]> The Tcpdump Group git mirrors - libpcap/blob - gencode.c
projects / libpcap / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Tony Li's changes, from FreeBSD, to support filtering for OSI packets
[libpcap] / gencode.c
1 /*#define CHASE_CHAIN*/
2 /*
3 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998
4 * The Regents of the University of California. All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that: (1) source code distributions
8 * retain the above copyright notice and this paragraph in its entirety, (2)
9 * distributions including binary code include the above copyright notice and
10 * this paragraph in its entirety in the documentation or other materials
11 * provided with the distribution, and (3) all advertising materials mentioning
12 * features or use of this software display the following acknowledgement:
13 * ``This product includes software developed by the University of California,
14 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
15 * the University nor the names of its contributors may be used to endorse
16 * or promote products derived from this software without specific prior
17 * written permission.
18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
19 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
20 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
21 */
22 #ifndef lint
23 static const char rcsid[] =
24 "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.129 2000-10-28 09:30:21 guy Exp $ (LBL)";
25 #endif
26
27 #ifdef HAVE_CONFIG_H
28 #include "config.h"
29 #endif
30
31 #include <sys/types.h>
32 #include <sys/socket.h>
33 #include <sys/time.h>
34 #ifdef __NetBSD__
35 #include <sys/param.h>
36 #endif
37
38 struct mbuf;
39 struct rtentry;
40 #include <net/if.h>
41
42 #include <netinet/in.h>
43
44 #include <stdlib.h>
45 #include <string.h>
46 #include <memory.h>
47 #include <setjmp.h>
48 #include <stdarg.h>
49
50 #include "pcap-int.h"
51
52 #include "ethertype.h"
53 #include "nlpid.h"
54 #include "gencode.h"
55 #include "ppp.h"
56 #include <pcap-namedb.h>
57 #ifdef INET6
58 #include <netdb.h>
59 #include <sys/socket.h>
60 #endif /*INET6*/
61
62 #define LLC_ISO_LSAP 0xfe
63
64 #define ETHERMTU 1500
65
66 #ifdef HAVE_OS_PROTO_H
67 #include "os-proto.h"
68 #endif
69
70 #define JMP(c) ((c)|BPF_JMP|BPF_K)
71
72 /* Locals */
73 static jmp_buf top_ctx;
74 static pcap_t *bpf_pcap;
75
76 /* XXX */
77 #ifdef PCAP_FDDIPAD
78 int pcap_fddipad = PCAP_FDDIPAD;
79 #else
80 int pcap_fddipad;
81 #endif
82
83 /* VARARGS */
84 void
85 bpf_error(const char *fmt, ...)
86
87 {
88 va_list ap;
89
90 va_start(ap, fmt);
91 if (bpf_pcap != NULL)
92 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE,
93 fmt, ap);
94 va_end(ap);
95 longjmp(top_ctx, 1);
96 /* NOTREACHED */
97 }
98
99 static void init_linktype(int);
100
101 static int alloc_reg(void);
102 static void free_reg(int);
103
104 static struct block *root;
105
106 /*
107 * We divy out chunks of memory rather than call malloc each time so
108 * we don't have to worry about leaking memory. It's probably
109 * not a big deal if all this memory was wasted but it this ever
110 * goes into a library that would probably not be a good idea.
111 */
112 #define NCHUNKS 16
113 #define CHUNK0SIZE 1024
114 struct chunk {
115 u_int n_left;
116 void *m;
117 };
118
119 static struct chunk chunks[NCHUNKS];
120 static int cur_chunk;
121
122 static void *newchunk(u_int);
123 static void freechunks(void);
124 static inline struct block *new_block(int);
125 static inline struct slist *new_stmt(int);
126 static struct block *gen_retblk(int);
127 static inline void syntax(void);
128
129 static void backpatch(struct block *, struct block *);
130 static void merge(struct block *, struct block *);
131 static struct block *gen_cmp(u_int, u_int, bpf_int32);
132 static struct block *gen_cmp_gt(u_int, u_int, bpf_int32);
133 static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32);
134 static struct block *gen_bcmp(u_int, u_int, const u_char *);
135 static struct block *gen_uncond(int);
136 static inline struct block *gen_true(void);
137 static inline struct block *gen_false(void);
138 static struct block *gen_linktype(int);
139 static struct block *gen_snap(bpf_u_int32, bpf_u_int32, u_int);
140 static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int);
141 #ifdef INET6
142 static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int);
143 #endif
144 static struct block *gen_ehostop(const u_char *, int);
145 static struct block *gen_fhostop(const u_char *, int);
146 static struct block *gen_thostop(const u_char *, int);
147 static struct block *gen_dnhostop(bpf_u_int32, int, u_int);
148 static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int);
149 #ifdef INET6
150 static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int);
151 #endif
152 #ifndef INET6
153 static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int);
154 #endif
155 static struct block *gen_ipfrag(void);
156 static struct block *gen_portatom(int, bpf_int32);
157 #ifdef INET6
158 static struct block *gen_portatom6(int, bpf_int32);
159 #endif
160 struct block *gen_portop(int, int, int);
161 static struct block *gen_port(int, int, int);
162 #ifdef INET6
163 struct block *gen_portop6(int, int, int);
164 static struct block *gen_port6(int, int, int);
165 #endif
166 static int lookup_proto(const char *, int);
167 static struct block *gen_protochain(int, int, int);
168 static struct block *gen_proto(int, int, int);
169 static struct slist *xfer_to_x(struct arth *);
170 static struct slist *xfer_to_a(struct arth *);
171 static struct block *gen_len(int, int);
172
173 static void *
174 newchunk(n)
175 u_int n;
176 {
177 struct chunk *cp;
178 int k, size;
179
180 #ifndef __NetBSD__
181 /* XXX Round up to nearest long. */
182 n = (n + sizeof(long) - 1) & ~(sizeof(long) - 1);
183 #else
184 /* XXX Round up to structure boundary. */
185 n = ALIGN(n);
186 #endif
187
188 cp = &chunks[cur_chunk];
189 if (n > cp->n_left) {
190 ++cp, k = ++cur_chunk;
191 if (k >= NCHUNKS)
192 bpf_error("out of memory");
193 size = CHUNK0SIZE << k;
194 cp->m = (void *)malloc(size);
195 memset((char *)cp->m, 0, size);
196 cp->n_left = size;
197 if (n > size)
198 bpf_error("out of memory");
199 }
200 cp->n_left -= n;
201 return (void *)((char *)cp->m + cp->n_left);
202 }
203
204 static void
205 freechunks()
206 {
207 int i;
208
209 cur_chunk = 0;
210 for (i = 0; i < NCHUNKS; ++i)
211 if (chunks[i].m != NULL) {
212 free(chunks[i].m);
213 chunks[i].m = NULL;
214 }
215 }
216
217 /*
218 * A strdup whose allocations are freed after code generation is over.
219 */
220 char *
221 sdup(s)
222 register const char *s;
223 {
224 int n = strlen(s) + 1;
225 char *cp = newchunk(n);
226
227 strlcpy(cp, s, n);
228 return (cp);
229 }
230
231 static inline struct block *
232 new_block(code)
233 int code;
234 {
235 struct block *p;
236
237 p = (struct block *)newchunk(sizeof(*p));
238 p->s.code = code;
239 p->head = p;
240
241 return p;
242 }
243
244 static inline struct slist *
245 new_stmt(code)
246 int code;
247 {
248 struct slist *p;
249
250 p = (struct slist *)newchunk(sizeof(*p));
251 p->s.code = code;
252
253 return p;
254 }
255
256 static struct block *
257 gen_retblk(v)
258 int v;
259 {
260 struct block *b = new_block(BPF_RET|BPF_K);
261
262 b->s.k = v;
263 return b;
264 }
265
266 static inline void
267 syntax()
268 {
269 bpf_error("syntax error in filter expression");
270 }
271
272 static bpf_u_int32 netmask;
273 static int snaplen;
274 int no_optimize;
275
276 int
277 pcap_compile(pcap_t *p, struct bpf_program *program,
278 char *buf, int optimize, bpf_u_int32 mask)
279 {
280 extern int n_errors;
281 int len;
282
283 no_optimize = 0;
284 n_errors = 0;
285 root = NULL;
286 bpf_pcap = p;
287 if (setjmp(top_ctx)) {
288 lex_cleanup();
289 freechunks();
290 return (-1);
291 }
292
293 netmask = mask;
294
295 /* On Linux we do not use the BPF filter to truncate the packet
296 * since the kernel provides other ways for that. In fact if we
297 * are using the packet filter for that duty we will be unable
298 * to acquire the original packet size. -- Torsten */
299 #ifndef linux
300 snaplen = pcap_snapshot(p);
301 #else
302 snaplen = 0xffff;
303 #endif
304 if (snaplen == 0) {
305 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
306 "snaplen of 0 rejects all packets");
307 return -1;
308 }
309
310 lex_init(buf ? buf : "");
311 init_linktype(pcap_datalink(p));
312 (void)pcap_parse();
313
314 if (n_errors)
315 syntax();
316
317 if (root == NULL)
318 root = gen_retblk(snaplen);
319
320 if (optimize && !no_optimize) {
321 bpf_optimize(&root);
322 if (root == NULL ||
323 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0))
324 bpf_error("expression rejects all packets");
325 }
326 program->bf_insns = icode_to_fcode(root, &len);
327 program->bf_len = len;
328
329 lex_cleanup();
330 freechunks();
331 return (0);
332 }
333
334 /*
335 * entry point for using the compiler with no pcap open
336 * pass in all the stuff that is needed explicitly instead.
337 */
338 int
339 pcap_compile_nopcap(int snaplen_arg, int linktype_arg,
340 struct bpf_program *program,
341 char *buf, int optimize, bpf_u_int32 mask)
342 {
343 extern int n_errors;
344 int len;
345
346 n_errors = 0;
347 root = NULL;
348 bpf_pcap = NULL;
349 if (setjmp(top_ctx)) {
350 freechunks();
351 return (-1);
352 }
353
354 netmask = mask;
355
356 /* XXX needed? I don't grok the use of globals here. */
357 snaplen = snaplen_arg;
358
359 lex_init(buf ? buf : "");
360 init_linktype(linktype_arg);
361 (void)pcap_parse();
362
363 if (n_errors)
364 syntax();
365
366 if (root == NULL)
367 root = gen_retblk(snaplen_arg);
368
369 if (optimize) {
370 bpf_optimize(&root);
371 if (root == NULL ||
372 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0))
373 bpf_error("expression rejects all packets");
374 }
375 program->bf_insns = icode_to_fcode(root, &len);
376 program->bf_len = len;
377
378 freechunks();
379 return (0);
380 }
381
382 /*
383 * Clean up a "struct bpf_program" by freeing all the memory allocated
384 * in it.
385 */
386 void
387 pcap_freecode(struct bpf_program *program)
388 {
389 program->bf_len = 0;
390 if (program->bf_insns != NULL) {
391 free((char *)program->bf_insns);
392 program->bf_insns = NULL;
393 }
394 }
395
396 /*
397 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates
398 * which of the jt and jf fields has been resolved and which is a pointer
399 * back to another unresolved block (or nil). At least one of the fields
400 * in each block is already resolved.
401 */
402 static void
403 backpatch(list, target)
404 struct block *list, *target;
405 {
406 struct block *next;
407
408 while (list) {
409 if (!list->sense) {
410 next = JT(list);
411 JT(list) = target;
412 } else {
413 next = JF(list);
414 JF(list) = target;
415 }
416 list = next;
417 }
418 }
419
420 /*
421 * Merge the lists in b0 and b1, using the 'sense' field to indicate
422 * which of jt and jf is the link.
423 */
424 static void
425 merge(b0, b1)
426 struct block *b0, *b1;
427 {
428 register struct block **p = &b0;
429
430 /* Find end of list. */
431 while (*p)
432 p = !((*p)->sense) ? &JT(*p) : &JF(*p);
433
434 /* Concatenate the lists. */
435 *p = b1;
436 }
437
438 void
439 finish_parse(p)
440 struct block *p;
441 {
442 backpatch(p, gen_retblk(snaplen));
443 p->sense = !p->sense;
444 backpatch(p, gen_retblk(0));
445 root = p->head;
446 }
447
448 void
449 gen_and(b0, b1)
450 struct block *b0, *b1;
451 {
452 backpatch(b0, b1->head);
453 b0->sense = !b0->sense;
454 b1->sense = !b1->sense;
455 merge(b1, b0);
456 b1->sense = !b1->sense;
457 b1->head = b0->head;
458 }
459
460 void
461 gen_or(b0, b1)
462 struct block *b0, *b1;
463 {
464 b0->sense = !b0->sense;
465 backpatch(b0, b1->head);
466 b0->sense = !b0->sense;
467 merge(b1, b0);
468 b1->head = b0->head;
469 }
470
471 void
472 gen_not(b)
473 struct block *b;
474 {
475 b->sense = !b->sense;
476 }
477
478 static struct block *
479 gen_cmp(offset, size, v)
480 u_int offset, size;
481 bpf_int32 v;
482 {
483 struct slist *s;
484 struct block *b;
485
486 s = new_stmt(BPF_LD|BPF_ABS|size);
487 s->s.k = offset;
488
489 b = new_block(JMP(BPF_JEQ));
490 b->stmts = s;
491 b->s.k = v;
492
493 return b;
494 }
495
496 static struct block *
497 gen_cmp_gt(offset, size, v)
498 u_int offset, size;
499 bpf_int32 v;
500 {
501 struct slist *s;
502 struct block *b;
503
504 s = new_stmt(BPF_LD|BPF_ABS|size);
505 s->s.k = offset;
506
507 b = new_block(JMP(BPF_JGT));
508 b->stmts = s;
509 b->s.k = v;
510
511 return b;
512 }
513
514 static struct block *
515 gen_mcmp(offset, size, v, mask)
516 u_int offset, size;
517 bpf_int32 v;
518 bpf_u_int32 mask;
519 {
520 struct block *b = gen_cmp(offset, size, v);
521 struct slist *s;
522
523 if (mask != 0xffffffff) {
524 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
525 s->s.k = mask;
526 b->stmts->next = s;
527 }
528 return b;
529 }
530
531 static struct block *
532 gen_bcmp(offset, size, v)
533 register u_int offset, size;
534 register const u_char *v;
535 {
536 register struct block *b, *tmp;
537
538 b = NULL;
539 while (size >= 4) {
540 register const u_char *p = &v[size - 4];
541 bpf_int32 w = ((bpf_int32)p[0] << 24) |
542 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3];
543
544 tmp = gen_cmp(offset + size - 4, BPF_W, w);
545 if (b != NULL)
546 gen_and(b, tmp);
547 b = tmp;
548 size -= 4;
549 }
550 while (size >= 2) {
551 register const u_char *p = &v[size - 2];
552 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1];
553
554 tmp = gen_cmp(offset + size - 2, BPF_H, w);
555 if (b != NULL)
556 gen_and(b, tmp);
557 b = tmp;
558 size -= 2;
559 }
560 if (size > 0) {
561 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]);
562 if (b != NULL)
563 gen_and(b, tmp);
564 b = tmp;
565 }
566 return b;
567 }
568
569 /*
570 * Various code constructs need to know the layout of the data link
571 * layer. These variables give the necessary offsets. off_linktype
572 * is set to -1 for no encapsulation, in which case, IP is assumed.
573 */
574 static u_int off_linktype;
575 static u_int off_nl;
576 static int linktype;
577
578 static void
579 init_linktype(type)
580 int type;
581 {
582 linktype = type;
583
584 switch (type) {
585
586 case DLT_EN10MB:
587 off_linktype = 12;
588 off_nl = 14;
589 return;
590
591 case DLT_SLIP:
592 /*
593 * SLIP doesn't have a link level type. The 16 byte
594 * header is hacked into our SLIP driver.
595 */
596 off_linktype = -1;
597 off_nl = 16;
598 return;
599
600 case DLT_SLIP_BSDOS:
601 /* XXX this may be the same as the DLT_PPP_BSDOS case */
602 off_linktype = -1;
603 /* XXX end */
604 off_nl = 24;
605 return;
606
607 case DLT_NULL:
608 off_linktype = 0;
609 off_nl = 4;
610 return;
611
612 case DLT_PPP:
613 case DLT_C_HDLC:
614 case DLT_PPP_SERIAL:
615 off_linktype = 2;
616 off_nl = 4;
617 return;
618
619 case DLT_PPP_BSDOS:
620 off_linktype = 5;
621 off_nl = 24;
622 return;
623
624 case DLT_FDDI:
625 /*
626 * FDDI doesn't really have a link-level type field.
627 * We assume that SSAP = SNAP is being used and pick
628 * out the encapsulated Ethernet type.
629 *
630 * XXX - should we generate code to check for SNAP?
631 */
632 off_linktype = 19;
633 #ifdef PCAP_FDDIPAD
634 off_linktype += pcap_fddipad;
635 #endif
636 off_nl = 21;
637 #ifdef PCAP_FDDIPAD
638 off_nl += pcap_fddipad;
639 #endif
640 return;
641
642 case DLT_IEEE802:
643 /*
644 * Token Ring doesn't really have a link-level type field.
645 * We assume that SSAP = SNAP is being used and pick
646 * out the encapsulated Ethernet type.
647 *
648 * XXX - should we generate code to check for SNAP?
649 *
650 * XXX - the header is actually variable-length.
651 * Some various Linux patched versions gave 38
652 * as "off_linktype" and 40 as "off_nl"; however,
653 * if a token ring packet has *no* routing
654 * information, i.e. is not source-routed, the correct
655 * values are 20 and 22, as they are in the vanilla code.
656 *
657 * A packet is source-routed iff the uppermost bit
658 * of the first byte of the source address, at an
659 * offset of 8, has the uppermost bit set. If the
660 * packet is source-routed, the total number of bytes
661 * of routing information is 2 plus bits 0x1F00 of
662 * the 16-bit value at an offset of 14 (shifted right
663 * 8 - figure out which byte that is).
664 */
665 off_linktype = 20;
666 off_nl = 22;
667 return;
668
669 case DLT_ATM_RFC1483:
670 /*
671 * assume routed, non-ISO PDUs
672 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00)
673 */
674 off_linktype = 6;
675 off_nl = 8;
676 return;
677
678 case DLT_RAW:
679 off_linktype = -1;
680 off_nl = 0;
681 return;
682
683 case DLT_ATM_CLIP: /* Linux ATM defines this */
684 off_linktype = 6;
685 off_nl = 8;
686 return;
687 }
688 bpf_error("unknown data link type 0x%x", linktype);
689 /* NOTREACHED */
690 }
691
692 static struct block *
693 gen_uncond(rsense)
694 int rsense;
695 {
696 struct block *b;
697 struct slist *s;
698
699 s = new_stmt(BPF_LD|BPF_IMM);
700 s->s.k = !rsense;
701 b = new_block(JMP(BPF_JEQ));
702 b->stmts = s;
703
704 return b;
705 }
706
707 static inline struct block *
708 gen_true()
709 {
710 return gen_uncond(1);
711 }
712
713 static inline struct block *
714 gen_false()
715 {
716 return gen_uncond(0);
717 }
718
719 static struct block *
720 gen_linktype(proto)
721 register int proto;
722 {
723 struct block *b0, *b1;
724
725 /* If we're not using encapsulation, we're done */
726 if (off_linktype == -1)
727 return gen_true();
728
729 switch (linktype) {
730
731 case DLT_EN10MB:
732 /*
733 * XXX - handle other LLC-encapsulated protocols here
734 * (IPX, OSI)?
735 */
736 switch (proto) {
737
738 case LLC_ISO_LSAP:
739 /*
740 * OSI protocols always use 802.2 encapsulation.
741 */
742 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
743 gen_not(b0);
744 b1 = gen_cmp(off_linktype + 2, BPF_H, (long)
745 ((LLC_ISO_LSAP << 8) | LLC_ISO_LSAP));
746 gen_and(b0, b1);
747 return b1;
748
749 case ETHERTYPE_ATALK:
750 case ETHERTYPE_AARP:
751 /*
752 * EtherTalk (AppleTalk protocols on Ethernet link
753 * layer) may use 802.2 encapsulation.
754 */
755
756 /*
757 * Check for 802.2 encapsulation (EtherTalk phase 2?);
758 * we check for an Ethernet type field less than
759 * 1500, which means it's an 802.3 length field.
760 */
761 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
762 gen_not(b0);
763
764 /*
765 * 802.2-encapsulated ETHERTYPE_ATALK packets are
766 * SNAP packets with an organization code of
767 * 0x080007 (Apple, for Appletalk) and a protocol
768 * type of ETHERTYPE_ATALK (Appletalk).
769 *
770 * 802.2-encapsulated ETHERTYPE_AARP packets are
771 * SNAP packets with an organization code of
772 * 0x000000 (encapsulated Ethernet) and a protocol
773 * type of ETHERTYPE_AARP (Appletalk ARP).
774 */
775 if (proto == ETHERTYPE_ATALK)
776 b1 = gen_snap(0x080007, ETHERTYPE_ATALK, 14);
777 else /* proto == ETHERTYPE_AARP */
778 b1 = gen_snap(0x000000, ETHERTYPE_AARP, 14);
779 gen_and(b0, b1);
780
781 /*
782 * Check for Ethernet encapsulation (Ethertalk
783 * phase 1?); we just check for the Ethernet
784 * protocol type.
785 */
786 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
787
788 gen_or(b0, b1);
789 return b1;
790 }
791 break;
792
793 case DLT_SLIP:
794 return gen_false();
795
796 case DLT_PPP:
797 case DLT_PPP_SERIAL:
798 /*
799 * We use Ethernet protocol types inside libpcap;
800 * map them to the corresponding PPP protocol types.
801 */
802 switch (proto) {
803
804 case ETHERTYPE_IP:
805 proto = PPP_IP; /* XXX was 0x21 */
806 break;
807
808 #ifdef INET6
809 case ETHERTYPE_IPV6:
810 proto = PPP_IPV6;
811 break;
812 #endif
813
814 case ETHERTYPE_DN:
815 proto = PPP_DECNET;
816 break;
817
818 case ETHERTYPE_ATALK:
819 proto = PPP_APPLE;
820 break;
821
822 case ETHERTYPE_NS:
823 proto = PPP_NS;
824 break;
825 }
826 break;
827
828 case DLT_PPP_BSDOS:
829 /*
830 * We use Ethernet protocol types inside libpcap;
831 * map them to the corresponding PPP protocol types.
832 */
833 switch (proto) {
834
835 case ETHERTYPE_IP:
836 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP);
837 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC);
838 gen_or(b0, b1);
839 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC);
840 gen_or(b1, b0);
841 return b0;
842
843 #ifdef INET6
844 case ETHERTYPE_IPV6:
845 proto = PPP_IPV6;
846 /* more to go? */
847 break;
848 #endif
849
850 case ETHERTYPE_DN:
851 proto = PPP_DECNET;
852 break;
853
854 case ETHERTYPE_ATALK:
855 proto = PPP_APPLE;
856 break;
857
858 case ETHERTYPE_NS:
859 proto = PPP_NS;
860 break;
861 }
862 break;
863
864 case DLT_NULL:
865 /* XXX */
866 if (proto == ETHERTYPE_IP)
867 return (gen_cmp(0, BPF_W, (bpf_int32)htonl(AF_INET)));
868 #ifdef INET6
869 else if (proto == ETHERTYPE_IPV6)
870 return (gen_cmp(0, BPF_W, (bpf_int32)htonl(AF_INET6)));
871 #endif
872 else
873 return gen_false();
874 }
875 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
876 }
877
878 /*
879 * Check for an LLC SNAP packet with a given organization code and
880 * protocol type; we check the entire contents of the 802.2 LLC and
881 * snap headers, checking for a DSAP of 0xAA, an SSAP of 0xAA, and
882 * a control field of 0x03 in the LLC header, and for the specified
883 * organization code and protocol type in the SNAP header.
884 */
885 static struct block *
886 gen_snap(orgcode, ptype, offset)
887 bpf_u_int32 orgcode;
888 bpf_u_int32 ptype;
889 u_int offset;
890 {
891 u_char snapblock[8];
892
893 snapblock[0] = 0xAA; /* DSAP = SNAP */
894 snapblock[1] = 0xAA; /* SSAP = SNAP */
895 snapblock[2] = 0x03; /* control = UI */
896 snapblock[3] = (orgcode >> 16); /* upper 8 bits of organization code */
897 snapblock[4] = (orgcode >> 8); /* middle 8 bits of organization code */
898 snapblock[5] = (orgcode >> 0); /* lower 8 bits of organization code */
899 snapblock[6] = (ptype >> 8); /* upper 8 bits of protocol type */
900 snapblock[7] = (ptype >> 0); /* lower 8 bits of protocol type */
901 return gen_bcmp(offset, 8, snapblock);
902 }
903
904 static struct block *
905 gen_hostop(addr, mask, dir, proto, src_off, dst_off)
906 bpf_u_int32 addr;
907 bpf_u_int32 mask;
908 int dir, proto;
909 u_int src_off, dst_off;
910 {
911 struct block *b0, *b1;
912 u_int offset;
913
914 switch (dir) {
915
916 case Q_SRC:
917 offset = src_off;
918 break;
919
920 case Q_DST:
921 offset = dst_off;
922 break;
923
924 case Q_AND:
925 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
926 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
927 gen_and(b0, b1);
928 return b1;
929
930 case Q_OR:
931 case Q_DEFAULT:
932 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
933 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
934 gen_or(b0, b1);
935 return b1;
936
937 default:
938 abort();
939 }
940 b0 = gen_linktype(proto);
941 b1 = gen_mcmp(offset, BPF_W, (bpf_int32)addr, mask);
942 gen_and(b0, b1);
943 return b1;
944 }
945
946 #ifdef INET6
947 static struct block *
948 gen_hostop6(addr, mask, dir, proto, src_off, dst_off)
949 struct in6_addr *addr;
950 struct in6_addr *mask;
951 int dir, proto;
952 u_int src_off, dst_off;
953 {
954 struct block *b0, *b1;
955 u_int offset;
956 u_int32_t *a, *m;
957
958 switch (dir) {
959
960 case Q_SRC:
961 offset = src_off;
962 break;
963
964 case Q_DST:
965 offset = dst_off;
966 break;
967
968 case Q_AND:
969 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
970 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
971 gen_and(b0, b1);
972 return b1;
973
974 case Q_OR:
975 case Q_DEFAULT:
976 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
977 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
978 gen_or(b0, b1);
979 return b1;
980
981 default:
982 abort();
983 }
984 /* this order is important */
985 a = (u_int32_t *)addr;
986 m = (u_int32_t *)mask;
987 b1 = gen_mcmp(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3]));
988 b0 = gen_mcmp(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2]));
989 gen_and(b0, b1);
990 b0 = gen_mcmp(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1]));
991 gen_and(b0, b1);
992 b0 = gen_mcmp(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0]));
993 gen_and(b0, b1);
994 b0 = gen_linktype(proto);
995 gen_and(b0, b1);
996 return b1;
997 }
998 #endif /*INET6*/
999
1000 static struct block *
1001 gen_ehostop(eaddr, dir)
1002 register const u_char *eaddr;
1003 register int dir;
1004 {
1005 register struct block *b0, *b1;
1006
1007 switch (dir) {
1008 case Q_SRC:
1009 return gen_bcmp(6, 6, eaddr);
1010
1011 case Q_DST:
1012 return gen_bcmp(0, 6, eaddr);
1013
1014 case Q_AND:
1015 b0 = gen_ehostop(eaddr, Q_SRC);
1016 b1 = gen_ehostop(eaddr, Q_DST);
1017 gen_and(b0, b1);
1018 return b1;
1019
1020 case Q_DEFAULT:
1021 case Q_OR:
1022 b0 = gen_ehostop(eaddr, Q_SRC);
1023 b1 = gen_ehostop(eaddr, Q_DST);
1024 gen_or(b0, b1);
1025 return b1;
1026 }
1027 abort();
1028 /* NOTREACHED */
1029 }
1030
1031 /*
1032 * Like gen_ehostop, but for DLT_FDDI
1033 */
1034 static struct block *
1035 gen_fhostop(eaddr, dir)
1036 register const u_char *eaddr;
1037 register int dir;
1038 {
1039 struct block *b0, *b1;
1040
1041 switch (dir) {
1042 case Q_SRC:
1043 #ifdef PCAP_FDDIPAD
1044 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr);
1045 #else
1046 return gen_bcmp(6 + 1, 6, eaddr);
1047 #endif
1048
1049 case Q_DST:
1050 #ifdef PCAP_FDDIPAD
1051 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr);
1052 #else
1053 return gen_bcmp(0 + 1, 6, eaddr);
1054 #endif
1055
1056 case Q_AND:
1057 b0 = gen_fhostop(eaddr, Q_SRC);
1058 b1 = gen_fhostop(eaddr, Q_DST);
1059 gen_and(b0, b1);
1060 return b1;
1061
1062 case Q_DEFAULT:
1063 case Q_OR:
1064 b0 = gen_fhostop(eaddr, Q_SRC);
1065 b1 = gen_fhostop(eaddr, Q_DST);
1066 gen_or(b0, b1);
1067 return b1;
1068 }
1069 abort();
1070 /* NOTREACHED */
1071 }
1072
1073 /*
1074 * Like gen_ehostop, but for DLT_IEEE802 (Token Ring)
1075 */
1076 static struct block *
1077 gen_thostop(eaddr, dir)
1078 register const u_char *eaddr;
1079 register int dir;
1080 {
1081 register struct block *b0, *b1;
1082
1083 switch (dir) {
1084 case Q_SRC:
1085 return gen_bcmp(8, 6, eaddr);
1086
1087 case Q_DST:
1088 return gen_bcmp(2, 6, eaddr);
1089
1090 case Q_AND:
1091 b0 = gen_thostop(eaddr, Q_SRC);
1092 b1 = gen_thostop(eaddr, Q_DST);
1093 gen_and(b0, b1);
1094 return b1;
1095
1096 case Q_DEFAULT:
1097 case Q_OR:
1098 b0 = gen_thostop(eaddr, Q_SRC);
1099 b1 = gen_thostop(eaddr, Q_DST);
1100 gen_or(b0, b1);
1101 return b1;
1102 }
1103 abort();
1104 /* NOTREACHED */
1105 }
1106
1107 /*
1108 * This is quite tricky because there may be pad bytes in front of the
1109 * DECNET header, and then there are two possible data packet formats that
1110 * carry both src and dst addresses, plus 5 packet types in a format that
1111 * carries only the src node, plus 2 types that use a different format and
1112 * also carry just the src node.
1113 *
1114 * Yuck.
1115 *
1116 * Instead of doing those all right, we just look for data packets with
1117 * 0 or 1 bytes of padding. If you want to look at other packets, that
1118 * will require a lot more hacking.
1119 *
1120 * To add support for filtering on DECNET "areas" (network numbers)
1121 * one would want to add a "mask" argument to this routine. That would
1122 * make the filter even more inefficient, although one could be clever
1123 * and not generate masking instructions if the mask is 0xFFFF.
1124 */
1125 static struct block *
1126 gen_dnhostop(addr, dir, base_off)
1127 bpf_u_int32 addr;
1128 int dir;
1129 u_int base_off;
1130 {
1131 struct block *b0, *b1, *b2, *tmp;
1132 u_int offset_lh; /* offset if long header is received */
1133 u_int offset_sh; /* offset if short header is received */
1134
1135 switch (dir) {
1136
1137 case Q_DST:
1138 offset_sh = 1; /* follows flags */
1139 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */
1140 break;
1141
1142 case Q_SRC:
1143 offset_sh = 3; /* follows flags, dstnode */
1144 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */
1145 break;
1146
1147 case Q_AND:
1148 /* Inefficient because we do our Calvinball dance twice */
1149 b0 = gen_dnhostop(addr, Q_SRC, base_off);
1150 b1 = gen_dnhostop(addr, Q_DST, base_off);
1151 gen_and(b0, b1);
1152 return b1;
1153
1154 case Q_OR:
1155 case Q_DEFAULT:
1156 /* Inefficient because we do our Calvinball dance twice */
1157 b0 = gen_dnhostop(addr, Q_SRC, base_off);
1158 b1 = gen_dnhostop(addr, Q_DST, base_off);
1159 gen_or(b0, b1);
1160 return b1;
1161
1162 case Q_ISO:
1163 bpf_error("ISO host filtering not implemented");
1164
1165 default:
1166 abort();
1167 }
1168 b0 = gen_linktype(ETHERTYPE_DN);
1169 /* Check for pad = 1, long header case */
1170 tmp = gen_mcmp(base_off + 2, BPF_H,
1171 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF));
1172 b1 = gen_cmp(base_off + 2 + 1 + offset_lh,
1173 BPF_H, (bpf_int32)ntohs(addr));
1174 gen_and(tmp, b1);
1175 /* Check for pad = 0, long header case */
1176 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7);
1177 b2 = gen_cmp(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr));
1178 gen_and(tmp, b2);
1179 gen_or(b2, b1);
1180 /* Check for pad = 1, short header case */
1181 tmp = gen_mcmp(base_off + 2, BPF_H,
1182 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF));
1183 b2 = gen_cmp(base_off + 2 + 1 + offset_sh,
1184 BPF_H, (bpf_int32)ntohs(addr));
1185 gen_and(tmp, b2);
1186 gen_or(b2, b1);
1187 /* Check for pad = 0, short header case */
1188 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7);
1189 b2 = gen_cmp(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr));
1190 gen_and(tmp, b2);
1191 gen_or(b2, b1);
1192
1193 /* Combine with test for linktype */
1194 gen_and(b0, b1);
1195 return b1;
1196 }
1197
1198 static struct block *
1199 gen_host(addr, mask, proto, dir)
1200 bpf_u_int32 addr;
1201 bpf_u_int32 mask;
1202 int proto;
1203 int dir;
1204 {
1205 struct block *b0, *b1;
1206
1207 switch (proto) {
1208
1209 case Q_DEFAULT:
1210 b0 = gen_host(addr, mask, Q_IP, dir);
1211 if (off_linktype != -1) {
1212 b1 = gen_host(addr, mask, Q_ARP, dir);
1213 gen_or(b0, b1);
1214 b0 = gen_host(addr, mask, Q_RARP, dir);
1215 gen_or(b1, b0);
1216 }
1217 return b0;
1218
1219 case Q_IP:
1220 return gen_hostop(addr, mask, dir, ETHERTYPE_IP,
1221 off_nl + 12, off_nl + 16);
1222
1223 case Q_RARP:
1224 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP,
1225 off_nl + 14, off_nl + 24);
1226
1227 case Q_ARP:
1228 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP,
1229 off_nl + 14, off_nl + 24);
1230
1231 case Q_TCP:
1232 bpf_error("'tcp' modifier applied to host");
1233
1234 case Q_UDP:
1235 bpf_error("'udp' modifier applied to host");
1236
1237 case Q_ICMP:
1238 bpf_error("'icmp' modifier applied to host");
1239
1240 case Q_IGMP:
1241 bpf_error("'igmp' modifier applied to host");
1242
1243 case Q_IGRP:
1244 bpf_error("'igrp' modifier applied to host");
1245
1246 case Q_PIM:
1247 bpf_error("'pim' modifier applied to host");
1248
1249 case Q_ATALK:
1250 bpf_error("ATALK host filtering not implemented");
1251
1252 case Q_AARP:
1253 bpf_error("AARP host filtering not implemented");
1254
1255 case Q_DECNET:
1256 return gen_dnhostop(addr, dir, off_nl);
1257
1258 case Q_SCA:
1259 bpf_error("SCA host filtering not implemented");
1260
1261 case Q_LAT:
1262 bpf_error("LAT host filtering not implemented");
1263
1264 case Q_MOPDL:
1265 bpf_error("MOPDL host filtering not implemented");
1266
1267 case Q_MOPRC:
1268 bpf_error("MOPRC host filtering not implemented");
1269
1270 #ifdef INET6
1271 case Q_IPV6:
1272 bpf_error("'ip6' modifier applied to ip host");
1273
1274 case Q_ICMPV6:
1275 bpf_error("'icmp6' modifier applied to host");
1276 #endif /* INET6 */
1277
1278 case Q_AH:
1279 bpf_error("'ah' modifier applied to host");
1280
1281 case Q_ESP:
1282 bpf_error("'esp' modifier applied to host");
1283
1284 default:
1285 abort();
1286 }
1287 /* NOTREACHED */
1288 }
1289
1290 #ifdef INET6
1291 static struct block *
1292 gen_host6(addr, mask, proto, dir)
1293 struct in6_addr *addr;
1294 struct in6_addr *mask;
1295 int proto;
1296 int dir;
1297 {
1298 switch (proto) {
1299
1300 case Q_DEFAULT:
1301 return gen_host6(addr, mask, Q_IPV6, dir);
1302
1303 case Q_IP:
1304 bpf_error("'ip' modifier applied to ip6 host");
1305
1306 case Q_RARP:
1307 bpf_error("'rarp' modifier applied to ip6 host");
1308
1309 case Q_ARP:
1310 bpf_error("'arp' modifier applied to ip6 host");
1311
1312 case Q_TCP:
1313 bpf_error("'tcp' modifier applied to host");
1314
1315 case Q_UDP:
1316 bpf_error("'udp' modifier applied to host");
1317
1318 case Q_ICMP:
1319 bpf_error("'icmp' modifier applied to host");
1320
1321 case Q_IGMP:
1322 bpf_error("'igmp' modifier applied to host");
1323
1324 case Q_IGRP:
1325 bpf_error("'igrp' modifier applied to host");
1326
1327 case Q_PIM:
1328 bpf_error("'pim' modifier applied to host");
1329
1330 case Q_ATALK:
1331 bpf_error("ATALK host filtering not implemented");
1332
1333 case Q_AARP:
1334 bpf_error("AARP host filtering not implemented");
1335
1336 case Q_DECNET:
1337 bpf_error("'decnet' modifier applied to ip6 host");
1338
1339 case Q_SCA:
1340 bpf_error("SCA host filtering not implemented");
1341
1342 case Q_LAT:
1343 bpf_error("LAT host filtering not implemented");
1344
1345 case Q_MOPDL:
1346 bpf_error("MOPDL host filtering not implemented");
1347
1348 case Q_MOPRC:
1349 bpf_error("MOPRC host filtering not implemented");
1350
1351 case Q_IPV6:
1352 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6,
1353 off_nl + 8, off_nl + 24);
1354
1355 case Q_ICMPV6:
1356 bpf_error("'icmp6' modifier applied to host");
1357
1358 case Q_AH:
1359 bpf_error("'ah' modifier applied to host");
1360
1361 case Q_ESP:
1362 bpf_error("'esp' modifier applied to host");
1363
1364 default:
1365 abort();
1366 }
1367 /* NOTREACHED */
1368 }
1369 #endif /*INET6*/
1370
1371 #ifndef INET6
1372 static struct block *
1373 gen_gateway(eaddr, alist, proto, dir)
1374 const u_char *eaddr;
1375 bpf_u_int32 **alist;
1376 int proto;
1377 int dir;
1378 {
1379 struct block *b0, *b1, *tmp;
1380
1381 if (dir != 0)
1382 bpf_error("direction applied to 'gateway'");
1383
1384 switch (proto) {
1385 case Q_DEFAULT:
1386 case Q_IP:
1387 case Q_ARP:
1388 case Q_RARP:
1389 if (linktype == DLT_EN10MB)
1390 b0 = gen_ehostop(eaddr, Q_OR);
1391 else if (linktype == DLT_FDDI)
1392 b0 = gen_fhostop(eaddr, Q_OR);
1393 else if (linktype == DLT_IEEE802)
1394 b0 = gen_thostop(eaddr, Q_OR);
1395 else
1396 bpf_error(
1397 "'gateway' supported only on ethernet, FDDI or token ring");
1398
1399 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR);
1400 while (*alist) {
1401 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR);
1402 gen_or(b1, tmp);
1403 b1 = tmp;
1404 }
1405 gen_not(b1);
1406 gen_and(b0, b1);
1407 return b1;
1408 }
1409 bpf_error("illegal modifier of 'gateway'");
1410 /* NOTREACHED */
1411 }
1412 #endif
1413
1414 struct block *
1415 gen_proto_abbrev(proto)
1416 int proto;
1417 {
1418 #ifdef INET6
1419 struct block *b0;
1420 #endif
1421 struct block *b1;
1422
1423 switch (proto) {
1424
1425 case Q_TCP:
1426 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT);
1427 #ifdef INET6
1428 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT);
1429 gen_or(b0, b1);
1430 #endif
1431 break;
1432
1433 case Q_UDP:
1434 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT);
1435 #ifdef INET6
1436 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT);
1437 gen_or(b0, b1);
1438 #endif
1439 break;
1440
1441 case Q_ICMP:
1442 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT);
1443 break;
1444
1445 #ifndef IPPROTO_IGMP
1446 #define IPPROTO_IGMP 2
1447 #endif
1448
1449 case Q_IGMP:
1450 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT);
1451 break;
1452
1453 #ifndef IPPROTO_IGRP
1454 #define IPPROTO_IGRP 9
1455 #endif
1456 case Q_IGRP:
1457 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT);
1458 break;
1459
1460 #ifndef IPPROTO_PIM
1461 #define IPPROTO_PIM 103
1462 #endif
1463
1464 case Q_PIM:
1465 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT);
1466 #ifdef INET6
1467 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT);
1468 gen_or(b0, b1);
1469 #endif
1470 break;
1471
1472 case Q_IP:
1473 b1 = gen_linktype(ETHERTYPE_IP);
1474 break;
1475
1476 case Q_ARP:
1477 b1 = gen_linktype(ETHERTYPE_ARP);
1478 break;
1479
1480 case Q_RARP:
1481 b1 = gen_linktype(ETHERTYPE_REVARP);
1482 break;
1483
1484 case Q_LINK:
1485 bpf_error("link layer applied in wrong context");
1486
1487 case Q_ATALK:
1488 b1 = gen_linktype(ETHERTYPE_ATALK);
1489 break;
1490
1491 case Q_AARP:
1492 b1 = gen_linktype(ETHERTYPE_AARP);
1493 break;
1494
1495 case Q_DECNET:
1496 b1 = gen_linktype(ETHERTYPE_DN);
1497 break;
1498
1499 case Q_SCA:
1500 b1 = gen_linktype(ETHERTYPE_SCA);
1501 break;
1502
1503 case Q_LAT:
1504 b1 = gen_linktype(ETHERTYPE_LAT);
1505 break;
1506
1507 case Q_MOPDL:
1508 b1 = gen_linktype(ETHERTYPE_MOPDL);
1509 break;
1510
1511 case Q_MOPRC:
1512 b1 = gen_linktype(ETHERTYPE_MOPRC);
1513 break;
1514
1515 #ifdef INET6
1516 case Q_IPV6:
1517 b1 = gen_linktype(ETHERTYPE_IPV6);
1518 break;
1519
1520 #ifndef IPPROTO_ICMPV6
1521 #define IPPROTO_ICMPV6 58
1522 #endif
1523 case Q_ICMPV6:
1524 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT);
1525 break;
1526 #endif /* INET6 */
1527
1528 #ifndef IPPROTO_AH
1529 #define IPPROTO_AH 51
1530 #endif
1531 case Q_AH:
1532 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT);
1533 #ifdef INET6
1534 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT);
1535 gen_or(b0, b1);
1536 #endif
1537 break;
1538
1539 #ifndef IPPROTO_ESP
1540 #define IPPROTO_ESP 50
1541 #endif
1542 case Q_ESP:
1543 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT);
1544 #ifdef INET6
1545 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT);
1546 gen_or(b0, b1);
1547 #endif
1548 break;
1549
1550 case Q_ISO:
1551 b1 = gen_linktype(LLC_ISO_LSAP);
1552 break;
1553
1554 case Q_ESIS:
1555 b1 = gen_proto(ISO9542_ESIS, Q_ISO, Q_DEFAULT);
1556 break;
1557
1558 case Q_ISIS:
1559 b1 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT);
1560 break;
1561
1562 default:
1563 abort();
1564 }
1565 return b1;
1566 }
1567
1568 static struct block *
1569 gen_ipfrag()
1570 {
1571 struct slist *s;
1572 struct block *b;
1573
1574 /* not ip frag */
1575 s = new_stmt(BPF_LD|BPF_H|BPF_ABS);
1576 s->s.k = off_nl + 6;
1577 b = new_block(JMP(BPF_JSET));
1578 b->s.k = 0x1fff;
1579 b->stmts = s;
1580 gen_not(b);
1581
1582 return b;
1583 }
1584
1585 static struct block *
1586 gen_portatom(off, v)
1587 int off;
1588 bpf_int32 v;
1589 {
1590 struct slist *s;
1591 struct block *b;
1592
1593 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
1594 s->s.k = off_nl;
1595
1596 s->next = new_stmt(BPF_LD|BPF_IND|BPF_H);
1597 s->next->s.k = off_nl + off;
1598
1599 b = new_block(JMP(BPF_JEQ));
1600 b->stmts = s;
1601 b->s.k = v;
1602
1603 return b;
1604 }
1605
1606 #ifdef INET6
1607 static struct block *
1608 gen_portatom6(off, v)
1609 int off;
1610 bpf_int32 v;
1611 {
1612 return gen_cmp(off_nl + 40 + off, BPF_H, v);
1613 }
1614 #endif/*INET6*/
1615
1616 struct block *
1617 gen_portop(port, proto, dir)
1618 int port, proto, dir;
1619 {
1620 struct block *b0, *b1, *tmp;
1621
1622 /* ip proto 'proto' */
1623 tmp = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)proto);
1624 b0 = gen_ipfrag();
1625 gen_and(tmp, b0);
1626
1627 switch (dir) {
1628 case Q_SRC:
1629 b1 = gen_portatom(0, (bpf_int32)port);
1630 break;
1631
1632 case Q_DST:
1633 b1 = gen_portatom(2, (bpf_int32)port);
1634 break;
1635
1636 case Q_OR:
1637 case Q_DEFAULT:
1638 tmp = gen_portatom(0, (bpf_int32)port);
1639 b1 = gen_portatom(2, (bpf_int32)port);
1640 gen_or(tmp, b1);
1641 break;
1642
1643 case Q_AND:
1644 tmp = gen_portatom(0, (bpf_int32)port);
1645 b1 = gen_portatom(2, (bpf_int32)port);
1646 gen_and(tmp, b1);
1647 break;
1648
1649 default:
1650 abort();
1651 }
1652 gen_and(b0, b1);
1653
1654 return b1;
1655 }
1656
1657 static struct block *
1658 gen_port(port, ip_proto, dir)
1659 int port;
1660 int ip_proto;
1661 int dir;
1662 {
1663 struct block *b0, *b1, *tmp;
1664
1665 /* ether proto ip */
1666 b0 = gen_linktype(ETHERTYPE_IP);
1667
1668 switch (ip_proto) {
1669 case IPPROTO_UDP:
1670 case IPPROTO_TCP:
1671 b1 = gen_portop(port, ip_proto, dir);
1672 break;
1673
1674 case PROTO_UNDEF:
1675 tmp = gen_portop(port, IPPROTO_TCP, dir);
1676 b1 = gen_portop(port, IPPROTO_UDP, dir);
1677 gen_or(tmp, b1);
1678 break;
1679
1680 default:
1681 abort();
1682 }
1683 gen_and(b0, b1);
1684 return b1;
1685 }
1686
1687 #ifdef INET6
1688 struct block *
1689 gen_portop6(port, proto, dir)
1690 int port, proto, dir;
1691 {
1692 struct block *b0, *b1, *tmp;
1693
1694 /* ip proto 'proto' */
1695 b0 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)proto);
1696
1697 switch (dir) {
1698 case Q_SRC:
1699 b1 = gen_portatom6(0, (bpf_int32)port);
1700 break;
1701
1702 case Q_DST:
1703 b1 = gen_portatom6(2, (bpf_int32)port);
1704 break;
1705
1706 case Q_OR:
1707 case Q_DEFAULT:
1708 tmp = gen_portatom6(0, (bpf_int32)port);
1709 b1 = gen_portatom6(2, (bpf_int32)port);
1710 gen_or(tmp, b1);
1711 break;
1712
1713 case Q_AND:
1714 tmp = gen_portatom6(0, (bpf_int32)port);
1715 b1 = gen_portatom6(2, (bpf_int32)port);
1716 gen_and(tmp, b1);
1717 break;
1718
1719 default:
1720 abort();
1721 }
1722 gen_and(b0, b1);
1723
1724 return b1;
1725 }
1726
1727 static struct block *
1728 gen_port6(port, ip_proto, dir)
1729 int port;
1730 int ip_proto;
1731 int dir;
1732 {
1733 struct block *b0, *b1, *tmp;
1734
1735 /* ether proto ip */
1736 b0 = gen_linktype(ETHERTYPE_IPV6);
1737
1738 switch (ip_proto) {
1739 case IPPROTO_UDP:
1740 case IPPROTO_TCP:
1741 b1 = gen_portop6(port, ip_proto, dir);
1742 break;
1743
1744 case PROTO_UNDEF:
1745 tmp = gen_portop6(port, IPPROTO_TCP, dir);
1746 b1 = gen_portop6(port, IPPROTO_UDP, dir);
1747 gen_or(tmp, b1);
1748 break;
1749
1750 default:
1751 abort();
1752 }
1753 gen_and(b0, b1);
1754 return b1;
1755 }
1756 #endif /* INET6 */
1757
1758 static int
1759 lookup_proto(name, proto)
1760 register const char *name;
1761 register int proto;
1762 {
1763 register int v;
1764
1765 switch (proto) {
1766
1767 case Q_DEFAULT:
1768 case Q_IP:
1769 v = pcap_nametoproto(name);
1770 if (v == PROTO_UNDEF)
1771 bpf_error("unknown ip proto '%s'", name);
1772 break;
1773
1774 case Q_LINK:
1775 /* XXX should look up h/w protocol type based on linktype */
1776 v = pcap_nametoeproto(name);
1777 if (v == PROTO_UNDEF)
1778 bpf_error("unknown ether proto '%s'", name);
1779 break;
1780
1781 default:
1782 v = PROTO_UNDEF;
1783 break;
1784 }
1785 return v;
1786 }
1787
1788 #if 0
1789 struct stmt *
1790 gen_joinsp(s, n)
1791 struct stmt **s;
1792 int n;
1793 {
1794 return NULL;
1795 }
1796 #endif
1797
1798 static struct block *
1799 gen_protochain(v, proto, dir)
1800 int v;
1801 int proto;
1802 int dir;
1803 {
1804 #ifdef NO_PROTOCHAIN
1805 return gen_proto(v, proto, dir);
1806 #else
1807 struct block *b0, *b;
1808 struct slist *s[100];
1809 int fix2, fix3, fix4, fix5;
1810 int ahcheck, again, end;
1811 int i, max;
1812 int reg1 = alloc_reg();
1813 int reg2 = alloc_reg();
1814
1815 memset(s, 0, sizeof(s));
1816 fix2 = fix3 = fix4 = fix5 = 0;
1817
1818 switch (proto) {
1819 case Q_IP:
1820 case Q_IPV6:
1821 break;
1822 case Q_DEFAULT:
1823 b0 = gen_protochain(v, Q_IP, dir);
1824 b = gen_protochain(v, Q_IPV6, dir);
1825 gen_or(b0, b);
1826 return b;
1827 default:
1828 bpf_error("bad protocol applied for 'protochain'");
1829 /*NOTREACHED*/
1830 }
1831
1832 no_optimize = 1; /*this code is not compatible with optimzer yet */
1833
1834 /*
1835 * s[0] is a dummy entry to protect other BPF insn from damaged
1836 * by s[fix] = foo with uninitialized variable "fix". It is somewhat
1837 * hard to find interdependency made by jump table fixup.
1838 */
1839 i = 0;
1840 s[i] = new_stmt(0); /*dummy*/
1841 i++;
1842
1843 switch (proto) {
1844 case Q_IP:
1845 b0 = gen_linktype(ETHERTYPE_IP);
1846
1847 /* A = ip->ip_p */
1848 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
1849 s[i]->s.k = off_nl + 9;
1850 i++;
1851 /* X = ip->ip_hl << 2 */
1852 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
1853 s[i]->s.k = off_nl;
1854 i++;
1855 break;
1856 #ifdef INET6
1857 case Q_IPV6:
1858 b0 = gen_linktype(ETHERTYPE_IPV6);
1859
1860 /* A = ip6->ip_nxt */
1861 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
1862 s[i]->s.k = off_nl + 6;
1863 i++;
1864 /* X = sizeof(struct ip6_hdr) */
1865 s[i] = new_stmt(BPF_LDX|BPF_IMM);
1866 s[i]->s.k = 40;
1867 i++;
1868 break;
1869 #endif
1870 default:
1871 bpf_error("unsupported proto to gen_protochain");
1872 /*NOTREACHED*/
1873 }
1874
1875 /* again: if (A == v) goto end; else fall through; */
1876 again = i;
1877 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
1878 s[i]->s.k = v;
1879 s[i]->s.jt = NULL; /*later*/
1880 s[i]->s.jf = NULL; /*update in next stmt*/
1881 fix5 = i;
1882 i++;
1883
1884 #ifndef IPPROTO_NONE
1885 #define IPPROTO_NONE 59
1886 #endif
1887 /* if (A == IPPROTO_NONE) goto end */
1888 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
1889 s[i]->s.jt = NULL; /*later*/
1890 s[i]->s.jf = NULL; /*update in next stmt*/
1891 s[i]->s.k = IPPROTO_NONE;
1892 s[fix5]->s.jf = s[i];
1893 fix2 = i;
1894 i++;
1895
1896 #ifdef INET6
1897 if (proto == Q_IPV6) {
1898 int v6start, v6end, v6advance, j;
1899
1900 v6start = i;
1901 /* if (A == IPPROTO_HOPOPTS) goto v6advance */
1902 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
1903 s[i]->s.jt = NULL; /*later*/
1904 s[i]->s.jf = NULL; /*update in next stmt*/
1905 s[i]->s.k = IPPROTO_HOPOPTS;
1906 s[fix2]->s.jf = s[i];
1907 i++;
1908 /* if (A == IPPROTO_DSTOPTS) goto v6advance */
1909 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
1910 s[i]->s.jt = NULL; /*later*/
1911 s[i]->s.jf = NULL; /*update in next stmt*/
1912 s[i]->s.k = IPPROTO_DSTOPTS;
1913 i++;
1914 /* if (A == IPPROTO_ROUTING) goto v6advance */
1915 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
1916 s[i]->s.jt = NULL; /*later*/
1917 s[i]->s.jf = NULL; /*update in next stmt*/
1918 s[i]->s.k = IPPROTO_ROUTING;
1919 i++;
1920 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */
1921 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
1922 s[i]->s.jt = NULL; /*later*/
1923 s[i]->s.jf = NULL; /*later*/
1924 s[i]->s.k = IPPROTO_FRAGMENT;
1925 fix3 = i;
1926 v6end = i;
1927 i++;
1928
1929 /* v6advance: */
1930 v6advance = i;
1931
1932 /*
1933 * in short,
1934 * A = P[X + 1];
1935 * X = X + (P[X] + 1) * 8;
1936 */
1937 /* A = X */
1938 s[i] = new_stmt(BPF_MISC|BPF_TXA);
1939 i++;
1940 /* MEM[reg1] = A */
1941 s[i] = new_stmt(BPF_ST);
1942 s[i]->s.k = reg1;
1943 i++;
1944 /* A += 1 */
1945 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
1946 s[i]->s.k = 1;
1947 i++;
1948 /* X = A */
1949 s[i] = new_stmt(BPF_MISC|BPF_TAX);
1950 i++;
1951 /* A = P[X + packet head]; */
1952 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
1953 s[i]->s.k = off_nl;
1954 i++;
1955 /* MEM[reg2] = A */
1956 s[i] = new_stmt(BPF_ST);
1957 s[i]->s.k = reg2;
1958 i++;
1959 /* X = MEM[reg1] */
1960 s[i] = new_stmt(BPF_LDX|BPF_MEM);
1961 s[i]->s.k = reg1;
1962 i++;
1963 /* A = P[X + packet head] */
1964 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
1965 s[i]->s.k = off_nl;
1966 i++;
1967 /* A += 1 */
1968 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
1969 s[i]->s.k = 1;
1970 i++;
1971 /* A *= 8 */
1972 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
1973 s[i]->s.k = 8;
1974 i++;
1975 /* X = A; */
1976 s[i] = new_stmt(BPF_MISC|BPF_TAX);
1977 i++;
1978 /* A = MEM[reg2] */
1979 s[i] = new_stmt(BPF_LD|BPF_MEM);
1980 s[i]->s.k = reg2;
1981 i++;
1982
1983 /* goto again; (must use BPF_JA for backward jump) */
1984 s[i] = new_stmt(BPF_JMP|BPF_JA);
1985 s[i]->s.k = again - i - 1;
1986 s[i - 1]->s.jf = s[i];
1987 i++;
1988
1989 /* fixup */
1990 for (j = v6start; j <= v6end; j++)
1991 s[j]->s.jt = s[v6advance];
1992 } else
1993 #endif
1994 {
1995 /* nop */
1996 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
1997 s[i]->s.k = 0;
1998 s[fix2]->s.jf = s[i];
1999 i++;
2000 }
2001
2002 /* ahcheck: */
2003 ahcheck = i;
2004 /* if (A == IPPROTO_AH) then fall through; else goto end; */
2005 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2006 s[i]->s.jt = NULL; /*later*/
2007 s[i]->s.jf = NULL; /*later*/
2008 s[i]->s.k = IPPROTO_AH;
2009 if (fix3)
2010 s[fix3]->s.jf = s[ahcheck];
2011 fix4 = i;
2012 i++;
2013
2014 /*
2015 * in short,
2016 * A = P[X + 1];
2017 * X = X + (P[X] + 2) * 4;
2018 */
2019 /* A = X */
2020 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
2021 i++;
2022 /* MEM[reg1] = A */
2023 s[i] = new_stmt(BPF_ST);
2024 s[i]->s.k = reg1;
2025 i++;
2026 /* A += 1 */
2027 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2028 s[i]->s.k = 1;
2029 i++;
2030 /* X = A */
2031 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2032 i++;
2033 /* A = P[X + packet head]; */
2034 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2035 s[i]->s.k = off_nl;
2036 i++;
2037 /* MEM[reg2] = A */
2038 s[i] = new_stmt(BPF_ST);
2039 s[i]->s.k = reg2;
2040 i++;
2041 /* X = MEM[reg1] */
2042 s[i] = new_stmt(BPF_LDX|BPF_MEM);
2043 s[i]->s.k = reg1;
2044 i++;
2045 /* A = P[X + packet head] */
2046 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2047 s[i]->s.k = off_nl;
2048 i++;
2049 /* A += 2 */
2050 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2051 s[i]->s.k = 2;
2052 i++;
2053 /* A *= 4 */
2054 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
2055 s[i]->s.k = 4;
2056 i++;
2057 /* X = A; */
2058 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2059 i++;
2060 /* A = MEM[reg2] */
2061 s[i] = new_stmt(BPF_LD|BPF_MEM);
2062 s[i]->s.k = reg2;
2063 i++;
2064
2065 /* goto again; (must use BPF_JA for backward jump) */
2066 s[i] = new_stmt(BPF_JMP|BPF_JA);
2067 s[i]->s.k = again - i - 1;
2068 i++;
2069
2070 /* end: nop */
2071 end = i;
2072 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2073 s[i]->s.k = 0;
2074 s[fix2]->s.jt = s[end];
2075 s[fix4]->s.jf = s[end];
2076 s[fix5]->s.jt = s[end];
2077 i++;
2078
2079 /*
2080 * make slist chain
2081 */
2082 max = i;
2083 for (i = 0; i < max - 1; i++)
2084 s[i]->next = s[i + 1];
2085 s[max - 1]->next = NULL;
2086
2087 /*
2088 * emit final check
2089 */
2090 b = new_block(JMP(BPF_JEQ));
2091 b->stmts = s[1]; /*remember, s[0] is dummy*/
2092 b->s.k = v;
2093
2094 free_reg(reg1);
2095 free_reg(reg2);
2096
2097 gen_and(b0, b);
2098 return b;
2099 #endif
2100 }
2101
2102 static struct block *
2103 gen_proto(v, proto, dir)
2104 int v;
2105 int proto;
2106 int dir;
2107 {
2108 struct block *b0, *b1;
2109
2110 if (dir != Q_DEFAULT)
2111 bpf_error("direction applied to 'proto'");
2112
2113 switch (proto) {
2114 case Q_DEFAULT:
2115 #ifdef INET6
2116 b0 = gen_proto(v, Q_IP, dir);
2117 b1 = gen_proto(v, Q_IPV6, dir);
2118 gen_or(b0, b1);
2119 return b1;
2120 #else
2121 /*FALLTHROUGH*/
2122 #endif
2123 case Q_IP:
2124 b0 = gen_linktype(ETHERTYPE_IP);
2125 #ifndef CHASE_CHAIN
2126 b1 = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)v);
2127 #else
2128 b1 = gen_protochain(v, Q_IP);
2129 #endif
2130 gen_and(b0, b1);
2131 return b1;
2132
2133 case Q_ISO:
2134 b0 = gen_linktype(LLC_ISO_LSAP);
2135 b1 = gen_cmp(off_nl + 3, BPF_B, (long)v);
2136 gen_and(b0, b1);
2137 return b1;
2138
2139 case Q_ARP:
2140 bpf_error("arp does not encapsulate another protocol");
2141 /* NOTREACHED */
2142
2143 case Q_RARP:
2144 bpf_error("rarp does not encapsulate another protocol");
2145 /* NOTREACHED */
2146
2147 case Q_ATALK:
2148 bpf_error("atalk encapsulation is not specifiable");
2149 /* NOTREACHED */
2150
2151 case Q_DECNET:
2152 bpf_error("decnet encapsulation is not specifiable");
2153 /* NOTREACHED */
2154
2155 case Q_SCA:
2156 bpf_error("sca does not encapsulate another protocol");
2157 /* NOTREACHED */
2158
2159 case Q_LAT:
2160 bpf_error("lat does not encapsulate another protocol");
2161 /* NOTREACHED */
2162
2163 case Q_MOPRC:
2164 bpf_error("moprc does not encapsulate another protocol");
2165 /* NOTREACHED */
2166
2167 case Q_MOPDL:
2168 bpf_error("mopdl does not encapsulate another protocol");
2169 /* NOTREACHED */
2170
2171 case Q_LINK:
2172 return gen_linktype(v);
2173
2174 case Q_UDP:
2175 bpf_error("'udp proto' is bogus");
2176 /* NOTREACHED */
2177
2178 case Q_TCP:
2179 bpf_error("'tcp proto' is bogus");
2180 /* NOTREACHED */
2181
2182 case Q_ICMP:
2183 bpf_error("'icmp proto' is bogus");
2184 /* NOTREACHED */
2185
2186 case Q_IGMP:
2187 bpf_error("'igmp proto' is bogus");
2188 /* NOTREACHED */
2189
2190 case Q_IGRP:
2191 bpf_error("'igrp proto' is bogus");
2192 /* NOTREACHED */
2193
2194 case Q_PIM:
2195 bpf_error("'pim proto' is bogus");
2196 /* NOTREACHED */
2197
2198 #ifdef INET6
2199 case Q_IPV6:
2200 b0 = gen_linktype(ETHERTYPE_IPV6);
2201 #ifndef CHASE_CHAIN
2202 b1 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)v);
2203 #else
2204 b1 = gen_protochain(v, Q_IPV6);
2205 #endif
2206 gen_and(b0, b1);
2207 return b1;
2208
2209 case Q_ICMPV6:
2210 bpf_error("'icmp6 proto' is bogus");
2211 #endif /* INET6 */
2212
2213 case Q_AH:
2214 bpf_error("'ah proto' is bogus");
2215
2216 case Q_ESP:
2217 bpf_error("'ah proto' is bogus");
2218
2219 default:
2220 abort();
2221 /* NOTREACHED */
2222 }
2223 /* NOTREACHED */
2224 }
2225
2226 struct block *
2227 gen_scode(name, q)
2228 register const char *name;
2229 struct qual q;
2230 {
2231 int proto = q.proto;
2232 int dir = q.dir;
2233 int tproto;
2234 u_char *eaddr;
2235 bpf_u_int32 mask, addr;
2236 #ifndef INET6
2237 bpf_u_int32 **alist;
2238 #else
2239 int tproto6;
2240 struct sockaddr_in *sin;
2241 struct sockaddr_in6 *sin6;
2242 struct addrinfo *res, *res0;
2243 struct in6_addr mask128;
2244 #endif /*INET6*/
2245 struct block *b, *tmp;
2246 int port, real_proto;
2247
2248 switch (q.addr) {
2249
2250 case Q_NET:
2251 addr = pcap_nametonetaddr(name);
2252 if (addr == 0)
2253 bpf_error("unknown network '%s'", name);
2254 /* Left justify network addr and calculate its network mask */
2255 mask = 0xffffffff;
2256 while (addr && (addr & 0xff000000) == 0) {
2257 addr <<= 8;
2258 mask <<= 8;
2259 }
2260 return gen_host(addr, mask, proto, dir);
2261
2262 case Q_DEFAULT:
2263 case Q_HOST:
2264 if (proto == Q_LINK) {
2265 switch (linktype) {
2266
2267 case DLT_EN10MB:
2268 eaddr = pcap_ether_hostton(name);
2269 if (eaddr == NULL)
2270 bpf_error(
2271 "unknown ether host '%s'", name);
2272 return gen_ehostop(eaddr, dir);
2273
2274 case DLT_FDDI:
2275 eaddr = pcap_ether_hostton(name);
2276 if (eaddr == NULL)
2277 bpf_error(
2278 "unknown FDDI host '%s'", name);
2279 return gen_fhostop(eaddr, dir);
2280
2281 case DLT_IEEE802:
2282 eaddr = pcap_ether_hostton(name);
2283 if (eaddr == NULL)
2284 bpf_error(
2285 "unknown token ring host '%s'", name);
2286 return gen_thostop(eaddr, dir);
2287
2288 default:
2289 bpf_error(
2290 "only ethernet/FDDI/token ring supports link-level host name");
2291 break;
2292 }
2293 } else if (proto == Q_DECNET) {
2294 unsigned short dn_addr = __pcap_nametodnaddr(name);
2295 /*
2296 * I don't think DECNET hosts can be multihomed, so
2297 * there is no need to build up a list of addresses
2298 */
2299 return (gen_host(dn_addr, 0, proto, dir));
2300 } else {
2301 #ifndef INET6
2302 alist = pcap_nametoaddr(name);
2303 if (alist == NULL || *alist == NULL)
2304 bpf_error("unknown host '%s'", name);
2305 tproto = proto;
2306 if (off_linktype == -1 && tproto == Q_DEFAULT)
2307 tproto = Q_IP;
2308 b = gen_host(**alist++, 0xffffffff, tproto, dir);
2309 while (*alist) {
2310 tmp = gen_host(**alist++, 0xffffffff,
2311 tproto, dir);
2312 gen_or(b, tmp);
2313 b = tmp;
2314 }
2315 return b;
2316 #else
2317 memset(&mask128, 0xff, sizeof(mask128));
2318 res0 = res = pcap_nametoaddrinfo(name);
2319 if (res == NULL)
2320 bpf_error("unknown host '%s'", name);
2321 b = tmp = NULL;
2322 tproto = tproto6 = proto;
2323 if (off_linktype == -1 && tproto == Q_DEFAULT) {
2324 tproto = Q_IP;
2325 tproto6 = Q_IPV6;
2326 }
2327 for (res = res0; res; res = res->ai_next) {
2328 switch (res->ai_family) {
2329 case AF_INET:
2330 if (tproto == Q_IPV6)
2331 continue;
2332
2333 sin = (struct sockaddr_in *)
2334 res->ai_addr;
2335 tmp = gen_host(ntohl(sin->sin_addr.s_addr),
2336 0xffffffff, tproto, dir);
2337 break;
2338 case AF_INET6:
2339 if (tproto6 == Q_IP)
2340 continue;
2341
2342 sin6 = (struct sockaddr_in6 *)
2343 res->ai_addr;
2344 tmp = gen_host6(&sin6->sin6_addr,
2345 &mask128, tproto6, dir);
2346 break;
2347 }
2348 if (b)
2349 gen_or(b, tmp);
2350 b = tmp;
2351 }
2352 freeaddrinfo(res0);
2353 if (b == NULL) {
2354 bpf_error("unknown host '%s'%s", name,
2355 (proto == Q_DEFAULT)
2356 ? ""
2357 : " for specified address family");
2358 }
2359 return b;
2360 #endif /*INET6*/
2361 }
2362
2363 case Q_PORT:
2364 if (proto != Q_DEFAULT && proto != Q_UDP && proto != Q_TCP)
2365 bpf_error("illegal qualifier of 'port'");
2366 if (pcap_nametoport(name, &port, &real_proto) == 0)
2367 bpf_error("unknown port '%s'", name);
2368 if (proto == Q_UDP) {
2369 if (real_proto == IPPROTO_TCP)
2370 bpf_error("port '%s' is tcp", name);
2371 else
2372 /* override PROTO_UNDEF */
2373 real_proto = IPPROTO_UDP;
2374 }
2375 if (proto == Q_TCP) {
2376 if (real_proto == IPPROTO_UDP)
2377 bpf_error("port '%s' is udp", name);
2378 else
2379 /* override PROTO_UNDEF */
2380 real_proto = IPPROTO_TCP;
2381 }
2382 #ifndef INET6
2383 return gen_port(port, real_proto, dir);
2384 #else
2385 {
2386 struct block *b;
2387 b = gen_port(port, real_proto, dir);
2388 gen_or(gen_port6(port, real_proto, dir), b);
2389 return b;
2390 }
2391 #endif /* INET6 */
2392
2393 case Q_GATEWAY:
2394 #ifndef INET6
2395 eaddr = pcap_ether_hostton(name);
2396 if (eaddr == NULL)
2397 bpf_error("unknown ether host: %s", name);
2398
2399 alist = pcap_nametoaddr(name);
2400 if (alist == NULL || *alist == NULL)
2401 bpf_error("unknown host '%s'", name);
2402 return gen_gateway(eaddr, alist, proto, dir);
2403 #else
2404 bpf_error("'gateway' not supported in this configuration");
2405 #endif /*INET6*/
2406
2407 case Q_PROTO:
2408 real_proto = lookup_proto(name, proto);
2409 if (real_proto >= 0)
2410 return gen_proto(real_proto, proto, dir);
2411 else
2412 bpf_error("unknown protocol: %s", name);
2413
2414 case Q_PROTOCHAIN:
2415 real_proto = lookup_proto(name, proto);
2416 if (real_proto >= 0)
2417 return gen_protochain(real_proto, proto, dir);
2418 else
2419 bpf_error("unknown protocol: %s", name);
2420
2421
2422 case Q_UNDEF:
2423 syntax();
2424 /* NOTREACHED */
2425 }
2426 abort();
2427 /* NOTREACHED */
2428 }
2429
2430 struct block *
2431 gen_mcode(s1, s2, masklen, q)
2432 register const char *s1, *s2;
2433 register int masklen;
2434 struct qual q;
2435 {
2436 register int nlen, mlen;
2437 bpf_u_int32 n, m;
2438
2439 nlen = __pcap_atoin(s1, &n);
2440 /* Promote short ipaddr */
2441 n <<= 32 - nlen;
2442
2443 if (s2 != NULL) {
2444 mlen = __pcap_atoin(s2, &m);
2445 /* Promote short ipaddr */
2446 m <<= 32 - mlen;
2447 if ((n & ~m) != 0)
2448 bpf_error("non-network bits set in \"%s mask %s\"",
2449 s1, s2);
2450 } else {
2451 /* Convert mask len to mask */
2452 if (masklen > 32)
2453 bpf_error("mask length must be <= 32");
2454 m = 0xffffffff << (32 - masklen);
2455 if ((n & ~m) != 0)
2456 bpf_error("non-network bits set in \"%s/%d\"",
2457 s1, masklen);
2458 }
2459
2460 switch (q.addr) {
2461
2462 case Q_NET:
2463 return gen_host(n, m, q.proto, q.dir);
2464
2465 default:
2466 bpf_error("Mask syntax for networks only");
2467 /* NOTREACHED */
2468 }
2469 }
2470
2471 struct block *
2472 gen_ncode(s, v, q)
2473 register const char *s;
2474 bpf_u_int32 v;
2475 struct qual q;
2476 {
2477 bpf_u_int32 mask;
2478 int proto = q.proto;
2479 int dir = q.dir;
2480 register int vlen;
2481
2482 if (s == NULL)
2483 vlen = 32;
2484 else if (q.proto == Q_DECNET)
2485 vlen = __pcap_atodn(s, &v);
2486 else
2487 vlen = __pcap_atoin(s, &v);
2488
2489 switch (q.addr) {
2490
2491 case Q_DEFAULT:
2492 case Q_HOST:
2493 case Q_NET:
2494 if (proto == Q_DECNET)
2495 return gen_host(v, 0, proto, dir);
2496 else if (proto == Q_LINK) {
2497 bpf_error("illegal link layer address");
2498 } else {
2499 mask = 0xffffffff;
2500 if (s == NULL && q.addr == Q_NET) {
2501 /* Promote short net number */
2502 while (v && (v & 0xff000000) == 0) {
2503 v <<= 8;
2504 mask <<= 8;
2505 }
2506 } else {
2507 /* Promote short ipaddr */
2508 v <<= 32 - vlen;
2509 mask <<= 32 - vlen;
2510 }
2511 return gen_host(v, mask, proto, dir);
2512 }
2513
2514 case Q_PORT:
2515 if (proto == Q_UDP)
2516 proto = IPPROTO_UDP;
2517 else if (proto == Q_TCP)
2518 proto = IPPROTO_TCP;
2519 else if (proto == Q_DEFAULT)
2520 proto = PROTO_UNDEF;
2521 else
2522 bpf_error("illegal qualifier of 'port'");
2523
2524 #ifndef INET6
2525 return gen_port((int)v, proto, dir);
2526 #else
2527 {
2528 struct block *b;
2529 b = gen_port((int)v, proto, dir);
2530 gen_or(gen_port6((int)v, proto, dir), b);
2531 return b;
2532 }
2533 #endif /* INET6 */
2534
2535 case Q_GATEWAY:
2536 bpf_error("'gateway' requires a name");
2537 /* NOTREACHED */
2538
2539 case Q_PROTO:
2540 return gen_proto((int)v, proto, dir);
2541
2542 case Q_PROTOCHAIN:
2543 return gen_protochain((int)v, proto, dir);
2544
2545 case Q_UNDEF:
2546 syntax();
2547 /* NOTREACHED */
2548
2549 default:
2550 abort();
2551 /* NOTREACHED */
2552 }
2553 /* NOTREACHED */
2554 }
2555
2556 #ifdef INET6
2557 struct block *
2558 gen_mcode6(s1, s2, masklen, q)
2559 register const char *s1, *s2;
2560 register int masklen;
2561 struct qual q;
2562 {
2563 struct addrinfo *res;
2564 struct in6_addr *addr;
2565 struct in6_addr mask;
2566 struct block *b;
2567 u_int32_t *a, *m;
2568
2569 if (s2)
2570 bpf_error("no mask %s supported", s2);
2571
2572 res = pcap_nametoaddrinfo(s1);
2573 if (!res)
2574 bpf_error("invalid ip6 address %s", s1);
2575 if (res->ai_next)
2576 bpf_error("%s resolved to multiple address", s1);
2577 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr;
2578
2579 if (sizeof(mask) * 8 < masklen)
2580 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8));
2581 memset(&mask, 0xff, masklen / 8);
2582 if (masklen % 8) {
2583 mask.s6_addr[masklen / 8] =
2584 (0xff << (8 - masklen % 8)) & 0xff;
2585 }
2586
2587 a = (u_int32_t *)addr;
2588 m = (u_int32_t *)&mask;
2589 if ((a[0] & ~m[0]) || (a[1] & ~m[1])
2590 || (a[2] & ~m[2]) || (a[3] & ~m[3])) {
2591 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen);
2592 }
2593
2594 switch (q.addr) {
2595
2596 case Q_DEFAULT:
2597 case Q_HOST:
2598 if (masklen != 128)
2599 bpf_error("Mask syntax for networks only");
2600 /* FALLTHROUGH */
2601
2602 case Q_NET:
2603 b = gen_host6(addr, &mask, q.proto, q.dir);
2604 freeaddrinfo(res);
2605 return b;
2606
2607 default:
2608 bpf_error("invalid qualifier against IPv6 address");
2609 /* NOTREACHED */
2610 }
2611 }
2612 #endif /*INET6*/
2613
2614 struct block *
2615 gen_ecode(eaddr, q)
2616 register const u_char *eaddr;
2617 struct qual q;
2618 {
2619 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
2620 if (linktype == DLT_EN10MB)
2621 return gen_ehostop(eaddr, (int)q.dir);
2622 if (linktype == DLT_FDDI)
2623 return gen_fhostop(eaddr, (int)q.dir);
2624 if (linktype == DLT_IEEE802)
2625 return gen_thostop(eaddr, (int)q.dir);
2626 }
2627 bpf_error("ethernet address used in non-ether expression");
2628 /* NOTREACHED */
2629 }
2630
2631 void
2632 sappend(s0, s1)
2633 struct slist *s0, *s1;
2634 {
2635 /*
2636 * This is definitely not the best way to do this, but the
2637 * lists will rarely get long.
2638 */
2639 while (s0->next)
2640 s0 = s0->next;
2641 s0->next = s1;
2642 }
2643
2644 static struct slist *
2645 xfer_to_x(a)
2646 struct arth *a;
2647 {
2648 struct slist *s;
2649
2650 s = new_stmt(BPF_LDX|BPF_MEM);
2651 s->s.k = a->regno;
2652 return s;
2653 }
2654
2655 static struct slist *
2656 xfer_to_a(a)
2657 struct arth *a;
2658 {
2659 struct slist *s;
2660
2661 s = new_stmt(BPF_LD|BPF_MEM);
2662 s->s.k = a->regno;
2663 return s;
2664 }
2665
2666 struct arth *
2667 gen_load(proto, index, size)
2668 int proto;
2669 struct arth *index;
2670 int size;
2671 {
2672 struct slist *s, *tmp;
2673 struct block *b;
2674 int regno = alloc_reg();
2675
2676 free_reg(index->regno);
2677 switch (size) {
2678
2679 default:
2680 bpf_error("data size must be 1, 2, or 4");
2681
2682 case 1:
2683 size = BPF_B;
2684 break;
2685
2686 case 2:
2687 size = BPF_H;
2688 break;
2689
2690 case 4:
2691 size = BPF_W;
2692 break;
2693 }
2694 switch (proto) {
2695 default:
2696 bpf_error("unsupported index operation");
2697
2698 case Q_LINK:
2699 s = xfer_to_x(index);
2700 tmp = new_stmt(BPF_LD|BPF_IND|size);
2701 sappend(s, tmp);
2702 sappend(index->s, s);
2703 break;
2704
2705 case Q_IP:
2706 case Q_ARP:
2707 case Q_RARP:
2708 case Q_ATALK:
2709 case Q_DECNET:
2710 case Q_SCA:
2711 case Q_LAT:
2712 case Q_MOPRC:
2713 case Q_MOPDL:
2714 #ifdef INET6
2715 case Q_IPV6:
2716 #endif
2717 /* XXX Note that we assume a fixed link header here. */
2718 s = xfer_to_x(index);
2719 tmp = new_stmt(BPF_LD|BPF_IND|size);
2720 tmp->s.k = off_nl;
2721 sappend(s, tmp);
2722 sappend(index->s, s);
2723
2724 b = gen_proto_abbrev(proto);
2725 if (index->b)
2726 gen_and(index->b, b);
2727 index->b = b;
2728 break;
2729
2730 case Q_TCP:
2731 case Q_UDP:
2732 case Q_ICMP:
2733 case Q_IGMP:
2734 case Q_IGRP:
2735 case Q_PIM:
2736 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
2737 s->s.k = off_nl;
2738 sappend(s, xfer_to_a(index));
2739 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X));
2740 sappend(s, new_stmt(BPF_MISC|BPF_TAX));
2741 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size));
2742 tmp->s.k = off_nl;
2743 sappend(index->s, s);
2744
2745 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag());
2746 if (index->b)
2747 gen_and(index->b, b);
2748 #ifdef INET6
2749 gen_and(gen_proto_abbrev(Q_IP), b);
2750 #endif
2751 index->b = b;
2752 break;
2753 #ifdef INET6
2754 case Q_ICMPV6:
2755 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]");
2756 /*NOTREACHED*/
2757 #endif
2758 }
2759 index->regno = regno;
2760 s = new_stmt(BPF_ST);
2761 s->s.k = regno;
2762 sappend(index->s, s);
2763
2764 return index;
2765 }
2766
2767 struct block *
2768 gen_relation(code, a0, a1, reversed)
2769 int code;
2770 struct arth *a0, *a1;
2771 int reversed;
2772 {
2773 struct slist *s0, *s1, *s2;
2774 struct block *b, *tmp;
2775
2776 s0 = xfer_to_x(a1);
2777 s1 = xfer_to_a(a0);
2778 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X);
2779 b = new_block(JMP(code));
2780 if (code == BPF_JGT || code == BPF_JGE) {
2781 reversed = !reversed;
2782 b->s.k = 0x80000000;
2783 }
2784 if (reversed)
2785 gen_not(b);
2786
2787 sappend(s1, s2);
2788 sappend(s0, s1);
2789 sappend(a1->s, s0);
2790 sappend(a0->s, a1->s);
2791
2792 b->stmts = a0->s;
2793
2794 free_reg(a0->regno);
2795 free_reg(a1->regno);
2796
2797 /* 'and' together protocol checks */
2798 if (a0->b) {
2799 if (a1->b) {
2800 gen_and(a0->b, tmp = a1->b);
2801 }
2802 else
2803 tmp = a0->b;
2804 } else
2805 tmp = a1->b;
2806
2807 if (tmp)
2808 gen_and(tmp, b);
2809
2810 return b;
2811 }
2812
2813 struct arth *
2814 gen_loadlen()
2815 {
2816 int regno = alloc_reg();
2817 struct arth *a = (struct arth *)newchunk(sizeof(*a));
2818 struct slist *s;
2819
2820 s = new_stmt(BPF_LD|BPF_LEN);
2821 s->next = new_stmt(BPF_ST);
2822 s->next->s.k = regno;
2823 a->s = s;
2824 a->regno = regno;
2825
2826 return a;
2827 }
2828
2829 struct arth *
2830 gen_loadi(val)
2831 int val;
2832 {
2833 struct arth *a;
2834 struct slist *s;
2835 int reg;
2836
2837 a = (struct arth *)newchunk(sizeof(*a));
2838
2839 reg = alloc_reg();
2840
2841 s = new_stmt(BPF_LD|BPF_IMM);
2842 s->s.k = val;
2843 s->next = new_stmt(BPF_ST);
2844 s->next->s.k = reg;
2845 a->s = s;
2846 a->regno = reg;
2847
2848 return a;
2849 }
2850
2851 struct arth *
2852 gen_neg(a)
2853 struct arth *a;
2854 {
2855 struct slist *s;
2856
2857 s = xfer_to_a(a);
2858 sappend(a->s, s);
2859 s = new_stmt(BPF_ALU|BPF_NEG);
2860 s->s.k = 0;
2861 sappend(a->s, s);
2862 s = new_stmt(BPF_ST);
2863 s->s.k = a->regno;
2864 sappend(a->s, s);
2865
2866 return a;
2867 }
2868
2869 struct arth *
2870 gen_arth(code, a0, a1)
2871 int code;
2872 struct arth *a0, *a1;
2873 {
2874 struct slist *s0, *s1, *s2;
2875
2876 s0 = xfer_to_x(a1);
2877 s1 = xfer_to_a(a0);
2878 s2 = new_stmt(BPF_ALU|BPF_X|code);
2879
2880 sappend(s1, s2);
2881 sappend(s0, s1);
2882 sappend(a1->s, s0);
2883 sappend(a0->s, a1->s);
2884
2885 free_reg(a1->regno);
2886
2887 s0 = new_stmt(BPF_ST);
2888 a0->regno = s0->s.k = alloc_reg();
2889 sappend(a0->s, s0);
2890
2891 return a0;
2892 }
2893
2894 /*
2895 * Here we handle simple allocation of the scratch registers.
2896 * If too many registers are alloc'd, the allocator punts.
2897 */
2898 static int regused[BPF_MEMWORDS];
2899 static int curreg;
2900
2901 /*
2902 * Return the next free register.
2903 */
2904 static int
2905 alloc_reg()
2906 {
2907 int n = BPF_MEMWORDS;
2908
2909 while (--n >= 0) {
2910 if (regused[curreg])
2911 curreg = (curreg + 1) % BPF_MEMWORDS;
2912 else {
2913 regused[curreg] = 1;
2914 return curreg;
2915 }
2916 }
2917 bpf_error("too many registers needed to evaluate expression");
2918 /* NOTREACHED */
2919 }
2920
2921 /*
2922 * Return a register to the table so it can
2923 * be used later.
2924 */
2925 static void
2926 free_reg(n)
2927 int n;
2928 {
2929 regused[n] = 0;
2930 }
2931
2932 static struct block *
2933 gen_len(jmp, n)
2934 int jmp, n;
2935 {
2936 struct slist *s;
2937 struct block *b;
2938
2939 s = new_stmt(BPF_LD|BPF_LEN);
2940 b = new_block(JMP(jmp));
2941 b->stmts = s;
2942 b->s.k = n;
2943
2944 return b;
2945 }
2946
2947 struct block *
2948 gen_greater(n)
2949 int n;
2950 {
2951 return gen_len(BPF_JGE, n);
2952 }
2953
2954 /*
2955 * Actually, this is less than or equal.
2956 */
2957 struct block *
2958 gen_less(n)
2959 int n;
2960 {
2961 struct block *b;
2962
2963 b = gen_len(BPF_JGT, n);
2964 gen_not(b);
2965
2966 return b;
2967 }
2968
2969 struct block *
2970 gen_byteop(op, idx, val)
2971 int op, idx, val;
2972 {
2973 struct block *b;
2974 struct slist *s;
2975
2976 switch (op) {
2977 default:
2978 abort();
2979
2980 case '=':
2981 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
2982
2983 case '<':
2984 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
2985 b->s.code = JMP(BPF_JGE);
2986 gen_not(b);
2987 return b;
2988
2989 case '>':
2990 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
2991 b->s.code = JMP(BPF_JGT);
2992 return b;
2993
2994 case '|':
2995 s = new_stmt(BPF_ALU|BPF_OR|BPF_K);
2996 break;
2997
2998 case '&':
2999 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
3000 break;
3001 }
3002 s->s.k = val;
3003 b = new_block(JMP(BPF_JEQ));
3004 b->stmts = s;
3005 gen_not(b);
3006
3007 return b;
3008 }
3009
3010 struct block *
3011 gen_broadcast(proto)
3012 int proto;
3013 {
3014 bpf_u_int32 hostmask;
3015 struct block *b0, *b1, *b2;
3016 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
3017
3018 switch (proto) {
3019
3020 case Q_DEFAULT:
3021 case Q_LINK:
3022 if (linktype == DLT_EN10MB)
3023 return gen_ehostop(ebroadcast, Q_DST);
3024 if (linktype == DLT_FDDI)
3025 return gen_fhostop(ebroadcast, Q_DST);
3026 if (linktype == DLT_IEEE802)
3027 return gen_thostop(ebroadcast, Q_DST);
3028 bpf_error("not a broadcast link");
3029 break;
3030
3031 case Q_IP:
3032 b0 = gen_linktype(ETHERTYPE_IP);
3033 hostmask = ~netmask;
3034 b1 = gen_mcmp(off_nl + 16, BPF_W, (bpf_int32)0, hostmask);
3035 b2 = gen_mcmp(off_nl + 16, BPF_W,
3036 (bpf_int32)(~0 & hostmask), hostmask);
3037 gen_or(b1, b2);
3038 gen_and(b0, b2);
3039 return b2;
3040 }
3041 bpf_error("only ether/ip broadcast filters supported");
3042 }
3043
3044 struct block *
3045 gen_multicast(proto)
3046 int proto;
3047 {
3048 register struct block *b0, *b1;
3049 register struct slist *s;
3050
3051 switch (proto) {
3052
3053 case Q_DEFAULT:
3054 case Q_LINK:
3055 if (linktype == DLT_EN10MB) {
3056 /* ether[0] & 1 != 0 */
3057 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
3058 s->s.k = 0;
3059 b0 = new_block(JMP(BPF_JSET));
3060 b0->s.k = 1;
3061 b0->stmts = s;
3062 return b0;
3063 }
3064
3065 if (linktype == DLT_FDDI) {
3066 /* XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX */
3067 /* fddi[1] & 1 != 0 */
3068 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
3069 s->s.k = 1;
3070 b0 = new_block(JMP(BPF_JSET));
3071 b0->s.k = 1;
3072 b0->stmts = s;
3073 return b0;
3074 }
3075
3076 /* TODO - check how token ring handles multicast */
3077 /* if (linktype == DLT_IEEE802) ... */
3078
3079 /* Link not known to support multicasts */
3080 break;
3081
3082 case Q_IP:
3083 b0 = gen_linktype(ETHERTYPE_IP);
3084 b1 = gen_cmp(off_nl + 16, BPF_B, (bpf_int32)224);
3085 b1->s.code = JMP(BPF_JGE);
3086 gen_and(b0, b1);
3087 return b1;
3088
3089 #ifdef INET6
3090 case Q_IPV6:
3091 b0 = gen_linktype(ETHERTYPE_IPV6);
3092 b1 = gen_cmp(off_nl + 24, BPF_B, (bpf_int32)255);
3093 gen_and(b0, b1);
3094 return b1;
3095 #endif /* INET6 */
3096 }
3097 bpf_error("only IP multicast filters supported on ethernet/FDDI");
3098 }
3099
3100 /*
3101 * generate command for inbound/outbound. It's here so we can
3102 * make it link-type specific. 'dir' = 0 implies "inbound",
3103 * = 1 implies "outbound".
3104 */
3105 struct block *
3106 gen_inbound(dir)
3107 int dir;
3108 {
3109 register struct block *b0;
3110
3111 b0 = gen_relation(BPF_JEQ,
3112 gen_load(Q_LINK, gen_loadi(0), 1),
3113 gen_loadi(0),
3114 dir);
3115 return (b0);
3116 }
3117
3118 /*
3119 * support IEEE 802.1Q VLAN trunk over ethernet
3120 */
3121 struct block *
3122 gen_vlan(vlan_num)
3123 int vlan_num;
3124 {
3125 static u_int orig_linktype = -1, orig_nl = -1;
3126 struct block *b0;
3127
3128 /*
3129 * Change the offsets to point to the type and data fields within
3130 * the VLAN packet. This is somewhat of a kludge.
3131 */
3132 if (orig_nl == (u_int)-1) {
3133 orig_linktype = off_linktype; /* save original values */
3134 orig_nl = off_nl;
3135
3136 switch (linktype) {
3137
3138 case DLT_EN10MB:
3139 off_linktype = 16;
3140 off_nl = 18;
3141 break;
3142
3143 default:
3144 bpf_error("no VLAN support for data link type %d",
3145 linktype);
3146 /*NOTREACHED*/
3147 }
3148 }
3149
3150 /* check for VLAN */
3151 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q);
3152
3153 /* If a specific VLAN is requested, check VLAN id */
3154 if (vlan_num >= 0) {
3155 struct block *b1;
3156
3157 b1 = gen_cmp(orig_nl, BPF_H, (bpf_int32)vlan_num);
3158 gen_and(b0, b1);
3159 b0 = b1;
3160 }
3161
3162 return (b0);
3163 }
[mirror] the LIBpcap interface to various kernel packet capture mechanism