]> The Tcpdump Group git mirrors - libpcap/blob - gencode.c
projects / libpcap / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Factor assert_atm() out.
[libpcap] / gencode.c
1 /*
2 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that: (1) source code distributions
7 * retain the above copyright notice and this paragraph in its entirety, (2)
8 * distributions including binary code include the above copyright notice and
9 * this paragraph in its entirety in the documentation or other materials
10 * provided with the distribution, and (3) all advertising materials mentioning
11 * features or use of this software display the following acknowledgement:
12 * ``This product includes software developed by the University of California,
13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14 * the University nor the names of its contributors may be used to endorse
15 * or promote products derived from this software without specific prior
16 * written permission.
17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
20 */
21
22 #include <config.h>
23
24 #ifdef _WIN32
25 #include <ws2tcpip.h>
26 #else
27 #include <netinet/in.h>
28 #endif /* _WIN32 */
29
30 #include <stdlib.h>
31 #include <string.h>
32 #include <memory.h>
33 #include <setjmp.h>
34 #include <stdarg.h>
35 #include <stdio.h>
36 #include <stdint.h>
37 #include <stddef.h>
38
39 #include "pcap-int.h"
40
41 #include "extract.h"
42
43 #include "ethertype.h"
44 #include "llc.h"
45 #include "gencode.h"
46 #include "ieee80211.h"
47 #include "pflog.h"
48 #include "ppp.h"
49 #include "pcap/sll.h"
50 #include "pcap/ipnet.h"
51 #include "diag-control.h"
52 #include "pcap-util.h"
53
54 #include "scanner.h"
55
56 #if defined(__linux__)
57 #include <linux/types.h>
58 #include <linux/if_packet.h>
59 #include <linux/filter.h>
60 #endif
61
62 #ifdef _WIN32
63 #ifdef HAVE_NPCAP_BPF_H
64 /* Defines BPF extensions for Npcap */
65 #include <npcap-bpf.h>
66 #endif
67 #ifdef INET6
68 #if defined(__MINGW32__) && defined(DEFINE_ADDITIONAL_IPV6_STUFF)
69 /* IPv6 address */
70 struct in6_addr
71 {
72 union
73 {
74 uint8_t u6_addr8[16];
75 uint16_t u6_addr16[8];
76 uint32_t u6_addr32[4];
77 } in6_u;
78 #define s6_addr in6_u.u6_addr8
79 #define s6_addr16 in6_u.u6_addr16
80 #define s6_addr32 in6_u.u6_addr32
81 #define s6_addr64 in6_u.u6_addr64
82 };
83
84 typedef unsigned short sa_family_t;
85
86 #define __SOCKADDR_COMMON(sa_prefix) \
87 sa_family_t sa_prefix##family
88
89 /* Ditto, for IPv6. */
90 struct sockaddr_in6
91 {
92 __SOCKADDR_COMMON (sin6_);
93 uint16_t sin6_port; /* Transport layer port # */
94 uint32_t sin6_flowinfo; /* IPv6 flow information */
95 struct in6_addr sin6_addr; /* IPv6 address */
96 };
97
98 #ifndef EAI_ADDRFAMILY
99 struct addrinfo {
100 int ai_flags; /* AI_PASSIVE, AI_CANONNAME */
101 int ai_family; /* PF_xxx */
102 int ai_socktype; /* SOCK_xxx */
103 int ai_protocol; /* 0 or IPPROTO_xxx for IPv4 and IPv6 */
104 size_t ai_addrlen; /* length of ai_addr */
105 char *ai_canonname; /* canonical name for hostname */
106 struct sockaddr *ai_addr; /* binary address */
107 struct addrinfo *ai_next; /* next structure in linked list */
108 };
109 #endif /* EAI_ADDRFAMILY */
110 #endif /* defined(__MINGW32__) && defined(DEFINE_ADDITIONAL_IPV6_STUFF) */
111 #endif /* INET6 */
112 #else /* _WIN32 */
113 #include <netdb.h> /* for "struct addrinfo" */
114 #endif /* _WIN32 */
115 #include <pcap/namedb.h>
116
117 #include "nametoaddr.h"
118
119 #define ETHERMTU 1500
120
121 #ifndef IPPROTO_HOPOPTS
122 #define IPPROTO_HOPOPTS 0
123 #endif
124 #ifndef IPPROTO_ROUTING
125 #define IPPROTO_ROUTING 43
126 #endif
127 #ifndef IPPROTO_FRAGMENT
128 #define IPPROTO_FRAGMENT 44
129 #endif
130 #ifndef IPPROTO_DSTOPTS
131 #define IPPROTO_DSTOPTS 60
132 #endif
133 #ifndef IPPROTO_SCTP
134 #define IPPROTO_SCTP 132
135 #endif
136
137 #define GENEVE_PORT 6081
138 #define VXLAN_PORT 4789
139
140
141 /*
142 * from: NetBSD: if_arc.h,v 1.13 1999/11/19 20:41:19 thorpej Exp
143 */
144
145 /* RFC 1051 */
146 #define ARCTYPE_IP_OLD 240 /* IP protocol */
147 #define ARCTYPE_ARP_OLD 241 /* address resolution protocol */
148
149 /* RFC 1201 */
150 #define ARCTYPE_IP 212 /* IP protocol */
151 #define ARCTYPE_ARP 213 /* address resolution protocol */
152 #define ARCTYPE_REVARP 214 /* reverse addr resolution protocol */
153
154 #define ARCTYPE_ATALK 221 /* Appletalk */
155 #define ARCTYPE_BANIAN 247 /* Banyan Vines */
156 #define ARCTYPE_IPX 250 /* Novell IPX */
157
158 #define ARCTYPE_INET6 0xc4 /* IPng */
159 #define ARCTYPE_DIAGNOSE 0x80 /* as per ANSI/ATA 878.1 */
160
161
162 /* Based on UNI3.1 standard by ATM Forum */
163
164 /* ATM traffic types based on VPI=0 and (the following VCI */
165 #define VCI_PPC 0x05 /* Point-to-point signal msg */
166 #define VCI_BCC 0x02 /* Broadcast signal msg */
167 #define VCI_OAMF4SC 0x03 /* Segment OAM F4 flow cell */
168 #define VCI_OAMF4EC 0x04 /* End-to-end OAM F4 flow cell */
169 #define VCI_METAC 0x01 /* Meta signal msg */
170 #define VCI_ILMIC 0x10 /* ILMI msg */
171
172 /* Q.2931 signalling messages */
173 #define CALL_PROCEED 0x02 /* call proceeding */
174 #define CONNECT 0x07 /* connect */
175 #define CONNECT_ACK 0x0f /* connect_ack */
176 #define SETUP 0x05 /* setup */
177 #define RELEASE 0x4d /* release */
178 #define RELEASE_DONE 0x5a /* release_done */
179 #define RESTART 0x46 /* restart */
180 #define RESTART_ACK 0x4e /* restart ack */
181 #define STATUS 0x7d /* status */
182 #define STATUS_ENQ 0x75 /* status ack */
183 #define ADD_PARTY 0x80 /* add party */
184 #define ADD_PARTY_ACK 0x81 /* add party ack */
185 #define ADD_PARTY_REJ 0x82 /* add party rej */
186 #define DROP_PARTY 0x83 /* drop party */
187 #define DROP_PARTY_ACK 0x84 /* drop party ack */
188
189 /* Information Element Parameters in the signalling messages */
190 #define CAUSE 0x08 /* cause */
191 #define ENDPT_REF 0x54 /* endpoint reference */
192 #define AAL_PARA 0x58 /* ATM adaptation layer parameters */
193 #define TRAFF_DESCRIP 0x59 /* atm traffic descriptors */
194 #define CONNECT_ID 0x5a /* connection identifier */
195 #define QOS_PARA 0x5c /* quality of service parameters */
196 #define B_HIGHER 0x5d /* broadband higher layer information */
197 #define B_BEARER 0x5e /* broadband bearer capability */
198 #define B_LOWER 0x5f /* broadband lower information */
199 #define CALLING_PARTY 0x6c /* calling party number */
200 #define CALLED_PARTY 0x70 /* called party number */
201
202 #define Q2931 0x09
203
204 /* Q.2931 signalling general messages format */
205 #define PROTO_POS 0 /* offset of protocol discriminator */
206 #define CALL_REF_POS 2 /* offset of call reference value */
207 #define MSG_TYPE_POS 5 /* offset of message type */
208 #define MSG_LEN_POS 7 /* offset of message length */
209 #define IE_BEGIN_POS 9 /* offset of first information element */
210
211 /* format of signalling messages */
212 #define TYPE_POS 0
213 #define LEN_POS 2
214 #define FIELD_BEGIN_POS 4
215
216
217 /* SunATM header for ATM packet */
218 #define SUNATM_DIR_POS 0
219 #define SUNATM_VPI_POS 1
220 #define SUNATM_VCI_POS 2
221 #define SUNATM_PKT_BEGIN_POS 4 /* Start of ATM packet */
222
223 /* Protocol type values in the bottom for bits of the byte at SUNATM_DIR_POS. */
224 #define PT_LANE 0x01 /* LANE */
225 #define PT_LLC 0x02 /* LLC encapsulation */
226 #define PT_ILMI 0x05 /* ILMI */
227 #define PT_QSAAL 0x06 /* Q.SAAL */
228
229
230 /* Types missing from some systems */
231
232 /*
233 * Network layer protocol identifiers
234 */
235 #ifndef ISO8473_CLNP
236 #define ISO8473_CLNP 0x81
237 #endif
238 #ifndef ISO9542_ESIS
239 #define ISO9542_ESIS 0x82
240 #endif
241 #ifndef ISO9542X25_ESIS
242 #define ISO9542X25_ESIS 0x8a
243 #endif
244 #ifndef ISO10589_ISIS
245 #define ISO10589_ISIS 0x83
246 #endif
247
248 #define ISIS_L1_LAN_IIH 15
249 #define ISIS_L2_LAN_IIH 16
250 #define ISIS_PTP_IIH 17
251 #define ISIS_L1_LSP 18
252 #define ISIS_L2_LSP 20
253 #define ISIS_L1_CSNP 24
254 #define ISIS_L2_CSNP 25
255 #define ISIS_L1_PSNP 26
256 #define ISIS_L2_PSNP 27
257
258 #ifndef ISO8878A_CONS
259 #define ISO8878A_CONS 0x84
260 #endif
261 #ifndef ISO10747_IDRP
262 #define ISO10747_IDRP 0x85
263 #endif
264
265 // Same as in tcpdump/print-sl.c.
266 #define SLIPDIR_IN 0
267 #define SLIPDIR_OUT 1
268
269 #ifdef HAVE_OS_PROTO_H
270 #include "os-proto.h"
271 #endif
272
273 #define JMP(c) ((c)|BPF_JMP|BPF_K)
274
275 /*
276 * "Push" the current value of the link-layer header type and link-layer
277 * header offset onto a "stack", and set a new value. (It's not a
278 * full-blown stack; we keep only the top two items.)
279 */
280 #define PUSH_LINKHDR(cs, new_linktype, new_is_variable, new_constant_part, new_reg) \
281 { \
282 (cs)->prevlinktype = (cs)->linktype; \
283 (cs)->off_prevlinkhdr = (cs)->off_linkhdr; \
284 (cs)->linktype = (new_linktype); \
285 (cs)->off_linkhdr.is_variable = (new_is_variable); \
286 (cs)->off_linkhdr.constant_part = (new_constant_part); \
287 (cs)->off_linkhdr.reg = (new_reg); \
288 (cs)->is_encap = 0; \
289 }
290
291 /*
292 * Offset "not set" value.
293 */
294 #define OFFSET_NOT_SET 0xffffffffU
295
296 /*
297 * Absolute offsets, which are offsets from the beginning of the raw
298 * packet data, are, in the general case, the sum of a variable value
299 * and a constant value; the variable value may be absent, in which
300 * case the offset is only the constant value, and the constant value
301 * may be zero, in which case the offset is only the variable value.
302 *
303 * bpf_abs_offset is a structure containing all that information:
304 *
305 * is_variable is 1 if there's a variable part.
306 *
307 * constant_part is the constant part of the value, possibly zero;
308 *
309 * if is_variable is 1, reg is the register number for a register
310 * containing the variable value if the register has been assigned,
311 * and -1 otherwise.
312 */
313 typedef struct {
314 int is_variable;
315 u_int constant_part;
316 int reg;
317 } bpf_abs_offset;
318
319 /*
320 * Value passed to gen_load_a() to indicate what the offset argument
321 * is relative to the beginning of.
322 */
323 enum e_offrel {
324 OR_PACKET, /* full packet data */
325 OR_LINKHDR, /* link-layer header */
326 OR_PREVLINKHDR, /* previous link-layer header */
327 OR_LLC, /* 802.2 LLC header */
328 OR_PREVMPLSHDR, /* previous MPLS header */
329 OR_LINKTYPE, /* link-layer type */
330 OR_LINKPL, /* link-layer payload */
331 OR_LINKPL_NOSNAP, /* link-layer payload, with no SNAP header at the link layer */
332 OR_TRAN_IPV4, /* transport-layer header, with IPv4 network layer */
333 OR_TRAN_IPV6 /* transport-layer header, with IPv6 network layer */
334 };
335
336 /*
337 * We divvy out chunks of memory rather than call malloc each time so
338 * we don't have to worry about leaking memory. It's probably
339 * not a big deal if all this memory was wasted but if this ever
340 * goes into a library that would probably not be a good idea.
341 *
342 * XXX - this *is* in a library....
343 */
344 #define NCHUNKS 16
345 #define CHUNK0SIZE 1024
346 struct chunk {
347 size_t n_left;
348 void *m;
349 };
350
351 /*
352 * A chunk can store any of:
353 * - a string (guaranteed alignment 1 but present for completeness)
354 * - a block
355 * - an slist
356 * - an arth
357 * For this simple allocator every allocated chunk gets rounded up to the
358 * alignment needed for any chunk.
359 */
360 struct chunk_align {
361 char dummy;
362 union {
363 char c;
364 struct block b;
365 struct slist s;
366 struct arth a;
367 } u;
368 };
369 #define CHUNK_ALIGN (offsetof(struct chunk_align, u))
370
371 /* Code generator state */
372
373 struct _compiler_state {
374 jmp_buf top_ctx;
375 pcap_t *bpf_pcap;
376 int error_set;
377
378 struct icode ic;
379
380 int snaplen;
381
382 int linktype;
383 int prevlinktype;
384 int outermostlinktype;
385
386 bpf_u_int32 netmask;
387 int no_optimize;
388
389 /* Hack for handling VLAN and MPLS stacks. */
390 u_int label_stack_depth;
391 u_int vlan_stack_depth;
392
393 /* XXX */
394 u_int pcap_fddipad;
395
396 /*
397 * As errors are handled by a longjmp, anything allocated must
398 * be freed in the longjmp handler, so it must be reachable
399 * from that handler.
400 *
401 * One thing that's allocated is the result of pcap_nametoaddrinfo();
402 * it must be freed with freeaddrinfo(). This variable points to
403 * any addrinfo structure that would need to be freed.
404 */
405 struct addrinfo *ai;
406
407 /*
408 * Another thing that's allocated is the result of pcap_ether_aton();
409 * it must be freed with free(). This variable points to any
410 * address that would need to be freed.
411 */
412 u_char *e;
413
414 /*
415 * Various code constructs need to know the layout of the packet.
416 * These values give the necessary offsets from the beginning
417 * of the packet data.
418 */
419
420 /*
421 * Absolute offset of the beginning of the link-layer header.
422 */
423 bpf_abs_offset off_linkhdr;
424
425 /*
426 * If we're checking a link-layer header for a packet encapsulated
427 * in another protocol layer, this is the equivalent information
428 * for the previous layers' link-layer header from the beginning
429 * of the raw packet data.
430 */
431 bpf_abs_offset off_prevlinkhdr;
432
433 /*
434 * This is the equivalent information for the outermost layers'
435 * link-layer header.
436 */
437 bpf_abs_offset off_outermostlinkhdr;
438
439 /*
440 * Absolute offset of the beginning of the link-layer payload.
441 */
442 bpf_abs_offset off_linkpl;
443
444 /*
445 * "off_linktype" is the offset to information in the link-layer
446 * header giving the packet type. This is an absolute offset
447 * from the beginning of the packet.
448 *
449 * For Ethernet, it's the offset of the Ethernet type field; this
450 * means that it must have a value that skips VLAN tags.
451 *
452 * For link-layer types that always use 802.2 headers, it's the
453 * offset of the LLC header; this means that it must have a value
454 * that skips VLAN tags.
455 *
456 * For PPP, it's the offset of the PPP type field.
457 *
458 * For Cisco HDLC, it's the offset of the CHDLC type field.
459 *
460 * For BSD loopback, it's the offset of the AF_ value.
461 *
462 * For Linux cooked sockets, it's the offset of the type field.
463 *
464 * off_linktype.constant_part is set to OFFSET_NOT_SET for no
465 * encapsulation, in which case, IP is assumed.
466 */
467 bpf_abs_offset off_linktype;
468
469 /*
470 * TRUE if the link layer includes an ATM pseudo-header.
471 */
472 int is_atm;
473
474 /* TRUE if "geneve" or "vxlan" appeared in the filter; it
475 * causes us to generate code that checks for a Geneve or
476 * VXLAN header respectively and assume that later filters
477 * apply to the encapsulated payload.
478 */
479 int is_encap;
480
481 /*
482 * TRUE if we need variable length part of VLAN offset
483 */
484 int is_vlan_vloffset;
485
486 /*
487 * These are offsets for the ATM pseudo-header.
488 */
489 u_int off_vpi;
490 u_int off_vci;
491 u_int off_proto;
492
493 /*
494 * These are offsets for the MTP2 fields.
495 */
496 u_int off_li;
497 u_int off_li_hsl;
498
499 /*
500 * These are offsets for the MTP3 fields.
501 */
502 u_int off_sio;
503 u_int off_opc;
504 u_int off_dpc;
505 u_int off_sls;
506
507 /*
508 * This is the offset of the first byte after the ATM pseudo_header,
509 * or -1 if there is no ATM pseudo-header.
510 */
511 u_int off_payload;
512
513 /*
514 * These are offsets to the beginning of the network-layer header.
515 * They are relative to the beginning of the link-layer payload
516 * (i.e., they don't include off_linkhdr.constant_part or
517 * off_linkpl.constant_part).
518 *
519 * If the link layer never uses 802.2 LLC:
520 *
521 * "off_nl" and "off_nl_nosnap" are the same.
522 *
523 * If the link layer always uses 802.2 LLC:
524 *
525 * "off_nl" is the offset if there's a SNAP header following
526 * the 802.2 header;
527 *
528 * "off_nl_nosnap" is the offset if there's no SNAP header.
529 *
530 * If the link layer is Ethernet:
531 *
532 * "off_nl" is the offset if the packet is an Ethernet II packet
533 * (we assume no 802.3+802.2+SNAP);
534 *
535 * "off_nl_nosnap" is the offset if the packet is an 802.3 packet
536 * with an 802.2 header following it.
537 */
538 u_int off_nl;
539 u_int off_nl_nosnap;
540
541 /*
542 * Here we handle simple allocation of the scratch registers.
543 * If too many registers are alloc'd, the allocator punts.
544 */
545 int regused[BPF_MEMWORDS];
546 int curreg;
547
548 /*
549 * Memory chunks.
550 */
551 struct chunk chunks[NCHUNKS];
552 int cur_chunk;
553 };
554
555 /*
556 * For use by routines outside this file.
557 */
558 /* VARARGS */
559 void
560 bpf_set_error(compiler_state_t *cstate, const char *fmt, ...)
561 {
562 va_list ap;
563
564 /*
565 * If we've already set an error, don't override it.
566 * The lexical analyzer reports some errors by setting
567 * the error and then returning a LEX_ERROR token, which
568 * is not recognized by any grammar rule, and thus forces
569 * the parse to stop. We don't want the error reported
570 * by the lexical analyzer to be overwritten by the syntax
571 * error.
572 */
573 if (!cstate->error_set) {
574 va_start(ap, fmt);
575 (void)vsnprintf(cstate->bpf_pcap->errbuf, PCAP_ERRBUF_SIZE,
576 fmt, ap);
577 va_end(ap);
578 cstate->error_set = 1;
579 }
580 }
581
582 /*
583 * For use *ONLY* in routines in this file.
584 */
585 static void PCAP_NORETURN bpf_error(compiler_state_t *, const char *, ...)
586 PCAP_PRINTFLIKE(2, 3);
587
588 /* VARARGS */
589 static void PCAP_NORETURN
590 bpf_error(compiler_state_t *cstate, const char *fmt, ...)
591 {
592 va_list ap;
593
594 va_start(ap, fmt);
595 (void)vsnprintf(cstate->bpf_pcap->errbuf, PCAP_ERRBUF_SIZE,
596 fmt, ap);
597 va_end(ap);
598 longjmp(cstate->top_ctx, 1);
599 /*NOTREACHED*/
600 #ifdef _AIX
601 PCAP_UNREACHABLE
602 #endif /* _AIX */
603 }
604
605 static int init_linktype(compiler_state_t *, pcap_t *);
606
607 static void init_regs(compiler_state_t *);
608 static int alloc_reg(compiler_state_t *);
609 static void free_reg(compiler_state_t *, int);
610
611 static void initchunks(compiler_state_t *cstate);
612 static void *newchunk_nolongjmp(compiler_state_t *cstate, size_t);
613 static void *newchunk(compiler_state_t *cstate, size_t);
614 static void freechunks(compiler_state_t *cstate);
615 static inline struct block *new_block(compiler_state_t *cstate, int);
616 static inline struct slist *new_stmt(compiler_state_t *cstate, int);
617 static struct block *gen_retblk(compiler_state_t *cstate, int);
618 static inline void syntax(compiler_state_t *cstate);
619
620 static void backpatch(struct block *, struct block *);
621 static void merge(struct block *, struct block *);
622 static struct block *gen_cmp(compiler_state_t *, enum e_offrel, u_int,
623 u_int, bpf_u_int32);
624 static struct block *gen_cmp_gt(compiler_state_t *, enum e_offrel, u_int,
625 u_int, bpf_u_int32);
626 static struct block *gen_cmp_ge(compiler_state_t *, enum e_offrel, u_int,
627 u_int, bpf_u_int32);
628 static struct block *gen_cmp_lt(compiler_state_t *, enum e_offrel, u_int,
629 u_int, bpf_u_int32);
630 static struct block *gen_cmp_le(compiler_state_t *, enum e_offrel, u_int,
631 u_int, bpf_u_int32);
632 static struct block *gen_mcmp(compiler_state_t *, enum e_offrel, u_int,
633 u_int, bpf_u_int32, bpf_u_int32);
634 static struct block *gen_bcmp(compiler_state_t *, enum e_offrel, u_int,
635 u_int, const u_char *);
636 static struct block *gen_ncmp(compiler_state_t *, enum e_offrel, u_int,
637 u_int, bpf_u_int32, int, int, bpf_u_int32);
638 static struct slist *gen_load_absoffsetrel(compiler_state_t *, bpf_abs_offset *,
639 u_int, u_int);
640 static struct slist *gen_load_a(compiler_state_t *, enum e_offrel, u_int,
641 u_int);
642 static struct slist *gen_loadx_iphdrlen(compiler_state_t *);
643 static struct block *gen_uncond(compiler_state_t *, int);
644 static inline struct block *gen_true(compiler_state_t *);
645 static inline struct block *gen_false(compiler_state_t *);
646 static struct block *gen_ether_linktype(compiler_state_t *, bpf_u_int32);
647 static struct block *gen_ipnet_linktype(compiler_state_t *, bpf_u_int32);
648 static struct block *gen_linux_sll_linktype(compiler_state_t *, bpf_u_int32);
649 static struct slist *gen_load_pflog_llprefixlen(compiler_state_t *);
650 static struct slist *gen_load_prism_llprefixlen(compiler_state_t *);
651 static struct slist *gen_load_avs_llprefixlen(compiler_state_t *);
652 static struct slist *gen_load_radiotap_llprefixlen(compiler_state_t *);
653 static struct slist *gen_load_ppi_llprefixlen(compiler_state_t *);
654 static void insert_compute_vloffsets(compiler_state_t *, struct block *);
655 static struct slist *gen_abs_offset_varpart(compiler_state_t *,
656 bpf_abs_offset *);
657 static bpf_u_int32 ethertype_to_ppptype(bpf_u_int32);
658 static struct block *gen_linktype(compiler_state_t *, bpf_u_int32);
659 static struct block *gen_snap(compiler_state_t *, bpf_u_int32, bpf_u_int32);
660 static struct block *gen_llc_linktype(compiler_state_t *, bpf_u_int32);
661 static struct block *gen_hostop(compiler_state_t *, bpf_u_int32, bpf_u_int32,
662 int, u_int, u_int);
663 #ifdef INET6
664 static struct block *gen_hostop6(compiler_state_t *, struct in6_addr *,
665 struct in6_addr *, int, u_int, u_int);
666 #endif
667 static struct block *gen_ahostop(compiler_state_t *, const uint8_t, int);
668 static struct block *gen_ehostop(compiler_state_t *, const u_char *, int);
669 static struct block *gen_fhostop(compiler_state_t *, const u_char *, int);
670 static struct block *gen_thostop(compiler_state_t *, const u_char *, int);
671 static struct block *gen_wlanhostop(compiler_state_t *, const u_char *, int);
672 static struct block *gen_ipfchostop(compiler_state_t *, const u_char *, int);
673 static struct block *gen_dnhostop(compiler_state_t *, bpf_u_int32, int);
674 static struct block *gen_mpls_linktype(compiler_state_t *, bpf_u_int32);
675 static struct block *gen_host(compiler_state_t *, bpf_u_int32, bpf_u_int32,
676 int, int, int);
677 #ifdef INET6
678 static struct block *gen_host6(compiler_state_t *, struct in6_addr *,
679 struct in6_addr *, int, int, int);
680 #endif
681 #ifndef INET6
682 static struct block *gen_gateway(compiler_state_t *, const u_char *,
683 struct addrinfo *, int, int);
684 #endif
685 static struct block *gen_ipfrag(compiler_state_t *);
686 static struct block *gen_portatom(compiler_state_t *, int, bpf_u_int32);
687 static struct block *gen_portrangeatom(compiler_state_t *, u_int, bpf_u_int32,
688 bpf_u_int32);
689 static struct block *gen_portatom6(compiler_state_t *, int, bpf_u_int32);
690 static struct block *gen_portrangeatom6(compiler_state_t *, u_int, bpf_u_int32,
691 bpf_u_int32);
692 static struct block *gen_portop(compiler_state_t *, u_int, u_int, int);
693 static struct block *gen_port(compiler_state_t *, u_int, int, int);
694 static struct block *gen_portrangeop(compiler_state_t *, u_int, u_int,
695 bpf_u_int32, int);
696 static struct block *gen_portrange(compiler_state_t *, u_int, u_int, int, int);
697 struct block *gen_portop6(compiler_state_t *, u_int, u_int, int);
698 static struct block *gen_port6(compiler_state_t *, u_int, int, int);
699 static struct block *gen_portrangeop6(compiler_state_t *, u_int, u_int,
700 bpf_u_int32, int);
701 static struct block *gen_portrange6(compiler_state_t *, u_int, u_int, int, int);
702 static int lookup_proto(compiler_state_t *, const char *, int);
703 #if !defined(NO_PROTOCHAIN)
704 static struct block *gen_protochain(compiler_state_t *, bpf_u_int32, int);
705 #endif /* !defined(NO_PROTOCHAIN) */
706 static struct block *gen_proto(compiler_state_t *, bpf_u_int32, int, int);
707 static struct slist *xfer_to_x(compiler_state_t *, struct arth *);
708 static struct slist *xfer_to_a(compiler_state_t *, struct arth *);
709 static struct block *gen_mac_multicast(compiler_state_t *, int);
710 static struct block *gen_len(compiler_state_t *, int, int);
711 static struct block *gen_encap_ll_check(compiler_state_t *cstate);
712
713 static struct block *gen_atmfield_code_internal(compiler_state_t *, int,
714 bpf_u_int32, int, int);
715 static struct block *gen_atmtype_llc(compiler_state_t *);
716 static struct block *gen_msg_abbrev(compiler_state_t *, int type);
717
718 static void
719 initchunks(compiler_state_t *cstate)
720 {
721 int i;
722
723 for (i = 0; i < NCHUNKS; i++) {
724 cstate->chunks[i].n_left = 0;
725 cstate->chunks[i].m = NULL;
726 }
727 cstate->cur_chunk = 0;
728 }
729
730 static void *
731 newchunk_nolongjmp(compiler_state_t *cstate, size_t n)
732 {
733 struct chunk *cp;
734 int k;
735 size_t size;
736
737 /* Round up to chunk alignment. */
738 n = (n + CHUNK_ALIGN - 1) & ~(CHUNK_ALIGN - 1);
739
740 cp = &cstate->chunks[cstate->cur_chunk];
741 if (n > cp->n_left) {
742 ++cp;
743 k = ++cstate->cur_chunk;
744 if (k >= NCHUNKS) {
745 bpf_set_error(cstate, "out of memory");
746 return (NULL);
747 }
748 size = CHUNK0SIZE << k;
749 cp->m = (void *)malloc(size);
750 if (cp->m == NULL) {
751 bpf_set_error(cstate, "out of memory");
752 return (NULL);
753 }
754 memset((char *)cp->m, 0, size);
755 cp->n_left = size;
756 if (n > size) {
757 bpf_set_error(cstate, "out of memory");
758 return (NULL);
759 }
760 }
761 cp->n_left -= n;
762 return (void *)((char *)cp->m + cp->n_left);
763 }
764
765 static void *
766 newchunk(compiler_state_t *cstate, size_t n)
767 {
768 void *p;
769
770 p = newchunk_nolongjmp(cstate, n);
771 if (p == NULL) {
772 longjmp(cstate->top_ctx, 1);
773 /*NOTREACHED*/
774 }
775 return (p);
776 }
777
778 static void
779 freechunks(compiler_state_t *cstate)
780 {
781 int i;
782
783 for (i = 0; i < NCHUNKS; ++i)
784 if (cstate->chunks[i].m != NULL)
785 free(cstate->chunks[i].m);
786 }
787
788 /*
789 * A strdup whose allocations are freed after code generation is over.
790 * This is used by the lexical analyzer, so it can't longjmp; it just
791 * returns NULL on an allocation error, and the callers must check
792 * for it.
793 */
794 char *
795 sdup(compiler_state_t *cstate, const char *s)
796 {
797 size_t n = strlen(s) + 1;
798 char *cp = newchunk_nolongjmp(cstate, n);
799
800 if (cp == NULL)
801 return (NULL);
802 pcapint_strlcpy(cp, s, n);
803 return (cp);
804 }
805
806 static inline struct block *
807 new_block(compiler_state_t *cstate, int code)
808 {
809 struct block *p;
810
811 p = (struct block *)newchunk(cstate, sizeof(*p));
812 p->s.code = code;
813 p->head = p;
814
815 return p;
816 }
817
818 static inline struct slist *
819 new_stmt(compiler_state_t *cstate, int code)
820 {
821 struct slist *p;
822
823 p = (struct slist *)newchunk(cstate, sizeof(*p));
824 p->s.code = code;
825
826 return p;
827 }
828
829 static struct block *
830 gen_retblk_internal(compiler_state_t *cstate, int v)
831 {
832 struct block *b = new_block(cstate, BPF_RET|BPF_K);
833
834 b->s.k = v;
835 return b;
836 }
837
838 static struct block *
839 gen_retblk(compiler_state_t *cstate, int v)
840 {
841 if (setjmp(cstate->top_ctx)) {
842 /*
843 * gen_retblk() only fails because a memory
844 * allocation failed in newchunk(), meaning
845 * that it can't return a pointer.
846 *
847 * Return NULL.
848 */
849 return NULL;
850 }
851 return gen_retblk_internal(cstate, v);
852 }
853
854 static inline PCAP_NORETURN_DEF void
855 syntax(compiler_state_t *cstate)
856 {
857 bpf_error(cstate, "syntax error in filter expression");
858 }
859
860 /*
861 * For the given integer return a string with the keyword (or the nominal
862 * keyword if there is more than one). This is a simpler version of tok2str()
863 * in tcpdump because in this problem space a valid integer value is not
864 * greater than 71.
865 */
866 static const char *
867 qual2kw(const char *kind, const unsigned id, const char *tokens[],
868 const size_t size)
869 {
870 static char buf[4][64];
871 static int idx = 0;
872
873 if (id < size && tokens[id])
874 return tokens[id];
875
876 char *ret = buf[idx];
877 idx = (idx + 1) % (sizeof(buf) / sizeof(buf[0]));
878 ret[0] = '\0'; // just in case
879 snprintf(ret, sizeof(buf[0]), "<invalid %s %u>", kind, id);
880 return ret;
881 }
882
883 // protocol qualifier keywords
884 static const char *
885 pqkw(const unsigned id)
886 {
887 const char * tokens[] = {
888 [Q_LINK] = "link",
889 [Q_IP] = "ip",
890 [Q_ARP] = "arp",
891 [Q_RARP] = "rarp",
892 [Q_SCTP] = "sctp",
893 [Q_TCP] = "tcp",
894 [Q_UDP] = "udp",
895 [Q_ICMP] = "icmp",
896 [Q_IGMP] = "igmp",
897 [Q_IGRP] = "igrp",
898 [Q_ATALK] = "atalk",
899 [Q_DECNET] = "decnet",
900 [Q_LAT] = "lat",
901 [Q_SCA] = "sca",
902 [Q_MOPRC] = "moprc",
903 [Q_MOPDL] = "mopdl",
904 [Q_IPV6] = "ip6",
905 [Q_ICMPV6] = "icmp6",
906 [Q_AH] = "ah",
907 [Q_ESP] = "esp",
908 [Q_PIM] = "pim",
909 [Q_VRRP] = "vrrp",
910 [Q_AARP] = "aarp",
911 [Q_ISO] = "iso",
912 [Q_ESIS] = "esis",
913 [Q_ISIS] = "isis",
914 [Q_CLNP] = "clnp",
915 [Q_STP] = "stp",
916 [Q_IPX] = "ipx",
917 [Q_NETBEUI] = "netbeui",
918 [Q_ISIS_L1] = "l1",
919 [Q_ISIS_L2] = "l2",
920 [Q_ISIS_IIH] = "iih",
921 [Q_ISIS_SNP] = "snp",
922 [Q_ISIS_CSNP] = "csnp",
923 [Q_ISIS_PSNP] = "psnp",
924 [Q_ISIS_LSP] = "lsp",
925 [Q_RADIO] = "radio",
926 [Q_CARP] = "carp",
927 };
928 return qual2kw("proto", id, tokens, sizeof(tokens) / sizeof(tokens[0]));
929 }
930
931 // direction qualifier keywords
932 static const char *
933 dqkw(const unsigned id)
934 {
935 const char * map[] = {
936 [Q_SRC] = "src",
937 [Q_DST] = "dst",
938 [Q_OR] = "src or dst",
939 [Q_AND] = "src and dst",
940 [Q_ADDR1] = "addr1",
941 [Q_ADDR2] = "addr2",
942 [Q_ADDR3] = "addr3",
943 [Q_ADDR4] = "addr4",
944 [Q_RA] = "ra",
945 [Q_TA] = "ta",
946 };
947 return qual2kw("dir", id, map, sizeof(map) / sizeof(map[0]));
948 }
949
950 // ATM keywords
951 static const char *
952 atmkw(const unsigned id)
953 {
954 const char * tokens[] = {
955 [A_METAC] = "metac",
956 [A_BCC] = "bcc",
957 [A_OAMF4SC] = "oamf4sc",
958 [A_OAMF4EC] = "oamf4ec",
959 [A_SC] = "sc",
960 [A_ILMIC] = "ilmic",
961 [A_OAM] = "oam",
962 [A_OAMF4] = "oamf4",
963 [A_LANE] = "lane",
964 // no keyword for A_SETUP
965 // no keyword for A_CALLPROCEED
966 // no keyword for A_CONNECT
967 // no keyword for A_CONNECTACK
968 // no keyword for A_RELEASE
969 // no keyword for A_RELEASE_DONE
970 [A_VPI] = "vpi",
971 [A_VCI] = "vci",
972 // no keyword for A_PROTOTYPE
973 // no keyword for A_MSGTYPE
974 [A_CONNECTMSG] = "connectmsg",
975 [A_METACONNECT] = "metaconnect",
976 };
977 return qual2kw("ATM keyword", id, tokens, sizeof(tokens) / sizeof(tokens[0]));
978 }
979
980 static PCAP_NORETURN_DEF void
981 fail_kw_on_dlt(compiler_state_t *cstate, const char *keyword)
982 {
983 bpf_error(cstate, "'%s' not supported on %s", keyword,
984 pcap_datalink_val_to_description_or_dlt(cstate->linktype));
985 }
986
987 static void
988 assert_pflog(compiler_state_t *cstate, const char *kw)
989 {
990 if (cstate->linktype != DLT_PFLOG)
991 bpf_error(cstate, "'%s' supported only on PFLOG linktype", kw);
992 }
993
994 static void
995 assert_atm(compiler_state_t *cstate, const char *kw)
996 {
997 /*
998 * Belt and braces: init_linktype() sets either all of these struct
999 * members (for DLT_SUNATM) or none (otherwise).
1000 */
1001 if (cstate->linktype != DLT_SUNATM ||
1002 ! cstate->is_atm ||
1003 cstate->off_vpi == OFFSET_NOT_SET ||
1004 cstate->off_vci == OFFSET_NOT_SET ||
1005 cstate->off_proto == OFFSET_NOT_SET ||
1006 cstate->off_payload == OFFSET_NOT_SET)
1007 bpf_error(cstate, "'%s' supported only on SUNATM", kw);
1008 }
1009
1010 #define ERRSTR_802_11_ONLY_KW "'%s' is valid for 802.11 syntax only"
1011 #define ERRSTR_INVALID_QUAL "'%s' is not a valid qualifier for '%s'"
1012
1013 int
1014 pcap_compile(pcap_t *p, struct bpf_program *program,
1015 const char *buf, int optimize, bpf_u_int32 mask)
1016 {
1017 #ifdef _WIN32
1018 int err;
1019 WSADATA wsaData;
1020 #endif
1021 compiler_state_t cstate;
1022 yyscan_t scanner = NULL;
1023 YY_BUFFER_STATE in_buffer = NULL;
1024 u_int len;
1025 int rc;
1026
1027 /*
1028 * If this pcap_t hasn't been activated, it doesn't have a
1029 * link-layer type, so we can't use it.
1030 */
1031 if (!p->activated) {
1032 (void)snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1033 "not-yet-activated pcap_t passed to pcap_compile");
1034 return (PCAP_ERROR);
1035 }
1036
1037 #ifdef _WIN32
1038 /*
1039 * Initialize Winsock, asking for the latest version (2.2),
1040 * as we may be calling Winsock routines to translate
1041 * host names to addresses.
1042 */
1043 err = WSAStartup(MAKEWORD(2, 2), &wsaData);
1044 if (err != 0) {
1045 pcapint_fmt_errmsg_for_win32_err(p->errbuf, PCAP_ERRBUF_SIZE,
1046 err, "Error calling WSAStartup()");
1047 return (PCAP_ERROR);
1048 }
1049 #endif
1050
1051 #ifdef ENABLE_REMOTE
1052 /*
1053 * If the device on which we're capturing need to be notified
1054 * that a new filter is being compiled, do so.
1055 *
1056 * This allows them to save a copy of it, in case, for example,
1057 * they're implementing a form of remote packet capture, and
1058 * want the remote machine to filter out the packets in which
1059 * it's sending the packets it's captured.
1060 *
1061 * XXX - the fact that we happen to be compiling a filter
1062 * doesn't necessarily mean we'll be installing it as the
1063 * filter for this pcap_t; we might be running it from userland
1064 * on captured packets to do packet classification. We really
1065 * need a better way of handling this, but this is all that
1066 * the WinPcap remote capture code did.
1067 */
1068 if (p->save_current_filter_op != NULL)
1069 (p->save_current_filter_op)(p, buf);
1070 #endif
1071
1072 initchunks(&cstate);
1073 cstate.no_optimize = 0;
1074 #ifdef INET6
1075 cstate.ai = NULL;
1076 #endif
1077 cstate.e = NULL;
1078 cstate.ic.root = NULL;
1079 cstate.ic.cur_mark = 0;
1080 cstate.bpf_pcap = p;
1081 cstate.error_set = 0;
1082 init_regs(&cstate);
1083
1084 cstate.netmask = mask;
1085
1086 cstate.snaplen = pcap_snapshot(p);
1087 if (cstate.snaplen == 0) {
1088 (void)snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1089 "snaplen of 0 rejects all packets");
1090 rc = PCAP_ERROR;
1091 goto quit;
1092 }
1093
1094 if (pcap_lex_init(&scanner) != 0) {
1095 pcapint_fmt_errmsg_for_errno(p->errbuf, PCAP_ERRBUF_SIZE,
1096 errno, "can't initialize scanner");
1097 rc = PCAP_ERROR;
1098 goto quit;
1099 }
1100 in_buffer = pcap__scan_string(buf ? buf : "", scanner);
1101
1102 /*
1103 * Associate the compiler state with the lexical analyzer
1104 * state.
1105 */
1106 pcap_set_extra(&cstate, scanner);
1107
1108 if (init_linktype(&cstate, p) == -1) {
1109 rc = PCAP_ERROR;
1110 goto quit;
1111 }
1112 if (pcap_parse(scanner, &cstate) != 0) {
1113 #ifdef INET6
1114 if (cstate.ai != NULL)
1115 freeaddrinfo(cstate.ai);
1116 #endif
1117 if (cstate.e != NULL)
1118 free(cstate.e);
1119 rc = PCAP_ERROR;
1120 goto quit;
1121 }
1122
1123 if (cstate.ic.root == NULL) {
1124 cstate.ic.root = gen_retblk(&cstate, cstate.snaplen);
1125
1126 /*
1127 * Catch errors reported by gen_retblk().
1128 */
1129 if (cstate.ic.root== NULL) {
1130 rc = PCAP_ERROR;
1131 goto quit;
1132 }
1133 }
1134
1135 if (optimize && !cstate.no_optimize) {
1136 if (bpf_optimize(&cstate.ic, p->errbuf) == -1) {
1137 /* Failure */
1138 rc = PCAP_ERROR;
1139 goto quit;
1140 }
1141 if (cstate.ic.root == NULL ||
1142 (cstate.ic.root->s.code == (BPF_RET|BPF_K) && cstate.ic.root->s.k == 0)) {
1143 (void)snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1144 "expression rejects all packets");
1145 rc = PCAP_ERROR;
1146 goto quit;
1147 }
1148 }
1149 program->bf_insns = icode_to_fcode(&cstate.ic,
1150 cstate.ic.root, &len, p->errbuf);
1151 if (program->bf_insns == NULL) {
1152 /* Failure */
1153 rc = PCAP_ERROR;
1154 goto quit;
1155 }
1156 program->bf_len = len;
1157
1158 rc = 0; /* We're all okay */
1159
1160 quit:
1161 /*
1162 * Clean up everything for the lexical analyzer.
1163 */
1164 if (in_buffer != NULL)
1165 pcap__delete_buffer(in_buffer, scanner);
1166 if (scanner != NULL)
1167 pcap_lex_destroy(scanner);
1168
1169 /*
1170 * Clean up our own allocated memory.
1171 */
1172 freechunks(&cstate);
1173
1174 #ifdef _WIN32
1175 WSACleanup();
1176 #endif
1177
1178 return (rc);
1179 }
1180
1181 /*
1182 * entry point for using the compiler with no pcap open
1183 * pass in all the stuff that is needed explicitly instead.
1184 */
1185 int
1186 pcap_compile_nopcap(int snaplen_arg, int linktype_arg,
1187 struct bpf_program *program,
1188 const char *buf, int optimize, bpf_u_int32 mask)
1189 {
1190 pcap_t *p;
1191 int ret;
1192
1193 p = pcap_open_dead(linktype_arg, snaplen_arg);
1194 if (p == NULL)
1195 return (PCAP_ERROR);
1196 ret = pcap_compile(p, program, buf, optimize, mask);
1197 pcap_close(p);
1198 return (ret);
1199 }
1200
1201 /*
1202 * Clean up a "struct bpf_program" by freeing all the memory allocated
1203 * in it.
1204 */
1205 void
1206 pcap_freecode(struct bpf_program *program)
1207 {
1208 program->bf_len = 0;
1209 if (program->bf_insns != NULL) {
1210 free((char *)program->bf_insns);
1211 program->bf_insns = NULL;
1212 }
1213 }
1214
1215 /*
1216 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates
1217 * which of the jt and jf fields has been resolved and which is a pointer
1218 * back to another unresolved block (or nil). At least one of the fields
1219 * in each block is already resolved.
1220 */
1221 static void
1222 backpatch(struct block *list, struct block *target)
1223 {
1224 struct block *next;
1225
1226 while (list) {
1227 if (!list->sense) {
1228 next = JT(list);
1229 JT(list) = target;
1230 } else {
1231 next = JF(list);
1232 JF(list) = target;
1233 }
1234 list = next;
1235 }
1236 }
1237
1238 /*
1239 * Merge the lists in b0 and b1, using the 'sense' field to indicate
1240 * which of jt and jf is the link.
1241 */
1242 static void
1243 merge(struct block *b0, struct block *b1)
1244 {
1245 register struct block **p = &b0;
1246
1247 /* Find end of list. */
1248 while (*p)
1249 p = !((*p)->sense) ? &JT(*p) : &JF(*p);
1250
1251 /* Concatenate the lists. */
1252 *p = b1;
1253 }
1254
1255 int
1256 finish_parse(compiler_state_t *cstate, struct block *p)
1257 {
1258 /*
1259 * Catch errors reported by us and routines below us, and return -1
1260 * on an error.
1261 */
1262 if (setjmp(cstate->top_ctx))
1263 return (-1);
1264
1265 /*
1266 * Insert before the statements of the first (root) block any
1267 * statements needed to load the lengths of any variable-length
1268 * headers into registers.
1269 *
1270 * XXX - a fancier strategy would be to insert those before the
1271 * statements of all blocks that use those lengths and that
1272 * have no predecessors that use them, so that we only compute
1273 * the lengths if we need them. There might be even better
1274 * approaches than that.
1275 *
1276 * However, those strategies would be more complicated, and
1277 * as we don't generate code to compute a length if the
1278 * program has no tests that use the length, and as most
1279 * tests will probably use those lengths, we would just
1280 * postpone computing the lengths so that it's not done
1281 * for tests that fail early, and it's not clear that's
1282 * worth the effort.
1283 */
1284 insert_compute_vloffsets(cstate, p->head);
1285
1286 /*
1287 * For DLT_PPI captures, generate a check of the per-packet
1288 * DLT value to make sure it's DLT_IEEE802_11.
1289 *
1290 * XXX - TurboCap cards use DLT_PPI for Ethernet.
1291 * Can we just define some DLT_ETHERNET_WITH_PHDR pseudo-header
1292 * with appropriate Ethernet information and use that rather
1293 * than using something such as DLT_PPI where you don't know
1294 * the link-layer header type until runtime, which, in the
1295 * general case, would force us to generate both Ethernet *and*
1296 * 802.11 code (*and* anything else for which PPI is used)
1297 * and choose between them early in the BPF program?
1298 */
1299 if (cstate->linktype == DLT_PPI) {
1300 struct block *ppi_dlt_check = gen_cmp(cstate, OR_PACKET,
1301 4, BPF_W, SWAPLONG(DLT_IEEE802_11));
1302 gen_and(ppi_dlt_check, p);
1303 }
1304
1305 backpatch(p, gen_retblk_internal(cstate, cstate->snaplen));
1306 p->sense = !p->sense;
1307 backpatch(p, gen_retblk_internal(cstate, 0));
1308 cstate->ic.root = p->head;
1309 return (0);
1310 }
1311
1312 void
1313 gen_and(struct block *b0, struct block *b1)
1314 {
1315 backpatch(b0, b1->head);
1316 b0->sense = !b0->sense;
1317 b1->sense = !b1->sense;
1318 merge(b1, b0);
1319 b1->sense = !b1->sense;
1320 b1->head = b0->head;
1321 }
1322
1323 void
1324 gen_or(struct block *b0, struct block *b1)
1325 {
1326 b0->sense = !b0->sense;
1327 backpatch(b0, b1->head);
1328 b0->sense = !b0->sense;
1329 merge(b1, b0);
1330 b1->head = b0->head;
1331 }
1332
1333 void
1334 gen_not(struct block *b)
1335 {
1336 b->sense = !b->sense;
1337 }
1338
1339 static struct block *
1340 gen_cmp(compiler_state_t *cstate, enum e_offrel offrel, u_int offset,
1341 u_int size, bpf_u_int32 v)
1342 {
1343 return gen_ncmp(cstate, offrel, offset, size, 0xffffffff, BPF_JEQ, 0, v);
1344 }
1345
1346 static struct block *
1347 gen_cmp_gt(compiler_state_t *cstate, enum e_offrel offrel, u_int offset,
1348 u_int size, bpf_u_int32 v)
1349 {
1350 return gen_ncmp(cstate, offrel, offset, size, 0xffffffff, BPF_JGT, 0, v);
1351 }
1352
1353 static struct block *
1354 gen_cmp_ge(compiler_state_t *cstate, enum e_offrel offrel, u_int offset,
1355 u_int size, bpf_u_int32 v)
1356 {
1357 return gen_ncmp(cstate, offrel, offset, size, 0xffffffff, BPF_JGE, 0, v);
1358 }
1359
1360 static struct block *
1361 gen_cmp_lt(compiler_state_t *cstate, enum e_offrel offrel, u_int offset,
1362 u_int size, bpf_u_int32 v)
1363 {
1364 return gen_ncmp(cstate, offrel, offset, size, 0xffffffff, BPF_JGE, 1, v);
1365 }
1366
1367 static struct block *
1368 gen_cmp_le(compiler_state_t *cstate, enum e_offrel offrel, u_int offset,
1369 u_int size, bpf_u_int32 v)
1370 {
1371 return gen_ncmp(cstate, offrel, offset, size, 0xffffffff, BPF_JGT, 1, v);
1372 }
1373
1374 static struct block *
1375 gen_mcmp(compiler_state_t *cstate, enum e_offrel offrel, u_int offset,
1376 u_int size, bpf_u_int32 v, bpf_u_int32 mask)
1377 {
1378 return gen_ncmp(cstate, offrel, offset, size, mask, BPF_JEQ, 0, v);
1379 }
1380
1381 static struct block *
1382 gen_bcmp(compiler_state_t *cstate, enum e_offrel offrel, u_int offset,
1383 u_int size, const u_char *v)
1384 {
1385 register struct block *b, *tmp;
1386
1387 b = NULL;
1388 while (size >= 4) {
1389 register const u_char *p = &v[size - 4];
1390
1391 tmp = gen_cmp(cstate, offrel, offset + size - 4, BPF_W,
1392 EXTRACT_BE_U_4(p));
1393 if (b != NULL)
1394 gen_and(b, tmp);
1395 b = tmp;
1396 size -= 4;
1397 }
1398 while (size >= 2) {
1399 register const u_char *p = &v[size - 2];
1400
1401 tmp = gen_cmp(cstate, offrel, offset + size - 2, BPF_H,
1402 EXTRACT_BE_U_2(p));
1403 if (b != NULL)
1404 gen_and(b, tmp);
1405 b = tmp;
1406 size -= 2;
1407 }
1408 if (size > 0) {
1409 tmp = gen_cmp(cstate, offrel, offset, BPF_B, v[0]);
1410 if (b != NULL)
1411 gen_and(b, tmp);
1412 b = tmp;
1413 }
1414 return b;
1415 }
1416
1417 /*
1418 * AND the field of size "size" at offset "offset" relative to the header
1419 * specified by "offrel" with "mask", and compare it with the value "v"
1420 * with the test specified by "jtype"; if "reverse" is true, the test
1421 * should test the opposite of "jtype".
1422 */
1423 static struct block *
1424 gen_ncmp(compiler_state_t *cstate, enum e_offrel offrel, u_int offset,
1425 u_int size, bpf_u_int32 mask, int jtype, int reverse,
1426 bpf_u_int32 v)
1427 {
1428 struct slist *s, *s2;
1429 struct block *b;
1430
1431 s = gen_load_a(cstate, offrel, offset, size);
1432
1433 if (mask != 0xffffffff) {
1434 s2 = new_stmt(cstate, BPF_ALU|BPF_AND|BPF_K);
1435 s2->s.k = mask;
1436 sappend(s, s2);
1437 }
1438
1439 b = new_block(cstate, JMP(jtype));
1440 b->stmts = s;
1441 b->s.k = v;
1442 if (reverse)
1443 gen_not(b);
1444 return b;
1445 }
1446
1447 static int
1448 init_linktype(compiler_state_t *cstate, pcap_t *p)
1449 {
1450 cstate->pcap_fddipad = p->fddipad;
1451
1452 /*
1453 * We start out with only one link-layer header.
1454 */
1455 cstate->outermostlinktype = pcap_datalink(p);
1456 cstate->off_outermostlinkhdr.constant_part = 0;
1457 cstate->off_outermostlinkhdr.is_variable = 0;
1458 cstate->off_outermostlinkhdr.reg = -1;
1459
1460 cstate->prevlinktype = cstate->outermostlinktype;
1461 cstate->off_prevlinkhdr.constant_part = 0;
1462 cstate->off_prevlinkhdr.is_variable = 0;
1463 cstate->off_prevlinkhdr.reg = -1;
1464
1465 cstate->linktype = cstate->outermostlinktype;
1466 cstate->off_linkhdr.constant_part = 0;
1467 cstate->off_linkhdr.is_variable = 0;
1468 cstate->off_linkhdr.reg = -1;
1469
1470 /*
1471 * XXX
1472 */
1473 cstate->off_linkpl.constant_part = 0;
1474 cstate->off_linkpl.is_variable = 0;
1475 cstate->off_linkpl.reg = -1;
1476
1477 cstate->off_linktype.constant_part = 0;
1478 cstate->off_linktype.is_variable = 0;
1479 cstate->off_linktype.reg = -1;
1480
1481 /*
1482 * Assume it's not raw ATM with a pseudo-header, for now.
1483 */
1484 cstate->is_atm = 0;
1485 cstate->off_vpi = OFFSET_NOT_SET;
1486 cstate->off_vci = OFFSET_NOT_SET;
1487 cstate->off_proto = OFFSET_NOT_SET;
1488 cstate->off_payload = OFFSET_NOT_SET;
1489
1490 /*
1491 * And not encapsulated with either Geneve or VXLAN.
1492 */
1493 cstate->is_encap = 0;
1494
1495 /*
1496 * No variable length VLAN offset by default
1497 */
1498 cstate->is_vlan_vloffset = 0;
1499
1500 /*
1501 * And assume we're not doing SS7.
1502 */
1503 cstate->off_li = OFFSET_NOT_SET;
1504 cstate->off_li_hsl = OFFSET_NOT_SET;
1505 cstate->off_sio = OFFSET_NOT_SET;
1506 cstate->off_opc = OFFSET_NOT_SET;
1507 cstate->off_dpc = OFFSET_NOT_SET;
1508 cstate->off_sls = OFFSET_NOT_SET;
1509
1510 cstate->label_stack_depth = 0;
1511 cstate->vlan_stack_depth = 0;
1512
1513 switch (cstate->linktype) {
1514
1515 case DLT_ARCNET:
1516 cstate->off_linktype.constant_part = 2;
1517 cstate->off_linkpl.constant_part = 6;
1518 cstate->off_nl = 0; /* XXX in reality, variable! */
1519 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */
1520 break;
1521
1522 case DLT_ARCNET_LINUX:
1523 cstate->off_linktype.constant_part = 4;
1524 cstate->off_linkpl.constant_part = 8;
1525 cstate->off_nl = 0; /* XXX in reality, variable! */
1526 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */
1527 break;
1528
1529 case DLT_EN10MB:
1530 cstate->off_linktype.constant_part = 12;
1531 cstate->off_linkpl.constant_part = 14; /* Ethernet header length */
1532 cstate->off_nl = 0; /* Ethernet II */
1533 cstate->off_nl_nosnap = 3; /* 802.3+802.2 */
1534 break;
1535
1536 case DLT_SLIP:
1537 /*
1538 * SLIP doesn't have a link level type. The 16 byte
1539 * header is hacked into our SLIP driver.
1540 */
1541 cstate->off_linktype.constant_part = OFFSET_NOT_SET;
1542 cstate->off_linkpl.constant_part = 16;
1543 cstate->off_nl = 0;
1544 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */
1545 break;
1546
1547 case DLT_SLIP_BSDOS:
1548 /* XXX this may be the same as the DLT_PPP_BSDOS case */
1549 cstate->off_linktype.constant_part = OFFSET_NOT_SET;
1550 /* XXX end */
1551 cstate->off_linkpl.constant_part = 24;
1552 cstate->off_nl = 0;
1553 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */
1554 break;
1555
1556 case DLT_NULL:
1557 case DLT_LOOP:
1558 cstate->off_linktype.constant_part = 0;
1559 cstate->off_linkpl.constant_part = 4;
1560 cstate->off_nl = 0;
1561 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */
1562 break;
1563
1564 case DLT_ENC:
1565 cstate->off_linktype.constant_part = 0;
1566 cstate->off_linkpl.constant_part = 12;
1567 cstate->off_nl = 0;
1568 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */
1569 break;
1570
1571 case DLT_PPP:
1572 case DLT_PPP_PPPD:
1573 case DLT_C_HDLC: /* BSD/OS Cisco HDLC */
1574 case DLT_HDLC: /* NetBSD (Cisco) HDLC */
1575 case DLT_PPP_SERIAL: /* NetBSD sync/async serial PPP */
1576 cstate->off_linktype.constant_part = 2; /* skip HDLC-like framing */
1577 cstate->off_linkpl.constant_part = 4; /* skip HDLC-like framing and protocol field */
1578 cstate->off_nl = 0;
1579 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */
1580 break;
1581
1582 case DLT_PPP_ETHER:
1583 /*
1584 * This does not include the Ethernet header, and
1585 * only covers session state.
1586 */
1587 cstate->off_linktype.constant_part = 6;
1588 cstate->off_linkpl.constant_part = 8;
1589 cstate->off_nl = 0;
1590 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */
1591 break;
1592
1593 case DLT_PPP_BSDOS:
1594 cstate->off_linktype.constant_part = 5;
1595 cstate->off_linkpl.constant_part = 24;
1596 cstate->off_nl = 0;
1597 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */
1598 break;
1599
1600 case DLT_FDDI:
1601 /*
1602 * FDDI doesn't really have a link-level type field.
1603 * We set "off_linktype" to the offset of the LLC header.
1604 *
1605 * To check for Ethernet types, we assume that SSAP = SNAP
1606 * is being used and pick out the encapsulated Ethernet type.
1607 * XXX - should we generate code to check for SNAP?
1608 */
1609 cstate->off_linktype.constant_part = 13;
1610 cstate->off_linktype.constant_part += cstate->pcap_fddipad;
1611 cstate->off_linkpl.constant_part = 13; /* FDDI MAC header length */
1612 cstate->off_linkpl.constant_part += cstate->pcap_fddipad;
1613 cstate->off_nl = 8; /* 802.2+SNAP */
1614 cstate->off_nl_nosnap = 3; /* 802.2 */
1615 break;
1616
1617 case DLT_IEEE802:
1618 /*
1619 * Token Ring doesn't really have a link-level type field.
1620 * We set "off_linktype" to the offset of the LLC header.
1621 *
1622 * To check for Ethernet types, we assume that SSAP = SNAP
1623 * is being used and pick out the encapsulated Ethernet type.
1624 * XXX - should we generate code to check for SNAP?
1625 *
1626 * XXX - the header is actually variable-length.
1627 * Some various Linux patched versions gave 38
1628 * as "off_linktype" and 40 as "off_nl"; however,
1629 * if a token ring packet has *no* routing
1630 * information, i.e. is not source-routed, the correct
1631 * values are 20 and 22, as they are in the vanilla code.
1632 *
1633 * A packet is source-routed iff the uppermost bit
1634 * of the first byte of the source address, at an
1635 * offset of 8, has the uppermost bit set. If the
1636 * packet is source-routed, the total number of bytes
1637 * of routing information is 2 plus bits 0x1F00 of
1638 * the 16-bit value at an offset of 14 (shifted right
1639 * 8 - figure out which byte that is).
1640 */
1641 cstate->off_linktype.constant_part = 14;
1642 cstate->off_linkpl.constant_part = 14; /* Token Ring MAC header length */
1643 cstate->off_nl = 8; /* 802.2+SNAP */
1644 cstate->off_nl_nosnap = 3; /* 802.2 */
1645 break;
1646
1647 case DLT_PRISM_HEADER:
1648 case DLT_IEEE802_11_RADIO_AVS:
1649 case DLT_IEEE802_11_RADIO:
1650 cstate->off_linkhdr.is_variable = 1;
1651 /* Fall through, 802.11 doesn't have a variable link
1652 * prefix but is otherwise the same. */
1653 /* FALLTHROUGH */
1654
1655 case DLT_IEEE802_11:
1656 /*
1657 * 802.11 doesn't really have a link-level type field.
1658 * We set "off_linktype.constant_part" to the offset of
1659 * the LLC header.
1660 *
1661 * To check for Ethernet types, we assume that SSAP = SNAP
1662 * is being used and pick out the encapsulated Ethernet type.
1663 * XXX - should we generate code to check for SNAP?
1664 *
1665 * We also handle variable-length radio headers here.
1666 * The Prism header is in theory variable-length, but in
1667 * practice it's always 144 bytes long. However, some
1668 * drivers on Linux use ARPHRD_IEEE80211_PRISM, but
1669 * sometimes or always supply an AVS header, so we
1670 * have to check whether the radio header is a Prism
1671 * header or an AVS header, so, in practice, it's
1672 * variable-length.
1673 */
1674 cstate->off_linktype.constant_part = 24;
1675 cstate->off_linkpl.constant_part = 0; /* link-layer header is variable-length */
1676 cstate->off_linkpl.is_variable = 1;
1677 cstate->off_nl = 8; /* 802.2+SNAP */
1678 cstate->off_nl_nosnap = 3; /* 802.2 */
1679 break;
1680
1681 case DLT_PPI:
1682 /*
1683 * At the moment we treat PPI the same way that we treat
1684 * normal Radiotap encoded packets. The difference is in
1685 * the function that generates the code at the beginning
1686 * to compute the header length. Since this code generator
1687 * of PPI supports bare 802.11 encapsulation only (i.e.
1688 * the encapsulated DLT should be DLT_IEEE802_11) we
1689 * generate code to check for this too.
1690 */
1691 cstate->off_linktype.constant_part = 24;
1692 cstate->off_linkpl.constant_part = 0; /* link-layer header is variable-length */
1693 cstate->off_linkpl.is_variable = 1;
1694 cstate->off_linkhdr.is_variable = 1;
1695 cstate->off_nl = 8; /* 802.2+SNAP */
1696 cstate->off_nl_nosnap = 3; /* 802.2 */
1697 break;
1698
1699 case DLT_ATM_RFC1483:
1700 case DLT_ATM_CLIP: /* Linux ATM defines this */
1701 /*
1702 * assume routed, non-ISO PDUs
1703 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00)
1704 *
1705 * XXX - what about ISO PDUs, e.g. CLNP, ISIS, ESIS,
1706 * or PPP with the PPP NLPID (e.g., PPPoA)? The
1707 * latter would presumably be treated the way PPPoE
1708 * should be, so you can do "pppoe and udp port 2049"
1709 * or "pppoa and tcp port 80" and have it check for
1710 * PPPo{A,E} and a PPP protocol of IP and....
1711 */
1712 cstate->off_linktype.constant_part = 0;
1713 cstate->off_linkpl.constant_part = 0; /* packet begins with LLC header */
1714 cstate->off_nl = 8; /* 802.2+SNAP */
1715 cstate->off_nl_nosnap = 3; /* 802.2 */
1716 break;
1717
1718 case DLT_SUNATM:
1719 /*
1720 * Full Frontal ATM; you get AALn PDUs with an ATM
1721 * pseudo-header.
1722 */
1723 cstate->is_atm = 1;
1724 cstate->off_vpi = SUNATM_VPI_POS;
1725 cstate->off_vci = SUNATM_VCI_POS;
1726 cstate->off_proto = PROTO_POS;
1727 cstate->off_payload = SUNATM_PKT_BEGIN_POS;
1728 cstate->off_linktype.constant_part = cstate->off_payload;
1729 cstate->off_linkpl.constant_part = cstate->off_payload; /* if LLC-encapsulated */
1730 cstate->off_nl = 8; /* 802.2+SNAP */
1731 cstate->off_nl_nosnap = 3; /* 802.2 */
1732 break;
1733
1734 case DLT_RAW:
1735 case DLT_IPV4:
1736 case DLT_IPV6:
1737 cstate->off_linktype.constant_part = OFFSET_NOT_SET;
1738 cstate->off_linkpl.constant_part = 0;
1739 cstate->off_nl = 0;
1740 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */
1741 break;
1742
1743 case DLT_LINUX_SLL: /* fake header for Linux cooked socket v1 */
1744 cstate->off_linktype.constant_part = 14;
1745 cstate->off_linkpl.constant_part = 16;
1746 cstate->off_nl = 0;
1747 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */
1748 break;
1749
1750 case DLT_LINUX_SLL2: /* fake header for Linux cooked socket v2 */
1751 cstate->off_linktype.constant_part = 0;
1752 cstate->off_linkpl.constant_part = 20;
1753 cstate->off_nl = 0;
1754 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */
1755 break;
1756
1757 case DLT_LTALK:
1758 /*
1759 * LocalTalk does have a 1-byte type field in the LLAP header,
1760 * but really it just indicates whether there is a "short" or
1761 * "long" DDP packet following.
1762 */
1763 cstate->off_linktype.constant_part = OFFSET_NOT_SET;
1764 cstate->off_linkpl.constant_part = 0;
1765 cstate->off_nl = 0;
1766 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */
1767 break;
1768
1769 case DLT_IP_OVER_FC:
1770 /*
1771 * RFC 2625 IP-over-Fibre-Channel doesn't really have a
1772 * link-level type field. We set "off_linktype" to the
1773 * offset of the LLC header.
1774 *
1775 * To check for Ethernet types, we assume that SSAP = SNAP
1776 * is being used and pick out the encapsulated Ethernet type.
1777 * XXX - should we generate code to check for SNAP? RFC
1778 * 2625 says SNAP should be used.
1779 */
1780 cstate->off_linktype.constant_part = 16;
1781 cstate->off_linkpl.constant_part = 16;
1782 cstate->off_nl = 8; /* 802.2+SNAP */
1783 cstate->off_nl_nosnap = 3; /* 802.2 */
1784 break;
1785
1786 case DLT_FRELAY:
1787 /*
1788 * XXX - we should set this to handle SNAP-encapsulated
1789 * frames (NLPID of 0x80).
1790 */
1791 cstate->off_linktype.constant_part = OFFSET_NOT_SET;
1792 cstate->off_linkpl.constant_part = 0;
1793 cstate->off_nl = 0;
1794 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */
1795 break;
1796
1797 /*
1798 * the only BPF-interesting FRF.16 frames are non-control frames;
1799 * Frame Relay has a variable length link-layer
1800 * so lets start with offset 4 for now and increments later on (FIXME);
1801 */
1802 case DLT_MFR:
1803 cstate->off_linktype.constant_part = OFFSET_NOT_SET;
1804 cstate->off_linkpl.constant_part = 0;
1805 cstate->off_nl = 4;
1806 cstate->off_nl_nosnap = 0; /* XXX - for now -> no 802.2 LLC */
1807 break;
1808
1809 case DLT_APPLE_IP_OVER_IEEE1394:
1810 cstate->off_linktype.constant_part = 16;
1811 cstate->off_linkpl.constant_part = 18;
1812 cstate->off_nl = 0;
1813 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */
1814 break;
1815
1816 case DLT_SYMANTEC_FIREWALL:
1817 cstate->off_linktype.constant_part = 6;
1818 cstate->off_linkpl.constant_part = 44;
1819 cstate->off_nl = 0; /* Ethernet II */
1820 cstate->off_nl_nosnap = 0; /* XXX - what does it do with 802.3 packets? */
1821 break;
1822
1823 case DLT_PFLOG:
1824 cstate->off_linktype.constant_part = 0;
1825 cstate->off_linkpl.constant_part = 0; /* link-layer header is variable-length */
1826 cstate->off_linkpl.is_variable = 1;
1827 cstate->off_nl = 0;
1828 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */
1829 break;
1830
1831 case DLT_JUNIPER_MFR:
1832 case DLT_JUNIPER_MLFR:
1833 case DLT_JUNIPER_MLPPP:
1834 case DLT_JUNIPER_PPP:
1835 case DLT_JUNIPER_CHDLC:
1836 case DLT_JUNIPER_FRELAY:
1837 cstate->off_linktype.constant_part = 4;
1838 cstate->off_linkpl.constant_part = 4;
1839 cstate->off_nl = 0;
1840 cstate->off_nl_nosnap = OFFSET_NOT_SET; /* no 802.2 LLC */
1841 break;
1842
1843 case DLT_JUNIPER_ATM1:
1844 cstate->off_linktype.constant_part = 4; /* in reality variable between 4-8 */
1845 cstate->off_linkpl.constant_part = 4; /* in reality variable between 4-8 */
1846 cstate->off_nl = 0;
1847 cstate->off_nl_nosnap = 10;
1848 break;
1849
1850 case DLT_JUNIPER_ATM2:
1851 cstate->off_linktype.constant_part = 8; /* in reality variable between 8-12 */
1852 cstate->off_linkpl.constant_part = 8; /* in reality variable between 8-12 */
1853 cstate->off_nl = 0;
1854 cstate->off_nl_nosnap = 10;
1855 break;
1856
1857 /* frames captured on a Juniper PPPoE service PIC
1858 * contain raw ethernet frames */
1859 case DLT_JUNIPER_PPPOE:
1860 case DLT_JUNIPER_ETHER:
1861 cstate->off_linkpl.constant_part = 14;
1862 cstate->off_linktype.constant_part = 16;
1863 cstate->off_nl = 18; /* Ethernet II */
1864 cstate->off_nl_nosnap = 21; /* 802.3+802.2 */
1865 break;
1866
1867 case DLT_JUNIPER_PPPOE_ATM:
1868 cstate->off_linktype.constant_part = 4;
1869 cstate->off_linkpl.constant_part = 6;
1870 cstate->off_nl = 0;
1871 cstate->off_nl_nosnap = OFFSET_NOT_SET; /* no 802.2 LLC */
1872 break;
1873
1874 case DLT_JUNIPER_GGSN:
1875 cstate->off_linktype.constant_part = 6;
1876 cstate->off_linkpl.constant_part = 12;
1877 cstate->off_nl = 0;
1878 cstate->off_nl_nosnap = OFFSET_NOT_SET; /* no 802.2 LLC */
1879 break;
1880
1881 case DLT_JUNIPER_ES:
1882 cstate->off_linktype.constant_part = 6;
1883 cstate->off_linkpl.constant_part = OFFSET_NOT_SET; /* not really a network layer but raw IP addresses */
1884 cstate->off_nl = OFFSET_NOT_SET; /* not really a network layer but raw IP addresses */
1885 cstate->off_nl_nosnap = OFFSET_NOT_SET; /* no 802.2 LLC */
1886 break;
1887
1888 case DLT_JUNIPER_MONITOR:
1889 cstate->off_linktype.constant_part = 12;
1890 cstate->off_linkpl.constant_part = 12;
1891 cstate->off_nl = 0; /* raw IP/IP6 header */
1892 cstate->off_nl_nosnap = OFFSET_NOT_SET; /* no 802.2 LLC */
1893 break;
1894
1895 case DLT_BACNET_MS_TP:
1896 cstate->off_linktype.constant_part = OFFSET_NOT_SET;
1897 cstate->off_linkpl.constant_part = OFFSET_NOT_SET;
1898 cstate->off_nl = OFFSET_NOT_SET;
1899 cstate->off_nl_nosnap = OFFSET_NOT_SET;
1900 break;
1901
1902 case DLT_JUNIPER_SERVICES:
1903 cstate->off_linktype.constant_part = 12;
1904 cstate->off_linkpl.constant_part = OFFSET_NOT_SET; /* L3 proto location dep. on cookie type */
1905 cstate->off_nl = OFFSET_NOT_SET; /* L3 proto location dep. on cookie type */
1906 cstate->off_nl_nosnap = OFFSET_NOT_SET; /* no 802.2 LLC */
1907 break;
1908
1909 case DLT_JUNIPER_VP:
1910 cstate->off_linktype.constant_part = 18;
1911 cstate->off_linkpl.constant_part = OFFSET_NOT_SET;
1912 cstate->off_nl = OFFSET_NOT_SET;
1913 cstate->off_nl_nosnap = OFFSET_NOT_SET;
1914 break;
1915
1916 case DLT_JUNIPER_ST:
1917 cstate->off_linktype.constant_part = 18;
1918 cstate->off_linkpl.constant_part = OFFSET_NOT_SET;
1919 cstate->off_nl = OFFSET_NOT_SET;
1920 cstate->off_nl_nosnap = OFFSET_NOT_SET;
1921 break;
1922
1923 case DLT_JUNIPER_ISM:
1924 cstate->off_linktype.constant_part = 8;
1925 cstate->off_linkpl.constant_part = OFFSET_NOT_SET;
1926 cstate->off_nl = OFFSET_NOT_SET;
1927 cstate->off_nl_nosnap = OFFSET_NOT_SET;
1928 break;
1929
1930 case DLT_JUNIPER_VS:
1931 case DLT_JUNIPER_SRX_E2E:
1932 case DLT_JUNIPER_FIBRECHANNEL:
1933 case DLT_JUNIPER_ATM_CEMIC:
1934 cstate->off_linktype.constant_part = 8;
1935 cstate->off_linkpl.constant_part = OFFSET_NOT_SET;
1936 cstate->off_nl = OFFSET_NOT_SET;
1937 cstate->off_nl_nosnap = OFFSET_NOT_SET;
1938 break;
1939
1940 case DLT_MTP2:
1941 cstate->off_li = 2;
1942 cstate->off_li_hsl = 4;
1943 cstate->off_sio = 3;
1944 cstate->off_opc = 4;
1945 cstate->off_dpc = 4;
1946 cstate->off_sls = 7;
1947 cstate->off_linktype.constant_part = OFFSET_NOT_SET;
1948 cstate->off_linkpl.constant_part = OFFSET_NOT_SET;
1949 cstate->off_nl = OFFSET_NOT_SET;
1950 cstate->off_nl_nosnap = OFFSET_NOT_SET;
1951 break;
1952
1953 case DLT_MTP2_WITH_PHDR:
1954 cstate->off_li = 6;
1955 cstate->off_li_hsl = 8;
1956 cstate->off_sio = 7;
1957 cstate->off_opc = 8;
1958 cstate->off_dpc = 8;
1959 cstate->off_sls = 11;
1960 cstate->off_linktype.constant_part = OFFSET_NOT_SET;
1961 cstate->off_linkpl.constant_part = OFFSET_NOT_SET;
1962 cstate->off_nl = OFFSET_NOT_SET;
1963 cstate->off_nl_nosnap = OFFSET_NOT_SET;
1964 break;
1965
1966 case DLT_ERF:
1967 cstate->off_li = 22;
1968 cstate->off_li_hsl = 24;
1969 cstate->off_sio = 23;
1970 cstate->off_opc = 24;
1971 cstate->off_dpc = 24;
1972 cstate->off_sls = 27;
1973 cstate->off_linktype.constant_part = OFFSET_NOT_SET;
1974 cstate->off_linkpl.constant_part = OFFSET_NOT_SET;
1975 cstate->off_nl = OFFSET_NOT_SET;
1976 cstate->off_nl_nosnap = OFFSET_NOT_SET;
1977 break;
1978
1979 case DLT_PFSYNC:
1980 cstate->off_linktype.constant_part = OFFSET_NOT_SET;
1981 cstate->off_linkpl.constant_part = 4;
1982 cstate->off_nl = 0;
1983 cstate->off_nl_nosnap = 0;
1984 break;
1985
1986 case DLT_AX25_KISS:
1987 /*
1988 * Currently, only raw "link[N:M]" filtering is supported.
1989 */
1990 cstate->off_linktype.constant_part = OFFSET_NOT_SET; /* variable, min 15, max 71 steps of 7 */
1991 cstate->off_linkpl.constant_part = OFFSET_NOT_SET;
1992 cstate->off_nl = OFFSET_NOT_SET; /* variable, min 16, max 71 steps of 7 */
1993 cstate->off_nl_nosnap = OFFSET_NOT_SET; /* no 802.2 LLC */
1994 break;
1995
1996 case DLT_IPNET:
1997 cstate->off_linktype.constant_part = 1;
1998 cstate->off_linkpl.constant_part = 24; /* ipnet header length */
1999 cstate->off_nl = 0;
2000 cstate->off_nl_nosnap = OFFSET_NOT_SET;
2001 break;
2002
2003 case DLT_NETANALYZER:
2004 cstate->off_linkhdr.constant_part = 4; /* Ethernet header is past 4-byte pseudo-header */
2005 cstate->off_linktype.constant_part = cstate->off_linkhdr.constant_part + 12;
2006 cstate->off_linkpl.constant_part = cstate->off_linkhdr.constant_part + 14; /* pseudo-header+Ethernet header length */
2007 cstate->off_nl = 0; /* Ethernet II */
2008 cstate->off_nl_nosnap = 3; /* 802.3+802.2 */
2009 break;
2010
2011 case DLT_NETANALYZER_TRANSPARENT:
2012 cstate->off_linkhdr.constant_part = 12; /* MAC header is past 4-byte pseudo-header, preamble, and SFD */
2013 cstate->off_linktype.constant_part = cstate->off_linkhdr.constant_part + 12;
2014 cstate->off_linkpl.constant_part = cstate->off_linkhdr.constant_part + 14; /* pseudo-header+preamble+SFD+Ethernet header length */
2015 cstate->off_nl = 0; /* Ethernet II */
2016 cstate->off_nl_nosnap = 3; /* 802.3+802.2 */
2017 break;
2018
2019 default:
2020 /*
2021 * For values in the range in which we've assigned new
2022 * DLT_ values, only raw "link[N:M]" filtering is supported.
2023 */
2024 if (cstate->linktype >= DLT_HIGH_MATCHING_MIN &&
2025 cstate->linktype <= DLT_HIGH_MATCHING_MAX) {
2026 cstate->off_linktype.constant_part = OFFSET_NOT_SET;
2027 cstate->off_linkpl.constant_part = OFFSET_NOT_SET;
2028 cstate->off_nl = OFFSET_NOT_SET;
2029 cstate->off_nl_nosnap = OFFSET_NOT_SET;
2030 } else {
2031 bpf_set_error(cstate, "unknown data link type %d (min %d, max %d)",
2032 cstate->linktype, DLT_HIGH_MATCHING_MIN, DLT_HIGH_MATCHING_MAX);
2033 return (-1);
2034 }
2035 break;
2036 }
2037
2038 cstate->off_outermostlinkhdr = cstate->off_prevlinkhdr = cstate->off_linkhdr;
2039 return (0);
2040 }
2041
2042 /*
2043 * Load a value relative to the specified absolute offset.
2044 */
2045 static struct slist *
2046 gen_load_absoffsetrel(compiler_state_t *cstate, bpf_abs_offset *abs_offset,
2047 u_int offset, u_int size)
2048 {
2049 struct slist *s, *s2;
2050
2051 s = gen_abs_offset_varpart(cstate, abs_offset);
2052
2053 /*
2054 * If "s" is non-null, it has code to arrange that the X register
2055 * contains the variable part of the absolute offset, so we
2056 * generate a load relative to that, with an offset of
2057 * abs_offset->constant_part + offset.
2058 *
2059 * Otherwise, we can do an absolute load with an offset of
2060 * abs_offset->constant_part + offset.
2061 */
2062 if (s != NULL) {
2063 /*
2064 * "s" points to a list of statements that puts the
2065 * variable part of the absolute offset into the X register.
2066 * Do an indirect load, to use the X register as an offset.
2067 */
2068 s2 = new_stmt(cstate, BPF_LD|BPF_IND|size);
2069 s2->s.k = abs_offset->constant_part + offset;
2070 sappend(s, s2);
2071 } else {
2072 /*
2073 * There is no variable part of the absolute offset, so
2074 * just do an absolute load.
2075 */
2076 s = new_stmt(cstate, BPF_LD|BPF_ABS|size);
2077 s->s.k = abs_offset->constant_part + offset;
2078 }
2079 return s;
2080 }
2081
2082 /*
2083 * Load a value relative to the beginning of the specified header.
2084 */
2085 static struct slist *
2086 gen_load_a(compiler_state_t *cstate, enum e_offrel offrel, u_int offset,
2087 u_int size)
2088 {
2089 struct slist *s, *s2;
2090
2091 /*
2092 * Squelch warnings from compilers that *don't* assume that
2093 * offrel always has a valid enum value and therefore don't
2094 * assume that we'll always go through one of the case arms.
2095 *
2096 * If we have a default case, compilers that *do* assume that
2097 * will then complain about the default case code being
2098 * unreachable.
2099 *
2100 * Damned if you do, damned if you don't.
2101 */
2102 s = NULL;
2103
2104 switch (offrel) {
2105
2106 case OR_PACKET:
2107 s = new_stmt(cstate, BPF_LD|BPF_ABS|size);
2108 s->s.k = offset;
2109 break;
2110
2111 case OR_LINKHDR:
2112 s = gen_load_absoffsetrel(cstate, &cstate->off_linkhdr, offset, size);
2113 break;
2114
2115 case OR_PREVLINKHDR:
2116 s = gen_load_absoffsetrel(cstate, &cstate->off_prevlinkhdr, offset, size);
2117 break;
2118
2119 case OR_LLC:
2120 s = gen_load_absoffsetrel(cstate, &cstate->off_linkpl, offset, size);
2121 break;
2122
2123 case OR_PREVMPLSHDR:
2124 s = gen_load_absoffsetrel(cstate, &cstate->off_linkpl, cstate->off_nl - 4 + offset, size);
2125 break;
2126
2127 case OR_LINKPL:
2128 s = gen_load_absoffsetrel(cstate, &cstate->off_linkpl, cstate->off_nl + offset, size);
2129 break;
2130
2131 case OR_LINKPL_NOSNAP:
2132 s = gen_load_absoffsetrel(cstate, &cstate->off_linkpl, cstate->off_nl_nosnap + offset, size);
2133 break;
2134
2135 case OR_LINKTYPE:
2136 s = gen_load_absoffsetrel(cstate, &cstate->off_linktype, offset, size);
2137 break;
2138
2139 case OR_TRAN_IPV4:
2140 /*
2141 * Load the X register with the length of the IPv4 header
2142 * (plus the offset of the link-layer header, if it's
2143 * preceded by a variable-length header such as a radio
2144 * header), in bytes.
2145 */
2146 s = gen_loadx_iphdrlen(cstate);
2147
2148 /*
2149 * Load the item at {offset of the link-layer payload} +
2150 * {offset, relative to the start of the link-layer
2151 * payload, of the IPv4 header} + {length of the IPv4 header} +
2152 * {specified offset}.
2153 *
2154 * If the offset of the link-layer payload is variable,
2155 * the variable part of that offset is included in the
2156 * value in the X register, and we include the constant
2157 * part in the offset of the load.
2158 */
2159 s2 = new_stmt(cstate, BPF_LD|BPF_IND|size);
2160 s2->s.k = cstate->off_linkpl.constant_part + cstate->off_nl + offset;
2161 sappend(s, s2);
2162 break;
2163
2164 case OR_TRAN_IPV6:
2165 s = gen_load_absoffsetrel(cstate, &cstate->off_linkpl, cstate->off_nl + 40 + offset, size);
2166 break;
2167 }
2168 return s;
2169 }
2170
2171 /*
2172 * Generate code to load into the X register the sum of the length of
2173 * the IPv4 header and the variable part of the offset of the link-layer
2174 * payload.
2175 */
2176 static struct slist *
2177 gen_loadx_iphdrlen(compiler_state_t *cstate)
2178 {
2179 struct slist *s, *s2;
2180
2181 s = gen_abs_offset_varpart(cstate, &cstate->off_linkpl);
2182 if (s != NULL) {
2183 /*
2184 * The offset of the link-layer payload has a variable
2185 * part. "s" points to a list of statements that put
2186 * the variable part of that offset into the X register.
2187 *
2188 * The 4*([k]&0xf) addressing mode can't be used, as we
2189 * don't have a constant offset, so we have to load the
2190 * value in question into the A register and add to it
2191 * the value from the X register.
2192 */
2193 s2 = new_stmt(cstate, BPF_LD|BPF_IND|BPF_B);
2194 s2->s.k = cstate->off_linkpl.constant_part + cstate->off_nl;
2195 sappend(s, s2);
2196 s2 = new_stmt(cstate, BPF_ALU|BPF_AND|BPF_K);
2197 s2->s.k = 0xf;
2198 sappend(s, s2);
2199 s2 = new_stmt(cstate, BPF_ALU|BPF_LSH|BPF_K);
2200 s2->s.k = 2;
2201 sappend(s, s2);
2202
2203 /*
2204 * The A register now contains the length of the IP header.
2205 * We need to add to it the variable part of the offset of
2206 * the link-layer payload, which is still in the X
2207 * register, and move the result into the X register.
2208 */
2209 sappend(s, new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_X));
2210 sappend(s, new_stmt(cstate, BPF_MISC|BPF_TAX));
2211 } else {
2212 /*
2213 * The offset of the link-layer payload is a constant,
2214 * so no code was generated to load the (nonexistent)
2215 * variable part of that offset.
2216 *
2217 * This means we can use the 4*([k]&0xf) addressing
2218 * mode. Load the length of the IPv4 header, which
2219 * is at an offset of cstate->off_nl from the beginning of
2220 * the link-layer payload, and thus at an offset of
2221 * cstate->off_linkpl.constant_part + cstate->off_nl from the beginning
2222 * of the raw packet data, using that addressing mode.
2223 */
2224 s = new_stmt(cstate, BPF_LDX|BPF_MSH|BPF_B);
2225 s->s.k = cstate->off_linkpl.constant_part + cstate->off_nl;
2226 }
2227 return s;
2228 }
2229
2230
2231 static struct block *
2232 gen_uncond(compiler_state_t *cstate, int rsense)
2233 {
2234 struct block *b;
2235 struct slist *s;
2236
2237 s = new_stmt(cstate, BPF_LD|BPF_IMM);
2238 s->s.k = !rsense;
2239 b = new_block(cstate, JMP(BPF_JEQ));
2240 b->stmts = s;
2241
2242 return b;
2243 }
2244
2245 static inline struct block *
2246 gen_true(compiler_state_t *cstate)
2247 {
2248 return gen_uncond(cstate, 1);
2249 }
2250
2251 static inline struct block *
2252 gen_false(compiler_state_t *cstate)
2253 {
2254 return gen_uncond(cstate, 0);
2255 }
2256
2257 /*
2258 * Generate code to match a particular packet type.
2259 *
2260 * "proto" is an Ethernet type value, if > ETHERMTU, or an LLC SAP
2261 * value, if <= ETHERMTU. We use that to determine whether to
2262 * match the type/length field or to check the type/length field for
2263 * a value <= ETHERMTU to see whether it's a type field and then do
2264 * the appropriate test.
2265 */
2266 static struct block *
2267 gen_ether_linktype(compiler_state_t *cstate, bpf_u_int32 ll_proto)
2268 {
2269 struct block *b0, *b1;
2270
2271 switch (ll_proto) {
2272
2273 case LLCSAP_ISONS:
2274 case LLCSAP_IP:
2275 case LLCSAP_NETBEUI:
2276 /*
2277 * OSI protocols and NetBEUI always use 802.2 encapsulation,
2278 * so we check the DSAP and SSAP.
2279 *
2280 * LLCSAP_IP checks for IP-over-802.2, rather
2281 * than IP-over-Ethernet or IP-over-SNAP.
2282 *
2283 * XXX - should we check both the DSAP and the
2284 * SSAP, like this, or should we check just the
2285 * DSAP, as we do for other types <= ETHERMTU
2286 * (i.e., other SAP values)?
2287 */
2288 b0 = gen_cmp_le(cstate, OR_LINKTYPE, 0, BPF_H, ETHERMTU);
2289 b1 = gen_cmp(cstate, OR_LLC, 0, BPF_H, (ll_proto << 8) | ll_proto);
2290 gen_and(b0, b1);
2291 return b1;
2292
2293 case LLCSAP_IPX:
2294 /*
2295 * Check for;
2296 *
2297 * Ethernet_II frames, which are Ethernet
2298 * frames with a frame type of ETHERTYPE_IPX;
2299 *
2300 * Ethernet_802.3 frames, which are 802.3
2301 * frames (i.e., the type/length field is
2302 * a length field, <= ETHERMTU, rather than
2303 * a type field) with the first two bytes
2304 * after the Ethernet/802.3 header being
2305 * 0xFFFF;
2306 *
2307 * Ethernet_802.2 frames, which are 802.3
2308 * frames with an 802.2 LLC header and
2309 * with the IPX LSAP as the DSAP in the LLC
2310 * header;
2311 *
2312 * Ethernet_SNAP frames, which are 802.3
2313 * frames with an LLC header and a SNAP
2314 * header and with an OUI of 0x000000
2315 * (encapsulated Ethernet) and a protocol
2316 * ID of ETHERTYPE_IPX in the SNAP header.
2317 *
2318 * XXX - should we generate the same code both
2319 * for tests for LLCSAP_IPX and for ETHERTYPE_IPX?
2320 */
2321
2322 /*
2323 * This generates code to check both for the
2324 * IPX LSAP (Ethernet_802.2) and for Ethernet_802.3.
2325 */
2326 b0 = gen_cmp(cstate, OR_LLC, 0, BPF_B, LLCSAP_IPX);
2327 b1 = gen_cmp(cstate, OR_LLC, 0, BPF_H, 0xFFFF);
2328 gen_or(b0, b1);
2329
2330 /*
2331 * Now we add code to check for SNAP frames with
2332 * ETHERTYPE_IPX, i.e. Ethernet_SNAP.
2333 */
2334 b0 = gen_snap(cstate, 0x000000, ETHERTYPE_IPX);
2335 gen_or(b0, b1);
2336
2337 /*
2338 * Now we generate code to check for 802.3
2339 * frames in general.
2340 */
2341 b0 = gen_cmp_le(cstate, OR_LINKTYPE, 0, BPF_H, ETHERMTU);
2342
2343 /*
2344 * Now add the check for 802.3 frames before the
2345 * check for Ethernet_802.2 and Ethernet_802.3,
2346 * as those checks should only be done on 802.3
2347 * frames, not on Ethernet frames.
2348 */
2349 gen_and(b0, b1);
2350
2351 /*
2352 * Now add the check for Ethernet_II frames, and
2353 * do that before checking for the other frame
2354 * types.
2355 */
2356 b0 = gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, ETHERTYPE_IPX);
2357 gen_or(b0, b1);
2358 return b1;
2359
2360 case ETHERTYPE_ATALK:
2361 case ETHERTYPE_AARP:
2362 /*
2363 * EtherTalk (AppleTalk protocols on Ethernet link
2364 * layer) may use 802.2 encapsulation.
2365 */
2366
2367 /*
2368 * Check for 802.2 encapsulation (EtherTalk phase 2?);
2369 * we check for an Ethernet type field less or equal than
2370 * 1500, which means it's an 802.3 length field.
2371 */
2372 b0 = gen_cmp_le(cstate, OR_LINKTYPE, 0, BPF_H, ETHERMTU);
2373
2374 /*
2375 * 802.2-encapsulated ETHERTYPE_ATALK packets are
2376 * SNAP packets with an organization code of
2377 * 0x080007 (Apple, for Appletalk) and a protocol
2378 * type of ETHERTYPE_ATALK (Appletalk).
2379 *
2380 * 802.2-encapsulated ETHERTYPE_AARP packets are
2381 * SNAP packets with an organization code of
2382 * 0x000000 (encapsulated Ethernet) and a protocol
2383 * type of ETHERTYPE_AARP (Appletalk ARP).
2384 */
2385 if (ll_proto == ETHERTYPE_ATALK)
2386 b1 = gen_snap(cstate, 0x080007, ETHERTYPE_ATALK);
2387 else /* ll_proto == ETHERTYPE_AARP */
2388 b1 = gen_snap(cstate, 0x000000, ETHERTYPE_AARP);
2389 gen_and(b0, b1);
2390
2391 /*
2392 * Check for Ethernet encapsulation (Ethertalk
2393 * phase 1?); we just check for the Ethernet
2394 * protocol type.
2395 */
2396 b0 = gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, ll_proto);
2397
2398 gen_or(b0, b1);
2399 return b1;
2400
2401 default:
2402 if (ll_proto <= ETHERMTU) {
2403 /*
2404 * This is an LLC SAP value, so the frames
2405 * that match would be 802.2 frames.
2406 * Check that the frame is an 802.2 frame
2407 * (i.e., that the length/type field is
2408 * a length field, <= ETHERMTU) and
2409 * then check the DSAP.
2410 */
2411 b0 = gen_cmp_le(cstate, OR_LINKTYPE, 0, BPF_H, ETHERMTU);
2412 b1 = gen_cmp(cstate, OR_LINKTYPE, 2, BPF_B, ll_proto);
2413 gen_and(b0, b1);
2414 return b1;
2415 } else {
2416 /*
2417 * This is an Ethernet type, so compare
2418 * the length/type field with it (if
2419 * the frame is an 802.2 frame, the length
2420 * field will be <= ETHERMTU, and, as
2421 * "ll_proto" is > ETHERMTU, this test
2422 * will fail and the frame won't match,
2423 * which is what we want).
2424 */
2425 return gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, ll_proto);
2426 }
2427 }
2428 }
2429
2430 static struct block *
2431 gen_loopback_linktype(compiler_state_t *cstate, bpf_u_int32 ll_proto)
2432 {
2433 /*
2434 * For DLT_NULL, the link-layer header is a 32-bit word
2435 * containing an AF_ value in *host* byte order, and for
2436 * DLT_ENC, the link-layer header begins with a 32-bit
2437 * word containing an AF_ value in host byte order.
2438 *
2439 * In addition, if we're reading a saved capture file,
2440 * the host byte order in the capture may not be the
2441 * same as the host byte order on this machine.
2442 *
2443 * For DLT_LOOP, the link-layer header is a 32-bit
2444 * word containing an AF_ value in *network* byte order.
2445 */
2446 if (cstate->linktype == DLT_NULL || cstate->linktype == DLT_ENC) {
2447 /*
2448 * The AF_ value is in host byte order, but the BPF
2449 * interpreter will convert it to network byte order.
2450 *
2451 * If this is a save file, and it's from a machine
2452 * with the opposite byte order to ours, we byte-swap
2453 * the AF_ value.
2454 *
2455 * Then we run it through "htonl()", and generate
2456 * code to compare against the result.
2457 */
2458 if (cstate->bpf_pcap->rfile != NULL && cstate->bpf_pcap->swapped)
2459 ll_proto = SWAPLONG(ll_proto);
2460 ll_proto = htonl(ll_proto);
2461 }
2462 return (gen_cmp(cstate, OR_LINKHDR, 0, BPF_W, ll_proto));
2463 }
2464
2465 /*
2466 * "proto" is an Ethernet type value and for IPNET, if it is not IPv4
2467 * or IPv6 then we have an error.
2468 */
2469 static struct block *
2470 gen_ipnet_linktype(compiler_state_t *cstate, bpf_u_int32 ll_proto)
2471 {
2472 switch (ll_proto) {
2473
2474 case ETHERTYPE_IP:
2475 return gen_cmp(cstate, OR_LINKTYPE, 0, BPF_B, IPH_AF_INET);
2476 /*NOTREACHED*/
2477
2478 case ETHERTYPE_IPV6:
2479 return gen_cmp(cstate, OR_LINKTYPE, 0, BPF_B, IPH_AF_INET6);
2480 /*NOTREACHED*/
2481
2482 default:
2483 break;
2484 }
2485
2486 return gen_false(cstate);
2487 }
2488
2489 /*
2490 * Generate code to match a particular packet type.
2491 *
2492 * "ll_proto" is an Ethernet type value, if > ETHERMTU, or an LLC SAP
2493 * value, if <= ETHERMTU. We use that to determine whether to
2494 * match the type field or to check the type field for the special
2495 * LINUX_SLL_P_802_2 value and then do the appropriate test.
2496 */
2497 static struct block *
2498 gen_linux_sll_linktype(compiler_state_t *cstate, bpf_u_int32 ll_proto)
2499 {
2500 struct block *b0, *b1;
2501
2502 switch (ll_proto) {
2503
2504 case LLCSAP_ISONS:
2505 case LLCSAP_IP:
2506 case LLCSAP_NETBEUI:
2507 /*
2508 * OSI protocols and NetBEUI always use 802.2 encapsulation,
2509 * so we check the DSAP and SSAP.
2510 *
2511 * LLCSAP_IP checks for IP-over-802.2, rather
2512 * than IP-over-Ethernet or IP-over-SNAP.
2513 *
2514 * XXX - should we check both the DSAP and the
2515 * SSAP, like this, or should we check just the
2516 * DSAP, as we do for other types <= ETHERMTU
2517 * (i.e., other SAP values)?
2518 */
2519 b0 = gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, LINUX_SLL_P_802_2);
2520 b1 = gen_cmp(cstate, OR_LLC, 0, BPF_H, (ll_proto << 8) | ll_proto);
2521 gen_and(b0, b1);
2522 return b1;
2523
2524 case LLCSAP_IPX:
2525 /*
2526 * Ethernet_II frames, which are Ethernet
2527 * frames with a frame type of ETHERTYPE_IPX;
2528 *
2529 * Ethernet_802.3 frames, which have a frame
2530 * type of LINUX_SLL_P_802_3;
2531 *
2532 * Ethernet_802.2 frames, which are 802.3
2533 * frames with an 802.2 LLC header (i.e, have
2534 * a frame type of LINUX_SLL_P_802_2) and
2535 * with the IPX LSAP as the DSAP in the LLC
2536 * header;
2537 *
2538 * Ethernet_SNAP frames, which are 802.3
2539 * frames with an LLC header and a SNAP
2540 * header and with an OUI of 0x000000
2541 * (encapsulated Ethernet) and a protocol
2542 * ID of ETHERTYPE_IPX in the SNAP header.
2543 *
2544 * First, do the checks on LINUX_SLL_P_802_2
2545 * frames; generate the check for either
2546 * Ethernet_802.2 or Ethernet_SNAP frames, and
2547 * then put a check for LINUX_SLL_P_802_2 frames
2548 * before it.
2549 */
2550 b0 = gen_cmp(cstate, OR_LLC, 0, BPF_B, LLCSAP_IPX);
2551 b1 = gen_snap(cstate, 0x000000, ETHERTYPE_IPX);
2552 gen_or(b0, b1);
2553 b0 = gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, LINUX_SLL_P_802_2);
2554 gen_and(b0, b1);
2555
2556 /*
2557 * Now check for 802.3 frames and OR that with
2558 * the previous test.
2559 */
2560 b0 = gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, LINUX_SLL_P_802_3);
2561 gen_or(b0, b1);
2562
2563 /*
2564 * Now add the check for Ethernet_II frames, and
2565 * do that before checking for the other frame
2566 * types.
2567 */
2568 b0 = gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, ETHERTYPE_IPX);
2569 gen_or(b0, b1);
2570 return b1;
2571
2572 case ETHERTYPE_ATALK:
2573 case ETHERTYPE_AARP:
2574 /*
2575 * EtherTalk (AppleTalk protocols on Ethernet link
2576 * layer) may use 802.2 encapsulation.
2577 */
2578
2579 /*
2580 * Check for 802.2 encapsulation (EtherTalk phase 2?);
2581 * we check for the 802.2 protocol type in the
2582 * "Ethernet type" field.
2583 */
2584 b0 = gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, LINUX_SLL_P_802_2);
2585
2586 /*
2587 * 802.2-encapsulated ETHERTYPE_ATALK packets are
2588 * SNAP packets with an organization code of
2589 * 0x080007 (Apple, for Appletalk) and a protocol
2590 * type of ETHERTYPE_ATALK (Appletalk).
2591 *
2592 * 802.2-encapsulated ETHERTYPE_AARP packets are
2593 * SNAP packets with an organization code of
2594 * 0x000000 (encapsulated Ethernet) and a protocol
2595 * type of ETHERTYPE_AARP (Appletalk ARP).
2596 */
2597 if (ll_proto == ETHERTYPE_ATALK)
2598 b1 = gen_snap(cstate, 0x080007, ETHERTYPE_ATALK);
2599 else /* ll_proto == ETHERTYPE_AARP */
2600 b1 = gen_snap(cstate, 0x000000, ETHERTYPE_AARP);
2601 gen_and(b0, b1);
2602
2603 /*
2604 * Check for Ethernet encapsulation (Ethertalk
2605 * phase 1?); we just check for the Ethernet
2606 * protocol type.
2607 */
2608 b0 = gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, ll_proto);
2609
2610 gen_or(b0, b1);
2611 return b1;
2612
2613 default:
2614 if (ll_proto <= ETHERMTU) {
2615 /*
2616 * This is an LLC SAP value, so the frames
2617 * that match would be 802.2 frames.
2618 * Check for the 802.2 protocol type
2619 * in the "Ethernet type" field, and
2620 * then check the DSAP.
2621 */
2622 b0 = gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, LINUX_SLL_P_802_2);
2623 b1 = gen_cmp(cstate, OR_LINKHDR, cstate->off_linkpl.constant_part, BPF_B,
2624 ll_proto);
2625 gen_and(b0, b1);
2626 return b1;
2627 } else {
2628 /*
2629 * This is an Ethernet type, so compare
2630 * the length/type field with it (if
2631 * the frame is an 802.2 frame, the length
2632 * field will be <= ETHERMTU, and, as
2633 * "ll_proto" is > ETHERMTU, this test
2634 * will fail and the frame won't match,
2635 * which is what we want).
2636 */
2637 return gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, ll_proto);
2638 }
2639 }
2640 }
2641
2642 /*
2643 * Load a value relative to the beginning of the link-layer header after the
2644 * pflog header.
2645 */
2646 static struct slist *
2647 gen_load_pflog_llprefixlen(compiler_state_t *cstate)
2648 {
2649 struct slist *s1, *s2;
2650
2651 /*
2652 * Generate code to load the length of the pflog header into
2653 * the register assigned to hold that length, if one has been
2654 * assigned. (If one hasn't been assigned, no code we've
2655 * generated uses that prefix, so we don't need to generate any
2656 * code to load it.)
2657 */
2658 if (cstate->off_linkpl.reg != -1) {
2659 /*
2660 * The length is in the first byte of the header.
2661 */
2662 s1 = new_stmt(cstate, BPF_LD|BPF_B|BPF_ABS);
2663 s1->s.k = 0;
2664
2665 /*
2666 * Round it up to a multiple of 4.
2667 * Add 3, and clear the lower 2 bits.
2668 */
2669 s2 = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_K);
2670 s2->s.k = 3;
2671 sappend(s1, s2);
2672 s2 = new_stmt(cstate, BPF_ALU|BPF_AND|BPF_K);
2673 s2->s.k = 0xfffffffc;
2674 sappend(s1, s2);
2675
2676 /*
2677 * Now allocate a register to hold that value and store
2678 * it.
2679 */
2680 s2 = new_stmt(cstate, BPF_ST);
2681 s2->s.k = cstate->off_linkpl.reg;
2682 sappend(s1, s2);
2683
2684 /*
2685 * Now move it into the X register.
2686 */
2687 s2 = new_stmt(cstate, BPF_MISC|BPF_TAX);
2688 sappend(s1, s2);
2689
2690 return (s1);
2691 } else
2692 return (NULL);
2693 }
2694
2695 static struct slist *
2696 gen_load_prism_llprefixlen(compiler_state_t *cstate)
2697 {
2698 struct slist *s1, *s2;
2699 struct slist *sjeq_avs_cookie;
2700 struct slist *sjcommon;
2701
2702 /*
2703 * This code is not compatible with the optimizer, as
2704 * we are generating jmp instructions within a normal
2705 * slist of instructions
2706 */
2707 cstate->no_optimize = 1;
2708
2709 /*
2710 * Generate code to load the length of the radio header into
2711 * the register assigned to hold that length, if one has been
2712 * assigned. (If one hasn't been assigned, no code we've
2713 * generated uses that prefix, so we don't need to generate any
2714 * code to load it.)
2715 *
2716 * Some Linux drivers use ARPHRD_IEEE80211_PRISM but sometimes
2717 * or always use the AVS header rather than the Prism header.
2718 * We load a 4-byte big-endian value at the beginning of the
2719 * raw packet data, and see whether, when masked with 0xFFFFF000,
2720 * it's equal to 0x80211000. If so, that indicates that it's
2721 * an AVS header (the masked-out bits are the version number).
2722 * Otherwise, it's a Prism header.
2723 *
2724 * XXX - the Prism header is also, in theory, variable-length,
2725 * but no known software generates headers that aren't 144
2726 * bytes long.
2727 */
2728 if (cstate->off_linkhdr.reg != -1) {
2729 /*
2730 * Load the cookie.
2731 */
2732 s1 = new_stmt(cstate, BPF_LD|BPF_W|BPF_ABS);
2733 s1->s.k = 0;
2734
2735 /*
2736 * AND it with 0xFFFFF000.
2737 */
2738 s2 = new_stmt(cstate, BPF_ALU|BPF_AND|BPF_K);
2739 s2->s.k = 0xFFFFF000;
2740 sappend(s1, s2);
2741
2742 /*
2743 * Compare with 0x80211000.
2744 */
2745 sjeq_avs_cookie = new_stmt(cstate, JMP(BPF_JEQ));
2746 sjeq_avs_cookie->s.k = 0x80211000;
2747 sappend(s1, sjeq_avs_cookie);
2748
2749 /*
2750 * If it's AVS:
2751 *
2752 * The 4 bytes at an offset of 4 from the beginning of
2753 * the AVS header are the length of the AVS header.
2754 * That field is big-endian.
2755 */
2756 s2 = new_stmt(cstate, BPF_LD|BPF_W|BPF_ABS);
2757 s2->s.k = 4;
2758 sappend(s1, s2);
2759 sjeq_avs_cookie->s.jt = s2;
2760
2761 /*
2762 * Now jump to the code to allocate a register
2763 * into which to save the header length and
2764 * store the length there. (The "jump always"
2765 * instruction needs to have the k field set;
2766 * it's added to the PC, so, as we're jumping
2767 * over a single instruction, it should be 1.)
2768 */
2769 sjcommon = new_stmt(cstate, JMP(BPF_JA));
2770 sjcommon->s.k = 1;
2771 sappend(s1, sjcommon);
2772
2773 /*
2774 * Now for the code that handles the Prism header.
2775 * Just load the length of the Prism header (144)
2776 * into the A register. Have the test for an AVS
2777 * header branch here if we don't have an AVS header.
2778 */
2779 s2 = new_stmt(cstate, BPF_LD|BPF_W|BPF_IMM);
2780 s2->s.k = 144;
2781 sappend(s1, s2);
2782 sjeq_avs_cookie->s.jf = s2;
2783
2784 /*
2785 * Now allocate a register to hold that value and store
2786 * it. The code for the AVS header will jump here after
2787 * loading the length of the AVS header.
2788 */
2789 s2 = new_stmt(cstate, BPF_ST);
2790 s2->s.k = cstate->off_linkhdr.reg;
2791 sappend(s1, s2);
2792 sjcommon->s.jf = s2;
2793
2794 /*
2795 * Now move it into the X register.
2796 */
2797 s2 = new_stmt(cstate, BPF_MISC|BPF_TAX);
2798 sappend(s1, s2);
2799
2800 return (s1);
2801 } else
2802 return (NULL);
2803 }
2804
2805 static struct slist *
2806 gen_load_avs_llprefixlen(compiler_state_t *cstate)
2807 {
2808 struct slist *s1, *s2;
2809
2810 /*
2811 * Generate code to load the length of the AVS header into
2812 * the register assigned to hold that length, if one has been
2813 * assigned. (If one hasn't been assigned, no code we've
2814 * generated uses that prefix, so we don't need to generate any
2815 * code to load it.)
2816 */
2817 if (cstate->off_linkhdr.reg != -1) {
2818 /*
2819 * The 4 bytes at an offset of 4 from the beginning of
2820 * the AVS header are the length of the AVS header.
2821 * That field is big-endian.
2822 */
2823 s1 = new_stmt(cstate, BPF_LD|BPF_W|BPF_ABS);
2824 s1->s.k = 4;
2825
2826 /*
2827 * Now allocate a register to hold that value and store
2828 * it.
2829 */
2830 s2 = new_stmt(cstate, BPF_ST);
2831 s2->s.k = cstate->off_linkhdr.reg;
2832 sappend(s1, s2);
2833
2834 /*
2835 * Now move it into the X register.
2836 */
2837 s2 = new_stmt(cstate, BPF_MISC|BPF_TAX);
2838 sappend(s1, s2);
2839
2840 return (s1);
2841 } else
2842 return (NULL);
2843 }
2844
2845 static struct slist *
2846 gen_load_radiotap_llprefixlen(compiler_state_t *cstate)
2847 {
2848 struct slist *s1, *s2;
2849
2850 /*
2851 * Generate code to load the length of the radiotap header into
2852 * the register assigned to hold that length, if one has been
2853 * assigned. (If one hasn't been assigned, no code we've
2854 * generated uses that prefix, so we don't need to generate any
2855 * code to load it.)
2856 */
2857 if (cstate->off_linkhdr.reg != -1) {
2858 /*
2859 * The 2 bytes at offsets of 2 and 3 from the beginning
2860 * of the radiotap header are the length of the radiotap
2861 * header; unfortunately, it's little-endian, so we have
2862 * to load it a byte at a time and construct the value.
2863 */
2864
2865 /*
2866 * Load the high-order byte, at an offset of 3, shift it
2867 * left a byte, and put the result in the X register.
2868 */
2869 s1 = new_stmt(cstate, BPF_LD|BPF_B|BPF_ABS);
2870 s1->s.k = 3;
2871 s2 = new_stmt(cstate, BPF_ALU|BPF_LSH|BPF_K);
2872 sappend(s1, s2);
2873 s2->s.k = 8;
2874 s2 = new_stmt(cstate, BPF_MISC|BPF_TAX);
2875 sappend(s1, s2);
2876
2877 /*
2878 * Load the next byte, at an offset of 2, and OR the
2879 * value from the X register into it.
2880 */
2881 s2 = new_stmt(cstate, BPF_LD|BPF_B|BPF_ABS);
2882 sappend(s1, s2);
2883 s2->s.k = 2;
2884 s2 = new_stmt(cstate, BPF_ALU|BPF_OR|BPF_X);
2885 sappend(s1, s2);
2886
2887 /*
2888 * Now allocate a register to hold that value and store
2889 * it.
2890 */
2891 s2 = new_stmt(cstate, BPF_ST);
2892 s2->s.k = cstate->off_linkhdr.reg;
2893 sappend(s1, s2);
2894
2895 /*
2896 * Now move it into the X register.
2897 */
2898 s2 = new_stmt(cstate, BPF_MISC|BPF_TAX);
2899 sappend(s1, s2);
2900
2901 return (s1);
2902 } else
2903 return (NULL);
2904 }
2905
2906 /*
2907 * At the moment we treat PPI as normal Radiotap encoded
2908 * packets. The difference is in the function that generates
2909 * the code at the beginning to compute the header length.
2910 * Since this code generator of PPI supports bare 802.11
2911 * encapsulation only (i.e. the encapsulated DLT should be
2912 * DLT_IEEE802_11) we generate code to check for this too;
2913 * that's done in finish_parse().
2914 */
2915 static struct slist *
2916 gen_load_ppi_llprefixlen(compiler_state_t *cstate)
2917 {
2918 struct slist *s1, *s2;
2919
2920 /*
2921 * Generate code to load the length of the radiotap header
2922 * into the register assigned to hold that length, if one has
2923 * been assigned.
2924 */
2925 if (cstate->off_linkhdr.reg != -1) {
2926 /*
2927 * The 2 bytes at offsets of 2 and 3 from the beginning
2928 * of the radiotap header are the length of the radiotap
2929 * header; unfortunately, it's little-endian, so we have
2930 * to load it a byte at a time and construct the value.
2931 */
2932
2933 /*
2934 * Load the high-order byte, at an offset of 3, shift it
2935 * left a byte, and put the result in the X register.
2936 */
2937 s1 = new_stmt(cstate, BPF_LD|BPF_B|BPF_ABS);
2938 s1->s.k = 3;
2939 s2 = new_stmt(cstate, BPF_ALU|BPF_LSH|BPF_K);
2940 sappend(s1, s2);
2941 s2->s.k = 8;
2942 s2 = new_stmt(cstate, BPF_MISC|BPF_TAX);
2943 sappend(s1, s2);
2944
2945 /*
2946 * Load the next byte, at an offset of 2, and OR the
2947 * value from the X register into it.
2948 */
2949 s2 = new_stmt(cstate, BPF_LD|BPF_B|BPF_ABS);
2950 sappend(s1, s2);
2951 s2->s.k = 2;
2952 s2 = new_stmt(cstate, BPF_ALU|BPF_OR|BPF_X);
2953 sappend(s1, s2);
2954
2955 /*
2956 * Now allocate a register to hold that value and store
2957 * it.
2958 */
2959 s2 = new_stmt(cstate, BPF_ST);
2960 s2->s.k = cstate->off_linkhdr.reg;
2961 sappend(s1, s2);
2962
2963 /*
2964 * Now move it into the X register.
2965 */
2966 s2 = new_stmt(cstate, BPF_MISC|BPF_TAX);
2967 sappend(s1, s2);
2968
2969 return (s1);
2970 } else
2971 return (NULL);
2972 }
2973
2974 /*
2975 * Load a value relative to the beginning of the link-layer header after the 802.11
2976 * header, i.e. LLC_SNAP.
2977 * The link-layer header doesn't necessarily begin at the beginning
2978 * of the packet data; there might be a variable-length prefix containing
2979 * radio information.
2980 */
2981 static struct slist *
2982 gen_load_802_11_header_len(compiler_state_t *cstate, struct slist *s, struct slist *snext)
2983 {
2984 struct slist *s2;
2985 struct slist *sjset_data_frame_1;
2986 struct slist *sjset_data_frame_2;
2987 struct slist *sjset_qos;
2988 struct slist *sjset_radiotap_flags_present;
2989 struct slist *sjset_radiotap_ext_present;
2990 struct slist *sjset_radiotap_tsft_present;
2991 struct slist *sjset_tsft_datapad, *sjset_notsft_datapad;
2992 struct slist *s_roundup;
2993
2994 if (cstate->off_linkpl.reg == -1) {
2995 /*
2996 * No register has been assigned to the offset of
2997 * the link-layer payload, which means nobody needs
2998 * it; don't bother computing it - just return
2999 * what we already have.
3000 */
3001 return (s);
3002 }
3003
3004 /*
3005 * This code is not compatible with the optimizer, as
3006 * we are generating jmp instructions within a normal
3007 * slist of instructions
3008 */
3009 cstate->no_optimize = 1;
3010
3011 /*
3012 * If "s" is non-null, it has code to arrange that the X register
3013 * contains the length of the prefix preceding the link-layer
3014 * header.
3015 *
3016 * Otherwise, the length of the prefix preceding the link-layer
3017 * header is "off_outermostlinkhdr.constant_part".
3018 */
3019 if (s == NULL) {
3020 /*
3021 * There is no variable-length header preceding the
3022 * link-layer header.
3023 *
3024 * Load the length of the fixed-length prefix preceding
3025 * the link-layer header (if any) into the X register,
3026 * and store it in the cstate->off_linkpl.reg register.
3027 * That length is off_outermostlinkhdr.constant_part.
3028 */
3029 s = new_stmt(cstate, BPF_LDX|BPF_IMM);
3030 s->s.k = cstate->off_outermostlinkhdr.constant_part;
3031 }
3032
3033 /*
3034 * The X register contains the offset of the beginning of the
3035 * link-layer header; add 24, which is the minimum length
3036 * of the MAC header for a data frame, to that, and store it
3037 * in cstate->off_linkpl.reg, and then load the Frame Control field,
3038 * which is at the offset in the X register, with an indexed load.
3039 */
3040 s2 = new_stmt(cstate, BPF_MISC|BPF_TXA);
3041 sappend(s, s2);
3042 s2 = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_K);
3043 s2->s.k = 24;
3044 sappend(s, s2);
3045 s2 = new_stmt(cstate, BPF_ST);
3046 s2->s.k = cstate->off_linkpl.reg;
3047 sappend(s, s2);
3048
3049 s2 = new_stmt(cstate, BPF_LD|BPF_IND|BPF_B);
3050 s2->s.k = 0;
3051 sappend(s, s2);
3052
3053 /*
3054 * Check the Frame Control field to see if this is a data frame;
3055 * a data frame has the 0x08 bit (b3) in that field set and the
3056 * 0x04 bit (b2) clear.
3057 */
3058 sjset_data_frame_1 = new_stmt(cstate, JMP(BPF_JSET));
3059 sjset_data_frame_1->s.k = 0x08;
3060 sappend(s, sjset_data_frame_1);
3061
3062 /*
3063 * If b3 is set, test b2, otherwise go to the first statement of
3064 * the rest of the program.
3065 */
3066 sjset_data_frame_1->s.jt = sjset_data_frame_2 = new_stmt(cstate, JMP(BPF_JSET));
3067 sjset_data_frame_2->s.k = 0x04;
3068 sappend(s, sjset_data_frame_2);
3069 sjset_data_frame_1->s.jf = snext;
3070
3071 /*
3072 * If b2 is not set, this is a data frame; test the QoS bit.
3073 * Otherwise, go to the first statement of the rest of the
3074 * program.
3075 */
3076 sjset_data_frame_2->s.jt = snext;
3077 sjset_data_frame_2->s.jf = sjset_qos = new_stmt(cstate, JMP(BPF_JSET));
3078 sjset_qos->s.k = 0x80; /* QoS bit */
3079 sappend(s, sjset_qos);
3080
3081 /*
3082 * If it's set, add 2 to cstate->off_linkpl.reg, to skip the QoS
3083 * field.
3084 * Otherwise, go to the first statement of the rest of the
3085 * program.
3086 */
3087 sjset_qos->s.jt = s2 = new_stmt(cstate, BPF_LD|BPF_MEM);
3088 s2->s.k = cstate->off_linkpl.reg;
3089 sappend(s, s2);
3090 s2 = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_IMM);
3091 s2->s.k = 2;
3092 sappend(s, s2);
3093 s2 = new_stmt(cstate, BPF_ST);
3094 s2->s.k = cstate->off_linkpl.reg;
3095 sappend(s, s2);
3096
3097 /*
3098 * If we have a radiotap header, look at it to see whether
3099 * there's Atheros padding between the MAC-layer header
3100 * and the payload.
3101 *
3102 * Note: all of the fields in the radiotap header are
3103 * little-endian, so we byte-swap all of the values
3104 * we test against, as they will be loaded as big-endian
3105 * values.
3106 *
3107 * XXX - in the general case, we would have to scan through
3108 * *all* the presence bits, if there's more than one word of
3109 * presence bits. That would require a loop, meaning that
3110 * we wouldn't be able to run the filter in the kernel.
3111 *
3112 * We assume here that the Atheros adapters that insert the
3113 * annoying padding don't have multiple antennae and therefore
3114 * do not generate radiotap headers with multiple presence words.
3115 */
3116 if (cstate->linktype == DLT_IEEE802_11_RADIO) {
3117 /*
3118 * Is the IEEE80211_RADIOTAP_FLAGS bit (0x0000002) set
3119 * in the first presence flag word?
3120 */
3121 sjset_qos->s.jf = s2 = new_stmt(cstate, BPF_LD|BPF_ABS|BPF_W);
3122 s2->s.k = 4;
3123 sappend(s, s2);
3124
3125 sjset_radiotap_flags_present = new_stmt(cstate, JMP(BPF_JSET));
3126 sjset_radiotap_flags_present->s.k = SWAPLONG(0x00000002);
3127 sappend(s, sjset_radiotap_flags_present);
3128
3129 /*
3130 * If not, skip all of this.
3131 */
3132 sjset_radiotap_flags_present->s.jf = snext;
3133
3134 /*
3135 * Otherwise, is the "extension" bit set in that word?
3136 */
3137 sjset_radiotap_ext_present = new_stmt(cstate, JMP(BPF_JSET));
3138 sjset_radiotap_ext_present->s.k = SWAPLONG(0x80000000);
3139 sappend(s, sjset_radiotap_ext_present);
3140 sjset_radiotap_flags_present->s.jt = sjset_radiotap_ext_present;
3141
3142 /*
3143 * If so, skip all of this.
3144 */
3145 sjset_radiotap_ext_present->s.jt = snext;
3146
3147 /*
3148 * Otherwise, is the IEEE80211_RADIOTAP_TSFT bit set?
3149 */
3150 sjset_radiotap_tsft_present = new_stmt(cstate, JMP(BPF_JSET));
3151 sjset_radiotap_tsft_present->s.k = SWAPLONG(0x00000001);
3152 sappend(s, sjset_radiotap_tsft_present);
3153 sjset_radiotap_ext_present->s.jf = sjset_radiotap_tsft_present;
3154
3155 /*
3156 * If IEEE80211_RADIOTAP_TSFT is set, the flags field is
3157 * at an offset of 16 from the beginning of the raw packet
3158 * data (8 bytes for the radiotap header and 8 bytes for
3159 * the TSFT field).
3160 *
3161 * Test whether the IEEE80211_RADIOTAP_F_DATAPAD bit (0x20)
3162 * is set.
3163 */
3164 s2 = new_stmt(cstate, BPF_LD|BPF_ABS|BPF_B);
3165 s2->s.k = 16;
3166 sappend(s, s2);
3167 sjset_radiotap_tsft_present->s.jt = s2;
3168
3169 sjset_tsft_datapad = new_stmt(cstate, JMP(BPF_JSET));
3170 sjset_tsft_datapad->s.k = 0x20;
3171 sappend(s, sjset_tsft_datapad);
3172
3173 /*
3174 * If IEEE80211_RADIOTAP_TSFT is not set, the flags field is
3175 * at an offset of 8 from the beginning of the raw packet
3176 * data (8 bytes for the radiotap header).
3177 *
3178 * Test whether the IEEE80211_RADIOTAP_F_DATAPAD bit (0x20)
3179 * is set.
3180 */
3181 s2 = new_stmt(cstate, BPF_LD|BPF_ABS|BPF_B);
3182 s2->s.k = 8;
3183 sappend(s, s2);
3184 sjset_radiotap_tsft_present->s.jf = s2;
3185
3186 sjset_notsft_datapad = new_stmt(cstate, JMP(BPF_JSET));
3187 sjset_notsft_datapad->s.k = 0x20;
3188 sappend(s, sjset_notsft_datapad);
3189
3190 /*
3191 * In either case, if IEEE80211_RADIOTAP_F_DATAPAD is
3192 * set, round the length of the 802.11 header to
3193 * a multiple of 4. Do that by adding 3 and then
3194 * dividing by and multiplying by 4, which we do by
3195 * ANDing with ~3.
3196 */
3197 s_roundup = new_stmt(cstate, BPF_LD|BPF_MEM);
3198 s_roundup->s.k = cstate->off_linkpl.reg;
3199 sappend(s, s_roundup);
3200 s2 = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_IMM);
3201 s2->s.k = 3;
3202 sappend(s, s2);
3203 s2 = new_stmt(cstate, BPF_ALU|BPF_AND|BPF_IMM);
3204 s2->s.k = (bpf_u_int32)~3;
3205 sappend(s, s2);
3206 s2 = new_stmt(cstate, BPF_ST);
3207 s2->s.k = cstate->off_linkpl.reg;
3208 sappend(s, s2);
3209
3210 sjset_tsft_datapad->s.jt = s_roundup;
3211 sjset_tsft_datapad->s.jf = snext;
3212 sjset_notsft_datapad->s.jt = s_roundup;
3213 sjset_notsft_datapad->s.jf = snext;
3214 } else
3215 sjset_qos->s.jf = snext;
3216
3217 return s;
3218 }
3219
3220 static void
3221 insert_compute_vloffsets(compiler_state_t *cstate, struct block *b)
3222 {
3223 struct slist *s;
3224
3225 /* There is an implicit dependency between the link
3226 * payload and link header since the payload computation
3227 * includes the variable part of the header. Therefore,
3228 * if nobody else has allocated a register for the link
3229 * header and we need it, do it now. */
3230 if (cstate->off_linkpl.reg != -1 && cstate->off_linkhdr.is_variable &&
3231 cstate->off_linkhdr.reg == -1)
3232 cstate->off_linkhdr.reg = alloc_reg(cstate);
3233
3234 /*
3235 * For link-layer types that have a variable-length header
3236 * preceding the link-layer header, generate code to load
3237 * the offset of the link-layer header into the register
3238 * assigned to that offset, if any.
3239 *
3240 * XXX - this, and the next switch statement, won't handle
3241 * encapsulation of 802.11 or 802.11+radio information in
3242 * some other protocol stack. That's significantly more
3243 * complicated.
3244 */
3245 switch (cstate->outermostlinktype) {
3246
3247 case DLT_PRISM_HEADER:
3248 s = gen_load_prism_llprefixlen(cstate);
3249 break;
3250
3251 case DLT_IEEE802_11_RADIO_AVS:
3252 s = gen_load_avs_llprefixlen(cstate);
3253 break;
3254
3255 case DLT_IEEE802_11_RADIO:
3256 s = gen_load_radiotap_llprefixlen(cstate);
3257 break;
3258
3259 case DLT_PPI:
3260 s = gen_load_ppi_llprefixlen(cstate);
3261 break;
3262
3263 default:
3264 s = NULL;
3265 break;
3266 }
3267
3268 /*
3269 * For link-layer types that have a variable-length link-layer
3270 * header, generate code to load the offset of the link-layer
3271 * payload into the register assigned to that offset, if any.
3272 */
3273 switch (cstate->outermostlinktype) {
3274
3275 case DLT_IEEE802_11:
3276 case DLT_PRISM_HEADER:
3277 case DLT_IEEE802_11_RADIO_AVS:
3278 case DLT_IEEE802_11_RADIO:
3279 case DLT_PPI:
3280 s = gen_load_802_11_header_len(cstate, s, b->stmts);
3281 break;
3282
3283 case DLT_PFLOG:
3284 s = gen_load_pflog_llprefixlen(cstate);
3285 break;
3286 }
3287
3288 /*
3289 * If there is no initialization yet and we need variable
3290 * length offsets for VLAN, initialize them to zero
3291 */
3292 if (s == NULL && cstate->is_vlan_vloffset) {
3293 struct slist *s2;
3294
3295 if (cstate->off_linkpl.reg == -1)
3296 cstate->off_linkpl.reg = alloc_reg(cstate);
3297 if (cstate->off_linktype.reg == -1)
3298 cstate->off_linktype.reg = alloc_reg(cstate);
3299
3300 s = new_stmt(cstate, BPF_LD|BPF_W|BPF_IMM);
3301 s->s.k = 0;
3302 s2 = new_stmt(cstate, BPF_ST);
3303 s2->s.k = cstate->off_linkpl.reg;
3304 sappend(s, s2);
3305 s2 = new_stmt(cstate, BPF_ST);
3306 s2->s.k = cstate->off_linktype.reg;
3307 sappend(s, s2);
3308 }
3309
3310 /*
3311 * If we have any offset-loading code, append all the
3312 * existing statements in the block to those statements,
3313 * and make the resulting list the list of statements
3314 * for the block.
3315 */
3316 if (s != NULL) {
3317 sappend(s, b->stmts);
3318 b->stmts = s;
3319 }
3320 }
3321
3322 /*
3323 * Take an absolute offset, and:
3324 *
3325 * if it has no variable part, return NULL;
3326 *
3327 * if it has a variable part, generate code to load the register
3328 * containing that variable part into the X register, returning
3329 * a pointer to that code - if no register for that offset has
3330 * been allocated, allocate it first.
3331 *
3332 * (The code to set that register will be generated later, but will
3333 * be placed earlier in the code sequence.)
3334 */
3335 static struct slist *
3336 gen_abs_offset_varpart(compiler_state_t *cstate, bpf_abs_offset *off)
3337 {
3338 struct slist *s;
3339
3340 if (off->is_variable) {
3341 if (off->reg == -1) {
3342 /*
3343 * We haven't yet assigned a register for the
3344 * variable part of the offset of the link-layer
3345 * header; allocate one.
3346 */
3347 off->reg = alloc_reg(cstate);
3348 }
3349
3350 /*
3351 * Load the register containing the variable part of the
3352 * offset of the link-layer header into the X register.
3353 */
3354 s = new_stmt(cstate, BPF_LDX|BPF_MEM);
3355 s->s.k = off->reg;
3356 return s;
3357 } else {
3358 /*
3359 * That offset isn't variable, there's no variable part,
3360 * so we don't need to generate any code.
3361 */
3362 return NULL;
3363 }
3364 }
3365
3366 /*
3367 * Map an Ethernet type to the equivalent PPP type.
3368 */
3369 static bpf_u_int32
3370 ethertype_to_ppptype(bpf_u_int32 ll_proto)
3371 {
3372 switch (ll_proto) {
3373
3374 case ETHERTYPE_IP:
3375 ll_proto = PPP_IP;
3376 break;
3377
3378 case ETHERTYPE_IPV6:
3379 ll_proto = PPP_IPV6;
3380 break;
3381
3382 case ETHERTYPE_DN:
3383 ll_proto = PPP_DECNET;
3384 break;
3385
3386 case ETHERTYPE_ATALK:
3387 ll_proto = PPP_APPLE;
3388 break;
3389
3390 case ETHERTYPE_NS:
3391 ll_proto = PPP_NS;
3392 break;
3393
3394 case LLCSAP_ISONS:
3395 ll_proto = PPP_OSI;
3396 break;
3397
3398 case LLCSAP_8021D:
3399 /*
3400 * I'm assuming the "Bridging PDU"s that go
3401 * over PPP are Spanning Tree Protocol
3402 * Bridging PDUs.
3403 */
3404 ll_proto = PPP_BRPDU;
3405 break;
3406
3407 case LLCSAP_IPX:
3408 ll_proto = PPP_IPX;
3409 break;
3410 }
3411 return (ll_proto);
3412 }
3413
3414 /*
3415 * Generate any tests that, for encapsulation of a link-layer packet
3416 * inside another protocol stack, need to be done to check for those
3417 * link-layer packets (and that haven't already been done by a check
3418 * for that encapsulation).
3419 */
3420 static struct block *
3421 gen_prevlinkhdr_check(compiler_state_t *cstate)
3422 {
3423 struct block *b0;
3424
3425 if (cstate->is_encap)
3426 return gen_encap_ll_check(cstate);
3427
3428 switch (cstate->prevlinktype) {
3429
3430 case DLT_SUNATM:
3431 /*
3432 * This is LANE-encapsulated Ethernet; check that the LANE
3433 * packet doesn't begin with an LE Control marker, i.e.
3434 * that it's data, not a control message.
3435 *
3436 * (We've already generated a test for LANE.)
3437 */
3438 b0 = gen_cmp(cstate, OR_PREVLINKHDR, SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
3439 gen_not(b0);
3440 return b0;
3441
3442 default:
3443 /*
3444 * No such tests are necessary.
3445 */
3446 return NULL;
3447 }
3448 /*NOTREACHED*/
3449 }
3450
3451 /*
3452 * The three different values we should check for when checking for an
3453 * IPv6 packet with DLT_NULL.
3454 */
3455 #define BSD_AFNUM_INET6_BSD 24 /* NetBSD, OpenBSD, BSD/OS, Npcap */
3456 #define BSD_AFNUM_INET6_FREEBSD 28 /* FreeBSD */
3457 #define BSD_AFNUM_INET6_DARWIN 30 /* macOS, iOS, other Darwin-based OSes */
3458
3459 /*
3460 * Generate code to match a particular packet type by matching the
3461 * link-layer type field or fields in the 802.2 LLC header.
3462 *
3463 * "proto" is an Ethernet type value, if > ETHERMTU, or an LLC SAP
3464 * value, if <= ETHERMTU.
3465 */
3466 static struct block *
3467 gen_linktype(compiler_state_t *cstate, bpf_u_int32 ll_proto)
3468 {
3469 struct block *b0, *b1, *b2;
3470
3471 /* are we checking MPLS-encapsulated packets? */
3472 if (cstate->label_stack_depth > 0)
3473 return gen_mpls_linktype(cstate, ll_proto);
3474
3475 switch (cstate->linktype) {
3476
3477 case DLT_EN10MB:
3478 case DLT_NETANALYZER:
3479 case DLT_NETANALYZER_TRANSPARENT:
3480 /* Geneve has an EtherType regardless of whether there is an
3481 * L2 header. VXLAN always has an EtherType. */
3482 if (!cstate->is_encap)
3483 b0 = gen_prevlinkhdr_check(cstate);
3484 else
3485 b0 = NULL;
3486
3487 b1 = gen_ether_linktype(cstate, ll_proto);
3488 if (b0 != NULL)
3489 gen_and(b0, b1);
3490 return b1;
3491 /*NOTREACHED*/
3492
3493 case DLT_C_HDLC:
3494 case DLT_HDLC:
3495 switch (ll_proto) {
3496
3497 case LLCSAP_ISONS:
3498 ll_proto = (ll_proto << 8 | LLCSAP_ISONS);
3499 /* fall through */
3500
3501 default:
3502 return gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, ll_proto);
3503 /*NOTREACHED*/
3504 }
3505
3506 case DLT_IEEE802_11:
3507 case DLT_PRISM_HEADER:
3508 case DLT_IEEE802_11_RADIO_AVS:
3509 case DLT_IEEE802_11_RADIO:
3510 case DLT_PPI:
3511 /*
3512 * Check that we have a data frame.
3513 */
3514 b0 = gen_mcmp(cstate, OR_LINKHDR, 0, BPF_B,
3515 IEEE80211_FC0_TYPE_DATA,
3516 IEEE80211_FC0_TYPE_MASK);
3517
3518 /*
3519 * Now check for the specified link-layer type.
3520 */
3521 b1 = gen_llc_linktype(cstate, ll_proto);
3522 gen_and(b0, b1);
3523 return b1;
3524 /*NOTREACHED*/
3525
3526 case DLT_FDDI:
3527 /*
3528 * XXX - check for LLC frames.
3529 */
3530 return gen_llc_linktype(cstate, ll_proto);
3531 /*NOTREACHED*/
3532
3533 case DLT_IEEE802:
3534 /*
3535 * XXX - check for LLC PDUs, as per IEEE 802.5.
3536 */
3537 return gen_llc_linktype(cstate, ll_proto);
3538 /*NOTREACHED*/
3539
3540 case DLT_ATM_RFC1483:
3541 case DLT_ATM_CLIP:
3542 case DLT_IP_OVER_FC:
3543 return gen_llc_linktype(cstate, ll_proto);
3544 /*NOTREACHED*/
3545
3546 case DLT_SUNATM:
3547 /*
3548 * Check for an LLC-encapsulated version of this protocol;
3549 * if we were checking for LANE, linktype would no longer
3550 * be DLT_SUNATM.
3551 *
3552 * Check for LLC encapsulation and then check the protocol.
3553 */
3554 b0 = gen_atmfield_code_internal(cstate, A_PROTOTYPE, PT_LLC, BPF_JEQ, 0);
3555 b1 = gen_llc_linktype(cstate, ll_proto);
3556 gen_and(b0, b1);
3557 return b1;
3558 /*NOTREACHED*/
3559
3560 case DLT_LINUX_SLL:
3561 return gen_linux_sll_linktype(cstate, ll_proto);
3562 /*NOTREACHED*/
3563
3564 case DLT_SLIP:
3565 case DLT_SLIP_BSDOS:
3566 case DLT_RAW:
3567 /*
3568 * These types don't provide any type field; packets
3569 * are always IPv4 or IPv6.
3570 *
3571 * XXX - for IPv4, check for a version number of 4, and,
3572 * for IPv6, check for a version number of 6?
3573 */
3574 switch (ll_proto) {
3575
3576 case ETHERTYPE_IP:
3577 /* Check for a version number of 4. */
3578 return gen_mcmp(cstate, OR_LINKHDR, 0, BPF_B, 0x40, 0xF0);
3579
3580 case ETHERTYPE_IPV6:
3581 /* Check for a version number of 6. */
3582 return gen_mcmp(cstate, OR_LINKHDR, 0, BPF_B, 0x60, 0xF0);
3583
3584 default:
3585 return gen_false(cstate); /* always false */
3586 }
3587 /*NOTREACHED*/
3588
3589 case DLT_IPV4:
3590 /*
3591 * Raw IPv4, so no type field.
3592 */
3593 if (ll_proto == ETHERTYPE_IP)
3594 return gen_true(cstate); /* always true */
3595
3596 /* Checking for something other than IPv4; always false */
3597 return gen_false(cstate);
3598 /*NOTREACHED*/
3599
3600 case DLT_IPV6:
3601 /*
3602 * Raw IPv6, so no type field.
3603 */
3604 if (ll_proto == ETHERTYPE_IPV6)
3605 return gen_true(cstate); /* always true */
3606
3607 /* Checking for something other than IPv6; always false */
3608 return gen_false(cstate);
3609 /*NOTREACHED*/
3610
3611 case DLT_PPP:
3612 case DLT_PPP_PPPD:
3613 case DLT_PPP_SERIAL:
3614 case DLT_PPP_ETHER:
3615 /*
3616 * We use Ethernet protocol types inside libpcap;
3617 * map them to the corresponding PPP protocol types.
3618 */
3619 return gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H,
3620 ethertype_to_ppptype(ll_proto));
3621 /*NOTREACHED*/
3622
3623 case DLT_PPP_BSDOS:
3624 /*
3625 * We use Ethernet protocol types inside libpcap;
3626 * map them to the corresponding PPP protocol types.
3627 */
3628 switch (ll_proto) {
3629
3630 case ETHERTYPE_IP:
3631 /*
3632 * Also check for Van Jacobson-compressed IP.
3633 * XXX - do this for other forms of PPP?
3634 */
3635 b0 = gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, PPP_IP);
3636 b1 = gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, PPP_VJC);
3637 gen_or(b0, b1);
3638 b0 = gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, PPP_VJNC);
3639 gen_or(b1, b0);
3640 return b0;
3641
3642 default:
3643 return gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H,
3644 ethertype_to_ppptype(ll_proto));
3645 }
3646 /*NOTREACHED*/
3647
3648 case DLT_NULL:
3649 case DLT_LOOP:
3650 case DLT_ENC:
3651 switch (ll_proto) {
3652
3653 case ETHERTYPE_IP:
3654 return (gen_loopback_linktype(cstate, AF_INET));
3655
3656 case ETHERTYPE_IPV6:
3657 /*
3658 * AF_ values may, unfortunately, be platform-
3659 * dependent; AF_INET isn't, because everybody
3660 * used 4.2BSD's value, but AF_INET6 is, because
3661 * 4.2BSD didn't have a value for it (given that
3662 * IPv6 didn't exist back in the early 1980's),
3663 * and they all picked their own values.
3664 *
3665 * This means that, if we're reading from a
3666 * savefile, we need to check for all the
3667 * possible values.
3668 *
3669 * If we're doing a live capture, we only need
3670 * to check for this platform's value; however,
3671 * Npcap uses 24, which isn't Windows's AF_INET6
3672 * value. (Given the multiple different values,
3673 * programs that read pcap files shouldn't be
3674 * checking for their platform's AF_INET6 value
3675 * anyway, they should check for all of the
3676 * possible values. and they might as well do
3677 * that even for live captures.)
3678 */
3679 if (cstate->bpf_pcap->rfile != NULL) {
3680 /*
3681 * Savefile - check for all three
3682 * possible IPv6 values.
3683 */
3684 b0 = gen_loopback_linktype(cstate, BSD_AFNUM_INET6_BSD);
3685 b1 = gen_loopback_linktype(cstate, BSD_AFNUM_INET6_FREEBSD);
3686 gen_or(b0, b1);
3687 b0 = gen_loopback_linktype(cstate, BSD_AFNUM_INET6_DARWIN);
3688 gen_or(b0, b1);
3689 return (b1);
3690 } else {
3691 /*
3692 * Live capture, so we only need to
3693 * check for the value used on this
3694 * platform.
3695 */
3696 #ifdef _WIN32
3697 /*
3698 * Npcap doesn't use Windows's AF_INET6,
3699 * as that collides with AF_IPX on
3700 * some BSDs (both have the value 23).
3701 * Instead, it uses 24.
3702 */
3703 return (gen_loopback_linktype(cstate, 24));
3704 #else /* _WIN32 */
3705 #ifdef AF_INET6
3706 return (gen_loopback_linktype(cstate, AF_INET6));
3707 #else /* AF_INET6 */
3708 /*
3709 * I guess this platform doesn't support
3710 * IPv6, so we just reject all packets.
3711 */
3712 return gen_false(cstate);
3713 #endif /* AF_INET6 */
3714 #endif /* _WIN32 */
3715 }
3716
3717 default:
3718 /*
3719 * Not a type on which we support filtering.
3720 * XXX - support those that have AF_ values
3721 * #defined on this platform, at least?
3722 */
3723 return gen_false(cstate);
3724 }
3725
3726 case DLT_PFLOG:
3727 /*
3728 * af field is host byte order in contrast to the rest of
3729 * the packet.
3730 */
3731 if (ll_proto == ETHERTYPE_IP)
3732 return (gen_cmp(cstate, OR_LINKHDR, offsetof(struct pfloghdr, af),
3733 BPF_B, AF_INET));
3734 else if (ll_proto == ETHERTYPE_IPV6)
3735 return (gen_cmp(cstate, OR_LINKHDR, offsetof(struct pfloghdr, af),
3736 BPF_B, AF_INET6));
3737 else
3738 return gen_false(cstate);
3739 /*NOTREACHED*/
3740
3741 case DLT_ARCNET:
3742 case DLT_ARCNET_LINUX:
3743 /*
3744 * XXX should we check for first fragment if the protocol
3745 * uses PHDS?
3746 */
3747 switch (ll_proto) {
3748
3749 default:
3750 return gen_false(cstate);
3751
3752 case ETHERTYPE_IPV6:
3753 return (gen_cmp(cstate, OR_LINKTYPE, 0, BPF_B,
3754 ARCTYPE_INET6));
3755
3756 case ETHERTYPE_IP:
3757 b0 = gen_cmp(cstate, OR_LINKTYPE, 0, BPF_B,
3758 ARCTYPE_IP);
3759 b1 = gen_cmp(cstate, OR_LINKTYPE, 0, BPF_B,
3760 ARCTYPE_IP_OLD);
3761 gen_or(b0, b1);
3762 return (b1);
3763
3764 case ETHERTYPE_ARP:
3765 b0 = gen_cmp(cstate, OR_LINKTYPE, 0, BPF_B,
3766 ARCTYPE_ARP);
3767 b1 = gen_cmp(cstate, OR_LINKTYPE, 0, BPF_B,
3768 ARCTYPE_ARP_OLD);
3769 gen_or(b0, b1);
3770 return (b1);
3771
3772 case ETHERTYPE_REVARP:
3773 return (gen_cmp(cstate, OR_LINKTYPE, 0, BPF_B,
3774 ARCTYPE_REVARP));
3775
3776 case ETHERTYPE_ATALK:
3777 return (gen_cmp(cstate, OR_LINKTYPE, 0, BPF_B,
3778 ARCTYPE_ATALK));
3779 }
3780 /*NOTREACHED*/
3781
3782 case DLT_LTALK:
3783 switch (ll_proto) {
3784 case ETHERTYPE_ATALK:
3785 return gen_true(cstate);
3786 default:
3787 return gen_false(cstate);
3788 }
3789 /*NOTREACHED*/
3790
3791 case DLT_FRELAY:
3792 /*
3793 * XXX - assumes a 2-byte Frame Relay header with
3794 * DLCI and flags. What if the address is longer?
3795 */
3796 switch (ll_proto) {
3797
3798 case ETHERTYPE_IP:
3799 /*
3800 * Check for the special NLPID for IP.
3801 */
3802 return gen_cmp(cstate, OR_LINKHDR, 2, BPF_H, (0x03<<8) | 0xcc);
3803
3804 case ETHERTYPE_IPV6:
3805 /*
3806 * Check for the special NLPID for IPv6.
3807 */
3808 return gen_cmp(cstate, OR_LINKHDR, 2, BPF_H, (0x03<<8) | 0x8e);
3809
3810 case LLCSAP_ISONS:
3811 /*
3812 * Check for several OSI protocols.
3813 *
3814 * Frame Relay packets typically have an OSI
3815 * NLPID at the beginning; we check for each
3816 * of them.
3817 *
3818 * What we check for is the NLPID and a frame
3819 * control field of UI, i.e. 0x03 followed
3820 * by the NLPID.
3821 */
3822 b0 = gen_cmp(cstate, OR_LINKHDR, 2, BPF_H, (0x03<<8) | ISO8473_CLNP);
3823 b1 = gen_cmp(cstate, OR_LINKHDR, 2, BPF_H, (0x03<<8) | ISO9542_ESIS);
3824 b2 = gen_cmp(cstate, OR_LINKHDR, 2, BPF_H, (0x03<<8) | ISO10589_ISIS);
3825 gen_or(b1, b2);
3826 gen_or(b0, b2);
3827 return b2;
3828
3829 default:
3830 return gen_false(cstate);
3831 }
3832 /*NOTREACHED*/
3833
3834 case DLT_MFR:
3835 break; // not implemented
3836
3837 case DLT_JUNIPER_MFR:
3838 case DLT_JUNIPER_MLFR:
3839 case DLT_JUNIPER_MLPPP:
3840 case DLT_JUNIPER_ATM1:
3841 case DLT_JUNIPER_ATM2:
3842 case DLT_JUNIPER_PPPOE:
3843 case DLT_JUNIPER_PPPOE_ATM:
3844 case DLT_JUNIPER_GGSN:
3845 case DLT_JUNIPER_ES:
3846 case DLT_JUNIPER_MONITOR:
3847 case DLT_JUNIPER_SERVICES:
3848 case DLT_JUNIPER_ETHER:
3849 case DLT_JUNIPER_PPP:
3850 case DLT_JUNIPER_FRELAY:
3851 case DLT_JUNIPER_CHDLC:
3852 case DLT_JUNIPER_VP:
3853 case DLT_JUNIPER_ST:
3854 case DLT_JUNIPER_ISM:
3855 case DLT_JUNIPER_VS:
3856 case DLT_JUNIPER_SRX_E2E:
3857 case DLT_JUNIPER_FIBRECHANNEL:
3858 case DLT_JUNIPER_ATM_CEMIC:
3859
3860 /* just lets verify the magic number for now -
3861 * on ATM we may have up to 6 different encapsulations on the wire
3862 * and need a lot of heuristics to figure out that the payload
3863 * might be;
3864 *
3865 * FIXME encapsulation specific BPF_ filters
3866 */
3867 return gen_mcmp(cstate, OR_LINKHDR, 0, BPF_W, 0x4d474300, 0xffffff00); /* compare the magic number */
3868
3869 case DLT_BACNET_MS_TP:
3870 return gen_mcmp(cstate, OR_LINKHDR, 0, BPF_W, 0x55FF0000, 0xffff0000);
3871
3872 case DLT_IPNET:
3873 return gen_ipnet_linktype(cstate, ll_proto);
3874
3875 case DLT_LINUX_IRDA:
3876 case DLT_DOCSIS:
3877 case DLT_MTP2:
3878 case DLT_MTP2_WITH_PHDR:
3879 case DLT_ERF:
3880 case DLT_PFSYNC:
3881 case DLT_LINUX_LAPD:
3882 case DLT_USB_FREEBSD:
3883 case DLT_USB_LINUX:
3884 case DLT_USB_LINUX_MMAPPED:
3885 case DLT_USBPCAP:
3886 case DLT_BLUETOOTH_HCI_H4:
3887 case DLT_BLUETOOTH_HCI_H4_WITH_PHDR:
3888 case DLT_CAN20B:
3889 case DLT_CAN_SOCKETCAN:
3890 case DLT_IEEE802_15_4:
3891 case DLT_IEEE802_15_4_LINUX:
3892 case DLT_IEEE802_15_4_NONASK_PHY:
3893 case DLT_IEEE802_15_4_NOFCS:
3894 case DLT_IEEE802_15_4_TAP:
3895 case DLT_IEEE802_16_MAC_CPS_RADIO:
3896 case DLT_SITA:
3897 case DLT_RAIF1:
3898 case DLT_IPMB_KONTRON:
3899 case DLT_I2C_LINUX:
3900 case DLT_AX25_KISS:
3901 case DLT_NFLOG:
3902 /* Using the fixed-size NFLOG header it is possible to tell only
3903 * the address family of the packet, other meaningful data is
3904 * either missing or behind TLVs.
3905 */
3906 break; // not implemented
3907
3908 default:
3909 /*
3910 * Does this link-layer header type have a field
3911 * indicating the type of the next protocol? If
3912 * so, off_linktype.constant_part will be the offset of that
3913 * field in the packet; if not, it will be OFFSET_NOT_SET.
3914 */
3915 if (cstate->off_linktype.constant_part != OFFSET_NOT_SET) {
3916 /*
3917 * Yes; assume it's an Ethernet type. (If
3918 * it's not, it needs to be handled specially
3919 * above.)
3920 */
3921 return gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, ll_proto);
3922 /*NOTREACHED */
3923 }
3924 }
3925 bpf_error(cstate, "link-layer type filtering not implemented for %s",
3926 pcap_datalink_val_to_description_or_dlt(cstate->linktype));
3927 }
3928
3929 /*
3930 * Check for an LLC SNAP packet with a given organization code and
3931 * protocol type; we check the entire contents of the 802.2 LLC and
3932 * snap headers, checking for DSAP and SSAP of SNAP and a control
3933 * field of 0x03 in the LLC header, and for the specified organization
3934 * code and protocol type in the SNAP header.
3935 */
3936 static struct block *
3937 gen_snap(compiler_state_t *cstate, bpf_u_int32 orgcode, bpf_u_int32 ptype)
3938 {
3939 u_char snapblock[8];
3940
3941 snapblock[0] = LLCSAP_SNAP; /* DSAP = SNAP */
3942 snapblock[1] = LLCSAP_SNAP; /* SSAP = SNAP */
3943 snapblock[2] = 0x03; /* control = UI */
3944 snapblock[3] = (u_char)(orgcode >> 16); /* upper 8 bits of organization code */
3945 snapblock[4] = (u_char)(orgcode >> 8); /* middle 8 bits of organization code */
3946 snapblock[5] = (u_char)(orgcode >> 0); /* lower 8 bits of organization code */
3947 snapblock[6] = (u_char)(ptype >> 8); /* upper 8 bits of protocol type */
3948 snapblock[7] = (u_char)(ptype >> 0); /* lower 8 bits of protocol type */
3949 return gen_bcmp(cstate, OR_LLC, 0, 8, snapblock);
3950 }
3951
3952 /*
3953 * Generate code to match frames with an LLC header.
3954 */
3955 static struct block *
3956 gen_llc_internal(compiler_state_t *cstate)
3957 {
3958 struct block *b0, *b1;
3959
3960 switch (cstate->linktype) {
3961
3962 case DLT_EN10MB:
3963 /*
3964 * We check for an Ethernet type field less or equal than
3965 * 1500, which means it's an 802.3 length field.
3966 */
3967 b0 = gen_cmp_le(cstate, OR_LINKTYPE, 0, BPF_H, ETHERMTU);
3968
3969 /*
3970 * Now check for the purported DSAP and SSAP not being
3971 * 0xFF, to rule out NetWare-over-802.3.
3972 */
3973 b1 = gen_cmp(cstate, OR_LLC, 0, BPF_H, 0xFFFF);
3974 gen_not(b1);
3975 gen_and(b0, b1);
3976 return b1;
3977
3978 case DLT_SUNATM:
3979 /*
3980 * We check for LLC traffic.
3981 */
3982 b0 = gen_atmtype_llc(cstate);
3983 return b0;
3984
3985 case DLT_IEEE802: /* Token Ring */
3986 /*
3987 * XXX - check for LLC frames.
3988 */
3989 return gen_true(cstate);
3990
3991 case DLT_FDDI:
3992 /*
3993 * XXX - check for LLC frames.
3994 */
3995 return gen_true(cstate);
3996
3997 case DLT_ATM_RFC1483:
3998 /*
3999 * For LLC encapsulation, these are defined to have an
4000 * 802.2 LLC header.
4001 *
4002 * For VC encapsulation, they don't, but there's no
4003 * way to check for that; the protocol used on the VC
4004 * is negotiated out of band.
4005 */
4006 return gen_true(cstate);
4007
4008 case DLT_IEEE802_11:
4009 case DLT_PRISM_HEADER:
4010 case DLT_IEEE802_11_RADIO:
4011 case DLT_IEEE802_11_RADIO_AVS:
4012 case DLT_PPI:
4013 /*
4014 * Check that we have a data frame.
4015 */
4016 return gen_mcmp(cstate, OR_LINKHDR, 0, BPF_B,
4017 IEEE80211_FC0_TYPE_DATA,
4018 IEEE80211_FC0_TYPE_MASK);
4019
4020 default:
4021 fail_kw_on_dlt(cstate, "llc");
4022 /*NOTREACHED*/
4023 }
4024 }
4025
4026 struct block *
4027 gen_llc(compiler_state_t *cstate)
4028 {
4029 /*
4030 * Catch errors reported by us and routines below us, and return NULL
4031 * on an error.
4032 */
4033 if (setjmp(cstate->top_ctx))
4034 return (NULL);
4035
4036 return gen_llc_internal(cstate);
4037 }
4038
4039 struct block *
4040 gen_llc_i(compiler_state_t *cstate)
4041 {
4042 struct block *b0, *b1;
4043 struct slist *s;
4044
4045 /*
4046 * Catch errors reported by us and routines below us, and return NULL
4047 * on an error.
4048 */
4049 if (setjmp(cstate->top_ctx))
4050 return (NULL);
4051
4052 /*
4053 * Check whether this is an LLC frame.
4054 */
4055 b0 = gen_llc_internal(cstate);
4056
4057 /*
4058 * Load the control byte and test the low-order bit; it must
4059 * be clear for I frames.
4060 */
4061 s = gen_load_a(cstate, OR_LLC, 2, BPF_B);
4062 b1 = new_block(cstate, JMP(BPF_JSET));
4063 b1->s.k = 0x01;
4064 b1->stmts = s;
4065 gen_not(b1);
4066 gen_and(b0, b1);
4067 return b1;
4068 }
4069
4070 struct block *
4071 gen_llc_s(compiler_state_t *cstate)
4072 {
4073 struct block *b0, *b1;
4074
4075 /*
4076 * Catch errors reported by us and routines below us, and return NULL
4077 * on an error.
4078 */
4079 if (setjmp(cstate->top_ctx))
4080 return (NULL);
4081
4082 /*
4083 * Check whether this is an LLC frame.
4084 */
4085 b0 = gen_llc_internal(cstate);
4086
4087 /*
4088 * Now compare the low-order 2 bit of the control byte against
4089 * the appropriate value for S frames.
4090 */
4091 b1 = gen_mcmp(cstate, OR_LLC, 2, BPF_B, LLC_S_FMT, 0x03);
4092 gen_and(b0, b1);
4093 return b1;
4094 }
4095
4096 struct block *
4097 gen_llc_u(compiler_state_t *cstate)
4098 {
4099 struct block *b0, *b1;
4100
4101 /*
4102 * Catch errors reported by us and routines below us, and return NULL
4103 * on an error.
4104 */
4105 if (setjmp(cstate->top_ctx))
4106 return (NULL);
4107
4108 /*
4109 * Check whether this is an LLC frame.
4110 */
4111 b0 = gen_llc_internal(cstate);
4112
4113 /*
4114 * Now compare the low-order 2 bit of the control byte against
4115 * the appropriate value for U frames.
4116 */
4117 b1 = gen_mcmp(cstate, OR_LLC, 2, BPF_B, LLC_U_FMT, 0x03);
4118 gen_and(b0, b1);
4119 return b1;
4120 }
4121
4122 struct block *
4123 gen_llc_s_subtype(compiler_state_t *cstate, bpf_u_int32 subtype)
4124 {
4125 struct block *b0, *b1;
4126
4127 /*
4128 * Catch errors reported by us and routines below us, and return NULL
4129 * on an error.
4130 */
4131 if (setjmp(cstate->top_ctx))
4132 return (NULL);
4133
4134 /*
4135 * Check whether this is an LLC frame.
4136 */
4137 b0 = gen_llc_internal(cstate);
4138
4139 /*
4140 * Now check for an S frame with the appropriate type.
4141 */
4142 b1 = gen_mcmp(cstate, OR_LLC, 2, BPF_B, subtype, LLC_S_CMD_MASK);
4143 gen_and(b0, b1);
4144 return b1;
4145 }
4146
4147 struct block *
4148 gen_llc_u_subtype(compiler_state_t *cstate, bpf_u_int32 subtype)
4149 {
4150 struct block *b0, *b1;
4151
4152 /*
4153 * Catch errors reported by us and routines below us, and return NULL
4154 * on an error.
4155 */
4156 if (setjmp(cstate->top_ctx))
4157 return (NULL);
4158
4159 /*
4160 * Check whether this is an LLC frame.
4161 */
4162 b0 = gen_llc_internal(cstate);
4163
4164 /*
4165 * Now check for a U frame with the appropriate type.
4166 */
4167 b1 = gen_mcmp(cstate, OR_LLC, 2, BPF_B, subtype, LLC_U_CMD_MASK);
4168 gen_and(b0, b1);
4169 return b1;
4170 }
4171
4172 /*
4173 * Generate code to match a particular packet type, for link-layer types
4174 * using 802.2 LLC headers.
4175 *
4176 * This is *NOT* used for Ethernet; "gen_ether_linktype()" is used
4177 * for that - it handles the D/I/X Ethernet vs. 802.3+802.2 issues.
4178 *
4179 * "proto" is an Ethernet type value, if > ETHERMTU, or an LLC SAP
4180 * value, if <= ETHERMTU. We use that to determine whether to
4181 * match the DSAP or both DSAP and LSAP or to check the OUI and
4182 * protocol ID in a SNAP header.
4183 */
4184 static struct block *
4185 gen_llc_linktype(compiler_state_t *cstate, bpf_u_int32 ll_proto)
4186 {
4187 /*
4188 * XXX - handle token-ring variable-length header.
4189 */
4190 switch (ll_proto) {
4191
4192 case LLCSAP_IP:
4193 case LLCSAP_ISONS:
4194 case LLCSAP_NETBEUI:
4195 /*
4196 * XXX - should we check both the DSAP and the
4197 * SSAP, like this, or should we check just the
4198 * DSAP, as we do for other SAP values?
4199 */
4200 return gen_cmp(cstate, OR_LLC, 0, BPF_H, (bpf_u_int32)
4201 ((ll_proto << 8) | ll_proto));
4202
4203 case LLCSAP_IPX:
4204 /*
4205 * XXX - are there ever SNAP frames for IPX on
4206 * non-Ethernet 802.x networks?
4207 */
4208 return gen_cmp(cstate, OR_LLC, 0, BPF_B, LLCSAP_IPX);
4209
4210 case ETHERTYPE_ATALK:
4211 /*
4212 * 802.2-encapsulated ETHERTYPE_ATALK packets are
4213 * SNAP packets with an organization code of
4214 * 0x080007 (Apple, for Appletalk) and a protocol
4215 * type of ETHERTYPE_ATALK (Appletalk).
4216 *
4217 * XXX - check for an organization code of
4218 * encapsulated Ethernet as well?
4219 */
4220 return gen_snap(cstate, 0x080007, ETHERTYPE_ATALK);
4221
4222 default:
4223 /*
4224 * XXX - we don't have to check for IPX 802.3
4225 * here, but should we check for the IPX Ethertype?
4226 */
4227 if (ll_proto <= ETHERMTU) {
4228 /*
4229 * This is an LLC SAP value, so check
4230 * the DSAP.
4231 */
4232 return gen_cmp(cstate, OR_LLC, 0, BPF_B, ll_proto);
4233 } else {
4234 /*
4235 * This is an Ethernet type; we assume that it's
4236 * unlikely that it'll appear in the right place
4237 * at random, and therefore check only the
4238 * location that would hold the Ethernet type
4239 * in a SNAP frame with an organization code of
4240 * 0x000000 (encapsulated Ethernet).
4241 *
4242 * XXX - if we were to check for the SNAP DSAP and
4243 * LSAP, as per XXX, and were also to check for an
4244 * organization code of 0x000000 (encapsulated
4245 * Ethernet), we'd do
4246 *
4247 * return gen_snap(cstate, 0x000000, ll_proto);
4248 *
4249 * here; for now, we don't, as per the above.
4250 * I don't know whether it's worth the extra CPU
4251 * time to do the right check or not.
4252 */
4253 return gen_cmp(cstate, OR_LLC, 6, BPF_H, ll_proto);
4254 }
4255 }
4256 }
4257
4258 static struct block *
4259 gen_hostop(compiler_state_t *cstate, bpf_u_int32 addr, bpf_u_int32 mask,
4260 int dir, u_int src_off, u_int dst_off)
4261 {
4262 struct block *b0, *b1;
4263 u_int offset;
4264
4265 switch (dir) {
4266
4267 case Q_SRC:
4268 offset = src_off;
4269 break;
4270
4271 case Q_DST:
4272 offset = dst_off;
4273 break;
4274
4275 case Q_AND:
4276 b0 = gen_hostop(cstate, addr, mask, Q_SRC, src_off, dst_off);
4277 b1 = gen_hostop(cstate, addr, mask, Q_DST, src_off, dst_off);
4278 gen_and(b0, b1);
4279 return b1;
4280
4281 case Q_DEFAULT:
4282 case Q_OR:
4283 b0 = gen_hostop(cstate, addr, mask, Q_SRC, src_off, dst_off);
4284 b1 = gen_hostop(cstate, addr, mask, Q_DST, src_off, dst_off);
4285 gen_or(b0, b1);
4286 return b1;
4287
4288 case Q_ADDR1:
4289 case Q_ADDR2:
4290 case Q_ADDR3:
4291 case Q_ADDR4:
4292 case Q_RA:
4293 case Q_TA:
4294 bpf_error(cstate, ERRSTR_802_11_ONLY_KW, dqkw(dir));
4295 /*NOTREACHED*/
4296
4297 default:
4298 abort();
4299 /*NOTREACHED*/
4300 }
4301 return gen_mcmp(cstate, OR_LINKPL, offset, BPF_W, addr, mask);
4302 }
4303
4304 #ifdef INET6
4305 static struct block *
4306 gen_hostop6(compiler_state_t *cstate, struct in6_addr *addr,
4307 struct in6_addr *mask, int dir, u_int src_off, u_int dst_off)
4308 {
4309 struct block *b0, *b1;
4310 u_int offset;
4311 /*
4312 * Code below needs to access four separate 32-bit parts of the 128-bit
4313 * IPv6 address and mask. In some OSes this is as simple as using the
4314 * s6_addr32 pseudo-member of struct in6_addr, which contains a union of
4315 * 8-, 16- and 32-bit arrays. In other OSes this is not the case, as
4316 * far as libpcap sees it. Hence copy the data before use to avoid
4317 * potential unaligned memory access and the associated compiler
4318 * warnings (whether genuine or not).
4319 */
4320 bpf_u_int32 a[4], m[4];
4321
4322 switch (dir) {
4323
4324 case Q_SRC:
4325 offset = src_off;
4326 break;
4327
4328 case Q_DST:
4329 offset = dst_off;
4330 break;
4331
4332 case Q_AND:
4333 b0 = gen_hostop6(cstate, addr, mask, Q_SRC, src_off, dst_off);
4334 b1 = gen_hostop6(cstate, addr, mask, Q_DST, src_off, dst_off);
4335 gen_and(b0, b1);
4336 return b1;
4337
4338 case Q_DEFAULT:
4339 case Q_OR:
4340 b0 = gen_hostop6(cstate, addr, mask, Q_SRC, src_off, dst_off);
4341 b1 = gen_hostop6(cstate, addr, mask, Q_DST, src_off, dst_off);
4342 gen_or(b0, b1);
4343 return b1;
4344
4345 case Q_ADDR1:
4346 case Q_ADDR2:
4347 case Q_ADDR3:
4348 case Q_ADDR4:
4349 case Q_RA:
4350 case Q_TA:
4351 bpf_error(cstate, ERRSTR_802_11_ONLY_KW, dqkw(dir));
4352 /*NOTREACHED*/
4353
4354 default:
4355 abort();
4356 /*NOTREACHED*/
4357 }
4358 /* this order is important */
4359 memcpy(a, addr, sizeof(a));
4360 memcpy(m, mask, sizeof(m));
4361 b1 = gen_mcmp(cstate, OR_LINKPL, offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3]));
4362 b0 = gen_mcmp(cstate, OR_LINKPL, offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2]));
4363 gen_and(b0, b1);
4364 b0 = gen_mcmp(cstate, OR_LINKPL, offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1]));
4365 gen_and(b0, b1);
4366 b0 = gen_mcmp(cstate, OR_LINKPL, offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0]));
4367 gen_and(b0, b1);
4368 return b1;
4369 }
4370 #endif
4371
4372 static struct block *
4373 gen_ehostop(compiler_state_t *cstate, const u_char *eaddr, int dir)
4374 {
4375 register struct block *b0, *b1;
4376
4377 switch (dir) {
4378 case Q_SRC:
4379 return gen_bcmp(cstate, OR_LINKHDR, 6, 6, eaddr);
4380
4381 case Q_DST:
4382 return gen_bcmp(cstate, OR_LINKHDR, 0, 6, eaddr);
4383
4384 case Q_AND:
4385 b0 = gen_ehostop(cstate, eaddr, Q_SRC);
4386 b1 = gen_ehostop(cstate, eaddr, Q_DST);
4387 gen_and(b0, b1);
4388 return b1;
4389
4390 case Q_DEFAULT:
4391 case Q_OR:
4392 b0 = gen_ehostop(cstate, eaddr, Q_SRC);
4393 b1 = gen_ehostop(cstate, eaddr, Q_DST);
4394 gen_or(b0, b1);
4395 return b1;
4396
4397 case Q_ADDR1:
4398 case Q_ADDR2:
4399 case Q_ADDR3:
4400 case Q_ADDR4:
4401 case Q_RA:
4402 case Q_TA:
4403 bpf_error(cstate, ERRSTR_802_11_ONLY_KW, dqkw(dir));
4404 /*NOTREACHED*/
4405 }
4406 abort();
4407 /*NOTREACHED*/
4408 }
4409
4410 /*
4411 * Like gen_ehostop, but for DLT_FDDI
4412 */
4413 static struct block *
4414 gen_fhostop(compiler_state_t *cstate, const u_char *eaddr, int dir)
4415 {
4416 struct block *b0, *b1;
4417
4418 switch (dir) {
4419 case Q_SRC:
4420 return gen_bcmp(cstate, OR_LINKHDR, 6 + 1 + cstate->pcap_fddipad, 6, eaddr);
4421
4422 case Q_DST:
4423 return gen_bcmp(cstate, OR_LINKHDR, 0 + 1 + cstate->pcap_fddipad, 6, eaddr);
4424
4425 case Q_AND:
4426 b0 = gen_fhostop(cstate, eaddr, Q_SRC);
4427 b1 = gen_fhostop(cstate, eaddr, Q_DST);
4428 gen_and(b0, b1);
4429 return b1;
4430
4431 case Q_DEFAULT:
4432 case Q_OR:
4433 b0 = gen_fhostop(cstate, eaddr, Q_SRC);
4434 b1 = gen_fhostop(cstate, eaddr, Q_DST);
4435 gen_or(b0, b1);
4436 return b1;
4437
4438 case Q_ADDR1:
4439 case Q_ADDR2:
4440 case Q_ADDR3:
4441 case Q_ADDR4:
4442 case Q_RA:
4443 case Q_TA:
4444 bpf_error(cstate, ERRSTR_802_11_ONLY_KW, dqkw(dir));
4445 /*NOTREACHED*/
4446 }
4447 abort();
4448 /*NOTREACHED*/
4449 }
4450
4451 /*
4452 * Like gen_ehostop, but for DLT_IEEE802 (Token Ring)
4453 */
4454 static struct block *
4455 gen_thostop(compiler_state_t *cstate, const u_char *eaddr, int dir)
4456 {
4457 register struct block *b0, *b1;
4458
4459 switch (dir) {
4460 case Q_SRC:
4461 return gen_bcmp(cstate, OR_LINKHDR, 8, 6, eaddr);
4462
4463 case Q_DST:
4464 return gen_bcmp(cstate, OR_LINKHDR, 2, 6, eaddr);
4465
4466 case Q_AND:
4467 b0 = gen_thostop(cstate, eaddr, Q_SRC);
4468 b1 = gen_thostop(cstate, eaddr, Q_DST);
4469 gen_and(b0, b1);
4470 return b1;
4471
4472 case Q_DEFAULT:
4473 case Q_OR:
4474 b0 = gen_thostop(cstate, eaddr, Q_SRC);
4475 b1 = gen_thostop(cstate, eaddr, Q_DST);
4476 gen_or(b0, b1);
4477 return b1;
4478
4479 case Q_ADDR1:
4480 case Q_ADDR2:
4481 case Q_ADDR3:
4482 case Q_ADDR4:
4483 case Q_RA:
4484 case Q_TA:
4485 bpf_error(cstate, ERRSTR_802_11_ONLY_KW, dqkw(dir));
4486 /*NOTREACHED*/
4487 }
4488 abort();
4489 /*NOTREACHED*/
4490 }
4491
4492 /*
4493 * Like gen_ehostop, but for DLT_IEEE802_11 (802.11 wireless LAN) and
4494 * various 802.11 + radio headers.
4495 */
4496 static struct block *
4497 gen_wlanhostop(compiler_state_t *cstate, const u_char *eaddr, int dir)
4498 {
4499 register struct block *b0, *b1, *b2;
4500 register struct slist *s;
4501
4502 #ifdef ENABLE_WLAN_FILTERING_PATCH
4503 /*
4504 * TODO GV 20070613
4505 * We need to disable the optimizer because the optimizer is buggy
4506 * and wipes out some LD instructions generated by the below
4507 * code to validate the Frame Control bits
4508 */
4509 cstate->no_optimize = 1;
4510 #endif /* ENABLE_WLAN_FILTERING_PATCH */
4511
4512 switch (dir) {
4513 case Q_SRC:
4514 /*
4515 * Oh, yuk.
4516 *
4517 * For control frames, there is no SA.
4518 *
4519 * For management frames, SA is at an
4520 * offset of 10 from the beginning of
4521 * the packet.
4522 *
4523 * For data frames, SA is at an offset
4524 * of 10 from the beginning of the packet
4525 * if From DS is clear, at an offset of
4526 * 16 from the beginning of the packet
4527 * if From DS is set and To DS is clear,
4528 * and an offset of 24 from the beginning
4529 * of the packet if From DS is set and To DS
4530 * is set.
4531 */
4532
4533 /*
4534 * Generate the tests to be done for data frames
4535 * with From DS set.
4536 *
4537 * First, check for To DS set, i.e. check "link[1] & 0x01".
4538 */
4539 s = gen_load_a(cstate, OR_LINKHDR, 1, BPF_B);
4540 b1 = new_block(cstate, JMP(BPF_JSET));
4541 b1->s.k = 0x01; /* To DS */
4542 b1->stmts = s;
4543
4544 /*
4545 * If To DS is set, the SA is at 24.
4546 */
4547 b0 = gen_bcmp(cstate, OR_LINKHDR, 24, 6, eaddr);
4548 gen_and(b1, b0);
4549
4550 /*
4551 * Now, check for To DS not set, i.e. check
4552 * "!(link[1] & 0x01)".
4553 */
4554 s = gen_load_a(cstate, OR_LINKHDR, 1, BPF_B);
4555 b2 = new_block(cstate, JMP(BPF_JSET));
4556 b2->s.k = 0x01; /* To DS */
4557 b2->stmts = s;
4558 gen_not(b2);
4559
4560 /*
4561 * If To DS is not set, the SA is at 16.
4562 */
4563 b1 = gen_bcmp(cstate, OR_LINKHDR, 16, 6, eaddr);
4564 gen_and(b2, b1);
4565
4566 /*
4567 * Now OR together the last two checks. That gives
4568 * the complete set of checks for data frames with
4569 * From DS set.
4570 */
4571 gen_or(b1, b0);
4572
4573 /*
4574 * Now check for From DS being set, and AND that with
4575 * the ORed-together checks.
4576 */
4577 s = gen_load_a(cstate, OR_LINKHDR, 1, BPF_B);
4578 b1 = new_block(cstate, JMP(BPF_JSET));
4579 b1->s.k = 0x02; /* From DS */
4580 b1->stmts = s;
4581 gen_and(b1, b0);
4582
4583 /*
4584 * Now check for data frames with From DS not set.
4585 */
4586 s = gen_load_a(cstate, OR_LINKHDR, 1, BPF_B);
4587 b2 = new_block(cstate, JMP(BPF_JSET));
4588 b2->s.k = 0x02; /* From DS */
4589 b2->stmts = s;
4590 gen_not(b2);
4591
4592 /*
4593 * If From DS isn't set, the SA is at 10.
4594 */
4595 b1 = gen_bcmp(cstate, OR_LINKHDR, 10, 6, eaddr);
4596 gen_and(b2, b1);
4597
4598 /*
4599 * Now OR together the checks for data frames with
4600 * From DS not set and for data frames with From DS
4601 * set; that gives the checks done for data frames.
4602 */
4603 gen_or(b1, b0);
4604
4605 /*
4606 * Now check for a data frame.
4607 * I.e, check "link[0] & 0x08".
4608 */
4609 s = gen_load_a(cstate, OR_LINKHDR, 0, BPF_B);
4610 b1 = new_block(cstate, JMP(BPF_JSET));
4611 b1->s.k = 0x08;
4612 b1->stmts = s;
4613
4614 /*
4615 * AND that with the checks done for data frames.
4616 */
4617 gen_and(b1, b0);
4618
4619 /*
4620 * If the high-order bit of the type value is 0, this
4621 * is a management frame.
4622 * I.e, check "!(link[0] & 0x08)".
4623 */
4624 s = gen_load_a(cstate, OR_LINKHDR, 0, BPF_B);
4625 b2 = new_block(cstate, JMP(BPF_JSET));
4626 b2->s.k = 0x08;
4627 b2->stmts = s;
4628 gen_not(b2);
4629
4630 /*
4631 * For management frames, the SA is at 10.
4632 */
4633 b1 = gen_bcmp(cstate, OR_LINKHDR, 10, 6, eaddr);
4634 gen_and(b2, b1);
4635
4636 /*
4637 * OR that with the checks done for data frames.
4638 * That gives the checks done for management and
4639 * data frames.
4640 */
4641 gen_or(b1, b0);
4642
4643 /*
4644 * If the low-order bit of the type value is 1,
4645 * this is either a control frame or a frame
4646 * with a reserved type, and thus not a
4647 * frame with an SA.
4648 *
4649 * I.e., check "!(link[0] & 0x04)".
4650 */
4651 s = gen_load_a(cstate, OR_LINKHDR, 0, BPF_B);
4652 b1 = new_block(cstate, JMP(BPF_JSET));
4653 b1->s.k = 0x04;
4654 b1->stmts = s;
4655 gen_not(b1);
4656
4657 /*
4658 * AND that with the checks for data and management
4659 * frames.
4660 */
4661 gen_and(b1, b0);
4662 return b0;
4663
4664 case Q_DST:
4665 /*
4666 * Oh, yuk.
4667 *
4668 * For control frames, there is no DA.
4669 *
4670 * For management frames, DA is at an
4671 * offset of 4 from the beginning of
4672 * the packet.
4673 *
4674 * For data frames, DA is at an offset
4675 * of 4 from the beginning of the packet
4676 * if To DS is clear and at an offset of
4677 * 16 from the beginning of the packet
4678 * if To DS is set.
4679 */
4680
4681 /*
4682 * Generate the tests to be done for data frames.
4683 *
4684 * First, check for To DS set, i.e. "link[1] & 0x01".
4685 */
4686 s = gen_load_a(cstate, OR_LINKHDR, 1, BPF_B);
4687 b1 = new_block(cstate, JMP(BPF_JSET));
4688 b1->s.k = 0x01; /* To DS */
4689 b1->stmts = s;
4690
4691 /*
4692 * If To DS is set, the DA is at 16.
4693 */
4694 b0 = gen_bcmp(cstate, OR_LINKHDR, 16, 6, eaddr);
4695 gen_and(b1, b0);
4696
4697 /*
4698 * Now, check for To DS not set, i.e. check
4699 * "!(link[1] & 0x01)".
4700 */
4701 s = gen_load_a(cstate, OR_LINKHDR, 1, BPF_B);
4702 b2 = new_block(cstate, JMP(BPF_JSET));
4703 b2->s.k = 0x01; /* To DS */
4704 b2->stmts = s;
4705 gen_not(b2);
4706
4707 /*
4708 * If To DS is not set, the DA is at 4.
4709 */
4710 b1 = gen_bcmp(cstate, OR_LINKHDR, 4, 6, eaddr);
4711 gen_and(b2, b1);
4712
4713 /*
4714 * Now OR together the last two checks. That gives
4715 * the complete set of checks for data frames.
4716 */
4717 gen_or(b1, b0);
4718
4719 /*
4720 * Now check for a data frame.
4721 * I.e, check "link[0] & 0x08".
4722 */
4723 s = gen_load_a(cstate, OR_LINKHDR, 0, BPF_B);
4724 b1 = new_block(cstate, JMP(BPF_JSET));
4725 b1->s.k = 0x08;
4726 b1->stmts = s;
4727
4728 /*
4729 * AND that with the checks done for data frames.
4730 */
4731 gen_and(b1, b0);
4732
4733 /*
4734 * If the high-order bit of the type value is 0, this
4735 * is a management frame.
4736 * I.e, check "!(link[0] & 0x08)".
4737 */
4738 s = gen_load_a(cstate, OR_LINKHDR, 0, BPF_B);
4739 b2 = new_block(cstate, JMP(BPF_JSET));
4740 b2->s.k = 0x08;
4741 b2->stmts = s;
4742 gen_not(b2);
4743
4744 /*
4745 * For management frames, the DA is at 4.
4746 */
4747 b1 = gen_bcmp(cstate, OR_LINKHDR, 4, 6, eaddr);
4748 gen_and(b2, b1);
4749
4750 /*
4751 * OR that with the checks done for data frames.
4752 * That gives the checks done for management and
4753 * data frames.
4754 */
4755 gen_or(b1, b0);
4756
4757 /*
4758 * If the low-order bit of the type value is 1,
4759 * this is either a control frame or a frame
4760 * with a reserved type, and thus not a
4761 * frame with an SA.
4762 *
4763 * I.e., check "!(link[0] & 0x04)".
4764 */
4765 s = gen_load_a(cstate, OR_LINKHDR, 0, BPF_B);
4766 b1 = new_block(cstate, JMP(BPF_JSET));
4767 b1->s.k = 0x04;
4768 b1->stmts = s;
4769 gen_not(b1);
4770
4771 /*
4772 * AND that with the checks for data and management
4773 * frames.
4774 */
4775 gen_and(b1, b0);
4776 return b0;
4777
4778 case Q_AND:
4779 b0 = gen_wlanhostop(cstate, eaddr, Q_SRC);
4780 b1 = gen_wlanhostop(cstate, eaddr, Q_DST);
4781 gen_and(b0, b1);
4782 return b1;
4783
4784 case Q_DEFAULT:
4785 case Q_OR:
4786 b0 = gen_wlanhostop(cstate, eaddr, Q_SRC);
4787 b1 = gen_wlanhostop(cstate, eaddr, Q_DST);
4788 gen_or(b0, b1);
4789 return b1;
4790
4791 /*
4792 * XXX - add BSSID keyword?
4793 */
4794 case Q_ADDR1:
4795 return (gen_bcmp(cstate, OR_LINKHDR, 4, 6, eaddr));
4796
4797 case Q_ADDR2:
4798 /*
4799 * Not present in CTS or ACK control frames.
4800 */
4801 b0 = gen_mcmp(cstate, OR_LINKHDR, 0, BPF_B, IEEE80211_FC0_TYPE_CTL,
4802 IEEE80211_FC0_TYPE_MASK);
4803 gen_not(b0);
4804 b1 = gen_mcmp(cstate, OR_LINKHDR, 0, BPF_B, IEEE80211_FC0_SUBTYPE_CTS,
4805 IEEE80211_FC0_SUBTYPE_MASK);
4806 gen_not(b1);
4807 b2 = gen_mcmp(cstate, OR_LINKHDR, 0, BPF_B, IEEE80211_FC0_SUBTYPE_ACK,
4808 IEEE80211_FC0_SUBTYPE_MASK);
4809 gen_not(b2);
4810 gen_and(b1, b2);
4811 gen_or(b0, b2);
4812 b1 = gen_bcmp(cstate, OR_LINKHDR, 10, 6, eaddr);
4813 gen_and(b2, b1);
4814 return b1;
4815
4816 case Q_ADDR3:
4817 /*
4818 * Not present in control frames.
4819 */
4820 b0 = gen_mcmp(cstate, OR_LINKHDR, 0, BPF_B, IEEE80211_FC0_TYPE_CTL,
4821 IEEE80211_FC0_TYPE_MASK);
4822 gen_not(b0);
4823 b1 = gen_bcmp(cstate, OR_LINKHDR, 16, 6, eaddr);
4824 gen_and(b0, b1);
4825 return b1;
4826
4827 case Q_ADDR4:
4828 /*
4829 * Present only if the direction mask has both "From DS"
4830 * and "To DS" set. Neither control frames nor management
4831 * frames should have both of those set, so we don't
4832 * check the frame type.
4833 */
4834 b0 = gen_mcmp(cstate, OR_LINKHDR, 1, BPF_B,
4835 IEEE80211_FC1_DIR_DSTODS, IEEE80211_FC1_DIR_MASK);
4836 b1 = gen_bcmp(cstate, OR_LINKHDR, 24, 6, eaddr);
4837 gen_and(b0, b1);
4838 return b1;
4839
4840 case Q_RA:
4841 /*
4842 * Not present in management frames; addr1 in other
4843 * frames.
4844 */
4845
4846 /*
4847 * If the high-order bit of the type value is 0, this
4848 * is a management frame.
4849 * I.e, check "(link[0] & 0x08)".
4850 */
4851 s = gen_load_a(cstate, OR_LINKHDR, 0, BPF_B);
4852 b1 = new_block(cstate, JMP(BPF_JSET));
4853 b1->s.k = 0x08;
4854 b1->stmts = s;
4855
4856 /*
4857 * Check addr1.
4858 */
4859 b0 = gen_bcmp(cstate, OR_LINKHDR, 4, 6, eaddr);
4860
4861 /*
4862 * AND that with the check of addr1.
4863 */
4864 gen_and(b1, b0);
4865 return (b0);
4866
4867 case Q_TA:
4868 /*
4869 * Not present in management frames; addr2, if present,
4870 * in other frames.
4871 */
4872
4873 /*
4874 * Not present in CTS or ACK control frames.
4875 */
4876 b0 = gen_mcmp(cstate, OR_LINKHDR, 0, BPF_B, IEEE80211_FC0_TYPE_CTL,
4877 IEEE80211_FC0_TYPE_MASK);
4878 gen_not(b0);
4879 b1 = gen_mcmp(cstate, OR_LINKHDR, 0, BPF_B, IEEE80211_FC0_SUBTYPE_CTS,
4880 IEEE80211_FC0_SUBTYPE_MASK);
4881 gen_not(b1);
4882 b2 = gen_mcmp(cstate, OR_LINKHDR, 0, BPF_B, IEEE80211_FC0_SUBTYPE_ACK,
4883 IEEE80211_FC0_SUBTYPE_MASK);
4884 gen_not(b2);
4885 gen_and(b1, b2);
4886 gen_or(b0, b2);
4887
4888 /*
4889 * If the high-order bit of the type value is 0, this
4890 * is a management frame.
4891 * I.e, check "(link[0] & 0x08)".
4892 */
4893 s = gen_load_a(cstate, OR_LINKHDR, 0, BPF_B);
4894 b1 = new_block(cstate, JMP(BPF_JSET));
4895 b1->s.k = 0x08;
4896 b1->stmts = s;
4897
4898 /*
4899 * AND that with the check for frames other than
4900 * CTS and ACK frames.
4901 */
4902 gen_and(b1, b2);
4903
4904 /*
4905 * Check addr2.
4906 */
4907 b1 = gen_bcmp(cstate, OR_LINKHDR, 10, 6, eaddr);
4908 gen_and(b2, b1);
4909 return b1;
4910 }
4911 abort();
4912 /*NOTREACHED*/
4913 }
4914
4915 /*
4916 * Like gen_ehostop, but for RFC 2625 IP-over-Fibre-Channel.
4917 * (We assume that the addresses are IEEE 48-bit MAC addresses,
4918 * as the RFC states.)
4919 */
4920 static struct block *
4921 gen_ipfchostop(compiler_state_t *cstate, const u_char *eaddr, int dir)
4922 {
4923 register struct block *b0, *b1;
4924
4925 switch (dir) {
4926 case Q_SRC:
4927 return gen_bcmp(cstate, OR_LINKHDR, 10, 6, eaddr);
4928
4929 case Q_DST:
4930 return gen_bcmp(cstate, OR_LINKHDR, 2, 6, eaddr);
4931
4932 case Q_AND:
4933 b0 = gen_ipfchostop(cstate, eaddr, Q_SRC);
4934 b1 = gen_ipfchostop(cstate, eaddr, Q_DST);
4935 gen_and(b0, b1);
4936 return b1;
4937
4938 case Q_DEFAULT:
4939 case Q_OR:
4940 b0 = gen_ipfchostop(cstate, eaddr, Q_SRC);
4941 b1 = gen_ipfchostop(cstate, eaddr, Q_DST);
4942 gen_or(b0, b1);
4943 return b1;
4944
4945 case Q_ADDR1:
4946 case Q_ADDR2:
4947 case Q_ADDR3:
4948 case Q_ADDR4:
4949 case Q_RA:
4950 case Q_TA:
4951 bpf_error(cstate, ERRSTR_802_11_ONLY_KW, dqkw(dir));
4952 /*NOTREACHED*/
4953 }
4954 abort();
4955 /*NOTREACHED*/
4956 }
4957
4958 /*
4959 * This is quite tricky because there may be pad bytes in front of the
4960 * DECNET header, and then there are two possible data packet formats that
4961 * carry both src and dst addresses, plus 5 packet types in a format that
4962 * carries only the src node, plus 2 types that use a different format and
4963 * also carry just the src node.
4964 *
4965 * Yuck.
4966 *
4967 * Instead of doing those all right, we just look for data packets with
4968 * 0 or 1 bytes of padding. If you want to look at other packets, that
4969 * will require a lot more hacking.
4970 *
4971 * To add support for filtering on DECNET "areas" (network numbers)
4972 * one would want to add a "mask" argument to this routine. That would
4973 * make the filter even more inefficient, although one could be clever
4974 * and not generate masking instructions if the mask is 0xFFFF.
4975 */
4976 static struct block *
4977 gen_dnhostop(compiler_state_t *cstate, bpf_u_int32 addr, int dir)
4978 {
4979 struct block *b0, *b1, *b2, *tmp;
4980 u_int offset_lh; /* offset if long header is received */
4981 u_int offset_sh; /* offset if short header is received */
4982
4983 switch (dir) {
4984
4985 case Q_DST:
4986 offset_sh = 1; /* follows flags */
4987 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */
4988 break;
4989
4990 case Q_SRC:
4991 offset_sh = 3; /* follows flags, dstnode */
4992 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */
4993 break;
4994
4995 case Q_AND:
4996 /* Inefficient because we do our Calvinball dance twice */
4997 b0 = gen_dnhostop(cstate, addr, Q_SRC);
4998 b1 = gen_dnhostop(cstate, addr, Q_DST);
4999 gen_and(b0, b1);
5000 return b1;
5001
5002 case Q_DEFAULT:
5003 case Q_OR:
5004 /* Inefficient because we do our Calvinball dance twice */
5005 b0 = gen_dnhostop(cstate, addr, Q_SRC);
5006 b1 = gen_dnhostop(cstate, addr, Q_DST);
5007 gen_or(b0, b1);
5008 return b1;
5009
5010 case Q_ADDR1:
5011 case Q_ADDR2:
5012 case Q_ADDR3:
5013 case Q_ADDR4:
5014 case Q_RA:
5015 case Q_TA:
5016 bpf_error(cstate, ERRSTR_802_11_ONLY_KW, dqkw(dir));
5017 /*NOTREACHED*/
5018
5019 default:
5020 abort();
5021 /*NOTREACHED*/
5022 }
5023 /*
5024 * In a DECnet message inside an Ethernet frame the first two bytes
5025 * immediately after EtherType are the [litle-endian] DECnet message
5026 * length, which is irrelevant in this context.
5027 *
5028 * "pad = 1" means the third byte equals 0x81, thus it is the PLENGTH
5029 * 8-bit bitmap of the optional padding before the packet route header.
5030 * The bitmap always has bit 7 set to 1 and in this case has bits 0-6
5031 * (TOTAL-PAD-SEQUENCE-LENGTH) set to integer value 1. The latter
5032 * means there aren't any PAD bytes after the bitmap, so the header
5033 * begins at the fourth byte. "pad = 0" means bit 7 of the third byte
5034 * is set to 0, thus the header begins at the third byte.
5035 *
5036 * The header can be in several (as mentioned above) formats, all of
5037 * which begin with the FLAGS 8-bit bitmap, which always has bit 7
5038 * (PF, "pad field") set to 0 regardless of any padding present before
5039 * the header. "Short header" means bits 0-2 of the bitmap encode the
5040 * integer value 2 (SFDP), and "long header" means value 6 (LFDP).
5041 *
5042 * To test PLENGTH and FLAGS, use multiple-byte constants with the
5043 * values and the masks, this maps to the required single bytes of
5044 * the message correctly on both big-endian and little-endian hosts.
5045 * For the DECnet address use SWAPSHORT(), which always swaps bytes,
5046 * because the wire encoding is little-endian and BPF multiple-byte
5047 * loads are big-endian. When the destination address is near enough
5048 * to PLENGTH and FLAGS, generate one 32-bit comparison instead of two
5049 * smaller ones.
5050 */
5051 /* Check for pad = 1, long header case */
5052 tmp = gen_mcmp(cstate, OR_LINKPL, 2, BPF_H, 0x8106U, 0xFF07U);
5053 b1 = gen_cmp(cstate, OR_LINKPL, 2 + 1 + offset_lh,
5054 BPF_H, SWAPSHORT(addr));
5055 gen_and(tmp, b1);
5056 /* Check for pad = 0, long header case */
5057 tmp = gen_mcmp(cstate, OR_LINKPL, 2, BPF_B, 0x06U, 0x07U);
5058 b2 = gen_cmp(cstate, OR_LINKPL, 2 + offset_lh, BPF_H,
5059 SWAPSHORT(addr));
5060 gen_and(tmp, b2);
5061 gen_or(b2, b1);
5062 /* Check for pad = 1, short header case */
5063 if (dir == Q_DST) {
5064 b2 = gen_mcmp(cstate, OR_LINKPL, 2, BPF_W,
5065 0x81020000U | SWAPSHORT(addr),
5066 0xFF07FFFFU);
5067 } else {
5068 tmp = gen_mcmp(cstate, OR_LINKPL, 2, BPF_H, 0x8102U, 0xFF07U);
5069 b2 = gen_cmp(cstate, OR_LINKPL, 2 + 1 + offset_sh, BPF_H,
5070 SWAPSHORT(addr));
5071 gen_and(tmp, b2);
5072 }
5073 gen_or(b2, b1);
5074 /* Check for pad = 0, short header case */
5075 if (dir == Q_DST) {
5076 b2 = gen_mcmp(cstate, OR_LINKPL, 2, BPF_W,
5077 0x02000000U | SWAPSHORT(addr) << 8,
5078 0x07FFFF00U);
5079 } else {
5080 tmp = gen_mcmp(cstate, OR_LINKPL, 2, BPF_B, 0x02U, 0x07U);
5081 b2 = gen_cmp(cstate, OR_LINKPL, 2 + offset_sh, BPF_H,
5082 SWAPSHORT(addr));
5083 gen_and(tmp, b2);
5084 }
5085 gen_or(b2, b1);
5086
5087 return b1;
5088 }
5089
5090 /*
5091 * Generate a check for IPv4 or IPv6 for MPLS-encapsulated packets;
5092 * test the bottom-of-stack bit, and then check the version number
5093 * field in the IP header.
5094 */
5095 static struct block *
5096 gen_mpls_linktype(compiler_state_t *cstate, bpf_u_int32 ll_proto)
5097 {
5098 struct block *b0, *b1;
5099
5100 switch (ll_proto) {
5101
5102 case ETHERTYPE_IP:
5103 /* match the bottom-of-stack bit */
5104 b0 = gen_mcmp(cstate, OR_LINKPL, (u_int)-2, BPF_B, 0x01, 0x01);
5105 /* match the IPv4 version number */
5106 b1 = gen_mcmp(cstate, OR_LINKPL, 0, BPF_B, 0x40, 0xf0);
5107 gen_and(b0, b1);
5108 return b1;
5109
5110 case ETHERTYPE_IPV6:
5111 /* match the bottom-of-stack bit */
5112 b0 = gen_mcmp(cstate, OR_LINKPL, (u_int)-2, BPF_B, 0x01, 0x01);
5113 /* match the IPv4 version number */
5114 b1 = gen_mcmp(cstate, OR_LINKPL, 0, BPF_B, 0x60, 0xf0);
5115 gen_and(b0, b1);
5116 return b1;
5117
5118 default:
5119 /* FIXME add other L3 proto IDs */
5120 bpf_error(cstate, "unsupported protocol over mpls");
5121 /*NOTREACHED*/
5122 }
5123 }
5124
5125 static struct block *
5126 gen_host(compiler_state_t *cstate, bpf_u_int32 addr, bpf_u_int32 mask,
5127 int proto, int dir, int type)
5128 {
5129 struct block *b0, *b1;
5130
5131 switch (proto) {
5132
5133 case Q_DEFAULT:
5134 b0 = gen_host(cstate, addr, mask, Q_IP, dir, type);
5135 /*
5136 * Only check for non-IPv4 addresses if we're not
5137 * checking MPLS-encapsulated packets.
5138 */
5139 if (cstate->label_stack_depth == 0) {
5140 b1 = gen_host(cstate, addr, mask, Q_ARP, dir, type);
5141 gen_or(b0, b1);
5142 b0 = gen_host(cstate, addr, mask, Q_RARP, dir, type);
5143 gen_or(b1, b0);
5144 }
5145 return b0;
5146
5147 case Q_LINK:
5148 break; // invalid qualifier
5149
5150 case Q_IP:
5151 b0 = gen_linktype(cstate, ETHERTYPE_IP);
5152 b1 = gen_hostop(cstate, addr, mask, dir, 12, 16);
5153 gen_and(b0, b1);
5154 return b1;
5155
5156 case Q_RARP:
5157 b0 = gen_linktype(cstate, ETHERTYPE_REVARP);
5158 b1 = gen_hostop(cstate, addr, mask, dir, 14, 24);
5159 gen_and(b0, b1);
5160 return b1;
5161
5162 case Q_ARP:
5163 b0 = gen_linktype(cstate, ETHERTYPE_ARP);
5164 b1 = gen_hostop(cstate, addr, mask, dir, 14, 24);
5165 gen_and(b0, b1);
5166 return b1;
5167
5168 case Q_SCTP:
5169 case Q_TCP:
5170 case Q_UDP:
5171 case Q_ICMP:
5172 case Q_IGMP:
5173 case Q_IGRP:
5174 case Q_ATALK:
5175 break; // invalid qualifier
5176
5177 case Q_DECNET:
5178 b0 = gen_linktype(cstate, ETHERTYPE_DN);
5179 b1 = gen_dnhostop(cstate, addr, dir);
5180 gen_and(b0, b1);
5181 return b1;
5182
5183 case Q_LAT:
5184 case Q_SCA:
5185 case Q_MOPRC:
5186 case Q_MOPDL:
5187 case Q_IPV6:
5188 case Q_ICMPV6:
5189 case Q_AH:
5190 case Q_ESP:
5191 case Q_PIM:
5192 case Q_VRRP:
5193 case Q_AARP:
5194 case Q_ISO:
5195 case Q_ESIS:
5196 case Q_ISIS:
5197 case Q_CLNP:
5198 case Q_STP:
5199 case Q_IPX:
5200 case Q_NETBEUI:
5201 case Q_ISIS_L1:
5202 case Q_ISIS_L2:
5203 case Q_ISIS_IIH:
5204 case Q_ISIS_SNP:
5205 case Q_ISIS_CSNP:
5206 case Q_ISIS_PSNP:
5207 case Q_ISIS_LSP:
5208 case Q_RADIO:
5209 case Q_CARP:
5210 break; // invalid qualifier
5211
5212 default:
5213 abort();
5214 }
5215 bpf_error(cstate, ERRSTR_INVALID_QUAL, pqkw(proto),
5216 type == Q_NET ? "ip net" : "ip host");
5217 /*NOTREACHED*/
5218 }
5219
5220 #ifdef INET6
5221 static struct block *
5222 gen_host6(compiler_state_t *cstate, struct in6_addr *addr,
5223 struct in6_addr *mask, int proto, int dir, int type)
5224 {
5225 struct block *b0, *b1;
5226
5227 switch (proto) {
5228
5229 case Q_DEFAULT:
5230 case Q_IPV6:
5231 b0 = gen_linktype(cstate, ETHERTYPE_IPV6);
5232 b1 = gen_hostop6(cstate, addr, mask, dir, 8, 24);
5233 gen_and(b0, b1);
5234 return b1;
5235
5236 case Q_LINK:
5237 case Q_IP:
5238 case Q_RARP:
5239 case Q_ARP:
5240 case Q_SCTP:
5241 case Q_TCP:
5242 case Q_UDP:
5243 case Q_ICMP:
5244 case Q_IGMP:
5245 case Q_IGRP:
5246 case Q_ATALK:
5247 case Q_DECNET:
5248 case Q_LAT:
5249 case Q_SCA:
5250 case Q_MOPRC:
5251 case Q_MOPDL:
5252 case Q_ICMPV6:
5253 case Q_AH:
5254 case Q_ESP:
5255 case Q_PIM:
5256 case Q_VRRP:
5257 case Q_AARP:
5258 case Q_ISO:
5259 case Q_ESIS:
5260 case Q_ISIS:
5261 case Q_CLNP:
5262 case Q_STP:
5263 case Q_IPX:
5264 case Q_NETBEUI:
5265 case Q_ISIS_L1:
5266 case Q_ISIS_L2:
5267 case Q_ISIS_IIH:
5268 case Q_ISIS_SNP:
5269 case Q_ISIS_CSNP:
5270 case Q_ISIS_PSNP:
5271 case Q_ISIS_LSP:
5272 case Q_RADIO:
5273 case Q_CARP:
5274 break; // invalid qualifier
5275
5276 default:
5277 abort();
5278 }
5279 bpf_error(cstate, ERRSTR_INVALID_QUAL, pqkw(proto),
5280 type == Q_NET ? "ip6 net" : "ip6 host");
5281 /*NOTREACHED*/
5282 }
5283 #endif
5284
5285 #ifndef INET6
5286 static struct block *
5287 gen_gateway(compiler_state_t *cstate, const u_char *eaddr,
5288 struct addrinfo *alist, int proto, int dir)
5289 {
5290 struct block *b0, *b1, *tmp;
5291 struct addrinfo *ai;
5292 struct sockaddr_in *sin;
5293
5294 if (dir != 0)
5295 bpf_error(cstate, "direction applied to 'gateway'");
5296
5297 switch (proto) {
5298 case Q_DEFAULT:
5299 case Q_IP:
5300 case Q_ARP:
5301 case Q_RARP:
5302 switch (cstate->linktype) {
5303 case DLT_EN10MB:
5304 case DLT_NETANALYZER:
5305 case DLT_NETANALYZER_TRANSPARENT:
5306 b1 = gen_prevlinkhdr_check(cstate);
5307 b0 = gen_ehostop(cstate, eaddr, Q_OR);
5308 if (b1 != NULL)
5309 gen_and(b1, b0);
5310 break;
5311 case DLT_FDDI:
5312 b0 = gen_fhostop(cstate, eaddr, Q_OR);
5313 break;
5314 case DLT_IEEE802:
5315 b0 = gen_thostop(cstate, eaddr, Q_OR);
5316 break;
5317 case DLT_IEEE802_11:
5318 case DLT_PRISM_HEADER:
5319 case DLT_IEEE802_11_RADIO_AVS:
5320 case DLT_IEEE802_11_RADIO:
5321 case DLT_PPI:
5322 b0 = gen_wlanhostop(cstate, eaddr, Q_OR);
5323 break;
5324 case DLT_IP_OVER_FC:
5325 b0 = gen_ipfchostop(cstate, eaddr, Q_OR);
5326 break;
5327 case DLT_SUNATM:
5328 /*
5329 * This is LLC-multiplexed traffic; if it were
5330 * LANE, cstate->linktype would have been set to
5331 * DLT_EN10MB.
5332 */
5333 /* FALLTHROUGH */
5334 default:
5335 bpf_error(cstate,
5336 "'gateway' supported only on ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel");
5337 }
5338 b1 = NULL;
5339 for (ai = alist; ai != NULL; ai = ai->ai_next) {
5340 /*
5341 * Does it have an address?
5342 */
5343 if (ai->ai_addr != NULL) {
5344 /*
5345 * Yes. Is it an IPv4 address?
5346 */
5347 if (ai->ai_addr->sa_family == AF_INET) {
5348 /*
5349 * Generate an entry for it.
5350 */
5351 sin = (struct sockaddr_in *)ai->ai_addr;
5352 tmp = gen_host(cstate,
5353 ntohl(sin->sin_addr.s_addr),
5354 0xffffffff, proto, Q_OR, Q_HOST);
5355 /*
5356 * Is it the *first* IPv4 address?
5357 */
5358 if (b1 == NULL) {
5359 /*
5360 * Yes, so start with it.
5361 */
5362 b1 = tmp;
5363 } else {
5364 /*
5365 * No, so OR it into the
5366 * existing set of
5367 * addresses.
5368 */
5369 gen_or(b1, tmp);
5370 b1 = tmp;
5371 }
5372 }
5373 }
5374 }
5375 if (b1 == NULL) {
5376 /*
5377 * No IPv4 addresses found.
5378 */
5379 return (NULL);
5380 }
5381 gen_not(b1);
5382 gen_and(b0, b1);
5383 return b1;
5384 }
5385 bpf_error(cstate, ERRSTR_INVALID_QUAL, pqkw(proto), "gateway");
5386 /*NOTREACHED*/
5387 }
5388 #endif
5389
5390 static struct block *
5391 gen_proto_abbrev_internal(compiler_state_t *cstate, int proto)
5392 {
5393 struct block *b0;
5394 struct block *b1 = NULL;
5395
5396 switch (proto) {
5397
5398 case Q_SCTP:
5399 b1 = gen_proto(cstate, IPPROTO_SCTP, Q_DEFAULT, Q_DEFAULT);
5400 break;
5401
5402 case Q_TCP:
5403 b1 = gen_proto(cstate, IPPROTO_TCP, Q_DEFAULT, Q_DEFAULT);
5404 break;
5405
5406 case Q_UDP:
5407 b1 = gen_proto(cstate, IPPROTO_UDP, Q_DEFAULT, Q_DEFAULT);
5408 break;
5409
5410 case Q_ICMP:
5411 b1 = gen_proto(cstate, IPPROTO_ICMP, Q_IP, Q_DEFAULT);
5412 break;
5413
5414 #ifndef IPPROTO_IGMP
5415 #define IPPROTO_IGMP 2
5416 #endif
5417
5418 case Q_IGMP:
5419 b1 = gen_proto(cstate, IPPROTO_IGMP, Q_IP, Q_DEFAULT);
5420 break;
5421
5422 #ifndef IPPROTO_IGRP
5423 #define IPPROTO_IGRP 9
5424 #endif
5425 case Q_IGRP:
5426 b1 = gen_proto(cstate, IPPROTO_IGRP, Q_IP, Q_DEFAULT);
5427 break;
5428
5429 #ifndef IPPROTO_PIM
5430 #define IPPROTO_PIM 103
5431 #endif
5432
5433 case Q_PIM:
5434 b1 = gen_proto(cstate, IPPROTO_PIM, Q_DEFAULT, Q_DEFAULT);
5435 break;
5436
5437 #ifndef IPPROTO_VRRP
5438 #define IPPROTO_VRRP 112
5439 #endif
5440
5441 case Q_VRRP:
5442 b1 = gen_proto(cstate, IPPROTO_VRRP, Q_IP, Q_DEFAULT);
5443 break;
5444
5445 #ifndef IPPROTO_CARP
5446 #define IPPROTO_CARP 112
5447 #endif
5448
5449 case Q_CARP:
5450 b1 = gen_proto(cstate, IPPROTO_CARP, Q_IP, Q_DEFAULT);
5451 break;
5452
5453 case Q_IP:
5454 b1 = gen_linktype(cstate, ETHERTYPE_IP);
5455 break;
5456
5457 case Q_ARP:
5458 b1 = gen_linktype(cstate, ETHERTYPE_ARP);
5459 break;
5460
5461 case Q_RARP:
5462 b1 = gen_linktype(cstate, ETHERTYPE_REVARP);
5463 break;
5464
5465 case Q_LINK:
5466 break; // invalid syntax
5467
5468 case Q_ATALK:
5469 b1 = gen_linktype(cstate, ETHERTYPE_ATALK);
5470 break;
5471
5472 case Q_AARP:
5473 b1 = gen_linktype(cstate, ETHERTYPE_AARP);
5474 break;
5475
5476 case Q_DECNET:
5477 b1 = gen_linktype(cstate, ETHERTYPE_DN);
5478 break;
5479
5480 case Q_SCA:
5481 b1 = gen_linktype(cstate, ETHERTYPE_SCA);
5482 break;
5483
5484 case Q_LAT:
5485 b1 = gen_linktype(cstate, ETHERTYPE_LAT);
5486 break;
5487
5488 case Q_MOPDL:
5489 b1 = gen_linktype(cstate, ETHERTYPE_MOPDL);
5490 break;
5491
5492 case Q_MOPRC:
5493 b1 = gen_linktype(cstate, ETHERTYPE_MOPRC);
5494 break;
5495
5496 case Q_IPV6:
5497 b1 = gen_linktype(cstate, ETHERTYPE_IPV6);
5498 break;
5499
5500 #ifndef IPPROTO_ICMPV6
5501 #define IPPROTO_ICMPV6 58
5502 #endif
5503 case Q_ICMPV6:
5504 b1 = gen_proto(cstate, IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT);
5505 break;
5506
5507 #ifndef IPPROTO_AH
5508 #define IPPROTO_AH 51
5509 #endif
5510 case Q_AH:
5511 b1 = gen_proto(cstate, IPPROTO_AH, Q_DEFAULT, Q_DEFAULT);
5512 break;
5513
5514 #ifndef IPPROTO_ESP
5515 #define IPPROTO_ESP 50
5516 #endif
5517 case Q_ESP:
5518 b1 = gen_proto(cstate, IPPROTO_ESP, Q_DEFAULT, Q_DEFAULT);
5519 break;
5520
5521 case Q_ISO:
5522 b1 = gen_linktype(cstate, LLCSAP_ISONS);
5523 break;
5524
5525 case Q_ESIS:
5526 b1 = gen_proto(cstate, ISO9542_ESIS, Q_ISO, Q_DEFAULT);
5527 break;
5528
5529 case Q_ISIS:
5530 b1 = gen_proto(cstate, ISO10589_ISIS, Q_ISO, Q_DEFAULT);
5531 break;
5532
5533 case Q_ISIS_L1: /* all IS-IS Level1 PDU-Types */
5534 b0 = gen_proto(cstate, ISIS_L1_LAN_IIH, Q_ISIS, Q_DEFAULT);
5535 b1 = gen_proto(cstate, ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT); /* FIXME extract the circuit-type bits */
5536 gen_or(b0, b1);
5537 b0 = gen_proto(cstate, ISIS_L1_LSP, Q_ISIS, Q_DEFAULT);
5538 gen_or(b0, b1);
5539 b0 = gen_proto(cstate, ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT);
5540 gen_or(b0, b1);
5541 b0 = gen_proto(cstate, ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT);
5542 gen_or(b0, b1);
5543 break;
5544
5545 case Q_ISIS_L2: /* all IS-IS Level2 PDU-Types */
5546 b0 = gen_proto(cstate, ISIS_L2_LAN_IIH, Q_ISIS, Q_DEFAULT);
5547 b1 = gen_proto(cstate, ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT); /* FIXME extract the circuit-type bits */
5548 gen_or(b0, b1);
5549 b0 = gen_proto(cstate, ISIS_L2_LSP, Q_ISIS, Q_DEFAULT);
5550 gen_or(b0, b1);
5551 b0 = gen_proto(cstate, ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT);
5552 gen_or(b0, b1);
5553 b0 = gen_proto(cstate, ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT);
5554 gen_or(b0, b1);
5555 break;
5556
5557 case Q_ISIS_IIH: /* all IS-IS Hello PDU-Types */
5558 b0 = gen_proto(cstate, ISIS_L1_LAN_IIH, Q_ISIS, Q_DEFAULT);
5559 b1 = gen_proto(cstate, ISIS_L2_LAN_IIH, Q_ISIS, Q_DEFAULT);
5560 gen_or(b0, b1);
5561 b0 = gen_proto(cstate, ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT);
5562 gen_or(b0, b1);
5563 break;
5564
5565 case Q_ISIS_LSP:
5566 b0 = gen_proto(cstate, ISIS_L1_LSP, Q_ISIS, Q_DEFAULT);
5567 b1 = gen_proto(cstate, ISIS_L2_LSP, Q_ISIS, Q_DEFAULT);
5568 gen_or(b0, b1);
5569 break;
5570
5571 case Q_ISIS_SNP:
5572 b0 = gen_proto(cstate, ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT);
5573 b1 = gen_proto(cstate, ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT);
5574 gen_or(b0, b1);
5575 b0 = gen_proto(cstate, ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT);
5576 gen_or(b0, b1);
5577 b0 = gen_proto(cstate, ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT);
5578 gen_or(b0, b1);
5579 break;
5580
5581 case Q_ISIS_CSNP:
5582 b0 = gen_proto(cstate, ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT);
5583 b1 = gen_proto(cstate, ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT);
5584 gen_or(b0, b1);
5585 break;
5586
5587 case Q_ISIS_PSNP:
5588 b0 = gen_proto(cstate, ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT);
5589 b1 = gen_proto(cstate, ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT);
5590 gen_or(b0, b1);
5591 break;
5592
5593 case Q_CLNP:
5594 b1 = gen_proto(cstate, ISO8473_CLNP, Q_ISO, Q_DEFAULT);
5595 break;
5596
5597 case Q_STP:
5598 b1 = gen_linktype(cstate, LLCSAP_8021D);
5599 break;
5600
5601 case Q_IPX:
5602 b1 = gen_linktype(cstate, LLCSAP_IPX);
5603 break;
5604
5605 case Q_NETBEUI:
5606 b1 = gen_linktype(cstate, LLCSAP_NETBEUI);
5607 break;
5608
5609 case Q_RADIO:
5610 break; // invalid syntax
5611
5612 default:
5613 abort();
5614 }
5615 if (b1)
5616 return b1;
5617 bpf_error(cstate, "'%s' cannot be used as an abbreviation", pqkw(proto));
5618 }
5619
5620 struct block *
5621 gen_proto_abbrev(compiler_state_t *cstate, int proto)
5622 {
5623 /*
5624 * Catch errors reported by us and routines below us, and return NULL
5625 * on an error.
5626 */
5627 if (setjmp(cstate->top_ctx))
5628 return (NULL);
5629
5630 return gen_proto_abbrev_internal(cstate, proto);
5631 }
5632
5633 static struct block *
5634 gen_ipfrag(compiler_state_t *cstate)
5635 {
5636 struct slist *s;
5637 struct block *b;
5638
5639 /* not IPv4 frag other than the first frag */
5640 s = gen_load_a(cstate, OR_LINKPL, 6, BPF_H);
5641 b = new_block(cstate, JMP(BPF_JSET));
5642 b->s.k = 0x1fff;
5643 b->stmts = s;
5644 gen_not(b);
5645
5646 return b;
5647 }
5648
5649 /*
5650 * Generate a comparison to a port value in the transport-layer header
5651 * at the specified offset from the beginning of that header.
5652 *
5653 * XXX - this handles a variable-length prefix preceding the link-layer
5654 * header, such as the radiotap or AVS radio prefix, but doesn't handle
5655 * variable-length link-layer headers (such as Token Ring or 802.11
5656 * headers).
5657 */
5658 static struct block *
5659 gen_portatom(compiler_state_t *cstate, int off, bpf_u_int32 v)
5660 {
5661 return gen_cmp(cstate, OR_TRAN_IPV4, off, BPF_H, v);
5662 }
5663
5664 static struct block *
5665 gen_portatom6(compiler_state_t *cstate, int off, bpf_u_int32 v)
5666 {
5667 return gen_cmp(cstate, OR_TRAN_IPV6, off, BPF_H, v);
5668 }
5669
5670 static struct block *
5671 gen_portop(compiler_state_t *cstate, u_int port, u_int proto, int dir)
5672 {
5673 struct block *b0, *b1, *tmp;
5674
5675 /* ip proto 'proto' and not a fragment other than the first fragment */
5676 tmp = gen_cmp(cstate, OR_LINKPL, 9, BPF_B, proto);
5677 b0 = gen_ipfrag(cstate);
5678 gen_and(tmp, b0);
5679
5680 switch (dir) {
5681 case Q_SRC:
5682 b1 = gen_portatom(cstate, 0, port);
5683 break;
5684
5685 case Q_DST:
5686 b1 = gen_portatom(cstate, 2, port);
5687 break;
5688
5689 case Q_AND:
5690 tmp = gen_portatom(cstate, 0, port);
5691 b1 = gen_portatom(cstate, 2, port);
5692 gen_and(tmp, b1);
5693 break;
5694
5695 case Q_DEFAULT:
5696 case Q_OR:
5697 tmp = gen_portatom(cstate, 0, port);
5698 b1 = gen_portatom(cstate, 2, port);
5699 gen_or(tmp, b1);
5700 break;
5701
5702 case Q_ADDR1:
5703 case Q_ADDR2:
5704 case Q_ADDR3:
5705 case Q_ADDR4:
5706 case Q_RA:
5707 case Q_TA:
5708 bpf_error(cstate, ERRSTR_INVALID_QUAL, dqkw(dir), "port");
5709 /*NOTREACHED*/
5710
5711 default:
5712 abort();
5713 /*NOTREACHED*/
5714 }
5715 gen_and(b0, b1);
5716
5717 return b1;
5718 }
5719
5720 static struct block *
5721 gen_port(compiler_state_t *cstate, u_int port, int ip_proto, int dir)
5722 {
5723 struct block *b0, *b1, *tmp;
5724
5725 /*
5726 * ether proto ip
5727 *
5728 * For FDDI, RFC 1188 says that SNAP encapsulation is used,
5729 * not LLC encapsulation with LLCSAP_IP.
5730 *
5731 * For IEEE 802 networks - which includes 802.5 token ring
5732 * (which is what DLT_IEEE802 means) and 802.11 - RFC 1042
5733 * says that SNAP encapsulation is used, not LLC encapsulation
5734 * with LLCSAP_IP.
5735 *
5736 * For LLC-encapsulated ATM/"Classical IP", RFC 1483 and
5737 * RFC 2225 say that SNAP encapsulation is used, not LLC
5738 * encapsulation with LLCSAP_IP.
5739 *
5740 * So we always check for ETHERTYPE_IP.
5741 */
5742 b0 = gen_linktype(cstate, ETHERTYPE_IP);
5743
5744 switch (ip_proto) {
5745 case IPPROTO_UDP:
5746 case IPPROTO_TCP:
5747 case IPPROTO_SCTP:
5748 b1 = gen_portop(cstate, port, (u_int)ip_proto, dir);
5749 break;
5750
5751 case PROTO_UNDEF:
5752 tmp = gen_portop(cstate, port, IPPROTO_TCP, dir);
5753 b1 = gen_portop(cstate, port, IPPROTO_UDP, dir);
5754 gen_or(tmp, b1);
5755 tmp = gen_portop(cstate, port, IPPROTO_SCTP, dir);
5756 gen_or(tmp, b1);
5757 break;
5758
5759 default:
5760 abort();
5761 }
5762 gen_and(b0, b1);
5763 return b1;
5764 }
5765
5766 struct block *
5767 gen_portop6(compiler_state_t *cstate, u_int port, u_int proto, int dir)
5768 {
5769 struct block *b0, *b1, *tmp;
5770
5771 /* ip6 proto 'proto' */
5772 /* XXX - catch the first fragment of a fragmented packet? */
5773 b0 = gen_cmp(cstate, OR_LINKPL, 6, BPF_B, proto);
5774
5775 switch (dir) {
5776 case Q_SRC:
5777 b1 = gen_portatom6(cstate, 0, port);
5778 break;
5779
5780 case Q_DST:
5781 b1 = gen_portatom6(cstate, 2, port);
5782 break;
5783
5784 case Q_AND:
5785 tmp = gen_portatom6(cstate, 0, port);
5786 b1 = gen_portatom6(cstate, 2, port);
5787 gen_and(tmp, b1);
5788 break;
5789
5790 case Q_DEFAULT:
5791 case Q_OR:
5792 tmp = gen_portatom6(cstate, 0, port);
5793 b1 = gen_portatom6(cstate, 2, port);
5794 gen_or(tmp, b1);
5795 break;
5796
5797 default:
5798 abort();
5799 }
5800 gen_and(b0, b1);
5801
5802 return b1;
5803 }
5804
5805 static struct block *
5806 gen_port6(compiler_state_t *cstate, u_int port, int ip_proto, int dir)
5807 {
5808 struct block *b0, *b1, *tmp;
5809
5810 /* link proto ip6 */
5811 b0 = gen_linktype(cstate, ETHERTYPE_IPV6);
5812
5813 switch (ip_proto) {
5814 case IPPROTO_UDP:
5815 case IPPROTO_TCP:
5816 case IPPROTO_SCTP:
5817 b1 = gen_portop6(cstate, port, (u_int)ip_proto, dir);
5818 break;
5819
5820 case PROTO_UNDEF:
5821 tmp = gen_portop6(cstate, port, IPPROTO_TCP, dir);
5822 b1 = gen_portop6(cstate, port, IPPROTO_UDP, dir);
5823 gen_or(tmp, b1);
5824 tmp = gen_portop6(cstate, port, IPPROTO_SCTP, dir);
5825 gen_or(tmp, b1);
5826 break;
5827
5828 default:
5829 abort();
5830 }
5831 gen_and(b0, b1);
5832 return b1;
5833 }
5834
5835 /* gen_portrange code */
5836 static struct block *
5837 gen_portrangeatom(compiler_state_t *cstate, u_int off, bpf_u_int32 v1,
5838 bpf_u_int32 v2)
5839 {
5840 struct block *b1, *b2;
5841
5842 if (v1 > v2) {
5843 /*
5844 * Reverse the order of the ports, so v1 is the lower one.
5845 */
5846 bpf_u_int32 vtemp;
5847
5848 vtemp = v1;
5849 v1 = v2;
5850 v2 = vtemp;
5851 }
5852
5853 b1 = gen_cmp_ge(cstate, OR_TRAN_IPV4, off, BPF_H, v1);
5854 b2 = gen_cmp_le(cstate, OR_TRAN_IPV4, off, BPF_H, v2);
5855
5856 gen_and(b1, b2);
5857
5858 return b2;
5859 }
5860
5861 static struct block *
5862 gen_portrangeop(compiler_state_t *cstate, u_int port1, u_int port2,
5863 bpf_u_int32 proto, int dir)
5864 {
5865 struct block *b0, *b1, *tmp;
5866
5867 /* ip proto 'proto' and not a fragment other than the first fragment */
5868 tmp = gen_cmp(cstate, OR_LINKPL, 9, BPF_B, proto);
5869 b0 = gen_ipfrag(cstate);
5870 gen_and(tmp, b0);
5871
5872 switch (dir) {
5873 case Q_SRC:
5874 b1 = gen_portrangeatom(cstate, 0, port1, port2);
5875 break;
5876
5877 case Q_DST:
5878 b1 = gen_portrangeatom(cstate, 2, port1, port2);
5879 break;
5880
5881 case Q_AND:
5882 tmp = gen_portrangeatom(cstate, 0, port1, port2);
5883 b1 = gen_portrangeatom(cstate, 2, port1, port2);
5884 gen_and(tmp, b1);
5885 break;
5886
5887 case Q_DEFAULT:
5888 case Q_OR:
5889 tmp = gen_portrangeatom(cstate, 0, port1, port2);
5890 b1 = gen_portrangeatom(cstate, 2, port1, port2);
5891 gen_or(tmp, b1);
5892 break;
5893
5894 case Q_ADDR1:
5895 case Q_ADDR2:
5896 case Q_ADDR3:
5897 case Q_ADDR4:
5898 case Q_RA:
5899 case Q_TA:
5900 bpf_error(cstate, ERRSTR_INVALID_QUAL, dqkw(dir), "portrange");
5901 /*NOTREACHED*/
5902
5903 default:
5904 abort();
5905 /*NOTREACHED*/
5906 }
5907 gen_and(b0, b1);
5908
5909 return b1;
5910 }
5911
5912 static struct block *
5913 gen_portrange(compiler_state_t *cstate, u_int port1, u_int port2, int ip_proto,
5914 int dir)
5915 {
5916 struct block *b0, *b1, *tmp;
5917
5918 /* link proto ip */
5919 b0 = gen_linktype(cstate, ETHERTYPE_IP);
5920
5921 switch (ip_proto) {
5922 case IPPROTO_UDP:
5923 case IPPROTO_TCP:
5924 case IPPROTO_SCTP:
5925 b1 = gen_portrangeop(cstate, port1, port2, (bpf_u_int32)ip_proto,
5926 dir);
5927 break;
5928
5929 case PROTO_UNDEF:
5930 tmp = gen_portrangeop(cstate, port1, port2, IPPROTO_TCP, dir);
5931 b1 = gen_portrangeop(cstate, port1, port2, IPPROTO_UDP, dir);
5932 gen_or(tmp, b1);
5933 tmp = gen_portrangeop(cstate, port1, port2, IPPROTO_SCTP, dir);
5934 gen_or(tmp, b1);
5935 break;
5936
5937 default:
5938 abort();
5939 }
5940 gen_and(b0, b1);
5941 return b1;
5942 }
5943
5944 static struct block *
5945 gen_portrangeatom6(compiler_state_t *cstate, u_int off, bpf_u_int32 v1,
5946 bpf_u_int32 v2)
5947 {
5948 struct block *b1, *b2;
5949
5950 if (v1 > v2) {
5951 /*
5952 * Reverse the order of the ports, so v1 is the lower one.
5953 */
5954 bpf_u_int32 vtemp;
5955
5956 vtemp = v1;
5957 v1 = v2;
5958 v2 = vtemp;
5959 }
5960
5961 b1 = gen_cmp_ge(cstate, OR_TRAN_IPV6, off, BPF_H, v1);
5962 b2 = gen_cmp_le(cstate, OR_TRAN_IPV6, off, BPF_H, v2);
5963
5964 gen_and(b1, b2);
5965
5966 return b2;
5967 }
5968
5969 static struct block *
5970 gen_portrangeop6(compiler_state_t *cstate, u_int port1, u_int port2,
5971 bpf_u_int32 proto, int dir)
5972 {
5973 struct block *b0, *b1, *tmp;
5974
5975 /* ip6 proto 'proto' */
5976 /* XXX - catch the first fragment of a fragmented packet? */
5977 b0 = gen_cmp(cstate, OR_LINKPL, 6, BPF_B, proto);
5978
5979 switch (dir) {
5980 case Q_SRC:
5981 b1 = gen_portrangeatom6(cstate, 0, port1, port2);
5982 break;
5983
5984 case Q_DST:
5985 b1 = gen_portrangeatom6(cstate, 2, port1, port2);
5986 break;
5987
5988 case Q_AND:
5989 tmp = gen_portrangeatom6(cstate, 0, port1, port2);
5990 b1 = gen_portrangeatom6(cstate, 2, port1, port2);
5991 gen_and(tmp, b1);
5992 break;
5993
5994 case Q_DEFAULT:
5995 case Q_OR:
5996 tmp = gen_portrangeatom6(cstate, 0, port1, port2);
5997 b1 = gen_portrangeatom6(cstate, 2, port1, port2);
5998 gen_or(tmp, b1);
5999 break;
6000
6001 default:
6002 abort();
6003 }
6004 gen_and(b0, b1);
6005
6006 return b1;
6007 }
6008
6009 static struct block *
6010 gen_portrange6(compiler_state_t *cstate, u_int port1, u_int port2, int ip_proto,
6011 int dir)
6012 {
6013 struct block *b0, *b1, *tmp;
6014
6015 /* link proto ip6 */
6016 b0 = gen_linktype(cstate, ETHERTYPE_IPV6);
6017
6018 switch (ip_proto) {
6019 case IPPROTO_UDP:
6020 case IPPROTO_TCP:
6021 case IPPROTO_SCTP:
6022 b1 = gen_portrangeop6(cstate, port1, port2, (bpf_u_int32)ip_proto,
6023 dir);
6024 break;
6025
6026 case PROTO_UNDEF:
6027 tmp = gen_portrangeop6(cstate, port1, port2, IPPROTO_TCP, dir);
6028 b1 = gen_portrangeop6(cstate, port1, port2, IPPROTO_UDP, dir);
6029 gen_or(tmp, b1);
6030 tmp = gen_portrangeop6(cstate, port1, port2, IPPROTO_SCTP, dir);
6031 gen_or(tmp, b1);
6032 break;
6033
6034 default:
6035 abort();
6036 }
6037 gen_and(b0, b1);
6038 return b1;
6039 }
6040
6041 static int
6042 lookup_proto(compiler_state_t *cstate, const char *name, int proto)
6043 {
6044 register int v;
6045
6046 switch (proto) {
6047
6048 case Q_DEFAULT:
6049 case Q_IP:
6050 case Q_IPV6:
6051 v = pcap_nametoproto(name);
6052 if (v == PROTO_UNDEF)
6053 bpf_error(cstate, "unknown ip proto '%s'", name);
6054 break;
6055
6056 case Q_LINK:
6057 /* XXX should look up h/w protocol type based on cstate->linktype */
6058 v = pcap_nametoeproto(name);
6059 if (v == PROTO_UNDEF) {
6060 v = pcap_nametollc(name);
6061 if (v == PROTO_UNDEF)
6062 bpf_error(cstate, "unknown ether proto '%s'", name);
6063 }
6064 break;
6065
6066 case Q_ISO:
6067 if (strcmp(name, "esis") == 0)
6068 v = ISO9542_ESIS;
6069 else if (strcmp(name, "isis") == 0)
6070 v = ISO10589_ISIS;
6071 else if (strcmp(name, "clnp") == 0)
6072 v = ISO8473_CLNP;
6073 else
6074 bpf_error(cstate, "unknown osi proto '%s'", name);
6075 break;
6076
6077 default:
6078 v = PROTO_UNDEF;
6079 break;
6080 }
6081 return v;
6082 }
6083
6084 #if !defined(NO_PROTOCHAIN)
6085 static struct block *
6086 gen_protochain(compiler_state_t *cstate, bpf_u_int32 v, int proto)
6087 {
6088 struct block *b0, *b;
6089 struct slist *s[100];
6090 int fix2, fix3, fix4, fix5;
6091 int ahcheck, again, end;
6092 int i, max;
6093 int reg2 = alloc_reg(cstate);
6094
6095 memset(s, 0, sizeof(s));
6096 fix3 = fix4 = fix5 = 0;
6097
6098 switch (proto) {
6099 case Q_IP:
6100 case Q_IPV6:
6101 break;
6102 case Q_DEFAULT:
6103 b0 = gen_protochain(cstate, v, Q_IP);
6104 b = gen_protochain(cstate, v, Q_IPV6);
6105 gen_or(b0, b);
6106 return b;
6107 default:
6108 bpf_error(cstate, ERRSTR_INVALID_QUAL, pqkw(proto), "protochain");
6109 /*NOTREACHED*/
6110 }
6111
6112 /*
6113 * We don't handle variable-length prefixes before the link-layer
6114 * header, or variable-length link-layer headers, here yet.
6115 * We might want to add BPF instructions to do the protochain
6116 * work, to simplify that and, on platforms that have a BPF
6117 * interpreter with the new instructions, let the filtering
6118 * be done in the kernel. (We already require a modified BPF
6119 * engine to do the protochain stuff, to support backward
6120 * branches, and backward branch support is unlikely to appear
6121 * in kernel BPF engines.)
6122 */
6123 if (cstate->off_linkpl.is_variable)
6124 bpf_error(cstate, "'protochain' not supported with variable length headers");
6125
6126 /*
6127 * To quote a comment in optimize.c:
6128 *
6129 * "These data structures are used in a Cocke and Schwartz style
6130 * value numbering scheme. Since the flowgraph is acyclic,
6131 * exit values can be propagated from a node's predecessors
6132 * provided it is uniquely defined."
6133 *
6134 * "Acyclic" means "no backward branches", which means "no
6135 * loops", so we have to turn the optimizer off.
6136 */
6137 cstate->no_optimize = 1;
6138
6139 /*
6140 * s[0] is a dummy entry to protect other BPF insn from damage
6141 * by s[fix] = foo with uninitialized variable "fix". It is somewhat
6142 * hard to find interdependency made by jump table fixup.
6143 */
6144 i = 0;
6145 s[i] = new_stmt(cstate, 0); /*dummy*/
6146 i++;
6147
6148 switch (proto) {
6149 case Q_IP:
6150 b0 = gen_linktype(cstate, ETHERTYPE_IP);
6151
6152 /* A = ip->ip_p */
6153 s[i] = new_stmt(cstate, BPF_LD|BPF_ABS|BPF_B);
6154 s[i]->s.k = cstate->off_linkpl.constant_part + cstate->off_nl + 9;
6155 i++;
6156 /* X = ip->ip_hl << 2 */
6157 s[i] = new_stmt(cstate, BPF_LDX|BPF_MSH|BPF_B);
6158 s[i]->s.k = cstate->off_linkpl.constant_part + cstate->off_nl;
6159 i++;
6160 break;
6161
6162 case Q_IPV6:
6163 b0 = gen_linktype(cstate, ETHERTYPE_IPV6);
6164
6165 /* A = ip6->ip_nxt */
6166 s[i] = new_stmt(cstate, BPF_LD|BPF_ABS|BPF_B);
6167 s[i]->s.k = cstate->off_linkpl.constant_part + cstate->off_nl + 6;
6168 i++;
6169 /* X = sizeof(struct ip6_hdr) */
6170 s[i] = new_stmt(cstate, BPF_LDX|BPF_IMM);
6171 s[i]->s.k = 40;
6172 i++;
6173 break;
6174
6175 default:
6176 bpf_error(cstate, "unsupported proto to gen_protochain");
6177 /*NOTREACHED*/
6178 }
6179
6180 /* again: if (A == v) goto end; else fall through; */
6181 again = i;
6182 s[i] = new_stmt(cstate, BPF_JMP|BPF_JEQ|BPF_K);
6183 s[i]->s.k = v;
6184 s[i]->s.jt = NULL; /*later*/
6185 s[i]->s.jf = NULL; /*update in next stmt*/
6186 fix5 = i;
6187 i++;
6188
6189 #ifndef IPPROTO_NONE
6190 #define IPPROTO_NONE 59
6191 #endif
6192 /* if (A == IPPROTO_NONE) goto end */
6193 s[i] = new_stmt(cstate, BPF_JMP|BPF_JEQ|BPF_K);
6194 s[i]->s.jt = NULL; /*later*/
6195 s[i]->s.jf = NULL; /*update in next stmt*/
6196 s[i]->s.k = IPPROTO_NONE;
6197 s[fix5]->s.jf = s[i];
6198 fix2 = i;
6199 i++;
6200
6201 if (proto == Q_IPV6) {
6202 int v6start, v6end, v6advance, j;
6203
6204 v6start = i;
6205 /* if (A == IPPROTO_HOPOPTS) goto v6advance */
6206 s[i] = new_stmt(cstate, BPF_JMP|BPF_JEQ|BPF_K);
6207 s[i]->s.jt = NULL; /*later*/
6208 s[i]->s.jf = NULL; /*update in next stmt*/
6209 s[i]->s.k = IPPROTO_HOPOPTS;
6210 s[fix2]->s.jf = s[i];
6211 i++;
6212 /* if (A == IPPROTO_DSTOPTS) goto v6advance */
6213 s[i - 1]->s.jf = s[i] = new_stmt(cstate, BPF_JMP|BPF_JEQ|BPF_K);
6214 s[i]->s.jt = NULL; /*later*/
6215 s[i]->s.jf = NULL; /*update in next stmt*/
6216 s[i]->s.k = IPPROTO_DSTOPTS;
6217 i++;
6218 /* if (A == IPPROTO_ROUTING) goto v6advance */
6219 s[i - 1]->s.jf = s[i] = new_stmt(cstate, BPF_JMP|BPF_JEQ|BPF_K);
6220 s[i]->s.jt = NULL; /*later*/
6221 s[i]->s.jf = NULL; /*update in next stmt*/
6222 s[i]->s.k = IPPROTO_ROUTING;
6223 i++;
6224 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */
6225 s[i - 1]->s.jf = s[i] = new_stmt(cstate, BPF_JMP|BPF_JEQ|BPF_K);
6226 s[i]->s.jt = NULL; /*later*/
6227 s[i]->s.jf = NULL; /*later*/
6228 s[i]->s.k = IPPROTO_FRAGMENT;
6229 fix3 = i;
6230 v6end = i;
6231 i++;
6232
6233 /* v6advance: */
6234 v6advance = i;
6235
6236 /*
6237 * in short,
6238 * A = P[X + packet head];
6239 * X = X + (P[X + packet head + 1] + 1) * 8;
6240 */
6241 /* A = P[X + packet head] */
6242 s[i] = new_stmt(cstate, BPF_LD|BPF_IND|BPF_B);
6243 s[i]->s.k = cstate->off_linkpl.constant_part + cstate->off_nl;
6244 i++;
6245 /* MEM[reg2] = A */
6246 s[i] = new_stmt(cstate, BPF_ST);
6247 s[i]->s.k = reg2;
6248 i++;
6249 /* A = P[X + packet head + 1]; */
6250 s[i] = new_stmt(cstate, BPF_LD|BPF_IND|BPF_B);
6251 s[i]->s.k = cstate->off_linkpl.constant_part + cstate->off_nl + 1;
6252 i++;
6253 /* A += 1 */
6254 s[i] = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_K);
6255 s[i]->s.k = 1;
6256 i++;
6257 /* A *= 8 */
6258 s[i] = new_stmt(cstate, BPF_ALU|BPF_MUL|BPF_K);
6259 s[i]->s.k = 8;
6260 i++;
6261 /* A += X */
6262 s[i] = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_X);
6263 s[i]->s.k = 0;
6264 i++;
6265 /* X = A; */
6266 s[i] = new_stmt(cstate, BPF_MISC|BPF_TAX);
6267 i++;
6268 /* A = MEM[reg2] */
6269 s[i] = new_stmt(cstate, BPF_LD|BPF_MEM);
6270 s[i]->s.k = reg2;
6271 i++;
6272
6273 /* goto again; (must use BPF_JA for backward jump) */
6274 s[i] = new_stmt(cstate, BPF_JMP|BPF_JA);
6275 s[i]->s.k = again - i - 1;
6276 s[i - 1]->s.jf = s[i];
6277 i++;
6278
6279 /* fixup */
6280 for (j = v6start; j <= v6end; j++)
6281 s[j]->s.jt = s[v6advance];
6282 } else {
6283 /* nop */
6284 s[i] = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_K);
6285 s[i]->s.k = 0;
6286 s[fix2]->s.jf = s[i];
6287 i++;
6288 }
6289
6290 /* ahcheck: */
6291 ahcheck = i;
6292 /* if (A == IPPROTO_AH) then fall through; else goto end; */
6293 s[i] = new_stmt(cstate, BPF_JMP|BPF_JEQ|BPF_K);
6294 s[i]->s.jt = NULL; /*later*/
6295 s[i]->s.jf = NULL; /*later*/
6296 s[i]->s.k = IPPROTO_AH;
6297 if (fix3)
6298 s[fix3]->s.jf = s[ahcheck];
6299 fix4 = i;
6300 i++;
6301
6302 /*
6303 * in short,
6304 * A = P[X];
6305 * X = X + (P[X + 1] + 2) * 4;
6306 */
6307 /* A = X */
6308 s[i - 1]->s.jt = s[i] = new_stmt(cstate, BPF_MISC|BPF_TXA);
6309 i++;
6310 /* A = P[X + packet head]; */
6311 s[i] = new_stmt(cstate, BPF_LD|BPF_IND|BPF_B);
6312 s[i]->s.k = cstate->off_linkpl.constant_part + cstate->off_nl;
6313 i++;
6314 /* MEM[reg2] = A */
6315 s[i] = new_stmt(cstate, BPF_ST);
6316 s[i]->s.k = reg2;
6317 i++;
6318 /* A = X */
6319 s[i - 1]->s.jt = s[i] = new_stmt(cstate, BPF_MISC|BPF_TXA);
6320 i++;
6321 /* A += 1 */
6322 s[i] = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_K);
6323 s[i]->s.k = 1;
6324 i++;
6325 /* X = A */
6326 s[i] = new_stmt(cstate, BPF_MISC|BPF_TAX);
6327 i++;
6328 /* A = P[X + packet head] */
6329 s[i] = new_stmt(cstate, BPF_LD|BPF_IND|BPF_B);
6330 s[i]->s.k = cstate->off_linkpl.constant_part + cstate->off_nl;
6331 i++;
6332 /* A += 2 */
6333 s[i] = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_K);
6334 s[i]->s.k = 2;
6335 i++;
6336 /* A *= 4 */
6337 s[i] = new_stmt(cstate, BPF_ALU|BPF_MUL|BPF_K);
6338 s[i]->s.k = 4;
6339 i++;
6340 /* X = A; */
6341 s[i] = new_stmt(cstate, BPF_MISC|BPF_TAX);
6342 i++;
6343 /* A = MEM[reg2] */
6344 s[i] = new_stmt(cstate, BPF_LD|BPF_MEM);
6345 s[i]->s.k = reg2;
6346 i++;
6347
6348 /* goto again; (must use BPF_JA for backward jump) */
6349 s[i] = new_stmt(cstate, BPF_JMP|BPF_JA);
6350 s[i]->s.k = again - i - 1;
6351 i++;
6352
6353 /* end: nop */
6354 end = i;
6355 s[i] = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_K);
6356 s[i]->s.k = 0;
6357 s[fix2]->s.jt = s[end];
6358 s[fix4]->s.jf = s[end];
6359 s[fix5]->s.jt = s[end];
6360 i++;
6361
6362 /*
6363 * make slist chain
6364 */
6365 max = i;
6366 for (i = 0; i < max - 1; i++)
6367 s[i]->next = s[i + 1];
6368 s[max - 1]->next = NULL;
6369
6370 /*
6371 * emit final check
6372 */
6373 b = new_block(cstate, JMP(BPF_JEQ));
6374 b->stmts = s[1]; /*remember, s[0] is dummy*/
6375 b->s.k = v;
6376
6377 free_reg(cstate, reg2);
6378
6379 gen_and(b0, b);
6380 return b;
6381 }
6382 #endif /* !defined(NO_PROTOCHAIN) */
6383
6384 /*
6385 * Generate code that checks whether the packet is a packet for protocol
6386 * <proto> and whether the type field in that protocol's header has
6387 * the value <v>, e.g. if <proto> is Q_IP, it checks whether it's an
6388 * IP packet and checks the protocol number in the IP header against <v>.
6389 *
6390 * If <proto> is Q_DEFAULT, i.e. just "proto" was specified, it checks
6391 * against Q_IP and Q_IPV6.
6392 */
6393 static struct block *
6394 gen_proto(compiler_state_t *cstate, bpf_u_int32 v, int proto, int dir)
6395 {
6396 struct block *b0, *b1;
6397 struct block *b2;
6398
6399 if (dir != Q_DEFAULT)
6400 bpf_error(cstate, "direction applied to 'proto'");
6401
6402 switch (proto) {
6403 case Q_DEFAULT:
6404 b0 = gen_proto(cstate, v, Q_IP, dir);
6405 b1 = gen_proto(cstate, v, Q_IPV6, dir);
6406 gen_or(b0, b1);
6407 return b1;
6408
6409 case Q_LINK:
6410 return gen_linktype(cstate, v);
6411
6412 case Q_IP:
6413 /*
6414 * For FDDI, RFC 1188 says that SNAP encapsulation is used,
6415 * not LLC encapsulation with LLCSAP_IP.
6416 *
6417 * For IEEE 802 networks - which includes 802.5 token ring
6418 * (which is what DLT_IEEE802 means) and 802.11 - RFC 1042
6419 * says that SNAP encapsulation is used, not LLC encapsulation
6420 * with LLCSAP_IP.
6421 *
6422 * For LLC-encapsulated ATM/"Classical IP", RFC 1483 and
6423 * RFC 2225 say that SNAP encapsulation is used, not LLC
6424 * encapsulation with LLCSAP_IP.
6425 *
6426 * So we always check for ETHERTYPE_IP.
6427 */
6428 b0 = gen_linktype(cstate, ETHERTYPE_IP);
6429 b1 = gen_cmp(cstate, OR_LINKPL, 9, BPF_B, v);
6430 gen_and(b0, b1);
6431 return b1;
6432
6433 case Q_ARP:
6434 case Q_RARP:
6435 case Q_SCTP:
6436 case Q_TCP:
6437 case Q_UDP:
6438 case Q_ICMP:
6439 case Q_IGMP:
6440 case Q_IGRP:
6441 case Q_ATALK:
6442 case Q_DECNET:
6443 case Q_LAT:
6444 case Q_SCA:
6445 case Q_MOPRC:
6446 case Q_MOPDL:
6447 break; // invalid qualifier
6448
6449 case Q_IPV6:
6450 b0 = gen_linktype(cstate, ETHERTYPE_IPV6);
6451 /*
6452 * Also check for a fragment header before the final
6453 * header.
6454 */
6455 b2 = gen_cmp(cstate, OR_LINKPL, 6, BPF_B, IPPROTO_FRAGMENT);
6456 b1 = gen_cmp(cstate, OR_LINKPL, 40, BPF_B, v);
6457 gen_and(b2, b1);
6458 b2 = gen_cmp(cstate, OR_LINKPL, 6, BPF_B, v);
6459 gen_or(b2, b1);
6460 gen_and(b0, b1);
6461 return b1;
6462
6463 case Q_ICMPV6:
6464 case Q_AH:
6465 case Q_ESP:
6466 case Q_PIM:
6467 case Q_VRRP:
6468 case Q_AARP:
6469 break; // invalid qualifier
6470
6471 case Q_ISO:
6472 switch (cstate->linktype) {
6473
6474 case DLT_FRELAY:
6475 /*
6476 * Frame Relay packets typically have an OSI
6477 * NLPID at the beginning; "gen_linktype(cstate, LLCSAP_ISONS)"
6478 * generates code to check for all the OSI
6479 * NLPIDs, so calling it and then adding a check
6480 * for the particular NLPID for which we're
6481 * looking is bogus, as we can just check for
6482 * the NLPID.
6483 *
6484 * What we check for is the NLPID and a frame
6485 * control field value of UI, i.e. 0x03 followed
6486 * by the NLPID.
6487 *
6488 * XXX - assumes a 2-byte Frame Relay header with
6489 * DLCI and flags. What if the address is longer?
6490 *
6491 * XXX - what about SNAP-encapsulated frames?
6492 */
6493 return gen_cmp(cstate, OR_LINKHDR, 2, BPF_H, (0x03<<8) | v);
6494 /*NOTREACHED*/
6495
6496 case DLT_C_HDLC:
6497 case DLT_HDLC:
6498 /*
6499 * Cisco uses an Ethertype lookalike - for OSI,
6500 * it's 0xfefe.
6501 */
6502 b0 = gen_linktype(cstate, LLCSAP_ISONS<<8 | LLCSAP_ISONS);
6503 /* OSI in C-HDLC is stuffed with a fudge byte */
6504 b1 = gen_cmp(cstate, OR_LINKPL_NOSNAP, 1, BPF_B, v);
6505 gen_and(b0, b1);
6506 return b1;
6507
6508 default:
6509 b0 = gen_linktype(cstate, LLCSAP_ISONS);
6510 b1 = gen_cmp(cstate, OR_LINKPL_NOSNAP, 0, BPF_B, v);
6511 gen_and(b0, b1);
6512 return b1;
6513 }
6514
6515 case Q_ESIS:
6516 break; // invalid qualifier
6517
6518 case Q_ISIS:
6519 b0 = gen_proto(cstate, ISO10589_ISIS, Q_ISO, Q_DEFAULT);
6520 /*
6521 * 4 is the offset of the PDU type relative to the IS-IS
6522 * header.
6523 */
6524 b1 = gen_cmp(cstate, OR_LINKPL_NOSNAP, 4, BPF_B, v);
6525 gen_and(b0, b1);
6526 return b1;
6527
6528 case Q_CLNP:
6529 case Q_STP:
6530 case Q_IPX:
6531 case Q_NETBEUI:
6532 case Q_ISIS_L1:
6533 case Q_ISIS_L2:
6534 case Q_ISIS_IIH:
6535 case Q_ISIS_SNP:
6536 case Q_ISIS_CSNP:
6537 case Q_ISIS_PSNP:
6538 case Q_ISIS_LSP:
6539 case Q_RADIO:
6540 case Q_CARP:
6541 break; // invalid qualifier
6542
6543 default:
6544 abort();
6545 /*NOTREACHED*/
6546 }
6547 bpf_error(cstate, ERRSTR_INVALID_QUAL, pqkw(proto), "proto");
6548 /*NOTREACHED*/
6549 }
6550
6551 /*
6552 * Convert a non-numeric name to a port number.
6553 */
6554 static int
6555 nametoport(compiler_state_t *cstate, const char *name, int ipproto)
6556 {
6557 struct addrinfo hints, *res, *ai;
6558 int error;
6559 struct sockaddr_in *in4;
6560 #ifdef INET6
6561 struct sockaddr_in6 *in6;
6562 #endif
6563 int port = -1;
6564
6565 /*
6566 * We check for both TCP and UDP in case there are
6567 * ambiguous entries.
6568 */
6569 memset(&hints, 0, sizeof(hints));
6570 hints.ai_family = PF_UNSPEC;
6571 hints.ai_socktype = (ipproto == IPPROTO_TCP) ? SOCK_STREAM : SOCK_DGRAM;
6572 hints.ai_protocol = ipproto;
6573 error = getaddrinfo(NULL, name, &hints, &res);
6574 if (error != 0) {
6575 switch (error) {
6576
6577 case EAI_NONAME:
6578 case EAI_SERVICE:
6579 /*
6580 * No such port. Just return -1.
6581 */
6582 break;
6583
6584 #ifdef EAI_SYSTEM
6585 case EAI_SYSTEM:
6586 /*
6587 * We don't use strerror() because it's not
6588 * guaranteed to be thread-safe on all platforms
6589 * (probably because it might use a non-thread-local
6590 * buffer into which to format an error message
6591 * if the error code isn't one for which it has
6592 * a canned string; three cheers for C string
6593 * handling).
6594 */
6595 bpf_set_error(cstate, "getaddrinfo(\"%s\" fails with system error: %d",
6596 name, errno);
6597 port = -2; /* a real error */
6598 break;
6599 #endif
6600
6601 default:
6602 /*
6603 * This is a real error, not just "there's
6604 * no such service name".
6605 *
6606 * We don't use gai_strerror() because it's not
6607 * guaranteed to be thread-safe on all platforms
6608 * (probably because it might use a non-thread-local
6609 * buffer into which to format an error message
6610 * if the error code isn't one for which it has
6611 * a canned string; three cheers for C string
6612 * handling).
6613 */
6614 bpf_set_error(cstate, "getaddrinfo(\"%s\") fails with error: %d",
6615 name, error);
6616 port = -2; /* a real error */
6617 break;
6618 }
6619 } else {
6620 /*
6621 * OK, we found it. Did it find anything?
6622 */
6623 for (ai = res; ai != NULL; ai = ai->ai_next) {
6624 /*
6625 * Does it have an address?
6626 */
6627 if (ai->ai_addr != NULL) {
6628 /*
6629 * Yes. Get a port number; we're done.
6630 */
6631 if (ai->ai_addr->sa_family == AF_INET) {
6632 in4 = (struct sockaddr_in *)ai->ai_addr;
6633 port = ntohs(in4->sin_port);
6634 break;
6635 }
6636 #ifdef INET6
6637 if (ai->ai_addr->sa_family == AF_INET6) {
6638 in6 = (struct sockaddr_in6 *)ai->ai_addr;
6639 port = ntohs(in6->sin6_port);
6640 break;
6641 }
6642 #endif
6643 }
6644 }
6645 freeaddrinfo(res);
6646 }
6647 return port;
6648 }
6649
6650 /*
6651 * Convert a string to a port number.
6652 */
6653 static bpf_u_int32
6654 stringtoport(compiler_state_t *cstate, const char *string, size_t string_size,
6655 int *proto)
6656 {
6657 stoulen_ret ret;
6658 char *cpy;
6659 bpf_u_int32 val;
6660 int tcp_port = -1;
6661 int udp_port = -1;
6662
6663 /*
6664 * See if it's a number.
6665 */
6666 ret = stoulen(string, string_size, &val, cstate);
6667 switch (ret) {
6668
6669 case STOULEN_OK:
6670 /* Unknown port type - it's just a number. */
6671 *proto = PROTO_UNDEF;
6672 break;
6673
6674 case STOULEN_NOT_OCTAL_NUMBER:
6675 case STOULEN_NOT_HEX_NUMBER:
6676 case STOULEN_NOT_DECIMAL_NUMBER:
6677 /*
6678 * Not a valid number; try looking it up as a port.
6679 */
6680 cpy = malloc(string_size + 1); /* +1 for terminating '\0' */
6681 memcpy(cpy, string, string_size);
6682 cpy[string_size] = '\0';
6683 tcp_port = nametoport(cstate, cpy, IPPROTO_TCP);
6684 if (tcp_port == -2) {
6685 /*
6686 * We got a hard error; the error string has
6687 * already been set.
6688 */
6689 free(cpy);
6690 longjmp(cstate->top_ctx, 1);
6691 /*NOTREACHED*/
6692 }
6693 udp_port = nametoport(cstate, cpy, IPPROTO_UDP);
6694 if (udp_port == -2) {
6695 /*
6696 * We got a hard error; the error string has
6697 * already been set.
6698 */
6699 free(cpy);
6700 longjmp(cstate->top_ctx, 1);
6701 /*NOTREACHED*/
6702 }
6703
6704 /*
6705 * We need to check /etc/services for ambiguous entries.
6706 * If we find an ambiguous entry, and it has the
6707 * same port number, change the proto to PROTO_UNDEF
6708 * so both TCP and UDP will be checked.
6709 */
6710 if (tcp_port >= 0) {
6711 val = (bpf_u_int32)tcp_port;
6712 *proto = IPPROTO_TCP;
6713 if (udp_port >= 0) {
6714 if (udp_port == tcp_port)
6715 *proto = PROTO_UNDEF;
6716 #ifdef notdef
6717 else
6718 /* Can't handle ambiguous names that refer
6719 to different port numbers. */
6720 warning("ambiguous port %s in /etc/services",
6721 cpy);
6722 #endif
6723 }
6724 free(cpy);
6725 break;
6726 }
6727 if (udp_port >= 0) {
6728 val = (bpf_u_int32)udp_port;
6729 *proto = IPPROTO_UDP;
6730 free(cpy);
6731 break;
6732 }
6733 bpf_set_error(cstate, "'%s' is not a valid port", cpy);
6734 free(cpy);
6735 longjmp(cstate->top_ctx, 1);
6736 /*NOTREACHED*/
6737 #ifdef _AIX
6738 PCAP_UNREACHABLE
6739 #endif /* _AIX */
6740
6741 case STOULEN_ERROR:
6742 /* Error already set. */
6743 longjmp(cstate->top_ctx, 1);
6744 /*NOTREACHED*/
6745 #ifdef _AIX
6746 PCAP_UNREACHABLE
6747 #endif /* _AIX */
6748
6749 default:
6750 /* Should not happen */
6751 bpf_set_error(cstate, "stoulen returned %d - this should not happen", ret);
6752 longjmp(cstate->top_ctx, 1);
6753 /*NOTREACHED*/
6754 }
6755 return (val);
6756 }
6757
6758 /*
6759 * Convert a string in the form PPP-PPP, which correspond to ports, to
6760 * a starting and ending port in a port range.
6761 */
6762 static void
6763 stringtoportrange(compiler_state_t *cstate, const char *string,
6764 bpf_u_int32 *port1, bpf_u_int32 *port2, int *proto)
6765 {
6766 char *hyphen_off;
6767 const char *first, *second;
6768 size_t first_size, second_size;
6769 int save_proto;
6770
6771 if ((hyphen_off = strchr(string, '-')) == NULL)
6772 bpf_error(cstate, "port range '%s' contains no hyphen", string);
6773
6774 /*
6775 * Make sure there are no other hyphens.
6776 *
6777 * XXX - we support named ports, but there are some port names
6778 * in /etc/services that include hyphens, so this would rule
6779 * that out.
6780 */
6781 if (strchr(hyphen_off + 1, '-') != NULL)
6782 bpf_error(cstate, "port range '%s' contains more than one hyphen",
6783 string);
6784
6785 /*
6786 * Get the length of the first port.
6787 */
6788 first = string;
6789 first_size = hyphen_off - string;
6790 if (first_size == 0) {
6791 /* Range of "-port", which we don't support. */
6792 bpf_error(cstate, "port range '%s' has no starting port", string);
6793 }
6794
6795 /*
6796 * Try to convert it to a port.
6797 */
6798 *port1 = stringtoport(cstate, first, first_size, proto);
6799 save_proto = *proto;
6800
6801 /*
6802 * Get the length of the second port.
6803 */
6804 second = hyphen_off + 1;
6805 second_size = strlen(second);
6806 if (second_size == 0) {
6807 /* Range of "port-", which we don't support. */
6808 bpf_error(cstate, "port range '%s' has no ending port", string);
6809 }
6810
6811 /*
6812 * Try to convert it to a port.
6813 */
6814 *port2 = stringtoport(cstate, second, second_size, proto);
6815 if (*proto != save_proto)
6816 *proto = PROTO_UNDEF;
6817 }
6818
6819 struct block *
6820 gen_scode(compiler_state_t *cstate, const char *name, struct qual q)
6821 {
6822 int proto = q.proto;
6823 int dir = q.dir;
6824 int tproto;
6825 u_char *eaddr;
6826 bpf_u_int32 mask, addr;
6827 struct addrinfo *res, *res0;
6828 struct sockaddr_in *sin4;
6829 #ifdef INET6
6830 int tproto6;
6831 struct sockaddr_in6 *sin6;
6832 struct in6_addr mask128;
6833 #endif /*INET6*/
6834 struct block *b, *tmp;
6835 int port, real_proto;
6836 bpf_u_int32 port1, port2;
6837
6838 /*
6839 * Catch errors reported by us and routines below us, and return NULL
6840 * on an error.
6841 */
6842 if (setjmp(cstate->top_ctx))
6843 return (NULL);
6844
6845 switch (q.addr) {
6846
6847 case Q_NET:
6848 addr = pcap_nametonetaddr(name);
6849 if (addr == 0)
6850 bpf_error(cstate, "unknown network '%s'", name);
6851 /* Left justify network addr and calculate its network mask */
6852 mask = 0xffffffff;
6853 while (addr && (addr & 0xff000000) == 0) {
6854 addr <<= 8;
6855 mask <<= 8;
6856 }
6857 return gen_host(cstate, addr, mask, proto, dir, q.addr);
6858
6859 case Q_DEFAULT:
6860 case Q_HOST:
6861 if (proto == Q_LINK) {
6862 switch (cstate->linktype) {
6863
6864 case DLT_EN10MB:
6865 case DLT_NETANALYZER:
6866 case DLT_NETANALYZER_TRANSPARENT:
6867 eaddr = pcap_ether_hostton(name);
6868 if (eaddr == NULL)
6869 bpf_error(cstate,
6870 "unknown ether host '%s'", name);
6871 tmp = gen_prevlinkhdr_check(cstate);
6872 b = gen_ehostop(cstate, eaddr, dir);
6873 if (tmp != NULL)
6874 gen_and(tmp, b);
6875 free(eaddr);
6876 return b;
6877
6878 case DLT_FDDI:
6879 eaddr = pcap_ether_hostton(name);
6880 if (eaddr == NULL)
6881 bpf_error(cstate,
6882 "unknown FDDI host '%s'", name);
6883 b = gen_fhostop(cstate, eaddr, dir);
6884 free(eaddr);
6885 return b;
6886
6887 case DLT_IEEE802:
6888 eaddr = pcap_ether_hostton(name);
6889 if (eaddr == NULL)
6890 bpf_error(cstate,
6891 "unknown token ring host '%s'", name);
6892 b = gen_thostop(cstate, eaddr, dir);
6893 free(eaddr);
6894 return b;
6895
6896 case DLT_IEEE802_11:
6897 case DLT_PRISM_HEADER:
6898 case DLT_IEEE802_11_RADIO_AVS:
6899 case DLT_IEEE802_11_RADIO:
6900 case DLT_PPI:
6901 eaddr = pcap_ether_hostton(name);
6902 if (eaddr == NULL)
6903 bpf_error(cstate,
6904 "unknown 802.11 host '%s'", name);
6905 b = gen_wlanhostop(cstate, eaddr, dir);
6906 free(eaddr);
6907 return b;
6908
6909 case DLT_IP_OVER_FC:
6910 eaddr = pcap_ether_hostton(name);
6911 if (eaddr == NULL)
6912 bpf_error(cstate,
6913 "unknown Fibre Channel host '%s'", name);
6914 b = gen_ipfchostop(cstate, eaddr, dir);
6915 free(eaddr);
6916 return b;
6917 }
6918
6919 bpf_error(cstate, "only ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel supports link-level host name");
6920 } else if (proto == Q_DECNET) {
6921 /*
6922 * A long time ago on Ultrix libpcap supported
6923 * translation of DECnet host names into DECnet
6924 * addresses, but this feature is history now.
6925 */
6926 bpf_error(cstate, "invalid DECnet address '%s'", name);
6927 } else {
6928 #ifdef INET6
6929 memset(&mask128, 0xff, sizeof(mask128));
6930 #endif
6931 res0 = res = pcap_nametoaddrinfo(name);
6932 if (res == NULL)
6933 bpf_error(cstate, "unknown host '%s'", name);
6934 cstate->ai = res;
6935 b = tmp = NULL;
6936 tproto = proto;
6937 #ifdef INET6
6938 tproto6 = proto;
6939 #endif
6940 if (cstate->off_linktype.constant_part == OFFSET_NOT_SET &&
6941 tproto == Q_DEFAULT) {
6942 tproto = Q_IP;
6943 #ifdef INET6
6944 tproto6 = Q_IPV6;
6945 #endif
6946 }
6947 for (res = res0; res; res = res->ai_next) {
6948 switch (res->ai_family) {
6949 case AF_INET:
6950 #ifdef INET6
6951 if (tproto == Q_IPV6)
6952 continue;
6953 #endif
6954
6955 sin4 = (struct sockaddr_in *)
6956 res->ai_addr;
6957 tmp = gen_host(cstate, ntohl(sin4->sin_addr.s_addr),
6958 0xffffffff, tproto, dir, q.addr);
6959 break;
6960 #ifdef INET6
6961 case AF_INET6:
6962 if (tproto6 == Q_IP)
6963 continue;
6964
6965 sin6 = (struct sockaddr_in6 *)
6966 res->ai_addr;
6967 tmp = gen_host6(cstate, &sin6->sin6_addr,
6968 &mask128, tproto6, dir, q.addr);
6969 break;
6970 #endif
6971 default:
6972 continue;
6973 }
6974 if (b)
6975 gen_or(b, tmp);
6976 b = tmp;
6977 }
6978 cstate->ai = NULL;
6979 freeaddrinfo(res0);
6980 if (b == NULL) {
6981 bpf_error(cstate, "unknown host '%s'%s", name,
6982 (proto == Q_DEFAULT)
6983 ? ""
6984 : " for specified address family");
6985 }
6986 return b;
6987 }
6988
6989 case Q_PORT:
6990 if (proto != Q_DEFAULT &&
6991 proto != Q_UDP && proto != Q_TCP && proto != Q_SCTP)
6992 bpf_error(cstate, "illegal qualifier of 'port'");
6993 if (pcap_nametoport(name, &port, &real_proto) == 0)
6994 bpf_error(cstate, "unknown port '%s'", name);
6995 if (proto == Q_UDP) {
6996 if (real_proto == IPPROTO_TCP)
6997 bpf_error(cstate, "port '%s' is tcp", name);
6998 else if (real_proto == IPPROTO_SCTP)
6999 bpf_error(cstate, "port '%s' is sctp", name);
7000 else
7001 /* override PROTO_UNDEF */
7002 real_proto = IPPROTO_UDP;
7003 }
7004 if (proto == Q_TCP) {
7005 if (real_proto == IPPROTO_UDP)
7006 bpf_error(cstate, "port '%s' is udp", name);
7007
7008 else if (real_proto == IPPROTO_SCTP)
7009 bpf_error(cstate, "port '%s' is sctp", name);
7010 else
7011 /* override PROTO_UNDEF */
7012 real_proto = IPPROTO_TCP;
7013 }
7014 if (proto == Q_SCTP) {
7015 if (real_proto == IPPROTO_UDP)
7016 bpf_error(cstate, "port '%s' is udp", name);
7017
7018 else if (real_proto == IPPROTO_TCP)
7019 bpf_error(cstate, "port '%s' is tcp", name);
7020 else
7021 /* override PROTO_UNDEF */
7022 real_proto = IPPROTO_SCTP;
7023 }
7024 if (port < 0)
7025 bpf_error(cstate, "illegal port number %d < 0", port);
7026 if (port > 65535)
7027 bpf_error(cstate, "illegal port number %d > 65535", port);
7028 b = gen_port(cstate, port, real_proto, dir);
7029 gen_or(gen_port6(cstate, port, real_proto, dir), b);
7030 return b;
7031
7032 case Q_PORTRANGE:
7033 if (proto != Q_DEFAULT &&
7034 proto != Q_UDP && proto != Q_TCP && proto != Q_SCTP)
7035 bpf_error(cstate, "illegal qualifier of 'portrange'");
7036 stringtoportrange(cstate, name, &port1, &port2, &real_proto);
7037 if (proto == Q_UDP) {
7038 if (real_proto == IPPROTO_TCP)
7039 bpf_error(cstate, "port in range '%s' is tcp", name);
7040 else if (real_proto == IPPROTO_SCTP)
7041 bpf_error(cstate, "port in range '%s' is sctp", name);
7042 else
7043 /* override PROTO_UNDEF */
7044 real_proto = IPPROTO_UDP;
7045 }
7046 if (proto == Q_TCP) {
7047 if (real_proto == IPPROTO_UDP)
7048 bpf_error(cstate, "port in range '%s' is udp", name);
7049 else if (real_proto == IPPROTO_SCTP)
7050 bpf_error(cstate, "port in range '%s' is sctp", name);
7051 else
7052 /* override PROTO_UNDEF */
7053 real_proto = IPPROTO_TCP;
7054 }
7055 if (proto == Q_SCTP) {
7056 if (real_proto == IPPROTO_UDP)
7057 bpf_error(cstate, "port in range '%s' is udp", name);
7058 else if (real_proto == IPPROTO_TCP)
7059 bpf_error(cstate, "port in range '%s' is tcp", name);
7060 else
7061 /* override PROTO_UNDEF */
7062 real_proto = IPPROTO_SCTP;
7063 }
7064 if (port1 > 65535)
7065 bpf_error(cstate, "illegal port number %d > 65535", port1);
7066 if (port2 > 65535)
7067 bpf_error(cstate, "illegal port number %d > 65535", port2);
7068
7069 b = gen_portrange(cstate, port1, port2, real_proto, dir);
7070 gen_or(gen_portrange6(cstate, port1, port2, real_proto, dir), b);
7071 return b;
7072
7073 case Q_GATEWAY:
7074 #ifndef INET6
7075 eaddr = pcap_ether_hostton(name);
7076 if (eaddr == NULL)
7077 bpf_error(cstate, "unknown ether host: %s", name);
7078
7079 res = pcap_nametoaddrinfo(name);
7080 cstate->ai = res;
7081 if (res == NULL)
7082 bpf_error(cstate, "unknown host '%s'", name);
7083 b = gen_gateway(cstate, eaddr, res, proto, dir);
7084 cstate->ai = NULL;
7085 freeaddrinfo(res);
7086 free(eaddr);
7087 if (b == NULL)
7088 bpf_error(cstate, "unknown host '%s'", name);
7089 return b;
7090 #else
7091 bpf_error(cstate, "'gateway' not supported in this configuration");
7092 #endif /*INET6*/
7093
7094 case Q_PROTO:
7095 real_proto = lookup_proto(cstate, name, proto);
7096 if (real_proto >= 0)
7097 return gen_proto(cstate, real_proto, proto, dir);
7098 else
7099 bpf_error(cstate, "unknown protocol: %s", name);
7100
7101 #if !defined(NO_PROTOCHAIN)
7102 case Q_PROTOCHAIN:
7103 real_proto = lookup_proto(cstate, name, proto);
7104 if (real_proto >= 0)
7105 return gen_protochain(cstate, real_proto, proto);
7106 else
7107 bpf_error(cstate, "unknown protocol: %s", name);
7108 #endif /* !defined(NO_PROTOCHAIN) */
7109
7110 case Q_UNDEF:
7111 syntax(cstate);
7112 /*NOTREACHED*/
7113 }
7114 abort();
7115 /*NOTREACHED*/
7116 }
7117
7118 struct block *
7119 gen_mcode(compiler_state_t *cstate, const char *s1, const char *s2,
7120 bpf_u_int32 masklen, struct qual q)
7121 {
7122 register int nlen, mlen;
7123 bpf_u_int32 n, m;
7124 uint64_t m64;
7125
7126 /*
7127 * Catch errors reported by us and routines below us, and return NULL
7128 * on an error.
7129 */
7130 if (setjmp(cstate->top_ctx))
7131 return (NULL);
7132
7133 nlen = pcapint_atoin(s1, &n);
7134 if (nlen < 0)
7135 bpf_error(cstate, "invalid IPv4 address '%s'", s1);
7136 /* Promote short ipaddr */
7137 n <<= 32 - nlen;
7138
7139 if (s2 != NULL) {
7140 mlen = pcapint_atoin(s2, &m);
7141 if (mlen < 0)
7142 bpf_error(cstate, "invalid IPv4 address '%s'", s2);
7143 /* Promote short ipaddr */
7144 m <<= 32 - mlen;
7145 if ((n & ~m) != 0)
7146 bpf_error(cstate, "non-network bits set in \"%s mask %s\"",
7147 s1, s2);
7148 } else {
7149 /* Convert mask len to mask */
7150 if (masklen > 32)
7151 bpf_error(cstate, "mask length must be <= 32");
7152 m64 = UINT64_C(0xffffffff) << (32 - masklen);
7153 m = (bpf_u_int32)m64;
7154 if ((n & ~m) != 0)
7155 bpf_error(cstate, "non-network bits set in \"%s/%d\"",
7156 s1, masklen);
7157 }
7158
7159 switch (q.addr) {
7160
7161 case Q_NET:
7162 return gen_host(cstate, n, m, q.proto, q.dir, q.addr);
7163
7164 default:
7165 bpf_error(cstate, "Mask syntax for networks only");
7166 /*NOTREACHED*/
7167 }
7168 /*NOTREACHED*/
7169 }
7170
7171 struct block *
7172 gen_ncode(compiler_state_t *cstate, const char *s, bpf_u_int32 v, struct qual q)
7173 {
7174 bpf_u_int32 mask;
7175 int proto;
7176 int dir;
7177 register int vlen;
7178
7179 /*
7180 * Catch errors reported by us and routines below us, and return NULL
7181 * on an error.
7182 */
7183 if (setjmp(cstate->top_ctx))
7184 return (NULL);
7185
7186 proto = q.proto;
7187 dir = q.dir;
7188 if (s == NULL) {
7189 /*
7190 * v contains a 32-bit unsigned parsed from a string of the
7191 * form {N}, which could be decimal, hexadecimal or octal.
7192 * Although it would be possible to use the value as a raw
7193 * 16-bit DECnet address when the value fits into 16 bits, this
7194 * would be a questionable feature: DECnet address wire
7195 * encoding is little-endian, so this would not work as
7196 * intuitively as the same works for [big-endian] IPv4
7197 * addresses (0x01020304 means 1.2.3.4).
7198 */
7199 if (proto == Q_DECNET)
7200 bpf_error(cstate, "invalid DECnet address '%u'", v);
7201 vlen = 32;
7202 } else if (proto == Q_DECNET) {
7203 /*
7204 * s points to a string of the form {N}.{N}, {N}.{N}.{N} or
7205 * {N}.{N}.{N}.{N}, of which only the first potentially stands
7206 * for a valid DECnet address.
7207 */
7208 vlen = pcapint_atodn(s, &v);
7209 if (vlen == 0)
7210 bpf_error(cstate, "invalid DECnet address '%s'", s);
7211 } else {
7212 /*
7213 * s points to a string of the form {N}.{N}, {N}.{N}.{N} or
7214 * {N}.{N}.{N}.{N}, all of which potentially stand for a valid
7215 * IPv4 address.
7216 */
7217 vlen = pcapint_atoin(s, &v);
7218 if (vlen < 0)
7219 bpf_error(cstate, "invalid IPv4 address '%s'", s);
7220 }
7221
7222 switch (q.addr) {
7223
7224 case Q_DEFAULT:
7225 case Q_HOST:
7226 case Q_NET:
7227 if (proto == Q_DECNET)
7228 return gen_host(cstate, v, 0, proto, dir, q.addr);
7229 else if (proto == Q_LINK) {
7230 bpf_error(cstate, "illegal link layer address");
7231 } else {
7232 mask = 0xffffffff;
7233 if (s == NULL && q.addr == Q_NET) {
7234 /* Promote short net number */
7235 while (v && (v & 0xff000000) == 0) {
7236 v <<= 8;
7237 mask <<= 8;
7238 }
7239 } else {
7240 /* Promote short ipaddr */
7241 v <<= 32 - vlen;
7242 mask <<= 32 - vlen ;
7243 }
7244 return gen_host(cstate, v, mask, proto, dir, q.addr);
7245 }
7246
7247 case Q_PORT:
7248 if (proto == Q_UDP)
7249 proto = IPPROTO_UDP;
7250 else if (proto == Q_TCP)
7251 proto = IPPROTO_TCP;
7252 else if (proto == Q_SCTP)
7253 proto = IPPROTO_SCTP;
7254 else if (proto == Q_DEFAULT)
7255 proto = PROTO_UNDEF;
7256 else
7257 bpf_error(cstate, "illegal qualifier of 'port'");
7258
7259 if (v > 65535)
7260 bpf_error(cstate, "illegal port number %u > 65535", v);
7261
7262 {
7263 struct block *b;
7264 b = gen_port(cstate, v, proto, dir);
7265 gen_or(gen_port6(cstate, v, proto, dir), b);
7266 return b;
7267 }
7268
7269 case Q_PORTRANGE:
7270 if (proto == Q_UDP)
7271 proto = IPPROTO_UDP;
7272 else if (proto == Q_TCP)
7273 proto = IPPROTO_TCP;
7274 else if (proto == Q_SCTP)
7275 proto = IPPROTO_SCTP;
7276 else if (proto == Q_DEFAULT)
7277 proto = PROTO_UNDEF;
7278 else
7279 bpf_error(cstate, "illegal qualifier of 'portrange'");
7280
7281 if (v > 65535)
7282 bpf_error(cstate, "illegal port number %u > 65535", v);
7283
7284 {
7285 struct block *b;
7286 b = gen_portrange(cstate, v, v, proto, dir);
7287 gen_or(gen_portrange6(cstate, v, v, proto, dir), b);
7288 return b;
7289 }
7290
7291 case Q_GATEWAY:
7292 bpf_error(cstate, "'gateway' requires a name");
7293 /*NOTREACHED*/
7294
7295 case Q_PROTO:
7296 return gen_proto(cstate, v, proto, dir);
7297
7298 #if !defined(NO_PROTOCHAIN)
7299 case Q_PROTOCHAIN:
7300 return gen_protochain(cstate, v, proto);
7301 #endif
7302
7303 case Q_UNDEF:
7304 syntax(cstate);
7305 /*NOTREACHED*/
7306
7307 default:
7308 abort();
7309 /*NOTREACHED*/
7310 }
7311 /*NOTREACHED*/
7312 }
7313
7314 #ifdef INET6
7315 struct block *
7316 gen_mcode6(compiler_state_t *cstate, const char *s, bpf_u_int32 masklen,
7317 struct qual q)
7318 {
7319 struct addrinfo *res;
7320 struct in6_addr *addr;
7321 struct in6_addr mask;
7322 struct block *b;
7323 bpf_u_int32 a[4], m[4]; /* Same as in gen_hostop6(). */
7324
7325 /*
7326 * Catch errors reported by us and routines below us, and return NULL
7327 * on an error.
7328 */
7329 if (setjmp(cstate->top_ctx))
7330 return (NULL);
7331
7332 res = pcap_nametoaddrinfo(s);
7333 if (!res)
7334 bpf_error(cstate, "invalid ip6 address %s", s);
7335 cstate->ai = res;
7336 if (res->ai_next)
7337 bpf_error(cstate, "%s resolved to multiple address", s);
7338 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr;
7339
7340 if (masklen > sizeof(mask.s6_addr) * 8)
7341 bpf_error(cstate, "mask length must be <= %zu", sizeof(mask.s6_addr) * 8);
7342 memset(&mask, 0, sizeof(mask));
7343 memset(&mask.s6_addr, 0xff, masklen / 8);
7344 if (masklen % 8) {
7345 mask.s6_addr[masklen / 8] =
7346 (0xff << (8 - masklen % 8)) & 0xff;
7347 }
7348
7349 memcpy(a, addr, sizeof(a));
7350 memcpy(m, &mask, sizeof(m));
7351 if ((a[0] & ~m[0]) || (a[1] & ~m[1])
7352 || (a[2] & ~m[2]) || (a[3] & ~m[3])) {
7353 bpf_error(cstate, "non-network bits set in \"%s/%d\"", s, masklen);
7354 }
7355
7356 switch (q.addr) {
7357
7358 case Q_DEFAULT:
7359 case Q_HOST:
7360 if (masklen != 128)
7361 bpf_error(cstate, "Mask syntax for networks only");
7362 /* FALLTHROUGH */
7363
7364 case Q_NET:
7365 b = gen_host6(cstate, addr, &mask, q.proto, q.dir, q.addr);
7366 cstate->ai = NULL;
7367 freeaddrinfo(res);
7368 return b;
7369
7370 default:
7371 bpf_error(cstate, "invalid qualifier against IPv6 address");
7372 /*NOTREACHED*/
7373 }
7374 }
7375 #endif /*INET6*/
7376
7377 struct block *
7378 gen_ecode(compiler_state_t *cstate, const char *s, struct qual q)
7379 {
7380 struct block *b, *tmp;
7381
7382 /*
7383 * Catch errors reported by us and routines below us, and return NULL
7384 * on an error.
7385 */
7386 if (setjmp(cstate->top_ctx))
7387 return (NULL);
7388
7389 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
7390 cstate->e = pcap_ether_aton(s);
7391 if (cstate->e == NULL)
7392 bpf_error(cstate, "malloc");
7393 switch (cstate->linktype) {
7394 case DLT_EN10MB:
7395 case DLT_NETANALYZER:
7396 case DLT_NETANALYZER_TRANSPARENT:
7397 tmp = gen_prevlinkhdr_check(cstate);
7398 b = gen_ehostop(cstate, cstate->e, (int)q.dir);
7399 if (tmp != NULL)
7400 gen_and(tmp, b);
7401 break;
7402 case DLT_FDDI:
7403 b = gen_fhostop(cstate, cstate->e, (int)q.dir);
7404 break;
7405 case DLT_IEEE802:
7406 b = gen_thostop(cstate, cstate->e, (int)q.dir);
7407 break;
7408 case DLT_IEEE802_11:
7409 case DLT_PRISM_HEADER:
7410 case DLT_IEEE802_11_RADIO_AVS:
7411 case DLT_IEEE802_11_RADIO:
7412 case DLT_PPI:
7413 b = gen_wlanhostop(cstate, cstate->e, (int)q.dir);
7414 break;
7415 case DLT_IP_OVER_FC:
7416 b = gen_ipfchostop(cstate, cstate->e, (int)q.dir);
7417 break;
7418 default:
7419 free(cstate->e);
7420 cstate->e = NULL;
7421 bpf_error(cstate, "ethernet addresses supported only on ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel");
7422 /*NOTREACHED*/
7423 }
7424 free(cstate->e);
7425 cstate->e = NULL;
7426 return (b);
7427 }
7428 bpf_error(cstate, "ethernet address used in non-ether expression");
7429 /*NOTREACHED*/
7430 }
7431
7432 void
7433 sappend(struct slist *s0, struct slist *s1)
7434 {
7435 /*
7436 * This is definitely not the best way to do this, but the
7437 * lists will rarely get long.
7438 */
7439 while (s0->next)
7440 s0 = s0->next;
7441 s0->next = s1;
7442 }
7443
7444 static struct slist *
7445 xfer_to_x(compiler_state_t *cstate, struct arth *a)
7446 {
7447 struct slist *s;
7448
7449 s = new_stmt(cstate, BPF_LDX|BPF_MEM);
7450 s->s.k = a->regno;
7451 return s;
7452 }
7453
7454 static struct slist *
7455 xfer_to_a(compiler_state_t *cstate, struct arth *a)
7456 {
7457 struct slist *s;
7458
7459 s = new_stmt(cstate, BPF_LD|BPF_MEM);
7460 s->s.k = a->regno;
7461 return s;
7462 }
7463
7464 /*
7465 * Modify "index" to use the value stored into its register as an
7466 * offset relative to the beginning of the header for the protocol
7467 * "proto", and allocate a register and put an item "size" bytes long
7468 * (1, 2, or 4) at that offset into that register, making it the register
7469 * for "index".
7470 */
7471 static struct arth *
7472 gen_load_internal(compiler_state_t *cstate, int proto, struct arth *inst,
7473 bpf_u_int32 size)
7474 {
7475 int size_code;
7476 struct slist *s, *tmp;
7477 struct block *b;
7478 int regno = alloc_reg(cstate);
7479
7480 free_reg(cstate, inst->regno);
7481 switch (size) {
7482
7483 default:
7484 bpf_error(cstate, "data size must be 1, 2, or 4");
7485 /*NOTREACHED*/
7486
7487 case 1:
7488 size_code = BPF_B;
7489 break;
7490
7491 case 2:
7492 size_code = BPF_H;
7493 break;
7494
7495 case 4:
7496 size_code = BPF_W;
7497 break;
7498 }
7499 switch (proto) {
7500 default:
7501 bpf_error(cstate, "'%s' does not support the index operation", pqkw(proto));
7502
7503 case Q_RADIO:
7504 /*
7505 * The offset is relative to the beginning of the packet
7506 * data, if we have a radio header. (If we don't, this
7507 * is an error.)
7508 */
7509 if (cstate->linktype != DLT_IEEE802_11_RADIO_AVS &&
7510 cstate->linktype != DLT_IEEE802_11_RADIO &&
7511 cstate->linktype != DLT_PRISM_HEADER)
7512 bpf_error(cstate, "radio information not present in capture");
7513
7514 /*
7515 * Load into the X register the offset computed into the
7516 * register specified by "index".
7517 */
7518 s = xfer_to_x(cstate, inst);
7519
7520 /*
7521 * Load the item at that offset.
7522 */
7523 tmp = new_stmt(cstate, BPF_LD|BPF_IND|size_code);
7524 sappend(s, tmp);
7525 sappend(inst->s, s);
7526 break;
7527
7528 case Q_LINK:
7529 /*
7530 * The offset is relative to the beginning of
7531 * the link-layer header.
7532 *
7533 * XXX - what about ATM LANE? Should the index be
7534 * relative to the beginning of the AAL5 frame, so
7535 * that 0 refers to the beginning of the LE Control
7536 * field, or relative to the beginning of the LAN
7537 * frame, so that 0 refers, for Ethernet LANE, to
7538 * the beginning of the destination address?
7539 */
7540 s = gen_abs_offset_varpart(cstate, &cstate->off_linkhdr);
7541
7542 /*
7543 * If "s" is non-null, it has code to arrange that the
7544 * X register contains the length of the prefix preceding
7545 * the link-layer header. Add to it the offset computed
7546 * into the register specified by "index", and move that
7547 * into the X register. Otherwise, just load into the X
7548 * register the offset computed into the register specified
7549 * by "index".
7550 */
7551 if (s != NULL) {
7552 sappend(s, xfer_to_a(cstate, inst));
7553 sappend(s, new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_X));
7554 sappend(s, new_stmt(cstate, BPF_MISC|BPF_TAX));
7555 } else
7556 s = xfer_to_x(cstate, inst);
7557
7558 /*
7559 * Load the item at the sum of the offset we've put in the
7560 * X register and the offset of the start of the link
7561 * layer header (which is 0 if the radio header is
7562 * variable-length; that header length is what we put
7563 * into the X register and then added to the index).
7564 */
7565 tmp = new_stmt(cstate, BPF_LD|BPF_IND|size_code);
7566 tmp->s.k = cstate->off_linkhdr.constant_part;
7567 sappend(s, tmp);
7568 sappend(inst->s, s);
7569 break;
7570
7571 case Q_IP:
7572 case Q_ARP:
7573 case Q_RARP:
7574 case Q_ATALK:
7575 case Q_DECNET:
7576 case Q_SCA:
7577 case Q_LAT:
7578 case Q_MOPRC:
7579 case Q_MOPDL:
7580 case Q_IPV6:
7581 /*
7582 * The offset is relative to the beginning of
7583 * the network-layer header.
7584 * XXX - are there any cases where we want
7585 * cstate->off_nl_nosnap?
7586 */
7587 s = gen_abs_offset_varpart(cstate, &cstate->off_linkpl);
7588
7589 /*
7590 * If "s" is non-null, it has code to arrange that the
7591 * X register contains the variable part of the offset
7592 * of the link-layer payload. Add to it the offset
7593 * computed into the register specified by "index",
7594 * and move that into the X register. Otherwise, just
7595 * load into the X register the offset computed into
7596 * the register specified by "index".
7597 */
7598 if (s != NULL) {
7599 sappend(s, xfer_to_a(cstate, inst));
7600 sappend(s, new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_X));
7601 sappend(s, new_stmt(cstate, BPF_MISC|BPF_TAX));
7602 } else
7603 s = xfer_to_x(cstate, inst);
7604
7605 /*
7606 * Load the item at the sum of the offset we've put in the
7607 * X register, the offset of the start of the network
7608 * layer header from the beginning of the link-layer
7609 * payload, and the constant part of the offset of the
7610 * start of the link-layer payload.
7611 */
7612 tmp = new_stmt(cstate, BPF_LD|BPF_IND|size_code);
7613 tmp->s.k = cstate->off_linkpl.constant_part + cstate->off_nl;
7614 sappend(s, tmp);
7615 sappend(inst->s, s);
7616
7617 /*
7618 * Do the computation only if the packet contains
7619 * the protocol in question.
7620 */
7621 b = gen_proto_abbrev_internal(cstate, proto);
7622 if (inst->b)
7623 gen_and(inst->b, b);
7624 inst->b = b;
7625 break;
7626
7627 case Q_SCTP:
7628 case Q_TCP:
7629 case Q_UDP:
7630 case Q_ICMP:
7631 case Q_IGMP:
7632 case Q_IGRP:
7633 case Q_PIM:
7634 case Q_VRRP:
7635 case Q_CARP:
7636 /*
7637 * The offset is relative to the beginning of
7638 * the transport-layer header.
7639 *
7640 * Load the X register with the length of the IPv4 header
7641 * (plus the offset of the link-layer header, if it's
7642 * a variable-length header), in bytes.
7643 *
7644 * XXX - are there any cases where we want
7645 * cstate->off_nl_nosnap?
7646 * XXX - we should, if we're built with
7647 * IPv6 support, generate code to load either
7648 * IPv4, IPv6, or both, as appropriate.
7649 */
7650 s = gen_loadx_iphdrlen(cstate);
7651
7652 /*
7653 * The X register now contains the sum of the variable
7654 * part of the offset of the link-layer payload and the
7655 * length of the network-layer header.
7656 *
7657 * Load into the A register the offset relative to
7658 * the beginning of the transport layer header,
7659 * add the X register to that, move that to the
7660 * X register, and load with an offset from the
7661 * X register equal to the sum of the constant part of
7662 * the offset of the link-layer payload and the offset,
7663 * relative to the beginning of the link-layer payload,
7664 * of the network-layer header.
7665 */
7666 sappend(s, xfer_to_a(cstate, inst));
7667 sappend(s, new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_X));
7668 sappend(s, new_stmt(cstate, BPF_MISC|BPF_TAX));
7669 sappend(s, tmp = new_stmt(cstate, BPF_LD|BPF_IND|size_code));
7670 tmp->s.k = cstate->off_linkpl.constant_part + cstate->off_nl;
7671 sappend(inst->s, s);
7672
7673 /*
7674 * Do the computation only if the packet contains
7675 * the protocol in question - which is true only
7676 * if this is an IP datagram and is the first or
7677 * only fragment of that datagram.
7678 */
7679 gen_and(gen_proto_abbrev_internal(cstate, proto), b = gen_ipfrag(cstate));
7680 if (inst->b)
7681 gen_and(inst->b, b);
7682 gen_and(gen_proto_abbrev_internal(cstate, Q_IP), b);
7683 inst->b = b;
7684 break;
7685 case Q_ICMPV6:
7686 /*
7687 * Do the computation only if the packet contains
7688 * the protocol in question.
7689 */
7690 b = gen_proto_abbrev_internal(cstate, Q_IPV6);
7691 if (inst->b)
7692 gen_and(inst->b, b);
7693 inst->b = b;
7694
7695 /*
7696 * Check if we have an icmp6 next header
7697 */
7698 b = gen_cmp(cstate, OR_LINKPL, 6, BPF_B, 58);
7699 if (inst->b)
7700 gen_and(inst->b, b);
7701 inst->b = b;
7702
7703 s = gen_abs_offset_varpart(cstate, &cstate->off_linkpl);
7704 /*
7705 * If "s" is non-null, it has code to arrange that the
7706 * X register contains the variable part of the offset
7707 * of the link-layer payload. Add to it the offset
7708 * computed into the register specified by "index",
7709 * and move that into the X register. Otherwise, just
7710 * load into the X register the offset computed into
7711 * the register specified by "index".
7712 */
7713 if (s != NULL) {
7714 sappend(s, xfer_to_a(cstate, inst));
7715 sappend(s, new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_X));
7716 sappend(s, new_stmt(cstate, BPF_MISC|BPF_TAX));
7717 } else
7718 s = xfer_to_x(cstate, inst);
7719
7720 /*
7721 * Load the item at the sum of the offset we've put in the
7722 * X register, the offset of the start of the network
7723 * layer header from the beginning of the link-layer
7724 * payload, and the constant part of the offset of the
7725 * start of the link-layer payload.
7726 */
7727 tmp = new_stmt(cstate, BPF_LD|BPF_IND|size_code);
7728 tmp->s.k = cstate->off_linkpl.constant_part + cstate->off_nl + 40;
7729
7730 sappend(s, tmp);
7731 sappend(inst->s, s);
7732
7733 break;
7734 }
7735 inst->regno = regno;
7736 s = new_stmt(cstate, BPF_ST);
7737 s->s.k = regno;
7738 sappend(inst->s, s);
7739
7740 return inst;
7741 }
7742
7743 struct arth *
7744 gen_load(compiler_state_t *cstate, int proto, struct arth *inst,
7745 bpf_u_int32 size)
7746 {
7747 /*
7748 * Catch errors reported by us and routines below us, and return NULL
7749 * on an error.
7750 */
7751 if (setjmp(cstate->top_ctx))
7752 return (NULL);
7753
7754 return gen_load_internal(cstate, proto, inst, size);
7755 }
7756
7757 static struct block *
7758 gen_relation_internal(compiler_state_t *cstate, int code, struct arth *a0,
7759 struct arth *a1, int reversed)
7760 {
7761 struct slist *s0, *s1, *s2;
7762 struct block *b, *tmp;
7763
7764 s0 = xfer_to_x(cstate, a1);
7765 s1 = xfer_to_a(cstate, a0);
7766 if (code == BPF_JEQ) {
7767 s2 = new_stmt(cstate, BPF_ALU|BPF_SUB|BPF_X);
7768 b = new_block(cstate, JMP(code));
7769 sappend(s1, s2);
7770 }
7771 else
7772 b = new_block(cstate, BPF_JMP|code|BPF_X);
7773 if (reversed)
7774 gen_not(b);
7775
7776 sappend(s0, s1);
7777 sappend(a1->s, s0);
7778 sappend(a0->s, a1->s);
7779
7780 b->stmts = a0->s;
7781
7782 free_reg(cstate, a0->regno);
7783 free_reg(cstate, a1->regno);
7784
7785 /* 'and' together protocol checks */
7786 if (a0->b) {
7787 if (a1->b) {
7788 gen_and(a0->b, tmp = a1->b);
7789 }
7790 else
7791 tmp = a0->b;
7792 } else
7793 tmp = a1->b;
7794
7795 if (tmp)
7796 gen_and(tmp, b);
7797
7798 return b;
7799 }
7800
7801 struct block *
7802 gen_relation(compiler_state_t *cstate, int code, struct arth *a0,
7803 struct arth *a1, int reversed)
7804 {
7805 /*
7806 * Catch errors reported by us and routines below us, and return NULL
7807 * on an error.
7808 */
7809 if (setjmp(cstate->top_ctx))
7810 return (NULL);
7811
7812 return gen_relation_internal(cstate, code, a0, a1, reversed);
7813 }
7814
7815 struct arth *
7816 gen_loadlen(compiler_state_t *cstate)
7817 {
7818 int regno;
7819 struct arth *a;
7820 struct slist *s;
7821
7822 /*
7823 * Catch errors reported by us and routines below us, and return NULL
7824 * on an error.
7825 */
7826 if (setjmp(cstate->top_ctx))
7827 return (NULL);
7828
7829 regno = alloc_reg(cstate);
7830 a = (struct arth *)newchunk(cstate, sizeof(*a));
7831 s = new_stmt(cstate, BPF_LD|BPF_LEN);
7832 s->next = new_stmt(cstate, BPF_ST);
7833 s->next->s.k = regno;
7834 a->s = s;
7835 a->regno = regno;
7836
7837 return a;
7838 }
7839
7840 static struct arth *
7841 gen_loadi_internal(compiler_state_t *cstate, bpf_u_int32 val)
7842 {
7843 struct arth *a;
7844 struct slist *s;
7845 int reg;
7846
7847 a = (struct arth *)newchunk(cstate, sizeof(*a));
7848
7849 reg = alloc_reg(cstate);
7850
7851 s = new_stmt(cstate, BPF_LD|BPF_IMM);
7852 s->s.k = val;
7853 s->next = new_stmt(cstate, BPF_ST);
7854 s->next->s.k = reg;
7855 a->s = s;
7856 a->regno = reg;
7857
7858 return a;
7859 }
7860
7861 struct arth *
7862 gen_loadi(compiler_state_t *cstate, bpf_u_int32 val)
7863 {
7864 /*
7865 * Catch errors reported by us and routines below us, and return NULL
7866 * on an error.
7867 */
7868 if (setjmp(cstate->top_ctx))
7869 return (NULL);
7870
7871 return gen_loadi_internal(cstate, val);
7872 }
7873
7874 /*
7875 * The a_arg dance is to avoid annoying whining by compilers that
7876 * a might be clobbered by longjmp - yeah, it might, but *WHO CARES*?
7877 * It's not *used* after setjmp returns.
7878 */
7879 struct arth *
7880 gen_neg(compiler_state_t *cstate, struct arth *a_arg)
7881 {
7882 struct arth *a = a_arg;
7883 struct slist *s;
7884
7885 /*
7886 * Catch errors reported by us and routines below us, and return NULL
7887 * on an error.
7888 */
7889 if (setjmp(cstate->top_ctx))
7890 return (NULL);
7891
7892 s = xfer_to_a(cstate, a);
7893 sappend(a->s, s);
7894 s = new_stmt(cstate, BPF_ALU|BPF_NEG);
7895 s->s.k = 0;
7896 sappend(a->s, s);
7897 s = new_stmt(cstate, BPF_ST);
7898 s->s.k = a->regno;
7899 sappend(a->s, s);
7900
7901 return a;
7902 }
7903
7904 /*
7905 * The a0_arg dance is to avoid annoying whining by compilers that
7906 * a0 might be clobbered by longjmp - yeah, it might, but *WHO CARES*?
7907 * It's not *used* after setjmp returns.
7908 */
7909 struct arth *
7910 gen_arth(compiler_state_t *cstate, int code, struct arth *a0_arg,
7911 struct arth *a1)
7912 {
7913 struct arth *a0 = a0_arg;
7914 struct slist *s0, *s1, *s2;
7915
7916 /*
7917 * Catch errors reported by us and routines below us, and return NULL
7918 * on an error.
7919 */
7920 if (setjmp(cstate->top_ctx))
7921 return (NULL);
7922
7923 /*
7924 * Disallow division by, or modulus by, zero; we do this here
7925 * so that it gets done even if the optimizer is disabled.
7926 *
7927 * Also disallow shifts by a value greater than 31; we do this
7928 * here, for the same reason.
7929 */
7930 if (code == BPF_DIV) {
7931 if (a1->s->s.code == (BPF_LD|BPF_IMM) && a1->s->s.k == 0)
7932 bpf_error(cstate, "division by zero");
7933 } else if (code == BPF_MOD) {
7934 if (a1->s->s.code == (BPF_LD|BPF_IMM) && a1->s->s.k == 0)
7935 bpf_error(cstate, "modulus by zero");
7936 } else if (code == BPF_LSH || code == BPF_RSH) {
7937 if (a1->s->s.code == (BPF_LD|BPF_IMM) && a1->s->s.k > 31)
7938 bpf_error(cstate, "shift by more than 31 bits");
7939 }
7940 s0 = xfer_to_x(cstate, a1);
7941 s1 = xfer_to_a(cstate, a0);
7942 s2 = new_stmt(cstate, BPF_ALU|BPF_X|code);
7943
7944 sappend(s1, s2);
7945 sappend(s0, s1);
7946 sappend(a1->s, s0);
7947 sappend(a0->s, a1->s);
7948
7949 free_reg(cstate, a0->regno);
7950 free_reg(cstate, a1->regno);
7951
7952 s0 = new_stmt(cstate, BPF_ST);
7953 a0->regno = s0->s.k = alloc_reg(cstate);
7954 sappend(a0->s, s0);
7955
7956 return a0;
7957 }
7958
7959 /*
7960 * Initialize the table of used registers and the current register.
7961 */
7962 static void
7963 init_regs(compiler_state_t *cstate)
7964 {
7965 cstate->curreg = 0;
7966 memset(cstate->regused, 0, sizeof cstate->regused);
7967 }
7968
7969 /*
7970 * Return the next free register.
7971 */
7972 static int
7973 alloc_reg(compiler_state_t *cstate)
7974 {
7975 int n = BPF_MEMWORDS;
7976
7977 while (--n >= 0) {
7978 if (cstate->regused[cstate->curreg])
7979 cstate->curreg = (cstate->curreg + 1) % BPF_MEMWORDS;
7980 else {
7981 cstate->regused[cstate->curreg] = 1;
7982 return cstate->curreg;
7983 }
7984 }
7985 bpf_error(cstate, "too many registers needed to evaluate expression");
7986 /*NOTREACHED*/
7987 }
7988
7989 /*
7990 * Return a register to the table so it can
7991 * be used later.
7992 */
7993 static void
7994 free_reg(compiler_state_t *cstate, int n)
7995 {
7996 cstate->regused[n] = 0;
7997 }
7998
7999 static struct block *
8000 gen_len(compiler_state_t *cstate, int jmp, int n)
8001 {
8002 struct slist *s;
8003 struct block *b;
8004
8005 s = new_stmt(cstate, BPF_LD|BPF_LEN);
8006 b = new_block(cstate, JMP(jmp));
8007 b->stmts = s;
8008 b->s.k = n;
8009
8010 return b;
8011 }
8012
8013 struct block *
8014 gen_greater(compiler_state_t *cstate, int n)
8015 {
8016 /*
8017 * Catch errors reported by us and routines below us, and return NULL
8018 * on an error.
8019 */
8020 if (setjmp(cstate->top_ctx))
8021 return (NULL);
8022
8023 return gen_len(cstate, BPF_JGE, n);
8024 }
8025
8026 /*
8027 * Actually, this is less than or equal.
8028 */
8029 struct block *
8030 gen_less(compiler_state_t *cstate, int n)
8031 {
8032 struct block *b;
8033
8034 /*
8035 * Catch errors reported by us and routines below us, and return NULL
8036 * on an error.
8037 */
8038 if (setjmp(cstate->top_ctx))
8039 return (NULL);
8040
8041 b = gen_len(cstate, BPF_JGT, n);
8042 gen_not(b);
8043
8044 return b;
8045 }
8046
8047 /*
8048 * This is for "byte {idx} {op} {val}"; "idx" is treated as relative to
8049 * the beginning of the link-layer header.
8050 * XXX - that means you can't test values in the radiotap header, but
8051 * as that header is difficult if not impossible to parse generally
8052 * without a loop, that might not be a severe problem. A new keyword
8053 * "radio" could be added for that, although what you'd really want
8054 * would be a way of testing particular radio header values, which
8055 * would generate code appropriate to the radio header in question.
8056 */
8057 struct block *
8058 gen_byteop(compiler_state_t *cstate, int op, int idx, bpf_u_int32 val)
8059 {
8060 struct block *b;
8061 struct slist *s;
8062
8063 /*
8064 * Catch errors reported by us and routines below us, and return NULL
8065 * on an error.
8066 */
8067 if (setjmp(cstate->top_ctx))
8068 return (NULL);
8069
8070 switch (op) {
8071 default:
8072 abort();
8073
8074 case '=':
8075 return gen_cmp(cstate, OR_LINKHDR, (u_int)idx, BPF_B, val);
8076
8077 case '<':
8078 b = gen_cmp_lt(cstate, OR_LINKHDR, (u_int)idx, BPF_B, val);
8079 return b;
8080
8081 case '>':
8082 b = gen_cmp_gt(cstate, OR_LINKHDR, (u_int)idx, BPF_B, val);
8083 return b;
8084
8085 case '|':
8086 s = new_stmt(cstate, BPF_ALU|BPF_OR|BPF_K);
8087 break;
8088
8089 case '&':
8090 s = new_stmt(cstate, BPF_ALU|BPF_AND|BPF_K);
8091 break;
8092 }
8093 s->s.k = val;
8094 b = new_block(cstate, JMP(BPF_JEQ));
8095 b->stmts = s;
8096 gen_not(b);
8097
8098 return b;
8099 }
8100
8101 struct block *
8102 gen_broadcast(compiler_state_t *cstate, int proto)
8103 {
8104 bpf_u_int32 hostmask;
8105 struct block *b0, *b1, *b2;
8106 static const u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
8107
8108 /*
8109 * Catch errors reported by us and routines below us, and return NULL
8110 * on an error.
8111 */
8112 if (setjmp(cstate->top_ctx))
8113 return (NULL);
8114
8115 switch (proto) {
8116
8117 case Q_DEFAULT:
8118 case Q_LINK:
8119 switch (cstate->linktype) {
8120 case DLT_ARCNET:
8121 case DLT_ARCNET_LINUX:
8122 // ARCnet broadcast is [8-bit] destination address 0.
8123 return gen_ahostop(cstate, 0, Q_DST);
8124 case DLT_EN10MB:
8125 case DLT_NETANALYZER:
8126 case DLT_NETANALYZER_TRANSPARENT:
8127 b1 = gen_prevlinkhdr_check(cstate);
8128 b0 = gen_ehostop(cstate, ebroadcast, Q_DST);
8129 if (b1 != NULL)
8130 gen_and(b1, b0);
8131 return b0;
8132 case DLT_FDDI:
8133 return gen_fhostop(cstate, ebroadcast, Q_DST);
8134 case DLT_IEEE802:
8135 return gen_thostop(cstate, ebroadcast, Q_DST);
8136 case DLT_IEEE802_11:
8137 case DLT_PRISM_HEADER:
8138 case DLT_IEEE802_11_RADIO_AVS:
8139 case DLT_IEEE802_11_RADIO:
8140 case DLT_PPI:
8141 return gen_wlanhostop(cstate, ebroadcast, Q_DST);
8142 case DLT_IP_OVER_FC:
8143 return gen_ipfchostop(cstate, ebroadcast, Q_DST);
8144 }
8145 fail_kw_on_dlt(cstate, "broadcast");
8146 /*NOTREACHED*/
8147
8148 case Q_IP:
8149 /*
8150 * We treat a netmask of PCAP_NETMASK_UNKNOWN (0xffffffff)
8151 * as an indication that we don't know the netmask, and fail
8152 * in that case.
8153 */
8154 if (cstate->netmask == PCAP_NETMASK_UNKNOWN)
8155 bpf_error(cstate, "netmask not known, so 'ip broadcast' not supported");
8156 b0 = gen_linktype(cstate, ETHERTYPE_IP);
8157 hostmask = ~cstate->netmask;
8158 b1 = gen_mcmp(cstate, OR_LINKPL, 16, BPF_W, 0, hostmask);
8159 b2 = gen_mcmp(cstate, OR_LINKPL, 16, BPF_W, hostmask, hostmask);
8160 gen_or(b1, b2);
8161 gen_and(b0, b2);
8162 return b2;
8163 }
8164 bpf_error(cstate, ERRSTR_INVALID_QUAL, pqkw(proto), "broadcast");
8165 /*NOTREACHED*/
8166 }
8167
8168 /*
8169 * Generate code to test the low-order bit of a MAC address (that's
8170 * the bottom bit of the *first* byte).
8171 */
8172 static struct block *
8173 gen_mac_multicast(compiler_state_t *cstate, int offset)
8174 {
8175 register struct block *b0;
8176 register struct slist *s;
8177
8178 /* link[offset] & 1 != 0 */
8179 s = gen_load_a(cstate, OR_LINKHDR, offset, BPF_B);
8180 b0 = new_block(cstate, JMP(BPF_JSET));
8181 b0->s.k = 1;
8182 b0->stmts = s;
8183 return b0;
8184 }
8185
8186 struct block *
8187 gen_multicast(compiler_state_t *cstate, int proto)
8188 {
8189 register struct block *b0, *b1, *b2;
8190 register struct slist *s;
8191
8192 /*
8193 * Catch errors reported by us and routines below us, and return NULL
8194 * on an error.
8195 */
8196 if (setjmp(cstate->top_ctx))
8197 return (NULL);
8198
8199 switch (proto) {
8200
8201 case Q_DEFAULT:
8202 case Q_LINK:
8203 switch (cstate->linktype) {
8204 case DLT_ARCNET:
8205 case DLT_ARCNET_LINUX:
8206 // ARCnet multicast is the same as broadcast.
8207 return gen_ahostop(cstate, 0, Q_DST);
8208 case DLT_EN10MB:
8209 case DLT_NETANALYZER:
8210 case DLT_NETANALYZER_TRANSPARENT:
8211 b1 = gen_prevlinkhdr_check(cstate);
8212 /* ether[0] & 1 != 0 */
8213 b0 = gen_mac_multicast(cstate, 0);
8214 if (b1 != NULL)
8215 gen_and(b1, b0);
8216 return b0;
8217 case DLT_FDDI:
8218 /*
8219 * XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX
8220 *
8221 * XXX - was that referring to bit-order issues?
8222 */
8223 /* fddi[1] & 1 != 0 */
8224 return gen_mac_multicast(cstate, 1);
8225 case DLT_IEEE802:
8226 /* tr[2] & 1 != 0 */
8227 return gen_mac_multicast(cstate, 2);
8228 case DLT_IEEE802_11:
8229 case DLT_PRISM_HEADER:
8230 case DLT_IEEE802_11_RADIO_AVS:
8231 case DLT_IEEE802_11_RADIO:
8232 case DLT_PPI:
8233 /*
8234 * Oh, yuk.
8235 *
8236 * For control frames, there is no DA.
8237 *
8238 * For management frames, DA is at an
8239 * offset of 4 from the beginning of
8240 * the packet.
8241 *
8242 * For data frames, DA is at an offset
8243 * of 4 from the beginning of the packet
8244 * if To DS is clear and at an offset of
8245 * 16 from the beginning of the packet
8246 * if To DS is set.
8247 */
8248
8249 /*
8250 * Generate the tests to be done for data frames.
8251 *
8252 * First, check for To DS set, i.e. "link[1] & 0x01".
8253 */
8254 s = gen_load_a(cstate, OR_LINKHDR, 1, BPF_B);
8255 b1 = new_block(cstate, JMP(BPF_JSET));
8256 b1->s.k = 0x01; /* To DS */
8257 b1->stmts = s;
8258
8259 /*
8260 * If To DS is set, the DA is at 16.
8261 */
8262 b0 = gen_mac_multicast(cstate, 16);
8263 gen_and(b1, b0);
8264
8265 /*
8266 * Now, check for To DS not set, i.e. check
8267 * "!(link[1] & 0x01)".
8268 */
8269 s = gen_load_a(cstate, OR_LINKHDR, 1, BPF_B);
8270 b2 = new_block(cstate, JMP(BPF_JSET));
8271 b2->s.k = 0x01; /* To DS */
8272 b2->stmts = s;
8273 gen_not(b2);
8274
8275 /*
8276 * If To DS is not set, the DA is at 4.
8277 */
8278 b1 = gen_mac_multicast(cstate, 4);
8279 gen_and(b2, b1);
8280
8281 /*
8282 * Now OR together the last two checks. That gives
8283 * the complete set of checks for data frames.
8284 */
8285 gen_or(b1, b0);
8286
8287 /*
8288 * Now check for a data frame.
8289 * I.e, check "link[0] & 0x08".
8290 */
8291 s = gen_load_a(cstate, OR_LINKHDR, 0, BPF_B);
8292 b1 = new_block(cstate, JMP(BPF_JSET));
8293 b1->s.k = 0x08;
8294 b1->stmts = s;
8295
8296 /*
8297 * AND that with the checks done for data frames.
8298 */
8299 gen_and(b1, b0);
8300
8301 /*
8302 * If the high-order bit of the type value is 0, this
8303 * is a management frame.
8304 * I.e, check "!(link[0] & 0x08)".
8305 */
8306 s = gen_load_a(cstate, OR_LINKHDR, 0, BPF_B);
8307 b2 = new_block(cstate, JMP(BPF_JSET));
8308 b2->s.k = 0x08;
8309 b2->stmts = s;
8310 gen_not(b2);
8311
8312 /*
8313 * For management frames, the DA is at 4.
8314 */
8315 b1 = gen_mac_multicast(cstate, 4);
8316 gen_and(b2, b1);
8317
8318 /*
8319 * OR that with the checks done for data frames.
8320 * That gives the checks done for management and
8321 * data frames.
8322 */
8323 gen_or(b1, b0);
8324
8325 /*
8326 * If the low-order bit of the type value is 1,
8327 * this is either a control frame or a frame
8328 * with a reserved type, and thus not a
8329 * frame with an SA.
8330 *
8331 * I.e., check "!(link[0] & 0x04)".
8332 */
8333 s = gen_load_a(cstate, OR_LINKHDR, 0, BPF_B);
8334 b1 = new_block(cstate, JMP(BPF_JSET));
8335 b1->s.k = 0x04;
8336 b1->stmts = s;
8337 gen_not(b1);
8338
8339 /*
8340 * AND that with the checks for data and management
8341 * frames.
8342 */
8343 gen_and(b1, b0);
8344 return b0;
8345 case DLT_IP_OVER_FC:
8346 b0 = gen_mac_multicast(cstate, 2);
8347 return b0;
8348 default:
8349 break;
8350 }
8351 fail_kw_on_dlt(cstate, "multicast");
8352 /*NOTREACHED*/
8353
8354 case Q_IP:
8355 b0 = gen_linktype(cstate, ETHERTYPE_IP);
8356 b1 = gen_cmp_ge(cstate, OR_LINKPL, 16, BPF_B, 224);
8357 gen_and(b0, b1);
8358 return b1;
8359
8360 case Q_IPV6:
8361 b0 = gen_linktype(cstate, ETHERTYPE_IPV6);
8362 b1 = gen_cmp(cstate, OR_LINKPL, 24, BPF_B, 255);
8363 gen_and(b0, b1);
8364 return b1;
8365 }
8366 bpf_error(cstate, ERRSTR_INVALID_QUAL, pqkw(proto), "multicast");
8367 /*NOTREACHED*/
8368 }
8369
8370 #ifdef __linux__
8371 /*
8372 * This is Linux; we require PF_PACKET support. If this is a *live* capture,
8373 * we can look at special meta-data in the filter expression; otherwise we
8374 * can't because it is either a savefile (rfile != NULL) or a pcap_t created
8375 * using pcap_open_dead() (rfile == NULL). Thus check for a flag that
8376 * pcap_activate() conditionally sets.
8377 */
8378 static void
8379 require_basic_bpf_extensions(compiler_state_t *cstate, const char *keyword)
8380 {
8381 if (cstate->bpf_pcap->bpf_codegen_flags & BPF_SPECIAL_BASIC_HANDLING)
8382 return;
8383 bpf_error(cstate, "%s not supported on %s (not a live capture)",
8384 keyword,
8385 pcap_datalink_val_to_description_or_dlt(cstate->linktype));
8386 }
8387 #endif // __linux__
8388
8389 struct block *
8390 gen_ifindex(compiler_state_t *cstate, int ifindex)
8391 {
8392 register struct block *b0;
8393
8394 /*
8395 * Catch errors reported by us and routines below us, and return NULL
8396 * on an error.
8397 */
8398 if (setjmp(cstate->top_ctx))
8399 return (NULL);
8400
8401 /*
8402 * Only some data link types support ifindex qualifiers.
8403 */
8404 switch (cstate->linktype) {
8405 case DLT_LINUX_SLL2:
8406 /* match packets on this interface */
8407 b0 = gen_cmp(cstate, OR_LINKHDR, 4, BPF_W, ifindex);
8408 break;
8409 default:
8410 #if defined(__linux__)
8411 require_basic_bpf_extensions(cstate, "ifindex");
8412 /* match ifindex */
8413 b0 = gen_cmp(cstate, OR_LINKHDR, SKF_AD_OFF + SKF_AD_IFINDEX, BPF_W,
8414 ifindex);
8415 #else /* defined(__linux__) */
8416 fail_kw_on_dlt(cstate, "ifindex");
8417 /*NOTREACHED*/
8418 #endif /* defined(__linux__) */
8419 }
8420 return (b0);
8421 }
8422
8423 /*
8424 * Filter on inbound (outbound == 0) or outbound (outbound == 1) traffic.
8425 * Outbound traffic is sent by this machine, while inbound traffic is
8426 * sent by a remote machine (and may include packets destined for a
8427 * unicast or multicast link-layer address we are not subscribing to).
8428 * These are the same definitions implemented by pcap_setdirection().
8429 * Capturing only unicast traffic destined for this host is probably
8430 * better accomplished using a higher-layer filter.
8431 */
8432 struct block *
8433 gen_inbound_outbound(compiler_state_t *cstate, const int outbound)
8434 {
8435 register struct block *b0;
8436
8437 /*
8438 * Catch errors reported by us and routines below us, and return NULL
8439 * on an error.
8440 */
8441 if (setjmp(cstate->top_ctx))
8442 return (NULL);
8443
8444 /*
8445 * Only some data link types support inbound/outbound qualifiers.
8446 */
8447 switch (cstate->linktype) {
8448 case DLT_SLIP:
8449 b0 = gen_cmp(cstate, OR_LINKHDR, 0, BPF_B,
8450 outbound ? SLIPDIR_OUT : SLIPDIR_IN);
8451 break;
8452
8453 case DLT_IPNET:
8454 b0 = gen_cmp(cstate, OR_LINKHDR, 2, BPF_H,
8455 outbound ? IPNET_OUTBOUND : IPNET_INBOUND);
8456 break;
8457
8458 case DLT_LINUX_SLL:
8459 /* match outgoing packets */
8460 b0 = gen_cmp(cstate, OR_LINKHDR, 0, BPF_H, LINUX_SLL_OUTGOING);
8461 if (! outbound) {
8462 /* to filter on inbound traffic, invert the match */
8463 gen_not(b0);
8464 }
8465 break;
8466
8467 case DLT_LINUX_SLL2:
8468 /* match outgoing packets */
8469 b0 = gen_cmp(cstate, OR_LINKHDR, 10, BPF_B, LINUX_SLL_OUTGOING);
8470 if (! outbound) {
8471 /* to filter on inbound traffic, invert the match */
8472 gen_not(b0);
8473 }
8474 break;
8475
8476 case DLT_PFLOG:
8477 b0 = gen_cmp(cstate, OR_LINKHDR, offsetof(struct pfloghdr, dir), BPF_B,
8478 outbound ? PF_OUT : PF_IN);
8479 break;
8480
8481 case DLT_PPP_PPPD:
8482 b0 = gen_cmp(cstate, OR_LINKHDR, 0, BPF_B, outbound ? PPP_PPPD_OUT : PPP_PPPD_IN);
8483 break;
8484
8485 case DLT_JUNIPER_MFR:
8486 case DLT_JUNIPER_MLFR:
8487 case DLT_JUNIPER_MLPPP:
8488 case DLT_JUNIPER_ATM1:
8489 case DLT_JUNIPER_ATM2:
8490 case DLT_JUNIPER_PPPOE:
8491 case DLT_JUNIPER_PPPOE_ATM:
8492 case DLT_JUNIPER_GGSN:
8493 case DLT_JUNIPER_ES:
8494 case DLT_JUNIPER_MONITOR:
8495 case DLT_JUNIPER_SERVICES:
8496 case DLT_JUNIPER_ETHER:
8497 case DLT_JUNIPER_PPP:
8498 case DLT_JUNIPER_FRELAY:
8499 case DLT_JUNIPER_CHDLC:
8500 case DLT_JUNIPER_VP:
8501 case DLT_JUNIPER_ST:
8502 case DLT_JUNIPER_ISM:
8503 case DLT_JUNIPER_VS:
8504 case DLT_JUNIPER_SRX_E2E:
8505 case DLT_JUNIPER_FIBRECHANNEL:
8506 case DLT_JUNIPER_ATM_CEMIC:
8507 /* juniper flags (including direction) are stored
8508 * the byte after the 3-byte magic number */
8509 b0 = gen_mcmp(cstate, OR_LINKHDR, 3, BPF_B, outbound ? 0 : 1, 0x01);
8510 break;
8511
8512 default:
8513 /*
8514 * If we have packet meta-data indicating a direction,
8515 * and that metadata can be checked by BPF code, check
8516 * it. Otherwise, give up, as this link-layer type has
8517 * nothing in the packet data.
8518 *
8519 * Currently, the only platform where a BPF filter can
8520 * check that metadata is Linux with the in-kernel
8521 * BPF interpreter. If other packet capture mechanisms
8522 * and BPF filters also supported this, it would be
8523 * nice. It would be even better if they made that
8524 * metadata available so that we could provide it
8525 * with newer capture APIs, allowing it to be saved
8526 * in pcapng files.
8527 */
8528 #if defined(__linux__)
8529 require_basic_bpf_extensions(cstate, outbound ? "outbound" : "inbound");
8530 /* match outgoing packets */
8531 b0 = gen_cmp(cstate, OR_LINKHDR, SKF_AD_OFF + SKF_AD_PKTTYPE, BPF_H,
8532 PACKET_OUTGOING);
8533 if (! outbound) {
8534 /* to filter on inbound traffic, invert the match */
8535 gen_not(b0);
8536 }
8537 #else /* defined(__linux__) */
8538 fail_kw_on_dlt(cstate, outbound ? "outbound" : "inbound");
8539 /*NOTREACHED*/
8540 #endif /* defined(__linux__) */
8541 }
8542 return (b0);
8543 }
8544
8545 /* PF firewall log matched interface */
8546 struct block *
8547 gen_pf_ifname(compiler_state_t *cstate, const char *ifname)
8548 {
8549 struct block *b0;
8550 u_int len, off;
8551
8552 /*
8553 * Catch errors reported by us and routines below us, and return NULL
8554 * on an error.
8555 */
8556 if (setjmp(cstate->top_ctx))
8557 return (NULL);
8558
8559 assert_pflog(cstate, "ifname");
8560
8561 len = sizeof(((struct pfloghdr *)0)->ifname);
8562 off = offsetof(struct pfloghdr, ifname);
8563 if (strlen(ifname) >= len) {
8564 bpf_error(cstate, "ifname interface names can only be %d characters",
8565 len-1);
8566 /*NOTREACHED*/
8567 }
8568 b0 = gen_bcmp(cstate, OR_LINKHDR, off, (u_int)strlen(ifname),
8569 (const u_char *)ifname);
8570 return (b0);
8571 }
8572
8573 /* PF firewall log ruleset name */
8574 struct block *
8575 gen_pf_ruleset(compiler_state_t *cstate, char *ruleset)
8576 {
8577 struct block *b0;
8578
8579 /*
8580 * Catch errors reported by us and routines below us, and return NULL
8581 * on an error.
8582 */
8583 if (setjmp(cstate->top_ctx))
8584 return (NULL);
8585
8586 assert_pflog(cstate, "ruleset");
8587
8588 if (strlen(ruleset) >= sizeof(((struct pfloghdr *)0)->ruleset)) {
8589 bpf_error(cstate, "ruleset names can only be %ld characters",
8590 (long)(sizeof(((struct pfloghdr *)0)->ruleset) - 1));
8591 /*NOTREACHED*/
8592 }
8593
8594 b0 = gen_bcmp(cstate, OR_LINKHDR, offsetof(struct pfloghdr, ruleset),
8595 (u_int)strlen(ruleset), (const u_char *)ruleset);
8596 return (b0);
8597 }
8598
8599 /* PF firewall log rule number */
8600 struct block *
8601 gen_pf_rnr(compiler_state_t *cstate, int rnr)
8602 {
8603 struct block *b0;
8604
8605 /*
8606 * Catch errors reported by us and routines below us, and return NULL
8607 * on an error.
8608 */
8609 if (setjmp(cstate->top_ctx))
8610 return (NULL);
8611
8612 assert_pflog(cstate, "rnr");
8613
8614 b0 = gen_cmp(cstate, OR_LINKHDR, offsetof(struct pfloghdr, rulenr), BPF_W,
8615 (bpf_u_int32)rnr);
8616 return (b0);
8617 }
8618
8619 /* PF firewall log sub-rule number */
8620 struct block *
8621 gen_pf_srnr(compiler_state_t *cstate, int srnr)
8622 {
8623 struct block *b0;
8624
8625 /*
8626 * Catch errors reported by us and routines below us, and return NULL
8627 * on an error.
8628 */
8629 if (setjmp(cstate->top_ctx))
8630 return (NULL);
8631
8632 assert_pflog(cstate, "srnr");
8633
8634 b0 = gen_cmp(cstate, OR_LINKHDR, offsetof(struct pfloghdr, subrulenr), BPF_W,
8635 (bpf_u_int32)srnr);
8636 return (b0);
8637 }
8638
8639 /* PF firewall log reason code */
8640 struct block *
8641 gen_pf_reason(compiler_state_t *cstate, int reason)
8642 {
8643 struct block *b0;
8644
8645 /*
8646 * Catch errors reported by us and routines below us, and return NULL
8647 * on an error.
8648 */
8649 if (setjmp(cstate->top_ctx))
8650 return (NULL);
8651
8652 assert_pflog(cstate, "reason");
8653
8654 b0 = gen_cmp(cstate, OR_LINKHDR, offsetof(struct pfloghdr, reason), BPF_B,
8655 (bpf_u_int32)reason);
8656 return (b0);
8657 }
8658
8659 /* PF firewall log action */
8660 struct block *
8661 gen_pf_action(compiler_state_t *cstate, int action)
8662 {
8663 struct block *b0;
8664
8665 /*
8666 * Catch errors reported by us and routines below us, and return NULL
8667 * on an error.
8668 */
8669 if (setjmp(cstate->top_ctx))
8670 return (NULL);
8671
8672 assert_pflog(cstate, "action");
8673
8674 b0 = gen_cmp(cstate, OR_LINKHDR, offsetof(struct pfloghdr, action), BPF_B,
8675 (bpf_u_int32)action);
8676 return (b0);
8677 }
8678
8679 /* IEEE 802.11 wireless header */
8680 struct block *
8681 gen_p80211_type(compiler_state_t *cstate, bpf_u_int32 type, bpf_u_int32 mask)
8682 {
8683 struct block *b0;
8684
8685 /*
8686 * Catch errors reported by us and routines below us, and return NULL
8687 * on an error.
8688 */
8689 if (setjmp(cstate->top_ctx))
8690 return (NULL);
8691
8692 switch (cstate->linktype) {
8693
8694 case DLT_IEEE802_11:
8695 case DLT_PRISM_HEADER:
8696 case DLT_IEEE802_11_RADIO_AVS:
8697 case DLT_IEEE802_11_RADIO:
8698 case DLT_PPI:
8699 b0 = gen_mcmp(cstate, OR_LINKHDR, 0, BPF_B, type, mask);
8700 break;
8701
8702 default:
8703 fail_kw_on_dlt(cstate, "type/subtype");
8704 /*NOTREACHED*/
8705 }
8706
8707 return (b0);
8708 }
8709
8710 struct block *
8711 gen_p80211_fcdir(compiler_state_t *cstate, bpf_u_int32 fcdir)
8712 {
8713 struct block *b0;
8714
8715 /*
8716 * Catch errors reported by us and routines below us, and return NULL
8717 * on an error.
8718 */
8719 if (setjmp(cstate->top_ctx))
8720 return (NULL);
8721
8722 switch (cstate->linktype) {
8723
8724 case DLT_IEEE802_11:
8725 case DLT_PRISM_HEADER:
8726 case DLT_IEEE802_11_RADIO_AVS:
8727 case DLT_IEEE802_11_RADIO:
8728 case DLT_PPI:
8729 break;
8730
8731 default:
8732 fail_kw_on_dlt(cstate, "dir");
8733 /*NOTREACHED*/
8734 }
8735
8736 b0 = gen_mcmp(cstate, OR_LINKHDR, 1, BPF_B, fcdir,
8737 IEEE80211_FC1_DIR_MASK);
8738
8739 return (b0);
8740 }
8741
8742 // Process an ARCnet host address string.
8743 struct block *
8744 gen_acode(compiler_state_t *cstate, const char *s, struct qual q)
8745 {
8746 /*
8747 * Catch errors reported by us and routines below us, and return NULL
8748 * on an error.
8749 */
8750 if (setjmp(cstate->top_ctx))
8751 return (NULL);
8752
8753 switch (cstate->linktype) {
8754
8755 case DLT_ARCNET:
8756 case DLT_ARCNET_LINUX:
8757 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) &&
8758 q.proto == Q_LINK) {
8759 uint8_t addr;
8760 /*
8761 * The lexer currently defines the address format in a
8762 * way that makes this error condition never true.
8763 * Let's check it anyway in case this part of the lexer
8764 * changes in future.
8765 */
8766 if (! pcapint_atoan(s, &addr))
8767 bpf_error(cstate, "invalid ARCnet address '%s'", s);
8768 return gen_ahostop(cstate, addr, (int)q.dir);
8769 } else
8770 bpf_error(cstate, "ARCnet address used in non-arc expression");
8771 /*NOTREACHED*/
8772
8773 default:
8774 bpf_error(cstate, "aid supported only on ARCnet");
8775 /*NOTREACHED*/
8776 }
8777 }
8778
8779 // Compare an ARCnet host address with the given value.
8780 static struct block *
8781 gen_ahostop(compiler_state_t *cstate, const uint8_t eaddr, int dir)
8782 {
8783 register struct block *b0, *b1;
8784
8785 switch (dir) {
8786 /*
8787 * ARCnet is different from Ethernet: the source address comes before
8788 * the destination address, each is one byte long. This holds for all
8789 * three "buffer formats" in RFC 1201 Section 2.1, see also page 4-10
8790 * in the 1983 edition of the "ARCNET Designer's Handbook" published
8791 * by Datapoint (document number 61610-01).
8792 */
8793 case Q_SRC:
8794 return gen_cmp(cstate, OR_LINKHDR, 0, BPF_B, eaddr);
8795
8796 case Q_DST:
8797 return gen_cmp(cstate, OR_LINKHDR, 1, BPF_B, eaddr);
8798
8799 case Q_AND:
8800 b0 = gen_ahostop(cstate, eaddr, Q_SRC);
8801 b1 = gen_ahostop(cstate, eaddr, Q_DST);
8802 gen_and(b0, b1);
8803 return b1;
8804
8805 case Q_DEFAULT:
8806 case Q_OR:
8807 b0 = gen_ahostop(cstate, eaddr, Q_SRC);
8808 b1 = gen_ahostop(cstate, eaddr, Q_DST);
8809 gen_or(b0, b1);
8810 return b1;
8811
8812 case Q_ADDR1:
8813 case Q_ADDR2:
8814 case Q_ADDR3:
8815 case Q_ADDR4:
8816 case Q_RA:
8817 case Q_TA:
8818 bpf_error(cstate, ERRSTR_802_11_ONLY_KW, dqkw(dir));
8819 /*NOTREACHED*/
8820 }
8821 abort();
8822 /*NOTREACHED*/
8823 }
8824
8825 static struct block *
8826 gen_vlan_tpid_test(compiler_state_t *cstate)
8827 {
8828 struct block *b0, *b1;
8829
8830 /* check for VLAN, including 802.1ad and QinQ */
8831 b0 = gen_linktype(cstate, ETHERTYPE_8021Q);
8832 b1 = gen_linktype(cstate, ETHERTYPE_8021AD);
8833 gen_or(b0,b1);
8834 b0 = b1;
8835 b1 = gen_linktype(cstate, ETHERTYPE_8021QINQ);
8836 gen_or(b0,b1);
8837
8838 return b1;
8839 }
8840
8841 static struct block *
8842 gen_vlan_vid_test(compiler_state_t *cstate, bpf_u_int32 vlan_num)
8843 {
8844 if (vlan_num > 0x0fff) {
8845 bpf_error(cstate, "VLAN tag %u greater than maximum %u",
8846 vlan_num, 0x0fff);
8847 }
8848 return gen_mcmp(cstate, OR_LINKPL, 0, BPF_H, vlan_num, 0x0fff);
8849 }
8850
8851 static struct block *
8852 gen_vlan_no_bpf_extensions(compiler_state_t *cstate, bpf_u_int32 vlan_num,
8853 int has_vlan_tag)
8854 {
8855 struct block *b0, *b1;
8856
8857 b0 = gen_vlan_tpid_test(cstate);
8858
8859 if (has_vlan_tag) {
8860 b1 = gen_vlan_vid_test(cstate, vlan_num);
8861 gen_and(b0, b1);
8862 b0 = b1;
8863 }
8864
8865 /*
8866 * Both payload and link header type follow the VLAN tags so that
8867 * both need to be updated.
8868 */
8869 cstate->off_linkpl.constant_part += 4;
8870 cstate->off_linktype.constant_part += 4;
8871
8872 return b0;
8873 }
8874
8875 #if defined(SKF_AD_VLAN_TAG_PRESENT)
8876 /* add v to variable part of off */
8877 static void
8878 gen_vlan_vloffset_add(compiler_state_t *cstate, bpf_abs_offset *off,
8879 bpf_u_int32 v, struct slist *s)
8880 {
8881 struct slist *s2;
8882
8883 if (!off->is_variable)
8884 off->is_variable = 1;
8885 if (off->reg == -1)
8886 off->reg = alloc_reg(cstate);
8887
8888 s2 = new_stmt(cstate, BPF_LD|BPF_MEM);
8889 s2->s.k = off->reg;
8890 sappend(s, s2);
8891 s2 = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_IMM);
8892 s2->s.k = v;
8893 sappend(s, s2);
8894 s2 = new_stmt(cstate, BPF_ST);
8895 s2->s.k = off->reg;
8896 sappend(s, s2);
8897 }
8898
8899 /*
8900 * patch block b_tpid (VLAN TPID test) to update variable parts of link payload
8901 * and link type offsets first
8902 */
8903 static void
8904 gen_vlan_patch_tpid_test(compiler_state_t *cstate, struct block *b_tpid)
8905 {
8906 struct slist s;
8907
8908 /* offset determined at run time, shift variable part */
8909 s.next = NULL;
8910 cstate->is_vlan_vloffset = 1;
8911 gen_vlan_vloffset_add(cstate, &cstate->off_linkpl, 4, &s);
8912 gen_vlan_vloffset_add(cstate, &cstate->off_linktype, 4, &s);
8913
8914 /* we get a pointer to a chain of or-ed blocks, patch first of them */
8915 sappend(s.next, b_tpid->head->stmts);
8916 b_tpid->head->stmts = s.next;
8917 }
8918
8919 /*
8920 * patch block b_vid (VLAN id test) to load VID value either from packet
8921 * metadata (using BPF extensions) if SKF_AD_VLAN_TAG_PRESENT is true
8922 */
8923 static void
8924 gen_vlan_patch_vid_test(compiler_state_t *cstate, struct block *b_vid)
8925 {
8926 struct slist *s, *s2, *sjeq;
8927 unsigned cnt;
8928
8929 s = new_stmt(cstate, BPF_LD|BPF_B|BPF_ABS);
8930 s->s.k = (bpf_u_int32)(SKF_AD_OFF + SKF_AD_VLAN_TAG_PRESENT);
8931
8932 /* true -> next instructions, false -> beginning of b_vid */
8933 sjeq = new_stmt(cstate, JMP(BPF_JEQ));
8934 sjeq->s.k = 1;
8935 sjeq->s.jf = b_vid->stmts;
8936 sappend(s, sjeq);
8937
8938 s2 = new_stmt(cstate, BPF_LD|BPF_H|BPF_ABS);
8939 s2->s.k = (bpf_u_int32)(SKF_AD_OFF + SKF_AD_VLAN_TAG);
8940 sappend(s, s2);
8941 sjeq->s.jt = s2;
8942
8943 /* Jump to the test in b_vid. We need to jump one instruction before
8944 * the end of the b_vid block so that we only skip loading the TCI
8945 * from packet data and not the 'and' instruction extracting VID.
8946 */
8947 cnt = 0;
8948 for (s2 = b_vid->stmts; s2; s2 = s2->next)
8949 cnt++;
8950 s2 = new_stmt(cstate, JMP(BPF_JA));
8951 s2->s.k = cnt - 1;
8952 sappend(s, s2);
8953
8954 /* insert our statements at the beginning of b_vid */
8955 sappend(s, b_vid->stmts);
8956 b_vid->stmts = s;
8957 }
8958
8959 /*
8960 * Generate check for "vlan" or "vlan <id>" on systems with support for BPF
8961 * extensions. Even if kernel supports VLAN BPF extensions, (outermost) VLAN
8962 * tag can be either in metadata or in packet data; therefore if the
8963 * SKF_AD_VLAN_TAG_PRESENT test is negative, we need to check link
8964 * header for VLAN tag. As the decision is done at run time, we need
8965 * update variable part of the offsets
8966 */
8967 static struct block *
8968 gen_vlan_bpf_extensions(compiler_state_t *cstate, bpf_u_int32 vlan_num,
8969 int has_vlan_tag)
8970 {
8971 struct block *b0, *b_tpid, *b_vid = NULL;
8972 struct slist *s;
8973
8974 /* generate new filter code based on extracting packet
8975 * metadata */
8976 s = new_stmt(cstate, BPF_LD|BPF_B|BPF_ABS);
8977 s->s.k = (bpf_u_int32)(SKF_AD_OFF + SKF_AD_VLAN_TAG_PRESENT);
8978
8979 b0 = new_block(cstate, JMP(BPF_JEQ));
8980 b0->stmts = s;
8981 b0->s.k = 1;
8982
8983 /*
8984 * This is tricky. We need to insert the statements updating variable
8985 * parts of offsets before the traditional TPID and VID tests so
8986 * that they are called whenever SKF_AD_VLAN_TAG_PRESENT fails but
8987 * we do not want this update to affect those checks. That's why we
8988 * generate both test blocks first and insert the statements updating
8989 * variable parts of both offsets after that. This wouldn't work if
8990 * there already were variable length link header when entering this
8991 * function but gen_vlan_bpf_extensions() isn't called in that case.
8992 */
8993 b_tpid = gen_vlan_tpid_test(cstate);
8994 if (has_vlan_tag)
8995 b_vid = gen_vlan_vid_test(cstate, vlan_num);
8996
8997 gen_vlan_patch_tpid_test(cstate, b_tpid);
8998 gen_or(b0, b_tpid);
8999 b0 = b_tpid;
9000
9001 if (has_vlan_tag) {
9002 gen_vlan_patch_vid_test(cstate, b_vid);
9003 gen_and(b0, b_vid);
9004 b0 = b_vid;
9005 }
9006
9007 return b0;
9008 }
9009 #endif
9010
9011 /*
9012 * support IEEE 802.1Q VLAN trunk over ethernet
9013 */
9014 struct block *
9015 gen_vlan(compiler_state_t *cstate, bpf_u_int32 vlan_num, int has_vlan_tag)
9016 {
9017 struct block *b0;
9018
9019 /*
9020 * Catch errors reported by us and routines below us, and return NULL
9021 * on an error.
9022 */
9023 if (setjmp(cstate->top_ctx))
9024 return (NULL);
9025
9026 /* can't check for VLAN-encapsulated packets inside MPLS */
9027 if (cstate->label_stack_depth > 0)
9028 bpf_error(cstate, "no VLAN match after MPLS");
9029
9030 /*
9031 * Check for a VLAN packet, and then change the offsets to point
9032 * to the type and data fields within the VLAN packet. Just
9033 * increment the offsets, so that we can support a hierarchy, e.g.
9034 * "vlan 100 && vlan 200" to capture VLAN 200 encapsulated within
9035 * VLAN 100.
9036 *
9037 * XXX - this is a bit of a kludge. If we were to split the
9038 * compiler into a parser that parses an expression and
9039 * generates an expression tree, and a code generator that
9040 * takes an expression tree (which could come from our
9041 * parser or from some other parser) and generates BPF code,
9042 * we could perhaps make the offsets parameters of routines
9043 * and, in the handler for an "AND" node, pass to subnodes
9044 * other than the VLAN node the adjusted offsets.
9045 *
9046 * This would mean that "vlan" would, instead of changing the
9047 * behavior of *all* tests after it, change only the behavior
9048 * of tests ANDed with it. That would change the documented
9049 * semantics of "vlan", which might break some expressions.
9050 * However, it would mean that "(vlan and ip) or ip" would check
9051 * both for VLAN-encapsulated IP and IP-over-Ethernet, rather than
9052 * checking only for VLAN-encapsulated IP, so that could still
9053 * be considered worth doing; it wouldn't break expressions
9054 * that are of the form "vlan and ..." or "vlan N and ...",
9055 * which I suspect are the most common expressions involving
9056 * "vlan". "vlan or ..." doesn't necessarily do what the user
9057 * would really want, now, as all the "or ..." tests would
9058 * be done assuming a VLAN, even though the "or" could be viewed
9059 * as meaning "or, if this isn't a VLAN packet...".
9060 */
9061 switch (cstate->linktype) {
9062
9063 case DLT_EN10MB:
9064 /*
9065 * Newer version of the Linux kernel pass around
9066 * packets in which the VLAN tag has been removed
9067 * from the packet data and put into metadata.
9068 *
9069 * This requires special treatment.
9070 */
9071 #if defined(SKF_AD_VLAN_TAG_PRESENT)
9072 /* Verify that this is the outer part of the packet and
9073 * not encapsulated somehow. */
9074 if (cstate->vlan_stack_depth == 0 && !cstate->off_linkhdr.is_variable &&
9075 cstate->off_linkhdr.constant_part ==
9076 cstate->off_outermostlinkhdr.constant_part) {
9077 /*
9078 * Do we need special VLAN handling?
9079 */
9080 if (cstate->bpf_pcap->bpf_codegen_flags & BPF_SPECIAL_VLAN_HANDLING)
9081 b0 = gen_vlan_bpf_extensions(cstate, vlan_num,
9082 has_vlan_tag);
9083 else
9084 b0 = gen_vlan_no_bpf_extensions(cstate,
9085 vlan_num, has_vlan_tag);
9086 } else
9087 #endif
9088 b0 = gen_vlan_no_bpf_extensions(cstate, vlan_num,
9089 has_vlan_tag);
9090 break;
9091
9092 case DLT_NETANALYZER:
9093 case DLT_NETANALYZER_TRANSPARENT:
9094 case DLT_IEEE802_11:
9095 case DLT_PRISM_HEADER:
9096 case DLT_IEEE802_11_RADIO_AVS:
9097 case DLT_IEEE802_11_RADIO:
9098 /*
9099 * These are either Ethernet packets with an additional
9100 * metadata header (the NetAnalyzer types), or 802.11
9101 * packets, possibly with an additional metadata header.
9102 *
9103 * For the first of those, the VLAN tag is in the normal
9104 * place, so the special-case handling above isn't
9105 * necessary.
9106 *
9107 * For the second of those, we don't do the special-case
9108 * handling for now.
9109 */
9110 b0 = gen_vlan_no_bpf_extensions(cstate, vlan_num, has_vlan_tag);
9111 break;
9112
9113 default:
9114 bpf_error(cstate, "no VLAN support for %s",
9115 pcap_datalink_val_to_description_or_dlt(cstate->linktype));
9116 /*NOTREACHED*/
9117 }
9118
9119 cstate->vlan_stack_depth++;
9120
9121 return (b0);
9122 }
9123
9124 /*
9125 * support for MPLS
9126 *
9127 * The label_num_arg dance is to avoid annoying whining by compilers that
9128 * label_num might be clobbered by longjmp - yeah, it might, but *WHO CARES*?
9129 * It's not *used* after setjmp returns.
9130 */
9131 static struct block *
9132 gen_mpls_internal(compiler_state_t *cstate, bpf_u_int32 label_num,
9133 int has_label_num)
9134 {
9135 struct block *b0, *b1;
9136
9137 if (cstate->label_stack_depth > 0) {
9138 /* just match the bottom-of-stack bit clear */
9139 b0 = gen_mcmp(cstate, OR_PREVMPLSHDR, 2, BPF_B, 0, 0x01);
9140 } else {
9141 /*
9142 * We're not in an MPLS stack yet, so check the link-layer
9143 * type against MPLS.
9144 */
9145 switch (cstate->linktype) {
9146
9147 case DLT_C_HDLC: /* fall through */
9148 case DLT_HDLC:
9149 case DLT_EN10MB:
9150 case DLT_NETANALYZER:
9151 case DLT_NETANALYZER_TRANSPARENT:
9152 b0 = gen_linktype(cstate, ETHERTYPE_MPLS);
9153 break;
9154
9155 case DLT_PPP:
9156 b0 = gen_linktype(cstate, PPP_MPLS_UCAST);
9157 break;
9158
9159 /* FIXME add other DLT_s ...
9160 * for Frame-Relay/and ATM this may get messy due to SNAP headers
9161 * leave it for now */
9162
9163 default:
9164 bpf_error(cstate, "no MPLS support for %s",
9165 pcap_datalink_val_to_description_or_dlt(cstate->linktype));
9166 /*NOTREACHED*/
9167 }
9168 }
9169
9170 /* If a specific MPLS label is requested, check it */
9171 if (has_label_num) {
9172 if (label_num > 0xFFFFF) {
9173 bpf_error(cstate, "MPLS label %u greater than maximum %u",
9174 label_num, 0xFFFFF);
9175 }
9176 label_num = label_num << 12; /* label is shifted 12 bits on the wire */
9177 b1 = gen_mcmp(cstate, OR_LINKPL, 0, BPF_W, label_num,
9178 0xfffff000); /* only compare the first 20 bits */
9179 gen_and(b0, b1);
9180 b0 = b1;
9181 }
9182
9183 /*
9184 * Change the offsets to point to the type and data fields within
9185 * the MPLS packet. Just increment the offsets, so that we
9186 * can support a hierarchy, e.g. "mpls 100000 && mpls 1024" to
9187 * capture packets with an outer label of 100000 and an inner
9188 * label of 1024.
9189 *
9190 * Increment the MPLS stack depth as well; this indicates that
9191 * we're checking MPLS-encapsulated headers, to make sure higher
9192 * level code generators don't try to match against IP-related
9193 * protocols such as Q_ARP, Q_RARP etc.
9194 *
9195 * XXX - this is a bit of a kludge. See comments in gen_vlan().
9196 */
9197 cstate->off_nl_nosnap += 4;
9198 cstate->off_nl += 4;
9199 cstate->label_stack_depth++;
9200 return (b0);
9201 }
9202
9203 struct block *
9204 gen_mpls(compiler_state_t *cstate, bpf_u_int32 label_num, int has_label_num)
9205 {
9206 /*
9207 * Catch errors reported by us and routines below us, and return NULL
9208 * on an error.
9209 */
9210 if (setjmp(cstate->top_ctx))
9211 return (NULL);
9212
9213 return gen_mpls_internal(cstate, label_num, has_label_num);
9214 }
9215
9216 /*
9217 * Support PPPOE discovery and session.
9218 */
9219 struct block *
9220 gen_pppoed(compiler_state_t *cstate)
9221 {
9222 /*
9223 * Catch errors reported by us and routines below us, and return NULL
9224 * on an error.
9225 */
9226 if (setjmp(cstate->top_ctx))
9227 return (NULL);
9228
9229 /* check for PPPoE discovery */
9230 return gen_linktype(cstate, ETHERTYPE_PPPOED);
9231 }
9232
9233 /*
9234 * RFC 2516 Section 4:
9235 *
9236 * The Ethernet payload for PPPoE is as follows:
9237 *
9238 * 1 2 3
9239 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
9240 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
9241 * | VER | TYPE | CODE | SESSION_ID |
9242 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
9243 * | LENGTH | payload ~
9244 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
9245 */
9246 struct block *
9247 gen_pppoes(compiler_state_t *cstate, bpf_u_int32 sess_num, int has_sess_num)
9248 {
9249 struct block *b0, *b1;
9250
9251 /*
9252 * Catch errors reported by us and routines below us, and return NULL
9253 * on an error.
9254 */
9255 if (setjmp(cstate->top_ctx))
9256 return (NULL);
9257
9258 /*
9259 * Test against the PPPoE session link-layer type.
9260 */
9261 b0 = gen_linktype(cstate, ETHERTYPE_PPPOES);
9262
9263 /* If a specific session is requested, check PPPoE session id */
9264 if (has_sess_num) {
9265 if (sess_num > UINT16_MAX) {
9266 bpf_error(cstate, "PPPoE session number %u greater than maximum %u",
9267 sess_num, UINT16_MAX);
9268 }
9269 b1 = gen_cmp(cstate, OR_LINKPL, 2, BPF_H, sess_num);
9270 gen_and(b0, b1);
9271 b0 = b1;
9272 }
9273
9274 /*
9275 * Change the offsets to point to the type and data fields within
9276 * the PPP packet, and note that this is PPPoE rather than
9277 * raw PPP.
9278 *
9279 * XXX - this is a bit of a kludge. See the comments in
9280 * gen_vlan().
9281 *
9282 * The "network-layer" protocol is PPPoE, which has a 6-byte
9283 * PPPoE header, followed by a PPP packet.
9284 *
9285 * There is no HDLC encapsulation for the PPP packet (it's
9286 * encapsulated in PPPoES instead), so the link-layer type
9287 * starts at the first byte of the PPP packet. For PPPoE,
9288 * that offset is relative to the beginning of the total
9289 * link-layer payload, including any 802.2 LLC header, so
9290 * it's 6 bytes past cstate->off_nl.
9291 */
9292 PUSH_LINKHDR(cstate, DLT_PPP, cstate->off_linkpl.is_variable,
9293 cstate->off_linkpl.constant_part + cstate->off_nl + 6, /* 6 bytes past the PPPoE header */
9294 cstate->off_linkpl.reg);
9295
9296 cstate->off_linktype = cstate->off_linkhdr;
9297 cstate->off_linkpl.constant_part = cstate->off_linkhdr.constant_part + 2;
9298
9299 cstate->off_nl = 0;
9300 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */
9301
9302 return b0;
9303 }
9304
9305 /* Check that this is Geneve and the VNI is correct if
9306 * specified. Parameterized to handle both IPv4 and IPv6. */
9307 static struct block *
9308 gen_geneve_check(compiler_state_t *cstate,
9309 struct block *(*gen_portfn)(compiler_state_t *, u_int, int, int),
9310 enum e_offrel offrel, bpf_u_int32 vni, int has_vni)
9311 {
9312 struct block *b0, *b1;
9313
9314 b0 = gen_portfn(cstate, GENEVE_PORT, IPPROTO_UDP, Q_DST);
9315
9316 /* Check that we are operating on version 0. Otherwise, we
9317 * can't decode the rest of the fields. The version is 2 bits
9318 * in the first byte of the Geneve header. */
9319 b1 = gen_mcmp(cstate, offrel, 8, BPF_B, 0, 0xc0);
9320 gen_and(b0, b1);
9321 b0 = b1;
9322
9323 if (has_vni) {
9324 if (vni > 0xffffff) {
9325 bpf_error(cstate, "Geneve VNI %u greater than maximum %u",
9326 vni, 0xffffff);
9327 }
9328 vni <<= 8; /* VNI is in the upper 3 bytes */
9329 b1 = gen_mcmp(cstate, offrel, 12, BPF_W, vni, 0xffffff00);
9330 gen_and(b0, b1);
9331 b0 = b1;
9332 }
9333
9334 return b0;
9335 }
9336
9337 /* The IPv4 and IPv6 Geneve checks need to do two things:
9338 * - Verify that this actually is Geneve with the right VNI.
9339 * - Place the IP header length (plus variable link prefix if
9340 * needed) into register A to be used later to compute
9341 * the inner packet offsets. */
9342 static struct block *
9343 gen_geneve4(compiler_state_t *cstate, bpf_u_int32 vni, int has_vni)
9344 {
9345 struct block *b0, *b1;
9346 struct slist *s, *s1;
9347
9348 b0 = gen_geneve_check(cstate, gen_port, OR_TRAN_IPV4, vni, has_vni);
9349
9350 /* Load the IP header length into A. */
9351 s = gen_loadx_iphdrlen(cstate);
9352
9353 s1 = new_stmt(cstate, BPF_MISC|BPF_TXA);
9354 sappend(s, s1);
9355
9356 /* Forcibly append these statements to the true condition
9357 * of the protocol check by creating a new block that is
9358 * always true and ANDing them. */
9359 b1 = new_block(cstate, BPF_JMP|BPF_JEQ|BPF_X);
9360 b1->stmts = s;
9361 b1->s.k = 0;
9362
9363 gen_and(b0, b1);
9364
9365 return b1;
9366 }
9367
9368 static struct block *
9369 gen_geneve6(compiler_state_t *cstate, bpf_u_int32 vni, int has_vni)
9370 {
9371 struct block *b0, *b1;
9372 struct slist *s, *s1;
9373
9374 b0 = gen_geneve_check(cstate, gen_port6, OR_TRAN_IPV6, vni, has_vni);
9375
9376 /* Load the IP header length. We need to account for a
9377 * variable length link prefix if there is one. */
9378 s = gen_abs_offset_varpart(cstate, &cstate->off_linkpl);
9379 if (s) {
9380 s1 = new_stmt(cstate, BPF_LD|BPF_IMM);
9381 s1->s.k = 40;
9382 sappend(s, s1);
9383
9384 s1 = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_X);
9385 s1->s.k = 0;
9386 sappend(s, s1);
9387 } else {
9388 s = new_stmt(cstate, BPF_LD|BPF_IMM);
9389 s->s.k = 40;
9390 }
9391
9392 /* Forcibly append these statements to the true condition
9393 * of the protocol check by creating a new block that is
9394 * always true and ANDing them. */
9395 s1 = new_stmt(cstate, BPF_MISC|BPF_TAX);
9396 sappend(s, s1);
9397
9398 b1 = new_block(cstate, BPF_JMP|BPF_JEQ|BPF_X);
9399 b1->stmts = s;
9400 b1->s.k = 0;
9401
9402 gen_and(b0, b1);
9403
9404 return b1;
9405 }
9406
9407 /* We need to store three values based on the Geneve header::
9408 * - The offset of the linktype.
9409 * - The offset of the end of the Geneve header.
9410 * - The offset of the end of the encapsulated MAC header. */
9411 static struct slist *
9412 gen_geneve_offsets(compiler_state_t *cstate)
9413 {
9414 struct slist *s, *s1, *s_proto;
9415
9416 /* First we need to calculate the offset of the Geneve header
9417 * itself. This is composed of the IP header previously calculated
9418 * (include any variable link prefix) and stored in A plus the
9419 * fixed sized headers (fixed link prefix, MAC length, and UDP
9420 * header). */
9421 s = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_K);
9422 s->s.k = cstate->off_linkpl.constant_part + cstate->off_nl + 8;
9423
9424 /* Stash this in X since we'll need it later. */
9425 s1 = new_stmt(cstate, BPF_MISC|BPF_TAX);
9426 sappend(s, s1);
9427
9428 /* The EtherType in Geneve is 2 bytes in. Calculate this and
9429 * store it. */
9430 s1 = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_K);
9431 s1->s.k = 2;
9432 sappend(s, s1);
9433
9434 cstate->off_linktype.reg = alloc_reg(cstate);
9435 cstate->off_linktype.is_variable = 1;
9436 cstate->off_linktype.constant_part = 0;
9437
9438 s1 = new_stmt(cstate, BPF_ST);
9439 s1->s.k = cstate->off_linktype.reg;
9440 sappend(s, s1);
9441
9442 /* Load the Geneve option length and mask and shift to get the
9443 * number of bytes. It is stored in the first byte of the Geneve
9444 * header. */
9445 s1 = new_stmt(cstate, BPF_LD|BPF_IND|BPF_B);
9446 s1->s.k = 0;
9447 sappend(s, s1);
9448
9449 s1 = new_stmt(cstate, BPF_ALU|BPF_AND|BPF_K);
9450 s1->s.k = 0x3f;
9451 sappend(s, s1);
9452
9453 s1 = new_stmt(cstate, BPF_ALU|BPF_MUL|BPF_K);
9454 s1->s.k = 4;
9455 sappend(s, s1);
9456
9457 /* Add in the rest of the Geneve base header. */
9458 s1 = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_K);
9459 s1->s.k = 8;
9460 sappend(s, s1);
9461
9462 /* Add the Geneve header length to its offset and store. */
9463 s1 = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_X);
9464 s1->s.k = 0;
9465 sappend(s, s1);
9466
9467 /* Set the encapsulated type as Ethernet. Even though we may
9468 * not actually have Ethernet inside there are two reasons this
9469 * is useful:
9470 * - The linktype field is always in EtherType format regardless
9471 * of whether it is in Geneve or an inner Ethernet frame.
9472 * - The only link layer that we have specific support for is
9473 * Ethernet. We will confirm that the packet actually is
9474 * Ethernet at runtime before executing these checks. */
9475 PUSH_LINKHDR(cstate, DLT_EN10MB, 1, 0, alloc_reg(cstate));
9476
9477 s1 = new_stmt(cstate, BPF_ST);
9478 s1->s.k = cstate->off_linkhdr.reg;
9479 sappend(s, s1);
9480
9481 /* Calculate whether we have an Ethernet header or just raw IP/
9482 * MPLS/etc. If we have Ethernet, advance the end of the MAC offset
9483 * and linktype by 14 bytes so that the network header can be found
9484 * seamlessly. Otherwise, keep what we've calculated already. */
9485
9486 /* We have a bare jmp so we can't use the optimizer. */
9487 cstate->no_optimize = 1;
9488
9489 /* Load the EtherType in the Geneve header, 2 bytes in. */
9490 s1 = new_stmt(cstate, BPF_LD|BPF_IND|BPF_H);
9491 s1->s.k = 2;
9492 sappend(s, s1);
9493
9494 /* Load X with the end of the Geneve header. */
9495 s1 = new_stmt(cstate, BPF_LDX|BPF_MEM);
9496 s1->s.k = cstate->off_linkhdr.reg;
9497 sappend(s, s1);
9498
9499 /* Check if the EtherType is Transparent Ethernet Bridging. At the
9500 * end of this check, we should have the total length in X. In
9501 * the non-Ethernet case, it's already there. */
9502 s_proto = new_stmt(cstate, JMP(BPF_JEQ));
9503 s_proto->s.k = ETHERTYPE_TEB;
9504 sappend(s, s_proto);
9505
9506 s1 = new_stmt(cstate, BPF_MISC|BPF_TXA);
9507 sappend(s, s1);
9508 s_proto->s.jt = s1;
9509
9510 /* Since this is Ethernet, use the EtherType of the payload
9511 * directly as the linktype. Overwrite what we already have. */
9512 s1 = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_K);
9513 s1->s.k = 12;
9514 sappend(s, s1);
9515
9516 s1 = new_stmt(cstate, BPF_ST);
9517 s1->s.k = cstate->off_linktype.reg;
9518 sappend(s, s1);
9519
9520 /* Advance two bytes further to get the end of the Ethernet
9521 * header. */
9522 s1 = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_K);
9523 s1->s.k = 2;
9524 sappend(s, s1);
9525
9526 /* Move the result to X. */
9527 s1 = new_stmt(cstate, BPF_MISC|BPF_TAX);
9528 sappend(s, s1);
9529
9530 /* Store the final result of our linkpl calculation. */
9531 cstate->off_linkpl.reg = alloc_reg(cstate);
9532 cstate->off_linkpl.is_variable = 1;
9533 cstate->off_linkpl.constant_part = 0;
9534
9535 s1 = new_stmt(cstate, BPF_STX);
9536 s1->s.k = cstate->off_linkpl.reg;
9537 sappend(s, s1);
9538 s_proto->s.jf = s1;
9539
9540 cstate->off_nl = 0;
9541
9542 return s;
9543 }
9544
9545 /* Check to see if this is a Geneve packet. */
9546 struct block *
9547 gen_geneve(compiler_state_t *cstate, bpf_u_int32 vni, int has_vni)
9548 {
9549 struct block *b0, *b1;
9550 struct slist *s;
9551
9552 /*
9553 * Catch errors reported by us and routines below us, and return NULL
9554 * on an error.
9555 */
9556 if (setjmp(cstate->top_ctx))
9557 return (NULL);
9558
9559 b0 = gen_geneve4(cstate, vni, has_vni);
9560 b1 = gen_geneve6(cstate, vni, has_vni);
9561
9562 gen_or(b0, b1);
9563 b0 = b1;
9564
9565 /* Later filters should act on the payload of the Geneve frame,
9566 * update all of the header pointers. Attach this code so that
9567 * it gets executed in the event that the Geneve filter matches. */
9568 s = gen_geneve_offsets(cstate);
9569
9570 b1 = gen_true(cstate);
9571 sappend(s, b1->stmts);
9572 b1->stmts = s;
9573
9574 gen_and(b0, b1);
9575
9576 cstate->is_encap = 1;
9577
9578 return b1;
9579 }
9580
9581 /* Check that this is VXLAN and the VNI is correct if
9582 * specified. Parameterized to handle both IPv4 and IPv6. */
9583 static struct block *
9584 gen_vxlan_check(compiler_state_t *cstate,
9585 struct block *(*gen_portfn)(compiler_state_t *, u_int, int, int),
9586 enum e_offrel offrel, bpf_u_int32 vni, int has_vni)
9587 {
9588 struct block *b0, *b1;
9589
9590 b0 = gen_portfn(cstate, VXLAN_PORT, IPPROTO_UDP, Q_DST);
9591
9592 /* Check that the VXLAN header has the flag bits set
9593 * correctly. */
9594 b1 = gen_cmp(cstate, offrel, 8, BPF_B, 0x08);
9595 gen_and(b0, b1);
9596 b0 = b1;
9597
9598 if (has_vni) {
9599 if (vni > 0xffffff) {
9600 bpf_error(cstate, "VXLAN VNI %u greater than maximum %u",
9601 vni, 0xffffff);
9602 }
9603 vni <<= 8; /* VNI is in the upper 3 bytes */
9604 b1 = gen_mcmp(cstate, offrel, 12, BPF_W, vni, 0xffffff00);
9605 gen_and(b0, b1);
9606 b0 = b1;
9607 }
9608
9609 return b0;
9610 }
9611
9612 /* The IPv4 and IPv6 VXLAN checks need to do two things:
9613 * - Verify that this actually is VXLAN with the right VNI.
9614 * - Place the IP header length (plus variable link prefix if
9615 * needed) into register A to be used later to compute
9616 * the inner packet offsets. */
9617 static struct block *
9618 gen_vxlan4(compiler_state_t *cstate, bpf_u_int32 vni, int has_vni)
9619 {
9620 struct block *b0, *b1;
9621 struct slist *s, *s1;
9622
9623 b0 = gen_vxlan_check(cstate, gen_port, OR_TRAN_IPV4, vni, has_vni);
9624
9625 /* Load the IP header length into A. */
9626 s = gen_loadx_iphdrlen(cstate);
9627
9628 s1 = new_stmt(cstate, BPF_MISC|BPF_TXA);
9629 sappend(s, s1);
9630
9631 /* Forcibly append these statements to the true condition
9632 * of the protocol check by creating a new block that is
9633 * always true and ANDing them. */
9634 b1 = new_block(cstate, BPF_JMP|BPF_JEQ|BPF_X);
9635 b1->stmts = s;
9636 b1->s.k = 0;
9637
9638 gen_and(b0, b1);
9639
9640 return b1;
9641 }
9642
9643 static struct block *
9644 gen_vxlan6(compiler_state_t *cstate, bpf_u_int32 vni, int has_vni)
9645 {
9646 struct block *b0, *b1;
9647 struct slist *s, *s1;
9648
9649 b0 = gen_vxlan_check(cstate, gen_port6, OR_TRAN_IPV6, vni, has_vni);
9650
9651 /* Load the IP header length. We need to account for a
9652 * variable length link prefix if there is one. */
9653 s = gen_abs_offset_varpart(cstate, &cstate->off_linkpl);
9654 if (s) {
9655 s1 = new_stmt(cstate, BPF_LD|BPF_IMM);
9656 s1->s.k = 40;
9657 sappend(s, s1);
9658
9659 s1 = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_X);
9660 s1->s.k = 0;
9661 sappend(s, s1);
9662 } else {
9663 s = new_stmt(cstate, BPF_LD|BPF_IMM);
9664 s->s.k = 40;
9665 }
9666
9667 /* Forcibly append these statements to the true condition
9668 * of the protocol check by creating a new block that is
9669 * always true and ANDing them. */
9670 s1 = new_stmt(cstate, BPF_MISC|BPF_TAX);
9671 sappend(s, s1);
9672
9673 b1 = new_block(cstate, BPF_JMP|BPF_JEQ|BPF_X);
9674 b1->stmts = s;
9675 b1->s.k = 0;
9676
9677 gen_and(b0, b1);
9678
9679 return b1;
9680 }
9681
9682 /* We need to store three values based on the VXLAN header:
9683 * - The offset of the linktype.
9684 * - The offset of the end of the VXLAN header.
9685 * - The offset of the end of the encapsulated MAC header. */
9686 static struct slist *
9687 gen_vxlan_offsets(compiler_state_t *cstate)
9688 {
9689 struct slist *s, *s1;
9690
9691 /* Calculate the offset of the VXLAN header itself. This
9692 * includes the IP header computed previously (including any
9693 * variable link prefix) and stored in A plus the fixed size
9694 * headers (fixed link prefix, MAC length, UDP header). */
9695 s = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_K);
9696 s->s.k = cstate->off_linkpl.constant_part + cstate->off_nl + 8;
9697
9698 /* Add the VXLAN header length to its offset and store */
9699 s1 = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_K);
9700 s1->s.k = 8;
9701 sappend(s, s1);
9702
9703 /* Push the link header. VXLAN packets always contain Ethernet
9704 * frames. */
9705 PUSH_LINKHDR(cstate, DLT_EN10MB, 1, 0, alloc_reg(cstate));
9706
9707 s1 = new_stmt(cstate, BPF_ST);
9708 s1->s.k = cstate->off_linkhdr.reg;
9709 sappend(s, s1);
9710
9711 /* As the payload is an Ethernet packet, we can use the
9712 * EtherType of the payload directly as the linktype. */
9713 s1 = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_K);
9714 s1->s.k = 12;
9715 sappend(s, s1);
9716
9717 cstate->off_linktype.reg = alloc_reg(cstate);
9718 cstate->off_linktype.is_variable = 1;
9719 cstate->off_linktype.constant_part = 0;
9720
9721 s1 = new_stmt(cstate, BPF_ST);
9722 s1->s.k = cstate->off_linktype.reg;
9723 sappend(s, s1);
9724
9725 /* Two bytes further is the end of the Ethernet header and the
9726 * start of the payload. */
9727 s1 = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_K);
9728 s1->s.k = 2;
9729 sappend(s, s1);
9730
9731 /* Move the result to X. */
9732 s1 = new_stmt(cstate, BPF_MISC|BPF_TAX);
9733 sappend(s, s1);
9734
9735 /* Store the final result of our linkpl calculation. */
9736 cstate->off_linkpl.reg = alloc_reg(cstate);
9737 cstate->off_linkpl.is_variable = 1;
9738 cstate->off_linkpl.constant_part = 0;
9739
9740 s1 = new_stmt(cstate, BPF_STX);
9741 s1->s.k = cstate->off_linkpl.reg;
9742 sappend(s, s1);
9743
9744 cstate->off_nl = 0;
9745
9746 return s;
9747 }
9748
9749 /* Check to see if this is a VXLAN packet. */
9750 struct block *
9751 gen_vxlan(compiler_state_t *cstate, bpf_u_int32 vni, int has_vni)
9752 {
9753 struct block *b0, *b1;
9754 struct slist *s;
9755
9756 /*
9757 * Catch errors reported by us and routines below us, and return NULL
9758 * on an error.
9759 */
9760 if (setjmp(cstate->top_ctx))
9761 return (NULL);
9762
9763 b0 = gen_vxlan4(cstate, vni, has_vni);
9764 b1 = gen_vxlan6(cstate, vni, has_vni);
9765
9766 gen_or(b0, b1);
9767 b0 = b1;
9768
9769 /* Later filters should act on the payload of the VXLAN frame,
9770 * update all of the header pointers. Attach this code so that
9771 * it gets executed in the event that the VXLAN filter matches. */
9772 s = gen_vxlan_offsets(cstate);
9773
9774 b1 = gen_true(cstate);
9775 sappend(s, b1->stmts);
9776 b1->stmts = s;
9777
9778 gen_and(b0, b1);
9779
9780 cstate->is_encap = 1;
9781
9782 return b1;
9783 }
9784
9785 /* Check that the encapsulated frame has a link layer header
9786 * for Ethernet filters. */
9787 static struct block *
9788 gen_encap_ll_check(compiler_state_t *cstate)
9789 {
9790 struct block *b0;
9791 struct slist *s, *s1;
9792
9793 /* The easiest way to see if there is a link layer present
9794 * is to check if the link layer header and payload are not
9795 * the same. */
9796
9797 /* Geneve always generates pure variable offsets so we can
9798 * compare only the registers. */
9799 s = new_stmt(cstate, BPF_LD|BPF_MEM);
9800 s->s.k = cstate->off_linkhdr.reg;
9801
9802 s1 = new_stmt(cstate, BPF_LDX|BPF_MEM);
9803 s1->s.k = cstate->off_linkpl.reg;
9804 sappend(s, s1);
9805
9806 b0 = new_block(cstate, BPF_JMP|BPF_JEQ|BPF_X);
9807 b0->stmts = s;
9808 b0->s.k = 0;
9809 gen_not(b0);
9810
9811 return b0;
9812 }
9813
9814 static struct block *
9815 gen_atmfield_code_internal(compiler_state_t *cstate, int atmfield,
9816 bpf_u_int32 jvalue, int jtype, int reverse)
9817 {
9818 struct block *b0;
9819
9820 /*
9821 * This check is a no-op for A_MSGTYPE so long as the only incoming
9822 * code path is from gen_atmmulti_abbrev(), which makes the same
9823 * check first; also for A_PROTOTYPE so long as the only incoming code
9824 * paths are from gen_atmtype_abbrev(), which makes the same check
9825 * first, or from gen_llc_internal() or gen_linktype(), which restrict
9826 * it to DLT_SUNATM.
9827 */
9828 assert_atm(cstate, atmkw(atmfield));
9829
9830 switch (atmfield) {
9831
9832 case A_VPI:
9833 if (jvalue > UINT8_MAX)
9834 bpf_error(cstate, "VPI value %u > %u", jvalue, UINT8_MAX);
9835 b0 = gen_ncmp(cstate, OR_LINKHDR, cstate->off_vpi, BPF_B,
9836 0xffffffffU, jtype, reverse, jvalue);
9837 break;
9838
9839 case A_VCI:
9840 if (jvalue > UINT16_MAX)
9841 bpf_error(cstate, "VCI value %u > %u", jvalue, UINT16_MAX);
9842 b0 = gen_ncmp(cstate, OR_LINKHDR, cstate->off_vci, BPF_H,
9843 0xffffffffU, jtype, reverse, jvalue);
9844 break;
9845
9846 case A_PROTOTYPE:
9847 b0 = gen_ncmp(cstate, OR_LINKHDR, cstate->off_proto, BPF_B,
9848 0x0fU, jtype, reverse, jvalue);
9849 break;
9850
9851 case A_MSGTYPE:
9852 b0 = gen_ncmp(cstate, OR_LINKHDR, cstate->off_payload + MSG_TYPE_POS, BPF_B,
9853 0xffffffffU, jtype, reverse, jvalue);
9854 break;
9855
9856 default:
9857 abort();
9858 }
9859 return b0;
9860 }
9861
9862 static struct block *
9863 gen_atmtype_metac(compiler_state_t *cstate)
9864 {
9865 struct block *b0, *b1;
9866
9867 b0 = gen_atmfield_code_internal(cstate, A_VPI, 0, BPF_JEQ, 0);
9868 b1 = gen_atmfield_code_internal(cstate, A_VCI, 1, BPF_JEQ, 0);
9869 gen_and(b0, b1);
9870 return b1;
9871 }
9872
9873 static struct block *
9874 gen_atmtype_sc(compiler_state_t *cstate)
9875 {
9876 struct block *b0, *b1;
9877
9878 b0 = gen_atmfield_code_internal(cstate, A_VPI, 0, BPF_JEQ, 0);
9879 b1 = gen_atmfield_code_internal(cstate, A_VCI, 5, BPF_JEQ, 0);
9880 gen_and(b0, b1);
9881 return b1;
9882 }
9883
9884 static struct block *
9885 gen_atmtype_llc(compiler_state_t *cstate)
9886 {
9887 struct block *b0;
9888
9889 b0 = gen_atmfield_code_internal(cstate, A_PROTOTYPE, PT_LLC, BPF_JEQ, 0);
9890 cstate->linktype = cstate->prevlinktype;
9891 return b0;
9892 }
9893
9894 struct block *
9895 gen_atmfield_code(compiler_state_t *cstate, int atmfield,
9896 bpf_u_int32 jvalue, int jtype, int reverse)
9897 {
9898 /*
9899 * Catch errors reported by us and routines below us, and return NULL
9900 * on an error.
9901 */
9902 if (setjmp(cstate->top_ctx))
9903 return (NULL);
9904
9905 return gen_atmfield_code_internal(cstate, atmfield, jvalue, jtype,
9906 reverse);
9907 }
9908
9909 struct block *
9910 gen_atmtype_abbrev(compiler_state_t *cstate, int type)
9911 {
9912 struct block *b0, *b1;
9913
9914 /*
9915 * Catch errors reported by us and routines below us, and return NULL
9916 * on an error.
9917 */
9918 if (setjmp(cstate->top_ctx))
9919 return (NULL);
9920
9921 assert_atm(cstate, atmkw(type));
9922
9923 switch (type) {
9924
9925 case A_METAC:
9926 /* Get all packets in Meta signalling Circuit */
9927 b1 = gen_atmtype_metac(cstate);
9928 break;
9929
9930 case A_BCC:
9931 /* Get all packets in Broadcast Circuit*/
9932 b0 = gen_atmfield_code_internal(cstate, A_VPI, 0, BPF_JEQ, 0);
9933 b1 = gen_atmfield_code_internal(cstate, A_VCI, 2, BPF_JEQ, 0);
9934 gen_and(b0, b1);
9935 break;
9936
9937 case A_OAMF4SC:
9938 /* Get all cells in Segment OAM F4 circuit*/
9939 b0 = gen_atmfield_code_internal(cstate, A_VPI, 0, BPF_JEQ, 0);
9940 b1 = gen_atmfield_code_internal(cstate, A_VCI, 3, BPF_JEQ, 0);
9941 gen_and(b0, b1);
9942 break;
9943
9944 case A_OAMF4EC:
9945 /* Get all cells in End-to-End OAM F4 Circuit*/
9946 b0 = gen_atmfield_code_internal(cstate, A_VPI, 0, BPF_JEQ, 0);
9947 b1 = gen_atmfield_code_internal(cstate, A_VCI, 4, BPF_JEQ, 0);
9948 gen_and(b0, b1);
9949 break;
9950
9951 case A_SC:
9952 /* Get all packets in connection Signalling Circuit */
9953 b1 = gen_atmtype_sc(cstate);
9954 break;
9955
9956 case A_ILMIC:
9957 /* Get all packets in ILMI Circuit */
9958 b0 = gen_atmfield_code_internal(cstate, A_VPI, 0, BPF_JEQ, 0);
9959 b1 = gen_atmfield_code_internal(cstate, A_VCI, 16, BPF_JEQ, 0);
9960 gen_and(b0, b1);
9961 break;
9962
9963 case A_LANE:
9964 /* Get all LANE packets */
9965 b1 = gen_atmfield_code_internal(cstate, A_PROTOTYPE, PT_LANE, BPF_JEQ, 0);
9966
9967 /*
9968 * Arrange that all subsequent tests assume LANE
9969 * rather than LLC-encapsulated packets, and set
9970 * the offsets appropriately for LANE-encapsulated
9971 * Ethernet.
9972 *
9973 * We assume LANE means Ethernet, not Token Ring.
9974 */
9975 PUSH_LINKHDR(cstate, DLT_EN10MB, 0,
9976 cstate->off_payload + 2, /* Ethernet header */
9977 -1);
9978 cstate->off_linktype.constant_part = cstate->off_linkhdr.constant_part + 12;
9979 cstate->off_linkpl.constant_part = cstate->off_linkhdr.constant_part + 14; /* Ethernet */
9980 cstate->off_nl = 0; /* Ethernet II */
9981 cstate->off_nl_nosnap = 3; /* 802.3+802.2 */
9982 break;
9983
9984 default:
9985 abort();
9986 }
9987 return b1;
9988 }
9989
9990 /*
9991 * Filtering for MTP2 messages based on li value
9992 * FISU, length is null
9993 * LSSU, length is 1 or 2
9994 * MSU, length is 3 or more
9995 * For MTP2_HSL, sequences are on 2 bytes, and length on 9 bits
9996 */
9997 struct block *
9998 gen_mtp2type_abbrev(compiler_state_t *cstate, int type)
9999 {
10000 struct block *b0, *b1;
10001
10002 /*
10003 * Catch errors reported by us and routines below us, and return NULL
10004 * on an error.
10005 */
10006 if (setjmp(cstate->top_ctx))
10007 return (NULL);
10008
10009 switch (type) {
10010
10011 case M_FISU:
10012 if ( (cstate->linktype != DLT_MTP2) &&
10013 (cstate->linktype != DLT_ERF) &&
10014 (cstate->linktype != DLT_MTP2_WITH_PHDR) )
10015 bpf_error(cstate, "'fisu' supported only on MTP2");
10016 /* gen_ncmp(cstate, offrel, offset, size, mask, jtype, reverse, value) */
10017 b0 = gen_ncmp(cstate, OR_PACKET, cstate->off_li, BPF_B,
10018 0x3fU, BPF_JEQ, 0, 0U);
10019 break;
10020
10021 case M_LSSU:
10022 if ( (cstate->linktype != DLT_MTP2) &&
10023 (cstate->linktype != DLT_ERF) &&
10024 (cstate->linktype != DLT_MTP2_WITH_PHDR) )
10025 bpf_error(cstate, "'lssu' supported only on MTP2");
10026 b0 = gen_ncmp(cstate, OR_PACKET, cstate->off_li, BPF_B,
10027 0x3fU, BPF_JGT, 1, 2U);
10028 b1 = gen_ncmp(cstate, OR_PACKET, cstate->off_li, BPF_B,
10029 0x3fU, BPF_JGT, 0, 0U);
10030 gen_and(b1, b0);
10031 break;
10032
10033 case M_MSU:
10034 if ( (cstate->linktype != DLT_MTP2) &&
10035 (cstate->linktype != DLT_ERF) &&
10036 (cstate->linktype != DLT_MTP2_WITH_PHDR) )
10037 bpf_error(cstate, "'msu' supported only on MTP2");
10038 b0 = gen_ncmp(cstate, OR_PACKET, cstate->off_li, BPF_B,
10039 0x3fU, BPF_JGT, 0, 2U);
10040 break;
10041
10042 case MH_FISU:
10043 if ( (cstate->linktype != DLT_MTP2) &&
10044 (cstate->linktype != DLT_ERF) &&
10045 (cstate->linktype != DLT_MTP2_WITH_PHDR) )
10046 bpf_error(cstate, "'hfisu' supported only on MTP2_HSL");
10047 /* gen_ncmp(cstate, offrel, offset, size, mask, jtype, reverse, value) */
10048 b0 = gen_ncmp(cstate, OR_PACKET, cstate->off_li_hsl, BPF_H,
10049 0xff80U, BPF_JEQ, 0, 0U);
10050 break;
10051
10052 case MH_LSSU:
10053 if ( (cstate->linktype != DLT_MTP2) &&
10054 (cstate->linktype != DLT_ERF) &&
10055 (cstate->linktype != DLT_MTP2_WITH_PHDR) )
10056 bpf_error(cstate, "'hlssu' supported only on MTP2_HSL");
10057 b0 = gen_ncmp(cstate, OR_PACKET, cstate->off_li_hsl, BPF_H,
10058 0xff80U, BPF_JGT, 1, 0x0100U);
10059 b1 = gen_ncmp(cstate, OR_PACKET, cstate->off_li_hsl, BPF_H,
10060 0xff80U, BPF_JGT, 0, 0U);
10061 gen_and(b1, b0);
10062 break;
10063
10064 case MH_MSU:
10065 if ( (cstate->linktype != DLT_MTP2) &&
10066 (cstate->linktype != DLT_ERF) &&
10067 (cstate->linktype != DLT_MTP2_WITH_PHDR) )
10068 bpf_error(cstate, "'hmsu' supported only on MTP2_HSL");
10069 b0 = gen_ncmp(cstate, OR_PACKET, cstate->off_li_hsl, BPF_H,
10070 0xff80U, BPF_JGT, 0, 0x0100U);
10071 break;
10072
10073 default:
10074 abort();
10075 }
10076 return b0;
10077 }
10078
10079 /*
10080 * These maximum valid values are all-ones, so they double as the bitmasks
10081 * before any bitwise shifting.
10082 */
10083 #define MTP2_SIO_MAXVAL UINT8_MAX
10084 #define MTP3_PC_MAXVAL 0x3fffU
10085 #define MTP3_SLS_MAXVAL 0xfU
10086
10087 static struct block *
10088 gen_mtp3field_code_internal(compiler_state_t *cstate, int mtp3field,
10089 bpf_u_int32 jvalue, int jtype, int reverse)
10090 {
10091 struct block *b0;
10092 u_int newoff_sio;
10093 u_int newoff_opc;
10094 u_int newoff_dpc;
10095 u_int newoff_sls;
10096
10097 newoff_sio = cstate->off_sio;
10098 newoff_opc = cstate->off_opc;
10099 newoff_dpc = cstate->off_dpc;
10100 newoff_sls = cstate->off_sls;
10101 switch (mtp3field) {
10102
10103 /*
10104 * See UTU-T Rec. Q.703, Section 2.2, Figure 3/Q.703.
10105 *
10106 * SIO is the simplest field: the size is one byte and the offset is a
10107 * multiple of bytes, so the only detail to get right is the value of
10108 * the [right-to-left] field offset.
10109 */
10110 case MH_SIO:
10111 newoff_sio += 3; /* offset for MTP2_HSL */
10112 /* FALLTHROUGH */
10113
10114 case M_SIO:
10115 if (cstate->off_sio == OFFSET_NOT_SET)
10116 bpf_error(cstate, "'sio' supported only on SS7");
10117 if(jvalue > MTP2_SIO_MAXVAL)
10118 bpf_error(cstate, "sio value %u too big; max value = %u",
10119 jvalue, MTP2_SIO_MAXVAL);
10120 // Here the bitmask means "do not apply a bitmask".
10121 b0 = gen_ncmp(cstate, OR_PACKET, newoff_sio, BPF_B, UINT32_MAX,
10122 jtype, reverse, jvalue);
10123 break;
10124
10125 /*
10126 * See UTU-T Rec. Q.704, Section 2.2, Figure 3/Q.704.
10127 *
10128 * SLS, OPC and DPC are more complicated: none of these is sized in a
10129 * multiple of 8 bits, MTP3 encoding is little-endian and MTP packet
10130 * diagrams are meant to be read right-to-left. This means in the
10131 * diagrams within individual fields and concatenations thereof
10132 * bitwise shifts and masks can be noted in the common left-to-right
10133 * manner until each final value is ready to be byte-swapped and
10134 * handed to gen_ncmp(). See also gen_dnhostop(), which solves a
10135 * similar problem in a similar way.
10136 *
10137 * Offsets of fields within the packet header always have the
10138 * right-to-left meaning. Note that in DLT_MTP2 and possibly other
10139 * DLTs the offset does not include the F (Flag) field at the
10140 * beginning of each message.
10141 *
10142 * For example, if the 8-bit SIO field has a 3 byte [RTL] offset, the
10143 * 32-bit standard routing header has a 4 byte [RTL] offset and could
10144 * be tested entirely using a single BPF_W comparison. In this case
10145 * the 14-bit DPC field [LTR] bitmask would be 0x3FFF, the 14-bit OPC
10146 * field [LTR] bitmask would be (0x3FFF << 14) and the 4-bit SLS field
10147 * [LTR] bitmask would be (0xF << 28), all of which conveniently
10148 * correlates with the [RTL] packet diagram until the byte-swapping is
10149 * done before use.
10150 *
10151 * The code below uses this approach for OPC, which spans 3 bytes.
10152 * DPC and SLS use shorter loads, SLS also uses a different offset.
10153 */
10154 case MH_OPC:
10155 newoff_opc += 3;
10156
10157 /* FALLTHROUGH */
10158 case M_OPC:
10159 if (cstate->off_opc == OFFSET_NOT_SET)
10160 bpf_error(cstate, "'opc' supported only on SS7");
10161 if (jvalue > MTP3_PC_MAXVAL)
10162 bpf_error(cstate, "opc value %u too big; max value = %u",
10163 jvalue, MTP3_PC_MAXVAL);
10164 b0 = gen_ncmp(cstate, OR_PACKET, newoff_opc, BPF_W,
10165 SWAPLONG(MTP3_PC_MAXVAL << 14), jtype, reverse,
10166 SWAPLONG(jvalue << 14));
10167 break;
10168
10169 case MH_DPC:
10170 newoff_dpc += 3;
10171 /* FALLTHROUGH */
10172
10173 case M_DPC:
10174 if (cstate->off_dpc == OFFSET_NOT_SET)
10175 bpf_error(cstate, "'dpc' supported only on SS7");
10176 if (jvalue > MTP3_PC_MAXVAL)
10177 bpf_error(cstate, "dpc value %u too big; max value = %u",
10178 jvalue, MTP3_PC_MAXVAL);
10179 b0 = gen_ncmp(cstate, OR_PACKET, newoff_dpc, BPF_H,
10180 SWAPSHORT(MTP3_PC_MAXVAL), jtype, reverse,
10181 SWAPSHORT(jvalue));
10182 break;
10183
10184 case MH_SLS:
10185 newoff_sls += 3;
10186 /* FALLTHROUGH */
10187
10188 case M_SLS:
10189 if (cstate->off_sls == OFFSET_NOT_SET)
10190 bpf_error(cstate, "'sls' supported only on SS7");
10191 if (jvalue > MTP3_SLS_MAXVAL)
10192 bpf_error(cstate, "sls value %u too big; max value = %u",
10193 jvalue, MTP3_SLS_MAXVAL);
10194 b0 = gen_ncmp(cstate, OR_PACKET, newoff_sls, BPF_B,
10195 MTP3_SLS_MAXVAL << 4, jtype, reverse,
10196 jvalue << 4);
10197 break;
10198
10199 default:
10200 abort();
10201 }
10202 return b0;
10203 }
10204
10205 struct block *
10206 gen_mtp3field_code(compiler_state_t *cstate, int mtp3field,
10207 bpf_u_int32 jvalue, int jtype, int reverse)
10208 {
10209 /*
10210 * Catch errors reported by us and routines below us, and return NULL
10211 * on an error.
10212 */
10213 if (setjmp(cstate->top_ctx))
10214 return (NULL);
10215
10216 return gen_mtp3field_code_internal(cstate, mtp3field, jvalue, jtype,
10217 reverse);
10218 }
10219
10220 static struct block *
10221 gen_msg_abbrev(compiler_state_t *cstate, int type)
10222 {
10223 struct block *b1;
10224
10225 /*
10226 * Q.2931 signalling protocol messages for handling virtual circuits
10227 * establishment and teardown
10228 */
10229 switch (type) {
10230
10231 case A_SETUP:
10232 b1 = gen_atmfield_code_internal(cstate, A_MSGTYPE, SETUP, BPF_JEQ, 0);
10233 break;
10234
10235 case A_CALLPROCEED:
10236 b1 = gen_atmfield_code_internal(cstate, A_MSGTYPE, CALL_PROCEED, BPF_JEQ, 0);
10237 break;
10238
10239 case A_CONNECT:
10240 b1 = gen_atmfield_code_internal(cstate, A_MSGTYPE, CONNECT, BPF_JEQ, 0);
10241 break;
10242
10243 case A_CONNECTACK:
10244 b1 = gen_atmfield_code_internal(cstate, A_MSGTYPE, CONNECT_ACK, BPF_JEQ, 0);
10245 break;
10246
10247 case A_RELEASE:
10248 b1 = gen_atmfield_code_internal(cstate, A_MSGTYPE, RELEASE, BPF_JEQ, 0);
10249 break;
10250
10251 case A_RELEASE_DONE:
10252 b1 = gen_atmfield_code_internal(cstate, A_MSGTYPE, RELEASE_DONE, BPF_JEQ, 0);
10253 break;
10254
10255 default:
10256 abort();
10257 }
10258 return b1;
10259 }
10260
10261 struct block *
10262 gen_atmmulti_abbrev(compiler_state_t *cstate, int type)
10263 {
10264 struct block *b0, *b1;
10265
10266 /*
10267 * Catch errors reported by us and routines below us, and return NULL
10268 * on an error.
10269 */
10270 if (setjmp(cstate->top_ctx))
10271 return (NULL);
10272
10273 assert_atm(cstate, atmkw(type));
10274
10275 switch (type) {
10276
10277 case A_OAM:
10278 /* OAM F4 type */
10279 b0 = gen_atmfield_code_internal(cstate, A_VCI, 3, BPF_JEQ, 0);
10280 b1 = gen_atmfield_code_internal(cstate, A_VCI, 4, BPF_JEQ, 0);
10281 gen_or(b0, b1);
10282 b0 = gen_atmfield_code_internal(cstate, A_VPI, 0, BPF_JEQ, 0);
10283 gen_and(b0, b1);
10284 break;
10285
10286 case A_OAMF4:
10287 /* OAM F4 type */
10288 b0 = gen_atmfield_code_internal(cstate, A_VCI, 3, BPF_JEQ, 0);
10289 b1 = gen_atmfield_code_internal(cstate, A_VCI, 4, BPF_JEQ, 0);
10290 gen_or(b0, b1);
10291 b0 = gen_atmfield_code_internal(cstate, A_VPI, 0, BPF_JEQ, 0);
10292 gen_and(b0, b1);
10293 break;
10294
10295 case A_CONNECTMSG:
10296 /*
10297 * Get Q.2931 signalling messages for switched
10298 * virtual connection
10299 */
10300 b0 = gen_msg_abbrev(cstate, A_SETUP);
10301 b1 = gen_msg_abbrev(cstate, A_CALLPROCEED);
10302 gen_or(b0, b1);
10303 b0 = gen_msg_abbrev(cstate, A_CONNECT);
10304 gen_or(b0, b1);
10305 b0 = gen_msg_abbrev(cstate, A_CONNECTACK);
10306 gen_or(b0, b1);
10307 b0 = gen_msg_abbrev(cstate, A_RELEASE);
10308 gen_or(b0, b1);
10309 b0 = gen_msg_abbrev(cstate, A_RELEASE_DONE);
10310 gen_or(b0, b1);
10311 b0 = gen_atmtype_sc(cstate);
10312 gen_and(b0, b1);
10313 break;
10314
10315 case A_METACONNECT:
10316 b0 = gen_msg_abbrev(cstate, A_SETUP);
10317 b1 = gen_msg_abbrev(cstate, A_CALLPROCEED);
10318 gen_or(b0, b1);
10319 b0 = gen_msg_abbrev(cstate, A_CONNECT);
10320 gen_or(b0, b1);
10321 b0 = gen_msg_abbrev(cstate, A_RELEASE);
10322 gen_or(b0, b1);
10323 b0 = gen_msg_abbrev(cstate, A_RELEASE_DONE);
10324 gen_or(b0, b1);
10325 b0 = gen_atmtype_metac(cstate);
10326 gen_and(b0, b1);
10327 break;
10328
10329 default:
10330 abort();
10331 }
10332 return b1;
10333 }
[mirror] the LIBpcap interface to various kernel packet capture mechanism