]> The Tcpdump Group git mirrors - libpcap/blob - gencode.c
projects / libpcap / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Change from NetBSD, by Martin Husemann <[email protected]>:
[libpcap] / gencode.c
1 /*#define CHASE_CHAIN*/
2 /*
3 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998
4 * The Regents of the University of California. All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that: (1) source code distributions
8 * retain the above copyright notice and this paragraph in its entirety, (2)
9 * distributions including binary code include the above copyright notice and
10 * this paragraph in its entirety in the documentation or other materials
11 * provided with the distribution, and (3) all advertising materials mentioning
12 * features or use of this software display the following acknowledgement:
13 * ``This product includes software developed by the University of California,
14 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
15 * the University nor the names of its contributors may be used to endorse
16 * or promote products derived from this software without specific prior
17 * written permission.
18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
19 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
20 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
21 */
22 #ifndef lint
23 static const char rcsid[] =
24 "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.156 2001-06-20 07:12:38 guy Exp $ (LBL)";
25 #endif
26
27 #ifdef HAVE_CONFIG_H
28 #include "config.h"
29 #endif
30
31 #include <sys/types.h>
32 #include <sys/socket.h>
33 #include <sys/time.h>
34 #ifdef __NetBSD__
35 #include <sys/param.h>
36 #endif
37
38 struct mbuf;
39 struct rtentry;
40 #include <net/if.h>
41
42 #include <netinet/in.h>
43
44 #include <stdlib.h>
45 #include <string.h>
46 #include <memory.h>
47 #include <setjmp.h>
48 #include <stdarg.h>
49
50 #include "pcap-int.h"
51
52 #include "ethertype.h"
53 #include "nlpid.h"
54 #include "llc.h"
55 #include "gencode.h"
56 #include "ppp.h"
57 #include "sll.h"
58 #include "arcnet.h"
59 #include <pcap-namedb.h>
60 #ifdef INET6
61 #include <netdb.h>
62 #include <sys/socket.h>
63 #endif /*INET6*/
64
65 #define ETHERMTU 1500
66
67 #ifndef IPPROTO_SCTP
68 #define IPPROTO_SCTP 132
69 #endif
70
71 #ifdef HAVE_OS_PROTO_H
72 #include "os-proto.h"
73 #endif
74
75 #define JMP(c) ((c)|BPF_JMP|BPF_K)
76
77 /* Locals */
78 static jmp_buf top_ctx;
79 static pcap_t *bpf_pcap;
80
81 /* XXX */
82 #ifdef PCAP_FDDIPAD
83 int pcap_fddipad = PCAP_FDDIPAD;
84 #else
85 int pcap_fddipad;
86 #endif
87
88 /* VARARGS */
89 void
90 bpf_error(const char *fmt, ...)
91
92 {
93 va_list ap;
94
95 va_start(ap, fmt);
96 if (bpf_pcap != NULL)
97 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE,
98 fmt, ap);
99 va_end(ap);
100 longjmp(top_ctx, 1);
101 /* NOTREACHED */
102 }
103
104 static void init_linktype(int);
105
106 static int alloc_reg(void);
107 static void free_reg(int);
108
109 static struct block *root;
110
111 /*
112 * We divy out chunks of memory rather than call malloc each time so
113 * we don't have to worry about leaking memory. It's probably
114 * not a big deal if all this memory was wasted but it this ever
115 * goes into a library that would probably not be a good idea.
116 */
117 #define NCHUNKS 16
118 #define CHUNK0SIZE 1024
119 struct chunk {
120 u_int n_left;
121 void *m;
122 };
123
124 static struct chunk chunks[NCHUNKS];
125 static int cur_chunk;
126
127 static void *newchunk(u_int);
128 static void freechunks(void);
129 static inline struct block *new_block(int);
130 static inline struct slist *new_stmt(int);
131 static struct block *gen_retblk(int);
132 static inline void syntax(void);
133
134 static void backpatch(struct block *, struct block *);
135 static void merge(struct block *, struct block *);
136 static struct block *gen_cmp(u_int, u_int, bpf_int32);
137 static struct block *gen_cmp_gt(u_int, u_int, bpf_int32);
138 static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32);
139 static struct block *gen_bcmp(u_int, u_int, const u_char *);
140 static struct block *gen_uncond(int);
141 static inline struct block *gen_true(void);
142 static inline struct block *gen_false(void);
143 static struct block *gen_linktype(int);
144 static struct block *gen_snap(bpf_u_int32, bpf_u_int32, u_int);
145 static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int);
146 #ifdef INET6
147 static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int);
148 #endif
149 static struct block *gen_ahostop(const u_char *, int);
150 static struct block *gen_ehostop(const u_char *, int);
151 static struct block *gen_fhostop(const u_char *, int);
152 static struct block *gen_thostop(const u_char *, int);
153 static struct block *gen_dnhostop(bpf_u_int32, int, u_int);
154 static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int);
155 #ifdef INET6
156 static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int);
157 #endif
158 #ifndef INET6
159 static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int);
160 #endif
161 static struct block *gen_ipfrag(void);
162 static struct block *gen_portatom(int, bpf_int32);
163 #ifdef INET6
164 static struct block *gen_portatom6(int, bpf_int32);
165 #endif
166 struct block *gen_portop(int, int, int);
167 static struct block *gen_port(int, int, int);
168 #ifdef INET6
169 struct block *gen_portop6(int, int, int);
170 static struct block *gen_port6(int, int, int);
171 #endif
172 static int lookup_proto(const char *, int);
173 static struct block *gen_protochain(int, int, int);
174 static struct block *gen_proto(int, int, int);
175 static struct slist *xfer_to_x(struct arth *);
176 static struct slist *xfer_to_a(struct arth *);
177 static struct block *gen_len(int, int);
178
179 static void *
180 newchunk(n)
181 u_int n;
182 {
183 struct chunk *cp;
184 int k, size;
185
186 #ifndef __NetBSD__
187 /* XXX Round up to nearest long. */
188 n = (n + sizeof(long) - 1) & ~(sizeof(long) - 1);
189 #else
190 /* XXX Round up to structure boundary. */
191 n = ALIGN(n);
192 #endif
193
194 cp = &chunks[cur_chunk];
195 if (n > cp->n_left) {
196 ++cp, k = ++cur_chunk;
197 if (k >= NCHUNKS)
198 bpf_error("out of memory");
199 size = CHUNK0SIZE << k;
200 cp->m = (void *)malloc(size);
201 memset((char *)cp->m, 0, size);
202 cp->n_left = size;
203 if (n > size)
204 bpf_error("out of memory");
205 }
206 cp->n_left -= n;
207 return (void *)((char *)cp->m + cp->n_left);
208 }
209
210 static void
211 freechunks()
212 {
213 int i;
214
215 cur_chunk = 0;
216 for (i = 0; i < NCHUNKS; ++i)
217 if (chunks[i].m != NULL) {
218 free(chunks[i].m);
219 chunks[i].m = NULL;
220 }
221 }
222
223 /*
224 * A strdup whose allocations are freed after code generation is over.
225 */
226 char *
227 sdup(s)
228 register const char *s;
229 {
230 int n = strlen(s) + 1;
231 char *cp = newchunk(n);
232
233 strlcpy(cp, s, n);
234 return (cp);
235 }
236
237 static inline struct block *
238 new_block(code)
239 int code;
240 {
241 struct block *p;
242
243 p = (struct block *)newchunk(sizeof(*p));
244 p->s.code = code;
245 p->head = p;
246
247 return p;
248 }
249
250 static inline struct slist *
251 new_stmt(code)
252 int code;
253 {
254 struct slist *p;
255
256 p = (struct slist *)newchunk(sizeof(*p));
257 p->s.code = code;
258
259 return p;
260 }
261
262 static struct block *
263 gen_retblk(v)
264 int v;
265 {
266 struct block *b = new_block(BPF_RET|BPF_K);
267
268 b->s.k = v;
269 return b;
270 }
271
272 static inline void
273 syntax()
274 {
275 bpf_error("syntax error in filter expression");
276 }
277
278 static bpf_u_int32 netmask;
279 static int snaplen;
280 int no_optimize;
281
282 int
283 pcap_compile(pcap_t *p, struct bpf_program *program,
284 char *buf, int optimize, bpf_u_int32 mask)
285 {
286 extern int n_errors;
287 int len;
288
289 no_optimize = 0;
290 n_errors = 0;
291 root = NULL;
292 bpf_pcap = p;
293 if (setjmp(top_ctx)) {
294 lex_cleanup();
295 freechunks();
296 return (-1);
297 }
298
299 netmask = mask;
300
301 snaplen = pcap_snapshot(p);
302 if (snaplen == 0) {
303 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
304 "snaplen of 0 rejects all packets");
305 return -1;
306 }
307
308 lex_init(buf ? buf : "");
309 init_linktype(pcap_datalink(p));
310 (void)pcap_parse();
311
312 if (n_errors)
313 syntax();
314
315 if (root == NULL)
316 root = gen_retblk(snaplen);
317
318 if (optimize && !no_optimize) {
319 bpf_optimize(&root);
320 if (root == NULL ||
321 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0))
322 bpf_error("expression rejects all packets");
323 }
324 program->bf_insns = icode_to_fcode(root, &len);
325 program->bf_len = len;
326
327 lex_cleanup();
328 freechunks();
329 return (0);
330 }
331
332 /*
333 * entry point for using the compiler with no pcap open
334 * pass in all the stuff that is needed explicitly instead.
335 */
336 int
337 pcap_compile_nopcap(int snaplen_arg, int linktype_arg,
338 struct bpf_program *program,
339 char *buf, int optimize, bpf_u_int32 mask)
340 {
341 pcap_t *p;
342 int ret;
343
344 p = pcap_open_dead(linktype_arg, snaplen_arg);
345 if (p == NULL)
346 return (-1);
347 ret = pcap_compile(p, program, buf, optimize, mask);
348 pcap_close(p);
349 return (ret);
350 }
351
352 /*
353 * Clean up a "struct bpf_program" by freeing all the memory allocated
354 * in it.
355 */
356 void
357 pcap_freecode(struct bpf_program *program)
358 {
359 program->bf_len = 0;
360 if (program->bf_insns != NULL) {
361 free((char *)program->bf_insns);
362 program->bf_insns = NULL;
363 }
364 }
365
366 /*
367 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates
368 * which of the jt and jf fields has been resolved and which is a pointer
369 * back to another unresolved block (or nil). At least one of the fields
370 * in each block is already resolved.
371 */
372 static void
373 backpatch(list, target)
374 struct block *list, *target;
375 {
376 struct block *next;
377
378 while (list) {
379 if (!list->sense) {
380 next = JT(list);
381 JT(list) = target;
382 } else {
383 next = JF(list);
384 JF(list) = target;
385 }
386 list = next;
387 }
388 }
389
390 /*
391 * Merge the lists in b0 and b1, using the 'sense' field to indicate
392 * which of jt and jf is the link.
393 */
394 static void
395 merge(b0, b1)
396 struct block *b0, *b1;
397 {
398 register struct block **p = &b0;
399
400 /* Find end of list. */
401 while (*p)
402 p = !((*p)->sense) ? &JT(*p) : &JF(*p);
403
404 /* Concatenate the lists. */
405 *p = b1;
406 }
407
408 void
409 finish_parse(p)
410 struct block *p;
411 {
412 backpatch(p, gen_retblk(snaplen));
413 p->sense = !p->sense;
414 backpatch(p, gen_retblk(0));
415 root = p->head;
416 }
417
418 void
419 gen_and(b0, b1)
420 struct block *b0, *b1;
421 {
422 backpatch(b0, b1->head);
423 b0->sense = !b0->sense;
424 b1->sense = !b1->sense;
425 merge(b1, b0);
426 b1->sense = !b1->sense;
427 b1->head = b0->head;
428 }
429
430 void
431 gen_or(b0, b1)
432 struct block *b0, *b1;
433 {
434 b0->sense = !b0->sense;
435 backpatch(b0, b1->head);
436 b0->sense = !b0->sense;
437 merge(b1, b0);
438 b1->head = b0->head;
439 }
440
441 void
442 gen_not(b)
443 struct block *b;
444 {
445 b->sense = !b->sense;
446 }
447
448 static struct block *
449 gen_cmp(offset, size, v)
450 u_int offset, size;
451 bpf_int32 v;
452 {
453 struct slist *s;
454 struct block *b;
455
456 s = new_stmt(BPF_LD|BPF_ABS|size);
457 s->s.k = offset;
458
459 b = new_block(JMP(BPF_JEQ));
460 b->stmts = s;
461 b->s.k = v;
462
463 return b;
464 }
465
466 static struct block *
467 gen_cmp_gt(offset, size, v)
468 u_int offset, size;
469 bpf_int32 v;
470 {
471 struct slist *s;
472 struct block *b;
473
474 s = new_stmt(BPF_LD|BPF_ABS|size);
475 s->s.k = offset;
476
477 b = new_block(JMP(BPF_JGT));
478 b->stmts = s;
479 b->s.k = v;
480
481 return b;
482 }
483
484 static struct block *
485 gen_mcmp(offset, size, v, mask)
486 u_int offset, size;
487 bpf_int32 v;
488 bpf_u_int32 mask;
489 {
490 struct block *b = gen_cmp(offset, size, v);
491 struct slist *s;
492
493 if (mask != 0xffffffff) {
494 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
495 s->s.k = mask;
496 b->stmts->next = s;
497 }
498 return b;
499 }
500
501 static struct block *
502 gen_bcmp(offset, size, v)
503 register u_int offset, size;
504 register const u_char *v;
505 {
506 register struct block *b, *tmp;
507
508 b = NULL;
509 while (size >= 4) {
510 register const u_char *p = &v[size - 4];
511 bpf_int32 w = ((bpf_int32)p[0] << 24) |
512 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3];
513
514 tmp = gen_cmp(offset + size - 4, BPF_W, w);
515 if (b != NULL)
516 gen_and(b, tmp);
517 b = tmp;
518 size -= 4;
519 }
520 while (size >= 2) {
521 register const u_char *p = &v[size - 2];
522 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1];
523
524 tmp = gen_cmp(offset + size - 2, BPF_H, w);
525 if (b != NULL)
526 gen_and(b, tmp);
527 b = tmp;
528 size -= 2;
529 }
530 if (size > 0) {
531 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]);
532 if (b != NULL)
533 gen_and(b, tmp);
534 b = tmp;
535 }
536 return b;
537 }
538
539 /*
540 * Various code constructs need to know the layout of the data link
541 * layer. These variables give the necessary offsets. off_linktype
542 * is set to -1 for no encapsulation, in which case, IP is assumed.
543 */
544 static u_int off_linktype;
545 static u_int off_nl;
546 static int linktype;
547
548 static void
549 init_linktype(type)
550 int type;
551 {
552 linktype = type;
553
554 switch (type) {
555
556 case DLT_ARCNET:
557 off_linktype = 2;
558 off_nl = 6; /* XXX in reality, variable! */
559 return;
560
561 case DLT_EN10MB:
562 off_linktype = 12;
563 off_nl = 14;
564 return;
565
566 case DLT_SLIP:
567 /*
568 * SLIP doesn't have a link level type. The 16 byte
569 * header is hacked into our SLIP driver.
570 */
571 off_linktype = -1;
572 off_nl = 16;
573 return;
574
575 case DLT_SLIP_BSDOS:
576 /* XXX this may be the same as the DLT_PPP_BSDOS case */
577 off_linktype = -1;
578 /* XXX end */
579 off_nl = 24;
580 return;
581
582 case DLT_NULL:
583 case DLT_LOOP:
584 off_linktype = 0;
585 off_nl = 4;
586 return;
587
588 case DLT_PPP:
589 case DLT_C_HDLC: /* BSD/OS Cisco HDLC */
590 case DLT_PPP_SERIAL: /* NetBSD sync/async serial PPP */
591 off_linktype = 2;
592 off_nl = 4;
593 return;
594
595 case DLT_PPP_ETHER:
596 /*
597 * This does no include the Ethernet header, and
598 * only covers session state.
599 */
600 off_linktype = 6;
601 off_nl = 8;
602 return;
603
604 case DLT_PPP_BSDOS:
605 off_linktype = 5;
606 off_nl = 24;
607 return;
608
609 case DLT_FDDI:
610 /*
611 * FDDI doesn't really have a link-level type field.
612 * We set "off_linktype" to the offset of the LLC header.
613 *
614 * To check for Ethernet types, we assume that SSAP = SNAP
615 * is being used and pick out the encapsulated Ethernet type.
616 * XXX - should we generate code to check for SNAP?
617 */
618 off_linktype = 13;
619 #ifdef PCAP_FDDIPAD
620 off_linktype += pcap_fddipad;
621 #endif
622 off_nl = 21;
623 #ifdef PCAP_FDDIPAD
624 off_nl += pcap_fddipad;
625 #endif
626 return;
627
628 case DLT_IEEE802:
629 /*
630 * Token Ring doesn't really have a link-level type field.
631 * We set "off_linktype" to the offset of the LLC header.
632 *
633 * To check for Ethernet types, we assume that SSAP = SNAP
634 * is being used and pick out the encapsulated Ethernet type.
635 * XXX - should we generate code to check for SNAP?
636 *
637 * XXX - the header is actually variable-length.
638 * Some various Linux patched versions gave 38
639 * as "off_linktype" and 40 as "off_nl"; however,
640 * if a token ring packet has *no* routing
641 * information, i.e. is not source-routed, the correct
642 * values are 20 and 22, as they are in the vanilla code.
643 *
644 * A packet is source-routed iff the uppermost bit
645 * of the first byte of the source address, at an
646 * offset of 8, has the uppermost bit set. If the
647 * packet is source-routed, the total number of bytes
648 * of routing information is 2 plus bits 0x1F00 of
649 * the 16-bit value at an offset of 14 (shifted right
650 * 8 - figure out which byte that is).
651 */
652 off_linktype = 14;
653 off_nl = 22;
654 return;
655
656 case DLT_IEEE802_11:
657 /*
658 * 802.11 doesn't really have a link-level type field.
659 * We set "off_linktype" to the offset of the LLC header.
660 *
661 * To check for Ethernet types, we assume that SSAP = SNAP
662 * is being used and pick out the encapsulated Ethernet type.
663 * XXX - should we generate code to check for SNAP?
664 *
665 * XXX - the header is actually variable-length. We
666 * assume a 24-byte link-layer header, as appears in
667 * data frames in networks with no bridges.
668 */
669 off_linktype = 24;
670 off_nl = 30;
671 return;
672
673 case DLT_ATM_RFC1483:
674 /*
675 * assume routed, non-ISO PDUs
676 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00)
677 */
678 off_linktype = 6;
679 off_nl = 8;
680 return;
681
682 case DLT_RAW:
683 off_linktype = -1;
684 off_nl = 0;
685 return;
686
687 case DLT_ATM_CLIP: /* Linux ATM defines this */
688 off_linktype = 6;
689 off_nl = 8;
690 return;
691
692 case DLT_LINUX_SLL: /* fake header for Linux cooked socket */
693 off_linktype = 14;
694 off_nl = 16;
695 return;
696
697 case DLT_LTALK:
698 /*
699 * LocalTalk does have a 1-byte type field in the LLAP header,
700 * but really it just indicates whether there is a "short" or
701 * "long" DDP packet following.
702 */
703 off_linktype = -1;
704 off_nl = 0;
705 return;
706 }
707 bpf_error("unknown data link type %d", linktype);
708 /* NOTREACHED */
709 }
710
711 static struct block *
712 gen_uncond(rsense)
713 int rsense;
714 {
715 struct block *b;
716 struct slist *s;
717
718 s = new_stmt(BPF_LD|BPF_IMM);
719 s->s.k = !rsense;
720 b = new_block(JMP(BPF_JEQ));
721 b->stmts = s;
722
723 return b;
724 }
725
726 static inline struct block *
727 gen_true()
728 {
729 return gen_uncond(1);
730 }
731
732 static inline struct block *
733 gen_false()
734 {
735 return gen_uncond(0);
736 }
737
738 /*
739 * Byte-swap a 32-bit number.
740 * ("htonl()" or "ntohl()" won't work - we want to byte-swap even on
741 * big-endian platforms.)
742 */
743 #define SWAPLONG(y) \
744 ((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff))
745
746 static struct block *
747 gen_linktype(proto)
748 register int proto;
749 {
750 struct block *b0, *b1;
751
752 switch (linktype) {
753
754 case DLT_EN10MB:
755 switch (proto) {
756
757 case LLCSAP_ISONS:
758 /*
759 * OSI protocols always use 802.2 encapsulation.
760 * XXX - should we check both the DSAP and the
761 * SSAP, like this, or should we check just the
762 * DSAP?
763 */
764 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
765 gen_not(b0);
766 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
767 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
768 gen_and(b0, b1);
769 return b1;
770
771 case LLCSAP_NETBEUI:
772 /*
773 * NetBEUI always uses 802.2 encapsulation.
774 * XXX - should we check both the DSAP and the
775 * SSAP, like this, or should we check just the
776 * DSAP?
777 */
778 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
779 gen_not(b0);
780 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
781 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
782 gen_and(b0, b1);
783 return b1;
784
785 case LLCSAP_IPX:
786 /*
787 * Check for;
788 *
789 * Ethernet_II frames, which are Ethernet
790 * frames with a frame type of ETHERTYPE_IPX;
791 *
792 * Ethernet_802.3 frames, which are 802.3
793 * frames (i.e., the type/length field is
794 * a length field, <= ETHERMTU, rather than
795 * a type field) with the first two bytes
796 * after the Ethernet/802.3 header being
797 * 0xFFFF;
798 *
799 * Ethernet_802.2 frames, which are 802.3
800 * frames with an 802.2 LLC header and
801 * with the IPX LSAP as the DSAP in the LLC
802 * header;
803 *
804 * Ethernet_SNAP frames, which are 802.3
805 * frames with an LLC header and a SNAP
806 * header and with an OUI of 0x000000
807 * (encapsulated Ethernet) and a protocol
808 * ID of ETHERTYPE_IPX in the SNAP header.
809 *
810 * XXX - should we generate the same code both
811 * for tests for LLCSAP_IPX and for ETHERTYPE_IPX?
812 */
813
814 /*
815 * This generates code to check both for the
816 * IPX LSAP (Ethernet_802.2) and for Ethernet_802.3.
817 */
818 b0 = gen_cmp(off_linktype + 2, BPF_B,
819 (bpf_int32)LLCSAP_IPX);
820 b1 = gen_cmp(off_linktype + 2, BPF_H,
821 (bpf_int32)0xFFFF);
822 gen_or(b0, b1);
823
824 /*
825 * Now we add code to check for SNAP frames with
826 * ETHERTYPE_IPX, i.e. Ethernet_SNAP.
827 */
828 b0 = gen_snap(0x000000, ETHERTYPE_IPX, 14);
829 gen_or(b0, b1);
830
831 /*
832 * Now we generate code to check for 802.3
833 * frames in general.
834 */
835 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
836 gen_not(b0);
837
838 /*
839 * Now add the check for 802.3 frames before the
840 * check for Ethernet_802.2 and Ethernet_802.3,
841 * as those checks should only be done on 802.3
842 * frames, not on Ethernet frames.
843 */
844 gen_and(b0, b1);
845
846 /*
847 * Now add the check for Ethernet_II frames, and
848 * do that before checking for the other frame
849 * types.
850 */
851 b0 = gen_cmp(off_linktype, BPF_H,
852 (bpf_int32)ETHERTYPE_IPX);
853 gen_or(b0, b1);
854 return b1;
855
856 case ETHERTYPE_ATALK:
857 case ETHERTYPE_AARP:
858 /*
859 * EtherTalk (AppleTalk protocols on Ethernet link
860 * layer) may use 802.2 encapsulation.
861 */
862
863 /*
864 * Check for 802.2 encapsulation (EtherTalk phase 2?);
865 * we check for an Ethernet type field less than
866 * 1500, which means it's an 802.3 length field.
867 */
868 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
869 gen_not(b0);
870
871 /*
872 * 802.2-encapsulated ETHERTYPE_ATALK packets are
873 * SNAP packets with an organization code of
874 * 0x080007 (Apple, for Appletalk) and a protocol
875 * type of ETHERTYPE_ATALK (Appletalk).
876 *
877 * 802.2-encapsulated ETHERTYPE_AARP packets are
878 * SNAP packets with an organization code of
879 * 0x000000 (encapsulated Ethernet) and a protocol
880 * type of ETHERTYPE_AARP (Appletalk ARP).
881 */
882 if (proto == ETHERTYPE_ATALK)
883 b1 = gen_snap(0x080007, ETHERTYPE_ATALK, 14);
884 else /* proto == ETHERTYPE_AARP */
885 b1 = gen_snap(0x000000, ETHERTYPE_AARP, 14);
886 gen_and(b0, b1);
887
888 /*
889 * Check for Ethernet encapsulation (Ethertalk
890 * phase 1?); we just check for the Ethernet
891 * protocol type.
892 */
893 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
894
895 gen_or(b0, b1);
896 return b1;
897
898 default:
899 if (proto <= ETHERMTU) {
900 /*
901 * This is an LLC SAP value, so the frames
902 * that match would be 802.2 frames.
903 * Check that the frame is an 802.2 frame
904 * (i.e., that the length/type field is
905 * a length field, <= ETHERMTU) and
906 * then check the DSAP.
907 */
908 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
909 gen_not(b0);
910 b1 = gen_cmp(off_linktype + 2, BPF_B,
911 (bpf_int32)proto);
912 gen_and(b0, b1);
913 return b1;
914 } else {
915 /*
916 * This is an Ethernet type, so compare
917 * the length/type field with it (if
918 * the frame is an 802.2 frame, the length
919 * field will be <= ETHERMTU, and, as
920 * "proto" is > ETHERMTU, this test
921 * will fail and the frame won't match,
922 * which is what we want).
923 */
924 return gen_cmp(off_linktype, BPF_H,
925 (bpf_int32)proto);
926 }
927 }
928 break;
929
930 case DLT_IEEE802_11:
931 case DLT_FDDI:
932 case DLT_IEEE802:
933 case DLT_ATM_RFC1483:
934 case DLT_ATM_CLIP:
935 /*
936 * XXX - handle token-ring variable-length header.
937 */
938 switch (proto) {
939
940 case LLCSAP_ISONS:
941 return gen_cmp(off_linktype, BPF_H, (long)
942 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
943
944 case LLCSAP_NETBEUI:
945 return gen_cmp(off_linktype, BPF_H, (long)
946 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
947
948 case LLCSAP_IPX:
949 /*
950 * XXX - are there ever SNAP frames for IPX on
951 * non-Ethernet 802.x networks?
952 */
953 return gen_cmp(off_linktype, BPF_B,
954 (bpf_int32)LLCSAP_IPX);
955
956 case ETHERTYPE_ATALK:
957 /*
958 * 802.2-encapsulated ETHERTYPE_ATALK packets are
959 * SNAP packets with an organization code of
960 * 0x080007 (Apple, for Appletalk) and a protocol
961 * type of ETHERTYPE_ATALK (Appletalk).
962 *
963 * XXX - check for an organization code of
964 * encapsulated Ethernet as well?
965 */
966 return gen_snap(0x080007, ETHERTYPE_ATALK,
967 off_linktype);
968 break;
969
970 default:
971 /*
972 * XXX - we don't have to check for IPX 802.3
973 * here, but should we check for the IPX Ethertype?
974 */
975 if (proto <= ETHERMTU) {
976 /*
977 * This is an LLC SAP value, so check
978 * the DSAP.
979 */
980 return gen_cmp(off_linktype, BPF_B,
981 (bpf_int32)proto);
982 } else {
983 /*
984 * This is an Ethernet type; we assume
985 * that it's unlikely that it'll
986 * appear in the right place at random,
987 * and therefore check only the
988 * location that would hold the Ethernet
989 * type in a SNAP frame with an organization
990 * code of 0x000000 (encapsulated Ethernet).
991 *
992 * XXX - if we were to check for the SNAP DSAP
993 * and LSAP, as per XXX, and were also to check
994 * for an organization code of 0x000000
995 * (encapsulated Ethernet), we'd do
996 *
997 * return gen_snap(0x000000, proto,
998 * off_linktype);
999 *
1000 * here; for now, we don't, as per the above.
1001 * I don't know whether it's worth the
1002 * extra CPU time to do the right check
1003 * or not.
1004 */
1005 return gen_cmp(off_linktype+6, BPF_H,
1006 (bpf_int32)proto);
1007 }
1008 }
1009 break;
1010
1011 case DLT_LINUX_SLL:
1012 switch (proto) {
1013
1014 case LLCSAP_ISONS:
1015 /*
1016 * OSI protocols always use 802.2 encapsulation.
1017 * XXX - should we check both the DSAP and the
1018 * LSAP, like this, or should we check just the
1019 * DSAP?
1020 */
1021 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1022 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1023 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
1024 gen_and(b0, b1);
1025 return b1;
1026
1027 case LLCSAP_NETBEUI:
1028 /*
1029 * NetBEUI always uses 802.2 encapsulation.
1030 * XXX - should we check both the DSAP and the
1031 * LSAP, like this, or should we check just the
1032 * DSAP?
1033 */
1034 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1035 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1036 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
1037 gen_and(b0, b1);
1038 return b1;
1039
1040 case LLCSAP_IPX:
1041 /*
1042 * Ethernet_II frames, which are Ethernet
1043 * frames with a frame type of ETHERTYPE_IPX;
1044 *
1045 * Ethernet_802.3 frames, which have a frame
1046 * type of LINUX_SLL_P_802_3;
1047 *
1048 * Ethernet_802.2 frames, which are 802.3
1049 * frames with an 802.2 LLC header (i.e, have
1050 * a frame type of LINUX_SLL_P_802_2) and
1051 * with the IPX LSAP as the DSAP in the LLC
1052 * header;
1053 *
1054 * Ethernet_SNAP frames, which are 802.3
1055 * frames with an LLC header and a SNAP
1056 * header and with an OUI of 0x000000
1057 * (encapsulated Ethernet) and a protocol
1058 * ID of ETHERTYPE_IPX in the SNAP header.
1059 *
1060 * First, do the checks on LINUX_SLL_P_802_2
1061 * frames; generate the check for either
1062 * Ethernet_802.2 or Ethernet_SNAP frames, and
1063 * then put a check for LINUX_SLL_P_802_2 frames
1064 * before it.
1065 */
1066 b0 = gen_cmp(off_linktype + 2, BPF_B,
1067 (bpf_int32)LLCSAP_IPX);
1068 b1 = gen_snap(0x000000, ETHERTYPE_IPX,
1069 off_linktype + 2);
1070 gen_or(b0, b1);
1071 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1072 gen_and(b0, b1);
1073
1074 /*
1075 * Now check for 802.3 frames and OR that with
1076 * the previous test.
1077 */
1078 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_3);
1079 gen_or(b0, b1);
1080
1081 /*
1082 * Now add the check for Ethernet_II frames, and
1083 * do that before checking for the other frame
1084 * types.
1085 */
1086 b0 = gen_cmp(off_linktype, BPF_H,
1087 (bpf_int32)ETHERTYPE_IPX);
1088 gen_or(b0, b1);
1089 return b1;
1090
1091 case ETHERTYPE_ATALK:
1092 case ETHERTYPE_AARP:
1093 /*
1094 * EtherTalk (AppleTalk protocols on Ethernet link
1095 * layer) may use 802.2 encapsulation.
1096 */
1097
1098 /*
1099 * Check for 802.2 encapsulation (EtherTalk phase 2?);
1100 * we check for the 802.2 protocol type in the
1101 * "Ethernet type" field.
1102 */
1103 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1104
1105 /*
1106 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1107 * SNAP packets with an organization code of
1108 * 0x080007 (Apple, for Appletalk) and a protocol
1109 * type of ETHERTYPE_ATALK (Appletalk).
1110 *
1111 * 802.2-encapsulated ETHERTYPE_AARP packets are
1112 * SNAP packets with an organization code of
1113 * 0x000000 (encapsulated Ethernet) and a protocol
1114 * type of ETHERTYPE_AARP (Appletalk ARP).
1115 */
1116 if (proto == ETHERTYPE_ATALK)
1117 b1 = gen_snap(0x080007, ETHERTYPE_ATALK,
1118 off_linktype + 2);
1119 else /* proto == ETHERTYPE_AARP */
1120 b1 = gen_snap(0x000000, ETHERTYPE_AARP,
1121 off_linktype + 2);
1122 gen_and(b0, b1);
1123
1124 /*
1125 * Check for Ethernet encapsulation (Ethertalk
1126 * phase 1?); we just check for the Ethernet
1127 * protocol type.
1128 */
1129 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1130
1131 gen_or(b0, b1);
1132 return b1;
1133
1134 default:
1135 if (proto <= ETHERMTU) {
1136 /*
1137 * This is an LLC SAP value, so the frames
1138 * that match would be 802.2 frames.
1139 * Check for the 802.2 protocol type
1140 * in the "Ethernet type" field, and
1141 * then check the DSAP.
1142 */
1143 b0 = gen_cmp(off_linktype, BPF_H,
1144 LINUX_SLL_P_802_2);
1145 b1 = gen_cmp(off_linktype + 2, BPF_B,
1146 (bpf_int32)proto);
1147 gen_and(b0, b1);
1148 return b1;
1149 } else {
1150 /*
1151 * This is an Ethernet type, so compare
1152 * the length/type field with it (if
1153 * the frame is an 802.2 frame, the length
1154 * field will be <= ETHERMTU, and, as
1155 * "proto" is > ETHERMTU, this test
1156 * will fail and the frame won't match,
1157 * which is what we want).
1158 */
1159 return gen_cmp(off_linktype, BPF_H,
1160 (bpf_int32)proto);
1161 }
1162 }
1163 break;
1164
1165 case DLT_SLIP:
1166 case DLT_SLIP_BSDOS:
1167 case DLT_RAW:
1168 /*
1169 * These types don't provide any type field; packets
1170 * are always IP.
1171 *
1172 * XXX - for IPv4, check for a version number of 4, and,
1173 * for IPv6, check for a version number of 6?
1174 */
1175 switch (proto) {
1176
1177 case ETHERTYPE_IP:
1178 #ifdef INET6
1179 case ETHERTYPE_IPV6:
1180 #endif
1181 return gen_true(); /* always true */
1182
1183 default:
1184 return gen_false(); /* always false */
1185 }
1186 break;
1187
1188 case DLT_PPP:
1189 case DLT_PPP_SERIAL:
1190 case DLT_PPP_ETHER:
1191 /*
1192 * We use Ethernet protocol types inside libpcap;
1193 * map them to the corresponding PPP protocol types.
1194 */
1195 switch (proto) {
1196
1197 case ETHERTYPE_IP:
1198 proto = PPP_IP; /* XXX was 0x21 */
1199 break;
1200
1201 #ifdef INET6
1202 case ETHERTYPE_IPV6:
1203 proto = PPP_IPV6;
1204 break;
1205 #endif
1206
1207 case ETHERTYPE_DN:
1208 proto = PPP_DECNET;
1209 break;
1210
1211 case ETHERTYPE_ATALK:
1212 proto = PPP_APPLE;
1213 break;
1214
1215 case ETHERTYPE_NS:
1216 proto = PPP_NS;
1217 break;
1218
1219 case LLCSAP_ISONS:
1220 proto = PPP_OSI;
1221 break;
1222
1223 case LLCSAP_8021D:
1224 /*
1225 * I'm assuming the "Bridging PDU"s that go
1226 * over PPP are Spanning Tree Protocol
1227 * Bridging PDUs.
1228 */
1229 proto = PPP_BRPDU;
1230 break;
1231
1232 case LLCSAP_IPX:
1233 proto = PPP_IPX;
1234 break;
1235 }
1236 break;
1237
1238 case DLT_PPP_BSDOS:
1239 /*
1240 * We use Ethernet protocol types inside libpcap;
1241 * map them to the corresponding PPP protocol types.
1242 */
1243 switch (proto) {
1244
1245 case ETHERTYPE_IP:
1246 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP);
1247 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC);
1248 gen_or(b0, b1);
1249 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC);
1250 gen_or(b1, b0);
1251 return b0;
1252
1253 #ifdef INET6
1254 case ETHERTYPE_IPV6:
1255 proto = PPP_IPV6;
1256 /* more to go? */
1257 break;
1258 #endif
1259
1260 case ETHERTYPE_DN:
1261 proto = PPP_DECNET;
1262 break;
1263
1264 case ETHERTYPE_ATALK:
1265 proto = PPP_APPLE;
1266 break;
1267
1268 case ETHERTYPE_NS:
1269 proto = PPP_NS;
1270 break;
1271
1272 case LLCSAP_ISONS:
1273 proto = PPP_OSI;
1274 break;
1275
1276 case LLCSAP_8021D:
1277 /*
1278 * I'm assuming the "Bridging PDU"s that go
1279 * over PPP are Spanning Tree Protocol
1280 * Bridging PDUs.
1281 */
1282 proto = PPP_BRPDU;
1283 break;
1284
1285 case LLCSAP_IPX:
1286 proto = PPP_IPX;
1287 break;
1288 }
1289 break;
1290
1291 case DLT_NULL:
1292 case DLT_LOOP:
1293 /*
1294 * For DLT_NULL, the link-layer header is a 32-bit
1295 * word containing an AF_ value in *host* byte order.
1296 *
1297 * In addition, if we're reading a saved capture file,
1298 * the host byte order in the capture may not be the
1299 * same as the host byte order on this machine.
1300 *
1301 * For DLT_LOOP, the link-layer header is a 32-bit
1302 * word containing an AF_ value in *network* byte order.
1303 *
1304 * XXX - AF_ values may, unfortunately, be platform-
1305 * dependent; for example, FreeBSD's AF_INET6 is 24
1306 * whilst NetBSD's and OpenBSD's is 26.
1307 *
1308 * This means that, when reading a capture file, just
1309 * checking for our AF_INET6 value won't work if the
1310 * capture file came from another OS.
1311 */
1312 switch (proto) {
1313
1314 case ETHERTYPE_IP:
1315 proto = AF_INET;
1316 break;
1317
1318 #ifdef INET6
1319 case ETHERTYPE_IPV6:
1320 proto = AF_INET6;
1321 break;
1322 #endif
1323
1324 default:
1325 /*
1326 * Not a type on which we support filtering.
1327 * XXX - support those that have AF_ values
1328 * #defined on this platform, at least?
1329 */
1330 return gen_false();
1331 }
1332
1333 if (linktype == DLT_NULL) {
1334 /*
1335 * The AF_ value is in host byte order, but
1336 * the BPF interpreter will convert it to
1337 * network byte order.
1338 *
1339 * If this is a save file, and it's from a
1340 * machine with the opposite byte order to
1341 * ours, we byte-swap the AF_ value.
1342 *
1343 * Then we run it through "htonl()", and
1344 * generate code to compare against the result.
1345 */
1346 if (bpf_pcap->sf.rfile != NULL &&
1347 bpf_pcap->sf.swapped)
1348 proto = SWAPLONG(proto);
1349 proto = htonl(proto);
1350 }
1351 return (gen_cmp(0, BPF_W, (bpf_int32)proto));
1352
1353 case DLT_ARCNET:
1354 /*
1355 * XXX should we check for first fragment if the protocol
1356 * uses PHDS?
1357 */
1358 switch(proto) {
1359 default:
1360 return gen_false();
1361 #ifdef INET6
1362 case ETHERTYPE_IPV6:
1363 return(gen_cmp(2, BPF_B,
1364 (bpf_int32)htonl(ARCTYPE_INET6)));
1365 #endif /* INET6 */
1366 case ETHERTYPE_IP:
1367 b0 = gen_cmp(2, BPF_B, (bpf_int32)htonl(ARCTYPE_IP));
1368 b1 = gen_cmp(2, BPF_B,
1369 (bpf_int32)htonl(ARCTYPE_IP_OLD));
1370 gen_or(b0, b1);
1371 return(b1);
1372 case ETHERTYPE_ARP:
1373 b0 = gen_cmp(2, BPF_B, (bpf_int32)htonl(ARCTYPE_ARP));
1374 b1 = gen_cmp(2, BPF_B,
1375 (bpf_int32)htonl(ARCTYPE_ARP_OLD));
1376 gen_or(b0, b1);
1377 return(b1);
1378 case ETHERTYPE_REVARP:
1379 return(gen_cmp(2, BPF_B,
1380 (bpf_int32)htonl(ARCTYPE_REVARP)));
1381 case ETHERTYPE_ATALK:
1382 return(gen_cmp(2, BPF_B,
1383 (bpf_int32)htonl(ARCTYPE_ATALK)));
1384 }
1385 break;
1386
1387 case DLT_LTALK:
1388 switch (proto) {
1389 case ETHERTYPE_ATALK:
1390 return gen_true();
1391 default:
1392 return gen_false();
1393 }
1394 break;
1395 }
1396
1397 /*
1398 * All the types that have no encapsulation should either be
1399 * handled as DLT_SLIP, DLT_SLIP_BSDOS, and DLT_RAW are, if
1400 * all packets are IP packets, or should be handled in some
1401 * special case, if none of them are (if some are and some
1402 * aren't, the lack of encapsulation is a problem, as we'd
1403 * have to find some other way of determining the packet type).
1404 *
1405 * Therefore, if "off_linktype" is -1, there's an error.
1406 */
1407 if (off_linktype == -1)
1408 abort();
1409
1410 /*
1411 * Any type not handled above should always have an Ethernet
1412 * type at an offset of "off_linktype". (PPP is partially
1413 * handled above - the protocol type is mapped from the
1414 * Ethernet and LLC types we use internally to the corresponding
1415 * PPP type - but the PPP type is always specified by a value
1416 * at "off_linktype", so we don't have to do the code generation
1417 * above.)
1418 */
1419 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1420 }
1421
1422 /*
1423 * Check for an LLC SNAP packet with a given organization code and
1424 * protocol type; we check the entire contents of the 802.2 LLC and
1425 * snap headers, checking for DSAP and SSAP of SNAP and a control
1426 * field of 0x03 in the LLC header, and for the specified organization
1427 * code and protocol type in the SNAP header.
1428 */
1429 static struct block *
1430 gen_snap(orgcode, ptype, offset)
1431 bpf_u_int32 orgcode;
1432 bpf_u_int32 ptype;
1433 u_int offset;
1434 {
1435 u_char snapblock[8];
1436
1437 snapblock[0] = LLCSAP_SNAP; /* DSAP = SNAP */
1438 snapblock[1] = LLCSAP_SNAP; /* SSAP = SNAP */
1439 snapblock[2] = 0x03; /* control = UI */
1440 snapblock[3] = (orgcode >> 16); /* upper 8 bits of organization code */
1441 snapblock[4] = (orgcode >> 8); /* middle 8 bits of organization code */
1442 snapblock[5] = (orgcode >> 0); /* lower 8 bits of organization code */
1443 snapblock[6] = (ptype >> 8); /* upper 8 bits of protocol type */
1444 snapblock[7] = (ptype >> 0); /* lower 8 bits of protocol type */
1445 return gen_bcmp(offset, 8, snapblock);
1446 }
1447
1448 static struct block *
1449 gen_hostop(addr, mask, dir, proto, src_off, dst_off)
1450 bpf_u_int32 addr;
1451 bpf_u_int32 mask;
1452 int dir, proto;
1453 u_int src_off, dst_off;
1454 {
1455 struct block *b0, *b1;
1456 u_int offset;
1457
1458 switch (dir) {
1459
1460 case Q_SRC:
1461 offset = src_off;
1462 break;
1463
1464 case Q_DST:
1465 offset = dst_off;
1466 break;
1467
1468 case Q_AND:
1469 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
1470 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
1471 gen_and(b0, b1);
1472 return b1;
1473
1474 case Q_OR:
1475 case Q_DEFAULT:
1476 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
1477 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
1478 gen_or(b0, b1);
1479 return b1;
1480
1481 default:
1482 abort();
1483 }
1484 b0 = gen_linktype(proto);
1485 b1 = gen_mcmp(offset, BPF_W, (bpf_int32)addr, mask);
1486 gen_and(b0, b1);
1487 return b1;
1488 }
1489
1490 #ifdef INET6
1491 static struct block *
1492 gen_hostop6(addr, mask, dir, proto, src_off, dst_off)
1493 struct in6_addr *addr;
1494 struct in6_addr *mask;
1495 int dir, proto;
1496 u_int src_off, dst_off;
1497 {
1498 struct block *b0, *b1;
1499 u_int offset;
1500 u_int32_t *a, *m;
1501
1502 switch (dir) {
1503
1504 case Q_SRC:
1505 offset = src_off;
1506 break;
1507
1508 case Q_DST:
1509 offset = dst_off;
1510 break;
1511
1512 case Q_AND:
1513 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
1514 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
1515 gen_and(b0, b1);
1516 return b1;
1517
1518 case Q_OR:
1519 case Q_DEFAULT:
1520 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
1521 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
1522 gen_or(b0, b1);
1523 return b1;
1524
1525 default:
1526 abort();
1527 }
1528 /* this order is important */
1529 a = (u_int32_t *)addr;
1530 m = (u_int32_t *)mask;
1531 b1 = gen_mcmp(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3]));
1532 b0 = gen_mcmp(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2]));
1533 gen_and(b0, b1);
1534 b0 = gen_mcmp(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1]));
1535 gen_and(b0, b1);
1536 b0 = gen_mcmp(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0]));
1537 gen_and(b0, b1);
1538 b0 = gen_linktype(proto);
1539 gen_and(b0, b1);
1540 return b1;
1541 }
1542 #endif /*INET6*/
1543
1544 static struct block *
1545 gen_ehostop(eaddr, dir)
1546 register const u_char *eaddr;
1547 register int dir;
1548 {
1549 register struct block *b0, *b1;
1550
1551 switch (dir) {
1552 case Q_SRC:
1553 return gen_bcmp(6, 6, eaddr);
1554
1555 case Q_DST:
1556 return gen_bcmp(0, 6, eaddr);
1557
1558 case Q_AND:
1559 b0 = gen_ehostop(eaddr, Q_SRC);
1560 b1 = gen_ehostop(eaddr, Q_DST);
1561 gen_and(b0, b1);
1562 return b1;
1563
1564 case Q_DEFAULT:
1565 case Q_OR:
1566 b0 = gen_ehostop(eaddr, Q_SRC);
1567 b1 = gen_ehostop(eaddr, Q_DST);
1568 gen_or(b0, b1);
1569 return b1;
1570 }
1571 abort();
1572 /* NOTREACHED */
1573 }
1574
1575 /*
1576 * Like gen_ehostop, but for DLT_FDDI
1577 */
1578 static struct block *
1579 gen_fhostop(eaddr, dir)
1580 register const u_char *eaddr;
1581 register int dir;
1582 {
1583 struct block *b0, *b1;
1584
1585 switch (dir) {
1586 case Q_SRC:
1587 #ifdef PCAP_FDDIPAD
1588 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr);
1589 #else
1590 return gen_bcmp(6 + 1, 6, eaddr);
1591 #endif
1592
1593 case Q_DST:
1594 #ifdef PCAP_FDDIPAD
1595 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr);
1596 #else
1597 return gen_bcmp(0 + 1, 6, eaddr);
1598 #endif
1599
1600 case Q_AND:
1601 b0 = gen_fhostop(eaddr, Q_SRC);
1602 b1 = gen_fhostop(eaddr, Q_DST);
1603 gen_and(b0, b1);
1604 return b1;
1605
1606 case Q_DEFAULT:
1607 case Q_OR:
1608 b0 = gen_fhostop(eaddr, Q_SRC);
1609 b1 = gen_fhostop(eaddr, Q_DST);
1610 gen_or(b0, b1);
1611 return b1;
1612 }
1613 abort();
1614 /* NOTREACHED */
1615 }
1616
1617 /*
1618 * Like gen_ehostop, but for DLT_IEEE802 (Token Ring)
1619 */
1620 static struct block *
1621 gen_thostop(eaddr, dir)
1622 register const u_char *eaddr;
1623 register int dir;
1624 {
1625 register struct block *b0, *b1;
1626
1627 switch (dir) {
1628 case Q_SRC:
1629 return gen_bcmp(8, 6, eaddr);
1630
1631 case Q_DST:
1632 return gen_bcmp(2, 6, eaddr);
1633
1634 case Q_AND:
1635 b0 = gen_thostop(eaddr, Q_SRC);
1636 b1 = gen_thostop(eaddr, Q_DST);
1637 gen_and(b0, b1);
1638 return b1;
1639
1640 case Q_DEFAULT:
1641 case Q_OR:
1642 b0 = gen_thostop(eaddr, Q_SRC);
1643 b1 = gen_thostop(eaddr, Q_DST);
1644 gen_or(b0, b1);
1645 return b1;
1646 }
1647 abort();
1648 /* NOTREACHED */
1649 }
1650
1651 /*
1652 * This is quite tricky because there may be pad bytes in front of the
1653 * DECNET header, and then there are two possible data packet formats that
1654 * carry both src and dst addresses, plus 5 packet types in a format that
1655 * carries only the src node, plus 2 types that use a different format and
1656 * also carry just the src node.
1657 *
1658 * Yuck.
1659 *
1660 * Instead of doing those all right, we just look for data packets with
1661 * 0 or 1 bytes of padding. If you want to look at other packets, that
1662 * will require a lot more hacking.
1663 *
1664 * To add support for filtering on DECNET "areas" (network numbers)
1665 * one would want to add a "mask" argument to this routine. That would
1666 * make the filter even more inefficient, although one could be clever
1667 * and not generate masking instructions if the mask is 0xFFFF.
1668 */
1669 static struct block *
1670 gen_dnhostop(addr, dir, base_off)
1671 bpf_u_int32 addr;
1672 int dir;
1673 u_int base_off;
1674 {
1675 struct block *b0, *b1, *b2, *tmp;
1676 u_int offset_lh; /* offset if long header is received */
1677 u_int offset_sh; /* offset if short header is received */
1678
1679 switch (dir) {
1680
1681 case Q_DST:
1682 offset_sh = 1; /* follows flags */
1683 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */
1684 break;
1685
1686 case Q_SRC:
1687 offset_sh = 3; /* follows flags, dstnode */
1688 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */
1689 break;
1690
1691 case Q_AND:
1692 /* Inefficient because we do our Calvinball dance twice */
1693 b0 = gen_dnhostop(addr, Q_SRC, base_off);
1694 b1 = gen_dnhostop(addr, Q_DST, base_off);
1695 gen_and(b0, b1);
1696 return b1;
1697
1698 case Q_OR:
1699 case Q_DEFAULT:
1700 /* Inefficient because we do our Calvinball dance twice */
1701 b0 = gen_dnhostop(addr, Q_SRC, base_off);
1702 b1 = gen_dnhostop(addr, Q_DST, base_off);
1703 gen_or(b0, b1);
1704 return b1;
1705
1706 case Q_ISO:
1707 bpf_error("ISO host filtering not implemented");
1708
1709 default:
1710 abort();
1711 }
1712 b0 = gen_linktype(ETHERTYPE_DN);
1713 /* Check for pad = 1, long header case */
1714 tmp = gen_mcmp(base_off + 2, BPF_H,
1715 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF));
1716 b1 = gen_cmp(base_off + 2 + 1 + offset_lh,
1717 BPF_H, (bpf_int32)ntohs(addr));
1718 gen_and(tmp, b1);
1719 /* Check for pad = 0, long header case */
1720 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7);
1721 b2 = gen_cmp(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr));
1722 gen_and(tmp, b2);
1723 gen_or(b2, b1);
1724 /* Check for pad = 1, short header case */
1725 tmp = gen_mcmp(base_off + 2, BPF_H,
1726 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF));
1727 b2 = gen_cmp(base_off + 2 + 1 + offset_sh,
1728 BPF_H, (bpf_int32)ntohs(addr));
1729 gen_and(tmp, b2);
1730 gen_or(b2, b1);
1731 /* Check for pad = 0, short header case */
1732 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7);
1733 b2 = gen_cmp(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr));
1734 gen_and(tmp, b2);
1735 gen_or(b2, b1);
1736
1737 /* Combine with test for linktype */
1738 gen_and(b0, b1);
1739 return b1;
1740 }
1741
1742 static struct block *
1743 gen_host(addr, mask, proto, dir)
1744 bpf_u_int32 addr;
1745 bpf_u_int32 mask;
1746 int proto;
1747 int dir;
1748 {
1749 struct block *b0, *b1;
1750
1751 switch (proto) {
1752
1753 case Q_DEFAULT:
1754 b0 = gen_host(addr, mask, Q_IP, dir);
1755 if (off_linktype != -1) {
1756 b1 = gen_host(addr, mask, Q_ARP, dir);
1757 gen_or(b0, b1);
1758 b0 = gen_host(addr, mask, Q_RARP, dir);
1759 gen_or(b1, b0);
1760 }
1761 return b0;
1762
1763 case Q_IP:
1764 return gen_hostop(addr, mask, dir, ETHERTYPE_IP,
1765 off_nl + 12, off_nl + 16);
1766
1767 case Q_RARP:
1768 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP,
1769 off_nl + 14, off_nl + 24);
1770
1771 case Q_ARP:
1772 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP,
1773 off_nl + 14, off_nl + 24);
1774
1775 case Q_TCP:
1776 bpf_error("'tcp' modifier applied to host");
1777
1778 case Q_SCTP:
1779 bpf_error("'sctp' modifier applied to host");
1780
1781 case Q_UDP:
1782 bpf_error("'udp' modifier applied to host");
1783
1784 case Q_ICMP:
1785 bpf_error("'icmp' modifier applied to host");
1786
1787 case Q_IGMP:
1788 bpf_error("'igmp' modifier applied to host");
1789
1790 case Q_IGRP:
1791 bpf_error("'igrp' modifier applied to host");
1792
1793 case Q_PIM:
1794 bpf_error("'pim' modifier applied to host");
1795
1796 case Q_VRRP:
1797 bpf_error("'vrrp' modifier applied to host");
1798
1799 case Q_ATALK:
1800 bpf_error("ATALK host filtering not implemented");
1801
1802 case Q_AARP:
1803 bpf_error("AARP host filtering not implemented");
1804
1805 case Q_DECNET:
1806 return gen_dnhostop(addr, dir, off_nl);
1807
1808 case Q_SCA:
1809 bpf_error("SCA host filtering not implemented");
1810
1811 case Q_LAT:
1812 bpf_error("LAT host filtering not implemented");
1813
1814 case Q_MOPDL:
1815 bpf_error("MOPDL host filtering not implemented");
1816
1817 case Q_MOPRC:
1818 bpf_error("MOPRC host filtering not implemented");
1819
1820 #ifdef INET6
1821 case Q_IPV6:
1822 bpf_error("'ip6' modifier applied to ip host");
1823
1824 case Q_ICMPV6:
1825 bpf_error("'icmp6' modifier applied to host");
1826 #endif /* INET6 */
1827
1828 case Q_AH:
1829 bpf_error("'ah' modifier applied to host");
1830
1831 case Q_ESP:
1832 bpf_error("'esp' modifier applied to host");
1833
1834 case Q_ISO:
1835 bpf_error("ISO host filtering not implemented");
1836
1837 case Q_ESIS:
1838 bpf_error("'esis' modifier applied to host");
1839
1840 case Q_ISIS:
1841 bpf_error("'isis' modifier applied to host");
1842
1843 case Q_CLNP:
1844 bpf_error("'clnp' modifier applied to host");
1845
1846 case Q_STP:
1847 bpf_error("'stp' modifier applied to host");
1848
1849 case Q_IPX:
1850 bpf_error("IPX host filtering not implemented");
1851
1852 case Q_NETBEUI:
1853 bpf_error("'netbeui' modifier applied to host");
1854
1855 default:
1856 abort();
1857 }
1858 /* NOTREACHED */
1859 }
1860
1861 #ifdef INET6
1862 static struct block *
1863 gen_host6(addr, mask, proto, dir)
1864 struct in6_addr *addr;
1865 struct in6_addr *mask;
1866 int proto;
1867 int dir;
1868 {
1869 switch (proto) {
1870
1871 case Q_DEFAULT:
1872 return gen_host6(addr, mask, Q_IPV6, dir);
1873
1874 case Q_IP:
1875 bpf_error("'ip' modifier applied to ip6 host");
1876
1877 case Q_RARP:
1878 bpf_error("'rarp' modifier applied to ip6 host");
1879
1880 case Q_ARP:
1881 bpf_error("'arp' modifier applied to ip6 host");
1882
1883 case Q_SCTP:
1884 bpf_error("'sctp' modifier applied to host");
1885
1886 case Q_TCP:
1887 bpf_error("'tcp' modifier applied to host");
1888
1889 case Q_UDP:
1890 bpf_error("'udp' modifier applied to host");
1891
1892 case Q_ICMP:
1893 bpf_error("'icmp' modifier applied to host");
1894
1895 case Q_IGMP:
1896 bpf_error("'igmp' modifier applied to host");
1897
1898 case Q_IGRP:
1899 bpf_error("'igrp' modifier applied to host");
1900
1901 case Q_PIM:
1902 bpf_error("'pim' modifier applied to host");
1903
1904 case Q_VRRP:
1905 bpf_error("'vrrp' modifier applied to host");
1906
1907 case Q_ATALK:
1908 bpf_error("ATALK host filtering not implemented");
1909
1910 case Q_AARP:
1911 bpf_error("AARP host filtering not implemented");
1912
1913 case Q_DECNET:
1914 bpf_error("'decnet' modifier applied to ip6 host");
1915
1916 case Q_SCA:
1917 bpf_error("SCA host filtering not implemented");
1918
1919 case Q_LAT:
1920 bpf_error("LAT host filtering not implemented");
1921
1922 case Q_MOPDL:
1923 bpf_error("MOPDL host filtering not implemented");
1924
1925 case Q_MOPRC:
1926 bpf_error("MOPRC host filtering not implemented");
1927
1928 case Q_IPV6:
1929 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6,
1930 off_nl + 8, off_nl + 24);
1931
1932 case Q_ICMPV6:
1933 bpf_error("'icmp6' modifier applied to host");
1934
1935 case Q_AH:
1936 bpf_error("'ah' modifier applied to host");
1937
1938 case Q_ESP:
1939 bpf_error("'esp' modifier applied to host");
1940
1941 case Q_ISO:
1942 bpf_error("ISO host filtering not implemented");
1943
1944 case Q_ESIS:
1945 bpf_error("'esis' modifier applied to host");
1946
1947 case Q_ISIS:
1948 bpf_error("'isis' modifier applied to host");
1949
1950 case Q_CLNP:
1951 bpf_error("'clnp' modifier applied to host");
1952
1953 case Q_STP:
1954 bpf_error("'stp' modifier applied to host");
1955
1956 case Q_IPX:
1957 bpf_error("IPX host filtering not implemented");
1958
1959 case Q_NETBEUI:
1960 bpf_error("'netbeui' modifier applied to host");
1961
1962 default:
1963 abort();
1964 }
1965 /* NOTREACHED */
1966 }
1967 #endif /*INET6*/
1968
1969 #ifndef INET6
1970 static struct block *
1971 gen_gateway(eaddr, alist, proto, dir)
1972 const u_char *eaddr;
1973 bpf_u_int32 **alist;
1974 int proto;
1975 int dir;
1976 {
1977 struct block *b0, *b1, *tmp;
1978
1979 if (dir != 0)
1980 bpf_error("direction applied to 'gateway'");
1981
1982 switch (proto) {
1983 case Q_DEFAULT:
1984 case Q_IP:
1985 case Q_ARP:
1986 case Q_RARP:
1987 if (linktype == DLT_EN10MB)
1988 b0 = gen_ehostop(eaddr, Q_OR);
1989 else if (linktype == DLT_FDDI)
1990 b0 = gen_fhostop(eaddr, Q_OR);
1991 else if (linktype == DLT_IEEE802)
1992 b0 = gen_thostop(eaddr, Q_OR);
1993 else
1994 bpf_error(
1995 "'gateway' supported only on ethernet, FDDI or token ring");
1996
1997 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR);
1998 while (*alist) {
1999 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR);
2000 gen_or(b1, tmp);
2001 b1 = tmp;
2002 }
2003 gen_not(b1);
2004 gen_and(b0, b1);
2005 return b1;
2006 }
2007 bpf_error("illegal modifier of 'gateway'");
2008 /* NOTREACHED */
2009 }
2010 #endif
2011
2012 struct block *
2013 gen_proto_abbrev(proto)
2014 int proto;
2015 {
2016 #ifdef INET6
2017 struct block *b0;
2018 #endif
2019 struct block *b1;
2020
2021 switch (proto) {
2022
2023 case Q_SCTP:
2024 b1 = gen_proto(IPPROTO_SCTP, Q_IP, Q_DEFAULT);
2025 #ifdef INET6
2026 b0 = gen_proto(IPPROTO_SCTP, Q_IPV6, Q_DEFAULT);
2027 gen_or(b0, b1);
2028 #endif
2029 break;
2030
2031 case Q_TCP:
2032 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT);
2033 #ifdef INET6
2034 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT);
2035 gen_or(b0, b1);
2036 #endif
2037 break;
2038
2039 case Q_UDP:
2040 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT);
2041 #ifdef INET6
2042 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT);
2043 gen_or(b0, b1);
2044 #endif
2045 break;
2046
2047 case Q_ICMP:
2048 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT);
2049 break;
2050
2051 #ifndef IPPROTO_IGMP
2052 #define IPPROTO_IGMP 2
2053 #endif
2054
2055 case Q_IGMP:
2056 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT);
2057 break;
2058
2059 #ifndef IPPROTO_IGRP
2060 #define IPPROTO_IGRP 9
2061 #endif
2062 case Q_IGRP:
2063 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT);
2064 break;
2065
2066 #ifndef IPPROTO_PIM
2067 #define IPPROTO_PIM 103
2068 #endif
2069
2070 case Q_PIM:
2071 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT);
2072 #ifdef INET6
2073 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT);
2074 gen_or(b0, b1);
2075 #endif
2076 break;
2077
2078 #ifndef IPPROTO_VRRP
2079 #define IPPROTO_VRRP 112
2080 #endif
2081
2082 case Q_VRRP:
2083 b1 = gen_proto(IPPROTO_VRRP, Q_IP, Q_DEFAULT);
2084 break;
2085
2086 case Q_IP:
2087 b1 = gen_linktype(ETHERTYPE_IP);
2088 break;
2089
2090 case Q_ARP:
2091 b1 = gen_linktype(ETHERTYPE_ARP);
2092 break;
2093
2094 case Q_RARP:
2095 b1 = gen_linktype(ETHERTYPE_REVARP);
2096 break;
2097
2098 case Q_LINK:
2099 bpf_error("link layer applied in wrong context");
2100
2101 case Q_ATALK:
2102 b1 = gen_linktype(ETHERTYPE_ATALK);
2103 break;
2104
2105 case Q_AARP:
2106 b1 = gen_linktype(ETHERTYPE_AARP);
2107 break;
2108
2109 case Q_DECNET:
2110 b1 = gen_linktype(ETHERTYPE_DN);
2111 break;
2112
2113 case Q_SCA:
2114 b1 = gen_linktype(ETHERTYPE_SCA);
2115 break;
2116
2117 case Q_LAT:
2118 b1 = gen_linktype(ETHERTYPE_LAT);
2119 break;
2120
2121 case Q_MOPDL:
2122 b1 = gen_linktype(ETHERTYPE_MOPDL);
2123 break;
2124
2125 case Q_MOPRC:
2126 b1 = gen_linktype(ETHERTYPE_MOPRC);
2127 break;
2128
2129 #ifdef INET6
2130 case Q_IPV6:
2131 b1 = gen_linktype(ETHERTYPE_IPV6);
2132 break;
2133
2134 #ifndef IPPROTO_ICMPV6
2135 #define IPPROTO_ICMPV6 58
2136 #endif
2137 case Q_ICMPV6:
2138 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT);
2139 break;
2140 #endif /* INET6 */
2141
2142 #ifndef IPPROTO_AH
2143 #define IPPROTO_AH 51
2144 #endif
2145 case Q_AH:
2146 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT);
2147 #ifdef INET6
2148 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT);
2149 gen_or(b0, b1);
2150 #endif
2151 break;
2152
2153 #ifndef IPPROTO_ESP
2154 #define IPPROTO_ESP 50
2155 #endif
2156 case Q_ESP:
2157 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT);
2158 #ifdef INET6
2159 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT);
2160 gen_or(b0, b1);
2161 #endif
2162 break;
2163
2164 case Q_ISO:
2165 b1 = gen_linktype(LLCSAP_ISONS);
2166 break;
2167
2168 case Q_ESIS:
2169 b1 = gen_proto(ISO9542_ESIS, Q_ISO, Q_DEFAULT);
2170 break;
2171
2172 case Q_ISIS:
2173 b1 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT);
2174 break;
2175
2176 case Q_CLNP:
2177 b1 = gen_proto(ISO8473_CLNP, Q_ISO, Q_DEFAULT);
2178 break;
2179
2180 case Q_STP:
2181 b1 = gen_linktype(LLCSAP_8021D);
2182 break;
2183
2184 case Q_IPX:
2185 b1 = gen_linktype(LLCSAP_IPX);
2186 break;
2187
2188 case Q_NETBEUI:
2189 b1 = gen_linktype(LLCSAP_NETBEUI);
2190 break;
2191
2192 default:
2193 abort();
2194 }
2195 return b1;
2196 }
2197
2198 static struct block *
2199 gen_ipfrag()
2200 {
2201 struct slist *s;
2202 struct block *b;
2203
2204 /* not ip frag */
2205 s = new_stmt(BPF_LD|BPF_H|BPF_ABS);
2206 s->s.k = off_nl + 6;
2207 b = new_block(JMP(BPF_JSET));
2208 b->s.k = 0x1fff;
2209 b->stmts = s;
2210 gen_not(b);
2211
2212 return b;
2213 }
2214
2215 static struct block *
2216 gen_portatom(off, v)
2217 int off;
2218 bpf_int32 v;
2219 {
2220 struct slist *s;
2221 struct block *b;
2222
2223 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
2224 s->s.k = off_nl;
2225
2226 s->next = new_stmt(BPF_LD|BPF_IND|BPF_H);
2227 s->next->s.k = off_nl + off;
2228
2229 b = new_block(JMP(BPF_JEQ));
2230 b->stmts = s;
2231 b->s.k = v;
2232
2233 return b;
2234 }
2235
2236 #ifdef INET6
2237 static struct block *
2238 gen_portatom6(off, v)
2239 int off;
2240 bpf_int32 v;
2241 {
2242 return gen_cmp(off_nl + 40 + off, BPF_H, v);
2243 }
2244 #endif/*INET6*/
2245
2246 struct block *
2247 gen_portop(port, proto, dir)
2248 int port, proto, dir;
2249 {
2250 struct block *b0, *b1, *tmp;
2251
2252 /* ip proto 'proto' */
2253 tmp = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)proto);
2254 b0 = gen_ipfrag();
2255 gen_and(tmp, b0);
2256
2257 switch (dir) {
2258 case Q_SRC:
2259 b1 = gen_portatom(0, (bpf_int32)port);
2260 break;
2261
2262 case Q_DST:
2263 b1 = gen_portatom(2, (bpf_int32)port);
2264 break;
2265
2266 case Q_OR:
2267 case Q_DEFAULT:
2268 tmp = gen_portatom(0, (bpf_int32)port);
2269 b1 = gen_portatom(2, (bpf_int32)port);
2270 gen_or(tmp, b1);
2271 break;
2272
2273 case Q_AND:
2274 tmp = gen_portatom(0, (bpf_int32)port);
2275 b1 = gen_portatom(2, (bpf_int32)port);
2276 gen_and(tmp, b1);
2277 break;
2278
2279 default:
2280 abort();
2281 }
2282 gen_and(b0, b1);
2283
2284 return b1;
2285 }
2286
2287 static struct block *
2288 gen_port(port, ip_proto, dir)
2289 int port;
2290 int ip_proto;
2291 int dir;
2292 {
2293 struct block *b0, *b1, *tmp;
2294
2295 /* ether proto ip */
2296 b0 = gen_linktype(ETHERTYPE_IP);
2297
2298 switch (ip_proto) {
2299 case IPPROTO_UDP:
2300 case IPPROTO_TCP:
2301 case IPPROTO_SCTP:
2302 b1 = gen_portop(port, ip_proto, dir);
2303 break;
2304
2305 case PROTO_UNDEF:
2306 tmp = gen_portop(port, IPPROTO_TCP, dir);
2307 b1 = gen_portop(port, IPPROTO_UDP, dir);
2308 gen_or(tmp, b1);
2309 tmp = gen_portop(port, IPPROTO_SCTP, dir);
2310 gen_or(tmp, b1);
2311 break;
2312
2313 default:
2314 abort();
2315 }
2316 gen_and(b0, b1);
2317 return b1;
2318 }
2319
2320 #ifdef INET6
2321 struct block *
2322 gen_portop6(port, proto, dir)
2323 int port, proto, dir;
2324 {
2325 struct block *b0, *b1, *tmp;
2326
2327 /* ip proto 'proto' */
2328 b0 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)proto);
2329
2330 switch (dir) {
2331 case Q_SRC:
2332 b1 = gen_portatom6(0, (bpf_int32)port);
2333 break;
2334
2335 case Q_DST:
2336 b1 = gen_portatom6(2, (bpf_int32)port);
2337 break;
2338
2339 case Q_OR:
2340 case Q_DEFAULT:
2341 tmp = gen_portatom6(0, (bpf_int32)port);
2342 b1 = gen_portatom6(2, (bpf_int32)port);
2343 gen_or(tmp, b1);
2344 break;
2345
2346 case Q_AND:
2347 tmp = gen_portatom6(0, (bpf_int32)port);
2348 b1 = gen_portatom6(2, (bpf_int32)port);
2349 gen_and(tmp, b1);
2350 break;
2351
2352 default:
2353 abort();
2354 }
2355 gen_and(b0, b1);
2356
2357 return b1;
2358 }
2359
2360 static struct block *
2361 gen_port6(port, ip_proto, dir)
2362 int port;
2363 int ip_proto;
2364 int dir;
2365 {
2366 struct block *b0, *b1, *tmp;
2367
2368 /* ether proto ip */
2369 b0 = gen_linktype(ETHERTYPE_IPV6);
2370
2371 switch (ip_proto) {
2372 case IPPROTO_UDP:
2373 case IPPROTO_TCP:
2374 case IPPROTO_SCTP:
2375 b1 = gen_portop6(port, ip_proto, dir);
2376 break;
2377
2378 case PROTO_UNDEF:
2379 tmp = gen_portop6(port, IPPROTO_TCP, dir);
2380 b1 = gen_portop6(port, IPPROTO_UDP, dir);
2381 gen_or(tmp, b1);
2382 tmp = gen_portop6(port, IPPROTO_SCTP, dir);
2383 gen_or(tmp, b1);
2384 break;
2385
2386 default:
2387 abort();
2388 }
2389 gen_and(b0, b1);
2390 return b1;
2391 }
2392 #endif /* INET6 */
2393
2394 static int
2395 lookup_proto(name, proto)
2396 register const char *name;
2397 register int proto;
2398 {
2399 register int v;
2400
2401 switch (proto) {
2402
2403 case Q_DEFAULT:
2404 case Q_IP:
2405 case Q_IPV6:
2406 v = pcap_nametoproto(name);
2407 if (v == PROTO_UNDEF)
2408 bpf_error("unknown ip proto '%s'", name);
2409 break;
2410
2411 case Q_LINK:
2412 /* XXX should look up h/w protocol type based on linktype */
2413 v = pcap_nametoeproto(name);
2414 if (v == PROTO_UNDEF)
2415 bpf_error("unknown ether proto '%s'", name);
2416 break;
2417
2418 case Q_ISO:
2419 if (strcmp(name, "esis") == 0)
2420 v = ISO9542_ESIS;
2421 else if (strcmp(name, "isis") == 0)
2422 v = ISO10589_ISIS;
2423 else if (strcmp(name, "clnp") == 0)
2424 v = ISO8473_CLNP;
2425 else
2426 bpf_error("unknown osi proto '%s'", name);
2427 break;
2428
2429 default:
2430 v = PROTO_UNDEF;
2431 break;
2432 }
2433 return v;
2434 }
2435
2436 #if 0
2437 struct stmt *
2438 gen_joinsp(s, n)
2439 struct stmt **s;
2440 int n;
2441 {
2442 return NULL;
2443 }
2444 #endif
2445
2446 static struct block *
2447 gen_protochain(v, proto, dir)
2448 int v;
2449 int proto;
2450 int dir;
2451 {
2452 #ifdef NO_PROTOCHAIN
2453 return gen_proto(v, proto, dir);
2454 #else
2455 struct block *b0, *b;
2456 struct slist *s[100];
2457 int fix2, fix3, fix4, fix5;
2458 int ahcheck, again, end;
2459 int i, max;
2460 int reg2 = alloc_reg();
2461
2462 memset(s, 0, sizeof(s));
2463 fix2 = fix3 = fix4 = fix5 = 0;
2464
2465 switch (proto) {
2466 case Q_IP:
2467 case Q_IPV6:
2468 break;
2469 case Q_DEFAULT:
2470 b0 = gen_protochain(v, Q_IP, dir);
2471 b = gen_protochain(v, Q_IPV6, dir);
2472 gen_or(b0, b);
2473 return b;
2474 default:
2475 bpf_error("bad protocol applied for 'protochain'");
2476 /*NOTREACHED*/
2477 }
2478
2479 no_optimize = 1; /*this code is not compatible with optimzer yet */
2480
2481 /*
2482 * s[0] is a dummy entry to protect other BPF insn from damaged
2483 * by s[fix] = foo with uninitialized variable "fix". It is somewhat
2484 * hard to find interdependency made by jump table fixup.
2485 */
2486 i = 0;
2487 s[i] = new_stmt(0); /*dummy*/
2488 i++;
2489
2490 switch (proto) {
2491 case Q_IP:
2492 b0 = gen_linktype(ETHERTYPE_IP);
2493
2494 /* A = ip->ip_p */
2495 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
2496 s[i]->s.k = off_nl + 9;
2497 i++;
2498 /* X = ip->ip_hl << 2 */
2499 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
2500 s[i]->s.k = off_nl;
2501 i++;
2502 break;
2503 #ifdef INET6
2504 case Q_IPV6:
2505 b0 = gen_linktype(ETHERTYPE_IPV6);
2506
2507 /* A = ip6->ip_nxt */
2508 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
2509 s[i]->s.k = off_nl + 6;
2510 i++;
2511 /* X = sizeof(struct ip6_hdr) */
2512 s[i] = new_stmt(BPF_LDX|BPF_IMM);
2513 s[i]->s.k = 40;
2514 i++;
2515 break;
2516 #endif
2517 default:
2518 bpf_error("unsupported proto to gen_protochain");
2519 /*NOTREACHED*/
2520 }
2521
2522 /* again: if (A == v) goto end; else fall through; */
2523 again = i;
2524 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2525 s[i]->s.k = v;
2526 s[i]->s.jt = NULL; /*later*/
2527 s[i]->s.jf = NULL; /*update in next stmt*/
2528 fix5 = i;
2529 i++;
2530
2531 #ifndef IPPROTO_NONE
2532 #define IPPROTO_NONE 59
2533 #endif
2534 /* if (A == IPPROTO_NONE) goto end */
2535 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2536 s[i]->s.jt = NULL; /*later*/
2537 s[i]->s.jf = NULL; /*update in next stmt*/
2538 s[i]->s.k = IPPROTO_NONE;
2539 s[fix5]->s.jf = s[i];
2540 fix2 = i;
2541 i++;
2542
2543 #ifdef INET6
2544 if (proto == Q_IPV6) {
2545 int v6start, v6end, v6advance, j;
2546
2547 v6start = i;
2548 /* if (A == IPPROTO_HOPOPTS) goto v6advance */
2549 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2550 s[i]->s.jt = NULL; /*later*/
2551 s[i]->s.jf = NULL; /*update in next stmt*/
2552 s[i]->s.k = IPPROTO_HOPOPTS;
2553 s[fix2]->s.jf = s[i];
2554 i++;
2555 /* if (A == IPPROTO_DSTOPTS) goto v6advance */
2556 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2557 s[i]->s.jt = NULL; /*later*/
2558 s[i]->s.jf = NULL; /*update in next stmt*/
2559 s[i]->s.k = IPPROTO_DSTOPTS;
2560 i++;
2561 /* if (A == IPPROTO_ROUTING) goto v6advance */
2562 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2563 s[i]->s.jt = NULL; /*later*/
2564 s[i]->s.jf = NULL; /*update in next stmt*/
2565 s[i]->s.k = IPPROTO_ROUTING;
2566 i++;
2567 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */
2568 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2569 s[i]->s.jt = NULL; /*later*/
2570 s[i]->s.jf = NULL; /*later*/
2571 s[i]->s.k = IPPROTO_FRAGMENT;
2572 fix3 = i;
2573 v6end = i;
2574 i++;
2575
2576 /* v6advance: */
2577 v6advance = i;
2578
2579 /*
2580 * in short,
2581 * A = P[X];
2582 * X = X + (P[X + 1] + 1) * 8;
2583 */
2584 /* A = X */
2585 s[i] = new_stmt(BPF_MISC|BPF_TXA);
2586 i++;
2587 /* A = P[X + packet head] */
2588 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2589 s[i]->s.k = off_nl;
2590 i++;
2591 /* MEM[reg2] = A */
2592 s[i] = new_stmt(BPF_ST);
2593 s[i]->s.k = reg2;
2594 i++;
2595 /* A = X */
2596 s[i] = new_stmt(BPF_MISC|BPF_TXA);
2597 i++;
2598 /* A += 1 */
2599 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2600 s[i]->s.k = 1;
2601 i++;
2602 /* X = A */
2603 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2604 i++;
2605 /* A = P[X + packet head]; */
2606 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2607 s[i]->s.k = off_nl;
2608 i++;
2609 /* A += 1 */
2610 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2611 s[i]->s.k = 1;
2612 i++;
2613 /* A *= 8 */
2614 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
2615 s[i]->s.k = 8;
2616 i++;
2617 /* X = A; */
2618 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2619 i++;
2620 /* A = MEM[reg2] */
2621 s[i] = new_stmt(BPF_LD|BPF_MEM);
2622 s[i]->s.k = reg2;
2623 i++;
2624
2625 /* goto again; (must use BPF_JA for backward jump) */
2626 s[i] = new_stmt(BPF_JMP|BPF_JA);
2627 s[i]->s.k = again - i - 1;
2628 s[i - 1]->s.jf = s[i];
2629 i++;
2630
2631 /* fixup */
2632 for (j = v6start; j <= v6end; j++)
2633 s[j]->s.jt = s[v6advance];
2634 } else
2635 #endif
2636 {
2637 /* nop */
2638 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2639 s[i]->s.k = 0;
2640 s[fix2]->s.jf = s[i];
2641 i++;
2642 }
2643
2644 /* ahcheck: */
2645 ahcheck = i;
2646 /* if (A == IPPROTO_AH) then fall through; else goto end; */
2647 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2648 s[i]->s.jt = NULL; /*later*/
2649 s[i]->s.jf = NULL; /*later*/
2650 s[i]->s.k = IPPROTO_AH;
2651 if (fix3)
2652 s[fix3]->s.jf = s[ahcheck];
2653 fix4 = i;
2654 i++;
2655
2656 /*
2657 * in short,
2658 * A = P[X];
2659 * X = X + (P[X + 1] + 2) * 4;
2660 */
2661 /* A = X */
2662 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
2663 i++;
2664 /* A = P[X + packet head]; */
2665 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2666 s[i]->s.k = off_nl;
2667 i++;
2668 /* MEM[reg2] = A */
2669 s[i] = new_stmt(BPF_ST);
2670 s[i]->s.k = reg2;
2671 i++;
2672 /* A = X */
2673 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
2674 i++;
2675 /* A += 1 */
2676 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2677 s[i]->s.k = 1;
2678 i++;
2679 /* X = A */
2680 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2681 i++;
2682 /* A = P[X + packet head] */
2683 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2684 s[i]->s.k = off_nl;
2685 i++;
2686 /* A += 2 */
2687 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2688 s[i]->s.k = 2;
2689 i++;
2690 /* A *= 4 */
2691 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
2692 s[i]->s.k = 4;
2693 i++;
2694 /* X = A; */
2695 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2696 i++;
2697 /* A = MEM[reg2] */
2698 s[i] = new_stmt(BPF_LD|BPF_MEM);
2699 s[i]->s.k = reg2;
2700 i++;
2701
2702 /* goto again; (must use BPF_JA for backward jump) */
2703 s[i] = new_stmt(BPF_JMP|BPF_JA);
2704 s[i]->s.k = again - i - 1;
2705 i++;
2706
2707 /* end: nop */
2708 end = i;
2709 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2710 s[i]->s.k = 0;
2711 s[fix2]->s.jt = s[end];
2712 s[fix4]->s.jf = s[end];
2713 s[fix5]->s.jt = s[end];
2714 i++;
2715
2716 /*
2717 * make slist chain
2718 */
2719 max = i;
2720 for (i = 0; i < max - 1; i++)
2721 s[i]->next = s[i + 1];
2722 s[max - 1]->next = NULL;
2723
2724 /*
2725 * emit final check
2726 */
2727 b = new_block(JMP(BPF_JEQ));
2728 b->stmts = s[1]; /*remember, s[0] is dummy*/
2729 b->s.k = v;
2730
2731 free_reg(reg2);
2732
2733 gen_and(b0, b);
2734 return b;
2735 #endif
2736 }
2737
2738 static struct block *
2739 gen_proto(v, proto, dir)
2740 int v;
2741 int proto;
2742 int dir;
2743 {
2744 struct block *b0, *b1;
2745
2746 if (dir != Q_DEFAULT)
2747 bpf_error("direction applied to 'proto'");
2748
2749 switch (proto) {
2750 case Q_DEFAULT:
2751 #ifdef INET6
2752 b0 = gen_proto(v, Q_IP, dir);
2753 b1 = gen_proto(v, Q_IPV6, dir);
2754 gen_or(b0, b1);
2755 return b1;
2756 #else
2757 /*FALLTHROUGH*/
2758 #endif
2759 case Q_IP:
2760 b0 = gen_linktype(ETHERTYPE_IP);
2761 #ifndef CHASE_CHAIN
2762 b1 = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)v);
2763 #else
2764 b1 = gen_protochain(v, Q_IP);
2765 #endif
2766 gen_and(b0, b1);
2767 return b1;
2768
2769 case Q_ISO:
2770 b0 = gen_linktype(LLCSAP_ISONS);
2771 b1 = gen_cmp(off_nl + 3, BPF_B, (long)v);
2772 gen_and(b0, b1);
2773 return b1;
2774
2775 case Q_ARP:
2776 bpf_error("arp does not encapsulate another protocol");
2777 /* NOTREACHED */
2778
2779 case Q_RARP:
2780 bpf_error("rarp does not encapsulate another protocol");
2781 /* NOTREACHED */
2782
2783 case Q_ATALK:
2784 bpf_error("atalk encapsulation is not specifiable");
2785 /* NOTREACHED */
2786
2787 case Q_DECNET:
2788 bpf_error("decnet encapsulation is not specifiable");
2789 /* NOTREACHED */
2790
2791 case Q_SCA:
2792 bpf_error("sca does not encapsulate another protocol");
2793 /* NOTREACHED */
2794
2795 case Q_LAT:
2796 bpf_error("lat does not encapsulate another protocol");
2797 /* NOTREACHED */
2798
2799 case Q_MOPRC:
2800 bpf_error("moprc does not encapsulate another protocol");
2801 /* NOTREACHED */
2802
2803 case Q_MOPDL:
2804 bpf_error("mopdl does not encapsulate another protocol");
2805 /* NOTREACHED */
2806
2807 case Q_LINK:
2808 return gen_linktype(v);
2809
2810 case Q_UDP:
2811 bpf_error("'udp proto' is bogus");
2812 /* NOTREACHED */
2813
2814 case Q_TCP:
2815 bpf_error("'tcp proto' is bogus");
2816 /* NOTREACHED */
2817
2818 case Q_SCTP:
2819 bpf_error("'sctp proto' is bogus");
2820 /* NOTREACHED */
2821
2822 case Q_ICMP:
2823 bpf_error("'icmp proto' is bogus");
2824 /* NOTREACHED */
2825
2826 case Q_IGMP:
2827 bpf_error("'igmp proto' is bogus");
2828 /* NOTREACHED */
2829
2830 case Q_IGRP:
2831 bpf_error("'igrp proto' is bogus");
2832 /* NOTREACHED */
2833
2834 case Q_PIM:
2835 bpf_error("'pim proto' is bogus");
2836 /* NOTREACHED */
2837
2838 case Q_VRRP:
2839 bpf_error("'vrrp proto' is bogus");
2840 /* NOTREACHED */
2841
2842 #ifdef INET6
2843 case Q_IPV6:
2844 b0 = gen_linktype(ETHERTYPE_IPV6);
2845 #ifndef CHASE_CHAIN
2846 b1 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)v);
2847 #else
2848 b1 = gen_protochain(v, Q_IPV6);
2849 #endif
2850 gen_and(b0, b1);
2851 return b1;
2852
2853 case Q_ICMPV6:
2854 bpf_error("'icmp6 proto' is bogus");
2855 #endif /* INET6 */
2856
2857 case Q_AH:
2858 bpf_error("'ah proto' is bogus");
2859
2860 case Q_ESP:
2861 bpf_error("'ah proto' is bogus");
2862
2863 case Q_STP:
2864 bpf_error("'stp proto' is bogus");
2865
2866 case Q_IPX:
2867 bpf_error("'ipx proto' is bogus");
2868
2869 case Q_NETBEUI:
2870 bpf_error("'netbeui proto' is bogus");
2871
2872 default:
2873 abort();
2874 /* NOTREACHED */
2875 }
2876 /* NOTREACHED */
2877 }
2878
2879 struct block *
2880 gen_scode(name, q)
2881 register const char *name;
2882 struct qual q;
2883 {
2884 int proto = q.proto;
2885 int dir = q.dir;
2886 int tproto;
2887 u_char *eaddr;
2888 bpf_u_int32 mask, addr;
2889 #ifndef INET6
2890 bpf_u_int32 **alist;
2891 #else
2892 int tproto6;
2893 struct sockaddr_in *sin;
2894 struct sockaddr_in6 *sin6;
2895 struct addrinfo *res, *res0;
2896 struct in6_addr mask128;
2897 #endif /*INET6*/
2898 struct block *b, *tmp;
2899 int port, real_proto;
2900
2901 switch (q.addr) {
2902
2903 case Q_NET:
2904 addr = pcap_nametonetaddr(name);
2905 if (addr == 0)
2906 bpf_error("unknown network '%s'", name);
2907 /* Left justify network addr and calculate its network mask */
2908 mask = 0xffffffff;
2909 while (addr && (addr & 0xff000000) == 0) {
2910 addr <<= 8;
2911 mask <<= 8;
2912 }
2913 return gen_host(addr, mask, proto, dir);
2914
2915 case Q_DEFAULT:
2916 case Q_HOST:
2917 if (proto == Q_LINK) {
2918 switch (linktype) {
2919
2920 case DLT_EN10MB:
2921 eaddr = pcap_ether_hostton(name);
2922 if (eaddr == NULL)
2923 bpf_error(
2924 "unknown ether host '%s'", name);
2925 return gen_ehostop(eaddr, dir);
2926
2927 case DLT_FDDI:
2928 eaddr = pcap_ether_hostton(name);
2929 if (eaddr == NULL)
2930 bpf_error(
2931 "unknown FDDI host '%s'", name);
2932 return gen_fhostop(eaddr, dir);
2933
2934 case DLT_IEEE802:
2935 eaddr = pcap_ether_hostton(name);
2936 if (eaddr == NULL)
2937 bpf_error(
2938 "unknown token ring host '%s'", name);
2939 return gen_thostop(eaddr, dir);
2940
2941 default:
2942 bpf_error(
2943 "only ethernet/FDDI/token ring supports link-level host name");
2944 break;
2945 }
2946 } else if (proto == Q_DECNET) {
2947 unsigned short dn_addr = __pcap_nametodnaddr(name);
2948 /*
2949 * I don't think DECNET hosts can be multihomed, so
2950 * there is no need to build up a list of addresses
2951 */
2952 return (gen_host(dn_addr, 0, proto, dir));
2953 } else {
2954 #ifndef INET6
2955 alist = pcap_nametoaddr(name);
2956 if (alist == NULL || *alist == NULL)
2957 bpf_error("unknown host '%s'", name);
2958 tproto = proto;
2959 if (off_linktype == -1 && tproto == Q_DEFAULT)
2960 tproto = Q_IP;
2961 b = gen_host(**alist++, 0xffffffff, tproto, dir);
2962 while (*alist) {
2963 tmp = gen_host(**alist++, 0xffffffff,
2964 tproto, dir);
2965 gen_or(b, tmp);
2966 b = tmp;
2967 }
2968 return b;
2969 #else
2970 memset(&mask128, 0xff, sizeof(mask128));
2971 res0 = res = pcap_nametoaddrinfo(name);
2972 if (res == NULL)
2973 bpf_error("unknown host '%s'", name);
2974 b = tmp = NULL;
2975 tproto = tproto6 = proto;
2976 if (off_linktype == -1 && tproto == Q_DEFAULT) {
2977 tproto = Q_IP;
2978 tproto6 = Q_IPV6;
2979 }
2980 for (res = res0; res; res = res->ai_next) {
2981 switch (res->ai_family) {
2982 case AF_INET:
2983 if (tproto == Q_IPV6)
2984 continue;
2985
2986 sin = (struct sockaddr_in *)
2987 res->ai_addr;
2988 tmp = gen_host(ntohl(sin->sin_addr.s_addr),
2989 0xffffffff, tproto, dir);
2990 break;
2991 case AF_INET6:
2992 if (tproto6 == Q_IP)
2993 continue;
2994
2995 sin6 = (struct sockaddr_in6 *)
2996 res->ai_addr;
2997 tmp = gen_host6(&sin6->sin6_addr,
2998 &mask128, tproto6, dir);
2999 break;
3000 default:
3001 continue;
3002 }
3003 if (b)
3004 gen_or(b, tmp);
3005 b = tmp;
3006 }
3007 freeaddrinfo(res0);
3008 if (b == NULL) {
3009 bpf_error("unknown host '%s'%s", name,
3010 (proto == Q_DEFAULT)
3011 ? ""
3012 : " for specified address family");
3013 }
3014 return b;
3015 #endif /*INET6*/
3016 }
3017
3018 case Q_PORT:
3019 if (proto != Q_DEFAULT &&
3020 proto != Q_UDP && proto != Q_TCP && proto != Q_SCTP)
3021 bpf_error("illegal qualifier of 'port'");
3022 if (pcap_nametoport(name, &port, &real_proto) == 0)
3023 bpf_error("unknown port '%s'", name);
3024 if (proto == Q_UDP) {
3025 if (real_proto == IPPROTO_TCP)
3026 bpf_error("port '%s' is tcp", name);
3027 else if (real_proto == IPPROTO_SCTP)
3028 bpf_error("port '%s' is sctp", name);
3029 else
3030 /* override PROTO_UNDEF */
3031 real_proto = IPPROTO_UDP;
3032 }
3033 if (proto == Q_TCP) {
3034 if (real_proto == IPPROTO_UDP)
3035 bpf_error("port '%s' is udp", name);
3036
3037 else if (real_proto == IPPROTO_SCTP)
3038 bpf_error("port '%s' is sctp", name);
3039 else
3040 /* override PROTO_UNDEF */
3041 real_proto = IPPROTO_TCP;
3042 }
3043 if (proto == Q_SCTP) {
3044 if (real_proto == IPPROTO_UDP)
3045 bpf_error("port '%s' is udp", name);
3046
3047 else if (real_proto == IPPROTO_TCP)
3048 bpf_error("port '%s' is tcp", name);
3049 else
3050 /* override PROTO_UNDEF */
3051 real_proto = IPPROTO_SCTP;
3052 }
3053 #ifndef INET6
3054 return gen_port(port, real_proto, dir);
3055 #else
3056 {
3057 struct block *b;
3058 b = gen_port(port, real_proto, dir);
3059 gen_or(gen_port6(port, real_proto, dir), b);
3060 return b;
3061 }
3062 #endif /* INET6 */
3063
3064 case Q_GATEWAY:
3065 #ifndef INET6
3066 eaddr = pcap_ether_hostton(name);
3067 if (eaddr == NULL)
3068 bpf_error("unknown ether host: %s", name);
3069
3070 alist = pcap_nametoaddr(name);
3071 if (alist == NULL || *alist == NULL)
3072 bpf_error("unknown host '%s'", name);
3073 return gen_gateway(eaddr, alist, proto, dir);
3074 #else
3075 bpf_error("'gateway' not supported in this configuration");
3076 #endif /*INET6*/
3077
3078 case Q_PROTO:
3079 real_proto = lookup_proto(name, proto);
3080 if (real_proto >= 0)
3081 return gen_proto(real_proto, proto, dir);
3082 else
3083 bpf_error("unknown protocol: %s", name);
3084
3085 case Q_PROTOCHAIN:
3086 real_proto = lookup_proto(name, proto);
3087 if (real_proto >= 0)
3088 return gen_protochain(real_proto, proto, dir);
3089 else
3090 bpf_error("unknown protocol: %s", name);
3091
3092
3093 case Q_UNDEF:
3094 syntax();
3095 /* NOTREACHED */
3096 }
3097 abort();
3098 /* NOTREACHED */
3099 }
3100
3101 struct block *
3102 gen_mcode(s1, s2, masklen, q)
3103 register const char *s1, *s2;
3104 register int masklen;
3105 struct qual q;
3106 {
3107 register int nlen, mlen;
3108 bpf_u_int32 n, m;
3109
3110 nlen = __pcap_atoin(s1, &n);
3111 /* Promote short ipaddr */
3112 n <<= 32 - nlen;
3113
3114 if (s2 != NULL) {
3115 mlen = __pcap_atoin(s2, &m);
3116 /* Promote short ipaddr */
3117 m <<= 32 - mlen;
3118 if ((n & ~m) != 0)
3119 bpf_error("non-network bits set in \"%s mask %s\"",
3120 s1, s2);
3121 } else {
3122 /* Convert mask len to mask */
3123 if (masklen > 32)
3124 bpf_error("mask length must be <= 32");
3125 m = 0xffffffff << (32 - masklen);
3126 if ((n & ~m) != 0)
3127 bpf_error("non-network bits set in \"%s/%d\"",
3128 s1, masklen);
3129 }
3130
3131 switch (q.addr) {
3132
3133 case Q_NET:
3134 return gen_host(n, m, q.proto, q.dir);
3135
3136 default:
3137 bpf_error("Mask syntax for networks only");
3138 /* NOTREACHED */
3139 }
3140 }
3141
3142 struct block *
3143 gen_ncode(s, v, q)
3144 register const char *s;
3145 bpf_u_int32 v;
3146 struct qual q;
3147 {
3148 bpf_u_int32 mask;
3149 int proto = q.proto;
3150 int dir = q.dir;
3151 register int vlen;
3152
3153 if (s == NULL)
3154 vlen = 32;
3155 else if (q.proto == Q_DECNET)
3156 vlen = __pcap_atodn(s, &v);
3157 else
3158 vlen = __pcap_atoin(s, &v);
3159
3160 switch (q.addr) {
3161
3162 case Q_DEFAULT:
3163 case Q_HOST:
3164 case Q_NET:
3165 if (proto == Q_DECNET)
3166 return gen_host(v, 0, proto, dir);
3167 else if (proto == Q_LINK) {
3168 bpf_error("illegal link layer address");
3169 } else {
3170 mask = 0xffffffff;
3171 if (s == NULL && q.addr == Q_NET) {
3172 /* Promote short net number */
3173 while (v && (v & 0xff000000) == 0) {
3174 v <<= 8;
3175 mask <<= 8;
3176 }
3177 } else {
3178 /* Promote short ipaddr */
3179 v <<= 32 - vlen;
3180 mask <<= 32 - vlen;
3181 }
3182 return gen_host(v, mask, proto, dir);
3183 }
3184
3185 case Q_PORT:
3186 if (proto == Q_UDP)
3187 proto = IPPROTO_UDP;
3188 else if (proto == Q_TCP)
3189 proto = IPPROTO_TCP;
3190 else if (proto == Q_SCTP)
3191 proto = IPPROTO_SCTP;
3192 else if (proto == Q_DEFAULT)
3193 proto = PROTO_UNDEF;
3194 else
3195 bpf_error("illegal qualifier of 'port'");
3196
3197 #ifndef INET6
3198 return gen_port((int)v, proto, dir);
3199 #else
3200 {
3201 struct block *b;
3202 b = gen_port((int)v, proto, dir);
3203 gen_or(gen_port6((int)v, proto, dir), b);
3204 return b;
3205 }
3206 #endif /* INET6 */
3207
3208 case Q_GATEWAY:
3209 bpf_error("'gateway' requires a name");
3210 /* NOTREACHED */
3211
3212 case Q_PROTO:
3213 return gen_proto((int)v, proto, dir);
3214
3215 case Q_PROTOCHAIN:
3216 return gen_protochain((int)v, proto, dir);
3217
3218 case Q_UNDEF:
3219 syntax();
3220 /* NOTREACHED */
3221
3222 default:
3223 abort();
3224 /* NOTREACHED */
3225 }
3226 /* NOTREACHED */
3227 }
3228
3229 #ifdef INET6
3230 struct block *
3231 gen_mcode6(s1, s2, masklen, q)
3232 register const char *s1, *s2;
3233 register int masklen;
3234 struct qual q;
3235 {
3236 struct addrinfo *res;
3237 struct in6_addr *addr;
3238 struct in6_addr mask;
3239 struct block *b;
3240 u_int32_t *a, *m;
3241
3242 if (s2)
3243 bpf_error("no mask %s supported", s2);
3244
3245 res = pcap_nametoaddrinfo(s1);
3246 if (!res)
3247 bpf_error("invalid ip6 address %s", s1);
3248 if (res->ai_next)
3249 bpf_error("%s resolved to multiple address", s1);
3250 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr;
3251
3252 if (sizeof(mask) * 8 < masklen)
3253 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8));
3254 memset(&mask, 0xff, masklen / 8);
3255 if (masklen % 8) {
3256 mask.s6_addr[masklen / 8] =
3257 (0xff << (8 - masklen % 8)) & 0xff;
3258 }
3259
3260 a = (u_int32_t *)addr;
3261 m = (u_int32_t *)&mask;
3262 if ((a[0] & ~m[0]) || (a[1] & ~m[1])
3263 || (a[2] & ~m[2]) || (a[3] & ~m[3])) {
3264 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen);
3265 }
3266
3267 switch (q.addr) {
3268
3269 case Q_DEFAULT:
3270 case Q_HOST:
3271 if (masklen != 128)
3272 bpf_error("Mask syntax for networks only");
3273 /* FALLTHROUGH */
3274
3275 case Q_NET:
3276 b = gen_host6(addr, &mask, q.proto, q.dir);
3277 freeaddrinfo(res);
3278 return b;
3279
3280 default:
3281 bpf_error("invalid qualifier against IPv6 address");
3282 /* NOTREACHED */
3283 }
3284 }
3285 #endif /*INET6*/
3286
3287 struct block *
3288 gen_ecode(eaddr, q)
3289 register const u_char *eaddr;
3290 struct qual q;
3291 {
3292 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
3293 if (linktype == DLT_EN10MB)
3294 return gen_ehostop(eaddr, (int)q.dir);
3295 if (linktype == DLT_FDDI)
3296 return gen_fhostop(eaddr, (int)q.dir);
3297 if (linktype == DLT_IEEE802)
3298 return gen_thostop(eaddr, (int)q.dir);
3299 bpf_error("ethernet addresses supported only on ethernet, FDDI or token ring");
3300 }
3301 bpf_error("ethernet address used in non-ether expression");
3302 /* NOTREACHED */
3303 }
3304
3305 void
3306 sappend(s0, s1)
3307 struct slist *s0, *s1;
3308 {
3309 /*
3310 * This is definitely not the best way to do this, but the
3311 * lists will rarely get long.
3312 */
3313 while (s0->next)
3314 s0 = s0->next;
3315 s0->next = s1;
3316 }
3317
3318 static struct slist *
3319 xfer_to_x(a)
3320 struct arth *a;
3321 {
3322 struct slist *s;
3323
3324 s = new_stmt(BPF_LDX|BPF_MEM);
3325 s->s.k = a->regno;
3326 return s;
3327 }
3328
3329 static struct slist *
3330 xfer_to_a(a)
3331 struct arth *a;
3332 {
3333 struct slist *s;
3334
3335 s = new_stmt(BPF_LD|BPF_MEM);
3336 s->s.k = a->regno;
3337 return s;
3338 }
3339
3340 struct arth *
3341 gen_load(proto, index, size)
3342 int proto;
3343 struct arth *index;
3344 int size;
3345 {
3346 struct slist *s, *tmp;
3347 struct block *b;
3348 int regno = alloc_reg();
3349
3350 free_reg(index->regno);
3351 switch (size) {
3352
3353 default:
3354 bpf_error("data size must be 1, 2, or 4");
3355
3356 case 1:
3357 size = BPF_B;
3358 break;
3359
3360 case 2:
3361 size = BPF_H;
3362 break;
3363
3364 case 4:
3365 size = BPF_W;
3366 break;
3367 }
3368 switch (proto) {
3369 default:
3370 bpf_error("unsupported index operation");
3371
3372 case Q_LINK:
3373 s = xfer_to_x(index);
3374 tmp = new_stmt(BPF_LD|BPF_IND|size);
3375 sappend(s, tmp);
3376 sappend(index->s, s);
3377 break;
3378
3379 case Q_IP:
3380 case Q_ARP:
3381 case Q_RARP:
3382 case Q_ATALK:
3383 case Q_DECNET:
3384 case Q_SCA:
3385 case Q_LAT:
3386 case Q_MOPRC:
3387 case Q_MOPDL:
3388 #ifdef INET6
3389 case Q_IPV6:
3390 #endif
3391 /* XXX Note that we assume a fixed link header here. */
3392 s = xfer_to_x(index);
3393 tmp = new_stmt(BPF_LD|BPF_IND|size);
3394 tmp->s.k = off_nl;
3395 sappend(s, tmp);
3396 sappend(index->s, s);
3397
3398 b = gen_proto_abbrev(proto);
3399 if (index->b)
3400 gen_and(index->b, b);
3401 index->b = b;
3402 break;
3403
3404 case Q_SCTP:
3405 case Q_TCP:
3406 case Q_UDP:
3407 case Q_ICMP:
3408 case Q_IGMP:
3409 case Q_IGRP:
3410 case Q_PIM:
3411 case Q_VRRP:
3412 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
3413 s->s.k = off_nl;
3414 sappend(s, xfer_to_a(index));
3415 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X));
3416 sappend(s, new_stmt(BPF_MISC|BPF_TAX));
3417 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size));
3418 tmp->s.k = off_nl;
3419 sappend(index->s, s);
3420
3421 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag());
3422 if (index->b)
3423 gen_and(index->b, b);
3424 #ifdef INET6
3425 gen_and(gen_proto_abbrev(Q_IP), b);
3426 #endif
3427 index->b = b;
3428 break;
3429 #ifdef INET6
3430 case Q_ICMPV6:
3431 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]");
3432 /*NOTREACHED*/
3433 #endif
3434 }
3435 index->regno = regno;
3436 s = new_stmt(BPF_ST);
3437 s->s.k = regno;
3438 sappend(index->s, s);
3439
3440 return index;
3441 }
3442
3443 struct block *
3444 gen_relation(code, a0, a1, reversed)
3445 int code;
3446 struct arth *a0, *a1;
3447 int reversed;
3448 {
3449 struct slist *s0, *s1, *s2;
3450 struct block *b, *tmp;
3451
3452 s0 = xfer_to_x(a1);
3453 s1 = xfer_to_a(a0);
3454 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X);
3455 b = new_block(JMP(code));
3456 if (code == BPF_JGT || code == BPF_JGE) {
3457 reversed = !reversed;
3458 b->s.k = 0x80000000;
3459 }
3460 if (reversed)
3461 gen_not(b);
3462
3463 sappend(s1, s2);
3464 sappend(s0, s1);
3465 sappend(a1->s, s0);
3466 sappend(a0->s, a1->s);
3467
3468 b->stmts = a0->s;
3469
3470 free_reg(a0->regno);
3471 free_reg(a1->regno);
3472
3473 /* 'and' together protocol checks */
3474 if (a0->b) {
3475 if (a1->b) {
3476 gen_and(a0->b, tmp = a1->b);
3477 }
3478 else
3479 tmp = a0->b;
3480 } else
3481 tmp = a1->b;
3482
3483 if (tmp)
3484 gen_and(tmp, b);
3485
3486 return b;
3487 }
3488
3489 struct arth *
3490 gen_loadlen()
3491 {
3492 int regno = alloc_reg();
3493 struct arth *a = (struct arth *)newchunk(sizeof(*a));
3494 struct slist *s;
3495
3496 s = new_stmt(BPF_LD|BPF_LEN);
3497 s->next = new_stmt(BPF_ST);
3498 s->next->s.k = regno;
3499 a->s = s;
3500 a->regno = regno;
3501
3502 return a;
3503 }
3504
3505 struct arth *
3506 gen_loadi(val)
3507 int val;
3508 {
3509 struct arth *a;
3510 struct slist *s;
3511 int reg;
3512
3513 a = (struct arth *)newchunk(sizeof(*a));
3514
3515 reg = alloc_reg();
3516
3517 s = new_stmt(BPF_LD|BPF_IMM);
3518 s->s.k = val;
3519 s->next = new_stmt(BPF_ST);
3520 s->next->s.k = reg;
3521 a->s = s;
3522 a->regno = reg;
3523
3524 return a;
3525 }
3526
3527 struct arth *
3528 gen_neg(a)
3529 struct arth *a;
3530 {
3531 struct slist *s;
3532
3533 s = xfer_to_a(a);
3534 sappend(a->s, s);
3535 s = new_stmt(BPF_ALU|BPF_NEG);
3536 s->s.k = 0;
3537 sappend(a->s, s);
3538 s = new_stmt(BPF_ST);
3539 s->s.k = a->regno;
3540 sappend(a->s, s);
3541
3542 return a;
3543 }
3544
3545 struct arth *
3546 gen_arth(code, a0, a1)
3547 int code;
3548 struct arth *a0, *a1;
3549 {
3550 struct slist *s0, *s1, *s2;
3551
3552 s0 = xfer_to_x(a1);
3553 s1 = xfer_to_a(a0);
3554 s2 = new_stmt(BPF_ALU|BPF_X|code);
3555
3556 sappend(s1, s2);
3557 sappend(s0, s1);
3558 sappend(a1->s, s0);
3559 sappend(a0->s, a1->s);
3560
3561 free_reg(a1->regno);
3562
3563 s0 = new_stmt(BPF_ST);
3564 a0->regno = s0->s.k = alloc_reg();
3565 sappend(a0->s, s0);
3566
3567 return a0;
3568 }
3569
3570 /*
3571 * Here we handle simple allocation of the scratch registers.
3572 * If too many registers are alloc'd, the allocator punts.
3573 */
3574 static int regused[BPF_MEMWORDS];
3575 static int curreg;
3576
3577 /*
3578 * Return the next free register.
3579 */
3580 static int
3581 alloc_reg()
3582 {
3583 int n = BPF_MEMWORDS;
3584
3585 while (--n >= 0) {
3586 if (regused[curreg])
3587 curreg = (curreg + 1) % BPF_MEMWORDS;
3588 else {
3589 regused[curreg] = 1;
3590 return curreg;
3591 }
3592 }
3593 bpf_error("too many registers needed to evaluate expression");
3594 /* NOTREACHED */
3595 }
3596
3597 /*
3598 * Return a register to the table so it can
3599 * be used later.
3600 */
3601 static void
3602 free_reg(n)
3603 int n;
3604 {
3605 regused[n] = 0;
3606 }
3607
3608 static struct block *
3609 gen_len(jmp, n)
3610 int jmp, n;
3611 {
3612 struct slist *s;
3613 struct block *b;
3614
3615 s = new_stmt(BPF_LD|BPF_LEN);
3616 b = new_block(JMP(jmp));
3617 b->stmts = s;
3618 b->s.k = n;
3619
3620 return b;
3621 }
3622
3623 struct block *
3624 gen_greater(n)
3625 int n;
3626 {
3627 return gen_len(BPF_JGE, n);
3628 }
3629
3630 /*
3631 * Actually, this is less than or equal.
3632 */
3633 struct block *
3634 gen_less(n)
3635 int n;
3636 {
3637 struct block *b;
3638
3639 b = gen_len(BPF_JGT, n);
3640 gen_not(b);
3641
3642 return b;
3643 }
3644
3645 struct block *
3646 gen_byteop(op, idx, val)
3647 int op, idx, val;
3648 {
3649 struct block *b;
3650 struct slist *s;
3651
3652 switch (op) {
3653 default:
3654 abort();
3655
3656 case '=':
3657 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
3658
3659 case '<':
3660 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
3661 b->s.code = JMP(BPF_JGE);
3662 gen_not(b);
3663 return b;
3664
3665 case '>':
3666 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
3667 b->s.code = JMP(BPF_JGT);
3668 return b;
3669
3670 case '|':
3671 s = new_stmt(BPF_ALU|BPF_OR|BPF_K);
3672 break;
3673
3674 case '&':
3675 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
3676 break;
3677 }
3678 s->s.k = val;
3679 b = new_block(JMP(BPF_JEQ));
3680 b->stmts = s;
3681 gen_not(b);
3682
3683 return b;
3684 }
3685
3686 static u_char abroadcast[] = { 0x0 };
3687
3688 struct block *
3689 gen_broadcast(proto)
3690 int proto;
3691 {
3692 bpf_u_int32 hostmask;
3693 struct block *b0, *b1, *b2;
3694 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
3695
3696 switch (proto) {
3697
3698 case Q_DEFAULT:
3699 case Q_LINK:
3700 if (linktype == DLT_ARCNET)
3701 return gen_ahostop(abroadcast, Q_DST);
3702 if (linktype == DLT_EN10MB)
3703 return gen_ehostop(ebroadcast, Q_DST);
3704 if (linktype == DLT_FDDI)
3705 return gen_fhostop(ebroadcast, Q_DST);
3706 if (linktype == DLT_IEEE802)
3707 return gen_thostop(ebroadcast, Q_DST);
3708 bpf_error("not a broadcast link");
3709 break;
3710
3711 case Q_IP:
3712 b0 = gen_linktype(ETHERTYPE_IP);
3713 hostmask = ~netmask;
3714 b1 = gen_mcmp(off_nl + 16, BPF_W, (bpf_int32)0, hostmask);
3715 b2 = gen_mcmp(off_nl + 16, BPF_W,
3716 (bpf_int32)(~0 & hostmask), hostmask);
3717 gen_or(b1, b2);
3718 gen_and(b0, b2);
3719 return b2;
3720 }
3721 bpf_error("only ether/ip broadcast filters supported");
3722 }
3723
3724 struct block *
3725 gen_multicast(proto)
3726 int proto;
3727 {
3728 register struct block *b0, *b1;
3729 register struct slist *s;
3730
3731 switch (proto) {
3732
3733 case Q_DEFAULT:
3734 case Q_LINK:
3735 if (linktype == DLT_ARCNET)
3736 /* all ARCnet multicasts use the same address */
3737 return gen_ahostop(abroadcast, Q_DST);
3738
3739 if (linktype == DLT_EN10MB) {
3740 /* ether[0] & 1 != 0 */
3741 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
3742 s->s.k = 0;
3743 b0 = new_block(JMP(BPF_JSET));
3744 b0->s.k = 1;
3745 b0->stmts = s;
3746 return b0;
3747 }
3748
3749 if (linktype == DLT_FDDI) {
3750 /* XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX */
3751 /* fddi[1] & 1 != 0 */
3752 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
3753 s->s.k = 1;
3754 b0 = new_block(JMP(BPF_JSET));
3755 b0->s.k = 1;
3756 b0->stmts = s;
3757 return b0;
3758 }
3759
3760 /* TODO - check how token ring handles multicast */
3761 /* if (linktype == DLT_IEEE802) ... */
3762
3763 /* Link not known to support multicasts */
3764 break;
3765
3766 case Q_IP:
3767 b0 = gen_linktype(ETHERTYPE_IP);
3768 b1 = gen_cmp(off_nl + 16, BPF_B, (bpf_int32)224);
3769 b1->s.code = JMP(BPF_JGE);
3770 gen_and(b0, b1);
3771 return b1;
3772
3773 #ifdef INET6
3774 case Q_IPV6:
3775 b0 = gen_linktype(ETHERTYPE_IPV6);
3776 b1 = gen_cmp(off_nl + 24, BPF_B, (bpf_int32)255);
3777 gen_and(b0, b1);
3778 return b1;
3779 #endif /* INET6 */
3780 }
3781 bpf_error("only IP multicast filters supported on ethernet/FDDI");
3782 }
3783
3784 /*
3785 * generate command for inbound/outbound. It's here so we can
3786 * make it link-type specific. 'dir' = 0 implies "inbound",
3787 * = 1 implies "outbound".
3788 */
3789 struct block *
3790 gen_inbound(dir)
3791 int dir;
3792 {
3793 register struct block *b0;
3794
3795 /*
3796 * Only some data link types support inbound/outbound qualifiers.
3797 */
3798 switch (linktype) {
3799 case DLT_SLIP:
3800 case DLT_PPP:
3801 b0 = gen_relation(BPF_JEQ,
3802 gen_load(Q_LINK, gen_loadi(0), 1),
3803 gen_loadi(0),
3804 dir);
3805 break;
3806
3807 default:
3808 bpf_error("inbound/outbound not supported on linktype %d\n",
3809 linktype);
3810 b0 = NULL;
3811 /* NOTREACHED */
3812 }
3813 return (b0);
3814 }
3815
3816 struct block *
3817 gen_acode(eaddr, q)
3818 register const u_char *eaddr;
3819 struct qual q;
3820 {
3821 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
3822 if (linktype == DLT_ARCNET)
3823 return gen_ahostop(eaddr, (int)q.dir);
3824 }
3825 bpf_error("ARCnet address used in non-arc expression");
3826 /* NOTREACHED */
3827 }
3828
3829 static struct block *
3830 gen_ahostop(eaddr, dir)
3831 register const u_char *eaddr;
3832 register int dir;
3833 {
3834 register struct block *b0, *b1;
3835
3836 switch (dir) {
3837 /* src comes first, different from Ethernet */
3838 case Q_SRC:
3839 return gen_bcmp(0, 1, eaddr);
3840
3841 case Q_DST:
3842 return gen_bcmp(1, 1, eaddr);
3843
3844 case Q_AND:
3845 b0 = gen_ahostop(eaddr, Q_SRC);
3846 b1 = gen_ahostop(eaddr, Q_DST);
3847 gen_and(b0, b1);
3848 return b1;
3849
3850 case Q_DEFAULT:
3851 case Q_OR:
3852 b0 = gen_ahostop(eaddr, Q_SRC);
3853 b1 = gen_ahostop(eaddr, Q_DST);
3854 gen_or(b0, b1);
3855 return b1;
3856 }
3857 abort();
3858 /* NOTREACHED */
3859 }
3860
3861 /*
3862 * support IEEE 802.1Q VLAN trunk over ethernet
3863 */
3864 struct block *
3865 gen_vlan(vlan_num)
3866 int vlan_num;
3867 {
3868 static u_int orig_linktype = -1, orig_nl = -1;
3869 struct block *b0;
3870
3871 /*
3872 * Change the offsets to point to the type and data fields within
3873 * the VLAN packet. This is somewhat of a kludge.
3874 */
3875 if (orig_nl == (u_int)-1) {
3876 orig_linktype = off_linktype; /* save original values */
3877 orig_nl = off_nl;
3878
3879 switch (linktype) {
3880
3881 case DLT_EN10MB:
3882 off_linktype = 16;
3883 off_nl = 18;
3884 break;
3885
3886 default:
3887 bpf_error("no VLAN support for data link type %d",
3888 linktype);
3889 /*NOTREACHED*/
3890 }
3891 }
3892
3893 /* check for VLAN */
3894 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q);
3895
3896 /* If a specific VLAN is requested, check VLAN id */
3897 if (vlan_num >= 0) {
3898 struct block *b1;
3899
3900 b1 = gen_cmp(orig_nl, BPF_H, (bpf_int32)vlan_num);
3901 gen_and(b0, b1);
3902 b0 = b1;
3903 }
3904
3905 return (b0);
3906 }
[mirror] the LIBpcap interface to various kernel packet capture mechanism