]> The Tcpdump Group git mirrors - libpcap/blob - gencode.c
projects / libpcap / blob


bfe680b2959ad1f3908ff108e44342c98a08258f
[libpcap] / gencode.c
1 /*#define CHASE_CHAIN*/
2 /*
3 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998
4 * The Regents of the University of California. All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that: (1) source code distributions
8 * retain the above copyright notice and this paragraph in its entirety, (2)
9 * distributions including binary code include the above copyright notice and
10 * this paragraph in its entirety in the documentation or other materials
11 * provided with the distribution, and (3) all advertising materials mentioning
12 * features or use of this software display the following acknowledgement:
13 * ``This product includes software developed by the University of California,
14 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
15 * the University nor the names of its contributors may be used to endorse
16 * or promote products derived from this software without specific prior
17 * written permission.
18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
19 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
20 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
21 */
22 #ifndef lint
23 static const char rcsid[] =
24 "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.178 2002-08-08 11:07:27 guy Exp $ (LBL)";
25 #endif
26
27 #ifdef HAVE_CONFIG_H
28 #include "config.h"
29 #endif
30
31 #ifdef WIN32
32 #include <pcap-stdinc.h>
33 #else /* WIN32 */
34 #include <sys/types.h>
35 #include <sys/socket.h>
36 #include <sys/time.h>
37 #endif /* WIN32 */
38
39 /*
40 * XXX - why was this included even on UNIX?
41 */
42 #ifdef __MINGW32__
43 #include "IP6_misc.h"
44 #endif
45
46 #ifndef WIN32
47
48 #ifdef __NetBSD__
49 #include <sys/param.h>
50 #endif
51
52 #include <netinet/in.h>
53
54 #endif /* WIN32 */
55
56 #include <stdlib.h>
57 #include <string.h>
58 #include <memory.h>
59 #include <setjmp.h>
60 #include <stdarg.h>
61
62 #include "pcap-int.h"
63
64 #include "ethertype.h"
65 #include "nlpid.h"
66 #include "llc.h"
67 #include "gencode.h"
68 #include "atmuni31.h"
69 #include "sunatmpos.h"
70 #include "ppp.h"
71 #include "sll.h"
72 #include "arcnet.h"
73 #ifdef INET6
74 #ifndef WIN32
75 #include <netdb.h> /* for "struct addrinfo" */
76 #endif /* WIN32 */
77 #endif /*INET6*/
78 #include <pcap-namedb.h>
79
80 #define ETHERMTU 1500
81
82 #ifndef IPPROTO_SCTP
83 #define IPPROTO_SCTP 132
84 #endif
85
86 #ifdef HAVE_OS_PROTO_H
87 #include "os-proto.h"
88 #endif
89
90 #define JMP(c) ((c)|BPF_JMP|BPF_K)
91
92 /* Locals */
93 static jmp_buf top_ctx;
94 static pcap_t *bpf_pcap;
95
96 /* Hack for updating VLAN offsets. */
97 static u_int orig_linktype = -1, orig_nl = -1, orig_nl_nosnap = -1;
98
99 /* XXX */
100 #ifdef PCAP_FDDIPAD
101 int pcap_fddipad = PCAP_FDDIPAD;
102 #else
103 int pcap_fddipad;
104 #endif
105
106 /* VARARGS */
107 void
108 bpf_error(const char *fmt, ...)
109
110 {
111 va_list ap;
112
113 va_start(ap, fmt);
114 if (bpf_pcap != NULL)
115 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE,
116 fmt, ap);
117 va_end(ap);
118 longjmp(top_ctx, 1);
119 /* NOTREACHED */
120 }
121
122 static void init_linktype(int);
123
124 static int alloc_reg(void);
125 static void free_reg(int);
126
127 static struct block *root;
128
129 /*
130 * We divy out chunks of memory rather than call malloc each time so
131 * we don't have to worry about leaking memory. It's probably
132 * not a big deal if all this memory was wasted but it this ever
133 * goes into a library that would probably not be a good idea.
134 */
135 #define NCHUNKS 16
136 #define CHUNK0SIZE 1024
137 struct chunk {
138 u_int n_left;
139 void *m;
140 };
141
142 static struct chunk chunks[NCHUNKS];
143 static int cur_chunk;
144
145 static void *newchunk(u_int);
146 static void freechunks(void);
147 static inline struct block *new_block(int);
148 static inline struct slist *new_stmt(int);
149 static struct block *gen_retblk(int);
150 static inline void syntax(void);
151
152 static void backpatch(struct block *, struct block *);
153 static void merge(struct block *, struct block *);
154 static struct block *gen_cmp(u_int, u_int, bpf_int32);
155 static struct block *gen_cmp_gt(u_int, u_int, bpf_int32);
156 static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32);
157 static struct block *gen_bcmp(u_int, u_int, const u_char *);
158 static struct block *gen_ncmp(bpf_u_int32, bpf_u_int32, bpf_u_int32,
159 bpf_u_int32, bpf_u_int32, int);
160 static struct block *gen_uncond(int);
161 static inline struct block *gen_true(void);
162 static inline struct block *gen_false(void);
163 static struct block *gen_linktype(int);
164 static struct block *gen_snap(bpf_u_int32, bpf_u_int32, u_int);
165 static struct block *gen_llc(int);
166 static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int);
167 #ifdef INET6
168 static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int);
169 #endif
170 static struct block *gen_ahostop(const u_char *, int);
171 static struct block *gen_ehostop(const u_char *, int);
172 static struct block *gen_fhostop(const u_char *, int);
173 static struct block *gen_thostop(const u_char *, int);
174 static struct block *gen_wlanhostop(const u_char *, int);
175 static struct block *gen_dnhostop(bpf_u_int32, int, u_int);
176 static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int);
177 #ifdef INET6
178 static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int);
179 #endif
180 #ifndef INET6
181 static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int);
182 #endif
183 static struct block *gen_ipfrag(void);
184 static struct block *gen_portatom(int, bpf_int32);
185 #ifdef INET6
186 static struct block *gen_portatom6(int, bpf_int32);
187 #endif
188 struct block *gen_portop(int, int, int);
189 static struct block *gen_port(int, int, int);
190 #ifdef INET6
191 struct block *gen_portop6(int, int, int);
192 static struct block *gen_port6(int, int, int);
193 #endif
194 static int lookup_proto(const char *, int);
195 static struct block *gen_protochain(int, int, int);
196 static struct block *gen_proto(int, int, int);
197 static struct slist *xfer_to_x(struct arth *);
198 static struct slist *xfer_to_a(struct arth *);
199 static struct block *gen_mac_multicast(int);
200 static struct block *gen_len(int, int);
201
202 static struct block *gen_msg_abbrev(int type);
203
204 static void *
205 newchunk(n)
206 u_int n;
207 {
208 struct chunk *cp;
209 int k, size;
210
211 #ifndef __NetBSD__
212 /* XXX Round up to nearest long. */
213 n = (n + sizeof(long) - 1) & ~(sizeof(long) - 1);
214 #else
215 /* XXX Round up to structure boundary. */
216 n = ALIGN(n);
217 #endif
218
219 cp = &chunks[cur_chunk];
220 if (n > cp->n_left) {
221 ++cp, k = ++cur_chunk;
222 if (k >= NCHUNKS)
223 bpf_error("out of memory");
224 size = CHUNK0SIZE << k;
225 cp->m = (void *)malloc(size);
226 memset((char *)cp->m, 0, size);
227 cp->n_left = size;
228 if (n > size)
229 bpf_error("out of memory");
230 }
231 cp->n_left -= n;
232 return (void *)((char *)cp->m + cp->n_left);
233 }
234
235 static void
236 freechunks()
237 {
238 int i;
239
240 cur_chunk = 0;
241 for (i = 0; i < NCHUNKS; ++i)
242 if (chunks[i].m != NULL) {
243 free(chunks[i].m);
244 chunks[i].m = NULL;
245 }
246 }
247
248 /*
249 * A strdup whose allocations are freed after code generation is over.
250 */
251 char *
252 sdup(s)
253 register const char *s;
254 {
255 int n = strlen(s) + 1;
256 char *cp = newchunk(n);
257
258 strlcpy(cp, s, n);
259 return (cp);
260 }
261
262 static inline struct block *
263 new_block(code)
264 int code;
265 {
266 struct block *p;
267
268 p = (struct block *)newchunk(sizeof(*p));
269 p->s.code = code;
270 p->head = p;
271
272 return p;
273 }
274
275 static inline struct slist *
276 new_stmt(code)
277 int code;
278 {
279 struct slist *p;
280
281 p = (struct slist *)newchunk(sizeof(*p));
282 p->s.code = code;
283
284 return p;
285 }
286
287 static struct block *
288 gen_retblk(v)
289 int v;
290 {
291 struct block *b = new_block(BPF_RET|BPF_K);
292
293 b->s.k = v;
294 return b;
295 }
296
297 static inline void
298 syntax()
299 {
300 bpf_error("syntax error in filter expression");
301 }
302
303 static bpf_u_int32 netmask;
304 static int snaplen;
305 int no_optimize;
306
307 int
308 pcap_compile(pcap_t *p, struct bpf_program *program,
309 char *buf, int optimize, bpf_u_int32 mask)
310 {
311 extern int n_errors;
312 int len;
313
314 no_optimize = 0;
315 n_errors = 0;
316 root = NULL;
317 bpf_pcap = p;
318 if (setjmp(top_ctx)) {
319 lex_cleanup();
320 freechunks();
321 return (-1);
322 }
323
324 netmask = mask;
325
326 snaplen = pcap_snapshot(p);
327 if (snaplen == 0) {
328 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
329 "snaplen of 0 rejects all packets");
330 return -1;
331 }
332
333 lex_init(buf ? buf : "");
334 init_linktype(pcap_datalink(p));
335 (void)pcap_parse();
336
337 if (n_errors)
338 syntax();
339
340 if (root == NULL)
341 root = gen_retblk(snaplen);
342
343 if (optimize && !no_optimize) {
344 bpf_optimize(&root);
345 if (root == NULL ||
346 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0))
347 bpf_error("expression rejects all packets");
348 }
349 program->bf_insns = icode_to_fcode(root, &len);
350 program->bf_len = len;
351
352 lex_cleanup();
353 freechunks();
354 return (0);
355 }
356
357 /*
358 * entry point for using the compiler with no pcap open
359 * pass in all the stuff that is needed explicitly instead.
360 */
361 int
362 pcap_compile_nopcap(int snaplen_arg, int linktype_arg,
363 struct bpf_program *program,
364 char *buf, int optimize, bpf_u_int32 mask)
365 {
366 pcap_t *p;
367 int ret;
368
369 p = pcap_open_dead(linktype_arg, snaplen_arg);
370 if (p == NULL)
371 return (-1);
372 ret = pcap_compile(p, program, buf, optimize, mask);
373 pcap_close(p);
374 return (ret);
375 }
376
377 /*
378 * Clean up a "struct bpf_program" by freeing all the memory allocated
379 * in it.
380 */
381 void
382 pcap_freecode(struct bpf_program *program)
383 {
384 program->bf_len = 0;
385 if (program->bf_insns != NULL) {
386 free((char *)program->bf_insns);
387 program->bf_insns = NULL;
388 }
389 }
390
391 /*
392 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates
393 * which of the jt and jf fields has been resolved and which is a pointer
394 * back to another unresolved block (or nil). At least one of the fields
395 * in each block is already resolved.
396 */
397 static void
398 backpatch(list, target)
399 struct block *list, *target;
400 {
401 struct block *next;
402
403 while (list) {
404 if (!list->sense) {
405 next = JT(list);
406 JT(list) = target;
407 } else {
408 next = JF(list);
409 JF(list) = target;
410 }
411 list = next;
412 }
413 }
414
415 /*
416 * Merge the lists in b0 and b1, using the 'sense' field to indicate
417 * which of jt and jf is the link.
418 */
419 static void
420 merge(b0, b1)
421 struct block *b0, *b1;
422 {
423 register struct block **p = &b0;
424
425 /* Find end of list. */
426 while (*p)
427 p = !((*p)->sense) ? &JT(*p) : &JF(*p);
428
429 /* Concatenate the lists. */
430 *p = b1;
431 }
432
433 void
434 finish_parse(p)
435 struct block *p;
436 {
437 backpatch(p, gen_retblk(snaplen));
438 p->sense = !p->sense;
439 backpatch(p, gen_retblk(0));
440 root = p->head;
441 }
442
443 void
444 gen_and(b0, b1)
445 struct block *b0, *b1;
446 {
447 backpatch(b0, b1->head);
448 b0->sense = !b0->sense;
449 b1->sense = !b1->sense;
450 merge(b1, b0);
451 b1->sense = !b1->sense;
452 b1->head = b0->head;
453 }
454
455 void
456 gen_or(b0, b1)
457 struct block *b0, *b1;
458 {
459 b0->sense = !b0->sense;
460 backpatch(b0, b1->head);
461 b0->sense = !b0->sense;
462 merge(b1, b0);
463 b1->head = b0->head;
464 }
465
466 void
467 gen_not(b)
468 struct block *b;
469 {
470 b->sense = !b->sense;
471 }
472
473 static struct block *
474 gen_cmp(offset, size, v)
475 u_int offset, size;
476 bpf_int32 v;
477 {
478 struct slist *s;
479 struct block *b;
480
481 s = new_stmt(BPF_LD|BPF_ABS|size);
482 s->s.k = offset;
483
484 b = new_block(JMP(BPF_JEQ));
485 b->stmts = s;
486 b->s.k = v;
487
488 return b;
489 }
490
491 static struct block *
492 gen_cmp_gt(offset, size, v)
493 u_int offset, size;
494 bpf_int32 v;
495 {
496 struct slist *s;
497 struct block *b;
498
499 s = new_stmt(BPF_LD|BPF_ABS|size);
500 s->s.k = offset;
501
502 b = new_block(JMP(BPF_JGT));
503 b->stmts = s;
504 b->s.k = v;
505
506 return b;
507 }
508
509 static struct block *
510 gen_mcmp(offset, size, v, mask)
511 u_int offset, size;
512 bpf_int32 v;
513 bpf_u_int32 mask;
514 {
515 struct block *b = gen_cmp(offset, size, v);
516 struct slist *s;
517
518 if (mask != 0xffffffff) {
519 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
520 s->s.k = mask;
521 b->stmts->next = s;
522 }
523 return b;
524 }
525
526 static struct block *
527 gen_bcmp(offset, size, v)
528 register u_int offset, size;
529 register const u_char *v;
530 {
531 register struct block *b, *tmp;
532
533 b = NULL;
534 while (size >= 4) {
535 register const u_char *p = &v[size - 4];
536 bpf_int32 w = ((bpf_int32)p[0] << 24) |
537 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3];
538
539 tmp = gen_cmp(offset + size - 4, BPF_W, w);
540 if (b != NULL)
541 gen_and(b, tmp);
542 b = tmp;
543 size -= 4;
544 }
545 while (size >= 2) {
546 register const u_char *p = &v[size - 2];
547 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1];
548
549 tmp = gen_cmp(offset + size - 2, BPF_H, w);
550 if (b != NULL)
551 gen_and(b, tmp);
552 b = tmp;
553 size -= 2;
554 }
555 if (size > 0) {
556 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]);
557 if (b != NULL)
558 gen_and(b, tmp);
559 b = tmp;
560 }
561 return b;
562 }
563
564 static struct block *
565 gen_ncmp(datasize, offset, mask, jtype, jvalue, reverse)
566 bpf_u_int32 datasize, offset, mask, jtype, jvalue;
567 int reverse;
568 {
569 struct slist *s;
570 struct block *b;
571
572 s = new_stmt(BPF_LD|datasize|BPF_ABS);
573 s->s.k = offset;
574
575 if (mask != 0xffffffff) {
576 s->next = new_stmt(BPF_ALU|BPF_AND|BPF_K);
577 s->next->s.k = mask;
578 }
579
580 b = new_block(JMP(jtype));
581 b->stmts = s;
582 b->s.k = jvalue;
583 if (reverse && (jtype == BPF_JGT || jtype == BPF_JGE))
584 gen_not(b);
585 return b;
586 }
587
588 /*
589 * Various code constructs need to know the layout of the data link
590 * layer. These variables give the necessary offsets.
591 */
592
593 /*
594 * "off_linktype" is the offset to information in the link-layer header
595 * giving the packet type.
596 *
597 * For Ethernet, it's the offset of the Ethernet type field.
598 *
599 * For link-layer types that always use 802.2 headers, it's the
600 * offset of the LLC header.
601 *
602 * For PPP, it's the offset of the PPP type field.
603 *
604 * For Cisco HDLC, it's the offset of the CHDLC type field.
605 *
606 * For BSD loopback, it's the offset of the AF_ value.
607 *
608 * For Linux cooked sockets, it's the offset of the type field.
609 *
610 * It's set to -1 for no encapsulation, in which case, IP is assumed.
611 */
612 static u_int off_linktype;
613
614 /*
615 * TRUE if the link layer includes an ATM pseudo-header.
616 */
617 static int is_atm = 0;
618
619 /*
620 * These are offsets for the ATM pseudo-header.
621 */
622 static u_int off_vpi;
623 static u_int off_vci;
624 static u_int off_proto;
625
626 /*
627 * This is the offset to the message type for Q.2931 messages.
628 */
629 static u_int off_msg_type;
630
631 /*
632 * These are offsets to the beginning of the network-layer header.
633 *
634 * If the link layer never uses 802.2 LLC:
635 *
636 * "off_nl" and "off_nl_nosnap" are the same.
637 *
638 * If the link layer always uses 802.2 LLC:
639 *
640 * "off_nl" is the offset if there's a SNAP header following
641 * the 802.2 header;
642 *
643 * "off_nl_nosnap" is the offset if there's no SNAP header.
644 *
645 * If the link layer is Ethernet:
646 *
647 * "off_nl" is the offset if the packet is an Ethernet II packet
648 * (we assume no 802.3+802.2+SNAP);
649 *
650 * "off_nl_nosnap" is the offset if the packet is an 802.3 packet
651 * with an 802.2 header following it.
652 */
653 static u_int off_nl;
654 static u_int off_nl_nosnap;
655
656 static int linktype;
657
658 static void
659 init_linktype(type)
660 int type;
661 {
662 linktype = type;
663
664 /*
665 * Assume it's not raw ATM with a pseudo-header, for now.
666 */
667 is_atm = 0;
668 off_vpi = -1;
669 off_vci = -1;
670 off_proto = -1;
671 off_msg_type = -1;
672
673 orig_linktype = -1;
674 orig_nl = -1;
675 orig_nl_nosnap = -1;
676
677 switch (type) {
678
679 case DLT_ARCNET:
680 off_linktype = 2;
681 off_nl = 6; /* XXX in reality, variable! */
682 off_nl_nosnap = 6; /* no 802.2 LLC */
683 return;
684
685 case DLT_EN10MB:
686 off_linktype = 12;
687 off_nl = 14; /* Ethernet II */
688 off_nl_nosnap = 17; /* 802.3+802.2 */
689 return;
690
691 case DLT_SLIP:
692 /*
693 * SLIP doesn't have a link level type. The 16 byte
694 * header is hacked into our SLIP driver.
695 */
696 off_linktype = -1;
697 off_nl = 16;
698 off_nl_nosnap = 16; /* no 802.2 LLC */
699 return;
700
701 case DLT_SLIP_BSDOS:
702 /* XXX this may be the same as the DLT_PPP_BSDOS case */
703 off_linktype = -1;
704 /* XXX end */
705 off_nl = 24;
706 off_nl_nosnap = 24; /* no 802.2 LLC */
707 return;
708
709 case DLT_NULL:
710 case DLT_LOOP:
711 off_linktype = 0;
712 off_nl = 4;
713 off_nl_nosnap = 4; /* no 802.2 LLC */
714 return;
715
716 case DLT_PPP:
717 case DLT_C_HDLC: /* BSD/OS Cisco HDLC */
718 case DLT_PPP_SERIAL: /* NetBSD sync/async serial PPP */
719 off_linktype = 2;
720 off_nl = 4;
721 off_nl_nosnap = 4; /* no 802.2 LLC */
722 return;
723
724 case DLT_PPP_ETHER:
725 /*
726 * This does no include the Ethernet header, and
727 * only covers session state.
728 */
729 off_linktype = 6;
730 off_nl = 8;
731 off_nl_nosnap = 8; /* no 802.2 LLC */
732 return;
733
734 case DLT_PPP_BSDOS:
735 off_linktype = 5;
736 off_nl = 24;
737 off_nl_nosnap = 24; /* no 802.2 LLC */
738 return;
739
740 case DLT_FDDI:
741 /*
742 * FDDI doesn't really have a link-level type field.
743 * We set "off_linktype" to the offset of the LLC header.
744 *
745 * To check for Ethernet types, we assume that SSAP = SNAP
746 * is being used and pick out the encapsulated Ethernet type.
747 * XXX - should we generate code to check for SNAP?
748 */
749 off_linktype = 13;
750 #ifdef PCAP_FDDIPAD
751 off_linktype += pcap_fddipad;
752 #endif
753 off_nl = 21; /* FDDI+802.2+SNAP */
754 off_nl_nosnap = 16; /* FDDI+802.2 */
755 #ifdef PCAP_FDDIPAD
756 off_nl += pcap_fddipad;
757 off_nl_nosnap += pcap_fddipad;
758 #endif
759 return;
760
761 case DLT_IEEE802:
762 /*
763 * Token Ring doesn't really have a link-level type field.
764 * We set "off_linktype" to the offset of the LLC header.
765 *
766 * To check for Ethernet types, we assume that SSAP = SNAP
767 * is being used and pick out the encapsulated Ethernet type.
768 * XXX - should we generate code to check for SNAP?
769 *
770 * XXX - the header is actually variable-length.
771 * Some various Linux patched versions gave 38
772 * as "off_linktype" and 40 as "off_nl"; however,
773 * if a token ring packet has *no* routing
774 * information, i.e. is not source-routed, the correct
775 * values are 20 and 22, as they are in the vanilla code.
776 *
777 * A packet is source-routed iff the uppermost bit
778 * of the first byte of the source address, at an
779 * offset of 8, has the uppermost bit set. If the
780 * packet is source-routed, the total number of bytes
781 * of routing information is 2 plus bits 0x1F00 of
782 * the 16-bit value at an offset of 14 (shifted right
783 * 8 - figure out which byte that is).
784 */
785 off_linktype = 14;
786 off_nl = 22; /* Token Ring+802.2+SNAP */
787 off_nl_nosnap = 17; /* Token Ring+802.2 */
788 return;
789
790 case DLT_IEEE802_11:
791 /*
792 * 802.11 doesn't really have a link-level type field.
793 * We set "off_linktype" to the offset of the LLC header.
794 *
795 * To check for Ethernet types, we assume that SSAP = SNAP
796 * is being used and pick out the encapsulated Ethernet type.
797 * XXX - should we generate code to check for SNAP?
798 *
799 * XXX - the header is actually variable-length. We
800 * assume a 24-byte link-layer header, as appears in
801 * data frames in networks with no bridges.
802 */
803 off_linktype = 24;
804 off_nl = 32; /* 802.11+802.2+SNAP */
805 off_nl_nosnap = 27; /* 802.11+802.2 */
806 return;
807
808 case DLT_PRISM_HEADER:
809 /*
810 * Same as 802.11, but with an additional header before
811 * the 802.11 header, containing a bunch of additional
812 * information including radio-level information.
813 *
814 * The header is 144 bytes long.
815 *
816 * XXX - same variable-length header problem; at least
817 * the Prism header is fixed-length.
818 */
819 off_linktype = 144+24;
820 off_nl = 144+32; /* Prism+802.11+802.2+SNAP */
821 off_nl_nosnap = 144+27; /* Prism+802.11+802.2 */
822 return;
823
824 case DLT_ATM_RFC1483:
825 case DLT_ATM_CLIP: /* Linux ATM defines this */
826 /*
827 * assume routed, non-ISO PDUs
828 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00)
829 */
830 off_linktype = 0;
831 off_nl = 8; /* 802.2+SNAP */
832 off_nl_nosnap = 3; /* 802.2 */
833 return;
834
835 case DLT_SUNATM:
836 /*
837 * Full Frontal ATM; you get AALn PDUs with an ATM
838 * pseudo-header.
839 */
840 is_atm = 1;
841 off_linktype = SUNATM_PKT_BEGIN_POS;
842 off_vpi = SUNATM_VPI_POS;
843 off_vci = SUNATM_VCI_POS;
844 off_proto = PROTO_POS;
845 off_msg_type = SUNATM_PKT_BEGIN_POS+MSG_TYPE_POS;
846 off_nl = SUNATM_PKT_BEGIN_POS+8; /* 802.2+SNAP */
847 off_nl_nosnap = SUNATM_PKT_BEGIN_POS+3; /* 802.2 */
848 return;
849
850 case DLT_RAW:
851 off_linktype = -1;
852 off_nl = 0;
853 off_nl_nosnap = 0; /* no 802.2 LLC */
854 return;
855
856 case DLT_LINUX_SLL: /* fake header for Linux cooked socket */
857 off_linktype = 14;
858 off_nl = 16;
859 off_nl_nosnap = 16; /* no 802.2 LLC */
860 return;
861
862 case DLT_LTALK:
863 /*
864 * LocalTalk does have a 1-byte type field in the LLAP header,
865 * but really it just indicates whether there is a "short" or
866 * "long" DDP packet following.
867 */
868 off_linktype = -1;
869 off_nl = 0;
870 off_nl_nosnap = 0; /* no 802.2 LLC */
871 return;
872
873 case DLT_FRELAY:
874 /*
875 * XXX - we should set this to handle SNAP-encapsulated
876 * frames (NLPID of 0x80).
877 */
878 off_linktype = -1;
879 off_nl = 0;
880 off_nl_nosnap = 0; /* no 802.2 LLC */
881 return;
882 }
883 bpf_error("unknown data link type %d", linktype);
884 /* NOTREACHED */
885 }
886
887 static struct block *
888 gen_uncond(rsense)
889 int rsense;
890 {
891 struct block *b;
892 struct slist *s;
893
894 s = new_stmt(BPF_LD|BPF_IMM);
895 s->s.k = !rsense;
896 b = new_block(JMP(BPF_JEQ));
897 b->stmts = s;
898
899 return b;
900 }
901
902 static inline struct block *
903 gen_true()
904 {
905 return gen_uncond(1);
906 }
907
908 static inline struct block *
909 gen_false()
910 {
911 return gen_uncond(0);
912 }
913
914 /*
915 * Byte-swap a 32-bit number.
916 * ("htonl()" or "ntohl()" won't work - we want to byte-swap even on
917 * big-endian platforms.)
918 */
919 #define SWAPLONG(y) \
920 ((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff))
921
922 static struct block *
923 gen_linktype(proto)
924 register int proto;
925 {
926 struct block *b0, *b1, *b2;
927
928 switch (linktype) {
929
930 case DLT_EN10MB:
931 switch (proto) {
932
933 case LLCSAP_ISONS:
934 /*
935 * OSI protocols always use 802.2 encapsulation.
936 * XXX - should we check both the DSAP and the
937 * SSAP, like this, or should we check just the
938 * DSAP?
939 */
940 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
941 gen_not(b0);
942 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
943 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
944 gen_and(b0, b1);
945 return b1;
946
947 case LLCSAP_NETBEUI:
948 /*
949 * NetBEUI always uses 802.2 encapsulation.
950 * XXX - should we check both the DSAP and the
951 * SSAP, like this, or should we check just the
952 * DSAP?
953 */
954 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
955 gen_not(b0);
956 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
957 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
958 gen_and(b0, b1);
959 return b1;
960
961 case LLCSAP_IPX:
962 /*
963 * Check for;
964 *
965 * Ethernet_II frames, which are Ethernet
966 * frames with a frame type of ETHERTYPE_IPX;
967 *
968 * Ethernet_802.3 frames, which are 802.3
969 * frames (i.e., the type/length field is
970 * a length field, <= ETHERMTU, rather than
971 * a type field) with the first two bytes
972 * after the Ethernet/802.3 header being
973 * 0xFFFF;
974 *
975 * Ethernet_802.2 frames, which are 802.3
976 * frames with an 802.2 LLC header and
977 * with the IPX LSAP as the DSAP in the LLC
978 * header;
979 *
980 * Ethernet_SNAP frames, which are 802.3
981 * frames with an LLC header and a SNAP
982 * header and with an OUI of 0x000000
983 * (encapsulated Ethernet) and a protocol
984 * ID of ETHERTYPE_IPX in the SNAP header.
985 *
986 * XXX - should we generate the same code both
987 * for tests for LLCSAP_IPX and for ETHERTYPE_IPX?
988 */
989
990 /*
991 * This generates code to check both for the
992 * IPX LSAP (Ethernet_802.2) and for Ethernet_802.3.
993 */
994 b0 = gen_cmp(off_linktype + 2, BPF_B,
995 (bpf_int32)LLCSAP_IPX);
996 b1 = gen_cmp(off_linktype + 2, BPF_H,
997 (bpf_int32)0xFFFF);
998 gen_or(b0, b1);
999
1000 /*
1001 * Now we add code to check for SNAP frames with
1002 * ETHERTYPE_IPX, i.e. Ethernet_SNAP.
1003 */
1004 b0 = gen_snap(0x000000, ETHERTYPE_IPX, 14);
1005 gen_or(b0, b1);
1006
1007 /*
1008 * Now we generate code to check for 802.3
1009 * frames in general.
1010 */
1011 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1012 gen_not(b0);
1013
1014 /*
1015 * Now add the check for 802.3 frames before the
1016 * check for Ethernet_802.2 and Ethernet_802.3,
1017 * as those checks should only be done on 802.3
1018 * frames, not on Ethernet frames.
1019 */
1020 gen_and(b0, b1);
1021
1022 /*
1023 * Now add the check for Ethernet_II frames, and
1024 * do that before checking for the other frame
1025 * types.
1026 */
1027 b0 = gen_cmp(off_linktype, BPF_H,
1028 (bpf_int32)ETHERTYPE_IPX);
1029 gen_or(b0, b1);
1030 return b1;
1031
1032 case ETHERTYPE_ATALK:
1033 case ETHERTYPE_AARP:
1034 /*
1035 * EtherTalk (AppleTalk protocols on Ethernet link
1036 * layer) may use 802.2 encapsulation.
1037 */
1038
1039 /*
1040 * Check for 802.2 encapsulation (EtherTalk phase 2?);
1041 * we check for an Ethernet type field less than
1042 * 1500, which means it's an 802.3 length field.
1043 */
1044 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1045 gen_not(b0);
1046
1047 /*
1048 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1049 * SNAP packets with an organization code of
1050 * 0x080007 (Apple, for Appletalk) and a protocol
1051 * type of ETHERTYPE_ATALK (Appletalk).
1052 *
1053 * 802.2-encapsulated ETHERTYPE_AARP packets are
1054 * SNAP packets with an organization code of
1055 * 0x000000 (encapsulated Ethernet) and a protocol
1056 * type of ETHERTYPE_AARP (Appletalk ARP).
1057 */
1058 if (proto == ETHERTYPE_ATALK)
1059 b1 = gen_snap(0x080007, ETHERTYPE_ATALK, 14);
1060 else /* proto == ETHERTYPE_AARP */
1061 b1 = gen_snap(0x000000, ETHERTYPE_AARP, 14);
1062 gen_and(b0, b1);
1063
1064 /*
1065 * Check for Ethernet encapsulation (Ethertalk
1066 * phase 1?); we just check for the Ethernet
1067 * protocol type.
1068 */
1069 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1070
1071 gen_or(b0, b1);
1072 return b1;
1073
1074 default:
1075 if (proto <= ETHERMTU) {
1076 /*
1077 * This is an LLC SAP value, so the frames
1078 * that match would be 802.2 frames.
1079 * Check that the frame is an 802.2 frame
1080 * (i.e., that the length/type field is
1081 * a length field, <= ETHERMTU) and
1082 * then check the DSAP.
1083 */
1084 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1085 gen_not(b0);
1086 b1 = gen_cmp(off_linktype + 2, BPF_B,
1087 (bpf_int32)proto);
1088 gen_and(b0, b1);
1089 return b1;
1090 } else {
1091 /*
1092 * This is an Ethernet type, so compare
1093 * the length/type field with it (if
1094 * the frame is an 802.2 frame, the length
1095 * field will be <= ETHERMTU, and, as
1096 * "proto" is > ETHERMTU, this test
1097 * will fail and the frame won't match,
1098 * which is what we want).
1099 */
1100 return gen_cmp(off_linktype, BPF_H,
1101 (bpf_int32)proto);
1102 }
1103 }
1104 break;
1105
1106 case DLT_IEEE802_11:
1107 case DLT_PRISM_HEADER:
1108 case DLT_FDDI:
1109 case DLT_IEEE802:
1110 case DLT_ATM_RFC1483:
1111 case DLT_ATM_CLIP:
1112 return gen_llc(proto);
1113 break;
1114
1115 case DLT_SUNATM:
1116 /*
1117 * Check for LLC encapsulation and then check the protocol.
1118 * XXX - also check for LANE and then check for an Ethernet
1119 * type?
1120 */
1121 b0 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0);
1122 b1 = gen_llc(proto);
1123 gen_and(b0, b1);
1124 return b1;
1125
1126 case DLT_LINUX_SLL:
1127 switch (proto) {
1128
1129 case LLCSAP_ISONS:
1130 /*
1131 * OSI protocols always use 802.2 encapsulation.
1132 * XXX - should we check both the DSAP and the
1133 * LSAP, like this, or should we check just the
1134 * DSAP?
1135 */
1136 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1137 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1138 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
1139 gen_and(b0, b1);
1140 return b1;
1141
1142 case LLCSAP_NETBEUI:
1143 /*
1144 * NetBEUI always uses 802.2 encapsulation.
1145 * XXX - should we check both the DSAP and the
1146 * LSAP, like this, or should we check just the
1147 * DSAP?
1148 */
1149 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1150 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1151 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
1152 gen_and(b0, b1);
1153 return b1;
1154
1155 case LLCSAP_IPX:
1156 /*
1157 * Ethernet_II frames, which are Ethernet
1158 * frames with a frame type of ETHERTYPE_IPX;
1159 *
1160 * Ethernet_802.3 frames, which have a frame
1161 * type of LINUX_SLL_P_802_3;
1162 *
1163 * Ethernet_802.2 frames, which are 802.3
1164 * frames with an 802.2 LLC header (i.e, have
1165 * a frame type of LINUX_SLL_P_802_2) and
1166 * with the IPX LSAP as the DSAP in the LLC
1167 * header;
1168 *
1169 * Ethernet_SNAP frames, which are 802.3
1170 * frames with an LLC header and a SNAP
1171 * header and with an OUI of 0x000000
1172 * (encapsulated Ethernet) and a protocol
1173 * ID of ETHERTYPE_IPX in the SNAP header.
1174 *
1175 * First, do the checks on LINUX_SLL_P_802_2
1176 * frames; generate the check for either
1177 * Ethernet_802.2 or Ethernet_SNAP frames, and
1178 * then put a check for LINUX_SLL_P_802_2 frames
1179 * before it.
1180 */
1181 b0 = gen_cmp(off_linktype + 2, BPF_B,
1182 (bpf_int32)LLCSAP_IPX);
1183 b1 = gen_snap(0x000000, ETHERTYPE_IPX,
1184 off_linktype + 2);
1185 gen_or(b0, b1);
1186 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1187 gen_and(b0, b1);
1188
1189 /*
1190 * Now check for 802.3 frames and OR that with
1191 * the previous test.
1192 */
1193 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_3);
1194 gen_or(b0, b1);
1195
1196 /*
1197 * Now add the check for Ethernet_II frames, and
1198 * do that before checking for the other frame
1199 * types.
1200 */
1201 b0 = gen_cmp(off_linktype, BPF_H,
1202 (bpf_int32)ETHERTYPE_IPX);
1203 gen_or(b0, b1);
1204 return b1;
1205
1206 case ETHERTYPE_ATALK:
1207 case ETHERTYPE_AARP:
1208 /*
1209 * EtherTalk (AppleTalk protocols on Ethernet link
1210 * layer) may use 802.2 encapsulation.
1211 */
1212
1213 /*
1214 * Check for 802.2 encapsulation (EtherTalk phase 2?);
1215 * we check for the 802.2 protocol type in the
1216 * "Ethernet type" field.
1217 */
1218 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1219
1220 /*
1221 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1222 * SNAP packets with an organization code of
1223 * 0x080007 (Apple, for Appletalk) and a protocol
1224 * type of ETHERTYPE_ATALK (Appletalk).
1225 *
1226 * 802.2-encapsulated ETHERTYPE_AARP packets are
1227 * SNAP packets with an organization code of
1228 * 0x000000 (encapsulated Ethernet) and a protocol
1229 * type of ETHERTYPE_AARP (Appletalk ARP).
1230 */
1231 if (proto == ETHERTYPE_ATALK)
1232 b1 = gen_snap(0x080007, ETHERTYPE_ATALK,
1233 off_linktype + 2);
1234 else /* proto == ETHERTYPE_AARP */
1235 b1 = gen_snap(0x000000, ETHERTYPE_AARP,
1236 off_linktype + 2);
1237 gen_and(b0, b1);
1238
1239 /*
1240 * Check for Ethernet encapsulation (Ethertalk
1241 * phase 1?); we just check for the Ethernet
1242 * protocol type.
1243 */
1244 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1245
1246 gen_or(b0, b1);
1247 return b1;
1248
1249 default:
1250 if (proto <= ETHERMTU) {
1251 /*
1252 * This is an LLC SAP value, so the frames
1253 * that match would be 802.2 frames.
1254 * Check for the 802.2 protocol type
1255 * in the "Ethernet type" field, and
1256 * then check the DSAP.
1257 */
1258 b0 = gen_cmp(off_linktype, BPF_H,
1259 LINUX_SLL_P_802_2);
1260 b1 = gen_cmp(off_linktype + 2, BPF_B,
1261 (bpf_int32)proto);
1262 gen_and(b0, b1);
1263 return b1;
1264 } else {
1265 /*
1266 * This is an Ethernet type, so compare
1267 * the length/type field with it (if
1268 * the frame is an 802.2 frame, the length
1269 * field will be <= ETHERMTU, and, as
1270 * "proto" is > ETHERMTU, this test
1271 * will fail and the frame won't match,
1272 * which is what we want).
1273 */
1274 return gen_cmp(off_linktype, BPF_H,
1275 (bpf_int32)proto);
1276 }
1277 }
1278 break;
1279
1280 case DLT_SLIP:
1281 case DLT_SLIP_BSDOS:
1282 case DLT_RAW:
1283 /*
1284 * These types don't provide any type field; packets
1285 * are always IP.
1286 *
1287 * XXX - for IPv4, check for a version number of 4, and,
1288 * for IPv6, check for a version number of 6?
1289 */
1290 switch (proto) {
1291
1292 case ETHERTYPE_IP:
1293 #ifdef INET6
1294 case ETHERTYPE_IPV6:
1295 #endif
1296 return gen_true(); /* always true */
1297
1298 default:
1299 return gen_false(); /* always false */
1300 }
1301 break;
1302
1303 case DLT_PPP:
1304 case DLT_PPP_SERIAL:
1305 case DLT_PPP_ETHER:
1306 /*
1307 * We use Ethernet protocol types inside libpcap;
1308 * map them to the corresponding PPP protocol types.
1309 */
1310 switch (proto) {
1311
1312 case ETHERTYPE_IP:
1313 proto = PPP_IP; /* XXX was 0x21 */
1314 break;
1315
1316 #ifdef INET6
1317 case ETHERTYPE_IPV6:
1318 proto = PPP_IPV6;
1319 break;
1320 #endif
1321
1322 case ETHERTYPE_DN:
1323 proto = PPP_DECNET;
1324 break;
1325
1326 case ETHERTYPE_ATALK:
1327 proto = PPP_APPLE;
1328 break;
1329
1330 case ETHERTYPE_NS:
1331 proto = PPP_NS;
1332 break;
1333
1334 case LLCSAP_ISONS:
1335 proto = PPP_OSI;
1336 break;
1337
1338 case LLCSAP_8021D:
1339 /*
1340 * I'm assuming the "Bridging PDU"s that go
1341 * over PPP are Spanning Tree Protocol
1342 * Bridging PDUs.
1343 */
1344 proto = PPP_BRPDU;
1345 break;
1346
1347 case LLCSAP_IPX:
1348 proto = PPP_IPX;
1349 break;
1350 }
1351 break;
1352
1353 case DLT_PPP_BSDOS:
1354 /*
1355 * We use Ethernet protocol types inside libpcap;
1356 * map them to the corresponding PPP protocol types.
1357 */
1358 switch (proto) {
1359
1360 case ETHERTYPE_IP:
1361 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP);
1362 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC);
1363 gen_or(b0, b1);
1364 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC);
1365 gen_or(b1, b0);
1366 return b0;
1367
1368 #ifdef INET6
1369 case ETHERTYPE_IPV6:
1370 proto = PPP_IPV6;
1371 /* more to go? */
1372 break;
1373 #endif
1374
1375 case ETHERTYPE_DN:
1376 proto = PPP_DECNET;
1377 break;
1378
1379 case ETHERTYPE_ATALK:
1380 proto = PPP_APPLE;
1381 break;
1382
1383 case ETHERTYPE_NS:
1384 proto = PPP_NS;
1385 break;
1386
1387 case LLCSAP_ISONS:
1388 proto = PPP_OSI;
1389 break;
1390
1391 case LLCSAP_8021D:
1392 /*
1393 * I'm assuming the "Bridging PDU"s that go
1394 * over PPP are Spanning Tree Protocol
1395 * Bridging PDUs.
1396 */
1397 proto = PPP_BRPDU;
1398 break;
1399
1400 case LLCSAP_IPX:
1401 proto = PPP_IPX;
1402 break;
1403 }
1404 break;
1405
1406 case DLT_NULL:
1407 case DLT_LOOP:
1408 /*
1409 * For DLT_NULL, the link-layer header is a 32-bit
1410 * word containing an AF_ value in *host* byte order.
1411 *
1412 * In addition, if we're reading a saved capture file,
1413 * the host byte order in the capture may not be the
1414 * same as the host byte order on this machine.
1415 *
1416 * For DLT_LOOP, the link-layer header is a 32-bit
1417 * word containing an AF_ value in *network* byte order.
1418 *
1419 * XXX - AF_ values may, unfortunately, be platform-
1420 * dependent; for example, FreeBSD's AF_INET6 is 24
1421 * whilst NetBSD's and OpenBSD's is 26.
1422 *
1423 * This means that, when reading a capture file, just
1424 * checking for our AF_INET6 value won't work if the
1425 * capture file came from another OS.
1426 */
1427 switch (proto) {
1428
1429 case ETHERTYPE_IP:
1430 proto = AF_INET;
1431 break;
1432
1433 #ifdef INET6
1434 case ETHERTYPE_IPV6:
1435 proto = AF_INET6;
1436 break;
1437 #endif
1438
1439 default:
1440 /*
1441 * Not a type on which we support filtering.
1442 * XXX - support those that have AF_ values
1443 * #defined on this platform, at least?
1444 */
1445 return gen_false();
1446 }
1447
1448 if (linktype == DLT_NULL) {
1449 /*
1450 * The AF_ value is in host byte order, but
1451 * the BPF interpreter will convert it to
1452 * network byte order.
1453 *
1454 * If this is a save file, and it's from a
1455 * machine with the opposite byte order to
1456 * ours, we byte-swap the AF_ value.
1457 *
1458 * Then we run it through "htonl()", and
1459 * generate code to compare against the result.
1460 */
1461 if (bpf_pcap->sf.rfile != NULL &&
1462 bpf_pcap->sf.swapped)
1463 proto = SWAPLONG(proto);
1464 proto = htonl(proto);
1465 }
1466 return (gen_cmp(0, BPF_W, (bpf_int32)proto));
1467
1468 case DLT_ARCNET:
1469 /*
1470 * XXX should we check for first fragment if the protocol
1471 * uses PHDS?
1472 */
1473 switch(proto) {
1474 default:
1475 return gen_false();
1476 #ifdef INET6
1477 case ETHERTYPE_IPV6:
1478 return(gen_cmp(2, BPF_B,
1479 (bpf_int32)htonl(ARCTYPE_INET6)));
1480 #endif /* INET6 */
1481 case ETHERTYPE_IP:
1482 b0 = gen_cmp(2, BPF_B, (bpf_int32)htonl(ARCTYPE_IP));
1483 b1 = gen_cmp(2, BPF_B,
1484 (bpf_int32)htonl(ARCTYPE_IP_OLD));
1485 gen_or(b0, b1);
1486 return(b1);
1487 case ETHERTYPE_ARP:
1488 b0 = gen_cmp(2, BPF_B, (bpf_int32)htonl(ARCTYPE_ARP));
1489 b1 = gen_cmp(2, BPF_B,
1490 (bpf_int32)htonl(ARCTYPE_ARP_OLD));
1491 gen_or(b0, b1);
1492 return(b1);
1493 case ETHERTYPE_REVARP:
1494 return(gen_cmp(2, BPF_B,
1495 (bpf_int32)htonl(ARCTYPE_REVARP)));
1496 case ETHERTYPE_ATALK:
1497 return(gen_cmp(2, BPF_B,
1498 (bpf_int32)htonl(ARCTYPE_ATALK)));
1499 }
1500 break;
1501
1502 case DLT_LTALK:
1503 switch (proto) {
1504 case ETHERTYPE_ATALK:
1505 return gen_true();
1506 default:
1507 return gen_false();
1508 }
1509 break;
1510
1511 case DLT_FRELAY:
1512 /*
1513 * XXX - assumes a 2-byte Frame Relay header with
1514 * DLCI and flags. What if the address is longer?
1515 */
1516 switch (proto) {
1517
1518 case ETHERTYPE_IP:
1519 /*
1520 * Check for the special NLPID for IP.
1521 */
1522 return gen_cmp(2, BPF_H, (0x03<<8) | 0xcc);
1523
1524 #ifdef INET6
1525 case ETHERTYPE_IPV6:
1526 /*
1527 * Check for the special NLPID for IPv6.
1528 */
1529 return gen_cmp(2, BPF_H, (0x03<<8) | 0x8e);
1530 #endif
1531
1532 case LLCSAP_ISONS:
1533 /*
1534 * Check for several OSI protocols.
1535 *
1536 * Frame Relay packets typically have an OSI
1537 * NLPID at the beginning; we check for each
1538 * of them.
1539 *
1540 * What we check for is the NLPID and a frame
1541 * control field of UI, i.e. 0x03 followed
1542 * by the NLPID.
1543 */
1544 b0 = gen_cmp(2, BPF_H, (0x03<<8) | ISO8473_CLNP);
1545 b1 = gen_cmp(2, BPF_H, (0x03<<8) | ISO9542_ESIS);
1546 b2 = gen_cmp(2, BPF_H, (0x03<<8) | ISO10589_ISIS);
1547 gen_or(b1, b2);
1548 gen_or(b0, b2);
1549 return b2;
1550
1551 default:
1552 return gen_false();
1553 }
1554 break;
1555 }
1556
1557 /*
1558 * All the types that have no encapsulation should either be
1559 * handled as DLT_SLIP, DLT_SLIP_BSDOS, and DLT_RAW are, if
1560 * all packets are IP packets, or should be handled in some
1561 * special case, if none of them are (if some are and some
1562 * aren't, the lack of encapsulation is a problem, as we'd
1563 * have to find some other way of determining the packet type).
1564 *
1565 * Therefore, if "off_linktype" is -1, there's an error.
1566 */
1567 if (off_linktype == -1)
1568 abort();
1569
1570 /*
1571 * Any type not handled above should always have an Ethernet
1572 * type at an offset of "off_linktype". (PPP is partially
1573 * handled above - the protocol type is mapped from the
1574 * Ethernet and LLC types we use internally to the corresponding
1575 * PPP type - but the PPP type is always specified by a value
1576 * at "off_linktype", so we don't have to do the code generation
1577 * above.)
1578 */
1579 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1580 }
1581
1582 /*
1583 * Check for an LLC SNAP packet with a given organization code and
1584 * protocol type; we check the entire contents of the 802.2 LLC and
1585 * snap headers, checking for DSAP and SSAP of SNAP and a control
1586 * field of 0x03 in the LLC header, and for the specified organization
1587 * code and protocol type in the SNAP header.
1588 */
1589 static struct block *
1590 gen_snap(orgcode, ptype, offset)
1591 bpf_u_int32 orgcode;
1592 bpf_u_int32 ptype;
1593 u_int offset;
1594 {
1595 u_char snapblock[8];
1596
1597 snapblock[0] = LLCSAP_SNAP; /* DSAP = SNAP */
1598 snapblock[1] = LLCSAP_SNAP; /* SSAP = SNAP */
1599 snapblock[2] = 0x03; /* control = UI */
1600 snapblock[3] = (orgcode >> 16); /* upper 8 bits of organization code */
1601 snapblock[4] = (orgcode >> 8); /* middle 8 bits of organization code */
1602 snapblock[5] = (orgcode >> 0); /* lower 8 bits of organization code */
1603 snapblock[6] = (ptype >> 8); /* upper 8 bits of protocol type */
1604 snapblock[7] = (ptype >> 0); /* lower 8 bits of protocol type */
1605 return gen_bcmp(offset, 8, snapblock);
1606 }
1607
1608 /*
1609 * Check for a given protocol value assuming an 802.2 LLC header.
1610 */
1611 static struct block *
1612 gen_llc(proto)
1613 int proto;
1614 {
1615 /*
1616 * XXX - handle token-ring variable-length header.
1617 */
1618 switch (proto) {
1619
1620 case LLCSAP_ISONS:
1621 return gen_cmp(off_linktype, BPF_H, (long)
1622 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
1623
1624 case LLCSAP_NETBEUI:
1625 return gen_cmp(off_linktype, BPF_H, (long)
1626 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
1627
1628 case LLCSAP_IPX:
1629 /*
1630 * XXX - are there ever SNAP frames for IPX on
1631 * non-Ethernet 802.x networks?
1632 */
1633 return gen_cmp(off_linktype, BPF_B, (bpf_int32)LLCSAP_IPX);
1634
1635 case ETHERTYPE_ATALK:
1636 /*
1637 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1638 * SNAP packets with an organization code of
1639 * 0x080007 (Apple, for Appletalk) and a protocol
1640 * type of ETHERTYPE_ATALK (Appletalk).
1641 *
1642 * XXX - check for an organization code of
1643 * encapsulated Ethernet as well?
1644 */
1645 return gen_snap(0x080007, ETHERTYPE_ATALK, off_linktype);
1646
1647 default:
1648 /*
1649 * XXX - we don't have to check for IPX 802.3
1650 * here, but should we check for the IPX Ethertype?
1651 */
1652 if (proto <= ETHERMTU) {
1653 /*
1654 * This is an LLC SAP value, so check
1655 * the DSAP.
1656 */
1657 return gen_cmp(off_linktype, BPF_B, (bpf_int32)proto);
1658 } else {
1659 /*
1660 * This is an Ethernet type; we assume that it's
1661 * unlikely that it'll appear in the right place
1662 * at random, and therefore check only the
1663 * location that would hold the Ethernet type
1664 * in a SNAP frame with an organization code of
1665 * 0x000000 (encapsulated Ethernet).
1666 *
1667 * XXX - if we were to check for the SNAP DSAP and
1668 * LSAP, as per XXX, and were also to check for an
1669 * organization code of 0x000000 (encapsulated
1670 * Ethernet), we'd do
1671 *
1672 * return gen_snap(0x000000, proto,
1673 * off_linktype);
1674 *
1675 * here; for now, we don't, as per the above.
1676 * I don't know whether it's worth the extra CPU
1677 * time to do the right check or not.
1678 */
1679 return gen_cmp(off_linktype+6, BPF_H, (bpf_int32)proto);
1680 }
1681 }
1682 }
1683
1684 static struct block *
1685 gen_hostop(addr, mask, dir, proto, src_off, dst_off)
1686 bpf_u_int32 addr;
1687 bpf_u_int32 mask;
1688 int dir, proto;
1689 u_int src_off, dst_off;
1690 {
1691 struct block *b0, *b1;
1692 u_int offset;
1693
1694 switch (dir) {
1695
1696 case Q_SRC:
1697 offset = src_off;
1698 break;
1699
1700 case Q_DST:
1701 offset = dst_off;
1702 break;
1703
1704 case Q_AND:
1705 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
1706 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
1707 gen_and(b0, b1);
1708 return b1;
1709
1710 case Q_OR:
1711 case Q_DEFAULT:
1712 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
1713 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
1714 gen_or(b0, b1);
1715 return b1;
1716
1717 default:
1718 abort();
1719 }
1720 b0 = gen_linktype(proto);
1721 b1 = gen_mcmp(offset, BPF_W, (bpf_int32)addr, mask);
1722 gen_and(b0, b1);
1723 return b1;
1724 }
1725
1726 #ifdef INET6
1727 static struct block *
1728 gen_hostop6(addr, mask, dir, proto, src_off, dst_off)
1729 struct in6_addr *addr;
1730 struct in6_addr *mask;
1731 int dir, proto;
1732 u_int src_off, dst_off;
1733 {
1734 struct block *b0, *b1;
1735 u_int offset;
1736 u_int32_t *a, *m;
1737
1738 switch (dir) {
1739
1740 case Q_SRC:
1741 offset = src_off;
1742 break;
1743
1744 case Q_DST:
1745 offset = dst_off;
1746 break;
1747
1748 case Q_AND:
1749 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
1750 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
1751 gen_and(b0, b1);
1752 return b1;
1753
1754 case Q_OR:
1755 case Q_DEFAULT:
1756 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
1757 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
1758 gen_or(b0, b1);
1759 return b1;
1760
1761 default:
1762 abort();
1763 }
1764 /* this order is important */
1765 a = (u_int32_t *)addr;
1766 m = (u_int32_t *)mask;
1767 b1 = gen_mcmp(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3]));
1768 b0 = gen_mcmp(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2]));
1769 gen_and(b0, b1);
1770 b0 = gen_mcmp(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1]));
1771 gen_and(b0, b1);
1772 b0 = gen_mcmp(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0]));
1773 gen_and(b0, b1);
1774 b0 = gen_linktype(proto);
1775 gen_and(b0, b1);
1776 return b1;
1777 }
1778 #endif /*INET6*/
1779
1780 static struct block *
1781 gen_ehostop(eaddr, dir)
1782 register const u_char *eaddr;
1783 register int dir;
1784 {
1785 register struct block *b0, *b1;
1786
1787 switch (dir) {
1788 case Q_SRC:
1789 return gen_bcmp(6, 6, eaddr);
1790
1791 case Q_DST:
1792 return gen_bcmp(0, 6, eaddr);
1793
1794 case Q_AND:
1795 b0 = gen_ehostop(eaddr, Q_SRC);
1796 b1 = gen_ehostop(eaddr, Q_DST);
1797 gen_and(b0, b1);
1798 return b1;
1799
1800 case Q_DEFAULT:
1801 case Q_OR:
1802 b0 = gen_ehostop(eaddr, Q_SRC);
1803 b1 = gen_ehostop(eaddr, Q_DST);
1804 gen_or(b0, b1);
1805 return b1;
1806 }
1807 abort();
1808 /* NOTREACHED */
1809 }
1810
1811 /*
1812 * Like gen_ehostop, but for DLT_FDDI
1813 */
1814 static struct block *
1815 gen_fhostop(eaddr, dir)
1816 register const u_char *eaddr;
1817 register int dir;
1818 {
1819 struct block *b0, *b1;
1820
1821 switch (dir) {
1822 case Q_SRC:
1823 #ifdef PCAP_FDDIPAD
1824 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr);
1825 #else
1826 return gen_bcmp(6 + 1, 6, eaddr);
1827 #endif
1828
1829 case Q_DST:
1830 #ifdef PCAP_FDDIPAD
1831 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr);
1832 #else
1833 return gen_bcmp(0 + 1, 6, eaddr);
1834 #endif
1835
1836 case Q_AND:
1837 b0 = gen_fhostop(eaddr, Q_SRC);
1838 b1 = gen_fhostop(eaddr, Q_DST);
1839 gen_and(b0, b1);
1840 return b1;
1841
1842 case Q_DEFAULT:
1843 case Q_OR:
1844 b0 = gen_fhostop(eaddr, Q_SRC);
1845 b1 = gen_fhostop(eaddr, Q_DST);
1846 gen_or(b0, b1);
1847 return b1;
1848 }
1849 abort();
1850 /* NOTREACHED */
1851 }
1852
1853 /*
1854 * Like gen_ehostop, but for DLT_IEEE802 (Token Ring)
1855 */
1856 static struct block *
1857 gen_thostop(eaddr, dir)
1858 register const u_char *eaddr;
1859 register int dir;
1860 {
1861 register struct block *b0, *b1;
1862
1863 switch (dir) {
1864 case Q_SRC:
1865 return gen_bcmp(8, 6, eaddr);
1866
1867 case Q_DST:
1868 return gen_bcmp(2, 6, eaddr);
1869
1870 case Q_AND:
1871 b0 = gen_thostop(eaddr, Q_SRC);
1872 b1 = gen_thostop(eaddr, Q_DST);
1873 gen_and(b0, b1);
1874 return b1;
1875
1876 case Q_DEFAULT:
1877 case Q_OR:
1878 b0 = gen_thostop(eaddr, Q_SRC);
1879 b1 = gen_thostop(eaddr, Q_DST);
1880 gen_or(b0, b1);
1881 return b1;
1882 }
1883 abort();
1884 /* NOTREACHED */
1885 }
1886
1887 /*
1888 * Like gen_ehostop, but for DLT_IEEE802_11 (802.11 wireless LAN)
1889 */
1890 static struct block *
1891 gen_wlanhostop(eaddr, dir)
1892 register const u_char *eaddr;
1893 register int dir;
1894 {
1895 register struct block *b0, *b1, *b2;
1896 register struct slist *s;
1897
1898 switch (dir) {
1899 case Q_SRC:
1900 /*
1901 * Oh, yuk.
1902 *
1903 * For control frames, there is no SA.
1904 *
1905 * For management frames, SA is at an
1906 * offset of 10 from the beginning of
1907 * the packet.
1908 *
1909 * For data frames, SA is at an offset
1910 * of 10 from the beginning of the packet
1911 * if From DS is clear, at an offset of
1912 * 16 from the beginning of the packet
1913 * if From DS is set and To DS is clear,
1914 * and an offset of 24 from the beginning
1915 * of the packet if From DS is set and To DS
1916 * is set.
1917 */
1918
1919 /*
1920 * Generate the tests to be done for data frames
1921 * with From DS set.
1922 *
1923 * First, check for To DS set, i.e. check "link[1] & 0x01".
1924 */
1925 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
1926 s->s.k = 1;
1927 b1 = new_block(JMP(BPF_JSET));
1928 b1->s.k = 0x01; /* To DS */
1929 b1->stmts = s;
1930
1931 /*
1932 * If To DS is set, the SA is at 24.
1933 */
1934 b0 = gen_bcmp(24, 6, eaddr);
1935 gen_and(b1, b0);
1936
1937 /*
1938 * Now, check for To DS not set, i.e. check
1939 * "!(link[1] & 0x01)".
1940 */
1941 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
1942 s->s.k = 1;
1943 b2 = new_block(JMP(BPF_JSET));
1944 b2->s.k = 0x01; /* To DS */
1945 b2->stmts = s;
1946 gen_not(b2);
1947
1948 /*
1949 * If To DS is not set, the SA is at 16.
1950 */
1951 b1 = gen_bcmp(16, 6, eaddr);
1952 gen_and(b2, b1);
1953
1954 /*
1955 * Now OR together the last two checks. That gives
1956 * the complete set of checks for data frames with
1957 * From DS set.
1958 */
1959 gen_or(b1, b0);
1960
1961 /*
1962 * Now check for From DS being set, and AND that with
1963 * the ORed-together checks.
1964 */
1965 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
1966 s->s.k = 1;
1967 b1 = new_block(JMP(BPF_JSET));
1968 b1->s.k = 0x02; /* From DS */
1969 b1->stmts = s;
1970 gen_and(b1, b0);
1971
1972 /*
1973 * Now check for data frames with From DS not set.
1974 */
1975 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
1976 s->s.k = 1;
1977 b2 = new_block(JMP(BPF_JSET));
1978 b2->s.k = 0x02; /* From DS */
1979 b2->stmts = s;
1980 gen_not(b2);
1981
1982 /*
1983 * If From DS isn't set, the SA is at 10.
1984 */
1985 b1 = gen_bcmp(10, 6, eaddr);
1986 gen_and(b2, b1);
1987
1988 /*
1989 * Now OR together the checks for data frames with
1990 * From DS not set and for data frames with From DS
1991 * set; that gives the checks done for data frames.
1992 */
1993 gen_or(b1, b0);
1994
1995 /*
1996 * Now check for a data frame.
1997 * I.e, check "link[0] & 0x08".
1998 */
1999 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2000 s->s.k = 0;
2001 b1 = new_block(JMP(BPF_JSET));
2002 b1->s.k = 0x08;
2003 b1->stmts = s;
2004
2005 /*
2006 * AND that with the checks done for data frames.
2007 */
2008 gen_and(b1, b0);
2009
2010 /*
2011 * If the high-order bit of the type value is 0, this
2012 * is a management frame.
2013 * I.e, check "!(link[0] & 0x08)".
2014 */
2015 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2016 s->s.k = 0;
2017 b2 = new_block(JMP(BPF_JSET));
2018 b2->s.k = 0x08;
2019 b2->stmts = s;
2020 gen_not(b2);
2021
2022 /*
2023 * For management frames, the SA is at 10.
2024 */
2025 b1 = gen_bcmp(10, 6, eaddr);
2026 gen_and(b2, b1);
2027
2028 /*
2029 * OR that with the checks done for data frames.
2030 * That gives the checks done for management and
2031 * data frames.
2032 */
2033 gen_or(b1, b0);
2034
2035 /*
2036 * If the low-order bit of the type value is 1,
2037 * this is either a control frame or a frame
2038 * with a reserved type, and thus not a
2039 * frame with an SA.
2040 *
2041 * I.e., check "!(link[0] & 0x04)".
2042 */
2043 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2044 s->s.k = 0;
2045 b1 = new_block(JMP(BPF_JSET));
2046 b1->s.k = 0x04;
2047 b1->stmts = s;
2048 gen_not(b1);
2049
2050 /*
2051 * AND that with the checks for data and management
2052 * frames.
2053 */
2054 gen_and(b1, b0);
2055 return b0;
2056
2057 case Q_DST:
2058 /*
2059 * Oh, yuk.
2060 *
2061 * For control frames, there is no DA.
2062 *
2063 * For management frames, DA is at an
2064 * offset of 4 from the beginning of
2065 * the packet.
2066 *
2067 * For data frames, DA is at an offset
2068 * of 4 from the beginning of the packet
2069 * if To DS is clear and at an offset of
2070 * 16 from the beginning of the packet
2071 * if To DS is set.
2072 */
2073
2074 /*
2075 * Generate the tests to be done for data frames.
2076 *
2077 * First, check for To DS set, i.e. "link[1] & 0x01".
2078 */
2079 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2080 s->s.k = 1;
2081 b1 = new_block(JMP(BPF_JSET));
2082 b1->s.k = 0x01; /* To DS */
2083 b1->stmts = s;
2084
2085 /*
2086 * If To DS is set, the DA is at 16.
2087 */
2088 b0 = gen_bcmp(16, 6, eaddr);
2089 gen_and(b1, b0);
2090
2091 /*
2092 * Now, check for To DS not set, i.e. check
2093 * "!(link[1] & 0x01)".
2094 */
2095 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2096 s->s.k = 1;
2097 b2 = new_block(JMP(BPF_JSET));
2098 b2->s.k = 0x01; /* To DS */
2099 b2->stmts = s;
2100 gen_not(b2);
2101
2102 /*
2103 * If To DS is not set, the DA is at 4.
2104 */
2105 b1 = gen_bcmp(4, 6, eaddr);
2106 gen_and(b2, b1);
2107
2108 /*
2109 * Now OR together the last two checks. That gives
2110 * the complete set of checks for data frames.
2111 */
2112 gen_or(b1, b0);
2113
2114 /*
2115 * Now check for a data frame.
2116 * I.e, check "link[0] & 0x08".
2117 */
2118 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2119 s->s.k = 0;
2120 b1 = new_block(JMP(BPF_JSET));
2121 b1->s.k = 0x08;
2122 b1->stmts = s;
2123
2124 /*
2125 * AND that with the checks done for data frames.
2126 */
2127 gen_and(b1, b0);
2128
2129 /*
2130 * If the high-order bit of the type value is 0, this
2131 * is a management frame.
2132 * I.e, check "!(link[0] & 0x08)".
2133 */
2134 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2135 s->s.k = 0;
2136 b2 = new_block(JMP(BPF_JSET));
2137 b2->s.k = 0x08;
2138 b2->stmts = s;
2139 gen_not(b2);
2140
2141 /*
2142 * For management frames, the DA is at 4.
2143 */
2144 b1 = gen_bcmp(4, 6, eaddr);
2145 gen_and(b2, b1);
2146
2147 /*
2148 * OR that with the checks done for data frames.
2149 * That gives the checks done for management and
2150 * data frames.
2151 */
2152 gen_or(b1, b0);
2153
2154 /*
2155 * If the low-order bit of the type value is 1,
2156 * this is either a control frame or a frame
2157 * with a reserved type, and thus not a
2158 * frame with an SA.
2159 *
2160 * I.e., check "!(link[0] & 0x04)".
2161 */
2162 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2163 s->s.k = 0;
2164 b1 = new_block(JMP(BPF_JSET));
2165 b1->s.k = 0x04;
2166 b1->stmts = s;
2167 gen_not(b1);
2168
2169 /*
2170 * AND that with the checks for data and management
2171 * frames.
2172 */
2173 gen_and(b1, b0);
2174 return b0;
2175
2176 case Q_AND:
2177 b0 = gen_wlanhostop(eaddr, Q_SRC);
2178 b1 = gen_wlanhostop(eaddr, Q_DST);
2179 gen_and(b0, b1);
2180 return b1;
2181
2182 case Q_DEFAULT:
2183 case Q_OR:
2184 b0 = gen_wlanhostop(eaddr, Q_SRC);
2185 b1 = gen_wlanhostop(eaddr, Q_DST);
2186 gen_or(b0, b1);
2187 return b1;
2188 }
2189 abort();
2190 /* NOTREACHED */
2191 }
2192
2193 /*
2194 * This is quite tricky because there may be pad bytes in front of the
2195 * DECNET header, and then there are two possible data packet formats that
2196 * carry both src and dst addresses, plus 5 packet types in a format that
2197 * carries only the src node, plus 2 types that use a different format and
2198 * also carry just the src node.
2199 *
2200 * Yuck.
2201 *
2202 * Instead of doing those all right, we just look for data packets with
2203 * 0 or 1 bytes of padding. If you want to look at other packets, that
2204 * will require a lot more hacking.
2205 *
2206 * To add support for filtering on DECNET "areas" (network numbers)
2207 * one would want to add a "mask" argument to this routine. That would
2208 * make the filter even more inefficient, although one could be clever
2209 * and not generate masking instructions if the mask is 0xFFFF.
2210 */
2211 static struct block *
2212 gen_dnhostop(addr, dir, base_off)
2213 bpf_u_int32 addr;
2214 int dir;
2215 u_int base_off;
2216 {
2217 struct block *b0, *b1, *b2, *tmp;
2218 u_int offset_lh; /* offset if long header is received */
2219 u_int offset_sh; /* offset if short header is received */
2220
2221 switch (dir) {
2222
2223 case Q_DST:
2224 offset_sh = 1; /* follows flags */
2225 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */
2226 break;
2227
2228 case Q_SRC:
2229 offset_sh = 3; /* follows flags, dstnode */
2230 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */
2231 break;
2232
2233 case Q_AND:
2234 /* Inefficient because we do our Calvinball dance twice */
2235 b0 = gen_dnhostop(addr, Q_SRC, base_off);
2236 b1 = gen_dnhostop(addr, Q_DST, base_off);
2237 gen_and(b0, b1);
2238 return b1;
2239
2240 case Q_OR:
2241 case Q_DEFAULT:
2242 /* Inefficient because we do our Calvinball dance twice */
2243 b0 = gen_dnhostop(addr, Q_SRC, base_off);
2244 b1 = gen_dnhostop(addr, Q_DST, base_off);
2245 gen_or(b0, b1);
2246 return b1;
2247
2248 case Q_ISO:
2249 bpf_error("ISO host filtering not implemented");
2250
2251 default:
2252 abort();
2253 }
2254 b0 = gen_linktype(ETHERTYPE_DN);
2255 /* Check for pad = 1, long header case */
2256 tmp = gen_mcmp(base_off + 2, BPF_H,
2257 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF));
2258 b1 = gen_cmp(base_off + 2 + 1 + offset_lh,
2259 BPF_H, (bpf_int32)ntohs(addr));
2260 gen_and(tmp, b1);
2261 /* Check for pad = 0, long header case */
2262 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7);
2263 b2 = gen_cmp(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr));
2264 gen_and(tmp, b2);
2265 gen_or(b2, b1);
2266 /* Check for pad = 1, short header case */
2267 tmp = gen_mcmp(base_off + 2, BPF_H,
2268 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF));
2269 b2 = gen_cmp(base_off + 2 + 1 + offset_sh,
2270 BPF_H, (bpf_int32)ntohs(addr));
2271 gen_and(tmp, b2);
2272 gen_or(b2, b1);
2273 /* Check for pad = 0, short header case */
2274 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7);
2275 b2 = gen_cmp(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr));
2276 gen_and(tmp, b2);
2277 gen_or(b2, b1);
2278
2279 /* Combine with test for linktype */
2280 gen_and(b0, b1);
2281 return b1;
2282 }
2283
2284 static struct block *
2285 gen_host(addr, mask, proto, dir)
2286 bpf_u_int32 addr;
2287 bpf_u_int32 mask;
2288 int proto;
2289 int dir;
2290 {
2291 struct block *b0, *b1;
2292
2293 switch (proto) {
2294
2295 case Q_DEFAULT:
2296 b0 = gen_host(addr, mask, Q_IP, dir);
2297 if (off_linktype != -1) {
2298 b1 = gen_host(addr, mask, Q_ARP, dir);
2299 gen_or(b0, b1);
2300 b0 = gen_host(addr, mask, Q_RARP, dir);
2301 gen_or(b1, b0);
2302 }
2303 return b0;
2304
2305 case Q_IP:
2306 return gen_hostop(addr, mask, dir, ETHERTYPE_IP,
2307 off_nl + 12, off_nl + 16);
2308
2309 case Q_RARP:
2310 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP,
2311 off_nl + 14, off_nl + 24);
2312
2313 case Q_ARP:
2314 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP,
2315 off_nl + 14, off_nl + 24);
2316
2317 case Q_TCP:
2318 bpf_error("'tcp' modifier applied to host");
2319
2320 case Q_SCTP:
2321 bpf_error("'sctp' modifier applied to host");
2322
2323 case Q_UDP:
2324 bpf_error("'udp' modifier applied to host");
2325
2326 case Q_ICMP:
2327 bpf_error("'icmp' modifier applied to host");
2328
2329 case Q_IGMP:
2330 bpf_error("'igmp' modifier applied to host");
2331
2332 case Q_IGRP:
2333 bpf_error("'igrp' modifier applied to host");
2334
2335 case Q_PIM:
2336 bpf_error("'pim' modifier applied to host");
2337
2338 case Q_VRRP:
2339 bpf_error("'vrrp' modifier applied to host");
2340
2341 case Q_ATALK:
2342 bpf_error("ATALK host filtering not implemented");
2343
2344 case Q_AARP:
2345 bpf_error("AARP host filtering not implemented");
2346
2347 case Q_DECNET:
2348 return gen_dnhostop(addr, dir, off_nl);
2349
2350 case Q_SCA:
2351 bpf_error("SCA host filtering not implemented");
2352
2353 case Q_LAT:
2354 bpf_error("LAT host filtering not implemented");
2355
2356 case Q_MOPDL:
2357 bpf_error("MOPDL host filtering not implemented");
2358
2359 case Q_MOPRC:
2360 bpf_error("MOPRC host filtering not implemented");
2361
2362 #ifdef INET6
2363 case Q_IPV6:
2364 bpf_error("'ip6' modifier applied to ip host");
2365
2366 case Q_ICMPV6:
2367 bpf_error("'icmp6' modifier applied to host");
2368 #endif /* INET6 */
2369
2370 case Q_AH:
2371 bpf_error("'ah' modifier applied to host");
2372
2373 case Q_ESP:
2374 bpf_error("'esp' modifier applied to host");
2375
2376 case Q_ISO:
2377 bpf_error("ISO host filtering not implemented");
2378
2379 case Q_ESIS:
2380 bpf_error("'esis' modifier applied to host");
2381
2382 case Q_ISIS:
2383 bpf_error("'isis' modifier applied to host");
2384
2385 case Q_CLNP:
2386 bpf_error("'clnp' modifier applied to host");
2387
2388 case Q_STP:
2389 bpf_error("'stp' modifier applied to host");
2390
2391 case Q_IPX:
2392 bpf_error("IPX host filtering not implemented");
2393
2394 case Q_NETBEUI:
2395 bpf_error("'netbeui' modifier applied to host");
2396
2397 default:
2398 abort();
2399 }
2400 /* NOTREACHED */
2401 }
2402
2403 #ifdef INET6
2404 static struct block *
2405 gen_host6(addr, mask, proto, dir)
2406 struct in6_addr *addr;
2407 struct in6_addr *mask;
2408 int proto;
2409 int dir;
2410 {
2411 switch (proto) {
2412
2413 case Q_DEFAULT:
2414 return gen_host6(addr, mask, Q_IPV6, dir);
2415
2416 case Q_IP:
2417 bpf_error("'ip' modifier applied to ip6 host");
2418
2419 case Q_RARP:
2420 bpf_error("'rarp' modifier applied to ip6 host");
2421
2422 case Q_ARP:
2423 bpf_error("'arp' modifier applied to ip6 host");
2424
2425 case Q_SCTP:
2426 bpf_error("'sctp' modifier applied to host");
2427
2428 case Q_TCP:
2429 bpf_error("'tcp' modifier applied to host");
2430
2431 case Q_UDP:
2432 bpf_error("'udp' modifier applied to host");
2433
2434 case Q_ICMP:
2435 bpf_error("'icmp' modifier applied to host");
2436
2437 case Q_IGMP:
2438 bpf_error("'igmp' modifier applied to host");
2439
2440 case Q_IGRP:
2441 bpf_error("'igrp' modifier applied to host");
2442
2443 case Q_PIM:
2444 bpf_error("'pim' modifier applied to host");
2445
2446 case Q_VRRP:
2447 bpf_error("'vrrp' modifier applied to host");
2448
2449 case Q_ATALK:
2450 bpf_error("ATALK host filtering not implemented");
2451
2452 case Q_AARP:
2453 bpf_error("AARP host filtering not implemented");
2454
2455 case Q_DECNET:
2456 bpf_error("'decnet' modifier applied to ip6 host");
2457
2458 case Q_SCA:
2459 bpf_error("SCA host filtering not implemented");
2460
2461 case Q_LAT:
2462 bpf_error("LAT host filtering not implemented");
2463
2464 case Q_MOPDL:
2465 bpf_error("MOPDL host filtering not implemented");
2466
2467 case Q_MOPRC:
2468 bpf_error("MOPRC host filtering not implemented");
2469
2470 case Q_IPV6:
2471 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6,
2472 off_nl + 8, off_nl + 24);
2473
2474 case Q_ICMPV6:
2475 bpf_error("'icmp6' modifier applied to host");
2476
2477 case Q_AH:
2478 bpf_error("'ah' modifier applied to host");
2479
2480 case Q_ESP:
2481 bpf_error("'esp' modifier applied to host");
2482
2483 case Q_ISO:
2484 bpf_error("ISO host filtering not implemented");
2485
2486 case Q_ESIS:
2487 bpf_error("'esis' modifier applied to host");
2488
2489 case Q_ISIS:
2490 bpf_error("'isis' modifier applied to host");
2491
2492 case Q_CLNP:
2493 bpf_error("'clnp' modifier applied to host");
2494
2495 case Q_STP:
2496 bpf_error("'stp' modifier applied to host");
2497
2498 case Q_IPX:
2499 bpf_error("IPX host filtering not implemented");
2500
2501 case Q_NETBEUI:
2502 bpf_error("'netbeui' modifier applied to host");
2503
2504 default:
2505 abort();
2506 }
2507 /* NOTREACHED */
2508 }
2509 #endif /*INET6*/
2510
2511 #ifndef INET6
2512 static struct block *
2513 gen_gateway(eaddr, alist, proto, dir)
2514 const u_char *eaddr;
2515 bpf_u_int32 **alist;
2516 int proto;
2517 int dir;
2518 {
2519 struct block *b0, *b1, *tmp;
2520
2521 if (dir != 0)
2522 bpf_error("direction applied to 'gateway'");
2523
2524 switch (proto) {
2525 case Q_DEFAULT:
2526 case Q_IP:
2527 case Q_ARP:
2528 case Q_RARP:
2529 if (linktype == DLT_EN10MB)
2530 b0 = gen_ehostop(eaddr, Q_OR);
2531 else if (linktype == DLT_FDDI)
2532 b0 = gen_fhostop(eaddr, Q_OR);
2533 else if (linktype == DLT_IEEE802)
2534 b0 = gen_thostop(eaddr, Q_OR);
2535 else if (linktype == DLT_IEEE802_11)
2536 b0 = gen_wlanhostop(eaddr, Q_OR);
2537 else
2538 bpf_error(
2539 "'gateway' supported only on ethernet/FDDI/token ring/802.11");
2540
2541 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR);
2542 while (*alist) {
2543 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR);
2544 gen_or(b1, tmp);
2545 b1 = tmp;
2546 }
2547 gen_not(b1);
2548 gen_and(b0, b1);
2549 return b1;
2550 }
2551 bpf_error("illegal modifier of 'gateway'");
2552 /* NOTREACHED */
2553 }
2554 #endif
2555
2556 struct block *
2557 gen_proto_abbrev(proto)
2558 int proto;
2559 {
2560 #ifdef INET6
2561 struct block *b0;
2562 #endif
2563 struct block *b1;
2564
2565 switch (proto) {
2566
2567 case Q_SCTP:
2568 b1 = gen_proto(IPPROTO_SCTP, Q_IP, Q_DEFAULT);
2569 #ifdef INET6
2570 b0 = gen_proto(IPPROTO_SCTP, Q_IPV6, Q_DEFAULT);
2571 gen_or(b0, b1);
2572 #endif
2573 break;
2574
2575 case Q_TCP:
2576 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT);
2577 #ifdef INET6
2578 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT);
2579 gen_or(b0, b1);
2580 #endif
2581 break;
2582
2583 case Q_UDP:
2584 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT);
2585 #ifdef INET6
2586 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT);
2587 gen_or(b0, b1);
2588 #endif
2589 break;
2590
2591 case Q_ICMP:
2592 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT);
2593 break;
2594
2595 #ifndef IPPROTO_IGMP
2596 #define IPPROTO_IGMP 2
2597 #endif
2598
2599 case Q_IGMP:
2600 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT);
2601 break;
2602
2603 #ifndef IPPROTO_IGRP
2604 #define IPPROTO_IGRP 9
2605 #endif
2606 case Q_IGRP:
2607 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT);
2608 break;
2609
2610 #ifndef IPPROTO_PIM
2611 #define IPPROTO_PIM 103
2612 #endif
2613
2614 case Q_PIM:
2615 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT);
2616 #ifdef INET6
2617 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT);
2618 gen_or(b0, b1);
2619 #endif
2620 break;
2621
2622 #ifndef IPPROTO_VRRP
2623 #define IPPROTO_VRRP 112
2624 #endif
2625
2626 case Q_VRRP:
2627 b1 = gen_proto(IPPROTO_VRRP, Q_IP, Q_DEFAULT);
2628 break;
2629
2630 case Q_IP:
2631 b1 = gen_linktype(ETHERTYPE_IP);
2632 break;
2633
2634 case Q_ARP:
2635 b1 = gen_linktype(ETHERTYPE_ARP);
2636 break;
2637
2638 case Q_RARP:
2639 b1 = gen_linktype(ETHERTYPE_REVARP);
2640 break;
2641
2642 case Q_LINK:
2643 bpf_error("link layer applied in wrong context");
2644
2645 case Q_ATALK:
2646 b1 = gen_linktype(ETHERTYPE_ATALK);
2647 break;
2648
2649 case Q_AARP:
2650 b1 = gen_linktype(ETHERTYPE_AARP);
2651 break;
2652
2653 case Q_DECNET:
2654 b1 = gen_linktype(ETHERTYPE_DN);
2655 break;
2656
2657 case Q_SCA:
2658 b1 = gen_linktype(ETHERTYPE_SCA);
2659 break;
2660
2661 case Q_LAT:
2662 b1 = gen_linktype(ETHERTYPE_LAT);
2663 break;
2664
2665 case Q_MOPDL:
2666 b1 = gen_linktype(ETHERTYPE_MOPDL);
2667 break;
2668
2669 case Q_MOPRC:
2670 b1 = gen_linktype(ETHERTYPE_MOPRC);
2671 break;
2672
2673 #ifdef INET6
2674 case Q_IPV6:
2675 b1 = gen_linktype(ETHERTYPE_IPV6);
2676 break;
2677
2678 #ifndef IPPROTO_ICMPV6
2679 #define IPPROTO_ICMPV6 58
2680 #endif
2681 case Q_ICMPV6:
2682 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT);
2683 break;
2684 #endif /* INET6 */
2685
2686 #ifndef IPPROTO_AH
2687 #define IPPROTO_AH 51
2688 #endif
2689 case Q_AH:
2690 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT);
2691 #ifdef INET6
2692 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT);
2693 gen_or(b0, b1);
2694 #endif
2695 break;
2696
2697 #ifndef IPPROTO_ESP
2698 #define IPPROTO_ESP 50
2699 #endif
2700 case Q_ESP:
2701 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT);
2702 #ifdef INET6
2703 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT);
2704 gen_or(b0, b1);
2705 #endif
2706 break;
2707
2708 case Q_ISO:
2709 b1 = gen_linktype(LLCSAP_ISONS);
2710 break;
2711
2712 case Q_ESIS:
2713 b1 = gen_proto(ISO9542_ESIS, Q_ISO, Q_DEFAULT);
2714 break;
2715
2716 case Q_ISIS:
2717 b1 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT);
2718 break;
2719
2720 case Q_CLNP:
2721 b1 = gen_proto(ISO8473_CLNP, Q_ISO, Q_DEFAULT);
2722 break;
2723
2724 case Q_STP:
2725 b1 = gen_linktype(LLCSAP_8021D);
2726 break;
2727
2728 case Q_IPX:
2729 b1 = gen_linktype(LLCSAP_IPX);
2730 break;
2731
2732 case Q_NETBEUI:
2733 b1 = gen_linktype(LLCSAP_NETBEUI);
2734 break;
2735
2736 default:
2737 abort();
2738 }
2739 return b1;
2740 }
2741
2742 static struct block *
2743 gen_ipfrag()
2744 {
2745 struct slist *s;
2746 struct block *b;
2747
2748 /* not ip frag */
2749 s = new_stmt(BPF_LD|BPF_H|BPF_ABS);
2750 s->s.k = off_nl + 6;
2751 b = new_block(JMP(BPF_JSET));
2752 b->s.k = 0x1fff;
2753 b->stmts = s;
2754 gen_not(b);
2755
2756 return b;
2757 }
2758
2759 static struct block *
2760 gen_portatom(off, v)
2761 int off;
2762 bpf_int32 v;
2763 {
2764 struct slist *s;
2765 struct block *b;
2766
2767 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
2768 s->s.k = off_nl;
2769
2770 s->next = new_stmt(BPF_LD|BPF_IND|BPF_H);
2771 s->next->s.k = off_nl + off;
2772
2773 b = new_block(JMP(BPF_JEQ));
2774 b->stmts = s;
2775 b->s.k = v;
2776
2777 return b;
2778 }
2779
2780 #ifdef INET6
2781 static struct block *
2782 gen_portatom6(off, v)
2783 int off;
2784 bpf_int32 v;
2785 {
2786 return gen_cmp(off_nl + 40 + off, BPF_H, v);
2787 }
2788 #endif/*INET6*/
2789
2790 struct block *
2791 gen_portop(port, proto, dir)
2792 int port, proto, dir;
2793 {
2794 struct block *b0, *b1, *tmp;
2795
2796 /* ip proto 'proto' */
2797 tmp = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)proto);
2798 b0 = gen_ipfrag();
2799 gen_and(tmp, b0);
2800
2801 switch (dir) {
2802 case Q_SRC:
2803 b1 = gen_portatom(0, (bpf_int32)port);
2804 break;
2805
2806 case Q_DST:
2807 b1 = gen_portatom(2, (bpf_int32)port);
2808 break;
2809
2810 case Q_OR:
2811 case Q_DEFAULT:
2812 tmp = gen_portatom(0, (bpf_int32)port);
2813 b1 = gen_portatom(2, (bpf_int32)port);
2814 gen_or(tmp, b1);
2815 break;
2816
2817 case Q_AND:
2818 tmp = gen_portatom(0, (bpf_int32)port);
2819 b1 = gen_portatom(2, (bpf_int32)port);
2820 gen_and(tmp, b1);
2821 break;
2822
2823 default:
2824 abort();
2825 }
2826 gen_and(b0, b1);
2827
2828 return b1;
2829 }
2830
2831 static struct block *
2832 gen_port(port, ip_proto, dir)
2833 int port;
2834 int ip_proto;
2835 int dir;
2836 {
2837 struct block *b0, *b1, *tmp;
2838
2839 /* ether proto ip */
2840 b0 = gen_linktype(ETHERTYPE_IP);
2841
2842 switch (ip_proto) {
2843 case IPPROTO_UDP:
2844 case IPPROTO_TCP:
2845 case IPPROTO_SCTP:
2846 b1 = gen_portop(port, ip_proto, dir);
2847 break;
2848
2849 case PROTO_UNDEF:
2850 tmp = gen_portop(port, IPPROTO_TCP, dir);
2851 b1 = gen_portop(port, IPPROTO_UDP, dir);
2852 gen_or(tmp, b1);
2853 tmp = gen_portop(port, IPPROTO_SCTP, dir);
2854 gen_or(tmp, b1);
2855 break;
2856
2857 default:
2858 abort();
2859 }
2860 gen_and(b0, b1);
2861 return b1;
2862 }
2863
2864 #ifdef INET6
2865 struct block *
2866 gen_portop6(port, proto, dir)
2867 int port, proto, dir;
2868 {
2869 struct block *b0, *b1, *tmp;
2870
2871 /* ip proto 'proto' */
2872 b0 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)proto);
2873
2874 switch (dir) {
2875 case Q_SRC:
2876 b1 = gen_portatom6(0, (bpf_int32)port);
2877 break;
2878
2879 case Q_DST:
2880 b1 = gen_portatom6(2, (bpf_int32)port);
2881 break;
2882
2883 case Q_OR:
2884 case Q_DEFAULT:
2885 tmp = gen_portatom6(0, (bpf_int32)port);
2886 b1 = gen_portatom6(2, (bpf_int32)port);
2887 gen_or(tmp, b1);
2888 break;
2889
2890 case Q_AND:
2891 tmp = gen_portatom6(0, (bpf_int32)port);
2892 b1 = gen_portatom6(2, (bpf_int32)port);
2893 gen_and(tmp, b1);
2894 break;
2895
2896 default:
2897 abort();
2898 }
2899 gen_and(b0, b1);
2900
2901 return b1;
2902 }
2903
2904 static struct block *
2905 gen_port6(port, ip_proto, dir)
2906 int port;
2907 int ip_proto;
2908 int dir;
2909 {
2910 struct block *b0, *b1, *tmp;
2911
2912 /* ether proto ip */
2913 b0 = gen_linktype(ETHERTYPE_IPV6);
2914
2915 switch (ip_proto) {
2916 case IPPROTO_UDP:
2917 case IPPROTO_TCP:
2918 case IPPROTO_SCTP:
2919 b1 = gen_portop6(port, ip_proto, dir);
2920 break;
2921
2922 case PROTO_UNDEF:
2923 tmp = gen_portop6(port, IPPROTO_TCP, dir);
2924 b1 = gen_portop6(port, IPPROTO_UDP, dir);
2925 gen_or(tmp, b1);
2926 tmp = gen_portop6(port, IPPROTO_SCTP, dir);
2927 gen_or(tmp, b1);
2928 break;
2929
2930 default:
2931 abort();
2932 }
2933 gen_and(b0, b1);
2934 return b1;
2935 }
2936 #endif /* INET6 */
2937
2938 static int
2939 lookup_proto(name, proto)
2940 register const char *name;
2941 register int proto;
2942 {
2943 register int v;
2944
2945 switch (proto) {
2946
2947 case Q_DEFAULT:
2948 case Q_IP:
2949 case Q_IPV6:
2950 v = pcap_nametoproto(name);
2951 if (v == PROTO_UNDEF)
2952 bpf_error("unknown ip proto '%s'", name);
2953 break;
2954
2955 case Q_LINK:
2956 /* XXX should look up h/w protocol type based on linktype */
2957 v = pcap_nametoeproto(name);
2958 if (v == PROTO_UNDEF)
2959 bpf_error("unknown ether proto '%s'", name);
2960 break;
2961
2962 case Q_ISO:
2963 if (strcmp(name, "esis") == 0)
2964 v = ISO9542_ESIS;
2965 else if (strcmp(name, "isis") == 0)
2966 v = ISO10589_ISIS;
2967 else if (strcmp(name, "clnp") == 0)
2968 v = ISO8473_CLNP;
2969 else
2970 bpf_error("unknown osi proto '%s'", name);
2971 break;
2972
2973 default:
2974 v = PROTO_UNDEF;
2975 break;
2976 }
2977 return v;
2978 }
2979
2980 #if 0
2981 struct stmt *
2982 gen_joinsp(s, n)
2983 struct stmt **s;
2984 int n;
2985 {
2986 return NULL;
2987 }
2988 #endif
2989
2990 static struct block *
2991 gen_protochain(v, proto, dir)
2992 int v;
2993 int proto;
2994 int dir;
2995 {
2996 #ifdef NO_PROTOCHAIN
2997 return gen_proto(v, proto, dir);
2998 #else
2999 struct block *b0, *b;
3000 struct slist *s[100];
3001 int fix2, fix3, fix4, fix5;
3002 int ahcheck, again, end;
3003 int i, max;
3004 int reg2 = alloc_reg();
3005
3006 memset(s, 0, sizeof(s));
3007 fix2 = fix3 = fix4 = fix5 = 0;
3008
3009 switch (proto) {
3010 case Q_IP:
3011 case Q_IPV6:
3012 break;
3013 case Q_DEFAULT:
3014 b0 = gen_protochain(v, Q_IP, dir);
3015 b = gen_protochain(v, Q_IPV6, dir);
3016 gen_or(b0, b);
3017 return b;
3018 default:
3019 bpf_error("bad protocol applied for 'protochain'");
3020 /*NOTREACHED*/
3021 }
3022
3023 no_optimize = 1; /*this code is not compatible with optimzer yet */
3024
3025 /*
3026 * s[0] is a dummy entry to protect other BPF insn from damaged
3027 * by s[fix] = foo with uninitialized variable "fix". It is somewhat
3028 * hard to find interdependency made by jump table fixup.
3029 */
3030 i = 0;
3031 s[i] = new_stmt(0); /*dummy*/
3032 i++;
3033
3034 switch (proto) {
3035 case Q_IP:
3036 b0 = gen_linktype(ETHERTYPE_IP);
3037
3038 /* A = ip->ip_p */
3039 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
3040 s[i]->s.k = off_nl + 9;
3041 i++;
3042 /* X = ip->ip_hl << 2 */
3043 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
3044 s[i]->s.k = off_nl;
3045 i++;
3046 break;
3047 #ifdef INET6
3048 case Q_IPV6:
3049 b0 = gen_linktype(ETHERTYPE_IPV6);
3050
3051 /* A = ip6->ip_nxt */
3052 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
3053 s[i]->s.k = off_nl + 6;
3054 i++;
3055 /* X = sizeof(struct ip6_hdr) */
3056 s[i] = new_stmt(BPF_LDX|BPF_IMM);
3057 s[i]->s.k = 40;
3058 i++;
3059 break;
3060 #endif
3061 default:
3062 bpf_error("unsupported proto to gen_protochain");
3063 /*NOTREACHED*/
3064 }
3065
3066 /* again: if (A == v) goto end; else fall through; */
3067 again = i;
3068 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3069 s[i]->s.k = v;
3070 s[i]->s.jt = NULL; /*later*/
3071 s[i]->s.jf = NULL; /*update in next stmt*/
3072 fix5 = i;
3073 i++;
3074
3075 #ifndef IPPROTO_NONE
3076 #define IPPROTO_NONE 59
3077 #endif
3078 /* if (A == IPPROTO_NONE) goto end */
3079 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3080 s[i]->s.jt = NULL; /*later*/
3081 s[i]->s.jf = NULL; /*update in next stmt*/
3082 s[i]->s.k = IPPROTO_NONE;
3083 s[fix5]->s.jf = s[i];
3084 fix2 = i;
3085 i++;
3086
3087 #ifdef INET6
3088 if (proto == Q_IPV6) {
3089 int v6start, v6end, v6advance, j;
3090
3091 v6start = i;
3092 /* if (A == IPPROTO_HOPOPTS) goto v6advance */
3093 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3094 s[i]->s.jt = NULL; /*later*/
3095 s[i]->s.jf = NULL; /*update in next stmt*/
3096 s[i]->s.k = IPPROTO_HOPOPTS;
3097 s[fix2]->s.jf = s[i];
3098 i++;
3099 /* if (A == IPPROTO_DSTOPTS) goto v6advance */
3100 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3101 s[i]->s.jt = NULL; /*later*/
3102 s[i]->s.jf = NULL; /*update in next stmt*/
3103 s[i]->s.k = IPPROTO_DSTOPTS;
3104 i++;
3105 /* if (A == IPPROTO_ROUTING) goto v6advance */
3106 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3107 s[i]->s.jt = NULL; /*later*/
3108 s[i]->s.jf = NULL; /*update in next stmt*/
3109 s[i]->s.k = IPPROTO_ROUTING;
3110 i++;
3111 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */
3112 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3113 s[i]->s.jt = NULL; /*later*/
3114 s[i]->s.jf = NULL; /*later*/
3115 s[i]->s.k = IPPROTO_FRAGMENT;
3116 fix3 = i;
3117 v6end = i;
3118 i++;
3119
3120 /* v6advance: */
3121 v6advance = i;
3122
3123 /*
3124 * in short,
3125 * A = P[X];
3126 * X = X + (P[X + 1] + 1) * 8;
3127 */
3128 /* A = X */
3129 s[i] = new_stmt(BPF_MISC|BPF_TXA);
3130 i++;
3131 /* A = P[X + packet head] */
3132 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
3133 s[i]->s.k = off_nl;
3134 i++;
3135 /* MEM[reg2] = A */
3136 s[i] = new_stmt(BPF_ST);
3137 s[i]->s.k = reg2;
3138 i++;
3139 /* A = X */
3140 s[i] = new_stmt(BPF_MISC|BPF_TXA);
3141 i++;
3142 /* A += 1 */
3143 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3144 s[i]->s.k = 1;
3145 i++;
3146 /* X = A */
3147 s[i] = new_stmt(BPF_MISC|BPF_TAX);
3148 i++;
3149 /* A = P[X + packet head]; */
3150 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
3151 s[i]->s.k = off_nl;
3152 i++;
3153 /* A += 1 */
3154 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3155 s[i]->s.k = 1;
3156 i++;
3157 /* A *= 8 */
3158 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
3159 s[i]->s.k = 8;
3160 i++;
3161 /* X = A; */
3162 s[i] = new_stmt(BPF_MISC|BPF_TAX);
3163 i++;
3164 /* A = MEM[reg2] */
3165 s[i] = new_stmt(BPF_LD|BPF_MEM);
3166 s[i]->s.k = reg2;
3167 i++;
3168
3169 /* goto again; (must use BPF_JA for backward jump) */
3170 s[i] = new_stmt(BPF_JMP|BPF_JA);
3171 s[i]->s.k = again - i - 1;
3172 s[i - 1]->s.jf = s[i];
3173 i++;
3174
3175 /* fixup */
3176 for (j = v6start; j <= v6end; j++)
3177 s[j]->s.jt = s[v6advance];
3178 } else
3179 #endif
3180 {
3181 /* nop */
3182 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3183 s[i]->s.k = 0;
3184 s[fix2]->s.jf = s[i];
3185 i++;
3186 }
3187
3188 /* ahcheck: */
3189 ahcheck = i;
3190 /* if (A == IPPROTO_AH) then fall through; else goto end; */
3191 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3192 s[i]->s.jt = NULL; /*later*/
3193 s[i]->s.jf = NULL; /*later*/
3194 s[i]->s.k = IPPROTO_AH;
3195 if (fix3)
3196 s[fix3]->s.jf = s[ahcheck];
3197 fix4 = i;
3198 i++;
3199
3200 /*
3201 * in short,
3202 * A = P[X];
3203 * X = X + (P[X + 1] + 2) * 4;
3204 */
3205 /* A = X */
3206 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
3207 i++;
3208 /* A = P[X + packet head]; */
3209 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
3210 s[i]->s.k = off_nl;
3211 i++;
3212 /* MEM[reg2] = A */
3213 s[i] = new_stmt(BPF_ST);
3214 s[i]->s.k = reg2;
3215 i++;
3216 /* A = X */
3217 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
3218 i++;
3219 /* A += 1 */
3220 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3221 s[i]->s.k = 1;
3222 i++;
3223 /* X = A */
3224 s[i] = new_stmt(BPF_MISC|BPF_TAX);
3225 i++;
3226 /* A = P[X + packet head] */
3227 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
3228 s[i]->s.k = off_nl;
3229 i++;
3230 /* A += 2 */
3231 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3232 s[i]->s.k = 2;
3233 i++;
3234 /* A *= 4 */
3235 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
3236 s[i]->s.k = 4;
3237 i++;
3238 /* X = A; */
3239 s[i] = new_stmt(BPF_MISC|BPF_TAX);
3240 i++;
3241 /* A = MEM[reg2] */
3242 s[i] = new_stmt(BPF_LD|BPF_MEM);
3243 s[i]->s.k = reg2;
3244 i++;
3245
3246 /* goto again; (must use BPF_JA for backward jump) */
3247 s[i] = new_stmt(BPF_JMP|BPF_JA);
3248 s[i]->s.k = again - i - 1;
3249 i++;
3250
3251 /* end: nop */
3252 end = i;
3253 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3254 s[i]->s.k = 0;
3255 s[fix2]->s.jt = s[end];
3256 s[fix4]->s.jf = s[end];
3257 s[fix5]->s.jt = s[end];
3258 i++;
3259
3260 /*
3261 * make slist chain
3262 */
3263 max = i;
3264 for (i = 0; i < max - 1; i++)
3265 s[i]->next = s[i + 1];
3266 s[max - 1]->next = NULL;
3267
3268 /*
3269 * emit final check
3270 */
3271 b = new_block(JMP(BPF_JEQ));
3272 b->stmts = s[1]; /*remember, s[0] is dummy*/
3273 b->s.k = v;
3274
3275 free_reg(reg2);
3276
3277 gen_and(b0, b);
3278 return b;
3279 #endif
3280 }
3281
3282 static struct block *
3283 gen_proto(v, proto, dir)
3284 int v;
3285 int proto;
3286 int dir;
3287 {
3288 struct block *b0, *b1;
3289
3290 if (dir != Q_DEFAULT)
3291 bpf_error("direction applied to 'proto'");
3292
3293 switch (proto) {
3294 case Q_DEFAULT:
3295 #ifdef INET6
3296 b0 = gen_proto(v, Q_IP, dir);
3297 b1 = gen_proto(v, Q_IPV6, dir);
3298 gen_or(b0, b1);
3299 return b1;
3300 #else
3301 /*FALLTHROUGH*/
3302 #endif
3303 case Q_IP:
3304 b0 = gen_linktype(ETHERTYPE_IP);
3305 #ifndef CHASE_CHAIN
3306 b1 = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)v);
3307 #else
3308 b1 = gen_protochain(v, Q_IP);
3309 #endif
3310 gen_and(b0, b1);
3311 return b1;
3312
3313 case Q_ISO:
3314 switch (linktype) {
3315
3316 case DLT_FRELAY:
3317 /*
3318 * Frame Relay packets typically have an OSI
3319 * NLPID at the beginning; "gen_linktype(LLCSAP_ISONS)"
3320 * generates code to check for all the OSI
3321 * NLPIDs, so calling it and then adding a check
3322 * for the particular NLPID for which we're
3323 * looking is bogus, as we can just check for
3324 * the NLPID.
3325 *
3326 * What we check for is the NLPID and a frame
3327 * control field value of UI, i.e. 0x03 followed
3328 * by the NLPID.
3329 *
3330 * XXX - assumes a 2-byte Frame Relay header with
3331 * DLCI and flags. What if the address is longer?
3332 *
3333 * XXX - what about SNAP-encapsulated frames?
3334 */
3335 return gen_cmp(2, BPF_H, (0x03<<8) | v);
3336 break;
3337
3338 default:
3339 b0 = gen_linktype(LLCSAP_ISONS);
3340 b1 = gen_cmp(off_nl_nosnap, BPF_B, (long)v);
3341 gen_and(b0, b1);
3342 return b1;
3343 }
3344
3345 case Q_ARP:
3346 bpf_error("arp does not encapsulate another protocol");
3347 /* NOTREACHED */
3348
3349 case Q_RARP:
3350 bpf_error("rarp does not encapsulate another protocol");
3351 /* NOTREACHED */
3352
3353 case Q_ATALK:
3354 bpf_error("atalk encapsulation is not specifiable");
3355 /* NOTREACHED */
3356
3357 case Q_DECNET:
3358 bpf_error("decnet encapsulation is not specifiable");
3359 /* NOTREACHED */
3360
3361 case Q_SCA:
3362 bpf_error("sca does not encapsulate another protocol");
3363 /* NOTREACHED */
3364
3365 case Q_LAT:
3366 bpf_error("lat does not encapsulate another protocol");
3367 /* NOTREACHED */
3368
3369 case Q_MOPRC:
3370 bpf_error("moprc does not encapsulate another protocol");
3371 /* NOTREACHED */
3372
3373 case Q_MOPDL:
3374 bpf_error("mopdl does not encapsulate another protocol");
3375 /* NOTREACHED */
3376
3377 case Q_LINK:
3378 return gen_linktype(v);
3379
3380 case Q_UDP:
3381 bpf_error("'udp proto' is bogus");
3382 /* NOTREACHED */
3383
3384 case Q_TCP:
3385 bpf_error("'tcp proto' is bogus");
3386 /* NOTREACHED */
3387
3388 case Q_SCTP:
3389 bpf_error("'sctp proto' is bogus");
3390 /* NOTREACHED */
3391
3392 case Q_ICMP:
3393 bpf_error("'icmp proto' is bogus");
3394 /* NOTREACHED */
3395
3396 case Q_IGMP:
3397 bpf_error("'igmp proto' is bogus");
3398 /* NOTREACHED */
3399
3400 case Q_IGRP:
3401 bpf_error("'igrp proto' is bogus");
3402 /* NOTREACHED */
3403
3404 case Q_PIM:
3405 bpf_error("'pim proto' is bogus");
3406 /* NOTREACHED */
3407
3408 case Q_VRRP:
3409 bpf_error("'vrrp proto' is bogus");
3410 /* NOTREACHED */
3411
3412 #ifdef INET6
3413 case Q_IPV6:
3414 b0 = gen_linktype(ETHERTYPE_IPV6);
3415 #ifndef CHASE_CHAIN
3416 b1 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)v);
3417 #else
3418 b1 = gen_protochain(v, Q_IPV6);
3419 #endif
3420 gen_and(b0, b1);
3421 return b1;
3422
3423 case Q_ICMPV6:
3424 bpf_error("'icmp6 proto' is bogus");
3425 #endif /* INET6 */
3426
3427 case Q_AH:
3428 bpf_error("'ah proto' is bogus");
3429
3430 case Q_ESP:
3431 bpf_error("'ah proto' is bogus");
3432
3433 case Q_STP:
3434 bpf_error("'stp proto' is bogus");
3435
3436 case Q_IPX:
3437 bpf_error("'ipx proto' is bogus");
3438
3439 case Q_NETBEUI:
3440 bpf_error("'netbeui proto' is bogus");
3441
3442 default:
3443 abort();
3444 /* NOTREACHED */
3445 }
3446 /* NOTREACHED */
3447 }
3448
3449 struct block *
3450 gen_scode(name, q)
3451 register const char *name;
3452 struct qual q;
3453 {
3454 int proto = q.proto;
3455 int dir = q.dir;
3456 int tproto;
3457 u_char *eaddr;
3458 bpf_u_int32 mask, addr;
3459 #ifndef INET6
3460 bpf_u_int32 **alist;
3461 #else
3462 int tproto6;
3463 struct sockaddr_in *sin;
3464 struct sockaddr_in6 *sin6;
3465 struct addrinfo *res, *res0;
3466 struct in6_addr mask128;
3467 #endif /*INET6*/
3468 struct block *b, *tmp;
3469 int port, real_proto;
3470
3471 switch (q.addr) {
3472
3473 case Q_NET:
3474 addr = pcap_nametonetaddr(name);
3475 if (addr == 0)
3476 bpf_error("unknown network '%s'", name);
3477 /* Left justify network addr and calculate its network mask */
3478 mask = 0xffffffff;
3479 while (addr && (addr & 0xff000000) == 0) {
3480 addr <<= 8;
3481 mask <<= 8;
3482 }
3483 return gen_host(addr, mask, proto, dir);
3484
3485 case Q_DEFAULT:
3486 case Q_HOST:
3487 if (proto == Q_LINK) {
3488 switch (linktype) {
3489
3490 case DLT_EN10MB:
3491 eaddr = pcap_ether_hostton(name);
3492 if (eaddr == NULL)
3493 bpf_error(
3494 "unknown ether host '%s'", name);
3495 b = gen_ehostop(eaddr, dir);
3496 free(eaddr);
3497 return b;
3498
3499 case DLT_FDDI:
3500 eaddr = pcap_ether_hostton(name);
3501 if (eaddr == NULL)
3502 bpf_error(
3503 "unknown FDDI host '%s'", name);
3504 b = gen_fhostop(eaddr, dir);
3505 free(eaddr);
3506 return b;
3507
3508 case DLT_IEEE802:
3509 eaddr = pcap_ether_hostton(name);
3510 if (eaddr == NULL)
3511 bpf_error(
3512 "unknown token ring host '%s'", name);
3513 b = gen_thostop(eaddr, dir);
3514 free(eaddr);
3515 return b;
3516
3517 case DLT_IEEE802_11:
3518 eaddr = pcap_ether_hostton(name);
3519 if (eaddr == NULL)
3520 bpf_error(
3521 "unknown 802.11 host '%s'", name);
3522 b = gen_wlanhostop(eaddr, dir);
3523 free(eaddr);
3524 return b;
3525
3526 default:
3527 bpf_error(
3528 "only ethernet/FDDI/token ring/802.11 supports link-level host name");
3529 break;
3530 }
3531 } else if (proto == Q_DECNET) {
3532 unsigned short dn_addr = __pcap_nametodnaddr(name);
3533 /*
3534 * I don't think DECNET hosts can be multihomed, so
3535 * there is no need to build up a list of addresses
3536 */
3537 return (gen_host(dn_addr, 0, proto, dir));
3538 } else {
3539 #ifndef INET6
3540 alist = pcap_nametoaddr(name);
3541 if (alist == NULL || *alist == NULL)
3542 bpf_error("unknown host '%s'", name);
3543 tproto = proto;
3544 if (off_linktype == -1 && tproto == Q_DEFAULT)
3545 tproto = Q_IP;
3546 b = gen_host(**alist++, 0xffffffff, tproto, dir);
3547 while (*alist) {
3548 tmp = gen_host(**alist++, 0xffffffff,
3549 tproto, dir);
3550 gen_or(b, tmp);
3551 b = tmp;
3552 }
3553 return b;
3554 #else
3555 memset(&mask128, 0xff, sizeof(mask128));
3556 res0 = res = pcap_nametoaddrinfo(name);
3557 if (res == NULL)
3558 bpf_error("unknown host '%s'", name);
3559 b = tmp = NULL;
3560 tproto = tproto6 = proto;
3561 if (off_linktype == -1 && tproto == Q_DEFAULT) {
3562 tproto = Q_IP;
3563 tproto6 = Q_IPV6;
3564 }
3565 for (res = res0; res; res = res->ai_next) {
3566 switch (res->ai_family) {
3567 case AF_INET:
3568 if (tproto == Q_IPV6)
3569 continue;
3570
3571 sin = (struct sockaddr_in *)
3572 res->ai_addr;
3573 tmp = gen_host(ntohl(sin->sin_addr.s_addr),
3574 0xffffffff, tproto, dir);
3575 break;
3576 case AF_INET6:
3577 if (tproto6 == Q_IP)
3578 continue;
3579
3580 sin6 = (struct sockaddr_in6 *)
3581 res->ai_addr;
3582 tmp = gen_host6(&sin6->sin6_addr,
3583 &mask128, tproto6, dir);
3584 break;
3585 default:
3586 continue;
3587 }
3588 if (b)
3589 gen_or(b, tmp);
3590 b = tmp;
3591 }
3592 freeaddrinfo(res0);
3593 if (b == NULL) {
3594 bpf_error("unknown host '%s'%s", name,
3595 (proto == Q_DEFAULT)
3596 ? ""
3597 : " for specified address family");
3598 }
3599 return b;
3600 #endif /*INET6*/
3601 }
3602
3603 case Q_PORT:
3604 if (proto != Q_DEFAULT &&
3605 proto != Q_UDP && proto != Q_TCP && proto != Q_SCTP)
3606 bpf_error("illegal qualifier of 'port'");
3607 if (pcap_nametoport(name, &port, &real_proto) == 0)
3608 bpf_error("unknown port '%s'", name);
3609 if (proto == Q_UDP) {
3610 if (real_proto == IPPROTO_TCP)
3611 bpf_error("port '%s' is tcp", name);
3612 else if (real_proto == IPPROTO_SCTP)
3613 bpf_error("port '%s' is sctp", name);
3614 else
3615 /* override PROTO_UNDEF */
3616 real_proto = IPPROTO_UDP;
3617 }
3618 if (proto == Q_TCP) {
3619 if (real_proto == IPPROTO_UDP)
3620 bpf_error("port '%s' is udp", name);
3621
3622 else if (real_proto == IPPROTO_SCTP)
3623 bpf_error("port '%s' is sctp", name);
3624 else
3625 /* override PROTO_UNDEF */
3626 real_proto = IPPROTO_TCP;
3627 }
3628 if (proto == Q_SCTP) {
3629 if (real_proto == IPPROTO_UDP)
3630 bpf_error("port '%s' is udp", name);
3631
3632 else if (real_proto == IPPROTO_TCP)
3633 bpf_error("port '%s' is tcp", name);
3634 else
3635 /* override PROTO_UNDEF */
3636 real_proto = IPPROTO_SCTP;
3637 }
3638 #ifndef INET6
3639 return gen_port(port, real_proto, dir);
3640 #else
3641 {
3642 struct block *b;
3643 b = gen_port(port, real_proto, dir);
3644 gen_or(gen_port6(port, real_proto, dir), b);
3645 return b;
3646 }
3647 #endif /* INET6 */
3648
3649 case Q_GATEWAY:
3650 #ifndef INET6
3651 eaddr = pcap_ether_hostton(name);
3652 if (eaddr == NULL)
3653 bpf_error("unknown ether host: %s", name);
3654
3655 alist = pcap_nametoaddr(name);
3656 if (alist == NULL || *alist == NULL)
3657 bpf_error("unknown host '%s'", name);
3658 b = gen_gateway(eaddr, alist, proto, dir);
3659 free(eaddr);
3660 return b;
3661 #else
3662 bpf_error("'gateway' not supported in this configuration");
3663 #endif /*INET6*/
3664
3665 case Q_PROTO:
3666 real_proto = lookup_proto(name, proto);
3667 if (real_proto >= 0)
3668 return gen_proto(real_proto, proto, dir);
3669 else
3670 bpf_error("unknown protocol: %s", name);
3671
3672 case Q_PROTOCHAIN:
3673 real_proto = lookup_proto(name, proto);
3674 if (real_proto >= 0)
3675 return gen_protochain(real_proto, proto, dir);
3676 else
3677 bpf_error("unknown protocol: %s", name);
3678
3679
3680 case Q_UNDEF:
3681 syntax();
3682 /* NOTREACHED */
3683 }
3684 abort();
3685 /* NOTREACHED */
3686 }
3687
3688 struct block *
3689 gen_mcode(s1, s2, masklen, q)
3690 register const char *s1, *s2;
3691 register int masklen;
3692 struct qual q;
3693 {
3694 register int nlen, mlen;
3695 bpf_u_int32 n, m;
3696
3697 nlen = __pcap_atoin(s1, &n);
3698 /* Promote short ipaddr */
3699 n <<= 32 - nlen;
3700
3701 if (s2 != NULL) {
3702 mlen = __pcap_atoin(s2, &m);
3703 /* Promote short ipaddr */
3704 m <<= 32 - mlen;
3705 if ((n & ~m) != 0)
3706 bpf_error("non-network bits set in \"%s mask %s\"",
3707 s1, s2);
3708 } else {
3709 /* Convert mask len to mask */
3710 if (masklen > 32)
3711 bpf_error("mask length must be <= 32");
3712 m = 0xffffffff << (32 - masklen);
3713 if ((n & ~m) != 0)
3714 bpf_error("non-network bits set in \"%s/%d\"",
3715 s1, masklen);
3716 }
3717
3718 switch (q.addr) {
3719
3720 case Q_NET:
3721 return gen_host(n, m, q.proto, q.dir);
3722
3723 default:
3724 bpf_error("Mask syntax for networks only");
3725 /* NOTREACHED */
3726 }
3727 }
3728
3729 struct block *
3730 gen_ncode(s, v, q)
3731 register const char *s;
3732 bpf_u_int32 v;
3733 struct qual q;
3734 {
3735 bpf_u_int32 mask;
3736 int proto = q.proto;
3737 int dir = q.dir;
3738 register int vlen;
3739
3740 if (s == NULL)
3741 vlen = 32;
3742 else if (q.proto == Q_DECNET)
3743 vlen = __pcap_atodn(s, &v);
3744 else
3745 vlen = __pcap_atoin(s, &v);
3746
3747 switch (q.addr) {
3748
3749 case Q_DEFAULT:
3750 case Q_HOST:
3751 case Q_NET:
3752 if (proto == Q_DECNET)
3753 return gen_host(v, 0, proto, dir);
3754 else if (proto == Q_LINK) {
3755 bpf_error("illegal link layer address");
3756 } else {
3757 mask = 0xffffffff;
3758 if (s == NULL && q.addr == Q_NET) {
3759 /* Promote short net number */
3760 while (v && (v & 0xff000000) == 0) {
3761 v <<= 8;
3762 mask <<= 8;
3763 }
3764 } else {
3765 /* Promote short ipaddr */
3766 v <<= 32 - vlen;
3767 mask <<= 32 - vlen;
3768 }
3769 return gen_host(v, mask, proto, dir);
3770 }
3771
3772 case Q_PORT:
3773 if (proto == Q_UDP)
3774 proto = IPPROTO_UDP;
3775 else if (proto == Q_TCP)
3776 proto = IPPROTO_TCP;
3777 else if (proto == Q_SCTP)
3778 proto = IPPROTO_SCTP;
3779 else if (proto == Q_DEFAULT)
3780 proto = PROTO_UNDEF;
3781 else
3782 bpf_error("illegal qualifier of 'port'");
3783
3784 #ifndef INET6
3785 return gen_port((int)v, proto, dir);
3786 #else
3787 {
3788 struct block *b;
3789 b = gen_port((int)v, proto, dir);
3790 gen_or(gen_port6((int)v, proto, dir), b);
3791 return b;
3792 }
3793 #endif /* INET6 */
3794
3795 case Q_GATEWAY:
3796 bpf_error("'gateway' requires a name");
3797 /* NOTREACHED */
3798
3799 case Q_PROTO:
3800 return gen_proto((int)v, proto, dir);
3801
3802 case Q_PROTOCHAIN:
3803 return gen_protochain((int)v, proto, dir);
3804
3805 case Q_UNDEF:
3806 syntax();
3807 /* NOTREACHED */
3808
3809 default:
3810 abort();
3811 /* NOTREACHED */
3812 }
3813 /* NOTREACHED */
3814 }
3815
3816 #ifdef INET6
3817 struct block *
3818 gen_mcode6(s1, s2, masklen, q)
3819 register const char *s1, *s2;
3820 register int masklen;
3821 struct qual q;
3822 {
3823 struct addrinfo *res;
3824 struct in6_addr *addr;
3825 struct in6_addr mask;
3826 struct block *b;
3827 u_int32_t *a, *m;
3828
3829 if (s2)
3830 bpf_error("no mask %s supported", s2);
3831
3832 res = pcap_nametoaddrinfo(s1);
3833 if (!res)
3834 bpf_error("invalid ip6 address %s", s1);
3835 if (res->ai_next)
3836 bpf_error("%s resolved to multiple address", s1);
3837 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr;
3838
3839 if (sizeof(mask) * 8 < masklen)
3840 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8));
3841 memset(&mask, 0, sizeof(mask));
3842 memset(&mask, 0xff, masklen / 8);
3843 if (masklen % 8) {
3844 mask.s6_addr[masklen / 8] =
3845 (0xff << (8 - masklen % 8)) & 0xff;
3846 }
3847
3848 a = (u_int32_t *)addr;
3849 m = (u_int32_t *)&mask;
3850 if ((a[0] & ~m[0]) || (a[1] & ~m[1])
3851 || (a[2] & ~m[2]) || (a[3] & ~m[3])) {
3852 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen);
3853 }
3854
3855 switch (q.addr) {
3856
3857 case Q_DEFAULT:
3858 case Q_HOST:
3859 if (masklen != 128)
3860 bpf_error("Mask syntax for networks only");
3861 /* FALLTHROUGH */
3862
3863 case Q_NET:
3864 b = gen_host6(addr, &mask, q.proto, q.dir);
3865 freeaddrinfo(res);
3866 return b;
3867
3868 default:
3869 bpf_error("invalid qualifier against IPv6 address");
3870 /* NOTREACHED */
3871 }
3872 }
3873 #endif /*INET6*/
3874
3875 struct block *
3876 gen_ecode(eaddr, q)
3877 register const u_char *eaddr;
3878 struct qual q;
3879 {
3880 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
3881 if (linktype == DLT_EN10MB)
3882 return gen_ehostop(eaddr, (int)q.dir);
3883 if (linktype == DLT_FDDI)
3884 return gen_fhostop(eaddr, (int)q.dir);
3885 if (linktype == DLT_IEEE802)
3886 return gen_thostop(eaddr, (int)q.dir);
3887 if (linktype == DLT_IEEE802_11)
3888 return gen_wlanhostop(eaddr, (int)q.dir);
3889 bpf_error("ethernet addresses supported only on ethernet/FDDI/token ring/802.11");
3890 }
3891 bpf_error("ethernet address used in non-ether expression");
3892 /* NOTREACHED */
3893 }
3894
3895 void
3896 sappend(s0, s1)
3897 struct slist *s0, *s1;
3898 {
3899 /*
3900 * This is definitely not the best way to do this, but the
3901 * lists will rarely get long.
3902 */
3903 while (s0->next)
3904 s0 = s0->next;
3905 s0->next = s1;
3906 }
3907
3908 static struct slist *
3909 xfer_to_x(a)
3910 struct arth *a;
3911 {
3912 struct slist *s;
3913
3914 s = new_stmt(BPF_LDX|BPF_MEM);
3915 s->s.k = a->regno;
3916 return s;
3917 }
3918
3919 static struct slist *
3920 xfer_to_a(a)
3921 struct arth *a;
3922 {
3923 struct slist *s;
3924
3925 s = new_stmt(BPF_LD|BPF_MEM);
3926 s->s.k = a->regno;
3927 return s;
3928 }
3929
3930 struct arth *
3931 gen_load(proto, index, size)
3932 int proto;
3933 struct arth *index;
3934 int size;
3935 {
3936 struct slist *s, *tmp;
3937 struct block *b;
3938 int regno = alloc_reg();
3939
3940 free_reg(index->regno);
3941 switch (size) {
3942
3943 default:
3944 bpf_error("data size must be 1, 2, or 4");
3945
3946 case 1:
3947 size = BPF_B;
3948 break;
3949
3950 case 2:
3951 size = BPF_H;
3952 break;
3953
3954 case 4:
3955 size = BPF_W;
3956 break;
3957 }
3958 switch (proto) {
3959 default:
3960 bpf_error("unsupported index operation");
3961
3962 case Q_LINK:
3963 s = xfer_to_x(index);
3964 tmp = new_stmt(BPF_LD|BPF_IND|size);
3965 sappend(s, tmp);
3966 sappend(index->s, s);
3967 break;
3968
3969 case Q_IP:
3970 case Q_ARP:
3971 case Q_RARP:
3972 case Q_ATALK:
3973 case Q_DECNET:
3974 case Q_SCA:
3975 case Q_LAT:
3976 case Q_MOPRC:
3977 case Q_MOPDL:
3978 #ifdef INET6
3979 case Q_IPV6:
3980 #endif
3981 /* XXX Note that we assume a fixed link header here. */
3982 s = xfer_to_x(index);
3983 tmp = new_stmt(BPF_LD|BPF_IND|size);
3984 tmp->s.k = off_nl;
3985 sappend(s, tmp);
3986 sappend(index->s, s);
3987
3988 b = gen_proto_abbrev(proto);
3989 if (index->b)
3990 gen_and(index->b, b);
3991 index->b = b;
3992 break;
3993
3994 case Q_SCTP:
3995 case Q_TCP:
3996 case Q_UDP:
3997 case Q_ICMP:
3998 case Q_IGMP:
3999 case Q_IGRP:
4000 case Q_PIM:
4001 case Q_VRRP:
4002 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
4003 s->s.k = off_nl;
4004 sappend(s, xfer_to_a(index));
4005 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X));
4006 sappend(s, new_stmt(BPF_MISC|BPF_TAX));
4007 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size));
4008 tmp->s.k = off_nl;
4009 sappend(index->s, s);
4010
4011 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag());
4012 if (index->b)
4013 gen_and(index->b, b);
4014 #ifdef INET6
4015 gen_and(gen_proto_abbrev(Q_IP), b);
4016 #endif
4017 index->b = b;
4018 break;
4019 #ifdef INET6
4020 case Q_ICMPV6:
4021 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]");
4022 /*NOTREACHED*/
4023 #endif
4024 }
4025 index->regno = regno;
4026 s = new_stmt(BPF_ST);
4027 s->s.k = regno;
4028 sappend(index->s, s);
4029
4030 return index;
4031 }
4032
4033 struct block *
4034 gen_relation(code, a0, a1, reversed)
4035 int code;
4036 struct arth *a0, *a1;
4037 int reversed;
4038 {
4039 struct slist *s0, *s1, *s2;
4040 struct block *b, *tmp;
4041
4042 s0 = xfer_to_x(a1);
4043 s1 = xfer_to_a(a0);
4044 if (code == BPF_JEQ) {
4045 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X);
4046 b = new_block(JMP(code));
4047 sappend(s1, s2);
4048 }
4049 else
4050 b = new_block(BPF_JMP|code|BPF_X);
4051 if (reversed)
4052 gen_not(b);
4053
4054 sappend(s0, s1);
4055 sappend(a1->s, s0);
4056 sappend(a0->s, a1->s);
4057
4058 b->stmts = a0->s;
4059
4060 free_reg(a0->regno);
4061 free_reg(a1->regno);
4062
4063 /* 'and' together protocol checks */
4064 if (a0->b) {
4065 if (a1->b) {
4066 gen_and(a0->b, tmp = a1->b);
4067 }
4068 else
4069 tmp = a0->b;
4070 } else
4071 tmp = a1->b;
4072
4073 if (tmp)
4074 gen_and(tmp, b);
4075
4076 return b;
4077 }
4078
4079 struct arth *
4080 gen_loadlen()
4081 {
4082 int regno = alloc_reg();
4083 struct arth *a = (struct arth *)newchunk(sizeof(*a));
4084 struct slist *s;
4085
4086 s = new_stmt(BPF_LD|BPF_LEN);
4087 s->next = new_stmt(BPF_ST);
4088 s->next->s.k = regno;
4089 a->s = s;
4090 a->regno = regno;
4091
4092 return a;
4093 }
4094
4095 struct arth *
4096 gen_loadi(val)
4097 int val;
4098 {
4099 struct arth *a;
4100 struct slist *s;
4101 int reg;
4102
4103 a = (struct arth *)newchunk(sizeof(*a));
4104
4105 reg = alloc_reg();
4106
4107 s = new_stmt(BPF_LD|BPF_IMM);
4108 s->s.k = val;
4109 s->next = new_stmt(BPF_ST);
4110 s->next->s.k = reg;
4111 a->s = s;
4112 a->regno = reg;
4113
4114 return a;
4115 }
4116
4117 struct arth *
4118 gen_neg(a)
4119 struct arth *a;
4120 {
4121 struct slist *s;
4122
4123 s = xfer_to_a(a);
4124 sappend(a->s, s);
4125 s = new_stmt(BPF_ALU|BPF_NEG);
4126 s->s.k = 0;
4127 sappend(a->s, s);
4128 s = new_stmt(BPF_ST);
4129 s->s.k = a->regno;
4130 sappend(a->s, s);
4131
4132 return a;
4133 }
4134
4135 struct arth *
4136 gen_arth(code, a0, a1)
4137 int code;
4138 struct arth *a0, *a1;
4139 {
4140 struct slist *s0, *s1, *s2;
4141
4142 s0 = xfer_to_x(a1);
4143 s1 = xfer_to_a(a0);
4144 s2 = new_stmt(BPF_ALU|BPF_X|code);
4145
4146 sappend(s1, s2);
4147 sappend(s0, s1);
4148 sappend(a1->s, s0);
4149 sappend(a0->s, a1->s);
4150
4151 free_reg(a0->regno);
4152 free_reg(a1->regno);
4153
4154 s0 = new_stmt(BPF_ST);
4155 a0->regno = s0->s.k = alloc_reg();
4156 sappend(a0->s, s0);
4157
4158 return a0;
4159 }
4160
4161 /*
4162 * Here we handle simple allocation of the scratch registers.
4163 * If too many registers are alloc'd, the allocator punts.
4164 */
4165 static int regused[BPF_MEMWORDS];
4166 static int curreg;
4167
4168 /*
4169 * Return the next free register.
4170 */
4171 static int
4172 alloc_reg()
4173 {
4174 int n = BPF_MEMWORDS;
4175
4176 while (--n >= 0) {
4177 if (regused[curreg])
4178 curreg = (curreg + 1) % BPF_MEMWORDS;
4179 else {
4180 regused[curreg] = 1;
4181 return curreg;
4182 }
4183 }
4184 bpf_error("too many registers needed to evaluate expression");
4185 /* NOTREACHED */
4186 }
4187
4188 /*
4189 * Return a register to the table so it can
4190 * be used later.
4191 */
4192 static void
4193 free_reg(n)
4194 int n;
4195 {
4196 regused[n] = 0;
4197 }
4198
4199 static struct block *
4200 gen_len(jmp, n)
4201 int jmp, n;
4202 {
4203 struct slist *s;
4204 struct block *b;
4205
4206 s = new_stmt(BPF_LD|BPF_LEN);
4207 b = new_block(JMP(jmp));
4208 b->stmts = s;
4209 b->s.k = n;
4210
4211 return b;
4212 }
4213
4214 struct block *
4215 gen_greater(n)
4216 int n;
4217 {
4218 return gen_len(BPF_JGE, n);
4219 }
4220
4221 /*
4222 * Actually, this is less than or equal.
4223 */
4224 struct block *
4225 gen_less(n)
4226 int n;
4227 {
4228 struct block *b;
4229
4230 b = gen_len(BPF_JGT, n);
4231 gen_not(b);
4232
4233 return b;
4234 }
4235
4236 struct block *
4237 gen_byteop(op, idx, val)
4238 int op, idx, val;
4239 {
4240 struct block *b;
4241 struct slist *s;
4242
4243 switch (op) {
4244 default:
4245 abort();
4246
4247 case '=':
4248 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
4249
4250 case '<':
4251 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
4252 b->s.code = JMP(BPF_JGE);
4253 gen_not(b);
4254 return b;
4255
4256 case '>':
4257 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
4258 b->s.code = JMP(BPF_JGT);
4259 return b;
4260
4261 case '|':
4262 s = new_stmt(BPF_ALU|BPF_OR|BPF_K);
4263 break;
4264
4265 case '&':
4266 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
4267 break;
4268 }
4269 s->s.k = val;
4270 b = new_block(JMP(BPF_JEQ));
4271 b->stmts = s;
4272 gen_not(b);
4273
4274 return b;
4275 }
4276
4277 static u_char abroadcast[] = { 0x0 };
4278
4279 struct block *
4280 gen_broadcast(proto)
4281 int proto;
4282 {
4283 bpf_u_int32 hostmask;
4284 struct block *b0, *b1, *b2;
4285 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
4286
4287 switch (proto) {
4288
4289 case Q_DEFAULT:
4290 case Q_LINK:
4291 if (linktype == DLT_ARCNET)
4292 return gen_ahostop(abroadcast, Q_DST);
4293 if (linktype == DLT_EN10MB)
4294 return gen_ehostop(ebroadcast, Q_DST);
4295 if (linktype == DLT_FDDI)
4296 return gen_fhostop(ebroadcast, Q_DST);
4297 if (linktype == DLT_IEEE802)
4298 return gen_thostop(ebroadcast, Q_DST);
4299 if (linktype == DLT_IEEE802_11)
4300 return gen_wlanhostop(ebroadcast, Q_DST);
4301 bpf_error("not a broadcast link");
4302 break;
4303
4304 case Q_IP:
4305 b0 = gen_linktype(ETHERTYPE_IP);
4306 hostmask = ~netmask;
4307 b1 = gen_mcmp(off_nl + 16, BPF_W, (bpf_int32)0, hostmask);
4308 b2 = gen_mcmp(off_nl + 16, BPF_W,
4309 (bpf_int32)(~0 & hostmask), hostmask);
4310 gen_or(b1, b2);
4311 gen_and(b0, b2);
4312 return b2;
4313 }
4314 bpf_error("only ether/ip broadcast filters supported");
4315 }
4316
4317 /*
4318 * Generate code to test the low-order bit of a MAC address (that's
4319 * the bottom bit of the *first* byte).
4320 */
4321 static struct block *
4322 gen_mac_multicast(offset)
4323 int offset;
4324 {
4325 register struct block *b0;
4326 register struct slist *s;
4327
4328 /* link[offset] & 1 != 0 */
4329 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4330 s->s.k = offset;
4331 b0 = new_block(JMP(BPF_JSET));
4332 b0->s.k = 1;
4333 b0->stmts = s;
4334 return b0;
4335 }
4336
4337 struct block *
4338 gen_multicast(proto)
4339 int proto;
4340 {
4341 register struct block *b0, *b1, *b2;
4342 register struct slist *s;
4343
4344 switch (proto) {
4345
4346 case Q_DEFAULT:
4347 case Q_LINK:
4348 if (linktype == DLT_ARCNET)
4349 /* all ARCnet multicasts use the same address */
4350 return gen_ahostop(abroadcast, Q_DST);
4351
4352 if (linktype == DLT_EN10MB) {
4353 /* ether[0] & 1 != 0 */
4354 return gen_mac_multicast(0);
4355 }
4356
4357 if (linktype == DLT_FDDI) {
4358 /*
4359 * XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX
4360 *
4361 * XXX - was that referring to bit-order issues?
4362 */
4363 /* fddi[1] & 1 != 0 */
4364 return gen_mac_multicast(1);
4365 }
4366
4367 if (linktype == DLT_IEEE802) {
4368 /* tr[2] & 1 != 0 */
4369 return gen_mac_multicast(2);
4370 }
4371
4372 if (linktype == DLT_IEEE802_11) {
4373 /*
4374 * Oh, yuk.
4375 *
4376 * For control frames, there is no DA.
4377 *
4378 * For management frames, DA is at an
4379 * offset of 4 from the beginning of
4380 * the packet.
4381 *
4382 * For data frames, DA is at an offset
4383 * of 4 from the beginning of the packet
4384 * if To DS is clear and at an offset of
4385 * 16 from the beginning of the packet
4386 * if To DS is set.
4387 */
4388
4389 /*
4390 * Generate the tests to be done for data frames.
4391 *
4392 * First, check for To DS set, i.e. "link[1] & 0x01".
4393 */
4394 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4395 s->s.k = 1;
4396 b1 = new_block(JMP(BPF_JSET));
4397 b1->s.k = 0x01; /* To DS */
4398 b1->stmts = s;
4399
4400 /*
4401 * If To DS is set, the DA is at 16.
4402 */
4403 b0 = gen_mac_multicast(16);
4404 gen_and(b1, b0);
4405
4406 /*
4407 * Now, check for To DS not set, i.e. check
4408 * "!(link[1] & 0x01)".
4409 */
4410 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4411 s->s.k = 1;
4412 b2 = new_block(JMP(BPF_JSET));
4413 b2->s.k = 0x01; /* To DS */
4414 b2->stmts = s;
4415 gen_not(b2);
4416
4417 /*
4418 * If To DS is not set, the DA is at 4.
4419 */
4420 b1 = gen_mac_multicast(4);
4421 gen_and(b2, b1);
4422
4423 /*
4424 * Now OR together the last two checks. That gives
4425 * the complete set of checks for data frames.
4426 */
4427 gen_or(b1, b0);
4428
4429 /*
4430 * Now check for a data frame.
4431 * I.e, check "link[0] & 0x08".
4432 */
4433 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4434 s->s.k = 0;
4435 b1 = new_block(JMP(BPF_JSET));
4436 b1->s.k = 0x08;
4437 b1->stmts = s;
4438
4439 /*
4440 * AND that with the checks done for data frames.
4441 */
4442 gen_and(b1, b0);
4443
4444 /*
4445 * If the high-order bit of the type value is 0, this
4446 * is a management frame.
4447 * I.e, check "!(link[0] & 0x08)".
4448 */
4449 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4450 s->s.k = 0;
4451 b2 = new_block(JMP(BPF_JSET));
4452 b2->s.k = 0x08;
4453 b2->stmts = s;
4454 gen_not(b2);
4455
4456 /*
4457 * For management frames, the DA is at 4.
4458 */
4459 b1 = gen_mac_multicast(4);
4460 gen_and(b2, b1);
4461
4462 /*
4463 * OR that with the checks done for data frames.
4464 * That gives the checks done for management and
4465 * data frames.
4466 */
4467 gen_or(b1, b0);
4468
4469 /*
4470 * If the low-order bit of the type value is 1,
4471 * this is either a control frame or a frame
4472 * with a reserved type, and thus not a
4473 * frame with an SA.
4474 *
4475 * I.e., check "!(link[0] & 0x04)".
4476 */
4477 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4478 s->s.k = 0;
4479 b1 = new_block(JMP(BPF_JSET));
4480 b1->s.k = 0x04;
4481 b1->stmts = s;
4482 gen_not(b1);
4483
4484 /*
4485 * AND that with the checks for data and management
4486 * frames.
4487 */
4488 gen_and(b1, b0);
4489 return b0;
4490 }
4491
4492 /* Link not known to support multicasts */
4493 break;
4494
4495 case Q_IP:
4496 b0 = gen_linktype(ETHERTYPE_IP);
4497 b1 = gen_cmp(off_nl + 16, BPF_B, (bpf_int32)224);
4498 b1->s.code = JMP(BPF_JGE);
4499 gen_and(b0, b1);
4500 return b1;
4501
4502 #ifdef INET6
4503 case Q_IPV6:
4504 b0 = gen_linktype(ETHERTYPE_IPV6);
4505 b1 = gen_cmp(off_nl + 24, BPF_B, (bpf_int32)255);
4506 gen_and(b0, b1);
4507 return b1;
4508 #endif /* INET6 */
4509 }
4510 bpf_error("only IP multicast filters supported on ethernet/FDDI");
4511 }
4512
4513 /*
4514 * generate command for inbound/outbound. It's here so we can
4515 * make it link-type specific. 'dir' = 0 implies "inbound",
4516 * = 1 implies "outbound".
4517 */
4518 struct block *
4519 gen_inbound(dir)
4520 int dir;
4521 {
4522 register struct block *b0;
4523
4524 /*
4525 * Only some data link types support inbound/outbound qualifiers.
4526 */
4527 switch (linktype) {
4528 case DLT_SLIP:
4529 case DLT_PPP:
4530 b0 = gen_relation(BPF_JEQ,
4531 gen_load(Q_LINK, gen_loadi(0), 1),
4532 gen_loadi(0),
4533 dir);
4534 break;
4535
4536 case DLT_LINUX_SLL:
4537 if (dir) {
4538 /*
4539 * Match packets sent by this machine.
4540 */
4541 b0 = gen_cmp(0, BPF_H, LINUX_SLL_OUTGOING);
4542 } else {
4543 /*
4544 * Match packets sent to this machine.
4545 * (No broadcast or multicast packets, or
4546 * packets sent to some other machine and
4547 * received promiscuously.)
4548 *
4549 * XXX - packets sent to other machines probably
4550 * shouldn't be matched, but what about broadcast
4551 * or multicast packets we received?
4552 */
4553 b0 = gen_cmp(0, BPF_H, LINUX_SLL_HOST);
4554 }
4555 break;
4556
4557 default:
4558 bpf_error("inbound/outbound not supported on linktype %d\n",
4559 linktype);
4560 b0 = NULL;
4561 /* NOTREACHED */
4562 }
4563 return (b0);
4564 }
4565
4566 struct block *
4567 gen_acode(eaddr, q)
4568 register const u_char *eaddr;
4569 struct qual q;
4570 {
4571 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
4572 if (linktype == DLT_ARCNET)
4573 return gen_ahostop(eaddr, (int)q.dir);
4574 }
4575 bpf_error("ARCnet address used in non-arc expression");
4576 /* NOTREACHED */
4577 }
4578
4579 static struct block *
4580 gen_ahostop(eaddr, dir)
4581 register const u_char *eaddr;
4582 register int dir;
4583 {
4584 register struct block *b0, *b1;
4585
4586 switch (dir) {
4587 /* src comes first, different from Ethernet */
4588 case Q_SRC:
4589 return gen_bcmp(0, 1, eaddr);
4590
4591 case Q_DST:
4592 return gen_bcmp(1, 1, eaddr);
4593
4594 case Q_AND:
4595 b0 = gen_ahostop(eaddr, Q_SRC);
4596 b1 = gen_ahostop(eaddr, Q_DST);
4597 gen_and(b0, b1);
4598 return b1;
4599
4600 case Q_DEFAULT:
4601 case Q_OR:
4602 b0 = gen_ahostop(eaddr, Q_SRC);
4603 b1 = gen_ahostop(eaddr, Q_DST);
4604 gen_or(b0, b1);
4605 return b1;
4606 }
4607 abort();
4608 /* NOTREACHED */
4609 }
4610
4611 /*
4612 * support IEEE 802.1Q VLAN trunk over ethernet
4613 */
4614 struct block *
4615 gen_vlan(vlan_num)
4616 int vlan_num;
4617 {
4618 struct block *b0;
4619
4620 /*
4621 * Change the offsets to point to the type and data fields within
4622 * the VLAN packet. This is somewhat of a kludge.
4623 */
4624 if (orig_nl == (u_int)-1) {
4625 orig_linktype = off_linktype; /* save original values */
4626 orig_nl = off_nl;
4627 orig_nl_nosnap = off_nl_nosnap;
4628
4629 switch (linktype) {
4630
4631 case DLT_EN10MB:
4632 off_linktype = 16;
4633 off_nl_nosnap = 18;
4634 off_nl = 18;
4635 break;
4636
4637 default:
4638 bpf_error("no VLAN support for data link type %d",
4639 linktype);
4640 /*NOTREACHED*/
4641 }
4642 }
4643
4644 /* check for VLAN */
4645 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q);
4646
4647 /* If a specific VLAN is requested, check VLAN id */
4648 if (vlan_num >= 0) {
4649 struct block *b1;
4650
4651 b1 = gen_cmp(orig_nl, BPF_H, (bpf_int32)vlan_num);
4652 gen_and(b0, b1);
4653 b0 = b1;
4654 }
4655
4656 return (b0);
4657 }
4658
4659 struct block *
4660 gen_atmfield_code(atmfield, jvalue, jtype, reverse)
4661 int atmfield;
4662 bpf_u_int32 jvalue;
4663 bpf_u_int32 jtype;
4664 int reverse;
4665 {
4666 struct block *b0;
4667
4668 switch (atmfield) {
4669
4670 case A_VPI:
4671 if (!is_atm)
4672 bpf_error("'vpi' supported only on raw ATM");
4673 if (off_vpi == -1)
4674 abort();
4675 b0 = gen_ncmp(BPF_B, off_vpi, 0xffffffff, (u_int)jtype,
4676 (u_int)jvalue, reverse);
4677 break;
4678
4679 case A_VCI:
4680 if (!is_atm)
4681 bpf_error("'vci' supported only on raw ATM");
4682 if (off_vci == -1)
4683 abort();
4684 b0 = gen_ncmp(BPF_H, off_vci, 0xffffffff, (u_int)jtype,
4685 (u_int)jvalue, reverse);
4686 break;
4687
4688 case A_PROTOTYPE:
4689 if (off_proto == -1)
4690 abort(); /* XXX - this isn't on FreeBSD */
4691 b0 = gen_ncmp(BPF_B, off_proto, 0x0f, (u_int)jtype,
4692 (u_int)jvalue, reverse);
4693 break;
4694
4695 case A_MSGTYPE:
4696 if (off_msg_type == -1)
4697 abort();
4698 b0 = gen_ncmp(BPF_B, off_msg_type, 0xffffffff,
4699 (u_int)jtype, (u_int)jvalue, reverse);
4700 break;
4701
4702 case A_CALLREFTYPE:
4703 if (!is_atm)
4704 bpf_error("'callref' supported only on raw ATM");
4705 if (off_proto == -1)
4706 abort();
4707 b0 = gen_ncmp(BPF_B, off_proto, 0xffffffff, (u_int)jtype,
4708 (u_int)jvalue, reverse);
4709 break;
4710
4711 default:
4712 abort();
4713 }
4714 return b0;
4715 }
4716
4717 struct block *
4718 gen_atmtype_abbrev(type)
4719 int type;
4720 {
4721 struct block *b0, *b1;
4722
4723 switch (type) {
4724
4725 case A_METAC:
4726 /* Get all packets in Meta signalling Circuit */
4727 if (!is_atm)
4728 bpf_error("'metac' supported only on raw ATM");
4729 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
4730 b1 = gen_atmfield_code(A_VCI, 1, BPF_JEQ, 0);
4731 gen_and(b0, b1);
4732 break;
4733
4734 case A_BCC:
4735 /* Get all packets in Broadcast Circuit*/
4736 if (!is_atm)
4737 bpf_error("'bcc' supported only on raw ATM");
4738 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
4739 b1 = gen_atmfield_code(A_VCI, 2, BPF_JEQ, 0);
4740 gen_and(b0, b1);
4741 break;
4742
4743 case A_OAMF4SC:
4744 /* Get all cells in Segment OAM F4 circuit*/
4745 if (!is_atm)
4746 bpf_error("'oam4sc' supported only on raw ATM");
4747 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
4748 b1 = gen_atmfield_code(A_VCI, 3, BPF_JEQ, 0);
4749 gen_and(b0, b1);
4750 break;
4751
4752 case A_OAMF4EC:
4753 /* Get all cells in End-to-End OAM F4 Circuit*/
4754 if (!is_atm)
4755 bpf_error("'oam4ec' supported only on raw ATM");
4756 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
4757 b1 = gen_atmfield_code(A_VCI, 4, BPF_JEQ, 0);
4758 gen_and(b0, b1);
4759 break;
4760
4761 case A_SC:
4762 /* Get all packets in connection Signalling Circuit */
4763 if (!is_atm)
4764 bpf_error("'sc' supported only on raw ATM");
4765 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
4766 b1 = gen_atmfield_code(A_VCI, 5, BPF_JEQ, 0);
4767 gen_and(b0, b1);
4768 break;
4769
4770 case A_ILMIC:
4771 /* Get all packets in ILMI Circuit */
4772 if (!is_atm)
4773 bpf_error("'ilmic' supported only on raw ATM");
4774 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
4775 b1 = gen_atmfield_code(A_VCI, 16, BPF_JEQ, 0);
4776 gen_and(b0, b1);
4777 break;
4778
4779 case A_LANE:
4780 /* Get all LANE packets */
4781 if (!is_atm)
4782 bpf_error("'lane' supported only on raw ATM");
4783 b1 = gen_atmfield_code(A_PROTOTYPE, PT_LANE, BPF_JEQ, 0);
4784 break;
4785
4786 case A_LLC:
4787 /* Get all LLC-encapsulated packets */
4788 if (!is_atm)
4789 bpf_error("'llc' supported only on raw ATM");
4790 b1 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0);
4791 break;
4792
4793 default:
4794 abort();
4795 }
4796 return b1;
4797 }
4798
4799
4800 static struct block *
4801 gen_msg_abbrev(type)
4802 int type;
4803 {
4804 struct block *b1;
4805
4806 /*
4807 * Q.2931 signalling protocol messages for handling virtual circuits
4808 * establishment and teardown
4809 */
4810 switch (type) {
4811
4812 case A_SETUP:
4813 b1 = gen_atmfield_code(A_MSGTYPE, SETUP, BPF_JEQ, 0);
4814 break;
4815
4816 case A_CALLPROCEED:
4817 b1 = gen_atmfield_code(A_MSGTYPE, CALL_PROCEED, BPF_JEQ, 0);
4818 break;
4819
4820 case A_CONNECT:
4821 b1 = gen_atmfield_code(A_MSGTYPE, CONNECT, BPF_JEQ, 0);
4822 break;
4823
4824 case A_CONNECTACK:
4825 b1 = gen_atmfield_code(A_MSGTYPE, CONNECT_ACK, BPF_JEQ, 0);
4826 break;
4827
4828 case A_RELEASE:
4829 b1 = gen_atmfield_code(A_MSGTYPE, RELEASE, BPF_JEQ, 0);
4830 break;
4831
4832 case A_RELEASE_DONE:
4833 b1 = gen_atmfield_code(A_MSGTYPE, RELEASE_DONE, BPF_JEQ, 0);
4834 break;
4835
4836 default:
4837 abort();
4838 }
4839 return b1;
4840 }
4841
4842 struct block *
4843 gen_atmmulti_abbrev(type)
4844 int type;
4845 {
4846 struct block *b0, *b1;
4847
4848 switch (type) {
4849
4850 case A_OAM:
4851 if (!is_atm)
4852 bpf_error("'oam' supported only on raw ATM");
4853 b1 = gen_atmmulti_abbrev(A_OAMF4);
4854 break;
4855
4856 case A_OAMF4:
4857 if (!is_atm)
4858 bpf_error("'oamf4' supported only on raw ATM");
4859 /* OAM F4 type */
4860 b0 = gen_atmfield_code(A_VCI, 3, BPF_JEQ, 0);
4861 b1 = gen_atmfield_code(A_VCI, 4, BPF_JEQ, 0);
4862 gen_or(b0, b1);
4863 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
4864 gen_and(b0, b1);
4865 break;
4866
4867 case A_CONNECTMSG:
4868 /*
4869 * Get Q.2931 signalling messages for switched
4870 * virtual connection
4871 */
4872 if (!is_atm)
4873 bpf_error("'connectmsg' supported only on raw ATM");
4874 b0 = gen_msg_abbrev(A_SETUP);
4875 b1 = gen_msg_abbrev(A_CALLPROCEED);
4876 gen_or(b0, b1);
4877 b0 = gen_msg_abbrev(A_CONNECT);
4878 gen_or(b0, b1);
4879 b0 = gen_msg_abbrev(A_CONNECTACK);
4880 gen_or(b0, b1);
4881 b0 = gen_msg_abbrev(A_RELEASE);
4882 gen_or(b0, b1);
4883 b0 = gen_msg_abbrev(A_RELEASE_DONE);
4884 gen_or(b0, b1);
4885 b0 = gen_atmtype_abbrev(A_SC);
4886 gen_and(b0, b1);
4887 break;
4888
4889 case A_METACONNECT:
4890 if (!is_atm)
4891 bpf_error("'metaconnect' supported only on raw ATM");
4892 b0 = gen_msg_abbrev(A_SETUP);
4893 b1 = gen_msg_abbrev(A_CALLPROCEED);
4894 gen_or(b0, b1);
4895 b0 = gen_msg_abbrev(A_CONNECT);
4896 gen_or(b0, b1);
4897 b0 = gen_msg_abbrev(A_RELEASE);
4898 gen_or(b0, b1);
4899 b0 = gen_msg_abbrev(A_RELEASE_DONE);
4900 gen_or(b0, b1);
4901 b0 = gen_atmtype_abbrev(A_METAC);
4902 gen_and(b0, b1);
4903 break;
4904
4905 default:
4906 abort();
4907 }
4908 return b1;
4909 }
[mirror] the LIBpcap interface to various kernel packet capture mechanism