]> The Tcpdump Group git mirrors - libpcap/blob - gencode.c
projects / libpcap / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Catch attempts to filter on ISO hosts (we don't support that) and to
[libpcap] / gencode.c
1 /*#define CHASE_CHAIN*/
2 /*
3 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998
4 * The Regents of the University of California. All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that: (1) source code distributions
8 * retain the above copyright notice and this paragraph in its entirety, (2)
9 * distributions including binary code include the above copyright notice and
10 * this paragraph in its entirety in the documentation or other materials
11 * provided with the distribution, and (3) all advertising materials mentioning
12 * features or use of this software display the following acknowledgement:
13 * ``This product includes software developed by the University of California,
14 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
15 * the University nor the names of its contributors may be used to endorse
16 * or promote products derived from this software without specific prior
17 * written permission.
18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
19 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
20 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
21 */
22 #ifndef lint
23 static const char rcsid[] =
24 "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.130 2000-10-28 09:43:56 guy Exp $ (LBL)";
25 #endif
26
27 #ifdef HAVE_CONFIG_H
28 #include "config.h"
29 #endif
30
31 #include <sys/types.h>
32 #include <sys/socket.h>
33 #include <sys/time.h>
34 #ifdef __NetBSD__
35 #include <sys/param.h>
36 #endif
37
38 struct mbuf;
39 struct rtentry;
40 #include <net/if.h>
41
42 #include <netinet/in.h>
43
44 #include <stdlib.h>
45 #include <string.h>
46 #include <memory.h>
47 #include <setjmp.h>
48 #include <stdarg.h>
49
50 #include "pcap-int.h"
51
52 #include "ethertype.h"
53 #include "nlpid.h"
54 #include "gencode.h"
55 #include "ppp.h"
56 #include <pcap-namedb.h>
57 #ifdef INET6
58 #include <netdb.h>
59 #include <sys/socket.h>
60 #endif /*INET6*/
61
62 #define LLC_ISO_LSAP 0xfe
63
64 #define ETHERMTU 1500
65
66 #ifdef HAVE_OS_PROTO_H
67 #include "os-proto.h"
68 #endif
69
70 #define JMP(c) ((c)|BPF_JMP|BPF_K)
71
72 /* Locals */
73 static jmp_buf top_ctx;
74 static pcap_t *bpf_pcap;
75
76 /* XXX */
77 #ifdef PCAP_FDDIPAD
78 int pcap_fddipad = PCAP_FDDIPAD;
79 #else
80 int pcap_fddipad;
81 #endif
82
83 /* VARARGS */
84 void
85 bpf_error(const char *fmt, ...)
86
87 {
88 va_list ap;
89
90 va_start(ap, fmt);
91 if (bpf_pcap != NULL)
92 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE,
93 fmt, ap);
94 va_end(ap);
95 longjmp(top_ctx, 1);
96 /* NOTREACHED */
97 }
98
99 static void init_linktype(int);
100
101 static int alloc_reg(void);
102 static void free_reg(int);
103
104 static struct block *root;
105
106 /*
107 * We divy out chunks of memory rather than call malloc each time so
108 * we don't have to worry about leaking memory. It's probably
109 * not a big deal if all this memory was wasted but it this ever
110 * goes into a library that would probably not be a good idea.
111 */
112 #define NCHUNKS 16
113 #define CHUNK0SIZE 1024
114 struct chunk {
115 u_int n_left;
116 void *m;
117 };
118
119 static struct chunk chunks[NCHUNKS];
120 static int cur_chunk;
121
122 static void *newchunk(u_int);
123 static void freechunks(void);
124 static inline struct block *new_block(int);
125 static inline struct slist *new_stmt(int);
126 static struct block *gen_retblk(int);
127 static inline void syntax(void);
128
129 static void backpatch(struct block *, struct block *);
130 static void merge(struct block *, struct block *);
131 static struct block *gen_cmp(u_int, u_int, bpf_int32);
132 static struct block *gen_cmp_gt(u_int, u_int, bpf_int32);
133 static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32);
134 static struct block *gen_bcmp(u_int, u_int, const u_char *);
135 static struct block *gen_uncond(int);
136 static inline struct block *gen_true(void);
137 static inline struct block *gen_false(void);
138 static struct block *gen_linktype(int);
139 static struct block *gen_snap(bpf_u_int32, bpf_u_int32, u_int);
140 static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int);
141 #ifdef INET6
142 static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int);
143 #endif
144 static struct block *gen_ehostop(const u_char *, int);
145 static struct block *gen_fhostop(const u_char *, int);
146 static struct block *gen_thostop(const u_char *, int);
147 static struct block *gen_dnhostop(bpf_u_int32, int, u_int);
148 static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int);
149 #ifdef INET6
150 static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int);
151 #endif
152 #ifndef INET6
153 static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int);
154 #endif
155 static struct block *gen_ipfrag(void);
156 static struct block *gen_portatom(int, bpf_int32);
157 #ifdef INET6
158 static struct block *gen_portatom6(int, bpf_int32);
159 #endif
160 struct block *gen_portop(int, int, int);
161 static struct block *gen_port(int, int, int);
162 #ifdef INET6
163 struct block *gen_portop6(int, int, int);
164 static struct block *gen_port6(int, int, int);
165 #endif
166 static int lookup_proto(const char *, int);
167 static struct block *gen_protochain(int, int, int);
168 static struct block *gen_proto(int, int, int);
169 static struct slist *xfer_to_x(struct arth *);
170 static struct slist *xfer_to_a(struct arth *);
171 static struct block *gen_len(int, int);
172
173 static void *
174 newchunk(n)
175 u_int n;
176 {
177 struct chunk *cp;
178 int k, size;
179
180 #ifndef __NetBSD__
181 /* XXX Round up to nearest long. */
182 n = (n + sizeof(long) - 1) & ~(sizeof(long) - 1);
183 #else
184 /* XXX Round up to structure boundary. */
185 n = ALIGN(n);
186 #endif
187
188 cp = &chunks[cur_chunk];
189 if (n > cp->n_left) {
190 ++cp, k = ++cur_chunk;
191 if (k >= NCHUNKS)
192 bpf_error("out of memory");
193 size = CHUNK0SIZE << k;
194 cp->m = (void *)malloc(size);
195 memset((char *)cp->m, 0, size);
196 cp->n_left = size;
197 if (n > size)
198 bpf_error("out of memory");
199 }
200 cp->n_left -= n;
201 return (void *)((char *)cp->m + cp->n_left);
202 }
203
204 static void
205 freechunks()
206 {
207 int i;
208
209 cur_chunk = 0;
210 for (i = 0; i < NCHUNKS; ++i)
211 if (chunks[i].m != NULL) {
212 free(chunks[i].m);
213 chunks[i].m = NULL;
214 }
215 }
216
217 /*
218 * A strdup whose allocations are freed after code generation is over.
219 */
220 char *
221 sdup(s)
222 register const char *s;
223 {
224 int n = strlen(s) + 1;
225 char *cp = newchunk(n);
226
227 strlcpy(cp, s, n);
228 return (cp);
229 }
230
231 static inline struct block *
232 new_block(code)
233 int code;
234 {
235 struct block *p;
236
237 p = (struct block *)newchunk(sizeof(*p));
238 p->s.code = code;
239 p->head = p;
240
241 return p;
242 }
243
244 static inline struct slist *
245 new_stmt(code)
246 int code;
247 {
248 struct slist *p;
249
250 p = (struct slist *)newchunk(sizeof(*p));
251 p->s.code = code;
252
253 return p;
254 }
255
256 static struct block *
257 gen_retblk(v)
258 int v;
259 {
260 struct block *b = new_block(BPF_RET|BPF_K);
261
262 b->s.k = v;
263 return b;
264 }
265
266 static inline void
267 syntax()
268 {
269 bpf_error("syntax error in filter expression");
270 }
271
272 static bpf_u_int32 netmask;
273 static int snaplen;
274 int no_optimize;
275
276 int
277 pcap_compile(pcap_t *p, struct bpf_program *program,
278 char *buf, int optimize, bpf_u_int32 mask)
279 {
280 extern int n_errors;
281 int len;
282
283 no_optimize = 0;
284 n_errors = 0;
285 root = NULL;
286 bpf_pcap = p;
287 if (setjmp(top_ctx)) {
288 lex_cleanup();
289 freechunks();
290 return (-1);
291 }
292
293 netmask = mask;
294
295 /* On Linux we do not use the BPF filter to truncate the packet
296 * since the kernel provides other ways for that. In fact if we
297 * are using the packet filter for that duty we will be unable
298 * to acquire the original packet size. -- Torsten */
299 #ifndef linux
300 snaplen = pcap_snapshot(p);
301 #else
302 snaplen = 0xffff;
303 #endif
304 if (snaplen == 0) {
305 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
306 "snaplen of 0 rejects all packets");
307 return -1;
308 }
309
310 lex_init(buf ? buf : "");
311 init_linktype(pcap_datalink(p));
312 (void)pcap_parse();
313
314 if (n_errors)
315 syntax();
316
317 if (root == NULL)
318 root = gen_retblk(snaplen);
319
320 if (optimize && !no_optimize) {
321 bpf_optimize(&root);
322 if (root == NULL ||
323 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0))
324 bpf_error("expression rejects all packets");
325 }
326 program->bf_insns = icode_to_fcode(root, &len);
327 program->bf_len = len;
328
329 lex_cleanup();
330 freechunks();
331 return (0);
332 }
333
334 /*
335 * entry point for using the compiler with no pcap open
336 * pass in all the stuff that is needed explicitly instead.
337 */
338 int
339 pcap_compile_nopcap(int snaplen_arg, int linktype_arg,
340 struct bpf_program *program,
341 char *buf, int optimize, bpf_u_int32 mask)
342 {
343 extern int n_errors;
344 int len;
345
346 n_errors = 0;
347 root = NULL;
348 bpf_pcap = NULL;
349 if (setjmp(top_ctx)) {
350 freechunks();
351 return (-1);
352 }
353
354 netmask = mask;
355
356 /* XXX needed? I don't grok the use of globals here. */
357 snaplen = snaplen_arg;
358
359 lex_init(buf ? buf : "");
360 init_linktype(linktype_arg);
361 (void)pcap_parse();
362
363 if (n_errors)
364 syntax();
365
366 if (root == NULL)
367 root = gen_retblk(snaplen_arg);
368
369 if (optimize) {
370 bpf_optimize(&root);
371 if (root == NULL ||
372 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0))
373 bpf_error("expression rejects all packets");
374 }
375 program->bf_insns = icode_to_fcode(root, &len);
376 program->bf_len = len;
377
378 freechunks();
379 return (0);
380 }
381
382 /*
383 * Clean up a "struct bpf_program" by freeing all the memory allocated
384 * in it.
385 */
386 void
387 pcap_freecode(struct bpf_program *program)
388 {
389 program->bf_len = 0;
390 if (program->bf_insns != NULL) {
391 free((char *)program->bf_insns);
392 program->bf_insns = NULL;
393 }
394 }
395
396 /*
397 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates
398 * which of the jt and jf fields has been resolved and which is a pointer
399 * back to another unresolved block (or nil). At least one of the fields
400 * in each block is already resolved.
401 */
402 static void
403 backpatch(list, target)
404 struct block *list, *target;
405 {
406 struct block *next;
407
408 while (list) {
409 if (!list->sense) {
410 next = JT(list);
411 JT(list) = target;
412 } else {
413 next = JF(list);
414 JF(list) = target;
415 }
416 list = next;
417 }
418 }
419
420 /*
421 * Merge the lists in b0 and b1, using the 'sense' field to indicate
422 * which of jt and jf is the link.
423 */
424 static void
425 merge(b0, b1)
426 struct block *b0, *b1;
427 {
428 register struct block **p = &b0;
429
430 /* Find end of list. */
431 while (*p)
432 p = !((*p)->sense) ? &JT(*p) : &JF(*p);
433
434 /* Concatenate the lists. */
435 *p = b1;
436 }
437
438 void
439 finish_parse(p)
440 struct block *p;
441 {
442 backpatch(p, gen_retblk(snaplen));
443 p->sense = !p->sense;
444 backpatch(p, gen_retblk(0));
445 root = p->head;
446 }
447
448 void
449 gen_and(b0, b1)
450 struct block *b0, *b1;
451 {
452 backpatch(b0, b1->head);
453 b0->sense = !b0->sense;
454 b1->sense = !b1->sense;
455 merge(b1, b0);
456 b1->sense = !b1->sense;
457 b1->head = b0->head;
458 }
459
460 void
461 gen_or(b0, b1)
462 struct block *b0, *b1;
463 {
464 b0->sense = !b0->sense;
465 backpatch(b0, b1->head);
466 b0->sense = !b0->sense;
467 merge(b1, b0);
468 b1->head = b0->head;
469 }
470
471 void
472 gen_not(b)
473 struct block *b;
474 {
475 b->sense = !b->sense;
476 }
477
478 static struct block *
479 gen_cmp(offset, size, v)
480 u_int offset, size;
481 bpf_int32 v;
482 {
483 struct slist *s;
484 struct block *b;
485
486 s = new_stmt(BPF_LD|BPF_ABS|size);
487 s->s.k = offset;
488
489 b = new_block(JMP(BPF_JEQ));
490 b->stmts = s;
491 b->s.k = v;
492
493 return b;
494 }
495
496 static struct block *
497 gen_cmp_gt(offset, size, v)
498 u_int offset, size;
499 bpf_int32 v;
500 {
501 struct slist *s;
502 struct block *b;
503
504 s = new_stmt(BPF_LD|BPF_ABS|size);
505 s->s.k = offset;
506
507 b = new_block(JMP(BPF_JGT));
508 b->stmts = s;
509 b->s.k = v;
510
511 return b;
512 }
513
514 static struct block *
515 gen_mcmp(offset, size, v, mask)
516 u_int offset, size;
517 bpf_int32 v;
518 bpf_u_int32 mask;
519 {
520 struct block *b = gen_cmp(offset, size, v);
521 struct slist *s;
522
523 if (mask != 0xffffffff) {
524 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
525 s->s.k = mask;
526 b->stmts->next = s;
527 }
528 return b;
529 }
530
531 static struct block *
532 gen_bcmp(offset, size, v)
533 register u_int offset, size;
534 register const u_char *v;
535 {
536 register struct block *b, *tmp;
537
538 b = NULL;
539 while (size >= 4) {
540 register const u_char *p = &v[size - 4];
541 bpf_int32 w = ((bpf_int32)p[0] << 24) |
542 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3];
543
544 tmp = gen_cmp(offset + size - 4, BPF_W, w);
545 if (b != NULL)
546 gen_and(b, tmp);
547 b = tmp;
548 size -= 4;
549 }
550 while (size >= 2) {
551 register const u_char *p = &v[size - 2];
552 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1];
553
554 tmp = gen_cmp(offset + size - 2, BPF_H, w);
555 if (b != NULL)
556 gen_and(b, tmp);
557 b = tmp;
558 size -= 2;
559 }
560 if (size > 0) {
561 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]);
562 if (b != NULL)
563 gen_and(b, tmp);
564 b = tmp;
565 }
566 return b;
567 }
568
569 /*
570 * Various code constructs need to know the layout of the data link
571 * layer. These variables give the necessary offsets. off_linktype
572 * is set to -1 for no encapsulation, in which case, IP is assumed.
573 */
574 static u_int off_linktype;
575 static u_int off_nl;
576 static int linktype;
577
578 static void
579 init_linktype(type)
580 int type;
581 {
582 linktype = type;
583
584 switch (type) {
585
586 case DLT_EN10MB:
587 off_linktype = 12;
588 off_nl = 14;
589 return;
590
591 case DLT_SLIP:
592 /*
593 * SLIP doesn't have a link level type. The 16 byte
594 * header is hacked into our SLIP driver.
595 */
596 off_linktype = -1;
597 off_nl = 16;
598 return;
599
600 case DLT_SLIP_BSDOS:
601 /* XXX this may be the same as the DLT_PPP_BSDOS case */
602 off_linktype = -1;
603 /* XXX end */
604 off_nl = 24;
605 return;
606
607 case DLT_NULL:
608 off_linktype = 0;
609 off_nl = 4;
610 return;
611
612 case DLT_PPP:
613 case DLT_C_HDLC:
614 case DLT_PPP_SERIAL:
615 off_linktype = 2;
616 off_nl = 4;
617 return;
618
619 case DLT_PPP_BSDOS:
620 off_linktype = 5;
621 off_nl = 24;
622 return;
623
624 case DLT_FDDI:
625 /*
626 * FDDI doesn't really have a link-level type field.
627 * We assume that SSAP = SNAP is being used and pick
628 * out the encapsulated Ethernet type.
629 *
630 * XXX - should we generate code to check for SNAP?
631 */
632 off_linktype = 19;
633 #ifdef PCAP_FDDIPAD
634 off_linktype += pcap_fddipad;
635 #endif
636 off_nl = 21;
637 #ifdef PCAP_FDDIPAD
638 off_nl += pcap_fddipad;
639 #endif
640 return;
641
642 case DLT_IEEE802:
643 /*
644 * Token Ring doesn't really have a link-level type field.
645 * We assume that SSAP = SNAP is being used and pick
646 * out the encapsulated Ethernet type.
647 *
648 * XXX - should we generate code to check for SNAP?
649 *
650 * XXX - the header is actually variable-length.
651 * Some various Linux patched versions gave 38
652 * as "off_linktype" and 40 as "off_nl"; however,
653 * if a token ring packet has *no* routing
654 * information, i.e. is not source-routed, the correct
655 * values are 20 and 22, as they are in the vanilla code.
656 *
657 * A packet is source-routed iff the uppermost bit
658 * of the first byte of the source address, at an
659 * offset of 8, has the uppermost bit set. If the
660 * packet is source-routed, the total number of bytes
661 * of routing information is 2 plus bits 0x1F00 of
662 * the 16-bit value at an offset of 14 (shifted right
663 * 8 - figure out which byte that is).
664 */
665 off_linktype = 20;
666 off_nl = 22;
667 return;
668
669 case DLT_ATM_RFC1483:
670 /*
671 * assume routed, non-ISO PDUs
672 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00)
673 */
674 off_linktype = 6;
675 off_nl = 8;
676 return;
677
678 case DLT_RAW:
679 off_linktype = -1;
680 off_nl = 0;
681 return;
682
683 case DLT_ATM_CLIP: /* Linux ATM defines this */
684 off_linktype = 6;
685 off_nl = 8;
686 return;
687 }
688 bpf_error("unknown data link type 0x%x", linktype);
689 /* NOTREACHED */
690 }
691
692 static struct block *
693 gen_uncond(rsense)
694 int rsense;
695 {
696 struct block *b;
697 struct slist *s;
698
699 s = new_stmt(BPF_LD|BPF_IMM);
700 s->s.k = !rsense;
701 b = new_block(JMP(BPF_JEQ));
702 b->stmts = s;
703
704 return b;
705 }
706
707 static inline struct block *
708 gen_true()
709 {
710 return gen_uncond(1);
711 }
712
713 static inline struct block *
714 gen_false()
715 {
716 return gen_uncond(0);
717 }
718
719 static struct block *
720 gen_linktype(proto)
721 register int proto;
722 {
723 struct block *b0, *b1;
724
725 /* If we're not using encapsulation, we're done */
726 if (off_linktype == -1)
727 return gen_true();
728
729 switch (linktype) {
730
731 case DLT_EN10MB:
732 /*
733 * XXX - handle other LLC-encapsulated protocols here
734 * (IPX, OSI)?
735 */
736 switch (proto) {
737
738 case LLC_ISO_LSAP:
739 /*
740 * OSI protocols always use 802.2 encapsulation.
741 */
742 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
743 gen_not(b0);
744 b1 = gen_cmp(off_linktype + 2, BPF_H, (long)
745 ((LLC_ISO_LSAP << 8) | LLC_ISO_LSAP));
746 gen_and(b0, b1);
747 return b1;
748
749 case ETHERTYPE_ATALK:
750 case ETHERTYPE_AARP:
751 /*
752 * EtherTalk (AppleTalk protocols on Ethernet link
753 * layer) may use 802.2 encapsulation.
754 */
755
756 /*
757 * Check for 802.2 encapsulation (EtherTalk phase 2?);
758 * we check for an Ethernet type field less than
759 * 1500, which means it's an 802.3 length field.
760 */
761 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
762 gen_not(b0);
763
764 /*
765 * 802.2-encapsulated ETHERTYPE_ATALK packets are
766 * SNAP packets with an organization code of
767 * 0x080007 (Apple, for Appletalk) and a protocol
768 * type of ETHERTYPE_ATALK (Appletalk).
769 *
770 * 802.2-encapsulated ETHERTYPE_AARP packets are
771 * SNAP packets with an organization code of
772 * 0x000000 (encapsulated Ethernet) and a protocol
773 * type of ETHERTYPE_AARP (Appletalk ARP).
774 */
775 if (proto == ETHERTYPE_ATALK)
776 b1 = gen_snap(0x080007, ETHERTYPE_ATALK, 14);
777 else /* proto == ETHERTYPE_AARP */
778 b1 = gen_snap(0x000000, ETHERTYPE_AARP, 14);
779 gen_and(b0, b1);
780
781 /*
782 * Check for Ethernet encapsulation (Ethertalk
783 * phase 1?); we just check for the Ethernet
784 * protocol type.
785 */
786 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
787
788 gen_or(b0, b1);
789 return b1;
790 }
791 break;
792
793 case DLT_SLIP:
794 return gen_false();
795
796 case DLT_PPP:
797 case DLT_PPP_SERIAL:
798 /*
799 * We use Ethernet protocol types inside libpcap;
800 * map them to the corresponding PPP protocol types.
801 */
802 switch (proto) {
803
804 case ETHERTYPE_IP:
805 proto = PPP_IP; /* XXX was 0x21 */
806 break;
807
808 #ifdef INET6
809 case ETHERTYPE_IPV6:
810 proto = PPP_IPV6;
811 break;
812 #endif
813
814 case ETHERTYPE_DN:
815 proto = PPP_DECNET;
816 break;
817
818 case ETHERTYPE_ATALK:
819 proto = PPP_APPLE;
820 break;
821
822 case ETHERTYPE_NS:
823 proto = PPP_NS;
824 break;
825 }
826 break;
827
828 case DLT_PPP_BSDOS:
829 /*
830 * We use Ethernet protocol types inside libpcap;
831 * map them to the corresponding PPP protocol types.
832 */
833 switch (proto) {
834
835 case ETHERTYPE_IP:
836 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP);
837 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC);
838 gen_or(b0, b1);
839 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC);
840 gen_or(b1, b0);
841 return b0;
842
843 #ifdef INET6
844 case ETHERTYPE_IPV6:
845 proto = PPP_IPV6;
846 /* more to go? */
847 break;
848 #endif
849
850 case ETHERTYPE_DN:
851 proto = PPP_DECNET;
852 break;
853
854 case ETHERTYPE_ATALK:
855 proto = PPP_APPLE;
856 break;
857
858 case ETHERTYPE_NS:
859 proto = PPP_NS;
860 break;
861 }
862 break;
863
864 case DLT_NULL:
865 /* XXX */
866 if (proto == ETHERTYPE_IP)
867 return (gen_cmp(0, BPF_W, (bpf_int32)htonl(AF_INET)));
868 #ifdef INET6
869 else if (proto == ETHERTYPE_IPV6)
870 return (gen_cmp(0, BPF_W, (bpf_int32)htonl(AF_INET6)));
871 #endif
872 else
873 return gen_false();
874 }
875 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
876 }
877
878 /*
879 * Check for an LLC SNAP packet with a given organization code and
880 * protocol type; we check the entire contents of the 802.2 LLC and
881 * snap headers, checking for a DSAP of 0xAA, an SSAP of 0xAA, and
882 * a control field of 0x03 in the LLC header, and for the specified
883 * organization code and protocol type in the SNAP header.
884 */
885 static struct block *
886 gen_snap(orgcode, ptype, offset)
887 bpf_u_int32 orgcode;
888 bpf_u_int32 ptype;
889 u_int offset;
890 {
891 u_char snapblock[8];
892
893 snapblock[0] = 0xAA; /* DSAP = SNAP */
894 snapblock[1] = 0xAA; /* SSAP = SNAP */
895 snapblock[2] = 0x03; /* control = UI */
896 snapblock[3] = (orgcode >> 16); /* upper 8 bits of organization code */
897 snapblock[4] = (orgcode >> 8); /* middle 8 bits of organization code */
898 snapblock[5] = (orgcode >> 0); /* lower 8 bits of organization code */
899 snapblock[6] = (ptype >> 8); /* upper 8 bits of protocol type */
900 snapblock[7] = (ptype >> 0); /* lower 8 bits of protocol type */
901 return gen_bcmp(offset, 8, snapblock);
902 }
903
904 static struct block *
905 gen_hostop(addr, mask, dir, proto, src_off, dst_off)
906 bpf_u_int32 addr;
907 bpf_u_int32 mask;
908 int dir, proto;
909 u_int src_off, dst_off;
910 {
911 struct block *b0, *b1;
912 u_int offset;
913
914 switch (dir) {
915
916 case Q_SRC:
917 offset = src_off;
918 break;
919
920 case Q_DST:
921 offset = dst_off;
922 break;
923
924 case Q_AND:
925 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
926 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
927 gen_and(b0, b1);
928 return b1;
929
930 case Q_OR:
931 case Q_DEFAULT:
932 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
933 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
934 gen_or(b0, b1);
935 return b1;
936
937 default:
938 abort();
939 }
940 b0 = gen_linktype(proto);
941 b1 = gen_mcmp(offset, BPF_W, (bpf_int32)addr, mask);
942 gen_and(b0, b1);
943 return b1;
944 }
945
946 #ifdef INET6
947 static struct block *
948 gen_hostop6(addr, mask, dir, proto, src_off, dst_off)
949 struct in6_addr *addr;
950 struct in6_addr *mask;
951 int dir, proto;
952 u_int src_off, dst_off;
953 {
954 struct block *b0, *b1;
955 u_int offset;
956 u_int32_t *a, *m;
957
958 switch (dir) {
959
960 case Q_SRC:
961 offset = src_off;
962 break;
963
964 case Q_DST:
965 offset = dst_off;
966 break;
967
968 case Q_AND:
969 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
970 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
971 gen_and(b0, b1);
972 return b1;
973
974 case Q_OR:
975 case Q_DEFAULT:
976 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
977 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
978 gen_or(b0, b1);
979 return b1;
980
981 default:
982 abort();
983 }
984 /* this order is important */
985 a = (u_int32_t *)addr;
986 m = (u_int32_t *)mask;
987 b1 = gen_mcmp(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3]));
988 b0 = gen_mcmp(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2]));
989 gen_and(b0, b1);
990 b0 = gen_mcmp(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1]));
991 gen_and(b0, b1);
992 b0 = gen_mcmp(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0]));
993 gen_and(b0, b1);
994 b0 = gen_linktype(proto);
995 gen_and(b0, b1);
996 return b1;
997 }
998 #endif /*INET6*/
999
1000 static struct block *
1001 gen_ehostop(eaddr, dir)
1002 register const u_char *eaddr;
1003 register int dir;
1004 {
1005 register struct block *b0, *b1;
1006
1007 switch (dir) {
1008 case Q_SRC:
1009 return gen_bcmp(6, 6, eaddr);
1010
1011 case Q_DST:
1012 return gen_bcmp(0, 6, eaddr);
1013
1014 case Q_AND:
1015 b0 = gen_ehostop(eaddr, Q_SRC);
1016 b1 = gen_ehostop(eaddr, Q_DST);
1017 gen_and(b0, b1);
1018 return b1;
1019
1020 case Q_DEFAULT:
1021 case Q_OR:
1022 b0 = gen_ehostop(eaddr, Q_SRC);
1023 b1 = gen_ehostop(eaddr, Q_DST);
1024 gen_or(b0, b1);
1025 return b1;
1026 }
1027 abort();
1028 /* NOTREACHED */
1029 }
1030
1031 /*
1032 * Like gen_ehostop, but for DLT_FDDI
1033 */
1034 static struct block *
1035 gen_fhostop(eaddr, dir)
1036 register const u_char *eaddr;
1037 register int dir;
1038 {
1039 struct block *b0, *b1;
1040
1041 switch (dir) {
1042 case Q_SRC:
1043 #ifdef PCAP_FDDIPAD
1044 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr);
1045 #else
1046 return gen_bcmp(6 + 1, 6, eaddr);
1047 #endif
1048
1049 case Q_DST:
1050 #ifdef PCAP_FDDIPAD
1051 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr);
1052 #else
1053 return gen_bcmp(0 + 1, 6, eaddr);
1054 #endif
1055
1056 case Q_AND:
1057 b0 = gen_fhostop(eaddr, Q_SRC);
1058 b1 = gen_fhostop(eaddr, Q_DST);
1059 gen_and(b0, b1);
1060 return b1;
1061
1062 case Q_DEFAULT:
1063 case Q_OR:
1064 b0 = gen_fhostop(eaddr, Q_SRC);
1065 b1 = gen_fhostop(eaddr, Q_DST);
1066 gen_or(b0, b1);
1067 return b1;
1068 }
1069 abort();
1070 /* NOTREACHED */
1071 }
1072
1073 /*
1074 * Like gen_ehostop, but for DLT_IEEE802 (Token Ring)
1075 */
1076 static struct block *
1077 gen_thostop(eaddr, dir)
1078 register const u_char *eaddr;
1079 register int dir;
1080 {
1081 register struct block *b0, *b1;
1082
1083 switch (dir) {
1084 case Q_SRC:
1085 return gen_bcmp(8, 6, eaddr);
1086
1087 case Q_DST:
1088 return gen_bcmp(2, 6, eaddr);
1089
1090 case Q_AND:
1091 b0 = gen_thostop(eaddr, Q_SRC);
1092 b1 = gen_thostop(eaddr, Q_DST);
1093 gen_and(b0, b1);
1094 return b1;
1095
1096 case Q_DEFAULT:
1097 case Q_OR:
1098 b0 = gen_thostop(eaddr, Q_SRC);
1099 b1 = gen_thostop(eaddr, Q_DST);
1100 gen_or(b0, b1);
1101 return b1;
1102 }
1103 abort();
1104 /* NOTREACHED */
1105 }
1106
1107 /*
1108 * This is quite tricky because there may be pad bytes in front of the
1109 * DECNET header, and then there are two possible data packet formats that
1110 * carry both src and dst addresses, plus 5 packet types in a format that
1111 * carries only the src node, plus 2 types that use a different format and
1112 * also carry just the src node.
1113 *
1114 * Yuck.
1115 *
1116 * Instead of doing those all right, we just look for data packets with
1117 * 0 or 1 bytes of padding. If you want to look at other packets, that
1118 * will require a lot more hacking.
1119 *
1120 * To add support for filtering on DECNET "areas" (network numbers)
1121 * one would want to add a "mask" argument to this routine. That would
1122 * make the filter even more inefficient, although one could be clever
1123 * and not generate masking instructions if the mask is 0xFFFF.
1124 */
1125 static struct block *
1126 gen_dnhostop(addr, dir, base_off)
1127 bpf_u_int32 addr;
1128 int dir;
1129 u_int base_off;
1130 {
1131 struct block *b0, *b1, *b2, *tmp;
1132 u_int offset_lh; /* offset if long header is received */
1133 u_int offset_sh; /* offset if short header is received */
1134
1135 switch (dir) {
1136
1137 case Q_DST:
1138 offset_sh = 1; /* follows flags */
1139 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */
1140 break;
1141
1142 case Q_SRC:
1143 offset_sh = 3; /* follows flags, dstnode */
1144 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */
1145 break;
1146
1147 case Q_AND:
1148 /* Inefficient because we do our Calvinball dance twice */
1149 b0 = gen_dnhostop(addr, Q_SRC, base_off);
1150 b1 = gen_dnhostop(addr, Q_DST, base_off);
1151 gen_and(b0, b1);
1152 return b1;
1153
1154 case Q_OR:
1155 case Q_DEFAULT:
1156 /* Inefficient because we do our Calvinball dance twice */
1157 b0 = gen_dnhostop(addr, Q_SRC, base_off);
1158 b1 = gen_dnhostop(addr, Q_DST, base_off);
1159 gen_or(b0, b1);
1160 return b1;
1161
1162 case Q_ISO:
1163 bpf_error("ISO host filtering not implemented");
1164
1165 default:
1166 abort();
1167 }
1168 b0 = gen_linktype(ETHERTYPE_DN);
1169 /* Check for pad = 1, long header case */
1170 tmp = gen_mcmp(base_off + 2, BPF_H,
1171 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF));
1172 b1 = gen_cmp(base_off + 2 + 1 + offset_lh,
1173 BPF_H, (bpf_int32)ntohs(addr));
1174 gen_and(tmp, b1);
1175 /* Check for pad = 0, long header case */
1176 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7);
1177 b2 = gen_cmp(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr));
1178 gen_and(tmp, b2);
1179 gen_or(b2, b1);
1180 /* Check for pad = 1, short header case */
1181 tmp = gen_mcmp(base_off + 2, BPF_H,
1182 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF));
1183 b2 = gen_cmp(base_off + 2 + 1 + offset_sh,
1184 BPF_H, (bpf_int32)ntohs(addr));
1185 gen_and(tmp, b2);
1186 gen_or(b2, b1);
1187 /* Check for pad = 0, short header case */
1188 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7);
1189 b2 = gen_cmp(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr));
1190 gen_and(tmp, b2);
1191 gen_or(b2, b1);
1192
1193 /* Combine with test for linktype */
1194 gen_and(b0, b1);
1195 return b1;
1196 }
1197
1198 static struct block *
1199 gen_host(addr, mask, proto, dir)
1200 bpf_u_int32 addr;
1201 bpf_u_int32 mask;
1202 int proto;
1203 int dir;
1204 {
1205 struct block *b0, *b1;
1206
1207 switch (proto) {
1208
1209 case Q_DEFAULT:
1210 b0 = gen_host(addr, mask, Q_IP, dir);
1211 if (off_linktype != -1) {
1212 b1 = gen_host(addr, mask, Q_ARP, dir);
1213 gen_or(b0, b1);
1214 b0 = gen_host(addr, mask, Q_RARP, dir);
1215 gen_or(b1, b0);
1216 }
1217 return b0;
1218
1219 case Q_IP:
1220 return gen_hostop(addr, mask, dir, ETHERTYPE_IP,
1221 off_nl + 12, off_nl + 16);
1222
1223 case Q_RARP:
1224 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP,
1225 off_nl + 14, off_nl + 24);
1226
1227 case Q_ARP:
1228 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP,
1229 off_nl + 14, off_nl + 24);
1230
1231 case Q_TCP:
1232 bpf_error("'tcp' modifier applied to host");
1233
1234 case Q_UDP:
1235 bpf_error("'udp' modifier applied to host");
1236
1237 case Q_ICMP:
1238 bpf_error("'icmp' modifier applied to host");
1239
1240 case Q_IGMP:
1241 bpf_error("'igmp' modifier applied to host");
1242
1243 case Q_IGRP:
1244 bpf_error("'igrp' modifier applied to host");
1245
1246 case Q_PIM:
1247 bpf_error("'pim' modifier applied to host");
1248
1249 case Q_ATALK:
1250 bpf_error("ATALK host filtering not implemented");
1251
1252 case Q_AARP:
1253 bpf_error("AARP host filtering not implemented");
1254
1255 case Q_DECNET:
1256 return gen_dnhostop(addr, dir, off_nl);
1257
1258 case Q_SCA:
1259 bpf_error("SCA host filtering not implemented");
1260
1261 case Q_LAT:
1262 bpf_error("LAT host filtering not implemented");
1263
1264 case Q_MOPDL:
1265 bpf_error("MOPDL host filtering not implemented");
1266
1267 case Q_MOPRC:
1268 bpf_error("MOPRC host filtering not implemented");
1269
1270 #ifdef INET6
1271 case Q_IPV6:
1272 bpf_error("'ip6' modifier applied to ip host");
1273
1274 case Q_ICMPV6:
1275 bpf_error("'icmp6' modifier applied to host");
1276 #endif /* INET6 */
1277
1278 case Q_AH:
1279 bpf_error("'ah' modifier applied to host");
1280
1281 case Q_ESP:
1282 bpf_error("'esp' modifier applied to host");
1283
1284 case Q_ISO:
1285 bpf_error("ISO host filtering not implemented");
1286
1287 case Q_ESIS:
1288 bpf_error("'esis' modifier applied to host");
1289
1290 case Q_ISIS:
1291 bpf_error("'isis' modifier applied to host");
1292
1293 default:
1294 abort();
1295 }
1296 /* NOTREACHED */
1297 }
1298
1299 #ifdef INET6
1300 static struct block *
1301 gen_host6(addr, mask, proto, dir)
1302 struct in6_addr *addr;
1303 struct in6_addr *mask;
1304 int proto;
1305 int dir;
1306 {
1307 switch (proto) {
1308
1309 case Q_DEFAULT:
1310 return gen_host6(addr, mask, Q_IPV6, dir);
1311
1312 case Q_IP:
1313 bpf_error("'ip' modifier applied to ip6 host");
1314
1315 case Q_RARP:
1316 bpf_error("'rarp' modifier applied to ip6 host");
1317
1318 case Q_ARP:
1319 bpf_error("'arp' modifier applied to ip6 host");
1320
1321 case Q_TCP:
1322 bpf_error("'tcp' modifier applied to host");
1323
1324 case Q_UDP:
1325 bpf_error("'udp' modifier applied to host");
1326
1327 case Q_ICMP:
1328 bpf_error("'icmp' modifier applied to host");
1329
1330 case Q_IGMP:
1331 bpf_error("'igmp' modifier applied to host");
1332
1333 case Q_IGRP:
1334 bpf_error("'igrp' modifier applied to host");
1335
1336 case Q_PIM:
1337 bpf_error("'pim' modifier applied to host");
1338
1339 case Q_ATALK:
1340 bpf_error("ATALK host filtering not implemented");
1341
1342 case Q_AARP:
1343 bpf_error("AARP host filtering not implemented");
1344
1345 case Q_DECNET:
1346 bpf_error("'decnet' modifier applied to ip6 host");
1347
1348 case Q_SCA:
1349 bpf_error("SCA host filtering not implemented");
1350
1351 case Q_LAT:
1352 bpf_error("LAT host filtering not implemented");
1353
1354 case Q_MOPDL:
1355 bpf_error("MOPDL host filtering not implemented");
1356
1357 case Q_MOPRC:
1358 bpf_error("MOPRC host filtering not implemented");
1359
1360 case Q_IPV6:
1361 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6,
1362 off_nl + 8, off_nl + 24);
1363
1364 case Q_ICMPV6:
1365 bpf_error("'icmp6' modifier applied to host");
1366
1367 case Q_AH:
1368 bpf_error("'ah' modifier applied to host");
1369
1370 case Q_ESP:
1371 bpf_error("'esp' modifier applied to host");
1372
1373 case Q_ISO:
1374 bpf_error("ISO host filtering not implemented");
1375
1376 case Q_ESIS:
1377 bpf_error("'esis' modifier applied to host");
1378
1379 case Q_ISIS:
1380 bpf_error("'isis' modifier applied to host");
1381
1382 default:
1383 abort();
1384 }
1385 /* NOTREACHED */
1386 }
1387 #endif /*INET6*/
1388
1389 #ifndef INET6
1390 static struct block *
1391 gen_gateway(eaddr, alist, proto, dir)
1392 const u_char *eaddr;
1393 bpf_u_int32 **alist;
1394 int proto;
1395 int dir;
1396 {
1397 struct block *b0, *b1, *tmp;
1398
1399 if (dir != 0)
1400 bpf_error("direction applied to 'gateway'");
1401
1402 switch (proto) {
1403 case Q_DEFAULT:
1404 case Q_IP:
1405 case Q_ARP:
1406 case Q_RARP:
1407 if (linktype == DLT_EN10MB)
1408 b0 = gen_ehostop(eaddr, Q_OR);
1409 else if (linktype == DLT_FDDI)
1410 b0 = gen_fhostop(eaddr, Q_OR);
1411 else if (linktype == DLT_IEEE802)
1412 b0 = gen_thostop(eaddr, Q_OR);
1413 else
1414 bpf_error(
1415 "'gateway' supported only on ethernet, FDDI or token ring");
1416
1417 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR);
1418 while (*alist) {
1419 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR);
1420 gen_or(b1, tmp);
1421 b1 = tmp;
1422 }
1423 gen_not(b1);
1424 gen_and(b0, b1);
1425 return b1;
1426 }
1427 bpf_error("illegal modifier of 'gateway'");
1428 /* NOTREACHED */
1429 }
1430 #endif
1431
1432 struct block *
1433 gen_proto_abbrev(proto)
1434 int proto;
1435 {
1436 #ifdef INET6
1437 struct block *b0;
1438 #endif
1439 struct block *b1;
1440
1441 switch (proto) {
1442
1443 case Q_TCP:
1444 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT);
1445 #ifdef INET6
1446 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT);
1447 gen_or(b0, b1);
1448 #endif
1449 break;
1450
1451 case Q_UDP:
1452 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT);
1453 #ifdef INET6
1454 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT);
1455 gen_or(b0, b1);
1456 #endif
1457 break;
1458
1459 case Q_ICMP:
1460 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT);
1461 break;
1462
1463 #ifndef IPPROTO_IGMP
1464 #define IPPROTO_IGMP 2
1465 #endif
1466
1467 case Q_IGMP:
1468 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT);
1469 break;
1470
1471 #ifndef IPPROTO_IGRP
1472 #define IPPROTO_IGRP 9
1473 #endif
1474 case Q_IGRP:
1475 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT);
1476 break;
1477
1478 #ifndef IPPROTO_PIM
1479 #define IPPROTO_PIM 103
1480 #endif
1481
1482 case Q_PIM:
1483 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT);
1484 #ifdef INET6
1485 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT);
1486 gen_or(b0, b1);
1487 #endif
1488 break;
1489
1490 case Q_IP:
1491 b1 = gen_linktype(ETHERTYPE_IP);
1492 break;
1493
1494 case Q_ARP:
1495 b1 = gen_linktype(ETHERTYPE_ARP);
1496 break;
1497
1498 case Q_RARP:
1499 b1 = gen_linktype(ETHERTYPE_REVARP);
1500 break;
1501
1502 case Q_LINK:
1503 bpf_error("link layer applied in wrong context");
1504
1505 case Q_ATALK:
1506 b1 = gen_linktype(ETHERTYPE_ATALK);
1507 break;
1508
1509 case Q_AARP:
1510 b1 = gen_linktype(ETHERTYPE_AARP);
1511 break;
1512
1513 case Q_DECNET:
1514 b1 = gen_linktype(ETHERTYPE_DN);
1515 break;
1516
1517 case Q_SCA:
1518 b1 = gen_linktype(ETHERTYPE_SCA);
1519 break;
1520
1521 case Q_LAT:
1522 b1 = gen_linktype(ETHERTYPE_LAT);
1523 break;
1524
1525 case Q_MOPDL:
1526 b1 = gen_linktype(ETHERTYPE_MOPDL);
1527 break;
1528
1529 case Q_MOPRC:
1530 b1 = gen_linktype(ETHERTYPE_MOPRC);
1531 break;
1532
1533 #ifdef INET6
1534 case Q_IPV6:
1535 b1 = gen_linktype(ETHERTYPE_IPV6);
1536 break;
1537
1538 #ifndef IPPROTO_ICMPV6
1539 #define IPPROTO_ICMPV6 58
1540 #endif
1541 case Q_ICMPV6:
1542 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT);
1543 break;
1544 #endif /* INET6 */
1545
1546 #ifndef IPPROTO_AH
1547 #define IPPROTO_AH 51
1548 #endif
1549 case Q_AH:
1550 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT);
1551 #ifdef INET6
1552 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT);
1553 gen_or(b0, b1);
1554 #endif
1555 break;
1556
1557 #ifndef IPPROTO_ESP
1558 #define IPPROTO_ESP 50
1559 #endif
1560 case Q_ESP:
1561 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT);
1562 #ifdef INET6
1563 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT);
1564 gen_or(b0, b1);
1565 #endif
1566 break;
1567
1568 case Q_ISO:
1569 b1 = gen_linktype(LLC_ISO_LSAP);
1570 break;
1571
1572 case Q_ESIS:
1573 b1 = gen_proto(ISO9542_ESIS, Q_ISO, Q_DEFAULT);
1574 break;
1575
1576 case Q_ISIS:
1577 b1 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT);
1578 break;
1579
1580 default:
1581 abort();
1582 }
1583 return b1;
1584 }
1585
1586 static struct block *
1587 gen_ipfrag()
1588 {
1589 struct slist *s;
1590 struct block *b;
1591
1592 /* not ip frag */
1593 s = new_stmt(BPF_LD|BPF_H|BPF_ABS);
1594 s->s.k = off_nl + 6;
1595 b = new_block(JMP(BPF_JSET));
1596 b->s.k = 0x1fff;
1597 b->stmts = s;
1598 gen_not(b);
1599
1600 return b;
1601 }
1602
1603 static struct block *
1604 gen_portatom(off, v)
1605 int off;
1606 bpf_int32 v;
1607 {
1608 struct slist *s;
1609 struct block *b;
1610
1611 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
1612 s->s.k = off_nl;
1613
1614 s->next = new_stmt(BPF_LD|BPF_IND|BPF_H);
1615 s->next->s.k = off_nl + off;
1616
1617 b = new_block(JMP(BPF_JEQ));
1618 b->stmts = s;
1619 b->s.k = v;
1620
1621 return b;
1622 }
1623
1624 #ifdef INET6
1625 static struct block *
1626 gen_portatom6(off, v)
1627 int off;
1628 bpf_int32 v;
1629 {
1630 return gen_cmp(off_nl + 40 + off, BPF_H, v);
1631 }
1632 #endif/*INET6*/
1633
1634 struct block *
1635 gen_portop(port, proto, dir)
1636 int port, proto, dir;
1637 {
1638 struct block *b0, *b1, *tmp;
1639
1640 /* ip proto 'proto' */
1641 tmp = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)proto);
1642 b0 = gen_ipfrag();
1643 gen_and(tmp, b0);
1644
1645 switch (dir) {
1646 case Q_SRC:
1647 b1 = gen_portatom(0, (bpf_int32)port);
1648 break;
1649
1650 case Q_DST:
1651 b1 = gen_portatom(2, (bpf_int32)port);
1652 break;
1653
1654 case Q_OR:
1655 case Q_DEFAULT:
1656 tmp = gen_portatom(0, (bpf_int32)port);
1657 b1 = gen_portatom(2, (bpf_int32)port);
1658 gen_or(tmp, b1);
1659 break;
1660
1661 case Q_AND:
1662 tmp = gen_portatom(0, (bpf_int32)port);
1663 b1 = gen_portatom(2, (bpf_int32)port);
1664 gen_and(tmp, b1);
1665 break;
1666
1667 default:
1668 abort();
1669 }
1670 gen_and(b0, b1);
1671
1672 return b1;
1673 }
1674
1675 static struct block *
1676 gen_port(port, ip_proto, dir)
1677 int port;
1678 int ip_proto;
1679 int dir;
1680 {
1681 struct block *b0, *b1, *tmp;
1682
1683 /* ether proto ip */
1684 b0 = gen_linktype(ETHERTYPE_IP);
1685
1686 switch (ip_proto) {
1687 case IPPROTO_UDP:
1688 case IPPROTO_TCP:
1689 b1 = gen_portop(port, ip_proto, dir);
1690 break;
1691
1692 case PROTO_UNDEF:
1693 tmp = gen_portop(port, IPPROTO_TCP, dir);
1694 b1 = gen_portop(port, IPPROTO_UDP, dir);
1695 gen_or(tmp, b1);
1696 break;
1697
1698 default:
1699 abort();
1700 }
1701 gen_and(b0, b1);
1702 return b1;
1703 }
1704
1705 #ifdef INET6
1706 struct block *
1707 gen_portop6(port, proto, dir)
1708 int port, proto, dir;
1709 {
1710 struct block *b0, *b1, *tmp;
1711
1712 /* ip proto 'proto' */
1713 b0 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)proto);
1714
1715 switch (dir) {
1716 case Q_SRC:
1717 b1 = gen_portatom6(0, (bpf_int32)port);
1718 break;
1719
1720 case Q_DST:
1721 b1 = gen_portatom6(2, (bpf_int32)port);
1722 break;
1723
1724 case Q_OR:
1725 case Q_DEFAULT:
1726 tmp = gen_portatom6(0, (bpf_int32)port);
1727 b1 = gen_portatom6(2, (bpf_int32)port);
1728 gen_or(tmp, b1);
1729 break;
1730
1731 case Q_AND:
1732 tmp = gen_portatom6(0, (bpf_int32)port);
1733 b1 = gen_portatom6(2, (bpf_int32)port);
1734 gen_and(tmp, b1);
1735 break;
1736
1737 default:
1738 abort();
1739 }
1740 gen_and(b0, b1);
1741
1742 return b1;
1743 }
1744
1745 static struct block *
1746 gen_port6(port, ip_proto, dir)
1747 int port;
1748 int ip_proto;
1749 int dir;
1750 {
1751 struct block *b0, *b1, *tmp;
1752
1753 /* ether proto ip */
1754 b0 = gen_linktype(ETHERTYPE_IPV6);
1755
1756 switch (ip_proto) {
1757 case IPPROTO_UDP:
1758 case IPPROTO_TCP:
1759 b1 = gen_portop6(port, ip_proto, dir);
1760 break;
1761
1762 case PROTO_UNDEF:
1763 tmp = gen_portop6(port, IPPROTO_TCP, dir);
1764 b1 = gen_portop6(port, IPPROTO_UDP, dir);
1765 gen_or(tmp, b1);
1766 break;
1767
1768 default:
1769 abort();
1770 }
1771 gen_and(b0, b1);
1772 return b1;
1773 }
1774 #endif /* INET6 */
1775
1776 static int
1777 lookup_proto(name, proto)
1778 register const char *name;
1779 register int proto;
1780 {
1781 register int v;
1782
1783 switch (proto) {
1784
1785 case Q_DEFAULT:
1786 case Q_IP:
1787 v = pcap_nametoproto(name);
1788 if (v == PROTO_UNDEF)
1789 bpf_error("unknown ip proto '%s'", name);
1790 break;
1791
1792 case Q_LINK:
1793 /* XXX should look up h/w protocol type based on linktype */
1794 v = pcap_nametoeproto(name);
1795 if (v == PROTO_UNDEF)
1796 bpf_error("unknown ether proto '%s'", name);
1797 break;
1798
1799 default:
1800 v = PROTO_UNDEF;
1801 break;
1802 }
1803 return v;
1804 }
1805
1806 #if 0
1807 struct stmt *
1808 gen_joinsp(s, n)
1809 struct stmt **s;
1810 int n;
1811 {
1812 return NULL;
1813 }
1814 #endif
1815
1816 static struct block *
1817 gen_protochain(v, proto, dir)
1818 int v;
1819 int proto;
1820 int dir;
1821 {
1822 #ifdef NO_PROTOCHAIN
1823 return gen_proto(v, proto, dir);
1824 #else
1825 struct block *b0, *b;
1826 struct slist *s[100];
1827 int fix2, fix3, fix4, fix5;
1828 int ahcheck, again, end;
1829 int i, max;
1830 int reg1 = alloc_reg();
1831 int reg2 = alloc_reg();
1832
1833 memset(s, 0, sizeof(s));
1834 fix2 = fix3 = fix4 = fix5 = 0;
1835
1836 switch (proto) {
1837 case Q_IP:
1838 case Q_IPV6:
1839 break;
1840 case Q_DEFAULT:
1841 b0 = gen_protochain(v, Q_IP, dir);
1842 b = gen_protochain(v, Q_IPV6, dir);
1843 gen_or(b0, b);
1844 return b;
1845 default:
1846 bpf_error("bad protocol applied for 'protochain'");
1847 /*NOTREACHED*/
1848 }
1849
1850 no_optimize = 1; /*this code is not compatible with optimzer yet */
1851
1852 /*
1853 * s[0] is a dummy entry to protect other BPF insn from damaged
1854 * by s[fix] = foo with uninitialized variable "fix". It is somewhat
1855 * hard to find interdependency made by jump table fixup.
1856 */
1857 i = 0;
1858 s[i] = new_stmt(0); /*dummy*/
1859 i++;
1860
1861 switch (proto) {
1862 case Q_IP:
1863 b0 = gen_linktype(ETHERTYPE_IP);
1864
1865 /* A = ip->ip_p */
1866 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
1867 s[i]->s.k = off_nl + 9;
1868 i++;
1869 /* X = ip->ip_hl << 2 */
1870 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
1871 s[i]->s.k = off_nl;
1872 i++;
1873 break;
1874 #ifdef INET6
1875 case Q_IPV6:
1876 b0 = gen_linktype(ETHERTYPE_IPV6);
1877
1878 /* A = ip6->ip_nxt */
1879 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
1880 s[i]->s.k = off_nl + 6;
1881 i++;
1882 /* X = sizeof(struct ip6_hdr) */
1883 s[i] = new_stmt(BPF_LDX|BPF_IMM);
1884 s[i]->s.k = 40;
1885 i++;
1886 break;
1887 #endif
1888 default:
1889 bpf_error("unsupported proto to gen_protochain");
1890 /*NOTREACHED*/
1891 }
1892
1893 /* again: if (A == v) goto end; else fall through; */
1894 again = i;
1895 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
1896 s[i]->s.k = v;
1897 s[i]->s.jt = NULL; /*later*/
1898 s[i]->s.jf = NULL; /*update in next stmt*/
1899 fix5 = i;
1900 i++;
1901
1902 #ifndef IPPROTO_NONE
1903 #define IPPROTO_NONE 59
1904 #endif
1905 /* if (A == IPPROTO_NONE) goto end */
1906 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
1907 s[i]->s.jt = NULL; /*later*/
1908 s[i]->s.jf = NULL; /*update in next stmt*/
1909 s[i]->s.k = IPPROTO_NONE;
1910 s[fix5]->s.jf = s[i];
1911 fix2 = i;
1912 i++;
1913
1914 #ifdef INET6
1915 if (proto == Q_IPV6) {
1916 int v6start, v6end, v6advance, j;
1917
1918 v6start = i;
1919 /* if (A == IPPROTO_HOPOPTS) goto v6advance */
1920 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
1921 s[i]->s.jt = NULL; /*later*/
1922 s[i]->s.jf = NULL; /*update in next stmt*/
1923 s[i]->s.k = IPPROTO_HOPOPTS;
1924 s[fix2]->s.jf = s[i];
1925 i++;
1926 /* if (A == IPPROTO_DSTOPTS) goto v6advance */
1927 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
1928 s[i]->s.jt = NULL; /*later*/
1929 s[i]->s.jf = NULL; /*update in next stmt*/
1930 s[i]->s.k = IPPROTO_DSTOPTS;
1931 i++;
1932 /* if (A == IPPROTO_ROUTING) goto v6advance */
1933 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
1934 s[i]->s.jt = NULL; /*later*/
1935 s[i]->s.jf = NULL; /*update in next stmt*/
1936 s[i]->s.k = IPPROTO_ROUTING;
1937 i++;
1938 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */
1939 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
1940 s[i]->s.jt = NULL; /*later*/
1941 s[i]->s.jf = NULL; /*later*/
1942 s[i]->s.k = IPPROTO_FRAGMENT;
1943 fix3 = i;
1944 v6end = i;
1945 i++;
1946
1947 /* v6advance: */
1948 v6advance = i;
1949
1950 /*
1951 * in short,
1952 * A = P[X + 1];
1953 * X = X + (P[X] + 1) * 8;
1954 */
1955 /* A = X */
1956 s[i] = new_stmt(BPF_MISC|BPF_TXA);
1957 i++;
1958 /* MEM[reg1] = A */
1959 s[i] = new_stmt(BPF_ST);
1960 s[i]->s.k = reg1;
1961 i++;
1962 /* A += 1 */
1963 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
1964 s[i]->s.k = 1;
1965 i++;
1966 /* X = A */
1967 s[i] = new_stmt(BPF_MISC|BPF_TAX);
1968 i++;
1969 /* A = P[X + packet head]; */
1970 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
1971 s[i]->s.k = off_nl;
1972 i++;
1973 /* MEM[reg2] = A */
1974 s[i] = new_stmt(BPF_ST);
1975 s[i]->s.k = reg2;
1976 i++;
1977 /* X = MEM[reg1] */
1978 s[i] = new_stmt(BPF_LDX|BPF_MEM);
1979 s[i]->s.k = reg1;
1980 i++;
1981 /* A = P[X + packet head] */
1982 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
1983 s[i]->s.k = off_nl;
1984 i++;
1985 /* A += 1 */
1986 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
1987 s[i]->s.k = 1;
1988 i++;
1989 /* A *= 8 */
1990 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
1991 s[i]->s.k = 8;
1992 i++;
1993 /* X = A; */
1994 s[i] = new_stmt(BPF_MISC|BPF_TAX);
1995 i++;
1996 /* A = MEM[reg2] */
1997 s[i] = new_stmt(BPF_LD|BPF_MEM);
1998 s[i]->s.k = reg2;
1999 i++;
2000
2001 /* goto again; (must use BPF_JA for backward jump) */
2002 s[i] = new_stmt(BPF_JMP|BPF_JA);
2003 s[i]->s.k = again - i - 1;
2004 s[i - 1]->s.jf = s[i];
2005 i++;
2006
2007 /* fixup */
2008 for (j = v6start; j <= v6end; j++)
2009 s[j]->s.jt = s[v6advance];
2010 } else
2011 #endif
2012 {
2013 /* nop */
2014 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2015 s[i]->s.k = 0;
2016 s[fix2]->s.jf = s[i];
2017 i++;
2018 }
2019
2020 /* ahcheck: */
2021 ahcheck = i;
2022 /* if (A == IPPROTO_AH) then fall through; else goto end; */
2023 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2024 s[i]->s.jt = NULL; /*later*/
2025 s[i]->s.jf = NULL; /*later*/
2026 s[i]->s.k = IPPROTO_AH;
2027 if (fix3)
2028 s[fix3]->s.jf = s[ahcheck];
2029 fix4 = i;
2030 i++;
2031
2032 /*
2033 * in short,
2034 * A = P[X + 1];
2035 * X = X + (P[X] + 2) * 4;
2036 */
2037 /* A = X */
2038 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
2039 i++;
2040 /* MEM[reg1] = A */
2041 s[i] = new_stmt(BPF_ST);
2042 s[i]->s.k = reg1;
2043 i++;
2044 /* A += 1 */
2045 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2046 s[i]->s.k = 1;
2047 i++;
2048 /* X = A */
2049 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2050 i++;
2051 /* A = P[X + packet head]; */
2052 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2053 s[i]->s.k = off_nl;
2054 i++;
2055 /* MEM[reg2] = A */
2056 s[i] = new_stmt(BPF_ST);
2057 s[i]->s.k = reg2;
2058 i++;
2059 /* X = MEM[reg1] */
2060 s[i] = new_stmt(BPF_LDX|BPF_MEM);
2061 s[i]->s.k = reg1;
2062 i++;
2063 /* A = P[X + packet head] */
2064 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2065 s[i]->s.k = off_nl;
2066 i++;
2067 /* A += 2 */
2068 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2069 s[i]->s.k = 2;
2070 i++;
2071 /* A *= 4 */
2072 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
2073 s[i]->s.k = 4;
2074 i++;
2075 /* X = A; */
2076 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2077 i++;
2078 /* A = MEM[reg2] */
2079 s[i] = new_stmt(BPF_LD|BPF_MEM);
2080 s[i]->s.k = reg2;
2081 i++;
2082
2083 /* goto again; (must use BPF_JA for backward jump) */
2084 s[i] = new_stmt(BPF_JMP|BPF_JA);
2085 s[i]->s.k = again - i - 1;
2086 i++;
2087
2088 /* end: nop */
2089 end = i;
2090 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2091 s[i]->s.k = 0;
2092 s[fix2]->s.jt = s[end];
2093 s[fix4]->s.jf = s[end];
2094 s[fix5]->s.jt = s[end];
2095 i++;
2096
2097 /*
2098 * make slist chain
2099 */
2100 max = i;
2101 for (i = 0; i < max - 1; i++)
2102 s[i]->next = s[i + 1];
2103 s[max - 1]->next = NULL;
2104
2105 /*
2106 * emit final check
2107 */
2108 b = new_block(JMP(BPF_JEQ));
2109 b->stmts = s[1]; /*remember, s[0] is dummy*/
2110 b->s.k = v;
2111
2112 free_reg(reg1);
2113 free_reg(reg2);
2114
2115 gen_and(b0, b);
2116 return b;
2117 #endif
2118 }
2119
2120 static struct block *
2121 gen_proto(v, proto, dir)
2122 int v;
2123 int proto;
2124 int dir;
2125 {
2126 struct block *b0, *b1;
2127
2128 if (dir != Q_DEFAULT)
2129 bpf_error("direction applied to 'proto'");
2130
2131 switch (proto) {
2132 case Q_DEFAULT:
2133 #ifdef INET6
2134 b0 = gen_proto(v, Q_IP, dir);
2135 b1 = gen_proto(v, Q_IPV6, dir);
2136 gen_or(b0, b1);
2137 return b1;
2138 #else
2139 /*FALLTHROUGH*/
2140 #endif
2141 case Q_IP:
2142 b0 = gen_linktype(ETHERTYPE_IP);
2143 #ifndef CHASE_CHAIN
2144 b1 = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)v);
2145 #else
2146 b1 = gen_protochain(v, Q_IP);
2147 #endif
2148 gen_and(b0, b1);
2149 return b1;
2150
2151 case Q_ISO:
2152 b0 = gen_linktype(LLC_ISO_LSAP);
2153 b1 = gen_cmp(off_nl + 3, BPF_B, (long)v);
2154 gen_and(b0, b1);
2155 return b1;
2156
2157 case Q_ARP:
2158 bpf_error("arp does not encapsulate another protocol");
2159 /* NOTREACHED */
2160
2161 case Q_RARP:
2162 bpf_error("rarp does not encapsulate another protocol");
2163 /* NOTREACHED */
2164
2165 case Q_ATALK:
2166 bpf_error("atalk encapsulation is not specifiable");
2167 /* NOTREACHED */
2168
2169 case Q_DECNET:
2170 bpf_error("decnet encapsulation is not specifiable");
2171 /* NOTREACHED */
2172
2173 case Q_SCA:
2174 bpf_error("sca does not encapsulate another protocol");
2175 /* NOTREACHED */
2176
2177 case Q_LAT:
2178 bpf_error("lat does not encapsulate another protocol");
2179 /* NOTREACHED */
2180
2181 case Q_MOPRC:
2182 bpf_error("moprc does not encapsulate another protocol");
2183 /* NOTREACHED */
2184
2185 case Q_MOPDL:
2186 bpf_error("mopdl does not encapsulate another protocol");
2187 /* NOTREACHED */
2188
2189 case Q_LINK:
2190 return gen_linktype(v);
2191
2192 case Q_UDP:
2193 bpf_error("'udp proto' is bogus");
2194 /* NOTREACHED */
2195
2196 case Q_TCP:
2197 bpf_error("'tcp proto' is bogus");
2198 /* NOTREACHED */
2199
2200 case Q_ICMP:
2201 bpf_error("'icmp proto' is bogus");
2202 /* NOTREACHED */
2203
2204 case Q_IGMP:
2205 bpf_error("'igmp proto' is bogus");
2206 /* NOTREACHED */
2207
2208 case Q_IGRP:
2209 bpf_error("'igrp proto' is bogus");
2210 /* NOTREACHED */
2211
2212 case Q_PIM:
2213 bpf_error("'pim proto' is bogus");
2214 /* NOTREACHED */
2215
2216 #ifdef INET6
2217 case Q_IPV6:
2218 b0 = gen_linktype(ETHERTYPE_IPV6);
2219 #ifndef CHASE_CHAIN
2220 b1 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)v);
2221 #else
2222 b1 = gen_protochain(v, Q_IPV6);
2223 #endif
2224 gen_and(b0, b1);
2225 return b1;
2226
2227 case Q_ICMPV6:
2228 bpf_error("'icmp6 proto' is bogus");
2229 #endif /* INET6 */
2230
2231 case Q_AH:
2232 bpf_error("'ah proto' is bogus");
2233
2234 case Q_ESP:
2235 bpf_error("'ah proto' is bogus");
2236
2237 default:
2238 abort();
2239 /* NOTREACHED */
2240 }
2241 /* NOTREACHED */
2242 }
2243
2244 struct block *
2245 gen_scode(name, q)
2246 register const char *name;
2247 struct qual q;
2248 {
2249 int proto = q.proto;
2250 int dir = q.dir;
2251 int tproto;
2252 u_char *eaddr;
2253 bpf_u_int32 mask, addr;
2254 #ifndef INET6
2255 bpf_u_int32 **alist;
2256 #else
2257 int tproto6;
2258 struct sockaddr_in *sin;
2259 struct sockaddr_in6 *sin6;
2260 struct addrinfo *res, *res0;
2261 struct in6_addr mask128;
2262 #endif /*INET6*/
2263 struct block *b, *tmp;
2264 int port, real_proto;
2265
2266 switch (q.addr) {
2267
2268 case Q_NET:
2269 addr = pcap_nametonetaddr(name);
2270 if (addr == 0)
2271 bpf_error("unknown network '%s'", name);
2272 /* Left justify network addr and calculate its network mask */
2273 mask = 0xffffffff;
2274 while (addr && (addr & 0xff000000) == 0) {
2275 addr <<= 8;
2276 mask <<= 8;
2277 }
2278 return gen_host(addr, mask, proto, dir);
2279
2280 case Q_DEFAULT:
2281 case Q_HOST:
2282 if (proto == Q_LINK) {
2283 switch (linktype) {
2284
2285 case DLT_EN10MB:
2286 eaddr = pcap_ether_hostton(name);
2287 if (eaddr == NULL)
2288 bpf_error(
2289 "unknown ether host '%s'", name);
2290 return gen_ehostop(eaddr, dir);
2291
2292 case DLT_FDDI:
2293 eaddr = pcap_ether_hostton(name);
2294 if (eaddr == NULL)
2295 bpf_error(
2296 "unknown FDDI host '%s'", name);
2297 return gen_fhostop(eaddr, dir);
2298
2299 case DLT_IEEE802:
2300 eaddr = pcap_ether_hostton(name);
2301 if (eaddr == NULL)
2302 bpf_error(
2303 "unknown token ring host '%s'", name);
2304 return gen_thostop(eaddr, dir);
2305
2306 default:
2307 bpf_error(
2308 "only ethernet/FDDI/token ring supports link-level host name");
2309 break;
2310 }
2311 } else if (proto == Q_DECNET) {
2312 unsigned short dn_addr = __pcap_nametodnaddr(name);
2313 /*
2314 * I don't think DECNET hosts can be multihomed, so
2315 * there is no need to build up a list of addresses
2316 */
2317 return (gen_host(dn_addr, 0, proto, dir));
2318 } else {
2319 #ifndef INET6
2320 alist = pcap_nametoaddr(name);
2321 if (alist == NULL || *alist == NULL)
2322 bpf_error("unknown host '%s'", name);
2323 tproto = proto;
2324 if (off_linktype == -1 && tproto == Q_DEFAULT)
2325 tproto = Q_IP;
2326 b = gen_host(**alist++, 0xffffffff, tproto, dir);
2327 while (*alist) {
2328 tmp = gen_host(**alist++, 0xffffffff,
2329 tproto, dir);
2330 gen_or(b, tmp);
2331 b = tmp;
2332 }
2333 return b;
2334 #else
2335 memset(&mask128, 0xff, sizeof(mask128));
2336 res0 = res = pcap_nametoaddrinfo(name);
2337 if (res == NULL)
2338 bpf_error("unknown host '%s'", name);
2339 b = tmp = NULL;
2340 tproto = tproto6 = proto;
2341 if (off_linktype == -1 && tproto == Q_DEFAULT) {
2342 tproto = Q_IP;
2343 tproto6 = Q_IPV6;
2344 }
2345 for (res = res0; res; res = res->ai_next) {
2346 switch (res->ai_family) {
2347 case AF_INET:
2348 if (tproto == Q_IPV6)
2349 continue;
2350
2351 sin = (struct sockaddr_in *)
2352 res->ai_addr;
2353 tmp = gen_host(ntohl(sin->sin_addr.s_addr),
2354 0xffffffff, tproto, dir);
2355 break;
2356 case AF_INET6:
2357 if (tproto6 == Q_IP)
2358 continue;
2359
2360 sin6 = (struct sockaddr_in6 *)
2361 res->ai_addr;
2362 tmp = gen_host6(&sin6->sin6_addr,
2363 &mask128, tproto6, dir);
2364 break;
2365 }
2366 if (b)
2367 gen_or(b, tmp);
2368 b = tmp;
2369 }
2370 freeaddrinfo(res0);
2371 if (b == NULL) {
2372 bpf_error("unknown host '%s'%s", name,
2373 (proto == Q_DEFAULT)
2374 ? ""
2375 : " for specified address family");
2376 }
2377 return b;
2378 #endif /*INET6*/
2379 }
2380
2381 case Q_PORT:
2382 if (proto != Q_DEFAULT && proto != Q_UDP && proto != Q_TCP)
2383 bpf_error("illegal qualifier of 'port'");
2384 if (pcap_nametoport(name, &port, &real_proto) == 0)
2385 bpf_error("unknown port '%s'", name);
2386 if (proto == Q_UDP) {
2387 if (real_proto == IPPROTO_TCP)
2388 bpf_error("port '%s' is tcp", name);
2389 else
2390 /* override PROTO_UNDEF */
2391 real_proto = IPPROTO_UDP;
2392 }
2393 if (proto == Q_TCP) {
2394 if (real_proto == IPPROTO_UDP)
2395 bpf_error("port '%s' is udp", name);
2396 else
2397 /* override PROTO_UNDEF */
2398 real_proto = IPPROTO_TCP;
2399 }
2400 #ifndef INET6
2401 return gen_port(port, real_proto, dir);
2402 #else
2403 {
2404 struct block *b;
2405 b = gen_port(port, real_proto, dir);
2406 gen_or(gen_port6(port, real_proto, dir), b);
2407 return b;
2408 }
2409 #endif /* INET6 */
2410
2411 case Q_GATEWAY:
2412 #ifndef INET6
2413 eaddr = pcap_ether_hostton(name);
2414 if (eaddr == NULL)
2415 bpf_error("unknown ether host: %s", name);
2416
2417 alist = pcap_nametoaddr(name);
2418 if (alist == NULL || *alist == NULL)
2419 bpf_error("unknown host '%s'", name);
2420 return gen_gateway(eaddr, alist, proto, dir);
2421 #else
2422 bpf_error("'gateway' not supported in this configuration");
2423 #endif /*INET6*/
2424
2425 case Q_PROTO:
2426 real_proto = lookup_proto(name, proto);
2427 if (real_proto >= 0)
2428 return gen_proto(real_proto, proto, dir);
2429 else
2430 bpf_error("unknown protocol: %s", name);
2431
2432 case Q_PROTOCHAIN:
2433 real_proto = lookup_proto(name, proto);
2434 if (real_proto >= 0)
2435 return gen_protochain(real_proto, proto, dir);
2436 else
2437 bpf_error("unknown protocol: %s", name);
2438
2439
2440 case Q_UNDEF:
2441 syntax();
2442 /* NOTREACHED */
2443 }
2444 abort();
2445 /* NOTREACHED */
2446 }
2447
2448 struct block *
2449 gen_mcode(s1, s2, masklen, q)
2450 register const char *s1, *s2;
2451 register int masklen;
2452 struct qual q;
2453 {
2454 register int nlen, mlen;
2455 bpf_u_int32 n, m;
2456
2457 nlen = __pcap_atoin(s1, &n);
2458 /* Promote short ipaddr */
2459 n <<= 32 - nlen;
2460
2461 if (s2 != NULL) {
2462 mlen = __pcap_atoin(s2, &m);
2463 /* Promote short ipaddr */
2464 m <<= 32 - mlen;
2465 if ((n & ~m) != 0)
2466 bpf_error("non-network bits set in \"%s mask %s\"",
2467 s1, s2);
2468 } else {
2469 /* Convert mask len to mask */
2470 if (masklen > 32)
2471 bpf_error("mask length must be <= 32");
2472 m = 0xffffffff << (32 - masklen);
2473 if ((n & ~m) != 0)
2474 bpf_error("non-network bits set in \"%s/%d\"",
2475 s1, masklen);
2476 }
2477
2478 switch (q.addr) {
2479
2480 case Q_NET:
2481 return gen_host(n, m, q.proto, q.dir);
2482
2483 default:
2484 bpf_error("Mask syntax for networks only");
2485 /* NOTREACHED */
2486 }
2487 }
2488
2489 struct block *
2490 gen_ncode(s, v, q)
2491 register const char *s;
2492 bpf_u_int32 v;
2493 struct qual q;
2494 {
2495 bpf_u_int32 mask;
2496 int proto = q.proto;
2497 int dir = q.dir;
2498 register int vlen;
2499
2500 if (s == NULL)
2501 vlen = 32;
2502 else if (q.proto == Q_DECNET)
2503 vlen = __pcap_atodn(s, &v);
2504 else
2505 vlen = __pcap_atoin(s, &v);
2506
2507 switch (q.addr) {
2508
2509 case Q_DEFAULT:
2510 case Q_HOST:
2511 case Q_NET:
2512 if (proto == Q_DECNET)
2513 return gen_host(v, 0, proto, dir);
2514 else if (proto == Q_LINK) {
2515 bpf_error("illegal link layer address");
2516 } else {
2517 mask = 0xffffffff;
2518 if (s == NULL && q.addr == Q_NET) {
2519 /* Promote short net number */
2520 while (v && (v & 0xff000000) == 0) {
2521 v <<= 8;
2522 mask <<= 8;
2523 }
2524 } else {
2525 /* Promote short ipaddr */
2526 v <<= 32 - vlen;
2527 mask <<= 32 - vlen;
2528 }
2529 return gen_host(v, mask, proto, dir);
2530 }
2531
2532 case Q_PORT:
2533 if (proto == Q_UDP)
2534 proto = IPPROTO_UDP;
2535 else if (proto == Q_TCP)
2536 proto = IPPROTO_TCP;
2537 else if (proto == Q_DEFAULT)
2538 proto = PROTO_UNDEF;
2539 else
2540 bpf_error("illegal qualifier of 'port'");
2541
2542 #ifndef INET6
2543 return gen_port((int)v, proto, dir);
2544 #else
2545 {
2546 struct block *b;
2547 b = gen_port((int)v, proto, dir);
2548 gen_or(gen_port6((int)v, proto, dir), b);
2549 return b;
2550 }
2551 #endif /* INET6 */
2552
2553 case Q_GATEWAY:
2554 bpf_error("'gateway' requires a name");
2555 /* NOTREACHED */
2556
2557 case Q_PROTO:
2558 return gen_proto((int)v, proto, dir);
2559
2560 case Q_PROTOCHAIN:
2561 return gen_protochain((int)v, proto, dir);
2562
2563 case Q_UNDEF:
2564 syntax();
2565 /* NOTREACHED */
2566
2567 default:
2568 abort();
2569 /* NOTREACHED */
2570 }
2571 /* NOTREACHED */
2572 }
2573
2574 #ifdef INET6
2575 struct block *
2576 gen_mcode6(s1, s2, masklen, q)
2577 register const char *s1, *s2;
2578 register int masklen;
2579 struct qual q;
2580 {
2581 struct addrinfo *res;
2582 struct in6_addr *addr;
2583 struct in6_addr mask;
2584 struct block *b;
2585 u_int32_t *a, *m;
2586
2587 if (s2)
2588 bpf_error("no mask %s supported", s2);
2589
2590 res = pcap_nametoaddrinfo(s1);
2591 if (!res)
2592 bpf_error("invalid ip6 address %s", s1);
2593 if (res->ai_next)
2594 bpf_error("%s resolved to multiple address", s1);
2595 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr;
2596
2597 if (sizeof(mask) * 8 < masklen)
2598 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8));
2599 memset(&mask, 0xff, masklen / 8);
2600 if (masklen % 8) {
2601 mask.s6_addr[masklen / 8] =
2602 (0xff << (8 - masklen % 8)) & 0xff;
2603 }
2604
2605 a = (u_int32_t *)addr;
2606 m = (u_int32_t *)&mask;
2607 if ((a[0] & ~m[0]) || (a[1] & ~m[1])
2608 || (a[2] & ~m[2]) || (a[3] & ~m[3])) {
2609 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen);
2610 }
2611
2612 switch (q.addr) {
2613
2614 case Q_DEFAULT:
2615 case Q_HOST:
2616 if (masklen != 128)
2617 bpf_error("Mask syntax for networks only");
2618 /* FALLTHROUGH */
2619
2620 case Q_NET:
2621 b = gen_host6(addr, &mask, q.proto, q.dir);
2622 freeaddrinfo(res);
2623 return b;
2624
2625 default:
2626 bpf_error("invalid qualifier against IPv6 address");
2627 /* NOTREACHED */
2628 }
2629 }
2630 #endif /*INET6*/
2631
2632 struct block *
2633 gen_ecode(eaddr, q)
2634 register const u_char *eaddr;
2635 struct qual q;
2636 {
2637 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
2638 if (linktype == DLT_EN10MB)
2639 return gen_ehostop(eaddr, (int)q.dir);
2640 if (linktype == DLT_FDDI)
2641 return gen_fhostop(eaddr, (int)q.dir);
2642 if (linktype == DLT_IEEE802)
2643 return gen_thostop(eaddr, (int)q.dir);
2644 }
2645 bpf_error("ethernet address used in non-ether expression");
2646 /* NOTREACHED */
2647 }
2648
2649 void
2650 sappend(s0, s1)
2651 struct slist *s0, *s1;
2652 {
2653 /*
2654 * This is definitely not the best way to do this, but the
2655 * lists will rarely get long.
2656 */
2657 while (s0->next)
2658 s0 = s0->next;
2659 s0->next = s1;
2660 }
2661
2662 static struct slist *
2663 xfer_to_x(a)
2664 struct arth *a;
2665 {
2666 struct slist *s;
2667
2668 s = new_stmt(BPF_LDX|BPF_MEM);
2669 s->s.k = a->regno;
2670 return s;
2671 }
2672
2673 static struct slist *
2674 xfer_to_a(a)
2675 struct arth *a;
2676 {
2677 struct slist *s;
2678
2679 s = new_stmt(BPF_LD|BPF_MEM);
2680 s->s.k = a->regno;
2681 return s;
2682 }
2683
2684 struct arth *
2685 gen_load(proto, index, size)
2686 int proto;
2687 struct arth *index;
2688 int size;
2689 {
2690 struct slist *s, *tmp;
2691 struct block *b;
2692 int regno = alloc_reg();
2693
2694 free_reg(index->regno);
2695 switch (size) {
2696
2697 default:
2698 bpf_error("data size must be 1, 2, or 4");
2699
2700 case 1:
2701 size = BPF_B;
2702 break;
2703
2704 case 2:
2705 size = BPF_H;
2706 break;
2707
2708 case 4:
2709 size = BPF_W;
2710 break;
2711 }
2712 switch (proto) {
2713 default:
2714 bpf_error("unsupported index operation");
2715
2716 case Q_LINK:
2717 s = xfer_to_x(index);
2718 tmp = new_stmt(BPF_LD|BPF_IND|size);
2719 sappend(s, tmp);
2720 sappend(index->s, s);
2721 break;
2722
2723 case Q_IP:
2724 case Q_ARP:
2725 case Q_RARP:
2726 case Q_ATALK:
2727 case Q_DECNET:
2728 case Q_SCA:
2729 case Q_LAT:
2730 case Q_MOPRC:
2731 case Q_MOPDL:
2732 #ifdef INET6
2733 case Q_IPV6:
2734 #endif
2735 /* XXX Note that we assume a fixed link header here. */
2736 s = xfer_to_x(index);
2737 tmp = new_stmt(BPF_LD|BPF_IND|size);
2738 tmp->s.k = off_nl;
2739 sappend(s, tmp);
2740 sappend(index->s, s);
2741
2742 b = gen_proto_abbrev(proto);
2743 if (index->b)
2744 gen_and(index->b, b);
2745 index->b = b;
2746 break;
2747
2748 case Q_TCP:
2749 case Q_UDP:
2750 case Q_ICMP:
2751 case Q_IGMP:
2752 case Q_IGRP:
2753 case Q_PIM:
2754 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
2755 s->s.k = off_nl;
2756 sappend(s, xfer_to_a(index));
2757 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X));
2758 sappend(s, new_stmt(BPF_MISC|BPF_TAX));
2759 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size));
2760 tmp->s.k = off_nl;
2761 sappend(index->s, s);
2762
2763 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag());
2764 if (index->b)
2765 gen_and(index->b, b);
2766 #ifdef INET6
2767 gen_and(gen_proto_abbrev(Q_IP), b);
2768 #endif
2769 index->b = b;
2770 break;
2771 #ifdef INET6
2772 case Q_ICMPV6:
2773 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]");
2774 /*NOTREACHED*/
2775 #endif
2776 }
2777 index->regno = regno;
2778 s = new_stmt(BPF_ST);
2779 s->s.k = regno;
2780 sappend(index->s, s);
2781
2782 return index;
2783 }
2784
2785 struct block *
2786 gen_relation(code, a0, a1, reversed)
2787 int code;
2788 struct arth *a0, *a1;
2789 int reversed;
2790 {
2791 struct slist *s0, *s1, *s2;
2792 struct block *b, *tmp;
2793
2794 s0 = xfer_to_x(a1);
2795 s1 = xfer_to_a(a0);
2796 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X);
2797 b = new_block(JMP(code));
2798 if (code == BPF_JGT || code == BPF_JGE) {
2799 reversed = !reversed;
2800 b->s.k = 0x80000000;
2801 }
2802 if (reversed)
2803 gen_not(b);
2804
2805 sappend(s1, s2);
2806 sappend(s0, s1);
2807 sappend(a1->s, s0);
2808 sappend(a0->s, a1->s);
2809
2810 b->stmts = a0->s;
2811
2812 free_reg(a0->regno);
2813 free_reg(a1->regno);
2814
2815 /* 'and' together protocol checks */
2816 if (a0->b) {
2817 if (a1->b) {
2818 gen_and(a0->b, tmp = a1->b);
2819 }
2820 else
2821 tmp = a0->b;
2822 } else
2823 tmp = a1->b;
2824
2825 if (tmp)
2826 gen_and(tmp, b);
2827
2828 return b;
2829 }
2830
2831 struct arth *
2832 gen_loadlen()
2833 {
2834 int regno = alloc_reg();
2835 struct arth *a = (struct arth *)newchunk(sizeof(*a));
2836 struct slist *s;
2837
2838 s = new_stmt(BPF_LD|BPF_LEN);
2839 s->next = new_stmt(BPF_ST);
2840 s->next->s.k = regno;
2841 a->s = s;
2842 a->regno = regno;
2843
2844 return a;
2845 }
2846
2847 struct arth *
2848 gen_loadi(val)
2849 int val;
2850 {
2851 struct arth *a;
2852 struct slist *s;
2853 int reg;
2854
2855 a = (struct arth *)newchunk(sizeof(*a));
2856
2857 reg = alloc_reg();
2858
2859 s = new_stmt(BPF_LD|BPF_IMM);
2860 s->s.k = val;
2861 s->next = new_stmt(BPF_ST);
2862 s->next->s.k = reg;
2863 a->s = s;
2864 a->regno = reg;
2865
2866 return a;
2867 }
2868
2869 struct arth *
2870 gen_neg(a)
2871 struct arth *a;
2872 {
2873 struct slist *s;
2874
2875 s = xfer_to_a(a);
2876 sappend(a->s, s);
2877 s = new_stmt(BPF_ALU|BPF_NEG);
2878 s->s.k = 0;
2879 sappend(a->s, s);
2880 s = new_stmt(BPF_ST);
2881 s->s.k = a->regno;
2882 sappend(a->s, s);
2883
2884 return a;
2885 }
2886
2887 struct arth *
2888 gen_arth(code, a0, a1)
2889 int code;
2890 struct arth *a0, *a1;
2891 {
2892 struct slist *s0, *s1, *s2;
2893
2894 s0 = xfer_to_x(a1);
2895 s1 = xfer_to_a(a0);
2896 s2 = new_stmt(BPF_ALU|BPF_X|code);
2897
2898 sappend(s1, s2);
2899 sappend(s0, s1);
2900 sappend(a1->s, s0);
2901 sappend(a0->s, a1->s);
2902
2903 free_reg(a1->regno);
2904
2905 s0 = new_stmt(BPF_ST);
2906 a0->regno = s0->s.k = alloc_reg();
2907 sappend(a0->s, s0);
2908
2909 return a0;
2910 }
2911
2912 /*
2913 * Here we handle simple allocation of the scratch registers.
2914 * If too many registers are alloc'd, the allocator punts.
2915 */
2916 static int regused[BPF_MEMWORDS];
2917 static int curreg;
2918
2919 /*
2920 * Return the next free register.
2921 */
2922 static int
2923 alloc_reg()
2924 {
2925 int n = BPF_MEMWORDS;
2926
2927 while (--n >= 0) {
2928 if (regused[curreg])
2929 curreg = (curreg + 1) % BPF_MEMWORDS;
2930 else {
2931 regused[curreg] = 1;
2932 return curreg;
2933 }
2934 }
2935 bpf_error("too many registers needed to evaluate expression");
2936 /* NOTREACHED */
2937 }
2938
2939 /*
2940 * Return a register to the table so it can
2941 * be used later.
2942 */
2943 static void
2944 free_reg(n)
2945 int n;
2946 {
2947 regused[n] = 0;
2948 }
2949
2950 static struct block *
2951 gen_len(jmp, n)
2952 int jmp, n;
2953 {
2954 struct slist *s;
2955 struct block *b;
2956
2957 s = new_stmt(BPF_LD|BPF_LEN);
2958 b = new_block(JMP(jmp));
2959 b->stmts = s;
2960 b->s.k = n;
2961
2962 return b;
2963 }
2964
2965 struct block *
2966 gen_greater(n)
2967 int n;
2968 {
2969 return gen_len(BPF_JGE, n);
2970 }
2971
2972 /*
2973 * Actually, this is less than or equal.
2974 */
2975 struct block *
2976 gen_less(n)
2977 int n;
2978 {
2979 struct block *b;
2980
2981 b = gen_len(BPF_JGT, n);
2982 gen_not(b);
2983
2984 return b;
2985 }
2986
2987 struct block *
2988 gen_byteop(op, idx, val)
2989 int op, idx, val;
2990 {
2991 struct block *b;
2992 struct slist *s;
2993
2994 switch (op) {
2995 default:
2996 abort();
2997
2998 case '=':
2999 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
3000
3001 case '<':
3002 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
3003 b->s.code = JMP(BPF_JGE);
3004 gen_not(b);
3005 return b;
3006
3007 case '>':
3008 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
3009 b->s.code = JMP(BPF_JGT);
3010 return b;
3011
3012 case '|':
3013 s = new_stmt(BPF_ALU|BPF_OR|BPF_K);
3014 break;
3015
3016 case '&':
3017 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
3018 break;
3019 }
3020 s->s.k = val;
3021 b = new_block(JMP(BPF_JEQ));
3022 b->stmts = s;
3023 gen_not(b);
3024
3025 return b;
3026 }
3027
3028 struct block *
3029 gen_broadcast(proto)
3030 int proto;
3031 {
3032 bpf_u_int32 hostmask;
3033 struct block *b0, *b1, *b2;
3034 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
3035
3036 switch (proto) {
3037
3038 case Q_DEFAULT:
3039 case Q_LINK:
3040 if (linktype == DLT_EN10MB)
3041 return gen_ehostop(ebroadcast, Q_DST);
3042 if (linktype == DLT_FDDI)
3043 return gen_fhostop(ebroadcast, Q_DST);
3044 if (linktype == DLT_IEEE802)
3045 return gen_thostop(ebroadcast, Q_DST);
3046 bpf_error("not a broadcast link");
3047 break;
3048
3049 case Q_IP:
3050 b0 = gen_linktype(ETHERTYPE_IP);
3051 hostmask = ~netmask;
3052 b1 = gen_mcmp(off_nl + 16, BPF_W, (bpf_int32)0, hostmask);
3053 b2 = gen_mcmp(off_nl + 16, BPF_W,
3054 (bpf_int32)(~0 & hostmask), hostmask);
3055 gen_or(b1, b2);
3056 gen_and(b0, b2);
3057 return b2;
3058 }
3059 bpf_error("only ether/ip broadcast filters supported");
3060 }
3061
3062 struct block *
3063 gen_multicast(proto)
3064 int proto;
3065 {
3066 register struct block *b0, *b1;
3067 register struct slist *s;
3068
3069 switch (proto) {
3070
3071 case Q_DEFAULT:
3072 case Q_LINK:
3073 if (linktype == DLT_EN10MB) {
3074 /* ether[0] & 1 != 0 */
3075 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
3076 s->s.k = 0;
3077 b0 = new_block(JMP(BPF_JSET));
3078 b0->s.k = 1;
3079 b0->stmts = s;
3080 return b0;
3081 }
3082
3083 if (linktype == DLT_FDDI) {
3084 /* XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX */
3085 /* fddi[1] & 1 != 0 */
3086 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
3087 s->s.k = 1;
3088 b0 = new_block(JMP(BPF_JSET));
3089 b0->s.k = 1;
3090 b0->stmts = s;
3091 return b0;
3092 }
3093
3094 /* TODO - check how token ring handles multicast */
3095 /* if (linktype == DLT_IEEE802) ... */
3096
3097 /* Link not known to support multicasts */
3098 break;
3099
3100 case Q_IP:
3101 b0 = gen_linktype(ETHERTYPE_IP);
3102 b1 = gen_cmp(off_nl + 16, BPF_B, (bpf_int32)224);
3103 b1->s.code = JMP(BPF_JGE);
3104 gen_and(b0, b1);
3105 return b1;
3106
3107 #ifdef INET6
3108 case Q_IPV6:
3109 b0 = gen_linktype(ETHERTYPE_IPV6);
3110 b1 = gen_cmp(off_nl + 24, BPF_B, (bpf_int32)255);
3111 gen_and(b0, b1);
3112 return b1;
3113 #endif /* INET6 */
3114 }
3115 bpf_error("only IP multicast filters supported on ethernet/FDDI");
3116 }
3117
3118 /*
3119 * generate command for inbound/outbound. It's here so we can
3120 * make it link-type specific. 'dir' = 0 implies "inbound",
3121 * = 1 implies "outbound".
3122 */
3123 struct block *
3124 gen_inbound(dir)
3125 int dir;
3126 {
3127 register struct block *b0;
3128
3129 b0 = gen_relation(BPF_JEQ,
3130 gen_load(Q_LINK, gen_loadi(0), 1),
3131 gen_loadi(0),
3132 dir);
3133 return (b0);
3134 }
3135
3136 /*
3137 * support IEEE 802.1Q VLAN trunk over ethernet
3138 */
3139 struct block *
3140 gen_vlan(vlan_num)
3141 int vlan_num;
3142 {
3143 static u_int orig_linktype = -1, orig_nl = -1;
3144 struct block *b0;
3145
3146 /*
3147 * Change the offsets to point to the type and data fields within
3148 * the VLAN packet. This is somewhat of a kludge.
3149 */
3150 if (orig_nl == (u_int)-1) {
3151 orig_linktype = off_linktype; /* save original values */
3152 orig_nl = off_nl;
3153
3154 switch (linktype) {
3155
3156 case DLT_EN10MB:
3157 off_linktype = 16;
3158 off_nl = 18;
3159 break;
3160
3161 default:
3162 bpf_error("no VLAN support for data link type %d",
3163 linktype);
3164 /*NOTREACHED*/
3165 }
3166 }
3167
3168 /* check for VLAN */
3169 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q);
3170
3171 /* If a specific VLAN is requested, check VLAN id */
3172 if (vlan_num >= 0) {
3173 struct block *b1;
3174
3175 b1 = gen_cmp(orig_nl, BPF_H, (bpf_int32)vlan_num);
3176 gen_and(b0, b1);
3177 b0 = b1;
3178 }
3179
3180 return (b0);
3181 }
[mirror] the LIBpcap interface to various kernel packet capture mechanism