]> The Tcpdump Group git mirrors - libpcap/blob - gencode.c
projects / libpcap / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Replace all the "gen_load_*rel()" routines with "gen_load_a()", which
[libpcap] / gencode.c
1 /*#define CHASE_CHAIN*/
2 /*
3 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998
4 * The Regents of the University of California. All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that: (1) source code distributions
8 * retain the above copyright notice and this paragraph in its entirety, (2)
9 * distributions including binary code include the above copyright notice and
10 * this paragraph in its entirety in the documentation or other materials
11 * provided with the distribution, and (3) all advertising materials mentioning
12 * features or use of this software display the following acknowledgement:
13 * ``This product includes software developed by the University of California,
14 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
15 * the University nor the names of its contributors may be used to endorse
16 * or promote products derived from this software without specific prior
17 * written permission.
18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
19 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
20 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
21 */
22 #ifndef lint
23 static const char rcsid[] _U_ =
24 "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.221.2.11 2005-05-01 04:14:15 guy Exp $ (LBL)";
25 #endif
26
27 #ifdef HAVE_CONFIG_H
28 #include "config.h"
29 #endif
30
31 #ifdef WIN32
32 #include <pcap-stdinc.h>
33 #else /* WIN32 */
34 #include <sys/types.h>
35 #include <sys/socket.h>
36 #endif /* WIN32 */
37
38 /*
39 * XXX - why was this included even on UNIX?
40 */
41 #ifdef __MINGW32__
42 #include "IP6_misc.h"
43 #endif
44
45 #ifndef WIN32
46
47 #ifdef __NetBSD__
48 #include <sys/param.h>
49 #endif
50
51 #include <netinet/in.h>
52
53 #endif /* WIN32 */
54
55 #include <stdlib.h>
56 #include <string.h>
57 #include <memory.h>
58 #include <setjmp.h>
59 #include <stdarg.h>
60
61 #ifdef MSDOS
62 #include "pcap-dos.h"
63 #endif
64
65 #include "pcap-int.h"
66
67 #include "ethertype.h"
68 #include "nlpid.h"
69 #include "llc.h"
70 #include "gencode.h"
71 #include "atmuni31.h"
72 #include "sunatmpos.h"
73 #include "ppp.h"
74 #include "sll.h"
75 #include "arcnet.h"
76 #include "pf.h"
77 #ifndef offsetof
78 #define offsetof(s, e) ((size_t)&((s *)0)->e)
79 #endif
80 #ifdef INET6
81 #ifndef WIN32
82 #include <netdb.h> /* for "struct addrinfo" */
83 #endif /* WIN32 */
84 #endif /*INET6*/
85 #include <pcap-namedb.h>
86
87 #define ETHERMTU 1500
88
89 #ifndef IPPROTO_SCTP
90 #define IPPROTO_SCTP 132
91 #endif
92
93 #ifdef HAVE_OS_PROTO_H
94 #include "os-proto.h"
95 #endif
96
97 #define JMP(c) ((c)|BPF_JMP|BPF_K)
98
99 /* Locals */
100 static jmp_buf top_ctx;
101 static pcap_t *bpf_pcap;
102
103 /* Hack for updating VLAN, MPLS offsets. */
104 static u_int orig_linktype = -1U, orig_nl = -1U;
105
106 /* XXX */
107 #ifdef PCAP_FDDIPAD
108 static int pcap_fddipad;
109 #endif
110
111 /* VARARGS */
112 void
113 bpf_error(const char *fmt, ...)
114 {
115 va_list ap;
116
117 va_start(ap, fmt);
118 if (bpf_pcap != NULL)
119 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE,
120 fmt, ap);
121 va_end(ap);
122 longjmp(top_ctx, 1);
123 /* NOTREACHED */
124 }
125
126 static void init_linktype(pcap_t *);
127
128 static int alloc_reg(void);
129 static void free_reg(int);
130
131 static struct block *root;
132
133 /*
134 * Value passed to gen_load_a() to indicate what the offset argument
135 * is relative to.
136 */
137 enum e_offrel {
138 OR_LINK, /* relative to the link-layer header */
139 OR_NET, /* relative to the network-layer header */
140 OR_NET_NOSNAP, /* relative to the network-layer header, with no SNAP header at the link layer */
141 OR_TRAN_IPV4, /* relative to the transport-layer header, with IPv4 network layer */
142 OR_TRAN_IPV6 /* relative to the transport-layer header, with IPv6 network layer */
143 };
144
145 /*
146 * We divy out chunks of memory rather than call malloc each time so
147 * we don't have to worry about leaking memory. It's probably
148 * not a big deal if all this memory was wasted but if this ever
149 * goes into a library that would probably not be a good idea.
150 *
151 * XXX - this *is* in a library....
152 */
153 #define NCHUNKS 16
154 #define CHUNK0SIZE 1024
155 struct chunk {
156 u_int n_left;
157 void *m;
158 };
159
160 static struct chunk chunks[NCHUNKS];
161 static int cur_chunk;
162
163 static void *newchunk(u_int);
164 static void freechunks(void);
165 static inline struct block *new_block(int);
166 static inline struct slist *new_stmt(int);
167 static struct block *gen_retblk(int);
168 static inline void syntax(void);
169
170 static void backpatch(struct block *, struct block *);
171 static void merge(struct block *, struct block *);
172 static struct block *gen_cmp(enum e_offrel, u_int, u_int, bpf_int32);
173 static struct block *gen_cmp_gt(enum e_offrel, u_int, u_int, bpf_int32);
174 static struct block *gen_cmp_ge(enum e_offrel, u_int, u_int, bpf_int32);
175 static struct block *gen_cmp_lt(enum e_offrel, u_int, u_int, bpf_int32);
176 static struct block *gen_cmp_le(enum e_offrel, u_int, u_int, bpf_int32);
177 static struct block *gen_mcmp(enum e_offrel, u_int, u_int, bpf_int32,
178 bpf_u_int32);
179 static struct block *gen_bcmp(enum e_offrel, u_int, u_int, const u_char *);
180 static struct block *gen_ncmp(enum e_offrel, bpf_u_int32, bpf_u_int32,
181 bpf_u_int32, bpf_u_int32, int, bpf_u_int32);
182 static struct slist *gen_load_a(enum e_offrel, u_int, u_int);
183 static struct block *gen_uncond(int);
184 static inline struct block *gen_true(void);
185 static inline struct block *gen_false(void);
186 static struct block *gen_ether_linktype(int);
187 static struct block *gen_linux_sll_linktype(int);
188 static struct block *gen_linktype(int);
189 static struct block *gen_snap(bpf_u_int32, bpf_u_int32, u_int);
190 static struct block *gen_llc_linktype(int);
191 static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int);
192 #ifdef INET6
193 static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int);
194 #endif
195 static struct block *gen_ahostop(const u_char *, int);
196 static struct block *gen_ehostop(const u_char *, int);
197 static struct block *gen_fhostop(const u_char *, int);
198 static struct block *gen_thostop(const u_char *, int);
199 static struct block *gen_wlanhostop(const u_char *, int);
200 static struct block *gen_ipfchostop(const u_char *, int);
201 static struct block *gen_dnhostop(bpf_u_int32, int);
202 static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int);
203 #ifdef INET6
204 static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int);
205 #endif
206 #ifndef INET6
207 static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int);
208 #endif
209 static struct block *gen_ipfrag(void);
210 static struct block *gen_portatom(int, bpf_int32);
211 static struct block *gen_portrangeatom(int, bpf_int32, bpf_int32);
212 #ifdef INET6
213 static struct block *gen_portatom6(int, bpf_int32);
214 static struct block *gen_portrangeatom6(int, bpf_int32, bpf_int32);
215 #endif
216 struct block *gen_portop(int, int, int);
217 static struct block *gen_port(int, int, int);
218 struct block *gen_portrangeop(int, int, int, int);
219 static struct block *gen_portrange(int, int, int, int);
220 #ifdef INET6
221 struct block *gen_portop6(int, int, int);
222 static struct block *gen_port6(int, int, int);
223 struct block *gen_portrangeop6(int, int, int, int);
224 static struct block *gen_portrange6(int, int, int, int);
225 #endif
226 static int lookup_proto(const char *, int);
227 static struct block *gen_protochain(int, int, int);
228 static struct block *gen_proto(int, int, int);
229 static struct slist *xfer_to_x(struct arth *);
230 static struct slist *xfer_to_a(struct arth *);
231 static struct block *gen_mac_multicast(int);
232 static struct block *gen_len(int, int);
233
234 static struct block *gen_msg_abbrev(int type);
235
236 static void *
237 newchunk(n)
238 u_int n;
239 {
240 struct chunk *cp;
241 int k;
242 size_t size;
243
244 #ifndef __NetBSD__
245 /* XXX Round up to nearest long. */
246 n = (n + sizeof(long) - 1) & ~(sizeof(long) - 1);
247 #else
248 /* XXX Round up to structure boundary. */
249 n = ALIGN(n);
250 #endif
251
252 cp = &chunks[cur_chunk];
253 if (n > cp->n_left) {
254 ++cp, k = ++cur_chunk;
255 if (k >= NCHUNKS)
256 bpf_error("out of memory");
257 size = CHUNK0SIZE << k;
258 cp->m = (void *)malloc(size);
259 if (cp->m == NULL)
260 bpf_error("out of memory");
261 memset((char *)cp->m, 0, size);
262 cp->n_left = size;
263 if (n > size)
264 bpf_error("out of memory");
265 }
266 cp->n_left -= n;
267 return (void *)((char *)cp->m + cp->n_left);
268 }
269
270 static void
271 freechunks()
272 {
273 int i;
274
275 cur_chunk = 0;
276 for (i = 0; i < NCHUNKS; ++i)
277 if (chunks[i].m != NULL) {
278 free(chunks[i].m);
279 chunks[i].m = NULL;
280 }
281 }
282
283 /*
284 * A strdup whose allocations are freed after code generation is over.
285 */
286 char *
287 sdup(s)
288 register const char *s;
289 {
290 int n = strlen(s) + 1;
291 char *cp = newchunk(n);
292
293 strlcpy(cp, s, n);
294 return (cp);
295 }
296
297 static inline struct block *
298 new_block(code)
299 int code;
300 {
301 struct block *p;
302
303 p = (struct block *)newchunk(sizeof(*p));
304 p->s.code = code;
305 p->head = p;
306
307 return p;
308 }
309
310 static inline struct slist *
311 new_stmt(code)
312 int code;
313 {
314 struct slist *p;
315
316 p = (struct slist *)newchunk(sizeof(*p));
317 p->s.code = code;
318
319 return p;
320 }
321
322 static struct block *
323 gen_retblk(v)
324 int v;
325 {
326 struct block *b = new_block(BPF_RET|BPF_K);
327
328 b->s.k = v;
329 return b;
330 }
331
332 static inline void
333 syntax()
334 {
335 bpf_error("syntax error in filter expression");
336 }
337
338 static bpf_u_int32 netmask;
339 static int snaplen;
340 int no_optimize;
341
342 int
343 pcap_compile(pcap_t *p, struct bpf_program *program,
344 char *buf, int optimize, bpf_u_int32 mask)
345 {
346 extern int n_errors;
347 int len;
348
349 no_optimize = 0;
350 n_errors = 0;
351 root = NULL;
352 bpf_pcap = p;
353 if (setjmp(top_ctx)) {
354 lex_cleanup();
355 freechunks();
356 return (-1);
357 }
358
359 netmask = mask;
360
361 snaplen = pcap_snapshot(p);
362 if (snaplen == 0) {
363 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
364 "snaplen of 0 rejects all packets");
365 return -1;
366 }
367
368 lex_init(buf ? buf : "");
369 init_linktype(p);
370 (void)pcap_parse();
371
372 if (n_errors)
373 syntax();
374
375 if (root == NULL)
376 root = gen_retblk(snaplen);
377
378 if (optimize && !no_optimize) {
379 bpf_optimize(&root);
380 if (root == NULL ||
381 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0))
382 bpf_error("expression rejects all packets");
383 }
384 program->bf_insns = icode_to_fcode(root, &len);
385 program->bf_len = len;
386
387 lex_cleanup();
388 freechunks();
389 return (0);
390 }
391
392 /*
393 * entry point for using the compiler with no pcap open
394 * pass in all the stuff that is needed explicitly instead.
395 */
396 int
397 pcap_compile_nopcap(int snaplen_arg, int linktype_arg,
398 struct bpf_program *program,
399 char *buf, int optimize, bpf_u_int32 mask)
400 {
401 pcap_t *p;
402 int ret;
403
404 p = pcap_open_dead(linktype_arg, snaplen_arg);
405 if (p == NULL)
406 return (-1);
407 ret = pcap_compile(p, program, buf, optimize, mask);
408 pcap_close(p);
409 return (ret);
410 }
411
412 /*
413 * Clean up a "struct bpf_program" by freeing all the memory allocated
414 * in it.
415 */
416 void
417 pcap_freecode(struct bpf_program *program)
418 {
419 program->bf_len = 0;
420 if (program->bf_insns != NULL) {
421 free((char *)program->bf_insns);
422 program->bf_insns = NULL;
423 }
424 }
425
426 /*
427 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates
428 * which of the jt and jf fields has been resolved and which is a pointer
429 * back to another unresolved block (or nil). At least one of the fields
430 * in each block is already resolved.
431 */
432 static void
433 backpatch(list, target)
434 struct block *list, *target;
435 {
436 struct block *next;
437
438 while (list) {
439 if (!list->sense) {
440 next = JT(list);
441 JT(list) = target;
442 } else {
443 next = JF(list);
444 JF(list) = target;
445 }
446 list = next;
447 }
448 }
449
450 /*
451 * Merge the lists in b0 and b1, using the 'sense' field to indicate
452 * which of jt and jf is the link.
453 */
454 static void
455 merge(b0, b1)
456 struct block *b0, *b1;
457 {
458 register struct block **p = &b0;
459
460 /* Find end of list. */
461 while (*p)
462 p = !((*p)->sense) ? &JT(*p) : &JF(*p);
463
464 /* Concatenate the lists. */
465 *p = b1;
466 }
467
468 void
469 finish_parse(p)
470 struct block *p;
471 {
472 backpatch(p, gen_retblk(snaplen));
473 p->sense = !p->sense;
474 backpatch(p, gen_retblk(0));
475 root = p->head;
476 }
477
478 void
479 gen_and(b0, b1)
480 struct block *b0, *b1;
481 {
482 backpatch(b0, b1->head);
483 b0->sense = !b0->sense;
484 b1->sense = !b1->sense;
485 merge(b1, b0);
486 b1->sense = !b1->sense;
487 b1->head = b0->head;
488 }
489
490 void
491 gen_or(b0, b1)
492 struct block *b0, *b1;
493 {
494 b0->sense = !b0->sense;
495 backpatch(b0, b1->head);
496 b0->sense = !b0->sense;
497 merge(b1, b0);
498 b1->head = b0->head;
499 }
500
501 void
502 gen_not(b)
503 struct block *b;
504 {
505 b->sense = !b->sense;
506 }
507
508 static struct block *
509 gen_cmp(offrel, offset, size, v)
510 enum e_offrel offrel;
511 u_int offset, size;
512 bpf_int32 v;
513 {
514 return gen_ncmp(offrel, offset, size, 0xffffffff, BPF_JEQ, 0, v);
515 }
516
517 static struct block *
518 gen_cmp_gt(offrel, offset, size, v)
519 enum e_offrel offrel;
520 u_int offset, size;
521 bpf_int32 v;
522 {
523 return gen_ncmp(offrel, offset, size, 0xffffffff, BPF_JGT, 0, v);
524 }
525
526 static struct block *
527 gen_cmp_ge(offrel, offset, size, v)
528 enum e_offrel offrel;
529 u_int offset, size;
530 bpf_int32 v;
531 {
532 return gen_ncmp(offrel, offset, size, 0xffffffff, BPF_JGE, 0, v);
533 }
534
535 static struct block *
536 gen_cmp_lt(offrel, offset, size, v)
537 enum e_offrel offrel;
538 u_int offset, size;
539 bpf_int32 v;
540 {
541 return gen_ncmp(offrel, offset, size, 0xffffffff, BPF_JGE, 1, v);
542 }
543
544 static struct block *
545 gen_cmp_le(offrel, offset, size, v)
546 enum e_offrel offrel;
547 u_int offset, size;
548 bpf_int32 v;
549 {
550 return gen_ncmp(offrel, offset, size, 0xffffffff, BPF_JGT, 1, v);
551 }
552
553 static struct block *
554 gen_mcmp(offrel, offset, size, v, mask)
555 enum e_offrel offrel;
556 u_int offset, size;
557 bpf_int32 v;
558 bpf_u_int32 mask;
559 {
560 return gen_ncmp(offrel, offset, size, mask, BPF_JEQ, 0, v);
561 }
562
563 static struct block *
564 gen_bcmp(offrel, offset, size, v)
565 enum e_offrel offrel;
566 register u_int offset, size;
567 register const u_char *v;
568 {
569 register struct block *b, *tmp;
570
571 b = NULL;
572 while (size >= 4) {
573 register const u_char *p = &v[size - 4];
574 bpf_int32 w = ((bpf_int32)p[0] << 24) |
575 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3];
576
577 tmp = gen_cmp(offrel, offset + size - 4, BPF_W, w);
578 if (b != NULL)
579 gen_and(b, tmp);
580 b = tmp;
581 size -= 4;
582 }
583 while (size >= 2) {
584 register const u_char *p = &v[size - 2];
585 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1];
586
587 tmp = gen_cmp(offrel, offset + size - 2, BPF_H, w);
588 if (b != NULL)
589 gen_and(b, tmp);
590 b = tmp;
591 size -= 2;
592 }
593 if (size > 0) {
594 tmp = gen_cmp(offrel, offset, BPF_B, (bpf_int32)v[0]);
595 if (b != NULL)
596 gen_and(b, tmp);
597 b = tmp;
598 }
599 return b;
600 }
601
602 /*
603 * AND the field of size "size" at offset "offset" relative to the header
604 * specified by "offrel" with "mask", and compare it with the value "v"
605 * with the test specified by "jtype"; if "reverse" is true, the test
606 * should test the opposite of "jtype".
607 */
608 static struct block *
609 gen_ncmp(offrel, offset, size, mask, jtype, reverse, v)
610 enum e_offrel offrel;
611 bpf_u_int32 offset, size, mask, jtype, v;
612 int reverse;
613 {
614 struct slist *s;
615 struct block *b;
616
617 s = gen_load_a(offrel, offset, size);
618
619 if (mask != 0xffffffff) {
620 s->next = new_stmt(BPF_ALU|BPF_AND|BPF_K);
621 s->next->s.k = mask;
622 }
623
624 b = new_block(JMP(jtype));
625 b->stmts = s;
626 b->s.k = v;
627 if (reverse && (jtype == BPF_JGT || jtype == BPF_JGE))
628 gen_not(b);
629 return b;
630 }
631
632 /*
633 * Various code constructs need to know the layout of the data link
634 * layer. These variables give the necessary offsets.
635 */
636
637 /*
638 * This is the offset of the beginning of the MAC-layer header.
639 * It's usually 0, except for ATM LANE.
640 */
641 static u_int off_mac;
642
643 /*
644 * "off_linktype" is the offset to information in the link-layer header
645 * giving the packet type.
646 *
647 * For Ethernet, it's the offset of the Ethernet type field.
648 *
649 * For link-layer types that always use 802.2 headers, it's the
650 * offset of the LLC header.
651 *
652 * For PPP, it's the offset of the PPP type field.
653 *
654 * For Cisco HDLC, it's the offset of the CHDLC type field.
655 *
656 * For BSD loopback, it's the offset of the AF_ value.
657 *
658 * For Linux cooked sockets, it's the offset of the type field.
659 *
660 * It's set to -1 for no encapsulation, in which case, IP is assumed.
661 */
662 static u_int off_linktype;
663
664 /*
665 * TRUE if the link layer includes an ATM pseudo-header.
666 */
667 static int is_atm = 0;
668
669 /*
670 * TRUE if "lane" appeared in the filter; it causes us to generate
671 * code that assumes LANE rather than LLC-encapsulated traffic in SunATM.
672 */
673 static int is_lane = 0;
674
675 /*
676 * These are offsets for the ATM pseudo-header.
677 */
678 static u_int off_vpi;
679 static u_int off_vci;
680 static u_int off_proto;
681
682 /*
683 * This is the offset of the first byte after the ATM pseudo_header,
684 * or -1 if there is no ATM pseudo-header.
685 */
686 static u_int off_payload;
687
688 /*
689 * These are offsets to the beginning of the network-layer header.
690 *
691 * If the link layer never uses 802.2 LLC:
692 *
693 * "off_nl" and "off_nl_nosnap" are the same.
694 *
695 * If the link layer always uses 802.2 LLC:
696 *
697 * "off_nl" is the offset if there's a SNAP header following
698 * the 802.2 header;
699 *
700 * "off_nl_nosnap" is the offset if there's no SNAP header.
701 *
702 * If the link layer is Ethernet:
703 *
704 * "off_nl" is the offset if the packet is an Ethernet II packet
705 * (we assume no 802.3+802.2+SNAP);
706 *
707 * "off_nl_nosnap" is the offset if the packet is an 802.3 packet
708 * with an 802.2 header following it.
709 */
710 static u_int off_nl;
711 static u_int off_nl_nosnap;
712
713 static int linktype;
714
715 static void
716 init_linktype(p)
717 pcap_t *p;
718 {
719 linktype = pcap_datalink(p);
720 #ifdef PCAP_FDDIPAD
721 pcap_fddipad = p->fddipad;
722 #endif
723
724 /*
725 * Assume it's not raw ATM with a pseudo-header, for now.
726 */
727 off_mac = 0;
728 is_atm = 0;
729 is_lane = 0;
730 off_vpi = -1;
731 off_vci = -1;
732 off_proto = -1;
733 off_payload = -1;
734
735 orig_linktype = -1;
736 orig_nl = -1;
737
738 switch (linktype) {
739
740 case DLT_ARCNET:
741 off_linktype = 2;
742 off_nl = 6; /* XXX in reality, variable! */
743 off_nl_nosnap = 6; /* no 802.2 LLC */
744 return;
745
746 case DLT_ARCNET_LINUX:
747 off_linktype = 4;
748 off_nl = 8; /* XXX in reality, variable! */
749 off_nl_nosnap = 8; /* no 802.2 LLC */
750 return;
751
752 case DLT_EN10MB:
753 off_linktype = 12;
754 off_nl = 14; /* Ethernet II */
755 off_nl_nosnap = 17; /* 802.3+802.2 */
756 return;
757
758 case DLT_SLIP:
759 /*
760 * SLIP doesn't have a link level type. The 16 byte
761 * header is hacked into our SLIP driver.
762 */
763 off_linktype = -1;
764 off_nl = 16;
765 off_nl_nosnap = 16; /* no 802.2 LLC */
766 return;
767
768 case DLT_SLIP_BSDOS:
769 /* XXX this may be the same as the DLT_PPP_BSDOS case */
770 off_linktype = -1;
771 /* XXX end */
772 off_nl = 24;
773 off_nl_nosnap = 24; /* no 802.2 LLC */
774 return;
775
776 case DLT_NULL:
777 case DLT_LOOP:
778 off_linktype = 0;
779 off_nl = 4;
780 off_nl_nosnap = 4; /* no 802.2 LLC */
781 return;
782
783 case DLT_ENC:
784 off_linktype = 0;
785 off_nl = 12;
786 off_nl_nosnap = 12; /* no 802.2 LLC */
787 return;
788
789 case DLT_PPP:
790 case DLT_PPP_PPPD:
791 case DLT_C_HDLC: /* BSD/OS Cisco HDLC */
792 case DLT_PPP_SERIAL: /* NetBSD sync/async serial PPP */
793 off_linktype = 2;
794 off_nl = 4;
795 off_nl_nosnap = 4; /* no 802.2 LLC */
796 return;
797
798 case DLT_PPP_ETHER:
799 /*
800 * This does no include the Ethernet header, and
801 * only covers session state.
802 */
803 off_linktype = 6;
804 off_nl = 8;
805 off_nl_nosnap = 8; /* no 802.2 LLC */
806 return;
807
808 case DLT_PPP_BSDOS:
809 off_linktype = 5;
810 off_nl = 24;
811 off_nl_nosnap = 24; /* no 802.2 LLC */
812 return;
813
814 case DLT_FDDI:
815 /*
816 * FDDI doesn't really have a link-level type field.
817 * We set "off_linktype" to the offset of the LLC header.
818 *
819 * To check for Ethernet types, we assume that SSAP = SNAP
820 * is being used and pick out the encapsulated Ethernet type.
821 * XXX - should we generate code to check for SNAP?
822 */
823 off_linktype = 13;
824 #ifdef PCAP_FDDIPAD
825 off_linktype += pcap_fddipad;
826 #endif
827 off_nl = 21; /* FDDI+802.2+SNAP */
828 off_nl_nosnap = 16; /* FDDI+802.2 */
829 #ifdef PCAP_FDDIPAD
830 off_nl += pcap_fddipad;
831 off_nl_nosnap += pcap_fddipad;
832 #endif
833 return;
834
835 case DLT_IEEE802:
836 /*
837 * Token Ring doesn't really have a link-level type field.
838 * We set "off_linktype" to the offset of the LLC header.
839 *
840 * To check for Ethernet types, we assume that SSAP = SNAP
841 * is being used and pick out the encapsulated Ethernet type.
842 * XXX - should we generate code to check for SNAP?
843 *
844 * XXX - the header is actually variable-length.
845 * Some various Linux patched versions gave 38
846 * as "off_linktype" and 40 as "off_nl"; however,
847 * if a token ring packet has *no* routing
848 * information, i.e. is not source-routed, the correct
849 * values are 20 and 22, as they are in the vanilla code.
850 *
851 * A packet is source-routed iff the uppermost bit
852 * of the first byte of the source address, at an
853 * offset of 8, has the uppermost bit set. If the
854 * packet is source-routed, the total number of bytes
855 * of routing information is 2 plus bits 0x1F00 of
856 * the 16-bit value at an offset of 14 (shifted right
857 * 8 - figure out which byte that is).
858 */
859 off_linktype = 14;
860 off_nl = 22; /* Token Ring+802.2+SNAP */
861 off_nl_nosnap = 17; /* Token Ring+802.2 */
862 return;
863
864 case DLT_IEEE802_11:
865 /*
866 * 802.11 doesn't really have a link-level type field.
867 * We set "off_linktype" to the offset of the LLC header.
868 *
869 * To check for Ethernet types, we assume that SSAP = SNAP
870 * is being used and pick out the encapsulated Ethernet type.
871 * XXX - should we generate code to check for SNAP?
872 *
873 * XXX - the header is actually variable-length. We
874 * assume a 24-byte link-layer header, as appears in
875 * data frames in networks with no bridges. If the
876 * fromds and tods 802.11 header bits are both set,
877 * it's actually supposed to be 30 bytes.
878 */
879 off_linktype = 24;
880 off_nl = 32; /* 802.11+802.2+SNAP */
881 off_nl_nosnap = 27; /* 802.11+802.2 */
882 return;
883
884 case DLT_PRISM_HEADER:
885 /*
886 * Same as 802.11, but with an additional header before
887 * the 802.11 header, containing a bunch of additional
888 * information including radio-level information.
889 *
890 * The header is 144 bytes long.
891 *
892 * XXX - same variable-length header problem; at least
893 * the Prism header is fixed-length.
894 */
895 off_linktype = 144+24;
896 off_nl = 144+32; /* Prism+802.11+802.2+SNAP */
897 off_nl_nosnap = 144+27; /* Prism+802.11+802.2 */
898 return;
899
900 case DLT_IEEE802_11_RADIO_AVS:
901 /*
902 * Same as 802.11, but with an additional header before
903 * the 802.11 header, containing a bunch of additional
904 * information including radio-level information.
905 *
906 * The header is 64 bytes long, at least in its
907 * current incarnation.
908 *
909 * XXX - same variable-length header problem, only
910 * more so; this header is also variable-length,
911 * with the length being the 32-bit big-endian
912 * number at an offset of 4 from the beginning
913 * of the radio header.
914 */
915 off_linktype = 64+24;
916 off_nl = 64+32; /* Radio+802.11+802.2+SNAP */
917 off_nl_nosnap = 64+27; /* Radio+802.11+802.2 */
918 return;
919
920 case DLT_IEEE802_11_RADIO:
921 /*
922 * Same as 802.11, but with an additional header before
923 * the 802.11 header, containing a bunch of additional
924 * information including radio-level information.
925 *
926 * XXX - same variable-length header problem, only
927 * even *more* so; this header is also variable-length,
928 * with the length being the 16-bit number at an offset
929 * of 2 from the beginning of the radio header, and it's
930 * device-dependent (different devices might supply
931 * different amounts of information), so we can't even
932 * assume a fixed length for the current version of the
933 * header.
934 *
935 * Therefore, currently, only raw "link[N:M]" filtering is
936 * supported.
937 */
938 off_linktype = -1;
939 off_nl = -1;
940 off_nl_nosnap = -1;
941 return;
942
943 case DLT_ATM_RFC1483:
944 case DLT_ATM_CLIP: /* Linux ATM defines this */
945 /*
946 * assume routed, non-ISO PDUs
947 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00)
948 */
949 off_linktype = 0;
950 off_nl = 8; /* 802.2+SNAP */
951 off_nl_nosnap = 3; /* 802.2 */
952 return;
953
954 case DLT_SUNATM:
955 /*
956 * Full Frontal ATM; you get AALn PDUs with an ATM
957 * pseudo-header.
958 */
959 is_atm = 1;
960 off_vpi = SUNATM_VPI_POS;
961 off_vci = SUNATM_VCI_POS;
962 off_proto = PROTO_POS;
963 off_mac = -1; /* LLC-encapsulated, so no MAC-layer header */
964 off_payload = SUNATM_PKT_BEGIN_POS;
965 off_linktype = off_payload;
966 off_nl = off_payload+8; /* 802.2+SNAP */
967 off_nl_nosnap = off_payload+3; /* 802.2 */
968 return;
969
970 case DLT_RAW:
971 off_linktype = -1;
972 off_nl = 0;
973 off_nl_nosnap = 0; /* no 802.2 LLC */
974 return;
975
976 case DLT_LINUX_SLL: /* fake header for Linux cooked socket */
977 off_linktype = 14;
978 off_nl = 16;
979 off_nl_nosnap = 16; /* no 802.2 LLC */
980 return;
981
982 case DLT_LTALK:
983 /*
984 * LocalTalk does have a 1-byte type field in the LLAP header,
985 * but really it just indicates whether there is a "short" or
986 * "long" DDP packet following.
987 */
988 off_linktype = -1;
989 off_nl = 0;
990 off_nl_nosnap = 0; /* no 802.2 LLC */
991 return;
992
993 case DLT_IP_OVER_FC:
994 /*
995 * RFC 2625 IP-over-Fibre-Channel doesn't really have a
996 * link-level type field. We set "off_linktype" to the
997 * offset of the LLC header.
998 *
999 * To check for Ethernet types, we assume that SSAP = SNAP
1000 * is being used and pick out the encapsulated Ethernet type.
1001 * XXX - should we generate code to check for SNAP? RFC
1002 * 2625 says SNAP should be used.
1003 */
1004 off_linktype = 16;
1005 off_nl = 24; /* IPFC+802.2+SNAP */
1006 off_nl_nosnap = 19; /* IPFC+802.2 */
1007 return;
1008
1009 case DLT_FRELAY:
1010 /*
1011 * XXX - we should set this to handle SNAP-encapsulated
1012 * frames (NLPID of 0x80).
1013 */
1014 off_linktype = -1;
1015 off_nl = 0;
1016 off_nl_nosnap = 0; /* no 802.2 LLC */
1017 return;
1018
1019 case DLT_APPLE_IP_OVER_IEEE1394:
1020 off_linktype = 16;
1021 off_nl = 18;
1022 off_nl_nosnap = 18; /* no 802.2 LLC */
1023 return;
1024
1025 case DLT_LINUX_IRDA:
1026 /*
1027 * Currently, only raw "link[N:M]" filtering is supported.
1028 */
1029 off_linktype = -1;
1030 off_nl = -1;
1031 off_nl_nosnap = -1;
1032 return;
1033
1034 case DLT_DOCSIS:
1035 /*
1036 * Currently, only raw "link[N:M]" filtering is supported.
1037 */
1038 off_linktype = -1;
1039 off_nl = -1;
1040 off_nl_nosnap = -1;
1041 return;
1042
1043 case DLT_SYMANTEC_FIREWALL:
1044 off_linktype = 6;
1045 off_nl = 44; /* Ethernet II */
1046 off_nl_nosnap = 44; /* XXX - what does it do with 802.3 packets? */
1047 return;
1048
1049 case DLT_PFLOG:
1050 off_linktype = 0;
1051 /* XXX read this from pf.h? */
1052 off_nl = PFLOG_HDRLEN;
1053 off_nl_nosnap = PFLOG_HDRLEN; /* no 802.2 LLC */
1054 return;
1055
1056 case DLT_JUNIPER_MLFR:
1057 case DLT_JUNIPER_MLPPP:
1058 off_linktype = 4;
1059 off_nl = 4;
1060 off_nl_nosnap = -1; /* no 802.2 LLC */
1061 return;
1062
1063 case DLT_JUNIPER_ATM1:
1064 off_linktype = 4; /* in reality variable between 4-8 */
1065 off_nl = 4;
1066 off_nl_nosnap = 14;
1067 return;
1068
1069 case DLT_JUNIPER_ATM2:
1070 off_linktype = 8; /* in reality variable between 8-12 */
1071 off_nl = 8;
1072 off_nl_nosnap = 18;
1073 return;
1074
1075 #ifdef DLT_PFSYNC
1076 case DLT_PFSYNC:
1077 off_linktype = -1;
1078 off_nl = 4;
1079 off_nl_nosnap = 4;
1080 return;
1081 #endif
1082
1083 case DLT_LINUX_LAPD:
1084 /*
1085 * Currently, only raw "link[N:M]" filtering is supported.
1086 */
1087 off_linktype = -1;
1088 off_nl = -1;
1089 off_nl_nosnap = -1;
1090 return;
1091 }
1092 bpf_error("unknown data link type %d", linktype);
1093 /* NOTREACHED */
1094 }
1095
1096 /*
1097 * Load a value relative to the beginning of the specified header.
1098 */
1099 static struct slist *
1100 gen_load_a(offrel, offset, size)
1101 enum e_offrel offrel;
1102 u_int offset, size;
1103 {
1104 struct slist *s;
1105
1106 switch (offrel) {
1107
1108 case OR_LINK:
1109 s = new_stmt(BPF_LD|BPF_ABS|size);
1110 s->s.k = offset;
1111 break;
1112
1113 case OR_NET:
1114 s = new_stmt(BPF_LD|BPF_ABS|size);
1115 s->s.k = off_nl + offset;
1116 break;
1117
1118 case OR_NET_NOSNAP:
1119 s = new_stmt(BPF_LD|BPF_ABS|size);
1120 s->s.k = off_nl_nosnap + offset;
1121 break;
1122
1123 case OR_TRAN_IPV4:
1124 /*
1125 * Load the X register with the length of the IPv4 header,
1126 * in bytes.
1127 */
1128 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
1129 s->s.k = off_nl;
1130
1131 /*
1132 * Load the item at {length of the link-layer header} +
1133 * {length of the IPv4 header} + {specified offset}.
1134 */
1135 s->next = new_stmt(BPF_LD|BPF_IND|size);
1136 s->next->s.k = off_nl + offset;
1137 break;
1138
1139 case OR_TRAN_IPV6:
1140 s = new_stmt(BPF_LD|BPF_ABS|size);
1141 s->s.k = off_nl + 40 + offset;
1142 break;
1143
1144 default:
1145 abort();
1146 return NULL;
1147 }
1148 return s;
1149 }
1150
1151 static struct block *
1152 gen_uncond(rsense)
1153 int rsense;
1154 {
1155 struct block *b;
1156 struct slist *s;
1157
1158 s = new_stmt(BPF_LD|BPF_IMM);
1159 s->s.k = !rsense;
1160 b = new_block(JMP(BPF_JEQ));
1161 b->stmts = s;
1162
1163 return b;
1164 }
1165
1166 static inline struct block *
1167 gen_true()
1168 {
1169 return gen_uncond(1);
1170 }
1171
1172 static inline struct block *
1173 gen_false()
1174 {
1175 return gen_uncond(0);
1176 }
1177
1178 /*
1179 * Byte-swap a 32-bit number.
1180 * ("htonl()" or "ntohl()" won't work - we want to byte-swap even on
1181 * big-endian platforms.)
1182 */
1183 #define SWAPLONG(y) \
1184 ((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff))
1185
1186 /*
1187 * Generate code to match a particular packet type.
1188 *
1189 * "proto" is an Ethernet type value, if > ETHERMTU, or an LLC SAP
1190 * value, if <= ETHERMTU. We use that to determine whether to
1191 * match the type/length field or to check the type/length field for
1192 * a value <= ETHERMTU to see whether it's a type field and then do
1193 * the appropriate test.
1194 */
1195 static struct block *
1196 gen_ether_linktype(proto)
1197 register int proto;
1198 {
1199 struct block *b0, *b1;
1200
1201 switch (proto) {
1202
1203 case LLCSAP_ISONS:
1204 case LLCSAP_IP:
1205 case LLCSAP_NETBEUI:
1206 /*
1207 * OSI protocols and NetBEUI always use 802.2 encapsulation,
1208 * so we check the DSAP and SSAP.
1209 *
1210 * LLCSAP_IP checks for IP-over-802.2, rather
1211 * than IP-over-Ethernet or IP-over-SNAP.
1212 *
1213 * XXX - should we check both the DSAP and the
1214 * SSAP, like this, or should we check just the
1215 * DSAP, as we do for other types <= ETHERMTU
1216 * (i.e., other SAP values)?
1217 */
1218 b0 = gen_cmp_gt(OR_LINK, off_linktype, BPF_H, ETHERMTU);
1219 gen_not(b0);
1220 b1 = gen_cmp(OR_LINK, off_linktype + 2, BPF_H, (bpf_int32)
1221 ((proto << 8) | proto));
1222 gen_and(b0, b1);
1223 return b1;
1224
1225 case LLCSAP_IPX:
1226 /*
1227 * Check for;
1228 *
1229 * Ethernet_II frames, which are Ethernet
1230 * frames with a frame type of ETHERTYPE_IPX;
1231 *
1232 * Ethernet_802.3 frames, which are 802.3
1233 * frames (i.e., the type/length field is
1234 * a length field, <= ETHERMTU, rather than
1235 * a type field) with the first two bytes
1236 * after the Ethernet/802.3 header being
1237 * 0xFFFF;
1238 *
1239 * Ethernet_802.2 frames, which are 802.3
1240 * frames with an 802.2 LLC header and
1241 * with the IPX LSAP as the DSAP in the LLC
1242 * header;
1243 *
1244 * Ethernet_SNAP frames, which are 802.3
1245 * frames with an LLC header and a SNAP
1246 * header and with an OUI of 0x000000
1247 * (encapsulated Ethernet) and a protocol
1248 * ID of ETHERTYPE_IPX in the SNAP header.
1249 *
1250 * XXX - should we generate the same code both
1251 * for tests for LLCSAP_IPX and for ETHERTYPE_IPX?
1252 */
1253
1254 /*
1255 * This generates code to check both for the
1256 * IPX LSAP (Ethernet_802.2) and for Ethernet_802.3.
1257 */
1258 b0 = gen_cmp(OR_LINK, off_linktype + 2, BPF_B,
1259 (bpf_int32)LLCSAP_IPX);
1260 b1 = gen_cmp(OR_LINK, off_linktype + 2, BPF_H,
1261 (bpf_int32)0xFFFF);
1262 gen_or(b0, b1);
1263
1264 /*
1265 * Now we add code to check for SNAP frames with
1266 * ETHERTYPE_IPX, i.e. Ethernet_SNAP.
1267 */
1268 b0 = gen_snap(0x000000, ETHERTYPE_IPX, 14);
1269 gen_or(b0, b1);
1270
1271 /*
1272 * Now we generate code to check for 802.3
1273 * frames in general.
1274 */
1275 b0 = gen_cmp_gt(OR_LINK, off_linktype, BPF_H, ETHERMTU);
1276 gen_not(b0);
1277
1278 /*
1279 * Now add the check for 802.3 frames before the
1280 * check for Ethernet_802.2 and Ethernet_802.3,
1281 * as those checks should only be done on 802.3
1282 * frames, not on Ethernet frames.
1283 */
1284 gen_and(b0, b1);
1285
1286 /*
1287 * Now add the check for Ethernet_II frames, and
1288 * do that before checking for the other frame
1289 * types.
1290 */
1291 b0 = gen_cmp(OR_LINK, off_linktype, BPF_H,
1292 (bpf_int32)ETHERTYPE_IPX);
1293 gen_or(b0, b1);
1294 return b1;
1295
1296 case ETHERTYPE_ATALK:
1297 case ETHERTYPE_AARP:
1298 /*
1299 * EtherTalk (AppleTalk protocols on Ethernet link
1300 * layer) may use 802.2 encapsulation.
1301 */
1302
1303 /*
1304 * Check for 802.2 encapsulation (EtherTalk phase 2?);
1305 * we check for an Ethernet type field less than
1306 * 1500, which means it's an 802.3 length field.
1307 */
1308 b0 = gen_cmp_gt(OR_LINK, off_linktype, BPF_H, ETHERMTU);
1309 gen_not(b0);
1310
1311 /*
1312 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1313 * SNAP packets with an organization code of
1314 * 0x080007 (Apple, for Appletalk) and a protocol
1315 * type of ETHERTYPE_ATALK (Appletalk).
1316 *
1317 * 802.2-encapsulated ETHERTYPE_AARP packets are
1318 * SNAP packets with an organization code of
1319 * 0x000000 (encapsulated Ethernet) and a protocol
1320 * type of ETHERTYPE_AARP (Appletalk ARP).
1321 */
1322 if (proto == ETHERTYPE_ATALK)
1323 b1 = gen_snap(0x080007, ETHERTYPE_ATALK, 14);
1324 else /* proto == ETHERTYPE_AARP */
1325 b1 = gen_snap(0x000000, ETHERTYPE_AARP, 14);
1326 gen_and(b0, b1);
1327
1328 /*
1329 * Check for Ethernet encapsulation (Ethertalk
1330 * phase 1?); we just check for the Ethernet
1331 * protocol type.
1332 */
1333 b0 = gen_cmp(OR_LINK, off_linktype, BPF_H, (bpf_int32)proto);
1334
1335 gen_or(b0, b1);
1336 return b1;
1337
1338 default:
1339 if (proto <= ETHERMTU) {
1340 /*
1341 * This is an LLC SAP value, so the frames
1342 * that match would be 802.2 frames.
1343 * Check that the frame is an 802.2 frame
1344 * (i.e., that the length/type field is
1345 * a length field, <= ETHERMTU) and
1346 * then check the DSAP.
1347 */
1348 b0 = gen_cmp_gt(OR_LINK, off_linktype, BPF_H, ETHERMTU);
1349 gen_not(b0);
1350 b1 = gen_cmp(OR_LINK, off_linktype + 2, BPF_B,
1351 (bpf_int32)proto);
1352 gen_and(b0, b1);
1353 return b1;
1354 } else {
1355 /*
1356 * This is an Ethernet type, so compare
1357 * the length/type field with it (if
1358 * the frame is an 802.2 frame, the length
1359 * field will be <= ETHERMTU, and, as
1360 * "proto" is > ETHERMTU, this test
1361 * will fail and the frame won't match,
1362 * which is what we want).
1363 */
1364 return gen_cmp(OR_LINK, off_linktype, BPF_H,
1365 (bpf_int32)proto);
1366 }
1367 }
1368 }
1369
1370 /*
1371 * Generate code to match a particular packet type.
1372 *
1373 * "proto" is an Ethernet type value, if > ETHERMTU, or an LLC SAP
1374 * value, if <= ETHERMTU. We use that to determine whether to
1375 * match the type field or to check the type field for the special
1376 * LINUX_SLL_P_802_2 value and then do the appropriate test.
1377 */
1378 static struct block *
1379 gen_linux_sll_linktype(proto)
1380 register int proto;
1381 {
1382 struct block *b0, *b1;
1383
1384 switch (proto) {
1385
1386 case LLCSAP_ISONS:
1387 case LLCSAP_IP:
1388 case LLCSAP_NETBEUI:
1389 /*
1390 * OSI protocols and NetBEUI always use 802.2 encapsulation,
1391 * so we check the DSAP and SSAP.
1392 *
1393 * LLCSAP_IP checks for IP-over-802.2, rather
1394 * than IP-over-Ethernet or IP-over-SNAP.
1395 *
1396 * XXX - should we check both the DSAP and the
1397 * SSAP, like this, or should we check just the
1398 * DSAP, as we do for other types <= ETHERMTU
1399 * (i.e., other SAP values)?
1400 */
1401 b0 = gen_cmp(OR_LINK, off_linktype, BPF_H, LINUX_SLL_P_802_2);
1402 b1 = gen_cmp(OR_LINK, off_linktype + 2, BPF_H, (bpf_int32)
1403 ((proto << 8) | proto));
1404 gen_and(b0, b1);
1405 return b1;
1406
1407 case LLCSAP_IPX:
1408 /*
1409 * Ethernet_II frames, which are Ethernet
1410 * frames with a frame type of ETHERTYPE_IPX;
1411 *
1412 * Ethernet_802.3 frames, which have a frame
1413 * type of LINUX_SLL_P_802_3;
1414 *
1415 * Ethernet_802.2 frames, which are 802.3
1416 * frames with an 802.2 LLC header (i.e, have
1417 * a frame type of LINUX_SLL_P_802_2) and
1418 * with the IPX LSAP as the DSAP in the LLC
1419 * header;
1420 *
1421 * Ethernet_SNAP frames, which are 802.3
1422 * frames with an LLC header and a SNAP
1423 * header and with an OUI of 0x000000
1424 * (encapsulated Ethernet) and a protocol
1425 * ID of ETHERTYPE_IPX in the SNAP header.
1426 *
1427 * First, do the checks on LINUX_SLL_P_802_2
1428 * frames; generate the check for either
1429 * Ethernet_802.2 or Ethernet_SNAP frames, and
1430 * then put a check for LINUX_SLL_P_802_2 frames
1431 * before it.
1432 */
1433 b0 = gen_cmp(OR_LINK, off_linktype + 2, BPF_B,
1434 (bpf_int32)LLCSAP_IPX);
1435 b1 = gen_snap(0x000000, ETHERTYPE_IPX,
1436 off_linktype + 2);
1437 gen_or(b0, b1);
1438 b0 = gen_cmp(OR_LINK, off_linktype, BPF_H, LINUX_SLL_P_802_2);
1439 gen_and(b0, b1);
1440
1441 /*
1442 * Now check for 802.3 frames and OR that with
1443 * the previous test.
1444 */
1445 b0 = gen_cmp(OR_LINK, off_linktype, BPF_H, LINUX_SLL_P_802_3);
1446 gen_or(b0, b1);
1447
1448 /*
1449 * Now add the check for Ethernet_II frames, and
1450 * do that before checking for the other frame
1451 * types.
1452 */
1453 b0 = gen_cmp(OR_LINK, off_linktype, BPF_H,
1454 (bpf_int32)ETHERTYPE_IPX);
1455 gen_or(b0, b1);
1456 return b1;
1457
1458 case ETHERTYPE_ATALK:
1459 case ETHERTYPE_AARP:
1460 /*
1461 * EtherTalk (AppleTalk protocols on Ethernet link
1462 * layer) may use 802.2 encapsulation.
1463 */
1464
1465 /*
1466 * Check for 802.2 encapsulation (EtherTalk phase 2?);
1467 * we check for the 802.2 protocol type in the
1468 * "Ethernet type" field.
1469 */
1470 b0 = gen_cmp(OR_LINK, off_linktype, BPF_H, LINUX_SLL_P_802_2);
1471
1472 /*
1473 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1474 * SNAP packets with an organization code of
1475 * 0x080007 (Apple, for Appletalk) and a protocol
1476 * type of ETHERTYPE_ATALK (Appletalk).
1477 *
1478 * 802.2-encapsulated ETHERTYPE_AARP packets are
1479 * SNAP packets with an organization code of
1480 * 0x000000 (encapsulated Ethernet) and a protocol
1481 * type of ETHERTYPE_AARP (Appletalk ARP).
1482 */
1483 if (proto == ETHERTYPE_ATALK)
1484 b1 = gen_snap(0x080007, ETHERTYPE_ATALK,
1485 off_linktype + 2);
1486 else /* proto == ETHERTYPE_AARP */
1487 b1 = gen_snap(0x000000, ETHERTYPE_AARP,
1488 off_linktype + 2);
1489 gen_and(b0, b1);
1490
1491 /*
1492 * Check for Ethernet encapsulation (Ethertalk
1493 * phase 1?); we just check for the Ethernet
1494 * protocol type.
1495 */
1496 b0 = gen_cmp(OR_LINK, off_linktype, BPF_H, (bpf_int32)proto);
1497
1498 gen_or(b0, b1);
1499 return b1;
1500
1501 default:
1502 if (proto <= ETHERMTU) {
1503 /*
1504 * This is an LLC SAP value, so the frames
1505 * that match would be 802.2 frames.
1506 * Check for the 802.2 protocol type
1507 * in the "Ethernet type" field, and
1508 * then check the DSAP.
1509 */
1510 b0 = gen_cmp(OR_LINK, off_linktype, BPF_H,
1511 LINUX_SLL_P_802_2);
1512 b1 = gen_cmp(OR_LINK, off_linktype + 2, BPF_B,
1513 (bpf_int32)proto);
1514 gen_and(b0, b1);
1515 return b1;
1516 } else {
1517 /*
1518 * This is an Ethernet type, so compare
1519 * the length/type field with it (if
1520 * the frame is an 802.2 frame, the length
1521 * field will be <= ETHERMTU, and, as
1522 * "proto" is > ETHERMTU, this test
1523 * will fail and the frame won't match,
1524 * which is what we want).
1525 */
1526 return gen_cmp(OR_LINK, off_linktype, BPF_H,
1527 (bpf_int32)proto);
1528 }
1529 }
1530 }
1531
1532 /*
1533 * Generate code to match a particular packet type by matching the
1534 * link-layer type field or fields in the 802.2 LLC header.
1535 *
1536 * "proto" is an Ethernet type value, if > ETHERMTU, or an LLC SAP
1537 * value, if <= ETHERMTU.
1538 */
1539 static struct block *
1540 gen_linktype(proto)
1541 register int proto;
1542 {
1543 struct block *b0, *b1, *b2;
1544
1545 switch (linktype) {
1546
1547 case DLT_EN10MB:
1548 return gen_ether_linktype(proto);
1549 /*NOTREACHED*/
1550 break;
1551
1552 case DLT_C_HDLC:
1553 switch (proto) {
1554
1555 case LLCSAP_ISONS:
1556 proto = (proto << 8 | LLCSAP_ISONS);
1557 /* fall through */
1558
1559 default:
1560 return gen_cmp(OR_LINK, off_linktype, BPF_H,
1561 (bpf_int32)proto);
1562 /*NOTREACHED*/
1563 break;
1564 }
1565 break;
1566
1567 case DLT_IEEE802_11:
1568 case DLT_PRISM_HEADER:
1569 case DLT_IEEE802_11_RADIO:
1570 case DLT_FDDI:
1571 case DLT_IEEE802:
1572 case DLT_ATM_RFC1483:
1573 case DLT_ATM_CLIP:
1574 case DLT_IP_OVER_FC:
1575 return gen_llc_linktype(proto);
1576 /*NOTREACHED*/
1577 break;
1578
1579 case DLT_SUNATM:
1580 /*
1581 * If "is_lane" is set, check for a LANE-encapsulated
1582 * version of this protocol, otherwise check for an
1583 * LLC-encapsulated version of this protocol.
1584 *
1585 * We assume LANE means Ethernet, not Token Ring.
1586 */
1587 if (is_lane) {
1588 /*
1589 * Check that the packet doesn't begin with an
1590 * LE Control marker. (We've already generated
1591 * a test for LANE.)
1592 */
1593 b0 = gen_cmp(OR_LINK, SUNATM_PKT_BEGIN_POS, BPF_H,
1594 0xFF00);
1595 gen_not(b0);
1596
1597 /*
1598 * Now generate an Ethernet test.
1599 */
1600 b1 = gen_ether_linktype(proto);
1601 gen_and(b0, b1);
1602 return b1;
1603 } else {
1604 /*
1605 * Check for LLC encapsulation and then check the
1606 * protocol.
1607 */
1608 b0 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0);
1609 b1 = gen_llc_linktype(proto);
1610 gen_and(b0, b1);
1611 return b1;
1612 }
1613 /*NOTREACHED*/
1614 break;
1615
1616 case DLT_LINUX_SLL:
1617 return gen_linux_sll_linktype(proto);
1618 /*NOTREACHED*/
1619 break;
1620
1621 case DLT_SLIP:
1622 case DLT_SLIP_BSDOS:
1623 case DLT_RAW:
1624 /*
1625 * These types don't provide any type field; packets
1626 * are always IP.
1627 *
1628 * XXX - for IPv4, check for a version number of 4, and,
1629 * for IPv6, check for a version number of 6?
1630 */
1631 switch (proto) {
1632
1633 case ETHERTYPE_IP:
1634 #ifdef INET6
1635 case ETHERTYPE_IPV6:
1636 #endif
1637 return gen_true(); /* always true */
1638
1639 default:
1640 return gen_false(); /* always false */
1641 }
1642 /*NOTREACHED*/
1643 break;
1644
1645 case DLT_PPP:
1646 case DLT_PPP_PPPD:
1647 case DLT_PPP_SERIAL:
1648 case DLT_PPP_ETHER:
1649 /*
1650 * We use Ethernet protocol types inside libpcap;
1651 * map them to the corresponding PPP protocol types.
1652 */
1653 switch (proto) {
1654
1655 case ETHERTYPE_IP:
1656 proto = PPP_IP;
1657 break;
1658
1659 #ifdef INET6
1660 case ETHERTYPE_IPV6:
1661 proto = PPP_IPV6;
1662 break;
1663 #endif
1664
1665 case ETHERTYPE_DN:
1666 proto = PPP_DECNET;
1667 break;
1668
1669 case ETHERTYPE_ATALK:
1670 proto = PPP_APPLE;
1671 break;
1672
1673 case ETHERTYPE_NS:
1674 proto = PPP_NS;
1675 break;
1676
1677 case LLCSAP_ISONS:
1678 proto = PPP_OSI;
1679 break;
1680
1681 case LLCSAP_8021D:
1682 /*
1683 * I'm assuming the "Bridging PDU"s that go
1684 * over PPP are Spanning Tree Protocol
1685 * Bridging PDUs.
1686 */
1687 proto = PPP_BRPDU;
1688 break;
1689
1690 case LLCSAP_IPX:
1691 proto = PPP_IPX;
1692 break;
1693 }
1694 break;
1695
1696 case DLT_PPP_BSDOS:
1697 /*
1698 * We use Ethernet protocol types inside libpcap;
1699 * map them to the corresponding PPP protocol types.
1700 */
1701 switch (proto) {
1702
1703 case ETHERTYPE_IP:
1704 b0 = gen_cmp(OR_LINK, off_linktype, BPF_H, PPP_IP);
1705 b1 = gen_cmp(OR_LINK, off_linktype, BPF_H, PPP_VJC);
1706 gen_or(b0, b1);
1707 b0 = gen_cmp(OR_LINK, off_linktype, BPF_H, PPP_VJNC);
1708 gen_or(b1, b0);
1709 return b0;
1710
1711 #ifdef INET6
1712 case ETHERTYPE_IPV6:
1713 proto = PPP_IPV6;
1714 /* more to go? */
1715 break;
1716 #endif
1717
1718 case ETHERTYPE_DN:
1719 proto = PPP_DECNET;
1720 break;
1721
1722 case ETHERTYPE_ATALK:
1723 proto = PPP_APPLE;
1724 break;
1725
1726 case ETHERTYPE_NS:
1727 proto = PPP_NS;
1728 break;
1729
1730 case LLCSAP_ISONS:
1731 proto = PPP_OSI;
1732 break;
1733
1734 case LLCSAP_8021D:
1735 /*
1736 * I'm assuming the "Bridging PDU"s that go
1737 * over PPP are Spanning Tree Protocol
1738 * Bridging PDUs.
1739 */
1740 proto = PPP_BRPDU;
1741 break;
1742
1743 case LLCSAP_IPX:
1744 proto = PPP_IPX;
1745 break;
1746 }
1747 break;
1748
1749 case DLT_NULL:
1750 case DLT_LOOP:
1751 case DLT_ENC:
1752 /*
1753 * For DLT_NULL, the link-layer header is a 32-bit
1754 * word containing an AF_ value in *host* byte order,
1755 * and for DLT_ENC, the link-layer header begins
1756 * with a 32-bit work containing an AF_ value in
1757 * host byte order.
1758 *
1759 * In addition, if we're reading a saved capture file,
1760 * the host byte order in the capture may not be the
1761 * same as the host byte order on this machine.
1762 *
1763 * For DLT_LOOP, the link-layer header is a 32-bit
1764 * word containing an AF_ value in *network* byte order.
1765 *
1766 * XXX - AF_ values may, unfortunately, be platform-
1767 * dependent; for example, FreeBSD's AF_INET6 is 24
1768 * whilst NetBSD's and OpenBSD's is 26.
1769 *
1770 * This means that, when reading a capture file, just
1771 * checking for our AF_INET6 value won't work if the
1772 * capture file came from another OS.
1773 */
1774 switch (proto) {
1775
1776 case ETHERTYPE_IP:
1777 proto = AF_INET;
1778 break;
1779
1780 #ifdef INET6
1781 case ETHERTYPE_IPV6:
1782 proto = AF_INET6;
1783 break;
1784 #endif
1785
1786 default:
1787 /*
1788 * Not a type on which we support filtering.
1789 * XXX - support those that have AF_ values
1790 * #defined on this platform, at least?
1791 */
1792 return gen_false();
1793 }
1794
1795 if (linktype == DLT_NULL || linktype == DLT_ENC) {
1796 /*
1797 * The AF_ value is in host byte order, but
1798 * the BPF interpreter will convert it to
1799 * network byte order.
1800 *
1801 * If this is a save file, and it's from a
1802 * machine with the opposite byte order to
1803 * ours, we byte-swap the AF_ value.
1804 *
1805 * Then we run it through "htonl()", and
1806 * generate code to compare against the result.
1807 */
1808 if (bpf_pcap->sf.rfile != NULL &&
1809 bpf_pcap->sf.swapped)
1810 proto = SWAPLONG(proto);
1811 proto = htonl(proto);
1812 }
1813 return (gen_cmp(OR_LINK, 0, BPF_W, (bpf_int32)proto));
1814
1815 case DLT_PFLOG:
1816 /*
1817 * af field is host byte order in contrast to the rest of
1818 * the packet.
1819 */
1820 if (proto == ETHERTYPE_IP)
1821 return (gen_cmp(OR_LINK, offsetof(struct pfloghdr, af),
1822 BPF_B, (bpf_int32)AF_INET));
1823 #ifdef INET6
1824 else if (proto == ETHERTYPE_IPV6)
1825 return (gen_cmp(OR_LINK, offsetof(struct pfloghdr, af),
1826 BPF_B, (bpf_int32)AF_INET6));
1827 #endif /* INET6 */
1828 else
1829 return gen_false();
1830 /*NOTREACHED*/
1831 break;
1832
1833 case DLT_ARCNET:
1834 case DLT_ARCNET_LINUX:
1835 /*
1836 * XXX should we check for first fragment if the protocol
1837 * uses PHDS?
1838 */
1839 switch (proto) {
1840
1841 default:
1842 return gen_false();
1843
1844 #ifdef INET6
1845 case ETHERTYPE_IPV6:
1846 return (gen_cmp(OR_LINK, off_linktype, BPF_B,
1847 (bpf_int32)ARCTYPE_INET6));
1848 #endif /* INET6 */
1849
1850 case ETHERTYPE_IP:
1851 b0 = gen_cmp(OR_LINK, off_linktype, BPF_B,
1852 (bpf_int32)ARCTYPE_IP);
1853 b1 = gen_cmp(OR_LINK, off_linktype, BPF_B,
1854 (bpf_int32)ARCTYPE_IP_OLD);
1855 gen_or(b0, b1);
1856 return (b1);
1857
1858 case ETHERTYPE_ARP:
1859 b0 = gen_cmp(OR_LINK, off_linktype, BPF_B,
1860 (bpf_int32)ARCTYPE_ARP);
1861 b1 = gen_cmp(OR_LINK, off_linktype, BPF_B,
1862 (bpf_int32)ARCTYPE_ARP_OLD);
1863 gen_or(b0, b1);
1864 return (b1);
1865
1866 case ETHERTYPE_REVARP:
1867 return (gen_cmp(OR_LINK, off_linktype, BPF_B,
1868 (bpf_int32)ARCTYPE_REVARP));
1869
1870 case ETHERTYPE_ATALK:
1871 return (gen_cmp(OR_LINK, off_linktype, BPF_B,
1872 (bpf_int32)ARCTYPE_ATALK));
1873 }
1874 /*NOTREACHED*/
1875 break;
1876
1877 case DLT_LTALK:
1878 switch (proto) {
1879 case ETHERTYPE_ATALK:
1880 return gen_true();
1881 default:
1882 return gen_false();
1883 }
1884 /*NOTREACHED*/
1885 break;
1886
1887 case DLT_FRELAY:
1888 /*
1889 * XXX - assumes a 2-byte Frame Relay header with
1890 * DLCI and flags. What if the address is longer?
1891 */
1892 switch (proto) {
1893
1894 case ETHERTYPE_IP:
1895 /*
1896 * Check for the special NLPID for IP.
1897 */
1898 return gen_cmp(OR_LINK, 2, BPF_H, (0x03<<8) | 0xcc);
1899
1900 #ifdef INET6
1901 case ETHERTYPE_IPV6:
1902 /*
1903 * Check for the special NLPID for IPv6.
1904 */
1905 return gen_cmp(OR_LINK, 2, BPF_H, (0x03<<8) | 0x8e);
1906 #endif
1907
1908 case LLCSAP_ISONS:
1909 /*
1910 * Check for several OSI protocols.
1911 *
1912 * Frame Relay packets typically have an OSI
1913 * NLPID at the beginning; we check for each
1914 * of them.
1915 *
1916 * What we check for is the NLPID and a frame
1917 * control field of UI, i.e. 0x03 followed
1918 * by the NLPID.
1919 */
1920 b0 = gen_cmp(OR_LINK, 2, BPF_H, (0x03<<8) | ISO8473_CLNP);
1921 b1 = gen_cmp(OR_LINK, 2, BPF_H, (0x03<<8) | ISO9542_ESIS);
1922 b2 = gen_cmp(OR_LINK, 2, BPF_H, (0x03<<8) | ISO10589_ISIS);
1923 gen_or(b1, b2);
1924 gen_or(b0, b2);
1925 return b2;
1926
1927 default:
1928 return gen_false();
1929 }
1930 /*NOTREACHED*/
1931 break;
1932
1933 case DLT_JUNIPER_MLFR:
1934 case DLT_JUNIPER_MLPPP:
1935 case DLT_JUNIPER_ATM1:
1936 case DLT_JUNIPER_ATM2:
1937 /* just lets verify the magic number for now -
1938 * on ATM we may have up to 6 different encapsulations on the wire
1939 * and need a lot of heuristics to figure out that the payload
1940 * might be;
1941 *
1942 * FIXME encapsulation specific BPF_ filters
1943 */
1944 return gen_mcmp(OR_LINK, 0, BPF_W, 0x4d474300, 0xffffff00); /* compare the magic number */
1945
1946 case DLT_LINUX_IRDA:
1947 bpf_error("IrDA link-layer type filtering not implemented");
1948
1949 case DLT_DOCSIS:
1950 bpf_error("DOCSIS link-layer type filtering not implemented");
1951
1952 case DLT_LINUX_LAPD:
1953 bpf_error("LAPD link-layer type filtering not implemented");
1954 }
1955
1956 /*
1957 * All the types that have no encapsulation should either be
1958 * handled as DLT_SLIP, DLT_SLIP_BSDOS, and DLT_RAW are, if
1959 * all packets are IP packets, or should be handled in some
1960 * special case, if none of them are (if some are and some
1961 * aren't, the lack of encapsulation is a problem, as we'd
1962 * have to find some other way of determining the packet type).
1963 *
1964 * Therefore, if "off_linktype" is -1, there's an error.
1965 */
1966 if (off_linktype == (u_int)-1)
1967 abort();
1968
1969 /*
1970 * Any type not handled above should always have an Ethernet
1971 * type at an offset of "off_linktype". (PPP is partially
1972 * handled above - the protocol type is mapped from the
1973 * Ethernet and LLC types we use internally to the corresponding
1974 * PPP type - but the PPP type is always specified by a value
1975 * at "off_linktype", so we don't have to do the code generation
1976 * above.)
1977 */
1978 return gen_cmp(OR_LINK, off_linktype, BPF_H, (bpf_int32)proto);
1979 }
1980
1981 /*
1982 * Check for an LLC SNAP packet with a given organization code and
1983 * protocol type; we check the entire contents of the 802.2 LLC and
1984 * snap headers, checking for DSAP and SSAP of SNAP and a control
1985 * field of 0x03 in the LLC header, and for the specified organization
1986 * code and protocol type in the SNAP header.
1987 */
1988 static struct block *
1989 gen_snap(orgcode, ptype, offset)
1990 bpf_u_int32 orgcode;
1991 bpf_u_int32 ptype;
1992 u_int offset;
1993 {
1994 u_char snapblock[8];
1995
1996 snapblock[0] = LLCSAP_SNAP; /* DSAP = SNAP */
1997 snapblock[1] = LLCSAP_SNAP; /* SSAP = SNAP */
1998 snapblock[2] = 0x03; /* control = UI */
1999 snapblock[3] = (orgcode >> 16); /* upper 8 bits of organization code */
2000 snapblock[4] = (orgcode >> 8); /* middle 8 bits of organization code */
2001 snapblock[5] = (orgcode >> 0); /* lower 8 bits of organization code */
2002 snapblock[6] = (ptype >> 8); /* upper 8 bits of protocol type */
2003 snapblock[7] = (ptype >> 0); /* lower 8 bits of protocol type */
2004 return gen_bcmp(OR_LINK, offset, 8, snapblock);
2005 }
2006
2007 /*
2008 * Generate code to match a particular packet type, for link-layer types
2009 * using 802.2 LLC headers.
2010 *
2011 * This is *NOT* used for Ethernet; "gen_ether_linktype()" is used
2012 * for that - it handles the D/I/X Ethernet vs. 802.3+802.2 issues.
2013 *
2014 * "proto" is an Ethernet type value, if > ETHERMTU, or an LLC SAP
2015 * value, if <= ETHERMTU. We use that to determine whether to
2016 * match the DSAP or both DSAP and LSAP or to check the OUI and
2017 * protocol ID in a SNAP header.
2018 */
2019 static struct block *
2020 gen_llc_linktype(proto)
2021 int proto;
2022 {
2023 /*
2024 * XXX - handle token-ring variable-length header.
2025 */
2026 switch (proto) {
2027
2028 case LLCSAP_IP:
2029 case LLCSAP_ISONS:
2030 case LLCSAP_NETBEUI:
2031 /*
2032 * XXX - should we check both the DSAP and the
2033 * SSAP, like this, or should we check just the
2034 * DSAP, as we do for other types <= ETHERMTU
2035 * (i.e., other SAP values)?
2036 */
2037 return gen_cmp(OR_LINK, off_linktype, BPF_H, (bpf_u_int32)
2038 ((proto << 8) | proto));
2039
2040 case LLCSAP_IPX:
2041 /*
2042 * XXX - are there ever SNAP frames for IPX on
2043 * non-Ethernet 802.x networks?
2044 */
2045 return gen_cmp(OR_LINK, off_linktype, BPF_B,
2046 (bpf_int32)LLCSAP_IPX);
2047
2048 case ETHERTYPE_ATALK:
2049 /*
2050 * 802.2-encapsulated ETHERTYPE_ATALK packets are
2051 * SNAP packets with an organization code of
2052 * 0x080007 (Apple, for Appletalk) and a protocol
2053 * type of ETHERTYPE_ATALK (Appletalk).
2054 *
2055 * XXX - check for an organization code of
2056 * encapsulated Ethernet as well?
2057 */
2058 return gen_snap(0x080007, ETHERTYPE_ATALK, off_linktype);
2059
2060 default:
2061 /*
2062 * XXX - we don't have to check for IPX 802.3
2063 * here, but should we check for the IPX Ethertype?
2064 */
2065 if (proto <= ETHERMTU) {
2066 /*
2067 * This is an LLC SAP value, so check
2068 * the DSAP.
2069 */
2070 return gen_cmp(OR_LINK, off_linktype, BPF_B,
2071 (bpf_int32)proto);
2072 } else {
2073 /*
2074 * This is an Ethernet type; we assume that it's
2075 * unlikely that it'll appear in the right place
2076 * at random, and therefore check only the
2077 * location that would hold the Ethernet type
2078 * in a SNAP frame with an organization code of
2079 * 0x000000 (encapsulated Ethernet).
2080 *
2081 * XXX - if we were to check for the SNAP DSAP and
2082 * LSAP, as per XXX, and were also to check for an
2083 * organization code of 0x000000 (encapsulated
2084 * Ethernet), we'd do
2085 *
2086 * return gen_snap(0x000000, proto,
2087 * off_linktype);
2088 *
2089 * here; for now, we don't, as per the above.
2090 * I don't know whether it's worth the extra CPU
2091 * time to do the right check or not.
2092 */
2093 return gen_cmp(OR_LINK, off_linktype+6, BPF_H,
2094 (bpf_int32)proto);
2095 }
2096 }
2097 }
2098
2099 static struct block *
2100 gen_hostop(addr, mask, dir, proto, src_off, dst_off)
2101 bpf_u_int32 addr;
2102 bpf_u_int32 mask;
2103 int dir, proto;
2104 u_int src_off, dst_off;
2105 {
2106 struct block *b0, *b1;
2107 u_int offset;
2108
2109 switch (dir) {
2110
2111 case Q_SRC:
2112 offset = src_off;
2113 break;
2114
2115 case Q_DST:
2116 offset = dst_off;
2117 break;
2118
2119 case Q_AND:
2120 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
2121 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
2122 gen_and(b0, b1);
2123 return b1;
2124
2125 case Q_OR:
2126 case Q_DEFAULT:
2127 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
2128 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
2129 gen_or(b0, b1);
2130 return b1;
2131
2132 default:
2133 abort();
2134 }
2135 b0 = gen_linktype(proto);
2136 b1 = gen_mcmp(OR_NET, offset, BPF_W, (bpf_int32)addr, mask);
2137 gen_and(b0, b1);
2138 return b1;
2139 }
2140
2141 #ifdef INET6
2142 static struct block *
2143 gen_hostop6(addr, mask, dir, proto, src_off, dst_off)
2144 struct in6_addr *addr;
2145 struct in6_addr *mask;
2146 int dir, proto;
2147 u_int src_off, dst_off;
2148 {
2149 struct block *b0, *b1;
2150 u_int offset;
2151 u_int32_t *a, *m;
2152
2153 switch (dir) {
2154
2155 case Q_SRC:
2156 offset = src_off;
2157 break;
2158
2159 case Q_DST:
2160 offset = dst_off;
2161 break;
2162
2163 case Q_AND:
2164 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
2165 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
2166 gen_and(b0, b1);
2167 return b1;
2168
2169 case Q_OR:
2170 case Q_DEFAULT:
2171 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
2172 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
2173 gen_or(b0, b1);
2174 return b1;
2175
2176 default:
2177 abort();
2178 }
2179 /* this order is important */
2180 a = (u_int32_t *)addr;
2181 m = (u_int32_t *)mask;
2182 b1 = gen_mcmp(OR_NET, offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3]));
2183 b0 = gen_mcmp(OR_NET, offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2]));
2184 gen_and(b0, b1);
2185 b0 = gen_mcmp(OR_NET, offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1]));
2186 gen_and(b0, b1);
2187 b0 = gen_mcmp(OR_NET, offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0]));
2188 gen_and(b0, b1);
2189 b0 = gen_linktype(proto);
2190 gen_and(b0, b1);
2191 return b1;
2192 }
2193 #endif /*INET6*/
2194
2195 static struct block *
2196 gen_ehostop(eaddr, dir)
2197 register const u_char *eaddr;
2198 register int dir;
2199 {
2200 register struct block *b0, *b1;
2201
2202 switch (dir) {
2203 case Q_SRC:
2204 return gen_bcmp(OR_LINK, off_mac + 6, 6, eaddr);
2205
2206 case Q_DST:
2207 return gen_bcmp(OR_LINK, off_mac + 0, 6, eaddr);
2208
2209 case Q_AND:
2210 b0 = gen_ehostop(eaddr, Q_SRC);
2211 b1 = gen_ehostop(eaddr, Q_DST);
2212 gen_and(b0, b1);
2213 return b1;
2214
2215 case Q_DEFAULT:
2216 case Q_OR:
2217 b0 = gen_ehostop(eaddr, Q_SRC);
2218 b1 = gen_ehostop(eaddr, Q_DST);
2219 gen_or(b0, b1);
2220 return b1;
2221 }
2222 abort();
2223 /* NOTREACHED */
2224 }
2225
2226 /*
2227 * Like gen_ehostop, but for DLT_FDDI
2228 */
2229 static struct block *
2230 gen_fhostop(eaddr, dir)
2231 register const u_char *eaddr;
2232 register int dir;
2233 {
2234 struct block *b0, *b1;
2235
2236 switch (dir) {
2237 case Q_SRC:
2238 #ifdef PCAP_FDDIPAD
2239 return gen_bcmp(OR_LINK, 6 + 1 + pcap_fddipad, 6, eaddr);
2240 #else
2241 return gen_bcmp(OR_LINK, 6 + 1, 6, eaddr);
2242 #endif
2243
2244 case Q_DST:
2245 #ifdef PCAP_FDDIPAD
2246 return gen_bcmp(OR_LINK, 0 + 1 + pcap_fddipad, 6, eaddr);
2247 #else
2248 return gen_bcmp(OR_LINK, 0 + 1, 6, eaddr);
2249 #endif
2250
2251 case Q_AND:
2252 b0 = gen_fhostop(eaddr, Q_SRC);
2253 b1 = gen_fhostop(eaddr, Q_DST);
2254 gen_and(b0, b1);
2255 return b1;
2256
2257 case Q_DEFAULT:
2258 case Q_OR:
2259 b0 = gen_fhostop(eaddr, Q_SRC);
2260 b1 = gen_fhostop(eaddr, Q_DST);
2261 gen_or(b0, b1);
2262 return b1;
2263 }
2264 abort();
2265 /* NOTREACHED */
2266 }
2267
2268 /*
2269 * Like gen_ehostop, but for DLT_IEEE802 (Token Ring)
2270 */
2271 static struct block *
2272 gen_thostop(eaddr, dir)
2273 register const u_char *eaddr;
2274 register int dir;
2275 {
2276 register struct block *b0, *b1;
2277
2278 switch (dir) {
2279 case Q_SRC:
2280 return gen_bcmp(OR_LINK, 8, 6, eaddr);
2281
2282 case Q_DST:
2283 return gen_bcmp(OR_LINK, 2, 6, eaddr);
2284
2285 case Q_AND:
2286 b0 = gen_thostop(eaddr, Q_SRC);
2287 b1 = gen_thostop(eaddr, Q_DST);
2288 gen_and(b0, b1);
2289 return b1;
2290
2291 case Q_DEFAULT:
2292 case Q_OR:
2293 b0 = gen_thostop(eaddr, Q_SRC);
2294 b1 = gen_thostop(eaddr, Q_DST);
2295 gen_or(b0, b1);
2296 return b1;
2297 }
2298 abort();
2299 /* NOTREACHED */
2300 }
2301
2302 /*
2303 * Like gen_ehostop, but for DLT_IEEE802_11 (802.11 wireless LAN)
2304 */
2305 static struct block *
2306 gen_wlanhostop(eaddr, dir)
2307 register const u_char *eaddr;
2308 register int dir;
2309 {
2310 register struct block *b0, *b1, *b2;
2311 register struct slist *s;
2312
2313 switch (dir) {
2314 case Q_SRC:
2315 /*
2316 * Oh, yuk.
2317 *
2318 * For control frames, there is no SA.
2319 *
2320 * For management frames, SA is at an
2321 * offset of 10 from the beginning of
2322 * the packet.
2323 *
2324 * For data frames, SA is at an offset
2325 * of 10 from the beginning of the packet
2326 * if From DS is clear, at an offset of
2327 * 16 from the beginning of the packet
2328 * if From DS is set and To DS is clear,
2329 * and an offset of 24 from the beginning
2330 * of the packet if From DS is set and To DS
2331 * is set.
2332 */
2333
2334 /*
2335 * Generate the tests to be done for data frames
2336 * with From DS set.
2337 *
2338 * First, check for To DS set, i.e. check "link[1] & 0x01".
2339 */
2340 s = gen_load_a(OR_LINK, 1, BPF_B);
2341 b1 = new_block(JMP(BPF_JSET));
2342 b1->s.k = 0x01; /* To DS */
2343 b1->stmts = s;
2344
2345 /*
2346 * If To DS is set, the SA is at 24.
2347 */
2348 b0 = gen_bcmp(OR_LINK, 24, 6, eaddr);
2349 gen_and(b1, b0);
2350
2351 /*
2352 * Now, check for To DS not set, i.e. check
2353 * "!(link[1] & 0x01)".
2354 */
2355 s = gen_load_a(OR_LINK, 1, BPF_B);
2356 b2 = new_block(JMP(BPF_JSET));
2357 b2->s.k = 0x01; /* To DS */
2358 b2->stmts = s;
2359 gen_not(b2);
2360
2361 /*
2362 * If To DS is not set, the SA is at 16.
2363 */
2364 b1 = gen_bcmp(OR_LINK, 16, 6, eaddr);
2365 gen_and(b2, b1);
2366
2367 /*
2368 * Now OR together the last two checks. That gives
2369 * the complete set of checks for data frames with
2370 * From DS set.
2371 */
2372 gen_or(b1, b0);
2373
2374 /*
2375 * Now check for From DS being set, and AND that with
2376 * the ORed-together checks.
2377 */
2378 s = gen_load_a(OR_LINK, 1, BPF_B);
2379 b1 = new_block(JMP(BPF_JSET));
2380 b1->s.k = 0x02; /* From DS */
2381 b1->stmts = s;
2382 gen_and(b1, b0);
2383
2384 /*
2385 * Now check for data frames with From DS not set.
2386 */
2387 s = gen_load_a(OR_LINK, 1, BPF_B);
2388 b2 = new_block(JMP(BPF_JSET));
2389 b2->s.k = 0x02; /* From DS */
2390 b2->stmts = s;
2391 gen_not(b2);
2392
2393 /*
2394 * If From DS isn't set, the SA is at 10.
2395 */
2396 b1 = gen_bcmp(OR_LINK, 10, 6, eaddr);
2397 gen_and(b2, b1);
2398
2399 /*
2400 * Now OR together the checks for data frames with
2401 * From DS not set and for data frames with From DS
2402 * set; that gives the checks done for data frames.
2403 */
2404 gen_or(b1, b0);
2405
2406 /*
2407 * Now check for a data frame.
2408 * I.e, check "link[0] & 0x08".
2409 */
2410 gen_load_a(OR_LINK, 0, BPF_B);
2411 b1 = new_block(JMP(BPF_JSET));
2412 b1->s.k = 0x08;
2413 b1->stmts = s;
2414
2415 /*
2416 * AND that with the checks done for data frames.
2417 */
2418 gen_and(b1, b0);
2419
2420 /*
2421 * If the high-order bit of the type value is 0, this
2422 * is a management frame.
2423 * I.e, check "!(link[0] & 0x08)".
2424 */
2425 s = gen_load_a(OR_LINK, 0, BPF_B);
2426 b2 = new_block(JMP(BPF_JSET));
2427 b2->s.k = 0x08;
2428 b2->stmts = s;
2429 gen_not(b2);
2430
2431 /*
2432 * For management frames, the SA is at 10.
2433 */
2434 b1 = gen_bcmp(OR_LINK, 10, 6, eaddr);
2435 gen_and(b2, b1);
2436
2437 /*
2438 * OR that with the checks done for data frames.
2439 * That gives the checks done for management and
2440 * data frames.
2441 */
2442 gen_or(b1, b0);
2443
2444 /*
2445 * If the low-order bit of the type value is 1,
2446 * this is either a control frame or a frame
2447 * with a reserved type, and thus not a
2448 * frame with an SA.
2449 *
2450 * I.e., check "!(link[0] & 0x04)".
2451 */
2452 s = gen_load_a(OR_LINK, 0, BPF_B);
2453 b1 = new_block(JMP(BPF_JSET));
2454 b1->s.k = 0x04;
2455 b1->stmts = s;
2456 gen_not(b1);
2457
2458 /*
2459 * AND that with the checks for data and management
2460 * frames.
2461 */
2462 gen_and(b1, b0);
2463 return b0;
2464
2465 case Q_DST:
2466 /*
2467 * Oh, yuk.
2468 *
2469 * For control frames, there is no DA.
2470 *
2471 * For management frames, DA is at an
2472 * offset of 4 from the beginning of
2473 * the packet.
2474 *
2475 * For data frames, DA is at an offset
2476 * of 4 from the beginning of the packet
2477 * if To DS is clear and at an offset of
2478 * 16 from the beginning of the packet
2479 * if To DS is set.
2480 */
2481
2482 /*
2483 * Generate the tests to be done for data frames.
2484 *
2485 * First, check for To DS set, i.e. "link[1] & 0x01".
2486 */
2487 s = gen_load_a(OR_LINK, 1, BPF_B);
2488 b1 = new_block(JMP(BPF_JSET));
2489 b1->s.k = 0x01; /* To DS */
2490 b1->stmts = s;
2491
2492 /*
2493 * If To DS is set, the DA is at 16.
2494 */
2495 b0 = gen_bcmp(OR_LINK, 16, 6, eaddr);
2496 gen_and(b1, b0);
2497
2498 /*
2499 * Now, check for To DS not set, i.e. check
2500 * "!(link[1] & 0x01)".
2501 */
2502 s = gen_load_a(OR_LINK, 1, BPF_B);
2503 b2 = new_block(JMP(BPF_JSET));
2504 b2->s.k = 0x01; /* To DS */
2505 b2->stmts = s;
2506 gen_not(b2);
2507
2508 /*
2509 * If To DS is not set, the DA is at 4.
2510 */
2511 b1 = gen_bcmp(OR_LINK, 4, 6, eaddr);
2512 gen_and(b2, b1);
2513
2514 /*
2515 * Now OR together the last two checks. That gives
2516 * the complete set of checks for data frames.
2517 */
2518 gen_or(b1, b0);
2519
2520 /*
2521 * Now check for a data frame.
2522 * I.e, check "link[0] & 0x08".
2523 */
2524 s = gen_load_a(OR_LINK, 0, BPF_B);
2525 b1 = new_block(JMP(BPF_JSET));
2526 b1->s.k = 0x08;
2527 b1->stmts = s;
2528
2529 /*
2530 * AND that with the checks done for data frames.
2531 */
2532 gen_and(b1, b0);
2533
2534 /*
2535 * If the high-order bit of the type value is 0, this
2536 * is a management frame.
2537 * I.e, check "!(link[0] & 0x08)".
2538 */
2539 s = gen_load_a(OR_LINK, 0, BPF_B);
2540 b2 = new_block(JMP(BPF_JSET));
2541 b2->s.k = 0x08;
2542 b2->stmts = s;
2543 gen_not(b2);
2544
2545 /*
2546 * For management frames, the DA is at 4.
2547 */
2548 b1 = gen_bcmp(OR_LINK, 4, 6, eaddr);
2549 gen_and(b2, b1);
2550
2551 /*
2552 * OR that with the checks done for data frames.
2553 * That gives the checks done for management and
2554 * data frames.
2555 */
2556 gen_or(b1, b0);
2557
2558 /*
2559 * If the low-order bit of the type value is 1,
2560 * this is either a control frame or a frame
2561 * with a reserved type, and thus not a
2562 * frame with an SA.
2563 *
2564 * I.e., check "!(link[0] & 0x04)".
2565 */
2566 s = gen_load_a(OR_LINK, 0, BPF_B);
2567 b1 = new_block(JMP(BPF_JSET));
2568 b1->s.k = 0x04;
2569 b1->stmts = s;
2570 gen_not(b1);
2571
2572 /*
2573 * AND that with the checks for data and management
2574 * frames.
2575 */
2576 gen_and(b1, b0);
2577 return b0;
2578
2579 case Q_AND:
2580 b0 = gen_wlanhostop(eaddr, Q_SRC);
2581 b1 = gen_wlanhostop(eaddr, Q_DST);
2582 gen_and(b0, b1);
2583 return b1;
2584
2585 case Q_DEFAULT:
2586 case Q_OR:
2587 b0 = gen_wlanhostop(eaddr, Q_SRC);
2588 b1 = gen_wlanhostop(eaddr, Q_DST);
2589 gen_or(b0, b1);
2590 return b1;
2591 }
2592 abort();
2593 /* NOTREACHED */
2594 }
2595
2596 /*
2597 * Like gen_ehostop, but for RFC 2625 IP-over-Fibre-Channel.
2598 * (We assume that the addresses are IEEE 48-bit MAC addresses,
2599 * as the RFC states.)
2600 */
2601 static struct block *
2602 gen_ipfchostop(eaddr, dir)
2603 register const u_char *eaddr;
2604 register int dir;
2605 {
2606 register struct block *b0, *b1;
2607
2608 switch (dir) {
2609 case Q_SRC:
2610 return gen_bcmp(OR_LINK, 10, 6, eaddr);
2611
2612 case Q_DST:
2613 return gen_bcmp(OR_LINK, 2, 6, eaddr);
2614
2615 case Q_AND:
2616 b0 = gen_ipfchostop(eaddr, Q_SRC);
2617 b1 = gen_ipfchostop(eaddr, Q_DST);
2618 gen_and(b0, b1);
2619 return b1;
2620
2621 case Q_DEFAULT:
2622 case Q_OR:
2623 b0 = gen_ipfchostop(eaddr, Q_SRC);
2624 b1 = gen_ipfchostop(eaddr, Q_DST);
2625 gen_or(b0, b1);
2626 return b1;
2627 }
2628 abort();
2629 /* NOTREACHED */
2630 }
2631
2632 /*
2633 * This is quite tricky because there may be pad bytes in front of the
2634 * DECNET header, and then there are two possible data packet formats that
2635 * carry both src and dst addresses, plus 5 packet types in a format that
2636 * carries only the src node, plus 2 types that use a different format and
2637 * also carry just the src node.
2638 *
2639 * Yuck.
2640 *
2641 * Instead of doing those all right, we just look for data packets with
2642 * 0 or 1 bytes of padding. If you want to look at other packets, that
2643 * will require a lot more hacking.
2644 *
2645 * To add support for filtering on DECNET "areas" (network numbers)
2646 * one would want to add a "mask" argument to this routine. That would
2647 * make the filter even more inefficient, although one could be clever
2648 * and not generate masking instructions if the mask is 0xFFFF.
2649 */
2650 static struct block *
2651 gen_dnhostop(addr, dir)
2652 bpf_u_int32 addr;
2653 int dir;
2654 {
2655 struct block *b0, *b1, *b2, *tmp;
2656 u_int offset_lh; /* offset if long header is received */
2657 u_int offset_sh; /* offset if short header is received */
2658
2659 switch (dir) {
2660
2661 case Q_DST:
2662 offset_sh = 1; /* follows flags */
2663 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */
2664 break;
2665
2666 case Q_SRC:
2667 offset_sh = 3; /* follows flags, dstnode */
2668 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */
2669 break;
2670
2671 case Q_AND:
2672 /* Inefficient because we do our Calvinball dance twice */
2673 b0 = gen_dnhostop(addr, Q_SRC);
2674 b1 = gen_dnhostop(addr, Q_DST);
2675 gen_and(b0, b1);
2676 return b1;
2677
2678 case Q_OR:
2679 case Q_DEFAULT:
2680 /* Inefficient because we do our Calvinball dance twice */
2681 b0 = gen_dnhostop(addr, Q_SRC);
2682 b1 = gen_dnhostop(addr, Q_DST);
2683 gen_or(b0, b1);
2684 return b1;
2685
2686 case Q_ISO:
2687 bpf_error("ISO host filtering not implemented");
2688
2689 default:
2690 abort();
2691 }
2692 b0 = gen_linktype(ETHERTYPE_DN);
2693 /* Check for pad = 1, long header case */
2694 tmp = gen_mcmp(OR_NET, 2, BPF_H,
2695 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF));
2696 b1 = gen_cmp(OR_NET, 2 + 1 + offset_lh,
2697 BPF_H, (bpf_int32)ntohs(addr));
2698 gen_and(tmp, b1);
2699 /* Check for pad = 0, long header case */
2700 tmp = gen_mcmp(OR_NET, 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7);
2701 b2 = gen_cmp(OR_NET, 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr));
2702 gen_and(tmp, b2);
2703 gen_or(b2, b1);
2704 /* Check for pad = 1, short header case */
2705 tmp = gen_mcmp(OR_NET, 2, BPF_H,
2706 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF));
2707 b2 = gen_cmp(OR_NET, 2 + 1 + offset_sh, BPF_H, (bpf_int32)ntohs(addr));
2708 gen_and(tmp, b2);
2709 gen_or(b2, b1);
2710 /* Check for pad = 0, short header case */
2711 tmp = gen_mcmp(OR_NET, 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7);
2712 b2 = gen_cmp(OR_NET, 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr));
2713 gen_and(tmp, b2);
2714 gen_or(b2, b1);
2715
2716 /* Combine with test for linktype */
2717 gen_and(b0, b1);
2718 return b1;
2719 }
2720
2721 static struct block *
2722 gen_host(addr, mask, proto, dir)
2723 bpf_u_int32 addr;
2724 bpf_u_int32 mask;
2725 int proto;
2726 int dir;
2727 {
2728 struct block *b0, *b1;
2729
2730 switch (proto) {
2731
2732 case Q_DEFAULT:
2733 b0 = gen_host(addr, mask, Q_IP, dir);
2734 if (off_linktype != (u_int)-1) {
2735 b1 = gen_host(addr, mask, Q_ARP, dir);
2736 gen_or(b0, b1);
2737 b0 = gen_host(addr, mask, Q_RARP, dir);
2738 gen_or(b1, b0);
2739 }
2740 return b0;
2741
2742 case Q_IP:
2743 return gen_hostop(addr, mask, dir, ETHERTYPE_IP, 12, 16);
2744
2745 case Q_RARP:
2746 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP, 14, 24);
2747
2748 case Q_ARP:
2749 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP, 14, 24);
2750
2751 case Q_TCP:
2752 bpf_error("'tcp' modifier applied to host");
2753
2754 case Q_SCTP:
2755 bpf_error("'sctp' modifier applied to host");
2756
2757 case Q_UDP:
2758 bpf_error("'udp' modifier applied to host");
2759
2760 case Q_ICMP:
2761 bpf_error("'icmp' modifier applied to host");
2762
2763 case Q_IGMP:
2764 bpf_error("'igmp' modifier applied to host");
2765
2766 case Q_IGRP:
2767 bpf_error("'igrp' modifier applied to host");
2768
2769 case Q_PIM:
2770 bpf_error("'pim' modifier applied to host");
2771
2772 case Q_VRRP:
2773 bpf_error("'vrrp' modifier applied to host");
2774
2775 case Q_ATALK:
2776 bpf_error("ATALK host filtering not implemented");
2777
2778 case Q_AARP:
2779 bpf_error("AARP host filtering not implemented");
2780
2781 case Q_DECNET:
2782 return gen_dnhostop(addr, dir);
2783
2784 case Q_SCA:
2785 bpf_error("SCA host filtering not implemented");
2786
2787 case Q_LAT:
2788 bpf_error("LAT host filtering not implemented");
2789
2790 case Q_MOPDL:
2791 bpf_error("MOPDL host filtering not implemented");
2792
2793 case Q_MOPRC:
2794 bpf_error("MOPRC host filtering not implemented");
2795
2796 #ifdef INET6
2797 case Q_IPV6:
2798 bpf_error("'ip6' modifier applied to ip host");
2799
2800 case Q_ICMPV6:
2801 bpf_error("'icmp6' modifier applied to host");
2802 #endif /* INET6 */
2803
2804 case Q_AH:
2805 bpf_error("'ah' modifier applied to host");
2806
2807 case Q_ESP:
2808 bpf_error("'esp' modifier applied to host");
2809
2810 case Q_ISO:
2811 bpf_error("ISO host filtering not implemented");
2812
2813 case Q_ESIS:
2814 bpf_error("'esis' modifier applied to host");
2815
2816 case Q_ISIS:
2817 bpf_error("'isis' modifier applied to host");
2818
2819 case Q_CLNP:
2820 bpf_error("'clnp' modifier applied to host");
2821
2822 case Q_STP:
2823 bpf_error("'stp' modifier applied to host");
2824
2825 case Q_IPX:
2826 bpf_error("IPX host filtering not implemented");
2827
2828 case Q_NETBEUI:
2829 bpf_error("'netbeui' modifier applied to host");
2830
2831 default:
2832 abort();
2833 }
2834 /* NOTREACHED */
2835 }
2836
2837 #ifdef INET6
2838 static struct block *
2839 gen_host6(addr, mask, proto, dir)
2840 struct in6_addr *addr;
2841 struct in6_addr *mask;
2842 int proto;
2843 int dir;
2844 {
2845 switch (proto) {
2846
2847 case Q_DEFAULT:
2848 return gen_host6(addr, mask, Q_IPV6, dir);
2849
2850 case Q_IP:
2851 bpf_error("'ip' modifier applied to ip6 host");
2852
2853 case Q_RARP:
2854 bpf_error("'rarp' modifier applied to ip6 host");
2855
2856 case Q_ARP:
2857 bpf_error("'arp' modifier applied to ip6 host");
2858
2859 case Q_SCTP:
2860 bpf_error("'sctp' modifier applied to host");
2861
2862 case Q_TCP:
2863 bpf_error("'tcp' modifier applied to host");
2864
2865 case Q_UDP:
2866 bpf_error("'udp' modifier applied to host");
2867
2868 case Q_ICMP:
2869 bpf_error("'icmp' modifier applied to host");
2870
2871 case Q_IGMP:
2872 bpf_error("'igmp' modifier applied to host");
2873
2874 case Q_IGRP:
2875 bpf_error("'igrp' modifier applied to host");
2876
2877 case Q_PIM:
2878 bpf_error("'pim' modifier applied to host");
2879
2880 case Q_VRRP:
2881 bpf_error("'vrrp' modifier applied to host");
2882
2883 case Q_ATALK:
2884 bpf_error("ATALK host filtering not implemented");
2885
2886 case Q_AARP:
2887 bpf_error("AARP host filtering not implemented");
2888
2889 case Q_DECNET:
2890 bpf_error("'decnet' modifier applied to ip6 host");
2891
2892 case Q_SCA:
2893 bpf_error("SCA host filtering not implemented");
2894
2895 case Q_LAT:
2896 bpf_error("LAT host filtering not implemented");
2897
2898 case Q_MOPDL:
2899 bpf_error("MOPDL host filtering not implemented");
2900
2901 case Q_MOPRC:
2902 bpf_error("MOPRC host filtering not implemented");
2903
2904 case Q_IPV6:
2905 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6, 8, 24);
2906
2907 case Q_ICMPV6:
2908 bpf_error("'icmp6' modifier applied to host");
2909
2910 case Q_AH:
2911 bpf_error("'ah' modifier applied to host");
2912
2913 case Q_ESP:
2914 bpf_error("'esp' modifier applied to host");
2915
2916 case Q_ISO:
2917 bpf_error("ISO host filtering not implemented");
2918
2919 case Q_ESIS:
2920 bpf_error("'esis' modifier applied to host");
2921
2922 case Q_ISIS:
2923 bpf_error("'isis' modifier applied to host");
2924
2925 case Q_CLNP:
2926 bpf_error("'clnp' modifier applied to host");
2927
2928 case Q_STP:
2929 bpf_error("'stp' modifier applied to host");
2930
2931 case Q_IPX:
2932 bpf_error("IPX host filtering not implemented");
2933
2934 case Q_NETBEUI:
2935 bpf_error("'netbeui' modifier applied to host");
2936
2937 default:
2938 abort();
2939 }
2940 /* NOTREACHED */
2941 }
2942 #endif /*INET6*/
2943
2944 #ifndef INET6
2945 static struct block *
2946 gen_gateway(eaddr, alist, proto, dir)
2947 const u_char *eaddr;
2948 bpf_u_int32 **alist;
2949 int proto;
2950 int dir;
2951 {
2952 struct block *b0, *b1, *tmp;
2953
2954 if (dir != 0)
2955 bpf_error("direction applied to 'gateway'");
2956
2957 switch (proto) {
2958 case Q_DEFAULT:
2959 case Q_IP:
2960 case Q_ARP:
2961 case Q_RARP:
2962 if (linktype == DLT_EN10MB)
2963 b0 = gen_ehostop(eaddr, Q_OR);
2964 else if (linktype == DLT_FDDI)
2965 b0 = gen_fhostop(eaddr, Q_OR);
2966 else if (linktype == DLT_IEEE802)
2967 b0 = gen_thostop(eaddr, Q_OR);
2968 else if (linktype == DLT_IEEE802_11)
2969 b0 = gen_wlanhostop(eaddr, Q_OR);
2970 else if (linktype == DLT_SUNATM && is_lane) {
2971 /*
2972 * Check that the packet doesn't begin with an
2973 * LE Control marker. (We've already generated
2974 * a test for LANE.)
2975 */
2976 b1 = gen_cmp(OR_LINK, SUNATM_PKT_BEGIN_POS, BPF_H,
2977 0xFF00);
2978 gen_not(b1);
2979
2980 /*
2981 * Now check the MAC address.
2982 */
2983 b0 = gen_ehostop(eaddr, Q_OR);
2984 gen_and(b1, b0);
2985 } else if (linktype == DLT_IP_OVER_FC)
2986 b0 = gen_ipfchostop(eaddr, Q_OR);
2987 else
2988 bpf_error(
2989 "'gateway' supported only on ethernet/FDDI/token ring/802.11/Fibre Channel");
2990
2991 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR);
2992 while (*alist) {
2993 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR);
2994 gen_or(b1, tmp);
2995 b1 = tmp;
2996 }
2997 gen_not(b1);
2998 gen_and(b0, b1);
2999 return b1;
3000 }
3001 bpf_error("illegal modifier of 'gateway'");
3002 /* NOTREACHED */
3003 }
3004 #endif
3005
3006 struct block *
3007 gen_proto_abbrev(proto)
3008 int proto;
3009 {
3010 struct block *b0;
3011 struct block *b1;
3012
3013 switch (proto) {
3014
3015 case Q_SCTP:
3016 b1 = gen_proto(IPPROTO_SCTP, Q_IP, Q_DEFAULT);
3017 #ifdef INET6
3018 b0 = gen_proto(IPPROTO_SCTP, Q_IPV6, Q_DEFAULT);
3019 gen_or(b0, b1);
3020 #endif
3021 break;
3022
3023 case Q_TCP:
3024 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT);
3025 #ifdef INET6
3026 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT);
3027 gen_or(b0, b1);
3028 #endif
3029 break;
3030
3031 case Q_UDP:
3032 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT);
3033 #ifdef INET6
3034 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT);
3035 gen_or(b0, b1);
3036 #endif
3037 break;
3038
3039 case Q_ICMP:
3040 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT);
3041 break;
3042
3043 #ifndef IPPROTO_IGMP
3044 #define IPPROTO_IGMP 2
3045 #endif
3046
3047 case Q_IGMP:
3048 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT);
3049 break;
3050
3051 #ifndef IPPROTO_IGRP
3052 #define IPPROTO_IGRP 9
3053 #endif
3054 case Q_IGRP:
3055 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT);
3056 break;
3057
3058 #ifndef IPPROTO_PIM
3059 #define IPPROTO_PIM 103
3060 #endif
3061
3062 case Q_PIM:
3063 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT);
3064 #ifdef INET6
3065 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT);
3066 gen_or(b0, b1);
3067 #endif
3068 break;
3069
3070 #ifndef IPPROTO_VRRP
3071 #define IPPROTO_VRRP 112
3072 #endif
3073
3074 case Q_VRRP:
3075 b1 = gen_proto(IPPROTO_VRRP, Q_IP, Q_DEFAULT);
3076 break;
3077
3078 case Q_IP:
3079 b1 = gen_linktype(ETHERTYPE_IP);
3080 break;
3081
3082 case Q_ARP:
3083 b1 = gen_linktype(ETHERTYPE_ARP);
3084 break;
3085
3086 case Q_RARP:
3087 b1 = gen_linktype(ETHERTYPE_REVARP);
3088 break;
3089
3090 case Q_LINK:
3091 bpf_error("link layer applied in wrong context");
3092
3093 case Q_ATALK:
3094 b1 = gen_linktype(ETHERTYPE_ATALK);
3095 break;
3096
3097 case Q_AARP:
3098 b1 = gen_linktype(ETHERTYPE_AARP);
3099 break;
3100
3101 case Q_DECNET:
3102 b1 = gen_linktype(ETHERTYPE_DN);
3103 break;
3104
3105 case Q_SCA:
3106 b1 = gen_linktype(ETHERTYPE_SCA);
3107 break;
3108
3109 case Q_LAT:
3110 b1 = gen_linktype(ETHERTYPE_LAT);
3111 break;
3112
3113 case Q_MOPDL:
3114 b1 = gen_linktype(ETHERTYPE_MOPDL);
3115 break;
3116
3117 case Q_MOPRC:
3118 b1 = gen_linktype(ETHERTYPE_MOPRC);
3119 break;
3120
3121 #ifdef INET6
3122 case Q_IPV6:
3123 b1 = gen_linktype(ETHERTYPE_IPV6);
3124 break;
3125
3126 #ifndef IPPROTO_ICMPV6
3127 #define IPPROTO_ICMPV6 58
3128 #endif
3129 case Q_ICMPV6:
3130 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT);
3131 break;
3132 #endif /* INET6 */
3133
3134 #ifndef IPPROTO_AH
3135 #define IPPROTO_AH 51
3136 #endif
3137 case Q_AH:
3138 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT);
3139 #ifdef INET6
3140 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT);
3141 gen_or(b0, b1);
3142 #endif
3143 break;
3144
3145 #ifndef IPPROTO_ESP
3146 #define IPPROTO_ESP 50
3147 #endif
3148 case Q_ESP:
3149 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT);
3150 #ifdef INET6
3151 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT);
3152 gen_or(b0, b1);
3153 #endif
3154 break;
3155
3156 case Q_ISO:
3157 b1 = gen_linktype(LLCSAP_ISONS);
3158 break;
3159
3160 case Q_ESIS:
3161 b1 = gen_proto(ISO9542_ESIS, Q_ISO, Q_DEFAULT);
3162 break;
3163
3164 case Q_ISIS:
3165 b1 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT);
3166 break;
3167
3168 case Q_ISIS_L1: /* all IS-IS Level1 PDU-Types */
3169 b0 = gen_proto(ISIS_L1_LAN_IIH, Q_ISIS, Q_DEFAULT);
3170 b1 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT); /* FIXME extract the circuit-type bits */
3171 gen_or(b0, b1);
3172 b0 = gen_proto(ISIS_L1_LSP, Q_ISIS, Q_DEFAULT);
3173 gen_or(b0, b1);
3174 b0 = gen_proto(ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT);
3175 gen_or(b0, b1);
3176 b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT);
3177 gen_or(b0, b1);
3178 break;
3179
3180 case Q_ISIS_L2: /* all IS-IS Level2 PDU-Types */
3181 b0 = gen_proto(ISIS_L2_LAN_IIH, Q_ISIS, Q_DEFAULT);
3182 b1 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT); /* FIXME extract the circuit-type bits */
3183 gen_or(b0, b1);
3184 b0 = gen_proto(ISIS_L2_LSP, Q_ISIS, Q_DEFAULT);
3185 gen_or(b0, b1);
3186 b0 = gen_proto(ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT);
3187 gen_or(b0, b1);
3188 b0 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT);
3189 gen_or(b0, b1);
3190 break;
3191
3192 case Q_ISIS_IIH: /* all IS-IS Hello PDU-Types */
3193 b0 = gen_proto(ISIS_L1_LAN_IIH, Q_ISIS, Q_DEFAULT);
3194 b1 = gen_proto(ISIS_L2_LAN_IIH, Q_ISIS, Q_DEFAULT);
3195 gen_or(b0, b1);
3196 b0 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT);
3197 gen_or(b0, b1);
3198 break;
3199
3200 case Q_ISIS_LSP:
3201 b0 = gen_proto(ISIS_L1_LSP, Q_ISIS, Q_DEFAULT);
3202 b1 = gen_proto(ISIS_L2_LSP, Q_ISIS, Q_DEFAULT);
3203 gen_or(b0, b1);
3204 break;
3205
3206 case Q_ISIS_SNP:
3207 b0 = gen_proto(ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT);
3208 b1 = gen_proto(ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT);
3209 gen_or(b0, b1);
3210 b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT);
3211 gen_or(b0, b1);
3212 b0 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT);
3213 gen_or(b0, b1);
3214 break;
3215
3216 case Q_ISIS_CSNP:
3217 b0 = gen_proto(ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT);
3218 b1 = gen_proto(ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT);
3219 gen_or(b0, b1);
3220 break;
3221
3222 case Q_ISIS_PSNP:
3223 b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT);
3224 b1 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT);
3225 gen_or(b0, b1);
3226 break;
3227
3228 case Q_CLNP:
3229 b1 = gen_proto(ISO8473_CLNP, Q_ISO, Q_DEFAULT);
3230 break;
3231
3232 case Q_STP:
3233 b1 = gen_linktype(LLCSAP_8021D);
3234 break;
3235
3236 case Q_IPX:
3237 b1 = gen_linktype(LLCSAP_IPX);
3238 break;
3239
3240 case Q_NETBEUI:
3241 b1 = gen_linktype(LLCSAP_NETBEUI);
3242 break;
3243
3244 default:
3245 abort();
3246 }
3247 return b1;
3248 }
3249
3250 static struct block *
3251 gen_ipfrag()
3252 {
3253 struct slist *s;
3254 struct block *b;
3255
3256 /* not ip frag */
3257 s = gen_load_a(OR_NET, 6, BPF_H);
3258 b = new_block(JMP(BPF_JSET));
3259 b->s.k = 0x1fff;
3260 b->stmts = s;
3261 gen_not(b);
3262
3263 return b;
3264 }
3265
3266 static struct block *
3267 gen_portatom(off, v)
3268 int off;
3269 bpf_int32 v;
3270 {
3271 return gen_cmp(OR_TRAN_IPV4, off, BPF_H, v);
3272 }
3273
3274 #ifdef INET6
3275 static struct block *
3276 gen_portatom6(off, v)
3277 int off;
3278 bpf_int32 v;
3279 {
3280 return gen_cmp(OR_TRAN_IPV6, off, BPF_H, v);
3281 }
3282 #endif/*INET6*/
3283
3284 struct block *
3285 gen_portop(port, proto, dir)
3286 int port, proto, dir;
3287 {
3288 struct block *b0, *b1, *tmp;
3289
3290 /* ip proto 'proto' */
3291 tmp = gen_cmp(OR_NET, 9, BPF_B, (bpf_int32)proto);
3292 b0 = gen_ipfrag();
3293 gen_and(tmp, b0);
3294
3295 switch (dir) {
3296 case Q_SRC:
3297 b1 = gen_portatom(0, (bpf_int32)port);
3298 break;
3299
3300 case Q_DST:
3301 b1 = gen_portatom(2, (bpf_int32)port);
3302 break;
3303
3304 case Q_OR:
3305 case Q_DEFAULT:
3306 tmp = gen_portatom(0, (bpf_int32)port);
3307 b1 = gen_portatom(2, (bpf_int32)port);
3308 gen_or(tmp, b1);
3309 break;
3310
3311 case Q_AND:
3312 tmp = gen_portatom(0, (bpf_int32)port);
3313 b1 = gen_portatom(2, (bpf_int32)port);
3314 gen_and(tmp, b1);
3315 break;
3316
3317 default:
3318 abort();
3319 }
3320 gen_and(b0, b1);
3321
3322 return b1;
3323 }
3324
3325 static struct block *
3326 gen_port(port, ip_proto, dir)
3327 int port;
3328 int ip_proto;
3329 int dir;
3330 {
3331 struct block *b0, *b1, *tmp;
3332
3333 /*
3334 * ether proto ip
3335 *
3336 * For FDDI, RFC 1188 says that SNAP encapsulation is used,
3337 * not LLC encapsulation with LLCSAP_IP.
3338 *
3339 * For IEEE 802 networks - which includes 802.5 token ring
3340 * (which is what DLT_IEEE802 means) and 802.11 - RFC 1042
3341 * says that SNAP encapsulation is used, not LLC encapsulation
3342 * with LLCSAP_IP.
3343 *
3344 * For LLC-encapsulated ATM/"Classical IP", RFC 1483 and
3345 * RFC 2225 say that SNAP encapsulation is used, not LLC
3346 * encapsulation with LLCSAP_IP.
3347 *
3348 * So we always check for ETHERTYPE_IP.
3349 */
3350 b0 = gen_linktype(ETHERTYPE_IP);
3351
3352 switch (ip_proto) {
3353 case IPPROTO_UDP:
3354 case IPPROTO_TCP:
3355 case IPPROTO_SCTP:
3356 b1 = gen_portop(port, ip_proto, dir);
3357 break;
3358
3359 case PROTO_UNDEF:
3360 tmp = gen_portop(port, IPPROTO_TCP, dir);
3361 b1 = gen_portop(port, IPPROTO_UDP, dir);
3362 gen_or(tmp, b1);
3363 tmp = gen_portop(port, IPPROTO_SCTP, dir);
3364 gen_or(tmp, b1);
3365 break;
3366
3367 default:
3368 abort();
3369 }
3370 gen_and(b0, b1);
3371 return b1;
3372 }
3373
3374 #ifdef INET6
3375 struct block *
3376 gen_portop6(port, proto, dir)
3377 int port, proto, dir;
3378 {
3379 struct block *b0, *b1, *tmp;
3380
3381 /* ip6 proto 'proto' */
3382 b0 = gen_cmp(OR_NET, 6, BPF_B, (bpf_int32)proto);
3383
3384 switch (dir) {
3385 case Q_SRC:
3386 b1 = gen_portatom6(0, (bpf_int32)port);
3387 break;
3388
3389 case Q_DST:
3390 b1 = gen_portatom6(2, (bpf_int32)port);
3391 break;
3392
3393 case Q_OR:
3394 case Q_DEFAULT:
3395 tmp = gen_portatom6(0, (bpf_int32)port);
3396 b1 = gen_portatom6(2, (bpf_int32)port);
3397 gen_or(tmp, b1);
3398 break;
3399
3400 case Q_AND:
3401 tmp = gen_portatom6(0, (bpf_int32)port);
3402 b1 = gen_portatom6(2, (bpf_int32)port);
3403 gen_and(tmp, b1);
3404 break;
3405
3406 default:
3407 abort();
3408 }
3409 gen_and(b0, b1);
3410
3411 return b1;
3412 }
3413
3414 static struct block *
3415 gen_port6(port, ip_proto, dir)
3416 int port;
3417 int ip_proto;
3418 int dir;
3419 {
3420 struct block *b0, *b1, *tmp;
3421
3422 /* link proto ip6 */
3423 b0 = gen_linktype(ETHERTYPE_IPV6);
3424
3425 switch (ip_proto) {
3426 case IPPROTO_UDP:
3427 case IPPROTO_TCP:
3428 case IPPROTO_SCTP:
3429 b1 = gen_portop6(port, ip_proto, dir);
3430 break;
3431
3432 case PROTO_UNDEF:
3433 tmp = gen_portop6(port, IPPROTO_TCP, dir);
3434 b1 = gen_portop6(port, IPPROTO_UDP, dir);
3435 gen_or(tmp, b1);
3436 tmp = gen_portop6(port, IPPROTO_SCTP, dir);
3437 gen_or(tmp, b1);
3438 break;
3439
3440 default:
3441 abort();
3442 }
3443 gen_and(b0, b1);
3444 return b1;
3445 }
3446 #endif /* INET6 */
3447
3448 /* gen_portrange code */
3449 static struct block *
3450 gen_portrangeatom(off, v1, v2)
3451 int off;
3452 bpf_int32 v1, v2;
3453 {
3454 struct block *b1, *b2;
3455
3456 if (v1 > v2) {
3457 /*
3458 * Reverse the order of the ports, so v1 is the lower one.
3459 */
3460 bpf_int32 vtemp;
3461
3462 vtemp = v1;
3463 v1 = v2;
3464 v2 = vtemp;
3465 }
3466
3467 b1 = gen_cmp_ge(OR_TRAN_IPV4, off, BPF_H, v1);
3468 b2 = gen_cmp_le(OR_TRAN_IPV4, off, BPF_H, v2);
3469
3470 gen_and(b1, b2);
3471
3472 return b2;
3473 }
3474
3475 struct block *
3476 gen_portrangeop(port1, port2, proto, dir)
3477 int port1, port2;
3478 int proto;
3479 int dir;
3480 {
3481 struct block *b0, *b1, *tmp;
3482
3483 /* ip proto 'proto' */
3484 tmp = gen_cmp(OR_NET, 9, BPF_B, (bpf_int32)proto);
3485 b0 = gen_ipfrag();
3486 gen_and(tmp, b0);
3487
3488 switch (dir) {
3489 case Q_SRC:
3490 b1 = gen_portrangeatom(0, (bpf_int32)port1, (bpf_int32)port2);
3491 break;
3492
3493 case Q_DST:
3494 b1 = gen_portrangeatom(2, (bpf_int32)port1, (bpf_int32)port2);
3495 break;
3496
3497 case Q_OR:
3498 case Q_DEFAULT:
3499 tmp = gen_portrangeatom(0, (bpf_int32)port1, (bpf_int32)port2);
3500 b1 = gen_portrangeatom(2, (bpf_int32)port1, (bpf_int32)port2);
3501 gen_or(tmp, b1);
3502 break;
3503
3504 case Q_AND:
3505 tmp = gen_portrangeatom(0, (bpf_int32)port1, (bpf_int32)port2);
3506 b1 = gen_portrangeatom(2, (bpf_int32)port1, (bpf_int32)port2);
3507 gen_and(tmp, b1);
3508 break;
3509
3510 default:
3511 abort();
3512 }
3513 gen_and(b0, b1);
3514
3515 return b1;
3516 }
3517
3518 static struct block *
3519 gen_portrange(port1, port2, ip_proto, dir)
3520 int port1, port2;
3521 int ip_proto;
3522 int dir;
3523 {
3524 struct block *b0, *b1, *tmp;
3525
3526 /* link proto ip */
3527 b0 = gen_linktype(ETHERTYPE_IP);
3528
3529 switch (ip_proto) {
3530 case IPPROTO_UDP:
3531 case IPPROTO_TCP:
3532 case IPPROTO_SCTP:
3533 b1 = gen_portrangeop(port1, port2, ip_proto, dir);
3534 break;
3535
3536 case PROTO_UNDEF:
3537 tmp = gen_portrangeop(port1, port2, IPPROTO_TCP, dir);
3538 b1 = gen_portrangeop(port1, port2, IPPROTO_UDP, dir);
3539 gen_or(tmp, b1);
3540 tmp = gen_portrangeop(port1, port2, IPPROTO_SCTP, dir);
3541 gen_or(tmp, b1);
3542 break;
3543
3544 default:
3545 abort();
3546 }
3547 gen_and(b0, b1);
3548 return b1;
3549 }
3550
3551 #ifdef INET6
3552 static struct block *
3553 gen_portrangeatom6(off, v1, v2)
3554 int off;
3555 bpf_int32 v1, v2;
3556 {
3557 struct block *b1, *b2;
3558
3559 if (v1 > v2) {
3560 /*
3561 * Reverse the order of the ports, so v1 is the lower one.
3562 */
3563 bpf_int32 vtemp;
3564
3565 vtemp = v1;
3566 v1 = v2;
3567 v2 = vtemp;
3568 }
3569
3570 b1 = gen_cmp_ge(OR_TRAN_IPV6, off, BPF_H, v1);
3571 b2 = gen_cmp_le(OR_TRAN_IPV6, off, BPF_H, v2);
3572
3573 gen_and(b1, b2);
3574
3575 return b2;
3576 }
3577
3578 struct block *
3579 gen_portrangeop6(port1, port2, proto, dir)
3580 int port1, port2;
3581 int proto;
3582 int dir;
3583 {
3584 struct block *b0, *b1, *tmp;
3585
3586 /* ip6 proto 'proto' */
3587 b0 = gen_cmp(OR_NET, 6, BPF_B, (bpf_int32)proto);
3588
3589 switch (dir) {
3590 case Q_SRC:
3591 b1 = gen_portrangeatom6(0, (bpf_int32)port1, (bpf_int32)port2);
3592 break;
3593
3594 case Q_DST:
3595 b1 = gen_portrangeatom6(2, (bpf_int32)port1, (bpf_int32)port2);
3596 break;
3597
3598 case Q_OR:
3599 case Q_DEFAULT:
3600 tmp = gen_portrangeatom6(0, (bpf_int32)port1, (bpf_int32)port2);
3601 b1 = gen_portrangeatom6(2, (bpf_int32)port1, (bpf_int32)port2);
3602 gen_or(tmp, b1);
3603 break;
3604
3605 case Q_AND:
3606 tmp = gen_portrangeatom6(0, (bpf_int32)port1, (bpf_int32)port2);
3607 b1 = gen_portrangeatom6(2, (bpf_int32)port1, (bpf_int32)port2);
3608 gen_and(tmp, b1);
3609 break;
3610
3611 default:
3612 abort();
3613 }
3614 gen_and(b0, b1);
3615
3616 return b1;
3617 }
3618
3619 static struct block *
3620 gen_portrange6(port1, port2, ip_proto, dir)
3621 int port1, port2;
3622 int ip_proto;
3623 int dir;
3624 {
3625 struct block *b0, *b1, *tmp;
3626
3627 /* link proto ip6 */
3628 b0 = gen_linktype(ETHERTYPE_IPV6);
3629
3630 switch (ip_proto) {
3631 case IPPROTO_UDP:
3632 case IPPROTO_TCP:
3633 case IPPROTO_SCTP:
3634 b1 = gen_portrangeop6(port1, port2, ip_proto, dir);
3635 break;
3636
3637 case PROTO_UNDEF:
3638 tmp = gen_portrangeop6(port1, port2, IPPROTO_TCP, dir);
3639 b1 = gen_portrangeop6(port1, port2, IPPROTO_UDP, dir);
3640 gen_or(tmp, b1);
3641 tmp = gen_portrangeop6(port1, port2, IPPROTO_SCTP, dir);
3642 gen_or(tmp, b1);
3643 break;
3644
3645 default:
3646 abort();
3647 }
3648 gen_and(b0, b1);
3649 return b1;
3650 }
3651 #endif /* INET6 */
3652
3653 static int
3654 lookup_proto(name, proto)
3655 register const char *name;
3656 register int proto;
3657 {
3658 register int v;
3659
3660 switch (proto) {
3661
3662 case Q_DEFAULT:
3663 case Q_IP:
3664 case Q_IPV6:
3665 v = pcap_nametoproto(name);
3666 if (v == PROTO_UNDEF)
3667 bpf_error("unknown ip proto '%s'", name);
3668 break;
3669
3670 case Q_LINK:
3671 /* XXX should look up h/w protocol type based on linktype */
3672 v = pcap_nametoeproto(name);
3673 if (v == PROTO_UNDEF) {
3674 v = pcap_nametollc(name);
3675 if (v == PROTO_UNDEF)
3676 bpf_error("unknown ether proto '%s'", name);
3677 }
3678 break;
3679
3680 case Q_ISO:
3681 if (strcmp(name, "esis") == 0)
3682 v = ISO9542_ESIS;
3683 else if (strcmp(name, "isis") == 0)
3684 v = ISO10589_ISIS;
3685 else if (strcmp(name, "clnp") == 0)
3686 v = ISO8473_CLNP;
3687 else
3688 bpf_error("unknown osi proto '%s'", name);
3689 break;
3690
3691 default:
3692 v = PROTO_UNDEF;
3693 break;
3694 }
3695 return v;
3696 }
3697
3698 #if 0
3699 struct stmt *
3700 gen_joinsp(s, n)
3701 struct stmt **s;
3702 int n;
3703 {
3704 return NULL;
3705 }
3706 #endif
3707
3708 static struct block *
3709 gen_protochain(v, proto, dir)
3710 int v;
3711 int proto;
3712 int dir;
3713 {
3714 #ifdef NO_PROTOCHAIN
3715 return gen_proto(v, proto, dir);
3716 #else
3717 struct block *b0, *b;
3718 struct slist *s[100];
3719 int fix2, fix3, fix4, fix5;
3720 int ahcheck, again, end;
3721 int i, max;
3722 int reg2 = alloc_reg();
3723
3724 memset(s, 0, sizeof(s));
3725 fix2 = fix3 = fix4 = fix5 = 0;
3726
3727 switch (proto) {
3728 case Q_IP:
3729 case Q_IPV6:
3730 break;
3731 case Q_DEFAULT:
3732 b0 = gen_protochain(v, Q_IP, dir);
3733 b = gen_protochain(v, Q_IPV6, dir);
3734 gen_or(b0, b);
3735 return b;
3736 default:
3737 bpf_error("bad protocol applied for 'protochain'");
3738 /*NOTREACHED*/
3739 }
3740
3741 no_optimize = 1; /*this code is not compatible with optimzer yet */
3742
3743 /*
3744 * s[0] is a dummy entry to protect other BPF insn from damage
3745 * by s[fix] = foo with uninitialized variable "fix". It is somewhat
3746 * hard to find interdependency made by jump table fixup.
3747 */
3748 i = 0;
3749 s[i] = new_stmt(0); /*dummy*/
3750 i++;
3751
3752 switch (proto) {
3753 case Q_IP:
3754 b0 = gen_linktype(ETHERTYPE_IP);
3755
3756 /* A = ip->ip_p */
3757 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
3758 s[i]->s.k = off_nl + 9;
3759 i++;
3760 /* X = ip->ip_hl << 2 */
3761 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
3762 s[i]->s.k = off_nl;
3763 i++;
3764 break;
3765 #ifdef INET6
3766 case Q_IPV6:
3767 b0 = gen_linktype(ETHERTYPE_IPV6);
3768
3769 /* A = ip6->ip_nxt */
3770 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
3771 s[i]->s.k = off_nl + 6;
3772 i++;
3773 /* X = sizeof(struct ip6_hdr) */
3774 s[i] = new_stmt(BPF_LDX|BPF_IMM);
3775 s[i]->s.k = 40;
3776 i++;
3777 break;
3778 #endif
3779 default:
3780 bpf_error("unsupported proto to gen_protochain");
3781 /*NOTREACHED*/
3782 }
3783
3784 /* again: if (A == v) goto end; else fall through; */
3785 again = i;
3786 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3787 s[i]->s.k = v;
3788 s[i]->s.jt = NULL; /*later*/
3789 s[i]->s.jf = NULL; /*update in next stmt*/
3790 fix5 = i;
3791 i++;
3792
3793 #ifndef IPPROTO_NONE
3794 #define IPPROTO_NONE 59
3795 #endif
3796 /* if (A == IPPROTO_NONE) goto end */
3797 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3798 s[i]->s.jt = NULL; /*later*/
3799 s[i]->s.jf = NULL; /*update in next stmt*/
3800 s[i]->s.k = IPPROTO_NONE;
3801 s[fix5]->s.jf = s[i];
3802 fix2 = i;
3803 i++;
3804
3805 #ifdef INET6
3806 if (proto == Q_IPV6) {
3807 int v6start, v6end, v6advance, j;
3808
3809 v6start = i;
3810 /* if (A == IPPROTO_HOPOPTS) goto v6advance */
3811 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3812 s[i]->s.jt = NULL; /*later*/
3813 s[i]->s.jf = NULL; /*update in next stmt*/
3814 s[i]->s.k = IPPROTO_HOPOPTS;
3815 s[fix2]->s.jf = s[i];
3816 i++;
3817 /* if (A == IPPROTO_DSTOPTS) goto v6advance */
3818 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3819 s[i]->s.jt = NULL; /*later*/
3820 s[i]->s.jf = NULL; /*update in next stmt*/
3821 s[i]->s.k = IPPROTO_DSTOPTS;
3822 i++;
3823 /* if (A == IPPROTO_ROUTING) goto v6advance */
3824 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3825 s[i]->s.jt = NULL; /*later*/
3826 s[i]->s.jf = NULL; /*update in next stmt*/
3827 s[i]->s.k = IPPROTO_ROUTING;
3828 i++;
3829 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */
3830 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3831 s[i]->s.jt = NULL; /*later*/
3832 s[i]->s.jf = NULL; /*later*/
3833 s[i]->s.k = IPPROTO_FRAGMENT;
3834 fix3 = i;
3835 v6end = i;
3836 i++;
3837
3838 /* v6advance: */
3839 v6advance = i;
3840
3841 /*
3842 * in short,
3843 * A = P[X];
3844 * X = X + (P[X + 1] + 1) * 8;
3845 */
3846 /* A = X */
3847 s[i] = new_stmt(BPF_MISC|BPF_TXA);
3848 i++;
3849 /* A = P[X + packet head] */
3850 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
3851 s[i]->s.k = off_nl;
3852 i++;
3853 /* MEM[reg2] = A */
3854 s[i] = new_stmt(BPF_ST);
3855 s[i]->s.k = reg2;
3856 i++;
3857 /* A = X */
3858 s[i] = new_stmt(BPF_MISC|BPF_TXA);
3859 i++;
3860 /* A += 1 */
3861 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3862 s[i]->s.k = 1;
3863 i++;
3864 /* X = A */
3865 s[i] = new_stmt(BPF_MISC|BPF_TAX);
3866 i++;
3867 /* A = P[X + packet head]; */
3868 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
3869 s[i]->s.k = off_nl;
3870 i++;
3871 /* A += 1 */
3872 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3873 s[i]->s.k = 1;
3874 i++;
3875 /* A *= 8 */
3876 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
3877 s[i]->s.k = 8;
3878 i++;
3879 /* X = A; */
3880 s[i] = new_stmt(BPF_MISC|BPF_TAX);
3881 i++;
3882 /* A = MEM[reg2] */
3883 s[i] = new_stmt(BPF_LD|BPF_MEM);
3884 s[i]->s.k = reg2;
3885 i++;
3886
3887 /* goto again; (must use BPF_JA for backward jump) */
3888 s[i] = new_stmt(BPF_JMP|BPF_JA);
3889 s[i]->s.k = again - i - 1;
3890 s[i - 1]->s.jf = s[i];
3891 i++;
3892
3893 /* fixup */
3894 for (j = v6start; j <= v6end; j++)
3895 s[j]->s.jt = s[v6advance];
3896 } else
3897 #endif
3898 {
3899 /* nop */
3900 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3901 s[i]->s.k = 0;
3902 s[fix2]->s.jf = s[i];
3903 i++;
3904 }
3905
3906 /* ahcheck: */
3907 ahcheck = i;
3908 /* if (A == IPPROTO_AH) then fall through; else goto end; */
3909 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3910 s[i]->s.jt = NULL; /*later*/
3911 s[i]->s.jf = NULL; /*later*/
3912 s[i]->s.k = IPPROTO_AH;
3913 if (fix3)
3914 s[fix3]->s.jf = s[ahcheck];
3915 fix4 = i;
3916 i++;
3917
3918 /*
3919 * in short,
3920 * A = P[X];
3921 * X = X + (P[X + 1] + 2) * 4;
3922 */
3923 /* A = X */
3924 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
3925 i++;
3926 /* A = P[X + packet head]; */
3927 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
3928 s[i]->s.k = off_nl;
3929 i++;
3930 /* MEM[reg2] = A */
3931 s[i] = new_stmt(BPF_ST);
3932 s[i]->s.k = reg2;
3933 i++;
3934 /* A = X */
3935 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
3936 i++;
3937 /* A += 1 */
3938 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3939 s[i]->s.k = 1;
3940 i++;
3941 /* X = A */
3942 s[i] = new_stmt(BPF_MISC|BPF_TAX);
3943 i++;
3944 /* A = P[X + packet head] */
3945 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
3946 s[i]->s.k = off_nl;
3947 i++;
3948 /* A += 2 */
3949 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3950 s[i]->s.k = 2;
3951 i++;
3952 /* A *= 4 */
3953 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
3954 s[i]->s.k = 4;
3955 i++;
3956 /* X = A; */
3957 s[i] = new_stmt(BPF_MISC|BPF_TAX);
3958 i++;
3959 /* A = MEM[reg2] */
3960 s[i] = new_stmt(BPF_LD|BPF_MEM);
3961 s[i]->s.k = reg2;
3962 i++;
3963
3964 /* goto again; (must use BPF_JA for backward jump) */
3965 s[i] = new_stmt(BPF_JMP|BPF_JA);
3966 s[i]->s.k = again - i - 1;
3967 i++;
3968
3969 /* end: nop */
3970 end = i;
3971 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3972 s[i]->s.k = 0;
3973 s[fix2]->s.jt = s[end];
3974 s[fix4]->s.jf = s[end];
3975 s[fix5]->s.jt = s[end];
3976 i++;
3977
3978 /*
3979 * make slist chain
3980 */
3981 max = i;
3982 for (i = 0; i < max - 1; i++)
3983 s[i]->next = s[i + 1];
3984 s[max - 1]->next = NULL;
3985
3986 /*
3987 * emit final check
3988 */
3989 b = new_block(JMP(BPF_JEQ));
3990 b->stmts = s[1]; /*remember, s[0] is dummy*/
3991 b->s.k = v;
3992
3993 free_reg(reg2);
3994
3995 gen_and(b0, b);
3996 return b;
3997 #endif
3998 }
3999
4000 /*
4001 * Generate code that checks whether the packet is a packet for protocol
4002 * <proto> and whether the type field in that protocol's header has
4003 * the value <v>, e.g. if <proto> is Q_IP, it checks whether it's an
4004 * IP packet and checks the protocol number in the IP header against <v>.
4005 *
4006 * If <proto> is Q_DEFAULT, i.e. just "proto" was specified, it checks
4007 * against Q_IP and Q_IPV6.
4008 */
4009 static struct block *
4010 gen_proto(v, proto, dir)
4011 int v;
4012 int proto;
4013 int dir;
4014 {
4015 struct block *b0, *b1;
4016
4017 if (dir != Q_DEFAULT)
4018 bpf_error("direction applied to 'proto'");
4019
4020 switch (proto) {
4021 case Q_DEFAULT:
4022 #ifdef INET6
4023 b0 = gen_proto(v, Q_IP, dir);
4024 b1 = gen_proto(v, Q_IPV6, dir);
4025 gen_or(b0, b1);
4026 return b1;
4027 #else
4028 /*FALLTHROUGH*/
4029 #endif
4030 case Q_IP:
4031 /*
4032 * For FDDI, RFC 1188 says that SNAP encapsulation is used,
4033 * not LLC encapsulation with LLCSAP_IP.
4034 *
4035 * For IEEE 802 networks - which includes 802.5 token ring
4036 * (which is what DLT_IEEE802 means) and 802.11 - RFC 1042
4037 * says that SNAP encapsulation is used, not LLC encapsulation
4038 * with LLCSAP_IP.
4039 *
4040 * For LLC-encapsulated ATM/"Classical IP", RFC 1483 and
4041 * RFC 2225 say that SNAP encapsulation is used, not LLC
4042 * encapsulation with LLCSAP_IP.
4043 *
4044 * So we always check for ETHERTYPE_IP.
4045 */
4046 b0 = gen_linktype(ETHERTYPE_IP);
4047 #ifndef CHASE_CHAIN
4048 b1 = gen_cmp(OR_NET, 9, BPF_B, (bpf_int32)v);
4049 #else
4050 b1 = gen_protochain(v, Q_IP);
4051 #endif
4052 gen_and(b0, b1);
4053 return b1;
4054
4055 case Q_ISO:
4056 switch (linktype) {
4057
4058 case DLT_FRELAY:
4059 /*
4060 * Frame Relay packets typically have an OSI
4061 * NLPID at the beginning; "gen_linktype(LLCSAP_ISONS)"
4062 * generates code to check for all the OSI
4063 * NLPIDs, so calling it and then adding a check
4064 * for the particular NLPID for which we're
4065 * looking is bogus, as we can just check for
4066 * the NLPID.
4067 *
4068 * What we check for is the NLPID and a frame
4069 * control field value of UI, i.e. 0x03 followed
4070 * by the NLPID.
4071 *
4072 * XXX - assumes a 2-byte Frame Relay header with
4073 * DLCI and flags. What if the address is longer?
4074 *
4075 * XXX - what about SNAP-encapsulated frames?
4076 */
4077 return gen_cmp(OR_LINK, 2, BPF_H, (0x03<<8) | v);
4078 /*NOTREACHED*/
4079 break;
4080
4081 case DLT_C_HDLC:
4082 /*
4083 * Cisco uses an Ethertype lookalike - for OSI,
4084 * it's 0xfefe.
4085 */
4086 b0 = gen_linktype(LLCSAP_ISONS<<8 | LLCSAP_ISONS);
4087 /* OSI in C-HDLC is stuffed with a fudge byte */
4088 b1 = gen_cmp(OR_NET_NOSNAP, 1, BPF_B, (long)v);
4089 gen_and(b0, b1);
4090 return b1;
4091
4092 default:
4093 b0 = gen_linktype(LLCSAP_ISONS);
4094 b1 = gen_cmp(OR_NET_NOSNAP, 0, BPF_B, (long)v);
4095 gen_and(b0, b1);
4096 return b1;
4097 }
4098
4099 case Q_ISIS:
4100 b0 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT);
4101 /*
4102 * 4 is the offset of the PDU type relative to the IS-IS
4103 * header.
4104 */
4105 b1 = gen_cmp(OR_NET_NOSNAP, 4, BPF_B, (long)v);
4106 gen_and(b0, b1);
4107 return b1;
4108
4109 case Q_ARP:
4110 bpf_error("arp does not encapsulate another protocol");
4111 /* NOTREACHED */
4112
4113 case Q_RARP:
4114 bpf_error("rarp does not encapsulate another protocol");
4115 /* NOTREACHED */
4116
4117 case Q_ATALK:
4118 bpf_error("atalk encapsulation is not specifiable");
4119 /* NOTREACHED */
4120
4121 case Q_DECNET:
4122 bpf_error("decnet encapsulation is not specifiable");
4123 /* NOTREACHED */
4124
4125 case Q_SCA:
4126 bpf_error("sca does not encapsulate another protocol");
4127 /* NOTREACHED */
4128
4129 case Q_LAT:
4130 bpf_error("lat does not encapsulate another protocol");
4131 /* NOTREACHED */
4132
4133 case Q_MOPRC:
4134 bpf_error("moprc does not encapsulate another protocol");
4135 /* NOTREACHED */
4136
4137 case Q_MOPDL:
4138 bpf_error("mopdl does not encapsulate another protocol");
4139 /* NOTREACHED */
4140
4141 case Q_LINK:
4142 return gen_linktype(v);
4143
4144 case Q_UDP:
4145 bpf_error("'udp proto' is bogus");
4146 /* NOTREACHED */
4147
4148 case Q_TCP:
4149 bpf_error("'tcp proto' is bogus");
4150 /* NOTREACHED */
4151
4152 case Q_SCTP:
4153 bpf_error("'sctp proto' is bogus");
4154 /* NOTREACHED */
4155
4156 case Q_ICMP:
4157 bpf_error("'icmp proto' is bogus");
4158 /* NOTREACHED */
4159
4160 case Q_IGMP:
4161 bpf_error("'igmp proto' is bogus");
4162 /* NOTREACHED */
4163
4164 case Q_IGRP:
4165 bpf_error("'igrp proto' is bogus");
4166 /* NOTREACHED */
4167
4168 case Q_PIM:
4169 bpf_error("'pim proto' is bogus");
4170 /* NOTREACHED */
4171
4172 case Q_VRRP:
4173 bpf_error("'vrrp proto' is bogus");
4174 /* NOTREACHED */
4175
4176 #ifdef INET6
4177 case Q_IPV6:
4178 b0 = gen_linktype(ETHERTYPE_IPV6);
4179 #ifndef CHASE_CHAIN
4180 b1 = gen_cmp(OR_NET, 6, BPF_B, (bpf_int32)v);
4181 #else
4182 b1 = gen_protochain(v, Q_IPV6);
4183 #endif
4184 gen_and(b0, b1);
4185 return b1;
4186
4187 case Q_ICMPV6:
4188 bpf_error("'icmp6 proto' is bogus");
4189 #endif /* INET6 */
4190
4191 case Q_AH:
4192 bpf_error("'ah proto' is bogus");
4193
4194 case Q_ESP:
4195 bpf_error("'ah proto' is bogus");
4196
4197 case Q_STP:
4198 bpf_error("'stp proto' is bogus");
4199
4200 case Q_IPX:
4201 bpf_error("'ipx proto' is bogus");
4202
4203 case Q_NETBEUI:
4204 bpf_error("'netbeui proto' is bogus");
4205
4206 default:
4207 abort();
4208 /* NOTREACHED */
4209 }
4210 /* NOTREACHED */
4211 }
4212
4213 struct block *
4214 gen_scode(name, q)
4215 register const char *name;
4216 struct qual q;
4217 {
4218 int proto = q.proto;
4219 int dir = q.dir;
4220 int tproto;
4221 u_char *eaddr;
4222 bpf_u_int32 mask, addr;
4223 #ifndef INET6
4224 bpf_u_int32 **alist;
4225 #else
4226 int tproto6;
4227 struct sockaddr_in *sin;
4228 struct sockaddr_in6 *sin6;
4229 struct addrinfo *res, *res0;
4230 struct in6_addr mask128;
4231 #endif /*INET6*/
4232 struct block *b, *tmp;
4233 int port, real_proto;
4234 int port1, port2;
4235
4236 switch (q.addr) {
4237
4238 case Q_NET:
4239 addr = pcap_nametonetaddr(name);
4240 if (addr == 0)
4241 bpf_error("unknown network '%s'", name);
4242 /* Left justify network addr and calculate its network mask */
4243 mask = 0xffffffff;
4244 while (addr && (addr & 0xff000000) == 0) {
4245 addr <<= 8;
4246 mask <<= 8;
4247 }
4248 return gen_host(addr, mask, proto, dir);
4249
4250 case Q_DEFAULT:
4251 case Q_HOST:
4252 if (proto == Q_LINK) {
4253 switch (linktype) {
4254
4255 case DLT_EN10MB:
4256 eaddr = pcap_ether_hostton(name);
4257 if (eaddr == NULL)
4258 bpf_error(
4259 "unknown ether host '%s'", name);
4260 b = gen_ehostop(eaddr, dir);
4261 free(eaddr);
4262 return b;
4263
4264 case DLT_FDDI:
4265 eaddr = pcap_ether_hostton(name);
4266 if (eaddr == NULL)
4267 bpf_error(
4268 "unknown FDDI host '%s'", name);
4269 b = gen_fhostop(eaddr, dir);
4270 free(eaddr);
4271 return b;
4272
4273 case DLT_IEEE802:
4274 eaddr = pcap_ether_hostton(name);
4275 if (eaddr == NULL)
4276 bpf_error(
4277 "unknown token ring host '%s'", name);
4278 b = gen_thostop(eaddr, dir);
4279 free(eaddr);
4280 return b;
4281
4282 case DLT_IEEE802_11:
4283 eaddr = pcap_ether_hostton(name);
4284 if (eaddr == NULL)
4285 bpf_error(
4286 "unknown 802.11 host '%s'", name);
4287 b = gen_wlanhostop(eaddr, dir);
4288 free(eaddr);
4289 return b;
4290
4291 case DLT_IP_OVER_FC:
4292 eaddr = pcap_ether_hostton(name);
4293 if (eaddr == NULL)
4294 bpf_error(
4295 "unknown Fibre Channel host '%s'", name);
4296 b = gen_ipfchostop(eaddr, dir);
4297 free(eaddr);
4298 return b;
4299
4300 case DLT_SUNATM:
4301 if (!is_lane)
4302 break;
4303
4304 /*
4305 * Check that the packet doesn't begin
4306 * with an LE Control marker. (We've
4307 * already generated a test for LANE.)
4308 */
4309 tmp = gen_cmp(OR_LINK, SUNATM_PKT_BEGIN_POS,
4310 BPF_H, 0xFF00);
4311 gen_not(tmp);
4312
4313 eaddr = pcap_ether_hostton(name);
4314 if (eaddr == NULL)
4315 bpf_error(
4316 "unknown ether host '%s'", name);
4317 b = gen_ehostop(eaddr, dir);
4318 gen_and(tmp, b);
4319 free(eaddr);
4320 return b;
4321 }
4322
4323 bpf_error("only ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel supports link-level host name");
4324 } else if (proto == Q_DECNET) {
4325 unsigned short dn_addr = __pcap_nametodnaddr(name);
4326 /*
4327 * I don't think DECNET hosts can be multihomed, so
4328 * there is no need to build up a list of addresses
4329 */
4330 return (gen_host(dn_addr, 0, proto, dir));
4331 } else {
4332 #ifndef INET6
4333 alist = pcap_nametoaddr(name);
4334 if (alist == NULL || *alist == NULL)
4335 bpf_error("unknown host '%s'", name);
4336 tproto = proto;
4337 if (off_linktype == (u_int)-1 && tproto == Q_DEFAULT)
4338 tproto = Q_IP;
4339 b = gen_host(**alist++, 0xffffffff, tproto, dir);
4340 while (*alist) {
4341 tmp = gen_host(**alist++, 0xffffffff,
4342 tproto, dir);
4343 gen_or(b, tmp);
4344 b = tmp;
4345 }
4346 return b;
4347 #else
4348 memset(&mask128, 0xff, sizeof(mask128));
4349 res0 = res = pcap_nametoaddrinfo(name);
4350 if (res == NULL)
4351 bpf_error("unknown host '%s'", name);
4352 b = tmp = NULL;
4353 tproto = tproto6 = proto;
4354 if (off_linktype == -1 && tproto == Q_DEFAULT) {
4355 tproto = Q_IP;
4356 tproto6 = Q_IPV6;
4357 }
4358 for (res = res0; res; res = res->ai_next) {
4359 switch (res->ai_family) {
4360 case AF_INET:
4361 if (tproto == Q_IPV6)
4362 continue;
4363
4364 sin = (struct sockaddr_in *)
4365 res->ai_addr;
4366 tmp = gen_host(ntohl(sin->sin_addr.s_addr),
4367 0xffffffff, tproto, dir);
4368 break;
4369 case AF_INET6:
4370 if (tproto6 == Q_IP)
4371 continue;
4372
4373 sin6 = (struct sockaddr_in6 *)
4374 res->ai_addr;
4375 tmp = gen_host6(&sin6->sin6_addr,
4376 &mask128, tproto6, dir);
4377 break;
4378 default:
4379 continue;
4380 }
4381 if (b)
4382 gen_or(b, tmp);
4383 b = tmp;
4384 }
4385 freeaddrinfo(res0);
4386 if (b == NULL) {
4387 bpf_error("unknown host '%s'%s", name,
4388 (proto == Q_DEFAULT)
4389 ? ""
4390 : " for specified address family");
4391 }
4392 return b;
4393 #endif /*INET6*/
4394 }
4395
4396 case Q_PORT:
4397 if (proto != Q_DEFAULT &&
4398 proto != Q_UDP && proto != Q_TCP && proto != Q_SCTP)
4399 bpf_error("illegal qualifier of 'port'");
4400 if (pcap_nametoport(name, &port, &real_proto) == 0)
4401 bpf_error("unknown port '%s'", name);
4402 if (proto == Q_UDP) {
4403 if (real_proto == IPPROTO_TCP)
4404 bpf_error("port '%s' is tcp", name);
4405 else if (real_proto == IPPROTO_SCTP)
4406 bpf_error("port '%s' is sctp", name);
4407 else
4408 /* override PROTO_UNDEF */
4409 real_proto = IPPROTO_UDP;
4410 }
4411 if (proto == Q_TCP) {
4412 if (real_proto == IPPROTO_UDP)
4413 bpf_error("port '%s' is udp", name);
4414
4415 else if (real_proto == IPPROTO_SCTP)
4416 bpf_error("port '%s' is sctp", name);
4417 else
4418 /* override PROTO_UNDEF */
4419 real_proto = IPPROTO_TCP;
4420 }
4421 if (proto == Q_SCTP) {
4422 if (real_proto == IPPROTO_UDP)
4423 bpf_error("port '%s' is udp", name);
4424
4425 else if (real_proto == IPPROTO_TCP)
4426 bpf_error("port '%s' is tcp", name);
4427 else
4428 /* override PROTO_UNDEF */
4429 real_proto = IPPROTO_SCTP;
4430 }
4431 #ifndef INET6
4432 return gen_port(port, real_proto, dir);
4433 #else
4434 {
4435 struct block *b;
4436 b = gen_port(port, real_proto, dir);
4437 gen_or(gen_port6(port, real_proto, dir), b);
4438 return b;
4439 }
4440 #endif /* INET6 */
4441
4442 case Q_PORTRANGE:
4443 if (proto != Q_DEFAULT &&
4444 proto != Q_UDP && proto != Q_TCP && proto != Q_SCTP)
4445 bpf_error("illegal qualifier of 'portrange'");
4446 if (pcap_nametoportrange(name, &port1, &port2, &real_proto) == 0)
4447 bpf_error("unknown port in range '%s'", name);
4448 if (proto == Q_UDP) {
4449 if (real_proto == IPPROTO_TCP)
4450 bpf_error("port in range '%s' is tcp", name);
4451 else if (real_proto == IPPROTO_SCTP)
4452 bpf_error("port in range '%s' is sctp", name);
4453 else
4454 /* override PROTO_UNDEF */
4455 real_proto = IPPROTO_UDP;
4456 }
4457 if (proto == Q_TCP) {
4458 if (real_proto == IPPROTO_UDP)
4459 bpf_error("port in range '%s' is udp", name);
4460 else if (real_proto == IPPROTO_SCTP)
4461 bpf_error("port in range '%s' is sctp", name);
4462 else
4463 /* override PROTO_UNDEF */
4464 real_proto = IPPROTO_TCP;
4465 }
4466 if (proto == Q_SCTP) {
4467 if (real_proto == IPPROTO_UDP)
4468 bpf_error("port in range '%s' is udp", name);
4469 else if (real_proto == IPPROTO_TCP)
4470 bpf_error("port in range '%s' is tcp", name);
4471 else
4472 /* override PROTO_UNDEF */
4473 real_proto = IPPROTO_SCTP;
4474 }
4475 #ifndef INET6
4476 return gen_portrange(port1, port2, real_proto, dir);
4477 #else
4478 {
4479 struct block *b;
4480 b = gen_portrange(port1, port2, real_proto, dir);
4481 gen_or(gen_portrange6(port1, port2, real_proto, dir), b);
4482 return b;
4483 }
4484 #endif /* INET6 */
4485
4486 case Q_GATEWAY:
4487 #ifndef INET6
4488 eaddr = pcap_ether_hostton(name);
4489 if (eaddr == NULL)
4490 bpf_error("unknown ether host: %s", name);
4491
4492 alist = pcap_nametoaddr(name);
4493 if (alist == NULL || *alist == NULL)
4494 bpf_error("unknown host '%s'", name);
4495 b = gen_gateway(eaddr, alist, proto, dir);
4496 free(eaddr);
4497 return b;
4498 #else
4499 bpf_error("'gateway' not supported in this configuration");
4500 #endif /*INET6*/
4501
4502 case Q_PROTO:
4503 real_proto = lookup_proto(name, proto);
4504 if (real_proto >= 0)
4505 return gen_proto(real_proto, proto, dir);
4506 else
4507 bpf_error("unknown protocol: %s", name);
4508
4509 case Q_PROTOCHAIN:
4510 real_proto = lookup_proto(name, proto);
4511 if (real_proto >= 0)
4512 return gen_protochain(real_proto, proto, dir);
4513 else
4514 bpf_error("unknown protocol: %s", name);
4515
4516
4517 case Q_UNDEF:
4518 syntax();
4519 /* NOTREACHED */
4520 }
4521 abort();
4522 /* NOTREACHED */
4523 }
4524
4525 struct block *
4526 gen_mcode(s1, s2, masklen, q)
4527 register const char *s1, *s2;
4528 register int masklen;
4529 struct qual q;
4530 {
4531 register int nlen, mlen;
4532 bpf_u_int32 n, m;
4533
4534 nlen = __pcap_atoin(s1, &n);
4535 /* Promote short ipaddr */
4536 n <<= 32 - nlen;
4537
4538 if (s2 != NULL) {
4539 mlen = __pcap_atoin(s2, &m);
4540 /* Promote short ipaddr */
4541 m <<= 32 - mlen;
4542 if ((n & ~m) != 0)
4543 bpf_error("non-network bits set in \"%s mask %s\"",
4544 s1, s2);
4545 } else {
4546 /* Convert mask len to mask */
4547 if (masklen > 32)
4548 bpf_error("mask length must be <= 32");
4549 m = 0xffffffff << (32 - masklen);
4550 if ((n & ~m) != 0)
4551 bpf_error("non-network bits set in \"%s/%d\"",
4552 s1, masklen);
4553 }
4554
4555 switch (q.addr) {
4556
4557 case Q_NET:
4558 return gen_host(n, m, q.proto, q.dir);
4559
4560 default:
4561 bpf_error("Mask syntax for networks only");
4562 /* NOTREACHED */
4563 }
4564 /* NOTREACHED */
4565 }
4566
4567 struct block *
4568 gen_ncode(s, v, q)
4569 register const char *s;
4570 bpf_u_int32 v;
4571 struct qual q;
4572 {
4573 bpf_u_int32 mask;
4574 int proto = q.proto;
4575 int dir = q.dir;
4576 register int vlen;
4577
4578 if (s == NULL)
4579 vlen = 32;
4580 else if (q.proto == Q_DECNET)
4581 vlen = __pcap_atodn(s, &v);
4582 else
4583 vlen = __pcap_atoin(s, &v);
4584
4585 switch (q.addr) {
4586
4587 case Q_DEFAULT:
4588 case Q_HOST:
4589 case Q_NET:
4590 if (proto == Q_DECNET)
4591 return gen_host(v, 0, proto, dir);
4592 else if (proto == Q_LINK) {
4593 bpf_error("illegal link layer address");
4594 } else {
4595 mask = 0xffffffff;
4596 if (s == NULL && q.addr == Q_NET) {
4597 /* Promote short net number */
4598 while (v && (v & 0xff000000) == 0) {
4599 v <<= 8;
4600 mask <<= 8;
4601 }
4602 } else {
4603 /* Promote short ipaddr */
4604 v <<= 32 - vlen;
4605 mask <<= 32 - vlen;
4606 }
4607 return gen_host(v, mask, proto, dir);
4608 }
4609
4610 case Q_PORT:
4611 if (proto == Q_UDP)
4612 proto = IPPROTO_UDP;
4613 else if (proto == Q_TCP)
4614 proto = IPPROTO_TCP;
4615 else if (proto == Q_SCTP)
4616 proto = IPPROTO_SCTP;
4617 else if (proto == Q_DEFAULT)
4618 proto = PROTO_UNDEF;
4619 else
4620 bpf_error("illegal qualifier of 'port'");
4621
4622 #ifndef INET6
4623 return gen_port((int)v, proto, dir);
4624 #else
4625 {
4626 struct block *b;
4627 b = gen_port((int)v, proto, dir);
4628 gen_or(gen_port6((int)v, proto, dir), b);
4629 return b;
4630 }
4631 #endif /* INET6 */
4632
4633 case Q_PORTRANGE:
4634 if (proto == Q_UDP)
4635 proto = IPPROTO_UDP;
4636 else if (proto == Q_TCP)
4637 proto = IPPROTO_TCP;
4638 else if (proto == Q_SCTP)
4639 proto = IPPROTO_SCTP;
4640 else if (proto == Q_DEFAULT)
4641 proto = PROTO_UNDEF;
4642 else
4643 bpf_error("illegal qualifier of 'portrange'");
4644
4645 #ifndef INET6
4646 return gen_portrange((int)v, (int)v, proto, dir);
4647 #else
4648 {
4649 struct block *b;
4650 b = gen_portrange((int)v, (int)v, proto, dir);
4651 gen_or(gen_portrange6((int)v, (int)v, proto, dir), b);
4652 return b;
4653 }
4654 #endif /* INET6 */
4655
4656 case Q_GATEWAY:
4657 bpf_error("'gateway' requires a name");
4658 /* NOTREACHED */
4659
4660 case Q_PROTO:
4661 return gen_proto((int)v, proto, dir);
4662
4663 case Q_PROTOCHAIN:
4664 return gen_protochain((int)v, proto, dir);
4665
4666 case Q_UNDEF:
4667 syntax();
4668 /* NOTREACHED */
4669
4670 default:
4671 abort();
4672 /* NOTREACHED */
4673 }
4674 /* NOTREACHED */
4675 }
4676
4677 #ifdef INET6
4678 struct block *
4679 gen_mcode6(s1, s2, masklen, q)
4680 register const char *s1, *s2;
4681 register int masklen;
4682 struct qual q;
4683 {
4684 struct addrinfo *res;
4685 struct in6_addr *addr;
4686 struct in6_addr mask;
4687 struct block *b;
4688 u_int32_t *a, *m;
4689
4690 if (s2)
4691 bpf_error("no mask %s supported", s2);
4692
4693 res = pcap_nametoaddrinfo(s1);
4694 if (!res)
4695 bpf_error("invalid ip6 address %s", s1);
4696 if (res->ai_next)
4697 bpf_error("%s resolved to multiple address", s1);
4698 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr;
4699
4700 if (sizeof(mask) * 8 < masklen)
4701 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8));
4702 memset(&mask, 0, sizeof(mask));
4703 memset(&mask, 0xff, masklen / 8);
4704 if (masklen % 8) {
4705 mask.s6_addr[masklen / 8] =
4706 (0xff << (8 - masklen % 8)) & 0xff;
4707 }
4708
4709 a = (u_int32_t *)addr;
4710 m = (u_int32_t *)&mask;
4711 if ((a[0] & ~m[0]) || (a[1] & ~m[1])
4712 || (a[2] & ~m[2]) || (a[3] & ~m[3])) {
4713 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen);
4714 }
4715
4716 switch (q.addr) {
4717
4718 case Q_DEFAULT:
4719 case Q_HOST:
4720 if (masklen != 128)
4721 bpf_error("Mask syntax for networks only");
4722 /* FALLTHROUGH */
4723
4724 case Q_NET:
4725 b = gen_host6(addr, &mask, q.proto, q.dir);
4726 freeaddrinfo(res);
4727 return b;
4728
4729 default:
4730 bpf_error("invalid qualifier against IPv6 address");
4731 /* NOTREACHED */
4732 }
4733 }
4734 #endif /*INET6*/
4735
4736 struct block *
4737 gen_ecode(eaddr, q)
4738 register const u_char *eaddr;
4739 struct qual q;
4740 {
4741 struct block *b, *tmp;
4742
4743 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
4744 if (linktype == DLT_EN10MB)
4745 return gen_ehostop(eaddr, (int)q.dir);
4746 if (linktype == DLT_FDDI)
4747 return gen_fhostop(eaddr, (int)q.dir);
4748 if (linktype == DLT_IEEE802)
4749 return gen_thostop(eaddr, (int)q.dir);
4750 if (linktype == DLT_IEEE802_11)
4751 return gen_wlanhostop(eaddr, (int)q.dir);
4752 if (linktype == DLT_SUNATM && is_lane) {
4753 /*
4754 * Check that the packet doesn't begin with an
4755 * LE Control marker. (We've already generated
4756 * a test for LANE.)
4757 */
4758 tmp = gen_cmp(OR_LINK, SUNATM_PKT_BEGIN_POS, BPF_H,
4759 0xFF00);
4760 gen_not(tmp);
4761
4762 /*
4763 * Now check the MAC address.
4764 */
4765 b = gen_ehostop(eaddr, (int)q.dir);
4766 gen_and(tmp, b);
4767 return b;
4768 }
4769 if (linktype == DLT_IP_OVER_FC)
4770 return gen_ipfchostop(eaddr, (int)q.dir);
4771 bpf_error("ethernet addresses supported only on ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel");
4772 }
4773 bpf_error("ethernet address used in non-ether expression");
4774 /* NOTREACHED */
4775 }
4776
4777 void
4778 sappend(s0, s1)
4779 struct slist *s0, *s1;
4780 {
4781 /*
4782 * This is definitely not the best way to do this, but the
4783 * lists will rarely get long.
4784 */
4785 while (s0->next)
4786 s0 = s0->next;
4787 s0->next = s1;
4788 }
4789
4790 static struct slist *
4791 xfer_to_x(a)
4792 struct arth *a;
4793 {
4794 struct slist *s;
4795
4796 s = new_stmt(BPF_LDX|BPF_MEM);
4797 s->s.k = a->regno;
4798 return s;
4799 }
4800
4801 static struct slist *
4802 xfer_to_a(a)
4803 struct arth *a;
4804 {
4805 struct slist *s;
4806
4807 s = new_stmt(BPF_LD|BPF_MEM);
4808 s->s.k = a->regno;
4809 return s;
4810 }
4811
4812 struct arth *
4813 gen_load(proto, index, size)
4814 int proto;
4815 struct arth *index;
4816 int size;
4817 {
4818 struct slist *s, *tmp;
4819 struct block *b;
4820 int regno = alloc_reg();
4821
4822 free_reg(index->regno);
4823 switch (size) {
4824
4825 default:
4826 bpf_error("data size must be 1, 2, or 4");
4827
4828 case 1:
4829 size = BPF_B;
4830 break;
4831
4832 case 2:
4833 size = BPF_H;
4834 break;
4835
4836 case 4:
4837 size = BPF_W;
4838 break;
4839 }
4840 switch (proto) {
4841 default:
4842 bpf_error("unsupported index operation");
4843
4844 case Q_LINK:
4845 /*
4846 * XXX - what about ATM LANE? Should the index be
4847 * relative to the beginning of the AAL5 frame, so
4848 * that 0 refers to the beginning of the LE Control
4849 * field, or relative to the beginning of the LAN
4850 * frame, so that 0 refers, for Ethernet LANE, to
4851 * the beginning of the destination address?
4852 */
4853 s = xfer_to_x(index);
4854 tmp = new_stmt(BPF_LD|BPF_IND|size);
4855 sappend(s, tmp);
4856 sappend(index->s, s);
4857 break;
4858
4859 case Q_IP:
4860 case Q_ARP:
4861 case Q_RARP:
4862 case Q_ATALK:
4863 case Q_DECNET:
4864 case Q_SCA:
4865 case Q_LAT:
4866 case Q_MOPRC:
4867 case Q_MOPDL:
4868 #ifdef INET6
4869 case Q_IPV6:
4870 #endif
4871 /* XXX Note that we assume a fixed link header here. */
4872 s = xfer_to_x(index);
4873 tmp = new_stmt(BPF_LD|BPF_IND|size);
4874 tmp->s.k = off_nl;
4875 sappend(s, tmp);
4876 sappend(index->s, s);
4877
4878 b = gen_proto_abbrev(proto);
4879 if (index->b)
4880 gen_and(index->b, b);
4881 index->b = b;
4882 break;
4883
4884 case Q_SCTP:
4885 case Q_TCP:
4886 case Q_UDP:
4887 case Q_ICMP:
4888 case Q_IGMP:
4889 case Q_IGRP:
4890 case Q_PIM:
4891 case Q_VRRP:
4892 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
4893 s->s.k = off_nl;
4894 sappend(s, xfer_to_a(index));
4895 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X));
4896 sappend(s, new_stmt(BPF_MISC|BPF_TAX));
4897 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size));
4898 tmp->s.k = off_nl;
4899 sappend(index->s, s);
4900
4901 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag());
4902 if (index->b)
4903 gen_and(index->b, b);
4904 #ifdef INET6
4905 gen_and(gen_proto_abbrev(Q_IP), b);
4906 #endif
4907 index->b = b;
4908 break;
4909 #ifdef INET6
4910 case Q_ICMPV6:
4911 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]");
4912 /*NOTREACHED*/
4913 #endif
4914 }
4915 index->regno = regno;
4916 s = new_stmt(BPF_ST);
4917 s->s.k = regno;
4918 sappend(index->s, s);
4919
4920 return index;
4921 }
4922
4923 struct block *
4924 gen_relation(code, a0, a1, reversed)
4925 int code;
4926 struct arth *a0, *a1;
4927 int reversed;
4928 {
4929 struct slist *s0, *s1, *s2;
4930 struct block *b, *tmp;
4931
4932 s0 = xfer_to_x(a1);
4933 s1 = xfer_to_a(a0);
4934 if (code == BPF_JEQ) {
4935 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X);
4936 b = new_block(JMP(code));
4937 sappend(s1, s2);
4938 }
4939 else
4940 b = new_block(BPF_JMP|code|BPF_X);
4941 if (reversed)
4942 gen_not(b);
4943
4944 sappend(s0, s1);
4945 sappend(a1->s, s0);
4946 sappend(a0->s, a1->s);
4947
4948 b->stmts = a0->s;
4949
4950 free_reg(a0->regno);
4951 free_reg(a1->regno);
4952
4953 /* 'and' together protocol checks */
4954 if (a0->b) {
4955 if (a1->b) {
4956 gen_and(a0->b, tmp = a1->b);
4957 }
4958 else
4959 tmp = a0->b;
4960 } else
4961 tmp = a1->b;
4962
4963 if (tmp)
4964 gen_and(tmp, b);
4965
4966 return b;
4967 }
4968
4969 struct arth *
4970 gen_loadlen()
4971 {
4972 int regno = alloc_reg();
4973 struct arth *a = (struct arth *)newchunk(sizeof(*a));
4974 struct slist *s;
4975
4976 s = new_stmt(BPF_LD|BPF_LEN);
4977 s->next = new_stmt(BPF_ST);
4978 s->next->s.k = regno;
4979 a->s = s;
4980 a->regno = regno;
4981
4982 return a;
4983 }
4984
4985 struct arth *
4986 gen_loadi(val)
4987 int val;
4988 {
4989 struct arth *a;
4990 struct slist *s;
4991 int reg;
4992
4993 a = (struct arth *)newchunk(sizeof(*a));
4994
4995 reg = alloc_reg();
4996
4997 s = new_stmt(BPF_LD|BPF_IMM);
4998 s->s.k = val;
4999 s->next = new_stmt(BPF_ST);
5000 s->next->s.k = reg;
5001 a->s = s;
5002 a->regno = reg;
5003
5004 return a;
5005 }
5006
5007 struct arth *
5008 gen_neg(a)
5009 struct arth *a;
5010 {
5011 struct slist *s;
5012
5013 s = xfer_to_a(a);
5014 sappend(a->s, s);
5015 s = new_stmt(BPF_ALU|BPF_NEG);
5016 s->s.k = 0;
5017 sappend(a->s, s);
5018 s = new_stmt(BPF_ST);
5019 s->s.k = a->regno;
5020 sappend(a->s, s);
5021
5022 return a;
5023 }
5024
5025 struct arth *
5026 gen_arth(code, a0, a1)
5027 int code;
5028 struct arth *a0, *a1;
5029 {
5030 struct slist *s0, *s1, *s2;
5031
5032 s0 = xfer_to_x(a1);
5033 s1 = xfer_to_a(a0);
5034 s2 = new_stmt(BPF_ALU|BPF_X|code);
5035
5036 sappend(s1, s2);
5037 sappend(s0, s1);
5038 sappend(a1->s, s0);
5039 sappend(a0->s, a1->s);
5040
5041 free_reg(a0->regno);
5042 free_reg(a1->regno);
5043
5044 s0 = new_stmt(BPF_ST);
5045 a0->regno = s0->s.k = alloc_reg();
5046 sappend(a0->s, s0);
5047
5048 return a0;
5049 }
5050
5051 /*
5052 * Here we handle simple allocation of the scratch registers.
5053 * If too many registers are alloc'd, the allocator punts.
5054 */
5055 static int regused[BPF_MEMWORDS];
5056 static int curreg;
5057
5058 /*
5059 * Return the next free register.
5060 */
5061 static int
5062 alloc_reg()
5063 {
5064 int n = BPF_MEMWORDS;
5065
5066 while (--n >= 0) {
5067 if (regused[curreg])
5068 curreg = (curreg + 1) % BPF_MEMWORDS;
5069 else {
5070 regused[curreg] = 1;
5071 return curreg;
5072 }
5073 }
5074 bpf_error("too many registers needed to evaluate expression");
5075 /* NOTREACHED */
5076 }
5077
5078 /*
5079 * Return a register to the table so it can
5080 * be used later.
5081 */
5082 static void
5083 free_reg(n)
5084 int n;
5085 {
5086 regused[n] = 0;
5087 }
5088
5089 static struct block *
5090 gen_len(jmp, n)
5091 int jmp, n;
5092 {
5093 struct slist *s;
5094 struct block *b;
5095
5096 s = new_stmt(BPF_LD|BPF_LEN);
5097 b = new_block(JMP(jmp));
5098 b->stmts = s;
5099 b->s.k = n;
5100
5101 return b;
5102 }
5103
5104 struct block *
5105 gen_greater(n)
5106 int n;
5107 {
5108 return gen_len(BPF_JGE, n);
5109 }
5110
5111 /*
5112 * Actually, this is less than or equal.
5113 */
5114 struct block *
5115 gen_less(n)
5116 int n;
5117 {
5118 struct block *b;
5119
5120 b = gen_len(BPF_JGT, n);
5121 gen_not(b);
5122
5123 return b;
5124 }
5125
5126 struct block *
5127 gen_byteop(op, idx, val)
5128 int op, idx, val;
5129 {
5130 struct block *b;
5131 struct slist *s;
5132
5133 switch (op) {
5134 default:
5135 abort();
5136
5137 case '=':
5138 return gen_cmp(OR_LINK, (u_int)idx, BPF_B, (bpf_int32)val);
5139
5140 case '<':
5141 b = gen_cmp_lt(OR_LINK, (u_int)idx, BPF_B, (bpf_int32)val);
5142 return b;
5143
5144 case '>':
5145 b = gen_cmp_gt(OR_LINK, (u_int)idx, BPF_B, (bpf_int32)val);
5146 return b;
5147
5148 case '|':
5149 s = new_stmt(BPF_ALU|BPF_OR|BPF_K);
5150 break;
5151
5152 case '&':
5153 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
5154 break;
5155 }
5156 s->s.k = val;
5157 b = new_block(JMP(BPF_JEQ));
5158 b->stmts = s;
5159 gen_not(b);
5160
5161 return b;
5162 }
5163
5164 static u_char abroadcast[] = { 0x0 };
5165
5166 struct block *
5167 gen_broadcast(proto)
5168 int proto;
5169 {
5170 bpf_u_int32 hostmask;
5171 struct block *b0, *b1, *b2;
5172 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
5173
5174 switch (proto) {
5175
5176 case Q_DEFAULT:
5177 case Q_LINK:
5178 if (linktype == DLT_ARCNET || linktype == DLT_ARCNET_LINUX)
5179 return gen_ahostop(abroadcast, Q_DST);
5180 if (linktype == DLT_EN10MB)
5181 return gen_ehostop(ebroadcast, Q_DST);
5182 if (linktype == DLT_FDDI)
5183 return gen_fhostop(ebroadcast, Q_DST);
5184 if (linktype == DLT_IEEE802)
5185 return gen_thostop(ebroadcast, Q_DST);
5186 if (linktype == DLT_IEEE802_11)
5187 return gen_wlanhostop(ebroadcast, Q_DST);
5188 if (linktype == DLT_IP_OVER_FC)
5189 return gen_ipfchostop(ebroadcast, Q_DST);
5190 if (linktype == DLT_SUNATM && is_lane) {
5191 /*
5192 * Check that the packet doesn't begin with an
5193 * LE Control marker. (We've already generated
5194 * a test for LANE.)
5195 */
5196 b1 = gen_cmp(OR_LINK, SUNATM_PKT_BEGIN_POS, BPF_H,
5197 0xFF00);
5198 gen_not(b1);
5199
5200 /*
5201 * Now check the MAC address.
5202 */
5203 b0 = gen_ehostop(ebroadcast, Q_DST);
5204 gen_and(b1, b0);
5205 return b0;
5206 }
5207 bpf_error("not a broadcast link");
5208 break;
5209
5210 case Q_IP:
5211 b0 = gen_linktype(ETHERTYPE_IP);
5212 hostmask = ~netmask;
5213 b1 = gen_mcmp(OR_NET, 16, BPF_W, (bpf_int32)0, hostmask);
5214 b2 = gen_mcmp(OR_NET, 16, BPF_W,
5215 (bpf_int32)(~0 & hostmask), hostmask);
5216 gen_or(b1, b2);
5217 gen_and(b0, b2);
5218 return b2;
5219 }
5220 bpf_error("only link-layer/IP broadcast filters supported");
5221 /* NOTREACHED */
5222 }
5223
5224 /*
5225 * Generate code to test the low-order bit of a MAC address (that's
5226 * the bottom bit of the *first* byte).
5227 */
5228 static struct block *
5229 gen_mac_multicast(offset)
5230 int offset;
5231 {
5232 register struct block *b0;
5233 register struct slist *s;
5234
5235 /* link[offset] & 1 != 0 */
5236 s = gen_load_a(OR_LINK, offset, BPF_B);
5237 b0 = new_block(JMP(BPF_JSET));
5238 b0->s.k = 1;
5239 b0->stmts = s;
5240 return b0;
5241 }
5242
5243 struct block *
5244 gen_multicast(proto)
5245 int proto;
5246 {
5247 register struct block *b0, *b1, *b2;
5248 register struct slist *s;
5249
5250 switch (proto) {
5251
5252 case Q_DEFAULT:
5253 case Q_LINK:
5254 if (linktype == DLT_ARCNET || linktype == DLT_ARCNET_LINUX)
5255 /* all ARCnet multicasts use the same address */
5256 return gen_ahostop(abroadcast, Q_DST);
5257
5258 if (linktype == DLT_EN10MB) {
5259 /* ether[0] & 1 != 0 */
5260 return gen_mac_multicast(0);
5261 }
5262
5263 if (linktype == DLT_FDDI) {
5264 /*
5265 * XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX
5266 *
5267 * XXX - was that referring to bit-order issues?
5268 */
5269 /* fddi[1] & 1 != 0 */
5270 return gen_mac_multicast(1);
5271 }
5272
5273 if (linktype == DLT_IEEE802) {
5274 /* tr[2] & 1 != 0 */
5275 return gen_mac_multicast(2);
5276 }
5277
5278 if (linktype == DLT_IEEE802_11) {
5279 /*
5280 * Oh, yuk.
5281 *
5282 * For control frames, there is no DA.
5283 *
5284 * For management frames, DA is at an
5285 * offset of 4 from the beginning of
5286 * the packet.
5287 *
5288 * For data frames, DA is at an offset
5289 * of 4 from the beginning of the packet
5290 * if To DS is clear and at an offset of
5291 * 16 from the beginning of the packet
5292 * if To DS is set.
5293 */
5294
5295 /*
5296 * Generate the tests to be done for data frames.
5297 *
5298 * First, check for To DS set, i.e. "link[1] & 0x01".
5299 */
5300 s = gen_load_a(OR_LINK, 1, BPF_B);
5301 b1 = new_block(JMP(BPF_JSET));
5302 b1->s.k = 0x01; /* To DS */
5303 b1->stmts = s;
5304
5305 /*
5306 * If To DS is set, the DA is at 16.
5307 */
5308 b0 = gen_mac_multicast(16);
5309 gen_and(b1, b0);
5310
5311 /*
5312 * Now, check for To DS not set, i.e. check
5313 * "!(link[1] & 0x01)".
5314 */
5315 s = gen_load_a(OR_LINK, 1, BPF_B);
5316 b2 = new_block(JMP(BPF_JSET));
5317 b2->s.k = 0x01; /* To DS */
5318 b2->stmts = s;
5319 gen_not(b2);
5320
5321 /*
5322 * If To DS is not set, the DA is at 4.
5323 */
5324 b1 = gen_mac_multicast(4);
5325 gen_and(b2, b1);
5326
5327 /*
5328 * Now OR together the last two checks. That gives
5329 * the complete set of checks for data frames.
5330 */
5331 gen_or(b1, b0);
5332
5333 /*
5334 * Now check for a data frame.
5335 * I.e, check "link[0] & 0x08".
5336 */
5337 s = gen_load_a(OR_LINK, 0, BPF_B);
5338 b1 = new_block(JMP(BPF_JSET));
5339 b1->s.k = 0x08;
5340 b1->stmts = s;
5341
5342 /*
5343 * AND that with the checks done for data frames.
5344 */
5345 gen_and(b1, b0);
5346
5347 /*
5348 * If the high-order bit of the type value is 0, this
5349 * is a management frame.
5350 * I.e, check "!(link[0] & 0x08)".
5351 */
5352 s = gen_load_a(OR_LINK, 0, BPF_B);
5353 b2 = new_block(JMP(BPF_JSET));
5354 b2->s.k = 0x08;
5355 b2->stmts = s;
5356 gen_not(b2);
5357
5358 /*
5359 * For management frames, the DA is at 4.
5360 */
5361 b1 = gen_mac_multicast(4);
5362 gen_and(b2, b1);
5363
5364 /*
5365 * OR that with the checks done for data frames.
5366 * That gives the checks done for management and
5367 * data frames.
5368 */
5369 gen_or(b1, b0);
5370
5371 /*
5372 * If the low-order bit of the type value is 1,
5373 * this is either a control frame or a frame
5374 * with a reserved type, and thus not a
5375 * frame with an SA.
5376 *
5377 * I.e., check "!(link[0] & 0x04)".
5378 */
5379 s = gen_load_a(OR_LINK, 0, BPF_B);
5380 b1 = new_block(JMP(BPF_JSET));
5381 b1->s.k = 0x04;
5382 b1->stmts = s;
5383 gen_not(b1);
5384
5385 /*
5386 * AND that with the checks for data and management
5387 * frames.
5388 */
5389 gen_and(b1, b0);
5390 return b0;
5391 }
5392
5393 if (linktype == DLT_IP_OVER_FC) {
5394 b0 = gen_mac_multicast(2);
5395 return b0;
5396 }
5397
5398 if (linktype == DLT_SUNATM && is_lane) {
5399 /*
5400 * Check that the packet doesn't begin with an
5401 * LE Control marker. (We've already generated
5402 * a test for LANE.)
5403 */
5404 b1 = gen_cmp(OR_LINK, SUNATM_PKT_BEGIN_POS, BPF_H,
5405 0xFF00);
5406 gen_not(b1);
5407
5408 /* ether[off_mac] & 1 != 0 */
5409 b0 = gen_mac_multicast(off_mac);
5410 gen_and(b1, b0);
5411 return b0;
5412 }
5413
5414 /* Link not known to support multicasts */
5415 break;
5416
5417 case Q_IP:
5418 b0 = gen_linktype(ETHERTYPE_IP);
5419 b1 = gen_cmp_ge(OR_NET, 16, BPF_B, (bpf_int32)224);
5420 gen_and(b0, b1);
5421 return b1;
5422
5423 #ifdef INET6
5424 case Q_IPV6:
5425 b0 = gen_linktype(ETHERTYPE_IPV6);
5426 b1 = gen_cmp(OR_NET, 24, BPF_B, (bpf_int32)255);
5427 gen_and(b0, b1);
5428 return b1;
5429 #endif /* INET6 */
5430 }
5431 bpf_error("link-layer multicast filters supported only on ethernet/FDDI/token ring/ARCNET/802.11/ATM LANE/Fibre Channel");
5432 /* NOTREACHED */
5433 }
5434
5435 /*
5436 * generate command for inbound/outbound. It's here so we can
5437 * make it link-type specific. 'dir' = 0 implies "inbound",
5438 * = 1 implies "outbound".
5439 */
5440 struct block *
5441 gen_inbound(dir)
5442 int dir;
5443 {
5444 register struct block *b0;
5445
5446 /*
5447 * Only some data link types support inbound/outbound qualifiers.
5448 */
5449 switch (linktype) {
5450 case DLT_SLIP:
5451 b0 = gen_relation(BPF_JEQ,
5452 gen_load(Q_LINK, gen_loadi(0), 1),
5453 gen_loadi(0),
5454 dir);
5455 break;
5456
5457 case DLT_LINUX_SLL:
5458 if (dir) {
5459 /*
5460 * Match packets sent by this machine.
5461 */
5462 b0 = gen_cmp(OR_LINK, 0, BPF_H, LINUX_SLL_OUTGOING);
5463 } else {
5464 /*
5465 * Match packets sent to this machine.
5466 * (No broadcast or multicast packets, or
5467 * packets sent to some other machine and
5468 * received promiscuously.)
5469 *
5470 * XXX - packets sent to other machines probably
5471 * shouldn't be matched, but what about broadcast
5472 * or multicast packets we received?
5473 */
5474 b0 = gen_cmp(OR_LINK, 0, BPF_H, LINUX_SLL_HOST);
5475 }
5476 break;
5477
5478 case DLT_PFLOG:
5479 b0 = gen_cmp(OR_LINK, offsetof(struct pfloghdr, dir), BPF_B,
5480 (bpf_int32)((dir == 0) ? PF_IN : PF_OUT));
5481 break;
5482
5483 case DLT_PPP_PPPD:
5484 if (dir) {
5485 /* match outgoing packets */
5486 b0 = gen_cmp(OR_LINK, 0, BPF_B, PPP_PPPD_OUT);
5487 } else {
5488 /* match incoming packets */
5489 b0 = gen_cmp(OR_LINK, 0, BPF_B, PPP_PPPD_IN);
5490 }
5491 break;
5492
5493 case DLT_JUNIPER_MLFR:
5494 case DLT_JUNIPER_MLPPP:
5495 case DLT_JUNIPER_ATM1:
5496 case DLT_JUNIPER_ATM2:
5497 /* juniper flags (including direction) are stored
5498 * the byte after the 3-byte magic number */
5499 if (dir) {
5500 /* match outgoing packets */
5501 b0 = gen_mcmp(OR_LINK, 3, BPF_B, 0, 0x01);
5502 } else {
5503 /* match incoming packets */
5504 b0 = gen_mcmp(OR_LINK, 3, BPF_B, 1, 0x01);
5505 }
5506 break;
5507
5508 default:
5509 bpf_error("inbound/outbound not supported on linktype %d",
5510 linktype);
5511 b0 = NULL;
5512 /* NOTREACHED */
5513 }
5514 return (b0);
5515 }
5516
5517 /* PF firewall log matched interface */
5518 struct block *
5519 gen_pf_ifname(const char *ifname)
5520 {
5521 struct block *b0;
5522 u_int len, off;
5523
5524 if (linktype == DLT_PFLOG) {
5525 len = sizeof(((struct pfloghdr *)0)->ifname);
5526 off = offsetof(struct pfloghdr, ifname);
5527 } else {
5528 bpf_error("ifname not supported on linktype 0x%x", linktype);
5529 /* NOTREACHED */
5530 }
5531 if (strlen(ifname) >= len) {
5532 bpf_error("ifname interface names can only be %d characters",
5533 len-1);
5534 /* NOTREACHED */
5535 }
5536 b0 = gen_bcmp(OR_LINK, off, strlen(ifname), (const u_char *)ifname);
5537 return (b0);
5538 }
5539
5540 /* PF firewall log matched interface */
5541 struct block *
5542 gen_pf_ruleset(char *ruleset)
5543 {
5544 struct block *b0;
5545
5546 if (linktype != DLT_PFLOG) {
5547 bpf_error("ruleset not supported on linktype 0x%x", linktype);
5548 /* NOTREACHED */
5549 }
5550 if (strlen(ruleset) >= sizeof(((struct pfloghdr *)0)->ruleset)) {
5551 bpf_error("ruleset names can only be %ld characters",
5552 (long)(sizeof(((struct pfloghdr *)0)->ruleset) - 1));
5553 /* NOTREACHED */
5554 }
5555 b0 = gen_bcmp(OR_LINK, offsetof(struct pfloghdr, ruleset),
5556 strlen(ruleset), (const u_char *)ruleset);
5557 return (b0);
5558 }
5559
5560 /* PF firewall log rule number */
5561 struct block *
5562 gen_pf_rnr(int rnr)
5563 {
5564 struct block *b0;
5565
5566 if (linktype == DLT_PFLOG) {
5567 b0 = gen_cmp(OR_LINK, offsetof(struct pfloghdr, rulenr), BPF_W,
5568 (bpf_int32)rnr);
5569 } else {
5570 bpf_error("rnr not supported on linktype 0x%x", linktype);
5571 /* NOTREACHED */
5572 }
5573
5574 return (b0);
5575 }
5576
5577 /* PF firewall log sub-rule number */
5578 struct block *
5579 gen_pf_srnr(int srnr)
5580 {
5581 struct block *b0;
5582
5583 if (linktype != DLT_PFLOG) {
5584 bpf_error("srnr not supported on linktype 0x%x", linktype);
5585 /* NOTREACHED */
5586 }
5587
5588 b0 = gen_cmp(OR_LINK, offsetof(struct pfloghdr, subrulenr), BPF_W,
5589 (bpf_int32)srnr);
5590 return (b0);
5591 }
5592
5593 /* PF firewall log reason code */
5594 struct block *
5595 gen_pf_reason(int reason)
5596 {
5597 struct block *b0;
5598
5599 if (linktype == DLT_PFLOG) {
5600 b0 = gen_cmp(OR_LINK, offsetof(struct pfloghdr, reason), BPF_B,
5601 (bpf_int32)reason);
5602 } else {
5603 bpf_error("reason not supported on linktype 0x%x", linktype);
5604 /* NOTREACHED */
5605 }
5606
5607 return (b0);
5608 }
5609
5610 /* PF firewall log action */
5611 struct block *
5612 gen_pf_action(int action)
5613 {
5614 struct block *b0;
5615
5616 if (linktype == DLT_PFLOG) {
5617 b0 = gen_cmp(OR_LINK, offsetof(struct pfloghdr, action), BPF_B,
5618 (bpf_int32)action);
5619 } else {
5620 bpf_error("action not supported on linktype 0x%x", linktype);
5621 /* NOTREACHED */
5622 }
5623
5624 return (b0);
5625 }
5626
5627 struct block *
5628 gen_acode(eaddr, q)
5629 register const u_char *eaddr;
5630 struct qual q;
5631 {
5632 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
5633 if (linktype == DLT_ARCNET || linktype == DLT_ARCNET_LINUX)
5634 return gen_ahostop(eaddr, (int)q.dir);
5635 }
5636 bpf_error("ARCnet address used in non-arc expression");
5637 /* NOTREACHED */
5638 }
5639
5640 static struct block *
5641 gen_ahostop(eaddr, dir)
5642 register const u_char *eaddr;
5643 register int dir;
5644 {
5645 register struct block *b0, *b1;
5646
5647 switch (dir) {
5648 /* src comes first, different from Ethernet */
5649 case Q_SRC:
5650 return gen_bcmp(OR_LINK, 0, 1, eaddr);
5651
5652 case Q_DST:
5653 return gen_bcmp(OR_LINK, 1, 1, eaddr);
5654
5655 case Q_AND:
5656 b0 = gen_ahostop(eaddr, Q_SRC);
5657 b1 = gen_ahostop(eaddr, Q_DST);
5658 gen_and(b0, b1);
5659 return b1;
5660
5661 case Q_DEFAULT:
5662 case Q_OR:
5663 b0 = gen_ahostop(eaddr, Q_SRC);
5664 b1 = gen_ahostop(eaddr, Q_DST);
5665 gen_or(b0, b1);
5666 return b1;
5667 }
5668 abort();
5669 /* NOTREACHED */
5670 }
5671
5672 /*
5673 * support IEEE 802.1Q VLAN trunk over ethernet
5674 */
5675 struct block *
5676 gen_vlan(vlan_num)
5677 int vlan_num;
5678 {
5679 struct block *b0;
5680
5681 /*
5682 * Change the offsets to point to the type and data fields within
5683 * the VLAN packet. Just increment the offsets, so that we
5684 * can support a hierarchy, e.g. "vlan 300 && vlan 200" to
5685 * capture VLAN 200 encapsulated within VLAN 100.
5686 *
5687 * XXX - this is a bit of a kludge. If we were to split the
5688 * compiler into a parser that parses an expression and
5689 * generates an expression tree, and a code generator that
5690 * takes an expression tree (which could come from our
5691 * parser or from some other parser) and generates BPF code,
5692 * we could perhaps make the offsets parameters of routines
5693 * and, in the handler for an "AND" node, pass to subnodes
5694 * other than the VLAN node the adjusted offsets.
5695 *
5696 * This would mean that "vlan" would, instead of changing the
5697 * behavior of *all* tests after it, change only the behavior
5698 * of tests ANDed with it. That would change the documented
5699 * semantics of "vlan", which might break some expressions.
5700 * However, it would mean that "(vlan and ip) or ip" would check
5701 * both for VLAN-encapsulated IP and IP-over-Ethernet, rather than
5702 * checking only for VLAN-encapsulated IP, so that could still
5703 * be considered worth doing; it wouldn't break expressions
5704 * that are of the form "vlan and ..." or "vlan N and ...",
5705 * which I suspect are the most common expressions involving
5706 * "vlan". "vlan or ..." doesn't necessarily do what the user
5707 * would really want, now, as all the "or ..." tests would
5708 * be done assuming a VLAN, even though the "or" could be viewed
5709 * as meaning "or, if this isn't a VLAN packet...".
5710 */
5711 orig_linktype = off_linktype; /* save original values */
5712 orig_nl = off_nl;
5713
5714 switch (linktype) {
5715
5716 case DLT_EN10MB:
5717 off_linktype += 4;
5718 off_nl_nosnap += 4;
5719 off_nl += 4;
5720 break;
5721
5722 default:
5723 bpf_error("no VLAN support for data link type %d",
5724 linktype);
5725 /*NOTREACHED*/
5726 }
5727
5728 /* check for VLAN */
5729 b0 = gen_cmp(OR_LINK, orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q);
5730
5731 /* If a specific VLAN is requested, check VLAN id */
5732 if (vlan_num >= 0) {
5733 struct block *b1;
5734
5735 b1 = gen_mcmp(OR_LINK, orig_nl, BPF_H, (bpf_int32)vlan_num,
5736 0x0fff);
5737 gen_and(b0, b1);
5738 b0 = b1;
5739 }
5740
5741 return (b0);
5742 }
5743
5744 /*
5745 * support for MPLS
5746 */
5747 struct block *
5748 gen_mpls(label_num)
5749 int label_num;
5750 {
5751 struct block *b0;
5752
5753 /*
5754 * Change the offsets to point to the type and data fields within
5755 * the MPLS packet. Just increment the offsets, so that we
5756 * can support a hierarchy, e.g. "mpls 100000 && mpls 1024" to
5757 * capture packets with an outer label of 100000 and an inner
5758 * label of 1024.
5759 *
5760 * XXX - this is a bit of a kludge. See comments in gen_vlan().
5761 */
5762 orig_linktype = off_linktype; /* save original values */
5763 orig_nl = off_nl;
5764
5765 switch (linktype) {
5766
5767 case DLT_C_HDLC: /* fall through */
5768 case DLT_EN10MB:
5769 off_linktype += 4;
5770 off_nl_nosnap += 4;
5771 off_nl += 4;
5772
5773 b0 = gen_cmp(OR_LINK, orig_linktype, BPF_H,
5774 (bpf_int32)ETHERTYPE_MPLS);
5775 break;
5776
5777 case DLT_PPP:
5778 off_linktype += 4;
5779 off_nl_nosnap += 4;
5780 off_nl += 4;
5781
5782 b0 = gen_cmp(OR_LINK, orig_linktype, BPF_H,
5783 (bpf_int32)PPP_MPLS_UCAST);
5784 break;
5785
5786 /* FIXME add other DLT_s ...
5787 * for Frame-Relay/and ATM this may get messy due to SNAP headers
5788 * leave it for now */
5789
5790 default:
5791 bpf_error("no MPLS support for data link type %d",
5792 linktype);
5793 b0 = NULL;
5794 /*NOTREACHED*/
5795 break;
5796 }
5797
5798 /* If a specific MPLS label is requested, check it */
5799 if (label_num >= 0) {
5800 struct block *b1;
5801
5802 label_num = label_num << 12; /* label is shifted 12 bits on the wire */
5803 b1 = gen_mcmp(OR_LINK, orig_nl, BPF_W, (bpf_int32)label_num,
5804 0xfffff000); /* only compare the first 20 bits */
5805 gen_and(b0, b1);
5806 b0 = b1;
5807 }
5808
5809 return (b0);
5810 }
5811
5812 struct block *
5813 gen_atmfield_code(atmfield, jvalue, jtype, reverse)
5814 int atmfield;
5815 bpf_u_int32 jvalue;
5816 bpf_u_int32 jtype;
5817 int reverse;
5818 {
5819 struct block *b0;
5820
5821 switch (atmfield) {
5822
5823 case A_VPI:
5824 if (!is_atm)
5825 bpf_error("'vpi' supported only on raw ATM");
5826 if (off_vpi == (u_int)-1)
5827 abort();
5828 b0 = gen_ncmp(OR_LINK, off_vpi, BPF_B, 0xffffffff, (u_int)jtype,
5829 (u_int)jvalue, reverse);
5830 break;
5831
5832 case A_VCI:
5833 if (!is_atm)
5834 bpf_error("'vci' supported only on raw ATM");
5835 if (off_vci == (u_int)-1)
5836 abort();
5837 b0 = gen_ncmp(OR_LINK, off_vci, BPF_H, 0xffffffff, (u_int)jtype,
5838 reverse, (u_int)jvalue);
5839 break;
5840
5841 case A_PROTOTYPE:
5842 if (off_proto == (u_int)-1)
5843 abort(); /* XXX - this isn't on FreeBSD */
5844 b0 = gen_ncmp(OR_LINK, off_proto, BPF_B, 0x0f, (u_int)jtype,
5845 reverse, (u_int)jvalue);
5846 break;
5847
5848 case A_MSGTYPE:
5849 if (off_payload == (u_int)-1)
5850 abort();
5851 b0 = gen_ncmp(OR_LINK, off_payload + MSG_TYPE_POS, BPF_B,
5852 0xffffffff, (u_int)jtype, reverse, (u_int)jvalue);
5853 break;
5854
5855 case A_CALLREFTYPE:
5856 if (!is_atm)
5857 bpf_error("'callref' supported only on raw ATM");
5858 if (off_proto == (u_int)-1)
5859 abort();
5860 b0 = gen_ncmp(OR_LINK, off_proto, BPF_B, 0xffffffff,
5861 (u_int)jtype, reverse, (u_int)jvalue);
5862 break;
5863
5864 default:
5865 abort();
5866 }
5867 return b0;
5868 }
5869
5870 struct block *
5871 gen_atmtype_abbrev(type)
5872 int type;
5873 {
5874 struct block *b0, *b1;
5875
5876 switch (type) {
5877
5878 case A_METAC:
5879 /* Get all packets in Meta signalling Circuit */
5880 if (!is_atm)
5881 bpf_error("'metac' supported only on raw ATM");
5882 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5883 b1 = gen_atmfield_code(A_VCI, 1, BPF_JEQ, 0);
5884 gen_and(b0, b1);
5885 break;
5886
5887 case A_BCC:
5888 /* Get all packets in Broadcast Circuit*/
5889 if (!is_atm)
5890 bpf_error("'bcc' supported only on raw ATM");
5891 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5892 b1 = gen_atmfield_code(A_VCI, 2, BPF_JEQ, 0);
5893 gen_and(b0, b1);
5894 break;
5895
5896 case A_OAMF4SC:
5897 /* Get all cells in Segment OAM F4 circuit*/
5898 if (!is_atm)
5899 bpf_error("'oam4sc' supported only on raw ATM");
5900 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5901 b1 = gen_atmfield_code(A_VCI, 3, BPF_JEQ, 0);
5902 gen_and(b0, b1);
5903 break;
5904
5905 case A_OAMF4EC:
5906 /* Get all cells in End-to-End OAM F4 Circuit*/
5907 if (!is_atm)
5908 bpf_error("'oam4ec' supported only on raw ATM");
5909 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5910 b1 = gen_atmfield_code(A_VCI, 4, BPF_JEQ, 0);
5911 gen_and(b0, b1);
5912 break;
5913
5914 case A_SC:
5915 /* Get all packets in connection Signalling Circuit */
5916 if (!is_atm)
5917 bpf_error("'sc' supported only on raw ATM");
5918 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5919 b1 = gen_atmfield_code(A_VCI, 5, BPF_JEQ, 0);
5920 gen_and(b0, b1);
5921 break;
5922
5923 case A_ILMIC:
5924 /* Get all packets in ILMI Circuit */
5925 if (!is_atm)
5926 bpf_error("'ilmic' supported only on raw ATM");
5927 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5928 b1 = gen_atmfield_code(A_VCI, 16, BPF_JEQ, 0);
5929 gen_and(b0, b1);
5930 break;
5931
5932 case A_LANE:
5933 /* Get all LANE packets */
5934 if (!is_atm)
5935 bpf_error("'lane' supported only on raw ATM");
5936 b1 = gen_atmfield_code(A_PROTOTYPE, PT_LANE, BPF_JEQ, 0);
5937
5938 /*
5939 * Arrange that all subsequent tests assume LANE
5940 * rather than LLC-encapsulated packets, and set
5941 * the offsets appropriately for LANE-encapsulated
5942 * Ethernet.
5943 *
5944 * "off_mac" is the offset of the Ethernet header,
5945 * which is 2 bytes past the ATM pseudo-header
5946 * (skipping the pseudo-header and 2-byte LE Client
5947 * field). The other offsets are Ethernet offsets
5948 * relative to "off_mac".
5949 */
5950 is_lane = 1;
5951 off_mac = off_payload + 2; /* MAC header */
5952 off_linktype = off_mac + 12;
5953 off_nl = off_mac + 14; /* Ethernet II */
5954 off_nl_nosnap = off_mac + 17; /* 802.3+802.2 */
5955 break;
5956
5957 case A_LLC:
5958 /* Get all LLC-encapsulated packets */
5959 if (!is_atm)
5960 bpf_error("'llc' supported only on raw ATM");
5961 b1 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0);
5962 is_lane = 0;
5963 break;
5964
5965 default:
5966 abort();
5967 }
5968 return b1;
5969 }
5970
5971
5972 static struct block *
5973 gen_msg_abbrev(type)
5974 int type;
5975 {
5976 struct block *b1;
5977
5978 /*
5979 * Q.2931 signalling protocol messages for handling virtual circuits
5980 * establishment and teardown
5981 */
5982 switch (type) {
5983
5984 case A_SETUP:
5985 b1 = gen_atmfield_code(A_MSGTYPE, SETUP, BPF_JEQ, 0);
5986 break;
5987
5988 case A_CALLPROCEED:
5989 b1 = gen_atmfield_code(A_MSGTYPE, CALL_PROCEED, BPF_JEQ, 0);
5990 break;
5991
5992 case A_CONNECT:
5993 b1 = gen_atmfield_code(A_MSGTYPE, CONNECT, BPF_JEQ, 0);
5994 break;
5995
5996 case A_CONNECTACK:
5997 b1 = gen_atmfield_code(A_MSGTYPE, CONNECT_ACK, BPF_JEQ, 0);
5998 break;
5999
6000 case A_RELEASE:
6001 b1 = gen_atmfield_code(A_MSGTYPE, RELEASE, BPF_JEQ, 0);
6002 break;
6003
6004 case A_RELEASE_DONE:
6005 b1 = gen_atmfield_code(A_MSGTYPE, RELEASE_DONE, BPF_JEQ, 0);
6006 break;
6007
6008 default:
6009 abort();
6010 }
6011 return b1;
6012 }
6013
6014 struct block *
6015 gen_atmmulti_abbrev(type)
6016 int type;
6017 {
6018 struct block *b0, *b1;
6019
6020 switch (type) {
6021
6022 case A_OAM:
6023 if (!is_atm)
6024 bpf_error("'oam' supported only on raw ATM");
6025 b1 = gen_atmmulti_abbrev(A_OAMF4);
6026 break;
6027
6028 case A_OAMF4:
6029 if (!is_atm)
6030 bpf_error("'oamf4' supported only on raw ATM");
6031 /* OAM F4 type */
6032 b0 = gen_atmfield_code(A_VCI, 3, BPF_JEQ, 0);
6033 b1 = gen_atmfield_code(A_VCI, 4, BPF_JEQ, 0);
6034 gen_or(b0, b1);
6035 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
6036 gen_and(b0, b1);
6037 break;
6038
6039 case A_CONNECTMSG:
6040 /*
6041 * Get Q.2931 signalling messages for switched
6042 * virtual connection
6043 */
6044 if (!is_atm)
6045 bpf_error("'connectmsg' supported only on raw ATM");
6046 b0 = gen_msg_abbrev(A_SETUP);
6047 b1 = gen_msg_abbrev(A_CALLPROCEED);
6048 gen_or(b0, b1);
6049 b0 = gen_msg_abbrev(A_CONNECT);
6050 gen_or(b0, b1);
6051 b0 = gen_msg_abbrev(A_CONNECTACK);
6052 gen_or(b0, b1);
6053 b0 = gen_msg_abbrev(A_RELEASE);
6054 gen_or(b0, b1);
6055 b0 = gen_msg_abbrev(A_RELEASE_DONE);
6056 gen_or(b0, b1);
6057 b0 = gen_atmtype_abbrev(A_SC);
6058 gen_and(b0, b1);
6059 break;
6060
6061 case A_METACONNECT:
6062 if (!is_atm)
6063 bpf_error("'metaconnect' supported only on raw ATM");
6064 b0 = gen_msg_abbrev(A_SETUP);
6065 b1 = gen_msg_abbrev(A_CALLPROCEED);
6066 gen_or(b0, b1);
6067 b0 = gen_msg_abbrev(A_CONNECT);
6068 gen_or(b0, b1);
6069 b0 = gen_msg_abbrev(A_RELEASE);
6070 gen_or(b0, b1);
6071 b0 = gen_msg_abbrev(A_RELEASE_DONE);
6072 gen_or(b0, b1);
6073 b0 = gen_atmtype_abbrev(A_METAC);
6074 gen_and(b0, b1);
6075 break;
6076
6077 default:
6078 abort();
6079 }
6080 return b1;
6081 }
[mirror] the LIBpcap interface to various kernel packet capture mechanism