]> The Tcpdump Group git mirrors - libpcap/blob - gencode.c
projects / libpcap / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Added support for Win32, based on WinPcap.
[libpcap] / gencode.c
1 /*#define CHASE_CHAIN*/
2 /*
3 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998
4 * The Regents of the University of California. All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that: (1) source code distributions
8 * retain the above copyright notice and this paragraph in its entirety, (2)
9 * distributions including binary code include the above copyright notice and
10 * this paragraph in its entirety in the documentation or other materials
11 * provided with the distribution, and (3) all advertising materials mentioning
12 * features or use of this software display the following acknowledgement:
13 * ``This product includes software developed by the University of California,
14 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
15 * the University nor the names of its contributors may be used to endorse
16 * or promote products derived from this software without specific prior
17 * written permission.
18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
19 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
20 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
21 */
22 #ifndef lint
23 static const char rcsid[] =
24 "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.170 2002-08-01 08:33:01 risso Exp $ (LBL)";
25 #endif
26
27 #ifdef HAVE_CONFIG_H
28 #include "config.h"
29 #endif
30
31 #include <pcap-stdinc.h>
32
33 #ifdef __MINGW32__
34 #include "IP6_misc.h"
35 #endif
36
37 #ifdef __NetBSD__
38 #include <sys/param.h>
39 #endif
40
41 struct mbuf; /* Squelch compiler warnings on some platforms for */
42 struct rtentry; /* declarations in <net/if.h> */
43 #include <net/if.h>
44
45 #include <stdlib.h>
46 #include <string.h>
47 #include <memory.h>
48 #include <setjmp.h>
49 #include <stdarg.h>
50
51 #include "pcap-int.h"
52
53 #include "ethertype.h"
54 #include "nlpid.h"
55 #include "llc.h"
56 #include "gencode.h"
57 #include "atmuni31.h"
58 #include "sunatmpos.h"
59 #include "ppp.h"
60 #include "sll.h"
61 #include "arcnet.h"
62 #ifdef INET6
63 #endif /*INET6*/
64 #include <pcap-namedb.h>
65
66 #define ETHERMTU 1500
67
68 #ifndef IPPROTO_SCTP
69 #define IPPROTO_SCTP 132
70 #endif
71
72 #ifdef HAVE_OS_PROTO_H
73 #include "os-proto.h"
74 #endif
75
76 #define JMP(c) ((c)|BPF_JMP|BPF_K)
77
78 /* Locals */
79 static jmp_buf top_ctx;
80 static pcap_t *bpf_pcap;
81
82 /* Hack for updating VLAN offsets. */
83 static u_int orig_linktype = -1, orig_nl = -1, orig_nl_nosnap = -1;
84
85 /* XXX */
86 #ifdef PCAP_FDDIPAD
87 int pcap_fddipad = PCAP_FDDIPAD;
88 #else
89 int pcap_fddipad;
90 #endif
91
92 /* VARARGS */
93 void
94 bpf_error(const char *fmt, ...)
95
96 {
97 va_list ap;
98
99 va_start(ap, fmt);
100 if (bpf_pcap != NULL)
101 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE,
102 fmt, ap);
103 va_end(ap);
104 longjmp(top_ctx, 1);
105 /* NOTREACHED */
106 }
107
108 static void init_linktype(int);
109
110 static int alloc_reg(void);
111 static void free_reg(int);
112
113 static struct block *root;
114
115 /*
116 * We divy out chunks of memory rather than call malloc each time so
117 * we don't have to worry about leaking memory. It's probably
118 * not a big deal if all this memory was wasted but it this ever
119 * goes into a library that would probably not be a good idea.
120 */
121 #define NCHUNKS 16
122 #define CHUNK0SIZE 1024
123 struct chunk {
124 u_int n_left;
125 void *m;
126 };
127
128 static struct chunk chunks[NCHUNKS];
129 static int cur_chunk;
130
131 static void *newchunk(u_int);
132 static void freechunks(void);
133 static inline struct block *new_block(int);
134 static inline struct slist *new_stmt(int);
135 static struct block *gen_retblk(int);
136 static inline void syntax(void);
137
138 static void backpatch(struct block *, struct block *);
139 static void merge(struct block *, struct block *);
140 static struct block *gen_cmp(u_int, u_int, bpf_int32);
141 static struct block *gen_cmp_gt(u_int, u_int, bpf_int32);
142 static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32);
143 static struct block *gen_bcmp(u_int, u_int, const u_char *);
144 static struct block *gen_ncmp(bpf_u_int32, bpf_u_int32, bpf_u_int32,
145 bpf_u_int32, bpf_u_int32, int);
146 static struct block *gen_uncond(int);
147 static inline struct block *gen_true(void);
148 static inline struct block *gen_false(void);
149 static struct block *gen_linktype(int);
150 static struct block *gen_snap(bpf_u_int32, bpf_u_int32, u_int);
151 static struct block *gen_llc(int);
152 static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int);
153 #ifdef INET6
154 static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int);
155 #endif
156 static struct block *gen_ahostop(const u_char *, int);
157 static struct block *gen_ehostop(const u_char *, int);
158 static struct block *gen_fhostop(const u_char *, int);
159 static struct block *gen_thostop(const u_char *, int);
160 static struct block *gen_dnhostop(bpf_u_int32, int, u_int);
161 static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int);
162 #ifdef INET6
163 static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int);
164 #endif
165 #ifndef INET6
166 static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int);
167 #endif
168 static struct block *gen_ipfrag(void);
169 static struct block *gen_portatom(int, bpf_int32);
170 #ifdef INET6
171 static struct block *gen_portatom6(int, bpf_int32);
172 #endif
173 struct block *gen_portop(int, int, int);
174 static struct block *gen_port(int, int, int);
175 #ifdef INET6
176 struct block *gen_portop6(int, int, int);
177 static struct block *gen_port6(int, int, int);
178 #endif
179 static int lookup_proto(const char *, int);
180 static struct block *gen_protochain(int, int, int);
181 static struct block *gen_proto(int, int, int);
182 static struct slist *xfer_to_x(struct arth *);
183 static struct slist *xfer_to_a(struct arth *);
184 static struct block *gen_len(int, int);
185
186 static struct block *gen_msg_abbrev(int type);
187
188 static void *
189 newchunk(n)
190 u_int n;
191 {
192 struct chunk *cp;
193 int k, size;
194
195 #ifndef __NetBSD__
196 /* XXX Round up to nearest long. */
197 n = (n + sizeof(long) - 1) & ~(sizeof(long) - 1);
198 #else
199 /* XXX Round up to structure boundary. */
200 n = ALIGN(n);
201 #endif
202
203 cp = &chunks[cur_chunk];
204 if (n > cp->n_left) {
205 ++cp, k = ++cur_chunk;
206 if (k >= NCHUNKS)
207 bpf_error("out of memory");
208 size = CHUNK0SIZE << k;
209 cp->m = (void *)malloc(size);
210 memset((char *)cp->m, 0, size);
211 cp->n_left = size;
212 if (n > size)
213 bpf_error("out of memory");
214 }
215 cp->n_left -= n;
216 return (void *)((char *)cp->m + cp->n_left);
217 }
218
219 static void
220 freechunks()
221 {
222 int i;
223
224 cur_chunk = 0;
225 for (i = 0; i < NCHUNKS; ++i)
226 if (chunks[i].m != NULL) {
227 free(chunks[i].m);
228 chunks[i].m = NULL;
229 }
230 }
231
232 /*
233 * A strdup whose allocations are freed after code generation is over.
234 */
235 char *
236 sdup(s)
237 register const char *s;
238 {
239 int n = strlen(s) + 1;
240 char *cp = newchunk(n);
241
242 strlcpy(cp, s, n);
243 return (cp);
244 }
245
246 static inline struct block *
247 new_block(code)
248 int code;
249 {
250 struct block *p;
251
252 p = (struct block *)newchunk(sizeof(*p));
253 p->s.code = code;
254 p->head = p;
255
256 return p;
257 }
258
259 static inline struct slist *
260 new_stmt(code)
261 int code;
262 {
263 struct slist *p;
264
265 p = (struct slist *)newchunk(sizeof(*p));
266 p->s.code = code;
267
268 return p;
269 }
270
271 static struct block *
272 gen_retblk(v)
273 int v;
274 {
275 struct block *b = new_block(BPF_RET|BPF_K);
276
277 b->s.k = v;
278 return b;
279 }
280
281 static inline void
282 syntax()
283 {
284 bpf_error("syntax error in filter expression");
285 }
286
287 static bpf_u_int32 netmask;
288 static int snaplen;
289 int no_optimize;
290
291 int
292 pcap_compile(pcap_t *p, struct bpf_program *program,
293 char *buf, int optimize, bpf_u_int32 mask)
294 {
295 extern int n_errors;
296 int len;
297
298 no_optimize = 0;
299 n_errors = 0;
300 root = NULL;
301 bpf_pcap = p;
302 if (setjmp(top_ctx)) {
303 lex_cleanup();
304 freechunks();
305 return (-1);
306 }
307
308 netmask = mask;
309
310 snaplen = pcap_snapshot(p);
311 if (snaplen == 0) {
312 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
313 "snaplen of 0 rejects all packets");
314 return -1;
315 }
316
317 lex_init(buf ? buf : "");
318 init_linktype(pcap_datalink(p));
319 (void)pcap_parse();
320
321 if (n_errors)
322 syntax();
323
324 if (root == NULL)
325 root = gen_retblk(snaplen);
326
327 if (optimize && !no_optimize) {
328 bpf_optimize(&root);
329 if (root == NULL ||
330 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0))
331 bpf_error("expression rejects all packets");
332 }
333 program->bf_insns = icode_to_fcode(root, &len);
334 program->bf_len = len;
335
336 lex_cleanup();
337 freechunks();
338 return (0);
339 }
340
341 /*
342 * entry point for using the compiler with no pcap open
343 * pass in all the stuff that is needed explicitly instead.
344 */
345 int
346 pcap_compile_nopcap(int snaplen_arg, int linktype_arg,
347 struct bpf_program *program,
348 char *buf, int optimize, bpf_u_int32 mask)
349 {
350 pcap_t *p;
351 int ret;
352
353 p = pcap_open_dead(linktype_arg, snaplen_arg);
354 if (p == NULL)
355 return (-1);
356 ret = pcap_compile(p, program, buf, optimize, mask);
357 pcap_close(p);
358 return (ret);
359 }
360
361 /*
362 * Clean up a "struct bpf_program" by freeing all the memory allocated
363 * in it.
364 */
365 void
366 pcap_freecode(struct bpf_program *program)
367 {
368 program->bf_len = 0;
369 if (program->bf_insns != NULL) {
370 free((char *)program->bf_insns);
371 program->bf_insns = NULL;
372 }
373 }
374
375 /*
376 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates
377 * which of the jt and jf fields has been resolved and which is a pointer
378 * back to another unresolved block (or nil). At least one of the fields
379 * in each block is already resolved.
380 */
381 static void
382 backpatch(list, target)
383 struct block *list, *target;
384 {
385 struct block *next;
386
387 while (list) {
388 if (!list->sense) {
389 next = JT(list);
390 JT(list) = target;
391 } else {
392 next = JF(list);
393 JF(list) = target;
394 }
395 list = next;
396 }
397 }
398
399 /*
400 * Merge the lists in b0 and b1, using the 'sense' field to indicate
401 * which of jt and jf is the link.
402 */
403 static void
404 merge(b0, b1)
405 struct block *b0, *b1;
406 {
407 register struct block **p = &b0;
408
409 /* Find end of list. */
410 while (*p)
411 p = !((*p)->sense) ? &JT(*p) : &JF(*p);
412
413 /* Concatenate the lists. */
414 *p = b1;
415 }
416
417 void
418 finish_parse(p)
419 struct block *p;
420 {
421 backpatch(p, gen_retblk(snaplen));
422 p->sense = !p->sense;
423 backpatch(p, gen_retblk(0));
424 root = p->head;
425 }
426
427 void
428 gen_and(b0, b1)
429 struct block *b0, *b1;
430 {
431 backpatch(b0, b1->head);
432 b0->sense = !b0->sense;
433 b1->sense = !b1->sense;
434 merge(b1, b0);
435 b1->sense = !b1->sense;
436 b1->head = b0->head;
437 }
438
439 void
440 gen_or(b0, b1)
441 struct block *b0, *b1;
442 {
443 b0->sense = !b0->sense;
444 backpatch(b0, b1->head);
445 b0->sense = !b0->sense;
446 merge(b1, b0);
447 b1->head = b0->head;
448 }
449
450 void
451 gen_not(b)
452 struct block *b;
453 {
454 b->sense = !b->sense;
455 }
456
457 static struct block *
458 gen_cmp(offset, size, v)
459 u_int offset, size;
460 bpf_int32 v;
461 {
462 struct slist *s;
463 struct block *b;
464
465 s = new_stmt(BPF_LD|BPF_ABS|size);
466 s->s.k = offset;
467
468 b = new_block(JMP(BPF_JEQ));
469 b->stmts = s;
470 b->s.k = v;
471
472 return b;
473 }
474
475 static struct block *
476 gen_cmp_gt(offset, size, v)
477 u_int offset, size;
478 bpf_int32 v;
479 {
480 struct slist *s;
481 struct block *b;
482
483 s = new_stmt(BPF_LD|BPF_ABS|size);
484 s->s.k = offset;
485
486 b = new_block(JMP(BPF_JGT));
487 b->stmts = s;
488 b->s.k = v;
489
490 return b;
491 }
492
493 static struct block *
494 gen_mcmp(offset, size, v, mask)
495 u_int offset, size;
496 bpf_int32 v;
497 bpf_u_int32 mask;
498 {
499 struct block *b = gen_cmp(offset, size, v);
500 struct slist *s;
501
502 if (mask != 0xffffffff) {
503 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
504 s->s.k = mask;
505 b->stmts->next = s;
506 }
507 return b;
508 }
509
510 static struct block *
511 gen_bcmp(offset, size, v)
512 register u_int offset, size;
513 register const u_char *v;
514 {
515 register struct block *b, *tmp;
516
517 b = NULL;
518 while (size >= 4) {
519 register const u_char *p = &v[size - 4];
520 bpf_int32 w = ((bpf_int32)p[0] << 24) |
521 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3];
522
523 tmp = gen_cmp(offset + size - 4, BPF_W, w);
524 if (b != NULL)
525 gen_and(b, tmp);
526 b = tmp;
527 size -= 4;
528 }
529 while (size >= 2) {
530 register const u_char *p = &v[size - 2];
531 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1];
532
533 tmp = gen_cmp(offset + size - 2, BPF_H, w);
534 if (b != NULL)
535 gen_and(b, tmp);
536 b = tmp;
537 size -= 2;
538 }
539 if (size > 0) {
540 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]);
541 if (b != NULL)
542 gen_and(b, tmp);
543 b = tmp;
544 }
545 return b;
546 }
547
548 static struct block *
549 gen_ncmp(datasize, offset, mask, jtype, jvalue, reverse)
550 bpf_u_int32 datasize, offset, mask, jtype, jvalue;
551 int reverse;
552 {
553 struct slist *s;
554 struct block *b;
555
556 s = new_stmt(BPF_LD|datasize|BPF_ABS);
557 s->s.k = offset;
558
559 if (mask != 0xffffffff) {
560 s->next = new_stmt(BPF_ALU|BPF_AND|BPF_K);
561 s->next->s.k = mask;
562 }
563
564 b = new_block(JMP(jtype));
565 b->stmts = s;
566 b->s.k = jvalue;
567 if (reverse && (jtype == BPF_JGT || jtype == BPF_JGE))
568 gen_not(b);
569 return b;
570 }
571
572 /*
573 * Various code constructs need to know the layout of the data link
574 * layer. These variables give the necessary offsets.
575 */
576
577 /*
578 * "off_linktype" is the offset to information in the link-layer header
579 * giving the packet type.
580 *
581 * For Ethernet, it's the offset of the Ethernet type field.
582 *
583 * For link-layer types that always use 802.2 headers, it's the
584 * offset of the LLC header.
585 *
586 * For PPP, it's the offset of the PPP type field.
587 *
588 * For Cisco HDLC, it's the offset of the CHDLC type field.
589 *
590 * For BSD loopback, it's the offset of the AF_ value.
591 *
592 * For Linux cooked sockets, it's the offset of the type field.
593 *
594 * It's set to -1 for no encapsulation, in which case, IP is assumed.
595 */
596 static u_int off_linktype;
597
598 /*
599 * TRUE if the link layer includes an ATM pseudo-header.
600 */
601 static int is_atm = 0;
602
603 /*
604 * These are offsets for the ATM pseudo-header.
605 */
606 static u_int off_vpi;
607 static u_int off_vci;
608 static u_int off_proto;
609
610 /*
611 * This is the offset to the message type for Q.2931 messages.
612 */
613 static u_int off_msg_type;
614
615 /*
616 * These are offsets to the beginning of the network-layer header.
617 *
618 * If the link layer never uses 802.2 LLC:
619 *
620 * "off_nl" and "off_nl_nosnap" are the same.
621 *
622 * If the link layer always uses 802.2 LLC:
623 *
624 * "off_nl" is the offset if there's a SNAP header following
625 * the 802.2 header;
626 *
627 * "off_nl_nosnap" is the offset if there's no SNAP header.
628 *
629 * If the link layer is Ethernet:
630 *
631 * "off_nl" is the offset if the packet is an Ethernet II packet
632 * (we assume no 802.3+802.2+SNAP);
633 *
634 * "off_nl_nosnap" is the offset if the packet is an 802.3 packet
635 * with an 802.2 header following it.
636 */
637 static u_int off_nl;
638 static u_int off_nl_nosnap;
639
640 static int linktype;
641
642 static void
643 init_linktype(type)
644 int type;
645 {
646 linktype = type;
647
648 /*
649 * Assume it's not raw ATM with a pseudo-header, for now.
650 */
651 is_atm = 0;
652 off_vpi = -1;
653 off_vci = -1;
654 off_proto = -1;
655 off_msg_type = -1;
656
657 orig_linktype = -1;
658 orig_nl = -1;
659 orig_nl_nosnap = -1;
660
661 switch (type) {
662
663 case DLT_ARCNET:
664 off_linktype = 2;
665 off_nl = 6; /* XXX in reality, variable! */
666 off_nl_nosnap = 6; /* no 802.2 LLC */
667 return;
668
669 case DLT_EN10MB:
670 off_linktype = 12;
671 off_nl = 14; /* Ethernet II */
672 off_nl_nosnap = 17; /* 802.3+802.2 */
673 return;
674
675 case DLT_SLIP:
676 /*
677 * SLIP doesn't have a link level type. The 16 byte
678 * header is hacked into our SLIP driver.
679 */
680 off_linktype = -1;
681 off_nl = 16;
682 off_nl_nosnap = 16; /* no 802.2 LLC */
683 return;
684
685 case DLT_SLIP_BSDOS:
686 /* XXX this may be the same as the DLT_PPP_BSDOS case */
687 off_linktype = -1;
688 /* XXX end */
689 off_nl = 24;
690 off_nl_nosnap = 24; /* no 802.2 LLC */
691 return;
692
693 case DLT_NULL:
694 case DLT_LOOP:
695 off_linktype = 0;
696 off_nl = 4;
697 off_nl_nosnap = 4; /* no 802.2 LLC */
698 return;
699
700 case DLT_PPP:
701 case DLT_C_HDLC: /* BSD/OS Cisco HDLC */
702 case DLT_PPP_SERIAL: /* NetBSD sync/async serial PPP */
703 off_linktype = 2;
704 off_nl = 4;
705 off_nl_nosnap = 4; /* no 802.2 LLC */
706 return;
707
708 case DLT_PPP_ETHER:
709 /*
710 * This does no include the Ethernet header, and
711 * only covers session state.
712 */
713 off_linktype = 6;
714 off_nl = 8;
715 off_nl_nosnap = 8; /* no 802.2 LLC */
716 return;
717
718 case DLT_PPP_BSDOS:
719 off_linktype = 5;
720 off_nl = 24;
721 off_nl_nosnap = 24; /* no 802.2 LLC */
722 return;
723
724 case DLT_FDDI:
725 /*
726 * FDDI doesn't really have a link-level type field.
727 * We set "off_linktype" to the offset of the LLC header.
728 *
729 * To check for Ethernet types, we assume that SSAP = SNAP
730 * is being used and pick out the encapsulated Ethernet type.
731 * XXX - should we generate code to check for SNAP?
732 */
733 off_linktype = 13;
734 #ifdef PCAP_FDDIPAD
735 off_linktype += pcap_fddipad;
736 #endif
737 off_nl = 21; /* FDDI+802.2+SNAP */
738 off_nl_nosnap = 16; /* FDDI+802.2 */
739 #ifdef PCAP_FDDIPAD
740 off_nl += pcap_fddipad;
741 off_nl_nosnap += pcap_fddipad;
742 #endif
743 return;
744
745 case DLT_IEEE802:
746 /*
747 * Token Ring doesn't really have a link-level type field.
748 * We set "off_linktype" to the offset of the LLC header.
749 *
750 * To check for Ethernet types, we assume that SSAP = SNAP
751 * is being used and pick out the encapsulated Ethernet type.
752 * XXX - should we generate code to check for SNAP?
753 *
754 * XXX - the header is actually variable-length.
755 * Some various Linux patched versions gave 38
756 * as "off_linktype" and 40 as "off_nl"; however,
757 * if a token ring packet has *no* routing
758 * information, i.e. is not source-routed, the correct
759 * values are 20 and 22, as they are in the vanilla code.
760 *
761 * A packet is source-routed iff the uppermost bit
762 * of the first byte of the source address, at an
763 * offset of 8, has the uppermost bit set. If the
764 * packet is source-routed, the total number of bytes
765 * of routing information is 2 plus bits 0x1F00 of
766 * the 16-bit value at an offset of 14 (shifted right
767 * 8 - figure out which byte that is).
768 */
769 off_linktype = 14;
770 off_nl = 22; /* Token Ring+802.2+SNAP */
771 off_nl_nosnap = 17; /* Token Ring+802.2 */
772 return;
773
774 case DLT_IEEE802_11:
775 /*
776 * 802.11 doesn't really have a link-level type field.
777 * We set "off_linktype" to the offset of the LLC header.
778 *
779 * To check for Ethernet types, we assume that SSAP = SNAP
780 * is being used and pick out the encapsulated Ethernet type.
781 * XXX - should we generate code to check for SNAP?
782 *
783 * XXX - the header is actually variable-length. We
784 * assume a 24-byte link-layer header, as appears in
785 * data frames in networks with no bridges.
786 */
787 off_linktype = 24;
788 off_nl = 32; /* 802.11+802.2+SNAP */
789 off_nl_nosnap = 27; /* 802.22+802.2 */
790 return;
791
792 case DLT_PRISM_HEADER:
793 /*
794 * Same as 802.11, but with an additional header before
795 * the 802.11 header, containing a bunch of additional
796 * information including radio-level information.
797 *
798 * The header is 144 bytes long.
799 *
800 * XXX - same variable-length header problem; at least
801 * the Prism header is fixed-length.
802 */
803 off_linktype = 144+24;
804 off_nl = 144+32; /* Prism+802.11+802.2+SNAP */
805 off_nl_nosnap = 144+27; /* Prism+802.11+802.2 */
806 return;
807
808 case DLT_ATM_RFC1483:
809 case DLT_ATM_CLIP: /* Linux ATM defines this */
810 /*
811 * assume routed, non-ISO PDUs
812 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00)
813 */
814 off_linktype = 0;
815 off_nl = 8; /* 802.2+SNAP */
816 off_nl_nosnap = 3; /* 802.2 */
817 return;
818
819 case DLT_SUNATM:
820 /*
821 * Full Frontal ATM; you get AALn PDUs with an ATM
822 * pseudo-header.
823 */
824 is_atm = 1;
825 off_linktype = SUNATM_PKT_BEGIN_POS;
826 off_vpi = SUNATM_VPI_POS;
827 off_vci = SUNATM_VCI_POS;
828 off_proto = PROTO_POS;
829 off_msg_type = SUNATM_PKT_BEGIN_POS+MSG_TYPE_POS;
830 off_nl = SUNATM_PKT_BEGIN_POS+8; /* 802.2+SNAP */
831 off_nl_nosnap = SUNATM_PKT_BEGIN_POS+3; /* 802.2 */
832 return;
833
834 case DLT_RAW:
835 off_linktype = -1;
836 off_nl = 0;
837 off_nl_nosnap = 0; /* no 802.2 LLC */
838 return;
839
840 case DLT_LINUX_SLL: /* fake header for Linux cooked socket */
841 off_linktype = 14;
842 off_nl = 16;
843 off_nl_nosnap = 16; /* no 802.2 LLC */
844 return;
845
846 case DLT_LTALK:
847 /*
848 * LocalTalk does have a 1-byte type field in the LLAP header,
849 * but really it just indicates whether there is a "short" or
850 * "long" DDP packet following.
851 */
852 off_linktype = -1;
853 off_nl = 0;
854 off_nl_nosnap = 0; /* no 802.2 LLC */
855 return;
856
857 case DLT_FRELAY:
858 /*
859 * XXX - we should set this to handle SNAP-encapsulated
860 * frames (NLPID of 0x80).
861 */
862 off_linktype = -1;
863 off_nl = 0;
864 off_nl_nosnap = 0; /* no 802.2 LLC */
865 return;
866 }
867 bpf_error("unknown data link type %d", linktype);
868 /* NOTREACHED */
869 }
870
871 static struct block *
872 gen_uncond(rsense)
873 int rsense;
874 {
875 struct block *b;
876 struct slist *s;
877
878 s = new_stmt(BPF_LD|BPF_IMM);
879 s->s.k = !rsense;
880 b = new_block(JMP(BPF_JEQ));
881 b->stmts = s;
882
883 return b;
884 }
885
886 static inline struct block *
887 gen_true()
888 {
889 return gen_uncond(1);
890 }
891
892 static inline struct block *
893 gen_false()
894 {
895 return gen_uncond(0);
896 }
897
898 /*
899 * Byte-swap a 32-bit number.
900 * ("htonl()" or "ntohl()" won't work - we want to byte-swap even on
901 * big-endian platforms.)
902 */
903 #define SWAPLONG(y) \
904 ((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff))
905
906 static struct block *
907 gen_linktype(proto)
908 register int proto;
909 {
910 struct block *b0, *b1, *b2;
911
912 switch (linktype) {
913
914 case DLT_EN10MB:
915 switch (proto) {
916
917 case LLCSAP_ISONS:
918 /*
919 * OSI protocols always use 802.2 encapsulation.
920 * XXX - should we check both the DSAP and the
921 * SSAP, like this, or should we check just the
922 * DSAP?
923 */
924 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
925 gen_not(b0);
926 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
927 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
928 gen_and(b0, b1);
929 return b1;
930
931 case LLCSAP_NETBEUI:
932 /*
933 * NetBEUI always uses 802.2 encapsulation.
934 * XXX - should we check both the DSAP and the
935 * SSAP, like this, or should we check just the
936 * DSAP?
937 */
938 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
939 gen_not(b0);
940 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
941 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
942 gen_and(b0, b1);
943 return b1;
944
945 case LLCSAP_IPX:
946 /*
947 * Check for;
948 *
949 * Ethernet_II frames, which are Ethernet
950 * frames with a frame type of ETHERTYPE_IPX;
951 *
952 * Ethernet_802.3 frames, which are 802.3
953 * frames (i.e., the type/length field is
954 * a length field, <= ETHERMTU, rather than
955 * a type field) with the first two bytes
956 * after the Ethernet/802.3 header being
957 * 0xFFFF;
958 *
959 * Ethernet_802.2 frames, which are 802.3
960 * frames with an 802.2 LLC header and
961 * with the IPX LSAP as the DSAP in the LLC
962 * header;
963 *
964 * Ethernet_SNAP frames, which are 802.3
965 * frames with an LLC header and a SNAP
966 * header and with an OUI of 0x000000
967 * (encapsulated Ethernet) and a protocol
968 * ID of ETHERTYPE_IPX in the SNAP header.
969 *
970 * XXX - should we generate the same code both
971 * for tests for LLCSAP_IPX and for ETHERTYPE_IPX?
972 */
973
974 /*
975 * This generates code to check both for the
976 * IPX LSAP (Ethernet_802.2) and for Ethernet_802.3.
977 */
978 b0 = gen_cmp(off_linktype + 2, BPF_B,
979 (bpf_int32)LLCSAP_IPX);
980 b1 = gen_cmp(off_linktype + 2, BPF_H,
981 (bpf_int32)0xFFFF);
982 gen_or(b0, b1);
983
984 /*
985 * Now we add code to check for SNAP frames with
986 * ETHERTYPE_IPX, i.e. Ethernet_SNAP.
987 */
988 b0 = gen_snap(0x000000, ETHERTYPE_IPX, 14);
989 gen_or(b0, b1);
990
991 /*
992 * Now we generate code to check for 802.3
993 * frames in general.
994 */
995 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
996 gen_not(b0);
997
998 /*
999 * Now add the check for 802.3 frames before the
1000 * check for Ethernet_802.2 and Ethernet_802.3,
1001 * as those checks should only be done on 802.3
1002 * frames, not on Ethernet frames.
1003 */
1004 gen_and(b0, b1);
1005
1006 /*
1007 * Now add the check for Ethernet_II frames, and
1008 * do that before checking for the other frame
1009 * types.
1010 */
1011 b0 = gen_cmp(off_linktype, BPF_H,
1012 (bpf_int32)ETHERTYPE_IPX);
1013 gen_or(b0, b1);
1014 return b1;
1015
1016 case ETHERTYPE_ATALK:
1017 case ETHERTYPE_AARP:
1018 /*
1019 * EtherTalk (AppleTalk protocols on Ethernet link
1020 * layer) may use 802.2 encapsulation.
1021 */
1022
1023 /*
1024 * Check for 802.2 encapsulation (EtherTalk phase 2?);
1025 * we check for an Ethernet type field less than
1026 * 1500, which means it's an 802.3 length field.
1027 */
1028 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1029 gen_not(b0);
1030
1031 /*
1032 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1033 * SNAP packets with an organization code of
1034 * 0x080007 (Apple, for Appletalk) and a protocol
1035 * type of ETHERTYPE_ATALK (Appletalk).
1036 *
1037 * 802.2-encapsulated ETHERTYPE_AARP packets are
1038 * SNAP packets with an organization code of
1039 * 0x000000 (encapsulated Ethernet) and a protocol
1040 * type of ETHERTYPE_AARP (Appletalk ARP).
1041 */
1042 if (proto == ETHERTYPE_ATALK)
1043 b1 = gen_snap(0x080007, ETHERTYPE_ATALK, 14);
1044 else /* proto == ETHERTYPE_AARP */
1045 b1 = gen_snap(0x000000, ETHERTYPE_AARP, 14);
1046 gen_and(b0, b1);
1047
1048 /*
1049 * Check for Ethernet encapsulation (Ethertalk
1050 * phase 1?); we just check for the Ethernet
1051 * protocol type.
1052 */
1053 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1054
1055 gen_or(b0, b1);
1056 return b1;
1057
1058 default:
1059 if (proto <= ETHERMTU) {
1060 /*
1061 * This is an LLC SAP value, so the frames
1062 * that match would be 802.2 frames.
1063 * Check that the frame is an 802.2 frame
1064 * (i.e., that the length/type field is
1065 * a length field, <= ETHERMTU) and
1066 * then check the DSAP.
1067 */
1068 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1069 gen_not(b0);
1070 b1 = gen_cmp(off_linktype + 2, BPF_B,
1071 (bpf_int32)proto);
1072 gen_and(b0, b1);
1073 return b1;
1074 } else {
1075 /*
1076 * This is an Ethernet type, so compare
1077 * the length/type field with it (if
1078 * the frame is an 802.2 frame, the length
1079 * field will be <= ETHERMTU, and, as
1080 * "proto" is > ETHERMTU, this test
1081 * will fail and the frame won't match,
1082 * which is what we want).
1083 */
1084 return gen_cmp(off_linktype, BPF_H,
1085 (bpf_int32)proto);
1086 }
1087 }
1088 break;
1089
1090 case DLT_IEEE802_11:
1091 case DLT_PRISM_HEADER:
1092 case DLT_FDDI:
1093 case DLT_IEEE802:
1094 case DLT_ATM_RFC1483:
1095 case DLT_ATM_CLIP:
1096 return gen_llc(proto);
1097 break;
1098
1099 case DLT_SUNATM:
1100 /*
1101 * Check for LLC encapsulation and then check the protocol.
1102 * XXX - also check for LANE and then check for an Ethernet
1103 * type?
1104 */
1105 b0 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0);
1106 b1 = gen_llc(proto);
1107 gen_and(b0, b1);
1108 return b1;
1109
1110 case DLT_LINUX_SLL:
1111 switch (proto) {
1112
1113 case LLCSAP_ISONS:
1114 /*
1115 * OSI protocols always use 802.2 encapsulation.
1116 * XXX - should we check both the DSAP and the
1117 * LSAP, like this, or should we check just the
1118 * DSAP?
1119 */
1120 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1121 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1122 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
1123 gen_and(b0, b1);
1124 return b1;
1125
1126 case LLCSAP_NETBEUI:
1127 /*
1128 * NetBEUI always uses 802.2 encapsulation.
1129 * XXX - should we check both the DSAP and the
1130 * LSAP, like this, or should we check just the
1131 * DSAP?
1132 */
1133 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1134 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1135 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
1136 gen_and(b0, b1);
1137 return b1;
1138
1139 case LLCSAP_IPX:
1140 /*
1141 * Ethernet_II frames, which are Ethernet
1142 * frames with a frame type of ETHERTYPE_IPX;
1143 *
1144 * Ethernet_802.3 frames, which have a frame
1145 * type of LINUX_SLL_P_802_3;
1146 *
1147 * Ethernet_802.2 frames, which are 802.3
1148 * frames with an 802.2 LLC header (i.e, have
1149 * a frame type of LINUX_SLL_P_802_2) and
1150 * with the IPX LSAP as the DSAP in the LLC
1151 * header;
1152 *
1153 * Ethernet_SNAP frames, which are 802.3
1154 * frames with an LLC header and a SNAP
1155 * header and with an OUI of 0x000000
1156 * (encapsulated Ethernet) and a protocol
1157 * ID of ETHERTYPE_IPX in the SNAP header.
1158 *
1159 * First, do the checks on LINUX_SLL_P_802_2
1160 * frames; generate the check for either
1161 * Ethernet_802.2 or Ethernet_SNAP frames, and
1162 * then put a check for LINUX_SLL_P_802_2 frames
1163 * before it.
1164 */
1165 b0 = gen_cmp(off_linktype + 2, BPF_B,
1166 (bpf_int32)LLCSAP_IPX);
1167 b1 = gen_snap(0x000000, ETHERTYPE_IPX,
1168 off_linktype + 2);
1169 gen_or(b0, b1);
1170 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1171 gen_and(b0, b1);
1172
1173 /*
1174 * Now check for 802.3 frames and OR that with
1175 * the previous test.
1176 */
1177 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_3);
1178 gen_or(b0, b1);
1179
1180 /*
1181 * Now add the check for Ethernet_II frames, and
1182 * do that before checking for the other frame
1183 * types.
1184 */
1185 b0 = gen_cmp(off_linktype, BPF_H,
1186 (bpf_int32)ETHERTYPE_IPX);
1187 gen_or(b0, b1);
1188 return b1;
1189
1190 case ETHERTYPE_ATALK:
1191 case ETHERTYPE_AARP:
1192 /*
1193 * EtherTalk (AppleTalk protocols on Ethernet link
1194 * layer) may use 802.2 encapsulation.
1195 */
1196
1197 /*
1198 * Check for 802.2 encapsulation (EtherTalk phase 2?);
1199 * we check for the 802.2 protocol type in the
1200 * "Ethernet type" field.
1201 */
1202 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1203
1204 /*
1205 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1206 * SNAP packets with an organization code of
1207 * 0x080007 (Apple, for Appletalk) and a protocol
1208 * type of ETHERTYPE_ATALK (Appletalk).
1209 *
1210 * 802.2-encapsulated ETHERTYPE_AARP packets are
1211 * SNAP packets with an organization code of
1212 * 0x000000 (encapsulated Ethernet) and a protocol
1213 * type of ETHERTYPE_AARP (Appletalk ARP).
1214 */
1215 if (proto == ETHERTYPE_ATALK)
1216 b1 = gen_snap(0x080007, ETHERTYPE_ATALK,
1217 off_linktype + 2);
1218 else /* proto == ETHERTYPE_AARP */
1219 b1 = gen_snap(0x000000, ETHERTYPE_AARP,
1220 off_linktype + 2);
1221 gen_and(b0, b1);
1222
1223 /*
1224 * Check for Ethernet encapsulation (Ethertalk
1225 * phase 1?); we just check for the Ethernet
1226 * protocol type.
1227 */
1228 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1229
1230 gen_or(b0, b1);
1231 return b1;
1232
1233 default:
1234 if (proto <= ETHERMTU) {
1235 /*
1236 * This is an LLC SAP value, so the frames
1237 * that match would be 802.2 frames.
1238 * Check for the 802.2 protocol type
1239 * in the "Ethernet type" field, and
1240 * then check the DSAP.
1241 */
1242 b0 = gen_cmp(off_linktype, BPF_H,
1243 LINUX_SLL_P_802_2);
1244 b1 = gen_cmp(off_linktype + 2, BPF_B,
1245 (bpf_int32)proto);
1246 gen_and(b0, b1);
1247 return b1;
1248 } else {
1249 /*
1250 * This is an Ethernet type, so compare
1251 * the length/type field with it (if
1252 * the frame is an 802.2 frame, the length
1253 * field will be <= ETHERMTU, and, as
1254 * "proto" is > ETHERMTU, this test
1255 * will fail and the frame won't match,
1256 * which is what we want).
1257 */
1258 return gen_cmp(off_linktype, BPF_H,
1259 (bpf_int32)proto);
1260 }
1261 }
1262 break;
1263
1264 case DLT_SLIP:
1265 case DLT_SLIP_BSDOS:
1266 case DLT_RAW:
1267 /*
1268 * These types don't provide any type field; packets
1269 * are always IP.
1270 *
1271 * XXX - for IPv4, check for a version number of 4, and,
1272 * for IPv6, check for a version number of 6?
1273 */
1274 switch (proto) {
1275
1276 case ETHERTYPE_IP:
1277 #ifdef INET6
1278 case ETHERTYPE_IPV6:
1279 #endif
1280 return gen_true(); /* always true */
1281
1282 default:
1283 return gen_false(); /* always false */
1284 }
1285 break;
1286
1287 case DLT_PPP:
1288 case DLT_PPP_SERIAL:
1289 case DLT_PPP_ETHER:
1290 /*
1291 * We use Ethernet protocol types inside libpcap;
1292 * map them to the corresponding PPP protocol types.
1293 */
1294 switch (proto) {
1295
1296 case ETHERTYPE_IP:
1297 proto = PPP_IP; /* XXX was 0x21 */
1298 break;
1299
1300 #ifdef INET6
1301 case ETHERTYPE_IPV6:
1302 proto = PPP_IPV6;
1303 break;
1304 #endif
1305
1306 case ETHERTYPE_DN:
1307 proto = PPP_DECNET;
1308 break;
1309
1310 case ETHERTYPE_ATALK:
1311 proto = PPP_APPLE;
1312 break;
1313
1314 case ETHERTYPE_NS:
1315 proto = PPP_NS;
1316 break;
1317
1318 case LLCSAP_ISONS:
1319 proto = PPP_OSI;
1320 break;
1321
1322 case LLCSAP_8021D:
1323 /*
1324 * I'm assuming the "Bridging PDU"s that go
1325 * over PPP are Spanning Tree Protocol
1326 * Bridging PDUs.
1327 */
1328 proto = PPP_BRPDU;
1329 break;
1330
1331 case LLCSAP_IPX:
1332 proto = PPP_IPX;
1333 break;
1334 }
1335 break;
1336
1337 case DLT_PPP_BSDOS:
1338 /*
1339 * We use Ethernet protocol types inside libpcap;
1340 * map them to the corresponding PPP protocol types.
1341 */
1342 switch (proto) {
1343
1344 case ETHERTYPE_IP:
1345 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP);
1346 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC);
1347 gen_or(b0, b1);
1348 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC);
1349 gen_or(b1, b0);
1350 return b0;
1351
1352 #ifdef INET6
1353 case ETHERTYPE_IPV6:
1354 proto = PPP_IPV6;
1355 /* more to go? */
1356 break;
1357 #endif
1358
1359 case ETHERTYPE_DN:
1360 proto = PPP_DECNET;
1361 break;
1362
1363 case ETHERTYPE_ATALK:
1364 proto = PPP_APPLE;
1365 break;
1366
1367 case ETHERTYPE_NS:
1368 proto = PPP_NS;
1369 break;
1370
1371 case LLCSAP_ISONS:
1372 proto = PPP_OSI;
1373 break;
1374
1375 case LLCSAP_8021D:
1376 /*
1377 * I'm assuming the "Bridging PDU"s that go
1378 * over PPP are Spanning Tree Protocol
1379 * Bridging PDUs.
1380 */
1381 proto = PPP_BRPDU;
1382 break;
1383
1384 case LLCSAP_IPX:
1385 proto = PPP_IPX;
1386 break;
1387 }
1388 break;
1389
1390 case DLT_NULL:
1391 case DLT_LOOP:
1392 /*
1393 * For DLT_NULL, the link-layer header is a 32-bit
1394 * word containing an AF_ value in *host* byte order.
1395 *
1396 * In addition, if we're reading a saved capture file,
1397 * the host byte order in the capture may not be the
1398 * same as the host byte order on this machine.
1399 *
1400 * For DLT_LOOP, the link-layer header is a 32-bit
1401 * word containing an AF_ value in *network* byte order.
1402 *
1403 * XXX - AF_ values may, unfortunately, be platform-
1404 * dependent; for example, FreeBSD's AF_INET6 is 24
1405 * whilst NetBSD's and OpenBSD's is 26.
1406 *
1407 * This means that, when reading a capture file, just
1408 * checking for our AF_INET6 value won't work if the
1409 * capture file came from another OS.
1410 */
1411 switch (proto) {
1412
1413 case ETHERTYPE_IP:
1414 proto = AF_INET;
1415 break;
1416
1417 #ifdef INET6
1418 case ETHERTYPE_IPV6:
1419 proto = AF_INET6;
1420 break;
1421 #endif
1422
1423 default:
1424 /*
1425 * Not a type on which we support filtering.
1426 * XXX - support those that have AF_ values
1427 * #defined on this platform, at least?
1428 */
1429 return gen_false();
1430 }
1431
1432 if (linktype == DLT_NULL) {
1433 /*
1434 * The AF_ value is in host byte order, but
1435 * the BPF interpreter will convert it to
1436 * network byte order.
1437 *
1438 * If this is a save file, and it's from a
1439 * machine with the opposite byte order to
1440 * ours, we byte-swap the AF_ value.
1441 *
1442 * Then we run it through "htonl()", and
1443 * generate code to compare against the result.
1444 */
1445 if (bpf_pcap->sf.rfile != NULL &&
1446 bpf_pcap->sf.swapped)
1447 proto = SWAPLONG(proto);
1448 proto = htonl(proto);
1449 }
1450 return (gen_cmp(0, BPF_W, (bpf_int32)proto));
1451
1452 case DLT_ARCNET:
1453 /*
1454 * XXX should we check for first fragment if the protocol
1455 * uses PHDS?
1456 */
1457 switch(proto) {
1458 default:
1459 return gen_false();
1460 #ifdef INET6
1461 case ETHERTYPE_IPV6:
1462 return(gen_cmp(2, BPF_B,
1463 (bpf_int32)htonl(ARCTYPE_INET6)));
1464 #endif /* INET6 */
1465 case ETHERTYPE_IP:
1466 b0 = gen_cmp(2, BPF_B, (bpf_int32)htonl(ARCTYPE_IP));
1467 b1 = gen_cmp(2, BPF_B,
1468 (bpf_int32)htonl(ARCTYPE_IP_OLD));
1469 gen_or(b0, b1);
1470 return(b1);
1471 case ETHERTYPE_ARP:
1472 b0 = gen_cmp(2, BPF_B, (bpf_int32)htonl(ARCTYPE_ARP));
1473 b1 = gen_cmp(2, BPF_B,
1474 (bpf_int32)htonl(ARCTYPE_ARP_OLD));
1475 gen_or(b0, b1);
1476 return(b1);
1477 case ETHERTYPE_REVARP:
1478 return(gen_cmp(2, BPF_B,
1479 (bpf_int32)htonl(ARCTYPE_REVARP)));
1480 case ETHERTYPE_ATALK:
1481 return(gen_cmp(2, BPF_B,
1482 (bpf_int32)htonl(ARCTYPE_ATALK)));
1483 }
1484 break;
1485
1486 case DLT_LTALK:
1487 switch (proto) {
1488 case ETHERTYPE_ATALK:
1489 return gen_true();
1490 default:
1491 return gen_false();
1492 }
1493 break;
1494
1495 case DLT_FRELAY:
1496 /*
1497 * XXX - assumes a 2-byte Frame Relay header with
1498 * DLCI and flags. What if the address is longer?
1499 */
1500 switch (proto) {
1501
1502 case ETHERTYPE_IP:
1503 /*
1504 * Check for the special NLPID for IP.
1505 */
1506 return gen_cmp(2, BPF_H, (0x03<<8) | 0xcc);
1507
1508 #ifdef INET6
1509 case ETHERTYPE_IPV6:
1510 /*
1511 * Check for the special NLPID for IPv6.
1512 */
1513 return gen_cmp(2, BPF_H, (0x03<<8) | 0x8e);
1514 #endif
1515
1516 case LLCSAP_ISONS:
1517 /*
1518 * Check for several OSI protocols.
1519 *
1520 * Frame Relay packets typically have an OSI
1521 * NLPID at the beginning; we check for each
1522 * of them.
1523 *
1524 * What we check for is the NLPID and a frame
1525 * control field of UI, i.e. 0x03 followed
1526 * by the NLPID.
1527 */
1528 b0 = gen_cmp(2, BPF_H, (0x03<<8) | ISO8473_CLNP);
1529 b1 = gen_cmp(2, BPF_H, (0x03<<8) | ISO9542_ESIS);
1530 b2 = gen_cmp(2, BPF_H, (0x03<<8) | ISO10589_ISIS);
1531 gen_or(b1, b2);
1532 gen_or(b0, b2);
1533 return b2;
1534
1535 default:
1536 return gen_false();
1537 }
1538 break;
1539 }
1540
1541 /*
1542 * All the types that have no encapsulation should either be
1543 * handled as DLT_SLIP, DLT_SLIP_BSDOS, and DLT_RAW are, if
1544 * all packets are IP packets, or should be handled in some
1545 * special case, if none of them are (if some are and some
1546 * aren't, the lack of encapsulation is a problem, as we'd
1547 * have to find some other way of determining the packet type).
1548 *
1549 * Therefore, if "off_linktype" is -1, there's an error.
1550 */
1551 if (off_linktype == -1)
1552 abort();
1553
1554 /*
1555 * Any type not handled above should always have an Ethernet
1556 * type at an offset of "off_linktype". (PPP is partially
1557 * handled above - the protocol type is mapped from the
1558 * Ethernet and LLC types we use internally to the corresponding
1559 * PPP type - but the PPP type is always specified by a value
1560 * at "off_linktype", so we don't have to do the code generation
1561 * above.)
1562 */
1563 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1564 }
1565
1566 /*
1567 * Check for an LLC SNAP packet with a given organization code and
1568 * protocol type; we check the entire contents of the 802.2 LLC and
1569 * snap headers, checking for DSAP and SSAP of SNAP and a control
1570 * field of 0x03 in the LLC header, and for the specified organization
1571 * code and protocol type in the SNAP header.
1572 */
1573 static struct block *
1574 gen_snap(orgcode, ptype, offset)
1575 bpf_u_int32 orgcode;
1576 bpf_u_int32 ptype;
1577 u_int offset;
1578 {
1579 u_char snapblock[8];
1580
1581 snapblock[0] = LLCSAP_SNAP; /* DSAP = SNAP */
1582 snapblock[1] = LLCSAP_SNAP; /* SSAP = SNAP */
1583 snapblock[2] = 0x03; /* control = UI */
1584 snapblock[3] = (orgcode >> 16); /* upper 8 bits of organization code */
1585 snapblock[4] = (orgcode >> 8); /* middle 8 bits of organization code */
1586 snapblock[5] = (orgcode >> 0); /* lower 8 bits of organization code */
1587 snapblock[6] = (ptype >> 8); /* upper 8 bits of protocol type */
1588 snapblock[7] = (ptype >> 0); /* lower 8 bits of protocol type */
1589 return gen_bcmp(offset, 8, snapblock);
1590 }
1591
1592 /*
1593 * Check for a given protocol value assuming an 802.2 LLC header.
1594 */
1595 static struct block *
1596 gen_llc(proto)
1597 int proto;
1598 {
1599 /*
1600 * XXX - handle token-ring variable-length header.
1601 */
1602 switch (proto) {
1603
1604 case LLCSAP_ISONS:
1605 return gen_cmp(off_linktype, BPF_H, (long)
1606 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
1607
1608 case LLCSAP_NETBEUI:
1609 return gen_cmp(off_linktype, BPF_H, (long)
1610 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
1611
1612 case LLCSAP_IPX:
1613 /*
1614 * XXX - are there ever SNAP frames for IPX on
1615 * non-Ethernet 802.x networks?
1616 */
1617 return gen_cmp(off_linktype, BPF_B, (bpf_int32)LLCSAP_IPX);
1618
1619 case ETHERTYPE_ATALK:
1620 /*
1621 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1622 * SNAP packets with an organization code of
1623 * 0x080007 (Apple, for Appletalk) and a protocol
1624 * type of ETHERTYPE_ATALK (Appletalk).
1625 *
1626 * XXX - check for an organization code of
1627 * encapsulated Ethernet as well?
1628 */
1629 return gen_snap(0x080007, ETHERTYPE_ATALK, off_linktype);
1630
1631 default:
1632 /*
1633 * XXX - we don't have to check for IPX 802.3
1634 * here, but should we check for the IPX Ethertype?
1635 */
1636 if (proto <= ETHERMTU) {
1637 /*
1638 * This is an LLC SAP value, so check
1639 * the DSAP.
1640 */
1641 return gen_cmp(off_linktype, BPF_B, (bpf_int32)proto);
1642 } else {
1643 /*
1644 * This is an Ethernet type; we assume that it's
1645 * unlikely that it'll appear in the right place
1646 * at random, and therefore check only the
1647 * location that would hold the Ethernet type
1648 * in a SNAP frame with an organization code of
1649 * 0x000000 (encapsulated Ethernet).
1650 *
1651 * XXX - if we were to check for the SNAP DSAP and
1652 * LSAP, as per XXX, and were also to check for an
1653 * organization code of 0x000000 (encapsulated
1654 * Ethernet), we'd do
1655 *
1656 * return gen_snap(0x000000, proto,
1657 * off_linktype);
1658 *
1659 * here; for now, we don't, as per the above.
1660 * I don't know whether it's worth the extra CPU
1661 * time to do the right check or not.
1662 */
1663 return gen_cmp(off_linktype+6, BPF_H, (bpf_int32)proto);
1664 }
1665 }
1666 }
1667
1668 static struct block *
1669 gen_hostop(addr, mask, dir, proto, src_off, dst_off)
1670 bpf_u_int32 addr;
1671 bpf_u_int32 mask;
1672 int dir, proto;
1673 u_int src_off, dst_off;
1674 {
1675 struct block *b0, *b1;
1676 u_int offset;
1677
1678 switch (dir) {
1679
1680 case Q_SRC:
1681 offset = src_off;
1682 break;
1683
1684 case Q_DST:
1685 offset = dst_off;
1686 break;
1687
1688 case Q_AND:
1689 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
1690 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
1691 gen_and(b0, b1);
1692 return b1;
1693
1694 case Q_OR:
1695 case Q_DEFAULT:
1696 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
1697 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
1698 gen_or(b0, b1);
1699 return b1;
1700
1701 default:
1702 abort();
1703 }
1704 b0 = gen_linktype(proto);
1705 b1 = gen_mcmp(offset, BPF_W, (bpf_int32)addr, mask);
1706 gen_and(b0, b1);
1707 return b1;
1708 }
1709
1710 #ifdef INET6
1711 static struct block *
1712 gen_hostop6(addr, mask, dir, proto, src_off, dst_off)
1713 struct in6_addr *addr;
1714 struct in6_addr *mask;
1715 int dir, proto;
1716 u_int src_off, dst_off;
1717 {
1718 struct block *b0, *b1;
1719 u_int offset;
1720 u_int32_t *a, *m;
1721
1722 switch (dir) {
1723
1724 case Q_SRC:
1725 offset = src_off;
1726 break;
1727
1728 case Q_DST:
1729 offset = dst_off;
1730 break;
1731
1732 case Q_AND:
1733 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
1734 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
1735 gen_and(b0, b1);
1736 return b1;
1737
1738 case Q_OR:
1739 case Q_DEFAULT:
1740 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
1741 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
1742 gen_or(b0, b1);
1743 return b1;
1744
1745 default:
1746 abort();
1747 }
1748 /* this order is important */
1749 a = (u_int32_t *)addr;
1750 m = (u_int32_t *)mask;
1751 b1 = gen_mcmp(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3]));
1752 b0 = gen_mcmp(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2]));
1753 gen_and(b0, b1);
1754 b0 = gen_mcmp(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1]));
1755 gen_and(b0, b1);
1756 b0 = gen_mcmp(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0]));
1757 gen_and(b0, b1);
1758 b0 = gen_linktype(proto);
1759 gen_and(b0, b1);
1760 return b1;
1761 }
1762 #endif /*INET6*/
1763
1764 static struct block *
1765 gen_ehostop(eaddr, dir)
1766 register const u_char *eaddr;
1767 register int dir;
1768 {
1769 register struct block *b0, *b1;
1770
1771 switch (dir) {
1772 case Q_SRC:
1773 return gen_bcmp(6, 6, eaddr);
1774
1775 case Q_DST:
1776 return gen_bcmp(0, 6, eaddr);
1777
1778 case Q_AND:
1779 b0 = gen_ehostop(eaddr, Q_SRC);
1780 b1 = gen_ehostop(eaddr, Q_DST);
1781 gen_and(b0, b1);
1782 return b1;
1783
1784 case Q_DEFAULT:
1785 case Q_OR:
1786 b0 = gen_ehostop(eaddr, Q_SRC);
1787 b1 = gen_ehostop(eaddr, Q_DST);
1788 gen_or(b0, b1);
1789 return b1;
1790 }
1791 abort();
1792 /* NOTREACHED */
1793 }
1794
1795 /*
1796 * Like gen_ehostop, but for DLT_FDDI
1797 */
1798 static struct block *
1799 gen_fhostop(eaddr, dir)
1800 register const u_char *eaddr;
1801 register int dir;
1802 {
1803 struct block *b0, *b1;
1804
1805 switch (dir) {
1806 case Q_SRC:
1807 #ifdef PCAP_FDDIPAD
1808 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr);
1809 #else
1810 return gen_bcmp(6 + 1, 6, eaddr);
1811 #endif
1812
1813 case Q_DST:
1814 #ifdef PCAP_FDDIPAD
1815 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr);
1816 #else
1817 return gen_bcmp(0 + 1, 6, eaddr);
1818 #endif
1819
1820 case Q_AND:
1821 b0 = gen_fhostop(eaddr, Q_SRC);
1822 b1 = gen_fhostop(eaddr, Q_DST);
1823 gen_and(b0, b1);
1824 return b1;
1825
1826 case Q_DEFAULT:
1827 case Q_OR:
1828 b0 = gen_fhostop(eaddr, Q_SRC);
1829 b1 = gen_fhostop(eaddr, Q_DST);
1830 gen_or(b0, b1);
1831 return b1;
1832 }
1833 abort();
1834 /* NOTREACHED */
1835 }
1836
1837 /*
1838 * Like gen_ehostop, but for DLT_IEEE802 (Token Ring)
1839 */
1840 static struct block *
1841 gen_thostop(eaddr, dir)
1842 register const u_char *eaddr;
1843 register int dir;
1844 {
1845 register struct block *b0, *b1;
1846
1847 switch (dir) {
1848 case Q_SRC:
1849 return gen_bcmp(8, 6, eaddr);
1850
1851 case Q_DST:
1852 return gen_bcmp(2, 6, eaddr);
1853
1854 case Q_AND:
1855 b0 = gen_thostop(eaddr, Q_SRC);
1856 b1 = gen_thostop(eaddr, Q_DST);
1857 gen_and(b0, b1);
1858 return b1;
1859
1860 case Q_DEFAULT:
1861 case Q_OR:
1862 b0 = gen_thostop(eaddr, Q_SRC);
1863 b1 = gen_thostop(eaddr, Q_DST);
1864 gen_or(b0, b1);
1865 return b1;
1866 }
1867 abort();
1868 /* NOTREACHED */
1869 }
1870
1871 /*
1872 * This is quite tricky because there may be pad bytes in front of the
1873 * DECNET header, and then there are two possible data packet formats that
1874 * carry both src and dst addresses, plus 5 packet types in a format that
1875 * carries only the src node, plus 2 types that use a different format and
1876 * also carry just the src node.
1877 *
1878 * Yuck.
1879 *
1880 * Instead of doing those all right, we just look for data packets with
1881 * 0 or 1 bytes of padding. If you want to look at other packets, that
1882 * will require a lot more hacking.
1883 *
1884 * To add support for filtering on DECNET "areas" (network numbers)
1885 * one would want to add a "mask" argument to this routine. That would
1886 * make the filter even more inefficient, although one could be clever
1887 * and not generate masking instructions if the mask is 0xFFFF.
1888 */
1889 static struct block *
1890 gen_dnhostop(addr, dir, base_off)
1891 bpf_u_int32 addr;
1892 int dir;
1893 u_int base_off;
1894 {
1895 struct block *b0, *b1, *b2, *tmp;
1896 u_int offset_lh; /* offset if long header is received */
1897 u_int offset_sh; /* offset if short header is received */
1898
1899 switch (dir) {
1900
1901 case Q_DST:
1902 offset_sh = 1; /* follows flags */
1903 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */
1904 break;
1905
1906 case Q_SRC:
1907 offset_sh = 3; /* follows flags, dstnode */
1908 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */
1909 break;
1910
1911 case Q_AND:
1912 /* Inefficient because we do our Calvinball dance twice */
1913 b0 = gen_dnhostop(addr, Q_SRC, base_off);
1914 b1 = gen_dnhostop(addr, Q_DST, base_off);
1915 gen_and(b0, b1);
1916 return b1;
1917
1918 case Q_OR:
1919 case Q_DEFAULT:
1920 /* Inefficient because we do our Calvinball dance twice */
1921 b0 = gen_dnhostop(addr, Q_SRC, base_off);
1922 b1 = gen_dnhostop(addr, Q_DST, base_off);
1923 gen_or(b0, b1);
1924 return b1;
1925
1926 case Q_ISO:
1927 bpf_error("ISO host filtering not implemented");
1928
1929 default:
1930 abort();
1931 }
1932 b0 = gen_linktype(ETHERTYPE_DN);
1933 /* Check for pad = 1, long header case */
1934 tmp = gen_mcmp(base_off + 2, BPF_H,
1935 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF));
1936 b1 = gen_cmp(base_off + 2 + 1 + offset_lh,
1937 BPF_H, (bpf_int32)ntohs(addr));
1938 gen_and(tmp, b1);
1939 /* Check for pad = 0, long header case */
1940 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7);
1941 b2 = gen_cmp(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr));
1942 gen_and(tmp, b2);
1943 gen_or(b2, b1);
1944 /* Check for pad = 1, short header case */
1945 tmp = gen_mcmp(base_off + 2, BPF_H,
1946 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF));
1947 b2 = gen_cmp(base_off + 2 + 1 + offset_sh,
1948 BPF_H, (bpf_int32)ntohs(addr));
1949 gen_and(tmp, b2);
1950 gen_or(b2, b1);
1951 /* Check for pad = 0, short header case */
1952 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7);
1953 b2 = gen_cmp(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr));
1954 gen_and(tmp, b2);
1955 gen_or(b2, b1);
1956
1957 /* Combine with test for linktype */
1958 gen_and(b0, b1);
1959 return b1;
1960 }
1961
1962 static struct block *
1963 gen_host(addr, mask, proto, dir)
1964 bpf_u_int32 addr;
1965 bpf_u_int32 mask;
1966 int proto;
1967 int dir;
1968 {
1969 struct block *b0, *b1;
1970
1971 switch (proto) {
1972
1973 case Q_DEFAULT:
1974 b0 = gen_host(addr, mask, Q_IP, dir);
1975 if (off_linktype != -1) {
1976 b1 = gen_host(addr, mask, Q_ARP, dir);
1977 gen_or(b0, b1);
1978 b0 = gen_host(addr, mask, Q_RARP, dir);
1979 gen_or(b1, b0);
1980 }
1981 return b0;
1982
1983 case Q_IP:
1984 return gen_hostop(addr, mask, dir, ETHERTYPE_IP,
1985 off_nl + 12, off_nl + 16);
1986
1987 case Q_RARP:
1988 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP,
1989 off_nl + 14, off_nl + 24);
1990
1991 case Q_ARP:
1992 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP,
1993 off_nl + 14, off_nl + 24);
1994
1995 case Q_TCP:
1996 bpf_error("'tcp' modifier applied to host");
1997
1998 case Q_SCTP:
1999 bpf_error("'sctp' modifier applied to host");
2000
2001 case Q_UDP:
2002 bpf_error("'udp' modifier applied to host");
2003
2004 case Q_ICMP:
2005 bpf_error("'icmp' modifier applied to host");
2006
2007 case Q_IGMP:
2008 bpf_error("'igmp' modifier applied to host");
2009
2010 case Q_IGRP:
2011 bpf_error("'igrp' modifier applied to host");
2012
2013 case Q_PIM:
2014 bpf_error("'pim' modifier applied to host");
2015
2016 case Q_VRRP:
2017 bpf_error("'vrrp' modifier applied to host");
2018
2019 case Q_ATALK:
2020 bpf_error("ATALK host filtering not implemented");
2021
2022 case Q_AARP:
2023 bpf_error("AARP host filtering not implemented");
2024
2025 case Q_DECNET:
2026 return gen_dnhostop(addr, dir, off_nl);
2027
2028 case Q_SCA:
2029 bpf_error("SCA host filtering not implemented");
2030
2031 case Q_LAT:
2032 bpf_error("LAT host filtering not implemented");
2033
2034 case Q_MOPDL:
2035 bpf_error("MOPDL host filtering not implemented");
2036
2037 case Q_MOPRC:
2038 bpf_error("MOPRC host filtering not implemented");
2039
2040 #ifdef INET6
2041 case Q_IPV6:
2042 bpf_error("'ip6' modifier applied to ip host");
2043
2044 case Q_ICMPV6:
2045 bpf_error("'icmp6' modifier applied to host");
2046 #endif /* INET6 */
2047
2048 case Q_AH:
2049 bpf_error("'ah' modifier applied to host");
2050
2051 case Q_ESP:
2052 bpf_error("'esp' modifier applied to host");
2053
2054 case Q_ISO:
2055 bpf_error("ISO host filtering not implemented");
2056
2057 case Q_ESIS:
2058 bpf_error("'esis' modifier applied to host");
2059
2060 case Q_ISIS:
2061 bpf_error("'isis' modifier applied to host");
2062
2063 case Q_CLNP:
2064 bpf_error("'clnp' modifier applied to host");
2065
2066 case Q_STP:
2067 bpf_error("'stp' modifier applied to host");
2068
2069 case Q_IPX:
2070 bpf_error("IPX host filtering not implemented");
2071
2072 case Q_NETBEUI:
2073 bpf_error("'netbeui' modifier applied to host");
2074
2075 default:
2076 abort();
2077 }
2078 /* NOTREACHED */
2079 }
2080
2081 #ifdef INET6
2082 static struct block *
2083 gen_host6(addr, mask, proto, dir)
2084 struct in6_addr *addr;
2085 struct in6_addr *mask;
2086 int proto;
2087 int dir;
2088 {
2089 switch (proto) {
2090
2091 case Q_DEFAULT:
2092 return gen_host6(addr, mask, Q_IPV6, dir);
2093
2094 case Q_IP:
2095 bpf_error("'ip' modifier applied to ip6 host");
2096
2097 case Q_RARP:
2098 bpf_error("'rarp' modifier applied to ip6 host");
2099
2100 case Q_ARP:
2101 bpf_error("'arp' modifier applied to ip6 host");
2102
2103 case Q_SCTP:
2104 bpf_error("'sctp' modifier applied to host");
2105
2106 case Q_TCP:
2107 bpf_error("'tcp' modifier applied to host");
2108
2109 case Q_UDP:
2110 bpf_error("'udp' modifier applied to host");
2111
2112 case Q_ICMP:
2113 bpf_error("'icmp' modifier applied to host");
2114
2115 case Q_IGMP:
2116 bpf_error("'igmp' modifier applied to host");
2117
2118 case Q_IGRP:
2119 bpf_error("'igrp' modifier applied to host");
2120
2121 case Q_PIM:
2122 bpf_error("'pim' modifier applied to host");
2123
2124 case Q_VRRP:
2125 bpf_error("'vrrp' modifier applied to host");
2126
2127 case Q_ATALK:
2128 bpf_error("ATALK host filtering not implemented");
2129
2130 case Q_AARP:
2131 bpf_error("AARP host filtering not implemented");
2132
2133 case Q_DECNET:
2134 bpf_error("'decnet' modifier applied to ip6 host");
2135
2136 case Q_SCA:
2137 bpf_error("SCA host filtering not implemented");
2138
2139 case Q_LAT:
2140 bpf_error("LAT host filtering not implemented");
2141
2142 case Q_MOPDL:
2143 bpf_error("MOPDL host filtering not implemented");
2144
2145 case Q_MOPRC:
2146 bpf_error("MOPRC host filtering not implemented");
2147
2148 case Q_IPV6:
2149 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6,
2150 off_nl + 8, off_nl + 24);
2151
2152 case Q_ICMPV6:
2153 bpf_error("'icmp6' modifier applied to host");
2154
2155 case Q_AH:
2156 bpf_error("'ah' modifier applied to host");
2157
2158 case Q_ESP:
2159 bpf_error("'esp' modifier applied to host");
2160
2161 case Q_ISO:
2162 bpf_error("ISO host filtering not implemented");
2163
2164 case Q_ESIS:
2165 bpf_error("'esis' modifier applied to host");
2166
2167 case Q_ISIS:
2168 bpf_error("'isis' modifier applied to host");
2169
2170 case Q_CLNP:
2171 bpf_error("'clnp' modifier applied to host");
2172
2173 case Q_STP:
2174 bpf_error("'stp' modifier applied to host");
2175
2176 case Q_IPX:
2177 bpf_error("IPX host filtering not implemented");
2178
2179 case Q_NETBEUI:
2180 bpf_error("'netbeui' modifier applied to host");
2181
2182 default:
2183 abort();
2184 }
2185 /* NOTREACHED */
2186 }
2187 #endif /*INET6*/
2188
2189 #ifndef INET6
2190 static struct block *
2191 gen_gateway(eaddr, alist, proto, dir)
2192 const u_char *eaddr;
2193 bpf_u_int32 **alist;
2194 int proto;
2195 int dir;
2196 {
2197 struct block *b0, *b1, *tmp;
2198
2199 if (dir != 0)
2200 bpf_error("direction applied to 'gateway'");
2201
2202 switch (proto) {
2203 case Q_DEFAULT:
2204 case Q_IP:
2205 case Q_ARP:
2206 case Q_RARP:
2207 if (linktype == DLT_EN10MB)
2208 b0 = gen_ehostop(eaddr, Q_OR);
2209 else if (linktype == DLT_FDDI)
2210 b0 = gen_fhostop(eaddr, Q_OR);
2211 else if (linktype == DLT_IEEE802)
2212 b0 = gen_thostop(eaddr, Q_OR);
2213 else
2214 bpf_error(
2215 "'gateway' supported only on ethernet, FDDI or token ring");
2216
2217 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR);
2218 while (*alist) {
2219 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR);
2220 gen_or(b1, tmp);
2221 b1 = tmp;
2222 }
2223 gen_not(b1);
2224 gen_and(b0, b1);
2225 return b1;
2226 }
2227 bpf_error("illegal modifier of 'gateway'");
2228 /* NOTREACHED */
2229 }
2230 #endif
2231
2232 struct block *
2233 gen_proto_abbrev(proto)
2234 int proto;
2235 {
2236 #ifdef INET6
2237 struct block *b0;
2238 #endif
2239 struct block *b1;
2240
2241 switch (proto) {
2242
2243 case Q_SCTP:
2244 b1 = gen_proto(IPPROTO_SCTP, Q_IP, Q_DEFAULT);
2245 #ifdef INET6
2246 b0 = gen_proto(IPPROTO_SCTP, Q_IPV6, Q_DEFAULT);
2247 gen_or(b0, b1);
2248 #endif
2249 break;
2250
2251 case Q_TCP:
2252 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT);
2253 #ifdef INET6
2254 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT);
2255 gen_or(b0, b1);
2256 #endif
2257 break;
2258
2259 case Q_UDP:
2260 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT);
2261 #ifdef INET6
2262 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT);
2263 gen_or(b0, b1);
2264 #endif
2265 break;
2266
2267 case Q_ICMP:
2268 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT);
2269 break;
2270
2271 #ifndef IPPROTO_IGMP
2272 #define IPPROTO_IGMP 2
2273 #endif
2274
2275 case Q_IGMP:
2276 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT);
2277 break;
2278
2279 #ifndef IPPROTO_IGRP
2280 #define IPPROTO_IGRP 9
2281 #endif
2282 case Q_IGRP:
2283 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT);
2284 break;
2285
2286 #ifndef IPPROTO_PIM
2287 #define IPPROTO_PIM 103
2288 #endif
2289
2290 case Q_PIM:
2291 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT);
2292 #ifdef INET6
2293 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT);
2294 gen_or(b0, b1);
2295 #endif
2296 break;
2297
2298 #ifndef IPPROTO_VRRP
2299 #define IPPROTO_VRRP 112
2300 #endif
2301
2302 case Q_VRRP:
2303 b1 = gen_proto(IPPROTO_VRRP, Q_IP, Q_DEFAULT);
2304 break;
2305
2306 case Q_IP:
2307 b1 = gen_linktype(ETHERTYPE_IP);
2308 break;
2309
2310 case Q_ARP:
2311 b1 = gen_linktype(ETHERTYPE_ARP);
2312 break;
2313
2314 case Q_RARP:
2315 b1 = gen_linktype(ETHERTYPE_REVARP);
2316 break;
2317
2318 case Q_LINK:
2319 bpf_error("link layer applied in wrong context");
2320
2321 case Q_ATALK:
2322 b1 = gen_linktype(ETHERTYPE_ATALK);
2323 break;
2324
2325 case Q_AARP:
2326 b1 = gen_linktype(ETHERTYPE_AARP);
2327 break;
2328
2329 case Q_DECNET:
2330 b1 = gen_linktype(ETHERTYPE_DN);
2331 break;
2332
2333 case Q_SCA:
2334 b1 = gen_linktype(ETHERTYPE_SCA);
2335 break;
2336
2337 case Q_LAT:
2338 b1 = gen_linktype(ETHERTYPE_LAT);
2339 break;
2340
2341 case Q_MOPDL:
2342 b1 = gen_linktype(ETHERTYPE_MOPDL);
2343 break;
2344
2345 case Q_MOPRC:
2346 b1 = gen_linktype(ETHERTYPE_MOPRC);
2347 break;
2348
2349 #ifdef INET6
2350 case Q_IPV6:
2351 b1 = gen_linktype(ETHERTYPE_IPV6);
2352 break;
2353
2354 #ifndef IPPROTO_ICMPV6
2355 #define IPPROTO_ICMPV6 58
2356 #endif
2357 case Q_ICMPV6:
2358 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT);
2359 break;
2360 #endif /* INET6 */
2361
2362 #ifndef IPPROTO_AH
2363 #define IPPROTO_AH 51
2364 #endif
2365 case Q_AH:
2366 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT);
2367 #ifdef INET6
2368 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT);
2369 gen_or(b0, b1);
2370 #endif
2371 break;
2372
2373 #ifndef IPPROTO_ESP
2374 #define IPPROTO_ESP 50
2375 #endif
2376 case Q_ESP:
2377 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT);
2378 #ifdef INET6
2379 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT);
2380 gen_or(b0, b1);
2381 #endif
2382 break;
2383
2384 case Q_ISO:
2385 b1 = gen_linktype(LLCSAP_ISONS);
2386 break;
2387
2388 case Q_ESIS:
2389 b1 = gen_proto(ISO9542_ESIS, Q_ISO, Q_DEFAULT);
2390 break;
2391
2392 case Q_ISIS:
2393 b1 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT);
2394 break;
2395
2396 case Q_CLNP:
2397 b1 = gen_proto(ISO8473_CLNP, Q_ISO, Q_DEFAULT);
2398 break;
2399
2400 case Q_STP:
2401 b1 = gen_linktype(LLCSAP_8021D);
2402 break;
2403
2404 case Q_IPX:
2405 b1 = gen_linktype(LLCSAP_IPX);
2406 break;
2407
2408 case Q_NETBEUI:
2409 b1 = gen_linktype(LLCSAP_NETBEUI);
2410 break;
2411
2412 default:
2413 abort();
2414 }
2415 return b1;
2416 }
2417
2418 static struct block *
2419 gen_ipfrag()
2420 {
2421 struct slist *s;
2422 struct block *b;
2423
2424 /* not ip frag */
2425 s = new_stmt(BPF_LD|BPF_H|BPF_ABS);
2426 s->s.k = off_nl + 6;
2427 b = new_block(JMP(BPF_JSET));
2428 b->s.k = 0x1fff;
2429 b->stmts = s;
2430 gen_not(b);
2431
2432 return b;
2433 }
2434
2435 static struct block *
2436 gen_portatom(off, v)
2437 int off;
2438 bpf_int32 v;
2439 {
2440 struct slist *s;
2441 struct block *b;
2442
2443 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
2444 s->s.k = off_nl;
2445
2446 s->next = new_stmt(BPF_LD|BPF_IND|BPF_H);
2447 s->next->s.k = off_nl + off;
2448
2449 b = new_block(JMP(BPF_JEQ));
2450 b->stmts = s;
2451 b->s.k = v;
2452
2453 return b;
2454 }
2455
2456 #ifdef INET6
2457 static struct block *
2458 gen_portatom6(off, v)
2459 int off;
2460 bpf_int32 v;
2461 {
2462 return gen_cmp(off_nl + 40 + off, BPF_H, v);
2463 }
2464 #endif/*INET6*/
2465
2466 struct block *
2467 gen_portop(port, proto, dir)
2468 int port, proto, dir;
2469 {
2470 struct block *b0, *b1, *tmp;
2471
2472 /* ip proto 'proto' */
2473 tmp = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)proto);
2474 b0 = gen_ipfrag();
2475 gen_and(tmp, b0);
2476
2477 switch (dir) {
2478 case Q_SRC:
2479 b1 = gen_portatom(0, (bpf_int32)port);
2480 break;
2481
2482 case Q_DST:
2483 b1 = gen_portatom(2, (bpf_int32)port);
2484 break;
2485
2486 case Q_OR:
2487 case Q_DEFAULT:
2488 tmp = gen_portatom(0, (bpf_int32)port);
2489 b1 = gen_portatom(2, (bpf_int32)port);
2490 gen_or(tmp, b1);
2491 break;
2492
2493 case Q_AND:
2494 tmp = gen_portatom(0, (bpf_int32)port);
2495 b1 = gen_portatom(2, (bpf_int32)port);
2496 gen_and(tmp, b1);
2497 break;
2498
2499 default:
2500 abort();
2501 }
2502 gen_and(b0, b1);
2503
2504 return b1;
2505 }
2506
2507 static struct block *
2508 gen_port(port, ip_proto, dir)
2509 int port;
2510 int ip_proto;
2511 int dir;
2512 {
2513 struct block *b0, *b1, *tmp;
2514
2515 /* ether proto ip */
2516 b0 = gen_linktype(ETHERTYPE_IP);
2517
2518 switch (ip_proto) {
2519 case IPPROTO_UDP:
2520 case IPPROTO_TCP:
2521 case IPPROTO_SCTP:
2522 b1 = gen_portop(port, ip_proto, dir);
2523 break;
2524
2525 case PROTO_UNDEF:
2526 tmp = gen_portop(port, IPPROTO_TCP, dir);
2527 b1 = gen_portop(port, IPPROTO_UDP, dir);
2528 gen_or(tmp, b1);
2529 tmp = gen_portop(port, IPPROTO_SCTP, dir);
2530 gen_or(tmp, b1);
2531 break;
2532
2533 default:
2534 abort();
2535 }
2536 gen_and(b0, b1);
2537 return b1;
2538 }
2539
2540 #ifdef INET6
2541 struct block *
2542 gen_portop6(port, proto, dir)
2543 int port, proto, dir;
2544 {
2545 struct block *b0, *b1, *tmp;
2546
2547 /* ip proto 'proto' */
2548 b0 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)proto);
2549
2550 switch (dir) {
2551 case Q_SRC:
2552 b1 = gen_portatom6(0, (bpf_int32)port);
2553 break;
2554
2555 case Q_DST:
2556 b1 = gen_portatom6(2, (bpf_int32)port);
2557 break;
2558
2559 case Q_OR:
2560 case Q_DEFAULT:
2561 tmp = gen_portatom6(0, (bpf_int32)port);
2562 b1 = gen_portatom6(2, (bpf_int32)port);
2563 gen_or(tmp, b1);
2564 break;
2565
2566 case Q_AND:
2567 tmp = gen_portatom6(0, (bpf_int32)port);
2568 b1 = gen_portatom6(2, (bpf_int32)port);
2569 gen_and(tmp, b1);
2570 break;
2571
2572 default:
2573 abort();
2574 }
2575 gen_and(b0, b1);
2576
2577 return b1;
2578 }
2579
2580 static struct block *
2581 gen_port6(port, ip_proto, dir)
2582 int port;
2583 int ip_proto;
2584 int dir;
2585 {
2586 struct block *b0, *b1, *tmp;
2587
2588 /* ether proto ip */
2589 b0 = gen_linktype(ETHERTYPE_IPV6);
2590
2591 switch (ip_proto) {
2592 case IPPROTO_UDP:
2593 case IPPROTO_TCP:
2594 case IPPROTO_SCTP:
2595 b1 = gen_portop6(port, ip_proto, dir);
2596 break;
2597
2598 case PROTO_UNDEF:
2599 tmp = gen_portop6(port, IPPROTO_TCP, dir);
2600 b1 = gen_portop6(port, IPPROTO_UDP, dir);
2601 gen_or(tmp, b1);
2602 tmp = gen_portop6(port, IPPROTO_SCTP, dir);
2603 gen_or(tmp, b1);
2604 break;
2605
2606 default:
2607 abort();
2608 }
2609 gen_and(b0, b1);
2610 return b1;
2611 }
2612 #endif /* INET6 */
2613
2614 static int
2615 lookup_proto(name, proto)
2616 register const char *name;
2617 register int proto;
2618 {
2619 register int v;
2620
2621 switch (proto) {
2622
2623 case Q_DEFAULT:
2624 case Q_IP:
2625 case Q_IPV6:
2626 v = pcap_nametoproto(name);
2627 if (v == PROTO_UNDEF)
2628 bpf_error("unknown ip proto '%s'", name);
2629 break;
2630
2631 case Q_LINK:
2632 /* XXX should look up h/w protocol type based on linktype */
2633 v = pcap_nametoeproto(name);
2634 if (v == PROTO_UNDEF)
2635 bpf_error("unknown ether proto '%s'", name);
2636 break;
2637
2638 case Q_ISO:
2639 if (strcmp(name, "esis") == 0)
2640 v = ISO9542_ESIS;
2641 else if (strcmp(name, "isis") == 0)
2642 v = ISO10589_ISIS;
2643 else if (strcmp(name, "clnp") == 0)
2644 v = ISO8473_CLNP;
2645 else
2646 bpf_error("unknown osi proto '%s'", name);
2647 break;
2648
2649 default:
2650 v = PROTO_UNDEF;
2651 break;
2652 }
2653 return v;
2654 }
2655
2656 #if 0
2657 struct stmt *
2658 gen_joinsp(s, n)
2659 struct stmt **s;
2660 int n;
2661 {
2662 return NULL;
2663 }
2664 #endif
2665
2666 static struct block *
2667 gen_protochain(v, proto, dir)
2668 int v;
2669 int proto;
2670 int dir;
2671 {
2672 #ifdef NO_PROTOCHAIN
2673 return gen_proto(v, proto, dir);
2674 #else
2675 struct block *b0, *b;
2676 struct slist *s[100];
2677 int fix2, fix3, fix4, fix5;
2678 int ahcheck, again, end;
2679 int i, max;
2680 int reg2 = alloc_reg();
2681
2682 memset(s, 0, sizeof(s));
2683 fix2 = fix3 = fix4 = fix5 = 0;
2684
2685 switch (proto) {
2686 case Q_IP:
2687 case Q_IPV6:
2688 break;
2689 case Q_DEFAULT:
2690 b0 = gen_protochain(v, Q_IP, dir);
2691 b = gen_protochain(v, Q_IPV6, dir);
2692 gen_or(b0, b);
2693 return b;
2694 default:
2695 bpf_error("bad protocol applied for 'protochain'");
2696 /*NOTREACHED*/
2697 }
2698
2699 no_optimize = 1; /*this code is not compatible with optimzer yet */
2700
2701 /*
2702 * s[0] is a dummy entry to protect other BPF insn from damaged
2703 * by s[fix] = foo with uninitialized variable "fix". It is somewhat
2704 * hard to find interdependency made by jump table fixup.
2705 */
2706 i = 0;
2707 s[i] = new_stmt(0); /*dummy*/
2708 i++;
2709
2710 switch (proto) {
2711 case Q_IP:
2712 b0 = gen_linktype(ETHERTYPE_IP);
2713
2714 /* A = ip->ip_p */
2715 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
2716 s[i]->s.k = off_nl + 9;
2717 i++;
2718 /* X = ip->ip_hl << 2 */
2719 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
2720 s[i]->s.k = off_nl;
2721 i++;
2722 break;
2723 #ifdef INET6
2724 case Q_IPV6:
2725 b0 = gen_linktype(ETHERTYPE_IPV6);
2726
2727 /* A = ip6->ip_nxt */
2728 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
2729 s[i]->s.k = off_nl + 6;
2730 i++;
2731 /* X = sizeof(struct ip6_hdr) */
2732 s[i] = new_stmt(BPF_LDX|BPF_IMM);
2733 s[i]->s.k = 40;
2734 i++;
2735 break;
2736 #endif
2737 default:
2738 bpf_error("unsupported proto to gen_protochain");
2739 /*NOTREACHED*/
2740 }
2741
2742 /* again: if (A == v) goto end; else fall through; */
2743 again = i;
2744 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2745 s[i]->s.k = v;
2746 s[i]->s.jt = NULL; /*later*/
2747 s[i]->s.jf = NULL; /*update in next stmt*/
2748 fix5 = i;
2749 i++;
2750
2751 #ifndef IPPROTO_NONE
2752 #define IPPROTO_NONE 59
2753 #endif
2754 /* if (A == IPPROTO_NONE) goto end */
2755 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2756 s[i]->s.jt = NULL; /*later*/
2757 s[i]->s.jf = NULL; /*update in next stmt*/
2758 s[i]->s.k = IPPROTO_NONE;
2759 s[fix5]->s.jf = s[i];
2760 fix2 = i;
2761 i++;
2762
2763 #ifdef INET6
2764 if (proto == Q_IPV6) {
2765 int v6start, v6end, v6advance, j;
2766
2767 v6start = i;
2768 /* if (A == IPPROTO_HOPOPTS) goto v6advance */
2769 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2770 s[i]->s.jt = NULL; /*later*/
2771 s[i]->s.jf = NULL; /*update in next stmt*/
2772 s[i]->s.k = IPPROTO_HOPOPTS;
2773 s[fix2]->s.jf = s[i];
2774 i++;
2775 /* if (A == IPPROTO_DSTOPTS) goto v6advance */
2776 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2777 s[i]->s.jt = NULL; /*later*/
2778 s[i]->s.jf = NULL; /*update in next stmt*/
2779 s[i]->s.k = IPPROTO_DSTOPTS;
2780 i++;
2781 /* if (A == IPPROTO_ROUTING) goto v6advance */
2782 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2783 s[i]->s.jt = NULL; /*later*/
2784 s[i]->s.jf = NULL; /*update in next stmt*/
2785 s[i]->s.k = IPPROTO_ROUTING;
2786 i++;
2787 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */
2788 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2789 s[i]->s.jt = NULL; /*later*/
2790 s[i]->s.jf = NULL; /*later*/
2791 s[i]->s.k = IPPROTO_FRAGMENT;
2792 fix3 = i;
2793 v6end = i;
2794 i++;
2795
2796 /* v6advance: */
2797 v6advance = i;
2798
2799 /*
2800 * in short,
2801 * A = P[X];
2802 * X = X + (P[X + 1] + 1) * 8;
2803 */
2804 /* A = X */
2805 s[i] = new_stmt(BPF_MISC|BPF_TXA);
2806 i++;
2807 /* A = P[X + packet head] */
2808 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2809 s[i]->s.k = off_nl;
2810 i++;
2811 /* MEM[reg2] = A */
2812 s[i] = new_stmt(BPF_ST);
2813 s[i]->s.k = reg2;
2814 i++;
2815 /* A = X */
2816 s[i] = new_stmt(BPF_MISC|BPF_TXA);
2817 i++;
2818 /* A += 1 */
2819 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2820 s[i]->s.k = 1;
2821 i++;
2822 /* X = A */
2823 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2824 i++;
2825 /* A = P[X + packet head]; */
2826 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2827 s[i]->s.k = off_nl;
2828 i++;
2829 /* A += 1 */
2830 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2831 s[i]->s.k = 1;
2832 i++;
2833 /* A *= 8 */
2834 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
2835 s[i]->s.k = 8;
2836 i++;
2837 /* X = A; */
2838 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2839 i++;
2840 /* A = MEM[reg2] */
2841 s[i] = new_stmt(BPF_LD|BPF_MEM);
2842 s[i]->s.k = reg2;
2843 i++;
2844
2845 /* goto again; (must use BPF_JA for backward jump) */
2846 s[i] = new_stmt(BPF_JMP|BPF_JA);
2847 s[i]->s.k = again - i - 1;
2848 s[i - 1]->s.jf = s[i];
2849 i++;
2850
2851 /* fixup */
2852 for (j = v6start; j <= v6end; j++)
2853 s[j]->s.jt = s[v6advance];
2854 } else
2855 #endif
2856 {
2857 /* nop */
2858 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2859 s[i]->s.k = 0;
2860 s[fix2]->s.jf = s[i];
2861 i++;
2862 }
2863
2864 /* ahcheck: */
2865 ahcheck = i;
2866 /* if (A == IPPROTO_AH) then fall through; else goto end; */
2867 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2868 s[i]->s.jt = NULL; /*later*/
2869 s[i]->s.jf = NULL; /*later*/
2870 s[i]->s.k = IPPROTO_AH;
2871 if (fix3)
2872 s[fix3]->s.jf = s[ahcheck];
2873 fix4 = i;
2874 i++;
2875
2876 /*
2877 * in short,
2878 * A = P[X];
2879 * X = X + (P[X + 1] + 2) * 4;
2880 */
2881 /* A = X */
2882 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
2883 i++;
2884 /* A = P[X + packet head]; */
2885 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2886 s[i]->s.k = off_nl;
2887 i++;
2888 /* MEM[reg2] = A */
2889 s[i] = new_stmt(BPF_ST);
2890 s[i]->s.k = reg2;
2891 i++;
2892 /* A = X */
2893 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
2894 i++;
2895 /* A += 1 */
2896 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2897 s[i]->s.k = 1;
2898 i++;
2899 /* X = A */
2900 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2901 i++;
2902 /* A = P[X + packet head] */
2903 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2904 s[i]->s.k = off_nl;
2905 i++;
2906 /* A += 2 */
2907 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2908 s[i]->s.k = 2;
2909 i++;
2910 /* A *= 4 */
2911 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
2912 s[i]->s.k = 4;
2913 i++;
2914 /* X = A; */
2915 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2916 i++;
2917 /* A = MEM[reg2] */
2918 s[i] = new_stmt(BPF_LD|BPF_MEM);
2919 s[i]->s.k = reg2;
2920 i++;
2921
2922 /* goto again; (must use BPF_JA for backward jump) */
2923 s[i] = new_stmt(BPF_JMP|BPF_JA);
2924 s[i]->s.k = again - i - 1;
2925 i++;
2926
2927 /* end: nop */
2928 end = i;
2929 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2930 s[i]->s.k = 0;
2931 s[fix2]->s.jt = s[end];
2932 s[fix4]->s.jf = s[end];
2933 s[fix5]->s.jt = s[end];
2934 i++;
2935
2936 /*
2937 * make slist chain
2938 */
2939 max = i;
2940 for (i = 0; i < max - 1; i++)
2941 s[i]->next = s[i + 1];
2942 s[max - 1]->next = NULL;
2943
2944 /*
2945 * emit final check
2946 */
2947 b = new_block(JMP(BPF_JEQ));
2948 b->stmts = s[1]; /*remember, s[0] is dummy*/
2949 b->s.k = v;
2950
2951 free_reg(reg2);
2952
2953 gen_and(b0, b);
2954 return b;
2955 #endif
2956 }
2957
2958 static struct block *
2959 gen_proto(v, proto, dir)
2960 int v;
2961 int proto;
2962 int dir;
2963 {
2964 struct block *b0, *b1;
2965
2966 if (dir != Q_DEFAULT)
2967 bpf_error("direction applied to 'proto'");
2968
2969 switch (proto) {
2970 case Q_DEFAULT:
2971 #ifdef INET6
2972 b0 = gen_proto(v, Q_IP, dir);
2973 b1 = gen_proto(v, Q_IPV6, dir);
2974 gen_or(b0, b1);
2975 return b1;
2976 #else
2977 /*FALLTHROUGH*/
2978 #endif
2979 case Q_IP:
2980 b0 = gen_linktype(ETHERTYPE_IP);
2981 #ifndef CHASE_CHAIN
2982 b1 = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)v);
2983 #else
2984 b1 = gen_protochain(v, Q_IP);
2985 #endif
2986 gen_and(b0, b1);
2987 return b1;
2988
2989 case Q_ISO:
2990 switch (linktype) {
2991
2992 case DLT_FRELAY:
2993 /*
2994 * Frame Relay packets typically have an OSI
2995 * NLPID at the beginning; "gen_linktype(LLCSAP_ISONS)"
2996 * generates code to check for all the OSI
2997 * NLPIDs, so calling it and then adding a check
2998 * for the particular NLPID for which we're
2999 * looking is bogus, as we can just check for
3000 * the NLPID.
3001 *
3002 * What we check for is the NLPID and a frame
3003 * control field value of UI, i.e. 0x03 followed
3004 * by the NLPID.
3005 *
3006 * XXX - assumes a 2-byte Frame Relay header with
3007 * DLCI and flags. What if the address is longer?
3008 *
3009 * XXX - what about SNAP-encapsulated frames?
3010 */
3011 return gen_cmp(2, BPF_H, (0x03<<8) | v);
3012 break;
3013
3014 default:
3015 b0 = gen_linktype(LLCSAP_ISONS);
3016 b1 = gen_cmp(off_nl_nosnap, BPF_B, (long)v);
3017 gen_and(b0, b1);
3018 return b1;
3019 }
3020
3021 case Q_ARP:
3022 bpf_error("arp does not encapsulate another protocol");
3023 /* NOTREACHED */
3024
3025 case Q_RARP:
3026 bpf_error("rarp does not encapsulate another protocol");
3027 /* NOTREACHED */
3028
3029 case Q_ATALK:
3030 bpf_error("atalk encapsulation is not specifiable");
3031 /* NOTREACHED */
3032
3033 case Q_DECNET:
3034 bpf_error("decnet encapsulation is not specifiable");
3035 /* NOTREACHED */
3036
3037 case Q_SCA:
3038 bpf_error("sca does not encapsulate another protocol");
3039 /* NOTREACHED */
3040
3041 case Q_LAT:
3042 bpf_error("lat does not encapsulate another protocol");
3043 /* NOTREACHED */
3044
3045 case Q_MOPRC:
3046 bpf_error("moprc does not encapsulate another protocol");
3047 /* NOTREACHED */
3048
3049 case Q_MOPDL:
3050 bpf_error("mopdl does not encapsulate another protocol");
3051 /* NOTREACHED */
3052
3053 case Q_LINK:
3054 return gen_linktype(v);
3055
3056 case Q_UDP:
3057 bpf_error("'udp proto' is bogus");
3058 /* NOTREACHED */
3059
3060 case Q_TCP:
3061 bpf_error("'tcp proto' is bogus");
3062 /* NOTREACHED */
3063
3064 case Q_SCTP:
3065 bpf_error("'sctp proto' is bogus");
3066 /* NOTREACHED */
3067
3068 case Q_ICMP:
3069 bpf_error("'icmp proto' is bogus");
3070 /* NOTREACHED */
3071
3072 case Q_IGMP:
3073 bpf_error("'igmp proto' is bogus");
3074 /* NOTREACHED */
3075
3076 case Q_IGRP:
3077 bpf_error("'igrp proto' is bogus");
3078 /* NOTREACHED */
3079
3080 case Q_PIM:
3081 bpf_error("'pim proto' is bogus");
3082 /* NOTREACHED */
3083
3084 case Q_VRRP:
3085 bpf_error("'vrrp proto' is bogus");
3086 /* NOTREACHED */
3087
3088 #ifdef INET6
3089 case Q_IPV6:
3090 b0 = gen_linktype(ETHERTYPE_IPV6);
3091 #ifndef CHASE_CHAIN
3092 b1 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)v);
3093 #else
3094 b1 = gen_protochain(v, Q_IPV6);
3095 #endif
3096 gen_and(b0, b1);
3097 return b1;
3098
3099 case Q_ICMPV6:
3100 bpf_error("'icmp6 proto' is bogus");
3101 #endif /* INET6 */
3102
3103 case Q_AH:
3104 bpf_error("'ah proto' is bogus");
3105
3106 case Q_ESP:
3107 bpf_error("'ah proto' is bogus");
3108
3109 case Q_STP:
3110 bpf_error("'stp proto' is bogus");
3111
3112 case Q_IPX:
3113 bpf_error("'ipx proto' is bogus");
3114
3115 case Q_NETBEUI:
3116 bpf_error("'netbeui proto' is bogus");
3117
3118 default:
3119 abort();
3120 /* NOTREACHED */
3121 }
3122 /* NOTREACHED */
3123 }
3124
3125 struct block *
3126 gen_scode(name, q)
3127 register const char *name;
3128 struct qual q;
3129 {
3130 int proto = q.proto;
3131 int dir = q.dir;
3132 int tproto;
3133 u_char *eaddr;
3134 bpf_u_int32 mask, addr;
3135 #ifndef INET6
3136 bpf_u_int32 **alist;
3137 #else
3138 int tproto6;
3139 struct sockaddr_in *sin;
3140 struct sockaddr_in6 *sin6;
3141 struct addrinfo *res, *res0;
3142 struct in6_addr mask128;
3143 #endif /*INET6*/
3144 struct block *b, *tmp;
3145 int port, real_proto;
3146
3147 switch (q.addr) {
3148
3149 case Q_NET:
3150 addr = pcap_nametonetaddr(name);
3151 if (addr == 0)
3152 bpf_error("unknown network '%s'", name);
3153 /* Left justify network addr and calculate its network mask */
3154 mask = 0xffffffff;
3155 while (addr && (addr & 0xff000000) == 0) {
3156 addr <<= 8;
3157 mask <<= 8;
3158 }
3159 return gen_host(addr, mask, proto, dir);
3160
3161 case Q_DEFAULT:
3162 case Q_HOST:
3163 if (proto == Q_LINK) {
3164 switch (linktype) {
3165
3166 case DLT_EN10MB:
3167 eaddr = pcap_ether_hostton(name);
3168 if (eaddr == NULL)
3169 bpf_error(
3170 "unknown ether host '%s'", name);
3171 b = gen_ehostop(eaddr, dir);
3172 free(eaddr);
3173 return b;
3174
3175 case DLT_FDDI:
3176 eaddr = pcap_ether_hostton(name);
3177 if (eaddr == NULL)
3178 bpf_error(
3179 "unknown FDDI host '%s'", name);
3180 b = gen_fhostop(eaddr, dir);
3181 free(eaddr);
3182 return b;
3183
3184 case DLT_IEEE802:
3185 eaddr = pcap_ether_hostton(name);
3186 if (eaddr == NULL)
3187 bpf_error(
3188 "unknown token ring host '%s'", name);
3189 b = gen_thostop(eaddr, dir);
3190 free(eaddr);
3191 return b;
3192
3193 default:
3194 bpf_error(
3195 "only ethernet/FDDI/token ring supports link-level host name");
3196 break;
3197 }
3198 } else if (proto == Q_DECNET) {
3199 unsigned short dn_addr = __pcap_nametodnaddr(name);
3200 /*
3201 * I don't think DECNET hosts can be multihomed, so
3202 * there is no need to build up a list of addresses
3203 */
3204 return (gen_host(dn_addr, 0, proto, dir));
3205 } else {
3206 #ifndef INET6
3207 alist = pcap_nametoaddr(name);
3208 if (alist == NULL || *alist == NULL)
3209 bpf_error("unknown host '%s'", name);
3210 tproto = proto;
3211 if (off_linktype == -1 && tproto == Q_DEFAULT)
3212 tproto = Q_IP;
3213 b = gen_host(**alist++, 0xffffffff, tproto, dir);
3214 while (*alist) {
3215 tmp = gen_host(**alist++, 0xffffffff,
3216 tproto, dir);
3217 gen_or(b, tmp);
3218 b = tmp;
3219 }
3220 return b;
3221 #else
3222 memset(&mask128, 0xff, sizeof(mask128));
3223 res0 = res = pcap_nametoaddrinfo(name);
3224 if (res == NULL)
3225 bpf_error("unknown host '%s'", name);
3226 b = tmp = NULL;
3227 tproto = tproto6 = proto;
3228 if (off_linktype == -1 && tproto == Q_DEFAULT) {
3229 tproto = Q_IP;
3230 tproto6 = Q_IPV6;
3231 }
3232 for (res = res0; res; res = res->ai_next) {
3233 switch (res->ai_family) {
3234 case AF_INET:
3235 if (tproto == Q_IPV6)
3236 continue;
3237
3238 sin = (struct sockaddr_in *)
3239 res->ai_addr;
3240 tmp = gen_host(ntohl(sin->sin_addr.s_addr),
3241 0xffffffff, tproto, dir);
3242 break;
3243 case AF_INET6:
3244 if (tproto6 == Q_IP)
3245 continue;
3246
3247 sin6 = (struct sockaddr_in6 *)
3248 res->ai_addr;
3249 tmp = gen_host6(&sin6->sin6_addr,
3250 &mask128, tproto6, dir);
3251 break;
3252 default:
3253 continue;
3254 }
3255 if (b)
3256 gen_or(b, tmp);
3257 b = tmp;
3258 }
3259 freeaddrinfo(res0);
3260 if (b == NULL) {
3261 bpf_error("unknown host '%s'%s", name,
3262 (proto == Q_DEFAULT)
3263 ? ""
3264 : " for specified address family");
3265 }
3266 return b;
3267 #endif /*INET6*/
3268 }
3269
3270 case Q_PORT:
3271 if (proto != Q_DEFAULT &&
3272 proto != Q_UDP && proto != Q_TCP && proto != Q_SCTP)
3273 bpf_error("illegal qualifier of 'port'");
3274 if (pcap_nametoport(name, &port, &real_proto) == 0)
3275 bpf_error("unknown port '%s'", name);
3276 if (proto == Q_UDP) {
3277 if (real_proto == IPPROTO_TCP)
3278 bpf_error("port '%s' is tcp", name);
3279 else if (real_proto == IPPROTO_SCTP)
3280 bpf_error("port '%s' is sctp", name);
3281 else
3282 /* override PROTO_UNDEF */
3283 real_proto = IPPROTO_UDP;
3284 }
3285 if (proto == Q_TCP) {
3286 if (real_proto == IPPROTO_UDP)
3287 bpf_error("port '%s' is udp", name);
3288
3289 else if (real_proto == IPPROTO_SCTP)
3290 bpf_error("port '%s' is sctp", name);
3291 else
3292 /* override PROTO_UNDEF */
3293 real_proto = IPPROTO_TCP;
3294 }
3295 if (proto == Q_SCTP) {
3296 if (real_proto == IPPROTO_UDP)
3297 bpf_error("port '%s' is udp", name);
3298
3299 else if (real_proto == IPPROTO_TCP)
3300 bpf_error("port '%s' is tcp", name);
3301 else
3302 /* override PROTO_UNDEF */
3303 real_proto = IPPROTO_SCTP;
3304 }
3305 #ifndef INET6
3306 return gen_port(port, real_proto, dir);
3307 #else
3308 {
3309 struct block *b;
3310 b = gen_port(port, real_proto, dir);
3311 gen_or(gen_port6(port, real_proto, dir), b);
3312 return b;
3313 }
3314 #endif /* INET6 */
3315
3316 case Q_GATEWAY:
3317 #ifndef INET6
3318 eaddr = pcap_ether_hostton(name);
3319 if (eaddr == NULL)
3320 bpf_error("unknown ether host: %s", name);
3321
3322 alist = pcap_nametoaddr(name);
3323 if (alist == NULL || *alist == NULL)
3324 bpf_error("unknown host '%s'", name);
3325 b = gen_gateway(eaddr, alist, proto, dir);
3326 free(eaddr);
3327 return b;
3328 #else
3329 bpf_error("'gateway' not supported in this configuration");
3330 #endif /*INET6*/
3331
3332 case Q_PROTO:
3333 real_proto = lookup_proto(name, proto);
3334 if (real_proto >= 0)
3335 return gen_proto(real_proto, proto, dir);
3336 else
3337 bpf_error("unknown protocol: %s", name);
3338
3339 case Q_PROTOCHAIN:
3340 real_proto = lookup_proto(name, proto);
3341 if (real_proto >= 0)
3342 return gen_protochain(real_proto, proto, dir);
3343 else
3344 bpf_error("unknown protocol: %s", name);
3345
3346
3347 case Q_UNDEF:
3348 syntax();
3349 /* NOTREACHED */
3350 }
3351 abort();
3352 /* NOTREACHED */
3353 }
3354
3355 struct block *
3356 gen_mcode(s1, s2, masklen, q)
3357 register const char *s1, *s2;
3358 register int masklen;
3359 struct qual q;
3360 {
3361 register int nlen, mlen;
3362 bpf_u_int32 n, m;
3363
3364 nlen = __pcap_atoin(s1, &n);
3365 /* Promote short ipaddr */
3366 n <<= 32 - nlen;
3367
3368 if (s2 != NULL) {
3369 mlen = __pcap_atoin(s2, &m);
3370 /* Promote short ipaddr */
3371 m <<= 32 - mlen;
3372 if ((n & ~m) != 0)
3373 bpf_error("non-network bits set in \"%s mask %s\"",
3374 s1, s2);
3375 } else {
3376 /* Convert mask len to mask */
3377 if (masklen > 32)
3378 bpf_error("mask length must be <= 32");
3379 m = 0xffffffff << (32 - masklen);
3380 if ((n & ~m) != 0)
3381 bpf_error("non-network bits set in \"%s/%d\"",
3382 s1, masklen);
3383 }
3384
3385 switch (q.addr) {
3386
3387 case Q_NET:
3388 return gen_host(n, m, q.proto, q.dir);
3389
3390 default:
3391 bpf_error("Mask syntax for networks only");
3392 /* NOTREACHED */
3393 }
3394 }
3395
3396 struct block *
3397 gen_ncode(s, v, q)
3398 register const char *s;
3399 bpf_u_int32 v;
3400 struct qual q;
3401 {
3402 bpf_u_int32 mask;
3403 int proto = q.proto;
3404 int dir = q.dir;
3405 register int vlen;
3406
3407 if (s == NULL)
3408 vlen = 32;
3409 else if (q.proto == Q_DECNET)
3410 vlen = __pcap_atodn(s, &v);
3411 else
3412 vlen = __pcap_atoin(s, &v);
3413
3414 switch (q.addr) {
3415
3416 case Q_DEFAULT:
3417 case Q_HOST:
3418 case Q_NET:
3419 if (proto == Q_DECNET)
3420 return gen_host(v, 0, proto, dir);
3421 else if (proto == Q_LINK) {
3422 bpf_error("illegal link layer address");
3423 } else {
3424 mask = 0xffffffff;
3425 if (s == NULL && q.addr == Q_NET) {
3426 /* Promote short net number */
3427 while (v && (v & 0xff000000) == 0) {
3428 v <<= 8;
3429 mask <<= 8;
3430 }
3431 } else {
3432 /* Promote short ipaddr */
3433 v <<= 32 - vlen;
3434 mask <<= 32 - vlen;
3435 }
3436 return gen_host(v, mask, proto, dir);
3437 }
3438
3439 case Q_PORT:
3440 if (proto == Q_UDP)
3441 proto = IPPROTO_UDP;
3442 else if (proto == Q_TCP)
3443 proto = IPPROTO_TCP;
3444 else if (proto == Q_SCTP)
3445 proto = IPPROTO_SCTP;
3446 else if (proto == Q_DEFAULT)
3447 proto = PROTO_UNDEF;
3448 else
3449 bpf_error("illegal qualifier of 'port'");
3450
3451 #ifndef INET6
3452 return gen_port((int)v, proto, dir);
3453 #else
3454 {
3455 struct block *b;
3456 b = gen_port((int)v, proto, dir);
3457 gen_or(gen_port6((int)v, proto, dir), b);
3458 return b;
3459 }
3460 #endif /* INET6 */
3461
3462 case Q_GATEWAY:
3463 bpf_error("'gateway' requires a name");
3464 /* NOTREACHED */
3465
3466 case Q_PROTO:
3467 return gen_proto((int)v, proto, dir);
3468
3469 case Q_PROTOCHAIN:
3470 return gen_protochain((int)v, proto, dir);
3471
3472 case Q_UNDEF:
3473 syntax();
3474 /* NOTREACHED */
3475
3476 default:
3477 abort();
3478 /* NOTREACHED */
3479 }
3480 /* NOTREACHED */
3481 }
3482
3483 #ifdef INET6
3484 struct block *
3485 gen_mcode6(s1, s2, masklen, q)
3486 register const char *s1, *s2;
3487 register int masklen;
3488 struct qual q;
3489 {
3490 struct addrinfo *res;
3491 struct in6_addr *addr;
3492 struct in6_addr mask;
3493 struct block *b;
3494 u_int32_t *a, *m;
3495
3496 if (s2)
3497 bpf_error("no mask %s supported", s2);
3498
3499 res = pcap_nametoaddrinfo(s1);
3500 if (!res)
3501 bpf_error("invalid ip6 address %s", s1);
3502 if (res->ai_next)
3503 bpf_error("%s resolved to multiple address", s1);
3504 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr;
3505
3506 if (sizeof(mask) * 8 < masklen)
3507 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8));
3508 memset(&mask, 0, sizeof(mask));
3509 memset(&mask, 0xff, masklen / 8);
3510 if (masklen % 8) {
3511 mask.s6_addr[masklen / 8] =
3512 (0xff << (8 - masklen % 8)) & 0xff;
3513 }
3514
3515 a = (u_int32_t *)addr;
3516 m = (u_int32_t *)&mask;
3517 if ((a[0] & ~m[0]) || (a[1] & ~m[1])
3518 || (a[2] & ~m[2]) || (a[3] & ~m[3])) {
3519 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen);
3520 }
3521
3522 switch (q.addr) {
3523
3524 case Q_DEFAULT:
3525 case Q_HOST:
3526 if (masklen != 128)
3527 bpf_error("Mask syntax for networks only");
3528 /* FALLTHROUGH */
3529
3530 case Q_NET:
3531 b = gen_host6(addr, &mask, q.proto, q.dir);
3532 freeaddrinfo(res);
3533 return b;
3534
3535 default:
3536 bpf_error("invalid qualifier against IPv6 address");
3537 /* NOTREACHED */
3538 }
3539 }
3540 #endif /*INET6*/
3541
3542 struct block *
3543 gen_ecode(eaddr, q)
3544 register const u_char *eaddr;
3545 struct qual q;
3546 {
3547 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
3548 if (linktype == DLT_EN10MB)
3549 return gen_ehostop(eaddr, (int)q.dir);
3550 if (linktype == DLT_FDDI)
3551 return gen_fhostop(eaddr, (int)q.dir);
3552 if (linktype == DLT_IEEE802)
3553 return gen_thostop(eaddr, (int)q.dir);
3554 bpf_error("ethernet addresses supported only on ethernet, FDDI or token ring");
3555 }
3556 bpf_error("ethernet address used in non-ether expression");
3557 /* NOTREACHED */
3558 }
3559
3560 void
3561 sappend(s0, s1)
3562 struct slist *s0, *s1;
3563 {
3564 /*
3565 * This is definitely not the best way to do this, but the
3566 * lists will rarely get long.
3567 */
3568 while (s0->next)
3569 s0 = s0->next;
3570 s0->next = s1;
3571 }
3572
3573 static struct slist *
3574 xfer_to_x(a)
3575 struct arth *a;
3576 {
3577 struct slist *s;
3578
3579 s = new_stmt(BPF_LDX|BPF_MEM);
3580 s->s.k = a->regno;
3581 return s;
3582 }
3583
3584 static struct slist *
3585 xfer_to_a(a)
3586 struct arth *a;
3587 {
3588 struct slist *s;
3589
3590 s = new_stmt(BPF_LD|BPF_MEM);
3591 s->s.k = a->regno;
3592 return s;
3593 }
3594
3595 struct arth *
3596 gen_load(proto, index, size)
3597 int proto;
3598 struct arth *index;
3599 int size;
3600 {
3601 struct slist *s, *tmp;
3602 struct block *b;
3603 int regno = alloc_reg();
3604
3605 free_reg(index->regno);
3606 switch (size) {
3607
3608 default:
3609 bpf_error("data size must be 1, 2, or 4");
3610
3611 case 1:
3612 size = BPF_B;
3613 break;
3614
3615 case 2:
3616 size = BPF_H;
3617 break;
3618
3619 case 4:
3620 size = BPF_W;
3621 break;
3622 }
3623 switch (proto) {
3624 default:
3625 bpf_error("unsupported index operation");
3626
3627 case Q_LINK:
3628 s = xfer_to_x(index);
3629 tmp = new_stmt(BPF_LD|BPF_IND|size);
3630 sappend(s, tmp);
3631 sappend(index->s, s);
3632 break;
3633
3634 case Q_IP:
3635 case Q_ARP:
3636 case Q_RARP:
3637 case Q_ATALK:
3638 case Q_DECNET:
3639 case Q_SCA:
3640 case Q_LAT:
3641 case Q_MOPRC:
3642 case Q_MOPDL:
3643 #ifdef INET6
3644 case Q_IPV6:
3645 #endif
3646 /* XXX Note that we assume a fixed link header here. */
3647 s = xfer_to_x(index);
3648 tmp = new_stmt(BPF_LD|BPF_IND|size);
3649 tmp->s.k = off_nl;
3650 sappend(s, tmp);
3651 sappend(index->s, s);
3652
3653 b = gen_proto_abbrev(proto);
3654 if (index->b)
3655 gen_and(index->b, b);
3656 index->b = b;
3657 break;
3658
3659 case Q_SCTP:
3660 case Q_TCP:
3661 case Q_UDP:
3662 case Q_ICMP:
3663 case Q_IGMP:
3664 case Q_IGRP:
3665 case Q_PIM:
3666 case Q_VRRP:
3667 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
3668 s->s.k = off_nl;
3669 sappend(s, xfer_to_a(index));
3670 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X));
3671 sappend(s, new_stmt(BPF_MISC|BPF_TAX));
3672 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size));
3673 tmp->s.k = off_nl;
3674 sappend(index->s, s);
3675
3676 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag());
3677 if (index->b)
3678 gen_and(index->b, b);
3679 #ifdef INET6
3680 gen_and(gen_proto_abbrev(Q_IP), b);
3681 #endif
3682 index->b = b;
3683 break;
3684 #ifdef INET6
3685 case Q_ICMPV6:
3686 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]");
3687 /*NOTREACHED*/
3688 #endif
3689 }
3690 index->regno = regno;
3691 s = new_stmt(BPF_ST);
3692 s->s.k = regno;
3693 sappend(index->s, s);
3694
3695 return index;
3696 }
3697
3698 struct block *
3699 gen_relation(code, a0, a1, reversed)
3700 int code;
3701 struct arth *a0, *a1;
3702 int reversed;
3703 {
3704 struct slist *s0, *s1, *s2;
3705 struct block *b, *tmp;
3706
3707 s0 = xfer_to_x(a1);
3708 s1 = xfer_to_a(a0);
3709 if (code == BPF_JEQ) {
3710 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X);
3711 b = new_block(JMP(code));
3712 sappend(s1, s2);
3713 }
3714 else
3715 b = new_block(BPF_JMP|code|BPF_X);
3716 if (reversed)
3717 gen_not(b);
3718
3719 sappend(s0, s1);
3720 sappend(a1->s, s0);
3721 sappend(a0->s, a1->s);
3722
3723 b->stmts = a0->s;
3724
3725 free_reg(a0->regno);
3726 free_reg(a1->regno);
3727
3728 /* 'and' together protocol checks */
3729 if (a0->b) {
3730 if (a1->b) {
3731 gen_and(a0->b, tmp = a1->b);
3732 }
3733 else
3734 tmp = a0->b;
3735 } else
3736 tmp = a1->b;
3737
3738 if (tmp)
3739 gen_and(tmp, b);
3740
3741 return b;
3742 }
3743
3744 struct arth *
3745 gen_loadlen()
3746 {
3747 int regno = alloc_reg();
3748 struct arth *a = (struct arth *)newchunk(sizeof(*a));
3749 struct slist *s;
3750
3751 s = new_stmt(BPF_LD|BPF_LEN);
3752 s->next = new_stmt(BPF_ST);
3753 s->next->s.k = regno;
3754 a->s = s;
3755 a->regno = regno;
3756
3757 return a;
3758 }
3759
3760 struct arth *
3761 gen_loadi(val)
3762 int val;
3763 {
3764 struct arth *a;
3765 struct slist *s;
3766 int reg;
3767
3768 a = (struct arth *)newchunk(sizeof(*a));
3769
3770 reg = alloc_reg();
3771
3772 s = new_stmt(BPF_LD|BPF_IMM);
3773 s->s.k = val;
3774 s->next = new_stmt(BPF_ST);
3775 s->next->s.k = reg;
3776 a->s = s;
3777 a->regno = reg;
3778
3779 return a;
3780 }
3781
3782 struct arth *
3783 gen_neg(a)
3784 struct arth *a;
3785 {
3786 struct slist *s;
3787
3788 s = xfer_to_a(a);
3789 sappend(a->s, s);
3790 s = new_stmt(BPF_ALU|BPF_NEG);
3791 s->s.k = 0;
3792 sappend(a->s, s);
3793 s = new_stmt(BPF_ST);
3794 s->s.k = a->regno;
3795 sappend(a->s, s);
3796
3797 return a;
3798 }
3799
3800 struct arth *
3801 gen_arth(code, a0, a1)
3802 int code;
3803 struct arth *a0, *a1;
3804 {
3805 struct slist *s0, *s1, *s2;
3806
3807 s0 = xfer_to_x(a1);
3808 s1 = xfer_to_a(a0);
3809 s2 = new_stmt(BPF_ALU|BPF_X|code);
3810
3811 sappend(s1, s2);
3812 sappend(s0, s1);
3813 sappend(a1->s, s0);
3814 sappend(a0->s, a1->s);
3815
3816 free_reg(a0->regno);
3817 free_reg(a1->regno);
3818
3819 s0 = new_stmt(BPF_ST);
3820 a0->regno = s0->s.k = alloc_reg();
3821 sappend(a0->s, s0);
3822
3823 return a0;
3824 }
3825
3826 /*
3827 * Here we handle simple allocation of the scratch registers.
3828 * If too many registers are alloc'd, the allocator punts.
3829 */
3830 static int regused[BPF_MEMWORDS];
3831 static int curreg;
3832
3833 /*
3834 * Return the next free register.
3835 */
3836 static int
3837 alloc_reg()
3838 {
3839 int n = BPF_MEMWORDS;
3840
3841 while (--n >= 0) {
3842 if (regused[curreg])
3843 curreg = (curreg + 1) % BPF_MEMWORDS;
3844 else {
3845 regused[curreg] = 1;
3846 return curreg;
3847 }
3848 }
3849 bpf_error("too many registers needed to evaluate expression");
3850 /* NOTREACHED */
3851 }
3852
3853 /*
3854 * Return a register to the table so it can
3855 * be used later.
3856 */
3857 static void
3858 free_reg(n)
3859 int n;
3860 {
3861 regused[n] = 0;
3862 }
3863
3864 static struct block *
3865 gen_len(jmp, n)
3866 int jmp, n;
3867 {
3868 struct slist *s;
3869 struct block *b;
3870
3871 s = new_stmt(BPF_LD|BPF_LEN);
3872 b = new_block(JMP(jmp));
3873 b->stmts = s;
3874 b->s.k = n;
3875
3876 return b;
3877 }
3878
3879 struct block *
3880 gen_greater(n)
3881 int n;
3882 {
3883 return gen_len(BPF_JGE, n);
3884 }
3885
3886 /*
3887 * Actually, this is less than or equal.
3888 */
3889 struct block *
3890 gen_less(n)
3891 int n;
3892 {
3893 struct block *b;
3894
3895 b = gen_len(BPF_JGT, n);
3896 gen_not(b);
3897
3898 return b;
3899 }
3900
3901 struct block *
3902 gen_byteop(op, idx, val)
3903 int op, idx, val;
3904 {
3905 struct block *b;
3906 struct slist *s;
3907
3908 switch (op) {
3909 default:
3910 abort();
3911
3912 case '=':
3913 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
3914
3915 case '<':
3916 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
3917 b->s.code = JMP(BPF_JGE);
3918 gen_not(b);
3919 return b;
3920
3921 case '>':
3922 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
3923 b->s.code = JMP(BPF_JGT);
3924 return b;
3925
3926 case '|':
3927 s = new_stmt(BPF_ALU|BPF_OR|BPF_K);
3928 break;
3929
3930 case '&':
3931 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
3932 break;
3933 }
3934 s->s.k = val;
3935 b = new_block(JMP(BPF_JEQ));
3936 b->stmts = s;
3937 gen_not(b);
3938
3939 return b;
3940 }
3941
3942 static u_char abroadcast[] = { 0x0 };
3943
3944 struct block *
3945 gen_broadcast(proto)
3946 int proto;
3947 {
3948 bpf_u_int32 hostmask;
3949 struct block *b0, *b1, *b2;
3950 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
3951
3952 switch (proto) {
3953
3954 case Q_DEFAULT:
3955 case Q_LINK:
3956 if (linktype == DLT_ARCNET)
3957 return gen_ahostop(abroadcast, Q_DST);
3958 if (linktype == DLT_EN10MB)
3959 return gen_ehostop(ebroadcast, Q_DST);
3960 if (linktype == DLT_FDDI)
3961 return gen_fhostop(ebroadcast, Q_DST);
3962 if (linktype == DLT_IEEE802)
3963 return gen_thostop(ebroadcast, Q_DST);
3964 bpf_error("not a broadcast link");
3965 break;
3966
3967 case Q_IP:
3968 b0 = gen_linktype(ETHERTYPE_IP);
3969 hostmask = ~netmask;
3970 b1 = gen_mcmp(off_nl + 16, BPF_W, (bpf_int32)0, hostmask);
3971 b2 = gen_mcmp(off_nl + 16, BPF_W,
3972 (bpf_int32)(~0 & hostmask), hostmask);
3973 gen_or(b1, b2);
3974 gen_and(b0, b2);
3975 return b2;
3976 }
3977 bpf_error("only ether/ip broadcast filters supported");
3978 }
3979
3980 struct block *
3981 gen_multicast(proto)
3982 int proto;
3983 {
3984 register struct block *b0, *b1;
3985 register struct slist *s;
3986
3987 switch (proto) {
3988
3989 case Q_DEFAULT:
3990 case Q_LINK:
3991 if (linktype == DLT_ARCNET)
3992 /* all ARCnet multicasts use the same address */
3993 return gen_ahostop(abroadcast, Q_DST);
3994
3995 if (linktype == DLT_EN10MB) {
3996 /* ether[0] & 1 != 0 */
3997 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
3998 s->s.k = 0;
3999 b0 = new_block(JMP(BPF_JSET));
4000 b0->s.k = 1;
4001 b0->stmts = s;
4002 return b0;
4003 }
4004
4005 if (linktype == DLT_FDDI) {
4006 /* XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX */
4007 /* fddi[1] & 1 != 0 */
4008 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4009 s->s.k = 1;
4010 b0 = new_block(JMP(BPF_JSET));
4011 b0->s.k = 1;
4012 b0->stmts = s;
4013 return b0;
4014 }
4015
4016 /* TODO - check how token ring handles multicast */
4017 /* if (linktype == DLT_IEEE802) ... */
4018
4019 /* Link not known to support multicasts */
4020 break;
4021
4022 case Q_IP:
4023 b0 = gen_linktype(ETHERTYPE_IP);
4024 b1 = gen_cmp(off_nl + 16, BPF_B, (bpf_int32)224);
4025 b1->s.code = JMP(BPF_JGE);
4026 gen_and(b0, b1);
4027 return b1;
4028
4029 #ifdef INET6
4030 case Q_IPV6:
4031 b0 = gen_linktype(ETHERTYPE_IPV6);
4032 b1 = gen_cmp(off_nl + 24, BPF_B, (bpf_int32)255);
4033 gen_and(b0, b1);
4034 return b1;
4035 #endif /* INET6 */
4036 }
4037 bpf_error("only IP multicast filters supported on ethernet/FDDI");
4038 }
4039
4040 /*
4041 * generate command for inbound/outbound. It's here so we can
4042 * make it link-type specific. 'dir' = 0 implies "inbound",
4043 * = 1 implies "outbound".
4044 */
4045 struct block *
4046 gen_inbound(dir)
4047 int dir;
4048 {
4049 register struct block *b0;
4050
4051 /*
4052 * Only some data link types support inbound/outbound qualifiers.
4053 */
4054 switch (linktype) {
4055 case DLT_SLIP:
4056 case DLT_PPP:
4057 b0 = gen_relation(BPF_JEQ,
4058 gen_load(Q_LINK, gen_loadi(0), 1),
4059 gen_loadi(0),
4060 dir);
4061 break;
4062
4063 default:
4064 bpf_error("inbound/outbound not supported on linktype %d\n",
4065 linktype);
4066 b0 = NULL;
4067 /* NOTREACHED */
4068 }
4069 return (b0);
4070 }
4071
4072 struct block *
4073 gen_acode(eaddr, q)
4074 register const u_char *eaddr;
4075 struct qual q;
4076 {
4077 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
4078 if (linktype == DLT_ARCNET)
4079 return gen_ahostop(eaddr, (int)q.dir);
4080 }
4081 bpf_error("ARCnet address used in non-arc expression");
4082 /* NOTREACHED */
4083 }
4084
4085 static struct block *
4086 gen_ahostop(eaddr, dir)
4087 register const u_char *eaddr;
4088 register int dir;
4089 {
4090 register struct block *b0, *b1;
4091
4092 switch (dir) {
4093 /* src comes first, different from Ethernet */
4094 case Q_SRC:
4095 return gen_bcmp(0, 1, eaddr);
4096
4097 case Q_DST:
4098 return gen_bcmp(1, 1, eaddr);
4099
4100 case Q_AND:
4101 b0 = gen_ahostop(eaddr, Q_SRC);
4102 b1 = gen_ahostop(eaddr, Q_DST);
4103 gen_and(b0, b1);
4104 return b1;
4105
4106 case Q_DEFAULT:
4107 case Q_OR:
4108 b0 = gen_ahostop(eaddr, Q_SRC);
4109 b1 = gen_ahostop(eaddr, Q_DST);
4110 gen_or(b0, b1);
4111 return b1;
4112 }
4113 abort();
4114 /* NOTREACHED */
4115 }
4116
4117 /*
4118 * support IEEE 802.1Q VLAN trunk over ethernet
4119 */
4120 struct block *
4121 gen_vlan(vlan_num)
4122 int vlan_num;
4123 {
4124 struct block *b0;
4125
4126 /*
4127 * Change the offsets to point to the type and data fields within
4128 * the VLAN packet. This is somewhat of a kludge.
4129 */
4130 if (orig_nl == (u_int)-1) {
4131 orig_linktype = off_linktype; /* save original values */
4132 orig_nl = off_nl;
4133 orig_nl_nosnap = off_nl_nosnap;
4134
4135 switch (linktype) {
4136
4137 case DLT_EN10MB:
4138 off_linktype = 16;
4139 off_nl_nosnap = 18;
4140 off_nl = 18;
4141 break;
4142
4143 default:
4144 bpf_error("no VLAN support for data link type %d",
4145 linktype);
4146 /*NOTREACHED*/
4147 }
4148 }
4149
4150 /* check for VLAN */
4151 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q);
4152
4153 /* If a specific VLAN is requested, check VLAN id */
4154 if (vlan_num >= 0) {
4155 struct block *b1;
4156
4157 b1 = gen_cmp(orig_nl, BPF_H, (bpf_int32)vlan_num);
4158 gen_and(b0, b1);
4159 b0 = b1;
4160 }
4161
4162 return (b0);
4163 }
4164
4165 struct block *
4166 gen_atmfield_code(atmfield, jvalue, jtype, reverse)
4167 int atmfield;
4168 bpf_u_int32 jvalue;
4169 bpf_u_int32 jtype;
4170 int reverse;
4171 {
4172 struct block *b0;
4173
4174 switch (atmfield) {
4175
4176 case A_VPI:
4177 if (!is_atm)
4178 bpf_error("'vpi' supported only on raw ATM");
4179 if (off_vpi == -1)
4180 abort();
4181 b0 = gen_ncmp(BPF_B, off_vpi, 0xffffffff, (u_int)jtype,
4182 (u_int)jvalue, reverse);
4183 break;
4184
4185 case A_VCI:
4186 if (!is_atm)
4187 bpf_error("'vci' supported only on raw ATM");
4188 if (off_vci == -1)
4189 abort();
4190 b0 = gen_ncmp(BPF_H, off_vci, 0xffffffff, (u_int)jtype,
4191 (u_int)jvalue, reverse);
4192 break;
4193
4194 case A_PROTOTYPE:
4195 if (off_proto == -1)
4196 abort(); /* XXX - this isn't on FreeBSD */
4197 b0 = gen_ncmp(BPF_B, off_proto, 0x0f, (u_int)jtype,
4198 (u_int)jvalue, reverse);
4199 break;
4200
4201 case A_MSGTYPE:
4202 if (off_msg_type == -1)
4203 abort();
4204 b0 = gen_ncmp(BPF_B, off_msg_type, 0xffffffff,
4205 (u_int)jtype, (u_int)jvalue, reverse);
4206 break;
4207
4208 case A_CALLREFTYPE:
4209 if (!is_atm)
4210 bpf_error("'callref' supported only on raw ATM");
4211 if (off_proto == -1)
4212 abort();
4213 b0 = gen_ncmp(BPF_B, off_proto, 0xffffffff, (u_int)jtype,
4214 (u_int)jvalue, reverse);
4215 break;
4216
4217 default:
4218 abort();
4219 }
4220 return b0;
4221 }
4222
4223 struct block *
4224 gen_atmtype_abbrev(type)
4225 int type;
4226 {
4227 struct block *b0, *b1;
4228
4229 switch (type) {
4230
4231 case A_METAC:
4232 /* Get all packets in Meta signalling Circuit */
4233 if (!is_atm)
4234 bpf_error("'metac' supported only on raw ATM");
4235 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
4236 b1 = gen_atmfield_code(A_VCI, 1, BPF_JEQ, 0);
4237 gen_and(b0, b1);
4238 break;
4239
4240 case A_BCC:
4241 /* Get all packets in Broadcast Circuit*/
4242 if (!is_atm)
4243 bpf_error("'bcc' supported only on raw ATM");
4244 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
4245 b1 = gen_atmfield_code(A_VCI, 2, BPF_JEQ, 0);
4246 gen_and(b0, b1);
4247 break;
4248
4249 case A_OAMF4SC:
4250 /* Get all cells in Segment OAM F4 circuit*/
4251 if (!is_atm)
4252 bpf_error("'oam4sc' supported only on raw ATM");
4253 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
4254 b1 = gen_atmfield_code(A_VCI, 3, BPF_JEQ, 0);
4255 gen_and(b0, b1);
4256 break;
4257
4258 case A_OAMF4EC:
4259 /* Get all cells in End-to-End OAM F4 Circuit*/
4260 if (!is_atm)
4261 bpf_error("'oam4ec' supported only on raw ATM");
4262 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
4263 b1 = gen_atmfield_code(A_VCI, 4, BPF_JEQ, 0);
4264 gen_and(b0, b1);
4265 break;
4266
4267 case A_SC:
4268 /* Get all packets in connection Signalling Circuit */
4269 if (!is_atm)
4270 bpf_error("'sc' supported only on raw ATM");
4271 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
4272 b1 = gen_atmfield_code(A_VCI, 5, BPF_JEQ, 0);
4273 gen_and(b0, b1);
4274 break;
4275
4276 case A_ILMIC:
4277 /* Get all packets in ILMI Circuit */
4278 if (!is_atm)
4279 bpf_error("'ilmic' supported only on raw ATM");
4280 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
4281 b1 = gen_atmfield_code(A_VCI, 16, BPF_JEQ, 0);
4282 gen_and(b0, b1);
4283 break;
4284
4285 case A_LANE:
4286 /* Get all LANE packets */
4287 if (!is_atm)
4288 bpf_error("'lane' supported only on raw ATM");
4289 b1 = gen_atmfield_code(A_PROTOTYPE, PT_LANE, BPF_JEQ, 0);
4290 break;
4291
4292 case A_LLC:
4293 /* Get all LLC-encapsulated packets */
4294 if (!is_atm)
4295 bpf_error("'llc' supported only on raw ATM");
4296 b1 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0);
4297 break;
4298
4299 default:
4300 abort();
4301 }
4302 return b1;
4303 }
4304
4305
4306 static struct block *
4307 gen_msg_abbrev(type)
4308 int type;
4309 {
4310 struct block *b1;
4311
4312 /*
4313 * Q.2931 signalling protocol messages for handling virtual circuits
4314 * establishment and teardown
4315 */
4316 switch (type) {
4317
4318 case A_SETUP:
4319 b1 = gen_atmfield_code(A_MSGTYPE, SETUP, BPF_JEQ, 0);
4320 break;
4321
4322 case A_CALLPROCEED:
4323 b1 = gen_atmfield_code(A_MSGTYPE, CALL_PROCEED, BPF_JEQ, 0);
4324 break;
4325
4326 case A_CONNECT:
4327 b1 = gen_atmfield_code(A_MSGTYPE, CONNECT, BPF_JEQ, 0);
4328 break;
4329
4330 case A_CONNECTACK:
4331 b1 = gen_atmfield_code(A_MSGTYPE, CONNECT_ACK, BPF_JEQ, 0);
4332 break;
4333
4334 case A_RELEASE:
4335 b1 = gen_atmfield_code(A_MSGTYPE, RELEASE, BPF_JEQ, 0);
4336 break;
4337
4338 case A_RELEASE_DONE:
4339 b1 = gen_atmfield_code(A_MSGTYPE, RELEASE_DONE, BPF_JEQ, 0);
4340 break;
4341
4342 default:
4343 abort();
4344 }
4345 return b1;
4346 }
4347
4348 struct block *
4349 gen_atmmulti_abbrev(type)
4350 int type;
4351 {
4352 struct block *b0, *b1;
4353
4354 switch (type) {
4355
4356 case A_OAM:
4357 if (!is_atm)
4358 bpf_error("'oam' supported only on raw ATM");
4359 b1 = gen_atmmulti_abbrev(A_OAMF4);
4360 break;
4361
4362 case A_OAMF4:
4363 if (!is_atm)
4364 bpf_error("'oamf4' supported only on raw ATM");
4365 /* OAM F4 type */
4366 b0 = gen_atmfield_code(A_VCI, 3, BPF_JEQ, 0);
4367 b1 = gen_atmfield_code(A_VCI, 4, BPF_JEQ, 0);
4368 gen_or(b0, b1);
4369 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
4370 gen_and(b0, b1);
4371 break;
4372
4373 case A_CONNECTMSG:
4374 /*
4375 * Get Q.2931 signalling messages for switched
4376 * virtual connection
4377 */
4378 if (!is_atm)
4379 bpf_error("'connectmsg' supported only on raw ATM");
4380 b0 = gen_msg_abbrev(A_SETUP);
4381 b1 = gen_msg_abbrev(A_CALLPROCEED);
4382 gen_or(b0, b1);
4383 b0 = gen_msg_abbrev(A_CONNECT);
4384 gen_or(b0, b1);
4385 b0 = gen_msg_abbrev(A_CONNECTACK);
4386 gen_or(b0, b1);
4387 b0 = gen_msg_abbrev(A_RELEASE);
4388 gen_or(b0, b1);
4389 b0 = gen_msg_abbrev(A_RELEASE_DONE);
4390 gen_or(b0, b1);
4391 b0 = gen_atmtype_abbrev(A_SC);
4392 gen_and(b0, b1);
4393 break;
4394
4395 case A_METACONNECT:
4396 if (!is_atm)
4397 bpf_error("'metaconnect' supported only on raw ATM");
4398 b0 = gen_msg_abbrev(A_SETUP);
4399 b1 = gen_msg_abbrev(A_CALLPROCEED);
4400 gen_or(b0, b1);
4401 b0 = gen_msg_abbrev(A_CONNECT);
4402 gen_or(b0, b1);
4403 b0 = gen_msg_abbrev(A_RELEASE);
4404 gen_or(b0, b1);
4405 b0 = gen_msg_abbrev(A_RELEASE_DONE);
4406 gen_or(b0, b1);
4407 b0 = gen_atmtype_abbrev(A_METAC);
4408 gen_and(b0, b1);
4409 break;
4410
4411 default:
4412 abort();
4413 }
4414 return b1;
4415 }
[mirror] the LIBpcap interface to various kernel packet capture mechanism