]> The Tcpdump Group git mirrors - libpcap/blob - gencode.c
projects / libpcap / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
I've seen captures with all four different flavors of IPX frames on
[libpcap] / gencode.c
1 /*#define CHASE_CHAIN*/
2 /*
3 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998
4 * The Regents of the University of California. All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that: (1) source code distributions
8 * retain the above copyright notice and this paragraph in its entirety, (2)
9 * distributions including binary code include the above copyright notice and
10 * this paragraph in its entirety in the documentation or other materials
11 * provided with the distribution, and (3) all advertising materials mentioning
12 * features or use of this software display the following acknowledgement:
13 * ``This product includes software developed by the University of California,
14 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
15 * the University nor the names of its contributors may be used to endorse
16 * or promote products derived from this software without specific prior
17 * written permission.
18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
19 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
20 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
21 */
22 #ifndef lint
23 static const char rcsid[] =
24 "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.145 2001-01-14 21:26:52 guy Exp $ (LBL)";
25 #endif
26
27 #ifdef HAVE_CONFIG_H
28 #include "config.h"
29 #endif
30
31 #include <sys/types.h>
32 #include <sys/socket.h>
33 #include <sys/time.h>
34 #ifdef __NetBSD__
35 #include <sys/param.h>
36 #endif
37
38 struct mbuf;
39 struct rtentry;
40 #include <net/if.h>
41
42 #include <netinet/in.h>
43
44 #include <stdlib.h>
45 #include <string.h>
46 #include <memory.h>
47 #include <setjmp.h>
48 #include <stdarg.h>
49
50 #include "pcap-int.h"
51
52 #include "ethertype.h"
53 #include "nlpid.h"
54 #include "llc.h"
55 #include "gencode.h"
56 #include "ppp.h"
57 #include "sll.h"
58 #include <pcap-namedb.h>
59 #ifdef INET6
60 #include <netdb.h>
61 #include <sys/socket.h>
62 #endif /*INET6*/
63
64 #define ETHERMTU 1500
65
66 #ifdef HAVE_OS_PROTO_H
67 #include "os-proto.h"
68 #endif
69
70 #define JMP(c) ((c)|BPF_JMP|BPF_K)
71
72 /* Locals */
73 static jmp_buf top_ctx;
74 static pcap_t *bpf_pcap;
75
76 /* XXX */
77 #ifdef PCAP_FDDIPAD
78 int pcap_fddipad = PCAP_FDDIPAD;
79 #else
80 int pcap_fddipad;
81 #endif
82
83 /* VARARGS */
84 void
85 bpf_error(const char *fmt, ...)
86
87 {
88 va_list ap;
89
90 va_start(ap, fmt);
91 if (bpf_pcap != NULL)
92 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE,
93 fmt, ap);
94 va_end(ap);
95 longjmp(top_ctx, 1);
96 /* NOTREACHED */
97 }
98
99 static void init_linktype(int);
100
101 static int alloc_reg(void);
102 static void free_reg(int);
103
104 static struct block *root;
105
106 /*
107 * We divy out chunks of memory rather than call malloc each time so
108 * we don't have to worry about leaking memory. It's probably
109 * not a big deal if all this memory was wasted but it this ever
110 * goes into a library that would probably not be a good idea.
111 */
112 #define NCHUNKS 16
113 #define CHUNK0SIZE 1024
114 struct chunk {
115 u_int n_left;
116 void *m;
117 };
118
119 static struct chunk chunks[NCHUNKS];
120 static int cur_chunk;
121
122 static void *newchunk(u_int);
123 static void freechunks(void);
124 static inline struct block *new_block(int);
125 static inline struct slist *new_stmt(int);
126 static struct block *gen_retblk(int);
127 static inline void syntax(void);
128
129 static void backpatch(struct block *, struct block *);
130 static void merge(struct block *, struct block *);
131 static struct block *gen_cmp(u_int, u_int, bpf_int32);
132 static struct block *gen_cmp_gt(u_int, u_int, bpf_int32);
133 static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32);
134 static struct block *gen_bcmp(u_int, u_int, const u_char *);
135 static struct block *gen_uncond(int);
136 static inline struct block *gen_true(void);
137 static inline struct block *gen_false(void);
138 static struct block *gen_linktype(int);
139 static struct block *gen_snap(bpf_u_int32, bpf_u_int32, u_int);
140 static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int);
141 #ifdef INET6
142 static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int);
143 #endif
144 static struct block *gen_ehostop(const u_char *, int);
145 static struct block *gen_fhostop(const u_char *, int);
146 static struct block *gen_thostop(const u_char *, int);
147 static struct block *gen_dnhostop(bpf_u_int32, int, u_int);
148 static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int);
149 #ifdef INET6
150 static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int);
151 #endif
152 #ifndef INET6
153 static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int);
154 #endif
155 static struct block *gen_ipfrag(void);
156 static struct block *gen_portatom(int, bpf_int32);
157 #ifdef INET6
158 static struct block *gen_portatom6(int, bpf_int32);
159 #endif
160 struct block *gen_portop(int, int, int);
161 static struct block *gen_port(int, int, int);
162 #ifdef INET6
163 struct block *gen_portop6(int, int, int);
164 static struct block *gen_port6(int, int, int);
165 #endif
166 static int lookup_proto(const char *, int);
167 static struct block *gen_protochain(int, int, int);
168 static struct block *gen_proto(int, int, int);
169 static struct slist *xfer_to_x(struct arth *);
170 static struct slist *xfer_to_a(struct arth *);
171 static struct block *gen_len(int, int);
172
173 static void *
174 newchunk(n)
175 u_int n;
176 {
177 struct chunk *cp;
178 int k, size;
179
180 #ifndef __NetBSD__
181 /* XXX Round up to nearest long. */
182 n = (n + sizeof(long) - 1) & ~(sizeof(long) - 1);
183 #else
184 /* XXX Round up to structure boundary. */
185 n = ALIGN(n);
186 #endif
187
188 cp = &chunks[cur_chunk];
189 if (n > cp->n_left) {
190 ++cp, k = ++cur_chunk;
191 if (k >= NCHUNKS)
192 bpf_error("out of memory");
193 size = CHUNK0SIZE << k;
194 cp->m = (void *)malloc(size);
195 memset((char *)cp->m, 0, size);
196 cp->n_left = size;
197 if (n > size)
198 bpf_error("out of memory");
199 }
200 cp->n_left -= n;
201 return (void *)((char *)cp->m + cp->n_left);
202 }
203
204 static void
205 freechunks()
206 {
207 int i;
208
209 cur_chunk = 0;
210 for (i = 0; i < NCHUNKS; ++i)
211 if (chunks[i].m != NULL) {
212 free(chunks[i].m);
213 chunks[i].m = NULL;
214 }
215 }
216
217 /*
218 * A strdup whose allocations are freed after code generation is over.
219 */
220 char *
221 sdup(s)
222 register const char *s;
223 {
224 int n = strlen(s) + 1;
225 char *cp = newchunk(n);
226
227 strlcpy(cp, s, n);
228 return (cp);
229 }
230
231 static inline struct block *
232 new_block(code)
233 int code;
234 {
235 struct block *p;
236
237 p = (struct block *)newchunk(sizeof(*p));
238 p->s.code = code;
239 p->head = p;
240
241 return p;
242 }
243
244 static inline struct slist *
245 new_stmt(code)
246 int code;
247 {
248 struct slist *p;
249
250 p = (struct slist *)newchunk(sizeof(*p));
251 p->s.code = code;
252
253 return p;
254 }
255
256 static struct block *
257 gen_retblk(v)
258 int v;
259 {
260 struct block *b = new_block(BPF_RET|BPF_K);
261
262 b->s.k = v;
263 return b;
264 }
265
266 static inline void
267 syntax()
268 {
269 bpf_error("syntax error in filter expression");
270 }
271
272 static bpf_u_int32 netmask;
273 static int snaplen;
274 int no_optimize;
275
276 int
277 pcap_compile(pcap_t *p, struct bpf_program *program,
278 char *buf, int optimize, bpf_u_int32 mask)
279 {
280 extern int n_errors;
281 int len;
282
283 no_optimize = 0;
284 n_errors = 0;
285 root = NULL;
286 bpf_pcap = p;
287 if (setjmp(top_ctx)) {
288 lex_cleanup();
289 freechunks();
290 return (-1);
291 }
292
293 netmask = mask;
294
295 snaplen = pcap_snapshot(p);
296 if (snaplen == 0) {
297 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
298 "snaplen of 0 rejects all packets");
299 return -1;
300 }
301
302 lex_init(buf ? buf : "");
303 init_linktype(pcap_datalink(p));
304 (void)pcap_parse();
305
306 if (n_errors)
307 syntax();
308
309 if (root == NULL)
310 root = gen_retblk(snaplen);
311
312 if (optimize && !no_optimize) {
313 bpf_optimize(&root);
314 if (root == NULL ||
315 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0))
316 bpf_error("expression rejects all packets");
317 }
318 program->bf_insns = icode_to_fcode(root, &len);
319 program->bf_len = len;
320
321 lex_cleanup();
322 freechunks();
323 return (0);
324 }
325
326 /*
327 * entry point for using the compiler with no pcap open
328 * pass in all the stuff that is needed explicitly instead.
329 */
330 int
331 pcap_compile_nopcap(int snaplen_arg, int linktype_arg,
332 struct bpf_program *program,
333 char *buf, int optimize, bpf_u_int32 mask)
334 {
335 pcap_t *p;
336 int ret;
337
338 p = pcap_open_dead(linktype_arg, snaplen_arg);
339 if (p == NULL)
340 return (-1);
341 ret = pcap_compile(p, program, buf, optimize, mask);
342 pcap_close(p);
343 return (ret);
344 }
345
346 /*
347 * Clean up a "struct bpf_program" by freeing all the memory allocated
348 * in it.
349 */
350 void
351 pcap_freecode(struct bpf_program *program)
352 {
353 program->bf_len = 0;
354 if (program->bf_insns != NULL) {
355 free((char *)program->bf_insns);
356 program->bf_insns = NULL;
357 }
358 }
359
360 /*
361 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates
362 * which of the jt and jf fields has been resolved and which is a pointer
363 * back to another unresolved block (or nil). At least one of the fields
364 * in each block is already resolved.
365 */
366 static void
367 backpatch(list, target)
368 struct block *list, *target;
369 {
370 struct block *next;
371
372 while (list) {
373 if (!list->sense) {
374 next = JT(list);
375 JT(list) = target;
376 } else {
377 next = JF(list);
378 JF(list) = target;
379 }
380 list = next;
381 }
382 }
383
384 /*
385 * Merge the lists in b0 and b1, using the 'sense' field to indicate
386 * which of jt and jf is the link.
387 */
388 static void
389 merge(b0, b1)
390 struct block *b0, *b1;
391 {
392 register struct block **p = &b0;
393
394 /* Find end of list. */
395 while (*p)
396 p = !((*p)->sense) ? &JT(*p) : &JF(*p);
397
398 /* Concatenate the lists. */
399 *p = b1;
400 }
401
402 void
403 finish_parse(p)
404 struct block *p;
405 {
406 backpatch(p, gen_retblk(snaplen));
407 p->sense = !p->sense;
408 backpatch(p, gen_retblk(0));
409 root = p->head;
410 }
411
412 void
413 gen_and(b0, b1)
414 struct block *b0, *b1;
415 {
416 backpatch(b0, b1->head);
417 b0->sense = !b0->sense;
418 b1->sense = !b1->sense;
419 merge(b1, b0);
420 b1->sense = !b1->sense;
421 b1->head = b0->head;
422 }
423
424 void
425 gen_or(b0, b1)
426 struct block *b0, *b1;
427 {
428 b0->sense = !b0->sense;
429 backpatch(b0, b1->head);
430 b0->sense = !b0->sense;
431 merge(b1, b0);
432 b1->head = b0->head;
433 }
434
435 void
436 gen_not(b)
437 struct block *b;
438 {
439 b->sense = !b->sense;
440 }
441
442 static struct block *
443 gen_cmp(offset, size, v)
444 u_int offset, size;
445 bpf_int32 v;
446 {
447 struct slist *s;
448 struct block *b;
449
450 s = new_stmt(BPF_LD|BPF_ABS|size);
451 s->s.k = offset;
452
453 b = new_block(JMP(BPF_JEQ));
454 b->stmts = s;
455 b->s.k = v;
456
457 return b;
458 }
459
460 static struct block *
461 gen_cmp_gt(offset, size, v)
462 u_int offset, size;
463 bpf_int32 v;
464 {
465 struct slist *s;
466 struct block *b;
467
468 s = new_stmt(BPF_LD|BPF_ABS|size);
469 s->s.k = offset;
470
471 b = new_block(JMP(BPF_JGT));
472 b->stmts = s;
473 b->s.k = v;
474
475 return b;
476 }
477
478 static struct block *
479 gen_mcmp(offset, size, v, mask)
480 u_int offset, size;
481 bpf_int32 v;
482 bpf_u_int32 mask;
483 {
484 struct block *b = gen_cmp(offset, size, v);
485 struct slist *s;
486
487 if (mask != 0xffffffff) {
488 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
489 s->s.k = mask;
490 b->stmts->next = s;
491 }
492 return b;
493 }
494
495 static struct block *
496 gen_bcmp(offset, size, v)
497 register u_int offset, size;
498 register const u_char *v;
499 {
500 register struct block *b, *tmp;
501
502 b = NULL;
503 while (size >= 4) {
504 register const u_char *p = &v[size - 4];
505 bpf_int32 w = ((bpf_int32)p[0] << 24) |
506 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3];
507
508 tmp = gen_cmp(offset + size - 4, BPF_W, w);
509 if (b != NULL)
510 gen_and(b, tmp);
511 b = tmp;
512 size -= 4;
513 }
514 while (size >= 2) {
515 register const u_char *p = &v[size - 2];
516 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1];
517
518 tmp = gen_cmp(offset + size - 2, BPF_H, w);
519 if (b != NULL)
520 gen_and(b, tmp);
521 b = tmp;
522 size -= 2;
523 }
524 if (size > 0) {
525 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]);
526 if (b != NULL)
527 gen_and(b, tmp);
528 b = tmp;
529 }
530 return b;
531 }
532
533 /*
534 * Various code constructs need to know the layout of the data link
535 * layer. These variables give the necessary offsets. off_linktype
536 * is set to -1 for no encapsulation, in which case, IP is assumed.
537 */
538 static u_int off_linktype;
539 static u_int off_nl;
540 static int linktype;
541
542 static void
543 init_linktype(type)
544 int type;
545 {
546 linktype = type;
547
548 switch (type) {
549
550 case DLT_EN10MB:
551 off_linktype = 12;
552 off_nl = 14;
553 return;
554
555 case DLT_SLIP:
556 /*
557 * SLIP doesn't have a link level type. The 16 byte
558 * header is hacked into our SLIP driver.
559 */
560 off_linktype = -1;
561 off_nl = 16;
562 return;
563
564 case DLT_SLIP_BSDOS:
565 /* XXX this may be the same as the DLT_PPP_BSDOS case */
566 off_linktype = -1;
567 /* XXX end */
568 off_nl = 24;
569 return;
570
571 case DLT_NULL:
572 case DLT_LOOP:
573 off_linktype = 0;
574 off_nl = 4;
575 return;
576
577 case DLT_PPP:
578 case DLT_C_HDLC:
579 case DLT_PPP_SERIAL:
580 off_linktype = 2;
581 off_nl = 4;
582 return;
583
584 case DLT_PPP_BSDOS:
585 off_linktype = 5;
586 off_nl = 24;
587 return;
588
589 case DLT_FDDI:
590 /*
591 * FDDI doesn't really have a link-level type field.
592 * We set "off_linktype" to the offset of the LLC header.
593 *
594 * To check for Ethernet types, we assume that SSAP = SNAP
595 * is being used and pick out the encapsulated Ethernet type.
596 * XXX - should we generate code to check for SNAP?
597 */
598 off_linktype = 13;
599 #ifdef PCAP_FDDIPAD
600 off_linktype += pcap_fddipad;
601 #endif
602 off_nl = 21;
603 #ifdef PCAP_FDDIPAD
604 off_nl += pcap_fddipad;
605 #endif
606 return;
607
608 case DLT_IEEE802:
609 /*
610 * Token Ring doesn't really have a link-level type field.
611 * We set "off_linktype" to the offset of the LLC header.
612 *
613 * To check for Ethernet types, we assume that SSAP = SNAP
614 * is being used and pick out the encapsulated Ethernet type.
615 * XXX - should we generate code to check for SNAP?
616 *
617 * XXX - the header is actually variable-length.
618 * Some various Linux patched versions gave 38
619 * as "off_linktype" and 40 as "off_nl"; however,
620 * if a token ring packet has *no* routing
621 * information, i.e. is not source-routed, the correct
622 * values are 20 and 22, as they are in the vanilla code.
623 *
624 * A packet is source-routed iff the uppermost bit
625 * of the first byte of the source address, at an
626 * offset of 8, has the uppermost bit set. If the
627 * packet is source-routed, the total number of bytes
628 * of routing information is 2 plus bits 0x1F00 of
629 * the 16-bit value at an offset of 14 (shifted right
630 * 8 - figure out which byte that is).
631 */
632 off_linktype = 14;
633 off_nl = 22;
634 return;
635
636 case DLT_ATM_RFC1483:
637 /*
638 * assume routed, non-ISO PDUs
639 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00)
640 */
641 off_linktype = 6;
642 off_nl = 8;
643 return;
644
645 case DLT_RAW:
646 off_linktype = -1;
647 off_nl = 0;
648 return;
649
650 case DLT_ATM_CLIP: /* Linux ATM defines this */
651 off_linktype = 6;
652 off_nl = 8;
653 return;
654
655 case DLT_LINUX_SLL: /* fake header for Linux cooked socket */
656 off_linktype = 14;
657 off_nl = 16;
658 return;
659 }
660 bpf_error("unknown data link type %d", linktype);
661 /* NOTREACHED */
662 }
663
664 static struct block *
665 gen_uncond(rsense)
666 int rsense;
667 {
668 struct block *b;
669 struct slist *s;
670
671 s = new_stmt(BPF_LD|BPF_IMM);
672 s->s.k = !rsense;
673 b = new_block(JMP(BPF_JEQ));
674 b->stmts = s;
675
676 return b;
677 }
678
679 static inline struct block *
680 gen_true()
681 {
682 return gen_uncond(1);
683 }
684
685 static inline struct block *
686 gen_false()
687 {
688 return gen_uncond(0);
689 }
690
691 /*
692 * Byte-swap a 32-bit number.
693 * ("htonl()" or "ntohl()" won't work - we want to byte-swap even on
694 * big-endian platforms.)
695 */
696 #define SWAPLONG(y) \
697 ((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff))
698
699 static struct block *
700 gen_linktype(proto)
701 register int proto;
702 {
703 struct block *b0, *b1;
704
705 switch (linktype) {
706
707 case DLT_EN10MB:
708 switch (proto) {
709
710 case LLCSAP_ISONS:
711 /*
712 * OSI protocols always use 802.2 encapsulation.
713 * XXX - should we check both the DSAP and the
714 * SSAP, like this, or should we check just the
715 * DSAP?
716 */
717 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
718 gen_not(b0);
719 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
720 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
721 gen_and(b0, b1);
722 return b1;
723
724 case LLCSAP_IPX:
725 /*
726 * Check for;
727 *
728 * Ethernet_II frames, which are Ethernet
729 * frames with a frame type of ETHERTYPE_IPX;
730 *
731 * Ethernet_802.3 frames, which are 802.3
732 * frames (i.e., the type/length field is
733 * a length field, <= ETHERMTU, rather than
734 * a type field) with the first two bytes
735 * after the Ethernet/802.3 header being
736 * 0xFFFF;
737 *
738 * Ethernet_802.2 frames, which are 802.3
739 * frames with an 802.2 LLC header and
740 * with the IPX LSAP as the DSAP in the LLC
741 * header;
742 *
743 * Ethernet_SNAP frames, which are 802.3
744 * frames with an LLC header and a SNAP
745 * header and with an OUI of 0x000000
746 * (encapsulated Ethernet) and a protocol
747 * ID of ETHERTYPE_IPX in the SNAP header.
748 *
749 * XXX - should we generate the same code both
750 * for tests for LLCSAP_IPX and for ETHERTYPE_IPX?
751 */
752
753 /*
754 * This generates code to check both for the
755 * IPX LSAP (Ethernet_802.2) and for Ethernet_802.3.
756 */
757 b0 = gen_cmp(off_linktype + 2, BPF_B,
758 (bpf_int32)LLCSAP_IPX);
759 b1 = gen_cmp(off_linktype + 2, BPF_H,
760 (bpf_int32)0xFFFF);
761 gen_or(b0, b1);
762
763 /*
764 * Now we add code to check for SNAP frames with
765 * ETHERTYPE_IPX, i.e. Ethernet_SNAP.
766 */
767 b0 = gen_snap(0x000000, ETHERTYPE_IPX, 14);
768 gen_or(b0, b1);
769
770 /*
771 * Now we generate code to check for 802.3
772 * frames in general.
773 */
774 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
775 gen_not(b0);
776
777 /*
778 * Now add the check for 802.3 frames before the
779 * check for Ethernet_802.2 and Ethernet_802.3,
780 * as those checks should only be done on 802.3
781 * frames, not on Ethernet frames.
782 */
783 gen_and(b0, b1);
784
785 /*
786 * Now add the check for Ethernet_II frames, and
787 * do that before checking for the other frame
788 * types.
789 */
790 b0 = gen_cmp(off_linktype, BPF_H,
791 (bpf_int32)ETHERTYPE_IPX);
792 gen_or(b0, b1);
793 return b1;
794
795 case ETHERTYPE_ATALK:
796 case ETHERTYPE_AARP:
797 /*
798 * EtherTalk (AppleTalk protocols on Ethernet link
799 * layer) may use 802.2 encapsulation.
800 */
801
802 /*
803 * Check for 802.2 encapsulation (EtherTalk phase 2?);
804 * we check for an Ethernet type field less than
805 * 1500, which means it's an 802.3 length field.
806 */
807 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
808 gen_not(b0);
809
810 /*
811 * 802.2-encapsulated ETHERTYPE_ATALK packets are
812 * SNAP packets with an organization code of
813 * 0x080007 (Apple, for Appletalk) and a protocol
814 * type of ETHERTYPE_ATALK (Appletalk).
815 *
816 * 802.2-encapsulated ETHERTYPE_AARP packets are
817 * SNAP packets with an organization code of
818 * 0x000000 (encapsulated Ethernet) and a protocol
819 * type of ETHERTYPE_AARP (Appletalk ARP).
820 */
821 if (proto == ETHERTYPE_ATALK)
822 b1 = gen_snap(0x080007, ETHERTYPE_ATALK, 14);
823 else /* proto == ETHERTYPE_AARP */
824 b1 = gen_snap(0x000000, ETHERTYPE_AARP, 14);
825 gen_and(b0, b1);
826
827 /*
828 * Check for Ethernet encapsulation (Ethertalk
829 * phase 1?); we just check for the Ethernet
830 * protocol type.
831 */
832 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
833
834 gen_or(b0, b1);
835 return b1;
836
837 default:
838 if (proto <= ETHERMTU) {
839 /*
840 * This is an LLC SAP value, so the frames
841 * that match would be 802.2 frames.
842 * Check that the frame is an 802.2 frame
843 * (i.e., that the length/type field is
844 * a length field, <= ETHERMTU) and
845 * then check the DSAP.
846 */
847 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
848 gen_not(b0);
849 b1 = gen_cmp(off_linktype + 2, BPF_B,
850 (bpf_int32)proto);
851 gen_and(b0, b1);
852 return b1;
853 } else {
854 /*
855 * This is an Ethernet type, so compare
856 * the length/type field with it (if
857 * the frame is an 802.2 frame, the length
858 * field will be <= ETHERMTU, and, as
859 * "proto" is > ETHERMTU, this test
860 * will fail and the frame won't match,
861 * which is what we want).
862 */
863 return gen_cmp(off_linktype, BPF_H,
864 (bpf_int32)proto);
865 }
866 }
867 break;
868
869 case DLT_FDDI:
870 case DLT_IEEE802:
871 case DLT_ATM_RFC1483:
872 case DLT_ATM_CLIP:
873 /*
874 * XXX - handle token-ring variable-length header.
875 */
876 switch (proto) {
877
878 case LLCSAP_ISONS:
879 return gen_cmp(off_linktype, BPF_H, (long)
880 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
881
882 case ETHERTYPE_ATALK:
883 /*
884 * 802.2-encapsulated ETHERTYPE_ATALK packets are
885 * SNAP packets with an organization code of
886 * 0x080007 (Apple, for Appletalk) and a protocol
887 * type of ETHERTYPE_ATALK (Appletalk).
888 *
889 * XXX - check for an organization code of
890 * encapsulated Ethernet as well?
891 */
892 return gen_snap(0x080007, ETHERTYPE_ATALK,
893 off_linktype);
894 break;
895
896 default:
897 /*
898 * XXX - we don't have to check for IPX 802.3
899 * here, but should we check for the IPX Ethertype?
900 */
901 if (proto <= ETHERMTU) {
902 /*
903 * This is an LLC SAP value, so check
904 * the DSAP.
905 */
906 return gen_cmp(off_linktype, BPF_B,
907 (bpf_int32)proto);
908 } else {
909 /*
910 * This is an Ethernet type; we assume
911 * that it's unlikely that it'll
912 * appear in the right place at random,
913 * and therefore check only the
914 * location that would hold the Ethernet
915 * type in a SNAP frame with an organization
916 * code of 0x000000 (encapsulated Ethernet).
917 *
918 * XXX - if we were to check for the SNAP DSAP
919 * and LSAP, as per XXX, and were also to check
920 * for an organization code of 0x000000
921 * (encapsulated Ethernet), we'd do
922 *
923 * return gen_snap(0x000000, proto,
924 * off_linktype);
925 *
926 * here; for now, we don't, as per the above.
927 * I don't know whether it's worth the
928 * extra CPU time to do the right check
929 * or not.
930 */
931 return gen_cmp(off_linktype+6, BPF_H,
932 (bpf_int32)proto);
933 }
934 }
935 break;
936
937 case DLT_LINUX_SLL:
938 switch (proto) {
939
940 case LLCSAP_ISONS:
941 /*
942 * OSI protocols always use 802.2 encapsulation.
943 * XXX - should we check both the DSAP and the
944 * LSAP, like this, or should we check just the
945 * DSAP?
946 */
947 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
948 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
949 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
950 gen_and(b0, b1);
951 return b1;
952
953 case LLCSAP_IPX:
954 /*
955 * Check both for 802.2 frames with the IPX LSAP as
956 * the DSAP and for Netware 802.3 frames.
957 *
958 * This generates code to check for 802.2 frames
959 * with the IPX LSAP.
960 */
961 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
962 b1 = gen_cmp(off_linktype + 2, BPF_B,
963 (bpf_int32)LLCSAP_IPX);
964 gen_and(b0, b1);
965
966 /*
967 * Now check for 802.3 frames and OR that with
968 * the previous test.
969 */
970 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_3);
971 gen_or(b0, b1);
972 return b1;
973
974 case ETHERTYPE_ATALK:
975 case ETHERTYPE_AARP:
976 /*
977 * EtherTalk (AppleTalk protocols on Ethernet link
978 * layer) may use 802.2 encapsulation.
979 */
980
981 /*
982 * Check for 802.2 encapsulation (EtherTalk phase 2?);
983 * we check for the 802.2 protocol type in the
984 * "Ethernet type" field.
985 */
986 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
987
988 /*
989 * 802.2-encapsulated ETHERTYPE_ATALK packets are
990 * SNAP packets with an organization code of
991 * 0x080007 (Apple, for Appletalk) and a protocol
992 * type of ETHERTYPE_ATALK (Appletalk).
993 *
994 * 802.2-encapsulated ETHERTYPE_AARP packets are
995 * SNAP packets with an organization code of
996 * 0x000000 (encapsulated Ethernet) and a protocol
997 * type of ETHERTYPE_AARP (Appletalk ARP).
998 */
999 if (proto == ETHERTYPE_ATALK)
1000 b1 = gen_snap(0x080007, ETHERTYPE_ATALK,
1001 off_linktype + 2);
1002 else /* proto == ETHERTYPE_AARP */
1003 b1 = gen_snap(0x000000, ETHERTYPE_AARP,
1004 off_linktype + 2);
1005 gen_and(b0, b1);
1006
1007 /*
1008 * Check for Ethernet encapsulation (Ethertalk
1009 * phase 1?); we just check for the Ethernet
1010 * protocol type.
1011 */
1012 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1013
1014 gen_or(b0, b1);
1015 return b1;
1016
1017 default:
1018 if (proto <= ETHERMTU) {
1019 /*
1020 * This is an LLC SAP value, so the frames
1021 * that match would be 802.2 frames.
1022 * Check for the 802.2 protocol type
1023 * in the "Ethernet type" field, and
1024 * then check the DSAP.
1025 */
1026 b0 = gen_cmp(off_linktype, BPF_H,
1027 LINUX_SLL_P_802_2);
1028 b1 = gen_cmp(off_linktype + 2, BPF_B,
1029 (bpf_int32)proto);
1030 gen_and(b0, b1);
1031 return b1;
1032 } else {
1033 /*
1034 * This is an Ethernet type, so compare
1035 * the length/type field with it (if
1036 * the frame is an 802.2 frame, the length
1037 * field will be <= ETHERMTU, and, as
1038 * "proto" is > ETHERMTU, this test
1039 * will fail and the frame won't match,
1040 * which is what we want).
1041 */
1042 return gen_cmp(off_linktype, BPF_H,
1043 (bpf_int32)proto);
1044 }
1045 }
1046 break;
1047
1048 case DLT_SLIP:
1049 case DLT_SLIP_BSDOS:
1050 case DLT_RAW:
1051 /*
1052 * These types don't provide any type field; packets
1053 * are always IP.
1054 *
1055 * XXX - for IPv4, check for a version number of 4, and,
1056 * for IPv6, check for a version number of 6?
1057 */
1058 switch (proto) {
1059
1060 case ETHERTYPE_IP:
1061 #ifdef INET6
1062 case ETHERTYPE_IPV6:
1063 #endif
1064 return gen_true(); /* always true */
1065
1066 default:
1067 return gen_false(); /* always false */
1068 }
1069 break;
1070
1071 case DLT_PPP:
1072 case DLT_PPP_SERIAL:
1073 /*
1074 * We use Ethernet protocol types inside libpcap;
1075 * map them to the corresponding PPP protocol types.
1076 */
1077 switch (proto) {
1078
1079 case ETHERTYPE_IP:
1080 proto = PPP_IP; /* XXX was 0x21 */
1081 break;
1082
1083 #ifdef INET6
1084 case ETHERTYPE_IPV6:
1085 proto = PPP_IPV6;
1086 break;
1087 #endif
1088
1089 case ETHERTYPE_DN:
1090 proto = PPP_DECNET;
1091 break;
1092
1093 case ETHERTYPE_ATALK:
1094 proto = PPP_APPLE;
1095 break;
1096
1097 case ETHERTYPE_NS:
1098 proto = PPP_NS;
1099 break;
1100
1101 case LLCSAP_ISONS:
1102 proto = PPP_OSI;
1103 break;
1104
1105 case LLCSAP_8021D:
1106 /*
1107 * I'm assuming the "Bridging PDU"s that go
1108 * over PPP are Spanning Tree Protocol
1109 * Bridging PDUs.
1110 */
1111 proto = PPP_BRPDU;
1112 break;
1113
1114 case LLCSAP_IPX:
1115 proto = PPP_IPX;
1116 break;
1117 }
1118 break;
1119
1120 case DLT_PPP_BSDOS:
1121 /*
1122 * We use Ethernet protocol types inside libpcap;
1123 * map them to the corresponding PPP protocol types.
1124 */
1125 switch (proto) {
1126
1127 case ETHERTYPE_IP:
1128 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP);
1129 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC);
1130 gen_or(b0, b1);
1131 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC);
1132 gen_or(b1, b0);
1133 return b0;
1134
1135 #ifdef INET6
1136 case ETHERTYPE_IPV6:
1137 proto = PPP_IPV6;
1138 /* more to go? */
1139 break;
1140 #endif
1141
1142 case ETHERTYPE_DN:
1143 proto = PPP_DECNET;
1144 break;
1145
1146 case ETHERTYPE_ATALK:
1147 proto = PPP_APPLE;
1148 break;
1149
1150 case ETHERTYPE_NS:
1151 proto = PPP_NS;
1152 break;
1153
1154 case LLCSAP_ISONS:
1155 proto = PPP_OSI;
1156 break;
1157
1158 case LLCSAP_8021D:
1159 /*
1160 * I'm assuming the "Bridging PDU"s that go
1161 * over PPP are Spanning Tree Protocol
1162 * Bridging PDUs.
1163 */
1164 proto = PPP_BRPDU;
1165 break;
1166
1167 case LLCSAP_IPX:
1168 proto = PPP_IPX;
1169 break;
1170 }
1171 break;
1172
1173 case DLT_NULL:
1174 case DLT_LOOP:
1175 /*
1176 * For DLT_NULL, the link-layer header is a 32-bit
1177 * word containing an AF_ value in *host* byte order.
1178 *
1179 * In addition, if we're reading a saved capture file,
1180 * the host byte order in the capture may not be the
1181 * same as the host byte order on this machine.
1182 *
1183 * For DLT_LOOP, the link-layer header is a 32-bit
1184 * word containing an AF_ value in *network* byte order.
1185 *
1186 * XXX - AF_ values may, unfortunately, be platform-
1187 * dependent; for example, FreeBSD's AF_INET6 is 24
1188 * whilst NetBSD's and OpenBSD's is 26.
1189 *
1190 * This means that, when reading a capture file, just
1191 * checking for our AF_INET6 value won't work if the
1192 * capture file came from another OS.
1193 */
1194 switch (proto) {
1195
1196 case ETHERTYPE_IP:
1197 proto = AF_INET;
1198 break;
1199
1200 #ifdef INET6
1201 case ETHERTYPE_IPV6:
1202 proto = AF_INET6;
1203 break;
1204 #endif
1205
1206 default:
1207 /*
1208 * Not a type on which we support filtering.
1209 * XXX - support those that have AF_ values
1210 * #defined on this platform, at least?
1211 */
1212 return gen_false();
1213 }
1214
1215 if (linktype == DLT_NULL) {
1216 /*
1217 * The AF_ value is in host byte order, but
1218 * the BPF interpreter will convert it to
1219 * network byte order.
1220 *
1221 * If this is a save file, and it's from a
1222 * machine with the opposite byte order to
1223 * ours, we byte-swap the AF_ value.
1224 *
1225 * Then we run it through "htonl()", and
1226 * generate code to compare against the result.
1227 */
1228 if (bpf_pcap->sf.rfile != NULL &&
1229 bpf_pcap->sf.swapped)
1230 proto = SWAPLONG(proto);
1231 proto = htonl(proto);
1232 }
1233 return (gen_cmp(0, BPF_W, (bpf_int32)proto));
1234 }
1235
1236 /*
1237 * All the types that have no encapsulation should either be
1238 * handled as DLT_SLIP, DLT_SLIP_BSDOS, and DLT_RAW are, if
1239 * all packets are IP packets, or should be handled in some
1240 * special case, if none of them are (if some are and some
1241 * aren't, the lack of encapsulation is a problem, as we'd
1242 * have to find some other way of determining the packet type).
1243 *
1244 * Therefore, if "off_linktype" is -1, there's an error.
1245 */
1246 if (off_linktype == -1)
1247 abort();
1248
1249 /*
1250 * Any type not handled above should always have an Ethernet
1251 * type at an offset of "off_linktype". (PPP is partially
1252 * handled above - the protocol type is mapped from the
1253 * Ethernet and LLC types we use internally to the corresponding
1254 * PPP type - but the PPP type is always specified by a value
1255 * at "off_linktype", so we don't have to do the code generation
1256 * above.)
1257 */
1258 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1259 }
1260
1261 /*
1262 * Check for an LLC SNAP packet with a given organization code and
1263 * protocol type; we check the entire contents of the 802.2 LLC and
1264 * snap headers, checking for DSAP and SSAP of SNAP and a control
1265 * field of 0x03 in the LLC header, and for the specified organization
1266 * code and protocol type in the SNAP header.
1267 */
1268 static struct block *
1269 gen_snap(orgcode, ptype, offset)
1270 bpf_u_int32 orgcode;
1271 bpf_u_int32 ptype;
1272 u_int offset;
1273 {
1274 u_char snapblock[8];
1275
1276 snapblock[0] = LLCSAP_SNAP; /* DSAP = SNAP */
1277 snapblock[1] = LLCSAP_SNAP; /* SSAP = SNAP */
1278 snapblock[2] = 0x03; /* control = UI */
1279 snapblock[3] = (orgcode >> 16); /* upper 8 bits of organization code */
1280 snapblock[4] = (orgcode >> 8); /* middle 8 bits of organization code */
1281 snapblock[5] = (orgcode >> 0); /* lower 8 bits of organization code */
1282 snapblock[6] = (ptype >> 8); /* upper 8 bits of protocol type */
1283 snapblock[7] = (ptype >> 0); /* lower 8 bits of protocol type */
1284 return gen_bcmp(offset, 8, snapblock);
1285 }
1286
1287 static struct block *
1288 gen_hostop(addr, mask, dir, proto, src_off, dst_off)
1289 bpf_u_int32 addr;
1290 bpf_u_int32 mask;
1291 int dir, proto;
1292 u_int src_off, dst_off;
1293 {
1294 struct block *b0, *b1;
1295 u_int offset;
1296
1297 switch (dir) {
1298
1299 case Q_SRC:
1300 offset = src_off;
1301 break;
1302
1303 case Q_DST:
1304 offset = dst_off;
1305 break;
1306
1307 case Q_AND:
1308 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
1309 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
1310 gen_and(b0, b1);
1311 return b1;
1312
1313 case Q_OR:
1314 case Q_DEFAULT:
1315 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
1316 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
1317 gen_or(b0, b1);
1318 return b1;
1319
1320 default:
1321 abort();
1322 }
1323 b0 = gen_linktype(proto);
1324 b1 = gen_mcmp(offset, BPF_W, (bpf_int32)addr, mask);
1325 gen_and(b0, b1);
1326 return b1;
1327 }
1328
1329 #ifdef INET6
1330 static struct block *
1331 gen_hostop6(addr, mask, dir, proto, src_off, dst_off)
1332 struct in6_addr *addr;
1333 struct in6_addr *mask;
1334 int dir, proto;
1335 u_int src_off, dst_off;
1336 {
1337 struct block *b0, *b1;
1338 u_int offset;
1339 u_int32_t *a, *m;
1340
1341 switch (dir) {
1342
1343 case Q_SRC:
1344 offset = src_off;
1345 break;
1346
1347 case Q_DST:
1348 offset = dst_off;
1349 break;
1350
1351 case Q_AND:
1352 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
1353 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
1354 gen_and(b0, b1);
1355 return b1;
1356
1357 case Q_OR:
1358 case Q_DEFAULT:
1359 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
1360 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
1361 gen_or(b0, b1);
1362 return b1;
1363
1364 default:
1365 abort();
1366 }
1367 /* this order is important */
1368 a = (u_int32_t *)addr;
1369 m = (u_int32_t *)mask;
1370 b1 = gen_mcmp(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3]));
1371 b0 = gen_mcmp(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2]));
1372 gen_and(b0, b1);
1373 b0 = gen_mcmp(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1]));
1374 gen_and(b0, b1);
1375 b0 = gen_mcmp(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0]));
1376 gen_and(b0, b1);
1377 b0 = gen_linktype(proto);
1378 gen_and(b0, b1);
1379 return b1;
1380 }
1381 #endif /*INET6*/
1382
1383 static struct block *
1384 gen_ehostop(eaddr, dir)
1385 register const u_char *eaddr;
1386 register int dir;
1387 {
1388 register struct block *b0, *b1;
1389
1390 switch (dir) {
1391 case Q_SRC:
1392 return gen_bcmp(6, 6, eaddr);
1393
1394 case Q_DST:
1395 return gen_bcmp(0, 6, eaddr);
1396
1397 case Q_AND:
1398 b0 = gen_ehostop(eaddr, Q_SRC);
1399 b1 = gen_ehostop(eaddr, Q_DST);
1400 gen_and(b0, b1);
1401 return b1;
1402
1403 case Q_DEFAULT:
1404 case Q_OR:
1405 b0 = gen_ehostop(eaddr, Q_SRC);
1406 b1 = gen_ehostop(eaddr, Q_DST);
1407 gen_or(b0, b1);
1408 return b1;
1409 }
1410 abort();
1411 /* NOTREACHED */
1412 }
1413
1414 /*
1415 * Like gen_ehostop, but for DLT_FDDI
1416 */
1417 static struct block *
1418 gen_fhostop(eaddr, dir)
1419 register const u_char *eaddr;
1420 register int dir;
1421 {
1422 struct block *b0, *b1;
1423
1424 switch (dir) {
1425 case Q_SRC:
1426 #ifdef PCAP_FDDIPAD
1427 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr);
1428 #else
1429 return gen_bcmp(6 + 1, 6, eaddr);
1430 #endif
1431
1432 case Q_DST:
1433 #ifdef PCAP_FDDIPAD
1434 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr);
1435 #else
1436 return gen_bcmp(0 + 1, 6, eaddr);
1437 #endif
1438
1439 case Q_AND:
1440 b0 = gen_fhostop(eaddr, Q_SRC);
1441 b1 = gen_fhostop(eaddr, Q_DST);
1442 gen_and(b0, b1);
1443 return b1;
1444
1445 case Q_DEFAULT:
1446 case Q_OR:
1447 b0 = gen_fhostop(eaddr, Q_SRC);
1448 b1 = gen_fhostop(eaddr, Q_DST);
1449 gen_or(b0, b1);
1450 return b1;
1451 }
1452 abort();
1453 /* NOTREACHED */
1454 }
1455
1456 /*
1457 * Like gen_ehostop, but for DLT_IEEE802 (Token Ring)
1458 */
1459 static struct block *
1460 gen_thostop(eaddr, dir)
1461 register const u_char *eaddr;
1462 register int dir;
1463 {
1464 register struct block *b0, *b1;
1465
1466 switch (dir) {
1467 case Q_SRC:
1468 return gen_bcmp(8, 6, eaddr);
1469
1470 case Q_DST:
1471 return gen_bcmp(2, 6, eaddr);
1472
1473 case Q_AND:
1474 b0 = gen_thostop(eaddr, Q_SRC);
1475 b1 = gen_thostop(eaddr, Q_DST);
1476 gen_and(b0, b1);
1477 return b1;
1478
1479 case Q_DEFAULT:
1480 case Q_OR:
1481 b0 = gen_thostop(eaddr, Q_SRC);
1482 b1 = gen_thostop(eaddr, Q_DST);
1483 gen_or(b0, b1);
1484 return b1;
1485 }
1486 abort();
1487 /* NOTREACHED */
1488 }
1489
1490 /*
1491 * This is quite tricky because there may be pad bytes in front of the
1492 * DECNET header, and then there are two possible data packet formats that
1493 * carry both src and dst addresses, plus 5 packet types in a format that
1494 * carries only the src node, plus 2 types that use a different format and
1495 * also carry just the src node.
1496 *
1497 * Yuck.
1498 *
1499 * Instead of doing those all right, we just look for data packets with
1500 * 0 or 1 bytes of padding. If you want to look at other packets, that
1501 * will require a lot more hacking.
1502 *
1503 * To add support for filtering on DECNET "areas" (network numbers)
1504 * one would want to add a "mask" argument to this routine. That would
1505 * make the filter even more inefficient, although one could be clever
1506 * and not generate masking instructions if the mask is 0xFFFF.
1507 */
1508 static struct block *
1509 gen_dnhostop(addr, dir, base_off)
1510 bpf_u_int32 addr;
1511 int dir;
1512 u_int base_off;
1513 {
1514 struct block *b0, *b1, *b2, *tmp;
1515 u_int offset_lh; /* offset if long header is received */
1516 u_int offset_sh; /* offset if short header is received */
1517
1518 switch (dir) {
1519
1520 case Q_DST:
1521 offset_sh = 1; /* follows flags */
1522 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */
1523 break;
1524
1525 case Q_SRC:
1526 offset_sh = 3; /* follows flags, dstnode */
1527 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */
1528 break;
1529
1530 case Q_AND:
1531 /* Inefficient because we do our Calvinball dance twice */
1532 b0 = gen_dnhostop(addr, Q_SRC, base_off);
1533 b1 = gen_dnhostop(addr, Q_DST, base_off);
1534 gen_and(b0, b1);
1535 return b1;
1536
1537 case Q_OR:
1538 case Q_DEFAULT:
1539 /* Inefficient because we do our Calvinball dance twice */
1540 b0 = gen_dnhostop(addr, Q_SRC, base_off);
1541 b1 = gen_dnhostop(addr, Q_DST, base_off);
1542 gen_or(b0, b1);
1543 return b1;
1544
1545 case Q_ISO:
1546 bpf_error("ISO host filtering not implemented");
1547
1548 default:
1549 abort();
1550 }
1551 b0 = gen_linktype(ETHERTYPE_DN);
1552 /* Check for pad = 1, long header case */
1553 tmp = gen_mcmp(base_off + 2, BPF_H,
1554 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF));
1555 b1 = gen_cmp(base_off + 2 + 1 + offset_lh,
1556 BPF_H, (bpf_int32)ntohs(addr));
1557 gen_and(tmp, b1);
1558 /* Check for pad = 0, long header case */
1559 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7);
1560 b2 = gen_cmp(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr));
1561 gen_and(tmp, b2);
1562 gen_or(b2, b1);
1563 /* Check for pad = 1, short header case */
1564 tmp = gen_mcmp(base_off + 2, BPF_H,
1565 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF));
1566 b2 = gen_cmp(base_off + 2 + 1 + offset_sh,
1567 BPF_H, (bpf_int32)ntohs(addr));
1568 gen_and(tmp, b2);
1569 gen_or(b2, b1);
1570 /* Check for pad = 0, short header case */
1571 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7);
1572 b2 = gen_cmp(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr));
1573 gen_and(tmp, b2);
1574 gen_or(b2, b1);
1575
1576 /* Combine with test for linktype */
1577 gen_and(b0, b1);
1578 return b1;
1579 }
1580
1581 static struct block *
1582 gen_host(addr, mask, proto, dir)
1583 bpf_u_int32 addr;
1584 bpf_u_int32 mask;
1585 int proto;
1586 int dir;
1587 {
1588 struct block *b0, *b1;
1589
1590 switch (proto) {
1591
1592 case Q_DEFAULT:
1593 b0 = gen_host(addr, mask, Q_IP, dir);
1594 if (off_linktype != -1) {
1595 b1 = gen_host(addr, mask, Q_ARP, dir);
1596 gen_or(b0, b1);
1597 b0 = gen_host(addr, mask, Q_RARP, dir);
1598 gen_or(b1, b0);
1599 }
1600 return b0;
1601
1602 case Q_IP:
1603 return gen_hostop(addr, mask, dir, ETHERTYPE_IP,
1604 off_nl + 12, off_nl + 16);
1605
1606 case Q_RARP:
1607 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP,
1608 off_nl + 14, off_nl + 24);
1609
1610 case Q_ARP:
1611 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP,
1612 off_nl + 14, off_nl + 24);
1613
1614 case Q_TCP:
1615 bpf_error("'tcp' modifier applied to host");
1616
1617 case Q_UDP:
1618 bpf_error("'udp' modifier applied to host");
1619
1620 case Q_ICMP:
1621 bpf_error("'icmp' modifier applied to host");
1622
1623 case Q_IGMP:
1624 bpf_error("'igmp' modifier applied to host");
1625
1626 case Q_IGRP:
1627 bpf_error("'igrp' modifier applied to host");
1628
1629 case Q_PIM:
1630 bpf_error("'pim' modifier applied to host");
1631
1632 case Q_ATALK:
1633 bpf_error("ATALK host filtering not implemented");
1634
1635 case Q_AARP:
1636 bpf_error("AARP host filtering not implemented");
1637
1638 case Q_DECNET:
1639 return gen_dnhostop(addr, dir, off_nl);
1640
1641 case Q_SCA:
1642 bpf_error("SCA host filtering not implemented");
1643
1644 case Q_LAT:
1645 bpf_error("LAT host filtering not implemented");
1646
1647 case Q_MOPDL:
1648 bpf_error("MOPDL host filtering not implemented");
1649
1650 case Q_MOPRC:
1651 bpf_error("MOPRC host filtering not implemented");
1652
1653 #ifdef INET6
1654 case Q_IPV6:
1655 bpf_error("'ip6' modifier applied to ip host");
1656
1657 case Q_ICMPV6:
1658 bpf_error("'icmp6' modifier applied to host");
1659 #endif /* INET6 */
1660
1661 case Q_AH:
1662 bpf_error("'ah' modifier applied to host");
1663
1664 case Q_ESP:
1665 bpf_error("'esp' modifier applied to host");
1666
1667 case Q_ISO:
1668 bpf_error("ISO host filtering not implemented");
1669
1670 case Q_ESIS:
1671 bpf_error("'esis' modifier applied to host");
1672
1673 case Q_ISIS:
1674 bpf_error("'isis' modifier applied to host");
1675
1676 case Q_CLNP:
1677 bpf_error("'clnp' modifier applied to host");
1678
1679 case Q_STP:
1680 bpf_error("'stp' modifier applied to host");
1681
1682 case Q_IPX:
1683 bpf_error("IPX host filtering not implemented");
1684
1685 default:
1686 abort();
1687 }
1688 /* NOTREACHED */
1689 }
1690
1691 #ifdef INET6
1692 static struct block *
1693 gen_host6(addr, mask, proto, dir)
1694 struct in6_addr *addr;
1695 struct in6_addr *mask;
1696 int proto;
1697 int dir;
1698 {
1699 switch (proto) {
1700
1701 case Q_DEFAULT:
1702 return gen_host6(addr, mask, Q_IPV6, dir);
1703
1704 case Q_IP:
1705 bpf_error("'ip' modifier applied to ip6 host");
1706
1707 case Q_RARP:
1708 bpf_error("'rarp' modifier applied to ip6 host");
1709
1710 case Q_ARP:
1711 bpf_error("'arp' modifier applied to ip6 host");
1712
1713 case Q_TCP:
1714 bpf_error("'tcp' modifier applied to host");
1715
1716 case Q_UDP:
1717 bpf_error("'udp' modifier applied to host");
1718
1719 case Q_ICMP:
1720 bpf_error("'icmp' modifier applied to host");
1721
1722 case Q_IGMP:
1723 bpf_error("'igmp' modifier applied to host");
1724
1725 case Q_IGRP:
1726 bpf_error("'igrp' modifier applied to host");
1727
1728 case Q_PIM:
1729 bpf_error("'pim' modifier applied to host");
1730
1731 case Q_ATALK:
1732 bpf_error("ATALK host filtering not implemented");
1733
1734 case Q_AARP:
1735 bpf_error("AARP host filtering not implemented");
1736
1737 case Q_DECNET:
1738 bpf_error("'decnet' modifier applied to ip6 host");
1739
1740 case Q_SCA:
1741 bpf_error("SCA host filtering not implemented");
1742
1743 case Q_LAT:
1744 bpf_error("LAT host filtering not implemented");
1745
1746 case Q_MOPDL:
1747 bpf_error("MOPDL host filtering not implemented");
1748
1749 case Q_MOPRC:
1750 bpf_error("MOPRC host filtering not implemented");
1751
1752 case Q_IPV6:
1753 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6,
1754 off_nl + 8, off_nl + 24);
1755
1756 case Q_ICMPV6:
1757 bpf_error("'icmp6' modifier applied to host");
1758
1759 case Q_AH:
1760 bpf_error("'ah' modifier applied to host");
1761
1762 case Q_ESP:
1763 bpf_error("'esp' modifier applied to host");
1764
1765 case Q_ISO:
1766 bpf_error("ISO host filtering not implemented");
1767
1768 case Q_ESIS:
1769 bpf_error("'esis' modifier applied to host");
1770
1771 case Q_ISIS:
1772 bpf_error("'isis' modifier applied to host");
1773
1774 case Q_CLNP:
1775 bpf_error("'clnp' modifier applied to host");
1776
1777 case Q_STP:
1778 bpf_error("'stp' modifier applied to host");
1779
1780 case Q_IPX:
1781 bpf_error("IPX host filtering not implemented");
1782
1783 default:
1784 abort();
1785 }
1786 /* NOTREACHED */
1787 }
1788 #endif /*INET6*/
1789
1790 #ifndef INET6
1791 static struct block *
1792 gen_gateway(eaddr, alist, proto, dir)
1793 const u_char *eaddr;
1794 bpf_u_int32 **alist;
1795 int proto;
1796 int dir;
1797 {
1798 struct block *b0, *b1, *tmp;
1799
1800 if (dir != 0)
1801 bpf_error("direction applied to 'gateway'");
1802
1803 switch (proto) {
1804 case Q_DEFAULT:
1805 case Q_IP:
1806 case Q_ARP:
1807 case Q_RARP:
1808 if (linktype == DLT_EN10MB)
1809 b0 = gen_ehostop(eaddr, Q_OR);
1810 else if (linktype == DLT_FDDI)
1811 b0 = gen_fhostop(eaddr, Q_OR);
1812 else if (linktype == DLT_IEEE802)
1813 b0 = gen_thostop(eaddr, Q_OR);
1814 else
1815 bpf_error(
1816 "'gateway' supported only on ethernet, FDDI or token ring");
1817
1818 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR);
1819 while (*alist) {
1820 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR);
1821 gen_or(b1, tmp);
1822 b1 = tmp;
1823 }
1824 gen_not(b1);
1825 gen_and(b0, b1);
1826 return b1;
1827 }
1828 bpf_error("illegal modifier of 'gateway'");
1829 /* NOTREACHED */
1830 }
1831 #endif
1832
1833 struct block *
1834 gen_proto_abbrev(proto)
1835 int proto;
1836 {
1837 #ifdef INET6
1838 struct block *b0;
1839 #endif
1840 struct block *b1;
1841
1842 switch (proto) {
1843
1844 case Q_TCP:
1845 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT);
1846 #ifdef INET6
1847 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT);
1848 gen_or(b0, b1);
1849 #endif
1850 break;
1851
1852 case Q_UDP:
1853 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT);
1854 #ifdef INET6
1855 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT);
1856 gen_or(b0, b1);
1857 #endif
1858 break;
1859
1860 case Q_ICMP:
1861 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT);
1862 break;
1863
1864 #ifndef IPPROTO_IGMP
1865 #define IPPROTO_IGMP 2
1866 #endif
1867
1868 case Q_IGMP:
1869 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT);
1870 break;
1871
1872 #ifndef IPPROTO_IGRP
1873 #define IPPROTO_IGRP 9
1874 #endif
1875 case Q_IGRP:
1876 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT);
1877 break;
1878
1879 #ifndef IPPROTO_PIM
1880 #define IPPROTO_PIM 103
1881 #endif
1882
1883 case Q_PIM:
1884 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT);
1885 #ifdef INET6
1886 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT);
1887 gen_or(b0, b1);
1888 #endif
1889 break;
1890
1891 case Q_IP:
1892 b1 = gen_linktype(ETHERTYPE_IP);
1893 break;
1894
1895 case Q_ARP:
1896 b1 = gen_linktype(ETHERTYPE_ARP);
1897 break;
1898
1899 case Q_RARP:
1900 b1 = gen_linktype(ETHERTYPE_REVARP);
1901 break;
1902
1903 case Q_LINK:
1904 bpf_error("link layer applied in wrong context");
1905
1906 case Q_ATALK:
1907 b1 = gen_linktype(ETHERTYPE_ATALK);
1908 break;
1909
1910 case Q_AARP:
1911 b1 = gen_linktype(ETHERTYPE_AARP);
1912 break;
1913
1914 case Q_DECNET:
1915 b1 = gen_linktype(ETHERTYPE_DN);
1916 break;
1917
1918 case Q_SCA:
1919 b1 = gen_linktype(ETHERTYPE_SCA);
1920 break;
1921
1922 case Q_LAT:
1923 b1 = gen_linktype(ETHERTYPE_LAT);
1924 break;
1925
1926 case Q_MOPDL:
1927 b1 = gen_linktype(ETHERTYPE_MOPDL);
1928 break;
1929
1930 case Q_MOPRC:
1931 b1 = gen_linktype(ETHERTYPE_MOPRC);
1932 break;
1933
1934 #ifdef INET6
1935 case Q_IPV6:
1936 b1 = gen_linktype(ETHERTYPE_IPV6);
1937 break;
1938
1939 #ifndef IPPROTO_ICMPV6
1940 #define IPPROTO_ICMPV6 58
1941 #endif
1942 case Q_ICMPV6:
1943 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT);
1944 break;
1945 #endif /* INET6 */
1946
1947 #ifndef IPPROTO_AH
1948 #define IPPROTO_AH 51
1949 #endif
1950 case Q_AH:
1951 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT);
1952 #ifdef INET6
1953 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT);
1954 gen_or(b0, b1);
1955 #endif
1956 break;
1957
1958 #ifndef IPPROTO_ESP
1959 #define IPPROTO_ESP 50
1960 #endif
1961 case Q_ESP:
1962 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT);
1963 #ifdef INET6
1964 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT);
1965 gen_or(b0, b1);
1966 #endif
1967 break;
1968
1969 case Q_ISO:
1970 b1 = gen_linktype(LLCSAP_ISONS);
1971 break;
1972
1973 case Q_ESIS:
1974 b1 = gen_proto(ISO9542_ESIS, Q_ISO, Q_DEFAULT);
1975 break;
1976
1977 case Q_ISIS:
1978 b1 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT);
1979 break;
1980
1981 case Q_CLNP:
1982 b1 = gen_proto(ISO8473_CLNP, Q_ISO, Q_DEFAULT);
1983 break;
1984
1985 case Q_STP:
1986 b1 = gen_linktype(LLCSAP_8021D);
1987 break;
1988
1989 case Q_IPX:
1990 b1 = gen_linktype(LLCSAP_IPX);
1991 break;
1992
1993 default:
1994 abort();
1995 }
1996 return b1;
1997 }
1998
1999 static struct block *
2000 gen_ipfrag()
2001 {
2002 struct slist *s;
2003 struct block *b;
2004
2005 /* not ip frag */
2006 s = new_stmt(BPF_LD|BPF_H|BPF_ABS);
2007 s->s.k = off_nl + 6;
2008 b = new_block(JMP(BPF_JSET));
2009 b->s.k = 0x1fff;
2010 b->stmts = s;
2011 gen_not(b);
2012
2013 return b;
2014 }
2015
2016 static struct block *
2017 gen_portatom(off, v)
2018 int off;
2019 bpf_int32 v;
2020 {
2021 struct slist *s;
2022 struct block *b;
2023
2024 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
2025 s->s.k = off_nl;
2026
2027 s->next = new_stmt(BPF_LD|BPF_IND|BPF_H);
2028 s->next->s.k = off_nl + off;
2029
2030 b = new_block(JMP(BPF_JEQ));
2031 b->stmts = s;
2032 b->s.k = v;
2033
2034 return b;
2035 }
2036
2037 #ifdef INET6
2038 static struct block *
2039 gen_portatom6(off, v)
2040 int off;
2041 bpf_int32 v;
2042 {
2043 return gen_cmp(off_nl + 40 + off, BPF_H, v);
2044 }
2045 #endif/*INET6*/
2046
2047 struct block *
2048 gen_portop(port, proto, dir)
2049 int port, proto, dir;
2050 {
2051 struct block *b0, *b1, *tmp;
2052
2053 /* ip proto 'proto' */
2054 tmp = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)proto);
2055 b0 = gen_ipfrag();
2056 gen_and(tmp, b0);
2057
2058 switch (dir) {
2059 case Q_SRC:
2060 b1 = gen_portatom(0, (bpf_int32)port);
2061 break;
2062
2063 case Q_DST:
2064 b1 = gen_portatom(2, (bpf_int32)port);
2065 break;
2066
2067 case Q_OR:
2068 case Q_DEFAULT:
2069 tmp = gen_portatom(0, (bpf_int32)port);
2070 b1 = gen_portatom(2, (bpf_int32)port);
2071 gen_or(tmp, b1);
2072 break;
2073
2074 case Q_AND:
2075 tmp = gen_portatom(0, (bpf_int32)port);
2076 b1 = gen_portatom(2, (bpf_int32)port);
2077 gen_and(tmp, b1);
2078 break;
2079
2080 default:
2081 abort();
2082 }
2083 gen_and(b0, b1);
2084
2085 return b1;
2086 }
2087
2088 static struct block *
2089 gen_port(port, ip_proto, dir)
2090 int port;
2091 int ip_proto;
2092 int dir;
2093 {
2094 struct block *b0, *b1, *tmp;
2095
2096 /* ether proto ip */
2097 b0 = gen_linktype(ETHERTYPE_IP);
2098
2099 switch (ip_proto) {
2100 case IPPROTO_UDP:
2101 case IPPROTO_TCP:
2102 b1 = gen_portop(port, ip_proto, dir);
2103 break;
2104
2105 case PROTO_UNDEF:
2106 tmp = gen_portop(port, IPPROTO_TCP, dir);
2107 b1 = gen_portop(port, IPPROTO_UDP, dir);
2108 gen_or(tmp, b1);
2109 break;
2110
2111 default:
2112 abort();
2113 }
2114 gen_and(b0, b1);
2115 return b1;
2116 }
2117
2118 #ifdef INET6
2119 struct block *
2120 gen_portop6(port, proto, dir)
2121 int port, proto, dir;
2122 {
2123 struct block *b0, *b1, *tmp;
2124
2125 /* ip proto 'proto' */
2126 b0 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)proto);
2127
2128 switch (dir) {
2129 case Q_SRC:
2130 b1 = gen_portatom6(0, (bpf_int32)port);
2131 break;
2132
2133 case Q_DST:
2134 b1 = gen_portatom6(2, (bpf_int32)port);
2135 break;
2136
2137 case Q_OR:
2138 case Q_DEFAULT:
2139 tmp = gen_portatom6(0, (bpf_int32)port);
2140 b1 = gen_portatom6(2, (bpf_int32)port);
2141 gen_or(tmp, b1);
2142 break;
2143
2144 case Q_AND:
2145 tmp = gen_portatom6(0, (bpf_int32)port);
2146 b1 = gen_portatom6(2, (bpf_int32)port);
2147 gen_and(tmp, b1);
2148 break;
2149
2150 default:
2151 abort();
2152 }
2153 gen_and(b0, b1);
2154
2155 return b1;
2156 }
2157
2158 static struct block *
2159 gen_port6(port, ip_proto, dir)
2160 int port;
2161 int ip_proto;
2162 int dir;
2163 {
2164 struct block *b0, *b1, *tmp;
2165
2166 /* ether proto ip */
2167 b0 = gen_linktype(ETHERTYPE_IPV6);
2168
2169 switch (ip_proto) {
2170 case IPPROTO_UDP:
2171 case IPPROTO_TCP:
2172 b1 = gen_portop6(port, ip_proto, dir);
2173 break;
2174
2175 case PROTO_UNDEF:
2176 tmp = gen_portop6(port, IPPROTO_TCP, dir);
2177 b1 = gen_portop6(port, IPPROTO_UDP, dir);
2178 gen_or(tmp, b1);
2179 break;
2180
2181 default:
2182 abort();
2183 }
2184 gen_and(b0, b1);
2185 return b1;
2186 }
2187 #endif /* INET6 */
2188
2189 static int
2190 lookup_proto(name, proto)
2191 register const char *name;
2192 register int proto;
2193 {
2194 register int v;
2195
2196 switch (proto) {
2197
2198 case Q_DEFAULT:
2199 case Q_IP:
2200 v = pcap_nametoproto(name);
2201 if (v == PROTO_UNDEF)
2202 bpf_error("unknown ip proto '%s'", name);
2203 break;
2204
2205 case Q_LINK:
2206 /* XXX should look up h/w protocol type based on linktype */
2207 v = pcap_nametoeproto(name);
2208 if (v == PROTO_UNDEF)
2209 bpf_error("unknown ether proto '%s'", name);
2210 break;
2211
2212 case Q_ISO:
2213 if (strcmp(name, "esis") == 0)
2214 v = ISO9542_ESIS;
2215 else if (strcmp(name, "isis") == 0)
2216 v = ISO10589_ISIS;
2217 else if (strcmp(name, "clnp") == 0)
2218 v = ISO8473_CLNP;
2219 else
2220 bpf_error("unknown osi proto '%s'", name);
2221 break;
2222
2223 default:
2224 v = PROTO_UNDEF;
2225 break;
2226 }
2227 return v;
2228 }
2229
2230 #if 0
2231 struct stmt *
2232 gen_joinsp(s, n)
2233 struct stmt **s;
2234 int n;
2235 {
2236 return NULL;
2237 }
2238 #endif
2239
2240 static struct block *
2241 gen_protochain(v, proto, dir)
2242 int v;
2243 int proto;
2244 int dir;
2245 {
2246 #ifdef NO_PROTOCHAIN
2247 return gen_proto(v, proto, dir);
2248 #else
2249 struct block *b0, *b;
2250 struct slist *s[100];
2251 int fix2, fix3, fix4, fix5;
2252 int ahcheck, again, end;
2253 int i, max;
2254 int reg2 = alloc_reg();
2255
2256 memset(s, 0, sizeof(s));
2257 fix2 = fix3 = fix4 = fix5 = 0;
2258
2259 switch (proto) {
2260 case Q_IP:
2261 case Q_IPV6:
2262 break;
2263 case Q_DEFAULT:
2264 b0 = gen_protochain(v, Q_IP, dir);
2265 b = gen_protochain(v, Q_IPV6, dir);
2266 gen_or(b0, b);
2267 return b;
2268 default:
2269 bpf_error("bad protocol applied for 'protochain'");
2270 /*NOTREACHED*/
2271 }
2272
2273 no_optimize = 1; /*this code is not compatible with optimzer yet */
2274
2275 /*
2276 * s[0] is a dummy entry to protect other BPF insn from damaged
2277 * by s[fix] = foo with uninitialized variable "fix". It is somewhat
2278 * hard to find interdependency made by jump table fixup.
2279 */
2280 i = 0;
2281 s[i] = new_stmt(0); /*dummy*/
2282 i++;
2283
2284 switch (proto) {
2285 case Q_IP:
2286 b0 = gen_linktype(ETHERTYPE_IP);
2287
2288 /* A = ip->ip_p */
2289 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
2290 s[i]->s.k = off_nl + 9;
2291 i++;
2292 /* X = ip->ip_hl << 2 */
2293 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
2294 s[i]->s.k = off_nl;
2295 i++;
2296 break;
2297 #ifdef INET6
2298 case Q_IPV6:
2299 b0 = gen_linktype(ETHERTYPE_IPV6);
2300
2301 /* A = ip6->ip_nxt */
2302 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
2303 s[i]->s.k = off_nl + 6;
2304 i++;
2305 /* X = sizeof(struct ip6_hdr) */
2306 s[i] = new_stmt(BPF_LDX|BPF_IMM);
2307 s[i]->s.k = 40;
2308 i++;
2309 break;
2310 #endif
2311 default:
2312 bpf_error("unsupported proto to gen_protochain");
2313 /*NOTREACHED*/
2314 }
2315
2316 /* again: if (A == v) goto end; else fall through; */
2317 again = i;
2318 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2319 s[i]->s.k = v;
2320 s[i]->s.jt = NULL; /*later*/
2321 s[i]->s.jf = NULL; /*update in next stmt*/
2322 fix5 = i;
2323 i++;
2324
2325 #ifndef IPPROTO_NONE
2326 #define IPPROTO_NONE 59
2327 #endif
2328 /* if (A == IPPROTO_NONE) goto end */
2329 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2330 s[i]->s.jt = NULL; /*later*/
2331 s[i]->s.jf = NULL; /*update in next stmt*/
2332 s[i]->s.k = IPPROTO_NONE;
2333 s[fix5]->s.jf = s[i];
2334 fix2 = i;
2335 i++;
2336
2337 #ifdef INET6
2338 if (proto == Q_IPV6) {
2339 int v6start, v6end, v6advance, j;
2340
2341 v6start = i;
2342 /* if (A == IPPROTO_HOPOPTS) goto v6advance */
2343 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2344 s[i]->s.jt = NULL; /*later*/
2345 s[i]->s.jf = NULL; /*update in next stmt*/
2346 s[i]->s.k = IPPROTO_HOPOPTS;
2347 s[fix2]->s.jf = s[i];
2348 i++;
2349 /* if (A == IPPROTO_DSTOPTS) goto v6advance */
2350 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2351 s[i]->s.jt = NULL; /*later*/
2352 s[i]->s.jf = NULL; /*update in next stmt*/
2353 s[i]->s.k = IPPROTO_DSTOPTS;
2354 i++;
2355 /* if (A == IPPROTO_ROUTING) goto v6advance */
2356 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2357 s[i]->s.jt = NULL; /*later*/
2358 s[i]->s.jf = NULL; /*update in next stmt*/
2359 s[i]->s.k = IPPROTO_ROUTING;
2360 i++;
2361 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */
2362 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2363 s[i]->s.jt = NULL; /*later*/
2364 s[i]->s.jf = NULL; /*later*/
2365 s[i]->s.k = IPPROTO_FRAGMENT;
2366 fix3 = i;
2367 v6end = i;
2368 i++;
2369
2370 /* v6advance: */
2371 v6advance = i;
2372
2373 /*
2374 * in short,
2375 * A = P[X];
2376 * X = X + (P[X + 1] + 1) * 8;
2377 */
2378 /* A = X */
2379 s[i] = new_stmt(BPF_MISC|BPF_TXA);
2380 i++;
2381 /* A = P[X + packet head] */
2382 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2383 s[i]->s.k = off_nl;
2384 i++;
2385 /* MEM[reg2] = A */
2386 s[i] = new_stmt(BPF_ST);
2387 s[i]->s.k = reg2;
2388 i++;
2389 /* A = X */
2390 s[i] = new_stmt(BPF_MISC|BPF_TXA);
2391 i++;
2392 /* A += 1 */
2393 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2394 s[i]->s.k = 1;
2395 i++;
2396 /* X = A */
2397 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2398 i++;
2399 /* A = P[X + packet head]; */
2400 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2401 s[i]->s.k = off_nl;
2402 i++;
2403 /* A += 1 */
2404 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2405 s[i]->s.k = 1;
2406 i++;
2407 /* A *= 8 */
2408 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
2409 s[i]->s.k = 8;
2410 i++;
2411 /* X = A; */
2412 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2413 i++;
2414 /* A = MEM[reg2] */
2415 s[i] = new_stmt(BPF_LD|BPF_MEM);
2416 s[i]->s.k = reg2;
2417 i++;
2418
2419 /* goto again; (must use BPF_JA for backward jump) */
2420 s[i] = new_stmt(BPF_JMP|BPF_JA);
2421 s[i]->s.k = again - i - 1;
2422 s[i - 1]->s.jf = s[i];
2423 i++;
2424
2425 /* fixup */
2426 for (j = v6start; j <= v6end; j++)
2427 s[j]->s.jt = s[v6advance];
2428 } else
2429 #endif
2430 {
2431 /* nop */
2432 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2433 s[i]->s.k = 0;
2434 s[fix2]->s.jf = s[i];
2435 i++;
2436 }
2437
2438 /* ahcheck: */
2439 ahcheck = i;
2440 /* if (A == IPPROTO_AH) then fall through; else goto end; */
2441 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2442 s[i]->s.jt = NULL; /*later*/
2443 s[i]->s.jf = NULL; /*later*/
2444 s[i]->s.k = IPPROTO_AH;
2445 if (fix3)
2446 s[fix3]->s.jf = s[ahcheck];
2447 fix4 = i;
2448 i++;
2449
2450 /*
2451 * in short,
2452 * A = P[X];
2453 * X = X + (P[X + 1] + 2) * 4;
2454 */
2455 /* A = X */
2456 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
2457 i++;
2458 /* A = P[X + packet head]; */
2459 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2460 s[i]->s.k = off_nl;
2461 i++;
2462 /* MEM[reg2] = A */
2463 s[i] = new_stmt(BPF_ST);
2464 s[i]->s.k = reg2;
2465 i++;
2466 /* A = X */
2467 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
2468 i++;
2469 /* A += 1 */
2470 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2471 s[i]->s.k = 1;
2472 i++;
2473 /* X = A */
2474 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2475 i++;
2476 /* A = P[X + packet head] */
2477 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2478 s[i]->s.k = off_nl;
2479 i++;
2480 /* A += 2 */
2481 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2482 s[i]->s.k = 2;
2483 i++;
2484 /* A *= 4 */
2485 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
2486 s[i]->s.k = 4;
2487 i++;
2488 /* X = A; */
2489 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2490 i++;
2491 /* A = MEM[reg2] */
2492 s[i] = new_stmt(BPF_LD|BPF_MEM);
2493 s[i]->s.k = reg2;
2494 i++;
2495
2496 /* goto again; (must use BPF_JA for backward jump) */
2497 s[i] = new_stmt(BPF_JMP|BPF_JA);
2498 s[i]->s.k = again - i - 1;
2499 i++;
2500
2501 /* end: nop */
2502 end = i;
2503 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2504 s[i]->s.k = 0;
2505 s[fix2]->s.jt = s[end];
2506 s[fix4]->s.jf = s[end];
2507 s[fix5]->s.jt = s[end];
2508 i++;
2509
2510 /*
2511 * make slist chain
2512 */
2513 max = i;
2514 for (i = 0; i < max - 1; i++)
2515 s[i]->next = s[i + 1];
2516 s[max - 1]->next = NULL;
2517
2518 /*
2519 * emit final check
2520 */
2521 b = new_block(JMP(BPF_JEQ));
2522 b->stmts = s[1]; /*remember, s[0] is dummy*/
2523 b->s.k = v;
2524
2525 free_reg(reg2);
2526
2527 gen_and(b0, b);
2528 return b;
2529 #endif
2530 }
2531
2532 static struct block *
2533 gen_proto(v, proto, dir)
2534 int v;
2535 int proto;
2536 int dir;
2537 {
2538 struct block *b0, *b1;
2539
2540 if (dir != Q_DEFAULT)
2541 bpf_error("direction applied to 'proto'");
2542
2543 switch (proto) {
2544 case Q_DEFAULT:
2545 #ifdef INET6
2546 b0 = gen_proto(v, Q_IP, dir);
2547 b1 = gen_proto(v, Q_IPV6, dir);
2548 gen_or(b0, b1);
2549 return b1;
2550 #else
2551 /*FALLTHROUGH*/
2552 #endif
2553 case Q_IP:
2554 b0 = gen_linktype(ETHERTYPE_IP);
2555 #ifndef CHASE_CHAIN
2556 b1 = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)v);
2557 #else
2558 b1 = gen_protochain(v, Q_IP);
2559 #endif
2560 gen_and(b0, b1);
2561 return b1;
2562
2563 case Q_ISO:
2564 b0 = gen_linktype(LLCSAP_ISONS);
2565 b1 = gen_cmp(off_nl + 3, BPF_B, (long)v);
2566 gen_and(b0, b1);
2567 return b1;
2568
2569 case Q_ARP:
2570 bpf_error("arp does not encapsulate another protocol");
2571 /* NOTREACHED */
2572
2573 case Q_RARP:
2574 bpf_error("rarp does not encapsulate another protocol");
2575 /* NOTREACHED */
2576
2577 case Q_ATALK:
2578 bpf_error("atalk encapsulation is not specifiable");
2579 /* NOTREACHED */
2580
2581 case Q_DECNET:
2582 bpf_error("decnet encapsulation is not specifiable");
2583 /* NOTREACHED */
2584
2585 case Q_SCA:
2586 bpf_error("sca does not encapsulate another protocol");
2587 /* NOTREACHED */
2588
2589 case Q_LAT:
2590 bpf_error("lat does not encapsulate another protocol");
2591 /* NOTREACHED */
2592
2593 case Q_MOPRC:
2594 bpf_error("moprc does not encapsulate another protocol");
2595 /* NOTREACHED */
2596
2597 case Q_MOPDL:
2598 bpf_error("mopdl does not encapsulate another protocol");
2599 /* NOTREACHED */
2600
2601 case Q_LINK:
2602 return gen_linktype(v);
2603
2604 case Q_UDP:
2605 bpf_error("'udp proto' is bogus");
2606 /* NOTREACHED */
2607
2608 case Q_TCP:
2609 bpf_error("'tcp proto' is bogus");
2610 /* NOTREACHED */
2611
2612 case Q_ICMP:
2613 bpf_error("'icmp proto' is bogus");
2614 /* NOTREACHED */
2615
2616 case Q_IGMP:
2617 bpf_error("'igmp proto' is bogus");
2618 /* NOTREACHED */
2619
2620 case Q_IGRP:
2621 bpf_error("'igrp proto' is bogus");
2622 /* NOTREACHED */
2623
2624 case Q_PIM:
2625 bpf_error("'pim proto' is bogus");
2626 /* NOTREACHED */
2627
2628 #ifdef INET6
2629 case Q_IPV6:
2630 b0 = gen_linktype(ETHERTYPE_IPV6);
2631 #ifndef CHASE_CHAIN
2632 b1 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)v);
2633 #else
2634 b1 = gen_protochain(v, Q_IPV6);
2635 #endif
2636 gen_and(b0, b1);
2637 return b1;
2638
2639 case Q_ICMPV6:
2640 bpf_error("'icmp6 proto' is bogus");
2641 #endif /* INET6 */
2642
2643 case Q_AH:
2644 bpf_error("'ah proto' is bogus");
2645
2646 case Q_ESP:
2647 bpf_error("'ah proto' is bogus");
2648
2649 case Q_STP:
2650 bpf_error("'stp proto' is bogus");
2651
2652 case Q_IPX:
2653 bpf_error("'ipx proto' is bogus");
2654
2655 default:
2656 abort();
2657 /* NOTREACHED */
2658 }
2659 /* NOTREACHED */
2660 }
2661
2662 struct block *
2663 gen_scode(name, q)
2664 register const char *name;
2665 struct qual q;
2666 {
2667 int proto = q.proto;
2668 int dir = q.dir;
2669 int tproto;
2670 u_char *eaddr;
2671 bpf_u_int32 mask, addr;
2672 #ifndef INET6
2673 bpf_u_int32 **alist;
2674 #else
2675 int tproto6;
2676 struct sockaddr_in *sin;
2677 struct sockaddr_in6 *sin6;
2678 struct addrinfo *res, *res0;
2679 struct in6_addr mask128;
2680 #endif /*INET6*/
2681 struct block *b, *tmp;
2682 int port, real_proto;
2683
2684 switch (q.addr) {
2685
2686 case Q_NET:
2687 addr = pcap_nametonetaddr(name);
2688 if (addr == 0)
2689 bpf_error("unknown network '%s'", name);
2690 /* Left justify network addr and calculate its network mask */
2691 mask = 0xffffffff;
2692 while (addr && (addr & 0xff000000) == 0) {
2693 addr <<= 8;
2694 mask <<= 8;
2695 }
2696 return gen_host(addr, mask, proto, dir);
2697
2698 case Q_DEFAULT:
2699 case Q_HOST:
2700 if (proto == Q_LINK) {
2701 switch (linktype) {
2702
2703 case DLT_EN10MB:
2704 eaddr = pcap_ether_hostton(name);
2705 if (eaddr == NULL)
2706 bpf_error(
2707 "unknown ether host '%s'", name);
2708 return gen_ehostop(eaddr, dir);
2709
2710 case DLT_FDDI:
2711 eaddr = pcap_ether_hostton(name);
2712 if (eaddr == NULL)
2713 bpf_error(
2714 "unknown FDDI host '%s'", name);
2715 return gen_fhostop(eaddr, dir);
2716
2717 case DLT_IEEE802:
2718 eaddr = pcap_ether_hostton(name);
2719 if (eaddr == NULL)
2720 bpf_error(
2721 "unknown token ring host '%s'", name);
2722 return gen_thostop(eaddr, dir);
2723
2724 default:
2725 bpf_error(
2726 "only ethernet/FDDI/token ring supports link-level host name");
2727 break;
2728 }
2729 } else if (proto == Q_DECNET) {
2730 unsigned short dn_addr = __pcap_nametodnaddr(name);
2731 /*
2732 * I don't think DECNET hosts can be multihomed, so
2733 * there is no need to build up a list of addresses
2734 */
2735 return (gen_host(dn_addr, 0, proto, dir));
2736 } else {
2737 #ifndef INET6
2738 alist = pcap_nametoaddr(name);
2739 if (alist == NULL || *alist == NULL)
2740 bpf_error("unknown host '%s'", name);
2741 tproto = proto;
2742 if (off_linktype == -1 && tproto == Q_DEFAULT)
2743 tproto = Q_IP;
2744 b = gen_host(**alist++, 0xffffffff, tproto, dir);
2745 while (*alist) {
2746 tmp = gen_host(**alist++, 0xffffffff,
2747 tproto, dir);
2748 gen_or(b, tmp);
2749 b = tmp;
2750 }
2751 return b;
2752 #else
2753 memset(&mask128, 0xff, sizeof(mask128));
2754 res0 = res = pcap_nametoaddrinfo(name);
2755 if (res == NULL)
2756 bpf_error("unknown host '%s'", name);
2757 b = tmp = NULL;
2758 tproto = tproto6 = proto;
2759 if (off_linktype == -1 && tproto == Q_DEFAULT) {
2760 tproto = Q_IP;
2761 tproto6 = Q_IPV6;
2762 }
2763 for (res = res0; res; res = res->ai_next) {
2764 switch (res->ai_family) {
2765 case AF_INET:
2766 if (tproto == Q_IPV6)
2767 continue;
2768
2769 sin = (struct sockaddr_in *)
2770 res->ai_addr;
2771 tmp = gen_host(ntohl(sin->sin_addr.s_addr),
2772 0xffffffff, tproto, dir);
2773 break;
2774 case AF_INET6:
2775 if (tproto6 == Q_IP)
2776 continue;
2777
2778 sin6 = (struct sockaddr_in6 *)
2779 res->ai_addr;
2780 tmp = gen_host6(&sin6->sin6_addr,
2781 &mask128, tproto6, dir);
2782 break;
2783 }
2784 if (b)
2785 gen_or(b, tmp);
2786 b = tmp;
2787 }
2788 freeaddrinfo(res0);
2789 if (b == NULL) {
2790 bpf_error("unknown host '%s'%s", name,
2791 (proto == Q_DEFAULT)
2792 ? ""
2793 : " for specified address family");
2794 }
2795 return b;
2796 #endif /*INET6*/
2797 }
2798
2799 case Q_PORT:
2800 if (proto != Q_DEFAULT && proto != Q_UDP && proto != Q_TCP)
2801 bpf_error("illegal qualifier of 'port'");
2802 if (pcap_nametoport(name, &port, &real_proto) == 0)
2803 bpf_error("unknown port '%s'", name);
2804 if (proto == Q_UDP) {
2805 if (real_proto == IPPROTO_TCP)
2806 bpf_error("port '%s' is tcp", name);
2807 else
2808 /* override PROTO_UNDEF */
2809 real_proto = IPPROTO_UDP;
2810 }
2811 if (proto == Q_TCP) {
2812 if (real_proto == IPPROTO_UDP)
2813 bpf_error("port '%s' is udp", name);
2814 else
2815 /* override PROTO_UNDEF */
2816 real_proto = IPPROTO_TCP;
2817 }
2818 #ifndef INET6
2819 return gen_port(port, real_proto, dir);
2820 #else
2821 {
2822 struct block *b;
2823 b = gen_port(port, real_proto, dir);
2824 gen_or(gen_port6(port, real_proto, dir), b);
2825 return b;
2826 }
2827 #endif /* INET6 */
2828
2829 case Q_GATEWAY:
2830 #ifndef INET6
2831 eaddr = pcap_ether_hostton(name);
2832 if (eaddr == NULL)
2833 bpf_error("unknown ether host: %s", name);
2834
2835 alist = pcap_nametoaddr(name);
2836 if (alist == NULL || *alist == NULL)
2837 bpf_error("unknown host '%s'", name);
2838 return gen_gateway(eaddr, alist, proto, dir);
2839 #else
2840 bpf_error("'gateway' not supported in this configuration");
2841 #endif /*INET6*/
2842
2843 case Q_PROTO:
2844 real_proto = lookup_proto(name, proto);
2845 if (real_proto >= 0)
2846 return gen_proto(real_proto, proto, dir);
2847 else
2848 bpf_error("unknown protocol: %s", name);
2849
2850 case Q_PROTOCHAIN:
2851 real_proto = lookup_proto(name, proto);
2852 if (real_proto >= 0)
2853 return gen_protochain(real_proto, proto, dir);
2854 else
2855 bpf_error("unknown protocol: %s", name);
2856
2857
2858 case Q_UNDEF:
2859 syntax();
2860 /* NOTREACHED */
2861 }
2862 abort();
2863 /* NOTREACHED */
2864 }
2865
2866 struct block *
2867 gen_mcode(s1, s2, masklen, q)
2868 register const char *s1, *s2;
2869 register int masklen;
2870 struct qual q;
2871 {
2872 register int nlen, mlen;
2873 bpf_u_int32 n, m;
2874
2875 nlen = __pcap_atoin(s1, &n);
2876 /* Promote short ipaddr */
2877 n <<= 32 - nlen;
2878
2879 if (s2 != NULL) {
2880 mlen = __pcap_atoin(s2, &m);
2881 /* Promote short ipaddr */
2882 m <<= 32 - mlen;
2883 if ((n & ~m) != 0)
2884 bpf_error("non-network bits set in \"%s mask %s\"",
2885 s1, s2);
2886 } else {
2887 /* Convert mask len to mask */
2888 if (masklen > 32)
2889 bpf_error("mask length must be <= 32");
2890 m = 0xffffffff << (32 - masklen);
2891 if ((n & ~m) != 0)
2892 bpf_error("non-network bits set in \"%s/%d\"",
2893 s1, masklen);
2894 }
2895
2896 switch (q.addr) {
2897
2898 case Q_NET:
2899 return gen_host(n, m, q.proto, q.dir);
2900
2901 default:
2902 bpf_error("Mask syntax for networks only");
2903 /* NOTREACHED */
2904 }
2905 }
2906
2907 struct block *
2908 gen_ncode(s, v, q)
2909 register const char *s;
2910 bpf_u_int32 v;
2911 struct qual q;
2912 {
2913 bpf_u_int32 mask;
2914 int proto = q.proto;
2915 int dir = q.dir;
2916 register int vlen;
2917
2918 if (s == NULL)
2919 vlen = 32;
2920 else if (q.proto == Q_DECNET)
2921 vlen = __pcap_atodn(s, &v);
2922 else
2923 vlen = __pcap_atoin(s, &v);
2924
2925 switch (q.addr) {
2926
2927 case Q_DEFAULT:
2928 case Q_HOST:
2929 case Q_NET:
2930 if (proto == Q_DECNET)
2931 return gen_host(v, 0, proto, dir);
2932 else if (proto == Q_LINK) {
2933 bpf_error("illegal link layer address");
2934 } else {
2935 mask = 0xffffffff;
2936 if (s == NULL && q.addr == Q_NET) {
2937 /* Promote short net number */
2938 while (v && (v & 0xff000000) == 0) {
2939 v <<= 8;
2940 mask <<= 8;
2941 }
2942 } else {
2943 /* Promote short ipaddr */
2944 v <<= 32 - vlen;
2945 mask <<= 32 - vlen;
2946 }
2947 return gen_host(v, mask, proto, dir);
2948 }
2949
2950 case Q_PORT:
2951 if (proto == Q_UDP)
2952 proto = IPPROTO_UDP;
2953 else if (proto == Q_TCP)
2954 proto = IPPROTO_TCP;
2955 else if (proto == Q_DEFAULT)
2956 proto = PROTO_UNDEF;
2957 else
2958 bpf_error("illegal qualifier of 'port'");
2959
2960 #ifndef INET6
2961 return gen_port((int)v, proto, dir);
2962 #else
2963 {
2964 struct block *b;
2965 b = gen_port((int)v, proto, dir);
2966 gen_or(gen_port6((int)v, proto, dir), b);
2967 return b;
2968 }
2969 #endif /* INET6 */
2970
2971 case Q_GATEWAY:
2972 bpf_error("'gateway' requires a name");
2973 /* NOTREACHED */
2974
2975 case Q_PROTO:
2976 return gen_proto((int)v, proto, dir);
2977
2978 case Q_PROTOCHAIN:
2979 return gen_protochain((int)v, proto, dir);
2980
2981 case Q_UNDEF:
2982 syntax();
2983 /* NOTREACHED */
2984
2985 default:
2986 abort();
2987 /* NOTREACHED */
2988 }
2989 /* NOTREACHED */
2990 }
2991
2992 #ifdef INET6
2993 struct block *
2994 gen_mcode6(s1, s2, masklen, q)
2995 register const char *s1, *s2;
2996 register int masklen;
2997 struct qual q;
2998 {
2999 struct addrinfo *res;
3000 struct in6_addr *addr;
3001 struct in6_addr mask;
3002 struct block *b;
3003 u_int32_t *a, *m;
3004
3005 if (s2)
3006 bpf_error("no mask %s supported", s2);
3007
3008 res = pcap_nametoaddrinfo(s1);
3009 if (!res)
3010 bpf_error("invalid ip6 address %s", s1);
3011 if (res->ai_next)
3012 bpf_error("%s resolved to multiple address", s1);
3013 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr;
3014
3015 if (sizeof(mask) * 8 < masklen)
3016 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8));
3017 memset(&mask, 0xff, masklen / 8);
3018 if (masklen % 8) {
3019 mask.s6_addr[masklen / 8] =
3020 (0xff << (8 - masklen % 8)) & 0xff;
3021 }
3022
3023 a = (u_int32_t *)addr;
3024 m = (u_int32_t *)&mask;
3025 if ((a[0] & ~m[0]) || (a[1] & ~m[1])
3026 || (a[2] & ~m[2]) || (a[3] & ~m[3])) {
3027 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen);
3028 }
3029
3030 switch (q.addr) {
3031
3032 case Q_DEFAULT:
3033 case Q_HOST:
3034 if (masklen != 128)
3035 bpf_error("Mask syntax for networks only");
3036 /* FALLTHROUGH */
3037
3038 case Q_NET:
3039 b = gen_host6(addr, &mask, q.proto, q.dir);
3040 freeaddrinfo(res);
3041 return b;
3042
3043 default:
3044 bpf_error("invalid qualifier against IPv6 address");
3045 /* NOTREACHED */
3046 }
3047 }
3048 #endif /*INET6*/
3049
3050 struct block *
3051 gen_ecode(eaddr, q)
3052 register const u_char *eaddr;
3053 struct qual q;
3054 {
3055 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
3056 if (linktype == DLT_EN10MB)
3057 return gen_ehostop(eaddr, (int)q.dir);
3058 if (linktype == DLT_FDDI)
3059 return gen_fhostop(eaddr, (int)q.dir);
3060 if (linktype == DLT_IEEE802)
3061 return gen_thostop(eaddr, (int)q.dir);
3062 bpf_error("ethernet addresses supported only on ethernet, FDDI or token ring");
3063 }
3064 bpf_error("ethernet address used in non-ether expression");
3065 /* NOTREACHED */
3066 }
3067
3068 void
3069 sappend(s0, s1)
3070 struct slist *s0, *s1;
3071 {
3072 /*
3073 * This is definitely not the best way to do this, but the
3074 * lists will rarely get long.
3075 */
3076 while (s0->next)
3077 s0 = s0->next;
3078 s0->next = s1;
3079 }
3080
3081 static struct slist *
3082 xfer_to_x(a)
3083 struct arth *a;
3084 {
3085 struct slist *s;
3086
3087 s = new_stmt(BPF_LDX|BPF_MEM);
3088 s->s.k = a->regno;
3089 return s;
3090 }
3091
3092 static struct slist *
3093 xfer_to_a(a)
3094 struct arth *a;
3095 {
3096 struct slist *s;
3097
3098 s = new_stmt(BPF_LD|BPF_MEM);
3099 s->s.k = a->regno;
3100 return s;
3101 }
3102
3103 struct arth *
3104 gen_load(proto, index, size)
3105 int proto;
3106 struct arth *index;
3107 int size;
3108 {
3109 struct slist *s, *tmp;
3110 struct block *b;
3111 int regno = alloc_reg();
3112
3113 free_reg(index->regno);
3114 switch (size) {
3115
3116 default:
3117 bpf_error("data size must be 1, 2, or 4");
3118
3119 case 1:
3120 size = BPF_B;
3121 break;
3122
3123 case 2:
3124 size = BPF_H;
3125 break;
3126
3127 case 4:
3128 size = BPF_W;
3129 break;
3130 }
3131 switch (proto) {
3132 default:
3133 bpf_error("unsupported index operation");
3134
3135 case Q_LINK:
3136 s = xfer_to_x(index);
3137 tmp = new_stmt(BPF_LD|BPF_IND|size);
3138 sappend(s, tmp);
3139 sappend(index->s, s);
3140 break;
3141
3142 case Q_IP:
3143 case Q_ARP:
3144 case Q_RARP:
3145 case Q_ATALK:
3146 case Q_DECNET:
3147 case Q_SCA:
3148 case Q_LAT:
3149 case Q_MOPRC:
3150 case Q_MOPDL:
3151 #ifdef INET6
3152 case Q_IPV6:
3153 #endif
3154 /* XXX Note that we assume a fixed link header here. */
3155 s = xfer_to_x(index);
3156 tmp = new_stmt(BPF_LD|BPF_IND|size);
3157 tmp->s.k = off_nl;
3158 sappend(s, tmp);
3159 sappend(index->s, s);
3160
3161 b = gen_proto_abbrev(proto);
3162 if (index->b)
3163 gen_and(index->b, b);
3164 index->b = b;
3165 break;
3166
3167 case Q_TCP:
3168 case Q_UDP:
3169 case Q_ICMP:
3170 case Q_IGMP:
3171 case Q_IGRP:
3172 case Q_PIM:
3173 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
3174 s->s.k = off_nl;
3175 sappend(s, xfer_to_a(index));
3176 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X));
3177 sappend(s, new_stmt(BPF_MISC|BPF_TAX));
3178 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size));
3179 tmp->s.k = off_nl;
3180 sappend(index->s, s);
3181
3182 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag());
3183 if (index->b)
3184 gen_and(index->b, b);
3185 #ifdef INET6
3186 gen_and(gen_proto_abbrev(Q_IP), b);
3187 #endif
3188 index->b = b;
3189 break;
3190 #ifdef INET6
3191 case Q_ICMPV6:
3192 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]");
3193 /*NOTREACHED*/
3194 #endif
3195 }
3196 index->regno = regno;
3197 s = new_stmt(BPF_ST);
3198 s->s.k = regno;
3199 sappend(index->s, s);
3200
3201 return index;
3202 }
3203
3204 struct block *
3205 gen_relation(code, a0, a1, reversed)
3206 int code;
3207 struct arth *a0, *a1;
3208 int reversed;
3209 {
3210 struct slist *s0, *s1, *s2;
3211 struct block *b, *tmp;
3212
3213 s0 = xfer_to_x(a1);
3214 s1 = xfer_to_a(a0);
3215 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X);
3216 b = new_block(JMP(code));
3217 if (code == BPF_JGT || code == BPF_JGE) {
3218 reversed = !reversed;
3219 b->s.k = 0x80000000;
3220 }
3221 if (reversed)
3222 gen_not(b);
3223
3224 sappend(s1, s2);
3225 sappend(s0, s1);
3226 sappend(a1->s, s0);
3227 sappend(a0->s, a1->s);
3228
3229 b->stmts = a0->s;
3230
3231 free_reg(a0->regno);
3232 free_reg(a1->regno);
3233
3234 /* 'and' together protocol checks */
3235 if (a0->b) {
3236 if (a1->b) {
3237 gen_and(a0->b, tmp = a1->b);
3238 }
3239 else
3240 tmp = a0->b;
3241 } else
3242 tmp = a1->b;
3243
3244 if (tmp)
3245 gen_and(tmp, b);
3246
3247 return b;
3248 }
3249
3250 struct arth *
3251 gen_loadlen()
3252 {
3253 int regno = alloc_reg();
3254 struct arth *a = (struct arth *)newchunk(sizeof(*a));
3255 struct slist *s;
3256
3257 s = new_stmt(BPF_LD|BPF_LEN);
3258 s->next = new_stmt(BPF_ST);
3259 s->next->s.k = regno;
3260 a->s = s;
3261 a->regno = regno;
3262
3263 return a;
3264 }
3265
3266 struct arth *
3267 gen_loadi(val)
3268 int val;
3269 {
3270 struct arth *a;
3271 struct slist *s;
3272 int reg;
3273
3274 a = (struct arth *)newchunk(sizeof(*a));
3275
3276 reg = alloc_reg();
3277
3278 s = new_stmt(BPF_LD|BPF_IMM);
3279 s->s.k = val;
3280 s->next = new_stmt(BPF_ST);
3281 s->next->s.k = reg;
3282 a->s = s;
3283 a->regno = reg;
3284
3285 return a;
3286 }
3287
3288 struct arth *
3289 gen_neg(a)
3290 struct arth *a;
3291 {
3292 struct slist *s;
3293
3294 s = xfer_to_a(a);
3295 sappend(a->s, s);
3296 s = new_stmt(BPF_ALU|BPF_NEG);
3297 s->s.k = 0;
3298 sappend(a->s, s);
3299 s = new_stmt(BPF_ST);
3300 s->s.k = a->regno;
3301 sappend(a->s, s);
3302
3303 return a;
3304 }
3305
3306 struct arth *
3307 gen_arth(code, a0, a1)
3308 int code;
3309 struct arth *a0, *a1;
3310 {
3311 struct slist *s0, *s1, *s2;
3312
3313 s0 = xfer_to_x(a1);
3314 s1 = xfer_to_a(a0);
3315 s2 = new_stmt(BPF_ALU|BPF_X|code);
3316
3317 sappend(s1, s2);
3318 sappend(s0, s1);
3319 sappend(a1->s, s0);
3320 sappend(a0->s, a1->s);
3321
3322 free_reg(a1->regno);
3323
3324 s0 = new_stmt(BPF_ST);
3325 a0->regno = s0->s.k = alloc_reg();
3326 sappend(a0->s, s0);
3327
3328 return a0;
3329 }
3330
3331 /*
3332 * Here we handle simple allocation of the scratch registers.
3333 * If too many registers are alloc'd, the allocator punts.
3334 */
3335 static int regused[BPF_MEMWORDS];
3336 static int curreg;
3337
3338 /*
3339 * Return the next free register.
3340 */
3341 static int
3342 alloc_reg()
3343 {
3344 int n = BPF_MEMWORDS;
3345
3346 while (--n >= 0) {
3347 if (regused[curreg])
3348 curreg = (curreg + 1) % BPF_MEMWORDS;
3349 else {
3350 regused[curreg] = 1;
3351 return curreg;
3352 }
3353 }
3354 bpf_error("too many registers needed to evaluate expression");
3355 /* NOTREACHED */
3356 }
3357
3358 /*
3359 * Return a register to the table so it can
3360 * be used later.
3361 */
3362 static void
3363 free_reg(n)
3364 int n;
3365 {
3366 regused[n] = 0;
3367 }
3368
3369 static struct block *
3370 gen_len(jmp, n)
3371 int jmp, n;
3372 {
3373 struct slist *s;
3374 struct block *b;
3375
3376 s = new_stmt(BPF_LD|BPF_LEN);
3377 b = new_block(JMP(jmp));
3378 b->stmts = s;
3379 b->s.k = n;
3380
3381 return b;
3382 }
3383
3384 struct block *
3385 gen_greater(n)
3386 int n;
3387 {
3388 return gen_len(BPF_JGE, n);
3389 }
3390
3391 /*
3392 * Actually, this is less than or equal.
3393 */
3394 struct block *
3395 gen_less(n)
3396 int n;
3397 {
3398 struct block *b;
3399
3400 b = gen_len(BPF_JGT, n);
3401 gen_not(b);
3402
3403 return b;
3404 }
3405
3406 struct block *
3407 gen_byteop(op, idx, val)
3408 int op, idx, val;
3409 {
3410 struct block *b;
3411 struct slist *s;
3412
3413 switch (op) {
3414 default:
3415 abort();
3416
3417 case '=':
3418 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
3419
3420 case '<':
3421 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
3422 b->s.code = JMP(BPF_JGE);
3423 gen_not(b);
3424 return b;
3425
3426 case '>':
3427 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
3428 b->s.code = JMP(BPF_JGT);
3429 return b;
3430
3431 case '|':
3432 s = new_stmt(BPF_ALU|BPF_OR|BPF_K);
3433 break;
3434
3435 case '&':
3436 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
3437 break;
3438 }
3439 s->s.k = val;
3440 b = new_block(JMP(BPF_JEQ));
3441 b->stmts = s;
3442 gen_not(b);
3443
3444 return b;
3445 }
3446
3447 struct block *
3448 gen_broadcast(proto)
3449 int proto;
3450 {
3451 bpf_u_int32 hostmask;
3452 struct block *b0, *b1, *b2;
3453 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
3454
3455 switch (proto) {
3456
3457 case Q_DEFAULT:
3458 case Q_LINK:
3459 if (linktype == DLT_EN10MB)
3460 return gen_ehostop(ebroadcast, Q_DST);
3461 if (linktype == DLT_FDDI)
3462 return gen_fhostop(ebroadcast, Q_DST);
3463 if (linktype == DLT_IEEE802)
3464 return gen_thostop(ebroadcast, Q_DST);
3465 bpf_error("not a broadcast link");
3466 break;
3467
3468 case Q_IP:
3469 b0 = gen_linktype(ETHERTYPE_IP);
3470 hostmask = ~netmask;
3471 b1 = gen_mcmp(off_nl + 16, BPF_W, (bpf_int32)0, hostmask);
3472 b2 = gen_mcmp(off_nl + 16, BPF_W,
3473 (bpf_int32)(~0 & hostmask), hostmask);
3474 gen_or(b1, b2);
3475 gen_and(b0, b2);
3476 return b2;
3477 }
3478 bpf_error("only ether/ip broadcast filters supported");
3479 }
3480
3481 struct block *
3482 gen_multicast(proto)
3483 int proto;
3484 {
3485 register struct block *b0, *b1;
3486 register struct slist *s;
3487
3488 switch (proto) {
3489
3490 case Q_DEFAULT:
3491 case Q_LINK:
3492 if (linktype == DLT_EN10MB) {
3493 /* ether[0] & 1 != 0 */
3494 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
3495 s->s.k = 0;
3496 b0 = new_block(JMP(BPF_JSET));
3497 b0->s.k = 1;
3498 b0->stmts = s;
3499 return b0;
3500 }
3501
3502 if (linktype == DLT_FDDI) {
3503 /* XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX */
3504 /* fddi[1] & 1 != 0 */
3505 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
3506 s->s.k = 1;
3507 b0 = new_block(JMP(BPF_JSET));
3508 b0->s.k = 1;
3509 b0->stmts = s;
3510 return b0;
3511 }
3512
3513 /* TODO - check how token ring handles multicast */
3514 /* if (linktype == DLT_IEEE802) ... */
3515
3516 /* Link not known to support multicasts */
3517 break;
3518
3519 case Q_IP:
3520 b0 = gen_linktype(ETHERTYPE_IP);
3521 b1 = gen_cmp(off_nl + 16, BPF_B, (bpf_int32)224);
3522 b1->s.code = JMP(BPF_JGE);
3523 gen_and(b0, b1);
3524 return b1;
3525
3526 #ifdef INET6
3527 case Q_IPV6:
3528 b0 = gen_linktype(ETHERTYPE_IPV6);
3529 b1 = gen_cmp(off_nl + 24, BPF_B, (bpf_int32)255);
3530 gen_and(b0, b1);
3531 return b1;
3532 #endif /* INET6 */
3533 }
3534 bpf_error("only IP multicast filters supported on ethernet/FDDI");
3535 }
3536
3537 /*
3538 * generate command for inbound/outbound. It's here so we can
3539 * make it link-type specific. 'dir' = 0 implies "inbound",
3540 * = 1 implies "outbound".
3541 */
3542 struct block *
3543 gen_inbound(dir)
3544 int dir;
3545 {
3546 register struct block *b0;
3547
3548 /*
3549 * Only some data link types support inbound/outbound qualifiers.
3550 */
3551 switch (linktype) {
3552 case DLT_SLIP:
3553 case DLT_PPP:
3554 b0 = gen_relation(BPF_JEQ,
3555 gen_load(Q_LINK, gen_loadi(0), 1),
3556 gen_loadi(0),
3557 dir);
3558 break;
3559
3560 default:
3561 bpf_error("inbound/outbound not supported on linktype %d\n",
3562 linktype);
3563 b0 = NULL;
3564 /* NOTREACHED */
3565 }
3566 return (b0);
3567 }
3568
3569 /*
3570 * support IEEE 802.1Q VLAN trunk over ethernet
3571 */
3572 struct block *
3573 gen_vlan(vlan_num)
3574 int vlan_num;
3575 {
3576 static u_int orig_linktype = -1, orig_nl = -1;
3577 struct block *b0;
3578
3579 /*
3580 * Change the offsets to point to the type and data fields within
3581 * the VLAN packet. This is somewhat of a kludge.
3582 */
3583 if (orig_nl == (u_int)-1) {
3584 orig_linktype = off_linktype; /* save original values */
3585 orig_nl = off_nl;
3586
3587 switch (linktype) {
3588
3589 case DLT_EN10MB:
3590 off_linktype = 16;
3591 off_nl = 18;
3592 break;
3593
3594 default:
3595 bpf_error("no VLAN support for data link type %d",
3596 linktype);
3597 /*NOTREACHED*/
3598 }
3599 }
3600
3601 /* check for VLAN */
3602 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q);
3603
3604 /* If a specific VLAN is requested, check VLAN id */
3605 if (vlan_num >= 0) {
3606 struct block *b1;
3607
3608 b1 = gen_cmp(orig_nl, BPF_H, (bpf_int32)vlan_num);
3609 gen_and(b0, b1);
3610 b0 = b1;
3611 }
3612
3613 return (b0);
3614 }
[mirror] the LIBpcap interface to various kernel packet capture mechanism