]> The Tcpdump Group git mirrors - libpcap/blob - gencode.c
projects / libpcap / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Put in support for raw "link[N:M]" filtering for DOCSIS.
[libpcap] / gencode.c
1 /*#define CHASE_CHAIN*/
2 /*
3 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998
4 * The Regents of the University of California. All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that: (1) source code distributions
8 * retain the above copyright notice and this paragraph in its entirety, (2)
9 * distributions including binary code include the above copyright notice and
10 * this paragraph in its entirety in the documentation or other materials
11 * provided with the distribution, and (3) all advertising materials mentioning
12 * features or use of this software display the following acknowledgement:
13 * ``This product includes software developed by the University of California,
14 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
15 * the University nor the names of its contributors may be used to endorse
16 * or promote products derived from this software without specific prior
17 * written permission.
18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
19 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
20 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
21 */
22 #ifndef lint
23 static const char rcsid[] _U_ =
24 "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.196 2004-01-14 01:09:03 guy Exp $ (LBL)";
25 #endif
26
27 #ifdef HAVE_CONFIG_H
28 #include "config.h"
29 #endif
30
31 #ifdef WIN32
32 #include <pcap-stdinc.h>
33 #else /* WIN32 */
34 #include <sys/types.h>
35 #include <sys/socket.h>
36 #include <sys/time.h>
37 #endif /* WIN32 */
38
39 /*
40 * XXX - why was this included even on UNIX?
41 */
42 #ifdef __MINGW32__
43 #include "IP6_misc.h"
44 #endif
45
46 #ifndef WIN32
47
48 #ifdef __NetBSD__
49 #include <sys/param.h>
50 #endif
51
52 #include <netinet/in.h>
53
54 #endif /* WIN32 */
55
56 #include <stdlib.h>
57 #include <string.h>
58 #include <memory.h>
59 #include <setjmp.h>
60 #include <stdarg.h>
61
62 #include "pcap-int.h"
63
64 #include "ethertype.h"
65 #include "nlpid.h"
66 #include "llc.h"
67 #include "gencode.h"
68 #include "atmuni31.h"
69 #include "sunatmpos.h"
70 #include "ppp.h"
71 #include "sll.h"
72 #include "arcnet.h"
73 #include "pf.h"
74 #ifdef INET6
75 #ifndef WIN32
76 #include <netdb.h> /* for "struct addrinfo" */
77 #endif /* WIN32 */
78 #endif /*INET6*/
79 #include <pcap-namedb.h>
80
81 #define ETHERMTU 1500
82
83 #ifndef IPPROTO_SCTP
84 #define IPPROTO_SCTP 132
85 #endif
86
87 #ifdef HAVE_OS_PROTO_H
88 #include "os-proto.h"
89 #endif
90
91 #define JMP(c) ((c)|BPF_JMP|BPF_K)
92
93 /* Locals */
94 static jmp_buf top_ctx;
95 static pcap_t *bpf_pcap;
96
97 /* Hack for updating VLAN offsets. */
98 static u_int orig_linktype = -1, orig_nl = -1, orig_nl_nosnap = -1;
99
100 /* XXX */
101 #ifdef PCAP_FDDIPAD
102 int pcap_fddipad = PCAP_FDDIPAD;
103 #else
104 int pcap_fddipad;
105 #endif
106
107 /* VARARGS */
108 void
109 bpf_error(const char *fmt, ...)
110
111 {
112 va_list ap;
113
114 va_start(ap, fmt);
115 if (bpf_pcap != NULL)
116 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE,
117 fmt, ap);
118 va_end(ap);
119 longjmp(top_ctx, 1);
120 /* NOTREACHED */
121 }
122
123 static void init_linktype(int);
124
125 static int alloc_reg(void);
126 static void free_reg(int);
127
128 static struct block *root;
129
130 /*
131 * We divy out chunks of memory rather than call malloc each time so
132 * we don't have to worry about leaking memory. It's probably
133 * not a big deal if all this memory was wasted but it this ever
134 * goes into a library that would probably not be a good idea.
135 */
136 #define NCHUNKS 16
137 #define CHUNK0SIZE 1024
138 struct chunk {
139 u_int n_left;
140 void *m;
141 };
142
143 static struct chunk chunks[NCHUNKS];
144 static int cur_chunk;
145
146 static void *newchunk(u_int);
147 static void freechunks(void);
148 static inline struct block *new_block(int);
149 static inline struct slist *new_stmt(int);
150 static struct block *gen_retblk(int);
151 static inline void syntax(void);
152
153 static void backpatch(struct block *, struct block *);
154 static void merge(struct block *, struct block *);
155 static struct block *gen_cmp(u_int, u_int, bpf_int32);
156 static struct block *gen_cmp_gt(u_int, u_int, bpf_int32);
157 static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32);
158 static struct block *gen_bcmp(u_int, u_int, const u_char *);
159 static struct block *gen_ncmp(bpf_u_int32, bpf_u_int32, bpf_u_int32,
160 bpf_u_int32, bpf_u_int32, int);
161 static struct block *gen_uncond(int);
162 static inline struct block *gen_true(void);
163 static inline struct block *gen_false(void);
164 static struct block *gen_ether_linktype(int);
165 static struct block *gen_linktype(int);
166 static struct block *gen_snap(bpf_u_int32, bpf_u_int32, u_int);
167 static struct block *gen_llc(int);
168 static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int);
169 #ifdef INET6
170 static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int);
171 #endif
172 static struct block *gen_ahostop(const u_char *, int);
173 static struct block *gen_ehostop(const u_char *, int);
174 static struct block *gen_fhostop(const u_char *, int);
175 static struct block *gen_thostop(const u_char *, int);
176 static struct block *gen_wlanhostop(const u_char *, int);
177 static struct block *gen_ipfchostop(const u_char *, int);
178 static struct block *gen_dnhostop(bpf_u_int32, int, u_int);
179 static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int);
180 #ifdef INET6
181 static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int);
182 #endif
183 #ifndef INET6
184 static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int);
185 #endif
186 static struct block *gen_ipfrag(void);
187 static struct block *gen_portatom(int, bpf_int32);
188 #ifdef INET6
189 static struct block *gen_portatom6(int, bpf_int32);
190 #endif
191 struct block *gen_portop(int, int, int);
192 static struct block *gen_port(int, int, int);
193 #ifdef INET6
194 struct block *gen_portop6(int, int, int);
195 static struct block *gen_port6(int, int, int);
196 #endif
197 static int lookup_proto(const char *, int);
198 static struct block *gen_protochain(int, int, int);
199 static struct block *gen_proto(int, int, int);
200 static struct slist *xfer_to_x(struct arth *);
201 static struct slist *xfer_to_a(struct arth *);
202 static struct block *gen_mac_multicast(int);
203 static struct block *gen_len(int, int);
204
205 static struct block *gen_msg_abbrev(int type);
206
207 static void *
208 newchunk(n)
209 u_int n;
210 {
211 struct chunk *cp;
212 int k;
213 size_t size;
214
215 #ifndef __NetBSD__
216 /* XXX Round up to nearest long. */
217 n = (n + sizeof(long) - 1) & ~(sizeof(long) - 1);
218 #else
219 /* XXX Round up to structure boundary. */
220 n = ALIGN(n);
221 #endif
222
223 cp = &chunks[cur_chunk];
224 if (n > cp->n_left) {
225 ++cp, k = ++cur_chunk;
226 if (k >= NCHUNKS)
227 bpf_error("out of memory");
228 size = CHUNK0SIZE << k;
229 cp->m = (void *)malloc(size);
230 if (cp->m == NULL)
231 bpf_error("out of memory");
232 memset((char *)cp->m, 0, size);
233 cp->n_left = size;
234 if (n > size)
235 bpf_error("out of memory");
236 }
237 cp->n_left -= n;
238 return (void *)((char *)cp->m + cp->n_left);
239 }
240
241 static void
242 freechunks()
243 {
244 int i;
245
246 cur_chunk = 0;
247 for (i = 0; i < NCHUNKS; ++i)
248 if (chunks[i].m != NULL) {
249 free(chunks[i].m);
250 chunks[i].m = NULL;
251 }
252 }
253
254 /*
255 * A strdup whose allocations are freed after code generation is over.
256 */
257 char *
258 sdup(s)
259 register const char *s;
260 {
261 int n = strlen(s) + 1;
262 char *cp = newchunk(n);
263
264 strlcpy(cp, s, n);
265 return (cp);
266 }
267
268 static inline struct block *
269 new_block(code)
270 int code;
271 {
272 struct block *p;
273
274 p = (struct block *)newchunk(sizeof(*p));
275 p->s.code = code;
276 p->head = p;
277
278 return p;
279 }
280
281 static inline struct slist *
282 new_stmt(code)
283 int code;
284 {
285 struct slist *p;
286
287 p = (struct slist *)newchunk(sizeof(*p));
288 p->s.code = code;
289
290 return p;
291 }
292
293 static struct block *
294 gen_retblk(v)
295 int v;
296 {
297 struct block *b = new_block(BPF_RET|BPF_K);
298
299 b->s.k = v;
300 return b;
301 }
302
303 static inline void
304 syntax()
305 {
306 bpf_error("syntax error in filter expression");
307 }
308
309 static bpf_u_int32 netmask;
310 static int snaplen;
311 int no_optimize;
312
313 int
314 pcap_compile(pcap_t *p, struct bpf_program *program,
315 char *buf, int optimize, bpf_u_int32 mask)
316 {
317 extern int n_errors;
318 int len;
319
320 no_optimize = 0;
321 n_errors = 0;
322 root = NULL;
323 bpf_pcap = p;
324 if (setjmp(top_ctx)) {
325 lex_cleanup();
326 freechunks();
327 return (-1);
328 }
329
330 netmask = mask;
331
332 snaplen = pcap_snapshot(p);
333 if (snaplen == 0) {
334 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
335 "snaplen of 0 rejects all packets");
336 return -1;
337 }
338
339 lex_init(buf ? buf : "");
340 init_linktype(pcap_datalink(p));
341 (void)pcap_parse();
342
343 if (n_errors)
344 syntax();
345
346 if (root == NULL)
347 root = gen_retblk(snaplen);
348
349 if (optimize && !no_optimize) {
350 bpf_optimize(&root);
351 if (root == NULL ||
352 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0))
353 bpf_error("expression rejects all packets");
354 }
355 program->bf_insns = icode_to_fcode(root, &len);
356 program->bf_len = len;
357
358 lex_cleanup();
359 freechunks();
360 return (0);
361 }
362
363 /*
364 * entry point for using the compiler with no pcap open
365 * pass in all the stuff that is needed explicitly instead.
366 */
367 int
368 pcap_compile_nopcap(int snaplen_arg, int linktype_arg,
369 struct bpf_program *program,
370 char *buf, int optimize, bpf_u_int32 mask)
371 {
372 pcap_t *p;
373 int ret;
374
375 p = pcap_open_dead(linktype_arg, snaplen_arg);
376 if (p == NULL)
377 return (-1);
378 ret = pcap_compile(p, program, buf, optimize, mask);
379 pcap_close(p);
380 return (ret);
381 }
382
383 /*
384 * Clean up a "struct bpf_program" by freeing all the memory allocated
385 * in it.
386 */
387 void
388 pcap_freecode(struct bpf_program *program)
389 {
390 program->bf_len = 0;
391 if (program->bf_insns != NULL) {
392 free((char *)program->bf_insns);
393 program->bf_insns = NULL;
394 }
395 }
396
397 /*
398 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates
399 * which of the jt and jf fields has been resolved and which is a pointer
400 * back to another unresolved block (or nil). At least one of the fields
401 * in each block is already resolved.
402 */
403 static void
404 backpatch(list, target)
405 struct block *list, *target;
406 {
407 struct block *next;
408
409 while (list) {
410 if (!list->sense) {
411 next = JT(list);
412 JT(list) = target;
413 } else {
414 next = JF(list);
415 JF(list) = target;
416 }
417 list = next;
418 }
419 }
420
421 /*
422 * Merge the lists in b0 and b1, using the 'sense' field to indicate
423 * which of jt and jf is the link.
424 */
425 static void
426 merge(b0, b1)
427 struct block *b0, *b1;
428 {
429 register struct block **p = &b0;
430
431 /* Find end of list. */
432 while (*p)
433 p = !((*p)->sense) ? &JT(*p) : &JF(*p);
434
435 /* Concatenate the lists. */
436 *p = b1;
437 }
438
439 void
440 finish_parse(p)
441 struct block *p;
442 {
443 backpatch(p, gen_retblk(snaplen));
444 p->sense = !p->sense;
445 backpatch(p, gen_retblk(0));
446 root = p->head;
447 }
448
449 void
450 gen_and(b0, b1)
451 struct block *b0, *b1;
452 {
453 backpatch(b0, b1->head);
454 b0->sense = !b0->sense;
455 b1->sense = !b1->sense;
456 merge(b1, b0);
457 b1->sense = !b1->sense;
458 b1->head = b0->head;
459 }
460
461 void
462 gen_or(b0, b1)
463 struct block *b0, *b1;
464 {
465 b0->sense = !b0->sense;
466 backpatch(b0, b1->head);
467 b0->sense = !b0->sense;
468 merge(b1, b0);
469 b1->head = b0->head;
470 }
471
472 void
473 gen_not(b)
474 struct block *b;
475 {
476 b->sense = !b->sense;
477 }
478
479 static struct block *
480 gen_cmp(offset, size, v)
481 u_int offset, size;
482 bpf_int32 v;
483 {
484 struct slist *s;
485 struct block *b;
486
487 s = new_stmt(BPF_LD|BPF_ABS|size);
488 s->s.k = offset;
489
490 b = new_block(JMP(BPF_JEQ));
491 b->stmts = s;
492 b->s.k = v;
493
494 return b;
495 }
496
497 static struct block *
498 gen_cmp_gt(offset, size, v)
499 u_int offset, size;
500 bpf_int32 v;
501 {
502 struct slist *s;
503 struct block *b;
504
505 s = new_stmt(BPF_LD|BPF_ABS|size);
506 s->s.k = offset;
507
508 b = new_block(JMP(BPF_JGT));
509 b->stmts = s;
510 b->s.k = v;
511
512 return b;
513 }
514
515 static struct block *
516 gen_mcmp(offset, size, v, mask)
517 u_int offset, size;
518 bpf_int32 v;
519 bpf_u_int32 mask;
520 {
521 struct block *b = gen_cmp(offset, size, v);
522 struct slist *s;
523
524 if (mask != 0xffffffff) {
525 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
526 s->s.k = mask;
527 b->stmts->next = s;
528 }
529 return b;
530 }
531
532 static struct block *
533 gen_bcmp(offset, size, v)
534 register u_int offset, size;
535 register const u_char *v;
536 {
537 register struct block *b, *tmp;
538
539 b = NULL;
540 while (size >= 4) {
541 register const u_char *p = &v[size - 4];
542 bpf_int32 w = ((bpf_int32)p[0] << 24) |
543 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3];
544
545 tmp = gen_cmp(offset + size - 4, BPF_W, w);
546 if (b != NULL)
547 gen_and(b, tmp);
548 b = tmp;
549 size -= 4;
550 }
551 while (size >= 2) {
552 register const u_char *p = &v[size - 2];
553 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1];
554
555 tmp = gen_cmp(offset + size - 2, BPF_H, w);
556 if (b != NULL)
557 gen_and(b, tmp);
558 b = tmp;
559 size -= 2;
560 }
561 if (size > 0) {
562 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]);
563 if (b != NULL)
564 gen_and(b, tmp);
565 b = tmp;
566 }
567 return b;
568 }
569
570 static struct block *
571 gen_ncmp(datasize, offset, mask, jtype, jvalue, reverse)
572 bpf_u_int32 datasize, offset, mask, jtype, jvalue;
573 int reverse;
574 {
575 struct slist *s;
576 struct block *b;
577
578 s = new_stmt(BPF_LD|datasize|BPF_ABS);
579 s->s.k = offset;
580
581 if (mask != 0xffffffff) {
582 s->next = new_stmt(BPF_ALU|BPF_AND|BPF_K);
583 s->next->s.k = mask;
584 }
585
586 b = new_block(JMP(jtype));
587 b->stmts = s;
588 b->s.k = jvalue;
589 if (reverse && (jtype == BPF_JGT || jtype == BPF_JGE))
590 gen_not(b);
591 return b;
592 }
593
594 /*
595 * Various code constructs need to know the layout of the data link
596 * layer. These variables give the necessary offsets.
597 */
598
599 /*
600 * This is the offset of the beginning of the MAC-layer header.
601 * It's usually 0, except for ATM LANE.
602 */
603 static u_int off_mac;
604
605 /*
606 * "off_linktype" is the offset to information in the link-layer header
607 * giving the packet type.
608 *
609 * For Ethernet, it's the offset of the Ethernet type field.
610 *
611 * For link-layer types that always use 802.2 headers, it's the
612 * offset of the LLC header.
613 *
614 * For PPP, it's the offset of the PPP type field.
615 *
616 * For Cisco HDLC, it's the offset of the CHDLC type field.
617 *
618 * For BSD loopback, it's the offset of the AF_ value.
619 *
620 * For Linux cooked sockets, it's the offset of the type field.
621 *
622 * It's set to -1 for no encapsulation, in which case, IP is assumed.
623 */
624 static u_int off_linktype;
625
626 /*
627 * TRUE if the link layer includes an ATM pseudo-header.
628 */
629 static int is_atm = 0;
630
631 /*
632 * TRUE if "lane" appeared in the filter; it causes us to generate
633 * code that assumes LANE rather than LLC-encapsulated traffic in SunATM.
634 */
635 static int is_lane = 0;
636
637 /*
638 * These are offsets for the ATM pseudo-header.
639 */
640 static u_int off_vpi;
641 static u_int off_vci;
642 static u_int off_proto;
643
644 /*
645 * This is the offset of the first byte after the ATM pseudo_header,
646 * or -1 if there is no ATM pseudo-header.
647 */
648 static u_int off_payload;
649
650 /*
651 * These are offsets to the beginning of the network-layer header.
652 *
653 * If the link layer never uses 802.2 LLC:
654 *
655 * "off_nl" and "off_nl_nosnap" are the same.
656 *
657 * If the link layer always uses 802.2 LLC:
658 *
659 * "off_nl" is the offset if there's a SNAP header following
660 * the 802.2 header;
661 *
662 * "off_nl_nosnap" is the offset if there's no SNAP header.
663 *
664 * If the link layer is Ethernet:
665 *
666 * "off_nl" is the offset if the packet is an Ethernet II packet
667 * (we assume no 802.3+802.2+SNAP);
668 *
669 * "off_nl_nosnap" is the offset if the packet is an 802.3 packet
670 * with an 802.2 header following it.
671 */
672 static u_int off_nl;
673 static u_int off_nl_nosnap;
674
675 static int linktype;
676
677 static void
678 init_linktype(type)
679 int type;
680 {
681 linktype = type;
682
683 /*
684 * Assume it's not raw ATM with a pseudo-header, for now.
685 */
686 off_mac = 0;
687 is_atm = 0;
688 is_lane = 0;
689 off_vpi = -1;
690 off_vci = -1;
691 off_proto = -1;
692 off_payload = -1;
693
694 orig_linktype = -1;
695 orig_nl = -1;
696 orig_nl_nosnap = -1;
697
698 switch (type) {
699
700 case DLT_ARCNET:
701 off_linktype = 2;
702 off_nl = 6; /* XXX in reality, variable! */
703 off_nl_nosnap = 6; /* no 802.2 LLC */
704 return;
705
706 case DLT_ARCNET_LINUX:
707 off_linktype = 4;
708 off_nl = 8; /* XXX in reality, variable! */
709 off_nl_nosnap = 8; /* no 802.2 LLC */
710 return;
711
712 case DLT_EN10MB:
713 off_linktype = 12;
714 off_nl = 14; /* Ethernet II */
715 off_nl_nosnap = 17; /* 802.3+802.2 */
716 return;
717
718 case DLT_SLIP:
719 /*
720 * SLIP doesn't have a link level type. The 16 byte
721 * header is hacked into our SLIP driver.
722 */
723 off_linktype = -1;
724 off_nl = 16;
725 off_nl_nosnap = 16; /* no 802.2 LLC */
726 return;
727
728 case DLT_SLIP_BSDOS:
729 /* XXX this may be the same as the DLT_PPP_BSDOS case */
730 off_linktype = -1;
731 /* XXX end */
732 off_nl = 24;
733 off_nl_nosnap = 24; /* no 802.2 LLC */
734 return;
735
736 case DLT_NULL:
737 case DLT_LOOP:
738 off_linktype = 0;
739 off_nl = 4;
740 off_nl_nosnap = 4; /* no 802.2 LLC */
741 return;
742
743 case DLT_ENC:
744 off_linktype = 0;
745 off_nl = 12;
746 off_nl_nosnap = 12; /* no 802.2 LLC */
747 return;
748
749 case DLT_PFLOG:
750 off_linktype = 0;
751 off_nl = 28;
752 off_nl_nosnap = 28; /* no 802.2 LLC */
753 return;
754
755 case DLT_PPP:
756 case DLT_C_HDLC: /* BSD/OS Cisco HDLC */
757 case DLT_PPP_SERIAL: /* NetBSD sync/async serial PPP */
758 off_linktype = 2;
759 off_nl = 4;
760 off_nl_nosnap = 4; /* no 802.2 LLC */
761 return;
762
763 case DLT_PPP_ETHER:
764 /*
765 * This does no include the Ethernet header, and
766 * only covers session state.
767 */
768 off_linktype = 6;
769 off_nl = 8;
770 off_nl_nosnap = 8; /* no 802.2 LLC */
771 return;
772
773 case DLT_PPP_BSDOS:
774 off_linktype = 5;
775 off_nl = 24;
776 off_nl_nosnap = 24; /* no 802.2 LLC */
777 return;
778
779 case DLT_FDDI:
780 /*
781 * FDDI doesn't really have a link-level type field.
782 * We set "off_linktype" to the offset of the LLC header.
783 *
784 * To check for Ethernet types, we assume that SSAP = SNAP
785 * is being used and pick out the encapsulated Ethernet type.
786 * XXX - should we generate code to check for SNAP?
787 */
788 off_linktype = 13;
789 #ifdef PCAP_FDDIPAD
790 off_linktype += pcap_fddipad;
791 #endif
792 off_nl = 21; /* FDDI+802.2+SNAP */
793 off_nl_nosnap = 16; /* FDDI+802.2 */
794 #ifdef PCAP_FDDIPAD
795 off_nl += pcap_fddipad;
796 off_nl_nosnap += pcap_fddipad;
797 #endif
798 return;
799
800 case DLT_IEEE802:
801 /*
802 * Token Ring doesn't really have a link-level type field.
803 * We set "off_linktype" to the offset of the LLC header.
804 *
805 * To check for Ethernet types, we assume that SSAP = SNAP
806 * is being used and pick out the encapsulated Ethernet type.
807 * XXX - should we generate code to check for SNAP?
808 *
809 * XXX - the header is actually variable-length.
810 * Some various Linux patched versions gave 38
811 * as "off_linktype" and 40 as "off_nl"; however,
812 * if a token ring packet has *no* routing
813 * information, i.e. is not source-routed, the correct
814 * values are 20 and 22, as they are in the vanilla code.
815 *
816 * A packet is source-routed iff the uppermost bit
817 * of the first byte of the source address, at an
818 * offset of 8, has the uppermost bit set. If the
819 * packet is source-routed, the total number of bytes
820 * of routing information is 2 plus bits 0x1F00 of
821 * the 16-bit value at an offset of 14 (shifted right
822 * 8 - figure out which byte that is).
823 */
824 off_linktype = 14;
825 off_nl = 22; /* Token Ring+802.2+SNAP */
826 off_nl_nosnap = 17; /* Token Ring+802.2 */
827 return;
828
829 case DLT_IEEE802_11:
830 /*
831 * 802.11 doesn't really have a link-level type field.
832 * We set "off_linktype" to the offset of the LLC header.
833 *
834 * To check for Ethernet types, we assume that SSAP = SNAP
835 * is being used and pick out the encapsulated Ethernet type.
836 * XXX - should we generate code to check for SNAP?
837 *
838 * XXX - the header is actually variable-length. We
839 * assume a 24-byte link-layer header, as appears in
840 * data frames in networks with no bridges.
841 */
842 off_linktype = 24;
843 off_nl = 32; /* 802.11+802.2+SNAP */
844 off_nl_nosnap = 27; /* 802.11+802.2 */
845 return;
846
847 case DLT_PRISM_HEADER:
848 /*
849 * Same as 802.11, but with an additional header before
850 * the 802.11 header, containing a bunch of additional
851 * information including radio-level information.
852 *
853 * The header is 144 bytes long.
854 *
855 * XXX - same variable-length header problem; at least
856 * the Prism header is fixed-length.
857 */
858 off_linktype = 144+24;
859 off_nl = 144+32; /* Prism+802.11+802.2+SNAP */
860 off_nl_nosnap = 144+27; /* Prism+802.11+802.2 */
861 return;
862
863 case DLT_IEEE802_11_RADIO:
864 /*
865 * Same as 802.11, but with an additional header before
866 * the 802.11 header, containing a bunch of additional
867 * information including radio-level information.
868 *
869 * The header is 64 bytes long.
870 *
871 * XXX - same variable-length header problem, only
872 * more so; this header is also variable-length,
873 * with the length being the 32-bit big-endian
874 * number at an offset of 4 from the beginning
875 * of the radio header.
876 */
877 off_linktype = 64+24;
878 off_nl = 64+32; /* Radio+802.11+802.2+SNAP */
879 off_nl_nosnap = 64+27; /* Radio+802.11+802.2 */
880 return;
881
882 case DLT_ATM_RFC1483:
883 case DLT_ATM_CLIP: /* Linux ATM defines this */
884 /*
885 * assume routed, non-ISO PDUs
886 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00)
887 */
888 off_linktype = 0;
889 off_nl = 8; /* 802.2+SNAP */
890 off_nl_nosnap = 3; /* 802.2 */
891 return;
892
893 case DLT_SUNATM:
894 /*
895 * Full Frontal ATM; you get AALn PDUs with an ATM
896 * pseudo-header.
897 */
898 is_atm = 1;
899 off_vpi = SUNATM_VPI_POS;
900 off_vci = SUNATM_VCI_POS;
901 off_proto = PROTO_POS;
902 off_mac = -1; /* LLC-encapsulated, so no MAC-layer header */
903 off_payload = SUNATM_PKT_BEGIN_POS;
904 off_linktype = off_payload;
905 off_nl = off_payload+8; /* 802.2+SNAP */
906 off_nl_nosnap = off_payload+3; /* 802.2 */
907 return;
908
909 case DLT_RAW:
910 off_linktype = -1;
911 off_nl = 0;
912 off_nl_nosnap = 0; /* no 802.2 LLC */
913 return;
914
915 case DLT_LINUX_SLL: /* fake header for Linux cooked socket */
916 off_linktype = 14;
917 off_nl = 16;
918 off_nl_nosnap = 16; /* no 802.2 LLC */
919 return;
920
921 case DLT_LTALK:
922 /*
923 * LocalTalk does have a 1-byte type field in the LLAP header,
924 * but really it just indicates whether there is a "short" or
925 * "long" DDP packet following.
926 */
927 off_linktype = -1;
928 off_nl = 0;
929 off_nl_nosnap = 0; /* no 802.2 LLC */
930 return;
931
932 case DLT_IP_OVER_FC:
933 /*
934 * RFC 2625 IP-over-Fibre-Channel doesn't really have a
935 * link-level type field. We set "off_linktype" to the
936 * offset of the LLC header.
937 *
938 * To check for Ethernet types, we assume that SSAP = SNAP
939 * is being used and pick out the encapsulated Ethernet type.
940 * XXX - should we generate code to check for SNAP? RFC
941 * 2625 says SNAP should be used.
942 */
943 off_linktype = 16;
944 off_nl = 24; /* IPFC+802.2+SNAP */
945 off_nl_nosnap = 19; /* IPFC+802.2 */
946 return;
947
948 case DLT_FRELAY:
949 /*
950 * XXX - we should set this to handle SNAP-encapsulated
951 * frames (NLPID of 0x80).
952 */
953 off_linktype = -1;
954 off_nl = 0;
955 off_nl_nosnap = 0; /* no 802.2 LLC */
956 return;
957
958 case DLT_LINUX_IRDA:
959 /*
960 * Currently, only raw "link[N:M]" filtering is supported.
961 */
962 off_linktype = -1;
963 off_nl = -1;
964 off_nl_nosnap = -1;
965 return;
966
967 case DLT_DOCSIS:
968 /*
969 * Currently, only raw "link[N:M]" filtering is supported.
970 */
971 off_linktype = -1;
972 off_nl = -1;
973 off_nl_nosnap = -1;
974 return;
975 }
976 bpf_error("unknown data link type %d", linktype);
977 /* NOTREACHED */
978 }
979
980 static struct block *
981 gen_uncond(rsense)
982 int rsense;
983 {
984 struct block *b;
985 struct slist *s;
986
987 s = new_stmt(BPF_LD|BPF_IMM);
988 s->s.k = !rsense;
989 b = new_block(JMP(BPF_JEQ));
990 b->stmts = s;
991
992 return b;
993 }
994
995 static inline struct block *
996 gen_true()
997 {
998 return gen_uncond(1);
999 }
1000
1001 static inline struct block *
1002 gen_false()
1003 {
1004 return gen_uncond(0);
1005 }
1006
1007 /*
1008 * Byte-swap a 32-bit number.
1009 * ("htonl()" or "ntohl()" won't work - we want to byte-swap even on
1010 * big-endian platforms.)
1011 */
1012 #define SWAPLONG(y) \
1013 ((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff))
1014
1015 static struct block *
1016 gen_ether_linktype(proto)
1017 register int proto;
1018 {
1019 struct block *b0, *b1;
1020
1021 switch (proto) {
1022
1023 case LLCSAP_ISONS:
1024 /*
1025 * OSI protocols always use 802.2 encapsulation.
1026 * XXX - should we check both the DSAP and the
1027 * SSAP, like this, or should we check just the
1028 * DSAP?
1029 */
1030 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1031 gen_not(b0);
1032 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1033 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
1034 gen_and(b0, b1);
1035 return b1;
1036
1037 case LLCSAP_IP:
1038 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1039 gen_not(b0);
1040 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1041 ((LLCSAP_IP << 8) | LLCSAP_IP));
1042 gen_and(b0, b1);
1043 return b1;
1044
1045 case LLCSAP_NETBEUI:
1046 /*
1047 * NetBEUI always uses 802.2 encapsulation.
1048 * XXX - should we check both the DSAP and the
1049 * SSAP, like this, or should we check just the
1050 * DSAP?
1051 */
1052 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1053 gen_not(b0);
1054 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1055 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
1056 gen_and(b0, b1);
1057 return b1;
1058
1059 case LLCSAP_IPX:
1060 /*
1061 * Check for;
1062 *
1063 * Ethernet_II frames, which are Ethernet
1064 * frames with a frame type of ETHERTYPE_IPX;
1065 *
1066 * Ethernet_802.3 frames, which are 802.3
1067 * frames (i.e., the type/length field is
1068 * a length field, <= ETHERMTU, rather than
1069 * a type field) with the first two bytes
1070 * after the Ethernet/802.3 header being
1071 * 0xFFFF;
1072 *
1073 * Ethernet_802.2 frames, which are 802.3
1074 * frames with an 802.2 LLC header and
1075 * with the IPX LSAP as the DSAP in the LLC
1076 * header;
1077 *
1078 * Ethernet_SNAP frames, which are 802.3
1079 * frames with an LLC header and a SNAP
1080 * header and with an OUI of 0x000000
1081 * (encapsulated Ethernet) and a protocol
1082 * ID of ETHERTYPE_IPX in the SNAP header.
1083 *
1084 * XXX - should we generate the same code both
1085 * for tests for LLCSAP_IPX and for ETHERTYPE_IPX?
1086 */
1087
1088 /*
1089 * This generates code to check both for the
1090 * IPX LSAP (Ethernet_802.2) and for Ethernet_802.3.
1091 */
1092 b0 = gen_cmp(off_linktype + 2, BPF_B, (bpf_int32)LLCSAP_IPX);
1093 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)0xFFFF);
1094 gen_or(b0, b1);
1095
1096 /*
1097 * Now we add code to check for SNAP frames with
1098 * ETHERTYPE_IPX, i.e. Ethernet_SNAP.
1099 */
1100 b0 = gen_snap(0x000000, ETHERTYPE_IPX, 14);
1101 gen_or(b0, b1);
1102
1103 /*
1104 * Now we generate code to check for 802.3
1105 * frames in general.
1106 */
1107 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1108 gen_not(b0);
1109
1110 /*
1111 * Now add the check for 802.3 frames before the
1112 * check for Ethernet_802.2 and Ethernet_802.3,
1113 * as those checks should only be done on 802.3
1114 * frames, not on Ethernet frames.
1115 */
1116 gen_and(b0, b1);
1117
1118 /*
1119 * Now add the check for Ethernet_II frames, and
1120 * do that before checking for the other frame
1121 * types.
1122 */
1123 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)ETHERTYPE_IPX);
1124 gen_or(b0, b1);
1125 return b1;
1126
1127 case ETHERTYPE_ATALK:
1128 case ETHERTYPE_AARP:
1129 /*
1130 * EtherTalk (AppleTalk protocols on Ethernet link
1131 * layer) may use 802.2 encapsulation.
1132 */
1133
1134 /*
1135 * Check for 802.2 encapsulation (EtherTalk phase 2?);
1136 * we check for an Ethernet type field less than
1137 * 1500, which means it's an 802.3 length field.
1138 */
1139 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1140 gen_not(b0);
1141
1142 /*
1143 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1144 * SNAP packets with an organization code of
1145 * 0x080007 (Apple, for Appletalk) and a protocol
1146 * type of ETHERTYPE_ATALK (Appletalk).
1147 *
1148 * 802.2-encapsulated ETHERTYPE_AARP packets are
1149 * SNAP packets with an organization code of
1150 * 0x000000 (encapsulated Ethernet) and a protocol
1151 * type of ETHERTYPE_AARP (Appletalk ARP).
1152 */
1153 if (proto == ETHERTYPE_ATALK)
1154 b1 = gen_snap(0x080007, ETHERTYPE_ATALK, 14);
1155 else /* proto == ETHERTYPE_AARP */
1156 b1 = gen_snap(0x000000, ETHERTYPE_AARP, 14);
1157 gen_and(b0, b1);
1158
1159 /*
1160 * Check for Ethernet encapsulation (Ethertalk
1161 * phase 1?); we just check for the Ethernet
1162 * protocol type.
1163 */
1164 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1165
1166 gen_or(b0, b1);
1167 return b1;
1168
1169 default:
1170 if (proto <= ETHERMTU) {
1171 /*
1172 * This is an LLC SAP value, so the frames
1173 * that match would be 802.2 frames.
1174 * Check that the frame is an 802.2 frame
1175 * (i.e., that the length/type field is
1176 * a length field, <= ETHERMTU) and
1177 * then check the DSAP.
1178 */
1179 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1180 gen_not(b0);
1181 b1 = gen_cmp(off_linktype + 2, BPF_B, (bpf_int32)proto);
1182 gen_and(b0, b1);
1183 return b1;
1184 } else {
1185 /*
1186 * This is an Ethernet type, so compare
1187 * the length/type field with it (if
1188 * the frame is an 802.2 frame, the length
1189 * field will be <= ETHERMTU, and, as
1190 * "proto" is > ETHERMTU, this test
1191 * will fail and the frame won't match,
1192 * which is what we want).
1193 */
1194 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1195 }
1196 }
1197 }
1198
1199 static struct block *
1200 gen_linktype(proto)
1201 register int proto;
1202 {
1203 struct block *b0, *b1, *b2;
1204
1205 switch (linktype) {
1206
1207 case DLT_EN10MB:
1208 return gen_ether_linktype(proto);
1209 break;
1210
1211 case DLT_C_HDLC:
1212 switch (proto) {
1213
1214 case LLCSAP_ISONS:
1215 proto = (proto << 8 | LLCSAP_ISONS);
1216 /* fall through */
1217
1218 default:
1219 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1220 break;
1221 }
1222 break;
1223
1224 case DLT_IEEE802_11:
1225 case DLT_PRISM_HEADER:
1226 case DLT_IEEE802_11_RADIO:
1227 case DLT_FDDI:
1228 case DLT_IEEE802:
1229 case DLT_ATM_RFC1483:
1230 case DLT_ATM_CLIP:
1231 case DLT_IP_OVER_FC:
1232 return gen_llc(proto);
1233 break;
1234
1235 case DLT_SUNATM:
1236 /*
1237 * If "is_lane" is set, check for a LANE-encapsulated
1238 * version of this protocol, otherwise check for an
1239 * LLC-encapsulated version of this protocol.
1240 *
1241 * We assume LANE means Ethernet, not Token Ring.
1242 */
1243 if (is_lane) {
1244 /*
1245 * Check that the packet doesn't begin with an
1246 * LE Control marker. (We've already generated
1247 * a test for LANE.)
1248 */
1249 b0 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
1250 gen_not(b0);
1251
1252 /*
1253 * Now generate an Ethernet test.
1254 */
1255 b1 = gen_ether_linktype(proto);
1256 gen_and(b0, b1);
1257 return b1;
1258 } else {
1259 /*
1260 * Check for LLC encapsulation and then check the
1261 * protocol.
1262 */
1263 b0 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0);
1264 b1 = gen_llc(proto);
1265 gen_and(b0, b1);
1266 return b1;
1267 }
1268
1269 case DLT_LINUX_SLL:
1270 switch (proto) {
1271
1272 case LLCSAP_IP:
1273 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1274 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1275 ((LLCSAP_IP << 8) | LLCSAP_IP));
1276 gen_and(b0, b1);
1277 return b1;
1278
1279 case LLCSAP_ISONS:
1280 /*
1281 * OSI protocols always use 802.2 encapsulation.
1282 * XXX - should we check both the DSAP and the
1283 * LSAP, like this, or should we check just the
1284 * DSAP?
1285 */
1286 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1287 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1288 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
1289 gen_and(b0, b1);
1290 return b1;
1291
1292 case LLCSAP_NETBEUI:
1293 /*
1294 * NetBEUI always uses 802.2 encapsulation.
1295 * XXX - should we check both the DSAP and the
1296 * LSAP, like this, or should we check just the
1297 * DSAP?
1298 */
1299 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1300 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1301 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
1302 gen_and(b0, b1);
1303 return b1;
1304
1305 case LLCSAP_IPX:
1306 /*
1307 * Ethernet_II frames, which are Ethernet
1308 * frames with a frame type of ETHERTYPE_IPX;
1309 *
1310 * Ethernet_802.3 frames, which have a frame
1311 * type of LINUX_SLL_P_802_3;
1312 *
1313 * Ethernet_802.2 frames, which are 802.3
1314 * frames with an 802.2 LLC header (i.e, have
1315 * a frame type of LINUX_SLL_P_802_2) and
1316 * with the IPX LSAP as the DSAP in the LLC
1317 * header;
1318 *
1319 * Ethernet_SNAP frames, which are 802.3
1320 * frames with an LLC header and a SNAP
1321 * header and with an OUI of 0x000000
1322 * (encapsulated Ethernet) and a protocol
1323 * ID of ETHERTYPE_IPX in the SNAP header.
1324 *
1325 * First, do the checks on LINUX_SLL_P_802_2
1326 * frames; generate the check for either
1327 * Ethernet_802.2 or Ethernet_SNAP frames, and
1328 * then put a check for LINUX_SLL_P_802_2 frames
1329 * before it.
1330 */
1331 b0 = gen_cmp(off_linktype + 2, BPF_B,
1332 (bpf_int32)LLCSAP_IPX);
1333 b1 = gen_snap(0x000000, ETHERTYPE_IPX,
1334 off_linktype + 2);
1335 gen_or(b0, b1);
1336 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1337 gen_and(b0, b1);
1338
1339 /*
1340 * Now check for 802.3 frames and OR that with
1341 * the previous test.
1342 */
1343 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_3);
1344 gen_or(b0, b1);
1345
1346 /*
1347 * Now add the check for Ethernet_II frames, and
1348 * do that before checking for the other frame
1349 * types.
1350 */
1351 b0 = gen_cmp(off_linktype, BPF_H,
1352 (bpf_int32)ETHERTYPE_IPX);
1353 gen_or(b0, b1);
1354 return b1;
1355
1356 case ETHERTYPE_ATALK:
1357 case ETHERTYPE_AARP:
1358 /*
1359 * EtherTalk (AppleTalk protocols on Ethernet link
1360 * layer) may use 802.2 encapsulation.
1361 */
1362
1363 /*
1364 * Check for 802.2 encapsulation (EtherTalk phase 2?);
1365 * we check for the 802.2 protocol type in the
1366 * "Ethernet type" field.
1367 */
1368 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1369
1370 /*
1371 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1372 * SNAP packets with an organization code of
1373 * 0x080007 (Apple, for Appletalk) and a protocol
1374 * type of ETHERTYPE_ATALK (Appletalk).
1375 *
1376 * 802.2-encapsulated ETHERTYPE_AARP packets are
1377 * SNAP packets with an organization code of
1378 * 0x000000 (encapsulated Ethernet) and a protocol
1379 * type of ETHERTYPE_AARP (Appletalk ARP).
1380 */
1381 if (proto == ETHERTYPE_ATALK)
1382 b1 = gen_snap(0x080007, ETHERTYPE_ATALK,
1383 off_linktype + 2);
1384 else /* proto == ETHERTYPE_AARP */
1385 b1 = gen_snap(0x000000, ETHERTYPE_AARP,
1386 off_linktype + 2);
1387 gen_and(b0, b1);
1388
1389 /*
1390 * Check for Ethernet encapsulation (Ethertalk
1391 * phase 1?); we just check for the Ethernet
1392 * protocol type.
1393 */
1394 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1395
1396 gen_or(b0, b1);
1397 return b1;
1398
1399 default:
1400 if (proto <= ETHERMTU) {
1401 /*
1402 * This is an LLC SAP value, so the frames
1403 * that match would be 802.2 frames.
1404 * Check for the 802.2 protocol type
1405 * in the "Ethernet type" field, and
1406 * then check the DSAP.
1407 */
1408 b0 = gen_cmp(off_linktype, BPF_H,
1409 LINUX_SLL_P_802_2);
1410 b1 = gen_cmp(off_linktype + 2, BPF_B,
1411 (bpf_int32)proto);
1412 gen_and(b0, b1);
1413 return b1;
1414 } else {
1415 /*
1416 * This is an Ethernet type, so compare
1417 * the length/type field with it (if
1418 * the frame is an 802.2 frame, the length
1419 * field will be <= ETHERMTU, and, as
1420 * "proto" is > ETHERMTU, this test
1421 * will fail and the frame won't match,
1422 * which is what we want).
1423 */
1424 return gen_cmp(off_linktype, BPF_H,
1425 (bpf_int32)proto);
1426 }
1427 }
1428 break;
1429
1430 case DLT_SLIP:
1431 case DLT_SLIP_BSDOS:
1432 case DLT_RAW:
1433 /*
1434 * These types don't provide any type field; packets
1435 * are always IP.
1436 *
1437 * XXX - for IPv4, check for a version number of 4, and,
1438 * for IPv6, check for a version number of 6?
1439 */
1440 switch (proto) {
1441
1442 case ETHERTYPE_IP:
1443 #ifdef INET6
1444 case ETHERTYPE_IPV6:
1445 #endif
1446 return gen_true(); /* always true */
1447
1448 default:
1449 return gen_false(); /* always false */
1450 }
1451 break;
1452
1453 case DLT_PPP:
1454 case DLT_PPP_SERIAL:
1455 case DLT_PPP_ETHER:
1456 /*
1457 * We use Ethernet protocol types inside libpcap;
1458 * map them to the corresponding PPP protocol types.
1459 */
1460 switch (proto) {
1461
1462 case ETHERTYPE_IP:
1463 proto = PPP_IP;
1464 break;
1465
1466 #ifdef INET6
1467 case ETHERTYPE_IPV6:
1468 proto = PPP_IPV6;
1469 break;
1470 #endif
1471
1472 case ETHERTYPE_DN:
1473 proto = PPP_DECNET;
1474 break;
1475
1476 case ETHERTYPE_ATALK:
1477 proto = PPP_APPLE;
1478 break;
1479
1480 case ETHERTYPE_NS:
1481 proto = PPP_NS;
1482 break;
1483
1484 case LLCSAP_ISONS:
1485 proto = PPP_OSI;
1486 break;
1487
1488 case LLCSAP_8021D:
1489 /*
1490 * I'm assuming the "Bridging PDU"s that go
1491 * over PPP are Spanning Tree Protocol
1492 * Bridging PDUs.
1493 */
1494 proto = PPP_BRPDU;
1495 break;
1496
1497 case LLCSAP_IPX:
1498 proto = PPP_IPX;
1499 break;
1500 }
1501 break;
1502
1503 case DLT_PPP_BSDOS:
1504 /*
1505 * We use Ethernet protocol types inside libpcap;
1506 * map them to the corresponding PPP protocol types.
1507 */
1508 switch (proto) {
1509
1510 case ETHERTYPE_IP:
1511 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP);
1512 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC);
1513 gen_or(b0, b1);
1514 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC);
1515 gen_or(b1, b0);
1516 return b0;
1517
1518 #ifdef INET6
1519 case ETHERTYPE_IPV6:
1520 proto = PPP_IPV6;
1521 /* more to go? */
1522 break;
1523 #endif
1524
1525 case ETHERTYPE_DN:
1526 proto = PPP_DECNET;
1527 break;
1528
1529 case ETHERTYPE_ATALK:
1530 proto = PPP_APPLE;
1531 break;
1532
1533 case ETHERTYPE_NS:
1534 proto = PPP_NS;
1535 break;
1536
1537 case LLCSAP_ISONS:
1538 proto = PPP_OSI;
1539 break;
1540
1541 case LLCSAP_8021D:
1542 /*
1543 * I'm assuming the "Bridging PDU"s that go
1544 * over PPP are Spanning Tree Protocol
1545 * Bridging PDUs.
1546 */
1547 proto = PPP_BRPDU;
1548 break;
1549
1550 case LLCSAP_IPX:
1551 proto = PPP_IPX;
1552 break;
1553 }
1554 break;
1555
1556 case DLT_NULL:
1557 case DLT_LOOP:
1558 case DLT_ENC:
1559 case DLT_PFLOG:
1560 /*
1561 * For DLT_NULL, the link-layer header is a 32-bit
1562 * word containing an AF_ value in *host* byte order,
1563 * and for DLT_ENC, the link-layer header begins
1564 * with a 32-bit work containing an AF_ value in
1565 * host byte order.
1566 *
1567 * In addition, if we're reading a saved capture file,
1568 * the host byte order in the capture may not be the
1569 * same as the host byte order on this machine.
1570 *
1571 * For DLT_LOOP, the link-layer header is a 32-bit
1572 * word containing an AF_ value in *network* byte order.
1573 *
1574 * XXX - AF_ values may, unfortunately, be platform-
1575 * dependent; for example, FreeBSD's AF_INET6 is 24
1576 * whilst NetBSD's and OpenBSD's is 26.
1577 *
1578 * This means that, when reading a capture file, just
1579 * checking for our AF_INET6 value won't work if the
1580 * capture file came from another OS.
1581 *
1582 * XXX - what's the byte order for DLT_PFLOG?
1583 */
1584 switch (proto) {
1585
1586 case ETHERTYPE_IP:
1587 proto = AF_INET;
1588 break;
1589
1590 #ifdef INET6
1591 case ETHERTYPE_IPV6:
1592 proto = AF_INET6;
1593 break;
1594 #endif
1595
1596 default:
1597 /*
1598 * Not a type on which we support filtering.
1599 * XXX - support those that have AF_ values
1600 * #defined on this platform, at least?
1601 */
1602 return gen_false();
1603 }
1604
1605 if (linktype == DLT_NULL || linktype == DLT_ENC) {
1606 /*
1607 * The AF_ value is in host byte order, but
1608 * the BPF interpreter will convert it to
1609 * network byte order.
1610 *
1611 * If this is a save file, and it's from a
1612 * machine with the opposite byte order to
1613 * ours, we byte-swap the AF_ value.
1614 *
1615 * Then we run it through "htonl()", and
1616 * generate code to compare against the result.
1617 */
1618 if (bpf_pcap->sf.rfile != NULL &&
1619 bpf_pcap->sf.swapped)
1620 proto = SWAPLONG(proto);
1621 proto = htonl(proto);
1622 }
1623 return (gen_cmp(0, BPF_W, (bpf_int32)proto));
1624
1625 case DLT_ARCNET:
1626 case DLT_ARCNET_LINUX:
1627 /*
1628 * XXX should we check for first fragment if the protocol
1629 * uses PHDS?
1630 */
1631 switch (proto) {
1632
1633 default:
1634 return gen_false();
1635
1636 #ifdef INET6
1637 case ETHERTYPE_IPV6:
1638 return (gen_cmp(off_linktype, BPF_B,
1639 (bpf_int32)ARCTYPE_INET6));
1640 #endif /* INET6 */
1641
1642 case ETHERTYPE_IP:
1643 b0 = gen_cmp(off_linktype, BPF_B,
1644 (bpf_int32)ARCTYPE_IP);
1645 b1 = gen_cmp(off_linktype, BPF_B,
1646 (bpf_int32)ARCTYPE_IP_OLD);
1647 gen_or(b0, b1);
1648 return (b1);
1649
1650 case ETHERTYPE_ARP:
1651 b0 = gen_cmp(off_linktype, BPF_B,
1652 (bpf_int32)ARCTYPE_ARP);
1653 b1 = gen_cmp(off_linktype, BPF_B,
1654 (bpf_int32)ARCTYPE_ARP_OLD);
1655 gen_or(b0, b1);
1656 return (b1);
1657
1658 case ETHERTYPE_REVARP:
1659 return (gen_cmp(off_linktype, BPF_B,
1660 (bpf_int32)ARCTYPE_REVARP));
1661
1662 case ETHERTYPE_ATALK:
1663 return (gen_cmp(off_linktype, BPF_B,
1664 (bpf_int32)ARCTYPE_ATALK));
1665 }
1666 break;
1667
1668 case DLT_LTALK:
1669 switch (proto) {
1670 case ETHERTYPE_ATALK:
1671 return gen_true();
1672 default:
1673 return gen_false();
1674 }
1675 break;
1676
1677 case DLT_FRELAY:
1678 /*
1679 * XXX - assumes a 2-byte Frame Relay header with
1680 * DLCI and flags. What if the address is longer?
1681 */
1682 switch (proto) {
1683
1684 case ETHERTYPE_IP:
1685 /*
1686 * Check for the special NLPID for IP.
1687 */
1688 return gen_cmp(2, BPF_H, (0x03<<8) | 0xcc);
1689
1690 #ifdef INET6
1691 case ETHERTYPE_IPV6:
1692 /*
1693 * Check for the special NLPID for IPv6.
1694 */
1695 return gen_cmp(2, BPF_H, (0x03<<8) | 0x8e);
1696 #endif
1697
1698 case LLCSAP_ISONS:
1699 /*
1700 * Check for several OSI protocols.
1701 *
1702 * Frame Relay packets typically have an OSI
1703 * NLPID at the beginning; we check for each
1704 * of them.
1705 *
1706 * What we check for is the NLPID and a frame
1707 * control field of UI, i.e. 0x03 followed
1708 * by the NLPID.
1709 */
1710 b0 = gen_cmp(2, BPF_H, (0x03<<8) | ISO8473_CLNP);
1711 b1 = gen_cmp(2, BPF_H, (0x03<<8) | ISO9542_ESIS);
1712 b2 = gen_cmp(2, BPF_H, (0x03<<8) | ISO10589_ISIS);
1713 gen_or(b1, b2);
1714 gen_or(b0, b2);
1715 return b2;
1716
1717 default:
1718 return gen_false();
1719 }
1720 break;
1721
1722 case DLT_LINUX_IRDA:
1723 bpf_error("IrDA link-layer type filtering not implemented");
1724
1725 case DLT_DOCSIS:
1726 bpf_error("DOCSIS link-layer type filtering not implemented");
1727 }
1728
1729 /*
1730 * All the types that have no encapsulation should either be
1731 * handled as DLT_SLIP, DLT_SLIP_BSDOS, and DLT_RAW are, if
1732 * all packets are IP packets, or should be handled in some
1733 * special case, if none of them are (if some are and some
1734 * aren't, the lack of encapsulation is a problem, as we'd
1735 * have to find some other way of determining the packet type).
1736 *
1737 * Therefore, if "off_linktype" is -1, there's an error.
1738 */
1739 if (off_linktype == (u_int)-1)
1740 abort();
1741
1742 /*
1743 * Any type not handled above should always have an Ethernet
1744 * type at an offset of "off_linktype". (PPP is partially
1745 * handled above - the protocol type is mapped from the
1746 * Ethernet and LLC types we use internally to the corresponding
1747 * PPP type - but the PPP type is always specified by a value
1748 * at "off_linktype", so we don't have to do the code generation
1749 * above.)
1750 */
1751 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1752 }
1753
1754 /*
1755 * Check for an LLC SNAP packet with a given organization code and
1756 * protocol type; we check the entire contents of the 802.2 LLC and
1757 * snap headers, checking for DSAP and SSAP of SNAP and a control
1758 * field of 0x03 in the LLC header, and for the specified organization
1759 * code and protocol type in the SNAP header.
1760 */
1761 static struct block *
1762 gen_snap(orgcode, ptype, offset)
1763 bpf_u_int32 orgcode;
1764 bpf_u_int32 ptype;
1765 u_int offset;
1766 {
1767 u_char snapblock[8];
1768
1769 snapblock[0] = LLCSAP_SNAP; /* DSAP = SNAP */
1770 snapblock[1] = LLCSAP_SNAP; /* SSAP = SNAP */
1771 snapblock[2] = 0x03; /* control = UI */
1772 snapblock[3] = (orgcode >> 16); /* upper 8 bits of organization code */
1773 snapblock[4] = (orgcode >> 8); /* middle 8 bits of organization code */
1774 snapblock[5] = (orgcode >> 0); /* lower 8 bits of organization code */
1775 snapblock[6] = (ptype >> 8); /* upper 8 bits of protocol type */
1776 snapblock[7] = (ptype >> 0); /* lower 8 bits of protocol type */
1777 return gen_bcmp(offset, 8, snapblock);
1778 }
1779
1780 /*
1781 * Check for a given protocol value assuming an 802.2 LLC header.
1782 */
1783 static struct block *
1784 gen_llc(proto)
1785 int proto;
1786 {
1787 /*
1788 * XXX - handle token-ring variable-length header.
1789 */
1790 switch (proto) {
1791
1792 case LLCSAP_IP:
1793 return gen_cmp(off_linktype, BPF_H, (long)
1794 ((LLCSAP_IP << 8) | LLCSAP_IP));
1795
1796 case LLCSAP_ISONS:
1797 return gen_cmp(off_linktype, BPF_H, (long)
1798 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
1799
1800 case LLCSAP_NETBEUI:
1801 return gen_cmp(off_linktype, BPF_H, (long)
1802 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
1803
1804 case LLCSAP_IPX:
1805 /*
1806 * XXX - are there ever SNAP frames for IPX on
1807 * non-Ethernet 802.x networks?
1808 */
1809 return gen_cmp(off_linktype, BPF_B, (bpf_int32)LLCSAP_IPX);
1810
1811 case ETHERTYPE_ATALK:
1812 /*
1813 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1814 * SNAP packets with an organization code of
1815 * 0x080007 (Apple, for Appletalk) and a protocol
1816 * type of ETHERTYPE_ATALK (Appletalk).
1817 *
1818 * XXX - check for an organization code of
1819 * encapsulated Ethernet as well?
1820 */
1821 return gen_snap(0x080007, ETHERTYPE_ATALK, off_linktype);
1822
1823 default:
1824 /*
1825 * XXX - we don't have to check for IPX 802.3
1826 * here, but should we check for the IPX Ethertype?
1827 */
1828 if (proto <= ETHERMTU) {
1829 /*
1830 * This is an LLC SAP value, so check
1831 * the DSAP.
1832 */
1833 return gen_cmp(off_linktype, BPF_B, (bpf_int32)proto);
1834 } else {
1835 /*
1836 * This is an Ethernet type; we assume that it's
1837 * unlikely that it'll appear in the right place
1838 * at random, and therefore check only the
1839 * location that would hold the Ethernet type
1840 * in a SNAP frame with an organization code of
1841 * 0x000000 (encapsulated Ethernet).
1842 *
1843 * XXX - if we were to check for the SNAP DSAP and
1844 * LSAP, as per XXX, and were also to check for an
1845 * organization code of 0x000000 (encapsulated
1846 * Ethernet), we'd do
1847 *
1848 * return gen_snap(0x000000, proto,
1849 * off_linktype);
1850 *
1851 * here; for now, we don't, as per the above.
1852 * I don't know whether it's worth the extra CPU
1853 * time to do the right check or not.
1854 */
1855 return gen_cmp(off_linktype+6, BPF_H, (bpf_int32)proto);
1856 }
1857 }
1858 }
1859
1860 static struct block *
1861 gen_hostop(addr, mask, dir, proto, src_off, dst_off)
1862 bpf_u_int32 addr;
1863 bpf_u_int32 mask;
1864 int dir, proto;
1865 u_int src_off, dst_off;
1866 {
1867 struct block *b0, *b1;
1868 u_int offset;
1869
1870 switch (dir) {
1871
1872 case Q_SRC:
1873 offset = src_off;
1874 break;
1875
1876 case Q_DST:
1877 offset = dst_off;
1878 break;
1879
1880 case Q_AND:
1881 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
1882 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
1883 gen_and(b0, b1);
1884 return b1;
1885
1886 case Q_OR:
1887 case Q_DEFAULT:
1888 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
1889 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
1890 gen_or(b0, b1);
1891 return b1;
1892
1893 default:
1894 abort();
1895 }
1896 b0 = gen_linktype(proto);
1897 b1 = gen_mcmp(offset, BPF_W, (bpf_int32)addr, mask);
1898 gen_and(b0, b1);
1899 return b1;
1900 }
1901
1902 #ifdef INET6
1903 static struct block *
1904 gen_hostop6(addr, mask, dir, proto, src_off, dst_off)
1905 struct in6_addr *addr;
1906 struct in6_addr *mask;
1907 int dir, proto;
1908 u_int src_off, dst_off;
1909 {
1910 struct block *b0, *b1;
1911 u_int offset;
1912 u_int32_t *a, *m;
1913
1914 switch (dir) {
1915
1916 case Q_SRC:
1917 offset = src_off;
1918 break;
1919
1920 case Q_DST:
1921 offset = dst_off;
1922 break;
1923
1924 case Q_AND:
1925 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
1926 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
1927 gen_and(b0, b1);
1928 return b1;
1929
1930 case Q_OR:
1931 case Q_DEFAULT:
1932 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
1933 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
1934 gen_or(b0, b1);
1935 return b1;
1936
1937 default:
1938 abort();
1939 }
1940 /* this order is important */
1941 a = (u_int32_t *)addr;
1942 m = (u_int32_t *)mask;
1943 b1 = gen_mcmp(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3]));
1944 b0 = gen_mcmp(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2]));
1945 gen_and(b0, b1);
1946 b0 = gen_mcmp(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1]));
1947 gen_and(b0, b1);
1948 b0 = gen_mcmp(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0]));
1949 gen_and(b0, b1);
1950 b0 = gen_linktype(proto);
1951 gen_and(b0, b1);
1952 return b1;
1953 }
1954 #endif /*INET6*/
1955
1956 static struct block *
1957 gen_ehostop(eaddr, dir)
1958 register const u_char *eaddr;
1959 register int dir;
1960 {
1961 register struct block *b0, *b1;
1962
1963 switch (dir) {
1964 case Q_SRC:
1965 return gen_bcmp(off_mac + 6, 6, eaddr);
1966
1967 case Q_DST:
1968 return gen_bcmp(off_mac + 0, 6, eaddr);
1969
1970 case Q_AND:
1971 b0 = gen_ehostop(eaddr, Q_SRC);
1972 b1 = gen_ehostop(eaddr, Q_DST);
1973 gen_and(b0, b1);
1974 return b1;
1975
1976 case Q_DEFAULT:
1977 case Q_OR:
1978 b0 = gen_ehostop(eaddr, Q_SRC);
1979 b1 = gen_ehostop(eaddr, Q_DST);
1980 gen_or(b0, b1);
1981 return b1;
1982 }
1983 abort();
1984 /* NOTREACHED */
1985 }
1986
1987 /*
1988 * Like gen_ehostop, but for DLT_FDDI
1989 */
1990 static struct block *
1991 gen_fhostop(eaddr, dir)
1992 register const u_char *eaddr;
1993 register int dir;
1994 {
1995 struct block *b0, *b1;
1996
1997 switch (dir) {
1998 case Q_SRC:
1999 #ifdef PCAP_FDDIPAD
2000 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr);
2001 #else
2002 return gen_bcmp(6 + 1, 6, eaddr);
2003 #endif
2004
2005 case Q_DST:
2006 #ifdef PCAP_FDDIPAD
2007 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr);
2008 #else
2009 return gen_bcmp(0 + 1, 6, eaddr);
2010 #endif
2011
2012 case Q_AND:
2013 b0 = gen_fhostop(eaddr, Q_SRC);
2014 b1 = gen_fhostop(eaddr, Q_DST);
2015 gen_and(b0, b1);
2016 return b1;
2017
2018 case Q_DEFAULT:
2019 case Q_OR:
2020 b0 = gen_fhostop(eaddr, Q_SRC);
2021 b1 = gen_fhostop(eaddr, Q_DST);
2022 gen_or(b0, b1);
2023 return b1;
2024 }
2025 abort();
2026 /* NOTREACHED */
2027 }
2028
2029 /*
2030 * Like gen_ehostop, but for DLT_IEEE802 (Token Ring)
2031 */
2032 static struct block *
2033 gen_thostop(eaddr, dir)
2034 register const u_char *eaddr;
2035 register int dir;
2036 {
2037 register struct block *b0, *b1;
2038
2039 switch (dir) {
2040 case Q_SRC:
2041 return gen_bcmp(8, 6, eaddr);
2042
2043 case Q_DST:
2044 return gen_bcmp(2, 6, eaddr);
2045
2046 case Q_AND:
2047 b0 = gen_thostop(eaddr, Q_SRC);
2048 b1 = gen_thostop(eaddr, Q_DST);
2049 gen_and(b0, b1);
2050 return b1;
2051
2052 case Q_DEFAULT:
2053 case Q_OR:
2054 b0 = gen_thostop(eaddr, Q_SRC);
2055 b1 = gen_thostop(eaddr, Q_DST);
2056 gen_or(b0, b1);
2057 return b1;
2058 }
2059 abort();
2060 /* NOTREACHED */
2061 }
2062
2063 /*
2064 * Like gen_ehostop, but for DLT_IEEE802_11 (802.11 wireless LAN)
2065 */
2066 static struct block *
2067 gen_wlanhostop(eaddr, dir)
2068 register const u_char *eaddr;
2069 register int dir;
2070 {
2071 register struct block *b0, *b1, *b2;
2072 register struct slist *s;
2073
2074 switch (dir) {
2075 case Q_SRC:
2076 /*
2077 * Oh, yuk.
2078 *
2079 * For control frames, there is no SA.
2080 *
2081 * For management frames, SA is at an
2082 * offset of 10 from the beginning of
2083 * the packet.
2084 *
2085 * For data frames, SA is at an offset
2086 * of 10 from the beginning of the packet
2087 * if From DS is clear, at an offset of
2088 * 16 from the beginning of the packet
2089 * if From DS is set and To DS is clear,
2090 * and an offset of 24 from the beginning
2091 * of the packet if From DS is set and To DS
2092 * is set.
2093 */
2094
2095 /*
2096 * Generate the tests to be done for data frames
2097 * with From DS set.
2098 *
2099 * First, check for To DS set, i.e. check "link[1] & 0x01".
2100 */
2101 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2102 s->s.k = 1;
2103 b1 = new_block(JMP(BPF_JSET));
2104 b1->s.k = 0x01; /* To DS */
2105 b1->stmts = s;
2106
2107 /*
2108 * If To DS is set, the SA is at 24.
2109 */
2110 b0 = gen_bcmp(24, 6, eaddr);
2111 gen_and(b1, b0);
2112
2113 /*
2114 * Now, check for To DS not set, i.e. check
2115 * "!(link[1] & 0x01)".
2116 */
2117 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2118 s->s.k = 1;
2119 b2 = new_block(JMP(BPF_JSET));
2120 b2->s.k = 0x01; /* To DS */
2121 b2->stmts = s;
2122 gen_not(b2);
2123
2124 /*
2125 * If To DS is not set, the SA is at 16.
2126 */
2127 b1 = gen_bcmp(16, 6, eaddr);
2128 gen_and(b2, b1);
2129
2130 /*
2131 * Now OR together the last two checks. That gives
2132 * the complete set of checks for data frames with
2133 * From DS set.
2134 */
2135 gen_or(b1, b0);
2136
2137 /*
2138 * Now check for From DS being set, and AND that with
2139 * the ORed-together checks.
2140 */
2141 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2142 s->s.k = 1;
2143 b1 = new_block(JMP(BPF_JSET));
2144 b1->s.k = 0x02; /* From DS */
2145 b1->stmts = s;
2146 gen_and(b1, b0);
2147
2148 /*
2149 * Now check for data frames with From DS not set.
2150 */
2151 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2152 s->s.k = 1;
2153 b2 = new_block(JMP(BPF_JSET));
2154 b2->s.k = 0x02; /* From DS */
2155 b2->stmts = s;
2156 gen_not(b2);
2157
2158 /*
2159 * If From DS isn't set, the SA is at 10.
2160 */
2161 b1 = gen_bcmp(10, 6, eaddr);
2162 gen_and(b2, b1);
2163
2164 /*
2165 * Now OR together the checks for data frames with
2166 * From DS not set and for data frames with From DS
2167 * set; that gives the checks done for data frames.
2168 */
2169 gen_or(b1, b0);
2170
2171 /*
2172 * Now check for a data frame.
2173 * I.e, check "link[0] & 0x08".
2174 */
2175 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2176 s->s.k = 0;
2177 b1 = new_block(JMP(BPF_JSET));
2178 b1->s.k = 0x08;
2179 b1->stmts = s;
2180
2181 /*
2182 * AND that with the checks done for data frames.
2183 */
2184 gen_and(b1, b0);
2185
2186 /*
2187 * If the high-order bit of the type value is 0, this
2188 * is a management frame.
2189 * I.e, check "!(link[0] & 0x08)".
2190 */
2191 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2192 s->s.k = 0;
2193 b2 = new_block(JMP(BPF_JSET));
2194 b2->s.k = 0x08;
2195 b2->stmts = s;
2196 gen_not(b2);
2197
2198 /*
2199 * For management frames, the SA is at 10.
2200 */
2201 b1 = gen_bcmp(10, 6, eaddr);
2202 gen_and(b2, b1);
2203
2204 /*
2205 * OR that with the checks done for data frames.
2206 * That gives the checks done for management and
2207 * data frames.
2208 */
2209 gen_or(b1, b0);
2210
2211 /*
2212 * If the low-order bit of the type value is 1,
2213 * this is either a control frame or a frame
2214 * with a reserved type, and thus not a
2215 * frame with an SA.
2216 *
2217 * I.e., check "!(link[0] & 0x04)".
2218 */
2219 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2220 s->s.k = 0;
2221 b1 = new_block(JMP(BPF_JSET));
2222 b1->s.k = 0x04;
2223 b1->stmts = s;
2224 gen_not(b1);
2225
2226 /*
2227 * AND that with the checks for data and management
2228 * frames.
2229 */
2230 gen_and(b1, b0);
2231 return b0;
2232
2233 case Q_DST:
2234 /*
2235 * Oh, yuk.
2236 *
2237 * For control frames, there is no DA.
2238 *
2239 * For management frames, DA is at an
2240 * offset of 4 from the beginning of
2241 * the packet.
2242 *
2243 * For data frames, DA is at an offset
2244 * of 4 from the beginning of the packet
2245 * if To DS is clear and at an offset of
2246 * 16 from the beginning of the packet
2247 * if To DS is set.
2248 */
2249
2250 /*
2251 * Generate the tests to be done for data frames.
2252 *
2253 * First, check for To DS set, i.e. "link[1] & 0x01".
2254 */
2255 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2256 s->s.k = 1;
2257 b1 = new_block(JMP(BPF_JSET));
2258 b1->s.k = 0x01; /* To DS */
2259 b1->stmts = s;
2260
2261 /*
2262 * If To DS is set, the DA is at 16.
2263 */
2264 b0 = gen_bcmp(16, 6, eaddr);
2265 gen_and(b1, b0);
2266
2267 /*
2268 * Now, check for To DS not set, i.e. check
2269 * "!(link[1] & 0x01)".
2270 */
2271 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2272 s->s.k = 1;
2273 b2 = new_block(JMP(BPF_JSET));
2274 b2->s.k = 0x01; /* To DS */
2275 b2->stmts = s;
2276 gen_not(b2);
2277
2278 /*
2279 * If To DS is not set, the DA is at 4.
2280 */
2281 b1 = gen_bcmp(4, 6, eaddr);
2282 gen_and(b2, b1);
2283
2284 /*
2285 * Now OR together the last two checks. That gives
2286 * the complete set of checks for data frames.
2287 */
2288 gen_or(b1, b0);
2289
2290 /*
2291 * Now check for a data frame.
2292 * I.e, check "link[0] & 0x08".
2293 */
2294 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2295 s->s.k = 0;
2296 b1 = new_block(JMP(BPF_JSET));
2297 b1->s.k = 0x08;
2298 b1->stmts = s;
2299
2300 /*
2301 * AND that with the checks done for data frames.
2302 */
2303 gen_and(b1, b0);
2304
2305 /*
2306 * If the high-order bit of the type value is 0, this
2307 * is a management frame.
2308 * I.e, check "!(link[0] & 0x08)".
2309 */
2310 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2311 s->s.k = 0;
2312 b2 = new_block(JMP(BPF_JSET));
2313 b2->s.k = 0x08;
2314 b2->stmts = s;
2315 gen_not(b2);
2316
2317 /*
2318 * For management frames, the DA is at 4.
2319 */
2320 b1 = gen_bcmp(4, 6, eaddr);
2321 gen_and(b2, b1);
2322
2323 /*
2324 * OR that with the checks done for data frames.
2325 * That gives the checks done for management and
2326 * data frames.
2327 */
2328 gen_or(b1, b0);
2329
2330 /*
2331 * If the low-order bit of the type value is 1,
2332 * this is either a control frame or a frame
2333 * with a reserved type, and thus not a
2334 * frame with an SA.
2335 *
2336 * I.e., check "!(link[0] & 0x04)".
2337 */
2338 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2339 s->s.k = 0;
2340 b1 = new_block(JMP(BPF_JSET));
2341 b1->s.k = 0x04;
2342 b1->stmts = s;
2343 gen_not(b1);
2344
2345 /*
2346 * AND that with the checks for data and management
2347 * frames.
2348 */
2349 gen_and(b1, b0);
2350 return b0;
2351
2352 case Q_AND:
2353 b0 = gen_wlanhostop(eaddr, Q_SRC);
2354 b1 = gen_wlanhostop(eaddr, Q_DST);
2355 gen_and(b0, b1);
2356 return b1;
2357
2358 case Q_DEFAULT:
2359 case Q_OR:
2360 b0 = gen_wlanhostop(eaddr, Q_SRC);
2361 b1 = gen_wlanhostop(eaddr, Q_DST);
2362 gen_or(b0, b1);
2363 return b1;
2364 }
2365 abort();
2366 /* NOTREACHED */
2367 }
2368
2369 /*
2370 * Like gen_ehostop, but for RFC 2625 IP-over-Fibre-Channel.
2371 * (We assume that the addresses are IEEE 48-bit MAC addresses,
2372 * as the RFC states.)
2373 */
2374 static struct block *
2375 gen_ipfchostop(eaddr, dir)
2376 register const u_char *eaddr;
2377 register int dir;
2378 {
2379 register struct block *b0, *b1;
2380
2381 switch (dir) {
2382 case Q_SRC:
2383 return gen_bcmp(10, 6, eaddr);
2384
2385 case Q_DST:
2386 return gen_bcmp(2, 6, eaddr);
2387
2388 case Q_AND:
2389 b0 = gen_ipfchostop(eaddr, Q_SRC);
2390 b1 = gen_ipfchostop(eaddr, Q_DST);
2391 gen_and(b0, b1);
2392 return b1;
2393
2394 case Q_DEFAULT:
2395 case Q_OR:
2396 b0 = gen_ipfchostop(eaddr, Q_SRC);
2397 b1 = gen_ipfchostop(eaddr, Q_DST);
2398 gen_or(b0, b1);
2399 return b1;
2400 }
2401 abort();
2402 /* NOTREACHED */
2403 }
2404
2405 /*
2406 * This is quite tricky because there may be pad bytes in front of the
2407 * DECNET header, and then there are two possible data packet formats that
2408 * carry both src and dst addresses, plus 5 packet types in a format that
2409 * carries only the src node, plus 2 types that use a different format and
2410 * also carry just the src node.
2411 *
2412 * Yuck.
2413 *
2414 * Instead of doing those all right, we just look for data packets with
2415 * 0 or 1 bytes of padding. If you want to look at other packets, that
2416 * will require a lot more hacking.
2417 *
2418 * To add support for filtering on DECNET "areas" (network numbers)
2419 * one would want to add a "mask" argument to this routine. That would
2420 * make the filter even more inefficient, although one could be clever
2421 * and not generate masking instructions if the mask is 0xFFFF.
2422 */
2423 static struct block *
2424 gen_dnhostop(addr, dir, base_off)
2425 bpf_u_int32 addr;
2426 int dir;
2427 u_int base_off;
2428 {
2429 struct block *b0, *b1, *b2, *tmp;
2430 u_int offset_lh; /* offset if long header is received */
2431 u_int offset_sh; /* offset if short header is received */
2432
2433 switch (dir) {
2434
2435 case Q_DST:
2436 offset_sh = 1; /* follows flags */
2437 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */
2438 break;
2439
2440 case Q_SRC:
2441 offset_sh = 3; /* follows flags, dstnode */
2442 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */
2443 break;
2444
2445 case Q_AND:
2446 /* Inefficient because we do our Calvinball dance twice */
2447 b0 = gen_dnhostop(addr, Q_SRC, base_off);
2448 b1 = gen_dnhostop(addr, Q_DST, base_off);
2449 gen_and(b0, b1);
2450 return b1;
2451
2452 case Q_OR:
2453 case Q_DEFAULT:
2454 /* Inefficient because we do our Calvinball dance twice */
2455 b0 = gen_dnhostop(addr, Q_SRC, base_off);
2456 b1 = gen_dnhostop(addr, Q_DST, base_off);
2457 gen_or(b0, b1);
2458 return b1;
2459
2460 case Q_ISO:
2461 bpf_error("ISO host filtering not implemented");
2462
2463 default:
2464 abort();
2465 }
2466 b0 = gen_linktype(ETHERTYPE_DN);
2467 /* Check for pad = 1, long header case */
2468 tmp = gen_mcmp(base_off + 2, BPF_H,
2469 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF));
2470 b1 = gen_cmp(base_off + 2 + 1 + offset_lh,
2471 BPF_H, (bpf_int32)ntohs(addr));
2472 gen_and(tmp, b1);
2473 /* Check for pad = 0, long header case */
2474 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7);
2475 b2 = gen_cmp(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr));
2476 gen_and(tmp, b2);
2477 gen_or(b2, b1);
2478 /* Check for pad = 1, short header case */
2479 tmp = gen_mcmp(base_off + 2, BPF_H,
2480 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF));
2481 b2 = gen_cmp(base_off + 2 + 1 + offset_sh,
2482 BPF_H, (bpf_int32)ntohs(addr));
2483 gen_and(tmp, b2);
2484 gen_or(b2, b1);
2485 /* Check for pad = 0, short header case */
2486 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7);
2487 b2 = gen_cmp(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr));
2488 gen_and(tmp, b2);
2489 gen_or(b2, b1);
2490
2491 /* Combine with test for linktype */
2492 gen_and(b0, b1);
2493 return b1;
2494 }
2495
2496 static struct block *
2497 gen_host(addr, mask, proto, dir)
2498 bpf_u_int32 addr;
2499 bpf_u_int32 mask;
2500 int proto;
2501 int dir;
2502 {
2503 struct block *b0, *b1;
2504
2505 switch (proto) {
2506
2507 case Q_DEFAULT:
2508 b0 = gen_host(addr, mask, Q_IP, dir);
2509 if (off_linktype != (u_int)-1) {
2510 b1 = gen_host(addr, mask, Q_ARP, dir);
2511 gen_or(b0, b1);
2512 b0 = gen_host(addr, mask, Q_RARP, dir);
2513 gen_or(b1, b0);
2514 }
2515 return b0;
2516
2517 case Q_IP:
2518 return gen_hostop(addr, mask, dir, ETHERTYPE_IP,
2519 off_nl + 12, off_nl + 16);
2520
2521 case Q_RARP:
2522 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP,
2523 off_nl + 14, off_nl + 24);
2524
2525 case Q_ARP:
2526 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP,
2527 off_nl + 14, off_nl + 24);
2528
2529 case Q_TCP:
2530 bpf_error("'tcp' modifier applied to host");
2531
2532 case Q_SCTP:
2533 bpf_error("'sctp' modifier applied to host");
2534
2535 case Q_UDP:
2536 bpf_error("'udp' modifier applied to host");
2537
2538 case Q_ICMP:
2539 bpf_error("'icmp' modifier applied to host");
2540
2541 case Q_IGMP:
2542 bpf_error("'igmp' modifier applied to host");
2543
2544 case Q_IGRP:
2545 bpf_error("'igrp' modifier applied to host");
2546
2547 case Q_PIM:
2548 bpf_error("'pim' modifier applied to host");
2549
2550 case Q_VRRP:
2551 bpf_error("'vrrp' modifier applied to host");
2552
2553 case Q_ATALK:
2554 bpf_error("ATALK host filtering not implemented");
2555
2556 case Q_AARP:
2557 bpf_error("AARP host filtering not implemented");
2558
2559 case Q_DECNET:
2560 return gen_dnhostop(addr, dir, off_nl);
2561
2562 case Q_SCA:
2563 bpf_error("SCA host filtering not implemented");
2564
2565 case Q_LAT:
2566 bpf_error("LAT host filtering not implemented");
2567
2568 case Q_MOPDL:
2569 bpf_error("MOPDL host filtering not implemented");
2570
2571 case Q_MOPRC:
2572 bpf_error("MOPRC host filtering not implemented");
2573
2574 #ifdef INET6
2575 case Q_IPV6:
2576 bpf_error("'ip6' modifier applied to ip host");
2577
2578 case Q_ICMPV6:
2579 bpf_error("'icmp6' modifier applied to host");
2580 #endif /* INET6 */
2581
2582 case Q_AH:
2583 bpf_error("'ah' modifier applied to host");
2584
2585 case Q_ESP:
2586 bpf_error("'esp' modifier applied to host");
2587
2588 case Q_ISO:
2589 bpf_error("ISO host filtering not implemented");
2590
2591 case Q_ESIS:
2592 bpf_error("'esis' modifier applied to host");
2593
2594 case Q_ISIS:
2595 bpf_error("'isis' modifier applied to host");
2596
2597 case Q_CLNP:
2598 bpf_error("'clnp' modifier applied to host");
2599
2600 case Q_STP:
2601 bpf_error("'stp' modifier applied to host");
2602
2603 case Q_IPX:
2604 bpf_error("IPX host filtering not implemented");
2605
2606 case Q_NETBEUI:
2607 bpf_error("'netbeui' modifier applied to host");
2608
2609 default:
2610 abort();
2611 }
2612 /* NOTREACHED */
2613 }
2614
2615 #ifdef INET6
2616 static struct block *
2617 gen_host6(addr, mask, proto, dir)
2618 struct in6_addr *addr;
2619 struct in6_addr *mask;
2620 int proto;
2621 int dir;
2622 {
2623 switch (proto) {
2624
2625 case Q_DEFAULT:
2626 return gen_host6(addr, mask, Q_IPV6, dir);
2627
2628 case Q_IP:
2629 bpf_error("'ip' modifier applied to ip6 host");
2630
2631 case Q_RARP:
2632 bpf_error("'rarp' modifier applied to ip6 host");
2633
2634 case Q_ARP:
2635 bpf_error("'arp' modifier applied to ip6 host");
2636
2637 case Q_SCTP:
2638 bpf_error("'sctp' modifier applied to host");
2639
2640 case Q_TCP:
2641 bpf_error("'tcp' modifier applied to host");
2642
2643 case Q_UDP:
2644 bpf_error("'udp' modifier applied to host");
2645
2646 case Q_ICMP:
2647 bpf_error("'icmp' modifier applied to host");
2648
2649 case Q_IGMP:
2650 bpf_error("'igmp' modifier applied to host");
2651
2652 case Q_IGRP:
2653 bpf_error("'igrp' modifier applied to host");
2654
2655 case Q_PIM:
2656 bpf_error("'pim' modifier applied to host");
2657
2658 case Q_VRRP:
2659 bpf_error("'vrrp' modifier applied to host");
2660
2661 case Q_ATALK:
2662 bpf_error("ATALK host filtering not implemented");
2663
2664 case Q_AARP:
2665 bpf_error("AARP host filtering not implemented");
2666
2667 case Q_DECNET:
2668 bpf_error("'decnet' modifier applied to ip6 host");
2669
2670 case Q_SCA:
2671 bpf_error("SCA host filtering not implemented");
2672
2673 case Q_LAT:
2674 bpf_error("LAT host filtering not implemented");
2675
2676 case Q_MOPDL:
2677 bpf_error("MOPDL host filtering not implemented");
2678
2679 case Q_MOPRC:
2680 bpf_error("MOPRC host filtering not implemented");
2681
2682 case Q_IPV6:
2683 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6,
2684 off_nl + 8, off_nl + 24);
2685
2686 case Q_ICMPV6:
2687 bpf_error("'icmp6' modifier applied to host");
2688
2689 case Q_AH:
2690 bpf_error("'ah' modifier applied to host");
2691
2692 case Q_ESP:
2693 bpf_error("'esp' modifier applied to host");
2694
2695 case Q_ISO:
2696 bpf_error("ISO host filtering not implemented");
2697
2698 case Q_ESIS:
2699 bpf_error("'esis' modifier applied to host");
2700
2701 case Q_ISIS:
2702 bpf_error("'isis' modifier applied to host");
2703
2704 case Q_CLNP:
2705 bpf_error("'clnp' modifier applied to host");
2706
2707 case Q_STP:
2708 bpf_error("'stp' modifier applied to host");
2709
2710 case Q_IPX:
2711 bpf_error("IPX host filtering not implemented");
2712
2713 case Q_NETBEUI:
2714 bpf_error("'netbeui' modifier applied to host");
2715
2716 default:
2717 abort();
2718 }
2719 /* NOTREACHED */
2720 }
2721 #endif /*INET6*/
2722
2723 #ifndef INET6
2724 static struct block *
2725 gen_gateway(eaddr, alist, proto, dir)
2726 const u_char *eaddr;
2727 bpf_u_int32 **alist;
2728 int proto;
2729 int dir;
2730 {
2731 struct block *b0, *b1, *tmp;
2732
2733 if (dir != 0)
2734 bpf_error("direction applied to 'gateway'");
2735
2736 switch (proto) {
2737 case Q_DEFAULT:
2738 case Q_IP:
2739 case Q_ARP:
2740 case Q_RARP:
2741 if (linktype == DLT_EN10MB)
2742 b0 = gen_ehostop(eaddr, Q_OR);
2743 else if (linktype == DLT_FDDI)
2744 b0 = gen_fhostop(eaddr, Q_OR);
2745 else if (linktype == DLT_IEEE802)
2746 b0 = gen_thostop(eaddr, Q_OR);
2747 else if (linktype == DLT_IEEE802_11)
2748 b0 = gen_wlanhostop(eaddr, Q_OR);
2749 else if (linktype == DLT_SUNATM && is_lane) {
2750 /*
2751 * Check that the packet doesn't begin with an
2752 * LE Control marker. (We've already generated
2753 * a test for LANE.)
2754 */
2755 b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
2756 gen_not(b1);
2757
2758 /*
2759 * Now check the MAC address.
2760 */
2761 b0 = gen_ehostop(eaddr, Q_OR);
2762 gen_and(b1, b0);
2763 } else if (linktype == DLT_IP_OVER_FC)
2764 b0 = gen_ipfchostop(eaddr, Q_OR);
2765 else
2766 bpf_error(
2767 "'gateway' supported only on ethernet/FDDI/token ring/802.11/Fibre Channel");
2768
2769 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR);
2770 while (*alist) {
2771 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR);
2772 gen_or(b1, tmp);
2773 b1 = tmp;
2774 }
2775 gen_not(b1);
2776 gen_and(b0, b1);
2777 return b1;
2778 }
2779 bpf_error("illegal modifier of 'gateway'");
2780 /* NOTREACHED */
2781 }
2782 #endif
2783
2784 struct block *
2785 gen_proto_abbrev(proto)
2786 int proto;
2787 {
2788 struct block *b0;
2789 struct block *b1;
2790
2791 switch (proto) {
2792
2793 case Q_SCTP:
2794 b1 = gen_proto(IPPROTO_SCTP, Q_IP, Q_DEFAULT);
2795 #ifdef INET6
2796 b0 = gen_proto(IPPROTO_SCTP, Q_IPV6, Q_DEFAULT);
2797 gen_or(b0, b1);
2798 #endif
2799 break;
2800
2801 case Q_TCP:
2802 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT);
2803 #ifdef INET6
2804 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT);
2805 gen_or(b0, b1);
2806 #endif
2807 break;
2808
2809 case Q_UDP:
2810 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT);
2811 #ifdef INET6
2812 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT);
2813 gen_or(b0, b1);
2814 #endif
2815 break;
2816
2817 case Q_ICMP:
2818 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT);
2819 break;
2820
2821 #ifndef IPPROTO_IGMP
2822 #define IPPROTO_IGMP 2
2823 #endif
2824
2825 case Q_IGMP:
2826 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT);
2827 break;
2828
2829 #ifndef IPPROTO_IGRP
2830 #define IPPROTO_IGRP 9
2831 #endif
2832 case Q_IGRP:
2833 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT);
2834 break;
2835
2836 #ifndef IPPROTO_PIM
2837 #define IPPROTO_PIM 103
2838 #endif
2839
2840 case Q_PIM:
2841 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT);
2842 #ifdef INET6
2843 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT);
2844 gen_or(b0, b1);
2845 #endif
2846 break;
2847
2848 #ifndef IPPROTO_VRRP
2849 #define IPPROTO_VRRP 112
2850 #endif
2851
2852 case Q_VRRP:
2853 b1 = gen_proto(IPPROTO_VRRP, Q_IP, Q_DEFAULT);
2854 break;
2855
2856 case Q_IP:
2857 b1 = gen_linktype(ETHERTYPE_IP);
2858 break;
2859
2860 case Q_ARP:
2861 b1 = gen_linktype(ETHERTYPE_ARP);
2862 break;
2863
2864 case Q_RARP:
2865 b1 = gen_linktype(ETHERTYPE_REVARP);
2866 break;
2867
2868 case Q_LINK:
2869 bpf_error("link layer applied in wrong context");
2870
2871 case Q_ATALK:
2872 b1 = gen_linktype(ETHERTYPE_ATALK);
2873 break;
2874
2875 case Q_AARP:
2876 b1 = gen_linktype(ETHERTYPE_AARP);
2877 break;
2878
2879 case Q_DECNET:
2880 b1 = gen_linktype(ETHERTYPE_DN);
2881 break;
2882
2883 case Q_SCA:
2884 b1 = gen_linktype(ETHERTYPE_SCA);
2885 break;
2886
2887 case Q_LAT:
2888 b1 = gen_linktype(ETHERTYPE_LAT);
2889 break;
2890
2891 case Q_MOPDL:
2892 b1 = gen_linktype(ETHERTYPE_MOPDL);
2893 break;
2894
2895 case Q_MOPRC:
2896 b1 = gen_linktype(ETHERTYPE_MOPRC);
2897 break;
2898
2899 #ifdef INET6
2900 case Q_IPV6:
2901 b1 = gen_linktype(ETHERTYPE_IPV6);
2902 break;
2903
2904 #ifndef IPPROTO_ICMPV6
2905 #define IPPROTO_ICMPV6 58
2906 #endif
2907 case Q_ICMPV6:
2908 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT);
2909 break;
2910 #endif /* INET6 */
2911
2912 #ifndef IPPROTO_AH
2913 #define IPPROTO_AH 51
2914 #endif
2915 case Q_AH:
2916 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT);
2917 #ifdef INET6
2918 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT);
2919 gen_or(b0, b1);
2920 #endif
2921 break;
2922
2923 #ifndef IPPROTO_ESP
2924 #define IPPROTO_ESP 50
2925 #endif
2926 case Q_ESP:
2927 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT);
2928 #ifdef INET6
2929 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT);
2930 gen_or(b0, b1);
2931 #endif
2932 break;
2933
2934 case Q_ISO:
2935 b1 = gen_linktype(LLCSAP_ISONS);
2936 break;
2937
2938 case Q_ESIS:
2939 b1 = gen_proto(ISO9542_ESIS, Q_ISO, Q_DEFAULT);
2940 break;
2941
2942 case Q_ISIS:
2943 b1 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT);
2944 break;
2945
2946 case Q_ISIS_L1: /* all IS-IS Level1 PDU-Types */
2947 b0 = gen_proto(ISIS_L1_LAN_IIH, Q_ISIS, Q_DEFAULT);
2948 b1 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT); /* FIXME extract the circuit-type bits */
2949 gen_or(b0, b1);
2950 b0 = gen_proto(ISIS_L1_LSP, Q_ISIS, Q_DEFAULT);
2951 gen_or(b0, b1);
2952 b0 = gen_proto(ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT);
2953 gen_or(b0, b1);
2954 b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT);
2955 gen_or(b0, b1);
2956 break;
2957
2958 case Q_ISIS_L2: /* all IS-IS Level2 PDU-Types */
2959 b0 = gen_proto(ISIS_L2_LAN_IIH, Q_ISIS, Q_DEFAULT);
2960 b1 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT); /* FIXME extract the circuit-type bits */
2961 gen_or(b0, b1);
2962 b0 = gen_proto(ISIS_L2_LSP, Q_ISIS, Q_DEFAULT);
2963 gen_or(b0, b1);
2964 b0 = gen_proto(ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT);
2965 gen_or(b0, b1);
2966 b0 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT);
2967 gen_or(b0, b1);
2968 break;
2969
2970 case Q_ISIS_IIH: /* all IS-IS Hello PDU-Types */
2971 b0 = gen_proto(ISIS_L1_LAN_IIH, Q_ISIS, Q_DEFAULT);
2972 b1 = gen_proto(ISIS_L2_LAN_IIH, Q_ISIS, Q_DEFAULT);
2973 gen_or(b0, b1);
2974 b0 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT);
2975 gen_or(b0, b1);
2976 break;
2977
2978 case Q_ISIS_LSP:
2979 b0 = gen_proto(ISIS_L1_LSP, Q_ISIS, Q_DEFAULT);
2980 b1 = gen_proto(ISIS_L2_LSP, Q_ISIS, Q_DEFAULT);
2981 gen_or(b0, b1);
2982 break;
2983
2984 case Q_ISIS_SNP:
2985 b0 = gen_proto(ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT);
2986 b1 = gen_proto(ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT);
2987 gen_or(b0, b1);
2988 b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT);
2989 gen_or(b0, b1);
2990 b0 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT);
2991 gen_or(b0, b1);
2992 break;
2993
2994 case Q_ISIS_CSNP:
2995 b0 = gen_proto(ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT);
2996 b1 = gen_proto(ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT);
2997 gen_or(b0, b1);
2998 break;
2999
3000 case Q_ISIS_PSNP:
3001 b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT);
3002 b1 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT);
3003 gen_or(b0, b1);
3004 break;
3005
3006 case Q_CLNP:
3007 b1 = gen_proto(ISO8473_CLNP, Q_ISO, Q_DEFAULT);
3008 break;
3009
3010 case Q_STP:
3011 b1 = gen_linktype(LLCSAP_8021D);
3012 break;
3013
3014 case Q_IPX:
3015 b1 = gen_linktype(LLCSAP_IPX);
3016 break;
3017
3018 case Q_NETBEUI:
3019 b1 = gen_linktype(LLCSAP_NETBEUI);
3020 break;
3021
3022 default:
3023 abort();
3024 }
3025 return b1;
3026 }
3027
3028 static struct block *
3029 gen_ipfrag()
3030 {
3031 struct slist *s;
3032 struct block *b;
3033
3034 /* not ip frag */
3035 s = new_stmt(BPF_LD|BPF_H|BPF_ABS);
3036 s->s.k = off_nl + 6;
3037 b = new_block(JMP(BPF_JSET));
3038 b->s.k = 0x1fff;
3039 b->stmts = s;
3040 gen_not(b);
3041
3042 return b;
3043 }
3044
3045 static struct block *
3046 gen_portatom(off, v)
3047 int off;
3048 bpf_int32 v;
3049 {
3050 struct slist *s;
3051 struct block *b;
3052
3053 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
3054 s->s.k = off_nl;
3055
3056 s->next = new_stmt(BPF_LD|BPF_IND|BPF_H);
3057 s->next->s.k = off_nl + off;
3058
3059 b = new_block(JMP(BPF_JEQ));
3060 b->stmts = s;
3061 b->s.k = v;
3062
3063 return b;
3064 }
3065
3066 #ifdef INET6
3067 static struct block *
3068 gen_portatom6(off, v)
3069 int off;
3070 bpf_int32 v;
3071 {
3072 return gen_cmp(off_nl + 40 + off, BPF_H, v);
3073 }
3074 #endif/*INET6*/
3075
3076 struct block *
3077 gen_portop(port, proto, dir)
3078 int port, proto, dir;
3079 {
3080 struct block *b0, *b1, *tmp;
3081
3082 /* ip proto 'proto' */
3083 tmp = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)proto);
3084 b0 = gen_ipfrag();
3085 gen_and(tmp, b0);
3086
3087 switch (dir) {
3088 case Q_SRC:
3089 b1 = gen_portatom(0, (bpf_int32)port);
3090 break;
3091
3092 case Q_DST:
3093 b1 = gen_portatom(2, (bpf_int32)port);
3094 break;
3095
3096 case Q_OR:
3097 case Q_DEFAULT:
3098 tmp = gen_portatom(0, (bpf_int32)port);
3099 b1 = gen_portatom(2, (bpf_int32)port);
3100 gen_or(tmp, b1);
3101 break;
3102
3103 case Q_AND:
3104 tmp = gen_portatom(0, (bpf_int32)port);
3105 b1 = gen_portatom(2, (bpf_int32)port);
3106 gen_and(tmp, b1);
3107 break;
3108
3109 default:
3110 abort();
3111 }
3112 gen_and(b0, b1);
3113
3114 return b1;
3115 }
3116
3117 static struct block *
3118 gen_port(port, ip_proto, dir)
3119 int port;
3120 int ip_proto;
3121 int dir;
3122 {
3123 struct block *b0, *b1, *tmp;
3124
3125 /*
3126 * ether proto ip
3127 *
3128 * For FDDI, RFC 1188 says that SNAP encapsulation is used,
3129 * not LLC encapsulation with LLCSAP_IP.
3130 *
3131 * For IEEE 802 networks - which includes 802.5 token ring
3132 * (which is what DLT_IEEE802 means) and 802.11 - RFC 1042
3133 * says that SNAP encapsulation is used, not LLC encapsulation
3134 * with LLCSAP_IP.
3135 *
3136 * For LLC-encapsulated ATM/"Classical IP", RFC 1483 and
3137 * RFC 2225 say that SNAP encapsulation is used, not LLC
3138 * encapsulation with LLCSAP_IP.
3139 *
3140 * So we always check for ETHERTYPE_IP.
3141 */
3142 b0 = gen_linktype(ETHERTYPE_IP);
3143
3144 switch (ip_proto) {
3145 case IPPROTO_UDP:
3146 case IPPROTO_TCP:
3147 case IPPROTO_SCTP:
3148 b1 = gen_portop(port, ip_proto, dir);
3149 break;
3150
3151 case PROTO_UNDEF:
3152 tmp = gen_portop(port, IPPROTO_TCP, dir);
3153 b1 = gen_portop(port, IPPROTO_UDP, dir);
3154 gen_or(tmp, b1);
3155 tmp = gen_portop(port, IPPROTO_SCTP, dir);
3156 gen_or(tmp, b1);
3157 break;
3158
3159 default:
3160 abort();
3161 }
3162 gen_and(b0, b1);
3163 return b1;
3164 }
3165
3166 #ifdef INET6
3167 struct block *
3168 gen_portop6(port, proto, dir)
3169 int port, proto, dir;
3170 {
3171 struct block *b0, *b1, *tmp;
3172
3173 /* ip proto 'proto' */
3174 b0 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)proto);
3175
3176 switch (dir) {
3177 case Q_SRC:
3178 b1 = gen_portatom6(0, (bpf_int32)port);
3179 break;
3180
3181 case Q_DST:
3182 b1 = gen_portatom6(2, (bpf_int32)port);
3183 break;
3184
3185 case Q_OR:
3186 case Q_DEFAULT:
3187 tmp = gen_portatom6(0, (bpf_int32)port);
3188 b1 = gen_portatom6(2, (bpf_int32)port);
3189 gen_or(tmp, b1);
3190 break;
3191
3192 case Q_AND:
3193 tmp = gen_portatom6(0, (bpf_int32)port);
3194 b1 = gen_portatom6(2, (bpf_int32)port);
3195 gen_and(tmp, b1);
3196 break;
3197
3198 default:
3199 abort();
3200 }
3201 gen_and(b0, b1);
3202
3203 return b1;
3204 }
3205
3206 static struct block *
3207 gen_port6(port, ip_proto, dir)
3208 int port;
3209 int ip_proto;
3210 int dir;
3211 {
3212 struct block *b0, *b1, *tmp;
3213
3214 /* ether proto ip */
3215 b0 = gen_linktype(ETHERTYPE_IPV6);
3216
3217 switch (ip_proto) {
3218 case IPPROTO_UDP:
3219 case IPPROTO_TCP:
3220 case IPPROTO_SCTP:
3221 b1 = gen_portop6(port, ip_proto, dir);
3222 break;
3223
3224 case PROTO_UNDEF:
3225 tmp = gen_portop6(port, IPPROTO_TCP, dir);
3226 b1 = gen_portop6(port, IPPROTO_UDP, dir);
3227 gen_or(tmp, b1);
3228 tmp = gen_portop6(port, IPPROTO_SCTP, dir);
3229 gen_or(tmp, b1);
3230 break;
3231
3232 default:
3233 abort();
3234 }
3235 gen_and(b0, b1);
3236 return b1;
3237 }
3238 #endif /* INET6 */
3239
3240 static int
3241 lookup_proto(name, proto)
3242 register const char *name;
3243 register int proto;
3244 {
3245 register int v;
3246
3247 switch (proto) {
3248
3249 case Q_DEFAULT:
3250 case Q_IP:
3251 case Q_IPV6:
3252 v = pcap_nametoproto(name);
3253 if (v == PROTO_UNDEF)
3254 bpf_error("unknown ip proto '%s'", name);
3255 break;
3256
3257 case Q_LINK:
3258 /* XXX should look up h/w protocol type based on linktype */
3259 v = pcap_nametoeproto(name);
3260 if (v == PROTO_UNDEF)
3261 bpf_error("unknown ether proto '%s'", name);
3262 break;
3263
3264 case Q_ISO:
3265 if (strcmp(name, "esis") == 0)
3266 v = ISO9542_ESIS;
3267 else if (strcmp(name, "isis") == 0)
3268 v = ISO10589_ISIS;
3269 else if (strcmp(name, "clnp") == 0)
3270 v = ISO8473_CLNP;
3271 else
3272 bpf_error("unknown osi proto '%s'", name);
3273 break;
3274
3275 default:
3276 v = PROTO_UNDEF;
3277 break;
3278 }
3279 return v;
3280 }
3281
3282 #if 0
3283 struct stmt *
3284 gen_joinsp(s, n)
3285 struct stmt **s;
3286 int n;
3287 {
3288 return NULL;
3289 }
3290 #endif
3291
3292 static struct block *
3293 gen_protochain(v, proto, dir)
3294 int v;
3295 int proto;
3296 int dir;
3297 {
3298 #ifdef NO_PROTOCHAIN
3299 return gen_proto(v, proto, dir);
3300 #else
3301 struct block *b0, *b;
3302 struct slist *s[100];
3303 int fix2, fix3, fix4, fix5;
3304 int ahcheck, again, end;
3305 int i, max;
3306 int reg2 = alloc_reg();
3307
3308 memset(s, 0, sizeof(s));
3309 fix2 = fix3 = fix4 = fix5 = 0;
3310
3311 switch (proto) {
3312 case Q_IP:
3313 case Q_IPV6:
3314 break;
3315 case Q_DEFAULT:
3316 b0 = gen_protochain(v, Q_IP, dir);
3317 b = gen_protochain(v, Q_IPV6, dir);
3318 gen_or(b0, b);
3319 return b;
3320 default:
3321 bpf_error("bad protocol applied for 'protochain'");
3322 /*NOTREACHED*/
3323 }
3324
3325 no_optimize = 1; /*this code is not compatible with optimzer yet */
3326
3327 /*
3328 * s[0] is a dummy entry to protect other BPF insn from damaged
3329 * by s[fix] = foo with uninitialized variable "fix". It is somewhat
3330 * hard to find interdependency made by jump table fixup.
3331 */
3332 i = 0;
3333 s[i] = new_stmt(0); /*dummy*/
3334 i++;
3335
3336 switch (proto) {
3337 case Q_IP:
3338 b0 = gen_linktype(ETHERTYPE_IP);
3339
3340 /* A = ip->ip_p */
3341 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
3342 s[i]->s.k = off_nl + 9;
3343 i++;
3344 /* X = ip->ip_hl << 2 */
3345 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
3346 s[i]->s.k = off_nl;
3347 i++;
3348 break;
3349 #ifdef INET6
3350 case Q_IPV6:
3351 b0 = gen_linktype(ETHERTYPE_IPV6);
3352
3353 /* A = ip6->ip_nxt */
3354 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
3355 s[i]->s.k = off_nl + 6;
3356 i++;
3357 /* X = sizeof(struct ip6_hdr) */
3358 s[i] = new_stmt(BPF_LDX|BPF_IMM);
3359 s[i]->s.k = 40;
3360 i++;
3361 break;
3362 #endif
3363 default:
3364 bpf_error("unsupported proto to gen_protochain");
3365 /*NOTREACHED*/
3366 }
3367
3368 /* again: if (A == v) goto end; else fall through; */
3369 again = i;
3370 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3371 s[i]->s.k = v;
3372 s[i]->s.jt = NULL; /*later*/
3373 s[i]->s.jf = NULL; /*update in next stmt*/
3374 fix5 = i;
3375 i++;
3376
3377 #ifndef IPPROTO_NONE
3378 #define IPPROTO_NONE 59
3379 #endif
3380 /* if (A == IPPROTO_NONE) goto end */
3381 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3382 s[i]->s.jt = NULL; /*later*/
3383 s[i]->s.jf = NULL; /*update in next stmt*/
3384 s[i]->s.k = IPPROTO_NONE;
3385 s[fix5]->s.jf = s[i];
3386 fix2 = i;
3387 i++;
3388
3389 #ifdef INET6
3390 if (proto == Q_IPV6) {
3391 int v6start, v6end, v6advance, j;
3392
3393 v6start = i;
3394 /* if (A == IPPROTO_HOPOPTS) goto v6advance */
3395 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3396 s[i]->s.jt = NULL; /*later*/
3397 s[i]->s.jf = NULL; /*update in next stmt*/
3398 s[i]->s.k = IPPROTO_HOPOPTS;
3399 s[fix2]->s.jf = s[i];
3400 i++;
3401 /* if (A == IPPROTO_DSTOPTS) goto v6advance */
3402 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3403 s[i]->s.jt = NULL; /*later*/
3404 s[i]->s.jf = NULL; /*update in next stmt*/
3405 s[i]->s.k = IPPROTO_DSTOPTS;
3406 i++;
3407 /* if (A == IPPROTO_ROUTING) goto v6advance */
3408 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3409 s[i]->s.jt = NULL; /*later*/
3410 s[i]->s.jf = NULL; /*update in next stmt*/
3411 s[i]->s.k = IPPROTO_ROUTING;
3412 i++;
3413 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */
3414 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3415 s[i]->s.jt = NULL; /*later*/
3416 s[i]->s.jf = NULL; /*later*/
3417 s[i]->s.k = IPPROTO_FRAGMENT;
3418 fix3 = i;
3419 v6end = i;
3420 i++;
3421
3422 /* v6advance: */
3423 v6advance = i;
3424
3425 /*
3426 * in short,
3427 * A = P[X];
3428 * X = X + (P[X + 1] + 1) * 8;
3429 */
3430 /* A = X */
3431 s[i] = new_stmt(BPF_MISC|BPF_TXA);
3432 i++;
3433 /* A = P[X + packet head] */
3434 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
3435 s[i]->s.k = off_nl;
3436 i++;
3437 /* MEM[reg2] = A */
3438 s[i] = new_stmt(BPF_ST);
3439 s[i]->s.k = reg2;
3440 i++;
3441 /* A = X */
3442 s[i] = new_stmt(BPF_MISC|BPF_TXA);
3443 i++;
3444 /* A += 1 */
3445 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3446 s[i]->s.k = 1;
3447 i++;
3448 /* X = A */
3449 s[i] = new_stmt(BPF_MISC|BPF_TAX);
3450 i++;
3451 /* A = P[X + packet head]; */
3452 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
3453 s[i]->s.k = off_nl;
3454 i++;
3455 /* A += 1 */
3456 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3457 s[i]->s.k = 1;
3458 i++;
3459 /* A *= 8 */
3460 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
3461 s[i]->s.k = 8;
3462 i++;
3463 /* X = A; */
3464 s[i] = new_stmt(BPF_MISC|BPF_TAX);
3465 i++;
3466 /* A = MEM[reg2] */
3467 s[i] = new_stmt(BPF_LD|BPF_MEM);
3468 s[i]->s.k = reg2;
3469 i++;
3470
3471 /* goto again; (must use BPF_JA for backward jump) */
3472 s[i] = new_stmt(BPF_JMP|BPF_JA);
3473 s[i]->s.k = again - i - 1;
3474 s[i - 1]->s.jf = s[i];
3475 i++;
3476
3477 /* fixup */
3478 for (j = v6start; j <= v6end; j++)
3479 s[j]->s.jt = s[v6advance];
3480 } else
3481 #endif
3482 {
3483 /* nop */
3484 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3485 s[i]->s.k = 0;
3486 s[fix2]->s.jf = s[i];
3487 i++;
3488 }
3489
3490 /* ahcheck: */
3491 ahcheck = i;
3492 /* if (A == IPPROTO_AH) then fall through; else goto end; */
3493 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3494 s[i]->s.jt = NULL; /*later*/
3495 s[i]->s.jf = NULL; /*later*/
3496 s[i]->s.k = IPPROTO_AH;
3497 if (fix3)
3498 s[fix3]->s.jf = s[ahcheck];
3499 fix4 = i;
3500 i++;
3501
3502 /*
3503 * in short,
3504 * A = P[X];
3505 * X = X + (P[X + 1] + 2) * 4;
3506 */
3507 /* A = X */
3508 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
3509 i++;
3510 /* A = P[X + packet head]; */
3511 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
3512 s[i]->s.k = off_nl;
3513 i++;
3514 /* MEM[reg2] = A */
3515 s[i] = new_stmt(BPF_ST);
3516 s[i]->s.k = reg2;
3517 i++;
3518 /* A = X */
3519 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
3520 i++;
3521 /* A += 1 */
3522 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3523 s[i]->s.k = 1;
3524 i++;
3525 /* X = A */
3526 s[i] = new_stmt(BPF_MISC|BPF_TAX);
3527 i++;
3528 /* A = P[X + packet head] */
3529 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
3530 s[i]->s.k = off_nl;
3531 i++;
3532 /* A += 2 */
3533 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3534 s[i]->s.k = 2;
3535 i++;
3536 /* A *= 4 */
3537 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
3538 s[i]->s.k = 4;
3539 i++;
3540 /* X = A; */
3541 s[i] = new_stmt(BPF_MISC|BPF_TAX);
3542 i++;
3543 /* A = MEM[reg2] */
3544 s[i] = new_stmt(BPF_LD|BPF_MEM);
3545 s[i]->s.k = reg2;
3546 i++;
3547
3548 /* goto again; (must use BPF_JA for backward jump) */
3549 s[i] = new_stmt(BPF_JMP|BPF_JA);
3550 s[i]->s.k = again - i - 1;
3551 i++;
3552
3553 /* end: nop */
3554 end = i;
3555 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3556 s[i]->s.k = 0;
3557 s[fix2]->s.jt = s[end];
3558 s[fix4]->s.jf = s[end];
3559 s[fix5]->s.jt = s[end];
3560 i++;
3561
3562 /*
3563 * make slist chain
3564 */
3565 max = i;
3566 for (i = 0; i < max - 1; i++)
3567 s[i]->next = s[i + 1];
3568 s[max - 1]->next = NULL;
3569
3570 /*
3571 * emit final check
3572 */
3573 b = new_block(JMP(BPF_JEQ));
3574 b->stmts = s[1]; /*remember, s[0] is dummy*/
3575 b->s.k = v;
3576
3577 free_reg(reg2);
3578
3579 gen_and(b0, b);
3580 return b;
3581 #endif
3582 }
3583
3584 static struct block *
3585 gen_proto(v, proto, dir)
3586 int v;
3587 int proto;
3588 int dir;
3589 {
3590 struct block *b0, *b1;
3591
3592 if (dir != Q_DEFAULT)
3593 bpf_error("direction applied to 'proto'");
3594
3595 switch (proto) {
3596 case Q_DEFAULT:
3597 #ifdef INET6
3598 b0 = gen_proto(v, Q_IP, dir);
3599 b1 = gen_proto(v, Q_IPV6, dir);
3600 gen_or(b0, b1);
3601 return b1;
3602 #else
3603 /*FALLTHROUGH*/
3604 #endif
3605 case Q_IP:
3606 /*
3607 * For FDDI, RFC 1188 says that SNAP encapsulation is used,
3608 * not LLC encapsulation with LLCSAP_IP.
3609 *
3610 * For IEEE 802 networks - which includes 802.5 token ring
3611 * (which is what DLT_IEEE802 means) and 802.11 - RFC 1042
3612 * says that SNAP encapsulation is used, not LLC encapsulation
3613 * with LLCSAP_IP.
3614 *
3615 * For LLC-encapsulated ATM/"Classical IP", RFC 1483 and
3616 * RFC 2225 say that SNAP encapsulation is used, not LLC
3617 * encapsulation with LLCSAP_IP.
3618 *
3619 * So we always check for ETHERTYPE_IP.
3620 */
3621 b0 = gen_linktype(ETHERTYPE_IP);
3622 #ifndef CHASE_CHAIN
3623 b1 = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)v);
3624 #else
3625 b1 = gen_protochain(v, Q_IP);
3626 #endif
3627 gen_and(b0, b1);
3628 return b1;
3629
3630 case Q_ISO:
3631 switch (linktype) {
3632
3633 case DLT_FRELAY:
3634 /*
3635 * Frame Relay packets typically have an OSI
3636 * NLPID at the beginning; "gen_linktype(LLCSAP_ISONS)"
3637 * generates code to check for all the OSI
3638 * NLPIDs, so calling it and then adding a check
3639 * for the particular NLPID for which we're
3640 * looking is bogus, as we can just check for
3641 * the NLPID.
3642 *
3643 * What we check for is the NLPID and a frame
3644 * control field value of UI, i.e. 0x03 followed
3645 * by the NLPID.
3646 *
3647 * XXX - assumes a 2-byte Frame Relay header with
3648 * DLCI and flags. What if the address is longer?
3649 *
3650 * XXX - what about SNAP-encapsulated frames?
3651 */
3652 return gen_cmp(2, BPF_H, (0x03<<8) | v);
3653 break;
3654
3655 case DLT_C_HDLC:
3656 /*
3657 * Cisco uses an Ethertype lookalike - for OSI,
3658 * it's 0xfefe.
3659 */
3660 b0 = gen_linktype(LLCSAP_ISONS<<8 | LLCSAP_ISONS);
3661 /* OSI in C-HDLC is stuffed with a fudge byte */
3662 b1 = gen_cmp(off_nl_nosnap+1, BPF_B, (long)v);
3663 gen_and(b0, b1);
3664 return b1;
3665
3666 default:
3667 b0 = gen_linktype(LLCSAP_ISONS);
3668 b1 = gen_cmp(off_nl_nosnap, BPF_B, (long)v);
3669 gen_and(b0, b1);
3670 return b1;
3671 }
3672
3673 case Q_ISIS:
3674 b0 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT);
3675 /*
3676 * 4 is the offset of the PDU type relative to the IS-IS
3677 * header.
3678 */
3679 b1 = gen_cmp(off_nl_nosnap+4, BPF_B, (long)v);
3680 gen_and(b0, b1);
3681 return b1;
3682
3683 case Q_ARP:
3684 bpf_error("arp does not encapsulate another protocol");
3685 /* NOTREACHED */
3686
3687 case Q_RARP:
3688 bpf_error("rarp does not encapsulate another protocol");
3689 /* NOTREACHED */
3690
3691 case Q_ATALK:
3692 bpf_error("atalk encapsulation is not specifiable");
3693 /* NOTREACHED */
3694
3695 case Q_DECNET:
3696 bpf_error("decnet encapsulation is not specifiable");
3697 /* NOTREACHED */
3698
3699 case Q_SCA:
3700 bpf_error("sca does not encapsulate another protocol");
3701 /* NOTREACHED */
3702
3703 case Q_LAT:
3704 bpf_error("lat does not encapsulate another protocol");
3705 /* NOTREACHED */
3706
3707 case Q_MOPRC:
3708 bpf_error("moprc does not encapsulate another protocol");
3709 /* NOTREACHED */
3710
3711 case Q_MOPDL:
3712 bpf_error("mopdl does not encapsulate another protocol");
3713 /* NOTREACHED */
3714
3715 case Q_LINK:
3716 return gen_linktype(v);
3717
3718 case Q_UDP:
3719 bpf_error("'udp proto' is bogus");
3720 /* NOTREACHED */
3721
3722 case Q_TCP:
3723 bpf_error("'tcp proto' is bogus");
3724 /* NOTREACHED */
3725
3726 case Q_SCTP:
3727 bpf_error("'sctp proto' is bogus");
3728 /* NOTREACHED */
3729
3730 case Q_ICMP:
3731 bpf_error("'icmp proto' is bogus");
3732 /* NOTREACHED */
3733
3734 case Q_IGMP:
3735 bpf_error("'igmp proto' is bogus");
3736 /* NOTREACHED */
3737
3738 case Q_IGRP:
3739 bpf_error("'igrp proto' is bogus");
3740 /* NOTREACHED */
3741
3742 case Q_PIM:
3743 bpf_error("'pim proto' is bogus");
3744 /* NOTREACHED */
3745
3746 case Q_VRRP:
3747 bpf_error("'vrrp proto' is bogus");
3748 /* NOTREACHED */
3749
3750 #ifdef INET6
3751 case Q_IPV6:
3752 b0 = gen_linktype(ETHERTYPE_IPV6);
3753 #ifndef CHASE_CHAIN
3754 b1 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)v);
3755 #else
3756 b1 = gen_protochain(v, Q_IPV6);
3757 #endif
3758 gen_and(b0, b1);
3759 return b1;
3760
3761 case Q_ICMPV6:
3762 bpf_error("'icmp6 proto' is bogus");
3763 #endif /* INET6 */
3764
3765 case Q_AH:
3766 bpf_error("'ah proto' is bogus");
3767
3768 case Q_ESP:
3769 bpf_error("'ah proto' is bogus");
3770
3771 case Q_STP:
3772 bpf_error("'stp proto' is bogus");
3773
3774 case Q_IPX:
3775 bpf_error("'ipx proto' is bogus");
3776
3777 case Q_NETBEUI:
3778 bpf_error("'netbeui proto' is bogus");
3779
3780 default:
3781 abort();
3782 /* NOTREACHED */
3783 }
3784 /* NOTREACHED */
3785 }
3786
3787 struct block *
3788 gen_scode(name, q)
3789 register const char *name;
3790 struct qual q;
3791 {
3792 int proto = q.proto;
3793 int dir = q.dir;
3794 int tproto;
3795 u_char *eaddr;
3796 bpf_u_int32 mask, addr;
3797 #ifndef INET6
3798 bpf_u_int32 **alist;
3799 #else
3800 int tproto6;
3801 struct sockaddr_in *sin;
3802 struct sockaddr_in6 *sin6;
3803 struct addrinfo *res, *res0;
3804 struct in6_addr mask128;
3805 #endif /*INET6*/
3806 struct block *b, *tmp;
3807 int port, real_proto;
3808
3809 switch (q.addr) {
3810
3811 case Q_NET:
3812 addr = pcap_nametonetaddr(name);
3813 if (addr == 0)
3814 bpf_error("unknown network '%s'", name);
3815 /* Left justify network addr and calculate its network mask */
3816 mask = 0xffffffff;
3817 while (addr && (addr & 0xff000000) == 0) {
3818 addr <<= 8;
3819 mask <<= 8;
3820 }
3821 return gen_host(addr, mask, proto, dir);
3822
3823 case Q_DEFAULT:
3824 case Q_HOST:
3825 if (proto == Q_LINK) {
3826 switch (linktype) {
3827
3828 case DLT_EN10MB:
3829 eaddr = pcap_ether_hostton(name);
3830 if (eaddr == NULL)
3831 bpf_error(
3832 "unknown ether host '%s'", name);
3833 b = gen_ehostop(eaddr, dir);
3834 free(eaddr);
3835 return b;
3836
3837 case DLT_FDDI:
3838 eaddr = pcap_ether_hostton(name);
3839 if (eaddr == NULL)
3840 bpf_error(
3841 "unknown FDDI host '%s'", name);
3842 b = gen_fhostop(eaddr, dir);
3843 free(eaddr);
3844 return b;
3845
3846 case DLT_IEEE802:
3847 eaddr = pcap_ether_hostton(name);
3848 if (eaddr == NULL)
3849 bpf_error(
3850 "unknown token ring host '%s'", name);
3851 b = gen_thostop(eaddr, dir);
3852 free(eaddr);
3853 return b;
3854
3855 case DLT_IEEE802_11:
3856 eaddr = pcap_ether_hostton(name);
3857 if (eaddr == NULL)
3858 bpf_error(
3859 "unknown 802.11 host '%s'", name);
3860 b = gen_wlanhostop(eaddr, dir);
3861 free(eaddr);
3862 return b;
3863
3864 case DLT_IP_OVER_FC:
3865 eaddr = pcap_ether_hostton(name);
3866 if (eaddr == NULL)
3867 bpf_error(
3868 "unknown Fibre Channel host '%s'", name);
3869 b = gen_ipfchostop(eaddr, dir);
3870 free(eaddr);
3871 return b;
3872
3873 case DLT_SUNATM:
3874 if (!is_lane)
3875 break;
3876
3877 /*
3878 * Check that the packet doesn't begin
3879 * with an LE Control marker. (We've
3880 * already generated a test for LANE.)
3881 */
3882 tmp = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H,
3883 0xFF00);
3884 gen_not(tmp);
3885
3886 eaddr = pcap_ether_hostton(name);
3887 if (eaddr == NULL)
3888 bpf_error(
3889 "unknown ether host '%s'", name);
3890 b = gen_ehostop(eaddr, dir);
3891 gen_and(tmp, b);
3892 free(eaddr);
3893 return b;
3894 }
3895
3896 bpf_error("only ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel supports link-level host name");
3897 } else if (proto == Q_DECNET) {
3898 unsigned short dn_addr = __pcap_nametodnaddr(name);
3899 /*
3900 * I don't think DECNET hosts can be multihomed, so
3901 * there is no need to build up a list of addresses
3902 */
3903 return (gen_host(dn_addr, 0, proto, dir));
3904 } else {
3905 #ifndef INET6
3906 alist = pcap_nametoaddr(name);
3907 if (alist == NULL || *alist == NULL)
3908 bpf_error("unknown host '%s'", name);
3909 tproto = proto;
3910 if (off_linktype == (u_int)-1 && tproto == Q_DEFAULT)
3911 tproto = Q_IP;
3912 b = gen_host(**alist++, 0xffffffff, tproto, dir);
3913 while (*alist) {
3914 tmp = gen_host(**alist++, 0xffffffff,
3915 tproto, dir);
3916 gen_or(b, tmp);
3917 b = tmp;
3918 }
3919 return b;
3920 #else
3921 memset(&mask128, 0xff, sizeof(mask128));
3922 res0 = res = pcap_nametoaddrinfo(name);
3923 if (res == NULL)
3924 bpf_error("unknown host '%s'", name);
3925 b = tmp = NULL;
3926 tproto = tproto6 = proto;
3927 if (off_linktype == -1 && tproto == Q_DEFAULT) {
3928 tproto = Q_IP;
3929 tproto6 = Q_IPV6;
3930 }
3931 for (res = res0; res; res = res->ai_next) {
3932 switch (res->ai_family) {
3933 case AF_INET:
3934 if (tproto == Q_IPV6)
3935 continue;
3936
3937 sin = (struct sockaddr_in *)
3938 res->ai_addr;
3939 tmp = gen_host(ntohl(sin->sin_addr.s_addr),
3940 0xffffffff, tproto, dir);
3941 break;
3942 case AF_INET6:
3943 if (tproto6 == Q_IP)
3944 continue;
3945
3946 sin6 = (struct sockaddr_in6 *)
3947 res->ai_addr;
3948 tmp = gen_host6(&sin6->sin6_addr,
3949 &mask128, tproto6, dir);
3950 break;
3951 default:
3952 continue;
3953 }
3954 if (b)
3955 gen_or(b, tmp);
3956 b = tmp;
3957 }
3958 freeaddrinfo(res0);
3959 if (b == NULL) {
3960 bpf_error("unknown host '%s'%s", name,
3961 (proto == Q_DEFAULT)
3962 ? ""
3963 : " for specified address family");
3964 }
3965 return b;
3966 #endif /*INET6*/
3967 }
3968
3969 case Q_PORT:
3970 if (proto != Q_DEFAULT &&
3971 proto != Q_UDP && proto != Q_TCP && proto != Q_SCTP)
3972 bpf_error("illegal qualifier of 'port'");
3973 if (pcap_nametoport(name, &port, &real_proto) == 0)
3974 bpf_error("unknown port '%s'", name);
3975 if (proto == Q_UDP) {
3976 if (real_proto == IPPROTO_TCP)
3977 bpf_error("port '%s' is tcp", name);
3978 else if (real_proto == IPPROTO_SCTP)
3979 bpf_error("port '%s' is sctp", name);
3980 else
3981 /* override PROTO_UNDEF */
3982 real_proto = IPPROTO_UDP;
3983 }
3984 if (proto == Q_TCP) {
3985 if (real_proto == IPPROTO_UDP)
3986 bpf_error("port '%s' is udp", name);
3987
3988 else if (real_proto == IPPROTO_SCTP)
3989 bpf_error("port '%s' is sctp", name);
3990 else
3991 /* override PROTO_UNDEF */
3992 real_proto = IPPROTO_TCP;
3993 }
3994 if (proto == Q_SCTP) {
3995 if (real_proto == IPPROTO_UDP)
3996 bpf_error("port '%s' is udp", name);
3997
3998 else if (real_proto == IPPROTO_TCP)
3999 bpf_error("port '%s' is tcp", name);
4000 else
4001 /* override PROTO_UNDEF */
4002 real_proto = IPPROTO_SCTP;
4003 }
4004 #ifndef INET6
4005 return gen_port(port, real_proto, dir);
4006 #else
4007 {
4008 struct block *b;
4009 b = gen_port(port, real_proto, dir);
4010 gen_or(gen_port6(port, real_proto, dir), b);
4011 return b;
4012 }
4013 #endif /* INET6 */
4014
4015 case Q_GATEWAY:
4016 #ifndef INET6
4017 eaddr = pcap_ether_hostton(name);
4018 if (eaddr == NULL)
4019 bpf_error("unknown ether host: %s", name);
4020
4021 alist = pcap_nametoaddr(name);
4022 if (alist == NULL || *alist == NULL)
4023 bpf_error("unknown host '%s'", name);
4024 b = gen_gateway(eaddr, alist, proto, dir);
4025 free(eaddr);
4026 return b;
4027 #else
4028 bpf_error("'gateway' not supported in this configuration");
4029 #endif /*INET6*/
4030
4031 case Q_PROTO:
4032 real_proto = lookup_proto(name, proto);
4033 if (real_proto >= 0)
4034 return gen_proto(real_proto, proto, dir);
4035 else
4036 bpf_error("unknown protocol: %s", name);
4037
4038 case Q_PROTOCHAIN:
4039 real_proto = lookup_proto(name, proto);
4040 if (real_proto >= 0)
4041 return gen_protochain(real_proto, proto, dir);
4042 else
4043 bpf_error("unknown protocol: %s", name);
4044
4045
4046 case Q_UNDEF:
4047 syntax();
4048 /* NOTREACHED */
4049 }
4050 abort();
4051 /* NOTREACHED */
4052 }
4053
4054 struct block *
4055 gen_mcode(s1, s2, masklen, q)
4056 register const char *s1, *s2;
4057 register int masklen;
4058 struct qual q;
4059 {
4060 register int nlen, mlen;
4061 bpf_u_int32 n, m;
4062
4063 nlen = __pcap_atoin(s1, &n);
4064 /* Promote short ipaddr */
4065 n <<= 32 - nlen;
4066
4067 if (s2 != NULL) {
4068 mlen = __pcap_atoin(s2, &m);
4069 /* Promote short ipaddr */
4070 m <<= 32 - mlen;
4071 if ((n & ~m) != 0)
4072 bpf_error("non-network bits set in \"%s mask %s\"",
4073 s1, s2);
4074 } else {
4075 /* Convert mask len to mask */
4076 if (masklen > 32)
4077 bpf_error("mask length must be <= 32");
4078 m = 0xffffffff << (32 - masklen);
4079 if ((n & ~m) != 0)
4080 bpf_error("non-network bits set in \"%s/%d\"",
4081 s1, masklen);
4082 }
4083
4084 switch (q.addr) {
4085
4086 case Q_NET:
4087 return gen_host(n, m, q.proto, q.dir);
4088
4089 default:
4090 bpf_error("Mask syntax for networks only");
4091 /* NOTREACHED */
4092 }
4093 }
4094
4095 struct block *
4096 gen_ncode(s, v, q)
4097 register const char *s;
4098 bpf_u_int32 v;
4099 struct qual q;
4100 {
4101 bpf_u_int32 mask;
4102 int proto = q.proto;
4103 int dir = q.dir;
4104 register int vlen;
4105
4106 if (s == NULL)
4107 vlen = 32;
4108 else if (q.proto == Q_DECNET)
4109 vlen = __pcap_atodn(s, &v);
4110 else
4111 vlen = __pcap_atoin(s, &v);
4112
4113 switch (q.addr) {
4114
4115 case Q_DEFAULT:
4116 case Q_HOST:
4117 case Q_NET:
4118 if (proto == Q_DECNET)
4119 return gen_host(v, 0, proto, dir);
4120 else if (proto == Q_LINK) {
4121 bpf_error("illegal link layer address");
4122 } else {
4123 mask = 0xffffffff;
4124 if (s == NULL && q.addr == Q_NET) {
4125 /* Promote short net number */
4126 while (v && (v & 0xff000000) == 0) {
4127 v <<= 8;
4128 mask <<= 8;
4129 }
4130 } else {
4131 /* Promote short ipaddr */
4132 v <<= 32 - vlen;
4133 mask <<= 32 - vlen;
4134 }
4135 return gen_host(v, mask, proto, dir);
4136 }
4137
4138 case Q_PORT:
4139 if (proto == Q_UDP)
4140 proto = IPPROTO_UDP;
4141 else if (proto == Q_TCP)
4142 proto = IPPROTO_TCP;
4143 else if (proto == Q_SCTP)
4144 proto = IPPROTO_SCTP;
4145 else if (proto == Q_DEFAULT)
4146 proto = PROTO_UNDEF;
4147 else
4148 bpf_error("illegal qualifier of 'port'");
4149
4150 #ifndef INET6
4151 return gen_port((int)v, proto, dir);
4152 #else
4153 {
4154 struct block *b;
4155 b = gen_port((int)v, proto, dir);
4156 gen_or(gen_port6((int)v, proto, dir), b);
4157 return b;
4158 }
4159 #endif /* INET6 */
4160
4161 case Q_GATEWAY:
4162 bpf_error("'gateway' requires a name");
4163 /* NOTREACHED */
4164
4165 case Q_PROTO:
4166 return gen_proto((int)v, proto, dir);
4167
4168 case Q_PROTOCHAIN:
4169 return gen_protochain((int)v, proto, dir);
4170
4171 case Q_UNDEF:
4172 syntax();
4173 /* NOTREACHED */
4174
4175 default:
4176 abort();
4177 /* NOTREACHED */
4178 }
4179 /* NOTREACHED */
4180 }
4181
4182 #ifdef INET6
4183 struct block *
4184 gen_mcode6(s1, s2, masklen, q)
4185 register const char *s1, *s2;
4186 register int masklen;
4187 struct qual q;
4188 {
4189 struct addrinfo *res;
4190 struct in6_addr *addr;
4191 struct in6_addr mask;
4192 struct block *b;
4193 u_int32_t *a, *m;
4194
4195 if (s2)
4196 bpf_error("no mask %s supported", s2);
4197
4198 res = pcap_nametoaddrinfo(s1);
4199 if (!res)
4200 bpf_error("invalid ip6 address %s", s1);
4201 if (res->ai_next)
4202 bpf_error("%s resolved to multiple address", s1);
4203 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr;
4204
4205 if (sizeof(mask) * 8 < masklen)
4206 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8));
4207 memset(&mask, 0, sizeof(mask));
4208 memset(&mask, 0xff, masklen / 8);
4209 if (masklen % 8) {
4210 mask.s6_addr[masklen / 8] =
4211 (0xff << (8 - masklen % 8)) & 0xff;
4212 }
4213
4214 a = (u_int32_t *)addr;
4215 m = (u_int32_t *)&mask;
4216 if ((a[0] & ~m[0]) || (a[1] & ~m[1])
4217 || (a[2] & ~m[2]) || (a[3] & ~m[3])) {
4218 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen);
4219 }
4220
4221 switch (q.addr) {
4222
4223 case Q_DEFAULT:
4224 case Q_HOST:
4225 if (masklen != 128)
4226 bpf_error("Mask syntax for networks only");
4227 /* FALLTHROUGH */
4228
4229 case Q_NET:
4230 b = gen_host6(addr, &mask, q.proto, q.dir);
4231 freeaddrinfo(res);
4232 return b;
4233
4234 default:
4235 bpf_error("invalid qualifier against IPv6 address");
4236 /* NOTREACHED */
4237 }
4238 }
4239 #endif /*INET6*/
4240
4241 struct block *
4242 gen_ecode(eaddr, q)
4243 register const u_char *eaddr;
4244 struct qual q;
4245 {
4246 struct block *b, *tmp;
4247
4248 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
4249 if (linktype == DLT_EN10MB)
4250 return gen_ehostop(eaddr, (int)q.dir);
4251 if (linktype == DLT_FDDI)
4252 return gen_fhostop(eaddr, (int)q.dir);
4253 if (linktype == DLT_IEEE802)
4254 return gen_thostop(eaddr, (int)q.dir);
4255 if (linktype == DLT_IEEE802_11)
4256 return gen_wlanhostop(eaddr, (int)q.dir);
4257 if (linktype == DLT_SUNATM && is_lane) {
4258 /*
4259 * Check that the packet doesn't begin with an
4260 * LE Control marker. (We've already generated
4261 * a test for LANE.)
4262 */
4263 tmp = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
4264 gen_not(tmp);
4265
4266 /*
4267 * Now check the MAC address.
4268 */
4269 b = gen_ehostop(eaddr, (int)q.dir);
4270 gen_and(tmp, b);
4271 return b;
4272 }
4273 if (linktype == DLT_IP_OVER_FC)
4274 return gen_ipfchostop(eaddr, (int)q.dir);
4275 bpf_error("ethernet addresses supported only on ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel");
4276 }
4277 bpf_error("ethernet address used in non-ether expression");
4278 /* NOTREACHED */
4279 }
4280
4281 void
4282 sappend(s0, s1)
4283 struct slist *s0, *s1;
4284 {
4285 /*
4286 * This is definitely not the best way to do this, but the
4287 * lists will rarely get long.
4288 */
4289 while (s0->next)
4290 s0 = s0->next;
4291 s0->next = s1;
4292 }
4293
4294 static struct slist *
4295 xfer_to_x(a)
4296 struct arth *a;
4297 {
4298 struct slist *s;
4299
4300 s = new_stmt(BPF_LDX|BPF_MEM);
4301 s->s.k = a->regno;
4302 return s;
4303 }
4304
4305 static struct slist *
4306 xfer_to_a(a)
4307 struct arth *a;
4308 {
4309 struct slist *s;
4310
4311 s = new_stmt(BPF_LD|BPF_MEM);
4312 s->s.k = a->regno;
4313 return s;
4314 }
4315
4316 struct arth *
4317 gen_load(proto, index, size)
4318 int proto;
4319 struct arth *index;
4320 int size;
4321 {
4322 struct slist *s, *tmp;
4323 struct block *b;
4324 int regno = alloc_reg();
4325
4326 free_reg(index->regno);
4327 switch (size) {
4328
4329 default:
4330 bpf_error("data size must be 1, 2, or 4");
4331
4332 case 1:
4333 size = BPF_B;
4334 break;
4335
4336 case 2:
4337 size = BPF_H;
4338 break;
4339
4340 case 4:
4341 size = BPF_W;
4342 break;
4343 }
4344 switch (proto) {
4345 default:
4346 bpf_error("unsupported index operation");
4347
4348 case Q_LINK:
4349 /*
4350 * XXX - what about ATM LANE? Should the index be
4351 * relative to the beginning of the AAL5 frame, so
4352 * that 0 refers to the beginning of the LE Control
4353 * field, or relative to the beginning of the LAN
4354 * frame, so that 0 refers, for Ethernet LANE, to
4355 * the beginning of the destination address?
4356 */
4357 s = xfer_to_x(index);
4358 tmp = new_stmt(BPF_LD|BPF_IND|size);
4359 sappend(s, tmp);
4360 sappend(index->s, s);
4361 break;
4362
4363 case Q_IP:
4364 case Q_ARP:
4365 case Q_RARP:
4366 case Q_ATALK:
4367 case Q_DECNET:
4368 case Q_SCA:
4369 case Q_LAT:
4370 case Q_MOPRC:
4371 case Q_MOPDL:
4372 #ifdef INET6
4373 case Q_IPV6:
4374 #endif
4375 /* XXX Note that we assume a fixed link header here. */
4376 s = xfer_to_x(index);
4377 tmp = new_stmt(BPF_LD|BPF_IND|size);
4378 tmp->s.k = off_nl;
4379 sappend(s, tmp);
4380 sappend(index->s, s);
4381
4382 b = gen_proto_abbrev(proto);
4383 if (index->b)
4384 gen_and(index->b, b);
4385 index->b = b;
4386 break;
4387
4388 case Q_SCTP:
4389 case Q_TCP:
4390 case Q_UDP:
4391 case Q_ICMP:
4392 case Q_IGMP:
4393 case Q_IGRP:
4394 case Q_PIM:
4395 case Q_VRRP:
4396 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
4397 s->s.k = off_nl;
4398 sappend(s, xfer_to_a(index));
4399 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X));
4400 sappend(s, new_stmt(BPF_MISC|BPF_TAX));
4401 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size));
4402 tmp->s.k = off_nl;
4403 sappend(index->s, s);
4404
4405 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag());
4406 if (index->b)
4407 gen_and(index->b, b);
4408 #ifdef INET6
4409 gen_and(gen_proto_abbrev(Q_IP), b);
4410 #endif
4411 index->b = b;
4412 break;
4413 #ifdef INET6
4414 case Q_ICMPV6:
4415 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]");
4416 /*NOTREACHED*/
4417 #endif
4418 }
4419 index->regno = regno;
4420 s = new_stmt(BPF_ST);
4421 s->s.k = regno;
4422 sappend(index->s, s);
4423
4424 return index;
4425 }
4426
4427 struct block *
4428 gen_relation(code, a0, a1, reversed)
4429 int code;
4430 struct arth *a0, *a1;
4431 int reversed;
4432 {
4433 struct slist *s0, *s1, *s2;
4434 struct block *b, *tmp;
4435
4436 s0 = xfer_to_x(a1);
4437 s1 = xfer_to_a(a0);
4438 if (code == BPF_JEQ) {
4439 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X);
4440 b = new_block(JMP(code));
4441 sappend(s1, s2);
4442 }
4443 else
4444 b = new_block(BPF_JMP|code|BPF_X);
4445 if (reversed)
4446 gen_not(b);
4447
4448 sappend(s0, s1);
4449 sappend(a1->s, s0);
4450 sappend(a0->s, a1->s);
4451
4452 b->stmts = a0->s;
4453
4454 free_reg(a0->regno);
4455 free_reg(a1->regno);
4456
4457 /* 'and' together protocol checks */
4458 if (a0->b) {
4459 if (a1->b) {
4460 gen_and(a0->b, tmp = a1->b);
4461 }
4462 else
4463 tmp = a0->b;
4464 } else
4465 tmp = a1->b;
4466
4467 if (tmp)
4468 gen_and(tmp, b);
4469
4470 return b;
4471 }
4472
4473 struct arth *
4474 gen_loadlen()
4475 {
4476 int regno = alloc_reg();
4477 struct arth *a = (struct arth *)newchunk(sizeof(*a));
4478 struct slist *s;
4479
4480 s = new_stmt(BPF_LD|BPF_LEN);
4481 s->next = new_stmt(BPF_ST);
4482 s->next->s.k = regno;
4483 a->s = s;
4484 a->regno = regno;
4485
4486 return a;
4487 }
4488
4489 struct arth *
4490 gen_loadi(val)
4491 int val;
4492 {
4493 struct arth *a;
4494 struct slist *s;
4495 int reg;
4496
4497 a = (struct arth *)newchunk(sizeof(*a));
4498
4499 reg = alloc_reg();
4500
4501 s = new_stmt(BPF_LD|BPF_IMM);
4502 s->s.k = val;
4503 s->next = new_stmt(BPF_ST);
4504 s->next->s.k = reg;
4505 a->s = s;
4506 a->regno = reg;
4507
4508 return a;
4509 }
4510
4511 struct arth *
4512 gen_neg(a)
4513 struct arth *a;
4514 {
4515 struct slist *s;
4516
4517 s = xfer_to_a(a);
4518 sappend(a->s, s);
4519 s = new_stmt(BPF_ALU|BPF_NEG);
4520 s->s.k = 0;
4521 sappend(a->s, s);
4522 s = new_stmt(BPF_ST);
4523 s->s.k = a->regno;
4524 sappend(a->s, s);
4525
4526 return a;
4527 }
4528
4529 struct arth *
4530 gen_arth(code, a0, a1)
4531 int code;
4532 struct arth *a0, *a1;
4533 {
4534 struct slist *s0, *s1, *s2;
4535
4536 s0 = xfer_to_x(a1);
4537 s1 = xfer_to_a(a0);
4538 s2 = new_stmt(BPF_ALU|BPF_X|code);
4539
4540 sappend(s1, s2);
4541 sappend(s0, s1);
4542 sappend(a1->s, s0);
4543 sappend(a0->s, a1->s);
4544
4545 free_reg(a0->regno);
4546 free_reg(a1->regno);
4547
4548 s0 = new_stmt(BPF_ST);
4549 a0->regno = s0->s.k = alloc_reg();
4550 sappend(a0->s, s0);
4551
4552 return a0;
4553 }
4554
4555 /*
4556 * Here we handle simple allocation of the scratch registers.
4557 * If too many registers are alloc'd, the allocator punts.
4558 */
4559 static int regused[BPF_MEMWORDS];
4560 static int curreg;
4561
4562 /*
4563 * Return the next free register.
4564 */
4565 static int
4566 alloc_reg()
4567 {
4568 int n = BPF_MEMWORDS;
4569
4570 while (--n >= 0) {
4571 if (regused[curreg])
4572 curreg = (curreg + 1) % BPF_MEMWORDS;
4573 else {
4574 regused[curreg] = 1;
4575 return curreg;
4576 }
4577 }
4578 bpf_error("too many registers needed to evaluate expression");
4579 /* NOTREACHED */
4580 }
4581
4582 /*
4583 * Return a register to the table so it can
4584 * be used later.
4585 */
4586 static void
4587 free_reg(n)
4588 int n;
4589 {
4590 regused[n] = 0;
4591 }
4592
4593 static struct block *
4594 gen_len(jmp, n)
4595 int jmp, n;
4596 {
4597 struct slist *s;
4598 struct block *b;
4599
4600 s = new_stmt(BPF_LD|BPF_LEN);
4601 b = new_block(JMP(jmp));
4602 b->stmts = s;
4603 b->s.k = n;
4604
4605 return b;
4606 }
4607
4608 struct block *
4609 gen_greater(n)
4610 int n;
4611 {
4612 return gen_len(BPF_JGE, n);
4613 }
4614
4615 /*
4616 * Actually, this is less than or equal.
4617 */
4618 struct block *
4619 gen_less(n)
4620 int n;
4621 {
4622 struct block *b;
4623
4624 b = gen_len(BPF_JGT, n);
4625 gen_not(b);
4626
4627 return b;
4628 }
4629
4630 struct block *
4631 gen_byteop(op, idx, val)
4632 int op, idx, val;
4633 {
4634 struct block *b;
4635 struct slist *s;
4636
4637 switch (op) {
4638 default:
4639 abort();
4640
4641 case '=':
4642 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
4643
4644 case '<':
4645 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
4646 b->s.code = JMP(BPF_JGE);
4647 gen_not(b);
4648 return b;
4649
4650 case '>':
4651 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
4652 b->s.code = JMP(BPF_JGT);
4653 return b;
4654
4655 case '|':
4656 s = new_stmt(BPF_ALU|BPF_OR|BPF_K);
4657 break;
4658
4659 case '&':
4660 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
4661 break;
4662 }
4663 s->s.k = val;
4664 b = new_block(JMP(BPF_JEQ));
4665 b->stmts = s;
4666 gen_not(b);
4667
4668 return b;
4669 }
4670
4671 static u_char abroadcast[] = { 0x0 };
4672
4673 struct block *
4674 gen_broadcast(proto)
4675 int proto;
4676 {
4677 bpf_u_int32 hostmask;
4678 struct block *b0, *b1, *b2;
4679 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
4680
4681 switch (proto) {
4682
4683 case Q_DEFAULT:
4684 case Q_LINK:
4685 if (linktype == DLT_ARCNET || linktype == DLT_ARCNET_LINUX)
4686 return gen_ahostop(abroadcast, Q_DST);
4687 if (linktype == DLT_EN10MB)
4688 return gen_ehostop(ebroadcast, Q_DST);
4689 if (linktype == DLT_FDDI)
4690 return gen_fhostop(ebroadcast, Q_DST);
4691 if (linktype == DLT_IEEE802)
4692 return gen_thostop(ebroadcast, Q_DST);
4693 if (linktype == DLT_IEEE802_11)
4694 return gen_wlanhostop(ebroadcast, Q_DST);
4695 if (linktype == DLT_IP_OVER_FC)
4696 return gen_ipfchostop(ebroadcast, Q_DST);
4697 if (linktype == DLT_SUNATM && is_lane) {
4698 /*
4699 * Check that the packet doesn't begin with an
4700 * LE Control marker. (We've already generated
4701 * a test for LANE.)
4702 */
4703 b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
4704 gen_not(b1);
4705
4706 /*
4707 * Now check the MAC address.
4708 */
4709 b0 = gen_ehostop(ebroadcast, Q_DST);
4710 gen_and(b1, b0);
4711 return b0;
4712 }
4713 bpf_error("not a broadcast link");
4714 break;
4715
4716 case Q_IP:
4717 b0 = gen_linktype(ETHERTYPE_IP);
4718 hostmask = ~netmask;
4719 b1 = gen_mcmp(off_nl + 16, BPF_W, (bpf_int32)0, hostmask);
4720 b2 = gen_mcmp(off_nl + 16, BPF_W,
4721 (bpf_int32)(~0 & hostmask), hostmask);
4722 gen_or(b1, b2);
4723 gen_and(b0, b2);
4724 return b2;
4725 }
4726 bpf_error("only link-layer/IP broadcast filters supported");
4727 }
4728
4729 /*
4730 * Generate code to test the low-order bit of a MAC address (that's
4731 * the bottom bit of the *first* byte).
4732 */
4733 static struct block *
4734 gen_mac_multicast(offset)
4735 int offset;
4736 {
4737 register struct block *b0;
4738 register struct slist *s;
4739
4740 /* link[offset] & 1 != 0 */
4741 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4742 s->s.k = offset;
4743 b0 = new_block(JMP(BPF_JSET));
4744 b0->s.k = 1;
4745 b0->stmts = s;
4746 return b0;
4747 }
4748
4749 struct block *
4750 gen_multicast(proto)
4751 int proto;
4752 {
4753 register struct block *b0, *b1, *b2;
4754 register struct slist *s;
4755
4756 switch (proto) {
4757
4758 case Q_DEFAULT:
4759 case Q_LINK:
4760 if (linktype == DLT_ARCNET || linktype == DLT_ARCNET_LINUX)
4761 /* all ARCnet multicasts use the same address */
4762 return gen_ahostop(abroadcast, Q_DST);
4763
4764 if (linktype == DLT_EN10MB) {
4765 /* ether[0] & 1 != 0 */
4766 return gen_mac_multicast(0);
4767 }
4768
4769 if (linktype == DLT_FDDI) {
4770 /*
4771 * XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX
4772 *
4773 * XXX - was that referring to bit-order issues?
4774 */
4775 /* fddi[1] & 1 != 0 */
4776 return gen_mac_multicast(1);
4777 }
4778
4779 if (linktype == DLT_IEEE802) {
4780 /* tr[2] & 1 != 0 */
4781 return gen_mac_multicast(2);
4782 }
4783
4784 if (linktype == DLT_IEEE802_11) {
4785 /*
4786 * Oh, yuk.
4787 *
4788 * For control frames, there is no DA.
4789 *
4790 * For management frames, DA is at an
4791 * offset of 4 from the beginning of
4792 * the packet.
4793 *
4794 * For data frames, DA is at an offset
4795 * of 4 from the beginning of the packet
4796 * if To DS is clear and at an offset of
4797 * 16 from the beginning of the packet
4798 * if To DS is set.
4799 */
4800
4801 /*
4802 * Generate the tests to be done for data frames.
4803 *
4804 * First, check for To DS set, i.e. "link[1] & 0x01".
4805 */
4806 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4807 s->s.k = 1;
4808 b1 = new_block(JMP(BPF_JSET));
4809 b1->s.k = 0x01; /* To DS */
4810 b1->stmts = s;
4811
4812 /*
4813 * If To DS is set, the DA is at 16.
4814 */
4815 b0 = gen_mac_multicast(16);
4816 gen_and(b1, b0);
4817
4818 /*
4819 * Now, check for To DS not set, i.e. check
4820 * "!(link[1] & 0x01)".
4821 */
4822 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4823 s->s.k = 1;
4824 b2 = new_block(JMP(BPF_JSET));
4825 b2->s.k = 0x01; /* To DS */
4826 b2->stmts = s;
4827 gen_not(b2);
4828
4829 /*
4830 * If To DS is not set, the DA is at 4.
4831 */
4832 b1 = gen_mac_multicast(4);
4833 gen_and(b2, b1);
4834
4835 /*
4836 * Now OR together the last two checks. That gives
4837 * the complete set of checks for data frames.
4838 */
4839 gen_or(b1, b0);
4840
4841 /*
4842 * Now check for a data frame.
4843 * I.e, check "link[0] & 0x08".
4844 */
4845 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4846 s->s.k = 0;
4847 b1 = new_block(JMP(BPF_JSET));
4848 b1->s.k = 0x08;
4849 b1->stmts = s;
4850
4851 /*
4852 * AND that with the checks done for data frames.
4853 */
4854 gen_and(b1, b0);
4855
4856 /*
4857 * If the high-order bit of the type value is 0, this
4858 * is a management frame.
4859 * I.e, check "!(link[0] & 0x08)".
4860 */
4861 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4862 s->s.k = 0;
4863 b2 = new_block(JMP(BPF_JSET));
4864 b2->s.k = 0x08;
4865 b2->stmts = s;
4866 gen_not(b2);
4867
4868 /*
4869 * For management frames, the DA is at 4.
4870 */
4871 b1 = gen_mac_multicast(4);
4872 gen_and(b2, b1);
4873
4874 /*
4875 * OR that with the checks done for data frames.
4876 * That gives the checks done for management and
4877 * data frames.
4878 */
4879 gen_or(b1, b0);
4880
4881 /*
4882 * If the low-order bit of the type value is 1,
4883 * this is either a control frame or a frame
4884 * with a reserved type, and thus not a
4885 * frame with an SA.
4886 *
4887 * I.e., check "!(link[0] & 0x04)".
4888 */
4889 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4890 s->s.k = 0;
4891 b1 = new_block(JMP(BPF_JSET));
4892 b1->s.k = 0x04;
4893 b1->stmts = s;
4894 gen_not(b1);
4895
4896 /*
4897 * AND that with the checks for data and management
4898 * frames.
4899 */
4900 gen_and(b1, b0);
4901 return b0;
4902 }
4903
4904 if (linktype == DLT_IP_OVER_FC) {
4905 b0 = gen_mac_multicast(2);
4906 return b0;
4907 }
4908
4909 if (linktype == DLT_SUNATM && is_lane) {
4910 /*
4911 * Check that the packet doesn't begin with an
4912 * LE Control marker. (We've already generated
4913 * a test for LANE.)
4914 */
4915 b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
4916 gen_not(b1);
4917
4918 /* ether[off_mac] & 1 != 0 */
4919 b0 = gen_mac_multicast(off_mac);
4920 gen_and(b1, b0);
4921 return b0;
4922 }
4923
4924 /* Link not known to support multicasts */
4925 break;
4926
4927 case Q_IP:
4928 b0 = gen_linktype(ETHERTYPE_IP);
4929 b1 = gen_cmp(off_nl + 16, BPF_B, (bpf_int32)224);
4930 b1->s.code = JMP(BPF_JGE);
4931 gen_and(b0, b1);
4932 return b1;
4933
4934 #ifdef INET6
4935 case Q_IPV6:
4936 b0 = gen_linktype(ETHERTYPE_IPV6);
4937 b1 = gen_cmp(off_nl + 24, BPF_B, (bpf_int32)255);
4938 gen_and(b0, b1);
4939 return b1;
4940 #endif /* INET6 */
4941 }
4942 bpf_error("link-layer multicast filters supported only on ethernet/FDDI/token ring/ARCNET/802.11/ATM LANE/Fibre Channel");
4943 }
4944
4945 /*
4946 * generate command for inbound/outbound. It's here so we can
4947 * make it link-type specific. 'dir' = 0 implies "inbound",
4948 * = 1 implies "outbound".
4949 */
4950 struct block *
4951 gen_inbound(dir)
4952 int dir;
4953 {
4954 register struct block *b0;
4955
4956 /*
4957 * Only some data link types support inbound/outbound qualifiers.
4958 */
4959 switch (linktype) {
4960 case DLT_SLIP:
4961 b0 = gen_relation(BPF_JEQ,
4962 gen_load(Q_LINK, gen_loadi(0), 1),
4963 gen_loadi(0),
4964 dir);
4965 break;
4966
4967 case DLT_LINUX_SLL:
4968 if (dir) {
4969 /*
4970 * Match packets sent by this machine.
4971 */
4972 b0 = gen_cmp(0, BPF_H, LINUX_SLL_OUTGOING);
4973 } else {
4974 /*
4975 * Match packets sent to this machine.
4976 * (No broadcast or multicast packets, or
4977 * packets sent to some other machine and
4978 * received promiscuously.)
4979 *
4980 * XXX - packets sent to other machines probably
4981 * shouldn't be matched, but what about broadcast
4982 * or multicast packets we received?
4983 */
4984 b0 = gen_cmp(0, BPF_H, LINUX_SLL_HOST);
4985 }
4986 break;
4987
4988 case DLT_PFLOG:
4989 b0 = gen_cmp(26, BPF_H,
4990 (bpf_int32)((dir == 0) ? PF_IN : PF_OUT));
4991 break;
4992
4993 default:
4994 bpf_error("inbound/outbound not supported on linktype %d",
4995 linktype);
4996 b0 = NULL;
4997 /* NOTREACHED */
4998 }
4999 return (b0);
5000 }
5001
5002 /* PF firewall log matched interface */
5003 struct block *
5004 gen_pf_ifname(const char *ifname)
5005 {
5006 if (linktype != DLT_PFLOG) {
5007 bpf_error("ifname supported only for DLT_PFLOG");
5008 /* NOTREACHED */
5009 }
5010 if (strlen(ifname) >= 16) {
5011 bpf_error("ifname interface names can't be larger than 16 characters");
5012 /* NOTREACHED */
5013 }
5014 return (gen_bcmp(4, strlen(ifname), (const u_char *)ifname));
5015 }
5016
5017
5018 /* PF firewall log rule number */
5019 struct block *
5020 gen_pf_rnr(int rnr)
5021 {
5022 if (linktype != DLT_PFLOG) {
5023 bpf_error("rnr supported only for DLT_PFLOG");
5024 /* NOTREACHED */
5025 }
5026
5027 return (gen_cmp(20, BPF_H, (bpf_int32)rnr));
5028 }
5029
5030 /* PF firewall log reason code */
5031 struct block *
5032 gen_pf_reason(int reason)
5033 {
5034 if (linktype != DLT_PFLOG) {
5035 bpf_error("reason supported only for DLT_PFLOG");
5036 /* NOTREACHED */
5037 }
5038
5039 return (gen_cmp(22, BPF_H, (bpf_int32)reason));
5040 }
5041
5042 /* PF firewall log action */
5043 struct block *
5044 gen_pf_action(int action)
5045 {
5046 if (linktype != DLT_PFLOG) {
5047 bpf_error("action supported only for DLT_PFLOG");
5048 /* NOTREACHED */
5049 }
5050
5051 return (gen_cmp(24, BPF_H, (bpf_int32)action));
5052 }
5053
5054 struct block *
5055 gen_acode(eaddr, q)
5056 register const u_char *eaddr;
5057 struct qual q;
5058 {
5059 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
5060 if (linktype == DLT_ARCNET || linktype == DLT_ARCNET_LINUX)
5061 return gen_ahostop(eaddr, (int)q.dir);
5062 }
5063 bpf_error("ARCnet address used in non-arc expression");
5064 /* NOTREACHED */
5065 }
5066
5067 static struct block *
5068 gen_ahostop(eaddr, dir)
5069 register const u_char *eaddr;
5070 register int dir;
5071 {
5072 register struct block *b0, *b1;
5073
5074 switch (dir) {
5075 /* src comes first, different from Ethernet */
5076 case Q_SRC:
5077 return gen_bcmp(0, 1, eaddr);
5078
5079 case Q_DST:
5080 return gen_bcmp(1, 1, eaddr);
5081
5082 case Q_AND:
5083 b0 = gen_ahostop(eaddr, Q_SRC);
5084 b1 = gen_ahostop(eaddr, Q_DST);
5085 gen_and(b0, b1);
5086 return b1;
5087
5088 case Q_DEFAULT:
5089 case Q_OR:
5090 b0 = gen_ahostop(eaddr, Q_SRC);
5091 b1 = gen_ahostop(eaddr, Q_DST);
5092 gen_or(b0, b1);
5093 return b1;
5094 }
5095 abort();
5096 /* NOTREACHED */
5097 }
5098
5099 /*
5100 * support IEEE 802.1Q VLAN trunk over ethernet
5101 */
5102 struct block *
5103 gen_vlan(vlan_num)
5104 int vlan_num;
5105 {
5106 struct block *b0;
5107
5108 /*
5109 * Change the offsets to point to the type and data fields within
5110 * the VLAN packet. This is somewhat of a kludge.
5111 */
5112 if (orig_nl == (u_int)-1) {
5113 orig_linktype = off_linktype; /* save original values */
5114 orig_nl = off_nl;
5115 orig_nl_nosnap = off_nl_nosnap;
5116
5117 switch (linktype) {
5118
5119 case DLT_EN10MB:
5120 off_linktype = 16;
5121 off_nl_nosnap = 18;
5122 off_nl = 18;
5123 break;
5124
5125 default:
5126 bpf_error("no VLAN support for data link type %d",
5127 linktype);
5128 /*NOTREACHED*/
5129 }
5130 }
5131
5132 /* check for VLAN */
5133 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q);
5134
5135 /* If a specific VLAN is requested, check VLAN id */
5136 if (vlan_num >= 0) {
5137 struct block *b1;
5138
5139 b1 = gen_cmp(orig_nl, BPF_H, (bpf_int32)vlan_num);
5140 gen_and(b0, b1);
5141 b0 = b1;
5142 }
5143
5144 return (b0);
5145 }
5146
5147 struct block *
5148 gen_atmfield_code(atmfield, jvalue, jtype, reverse)
5149 int atmfield;
5150 bpf_u_int32 jvalue;
5151 bpf_u_int32 jtype;
5152 int reverse;
5153 {
5154 struct block *b0;
5155
5156 switch (atmfield) {
5157
5158 case A_VPI:
5159 if (!is_atm)
5160 bpf_error("'vpi' supported only on raw ATM");
5161 if (off_vpi == (u_int)-1)
5162 abort();
5163 b0 = gen_ncmp(BPF_B, off_vpi, 0xffffffff, (u_int)jtype,
5164 (u_int)jvalue, reverse);
5165 break;
5166
5167 case A_VCI:
5168 if (!is_atm)
5169 bpf_error("'vci' supported only on raw ATM");
5170 if (off_vci == (u_int)-1)
5171 abort();
5172 b0 = gen_ncmp(BPF_H, off_vci, 0xffffffff, (u_int)jtype,
5173 (u_int)jvalue, reverse);
5174 break;
5175
5176 case A_PROTOTYPE:
5177 if (off_proto == (u_int)-1)
5178 abort(); /* XXX - this isn't on FreeBSD */
5179 b0 = gen_ncmp(BPF_B, off_proto, 0x0f, (u_int)jtype,
5180 (u_int)jvalue, reverse);
5181 break;
5182
5183 case A_MSGTYPE:
5184 if (off_payload == (u_int)-1)
5185 abort();
5186 b0 = gen_ncmp(BPF_B, off_payload + MSG_TYPE_POS, 0xffffffff,
5187 (u_int)jtype, (u_int)jvalue, reverse);
5188 break;
5189
5190 case A_CALLREFTYPE:
5191 if (!is_atm)
5192 bpf_error("'callref' supported only on raw ATM");
5193 if (off_proto == (u_int)-1)
5194 abort();
5195 b0 = gen_ncmp(BPF_B, off_proto, 0xffffffff, (u_int)jtype,
5196 (u_int)jvalue, reverse);
5197 break;
5198
5199 default:
5200 abort();
5201 }
5202 return b0;
5203 }
5204
5205 struct block *
5206 gen_atmtype_abbrev(type)
5207 int type;
5208 {
5209 struct block *b0, *b1;
5210
5211 switch (type) {
5212
5213 case A_METAC:
5214 /* Get all packets in Meta signalling Circuit */
5215 if (!is_atm)
5216 bpf_error("'metac' supported only on raw ATM");
5217 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5218 b1 = gen_atmfield_code(A_VCI, 1, BPF_JEQ, 0);
5219 gen_and(b0, b1);
5220 break;
5221
5222 case A_BCC:
5223 /* Get all packets in Broadcast Circuit*/
5224 if (!is_atm)
5225 bpf_error("'bcc' supported only on raw ATM");
5226 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5227 b1 = gen_atmfield_code(A_VCI, 2, BPF_JEQ, 0);
5228 gen_and(b0, b1);
5229 break;
5230
5231 case A_OAMF4SC:
5232 /* Get all cells in Segment OAM F4 circuit*/
5233 if (!is_atm)
5234 bpf_error("'oam4sc' supported only on raw ATM");
5235 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5236 b1 = gen_atmfield_code(A_VCI, 3, BPF_JEQ, 0);
5237 gen_and(b0, b1);
5238 break;
5239
5240 case A_OAMF4EC:
5241 /* Get all cells in End-to-End OAM F4 Circuit*/
5242 if (!is_atm)
5243 bpf_error("'oam4ec' supported only on raw ATM");
5244 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5245 b1 = gen_atmfield_code(A_VCI, 4, BPF_JEQ, 0);
5246 gen_and(b0, b1);
5247 break;
5248
5249 case A_SC:
5250 /* Get all packets in connection Signalling Circuit */
5251 if (!is_atm)
5252 bpf_error("'sc' supported only on raw ATM");
5253 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5254 b1 = gen_atmfield_code(A_VCI, 5, BPF_JEQ, 0);
5255 gen_and(b0, b1);
5256 break;
5257
5258 case A_ILMIC:
5259 /* Get all packets in ILMI Circuit */
5260 if (!is_atm)
5261 bpf_error("'ilmic' supported only on raw ATM");
5262 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5263 b1 = gen_atmfield_code(A_VCI, 16, BPF_JEQ, 0);
5264 gen_and(b0, b1);
5265 break;
5266
5267 case A_LANE:
5268 /* Get all LANE packets */
5269 if (!is_atm)
5270 bpf_error("'lane' supported only on raw ATM");
5271 b1 = gen_atmfield_code(A_PROTOTYPE, PT_LANE, BPF_JEQ, 0);
5272
5273 /*
5274 * Arrange that all subsequent tests assume LANE
5275 * rather than LLC-encapsulated packets, and set
5276 * the offsets appropriately for LANE-encapsulated
5277 * Ethernet.
5278 *
5279 * "off_mac" is the offset of the Ethernet header,
5280 * which is 2 bytes past the ATM pseudo-header
5281 * (skipping the pseudo-header and 2-byte LE Client
5282 * field). The other offsets are Ethernet offsets
5283 * relative to "off_mac".
5284 */
5285 is_lane = 1;
5286 off_mac = off_payload + 2; /* MAC header */
5287 off_linktype = off_mac + 12;
5288 off_nl = off_mac + 14; /* Ethernet II */
5289 off_nl_nosnap = off_mac + 17; /* 802.3+802.2 */
5290 break;
5291
5292 case A_LLC:
5293 /* Get all LLC-encapsulated packets */
5294 if (!is_atm)
5295 bpf_error("'llc' supported only on raw ATM");
5296 b1 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0);
5297 is_lane = 0;
5298 break;
5299
5300 default:
5301 abort();
5302 }
5303 return b1;
5304 }
5305
5306
5307 static struct block *
5308 gen_msg_abbrev(type)
5309 int type;
5310 {
5311 struct block *b1;
5312
5313 /*
5314 * Q.2931 signalling protocol messages for handling virtual circuits
5315 * establishment and teardown
5316 */
5317 switch (type) {
5318
5319 case A_SETUP:
5320 b1 = gen_atmfield_code(A_MSGTYPE, SETUP, BPF_JEQ, 0);
5321 break;
5322
5323 case A_CALLPROCEED:
5324 b1 = gen_atmfield_code(A_MSGTYPE, CALL_PROCEED, BPF_JEQ, 0);
5325 break;
5326
5327 case A_CONNECT:
5328 b1 = gen_atmfield_code(A_MSGTYPE, CONNECT, BPF_JEQ, 0);
5329 break;
5330
5331 case A_CONNECTACK:
5332 b1 = gen_atmfield_code(A_MSGTYPE, CONNECT_ACK, BPF_JEQ, 0);
5333 break;
5334
5335 case A_RELEASE:
5336 b1 = gen_atmfield_code(A_MSGTYPE, RELEASE, BPF_JEQ, 0);
5337 break;
5338
5339 case A_RELEASE_DONE:
5340 b1 = gen_atmfield_code(A_MSGTYPE, RELEASE_DONE, BPF_JEQ, 0);
5341 break;
5342
5343 default:
5344 abort();
5345 }
5346 return b1;
5347 }
5348
5349 struct block *
5350 gen_atmmulti_abbrev(type)
5351 int type;
5352 {
5353 struct block *b0, *b1;
5354
5355 switch (type) {
5356
5357 case A_OAM:
5358 if (!is_atm)
5359 bpf_error("'oam' supported only on raw ATM");
5360 b1 = gen_atmmulti_abbrev(A_OAMF4);
5361 break;
5362
5363 case A_OAMF4:
5364 if (!is_atm)
5365 bpf_error("'oamf4' supported only on raw ATM");
5366 /* OAM F4 type */
5367 b0 = gen_atmfield_code(A_VCI, 3, BPF_JEQ, 0);
5368 b1 = gen_atmfield_code(A_VCI, 4, BPF_JEQ, 0);
5369 gen_or(b0, b1);
5370 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5371 gen_and(b0, b1);
5372 break;
5373
5374 case A_CONNECTMSG:
5375 /*
5376 * Get Q.2931 signalling messages for switched
5377 * virtual connection
5378 */
5379 if (!is_atm)
5380 bpf_error("'connectmsg' supported only on raw ATM");
5381 b0 = gen_msg_abbrev(A_SETUP);
5382 b1 = gen_msg_abbrev(A_CALLPROCEED);
5383 gen_or(b0, b1);
5384 b0 = gen_msg_abbrev(A_CONNECT);
5385 gen_or(b0, b1);
5386 b0 = gen_msg_abbrev(A_CONNECTACK);
5387 gen_or(b0, b1);
5388 b0 = gen_msg_abbrev(A_RELEASE);
5389 gen_or(b0, b1);
5390 b0 = gen_msg_abbrev(A_RELEASE_DONE);
5391 gen_or(b0, b1);
5392 b0 = gen_atmtype_abbrev(A_SC);
5393 gen_and(b0, b1);
5394 break;
5395
5396 case A_METACONNECT:
5397 if (!is_atm)
5398 bpf_error("'metaconnect' supported only on raw ATM");
5399 b0 = gen_msg_abbrev(A_SETUP);
5400 b1 = gen_msg_abbrev(A_CALLPROCEED);
5401 gen_or(b0, b1);
5402 b0 = gen_msg_abbrev(A_CONNECT);
5403 gen_or(b0, b1);
5404 b0 = gen_msg_abbrev(A_RELEASE);
5405 gen_or(b0, b1);
5406 b0 = gen_msg_abbrev(A_RELEASE_DONE);
5407 gen_or(b0, b1);
5408 b0 = gen_atmtype_abbrev(A_METAC);
5409 gen_and(b0, b1);
5410 break;
5411
5412 default:
5413 abort();
5414 }
5415 return b1;
5416 }
[mirror] the LIBpcap interface to various kernel packet capture mechanism