]> The Tcpdump Group git mirrors - libpcap/blob - gencode.c
projects / libpcap / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
add BPF_ filters for misc. IS-IS PDU Types
[libpcap] / gencode.c
1 /*#define CHASE_CHAIN*/
2 /*
3 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998
4 * The Regents of the University of California. All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that: (1) source code distributions
8 * retain the above copyright notice and this paragraph in its entirety, (2)
9 * distributions including binary code include the above copyright notice and
10 * this paragraph in its entirety in the documentation or other materials
11 * provided with the distribution, and (3) all advertising materials mentioning
12 * features or use of this software display the following acknowledgement:
13 * ``This product includes software developed by the University of California,
14 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
15 * the University nor the names of its contributors may be used to endorse
16 * or promote products derived from this software without specific prior
17 * written permission.
18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
19 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
20 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
21 */
22 #ifndef lint
23 static const char rcsid[] =
24 "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.182 2002-12-06 00:01:33 hannes Exp $ (LBL)";
25 #endif
26
27 #ifdef HAVE_CONFIG_H
28 #include "config.h"
29 #endif
30
31 #ifdef WIN32
32 #include <pcap-stdinc.h>
33 #else /* WIN32 */
34 #include <sys/types.h>
35 #include <sys/socket.h>
36 #include <sys/time.h>
37 #endif /* WIN32 */
38
39 /*
40 * XXX - why was this included even on UNIX?
41 */
42 #ifdef __MINGW32__
43 #include "IP6_misc.h"
44 #endif
45
46 #ifndef WIN32
47
48 #ifdef __NetBSD__
49 #include <sys/param.h>
50 #endif
51
52 #include <netinet/in.h>
53
54 #endif /* WIN32 */
55
56 #include <stdlib.h>
57 #include <string.h>
58 #include <memory.h>
59 #include <setjmp.h>
60 #include <stdarg.h>
61
62 #include "pcap-int.h"
63
64 #include "ethertype.h"
65 #include "nlpid.h"
66 #include "llc.h"
67 #include "gencode.h"
68 #include "atmuni31.h"
69 #include "sunatmpos.h"
70 #include "ppp.h"
71 #include "sll.h"
72 #include "arcnet.h"
73 #ifdef INET6
74 #ifndef WIN32
75 #include <netdb.h> /* for "struct addrinfo" */
76 #endif /* WIN32 */
77 #endif /*INET6*/
78 #include <pcap-namedb.h>
79
80 #define ETHERMTU 1500
81
82 #ifndef IPPROTO_SCTP
83 #define IPPROTO_SCTP 132
84 #endif
85
86 #ifdef HAVE_OS_PROTO_H
87 #include "os-proto.h"
88 #endif
89
90 #define JMP(c) ((c)|BPF_JMP|BPF_K)
91
92 /* Locals */
93 static jmp_buf top_ctx;
94 static pcap_t *bpf_pcap;
95
96 /* Hack for updating VLAN offsets. */
97 static u_int orig_linktype = -1, orig_nl = -1, orig_nl_nosnap = -1;
98
99 /* XXX */
100 #ifdef PCAP_FDDIPAD
101 int pcap_fddipad = PCAP_FDDIPAD;
102 #else
103 int pcap_fddipad;
104 #endif
105
106 /* VARARGS */
107 void
108 bpf_error(const char *fmt, ...)
109
110 {
111 va_list ap;
112
113 va_start(ap, fmt);
114 if (bpf_pcap != NULL)
115 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE,
116 fmt, ap);
117 va_end(ap);
118 longjmp(top_ctx, 1);
119 /* NOTREACHED */
120 }
121
122 static void init_linktype(int);
123
124 static int alloc_reg(void);
125 static void free_reg(int);
126
127 static struct block *root;
128
129 /*
130 * We divy out chunks of memory rather than call malloc each time so
131 * we don't have to worry about leaking memory. It's probably
132 * not a big deal if all this memory was wasted but it this ever
133 * goes into a library that would probably not be a good idea.
134 */
135 #define NCHUNKS 16
136 #define CHUNK0SIZE 1024
137 struct chunk {
138 u_int n_left;
139 void *m;
140 };
141
142 static struct chunk chunks[NCHUNKS];
143 static int cur_chunk;
144
145 static void *newchunk(u_int);
146 static void freechunks(void);
147 static inline struct block *new_block(int);
148 static inline struct slist *new_stmt(int);
149 static struct block *gen_retblk(int);
150 static inline void syntax(void);
151
152 static void backpatch(struct block *, struct block *);
153 static void merge(struct block *, struct block *);
154 static struct block *gen_cmp(u_int, u_int, bpf_int32);
155 static struct block *gen_cmp_gt(u_int, u_int, bpf_int32);
156 static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32);
157 static struct block *gen_bcmp(u_int, u_int, const u_char *);
158 static struct block *gen_ncmp(bpf_u_int32, bpf_u_int32, bpf_u_int32,
159 bpf_u_int32, bpf_u_int32, int);
160 static struct block *gen_uncond(int);
161 static inline struct block *gen_true(void);
162 static inline struct block *gen_false(void);
163 static struct block *gen_ether_linktype(int);
164 static struct block *gen_linktype(int);
165 static struct block *gen_snap(bpf_u_int32, bpf_u_int32, u_int);
166 static struct block *gen_llc(int);
167 static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int);
168 #ifdef INET6
169 static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int);
170 #endif
171 static struct block *gen_ahostop(const u_char *, int);
172 static struct block *gen_ehostop(const u_char *, int);
173 static struct block *gen_fhostop(const u_char *, int);
174 static struct block *gen_thostop(const u_char *, int);
175 static struct block *gen_wlanhostop(const u_char *, int);
176 static struct block *gen_ipfchostop(const u_char *, int);
177 static struct block *gen_dnhostop(bpf_u_int32, int, u_int);
178 static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int);
179 #ifdef INET6
180 static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int);
181 #endif
182 #ifndef INET6
183 static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int);
184 #endif
185 static struct block *gen_ipfrag(void);
186 static struct block *gen_portatom(int, bpf_int32);
187 #ifdef INET6
188 static struct block *gen_portatom6(int, bpf_int32);
189 #endif
190 struct block *gen_portop(int, int, int);
191 static struct block *gen_port(int, int, int);
192 #ifdef INET6
193 struct block *gen_portop6(int, int, int);
194 static struct block *gen_port6(int, int, int);
195 #endif
196 static int lookup_proto(const char *, int);
197 static struct block *gen_protochain(int, int, int);
198 static struct block *gen_proto(int, int, int);
199 static struct slist *xfer_to_x(struct arth *);
200 static struct slist *xfer_to_a(struct arth *);
201 static struct block *gen_mac_multicast(int);
202 static struct block *gen_len(int, int);
203
204 static struct block *gen_msg_abbrev(int type);
205
206 static void *
207 newchunk(n)
208 u_int n;
209 {
210 struct chunk *cp;
211 int k, size;
212
213 #ifndef __NetBSD__
214 /* XXX Round up to nearest long. */
215 n = (n + sizeof(long) - 1) & ~(sizeof(long) - 1);
216 #else
217 /* XXX Round up to structure boundary. */
218 n = ALIGN(n);
219 #endif
220
221 cp = &chunks[cur_chunk];
222 if (n > cp->n_left) {
223 ++cp, k = ++cur_chunk;
224 if (k >= NCHUNKS)
225 bpf_error("out of memory");
226 size = CHUNK0SIZE << k;
227 cp->m = (void *)malloc(size);
228 memset((char *)cp->m, 0, size);
229 cp->n_left = size;
230 if (n > size)
231 bpf_error("out of memory");
232 }
233 cp->n_left -= n;
234 return (void *)((char *)cp->m + cp->n_left);
235 }
236
237 static void
238 freechunks()
239 {
240 int i;
241
242 cur_chunk = 0;
243 for (i = 0; i < NCHUNKS; ++i)
244 if (chunks[i].m != NULL) {
245 free(chunks[i].m);
246 chunks[i].m = NULL;
247 }
248 }
249
250 /*
251 * A strdup whose allocations are freed after code generation is over.
252 */
253 char *
254 sdup(s)
255 register const char *s;
256 {
257 int n = strlen(s) + 1;
258 char *cp = newchunk(n);
259
260 strlcpy(cp, s, n);
261 return (cp);
262 }
263
264 static inline struct block *
265 new_block(code)
266 int code;
267 {
268 struct block *p;
269
270 p = (struct block *)newchunk(sizeof(*p));
271 p->s.code = code;
272 p->head = p;
273
274 return p;
275 }
276
277 static inline struct slist *
278 new_stmt(code)
279 int code;
280 {
281 struct slist *p;
282
283 p = (struct slist *)newchunk(sizeof(*p));
284 p->s.code = code;
285
286 return p;
287 }
288
289 static struct block *
290 gen_retblk(v)
291 int v;
292 {
293 struct block *b = new_block(BPF_RET|BPF_K);
294
295 b->s.k = v;
296 return b;
297 }
298
299 static inline void
300 syntax()
301 {
302 bpf_error("syntax error in filter expression");
303 }
304
305 static bpf_u_int32 netmask;
306 static int snaplen;
307 int no_optimize;
308
309 int
310 pcap_compile(pcap_t *p, struct bpf_program *program,
311 char *buf, int optimize, bpf_u_int32 mask)
312 {
313 extern int n_errors;
314 int len;
315
316 no_optimize = 0;
317 n_errors = 0;
318 root = NULL;
319 bpf_pcap = p;
320 if (setjmp(top_ctx)) {
321 lex_cleanup();
322 freechunks();
323 return (-1);
324 }
325
326 netmask = mask;
327
328 snaplen = pcap_snapshot(p);
329 if (snaplen == 0) {
330 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
331 "snaplen of 0 rejects all packets");
332 return -1;
333 }
334
335 lex_init(buf ? buf : "");
336 init_linktype(pcap_datalink(p));
337 (void)pcap_parse();
338
339 if (n_errors)
340 syntax();
341
342 if (root == NULL)
343 root = gen_retblk(snaplen);
344
345 if (optimize && !no_optimize) {
346 bpf_optimize(&root);
347 if (root == NULL ||
348 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0))
349 bpf_error("expression rejects all packets");
350 }
351 program->bf_insns = icode_to_fcode(root, &len);
352 program->bf_len = len;
353
354 lex_cleanup();
355 freechunks();
356 return (0);
357 }
358
359 /*
360 * entry point for using the compiler with no pcap open
361 * pass in all the stuff that is needed explicitly instead.
362 */
363 int
364 pcap_compile_nopcap(int snaplen_arg, int linktype_arg,
365 struct bpf_program *program,
366 char *buf, int optimize, bpf_u_int32 mask)
367 {
368 pcap_t *p;
369 int ret;
370
371 p = pcap_open_dead(linktype_arg, snaplen_arg);
372 if (p == NULL)
373 return (-1);
374 ret = pcap_compile(p, program, buf, optimize, mask);
375 pcap_close(p);
376 return (ret);
377 }
378
379 /*
380 * Clean up a "struct bpf_program" by freeing all the memory allocated
381 * in it.
382 */
383 void
384 pcap_freecode(struct bpf_program *program)
385 {
386 program->bf_len = 0;
387 if (program->bf_insns != NULL) {
388 free((char *)program->bf_insns);
389 program->bf_insns = NULL;
390 }
391 }
392
393 /*
394 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates
395 * which of the jt and jf fields has been resolved and which is a pointer
396 * back to another unresolved block (or nil). At least one of the fields
397 * in each block is already resolved.
398 */
399 static void
400 backpatch(list, target)
401 struct block *list, *target;
402 {
403 struct block *next;
404
405 while (list) {
406 if (!list->sense) {
407 next = JT(list);
408 JT(list) = target;
409 } else {
410 next = JF(list);
411 JF(list) = target;
412 }
413 list = next;
414 }
415 }
416
417 /*
418 * Merge the lists in b0 and b1, using the 'sense' field to indicate
419 * which of jt and jf is the link.
420 */
421 static void
422 merge(b0, b1)
423 struct block *b0, *b1;
424 {
425 register struct block **p = &b0;
426
427 /* Find end of list. */
428 while (*p)
429 p = !((*p)->sense) ? &JT(*p) : &JF(*p);
430
431 /* Concatenate the lists. */
432 *p = b1;
433 }
434
435 void
436 finish_parse(p)
437 struct block *p;
438 {
439 backpatch(p, gen_retblk(snaplen));
440 p->sense = !p->sense;
441 backpatch(p, gen_retblk(0));
442 root = p->head;
443 }
444
445 void
446 gen_and(b0, b1)
447 struct block *b0, *b1;
448 {
449 backpatch(b0, b1->head);
450 b0->sense = !b0->sense;
451 b1->sense = !b1->sense;
452 merge(b1, b0);
453 b1->sense = !b1->sense;
454 b1->head = b0->head;
455 }
456
457 void
458 gen_or(b0, b1)
459 struct block *b0, *b1;
460 {
461 b0->sense = !b0->sense;
462 backpatch(b0, b1->head);
463 b0->sense = !b0->sense;
464 merge(b1, b0);
465 b1->head = b0->head;
466 }
467
468 void
469 gen_not(b)
470 struct block *b;
471 {
472 b->sense = !b->sense;
473 }
474
475 static struct block *
476 gen_cmp(offset, size, v)
477 u_int offset, size;
478 bpf_int32 v;
479 {
480 struct slist *s;
481 struct block *b;
482
483 s = new_stmt(BPF_LD|BPF_ABS|size);
484 s->s.k = offset;
485
486 b = new_block(JMP(BPF_JEQ));
487 b->stmts = s;
488 b->s.k = v;
489
490 return b;
491 }
492
493 static struct block *
494 gen_cmp_gt(offset, size, v)
495 u_int offset, size;
496 bpf_int32 v;
497 {
498 struct slist *s;
499 struct block *b;
500
501 s = new_stmt(BPF_LD|BPF_ABS|size);
502 s->s.k = offset;
503
504 b = new_block(JMP(BPF_JGT));
505 b->stmts = s;
506 b->s.k = v;
507
508 return b;
509 }
510
511 static struct block *
512 gen_mcmp(offset, size, v, mask)
513 u_int offset, size;
514 bpf_int32 v;
515 bpf_u_int32 mask;
516 {
517 struct block *b = gen_cmp(offset, size, v);
518 struct slist *s;
519
520 if (mask != 0xffffffff) {
521 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
522 s->s.k = mask;
523 b->stmts->next = s;
524 }
525 return b;
526 }
527
528 static struct block *
529 gen_bcmp(offset, size, v)
530 register u_int offset, size;
531 register const u_char *v;
532 {
533 register struct block *b, *tmp;
534
535 b = NULL;
536 while (size >= 4) {
537 register const u_char *p = &v[size - 4];
538 bpf_int32 w = ((bpf_int32)p[0] << 24) |
539 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3];
540
541 tmp = gen_cmp(offset + size - 4, BPF_W, w);
542 if (b != NULL)
543 gen_and(b, tmp);
544 b = tmp;
545 size -= 4;
546 }
547 while (size >= 2) {
548 register const u_char *p = &v[size - 2];
549 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1];
550
551 tmp = gen_cmp(offset + size - 2, BPF_H, w);
552 if (b != NULL)
553 gen_and(b, tmp);
554 b = tmp;
555 size -= 2;
556 }
557 if (size > 0) {
558 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]);
559 if (b != NULL)
560 gen_and(b, tmp);
561 b = tmp;
562 }
563 return b;
564 }
565
566 static struct block *
567 gen_ncmp(datasize, offset, mask, jtype, jvalue, reverse)
568 bpf_u_int32 datasize, offset, mask, jtype, jvalue;
569 int reverse;
570 {
571 struct slist *s;
572 struct block *b;
573
574 s = new_stmt(BPF_LD|datasize|BPF_ABS);
575 s->s.k = offset;
576
577 if (mask != 0xffffffff) {
578 s->next = new_stmt(BPF_ALU|BPF_AND|BPF_K);
579 s->next->s.k = mask;
580 }
581
582 b = new_block(JMP(jtype));
583 b->stmts = s;
584 b->s.k = jvalue;
585 if (reverse && (jtype == BPF_JGT || jtype == BPF_JGE))
586 gen_not(b);
587 return b;
588 }
589
590 /*
591 * Various code constructs need to know the layout of the data link
592 * layer. These variables give the necessary offsets.
593 */
594
595 /*
596 * This is the offset of the beginning of the MAC-layer header.
597 * It's usually 0, except for ATM LANE.
598 */
599 static u_int off_mac;
600
601 /*
602 * "off_linktype" is the offset to information in the link-layer header
603 * giving the packet type.
604 *
605 * For Ethernet, it's the offset of the Ethernet type field.
606 *
607 * For link-layer types that always use 802.2 headers, it's the
608 * offset of the LLC header.
609 *
610 * For PPP, it's the offset of the PPP type field.
611 *
612 * For Cisco HDLC, it's the offset of the CHDLC type field.
613 *
614 * For BSD loopback, it's the offset of the AF_ value.
615 *
616 * For Linux cooked sockets, it's the offset of the type field.
617 *
618 * It's set to -1 for no encapsulation, in which case, IP is assumed.
619 */
620 static u_int off_linktype;
621
622 /*
623 * TRUE if the link layer includes an ATM pseudo-header.
624 */
625 static int is_atm = 0;
626
627 /*
628 * TRUE if "lane" appeared in the filter; it causes us to generate
629 * code that assumes LANE rather than LLC-encapsulated traffic in SunATM.
630 */
631 static int is_lane = 0;
632
633 /*
634 * These are offsets for the ATM pseudo-header.
635 */
636 static u_int off_vpi;
637 static u_int off_vci;
638 static u_int off_proto;
639
640 /*
641 * This is the offset of the first byte after the ATM pseudo_header,
642 * or -1 if there is no ATM pseudo-header.
643 */
644 static u_int off_payload;
645
646 /*
647 * These are offsets to the beginning of the network-layer header.
648 *
649 * If the link layer never uses 802.2 LLC:
650 *
651 * "off_nl" and "off_nl_nosnap" are the same.
652 *
653 * If the link layer always uses 802.2 LLC:
654 *
655 * "off_nl" is the offset if there's a SNAP header following
656 * the 802.2 header;
657 *
658 * "off_nl_nosnap" is the offset if there's no SNAP header.
659 *
660 * If the link layer is Ethernet:
661 *
662 * "off_nl" is the offset if the packet is an Ethernet II packet
663 * (we assume no 802.3+802.2+SNAP);
664 *
665 * "off_nl_nosnap" is the offset if the packet is an 802.3 packet
666 * with an 802.2 header following it.
667 */
668 static u_int off_nl;
669 static u_int off_nl_nosnap;
670
671 static int linktype;
672
673 static void
674 init_linktype(type)
675 int type;
676 {
677 linktype = type;
678
679 /*
680 * Assume it's not raw ATM with a pseudo-header, for now.
681 */
682 off_mac = 0;
683 is_atm = 0;
684 is_lane = 0;
685 off_vpi = -1;
686 off_vci = -1;
687 off_proto = -1;
688 off_payload = -1;
689
690 orig_linktype = -1;
691 orig_nl = -1;
692 orig_nl_nosnap = -1;
693
694 switch (type) {
695
696 case DLT_ARCNET:
697 off_linktype = 2;
698 off_nl = 6; /* XXX in reality, variable! */
699 off_nl_nosnap = 6; /* no 802.2 LLC */
700 return;
701
702 case DLT_EN10MB:
703 off_linktype = 12;
704 off_nl = 14; /* Ethernet II */
705 off_nl_nosnap = 17; /* 802.3+802.2 */
706 return;
707
708 case DLT_SLIP:
709 /*
710 * SLIP doesn't have a link level type. The 16 byte
711 * header is hacked into our SLIP driver.
712 */
713 off_linktype = -1;
714 off_nl = 16;
715 off_nl_nosnap = 16; /* no 802.2 LLC */
716 return;
717
718 case DLT_SLIP_BSDOS:
719 /* XXX this may be the same as the DLT_PPP_BSDOS case */
720 off_linktype = -1;
721 /* XXX end */
722 off_nl = 24;
723 off_nl_nosnap = 24; /* no 802.2 LLC */
724 return;
725
726 case DLT_NULL:
727 case DLT_LOOP:
728 off_linktype = 0;
729 off_nl = 4;
730 off_nl_nosnap = 4; /* no 802.2 LLC */
731 return;
732
733 case DLT_PPP:
734 case DLT_C_HDLC: /* BSD/OS Cisco HDLC */
735 case DLT_PPP_SERIAL: /* NetBSD sync/async serial PPP */
736 off_linktype = 2;
737 off_nl = 4;
738 off_nl_nosnap = 4; /* no 802.2 LLC */
739 return;
740
741 case DLT_PPP_ETHER:
742 /*
743 * This does no include the Ethernet header, and
744 * only covers session state.
745 */
746 off_linktype = 6;
747 off_nl = 8;
748 off_nl_nosnap = 8; /* no 802.2 LLC */
749 return;
750
751 case DLT_PPP_BSDOS:
752 off_linktype = 5;
753 off_nl = 24;
754 off_nl_nosnap = 24; /* no 802.2 LLC */
755 return;
756
757 case DLT_FDDI:
758 /*
759 * FDDI doesn't really have a link-level type field.
760 * We set "off_linktype" to the offset of the LLC header.
761 *
762 * To check for Ethernet types, we assume that SSAP = SNAP
763 * is being used and pick out the encapsulated Ethernet type.
764 * XXX - should we generate code to check for SNAP?
765 */
766 off_linktype = 13;
767 #ifdef PCAP_FDDIPAD
768 off_linktype += pcap_fddipad;
769 #endif
770 off_nl = 21; /* FDDI+802.2+SNAP */
771 off_nl_nosnap = 16; /* FDDI+802.2 */
772 #ifdef PCAP_FDDIPAD
773 off_nl += pcap_fddipad;
774 off_nl_nosnap += pcap_fddipad;
775 #endif
776 return;
777
778 case DLT_IEEE802:
779 /*
780 * Token Ring doesn't really have a link-level type field.
781 * We set "off_linktype" to the offset of the LLC header.
782 *
783 * To check for Ethernet types, we assume that SSAP = SNAP
784 * is being used and pick out the encapsulated Ethernet type.
785 * XXX - should we generate code to check for SNAP?
786 *
787 * XXX - the header is actually variable-length.
788 * Some various Linux patched versions gave 38
789 * as "off_linktype" and 40 as "off_nl"; however,
790 * if a token ring packet has *no* routing
791 * information, i.e. is not source-routed, the correct
792 * values are 20 and 22, as they are in the vanilla code.
793 *
794 * A packet is source-routed iff the uppermost bit
795 * of the first byte of the source address, at an
796 * offset of 8, has the uppermost bit set. If the
797 * packet is source-routed, the total number of bytes
798 * of routing information is 2 plus bits 0x1F00 of
799 * the 16-bit value at an offset of 14 (shifted right
800 * 8 - figure out which byte that is).
801 */
802 off_linktype = 14;
803 off_nl = 22; /* Token Ring+802.2+SNAP */
804 off_nl_nosnap = 17; /* Token Ring+802.2 */
805 return;
806
807 case DLT_IEEE802_11:
808 /*
809 * 802.11 doesn't really have a link-level type field.
810 * We set "off_linktype" to the offset of the LLC header.
811 *
812 * To check for Ethernet types, we assume that SSAP = SNAP
813 * is being used and pick out the encapsulated Ethernet type.
814 * XXX - should we generate code to check for SNAP?
815 *
816 * XXX - the header is actually variable-length. We
817 * assume a 24-byte link-layer header, as appears in
818 * data frames in networks with no bridges.
819 */
820 off_linktype = 24;
821 off_nl = 32; /* 802.11+802.2+SNAP */
822 off_nl_nosnap = 27; /* 802.11+802.2 */
823 return;
824
825 case DLT_PRISM_HEADER:
826 /*
827 * Same as 802.11, but with an additional header before
828 * the 802.11 header, containing a bunch of additional
829 * information including radio-level information.
830 *
831 * The header is 144 bytes long.
832 *
833 * XXX - same variable-length header problem; at least
834 * the Prism header is fixed-length.
835 */
836 off_linktype = 144+24;
837 off_nl = 144+32; /* Prism+802.11+802.2+SNAP */
838 off_nl_nosnap = 144+27; /* Prism+802.11+802.2 */
839 return;
840
841 case DLT_ATM_RFC1483:
842 off_linktype = 0;
843 off_nl = 4; /* FIXME SNAP */
844 return;
845
846 case DLT_ATM_CLIP: /* Linux ATM defines this */
847 /*
848 * assume routed, non-ISO PDUs
849 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00)
850 */
851 off_linktype = 0;
852 off_nl = 8; /* 802.2+SNAP */
853 off_nl_nosnap = 3; /* 802.2 */
854 return;
855
856 case DLT_SUNATM:
857 /*
858 * Full Frontal ATM; you get AALn PDUs with an ATM
859 * pseudo-header.
860 */
861 is_atm = 1;
862 off_vpi = SUNATM_VPI_POS;
863 off_vci = SUNATM_VCI_POS;
864 off_proto = PROTO_POS;
865 off_mac = -1; /* LLC-encapsulated, so no MAC-layer header */
866 off_payload = SUNATM_PKT_BEGIN_POS;
867 off_linktype = off_payload;
868 off_nl = off_payload+8; /* 802.2+SNAP */
869 off_nl_nosnap = off_payload+3; /* 802.2 */
870 return;
871
872 case DLT_RAW:
873 off_linktype = -1;
874 off_nl = 0;
875 off_nl_nosnap = 0; /* no 802.2 LLC */
876 return;
877
878 case DLT_LINUX_SLL: /* fake header for Linux cooked socket */
879 off_linktype = 14;
880 off_nl = 16;
881 off_nl_nosnap = 16; /* no 802.2 LLC */
882 return;
883
884 case DLT_LTALK:
885 /*
886 * LocalTalk does have a 1-byte type field in the LLAP header,
887 * but really it just indicates whether there is a "short" or
888 * "long" DDP packet following.
889 */
890 off_linktype = -1;
891 off_nl = 0;
892 off_nl_nosnap = 0; /* no 802.2 LLC */
893 return;
894
895 case DLT_IP_OVER_FC:
896 /*
897 * RFC 2625 IP-over-Fibre-Channel doesn't really have a
898 * link-level type field. We set "off_linktype" to the
899 * offset of the LLC header.
900 *
901 * To check for Ethernet types, we assume that SSAP = SNAP
902 * is being used and pick out the encapsulated Ethernet type.
903 * XXX - should we generate code to check for SNAP? RFC
904 * 2625 says SNAP should be used.
905 */
906 off_linktype = 16;
907 off_nl = 24; /* IPFC+802.2+SNAP */
908 off_nl_nosnap = 19; /* IPFC+802.2 */
909 return;
910
911 case DLT_FRELAY:
912 /*
913 * XXX - we should set this to handle SNAP-encapsulated
914 * frames (NLPID of 0x80).
915 */
916 off_linktype = -1;
917 off_nl = 0;
918 off_nl_nosnap = 0; /* no 802.2 LLC */
919 return;
920 }
921 bpf_error("unknown data link type %d", linktype);
922 /* NOTREACHED */
923 }
924
925 static struct block *
926 gen_uncond(rsense)
927 int rsense;
928 {
929 struct block *b;
930 struct slist *s;
931
932 s = new_stmt(BPF_LD|BPF_IMM);
933 s->s.k = !rsense;
934 b = new_block(JMP(BPF_JEQ));
935 b->stmts = s;
936
937 return b;
938 }
939
940 static inline struct block *
941 gen_true()
942 {
943 return gen_uncond(1);
944 }
945
946 static inline struct block *
947 gen_false()
948 {
949 return gen_uncond(0);
950 }
951
952 /*
953 * Byte-swap a 32-bit number.
954 * ("htonl()" or "ntohl()" won't work - we want to byte-swap even on
955 * big-endian platforms.)
956 */
957 #define SWAPLONG(y) \
958 ((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff))
959
960 static struct block *
961 gen_ether_linktype(proto)
962 register int proto;
963 {
964 struct block *b0, *b1;
965
966 switch (proto) {
967
968 case LLCSAP_ISONS:
969 /*
970 * OSI protocols always use 802.2 encapsulation.
971 */
972 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
973 gen_not(b0);
974 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
975 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
976 gen_and(b0, b1);
977 return b1;
978
979 case LLCSAP_IP:
980 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
981 gen_not(b0);
982 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
983 ((LLCSAP_IP << 8) | LLCSAP_IP));
984 gen_and(b0, b1);
985 return b1;
986
987 case LLCSAP_NETBEUI:
988 /*
989 * NetBEUI always uses 802.2 encapsulation.
990 */
991 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
992 gen_not(b0);
993 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
994 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
995 gen_and(b0, b1);
996 return b1;
997
998 case LLCSAP_IPX:
999 /*
1000 * Check for;
1001 *
1002 * Ethernet_II frames, which are Ethernet
1003 * frames with a frame type of ETHERTYPE_IPX;
1004 *
1005 * Ethernet_802.3 frames, which are 802.3
1006 * frames (i.e., the type/length field is
1007 * a length field, <= ETHERMTU, rather than
1008 * a type field) with the first two bytes
1009 * after the Ethernet/802.3 header being
1010 * 0xFFFF;
1011 *
1012 * Ethernet_802.2 frames, which are 802.3
1013 * frames with an 802.2 LLC header and
1014 * with the IPX LSAP as the DSAP in the LLC
1015 * header;
1016 *
1017 * Ethernet_SNAP frames, which are 802.3
1018 * frames with an LLC header and a SNAP
1019 * header and with an OUI of 0x000000
1020 * (encapsulated Ethernet) and a protocol
1021 * ID of ETHERTYPE_IPX in the SNAP header.
1022 *
1023 * XXX - should we generate the same code both
1024 * for tests for LLCSAP_IPX and for ETHERTYPE_IPX?
1025 */
1026
1027 /*
1028 * This generates code to check both for the
1029 * IPX LSAP (Ethernet_802.2) and for Ethernet_802.3.
1030 */
1031 b0 = gen_cmp(off_linktype + 2, BPF_B, (bpf_int32)LLCSAP_IPX);
1032 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)0xFFFF);
1033 gen_or(b0, b1);
1034
1035 /*
1036 * Now we add code to check for SNAP frames with
1037 * ETHERTYPE_IPX, i.e. Ethernet_SNAP.
1038 */
1039 b0 = gen_snap(0x000000, ETHERTYPE_IPX, 14);
1040 gen_or(b0, b1);
1041
1042 /*
1043 * Now we generate code to check for 802.3
1044 * frames in general.
1045 */
1046 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1047 gen_not(b0);
1048
1049 /*
1050 * Now add the check for 802.3 frames before the
1051 * check for Ethernet_802.2 and Ethernet_802.3,
1052 * as those checks should only be done on 802.3
1053 * frames, not on Ethernet frames.
1054 */
1055 gen_and(b0, b1);
1056
1057 /*
1058 * Now add the check for Ethernet_II frames, and
1059 * do that before checking for the other frame
1060 * types.
1061 */
1062 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)ETHERTYPE_IPX);
1063 gen_or(b0, b1);
1064 return b1;
1065
1066 case ETHERTYPE_ATALK:
1067 case ETHERTYPE_AARP:
1068 /*
1069 * EtherTalk (AppleTalk protocols on Ethernet link
1070 * layer) may use 802.2 encapsulation.
1071 */
1072
1073 /*
1074 * Check for 802.2 encapsulation (EtherTalk phase 2?);
1075 * we check for an Ethernet type field less than
1076 * 1500, which means it's an 802.3 length field.
1077 */
1078 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1079 gen_not(b0);
1080
1081 /*
1082 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1083 * SNAP packets with an organization code of
1084 * 0x080007 (Apple, for Appletalk) and a protocol
1085 * type of ETHERTYPE_ATALK (Appletalk).
1086 *
1087 * 802.2-encapsulated ETHERTYPE_AARP packets are
1088 * SNAP packets with an organization code of
1089 * 0x000000 (encapsulated Ethernet) and a protocol
1090 * type of ETHERTYPE_AARP (Appletalk ARP).
1091 */
1092 if (proto == ETHERTYPE_ATALK)
1093 b1 = gen_snap(0x080007, ETHERTYPE_ATALK, 14);
1094 else /* proto == ETHERTYPE_AARP */
1095 b1 = gen_snap(0x000000, ETHERTYPE_AARP, 14);
1096 gen_and(b0, b1);
1097
1098 /*
1099 * Check for Ethernet encapsulation (Ethertalk
1100 * phase 1?); we just check for the Ethernet
1101 * protocol type.
1102 */
1103 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1104
1105 gen_or(b0, b1);
1106 return b1;
1107
1108 default:
1109 if (proto <= ETHERMTU) {
1110 /*
1111 * This is an LLC SAP value, so the frames
1112 * that match would be 802.2 frames.
1113 * Check that the frame is an 802.2 frame
1114 * (i.e., that the length/type field is
1115 * a length field, <= ETHERMTU) and
1116 * then check the DSAP.
1117 */
1118 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1119 gen_not(b0);
1120 b1 = gen_cmp(off_linktype + 2, BPF_B, (bpf_int32)proto);
1121 gen_and(b0, b1);
1122 return b1;
1123 } else {
1124 /*
1125 * This is an Ethernet type, so compare
1126 * the length/type field with it (if
1127 * the frame is an 802.2 frame, the length
1128 * field will be <= ETHERMTU, and, as
1129 * "proto" is > ETHERMTU, this test
1130 * will fail and the frame won't match,
1131 * which is what we want).
1132 */
1133 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1134 }
1135 }
1136 }
1137
1138 static struct block *
1139 gen_linktype(proto)
1140 register int proto;
1141 {
1142 struct block *b0, *b1, *b2;
1143
1144 switch (linktype) {
1145
1146 case DLT_EN10MB:
1147 return gen_ether_linktype(proto);
1148 break;
1149
1150 case DLT_C_HDLC:
1151 switch (proto) {
1152 case LLCSAP_ISONS:
1153 proto = (proto << 8 | LLCSAP_ISONS);
1154 /* fall through */
1155 default:
1156 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1157 break;
1158 }
1159 case DLT_IEEE802_11:
1160 case DLT_PRISM_HEADER:
1161 case DLT_FDDI:
1162 case DLT_IEEE802:
1163 case DLT_ATM_RFC1483:
1164 case DLT_ATM_CLIP:
1165 case DLT_IP_OVER_FC:
1166 return gen_llc(proto);
1167 break;
1168
1169 case DLT_SUNATM:
1170 /*
1171 * If "is_lane" is set, check for a LANE-encapsulated
1172 * version of this protocol, otherwise check for an
1173 * LLC-encapsulated version of this protocol.
1174 *
1175 * We assume LANE means Ethernet, not Token Ring.
1176 */
1177 if (is_lane) {
1178 /*
1179 * Check that the packet doesn't begin with an
1180 * LE Control marker. (We've already generated
1181 * a test for LANE.)
1182 */
1183 b0 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
1184 gen_not(b0);
1185
1186 /*
1187 * Now generate an Ethernet test.
1188 */
1189 b1 = gen_ether_linktype(proto);
1190 gen_and(b0, b1);
1191 return b1;
1192 } else {
1193 /*
1194 * Check for LLC encapsulation and then check the
1195 * protocol.
1196 */
1197 b0 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0);
1198 b1 = gen_llc(proto);
1199 gen_and(b0, b1);
1200 return b1;
1201 }
1202
1203 case DLT_LINUX_SLL:
1204 switch (proto) {
1205
1206 case LLCSAP_IP:
1207 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1208 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1209 ((LLCSAP_IP << 8) | LLCSAP_IP));
1210 gen_and(b0, b1);
1211 return b1;
1212
1213 case LLCSAP_ISONS:
1214 /*
1215 * OSI protocols always use 802.2 encapsulation.
1216 */
1217 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1218 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1219 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
1220 gen_and(b0, b1);
1221 return b1;
1222
1223 case LLCSAP_NETBEUI:
1224 /*
1225 * NetBEUI always uses 802.2 encapsulation.
1226 * XXX - should we check both the DSAP and the
1227 * LSAP, like this, or should we check just the
1228 * DSAP?
1229 */
1230 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1231 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1232 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
1233 gen_and(b0, b1);
1234 return b1;
1235
1236 case LLCSAP_IPX:
1237 /*
1238 * Ethernet_II frames, which are Ethernet
1239 * frames with a frame type of ETHERTYPE_IPX;
1240 *
1241 * Ethernet_802.3 frames, which have a frame
1242 * type of LINUX_SLL_P_802_3;
1243 *
1244 * Ethernet_802.2 frames, which are 802.3
1245 * frames with an 802.2 LLC header (i.e, have
1246 * a frame type of LINUX_SLL_P_802_2) and
1247 * with the IPX LSAP as the DSAP in the LLC
1248 * header;
1249 *
1250 * Ethernet_SNAP frames, which are 802.3
1251 * frames with an LLC header and a SNAP
1252 * header and with an OUI of 0x000000
1253 * (encapsulated Ethernet) and a protocol
1254 * ID of ETHERTYPE_IPX in the SNAP header.
1255 *
1256 * First, do the checks on LINUX_SLL_P_802_2
1257 * frames; generate the check for either
1258 * Ethernet_802.2 or Ethernet_SNAP frames, and
1259 * then put a check for LINUX_SLL_P_802_2 frames
1260 * before it.
1261 */
1262 b0 = gen_cmp(off_linktype + 2, BPF_B,
1263 (bpf_int32)LLCSAP_IPX);
1264 b1 = gen_snap(0x000000, ETHERTYPE_IPX,
1265 off_linktype + 2);
1266 gen_or(b0, b1);
1267 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1268 gen_and(b0, b1);
1269
1270 /*
1271 * Now check for 802.3 frames and OR that with
1272 * the previous test.
1273 */
1274 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_3);
1275 gen_or(b0, b1);
1276
1277 /*
1278 * Now add the check for Ethernet_II frames, and
1279 * do that before checking for the other frame
1280 * types.
1281 */
1282 b0 = gen_cmp(off_linktype, BPF_H,
1283 (bpf_int32)ETHERTYPE_IPX);
1284 gen_or(b0, b1);
1285 return b1;
1286
1287 case ETHERTYPE_ATALK:
1288 case ETHERTYPE_AARP:
1289 /*
1290 * EtherTalk (AppleTalk protocols on Ethernet link
1291 * layer) may use 802.2 encapsulation.
1292 */
1293
1294 /*
1295 * Check for 802.2 encapsulation (EtherTalk phase 2?);
1296 * we check for the 802.2 protocol type in the
1297 * "Ethernet type" field.
1298 */
1299 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1300
1301 /*
1302 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1303 * SNAP packets with an organization code of
1304 * 0x080007 (Apple, for Appletalk) and a protocol
1305 * type of ETHERTYPE_ATALK (Appletalk).
1306 *
1307 * 802.2-encapsulated ETHERTYPE_AARP packets are
1308 * SNAP packets with an organization code of
1309 * 0x000000 (encapsulated Ethernet) and a protocol
1310 * type of ETHERTYPE_AARP (Appletalk ARP).
1311 */
1312 if (proto == ETHERTYPE_ATALK)
1313 b1 = gen_snap(0x080007, ETHERTYPE_ATALK,
1314 off_linktype + 2);
1315 else /* proto == ETHERTYPE_AARP */
1316 b1 = gen_snap(0x000000, ETHERTYPE_AARP,
1317 off_linktype + 2);
1318 gen_and(b0, b1);
1319
1320 /*
1321 * Check for Ethernet encapsulation (Ethertalk
1322 * phase 1?); we just check for the Ethernet
1323 * protocol type.
1324 */
1325 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1326
1327 gen_or(b0, b1);
1328 return b1;
1329
1330 default:
1331 if (proto <= ETHERMTU) {
1332 /*
1333 * This is an LLC SAP value, so the frames
1334 * that match would be 802.2 frames.
1335 * Check for the 802.2 protocol type
1336 * in the "Ethernet type" field, and
1337 * then check the DSAP.
1338 */
1339 b0 = gen_cmp(off_linktype, BPF_H,
1340 LINUX_SLL_P_802_2);
1341 b1 = gen_cmp(off_linktype + 2, BPF_B,
1342 (bpf_int32)proto);
1343 gen_and(b0, b1);
1344 return b1;
1345 } else {
1346 /*
1347 * This is an Ethernet type, so compare
1348 * the length/type field with it (if
1349 * the frame is an 802.2 frame, the length
1350 * field will be <= ETHERMTU, and, as
1351 * "proto" is > ETHERMTU, this test
1352 * will fail and the frame won't match,
1353 * which is what we want).
1354 */
1355 return gen_cmp(off_linktype, BPF_H,
1356 (bpf_int32)proto);
1357 }
1358 }
1359 break;
1360
1361 case DLT_SLIP:
1362 case DLT_SLIP_BSDOS:
1363 case DLT_RAW:
1364 /*
1365 * These types don't provide any type field; packets
1366 * are always IP.
1367 *
1368 * XXX - for IPv4, check for a version number of 4, and,
1369 * for IPv6, check for a version number of 6?
1370 */
1371 switch (proto) {
1372
1373 case ETHERTYPE_IP:
1374 #ifdef INET6
1375 case ETHERTYPE_IPV6:
1376 #endif
1377 return gen_true(); /* always true */
1378
1379 default:
1380 return gen_false(); /* always false */
1381 }
1382 break;
1383
1384 case DLT_PPP:
1385 case DLT_PPP_SERIAL:
1386 case DLT_PPP_ETHER:
1387 /*
1388 * We use Ethernet protocol types inside libpcap;
1389 * map them to the corresponding PPP protocol types.
1390 */
1391 switch (proto) {
1392
1393 case ETHERTYPE_IP:
1394 proto = PPP_IP;
1395 break;
1396
1397 #ifdef INET6
1398 case ETHERTYPE_IPV6:
1399 proto = PPP_IPV6;
1400 break;
1401 #endif
1402
1403 case ETHERTYPE_DN:
1404 proto = PPP_DECNET;
1405 break;
1406
1407 case ETHERTYPE_ATALK:
1408 proto = PPP_APPLE;
1409 break;
1410
1411 case ETHERTYPE_NS:
1412 proto = PPP_NS;
1413 break;
1414
1415 case LLCSAP_ISONS:
1416 proto = PPP_OSI;
1417 break;
1418
1419 case LLCSAP_8021D:
1420 /*
1421 * I'm assuming the "Bridging PDU"s that go
1422 * over PPP are Spanning Tree Protocol
1423 * Bridging PDUs.
1424 */
1425 proto = PPP_BRPDU;
1426 break;
1427
1428 case LLCSAP_IPX:
1429 proto = PPP_IPX;
1430 break;
1431 }
1432 break;
1433
1434 case DLT_PPP_BSDOS:
1435 /*
1436 * We use Ethernet protocol types inside libpcap;
1437 * map them to the corresponding PPP protocol types.
1438 */
1439 switch (proto) {
1440
1441 case ETHERTYPE_IP:
1442 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP);
1443 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC);
1444 gen_or(b0, b1);
1445 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC);
1446 gen_or(b1, b0);
1447 return b0;
1448
1449 #ifdef INET6
1450 case ETHERTYPE_IPV6:
1451 proto = PPP_IPV6;
1452 /* more to go? */
1453 break;
1454 #endif
1455
1456 case ETHERTYPE_DN:
1457 proto = PPP_DECNET;
1458 break;
1459
1460 case ETHERTYPE_ATALK:
1461 proto = PPP_APPLE;
1462 break;
1463
1464 case ETHERTYPE_NS:
1465 proto = PPP_NS;
1466 break;
1467
1468 case LLCSAP_ISONS:
1469 proto = PPP_OSI;
1470 break;
1471
1472 case LLCSAP_8021D:
1473 /*
1474 * I'm assuming the "Bridging PDU"s that go
1475 * over PPP are Spanning Tree Protocol
1476 * Bridging PDUs.
1477 */
1478 proto = PPP_BRPDU;
1479 break;
1480
1481 case LLCSAP_IPX:
1482 proto = PPP_IPX;
1483 break;
1484 }
1485 break;
1486
1487 case DLT_NULL:
1488 case DLT_LOOP:
1489 /*
1490 * For DLT_NULL, the link-layer header is a 32-bit
1491 * word containing an AF_ value in *host* byte order.
1492 *
1493 * In addition, if we're reading a saved capture file,
1494 * the host byte order in the capture may not be the
1495 * same as the host byte order on this machine.
1496 *
1497 * For DLT_LOOP, the link-layer header is a 32-bit
1498 * word containing an AF_ value in *network* byte order.
1499 *
1500 * XXX - AF_ values may, unfortunately, be platform-
1501 * dependent; for example, FreeBSD's AF_INET6 is 24
1502 * whilst NetBSD's and OpenBSD's is 26.
1503 *
1504 * This means that, when reading a capture file, just
1505 * checking for our AF_INET6 value won't work if the
1506 * capture file came from another OS.
1507 */
1508 switch (proto) {
1509
1510 case ETHERTYPE_IP:
1511 proto = AF_INET;
1512 break;
1513
1514 #ifdef INET6
1515 case ETHERTYPE_IPV6:
1516 proto = AF_INET6;
1517 break;
1518 #endif
1519
1520 default:
1521 /*
1522 * Not a type on which we support filtering.
1523 * XXX - support those that have AF_ values
1524 * #defined on this platform, at least?
1525 */
1526 return gen_false();
1527 }
1528
1529 if (linktype == DLT_NULL) {
1530 /*
1531 * The AF_ value is in host byte order, but
1532 * the BPF interpreter will convert it to
1533 * network byte order.
1534 *
1535 * If this is a save file, and it's from a
1536 * machine with the opposite byte order to
1537 * ours, we byte-swap the AF_ value.
1538 *
1539 * Then we run it through "htonl()", and
1540 * generate code to compare against the result.
1541 */
1542 if (bpf_pcap->sf.rfile != NULL &&
1543 bpf_pcap->sf.swapped)
1544 proto = SWAPLONG(proto);
1545 proto = htonl(proto);
1546 }
1547 return (gen_cmp(0, BPF_W, (bpf_int32)proto));
1548
1549 case DLT_ARCNET:
1550 /*
1551 * XXX should we check for first fragment if the protocol
1552 * uses PHDS?
1553 */
1554 switch(proto) {
1555 default:
1556 return gen_false();
1557 #ifdef INET6
1558 case ETHERTYPE_IPV6:
1559 return(gen_cmp(2, BPF_B,
1560 (bpf_int32)htonl(ARCTYPE_INET6)));
1561 #endif /* INET6 */
1562 case ETHERTYPE_IP:
1563 b0 = gen_cmp(2, BPF_B, (bpf_int32)htonl(ARCTYPE_IP));
1564 b1 = gen_cmp(2, BPF_B,
1565 (bpf_int32)htonl(ARCTYPE_IP_OLD));
1566 gen_or(b0, b1);
1567 return(b1);
1568 case ETHERTYPE_ARP:
1569 b0 = gen_cmp(2, BPF_B, (bpf_int32)htonl(ARCTYPE_ARP));
1570 b1 = gen_cmp(2, BPF_B,
1571 (bpf_int32)htonl(ARCTYPE_ARP_OLD));
1572 gen_or(b0, b1);
1573 return(b1);
1574 case ETHERTYPE_REVARP:
1575 return(gen_cmp(2, BPF_B,
1576 (bpf_int32)htonl(ARCTYPE_REVARP)));
1577 case ETHERTYPE_ATALK:
1578 return(gen_cmp(2, BPF_B,
1579 (bpf_int32)htonl(ARCTYPE_ATALK)));
1580 }
1581 break;
1582
1583 case DLT_LTALK:
1584 switch (proto) {
1585 case ETHERTYPE_ATALK:
1586 return gen_true();
1587 default:
1588 return gen_false();
1589 }
1590 break;
1591
1592 case DLT_FRELAY:
1593 /*
1594 * XXX - assumes a 2-byte Frame Relay header with
1595 * DLCI and flags. What if the address is longer?
1596 */
1597 switch (proto) {
1598
1599 case ETHERTYPE_IP:
1600 /*
1601 * Check for the special NLPID for IP.
1602 */
1603 return gen_cmp(2, BPF_H, (0x03<<8) | 0xcc);
1604
1605 #ifdef INET6
1606 case ETHERTYPE_IPV6:
1607 /*
1608 * Check for the special NLPID for IPv6.
1609 */
1610 return gen_cmp(2, BPF_H, (0x03<<8) | 0x8e);
1611 #endif
1612
1613 case LLCSAP_ISONS:
1614 /*
1615 * Check for several OSI protocols.
1616 *
1617 * Frame Relay packets typically have an OSI
1618 * NLPID at the beginning; we check for each
1619 * of them.
1620 *
1621 * What we check for is the NLPID and a frame
1622 * control field of UI, i.e. 0x03 followed
1623 * by the NLPID.
1624 */
1625 b0 = gen_cmp(2, BPF_H, (0x03<<8) | ISO8473_CLNP);
1626 b1 = gen_cmp(2, BPF_H, (0x03<<8) | ISO9542_ESIS);
1627 b2 = gen_cmp(2, BPF_H, (0x03<<8) | ISO10589_ISIS);
1628 gen_or(b1, b2);
1629 gen_or(b0, b2);
1630 return b2;
1631
1632 default:
1633 return gen_false();
1634 }
1635 break;
1636 }
1637
1638 /*
1639 * All the types that have no encapsulation should either be
1640 * handled as DLT_SLIP, DLT_SLIP_BSDOS, and DLT_RAW are, if
1641 * all packets are IP packets, or should be handled in some
1642 * special case, if none of them are (if some are and some
1643 * aren't, the lack of encapsulation is a problem, as we'd
1644 * have to find some other way of determining the packet type).
1645 *
1646 * Therefore, if "off_linktype" is -1, there's an error.
1647 */
1648 if (off_linktype == -1)
1649 abort();
1650
1651 /*
1652 * Any type not handled above should always have an Ethernet
1653 * type at an offset of "off_linktype". (PPP is partially
1654 * handled above - the protocol type is mapped from the
1655 * Ethernet and LLC types we use internally to the corresponding
1656 * PPP type - but the PPP type is always specified by a value
1657 * at "off_linktype", so we don't have to do the code generation
1658 * above.)
1659 */
1660 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1661 }
1662
1663 /*
1664 * Check for an LLC SNAP packet with a given organization code and
1665 * protocol type; we check the entire contents of the 802.2 LLC and
1666 * snap headers, checking for DSAP and SSAP of SNAP and a control
1667 * field of 0x03 in the LLC header, and for the specified organization
1668 * code and protocol type in the SNAP header.
1669 */
1670 static struct block *
1671 gen_snap(orgcode, ptype, offset)
1672 bpf_u_int32 orgcode;
1673 bpf_u_int32 ptype;
1674 u_int offset;
1675 {
1676 u_char snapblock[8];
1677
1678 snapblock[0] = LLCSAP_SNAP; /* DSAP = SNAP */
1679 snapblock[1] = LLCSAP_SNAP; /* SSAP = SNAP */
1680 snapblock[2] = 0x03; /* control = UI */
1681 snapblock[3] = (orgcode >> 16); /* upper 8 bits of organization code */
1682 snapblock[4] = (orgcode >> 8); /* middle 8 bits of organization code */
1683 snapblock[5] = (orgcode >> 0); /* lower 8 bits of organization code */
1684 snapblock[6] = (ptype >> 8); /* upper 8 bits of protocol type */
1685 snapblock[7] = (ptype >> 0); /* lower 8 bits of protocol type */
1686 return gen_bcmp(offset, 8, snapblock);
1687 }
1688
1689 /*
1690 * Check for a given protocol value assuming an 802.2 LLC header.
1691 */
1692 static struct block *
1693 gen_llc(proto)
1694 int proto;
1695 {
1696 /*
1697 * XXX - handle token-ring variable-length header.
1698 */
1699 switch (proto) {
1700
1701 case LLCSAP_IP:
1702 return gen_cmp(off_linktype, BPF_H, (long)
1703 ((LLCSAP_IP << 8) | LLCSAP_IP));
1704
1705 case LLCSAP_ISONS:
1706 return gen_cmp(off_linktype, BPF_H, (long)
1707 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
1708
1709 case LLCSAP_NETBEUI:
1710 return gen_cmp(off_linktype, BPF_H, (long)
1711 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
1712
1713 case LLCSAP_IPX:
1714 /*
1715 * XXX - are there ever SNAP frames for IPX on
1716 * non-Ethernet 802.x networks?
1717 */
1718 return gen_cmp(off_linktype, BPF_B, (bpf_int32)LLCSAP_IPX);
1719
1720 case ETHERTYPE_ATALK:
1721 /*
1722 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1723 * SNAP packets with an organization code of
1724 * 0x080007 (Apple, for Appletalk) and a protocol
1725 * type of ETHERTYPE_ATALK (Appletalk).
1726 *
1727 * XXX - check for an organization code of
1728 * encapsulated Ethernet as well?
1729 */
1730 return gen_snap(0x080007, ETHERTYPE_ATALK, off_linktype);
1731
1732 default:
1733 /*
1734 * XXX - we don't have to check for IPX 802.3
1735 * here, but should we check for the IPX Ethertype?
1736 */
1737 if (proto <= ETHERMTU) {
1738 /*
1739 * This is an LLC SAP value, so check
1740 * the DSAP.
1741 */
1742 return gen_cmp(off_linktype, BPF_B, (bpf_int32)proto);
1743 } else {
1744 /*
1745 * This is an Ethernet type; we assume that it's
1746 * unlikely that it'll appear in the right place
1747 * at random, and therefore check only the
1748 * location that would hold the Ethernet type
1749 * in a SNAP frame with an organization code of
1750 * 0x000000 (encapsulated Ethernet).
1751 *
1752 * XXX - if we were to check for the SNAP DSAP and
1753 * LSAP, as per XXX, and were also to check for an
1754 * organization code of 0x000000 (encapsulated
1755 * Ethernet), we'd do
1756 *
1757 * return gen_snap(0x000000, proto,
1758 * off_linktype);
1759 *
1760 * here; for now, we don't, as per the above.
1761 * I don't know whether it's worth the extra CPU
1762 * time to do the right check or not.
1763 */
1764 return gen_cmp(off_linktype+6, BPF_H, (bpf_int32)proto);
1765 }
1766 }
1767 }
1768
1769 static struct block *
1770 gen_hostop(addr, mask, dir, proto, src_off, dst_off)
1771 bpf_u_int32 addr;
1772 bpf_u_int32 mask;
1773 int dir, proto;
1774 u_int src_off, dst_off;
1775 {
1776 struct block *b0, *b1;
1777 u_int offset;
1778
1779 switch (dir) {
1780
1781 case Q_SRC:
1782 offset = src_off;
1783 break;
1784
1785 case Q_DST:
1786 offset = dst_off;
1787 break;
1788
1789 case Q_AND:
1790 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
1791 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
1792 gen_and(b0, b1);
1793 return b1;
1794
1795 case Q_OR:
1796 case Q_DEFAULT:
1797 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
1798 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
1799 gen_or(b0, b1);
1800 return b1;
1801
1802 default:
1803 abort();
1804 }
1805 b0 = gen_linktype(proto);
1806 b1 = gen_mcmp(offset, BPF_W, (bpf_int32)addr, mask);
1807 gen_and(b0, b1);
1808 return b1;
1809 }
1810
1811 #ifdef INET6
1812 static struct block *
1813 gen_hostop6(addr, mask, dir, proto, src_off, dst_off)
1814 struct in6_addr *addr;
1815 struct in6_addr *mask;
1816 int dir, proto;
1817 u_int src_off, dst_off;
1818 {
1819 struct block *b0, *b1;
1820 u_int offset;
1821 u_int32_t *a, *m;
1822
1823 switch (dir) {
1824
1825 case Q_SRC:
1826 offset = src_off;
1827 break;
1828
1829 case Q_DST:
1830 offset = dst_off;
1831 break;
1832
1833 case Q_AND:
1834 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
1835 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
1836 gen_and(b0, b1);
1837 return b1;
1838
1839 case Q_OR:
1840 case Q_DEFAULT:
1841 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
1842 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
1843 gen_or(b0, b1);
1844 return b1;
1845
1846 default:
1847 abort();
1848 }
1849 /* this order is important */
1850 a = (u_int32_t *)addr;
1851 m = (u_int32_t *)mask;
1852 b1 = gen_mcmp(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3]));
1853 b0 = gen_mcmp(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2]));
1854 gen_and(b0, b1);
1855 b0 = gen_mcmp(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1]));
1856 gen_and(b0, b1);
1857 b0 = gen_mcmp(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0]));
1858 gen_and(b0, b1);
1859 b0 = gen_linktype(proto);
1860 gen_and(b0, b1);
1861 return b1;
1862 }
1863 #endif /*INET6*/
1864
1865 static struct block *
1866 gen_ehostop(eaddr, dir)
1867 register const u_char *eaddr;
1868 register int dir;
1869 {
1870 register struct block *b0, *b1;
1871
1872 switch (dir) {
1873 case Q_SRC:
1874 return gen_bcmp(off_mac + 6, 6, eaddr);
1875
1876 case Q_DST:
1877 return gen_bcmp(off_mac + 0, 6, eaddr);
1878
1879 case Q_AND:
1880 b0 = gen_ehostop(eaddr, Q_SRC);
1881 b1 = gen_ehostop(eaddr, Q_DST);
1882 gen_and(b0, b1);
1883 return b1;
1884
1885 case Q_DEFAULT:
1886 case Q_OR:
1887 b0 = gen_ehostop(eaddr, Q_SRC);
1888 b1 = gen_ehostop(eaddr, Q_DST);
1889 gen_or(b0, b1);
1890 return b1;
1891 }
1892 abort();
1893 /* NOTREACHED */
1894 }
1895
1896 /*
1897 * Like gen_ehostop, but for DLT_FDDI
1898 */
1899 static struct block *
1900 gen_fhostop(eaddr, dir)
1901 register const u_char *eaddr;
1902 register int dir;
1903 {
1904 struct block *b0, *b1;
1905
1906 switch (dir) {
1907 case Q_SRC:
1908 #ifdef PCAP_FDDIPAD
1909 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr);
1910 #else
1911 return gen_bcmp(6 + 1, 6, eaddr);
1912 #endif
1913
1914 case Q_DST:
1915 #ifdef PCAP_FDDIPAD
1916 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr);
1917 #else
1918 return gen_bcmp(0 + 1, 6, eaddr);
1919 #endif
1920
1921 case Q_AND:
1922 b0 = gen_fhostop(eaddr, Q_SRC);
1923 b1 = gen_fhostop(eaddr, Q_DST);
1924 gen_and(b0, b1);
1925 return b1;
1926
1927 case Q_DEFAULT:
1928 case Q_OR:
1929 b0 = gen_fhostop(eaddr, Q_SRC);
1930 b1 = gen_fhostop(eaddr, Q_DST);
1931 gen_or(b0, b1);
1932 return b1;
1933 }
1934 abort();
1935 /* NOTREACHED */
1936 }
1937
1938 /*
1939 * Like gen_ehostop, but for DLT_IEEE802 (Token Ring)
1940 */
1941 static struct block *
1942 gen_thostop(eaddr, dir)
1943 register const u_char *eaddr;
1944 register int dir;
1945 {
1946 register struct block *b0, *b1;
1947
1948 switch (dir) {
1949 case Q_SRC:
1950 return gen_bcmp(8, 6, eaddr);
1951
1952 case Q_DST:
1953 return gen_bcmp(2, 6, eaddr);
1954
1955 case Q_AND:
1956 b0 = gen_thostop(eaddr, Q_SRC);
1957 b1 = gen_thostop(eaddr, Q_DST);
1958 gen_and(b0, b1);
1959 return b1;
1960
1961 case Q_DEFAULT:
1962 case Q_OR:
1963 b0 = gen_thostop(eaddr, Q_SRC);
1964 b1 = gen_thostop(eaddr, Q_DST);
1965 gen_or(b0, b1);
1966 return b1;
1967 }
1968 abort();
1969 /* NOTREACHED */
1970 }
1971
1972 /*
1973 * Like gen_ehostop, but for DLT_IEEE802_11 (802.11 wireless LAN)
1974 */
1975 static struct block *
1976 gen_wlanhostop(eaddr, dir)
1977 register const u_char *eaddr;
1978 register int dir;
1979 {
1980 register struct block *b0, *b1, *b2;
1981 register struct slist *s;
1982
1983 switch (dir) {
1984 case Q_SRC:
1985 /*
1986 * Oh, yuk.
1987 *
1988 * For control frames, there is no SA.
1989 *
1990 * For management frames, SA is at an
1991 * offset of 10 from the beginning of
1992 * the packet.
1993 *
1994 * For data frames, SA is at an offset
1995 * of 10 from the beginning of the packet
1996 * if From DS is clear, at an offset of
1997 * 16 from the beginning of the packet
1998 * if From DS is set and To DS is clear,
1999 * and an offset of 24 from the beginning
2000 * of the packet if From DS is set and To DS
2001 * is set.
2002 */
2003
2004 /*
2005 * Generate the tests to be done for data frames
2006 * with From DS set.
2007 *
2008 * First, check for To DS set, i.e. check "link[1] & 0x01".
2009 */
2010 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2011 s->s.k = 1;
2012 b1 = new_block(JMP(BPF_JSET));
2013 b1->s.k = 0x01; /* To DS */
2014 b1->stmts = s;
2015
2016 /*
2017 * If To DS is set, the SA is at 24.
2018 */
2019 b0 = gen_bcmp(24, 6, eaddr);
2020 gen_and(b1, b0);
2021
2022 /*
2023 * Now, check for To DS not set, i.e. check
2024 * "!(link[1] & 0x01)".
2025 */
2026 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2027 s->s.k = 1;
2028 b2 = new_block(JMP(BPF_JSET));
2029 b2->s.k = 0x01; /* To DS */
2030 b2->stmts = s;
2031 gen_not(b2);
2032
2033 /*
2034 * If To DS is not set, the SA is at 16.
2035 */
2036 b1 = gen_bcmp(16, 6, eaddr);
2037 gen_and(b2, b1);
2038
2039 /*
2040 * Now OR together the last two checks. That gives
2041 * the complete set of checks for data frames with
2042 * From DS set.
2043 */
2044 gen_or(b1, b0);
2045
2046 /*
2047 * Now check for From DS being set, and AND that with
2048 * the ORed-together checks.
2049 */
2050 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2051 s->s.k = 1;
2052 b1 = new_block(JMP(BPF_JSET));
2053 b1->s.k = 0x02; /* From DS */
2054 b1->stmts = s;
2055 gen_and(b1, b0);
2056
2057 /*
2058 * Now check for data frames with From DS not set.
2059 */
2060 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2061 s->s.k = 1;
2062 b2 = new_block(JMP(BPF_JSET));
2063 b2->s.k = 0x02; /* From DS */
2064 b2->stmts = s;
2065 gen_not(b2);
2066
2067 /*
2068 * If From DS isn't set, the SA is at 10.
2069 */
2070 b1 = gen_bcmp(10, 6, eaddr);
2071 gen_and(b2, b1);
2072
2073 /*
2074 * Now OR together the checks for data frames with
2075 * From DS not set and for data frames with From DS
2076 * set; that gives the checks done for data frames.
2077 */
2078 gen_or(b1, b0);
2079
2080 /*
2081 * Now check for a data frame.
2082 * I.e, check "link[0] & 0x08".
2083 */
2084 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2085 s->s.k = 0;
2086 b1 = new_block(JMP(BPF_JSET));
2087 b1->s.k = 0x08;
2088 b1->stmts = s;
2089
2090 /*
2091 * AND that with the checks done for data frames.
2092 */
2093 gen_and(b1, b0);
2094
2095 /*
2096 * If the high-order bit of the type value is 0, this
2097 * is a management frame.
2098 * I.e, check "!(link[0] & 0x08)".
2099 */
2100 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2101 s->s.k = 0;
2102 b2 = new_block(JMP(BPF_JSET));
2103 b2->s.k = 0x08;
2104 b2->stmts = s;
2105 gen_not(b2);
2106
2107 /*
2108 * For management frames, the SA is at 10.
2109 */
2110 b1 = gen_bcmp(10, 6, eaddr);
2111 gen_and(b2, b1);
2112
2113 /*
2114 * OR that with the checks done for data frames.
2115 * That gives the checks done for management and
2116 * data frames.
2117 */
2118 gen_or(b1, b0);
2119
2120 /*
2121 * If the low-order bit of the type value is 1,
2122 * this is either a control frame or a frame
2123 * with a reserved type, and thus not a
2124 * frame with an SA.
2125 *
2126 * I.e., check "!(link[0] & 0x04)".
2127 */
2128 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2129 s->s.k = 0;
2130 b1 = new_block(JMP(BPF_JSET));
2131 b1->s.k = 0x04;
2132 b1->stmts = s;
2133 gen_not(b1);
2134
2135 /*
2136 * AND that with the checks for data and management
2137 * frames.
2138 */
2139 gen_and(b1, b0);
2140 return b0;
2141
2142 case Q_DST:
2143 /*
2144 * Oh, yuk.
2145 *
2146 * For control frames, there is no DA.
2147 *
2148 * For management frames, DA is at an
2149 * offset of 4 from the beginning of
2150 * the packet.
2151 *
2152 * For data frames, DA is at an offset
2153 * of 4 from the beginning of the packet
2154 * if To DS is clear and at an offset of
2155 * 16 from the beginning of the packet
2156 * if To DS is set.
2157 */
2158
2159 /*
2160 * Generate the tests to be done for data frames.
2161 *
2162 * First, check for To DS set, i.e. "link[1] & 0x01".
2163 */
2164 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2165 s->s.k = 1;
2166 b1 = new_block(JMP(BPF_JSET));
2167 b1->s.k = 0x01; /* To DS */
2168 b1->stmts = s;
2169
2170 /*
2171 * If To DS is set, the DA is at 16.
2172 */
2173 b0 = gen_bcmp(16, 6, eaddr);
2174 gen_and(b1, b0);
2175
2176 /*
2177 * Now, check for To DS not set, i.e. check
2178 * "!(link[1] & 0x01)".
2179 */
2180 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2181 s->s.k = 1;
2182 b2 = new_block(JMP(BPF_JSET));
2183 b2->s.k = 0x01; /* To DS */
2184 b2->stmts = s;
2185 gen_not(b2);
2186
2187 /*
2188 * If To DS is not set, the DA is at 4.
2189 */
2190 b1 = gen_bcmp(4, 6, eaddr);
2191 gen_and(b2, b1);
2192
2193 /*
2194 * Now OR together the last two checks. That gives
2195 * the complete set of checks for data frames.
2196 */
2197 gen_or(b1, b0);
2198
2199 /*
2200 * Now check for a data frame.
2201 * I.e, check "link[0] & 0x08".
2202 */
2203 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2204 s->s.k = 0;
2205 b1 = new_block(JMP(BPF_JSET));
2206 b1->s.k = 0x08;
2207 b1->stmts = s;
2208
2209 /*
2210 * AND that with the checks done for data frames.
2211 */
2212 gen_and(b1, b0);
2213
2214 /*
2215 * If the high-order bit of the type value is 0, this
2216 * is a management frame.
2217 * I.e, check "!(link[0] & 0x08)".
2218 */
2219 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2220 s->s.k = 0;
2221 b2 = new_block(JMP(BPF_JSET));
2222 b2->s.k = 0x08;
2223 b2->stmts = s;
2224 gen_not(b2);
2225
2226 /*
2227 * For management frames, the DA is at 4.
2228 */
2229 b1 = gen_bcmp(4, 6, eaddr);
2230 gen_and(b2, b1);
2231
2232 /*
2233 * OR that with the checks done for data frames.
2234 * That gives the checks done for management and
2235 * data frames.
2236 */
2237 gen_or(b1, b0);
2238
2239 /*
2240 * If the low-order bit of the type value is 1,
2241 * this is either a control frame or a frame
2242 * with a reserved type, and thus not a
2243 * frame with an SA.
2244 *
2245 * I.e., check "!(link[0] & 0x04)".
2246 */
2247 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2248 s->s.k = 0;
2249 b1 = new_block(JMP(BPF_JSET));
2250 b1->s.k = 0x04;
2251 b1->stmts = s;
2252 gen_not(b1);
2253
2254 /*
2255 * AND that with the checks for data and management
2256 * frames.
2257 */
2258 gen_and(b1, b0);
2259 return b0;
2260
2261 case Q_AND:
2262 b0 = gen_wlanhostop(eaddr, Q_SRC);
2263 b1 = gen_wlanhostop(eaddr, Q_DST);
2264 gen_and(b0, b1);
2265 return b1;
2266
2267 case Q_DEFAULT:
2268 case Q_OR:
2269 b0 = gen_wlanhostop(eaddr, Q_SRC);
2270 b1 = gen_wlanhostop(eaddr, Q_DST);
2271 gen_or(b0, b1);
2272 return b1;
2273 }
2274 abort();
2275 /* NOTREACHED */
2276 }
2277
2278 /*
2279 * Like gen_ehostop, but for RFC 2625 IP-over-Fibre-Channel.
2280 * (We assume that the addresses are IEEE 48-bit MAC addresses,
2281 * as the RFC states.)
2282 */
2283 static struct block *
2284 gen_ipfchostop(eaddr, dir)
2285 register const u_char *eaddr;
2286 register int dir;
2287 {
2288 register struct block *b0, *b1;
2289
2290 switch (dir) {
2291 case Q_SRC:
2292 return gen_bcmp(10, 6, eaddr);
2293
2294 case Q_DST:
2295 return gen_bcmp(2, 6, eaddr);
2296
2297 case Q_AND:
2298 b0 = gen_ipfchostop(eaddr, Q_SRC);
2299 b1 = gen_ipfchostop(eaddr, Q_DST);
2300 gen_and(b0, b1);
2301 return b1;
2302
2303 case Q_DEFAULT:
2304 case Q_OR:
2305 b0 = gen_ipfchostop(eaddr, Q_SRC);
2306 b1 = gen_ipfchostop(eaddr, Q_DST);
2307 gen_or(b0, b1);
2308 return b1;
2309 }
2310 abort();
2311 /* NOTREACHED */
2312 }
2313
2314 /*
2315 * This is quite tricky because there may be pad bytes in front of the
2316 * DECNET header, and then there are two possible data packet formats that
2317 * carry both src and dst addresses, plus 5 packet types in a format that
2318 * carries only the src node, plus 2 types that use a different format and
2319 * also carry just the src node.
2320 *
2321 * Yuck.
2322 *
2323 * Instead of doing those all right, we just look for data packets with
2324 * 0 or 1 bytes of padding. If you want to look at other packets, that
2325 * will require a lot more hacking.
2326 *
2327 * To add support for filtering on DECNET "areas" (network numbers)
2328 * one would want to add a "mask" argument to this routine. That would
2329 * make the filter even more inefficient, although one could be clever
2330 * and not generate masking instructions if the mask is 0xFFFF.
2331 */
2332 static struct block *
2333 gen_dnhostop(addr, dir, base_off)
2334 bpf_u_int32 addr;
2335 int dir;
2336 u_int base_off;
2337 {
2338 struct block *b0, *b1, *b2, *tmp;
2339 u_int offset_lh; /* offset if long header is received */
2340 u_int offset_sh; /* offset if short header is received */
2341
2342 switch (dir) {
2343
2344 case Q_DST:
2345 offset_sh = 1; /* follows flags */
2346 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */
2347 break;
2348
2349 case Q_SRC:
2350 offset_sh = 3; /* follows flags, dstnode */
2351 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */
2352 break;
2353
2354 case Q_AND:
2355 /* Inefficient because we do our Calvinball dance twice */
2356 b0 = gen_dnhostop(addr, Q_SRC, base_off);
2357 b1 = gen_dnhostop(addr, Q_DST, base_off);
2358 gen_and(b0, b1);
2359 return b1;
2360
2361 case Q_OR:
2362 case Q_DEFAULT:
2363 /* Inefficient because we do our Calvinball dance twice */
2364 b0 = gen_dnhostop(addr, Q_SRC, base_off);
2365 b1 = gen_dnhostop(addr, Q_DST, base_off);
2366 gen_or(b0, b1);
2367 return b1;
2368
2369 case Q_ISO:
2370 bpf_error("ISO host filtering not implemented");
2371
2372 default:
2373 abort();
2374 }
2375 b0 = gen_linktype(ETHERTYPE_DN);
2376 /* Check for pad = 1, long header case */
2377 tmp = gen_mcmp(base_off + 2, BPF_H,
2378 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF));
2379 b1 = gen_cmp(base_off + 2 + 1 + offset_lh,
2380 BPF_H, (bpf_int32)ntohs(addr));
2381 gen_and(tmp, b1);
2382 /* Check for pad = 0, long header case */
2383 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7);
2384 b2 = gen_cmp(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr));
2385 gen_and(tmp, b2);
2386 gen_or(b2, b1);
2387 /* Check for pad = 1, short header case */
2388 tmp = gen_mcmp(base_off + 2, BPF_H,
2389 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF));
2390 b2 = gen_cmp(base_off + 2 + 1 + offset_sh,
2391 BPF_H, (bpf_int32)ntohs(addr));
2392 gen_and(tmp, b2);
2393 gen_or(b2, b1);
2394 /* Check for pad = 0, short header case */
2395 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7);
2396 b2 = gen_cmp(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr));
2397 gen_and(tmp, b2);
2398 gen_or(b2, b1);
2399
2400 /* Combine with test for linktype */
2401 gen_and(b0, b1);
2402 return b1;
2403 }
2404
2405 static struct block *
2406 gen_host(addr, mask, proto, dir)
2407 bpf_u_int32 addr;
2408 bpf_u_int32 mask;
2409 int proto;
2410 int dir;
2411 {
2412 struct block *b0, *b1;
2413
2414 switch (proto) {
2415
2416 case Q_DEFAULT:
2417 b0 = gen_host(addr, mask, Q_IP, dir);
2418 if (off_linktype != -1) {
2419 b1 = gen_host(addr, mask, Q_ARP, dir);
2420 gen_or(b0, b1);
2421 b0 = gen_host(addr, mask, Q_RARP, dir);
2422 gen_or(b1, b0);
2423 }
2424 return b0;
2425
2426 case Q_IP:
2427 return gen_hostop(addr, mask, dir, ETHERTYPE_IP,
2428 off_nl + 12, off_nl + 16);
2429
2430 case Q_RARP:
2431 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP,
2432 off_nl + 14, off_nl + 24);
2433
2434 case Q_ARP:
2435 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP,
2436 off_nl + 14, off_nl + 24);
2437
2438 case Q_TCP:
2439 bpf_error("'tcp' modifier applied to host");
2440
2441 case Q_SCTP:
2442 bpf_error("'sctp' modifier applied to host");
2443
2444 case Q_UDP:
2445 bpf_error("'udp' modifier applied to host");
2446
2447 case Q_ICMP:
2448 bpf_error("'icmp' modifier applied to host");
2449
2450 case Q_IGMP:
2451 bpf_error("'igmp' modifier applied to host");
2452
2453 case Q_IGRP:
2454 bpf_error("'igrp' modifier applied to host");
2455
2456 case Q_PIM:
2457 bpf_error("'pim' modifier applied to host");
2458
2459 case Q_VRRP:
2460 bpf_error("'vrrp' modifier applied to host");
2461
2462 case Q_ATALK:
2463 bpf_error("ATALK host filtering not implemented");
2464
2465 case Q_AARP:
2466 bpf_error("AARP host filtering not implemented");
2467
2468 case Q_DECNET:
2469 return gen_dnhostop(addr, dir, off_nl);
2470
2471 case Q_SCA:
2472 bpf_error("SCA host filtering not implemented");
2473
2474 case Q_LAT:
2475 bpf_error("LAT host filtering not implemented");
2476
2477 case Q_MOPDL:
2478 bpf_error("MOPDL host filtering not implemented");
2479
2480 case Q_MOPRC:
2481 bpf_error("MOPRC host filtering not implemented");
2482
2483 #ifdef INET6
2484 case Q_IPV6:
2485 bpf_error("'ip6' modifier applied to ip host");
2486
2487 case Q_ICMPV6:
2488 bpf_error("'icmp6' modifier applied to host");
2489 #endif /* INET6 */
2490
2491 case Q_AH:
2492 bpf_error("'ah' modifier applied to host");
2493
2494 case Q_ESP:
2495 bpf_error("'esp' modifier applied to host");
2496
2497 case Q_ISO:
2498 bpf_error("ISO host filtering not implemented");
2499
2500 case Q_ESIS:
2501 bpf_error("'esis' modifier applied to host");
2502
2503 case Q_ISIS:
2504 bpf_error("'isis' modifier applied to host");
2505
2506 case Q_CLNP:
2507 bpf_error("'clnp' modifier applied to host");
2508
2509 case Q_STP:
2510 bpf_error("'stp' modifier applied to host");
2511
2512 case Q_IPX:
2513 bpf_error("IPX host filtering not implemented");
2514
2515 case Q_NETBEUI:
2516 bpf_error("'netbeui' modifier applied to host");
2517
2518 default:
2519 abort();
2520 }
2521 /* NOTREACHED */
2522 }
2523
2524 #ifdef INET6
2525 static struct block *
2526 gen_host6(addr, mask, proto, dir)
2527 struct in6_addr *addr;
2528 struct in6_addr *mask;
2529 int proto;
2530 int dir;
2531 {
2532 switch (proto) {
2533
2534 case Q_DEFAULT:
2535 return gen_host6(addr, mask, Q_IPV6, dir);
2536
2537 case Q_IP:
2538 bpf_error("'ip' modifier applied to ip6 host");
2539
2540 case Q_RARP:
2541 bpf_error("'rarp' modifier applied to ip6 host");
2542
2543 case Q_ARP:
2544 bpf_error("'arp' modifier applied to ip6 host");
2545
2546 case Q_SCTP:
2547 bpf_error("'sctp' modifier applied to host");
2548
2549 case Q_TCP:
2550 bpf_error("'tcp' modifier applied to host");
2551
2552 case Q_UDP:
2553 bpf_error("'udp' modifier applied to host");
2554
2555 case Q_ICMP:
2556 bpf_error("'icmp' modifier applied to host");
2557
2558 case Q_IGMP:
2559 bpf_error("'igmp' modifier applied to host");
2560
2561 case Q_IGRP:
2562 bpf_error("'igrp' modifier applied to host");
2563
2564 case Q_PIM:
2565 bpf_error("'pim' modifier applied to host");
2566
2567 case Q_VRRP:
2568 bpf_error("'vrrp' modifier applied to host");
2569
2570 case Q_ATALK:
2571 bpf_error("ATALK host filtering not implemented");
2572
2573 case Q_AARP:
2574 bpf_error("AARP host filtering not implemented");
2575
2576 case Q_DECNET:
2577 bpf_error("'decnet' modifier applied to ip6 host");
2578
2579 case Q_SCA:
2580 bpf_error("SCA host filtering not implemented");
2581
2582 case Q_LAT:
2583 bpf_error("LAT host filtering not implemented");
2584
2585 case Q_MOPDL:
2586 bpf_error("MOPDL host filtering not implemented");
2587
2588 case Q_MOPRC:
2589 bpf_error("MOPRC host filtering not implemented");
2590
2591 case Q_IPV6:
2592 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6,
2593 off_nl + 8, off_nl + 24);
2594
2595 case Q_ICMPV6:
2596 bpf_error("'icmp6' modifier applied to host");
2597
2598 case Q_AH:
2599 bpf_error("'ah' modifier applied to host");
2600
2601 case Q_ESP:
2602 bpf_error("'esp' modifier applied to host");
2603
2604 case Q_ISO:
2605 bpf_error("ISO host filtering not implemented");
2606
2607 case Q_ESIS:
2608 bpf_error("'esis' modifier applied to host");
2609
2610 case Q_ISIS:
2611 bpf_error("'isis' modifier applied to host");
2612
2613 case Q_CLNP:
2614 bpf_error("'clnp' modifier applied to host");
2615
2616 case Q_STP:
2617 bpf_error("'stp' modifier applied to host");
2618
2619 case Q_IPX:
2620 bpf_error("IPX host filtering not implemented");
2621
2622 case Q_NETBEUI:
2623 bpf_error("'netbeui' modifier applied to host");
2624
2625 default:
2626 abort();
2627 }
2628 /* NOTREACHED */
2629 }
2630 #endif /*INET6*/
2631
2632 #ifndef INET6
2633 static struct block *
2634 gen_gateway(eaddr, alist, proto, dir)
2635 const u_char *eaddr;
2636 bpf_u_int32 **alist;
2637 int proto;
2638 int dir;
2639 {
2640 struct block *b0, *b1, *tmp;
2641
2642 if (dir != 0)
2643 bpf_error("direction applied to 'gateway'");
2644
2645 switch (proto) {
2646 case Q_DEFAULT:
2647 case Q_IP:
2648 case Q_ARP:
2649 case Q_RARP:
2650 if (linktype == DLT_EN10MB)
2651 b0 = gen_ehostop(eaddr, Q_OR);
2652 else if (linktype == DLT_FDDI)
2653 b0 = gen_fhostop(eaddr, Q_OR);
2654 else if (linktype == DLT_IEEE802)
2655 b0 = gen_thostop(eaddr, Q_OR);
2656 else if (linktype == DLT_IEEE802_11)
2657 b0 = gen_wlanhostop(eaddr, Q_OR);
2658 else if (linktype == DLT_SUNATM && is_lane) {
2659 /*
2660 * Check that the packet doesn't begin with an
2661 * LE Control marker. (We've already generated
2662 * a test for LANE.)
2663 */
2664 b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
2665 gen_not(b1);
2666
2667 /*
2668 * Now check the MAC address.
2669 */
2670 b0 = gen_ehostop(eaddr, Q_OR);
2671 gen_and(b1, b0);
2672 } else if (linktype == DLT_IP_OVER_FC)
2673 b0 = gen_ipfchostop(eaddr, Q_OR);
2674 else
2675 bpf_error(
2676 "'gateway' supported only on ethernet/FDDI/token ring/802.11/Fibre Channel");
2677
2678 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR);
2679 while (*alist) {
2680 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR);
2681 gen_or(b1, tmp);
2682 b1 = tmp;
2683 }
2684 gen_not(b1);
2685 gen_and(b0, b1);
2686 return b1;
2687 }
2688 bpf_error("illegal modifier of 'gateway'");
2689 /* NOTREACHED */
2690 }
2691 #endif
2692
2693 struct block *
2694 gen_proto_abbrev(proto)
2695 int proto;
2696 {
2697 struct block *b0;
2698 struct block *b1;
2699
2700 switch (proto) {
2701
2702 case Q_SCTP:
2703 b1 = gen_proto(IPPROTO_SCTP, Q_IP, Q_DEFAULT);
2704 #ifdef INET6
2705 b0 = gen_proto(IPPROTO_SCTP, Q_IPV6, Q_DEFAULT);
2706 gen_or(b0, b1);
2707 #endif
2708 break;
2709
2710 case Q_TCP:
2711 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT);
2712 #ifdef INET6
2713 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT);
2714 gen_or(b0, b1);
2715 #endif
2716 break;
2717
2718 case Q_UDP:
2719 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT);
2720 #ifdef INET6
2721 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT);
2722 gen_or(b0, b1);
2723 #endif
2724 break;
2725
2726 case Q_ICMP:
2727 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT);
2728 break;
2729
2730 #ifndef IPPROTO_IGMP
2731 #define IPPROTO_IGMP 2
2732 #endif
2733
2734 case Q_IGMP:
2735 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT);
2736 break;
2737
2738 #ifndef IPPROTO_IGRP
2739 #define IPPROTO_IGRP 9
2740 #endif
2741 case Q_IGRP:
2742 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT);
2743 break;
2744
2745 #ifndef IPPROTO_PIM
2746 #define IPPROTO_PIM 103
2747 #endif
2748
2749 case Q_PIM:
2750 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT);
2751 #ifdef INET6
2752 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT);
2753 gen_or(b0, b1);
2754 #endif
2755 break;
2756
2757 #ifndef IPPROTO_VRRP
2758 #define IPPROTO_VRRP 112
2759 #endif
2760
2761 case Q_VRRP:
2762 b1 = gen_proto(IPPROTO_VRRP, Q_IP, Q_DEFAULT);
2763 break;
2764
2765 case Q_IP:
2766 b1 = gen_linktype(ETHERTYPE_IP);
2767 break;
2768
2769 case Q_ARP:
2770 b1 = gen_linktype(ETHERTYPE_ARP);
2771 break;
2772
2773 case Q_RARP:
2774 b1 = gen_linktype(ETHERTYPE_REVARP);
2775 break;
2776
2777 case Q_LINK:
2778 bpf_error("link layer applied in wrong context");
2779
2780 case Q_ATALK:
2781 b1 = gen_linktype(ETHERTYPE_ATALK);
2782 break;
2783
2784 case Q_AARP:
2785 b1 = gen_linktype(ETHERTYPE_AARP);
2786 break;
2787
2788 case Q_DECNET:
2789 b1 = gen_linktype(ETHERTYPE_DN);
2790 break;
2791
2792 case Q_SCA:
2793 b1 = gen_linktype(ETHERTYPE_SCA);
2794 break;
2795
2796 case Q_LAT:
2797 b1 = gen_linktype(ETHERTYPE_LAT);
2798 break;
2799
2800 case Q_MOPDL:
2801 b1 = gen_linktype(ETHERTYPE_MOPDL);
2802 break;
2803
2804 case Q_MOPRC:
2805 b1 = gen_linktype(ETHERTYPE_MOPRC);
2806 break;
2807
2808 #ifdef INET6
2809 case Q_IPV6:
2810 b1 = gen_linktype(ETHERTYPE_IPV6);
2811 break;
2812
2813 #ifndef IPPROTO_ICMPV6
2814 #define IPPROTO_ICMPV6 58
2815 #endif
2816 case Q_ICMPV6:
2817 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT);
2818 break;
2819 #endif /* INET6 */
2820
2821 #ifndef IPPROTO_AH
2822 #define IPPROTO_AH 51
2823 #endif
2824 case Q_AH:
2825 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT);
2826 #ifdef INET6
2827 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT);
2828 gen_or(b0, b1);
2829 #endif
2830 break;
2831
2832 #ifndef IPPROTO_ESP
2833 #define IPPROTO_ESP 50
2834 #endif
2835 case Q_ESP:
2836 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT);
2837 #ifdef INET6
2838 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT);
2839 gen_or(b0, b1);
2840 #endif
2841 break;
2842
2843 case Q_ISO:
2844 b1 = gen_linktype(LLCSAP_ISONS);
2845 break;
2846
2847 case Q_ESIS:
2848 b1 = gen_proto(ISO9542_ESIS, Q_ISO, Q_DEFAULT);
2849 break;
2850
2851 case Q_ISIS:
2852 b1 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT);
2853 break;
2854
2855 case Q_ISIS_L1: /* all IS-IS Level1 PDU-Types */
2856 b0 = gen_proto(ISIS_L1_LAN_IIH, Q_ISIS, Q_DEFAULT);
2857 b1 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT); /* FIXME extract the circuit-type bits */
2858 gen_or(b0, b1);
2859 b0 = gen_proto(ISIS_L1_LSP, Q_ISIS, Q_DEFAULT);
2860 gen_or(b0, b1);
2861 b0 = gen_proto(ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT);
2862 gen_or(b0, b1);
2863 b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT);
2864 gen_or(b0, b1);
2865 break;
2866
2867 case Q_ISIS_L2: /* all IS-IS Level2 PDU-Types */
2868 b0 = gen_proto(ISIS_L2_LAN_IIH, Q_ISIS, Q_DEFAULT);
2869 b1 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT); /* FIXME extract the circuit-type bits */
2870 gen_or(b0, b1);
2871 b0 = gen_proto(ISIS_L2_LSP, Q_ISIS, Q_DEFAULT);
2872 gen_or(b0, b1);
2873 b0 = gen_proto(ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT);
2874 gen_or(b0, b1);
2875 b0 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT);
2876 gen_or(b0, b1);
2877 break;
2878
2879 case Q_ISIS_IIH: /* all IS-IS Hello PDU-Types */
2880 b0 = gen_proto(ISIS_L1_LAN_IIH, Q_ISIS, Q_DEFAULT);
2881 b1 = gen_proto(ISIS_L2_LAN_IIH, Q_ISIS, Q_DEFAULT);
2882 gen_or(b0, b1);
2883 b0 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT);
2884 gen_or(b0, b1);
2885 break;
2886
2887 case Q_ISIS_LSP:
2888 b0 = gen_proto(ISIS_L1_LSP, Q_ISIS, Q_DEFAULT);
2889 b1 = gen_proto(ISIS_L2_LSP, Q_ISIS, Q_DEFAULT);
2890 gen_or(b0, b1);
2891 break;
2892
2893 case Q_ISIS_SNP:
2894 b0 = gen_proto(ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT);
2895 b1 = gen_proto(ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT);
2896 gen_or(b0, b1);
2897 b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT);
2898 gen_or(b0, b1);
2899 b0 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT);
2900 gen_or(b0, b1);
2901 break;
2902
2903 case Q_ISIS_CSNP:
2904 b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT);
2905 b1 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT);
2906 gen_or(b0, b1);
2907 break;
2908
2909 case Q_ISIS_PSNP:
2910 b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT);
2911 b1 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT);
2912 gen_or(b0, b1);
2913 break;
2914
2915 case Q_CLNP:
2916 b1 = gen_proto(ISO8473_CLNP, Q_ISO, Q_DEFAULT);
2917 break;
2918
2919 case Q_STP:
2920 b1 = gen_linktype(LLCSAP_8021D);
2921 break;
2922
2923 case Q_IPX:
2924 b1 = gen_linktype(LLCSAP_IPX);
2925 break;
2926
2927 case Q_NETBEUI:
2928 b1 = gen_linktype(LLCSAP_NETBEUI);
2929 break;
2930
2931 default:
2932 abort();
2933 }
2934 return b1;
2935 }
2936
2937 static struct block *
2938 gen_ipfrag()
2939 {
2940 struct slist *s;
2941 struct block *b;
2942
2943 /* not ip frag */
2944 s = new_stmt(BPF_LD|BPF_H|BPF_ABS);
2945 s->s.k = off_nl + 6;
2946 b = new_block(JMP(BPF_JSET));
2947 b->s.k = 0x1fff;
2948 b->stmts = s;
2949 gen_not(b);
2950
2951 return b;
2952 }
2953
2954 static struct block *
2955 gen_portatom(off, v)
2956 int off;
2957 bpf_int32 v;
2958 {
2959 struct slist *s;
2960 struct block *b;
2961
2962 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
2963 s->s.k = off_nl;
2964
2965 s->next = new_stmt(BPF_LD|BPF_IND|BPF_H);
2966 s->next->s.k = off_nl + off;
2967
2968 b = new_block(JMP(BPF_JEQ));
2969 b->stmts = s;
2970 b->s.k = v;
2971
2972 return b;
2973 }
2974
2975 #ifdef INET6
2976 static struct block *
2977 gen_portatom6(off, v)
2978 int off;
2979 bpf_int32 v;
2980 {
2981 return gen_cmp(off_nl + 40 + off, BPF_H, v);
2982 }
2983 #endif/*INET6*/
2984
2985 struct block *
2986 gen_portop(port, proto, dir)
2987 int port, proto, dir;
2988 {
2989 struct block *b0, *b1, *tmp;
2990
2991 /* ip proto 'proto' */
2992 tmp = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)proto);
2993 b0 = gen_ipfrag();
2994 gen_and(tmp, b0);
2995
2996 switch (dir) {
2997 case Q_SRC:
2998 b1 = gen_portatom(0, (bpf_int32)port);
2999 break;
3000
3001 case Q_DST:
3002 b1 = gen_portatom(2, (bpf_int32)port);
3003 break;
3004
3005 case Q_OR:
3006 case Q_DEFAULT:
3007 tmp = gen_portatom(0, (bpf_int32)port);
3008 b1 = gen_portatom(2, (bpf_int32)port);
3009 gen_or(tmp, b1);
3010 break;
3011
3012 case Q_AND:
3013 tmp = gen_portatom(0, (bpf_int32)port);
3014 b1 = gen_portatom(2, (bpf_int32)port);
3015 gen_and(tmp, b1);
3016 break;
3017
3018 default:
3019 abort();
3020 }
3021 gen_and(b0, b1);
3022
3023 return b1;
3024 }
3025
3026 static struct block *
3027 gen_port(port, ip_proto, dir)
3028 int port;
3029 int ip_proto;
3030 int dir;
3031 {
3032 struct block *b0, *b1, *tmp;
3033
3034 switch (linktype) {
3035 case DLT_IEEE802_11:
3036 case DLT_PRISM_HEADER:
3037 case DLT_FDDI:
3038 case DLT_IEEE802:
3039 case DLT_ATM_RFC1483:
3040 case DLT_ATM_CLIP:
3041 b0 = gen_linktype(LLCSAP_IP);
3042 break;
3043 default:
3044 b0 = gen_linktype(ETHERTYPE_IP);
3045 break;
3046 }
3047
3048 switch (ip_proto) {
3049 case IPPROTO_UDP:
3050 case IPPROTO_TCP:
3051 case IPPROTO_SCTP:
3052 b1 = gen_portop(port, ip_proto, dir);
3053 break;
3054
3055 case PROTO_UNDEF:
3056 tmp = gen_portop(port, IPPROTO_TCP, dir);
3057 b1 = gen_portop(port, IPPROTO_UDP, dir);
3058 gen_or(tmp, b1);
3059 tmp = gen_portop(port, IPPROTO_SCTP, dir);
3060 gen_or(tmp, b1);
3061 break;
3062
3063 default:
3064 abort();
3065 }
3066 gen_and(b0, b1);
3067 return b1;
3068 }
3069
3070 #ifdef INET6
3071 struct block *
3072 gen_portop6(port, proto, dir)
3073 int port, proto, dir;
3074 {
3075 struct block *b0, *b1, *tmp;
3076
3077 /* ip proto 'proto' */
3078 b0 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)proto);
3079
3080 switch (dir) {
3081 case Q_SRC:
3082 b1 = gen_portatom6(0, (bpf_int32)port);
3083 break;
3084
3085 case Q_DST:
3086 b1 = gen_portatom6(2, (bpf_int32)port);
3087 break;
3088
3089 case Q_OR:
3090 case Q_DEFAULT:
3091 tmp = gen_portatom6(0, (bpf_int32)port);
3092 b1 = gen_portatom6(2, (bpf_int32)port);
3093 gen_or(tmp, b1);
3094 break;
3095
3096 case Q_AND:
3097 tmp = gen_portatom6(0, (bpf_int32)port);
3098 b1 = gen_portatom6(2, (bpf_int32)port);
3099 gen_and(tmp, b1);
3100 break;
3101
3102 default:
3103 abort();
3104 }
3105 gen_and(b0, b1);
3106
3107 return b1;
3108 }
3109
3110 static struct block *
3111 gen_port6(port, ip_proto, dir)
3112 int port;
3113 int ip_proto;
3114 int dir;
3115 {
3116 struct block *b0, *b1, *tmp;
3117
3118 /* ether proto ip */
3119 b0 = gen_linktype(ETHERTYPE_IPV6);
3120
3121 switch (ip_proto) {
3122 case IPPROTO_UDP:
3123 case IPPROTO_TCP:
3124 case IPPROTO_SCTP:
3125 b1 = gen_portop6(port, ip_proto, dir);
3126 break;
3127
3128 case PROTO_UNDEF:
3129 tmp = gen_portop6(port, IPPROTO_TCP, dir);
3130 b1 = gen_portop6(port, IPPROTO_UDP, dir);
3131 gen_or(tmp, b1);
3132 tmp = gen_portop6(port, IPPROTO_SCTP, dir);
3133 gen_or(tmp, b1);
3134 break;
3135
3136 default:
3137 abort();
3138 }
3139 gen_and(b0, b1);
3140 return b1;
3141 }
3142 #endif /* INET6 */
3143
3144 static int
3145 lookup_proto(name, proto)
3146 register const char *name;
3147 register int proto;
3148 {
3149 register int v;
3150
3151 switch (proto) {
3152
3153 case Q_DEFAULT:
3154 case Q_IP:
3155 case Q_IPV6:
3156 v = pcap_nametoproto(name);
3157 if (v == PROTO_UNDEF)
3158 bpf_error("unknown ip proto '%s'", name);
3159 break;
3160
3161 case Q_LINK:
3162 /* XXX should look up h/w protocol type based on linktype */
3163 v = pcap_nametoeproto(name);
3164 if (v == PROTO_UNDEF)
3165 bpf_error("unknown ether proto '%s'", name);
3166 break;
3167
3168 case Q_ISO:
3169 if (strcmp(name, "esis") == 0)
3170 v = ISO9542_ESIS;
3171 else if (strcmp(name, "isis") == 0)
3172 v = ISO10589_ISIS;
3173 else if (strcmp(name, "clnp") == 0)
3174 v = ISO8473_CLNP;
3175 else
3176 bpf_error("unknown osi proto '%s'", name);
3177 break;
3178
3179 default:
3180 v = PROTO_UNDEF;
3181 break;
3182 }
3183 return v;
3184 }
3185
3186 #if 0
3187 struct stmt *
3188 gen_joinsp(s, n)
3189 struct stmt **s;
3190 int n;
3191 {
3192 return NULL;
3193 }
3194 #endif
3195
3196 static struct block *
3197 gen_protochain(v, proto, dir)
3198 int v;
3199 int proto;
3200 int dir;
3201 {
3202 #ifdef NO_PROTOCHAIN
3203 return gen_proto(v, proto, dir);
3204 #else
3205 struct block *b0, *b;
3206 struct slist *s[100];
3207 int fix2, fix3, fix4, fix5;
3208 int ahcheck, again, end;
3209 int i, max;
3210 int reg2 = alloc_reg();
3211
3212 memset(s, 0, sizeof(s));
3213 fix2 = fix3 = fix4 = fix5 = 0;
3214
3215 switch (proto) {
3216 case Q_IP:
3217 case Q_IPV6:
3218 break;
3219 case Q_DEFAULT:
3220 b0 = gen_protochain(v, Q_IP, dir);
3221 b = gen_protochain(v, Q_IPV6, dir);
3222 gen_or(b0, b);
3223 return b;
3224 default:
3225 bpf_error("bad protocol applied for 'protochain'");
3226 /*NOTREACHED*/
3227 }
3228
3229 no_optimize = 1; /*this code is not compatible with optimzer yet */
3230
3231 /*
3232 * s[0] is a dummy entry to protect other BPF insn from damaged
3233 * by s[fix] = foo with uninitialized variable "fix". It is somewhat
3234 * hard to find interdependency made by jump table fixup.
3235 */
3236 i = 0;
3237 s[i] = new_stmt(0); /*dummy*/
3238 i++;
3239
3240 switch (proto) {
3241 case Q_IP:
3242 b0 = gen_linktype(ETHERTYPE_IP);
3243
3244 /* A = ip->ip_p */
3245 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
3246 s[i]->s.k = off_nl + 9;
3247 i++;
3248 /* X = ip->ip_hl << 2 */
3249 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
3250 s[i]->s.k = off_nl;
3251 i++;
3252 break;
3253 #ifdef INET6
3254 case Q_IPV6:
3255 b0 = gen_linktype(ETHERTYPE_IPV6);
3256
3257 /* A = ip6->ip_nxt */
3258 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
3259 s[i]->s.k = off_nl + 6;
3260 i++;
3261 /* X = sizeof(struct ip6_hdr) */
3262 s[i] = new_stmt(BPF_LDX|BPF_IMM);
3263 s[i]->s.k = 40;
3264 i++;
3265 break;
3266 #endif
3267 default:
3268 bpf_error("unsupported proto to gen_protochain");
3269 /*NOTREACHED*/
3270 }
3271
3272 /* again: if (A == v) goto end; else fall through; */
3273 again = i;
3274 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3275 s[i]->s.k = v;
3276 s[i]->s.jt = NULL; /*later*/
3277 s[i]->s.jf = NULL; /*update in next stmt*/
3278 fix5 = i;
3279 i++;
3280
3281 #ifndef IPPROTO_NONE
3282 #define IPPROTO_NONE 59
3283 #endif
3284 /* if (A == IPPROTO_NONE) goto end */
3285 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3286 s[i]->s.jt = NULL; /*later*/
3287 s[i]->s.jf = NULL; /*update in next stmt*/
3288 s[i]->s.k = IPPROTO_NONE;
3289 s[fix5]->s.jf = s[i];
3290 fix2 = i;
3291 i++;
3292
3293 #ifdef INET6
3294 if (proto == Q_IPV6) {
3295 int v6start, v6end, v6advance, j;
3296
3297 v6start = i;
3298 /* if (A == IPPROTO_HOPOPTS) goto v6advance */
3299 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3300 s[i]->s.jt = NULL; /*later*/
3301 s[i]->s.jf = NULL; /*update in next stmt*/
3302 s[i]->s.k = IPPROTO_HOPOPTS;
3303 s[fix2]->s.jf = s[i];
3304 i++;
3305 /* if (A == IPPROTO_DSTOPTS) goto v6advance */
3306 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3307 s[i]->s.jt = NULL; /*later*/
3308 s[i]->s.jf = NULL; /*update in next stmt*/
3309 s[i]->s.k = IPPROTO_DSTOPTS;
3310 i++;
3311 /* if (A == IPPROTO_ROUTING) goto v6advance */
3312 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3313 s[i]->s.jt = NULL; /*later*/
3314 s[i]->s.jf = NULL; /*update in next stmt*/
3315 s[i]->s.k = IPPROTO_ROUTING;
3316 i++;
3317 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */
3318 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3319 s[i]->s.jt = NULL; /*later*/
3320 s[i]->s.jf = NULL; /*later*/
3321 s[i]->s.k = IPPROTO_FRAGMENT;
3322 fix3 = i;
3323 v6end = i;
3324 i++;
3325
3326 /* v6advance: */
3327 v6advance = i;
3328
3329 /*
3330 * in short,
3331 * A = P[X];
3332 * X = X + (P[X + 1] + 1) * 8;
3333 */
3334 /* A = X */
3335 s[i] = new_stmt(BPF_MISC|BPF_TXA);
3336 i++;
3337 /* A = P[X + packet head] */
3338 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
3339 s[i]->s.k = off_nl;
3340 i++;
3341 /* MEM[reg2] = A */
3342 s[i] = new_stmt(BPF_ST);
3343 s[i]->s.k = reg2;
3344 i++;
3345 /* A = X */
3346 s[i] = new_stmt(BPF_MISC|BPF_TXA);
3347 i++;
3348 /* A += 1 */
3349 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3350 s[i]->s.k = 1;
3351 i++;
3352 /* X = A */
3353 s[i] = new_stmt(BPF_MISC|BPF_TAX);
3354 i++;
3355 /* A = P[X + packet head]; */
3356 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
3357 s[i]->s.k = off_nl;
3358 i++;
3359 /* A += 1 */
3360 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3361 s[i]->s.k = 1;
3362 i++;
3363 /* A *= 8 */
3364 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
3365 s[i]->s.k = 8;
3366 i++;
3367 /* X = A; */
3368 s[i] = new_stmt(BPF_MISC|BPF_TAX);
3369 i++;
3370 /* A = MEM[reg2] */
3371 s[i] = new_stmt(BPF_LD|BPF_MEM);
3372 s[i]->s.k = reg2;
3373 i++;
3374
3375 /* goto again; (must use BPF_JA for backward jump) */
3376 s[i] = new_stmt(BPF_JMP|BPF_JA);
3377 s[i]->s.k = again - i - 1;
3378 s[i - 1]->s.jf = s[i];
3379 i++;
3380
3381 /* fixup */
3382 for (j = v6start; j <= v6end; j++)
3383 s[j]->s.jt = s[v6advance];
3384 } else
3385 #endif
3386 {
3387 /* nop */
3388 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3389 s[i]->s.k = 0;
3390 s[fix2]->s.jf = s[i];
3391 i++;
3392 }
3393
3394 /* ahcheck: */
3395 ahcheck = i;
3396 /* if (A == IPPROTO_AH) then fall through; else goto end; */
3397 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3398 s[i]->s.jt = NULL; /*later*/
3399 s[i]->s.jf = NULL; /*later*/
3400 s[i]->s.k = IPPROTO_AH;
3401 if (fix3)
3402 s[fix3]->s.jf = s[ahcheck];
3403 fix4 = i;
3404 i++;
3405
3406 /*
3407 * in short,
3408 * A = P[X];
3409 * X = X + (P[X + 1] + 2) * 4;
3410 */
3411 /* A = X */
3412 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
3413 i++;
3414 /* A = P[X + packet head]; */
3415 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
3416 s[i]->s.k = off_nl;
3417 i++;
3418 /* MEM[reg2] = A */
3419 s[i] = new_stmt(BPF_ST);
3420 s[i]->s.k = reg2;
3421 i++;
3422 /* A = X */
3423 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
3424 i++;
3425 /* A += 1 */
3426 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3427 s[i]->s.k = 1;
3428 i++;
3429 /* X = A */
3430 s[i] = new_stmt(BPF_MISC|BPF_TAX);
3431 i++;
3432 /* A = P[X + packet head] */
3433 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
3434 s[i]->s.k = off_nl;
3435 i++;
3436 /* A += 2 */
3437 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3438 s[i]->s.k = 2;
3439 i++;
3440 /* A *= 4 */
3441 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
3442 s[i]->s.k = 4;
3443 i++;
3444 /* X = A; */
3445 s[i] = new_stmt(BPF_MISC|BPF_TAX);
3446 i++;
3447 /* A = MEM[reg2] */
3448 s[i] = new_stmt(BPF_LD|BPF_MEM);
3449 s[i]->s.k = reg2;
3450 i++;
3451
3452 /* goto again; (must use BPF_JA for backward jump) */
3453 s[i] = new_stmt(BPF_JMP|BPF_JA);
3454 s[i]->s.k = again - i - 1;
3455 i++;
3456
3457 /* end: nop */
3458 end = i;
3459 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3460 s[i]->s.k = 0;
3461 s[fix2]->s.jt = s[end];
3462 s[fix4]->s.jf = s[end];
3463 s[fix5]->s.jt = s[end];
3464 i++;
3465
3466 /*
3467 * make slist chain
3468 */
3469 max = i;
3470 for (i = 0; i < max - 1; i++)
3471 s[i]->next = s[i + 1];
3472 s[max - 1]->next = NULL;
3473
3474 /*
3475 * emit final check
3476 */
3477 b = new_block(JMP(BPF_JEQ));
3478 b->stmts = s[1]; /*remember, s[0] is dummy*/
3479 b->s.k = v;
3480
3481 free_reg(reg2);
3482
3483 gen_and(b0, b);
3484 return b;
3485 #endif
3486 }
3487
3488 static struct block *
3489 gen_proto(v, proto, dir)
3490 int v;
3491 int proto;
3492 int dir;
3493 {
3494 struct block *b0, *b1;
3495
3496 if (dir != Q_DEFAULT)
3497 bpf_error("direction applied to 'proto'");
3498
3499 switch (proto) {
3500 case Q_DEFAULT:
3501 #ifdef INET6
3502 b0 = gen_proto(v, Q_IP, dir);
3503 b1 = gen_proto(v, Q_IPV6, dir);
3504 gen_or(b0, b1);
3505 return b1;
3506 #else
3507 /*FALLTHROUGH*/
3508 #endif
3509 case Q_IP:
3510 switch (linktype) {
3511 case DLT_IEEE802_11:
3512 case DLT_PRISM_HEADER:
3513 case DLT_FDDI:
3514 case DLT_IEEE802:
3515 case DLT_ATM_RFC1483:
3516 case DLT_ATM_CLIP:
3517 b0 = gen_linktype(LLCSAP_IP);
3518 break;
3519 default:
3520 b0 = gen_linktype(ETHERTYPE_IP);
3521 break;
3522 }
3523 #ifndef CHASE_CHAIN
3524 b1 = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)v);
3525 #else
3526 b1 = gen_protochain(v, Q_IP);
3527 #endif
3528 gen_and(b0, b1);
3529 return b1;
3530
3531 case Q_ISO:
3532 switch (linktype) {
3533
3534 case DLT_FRELAY:
3535 /*
3536 * Frame Relay packets typically have an OSI
3537 * NLPID at the beginning; "gen_linktype(LLCSAP_ISONS)"
3538 * generates code to check for all the OSI
3539 * NLPIDs, so calling it and then adding a check
3540 * for the particular NLPID for which we're
3541 * looking is bogus, as we can just check for
3542 * the NLPID.
3543 *
3544 * What we check for is the NLPID and a frame
3545 * control field value of UI, i.e. 0x03 followed
3546 * by the NLPID.
3547 *
3548 * XXX - assumes a 2-byte Frame Relay header with
3549 * DLCI and flags. What if the address is longer?
3550 *
3551 * XXX - what about SNAP-encapsulated frames?
3552 */
3553 return gen_cmp(2, BPF_H, (0x03<<8) | v);
3554 break;
3555
3556 case DLT_C_HDLC:
3557 /* Cisco uses an Ethertype lookalike - for OSI its 0xfefe */
3558 b0 = gen_linktype(LLCSAP_ISONS<<8 | LLCSAP_ISONS);
3559 /* OSI in C-HDLC is stuffed with a fudge byte */
3560 b1 = gen_cmp(off_nl_nosnap+1, BPF_B, (long)v);
3561 gen_and(b0, b1);
3562 return b1;
3563 default:
3564 b0 = gen_linktype(LLCSAP_ISONS);
3565 b1 = gen_cmp(off_nl_nosnap, BPF_B, (long)v);
3566 gen_and(b0, b1);
3567 return b1;
3568 }
3569
3570 case Q_ISIS:
3571 b0 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT);
3572 /* 4 is the offset of the PDU type relative to the IS-IS header */
3573 b1 = gen_cmp(off_nl_nosnap+4, BPF_B, (long)v);
3574 gen_and(b0, b1);
3575 return b1;
3576
3577 case Q_ARP:
3578 bpf_error("arp does not encapsulate another protocol");
3579 /* NOTREACHED */
3580
3581 case Q_RARP:
3582 bpf_error("rarp does not encapsulate another protocol");
3583 /* NOTREACHED */
3584
3585 case Q_ATALK:
3586 bpf_error("atalk encapsulation is not specifiable");
3587 /* NOTREACHED */
3588
3589 case Q_DECNET:
3590 bpf_error("decnet encapsulation is not specifiable");
3591 /* NOTREACHED */
3592
3593 case Q_SCA:
3594 bpf_error("sca does not encapsulate another protocol");
3595 /* NOTREACHED */
3596
3597 case Q_LAT:
3598 bpf_error("lat does not encapsulate another protocol");
3599 /* NOTREACHED */
3600
3601 case Q_MOPRC:
3602 bpf_error("moprc does not encapsulate another protocol");
3603 /* NOTREACHED */
3604
3605 case Q_MOPDL:
3606 bpf_error("mopdl does not encapsulate another protocol");
3607 /* NOTREACHED */
3608
3609 case Q_LINK:
3610 return gen_linktype(v);
3611
3612 case Q_UDP:
3613 bpf_error("'udp proto' is bogus");
3614 /* NOTREACHED */
3615
3616 case Q_TCP:
3617 bpf_error("'tcp proto' is bogus");
3618 /* NOTREACHED */
3619
3620 case Q_SCTP:
3621 bpf_error("'sctp proto' is bogus");
3622 /* NOTREACHED */
3623
3624 case Q_ICMP:
3625 bpf_error("'icmp proto' is bogus");
3626 /* NOTREACHED */
3627
3628 case Q_IGMP:
3629 bpf_error("'igmp proto' is bogus");
3630 /* NOTREACHED */
3631
3632 case Q_IGRP:
3633 bpf_error("'igrp proto' is bogus");
3634 /* NOTREACHED */
3635
3636 case Q_PIM:
3637 bpf_error("'pim proto' is bogus");
3638 /* NOTREACHED */
3639
3640 case Q_VRRP:
3641 bpf_error("'vrrp proto' is bogus");
3642 /* NOTREACHED */
3643
3644 #ifdef INET6
3645 case Q_IPV6:
3646 b0 = gen_linktype(ETHERTYPE_IPV6);
3647 #ifndef CHASE_CHAIN
3648 b1 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)v);
3649 #else
3650 b1 = gen_protochain(v, Q_IPV6);
3651 #endif
3652 gen_and(b0, b1);
3653 return b1;
3654
3655 case Q_ICMPV6:
3656 bpf_error("'icmp6 proto' is bogus");
3657 #endif /* INET6 */
3658
3659 case Q_AH:
3660 bpf_error("'ah proto' is bogus");
3661
3662 case Q_ESP:
3663 bpf_error("'ah proto' is bogus");
3664
3665 case Q_STP:
3666 bpf_error("'stp proto' is bogus");
3667
3668 case Q_IPX:
3669 bpf_error("'ipx proto' is bogus");
3670
3671 case Q_NETBEUI:
3672 bpf_error("'netbeui proto' is bogus");
3673
3674 default:
3675 abort();
3676 /* NOTREACHED */
3677 }
3678 /* NOTREACHED */
3679 }
3680
3681 struct block *
3682 gen_scode(name, q)
3683 register const char *name;
3684 struct qual q;
3685 {
3686 int proto = q.proto;
3687 int dir = q.dir;
3688 int tproto;
3689 u_char *eaddr;
3690 bpf_u_int32 mask, addr;
3691 #ifndef INET6
3692 bpf_u_int32 **alist;
3693 #else
3694 int tproto6;
3695 struct sockaddr_in *sin;
3696 struct sockaddr_in6 *sin6;
3697 struct addrinfo *res, *res0;
3698 struct in6_addr mask128;
3699 #endif /*INET6*/
3700 struct block *b, *tmp;
3701 int port, real_proto;
3702
3703 switch (q.addr) {
3704
3705 case Q_NET:
3706 addr = pcap_nametonetaddr(name);
3707 if (addr == 0)
3708 bpf_error("unknown network '%s'", name);
3709 /* Left justify network addr and calculate its network mask */
3710 mask = 0xffffffff;
3711 while (addr && (addr & 0xff000000) == 0) {
3712 addr <<= 8;
3713 mask <<= 8;
3714 }
3715 return gen_host(addr, mask, proto, dir);
3716
3717 case Q_DEFAULT:
3718 case Q_HOST:
3719 if (proto == Q_LINK) {
3720 switch (linktype) {
3721
3722 case DLT_EN10MB:
3723 eaddr = pcap_ether_hostton(name);
3724 if (eaddr == NULL)
3725 bpf_error(
3726 "unknown ether host '%s'", name);
3727 b = gen_ehostop(eaddr, dir);
3728 free(eaddr);
3729 return b;
3730
3731 case DLT_FDDI:
3732 eaddr = pcap_ether_hostton(name);
3733 if (eaddr == NULL)
3734 bpf_error(
3735 "unknown FDDI host '%s'", name);
3736 b = gen_fhostop(eaddr, dir);
3737 free(eaddr);
3738 return b;
3739
3740 case DLT_IEEE802:
3741 eaddr = pcap_ether_hostton(name);
3742 if (eaddr == NULL)
3743 bpf_error(
3744 "unknown token ring host '%s'", name);
3745 b = gen_thostop(eaddr, dir);
3746 free(eaddr);
3747 return b;
3748
3749 case DLT_IEEE802_11:
3750 eaddr = pcap_ether_hostton(name);
3751 if (eaddr == NULL)
3752 bpf_error(
3753 "unknown 802.11 host '%s'", name);
3754 b = gen_wlanhostop(eaddr, dir);
3755 free(eaddr);
3756 return b;
3757
3758 case DLT_IP_OVER_FC:
3759 eaddr = pcap_ether_hostton(name);
3760 if (eaddr == NULL)
3761 bpf_error(
3762 "unknown Fibre Channel host '%s'", name);
3763 b = gen_ipfchostop(eaddr, dir);
3764 free(eaddr);
3765 return b;
3766
3767 case DLT_SUNATM:
3768 if (!is_lane)
3769 break;
3770
3771 /*
3772 * Check that the packet doesn't begin
3773 * with an LE Control marker. (We've
3774 * already generated a test for LANE.)
3775 */
3776 tmp = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H,
3777 0xFF00);
3778 gen_not(tmp);
3779
3780 eaddr = pcap_ether_hostton(name);
3781 if (eaddr == NULL)
3782 bpf_error(
3783 "unknown ether host '%s'", name);
3784 b = gen_ehostop(eaddr, dir);
3785 gen_and(tmp, b);
3786 free(eaddr);
3787 return b;
3788 }
3789
3790 bpf_error("only ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel supports link-level host name");
3791 } else if (proto == Q_DECNET) {
3792 unsigned short dn_addr = __pcap_nametodnaddr(name);
3793 /*
3794 * I don't think DECNET hosts can be multihomed, so
3795 * there is no need to build up a list of addresses
3796 */
3797 return (gen_host(dn_addr, 0, proto, dir));
3798 } else {
3799 #ifndef INET6
3800 alist = pcap_nametoaddr(name);
3801 if (alist == NULL || *alist == NULL)
3802 bpf_error("unknown host '%s'", name);
3803 tproto = proto;
3804 if (off_linktype == -1 && tproto == Q_DEFAULT)
3805 tproto = Q_IP;
3806 b = gen_host(**alist++, 0xffffffff, tproto, dir);
3807 while (*alist) {
3808 tmp = gen_host(**alist++, 0xffffffff,
3809 tproto, dir);
3810 gen_or(b, tmp);
3811 b = tmp;
3812 }
3813 return b;
3814 #else
3815 memset(&mask128, 0xff, sizeof(mask128));
3816 res0 = res = pcap_nametoaddrinfo(name);
3817 if (res == NULL)
3818 bpf_error("unknown host '%s'", name);
3819 b = tmp = NULL;
3820 tproto = tproto6 = proto;
3821 if (off_linktype == -1 && tproto == Q_DEFAULT) {
3822 tproto = Q_IP;
3823 tproto6 = Q_IPV6;
3824 }
3825 for (res = res0; res; res = res->ai_next) {
3826 switch (res->ai_family) {
3827 case AF_INET:
3828 if (tproto == Q_IPV6)
3829 continue;
3830
3831 sin = (struct sockaddr_in *)
3832 res->ai_addr;
3833 tmp = gen_host(ntohl(sin->sin_addr.s_addr),
3834 0xffffffff, tproto, dir);
3835 break;
3836 case AF_INET6:
3837 if (tproto6 == Q_IP)
3838 continue;
3839
3840 sin6 = (struct sockaddr_in6 *)
3841 res->ai_addr;
3842 tmp = gen_host6(&sin6->sin6_addr,
3843 &mask128, tproto6, dir);
3844 break;
3845 default:
3846 continue;
3847 }
3848 if (b)
3849 gen_or(b, tmp);
3850 b = tmp;
3851 }
3852 freeaddrinfo(res0);
3853 if (b == NULL) {
3854 bpf_error("unknown host '%s'%s", name,
3855 (proto == Q_DEFAULT)
3856 ? ""
3857 : " for specified address family");
3858 }
3859 return b;
3860 #endif /*INET6*/
3861 }
3862
3863 case Q_PORT:
3864 if (proto != Q_DEFAULT &&
3865 proto != Q_UDP && proto != Q_TCP && proto != Q_SCTP)
3866 bpf_error("illegal qualifier of 'port'");
3867 if (pcap_nametoport(name, &port, &real_proto) == 0)
3868 bpf_error("unknown port '%s'", name);
3869 if (proto == Q_UDP) {
3870 if (real_proto == IPPROTO_TCP)
3871 bpf_error("port '%s' is tcp", name);
3872 else if (real_proto == IPPROTO_SCTP)
3873 bpf_error("port '%s' is sctp", name);
3874 else
3875 /* override PROTO_UNDEF */
3876 real_proto = IPPROTO_UDP;
3877 }
3878 if (proto == Q_TCP) {
3879 if (real_proto == IPPROTO_UDP)
3880 bpf_error("port '%s' is udp", name);
3881
3882 else if (real_proto == IPPROTO_SCTP)
3883 bpf_error("port '%s' is sctp", name);
3884 else
3885 /* override PROTO_UNDEF */
3886 real_proto = IPPROTO_TCP;
3887 }
3888 if (proto == Q_SCTP) {
3889 if (real_proto == IPPROTO_UDP)
3890 bpf_error("port '%s' is udp", name);
3891
3892 else if (real_proto == IPPROTO_TCP)
3893 bpf_error("port '%s' is tcp", name);
3894 else
3895 /* override PROTO_UNDEF */
3896 real_proto = IPPROTO_SCTP;
3897 }
3898 #ifndef INET6
3899 return gen_port(port, real_proto, dir);
3900 #else
3901 {
3902 struct block *b;
3903 b = gen_port(port, real_proto, dir);
3904 gen_or(gen_port6(port, real_proto, dir), b);
3905 return b;
3906 }
3907 #endif /* INET6 */
3908
3909 case Q_GATEWAY:
3910 #ifndef INET6
3911 eaddr = pcap_ether_hostton(name);
3912 if (eaddr == NULL)
3913 bpf_error("unknown ether host: %s", name);
3914
3915 alist = pcap_nametoaddr(name);
3916 if (alist == NULL || *alist == NULL)
3917 bpf_error("unknown host '%s'", name);
3918 b = gen_gateway(eaddr, alist, proto, dir);
3919 free(eaddr);
3920 return b;
3921 #else
3922 bpf_error("'gateway' not supported in this configuration");
3923 #endif /*INET6*/
3924
3925 case Q_PROTO:
3926 real_proto = lookup_proto(name, proto);
3927 if (real_proto >= 0)
3928 return gen_proto(real_proto, proto, dir);
3929 else
3930 bpf_error("unknown protocol: %s", name);
3931
3932 case Q_PROTOCHAIN:
3933 real_proto = lookup_proto(name, proto);
3934 if (real_proto >= 0)
3935 return gen_protochain(real_proto, proto, dir);
3936 else
3937 bpf_error("unknown protocol: %s", name);
3938
3939
3940 case Q_UNDEF:
3941 syntax();
3942 /* NOTREACHED */
3943 }
3944 abort();
3945 /* NOTREACHED */
3946 }
3947
3948 struct block *
3949 gen_mcode(s1, s2, masklen, q)
3950 register const char *s1, *s2;
3951 register int masklen;
3952 struct qual q;
3953 {
3954 register int nlen, mlen;
3955 bpf_u_int32 n, m;
3956
3957 nlen = __pcap_atoin(s1, &n);
3958 /* Promote short ipaddr */
3959 n <<= 32 - nlen;
3960
3961 if (s2 != NULL) {
3962 mlen = __pcap_atoin(s2, &m);
3963 /* Promote short ipaddr */
3964 m <<= 32 - mlen;
3965 if ((n & ~m) != 0)
3966 bpf_error("non-network bits set in \"%s mask %s\"",
3967 s1, s2);
3968 } else {
3969 /* Convert mask len to mask */
3970 if (masklen > 32)
3971 bpf_error("mask length must be <= 32");
3972 m = 0xffffffff << (32 - masklen);
3973 if ((n & ~m) != 0)
3974 bpf_error("non-network bits set in \"%s/%d\"",
3975 s1, masklen);
3976 }
3977
3978 switch (q.addr) {
3979
3980 case Q_NET:
3981 return gen_host(n, m, q.proto, q.dir);
3982
3983 default:
3984 bpf_error("Mask syntax for networks only");
3985 /* NOTREACHED */
3986 }
3987 }
3988
3989 struct block *
3990 gen_ncode(s, v, q)
3991 register const char *s;
3992 bpf_u_int32 v;
3993 struct qual q;
3994 {
3995 bpf_u_int32 mask;
3996 int proto = q.proto;
3997 int dir = q.dir;
3998 register int vlen;
3999
4000 if (s == NULL)
4001 vlen = 32;
4002 else if (q.proto == Q_DECNET)
4003 vlen = __pcap_atodn(s, &v);
4004 else
4005 vlen = __pcap_atoin(s, &v);
4006
4007 switch (q.addr) {
4008
4009 case Q_DEFAULT:
4010 case Q_HOST:
4011 case Q_NET:
4012 if (proto == Q_DECNET)
4013 return gen_host(v, 0, proto, dir);
4014 else if (proto == Q_LINK) {
4015 bpf_error("illegal link layer address");
4016 } else {
4017 mask = 0xffffffff;
4018 if (s == NULL && q.addr == Q_NET) {
4019 /* Promote short net number */
4020 while (v && (v & 0xff000000) == 0) {
4021 v <<= 8;
4022 mask <<= 8;
4023 }
4024 } else {
4025 /* Promote short ipaddr */
4026 v <<= 32 - vlen;
4027 mask <<= 32 - vlen;
4028 }
4029 return gen_host(v, mask, proto, dir);
4030 }
4031
4032 case Q_PORT:
4033 if (proto == Q_UDP)
4034 proto = IPPROTO_UDP;
4035 else if (proto == Q_TCP)
4036 proto = IPPROTO_TCP;
4037 else if (proto == Q_SCTP)
4038 proto = IPPROTO_SCTP;
4039 else if (proto == Q_DEFAULT)
4040 proto = PROTO_UNDEF;
4041 else
4042 bpf_error("illegal qualifier of 'port'");
4043
4044 #ifndef INET6
4045 return gen_port((int)v, proto, dir);
4046 #else
4047 {
4048 struct block *b;
4049 b = gen_port((int)v, proto, dir);
4050 gen_or(gen_port6((int)v, proto, dir), b);
4051 return b;
4052 }
4053 #endif /* INET6 */
4054
4055 case Q_GATEWAY:
4056 bpf_error("'gateway' requires a name");
4057 /* NOTREACHED */
4058
4059 case Q_PROTO:
4060 return gen_proto((int)v, proto, dir);
4061
4062 case Q_PROTOCHAIN:
4063 return gen_protochain((int)v, proto, dir);
4064
4065 case Q_UNDEF:
4066 syntax();
4067 /* NOTREACHED */
4068
4069 default:
4070 abort();
4071 /* NOTREACHED */
4072 }
4073 /* NOTREACHED */
4074 }
4075
4076 #ifdef INET6
4077 struct block *
4078 gen_mcode6(s1, s2, masklen, q)
4079 register const char *s1, *s2;
4080 register int masklen;
4081 struct qual q;
4082 {
4083 struct addrinfo *res;
4084 struct in6_addr *addr;
4085 struct in6_addr mask;
4086 struct block *b;
4087 u_int32_t *a, *m;
4088
4089 if (s2)
4090 bpf_error("no mask %s supported", s2);
4091
4092 res = pcap_nametoaddrinfo(s1);
4093 if (!res)
4094 bpf_error("invalid ip6 address %s", s1);
4095 if (res->ai_next)
4096 bpf_error("%s resolved to multiple address", s1);
4097 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr;
4098
4099 if (sizeof(mask) * 8 < masklen)
4100 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8));
4101 memset(&mask, 0, sizeof(mask));
4102 memset(&mask, 0xff, masklen / 8);
4103 if (masklen % 8) {
4104 mask.s6_addr[masklen / 8] =
4105 (0xff << (8 - masklen % 8)) & 0xff;
4106 }
4107
4108 a = (u_int32_t *)addr;
4109 m = (u_int32_t *)&mask;
4110 if ((a[0] & ~m[0]) || (a[1] & ~m[1])
4111 || (a[2] & ~m[2]) || (a[3] & ~m[3])) {
4112 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen);
4113 }
4114
4115 switch (q.addr) {
4116
4117 case Q_DEFAULT:
4118 case Q_HOST:
4119 if (masklen != 128)
4120 bpf_error("Mask syntax for networks only");
4121 /* FALLTHROUGH */
4122
4123 case Q_NET:
4124 b = gen_host6(addr, &mask, q.proto, q.dir);
4125 freeaddrinfo(res);
4126 return b;
4127
4128 default:
4129 bpf_error("invalid qualifier against IPv6 address");
4130 /* NOTREACHED */
4131 }
4132 }
4133 #endif /*INET6*/
4134
4135 struct block *
4136 gen_ecode(eaddr, q)
4137 register const u_char *eaddr;
4138 struct qual q;
4139 {
4140 struct block *b, *tmp;
4141
4142 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
4143 if (linktype == DLT_EN10MB)
4144 return gen_ehostop(eaddr, (int)q.dir);
4145 if (linktype == DLT_FDDI)
4146 return gen_fhostop(eaddr, (int)q.dir);
4147 if (linktype == DLT_IEEE802)
4148 return gen_thostop(eaddr, (int)q.dir);
4149 if (linktype == DLT_IEEE802_11)
4150 return gen_wlanhostop(eaddr, (int)q.dir);
4151 if (linktype == DLT_SUNATM && is_lane) {
4152 /*
4153 * Check that the packet doesn't begin with an
4154 * LE Control marker. (We've already generated
4155 * a test for LANE.)
4156 */
4157 tmp = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
4158 gen_not(tmp);
4159
4160 /*
4161 * Now check the MAC address.
4162 */
4163 b = gen_ehostop(eaddr, (int)q.dir);
4164 gen_and(tmp, b);
4165 return b;
4166 }
4167 if (linktype == DLT_IP_OVER_FC)
4168 return gen_ipfchostop(eaddr, (int)q.dir);
4169 bpf_error("ethernet addresses supported only on ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel");
4170 }
4171 bpf_error("ethernet address used in non-ether expression");
4172 /* NOTREACHED */
4173 }
4174
4175 void
4176 sappend(s0, s1)
4177 struct slist *s0, *s1;
4178 {
4179 /*
4180 * This is definitely not the best way to do this, but the
4181 * lists will rarely get long.
4182 */
4183 while (s0->next)
4184 s0 = s0->next;
4185 s0->next = s1;
4186 }
4187
4188 static struct slist *
4189 xfer_to_x(a)
4190 struct arth *a;
4191 {
4192 struct slist *s;
4193
4194 s = new_stmt(BPF_LDX|BPF_MEM);
4195 s->s.k = a->regno;
4196 return s;
4197 }
4198
4199 static struct slist *
4200 xfer_to_a(a)
4201 struct arth *a;
4202 {
4203 struct slist *s;
4204
4205 s = new_stmt(BPF_LD|BPF_MEM);
4206 s->s.k = a->regno;
4207 return s;
4208 }
4209
4210 struct arth *
4211 gen_load(proto, index, size)
4212 int proto;
4213 struct arth *index;
4214 int size;
4215 {
4216 struct slist *s, *tmp;
4217 struct block *b;
4218 int regno = alloc_reg();
4219
4220 free_reg(index->regno);
4221 switch (size) {
4222
4223 default:
4224 bpf_error("data size must be 1, 2, or 4");
4225
4226 case 1:
4227 size = BPF_B;
4228 break;
4229
4230 case 2:
4231 size = BPF_H;
4232 break;
4233
4234 case 4:
4235 size = BPF_W;
4236 break;
4237 }
4238 switch (proto) {
4239 default:
4240 bpf_error("unsupported index operation");
4241
4242 case Q_LINK:
4243 /*
4244 * XXX - what about ATM LANE? Should the index be
4245 * relative to the beginning of the AAL5 frame, so
4246 * that 0 refers to the beginning of the LE Control
4247 * field, or relative to the beginning of the LAN
4248 * frame, so that 0 refers, for Ethernet LANE, to
4249 * the beginning of the destination address?
4250 */
4251 s = xfer_to_x(index);
4252 tmp = new_stmt(BPF_LD|BPF_IND|size);
4253 sappend(s, tmp);
4254 sappend(index->s, s);
4255 break;
4256
4257 case Q_IP:
4258 case Q_ARP:
4259 case Q_RARP:
4260 case Q_ATALK:
4261 case Q_DECNET:
4262 case Q_SCA:
4263 case Q_LAT:
4264 case Q_MOPRC:
4265 case Q_MOPDL:
4266 #ifdef INET6
4267 case Q_IPV6:
4268 #endif
4269 /* XXX Note that we assume a fixed link header here. */
4270 s = xfer_to_x(index);
4271 tmp = new_stmt(BPF_LD|BPF_IND|size);
4272 tmp->s.k = off_nl;
4273 sappend(s, tmp);
4274 sappend(index->s, s);
4275
4276 b = gen_proto_abbrev(proto);
4277 if (index->b)
4278 gen_and(index->b, b);
4279 index->b = b;
4280 break;
4281
4282 case Q_SCTP:
4283 case Q_TCP:
4284 case Q_UDP:
4285 case Q_ICMP:
4286 case Q_IGMP:
4287 case Q_IGRP:
4288 case Q_PIM:
4289 case Q_VRRP:
4290 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
4291 s->s.k = off_nl;
4292 sappend(s, xfer_to_a(index));
4293 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X));
4294 sappend(s, new_stmt(BPF_MISC|BPF_TAX));
4295 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size));
4296 tmp->s.k = off_nl;
4297 sappend(index->s, s);
4298
4299 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag());
4300 if (index->b)
4301 gen_and(index->b, b);
4302 #ifdef INET6
4303 gen_and(gen_proto_abbrev(Q_IP), b);
4304 #endif
4305 index->b = b;
4306 break;
4307 #ifdef INET6
4308 case Q_ICMPV6:
4309 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]");
4310 /*NOTREACHED*/
4311 #endif
4312 }
4313 index->regno = regno;
4314 s = new_stmt(BPF_ST);
4315 s->s.k = regno;
4316 sappend(index->s, s);
4317
4318 return index;
4319 }
4320
4321 struct block *
4322 gen_relation(code, a0, a1, reversed)
4323 int code;
4324 struct arth *a0, *a1;
4325 int reversed;
4326 {
4327 struct slist *s0, *s1, *s2;
4328 struct block *b, *tmp;
4329
4330 s0 = xfer_to_x(a1);
4331 s1 = xfer_to_a(a0);
4332 if (code == BPF_JEQ) {
4333 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X);
4334 b = new_block(JMP(code));
4335 sappend(s1, s2);
4336 }
4337 else
4338 b = new_block(BPF_JMP|code|BPF_X);
4339 if (reversed)
4340 gen_not(b);
4341
4342 sappend(s0, s1);
4343 sappend(a1->s, s0);
4344 sappend(a0->s, a1->s);
4345
4346 b->stmts = a0->s;
4347
4348 free_reg(a0->regno);
4349 free_reg(a1->regno);
4350
4351 /* 'and' together protocol checks */
4352 if (a0->b) {
4353 if (a1->b) {
4354 gen_and(a0->b, tmp = a1->b);
4355 }
4356 else
4357 tmp = a0->b;
4358 } else
4359 tmp = a1->b;
4360
4361 if (tmp)
4362 gen_and(tmp, b);
4363
4364 return b;
4365 }
4366
4367 struct arth *
4368 gen_loadlen()
4369 {
4370 int regno = alloc_reg();
4371 struct arth *a = (struct arth *)newchunk(sizeof(*a));
4372 struct slist *s;
4373
4374 s = new_stmt(BPF_LD|BPF_LEN);
4375 s->next = new_stmt(BPF_ST);
4376 s->next->s.k = regno;
4377 a->s = s;
4378 a->regno = regno;
4379
4380 return a;
4381 }
4382
4383 struct arth *
4384 gen_loadi(val)
4385 int val;
4386 {
4387 struct arth *a;
4388 struct slist *s;
4389 int reg;
4390
4391 a = (struct arth *)newchunk(sizeof(*a));
4392
4393 reg = alloc_reg();
4394
4395 s = new_stmt(BPF_LD|BPF_IMM);
4396 s->s.k = val;
4397 s->next = new_stmt(BPF_ST);
4398 s->next->s.k = reg;
4399 a->s = s;
4400 a->regno = reg;
4401
4402 return a;
4403 }
4404
4405 struct arth *
4406 gen_neg(a)
4407 struct arth *a;
4408 {
4409 struct slist *s;
4410
4411 s = xfer_to_a(a);
4412 sappend(a->s, s);
4413 s = new_stmt(BPF_ALU|BPF_NEG);
4414 s->s.k = 0;
4415 sappend(a->s, s);
4416 s = new_stmt(BPF_ST);
4417 s->s.k = a->regno;
4418 sappend(a->s, s);
4419
4420 return a;
4421 }
4422
4423 struct arth *
4424 gen_arth(code, a0, a1)
4425 int code;
4426 struct arth *a0, *a1;
4427 {
4428 struct slist *s0, *s1, *s2;
4429
4430 s0 = xfer_to_x(a1);
4431 s1 = xfer_to_a(a0);
4432 s2 = new_stmt(BPF_ALU|BPF_X|code);
4433
4434 sappend(s1, s2);
4435 sappend(s0, s1);
4436 sappend(a1->s, s0);
4437 sappend(a0->s, a1->s);
4438
4439 free_reg(a0->regno);
4440 free_reg(a1->regno);
4441
4442 s0 = new_stmt(BPF_ST);
4443 a0->regno = s0->s.k = alloc_reg();
4444 sappend(a0->s, s0);
4445
4446 return a0;
4447 }
4448
4449 /*
4450 * Here we handle simple allocation of the scratch registers.
4451 * If too many registers are alloc'd, the allocator punts.
4452 */
4453 static int regused[BPF_MEMWORDS];
4454 static int curreg;
4455
4456 /*
4457 * Return the next free register.
4458 */
4459 static int
4460 alloc_reg()
4461 {
4462 int n = BPF_MEMWORDS;
4463
4464 while (--n >= 0) {
4465 if (regused[curreg])
4466 curreg = (curreg + 1) % BPF_MEMWORDS;
4467 else {
4468 regused[curreg] = 1;
4469 return curreg;
4470 }
4471 }
4472 bpf_error("too many registers needed to evaluate expression");
4473 /* NOTREACHED */
4474 }
4475
4476 /*
4477 * Return a register to the table so it can
4478 * be used later.
4479 */
4480 static void
4481 free_reg(n)
4482 int n;
4483 {
4484 regused[n] = 0;
4485 }
4486
4487 static struct block *
4488 gen_len(jmp, n)
4489 int jmp, n;
4490 {
4491 struct slist *s;
4492 struct block *b;
4493
4494 s = new_stmt(BPF_LD|BPF_LEN);
4495 b = new_block(JMP(jmp));
4496 b->stmts = s;
4497 b->s.k = n;
4498
4499 return b;
4500 }
4501
4502 struct block *
4503 gen_greater(n)
4504 int n;
4505 {
4506 return gen_len(BPF_JGE, n);
4507 }
4508
4509 /*
4510 * Actually, this is less than or equal.
4511 */
4512 struct block *
4513 gen_less(n)
4514 int n;
4515 {
4516 struct block *b;
4517
4518 b = gen_len(BPF_JGT, n);
4519 gen_not(b);
4520
4521 return b;
4522 }
4523
4524 struct block *
4525 gen_byteop(op, idx, val)
4526 int op, idx, val;
4527 {
4528 struct block *b;
4529 struct slist *s;
4530
4531 switch (op) {
4532 default:
4533 abort();
4534
4535 case '=':
4536 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
4537
4538 case '<':
4539 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
4540 b->s.code = JMP(BPF_JGE);
4541 gen_not(b);
4542 return b;
4543
4544 case '>':
4545 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
4546 b->s.code = JMP(BPF_JGT);
4547 return b;
4548
4549 case '|':
4550 s = new_stmt(BPF_ALU|BPF_OR|BPF_K);
4551 break;
4552
4553 case '&':
4554 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
4555 break;
4556 }
4557 s->s.k = val;
4558 b = new_block(JMP(BPF_JEQ));
4559 b->stmts = s;
4560 gen_not(b);
4561
4562 return b;
4563 }
4564
4565 static u_char abroadcast[] = { 0x0 };
4566
4567 struct block *
4568 gen_broadcast(proto)
4569 int proto;
4570 {
4571 bpf_u_int32 hostmask;
4572 struct block *b0, *b1, *b2;
4573 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
4574
4575 switch (proto) {
4576
4577 case Q_DEFAULT:
4578 case Q_LINK:
4579 if (linktype == DLT_ARCNET)
4580 return gen_ahostop(abroadcast, Q_DST);
4581 if (linktype == DLT_EN10MB)
4582 return gen_ehostop(ebroadcast, Q_DST);
4583 if (linktype == DLT_FDDI)
4584 return gen_fhostop(ebroadcast, Q_DST);
4585 if (linktype == DLT_IEEE802)
4586 return gen_thostop(ebroadcast, Q_DST);
4587 if (linktype == DLT_IEEE802_11)
4588 return gen_wlanhostop(ebroadcast, Q_DST);
4589 if (linktype == DLT_SUNATM && is_lane) {
4590 /*
4591 * Check that the packet doesn't begin with an
4592 * LE Control marker. (We've already generated
4593 * a test for LANE.)
4594 */
4595 b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
4596 gen_not(b1);
4597
4598 /*
4599 * Now check the MAC address.
4600 */
4601 b0 = gen_ehostop(ebroadcast, Q_DST);
4602 gen_and(b1, b0);
4603 return b0;
4604 }
4605 bpf_error("not a broadcast link");
4606 break;
4607
4608 case Q_IP:
4609 b0 = gen_linktype(ETHERTYPE_IP);
4610 hostmask = ~netmask;
4611 b1 = gen_mcmp(off_nl + 16, BPF_W, (bpf_int32)0, hostmask);
4612 b2 = gen_mcmp(off_nl + 16, BPF_W,
4613 (bpf_int32)(~0 & hostmask), hostmask);
4614 gen_or(b1, b2);
4615 gen_and(b0, b2);
4616 return b2;
4617 }
4618 bpf_error("only ether/ip broadcast filters supported");
4619 }
4620
4621 /*
4622 * Generate code to test the low-order bit of a MAC address (that's
4623 * the bottom bit of the *first* byte).
4624 */
4625 static struct block *
4626 gen_mac_multicast(offset)
4627 int offset;
4628 {
4629 register struct block *b0;
4630 register struct slist *s;
4631
4632 /* link[offset] & 1 != 0 */
4633 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4634 s->s.k = offset;
4635 b0 = new_block(JMP(BPF_JSET));
4636 b0->s.k = 1;
4637 b0->stmts = s;
4638 return b0;
4639 }
4640
4641 struct block *
4642 gen_multicast(proto)
4643 int proto;
4644 {
4645 register struct block *b0, *b1, *b2;
4646 register struct slist *s;
4647
4648 switch (proto) {
4649
4650 case Q_DEFAULT:
4651 case Q_LINK:
4652 if (linktype == DLT_ARCNET)
4653 /* all ARCnet multicasts use the same address */
4654 return gen_ahostop(abroadcast, Q_DST);
4655
4656 if (linktype == DLT_EN10MB) {
4657 /* ether[0] & 1 != 0 */
4658 return gen_mac_multicast(0);
4659 }
4660
4661 if (linktype == DLT_FDDI) {
4662 /*
4663 * XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX
4664 *
4665 * XXX - was that referring to bit-order issues?
4666 */
4667 /* fddi[1] & 1 != 0 */
4668 return gen_mac_multicast(1);
4669 }
4670
4671 if (linktype == DLT_IEEE802) {
4672 /* tr[2] & 1 != 0 */
4673 return gen_mac_multicast(2);
4674 }
4675
4676 if (linktype == DLT_IEEE802_11) {
4677 /*
4678 * Oh, yuk.
4679 *
4680 * For control frames, there is no DA.
4681 *
4682 * For management frames, DA is at an
4683 * offset of 4 from the beginning of
4684 * the packet.
4685 *
4686 * For data frames, DA is at an offset
4687 * of 4 from the beginning of the packet
4688 * if To DS is clear and at an offset of
4689 * 16 from the beginning of the packet
4690 * if To DS is set.
4691 */
4692
4693 /*
4694 * Generate the tests to be done for data frames.
4695 *
4696 * First, check for To DS set, i.e. "link[1] & 0x01".
4697 */
4698 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4699 s->s.k = 1;
4700 b1 = new_block(JMP(BPF_JSET));
4701 b1->s.k = 0x01; /* To DS */
4702 b1->stmts = s;
4703
4704 /*
4705 * If To DS is set, the DA is at 16.
4706 */
4707 b0 = gen_mac_multicast(16);
4708 gen_and(b1, b0);
4709
4710 /*
4711 * Now, check for To DS not set, i.e. check
4712 * "!(link[1] & 0x01)".
4713 */
4714 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4715 s->s.k = 1;
4716 b2 = new_block(JMP(BPF_JSET));
4717 b2->s.k = 0x01; /* To DS */
4718 b2->stmts = s;
4719 gen_not(b2);
4720
4721 /*
4722 * If To DS is not set, the DA is at 4.
4723 */
4724 b1 = gen_mac_multicast(4);
4725 gen_and(b2, b1);
4726
4727 /*
4728 * Now OR together the last two checks. That gives
4729 * the complete set of checks for data frames.
4730 */
4731 gen_or(b1, b0);
4732
4733 /*
4734 * Now check for a data frame.
4735 * I.e, check "link[0] & 0x08".
4736 */
4737 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4738 s->s.k = 0;
4739 b1 = new_block(JMP(BPF_JSET));
4740 b1->s.k = 0x08;
4741 b1->stmts = s;
4742
4743 /*
4744 * AND that with the checks done for data frames.
4745 */
4746 gen_and(b1, b0);
4747
4748 /*
4749 * If the high-order bit of the type value is 0, this
4750 * is a management frame.
4751 * I.e, check "!(link[0] & 0x08)".
4752 */
4753 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4754 s->s.k = 0;
4755 b2 = new_block(JMP(BPF_JSET));
4756 b2->s.k = 0x08;
4757 b2->stmts = s;
4758 gen_not(b2);
4759
4760 /*
4761 * For management frames, the DA is at 4.
4762 */
4763 b1 = gen_mac_multicast(4);
4764 gen_and(b2, b1);
4765
4766 /*
4767 * OR that with the checks done for data frames.
4768 * That gives the checks done for management and
4769 * data frames.
4770 */
4771 gen_or(b1, b0);
4772
4773 /*
4774 * If the low-order bit of the type value is 1,
4775 * this is either a control frame or a frame
4776 * with a reserved type, and thus not a
4777 * frame with an SA.
4778 *
4779 * I.e., check "!(link[0] & 0x04)".
4780 */
4781 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4782 s->s.k = 0;
4783 b1 = new_block(JMP(BPF_JSET));
4784 b1->s.k = 0x04;
4785 b1->stmts = s;
4786 gen_not(b1);
4787
4788 /*
4789 * AND that with the checks for data and management
4790 * frames.
4791 */
4792 gen_and(b1, b0);
4793 return b0;
4794 }
4795
4796 if (linktype == DLT_SUNATM && is_lane) {
4797 /*
4798 * Check that the packet doesn't begin with an
4799 * LE Control marker. (We've already generated
4800 * a test for LANE.)
4801 */
4802 b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
4803 gen_not(b1);
4804
4805 /* ether[off_mac] & 1 != 0 */
4806 b0 = gen_mac_multicast(off_mac);
4807 gen_and(b1, b0);
4808 return b0;
4809 }
4810
4811 /* Link not known to support multicasts */
4812 break;
4813
4814 case Q_IP:
4815 b0 = gen_linktype(ETHERTYPE_IP);
4816 b1 = gen_cmp(off_nl + 16, BPF_B, (bpf_int32)224);
4817 b1->s.code = JMP(BPF_JGE);
4818 gen_and(b0, b1);
4819 return b1;
4820
4821 #ifdef INET6
4822 case Q_IPV6:
4823 b0 = gen_linktype(ETHERTYPE_IPV6);
4824 b1 = gen_cmp(off_nl + 24, BPF_B, (bpf_int32)255);
4825 gen_and(b0, b1);
4826 return b1;
4827 #endif /* INET6 */
4828 }
4829 bpf_error("only IP multicast filters supported on ethernet/FDDI");
4830 }
4831
4832 /*
4833 * generate command for inbound/outbound. It's here so we can
4834 * make it link-type specific. 'dir' = 0 implies "inbound",
4835 * = 1 implies "outbound".
4836 */
4837 struct block *
4838 gen_inbound(dir)
4839 int dir;
4840 {
4841 register struct block *b0;
4842
4843 /*
4844 * Only some data link types support inbound/outbound qualifiers.
4845 */
4846 switch (linktype) {
4847 case DLT_SLIP:
4848 case DLT_PPP:
4849 b0 = gen_relation(BPF_JEQ,
4850 gen_load(Q_LINK, gen_loadi(0), 1),
4851 gen_loadi(0),
4852 dir);
4853 break;
4854
4855 case DLT_LINUX_SLL:
4856 if (dir) {
4857 /*
4858 * Match packets sent by this machine.
4859 */
4860 b0 = gen_cmp(0, BPF_H, LINUX_SLL_OUTGOING);
4861 } else {
4862 /*
4863 * Match packets sent to this machine.
4864 * (No broadcast or multicast packets, or
4865 * packets sent to some other machine and
4866 * received promiscuously.)
4867 *
4868 * XXX - packets sent to other machines probably
4869 * shouldn't be matched, but what about broadcast
4870 * or multicast packets we received?
4871 */
4872 b0 = gen_cmp(0, BPF_H, LINUX_SLL_HOST);
4873 }
4874 break;
4875
4876 default:
4877 bpf_error("inbound/outbound not supported on linktype %d\n",
4878 linktype);
4879 b0 = NULL;
4880 /* NOTREACHED */
4881 }
4882 return (b0);
4883 }
4884
4885 struct block *
4886 gen_acode(eaddr, q)
4887 register const u_char *eaddr;
4888 struct qual q;
4889 {
4890 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
4891 if (linktype == DLT_ARCNET)
4892 return gen_ahostop(eaddr, (int)q.dir);
4893 }
4894 bpf_error("ARCnet address used in non-arc expression");
4895 /* NOTREACHED */
4896 }
4897
4898 static struct block *
4899 gen_ahostop(eaddr, dir)
4900 register const u_char *eaddr;
4901 register int dir;
4902 {
4903 register struct block *b0, *b1;
4904
4905 switch (dir) {
4906 /* src comes first, different from Ethernet */
4907 case Q_SRC:
4908 return gen_bcmp(0, 1, eaddr);
4909
4910 case Q_DST:
4911 return gen_bcmp(1, 1, eaddr);
4912
4913 case Q_AND:
4914 b0 = gen_ahostop(eaddr, Q_SRC);
4915 b1 = gen_ahostop(eaddr, Q_DST);
4916 gen_and(b0, b1);
4917 return b1;
4918
4919 case Q_DEFAULT:
4920 case Q_OR:
4921 b0 = gen_ahostop(eaddr, Q_SRC);
4922 b1 = gen_ahostop(eaddr, Q_DST);
4923 gen_or(b0, b1);
4924 return b1;
4925 }
4926 abort();
4927 /* NOTREACHED */
4928 }
4929
4930 /*
4931 * support IEEE 802.1Q VLAN trunk over ethernet
4932 */
4933 struct block *
4934 gen_vlan(vlan_num)
4935 int vlan_num;
4936 {
4937 struct block *b0;
4938
4939 /*
4940 * Change the offsets to point to the type and data fields within
4941 * the VLAN packet. This is somewhat of a kludge.
4942 */
4943 if (orig_nl == (u_int)-1) {
4944 orig_linktype = off_linktype; /* save original values */
4945 orig_nl = off_nl;
4946 orig_nl_nosnap = off_nl_nosnap;
4947
4948 switch (linktype) {
4949
4950 case DLT_EN10MB:
4951 off_linktype = 16;
4952 off_nl_nosnap = 18;
4953 off_nl = 18;
4954 break;
4955
4956 default:
4957 bpf_error("no VLAN support for data link type %d",
4958 linktype);
4959 /*NOTREACHED*/
4960 }
4961 }
4962
4963 /* check for VLAN */
4964 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q);
4965
4966 /* If a specific VLAN is requested, check VLAN id */
4967 if (vlan_num >= 0) {
4968 struct block *b1;
4969
4970 b1 = gen_cmp(orig_nl, BPF_H, (bpf_int32)vlan_num);
4971 gen_and(b0, b1);
4972 b0 = b1;
4973 }
4974
4975 return (b0);
4976 }
4977
4978 struct block *
4979 gen_atmfield_code(atmfield, jvalue, jtype, reverse)
4980 int atmfield;
4981 bpf_u_int32 jvalue;
4982 bpf_u_int32 jtype;
4983 int reverse;
4984 {
4985 struct block *b0;
4986
4987 switch (atmfield) {
4988
4989 case A_VPI:
4990 if (!is_atm)
4991 bpf_error("'vpi' supported only on raw ATM");
4992 if (off_vpi == -1)
4993 abort();
4994 b0 = gen_ncmp(BPF_B, off_vpi, 0xffffffff, (u_int)jtype,
4995 (u_int)jvalue, reverse);
4996 break;
4997
4998 case A_VCI:
4999 if (!is_atm)
5000 bpf_error("'vci' supported only on raw ATM");
5001 if (off_vci == -1)
5002 abort();
5003 b0 = gen_ncmp(BPF_H, off_vci, 0xffffffff, (u_int)jtype,
5004 (u_int)jvalue, reverse);
5005 break;
5006
5007 case A_PROTOTYPE:
5008 if (off_proto == -1)
5009 abort(); /* XXX - this isn't on FreeBSD */
5010 b0 = gen_ncmp(BPF_B, off_proto, 0x0f, (u_int)jtype,
5011 (u_int)jvalue, reverse);
5012 break;
5013
5014 case A_MSGTYPE:
5015 if (off_payload == -1)
5016 abort();
5017 b0 = gen_ncmp(BPF_B, off_payload + MSG_TYPE_POS, 0xffffffff,
5018 (u_int)jtype, (u_int)jvalue, reverse);
5019 break;
5020
5021 case A_CALLREFTYPE:
5022 if (!is_atm)
5023 bpf_error("'callref' supported only on raw ATM");
5024 if (off_proto == -1)
5025 abort();
5026 b0 = gen_ncmp(BPF_B, off_proto, 0xffffffff, (u_int)jtype,
5027 (u_int)jvalue, reverse);
5028 break;
5029
5030 default:
5031 abort();
5032 }
5033 return b0;
5034 }
5035
5036 struct block *
5037 gen_atmtype_abbrev(type)
5038 int type;
5039 {
5040 struct block *b0, *b1;
5041
5042 switch (type) {
5043
5044 case A_METAC:
5045 /* Get all packets in Meta signalling Circuit */
5046 if (!is_atm)
5047 bpf_error("'metac' supported only on raw ATM");
5048 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5049 b1 = gen_atmfield_code(A_VCI, 1, BPF_JEQ, 0);
5050 gen_and(b0, b1);
5051 break;
5052
5053 case A_BCC:
5054 /* Get all packets in Broadcast Circuit*/
5055 if (!is_atm)
5056 bpf_error("'bcc' supported only on raw ATM");
5057 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5058 b1 = gen_atmfield_code(A_VCI, 2, BPF_JEQ, 0);
5059 gen_and(b0, b1);
5060 break;
5061
5062 case A_OAMF4SC:
5063 /* Get all cells in Segment OAM F4 circuit*/
5064 if (!is_atm)
5065 bpf_error("'oam4sc' supported only on raw ATM");
5066 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5067 b1 = gen_atmfield_code(A_VCI, 3, BPF_JEQ, 0);
5068 gen_and(b0, b1);
5069 break;
5070
5071 case A_OAMF4EC:
5072 /* Get all cells in End-to-End OAM F4 Circuit*/
5073 if (!is_atm)
5074 bpf_error("'oam4ec' supported only on raw ATM");
5075 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5076 b1 = gen_atmfield_code(A_VCI, 4, BPF_JEQ, 0);
5077 gen_and(b0, b1);
5078 break;
5079
5080 case A_SC:
5081 /* Get all packets in connection Signalling Circuit */
5082 if (!is_atm)
5083 bpf_error("'sc' supported only on raw ATM");
5084 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5085 b1 = gen_atmfield_code(A_VCI, 5, BPF_JEQ, 0);
5086 gen_and(b0, b1);
5087 break;
5088
5089 case A_ILMIC:
5090 /* Get all packets in ILMI Circuit */
5091 if (!is_atm)
5092 bpf_error("'ilmic' supported only on raw ATM");
5093 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5094 b1 = gen_atmfield_code(A_VCI, 16, BPF_JEQ, 0);
5095 gen_and(b0, b1);
5096 break;
5097
5098 case A_LANE:
5099 /* Get all LANE packets */
5100 if (!is_atm)
5101 bpf_error("'lane' supported only on raw ATM");
5102 b1 = gen_atmfield_code(A_PROTOTYPE, PT_LANE, BPF_JEQ, 0);
5103
5104 /*
5105 * Arrange that all subsequent tests assume LANE
5106 * rather than LLC-encapsulated packets, and set
5107 * the offsets appropriately for LANE-encapsulated
5108 * Ethernet.
5109 *
5110 * "off_mac" is the offset of the Ethernet header,
5111 * which is 2 bytes past the ATM pseudo-header
5112 * (skipping the pseudo-header and 2-byte LE Client
5113 * field). The other offsets are Ethernet offsets
5114 * relative to "off_mac".
5115 */
5116 is_lane = 1;
5117 off_mac = off_payload + 2; /* MAC header */
5118 off_linktype = off_mac + 12;
5119 off_nl = off_mac + 14; /* Ethernet II */
5120 off_nl_nosnap = off_mac + 17; /* 802.3+802.2 */
5121 break;
5122
5123 case A_LLC:
5124 /* Get all LLC-encapsulated packets */
5125 if (!is_atm)
5126 bpf_error("'llc' supported only on raw ATM");
5127 b1 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0);
5128 is_lane = 0;
5129 break;
5130
5131 default:
5132 abort();
5133 }
5134 return b1;
5135 }
5136
5137
5138 static struct block *
5139 gen_msg_abbrev(type)
5140 int type;
5141 {
5142 struct block *b1;
5143
5144 /*
5145 * Q.2931 signalling protocol messages for handling virtual circuits
5146 * establishment and teardown
5147 */
5148 switch (type) {
5149
5150 case A_SETUP:
5151 b1 = gen_atmfield_code(A_MSGTYPE, SETUP, BPF_JEQ, 0);
5152 break;
5153
5154 case A_CALLPROCEED:
5155 b1 = gen_atmfield_code(A_MSGTYPE, CALL_PROCEED, BPF_JEQ, 0);
5156 break;
5157
5158 case A_CONNECT:
5159 b1 = gen_atmfield_code(A_MSGTYPE, CONNECT, BPF_JEQ, 0);
5160 break;
5161
5162 case A_CONNECTACK:
5163 b1 = gen_atmfield_code(A_MSGTYPE, CONNECT_ACK, BPF_JEQ, 0);
5164 break;
5165
5166 case A_RELEASE:
5167 b1 = gen_atmfield_code(A_MSGTYPE, RELEASE, BPF_JEQ, 0);
5168 break;
5169
5170 case A_RELEASE_DONE:
5171 b1 = gen_atmfield_code(A_MSGTYPE, RELEASE_DONE, BPF_JEQ, 0);
5172 break;
5173
5174 default:
5175 abort();
5176 }
5177 return b1;
5178 }
5179
5180 struct block *
5181 gen_atmmulti_abbrev(type)
5182 int type;
5183 {
5184 struct block *b0, *b1;
5185
5186 switch (type) {
5187
5188 case A_OAM:
5189 if (!is_atm)
5190 bpf_error("'oam' supported only on raw ATM");
5191 b1 = gen_atmmulti_abbrev(A_OAMF4);
5192 break;
5193
5194 case A_OAMF4:
5195 if (!is_atm)
5196 bpf_error("'oamf4' supported only on raw ATM");
5197 /* OAM F4 type */
5198 b0 = gen_atmfield_code(A_VCI, 3, BPF_JEQ, 0);
5199 b1 = gen_atmfield_code(A_VCI, 4, BPF_JEQ, 0);
5200 gen_or(b0, b1);
5201 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5202 gen_and(b0, b1);
5203 break;
5204
5205 case A_CONNECTMSG:
5206 /*
5207 * Get Q.2931 signalling messages for switched
5208 * virtual connection
5209 */
5210 if (!is_atm)
5211 bpf_error("'connectmsg' supported only on raw ATM");
5212 b0 = gen_msg_abbrev(A_SETUP);
5213 b1 = gen_msg_abbrev(A_CALLPROCEED);
5214 gen_or(b0, b1);
5215 b0 = gen_msg_abbrev(A_CONNECT);
5216 gen_or(b0, b1);
5217 b0 = gen_msg_abbrev(A_CONNECTACK);
5218 gen_or(b0, b1);
5219 b0 = gen_msg_abbrev(A_RELEASE);
5220 gen_or(b0, b1);
5221 b0 = gen_msg_abbrev(A_RELEASE_DONE);
5222 gen_or(b0, b1);
5223 b0 = gen_atmtype_abbrev(A_SC);
5224 gen_and(b0, b1);
5225 break;
5226
5227 case A_METACONNECT:
5228 if (!is_atm)
5229 bpf_error("'metaconnect' supported only on raw ATM");
5230 b0 = gen_msg_abbrev(A_SETUP);
5231 b1 = gen_msg_abbrev(A_CALLPROCEED);
5232 gen_or(b0, b1);
5233 b0 = gen_msg_abbrev(A_CONNECT);
5234 gen_or(b0, b1);
5235 b0 = gen_msg_abbrev(A_RELEASE);
5236 gen_or(b0, b1);
5237 b0 = gen_msg_abbrev(A_RELEASE_DONE);
5238 gen_or(b0, b1);
5239 b0 = gen_atmtype_abbrev(A_METAC);
5240 gen_and(b0, b1);
5241 break;
5242
5243 default:
5244 abort();
5245 }
5246 return b1;
5247 }
[mirror] the LIBpcap interface to various kernel packet capture mechanism