]> The Tcpdump Group git mirrors - libpcap/blob - gencode.c
projects / libpcap / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Add support for operations that test 802.11 SA or DA fields, and for
[libpcap] / gencode.c
1 /*#define CHASE_CHAIN*/
2 /*
3 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998
4 * The Regents of the University of California. All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that: (1) source code distributions
8 * retain the above copyright notice and this paragraph in its entirety, (2)
9 * distributions including binary code include the above copyright notice and
10 * this paragraph in its entirety in the documentation or other materials
11 * provided with the distribution, and (3) all advertising materials mentioning
12 * features or use of this software display the following acknowledgement:
13 * ``This product includes software developed by the University of California,
14 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
15 * the University nor the names of its contributors may be used to endorse
16 * or promote products derived from this software without specific prior
17 * written permission.
18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
19 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
20 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
21 */
22 #ifndef lint
23 static const char rcsid[] =
24 "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.176 2002-08-08 08:22:45 guy Exp $ (LBL)";
25 #endif
26
27 #ifdef HAVE_CONFIG_H
28 #include "config.h"
29 #endif
30
31 #ifdef WIN32
32 #include <pcap-stdinc.h>
33 #else /* WIN32 */
34 #include <sys/types.h>
35 #include <sys/socket.h>
36 #include <sys/time.h>
37 #endif /* WIN32 */
38
39 /*
40 * XXX - why was this included even on UNIX?
41 */
42 #ifdef __MINGW32__
43 #include "IP6_misc.h"
44 #endif
45
46 #ifndef WIN32
47
48 #ifdef __NetBSD__
49 #include <sys/param.h>
50 #endif
51
52 #include <netinet/in.h>
53
54 #endif /* WIN32 */
55
56 #include <stdlib.h>
57 #include <string.h>
58 #include <memory.h>
59 #include <setjmp.h>
60 #include <stdarg.h>
61
62 #include "pcap-int.h"
63
64 #include "ethertype.h"
65 #include "nlpid.h"
66 #include "llc.h"
67 #include "gencode.h"
68 #include "atmuni31.h"
69 #include "sunatmpos.h"
70 #include "ppp.h"
71 #include "sll.h"
72 #include "arcnet.h"
73 #ifdef INET6
74 #ifndef WIN32
75 #include <netdb.h> /* for "struct addrinfo" */
76 #endif /* WIN32 */
77 #endif /*INET6*/
78 #include <pcap-namedb.h>
79
80 #define ETHERMTU 1500
81
82 #ifndef IPPROTO_SCTP
83 #define IPPROTO_SCTP 132
84 #endif
85
86 #ifdef HAVE_OS_PROTO_H
87 #include "os-proto.h"
88 #endif
89
90 #define JMP(c) ((c)|BPF_JMP|BPF_K)
91
92 /* Locals */
93 static jmp_buf top_ctx;
94 static pcap_t *bpf_pcap;
95
96 /* Hack for updating VLAN offsets. */
97 static u_int orig_linktype = -1, orig_nl = -1, orig_nl_nosnap = -1;
98
99 /* XXX */
100 #ifdef PCAP_FDDIPAD
101 int pcap_fddipad = PCAP_FDDIPAD;
102 #else
103 int pcap_fddipad;
104 #endif
105
106 /* VARARGS */
107 void
108 bpf_error(const char *fmt, ...)
109
110 {
111 va_list ap;
112
113 va_start(ap, fmt);
114 if (bpf_pcap != NULL)
115 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE,
116 fmt, ap);
117 va_end(ap);
118 longjmp(top_ctx, 1);
119 /* NOTREACHED */
120 }
121
122 static void init_linktype(int);
123
124 static int alloc_reg(void);
125 static void free_reg(int);
126
127 static struct block *root;
128
129 /*
130 * We divy out chunks of memory rather than call malloc each time so
131 * we don't have to worry about leaking memory. It's probably
132 * not a big deal if all this memory was wasted but it this ever
133 * goes into a library that would probably not be a good idea.
134 */
135 #define NCHUNKS 16
136 #define CHUNK0SIZE 1024
137 struct chunk {
138 u_int n_left;
139 void *m;
140 };
141
142 static struct chunk chunks[NCHUNKS];
143 static int cur_chunk;
144
145 static void *newchunk(u_int);
146 static void freechunks(void);
147 static inline struct block *new_block(int);
148 static inline struct slist *new_stmt(int);
149 static struct block *gen_retblk(int);
150 static inline void syntax(void);
151
152 static void backpatch(struct block *, struct block *);
153 static void merge(struct block *, struct block *);
154 static struct block *gen_cmp(u_int, u_int, bpf_int32);
155 static struct block *gen_cmp_gt(u_int, u_int, bpf_int32);
156 static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32);
157 static struct block *gen_bcmp(u_int, u_int, const u_char *);
158 static struct block *gen_ncmp(bpf_u_int32, bpf_u_int32, bpf_u_int32,
159 bpf_u_int32, bpf_u_int32, int);
160 static struct block *gen_uncond(int);
161 static inline struct block *gen_true(void);
162 static inline struct block *gen_false(void);
163 static struct block *gen_linktype(int);
164 static struct block *gen_snap(bpf_u_int32, bpf_u_int32, u_int);
165 static struct block *gen_llc(int);
166 static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int);
167 #ifdef INET6
168 static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int);
169 #endif
170 static struct block *gen_ahostop(const u_char *, int);
171 static struct block *gen_ehostop(const u_char *, int);
172 static struct block *gen_fhostop(const u_char *, int);
173 static struct block *gen_thostop(const u_char *, int);
174 static struct block *gen_wlanhostop(const u_char *, int);
175 static struct block *gen_dnhostop(bpf_u_int32, int, u_int);
176 static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int);
177 #ifdef INET6
178 static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int);
179 #endif
180 #ifndef INET6
181 static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int);
182 #endif
183 static struct block *gen_ipfrag(void);
184 static struct block *gen_portatom(int, bpf_int32);
185 #ifdef INET6
186 static struct block *gen_portatom6(int, bpf_int32);
187 #endif
188 struct block *gen_portop(int, int, int);
189 static struct block *gen_port(int, int, int);
190 #ifdef INET6
191 struct block *gen_portop6(int, int, int);
192 static struct block *gen_port6(int, int, int);
193 #endif
194 static int lookup_proto(const char *, int);
195 static struct block *gen_protochain(int, int, int);
196 static struct block *gen_proto(int, int, int);
197 static struct slist *xfer_to_x(struct arth *);
198 static struct slist *xfer_to_a(struct arth *);
199 static struct block *gen_mac_multicast(int);
200 static struct block *gen_len(int, int);
201
202 static struct block *gen_msg_abbrev(int type);
203
204 static void *
205 newchunk(n)
206 u_int n;
207 {
208 struct chunk *cp;
209 int k, size;
210
211 #ifndef __NetBSD__
212 /* XXX Round up to nearest long. */
213 n = (n + sizeof(long) - 1) & ~(sizeof(long) - 1);
214 #else
215 /* XXX Round up to structure boundary. */
216 n = ALIGN(n);
217 #endif
218
219 cp = &chunks[cur_chunk];
220 if (n > cp->n_left) {
221 ++cp, k = ++cur_chunk;
222 if (k >= NCHUNKS)
223 bpf_error("out of memory");
224 size = CHUNK0SIZE << k;
225 cp->m = (void *)malloc(size);
226 memset((char *)cp->m, 0, size);
227 cp->n_left = size;
228 if (n > size)
229 bpf_error("out of memory");
230 }
231 cp->n_left -= n;
232 return (void *)((char *)cp->m + cp->n_left);
233 }
234
235 static void
236 freechunks()
237 {
238 int i;
239
240 cur_chunk = 0;
241 for (i = 0; i < NCHUNKS; ++i)
242 if (chunks[i].m != NULL) {
243 free(chunks[i].m);
244 chunks[i].m = NULL;
245 }
246 }
247
248 /*
249 * A strdup whose allocations are freed after code generation is over.
250 */
251 char *
252 sdup(s)
253 register const char *s;
254 {
255 int n = strlen(s) + 1;
256 char *cp = newchunk(n);
257
258 strlcpy(cp, s, n);
259 return (cp);
260 }
261
262 static inline struct block *
263 new_block(code)
264 int code;
265 {
266 struct block *p;
267
268 p = (struct block *)newchunk(sizeof(*p));
269 p->s.code = code;
270 p->head = p;
271
272 return p;
273 }
274
275 static inline struct slist *
276 new_stmt(code)
277 int code;
278 {
279 struct slist *p;
280
281 p = (struct slist *)newchunk(sizeof(*p));
282 p->s.code = code;
283
284 return p;
285 }
286
287 static struct block *
288 gen_retblk(v)
289 int v;
290 {
291 struct block *b = new_block(BPF_RET|BPF_K);
292
293 b->s.k = v;
294 return b;
295 }
296
297 static inline void
298 syntax()
299 {
300 bpf_error("syntax error in filter expression");
301 }
302
303 static bpf_u_int32 netmask;
304 static int snaplen;
305 int no_optimize;
306
307 int
308 pcap_compile(pcap_t *p, struct bpf_program *program,
309 char *buf, int optimize, bpf_u_int32 mask)
310 {
311 extern int n_errors;
312 int len;
313
314 no_optimize = 0;
315 n_errors = 0;
316 root = NULL;
317 bpf_pcap = p;
318 if (setjmp(top_ctx)) {
319 lex_cleanup();
320 freechunks();
321 return (-1);
322 }
323
324 netmask = mask;
325
326 snaplen = pcap_snapshot(p);
327 if (snaplen == 0) {
328 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
329 "snaplen of 0 rejects all packets");
330 return -1;
331 }
332
333 lex_init(buf ? buf : "");
334 init_linktype(pcap_datalink(p));
335 (void)pcap_parse();
336
337 if (n_errors)
338 syntax();
339
340 if (root == NULL)
341 root = gen_retblk(snaplen);
342
343 if (optimize && !no_optimize) {
344 bpf_optimize(&root);
345 if (root == NULL ||
346 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0))
347 bpf_error("expression rejects all packets");
348 }
349 program->bf_insns = icode_to_fcode(root, &len);
350 program->bf_len = len;
351
352 lex_cleanup();
353 freechunks();
354 return (0);
355 }
356
357 /*
358 * entry point for using the compiler with no pcap open
359 * pass in all the stuff that is needed explicitly instead.
360 */
361 int
362 pcap_compile_nopcap(int snaplen_arg, int linktype_arg,
363 struct bpf_program *program,
364 char *buf, int optimize, bpf_u_int32 mask)
365 {
366 pcap_t *p;
367 int ret;
368
369 p = pcap_open_dead(linktype_arg, snaplen_arg);
370 if (p == NULL)
371 return (-1);
372 ret = pcap_compile(p, program, buf, optimize, mask);
373 pcap_close(p);
374 return (ret);
375 }
376
377 /*
378 * Clean up a "struct bpf_program" by freeing all the memory allocated
379 * in it.
380 */
381 void
382 pcap_freecode(struct bpf_program *program)
383 {
384 program->bf_len = 0;
385 if (program->bf_insns != NULL) {
386 free((char *)program->bf_insns);
387 program->bf_insns = NULL;
388 }
389 }
390
391 /*
392 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates
393 * which of the jt and jf fields has been resolved and which is a pointer
394 * back to another unresolved block (or nil). At least one of the fields
395 * in each block is already resolved.
396 */
397 static void
398 backpatch(list, target)
399 struct block *list, *target;
400 {
401 struct block *next;
402
403 while (list) {
404 if (!list->sense) {
405 next = JT(list);
406 JT(list) = target;
407 } else {
408 next = JF(list);
409 JF(list) = target;
410 }
411 list = next;
412 }
413 }
414
415 /*
416 * Merge the lists in b0 and b1, using the 'sense' field to indicate
417 * which of jt and jf is the link.
418 */
419 static void
420 merge(b0, b1)
421 struct block *b0, *b1;
422 {
423 register struct block **p = &b0;
424
425 /* Find end of list. */
426 while (*p)
427 p = !((*p)->sense) ? &JT(*p) : &JF(*p);
428
429 /* Concatenate the lists. */
430 *p = b1;
431 }
432
433 void
434 finish_parse(p)
435 struct block *p;
436 {
437 backpatch(p, gen_retblk(snaplen));
438 p->sense = !p->sense;
439 backpatch(p, gen_retblk(0));
440 root = p->head;
441 }
442
443 void
444 gen_and(b0, b1)
445 struct block *b0, *b1;
446 {
447 backpatch(b0, b1->head);
448 b0->sense = !b0->sense;
449 b1->sense = !b1->sense;
450 merge(b1, b0);
451 b1->sense = !b1->sense;
452 b1->head = b0->head;
453 }
454
455 void
456 gen_or(b0, b1)
457 struct block *b0, *b1;
458 {
459 b0->sense = !b0->sense;
460 backpatch(b0, b1->head);
461 b0->sense = !b0->sense;
462 merge(b1, b0);
463 b1->head = b0->head;
464 }
465
466 void
467 gen_not(b)
468 struct block *b;
469 {
470 b->sense = !b->sense;
471 }
472
473 static struct block *
474 gen_cmp(offset, size, v)
475 u_int offset, size;
476 bpf_int32 v;
477 {
478 struct slist *s;
479 struct block *b;
480
481 s = new_stmt(BPF_LD|BPF_ABS|size);
482 s->s.k = offset;
483
484 b = new_block(JMP(BPF_JEQ));
485 b->stmts = s;
486 b->s.k = v;
487
488 return b;
489 }
490
491 static struct block *
492 gen_cmp_gt(offset, size, v)
493 u_int offset, size;
494 bpf_int32 v;
495 {
496 struct slist *s;
497 struct block *b;
498
499 s = new_stmt(BPF_LD|BPF_ABS|size);
500 s->s.k = offset;
501
502 b = new_block(JMP(BPF_JGT));
503 b->stmts = s;
504 b->s.k = v;
505
506 return b;
507 }
508
509 static struct block *
510 gen_mcmp(offset, size, v, mask)
511 u_int offset, size;
512 bpf_int32 v;
513 bpf_u_int32 mask;
514 {
515 struct block *b = gen_cmp(offset, size, v);
516 struct slist *s;
517
518 if (mask != 0xffffffff) {
519 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
520 s->s.k = mask;
521 b->stmts->next = s;
522 }
523 return b;
524 }
525
526 static struct block *
527 gen_bcmp(offset, size, v)
528 register u_int offset, size;
529 register const u_char *v;
530 {
531 register struct block *b, *tmp;
532
533 b = NULL;
534 while (size >= 4) {
535 register const u_char *p = &v[size - 4];
536 bpf_int32 w = ((bpf_int32)p[0] << 24) |
537 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3];
538
539 tmp = gen_cmp(offset + size - 4, BPF_W, w);
540 if (b != NULL)
541 gen_and(b, tmp);
542 b = tmp;
543 size -= 4;
544 }
545 while (size >= 2) {
546 register const u_char *p = &v[size - 2];
547 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1];
548
549 tmp = gen_cmp(offset + size - 2, BPF_H, w);
550 if (b != NULL)
551 gen_and(b, tmp);
552 b = tmp;
553 size -= 2;
554 }
555 if (size > 0) {
556 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]);
557 if (b != NULL)
558 gen_and(b, tmp);
559 b = tmp;
560 }
561 return b;
562 }
563
564 static struct block *
565 gen_ncmp(datasize, offset, mask, jtype, jvalue, reverse)
566 bpf_u_int32 datasize, offset, mask, jtype, jvalue;
567 int reverse;
568 {
569 struct slist *s;
570 struct block *b;
571
572 s = new_stmt(BPF_LD|datasize|BPF_ABS);
573 s->s.k = offset;
574
575 if (mask != 0xffffffff) {
576 s->next = new_stmt(BPF_ALU|BPF_AND|BPF_K);
577 s->next->s.k = mask;
578 }
579
580 b = new_block(JMP(jtype));
581 b->stmts = s;
582 b->s.k = jvalue;
583 if (reverse && (jtype == BPF_JGT || jtype == BPF_JGE))
584 gen_not(b);
585 return b;
586 }
587
588 /*
589 * Various code constructs need to know the layout of the data link
590 * layer. These variables give the necessary offsets.
591 */
592
593 /*
594 * "off_linktype" is the offset to information in the link-layer header
595 * giving the packet type.
596 *
597 * For Ethernet, it's the offset of the Ethernet type field.
598 *
599 * For link-layer types that always use 802.2 headers, it's the
600 * offset of the LLC header.
601 *
602 * For PPP, it's the offset of the PPP type field.
603 *
604 * For Cisco HDLC, it's the offset of the CHDLC type field.
605 *
606 * For BSD loopback, it's the offset of the AF_ value.
607 *
608 * For Linux cooked sockets, it's the offset of the type field.
609 *
610 * It's set to -1 for no encapsulation, in which case, IP is assumed.
611 */
612 static u_int off_linktype;
613
614 /*
615 * TRUE if the link layer includes an ATM pseudo-header.
616 */
617 static int is_atm = 0;
618
619 /*
620 * These are offsets for the ATM pseudo-header.
621 */
622 static u_int off_vpi;
623 static u_int off_vci;
624 static u_int off_proto;
625
626 /*
627 * This is the offset to the message type for Q.2931 messages.
628 */
629 static u_int off_msg_type;
630
631 /*
632 * These are offsets to the beginning of the network-layer header.
633 *
634 * If the link layer never uses 802.2 LLC:
635 *
636 * "off_nl" and "off_nl_nosnap" are the same.
637 *
638 * If the link layer always uses 802.2 LLC:
639 *
640 * "off_nl" is the offset if there's a SNAP header following
641 * the 802.2 header;
642 *
643 * "off_nl_nosnap" is the offset if there's no SNAP header.
644 *
645 * If the link layer is Ethernet:
646 *
647 * "off_nl" is the offset if the packet is an Ethernet II packet
648 * (we assume no 802.3+802.2+SNAP);
649 *
650 * "off_nl_nosnap" is the offset if the packet is an 802.3 packet
651 * with an 802.2 header following it.
652 */
653 static u_int off_nl;
654 static u_int off_nl_nosnap;
655
656 static int linktype;
657
658 static void
659 init_linktype(type)
660 int type;
661 {
662 linktype = type;
663
664 /*
665 * Assume it's not raw ATM with a pseudo-header, for now.
666 */
667 is_atm = 0;
668 off_vpi = -1;
669 off_vci = -1;
670 off_proto = -1;
671 off_msg_type = -1;
672
673 orig_linktype = -1;
674 orig_nl = -1;
675 orig_nl_nosnap = -1;
676
677 switch (type) {
678
679 case DLT_ARCNET:
680 off_linktype = 2;
681 off_nl = 6; /* XXX in reality, variable! */
682 off_nl_nosnap = 6; /* no 802.2 LLC */
683 return;
684
685 case DLT_EN10MB:
686 off_linktype = 12;
687 off_nl = 14; /* Ethernet II */
688 off_nl_nosnap = 17; /* 802.3+802.2 */
689 return;
690
691 case DLT_SLIP:
692 /*
693 * SLIP doesn't have a link level type. The 16 byte
694 * header is hacked into our SLIP driver.
695 */
696 off_linktype = -1;
697 off_nl = 16;
698 off_nl_nosnap = 16; /* no 802.2 LLC */
699 return;
700
701 case DLT_SLIP_BSDOS:
702 /* XXX this may be the same as the DLT_PPP_BSDOS case */
703 off_linktype = -1;
704 /* XXX end */
705 off_nl = 24;
706 off_nl_nosnap = 24; /* no 802.2 LLC */
707 return;
708
709 case DLT_NULL:
710 case DLT_LOOP:
711 off_linktype = 0;
712 off_nl = 4;
713 off_nl_nosnap = 4; /* no 802.2 LLC */
714 return;
715
716 case DLT_PPP:
717 case DLT_C_HDLC: /* BSD/OS Cisco HDLC */
718 case DLT_PPP_SERIAL: /* NetBSD sync/async serial PPP */
719 off_linktype = 2;
720 off_nl = 4;
721 off_nl_nosnap = 4; /* no 802.2 LLC */
722 return;
723
724 case DLT_PPP_ETHER:
725 /*
726 * This does no include the Ethernet header, and
727 * only covers session state.
728 */
729 off_linktype = 6;
730 off_nl = 8;
731 off_nl_nosnap = 8; /* no 802.2 LLC */
732 return;
733
734 case DLT_PPP_BSDOS:
735 off_linktype = 5;
736 off_nl = 24;
737 off_nl_nosnap = 24; /* no 802.2 LLC */
738 return;
739
740 case DLT_FDDI:
741 /*
742 * FDDI doesn't really have a link-level type field.
743 * We set "off_linktype" to the offset of the LLC header.
744 *
745 * To check for Ethernet types, we assume that SSAP = SNAP
746 * is being used and pick out the encapsulated Ethernet type.
747 * XXX - should we generate code to check for SNAP?
748 */
749 off_linktype = 13;
750 #ifdef PCAP_FDDIPAD
751 off_linktype += pcap_fddipad;
752 #endif
753 off_nl = 21; /* FDDI+802.2+SNAP */
754 off_nl_nosnap = 16; /* FDDI+802.2 */
755 #ifdef PCAP_FDDIPAD
756 off_nl += pcap_fddipad;
757 off_nl_nosnap += pcap_fddipad;
758 #endif
759 return;
760
761 case DLT_IEEE802:
762 /*
763 * Token Ring doesn't really have a link-level type field.
764 * We set "off_linktype" to the offset of the LLC header.
765 *
766 * To check for Ethernet types, we assume that SSAP = SNAP
767 * is being used and pick out the encapsulated Ethernet type.
768 * XXX - should we generate code to check for SNAP?
769 *
770 * XXX - the header is actually variable-length.
771 * Some various Linux patched versions gave 38
772 * as "off_linktype" and 40 as "off_nl"; however,
773 * if a token ring packet has *no* routing
774 * information, i.e. is not source-routed, the correct
775 * values are 20 and 22, as they are in the vanilla code.
776 *
777 * A packet is source-routed iff the uppermost bit
778 * of the first byte of the source address, at an
779 * offset of 8, has the uppermost bit set. If the
780 * packet is source-routed, the total number of bytes
781 * of routing information is 2 plus bits 0x1F00 of
782 * the 16-bit value at an offset of 14 (shifted right
783 * 8 - figure out which byte that is).
784 */
785 off_linktype = 14;
786 off_nl = 22; /* Token Ring+802.2+SNAP */
787 off_nl_nosnap = 17; /* Token Ring+802.2 */
788 return;
789
790 case DLT_IEEE802_11:
791 /*
792 * 802.11 doesn't really have a link-level type field.
793 * We set "off_linktype" to the offset of the LLC header.
794 *
795 * To check for Ethernet types, we assume that SSAP = SNAP
796 * is being used and pick out the encapsulated Ethernet type.
797 * XXX - should we generate code to check for SNAP?
798 *
799 * XXX - the header is actually variable-length. We
800 * assume a 24-byte link-layer header, as appears in
801 * data frames in networks with no bridges.
802 */
803 off_linktype = 24;
804 off_nl = 32; /* 802.11+802.2+SNAP */
805 off_nl_nosnap = 27; /* 802.11+802.2 */
806 return;
807
808 case DLT_PRISM_HEADER:
809 /*
810 * Same as 802.11, but with an additional header before
811 * the 802.11 header, containing a bunch of additional
812 * information including radio-level information.
813 *
814 * The header is 144 bytes long.
815 *
816 * XXX - same variable-length header problem; at least
817 * the Prism header is fixed-length.
818 */
819 off_linktype = 144+24;
820 off_nl = 144+32; /* Prism+802.11+802.2+SNAP */
821 off_nl_nosnap = 144+27; /* Prism+802.11+802.2 */
822 return;
823
824 case DLT_ATM_RFC1483:
825 case DLT_ATM_CLIP: /* Linux ATM defines this */
826 /*
827 * assume routed, non-ISO PDUs
828 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00)
829 */
830 off_linktype = 0;
831 off_nl = 8; /* 802.2+SNAP */
832 off_nl_nosnap = 3; /* 802.2 */
833 return;
834
835 case DLT_SUNATM:
836 /*
837 * Full Frontal ATM; you get AALn PDUs with an ATM
838 * pseudo-header.
839 */
840 is_atm = 1;
841 off_linktype = SUNATM_PKT_BEGIN_POS;
842 off_vpi = SUNATM_VPI_POS;
843 off_vci = SUNATM_VCI_POS;
844 off_proto = PROTO_POS;
845 off_msg_type = SUNATM_PKT_BEGIN_POS+MSG_TYPE_POS;
846 off_nl = SUNATM_PKT_BEGIN_POS+8; /* 802.2+SNAP */
847 off_nl_nosnap = SUNATM_PKT_BEGIN_POS+3; /* 802.2 */
848 return;
849
850 case DLT_RAW:
851 off_linktype = -1;
852 off_nl = 0;
853 off_nl_nosnap = 0; /* no 802.2 LLC */
854 return;
855
856 case DLT_LINUX_SLL: /* fake header for Linux cooked socket */
857 off_linktype = 14;
858 off_nl = 16;
859 off_nl_nosnap = 16; /* no 802.2 LLC */
860 return;
861
862 case DLT_LTALK:
863 /*
864 * LocalTalk does have a 1-byte type field in the LLAP header,
865 * but really it just indicates whether there is a "short" or
866 * "long" DDP packet following.
867 */
868 off_linktype = -1;
869 off_nl = 0;
870 off_nl_nosnap = 0; /* no 802.2 LLC */
871 return;
872
873 case DLT_FRELAY:
874 /*
875 * XXX - we should set this to handle SNAP-encapsulated
876 * frames (NLPID of 0x80).
877 */
878 off_linktype = -1;
879 off_nl = 0;
880 off_nl_nosnap = 0; /* no 802.2 LLC */
881 return;
882 }
883 bpf_error("unknown data link type %d", linktype);
884 /* NOTREACHED */
885 }
886
887 static struct block *
888 gen_uncond(rsense)
889 int rsense;
890 {
891 struct block *b;
892 struct slist *s;
893
894 s = new_stmt(BPF_LD|BPF_IMM);
895 s->s.k = !rsense;
896 b = new_block(JMP(BPF_JEQ));
897 b->stmts = s;
898
899 return b;
900 }
901
902 static inline struct block *
903 gen_true()
904 {
905 return gen_uncond(1);
906 }
907
908 static inline struct block *
909 gen_false()
910 {
911 return gen_uncond(0);
912 }
913
914 /*
915 * Byte-swap a 32-bit number.
916 * ("htonl()" or "ntohl()" won't work - we want to byte-swap even on
917 * big-endian platforms.)
918 */
919 #define SWAPLONG(y) \
920 ((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff))
921
922 static struct block *
923 gen_linktype(proto)
924 register int proto;
925 {
926 struct block *b0, *b1, *b2;
927
928 switch (linktype) {
929
930 case DLT_EN10MB:
931 switch (proto) {
932
933 case LLCSAP_ISONS:
934 /*
935 * OSI protocols always use 802.2 encapsulation.
936 * XXX - should we check both the DSAP and the
937 * SSAP, like this, or should we check just the
938 * DSAP?
939 */
940 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
941 gen_not(b0);
942 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
943 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
944 gen_and(b0, b1);
945 return b1;
946
947 case LLCSAP_NETBEUI:
948 /*
949 * NetBEUI always uses 802.2 encapsulation.
950 * XXX - should we check both the DSAP and the
951 * SSAP, like this, or should we check just the
952 * DSAP?
953 */
954 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
955 gen_not(b0);
956 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
957 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
958 gen_and(b0, b1);
959 return b1;
960
961 case LLCSAP_IPX:
962 /*
963 * Check for;
964 *
965 * Ethernet_II frames, which are Ethernet
966 * frames with a frame type of ETHERTYPE_IPX;
967 *
968 * Ethernet_802.3 frames, which are 802.3
969 * frames (i.e., the type/length field is
970 * a length field, <= ETHERMTU, rather than
971 * a type field) with the first two bytes
972 * after the Ethernet/802.3 header being
973 * 0xFFFF;
974 *
975 * Ethernet_802.2 frames, which are 802.3
976 * frames with an 802.2 LLC header and
977 * with the IPX LSAP as the DSAP in the LLC
978 * header;
979 *
980 * Ethernet_SNAP frames, which are 802.3
981 * frames with an LLC header and a SNAP
982 * header and with an OUI of 0x000000
983 * (encapsulated Ethernet) and a protocol
984 * ID of ETHERTYPE_IPX in the SNAP header.
985 *
986 * XXX - should we generate the same code both
987 * for tests for LLCSAP_IPX and for ETHERTYPE_IPX?
988 */
989
990 /*
991 * This generates code to check both for the
992 * IPX LSAP (Ethernet_802.2) and for Ethernet_802.3.
993 */
994 b0 = gen_cmp(off_linktype + 2, BPF_B,
995 (bpf_int32)LLCSAP_IPX);
996 b1 = gen_cmp(off_linktype + 2, BPF_H,
997 (bpf_int32)0xFFFF);
998 gen_or(b0, b1);
999
1000 /*
1001 * Now we add code to check for SNAP frames with
1002 * ETHERTYPE_IPX, i.e. Ethernet_SNAP.
1003 */
1004 b0 = gen_snap(0x000000, ETHERTYPE_IPX, 14);
1005 gen_or(b0, b1);
1006
1007 /*
1008 * Now we generate code to check for 802.3
1009 * frames in general.
1010 */
1011 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1012 gen_not(b0);
1013
1014 /*
1015 * Now add the check for 802.3 frames before the
1016 * check for Ethernet_802.2 and Ethernet_802.3,
1017 * as those checks should only be done on 802.3
1018 * frames, not on Ethernet frames.
1019 */
1020 gen_and(b0, b1);
1021
1022 /*
1023 * Now add the check for Ethernet_II frames, and
1024 * do that before checking for the other frame
1025 * types.
1026 */
1027 b0 = gen_cmp(off_linktype, BPF_H,
1028 (bpf_int32)ETHERTYPE_IPX);
1029 gen_or(b0, b1);
1030 return b1;
1031
1032 case ETHERTYPE_ATALK:
1033 case ETHERTYPE_AARP:
1034 /*
1035 * EtherTalk (AppleTalk protocols on Ethernet link
1036 * layer) may use 802.2 encapsulation.
1037 */
1038
1039 /*
1040 * Check for 802.2 encapsulation (EtherTalk phase 2?);
1041 * we check for an Ethernet type field less than
1042 * 1500, which means it's an 802.3 length field.
1043 */
1044 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1045 gen_not(b0);
1046
1047 /*
1048 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1049 * SNAP packets with an organization code of
1050 * 0x080007 (Apple, for Appletalk) and a protocol
1051 * type of ETHERTYPE_ATALK (Appletalk).
1052 *
1053 * 802.2-encapsulated ETHERTYPE_AARP packets are
1054 * SNAP packets with an organization code of
1055 * 0x000000 (encapsulated Ethernet) and a protocol
1056 * type of ETHERTYPE_AARP (Appletalk ARP).
1057 */
1058 if (proto == ETHERTYPE_ATALK)
1059 b1 = gen_snap(0x080007, ETHERTYPE_ATALK, 14);
1060 else /* proto == ETHERTYPE_AARP */
1061 b1 = gen_snap(0x000000, ETHERTYPE_AARP, 14);
1062 gen_and(b0, b1);
1063
1064 /*
1065 * Check for Ethernet encapsulation (Ethertalk
1066 * phase 1?); we just check for the Ethernet
1067 * protocol type.
1068 */
1069 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1070
1071 gen_or(b0, b1);
1072 return b1;
1073
1074 default:
1075 if (proto <= ETHERMTU) {
1076 /*
1077 * This is an LLC SAP value, so the frames
1078 * that match would be 802.2 frames.
1079 * Check that the frame is an 802.2 frame
1080 * (i.e., that the length/type field is
1081 * a length field, <= ETHERMTU) and
1082 * then check the DSAP.
1083 */
1084 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1085 gen_not(b0);
1086 b1 = gen_cmp(off_linktype + 2, BPF_B,
1087 (bpf_int32)proto);
1088 gen_and(b0, b1);
1089 return b1;
1090 } else {
1091 /*
1092 * This is an Ethernet type, so compare
1093 * the length/type field with it (if
1094 * the frame is an 802.2 frame, the length
1095 * field will be <= ETHERMTU, and, as
1096 * "proto" is > ETHERMTU, this test
1097 * will fail and the frame won't match,
1098 * which is what we want).
1099 */
1100 return gen_cmp(off_linktype, BPF_H,
1101 (bpf_int32)proto);
1102 }
1103 }
1104 break;
1105
1106 case DLT_IEEE802_11:
1107 case DLT_PRISM_HEADER:
1108 case DLT_FDDI:
1109 case DLT_IEEE802:
1110 case DLT_ATM_RFC1483:
1111 case DLT_ATM_CLIP:
1112 return gen_llc(proto);
1113 break;
1114
1115 case DLT_SUNATM:
1116 /*
1117 * Check for LLC encapsulation and then check the protocol.
1118 * XXX - also check for LANE and then check for an Ethernet
1119 * type?
1120 */
1121 b0 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0);
1122 b1 = gen_llc(proto);
1123 gen_and(b0, b1);
1124 return b1;
1125
1126 case DLT_LINUX_SLL:
1127 switch (proto) {
1128
1129 case LLCSAP_ISONS:
1130 /*
1131 * OSI protocols always use 802.2 encapsulation.
1132 * XXX - should we check both the DSAP and the
1133 * LSAP, like this, or should we check just the
1134 * DSAP?
1135 */
1136 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1137 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1138 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
1139 gen_and(b0, b1);
1140 return b1;
1141
1142 case LLCSAP_NETBEUI:
1143 /*
1144 * NetBEUI always uses 802.2 encapsulation.
1145 * XXX - should we check both the DSAP and the
1146 * LSAP, like this, or should we check just the
1147 * DSAP?
1148 */
1149 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1150 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1151 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
1152 gen_and(b0, b1);
1153 return b1;
1154
1155 case LLCSAP_IPX:
1156 /*
1157 * Ethernet_II frames, which are Ethernet
1158 * frames with a frame type of ETHERTYPE_IPX;
1159 *
1160 * Ethernet_802.3 frames, which have a frame
1161 * type of LINUX_SLL_P_802_3;
1162 *
1163 * Ethernet_802.2 frames, which are 802.3
1164 * frames with an 802.2 LLC header (i.e, have
1165 * a frame type of LINUX_SLL_P_802_2) and
1166 * with the IPX LSAP as the DSAP in the LLC
1167 * header;
1168 *
1169 * Ethernet_SNAP frames, which are 802.3
1170 * frames with an LLC header and a SNAP
1171 * header and with an OUI of 0x000000
1172 * (encapsulated Ethernet) and a protocol
1173 * ID of ETHERTYPE_IPX in the SNAP header.
1174 *
1175 * First, do the checks on LINUX_SLL_P_802_2
1176 * frames; generate the check for either
1177 * Ethernet_802.2 or Ethernet_SNAP frames, and
1178 * then put a check for LINUX_SLL_P_802_2 frames
1179 * before it.
1180 */
1181 b0 = gen_cmp(off_linktype + 2, BPF_B,
1182 (bpf_int32)LLCSAP_IPX);
1183 b1 = gen_snap(0x000000, ETHERTYPE_IPX,
1184 off_linktype + 2);
1185 gen_or(b0, b1);
1186 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1187 gen_and(b0, b1);
1188
1189 /*
1190 * Now check for 802.3 frames and OR that with
1191 * the previous test.
1192 */
1193 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_3);
1194 gen_or(b0, b1);
1195
1196 /*
1197 * Now add the check for Ethernet_II frames, and
1198 * do that before checking for the other frame
1199 * types.
1200 */
1201 b0 = gen_cmp(off_linktype, BPF_H,
1202 (bpf_int32)ETHERTYPE_IPX);
1203 gen_or(b0, b1);
1204 return b1;
1205
1206 case ETHERTYPE_ATALK:
1207 case ETHERTYPE_AARP:
1208 /*
1209 * EtherTalk (AppleTalk protocols on Ethernet link
1210 * layer) may use 802.2 encapsulation.
1211 */
1212
1213 /*
1214 * Check for 802.2 encapsulation (EtherTalk phase 2?);
1215 * we check for the 802.2 protocol type in the
1216 * "Ethernet type" field.
1217 */
1218 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1219
1220 /*
1221 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1222 * SNAP packets with an organization code of
1223 * 0x080007 (Apple, for Appletalk) and a protocol
1224 * type of ETHERTYPE_ATALK (Appletalk).
1225 *
1226 * 802.2-encapsulated ETHERTYPE_AARP packets are
1227 * SNAP packets with an organization code of
1228 * 0x000000 (encapsulated Ethernet) and a protocol
1229 * type of ETHERTYPE_AARP (Appletalk ARP).
1230 */
1231 if (proto == ETHERTYPE_ATALK)
1232 b1 = gen_snap(0x080007, ETHERTYPE_ATALK,
1233 off_linktype + 2);
1234 else /* proto == ETHERTYPE_AARP */
1235 b1 = gen_snap(0x000000, ETHERTYPE_AARP,
1236 off_linktype + 2);
1237 gen_and(b0, b1);
1238
1239 /*
1240 * Check for Ethernet encapsulation (Ethertalk
1241 * phase 1?); we just check for the Ethernet
1242 * protocol type.
1243 */
1244 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1245
1246 gen_or(b0, b1);
1247 return b1;
1248
1249 default:
1250 if (proto <= ETHERMTU) {
1251 /*
1252 * This is an LLC SAP value, so the frames
1253 * that match would be 802.2 frames.
1254 * Check for the 802.2 protocol type
1255 * in the "Ethernet type" field, and
1256 * then check the DSAP.
1257 */
1258 b0 = gen_cmp(off_linktype, BPF_H,
1259 LINUX_SLL_P_802_2);
1260 b1 = gen_cmp(off_linktype + 2, BPF_B,
1261 (bpf_int32)proto);
1262 gen_and(b0, b1);
1263 return b1;
1264 } else {
1265 /*
1266 * This is an Ethernet type, so compare
1267 * the length/type field with it (if
1268 * the frame is an 802.2 frame, the length
1269 * field will be <= ETHERMTU, and, as
1270 * "proto" is > ETHERMTU, this test
1271 * will fail and the frame won't match,
1272 * which is what we want).
1273 */
1274 return gen_cmp(off_linktype, BPF_H,
1275 (bpf_int32)proto);
1276 }
1277 }
1278 break;
1279
1280 case DLT_SLIP:
1281 case DLT_SLIP_BSDOS:
1282 case DLT_RAW:
1283 /*
1284 * These types don't provide any type field; packets
1285 * are always IP.
1286 *
1287 * XXX - for IPv4, check for a version number of 4, and,
1288 * for IPv6, check for a version number of 6?
1289 */
1290 switch (proto) {
1291
1292 case ETHERTYPE_IP:
1293 #ifdef INET6
1294 case ETHERTYPE_IPV6:
1295 #endif
1296 return gen_true(); /* always true */
1297
1298 default:
1299 return gen_false(); /* always false */
1300 }
1301 break;
1302
1303 case DLT_PPP:
1304 case DLT_PPP_SERIAL:
1305 case DLT_PPP_ETHER:
1306 /*
1307 * We use Ethernet protocol types inside libpcap;
1308 * map them to the corresponding PPP protocol types.
1309 */
1310 switch (proto) {
1311
1312 case ETHERTYPE_IP:
1313 proto = PPP_IP; /* XXX was 0x21 */
1314 break;
1315
1316 #ifdef INET6
1317 case ETHERTYPE_IPV6:
1318 proto = PPP_IPV6;
1319 break;
1320 #endif
1321
1322 case ETHERTYPE_DN:
1323 proto = PPP_DECNET;
1324 break;
1325
1326 case ETHERTYPE_ATALK:
1327 proto = PPP_APPLE;
1328 break;
1329
1330 case ETHERTYPE_NS:
1331 proto = PPP_NS;
1332 break;
1333
1334 case LLCSAP_ISONS:
1335 proto = PPP_OSI;
1336 break;
1337
1338 case LLCSAP_8021D:
1339 /*
1340 * I'm assuming the "Bridging PDU"s that go
1341 * over PPP are Spanning Tree Protocol
1342 * Bridging PDUs.
1343 */
1344 proto = PPP_BRPDU;
1345 break;
1346
1347 case LLCSAP_IPX:
1348 proto = PPP_IPX;
1349 break;
1350 }
1351 break;
1352
1353 case DLT_PPP_BSDOS:
1354 /*
1355 * We use Ethernet protocol types inside libpcap;
1356 * map them to the corresponding PPP protocol types.
1357 */
1358 switch (proto) {
1359
1360 case ETHERTYPE_IP:
1361 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP);
1362 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC);
1363 gen_or(b0, b1);
1364 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC);
1365 gen_or(b1, b0);
1366 return b0;
1367
1368 #ifdef INET6
1369 case ETHERTYPE_IPV6:
1370 proto = PPP_IPV6;
1371 /* more to go? */
1372 break;
1373 #endif
1374
1375 case ETHERTYPE_DN:
1376 proto = PPP_DECNET;
1377 break;
1378
1379 case ETHERTYPE_ATALK:
1380 proto = PPP_APPLE;
1381 break;
1382
1383 case ETHERTYPE_NS:
1384 proto = PPP_NS;
1385 break;
1386
1387 case LLCSAP_ISONS:
1388 proto = PPP_OSI;
1389 break;
1390
1391 case LLCSAP_8021D:
1392 /*
1393 * I'm assuming the "Bridging PDU"s that go
1394 * over PPP are Spanning Tree Protocol
1395 * Bridging PDUs.
1396 */
1397 proto = PPP_BRPDU;
1398 break;
1399
1400 case LLCSAP_IPX:
1401 proto = PPP_IPX;
1402 break;
1403 }
1404 break;
1405
1406 case DLT_NULL:
1407 case DLT_LOOP:
1408 /*
1409 * For DLT_NULL, the link-layer header is a 32-bit
1410 * word containing an AF_ value in *host* byte order.
1411 *
1412 * In addition, if we're reading a saved capture file,
1413 * the host byte order in the capture may not be the
1414 * same as the host byte order on this machine.
1415 *
1416 * For DLT_LOOP, the link-layer header is a 32-bit
1417 * word containing an AF_ value in *network* byte order.
1418 *
1419 * XXX - AF_ values may, unfortunately, be platform-
1420 * dependent; for example, FreeBSD's AF_INET6 is 24
1421 * whilst NetBSD's and OpenBSD's is 26.
1422 *
1423 * This means that, when reading a capture file, just
1424 * checking for our AF_INET6 value won't work if the
1425 * capture file came from another OS.
1426 */
1427 switch (proto) {
1428
1429 case ETHERTYPE_IP:
1430 proto = AF_INET;
1431 break;
1432
1433 #ifdef INET6
1434 case ETHERTYPE_IPV6:
1435 proto = AF_INET6;
1436 break;
1437 #endif
1438
1439 default:
1440 /*
1441 * Not a type on which we support filtering.
1442 * XXX - support those that have AF_ values
1443 * #defined on this platform, at least?
1444 */
1445 return gen_false();
1446 }
1447
1448 if (linktype == DLT_NULL) {
1449 /*
1450 * The AF_ value is in host byte order, but
1451 * the BPF interpreter will convert it to
1452 * network byte order.
1453 *
1454 * If this is a save file, and it's from a
1455 * machine with the opposite byte order to
1456 * ours, we byte-swap the AF_ value.
1457 *
1458 * Then we run it through "htonl()", and
1459 * generate code to compare against the result.
1460 */
1461 if (bpf_pcap->sf.rfile != NULL &&
1462 bpf_pcap->sf.swapped)
1463 proto = SWAPLONG(proto);
1464 proto = htonl(proto);
1465 }
1466 return (gen_cmp(0, BPF_W, (bpf_int32)proto));
1467
1468 case DLT_ARCNET:
1469 /*
1470 * XXX should we check for first fragment if the protocol
1471 * uses PHDS?
1472 */
1473 switch(proto) {
1474 default:
1475 return gen_false();
1476 #ifdef INET6
1477 case ETHERTYPE_IPV6:
1478 return(gen_cmp(2, BPF_B,
1479 (bpf_int32)htonl(ARCTYPE_INET6)));
1480 #endif /* INET6 */
1481 case ETHERTYPE_IP:
1482 b0 = gen_cmp(2, BPF_B, (bpf_int32)htonl(ARCTYPE_IP));
1483 b1 = gen_cmp(2, BPF_B,
1484 (bpf_int32)htonl(ARCTYPE_IP_OLD));
1485 gen_or(b0, b1);
1486 return(b1);
1487 case ETHERTYPE_ARP:
1488 b0 = gen_cmp(2, BPF_B, (bpf_int32)htonl(ARCTYPE_ARP));
1489 b1 = gen_cmp(2, BPF_B,
1490 (bpf_int32)htonl(ARCTYPE_ARP_OLD));
1491 gen_or(b0, b1);
1492 return(b1);
1493 case ETHERTYPE_REVARP:
1494 return(gen_cmp(2, BPF_B,
1495 (bpf_int32)htonl(ARCTYPE_REVARP)));
1496 case ETHERTYPE_ATALK:
1497 return(gen_cmp(2, BPF_B,
1498 (bpf_int32)htonl(ARCTYPE_ATALK)));
1499 }
1500 break;
1501
1502 case DLT_LTALK:
1503 switch (proto) {
1504 case ETHERTYPE_ATALK:
1505 return gen_true();
1506 default:
1507 return gen_false();
1508 }
1509 break;
1510
1511 case DLT_FRELAY:
1512 /*
1513 * XXX - assumes a 2-byte Frame Relay header with
1514 * DLCI and flags. What if the address is longer?
1515 */
1516 switch (proto) {
1517
1518 case ETHERTYPE_IP:
1519 /*
1520 * Check for the special NLPID for IP.
1521 */
1522 return gen_cmp(2, BPF_H, (0x03<<8) | 0xcc);
1523
1524 #ifdef INET6
1525 case ETHERTYPE_IPV6:
1526 /*
1527 * Check for the special NLPID for IPv6.
1528 */
1529 return gen_cmp(2, BPF_H, (0x03<<8) | 0x8e);
1530 #endif
1531
1532 case LLCSAP_ISONS:
1533 /*
1534 * Check for several OSI protocols.
1535 *
1536 * Frame Relay packets typically have an OSI
1537 * NLPID at the beginning; we check for each
1538 * of them.
1539 *
1540 * What we check for is the NLPID and a frame
1541 * control field of UI, i.e. 0x03 followed
1542 * by the NLPID.
1543 */
1544 b0 = gen_cmp(2, BPF_H, (0x03<<8) | ISO8473_CLNP);
1545 b1 = gen_cmp(2, BPF_H, (0x03<<8) | ISO9542_ESIS);
1546 b2 = gen_cmp(2, BPF_H, (0x03<<8) | ISO10589_ISIS);
1547 gen_or(b1, b2);
1548 gen_or(b0, b2);
1549 return b2;
1550
1551 default:
1552 return gen_false();
1553 }
1554 break;
1555 }
1556
1557 /*
1558 * All the types that have no encapsulation should either be
1559 * handled as DLT_SLIP, DLT_SLIP_BSDOS, and DLT_RAW are, if
1560 * all packets are IP packets, or should be handled in some
1561 * special case, if none of them are (if some are and some
1562 * aren't, the lack of encapsulation is a problem, as we'd
1563 * have to find some other way of determining the packet type).
1564 *
1565 * Therefore, if "off_linktype" is -1, there's an error.
1566 */
1567 if (off_linktype == -1)
1568 abort();
1569
1570 /*
1571 * Any type not handled above should always have an Ethernet
1572 * type at an offset of "off_linktype". (PPP is partially
1573 * handled above - the protocol type is mapped from the
1574 * Ethernet and LLC types we use internally to the corresponding
1575 * PPP type - but the PPP type is always specified by a value
1576 * at "off_linktype", so we don't have to do the code generation
1577 * above.)
1578 */
1579 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1580 }
1581
1582 /*
1583 * Check for an LLC SNAP packet with a given organization code and
1584 * protocol type; we check the entire contents of the 802.2 LLC and
1585 * snap headers, checking for DSAP and SSAP of SNAP and a control
1586 * field of 0x03 in the LLC header, and for the specified organization
1587 * code and protocol type in the SNAP header.
1588 */
1589 static struct block *
1590 gen_snap(orgcode, ptype, offset)
1591 bpf_u_int32 orgcode;
1592 bpf_u_int32 ptype;
1593 u_int offset;
1594 {
1595 u_char snapblock[8];
1596
1597 snapblock[0] = LLCSAP_SNAP; /* DSAP = SNAP */
1598 snapblock[1] = LLCSAP_SNAP; /* SSAP = SNAP */
1599 snapblock[2] = 0x03; /* control = UI */
1600 snapblock[3] = (orgcode >> 16); /* upper 8 bits of organization code */
1601 snapblock[4] = (orgcode >> 8); /* middle 8 bits of organization code */
1602 snapblock[5] = (orgcode >> 0); /* lower 8 bits of organization code */
1603 snapblock[6] = (ptype >> 8); /* upper 8 bits of protocol type */
1604 snapblock[7] = (ptype >> 0); /* lower 8 bits of protocol type */
1605 return gen_bcmp(offset, 8, snapblock);
1606 }
1607
1608 /*
1609 * Check for a given protocol value assuming an 802.2 LLC header.
1610 */
1611 static struct block *
1612 gen_llc(proto)
1613 int proto;
1614 {
1615 /*
1616 * XXX - handle token-ring variable-length header.
1617 */
1618 switch (proto) {
1619
1620 case LLCSAP_ISONS:
1621 return gen_cmp(off_linktype, BPF_H, (long)
1622 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
1623
1624 case LLCSAP_NETBEUI:
1625 return gen_cmp(off_linktype, BPF_H, (long)
1626 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
1627
1628 case LLCSAP_IPX:
1629 /*
1630 * XXX - are there ever SNAP frames for IPX on
1631 * non-Ethernet 802.x networks?
1632 */
1633 return gen_cmp(off_linktype, BPF_B, (bpf_int32)LLCSAP_IPX);
1634
1635 case ETHERTYPE_ATALK:
1636 /*
1637 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1638 * SNAP packets with an organization code of
1639 * 0x080007 (Apple, for Appletalk) and a protocol
1640 * type of ETHERTYPE_ATALK (Appletalk).
1641 *
1642 * XXX - check for an organization code of
1643 * encapsulated Ethernet as well?
1644 */
1645 return gen_snap(0x080007, ETHERTYPE_ATALK, off_linktype);
1646
1647 default:
1648 /*
1649 * XXX - we don't have to check for IPX 802.3
1650 * here, but should we check for the IPX Ethertype?
1651 */
1652 if (proto <= ETHERMTU) {
1653 /*
1654 * This is an LLC SAP value, so check
1655 * the DSAP.
1656 */
1657 return gen_cmp(off_linktype, BPF_B, (bpf_int32)proto);
1658 } else {
1659 /*
1660 * This is an Ethernet type; we assume that it's
1661 * unlikely that it'll appear in the right place
1662 * at random, and therefore check only the
1663 * location that would hold the Ethernet type
1664 * in a SNAP frame with an organization code of
1665 * 0x000000 (encapsulated Ethernet).
1666 *
1667 * XXX - if we were to check for the SNAP DSAP and
1668 * LSAP, as per XXX, and were also to check for an
1669 * organization code of 0x000000 (encapsulated
1670 * Ethernet), we'd do
1671 *
1672 * return gen_snap(0x000000, proto,
1673 * off_linktype);
1674 *
1675 * here; for now, we don't, as per the above.
1676 * I don't know whether it's worth the extra CPU
1677 * time to do the right check or not.
1678 */
1679 return gen_cmp(off_linktype+6, BPF_H, (bpf_int32)proto);
1680 }
1681 }
1682 }
1683
1684 static struct block *
1685 gen_hostop(addr, mask, dir, proto, src_off, dst_off)
1686 bpf_u_int32 addr;
1687 bpf_u_int32 mask;
1688 int dir, proto;
1689 u_int src_off, dst_off;
1690 {
1691 struct block *b0, *b1;
1692 u_int offset;
1693
1694 switch (dir) {
1695
1696 case Q_SRC:
1697 offset = src_off;
1698 break;
1699
1700 case Q_DST:
1701 offset = dst_off;
1702 break;
1703
1704 case Q_AND:
1705 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
1706 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
1707 gen_and(b0, b1);
1708 return b1;
1709
1710 case Q_OR:
1711 case Q_DEFAULT:
1712 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
1713 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
1714 gen_or(b0, b1);
1715 return b1;
1716
1717 default:
1718 abort();
1719 }
1720 b0 = gen_linktype(proto);
1721 b1 = gen_mcmp(offset, BPF_W, (bpf_int32)addr, mask);
1722 gen_and(b0, b1);
1723 return b1;
1724 }
1725
1726 #ifdef INET6
1727 static struct block *
1728 gen_hostop6(addr, mask, dir, proto, src_off, dst_off)
1729 struct in6_addr *addr;
1730 struct in6_addr *mask;
1731 int dir, proto;
1732 u_int src_off, dst_off;
1733 {
1734 struct block *b0, *b1;
1735 u_int offset;
1736 u_int32_t *a, *m;
1737
1738 switch (dir) {
1739
1740 case Q_SRC:
1741 offset = src_off;
1742 break;
1743
1744 case Q_DST:
1745 offset = dst_off;
1746 break;
1747
1748 case Q_AND:
1749 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
1750 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
1751 gen_and(b0, b1);
1752 return b1;
1753
1754 case Q_OR:
1755 case Q_DEFAULT:
1756 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
1757 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
1758 gen_or(b0, b1);
1759 return b1;
1760
1761 default:
1762 abort();
1763 }
1764 /* this order is important */
1765 a = (u_int32_t *)addr;
1766 m = (u_int32_t *)mask;
1767 b1 = gen_mcmp(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3]));
1768 b0 = gen_mcmp(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2]));
1769 gen_and(b0, b1);
1770 b0 = gen_mcmp(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1]));
1771 gen_and(b0, b1);
1772 b0 = gen_mcmp(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0]));
1773 gen_and(b0, b1);
1774 b0 = gen_linktype(proto);
1775 gen_and(b0, b1);
1776 return b1;
1777 }
1778 #endif /*INET6*/
1779
1780 static struct block *
1781 gen_ehostop(eaddr, dir)
1782 register const u_char *eaddr;
1783 register int dir;
1784 {
1785 register struct block *b0, *b1;
1786
1787 switch (dir) {
1788 case Q_SRC:
1789 return gen_bcmp(6, 6, eaddr);
1790
1791 case Q_DST:
1792 return gen_bcmp(0, 6, eaddr);
1793
1794 case Q_AND:
1795 b0 = gen_ehostop(eaddr, Q_SRC);
1796 b1 = gen_ehostop(eaddr, Q_DST);
1797 gen_and(b0, b1);
1798 return b1;
1799
1800 case Q_DEFAULT:
1801 case Q_OR:
1802 b0 = gen_ehostop(eaddr, Q_SRC);
1803 b1 = gen_ehostop(eaddr, Q_DST);
1804 gen_or(b0, b1);
1805 return b1;
1806 }
1807 abort();
1808 /* NOTREACHED */
1809 }
1810
1811 /*
1812 * Like gen_ehostop, but for DLT_FDDI
1813 */
1814 static struct block *
1815 gen_fhostop(eaddr, dir)
1816 register const u_char *eaddr;
1817 register int dir;
1818 {
1819 struct block *b0, *b1;
1820
1821 switch (dir) {
1822 case Q_SRC:
1823 #ifdef PCAP_FDDIPAD
1824 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr);
1825 #else
1826 return gen_bcmp(6 + 1, 6, eaddr);
1827 #endif
1828
1829 case Q_DST:
1830 #ifdef PCAP_FDDIPAD
1831 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr);
1832 #else
1833 return gen_bcmp(0 + 1, 6, eaddr);
1834 #endif
1835
1836 case Q_AND:
1837 b0 = gen_fhostop(eaddr, Q_SRC);
1838 b1 = gen_fhostop(eaddr, Q_DST);
1839 gen_and(b0, b1);
1840 return b1;
1841
1842 case Q_DEFAULT:
1843 case Q_OR:
1844 b0 = gen_fhostop(eaddr, Q_SRC);
1845 b1 = gen_fhostop(eaddr, Q_DST);
1846 gen_or(b0, b1);
1847 return b1;
1848 }
1849 abort();
1850 /* NOTREACHED */
1851 }
1852
1853 /*
1854 * Like gen_ehostop, but for DLT_IEEE802 (Token Ring)
1855 */
1856 static struct block *
1857 gen_thostop(eaddr, dir)
1858 register const u_char *eaddr;
1859 register int dir;
1860 {
1861 register struct block *b0, *b1;
1862
1863 switch (dir) {
1864 case Q_SRC:
1865 return gen_bcmp(8, 6, eaddr);
1866
1867 case Q_DST:
1868 return gen_bcmp(2, 6, eaddr);
1869
1870 case Q_AND:
1871 b0 = gen_thostop(eaddr, Q_SRC);
1872 b1 = gen_thostop(eaddr, Q_DST);
1873 gen_and(b0, b1);
1874 return b1;
1875
1876 case Q_DEFAULT:
1877 case Q_OR:
1878 b0 = gen_thostop(eaddr, Q_SRC);
1879 b1 = gen_thostop(eaddr, Q_DST);
1880 gen_or(b0, b1);
1881 return b1;
1882 }
1883 abort();
1884 /* NOTREACHED */
1885 }
1886
1887 /*
1888 * Like gen_ehostop, but for DLT_IEEE802_11 (802.11 wireless LAN)
1889 */
1890 static struct block *
1891 gen_wlanhostop(eaddr, dir)
1892 register const u_char *eaddr;
1893 register int dir;
1894 {
1895 register struct block *b0, *b1, *b2, *b3;
1896 register struct slist *s;
1897
1898 switch (dir) {
1899 case Q_SRC:
1900 /*
1901 * Oh, yuk.
1902 *
1903 * For control frames, there is no SA.
1904 *
1905 * For management frames, SA is at an
1906 * offset of 10 from the beginning of
1907 * the packet.
1908 *
1909 * For data frames, SA is at an offset
1910 * of 10 from the beginning of the packet
1911 * if From DS is clear, at an offset of
1912 * 16 from the beginning of the packet
1913 * if From DS is set and To DS is clear,
1914 * and an offset of 24 from the beginning
1915 * of the packet if From DS is set and To DS
1916 * is set.
1917 */
1918
1919 /*
1920 * If the low-order bit of the type value is 1,
1921 * this is either a control frame or a frame
1922 * with a reserved type, and thus not a
1923 * frame with an SA.
1924 *
1925 * I.e., first check "!(link[0] & 0x04)".
1926 */
1927 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
1928 s->s.k = 0;
1929 b0 = new_block(JMP(BPF_JSET));
1930 b0->s.k = 0x04;
1931 b0->stmts = s;
1932 gen_not(b0);
1933
1934 /*
1935 * If the high-order bit of the type value is 0, this
1936 * is a management frame.
1937 * I.e, check "!(link[0] & 0x08)".
1938 */
1939 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
1940 s->s.k = 0;
1941 b2 = new_block(JMP(BPF_JSET));
1942 b2->s.k = 0x08;
1943 b2->stmts = s;
1944 gen_not(b2);
1945
1946 /*
1947 * For management frames, test the SA at 10.
1948 */
1949 b1 = gen_bcmp(10, 6, eaddr);
1950 gen_and(b2, b1);
1951 b3 = b1;
1952
1953 /*
1954 * If the high-order bit of the type value is 0, this
1955 * is a data frame; check From DS.
1956 *
1957 * I.e., check "(link[0] & 0x08) && !(link[1] & 0x02)".
1958 */
1959 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
1960 s->s.k = 0;
1961 b1 = new_block(JMP(BPF_JSET));
1962 b1->s.k = 0x08;
1963 b1->stmts = s;
1964
1965 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
1966 s->s.k = 1;
1967 b2 = new_block(JMP(BPF_JSET));
1968 b2->s.k = 0x02; /* From DS */
1969 b2->stmts = s;
1970 gen_not(b2);
1971 gen_and(b1, b2);
1972
1973 /*
1974 * For data frames with From DS not set, test the SA at 10;
1975 * then combine that test with the management frame test.
1976 */
1977 b1 = gen_bcmp(10, 6, eaddr);
1978 gen_and(b2, b1);
1979 gen_or(b3, b1);
1980 b3 = b1;
1981
1982 /*
1983 * Now, check for a data frame with From DS set and
1984 * To DS not set.
1985 *
1986 * I.e., check "(link[0] & 0x08) && (link[1] & 0x02)
1987 * && !(link[1] & 0x01)".
1988 */
1989 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
1990 s->s.k = 0;
1991 b1 = new_block(JMP(BPF_JSET));
1992 b1->s.k = 0x08;
1993 b1->stmts = s;
1994
1995 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
1996 s->s.k = 1;
1997 b2 = new_block(JMP(BPF_JSET));
1998 b2->s.k = 0x02; /* From DS */
1999 b2->stmts = s;
2000 gen_and(b1, b2);
2001 b1 = b2;
2002
2003 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2004 s->s.k = 1;
2005 b2 = new_block(JMP(BPF_JSET));
2006 b2->s.k = 0x01; /* To DS */
2007 b2->stmts = s;
2008 gen_not(b2);
2009 gen_and(b1, b2); /* Data && From DS and not To DS */
2010
2011 /*
2012 * Test the SA at 16, and OR the previous SA tests
2013 * with it.
2014 */
2015 b1 = gen_bcmp(16, 6, eaddr);
2016 gen_and(b2, b1);
2017 gen_or(b3, b1);
2018 b3 = b1;
2019
2020 /*
2021 * And now for a data frame with From DS set and To DS set.
2022 */
2023 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2024 s->s.k = 0;
2025 b1 = new_block(JMP(BPF_JSET));
2026 b1->s.k = 0x08;
2027 b1->stmts = s;
2028
2029 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2030 s->s.k = 1;
2031 b2 = new_block(JMP(BPF_JSET));
2032 b2->s.k = 0x02; /* From DS */
2033 b2->stmts = s;
2034 gen_and(b1, b2);
2035 b1 = b2;
2036
2037 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2038 s->s.k = 1;
2039 b2 = new_block(JMP(BPF_JSET));
2040 b2->s.k = 0x01; /* To DS */
2041 b2->stmts = s;
2042 gen_and(b1, b2); /* Data && From DS and To DS */
2043
2044 /*
2045 * Test the SA at 24, and OR the previous SA tests
2046 * with it.
2047 */
2048 b1 = gen_bcmp(24, 6, eaddr);
2049 gen_and(b2, b1);
2050 gen_or(b3, b1);
2051
2052 gen_and(b0, b1);
2053 return b1;
2054
2055 case Q_DST:
2056 /*
2057 * Oh, yuk.
2058 *
2059 * For control frames, there is no DA.
2060 *
2061 * For management frames, DA is at an
2062 * offset of 4 from the beginning of
2063 * the packet.
2064 *
2065 * For data frames, DA is at an offset
2066 * of 4 from the beginning of the packet
2067 * if To DS is clear and at an offset of
2068 * 16 from the beginning of the packet
2069 * if To DS is set.
2070 */
2071
2072 /*
2073 * If the low-order bit of the type value is 1,
2074 * this is either a control frame or a frame
2075 * with a reserved type, and thus not a
2076 * frame with a DA.
2077 *
2078 * I.e., first check "!(link[0] & 0x04)".
2079 */
2080 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2081 s->s.k = 0;
2082 b0 = new_block(JMP(BPF_JSET));
2083 b0->s.k = 0x04;
2084 b0->stmts = s;
2085 gen_not(b0);
2086
2087 /*
2088 * If the high-order bit of the type value is 0, this
2089 * is a management frame.
2090 * I.e, check "!(link[0] & 0x08)".
2091 */
2092 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2093 s->s.k = 0;
2094 b2 = new_block(JMP(BPF_JSET));
2095 b2->s.k = 0x08;
2096 b2->stmts = s;
2097 gen_not(b2);
2098
2099 /*
2100 * For management frames, test the DA at 4.
2101 */
2102 b1 = gen_bcmp(4, 6, eaddr);
2103 gen_and(b2, b1);
2104 b3 = b1;
2105
2106 /*
2107 * If the high-order bit of the type value is 0, this
2108 * is a data frame; check To DS.
2109 *
2110 * I.e., check "(link[0] & 0x08) && !(link[1] & 0x01)".
2111 */
2112 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2113 s->s.k = 0;
2114 b1 = new_block(JMP(BPF_JSET));
2115 b1->s.k = 0x08;
2116 b1->stmts = s;
2117
2118 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2119 s->s.k = 1;
2120 b2 = new_block(JMP(BPF_JSET));
2121 b2->s.k = 0x01; /* To DS */
2122 b2->stmts = s;
2123 gen_not(b2);
2124 gen_and(b1, b2);
2125
2126 /*
2127 * For data frames with To DS not set, test the DA at 4;
2128 * then combine that test with the management frame test.
2129 */
2130 b1 = gen_bcmp(4, 6, eaddr);
2131 gen_and(b2, b1);
2132 gen_or(b3, b1);
2133 b3 = b1;
2134
2135 /*
2136 * Now, check for a data frame with To DS set.
2137 *
2138 * I.e., check "(link[0] & 0x08) && (link[1] & 0x01)".
2139 */
2140 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2141 s->s.k = 0;
2142 b1 = new_block(JMP(BPF_JSET));
2143 b1->s.k = 0x08;
2144 b1->stmts = s;
2145
2146 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2147 s->s.k = 1;
2148 b2 = new_block(JMP(BPF_JSET));
2149 b2->s.k = 0x01; /* To DS */
2150 b2->stmts = s;
2151 gen_and(b1, b2);
2152
2153 /*
2154 * Test the DA at 16, and OR the previous DA tests
2155 * with it.
2156 */
2157 b1 = gen_bcmp(16, 6, eaddr);
2158 gen_and(b2, b1);
2159 gen_or(b3, b1);
2160
2161 gen_and(b0, b1);
2162 return b1;
2163
2164 case Q_AND:
2165 b0 = gen_wlanhostop(eaddr, Q_SRC);
2166 b1 = gen_wlanhostop(eaddr, Q_DST);
2167 gen_and(b0, b1);
2168 return b1;
2169
2170 case Q_DEFAULT:
2171 case Q_OR:
2172 b0 = gen_wlanhostop(eaddr, Q_SRC);
2173 b1 = gen_wlanhostop(eaddr, Q_DST);
2174 gen_or(b0, b1);
2175 return b1;
2176 }
2177 abort();
2178 /* NOTREACHED */
2179 }
2180
2181 /*
2182 * This is quite tricky because there may be pad bytes in front of the
2183 * DECNET header, and then there are two possible data packet formats that
2184 * carry both src and dst addresses, plus 5 packet types in a format that
2185 * carries only the src node, plus 2 types that use a different format and
2186 * also carry just the src node.
2187 *
2188 * Yuck.
2189 *
2190 * Instead of doing those all right, we just look for data packets with
2191 * 0 or 1 bytes of padding. If you want to look at other packets, that
2192 * will require a lot more hacking.
2193 *
2194 * To add support for filtering on DECNET "areas" (network numbers)
2195 * one would want to add a "mask" argument to this routine. That would
2196 * make the filter even more inefficient, although one could be clever
2197 * and not generate masking instructions if the mask is 0xFFFF.
2198 */
2199 static struct block *
2200 gen_dnhostop(addr, dir, base_off)
2201 bpf_u_int32 addr;
2202 int dir;
2203 u_int base_off;
2204 {
2205 struct block *b0, *b1, *b2, *tmp;
2206 u_int offset_lh; /* offset if long header is received */
2207 u_int offset_sh; /* offset if short header is received */
2208
2209 switch (dir) {
2210
2211 case Q_DST:
2212 offset_sh = 1; /* follows flags */
2213 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */
2214 break;
2215
2216 case Q_SRC:
2217 offset_sh = 3; /* follows flags, dstnode */
2218 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */
2219 break;
2220
2221 case Q_AND:
2222 /* Inefficient because we do our Calvinball dance twice */
2223 b0 = gen_dnhostop(addr, Q_SRC, base_off);
2224 b1 = gen_dnhostop(addr, Q_DST, base_off);
2225 gen_and(b0, b1);
2226 return b1;
2227
2228 case Q_OR:
2229 case Q_DEFAULT:
2230 /* Inefficient because we do our Calvinball dance twice */
2231 b0 = gen_dnhostop(addr, Q_SRC, base_off);
2232 b1 = gen_dnhostop(addr, Q_DST, base_off);
2233 gen_or(b0, b1);
2234 return b1;
2235
2236 case Q_ISO:
2237 bpf_error("ISO host filtering not implemented");
2238
2239 default:
2240 abort();
2241 }
2242 b0 = gen_linktype(ETHERTYPE_DN);
2243 /* Check for pad = 1, long header case */
2244 tmp = gen_mcmp(base_off + 2, BPF_H,
2245 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF));
2246 b1 = gen_cmp(base_off + 2 + 1 + offset_lh,
2247 BPF_H, (bpf_int32)ntohs(addr));
2248 gen_and(tmp, b1);
2249 /* Check for pad = 0, long header case */
2250 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7);
2251 b2 = gen_cmp(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr));
2252 gen_and(tmp, b2);
2253 gen_or(b2, b1);
2254 /* Check for pad = 1, short header case */
2255 tmp = gen_mcmp(base_off + 2, BPF_H,
2256 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF));
2257 b2 = gen_cmp(base_off + 2 + 1 + offset_sh,
2258 BPF_H, (bpf_int32)ntohs(addr));
2259 gen_and(tmp, b2);
2260 gen_or(b2, b1);
2261 /* Check for pad = 0, short header case */
2262 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7);
2263 b2 = gen_cmp(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr));
2264 gen_and(tmp, b2);
2265 gen_or(b2, b1);
2266
2267 /* Combine with test for linktype */
2268 gen_and(b0, b1);
2269 return b1;
2270 }
2271
2272 static struct block *
2273 gen_host(addr, mask, proto, dir)
2274 bpf_u_int32 addr;
2275 bpf_u_int32 mask;
2276 int proto;
2277 int dir;
2278 {
2279 struct block *b0, *b1;
2280
2281 switch (proto) {
2282
2283 case Q_DEFAULT:
2284 b0 = gen_host(addr, mask, Q_IP, dir);
2285 if (off_linktype != -1) {
2286 b1 = gen_host(addr, mask, Q_ARP, dir);
2287 gen_or(b0, b1);
2288 b0 = gen_host(addr, mask, Q_RARP, dir);
2289 gen_or(b1, b0);
2290 }
2291 return b0;
2292
2293 case Q_IP:
2294 return gen_hostop(addr, mask, dir, ETHERTYPE_IP,
2295 off_nl + 12, off_nl + 16);
2296
2297 case Q_RARP:
2298 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP,
2299 off_nl + 14, off_nl + 24);
2300
2301 case Q_ARP:
2302 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP,
2303 off_nl + 14, off_nl + 24);
2304
2305 case Q_TCP:
2306 bpf_error("'tcp' modifier applied to host");
2307
2308 case Q_SCTP:
2309 bpf_error("'sctp' modifier applied to host");
2310
2311 case Q_UDP:
2312 bpf_error("'udp' modifier applied to host");
2313
2314 case Q_ICMP:
2315 bpf_error("'icmp' modifier applied to host");
2316
2317 case Q_IGMP:
2318 bpf_error("'igmp' modifier applied to host");
2319
2320 case Q_IGRP:
2321 bpf_error("'igrp' modifier applied to host");
2322
2323 case Q_PIM:
2324 bpf_error("'pim' modifier applied to host");
2325
2326 case Q_VRRP:
2327 bpf_error("'vrrp' modifier applied to host");
2328
2329 case Q_ATALK:
2330 bpf_error("ATALK host filtering not implemented");
2331
2332 case Q_AARP:
2333 bpf_error("AARP host filtering not implemented");
2334
2335 case Q_DECNET:
2336 return gen_dnhostop(addr, dir, off_nl);
2337
2338 case Q_SCA:
2339 bpf_error("SCA host filtering not implemented");
2340
2341 case Q_LAT:
2342 bpf_error("LAT host filtering not implemented");
2343
2344 case Q_MOPDL:
2345 bpf_error("MOPDL host filtering not implemented");
2346
2347 case Q_MOPRC:
2348 bpf_error("MOPRC host filtering not implemented");
2349
2350 #ifdef INET6
2351 case Q_IPV6:
2352 bpf_error("'ip6' modifier applied to ip host");
2353
2354 case Q_ICMPV6:
2355 bpf_error("'icmp6' modifier applied to host");
2356 #endif /* INET6 */
2357
2358 case Q_AH:
2359 bpf_error("'ah' modifier applied to host");
2360
2361 case Q_ESP:
2362 bpf_error("'esp' modifier applied to host");
2363
2364 case Q_ISO:
2365 bpf_error("ISO host filtering not implemented");
2366
2367 case Q_ESIS:
2368 bpf_error("'esis' modifier applied to host");
2369
2370 case Q_ISIS:
2371 bpf_error("'isis' modifier applied to host");
2372
2373 case Q_CLNP:
2374 bpf_error("'clnp' modifier applied to host");
2375
2376 case Q_STP:
2377 bpf_error("'stp' modifier applied to host");
2378
2379 case Q_IPX:
2380 bpf_error("IPX host filtering not implemented");
2381
2382 case Q_NETBEUI:
2383 bpf_error("'netbeui' modifier applied to host");
2384
2385 default:
2386 abort();
2387 }
2388 /* NOTREACHED */
2389 }
2390
2391 #ifdef INET6
2392 static struct block *
2393 gen_host6(addr, mask, proto, dir)
2394 struct in6_addr *addr;
2395 struct in6_addr *mask;
2396 int proto;
2397 int dir;
2398 {
2399 switch (proto) {
2400
2401 case Q_DEFAULT:
2402 return gen_host6(addr, mask, Q_IPV6, dir);
2403
2404 case Q_IP:
2405 bpf_error("'ip' modifier applied to ip6 host");
2406
2407 case Q_RARP:
2408 bpf_error("'rarp' modifier applied to ip6 host");
2409
2410 case Q_ARP:
2411 bpf_error("'arp' modifier applied to ip6 host");
2412
2413 case Q_SCTP:
2414 bpf_error("'sctp' modifier applied to host");
2415
2416 case Q_TCP:
2417 bpf_error("'tcp' modifier applied to host");
2418
2419 case Q_UDP:
2420 bpf_error("'udp' modifier applied to host");
2421
2422 case Q_ICMP:
2423 bpf_error("'icmp' modifier applied to host");
2424
2425 case Q_IGMP:
2426 bpf_error("'igmp' modifier applied to host");
2427
2428 case Q_IGRP:
2429 bpf_error("'igrp' modifier applied to host");
2430
2431 case Q_PIM:
2432 bpf_error("'pim' modifier applied to host");
2433
2434 case Q_VRRP:
2435 bpf_error("'vrrp' modifier applied to host");
2436
2437 case Q_ATALK:
2438 bpf_error("ATALK host filtering not implemented");
2439
2440 case Q_AARP:
2441 bpf_error("AARP host filtering not implemented");
2442
2443 case Q_DECNET:
2444 bpf_error("'decnet' modifier applied to ip6 host");
2445
2446 case Q_SCA:
2447 bpf_error("SCA host filtering not implemented");
2448
2449 case Q_LAT:
2450 bpf_error("LAT host filtering not implemented");
2451
2452 case Q_MOPDL:
2453 bpf_error("MOPDL host filtering not implemented");
2454
2455 case Q_MOPRC:
2456 bpf_error("MOPRC host filtering not implemented");
2457
2458 case Q_IPV6:
2459 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6,
2460 off_nl + 8, off_nl + 24);
2461
2462 case Q_ICMPV6:
2463 bpf_error("'icmp6' modifier applied to host");
2464
2465 case Q_AH:
2466 bpf_error("'ah' modifier applied to host");
2467
2468 case Q_ESP:
2469 bpf_error("'esp' modifier applied to host");
2470
2471 case Q_ISO:
2472 bpf_error("ISO host filtering not implemented");
2473
2474 case Q_ESIS:
2475 bpf_error("'esis' modifier applied to host");
2476
2477 case Q_ISIS:
2478 bpf_error("'isis' modifier applied to host");
2479
2480 case Q_CLNP:
2481 bpf_error("'clnp' modifier applied to host");
2482
2483 case Q_STP:
2484 bpf_error("'stp' modifier applied to host");
2485
2486 case Q_IPX:
2487 bpf_error("IPX host filtering not implemented");
2488
2489 case Q_NETBEUI:
2490 bpf_error("'netbeui' modifier applied to host");
2491
2492 default:
2493 abort();
2494 }
2495 /* NOTREACHED */
2496 }
2497 #endif /*INET6*/
2498
2499 #ifndef INET6
2500 static struct block *
2501 gen_gateway(eaddr, alist, proto, dir)
2502 const u_char *eaddr;
2503 bpf_u_int32 **alist;
2504 int proto;
2505 int dir;
2506 {
2507 struct block *b0, *b1, *tmp;
2508
2509 if (dir != 0)
2510 bpf_error("direction applied to 'gateway'");
2511
2512 switch (proto) {
2513 case Q_DEFAULT:
2514 case Q_IP:
2515 case Q_ARP:
2516 case Q_RARP:
2517 if (linktype == DLT_EN10MB)
2518 b0 = gen_ehostop(eaddr, Q_OR);
2519 else if (linktype == DLT_FDDI)
2520 b0 = gen_fhostop(eaddr, Q_OR);
2521 else if (linktype == DLT_IEEE802)
2522 b0 = gen_thostop(eaddr, Q_OR);
2523 else if (linktype == DLT_IEEE802_11)
2524 b0 = gen_wlanhostop(eaddr, Q_OR);
2525 else
2526 bpf_error(
2527 "'gateway' supported only on ethernet/FDDI/token ring/802.11");
2528
2529 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR);
2530 while (*alist) {
2531 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR);
2532 gen_or(b1, tmp);
2533 b1 = tmp;
2534 }
2535 gen_not(b1);
2536 gen_and(b0, b1);
2537 return b1;
2538 }
2539 bpf_error("illegal modifier of 'gateway'");
2540 /* NOTREACHED */
2541 }
2542 #endif
2543
2544 struct block *
2545 gen_proto_abbrev(proto)
2546 int proto;
2547 {
2548 #ifdef INET6
2549 struct block *b0;
2550 #endif
2551 struct block *b1;
2552
2553 switch (proto) {
2554
2555 case Q_SCTP:
2556 b1 = gen_proto(IPPROTO_SCTP, Q_IP, Q_DEFAULT);
2557 #ifdef INET6
2558 b0 = gen_proto(IPPROTO_SCTP, Q_IPV6, Q_DEFAULT);
2559 gen_or(b0, b1);
2560 #endif
2561 break;
2562
2563 case Q_TCP:
2564 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT);
2565 #ifdef INET6
2566 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT);
2567 gen_or(b0, b1);
2568 #endif
2569 break;
2570
2571 case Q_UDP:
2572 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT);
2573 #ifdef INET6
2574 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT);
2575 gen_or(b0, b1);
2576 #endif
2577 break;
2578
2579 case Q_ICMP:
2580 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT);
2581 break;
2582
2583 #ifndef IPPROTO_IGMP
2584 #define IPPROTO_IGMP 2
2585 #endif
2586
2587 case Q_IGMP:
2588 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT);
2589 break;
2590
2591 #ifndef IPPROTO_IGRP
2592 #define IPPROTO_IGRP 9
2593 #endif
2594 case Q_IGRP:
2595 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT);
2596 break;
2597
2598 #ifndef IPPROTO_PIM
2599 #define IPPROTO_PIM 103
2600 #endif
2601
2602 case Q_PIM:
2603 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT);
2604 #ifdef INET6
2605 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT);
2606 gen_or(b0, b1);
2607 #endif
2608 break;
2609
2610 #ifndef IPPROTO_VRRP
2611 #define IPPROTO_VRRP 112
2612 #endif
2613
2614 case Q_VRRP:
2615 b1 = gen_proto(IPPROTO_VRRP, Q_IP, Q_DEFAULT);
2616 break;
2617
2618 case Q_IP:
2619 b1 = gen_linktype(ETHERTYPE_IP);
2620 break;
2621
2622 case Q_ARP:
2623 b1 = gen_linktype(ETHERTYPE_ARP);
2624 break;
2625
2626 case Q_RARP:
2627 b1 = gen_linktype(ETHERTYPE_REVARP);
2628 break;
2629
2630 case Q_LINK:
2631 bpf_error("link layer applied in wrong context");
2632
2633 case Q_ATALK:
2634 b1 = gen_linktype(ETHERTYPE_ATALK);
2635 break;
2636
2637 case Q_AARP:
2638 b1 = gen_linktype(ETHERTYPE_AARP);
2639 break;
2640
2641 case Q_DECNET:
2642 b1 = gen_linktype(ETHERTYPE_DN);
2643 break;
2644
2645 case Q_SCA:
2646 b1 = gen_linktype(ETHERTYPE_SCA);
2647 break;
2648
2649 case Q_LAT:
2650 b1 = gen_linktype(ETHERTYPE_LAT);
2651 break;
2652
2653 case Q_MOPDL:
2654 b1 = gen_linktype(ETHERTYPE_MOPDL);
2655 break;
2656
2657 case Q_MOPRC:
2658 b1 = gen_linktype(ETHERTYPE_MOPRC);
2659 break;
2660
2661 #ifdef INET6
2662 case Q_IPV6:
2663 b1 = gen_linktype(ETHERTYPE_IPV6);
2664 break;
2665
2666 #ifndef IPPROTO_ICMPV6
2667 #define IPPROTO_ICMPV6 58
2668 #endif
2669 case Q_ICMPV6:
2670 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT);
2671 break;
2672 #endif /* INET6 */
2673
2674 #ifndef IPPROTO_AH
2675 #define IPPROTO_AH 51
2676 #endif
2677 case Q_AH:
2678 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT);
2679 #ifdef INET6
2680 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT);
2681 gen_or(b0, b1);
2682 #endif
2683 break;
2684
2685 #ifndef IPPROTO_ESP
2686 #define IPPROTO_ESP 50
2687 #endif
2688 case Q_ESP:
2689 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT);
2690 #ifdef INET6
2691 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT);
2692 gen_or(b0, b1);
2693 #endif
2694 break;
2695
2696 case Q_ISO:
2697 b1 = gen_linktype(LLCSAP_ISONS);
2698 break;
2699
2700 case Q_ESIS:
2701 b1 = gen_proto(ISO9542_ESIS, Q_ISO, Q_DEFAULT);
2702 break;
2703
2704 case Q_ISIS:
2705 b1 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT);
2706 break;
2707
2708 case Q_CLNP:
2709 b1 = gen_proto(ISO8473_CLNP, Q_ISO, Q_DEFAULT);
2710 break;
2711
2712 case Q_STP:
2713 b1 = gen_linktype(LLCSAP_8021D);
2714 break;
2715
2716 case Q_IPX:
2717 b1 = gen_linktype(LLCSAP_IPX);
2718 break;
2719
2720 case Q_NETBEUI:
2721 b1 = gen_linktype(LLCSAP_NETBEUI);
2722 break;
2723
2724 default:
2725 abort();
2726 }
2727 return b1;
2728 }
2729
2730 static struct block *
2731 gen_ipfrag()
2732 {
2733 struct slist *s;
2734 struct block *b;
2735
2736 /* not ip frag */
2737 s = new_stmt(BPF_LD|BPF_H|BPF_ABS);
2738 s->s.k = off_nl + 6;
2739 b = new_block(JMP(BPF_JSET));
2740 b->s.k = 0x1fff;
2741 b->stmts = s;
2742 gen_not(b);
2743
2744 return b;
2745 }
2746
2747 static struct block *
2748 gen_portatom(off, v)
2749 int off;
2750 bpf_int32 v;
2751 {
2752 struct slist *s;
2753 struct block *b;
2754
2755 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
2756 s->s.k = off_nl;
2757
2758 s->next = new_stmt(BPF_LD|BPF_IND|BPF_H);
2759 s->next->s.k = off_nl + off;
2760
2761 b = new_block(JMP(BPF_JEQ));
2762 b->stmts = s;
2763 b->s.k = v;
2764
2765 return b;
2766 }
2767
2768 #ifdef INET6
2769 static struct block *
2770 gen_portatom6(off, v)
2771 int off;
2772 bpf_int32 v;
2773 {
2774 return gen_cmp(off_nl + 40 + off, BPF_H, v);
2775 }
2776 #endif/*INET6*/
2777
2778 struct block *
2779 gen_portop(port, proto, dir)
2780 int port, proto, dir;
2781 {
2782 struct block *b0, *b1, *tmp;
2783
2784 /* ip proto 'proto' */
2785 tmp = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)proto);
2786 b0 = gen_ipfrag();
2787 gen_and(tmp, b0);
2788
2789 switch (dir) {
2790 case Q_SRC:
2791 b1 = gen_portatom(0, (bpf_int32)port);
2792 break;
2793
2794 case Q_DST:
2795 b1 = gen_portatom(2, (bpf_int32)port);
2796 break;
2797
2798 case Q_OR:
2799 case Q_DEFAULT:
2800 tmp = gen_portatom(0, (bpf_int32)port);
2801 b1 = gen_portatom(2, (bpf_int32)port);
2802 gen_or(tmp, b1);
2803 break;
2804
2805 case Q_AND:
2806 tmp = gen_portatom(0, (bpf_int32)port);
2807 b1 = gen_portatom(2, (bpf_int32)port);
2808 gen_and(tmp, b1);
2809 break;
2810
2811 default:
2812 abort();
2813 }
2814 gen_and(b0, b1);
2815
2816 return b1;
2817 }
2818
2819 static struct block *
2820 gen_port(port, ip_proto, dir)
2821 int port;
2822 int ip_proto;
2823 int dir;
2824 {
2825 struct block *b0, *b1, *tmp;
2826
2827 /* ether proto ip */
2828 b0 = gen_linktype(ETHERTYPE_IP);
2829
2830 switch (ip_proto) {
2831 case IPPROTO_UDP:
2832 case IPPROTO_TCP:
2833 case IPPROTO_SCTP:
2834 b1 = gen_portop(port, ip_proto, dir);
2835 break;
2836
2837 case PROTO_UNDEF:
2838 tmp = gen_portop(port, IPPROTO_TCP, dir);
2839 b1 = gen_portop(port, IPPROTO_UDP, dir);
2840 gen_or(tmp, b1);
2841 tmp = gen_portop(port, IPPROTO_SCTP, dir);
2842 gen_or(tmp, b1);
2843 break;
2844
2845 default:
2846 abort();
2847 }
2848 gen_and(b0, b1);
2849 return b1;
2850 }
2851
2852 #ifdef INET6
2853 struct block *
2854 gen_portop6(port, proto, dir)
2855 int port, proto, dir;
2856 {
2857 struct block *b0, *b1, *tmp;
2858
2859 /* ip proto 'proto' */
2860 b0 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)proto);
2861
2862 switch (dir) {
2863 case Q_SRC:
2864 b1 = gen_portatom6(0, (bpf_int32)port);
2865 break;
2866
2867 case Q_DST:
2868 b1 = gen_portatom6(2, (bpf_int32)port);
2869 break;
2870
2871 case Q_OR:
2872 case Q_DEFAULT:
2873 tmp = gen_portatom6(0, (bpf_int32)port);
2874 b1 = gen_portatom6(2, (bpf_int32)port);
2875 gen_or(tmp, b1);
2876 break;
2877
2878 case Q_AND:
2879 tmp = gen_portatom6(0, (bpf_int32)port);
2880 b1 = gen_portatom6(2, (bpf_int32)port);
2881 gen_and(tmp, b1);
2882 break;
2883
2884 default:
2885 abort();
2886 }
2887 gen_and(b0, b1);
2888
2889 return b1;
2890 }
2891
2892 static struct block *
2893 gen_port6(port, ip_proto, dir)
2894 int port;
2895 int ip_proto;
2896 int dir;
2897 {
2898 struct block *b0, *b1, *tmp;
2899
2900 /* ether proto ip */
2901 b0 = gen_linktype(ETHERTYPE_IPV6);
2902
2903 switch (ip_proto) {
2904 case IPPROTO_UDP:
2905 case IPPROTO_TCP:
2906 case IPPROTO_SCTP:
2907 b1 = gen_portop6(port, ip_proto, dir);
2908 break;
2909
2910 case PROTO_UNDEF:
2911 tmp = gen_portop6(port, IPPROTO_TCP, dir);
2912 b1 = gen_portop6(port, IPPROTO_UDP, dir);
2913 gen_or(tmp, b1);
2914 tmp = gen_portop6(port, IPPROTO_SCTP, dir);
2915 gen_or(tmp, b1);
2916 break;
2917
2918 default:
2919 abort();
2920 }
2921 gen_and(b0, b1);
2922 return b1;
2923 }
2924 #endif /* INET6 */
2925
2926 static int
2927 lookup_proto(name, proto)
2928 register const char *name;
2929 register int proto;
2930 {
2931 register int v;
2932
2933 switch (proto) {
2934
2935 case Q_DEFAULT:
2936 case Q_IP:
2937 case Q_IPV6:
2938 v = pcap_nametoproto(name);
2939 if (v == PROTO_UNDEF)
2940 bpf_error("unknown ip proto '%s'", name);
2941 break;
2942
2943 case Q_LINK:
2944 /* XXX should look up h/w protocol type based on linktype */
2945 v = pcap_nametoeproto(name);
2946 if (v == PROTO_UNDEF)
2947 bpf_error("unknown ether proto '%s'", name);
2948 break;
2949
2950 case Q_ISO:
2951 if (strcmp(name, "esis") == 0)
2952 v = ISO9542_ESIS;
2953 else if (strcmp(name, "isis") == 0)
2954 v = ISO10589_ISIS;
2955 else if (strcmp(name, "clnp") == 0)
2956 v = ISO8473_CLNP;
2957 else
2958 bpf_error("unknown osi proto '%s'", name);
2959 break;
2960
2961 default:
2962 v = PROTO_UNDEF;
2963 break;
2964 }
2965 return v;
2966 }
2967
2968 #if 0
2969 struct stmt *
2970 gen_joinsp(s, n)
2971 struct stmt **s;
2972 int n;
2973 {
2974 return NULL;
2975 }
2976 #endif
2977
2978 static struct block *
2979 gen_protochain(v, proto, dir)
2980 int v;
2981 int proto;
2982 int dir;
2983 {
2984 #ifdef NO_PROTOCHAIN
2985 return gen_proto(v, proto, dir);
2986 #else
2987 struct block *b0, *b;
2988 struct slist *s[100];
2989 int fix2, fix3, fix4, fix5;
2990 int ahcheck, again, end;
2991 int i, max;
2992 int reg2 = alloc_reg();
2993
2994 memset(s, 0, sizeof(s));
2995 fix2 = fix3 = fix4 = fix5 = 0;
2996
2997 switch (proto) {
2998 case Q_IP:
2999 case Q_IPV6:
3000 break;
3001 case Q_DEFAULT:
3002 b0 = gen_protochain(v, Q_IP, dir);
3003 b = gen_protochain(v, Q_IPV6, dir);
3004 gen_or(b0, b);
3005 return b;
3006 default:
3007 bpf_error("bad protocol applied for 'protochain'");
3008 /*NOTREACHED*/
3009 }
3010
3011 no_optimize = 1; /*this code is not compatible with optimzer yet */
3012
3013 /*
3014 * s[0] is a dummy entry to protect other BPF insn from damaged
3015 * by s[fix] = foo with uninitialized variable "fix". It is somewhat
3016 * hard to find interdependency made by jump table fixup.
3017 */
3018 i = 0;
3019 s[i] = new_stmt(0); /*dummy*/
3020 i++;
3021
3022 switch (proto) {
3023 case Q_IP:
3024 b0 = gen_linktype(ETHERTYPE_IP);
3025
3026 /* A = ip->ip_p */
3027 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
3028 s[i]->s.k = off_nl + 9;
3029 i++;
3030 /* X = ip->ip_hl << 2 */
3031 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
3032 s[i]->s.k = off_nl;
3033 i++;
3034 break;
3035 #ifdef INET6
3036 case Q_IPV6:
3037 b0 = gen_linktype(ETHERTYPE_IPV6);
3038
3039 /* A = ip6->ip_nxt */
3040 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
3041 s[i]->s.k = off_nl + 6;
3042 i++;
3043 /* X = sizeof(struct ip6_hdr) */
3044 s[i] = new_stmt(BPF_LDX|BPF_IMM);
3045 s[i]->s.k = 40;
3046 i++;
3047 break;
3048 #endif
3049 default:
3050 bpf_error("unsupported proto to gen_protochain");
3051 /*NOTREACHED*/
3052 }
3053
3054 /* again: if (A == v) goto end; else fall through; */
3055 again = i;
3056 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3057 s[i]->s.k = v;
3058 s[i]->s.jt = NULL; /*later*/
3059 s[i]->s.jf = NULL; /*update in next stmt*/
3060 fix5 = i;
3061 i++;
3062
3063 #ifndef IPPROTO_NONE
3064 #define IPPROTO_NONE 59
3065 #endif
3066 /* if (A == IPPROTO_NONE) goto end */
3067 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3068 s[i]->s.jt = NULL; /*later*/
3069 s[i]->s.jf = NULL; /*update in next stmt*/
3070 s[i]->s.k = IPPROTO_NONE;
3071 s[fix5]->s.jf = s[i];
3072 fix2 = i;
3073 i++;
3074
3075 #ifdef INET6
3076 if (proto == Q_IPV6) {
3077 int v6start, v6end, v6advance, j;
3078
3079 v6start = i;
3080 /* if (A == IPPROTO_HOPOPTS) goto v6advance */
3081 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3082 s[i]->s.jt = NULL; /*later*/
3083 s[i]->s.jf = NULL; /*update in next stmt*/
3084 s[i]->s.k = IPPROTO_HOPOPTS;
3085 s[fix2]->s.jf = s[i];
3086 i++;
3087 /* if (A == IPPROTO_DSTOPTS) goto v6advance */
3088 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3089 s[i]->s.jt = NULL; /*later*/
3090 s[i]->s.jf = NULL; /*update in next stmt*/
3091 s[i]->s.k = IPPROTO_DSTOPTS;
3092 i++;
3093 /* if (A == IPPROTO_ROUTING) goto v6advance */
3094 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3095 s[i]->s.jt = NULL; /*later*/
3096 s[i]->s.jf = NULL; /*update in next stmt*/
3097 s[i]->s.k = IPPROTO_ROUTING;
3098 i++;
3099 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */
3100 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3101 s[i]->s.jt = NULL; /*later*/
3102 s[i]->s.jf = NULL; /*later*/
3103 s[i]->s.k = IPPROTO_FRAGMENT;
3104 fix3 = i;
3105 v6end = i;
3106 i++;
3107
3108 /* v6advance: */
3109 v6advance = i;
3110
3111 /*
3112 * in short,
3113 * A = P[X];
3114 * X = X + (P[X + 1] + 1) * 8;
3115 */
3116 /* A = X */
3117 s[i] = new_stmt(BPF_MISC|BPF_TXA);
3118 i++;
3119 /* A = P[X + packet head] */
3120 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
3121 s[i]->s.k = off_nl;
3122 i++;
3123 /* MEM[reg2] = A */
3124 s[i] = new_stmt(BPF_ST);
3125 s[i]->s.k = reg2;
3126 i++;
3127 /* A = X */
3128 s[i] = new_stmt(BPF_MISC|BPF_TXA);
3129 i++;
3130 /* A += 1 */
3131 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3132 s[i]->s.k = 1;
3133 i++;
3134 /* X = A */
3135 s[i] = new_stmt(BPF_MISC|BPF_TAX);
3136 i++;
3137 /* A = P[X + packet head]; */
3138 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
3139 s[i]->s.k = off_nl;
3140 i++;
3141 /* A += 1 */
3142 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3143 s[i]->s.k = 1;
3144 i++;
3145 /* A *= 8 */
3146 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
3147 s[i]->s.k = 8;
3148 i++;
3149 /* X = A; */
3150 s[i] = new_stmt(BPF_MISC|BPF_TAX);
3151 i++;
3152 /* A = MEM[reg2] */
3153 s[i] = new_stmt(BPF_LD|BPF_MEM);
3154 s[i]->s.k = reg2;
3155 i++;
3156
3157 /* goto again; (must use BPF_JA for backward jump) */
3158 s[i] = new_stmt(BPF_JMP|BPF_JA);
3159 s[i]->s.k = again - i - 1;
3160 s[i - 1]->s.jf = s[i];
3161 i++;
3162
3163 /* fixup */
3164 for (j = v6start; j <= v6end; j++)
3165 s[j]->s.jt = s[v6advance];
3166 } else
3167 #endif
3168 {
3169 /* nop */
3170 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3171 s[i]->s.k = 0;
3172 s[fix2]->s.jf = s[i];
3173 i++;
3174 }
3175
3176 /* ahcheck: */
3177 ahcheck = i;
3178 /* if (A == IPPROTO_AH) then fall through; else goto end; */
3179 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3180 s[i]->s.jt = NULL; /*later*/
3181 s[i]->s.jf = NULL; /*later*/
3182 s[i]->s.k = IPPROTO_AH;
3183 if (fix3)
3184 s[fix3]->s.jf = s[ahcheck];
3185 fix4 = i;
3186 i++;
3187
3188 /*
3189 * in short,
3190 * A = P[X];
3191 * X = X + (P[X + 1] + 2) * 4;
3192 */
3193 /* A = X */
3194 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
3195 i++;
3196 /* A = P[X + packet head]; */
3197 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
3198 s[i]->s.k = off_nl;
3199 i++;
3200 /* MEM[reg2] = A */
3201 s[i] = new_stmt(BPF_ST);
3202 s[i]->s.k = reg2;
3203 i++;
3204 /* A = X */
3205 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
3206 i++;
3207 /* A += 1 */
3208 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3209 s[i]->s.k = 1;
3210 i++;
3211 /* X = A */
3212 s[i] = new_stmt(BPF_MISC|BPF_TAX);
3213 i++;
3214 /* A = P[X + packet head] */
3215 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
3216 s[i]->s.k = off_nl;
3217 i++;
3218 /* A += 2 */
3219 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3220 s[i]->s.k = 2;
3221 i++;
3222 /* A *= 4 */
3223 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
3224 s[i]->s.k = 4;
3225 i++;
3226 /* X = A; */
3227 s[i] = new_stmt(BPF_MISC|BPF_TAX);
3228 i++;
3229 /* A = MEM[reg2] */
3230 s[i] = new_stmt(BPF_LD|BPF_MEM);
3231 s[i]->s.k = reg2;
3232 i++;
3233
3234 /* goto again; (must use BPF_JA for backward jump) */
3235 s[i] = new_stmt(BPF_JMP|BPF_JA);
3236 s[i]->s.k = again - i - 1;
3237 i++;
3238
3239 /* end: nop */
3240 end = i;
3241 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3242 s[i]->s.k = 0;
3243 s[fix2]->s.jt = s[end];
3244 s[fix4]->s.jf = s[end];
3245 s[fix5]->s.jt = s[end];
3246 i++;
3247
3248 /*
3249 * make slist chain
3250 */
3251 max = i;
3252 for (i = 0; i < max - 1; i++)
3253 s[i]->next = s[i + 1];
3254 s[max - 1]->next = NULL;
3255
3256 /*
3257 * emit final check
3258 */
3259 b = new_block(JMP(BPF_JEQ));
3260 b->stmts = s[1]; /*remember, s[0] is dummy*/
3261 b->s.k = v;
3262
3263 free_reg(reg2);
3264
3265 gen_and(b0, b);
3266 return b;
3267 #endif
3268 }
3269
3270 static struct block *
3271 gen_proto(v, proto, dir)
3272 int v;
3273 int proto;
3274 int dir;
3275 {
3276 struct block *b0, *b1;
3277
3278 if (dir != Q_DEFAULT)
3279 bpf_error("direction applied to 'proto'");
3280
3281 switch (proto) {
3282 case Q_DEFAULT:
3283 #ifdef INET6
3284 b0 = gen_proto(v, Q_IP, dir);
3285 b1 = gen_proto(v, Q_IPV6, dir);
3286 gen_or(b0, b1);
3287 return b1;
3288 #else
3289 /*FALLTHROUGH*/
3290 #endif
3291 case Q_IP:
3292 b0 = gen_linktype(ETHERTYPE_IP);
3293 #ifndef CHASE_CHAIN
3294 b1 = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)v);
3295 #else
3296 b1 = gen_protochain(v, Q_IP);
3297 #endif
3298 gen_and(b0, b1);
3299 return b1;
3300
3301 case Q_ISO:
3302 switch (linktype) {
3303
3304 case DLT_FRELAY:
3305 /*
3306 * Frame Relay packets typically have an OSI
3307 * NLPID at the beginning; "gen_linktype(LLCSAP_ISONS)"
3308 * generates code to check for all the OSI
3309 * NLPIDs, so calling it and then adding a check
3310 * for the particular NLPID for which we're
3311 * looking is bogus, as we can just check for
3312 * the NLPID.
3313 *
3314 * What we check for is the NLPID and a frame
3315 * control field value of UI, i.e. 0x03 followed
3316 * by the NLPID.
3317 *
3318 * XXX - assumes a 2-byte Frame Relay header with
3319 * DLCI and flags. What if the address is longer?
3320 *
3321 * XXX - what about SNAP-encapsulated frames?
3322 */
3323 return gen_cmp(2, BPF_H, (0x03<<8) | v);
3324 break;
3325
3326 default:
3327 b0 = gen_linktype(LLCSAP_ISONS);
3328 b1 = gen_cmp(off_nl_nosnap, BPF_B, (long)v);
3329 gen_and(b0, b1);
3330 return b1;
3331 }
3332
3333 case Q_ARP:
3334 bpf_error("arp does not encapsulate another protocol");
3335 /* NOTREACHED */
3336
3337 case Q_RARP:
3338 bpf_error("rarp does not encapsulate another protocol");
3339 /* NOTREACHED */
3340
3341 case Q_ATALK:
3342 bpf_error("atalk encapsulation is not specifiable");
3343 /* NOTREACHED */
3344
3345 case Q_DECNET:
3346 bpf_error("decnet encapsulation is not specifiable");
3347 /* NOTREACHED */
3348
3349 case Q_SCA:
3350 bpf_error("sca does not encapsulate another protocol");
3351 /* NOTREACHED */
3352
3353 case Q_LAT:
3354 bpf_error("lat does not encapsulate another protocol");
3355 /* NOTREACHED */
3356
3357 case Q_MOPRC:
3358 bpf_error("moprc does not encapsulate another protocol");
3359 /* NOTREACHED */
3360
3361 case Q_MOPDL:
3362 bpf_error("mopdl does not encapsulate another protocol");
3363 /* NOTREACHED */
3364
3365 case Q_LINK:
3366 return gen_linktype(v);
3367
3368 case Q_UDP:
3369 bpf_error("'udp proto' is bogus");
3370 /* NOTREACHED */
3371
3372 case Q_TCP:
3373 bpf_error("'tcp proto' is bogus");
3374 /* NOTREACHED */
3375
3376 case Q_SCTP:
3377 bpf_error("'sctp proto' is bogus");
3378 /* NOTREACHED */
3379
3380 case Q_ICMP:
3381 bpf_error("'icmp proto' is bogus");
3382 /* NOTREACHED */
3383
3384 case Q_IGMP:
3385 bpf_error("'igmp proto' is bogus");
3386 /* NOTREACHED */
3387
3388 case Q_IGRP:
3389 bpf_error("'igrp proto' is bogus");
3390 /* NOTREACHED */
3391
3392 case Q_PIM:
3393 bpf_error("'pim proto' is bogus");
3394 /* NOTREACHED */
3395
3396 case Q_VRRP:
3397 bpf_error("'vrrp proto' is bogus");
3398 /* NOTREACHED */
3399
3400 #ifdef INET6
3401 case Q_IPV6:
3402 b0 = gen_linktype(ETHERTYPE_IPV6);
3403 #ifndef CHASE_CHAIN
3404 b1 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)v);
3405 #else
3406 b1 = gen_protochain(v, Q_IPV6);
3407 #endif
3408 gen_and(b0, b1);
3409 return b1;
3410
3411 case Q_ICMPV6:
3412 bpf_error("'icmp6 proto' is bogus");
3413 #endif /* INET6 */
3414
3415 case Q_AH:
3416 bpf_error("'ah proto' is bogus");
3417
3418 case Q_ESP:
3419 bpf_error("'ah proto' is bogus");
3420
3421 case Q_STP:
3422 bpf_error("'stp proto' is bogus");
3423
3424 case Q_IPX:
3425 bpf_error("'ipx proto' is bogus");
3426
3427 case Q_NETBEUI:
3428 bpf_error("'netbeui proto' is bogus");
3429
3430 default:
3431 abort();
3432 /* NOTREACHED */
3433 }
3434 /* NOTREACHED */
3435 }
3436
3437 struct block *
3438 gen_scode(name, q)
3439 register const char *name;
3440 struct qual q;
3441 {
3442 int proto = q.proto;
3443 int dir = q.dir;
3444 int tproto;
3445 u_char *eaddr;
3446 bpf_u_int32 mask, addr;
3447 #ifndef INET6
3448 bpf_u_int32 **alist;
3449 #else
3450 int tproto6;
3451 struct sockaddr_in *sin;
3452 struct sockaddr_in6 *sin6;
3453 struct addrinfo *res, *res0;
3454 struct in6_addr mask128;
3455 #endif /*INET6*/
3456 struct block *b, *tmp;
3457 int port, real_proto;
3458
3459 switch (q.addr) {
3460
3461 case Q_NET:
3462 addr = pcap_nametonetaddr(name);
3463 if (addr == 0)
3464 bpf_error("unknown network '%s'", name);
3465 /* Left justify network addr and calculate its network mask */
3466 mask = 0xffffffff;
3467 while (addr && (addr & 0xff000000) == 0) {
3468 addr <<= 8;
3469 mask <<= 8;
3470 }
3471 return gen_host(addr, mask, proto, dir);
3472
3473 case Q_DEFAULT:
3474 case Q_HOST:
3475 if (proto == Q_LINK) {
3476 switch (linktype) {
3477
3478 case DLT_EN10MB:
3479 eaddr = pcap_ether_hostton(name);
3480 if (eaddr == NULL)
3481 bpf_error(
3482 "unknown ether host '%s'", name);
3483 b = gen_ehostop(eaddr, dir);
3484 free(eaddr);
3485 return b;
3486
3487 case DLT_FDDI:
3488 eaddr = pcap_ether_hostton(name);
3489 if (eaddr == NULL)
3490 bpf_error(
3491 "unknown FDDI host '%s'", name);
3492 b = gen_fhostop(eaddr, dir);
3493 free(eaddr);
3494 return b;
3495
3496 case DLT_IEEE802:
3497 eaddr = pcap_ether_hostton(name);
3498 if (eaddr == NULL)
3499 bpf_error(
3500 "unknown token ring host '%s'", name);
3501 b = gen_thostop(eaddr, dir);
3502 free(eaddr);
3503 return b;
3504
3505 case DLT_IEEE802_11:
3506 eaddr = pcap_ether_hostton(name);
3507 if (eaddr == NULL)
3508 bpf_error(
3509 "unknown 802.11 host '%s'", name);
3510 b = gen_wlanhostop(eaddr, dir);
3511 free(eaddr);
3512 return b;
3513
3514 default:
3515 bpf_error(
3516 "only ethernet/FDDI/token ring/802.11 supports link-level host name");
3517 break;
3518 }
3519 } else if (proto == Q_DECNET) {
3520 unsigned short dn_addr = __pcap_nametodnaddr(name);
3521 /*
3522 * I don't think DECNET hosts can be multihomed, so
3523 * there is no need to build up a list of addresses
3524 */
3525 return (gen_host(dn_addr, 0, proto, dir));
3526 } else {
3527 #ifndef INET6
3528 alist = pcap_nametoaddr(name);
3529 if (alist == NULL || *alist == NULL)
3530 bpf_error("unknown host '%s'", name);
3531 tproto = proto;
3532 if (off_linktype == -1 && tproto == Q_DEFAULT)
3533 tproto = Q_IP;
3534 b = gen_host(**alist++, 0xffffffff, tproto, dir);
3535 while (*alist) {
3536 tmp = gen_host(**alist++, 0xffffffff,
3537 tproto, dir);
3538 gen_or(b, tmp);
3539 b = tmp;
3540 }
3541 return b;
3542 #else
3543 memset(&mask128, 0xff, sizeof(mask128));
3544 res0 = res = pcap_nametoaddrinfo(name);
3545 if (res == NULL)
3546 bpf_error("unknown host '%s'", name);
3547 b = tmp = NULL;
3548 tproto = tproto6 = proto;
3549 if (off_linktype == -1 && tproto == Q_DEFAULT) {
3550 tproto = Q_IP;
3551 tproto6 = Q_IPV6;
3552 }
3553 for (res = res0; res; res = res->ai_next) {
3554 switch (res->ai_family) {
3555 case AF_INET:
3556 if (tproto == Q_IPV6)
3557 continue;
3558
3559 sin = (struct sockaddr_in *)
3560 res->ai_addr;
3561 tmp = gen_host(ntohl(sin->sin_addr.s_addr),
3562 0xffffffff, tproto, dir);
3563 break;
3564 case AF_INET6:
3565 if (tproto6 == Q_IP)
3566 continue;
3567
3568 sin6 = (struct sockaddr_in6 *)
3569 res->ai_addr;
3570 tmp = gen_host6(&sin6->sin6_addr,
3571 &mask128, tproto6, dir);
3572 break;
3573 default:
3574 continue;
3575 }
3576 if (b)
3577 gen_or(b, tmp);
3578 b = tmp;
3579 }
3580 freeaddrinfo(res0);
3581 if (b == NULL) {
3582 bpf_error("unknown host '%s'%s", name,
3583 (proto == Q_DEFAULT)
3584 ? ""
3585 : " for specified address family");
3586 }
3587 return b;
3588 #endif /*INET6*/
3589 }
3590
3591 case Q_PORT:
3592 if (proto != Q_DEFAULT &&
3593 proto != Q_UDP && proto != Q_TCP && proto != Q_SCTP)
3594 bpf_error("illegal qualifier of 'port'");
3595 if (pcap_nametoport(name, &port, &real_proto) == 0)
3596 bpf_error("unknown port '%s'", name);
3597 if (proto == Q_UDP) {
3598 if (real_proto == IPPROTO_TCP)
3599 bpf_error("port '%s' is tcp", name);
3600 else if (real_proto == IPPROTO_SCTP)
3601 bpf_error("port '%s' is sctp", name);
3602 else
3603 /* override PROTO_UNDEF */
3604 real_proto = IPPROTO_UDP;
3605 }
3606 if (proto == Q_TCP) {
3607 if (real_proto == IPPROTO_UDP)
3608 bpf_error("port '%s' is udp", name);
3609
3610 else if (real_proto == IPPROTO_SCTP)
3611 bpf_error("port '%s' is sctp", name);
3612 else
3613 /* override PROTO_UNDEF */
3614 real_proto = IPPROTO_TCP;
3615 }
3616 if (proto == Q_SCTP) {
3617 if (real_proto == IPPROTO_UDP)
3618 bpf_error("port '%s' is udp", name);
3619
3620 else if (real_proto == IPPROTO_TCP)
3621 bpf_error("port '%s' is tcp", name);
3622 else
3623 /* override PROTO_UNDEF */
3624 real_proto = IPPROTO_SCTP;
3625 }
3626 #ifndef INET6
3627 return gen_port(port, real_proto, dir);
3628 #else
3629 {
3630 struct block *b;
3631 b = gen_port(port, real_proto, dir);
3632 gen_or(gen_port6(port, real_proto, dir), b);
3633 return b;
3634 }
3635 #endif /* INET6 */
3636
3637 case Q_GATEWAY:
3638 #ifndef INET6
3639 eaddr = pcap_ether_hostton(name);
3640 if (eaddr == NULL)
3641 bpf_error("unknown ether host: %s", name);
3642
3643 alist = pcap_nametoaddr(name);
3644 if (alist == NULL || *alist == NULL)
3645 bpf_error("unknown host '%s'", name);
3646 b = gen_gateway(eaddr, alist, proto, dir);
3647 free(eaddr);
3648 return b;
3649 #else
3650 bpf_error("'gateway' not supported in this configuration");
3651 #endif /*INET6*/
3652
3653 case Q_PROTO:
3654 real_proto = lookup_proto(name, proto);
3655 if (real_proto >= 0)
3656 return gen_proto(real_proto, proto, dir);
3657 else
3658 bpf_error("unknown protocol: %s", name);
3659
3660 case Q_PROTOCHAIN:
3661 real_proto = lookup_proto(name, proto);
3662 if (real_proto >= 0)
3663 return gen_protochain(real_proto, proto, dir);
3664 else
3665 bpf_error("unknown protocol: %s", name);
3666
3667
3668 case Q_UNDEF:
3669 syntax();
3670 /* NOTREACHED */
3671 }
3672 abort();
3673 /* NOTREACHED */
3674 }
3675
3676 struct block *
3677 gen_mcode(s1, s2, masklen, q)
3678 register const char *s1, *s2;
3679 register int masklen;
3680 struct qual q;
3681 {
3682 register int nlen, mlen;
3683 bpf_u_int32 n, m;
3684
3685 nlen = __pcap_atoin(s1, &n);
3686 /* Promote short ipaddr */
3687 n <<= 32 - nlen;
3688
3689 if (s2 != NULL) {
3690 mlen = __pcap_atoin(s2, &m);
3691 /* Promote short ipaddr */
3692 m <<= 32 - mlen;
3693 if ((n & ~m) != 0)
3694 bpf_error("non-network bits set in \"%s mask %s\"",
3695 s1, s2);
3696 } else {
3697 /* Convert mask len to mask */
3698 if (masklen > 32)
3699 bpf_error("mask length must be <= 32");
3700 m = 0xffffffff << (32 - masklen);
3701 if ((n & ~m) != 0)
3702 bpf_error("non-network bits set in \"%s/%d\"",
3703 s1, masklen);
3704 }
3705
3706 switch (q.addr) {
3707
3708 case Q_NET:
3709 return gen_host(n, m, q.proto, q.dir);
3710
3711 default:
3712 bpf_error("Mask syntax for networks only");
3713 /* NOTREACHED */
3714 }
3715 }
3716
3717 struct block *
3718 gen_ncode(s, v, q)
3719 register const char *s;
3720 bpf_u_int32 v;
3721 struct qual q;
3722 {
3723 bpf_u_int32 mask;
3724 int proto = q.proto;
3725 int dir = q.dir;
3726 register int vlen;
3727
3728 if (s == NULL)
3729 vlen = 32;
3730 else if (q.proto == Q_DECNET)
3731 vlen = __pcap_atodn(s, &v);
3732 else
3733 vlen = __pcap_atoin(s, &v);
3734
3735 switch (q.addr) {
3736
3737 case Q_DEFAULT:
3738 case Q_HOST:
3739 case Q_NET:
3740 if (proto == Q_DECNET)
3741 return gen_host(v, 0, proto, dir);
3742 else if (proto == Q_LINK) {
3743 bpf_error("illegal link layer address");
3744 } else {
3745 mask = 0xffffffff;
3746 if (s == NULL && q.addr == Q_NET) {
3747 /* Promote short net number */
3748 while (v && (v & 0xff000000) == 0) {
3749 v <<= 8;
3750 mask <<= 8;
3751 }
3752 } else {
3753 /* Promote short ipaddr */
3754 v <<= 32 - vlen;
3755 mask <<= 32 - vlen;
3756 }
3757 return gen_host(v, mask, proto, dir);
3758 }
3759
3760 case Q_PORT:
3761 if (proto == Q_UDP)
3762 proto = IPPROTO_UDP;
3763 else if (proto == Q_TCP)
3764 proto = IPPROTO_TCP;
3765 else if (proto == Q_SCTP)
3766 proto = IPPROTO_SCTP;
3767 else if (proto == Q_DEFAULT)
3768 proto = PROTO_UNDEF;
3769 else
3770 bpf_error("illegal qualifier of 'port'");
3771
3772 #ifndef INET6
3773 return gen_port((int)v, proto, dir);
3774 #else
3775 {
3776 struct block *b;
3777 b = gen_port((int)v, proto, dir);
3778 gen_or(gen_port6((int)v, proto, dir), b);
3779 return b;
3780 }
3781 #endif /* INET6 */
3782
3783 case Q_GATEWAY:
3784 bpf_error("'gateway' requires a name");
3785 /* NOTREACHED */
3786
3787 case Q_PROTO:
3788 return gen_proto((int)v, proto, dir);
3789
3790 case Q_PROTOCHAIN:
3791 return gen_protochain((int)v, proto, dir);
3792
3793 case Q_UNDEF:
3794 syntax();
3795 /* NOTREACHED */
3796
3797 default:
3798 abort();
3799 /* NOTREACHED */
3800 }
3801 /* NOTREACHED */
3802 }
3803
3804 #ifdef INET6
3805 struct block *
3806 gen_mcode6(s1, s2, masklen, q)
3807 register const char *s1, *s2;
3808 register int masklen;
3809 struct qual q;
3810 {
3811 struct addrinfo *res;
3812 struct in6_addr *addr;
3813 struct in6_addr mask;
3814 struct block *b;
3815 u_int32_t *a, *m;
3816
3817 if (s2)
3818 bpf_error("no mask %s supported", s2);
3819
3820 res = pcap_nametoaddrinfo(s1);
3821 if (!res)
3822 bpf_error("invalid ip6 address %s", s1);
3823 if (res->ai_next)
3824 bpf_error("%s resolved to multiple address", s1);
3825 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr;
3826
3827 if (sizeof(mask) * 8 < masklen)
3828 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8));
3829 memset(&mask, 0, sizeof(mask));
3830 memset(&mask, 0xff, masklen / 8);
3831 if (masklen % 8) {
3832 mask.s6_addr[masklen / 8] =
3833 (0xff << (8 - masklen % 8)) & 0xff;
3834 }
3835
3836 a = (u_int32_t *)addr;
3837 m = (u_int32_t *)&mask;
3838 if ((a[0] & ~m[0]) || (a[1] & ~m[1])
3839 || (a[2] & ~m[2]) || (a[3] & ~m[3])) {
3840 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen);
3841 }
3842
3843 switch (q.addr) {
3844
3845 case Q_DEFAULT:
3846 case Q_HOST:
3847 if (masklen != 128)
3848 bpf_error("Mask syntax for networks only");
3849 /* FALLTHROUGH */
3850
3851 case Q_NET:
3852 b = gen_host6(addr, &mask, q.proto, q.dir);
3853 freeaddrinfo(res);
3854 return b;
3855
3856 default:
3857 bpf_error("invalid qualifier against IPv6 address");
3858 /* NOTREACHED */
3859 }
3860 }
3861 #endif /*INET6*/
3862
3863 struct block *
3864 gen_ecode(eaddr, q)
3865 register const u_char *eaddr;
3866 struct qual q;
3867 {
3868 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
3869 if (linktype == DLT_EN10MB)
3870 return gen_ehostop(eaddr, (int)q.dir);
3871 if (linktype == DLT_FDDI)
3872 return gen_fhostop(eaddr, (int)q.dir);
3873 if (linktype == DLT_IEEE802)
3874 return gen_thostop(eaddr, (int)q.dir);
3875 if (linktype == DLT_IEEE802_11)
3876 return gen_wlanhostop(eaddr, (int)q.dir);
3877 bpf_error("ethernet addresses supported only on ethernet/FDDI/token ring/802.11");
3878 }
3879 bpf_error("ethernet address used in non-ether expression");
3880 /* NOTREACHED */
3881 }
3882
3883 void
3884 sappend(s0, s1)
3885 struct slist *s0, *s1;
3886 {
3887 /*
3888 * This is definitely not the best way to do this, but the
3889 * lists will rarely get long.
3890 */
3891 while (s0->next)
3892 s0 = s0->next;
3893 s0->next = s1;
3894 }
3895
3896 static struct slist *
3897 xfer_to_x(a)
3898 struct arth *a;
3899 {
3900 struct slist *s;
3901
3902 s = new_stmt(BPF_LDX|BPF_MEM);
3903 s->s.k = a->regno;
3904 return s;
3905 }
3906
3907 static struct slist *
3908 xfer_to_a(a)
3909 struct arth *a;
3910 {
3911 struct slist *s;
3912
3913 s = new_stmt(BPF_LD|BPF_MEM);
3914 s->s.k = a->regno;
3915 return s;
3916 }
3917
3918 struct arth *
3919 gen_load(proto, index, size)
3920 int proto;
3921 struct arth *index;
3922 int size;
3923 {
3924 struct slist *s, *tmp;
3925 struct block *b;
3926 int regno = alloc_reg();
3927
3928 free_reg(index->regno);
3929 switch (size) {
3930
3931 default:
3932 bpf_error("data size must be 1, 2, or 4");
3933
3934 case 1:
3935 size = BPF_B;
3936 break;
3937
3938 case 2:
3939 size = BPF_H;
3940 break;
3941
3942 case 4:
3943 size = BPF_W;
3944 break;
3945 }
3946 switch (proto) {
3947 default:
3948 bpf_error("unsupported index operation");
3949
3950 case Q_LINK:
3951 s = xfer_to_x(index);
3952 tmp = new_stmt(BPF_LD|BPF_IND|size);
3953 sappend(s, tmp);
3954 sappend(index->s, s);
3955 break;
3956
3957 case Q_IP:
3958 case Q_ARP:
3959 case Q_RARP:
3960 case Q_ATALK:
3961 case Q_DECNET:
3962 case Q_SCA:
3963 case Q_LAT:
3964 case Q_MOPRC:
3965 case Q_MOPDL:
3966 #ifdef INET6
3967 case Q_IPV6:
3968 #endif
3969 /* XXX Note that we assume a fixed link header here. */
3970 s = xfer_to_x(index);
3971 tmp = new_stmt(BPF_LD|BPF_IND|size);
3972 tmp->s.k = off_nl;
3973 sappend(s, tmp);
3974 sappend(index->s, s);
3975
3976 b = gen_proto_abbrev(proto);
3977 if (index->b)
3978 gen_and(index->b, b);
3979 index->b = b;
3980 break;
3981
3982 case Q_SCTP:
3983 case Q_TCP:
3984 case Q_UDP:
3985 case Q_ICMP:
3986 case Q_IGMP:
3987 case Q_IGRP:
3988 case Q_PIM:
3989 case Q_VRRP:
3990 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
3991 s->s.k = off_nl;
3992 sappend(s, xfer_to_a(index));
3993 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X));
3994 sappend(s, new_stmt(BPF_MISC|BPF_TAX));
3995 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size));
3996 tmp->s.k = off_nl;
3997 sappend(index->s, s);
3998
3999 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag());
4000 if (index->b)
4001 gen_and(index->b, b);
4002 #ifdef INET6
4003 gen_and(gen_proto_abbrev(Q_IP), b);
4004 #endif
4005 index->b = b;
4006 break;
4007 #ifdef INET6
4008 case Q_ICMPV6:
4009 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]");
4010 /*NOTREACHED*/
4011 #endif
4012 }
4013 index->regno = regno;
4014 s = new_stmt(BPF_ST);
4015 s->s.k = regno;
4016 sappend(index->s, s);
4017
4018 return index;
4019 }
4020
4021 struct block *
4022 gen_relation(code, a0, a1, reversed)
4023 int code;
4024 struct arth *a0, *a1;
4025 int reversed;
4026 {
4027 struct slist *s0, *s1, *s2;
4028 struct block *b, *tmp;
4029
4030 s0 = xfer_to_x(a1);
4031 s1 = xfer_to_a(a0);
4032 if (code == BPF_JEQ) {
4033 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X);
4034 b = new_block(JMP(code));
4035 sappend(s1, s2);
4036 }
4037 else
4038 b = new_block(BPF_JMP|code|BPF_X);
4039 if (reversed)
4040 gen_not(b);
4041
4042 sappend(s0, s1);
4043 sappend(a1->s, s0);
4044 sappend(a0->s, a1->s);
4045
4046 b->stmts = a0->s;
4047
4048 free_reg(a0->regno);
4049 free_reg(a1->regno);
4050
4051 /* 'and' together protocol checks */
4052 if (a0->b) {
4053 if (a1->b) {
4054 gen_and(a0->b, tmp = a1->b);
4055 }
4056 else
4057 tmp = a0->b;
4058 } else
4059 tmp = a1->b;
4060
4061 if (tmp)
4062 gen_and(tmp, b);
4063
4064 return b;
4065 }
4066
4067 struct arth *
4068 gen_loadlen()
4069 {
4070 int regno = alloc_reg();
4071 struct arth *a = (struct arth *)newchunk(sizeof(*a));
4072 struct slist *s;
4073
4074 s = new_stmt(BPF_LD|BPF_LEN);
4075 s->next = new_stmt(BPF_ST);
4076 s->next->s.k = regno;
4077 a->s = s;
4078 a->regno = regno;
4079
4080 return a;
4081 }
4082
4083 struct arth *
4084 gen_loadi(val)
4085 int val;
4086 {
4087 struct arth *a;
4088 struct slist *s;
4089 int reg;
4090
4091 a = (struct arth *)newchunk(sizeof(*a));
4092
4093 reg = alloc_reg();
4094
4095 s = new_stmt(BPF_LD|BPF_IMM);
4096 s->s.k = val;
4097 s->next = new_stmt(BPF_ST);
4098 s->next->s.k = reg;
4099 a->s = s;
4100 a->regno = reg;
4101
4102 return a;
4103 }
4104
4105 struct arth *
4106 gen_neg(a)
4107 struct arth *a;
4108 {
4109 struct slist *s;
4110
4111 s = xfer_to_a(a);
4112 sappend(a->s, s);
4113 s = new_stmt(BPF_ALU|BPF_NEG);
4114 s->s.k = 0;
4115 sappend(a->s, s);
4116 s = new_stmt(BPF_ST);
4117 s->s.k = a->regno;
4118 sappend(a->s, s);
4119
4120 return a;
4121 }
4122
4123 struct arth *
4124 gen_arth(code, a0, a1)
4125 int code;
4126 struct arth *a0, *a1;
4127 {
4128 struct slist *s0, *s1, *s2;
4129
4130 s0 = xfer_to_x(a1);
4131 s1 = xfer_to_a(a0);
4132 s2 = new_stmt(BPF_ALU|BPF_X|code);
4133
4134 sappend(s1, s2);
4135 sappend(s0, s1);
4136 sappend(a1->s, s0);
4137 sappend(a0->s, a1->s);
4138
4139 free_reg(a0->regno);
4140 free_reg(a1->regno);
4141
4142 s0 = new_stmt(BPF_ST);
4143 a0->regno = s0->s.k = alloc_reg();
4144 sappend(a0->s, s0);
4145
4146 return a0;
4147 }
4148
4149 /*
4150 * Here we handle simple allocation of the scratch registers.
4151 * If too many registers are alloc'd, the allocator punts.
4152 */
4153 static int regused[BPF_MEMWORDS];
4154 static int curreg;
4155
4156 /*
4157 * Return the next free register.
4158 */
4159 static int
4160 alloc_reg()
4161 {
4162 int n = BPF_MEMWORDS;
4163
4164 while (--n >= 0) {
4165 if (regused[curreg])
4166 curreg = (curreg + 1) % BPF_MEMWORDS;
4167 else {
4168 regused[curreg] = 1;
4169 return curreg;
4170 }
4171 }
4172 bpf_error("too many registers needed to evaluate expression");
4173 /* NOTREACHED */
4174 }
4175
4176 /*
4177 * Return a register to the table so it can
4178 * be used later.
4179 */
4180 static void
4181 free_reg(n)
4182 int n;
4183 {
4184 regused[n] = 0;
4185 }
4186
4187 static struct block *
4188 gen_len(jmp, n)
4189 int jmp, n;
4190 {
4191 struct slist *s;
4192 struct block *b;
4193
4194 s = new_stmt(BPF_LD|BPF_LEN);
4195 b = new_block(JMP(jmp));
4196 b->stmts = s;
4197 b->s.k = n;
4198
4199 return b;
4200 }
4201
4202 struct block *
4203 gen_greater(n)
4204 int n;
4205 {
4206 return gen_len(BPF_JGE, n);
4207 }
4208
4209 /*
4210 * Actually, this is less than or equal.
4211 */
4212 struct block *
4213 gen_less(n)
4214 int n;
4215 {
4216 struct block *b;
4217
4218 b = gen_len(BPF_JGT, n);
4219 gen_not(b);
4220
4221 return b;
4222 }
4223
4224 struct block *
4225 gen_byteop(op, idx, val)
4226 int op, idx, val;
4227 {
4228 struct block *b;
4229 struct slist *s;
4230
4231 switch (op) {
4232 default:
4233 abort();
4234
4235 case '=':
4236 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
4237
4238 case '<':
4239 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
4240 b->s.code = JMP(BPF_JGE);
4241 gen_not(b);
4242 return b;
4243
4244 case '>':
4245 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
4246 b->s.code = JMP(BPF_JGT);
4247 return b;
4248
4249 case '|':
4250 s = new_stmt(BPF_ALU|BPF_OR|BPF_K);
4251 break;
4252
4253 case '&':
4254 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
4255 break;
4256 }
4257 s->s.k = val;
4258 b = new_block(JMP(BPF_JEQ));
4259 b->stmts = s;
4260 gen_not(b);
4261
4262 return b;
4263 }
4264
4265 static u_char abroadcast[] = { 0x0 };
4266
4267 struct block *
4268 gen_broadcast(proto)
4269 int proto;
4270 {
4271 bpf_u_int32 hostmask;
4272 struct block *b0, *b1, *b2;
4273 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
4274
4275 switch (proto) {
4276
4277 case Q_DEFAULT:
4278 case Q_LINK:
4279 if (linktype == DLT_ARCNET)
4280 return gen_ahostop(abroadcast, Q_DST);
4281 if (linktype == DLT_EN10MB)
4282 return gen_ehostop(ebroadcast, Q_DST);
4283 if (linktype == DLT_FDDI)
4284 return gen_fhostop(ebroadcast, Q_DST);
4285 if (linktype == DLT_IEEE802)
4286 return gen_thostop(ebroadcast, Q_DST);
4287 if (linktype == DLT_IEEE802_11)
4288 return gen_wlanhostop(ebroadcast, Q_DST);
4289 bpf_error("not a broadcast link");
4290 break;
4291
4292 case Q_IP:
4293 b0 = gen_linktype(ETHERTYPE_IP);
4294 hostmask = ~netmask;
4295 b1 = gen_mcmp(off_nl + 16, BPF_W, (bpf_int32)0, hostmask);
4296 b2 = gen_mcmp(off_nl + 16, BPF_W,
4297 (bpf_int32)(~0 & hostmask), hostmask);
4298 gen_or(b1, b2);
4299 gen_and(b0, b2);
4300 return b2;
4301 }
4302 bpf_error("only ether/ip broadcast filters supported");
4303 }
4304
4305 /*
4306 * Generate code to test the low-order bit of a MAC address (that's
4307 * the bottom bit of the *first* byte).
4308 */
4309 static struct block *
4310 gen_mac_multicast(offset)
4311 int offset;
4312 {
4313 register struct block *b0;
4314 register struct slist *s;
4315
4316 /* link[offset] & 1 != 0 */
4317 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4318 s->s.k = offset;
4319 b0 = new_block(JMP(BPF_JSET));
4320 b0->s.k = 1;
4321 b0->stmts = s;
4322 return b0;
4323 }
4324
4325 struct block *
4326 gen_multicast(proto)
4327 int proto;
4328 {
4329 register struct block *b0, *b1, *b2, *b3;
4330 register struct slist *s;
4331
4332 switch (proto) {
4333
4334 case Q_DEFAULT:
4335 case Q_LINK:
4336 if (linktype == DLT_ARCNET)
4337 /* all ARCnet multicasts use the same address */
4338 return gen_ahostop(abroadcast, Q_DST);
4339
4340 if (linktype == DLT_EN10MB) {
4341 /* ether[0] & 1 != 0 */
4342 return gen_mac_multicast(0);
4343 }
4344
4345 if (linktype == DLT_FDDI) {
4346 /* XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX */
4347 /* fddi[1] & 1 != 0 */
4348 return gen_mac_multicast(1);
4349 }
4350
4351 /* TODO - check how token ring handles multicast */
4352 /* if (linktype == DLT_IEEE802) ... */
4353
4354 if (linktype == DLT_IEEE802_11) {
4355 /*
4356 * Oh, yuk.
4357 *
4358 * For control frames, there is no DA.
4359 *
4360 * For management frames, DA is at an
4361 * offset of 4 from the beginning of
4362 * the packet.
4363 *
4364 * For data frames, DA is at an offset
4365 * of 4 from the beginning of the packet
4366 * if To DS is clear and at an offset of
4367 * 16 from the beginning of the packet
4368 * if To DS is set.
4369 */
4370
4371 /*
4372 * If the low-order bit of the type value is 1,
4373 * this is either a control frame or a frame
4374 * with a reserved type, and thus not a
4375 * frame with a DA.
4376 *
4377 * I.e., first check "!(link[0] & 0x04)".
4378 */
4379 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4380 s->s.k = 0;
4381 b0 = new_block(JMP(BPF_JSET));
4382 b0->s.k = 0x04;
4383 b0->stmts = s;
4384 gen_not(b0);
4385
4386 /*
4387 * If the high-order bit of the type value is 0,
4388 * this is a management frame.
4389 * I.e, check "!(link[0] & 0x08)".
4390 */
4391 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4392 s->s.k = 0;
4393 b2 = new_block(JMP(BPF_JSET));
4394 b2->s.k = 0x08;
4395 b2->stmts = s;
4396 gen_not(b2);
4397
4398 /*
4399 * For management frames, test the DA at 4.
4400 */
4401 b1 = gen_mac_multicast(4);
4402 gen_and(b2, b1);
4403 b3 = b1;
4404
4405 /*
4406 * If the high-order bit of the type value is 0,
4407 * this is a data frame; check To DS.
4408 *
4409 * I.e., check "(link[0] & 0x08) && !(link[1] & 0x01)".
4410 */
4411 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4412 s->s.k = 0;
4413 b1 = new_block(JMP(BPF_JSET));
4414 b1->s.k = 0x08;
4415 b1->stmts = s;
4416
4417 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4418 s->s.k = 1;
4419 b2 = new_block(JMP(BPF_JSET));
4420 b2->s.k = 0x01; /* To DS */
4421 b2->stmts = s;
4422 gen_not(b2);
4423 gen_and(b1, b2);
4424
4425 /*
4426 * For data frames with To DS not set, test the DA
4427 * at 4; then combine that test with the management
4428 * frame test.
4429 */
4430 b1 = gen_mac_multicast(4);
4431 gen_and(b2, b1);
4432 gen_or(b3, b1);
4433 b3 = b1;
4434
4435 /*
4436 * Now, check for a data frame with To DS set.
4437 *
4438 * I.e., check "(link[0] & 0x08) && (link[1] & 0x01)".
4439 */
4440 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4441 s->s.k = 0;
4442 b1 = new_block(JMP(BPF_JSET));
4443 b1->s.k = 0x08;
4444 b1->stmts = s;
4445
4446 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4447 s->s.k = 1;
4448 b2 = new_block(JMP(BPF_JSET));
4449 b2->s.k = 0x01; /* To DS */
4450 b2->stmts = s;
4451 gen_and(b1, b2);
4452
4453 /*
4454 * Test the DA at 16, and OR the previous DA tests
4455 * with it.
4456 */
4457 b1 = gen_mac_multicast(16);
4458 gen_and(b2, b1);
4459 gen_or(b3, b1);
4460
4461 gen_and(b0, b1);
4462 return b1;
4463 }
4464
4465 /* Link not known to support multicasts */
4466 break;
4467
4468 case Q_IP:
4469 b0 = gen_linktype(ETHERTYPE_IP);
4470 b1 = gen_cmp(off_nl + 16, BPF_B, (bpf_int32)224);
4471 b1->s.code = JMP(BPF_JGE);
4472 gen_and(b0, b1);
4473 return b1;
4474
4475 #ifdef INET6
4476 case Q_IPV6:
4477 b0 = gen_linktype(ETHERTYPE_IPV6);
4478 b1 = gen_cmp(off_nl + 24, BPF_B, (bpf_int32)255);
4479 gen_and(b0, b1);
4480 return b1;
4481 #endif /* INET6 */
4482 }
4483 bpf_error("only IP multicast filters supported on ethernet/FDDI");
4484 }
4485
4486 /*
4487 * generate command for inbound/outbound. It's here so we can
4488 * make it link-type specific. 'dir' = 0 implies "inbound",
4489 * = 1 implies "outbound".
4490 */
4491 struct block *
4492 gen_inbound(dir)
4493 int dir;
4494 {
4495 register struct block *b0;
4496
4497 /*
4498 * Only some data link types support inbound/outbound qualifiers.
4499 */
4500 switch (linktype) {
4501 case DLT_SLIP:
4502 case DLT_PPP:
4503 b0 = gen_relation(BPF_JEQ,
4504 gen_load(Q_LINK, gen_loadi(0), 1),
4505 gen_loadi(0),
4506 dir);
4507 break;
4508
4509 case DLT_LINUX_SLL:
4510 if (dir) {
4511 /*
4512 * Match packets sent by this machine.
4513 */
4514 b0 = gen_cmp(0, BPF_H, LINUX_SLL_OUTGOING);
4515 } else {
4516 /*
4517 * Match packets sent to this machine.
4518 * (No broadcast or multicast packets, or
4519 * packets sent to some other machine and
4520 * received promiscuously.)
4521 *
4522 * XXX - packets sent to other machines probably
4523 * shouldn't be matched, but what about broadcast
4524 * or multicast packets we received?
4525 */
4526 b0 = gen_cmp(0, BPF_H, LINUX_SLL_HOST);
4527 }
4528 break;
4529
4530 default:
4531 bpf_error("inbound/outbound not supported on linktype %d\n",
4532 linktype);
4533 b0 = NULL;
4534 /* NOTREACHED */
4535 }
4536 return (b0);
4537 }
4538
4539 struct block *
4540 gen_acode(eaddr, q)
4541 register const u_char *eaddr;
4542 struct qual q;
4543 {
4544 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
4545 if (linktype == DLT_ARCNET)
4546 return gen_ahostop(eaddr, (int)q.dir);
4547 }
4548 bpf_error("ARCnet address used in non-arc expression");
4549 /* NOTREACHED */
4550 }
4551
4552 static struct block *
4553 gen_ahostop(eaddr, dir)
4554 register const u_char *eaddr;
4555 register int dir;
4556 {
4557 register struct block *b0, *b1;
4558
4559 switch (dir) {
4560 /* src comes first, different from Ethernet */
4561 case Q_SRC:
4562 return gen_bcmp(0, 1, eaddr);
4563
4564 case Q_DST:
4565 return gen_bcmp(1, 1, eaddr);
4566
4567 case Q_AND:
4568 b0 = gen_ahostop(eaddr, Q_SRC);
4569 b1 = gen_ahostop(eaddr, Q_DST);
4570 gen_and(b0, b1);
4571 return b1;
4572
4573 case Q_DEFAULT:
4574 case Q_OR:
4575 b0 = gen_ahostop(eaddr, Q_SRC);
4576 b1 = gen_ahostop(eaddr, Q_DST);
4577 gen_or(b0, b1);
4578 return b1;
4579 }
4580 abort();
4581 /* NOTREACHED */
4582 }
4583
4584 /*
4585 * support IEEE 802.1Q VLAN trunk over ethernet
4586 */
4587 struct block *
4588 gen_vlan(vlan_num)
4589 int vlan_num;
4590 {
4591 struct block *b0;
4592
4593 /*
4594 * Change the offsets to point to the type and data fields within
4595 * the VLAN packet. This is somewhat of a kludge.
4596 */
4597 if (orig_nl == (u_int)-1) {
4598 orig_linktype = off_linktype; /* save original values */
4599 orig_nl = off_nl;
4600 orig_nl_nosnap = off_nl_nosnap;
4601
4602 switch (linktype) {
4603
4604 case DLT_EN10MB:
4605 off_linktype = 16;
4606 off_nl_nosnap = 18;
4607 off_nl = 18;
4608 break;
4609
4610 default:
4611 bpf_error("no VLAN support for data link type %d",
4612 linktype);
4613 /*NOTREACHED*/
4614 }
4615 }
4616
4617 /* check for VLAN */
4618 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q);
4619
4620 /* If a specific VLAN is requested, check VLAN id */
4621 if (vlan_num >= 0) {
4622 struct block *b1;
4623
4624 b1 = gen_cmp(orig_nl, BPF_H, (bpf_int32)vlan_num);
4625 gen_and(b0, b1);
4626 b0 = b1;
4627 }
4628
4629 return (b0);
4630 }
4631
4632 struct block *
4633 gen_atmfield_code(atmfield, jvalue, jtype, reverse)
4634 int atmfield;
4635 bpf_u_int32 jvalue;
4636 bpf_u_int32 jtype;
4637 int reverse;
4638 {
4639 struct block *b0;
4640
4641 switch (atmfield) {
4642
4643 case A_VPI:
4644 if (!is_atm)
4645 bpf_error("'vpi' supported only on raw ATM");
4646 if (off_vpi == -1)
4647 abort();
4648 b0 = gen_ncmp(BPF_B, off_vpi, 0xffffffff, (u_int)jtype,
4649 (u_int)jvalue, reverse);
4650 break;
4651
4652 case A_VCI:
4653 if (!is_atm)
4654 bpf_error("'vci' supported only on raw ATM");
4655 if (off_vci == -1)
4656 abort();
4657 b0 = gen_ncmp(BPF_H, off_vci, 0xffffffff, (u_int)jtype,
4658 (u_int)jvalue, reverse);
4659 break;
4660
4661 case A_PROTOTYPE:
4662 if (off_proto == -1)
4663 abort(); /* XXX - this isn't on FreeBSD */
4664 b0 = gen_ncmp(BPF_B, off_proto, 0x0f, (u_int)jtype,
4665 (u_int)jvalue, reverse);
4666 break;
4667
4668 case A_MSGTYPE:
4669 if (off_msg_type == -1)
4670 abort();
4671 b0 = gen_ncmp(BPF_B, off_msg_type, 0xffffffff,
4672 (u_int)jtype, (u_int)jvalue, reverse);
4673 break;
4674
4675 case A_CALLREFTYPE:
4676 if (!is_atm)
4677 bpf_error("'callref' supported only on raw ATM");
4678 if (off_proto == -1)
4679 abort();
4680 b0 = gen_ncmp(BPF_B, off_proto, 0xffffffff, (u_int)jtype,
4681 (u_int)jvalue, reverse);
4682 break;
4683
4684 default:
4685 abort();
4686 }
4687 return b0;
4688 }
4689
4690 struct block *
4691 gen_atmtype_abbrev(type)
4692 int type;
4693 {
4694 struct block *b0, *b1;
4695
4696 switch (type) {
4697
4698 case A_METAC:
4699 /* Get all packets in Meta signalling Circuit */
4700 if (!is_atm)
4701 bpf_error("'metac' supported only on raw ATM");
4702 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
4703 b1 = gen_atmfield_code(A_VCI, 1, BPF_JEQ, 0);
4704 gen_and(b0, b1);
4705 break;
4706
4707 case A_BCC:
4708 /* Get all packets in Broadcast Circuit*/
4709 if (!is_atm)
4710 bpf_error("'bcc' supported only on raw ATM");
4711 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
4712 b1 = gen_atmfield_code(A_VCI, 2, BPF_JEQ, 0);
4713 gen_and(b0, b1);
4714 break;
4715
4716 case A_OAMF4SC:
4717 /* Get all cells in Segment OAM F4 circuit*/
4718 if (!is_atm)
4719 bpf_error("'oam4sc' supported only on raw ATM");
4720 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
4721 b1 = gen_atmfield_code(A_VCI, 3, BPF_JEQ, 0);
4722 gen_and(b0, b1);
4723 break;
4724
4725 case A_OAMF4EC:
4726 /* Get all cells in End-to-End OAM F4 Circuit*/
4727 if (!is_atm)
4728 bpf_error("'oam4ec' supported only on raw ATM");
4729 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
4730 b1 = gen_atmfield_code(A_VCI, 4, BPF_JEQ, 0);
4731 gen_and(b0, b1);
4732 break;
4733
4734 case A_SC:
4735 /* Get all packets in connection Signalling Circuit */
4736 if (!is_atm)
4737 bpf_error("'sc' supported only on raw ATM");
4738 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
4739 b1 = gen_atmfield_code(A_VCI, 5, BPF_JEQ, 0);
4740 gen_and(b0, b1);
4741 break;
4742
4743 case A_ILMIC:
4744 /* Get all packets in ILMI Circuit */
4745 if (!is_atm)
4746 bpf_error("'ilmic' supported only on raw ATM");
4747 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
4748 b1 = gen_atmfield_code(A_VCI, 16, BPF_JEQ, 0);
4749 gen_and(b0, b1);
4750 break;
4751
4752 case A_LANE:
4753 /* Get all LANE packets */
4754 if (!is_atm)
4755 bpf_error("'lane' supported only on raw ATM");
4756 b1 = gen_atmfield_code(A_PROTOTYPE, PT_LANE, BPF_JEQ, 0);
4757 break;
4758
4759 case A_LLC:
4760 /* Get all LLC-encapsulated packets */
4761 if (!is_atm)
4762 bpf_error("'llc' supported only on raw ATM");
4763 b1 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0);
4764 break;
4765
4766 default:
4767 abort();
4768 }
4769 return b1;
4770 }
4771
4772
4773 static struct block *
4774 gen_msg_abbrev(type)
4775 int type;
4776 {
4777 struct block *b1;
4778
4779 /*
4780 * Q.2931 signalling protocol messages for handling virtual circuits
4781 * establishment and teardown
4782 */
4783 switch (type) {
4784
4785 case A_SETUP:
4786 b1 = gen_atmfield_code(A_MSGTYPE, SETUP, BPF_JEQ, 0);
4787 break;
4788
4789 case A_CALLPROCEED:
4790 b1 = gen_atmfield_code(A_MSGTYPE, CALL_PROCEED, BPF_JEQ, 0);
4791 break;
4792
4793 case A_CONNECT:
4794 b1 = gen_atmfield_code(A_MSGTYPE, CONNECT, BPF_JEQ, 0);
4795 break;
4796
4797 case A_CONNECTACK:
4798 b1 = gen_atmfield_code(A_MSGTYPE, CONNECT_ACK, BPF_JEQ, 0);
4799 break;
4800
4801 case A_RELEASE:
4802 b1 = gen_atmfield_code(A_MSGTYPE, RELEASE, BPF_JEQ, 0);
4803 break;
4804
4805 case A_RELEASE_DONE:
4806 b1 = gen_atmfield_code(A_MSGTYPE, RELEASE_DONE, BPF_JEQ, 0);
4807 break;
4808
4809 default:
4810 abort();
4811 }
4812 return b1;
4813 }
4814
4815 struct block *
4816 gen_atmmulti_abbrev(type)
4817 int type;
4818 {
4819 struct block *b0, *b1;
4820
4821 switch (type) {
4822
4823 case A_OAM:
4824 if (!is_atm)
4825 bpf_error("'oam' supported only on raw ATM");
4826 b1 = gen_atmmulti_abbrev(A_OAMF4);
4827 break;
4828
4829 case A_OAMF4:
4830 if (!is_atm)
4831 bpf_error("'oamf4' supported only on raw ATM");
4832 /* OAM F4 type */
4833 b0 = gen_atmfield_code(A_VCI, 3, BPF_JEQ, 0);
4834 b1 = gen_atmfield_code(A_VCI, 4, BPF_JEQ, 0);
4835 gen_or(b0, b1);
4836 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
4837 gen_and(b0, b1);
4838 break;
4839
4840 case A_CONNECTMSG:
4841 /*
4842 * Get Q.2931 signalling messages for switched
4843 * virtual connection
4844 */
4845 if (!is_atm)
4846 bpf_error("'connectmsg' supported only on raw ATM");
4847 b0 = gen_msg_abbrev(A_SETUP);
4848 b1 = gen_msg_abbrev(A_CALLPROCEED);
4849 gen_or(b0, b1);
4850 b0 = gen_msg_abbrev(A_CONNECT);
4851 gen_or(b0, b1);
4852 b0 = gen_msg_abbrev(A_CONNECTACK);
4853 gen_or(b0, b1);
4854 b0 = gen_msg_abbrev(A_RELEASE);
4855 gen_or(b0, b1);
4856 b0 = gen_msg_abbrev(A_RELEASE_DONE);
4857 gen_or(b0, b1);
4858 b0 = gen_atmtype_abbrev(A_SC);
4859 gen_and(b0, b1);
4860 break;
4861
4862 case A_METACONNECT:
4863 if (!is_atm)
4864 bpf_error("'metaconnect' supported only on raw ATM");
4865 b0 = gen_msg_abbrev(A_SETUP);
4866 b1 = gen_msg_abbrev(A_CALLPROCEED);
4867 gen_or(b0, b1);
4868 b0 = gen_msg_abbrev(A_CONNECT);
4869 gen_or(b0, b1);
4870 b0 = gen_msg_abbrev(A_RELEASE);
4871 gen_or(b0, b1);
4872 b0 = gen_msg_abbrev(A_RELEASE_DONE);
4873 gen_or(b0, b1);
4874 b0 = gen_atmtype_abbrev(A_METAC);
4875 gen_and(b0, b1);
4876 break;
4877
4878 default:
4879 abort();
4880 }
4881 return b1;
4882 }
[mirror] the LIBpcap interface to various kernel packet capture mechanism