]> The Tcpdump Group git mirrors - libpcap/blob - gencode.c
projects / libpcap / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
From Patrick Marie <[email protected]>: add support for port ranges
[libpcap] / gencode.c
1 /*#define CHASE_CHAIN*/
2 /*
3 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998
4 * The Regents of the University of California. All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that: (1) source code distributions
8 * retain the above copyright notice and this paragraph in its entirety, (2)
9 * distributions including binary code include the above copyright notice and
10 * this paragraph in its entirety in the documentation or other materials
11 * provided with the distribution, and (3) all advertising materials mentioning
12 * features or use of this software display the following acknowledgement:
13 * ``This product includes software developed by the University of California,
14 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
15 * the University nor the names of its contributors may be used to endorse
16 * or promote products derived from this software without specific prior
17 * written permission.
18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
19 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
20 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
21 */
22 #ifndef lint
23 static const char rcsid[] _U_ =
24 "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.231 2005-04-19 04:25:00 guy Exp $ (LBL)";
25 #endif
26
27 #ifdef HAVE_CONFIG_H
28 #include "config.h"
29 #endif
30
31 #ifdef WIN32
32 #include <pcap-stdinc.h>
33 #else /* WIN32 */
34 #include <sys/types.h>
35 #include <sys/socket.h>
36 #endif /* WIN32 */
37
38 /*
39 * XXX - why was this included even on UNIX?
40 */
41 #ifdef __MINGW32__
42 #include "IP6_misc.h"
43 #endif
44
45 #ifndef WIN32
46
47 #ifdef __NetBSD__
48 #include <sys/param.h>
49 #endif
50
51 #include <netinet/in.h>
52
53 #endif /* WIN32 */
54
55 #include <stdlib.h>
56 #include <string.h>
57 #include <memory.h>
58 #include <setjmp.h>
59 #include <stdarg.h>
60
61 #ifdef MSDOS
62 #include "pcap-dos.h"
63 #endif
64
65 #include "pcap-int.h"
66
67 #include "ethertype.h"
68 #include "nlpid.h"
69 #include "llc.h"
70 #include "gencode.h"
71 #include "atmuni31.h"
72 #include "sunatmpos.h"
73 #include "ppp.h"
74 #include "sll.h"
75 #include "arcnet.h"
76 #include "pf.h"
77 #ifndef offsetof
78 #define offsetof(s, e) ((size_t)&((s *)0)->e)
79 #endif
80 #ifdef INET6
81 #ifndef WIN32
82 #include <netdb.h> /* for "struct addrinfo" */
83 #endif /* WIN32 */
84 #endif /*INET6*/
85 #include <pcap-namedb.h>
86
87 #define ETHERMTU 1500
88
89 #ifndef IPPROTO_SCTP
90 #define IPPROTO_SCTP 132
91 #endif
92
93 #ifdef HAVE_OS_PROTO_H
94 #include "os-proto.h"
95 #endif
96
97 #define JMP(c) ((c)|BPF_JMP|BPF_K)
98
99 /* Locals */
100 static jmp_buf top_ctx;
101 static pcap_t *bpf_pcap;
102
103 /* Hack for updating VLAN, MPLS offsets. */
104 static u_int orig_linktype = -1U, orig_nl = -1U, orig_nl_nosnap = -1U;
105
106 /* XXX */
107 #ifdef PCAP_FDDIPAD
108 static int pcap_fddipad;
109 #endif
110
111 void bpf_error(const char *fmt, ...) __attribute__((noreturn));
112
113 /* VARARGS */
114 void
115 bpf_error(const char *fmt, ...)
116 {
117 va_list ap;
118
119 va_start(ap, fmt);
120 if (bpf_pcap != NULL)
121 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE,
122 fmt, ap);
123 va_end(ap);
124 longjmp(top_ctx, 1);
125 /* NOTREACHED */
126 }
127
128 static void init_linktype(pcap_t *);
129
130 static int alloc_reg(void);
131 static void free_reg(int);
132
133 static struct block *root;
134
135 /*
136 * We divy out chunks of memory rather than call malloc each time so
137 * we don't have to worry about leaking memory. It's probably
138 * not a big deal if all this memory was wasted but if this ever
139 * goes into a library that would probably not be a good idea.
140 *
141 * XXX - this *is* in a library....
142 */
143 #define NCHUNKS 16
144 #define CHUNK0SIZE 1024
145 struct chunk {
146 u_int n_left;
147 void *m;
148 };
149
150 static struct chunk chunks[NCHUNKS];
151 static int cur_chunk;
152
153 static void *newchunk(u_int);
154 static void freechunks(void);
155 static inline struct block *new_block(int);
156 static inline struct slist *new_stmt(int);
157 static struct block *gen_retblk(int);
158 static inline void syntax(void);
159
160 static void backpatch(struct block *, struct block *);
161 static void merge(struct block *, struct block *);
162 static struct block *gen_cmp(u_int, u_int, bpf_int32);
163 static struct block *gen_cmp_gt(u_int, u_int, bpf_int32);
164 static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32);
165 static struct block *gen_bcmp(u_int, u_int, const u_char *);
166 static struct block *gen_ncmp(bpf_u_int32, bpf_u_int32, bpf_u_int32,
167 bpf_u_int32, bpf_u_int32, int);
168 static struct block *gen_uncond(int);
169 static inline struct block *gen_true(void);
170 static inline struct block *gen_false(void);
171 static struct block *gen_ether_linktype(int);
172 static struct block *gen_linux_sll_linktype(int);
173 static struct block *gen_linktype(int);
174 static struct block *gen_snap(bpf_u_int32, bpf_u_int32, u_int);
175 static struct block *gen_llc_linktype(int);
176 static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int);
177 #ifdef INET6
178 static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int);
179 #endif
180 static struct block *gen_ahostop(const u_char *, int);
181 static struct block *gen_ehostop(const u_char *, int);
182 static struct block *gen_fhostop(const u_char *, int);
183 static struct block *gen_thostop(const u_char *, int);
184 static struct block *gen_wlanhostop(const u_char *, int);
185 static struct block *gen_ipfchostop(const u_char *, int);
186 static struct block *gen_dnhostop(bpf_u_int32, int, u_int);
187 static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int);
188 #ifdef INET6
189 static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int);
190 #endif
191 #ifndef INET6
192 static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int);
193 #endif
194 static struct block *gen_ipfrag(void);
195 static struct block *gen_portatom(int, bpf_int32);
196 static struct block *gen_portrangeatom(int, bpf_int32, bpf_int32);
197 #ifdef INET6
198 static struct block *gen_portatom6(int, bpf_int32);
199 static struct block *gen_portrangeatom6(int, bpf_int32, bpf_int32);
200 #endif
201 struct block *gen_portop(int, int, int);
202 static struct block *gen_port(int, int, int);
203 struct block *gen_portrangeop(int, int, int, int);
204 static struct block *gen_portrange(int, int, int, int);
205 #ifdef INET6
206 struct block *gen_portop6(int, int, int);
207 static struct block *gen_port6(int, int, int);
208 struct block *gen_portrangeop6(int, int, int, int);
209 static struct block *gen_portrange6(int, int, int, int);
210 #endif
211 static int lookup_proto(const char *, int);
212 static struct block *gen_protochain(int, int, int);
213 static struct block *gen_proto(int, int, int);
214 static struct slist *xfer_to_x(struct arth *);
215 static struct slist *xfer_to_a(struct arth *);
216 static struct block *gen_mac_multicast(int);
217 static struct block *gen_len(int, int);
218
219 static struct block *gen_msg_abbrev(int type);
220
221 static void *
222 newchunk(n)
223 u_int n;
224 {
225 struct chunk *cp;
226 int k;
227 size_t size;
228
229 #ifndef __NetBSD__
230 /* XXX Round up to nearest long. */
231 n = (n + sizeof(long) - 1) & ~(sizeof(long) - 1);
232 #else
233 /* XXX Round up to structure boundary. */
234 n = ALIGN(n);
235 #endif
236
237 cp = &chunks[cur_chunk];
238 if (n > cp->n_left) {
239 ++cp, k = ++cur_chunk;
240 if (k >= NCHUNKS)
241 bpf_error("out of memory");
242 size = CHUNK0SIZE << k;
243 cp->m = (void *)malloc(size);
244 if (cp->m == NULL)
245 bpf_error("out of memory");
246 memset((char *)cp->m, 0, size);
247 cp->n_left = size;
248 if (n > size)
249 bpf_error("out of memory");
250 }
251 cp->n_left -= n;
252 return (void *)((char *)cp->m + cp->n_left);
253 }
254
255 static void
256 freechunks()
257 {
258 int i;
259
260 cur_chunk = 0;
261 for (i = 0; i < NCHUNKS; ++i)
262 if (chunks[i].m != NULL) {
263 free(chunks[i].m);
264 chunks[i].m = NULL;
265 }
266 }
267
268 /*
269 * A strdup whose allocations are freed after code generation is over.
270 */
271 char *
272 sdup(s)
273 register const char *s;
274 {
275 int n = strlen(s) + 1;
276 char *cp = newchunk(n);
277
278 strlcpy(cp, s, n);
279 return (cp);
280 }
281
282 static inline struct block *
283 new_block(code)
284 int code;
285 {
286 struct block *p;
287
288 p = (struct block *)newchunk(sizeof(*p));
289 p->s.code = code;
290 p->head = p;
291
292 return p;
293 }
294
295 static inline struct slist *
296 new_stmt(code)
297 int code;
298 {
299 struct slist *p;
300
301 p = (struct slist *)newchunk(sizeof(*p));
302 p->s.code = code;
303
304 return p;
305 }
306
307 static struct block *
308 gen_retblk(v)
309 int v;
310 {
311 struct block *b = new_block(BPF_RET|BPF_K);
312
313 b->s.k = v;
314 return b;
315 }
316
317 static inline void
318 syntax()
319 {
320 bpf_error("syntax error in filter expression");
321 }
322
323 static bpf_u_int32 netmask;
324 static int snaplen;
325 int no_optimize;
326
327 int
328 pcap_compile(pcap_t *p, struct bpf_program *program,
329 char *buf, int optimize, bpf_u_int32 mask)
330 {
331 extern int n_errors;
332 int len;
333
334 no_optimize = 0;
335 n_errors = 0;
336 root = NULL;
337 bpf_pcap = p;
338 if (setjmp(top_ctx)) {
339 lex_cleanup();
340 freechunks();
341 return (-1);
342 }
343
344 netmask = mask;
345
346 snaplen = pcap_snapshot(p);
347 if (snaplen == 0) {
348 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
349 "snaplen of 0 rejects all packets");
350 return -1;
351 }
352
353 lex_init(buf ? buf : "");
354 init_linktype(p);
355 (void)pcap_parse();
356
357 if (n_errors)
358 syntax();
359
360 if (root == NULL)
361 root = gen_retblk(snaplen);
362
363 if (optimize && !no_optimize) {
364 bpf_optimize(&root);
365 if (root == NULL ||
366 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0))
367 bpf_error("expression rejects all packets");
368 }
369 program->bf_insns = icode_to_fcode(root, &len);
370 program->bf_len = len;
371
372 lex_cleanup();
373 freechunks();
374 return (0);
375 }
376
377 /*
378 * entry point for using the compiler with no pcap open
379 * pass in all the stuff that is needed explicitly instead.
380 */
381 int
382 pcap_compile_nopcap(int snaplen_arg, int linktype_arg,
383 struct bpf_program *program,
384 char *buf, int optimize, bpf_u_int32 mask)
385 {
386 pcap_t *p;
387 int ret;
388
389 p = pcap_open_dead(linktype_arg, snaplen_arg);
390 if (p == NULL)
391 return (-1);
392 ret = pcap_compile(p, program, buf, optimize, mask);
393 pcap_close(p);
394 return (ret);
395 }
396
397 /*
398 * Clean up a "struct bpf_program" by freeing all the memory allocated
399 * in it.
400 */
401 void
402 pcap_freecode(struct bpf_program *program)
403 {
404 program->bf_len = 0;
405 if (program->bf_insns != NULL) {
406 free((char *)program->bf_insns);
407 program->bf_insns = NULL;
408 }
409 }
410
411 /*
412 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates
413 * which of the jt and jf fields has been resolved and which is a pointer
414 * back to another unresolved block (or nil). At least one of the fields
415 * in each block is already resolved.
416 */
417 static void
418 backpatch(list, target)
419 struct block *list, *target;
420 {
421 struct block *next;
422
423 while (list) {
424 if (!list->sense) {
425 next = JT(list);
426 JT(list) = target;
427 } else {
428 next = JF(list);
429 JF(list) = target;
430 }
431 list = next;
432 }
433 }
434
435 /*
436 * Merge the lists in b0 and b1, using the 'sense' field to indicate
437 * which of jt and jf is the link.
438 */
439 static void
440 merge(b0, b1)
441 struct block *b0, *b1;
442 {
443 register struct block **p = &b0;
444
445 /* Find end of list. */
446 while (*p)
447 p = !((*p)->sense) ? &JT(*p) : &JF(*p);
448
449 /* Concatenate the lists. */
450 *p = b1;
451 }
452
453 void
454 finish_parse(p)
455 struct block *p;
456 {
457 backpatch(p, gen_retblk(snaplen));
458 p->sense = !p->sense;
459 backpatch(p, gen_retblk(0));
460 root = p->head;
461 }
462
463 void
464 gen_and(b0, b1)
465 struct block *b0, *b1;
466 {
467 backpatch(b0, b1->head);
468 b0->sense = !b0->sense;
469 b1->sense = !b1->sense;
470 merge(b1, b0);
471 b1->sense = !b1->sense;
472 b1->head = b0->head;
473 }
474
475 void
476 gen_or(b0, b1)
477 struct block *b0, *b1;
478 {
479 b0->sense = !b0->sense;
480 backpatch(b0, b1->head);
481 b0->sense = !b0->sense;
482 merge(b1, b0);
483 b1->head = b0->head;
484 }
485
486 void
487 gen_not(b)
488 struct block *b;
489 {
490 b->sense = !b->sense;
491 }
492
493 static struct block *
494 gen_cmp(offset, size, v)
495 u_int offset, size;
496 bpf_int32 v;
497 {
498 struct slist *s;
499 struct block *b;
500
501 s = new_stmt(BPF_LD|BPF_ABS|size);
502 s->s.k = offset;
503
504 b = new_block(JMP(BPF_JEQ));
505 b->stmts = s;
506 b->s.k = v;
507
508 return b;
509 }
510
511 static struct block *
512 gen_cmp_gt(offset, size, v)
513 u_int offset, size;
514 bpf_int32 v;
515 {
516 struct slist *s;
517 struct block *b;
518
519 s = new_stmt(BPF_LD|BPF_ABS|size);
520 s->s.k = offset;
521
522 b = new_block(JMP(BPF_JGT));
523 b->stmts = s;
524 b->s.k = v;
525
526 return b;
527 }
528
529 static struct block *
530 gen_mcmp(offset, size, v, mask)
531 u_int offset, size;
532 bpf_int32 v;
533 bpf_u_int32 mask;
534 {
535 struct block *b = gen_cmp(offset, size, v);
536 struct slist *s;
537
538 if (mask != 0xffffffff) {
539 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
540 s->s.k = mask;
541 b->stmts->next = s;
542 }
543 return b;
544 }
545
546 static struct block *
547 gen_bcmp(offset, size, v)
548 register u_int offset, size;
549 register const u_char *v;
550 {
551 register struct block *b, *tmp;
552
553 b = NULL;
554 while (size >= 4) {
555 register const u_char *p = &v[size - 4];
556 bpf_int32 w = ((bpf_int32)p[0] << 24) |
557 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3];
558
559 tmp = gen_cmp(offset + size - 4, BPF_W, w);
560 if (b != NULL)
561 gen_and(b, tmp);
562 b = tmp;
563 size -= 4;
564 }
565 while (size >= 2) {
566 register const u_char *p = &v[size - 2];
567 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1];
568
569 tmp = gen_cmp(offset + size - 2, BPF_H, w);
570 if (b != NULL)
571 gen_and(b, tmp);
572 b = tmp;
573 size -= 2;
574 }
575 if (size > 0) {
576 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]);
577 if (b != NULL)
578 gen_and(b, tmp);
579 b = tmp;
580 }
581 return b;
582 }
583
584 static struct block *
585 gen_ncmp(datasize, offset, mask, jtype, jvalue, reverse)
586 bpf_u_int32 datasize, offset, mask, jtype, jvalue;
587 int reverse;
588 {
589 struct slist *s;
590 struct block *b;
591
592 s = new_stmt(BPF_LD|datasize|BPF_ABS);
593 s->s.k = offset;
594
595 if (mask != 0xffffffff) {
596 s->next = new_stmt(BPF_ALU|BPF_AND|BPF_K);
597 s->next->s.k = mask;
598 }
599
600 b = new_block(JMP(jtype));
601 b->stmts = s;
602 b->s.k = jvalue;
603 if (reverse && (jtype == BPF_JGT || jtype == BPF_JGE))
604 gen_not(b);
605 return b;
606 }
607
608 /*
609 * Various code constructs need to know the layout of the data link
610 * layer. These variables give the necessary offsets.
611 */
612
613 /*
614 * This is the offset of the beginning of the MAC-layer header.
615 * It's usually 0, except for ATM LANE.
616 */
617 static u_int off_mac;
618
619 /*
620 * "off_linktype" is the offset to information in the link-layer header
621 * giving the packet type.
622 *
623 * For Ethernet, it's the offset of the Ethernet type field.
624 *
625 * For link-layer types that always use 802.2 headers, it's the
626 * offset of the LLC header.
627 *
628 * For PPP, it's the offset of the PPP type field.
629 *
630 * For Cisco HDLC, it's the offset of the CHDLC type field.
631 *
632 * For BSD loopback, it's the offset of the AF_ value.
633 *
634 * For Linux cooked sockets, it's the offset of the type field.
635 *
636 * It's set to -1 for no encapsulation, in which case, IP is assumed.
637 */
638 static u_int off_linktype;
639
640 /*
641 * TRUE if the link layer includes an ATM pseudo-header.
642 */
643 static int is_atm = 0;
644
645 /*
646 * TRUE if "lane" appeared in the filter; it causes us to generate
647 * code that assumes LANE rather than LLC-encapsulated traffic in SunATM.
648 */
649 static int is_lane = 0;
650
651 /*
652 * These are offsets for the ATM pseudo-header.
653 */
654 static u_int off_vpi;
655 static u_int off_vci;
656 static u_int off_proto;
657
658 /*
659 * This is the offset of the first byte after the ATM pseudo_header,
660 * or -1 if there is no ATM pseudo-header.
661 */
662 static u_int off_payload;
663
664 /*
665 * These are offsets to the beginning of the network-layer header.
666 *
667 * If the link layer never uses 802.2 LLC:
668 *
669 * "off_nl" and "off_nl_nosnap" are the same.
670 *
671 * If the link layer always uses 802.2 LLC:
672 *
673 * "off_nl" is the offset if there's a SNAP header following
674 * the 802.2 header;
675 *
676 * "off_nl_nosnap" is the offset if there's no SNAP header.
677 *
678 * If the link layer is Ethernet:
679 *
680 * "off_nl" is the offset if the packet is an Ethernet II packet
681 * (we assume no 802.3+802.2+SNAP);
682 *
683 * "off_nl_nosnap" is the offset if the packet is an 802.3 packet
684 * with an 802.2 header following it.
685 */
686 static u_int off_nl;
687 static u_int off_nl_nosnap;
688
689 static int linktype;
690
691 static void
692 init_linktype(p)
693 pcap_t *p;
694 {
695 linktype = pcap_datalink(p);
696 #ifdef PCAP_FDDIPAD
697 pcap_fddipad = p->fddipad;
698 #endif
699
700 /*
701 * Assume it's not raw ATM with a pseudo-header, for now.
702 */
703 off_mac = 0;
704 is_atm = 0;
705 is_lane = 0;
706 off_vpi = -1;
707 off_vci = -1;
708 off_proto = -1;
709 off_payload = -1;
710
711 orig_linktype = -1;
712 orig_nl = -1;
713 orig_nl_nosnap = -1;
714
715 switch (linktype) {
716
717 case DLT_ARCNET:
718 off_linktype = 2;
719 off_nl = 6; /* XXX in reality, variable! */
720 off_nl_nosnap = 6; /* no 802.2 LLC */
721 return;
722
723 case DLT_ARCNET_LINUX:
724 off_linktype = 4;
725 off_nl = 8; /* XXX in reality, variable! */
726 off_nl_nosnap = 8; /* no 802.2 LLC */
727 return;
728
729 case DLT_EN10MB:
730 off_linktype = 12;
731 off_nl = 14; /* Ethernet II */
732 off_nl_nosnap = 17; /* 802.3+802.2 */
733 return;
734
735 case DLT_SLIP:
736 /*
737 * SLIP doesn't have a link level type. The 16 byte
738 * header is hacked into our SLIP driver.
739 */
740 off_linktype = -1;
741 off_nl = 16;
742 off_nl_nosnap = 16; /* no 802.2 LLC */
743 return;
744
745 case DLT_SLIP_BSDOS:
746 /* XXX this may be the same as the DLT_PPP_BSDOS case */
747 off_linktype = -1;
748 /* XXX end */
749 off_nl = 24;
750 off_nl_nosnap = 24; /* no 802.2 LLC */
751 return;
752
753 case DLT_NULL:
754 case DLT_LOOP:
755 off_linktype = 0;
756 off_nl = 4;
757 off_nl_nosnap = 4; /* no 802.2 LLC */
758 return;
759
760 case DLT_ENC:
761 off_linktype = 0;
762 off_nl = 12;
763 off_nl_nosnap = 12; /* no 802.2 LLC */
764 return;
765
766 case DLT_PPP:
767 case DLT_PPP_PPPD:
768 case DLT_C_HDLC: /* BSD/OS Cisco HDLC */
769 case DLT_PPP_SERIAL: /* NetBSD sync/async serial PPP */
770 off_linktype = 2;
771 off_nl = 4;
772 off_nl_nosnap = 4; /* no 802.2 LLC */
773 return;
774
775 case DLT_PPP_ETHER:
776 /*
777 * This does no include the Ethernet header, and
778 * only covers session state.
779 */
780 off_linktype = 6;
781 off_nl = 8;
782 off_nl_nosnap = 8; /* no 802.2 LLC */
783 return;
784
785 case DLT_PPP_BSDOS:
786 off_linktype = 5;
787 off_nl = 24;
788 off_nl_nosnap = 24; /* no 802.2 LLC */
789 return;
790
791 case DLT_FDDI:
792 /*
793 * FDDI doesn't really have a link-level type field.
794 * We set "off_linktype" to the offset of the LLC header.
795 *
796 * To check for Ethernet types, we assume that SSAP = SNAP
797 * is being used and pick out the encapsulated Ethernet type.
798 * XXX - should we generate code to check for SNAP?
799 */
800 off_linktype = 13;
801 #ifdef PCAP_FDDIPAD
802 off_linktype += pcap_fddipad;
803 #endif
804 off_nl = 21; /* FDDI+802.2+SNAP */
805 off_nl_nosnap = 16; /* FDDI+802.2 */
806 #ifdef PCAP_FDDIPAD
807 off_nl += pcap_fddipad;
808 off_nl_nosnap += pcap_fddipad;
809 #endif
810 return;
811
812 case DLT_IEEE802:
813 /*
814 * Token Ring doesn't really have a link-level type field.
815 * We set "off_linktype" to the offset of the LLC header.
816 *
817 * To check for Ethernet types, we assume that SSAP = SNAP
818 * is being used and pick out the encapsulated Ethernet type.
819 * XXX - should we generate code to check for SNAP?
820 *
821 * XXX - the header is actually variable-length.
822 * Some various Linux patched versions gave 38
823 * as "off_linktype" and 40 as "off_nl"; however,
824 * if a token ring packet has *no* routing
825 * information, i.e. is not source-routed, the correct
826 * values are 20 and 22, as they are in the vanilla code.
827 *
828 * A packet is source-routed iff the uppermost bit
829 * of the first byte of the source address, at an
830 * offset of 8, has the uppermost bit set. If the
831 * packet is source-routed, the total number of bytes
832 * of routing information is 2 plus bits 0x1F00 of
833 * the 16-bit value at an offset of 14 (shifted right
834 * 8 - figure out which byte that is).
835 */
836 off_linktype = 14;
837 off_nl = 22; /* Token Ring+802.2+SNAP */
838 off_nl_nosnap = 17; /* Token Ring+802.2 */
839 return;
840
841 case DLT_IEEE802_11:
842 /*
843 * 802.11 doesn't really have a link-level type field.
844 * We set "off_linktype" to the offset of the LLC header.
845 *
846 * To check for Ethernet types, we assume that SSAP = SNAP
847 * is being used and pick out the encapsulated Ethernet type.
848 * XXX - should we generate code to check for SNAP?
849 *
850 * XXX - the header is actually variable-length. We
851 * assume a 24-byte link-layer header, as appears in
852 * data frames in networks with no bridges. If the
853 * fromds and tods 802.11 header bits are both set,
854 * it's actually supposed to be 30 bytes.
855 */
856 off_linktype = 24;
857 off_nl = 32; /* 802.11+802.2+SNAP */
858 off_nl_nosnap = 27; /* 802.11+802.2 */
859 return;
860
861 case DLT_PRISM_HEADER:
862 /*
863 * Same as 802.11, but with an additional header before
864 * the 802.11 header, containing a bunch of additional
865 * information including radio-level information.
866 *
867 * The header is 144 bytes long.
868 *
869 * XXX - same variable-length header problem; at least
870 * the Prism header is fixed-length.
871 */
872 off_linktype = 144+24;
873 off_nl = 144+32; /* Prism+802.11+802.2+SNAP */
874 off_nl_nosnap = 144+27; /* Prism+802.11+802.2 */
875 return;
876
877 case DLT_IEEE802_11_RADIO_AVS:
878 /*
879 * Same as 802.11, but with an additional header before
880 * the 802.11 header, containing a bunch of additional
881 * information including radio-level information.
882 *
883 * The header is 64 bytes long, at least in its
884 * current incarnation.
885 *
886 * XXX - same variable-length header problem, only
887 * more so; this header is also variable-length,
888 * with the length being the 32-bit big-endian
889 * number at an offset of 4 from the beginning
890 * of the radio header.
891 */
892 off_linktype = 64+24;
893 off_nl = 64+32; /* Radio+802.11+802.2+SNAP */
894 off_nl_nosnap = 64+27; /* Radio+802.11+802.2 */
895 return;
896
897 case DLT_IEEE802_11_RADIO:
898 /*
899 * Same as 802.11, but with an additional header before
900 * the 802.11 header, containing a bunch of additional
901 * information including radio-level information.
902 *
903 * XXX - same variable-length header problem, only
904 * even *more* so; this header is also variable-length,
905 * with the length being the 16-bit number at an offset
906 * of 2 from the beginning of the radio header, and it's
907 * device-dependent (different devices might supply
908 * different amounts of information), so we can't even
909 * assume a fixed length for the current version of the
910 * header.
911 *
912 * Therefore, currently, only raw "link[N:M]" filtering is
913 * supported.
914 */
915 off_linktype = -1;
916 off_nl = -1;
917 off_nl_nosnap = -1;
918 return;
919
920 case DLT_ATM_RFC1483:
921 case DLT_ATM_CLIP: /* Linux ATM defines this */
922 /*
923 * assume routed, non-ISO PDUs
924 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00)
925 */
926 off_linktype = 0;
927 off_nl = 8; /* 802.2+SNAP */
928 off_nl_nosnap = 3; /* 802.2 */
929 return;
930
931 case DLT_SUNATM:
932 /*
933 * Full Frontal ATM; you get AALn PDUs with an ATM
934 * pseudo-header.
935 */
936 is_atm = 1;
937 off_vpi = SUNATM_VPI_POS;
938 off_vci = SUNATM_VCI_POS;
939 off_proto = PROTO_POS;
940 off_mac = -1; /* LLC-encapsulated, so no MAC-layer header */
941 off_payload = SUNATM_PKT_BEGIN_POS;
942 off_linktype = off_payload;
943 off_nl = off_payload+8; /* 802.2+SNAP */
944 off_nl_nosnap = off_payload+3; /* 802.2 */
945 return;
946
947 case DLT_RAW:
948 off_linktype = -1;
949 off_nl = 0;
950 off_nl_nosnap = 0; /* no 802.2 LLC */
951 return;
952
953 case DLT_LINUX_SLL: /* fake header for Linux cooked socket */
954 off_linktype = 14;
955 off_nl = 16;
956 off_nl_nosnap = 16; /* no 802.2 LLC */
957 return;
958
959 case DLT_LTALK:
960 /*
961 * LocalTalk does have a 1-byte type field in the LLAP header,
962 * but really it just indicates whether there is a "short" or
963 * "long" DDP packet following.
964 */
965 off_linktype = -1;
966 off_nl = 0;
967 off_nl_nosnap = 0; /* no 802.2 LLC */
968 return;
969
970 case DLT_IP_OVER_FC:
971 /*
972 * RFC 2625 IP-over-Fibre-Channel doesn't really have a
973 * link-level type field. We set "off_linktype" to the
974 * offset of the LLC header.
975 *
976 * To check for Ethernet types, we assume that SSAP = SNAP
977 * is being used and pick out the encapsulated Ethernet type.
978 * XXX - should we generate code to check for SNAP? RFC
979 * 2625 says SNAP should be used.
980 */
981 off_linktype = 16;
982 off_nl = 24; /* IPFC+802.2+SNAP */
983 off_nl_nosnap = 19; /* IPFC+802.2 */
984 return;
985
986 case DLT_FRELAY:
987 /*
988 * XXX - we should set this to handle SNAP-encapsulated
989 * frames (NLPID of 0x80).
990 */
991 off_linktype = -1;
992 off_nl = 0;
993 off_nl_nosnap = 0; /* no 802.2 LLC */
994 return;
995
996 case DLT_APPLE_IP_OVER_IEEE1394:
997 off_linktype = 16;
998 off_nl = 18;
999 off_nl_nosnap = 18; /* no 802.2 LLC */
1000 return;
1001
1002 case DLT_LINUX_IRDA:
1003 /*
1004 * Currently, only raw "link[N:M]" filtering is supported.
1005 */
1006 off_linktype = -1;
1007 off_nl = -1;
1008 off_nl_nosnap = -1;
1009 return;
1010
1011 case DLT_DOCSIS:
1012 /*
1013 * Currently, only raw "link[N:M]" filtering is supported.
1014 */
1015 off_linktype = -1;
1016 off_nl = -1;
1017 off_nl_nosnap = -1;
1018 return;
1019
1020 case DLT_SYMANTEC_FIREWALL:
1021 off_linktype = 6;
1022 off_nl = 44; /* Ethernet II */
1023 off_nl_nosnap = 44; /* XXX - what does it do with 802.3 packets? */
1024 return;
1025
1026 case DLT_PFLOG:
1027 off_linktype = 0;
1028 /* XXX read this from pf.h? */
1029 off_nl = PFLOG_HDRLEN;
1030 off_nl_nosnap = PFLOG_HDRLEN; /* no 802.2 LLC */
1031 return;
1032
1033 case DLT_JUNIPER_MLFR:
1034 case DLT_JUNIPER_MLPPP:
1035 off_linktype = 4;
1036 off_nl = 4;
1037 off_nl_nosnap = -1; /* no 802.2 LLC */
1038 return;
1039
1040 case DLT_JUNIPER_ATM1:
1041 off_linktype = 4; /* in reality variable between 4-8 */
1042 off_nl = 4;
1043 off_nl_nosnap = 14;
1044 return;
1045
1046 case DLT_JUNIPER_ATM2:
1047 off_linktype = 8; /* in reality variable between 8-12 */
1048 off_nl = 8;
1049 off_nl_nosnap = 18;
1050 return;
1051
1052 #ifdef DLT_PFSYNC
1053 case DLT_PFSYNC:
1054 off_linktype = -1;
1055 off_nl = 4;
1056 off_nl_nosnap = 4;
1057 return;
1058 #endif
1059
1060 case DLT_LINUX_LAPD:
1061 /*
1062 * Currently, only raw "link[N:M]" filtering is supported.
1063 */
1064 off_linktype = -1;
1065 off_nl = -1;
1066 off_nl_nosnap = -1;
1067 return;
1068 }
1069 bpf_error("unknown data link type %d", linktype);
1070 /* NOTREACHED */
1071 }
1072
1073 static struct block *
1074 gen_uncond(rsense)
1075 int rsense;
1076 {
1077 struct block *b;
1078 struct slist *s;
1079
1080 s = new_stmt(BPF_LD|BPF_IMM);
1081 s->s.k = !rsense;
1082 b = new_block(JMP(BPF_JEQ));
1083 b->stmts = s;
1084
1085 return b;
1086 }
1087
1088 static inline struct block *
1089 gen_true()
1090 {
1091 return gen_uncond(1);
1092 }
1093
1094 static inline struct block *
1095 gen_false()
1096 {
1097 return gen_uncond(0);
1098 }
1099
1100 /*
1101 * Byte-swap a 32-bit number.
1102 * ("htonl()" or "ntohl()" won't work - we want to byte-swap even on
1103 * big-endian platforms.)
1104 */
1105 #define SWAPLONG(y) \
1106 ((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff))
1107
1108 /*
1109 * Generate code to match a particular packet type.
1110 *
1111 * "proto" is an Ethernet type value, if > ETHERMTU, or an LLC SAP
1112 * value, if <= ETHERMTU. We use that to determine whether to
1113 * match the type/length field or to check the type/length field for
1114 * a value <= ETHERMTU to see whether it's a type field and then do
1115 * the appropriate test.
1116 */
1117 static struct block *
1118 gen_ether_linktype(proto)
1119 register int proto;
1120 {
1121 struct block *b0, *b1;
1122
1123 switch (proto) {
1124
1125 case LLCSAP_ISONS:
1126 case LLCSAP_IP:
1127 case LLCSAP_NETBEUI:
1128 /*
1129 * OSI protocols and NetBEUI always use 802.2 encapsulation,
1130 * so we check the DSAP and SSAP.
1131 *
1132 * LLCSAP_IP checks for IP-over-802.2, rather
1133 * than IP-over-Ethernet or IP-over-SNAP.
1134 *
1135 * XXX - should we check both the DSAP and the
1136 * SSAP, like this, or should we check just the
1137 * DSAP, as we do for other types <= ETHERMTU
1138 * (i.e., other SAP values)?
1139 */
1140 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1141 gen_not(b0);
1142 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1143 ((proto << 8) | proto));
1144 gen_and(b0, b1);
1145 return b1;
1146
1147 case LLCSAP_IPX:
1148 /*
1149 * Check for;
1150 *
1151 * Ethernet_II frames, which are Ethernet
1152 * frames with a frame type of ETHERTYPE_IPX;
1153 *
1154 * Ethernet_802.3 frames, which are 802.3
1155 * frames (i.e., the type/length field is
1156 * a length field, <= ETHERMTU, rather than
1157 * a type field) with the first two bytes
1158 * after the Ethernet/802.3 header being
1159 * 0xFFFF;
1160 *
1161 * Ethernet_802.2 frames, which are 802.3
1162 * frames with an 802.2 LLC header and
1163 * with the IPX LSAP as the DSAP in the LLC
1164 * header;
1165 *
1166 * Ethernet_SNAP frames, which are 802.3
1167 * frames with an LLC header and a SNAP
1168 * header and with an OUI of 0x000000
1169 * (encapsulated Ethernet) and a protocol
1170 * ID of ETHERTYPE_IPX in the SNAP header.
1171 *
1172 * XXX - should we generate the same code both
1173 * for tests for LLCSAP_IPX and for ETHERTYPE_IPX?
1174 */
1175
1176 /*
1177 * This generates code to check both for the
1178 * IPX LSAP (Ethernet_802.2) and for Ethernet_802.3.
1179 */
1180 b0 = gen_cmp(off_linktype + 2, BPF_B, (bpf_int32)LLCSAP_IPX);
1181 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)0xFFFF);
1182 gen_or(b0, b1);
1183
1184 /*
1185 * Now we add code to check for SNAP frames with
1186 * ETHERTYPE_IPX, i.e. Ethernet_SNAP.
1187 */
1188 b0 = gen_snap(0x000000, ETHERTYPE_IPX, 14);
1189 gen_or(b0, b1);
1190
1191 /*
1192 * Now we generate code to check for 802.3
1193 * frames in general.
1194 */
1195 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1196 gen_not(b0);
1197
1198 /*
1199 * Now add the check for 802.3 frames before the
1200 * check for Ethernet_802.2 and Ethernet_802.3,
1201 * as those checks should only be done on 802.3
1202 * frames, not on Ethernet frames.
1203 */
1204 gen_and(b0, b1);
1205
1206 /*
1207 * Now add the check for Ethernet_II frames, and
1208 * do that before checking for the other frame
1209 * types.
1210 */
1211 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)ETHERTYPE_IPX);
1212 gen_or(b0, b1);
1213 return b1;
1214
1215 case ETHERTYPE_ATALK:
1216 case ETHERTYPE_AARP:
1217 /*
1218 * EtherTalk (AppleTalk protocols on Ethernet link
1219 * layer) may use 802.2 encapsulation.
1220 */
1221
1222 /*
1223 * Check for 802.2 encapsulation (EtherTalk phase 2?);
1224 * we check for an Ethernet type field less than
1225 * 1500, which means it's an 802.3 length field.
1226 */
1227 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1228 gen_not(b0);
1229
1230 /*
1231 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1232 * SNAP packets with an organization code of
1233 * 0x080007 (Apple, for Appletalk) and a protocol
1234 * type of ETHERTYPE_ATALK (Appletalk).
1235 *
1236 * 802.2-encapsulated ETHERTYPE_AARP packets are
1237 * SNAP packets with an organization code of
1238 * 0x000000 (encapsulated Ethernet) and a protocol
1239 * type of ETHERTYPE_AARP (Appletalk ARP).
1240 */
1241 if (proto == ETHERTYPE_ATALK)
1242 b1 = gen_snap(0x080007, ETHERTYPE_ATALK, 14);
1243 else /* proto == ETHERTYPE_AARP */
1244 b1 = gen_snap(0x000000, ETHERTYPE_AARP, 14);
1245 gen_and(b0, b1);
1246
1247 /*
1248 * Check for Ethernet encapsulation (Ethertalk
1249 * phase 1?); we just check for the Ethernet
1250 * protocol type.
1251 */
1252 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1253
1254 gen_or(b0, b1);
1255 return b1;
1256
1257 default:
1258 if (proto <= ETHERMTU) {
1259 /*
1260 * This is an LLC SAP value, so the frames
1261 * that match would be 802.2 frames.
1262 * Check that the frame is an 802.2 frame
1263 * (i.e., that the length/type field is
1264 * a length field, <= ETHERMTU) and
1265 * then check the DSAP.
1266 */
1267 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1268 gen_not(b0);
1269 b1 = gen_cmp(off_linktype + 2, BPF_B, (bpf_int32)proto);
1270 gen_and(b0, b1);
1271 return b1;
1272 } else {
1273 /*
1274 * This is an Ethernet type, so compare
1275 * the length/type field with it (if
1276 * the frame is an 802.2 frame, the length
1277 * field will be <= ETHERMTU, and, as
1278 * "proto" is > ETHERMTU, this test
1279 * will fail and the frame won't match,
1280 * which is what we want).
1281 */
1282 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1283 }
1284 }
1285 }
1286
1287 /*
1288 * Generate code to match a particular packet type.
1289 *
1290 * "proto" is an Ethernet type value, if > ETHERMTU, or an LLC SAP
1291 * value, if <= ETHERMTU. We use that to determine whether to
1292 * match the type field or to check the type field for the special
1293 * LINUX_SLL_P_802_2 value and then do the appropriate test.
1294 */
1295 static struct block *
1296 gen_linux_sll_linktype(proto)
1297 register int proto;
1298 {
1299 struct block *b0, *b1;
1300
1301 switch (proto) {
1302
1303 case LLCSAP_ISONS:
1304 case LLCSAP_IP:
1305 case LLCSAP_NETBEUI:
1306 /*
1307 * OSI protocols and NetBEUI always use 802.2 encapsulation,
1308 * so we check the DSAP and SSAP.
1309 *
1310 * LLCSAP_IP checks for IP-over-802.2, rather
1311 * than IP-over-Ethernet or IP-over-SNAP.
1312 *
1313 * XXX - should we check both the DSAP and the
1314 * SSAP, like this, or should we check just the
1315 * DSAP, as we do for other types <= ETHERMTU
1316 * (i.e., other SAP values)?
1317 */
1318 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1319 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1320 ((proto << 8) | proto));
1321 gen_and(b0, b1);
1322 return b1;
1323
1324 case LLCSAP_IPX:
1325 /*
1326 * Ethernet_II frames, which are Ethernet
1327 * frames with a frame type of ETHERTYPE_IPX;
1328 *
1329 * Ethernet_802.3 frames, which have a frame
1330 * type of LINUX_SLL_P_802_3;
1331 *
1332 * Ethernet_802.2 frames, which are 802.3
1333 * frames with an 802.2 LLC header (i.e, have
1334 * a frame type of LINUX_SLL_P_802_2) and
1335 * with the IPX LSAP as the DSAP in the LLC
1336 * header;
1337 *
1338 * Ethernet_SNAP frames, which are 802.3
1339 * frames with an LLC header and a SNAP
1340 * header and with an OUI of 0x000000
1341 * (encapsulated Ethernet) and a protocol
1342 * ID of ETHERTYPE_IPX in the SNAP header.
1343 *
1344 * First, do the checks on LINUX_SLL_P_802_2
1345 * frames; generate the check for either
1346 * Ethernet_802.2 or Ethernet_SNAP frames, and
1347 * then put a check for LINUX_SLL_P_802_2 frames
1348 * before it.
1349 */
1350 b0 = gen_cmp(off_linktype + 2, BPF_B,
1351 (bpf_int32)LLCSAP_IPX);
1352 b1 = gen_snap(0x000000, ETHERTYPE_IPX,
1353 off_linktype + 2);
1354 gen_or(b0, b1);
1355 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1356 gen_and(b0, b1);
1357
1358 /*
1359 * Now check for 802.3 frames and OR that with
1360 * the previous test.
1361 */
1362 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_3);
1363 gen_or(b0, b1);
1364
1365 /*
1366 * Now add the check for Ethernet_II frames, and
1367 * do that before checking for the other frame
1368 * types.
1369 */
1370 b0 = gen_cmp(off_linktype, BPF_H,
1371 (bpf_int32)ETHERTYPE_IPX);
1372 gen_or(b0, b1);
1373 return b1;
1374
1375 case ETHERTYPE_ATALK:
1376 case ETHERTYPE_AARP:
1377 /*
1378 * EtherTalk (AppleTalk protocols on Ethernet link
1379 * layer) may use 802.2 encapsulation.
1380 */
1381
1382 /*
1383 * Check for 802.2 encapsulation (EtherTalk phase 2?);
1384 * we check for the 802.2 protocol type in the
1385 * "Ethernet type" field.
1386 */
1387 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1388
1389 /*
1390 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1391 * SNAP packets with an organization code of
1392 * 0x080007 (Apple, for Appletalk) and a protocol
1393 * type of ETHERTYPE_ATALK (Appletalk).
1394 *
1395 * 802.2-encapsulated ETHERTYPE_AARP packets are
1396 * SNAP packets with an organization code of
1397 * 0x000000 (encapsulated Ethernet) and a protocol
1398 * type of ETHERTYPE_AARP (Appletalk ARP).
1399 */
1400 if (proto == ETHERTYPE_ATALK)
1401 b1 = gen_snap(0x080007, ETHERTYPE_ATALK,
1402 off_linktype + 2);
1403 else /* proto == ETHERTYPE_AARP */
1404 b1 = gen_snap(0x000000, ETHERTYPE_AARP,
1405 off_linktype + 2);
1406 gen_and(b0, b1);
1407
1408 /*
1409 * Check for Ethernet encapsulation (Ethertalk
1410 * phase 1?); we just check for the Ethernet
1411 * protocol type.
1412 */
1413 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1414
1415 gen_or(b0, b1);
1416 return b1;
1417
1418 default:
1419 if (proto <= ETHERMTU) {
1420 /*
1421 * This is an LLC SAP value, so the frames
1422 * that match would be 802.2 frames.
1423 * Check for the 802.2 protocol type
1424 * in the "Ethernet type" field, and
1425 * then check the DSAP.
1426 */
1427 b0 = gen_cmp(off_linktype, BPF_H,
1428 LINUX_SLL_P_802_2);
1429 b1 = gen_cmp(off_linktype + 2, BPF_B,
1430 (bpf_int32)proto);
1431 gen_and(b0, b1);
1432 return b1;
1433 } else {
1434 /*
1435 * This is an Ethernet type, so compare
1436 * the length/type field with it (if
1437 * the frame is an 802.2 frame, the length
1438 * field will be <= ETHERMTU, and, as
1439 * "proto" is > ETHERMTU, this test
1440 * will fail and the frame won't match,
1441 * which is what we want).
1442 */
1443 return gen_cmp(off_linktype, BPF_H,
1444 (bpf_int32)proto);
1445 }
1446 }
1447 }
1448
1449 /*
1450 * Generate code to match a particular packet type by matching the
1451 * link-layer type field or fields in the 802.2 LLC header.
1452 *
1453 * "proto" is an Ethernet type value, if > ETHERMTU, or an LLC SAP
1454 * value, if <= ETHERMTU.
1455 */
1456 static struct block *
1457 gen_linktype(proto)
1458 register int proto;
1459 {
1460 struct block *b0, *b1, *b2;
1461
1462 switch (linktype) {
1463
1464 case DLT_EN10MB:
1465 return gen_ether_linktype(proto);
1466 /*NOTREACHED*/
1467 break;
1468
1469 case DLT_C_HDLC:
1470 switch (proto) {
1471
1472 case LLCSAP_ISONS:
1473 proto = (proto << 8 | LLCSAP_ISONS);
1474 /* fall through */
1475
1476 default:
1477 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1478 /*NOTREACHED*/
1479 break;
1480 }
1481 break;
1482
1483 case DLT_IEEE802_11:
1484 case DLT_PRISM_HEADER:
1485 case DLT_IEEE802_11_RADIO:
1486 case DLT_FDDI:
1487 case DLT_IEEE802:
1488 case DLT_ATM_RFC1483:
1489 case DLT_ATM_CLIP:
1490 case DLT_IP_OVER_FC:
1491 return gen_llc_linktype(proto);
1492 /*NOTREACHED*/
1493 break;
1494
1495 case DLT_SUNATM:
1496 /*
1497 * If "is_lane" is set, check for a LANE-encapsulated
1498 * version of this protocol, otherwise check for an
1499 * LLC-encapsulated version of this protocol.
1500 *
1501 * We assume LANE means Ethernet, not Token Ring.
1502 */
1503 if (is_lane) {
1504 /*
1505 * Check that the packet doesn't begin with an
1506 * LE Control marker. (We've already generated
1507 * a test for LANE.)
1508 */
1509 b0 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
1510 gen_not(b0);
1511
1512 /*
1513 * Now generate an Ethernet test.
1514 */
1515 b1 = gen_ether_linktype(proto);
1516 gen_and(b0, b1);
1517 return b1;
1518 } else {
1519 /*
1520 * Check for LLC encapsulation and then check the
1521 * protocol.
1522 */
1523 b0 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0);
1524 b1 = gen_llc_linktype(proto);
1525 gen_and(b0, b1);
1526 return b1;
1527 }
1528 /*NOTREACHED*/
1529 break;
1530
1531 case DLT_LINUX_SLL:
1532 return gen_linux_sll_linktype(proto);
1533 /*NOTREACHED*/
1534 break;
1535
1536 case DLT_SLIP:
1537 case DLT_SLIP_BSDOS:
1538 case DLT_RAW:
1539 /*
1540 * These types don't provide any type field; packets
1541 * are always IP.
1542 *
1543 * XXX - for IPv4, check for a version number of 4, and,
1544 * for IPv6, check for a version number of 6?
1545 */
1546 switch (proto) {
1547
1548 case ETHERTYPE_IP:
1549 #ifdef INET6
1550 case ETHERTYPE_IPV6:
1551 #endif
1552 return gen_true(); /* always true */
1553
1554 default:
1555 return gen_false(); /* always false */
1556 }
1557 /*NOTREACHED*/
1558 break;
1559
1560 case DLT_PPP:
1561 case DLT_PPP_PPPD:
1562 case DLT_PPP_SERIAL:
1563 case DLT_PPP_ETHER:
1564 /*
1565 * We use Ethernet protocol types inside libpcap;
1566 * map them to the corresponding PPP protocol types.
1567 */
1568 switch (proto) {
1569
1570 case ETHERTYPE_IP:
1571 proto = PPP_IP;
1572 break;
1573
1574 #ifdef INET6
1575 case ETHERTYPE_IPV6:
1576 proto = PPP_IPV6;
1577 break;
1578 #endif
1579
1580 case ETHERTYPE_DN:
1581 proto = PPP_DECNET;
1582 break;
1583
1584 case ETHERTYPE_ATALK:
1585 proto = PPP_APPLE;
1586 break;
1587
1588 case ETHERTYPE_NS:
1589 proto = PPP_NS;
1590 break;
1591
1592 case LLCSAP_ISONS:
1593 proto = PPP_OSI;
1594 break;
1595
1596 case LLCSAP_8021D:
1597 /*
1598 * I'm assuming the "Bridging PDU"s that go
1599 * over PPP are Spanning Tree Protocol
1600 * Bridging PDUs.
1601 */
1602 proto = PPP_BRPDU;
1603 break;
1604
1605 case LLCSAP_IPX:
1606 proto = PPP_IPX;
1607 break;
1608 }
1609 break;
1610
1611 case DLT_PPP_BSDOS:
1612 /*
1613 * We use Ethernet protocol types inside libpcap;
1614 * map them to the corresponding PPP protocol types.
1615 */
1616 switch (proto) {
1617
1618 case ETHERTYPE_IP:
1619 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP);
1620 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC);
1621 gen_or(b0, b1);
1622 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC);
1623 gen_or(b1, b0);
1624 return b0;
1625
1626 #ifdef INET6
1627 case ETHERTYPE_IPV6:
1628 proto = PPP_IPV6;
1629 /* more to go? */
1630 break;
1631 #endif
1632
1633 case ETHERTYPE_DN:
1634 proto = PPP_DECNET;
1635 break;
1636
1637 case ETHERTYPE_ATALK:
1638 proto = PPP_APPLE;
1639 break;
1640
1641 case ETHERTYPE_NS:
1642 proto = PPP_NS;
1643 break;
1644
1645 case LLCSAP_ISONS:
1646 proto = PPP_OSI;
1647 break;
1648
1649 case LLCSAP_8021D:
1650 /*
1651 * I'm assuming the "Bridging PDU"s that go
1652 * over PPP are Spanning Tree Protocol
1653 * Bridging PDUs.
1654 */
1655 proto = PPP_BRPDU;
1656 break;
1657
1658 case LLCSAP_IPX:
1659 proto = PPP_IPX;
1660 break;
1661 }
1662 break;
1663
1664 case DLT_NULL:
1665 case DLT_LOOP:
1666 case DLT_ENC:
1667 /*
1668 * For DLT_NULL, the link-layer header is a 32-bit
1669 * word containing an AF_ value in *host* byte order,
1670 * and for DLT_ENC, the link-layer header begins
1671 * with a 32-bit work containing an AF_ value in
1672 * host byte order.
1673 *
1674 * In addition, if we're reading a saved capture file,
1675 * the host byte order in the capture may not be the
1676 * same as the host byte order on this machine.
1677 *
1678 * For DLT_LOOP, the link-layer header is a 32-bit
1679 * word containing an AF_ value in *network* byte order.
1680 *
1681 * XXX - AF_ values may, unfortunately, be platform-
1682 * dependent; for example, FreeBSD's AF_INET6 is 24
1683 * whilst NetBSD's and OpenBSD's is 26.
1684 *
1685 * This means that, when reading a capture file, just
1686 * checking for our AF_INET6 value won't work if the
1687 * capture file came from another OS.
1688 */
1689 switch (proto) {
1690
1691 case ETHERTYPE_IP:
1692 proto = AF_INET;
1693 break;
1694
1695 #ifdef INET6
1696 case ETHERTYPE_IPV6:
1697 proto = AF_INET6;
1698 break;
1699 #endif
1700
1701 default:
1702 /*
1703 * Not a type on which we support filtering.
1704 * XXX - support those that have AF_ values
1705 * #defined on this platform, at least?
1706 */
1707 return gen_false();
1708 }
1709
1710 if (linktype == DLT_NULL || linktype == DLT_ENC) {
1711 /*
1712 * The AF_ value is in host byte order, but
1713 * the BPF interpreter will convert it to
1714 * network byte order.
1715 *
1716 * If this is a save file, and it's from a
1717 * machine with the opposite byte order to
1718 * ours, we byte-swap the AF_ value.
1719 *
1720 * Then we run it through "htonl()", and
1721 * generate code to compare against the result.
1722 */
1723 if (bpf_pcap->sf.rfile != NULL &&
1724 bpf_pcap->sf.swapped)
1725 proto = SWAPLONG(proto);
1726 proto = htonl(proto);
1727 }
1728 return (gen_cmp(0, BPF_W, (bpf_int32)proto));
1729
1730 case DLT_PFLOG:
1731 /*
1732 * af field is host byte order in contrast to the rest of
1733 * the packet.
1734 */
1735 if (proto == ETHERTYPE_IP)
1736 return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B,
1737 (bpf_int32)AF_INET));
1738 #ifdef INET6
1739 else if (proto == ETHERTYPE_IPV6)
1740 return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B,
1741 (bpf_int32)AF_INET6));
1742 #endif /* INET6 */
1743 else
1744 return gen_false();
1745 /*NOTREACHED*/
1746 break;
1747
1748 case DLT_ARCNET:
1749 case DLT_ARCNET_LINUX:
1750 /*
1751 * XXX should we check for first fragment if the protocol
1752 * uses PHDS?
1753 */
1754 switch (proto) {
1755
1756 default:
1757 return gen_false();
1758
1759 #ifdef INET6
1760 case ETHERTYPE_IPV6:
1761 return (gen_cmp(off_linktype, BPF_B,
1762 (bpf_int32)ARCTYPE_INET6));
1763 #endif /* INET6 */
1764
1765 case ETHERTYPE_IP:
1766 b0 = gen_cmp(off_linktype, BPF_B,
1767 (bpf_int32)ARCTYPE_IP);
1768 b1 = gen_cmp(off_linktype, BPF_B,
1769 (bpf_int32)ARCTYPE_IP_OLD);
1770 gen_or(b0, b1);
1771 return (b1);
1772
1773 case ETHERTYPE_ARP:
1774 b0 = gen_cmp(off_linktype, BPF_B,
1775 (bpf_int32)ARCTYPE_ARP);
1776 b1 = gen_cmp(off_linktype, BPF_B,
1777 (bpf_int32)ARCTYPE_ARP_OLD);
1778 gen_or(b0, b1);
1779 return (b1);
1780
1781 case ETHERTYPE_REVARP:
1782 return (gen_cmp(off_linktype, BPF_B,
1783 (bpf_int32)ARCTYPE_REVARP));
1784
1785 case ETHERTYPE_ATALK:
1786 return (gen_cmp(off_linktype, BPF_B,
1787 (bpf_int32)ARCTYPE_ATALK));
1788 }
1789 /*NOTREACHED*/
1790 break;
1791
1792 case DLT_LTALK:
1793 switch (proto) {
1794 case ETHERTYPE_ATALK:
1795 return gen_true();
1796 default:
1797 return gen_false();
1798 }
1799 /*NOTREACHED*/
1800 break;
1801
1802 case DLT_FRELAY:
1803 /*
1804 * XXX - assumes a 2-byte Frame Relay header with
1805 * DLCI and flags. What if the address is longer?
1806 */
1807 switch (proto) {
1808
1809 case ETHERTYPE_IP:
1810 /*
1811 * Check for the special NLPID for IP.
1812 */
1813 return gen_cmp(2, BPF_H, (0x03<<8) | 0xcc);
1814
1815 #ifdef INET6
1816 case ETHERTYPE_IPV6:
1817 /*
1818 * Check for the special NLPID for IPv6.
1819 */
1820 return gen_cmp(2, BPF_H, (0x03<<8) | 0x8e);
1821 #endif
1822
1823 case LLCSAP_ISONS:
1824 /*
1825 * Check for several OSI protocols.
1826 *
1827 * Frame Relay packets typically have an OSI
1828 * NLPID at the beginning; we check for each
1829 * of them.
1830 *
1831 * What we check for is the NLPID and a frame
1832 * control field of UI, i.e. 0x03 followed
1833 * by the NLPID.
1834 */
1835 b0 = gen_cmp(2, BPF_H, (0x03<<8) | ISO8473_CLNP);
1836 b1 = gen_cmp(2, BPF_H, (0x03<<8) | ISO9542_ESIS);
1837 b2 = gen_cmp(2, BPF_H, (0x03<<8) | ISO10589_ISIS);
1838 gen_or(b1, b2);
1839 gen_or(b0, b2);
1840 return b2;
1841
1842 default:
1843 return gen_false();
1844 }
1845 /*NOTREACHED*/
1846 break;
1847
1848 case DLT_JUNIPER_MLFR:
1849 case DLT_JUNIPER_MLPPP:
1850 case DLT_JUNIPER_ATM1:
1851 case DLT_JUNIPER_ATM2:
1852 /* just lets verify the magic number for now -
1853 * on ATM we may have up to 6 different encapsulations on the wire
1854 * and need a lot of heuristics to figure out that the payload
1855 * might be;
1856 *
1857 * FIXME encapsulation specific BPF_ filters
1858 */
1859 return gen_mcmp(0, BPF_W, 0x4d474300, 0xffffff00); /* compare the magic number */
1860
1861 case DLT_LINUX_IRDA:
1862 bpf_error("IrDA link-layer type filtering not implemented");
1863
1864 case DLT_DOCSIS:
1865 bpf_error("DOCSIS link-layer type filtering not implemented");
1866
1867 case DLT_LINUX_LAPD:
1868 bpf_error("LAPD link-layer type filtering not implemented");
1869 }
1870
1871 /*
1872 * All the types that have no encapsulation should either be
1873 * handled as DLT_SLIP, DLT_SLIP_BSDOS, and DLT_RAW are, if
1874 * all packets are IP packets, or should be handled in some
1875 * special case, if none of them are (if some are and some
1876 * aren't, the lack of encapsulation is a problem, as we'd
1877 * have to find some other way of determining the packet type).
1878 *
1879 * Therefore, if "off_linktype" is -1, there's an error.
1880 */
1881 if (off_linktype == (u_int)-1)
1882 abort();
1883
1884 /*
1885 * Any type not handled above should always have an Ethernet
1886 * type at an offset of "off_linktype". (PPP is partially
1887 * handled above - the protocol type is mapped from the
1888 * Ethernet and LLC types we use internally to the corresponding
1889 * PPP type - but the PPP type is always specified by a value
1890 * at "off_linktype", so we don't have to do the code generation
1891 * above.)
1892 */
1893 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1894 }
1895
1896 /*
1897 * Check for an LLC SNAP packet with a given organization code and
1898 * protocol type; we check the entire contents of the 802.2 LLC and
1899 * snap headers, checking for DSAP and SSAP of SNAP and a control
1900 * field of 0x03 in the LLC header, and for the specified organization
1901 * code and protocol type in the SNAP header.
1902 */
1903 static struct block *
1904 gen_snap(orgcode, ptype, offset)
1905 bpf_u_int32 orgcode;
1906 bpf_u_int32 ptype;
1907 u_int offset;
1908 {
1909 u_char snapblock[8];
1910
1911 snapblock[0] = LLCSAP_SNAP; /* DSAP = SNAP */
1912 snapblock[1] = LLCSAP_SNAP; /* SSAP = SNAP */
1913 snapblock[2] = 0x03; /* control = UI */
1914 snapblock[3] = (orgcode >> 16); /* upper 8 bits of organization code */
1915 snapblock[4] = (orgcode >> 8); /* middle 8 bits of organization code */
1916 snapblock[5] = (orgcode >> 0); /* lower 8 bits of organization code */
1917 snapblock[6] = (ptype >> 8); /* upper 8 bits of protocol type */
1918 snapblock[7] = (ptype >> 0); /* lower 8 bits of protocol type */
1919 return gen_bcmp(offset, 8, snapblock);
1920 }
1921
1922 /*
1923 * Generate code to match a particular packet type, for link-layer types
1924 * using 802.2 LLC headers.
1925 *
1926 * This is *NOT* used for Ethernet; "gen_ether_linktype()" is used
1927 * for that - it handles the D/I/X Ethernet vs. 802.3+802.2 issues.
1928 *
1929 * "proto" is an Ethernet type value, if > ETHERMTU, or an LLC SAP
1930 * value, if <= ETHERMTU. We use that to determine whether to
1931 * match the DSAP or both DSAP and LSAP or to check the OUI and
1932 * protocol ID in a SNAP header.
1933 */
1934 static struct block *
1935 gen_llc_linktype(proto)
1936 int proto;
1937 {
1938 /*
1939 * XXX - handle token-ring variable-length header.
1940 */
1941 switch (proto) {
1942
1943 case LLCSAP_IP:
1944 case LLCSAP_ISONS:
1945 case LLCSAP_NETBEUI:
1946 /*
1947 * XXX - should we check both the DSAP and the
1948 * SSAP, like this, or should we check just the
1949 * DSAP, as we do for other types <= ETHERMTU
1950 * (i.e., other SAP values)?
1951 */
1952 return gen_cmp(off_linktype, BPF_H, (long)
1953 ((proto << 8) | proto));
1954
1955 case LLCSAP_IPX:
1956 /*
1957 * XXX - are there ever SNAP frames for IPX on
1958 * non-Ethernet 802.x networks?
1959 */
1960 return gen_cmp(off_linktype, BPF_B, (bpf_int32)LLCSAP_IPX);
1961
1962 case ETHERTYPE_ATALK:
1963 /*
1964 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1965 * SNAP packets with an organization code of
1966 * 0x080007 (Apple, for Appletalk) and a protocol
1967 * type of ETHERTYPE_ATALK (Appletalk).
1968 *
1969 * XXX - check for an organization code of
1970 * encapsulated Ethernet as well?
1971 */
1972 return gen_snap(0x080007, ETHERTYPE_ATALK, off_linktype);
1973
1974 default:
1975 /*
1976 * XXX - we don't have to check for IPX 802.3
1977 * here, but should we check for the IPX Ethertype?
1978 */
1979 if (proto <= ETHERMTU) {
1980 /*
1981 * This is an LLC SAP value, so check
1982 * the DSAP.
1983 */
1984 return gen_cmp(off_linktype, BPF_B, (bpf_int32)proto);
1985 } else {
1986 /*
1987 * This is an Ethernet type; we assume that it's
1988 * unlikely that it'll appear in the right place
1989 * at random, and therefore check only the
1990 * location that would hold the Ethernet type
1991 * in a SNAP frame with an organization code of
1992 * 0x000000 (encapsulated Ethernet).
1993 *
1994 * XXX - if we were to check for the SNAP DSAP and
1995 * LSAP, as per XXX, and were also to check for an
1996 * organization code of 0x000000 (encapsulated
1997 * Ethernet), we'd do
1998 *
1999 * return gen_snap(0x000000, proto,
2000 * off_linktype);
2001 *
2002 * here; for now, we don't, as per the above.
2003 * I don't know whether it's worth the extra CPU
2004 * time to do the right check or not.
2005 */
2006 return gen_cmp(off_linktype+6, BPF_H, (bpf_int32)proto);
2007 }
2008 }
2009 }
2010
2011 static struct block *
2012 gen_hostop(addr, mask, dir, proto, src_off, dst_off)
2013 bpf_u_int32 addr;
2014 bpf_u_int32 mask;
2015 int dir, proto;
2016 u_int src_off, dst_off;
2017 {
2018 struct block *b0, *b1;
2019 u_int offset;
2020
2021 switch (dir) {
2022
2023 case Q_SRC:
2024 offset = src_off;
2025 break;
2026
2027 case Q_DST:
2028 offset = dst_off;
2029 break;
2030
2031 case Q_AND:
2032 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
2033 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
2034 gen_and(b0, b1);
2035 return b1;
2036
2037 case Q_OR:
2038 case Q_DEFAULT:
2039 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
2040 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
2041 gen_or(b0, b1);
2042 return b1;
2043
2044 default:
2045 abort();
2046 }
2047 b0 = gen_linktype(proto);
2048 b1 = gen_mcmp(offset, BPF_W, (bpf_int32)addr, mask);
2049 gen_and(b0, b1);
2050 return b1;
2051 }
2052
2053 #ifdef INET6
2054 static struct block *
2055 gen_hostop6(addr, mask, dir, proto, src_off, dst_off)
2056 struct in6_addr *addr;
2057 struct in6_addr *mask;
2058 int dir, proto;
2059 u_int src_off, dst_off;
2060 {
2061 struct block *b0, *b1;
2062 u_int offset;
2063 u_int32_t *a, *m;
2064
2065 switch (dir) {
2066
2067 case Q_SRC:
2068 offset = src_off;
2069 break;
2070
2071 case Q_DST:
2072 offset = dst_off;
2073 break;
2074
2075 case Q_AND:
2076 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
2077 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
2078 gen_and(b0, b1);
2079 return b1;
2080
2081 case Q_OR:
2082 case Q_DEFAULT:
2083 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
2084 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
2085 gen_or(b0, b1);
2086 return b1;
2087
2088 default:
2089 abort();
2090 }
2091 /* this order is important */
2092 a = (u_int32_t *)addr;
2093 m = (u_int32_t *)mask;
2094 b1 = gen_mcmp(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3]));
2095 b0 = gen_mcmp(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2]));
2096 gen_and(b0, b1);
2097 b0 = gen_mcmp(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1]));
2098 gen_and(b0, b1);
2099 b0 = gen_mcmp(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0]));
2100 gen_and(b0, b1);
2101 b0 = gen_linktype(proto);
2102 gen_and(b0, b1);
2103 return b1;
2104 }
2105 #endif /*INET6*/
2106
2107 static struct block *
2108 gen_ehostop(eaddr, dir)
2109 register const u_char *eaddr;
2110 register int dir;
2111 {
2112 register struct block *b0, *b1;
2113
2114 switch (dir) {
2115 case Q_SRC:
2116 return gen_bcmp(off_mac + 6, 6, eaddr);
2117
2118 case Q_DST:
2119 return gen_bcmp(off_mac + 0, 6, eaddr);
2120
2121 case Q_AND:
2122 b0 = gen_ehostop(eaddr, Q_SRC);
2123 b1 = gen_ehostop(eaddr, Q_DST);
2124 gen_and(b0, b1);
2125 return b1;
2126
2127 case Q_DEFAULT:
2128 case Q_OR:
2129 b0 = gen_ehostop(eaddr, Q_SRC);
2130 b1 = gen_ehostop(eaddr, Q_DST);
2131 gen_or(b0, b1);
2132 return b1;
2133 }
2134 abort();
2135 /* NOTREACHED */
2136 }
2137
2138 /*
2139 * Like gen_ehostop, but for DLT_FDDI
2140 */
2141 static struct block *
2142 gen_fhostop(eaddr, dir)
2143 register const u_char *eaddr;
2144 register int dir;
2145 {
2146 struct block *b0, *b1;
2147
2148 switch (dir) {
2149 case Q_SRC:
2150 #ifdef PCAP_FDDIPAD
2151 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr);
2152 #else
2153 return gen_bcmp(6 + 1, 6, eaddr);
2154 #endif
2155
2156 case Q_DST:
2157 #ifdef PCAP_FDDIPAD
2158 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr);
2159 #else
2160 return gen_bcmp(0 + 1, 6, eaddr);
2161 #endif
2162
2163 case Q_AND:
2164 b0 = gen_fhostop(eaddr, Q_SRC);
2165 b1 = gen_fhostop(eaddr, Q_DST);
2166 gen_and(b0, b1);
2167 return b1;
2168
2169 case Q_DEFAULT:
2170 case Q_OR:
2171 b0 = gen_fhostop(eaddr, Q_SRC);
2172 b1 = gen_fhostop(eaddr, Q_DST);
2173 gen_or(b0, b1);
2174 return b1;
2175 }
2176 abort();
2177 /* NOTREACHED */
2178 }
2179
2180 /*
2181 * Like gen_ehostop, but for DLT_IEEE802 (Token Ring)
2182 */
2183 static struct block *
2184 gen_thostop(eaddr, dir)
2185 register const u_char *eaddr;
2186 register int dir;
2187 {
2188 register struct block *b0, *b1;
2189
2190 switch (dir) {
2191 case Q_SRC:
2192 return gen_bcmp(8, 6, eaddr);
2193
2194 case Q_DST:
2195 return gen_bcmp(2, 6, eaddr);
2196
2197 case Q_AND:
2198 b0 = gen_thostop(eaddr, Q_SRC);
2199 b1 = gen_thostop(eaddr, Q_DST);
2200 gen_and(b0, b1);
2201 return b1;
2202
2203 case Q_DEFAULT:
2204 case Q_OR:
2205 b0 = gen_thostop(eaddr, Q_SRC);
2206 b1 = gen_thostop(eaddr, Q_DST);
2207 gen_or(b0, b1);
2208 return b1;
2209 }
2210 abort();
2211 /* NOTREACHED */
2212 }
2213
2214 /*
2215 * Like gen_ehostop, but for DLT_IEEE802_11 (802.11 wireless LAN)
2216 */
2217 static struct block *
2218 gen_wlanhostop(eaddr, dir)
2219 register const u_char *eaddr;
2220 register int dir;
2221 {
2222 register struct block *b0, *b1, *b2;
2223 register struct slist *s;
2224
2225 switch (dir) {
2226 case Q_SRC:
2227 /*
2228 * Oh, yuk.
2229 *
2230 * For control frames, there is no SA.
2231 *
2232 * For management frames, SA is at an
2233 * offset of 10 from the beginning of
2234 * the packet.
2235 *
2236 * For data frames, SA is at an offset
2237 * of 10 from the beginning of the packet
2238 * if From DS is clear, at an offset of
2239 * 16 from the beginning of the packet
2240 * if From DS is set and To DS is clear,
2241 * and an offset of 24 from the beginning
2242 * of the packet if From DS is set and To DS
2243 * is set.
2244 */
2245
2246 /*
2247 * Generate the tests to be done for data frames
2248 * with From DS set.
2249 *
2250 * First, check for To DS set, i.e. check "link[1] & 0x01".
2251 */
2252 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2253 s->s.k = 1;
2254 b1 = new_block(JMP(BPF_JSET));
2255 b1->s.k = 0x01; /* To DS */
2256 b1->stmts = s;
2257
2258 /*
2259 * If To DS is set, the SA is at 24.
2260 */
2261 b0 = gen_bcmp(24, 6, eaddr);
2262 gen_and(b1, b0);
2263
2264 /*
2265 * Now, check for To DS not set, i.e. check
2266 * "!(link[1] & 0x01)".
2267 */
2268 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2269 s->s.k = 1;
2270 b2 = new_block(JMP(BPF_JSET));
2271 b2->s.k = 0x01; /* To DS */
2272 b2->stmts = s;
2273 gen_not(b2);
2274
2275 /*
2276 * If To DS is not set, the SA is at 16.
2277 */
2278 b1 = gen_bcmp(16, 6, eaddr);
2279 gen_and(b2, b1);
2280
2281 /*
2282 * Now OR together the last two checks. That gives
2283 * the complete set of checks for data frames with
2284 * From DS set.
2285 */
2286 gen_or(b1, b0);
2287
2288 /*
2289 * Now check for From DS being set, and AND that with
2290 * the ORed-together checks.
2291 */
2292 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2293 s->s.k = 1;
2294 b1 = new_block(JMP(BPF_JSET));
2295 b1->s.k = 0x02; /* From DS */
2296 b1->stmts = s;
2297 gen_and(b1, b0);
2298
2299 /*
2300 * Now check for data frames with From DS not set.
2301 */
2302 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2303 s->s.k = 1;
2304 b2 = new_block(JMP(BPF_JSET));
2305 b2->s.k = 0x02; /* From DS */
2306 b2->stmts = s;
2307 gen_not(b2);
2308
2309 /*
2310 * If From DS isn't set, the SA is at 10.
2311 */
2312 b1 = gen_bcmp(10, 6, eaddr);
2313 gen_and(b2, b1);
2314
2315 /*
2316 * Now OR together the checks for data frames with
2317 * From DS not set and for data frames with From DS
2318 * set; that gives the checks done for data frames.
2319 */
2320 gen_or(b1, b0);
2321
2322 /*
2323 * Now check for a data frame.
2324 * I.e, check "link[0] & 0x08".
2325 */
2326 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2327 s->s.k = 0;
2328 b1 = new_block(JMP(BPF_JSET));
2329 b1->s.k = 0x08;
2330 b1->stmts = s;
2331
2332 /*
2333 * AND that with the checks done for data frames.
2334 */
2335 gen_and(b1, b0);
2336
2337 /*
2338 * If the high-order bit of the type value is 0, this
2339 * is a management frame.
2340 * I.e, check "!(link[0] & 0x08)".
2341 */
2342 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2343 s->s.k = 0;
2344 b2 = new_block(JMP(BPF_JSET));
2345 b2->s.k = 0x08;
2346 b2->stmts = s;
2347 gen_not(b2);
2348
2349 /*
2350 * For management frames, the SA is at 10.
2351 */
2352 b1 = gen_bcmp(10, 6, eaddr);
2353 gen_and(b2, b1);
2354
2355 /*
2356 * OR that with the checks done for data frames.
2357 * That gives the checks done for management and
2358 * data frames.
2359 */
2360 gen_or(b1, b0);
2361
2362 /*
2363 * If the low-order bit of the type value is 1,
2364 * this is either a control frame or a frame
2365 * with a reserved type, and thus not a
2366 * frame with an SA.
2367 *
2368 * I.e., check "!(link[0] & 0x04)".
2369 */
2370 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2371 s->s.k = 0;
2372 b1 = new_block(JMP(BPF_JSET));
2373 b1->s.k = 0x04;
2374 b1->stmts = s;
2375 gen_not(b1);
2376
2377 /*
2378 * AND that with the checks for data and management
2379 * frames.
2380 */
2381 gen_and(b1, b0);
2382 return b0;
2383
2384 case Q_DST:
2385 /*
2386 * Oh, yuk.
2387 *
2388 * For control frames, there is no DA.
2389 *
2390 * For management frames, DA is at an
2391 * offset of 4 from the beginning of
2392 * the packet.
2393 *
2394 * For data frames, DA is at an offset
2395 * of 4 from the beginning of the packet
2396 * if To DS is clear and at an offset of
2397 * 16 from the beginning of the packet
2398 * if To DS is set.
2399 */
2400
2401 /*
2402 * Generate the tests to be done for data frames.
2403 *
2404 * First, check for To DS set, i.e. "link[1] & 0x01".
2405 */
2406 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2407 s->s.k = 1;
2408 b1 = new_block(JMP(BPF_JSET));
2409 b1->s.k = 0x01; /* To DS */
2410 b1->stmts = s;
2411
2412 /*
2413 * If To DS is set, the DA is at 16.
2414 */
2415 b0 = gen_bcmp(16, 6, eaddr);
2416 gen_and(b1, b0);
2417
2418 /*
2419 * Now, check for To DS not set, i.e. check
2420 * "!(link[1] & 0x01)".
2421 */
2422 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2423 s->s.k = 1;
2424 b2 = new_block(JMP(BPF_JSET));
2425 b2->s.k = 0x01; /* To DS */
2426 b2->stmts = s;
2427 gen_not(b2);
2428
2429 /*
2430 * If To DS is not set, the DA is at 4.
2431 */
2432 b1 = gen_bcmp(4, 6, eaddr);
2433 gen_and(b2, b1);
2434
2435 /*
2436 * Now OR together the last two checks. That gives
2437 * the complete set of checks for data frames.
2438 */
2439 gen_or(b1, b0);
2440
2441 /*
2442 * Now check for a data frame.
2443 * I.e, check "link[0] & 0x08".
2444 */
2445 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2446 s->s.k = 0;
2447 b1 = new_block(JMP(BPF_JSET));
2448 b1->s.k = 0x08;
2449 b1->stmts = s;
2450
2451 /*
2452 * AND that with the checks done for data frames.
2453 */
2454 gen_and(b1, b0);
2455
2456 /*
2457 * If the high-order bit of the type value is 0, this
2458 * is a management frame.
2459 * I.e, check "!(link[0] & 0x08)".
2460 */
2461 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2462 s->s.k = 0;
2463 b2 = new_block(JMP(BPF_JSET));
2464 b2->s.k = 0x08;
2465 b2->stmts = s;
2466 gen_not(b2);
2467
2468 /*
2469 * For management frames, the DA is at 4.
2470 */
2471 b1 = gen_bcmp(4, 6, eaddr);
2472 gen_and(b2, b1);
2473
2474 /*
2475 * OR that with the checks done for data frames.
2476 * That gives the checks done for management and
2477 * data frames.
2478 */
2479 gen_or(b1, b0);
2480
2481 /*
2482 * If the low-order bit of the type value is 1,
2483 * this is either a control frame or a frame
2484 * with a reserved type, and thus not a
2485 * frame with an SA.
2486 *
2487 * I.e., check "!(link[0] & 0x04)".
2488 */
2489 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2490 s->s.k = 0;
2491 b1 = new_block(JMP(BPF_JSET));
2492 b1->s.k = 0x04;
2493 b1->stmts = s;
2494 gen_not(b1);
2495
2496 /*
2497 * AND that with the checks for data and management
2498 * frames.
2499 */
2500 gen_and(b1, b0);
2501 return b0;
2502
2503 case Q_AND:
2504 b0 = gen_wlanhostop(eaddr, Q_SRC);
2505 b1 = gen_wlanhostop(eaddr, Q_DST);
2506 gen_and(b0, b1);
2507 return b1;
2508
2509 case Q_DEFAULT:
2510 case Q_OR:
2511 b0 = gen_wlanhostop(eaddr, Q_SRC);
2512 b1 = gen_wlanhostop(eaddr, Q_DST);
2513 gen_or(b0, b1);
2514 return b1;
2515 }
2516 abort();
2517 /* NOTREACHED */
2518 }
2519
2520 /*
2521 * Like gen_ehostop, but for RFC 2625 IP-over-Fibre-Channel.
2522 * (We assume that the addresses are IEEE 48-bit MAC addresses,
2523 * as the RFC states.)
2524 */
2525 static struct block *
2526 gen_ipfchostop(eaddr, dir)
2527 register const u_char *eaddr;
2528 register int dir;
2529 {
2530 register struct block *b0, *b1;
2531
2532 switch (dir) {
2533 case Q_SRC:
2534 return gen_bcmp(10, 6, eaddr);
2535
2536 case Q_DST:
2537 return gen_bcmp(2, 6, eaddr);
2538
2539 case Q_AND:
2540 b0 = gen_ipfchostop(eaddr, Q_SRC);
2541 b1 = gen_ipfchostop(eaddr, Q_DST);
2542 gen_and(b0, b1);
2543 return b1;
2544
2545 case Q_DEFAULT:
2546 case Q_OR:
2547 b0 = gen_ipfchostop(eaddr, Q_SRC);
2548 b1 = gen_ipfchostop(eaddr, Q_DST);
2549 gen_or(b0, b1);
2550 return b1;
2551 }
2552 abort();
2553 /* NOTREACHED */
2554 }
2555
2556 /*
2557 * This is quite tricky because there may be pad bytes in front of the
2558 * DECNET header, and then there are two possible data packet formats that
2559 * carry both src and dst addresses, plus 5 packet types in a format that
2560 * carries only the src node, plus 2 types that use a different format and
2561 * also carry just the src node.
2562 *
2563 * Yuck.
2564 *
2565 * Instead of doing those all right, we just look for data packets with
2566 * 0 or 1 bytes of padding. If you want to look at other packets, that
2567 * will require a lot more hacking.
2568 *
2569 * To add support for filtering on DECNET "areas" (network numbers)
2570 * one would want to add a "mask" argument to this routine. That would
2571 * make the filter even more inefficient, although one could be clever
2572 * and not generate masking instructions if the mask is 0xFFFF.
2573 */
2574 static struct block *
2575 gen_dnhostop(addr, dir, base_off)
2576 bpf_u_int32 addr;
2577 int dir;
2578 u_int base_off;
2579 {
2580 struct block *b0, *b1, *b2, *tmp;
2581 u_int offset_lh; /* offset if long header is received */
2582 u_int offset_sh; /* offset if short header is received */
2583
2584 switch (dir) {
2585
2586 case Q_DST:
2587 offset_sh = 1; /* follows flags */
2588 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */
2589 break;
2590
2591 case Q_SRC:
2592 offset_sh = 3; /* follows flags, dstnode */
2593 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */
2594 break;
2595
2596 case Q_AND:
2597 /* Inefficient because we do our Calvinball dance twice */
2598 b0 = gen_dnhostop(addr, Q_SRC, base_off);
2599 b1 = gen_dnhostop(addr, Q_DST, base_off);
2600 gen_and(b0, b1);
2601 return b1;
2602
2603 case Q_OR:
2604 case Q_DEFAULT:
2605 /* Inefficient because we do our Calvinball dance twice */
2606 b0 = gen_dnhostop(addr, Q_SRC, base_off);
2607 b1 = gen_dnhostop(addr, Q_DST, base_off);
2608 gen_or(b0, b1);
2609 return b1;
2610
2611 case Q_ISO:
2612 bpf_error("ISO host filtering not implemented");
2613
2614 default:
2615 abort();
2616 }
2617 b0 = gen_linktype(ETHERTYPE_DN);
2618 /* Check for pad = 1, long header case */
2619 tmp = gen_mcmp(base_off + 2, BPF_H,
2620 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF));
2621 b1 = gen_cmp(base_off + 2 + 1 + offset_lh,
2622 BPF_H, (bpf_int32)ntohs(addr));
2623 gen_and(tmp, b1);
2624 /* Check for pad = 0, long header case */
2625 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7);
2626 b2 = gen_cmp(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr));
2627 gen_and(tmp, b2);
2628 gen_or(b2, b1);
2629 /* Check for pad = 1, short header case */
2630 tmp = gen_mcmp(base_off + 2, BPF_H,
2631 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF));
2632 b2 = gen_cmp(base_off + 2 + 1 + offset_sh,
2633 BPF_H, (bpf_int32)ntohs(addr));
2634 gen_and(tmp, b2);
2635 gen_or(b2, b1);
2636 /* Check for pad = 0, short header case */
2637 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7);
2638 b2 = gen_cmp(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr));
2639 gen_and(tmp, b2);
2640 gen_or(b2, b1);
2641
2642 /* Combine with test for linktype */
2643 gen_and(b0, b1);
2644 return b1;
2645 }
2646
2647 static struct block *
2648 gen_host(addr, mask, proto, dir)
2649 bpf_u_int32 addr;
2650 bpf_u_int32 mask;
2651 int proto;
2652 int dir;
2653 {
2654 struct block *b0, *b1;
2655
2656 switch (proto) {
2657
2658 case Q_DEFAULT:
2659 b0 = gen_host(addr, mask, Q_IP, dir);
2660 if (off_linktype != (u_int)-1) {
2661 b1 = gen_host(addr, mask, Q_ARP, dir);
2662 gen_or(b0, b1);
2663 b0 = gen_host(addr, mask, Q_RARP, dir);
2664 gen_or(b1, b0);
2665 }
2666 return b0;
2667
2668 case Q_IP:
2669 return gen_hostop(addr, mask, dir, ETHERTYPE_IP,
2670 off_nl + 12, off_nl + 16);
2671
2672 case Q_RARP:
2673 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP,
2674 off_nl + 14, off_nl + 24);
2675
2676 case Q_ARP:
2677 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP,
2678 off_nl + 14, off_nl + 24);
2679
2680 case Q_TCP:
2681 bpf_error("'tcp' modifier applied to host");
2682
2683 case Q_SCTP:
2684 bpf_error("'sctp' modifier applied to host");
2685
2686 case Q_UDP:
2687 bpf_error("'udp' modifier applied to host");
2688
2689 case Q_ICMP:
2690 bpf_error("'icmp' modifier applied to host");
2691
2692 case Q_IGMP:
2693 bpf_error("'igmp' modifier applied to host");
2694
2695 case Q_IGRP:
2696 bpf_error("'igrp' modifier applied to host");
2697
2698 case Q_PIM:
2699 bpf_error("'pim' modifier applied to host");
2700
2701 case Q_VRRP:
2702 bpf_error("'vrrp' modifier applied to host");
2703
2704 case Q_ATALK:
2705 bpf_error("ATALK host filtering not implemented");
2706
2707 case Q_AARP:
2708 bpf_error("AARP host filtering not implemented");
2709
2710 case Q_DECNET:
2711 return gen_dnhostop(addr, dir, off_nl);
2712
2713 case Q_SCA:
2714 bpf_error("SCA host filtering not implemented");
2715
2716 case Q_LAT:
2717 bpf_error("LAT host filtering not implemented");
2718
2719 case Q_MOPDL:
2720 bpf_error("MOPDL host filtering not implemented");
2721
2722 case Q_MOPRC:
2723 bpf_error("MOPRC host filtering not implemented");
2724
2725 #ifdef INET6
2726 case Q_IPV6:
2727 bpf_error("'ip6' modifier applied to ip host");
2728
2729 case Q_ICMPV6:
2730 bpf_error("'icmp6' modifier applied to host");
2731 #endif /* INET6 */
2732
2733 case Q_AH:
2734 bpf_error("'ah' modifier applied to host");
2735
2736 case Q_ESP:
2737 bpf_error("'esp' modifier applied to host");
2738
2739 case Q_ISO:
2740 bpf_error("ISO host filtering not implemented");
2741
2742 case Q_ESIS:
2743 bpf_error("'esis' modifier applied to host");
2744
2745 case Q_ISIS:
2746 bpf_error("'isis' modifier applied to host");
2747
2748 case Q_CLNP:
2749 bpf_error("'clnp' modifier applied to host");
2750
2751 case Q_STP:
2752 bpf_error("'stp' modifier applied to host");
2753
2754 case Q_IPX:
2755 bpf_error("IPX host filtering not implemented");
2756
2757 case Q_NETBEUI:
2758 bpf_error("'netbeui' modifier applied to host");
2759
2760 default:
2761 abort();
2762 }
2763 /* NOTREACHED */
2764 }
2765
2766 #ifdef INET6
2767 static struct block *
2768 gen_host6(addr, mask, proto, dir)
2769 struct in6_addr *addr;
2770 struct in6_addr *mask;
2771 int proto;
2772 int dir;
2773 {
2774 switch (proto) {
2775
2776 case Q_DEFAULT:
2777 return gen_host6(addr, mask, Q_IPV6, dir);
2778
2779 case Q_IP:
2780 bpf_error("'ip' modifier applied to ip6 host");
2781
2782 case Q_RARP:
2783 bpf_error("'rarp' modifier applied to ip6 host");
2784
2785 case Q_ARP:
2786 bpf_error("'arp' modifier applied to ip6 host");
2787
2788 case Q_SCTP:
2789 bpf_error("'sctp' modifier applied to host");
2790
2791 case Q_TCP:
2792 bpf_error("'tcp' modifier applied to host");
2793
2794 case Q_UDP:
2795 bpf_error("'udp' modifier applied to host");
2796
2797 case Q_ICMP:
2798 bpf_error("'icmp' modifier applied to host");
2799
2800 case Q_IGMP:
2801 bpf_error("'igmp' modifier applied to host");
2802
2803 case Q_IGRP:
2804 bpf_error("'igrp' modifier applied to host");
2805
2806 case Q_PIM:
2807 bpf_error("'pim' modifier applied to host");
2808
2809 case Q_VRRP:
2810 bpf_error("'vrrp' modifier applied to host");
2811
2812 case Q_ATALK:
2813 bpf_error("ATALK host filtering not implemented");
2814
2815 case Q_AARP:
2816 bpf_error("AARP host filtering not implemented");
2817
2818 case Q_DECNET:
2819 bpf_error("'decnet' modifier applied to ip6 host");
2820
2821 case Q_SCA:
2822 bpf_error("SCA host filtering not implemented");
2823
2824 case Q_LAT:
2825 bpf_error("LAT host filtering not implemented");
2826
2827 case Q_MOPDL:
2828 bpf_error("MOPDL host filtering not implemented");
2829
2830 case Q_MOPRC:
2831 bpf_error("MOPRC host filtering not implemented");
2832
2833 case Q_IPV6:
2834 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6,
2835 off_nl + 8, off_nl + 24);
2836
2837 case Q_ICMPV6:
2838 bpf_error("'icmp6' modifier applied to host");
2839
2840 case Q_AH:
2841 bpf_error("'ah' modifier applied to host");
2842
2843 case Q_ESP:
2844 bpf_error("'esp' modifier applied to host");
2845
2846 case Q_ISO:
2847 bpf_error("ISO host filtering not implemented");
2848
2849 case Q_ESIS:
2850 bpf_error("'esis' modifier applied to host");
2851
2852 case Q_ISIS:
2853 bpf_error("'isis' modifier applied to host");
2854
2855 case Q_CLNP:
2856 bpf_error("'clnp' modifier applied to host");
2857
2858 case Q_STP:
2859 bpf_error("'stp' modifier applied to host");
2860
2861 case Q_IPX:
2862 bpf_error("IPX host filtering not implemented");
2863
2864 case Q_NETBEUI:
2865 bpf_error("'netbeui' modifier applied to host");
2866
2867 default:
2868 abort();
2869 }
2870 /* NOTREACHED */
2871 }
2872 #endif /*INET6*/
2873
2874 #ifndef INET6
2875 static struct block *
2876 gen_gateway(eaddr, alist, proto, dir)
2877 const u_char *eaddr;
2878 bpf_u_int32 **alist;
2879 int proto;
2880 int dir;
2881 {
2882 struct block *b0, *b1, *tmp;
2883
2884 if (dir != 0)
2885 bpf_error("direction applied to 'gateway'");
2886
2887 switch (proto) {
2888 case Q_DEFAULT:
2889 case Q_IP:
2890 case Q_ARP:
2891 case Q_RARP:
2892 if (linktype == DLT_EN10MB)
2893 b0 = gen_ehostop(eaddr, Q_OR);
2894 else if (linktype == DLT_FDDI)
2895 b0 = gen_fhostop(eaddr, Q_OR);
2896 else if (linktype == DLT_IEEE802)
2897 b0 = gen_thostop(eaddr, Q_OR);
2898 else if (linktype == DLT_IEEE802_11)
2899 b0 = gen_wlanhostop(eaddr, Q_OR);
2900 else if (linktype == DLT_SUNATM && is_lane) {
2901 /*
2902 * Check that the packet doesn't begin with an
2903 * LE Control marker. (We've already generated
2904 * a test for LANE.)
2905 */
2906 b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
2907 gen_not(b1);
2908
2909 /*
2910 * Now check the MAC address.
2911 */
2912 b0 = gen_ehostop(eaddr, Q_OR);
2913 gen_and(b1, b0);
2914 } else if (linktype == DLT_IP_OVER_FC)
2915 b0 = gen_ipfchostop(eaddr, Q_OR);
2916 else
2917 bpf_error(
2918 "'gateway' supported only on ethernet/FDDI/token ring/802.11/Fibre Channel");
2919
2920 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR);
2921 while (*alist) {
2922 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR);
2923 gen_or(b1, tmp);
2924 b1 = tmp;
2925 }
2926 gen_not(b1);
2927 gen_and(b0, b1);
2928 return b1;
2929 }
2930 bpf_error("illegal modifier of 'gateway'");
2931 /* NOTREACHED */
2932 }
2933 #endif
2934
2935 struct block *
2936 gen_proto_abbrev(proto)
2937 int proto;
2938 {
2939 struct block *b0;
2940 struct block *b1;
2941
2942 switch (proto) {
2943
2944 case Q_SCTP:
2945 b1 = gen_proto(IPPROTO_SCTP, Q_IP, Q_DEFAULT);
2946 #ifdef INET6
2947 b0 = gen_proto(IPPROTO_SCTP, Q_IPV6, Q_DEFAULT);
2948 gen_or(b0, b1);
2949 #endif
2950 break;
2951
2952 case Q_TCP:
2953 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT);
2954 #ifdef INET6
2955 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT);
2956 gen_or(b0, b1);
2957 #endif
2958 break;
2959
2960 case Q_UDP:
2961 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT);
2962 #ifdef INET6
2963 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT);
2964 gen_or(b0, b1);
2965 #endif
2966 break;
2967
2968 case Q_ICMP:
2969 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT);
2970 break;
2971
2972 #ifndef IPPROTO_IGMP
2973 #define IPPROTO_IGMP 2
2974 #endif
2975
2976 case Q_IGMP:
2977 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT);
2978 break;
2979
2980 #ifndef IPPROTO_IGRP
2981 #define IPPROTO_IGRP 9
2982 #endif
2983 case Q_IGRP:
2984 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT);
2985 break;
2986
2987 #ifndef IPPROTO_PIM
2988 #define IPPROTO_PIM 103
2989 #endif
2990
2991 case Q_PIM:
2992 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT);
2993 #ifdef INET6
2994 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT);
2995 gen_or(b0, b1);
2996 #endif
2997 break;
2998
2999 #ifndef IPPROTO_VRRP
3000 #define IPPROTO_VRRP 112
3001 #endif
3002
3003 case Q_VRRP:
3004 b1 = gen_proto(IPPROTO_VRRP, Q_IP, Q_DEFAULT);
3005 break;
3006
3007 case Q_IP:
3008 b1 = gen_linktype(ETHERTYPE_IP);
3009 break;
3010
3011 case Q_ARP:
3012 b1 = gen_linktype(ETHERTYPE_ARP);
3013 break;
3014
3015 case Q_RARP:
3016 b1 = gen_linktype(ETHERTYPE_REVARP);
3017 break;
3018
3019 case Q_LINK:
3020 bpf_error("link layer applied in wrong context");
3021
3022 case Q_ATALK:
3023 b1 = gen_linktype(ETHERTYPE_ATALK);
3024 break;
3025
3026 case Q_AARP:
3027 b1 = gen_linktype(ETHERTYPE_AARP);
3028 break;
3029
3030 case Q_DECNET:
3031 b1 = gen_linktype(ETHERTYPE_DN);
3032 break;
3033
3034 case Q_SCA:
3035 b1 = gen_linktype(ETHERTYPE_SCA);
3036 break;
3037
3038 case Q_LAT:
3039 b1 = gen_linktype(ETHERTYPE_LAT);
3040 break;
3041
3042 case Q_MOPDL:
3043 b1 = gen_linktype(ETHERTYPE_MOPDL);
3044 break;
3045
3046 case Q_MOPRC:
3047 b1 = gen_linktype(ETHERTYPE_MOPRC);
3048 break;
3049
3050 #ifdef INET6
3051 case Q_IPV6:
3052 b1 = gen_linktype(ETHERTYPE_IPV6);
3053 break;
3054
3055 #ifndef IPPROTO_ICMPV6
3056 #define IPPROTO_ICMPV6 58
3057 #endif
3058 case Q_ICMPV6:
3059 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT);
3060 break;
3061 #endif /* INET6 */
3062
3063 #ifndef IPPROTO_AH
3064 #define IPPROTO_AH 51
3065 #endif
3066 case Q_AH:
3067 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT);
3068 #ifdef INET6
3069 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT);
3070 gen_or(b0, b1);
3071 #endif
3072 break;
3073
3074 #ifndef IPPROTO_ESP
3075 #define IPPROTO_ESP 50
3076 #endif
3077 case Q_ESP:
3078 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT);
3079 #ifdef INET6
3080 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT);
3081 gen_or(b0, b1);
3082 #endif
3083 break;
3084
3085 case Q_ISO:
3086 b1 = gen_linktype(LLCSAP_ISONS);
3087 break;
3088
3089 case Q_ESIS:
3090 b1 = gen_proto(ISO9542_ESIS, Q_ISO, Q_DEFAULT);
3091 break;
3092
3093 case Q_ISIS:
3094 b1 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT);
3095 break;
3096
3097 case Q_ISIS_L1: /* all IS-IS Level1 PDU-Types */
3098 b0 = gen_proto(ISIS_L1_LAN_IIH, Q_ISIS, Q_DEFAULT);
3099 b1 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT); /* FIXME extract the circuit-type bits */
3100 gen_or(b0, b1);
3101 b0 = gen_proto(ISIS_L1_LSP, Q_ISIS, Q_DEFAULT);
3102 gen_or(b0, b1);
3103 b0 = gen_proto(ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT);
3104 gen_or(b0, b1);
3105 b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT);
3106 gen_or(b0, b1);
3107 break;
3108
3109 case Q_ISIS_L2: /* all IS-IS Level2 PDU-Types */
3110 b0 = gen_proto(ISIS_L2_LAN_IIH, Q_ISIS, Q_DEFAULT);
3111 b1 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT); /* FIXME extract the circuit-type bits */
3112 gen_or(b0, b1);
3113 b0 = gen_proto(ISIS_L2_LSP, Q_ISIS, Q_DEFAULT);
3114 gen_or(b0, b1);
3115 b0 = gen_proto(ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT);
3116 gen_or(b0, b1);
3117 b0 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT);
3118 gen_or(b0, b1);
3119 break;
3120
3121 case Q_ISIS_IIH: /* all IS-IS Hello PDU-Types */
3122 b0 = gen_proto(ISIS_L1_LAN_IIH, Q_ISIS, Q_DEFAULT);
3123 b1 = gen_proto(ISIS_L2_LAN_IIH, Q_ISIS, Q_DEFAULT);
3124 gen_or(b0, b1);
3125 b0 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT);
3126 gen_or(b0, b1);
3127 break;
3128
3129 case Q_ISIS_LSP:
3130 b0 = gen_proto(ISIS_L1_LSP, Q_ISIS, Q_DEFAULT);
3131 b1 = gen_proto(ISIS_L2_LSP, Q_ISIS, Q_DEFAULT);
3132 gen_or(b0, b1);
3133 break;
3134
3135 case Q_ISIS_SNP:
3136 b0 = gen_proto(ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT);
3137 b1 = gen_proto(ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT);
3138 gen_or(b0, b1);
3139 b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT);
3140 gen_or(b0, b1);
3141 b0 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT);
3142 gen_or(b0, b1);
3143 break;
3144
3145 case Q_ISIS_CSNP:
3146 b0 = gen_proto(ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT);
3147 b1 = gen_proto(ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT);
3148 gen_or(b0, b1);
3149 break;
3150
3151 case Q_ISIS_PSNP:
3152 b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT);
3153 b1 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT);
3154 gen_or(b0, b1);
3155 break;
3156
3157 case Q_CLNP:
3158 b1 = gen_proto(ISO8473_CLNP, Q_ISO, Q_DEFAULT);
3159 break;
3160
3161 case Q_STP:
3162 b1 = gen_linktype(LLCSAP_8021D);
3163 break;
3164
3165 case Q_IPX:
3166 b1 = gen_linktype(LLCSAP_IPX);
3167 break;
3168
3169 case Q_NETBEUI:
3170 b1 = gen_linktype(LLCSAP_NETBEUI);
3171 break;
3172
3173 default:
3174 abort();
3175 }
3176 return b1;
3177 }
3178
3179 static struct block *
3180 gen_ipfrag()
3181 {
3182 struct slist *s;
3183 struct block *b;
3184
3185 /* not ip frag */
3186 s = new_stmt(BPF_LD|BPF_H|BPF_ABS);
3187 s->s.k = off_nl + 6;
3188 b = new_block(JMP(BPF_JSET));
3189 b->s.k = 0x1fff;
3190 b->stmts = s;
3191 gen_not(b);
3192
3193 return b;
3194 }
3195
3196 static struct block *
3197 gen_portatom(off, v)
3198 int off;
3199 bpf_int32 v;
3200 {
3201 struct slist *s;
3202 struct block *b;
3203
3204 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
3205 s->s.k = off_nl;
3206
3207 s->next = new_stmt(BPF_LD|BPF_IND|BPF_H);
3208 s->next->s.k = off_nl + off;
3209
3210 b = new_block(JMP(BPF_JEQ));
3211 b->stmts = s;
3212 b->s.k = v;
3213
3214 return b;
3215 }
3216
3217 #ifdef INET6
3218 static struct block *
3219 gen_portatom6(off, v)
3220 int off;
3221 bpf_int32 v;
3222 {
3223 return gen_cmp(off_nl + 40 + off, BPF_H, v);
3224 }
3225 #endif/*INET6*/
3226
3227 struct block *
3228 gen_portop(port, proto, dir)
3229 int port, proto, dir;
3230 {
3231 struct block *b0, *b1, *tmp;
3232
3233 /* ip proto 'proto' */
3234 tmp = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)proto);
3235 b0 = gen_ipfrag();
3236 gen_and(tmp, b0);
3237
3238 switch (dir) {
3239 case Q_SRC:
3240 b1 = gen_portatom(0, (bpf_int32)port);
3241 break;
3242
3243 case Q_DST:
3244 b1 = gen_portatom(2, (bpf_int32)port);
3245 break;
3246
3247 case Q_OR:
3248 case Q_DEFAULT:
3249 tmp = gen_portatom(0, (bpf_int32)port);
3250 b1 = gen_portatom(2, (bpf_int32)port);
3251 gen_or(tmp, b1);
3252 break;
3253
3254 case Q_AND:
3255 tmp = gen_portatom(0, (bpf_int32)port);
3256 b1 = gen_portatom(2, (bpf_int32)port);
3257 gen_and(tmp, b1);
3258 break;
3259
3260 default:
3261 abort();
3262 }
3263 gen_and(b0, b1);
3264
3265 return b1;
3266 }
3267
3268 static struct block *
3269 gen_port(port, ip_proto, dir)
3270 int port;
3271 int ip_proto;
3272 int dir;
3273 {
3274 struct block *b0, *b1, *tmp;
3275
3276 /*
3277 * ether proto ip
3278 *
3279 * For FDDI, RFC 1188 says that SNAP encapsulation is used,
3280 * not LLC encapsulation with LLCSAP_IP.
3281 *
3282 * For IEEE 802 networks - which includes 802.5 token ring
3283 * (which is what DLT_IEEE802 means) and 802.11 - RFC 1042
3284 * says that SNAP encapsulation is used, not LLC encapsulation
3285 * with LLCSAP_IP.
3286 *
3287 * For LLC-encapsulated ATM/"Classical IP", RFC 1483 and
3288 * RFC 2225 say that SNAP encapsulation is used, not LLC
3289 * encapsulation with LLCSAP_IP.
3290 *
3291 * So we always check for ETHERTYPE_IP.
3292 */
3293 b0 = gen_linktype(ETHERTYPE_IP);
3294
3295 switch (ip_proto) {
3296 case IPPROTO_UDP:
3297 case IPPROTO_TCP:
3298 case IPPROTO_SCTP:
3299 b1 = gen_portop(port, ip_proto, dir);
3300 break;
3301
3302 case PROTO_UNDEF:
3303 tmp = gen_portop(port, IPPROTO_TCP, dir);
3304 b1 = gen_portop(port, IPPROTO_UDP, dir);
3305 gen_or(tmp, b1);
3306 tmp = gen_portop(port, IPPROTO_SCTP, dir);
3307 gen_or(tmp, b1);
3308 break;
3309
3310 default:
3311 abort();
3312 }
3313 gen_and(b0, b1);
3314 return b1;
3315 }
3316
3317 #ifdef INET6
3318 struct block *
3319 gen_portop6(port, proto, dir)
3320 int port, proto, dir;
3321 {
3322 struct block *b0, *b1, *tmp;
3323
3324 /* ip6 proto 'proto' */
3325 b0 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)proto);
3326
3327 switch (dir) {
3328 case Q_SRC:
3329 b1 = gen_portatom6(0, (bpf_int32)port);
3330 break;
3331
3332 case Q_DST:
3333 b1 = gen_portatom6(2, (bpf_int32)port);
3334 break;
3335
3336 case Q_OR:
3337 case Q_DEFAULT:
3338 tmp = gen_portatom6(0, (bpf_int32)port);
3339 b1 = gen_portatom6(2, (bpf_int32)port);
3340 gen_or(tmp, b1);
3341 break;
3342
3343 case Q_AND:
3344 tmp = gen_portatom6(0, (bpf_int32)port);
3345 b1 = gen_portatom6(2, (bpf_int32)port);
3346 gen_and(tmp, b1);
3347 break;
3348
3349 default:
3350 abort();
3351 }
3352 gen_and(b0, b1);
3353
3354 return b1;
3355 }
3356
3357 static struct block *
3358 gen_port6(port, ip_proto, dir)
3359 int port;
3360 int ip_proto;
3361 int dir;
3362 {
3363 struct block *b0, *b1, *tmp;
3364
3365 /* link proto ip6 */
3366 b0 = gen_linktype(ETHERTYPE_IPV6);
3367
3368 switch (ip_proto) {
3369 case IPPROTO_UDP:
3370 case IPPROTO_TCP:
3371 case IPPROTO_SCTP:
3372 b1 = gen_portop6(port, ip_proto, dir);
3373 break;
3374
3375 case PROTO_UNDEF:
3376 tmp = gen_portop6(port, IPPROTO_TCP, dir);
3377 b1 = gen_portop6(port, IPPROTO_UDP, dir);
3378 gen_or(tmp, b1);
3379 tmp = gen_portop6(port, IPPROTO_SCTP, dir);
3380 gen_or(tmp, b1);
3381 break;
3382
3383 default:
3384 abort();
3385 }
3386 gen_and(b0, b1);
3387 return b1;
3388 }
3389 #endif /* INET6 */
3390
3391 /* gen_portrange code */
3392 struct block *
3393 gen_portrangeatom(off, v1, v2)
3394 int off;
3395 bpf_int32 v1, v2;
3396 {
3397 struct slist *s1, *s2;
3398 struct block *b1, *b2;
3399
3400 if (v1 > v2) {
3401 /*
3402 * Reverse the order of the ports, so v1 is the lower one.
3403 */
3404 bpf_int32 vtemp;
3405
3406 vtemp = v1;
3407 v1 = v2;
3408 v2 = vtemp;
3409 }
3410 s1 = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
3411 s1->s.k = off_nl;
3412
3413 s1->next = new_stmt(BPF_LD|BPF_IND|BPF_H);
3414 s1->next->s.k = off_nl + off;
3415
3416 b1 = new_block(JMP(BPF_JGE));
3417 b1->stmts = s1;
3418 b1->s.k = v1;
3419
3420 s2 = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
3421 s2->s.k = off_nl;
3422
3423 s2->next = new_stmt(BPF_LD|BPF_IND|BPF_H);
3424 s2->next->s.k = off_nl + off;
3425
3426 b2 = new_block(JMP(BPF_JGT));
3427 gen_not(b2);
3428 b2->stmts = s2;
3429 b2->s.k = v2;
3430
3431 gen_and(b1, b2);
3432
3433 return b2;
3434 }
3435
3436 struct block *
3437 gen_portrangeop(port1, port2, proto, dir)
3438 int port1, port2;
3439 int proto;
3440 int dir;
3441 {
3442 struct block *b0, *b1, *tmp;
3443
3444 /* ip proto 'proto' */
3445 tmp = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)proto);
3446 b0 = gen_ipfrag();
3447 gen_and(tmp, b0);
3448
3449 switch (dir) {
3450 case Q_SRC:
3451 b1 = gen_portrangeatom(0, (bpf_int32)port1, (bpf_int32)port2);
3452 break;
3453
3454 case Q_DST:
3455 b1 = gen_portrangeatom(2, (bpf_int32)port1, (bpf_int32)port2);
3456 break;
3457
3458 case Q_OR:
3459 case Q_DEFAULT:
3460 tmp = gen_portrangeatom(0, (bpf_int32)port1, (bpf_int32)port2);
3461 b1 = gen_portrangeatom(2, (bpf_int32)port1, (bpf_int32)port2);
3462 gen_or(tmp, b1);
3463 break;
3464
3465 case Q_AND:
3466 tmp = gen_portrangeatom(0, (bpf_int32)port1, (bpf_int32)port2);
3467 b1 = gen_portrangeatom(2, (bpf_int32)port1, (bpf_int32)port2);
3468 gen_and(tmp, b1);
3469 break;
3470
3471 default:
3472 abort();
3473 }
3474 gen_and(b0, b1);
3475
3476 return b1;
3477 }
3478
3479 static struct block *
3480 gen_portrange(port1, port2, ip_proto, dir)
3481 int port1, port2;
3482 int ip_proto;
3483 int dir;
3484 {
3485 struct block *b0, *b1, *tmp;
3486
3487 /* link proto ip */
3488 b0 = gen_linktype(ETHERTYPE_IP);
3489
3490 switch (ip_proto) {
3491 case IPPROTO_UDP:
3492 case IPPROTO_TCP:
3493 case IPPROTO_SCTP:
3494 b1 = gen_portrangeop(port1, port2, ip_proto, dir);
3495 break;
3496
3497 case PROTO_UNDEF:
3498 tmp = gen_portrangeop(port1, port2, IPPROTO_TCP, dir);
3499 b1 = gen_portrangeop(port1, port2, IPPROTO_UDP, dir);
3500 gen_or(tmp, b1);
3501 tmp = gen_portrangeop(port1, port2, IPPROTO_SCTP, dir);
3502 gen_or(tmp, b1);
3503 break;
3504
3505 default:
3506 abort();
3507 }
3508 gen_and(b0, b1);
3509 return b1;
3510 }
3511
3512 #ifdef INET6
3513 struct block *
3514 gen_portrangeatom6(off, v1, v2)
3515 int off;
3516 bpf_int32 v1, v2;
3517 {
3518 struct slist *s1, *s2;
3519 struct block *b1, *b2;
3520
3521 if (v1 > v2) {
3522 /*
3523 * Reverse the order of the ports, so v1 is the lower one.
3524 */
3525 bpf_int32 vtemp;
3526
3527 vtemp = v1;
3528 v1 = v2;
3529 v2 = vtemp;
3530 }
3531
3532 s1 = new_stmt(BPF_LD|BPF_ABS|BPF_H);
3533 s1->s.k = off_nl + 40 + off;
3534
3535 b1 = new_block(JMP(BPF_JGE));
3536 b1->stmts = s1;
3537 b1->s.k = v1;
3538
3539 s2 = new_stmt(BPF_LD|BPF_ABS|BPF_H);
3540 s2->s.k = off_nl + 40 + off;
3541
3542 b2 = new_block(JMP(BPF_JGT));
3543 gen_not(b2);
3544 b2->stmts = s2;
3545 b2->s.k = v2;
3546
3547 gen_and(b1, b2);
3548
3549 return b2;
3550 }
3551
3552 struct block *
3553 gen_portrangeop6(port1, port2, proto, dir)
3554 int port1, port2;
3555 int proto;
3556 int dir;
3557 {
3558 struct block *b0, *b1, *tmp;
3559
3560 /* ip6 proto 'proto' */
3561 b0 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)proto);
3562
3563 switch (dir) {
3564 case Q_SRC:
3565 b1 = gen_portrangeatom6(0, (bpf_int32)port1, (bpf_int32)port2);
3566 break;
3567
3568 case Q_DST:
3569 b1 = gen_portrangeatom6(2, (bpf_int32)port1, (bpf_int32)port2);
3570 break;
3571
3572 case Q_OR:
3573 case Q_DEFAULT:
3574 tmp = gen_portrangeatom6(0, (bpf_int32)port1, (bpf_int32)port2);
3575 b1 = gen_portrangeatom6(2, (bpf_int32)port1, (bpf_int32)port2);
3576 gen_or(tmp, b1);
3577 break;
3578
3579 case Q_AND:
3580 tmp = gen_portrangeatom6(0, (bpf_int32)port1, (bpf_int32)port2);
3581 b1 = gen_portrangeatom6(2, (bpf_int32)port1, (bpf_int32)port2);
3582 gen_and(tmp, b1);
3583 break;
3584
3585 default:
3586 abort();
3587 }
3588 gen_and(b0, b1);
3589
3590 return b1;
3591 }
3592
3593 static struct block *
3594 gen_portrange6(port1, port2, ip_proto, dir)
3595 int port1, port2;
3596 int ip_proto;
3597 int dir;
3598 {
3599 struct block *b0, *b1, *tmp;
3600
3601 /* link proto ip6 */
3602 b0 = gen_linktype(ETHERTYPE_IPV6);
3603
3604 switch (ip_proto) {
3605 case IPPROTO_UDP:
3606 case IPPROTO_TCP:
3607 case IPPROTO_SCTP:
3608 b1 = gen_portrangeop6(port1, port2, ip_proto, dir);
3609 break;
3610
3611 case PROTO_UNDEF:
3612 tmp = gen_portrangeop6(port1, port2, IPPROTO_TCP, dir);
3613 b1 = gen_portrangeop6(port1, port2, IPPROTO_UDP, dir);
3614 gen_or(tmp, b1);
3615 tmp = gen_portrangeop6(port1, port2, IPPROTO_SCTP, dir);
3616 gen_or(tmp, b1);
3617 break;
3618
3619 default:
3620 abort();
3621 }
3622 gen_and(b0, b1);
3623 return b1;
3624 }
3625 #endif /* INET6 */
3626
3627 static int
3628 lookup_proto(name, proto)
3629 register const char *name;
3630 register int proto;
3631 {
3632 register int v;
3633
3634 switch (proto) {
3635
3636 case Q_DEFAULT:
3637 case Q_IP:
3638 case Q_IPV6:
3639 v = pcap_nametoproto(name);
3640 if (v == PROTO_UNDEF)
3641 bpf_error("unknown ip proto '%s'", name);
3642 break;
3643
3644 case Q_LINK:
3645 /* XXX should look up h/w protocol type based on linktype */
3646 v = pcap_nametoeproto(name);
3647 if (v == PROTO_UNDEF) {
3648 v = pcap_nametollc(name);
3649 if (v == PROTO_UNDEF)
3650 bpf_error("unknown ether proto '%s'", name);
3651 }
3652 break;
3653
3654 case Q_ISO:
3655 if (strcmp(name, "esis") == 0)
3656 v = ISO9542_ESIS;
3657 else if (strcmp(name, "isis") == 0)
3658 v = ISO10589_ISIS;
3659 else if (strcmp(name, "clnp") == 0)
3660 v = ISO8473_CLNP;
3661 else
3662 bpf_error("unknown osi proto '%s'", name);
3663 break;
3664
3665 default:
3666 v = PROTO_UNDEF;
3667 break;
3668 }
3669 return v;
3670 }
3671
3672 #if 0
3673 struct stmt *
3674 gen_joinsp(s, n)
3675 struct stmt **s;
3676 int n;
3677 {
3678 return NULL;
3679 }
3680 #endif
3681
3682 static struct block *
3683 gen_protochain(v, proto, dir)
3684 int v;
3685 int proto;
3686 int dir;
3687 {
3688 #ifdef NO_PROTOCHAIN
3689 return gen_proto(v, proto, dir);
3690 #else
3691 struct block *b0, *b;
3692 struct slist *s[100];
3693 int fix2, fix3, fix4, fix5;
3694 int ahcheck, again, end;
3695 int i, max;
3696 int reg2 = alloc_reg();
3697
3698 memset(s, 0, sizeof(s));
3699 fix2 = fix3 = fix4 = fix5 = 0;
3700
3701 switch (proto) {
3702 case Q_IP:
3703 case Q_IPV6:
3704 break;
3705 case Q_DEFAULT:
3706 b0 = gen_protochain(v, Q_IP, dir);
3707 b = gen_protochain(v, Q_IPV6, dir);
3708 gen_or(b0, b);
3709 return b;
3710 default:
3711 bpf_error("bad protocol applied for 'protochain'");
3712 /*NOTREACHED*/
3713 }
3714
3715 no_optimize = 1; /*this code is not compatible with optimzer yet */
3716
3717 /*
3718 * s[0] is a dummy entry to protect other BPF insn from damage
3719 * by s[fix] = foo with uninitialized variable "fix". It is somewhat
3720 * hard to find interdependency made by jump table fixup.
3721 */
3722 i = 0;
3723 s[i] = new_stmt(0); /*dummy*/
3724 i++;
3725
3726 switch (proto) {
3727 case Q_IP:
3728 b0 = gen_linktype(ETHERTYPE_IP);
3729
3730 /* A = ip->ip_p */
3731 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
3732 s[i]->s.k = off_nl + 9;
3733 i++;
3734 /* X = ip->ip_hl << 2 */
3735 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
3736 s[i]->s.k = off_nl;
3737 i++;
3738 break;
3739 #ifdef INET6
3740 case Q_IPV6:
3741 b0 = gen_linktype(ETHERTYPE_IPV6);
3742
3743 /* A = ip6->ip_nxt */
3744 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
3745 s[i]->s.k = off_nl + 6;
3746 i++;
3747 /* X = sizeof(struct ip6_hdr) */
3748 s[i] = new_stmt(BPF_LDX|BPF_IMM);
3749 s[i]->s.k = 40;
3750 i++;
3751 break;
3752 #endif
3753 default:
3754 bpf_error("unsupported proto to gen_protochain");
3755 /*NOTREACHED*/
3756 }
3757
3758 /* again: if (A == v) goto end; else fall through; */
3759 again = i;
3760 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3761 s[i]->s.k = v;
3762 s[i]->s.jt = NULL; /*later*/
3763 s[i]->s.jf = NULL; /*update in next stmt*/
3764 fix5 = i;
3765 i++;
3766
3767 #ifndef IPPROTO_NONE
3768 #define IPPROTO_NONE 59
3769 #endif
3770 /* if (A == IPPROTO_NONE) goto end */
3771 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3772 s[i]->s.jt = NULL; /*later*/
3773 s[i]->s.jf = NULL; /*update in next stmt*/
3774 s[i]->s.k = IPPROTO_NONE;
3775 s[fix5]->s.jf = s[i];
3776 fix2 = i;
3777 i++;
3778
3779 #ifdef INET6
3780 if (proto == Q_IPV6) {
3781 int v6start, v6end, v6advance, j;
3782
3783 v6start = i;
3784 /* if (A == IPPROTO_HOPOPTS) goto v6advance */
3785 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3786 s[i]->s.jt = NULL; /*later*/
3787 s[i]->s.jf = NULL; /*update in next stmt*/
3788 s[i]->s.k = IPPROTO_HOPOPTS;
3789 s[fix2]->s.jf = s[i];
3790 i++;
3791 /* if (A == IPPROTO_DSTOPTS) goto v6advance */
3792 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3793 s[i]->s.jt = NULL; /*later*/
3794 s[i]->s.jf = NULL; /*update in next stmt*/
3795 s[i]->s.k = IPPROTO_DSTOPTS;
3796 i++;
3797 /* if (A == IPPROTO_ROUTING) goto v6advance */
3798 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3799 s[i]->s.jt = NULL; /*later*/
3800 s[i]->s.jf = NULL; /*update in next stmt*/
3801 s[i]->s.k = IPPROTO_ROUTING;
3802 i++;
3803 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */
3804 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3805 s[i]->s.jt = NULL; /*later*/
3806 s[i]->s.jf = NULL; /*later*/
3807 s[i]->s.k = IPPROTO_FRAGMENT;
3808 fix3 = i;
3809 v6end = i;
3810 i++;
3811
3812 /* v6advance: */
3813 v6advance = i;
3814
3815 /*
3816 * in short,
3817 * A = P[X];
3818 * X = X + (P[X + 1] + 1) * 8;
3819 */
3820 /* A = X */
3821 s[i] = new_stmt(BPF_MISC|BPF_TXA);
3822 i++;
3823 /* A = P[X + packet head] */
3824 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
3825 s[i]->s.k = off_nl;
3826 i++;
3827 /* MEM[reg2] = A */
3828 s[i] = new_stmt(BPF_ST);
3829 s[i]->s.k = reg2;
3830 i++;
3831 /* A = X */
3832 s[i] = new_stmt(BPF_MISC|BPF_TXA);
3833 i++;
3834 /* A += 1 */
3835 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3836 s[i]->s.k = 1;
3837 i++;
3838 /* X = A */
3839 s[i] = new_stmt(BPF_MISC|BPF_TAX);
3840 i++;
3841 /* A = P[X + packet head]; */
3842 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
3843 s[i]->s.k = off_nl;
3844 i++;
3845 /* A += 1 */
3846 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3847 s[i]->s.k = 1;
3848 i++;
3849 /* A *= 8 */
3850 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
3851 s[i]->s.k = 8;
3852 i++;
3853 /* X = A; */
3854 s[i] = new_stmt(BPF_MISC|BPF_TAX);
3855 i++;
3856 /* A = MEM[reg2] */
3857 s[i] = new_stmt(BPF_LD|BPF_MEM);
3858 s[i]->s.k = reg2;
3859 i++;
3860
3861 /* goto again; (must use BPF_JA for backward jump) */
3862 s[i] = new_stmt(BPF_JMP|BPF_JA);
3863 s[i]->s.k = again - i - 1;
3864 s[i - 1]->s.jf = s[i];
3865 i++;
3866
3867 /* fixup */
3868 for (j = v6start; j <= v6end; j++)
3869 s[j]->s.jt = s[v6advance];
3870 } else
3871 #endif
3872 {
3873 /* nop */
3874 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3875 s[i]->s.k = 0;
3876 s[fix2]->s.jf = s[i];
3877 i++;
3878 }
3879
3880 /* ahcheck: */
3881 ahcheck = i;
3882 /* if (A == IPPROTO_AH) then fall through; else goto end; */
3883 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3884 s[i]->s.jt = NULL; /*later*/
3885 s[i]->s.jf = NULL; /*later*/
3886 s[i]->s.k = IPPROTO_AH;
3887 if (fix3)
3888 s[fix3]->s.jf = s[ahcheck];
3889 fix4 = i;
3890 i++;
3891
3892 /*
3893 * in short,
3894 * A = P[X];
3895 * X = X + (P[X + 1] + 2) * 4;
3896 */
3897 /* A = X */
3898 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
3899 i++;
3900 /* A = P[X + packet head]; */
3901 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
3902 s[i]->s.k = off_nl;
3903 i++;
3904 /* MEM[reg2] = A */
3905 s[i] = new_stmt(BPF_ST);
3906 s[i]->s.k = reg2;
3907 i++;
3908 /* A = X */
3909 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
3910 i++;
3911 /* A += 1 */
3912 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3913 s[i]->s.k = 1;
3914 i++;
3915 /* X = A */
3916 s[i] = new_stmt(BPF_MISC|BPF_TAX);
3917 i++;
3918 /* A = P[X + packet head] */
3919 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
3920 s[i]->s.k = off_nl;
3921 i++;
3922 /* A += 2 */
3923 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3924 s[i]->s.k = 2;
3925 i++;
3926 /* A *= 4 */
3927 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
3928 s[i]->s.k = 4;
3929 i++;
3930 /* X = A; */
3931 s[i] = new_stmt(BPF_MISC|BPF_TAX);
3932 i++;
3933 /* A = MEM[reg2] */
3934 s[i] = new_stmt(BPF_LD|BPF_MEM);
3935 s[i]->s.k = reg2;
3936 i++;
3937
3938 /* goto again; (must use BPF_JA for backward jump) */
3939 s[i] = new_stmt(BPF_JMP|BPF_JA);
3940 s[i]->s.k = again - i - 1;
3941 i++;
3942
3943 /* end: nop */
3944 end = i;
3945 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3946 s[i]->s.k = 0;
3947 s[fix2]->s.jt = s[end];
3948 s[fix4]->s.jf = s[end];
3949 s[fix5]->s.jt = s[end];
3950 i++;
3951
3952 /*
3953 * make slist chain
3954 */
3955 max = i;
3956 for (i = 0; i < max - 1; i++)
3957 s[i]->next = s[i + 1];
3958 s[max - 1]->next = NULL;
3959
3960 /*
3961 * emit final check
3962 */
3963 b = new_block(JMP(BPF_JEQ));
3964 b->stmts = s[1]; /*remember, s[0] is dummy*/
3965 b->s.k = v;
3966
3967 free_reg(reg2);
3968
3969 gen_and(b0, b);
3970 return b;
3971 #endif
3972 }
3973
3974 /*
3975 * Generate code that checks whether the packet is a packet for protocol
3976 * <proto> and whether the type field in that protocol's header has
3977 * the value <v>, e.g. if <proto> is Q_IP, it checks whether it's an
3978 * IP packet and checks the protocol number in the IP header against <v>.
3979 *
3980 * If <proto> is Q_DEFAULT, i.e. just "proto" was specified, it checks
3981 * against Q_IP and Q_IPV6.
3982 */
3983 static struct block *
3984 gen_proto(v, proto, dir)
3985 int v;
3986 int proto;
3987 int dir;
3988 {
3989 struct block *b0, *b1;
3990
3991 if (dir != Q_DEFAULT)
3992 bpf_error("direction applied to 'proto'");
3993
3994 switch (proto) {
3995 case Q_DEFAULT:
3996 #ifdef INET6
3997 b0 = gen_proto(v, Q_IP, dir);
3998 b1 = gen_proto(v, Q_IPV6, dir);
3999 gen_or(b0, b1);
4000 return b1;
4001 #else
4002 /*FALLTHROUGH*/
4003 #endif
4004 case Q_IP:
4005 /*
4006 * For FDDI, RFC 1188 says that SNAP encapsulation is used,
4007 * not LLC encapsulation with LLCSAP_IP.
4008 *
4009 * For IEEE 802 networks - which includes 802.5 token ring
4010 * (which is what DLT_IEEE802 means) and 802.11 - RFC 1042
4011 * says that SNAP encapsulation is used, not LLC encapsulation
4012 * with LLCSAP_IP.
4013 *
4014 * For LLC-encapsulated ATM/"Classical IP", RFC 1483 and
4015 * RFC 2225 say that SNAP encapsulation is used, not LLC
4016 * encapsulation with LLCSAP_IP.
4017 *
4018 * So we always check for ETHERTYPE_IP.
4019 */
4020 b0 = gen_linktype(ETHERTYPE_IP);
4021 #ifndef CHASE_CHAIN
4022 b1 = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)v);
4023 #else
4024 b1 = gen_protochain(v, Q_IP);
4025 #endif
4026 gen_and(b0, b1);
4027 return b1;
4028
4029 case Q_ISO:
4030 switch (linktype) {
4031
4032 case DLT_FRELAY:
4033 /*
4034 * Frame Relay packets typically have an OSI
4035 * NLPID at the beginning; "gen_linktype(LLCSAP_ISONS)"
4036 * generates code to check for all the OSI
4037 * NLPIDs, so calling it and then adding a check
4038 * for the particular NLPID for which we're
4039 * looking is bogus, as we can just check for
4040 * the NLPID.
4041 *
4042 * What we check for is the NLPID and a frame
4043 * control field value of UI, i.e. 0x03 followed
4044 * by the NLPID.
4045 *
4046 * XXX - assumes a 2-byte Frame Relay header with
4047 * DLCI and flags. What if the address is longer?
4048 *
4049 * XXX - what about SNAP-encapsulated frames?
4050 */
4051 return gen_cmp(2, BPF_H, (0x03<<8) | v);
4052 /*NOTREACHED*/
4053 break;
4054
4055 case DLT_C_HDLC:
4056 /*
4057 * Cisco uses an Ethertype lookalike - for OSI,
4058 * it's 0xfefe.
4059 */
4060 b0 = gen_linktype(LLCSAP_ISONS<<8 | LLCSAP_ISONS);
4061 /* OSI in C-HDLC is stuffed with a fudge byte */
4062 b1 = gen_cmp(off_nl_nosnap+1, BPF_B, (long)v);
4063 gen_and(b0, b1);
4064 return b1;
4065
4066 default:
4067 b0 = gen_linktype(LLCSAP_ISONS);
4068 b1 = gen_cmp(off_nl_nosnap, BPF_B, (long)v);
4069 gen_and(b0, b1);
4070 return b1;
4071 }
4072
4073 case Q_ISIS:
4074 b0 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT);
4075 /*
4076 * 4 is the offset of the PDU type relative to the IS-IS
4077 * header.
4078 */
4079 b1 = gen_cmp(off_nl_nosnap+4, BPF_B, (long)v);
4080 gen_and(b0, b1);
4081 return b1;
4082
4083 case Q_ARP:
4084 bpf_error("arp does not encapsulate another protocol");
4085 /* NOTREACHED */
4086
4087 case Q_RARP:
4088 bpf_error("rarp does not encapsulate another protocol");
4089 /* NOTREACHED */
4090
4091 case Q_ATALK:
4092 bpf_error("atalk encapsulation is not specifiable");
4093 /* NOTREACHED */
4094
4095 case Q_DECNET:
4096 bpf_error("decnet encapsulation is not specifiable");
4097 /* NOTREACHED */
4098
4099 case Q_SCA:
4100 bpf_error("sca does not encapsulate another protocol");
4101 /* NOTREACHED */
4102
4103 case Q_LAT:
4104 bpf_error("lat does not encapsulate another protocol");
4105 /* NOTREACHED */
4106
4107 case Q_MOPRC:
4108 bpf_error("moprc does not encapsulate another protocol");
4109 /* NOTREACHED */
4110
4111 case Q_MOPDL:
4112 bpf_error("mopdl does not encapsulate another protocol");
4113 /* NOTREACHED */
4114
4115 case Q_LINK:
4116 return gen_linktype(v);
4117
4118 case Q_UDP:
4119 bpf_error("'udp proto' is bogus");
4120 /* NOTREACHED */
4121
4122 case Q_TCP:
4123 bpf_error("'tcp proto' is bogus");
4124 /* NOTREACHED */
4125
4126 case Q_SCTP:
4127 bpf_error("'sctp proto' is bogus");
4128 /* NOTREACHED */
4129
4130 case Q_ICMP:
4131 bpf_error("'icmp proto' is bogus");
4132 /* NOTREACHED */
4133
4134 case Q_IGMP:
4135 bpf_error("'igmp proto' is bogus");
4136 /* NOTREACHED */
4137
4138 case Q_IGRP:
4139 bpf_error("'igrp proto' is bogus");
4140 /* NOTREACHED */
4141
4142 case Q_PIM:
4143 bpf_error("'pim proto' is bogus");
4144 /* NOTREACHED */
4145
4146 case Q_VRRP:
4147 bpf_error("'vrrp proto' is bogus");
4148 /* NOTREACHED */
4149
4150 #ifdef INET6
4151 case Q_IPV6:
4152 b0 = gen_linktype(ETHERTYPE_IPV6);
4153 #ifndef CHASE_CHAIN
4154 b1 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)v);
4155 #else
4156 b1 = gen_protochain(v, Q_IPV6);
4157 #endif
4158 gen_and(b0, b1);
4159 return b1;
4160
4161 case Q_ICMPV6:
4162 bpf_error("'icmp6 proto' is bogus");
4163 #endif /* INET6 */
4164
4165 case Q_AH:
4166 bpf_error("'ah proto' is bogus");
4167
4168 case Q_ESP:
4169 bpf_error("'ah proto' is bogus");
4170
4171 case Q_STP:
4172 bpf_error("'stp proto' is bogus");
4173
4174 case Q_IPX:
4175 bpf_error("'ipx proto' is bogus");
4176
4177 case Q_NETBEUI:
4178 bpf_error("'netbeui proto' is bogus");
4179
4180 default:
4181 abort();
4182 /* NOTREACHED */
4183 }
4184 /* NOTREACHED */
4185 }
4186
4187 struct block *
4188 gen_scode(name, q)
4189 register const char *name;
4190 struct qual q;
4191 {
4192 int proto = q.proto;
4193 int dir = q.dir;
4194 int tproto;
4195 u_char *eaddr;
4196 bpf_u_int32 mask, addr;
4197 #ifndef INET6
4198 bpf_u_int32 **alist;
4199 #else
4200 int tproto6;
4201 struct sockaddr_in *sin;
4202 struct sockaddr_in6 *sin6;
4203 struct addrinfo *res, *res0;
4204 struct in6_addr mask128;
4205 #endif /*INET6*/
4206 struct block *b, *tmp;
4207 int port, real_proto;
4208 int port1, port2;
4209
4210 switch (q.addr) {
4211
4212 case Q_NET:
4213 addr = pcap_nametonetaddr(name);
4214 if (addr == 0)
4215 bpf_error("unknown network '%s'", name);
4216 /* Left justify network addr and calculate its network mask */
4217 mask = 0xffffffff;
4218 while (addr && (addr & 0xff000000) == 0) {
4219 addr <<= 8;
4220 mask <<= 8;
4221 }
4222 return gen_host(addr, mask, proto, dir);
4223
4224 case Q_DEFAULT:
4225 case Q_HOST:
4226 if (proto == Q_LINK) {
4227 switch (linktype) {
4228
4229 case DLT_EN10MB:
4230 eaddr = pcap_ether_hostton(name);
4231 if (eaddr == NULL)
4232 bpf_error(
4233 "unknown ether host '%s'", name);
4234 b = gen_ehostop(eaddr, dir);
4235 free(eaddr);
4236 return b;
4237
4238 case DLT_FDDI:
4239 eaddr = pcap_ether_hostton(name);
4240 if (eaddr == NULL)
4241 bpf_error(
4242 "unknown FDDI host '%s'", name);
4243 b = gen_fhostop(eaddr, dir);
4244 free(eaddr);
4245 return b;
4246
4247 case DLT_IEEE802:
4248 eaddr = pcap_ether_hostton(name);
4249 if (eaddr == NULL)
4250 bpf_error(
4251 "unknown token ring host '%s'", name);
4252 b = gen_thostop(eaddr, dir);
4253 free(eaddr);
4254 return b;
4255
4256 case DLT_IEEE802_11:
4257 eaddr = pcap_ether_hostton(name);
4258 if (eaddr == NULL)
4259 bpf_error(
4260 "unknown 802.11 host '%s'", name);
4261 b = gen_wlanhostop(eaddr, dir);
4262 free(eaddr);
4263 return b;
4264
4265 case DLT_IP_OVER_FC:
4266 eaddr = pcap_ether_hostton(name);
4267 if (eaddr == NULL)
4268 bpf_error(
4269 "unknown Fibre Channel host '%s'", name);
4270 b = gen_ipfchostop(eaddr, dir);
4271 free(eaddr);
4272 return b;
4273
4274 case DLT_SUNATM:
4275 if (!is_lane)
4276 break;
4277
4278 /*
4279 * Check that the packet doesn't begin
4280 * with an LE Control marker. (We've
4281 * already generated a test for LANE.)
4282 */
4283 tmp = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H,
4284 0xFF00);
4285 gen_not(tmp);
4286
4287 eaddr = pcap_ether_hostton(name);
4288 if (eaddr == NULL)
4289 bpf_error(
4290 "unknown ether host '%s'", name);
4291 b = gen_ehostop(eaddr, dir);
4292 gen_and(tmp, b);
4293 free(eaddr);
4294 return b;
4295 }
4296
4297 bpf_error("only ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel supports link-level host name");
4298 } else if (proto == Q_DECNET) {
4299 unsigned short dn_addr = __pcap_nametodnaddr(name);
4300 /*
4301 * I don't think DECNET hosts can be multihomed, so
4302 * there is no need to build up a list of addresses
4303 */
4304 return (gen_host(dn_addr, 0, proto, dir));
4305 } else {
4306 #ifndef INET6
4307 alist = pcap_nametoaddr(name);
4308 if (alist == NULL || *alist == NULL)
4309 bpf_error("unknown host '%s'", name);
4310 tproto = proto;
4311 if (off_linktype == (u_int)-1 && tproto == Q_DEFAULT)
4312 tproto = Q_IP;
4313 b = gen_host(**alist++, 0xffffffff, tproto, dir);
4314 while (*alist) {
4315 tmp = gen_host(**alist++, 0xffffffff,
4316 tproto, dir);
4317 gen_or(b, tmp);
4318 b = tmp;
4319 }
4320 return b;
4321 #else
4322 memset(&mask128, 0xff, sizeof(mask128));
4323 res0 = res = pcap_nametoaddrinfo(name);
4324 if (res == NULL)
4325 bpf_error("unknown host '%s'", name);
4326 b = tmp = NULL;
4327 tproto = tproto6 = proto;
4328 if (off_linktype == -1 && tproto == Q_DEFAULT) {
4329 tproto = Q_IP;
4330 tproto6 = Q_IPV6;
4331 }
4332 for (res = res0; res; res = res->ai_next) {
4333 switch (res->ai_family) {
4334 case AF_INET:
4335 if (tproto == Q_IPV6)
4336 continue;
4337
4338 sin = (struct sockaddr_in *)
4339 res->ai_addr;
4340 tmp = gen_host(ntohl(sin->sin_addr.s_addr),
4341 0xffffffff, tproto, dir);
4342 break;
4343 case AF_INET6:
4344 if (tproto6 == Q_IP)
4345 continue;
4346
4347 sin6 = (struct sockaddr_in6 *)
4348 res->ai_addr;
4349 tmp = gen_host6(&sin6->sin6_addr,
4350 &mask128, tproto6, dir);
4351 break;
4352 default:
4353 continue;
4354 }
4355 if (b)
4356 gen_or(b, tmp);
4357 b = tmp;
4358 }
4359 freeaddrinfo(res0);
4360 if (b == NULL) {
4361 bpf_error("unknown host '%s'%s", name,
4362 (proto == Q_DEFAULT)
4363 ? ""
4364 : " for specified address family");
4365 }
4366 return b;
4367 #endif /*INET6*/
4368 }
4369
4370 case Q_PORT:
4371 if (proto != Q_DEFAULT &&
4372 proto != Q_UDP && proto != Q_TCP && proto != Q_SCTP)
4373 bpf_error("illegal qualifier of 'port'");
4374 if (pcap_nametoport(name, &port, &real_proto) == 0)
4375 bpf_error("unknown port '%s'", name);
4376 if (proto == Q_UDP) {
4377 if (real_proto == IPPROTO_TCP)
4378 bpf_error("port '%s' is tcp", name);
4379 else if (real_proto == IPPROTO_SCTP)
4380 bpf_error("port '%s' is sctp", name);
4381 else
4382 /* override PROTO_UNDEF */
4383 real_proto = IPPROTO_UDP;
4384 }
4385 if (proto == Q_TCP) {
4386 if (real_proto == IPPROTO_UDP)
4387 bpf_error("port '%s' is udp", name);
4388
4389 else if (real_proto == IPPROTO_SCTP)
4390 bpf_error("port '%s' is sctp", name);
4391 else
4392 /* override PROTO_UNDEF */
4393 real_proto = IPPROTO_TCP;
4394 }
4395 if (proto == Q_SCTP) {
4396 if (real_proto == IPPROTO_UDP)
4397 bpf_error("port '%s' is udp", name);
4398
4399 else if (real_proto == IPPROTO_TCP)
4400 bpf_error("port '%s' is tcp", name);
4401 else
4402 /* override PROTO_UNDEF */
4403 real_proto = IPPROTO_SCTP;
4404 }
4405 #ifndef INET6
4406 return gen_port(port, real_proto, dir);
4407 #else
4408 {
4409 struct block *b;
4410 b = gen_port(port, real_proto, dir);
4411 gen_or(gen_port6(port, real_proto, dir), b);
4412 return b;
4413 }
4414 #endif /* INET6 */
4415
4416 case Q_PORTRANGE:
4417 if (proto != Q_DEFAULT &&
4418 proto != Q_UDP && proto != Q_TCP && proto != Q_SCTP)
4419 bpf_error("illegal qualifier of 'portrange'");
4420 if (pcap_nametoportrange(name, &port1, &port2, &real_proto) == 0)
4421 bpf_error("unknown port in range '%s'", name);
4422 if (proto == Q_UDP) {
4423 if (real_proto == IPPROTO_TCP)
4424 bpf_error("port in range '%s' is tcp", name);
4425 else if (real_proto == IPPROTO_SCTP)
4426 bpf_error("port in range '%s' is sctp", name);
4427 else
4428 /* override PROTO_UNDEF */
4429 real_proto = IPPROTO_UDP;
4430 }
4431 if (proto == Q_TCP) {
4432 if (real_proto == IPPROTO_UDP)
4433 bpf_error("port in range '%s' is udp", name);
4434 else if (real_proto == IPPROTO_SCTP)
4435 bpf_error("port in range '%s' is sctp", name);
4436 else
4437 /* override PROTO_UNDEF */
4438 real_proto = IPPROTO_TCP;
4439 }
4440 if (proto == Q_SCTP) {
4441 if (real_proto == IPPROTO_UDP)
4442 bpf_error("port in range '%s' is udp", name);
4443 else if (real_proto == IPPROTO_TCP)
4444 bpf_error("port in range '%s' is tcp", name);
4445 else
4446 /* override PROTO_UNDEF */
4447 real_proto = IPPROTO_SCTP;
4448 }
4449 #ifndef INET6
4450 return gen_portrange(port1, port2, real_proto, dir);
4451 #else
4452 {
4453 struct block *b;
4454 b = gen_portrange(port1, port2, real_proto, dir);
4455 gen_or(gen_portrange6(port1, port2, real_proto, dir), b);
4456 return b;
4457 }
4458 #endif /* INET6 */
4459
4460 case Q_GATEWAY:
4461 #ifndef INET6
4462 eaddr = pcap_ether_hostton(name);
4463 if (eaddr == NULL)
4464 bpf_error("unknown ether host: %s", name);
4465
4466 alist = pcap_nametoaddr(name);
4467 if (alist == NULL || *alist == NULL)
4468 bpf_error("unknown host '%s'", name);
4469 b = gen_gateway(eaddr, alist, proto, dir);
4470 free(eaddr);
4471 return b;
4472 #else
4473 bpf_error("'gateway' not supported in this configuration");
4474 #endif /*INET6*/
4475
4476 case Q_PROTO:
4477 real_proto = lookup_proto(name, proto);
4478 if (real_proto >= 0)
4479 return gen_proto(real_proto, proto, dir);
4480 else
4481 bpf_error("unknown protocol: %s", name);
4482
4483 case Q_PROTOCHAIN:
4484 real_proto = lookup_proto(name, proto);
4485 if (real_proto >= 0)
4486 return gen_protochain(real_proto, proto, dir);
4487 else
4488 bpf_error("unknown protocol: %s", name);
4489
4490
4491 case Q_UNDEF:
4492 syntax();
4493 /* NOTREACHED */
4494 }
4495 abort();
4496 /* NOTREACHED */
4497 }
4498
4499 struct block *
4500 gen_mcode(s1, s2, masklen, q)
4501 register const char *s1, *s2;
4502 register int masklen;
4503 struct qual q;
4504 {
4505 register int nlen, mlen;
4506 bpf_u_int32 n, m;
4507
4508 nlen = __pcap_atoin(s1, &n);
4509 /* Promote short ipaddr */
4510 n <<= 32 - nlen;
4511
4512 if (s2 != NULL) {
4513 mlen = __pcap_atoin(s2, &m);
4514 /* Promote short ipaddr */
4515 m <<= 32 - mlen;
4516 if ((n & ~m) != 0)
4517 bpf_error("non-network bits set in \"%s mask %s\"",
4518 s1, s2);
4519 } else {
4520 /* Convert mask len to mask */
4521 if (masklen > 32)
4522 bpf_error("mask length must be <= 32");
4523 m = 0xffffffff << (32 - masklen);
4524 if ((n & ~m) != 0)
4525 bpf_error("non-network bits set in \"%s/%d\"",
4526 s1, masklen);
4527 }
4528
4529 switch (q.addr) {
4530
4531 case Q_NET:
4532 return gen_host(n, m, q.proto, q.dir);
4533
4534 default:
4535 bpf_error("Mask syntax for networks only");
4536 /* NOTREACHED */
4537 }
4538 /* NOTREACHED */
4539 }
4540
4541 struct block *
4542 gen_ncode(s, v, q)
4543 register const char *s;
4544 bpf_u_int32 v;
4545 struct qual q;
4546 {
4547 bpf_u_int32 mask;
4548 int proto = q.proto;
4549 int dir = q.dir;
4550 register int vlen;
4551
4552 if (s == NULL)
4553 vlen = 32;
4554 else if (q.proto == Q_DECNET)
4555 vlen = __pcap_atodn(s, &v);
4556 else
4557 vlen = __pcap_atoin(s, &v);
4558
4559 switch (q.addr) {
4560
4561 case Q_DEFAULT:
4562 case Q_HOST:
4563 case Q_NET:
4564 if (proto == Q_DECNET)
4565 return gen_host(v, 0, proto, dir);
4566 else if (proto == Q_LINK) {
4567 bpf_error("illegal link layer address");
4568 } else {
4569 mask = 0xffffffff;
4570 if (s == NULL && q.addr == Q_NET) {
4571 /* Promote short net number */
4572 while (v && (v & 0xff000000) == 0) {
4573 v <<= 8;
4574 mask <<= 8;
4575 }
4576 } else {
4577 /* Promote short ipaddr */
4578 v <<= 32 - vlen;
4579 mask <<= 32 - vlen;
4580 }
4581 return gen_host(v, mask, proto, dir);
4582 }
4583
4584 case Q_PORT:
4585 if (proto == Q_UDP)
4586 proto = IPPROTO_UDP;
4587 else if (proto == Q_TCP)
4588 proto = IPPROTO_TCP;
4589 else if (proto == Q_SCTP)
4590 proto = IPPROTO_SCTP;
4591 else if (proto == Q_DEFAULT)
4592 proto = PROTO_UNDEF;
4593 else
4594 bpf_error("illegal qualifier of 'port'");
4595
4596 #ifndef INET6
4597 return gen_port((int)v, proto, dir);
4598 #else
4599 {
4600 struct block *b;
4601 b = gen_port((int)v, proto, dir);
4602 gen_or(gen_port6((int)v, proto, dir), b);
4603 return b;
4604 }
4605 #endif /* INET6 */
4606
4607 case Q_PORTRANGE:
4608 if (proto == Q_UDP)
4609 proto = IPPROTO_UDP;
4610 else if (proto == Q_TCP)
4611 proto = IPPROTO_TCP;
4612 else if (proto == Q_SCTP)
4613 proto = IPPROTO_SCTP;
4614 else if (proto == Q_DEFAULT)
4615 proto = PROTO_UNDEF;
4616 else
4617 bpf_error("illegal qualifier of 'portrange'");
4618
4619 #ifndef INET6
4620 return gen_portrange((int)v, (int)v, proto, dir);
4621 #else
4622 {
4623 struct block *b;
4624 b = gen_portrange((int)v, (int)v, proto, dir);
4625 gen_or(gen_portrange6((int)v, (int)v, proto, dir), b);
4626 return b;
4627 }
4628 #endif /* INET6 */
4629
4630 case Q_GATEWAY:
4631 bpf_error("'gateway' requires a name");
4632 /* NOTREACHED */
4633
4634 case Q_PROTO:
4635 return gen_proto((int)v, proto, dir);
4636
4637 case Q_PROTOCHAIN:
4638 return gen_protochain((int)v, proto, dir);
4639
4640 case Q_UNDEF:
4641 syntax();
4642 /* NOTREACHED */
4643
4644 default:
4645 abort();
4646 /* NOTREACHED */
4647 }
4648 /* NOTREACHED */
4649 }
4650
4651 #ifdef INET6
4652 struct block *
4653 gen_mcode6(s1, s2, masklen, q)
4654 register const char *s1, *s2;
4655 register int masklen;
4656 struct qual q;
4657 {
4658 struct addrinfo *res;
4659 struct in6_addr *addr;
4660 struct in6_addr mask;
4661 struct block *b;
4662 u_int32_t *a, *m;
4663
4664 if (s2)
4665 bpf_error("no mask %s supported", s2);
4666
4667 res = pcap_nametoaddrinfo(s1);
4668 if (!res)
4669 bpf_error("invalid ip6 address %s", s1);
4670 if (res->ai_next)
4671 bpf_error("%s resolved to multiple address", s1);
4672 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr;
4673
4674 if (sizeof(mask) * 8 < masklen)
4675 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8));
4676 memset(&mask, 0, sizeof(mask));
4677 memset(&mask, 0xff, masklen / 8);
4678 if (masklen % 8) {
4679 mask.s6_addr[masklen / 8] =
4680 (0xff << (8 - masklen % 8)) & 0xff;
4681 }
4682
4683 a = (u_int32_t *)addr;
4684 m = (u_int32_t *)&mask;
4685 if ((a[0] & ~m[0]) || (a[1] & ~m[1])
4686 || (a[2] & ~m[2]) || (a[3] & ~m[3])) {
4687 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen);
4688 }
4689
4690 switch (q.addr) {
4691
4692 case Q_DEFAULT:
4693 case Q_HOST:
4694 if (masklen != 128)
4695 bpf_error("Mask syntax for networks only");
4696 /* FALLTHROUGH */
4697
4698 case Q_NET:
4699 b = gen_host6(addr, &mask, q.proto, q.dir);
4700 freeaddrinfo(res);
4701 return b;
4702
4703 default:
4704 bpf_error("invalid qualifier against IPv6 address");
4705 /* NOTREACHED */
4706 }
4707 }
4708 #endif /*INET6*/
4709
4710 struct block *
4711 gen_ecode(eaddr, q)
4712 register const u_char *eaddr;
4713 struct qual q;
4714 {
4715 struct block *b, *tmp;
4716
4717 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
4718 if (linktype == DLT_EN10MB)
4719 return gen_ehostop(eaddr, (int)q.dir);
4720 if (linktype == DLT_FDDI)
4721 return gen_fhostop(eaddr, (int)q.dir);
4722 if (linktype == DLT_IEEE802)
4723 return gen_thostop(eaddr, (int)q.dir);
4724 if (linktype == DLT_IEEE802_11)
4725 return gen_wlanhostop(eaddr, (int)q.dir);
4726 if (linktype == DLT_SUNATM && is_lane) {
4727 /*
4728 * Check that the packet doesn't begin with an
4729 * LE Control marker. (We've already generated
4730 * a test for LANE.)
4731 */
4732 tmp = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
4733 gen_not(tmp);
4734
4735 /*
4736 * Now check the MAC address.
4737 */
4738 b = gen_ehostop(eaddr, (int)q.dir);
4739 gen_and(tmp, b);
4740 return b;
4741 }
4742 if (linktype == DLT_IP_OVER_FC)
4743 return gen_ipfchostop(eaddr, (int)q.dir);
4744 bpf_error("ethernet addresses supported only on ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel");
4745 }
4746 bpf_error("ethernet address used in non-ether expression");
4747 /* NOTREACHED */
4748 }
4749
4750 void
4751 sappend(s0, s1)
4752 struct slist *s0, *s1;
4753 {
4754 /*
4755 * This is definitely not the best way to do this, but the
4756 * lists will rarely get long.
4757 */
4758 while (s0->next)
4759 s0 = s0->next;
4760 s0->next = s1;
4761 }
4762
4763 static struct slist *
4764 xfer_to_x(a)
4765 struct arth *a;
4766 {
4767 struct slist *s;
4768
4769 s = new_stmt(BPF_LDX|BPF_MEM);
4770 s->s.k = a->regno;
4771 return s;
4772 }
4773
4774 static struct slist *
4775 xfer_to_a(a)
4776 struct arth *a;
4777 {
4778 struct slist *s;
4779
4780 s = new_stmt(BPF_LD|BPF_MEM);
4781 s->s.k = a->regno;
4782 return s;
4783 }
4784
4785 struct arth *
4786 gen_load(proto, index, size)
4787 int proto;
4788 struct arth *index;
4789 int size;
4790 {
4791 struct slist *s, *tmp;
4792 struct block *b;
4793 int regno = alloc_reg();
4794
4795 free_reg(index->regno);
4796 switch (size) {
4797
4798 default:
4799 bpf_error("data size must be 1, 2, or 4");
4800
4801 case 1:
4802 size = BPF_B;
4803 break;
4804
4805 case 2:
4806 size = BPF_H;
4807 break;
4808
4809 case 4:
4810 size = BPF_W;
4811 break;
4812 }
4813 switch (proto) {
4814 default:
4815 bpf_error("unsupported index operation");
4816
4817 case Q_LINK:
4818 /*
4819 * XXX - what about ATM LANE? Should the index be
4820 * relative to the beginning of the AAL5 frame, so
4821 * that 0 refers to the beginning of the LE Control
4822 * field, or relative to the beginning of the LAN
4823 * frame, so that 0 refers, for Ethernet LANE, to
4824 * the beginning of the destination address?
4825 */
4826 s = xfer_to_x(index);
4827 tmp = new_stmt(BPF_LD|BPF_IND|size);
4828 sappend(s, tmp);
4829 sappend(index->s, s);
4830 break;
4831
4832 case Q_IP:
4833 case Q_ARP:
4834 case Q_RARP:
4835 case Q_ATALK:
4836 case Q_DECNET:
4837 case Q_SCA:
4838 case Q_LAT:
4839 case Q_MOPRC:
4840 case Q_MOPDL:
4841 #ifdef INET6
4842 case Q_IPV6:
4843 #endif
4844 /* XXX Note that we assume a fixed link header here. */
4845 s = xfer_to_x(index);
4846 tmp = new_stmt(BPF_LD|BPF_IND|size);
4847 tmp->s.k = off_nl;
4848 sappend(s, tmp);
4849 sappend(index->s, s);
4850
4851 b = gen_proto_abbrev(proto);
4852 if (index->b)
4853 gen_and(index->b, b);
4854 index->b = b;
4855 break;
4856
4857 case Q_SCTP:
4858 case Q_TCP:
4859 case Q_UDP:
4860 case Q_ICMP:
4861 case Q_IGMP:
4862 case Q_IGRP:
4863 case Q_PIM:
4864 case Q_VRRP:
4865 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
4866 s->s.k = off_nl;
4867 sappend(s, xfer_to_a(index));
4868 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X));
4869 sappend(s, new_stmt(BPF_MISC|BPF_TAX));
4870 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size));
4871 tmp->s.k = off_nl;
4872 sappend(index->s, s);
4873
4874 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag());
4875 if (index->b)
4876 gen_and(index->b, b);
4877 #ifdef INET6
4878 gen_and(gen_proto_abbrev(Q_IP), b);
4879 #endif
4880 index->b = b;
4881 break;
4882 #ifdef INET6
4883 case Q_ICMPV6:
4884 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]");
4885 /*NOTREACHED*/
4886 #endif
4887 }
4888 index->regno = regno;
4889 s = new_stmt(BPF_ST);
4890 s->s.k = regno;
4891 sappend(index->s, s);
4892
4893 return index;
4894 }
4895
4896 struct block *
4897 gen_relation(code, a0, a1, reversed)
4898 int code;
4899 struct arth *a0, *a1;
4900 int reversed;
4901 {
4902 struct slist *s0, *s1, *s2;
4903 struct block *b, *tmp;
4904
4905 s0 = xfer_to_x(a1);
4906 s1 = xfer_to_a(a0);
4907 if (code == BPF_JEQ) {
4908 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X);
4909 b = new_block(JMP(code));
4910 sappend(s1, s2);
4911 }
4912 else
4913 b = new_block(BPF_JMP|code|BPF_X);
4914 if (reversed)
4915 gen_not(b);
4916
4917 sappend(s0, s1);
4918 sappend(a1->s, s0);
4919 sappend(a0->s, a1->s);
4920
4921 b->stmts = a0->s;
4922
4923 free_reg(a0->regno);
4924 free_reg(a1->regno);
4925
4926 /* 'and' together protocol checks */
4927 if (a0->b) {
4928 if (a1->b) {
4929 gen_and(a0->b, tmp = a1->b);
4930 }
4931 else
4932 tmp = a0->b;
4933 } else
4934 tmp = a1->b;
4935
4936 if (tmp)
4937 gen_and(tmp, b);
4938
4939 return b;
4940 }
4941
4942 struct arth *
4943 gen_loadlen()
4944 {
4945 int regno = alloc_reg();
4946 struct arth *a = (struct arth *)newchunk(sizeof(*a));
4947 struct slist *s;
4948
4949 s = new_stmt(BPF_LD|BPF_LEN);
4950 s->next = new_stmt(BPF_ST);
4951 s->next->s.k = regno;
4952 a->s = s;
4953 a->regno = regno;
4954
4955 return a;
4956 }
4957
4958 struct arth *
4959 gen_loadi(val)
4960 int val;
4961 {
4962 struct arth *a;
4963 struct slist *s;
4964 int reg;
4965
4966 a = (struct arth *)newchunk(sizeof(*a));
4967
4968 reg = alloc_reg();
4969
4970 s = new_stmt(BPF_LD|BPF_IMM);
4971 s->s.k = val;
4972 s->next = new_stmt(BPF_ST);
4973 s->next->s.k = reg;
4974 a->s = s;
4975 a->regno = reg;
4976
4977 return a;
4978 }
4979
4980 struct arth *
4981 gen_neg(a)
4982 struct arth *a;
4983 {
4984 struct slist *s;
4985
4986 s = xfer_to_a(a);
4987 sappend(a->s, s);
4988 s = new_stmt(BPF_ALU|BPF_NEG);
4989 s->s.k = 0;
4990 sappend(a->s, s);
4991 s = new_stmt(BPF_ST);
4992 s->s.k = a->regno;
4993 sappend(a->s, s);
4994
4995 return a;
4996 }
4997
4998 struct arth *
4999 gen_arth(code, a0, a1)
5000 int code;
5001 struct arth *a0, *a1;
5002 {
5003 struct slist *s0, *s1, *s2;
5004
5005 s0 = xfer_to_x(a1);
5006 s1 = xfer_to_a(a0);
5007 s2 = new_stmt(BPF_ALU|BPF_X|code);
5008
5009 sappend(s1, s2);
5010 sappend(s0, s1);
5011 sappend(a1->s, s0);
5012 sappend(a0->s, a1->s);
5013
5014 free_reg(a0->regno);
5015 free_reg(a1->regno);
5016
5017 s0 = new_stmt(BPF_ST);
5018 a0->regno = s0->s.k = alloc_reg();
5019 sappend(a0->s, s0);
5020
5021 return a0;
5022 }
5023
5024 /*
5025 * Here we handle simple allocation of the scratch registers.
5026 * If too many registers are alloc'd, the allocator punts.
5027 */
5028 static int regused[BPF_MEMWORDS];
5029 static int curreg;
5030
5031 /*
5032 * Return the next free register.
5033 */
5034 static int
5035 alloc_reg()
5036 {
5037 int n = BPF_MEMWORDS;
5038
5039 while (--n >= 0) {
5040 if (regused[curreg])
5041 curreg = (curreg + 1) % BPF_MEMWORDS;
5042 else {
5043 regused[curreg] = 1;
5044 return curreg;
5045 }
5046 }
5047 bpf_error("too many registers needed to evaluate expression");
5048 /* NOTREACHED */
5049 }
5050
5051 /*
5052 * Return a register to the table so it can
5053 * be used later.
5054 */
5055 static void
5056 free_reg(n)
5057 int n;
5058 {
5059 regused[n] = 0;
5060 }
5061
5062 static struct block *
5063 gen_len(jmp, n)
5064 int jmp, n;
5065 {
5066 struct slist *s;
5067 struct block *b;
5068
5069 s = new_stmt(BPF_LD|BPF_LEN);
5070 b = new_block(JMP(jmp));
5071 b->stmts = s;
5072 b->s.k = n;
5073
5074 return b;
5075 }
5076
5077 struct block *
5078 gen_greater(n)
5079 int n;
5080 {
5081 return gen_len(BPF_JGE, n);
5082 }
5083
5084 /*
5085 * Actually, this is less than or equal.
5086 */
5087 struct block *
5088 gen_less(n)
5089 int n;
5090 {
5091 struct block *b;
5092
5093 b = gen_len(BPF_JGT, n);
5094 gen_not(b);
5095
5096 return b;
5097 }
5098
5099 struct block *
5100 gen_byteop(op, idx, val)
5101 int op, idx, val;
5102 {
5103 struct block *b;
5104 struct slist *s;
5105
5106 switch (op) {
5107 default:
5108 abort();
5109
5110 case '=':
5111 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
5112
5113 case '<':
5114 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
5115 b->s.code = JMP(BPF_JGE);
5116 gen_not(b);
5117 return b;
5118
5119 case '>':
5120 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
5121 b->s.code = JMP(BPF_JGT);
5122 return b;
5123
5124 case '|':
5125 s = new_stmt(BPF_ALU|BPF_OR|BPF_K);
5126 break;
5127
5128 case '&':
5129 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
5130 break;
5131 }
5132 s->s.k = val;
5133 b = new_block(JMP(BPF_JEQ));
5134 b->stmts = s;
5135 gen_not(b);
5136
5137 return b;
5138 }
5139
5140 static u_char abroadcast[] = { 0x0 };
5141
5142 struct block *
5143 gen_broadcast(proto)
5144 int proto;
5145 {
5146 bpf_u_int32 hostmask;
5147 struct block *b0, *b1, *b2;
5148 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
5149
5150 switch (proto) {
5151
5152 case Q_DEFAULT:
5153 case Q_LINK:
5154 if (linktype == DLT_ARCNET || linktype == DLT_ARCNET_LINUX)
5155 return gen_ahostop(abroadcast, Q_DST);
5156 if (linktype == DLT_EN10MB)
5157 return gen_ehostop(ebroadcast, Q_DST);
5158 if (linktype == DLT_FDDI)
5159 return gen_fhostop(ebroadcast, Q_DST);
5160 if (linktype == DLT_IEEE802)
5161 return gen_thostop(ebroadcast, Q_DST);
5162 if (linktype == DLT_IEEE802_11)
5163 return gen_wlanhostop(ebroadcast, Q_DST);
5164 if (linktype == DLT_IP_OVER_FC)
5165 return gen_ipfchostop(ebroadcast, Q_DST);
5166 if (linktype == DLT_SUNATM && is_lane) {
5167 /*
5168 * Check that the packet doesn't begin with an
5169 * LE Control marker. (We've already generated
5170 * a test for LANE.)
5171 */
5172 b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
5173 gen_not(b1);
5174
5175 /*
5176 * Now check the MAC address.
5177 */
5178 b0 = gen_ehostop(ebroadcast, Q_DST);
5179 gen_and(b1, b0);
5180 return b0;
5181 }
5182 bpf_error("not a broadcast link");
5183 break;
5184
5185 case Q_IP:
5186 b0 = gen_linktype(ETHERTYPE_IP);
5187 hostmask = ~netmask;
5188 b1 = gen_mcmp(off_nl + 16, BPF_W, (bpf_int32)0, hostmask);
5189 b2 = gen_mcmp(off_nl + 16, BPF_W,
5190 (bpf_int32)(~0 & hostmask), hostmask);
5191 gen_or(b1, b2);
5192 gen_and(b0, b2);
5193 return b2;
5194 }
5195 bpf_error("only link-layer/IP broadcast filters supported");
5196 /* NOTREACHED */
5197 }
5198
5199 /*
5200 * Generate code to test the low-order bit of a MAC address (that's
5201 * the bottom bit of the *first* byte).
5202 */
5203 static struct block *
5204 gen_mac_multicast(offset)
5205 int offset;
5206 {
5207 register struct block *b0;
5208 register struct slist *s;
5209
5210 /* link[offset] & 1 != 0 */
5211 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
5212 s->s.k = offset;
5213 b0 = new_block(JMP(BPF_JSET));
5214 b0->s.k = 1;
5215 b0->stmts = s;
5216 return b0;
5217 }
5218
5219 struct block *
5220 gen_multicast(proto)
5221 int proto;
5222 {
5223 register struct block *b0, *b1, *b2;
5224 register struct slist *s;
5225
5226 switch (proto) {
5227
5228 case Q_DEFAULT:
5229 case Q_LINK:
5230 if (linktype == DLT_ARCNET || linktype == DLT_ARCNET_LINUX)
5231 /* all ARCnet multicasts use the same address */
5232 return gen_ahostop(abroadcast, Q_DST);
5233
5234 if (linktype == DLT_EN10MB) {
5235 /* ether[0] & 1 != 0 */
5236 return gen_mac_multicast(0);
5237 }
5238
5239 if (linktype == DLT_FDDI) {
5240 /*
5241 * XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX
5242 *
5243 * XXX - was that referring to bit-order issues?
5244 */
5245 /* fddi[1] & 1 != 0 */
5246 return gen_mac_multicast(1);
5247 }
5248
5249 if (linktype == DLT_IEEE802) {
5250 /* tr[2] & 1 != 0 */
5251 return gen_mac_multicast(2);
5252 }
5253
5254 if (linktype == DLT_IEEE802_11) {
5255 /*
5256 * Oh, yuk.
5257 *
5258 * For control frames, there is no DA.
5259 *
5260 * For management frames, DA is at an
5261 * offset of 4 from the beginning of
5262 * the packet.
5263 *
5264 * For data frames, DA is at an offset
5265 * of 4 from the beginning of the packet
5266 * if To DS is clear and at an offset of
5267 * 16 from the beginning of the packet
5268 * if To DS is set.
5269 */
5270
5271 /*
5272 * Generate the tests to be done for data frames.
5273 *
5274 * First, check for To DS set, i.e. "link[1] & 0x01".
5275 */
5276 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
5277 s->s.k = 1;
5278 b1 = new_block(JMP(BPF_JSET));
5279 b1->s.k = 0x01; /* To DS */
5280 b1->stmts = s;
5281
5282 /*
5283 * If To DS is set, the DA is at 16.
5284 */
5285 b0 = gen_mac_multicast(16);
5286 gen_and(b1, b0);
5287
5288 /*
5289 * Now, check for To DS not set, i.e. check
5290 * "!(link[1] & 0x01)".
5291 */
5292 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
5293 s->s.k = 1;
5294 b2 = new_block(JMP(BPF_JSET));
5295 b2->s.k = 0x01; /* To DS */
5296 b2->stmts = s;
5297 gen_not(b2);
5298
5299 /*
5300 * If To DS is not set, the DA is at 4.
5301 */
5302 b1 = gen_mac_multicast(4);
5303 gen_and(b2, b1);
5304
5305 /*
5306 * Now OR together the last two checks. That gives
5307 * the complete set of checks for data frames.
5308 */
5309 gen_or(b1, b0);
5310
5311 /*
5312 * Now check for a data frame.
5313 * I.e, check "link[0] & 0x08".
5314 */
5315 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
5316 s->s.k = 0;
5317 b1 = new_block(JMP(BPF_JSET));
5318 b1->s.k = 0x08;
5319 b1->stmts = s;
5320
5321 /*
5322 * AND that with the checks done for data frames.
5323 */
5324 gen_and(b1, b0);
5325
5326 /*
5327 * If the high-order bit of the type value is 0, this
5328 * is a management frame.
5329 * I.e, check "!(link[0] & 0x08)".
5330 */
5331 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
5332 s->s.k = 0;
5333 b2 = new_block(JMP(BPF_JSET));
5334 b2->s.k = 0x08;
5335 b2->stmts = s;
5336 gen_not(b2);
5337
5338 /*
5339 * For management frames, the DA is at 4.
5340 */
5341 b1 = gen_mac_multicast(4);
5342 gen_and(b2, b1);
5343
5344 /*
5345 * OR that with the checks done for data frames.
5346 * That gives the checks done for management and
5347 * data frames.
5348 */
5349 gen_or(b1, b0);
5350
5351 /*
5352 * If the low-order bit of the type value is 1,
5353 * this is either a control frame or a frame
5354 * with a reserved type, and thus not a
5355 * frame with an SA.
5356 *
5357 * I.e., check "!(link[0] & 0x04)".
5358 */
5359 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
5360 s->s.k = 0;
5361 b1 = new_block(JMP(BPF_JSET));
5362 b1->s.k = 0x04;
5363 b1->stmts = s;
5364 gen_not(b1);
5365
5366 /*
5367 * AND that with the checks for data and management
5368 * frames.
5369 */
5370 gen_and(b1, b0);
5371 return b0;
5372 }
5373
5374 if (linktype == DLT_IP_OVER_FC) {
5375 b0 = gen_mac_multicast(2);
5376 return b0;
5377 }
5378
5379 if (linktype == DLT_SUNATM && is_lane) {
5380 /*
5381 * Check that the packet doesn't begin with an
5382 * LE Control marker. (We've already generated
5383 * a test for LANE.)
5384 */
5385 b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
5386 gen_not(b1);
5387
5388 /* ether[off_mac] & 1 != 0 */
5389 b0 = gen_mac_multicast(off_mac);
5390 gen_and(b1, b0);
5391 return b0;
5392 }
5393
5394 /* Link not known to support multicasts */
5395 break;
5396
5397 case Q_IP:
5398 b0 = gen_linktype(ETHERTYPE_IP);
5399 b1 = gen_cmp(off_nl + 16, BPF_B, (bpf_int32)224);
5400 b1->s.code = JMP(BPF_JGE);
5401 gen_and(b0, b1);
5402 return b1;
5403
5404 #ifdef INET6
5405 case Q_IPV6:
5406 b0 = gen_linktype(ETHERTYPE_IPV6);
5407 b1 = gen_cmp(off_nl + 24, BPF_B, (bpf_int32)255);
5408 gen_and(b0, b1);
5409 return b1;
5410 #endif /* INET6 */
5411 }
5412 bpf_error("link-layer multicast filters supported only on ethernet/FDDI/token ring/ARCNET/802.11/ATM LANE/Fibre Channel");
5413 /* NOTREACHED */
5414 }
5415
5416 /*
5417 * generate command for inbound/outbound. It's here so we can
5418 * make it link-type specific. 'dir' = 0 implies "inbound",
5419 * = 1 implies "outbound".
5420 */
5421 struct block *
5422 gen_inbound(dir)
5423 int dir;
5424 {
5425 register struct block *b0;
5426
5427 /*
5428 * Only some data link types support inbound/outbound qualifiers.
5429 */
5430 switch (linktype) {
5431 case DLT_SLIP:
5432 b0 = gen_relation(BPF_JEQ,
5433 gen_load(Q_LINK, gen_loadi(0), 1),
5434 gen_loadi(0),
5435 dir);
5436 break;
5437
5438 case DLT_LINUX_SLL:
5439 if (dir) {
5440 /*
5441 * Match packets sent by this machine.
5442 */
5443 b0 = gen_cmp(0, BPF_H, LINUX_SLL_OUTGOING);
5444 } else {
5445 /*
5446 * Match packets sent to this machine.
5447 * (No broadcast or multicast packets, or
5448 * packets sent to some other machine and
5449 * received promiscuously.)
5450 *
5451 * XXX - packets sent to other machines probably
5452 * shouldn't be matched, but what about broadcast
5453 * or multicast packets we received?
5454 */
5455 b0 = gen_cmp(0, BPF_H, LINUX_SLL_HOST);
5456 }
5457 break;
5458
5459 case DLT_PFLOG:
5460 b0 = gen_cmp(offsetof(struct pfloghdr, dir), BPF_B,
5461 (bpf_int32)((dir == 0) ? PF_IN : PF_OUT));
5462 break;
5463
5464 case DLT_PPP_PPPD:
5465 if (dir) {
5466 /* match outgoing packets */
5467 b0 = gen_cmp(0, BPF_B, PPP_PPPD_OUT);
5468 } else {
5469 /* match incoming packets */
5470 b0 = gen_cmp(0, BPF_B, PPP_PPPD_IN);
5471 }
5472 break;
5473
5474 case DLT_JUNIPER_MLFR:
5475 case DLT_JUNIPER_MLPPP:
5476 case DLT_JUNIPER_ATM1:
5477 case DLT_JUNIPER_ATM2:
5478 /* juniper flags (including direction) are stored
5479 * the byte after the 3-byte magic number */
5480 if (dir) {
5481 /* match outgoing packets */
5482 b0 = gen_mcmp(3, BPF_B, 0, 0x01);
5483 } else {
5484 /* match incoming packets */
5485 b0 = gen_mcmp(3, BPF_B, 1, 0x01);
5486 }
5487 break;
5488
5489 default:
5490 bpf_error("inbound/outbound not supported on linktype %d",
5491 linktype);
5492 b0 = NULL;
5493 /* NOTREACHED */
5494 }
5495 return (b0);
5496 }
5497
5498 /* PF firewall log matched interface */
5499 struct block *
5500 gen_pf_ifname(const char *ifname)
5501 {
5502 struct block *b0;
5503 u_int len, off;
5504
5505 if (linktype == DLT_PFLOG) {
5506 len = sizeof(((struct pfloghdr *)0)->ifname);
5507 off = offsetof(struct pfloghdr, ifname);
5508 } else {
5509 bpf_error("ifname not supported on linktype 0x%x", linktype);
5510 /* NOTREACHED */
5511 }
5512 if (strlen(ifname) >= len) {
5513 bpf_error("ifname interface names can only be %d characters",
5514 len-1);
5515 /* NOTREACHED */
5516 }
5517 b0 = gen_bcmp(off, strlen(ifname), (const u_char *)ifname);
5518 return (b0);
5519 }
5520
5521 /* PF firewall log matched interface */
5522 struct block *
5523 gen_pf_ruleset(char *ruleset)
5524 {
5525 struct block *b0;
5526
5527 if (linktype != DLT_PFLOG) {
5528 bpf_error("ruleset not supported on linktype 0x%x", linktype);
5529 /* NOTREACHED */
5530 }
5531 if (strlen(ruleset) >= sizeof(((struct pfloghdr *)0)->ruleset)) {
5532 bpf_error("ruleset names can only be %ld characters",
5533 (long)(sizeof(((struct pfloghdr *)0)->ruleset) - 1));
5534 /* NOTREACHED */
5535 }
5536 b0 = gen_bcmp(offsetof(struct pfloghdr, ruleset),
5537 strlen(ruleset), (const u_char *)ruleset);
5538 return (b0);
5539 }
5540
5541 /* PF firewall log rule number */
5542 struct block *
5543 gen_pf_rnr(int rnr)
5544 {
5545 struct block *b0;
5546
5547 if (linktype == DLT_PFLOG) {
5548 b0 = gen_cmp(offsetof(struct pfloghdr, rulenr), BPF_W,
5549 (bpf_int32)rnr);
5550 } else {
5551 bpf_error("rnr not supported on linktype 0x%x", linktype);
5552 /* NOTREACHED */
5553 }
5554
5555 return (b0);
5556 }
5557
5558 /* PF firewall log sub-rule number */
5559 struct block *
5560 gen_pf_srnr(int srnr)
5561 {
5562 struct block *b0;
5563
5564 if (linktype != DLT_PFLOG) {
5565 bpf_error("srnr not supported on linktype 0x%x", linktype);
5566 /* NOTREACHED */
5567 }
5568
5569 b0 = gen_cmp(offsetof(struct pfloghdr, subrulenr), BPF_W,
5570 (bpf_int32)srnr);
5571 return (b0);
5572 }
5573
5574 /* PF firewall log reason code */
5575 struct block *
5576 gen_pf_reason(int reason)
5577 {
5578 struct block *b0;
5579
5580 if (linktype == DLT_PFLOG) {
5581 b0 = gen_cmp(offsetof(struct pfloghdr, reason), BPF_B,
5582 (bpf_int32)reason);
5583 } else {
5584 bpf_error("reason not supported on linktype 0x%x", linktype);
5585 /* NOTREACHED */
5586 }
5587
5588 return (b0);
5589 }
5590
5591 /* PF firewall log action */
5592 struct block *
5593 gen_pf_action(int action)
5594 {
5595 struct block *b0;
5596
5597 if (linktype == DLT_PFLOG) {
5598 b0 = gen_cmp(offsetof(struct pfloghdr, action), BPF_B,
5599 (bpf_int32)action);
5600 } else {
5601 bpf_error("action not supported on linktype 0x%x", linktype);
5602 /* NOTREACHED */
5603 }
5604
5605 return (b0);
5606 }
5607
5608 struct block *
5609 gen_acode(eaddr, q)
5610 register const u_char *eaddr;
5611 struct qual q;
5612 {
5613 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
5614 if (linktype == DLT_ARCNET || linktype == DLT_ARCNET_LINUX)
5615 return gen_ahostop(eaddr, (int)q.dir);
5616 }
5617 bpf_error("ARCnet address used in non-arc expression");
5618 /* NOTREACHED */
5619 }
5620
5621 static struct block *
5622 gen_ahostop(eaddr, dir)
5623 register const u_char *eaddr;
5624 register int dir;
5625 {
5626 register struct block *b0, *b1;
5627
5628 switch (dir) {
5629 /* src comes first, different from Ethernet */
5630 case Q_SRC:
5631 return gen_bcmp(0, 1, eaddr);
5632
5633 case Q_DST:
5634 return gen_bcmp(1, 1, eaddr);
5635
5636 case Q_AND:
5637 b0 = gen_ahostop(eaddr, Q_SRC);
5638 b1 = gen_ahostop(eaddr, Q_DST);
5639 gen_and(b0, b1);
5640 return b1;
5641
5642 case Q_DEFAULT:
5643 case Q_OR:
5644 b0 = gen_ahostop(eaddr, Q_SRC);
5645 b1 = gen_ahostop(eaddr, Q_DST);
5646 gen_or(b0, b1);
5647 return b1;
5648 }
5649 abort();
5650 /* NOTREACHED */
5651 }
5652
5653 /*
5654 * support IEEE 802.1Q VLAN trunk over ethernet
5655 */
5656 struct block *
5657 gen_vlan(vlan_num)
5658 int vlan_num;
5659 {
5660 struct block *b0;
5661
5662 /*
5663 * Change the offsets to point to the type and data fields within
5664 * the VLAN packet. Just increment the offsets, so that we
5665 * can support a hierarchy, e.g. "vlan 300 && vlan 200" to
5666 * capture VLAN 200 encapsulated within VLAN 100.
5667 *
5668 * XXX - this is a bit of a kludge. If we were to split the
5669 * compiler into a parser that parses an expression and
5670 * generates an expression tree, and a code generator that
5671 * takes an expression tree (which could come from our
5672 * parser or from some other parser) and generates BPF code,
5673 * we could perhaps make the offsets parameters of routines
5674 * and, in the handler for an "AND" node, pass to subnodes
5675 * other than the VLAN node the adjusted offsets.
5676 *
5677 * This would mean that "vlan" would, instead of changing the
5678 * behavior of *all* tests after it, change only the behavior
5679 * of tests ANDed with it. That would change the documented
5680 * semantics of "vlan", which might break some expressions.
5681 * However, it would mean that "(vlan and ip) or ip" would check
5682 * both for VLAN-encapsulated IP and IP-over-Ethernet, rather than
5683 * checking only for VLAN-encapsulated IP, so that could still
5684 * be considered worth doing; it wouldn't break expressions
5685 * that are of the form "vlan and ..." or "vlan N and ...",
5686 * which I suspect are the most common expressions involving
5687 * "vlan". "vlan or ..." doesn't necessarily do what the user
5688 * would really want, now, as all the "or ..." tests would
5689 * be done assuming a VLAN, even though the "or" could be viewed
5690 * as meaning "or, if this isn't a VLAN packet...".
5691 */
5692 orig_linktype = off_linktype; /* save original values */
5693 orig_nl = off_nl;
5694 orig_nl_nosnap = off_nl_nosnap;
5695
5696 switch (linktype) {
5697
5698 case DLT_EN10MB:
5699 off_linktype += 4;
5700 off_nl_nosnap += 4;
5701 off_nl += 4;
5702 break;
5703
5704 default:
5705 bpf_error("no VLAN support for data link type %d",
5706 linktype);
5707 /*NOTREACHED*/
5708 }
5709
5710 /* check for VLAN */
5711 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q);
5712
5713 /* If a specific VLAN is requested, check VLAN id */
5714 if (vlan_num >= 0) {
5715 struct block *b1;
5716
5717 b1 = gen_mcmp(orig_nl, BPF_H, (bpf_int32)vlan_num, 0x0fff);
5718 gen_and(b0, b1);
5719 b0 = b1;
5720 }
5721
5722 return (b0);
5723 }
5724
5725 /*
5726 * support for MPLS
5727 */
5728 struct block *
5729 gen_mpls(label_num)
5730 int label_num;
5731 {
5732 struct block *b0;
5733
5734 /*
5735 * Change the offsets to point to the type and data fields within
5736 * the MPLS packet. Just increment the offsets, so that we
5737 * can support a hierarchy, e.g. "mpls 100000 && mpls 1024" to
5738 * capture packets with an outer label of 100000 and an inner
5739 * label of 1024.
5740 *
5741 * XXX - this is a bit of a kludge. See comments in gen_vlan().
5742 */
5743 orig_linktype = off_linktype; /* save original values */
5744 orig_nl = off_nl;
5745 orig_nl_nosnap = off_nl_nosnap;
5746
5747 switch (linktype) {
5748
5749 case DLT_C_HDLC: /* fall through */
5750 case DLT_EN10MB:
5751 off_linktype += 4;
5752 off_nl_nosnap += 4;
5753 off_nl += 4;
5754
5755 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_MPLS);
5756 break;
5757
5758 case DLT_PPP:
5759 off_linktype += 4;
5760 off_nl_nosnap += 4;
5761 off_nl += 4;
5762
5763 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)PPP_MPLS_UCAST);
5764 break;
5765
5766 /* FIXME add other DLT_s ...
5767 * for Frame-Relay/and ATM this may get messy due to SNAP headers
5768 * leave it for now */
5769
5770 default:
5771 bpf_error("no MPLS support for data link type %d",
5772 linktype);
5773 b0 = NULL;
5774 /*NOTREACHED*/
5775 break;
5776 }
5777
5778 /* If a specific MPLS label is requested, check it */
5779 if (label_num >= 0) {
5780 struct block *b1;
5781
5782 label_num = label_num << 12; /* label is shifted 12 bits on the wire */
5783 b1 = gen_mcmp(orig_nl, BPF_W, (bpf_int32)label_num, 0xfffff000); /* only compare the first 20 bits */
5784 gen_and(b0, b1);
5785 b0 = b1;
5786 }
5787
5788 return (b0);
5789 }
5790
5791 struct block *
5792 gen_atmfield_code(atmfield, jvalue, jtype, reverse)
5793 int atmfield;
5794 bpf_u_int32 jvalue;
5795 bpf_u_int32 jtype;
5796 int reverse;
5797 {
5798 struct block *b0;
5799
5800 switch (atmfield) {
5801
5802 case A_VPI:
5803 if (!is_atm)
5804 bpf_error("'vpi' supported only on raw ATM");
5805 if (off_vpi == (u_int)-1)
5806 abort();
5807 b0 = gen_ncmp(BPF_B, off_vpi, 0xffffffff, (u_int)jtype,
5808 (u_int)jvalue, reverse);
5809 break;
5810
5811 case A_VCI:
5812 if (!is_atm)
5813 bpf_error("'vci' supported only on raw ATM");
5814 if (off_vci == (u_int)-1)
5815 abort();
5816 b0 = gen_ncmp(BPF_H, off_vci, 0xffffffff, (u_int)jtype,
5817 (u_int)jvalue, reverse);
5818 break;
5819
5820 case A_PROTOTYPE:
5821 if (off_proto == (u_int)-1)
5822 abort(); /* XXX - this isn't on FreeBSD */
5823 b0 = gen_ncmp(BPF_B, off_proto, 0x0f, (u_int)jtype,
5824 (u_int)jvalue, reverse);
5825 break;
5826
5827 case A_MSGTYPE:
5828 if (off_payload == (u_int)-1)
5829 abort();
5830 b0 = gen_ncmp(BPF_B, off_payload + MSG_TYPE_POS, 0xffffffff,
5831 (u_int)jtype, (u_int)jvalue, reverse);
5832 break;
5833
5834 case A_CALLREFTYPE:
5835 if (!is_atm)
5836 bpf_error("'callref' supported only on raw ATM");
5837 if (off_proto == (u_int)-1)
5838 abort();
5839 b0 = gen_ncmp(BPF_B, off_proto, 0xffffffff, (u_int)jtype,
5840 (u_int)jvalue, reverse);
5841 break;
5842
5843 default:
5844 abort();
5845 }
5846 return b0;
5847 }
5848
5849 struct block *
5850 gen_atmtype_abbrev(type)
5851 int type;
5852 {
5853 struct block *b0, *b1;
5854
5855 switch (type) {
5856
5857 case A_METAC:
5858 /* Get all packets in Meta signalling Circuit */
5859 if (!is_atm)
5860 bpf_error("'metac' supported only on raw ATM");
5861 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5862 b1 = gen_atmfield_code(A_VCI, 1, BPF_JEQ, 0);
5863 gen_and(b0, b1);
5864 break;
5865
5866 case A_BCC:
5867 /* Get all packets in Broadcast Circuit*/
5868 if (!is_atm)
5869 bpf_error("'bcc' supported only on raw ATM");
5870 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5871 b1 = gen_atmfield_code(A_VCI, 2, BPF_JEQ, 0);
5872 gen_and(b0, b1);
5873 break;
5874
5875 case A_OAMF4SC:
5876 /* Get all cells in Segment OAM F4 circuit*/
5877 if (!is_atm)
5878 bpf_error("'oam4sc' supported only on raw ATM");
5879 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5880 b1 = gen_atmfield_code(A_VCI, 3, BPF_JEQ, 0);
5881 gen_and(b0, b1);
5882 break;
5883
5884 case A_OAMF4EC:
5885 /* Get all cells in End-to-End OAM F4 Circuit*/
5886 if (!is_atm)
5887 bpf_error("'oam4ec' supported only on raw ATM");
5888 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5889 b1 = gen_atmfield_code(A_VCI, 4, BPF_JEQ, 0);
5890 gen_and(b0, b1);
5891 break;
5892
5893 case A_SC:
5894 /* Get all packets in connection Signalling Circuit */
5895 if (!is_atm)
5896 bpf_error("'sc' supported only on raw ATM");
5897 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5898 b1 = gen_atmfield_code(A_VCI, 5, BPF_JEQ, 0);
5899 gen_and(b0, b1);
5900 break;
5901
5902 case A_ILMIC:
5903 /* Get all packets in ILMI Circuit */
5904 if (!is_atm)
5905 bpf_error("'ilmic' supported only on raw ATM");
5906 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5907 b1 = gen_atmfield_code(A_VCI, 16, BPF_JEQ, 0);
5908 gen_and(b0, b1);
5909 break;
5910
5911 case A_LANE:
5912 /* Get all LANE packets */
5913 if (!is_atm)
5914 bpf_error("'lane' supported only on raw ATM");
5915 b1 = gen_atmfield_code(A_PROTOTYPE, PT_LANE, BPF_JEQ, 0);
5916
5917 /*
5918 * Arrange that all subsequent tests assume LANE
5919 * rather than LLC-encapsulated packets, and set
5920 * the offsets appropriately for LANE-encapsulated
5921 * Ethernet.
5922 *
5923 * "off_mac" is the offset of the Ethernet header,
5924 * which is 2 bytes past the ATM pseudo-header
5925 * (skipping the pseudo-header and 2-byte LE Client
5926 * field). The other offsets are Ethernet offsets
5927 * relative to "off_mac".
5928 */
5929 is_lane = 1;
5930 off_mac = off_payload + 2; /* MAC header */
5931 off_linktype = off_mac + 12;
5932 off_nl = off_mac + 14; /* Ethernet II */
5933 off_nl_nosnap = off_mac + 17; /* 802.3+802.2 */
5934 break;
5935
5936 case A_LLC:
5937 /* Get all LLC-encapsulated packets */
5938 if (!is_atm)
5939 bpf_error("'llc' supported only on raw ATM");
5940 b1 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0);
5941 is_lane = 0;
5942 break;
5943
5944 default:
5945 abort();
5946 }
5947 return b1;
5948 }
5949
5950
5951 static struct block *
5952 gen_msg_abbrev(type)
5953 int type;
5954 {
5955 struct block *b1;
5956
5957 /*
5958 * Q.2931 signalling protocol messages for handling virtual circuits
5959 * establishment and teardown
5960 */
5961 switch (type) {
5962
5963 case A_SETUP:
5964 b1 = gen_atmfield_code(A_MSGTYPE, SETUP, BPF_JEQ, 0);
5965 break;
5966
5967 case A_CALLPROCEED:
5968 b1 = gen_atmfield_code(A_MSGTYPE, CALL_PROCEED, BPF_JEQ, 0);
5969 break;
5970
5971 case A_CONNECT:
5972 b1 = gen_atmfield_code(A_MSGTYPE, CONNECT, BPF_JEQ, 0);
5973 break;
5974
5975 case A_CONNECTACK:
5976 b1 = gen_atmfield_code(A_MSGTYPE, CONNECT_ACK, BPF_JEQ, 0);
5977 break;
5978
5979 case A_RELEASE:
5980 b1 = gen_atmfield_code(A_MSGTYPE, RELEASE, BPF_JEQ, 0);
5981 break;
5982
5983 case A_RELEASE_DONE:
5984 b1 = gen_atmfield_code(A_MSGTYPE, RELEASE_DONE, BPF_JEQ, 0);
5985 break;
5986
5987 default:
5988 abort();
5989 }
5990 return b1;
5991 }
5992
5993 struct block *
5994 gen_atmmulti_abbrev(type)
5995 int type;
5996 {
5997 struct block *b0, *b1;
5998
5999 switch (type) {
6000
6001 case A_OAM:
6002 if (!is_atm)
6003 bpf_error("'oam' supported only on raw ATM");
6004 b1 = gen_atmmulti_abbrev(A_OAMF4);
6005 break;
6006
6007 case A_OAMF4:
6008 if (!is_atm)
6009 bpf_error("'oamf4' supported only on raw ATM");
6010 /* OAM F4 type */
6011 b0 = gen_atmfield_code(A_VCI, 3, BPF_JEQ, 0);
6012 b1 = gen_atmfield_code(A_VCI, 4, BPF_JEQ, 0);
6013 gen_or(b0, b1);
6014 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
6015 gen_and(b0, b1);
6016 break;
6017
6018 case A_CONNECTMSG:
6019 /*
6020 * Get Q.2931 signalling messages for switched
6021 * virtual connection
6022 */
6023 if (!is_atm)
6024 bpf_error("'connectmsg' supported only on raw ATM");
6025 b0 = gen_msg_abbrev(A_SETUP);
6026 b1 = gen_msg_abbrev(A_CALLPROCEED);
6027 gen_or(b0, b1);
6028 b0 = gen_msg_abbrev(A_CONNECT);
6029 gen_or(b0, b1);
6030 b0 = gen_msg_abbrev(A_CONNECTACK);
6031 gen_or(b0, b1);
6032 b0 = gen_msg_abbrev(A_RELEASE);
6033 gen_or(b0, b1);
6034 b0 = gen_msg_abbrev(A_RELEASE_DONE);
6035 gen_or(b0, b1);
6036 b0 = gen_atmtype_abbrev(A_SC);
6037 gen_and(b0, b1);
6038 break;
6039
6040 case A_METACONNECT:
6041 if (!is_atm)
6042 bpf_error("'metaconnect' supported only on raw ATM");
6043 b0 = gen_msg_abbrev(A_SETUP);
6044 b1 = gen_msg_abbrev(A_CALLPROCEED);
6045 gen_or(b0, b1);
6046 b0 = gen_msg_abbrev(A_CONNECT);
6047 gen_or(b0, b1);
6048 b0 = gen_msg_abbrev(A_RELEASE);
6049 gen_or(b0, b1);
6050 b0 = gen_msg_abbrev(A_RELEASE_DONE);
6051 gen_or(b0, b1);
6052 b0 = gen_atmtype_abbrev(A_METAC);
6053 gen_and(b0, b1);
6054 break;
6055
6056 default:
6057 abort();
6058 }
6059 return b1;
6060 }
[mirror] the LIBpcap interface to various kernel packet capture mechanism