]> The Tcpdump Group git mirrors - libpcap/blob - gencode.c
projects / libpcap / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
There's no need to include <sys/socket.h> twice.
[libpcap] / gencode.c
1 /*#define CHASE_CHAIN*/
2 /*
3 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998
4 * The Regents of the University of California. All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that: (1) source code distributions
8 * retain the above copyright notice and this paragraph in its entirety, (2)
9 * distributions including binary code include the above copyright notice and
10 * this paragraph in its entirety in the documentation or other materials
11 * provided with the distribution, and (3) all advertising materials mentioning
12 * features or use of this software display the following acknowledgement:
13 * ``This product includes software developed by the University of California,
14 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
15 * the University nor the names of its contributors may be used to endorse
16 * or promote products derived from this software without specific prior
17 * written permission.
18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
19 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
20 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
21 */
22 #ifndef lint
23 static const char rcsid[] =
24 "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.160.2.1 2002-04-06 23:58:24 guy Exp $ (LBL)";
25 #endif
26
27 #ifdef HAVE_CONFIG_H
28 #include "config.h"
29 #endif
30
31 #include <sys/types.h>
32 #include <sys/socket.h>
33 #include <sys/time.h>
34 #ifdef __NetBSD__
35 #include <sys/param.h>
36 #endif
37
38 struct mbuf;
39 struct rtentry;
40 #include <net/if.h>
41
42 #include <netinet/in.h>
43
44 #include <stdlib.h>
45 #include <string.h>
46 #include <memory.h>
47 #include <setjmp.h>
48 #include <stdarg.h>
49
50 #include "pcap-int.h"
51
52 #include "ethertype.h"
53 #include "nlpid.h"
54 #include "llc.h"
55 #include "gencode.h"
56 #include "ppp.h"
57 #include "sll.h"
58 #include "arcnet.h"
59 #include <pcap-namedb.h>
60 #ifdef INET6
61 #include <netdb.h>
62 #endif /*INET6*/
63
64 #define ETHERMTU 1500
65
66 #ifndef IPPROTO_SCTP
67 #define IPPROTO_SCTP 132
68 #endif
69
70 #ifdef HAVE_OS_PROTO_H
71 #include "os-proto.h"
72 #endif
73
74 #define JMP(c) ((c)|BPF_JMP|BPF_K)
75
76 /* Locals */
77 static jmp_buf top_ctx;
78 static pcap_t *bpf_pcap;
79
80 /* Hack for updating VLAN offsets. */
81 static u_int orig_linktype = -1, orig_nl = -1;
82
83 /* XXX */
84 #ifdef PCAP_FDDIPAD
85 int pcap_fddipad = PCAP_FDDIPAD;
86 #else
87 int pcap_fddipad;
88 #endif
89
90 /* VARARGS */
91 void
92 bpf_error(const char *fmt, ...)
93
94 {
95 va_list ap;
96
97 va_start(ap, fmt);
98 if (bpf_pcap != NULL)
99 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE,
100 fmt, ap);
101 va_end(ap);
102 longjmp(top_ctx, 1);
103 /* NOTREACHED */
104 }
105
106 static void init_linktype(int);
107
108 static int alloc_reg(void);
109 static void free_reg(int);
110
111 static struct block *root;
112
113 /*
114 * We divy out chunks of memory rather than call malloc each time so
115 * we don't have to worry about leaking memory. It's probably
116 * not a big deal if all this memory was wasted but it this ever
117 * goes into a library that would probably not be a good idea.
118 */
119 #define NCHUNKS 16
120 #define CHUNK0SIZE 1024
121 struct chunk {
122 u_int n_left;
123 void *m;
124 };
125
126 static struct chunk chunks[NCHUNKS];
127 static int cur_chunk;
128
129 static void *newchunk(u_int);
130 static void freechunks(void);
131 static inline struct block *new_block(int);
132 static inline struct slist *new_stmt(int);
133 static struct block *gen_retblk(int);
134 static inline void syntax(void);
135
136 static void backpatch(struct block *, struct block *);
137 static void merge(struct block *, struct block *);
138 static struct block *gen_cmp(u_int, u_int, bpf_int32);
139 static struct block *gen_cmp_gt(u_int, u_int, bpf_int32);
140 static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32);
141 static struct block *gen_bcmp(u_int, u_int, const u_char *);
142 static struct block *gen_uncond(int);
143 static inline struct block *gen_true(void);
144 static inline struct block *gen_false(void);
145 static struct block *gen_linktype(int);
146 static struct block *gen_snap(bpf_u_int32, bpf_u_int32, u_int);
147 static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int);
148 #ifdef INET6
149 static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int);
150 #endif
151 static struct block *gen_ahostop(const u_char *, int);
152 static struct block *gen_ehostop(const u_char *, int);
153 static struct block *gen_fhostop(const u_char *, int);
154 static struct block *gen_thostop(const u_char *, int);
155 static struct block *gen_dnhostop(bpf_u_int32, int, u_int);
156 static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int);
157 #ifdef INET6
158 static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int);
159 #endif
160 #ifndef INET6
161 static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int);
162 #endif
163 static struct block *gen_ipfrag(void);
164 static struct block *gen_portatom(int, bpf_int32);
165 #ifdef INET6
166 static struct block *gen_portatom6(int, bpf_int32);
167 #endif
168 struct block *gen_portop(int, int, int);
169 static struct block *gen_port(int, int, int);
170 #ifdef INET6
171 struct block *gen_portop6(int, int, int);
172 static struct block *gen_port6(int, int, int);
173 #endif
174 static int lookup_proto(const char *, int);
175 static struct block *gen_protochain(int, int, int);
176 static struct block *gen_proto(int, int, int);
177 static struct slist *xfer_to_x(struct arth *);
178 static struct slist *xfer_to_a(struct arth *);
179 static struct block *gen_len(int, int);
180
181 static void *
182 newchunk(n)
183 u_int n;
184 {
185 struct chunk *cp;
186 int k, size;
187
188 #ifndef __NetBSD__
189 /* XXX Round up to nearest long. */
190 n = (n + sizeof(long) - 1) & ~(sizeof(long) - 1);
191 #else
192 /* XXX Round up to structure boundary. */
193 n = ALIGN(n);
194 #endif
195
196 cp = &chunks[cur_chunk];
197 if (n > cp->n_left) {
198 ++cp, k = ++cur_chunk;
199 if (k >= NCHUNKS)
200 bpf_error("out of memory");
201 size = CHUNK0SIZE << k;
202 cp->m = (void *)malloc(size);
203 memset((char *)cp->m, 0, size);
204 cp->n_left = size;
205 if (n > size)
206 bpf_error("out of memory");
207 }
208 cp->n_left -= n;
209 return (void *)((char *)cp->m + cp->n_left);
210 }
211
212 static void
213 freechunks()
214 {
215 int i;
216
217 cur_chunk = 0;
218 for (i = 0; i < NCHUNKS; ++i)
219 if (chunks[i].m != NULL) {
220 free(chunks[i].m);
221 chunks[i].m = NULL;
222 }
223 }
224
225 /*
226 * A strdup whose allocations are freed after code generation is over.
227 */
228 char *
229 sdup(s)
230 register const char *s;
231 {
232 int n = strlen(s) + 1;
233 char *cp = newchunk(n);
234
235 strlcpy(cp, s, n);
236 return (cp);
237 }
238
239 static inline struct block *
240 new_block(code)
241 int code;
242 {
243 struct block *p;
244
245 p = (struct block *)newchunk(sizeof(*p));
246 p->s.code = code;
247 p->head = p;
248
249 return p;
250 }
251
252 static inline struct slist *
253 new_stmt(code)
254 int code;
255 {
256 struct slist *p;
257
258 p = (struct slist *)newchunk(sizeof(*p));
259 p->s.code = code;
260
261 return p;
262 }
263
264 static struct block *
265 gen_retblk(v)
266 int v;
267 {
268 struct block *b = new_block(BPF_RET|BPF_K);
269
270 b->s.k = v;
271 return b;
272 }
273
274 static inline void
275 syntax()
276 {
277 bpf_error("syntax error in filter expression");
278 }
279
280 static bpf_u_int32 netmask;
281 static int snaplen;
282 int no_optimize;
283
284 int
285 pcap_compile(pcap_t *p, struct bpf_program *program,
286 char *buf, int optimize, bpf_u_int32 mask)
287 {
288 extern int n_errors;
289 int len;
290
291 no_optimize = 0;
292 n_errors = 0;
293 root = NULL;
294 bpf_pcap = p;
295 if (setjmp(top_ctx)) {
296 lex_cleanup();
297 freechunks();
298 return (-1);
299 }
300
301 netmask = mask;
302
303 snaplen = pcap_snapshot(p);
304 if (snaplen == 0) {
305 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
306 "snaplen of 0 rejects all packets");
307 return -1;
308 }
309
310 lex_init(buf ? buf : "");
311 init_linktype(pcap_datalink(p));
312 (void)pcap_parse();
313
314 if (n_errors)
315 syntax();
316
317 if (root == NULL)
318 root = gen_retblk(snaplen);
319
320 if (optimize && !no_optimize) {
321 bpf_optimize(&root);
322 if (root == NULL ||
323 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0))
324 bpf_error("expression rejects all packets");
325 }
326 program->bf_insns = icode_to_fcode(root, &len);
327 program->bf_len = len;
328
329 lex_cleanup();
330 freechunks();
331 return (0);
332 }
333
334 /*
335 * entry point for using the compiler with no pcap open
336 * pass in all the stuff that is needed explicitly instead.
337 */
338 int
339 pcap_compile_nopcap(int snaplen_arg, int linktype_arg,
340 struct bpf_program *program,
341 char *buf, int optimize, bpf_u_int32 mask)
342 {
343 pcap_t *p;
344 int ret;
345
346 p = pcap_open_dead(linktype_arg, snaplen_arg);
347 if (p == NULL)
348 return (-1);
349 ret = pcap_compile(p, program, buf, optimize, mask);
350 pcap_close(p);
351 return (ret);
352 }
353
354 /*
355 * Clean up a "struct bpf_program" by freeing all the memory allocated
356 * in it.
357 */
358 void
359 pcap_freecode(struct bpf_program *program)
360 {
361 program->bf_len = 0;
362 if (program->bf_insns != NULL) {
363 free((char *)program->bf_insns);
364 program->bf_insns = NULL;
365 }
366 }
367
368 /*
369 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates
370 * which of the jt and jf fields has been resolved and which is a pointer
371 * back to another unresolved block (or nil). At least one of the fields
372 * in each block is already resolved.
373 */
374 static void
375 backpatch(list, target)
376 struct block *list, *target;
377 {
378 struct block *next;
379
380 while (list) {
381 if (!list->sense) {
382 next = JT(list);
383 JT(list) = target;
384 } else {
385 next = JF(list);
386 JF(list) = target;
387 }
388 list = next;
389 }
390 }
391
392 /*
393 * Merge the lists in b0 and b1, using the 'sense' field to indicate
394 * which of jt and jf is the link.
395 */
396 static void
397 merge(b0, b1)
398 struct block *b0, *b1;
399 {
400 register struct block **p = &b0;
401
402 /* Find end of list. */
403 while (*p)
404 p = !((*p)->sense) ? &JT(*p) : &JF(*p);
405
406 /* Concatenate the lists. */
407 *p = b1;
408 }
409
410 void
411 finish_parse(p)
412 struct block *p;
413 {
414 backpatch(p, gen_retblk(snaplen));
415 p->sense = !p->sense;
416 backpatch(p, gen_retblk(0));
417 root = p->head;
418 }
419
420 void
421 gen_and(b0, b1)
422 struct block *b0, *b1;
423 {
424 backpatch(b0, b1->head);
425 b0->sense = !b0->sense;
426 b1->sense = !b1->sense;
427 merge(b1, b0);
428 b1->sense = !b1->sense;
429 b1->head = b0->head;
430 }
431
432 void
433 gen_or(b0, b1)
434 struct block *b0, *b1;
435 {
436 b0->sense = !b0->sense;
437 backpatch(b0, b1->head);
438 b0->sense = !b0->sense;
439 merge(b1, b0);
440 b1->head = b0->head;
441 }
442
443 void
444 gen_not(b)
445 struct block *b;
446 {
447 b->sense = !b->sense;
448 }
449
450 static struct block *
451 gen_cmp(offset, size, v)
452 u_int offset, size;
453 bpf_int32 v;
454 {
455 struct slist *s;
456 struct block *b;
457
458 s = new_stmt(BPF_LD|BPF_ABS|size);
459 s->s.k = offset;
460
461 b = new_block(JMP(BPF_JEQ));
462 b->stmts = s;
463 b->s.k = v;
464
465 return b;
466 }
467
468 static struct block *
469 gen_cmp_gt(offset, size, v)
470 u_int offset, size;
471 bpf_int32 v;
472 {
473 struct slist *s;
474 struct block *b;
475
476 s = new_stmt(BPF_LD|BPF_ABS|size);
477 s->s.k = offset;
478
479 b = new_block(JMP(BPF_JGT));
480 b->stmts = s;
481 b->s.k = v;
482
483 return b;
484 }
485
486 static struct block *
487 gen_mcmp(offset, size, v, mask)
488 u_int offset, size;
489 bpf_int32 v;
490 bpf_u_int32 mask;
491 {
492 struct block *b = gen_cmp(offset, size, v);
493 struct slist *s;
494
495 if (mask != 0xffffffff) {
496 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
497 s->s.k = mask;
498 b->stmts->next = s;
499 }
500 return b;
501 }
502
503 static struct block *
504 gen_bcmp(offset, size, v)
505 register u_int offset, size;
506 register const u_char *v;
507 {
508 register struct block *b, *tmp;
509
510 b = NULL;
511 while (size >= 4) {
512 register const u_char *p = &v[size - 4];
513 bpf_int32 w = ((bpf_int32)p[0] << 24) |
514 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3];
515
516 tmp = gen_cmp(offset + size - 4, BPF_W, w);
517 if (b != NULL)
518 gen_and(b, tmp);
519 b = tmp;
520 size -= 4;
521 }
522 while (size >= 2) {
523 register const u_char *p = &v[size - 2];
524 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1];
525
526 tmp = gen_cmp(offset + size - 2, BPF_H, w);
527 if (b != NULL)
528 gen_and(b, tmp);
529 b = tmp;
530 size -= 2;
531 }
532 if (size > 0) {
533 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]);
534 if (b != NULL)
535 gen_and(b, tmp);
536 b = tmp;
537 }
538 return b;
539 }
540
541 /*
542 * Various code constructs need to know the layout of the data link
543 * layer. These variables give the necessary offsets. off_linktype
544 * is set to -1 for no encapsulation, in which case, IP is assumed.
545 */
546 static u_int off_linktype;
547 static u_int off_nl;
548 static int linktype;
549
550 static void
551 init_linktype(type)
552 int type;
553 {
554 linktype = type;
555
556 orig_linktype = -1;
557 orig_nl = -1;
558
559 switch (type) {
560
561 case DLT_ARCNET:
562 off_linktype = 2;
563 off_nl = 6; /* XXX in reality, variable! */
564 return;
565
566 case DLT_EN10MB:
567 off_linktype = 12;
568 off_nl = 14;
569 return;
570
571 case DLT_SLIP:
572 /*
573 * SLIP doesn't have a link level type. The 16 byte
574 * header is hacked into our SLIP driver.
575 */
576 off_linktype = -1;
577 off_nl = 16;
578 return;
579
580 case DLT_SLIP_BSDOS:
581 /* XXX this may be the same as the DLT_PPP_BSDOS case */
582 off_linktype = -1;
583 /* XXX end */
584 off_nl = 24;
585 return;
586
587 case DLT_NULL:
588 case DLT_LOOP:
589 off_linktype = 0;
590 off_nl = 4;
591 return;
592
593 case DLT_PPP:
594 case DLT_C_HDLC: /* BSD/OS Cisco HDLC */
595 case DLT_PPP_SERIAL: /* NetBSD sync/async serial PPP */
596 off_linktype = 2;
597 off_nl = 4;
598 return;
599
600 case DLT_PPP_ETHER:
601 /*
602 * This does no include the Ethernet header, and
603 * only covers session state.
604 */
605 off_linktype = 6;
606 off_nl = 8;
607 return;
608
609 case DLT_PPP_BSDOS:
610 off_linktype = 5;
611 off_nl = 24;
612 return;
613
614 case DLT_FDDI:
615 /*
616 * FDDI doesn't really have a link-level type field.
617 * We set "off_linktype" to the offset of the LLC header.
618 *
619 * To check for Ethernet types, we assume that SSAP = SNAP
620 * is being used and pick out the encapsulated Ethernet type.
621 * XXX - should we generate code to check for SNAP?
622 */
623 off_linktype = 13;
624 #ifdef PCAP_FDDIPAD
625 off_linktype += pcap_fddipad;
626 #endif
627 off_nl = 21;
628 #ifdef PCAP_FDDIPAD
629 off_nl += pcap_fddipad;
630 #endif
631 return;
632
633 case DLT_IEEE802:
634 /*
635 * Token Ring doesn't really have a link-level type field.
636 * We set "off_linktype" to the offset of the LLC header.
637 *
638 * To check for Ethernet types, we assume that SSAP = SNAP
639 * is being used and pick out the encapsulated Ethernet type.
640 * XXX - should we generate code to check for SNAP?
641 *
642 * XXX - the header is actually variable-length.
643 * Some various Linux patched versions gave 38
644 * as "off_linktype" and 40 as "off_nl"; however,
645 * if a token ring packet has *no* routing
646 * information, i.e. is not source-routed, the correct
647 * values are 20 and 22, as they are in the vanilla code.
648 *
649 * A packet is source-routed iff the uppermost bit
650 * of the first byte of the source address, at an
651 * offset of 8, has the uppermost bit set. If the
652 * packet is source-routed, the total number of bytes
653 * of routing information is 2 plus bits 0x1F00 of
654 * the 16-bit value at an offset of 14 (shifted right
655 * 8 - figure out which byte that is).
656 */
657 off_linktype = 14;
658 off_nl = 22;
659 return;
660
661 case DLT_IEEE802_11:
662 /*
663 * 802.11 doesn't really have a link-level type field.
664 * We set "off_linktype" to the offset of the LLC header.
665 *
666 * To check for Ethernet types, we assume that SSAP = SNAP
667 * is being used and pick out the encapsulated Ethernet type.
668 * XXX - should we generate code to check for SNAP?
669 *
670 * XXX - the header is actually variable-length. We
671 * assume a 24-byte link-layer header, as appears in
672 * data frames in networks with no bridges.
673 */
674 off_linktype = 24;
675 off_nl = 30;
676 return;
677
678 case DLT_PRISM_HEADER:
679 /*
680 * Same as 802.11, but with an additional header before
681 * the 802.11 header, containing a bunch of additional
682 * information including radio-level information.
683 *
684 * The header is 144 bytes long.
685 *
686 * XXX - same variable-length header problem; at least
687 * the Prism header is fixed-length.
688 */
689 off_linktype = 144+24;
690 off_nl = 144+30;
691 return;
692
693 case DLT_ATM_RFC1483:
694 /*
695 * assume routed, non-ISO PDUs
696 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00)
697 */
698 off_linktype = 6;
699 off_nl = 8;
700 return;
701
702 case DLT_RAW:
703 off_linktype = -1;
704 off_nl = 0;
705 return;
706
707 case DLT_ATM_CLIP: /* Linux ATM defines this */
708 off_linktype = 6;
709 off_nl = 8;
710 return;
711
712 case DLT_LINUX_SLL: /* fake header for Linux cooked socket */
713 off_linktype = 14;
714 off_nl = 16;
715 return;
716
717 case DLT_LTALK:
718 /*
719 * LocalTalk does have a 1-byte type field in the LLAP header,
720 * but really it just indicates whether there is a "short" or
721 * "long" DDP packet following.
722 */
723 off_linktype = -1;
724 off_nl = 0;
725 return;
726 }
727 bpf_error("unknown data link type %d", linktype);
728 /* NOTREACHED */
729 }
730
731 static struct block *
732 gen_uncond(rsense)
733 int rsense;
734 {
735 struct block *b;
736 struct slist *s;
737
738 s = new_stmt(BPF_LD|BPF_IMM);
739 s->s.k = !rsense;
740 b = new_block(JMP(BPF_JEQ));
741 b->stmts = s;
742
743 return b;
744 }
745
746 static inline struct block *
747 gen_true()
748 {
749 return gen_uncond(1);
750 }
751
752 static inline struct block *
753 gen_false()
754 {
755 return gen_uncond(0);
756 }
757
758 /*
759 * Byte-swap a 32-bit number.
760 * ("htonl()" or "ntohl()" won't work - we want to byte-swap even on
761 * big-endian platforms.)
762 */
763 #define SWAPLONG(y) \
764 ((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff))
765
766 static struct block *
767 gen_linktype(proto)
768 register int proto;
769 {
770 struct block *b0, *b1;
771
772 switch (linktype) {
773
774 case DLT_EN10MB:
775 switch (proto) {
776
777 case LLCSAP_ISONS:
778 /*
779 * OSI protocols always use 802.2 encapsulation.
780 * XXX - should we check both the DSAP and the
781 * SSAP, like this, or should we check just the
782 * DSAP?
783 */
784 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
785 gen_not(b0);
786 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
787 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
788 gen_and(b0, b1);
789 return b1;
790
791 case LLCSAP_NETBEUI:
792 /*
793 * NetBEUI always uses 802.2 encapsulation.
794 * XXX - should we check both the DSAP and the
795 * SSAP, like this, or should we check just the
796 * DSAP?
797 */
798 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
799 gen_not(b0);
800 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
801 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
802 gen_and(b0, b1);
803 return b1;
804
805 case LLCSAP_IPX:
806 /*
807 * Check for;
808 *
809 * Ethernet_II frames, which are Ethernet
810 * frames with a frame type of ETHERTYPE_IPX;
811 *
812 * Ethernet_802.3 frames, which are 802.3
813 * frames (i.e., the type/length field is
814 * a length field, <= ETHERMTU, rather than
815 * a type field) with the first two bytes
816 * after the Ethernet/802.3 header being
817 * 0xFFFF;
818 *
819 * Ethernet_802.2 frames, which are 802.3
820 * frames with an 802.2 LLC header and
821 * with the IPX LSAP as the DSAP in the LLC
822 * header;
823 *
824 * Ethernet_SNAP frames, which are 802.3
825 * frames with an LLC header and a SNAP
826 * header and with an OUI of 0x000000
827 * (encapsulated Ethernet) and a protocol
828 * ID of ETHERTYPE_IPX in the SNAP header.
829 *
830 * XXX - should we generate the same code both
831 * for tests for LLCSAP_IPX and for ETHERTYPE_IPX?
832 */
833
834 /*
835 * This generates code to check both for the
836 * IPX LSAP (Ethernet_802.2) and for Ethernet_802.3.
837 */
838 b0 = gen_cmp(off_linktype + 2, BPF_B,
839 (bpf_int32)LLCSAP_IPX);
840 b1 = gen_cmp(off_linktype + 2, BPF_H,
841 (bpf_int32)0xFFFF);
842 gen_or(b0, b1);
843
844 /*
845 * Now we add code to check for SNAP frames with
846 * ETHERTYPE_IPX, i.e. Ethernet_SNAP.
847 */
848 b0 = gen_snap(0x000000, ETHERTYPE_IPX, 14);
849 gen_or(b0, b1);
850
851 /*
852 * Now we generate code to check for 802.3
853 * frames in general.
854 */
855 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
856 gen_not(b0);
857
858 /*
859 * Now add the check for 802.3 frames before the
860 * check for Ethernet_802.2 and Ethernet_802.3,
861 * as those checks should only be done on 802.3
862 * frames, not on Ethernet frames.
863 */
864 gen_and(b0, b1);
865
866 /*
867 * Now add the check for Ethernet_II frames, and
868 * do that before checking for the other frame
869 * types.
870 */
871 b0 = gen_cmp(off_linktype, BPF_H,
872 (bpf_int32)ETHERTYPE_IPX);
873 gen_or(b0, b1);
874 return b1;
875
876 case ETHERTYPE_ATALK:
877 case ETHERTYPE_AARP:
878 /*
879 * EtherTalk (AppleTalk protocols on Ethernet link
880 * layer) may use 802.2 encapsulation.
881 */
882
883 /*
884 * Check for 802.2 encapsulation (EtherTalk phase 2?);
885 * we check for an Ethernet type field less than
886 * 1500, which means it's an 802.3 length field.
887 */
888 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
889 gen_not(b0);
890
891 /*
892 * 802.2-encapsulated ETHERTYPE_ATALK packets are
893 * SNAP packets with an organization code of
894 * 0x080007 (Apple, for Appletalk) and a protocol
895 * type of ETHERTYPE_ATALK (Appletalk).
896 *
897 * 802.2-encapsulated ETHERTYPE_AARP packets are
898 * SNAP packets with an organization code of
899 * 0x000000 (encapsulated Ethernet) and a protocol
900 * type of ETHERTYPE_AARP (Appletalk ARP).
901 */
902 if (proto == ETHERTYPE_ATALK)
903 b1 = gen_snap(0x080007, ETHERTYPE_ATALK, 14);
904 else /* proto == ETHERTYPE_AARP */
905 b1 = gen_snap(0x000000, ETHERTYPE_AARP, 14);
906 gen_and(b0, b1);
907
908 /*
909 * Check for Ethernet encapsulation (Ethertalk
910 * phase 1?); we just check for the Ethernet
911 * protocol type.
912 */
913 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
914
915 gen_or(b0, b1);
916 return b1;
917
918 default:
919 if (proto <= ETHERMTU) {
920 /*
921 * This is an LLC SAP value, so the frames
922 * that match would be 802.2 frames.
923 * Check that the frame is an 802.2 frame
924 * (i.e., that the length/type field is
925 * a length field, <= ETHERMTU) and
926 * then check the DSAP.
927 */
928 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
929 gen_not(b0);
930 b1 = gen_cmp(off_linktype + 2, BPF_B,
931 (bpf_int32)proto);
932 gen_and(b0, b1);
933 return b1;
934 } else {
935 /*
936 * This is an Ethernet type, so compare
937 * the length/type field with it (if
938 * the frame is an 802.2 frame, the length
939 * field will be <= ETHERMTU, and, as
940 * "proto" is > ETHERMTU, this test
941 * will fail and the frame won't match,
942 * which is what we want).
943 */
944 return gen_cmp(off_linktype, BPF_H,
945 (bpf_int32)proto);
946 }
947 }
948 break;
949
950 case DLT_IEEE802_11:
951 case DLT_PRISM_HEADER:
952 case DLT_FDDI:
953 case DLT_IEEE802:
954 case DLT_ATM_RFC1483:
955 case DLT_ATM_CLIP:
956 /*
957 * XXX - handle token-ring variable-length header.
958 */
959 switch (proto) {
960
961 case LLCSAP_ISONS:
962 return gen_cmp(off_linktype, BPF_H, (long)
963 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
964
965 case LLCSAP_NETBEUI:
966 return gen_cmp(off_linktype, BPF_H, (long)
967 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
968
969 case LLCSAP_IPX:
970 /*
971 * XXX - are there ever SNAP frames for IPX on
972 * non-Ethernet 802.x networks?
973 */
974 return gen_cmp(off_linktype, BPF_B,
975 (bpf_int32)LLCSAP_IPX);
976
977 case ETHERTYPE_ATALK:
978 /*
979 * 802.2-encapsulated ETHERTYPE_ATALK packets are
980 * SNAP packets with an organization code of
981 * 0x080007 (Apple, for Appletalk) and a protocol
982 * type of ETHERTYPE_ATALK (Appletalk).
983 *
984 * XXX - check for an organization code of
985 * encapsulated Ethernet as well?
986 */
987 return gen_snap(0x080007, ETHERTYPE_ATALK,
988 off_linktype);
989 break;
990
991 default:
992 /*
993 * XXX - we don't have to check for IPX 802.3
994 * here, but should we check for the IPX Ethertype?
995 */
996 if (proto <= ETHERMTU) {
997 /*
998 * This is an LLC SAP value, so check
999 * the DSAP.
1000 */
1001 return gen_cmp(off_linktype, BPF_B,
1002 (bpf_int32)proto);
1003 } else {
1004 /*
1005 * This is an Ethernet type; we assume
1006 * that it's unlikely that it'll
1007 * appear in the right place at random,
1008 * and therefore check only the
1009 * location that would hold the Ethernet
1010 * type in a SNAP frame with an organization
1011 * code of 0x000000 (encapsulated Ethernet).
1012 *
1013 * XXX - if we were to check for the SNAP DSAP
1014 * and LSAP, as per XXX, and were also to check
1015 * for an organization code of 0x000000
1016 * (encapsulated Ethernet), we'd do
1017 *
1018 * return gen_snap(0x000000, proto,
1019 * off_linktype);
1020 *
1021 * here; for now, we don't, as per the above.
1022 * I don't know whether it's worth the
1023 * extra CPU time to do the right check
1024 * or not.
1025 */
1026 return gen_cmp(off_linktype+6, BPF_H,
1027 (bpf_int32)proto);
1028 }
1029 }
1030 break;
1031
1032 case DLT_LINUX_SLL:
1033 switch (proto) {
1034
1035 case LLCSAP_ISONS:
1036 /*
1037 * OSI protocols always use 802.2 encapsulation.
1038 * XXX - should we check both the DSAP and the
1039 * LSAP, like this, or should we check just the
1040 * DSAP?
1041 */
1042 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1043 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1044 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
1045 gen_and(b0, b1);
1046 return b1;
1047
1048 case LLCSAP_NETBEUI:
1049 /*
1050 * NetBEUI always uses 802.2 encapsulation.
1051 * XXX - should we check both the DSAP and the
1052 * LSAP, like this, or should we check just the
1053 * DSAP?
1054 */
1055 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1056 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1057 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
1058 gen_and(b0, b1);
1059 return b1;
1060
1061 case LLCSAP_IPX:
1062 /*
1063 * Ethernet_II frames, which are Ethernet
1064 * frames with a frame type of ETHERTYPE_IPX;
1065 *
1066 * Ethernet_802.3 frames, which have a frame
1067 * type of LINUX_SLL_P_802_3;
1068 *
1069 * Ethernet_802.2 frames, which are 802.3
1070 * frames with an 802.2 LLC header (i.e, have
1071 * a frame type of LINUX_SLL_P_802_2) and
1072 * with the IPX LSAP as the DSAP in the LLC
1073 * header;
1074 *
1075 * Ethernet_SNAP frames, which are 802.3
1076 * frames with an LLC header and a SNAP
1077 * header and with an OUI of 0x000000
1078 * (encapsulated Ethernet) and a protocol
1079 * ID of ETHERTYPE_IPX in the SNAP header.
1080 *
1081 * First, do the checks on LINUX_SLL_P_802_2
1082 * frames; generate the check for either
1083 * Ethernet_802.2 or Ethernet_SNAP frames, and
1084 * then put a check for LINUX_SLL_P_802_2 frames
1085 * before it.
1086 */
1087 b0 = gen_cmp(off_linktype + 2, BPF_B,
1088 (bpf_int32)LLCSAP_IPX);
1089 b1 = gen_snap(0x000000, ETHERTYPE_IPX,
1090 off_linktype + 2);
1091 gen_or(b0, b1);
1092 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1093 gen_and(b0, b1);
1094
1095 /*
1096 * Now check for 802.3 frames and OR that with
1097 * the previous test.
1098 */
1099 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_3);
1100 gen_or(b0, b1);
1101
1102 /*
1103 * Now add the check for Ethernet_II frames, and
1104 * do that before checking for the other frame
1105 * types.
1106 */
1107 b0 = gen_cmp(off_linktype, BPF_H,
1108 (bpf_int32)ETHERTYPE_IPX);
1109 gen_or(b0, b1);
1110 return b1;
1111
1112 case ETHERTYPE_ATALK:
1113 case ETHERTYPE_AARP:
1114 /*
1115 * EtherTalk (AppleTalk protocols on Ethernet link
1116 * layer) may use 802.2 encapsulation.
1117 */
1118
1119 /*
1120 * Check for 802.2 encapsulation (EtherTalk phase 2?);
1121 * we check for the 802.2 protocol type in the
1122 * "Ethernet type" field.
1123 */
1124 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1125
1126 /*
1127 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1128 * SNAP packets with an organization code of
1129 * 0x080007 (Apple, for Appletalk) and a protocol
1130 * type of ETHERTYPE_ATALK (Appletalk).
1131 *
1132 * 802.2-encapsulated ETHERTYPE_AARP packets are
1133 * SNAP packets with an organization code of
1134 * 0x000000 (encapsulated Ethernet) and a protocol
1135 * type of ETHERTYPE_AARP (Appletalk ARP).
1136 */
1137 if (proto == ETHERTYPE_ATALK)
1138 b1 = gen_snap(0x080007, ETHERTYPE_ATALK,
1139 off_linktype + 2);
1140 else /* proto == ETHERTYPE_AARP */
1141 b1 = gen_snap(0x000000, ETHERTYPE_AARP,
1142 off_linktype + 2);
1143 gen_and(b0, b1);
1144
1145 /*
1146 * Check for Ethernet encapsulation (Ethertalk
1147 * phase 1?); we just check for the Ethernet
1148 * protocol type.
1149 */
1150 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1151
1152 gen_or(b0, b1);
1153 return b1;
1154
1155 default:
1156 if (proto <= ETHERMTU) {
1157 /*
1158 * This is an LLC SAP value, so the frames
1159 * that match would be 802.2 frames.
1160 * Check for the 802.2 protocol type
1161 * in the "Ethernet type" field, and
1162 * then check the DSAP.
1163 */
1164 b0 = gen_cmp(off_linktype, BPF_H,
1165 LINUX_SLL_P_802_2);
1166 b1 = gen_cmp(off_linktype + 2, BPF_B,
1167 (bpf_int32)proto);
1168 gen_and(b0, b1);
1169 return b1;
1170 } else {
1171 /*
1172 * This is an Ethernet type, so compare
1173 * the length/type field with it (if
1174 * the frame is an 802.2 frame, the length
1175 * field will be <= ETHERMTU, and, as
1176 * "proto" is > ETHERMTU, this test
1177 * will fail and the frame won't match,
1178 * which is what we want).
1179 */
1180 return gen_cmp(off_linktype, BPF_H,
1181 (bpf_int32)proto);
1182 }
1183 }
1184 break;
1185
1186 case DLT_SLIP:
1187 case DLT_SLIP_BSDOS:
1188 case DLT_RAW:
1189 /*
1190 * These types don't provide any type field; packets
1191 * are always IP.
1192 *
1193 * XXX - for IPv4, check for a version number of 4, and,
1194 * for IPv6, check for a version number of 6?
1195 */
1196 switch (proto) {
1197
1198 case ETHERTYPE_IP:
1199 #ifdef INET6
1200 case ETHERTYPE_IPV6:
1201 #endif
1202 return gen_true(); /* always true */
1203
1204 default:
1205 return gen_false(); /* always false */
1206 }
1207 break;
1208
1209 case DLT_PPP:
1210 case DLT_PPP_SERIAL:
1211 case DLT_PPP_ETHER:
1212 /*
1213 * We use Ethernet protocol types inside libpcap;
1214 * map them to the corresponding PPP protocol types.
1215 */
1216 switch (proto) {
1217
1218 case ETHERTYPE_IP:
1219 proto = PPP_IP; /* XXX was 0x21 */
1220 break;
1221
1222 #ifdef INET6
1223 case ETHERTYPE_IPV6:
1224 proto = PPP_IPV6;
1225 break;
1226 #endif
1227
1228 case ETHERTYPE_DN:
1229 proto = PPP_DECNET;
1230 break;
1231
1232 case ETHERTYPE_ATALK:
1233 proto = PPP_APPLE;
1234 break;
1235
1236 case ETHERTYPE_NS:
1237 proto = PPP_NS;
1238 break;
1239
1240 case LLCSAP_ISONS:
1241 proto = PPP_OSI;
1242 break;
1243
1244 case LLCSAP_8021D:
1245 /*
1246 * I'm assuming the "Bridging PDU"s that go
1247 * over PPP are Spanning Tree Protocol
1248 * Bridging PDUs.
1249 */
1250 proto = PPP_BRPDU;
1251 break;
1252
1253 case LLCSAP_IPX:
1254 proto = PPP_IPX;
1255 break;
1256 }
1257 break;
1258
1259 case DLT_PPP_BSDOS:
1260 /*
1261 * We use Ethernet protocol types inside libpcap;
1262 * map them to the corresponding PPP protocol types.
1263 */
1264 switch (proto) {
1265
1266 case ETHERTYPE_IP:
1267 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP);
1268 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC);
1269 gen_or(b0, b1);
1270 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC);
1271 gen_or(b1, b0);
1272 return b0;
1273
1274 #ifdef INET6
1275 case ETHERTYPE_IPV6:
1276 proto = PPP_IPV6;
1277 /* more to go? */
1278 break;
1279 #endif
1280
1281 case ETHERTYPE_DN:
1282 proto = PPP_DECNET;
1283 break;
1284
1285 case ETHERTYPE_ATALK:
1286 proto = PPP_APPLE;
1287 break;
1288
1289 case ETHERTYPE_NS:
1290 proto = PPP_NS;
1291 break;
1292
1293 case LLCSAP_ISONS:
1294 proto = PPP_OSI;
1295 break;
1296
1297 case LLCSAP_8021D:
1298 /*
1299 * I'm assuming the "Bridging PDU"s that go
1300 * over PPP are Spanning Tree Protocol
1301 * Bridging PDUs.
1302 */
1303 proto = PPP_BRPDU;
1304 break;
1305
1306 case LLCSAP_IPX:
1307 proto = PPP_IPX;
1308 break;
1309 }
1310 break;
1311
1312 case DLT_NULL:
1313 case DLT_LOOP:
1314 /*
1315 * For DLT_NULL, the link-layer header is a 32-bit
1316 * word containing an AF_ value in *host* byte order.
1317 *
1318 * In addition, if we're reading a saved capture file,
1319 * the host byte order in the capture may not be the
1320 * same as the host byte order on this machine.
1321 *
1322 * For DLT_LOOP, the link-layer header is a 32-bit
1323 * word containing an AF_ value in *network* byte order.
1324 *
1325 * XXX - AF_ values may, unfortunately, be platform-
1326 * dependent; for example, FreeBSD's AF_INET6 is 24
1327 * whilst NetBSD's and OpenBSD's is 26.
1328 *
1329 * This means that, when reading a capture file, just
1330 * checking for our AF_INET6 value won't work if the
1331 * capture file came from another OS.
1332 */
1333 switch (proto) {
1334
1335 case ETHERTYPE_IP:
1336 proto = AF_INET;
1337 break;
1338
1339 #ifdef INET6
1340 case ETHERTYPE_IPV6:
1341 proto = AF_INET6;
1342 break;
1343 #endif
1344
1345 default:
1346 /*
1347 * Not a type on which we support filtering.
1348 * XXX - support those that have AF_ values
1349 * #defined on this platform, at least?
1350 */
1351 return gen_false();
1352 }
1353
1354 if (linktype == DLT_NULL) {
1355 /*
1356 * The AF_ value is in host byte order, but
1357 * the BPF interpreter will convert it to
1358 * network byte order.
1359 *
1360 * If this is a save file, and it's from a
1361 * machine with the opposite byte order to
1362 * ours, we byte-swap the AF_ value.
1363 *
1364 * Then we run it through "htonl()", and
1365 * generate code to compare against the result.
1366 */
1367 if (bpf_pcap->sf.rfile != NULL &&
1368 bpf_pcap->sf.swapped)
1369 proto = SWAPLONG(proto);
1370 proto = htonl(proto);
1371 }
1372 return (gen_cmp(0, BPF_W, (bpf_int32)proto));
1373
1374 case DLT_ARCNET:
1375 /*
1376 * XXX should we check for first fragment if the protocol
1377 * uses PHDS?
1378 */
1379 switch(proto) {
1380 default:
1381 return gen_false();
1382 #ifdef INET6
1383 case ETHERTYPE_IPV6:
1384 return(gen_cmp(2, BPF_B,
1385 (bpf_int32)htonl(ARCTYPE_INET6)));
1386 #endif /* INET6 */
1387 case ETHERTYPE_IP:
1388 b0 = gen_cmp(2, BPF_B, (bpf_int32)htonl(ARCTYPE_IP));
1389 b1 = gen_cmp(2, BPF_B,
1390 (bpf_int32)htonl(ARCTYPE_IP_OLD));
1391 gen_or(b0, b1);
1392 return(b1);
1393 case ETHERTYPE_ARP:
1394 b0 = gen_cmp(2, BPF_B, (bpf_int32)htonl(ARCTYPE_ARP));
1395 b1 = gen_cmp(2, BPF_B,
1396 (bpf_int32)htonl(ARCTYPE_ARP_OLD));
1397 gen_or(b0, b1);
1398 return(b1);
1399 case ETHERTYPE_REVARP:
1400 return(gen_cmp(2, BPF_B,
1401 (bpf_int32)htonl(ARCTYPE_REVARP)));
1402 case ETHERTYPE_ATALK:
1403 return(gen_cmp(2, BPF_B,
1404 (bpf_int32)htonl(ARCTYPE_ATALK)));
1405 }
1406 break;
1407
1408 case DLT_LTALK:
1409 switch (proto) {
1410 case ETHERTYPE_ATALK:
1411 return gen_true();
1412 default:
1413 return gen_false();
1414 }
1415 break;
1416 }
1417
1418 /*
1419 * All the types that have no encapsulation should either be
1420 * handled as DLT_SLIP, DLT_SLIP_BSDOS, and DLT_RAW are, if
1421 * all packets are IP packets, or should be handled in some
1422 * special case, if none of them are (if some are and some
1423 * aren't, the lack of encapsulation is a problem, as we'd
1424 * have to find some other way of determining the packet type).
1425 *
1426 * Therefore, if "off_linktype" is -1, there's an error.
1427 */
1428 if (off_linktype == -1)
1429 abort();
1430
1431 /*
1432 * Any type not handled above should always have an Ethernet
1433 * type at an offset of "off_linktype". (PPP is partially
1434 * handled above - the protocol type is mapped from the
1435 * Ethernet and LLC types we use internally to the corresponding
1436 * PPP type - but the PPP type is always specified by a value
1437 * at "off_linktype", so we don't have to do the code generation
1438 * above.)
1439 */
1440 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1441 }
1442
1443 /*
1444 * Check for an LLC SNAP packet with a given organization code and
1445 * protocol type; we check the entire contents of the 802.2 LLC and
1446 * snap headers, checking for DSAP and SSAP of SNAP and a control
1447 * field of 0x03 in the LLC header, and for the specified organization
1448 * code and protocol type in the SNAP header.
1449 */
1450 static struct block *
1451 gen_snap(orgcode, ptype, offset)
1452 bpf_u_int32 orgcode;
1453 bpf_u_int32 ptype;
1454 u_int offset;
1455 {
1456 u_char snapblock[8];
1457
1458 snapblock[0] = LLCSAP_SNAP; /* DSAP = SNAP */
1459 snapblock[1] = LLCSAP_SNAP; /* SSAP = SNAP */
1460 snapblock[2] = 0x03; /* control = UI */
1461 snapblock[3] = (orgcode >> 16); /* upper 8 bits of organization code */
1462 snapblock[4] = (orgcode >> 8); /* middle 8 bits of organization code */
1463 snapblock[5] = (orgcode >> 0); /* lower 8 bits of organization code */
1464 snapblock[6] = (ptype >> 8); /* upper 8 bits of protocol type */
1465 snapblock[7] = (ptype >> 0); /* lower 8 bits of protocol type */
1466 return gen_bcmp(offset, 8, snapblock);
1467 }
1468
1469 static struct block *
1470 gen_hostop(addr, mask, dir, proto, src_off, dst_off)
1471 bpf_u_int32 addr;
1472 bpf_u_int32 mask;
1473 int dir, proto;
1474 u_int src_off, dst_off;
1475 {
1476 struct block *b0, *b1;
1477 u_int offset;
1478
1479 switch (dir) {
1480
1481 case Q_SRC:
1482 offset = src_off;
1483 break;
1484
1485 case Q_DST:
1486 offset = dst_off;
1487 break;
1488
1489 case Q_AND:
1490 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
1491 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
1492 gen_and(b0, b1);
1493 return b1;
1494
1495 case Q_OR:
1496 case Q_DEFAULT:
1497 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
1498 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
1499 gen_or(b0, b1);
1500 return b1;
1501
1502 default:
1503 abort();
1504 }
1505 b0 = gen_linktype(proto);
1506 b1 = gen_mcmp(offset, BPF_W, (bpf_int32)addr, mask);
1507 gen_and(b0, b1);
1508 return b1;
1509 }
1510
1511 #ifdef INET6
1512 static struct block *
1513 gen_hostop6(addr, mask, dir, proto, src_off, dst_off)
1514 struct in6_addr *addr;
1515 struct in6_addr *mask;
1516 int dir, proto;
1517 u_int src_off, dst_off;
1518 {
1519 struct block *b0, *b1;
1520 u_int offset;
1521 u_int32_t *a, *m;
1522
1523 switch (dir) {
1524
1525 case Q_SRC:
1526 offset = src_off;
1527 break;
1528
1529 case Q_DST:
1530 offset = dst_off;
1531 break;
1532
1533 case Q_AND:
1534 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
1535 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
1536 gen_and(b0, b1);
1537 return b1;
1538
1539 case Q_OR:
1540 case Q_DEFAULT:
1541 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
1542 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
1543 gen_or(b0, b1);
1544 return b1;
1545
1546 default:
1547 abort();
1548 }
1549 /* this order is important */
1550 a = (u_int32_t *)addr;
1551 m = (u_int32_t *)mask;
1552 b1 = gen_mcmp(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3]));
1553 b0 = gen_mcmp(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2]));
1554 gen_and(b0, b1);
1555 b0 = gen_mcmp(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1]));
1556 gen_and(b0, b1);
1557 b0 = gen_mcmp(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0]));
1558 gen_and(b0, b1);
1559 b0 = gen_linktype(proto);
1560 gen_and(b0, b1);
1561 return b1;
1562 }
1563 #endif /*INET6*/
1564
1565 static struct block *
1566 gen_ehostop(eaddr, dir)
1567 register const u_char *eaddr;
1568 register int dir;
1569 {
1570 register struct block *b0, *b1;
1571
1572 switch (dir) {
1573 case Q_SRC:
1574 return gen_bcmp(6, 6, eaddr);
1575
1576 case Q_DST:
1577 return gen_bcmp(0, 6, eaddr);
1578
1579 case Q_AND:
1580 b0 = gen_ehostop(eaddr, Q_SRC);
1581 b1 = gen_ehostop(eaddr, Q_DST);
1582 gen_and(b0, b1);
1583 return b1;
1584
1585 case Q_DEFAULT:
1586 case Q_OR:
1587 b0 = gen_ehostop(eaddr, Q_SRC);
1588 b1 = gen_ehostop(eaddr, Q_DST);
1589 gen_or(b0, b1);
1590 return b1;
1591 }
1592 abort();
1593 /* NOTREACHED */
1594 }
1595
1596 /*
1597 * Like gen_ehostop, but for DLT_FDDI
1598 */
1599 static struct block *
1600 gen_fhostop(eaddr, dir)
1601 register const u_char *eaddr;
1602 register int dir;
1603 {
1604 struct block *b0, *b1;
1605
1606 switch (dir) {
1607 case Q_SRC:
1608 #ifdef PCAP_FDDIPAD
1609 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr);
1610 #else
1611 return gen_bcmp(6 + 1, 6, eaddr);
1612 #endif
1613
1614 case Q_DST:
1615 #ifdef PCAP_FDDIPAD
1616 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr);
1617 #else
1618 return gen_bcmp(0 + 1, 6, eaddr);
1619 #endif
1620
1621 case Q_AND:
1622 b0 = gen_fhostop(eaddr, Q_SRC);
1623 b1 = gen_fhostop(eaddr, Q_DST);
1624 gen_and(b0, b1);
1625 return b1;
1626
1627 case Q_DEFAULT:
1628 case Q_OR:
1629 b0 = gen_fhostop(eaddr, Q_SRC);
1630 b1 = gen_fhostop(eaddr, Q_DST);
1631 gen_or(b0, b1);
1632 return b1;
1633 }
1634 abort();
1635 /* NOTREACHED */
1636 }
1637
1638 /*
1639 * Like gen_ehostop, but for DLT_IEEE802 (Token Ring)
1640 */
1641 static struct block *
1642 gen_thostop(eaddr, dir)
1643 register const u_char *eaddr;
1644 register int dir;
1645 {
1646 register struct block *b0, *b1;
1647
1648 switch (dir) {
1649 case Q_SRC:
1650 return gen_bcmp(8, 6, eaddr);
1651
1652 case Q_DST:
1653 return gen_bcmp(2, 6, eaddr);
1654
1655 case Q_AND:
1656 b0 = gen_thostop(eaddr, Q_SRC);
1657 b1 = gen_thostop(eaddr, Q_DST);
1658 gen_and(b0, b1);
1659 return b1;
1660
1661 case Q_DEFAULT:
1662 case Q_OR:
1663 b0 = gen_thostop(eaddr, Q_SRC);
1664 b1 = gen_thostop(eaddr, Q_DST);
1665 gen_or(b0, b1);
1666 return b1;
1667 }
1668 abort();
1669 /* NOTREACHED */
1670 }
1671
1672 /*
1673 * This is quite tricky because there may be pad bytes in front of the
1674 * DECNET header, and then there are two possible data packet formats that
1675 * carry both src and dst addresses, plus 5 packet types in a format that
1676 * carries only the src node, plus 2 types that use a different format and
1677 * also carry just the src node.
1678 *
1679 * Yuck.
1680 *
1681 * Instead of doing those all right, we just look for data packets with
1682 * 0 or 1 bytes of padding. If you want to look at other packets, that
1683 * will require a lot more hacking.
1684 *
1685 * To add support for filtering on DECNET "areas" (network numbers)
1686 * one would want to add a "mask" argument to this routine. That would
1687 * make the filter even more inefficient, although one could be clever
1688 * and not generate masking instructions if the mask is 0xFFFF.
1689 */
1690 static struct block *
1691 gen_dnhostop(addr, dir, base_off)
1692 bpf_u_int32 addr;
1693 int dir;
1694 u_int base_off;
1695 {
1696 struct block *b0, *b1, *b2, *tmp;
1697 u_int offset_lh; /* offset if long header is received */
1698 u_int offset_sh; /* offset if short header is received */
1699
1700 switch (dir) {
1701
1702 case Q_DST:
1703 offset_sh = 1; /* follows flags */
1704 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */
1705 break;
1706
1707 case Q_SRC:
1708 offset_sh = 3; /* follows flags, dstnode */
1709 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */
1710 break;
1711
1712 case Q_AND:
1713 /* Inefficient because we do our Calvinball dance twice */
1714 b0 = gen_dnhostop(addr, Q_SRC, base_off);
1715 b1 = gen_dnhostop(addr, Q_DST, base_off);
1716 gen_and(b0, b1);
1717 return b1;
1718
1719 case Q_OR:
1720 case Q_DEFAULT:
1721 /* Inefficient because we do our Calvinball dance twice */
1722 b0 = gen_dnhostop(addr, Q_SRC, base_off);
1723 b1 = gen_dnhostop(addr, Q_DST, base_off);
1724 gen_or(b0, b1);
1725 return b1;
1726
1727 case Q_ISO:
1728 bpf_error("ISO host filtering not implemented");
1729
1730 default:
1731 abort();
1732 }
1733 b0 = gen_linktype(ETHERTYPE_DN);
1734 /* Check for pad = 1, long header case */
1735 tmp = gen_mcmp(base_off + 2, BPF_H,
1736 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF));
1737 b1 = gen_cmp(base_off + 2 + 1 + offset_lh,
1738 BPF_H, (bpf_int32)ntohs(addr));
1739 gen_and(tmp, b1);
1740 /* Check for pad = 0, long header case */
1741 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7);
1742 b2 = gen_cmp(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr));
1743 gen_and(tmp, b2);
1744 gen_or(b2, b1);
1745 /* Check for pad = 1, short header case */
1746 tmp = gen_mcmp(base_off + 2, BPF_H,
1747 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF));
1748 b2 = gen_cmp(base_off + 2 + 1 + offset_sh,
1749 BPF_H, (bpf_int32)ntohs(addr));
1750 gen_and(tmp, b2);
1751 gen_or(b2, b1);
1752 /* Check for pad = 0, short header case */
1753 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7);
1754 b2 = gen_cmp(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr));
1755 gen_and(tmp, b2);
1756 gen_or(b2, b1);
1757
1758 /* Combine with test for linktype */
1759 gen_and(b0, b1);
1760 return b1;
1761 }
1762
1763 static struct block *
1764 gen_host(addr, mask, proto, dir)
1765 bpf_u_int32 addr;
1766 bpf_u_int32 mask;
1767 int proto;
1768 int dir;
1769 {
1770 struct block *b0, *b1;
1771
1772 switch (proto) {
1773
1774 case Q_DEFAULT:
1775 b0 = gen_host(addr, mask, Q_IP, dir);
1776 if (off_linktype != -1) {
1777 b1 = gen_host(addr, mask, Q_ARP, dir);
1778 gen_or(b0, b1);
1779 b0 = gen_host(addr, mask, Q_RARP, dir);
1780 gen_or(b1, b0);
1781 }
1782 return b0;
1783
1784 case Q_IP:
1785 return gen_hostop(addr, mask, dir, ETHERTYPE_IP,
1786 off_nl + 12, off_nl + 16);
1787
1788 case Q_RARP:
1789 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP,
1790 off_nl + 14, off_nl + 24);
1791
1792 case Q_ARP:
1793 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP,
1794 off_nl + 14, off_nl + 24);
1795
1796 case Q_TCP:
1797 bpf_error("'tcp' modifier applied to host");
1798
1799 case Q_SCTP:
1800 bpf_error("'sctp' modifier applied to host");
1801
1802 case Q_UDP:
1803 bpf_error("'udp' modifier applied to host");
1804
1805 case Q_ICMP:
1806 bpf_error("'icmp' modifier applied to host");
1807
1808 case Q_IGMP:
1809 bpf_error("'igmp' modifier applied to host");
1810
1811 case Q_IGRP:
1812 bpf_error("'igrp' modifier applied to host");
1813
1814 case Q_PIM:
1815 bpf_error("'pim' modifier applied to host");
1816
1817 case Q_VRRP:
1818 bpf_error("'vrrp' modifier applied to host");
1819
1820 case Q_ATALK:
1821 bpf_error("ATALK host filtering not implemented");
1822
1823 case Q_AARP:
1824 bpf_error("AARP host filtering not implemented");
1825
1826 case Q_DECNET:
1827 return gen_dnhostop(addr, dir, off_nl);
1828
1829 case Q_SCA:
1830 bpf_error("SCA host filtering not implemented");
1831
1832 case Q_LAT:
1833 bpf_error("LAT host filtering not implemented");
1834
1835 case Q_MOPDL:
1836 bpf_error("MOPDL host filtering not implemented");
1837
1838 case Q_MOPRC:
1839 bpf_error("MOPRC host filtering not implemented");
1840
1841 #ifdef INET6
1842 case Q_IPV6:
1843 bpf_error("'ip6' modifier applied to ip host");
1844
1845 case Q_ICMPV6:
1846 bpf_error("'icmp6' modifier applied to host");
1847 #endif /* INET6 */
1848
1849 case Q_AH:
1850 bpf_error("'ah' modifier applied to host");
1851
1852 case Q_ESP:
1853 bpf_error("'esp' modifier applied to host");
1854
1855 case Q_ISO:
1856 bpf_error("ISO host filtering not implemented");
1857
1858 case Q_ESIS:
1859 bpf_error("'esis' modifier applied to host");
1860
1861 case Q_ISIS:
1862 bpf_error("'isis' modifier applied to host");
1863
1864 case Q_CLNP:
1865 bpf_error("'clnp' modifier applied to host");
1866
1867 case Q_STP:
1868 bpf_error("'stp' modifier applied to host");
1869
1870 case Q_IPX:
1871 bpf_error("IPX host filtering not implemented");
1872
1873 case Q_NETBEUI:
1874 bpf_error("'netbeui' modifier applied to host");
1875
1876 default:
1877 abort();
1878 }
1879 /* NOTREACHED */
1880 }
1881
1882 #ifdef INET6
1883 static struct block *
1884 gen_host6(addr, mask, proto, dir)
1885 struct in6_addr *addr;
1886 struct in6_addr *mask;
1887 int proto;
1888 int dir;
1889 {
1890 switch (proto) {
1891
1892 case Q_DEFAULT:
1893 return gen_host6(addr, mask, Q_IPV6, dir);
1894
1895 case Q_IP:
1896 bpf_error("'ip' modifier applied to ip6 host");
1897
1898 case Q_RARP:
1899 bpf_error("'rarp' modifier applied to ip6 host");
1900
1901 case Q_ARP:
1902 bpf_error("'arp' modifier applied to ip6 host");
1903
1904 case Q_SCTP:
1905 bpf_error("'sctp' modifier applied to host");
1906
1907 case Q_TCP:
1908 bpf_error("'tcp' modifier applied to host");
1909
1910 case Q_UDP:
1911 bpf_error("'udp' modifier applied to host");
1912
1913 case Q_ICMP:
1914 bpf_error("'icmp' modifier applied to host");
1915
1916 case Q_IGMP:
1917 bpf_error("'igmp' modifier applied to host");
1918
1919 case Q_IGRP:
1920 bpf_error("'igrp' modifier applied to host");
1921
1922 case Q_PIM:
1923 bpf_error("'pim' modifier applied to host");
1924
1925 case Q_VRRP:
1926 bpf_error("'vrrp' modifier applied to host");
1927
1928 case Q_ATALK:
1929 bpf_error("ATALK host filtering not implemented");
1930
1931 case Q_AARP:
1932 bpf_error("AARP host filtering not implemented");
1933
1934 case Q_DECNET:
1935 bpf_error("'decnet' modifier applied to ip6 host");
1936
1937 case Q_SCA:
1938 bpf_error("SCA host filtering not implemented");
1939
1940 case Q_LAT:
1941 bpf_error("LAT host filtering not implemented");
1942
1943 case Q_MOPDL:
1944 bpf_error("MOPDL host filtering not implemented");
1945
1946 case Q_MOPRC:
1947 bpf_error("MOPRC host filtering not implemented");
1948
1949 case Q_IPV6:
1950 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6,
1951 off_nl + 8, off_nl + 24);
1952
1953 case Q_ICMPV6:
1954 bpf_error("'icmp6' modifier applied to host");
1955
1956 case Q_AH:
1957 bpf_error("'ah' modifier applied to host");
1958
1959 case Q_ESP:
1960 bpf_error("'esp' modifier applied to host");
1961
1962 case Q_ISO:
1963 bpf_error("ISO host filtering not implemented");
1964
1965 case Q_ESIS:
1966 bpf_error("'esis' modifier applied to host");
1967
1968 case Q_ISIS:
1969 bpf_error("'isis' modifier applied to host");
1970
1971 case Q_CLNP:
1972 bpf_error("'clnp' modifier applied to host");
1973
1974 case Q_STP:
1975 bpf_error("'stp' modifier applied to host");
1976
1977 case Q_IPX:
1978 bpf_error("IPX host filtering not implemented");
1979
1980 case Q_NETBEUI:
1981 bpf_error("'netbeui' modifier applied to host");
1982
1983 default:
1984 abort();
1985 }
1986 /* NOTREACHED */
1987 }
1988 #endif /*INET6*/
1989
1990 #ifndef INET6
1991 static struct block *
1992 gen_gateway(eaddr, alist, proto, dir)
1993 const u_char *eaddr;
1994 bpf_u_int32 **alist;
1995 int proto;
1996 int dir;
1997 {
1998 struct block *b0, *b1, *tmp;
1999
2000 if (dir != 0)
2001 bpf_error("direction applied to 'gateway'");
2002
2003 switch (proto) {
2004 case Q_DEFAULT:
2005 case Q_IP:
2006 case Q_ARP:
2007 case Q_RARP:
2008 if (linktype == DLT_EN10MB)
2009 b0 = gen_ehostop(eaddr, Q_OR);
2010 else if (linktype == DLT_FDDI)
2011 b0 = gen_fhostop(eaddr, Q_OR);
2012 else if (linktype == DLT_IEEE802)
2013 b0 = gen_thostop(eaddr, Q_OR);
2014 else
2015 bpf_error(
2016 "'gateway' supported only on ethernet, FDDI or token ring");
2017
2018 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR);
2019 while (*alist) {
2020 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR);
2021 gen_or(b1, tmp);
2022 b1 = tmp;
2023 }
2024 gen_not(b1);
2025 gen_and(b0, b1);
2026 return b1;
2027 }
2028 bpf_error("illegal modifier of 'gateway'");
2029 /* NOTREACHED */
2030 }
2031 #endif
2032
2033 struct block *
2034 gen_proto_abbrev(proto)
2035 int proto;
2036 {
2037 #ifdef INET6
2038 struct block *b0;
2039 #endif
2040 struct block *b1;
2041
2042 switch (proto) {
2043
2044 case Q_SCTP:
2045 b1 = gen_proto(IPPROTO_SCTP, Q_IP, Q_DEFAULT);
2046 #ifdef INET6
2047 b0 = gen_proto(IPPROTO_SCTP, Q_IPV6, Q_DEFAULT);
2048 gen_or(b0, b1);
2049 #endif
2050 break;
2051
2052 case Q_TCP:
2053 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT);
2054 #ifdef INET6
2055 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT);
2056 gen_or(b0, b1);
2057 #endif
2058 break;
2059
2060 case Q_UDP:
2061 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT);
2062 #ifdef INET6
2063 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT);
2064 gen_or(b0, b1);
2065 #endif
2066 break;
2067
2068 case Q_ICMP:
2069 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT);
2070 break;
2071
2072 #ifndef IPPROTO_IGMP
2073 #define IPPROTO_IGMP 2
2074 #endif
2075
2076 case Q_IGMP:
2077 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT);
2078 break;
2079
2080 #ifndef IPPROTO_IGRP
2081 #define IPPROTO_IGRP 9
2082 #endif
2083 case Q_IGRP:
2084 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT);
2085 break;
2086
2087 #ifndef IPPROTO_PIM
2088 #define IPPROTO_PIM 103
2089 #endif
2090
2091 case Q_PIM:
2092 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT);
2093 #ifdef INET6
2094 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT);
2095 gen_or(b0, b1);
2096 #endif
2097 break;
2098
2099 #ifndef IPPROTO_VRRP
2100 #define IPPROTO_VRRP 112
2101 #endif
2102
2103 case Q_VRRP:
2104 b1 = gen_proto(IPPROTO_VRRP, Q_IP, Q_DEFAULT);
2105 break;
2106
2107 case Q_IP:
2108 b1 = gen_linktype(ETHERTYPE_IP);
2109 break;
2110
2111 case Q_ARP:
2112 b1 = gen_linktype(ETHERTYPE_ARP);
2113 break;
2114
2115 case Q_RARP:
2116 b1 = gen_linktype(ETHERTYPE_REVARP);
2117 break;
2118
2119 case Q_LINK:
2120 bpf_error("link layer applied in wrong context");
2121
2122 case Q_ATALK:
2123 b1 = gen_linktype(ETHERTYPE_ATALK);
2124 break;
2125
2126 case Q_AARP:
2127 b1 = gen_linktype(ETHERTYPE_AARP);
2128 break;
2129
2130 case Q_DECNET:
2131 b1 = gen_linktype(ETHERTYPE_DN);
2132 break;
2133
2134 case Q_SCA:
2135 b1 = gen_linktype(ETHERTYPE_SCA);
2136 break;
2137
2138 case Q_LAT:
2139 b1 = gen_linktype(ETHERTYPE_LAT);
2140 break;
2141
2142 case Q_MOPDL:
2143 b1 = gen_linktype(ETHERTYPE_MOPDL);
2144 break;
2145
2146 case Q_MOPRC:
2147 b1 = gen_linktype(ETHERTYPE_MOPRC);
2148 break;
2149
2150 #ifdef INET6
2151 case Q_IPV6:
2152 b1 = gen_linktype(ETHERTYPE_IPV6);
2153 break;
2154
2155 #ifndef IPPROTO_ICMPV6
2156 #define IPPROTO_ICMPV6 58
2157 #endif
2158 case Q_ICMPV6:
2159 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT);
2160 break;
2161 #endif /* INET6 */
2162
2163 #ifndef IPPROTO_AH
2164 #define IPPROTO_AH 51
2165 #endif
2166 case Q_AH:
2167 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT);
2168 #ifdef INET6
2169 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT);
2170 gen_or(b0, b1);
2171 #endif
2172 break;
2173
2174 #ifndef IPPROTO_ESP
2175 #define IPPROTO_ESP 50
2176 #endif
2177 case Q_ESP:
2178 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT);
2179 #ifdef INET6
2180 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT);
2181 gen_or(b0, b1);
2182 #endif
2183 break;
2184
2185 case Q_ISO:
2186 b1 = gen_linktype(LLCSAP_ISONS);
2187 break;
2188
2189 case Q_ESIS:
2190 b1 = gen_proto(ISO9542_ESIS, Q_ISO, Q_DEFAULT);
2191 break;
2192
2193 case Q_ISIS:
2194 b1 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT);
2195 break;
2196
2197 case Q_CLNP:
2198 b1 = gen_proto(ISO8473_CLNP, Q_ISO, Q_DEFAULT);
2199 break;
2200
2201 case Q_STP:
2202 b1 = gen_linktype(LLCSAP_8021D);
2203 break;
2204
2205 case Q_IPX:
2206 b1 = gen_linktype(LLCSAP_IPX);
2207 break;
2208
2209 case Q_NETBEUI:
2210 b1 = gen_linktype(LLCSAP_NETBEUI);
2211 break;
2212
2213 default:
2214 abort();
2215 }
2216 return b1;
2217 }
2218
2219 static struct block *
2220 gen_ipfrag()
2221 {
2222 struct slist *s;
2223 struct block *b;
2224
2225 /* not ip frag */
2226 s = new_stmt(BPF_LD|BPF_H|BPF_ABS);
2227 s->s.k = off_nl + 6;
2228 b = new_block(JMP(BPF_JSET));
2229 b->s.k = 0x1fff;
2230 b->stmts = s;
2231 gen_not(b);
2232
2233 return b;
2234 }
2235
2236 static struct block *
2237 gen_portatom(off, v)
2238 int off;
2239 bpf_int32 v;
2240 {
2241 struct slist *s;
2242 struct block *b;
2243
2244 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
2245 s->s.k = off_nl;
2246
2247 s->next = new_stmt(BPF_LD|BPF_IND|BPF_H);
2248 s->next->s.k = off_nl + off;
2249
2250 b = new_block(JMP(BPF_JEQ));
2251 b->stmts = s;
2252 b->s.k = v;
2253
2254 return b;
2255 }
2256
2257 #ifdef INET6
2258 static struct block *
2259 gen_portatom6(off, v)
2260 int off;
2261 bpf_int32 v;
2262 {
2263 return gen_cmp(off_nl + 40 + off, BPF_H, v);
2264 }
2265 #endif/*INET6*/
2266
2267 struct block *
2268 gen_portop(port, proto, dir)
2269 int port, proto, dir;
2270 {
2271 struct block *b0, *b1, *tmp;
2272
2273 /* ip proto 'proto' */
2274 tmp = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)proto);
2275 b0 = gen_ipfrag();
2276 gen_and(tmp, b0);
2277
2278 switch (dir) {
2279 case Q_SRC:
2280 b1 = gen_portatom(0, (bpf_int32)port);
2281 break;
2282
2283 case Q_DST:
2284 b1 = gen_portatom(2, (bpf_int32)port);
2285 break;
2286
2287 case Q_OR:
2288 case Q_DEFAULT:
2289 tmp = gen_portatom(0, (bpf_int32)port);
2290 b1 = gen_portatom(2, (bpf_int32)port);
2291 gen_or(tmp, b1);
2292 break;
2293
2294 case Q_AND:
2295 tmp = gen_portatom(0, (bpf_int32)port);
2296 b1 = gen_portatom(2, (bpf_int32)port);
2297 gen_and(tmp, b1);
2298 break;
2299
2300 default:
2301 abort();
2302 }
2303 gen_and(b0, b1);
2304
2305 return b1;
2306 }
2307
2308 static struct block *
2309 gen_port(port, ip_proto, dir)
2310 int port;
2311 int ip_proto;
2312 int dir;
2313 {
2314 struct block *b0, *b1, *tmp;
2315
2316 /* ether proto ip */
2317 b0 = gen_linktype(ETHERTYPE_IP);
2318
2319 switch (ip_proto) {
2320 case IPPROTO_UDP:
2321 case IPPROTO_TCP:
2322 case IPPROTO_SCTP:
2323 b1 = gen_portop(port, ip_proto, dir);
2324 break;
2325
2326 case PROTO_UNDEF:
2327 tmp = gen_portop(port, IPPROTO_TCP, dir);
2328 b1 = gen_portop(port, IPPROTO_UDP, dir);
2329 gen_or(tmp, b1);
2330 tmp = gen_portop(port, IPPROTO_SCTP, dir);
2331 gen_or(tmp, b1);
2332 break;
2333
2334 default:
2335 abort();
2336 }
2337 gen_and(b0, b1);
2338 return b1;
2339 }
2340
2341 #ifdef INET6
2342 struct block *
2343 gen_portop6(port, proto, dir)
2344 int port, proto, dir;
2345 {
2346 struct block *b0, *b1, *tmp;
2347
2348 /* ip proto 'proto' */
2349 b0 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)proto);
2350
2351 switch (dir) {
2352 case Q_SRC:
2353 b1 = gen_portatom6(0, (bpf_int32)port);
2354 break;
2355
2356 case Q_DST:
2357 b1 = gen_portatom6(2, (bpf_int32)port);
2358 break;
2359
2360 case Q_OR:
2361 case Q_DEFAULT:
2362 tmp = gen_portatom6(0, (bpf_int32)port);
2363 b1 = gen_portatom6(2, (bpf_int32)port);
2364 gen_or(tmp, b1);
2365 break;
2366
2367 case Q_AND:
2368 tmp = gen_portatom6(0, (bpf_int32)port);
2369 b1 = gen_portatom6(2, (bpf_int32)port);
2370 gen_and(tmp, b1);
2371 break;
2372
2373 default:
2374 abort();
2375 }
2376 gen_and(b0, b1);
2377
2378 return b1;
2379 }
2380
2381 static struct block *
2382 gen_port6(port, ip_proto, dir)
2383 int port;
2384 int ip_proto;
2385 int dir;
2386 {
2387 struct block *b0, *b1, *tmp;
2388
2389 /* ether proto ip */
2390 b0 = gen_linktype(ETHERTYPE_IPV6);
2391
2392 switch (ip_proto) {
2393 case IPPROTO_UDP:
2394 case IPPROTO_TCP:
2395 case IPPROTO_SCTP:
2396 b1 = gen_portop6(port, ip_proto, dir);
2397 break;
2398
2399 case PROTO_UNDEF:
2400 tmp = gen_portop6(port, IPPROTO_TCP, dir);
2401 b1 = gen_portop6(port, IPPROTO_UDP, dir);
2402 gen_or(tmp, b1);
2403 tmp = gen_portop6(port, IPPROTO_SCTP, dir);
2404 gen_or(tmp, b1);
2405 break;
2406
2407 default:
2408 abort();
2409 }
2410 gen_and(b0, b1);
2411 return b1;
2412 }
2413 #endif /* INET6 */
2414
2415 static int
2416 lookup_proto(name, proto)
2417 register const char *name;
2418 register int proto;
2419 {
2420 register int v;
2421
2422 switch (proto) {
2423
2424 case Q_DEFAULT:
2425 case Q_IP:
2426 case Q_IPV6:
2427 v = pcap_nametoproto(name);
2428 if (v == PROTO_UNDEF)
2429 bpf_error("unknown ip proto '%s'", name);
2430 break;
2431
2432 case Q_LINK:
2433 /* XXX should look up h/w protocol type based on linktype */
2434 v = pcap_nametoeproto(name);
2435 if (v == PROTO_UNDEF)
2436 bpf_error("unknown ether proto '%s'", name);
2437 break;
2438
2439 case Q_ISO:
2440 if (strcmp(name, "esis") == 0)
2441 v = ISO9542_ESIS;
2442 else if (strcmp(name, "isis") == 0)
2443 v = ISO10589_ISIS;
2444 else if (strcmp(name, "clnp") == 0)
2445 v = ISO8473_CLNP;
2446 else
2447 bpf_error("unknown osi proto '%s'", name);
2448 break;
2449
2450 default:
2451 v = PROTO_UNDEF;
2452 break;
2453 }
2454 return v;
2455 }
2456
2457 #if 0
2458 struct stmt *
2459 gen_joinsp(s, n)
2460 struct stmt **s;
2461 int n;
2462 {
2463 return NULL;
2464 }
2465 #endif
2466
2467 static struct block *
2468 gen_protochain(v, proto, dir)
2469 int v;
2470 int proto;
2471 int dir;
2472 {
2473 #ifdef NO_PROTOCHAIN
2474 return gen_proto(v, proto, dir);
2475 #else
2476 struct block *b0, *b;
2477 struct slist *s[100];
2478 int fix2, fix3, fix4, fix5;
2479 int ahcheck, again, end;
2480 int i, max;
2481 int reg2 = alloc_reg();
2482
2483 memset(s, 0, sizeof(s));
2484 fix2 = fix3 = fix4 = fix5 = 0;
2485
2486 switch (proto) {
2487 case Q_IP:
2488 case Q_IPV6:
2489 break;
2490 case Q_DEFAULT:
2491 b0 = gen_protochain(v, Q_IP, dir);
2492 b = gen_protochain(v, Q_IPV6, dir);
2493 gen_or(b0, b);
2494 return b;
2495 default:
2496 bpf_error("bad protocol applied for 'protochain'");
2497 /*NOTREACHED*/
2498 }
2499
2500 no_optimize = 1; /*this code is not compatible with optimzer yet */
2501
2502 /*
2503 * s[0] is a dummy entry to protect other BPF insn from damaged
2504 * by s[fix] = foo with uninitialized variable "fix". It is somewhat
2505 * hard to find interdependency made by jump table fixup.
2506 */
2507 i = 0;
2508 s[i] = new_stmt(0); /*dummy*/
2509 i++;
2510
2511 switch (proto) {
2512 case Q_IP:
2513 b0 = gen_linktype(ETHERTYPE_IP);
2514
2515 /* A = ip->ip_p */
2516 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
2517 s[i]->s.k = off_nl + 9;
2518 i++;
2519 /* X = ip->ip_hl << 2 */
2520 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
2521 s[i]->s.k = off_nl;
2522 i++;
2523 break;
2524 #ifdef INET6
2525 case Q_IPV6:
2526 b0 = gen_linktype(ETHERTYPE_IPV6);
2527
2528 /* A = ip6->ip_nxt */
2529 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
2530 s[i]->s.k = off_nl + 6;
2531 i++;
2532 /* X = sizeof(struct ip6_hdr) */
2533 s[i] = new_stmt(BPF_LDX|BPF_IMM);
2534 s[i]->s.k = 40;
2535 i++;
2536 break;
2537 #endif
2538 default:
2539 bpf_error("unsupported proto to gen_protochain");
2540 /*NOTREACHED*/
2541 }
2542
2543 /* again: if (A == v) goto end; else fall through; */
2544 again = i;
2545 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2546 s[i]->s.k = v;
2547 s[i]->s.jt = NULL; /*later*/
2548 s[i]->s.jf = NULL; /*update in next stmt*/
2549 fix5 = i;
2550 i++;
2551
2552 #ifndef IPPROTO_NONE
2553 #define IPPROTO_NONE 59
2554 #endif
2555 /* if (A == IPPROTO_NONE) goto end */
2556 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2557 s[i]->s.jt = NULL; /*later*/
2558 s[i]->s.jf = NULL; /*update in next stmt*/
2559 s[i]->s.k = IPPROTO_NONE;
2560 s[fix5]->s.jf = s[i];
2561 fix2 = i;
2562 i++;
2563
2564 #ifdef INET6
2565 if (proto == Q_IPV6) {
2566 int v6start, v6end, v6advance, j;
2567
2568 v6start = i;
2569 /* if (A == IPPROTO_HOPOPTS) goto v6advance */
2570 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2571 s[i]->s.jt = NULL; /*later*/
2572 s[i]->s.jf = NULL; /*update in next stmt*/
2573 s[i]->s.k = IPPROTO_HOPOPTS;
2574 s[fix2]->s.jf = s[i];
2575 i++;
2576 /* if (A == IPPROTO_DSTOPTS) goto v6advance */
2577 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2578 s[i]->s.jt = NULL; /*later*/
2579 s[i]->s.jf = NULL; /*update in next stmt*/
2580 s[i]->s.k = IPPROTO_DSTOPTS;
2581 i++;
2582 /* if (A == IPPROTO_ROUTING) goto v6advance */
2583 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2584 s[i]->s.jt = NULL; /*later*/
2585 s[i]->s.jf = NULL; /*update in next stmt*/
2586 s[i]->s.k = IPPROTO_ROUTING;
2587 i++;
2588 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */
2589 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2590 s[i]->s.jt = NULL; /*later*/
2591 s[i]->s.jf = NULL; /*later*/
2592 s[i]->s.k = IPPROTO_FRAGMENT;
2593 fix3 = i;
2594 v6end = i;
2595 i++;
2596
2597 /* v6advance: */
2598 v6advance = i;
2599
2600 /*
2601 * in short,
2602 * A = P[X];
2603 * X = X + (P[X + 1] + 1) * 8;
2604 */
2605 /* A = X */
2606 s[i] = new_stmt(BPF_MISC|BPF_TXA);
2607 i++;
2608 /* A = P[X + packet head] */
2609 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2610 s[i]->s.k = off_nl;
2611 i++;
2612 /* MEM[reg2] = A */
2613 s[i] = new_stmt(BPF_ST);
2614 s[i]->s.k = reg2;
2615 i++;
2616 /* A = X */
2617 s[i] = new_stmt(BPF_MISC|BPF_TXA);
2618 i++;
2619 /* A += 1 */
2620 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2621 s[i]->s.k = 1;
2622 i++;
2623 /* X = A */
2624 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2625 i++;
2626 /* A = P[X + packet head]; */
2627 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2628 s[i]->s.k = off_nl;
2629 i++;
2630 /* A += 1 */
2631 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2632 s[i]->s.k = 1;
2633 i++;
2634 /* A *= 8 */
2635 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
2636 s[i]->s.k = 8;
2637 i++;
2638 /* X = A; */
2639 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2640 i++;
2641 /* A = MEM[reg2] */
2642 s[i] = new_stmt(BPF_LD|BPF_MEM);
2643 s[i]->s.k = reg2;
2644 i++;
2645
2646 /* goto again; (must use BPF_JA for backward jump) */
2647 s[i] = new_stmt(BPF_JMP|BPF_JA);
2648 s[i]->s.k = again - i - 1;
2649 s[i - 1]->s.jf = s[i];
2650 i++;
2651
2652 /* fixup */
2653 for (j = v6start; j <= v6end; j++)
2654 s[j]->s.jt = s[v6advance];
2655 } else
2656 #endif
2657 {
2658 /* nop */
2659 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2660 s[i]->s.k = 0;
2661 s[fix2]->s.jf = s[i];
2662 i++;
2663 }
2664
2665 /* ahcheck: */
2666 ahcheck = i;
2667 /* if (A == IPPROTO_AH) then fall through; else goto end; */
2668 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2669 s[i]->s.jt = NULL; /*later*/
2670 s[i]->s.jf = NULL; /*later*/
2671 s[i]->s.k = IPPROTO_AH;
2672 if (fix3)
2673 s[fix3]->s.jf = s[ahcheck];
2674 fix4 = i;
2675 i++;
2676
2677 /*
2678 * in short,
2679 * A = P[X];
2680 * X = X + (P[X + 1] + 2) * 4;
2681 */
2682 /* A = X */
2683 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
2684 i++;
2685 /* A = P[X + packet head]; */
2686 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2687 s[i]->s.k = off_nl;
2688 i++;
2689 /* MEM[reg2] = A */
2690 s[i] = new_stmt(BPF_ST);
2691 s[i]->s.k = reg2;
2692 i++;
2693 /* A = X */
2694 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
2695 i++;
2696 /* A += 1 */
2697 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2698 s[i]->s.k = 1;
2699 i++;
2700 /* X = A */
2701 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2702 i++;
2703 /* A = P[X + packet head] */
2704 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2705 s[i]->s.k = off_nl;
2706 i++;
2707 /* A += 2 */
2708 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2709 s[i]->s.k = 2;
2710 i++;
2711 /* A *= 4 */
2712 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
2713 s[i]->s.k = 4;
2714 i++;
2715 /* X = A; */
2716 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2717 i++;
2718 /* A = MEM[reg2] */
2719 s[i] = new_stmt(BPF_LD|BPF_MEM);
2720 s[i]->s.k = reg2;
2721 i++;
2722
2723 /* goto again; (must use BPF_JA for backward jump) */
2724 s[i] = new_stmt(BPF_JMP|BPF_JA);
2725 s[i]->s.k = again - i - 1;
2726 i++;
2727
2728 /* end: nop */
2729 end = i;
2730 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2731 s[i]->s.k = 0;
2732 s[fix2]->s.jt = s[end];
2733 s[fix4]->s.jf = s[end];
2734 s[fix5]->s.jt = s[end];
2735 i++;
2736
2737 /*
2738 * make slist chain
2739 */
2740 max = i;
2741 for (i = 0; i < max - 1; i++)
2742 s[i]->next = s[i + 1];
2743 s[max - 1]->next = NULL;
2744
2745 /*
2746 * emit final check
2747 */
2748 b = new_block(JMP(BPF_JEQ));
2749 b->stmts = s[1]; /*remember, s[0] is dummy*/
2750 b->s.k = v;
2751
2752 free_reg(reg2);
2753
2754 gen_and(b0, b);
2755 return b;
2756 #endif
2757 }
2758
2759 static struct block *
2760 gen_proto(v, proto, dir)
2761 int v;
2762 int proto;
2763 int dir;
2764 {
2765 struct block *b0, *b1;
2766
2767 if (dir != Q_DEFAULT)
2768 bpf_error("direction applied to 'proto'");
2769
2770 switch (proto) {
2771 case Q_DEFAULT:
2772 #ifdef INET6
2773 b0 = gen_proto(v, Q_IP, dir);
2774 b1 = gen_proto(v, Q_IPV6, dir);
2775 gen_or(b0, b1);
2776 return b1;
2777 #else
2778 /*FALLTHROUGH*/
2779 #endif
2780 case Q_IP:
2781 b0 = gen_linktype(ETHERTYPE_IP);
2782 #ifndef CHASE_CHAIN
2783 b1 = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)v);
2784 #else
2785 b1 = gen_protochain(v, Q_IP);
2786 #endif
2787 gen_and(b0, b1);
2788 return b1;
2789
2790 case Q_ISO:
2791 b0 = gen_linktype(LLCSAP_ISONS);
2792 b1 = gen_cmp(off_nl + 3, BPF_B, (long)v);
2793 gen_and(b0, b1);
2794 return b1;
2795
2796 case Q_ARP:
2797 bpf_error("arp does not encapsulate another protocol");
2798 /* NOTREACHED */
2799
2800 case Q_RARP:
2801 bpf_error("rarp does not encapsulate another protocol");
2802 /* NOTREACHED */
2803
2804 case Q_ATALK:
2805 bpf_error("atalk encapsulation is not specifiable");
2806 /* NOTREACHED */
2807
2808 case Q_DECNET:
2809 bpf_error("decnet encapsulation is not specifiable");
2810 /* NOTREACHED */
2811
2812 case Q_SCA:
2813 bpf_error("sca does not encapsulate another protocol");
2814 /* NOTREACHED */
2815
2816 case Q_LAT:
2817 bpf_error("lat does not encapsulate another protocol");
2818 /* NOTREACHED */
2819
2820 case Q_MOPRC:
2821 bpf_error("moprc does not encapsulate another protocol");
2822 /* NOTREACHED */
2823
2824 case Q_MOPDL:
2825 bpf_error("mopdl does not encapsulate another protocol");
2826 /* NOTREACHED */
2827
2828 case Q_LINK:
2829 return gen_linktype(v);
2830
2831 case Q_UDP:
2832 bpf_error("'udp proto' is bogus");
2833 /* NOTREACHED */
2834
2835 case Q_TCP:
2836 bpf_error("'tcp proto' is bogus");
2837 /* NOTREACHED */
2838
2839 case Q_SCTP:
2840 bpf_error("'sctp proto' is bogus");
2841 /* NOTREACHED */
2842
2843 case Q_ICMP:
2844 bpf_error("'icmp proto' is bogus");
2845 /* NOTREACHED */
2846
2847 case Q_IGMP:
2848 bpf_error("'igmp proto' is bogus");
2849 /* NOTREACHED */
2850
2851 case Q_IGRP:
2852 bpf_error("'igrp proto' is bogus");
2853 /* NOTREACHED */
2854
2855 case Q_PIM:
2856 bpf_error("'pim proto' is bogus");
2857 /* NOTREACHED */
2858
2859 case Q_VRRP:
2860 bpf_error("'vrrp proto' is bogus");
2861 /* NOTREACHED */
2862
2863 #ifdef INET6
2864 case Q_IPV6:
2865 b0 = gen_linktype(ETHERTYPE_IPV6);
2866 #ifndef CHASE_CHAIN
2867 b1 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)v);
2868 #else
2869 b1 = gen_protochain(v, Q_IPV6);
2870 #endif
2871 gen_and(b0, b1);
2872 return b1;
2873
2874 case Q_ICMPV6:
2875 bpf_error("'icmp6 proto' is bogus");
2876 #endif /* INET6 */
2877
2878 case Q_AH:
2879 bpf_error("'ah proto' is bogus");
2880
2881 case Q_ESP:
2882 bpf_error("'ah proto' is bogus");
2883
2884 case Q_STP:
2885 bpf_error("'stp proto' is bogus");
2886
2887 case Q_IPX:
2888 bpf_error("'ipx proto' is bogus");
2889
2890 case Q_NETBEUI:
2891 bpf_error("'netbeui proto' is bogus");
2892
2893 default:
2894 abort();
2895 /* NOTREACHED */
2896 }
2897 /* NOTREACHED */
2898 }
2899
2900 struct block *
2901 gen_scode(name, q)
2902 register const char *name;
2903 struct qual q;
2904 {
2905 int proto = q.proto;
2906 int dir = q.dir;
2907 int tproto;
2908 u_char *eaddr;
2909 bpf_u_int32 mask, addr;
2910 #ifndef INET6
2911 bpf_u_int32 **alist;
2912 #else
2913 int tproto6;
2914 struct sockaddr_in *sin;
2915 struct sockaddr_in6 *sin6;
2916 struct addrinfo *res, *res0;
2917 struct in6_addr mask128;
2918 #endif /*INET6*/
2919 struct block *b, *tmp;
2920 int port, real_proto;
2921
2922 switch (q.addr) {
2923
2924 case Q_NET:
2925 addr = pcap_nametonetaddr(name);
2926 if (addr == 0)
2927 bpf_error("unknown network '%s'", name);
2928 /* Left justify network addr and calculate its network mask */
2929 mask = 0xffffffff;
2930 while (addr && (addr & 0xff000000) == 0) {
2931 addr <<= 8;
2932 mask <<= 8;
2933 }
2934 return gen_host(addr, mask, proto, dir);
2935
2936 case Q_DEFAULT:
2937 case Q_HOST:
2938 if (proto == Q_LINK) {
2939 switch (linktype) {
2940
2941 case DLT_EN10MB:
2942 eaddr = pcap_ether_hostton(name);
2943 if (eaddr == NULL)
2944 bpf_error(
2945 "unknown ether host '%s'", name);
2946 b = gen_ehostop(eaddr, dir);
2947 free(eaddr);
2948 return b;
2949
2950 case DLT_FDDI:
2951 eaddr = pcap_ether_hostton(name);
2952 if (eaddr == NULL)
2953 bpf_error(
2954 "unknown FDDI host '%s'", name);
2955 b = gen_fhostop(eaddr, dir);
2956 free(eaddr);
2957 return b;
2958
2959 case DLT_IEEE802:
2960 eaddr = pcap_ether_hostton(name);
2961 if (eaddr == NULL)
2962 bpf_error(
2963 "unknown token ring host '%s'", name);
2964 b = gen_thostop(eaddr, dir);
2965 free(eaddr);
2966 return b;
2967
2968 default:
2969 bpf_error(
2970 "only ethernet/FDDI/token ring supports link-level host name");
2971 break;
2972 }
2973 } else if (proto == Q_DECNET) {
2974 unsigned short dn_addr = __pcap_nametodnaddr(name);
2975 /*
2976 * I don't think DECNET hosts can be multihomed, so
2977 * there is no need to build up a list of addresses
2978 */
2979 return (gen_host(dn_addr, 0, proto, dir));
2980 } else {
2981 #ifndef INET6
2982 alist = pcap_nametoaddr(name);
2983 if (alist == NULL || *alist == NULL)
2984 bpf_error("unknown host '%s'", name);
2985 tproto = proto;
2986 if (off_linktype == -1 && tproto == Q_DEFAULT)
2987 tproto = Q_IP;
2988 b = gen_host(**alist++, 0xffffffff, tproto, dir);
2989 while (*alist) {
2990 tmp = gen_host(**alist++, 0xffffffff,
2991 tproto, dir);
2992 gen_or(b, tmp);
2993 b = tmp;
2994 }
2995 return b;
2996 #else
2997 memset(&mask128, 0xff, sizeof(mask128));
2998 res0 = res = pcap_nametoaddrinfo(name);
2999 if (res == NULL)
3000 bpf_error("unknown host '%s'", name);
3001 b = tmp = NULL;
3002 tproto = tproto6 = proto;
3003 if (off_linktype == -1 && tproto == Q_DEFAULT) {
3004 tproto = Q_IP;
3005 tproto6 = Q_IPV6;
3006 }
3007 for (res = res0; res; res = res->ai_next) {
3008 switch (res->ai_family) {
3009 case AF_INET:
3010 if (tproto == Q_IPV6)
3011 continue;
3012
3013 sin = (struct sockaddr_in *)
3014 res->ai_addr;
3015 tmp = gen_host(ntohl(sin->sin_addr.s_addr),
3016 0xffffffff, tproto, dir);
3017 break;
3018 case AF_INET6:
3019 if (tproto6 == Q_IP)
3020 continue;
3021
3022 sin6 = (struct sockaddr_in6 *)
3023 res->ai_addr;
3024 tmp = gen_host6(&sin6->sin6_addr,
3025 &mask128, tproto6, dir);
3026 break;
3027 default:
3028 continue;
3029 }
3030 if (b)
3031 gen_or(b, tmp);
3032 b = tmp;
3033 }
3034 freeaddrinfo(res0);
3035 if (b == NULL) {
3036 bpf_error("unknown host '%s'%s", name,
3037 (proto == Q_DEFAULT)
3038 ? ""
3039 : " for specified address family");
3040 }
3041 return b;
3042 #endif /*INET6*/
3043 }
3044
3045 case Q_PORT:
3046 if (proto != Q_DEFAULT &&
3047 proto != Q_UDP && proto != Q_TCP && proto != Q_SCTP)
3048 bpf_error("illegal qualifier of 'port'");
3049 if (pcap_nametoport(name, &port, &real_proto) == 0)
3050 bpf_error("unknown port '%s'", name);
3051 if (proto == Q_UDP) {
3052 if (real_proto == IPPROTO_TCP)
3053 bpf_error("port '%s' is tcp", name);
3054 else if (real_proto == IPPROTO_SCTP)
3055 bpf_error("port '%s' is sctp", name);
3056 else
3057 /* override PROTO_UNDEF */
3058 real_proto = IPPROTO_UDP;
3059 }
3060 if (proto == Q_TCP) {
3061 if (real_proto == IPPROTO_UDP)
3062 bpf_error("port '%s' is udp", name);
3063
3064 else if (real_proto == IPPROTO_SCTP)
3065 bpf_error("port '%s' is sctp", name);
3066 else
3067 /* override PROTO_UNDEF */
3068 real_proto = IPPROTO_TCP;
3069 }
3070 if (proto == Q_SCTP) {
3071 if (real_proto == IPPROTO_UDP)
3072 bpf_error("port '%s' is udp", name);
3073
3074 else if (real_proto == IPPROTO_TCP)
3075 bpf_error("port '%s' is tcp", name);
3076 else
3077 /* override PROTO_UNDEF */
3078 real_proto = IPPROTO_SCTP;
3079 }
3080 #ifndef INET6
3081 return gen_port(port, real_proto, dir);
3082 #else
3083 {
3084 struct block *b;
3085 b = gen_port(port, real_proto, dir);
3086 gen_or(gen_port6(port, real_proto, dir), b);
3087 return b;
3088 }
3089 #endif /* INET6 */
3090
3091 case Q_GATEWAY:
3092 #ifndef INET6
3093 eaddr = pcap_ether_hostton(name);
3094 if (eaddr == NULL)
3095 bpf_error("unknown ether host: %s", name);
3096
3097 alist = pcap_nametoaddr(name);
3098 if (alist == NULL || *alist == NULL)
3099 bpf_error("unknown host '%s'", name);
3100 b = gen_gateway(eaddr, alist, proto, dir);
3101 free(eaddr);
3102 return b;
3103 #else
3104 bpf_error("'gateway' not supported in this configuration");
3105 #endif /*INET6*/
3106
3107 case Q_PROTO:
3108 real_proto = lookup_proto(name, proto);
3109 if (real_proto >= 0)
3110 return gen_proto(real_proto, proto, dir);
3111 else
3112 bpf_error("unknown protocol: %s", name);
3113
3114 case Q_PROTOCHAIN:
3115 real_proto = lookup_proto(name, proto);
3116 if (real_proto >= 0)
3117 return gen_protochain(real_proto, proto, dir);
3118 else
3119 bpf_error("unknown protocol: %s", name);
3120
3121
3122 case Q_UNDEF:
3123 syntax();
3124 /* NOTREACHED */
3125 }
3126 abort();
3127 /* NOTREACHED */
3128 }
3129
3130 struct block *
3131 gen_mcode(s1, s2, masklen, q)
3132 register const char *s1, *s2;
3133 register int masklen;
3134 struct qual q;
3135 {
3136 register int nlen, mlen;
3137 bpf_u_int32 n, m;
3138
3139 nlen = __pcap_atoin(s1, &n);
3140 /* Promote short ipaddr */
3141 n <<= 32 - nlen;
3142
3143 if (s2 != NULL) {
3144 mlen = __pcap_atoin(s2, &m);
3145 /* Promote short ipaddr */
3146 m <<= 32 - mlen;
3147 if ((n & ~m) != 0)
3148 bpf_error("non-network bits set in \"%s mask %s\"",
3149 s1, s2);
3150 } else {
3151 /* Convert mask len to mask */
3152 if (masklen > 32)
3153 bpf_error("mask length must be <= 32");
3154 m = 0xffffffff << (32 - masklen);
3155 if ((n & ~m) != 0)
3156 bpf_error("non-network bits set in \"%s/%d\"",
3157 s1, masklen);
3158 }
3159
3160 switch (q.addr) {
3161
3162 case Q_NET:
3163 return gen_host(n, m, q.proto, q.dir);
3164
3165 default:
3166 bpf_error("Mask syntax for networks only");
3167 /* NOTREACHED */
3168 }
3169 }
3170
3171 struct block *
3172 gen_ncode(s, v, q)
3173 register const char *s;
3174 bpf_u_int32 v;
3175 struct qual q;
3176 {
3177 bpf_u_int32 mask;
3178 int proto = q.proto;
3179 int dir = q.dir;
3180 register int vlen;
3181
3182 if (s == NULL)
3183 vlen = 32;
3184 else if (q.proto == Q_DECNET)
3185 vlen = __pcap_atodn(s, &v);
3186 else
3187 vlen = __pcap_atoin(s, &v);
3188
3189 switch (q.addr) {
3190
3191 case Q_DEFAULT:
3192 case Q_HOST:
3193 case Q_NET:
3194 if (proto == Q_DECNET)
3195 return gen_host(v, 0, proto, dir);
3196 else if (proto == Q_LINK) {
3197 bpf_error("illegal link layer address");
3198 } else {
3199 mask = 0xffffffff;
3200 if (s == NULL && q.addr == Q_NET) {
3201 /* Promote short net number */
3202 while (v && (v & 0xff000000) == 0) {
3203 v <<= 8;
3204 mask <<= 8;
3205 }
3206 } else {
3207 /* Promote short ipaddr */
3208 v <<= 32 - vlen;
3209 mask <<= 32 - vlen;
3210 }
3211 return gen_host(v, mask, proto, dir);
3212 }
3213
3214 case Q_PORT:
3215 if (proto == Q_UDP)
3216 proto = IPPROTO_UDP;
3217 else if (proto == Q_TCP)
3218 proto = IPPROTO_TCP;
3219 else if (proto == Q_SCTP)
3220 proto = IPPROTO_SCTP;
3221 else if (proto == Q_DEFAULT)
3222 proto = PROTO_UNDEF;
3223 else
3224 bpf_error("illegal qualifier of 'port'");
3225
3226 #ifndef INET6
3227 return gen_port((int)v, proto, dir);
3228 #else
3229 {
3230 struct block *b;
3231 b = gen_port((int)v, proto, dir);
3232 gen_or(gen_port6((int)v, proto, dir), b);
3233 return b;
3234 }
3235 #endif /* INET6 */
3236
3237 case Q_GATEWAY:
3238 bpf_error("'gateway' requires a name");
3239 /* NOTREACHED */
3240
3241 case Q_PROTO:
3242 return gen_proto((int)v, proto, dir);
3243
3244 case Q_PROTOCHAIN:
3245 return gen_protochain((int)v, proto, dir);
3246
3247 case Q_UNDEF:
3248 syntax();
3249 /* NOTREACHED */
3250
3251 default:
3252 abort();
3253 /* NOTREACHED */
3254 }
3255 /* NOTREACHED */
3256 }
3257
3258 #ifdef INET6
3259 struct block *
3260 gen_mcode6(s1, s2, masklen, q)
3261 register const char *s1, *s2;
3262 register int masklen;
3263 struct qual q;
3264 {
3265 struct addrinfo *res;
3266 struct in6_addr *addr;
3267 struct in6_addr mask;
3268 struct block *b;
3269 u_int32_t *a, *m;
3270
3271 if (s2)
3272 bpf_error("no mask %s supported", s2);
3273
3274 res = pcap_nametoaddrinfo(s1);
3275 if (!res)
3276 bpf_error("invalid ip6 address %s", s1);
3277 if (res->ai_next)
3278 bpf_error("%s resolved to multiple address", s1);
3279 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr;
3280
3281 if (sizeof(mask) * 8 < masklen)
3282 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8));
3283 memset(&mask, 0, sizeof(mask));
3284 memset(&mask, 0xff, masklen / 8);
3285 if (masklen % 8) {
3286 mask.s6_addr[masklen / 8] =
3287 (0xff << (8 - masklen % 8)) & 0xff;
3288 }
3289
3290 a = (u_int32_t *)addr;
3291 m = (u_int32_t *)&mask;
3292 if ((a[0] & ~m[0]) || (a[1] & ~m[1])
3293 || (a[2] & ~m[2]) || (a[3] & ~m[3])) {
3294 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen);
3295 }
3296
3297 switch (q.addr) {
3298
3299 case Q_DEFAULT:
3300 case Q_HOST:
3301 if (masklen != 128)
3302 bpf_error("Mask syntax for networks only");
3303 /* FALLTHROUGH */
3304
3305 case Q_NET:
3306 b = gen_host6(addr, &mask, q.proto, q.dir);
3307 freeaddrinfo(res);
3308 return b;
3309
3310 default:
3311 bpf_error("invalid qualifier against IPv6 address");
3312 /* NOTREACHED */
3313 }
3314 }
3315 #endif /*INET6*/
3316
3317 struct block *
3318 gen_ecode(eaddr, q)
3319 register const u_char *eaddr;
3320 struct qual q;
3321 {
3322 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
3323 if (linktype == DLT_EN10MB)
3324 return gen_ehostop(eaddr, (int)q.dir);
3325 if (linktype == DLT_FDDI)
3326 return gen_fhostop(eaddr, (int)q.dir);
3327 if (linktype == DLT_IEEE802)
3328 return gen_thostop(eaddr, (int)q.dir);
3329 bpf_error("ethernet addresses supported only on ethernet, FDDI or token ring");
3330 }
3331 bpf_error("ethernet address used in non-ether expression");
3332 /* NOTREACHED */
3333 }
3334
3335 void
3336 sappend(s0, s1)
3337 struct slist *s0, *s1;
3338 {
3339 /*
3340 * This is definitely not the best way to do this, but the
3341 * lists will rarely get long.
3342 */
3343 while (s0->next)
3344 s0 = s0->next;
3345 s0->next = s1;
3346 }
3347
3348 static struct slist *
3349 xfer_to_x(a)
3350 struct arth *a;
3351 {
3352 struct slist *s;
3353
3354 s = new_stmt(BPF_LDX|BPF_MEM);
3355 s->s.k = a->regno;
3356 return s;
3357 }
3358
3359 static struct slist *
3360 xfer_to_a(a)
3361 struct arth *a;
3362 {
3363 struct slist *s;
3364
3365 s = new_stmt(BPF_LD|BPF_MEM);
3366 s->s.k = a->regno;
3367 return s;
3368 }
3369
3370 struct arth *
3371 gen_load(proto, index, size)
3372 int proto;
3373 struct arth *index;
3374 int size;
3375 {
3376 struct slist *s, *tmp;
3377 struct block *b;
3378 int regno = alloc_reg();
3379
3380 free_reg(index->regno);
3381 switch (size) {
3382
3383 default:
3384 bpf_error("data size must be 1, 2, or 4");
3385
3386 case 1:
3387 size = BPF_B;
3388 break;
3389
3390 case 2:
3391 size = BPF_H;
3392 break;
3393
3394 case 4:
3395 size = BPF_W;
3396 break;
3397 }
3398 switch (proto) {
3399 default:
3400 bpf_error("unsupported index operation");
3401
3402 case Q_LINK:
3403 s = xfer_to_x(index);
3404 tmp = new_stmt(BPF_LD|BPF_IND|size);
3405 sappend(s, tmp);
3406 sappend(index->s, s);
3407 break;
3408
3409 case Q_IP:
3410 case Q_ARP:
3411 case Q_RARP:
3412 case Q_ATALK:
3413 case Q_DECNET:
3414 case Q_SCA:
3415 case Q_LAT:
3416 case Q_MOPRC:
3417 case Q_MOPDL:
3418 #ifdef INET6
3419 case Q_IPV6:
3420 #endif
3421 /* XXX Note that we assume a fixed link header here. */
3422 s = xfer_to_x(index);
3423 tmp = new_stmt(BPF_LD|BPF_IND|size);
3424 tmp->s.k = off_nl;
3425 sappend(s, tmp);
3426 sappend(index->s, s);
3427
3428 b = gen_proto_abbrev(proto);
3429 if (index->b)
3430 gen_and(index->b, b);
3431 index->b = b;
3432 break;
3433
3434 case Q_SCTP:
3435 case Q_TCP:
3436 case Q_UDP:
3437 case Q_ICMP:
3438 case Q_IGMP:
3439 case Q_IGRP:
3440 case Q_PIM:
3441 case Q_VRRP:
3442 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
3443 s->s.k = off_nl;
3444 sappend(s, xfer_to_a(index));
3445 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X));
3446 sappend(s, new_stmt(BPF_MISC|BPF_TAX));
3447 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size));
3448 tmp->s.k = off_nl;
3449 sappend(index->s, s);
3450
3451 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag());
3452 if (index->b)
3453 gen_and(index->b, b);
3454 #ifdef INET6
3455 gen_and(gen_proto_abbrev(Q_IP), b);
3456 #endif
3457 index->b = b;
3458 break;
3459 #ifdef INET6
3460 case Q_ICMPV6:
3461 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]");
3462 /*NOTREACHED*/
3463 #endif
3464 }
3465 index->regno = regno;
3466 s = new_stmt(BPF_ST);
3467 s->s.k = regno;
3468 sappend(index->s, s);
3469
3470 return index;
3471 }
3472
3473 struct block *
3474 gen_relation(code, a0, a1, reversed)
3475 int code;
3476 struct arth *a0, *a1;
3477 int reversed;
3478 {
3479 struct slist *s0, *s1, *s2;
3480 struct block *b, *tmp;
3481
3482 s0 = xfer_to_x(a1);
3483 s1 = xfer_to_a(a0);
3484 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X);
3485 b = new_block(JMP(code));
3486 if (code == BPF_JGT || code == BPF_JGE) {
3487 reversed = !reversed;
3488 b->s.k = 0x80000000;
3489 }
3490 if (reversed)
3491 gen_not(b);
3492
3493 sappend(s1, s2);
3494 sappend(s0, s1);
3495 sappend(a1->s, s0);
3496 sappend(a0->s, a1->s);
3497
3498 b->stmts = a0->s;
3499
3500 free_reg(a0->regno);
3501 free_reg(a1->regno);
3502
3503 /* 'and' together protocol checks */
3504 if (a0->b) {
3505 if (a1->b) {
3506 gen_and(a0->b, tmp = a1->b);
3507 }
3508 else
3509 tmp = a0->b;
3510 } else
3511 tmp = a1->b;
3512
3513 if (tmp)
3514 gen_and(tmp, b);
3515
3516 return b;
3517 }
3518
3519 struct arth *
3520 gen_loadlen()
3521 {
3522 int regno = alloc_reg();
3523 struct arth *a = (struct arth *)newchunk(sizeof(*a));
3524 struct slist *s;
3525
3526 s = new_stmt(BPF_LD|BPF_LEN);
3527 s->next = new_stmt(BPF_ST);
3528 s->next->s.k = regno;
3529 a->s = s;
3530 a->regno = regno;
3531
3532 return a;
3533 }
3534
3535 struct arth *
3536 gen_loadi(val)
3537 int val;
3538 {
3539 struct arth *a;
3540 struct slist *s;
3541 int reg;
3542
3543 a = (struct arth *)newchunk(sizeof(*a));
3544
3545 reg = alloc_reg();
3546
3547 s = new_stmt(BPF_LD|BPF_IMM);
3548 s->s.k = val;
3549 s->next = new_stmt(BPF_ST);
3550 s->next->s.k = reg;
3551 a->s = s;
3552 a->regno = reg;
3553
3554 return a;
3555 }
3556
3557 struct arth *
3558 gen_neg(a)
3559 struct arth *a;
3560 {
3561 struct slist *s;
3562
3563 s = xfer_to_a(a);
3564 sappend(a->s, s);
3565 s = new_stmt(BPF_ALU|BPF_NEG);
3566 s->s.k = 0;
3567 sappend(a->s, s);
3568 s = new_stmt(BPF_ST);
3569 s->s.k = a->regno;
3570 sappend(a->s, s);
3571
3572 return a;
3573 }
3574
3575 struct arth *
3576 gen_arth(code, a0, a1)
3577 int code;
3578 struct arth *a0, *a1;
3579 {
3580 struct slist *s0, *s1, *s2;
3581
3582 s0 = xfer_to_x(a1);
3583 s1 = xfer_to_a(a0);
3584 s2 = new_stmt(BPF_ALU|BPF_X|code);
3585
3586 sappend(s1, s2);
3587 sappend(s0, s1);
3588 sappend(a1->s, s0);
3589 sappend(a0->s, a1->s);
3590
3591 free_reg(a1->regno);
3592
3593 s0 = new_stmt(BPF_ST);
3594 a0->regno = s0->s.k = alloc_reg();
3595 sappend(a0->s, s0);
3596
3597 return a0;
3598 }
3599
3600 /*
3601 * Here we handle simple allocation of the scratch registers.
3602 * If too many registers are alloc'd, the allocator punts.
3603 */
3604 static int regused[BPF_MEMWORDS];
3605 static int curreg;
3606
3607 /*
3608 * Return the next free register.
3609 */
3610 static int
3611 alloc_reg()
3612 {
3613 int n = BPF_MEMWORDS;
3614
3615 while (--n >= 0) {
3616 if (regused[curreg])
3617 curreg = (curreg + 1) % BPF_MEMWORDS;
3618 else {
3619 regused[curreg] = 1;
3620 return curreg;
3621 }
3622 }
3623 bpf_error("too many registers needed to evaluate expression");
3624 /* NOTREACHED */
3625 }
3626
3627 /*
3628 * Return a register to the table so it can
3629 * be used later.
3630 */
3631 static void
3632 free_reg(n)
3633 int n;
3634 {
3635 regused[n] = 0;
3636 }
3637
3638 static struct block *
3639 gen_len(jmp, n)
3640 int jmp, n;
3641 {
3642 struct slist *s;
3643 struct block *b;
3644
3645 s = new_stmt(BPF_LD|BPF_LEN);
3646 b = new_block(JMP(jmp));
3647 b->stmts = s;
3648 b->s.k = n;
3649
3650 return b;
3651 }
3652
3653 struct block *
3654 gen_greater(n)
3655 int n;
3656 {
3657 return gen_len(BPF_JGE, n);
3658 }
3659
3660 /*
3661 * Actually, this is less than or equal.
3662 */
3663 struct block *
3664 gen_less(n)
3665 int n;
3666 {
3667 struct block *b;
3668
3669 b = gen_len(BPF_JGT, n);
3670 gen_not(b);
3671
3672 return b;
3673 }
3674
3675 struct block *
3676 gen_byteop(op, idx, val)
3677 int op, idx, val;
3678 {
3679 struct block *b;
3680 struct slist *s;
3681
3682 switch (op) {
3683 default:
3684 abort();
3685
3686 case '=':
3687 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
3688
3689 case '<':
3690 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
3691 b->s.code = JMP(BPF_JGE);
3692 gen_not(b);
3693 return b;
3694
3695 case '>':
3696 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
3697 b->s.code = JMP(BPF_JGT);
3698 return b;
3699
3700 case '|':
3701 s = new_stmt(BPF_ALU|BPF_OR|BPF_K);
3702 break;
3703
3704 case '&':
3705 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
3706 break;
3707 }
3708 s->s.k = val;
3709 b = new_block(JMP(BPF_JEQ));
3710 b->stmts = s;
3711 gen_not(b);
3712
3713 return b;
3714 }
3715
3716 static u_char abroadcast[] = { 0x0 };
3717
3718 struct block *
3719 gen_broadcast(proto)
3720 int proto;
3721 {
3722 bpf_u_int32 hostmask;
3723 struct block *b0, *b1, *b2;
3724 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
3725
3726 switch (proto) {
3727
3728 case Q_DEFAULT:
3729 case Q_LINK:
3730 if (linktype == DLT_ARCNET)
3731 return gen_ahostop(abroadcast, Q_DST);
3732 if (linktype == DLT_EN10MB)
3733 return gen_ehostop(ebroadcast, Q_DST);
3734 if (linktype == DLT_FDDI)
3735 return gen_fhostop(ebroadcast, Q_DST);
3736 if (linktype == DLT_IEEE802)
3737 return gen_thostop(ebroadcast, Q_DST);
3738 bpf_error("not a broadcast link");
3739 break;
3740
3741 case Q_IP:
3742 b0 = gen_linktype(ETHERTYPE_IP);
3743 hostmask = ~netmask;
3744 b1 = gen_mcmp(off_nl + 16, BPF_W, (bpf_int32)0, hostmask);
3745 b2 = gen_mcmp(off_nl + 16, BPF_W,
3746 (bpf_int32)(~0 & hostmask), hostmask);
3747 gen_or(b1, b2);
3748 gen_and(b0, b2);
3749 return b2;
3750 }
3751 bpf_error("only ether/ip broadcast filters supported");
3752 }
3753
3754 struct block *
3755 gen_multicast(proto)
3756 int proto;
3757 {
3758 register struct block *b0, *b1;
3759 register struct slist *s;
3760
3761 switch (proto) {
3762
3763 case Q_DEFAULT:
3764 case Q_LINK:
3765 if (linktype == DLT_ARCNET)
3766 /* all ARCnet multicasts use the same address */
3767 return gen_ahostop(abroadcast, Q_DST);
3768
3769 if (linktype == DLT_EN10MB) {
3770 /* ether[0] & 1 != 0 */
3771 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
3772 s->s.k = 0;
3773 b0 = new_block(JMP(BPF_JSET));
3774 b0->s.k = 1;
3775 b0->stmts = s;
3776 return b0;
3777 }
3778
3779 if (linktype == DLT_FDDI) {
3780 /* XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX */
3781 /* fddi[1] & 1 != 0 */
3782 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
3783 s->s.k = 1;
3784 b0 = new_block(JMP(BPF_JSET));
3785 b0->s.k = 1;
3786 b0->stmts = s;
3787 return b0;
3788 }
3789
3790 /* TODO - check how token ring handles multicast */
3791 /* if (linktype == DLT_IEEE802) ... */
3792
3793 /* Link not known to support multicasts */
3794 break;
3795
3796 case Q_IP:
3797 b0 = gen_linktype(ETHERTYPE_IP);
3798 b1 = gen_cmp(off_nl + 16, BPF_B, (bpf_int32)224);
3799 b1->s.code = JMP(BPF_JGE);
3800 gen_and(b0, b1);
3801 return b1;
3802
3803 #ifdef INET6
3804 case Q_IPV6:
3805 b0 = gen_linktype(ETHERTYPE_IPV6);
3806 b1 = gen_cmp(off_nl + 24, BPF_B, (bpf_int32)255);
3807 gen_and(b0, b1);
3808 return b1;
3809 #endif /* INET6 */
3810 }
3811 bpf_error("only IP multicast filters supported on ethernet/FDDI");
3812 }
3813
3814 /*
3815 * generate command for inbound/outbound. It's here so we can
3816 * make it link-type specific. 'dir' = 0 implies "inbound",
3817 * = 1 implies "outbound".
3818 */
3819 struct block *
3820 gen_inbound(dir)
3821 int dir;
3822 {
3823 register struct block *b0;
3824
3825 /*
3826 * Only some data link types support inbound/outbound qualifiers.
3827 */
3828 switch (linktype) {
3829 case DLT_SLIP:
3830 case DLT_PPP:
3831 b0 = gen_relation(BPF_JEQ,
3832 gen_load(Q_LINK, gen_loadi(0), 1),
3833 gen_loadi(0),
3834 dir);
3835 break;
3836
3837 default:
3838 bpf_error("inbound/outbound not supported on linktype %d\n",
3839 linktype);
3840 b0 = NULL;
3841 /* NOTREACHED */
3842 }
3843 return (b0);
3844 }
3845
3846 struct block *
3847 gen_acode(eaddr, q)
3848 register const u_char *eaddr;
3849 struct qual q;
3850 {
3851 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
3852 if (linktype == DLT_ARCNET)
3853 return gen_ahostop(eaddr, (int)q.dir);
3854 }
3855 bpf_error("ARCnet address used in non-arc expression");
3856 /* NOTREACHED */
3857 }
3858
3859 static struct block *
3860 gen_ahostop(eaddr, dir)
3861 register const u_char *eaddr;
3862 register int dir;
3863 {
3864 register struct block *b0, *b1;
3865
3866 switch (dir) {
3867 /* src comes first, different from Ethernet */
3868 case Q_SRC:
3869 return gen_bcmp(0, 1, eaddr);
3870
3871 case Q_DST:
3872 return gen_bcmp(1, 1, eaddr);
3873
3874 case Q_AND:
3875 b0 = gen_ahostop(eaddr, Q_SRC);
3876 b1 = gen_ahostop(eaddr, Q_DST);
3877 gen_and(b0, b1);
3878 return b1;
3879
3880 case Q_DEFAULT:
3881 case Q_OR:
3882 b0 = gen_ahostop(eaddr, Q_SRC);
3883 b1 = gen_ahostop(eaddr, Q_DST);
3884 gen_or(b0, b1);
3885 return b1;
3886 }
3887 abort();
3888 /* NOTREACHED */
3889 }
3890
3891 /*
3892 * support IEEE 802.1Q VLAN trunk over ethernet
3893 */
3894 struct block *
3895 gen_vlan(vlan_num)
3896 int vlan_num;
3897 {
3898 struct block *b0;
3899
3900 /*
3901 * Change the offsets to point to the type and data fields within
3902 * the VLAN packet. This is somewhat of a kludge.
3903 */
3904 if (orig_nl == (u_int)-1) {
3905 orig_linktype = off_linktype; /* save original values */
3906 orig_nl = off_nl;
3907
3908 switch (linktype) {
3909
3910 case DLT_EN10MB:
3911 off_linktype = 16;
3912 off_nl = 18;
3913 break;
3914
3915 default:
3916 bpf_error("no VLAN support for data link type %d",
3917 linktype);
3918 /*NOTREACHED*/
3919 }
3920 }
3921
3922 /* check for VLAN */
3923 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q);
3924
3925 /* If a specific VLAN is requested, check VLAN id */
3926 if (vlan_num >= 0) {
3927 struct block *b1;
3928
3929 b1 = gen_cmp(orig_nl, BPF_H, (bpf_int32)vlan_num);
3930 gen_and(b0, b1);
3931 b0 = b1;
3932 }
3933
3934 return (b0);
3935 }
[mirror] the LIBpcap interface to various kernel packet capture mechanism