;
2880 }
2881
2882 /* ahcheck: */
2883 ahcheck = i;
2884 /* if (A == IPPROTO_AH) then fall through; else goto end; */
2885 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2886 s[i]->s.jt = NULL; /*later*/
2887 s[i]->s.jf = NULL; /*later*/
2888 s[i]->s.k = IPPROTO_AH;
2889 if (fix3)
2890 s[fix3]->s.jf = s[ahcheck];
2891 fix4 = i;
2892 i++;
2893
2894 /*
2895 * in short,
2896 * A = P[X];
2897 * X = X + (P[X + 1] + 2) * 4;
2898 */
2899 /* A = X */
2900 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
2901 i++;
2902 /* A = P[X + packet head]; */
2903 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2904 s[i]->s.k = off_nl;
2905 i++;
2906 /* MEM[reg2] = A */
2907 s[i] = new_stmt(BPF_ST);
2908 s[i]->s.k = reg2;
2909 i++;
2910 /* A = X */
2911 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
2912 i++;
2913 /* A += 1 */
2914 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2915 s[i]->s.k = 1;
2916 i++;
2917 /* X = A */
2918 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2919 i++;
2920 /* A = P[X + packet head] */
2921 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2922 s[i]->s.k = off_nl;
2923 i++;
2924 /* A += 2 */
2925 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2926 s[i]->s.k = 2;
2927 i++;
2928 /* A *= 4 */
2929 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
2930 s[i]->s.k = 4;
2931 i++;
2932 /* X = A; */
2933 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2934 i++;
2935 /* A = MEM[reg2] */
2936 s[i] = new_stmt(BPF_LD|BPF_MEM);
2937 s[i]->s.k = reg2;
2938 i++;
2939
2940 /* goto again; (must use BPF_JA for backward jump) */
2941 s[i] = new_stmt(BPF_JMP|BPF_JA);
2942 s[i]->s.k = again - i - 1;
2943 i++;
2944
2945 /* end: nop */
2946 end = i;
2947 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2948 s[i]->s.k = 0;
2949 s[fix2]->s.jt = s[end];
2950 s[fix4]->s.jf = s[end];
2951 s[fix5]->s.jt = s[end];
2952 i++;
2953
2954 /*
2955 * make slist chain
2956 */
2957 max = i;
2958 for (i = 0; i < max - 1; i++)
2959 s[i]->next = s[i + 1];
2960 s[max - 1]->next = NULL;
2961
2962 /*
2963 * emit final check
2964 */
2965 b = new_block(JMP(BPF_JEQ));
2966 b->stmts = s[1]; /*remember, s[0] is dummy*/
2967 b->s.k = v;
2968
2969 free_reg(reg2);
2970
2971 gen_and(b0, b);
2972 return b;
2973 #endif
2974 }
2975
2976 static struct block *
2977 gen_proto(v, proto, dir)
2978 int v;
2979 int proto;
2980 int dir;
2981 {
2982 struct block *b0, *b1;
2983
2984 if (dir != Q_DEFAULT)
2985 bpf_error("direction applied to 'proto'");
2986
2987 switch (proto) {
2988 case Q_DEFAULT:
2989 #ifdef INET6
2990 b0 = gen_proto(v, Q_IP, dir);
2991 b1 = gen_proto(v, Q_IPV6, dir);
2992 gen_or(b0, b1);
2993 return b1;
2994 #else
2995 /*FALLTHROUGH*/
2996 #endif
2997 case Q_IP:
2998 b0 = gen_linktype(ETHERTYPE_IP);
2999 #ifndef CHASE_CHAIN
3000 b1 = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)v);
3001 #else
3002 b1 = gen_protochain(v, Q_IP);
3003 #endif
3004 gen_and(b0, b1);
3005 return b1;
3006
3007 case Q_ISO:
3008 switch (linktype) {
3009
3010 case DLT_FRELAY:
3011 /*
3012 * Frame Relay packets typically have an OSI
3013 * NLPID at the beginning; "gen_linktype(LLCSAP_ISONS)"
3014 * generates code to check for all the OSI
3015 * NLPIDs, so calling it and then adding a check
3016 * for the particular NLPID for which we're
3017 * looking is bogus, as we can just check for
3018 * the NLPID.
3019 *
3020 * What we check for is the NLPID and a frame
3021 * control field value of UI, i.e. 0x03 followed
3022 * by the NLPID.
3023 *
3024 * XXX - assumes a 2-byte Frame Relay header with
3025 * DLCI and flags. What if the address is longer?
3026 *
3027 * XXX - what about SNAP-encapsulated frames?
3028 */
3029 return gen_cmp(2, BPF_H, (0x03<<8) | v);
3030 break;
3031
3032 default:
3033 b0 = gen_linktype(LLCSAP_ISONS);
3034 b1 = gen_cmp(off_nl_nosnap, BPF_B, (long)v);
3035 gen_and(b0, b1);
3036 return b1;
3037 }
3038
3039 case Q_ARP:
3040 bpf_error("arp does not encapsulate another protocol");
3041 /* NOTREACHED */
3042
3043 case Q_RARP:
3044 bpf_error("rarp does not encapsulate another protocol");
3045 /* NOTREACHED */
3046
3047 case Q_ATALK:
3048 bpf_error("atalk encapsulation is not specifiable");
3049 /* NOTREACHED */
3050
3051 case Q_DECNET:
3052 bpf_error("decnet encapsulation is not specifiable");
3053 /* NOTREACHED */
3054
3055 case Q_SCA:
3056 bpf_error("sca does not encapsulate another protocol");
3057 /* NOTREACHED */
3058
3059 case Q_LAT:
3060 bpf_error("lat does not encapsulate another protocol");
3061 /* NOTREACHED */
3062
3063 case Q_MOPRC:
3064 bpf_error("moprc does not encapsulate another protocol");
3065 /* NOTREACHED */
3066
3067 case Q_MOPDL:
3068 bpf_error("mopdl does not encapsulate another protocol");
3069 /* NOTREACHED */
3070
3071 case Q_LINK:
3072 return gen_linktype(v);
3073
3074 case Q_UDP:
3075 bpf_error("'udp proto' is bogus");
3076 /* NOTREACHED */
3077
3078 case Q_TCP:
3079 bpf_error("'tcp proto' is bogus");
3080 /* NOTREACHED */
3081
3082 case Q_SCTP:
3083 bpf_error("'sctp proto' is bogus");
3084 /* NOTREACHED */
3085
3086 case Q_ICMP:
3087 bpf_error("'icmp proto' is bogus");
3088 /* NOTREACHED */
3089
3090 case Q_IGMP:
3091 bpf_error("'igmp proto' is bogus");
3092 /* NOTREACHED */
3093
3094 case Q_IGRP:
3095 bpf_error("'igrp proto' is bogus");
3096 /* NOTREACHED */
3097
3098 case Q_PIM:
3099 bpf_error("'pim proto' is bogus");
3100 /* NOTREACHED */
3101
3102 case Q_VRRP:
3103 bpf_error("'vrrp proto' is bogus");
3104 /* NOTREACHED */
3105
3106 #ifdef INET6
3107 case Q_IPV6:
3108 b0 = gen_linktype(ETHERTYPE_IPV6);
3109 #ifndef CHASE_CHAIN
3110 b1 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)v);
3111 #else
3112 b1 = gen_protochain(v, Q_IPV6);
3113 #endif
3114 gen_and(b0, b1);
3115 return b1;
3116
3117 case Q_ICMPV6:
3118 bpf_error("'icmp6 proto' is bogus");
3119 #endif /* INET6 */
3120
3121 case Q_AH:
3122 bpf_error("'ah proto' is bogus");
3123
3124 case Q_ESP:
3125 bpf_error("'ah proto' is bogus");
3126
3127 case Q_STP:
3128 bpf_error("'stp proto' is bogus");
3129
3130 case Q_IPX:
3131 bpf_error("'ipx proto' is bogus");
3132
3133 case Q_NETBEUI:
3134 bpf_error("'netbeui proto' is bogus");
3135
3136 default:
3137 abort();
3138 /* NOTREACHED */
3139 }
3140 /* NOTREACHED */
3141 }
3142
3143 struct block *
3144 gen_scode(name, q)
3145 register const char *name;
3146 struct qual q;
3147 {
3148 int proto = q.proto;
3149 int dir = q.dir;
3150 int tproto;
3151 u_char *eaddr;
3152 bpf_u_int32 mask, addr;
3153 #ifndef INET6
3154 bpf_u_int32 **alist;
3155 #else
3156 int tproto6;
3157 struct sockaddr_in *sin;
3158 struct sockaddr_in6 *sin6;
3159 struct addrinfo *res, *res0;
3160 struct in6_addr mask128;
3161 #endif /*INET6*/
3162 struct block *b, *tmp;
3163 int port, real_proto;
3164
3165 switch (q.addr) {
3166
3167 case Q_NET:
3168 addr = pcap_nametonetaddr(name);
3169 if (addr == 0)
3170 bpf_error("unknown network '%s'", name);
3171 /* Left justify network addr and calculate its network mask */
3172 mask = 0xffffffff;
3173 while (addr && (addr & 0xff000000) == 0) {
3174 addr <<= 8;
3175 mask <<= 8;
3176 }
3177 return gen_host(addr, mask, proto, dir);
3178
3179 case Q_DEFAULT:
3180 case Q_HOST:
3181 if (proto == Q_LINK) {
3182 switch (linktype) {
3183
3184 case DLT_EN10MB:
3185 eaddr = pcap_ether_hostton(name);
3186 if (eaddr == NULL)
3187 bpf_error(
3188 "unknown ether host '%s'", name);
3189 b = gen_ehostop(eaddr, dir);
3190 free(eaddr);
3191 return b;
3192
3193 case DLT_FDDI:
3194 eaddr = pcap_ether_hostton(name);
3195 if (eaddr == NULL)
3196 bpf_error(
3197 "unknown FDDI host '%s'", name);
3198 b = gen_fhostop(eaddr, dir);
3199 free(eaddr);
3200 return b;
3201
3202 case DLT_IEEE802:
3203 eaddr = pcap_ether_hostton(name);
3204 if (eaddr == NULL)
3205 bpf_error(
3206 "unknown token ring host '%s'", name);
3207 b = gen_thostop(eaddr, dir);
3208 free(eaddr);
3209 return b;
3210
3211 default:
3212 bpf_error(
3213 "only ethernet/FDDI/token ring supports link-level host name");
3214 break;
3215 }
3216 } else if (proto == Q_DECNET) {
3217 unsigned short dn_addr = __pcap_nametodnaddr(name);
3218 /*
3219 * I don't think DECNET hosts can be multihomed, so
3220 * there is no need to build up a list of addresses
3221 */
3222 return (gen_host(dn_addr, 0, proto, dir));
3223 } else {
3224 #ifndef INET6
3225 alist = pcap_nametoaddr(name);
3226 if (alist == NULL || *alist == NULL)
3227 bpf_error("unknown host '%s'", name);
3228 tproto = proto;
3229 if (off_linktype == -1 && tproto == Q_DEFAULT)
3230 tproto = Q_IP;
3231 b = gen_host(**alist++, 0xffffffff, tproto, dir);
3232 while (*alist) {
3233 tmp = gen_host(**alist++, 0xffffffff,
3234 tproto, dir);
3235 gen_or(b, tmp);
3236 b = tmp;
3237 }
3238 return b;
3239 #else
3240 memset(&mask128, 0xff, sizeof(mask128));
3241 res0 = res = pcap_nametoaddrinfo(name);
3242 if (res == NULL)
3243 bpf_error("unknown host '%s'", name);
3244 b = tmp = NULL;
3245 tproto = tproto6 = proto;
3246 if (off_linktype == -1 && tproto == Q_DEFAULT) {
3247 tproto = Q_IP;
3248 tproto6 = Q_IPV6;
3249 }
3250 for (res = res0; res; res = res->ai_next) {
3251 switch (res->ai_family) {
3252 case AF_INET:
3253 if (tproto == Q_IPV6)
3254 continue;
3255
3256 sin = (struct sockaddr_in *)
3257 res->ai_addr;
3258 tmp = gen_host(ntohl(sin->sin_addr.s_addr),
3259 0xffffffff, tproto, dir);
3260 break;
3261 case AF_INET6:
3262 if (tproto6 == Q_IP)
3263 continue;
3264
3265 sin6 = (struct sockaddr_in6 *)
3266 res->ai_addr;
3267 tmp = gen_host6(&sin6->sin6_addr,
3268 &mask128, tproto6, dir);
3269 break;
3270 default:
3271 continue;
3272 }
3273 if (b)
3274 gen_or(b, tmp);
3275 b = tmp;
3276 }
3277 freeaddrinfo(res0);
3278 if (b == NULL) {
3279 bpf_error("unknown host '%s'%s", name,
3280 (proto == Q_DEFAULT)
3281 ? ""
3282 : " for specified address family");
3283 }
3284 return b;
3285 #endif /*INET6*/
3286 }
3287
3288 case Q_PORT:
3289 if (proto != Q_DEFAULT &&
3290 proto != Q_UDP && proto != Q_TCP && proto != Q_SCTP)
3291 bpf_error("illegal qualifier of 'port'");
3292 if (pcap_nametoport(name, &port, &real_proto) == 0)
3293 bpf_error("unknown port '%s'", name);
3294 if (proto == Q_UDP) {
3295 if (real_proto == IPPROTO_TCP)
3296 bpf_error("port '%s' is tcp", name);
3297 else if (real_proto == IPPROTO_SCTP)
3298 bpf_error("port '%s' is sctp", name);
3299 else
3300 /* override PROTO_UNDEF */
3301 real_proto = IPPROTO_UDP;
3302 }
3303 if (proto == Q_TCP) {
3304 if (real_proto == IPPROTO_UDP)
3305 bpf_error("port '%s' is udp", name);
3306
3307 else if (real_proto == IPPROTO_SCTP)
3308 bpf_error("port '%s' is sctp", name);
3309 else
3310 /* override PROTO_UNDEF */
3311 real_proto = IPPROTO_TCP;
3312 }
3313 if (proto == Q_SCTP) {
3314 if (real_proto == IPPROTO_UDP)
3315 bpf_error("port '%s' is udp", name);
3316
3317 else if (real_proto == IPPROTO_TCP)
3318 bpf_error("port '%s' is tcp", name);
3319 else
3320 /* override PROTO_UNDEF */
3321 real_proto = IPPROTO_SCTP;
3322 }
3323 #ifndef INET6
3324 return gen_port(port, real_proto, dir);
3325 #else
3326 {
3327 struct block *b;
3328 b = gen_port(port, real_proto, dir);
3329 gen_or(gen_port6(port, real_proto, dir), b);
3330 return b;
3331 }
3332 #endif /* INET6 */
3333
3334 case Q_GATEWAY:
3335 #ifndef INET6
3336 eaddr = pcap_ether_hostton(name);
3337 if (eaddr == NULL)
3338 bpf_error("unknown ether host: %s", name);
3339
3340 alist = pcap_nametoaddr(name);
3341 if (alist == NULL || *alist == NULL)
3342 bpf_error("unknown host '%s'", name);
3343 b = gen_gateway(eaddr, alist, proto, dir);
3344 free(eaddr);
3345 return b;
3346 #else
3347 bpf_error("'gateway' not supported in this configuration");
3348 #endif /*INET6*/
3349
3350 case Q_PROTO:
3351 real_proto = lookup_proto(name, proto);
3352 if (real_proto >= 0)
3353 return gen_proto(real_proto, proto, dir);
3354 else
3355 bpf_error("unknown protocol: %s", name);
3356
3357 case Q_PROTOCHAIN:
3358 real_proto = lookup_proto(name, proto);
3359 if (real_proto >= 0)
3360 return gen_protochain(real_proto, proto, dir);
3361 else
3362 bpf_error("unknown protocol: %s", name);
3363
3364
3365 case Q_UNDEF:
3366 syntax();
3367 /* NOTREACHED */
3368 }
3369 abort();
3370 /* NOTREACHED */
3371 }
3372
3373 struct block *
3374 gen_mcode(s1, s2, masklen, q)
3375 register const char *s1, *s2;
3376 register int masklen;
3377 struct qual q;
3378 {
3379 register int nlen, mlen;
3380 bpf_u_int32 n, m;
3381
3382 nlen = __pcap_atoin(s1, &n);
3383 /* Promote short ipaddr */
3384 n <<= 32 - nlen;
3385
3386 if (s2 != NULL) {
3387 mlen = __pcap_atoin(s2, &m);
3388 /* Promote short ipaddr */
3389 m <<= 32 - mlen;
3390 if ((n & ~m) != 0)
3391 bpf_error("non-network bits set in \"%s mask %s\"",
3392 s1, s2);
3393 } else {
3394 /* Convert mask len to mask */
3395 if (masklen > 32)
3396 bpf_error("mask length must be <= 32");
3397 m = 0xffffffff << (32 - masklen);
3398 if ((n & ~m) != 0)
3399 bpf_error("non-network bits set in \"%s/%d\"",
3400 s1, masklen);
3401 }
3402
3403 switch (q.addr) {
3404
3405 case Q_NET:
3406 return gen_host(n, m, q.proto, q.dir);
3407
3408 default:
3409 bpf_error("Mask syntax for networks only");
3410 /* NOTREACHED */
3411 }
3412 }
3413
3414 struct block *
3415 gen_ncode(s, v, q)
3416 register const char *s;
3417 bpf_u_int32 v;
3418 struct qual q;
3419 {
3420 bpf_u_int32 mask;
3421 int proto = q.proto;
3422 int dir = q.dir;
3423 register int vlen;
3424
3425 if (s == NULL)
3426 vlen = 32;
3427 else if (q.proto == Q_DECNET)
3428 vlen = __pcap_atodn(s, &v);
3429 else
3430 vlen = __pcap_atoin(s, &v);
3431
3432 switch (q.addr) {
3433
3434 case Q_DEFAULT:
3435 case Q_HOST:
3436 case Q_NET:
3437 if (proto == Q_DECNET)
3438 return gen_host(v, 0, proto, dir);
3439 else if (proto == Q_LINK) {
3440 bpf_error("illegal link layer address");
3441 } else {
3442 mask = 0xffffffff;
3443 if (s == NULL && q.addr == Q_NET) {
3444 /* Promote short net number */
3445 while (v && (v & 0xff000000) == 0) {
3446 v <<= 8;
3447 mask <<= 8;
3448 }
3449 } else {
3450 /* Promote short ipaddr */
3451 v <<= 32 - vlen;
3452 mask <<= 32 - vlen;
3453 }
3454 return gen_host(v, mask, proto, dir);
3455 }
3456
3457 case Q_PORT:
3458 if (proto == Q_UDP)
3459 proto = IPPROTO_UDP;
3460 else if (proto == Q_TCP)
3461 proto = IPPROTO_TCP;
3462 else if (proto == Q_SCTP)
3463 proto = IPPROTO_SCTP;
3464 else if (proto == Q_DEFAULT)
3465 proto = PROTO_UNDEF;
3466 else
3467 bpf_error("illegal qualifier of 'port'");
3468
3469 #ifndef INET6
3470 return gen_port((int)v, proto, dir);
3471 #else
3472 {
3473 struct block *b;
3474 b = gen_port((int)v, proto, dir);
3475 gen_or(gen_port6((int)v, proto, dir), b);
3476 return b;
3477 }
3478 #endif /* INET6 */
3479
3480 case Q_GATEWAY:
3481 bpf_error("'gateway' requires a name");
3482 /* NOTREACHED */
3483
3484 case Q_PROTO:
3485 return gen_proto((int)v, proto, dir);
3486
3487 case Q_PROTOCHAIN:
3488 return gen_protochain((int)v, proto, dir);
3489
3490 case Q_UNDEF:
3491 syntax();
3492 /* NOTREACHED */
3493
3494 default:
3495 abort();
3496 /* NOTREACHED */
3497 }
3498 /* NOTREACHED */
3499 }
3500
3501 #ifdef INET6
3502 struct block *
3503 gen_mcode6(s1, s2, masklen, q)
3504 register const char *s1, *s2;
3505 register int masklen;
3506 struct qual q;
3507 {
3508 struct addrinfo *res;
3509 struct in6_addr *addr;
3510 struct in6_addr mask;
3511 struct block *b;
3512 u_int32_t *a, *m;
3513
3514 if (s2)
3515 bpf_error("no mask %s supported", s2);
3516
3517 res = pcap_nametoaddrinfo(s1);
3518 if (!res)
3519 bpf_error("invalid ip6 address %s", s1);
3520 if (res->ai_next)
3521 bpf_error("%s resolved to multiple address", s1);
3522 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr;
3523
3524 if (sizeof(mask) * 8 < masklen)
3525 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8));
3526 memset(&mask, 0, sizeof(mask));
3527 memset(&mask, 0xff, masklen / 8);
3528 if (masklen % 8) {
3529 mask.s6_addr[masklen / 8] =
3530 (0xff << (8 - masklen % 8)) & 0xff;
3531 }
3532
3533 a = (u_int32_t *)addr;
3534 m = (u_int32_t *)&mask;
3535 if ((a[0] & ~m[0]) || (a[1] & ~m[1])
3536 || (a[2] & ~m[2]) || (a[3] & ~m[3])) {
3537 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen);
3538 }
3539
3540 switch (q.addr) {
3541
3542 case Q_DEFAULT:
3543 case Q_HOST:
3544 if (masklen != 128)
3545 bpf_error("Mask syntax for networks only");
3546 /* FALLTHROUGH */
3547
3548 case Q_NET:
3549 b = gen_host6(addr, &mask, q.proto, q.dir);
3550 freeaddrinfo(res);
3551 return b;
3552
3553 default:
3554 bpf_error("invalid qualifier against IPv6 address");
3555 /* NOTREACHED */
3556 }
3557 }
3558 #endif /*INET6*/
3559
3560 struct block *
3561 gen_ecode(eaddr, q)
3562 register const u_char *eaddr;
3563 struct qual q;
3564 {
3565 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
3566 if (linktype == DLT_EN10MB)
3567 return gen_ehostop(eaddr, (int)q.dir);
3568 if (linktype == DLT_FDDI)
3569 return gen_fhostop(eaddr, (int)q.dir);
3570 if (linktype == DLT_IEEE802)
3571 return gen_thostop(eaddr, (int)q.dir);
3572 bpf_error("ethernet addresses supported only on ethernet, FDDI or token ring");
3573 }
3574 bpf_error("ethernet address used in non-ether expression");
3575 /* NOTREACHED */
3576 }
3577
3578 void
3579 sappend(s0, s1)
3580 struct slist *s0, *s1;
3581 {
3582 /*
3583 * This is definitely not the best way to do this, but the
3584 * lists will rarely get long.
3585 */
3586 while (s0->next)
3587 s0 = s0->next;
3588 s0->next = s1;
3589 }
3590
3591 static struct slist *
3592 xfer_to_x(a)
3593 struct arth *a;
3594 {
3595 struct slist *s;
3596
3597 s = new_stmt(BPF_LDX|BPF_MEM);
3598 s->s.k = a->regno;
3599 return s;
3600 }
3601
3602 static struct slist *
3603 xfer_to_a(a)
3604 struct arth *a;
3605 {
3606 struct slist *s;
3607
3608 s = new_stmt(BPF_LD|BPF_MEM);
3609 s->s.k = a->regno;
3610 return s;
3611 }
3612
3613 struct arth *
3614 gen_load(proto, index, size)
3615 int proto;
3616 struct arth *index;
3617 int size;
3618 {
3619 struct slist *s, *tmp;
3620 struct block *b;
3621 int regno = alloc_reg();
3622
3623 free_reg(index->regno);
3624 switch (size) {
3625
3626 default:
3627 bpf_error("data size must be 1, 2, or 4");
3628
3629 case 1:
3630 size = BPF_B;
3631 break;
3632
3633 case 2:
3634 size = BPF_H;
3635 break;
3636
3637 case 4:
3638 size = BPF_W;
3639 break;
3640 }
3641 switch (proto) {
3642 default:
3643 bpf_error("unsupported index operation");
3644
3645 case Q_LINK:
3646 s = xfer_to_x(index);
3647 tmp = new_stmt(BPF_LD|BPF_IND|size);
3648 sappend(s, tmp);
3649 sappend(index->s, s);
3650 break;
3651
3652 case Q_IP:
3653 case Q_ARP:
3654 case Q_RARP:
3655 case Q_ATALK:
3656 case Q_DECNET:
3657 case Q_SCA:
3658 case Q_LAT:
3659 case Q_MOPRC:
3660 case Q_MOPDL:
3661 #ifdef INET6
3662 case Q_IPV6:
3663 #endif
3664 /* XXX Note that we assume a fixed link header here. */
3665 s = xfer_to_x(index);
3666 tmp = new_stmt(BPF_LD|BPF_IND|size);
3667 tmp->s.k = off_nl;
3668 sappend(s, tmp);
3669 sappend(index->s, s);
3670
3671 b = gen_proto_abbrev(proto);
3672 if (index->b)
3673 gen_and(index->b, b);
3674 index->b = b;
3675 break;
3676
3677 case Q_SCTP:
3678 case Q_TCP:
3679 case Q_UDP:
3680 case Q_ICMP:
3681 case Q_IGMP:
3682 case Q_IGRP:
3683 case Q_PIM:
3684 case Q_VRRP:
3685 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
3686 s->s.k = off_nl;
3687 sappend(s, xfer_to_a(index));
3688 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X));
3689 sappend(s, new_stmt(BPF_MISC|BPF_TAX));
3690 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size));
3691 tmp->s.k = off_nl;
3692 sappend(index->s, s);
3693
3694 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag());
3695 if (index->b)
3696 gen_and(index->b, b);
3697 #ifdef INET6
3698 gen_and(gen_proto_abbrev(Q_IP), b);
3699 #endif
3700 index->b = b;
3701 break;
3702 #ifdef INET6
3703 case Q_ICMPV6:
3704 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]");
3705 /*NOTREACHED*/
3706 #endif
3707 }
3708 index->regno = regno;
3709 s = new_stmt(BPF_ST);
3710 s->s.k = regno;
3711 sappend(index->s, s);
3712
3713 return index;
3714 }
3715
3716 struct block *
3717 gen_relation(code, a0, a1, reversed)
3718 int code;
3719 struct arth *a0, *a1;
3720 int reversed;
3721 {
3722 struct slist *s0, *s1, *s2;
3723 struct block *b, *tmp;
3724
3725 s0 = xfer_to_x(a1);
3726 s1 = xfer_to_a(a0);
3727 if (code == BPF_JEQ) {
3728 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X);
3729 b = new_block(JMP(code));
3730 sappend(s1, s2);
3731 }
3732 else
3733 b = new_block(BPF_JMP|code|BPF_X);
3734 if (reversed)
3735 gen_not(b);
3736
3737 sappend(s0, s1);
3738 sappend(a1->s, s0);
3739 sappend(a0->s, a1->s);
3740
3741 b->stmts = a0->s;
3742
3743 free_reg(a0->regno);
3744 free_reg(a1->regno);
3745
3746 /* 'and' together protocol checks */
3747 if (a0->b) {
3748 if (a1->b) {
3749 gen_and(a0->b, tmp = a1->b);
3750 }
3751 else
3752 tmp = a0->b;
3753 } else
3754 tmp = a1->b;
3755
3756 if (tmp)
3757 gen_and(tmp, b);
3758
3759 return b;
3760 }
3761
3762 struct arth *
3763 gen_loadlen()
3764 {
3765 int regno = alloc_reg();
3766 struct arth *a = (struct arth *)newchunk(sizeof(*a));
3767 struct slist *s;
3768
3769 s = new_stmt(BPF_LD|BPF_LEN);
3770 s->next = new_stmt(BPF_ST);
3771 s->next->s.k = regno;
3772 a->s = s;
3773 a->regno = regno;
3774
3775 return a;
3776 }
3777
3778 struct arth *
3779 gen_loadi(val)
3780 int val;
3781 {
3782 struct arth *a;
3783 struct slist *s;
3784 int reg;
3785
3786 a = (struct arth *)newchunk(sizeof(*a));
3787
3788 reg = alloc_reg();
3789
3790 s = new_stmt(BPF_LD|BPF_IMM);
3791 s->s.k = val;
3792 s->next = new_stmt(BPF_ST);
3793 s->next->s.k = reg;
3794 a->s = s;
3795 a->regno = reg;
3796
3797 return a;
3798 }
3799
3800 struct arth *
3801 gen_neg(a)
3802 struct arth *a;
3803 {
3804 struct slist *s;
3805
3806 s = xfer_to_a(a);
3807 sappend(a->s, s);
3808 s = new_stmt(BPF_ALU|BPF_NEG);
3809 s->s.k = 0;
3810 sappend(a->s, s);
3811 s = new_stmt(BPF_ST);
3812 s->s.k = a->regno;
3813 sappend(a->s, s);
3814
3815 return a;
3816 }
3817
3818 struct arth *
3819 gen_arth(code, a0, a1)
3820 int code;
3821 struct arth *a0, *a1;
3822 {
3823 struct slist *s0, *s1, *s2;
3824
3825 s0 = xfer_to_x(a1);
3826 s1 = xfer_to_a(a0);
3827 s2 = new_stmt(BPF_ALU|BPF_X|code);
3828
3829 sappend(s1, s2);
3830 sappend(s0, s1);
3831 sappend(a1->s, s0);
3832 sappend(a0->s, a1->s);
3833
3834 free_reg(a0->regno);
3835 free_reg(a1->regno);
3836
3837 s0 = new_stmt(BPF_ST);
3838 a0->regno = s0->s.k = alloc_reg();
3839 sappend(a0->s, s0);
3840
3841 return a0;
3842 }
3843
3844 /*
3845 * Here we handle simple allocation of the scratch registers.
3846 * If too many registers are alloc'd, the allocator punts.
3847 */
3848 static int regused[BPF_MEMWORDS];
3849 static int curreg;
3850
3851 /*
3852 * Return the next free register.
3853 */
3854 static int
3855 alloc_reg()
3856 {
3857 int n = BPF_MEMWORDS;
3858
3859 while (--n >= 0) {
3860 if (regused[curreg])
3861 curreg = (curreg + 1) % BPF_MEMWORDS;
3862 else {
3863 regused[curreg] = 1;
3864 return curreg;
3865 }
3866 }
3867 bpf_error("too many registers needed to evaluate expression");
3868 /* NOTREACHED */
3869 }
3870
3871 /*
3872 * Return a register to the table so it can
3873 * be used later.
3874 */
3875 static void
3876 free_reg(n)
3877 int n;
3878 {
3879 regused[n] = 0;
3880 }
3881
3882 static struct block *
3883 gen_len(jmp, n)
3884 int jmp, n;
3885 {
3886 struct slist *s;
3887 struct block *b;
3888
3889 s = new_stmt(BPF_LD|BPF_LEN);
3890 b = new_block(JMP(jmp));
3891 b->stmts = s;
3892 b->s.k = n;
3893
3894 return b;
3895 }
3896
3897 struct block *
3898 gen_greater(n)
3899 int n;
3900 {
3901 return gen_len(BPF_JGE, n);
3902 }
3903
3904 /*
3905 * Actually, this is less than or equal.
3906 */
3907 struct block *
3908 gen_less(n)
3909 int n;
3910 {
3911 struct block *b;
3912
3913 b = gen_len(BPF_JGT, n);
3914 gen_not(b);
3915
3916 return b;
3917 }
3918
3919 struct block *
3920 gen_byteop(op, idx, val)
3921 int op, idx, val;
3922 {
3923 struct block *b;
3924 struct slist *s;
3925
3926 switch (op) {
3927 default:
3928 abort();
3929
3930 case '=':
3931 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
3932
3933 case '<':
3934 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
3935 b->s.code = JMP(BPF_JGE);
3936 gen_not(b);
3937 return b;
3938
3939 case '>':
3940 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
3941 b->s.code = JMP(BPF_JGT);
3942 return b;
3943
3944 case '|':
3945 s = new_stmt(BPF_ALU|BPF_OR|BPF_K);
3946 break;
3947
3948 case '&':
3949 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
3950 break;
3951 }
3952 s->s.k = val;
3953 b = new_block(JMP(BPF_JEQ));
3954 b->stmts = s;
3955 gen_not(b);
3956
3957 return b;
3958 }
3959
3960 static u_char abroadcast[] = { 0x0 };
3961
3962 struct block *
3963 gen_broadcast(proto)
3964 int proto;
3965 {
3966 bpf_u_int32 hostmask;
3967 struct block *b0, *b1, *b2;
3968 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
3969
3970 switch (proto) {
3971
3972 case Q_DEFAULT:
3973 case Q_LINK:
3974 if (linktype == DLT_ARCNET)
3975 return gen_ahostop(abroadcast, Q_DST);
3976 if (linktype == DLT_EN10MB)
3977 return gen_ehostop(ebroadcast, Q_DST);
3978 if (linktype == DLT_FDDI)
3979 return gen_fhostop(ebroadcast, Q_DST);
3980 if (linktype == DLT_IEEE802)
3981 return gen_thostop(ebroadcast, Q_DST);
3982 bpf_error("not a broadcast link");
3983 break;
3984
3985 case Q_IP:
3986 b0 = gen_linktype(ETHERTYPE_IP);
3987 hostmask = ~netmask;
3988 b1 = gen_mcmp(off_nl + 16, BPF_W, (bpf_int32)0, hostmask);
3989 b2 = gen_mcmp(off_nl + 16, BPF_W,
3990 (bpf_int32)(~0 & hostmask), hostmask);
3991 gen_or(b1, b2);
3992 gen_and(b0, b2);
3993 return b2;
3994 }
3995 bpf_error("only ether/ip broadcast filters supported");
3996 }
3997
3998 struct block *
3999 gen_multicast(proto)
4000 int proto;
4001 {
4002 register struct block *b0, *b1;
4003 register struct slist *s;
4004
4005 switch (proto) {
4006
4007 case Q_DEFAULT:
4008 case Q_LINK:
4009 if (linktype == DLT_ARCNET)
4010 /* all ARCnet multicasts use the same address */
4011 return gen_ahostop(abroadcast, Q_DST);
4012
4013 if (linktype == DLT_EN10MB) {
4014 /* ether[0] & 1 != 0 */
4015 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4016 s->s.k = 0;
4017 b0 = new_block(JMP(BPF_JSET));
4018 b0->s.k = 1;
4019 b0->stmts = s;
4020 return b0;
4021 }
4022
4023 if (linktype == DLT_FDDI) {
4024 /* XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX */
4025 /* fddi[1] & 1 != 0 */
4026 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4027 s->s.k = 1;
4028 b0 = new_block(JMP(BPF_JSET));
4029 b0->s.k = 1;
4030 b0->stmts = s;
4031 return b0;
4032 }
4033
4034 /* TODO - check how token ring handles multicast */
4035 /* if (linktype == DLT_IEEE802) ... */
4036
4037 /* Link not known to support multicasts */
4038 break;
4039
4040 case Q_IP:
4041 b0 = gen_linktype(ETHERTYPE_IP);
4042 b1 = gen_cmp(off_nl + 16, BPF_B, (bpf_int32)224);
4043 b1->s.code = JMP(BPF_JGE);
4044 gen_and(b0, b1);
4045 return b1;
4046
4047 #ifdef INET6
4048 case Q_IPV6:
4049 b0 = gen_linktype(ETHERTYPE_IPV6);
4050 b1 = gen_cmp(off_nl + 24, BPF_B, (bpf_int32)255);
4051 gen_and(b0, b1);
4052 return b1;
4053 #endif /* INET6 */
4054 }
4055 bpf_error("only IP multicast filters supported on ethernet/FDDI");
4056 }
4057
4058 /*
4059 * generate command for inbound/outbound. It's here so we can
4060 * make it link-type specific. 'dir' = 0 implies "inbound",
4061 * = 1 implies "outbound".
4062 */
4063 struct block *
4064 gen_inbound(dir)
4065 int dir;
4066 {
4067 register struct block *b0;
4068
4069 /*
4070 * Only some data link types support inbound/outbound qualifiers.
4071 */
4072 switch (linktype) {
4073 case DLT_SLIP:
4074 case DLT_PPP:
4075 b0 = gen_relation(BPF_JEQ,
4076 gen_load(Q_LINK, gen_loadi(0), 1),
4077 gen_loadi(0),
4078 dir);
4079 break;
4080
4081 default:
4082 bpf_error("inbound/outbound not supported on linktype %d\n",
4083 linktype);
4084 b0 = NULL;
4085 /* NOTREACHED */
4086 }
4087 return (b0);
4088 }
4089
4090 struct block *
4091 gen_acode(eaddr, q)
4092 register const u_char *eaddr;
4093 struct qual q;
4094 {
4095 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
4096 if (linktype == DLT_ARCNET)
4097 return gen_ahostop(eaddr, (int)q.dir);
4098 }
4099 bpf_error("ARCnet address used in non-arc expression");
4100 /* NOTREACHED */
4101 }
4102
4103 static struct block *
4104 gen_ahostop(eaddr, dir)
4105 register const u_char *eaddr;
4106 register int dir;
4107 {
4108 register struct block *b0, *b1;
4109
4110 switch (dir) {
4111 /* src comes first, different from Ethernet */
4112 case Q_SRC:
4113 return gen_bcmp(0, 1, eaddr);
4114
4115 case Q_DST:
4116 return gen_bcmp(1, 1, eaddr);
4117
4118 case Q_AND:
4119 b0 = gen_ahostop(eaddr, Q_SRC);
4120 b1 = gen_ahostop(eaddr, Q_DST);
4121 gen_and(b0, b1);
4122 return b1;
4123
4124 case Q_DEFAULT:
4125 case Q_OR:
4126 b0 = gen_ahostop(eaddr, Q_SRC);
4127 b1 = gen_ahostop(eaddr, Q_DST);
4128 gen_or(b0, b1);
4129 return b1;
4130 }
4131 abort();
4132 /* NOTREACHED */
4133 }
4134
4135 /*
4136 * support IEEE 802.1Q VLAN trunk over ethernet
4137 */
4138 struct block *
4139 gen_vlan(vlan_num)
4140 int vlan_num;
4141 {
4142 struct block *b0;
4143
4144 /*
4145 * Change the offsets to point to the type and data fields within
4146 * the VLAN packet. This is somewhat of a kludge.
4147 */
4148 if (orig_nl == (u_int)-1) {
4149 orig_linktype = off_linktype; /* save original values */
4150 orig_nl = off_nl;
4151 orig_nl_nosnap = off_nl_nosnap;
4152
4153 switch (linktype) {
4154
4155 case DLT_EN10MB:
4156 off_linktype = 16;
4157 off_nl_nosnap = 18;
4158 off_nl = 18;
4159 break;
4160
4161 default:
4162 bpf_error("no VLAN support for data link type %d",
4163 linktype);
4164 /*NOTREACHED*/
4165 }
4166 }
4167
4168 /* check for VLAN */
4169 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q);
4170
4171 /* If a specific VLAN is requested, check VLAN id */
4172 if (vlan_num >= 0) {
4173 struct block *b1;
4174
4175 b1 = gen_cmp(orig_nl, BPF_H, (bpf_int32)vlan_num);
4176 gen_and(b0, b1);
4177 b0 = b1;
4178 }
4179
4180 return (b0);
4181 }
4182
4183 struct block *
4184 gen_atmfield_code(atmfield, jvalue, jtype, reverse)
4185 int atmfield;
4186 bpf_u_int32 jvalue;
4187 bpf_u_int32 jtype;
4188 int reverse;
4189 {
4190 struct block *b0;
4191
4192 switch (atmfield) {
4193
4194 case A_VPI:
4195 if (!is_atm)
4196 bpf_error("'vpi' supported only on raw ATM");
4197 if (off_vpi == -1)
4198 abort();
4199 b0 = gen_ncmp(BPF_B, off_vpi, 0xffffffff, (u_int)jtype,
4200 (u_int)jvalue, reverse);
4201 break;
4202
4203 case A_VCI:
4204 if (!is_atm)
4205 bpf_error("'vci' supported only on raw ATM");
4206 if (off_vci == -1)
4207 abort();
4208 b0 = gen_ncmp(BPF_H, off_vci, 0xffffffff, (u_int)jtype,
4209 (u_int)jvalue, reverse);
4210 break;
4211
4212 case A_PROTOTYPE:
4213 if (off_proto == -1)
4214 abort(); /* XXX - this isn't on FreeBSD */
4215 b0 = gen_ncmp(BPF_B, off_proto, 0x0f, (u_int)jtype,
4216 (u_int)jvalue, reverse);
4217 break;
4218
4219 case A_MSGTYPE:
4220 if (off_msg_type == -1)
4221 abort();
4222 b0 = gen_ncmp(BPF_B, off_msg_type, 0xffffffff,
4223 (u_int)jtype, (u_int)jvalue, reverse);
4224 break;
4225
4226 case A_CALLREFTYPE:
4227 if (!is_atm)
4228 bpf_error("'callref' supported only on raw ATM");
4229 if (off_proto == -1)
4230 abort();
4231 b0 = gen_ncmp(BPF_B, off_proto, 0xffffffff, (u_int)jtype,
4232 (u_int)jvalue, reverse);
4233 break;
4234
4235 default:
4236 abort();
4237 }
4238 return b0;
4239 }
4240
4241 struct block *
4242 gen_atmtype_abbrev(type)
4243 int type;
4244 {
4245 struct block *b0, *b1;
4246
4247 switch (type) {
4248
4249 case A_METAC:
4250 /* Get all packets in Meta signalling Circuit */
4251 if (!is_atm)
4252 bpf_error("'metac' supported only on raw ATM");
4253 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
4254 b1 = gen_atmfield_code(A_VCI, 1, BPF_JEQ, 0);
4255 gen_and(b0, b1);
4256 break;
4257
4258 case A_BCC:
4259 /* Get all packets in Broadcast Circuit*/
4260 if (!is_atm)
4261 bpf_error("'bcc' supported only on raw ATM");
4262 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
4263 b1 = gen_atmfield_code(A_VCI, 2, BPF_JEQ, 0);
4264 gen_and(b0, b1);
4265 break;
4266
4267 case A_OAMF4SC:
4268 /* Get all cells in Segment OAM F4 circuit*/
4269 if (!is_atm)
4270 bpf_error("'oam4sc' supported only on raw ATM");
4271 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
4272 b1 = gen_atmfield_code(A_VCI, 3, BPF_JEQ, 0);
4273 gen_and(b0, b1);
4274 break;
4275
4276 case A_OAMF4EC:
4277 /* Get all cells in End-to-End OAM F4 Circuit*/
4278 if (!is_atm)
4279 bpf_error("'oam4ec' supported only on raw ATM");
4280 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
4281 b1 = gen_atmfield_code(A_VCI, 4, BPF_JEQ, 0);
4282 gen_and(b0, b1);
4283 break;
4284
4285 case A_SC:
4286 /* Get all packets in connection Signalling Circuit */
4287 if (!is_atm)
4288 bpf_error("'sc' supported only on raw ATM");
4289 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
4290 b1 = gen_atmfield_code(A_VCI, 5, BPF_JEQ, 0);
4291 gen_and(b0, b1);
4292 break;
4293
4294 case A_ILMIC:
4295 /* Get all packets in ILMI Circuit */
4296 if (!is_atm)
4297 bpf_error("'ilmic' supported only on raw ATM");
4298 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
4299 b1 = gen_atmfield_code(A_VCI, 16, BPF_JEQ, 0);
4300 gen_and(b0, b1);
4301 break;
4302
4303 case A_LANE:
4304 /* Get all LANE packets */
4305 if (!is_atm)
4306 bpf_error("'lane' supported only on raw ATM");
4307 b1 = gen_atmfield_code(A_PROTOTYPE, PT_LANE, BPF_JEQ, 0);
4308 break;
4309
4310 case A_LLC:
4311 /* Get all LLC-encapsulated packets */
4312 if (!is_atm)
4313 bpf_error("'llc' supported only on raw ATM");
4314 b1 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0);
4315 break;
4316
4317 default:
4318 abort();
4319 }
4320 return b1;
4321 }
4322
4323
4324 static struct block *
4325 gen_msg_abbrev(type)
4326 int type;
4327 {
4328 struct block *b1;
4329
4330 /*
4331 * Q.2931 signalling protocol messages for handling virtual circuits
4332 * establishment and teardown
4333 */
4334 switch (type) {
4335
4336 case A_SETUP:
4337 b1 = gen_atmfield_code(A_MSGTYPE, SETUP, BPF_JEQ, 0);
4338 break;
4339
4340 case A_CALLPROCEED:
4341 b1 = gen_atmfield_code(A_MSGTYPE, CALL_PROCEED, BPF_JEQ, 0);
4342 break;
4343
4344 case A_CONNECT:
4345 b1 = gen_atmfield_code(A_MSGTYPE, CONNECT, BPF_JEQ, 0);
4346 break;
4347
4348 case A_CONNECTACK:
4349 b1 = gen_atmfield_code(A_MSGTYPE, CONNECT_ACK, BPF_JEQ, 0);
4350 break;
4351
4352 case A_RELEASE:
4353 b1 = gen_atmfield_code(A_MSGTYPE, RELEASE, BPF_JEQ, 0);
4354 break;
4355
4356 case A_RELEASE_DONE:
4357 b1 = gen_atmfield_code(A_MSGTYPE, RELEASE_DONE, BPF_JEQ, 0);
4358 break;
4359
4360 default:
4361 abort();
4362 }
4363 return b1;
4364 }
4365
4366 struct block *
4367 gen_atmmulti_abbrev(type)
4368 int type;
4369 {
4370 struct block *b0, *b1;
4371
4372 switch (type) {
4373
4374 case A_OAM:
4375 if (!is_atm)
4376 bpf_error("'oam' supported only on raw ATM");
4377 b1 = gen_atmmulti_abbrev(A_OAMF4);
4378 break;
4379
4380 case A_OAMF4:
4381 if (!is_atm)
4382 bpf_error("'oamf4' supported only on raw ATM");
4383 /* OAM F4 type */
4384 b0 = gen_atmfield_code(A_VCI, 3, BPF_JEQ, 0);
4385 b1 = gen_atmfield_code(A_VCI, 4, BPF_JEQ, 0);
4386 gen_or(b0, b1);
4387 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
4388 gen_and(b0, b1);
4389 break;
4390
4391 case A_CONNECTMSG:
4392 /*
4393 * Get Q.2931 signalling messages for switched
4394 * virtual connection
4395 */
4396 if (!is_atm)
4397 bpf_error("'connectmsg' supported only on raw ATM");
4398 b0 = gen_msg_abbrev(A_SETUP);
4399 b1 = gen_msg_abbrev(A_CALLPROCEED);
4400 gen_or(b0, b1);
4401 b0 = gen_msg_abbrev(A_CONNECT);
4402 gen_or(b0, b1);
4403 b0 = gen_msg_abbrev(A_CONNECTACK);
4404 gen_or(b0, b1);
4405 b0 = gen_msg_abbrev(A_RELEASE);
4406 gen_or(b0, b1);
4407 b0 = gen_msg_abbrev(A_RELEASE_DONE);
4408 gen_or(b0, b1);
4409 b0 = gen_atmtype_abbrev(A_SC);
4410 gen_and(b0, b1);
4411 break;
4412
4413 case A_METACONNECT:
4414 if (!is_atm)
4415 bpf_error("'metaconnect' supported only on raw ATM");
4416 b0 = gen_msg_abbrev(A_SETUP);
4417 b1 = gen_msg_abbrev(A_CALLPROCEED);
4418 gen_or(b0, b1);
4419 b0 = gen_msg_abbrev(A_CONNECT);
4420 gen_or(b0, b1);
4421 b0 = gen_msg_abbrev(A_RELEASE);
4422 gen_or(b0, b1);
4423 b0 = gen_msg_abbrev(A_RELEASE_DONE);
4424 gen_or(b0, b1);
4425 b0 = gen_atmtype_abbrev(A_METAC);
4426 gen_and(b0, b1);
4427 break;
4428
4429 default:
4430 abort();
4431 }
4432 return b1;
4433 }
[mirror] the LIBpcap interface to various kernel packet capture mechanism