]> The Tcpdump Group git mirrors - libpcap/blob - gencode.c
projects / libpcap / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Declare "install_bpf_program()" in "pcap-int.h", not "gencode.h"; it has
[libpcap] / gencode.c
1 /*#define CHASE_CHAIN*/
2 /*
3 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998
4 * The Regents of the University of California. All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that: (1) source code distributions
8 * retain the above copyright notice and this paragraph in its entirety, (2)
9 * distributions including binary code include the above copyright notice and
10 * this paragraph in its entirety in the documentation or other materials
11 * provided with the distribution, and (3) all advertising materials mentioning
12 * features or use of this software display the following acknowledgement:
13 * ``This product includes software developed by the University of California,
14 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
15 * the University nor the names of its contributors may be used to endorse
16 * or promote products derived from this software without specific prior
17 * written permission.
18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
19 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
20 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
21 */
22 #ifndef lint
23 static const char rcsid[] =
24 "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.135 2000-10-30 06:06:53 guy Exp $ (LBL)";
25 #endif
26
27 #ifdef HAVE_CONFIG_H
28 #include "config.h"
29 #endif
30
31 #include <sys/types.h>
32 #include <sys/socket.h>
33 #include <sys/time.h>
34 #ifdef __NetBSD__
35 #include <sys/param.h>
36 #endif
37
38 struct mbuf;
39 struct rtentry;
40 #include <net/if.h>
41
42 #include <netinet/in.h>
43
44 #include <stdlib.h>
45 #include <string.h>
46 #include <memory.h>
47 #include <setjmp.h>
48 #include <stdarg.h>
49
50 #include "pcap-int.h"
51
52 #include "ethertype.h"
53 #include "nlpid.h"
54 #include "gencode.h"
55 #include "ppp.h"
56 #include <pcap-namedb.h>
57 #ifdef INET6
58 #include <netdb.h>
59 #include <sys/socket.h>
60 #endif /*INET6*/
61
62 #define LLC_SNAP_LSAP 0xaa
63 #define LLC_ISO_LSAP 0xfe
64
65 #define ETHERMTU 1500
66
67 #ifdef HAVE_OS_PROTO_H
68 #include "os-proto.h"
69 #endif
70
71 #define JMP(c) ((c)|BPF_JMP|BPF_K)
72
73 /* Locals */
74 static jmp_buf top_ctx;
75 static pcap_t *bpf_pcap;
76
77 /* XXX */
78 #ifdef PCAP_FDDIPAD
79 int pcap_fddipad = PCAP_FDDIPAD;
80 #else
81 int pcap_fddipad;
82 #endif
83
84 /* VARARGS */
85 void
86 bpf_error(const char *fmt, ...)
87
88 {
89 va_list ap;
90
91 va_start(ap, fmt);
92 if (bpf_pcap != NULL)
93 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE,
94 fmt, ap);
95 va_end(ap);
96 longjmp(top_ctx, 1);
97 /* NOTREACHED */
98 }
99
100 static void init_linktype(int);
101
102 static int alloc_reg(void);
103 static void free_reg(int);
104
105 static struct block *root;
106
107 /*
108 * We divy out chunks of memory rather than call malloc each time so
109 * we don't have to worry about leaking memory. It's probably
110 * not a big deal if all this memory was wasted but it this ever
111 * goes into a library that would probably not be a good idea.
112 */
113 #define NCHUNKS 16
114 #define CHUNK0SIZE 1024
115 struct chunk {
116 u_int n_left;
117 void *m;
118 };
119
120 static struct chunk chunks[NCHUNKS];
121 static int cur_chunk;
122
123 static void *newchunk(u_int);
124 static void freechunks(void);
125 static inline struct block *new_block(int);
126 static inline struct slist *new_stmt(int);
127 static struct block *gen_retblk(int);
128 static inline void syntax(void);
129
130 static void backpatch(struct block *, struct block *);
131 static void merge(struct block *, struct block *);
132 static struct block *gen_cmp(u_int, u_int, bpf_int32);
133 static struct block *gen_cmp_gt(u_int, u_int, bpf_int32);
134 static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32);
135 static struct block *gen_bcmp(u_int, u_int, const u_char *);
136 static struct block *gen_uncond(int);
137 static inline struct block *gen_true(void);
138 static inline struct block *gen_false(void);
139 static struct block *gen_linktype(int);
140 static struct block *gen_snap(bpf_u_int32, bpf_u_int32, u_int);
141 static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int);
142 #ifdef INET6
143 static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int);
144 #endif
145 static struct block *gen_ehostop(const u_char *, int);
146 static struct block *gen_fhostop(const u_char *, int);
147 static struct block *gen_thostop(const u_char *, int);
148 static struct block *gen_dnhostop(bpf_u_int32, int, u_int);
149 static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int);
150 #ifdef INET6
151 static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int);
152 #endif
153 #ifndef INET6
154 static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int);
155 #endif
156 static struct block *gen_ipfrag(void);
157 static struct block *gen_portatom(int, bpf_int32);
158 #ifdef INET6
159 static struct block *gen_portatom6(int, bpf_int32);
160 #endif
161 struct block *gen_portop(int, int, int);
162 static struct block *gen_port(int, int, int);
163 #ifdef INET6
164 struct block *gen_portop6(int, int, int);
165 static struct block *gen_port6(int, int, int);
166 #endif
167 static int lookup_proto(const char *, int);
168 static struct block *gen_protochain(int, int, int);
169 static struct block *gen_proto(int, int, int);
170 static struct slist *xfer_to_x(struct arth *);
171 static struct slist *xfer_to_a(struct arth *);
172 static struct block *gen_len(int, int);
173
174 static void *
175 newchunk(n)
176 u_int n;
177 {
178 struct chunk *cp;
179 int k, size;
180
181 #ifndef __NetBSD__
182 /* XXX Round up to nearest long. */
183 n = (n + sizeof(long) - 1) & ~(sizeof(long) - 1);
184 #else
185 /* XXX Round up to structure boundary. */
186 n = ALIGN(n);
187 #endif
188
189 cp = &chunks[cur_chunk];
190 if (n > cp->n_left) {
191 ++cp, k = ++cur_chunk;
192 if (k >= NCHUNKS)
193 bpf_error("out of memory");
194 size = CHUNK0SIZE << k;
195 cp->m = (void *)malloc(size);
196 memset((char *)cp->m, 0, size);
197 cp->n_left = size;
198 if (n > size)
199 bpf_error("out of memory");
200 }
201 cp->n_left -= n;
202 return (void *)((char *)cp->m + cp->n_left);
203 }
204
205 static void
206 freechunks()
207 {
208 int i;
209
210 cur_chunk = 0;
211 for (i = 0; i < NCHUNKS; ++i)
212 if (chunks[i].m != NULL) {
213 free(chunks[i].m);
214 chunks[i].m = NULL;
215 }
216 }
217
218 /*
219 * A strdup whose allocations are freed after code generation is over.
220 */
221 char *
222 sdup(s)
223 register const char *s;
224 {
225 int n = strlen(s) + 1;
226 char *cp = newchunk(n);
227
228 strlcpy(cp, s, n);
229 return (cp);
230 }
231
232 static inline struct block *
233 new_block(code)
234 int code;
235 {
236 struct block *p;
237
238 p = (struct block *)newchunk(sizeof(*p));
239 p->s.code = code;
240 p->head = p;
241
242 return p;
243 }
244
245 static inline struct slist *
246 new_stmt(code)
247 int code;
248 {
249 struct slist *p;
250
251 p = (struct slist *)newchunk(sizeof(*p));
252 p->s.code = code;
253
254 return p;
255 }
256
257 static struct block *
258 gen_retblk(v)
259 int v;
260 {
261 struct block *b = new_block(BPF_RET|BPF_K);
262
263 b->s.k = v;
264 return b;
265 }
266
267 static inline void
268 syntax()
269 {
270 bpf_error("syntax error in filter expression");
271 }
272
273 static bpf_u_int32 netmask;
274 static int snaplen;
275 int no_optimize;
276
277 int
278 pcap_compile(pcap_t *p, struct bpf_program *program,
279 char *buf, int optimize, bpf_u_int32 mask)
280 {
281 extern int n_errors;
282 int len;
283
284 no_optimize = 0;
285 n_errors = 0;
286 root = NULL;
287 bpf_pcap = p;
288 if (setjmp(top_ctx)) {
289 lex_cleanup();
290 freechunks();
291 return (-1);
292 }
293
294 netmask = mask;
295
296 /* On Linux we do not use the BPF filter to truncate the packet
297 * since the kernel provides other ways for that. In fact if we
298 * are using the packet filter for that duty we will be unable
299 * to acquire the original packet size. -- Torsten */
300 #ifndef linux
301 snaplen = pcap_snapshot(p);
302 #else
303 snaplen = 0xffff;
304 #endif
305 if (snaplen == 0) {
306 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
307 "snaplen of 0 rejects all packets");
308 return -1;
309 }
310
311 lex_init(buf ? buf : "");
312 init_linktype(pcap_datalink(p));
313 (void)pcap_parse();
314
315 if (n_errors)
316 syntax();
317
318 if (root == NULL)
319 root = gen_retblk(snaplen);
320
321 if (optimize && !no_optimize) {
322 bpf_optimize(&root);
323 if (root == NULL ||
324 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0))
325 bpf_error("expression rejects all packets");
326 }
327 program->bf_insns = icode_to_fcode(root, &len);
328 program->bf_len = len;
329
330 lex_cleanup();
331 freechunks();
332 return (0);
333 }
334
335 /*
336 * entry point for using the compiler with no pcap open
337 * pass in all the stuff that is needed explicitly instead.
338 */
339 int
340 pcap_compile_nopcap(int snaplen_arg, int linktype_arg,
341 struct bpf_program *program,
342 char *buf, int optimize, bpf_u_int32 mask)
343 {
344 extern int n_errors;
345 int len;
346
347 n_errors = 0;
348 root = NULL;
349 bpf_pcap = NULL;
350 if (setjmp(top_ctx)) {
351 freechunks();
352 return (-1);
353 }
354
355 netmask = mask;
356
357 /* XXX needed? I don't grok the use of globals here. */
358 snaplen = snaplen_arg;
359
360 lex_init(buf ? buf : "");
361 init_linktype(linktype_arg);
362 (void)pcap_parse();
363
364 if (n_errors)
365 syntax();
366
367 if (root == NULL)
368 root = gen_retblk(snaplen_arg);
369
370 if (optimize) {
371 bpf_optimize(&root);
372 if (root == NULL ||
373 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0))
374 bpf_error("expression rejects all packets");
375 }
376 program->bf_insns = icode_to_fcode(root, &len);
377 program->bf_len = len;
378
379 freechunks();
380 return (0);
381 }
382
383 /*
384 * Clean up a "struct bpf_program" by freeing all the memory allocated
385 * in it.
386 */
387 void
388 pcap_freecode(struct bpf_program *program)
389 {
390 program->bf_len = 0;
391 if (program->bf_insns != NULL) {
392 free((char *)program->bf_insns);
393 program->bf_insns = NULL;
394 }
395 }
396
397 /*
398 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates
399 * which of the jt and jf fields has been resolved and which is a pointer
400 * back to another unresolved block (or nil). At least one of the fields
401 * in each block is already resolved.
402 */
403 static void
404 backpatch(list, target)
405 struct block *list, *target;
406 {
407 struct block *next;
408
409 while (list) {
410 if (!list->sense) {
411 next = JT(list);
412 JT(list) = target;
413 } else {
414 next = JF(list);
415 JF(list) = target;
416 }
417 list = next;
418 }
419 }
420
421 /*
422 * Merge the lists in b0 and b1, using the 'sense' field to indicate
423 * which of jt and jf is the link.
424 */
425 static void
426 merge(b0, b1)
427 struct block *b0, *b1;
428 {
429 register struct block **p = &b0;
430
431 /* Find end of list. */
432 while (*p)
433 p = !((*p)->sense) ? &JT(*p) : &JF(*p);
434
435 /* Concatenate the lists. */
436 *p = b1;
437 }
438
439 void
440 finish_parse(p)
441 struct block *p;
442 {
443 backpatch(p, gen_retblk(snaplen));
444 p->sense = !p->sense;
445 backpatch(p, gen_retblk(0));
446 root = p->head;
447 }
448
449 void
450 gen_and(b0, b1)
451 struct block *b0, *b1;
452 {
453 backpatch(b0, b1->head);
454 b0->sense = !b0->sense;
455 b1->sense = !b1->sense;
456 merge(b1, b0);
457 b1->sense = !b1->sense;
458 b1->head = b0->head;
459 }
460
461 void
462 gen_or(b0, b1)
463 struct block *b0, *b1;
464 {
465 b0->sense = !b0->sense;
466 backpatch(b0, b1->head);
467 b0->sense = !b0->sense;
468 merge(b1, b0);
469 b1->head = b0->head;
470 }
471
472 void
473 gen_not(b)
474 struct block *b;
475 {
476 b->sense = !b->sense;
477 }
478
479 static struct block *
480 gen_cmp(offset, size, v)
481 u_int offset, size;
482 bpf_int32 v;
483 {
484 struct slist *s;
485 struct block *b;
486
487 s = new_stmt(BPF_LD|BPF_ABS|size);
488 s->s.k = offset;
489
490 b = new_block(JMP(BPF_JEQ));
491 b->stmts = s;
492 b->s.k = v;
493
494 return b;
495 }
496
497 static struct block *
498 gen_cmp_gt(offset, size, v)
499 u_int offset, size;
500 bpf_int32 v;
501 {
502 struct slist *s;
503 struct block *b;
504
505 s = new_stmt(BPF_LD|BPF_ABS|size);
506 s->s.k = offset;
507
508 b = new_block(JMP(BPF_JGT));
509 b->stmts = s;
510 b->s.k = v;
511
512 return b;
513 }
514
515 static struct block *
516 gen_mcmp(offset, size, v, mask)
517 u_int offset, size;
518 bpf_int32 v;
519 bpf_u_int32 mask;
520 {
521 struct block *b = gen_cmp(offset, size, v);
522 struct slist *s;
523
524 if (mask != 0xffffffff) {
525 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
526 s->s.k = mask;
527 b->stmts->next = s;
528 }
529 return b;
530 }
531
532 static struct block *
533 gen_bcmp(offset, size, v)
534 register u_int offset, size;
535 register const u_char *v;
536 {
537 register struct block *b, *tmp;
538
539 b = NULL;
540 while (size >= 4) {
541 register const u_char *p = &v[size - 4];
542 bpf_int32 w = ((bpf_int32)p[0] << 24) |
543 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3];
544
545 tmp = gen_cmp(offset + size - 4, BPF_W, w);
546 if (b != NULL)
547 gen_and(b, tmp);
548 b = tmp;
549 size -= 4;
550 }
551 while (size >= 2) {
552 register const u_char *p = &v[size - 2];
553 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1];
554
555 tmp = gen_cmp(offset + size - 2, BPF_H, w);
556 if (b != NULL)
557 gen_and(b, tmp);
558 b = tmp;
559 size -= 2;
560 }
561 if (size > 0) {
562 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]);
563 if (b != NULL)
564 gen_and(b, tmp);
565 b = tmp;
566 }
567 return b;
568 }
569
570 /*
571 * Various code constructs need to know the layout of the data link
572 * layer. These variables give the necessary offsets. off_linktype
573 * is set to -1 for no encapsulation, in which case, IP is assumed.
574 */
575 static u_int off_linktype;
576 static u_int off_nl;
577 static int linktype;
578
579 static void
580 init_linktype(type)
581 int type;
582 {
583 linktype = type;
584
585 switch (type) {
586
587 case DLT_EN10MB:
588 off_linktype = 12;
589 off_nl = 14;
590 return;
591
592 case DLT_SLIP:
593 /*
594 * SLIP doesn't have a link level type. The 16 byte
595 * header is hacked into our SLIP driver.
596 */
597 off_linktype = -1;
598 off_nl = 16;
599 return;
600
601 case DLT_SLIP_BSDOS:
602 /* XXX this may be the same as the DLT_PPP_BSDOS case */
603 off_linktype = -1;
604 /* XXX end */
605 off_nl = 24;
606 return;
607
608 case DLT_NULL:
609 off_linktype = 0;
610 off_nl = 4;
611 return;
612
613 case DLT_PPP:
614 case DLT_C_HDLC:
615 case DLT_PPP_SERIAL:
616 off_linktype = 2;
617 off_nl = 4;
618 return;
619
620 case DLT_PPP_BSDOS:
621 off_linktype = 5;
622 off_nl = 24;
623 return;
624
625 case DLT_FDDI:
626 /*
627 * FDDI doesn't really have a link-level type field.
628 * We assume that SSAP = SNAP is being used and pick
629 * out the encapsulated Ethernet type.
630 *
631 * XXX - should we generate code to check for SNAP?
632 */
633 off_linktype = 19;
634 #ifdef PCAP_FDDIPAD
635 off_linktype += pcap_fddipad;
636 #endif
637 off_nl = 21;
638 #ifdef PCAP_FDDIPAD
639 off_nl += pcap_fddipad;
640 #endif
641 return;
642
643 case DLT_IEEE802:
644 /*
645 * Token Ring doesn't really have a link-level type field.
646 * We assume that SSAP = SNAP is being used and pick
647 * out the encapsulated Ethernet type.
648 *
649 * XXX - should we generate code to check for SNAP?
650 *
651 * XXX - the header is actually variable-length.
652 * Some various Linux patched versions gave 38
653 * as "off_linktype" and 40 as "off_nl"; however,
654 * if a token ring packet has *no* routing
655 * information, i.e. is not source-routed, the correct
656 * values are 20 and 22, as they are in the vanilla code.
657 *
658 * A packet is source-routed iff the uppermost bit
659 * of the first byte of the source address, at an
660 * offset of 8, has the uppermost bit set. If the
661 * packet is source-routed, the total number of bytes
662 * of routing information is 2 plus bits 0x1F00 of
663 * the 16-bit value at an offset of 14 (shifted right
664 * 8 - figure out which byte that is).
665 */
666 off_linktype = 20;
667 off_nl = 22;
668 return;
669
670 case DLT_ATM_RFC1483:
671 /*
672 * assume routed, non-ISO PDUs
673 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00)
674 */
675 off_linktype = 6;
676 off_nl = 8;
677 return;
678
679 case DLT_RAW:
680 off_linktype = -1;
681 off_nl = 0;
682 return;
683
684 case DLT_ATM_CLIP: /* Linux ATM defines this */
685 off_linktype = 6;
686 off_nl = 8;
687 return;
688 }
689 bpf_error("unknown data link type %d", linktype);
690 /* NOTREACHED */
691 }
692
693 static struct block *
694 gen_uncond(rsense)
695 int rsense;
696 {
697 struct block *b;
698 struct slist *s;
699
700 s = new_stmt(BPF_LD|BPF_IMM);
701 s->s.k = !rsense;
702 b = new_block(JMP(BPF_JEQ));
703 b->stmts = s;
704
705 return b;
706 }
707
708 static inline struct block *
709 gen_true()
710 {
711 return gen_uncond(1);
712 }
713
714 static inline struct block *
715 gen_false()
716 {
717 return gen_uncond(0);
718 }
719
720 static struct block *
721 gen_linktype(proto)
722 register int proto;
723 {
724 struct block *b0, *b1;
725
726 /* If we're not using encapsulation, we're done */
727 if (off_linktype == -1)
728 return gen_true();
729
730 switch (linktype) {
731
732 case DLT_EN10MB:
733 /*
734 * XXX - handle other LLC-encapsulated protocols here
735 * (IPX, OSI)?
736 */
737 switch (proto) {
738
739 case LLC_ISO_LSAP:
740 /*
741 * OSI protocols always use 802.2 encapsulation.
742 */
743 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
744 gen_not(b0);
745 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
746 ((LLC_ISO_LSAP << 8) | LLC_ISO_LSAP));
747 gen_and(b0, b1);
748 return b1;
749
750 case ETHERTYPE_ATALK:
751 case ETHERTYPE_AARP:
752 /*
753 * EtherTalk (AppleTalk protocols on Ethernet link
754 * layer) may use 802.2 encapsulation.
755 */
756
757 /*
758 * Check for 802.2 encapsulation (EtherTalk phase 2?);
759 * we check for an Ethernet type field less than
760 * 1500, which means it's an 802.3 length field.
761 */
762 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
763 gen_not(b0);
764
765 /*
766 * 802.2-encapsulated ETHERTYPE_ATALK packets are
767 * SNAP packets with an organization code of
768 * 0x080007 (Apple, for Appletalk) and a protocol
769 * type of ETHERTYPE_ATALK (Appletalk).
770 *
771 * 802.2-encapsulated ETHERTYPE_AARP packets are
772 * SNAP packets with an organization code of
773 * 0x000000 (encapsulated Ethernet) and a protocol
774 * type of ETHERTYPE_AARP (Appletalk ARP).
775 */
776 if (proto == ETHERTYPE_ATALK)
777 b1 = gen_snap(0x080007, ETHERTYPE_ATALK, 14);
778 else /* proto == ETHERTYPE_AARP */
779 b1 = gen_snap(0x000000, ETHERTYPE_AARP, 14);
780 gen_and(b0, b1);
781
782 /*
783 * Check for Ethernet encapsulation (Ethertalk
784 * phase 1?); we just check for the Ethernet
785 * protocol type.
786 */
787 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
788
789 gen_or(b0, b1);
790 return b1;
791 }
792 break;
793
794 case DLT_SLIP:
795 return gen_false();
796
797 case DLT_PPP:
798 case DLT_PPP_SERIAL:
799 /*
800 * We use Ethernet protocol types inside libpcap;
801 * map them to the corresponding PPP protocol types.
802 */
803 switch (proto) {
804
805 case ETHERTYPE_IP:
806 proto = PPP_IP; /* XXX was 0x21 */
807 break;
808
809 #ifdef INET6
810 case ETHERTYPE_IPV6:
811 proto = PPP_IPV6;
812 break;
813 #endif
814
815 case ETHERTYPE_DN:
816 proto = PPP_DECNET;
817 break;
818
819 case ETHERTYPE_ATALK:
820 proto = PPP_APPLE;
821 break;
822
823 case ETHERTYPE_NS:
824 proto = PPP_NS;
825 break;
826
827 case LLC_ISO_LSAP:
828 proto = PPP_OSI;
829 break;
830 }
831 break;
832
833 case DLT_PPP_BSDOS:
834 /*
835 * We use Ethernet protocol types inside libpcap;
836 * map them to the corresponding PPP protocol types.
837 */
838 switch (proto) {
839
840 case ETHERTYPE_IP:
841 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP);
842 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC);
843 gen_or(b0, b1);
844 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC);
845 gen_or(b1, b0);
846 return b0;
847
848 #ifdef INET6
849 case ETHERTYPE_IPV6:
850 proto = PPP_IPV6;
851 /* more to go? */
852 break;
853 #endif
854
855 case ETHERTYPE_DN:
856 proto = PPP_DECNET;
857 break;
858
859 case ETHERTYPE_ATALK:
860 proto = PPP_APPLE;
861 break;
862
863 case ETHERTYPE_NS:
864 proto = PPP_NS;
865 break;
866
867 case LLC_ISO_LSAP:
868 proto = PPP_OSI;
869 break;
870 }
871 break;
872
873 case DLT_NULL:
874 /* XXX */
875 if (proto == ETHERTYPE_IP)
876 return (gen_cmp(0, BPF_W, (bpf_int32)htonl(AF_INET)));
877 #ifdef INET6
878 else if (proto == ETHERTYPE_IPV6)
879 return (gen_cmp(0, BPF_W, (bpf_int32)htonl(AF_INET6)));
880 #endif
881 else
882 return gen_false();
883 }
884 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
885 }
886
887 /*
888 * Check for an LLC SNAP packet with a given organization code and
889 * protocol type; we check the entire contents of the 802.2 LLC and
890 * snap headers, checking for DSAP and SSAP of SNAP and a control
891 * field of 0x03 in the LLC header, and for the specified organization
892 * code and protocol type in the SNAP header.
893 */
894 static struct block *
895 gen_snap(orgcode, ptype, offset)
896 bpf_u_int32 orgcode;
897 bpf_u_int32 ptype;
898 u_int offset;
899 {
900 u_char snapblock[8];
901
902 snapblock[0] = LLC_SNAP_LSAP; /* DSAP = SNAP */
903 snapblock[1] = LLC_SNAP_LSAP; /* SSAP = SNAP */
904 snapblock[2] = 0x03; /* control = UI */
905 snapblock[3] = (orgcode >> 16); /* upper 8 bits of organization code */
906 snapblock[4] = (orgcode >> 8); /* middle 8 bits of organization code */
907 snapblock[5] = (orgcode >> 0); /* lower 8 bits of organization code */
908 snapblock[6] = (ptype >> 8); /* upper 8 bits of protocol type */
909 snapblock[7] = (ptype >> 0); /* lower 8 bits of protocol type */
910 return gen_bcmp(offset, 8, snapblock);
911 }
912
913 static struct block *
914 gen_hostop(addr, mask, dir, proto, src_off, dst_off)
915 bpf_u_int32 addr;
916 bpf_u_int32 mask;
917 int dir, proto;
918 u_int src_off, dst_off;
919 {
920 struct block *b0, *b1;
921 u_int offset;
922
923 switch (dir) {
924
925 case Q_SRC:
926 offset = src_off;
927 break;
928
929 case Q_DST:
930 offset = dst_off;
931 break;
932
933 case Q_AND:
934 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
935 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
936 gen_and(b0, b1);
937 return b1;
938
939 case Q_OR:
940 case Q_DEFAULT:
941 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
942 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
943 gen_or(b0, b1);
944 return b1;
945
946 default:
947 abort();
948 }
949 b0 = gen_linktype(proto);
950 b1 = gen_mcmp(offset, BPF_W, (bpf_int32)addr, mask);
951 gen_and(b0, b1);
952 return b1;
953 }
954
955 #ifdef INET6
956 static struct block *
957 gen_hostop6(addr, mask, dir, proto, src_off, dst_off)
958 struct in6_addr *addr;
959 struct in6_addr *mask;
960 int dir, proto;
961 u_int src_off, dst_off;
962 {
963 struct block *b0, *b1;
964 u_int offset;
965 u_int32_t *a, *m;
966
967 switch (dir) {
968
969 case Q_SRC:
970 offset = src_off;
971 break;
972
973 case Q_DST:
974 offset = dst_off;
975 break;
976
977 case Q_AND:
978 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
979 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
980 gen_and(b0, b1);
981 return b1;
982
983 case Q_OR:
984 case Q_DEFAULT:
985 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
986 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
987 gen_or(b0, b1);
988 return b1;
989
990 default:
991 abort();
992 }
993 /* this order is important */
994 a = (u_int32_t *)addr;
995 m = (u_int32_t *)mask;
996 b1 = gen_mcmp(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3]));
997 b0 = gen_mcmp(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2]));
998 gen_and(b0, b1);
999 b0 = gen_mcmp(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1]));
1000 gen_and(b0, b1);
1001 b0 = gen_mcmp(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0]));
1002 gen_and(b0, b1);
1003 b0 = gen_linktype(proto);
1004 gen_and(b0, b1);
1005 return b1;
1006 }
1007 #endif /*INET6*/
1008
1009 static struct block *
1010 gen_ehostop(eaddr, dir)
1011 register const u_char *eaddr;
1012 register int dir;
1013 {
1014 register struct block *b0, *b1;
1015
1016 switch (dir) {
1017 case Q_SRC:
1018 return gen_bcmp(6, 6, eaddr);
1019
1020 case Q_DST:
1021 return gen_bcmp(0, 6, eaddr);
1022
1023 case Q_AND:
1024 b0 = gen_ehostop(eaddr, Q_SRC);
1025 b1 = gen_ehostop(eaddr, Q_DST);
1026 gen_and(b0, b1);
1027 return b1;
1028
1029 case Q_DEFAULT:
1030 case Q_OR:
1031 b0 = gen_ehostop(eaddr, Q_SRC);
1032 b1 = gen_ehostop(eaddr, Q_DST);
1033 gen_or(b0, b1);
1034 return b1;
1035 }
1036 abort();
1037 /* NOTREACHED */
1038 }
1039
1040 /*
1041 * Like gen_ehostop, but for DLT_FDDI
1042 */
1043 static struct block *
1044 gen_fhostop(eaddr, dir)
1045 register const u_char *eaddr;
1046 register int dir;
1047 {
1048 struct block *b0, *b1;
1049
1050 switch (dir) {
1051 case Q_SRC:
1052 #ifdef PCAP_FDDIPAD
1053 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr);
1054 #else
1055 return gen_bcmp(6 + 1, 6, eaddr);
1056 #endif
1057
1058 case Q_DST:
1059 #ifdef PCAP_FDDIPAD
1060 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr);
1061 #else
1062 return gen_bcmp(0 + 1, 6, eaddr);
1063 #endif
1064
1065 case Q_AND:
1066 b0 = gen_fhostop(eaddr, Q_SRC);
1067 b1 = gen_fhostop(eaddr, Q_DST);
1068 gen_and(b0, b1);
1069 return b1;
1070
1071 case Q_DEFAULT:
1072 case Q_OR:
1073 b0 = gen_fhostop(eaddr, Q_SRC);
1074 b1 = gen_fhostop(eaddr, Q_DST);
1075 gen_or(b0, b1);
1076 return b1;
1077 }
1078 abort();
1079 /* NOTREACHED */
1080 }
1081
1082 /*
1083 * Like gen_ehostop, but for DLT_IEEE802 (Token Ring)
1084 */
1085 static struct block *
1086 gen_thostop(eaddr, dir)
1087 register const u_char *eaddr;
1088 register int dir;
1089 {
1090 register struct block *b0, *b1;
1091
1092 switch (dir) {
1093 case Q_SRC:
1094 return gen_bcmp(8, 6, eaddr);
1095
1096 case Q_DST:
1097 return gen_bcmp(2, 6, eaddr);
1098
1099 case Q_AND:
1100 b0 = gen_thostop(eaddr, Q_SRC);
1101 b1 = gen_thostop(eaddr, Q_DST);
1102 gen_and(b0, b1);
1103 return b1;
1104
1105 case Q_DEFAULT:
1106 case Q_OR:
1107 b0 = gen_thostop(eaddr, Q_SRC);
1108 b1 = gen_thostop(eaddr, Q_DST);
1109 gen_or(b0, b1);
1110 return b1;
1111 }
1112 abort();
1113 /* NOTREACHED */
1114 }
1115
1116 /*
1117 * This is quite tricky because there may be pad bytes in front of the
1118 * DECNET header, and then there are two possible data packet formats that
1119 * carry both src and dst addresses, plus 5 packet types in a format that
1120 * carries only the src node, plus 2 types that use a different format and
1121 * also carry just the src node.
1122 *
1123 * Yuck.
1124 *
1125 * Instead of doing those all right, we just look for data packets with
1126 * 0 or 1 bytes of padding. If you want to look at other packets, that
1127 * will require a lot more hacking.
1128 *
1129 * To add support for filtering on DECNET "areas" (network numbers)
1130 * one would want to add a "mask" argument to this routine. That would
1131 * make the filter even more inefficient, although one could be clever
1132 * and not generate masking instructions if the mask is 0xFFFF.
1133 */
1134 static struct block *
1135 gen_dnhostop(addr, dir, base_off)
1136 bpf_u_int32 addr;
1137 int dir;
1138 u_int base_off;
1139 {
1140 struct block *b0, *b1, *b2, *tmp;
1141 u_int offset_lh; /* offset if long header is received */
1142 u_int offset_sh; /* offset if short header is received */
1143
1144 switch (dir) {
1145
1146 case Q_DST:
1147 offset_sh = 1; /* follows flags */
1148 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */
1149 break;
1150
1151 case Q_SRC:
1152 offset_sh = 3; /* follows flags, dstnode */
1153 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */
1154 break;
1155
1156 case Q_AND:
1157 /* Inefficient because we do our Calvinball dance twice */
1158 b0 = gen_dnhostop(addr, Q_SRC, base_off);
1159 b1 = gen_dnhostop(addr, Q_DST, base_off);
1160 gen_and(b0, b1);
1161 return b1;
1162
1163 case Q_OR:
1164 case Q_DEFAULT:
1165 /* Inefficient because we do our Calvinball dance twice */
1166 b0 = gen_dnhostop(addr, Q_SRC, base_off);
1167 b1 = gen_dnhostop(addr, Q_DST, base_off);
1168 gen_or(b0, b1);
1169 return b1;
1170
1171 case Q_ISO:
1172 bpf_error("ISO host filtering not implemented");
1173
1174 default:
1175 abort();
1176 }
1177 b0 = gen_linktype(ETHERTYPE_DN);
1178 /* Check for pad = 1, long header case */
1179 tmp = gen_mcmp(base_off + 2, BPF_H,
1180 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF));
1181 b1 = gen_cmp(base_off + 2 + 1 + offset_lh,
1182 BPF_H, (bpf_int32)ntohs(addr));
1183 gen_and(tmp, b1);
1184 /* Check for pad = 0, long header case */
1185 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7);
1186 b2 = gen_cmp(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr));
1187 gen_and(tmp, b2);
1188 gen_or(b2, b1);
1189 /* Check for pad = 1, short header case */
1190 tmp = gen_mcmp(base_off + 2, BPF_H,
1191 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF));
1192 b2 = gen_cmp(base_off + 2 + 1 + offset_sh,
1193 BPF_H, (bpf_int32)ntohs(addr));
1194 gen_and(tmp, b2);
1195 gen_or(b2, b1);
1196 /* Check for pad = 0, short header case */
1197 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7);
1198 b2 = gen_cmp(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr));
1199 gen_and(tmp, b2);
1200 gen_or(b2, b1);
1201
1202 /* Combine with test for linktype */
1203 gen_and(b0, b1);
1204 return b1;
1205 }
1206
1207 static struct block *
1208 gen_host(addr, mask, proto, dir)
1209 bpf_u_int32 addr;
1210 bpf_u_int32 mask;
1211 int proto;
1212 int dir;
1213 {
1214 struct block *b0, *b1;
1215
1216 switch (proto) {
1217
1218 case Q_DEFAULT:
1219 b0 = gen_host(addr, mask, Q_IP, dir);
1220 if (off_linktype != -1) {
1221 b1 = gen_host(addr, mask, Q_ARP, dir);
1222 gen_or(b0, b1);
1223 b0 = gen_host(addr, mask, Q_RARP, dir);
1224 gen_or(b1, b0);
1225 }
1226 return b0;
1227
1228 case Q_IP:
1229 return gen_hostop(addr, mask, dir, ETHERTYPE_IP,
1230 off_nl + 12, off_nl + 16);
1231
1232 case Q_RARP:
1233 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP,
1234 off_nl + 14, off_nl + 24);
1235
1236 case Q_ARP:
1237 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP,
1238 off_nl + 14, off_nl + 24);
1239
1240 case Q_TCP:
1241 bpf_error("'tcp' modifier applied to host");
1242
1243 case Q_UDP:
1244 bpf_error("'udp' modifier applied to host");
1245
1246 case Q_ICMP:
1247 bpf_error("'icmp' modifier applied to host");
1248
1249 case Q_IGMP:
1250 bpf_error("'igmp' modifier applied to host");
1251
1252 case Q_IGRP:
1253 bpf_error("'igrp' modifier applied to host");
1254
1255 case Q_PIM:
1256 bpf_error("'pim' modifier applied to host");
1257
1258 case Q_ATALK:
1259 bpf_error("ATALK host filtering not implemented");
1260
1261 case Q_AARP:
1262 bpf_error("AARP host filtering not implemented");
1263
1264 case Q_DECNET:
1265 return gen_dnhostop(addr, dir, off_nl);
1266
1267 case Q_SCA:
1268 bpf_error("SCA host filtering not implemented");
1269
1270 case Q_LAT:
1271 bpf_error("LAT host filtering not implemented");
1272
1273 case Q_MOPDL:
1274 bpf_error("MOPDL host filtering not implemented");
1275
1276 case Q_MOPRC:
1277 bpf_error("MOPRC host filtering not implemented");
1278
1279 #ifdef INET6
1280 case Q_IPV6:
1281 bpf_error("'ip6' modifier applied to ip host");
1282
1283 case Q_ICMPV6:
1284 bpf_error("'icmp6' modifier applied to host");
1285 #endif /* INET6 */
1286
1287 case Q_AH:
1288 bpf_error("'ah' modifier applied to host");
1289
1290 case Q_ESP:
1291 bpf_error("'esp' modifier applied to host");
1292
1293 case Q_ISO:
1294 bpf_error("ISO host filtering not implemented");
1295
1296 case Q_ESIS:
1297 bpf_error("'esis' modifier applied to host");
1298
1299 case Q_ISIS:
1300 bpf_error("'isis' modifier applied to host");
1301
1302 case Q_CLNP:
1303 bpf_error("'clnp' modifier applied to host");
1304
1305 default:
1306 abort();
1307 }
1308 /* NOTREACHED */
1309 }
1310
1311 #ifdef INET6
1312 static struct block *
1313 gen_host6(addr, mask, proto, dir)
1314 struct in6_addr *addr;
1315 struct in6_addr *mask;
1316 int proto;
1317 int dir;
1318 {
1319 switch (proto) {
1320
1321 case Q_DEFAULT:
1322 return gen_host6(addr, mask, Q_IPV6, dir);
1323
1324 case Q_IP:
1325 bpf_error("'ip' modifier applied to ip6 host");
1326
1327 case Q_RARP:
1328 bpf_error("'rarp' modifier applied to ip6 host");
1329
1330 case Q_ARP:
1331 bpf_error("'arp' modifier applied to ip6 host");
1332
1333 case Q_TCP:
1334 bpf_error("'tcp' modifier applied to host");
1335
1336 case Q_UDP:
1337 bpf_error("'udp' modifier applied to host");
1338
1339 case Q_ICMP:
1340 bpf_error("'icmp' modifier applied to host");
1341
1342 case Q_IGMP:
1343 bpf_error("'igmp' modifier applied to host");
1344
1345 case Q_IGRP:
1346 bpf_error("'igrp' modifier applied to host");
1347
1348 case Q_PIM:
1349 bpf_error("'pim' modifier applied to host");
1350
1351 case Q_ATALK:
1352 bpf_error("ATALK host filtering not implemented");
1353
1354 case Q_AARP:
1355 bpf_error("AARP host filtering not implemented");
1356
1357 case Q_DECNET:
1358 bpf_error("'decnet' modifier applied to ip6 host");
1359
1360 case Q_SCA:
1361 bpf_error("SCA host filtering not implemented");
1362
1363 case Q_LAT:
1364 bpf_error("LAT host filtering not implemented");
1365
1366 case Q_MOPDL:
1367 bpf_error("MOPDL host filtering not implemented");
1368
1369 case Q_MOPRC:
1370 bpf_error("MOPRC host filtering not implemented");
1371
1372 case Q_IPV6:
1373 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6,
1374 off_nl + 8, off_nl + 24);
1375
1376 case Q_ICMPV6:
1377 bpf_error("'icmp6' modifier applied to host");
1378
1379 case Q_AH:
1380 bpf_error("'ah' modifier applied to host");
1381
1382 case Q_ESP:
1383 bpf_error("'esp' modifier applied to host");
1384
1385 case Q_ISO:
1386 bpf_error("ISO host filtering not implemented");
1387
1388 case Q_ESIS:
1389 bpf_error("'esis' modifier applied to host");
1390
1391 case Q_ISIS:
1392 bpf_error("'isis' modifier applied to host");
1393
1394 case Q_CLNP:
1395 bpf_error("'clnp' modifier applied to host");
1396
1397 default:
1398 abort();
1399 }
1400 /* NOTREACHED */
1401 }
1402 #endif /*INET6*/
1403
1404 #ifndef INET6
1405 static struct block *
1406 gen_gateway(eaddr, alist, proto, dir)
1407 const u_char *eaddr;
1408 bpf_u_int32 **alist;
1409 int proto;
1410 int dir;
1411 {
1412 struct block *b0, *b1, *tmp;
1413
1414 if (dir != 0)
1415 bpf_error("direction applied to 'gateway'");
1416
1417 switch (proto) {
1418 case Q_DEFAULT:
1419 case Q_IP:
1420 case Q_ARP:
1421 case Q_RARP:
1422 if (linktype == DLT_EN10MB)
1423 b0 = gen_ehostop(eaddr, Q_OR);
1424 else if (linktype == DLT_FDDI)
1425 b0 = gen_fhostop(eaddr, Q_OR);
1426 else if (linktype == DLT_IEEE802)
1427 b0 = gen_thostop(eaddr, Q_OR);
1428 else
1429 bpf_error(
1430 "'gateway' supported only on ethernet, FDDI or token ring");
1431
1432 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR);
1433 while (*alist) {
1434 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR);
1435 gen_or(b1, tmp);
1436 b1 = tmp;
1437 }
1438 gen_not(b1);
1439 gen_and(b0, b1);
1440 return b1;
1441 }
1442 bpf_error("illegal modifier of 'gateway'");
1443 /* NOTREACHED */
1444 }
1445 #endif
1446
1447 struct block *
1448 gen_proto_abbrev(proto)
1449 int proto;
1450 {
1451 #ifdef INET6
1452 struct block *b0;
1453 #endif
1454 struct block *b1;
1455
1456 switch (proto) {
1457
1458 case Q_TCP:
1459 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT);
1460 #ifdef INET6
1461 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT);
1462 gen_or(b0, b1);
1463 #endif
1464 break;
1465
1466 case Q_UDP:
1467 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT);
1468 #ifdef INET6
1469 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT);
1470 gen_or(b0, b1);
1471 #endif
1472 break;
1473
1474 case Q_ICMP:
1475 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT);
1476 break;
1477
1478 #ifndef IPPROTO_IGMP
1479 #define IPPROTO_IGMP 2
1480 #endif
1481
1482 case Q_IGMP:
1483 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT);
1484 break;
1485
1486 #ifndef IPPROTO_IGRP
1487 #define IPPROTO_IGRP 9
1488 #endif
1489 case Q_IGRP:
1490 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT);
1491 break;
1492
1493 #ifndef IPPROTO_PIM
1494 #define IPPROTO_PIM 103
1495 #endif
1496
1497 case Q_PIM:
1498 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT);
1499 #ifdef INET6
1500 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT);
1501 gen_or(b0, b1);
1502 #endif
1503 break;
1504
1505 case Q_IP:
1506 b1 = gen_linktype(ETHERTYPE_IP);
1507 break;
1508
1509 case Q_ARP:
1510 b1 = gen_linktype(ETHERTYPE_ARP);
1511 break;
1512
1513 case Q_RARP:
1514 b1 = gen_linktype(ETHERTYPE_REVARP);
1515 break;
1516
1517 case Q_LINK:
1518 bpf_error("link layer applied in wrong context");
1519
1520 case Q_ATALK:
1521 b1 = gen_linktype(ETHERTYPE_ATALK);
1522 break;
1523
1524 case Q_AARP:
1525 b1 = gen_linktype(ETHERTYPE_AARP);
1526 break;
1527
1528 case Q_DECNET:
1529 b1 = gen_linktype(ETHERTYPE_DN);
1530 break;
1531
1532 case Q_SCA:
1533 b1 = gen_linktype(ETHERTYPE_SCA);
1534 break;
1535
1536 case Q_LAT:
1537 b1 = gen_linktype(ETHERTYPE_LAT);
1538 break;
1539
1540 case Q_MOPDL:
1541 b1 = gen_linktype(ETHERTYPE_MOPDL);
1542 break;
1543
1544 case Q_MOPRC:
1545 b1 = gen_linktype(ETHERTYPE_MOPRC);
1546 break;
1547
1548 #ifdef INET6
1549 case Q_IPV6:
1550 b1 = gen_linktype(ETHERTYPE_IPV6);
1551 break;
1552
1553 #ifndef IPPROTO_ICMPV6
1554 #define IPPROTO_ICMPV6 58
1555 #endif
1556 case Q_ICMPV6:
1557 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT);
1558 break;
1559 #endif /* INET6 */
1560
1561 #ifndef IPPROTO_AH
1562 #define IPPROTO_AH 51
1563 #endif
1564 case Q_AH:
1565 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT);
1566 #ifdef INET6
1567 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT);
1568 gen_or(b0, b1);
1569 #endif
1570 break;
1571
1572 #ifndef IPPROTO_ESP
1573 #define IPPROTO_ESP 50
1574 #endif
1575 case Q_ESP:
1576 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT);
1577 #ifdef INET6
1578 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT);
1579 gen_or(b0, b1);
1580 #endif
1581 break;
1582
1583 case Q_ISO:
1584 b1 = gen_linktype(LLC_ISO_LSAP);
1585 break;
1586
1587 case Q_ESIS:
1588 b1 = gen_proto(ISO9542_ESIS, Q_ISO, Q_DEFAULT);
1589 break;
1590
1591 case Q_ISIS:
1592 b1 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT);
1593 break;
1594
1595 case Q_CLNP:
1596 b1 = gen_proto(ISO8473_CLNP, Q_ISO, Q_DEFAULT);
1597 break;
1598
1599 default:
1600 abort();
1601 }
1602 return b1;
1603 }
1604
1605 static struct block *
1606 gen_ipfrag()
1607 {
1608 struct slist *s;
1609 struct block *b;
1610
1611 /* not ip frag */
1612 s = new_stmt(BPF_LD|BPF_H|BPF_ABS);
1613 s->s.k = off_nl + 6;
1614 b = new_block(JMP(BPF_JSET));
1615 b->s.k = 0x1fff;
1616 b->stmts = s;
1617 gen_not(b);
1618
1619 return b;
1620 }
1621
1622 static struct block *
1623 gen_portatom(off, v)
1624 int off;
1625 bpf_int32 v;
1626 {
1627 struct slist *s;
1628 struct block *b;
1629
1630 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
1631 s->s.k = off_nl;
1632
1633 s->next = new_stmt(BPF_LD|BPF_IND|BPF_H);
1634 s->next->s.k = off_nl + off;
1635
1636 b = new_block(JMP(BPF_JEQ));
1637 b->stmts = s;
1638 b->s.k = v;
1639
1640 return b;
1641 }
1642
1643 #ifdef INET6
1644 static struct block *
1645 gen_portatom6(off, v)
1646 int off;
1647 bpf_int32 v;
1648 {
1649 return gen_cmp(off_nl + 40 + off, BPF_H, v);
1650 }
1651 #endif/*INET6*/
1652
1653 struct block *
1654 gen_portop(port, proto, dir)
1655 int port, proto, dir;
1656 {
1657 struct block *b0, *b1, *tmp;
1658
1659 /* ip proto 'proto' */
1660 tmp = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)proto);
1661 b0 = gen_ipfrag();
1662 gen_and(tmp, b0);
1663
1664 switch (dir) {
1665 case Q_SRC:
1666 b1 = gen_portatom(0, (bpf_int32)port);
1667 break;
1668
1669 case Q_DST:
1670 b1 = gen_portatom(2, (bpf_int32)port);
1671 break;
1672
1673 case Q_OR:
1674 case Q_DEFAULT:
1675 tmp = gen_portatom(0, (bpf_int32)port);
1676 b1 = gen_portatom(2, (bpf_int32)port);
1677 gen_or(tmp, b1);
1678 break;
1679
1680 case Q_AND:
1681 tmp = gen_portatom(0, (bpf_int32)port);
1682 b1 = gen_portatom(2, (bpf_int32)port);
1683 gen_and(tmp, b1);
1684 break;
1685
1686 default:
1687 abort();
1688 }
1689 gen_and(b0, b1);
1690
1691 return b1;
1692 }
1693
1694 static struct block *
1695 gen_port(port, ip_proto, dir)
1696 int port;
1697 int ip_proto;
1698 int dir;
1699 {
1700 struct block *b0, *b1, *tmp;
1701
1702 /* ether proto ip */
1703 b0 = gen_linktype(ETHERTYPE_IP);
1704
1705 switch (ip_proto) {
1706 case IPPROTO_UDP:
1707 case IPPROTO_TCP:
1708 b1 = gen_portop(port, ip_proto, dir);
1709 break;
1710
1711 case PROTO_UNDEF:
1712 tmp = gen_portop(port, IPPROTO_TCP, dir);
1713 b1 = gen_portop(port, IPPROTO_UDP, dir);
1714 gen_or(tmp, b1);
1715 break;
1716
1717 default:
1718 abort();
1719 }
1720 gen_and(b0, b1);
1721 return b1;
1722 }
1723
1724 #ifdef INET6
1725 struct block *
1726 gen_portop6(port, proto, dir)
1727 int port, proto, dir;
1728 {
1729 struct block *b0, *b1, *tmp;
1730
1731 /* ip proto 'proto' */
1732 b0 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)proto);
1733
1734 switch (dir) {
1735 case Q_SRC:
1736 b1 = gen_portatom6(0, (bpf_int32)port);
1737 break;
1738
1739 case Q_DST:
1740 b1 = gen_portatom6(2, (bpf_int32)port);
1741 break;
1742
1743 case Q_OR:
1744 case Q_DEFAULT:
1745 tmp = gen_portatom6(0, (bpf_int32)port);
1746 b1 = gen_portatom6(2, (bpf_int32)port);
1747 gen_or(tmp, b1);
1748 break;
1749
1750 case Q_AND:
1751 tmp = gen_portatom6(0, (bpf_int32)port);
1752 b1 = gen_portatom6(2, (bpf_int32)port);
1753 gen_and(tmp, b1);
1754 break;
1755
1756 default:
1757 abort();
1758 }
1759 gen_and(b0, b1);
1760
1761 return b1;
1762 }
1763
1764 static struct block *
1765 gen_port6(port, ip_proto, dir)
1766 int port;
1767 int ip_proto;
1768 int dir;
1769 {
1770 struct block *b0, *b1, *tmp;
1771
1772 /* ether proto ip */
1773 b0 = gen_linktype(ETHERTYPE_IPV6);
1774
1775 switch (ip_proto) {
1776 case IPPROTO_UDP:
1777 case IPPROTO_TCP:
1778 b1 = gen_portop6(port, ip_proto, dir);
1779 break;
1780
1781 case PROTO_UNDEF:
1782 tmp = gen_portop6(port, IPPROTO_TCP, dir);
1783 b1 = gen_portop6(port, IPPROTO_UDP, dir);
1784 gen_or(tmp, b1);
1785 break;
1786
1787 default:
1788 abort();
1789 }
1790 gen_and(b0, b1);
1791 return b1;
1792 }
1793 #endif /* INET6 */
1794
1795 static int
1796 lookup_proto(name, proto)
1797 register const char *name;
1798 register int proto;
1799 {
1800 register int v;
1801
1802 switch (proto) {
1803
1804 case Q_DEFAULT:
1805 case Q_IP:
1806 v = pcap_nametoproto(name);
1807 if (v == PROTO_UNDEF)
1808 bpf_error("unknown ip proto '%s'", name);
1809 break;
1810
1811 case Q_LINK:
1812 /* XXX should look up h/w protocol type based on linktype */
1813 v = pcap_nametoeproto(name);
1814 if (v == PROTO_UNDEF)
1815 bpf_error("unknown ether proto '%s'", name);
1816 break;
1817
1818 case Q_ISO:
1819 if (strcmp(name, "esis") == 0)
1820 v = ISO9542_ESIS;
1821 else if (strcmp(name, "isis") == 0)
1822 v = ISO10589_ISIS;
1823 else if (strcmp(name, "clnp") == 0)
1824 v = ISO8473_CLNP;
1825 else
1826 bpf_error("unknown osi proto '%s'", name);
1827 break;
1828
1829 default:
1830 v = PROTO_UNDEF;
1831 break;
1832 }
1833 return v;
1834 }
1835
1836 #if 0
1837 struct stmt *
1838 gen_joinsp(s, n)
1839 struct stmt **s;
1840 int n;
1841 {
1842 return NULL;
1843 }
1844 #endif
1845
1846 static struct block *
1847 gen_protochain(v, proto, dir)
1848 int v;
1849 int proto;
1850 int dir;
1851 {
1852 #ifdef NO_PROTOCHAIN
1853 return gen_proto(v, proto, dir);
1854 #else
1855 struct block *b0, *b;
1856 struct slist *s[100];
1857 int fix2, fix3, fix4, fix5;
1858 int ahcheck, again, end;
1859 int i, max;
1860 int reg1 = alloc_reg();
1861 int reg2 = alloc_reg();
1862
1863 memset(s, 0, sizeof(s));
1864 fix2 = fix3 = fix4 = fix5 = 0;
1865
1866 switch (proto) {
1867 case Q_IP:
1868 case Q_IPV6:
1869 break;
1870 case Q_DEFAULT:
1871 b0 = gen_protochain(v, Q_IP, dir);
1872 b = gen_protochain(v, Q_IPV6, dir);
1873 gen_or(b0, b);
1874 return b;
1875 default:
1876 bpf_error("bad protocol applied for 'protochain'");
1877 /*NOTREACHED*/
1878 }
1879
1880 no_optimize = 1; /*this code is not compatible with optimzer yet */
1881
1882 /*
1883 * s[0] is a dummy entry to protect other BPF insn from damaged
1884 * by s[fix] = foo with uninitialized variable "fix". It is somewhat
1885 * hard to find interdependency made by jump table fixup.
1886 */
1887 i = 0;
1888 s[i] = new_stmt(0); /*dummy*/
1889 i++;
1890
1891 switch (proto) {
1892 case Q_IP:
1893 b0 = gen_linktype(ETHERTYPE_IP);
1894
1895 /* A = ip->ip_p */
1896 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
1897 s[i]->s.k = off_nl + 9;
1898 i++;
1899 /* X = ip->ip_hl << 2 */
1900 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
1901 s[i]->s.k = off_nl;
1902 i++;
1903 break;
1904 #ifdef INET6
1905 case Q_IPV6:
1906 b0 = gen_linktype(ETHERTYPE_IPV6);
1907
1908 /* A = ip6->ip_nxt */
1909 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
1910 s[i]->s.k = off_nl + 6;
1911 i++;
1912 /* X = sizeof(struct ip6_hdr) */
1913 s[i] = new_stmt(BPF_LDX|BPF_IMM);
1914 s[i]->s.k = 40;
1915 i++;
1916 break;
1917 #endif
1918 default:
1919 bpf_error("unsupported proto to gen_protochain");
1920 /*NOTREACHED*/
1921 }
1922
1923 /* again: if (A == v) goto end; else fall through; */
1924 again = i;
1925 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
1926 s[i]->s.k = v;
1927 s[i]->s.jt = NULL; /*later*/
1928 s[i]->s.jf = NULL; /*update in next stmt*/
1929 fix5 = i;
1930 i++;
1931
1932 #ifndef IPPROTO_NONE
1933 #define IPPROTO_NONE 59
1934 #endif
1935 /* if (A == IPPROTO_NONE) goto end */
1936 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
1937 s[i]->s.jt = NULL; /*later*/
1938 s[i]->s.jf = NULL; /*update in next stmt*/
1939 s[i]->s.k = IPPROTO_NONE;
1940 s[fix5]->s.jf = s[i];
1941 fix2 = i;
1942 i++;
1943
1944 #ifdef INET6
1945 if (proto == Q_IPV6) {
1946 int v6start, v6end, v6advance, j;
1947
1948 v6start = i;
1949 /* if (A == IPPROTO_HOPOPTS) goto v6advance */
1950 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
1951 s[i]->s.jt = NULL; /*later*/
1952 s[i]->s.jf = NULL; /*update in next stmt*/
1953 s[i]->s.k = IPPROTO_HOPOPTS;
1954 s[fix2]->s.jf = s[i];
1955 i++;
1956 /* if (A == IPPROTO_DSTOPTS) goto v6advance */
1957 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
1958 s[i]->s.jt = NULL; /*later*/
1959 s[i]->s.jf = NULL; /*update in next stmt*/
1960 s[i]->s.k = IPPROTO_DSTOPTS;
1961 i++;
1962 /* if (A == IPPROTO_ROUTING) goto v6advance */
1963 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
1964 s[i]->s.jt = NULL; /*later*/
1965 s[i]->s.jf = NULL; /*update in next stmt*/
1966 s[i]->s.k = IPPROTO_ROUTING;
1967 i++;
1968 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */
1969 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
1970 s[i]->s.jt = NULL; /*later*/
1971 s[i]->s.jf = NULL; /*later*/
1972 s[i]->s.k = IPPROTO_FRAGMENT;
1973 fix3 = i;
1974 v6end = i;
1975 i++;
1976
1977 /* v6advance: */
1978 v6advance = i;
1979
1980 /*
1981 * in short,
1982 * A = P[X + 1];
1983 * X = X + (P[X] + 1) * 8;
1984 */
1985 /* A = X */
1986 s[i] = new_stmt(BPF_MISC|BPF_TXA);
1987 i++;
1988 /* MEM[reg1] = A */
1989 s[i] = new_stmt(BPF_ST);
1990 s[i]->s.k = reg1;
1991 i++;
1992 /* A += 1 */
1993 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
1994 s[i]->s.k = 1;
1995 i++;
1996 /* X = A */
1997 s[i] = new_stmt(BPF_MISC|BPF_TAX);
1998 i++;
1999 /* A = P[X + packet head]; */
2000 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2001 s[i]->s.k = off_nl;
2002 i++;
2003 /* MEM[reg2] = A */
2004 s[i] = new_stmt(BPF_ST);
2005 s[i]->s.k = reg2;
2006 i++;
2007 /* X = MEM[reg1] */
2008 s[i] = new_stmt(BPF_LDX|BPF_MEM);
2009 s[i]->s.k = reg1;
2010 i++;
2011 /* A = P[X + packet head] */
2012 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2013 s[i]->s.k = off_nl;
2014 i++;
2015 /* A += 1 */
2016 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2017 s[i]->s.k = 1;
2018 i++;
2019 /* A *= 8 */
2020 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
2021 s[i]->s.k = 8;
2022 i++;
2023 /* X = A; */
2024 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2025 i++;
2026 /* A = MEM[reg2] */
2027 s[i] = new_stmt(BPF_LD|BPF_MEM);
2028 s[i]->s.k = reg2;
2029 i++;
2030
2031 /* goto again; (must use BPF_JA for backward jump) */
2032 s[i] = new_stmt(BPF_JMP|BPF_JA);
2033 s[i]->s.k = again - i - 1;
2034 s[i - 1]->s.jf = s[i];
2035 i++;
2036
2037 /* fixup */
2038 for (j = v6start; j <= v6end; j++)
2039 s[j]->s.jt = s[v6advance];
2040 } else
2041 #endif
2042 {
2043 /* nop */
2044 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2045 s[i]->s.k = 0;
2046 s[fix2]->s.jf = s[i];
2047 i++;
2048 }
2049
2050 /* ahcheck: */
2051 ahcheck = i;
2052 /* if (A == IPPROTO_AH) then fall through; else goto end; */
2053 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2054 s[i]->s.jt = NULL; /*later*/
2055 s[i]->s.jf = NULL; /*later*/
2056 s[i]->s.k = IPPROTO_AH;
2057 if (fix3)
2058 s[fix3]->s.jf = s[ahcheck];
2059 fix4 = i;
2060 i++;
2061
2062 /*
2063 * in short,
2064 * A = P[X + 1];
2065 * X = X + (P[X] + 2) * 4;
2066 */
2067 /* A = X */
2068 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
2069 i++;
2070 /* MEM[reg1] = A */
2071 s[i] = new_stmt(BPF_ST);
2072 s[i]->s.k = reg1;
2073 i++;
2074 /* A += 1 */
2075 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2076 s[i]->s.k = 1;
2077 i++;
2078 /* X = A */
2079 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2080 i++;
2081 /* A = P[X + packet head]; */
2082 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2083 s[i]->s.k = off_nl;
2084 i++;
2085 /* MEM[reg2] = A */
2086 s[i] = new_stmt(BPF_ST);
2087 s[i]->s.k = reg2;
2088 i++;
2089 /* X = MEM[reg1] */
2090 s[i] = new_stmt(BPF_LDX|BPF_MEM);
2091 s[i]->s.k = reg1;
2092 i++;
2093 /* A = P[X + packet head] */
2094 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2095 s[i]->s.k = off_nl;
2096 i++;
2097 /* A += 2 */
2098 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2099 s[i]->s.k = 2;
2100 i++;
2101 /* A *= 4 */
2102 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
2103 s[i]->s.k = 4;
2104 i++;
2105 /* X = A; */
2106 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2107 i++;
2108 /* A = MEM[reg2] */
2109 s[i] = new_stmt(BPF_LD|BPF_MEM);
2110 s[i]->s.k = reg2;
2111 i++;
2112
2113 /* goto again; (must use BPF_JA for backward jump) */
2114 s[i] = new_stmt(BPF_JMP|BPF_JA);
2115 s[i]->s.k = again - i - 1;
2116 i++;
2117
2118 /* end: nop */
2119 end = i;
2120 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2121 s[i]->s.k = 0;
2122 s[fix2]->s.jt = s[end];
2123 s[fix4]->s.jf = s[end];
2124 s[fix5]->s.jt = s[end];
2125 i++;
2126
2127 /*
2128 * make slist chain
2129 */
2130 max = i;
2131 for (i = 0; i < max - 1; i++)
2132 s[i]->next = s[i + 1];
2133 s[max - 1]->next = NULL;
2134
2135 /*
2136 * emit final check
2137 */
2138 b = new_block(JMP(BPF_JEQ));
2139 b->stmts = s[1]; /*remember, s[0] is dummy*/
2140 b->s.k = v;
2141
2142 free_reg(reg1);
2143 free_reg(reg2);
2144
2145 gen_and(b0, b);
2146 return b;
2147 #endif
2148 }
2149
2150 static struct block *
2151 gen_proto(v, proto, dir)
2152 int v;
2153 int proto;
2154 int dir;
2155 {
2156 struct block *b0, *b1;
2157
2158 if (dir != Q_DEFAULT)
2159 bpf_error("direction applied to 'proto'");
2160
2161 switch (proto) {
2162 case Q_DEFAULT:
2163 #ifdef INET6
2164 b0 = gen_proto(v, Q_IP, dir);
2165 b1 = gen_proto(v, Q_IPV6, dir);
2166 gen_or(b0, b1);
2167 return b1;
2168 #else
2169 /*FALLTHROUGH*/
2170 #endif
2171 case Q_IP:
2172 b0 = gen_linktype(ETHERTYPE_IP);
2173 #ifndef CHASE_CHAIN
2174 b1 = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)v);
2175 #else
2176 b1 = gen_protochain(v, Q_IP);
2177 #endif
2178 gen_and(b0, b1);
2179 return b1;
2180
2181 case Q_ISO:
2182 b0 = gen_linktype(LLC_ISO_LSAP);
2183 b1 = gen_cmp(off_nl + 3, BPF_B, (long)v);
2184 gen_and(b0, b1);
2185 return b1;
2186
2187 case Q_ARP:
2188 bpf_error("arp does not encapsulate another protocol");
2189 /* NOTREACHED */
2190
2191 case Q_RARP:
2192 bpf_error("rarp does not encapsulate another protocol");
2193 /* NOTREACHED */
2194
2195 case Q_ATALK:
2196 bpf_error("atalk encapsulation is not specifiable");
2197 /* NOTREACHED */
2198
2199 case Q_DECNET:
2200 bpf_error("decnet encapsulation is not specifiable");
2201 /* NOTREACHED */
2202
2203 case Q_SCA:
2204 bpf_error("sca does not encapsulate another protocol");
2205 /* NOTREACHED */
2206
2207 case Q_LAT:
2208 bpf_error("lat does not encapsulate another protocol");
2209 /* NOTREACHED */
2210
2211 case Q_MOPRC:
2212 bpf_error("moprc does not encapsulate another protocol");
2213 /* NOTREACHED */
2214
2215 case Q_MOPDL:
2216 bpf_error("mopdl does not encapsulate another protocol");
2217 /* NOTREACHED */
2218
2219 case Q_LINK:
2220 return gen_linktype(v);
2221
2222 case Q_UDP:
2223 bpf_error("'udp proto' is bogus");
2224 /* NOTREACHED */
2225
2226 case Q_TCP:
2227 bpf_error("'tcp proto' is bogus");
2228 /* NOTREACHED */
2229
2230 case Q_ICMP:
2231 bpf_error("'icmp proto' is bogus");
2232 /* NOTREACHED */
2233
2234 case Q_IGMP:
2235 bpf_error("'igmp proto' is bogus");
2236 /* NOTREACHED */
2237
2238 case Q_IGRP:
2239 bpf_error("'igrp proto' is bogus");
2240 /* NOTREACHED */
2241
2242 case Q_PIM:
2243 bpf_error("'pim proto' is bogus");
2244 /* NOTREACHED */
2245
2246 #ifdef INET6
2247 case Q_IPV6:
2248 b0 = gen_linktype(ETHERTYPE_IPV6);
2249 #ifndef CHASE_CHAIN
2250 b1 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)v);
2251 #else
2252 b1 = gen_protochain(v, Q_IPV6);
2253 #endif
2254 gen_and(b0, b1);
2255 return b1;
2256
2257 case Q_ICMPV6:
2258 bpf_error("'icmp6 proto' is bogus");
2259 #endif /* INET6 */
2260
2261 case Q_AH:
2262 bpf_error("'ah proto' is bogus");
2263
2264 case Q_ESP:
2265 bpf_error("'ah proto' is bogus");
2266
2267 default:
2268 abort();
2269 /* NOTREACHED */
2270 }
2271 /* NOTREACHED */
2272 }
2273
2274 struct block *
2275 gen_scode(name, q)
2276 register const char *name;
2277 struct qual q;
2278 {
2279 int proto = q.proto;
2280 int dir = q.dir;
2281 int tproto;
2282 u_char *eaddr;
2283 bpf_u_int32 mask, addr;
2284 #ifndef INET6
2285 bpf_u_int32 **alist;
2286 #else
2287 int tproto6;
2288 struct sockaddr_in *sin;
2289 struct sockaddr_in6 *sin6;
2290 struct addrinfo *res, *res0;
2291 struct in6_addr mask128;
2292 #endif /*INET6*/
2293 struct block *b, *tmp;
2294 int port, real_proto;
2295
2296 switch (q.addr) {
2297
2298 case Q_NET:
2299 addr = pcap_nametonetaddr(name);
2300 if (addr == 0)
2301 bpf_error("unknown network '%s'", name);
2302 /* Left justify network addr and calculate its network mask */
2303 mask = 0xffffffff;
2304 while (addr && (addr & 0xff000000) == 0) {
2305 addr <<= 8;
2306 mask <<= 8;
2307 }
2308 return gen_host(addr, mask, proto, dir);
2309
2310 case Q_DEFAULT:
2311 case Q_HOST:
2312 if (proto == Q_LINK) {
2313 switch (linktype) {
2314
2315 case DLT_EN10MB:
2316 eaddr = pcap_ether_hostton(name);
2317 if (eaddr == NULL)
2318 bpf_error(
2319 "unknown ether host '%s'", name);
2320 return gen_ehostop(eaddr, dir);
2321
2322 case DLT_FDDI:
2323 eaddr = pcap_ether_hostton(name);
2324 if (eaddr == NULL)
2325 bpf_error(
2326 "unknown FDDI host '%s'", name);
2327 return gen_fhostop(eaddr, dir);
2328
2329 case DLT_IEEE802:
2330 eaddr = pcap_ether_hostton(name);
2331 if (eaddr == NULL)
2332 bpf_error(
2333 "unknown token ring host '%s'", name);
2334 return gen_thostop(eaddr, dir);
2335
2336 default:
2337 bpf_error(
2338 "only ethernet/FDDI/token ring supports link-level host name");
2339 break;
2340 }
2341 } else if (proto == Q_DECNET) {
2342 unsigned short dn_addr = __pcap_nametodnaddr(name);
2343 /*
2344 * I don't think DECNET hosts can be multihomed, so
2345 * there is no need to build up a list of addresses
2346 */
2347 return (gen_host(dn_addr, 0, proto, dir));
2348 } else {
2349 #ifndef INET6
2350 alist = pcap_nametoaddr(name);
2351 if (alist == NULL || *alist == NULL)
2352 bpf_error("unknown host '%s'", name);
2353 tproto = proto;
2354 if (off_linktype == -1 && tproto == Q_DEFAULT)
2355 tproto = Q_IP;
2356 b = gen_host(**alist++, 0xffffffff, tproto, dir);
2357 while (*alist) {
2358 tmp = gen_host(**alist++, 0xffffffff,
2359 tproto, dir);
2360 gen_or(b, tmp);
2361 b = tmp;
2362 }
2363 return b;
2364 #else
2365 memset(&mask128, 0xff, sizeof(mask128));
2366 res0 = res = pcap_nametoaddrinfo(name);
2367 if (res == NULL)
2368 bpf_error("unknown host '%s'", name);
2369 b = tmp = NULL;
2370 tproto = tproto6 = proto;
2371 if (off_linktype == -1 && tproto == Q_DEFAULT) {
2372 tproto = Q_IP;
2373 tproto6 = Q_IPV6;
2374 }
2375 for (res = res0; res; res = res->ai_next) {
2376 switch (res->ai_family) {
2377 case AF_INET:
2378 if (tproto == Q_IPV6)
2379 continue;
2380
2381 sin = (struct sockaddr_in *)
2382 res->ai_addr;
2383 tmp = gen_host(ntohl(sin->sin_addr.s_addr),
2384 0xffffffff, tproto, dir);
2385 break;
2386 case AF_INET6:
2387 if (tproto6 == Q_IP)
2388 continue;
2389
2390 sin6 = (struct sockaddr_in6 *)
2391 res->ai_addr;
2392 tmp = gen_host6(&sin6->sin6_addr,
2393 &mask128, tproto6, dir);
2394 break;
2395 }
2396 if (b)
2397 gen_or(b, tmp);
2398 b = tmp;
2399 }
2400 freeaddrinfo(res0);
2401 if (b == NULL) {
2402 bpf_error("unknown host '%s'%s", name,
2403 (proto == Q_DEFAULT)
2404 ? ""
2405 : " for specified address family");
2406 }
2407 return b;
2408 #endif /*INET6*/
2409 }
2410
2411 case Q_PORT:
2412 if (proto != Q_DEFAULT && proto != Q_UDP && proto != Q_TCP)
2413 bpf_error("illegal qualifier of 'port'");
2414 if (pcap_nametoport(name, &port, &real_proto) == 0)
2415 bpf_error("unknown port '%s'", name);
2416 if (proto == Q_UDP) {
2417 if (real_proto == IPPROTO_TCP)
2418 bpf_error("port '%s' is tcp", name);
2419 else
2420 /* override PROTO_UNDEF */
2421 real_proto = IPPROTO_UDP;
2422 }
2423 if (proto == Q_TCP) {
2424 if (real_proto == IPPROTO_UDP)
2425 bpf_error("port '%s' is udp", name);
2426 else
2427 /* override PROTO_UNDEF */
2428 real_proto = IPPROTO_TCP;
2429 }
2430 #ifndef INET6
2431 return gen_port(port, real_proto, dir);
2432 #else
2433 {
2434 struct block *b;
2435 b = gen_port(port, real_proto, dir);
2436 gen_or(gen_port6(port, real_proto, dir), b);
2437 return b;
2438 }
2439 #endif /* INET6 */
2440
2441 case Q_GATEWAY:
2442 #ifndef INET6
2443 eaddr = pcap_ether_hostton(name);
2444 if (eaddr == NULL)
2445 bpf_error("unknown ether host: %s", name);
2446
2447 alist = pcap_nametoaddr(name);
2448 if (alist == NULL || *alist == NULL)
2449 bpf_error("unknown host '%s'", name);
2450 return gen_gateway(eaddr, alist, proto, dir);
2451 #else
2452 bpf_error("'gateway' not supported in this configuration");
2453 #endif /*INET6*/
2454
2455 case Q_PROTO:
2456 real_proto = lookup_proto(name, proto);
2457 if (real_proto >= 0)
2458 return gen_proto(real_proto, proto, dir);
2459 else
2460 bpf_error("unknown protocol: %s", name);
2461
2462 case Q_PROTOCHAIN:
2463 real_proto = lookup_proto(name, proto);
2464 if (real_proto >= 0)
2465 return gen_protochain(real_proto, proto, dir);
2466 else
2467 bpf_error("unknown protocol: %s", name);
2468
2469
2470 case Q_UNDEF:
2471 syntax();
2472 /* NOTREACHED */
2473 }
2474 abort();
2475 /* NOTREACHED */
2476 }
2477
2478 struct block *
2479 gen_mcode(s1, s2, masklen, q)
2480 register const char *s1, *s2;
2481 register int masklen;
2482 struct qual q;
2483 {
2484 register int nlen, mlen;
2485 bpf_u_int32 n, m;
2486
2487 nlen = __pcap_atoin(s1, &n);
2488 /* Promote short ipaddr */
2489 n <<= 32 - nlen;
2490
2491 if (s2 != NULL) {
2492 mlen = __pcap_atoin(s2, &m);
2493 /* Promote short ipaddr */
2494 m <<= 32 - mlen;
2495 if ((n & ~m) != 0)
2496 bpf_error("non-network bits set in \"%s mask %s\"",
2497 s1, s2);
2498 } else {
2499 /* Convert mask len to mask */
2500 if (masklen > 32)
2501 bpf_error("mask length must be <= 32");
2502 m = 0xffffffff << (32 - masklen);
2503 if ((n & ~m) != 0)
2504 bpf_error("non-network bits set in \"%s/%d\"",
2505 s1, masklen);
2506 }
2507
2508 switch (q.addr) {
2509
2510 case Q_NET:
2511 return gen_host(n, m, q.proto, q.dir);
2512
2513 default:
2514 bpf_error("Mask syntax for networks only");
2515 /* NOTREACHED */
2516 }
2517 }
2518
2519 struct block *
2520 gen_ncode(s, v, q)
2521 register const char *s;
2522 bpf_u_int32 v;
2523 struct qual q;
2524 {
2525 bpf_u_int32 mask;
2526 int proto = q.proto;
2527 int dir = q.dir;
2528 register int vlen;
2529
2530 if (s == NULL)
2531 vlen = 32;
2532 else if (q.proto == Q_DECNET)
2533 vlen = __pcap_atodn(s, &v);
2534 else
2535 vlen = __pcap_atoin(s, &v);
2536
2537 switch (q.addr) {
2538
2539 case Q_DEFAULT:
2540 case Q_HOST:
2541 case Q_NET:
2542 if (proto == Q_DECNET)
2543 return gen_host(v, 0, proto, dir);
2544 else if (proto == Q_LINK) {
2545 bpf_error("illegal link layer address");
2546 } else {
2547 mask = 0xffffffff;
2548 if (s == NULL && q.addr == Q_NET) {
2549 /* Promote short net number */
2550 while (v && (v & 0xff000000) == 0) {
2551 v <<= 8;
2552 mask <<= 8;
2553 }
2554 } else {
2555 /* Promote short ipaddr */
2556 v <<= 32 - vlen;
2557 mask <<= 32 - vlen;
2558 }
2559 return gen_host(v, mask, proto, dir);
2560 }
2561
2562 case Q_PORT:
2563 if (proto == Q_UDP)
2564 proto = IPPROTO_UDP;
2565 else if (proto == Q_TCP)
2566 proto = IPPROTO_TCP;
2567 else if (proto == Q_DEFAULT)
2568 proto = PROTO_UNDEF;
2569 else
2570 bpf_error("illegal qualifier of 'port'");
2571
2572 #ifndef INET6
2573 return gen_port((int)v, proto, dir);
2574 #else
2575 {
2576 struct block *b;
2577 b = gen_port((int)v, proto, dir);
2578 gen_or(gen_port6((int)v, proto, dir), b);
2579 return b;
2580 }
2581 #endif /* INET6 */
2582
2583 case Q_GATEWAY:
2584 bpf_error("'gateway' requires a name");
2585 /* NOTREACHED */
2586
2587 case Q_PROTO:
2588 return gen_proto((int)v, proto, dir);
2589
2590 case Q_PROTOCHAIN:
2591 return gen_protochain((int)v, proto, dir);
2592
2593 case Q_UNDEF:
2594 syntax();
2595 /* NOTREACHED */
2596
2597 default:
2598 abort();
2599 /* NOTREACHED */
2600 }
2601 /* NOTREACHED */
2602 }
2603
2604 #ifdef INET6
2605 struct block *
2606 gen_mcode6(s1, s2, masklen, q)
2607 register const char *s1, *s2;
2608 register int masklen;
2609 struct qual q;
2610 {
2611 struct addrinfo *res;
2612 struct in6_addr *addr;
2613 struct in6_addr mask;
2614 struct block *b;
2615 u_int32_t *a, *m;
2616
2617 if (s2)
2618 bpf_error("no mask %s supported", s2);
2619
2620 res = pcap_nametoaddrinfo(s1);
2621 if (!res)
2622 bpf_error("invalid ip6 address %s", s1);
2623 if (res->ai_next)
2624 bpf_error("%s resolved to multiple address", s1);
2625 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr;
2626
2627 if (sizeof(mask) * 8 < masklen)
2628 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8));
2629 memset(&mask, 0xff, masklen / 8);
2630 if (masklen % 8) {
2631 mask.s6_addr[masklen / 8] =
2632 (0xff << (8 - masklen % 8)) & 0xff;
2633 }
2634
2635 a = (u_int32_t *)addr;
2636 m = (u_int32_t *)&mask;
2637 if ((a[0] & ~m[0]) || (a[1] & ~m[1])
2638 || (a[2] & ~m[2]) || (a[3] & ~m[3])) {
2639 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen);
2640 }
2641
2642 switch (q.addr) {
2643
2644 case Q_DEFAULT:
2645 case Q_HOST:
2646 if (masklen != 128)
2647 bpf_error("Mask syntax for networks only");
2648 /* FALLTHROUGH */
2649
2650 case Q_NET:
2651 b = gen_host6(addr, &mask, q.proto, q.dir);
2652 freeaddrinfo(res);
2653 return b;
2654
2655 default:
2656 bpf_error("invalid qualifier against IPv6 address");
2657 /* NOTREACHED */
2658 }
2659 }
2660 #endif /*INET6*/
2661
2662 struct block *
2663 gen_ecode(eaddr, q)
2664 register const u_char *eaddr;
2665 struct qual q;
2666 {
2667 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
2668 if (linktype == DLT_EN10MB)
2669 return gen_ehostop(eaddr, (int)q.dir);
2670 if (linktype == DLT_FDDI)
2671 return gen_fhostop(eaddr, (int)q.dir);
2672 if (linktype == DLT_IEEE802)
2673 return gen_thostop(eaddr, (int)q.dir);
2674 }
2675 bpf_error("ethernet address used in non-ether expression");
2676 /* NOTREACHED */
2677 }
2678
2679 void
2680 sappend(s0, s1)
2681 struct slist *s0, *s1;
2682 {
2683 /*
2684 * This is definitely not the best way to do this, but the
2685 * lists will rarely get long.
2686 */
2687 while (s0->next)
2688 s0 = s0->next;
2689 s0->next = s1;
2690 }
2691
2692 static struct slist *
2693 xfer_to_x(a)
2694 struct arth *a;
2695 {
2696 struct slist *s;
2697
2698 s = new_stmt(BPF_LDX|BPF_MEM);
2699 s->s.k = a->regno;
2700 return s;
2701 }
2702
2703 static struct slist *
2704 xfer_to_a(a)
2705 struct arth *a;
2706 {
2707 struct slist *s;
2708
2709 s = new_stmt(BPF_LD|BPF_MEM);
2710 s->s.k = a->regno;
2711 return s;
2712 }
2713
2714 struct arth *
2715 gen_load(proto, index, size)
2716 int proto;
2717 struct arth *index;
2718 int size;
2719 {
2720 struct slist *s, *tmp;
2721 struct block *b;
2722 int regno = alloc_reg();
2723
2724 free_reg(index->regno);
2725 switch (size) {
2726
2727 default:
2728 bpf_error("data size must be 1, 2, or 4");
2729
2730 case 1:
2731 size = BPF_B;
2732 break;
2733
2734 case 2:
2735 size = BPF_H;
2736 break;
2737
2738 case 4:
2739 size = BPF_W;
2740 break;
2741 }
2742 switch (proto) {
2743 default:
2744 bpf_error("unsupported index operation");
2745
2746 case Q_LINK:
2747 s = xfer_to_x(index);
2748 tmp = new_stmt(BPF_LD|BPF_IND|size);
2749 sappend(s, tmp);
2750 sappend(index->s, s);
2751 break;
2752
2753 case Q_IP:
2754 case Q_ARP:
2755 case Q_RARP:
2756 case Q_ATALK:
2757 case Q_DECNET:
2758 case Q_SCA:
2759 case Q_LAT:
2760 case Q_MOPRC:
2761 case Q_MOPDL:
2762 #ifdef INET6
2763 case Q_IPV6:
2764 #endif
2765 /* XXX Note that we assume a fixed link header here. */
2766 s = xfer_to_x(index);
2767 tmp = new_stmt(BPF_LD|BPF_IND|size);
2768 tmp->s.k = off_nl;
2769 sappend(s, tmp);
2770 sappend(index->s, s);
2771
2772 b = gen_proto_abbrev(proto);
2773 if (index->b)
2774 gen_and(index->b, b);
2775 index->b = b;
2776 break;
2777
2778 case Q_TCP:
2779 case Q_UDP:
2780 case Q_ICMP:
2781 case Q_IGMP:
2782 case Q_IGRP:
2783 case Q_PIM:
2784 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
2785 s->s.k = off_nl;
2786 sappend(s, xfer_to_a(index));
2787 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X));
2788 sappend(s, new_stmt(BPF_MISC|BPF_TAX));
2789 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size));
2790 tmp->s.k = off_nl;
2791 sappend(index->s, s);
2792
2793 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag());
2794 if (index->b)
2795 gen_and(index->b, b);
2796 #ifdef INET6
2797 gen_and(gen_proto_abbrev(Q_IP), b);
2798 #endif
2799 index->b = b;
2800 break;
2801 #ifdef INET6
2802 case Q_ICMPV6:
2803 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]");
2804 /*NOTREACHED*/
2805 #endif
2806 }
2807 index->regno = regno;
2808 s = new_stmt(BPF_ST);
2809 s->s.k = regno;
2810 sappend(index->s, s);
2811
2812 return index;
2813 }
2814
2815 struct block *
2816 gen_relation(code, a0, a1, reversed)
2817 int code;
2818 struct arth *a0, *a1;
2819 int reversed;
2820 {
2821 struct slist *s0, *s1, *s2;
2822 struct block *b, *tmp;
2823
2824 s0 = xfer_to_x(a1);
2825 s1 = xfer_to_a(a0);
2826 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X);
2827 b = new_block(JMP(code));
2828 if (code == BPF_JGT || code == BPF_JGE) {
2829 reversed = !reversed;
2830 b->s.k = 0x80000000;
2831 }
2832 if (reversed)
2833 gen_not(b);
2834
2835 sappend(s1, s2);
2836 sappend(s0, s1);
2837 sappend(a1->s, s0);
2838 sappend(a0->s, a1->s);
2839
2840 b->stmts = a0->s;
2841
2842 free_reg(a0->regno);
2843 free_reg(a1->regno);
2844
2845 /* 'and' together protocol checks */
2846 if (a0->b) {
2847 if (a1->b) {
2848 gen_and(a0->b, tmp = a1->b);
2849 }
2850 else
2851 tmp = a0->b;
2852 } else
2853 tmp = a1->b;
2854
2855 if (tmp)
2856 gen_and(tmp, b);
2857
2858 return b;
2859 }
2860
2861 struct arth *
2862 gen_loadlen()
2863 {
2864 int regno = alloc_reg();
2865 struct arth *a = (struct arth *)newchunk(sizeof(*a));
2866 struct slist *s;
2867
2868 s = new_stmt(BPF_LD|BPF_LEN);
2869 s->next = new_stmt(BPF_ST);
2870 s->next->s.k = regno;
2871 a->s = s;
2872 a->regno = regno;
2873
2874 return a;
2875 }
2876
2877 struct arth *
2878 gen_loadi(val)
2879 int val;
2880 {
2881 struct arth *a;
2882 struct slist *s;
2883 int reg;
2884
2885 a = (struct arth *)newchunk(sizeof(*a));
2886
2887 reg = alloc_reg();
2888
2889 s = new_stmt(BPF_LD|BPF_IMM);
2890 s->s.k = val;
2891 s->next = new_stmt(BPF_ST);
2892 s->next->s.k = reg;
2893 a->s = s;
2894 a->regno = reg;
2895
2896 return a;
2897 }
2898
2899 struct arth *
2900 gen_neg(a)
2901 struct arth *a;
2902 {
2903 struct slist *s;
2904
2905 s = xfer_to_a(a);
2906 sappend(a->s, s);
2907 s = new_stmt(BPF_ALU|BPF_NEG);
2908 s->s.k = 0;
2909 sappend(a->s, s);
2910 s = new_stmt(BPF_ST);
2911 s->s.k = a->regno;
2912 sappend(a->s, s);
2913
2914 return a;
2915 }
2916
2917 struct arth *
2918 gen_arth(code, a0, a1)
2919 int code;
2920 struct arth *a0, *a1;
2921 {
2922 struct slist *s0, *s1, *s2;
2923
2924 s0 = xfer_to_x(a1);
2925 s1 = xfer_to_a(a0);
2926 s2 = new_stmt(BPF_ALU|BPF_X|code);
2927
2928 sappend(s1, s2);
2929 sappend(s0, s1);
2930 sappend(a1->s, s0);
2931 sappend(a0->s, a1->s);
2932
2933 free_reg(a1->regno);
2934
2935 s0 = new_stmt(BPF_ST);
2936 a0->regno = s0->s.k = alloc_reg();
2937 sappend(a0->s, s0);
2938
2939 return a0;
2940 }
2941
2942 /*
2943 * Here we handle simple allocation of the scratch registers.
2944 * If too many registers are alloc'd, the allocator punts.
2945 */
2946 static int regused[BPF_MEMWORDS];
2947 static int curreg;
2948
2949 /*
2950 * Return the next free register.
2951 */
2952 static int
2953 alloc_reg()
2954 {
2955 int n = BPF_MEMWORDS;
2956
2957 while (--n >= 0) {
2958 if (regused[curreg])
2959 curreg = (curreg + 1) % BPF_MEMWORDS;
2960 else {
2961 regused[curreg] = 1;
2962 return curreg;
2963 }
2964 }
2965 bpf_error("too many registers needed to evaluate expression");
2966 /* NOTREACHED */
2967 }
2968
2969 /*
2970 * Return a register to the table so it can
2971 * be used later.
2972 */
2973 static void
2974 free_reg(n)
2975 int n;
2976 {
2977 regused[n] = 0;
2978 }
2979
2980 static struct block *
2981 gen_len(jmp, n)
2982 int jmp, n;
2983 {
2984 struct slist *s;
2985 struct block *b;
2986
2987 s = new_stmt(BPF_LD|BPF_LEN);
2988 b = new_block(JMP(jmp));
2989 b->stmts = s;
2990 b->s.k = n;
2991
2992 return b;
2993 }
2994
2995 struct block *
2996 gen_greater(n)
2997 int n;
2998 {
2999 return gen_len(BPF_JGE, n);
3000 }
3001
3002 /*
3003 * Actually, this is less than or equal.
3004 */
3005 struct block *
3006 gen_less(n)
3007 int n;
3008 {
3009 struct block *b;
3010
3011 b = gen_len(BPF_JGT, n);
3012 gen_not(b);
3013
3014 return b;
3015 }
3016
3017 struct block *
3018 gen_byteop(op, idx, val)
3019 int op, idx, val;
3020 {
3021 struct block *b;
3022 struct slist *s;
3023
3024 switch (op) {
3025 default:
3026 abort();
3027
3028 case '=':
3029 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
3030
3031 case '<':
3032 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
3033 b->s.code = JMP(BPF_JGE);
3034 gen_not(b);
3035 return b;
3036
3037 case '>':
3038 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
3039 b->s.code = JMP(BPF_JGT);
3040 return b;
3041
3042 case '|':
3043 s = new_stmt(BPF_ALU|BPF_OR|BPF_K);
3044 break;
3045
3046 case '&':
3047 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
3048 break;
3049 }
3050 s->s.k = val;
3051 b = new_block(JMP(BPF_JEQ));
3052 b->stmts = s;
3053 gen_not(b);
3054
3055 return b;
3056 }
3057
3058 struct block *
3059 gen_broadcast(proto)
3060 int proto;
3061 {
3062 bpf_u_int32 hostmask;
3063 struct block *b0, *b1, *b2;
3064 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
3065
3066 switch (proto) {
3067
3068 case Q_DEFAULT:
3069 case Q_LINK:
3070 if (linktype == DLT_EN10MB)
3071 return gen_ehostop(ebroadcast, Q_DST);
3072 if (linktype == DLT_FDDI)
3073 return gen_fhostop(ebroadcast, Q_DST);
3074 if (linktype == DLT_IEEE802)
3075 return gen_thostop(ebroadcast, Q_DST);
3076 bpf_error("not a broadcast link");
3077 break;
3078
3079 case Q_IP:
3080 b0 = gen_linktype(ETHERTYPE_IP);
3081 hostmask = ~netmask;
3082 b1 = gen_mcmp(off_nl + 16, BPF_W, (bpf_int32)0, hostmask);
3083 b2 = gen_mcmp(off_nl + 16, BPF_W,
3084 (bpf_int32)(~0 & hostmask), hostmask);
3085 gen_or(b1, b2);
3086 gen_and(b0, b2);
3087 return b2;
3088 }
3089 bpf_error("only ether/ip broadcast filters supported");
3090 }
3091
3092 struct block *
3093 gen_multicast(proto)
3094 int proto;
3095 {
3096 register struct block *b0, *b1;
3097 register struct slist *s;
3098
3099 switch (proto) {
3100
3101 case Q_DEFAULT:
3102 case Q_LINK:
3103 if (linktype == DLT_EN10MB) {
3104 /* ether[0] & 1 != 0 */
3105 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
3106 s->s.k = 0;
3107 b0 = new_block(JMP(BPF_JSET));
3108 b0->s.k = 1;
3109 b0->stmts = s;
3110 return b0;
3111 }
3112
3113 if (linktype == DLT_FDDI) {
3114 /* XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX */
3115 /* fddi[1] & 1 != 0 */
3116 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
3117 s->s.k = 1;
3118 b0 = new_block(JMP(BPF_JSET));
3119 b0->s.k = 1;
3120 b0->stmts = s;
3121 return b0;
3122 }
3123
3124 /* TODO - check how token ring handles multicast */
3125 /* if (linktype == DLT_IEEE802) ... */
3126
3127 /* Link not known to support multicasts */
3128 break;
3129
3130 case Q_IP:
3131 b0 = gen_linktype(ETHERTYPE_IP);
3132 b1 = gen_cmp(off_nl + 16, BPF_B, (bpf_int32)224);
3133 b1->s.code = JMP(BPF_JGE);
3134 gen_and(b0, b1);
3135 return b1;
3136
3137 #ifdef INET6
3138 case Q_IPV6:
3139 b0 = gen_linktype(ETHERTYPE_IPV6);
3140 b1 = gen_cmp(off_nl + 24, BPF_B, (bpf_int32)255);
3141 gen_and(b0, b1);
3142 return b1;
3143 #endif /* INET6 */
3144 }
3145 bpf_error("only IP multicast filters supported on ethernet/FDDI");
3146 }
3147
3148 /*
3149 * generate command for inbound/outbound. It's here so we can
3150 * make it link-type specific. 'dir' = 0 implies "inbound",
3151 * = 1 implies "outbound".
3152 */
3153 struct block *
3154 gen_inbound(dir)
3155 int dir;
3156 {
3157 register struct block *b0;
3158
3159 b0 = gen_relation(BPF_JEQ,
3160 gen_load(Q_LINK, gen_loadi(0), 1),
3161 gen_loadi(0),
3162 dir);
3163 return (b0);
3164 }
3165
3166 /*
3167 * support IEEE 802.1Q VLAN trunk over ethernet
3168 */
3169 struct block *
3170 gen_vlan(vlan_num)
3171 int vlan_num;
3172 {
3173 static u_int orig_linktype = -1, orig_nl = -1;
3174 struct block *b0;
3175
3176 /*
3177 * Change the offsets to point to the type and data fields within
3178 * the VLAN packet. This is somewhat of a kludge.
3179 */
3180 if (orig_nl == (u_int)-1) {
3181 orig_linktype = off_linktype; /* save original values */
3182 orig_nl = off_nl;
3183
3184 switch (linktype) {
3185
3186 case DLT_EN10MB:
3187 off_linktype = 16;
3188 off_nl = 18;
3189 break;
3190
3191 default:
3192 bpf_error("no VLAN support for data link type %d",
3193 linktype);
3194 /*NOTREACHED*/
3195 }
3196 }
3197
3198 /* check for VLAN */
3199 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q);
3200
3201 /* If a specific VLAN is requested, check VLAN id */
3202 if (vlan_num >= 0) {
3203 struct block *b1;
3204
3205 b1 = gen_cmp(orig_nl, BPF_H, (bpf_int32)vlan_num);
3206 gen_and(b0, b1);
3207 b0 = b1;
3208 }
3209
3210 return (b0);
3211 }
[mirror] the LIBpcap interface to various kernel packet capture mechanism