]> The Tcpdump Group git mirrors - libpcap/blob - gencode.c
projects / libpcap / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Have "map_arphrd_to_dlt()" take a flag indicating whether it's OK to
[libpcap] / gencode.c
1 /*#define CHASE_CHAIN*/
2 /*
3 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998
4 * The Regents of the University of California. All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that: (1) source code distributions
8 * retain the above copyright notice and this paragraph in its entirety, (2)
9 * distributions including binary code include the above copyright notice and
10 * this paragraph in its entirety in the documentation or other materials
11 * provided with the distribution, and (3) all advertising materials mentioning
12 * features or use of this software display the following acknowledgement:
13 * ``This product includes software developed by the University of California,
14 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
15 * the University nor the names of its contributors may be used to endorse
16 * or promote products derived from this software without specific prior
17 * written permission.
18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
19 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
20 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
21 */
22 #ifndef lint
23 static const char rcsid[] =
24 "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.161 2001-12-18 09:10:49 guy Exp $ (LBL)";
25 #endif
26
27 #ifdef HAVE_CONFIG_H
28 #include "config.h"
29 #endif
30
31 #include <sys/types.h>
32 #include <sys/socket.h>
33 #include <sys/time.h>
34 #ifdef __NetBSD__
35 #include <sys/param.h>
36 #endif
37
38 struct mbuf;
39 struct rtentry;
40 #include <net/if.h>
41
42 #include <netinet/in.h>
43
44 #include <stdlib.h>
45 #include <string.h>
46 #include <memory.h>
47 #include <setjmp.h>
48 #include <stdarg.h>
49
50 #include "pcap-int.h"
51
52 #include "ethertype.h"
53 #include "nlpid.h"
54 #include "llc.h"
55 #include "gencode.h"
56 #include "ppp.h"
57 #include "sll.h"
58 #include "arcnet.h"
59 #include <pcap-namedb.h>
60 #ifdef INET6
61 #include <netdb.h>
62 #include <sys/socket.h>
63 #endif /*INET6*/
64
65 #define ETHERMTU 1500
66
67 #ifndef IPPROTO_SCTP
68 #define IPPROTO_SCTP 132
69 #endif
70
71 #ifdef HAVE_OS_PROTO_H
72 #include "os-proto.h"
73 #endif
74
75 #define JMP(c) ((c)|BPF_JMP|BPF_K)
76
77 /* Locals */
78 static jmp_buf top_ctx;
79 static pcap_t *bpf_pcap;
80
81 /* Hack for updating VLAN offsets. */
82 static u_int orig_linktype = -1, orig_nl = -1;
83
84 /* XXX */
85 #ifdef PCAP_FDDIPAD
86 int pcap_fddipad = PCAP_FDDIPAD;
87 #else
88 int pcap_fddipad;
89 #endif
90
91 /* VARARGS */
92 void
93 bpf_error(const char *fmt, ...)
94
95 {
96 va_list ap;
97
98 va_start(ap, fmt);
99 if (bpf_pcap != NULL)
100 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE,
101 fmt, ap);
102 va_end(ap);
103 longjmp(top_ctx, 1);
104 /* NOTREACHED */
105 }
106
107 static void init_linktype(int);
108
109 static int alloc_reg(void);
110 static void free_reg(int);
111
112 static struct block *root;
113
114 /*
115 * We divy out chunks of memory rather than call malloc each time so
116 * we don't have to worry about leaking memory. It's probably
117 * not a big deal if all this memory was wasted but it this ever
118 * goes into a library that would probably not be a good idea.
119 */
120 #define NCHUNKS 16
121 #define CHUNK0SIZE 1024
122 struct chunk {
123 u_int n_left;
124 void *m;
125 };
126
127 static struct chunk chunks[NCHUNKS];
128 static int cur_chunk;
129
130 static void *newchunk(u_int);
131 static void freechunks(void);
132 static inline struct block *new_block(int);
133 static inline struct slist *new_stmt(int);
134 static struct block *gen_retblk(int);
135 static inline void syntax(void);
136
137 static void backpatch(struct block *, struct block *);
138 static void merge(struct block *, struct block *);
139 static struct block *gen_cmp(u_int, u_int, bpf_int32);
140 static struct block *gen_cmp_gt(u_int, u_int, bpf_int32);
141 static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32);
142 static struct block *gen_bcmp(u_int, u_int, const u_char *);
143 static struct block *gen_uncond(int);
144 static inline struct block *gen_true(void);
145 static inline struct block *gen_false(void);
146 static struct block *gen_linktype(int);
147 static struct block *gen_snap(bpf_u_int32, bpf_u_int32, u_int);
148 static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int);
149 #ifdef INET6
150 static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int);
151 #endif
152 static struct block *gen_ahostop(const u_char *, int);
153 static struct block *gen_ehostop(const u_char *, int);
154 static struct block *gen_fhostop(const u_char *, int);
155 static struct block *gen_thostop(const u_char *, int);
156 static struct block *gen_dnhostop(bpf_u_int32, int, u_int);
157 static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int);
158 #ifdef INET6
159 static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int);
160 #endif
161 #ifndef INET6
162 static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int);
163 #endif
164 static struct block *gen_ipfrag(void);
165 static struct block *gen_portatom(int, bpf_int32);
166 #ifdef INET6
167 static struct block *gen_portatom6(int, bpf_int32);
168 #endif
169 struct block *gen_portop(int, int, int);
170 static struct block *gen_port(int, int, int);
171 #ifdef INET6
172 struct block *gen_portop6(int, int, int);
173 static struct block *gen_port6(int, int, int);
174 #endif
175 static int lookup_proto(const char *, int);
176 static struct block *gen_protochain(int, int, int);
177 static struct block *gen_proto(int, int, int);
178 static struct slist *xfer_to_x(struct arth *);
179 static struct slist *xfer_to_a(struct arth *);
180 static struct block *gen_len(int, int);
181
182 static void *
183 newchunk(n)
184 u_int n;
185 {
186 struct chunk *cp;
187 int k, size;
188
189 #ifndef __NetBSD__
190 /* XXX Round up to nearest long. */
191 n = (n + sizeof(long) - 1) & ~(sizeof(long) - 1);
192 #else
193 /* XXX Round up to structure boundary. */
194 n = ALIGN(n);
195 #endif
196
197 cp = &chunks[cur_chunk];
198 if (n > cp->n_left) {
199 ++cp, k = ++cur_chunk;
200 if (k >= NCHUNKS)
201 bpf_error("out of memory");
202 size = CHUNK0SIZE << k;
203 cp->m = (void *)malloc(size);
204 memset((char *)cp->m, 0, size);
205 cp->n_left = size;
206 if (n > size)
207 bpf_error("out of memory");
208 }
209 cp->n_left -= n;
210 return (void *)((char *)cp->m + cp->n_left);
211 }
212
213 static void
214 freechunks()
215 {
216 int i;
217
218 cur_chunk = 0;
219 for (i = 0; i < NCHUNKS; ++i)
220 if (chunks[i].m != NULL) {
221 free(chunks[i].m);
222 chunks[i].m = NULL;
223 }
224 }
225
226 /*
227 * A strdup whose allocations are freed after code generation is over.
228 */
229 char *
230 sdup(s)
231 register const char *s;
232 {
233 int n = strlen(s) + 1;
234 char *cp = newchunk(n);
235
236 strlcpy(cp, s, n);
237 return (cp);
238 }
239
240 static inline struct block *
241 new_block(code)
242 int code;
243 {
244 struct block *p;
245
246 p = (struct block *)newchunk(sizeof(*p));
247 p->s.code = code;
248 p->head = p;
249
250 return p;
251 }
252
253 static inline struct slist *
254 new_stmt(code)
255 int code;
256 {
257 struct slist *p;
258
259 p = (struct slist *)newchunk(sizeof(*p));
260 p->s.code = code;
261
262 return p;
263 }
264
265 static struct block *
266 gen_retblk(v)
267 int v;
268 {
269 struct block *b = new_block(BPF_RET|BPF_K);
270
271 b->s.k = v;
272 return b;
273 }
274
275 static inline void
276 syntax()
277 {
278 bpf_error("syntax error in filter expression");
279 }
280
281 static bpf_u_int32 netmask;
282 static int snaplen;
283 int no_optimize;
284
285 int
286 pcap_compile(pcap_t *p, struct bpf_program *program,
287 char *buf, int optimize, bpf_u_int32 mask)
288 {
289 extern int n_errors;
290 int len;
291
292 no_optimize = 0;
293 n_errors = 0;
294 root = NULL;
295 bpf_pcap = p;
296 if (setjmp(top_ctx)) {
297 lex_cleanup();
298 freechunks();
299 return (-1);
300 }
301
302 netmask = mask;
303
304 snaplen = pcap_snapshot(p);
305 if (snaplen == 0) {
306 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
307 "snaplen of 0 rejects all packets");
308 return -1;
309 }
310
311 lex_init(buf ? buf : "");
312 init_linktype(pcap_datalink(p));
313 (void)pcap_parse();
314
315 if (n_errors)
316 syntax();
317
318 if (root == NULL)
319 root = gen_retblk(snaplen);
320
321 if (optimize && !no_optimize) {
322 bpf_optimize(&root);
323 if (root == NULL ||
324 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0))
325 bpf_error("expression rejects all packets");
326 }
327 program->bf_insns = icode_to_fcode(root, &len);
328 program->bf_len = len;
329
330 lex_cleanup();
331 freechunks();
332 return (0);
333 }
334
335 /*
336 * entry point for using the compiler with no pcap open
337 * pass in all the stuff that is needed explicitly instead.
338 */
339 int
340 pcap_compile_nopcap(int snaplen_arg, int linktype_arg,
341 struct bpf_program *program,
342 char *buf, int optimize, bpf_u_int32 mask)
343 {
344 pcap_t *p;
345 int ret;
346
347 p = pcap_open_dead(linktype_arg, snaplen_arg);
348 if (p == NULL)
349 return (-1);
350 ret = pcap_compile(p, program, buf, optimize, mask);
351 pcap_close(p);
352 return (ret);
353 }
354
355 /*
356 * Clean up a "struct bpf_program" by freeing all the memory allocated
357 * in it.
358 */
359 void
360 pcap_freecode(struct bpf_program *program)
361 {
362 program->bf_len = 0;
363 if (program->bf_insns != NULL) {
364 free((char *)program->bf_insns);
365 program->bf_insns = NULL;
366 }
367 }
368
369 /*
370 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates
371 * which of the jt and jf fields has been resolved and which is a pointer
372 * back to another unresolved block (or nil). At least one of the fields
373 * in each block is already resolved.
374 */
375 static void
376 backpatch(list, target)
377 struct block *list, *target;
378 {
379 struct block *next;
380
381 while (list) {
382 if (!list->sense) {
383 next = JT(list);
384 JT(list) = target;
385 } else {
386 next = JF(list);
387 JF(list) = target;
388 }
389 list = next;
390 }
391 }
392
393 /*
394 * Merge the lists in b0 and b1, using the 'sense' field to indicate
395 * which of jt and jf is the link.
396 */
397 static void
398 merge(b0, b1)
399 struct block *b0, *b1;
400 {
401 register struct block **p = &b0;
402
403 /* Find end of list. */
404 while (*p)
405 p = !((*p)->sense) ? &JT(*p) : &JF(*p);
406
407 /* Concatenate the lists. */
408 *p = b1;
409 }
410
411 void
412 finish_parse(p)
413 struct block *p;
414 {
415 backpatch(p, gen_retblk(snaplen));
416 p->sense = !p->sense;
417 backpatch(p, gen_retblk(0));
418 root = p->head;
419 }
420
421 void
422 gen_and(b0, b1)
423 struct block *b0, *b1;
424 {
425 backpatch(b0, b1->head);
426 b0->sense = !b0->sense;
427 b1->sense = !b1->sense;
428 merge(b1, b0);
429 b1->sense = !b1->sense;
430 b1->head = b0->head;
431 }
432
433 void
434 gen_or(b0, b1)
435 struct block *b0, *b1;
436 {
437 b0->sense = !b0->sense;
438 backpatch(b0, b1->head);
439 b0->sense = !b0->sense;
440 merge(b1, b0);
441 b1->head = b0->head;
442 }
443
444 void
445 gen_not(b)
446 struct block *b;
447 {
448 b->sense = !b->sense;
449 }
450
451 static struct block *
452 gen_cmp(offset, size, v)
453 u_int offset, size;
454 bpf_int32 v;
455 {
456 struct slist *s;
457 struct block *b;
458
459 s = new_stmt(BPF_LD|BPF_ABS|size);
460 s->s.k = offset;
461
462 b = new_block(JMP(BPF_JEQ));
463 b->stmts = s;
464 b->s.k = v;
465
466 return b;
467 }
468
469 static struct block *
470 gen_cmp_gt(offset, size, v)
471 u_int offset, size;
472 bpf_int32 v;
473 {
474 struct slist *s;
475 struct block *b;
476
477 s = new_stmt(BPF_LD|BPF_ABS|size);
478 s->s.k = offset;
479
480 b = new_block(JMP(BPF_JGT));
481 b->stmts = s;
482 b->s.k = v;
483
484 return b;
485 }
486
487 static struct block *
488 gen_mcmp(offset, size, v, mask)
489 u_int offset, size;
490 bpf_int32 v;
491 bpf_u_int32 mask;
492 {
493 struct block *b = gen_cmp(offset, size, v);
494 struct slist *s;
495
496 if (mask != 0xffffffff) {
497 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
498 s->s.k = mask;
499 b->stmts->next = s;
500 }
501 return b;
502 }
503
504 static struct block *
505 gen_bcmp(offset, size, v)
506 register u_int offset, size;
507 register const u_char *v;
508 {
509 register struct block *b, *tmp;
510
511 b = NULL;
512 while (size >= 4) {
513 register const u_char *p = &v[size - 4];
514 bpf_int32 w = ((bpf_int32)p[0] << 24) |
515 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3];
516
517 tmp = gen_cmp(offset + size - 4, BPF_W, w);
518 if (b != NULL)
519 gen_and(b, tmp);
520 b = tmp;
521 size -= 4;
522 }
523 while (size >= 2) {
524 register const u_char *p = &v[size - 2];
525 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1];
526
527 tmp = gen_cmp(offset + size - 2, BPF_H, w);
528 if (b != NULL)
529 gen_and(b, tmp);
530 b = tmp;
531 size -= 2;
532 }
533 if (size > 0) {
534 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]);
535 if (b != NULL)
536 gen_and(b, tmp);
537 b = tmp;
538 }
539 return b;
540 }
541
542 /*
543 * Various code constructs need to know the layout of the data link
544 * layer. These variables give the necessary offsets. off_linktype
545 * is set to -1 for no encapsulation, in which case, IP is assumed.
546 */
547 static u_int off_linktype;
548 static u_int off_nl;
549 static int linktype;
550
551 static void
552 init_linktype(type)
553 int type;
554 {
555 linktype = type;
556
557 orig_linktype = -1;
558 orig_nl = -1;
559
560 switch (type) {
561
562 case DLT_ARCNET:
563 off_linktype = 2;
564 off_nl = 6; /* XXX in reality, variable! */
565 return;
566
567 case DLT_EN10MB:
568 off_linktype = 12;
569 off_nl = 14;
570 return;
571
572 case DLT_SLIP:
573 /*
574 * SLIP doesn't have a link level type. The 16 byte
575 * header is hacked into our SLIP driver.
576 */
577 off_linktype = -1;
578 off_nl = 16;
579 return;
580
581 case DLT_SLIP_BSDOS:
582 /* XXX this may be the same as the DLT_PPP_BSDOS case */
583 off_linktype = -1;
584 /* XXX end */
585 off_nl = 24;
586 return;
587
588 case DLT_NULL:
589 case DLT_LOOP:
590 off_linktype = 0;
591 off_nl = 4;
592 return;
593
594 case DLT_PPP:
595 case DLT_C_HDLC: /* BSD/OS Cisco HDLC */
596 case DLT_PPP_SERIAL: /* NetBSD sync/async serial PPP */
597 off_linktype = 2;
598 off_nl = 4;
599 return;
600
601 case DLT_PPP_ETHER:
602 /*
603 * This does no include the Ethernet header, and
604 * only covers session state.
605 */
606 off_linktype = 6;
607 off_nl = 8;
608 return;
609
610 case DLT_PPP_BSDOS:
611 off_linktype = 5;
612 off_nl = 24;
613 return;
614
615 case DLT_FDDI:
616 /*
617 * FDDI doesn't really have a link-level type field.
618 * We set "off_linktype" to the offset of the LLC header.
619 *
620 * To check for Ethernet types, we assume that SSAP = SNAP
621 * is being used and pick out the encapsulated Ethernet type.
622 * XXX - should we generate code to check for SNAP?
623 */
624 off_linktype = 13;
625 #ifdef PCAP_FDDIPAD
626 off_linktype += pcap_fddipad;
627 #endif
628 off_nl = 21;
629 #ifdef PCAP_FDDIPAD
630 off_nl += pcap_fddipad;
631 #endif
632 return;
633
634 case DLT_IEEE802:
635 /*
636 * Token Ring doesn't really have a link-level type field.
637 * We set "off_linktype" to the offset of the LLC header.
638 *
639 * To check for Ethernet types, we assume that SSAP = SNAP
640 * is being used and pick out the encapsulated Ethernet type.
641 * XXX - should we generate code to check for SNAP?
642 *
643 * XXX - the header is actually variable-length.
644 * Some various Linux patched versions gave 38
645 * as "off_linktype" and 40 as "off_nl"; however,
646 * if a token ring packet has *no* routing
647 * information, i.e. is not source-routed, the correct
648 * values are 20 and 22, as they are in the vanilla code.
649 *
650 * A packet is source-routed iff the uppermost bit
651 * of the first byte of the source address, at an
652 * offset of 8, has the uppermost bit set. If the
653 * packet is source-routed, the total number of bytes
654 * of routing information is 2 plus bits 0x1F00 of
655 * the 16-bit value at an offset of 14 (shifted right
656 * 8 - figure out which byte that is).
657 */
658 off_linktype = 14;
659 off_nl = 22;
660 return;
661
662 case DLT_IEEE802_11:
663 /*
664 * 802.11 doesn't really have a link-level type field.
665 * We set "off_linktype" to the offset of the LLC header.
666 *
667 * To check for Ethernet types, we assume that SSAP = SNAP
668 * is being used and pick out the encapsulated Ethernet type.
669 * XXX - should we generate code to check for SNAP?
670 *
671 * XXX - the header is actually variable-length. We
672 * assume a 24-byte link-layer header, as appears in
673 * data frames in networks with no bridges.
674 */
675 off_linktype = 24;
676 off_nl = 30;
677 return;
678
679 case DLT_PRISM_HEADER:
680 /*
681 * Same as 802.11, but with an additional header before
682 * the 802.11 header, containing a bunch of additional
683 * information including radio-level information.
684 *
685 * The header is 144 bytes long.
686 *
687 * XXX - same variable-length header problem; at least
688 * the Prism header is fixed-length.
689 */
690 off_linktype = 144+24;
691 off_nl = 144+30;
692 return;
693
694 case DLT_ATM_RFC1483:
695 /*
696 * assume routed, non-ISO PDUs
697 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00)
698 */
699 off_linktype = 6;
700 off_nl = 8;
701 return;
702
703 case DLT_RAW:
704 off_linktype = -1;
705 off_nl = 0;
706 return;
707
708 case DLT_ATM_CLIP: /* Linux ATM defines this */
709 off_linktype = 6;
710 off_nl = 8;
711 return;
712
713 case DLT_LINUX_SLL: /* fake header for Linux cooked socket */
714 off_linktype = 14;
715 off_nl = 16;
716 return;
717
718 case DLT_LTALK:
719 /*
720 * LocalTalk does have a 1-byte type field in the LLAP header,
721 * but really it just indicates whether there is a "short" or
722 * "long" DDP packet following.
723 */
724 off_linktype = -1;
725 off_nl = 0;
726 return;
727 }
728 bpf_error("unknown data link type %d", linktype);
729 /* NOTREACHED */
730 }
731
732 static struct block *
733 gen_uncond(rsense)
734 int rsense;
735 {
736 struct block *b;
737 struct slist *s;
738
739 s = new_stmt(BPF_LD|BPF_IMM);
740 s->s.k = !rsense;
741 b = new_block(JMP(BPF_JEQ));
742 b->stmts = s;
743
744 return b;
745 }
746
747 static inline struct block *
748 gen_true()
749 {
750 return gen_uncond(1);
751 }
752
753 static inline struct block *
754 gen_false()
755 {
756 return gen_uncond(0);
757 }
758
759 /*
760 * Byte-swap a 32-bit number.
761 * ("htonl()" or "ntohl()" won't work - we want to byte-swap even on
762 * big-endian platforms.)
763 */
764 #define SWAPLONG(y) \
765 ((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff))
766
767 static struct block *
768 gen_linktype(proto)
769 register int proto;
770 {
771 struct block *b0, *b1;
772
773 switch (linktype) {
774
775 case DLT_EN10MB:
776 switch (proto) {
777
778 case LLCSAP_ISONS:
779 /*
780 * OSI protocols always use 802.2 encapsulation.
781 * XXX - should we check both the DSAP and the
782 * SSAP, like this, or should we check just the
783 * DSAP?
784 */
785 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
786 gen_not(b0);
787 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
788 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
789 gen_and(b0, b1);
790 return b1;
791
792 case LLCSAP_NETBEUI:
793 /*
794 * NetBEUI always uses 802.2 encapsulation.
795 * XXX - should we check both the DSAP and the
796 * SSAP, like this, or should we check just the
797 * DSAP?
798 */
799 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
800 gen_not(b0);
801 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
802 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
803 gen_and(b0, b1);
804 return b1;
805
806 case LLCSAP_IPX:
807 /*
808 * Check for;
809 *
810 * Ethernet_II frames, which are Ethernet
811 * frames with a frame type of ETHERTYPE_IPX;
812 *
813 * Ethernet_802.3 frames, which are 802.3
814 * frames (i.e., the type/length field is
815 * a length field, <= ETHERMTU, rather than
816 * a type field) with the first two bytes
817 * after the Ethernet/802.3 header being
818 * 0xFFFF;
819 *
820 * Ethernet_802.2 frames, which are 802.3
821 * frames with an 802.2 LLC header and
822 * with the IPX LSAP as the DSAP in the LLC
823 * header;
824 *
825 * Ethernet_SNAP frames, which are 802.3
826 * frames with an LLC header and a SNAP
827 * header and with an OUI of 0x000000
828 * (encapsulated Ethernet) and a protocol
829 * ID of ETHERTYPE_IPX in the SNAP header.
830 *
831 * XXX - should we generate the same code both
832 * for tests for LLCSAP_IPX and for ETHERTYPE_IPX?
833 */
834
835 /*
836 * This generates code to check both for the
837 * IPX LSAP (Ethernet_802.2) and for Ethernet_802.3.
838 */
839 b0 = gen_cmp(off_linktype + 2, BPF_B,
840 (bpf_int32)LLCSAP_IPX);
841 b1 = gen_cmp(off_linktype + 2, BPF_H,
842 (bpf_int32)0xFFFF);
843 gen_or(b0, b1);
844
845 /*
846 * Now we add code to check for SNAP frames with
847 * ETHERTYPE_IPX, i.e. Ethernet_SNAP.
848 */
849 b0 = gen_snap(0x000000, ETHERTYPE_IPX, 14);
850 gen_or(b0, b1);
851
852 /*
853 * Now we generate code to check for 802.3
854 * frames in general.
855 */
856 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
857 gen_not(b0);
858
859 /*
860 * Now add the check for 802.3 frames before the
861 * check for Ethernet_802.2 and Ethernet_802.3,
862 * as those checks should only be done on 802.3
863 * frames, not on Ethernet frames.
864 */
865 gen_and(b0, b1);
866
867 /*
868 * Now add the check for Ethernet_II frames, and
869 * do that before checking for the other frame
870 * types.
871 */
872 b0 = gen_cmp(off_linktype, BPF_H,
873 (bpf_int32)ETHERTYPE_IPX);
874 gen_or(b0, b1);
875 return b1;
876
877 case ETHERTYPE_ATALK:
878 case ETHERTYPE_AARP:
879 /*
880 * EtherTalk (AppleTalk protocols on Ethernet link
881 * layer) may use 802.2 encapsulation.
882 */
883
884 /*
885 * Check for 802.2 encapsulation (EtherTalk phase 2?);
886 * we check for an Ethernet type field less than
887 * 1500, which means it's an 802.3 length field.
888 */
889 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
890 gen_not(b0);
891
892 /*
893 * 802.2-encapsulated ETHERTYPE_ATALK packets are
894 * SNAP packets with an organization code of
895 * 0x080007 (Apple, for Appletalk) and a protocol
896 * type of ETHERTYPE_ATALK (Appletalk).
897 *
898 * 802.2-encapsulated ETHERTYPE_AARP packets are
899 * SNAP packets with an organization code of
900 * 0x000000 (encapsulated Ethernet) and a protocol
901 * type of ETHERTYPE_AARP (Appletalk ARP).
902 */
903 if (proto == ETHERTYPE_ATALK)
904 b1 = gen_snap(0x080007, ETHERTYPE_ATALK, 14);
905 else /* proto == ETHERTYPE_AARP */
906 b1 = gen_snap(0x000000, ETHERTYPE_AARP, 14);
907 gen_and(b0, b1);
908
909 /*
910 * Check for Ethernet encapsulation (Ethertalk
911 * phase 1?); we just check for the Ethernet
912 * protocol type.
913 */
914 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
915
916 gen_or(b0, b1);
917 return b1;
918
919 default:
920 if (proto <= ETHERMTU) {
921 /*
922 * This is an LLC SAP value, so the frames
923 * that match would be 802.2 frames.
924 * Check that the frame is an 802.2 frame
925 * (i.e., that the length/type field is
926 * a length field, <= ETHERMTU) and
927 * then check the DSAP.
928 */
929 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
930 gen_not(b0);
931 b1 = gen_cmp(off_linktype + 2, BPF_B,
932 (bpf_int32)proto);
933 gen_and(b0, b1);
934 return b1;
935 } else {
936 /*
937 * This is an Ethernet type, so compare
938 * the length/type field with it (if
939 * the frame is an 802.2 frame, the length
940 * field will be <= ETHERMTU, and, as
941 * "proto" is > ETHERMTU, this test
942 * will fail and the frame won't match,
943 * which is what we want).
944 */
945 return gen_cmp(off_linktype, BPF_H,
946 (bpf_int32)proto);
947 }
948 }
949 break;
950
951 case DLT_IEEE802_11:
952 case DLT_PRISM_HEADER:
953 case DLT_FDDI:
954 case DLT_IEEE802:
955 case DLT_ATM_RFC1483:
956 case DLT_ATM_CLIP:
957 /*
958 * XXX - handle token-ring variable-length header.
959 */
960 switch (proto) {
961
962 case LLCSAP_ISONS:
963 return gen_cmp(off_linktype, BPF_H, (long)
964 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
965
966 case LLCSAP_NETBEUI:
967 return gen_cmp(off_linktype, BPF_H, (long)
968 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
969
970 case LLCSAP_IPX:
971 /*
972 * XXX - are there ever SNAP frames for IPX on
973 * non-Ethernet 802.x networks?
974 */
975 return gen_cmp(off_linktype, BPF_B,
976 (bpf_int32)LLCSAP_IPX);
977
978 case ETHERTYPE_ATALK:
979 /*
980 * 802.2-encapsulated ETHERTYPE_ATALK packets are
981 * SNAP packets with an organization code of
982 * 0x080007 (Apple, for Appletalk) and a protocol
983 * type of ETHERTYPE_ATALK (Appletalk).
984 *
985 * XXX - check for an organization code of
986 * encapsulated Ethernet as well?
987 */
988 return gen_snap(0x080007, ETHERTYPE_ATALK,
989 off_linktype);
990 break;
991
992 default:
993 /*
994 * XXX - we don't have to check for IPX 802.3
995 * here, but should we check for the IPX Ethertype?
996 */
997 if (proto <= ETHERMTU) {
998 /*
999 * This is an LLC SAP value, so check
1000 * the DSAP.
1001 */
1002 return gen_cmp(off_linktype, BPF_B,
1003 (bpf_int32)proto);
1004 } else {
1005 /*
1006 * This is an Ethernet type; we assume
1007 * that it's unlikely that it'll
1008 * appear in the right place at random,
1009 * and therefore check only the
1010 * location that would hold the Ethernet
1011 * type in a SNAP frame with an organization
1012 * code of 0x000000 (encapsulated Ethernet).
1013 *
1014 * XXX - if we were to check for the SNAP DSAP
1015 * and LSAP, as per XXX, and were also to check
1016 * for an organization code of 0x000000
1017 * (encapsulated Ethernet), we'd do
1018 *
1019 * return gen_snap(0x000000, proto,
1020 * off_linktype);
1021 *
1022 * here; for now, we don't, as per the above.
1023 * I don't know whether it's worth the
1024 * extra CPU time to do the right check
1025 * or not.
1026 */
1027 return gen_cmp(off_linktype+6, BPF_H,
1028 (bpf_int32)proto);
1029 }
1030 }
1031 break;
1032
1033 case DLT_LINUX_SLL:
1034 switch (proto) {
1035
1036 case LLCSAP_ISONS:
1037 /*
1038 * OSI protocols always use 802.2 encapsulation.
1039 * XXX - should we check both the DSAP and the
1040 * LSAP, like this, or should we check just the
1041 * DSAP?
1042 */
1043 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1044 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1045 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
1046 gen_and(b0, b1);
1047 return b1;
1048
1049 case LLCSAP_NETBEUI:
1050 /*
1051 * NetBEUI always uses 802.2 encapsulation.
1052 * XXX - should we check both the DSAP and the
1053 * LSAP, like this, or should we check just the
1054 * DSAP?
1055 */
1056 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1057 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1058 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
1059 gen_and(b0, b1);
1060 return b1;
1061
1062 case LLCSAP_IPX:
1063 /*
1064 * Ethernet_II frames, which are Ethernet
1065 * frames with a frame type of ETHERTYPE_IPX;
1066 *
1067 * Ethernet_802.3 frames, which have a frame
1068 * type of LINUX_SLL_P_802_3;
1069 *
1070 * Ethernet_802.2 frames, which are 802.3
1071 * frames with an 802.2 LLC header (i.e, have
1072 * a frame type of LINUX_SLL_P_802_2) and
1073 * with the IPX LSAP as the DSAP in the LLC
1074 * header;
1075 *
1076 * Ethernet_SNAP frames, which are 802.3
1077 * frames with an LLC header and a SNAP
1078 * header and with an OUI of 0x000000
1079 * (encapsulated Ethernet) and a protocol
1080 * ID of ETHERTYPE_IPX in the SNAP header.
1081 *
1082 * First, do the checks on LINUX_SLL_P_802_2
1083 * frames; generate the check for either
1084 * Ethernet_802.2 or Ethernet_SNAP frames, and
1085 * then put a check for LINUX_SLL_P_802_2 frames
1086 * before it.
1087 */
1088 b0 = gen_cmp(off_linktype + 2, BPF_B,
1089 (bpf_int32)LLCSAP_IPX);
1090 b1 = gen_snap(0x000000, ETHERTYPE_IPX,
1091 off_linktype + 2);
1092 gen_or(b0, b1);
1093 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1094 gen_and(b0, b1);
1095
1096 /*
1097 * Now check for 802.3 frames and OR that with
1098 * the previous test.
1099 */
1100 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_3);
1101 gen_or(b0, b1);
1102
1103 /*
1104 * Now add the check for Ethernet_II frames, and
1105 * do that before checking for the other frame
1106 * types.
1107 */
1108 b0 = gen_cmp(off_linktype, BPF_H,
1109 (bpf_int32)ETHERTYPE_IPX);
1110 gen_or(b0, b1);
1111 return b1;
1112
1113 case ETHERTYPE_ATALK:
1114 case ETHERTYPE_AARP:
1115 /*
1116 * EtherTalk (AppleTalk protocols on Ethernet link
1117 * layer) may use 802.2 encapsulation.
1118 */
1119
1120 /*
1121 * Check for 802.2 encapsulation (EtherTalk phase 2?);
1122 * we check for the 802.2 protocol type in the
1123 * "Ethernet type" field.
1124 */
1125 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1126
1127 /*
1128 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1129 * SNAP packets with an organization code of
1130 * 0x080007 (Apple, for Appletalk) and a protocol
1131 * type of ETHERTYPE_ATALK (Appletalk).
1132 *
1133 * 802.2-encapsulated ETHERTYPE_AARP packets are
1134 * SNAP packets with an organization code of
1135 * 0x000000 (encapsulated Ethernet) and a protocol
1136 * type of ETHERTYPE_AARP (Appletalk ARP).
1137 */
1138 if (proto == ETHERTYPE_ATALK)
1139 b1 = gen_snap(0x080007, ETHERTYPE_ATALK,
1140 off_linktype + 2);
1141 else /* proto == ETHERTYPE_AARP */
1142 b1 = gen_snap(0x000000, ETHERTYPE_AARP,
1143 off_linktype + 2);
1144 gen_and(b0, b1);
1145
1146 /*
1147 * Check for Ethernet encapsulation (Ethertalk
1148 * phase 1?); we just check for the Ethernet
1149 * protocol type.
1150 */
1151 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1152
1153 gen_or(b0, b1);
1154 return b1;
1155
1156 default:
1157 if (proto <= ETHERMTU) {
1158 /*
1159 * This is an LLC SAP value, so the frames
1160 * that match would be 802.2 frames.
1161 * Check for the 802.2 protocol type
1162 * in the "Ethernet type" field, and
1163 * then check the DSAP.
1164 */
1165 b0 = gen_cmp(off_linktype, BPF_H,
1166 LINUX_SLL_P_802_2);
1167 b1 = gen_cmp(off_linktype + 2, BPF_B,
1168 (bpf_int32)proto);
1169 gen_and(b0, b1);
1170 return b1;
1171 } else {
1172 /*
1173 * This is an Ethernet type, so compare
1174 * the length/type field with it (if
1175 * the frame is an 802.2 frame, the length
1176 * field will be <= ETHERMTU, and, as
1177 * "proto" is > ETHERMTU, this test
1178 * will fail and the frame won't match,
1179 * which is what we want).
1180 */
1181 return gen_cmp(off_linktype, BPF_H,
1182 (bpf_int32)proto);
1183 }
1184 }
1185 break;
1186
1187 case DLT_SLIP:
1188 case DLT_SLIP_BSDOS:
1189 case DLT_RAW:
1190 /*
1191 * These types don't provide any type field; packets
1192 * are always IP.
1193 *
1194 * XXX - for IPv4, check for a version number of 4, and,
1195 * for IPv6, check for a version number of 6?
1196 */
1197 switch (proto) {
1198
1199 case ETHERTYPE_IP:
1200 #ifdef INET6
1201 case ETHERTYPE_IPV6:
1202 #endif
1203 return gen_true(); /* always true */
1204
1205 default:
1206 return gen_false(); /* always false */
1207 }
1208 break;
1209
1210 case DLT_PPP:
1211 case DLT_PPP_SERIAL:
1212 case DLT_PPP_ETHER:
1213 /*
1214 * We use Ethernet protocol types inside libpcap;
1215 * map them to the corresponding PPP protocol types.
1216 */
1217 switch (proto) {
1218
1219 case ETHERTYPE_IP:
1220 proto = PPP_IP; /* XXX was 0x21 */
1221 break;
1222
1223 #ifdef INET6
1224 case ETHERTYPE_IPV6:
1225 proto = PPP_IPV6;
1226 break;
1227 #endif
1228
1229 case ETHERTYPE_DN:
1230 proto = PPP_DECNET;
1231 break;
1232
1233 case ETHERTYPE_ATALK:
1234 proto = PPP_APPLE;
1235 break;
1236
1237 case ETHERTYPE_NS:
1238 proto = PPP_NS;
1239 break;
1240
1241 case LLCSAP_ISONS:
1242 proto = PPP_OSI;
1243 break;
1244
1245 case LLCSAP_8021D:
1246 /*
1247 * I'm assuming the "Bridging PDU"s that go
1248 * over PPP are Spanning Tree Protocol
1249 * Bridging PDUs.
1250 */
1251 proto = PPP_BRPDU;
1252 break;
1253
1254 case LLCSAP_IPX:
1255 proto = PPP_IPX;
1256 break;
1257 }
1258 break;
1259
1260 case DLT_PPP_BSDOS:
1261 /*
1262 * We use Ethernet protocol types inside libpcap;
1263 * map them to the corresponding PPP protocol types.
1264 */
1265 switch (proto) {
1266
1267 case ETHERTYPE_IP:
1268 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP);
1269 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC);
1270 gen_or(b0, b1);
1271 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC);
1272 gen_or(b1, b0);
1273 return b0;
1274
1275 #ifdef INET6
1276 case ETHERTYPE_IPV6:
1277 proto = PPP_IPV6;
1278 /* more to go? */
1279 break;
1280 #endif
1281
1282 case ETHERTYPE_DN:
1283 proto = PPP_DECNET;
1284 break;
1285
1286 case ETHERTYPE_ATALK:
1287 proto = PPP_APPLE;
1288 break;
1289
1290 case ETHERTYPE_NS:
1291 proto = PPP_NS;
1292 break;
1293
1294 case LLCSAP_ISONS:
1295 proto = PPP_OSI;
1296 break;
1297
1298 case LLCSAP_8021D:
1299 /*
1300 * I'm assuming the "Bridging PDU"s that go
1301 * over PPP are Spanning Tree Protocol
1302 * Bridging PDUs.
1303 */
1304 proto = PPP_BRPDU;
1305 break;
1306
1307 case LLCSAP_IPX:
1308 proto = PPP_IPX;
1309 break;
1310 }
1311 break;
1312
1313 case DLT_NULL:
1314 case DLT_LOOP:
1315 /*
1316 * For DLT_NULL, the link-layer header is a 32-bit
1317 * word containing an AF_ value in *host* byte order.
1318 *
1319 * In addition, if we're reading a saved capture file,
1320 * the host byte order in the capture may not be the
1321 * same as the host byte order on this machine.
1322 *
1323 * For DLT_LOOP, the link-layer header is a 32-bit
1324 * word containing an AF_ value in *network* byte order.
1325 *
1326 * XXX - AF_ values may, unfortunately, be platform-
1327 * dependent; for example, FreeBSD's AF_INET6 is 24
1328 * whilst NetBSD's and OpenBSD's is 26.
1329 *
1330 * This means that, when reading a capture file, just
1331 * checking for our AF_INET6 value won't work if the
1332 * capture file came from another OS.
1333 */
1334 switch (proto) {
1335
1336 case ETHERTYPE_IP:
1337 proto = AF_INET;
1338 break;
1339
1340 #ifdef INET6
1341 case ETHERTYPE_IPV6:
1342 proto = AF_INET6;
1343 break;
1344 #endif
1345
1346 default:
1347 /*
1348 * Not a type on which we support filtering.
1349 * XXX - support those that have AF_ values
1350 * #defined on this platform, at least?
1351 */
1352 return gen_false();
1353 }
1354
1355 if (linktype == DLT_NULL) {
1356 /*
1357 * The AF_ value is in host byte order, but
1358 * the BPF interpreter will convert it to
1359 * network byte order.
1360 *
1361 * If this is a save file, and it's from a
1362 * machine with the opposite byte order to
1363 * ours, we byte-swap the AF_ value.
1364 *
1365 * Then we run it through "htonl()", and
1366 * generate code to compare against the result.
1367 */
1368 if (bpf_pcap->sf.rfile != NULL &&
1369 bpf_pcap->sf.swapped)
1370 proto = SWAPLONG(proto);
1371 proto = htonl(proto);
1372 }
1373 return (gen_cmp(0, BPF_W, (bpf_int32)proto));
1374
1375 case DLT_ARCNET:
1376 /*
1377 * XXX should we check for first fragment if the protocol
1378 * uses PHDS?
1379 */
1380 switch(proto) {
1381 default:
1382 return gen_false();
1383 #ifdef INET6
1384 case ETHERTYPE_IPV6:
1385 return(gen_cmp(2, BPF_B,
1386 (bpf_int32)htonl(ARCTYPE_INET6)));
1387 #endif /* INET6 */
1388 case ETHERTYPE_IP:
1389 b0 = gen_cmp(2, BPF_B, (bpf_int32)htonl(ARCTYPE_IP));
1390 b1 = gen_cmp(2, BPF_B,
1391 (bpf_int32)htonl(ARCTYPE_IP_OLD));
1392 gen_or(b0, b1);
1393 return(b1);
1394 case ETHERTYPE_ARP:
1395 b0 = gen_cmp(2, BPF_B, (bpf_int32)htonl(ARCTYPE_ARP));
1396 b1 = gen_cmp(2, BPF_B,
1397 (bpf_int32)htonl(ARCTYPE_ARP_OLD));
1398 gen_or(b0, b1);
1399 return(b1);
1400 case ETHERTYPE_REVARP:
1401 return(gen_cmp(2, BPF_B,
1402 (bpf_int32)htonl(ARCTYPE_REVARP)));
1403 case ETHERTYPE_ATALK:
1404 return(gen_cmp(2, BPF_B,
1405 (bpf_int32)htonl(ARCTYPE_ATALK)));
1406 }
1407 break;
1408
1409 case DLT_LTALK:
1410 switch (proto) {
1411 case ETHERTYPE_ATALK:
1412 return gen_true();
1413 default:
1414 return gen_false();
1415 }
1416 break;
1417 }
1418
1419 /*
1420 * All the types that have no encapsulation should either be
1421 * handled as DLT_SLIP, DLT_SLIP_BSDOS, and DLT_RAW are, if
1422 * all packets are IP packets, or should be handled in some
1423 * special case, if none of them are (if some are and some
1424 * aren't, the lack of encapsulation is a problem, as we'd
1425 * have to find some other way of determining the packet type).
1426 *
1427 * Therefore, if "off_linktype" is -1, there's an error.
1428 */
1429 if (off_linktype == -1)
1430 abort();
1431
1432 /*
1433 * Any type not handled above should always have an Ethernet
1434 * type at an offset of "off_linktype". (PPP is partially
1435 * handled above - the protocol type is mapped from the
1436 * Ethernet and LLC types we use internally to the corresponding
1437 * PPP type - but the PPP type is always specified by a value
1438 * at "off_linktype", so we don't have to do the code generation
1439 * above.)
1440 */
1441 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1442 }
1443
1444 /*
1445 * Check for an LLC SNAP packet with a given organization code and
1446 * protocol type; we check the entire contents of the 802.2 LLC and
1447 * snap headers, checking for DSAP and SSAP of SNAP and a control
1448 * field of 0x03 in the LLC header, and for the specified organization
1449 * code and protocol type in the SNAP header.
1450 */
1451 static struct block *
1452 gen_snap(orgcode, ptype, offset)
1453 bpf_u_int32 orgcode;
1454 bpf_u_int32 ptype;
1455 u_int offset;
1456 {
1457 u_char snapblock[8];
1458
1459 snapblock[0] = LLCSAP_SNAP; /* DSAP = SNAP */
1460 snapblock[1] = LLCSAP_SNAP; /* SSAP = SNAP */
1461 snapblock[2] = 0x03; /* control = UI */
1462 snapblock[3] = (orgcode >> 16); /* upper 8 bits of organization code */
1463 snapblock[4] = (orgcode >> 8); /* middle 8 bits of organization code */
1464 snapblock[5] = (orgcode >> 0); /* lower 8 bits of organization code */
1465 snapblock[6] = (ptype >> 8); /* upper 8 bits of protocol type */
1466 snapblock[7] = (ptype >> 0); /* lower 8 bits of protocol type */
1467 return gen_bcmp(offset, 8, snapblock);
1468 }
1469
1470 static struct block *
1471 gen_hostop(addr, mask, dir, proto, src_off, dst_off)
1472 bpf_u_int32 addr;
1473 bpf_u_int32 mask;
1474 int dir, proto;
1475 u_int src_off, dst_off;
1476 {
1477 struct block *b0, *b1;
1478 u_int offset;
1479
1480 switch (dir) {
1481
1482 case Q_SRC:
1483 offset = src_off;
1484 break;
1485
1486 case Q_DST:
1487 offset = dst_off;
1488 break;
1489
1490 case Q_AND:
1491 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
1492 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
1493 gen_and(b0, b1);
1494 return b1;
1495
1496 case Q_OR:
1497 case Q_DEFAULT:
1498 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
1499 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
1500 gen_or(b0, b1);
1501 return b1;
1502
1503 default:
1504 abort();
1505 }
1506 b0 = gen_linktype(proto);
1507 b1 = gen_mcmp(offset, BPF_W, (bpf_int32)addr, mask);
1508 gen_and(b0, b1);
1509 return b1;
1510 }
1511
1512 #ifdef INET6
1513 static struct block *
1514 gen_hostop6(addr, mask, dir, proto, src_off, dst_off)
1515 struct in6_addr *addr;
1516 struct in6_addr *mask;
1517 int dir, proto;
1518 u_int src_off, dst_off;
1519 {
1520 struct block *b0, *b1;
1521 u_int offset;
1522 u_int32_t *a, *m;
1523
1524 switch (dir) {
1525
1526 case Q_SRC:
1527 offset = src_off;
1528 break;
1529
1530 case Q_DST:
1531 offset = dst_off;
1532 break;
1533
1534 case Q_AND:
1535 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
1536 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
1537 gen_and(b0, b1);
1538 return b1;
1539
1540 case Q_OR:
1541 case Q_DEFAULT:
1542 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
1543 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
1544 gen_or(b0, b1);
1545 return b1;
1546
1547 default:
1548 abort();
1549 }
1550 /* this order is important */
1551 a = (u_int32_t *)addr;
1552 m = (u_int32_t *)mask;
1553 b1 = gen_mcmp(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3]));
1554 b0 = gen_mcmp(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2]));
1555 gen_and(b0, b1);
1556 b0 = gen_mcmp(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1]));
1557 gen_and(b0, b1);
1558 b0 = gen_mcmp(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0]));
1559 gen_and(b0, b1);
1560 b0 = gen_linktype(proto);
1561 gen_and(b0, b1);
1562 return b1;
1563 }
1564 #endif /*INET6*/
1565
1566 static struct block *
1567 gen_ehostop(eaddr, dir)
1568 register const u_char *eaddr;
1569 register int dir;
1570 {
1571 register struct block *b0, *b1;
1572
1573 switch (dir) {
1574 case Q_SRC:
1575 return gen_bcmp(6, 6, eaddr);
1576
1577 case Q_DST:
1578 return gen_bcmp(0, 6, eaddr);
1579
1580 case Q_AND:
1581 b0 = gen_ehostop(eaddr, Q_SRC);
1582 b1 = gen_ehostop(eaddr, Q_DST);
1583 gen_and(b0, b1);
1584 return b1;
1585
1586 case Q_DEFAULT:
1587 case Q_OR:
1588 b0 = gen_ehostop(eaddr, Q_SRC);
1589 b1 = gen_ehostop(eaddr, Q_DST);
1590 gen_or(b0, b1);
1591 return b1;
1592 }
1593 abort();
1594 /* NOTREACHED */
1595 }
1596
1597 /*
1598 * Like gen_ehostop, but for DLT_FDDI
1599 */
1600 static struct block *
1601 gen_fhostop(eaddr, dir)
1602 register const u_char *eaddr;
1603 register int dir;
1604 {
1605 struct block *b0, *b1;
1606
1607 switch (dir) {
1608 case Q_SRC:
1609 #ifdef PCAP_FDDIPAD
1610 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr);
1611 #else
1612 return gen_bcmp(6 + 1, 6, eaddr);
1613 #endif
1614
1615 case Q_DST:
1616 #ifdef PCAP_FDDIPAD
1617 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr);
1618 #else
1619 return gen_bcmp(0 + 1, 6, eaddr);
1620 #endif
1621
1622 case Q_AND:
1623 b0 = gen_fhostop(eaddr, Q_SRC);
1624 b1 = gen_fhostop(eaddr, Q_DST);
1625 gen_and(b0, b1);
1626 return b1;
1627
1628 case Q_DEFAULT:
1629 case Q_OR:
1630 b0 = gen_fhostop(eaddr, Q_SRC);
1631 b1 = gen_fhostop(eaddr, Q_DST);
1632 gen_or(b0, b1);
1633 return b1;
1634 }
1635 abort();
1636 /* NOTREACHED */
1637 }
1638
1639 /*
1640 * Like gen_ehostop, but for DLT_IEEE802 (Token Ring)
1641 */
1642 static struct block *
1643 gen_thostop(eaddr, dir)
1644 register const u_char *eaddr;
1645 register int dir;
1646 {
1647 register struct block *b0, *b1;
1648
1649 switch (dir) {
1650 case Q_SRC:
1651 return gen_bcmp(8, 6, eaddr);
1652
1653 case Q_DST:
1654 return gen_bcmp(2, 6, eaddr);
1655
1656 case Q_AND:
1657 b0 = gen_thostop(eaddr, Q_SRC);
1658 b1 = gen_thostop(eaddr, Q_DST);
1659 gen_and(b0, b1);
1660 return b1;
1661
1662 case Q_DEFAULT:
1663 case Q_OR:
1664 b0 = gen_thostop(eaddr, Q_SRC);
1665 b1 = gen_thostop(eaddr, Q_DST);
1666 gen_or(b0, b1);
1667 return b1;
1668 }
1669 abort();
1670 /* NOTREACHED */
1671 }
1672
1673 /*
1674 * This is quite tricky because there may be pad bytes in front of the
1675 * DECNET header, and then there are two possible data packet formats that
1676 * carry both src and dst addresses, plus 5 packet types in a format that
1677 * carries only the src node, plus 2 types that use a different format and
1678 * also carry just the src node.
1679 *
1680 * Yuck.
1681 *
1682 * Instead of doing those all right, we just look for data packets with
1683 * 0 or 1 bytes of padding. If you want to look at other packets, that
1684 * will require a lot more hacking.
1685 *
1686 * To add support for filtering on DECNET "areas" (network numbers)
1687 * one would want to add a "mask" argument to this routine. That would
1688 * make the filter even more inefficient, although one could be clever
1689 * and not generate masking instructions if the mask is 0xFFFF.
1690 */
1691 static struct block *
1692 gen_dnhostop(addr, dir, base_off)
1693 bpf_u_int32 addr;
1694 int dir;
1695 u_int base_off;
1696 {
1697 struct block *b0, *b1, *b2, *tmp;
1698 u_int offset_lh; /* offset if long header is received */
1699 u_int offset_sh; /* offset if short header is received */
1700
1701 switch (dir) {
1702
1703 case Q_DST:
1704 offset_sh = 1; /* follows flags */
1705 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */
1706 break;
1707
1708 case Q_SRC:
1709 offset_sh = 3; /* follows flags, dstnode */
1710 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */
1711 break;
1712
1713 case Q_AND:
1714 /* Inefficient because we do our Calvinball dance twice */
1715 b0 = gen_dnhostop(addr, Q_SRC, base_off);
1716 b1 = gen_dnhostop(addr, Q_DST, base_off);
1717 gen_and(b0, b1);
1718 return b1;
1719
1720 case Q_OR:
1721 case Q_DEFAULT:
1722 /* Inefficient because we do our Calvinball dance twice */
1723 b0 = gen_dnhostop(addr, Q_SRC, base_off);
1724 b1 = gen_dnhostop(addr, Q_DST, base_off);
1725 gen_or(b0, b1);
1726 return b1;
1727
1728 case Q_ISO:
1729 bpf_error("ISO host filtering not implemented");
1730
1731 default:
1732 abort();
1733 }
1734 b0 = gen_linktype(ETHERTYPE_DN);
1735 /* Check for pad = 1, long header case */
1736 tmp = gen_mcmp(base_off + 2, BPF_H,
1737 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF));
1738 b1 = gen_cmp(base_off + 2 + 1 + offset_lh,
1739 BPF_H, (bpf_int32)ntohs(addr));
1740 gen_and(tmp, b1);
1741 /* Check for pad = 0, long header case */
1742 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7);
1743 b2 = gen_cmp(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr));
1744 gen_and(tmp, b2);
1745 gen_or(b2, b1);
1746 /* Check for pad = 1, short header case */
1747 tmp = gen_mcmp(base_off + 2, BPF_H,
1748 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF));
1749 b2 = gen_cmp(base_off + 2 + 1 + offset_sh,
1750 BPF_H, (bpf_int32)ntohs(addr));
1751 gen_and(tmp, b2);
1752 gen_or(b2, b1);
1753 /* Check for pad = 0, short header case */
1754 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7);
1755 b2 = gen_cmp(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr));
1756 gen_and(tmp, b2);
1757 gen_or(b2, b1);
1758
1759 /* Combine with test for linktype */
1760 gen_and(b0, b1);
1761 return b1;
1762 }
1763
1764 static struct block *
1765 gen_host(addr, mask, proto, dir)
1766 bpf_u_int32 addr;
1767 bpf_u_int32 mask;
1768 int proto;
1769 int dir;
1770 {
1771 struct block *b0, *b1;
1772
1773 switch (proto) {
1774
1775 case Q_DEFAULT:
1776 b0 = gen_host(addr, mask, Q_IP, dir);
1777 if (off_linktype != -1) {
1778 b1 = gen_host(addr, mask, Q_ARP, dir);
1779 gen_or(b0, b1);
1780 b0 = gen_host(addr, mask, Q_RARP, dir);
1781 gen_or(b1, b0);
1782 }
1783 return b0;
1784
1785 case Q_IP:
1786 return gen_hostop(addr, mask, dir, ETHERTYPE_IP,
1787 off_nl + 12, off_nl + 16);
1788
1789 case Q_RARP:
1790 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP,
1791 off_nl + 14, off_nl + 24);
1792
1793 case Q_ARP:
1794 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP,
1795 off_nl + 14, off_nl + 24);
1796
1797 case Q_TCP:
1798 bpf_error("'tcp' modifier applied to host");
1799
1800 case Q_SCTP:
1801 bpf_error("'sctp' modifier applied to host");
1802
1803 case Q_UDP:
1804 bpf_error("'udp' modifier applied to host");
1805
1806 case Q_ICMP:
1807 bpf_error("'icmp' modifier applied to host");
1808
1809 case Q_IGMP:
1810 bpf_error("'igmp' modifier applied to host");
1811
1812 case Q_IGRP:
1813 bpf_error("'igrp' modifier applied to host");
1814
1815 case Q_PIM:
1816 bpf_error("'pim' modifier applied to host");
1817
1818 case Q_VRRP:
1819 bpf_error("'vrrp' modifier applied to host");
1820
1821 case Q_ATALK:
1822 bpf_error("ATALK host filtering not implemented");
1823
1824 case Q_AARP:
1825 bpf_error("AARP host filtering not implemented");
1826
1827 case Q_DECNET:
1828 return gen_dnhostop(addr, dir, off_nl);
1829
1830 case Q_SCA:
1831 bpf_error("SCA host filtering not implemented");
1832
1833 case Q_LAT:
1834 bpf_error("LAT host filtering not implemented");
1835
1836 case Q_MOPDL:
1837 bpf_error("MOPDL host filtering not implemented");
1838
1839 case Q_MOPRC:
1840 bpf_error("MOPRC host filtering not implemented");
1841
1842 #ifdef INET6
1843 case Q_IPV6:
1844 bpf_error("'ip6' modifier applied to ip host");
1845
1846 case Q_ICMPV6:
1847 bpf_error("'icmp6' modifier applied to host");
1848 #endif /* INET6 */
1849
1850 case Q_AH:
1851 bpf_error("'ah' modifier applied to host");
1852
1853 case Q_ESP:
1854 bpf_error("'esp' modifier applied to host");
1855
1856 case Q_ISO:
1857 bpf_error("ISO host filtering not implemented");
1858
1859 case Q_ESIS:
1860 bpf_error("'esis' modifier applied to host");
1861
1862 case Q_ISIS:
1863 bpf_error("'isis' modifier applied to host");
1864
1865 case Q_CLNP:
1866 bpf_error("'clnp' modifier applied to host");
1867
1868 case Q_STP:
1869 bpf_error("'stp' modifier applied to host");
1870
1871 case Q_IPX:
1872 bpf_error("IPX host filtering not implemented");
1873
1874 case Q_NETBEUI:
1875 bpf_error("'netbeui' modifier applied to host");
1876
1877 default:
1878 abort();
1879 }
1880 /* NOTREACHED */
1881 }
1882
1883 #ifdef INET6
1884 static struct block *
1885 gen_host6(addr, mask, proto, dir)
1886 struct in6_addr *addr;
1887 struct in6_addr *mask;
1888 int proto;
1889 int dir;
1890 {
1891 switch (proto) {
1892
1893 case Q_DEFAULT:
1894 return gen_host6(addr, mask, Q_IPV6, dir);
1895
1896 case Q_IP:
1897 bpf_error("'ip' modifier applied to ip6 host");
1898
1899 case Q_RARP:
1900 bpf_error("'rarp' modifier applied to ip6 host");
1901
1902 case Q_ARP:
1903 bpf_error("'arp' modifier applied to ip6 host");
1904
1905 case Q_SCTP:
1906 bpf_error("'sctp' modifier applied to host");
1907
1908 case Q_TCP:
1909 bpf_error("'tcp' modifier applied to host");
1910
1911 case Q_UDP:
1912 bpf_error("'udp' modifier applied to host");
1913
1914 case Q_ICMP:
1915 bpf_error("'icmp' modifier applied to host");
1916
1917 case Q_IGMP:
1918 bpf_error("'igmp' modifier applied to host");
1919
1920 case Q_IGRP:
1921 bpf_error("'igrp' modifier applied to host");
1922
1923 case Q_PIM:
1924 bpf_error("'pim' modifier applied to host");
1925
1926 case Q_VRRP:
1927 bpf_error("'vrrp' modifier applied to host");
1928
1929 case Q_ATALK:
1930 bpf_error("ATALK host filtering not implemented");
1931
1932 case Q_AARP:
1933 bpf_error("AARP host filtering not implemented");
1934
1935 case Q_DECNET:
1936 bpf_error("'decnet' modifier applied to ip6 host");
1937
1938 case Q_SCA:
1939 bpf_error("SCA host filtering not implemented");
1940
1941 case Q_LAT:
1942 bpf_error("LAT host filtering not implemented");
1943
1944 case Q_MOPDL:
1945 bpf_error("MOPDL host filtering not implemented");
1946
1947 case Q_MOPRC:
1948 bpf_error("MOPRC host filtering not implemented");
1949
1950 case Q_IPV6:
1951 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6,
1952 off_nl + 8, off_nl + 24);
1953
1954 case Q_ICMPV6:
1955 bpf_error("'icmp6' modifier applied to host");
1956
1957 case Q_AH:
1958 bpf_error("'ah' modifier applied to host");
1959
1960 case Q_ESP:
1961 bpf_error("'esp' modifier applied to host");
1962
1963 case Q_ISO:
1964 bpf_error("ISO host filtering not implemented");
1965
1966 case Q_ESIS:
1967 bpf_error("'esis' modifier applied to host");
1968
1969 case Q_ISIS:
1970 bpf_error("'isis' modifier applied to host");
1971
1972 case Q_CLNP:
1973 bpf_error("'clnp' modifier applied to host");
1974
1975 case Q_STP:
1976 bpf_error("'stp' modifier applied to host");
1977
1978 case Q_IPX:
1979 bpf_error("IPX host filtering not implemented");
1980
1981 case Q_NETBEUI:
1982 bpf_error("'netbeui' modifier applied to host");
1983
1984 default:
1985 abort();
1986 }
1987 /* NOTREACHED */
1988 }
1989 #endif /*INET6*/
1990
1991 #ifndef INET6
1992 static struct block *
1993 gen_gateway(eaddr, alist, proto, dir)
1994 const u_char *eaddr;
1995 bpf_u_int32 **alist;
1996 int proto;
1997 int dir;
1998 {
1999 struct block *b0, *b1, *tmp;
2000
2001 if (dir != 0)
2002 bpf_error("direction applied to 'gateway'");
2003
2004 switch (proto) {
2005 case Q_DEFAULT:
2006 case Q_IP:
2007 case Q_ARP:
2008 case Q_RARP:
2009 if (linktype == DLT_EN10MB)
2010 b0 = gen_ehostop(eaddr, Q_OR);
2011 else if (linktype == DLT_FDDI)
2012 b0 = gen_fhostop(eaddr, Q_OR);
2013 else if (linktype == DLT_IEEE802)
2014 b0 = gen_thostop(eaddr, Q_OR);
2015 else
2016 bpf_error(
2017 "'gateway' supported only on ethernet, FDDI or token ring");
2018
2019 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR);
2020 while (*alist) {
2021 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR);
2022 gen_or(b1, tmp);
2023 b1 = tmp;
2024 }
2025 gen_not(b1);
2026 gen_and(b0, b1);
2027 return b1;
2028 }
2029 bpf_error("illegal modifier of 'gateway'");
2030 /* NOTREACHED */
2031 }
2032 #endif
2033
2034 struct block *
2035 gen_proto_abbrev(proto)
2036 int proto;
2037 {
2038 #ifdef INET6
2039 struct block *b0;
2040 #endif
2041 struct block *b1;
2042
2043 switch (proto) {
2044
2045 case Q_SCTP:
2046 b1 = gen_proto(IPPROTO_SCTP, Q_IP, Q_DEFAULT);
2047 #ifdef INET6
2048 b0 = gen_proto(IPPROTO_SCTP, Q_IPV6, Q_DEFAULT);
2049 gen_or(b0, b1);
2050 #endif
2051 break;
2052
2053 case Q_TCP:
2054 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT);
2055 #ifdef INET6
2056 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT);
2057 gen_or(b0, b1);
2058 #endif
2059 break;
2060
2061 case Q_UDP:
2062 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT);
2063 #ifdef INET6
2064 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT);
2065 gen_or(b0, b1);
2066 #endif
2067 break;
2068
2069 case Q_ICMP:
2070 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT);
2071 break;
2072
2073 #ifndef IPPROTO_IGMP
2074 #define IPPROTO_IGMP 2
2075 #endif
2076
2077 case Q_IGMP:
2078 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT);
2079 break;
2080
2081 #ifndef IPPROTO_IGRP
2082 #define IPPROTO_IGRP 9
2083 #endif
2084 case Q_IGRP:
2085 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT);
2086 break;
2087
2088 #ifndef IPPROTO_PIM
2089 #define IPPROTO_PIM 103
2090 #endif
2091
2092 case Q_PIM:
2093 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT);
2094 #ifdef INET6
2095 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT);
2096 gen_or(b0, b1);
2097 #endif
2098 break;
2099
2100 #ifndef IPPROTO_VRRP
2101 #define IPPROTO_VRRP 112
2102 #endif
2103
2104 case Q_VRRP:
2105 b1 = gen_proto(IPPROTO_VRRP, Q_IP, Q_DEFAULT);
2106 break;
2107
2108 case Q_IP:
2109 b1 = gen_linktype(ETHERTYPE_IP);
2110 break;
2111
2112 case Q_ARP:
2113 b1 = gen_linktype(ETHERTYPE_ARP);
2114 break;
2115
2116 case Q_RARP:
2117 b1 = gen_linktype(ETHERTYPE_REVARP);
2118 break;
2119
2120 case Q_LINK:
2121 bpf_error("link layer applied in wrong context");
2122
2123 case Q_ATALK:
2124 b1 = gen_linktype(ETHERTYPE_ATALK);
2125 break;
2126
2127 case Q_AARP:
2128 b1 = gen_linktype(ETHERTYPE_AARP);
2129 break;
2130
2131 case Q_DECNET:
2132 b1 = gen_linktype(ETHERTYPE_DN);
2133 break;
2134
2135 case Q_SCA:
2136 b1 = gen_linktype(ETHERTYPE_SCA);
2137 break;
2138
2139 case Q_LAT:
2140 b1 = gen_linktype(ETHERTYPE_LAT);
2141 break;
2142
2143 case Q_MOPDL:
2144 b1 = gen_linktype(ETHERTYPE_MOPDL);
2145 break;
2146
2147 case Q_MOPRC:
2148 b1 = gen_linktype(ETHERTYPE_MOPRC);
2149 break;
2150
2151 #ifdef INET6
2152 case Q_IPV6:
2153 b1 = gen_linktype(ETHERTYPE_IPV6);
2154 break;
2155
2156 #ifndef IPPROTO_ICMPV6
2157 #define IPPROTO_ICMPV6 58
2158 #endif
2159 case Q_ICMPV6:
2160 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT);
2161 break;
2162 #endif /* INET6 */
2163
2164 #ifndef IPPROTO_AH
2165 #define IPPROTO_AH 51
2166 #endif
2167 case Q_AH:
2168 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT);
2169 #ifdef INET6
2170 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT);
2171 gen_or(b0, b1);
2172 #endif
2173 break;
2174
2175 #ifndef IPPROTO_ESP
2176 #define IPPROTO_ESP 50
2177 #endif
2178 case Q_ESP:
2179 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT);
2180 #ifdef INET6
2181 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT);
2182 gen_or(b0, b1);
2183 #endif
2184 break;
2185
2186 case Q_ISO:
2187 b1 = gen_linktype(LLCSAP_ISONS);
2188 break;
2189
2190 case Q_ESIS:
2191 b1 = gen_proto(ISO9542_ESIS, Q_ISO, Q_DEFAULT);
2192 break;
2193
2194 case Q_ISIS:
2195 b1 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT);
2196 break;
2197
2198 case Q_CLNP:
2199 b1 = gen_proto(ISO8473_CLNP, Q_ISO, Q_DEFAULT);
2200 break;
2201
2202 case Q_STP:
2203 b1 = gen_linktype(LLCSAP_8021D);
2204 break;
2205
2206 case Q_IPX:
2207 b1 = gen_linktype(LLCSAP_IPX);
2208 break;
2209
2210 case Q_NETBEUI:
2211 b1 = gen_linktype(LLCSAP_NETBEUI);
2212 break;
2213
2214 default:
2215 abort();
2216 }
2217 return b1;
2218 }
2219
2220 static struct block *
2221 gen_ipfrag()
2222 {
2223 struct slist *s;
2224 struct block *b;
2225
2226 /* not ip frag */
2227 s = new_stmt(BPF_LD|BPF_H|BPF_ABS);
2228 s->s.k = off_nl + 6;
2229 b = new_block(JMP(BPF_JSET));
2230 b->s.k = 0x1fff;
2231 b->stmts = s;
2232 gen_not(b);
2233
2234 return b;
2235 }
2236
2237 static struct block *
2238 gen_portatom(off, v)
2239 int off;
2240 bpf_int32 v;
2241 {
2242 struct slist *s;
2243 struct block *b;
2244
2245 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
2246 s->s.k = off_nl;
2247
2248 s->next = new_stmt(BPF_LD|BPF_IND|BPF_H);
2249 s->next->s.k = off_nl + off;
2250
2251 b = new_block(JMP(BPF_JEQ));
2252 b->stmts = s;
2253 b->s.k = v;
2254
2255 return b;
2256 }
2257
2258 #ifdef INET6
2259 static struct block *
2260 gen_portatom6(off, v)
2261 int off;
2262 bpf_int32 v;
2263 {
2264 return gen_cmp(off_nl + 40 + off, BPF_H, v);
2265 }
2266 #endif/*INET6*/
2267
2268 struct block *
2269 gen_portop(port, proto, dir)
2270 int port, proto, dir;
2271 {
2272 struct block *b0, *b1, *tmp;
2273
2274 /* ip proto 'proto' */
2275 tmp = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)proto);
2276 b0 = gen_ipfrag();
2277 gen_and(tmp, b0);
2278
2279 switch (dir) {
2280 case Q_SRC:
2281 b1 = gen_portatom(0, (bpf_int32)port);
2282 break;
2283
2284 case Q_DST:
2285 b1 = gen_portatom(2, (bpf_int32)port);
2286 break;
2287
2288 case Q_OR:
2289 case Q_DEFAULT:
2290 tmp = gen_portatom(0, (bpf_int32)port);
2291 b1 = gen_portatom(2, (bpf_int32)port);
2292 gen_or(tmp, b1);
2293 break;
2294
2295 case Q_AND:
2296 tmp = gen_portatom(0, (bpf_int32)port);
2297 b1 = gen_portatom(2, (bpf_int32)port);
2298 gen_and(tmp, b1);
2299 break;
2300
2301 default:
2302 abort();
2303 }
2304 gen_and(b0, b1);
2305
2306 return b1;
2307 }
2308
2309 static struct block *
2310 gen_port(port, ip_proto, dir)
2311 int port;
2312 int ip_proto;
2313 int dir;
2314 {
2315 struct block *b0, *b1, *tmp;
2316
2317 /* ether proto ip */
2318 b0 = gen_linktype(ETHERTYPE_IP);
2319
2320 switch (ip_proto) {
2321 case IPPROTO_UDP:
2322 case IPPROTO_TCP:
2323 case IPPROTO_SCTP:
2324 b1 = gen_portop(port, ip_proto, dir);
2325 break;
2326
2327 case PROTO_UNDEF:
2328 tmp = gen_portop(port, IPPROTO_TCP, dir);
2329 b1 = gen_portop(port, IPPROTO_UDP, dir);
2330 gen_or(tmp, b1);
2331 tmp = gen_portop(port, IPPROTO_SCTP, dir);
2332 gen_or(tmp, b1);
2333 break;
2334
2335 default:
2336 abort();
2337 }
2338 gen_and(b0, b1);
2339 return b1;
2340 }
2341
2342 #ifdef INET6
2343 struct block *
2344 gen_portop6(port, proto, dir)
2345 int port, proto, dir;
2346 {
2347 struct block *b0, *b1, *tmp;
2348
2349 /* ip proto 'proto' */
2350 b0 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)proto);
2351
2352 switch (dir) {
2353 case Q_SRC:
2354 b1 = gen_portatom6(0, (bpf_int32)port);
2355 break;
2356
2357 case Q_DST:
2358 b1 = gen_portatom6(2, (bpf_int32)port);
2359 break;
2360
2361 case Q_OR:
2362 case Q_DEFAULT:
2363 tmp = gen_portatom6(0, (bpf_int32)port);
2364 b1 = gen_portatom6(2, (bpf_int32)port);
2365 gen_or(tmp, b1);
2366 break;
2367
2368 case Q_AND:
2369 tmp = gen_portatom6(0, (bpf_int32)port);
2370 b1 = gen_portatom6(2, (bpf_int32)port);
2371 gen_and(tmp, b1);
2372 break;
2373
2374 default:
2375 abort();
2376 }
2377 gen_and(b0, b1);
2378
2379 return b1;
2380 }
2381
2382 static struct block *
2383 gen_port6(port, ip_proto, dir)
2384 int port;
2385 int ip_proto;
2386 int dir;
2387 {
2388 struct block *b0, *b1, *tmp;
2389
2390 /* ether proto ip */
2391 b0 = gen_linktype(ETHERTYPE_IPV6);
2392
2393 switch (ip_proto) {
2394 case IPPROTO_UDP:
2395 case IPPROTO_TCP:
2396 case IPPROTO_SCTP:
2397 b1 = gen_portop6(port, ip_proto, dir);
2398 break;
2399
2400 case PROTO_UNDEF:
2401 tmp = gen_portop6(port, IPPROTO_TCP, dir);
2402 b1 = gen_portop6(port, IPPROTO_UDP, dir);
2403 gen_or(tmp, b1);
2404 tmp = gen_portop6(port, IPPROTO_SCTP, dir);
2405 gen_or(tmp, b1);
2406 break;
2407
2408 default:
2409 abort();
2410 }
2411 gen_and(b0, b1);
2412 return b1;
2413 }
2414 #endif /* INET6 */
2415
2416 static int
2417 lookup_proto(name, proto)
2418 register const char *name;
2419 register int proto;
2420 {
2421 register int v;
2422
2423 switch (proto) {
2424
2425 case Q_DEFAULT:
2426 case Q_IP:
2427 case Q_IPV6:
2428 v = pcap_nametoproto(name);
2429 if (v == PROTO_UNDEF)
2430 bpf_error("unknown ip proto '%s'", name);
2431 break;
2432
2433 case Q_LINK:
2434 /* XXX should look up h/w protocol type based on linktype */
2435 v = pcap_nametoeproto(name);
2436 if (v == PROTO_UNDEF)
2437 bpf_error("unknown ether proto '%s'", name);
2438 break;
2439
2440 case Q_ISO:
2441 if (strcmp(name, "esis") == 0)
2442 v = ISO9542_ESIS;
2443 else if (strcmp(name, "isis") == 0)
2444 v = ISO10589_ISIS;
2445 else if (strcmp(name, "clnp") == 0)
2446 v = ISO8473_CLNP;
2447 else
2448 bpf_error("unknown osi proto '%s'", name);
2449 break;
2450
2451 default:
2452 v = PROTO_UNDEF;
2453 break;
2454 }
2455 return v;
2456 }
2457
2458 #if 0
2459 struct stmt *
2460 gen_joinsp(s, n)
2461 struct stmt **s;
2462 int n;
2463 {
2464 return NULL;
2465 }
2466 #endif
2467
2468 static struct block *
2469 gen_protochain(v, proto, dir)
2470 int v;
2471 int proto;
2472 int dir;
2473 {
2474 #ifdef NO_PROTOCHAIN
2475 return gen_proto(v, proto, dir);
2476 #else
2477 struct block *b0, *b;
2478 struct slist *s[100];
2479 int fix2, fix3, fix4, fix5;
2480 int ahcheck, again, end;
2481 int i, max;
2482 int reg2 = alloc_reg();
2483
2484 memset(s, 0, sizeof(s));
2485 fix2 = fix3 = fix4 = fix5 = 0;
2486
2487 switch (proto) {
2488 case Q_IP:
2489 case Q_IPV6:
2490 break;
2491 case Q_DEFAULT:
2492 b0 = gen_protochain(v, Q_IP, dir);
2493 b = gen_protochain(v, Q_IPV6, dir);
2494 gen_or(b0, b);
2495 return b;
2496 default:
2497 bpf_error("bad protocol applied for 'protochain'");
2498 /*NOTREACHED*/
2499 }
2500
2501 no_optimize = 1; /*this code is not compatible with optimzer yet */
2502
2503 /*
2504 * s[0] is a dummy entry to protect other BPF insn from damaged
2505 * by s[fix] = foo with uninitialized variable "fix". It is somewhat
2506 * hard to find interdependency made by jump table fixup.
2507 */
2508 i = 0;
2509 s[i] = new_stmt(0); /*dummy*/
2510 i++;
2511
2512 switch (proto) {
2513 case Q_IP:
2514 b0 = gen_linktype(ETHERTYPE_IP);
2515
2516 /* A = ip->ip_p */
2517 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
2518 s[i]->s.k = off_nl + 9;
2519 i++;
2520 /* X = ip->ip_hl << 2 */
2521 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
2522 s[i]->s.k = off_nl;
2523 i++;
2524 break;
2525 #ifdef INET6
2526 case Q_IPV6:
2527 b0 = gen_linktype(ETHERTYPE_IPV6);
2528
2529 /* A = ip6->ip_nxt */
2530 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
2531 s[i]->s.k = off_nl + 6;
2532 i++;
2533 /* X = sizeof(struct ip6_hdr) */
2534 s[i] = new_stmt(BPF_LDX|BPF_IMM);
2535 s[i]->s.k = 40;
2536 i++;
2537 break;
2538 #endif
2539 default:
2540 bpf_error("unsupported proto to gen_protochain");
2541 /*NOTREACHED*/
2542 }
2543
2544 /* again: if (A == v) goto end; else fall through; */
2545 again = i;
2546 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2547 s[i]->s.k = v;
2548 s[i]->s.jt = NULL; /*later*/
2549 s[i]->s.jf = NULL; /*update in next stmt*/
2550 fix5 = i;
2551 i++;
2552
2553 #ifndef IPPROTO_NONE
2554 #define IPPROTO_NONE 59
2555 #endif
2556 /* if (A == IPPROTO_NONE) goto end */
2557 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2558 s[i]->s.jt = NULL; /*later*/
2559 s[i]->s.jf = NULL; /*update in next stmt*/
2560 s[i]->s.k = IPPROTO_NONE;
2561 s[fix5]->s.jf = s[i];
2562 fix2 = i;
2563 i++;
2564
2565 #ifdef INET6
2566 if (proto == Q_IPV6) {
2567 int v6start, v6end, v6advance, j;
2568
2569 v6start = i;
2570 /* if (A == IPPROTO_HOPOPTS) goto v6advance */
2571 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2572 s[i]->s.jt = NULL; /*later*/
2573 s[i]->s.jf = NULL; /*update in next stmt*/
2574 s[i]->s.k = IPPROTO_HOPOPTS;
2575 s[fix2]->s.jf = s[i];
2576 i++;
2577 /* if (A == IPPROTO_DSTOPTS) goto v6advance */
2578 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2579 s[i]->s.jt = NULL; /*later*/
2580 s[i]->s.jf = NULL; /*update in next stmt*/
2581 s[i]->s.k = IPPROTO_DSTOPTS;
2582 i++;
2583 /* if (A == IPPROTO_ROUTING) goto v6advance */
2584 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2585 s[i]->s.jt = NULL; /*later*/
2586 s[i]->s.jf = NULL; /*update in next stmt*/
2587 s[i]->s.k = IPPROTO_ROUTING;
2588 i++;
2589 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */
2590 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2591 s[i]->s.jt = NULL; /*later*/
2592 s[i]->s.jf = NULL; /*later*/
2593 s[i]->s.k = IPPROTO_FRAGMENT;
2594 fix3 = i;
2595 v6end = i;
2596 i++;
2597
2598 /* v6advance: */
2599 v6advance = i;
2600
2601 /*
2602 * in short,
2603 * A = P[X];
2604 * X = X + (P[X + 1] + 1) * 8;
2605 */
2606 /* A = X */
2607 s[i] = new_stmt(BPF_MISC|BPF_TXA);
2608 i++;
2609 /* A = P[X + packet head] */
2610 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2611 s[i]->s.k = off_nl;
2612 i++;
2613 /* MEM[reg2] = A */
2614 s[i] = new_stmt(BPF_ST);
2615 s[i]->s.k = reg2;
2616 i++;
2617 /* A = X */
2618 s[i] = new_stmt(BPF_MISC|BPF_TXA);
2619 i++;
2620 /* A += 1 */
2621 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2622 s[i]->s.k = 1;
2623 i++;
2624 /* X = A */
2625 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2626 i++;
2627 /* A = P[X + packet head]; */
2628 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2629 s[i]->s.k = off_nl;
2630 i++;
2631 /* A += 1 */
2632 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2633 s[i]->s.k = 1;
2634 i++;
2635 /* A *= 8 */
2636 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
2637 s[i]->s.k = 8;
2638 i++;
2639 /* X = A; */
2640 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2641 i++;
2642 /* A = MEM[reg2] */
2643 s[i] = new_stmt(BPF_LD|BPF_MEM);
2644 s[i]->s.k = reg2;
2645 i++;
2646
2647 /* goto again; (must use BPF_JA for backward jump) */
2648 s[i] = new_stmt(BPF_JMP|BPF_JA);
2649 s[i]->s.k = again - i - 1;
2650 s[i - 1]->s.jf = s[i];
2651 i++;
2652
2653 /* fixup */
2654 for (j = v6start; j <= v6end; j++)
2655 s[j]->s.jt = s[v6advance];
2656 } else
2657 #endif
2658 {
2659 /* nop */
2660 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2661 s[i]->s.k = 0;
2662 s[fix2]->s.jf = s[i];
2663 i++;
2664 }
2665
2666 /* ahcheck: */
2667 ahcheck = i;
2668 /* if (A == IPPROTO_AH) then fall through; else goto end; */
2669 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2670 s[i]->s.jt = NULL; /*later*/
2671 s[i]->s.jf = NULL; /*later*/
2672 s[i]->s.k = IPPROTO_AH;
2673 if (fix3)
2674 s[fix3]->s.jf = s[ahcheck];
2675 fix4 = i;
2676 i++;
2677
2678 /*
2679 * in short,
2680 * A = P[X];
2681 * X = X + (P[X + 1] + 2) * 4;
2682 */
2683 /* A = X */
2684 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
2685 i++;
2686 /* A = P[X + packet head]; */
2687 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2688 s[i]->s.k = off_nl;
2689 i++;
2690 /* MEM[reg2] = A */
2691 s[i] = new_stmt(BPF_ST);
2692 s[i]->s.k = reg2;
2693 i++;
2694 /* A = X */
2695 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
2696 i++;
2697 /* A += 1 */
2698 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2699 s[i]->s.k = 1;
2700 i++;
2701 /* X = A */
2702 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2703 i++;
2704 /* A = P[X + packet head] */
2705 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2706 s[i]->s.k = off_nl;
2707 i++;
2708 /* A += 2 */
2709 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2710 s[i]->s.k = 2;
2711 i++;
2712 /* A *= 4 */
2713 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
2714 s[i]->s.k = 4;
2715 i++;
2716 /* X = A; */
2717 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2718 i++;
2719 /* A = MEM[reg2] */
2720 s[i] = new_stmt(BPF_LD|BPF_MEM);
2721 s[i]->s.k = reg2;
2722 i++;
2723
2724 /* goto again; (must use BPF_JA for backward jump) */
2725 s[i] = new_stmt(BPF_JMP|BPF_JA);
2726 s[i]->s.k = again - i - 1;
2727 i++;
2728
2729 /* end: nop */
2730 end = i;
2731 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2732 s[i]->s.k = 0;
2733 s[fix2]->s.jt = s[end];
2734 s[fix4]->s.jf = s[end];
2735 s[fix5]->s.jt = s[end];
2736 i++;
2737
2738 /*
2739 * make slist chain
2740 */
2741 max = i;
2742 for (i = 0; i < max - 1; i++)
2743 s[i]->next = s[i + 1];
2744 s[max - 1]->next = NULL;
2745
2746 /*
2747 * emit final check
2748 */
2749 b = new_block(JMP(BPF_JEQ));
2750 b->stmts = s[1]; /*remember, s[0] is dummy*/
2751 b->s.k = v;
2752
2753 free_reg(reg2);
2754
2755 gen_and(b0, b);
2756 return b;
2757 #endif
2758 }
2759
2760 static struct block *
2761 gen_proto(v, proto, dir)
2762 int v;
2763 int proto;
2764 int dir;
2765 {
2766 struct block *b0, *b1;
2767
2768 if (dir != Q_DEFAULT)
2769 bpf_error("direction applied to 'proto'");
2770
2771 switch (proto) {
2772 case Q_DEFAULT:
2773 #ifdef INET6
2774 b0 = gen_proto(v, Q_IP, dir);
2775 b1 = gen_proto(v, Q_IPV6, dir);
2776 gen_or(b0, b1);
2777 return b1;
2778 #else
2779 /*FALLTHROUGH*/
2780 #endif
2781 case Q_IP:
2782 b0 = gen_linktype(ETHERTYPE_IP);
2783 #ifndef CHASE_CHAIN
2784 b1 = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)v);
2785 #else
2786 b1 = gen_protochain(v, Q_IP);
2787 #endif
2788 gen_and(b0, b1);
2789 return b1;
2790
2791 case Q_ISO:
2792 b0 = gen_linktype(LLCSAP_ISONS);
2793 b1 = gen_cmp(off_nl + 3, BPF_B, (long)v);
2794 gen_and(b0, b1);
2795 return b1;
2796
2797 case Q_ARP:
2798 bpf_error("arp does not encapsulate another protocol");
2799 /* NOTREACHED */
2800
2801 case Q_RARP:
2802 bpf_error("rarp does not encapsulate another protocol");
2803 /* NOTREACHED */
2804
2805 case Q_ATALK:
2806 bpf_error("atalk encapsulation is not specifiable");
2807 /* NOTREACHED */
2808
2809 case Q_DECNET:
2810 bpf_error("decnet encapsulation is not specifiable");
2811 /* NOTREACHED */
2812
2813 case Q_SCA:
2814 bpf_error("sca does not encapsulate another protocol");
2815 /* NOTREACHED */
2816
2817 case Q_LAT:
2818 bpf_error("lat does not encapsulate another protocol");
2819 /* NOTREACHED */
2820
2821 case Q_MOPRC:
2822 bpf_error("moprc does not encapsulate another protocol");
2823 /* NOTREACHED */
2824
2825 case Q_MOPDL:
2826 bpf_error("mopdl does not encapsulate another protocol");
2827 /* NOTREACHED */
2828
2829 case Q_LINK:
2830 return gen_linktype(v);
2831
2832 case Q_UDP:
2833 bpf_error("'udp proto' is bogus");
2834 /* NOTREACHED */
2835
2836 case Q_TCP:
2837 bpf_error("'tcp proto' is bogus");
2838 /* NOTREACHED */
2839
2840 case Q_SCTP:
2841 bpf_error("'sctp proto' is bogus");
2842 /* NOTREACHED */
2843
2844 case Q_ICMP:
2845 bpf_error("'icmp proto' is bogus");
2846 /* NOTREACHED */
2847
2848 case Q_IGMP:
2849 bpf_error("'igmp proto' is bogus");
2850 /* NOTREACHED */
2851
2852 case Q_IGRP:
2853 bpf_error("'igrp proto' is bogus");
2854 /* NOTREACHED */
2855
2856 case Q_PIM:
2857 bpf_error("'pim proto' is bogus");
2858 /* NOTREACHED */
2859
2860 case Q_VRRP:
2861 bpf_error("'vrrp proto' is bogus");
2862 /* NOTREACHED */
2863
2864 #ifdef INET6
2865 case Q_IPV6:
2866 b0 = gen_linktype(ETHERTYPE_IPV6);
2867 #ifndef CHASE_CHAIN
2868 b1 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)v);
2869 #else
2870 b1 = gen_protochain(v, Q_IPV6);
2871 #endif
2872 gen_and(b0, b1);
2873 return b1;
2874
2875 case Q_ICMPV6:
2876 bpf_error("'icmp6 proto' is bogus");
2877 #endif /* INET6 */
2878
2879 case Q_AH:
2880 bpf_error("'ah proto' is bogus");
2881
2882 case Q_ESP:
2883 bpf_error("'ah proto' is bogus");
2884
2885 case Q_STP:
2886 bpf_error("'stp proto' is bogus");
2887
2888 case Q_IPX:
2889 bpf_error("'ipx proto' is bogus");
2890
2891 case Q_NETBEUI:
2892 bpf_error("'netbeui proto' is bogus");
2893
2894 default:
2895 abort();
2896 /* NOTREACHED */
2897 }
2898 /* NOTREACHED */
2899 }
2900
2901 struct block *
2902 gen_scode(name, q)
2903 register const char *name;
2904 struct qual q;
2905 {
2906 int proto = q.proto;
2907 int dir = q.dir;
2908 int tproto;
2909 u_char *eaddr;
2910 bpf_u_int32 mask, addr;
2911 #ifndef INET6
2912 bpf_u_int32 **alist;
2913 #else
2914 int tproto6;
2915 struct sockaddr_in *sin;
2916 struct sockaddr_in6 *sin6;
2917 struct addrinfo *res, *res0;
2918 struct in6_addr mask128;
2919 #endif /*INET6*/
2920 struct block *b, *tmp;
2921 int port, real_proto;
2922
2923 switch (q.addr) {
2924
2925 case Q_NET:
2926 addr = pcap_nametonetaddr(name);
2927 if (addr == 0)
2928 bpf_error("unknown network '%s'", name);
2929 /* Left justify network addr and calculate its network mask */
2930 mask = 0xffffffff;
2931 while (addr && (addr & 0xff000000) == 0) {
2932 addr <<= 8;
2933 mask <<= 8;
2934 }
2935 return gen_host(addr, mask, proto, dir);
2936
2937 case Q_DEFAULT:
2938 case Q_HOST:
2939 if (proto == Q_LINK) {
2940 switch (linktype) {
2941
2942 case DLT_EN10MB:
2943 eaddr = pcap_ether_hostton(name);
2944 if (eaddr == NULL)
2945 bpf_error(
2946 "unknown ether host '%s'", name);
2947 b = gen_ehostop(eaddr, dir);
2948 free(eaddr);
2949 return b;
2950
2951 case DLT_FDDI:
2952 eaddr = pcap_ether_hostton(name);
2953 if (eaddr == NULL)
2954 bpf_error(
2955 "unknown FDDI host '%s'", name);
2956 b = gen_fhostop(eaddr, dir);
2957 free(eaddr);
2958 return b;
2959
2960 case DLT_IEEE802:
2961 eaddr = pcap_ether_hostton(name);
2962 if (eaddr == NULL)
2963 bpf_error(
2964 "unknown token ring host '%s'", name);
2965 b = gen_thostop(eaddr, dir);
2966 free(eaddr);
2967 return b;
2968
2969 default:
2970 bpf_error(
2971 "only ethernet/FDDI/token ring supports link-level host name");
2972 break;
2973 }
2974 } else if (proto == Q_DECNET) {
2975 unsigned short dn_addr = __pcap_nametodnaddr(name);
2976 /*
2977 * I don't think DECNET hosts can be multihomed, so
2978 * there is no need to build up a list of addresses
2979 */
2980 return (gen_host(dn_addr, 0, proto, dir));
2981 } else {
2982 #ifndef INET6
2983 alist = pcap_nametoaddr(name);
2984 if (alist == NULL || *alist == NULL)
2985 bpf_error("unknown host '%s'", name);
2986 tproto = proto;
2987 if (off_linktype == -1 && tproto == Q_DEFAULT)
2988 tproto = Q_IP;
2989 b = gen_host(**alist++, 0xffffffff, tproto, dir);
2990 while (*alist) {
2991 tmp = gen_host(**alist++, 0xffffffff,
2992 tproto, dir);
2993 gen_or(b, tmp);
2994 b = tmp;
2995 }
2996 return b;
2997 #else
2998 memset(&mask128, 0xff, sizeof(mask128));
2999 res0 = res = pcap_nametoaddrinfo(name);
3000 if (res == NULL)
3001 bpf_error("unknown host '%s'", name);
3002 b = tmp = NULL;
3003 tproto = tproto6 = proto;
3004 if (off_linktype == -1 && tproto == Q_DEFAULT) {
3005 tproto = Q_IP;
3006 tproto6 = Q_IPV6;
3007 }
3008 for (res = res0; res; res = res->ai_next) {
3009 switch (res->ai_family) {
3010 case AF_INET:
3011 if (tproto == Q_IPV6)
3012 continue;
3013
3014 sin = (struct sockaddr_in *)
3015 res->ai_addr;
3016 tmp = gen_host(ntohl(sin->sin_addr.s_addr),
3017 0xffffffff, tproto, dir);
3018 break;
3019 case AF_INET6:
3020 if (tproto6 == Q_IP)
3021 continue;
3022
3023 sin6 = (struct sockaddr_in6 *)
3024 res->ai_addr;
3025 tmp = gen_host6(&sin6->sin6_addr,
3026 &mask128, tproto6, dir);
3027 break;
3028 default:
3029 continue;
3030 }
3031 if (b)
3032 gen_or(b, tmp);
3033 b = tmp;
3034 }
3035 freeaddrinfo(res0);
3036 if (b == NULL) {
3037 bpf_error("unknown host '%s'%s", name,
3038 (proto == Q_DEFAULT)
3039 ? ""
3040 : " for specified address family");
3041 }
3042 return b;
3043 #endif /*INET6*/
3044 }
3045
3046 case Q_PORT:
3047 if (proto != Q_DEFAULT &&
3048 proto != Q_UDP && proto != Q_TCP && proto != Q_SCTP)
3049 bpf_error("illegal qualifier of 'port'");
3050 if (pcap_nametoport(name, &port, &real_proto) == 0)
3051 bpf_error("unknown port '%s'", name);
3052 if (proto == Q_UDP) {
3053 if (real_proto == IPPROTO_TCP)
3054 bpf_error("port '%s' is tcp", name);
3055 else if (real_proto == IPPROTO_SCTP)
3056 bpf_error("port '%s' is sctp", name);
3057 else
3058 /* override PROTO_UNDEF */
3059 real_proto = IPPROTO_UDP;
3060 }
3061 if (proto == Q_TCP) {
3062 if (real_proto == IPPROTO_UDP)
3063 bpf_error("port '%s' is udp", name);
3064
3065 else if (real_proto == IPPROTO_SCTP)
3066 bpf_error("port '%s' is sctp", name);
3067 else
3068 /* override PROTO_UNDEF */
3069 real_proto = IPPROTO_TCP;
3070 }
3071 if (proto == Q_SCTP) {
3072 if (real_proto == IPPROTO_UDP)
3073 bpf_error("port '%s' is udp", name);
3074
3075 else if (real_proto == IPPROTO_TCP)
3076 bpf_error("port '%s' is tcp", name);
3077 else
3078 /* override PROTO_UNDEF */
3079 real_proto = IPPROTO_SCTP;
3080 }
3081 #ifndef INET6
3082 return gen_port(port, real_proto, dir);
3083 #else
3084 {
3085 struct block *b;
3086 b = gen_port(port, real_proto, dir);
3087 gen_or(gen_port6(port, real_proto, dir), b);
3088 return b;
3089 }
3090 #endif /* INET6 */
3091
3092 case Q_GATEWAY:
3093 #ifndef INET6
3094 eaddr = pcap_ether_hostton(name);
3095 if (eaddr == NULL)
3096 bpf_error("unknown ether host: %s", name);
3097
3098 alist = pcap_nametoaddr(name);
3099 if (alist == NULL || *alist == NULL)
3100 bpf_error("unknown host '%s'", name);
3101 b = gen_gateway(eaddr, alist, proto, dir);
3102 free(eaddr);
3103 return b;
3104 #else
3105 bpf_error("'gateway' not supported in this configuration");
3106 #endif /*INET6*/
3107
3108 case Q_PROTO:
3109 real_proto = lookup_proto(name, proto);
3110 if (real_proto >= 0)
3111 return gen_proto(real_proto, proto, dir);
3112 else
3113 bpf_error("unknown protocol: %s", name);
3114
3115 case Q_PROTOCHAIN:
3116 real_proto = lookup_proto(name, proto);
3117 if (real_proto >= 0)
3118 return gen_protochain(real_proto, proto, dir);
3119 else
3120 bpf_error("unknown protocol: %s", name);
3121
3122
3123 case Q_UNDEF:
3124 syntax();
3125 /* NOTREACHED */
3126 }
3127 abort();
3128 /* NOTREACHED */
3129 }
3130
3131 struct block *
3132 gen_mcode(s1, s2, masklen, q)
3133 register const char *s1, *s2;
3134 register int masklen;
3135 struct qual q;
3136 {
3137 register int nlen, mlen;
3138 bpf_u_int32 n, m;
3139
3140 nlen = __pcap_atoin(s1, &n);
3141 /* Promote short ipaddr */
3142 n <<= 32 - nlen;
3143
3144 if (s2 != NULL) {
3145 mlen = __pcap_atoin(s2, &m);
3146 /* Promote short ipaddr */
3147 m <<= 32 - mlen;
3148 if ((n & ~m) != 0)
3149 bpf_error("non-network bits set in \"%s mask %s\"",
3150 s1, s2);
3151 } else {
3152 /* Convert mask len to mask */
3153 if (masklen > 32)
3154 bpf_error("mask length must be <= 32");
3155 m = 0xffffffff << (32 - masklen);
3156 if ((n & ~m) != 0)
3157 bpf_error("non-network bits set in \"%s/%d\"",
3158 s1, masklen);
3159 }
3160
3161 switch (q.addr) {
3162
3163 case Q_NET:
3164 return gen_host(n, m, q.proto, q.dir);
3165
3166 default:
3167 bpf_error("Mask syntax for networks only");
3168 /* NOTREACHED */
3169 }
3170 }
3171
3172 struct block *
3173 gen_ncode(s, v, q)
3174 register const char *s;
3175 bpf_u_int32 v;
3176 struct qual q;
3177 {
3178 bpf_u_int32 mask;
3179 int proto = q.proto;
3180 int dir = q.dir;
3181 register int vlen;
3182
3183 if (s == NULL)
3184 vlen = 32;
3185 else if (q.proto == Q_DECNET)
3186 vlen = __pcap_atodn(s, &v);
3187 else
3188 vlen = __pcap_atoin(s, &v);
3189
3190 switch (q.addr) {
3191
3192 case Q_DEFAULT:
3193 case Q_HOST:
3194 case Q_NET:
3195 if (proto == Q_DECNET)
3196 return gen_host(v, 0, proto, dir);
3197 else if (proto == Q_LINK) {
3198 bpf_error("illegal link layer address");
3199 } else {
3200 mask = 0xffffffff;
3201 if (s == NULL && q.addr == Q_NET) {
3202 /* Promote short net number */
3203 while (v && (v & 0xff000000) == 0) {
3204 v <<= 8;
3205 mask <<= 8;
3206 }
3207 } else {
3208 /* Promote short ipaddr */
3209 v <<= 32 - vlen;
3210 mask <<= 32 - vlen;
3211 }
3212 return gen_host(v, mask, proto, dir);
3213 }
3214
3215 case Q_PORT:
3216 if (proto == Q_UDP)
3217 proto = IPPROTO_UDP;
3218 else if (proto == Q_TCP)
3219 proto = IPPROTO_TCP;
3220 else if (proto == Q_SCTP)
3221 proto = IPPROTO_SCTP;
3222 else if (proto == Q_DEFAULT)
3223 proto = PROTO_UNDEF;
3224 else
3225 bpf_error("illegal qualifier of 'port'");
3226
3227 #ifndef INET6
3228 return gen_port((int)v, proto, dir);
3229 #else
3230 {
3231 struct block *b;
3232 b = gen_port((int)v, proto, dir);
3233 gen_or(gen_port6((int)v, proto, dir), b);
3234 return b;
3235 }
3236 #endif /* INET6 */
3237
3238 case Q_GATEWAY:
3239 bpf_error("'gateway' requires a name");
3240 /* NOTREACHED */
3241
3242 case Q_PROTO:
3243 return gen_proto((int)v, proto, dir);
3244
3245 case Q_PROTOCHAIN:
3246 return gen_protochain((int)v, proto, dir);
3247
3248 case Q_UNDEF:
3249 syntax();
3250 /* NOTREACHED */
3251
3252 default:
3253 abort();
3254 /* NOTREACHED */
3255 }
3256 /* NOTREACHED */
3257 }
3258
3259 #ifdef INET6
3260 struct block *
3261 gen_mcode6(s1, s2, masklen, q)
3262 register const char *s1, *s2;
3263 register int masklen;
3264 struct qual q;
3265 {
3266 struct addrinfo *res;
3267 struct in6_addr *addr;
3268 struct in6_addr mask;
3269 struct block *b;
3270 u_int32_t *a, *m;
3271
3272 if (s2)
3273 bpf_error("no mask %s supported", s2);
3274
3275 res = pcap_nametoaddrinfo(s1);
3276 if (!res)
3277 bpf_error("invalid ip6 address %s", s1);
3278 if (res->ai_next)
3279 bpf_error("%s resolved to multiple address", s1);
3280 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr;
3281
3282 if (sizeof(mask) * 8 < masklen)
3283 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8));
3284 memset(&mask, 0, sizeof(mask));
3285 memset(&mask, 0xff, masklen / 8);
3286 if (masklen % 8) {
3287 mask.s6_addr[masklen / 8] =
3288 (0xff << (8 - masklen % 8)) & 0xff;
3289 }
3290
3291 a = (u_int32_t *)addr;
3292 m = (u_int32_t *)&mask;
3293 if ((a[0] & ~m[0]) || (a[1] & ~m[1])
3294 || (a[2] & ~m[2]) || (a[3] & ~m[3])) {
3295 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen);
3296 }
3297
3298 switch (q.addr) {
3299
3300 case Q_DEFAULT:
3301 case Q_HOST:
3302 if (masklen != 128)
3303 bpf_error("Mask syntax for networks only");
3304 /* FALLTHROUGH */
3305
3306 case Q_NET:
3307 b = gen_host6(addr, &mask, q.proto, q.dir);
3308 freeaddrinfo(res);
3309 return b;
3310
3311 default:
3312 bpf_error("invalid qualifier against IPv6 address");
3313 /* NOTREACHED */
3314 }
3315 }
3316 #endif /*INET6*/
3317
3318 struct block *
3319 gen_ecode(eaddr, q)
3320 register const u_char *eaddr;
3321 struct qual q;
3322 {
3323 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
3324 if (linktype == DLT_EN10MB)
3325 return gen_ehostop(eaddr, (int)q.dir);
3326 if (linktype == DLT_FDDI)
3327 return gen_fhostop(eaddr, (int)q.dir);
3328 if (linktype == DLT_IEEE802)
3329 return gen_thostop(eaddr, (int)q.dir);
3330 bpf_error("ethernet addresses supported only on ethernet, FDDI or token ring");
3331 }
3332 bpf_error("ethernet address used in non-ether expression");
3333 /* NOTREACHED */
3334 }
3335
3336 void
3337 sappend(s0, s1)
3338 struct slist *s0, *s1;
3339 {
3340 /*
3341 * This is definitely not the best way to do this, but the
3342 * lists will rarely get long.
3343 */
3344 while (s0->next)
3345 s0 = s0->next;
3346 s0->next = s1;
3347 }
3348
3349 static struct slist *
3350 xfer_to_x(a)
3351 struct arth *a;
3352 {
3353 struct slist *s;
3354
3355 s = new_stmt(BPF_LDX|BPF_MEM);
3356 s->s.k = a->regno;
3357 return s;
3358 }
3359
3360 static struct slist *
3361 xfer_to_a(a)
3362 struct arth *a;
3363 {
3364 struct slist *s;
3365
3366 s = new_stmt(BPF_LD|BPF_MEM);
3367 s->s.k = a->regno;
3368 return s;
3369 }
3370
3371 struct arth *
3372 gen_load(proto, index, size)
3373 int proto;
3374 struct arth *index;
3375 int size;
3376 {
3377 struct slist *s, *tmp;
3378 struct block *b;
3379 int regno = alloc_reg();
3380
3381 free_reg(index->regno);
3382 switch (size) {
3383
3384 default:
3385 bpf_error("data size must be 1, 2, or 4");
3386
3387 case 1:
3388 size = BPF_B;
3389 break;
3390
3391 case 2:
3392 size = BPF_H;
3393 break;
3394
3395 case 4:
3396 size = BPF_W;
3397 break;
3398 }
3399 switch (proto) {
3400 default:
3401 bpf_error("unsupported index operation");
3402
3403 case Q_LINK:
3404 s = xfer_to_x(index);
3405 tmp = new_stmt(BPF_LD|BPF_IND|size);
3406 sappend(s, tmp);
3407 sappend(index->s, s);
3408 break;
3409
3410 case Q_IP:
3411 case Q_ARP:
3412 case Q_RARP:
3413 case Q_ATALK:
3414 case Q_DECNET:
3415 case Q_SCA:
3416 case Q_LAT:
3417 case Q_MOPRC:
3418 case Q_MOPDL:
3419 #ifdef INET6
3420 case Q_IPV6:
3421 #endif
3422 /* XXX Note that we assume a fixed link header here. */
3423 s = xfer_to_x(index);
3424 tmp = new_stmt(BPF_LD|BPF_IND|size);
3425 tmp->s.k = off_nl;
3426 sappend(s, tmp);
3427 sappend(index->s, s);
3428
3429 b = gen_proto_abbrev(proto);
3430 if (index->b)
3431 gen_and(index->b, b);
3432 index->b = b;
3433 break;
3434
3435 case Q_SCTP:
3436 case Q_TCP:
3437 case Q_UDP:
3438 case Q_ICMP:
3439 case Q_IGMP:
3440 case Q_IGRP:
3441 case Q_PIM:
3442 case Q_VRRP:
3443 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
3444 s->s.k = off_nl;
3445 sappend(s, xfer_to_a(index));
3446 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X));
3447 sappend(s, new_stmt(BPF_MISC|BPF_TAX));
3448 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size));
3449 tmp->s.k = off_nl;
3450 sappend(index->s, s);
3451
3452 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag());
3453 if (index->b)
3454 gen_and(index->b, b);
3455 #ifdef INET6
3456 gen_and(gen_proto_abbrev(Q_IP), b);
3457 #endif
3458 index->b = b;
3459 break;
3460 #ifdef INET6
3461 case Q_ICMPV6:
3462 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]");
3463 /*NOTREACHED*/
3464 #endif
3465 }
3466 index->regno = regno;
3467 s = new_stmt(BPF_ST);
3468 s->s.k = regno;
3469 sappend(index->s, s);
3470
3471 return index;
3472 }
3473
3474 struct block *
3475 gen_relation(code, a0, a1, reversed)
3476 int code;
3477 struct arth *a0, *a1;
3478 int reversed;
3479 {
3480 struct slist *s0, *s1, *s2;
3481 struct block *b, *tmp;
3482
3483 s0 = xfer_to_x(a1);
3484 s1 = xfer_to_a(a0);
3485 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X);
3486 b = new_block(JMP(code));
3487 if (code == BPF_JGT || code == BPF_JGE) {
3488 reversed = !reversed;
3489 b->s.k = 0x80000000;
3490 }
3491 if (reversed)
3492 gen_not(b);
3493
3494 sappend(s1, s2);
3495 sappend(s0, s1);
3496 sappend(a1->s, s0);
3497 sappend(a0->s, a1->s);
3498
3499 b->stmts = a0->s;
3500
3501 free_reg(a0->regno);
3502 free_reg(a1->regno);
3503
3504 /* 'and' together protocol checks */
3505 if (a0->b) {
3506 if (a1->b) {
3507 gen_and(a0->b, tmp = a1->b);
3508 }
3509 else
3510 tmp = a0->b;
3511 } else
3512 tmp = a1->b;
3513
3514 if (tmp)
3515 gen_and(tmp, b);
3516
3517 return b;
3518 }
3519
3520 struct arth *
3521 gen_loadlen()
3522 {
3523 int regno = alloc_reg();
3524 struct arth *a = (struct arth *)newchunk(sizeof(*a));
3525 struct slist *s;
3526
3527 s = new_stmt(BPF_LD|BPF_LEN);
3528 s->next = new_stmt(BPF_ST);
3529 s->next->s.k = regno;
3530 a->s = s;
3531 a->regno = regno;
3532
3533 return a;
3534 }
3535
3536 struct arth *
3537 gen_loadi(val)
3538 int val;
3539 {
3540 struct arth *a;
3541 struct slist *s;
3542 int reg;
3543
3544 a = (struct arth *)newchunk(sizeof(*a));
3545
3546 reg = alloc_reg();
3547
3548 s = new_stmt(BPF_LD|BPF_IMM);
3549 s->s.k = val;
3550 s->next = new_stmt(BPF_ST);
3551 s->next->s.k = reg;
3552 a->s = s;
3553 a->regno = reg;
3554
3555 return a;
3556 }
3557
3558 struct arth *
3559 gen_neg(a)
3560 struct arth *a;
3561 {
3562 struct slist *s;
3563
3564 s = xfer_to_a(a);
3565 sappend(a->s, s);
3566 s = new_stmt(BPF_ALU|BPF_NEG);
3567 s->s.k = 0;
3568 sappend(a->s, s);
3569 s = new_stmt(BPF_ST);
3570 s->s.k = a->regno;
3571 sappend(a->s, s);
3572
3573 return a;
3574 }
3575
3576 struct arth *
3577 gen_arth(code, a0, a1)
3578 int code;
3579 struct arth *a0, *a1;
3580 {
3581 struct slist *s0, *s1, *s2;
3582
3583 s0 = xfer_to_x(a1);
3584 s1 = xfer_to_a(a0);
3585 s2 = new_stmt(BPF_ALU|BPF_X|code);
3586
3587 sappend(s1, s2);
3588 sappend(s0, s1);
3589 sappend(a1->s, s0);
3590 sappend(a0->s, a1->s);
3591
3592 free_reg(a0->regno);
3593 free_reg(a1->regno);
3594
3595 s0 = new_stmt(BPF_ST);
3596 a0->regno = s0->s.k = alloc_reg();
3597 sappend(a0->s, s0);
3598
3599 return a0;
3600 }
3601
3602 /*
3603 * Here we handle simple allocation of the scratch registers.
3604 * If too many registers are alloc'd, the allocator punts.
3605 */
3606 static int regused[BPF_MEMWORDS];
3607 static int curreg;
3608
3609 /*
3610 * Return the next free register.
3611 */
3612 static int
3613 alloc_reg()
3614 {
3615 int n = BPF_MEMWORDS;
3616
3617 while (--n >= 0) {
3618 if (regused[curreg])
3619 curreg = (curreg + 1) % BPF_MEMWORDS;
3620 else {
3621 regused[curreg] = 1;
3622 return curreg;
3623 }
3624 }
3625 bpf_error("too many registers needed to evaluate expression");
3626 /* NOTREACHED */
3627 }
3628
3629 /*
3630 * Return a register to the table so it can
3631 * be used later.
3632 */
3633 static void
3634 free_reg(n)
3635 int n;
3636 {
3637 regused[n] = 0;
3638 }
3639
3640 static struct block *
3641 gen_len(jmp, n)
3642 int jmp, n;
3643 {
3644 struct slist *s;
3645 struct block *b;
3646
3647 s = new_stmt(BPF_LD|BPF_LEN);
3648 b = new_block(JMP(jmp));
3649 b->stmts = s;
3650 b->s.k = n;
3651
3652 return b;
3653 }
3654
3655 struct block *
3656 gen_greater(n)
3657 int n;
3658 {
3659 return gen_len(BPF_JGE, n);
3660 }
3661
3662 /*
3663 * Actually, this is less than or equal.
3664 */
3665 struct block *
3666 gen_less(n)
3667 int n;
3668 {
3669 struct block *b;
3670
3671 b = gen_len(BPF_JGT, n);
3672 gen_not(b);
3673
3674 return b;
3675 }
3676
3677 struct block *
3678 gen_byteop(op, idx, val)
3679 int op, idx, val;
3680 {
3681 struct block *b;
3682 struct slist *s;
3683
3684 switch (op) {
3685 default:
3686 abort();
3687
3688 case '=':
3689 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
3690
3691 case '<':
3692 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
3693 b->s.code = JMP(BPF_JGE);
3694 gen_not(b);
3695 return b;
3696
3697 case '>':
3698 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
3699 b->s.code = JMP(BPF_JGT);
3700 return b;
3701
3702 case '|':
3703 s = new_stmt(BPF_ALU|BPF_OR|BPF_K);
3704 break;
3705
3706 case '&':
3707 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
3708 break;
3709 }
3710 s->s.k = val;
3711 b = new_block(JMP(BPF_JEQ));
3712 b->stmts = s;
3713 gen_not(b);
3714
3715 return b;
3716 }
3717
3718 static u_char abroadcast[] = { 0x0 };
3719
3720 struct block *
3721 gen_broadcast(proto)
3722 int proto;
3723 {
3724 bpf_u_int32 hostmask;
3725 struct block *b0, *b1, *b2;
3726 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
3727
3728 switch (proto) {
3729
3730 case Q_DEFAULT:
3731 case Q_LINK:
3732 if (linktype == DLT_ARCNET)
3733 return gen_ahostop(abroadcast, Q_DST);
3734 if (linktype == DLT_EN10MB)
3735 return gen_ehostop(ebroadcast, Q_DST);
3736 if (linktype == DLT_FDDI)
3737 return gen_fhostop(ebroadcast, Q_DST);
3738 if (linktype == DLT_IEEE802)
3739 return gen_thostop(ebroadcast, Q_DST);
3740 bpf_error("not a broadcast link");
3741 break;
3742
3743 case Q_IP:
3744 b0 = gen_linktype(ETHERTYPE_IP);
3745 hostmask = ~netmask;
3746 b1 = gen_mcmp(off_nl + 16, BPF_W, (bpf_int32)0, hostmask);
3747 b2 = gen_mcmp(off_nl + 16, BPF_W,
3748 (bpf_int32)(~0 & hostmask), hostmask);
3749 gen_or(b1, b2);
3750 gen_and(b0, b2);
3751 return b2;
3752 }
3753 bpf_error("only ether/ip broadcast filters supported");
3754 }
3755
3756 struct block *
3757 gen_multicast(proto)
3758 int proto;
3759 {
3760 register struct block *b0, *b1;
3761 register struct slist *s;
3762
3763 switch (proto) {
3764
3765 case Q_DEFAULT:
3766 case Q_LINK:
3767 if (linktype == DLT_ARCNET)
3768 /* all ARCnet multicasts use the same address */
3769 return gen_ahostop(abroadcast, Q_DST);
3770
3771 if (linktype == DLT_EN10MB) {
3772 /* ether[0] & 1 != 0 */
3773 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
3774 s->s.k = 0;
3775 b0 = new_block(JMP(BPF_JSET));
3776 b0->s.k = 1;
3777 b0->stmts = s;
3778 return b0;
3779 }
3780
3781 if (linktype == DLT_FDDI) {
3782 /* XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX */
3783 /* fddi[1] & 1 != 0 */
3784 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
3785 s->s.k = 1;
3786 b0 = new_block(JMP(BPF_JSET));
3787 b0->s.k = 1;
3788 b0->stmts = s;
3789 return b0;
3790 }
3791
3792 /* TODO - check how token ring handles multicast */
3793 /* if (linktype == DLT_IEEE802) ... */
3794
3795 /* Link not known to support multicasts */
3796 break;
3797
3798 case Q_IP:
3799 b0 = gen_linktype(ETHERTYPE_IP);
3800 b1 = gen_cmp(off_nl + 16, BPF_B, (bpf_int32)224);
3801 b1->s.code = JMP(BPF_JGE);
3802 gen_and(b0, b1);
3803 return b1;
3804
3805 #ifdef INET6
3806 case Q_IPV6:
3807 b0 = gen_linktype(ETHERTYPE_IPV6);
3808 b1 = gen_cmp(off_nl + 24, BPF_B, (bpf_int32)255);
3809 gen_and(b0, b1);
3810 return b1;
3811 #endif /* INET6 */
3812 }
3813 bpf_error("only IP multicast filters supported on ethernet/FDDI");
3814 }
3815
3816 /*
3817 * generate command for inbound/outbound. It's here so we can
3818 * make it link-type specific. 'dir' = 0 implies "inbound",
3819 * = 1 implies "outbound".
3820 */
3821 struct block *
3822 gen_inbound(dir)
3823 int dir;
3824 {
3825 register struct block *b0;
3826
3827 /*
3828 * Only some data link types support inbound/outbound qualifiers.
3829 */
3830 switch (linktype) {
3831 case DLT_SLIP:
3832 case DLT_PPP:
3833 b0 = gen_relation(BPF_JEQ,
3834 gen_load(Q_LINK, gen_loadi(0), 1),
3835 gen_loadi(0),
3836 dir);
3837 break;
3838
3839 default:
3840 bpf_error("inbound/outbound not supported on linktype %d\n",
3841 linktype);
3842 b0 = NULL;
3843 /* NOTREACHED */
3844 }
3845 return (b0);
3846 }
3847
3848 struct block *
3849 gen_acode(eaddr, q)
3850 register const u_char *eaddr;
3851 struct qual q;
3852 {
3853 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
3854 if (linktype == DLT_ARCNET)
3855 return gen_ahostop(eaddr, (int)q.dir);
3856 }
3857 bpf_error("ARCnet address used in non-arc expression");
3858 /* NOTREACHED */
3859 }
3860
3861 static struct block *
3862 gen_ahostop(eaddr, dir)
3863 register const u_char *eaddr;
3864 register int dir;
3865 {
3866 register struct block *b0, *b1;
3867
3868 switch (dir) {
3869 /* src comes first, different from Ethernet */
3870 case Q_SRC:
3871 return gen_bcmp(0, 1, eaddr);
3872
3873 case Q_DST:
3874 return gen_bcmp(1, 1, eaddr);
3875
3876 case Q_AND:
3877 b0 = gen_ahostop(eaddr, Q_SRC);
3878 b1 = gen_ahostop(eaddr, Q_DST);
3879 gen_and(b0, b1);
3880 return b1;
3881
3882 case Q_DEFAULT:
3883 case Q_OR:
3884 b0 = gen_ahostop(eaddr, Q_SRC);
3885 b1 = gen_ahostop(eaddr, Q_DST);
3886 gen_or(b0, b1);
3887 return b1;
3888 }
3889 abort();
3890 /* NOTREACHED */
3891 }
3892
3893 /*
3894 * support IEEE 802.1Q VLAN trunk over ethernet
3895 */
3896 struct block *
3897 gen_vlan(vlan_num)
3898 int vlan_num;
3899 {
3900 struct block *b0;
3901
3902 /*
3903 * Change the offsets to point to the type and data fields within
3904 * the VLAN packet. This is somewhat of a kludge.
3905 */
3906 if (orig_nl == (u_int)-1) {
3907 orig_linktype = off_linktype; /* save original values */
3908 orig_nl = off_nl;
3909
3910 switch (linktype) {
3911
3912 case DLT_EN10MB:
3913 off_linktype = 16;
3914 off_nl = 18;
3915 break;
3916
3917 default:
3918 bpf_error("no VLAN support for data link type %d",
3919 linktype);
3920 /*NOTREACHED*/
3921 }
3922 }
3923
3924 /* check for VLAN */
3925 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q);
3926
3927 /* If a specific VLAN is requested, check VLAN id */
3928 if (vlan_num >= 0) {
3929 struct block *b1;
3930
3931 b1 = gen_cmp(orig_nl, BPF_H, (bpf_int32)vlan_num);
3932 gen_and(b0, b1);
3933 b0 = b1;
3934 }
3935
3936 return (b0);
3937 }
[mirror] the LIBpcap interface to various kernel packet capture mechanism