]> The Tcpdump Group git mirrors - libpcap/blob - gencode.c
projects / libpcap / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Get rid of an unused variable.
[libpcap] / gencode.c
1 /*#define CHASE_CHAIN*/
2 /*
3 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998
4 * The Regents of the University of California. All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that: (1) source code distributions
8 * retain the above copyright notice and this paragraph in its entirety, (2)
9 * distributions including binary code include the above copyright notice and
10 * this paragraph in its entirety in the documentation or other materials
11 * provided with the distribution, and (3) all advertising materials mentioning
12 * features or use of this software display the following acknowledgement:
13 * ``This product includes software developed by the University of California,
14 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
15 * the University nor the names of its contributors may be used to endorse
16 * or promote products derived from this software without specific prior
17 * written permission.
18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
19 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
20 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
21 */
22 #ifndef lint
23 static const char rcsid[] _U_ =
24 "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.221.2.6 2005-04-20 18:23:42 guy Exp $ (LBL)";
25 #endif
26
27 #ifdef HAVE_CONFIG_H
28 #include "config.h"
29 #endif
30
31 #ifdef WIN32
32 #include <pcap-stdinc.h>
33 #else /* WIN32 */
34 #include <sys/types.h>
35 #include <sys/socket.h>
36 #endif /* WIN32 */
37
38 /*
39 * XXX - why was this included even on UNIX?
40 */
41 #ifdef __MINGW32__
42 #include "IP6_misc.h"
43 #endif
44
45 #ifndef WIN32
46
47 #ifdef __NetBSD__
48 #include <sys/param.h>
49 #endif
50
51 #include <netinet/in.h>
52
53 #endif /* WIN32 */
54
55 #include <stdlib.h>
56 #include <string.h>
57 #include <memory.h>
58 #include <setjmp.h>
59 #include <stdarg.h>
60
61 #ifdef MSDOS
62 #include "pcap-dos.h"
63 #endif
64
65 #include "pcap-int.h"
66
67 #include "ethertype.h"
68 #include "nlpid.h"
69 #include "llc.h"
70 #include "gencode.h"
71 #include "atmuni31.h"
72 #include "sunatmpos.h"
73 #include "ppp.h"
74 #include "sll.h"
75 #include "arcnet.h"
76 #include "pf.h"
77 #ifndef offsetof
78 #define offsetof(s, e) ((size_t)&((s *)0)->e)
79 #endif
80 #ifdef INET6
81 #ifndef WIN32
82 #include <netdb.h> /* for "struct addrinfo" */
83 #endif /* WIN32 */
84 #endif /*INET6*/
85 #include <pcap-namedb.h>
86
87 #define ETHERMTU 1500
88
89 #ifndef IPPROTO_SCTP
90 #define IPPROTO_SCTP 132
91 #endif
92
93 #ifdef HAVE_OS_PROTO_H
94 #include "os-proto.h"
95 #endif
96
97 #define JMP(c) ((c)|BPF_JMP|BPF_K)
98
99 /* Locals */
100 static jmp_buf top_ctx;
101 static pcap_t *bpf_pcap;
102
103 /* Hack for updating VLAN, MPLS offsets. */
104 static u_int orig_linktype = -1U, orig_nl = -1U;
105
106 /* XXX */
107 #ifdef PCAP_FDDIPAD
108 static int pcap_fddipad;
109 #endif
110
111 void bpf_error(const char *fmt, ...) __attribute__((noreturn));
112
113 /* VARARGS */
114 void
115 bpf_error(const char *fmt, ...)
116 {
117 va_list ap;
118
119 va_start(ap, fmt);
120 if (bpf_pcap != NULL)
121 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE,
122 fmt, ap);
123 va_end(ap);
124 longjmp(top_ctx, 1);
125 /* NOTREACHED */
126 }
127
128 static void init_linktype(pcap_t *);
129
130 static int alloc_reg(void);
131 static void free_reg(int);
132
133 static struct block *root;
134
135 /*
136 * We divy out chunks of memory rather than call malloc each time so
137 * we don't have to worry about leaking memory. It's probably
138 * not a big deal if all this memory was wasted but if this ever
139 * goes into a library that would probably not be a good idea.
140 *
141 * XXX - this *is* in a library....
142 */
143 #define NCHUNKS 16
144 #define CHUNK0SIZE 1024
145 struct chunk {
146 u_int n_left;
147 void *m;
148 };
149
150 static struct chunk chunks[NCHUNKS];
151 static int cur_chunk;
152
153 static void *newchunk(u_int);
154 static void freechunks(void);
155 static inline struct block *new_block(int);
156 static inline struct slist *new_stmt(int);
157 static struct block *gen_retblk(int);
158 static inline void syntax(void);
159
160 static void backpatch(struct block *, struct block *);
161 static void merge(struct block *, struct block *);
162 static struct block *gen_cmp(u_int, u_int, bpf_int32);
163 static struct block *gen_cmp_gt(u_int, u_int, bpf_int32);
164 static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32);
165 static struct block *gen_bcmp(u_int, u_int, const u_char *);
166 static struct block *gen_ncmp(bpf_u_int32, bpf_u_int32, bpf_u_int32,
167 bpf_u_int32, bpf_u_int32, int);
168 static struct block *gen_uncond(int);
169 static inline struct block *gen_true(void);
170 static inline struct block *gen_false(void);
171 static struct block *gen_ether_linktype(int);
172 static struct block *gen_linux_sll_linktype(int);
173 static struct block *gen_linktype(int);
174 static struct block *gen_snap(bpf_u_int32, bpf_u_int32, u_int);
175 static struct block *gen_llc_linktype(int);
176 static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int);
177 #ifdef INET6
178 static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int);
179 #endif
180 static struct block *gen_ahostop(const u_char *, int);
181 static struct block *gen_ehostop(const u_char *, int);
182 static struct block *gen_fhostop(const u_char *, int);
183 static struct block *gen_thostop(const u_char *, int);
184 static struct block *gen_wlanhostop(const u_char *, int);
185 static struct block *gen_ipfchostop(const u_char *, int);
186 static struct block *gen_dnhostop(bpf_u_int32, int, u_int);
187 static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int);
188 #ifdef INET6
189 static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int);
190 #endif
191 #ifndef INET6
192 static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int);
193 #endif
194 static struct block *gen_ipfrag(void);
195 static struct block *gen_portatom(int, bpf_int32);
196 static struct block *gen_portrangeatom(int, bpf_int32, bpf_int32);
197 #ifdef INET6
198 static struct block *gen_portatom6(int, bpf_int32);
199 static struct block *gen_portrangeatom6(int, bpf_int32, bpf_int32);
200 #endif
201 struct block *gen_portop(int, int, int);
202 static struct block *gen_port(int, int, int);
203 struct block *gen_portrangeop(int, int, int, int);
204 static struct block *gen_portrange(int, int, int, int);
205 #ifdef INET6
206 struct block *gen_portop6(int, int, int);
207 static struct block *gen_port6(int, int, int);
208 struct block *gen_portrangeop6(int, int, int, int);
209 static struct block *gen_portrange6(int, int, int, int);
210 #endif
211 static int lookup_proto(const char *, int);
212 static struct block *gen_protochain(int, int, int);
213 static struct block *gen_proto(int, int, int);
214 static struct slist *xfer_to_x(struct arth *);
215 static struct slist *xfer_to_a(struct arth *);
216 static struct block *gen_mac_multicast(int);
217 static struct block *gen_len(int, int);
218
219 static struct block *gen_msg_abbrev(int type);
220
221 static void *
222 newchunk(n)
223 u_int n;
224 {
225 struct chunk *cp;
226 int k;
227 size_t size;
228
229 #ifndef __NetBSD__
230 /* XXX Round up to nearest long. */
231 n = (n + sizeof(long) - 1) & ~(sizeof(long) - 1);
232 #else
233 /* XXX Round up to structure boundary. */
234 n = ALIGN(n);
235 #endif
236
237 cp = &chunks[cur_chunk];
238 if (n > cp->n_left) {
239 ++cp, k = ++cur_chunk;
240 if (k >= NCHUNKS)
241 bpf_error("out of memory");
242 size = CHUNK0SIZE << k;
243 cp->m = (void *)malloc(size);
244 if (cp->m == NULL)
245 bpf_error("out of memory");
246 memset((char *)cp->m, 0, size);
247 cp->n_left = size;
248 if (n > size)
249 bpf_error("out of memory");
250 }
251 cp->n_left -= n;
252 return (void *)((char *)cp->m + cp->n_left);
253 }
254
255 static void
256 freechunks()
257 {
258 int i;
259
260 cur_chunk = 0;
261 for (i = 0; i < NCHUNKS; ++i)
262 if (chunks[i].m != NULL) {
263 free(chunks[i].m);
264 chunks[i].m = NULL;
265 }
266 }
267
268 /*
269 * A strdup whose allocations are freed after code generation is over.
270 */
271 char *
272 sdup(s)
273 register const char *s;
274 {
275 int n = strlen(s) + 1;
276 char *cp = newchunk(n);
277
278 strlcpy(cp, s, n);
279 return (cp);
280 }
281
282 static inline struct block *
283 new_block(code)
284 int code;
285 {
286 struct block *p;
287
288 p = (struct block *)newchunk(sizeof(*p));
289 p->s.code = code;
290 p->head = p;
291
292 return p;
293 }
294
295 static inline struct slist *
296 new_stmt(code)
297 int code;
298 {
299 struct slist *p;
300
301 p = (struct slist *)newchunk(sizeof(*p));
302 p->s.code = code;
303
304 return p;
305 }
306
307 static struct block *
308 gen_retblk(v)
309 int v;
310 {
311 struct block *b = new_block(BPF_RET|BPF_K);
312
313 b->s.k = v;
314 return b;
315 }
316
317 static inline void
318 syntax()
319 {
320 bpf_error("syntax error in filter expression");
321 }
322
323 static bpf_u_int32 netmask;
324 static int snaplen;
325 int no_optimize;
326
327 int
328 pcap_compile(pcap_t *p, struct bpf_program *program,
329 char *buf, int optimize, bpf_u_int32 mask)
330 {
331 extern int n_errors;
332 int len;
333
334 no_optimize = 0;
335 n_errors = 0;
336 root = NULL;
337 bpf_pcap = p;
338 if (setjmp(top_ctx)) {
339 lex_cleanup();
340 freechunks();
341 return (-1);
342 }
343
344 netmask = mask;
345
346 snaplen = pcap_snapshot(p);
347 if (snaplen == 0) {
348 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
349 "snaplen of 0 rejects all packets");
350 return -1;
351 }
352
353 lex_init(buf ? buf : "");
354 init_linktype(p);
355 (void)pcap_parse();
356
357 if (n_errors)
358 syntax();
359
360 if (root == NULL)
361 root = gen_retblk(snaplen);
362
363 if (optimize && !no_optimize) {
364 bpf_optimize(&root);
365 if (root == NULL ||
366 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0))
367 bpf_error("expression rejects all packets");
368 }
369 program->bf_insns = icode_to_fcode(root, &len);
370 program->bf_len = len;
371
372 lex_cleanup();
373 freechunks();
374 return (0);
375 }
376
377 /*
378 * entry point for using the compiler with no pcap open
379 * pass in all the stuff that is needed explicitly instead.
380 */
381 int
382 pcap_compile_nopcap(int snaplen_arg, int linktype_arg,
383 struct bpf_program *program,
384 char *buf, int optimize, bpf_u_int32 mask)
385 {
386 pcap_t *p;
387 int ret;
388
389 p = pcap_open_dead(linktype_arg, snaplen_arg);
390 if (p == NULL)
391 return (-1);
392 ret = pcap_compile(p, program, buf, optimize, mask);
393 pcap_close(p);
394 return (ret);
395 }
396
397 /*
398 * Clean up a "struct bpf_program" by freeing all the memory allocated
399 * in it.
400 */
401 void
402 pcap_freecode(struct bpf_program *program)
403 {
404 program->bf_len = 0;
405 if (program->bf_insns != NULL) {
406 free((char *)program->bf_insns);
407 program->bf_insns = NULL;
408 }
409 }
410
411 /*
412 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates
413 * which of the jt and jf fields has been resolved and which is a pointer
414 * back to another unresolved block (or nil). At least one of the fields
415 * in each block is already resolved.
416 */
417 static void
418 backpatch(list, target)
419 struct block *list, *target;
420 {
421 struct block *next;
422
423 while (list) {
424 if (!list->sense) {
425 next = JT(list);
426 JT(list) = target;
427 } else {
428 next = JF(list);
429 JF(list) = target;
430 }
431 list = next;
432 }
433 }
434
435 /*
436 * Merge the lists in b0 and b1, using the 'sense' field to indicate
437 * which of jt and jf is the link.
438 */
439 static void
440 merge(b0, b1)
441 struct block *b0, *b1;
442 {
443 register struct block **p = &b0;
444
445 /* Find end of list. */
446 while (*p)
447 p = !((*p)->sense) ? &JT(*p) : &JF(*p);
448
449 /* Concatenate the lists. */
450 *p = b1;
451 }
452
453 void
454 finish_parse(p)
455 struct block *p;
456 {
457 backpatch(p, gen_retblk(snaplen));
458 p->sense = !p->sense;
459 backpatch(p, gen_retblk(0));
460 root = p->head;
461 }
462
463 void
464 gen_and(b0, b1)
465 struct block *b0, *b1;
466 {
467 backpatch(b0, b1->head);
468 b0->sense = !b0->sense;
469 b1->sense = !b1->sense;
470 merge(b1, b0);
471 b1->sense = !b1->sense;
472 b1->head = b0->head;
473 }
474
475 void
476 gen_or(b0, b1)
477 struct block *b0, *b1;
478 {
479 b0->sense = !b0->sense;
480 backpatch(b0, b1->head);
481 b0->sense = !b0->sense;
482 merge(b1, b0);
483 b1->head = b0->head;
484 }
485
486 void
487 gen_not(b)
488 struct block *b;
489 {
490 b->sense = !b->sense;
491 }
492
493 static struct block *
494 gen_cmp(offset, size, v)
495 u_int offset, size;
496 bpf_int32 v;
497 {
498 struct slist *s;
499 struct block *b;
500
501 s = new_stmt(BPF_LD|BPF_ABS|size);
502 s->s.k = offset;
503
504 b = new_block(JMP(BPF_JEQ));
505 b->stmts = s;
506 b->s.k = v;
507
508 return b;
509 }
510
511 static struct block *
512 gen_cmp_gt(offset, size, v)
513 u_int offset, size;
514 bpf_int32 v;
515 {
516 struct slist *s;
517 struct block *b;
518
519 s = new_stmt(BPF_LD|BPF_ABS|size);
520 s->s.k = offset;
521
522 b = new_block(JMP(BPF_JGT));
523 b->stmts = s;
524 b->s.k = v;
525
526 return b;
527 }
528
529 static struct block *
530 gen_mcmp(offset, size, v, mask)
531 u_int offset, size;
532 bpf_int32 v;
533 bpf_u_int32 mask;
534 {
535 struct block *b = gen_cmp(offset, size, v);
536 struct slist *s;
537
538 if (mask != 0xffffffff) {
539 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
540 s->s.k = mask;
541 b->stmts->next = s;
542 }
543 return b;
544 }
545
546 static struct block *
547 gen_bcmp(offset, size, v)
548 register u_int offset, size;
549 register const u_char *v;
550 {
551 register struct block *b, *tmp;
552
553 b = NULL;
554 while (size >= 4) {
555 register const u_char *p = &v[size - 4];
556 bpf_int32 w = ((bpf_int32)p[0] << 24) |
557 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3];
558
559 tmp = gen_cmp(offset + size - 4, BPF_W, w);
560 if (b != NULL)
561 gen_and(b, tmp);
562 b = tmp;
563 size -= 4;
564 }
565 while (size >= 2) {
566 register const u_char *p = &v[size - 2];
567 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1];
568
569 tmp = gen_cmp(offset + size - 2, BPF_H, w);
570 if (b != NULL)
571 gen_and(b, tmp);
572 b = tmp;
573 size -= 2;
574 }
575 if (size > 0) {
576 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]);
577 if (b != NULL)
578 gen_and(b, tmp);
579 b = tmp;
580 }
581 return b;
582 }
583
584 static struct block *
585 gen_ncmp(datasize, offset, mask, jtype, jvalue, reverse)
586 bpf_u_int32 datasize, offset, mask, jtype, jvalue;
587 int reverse;
588 {
589 struct slist *s;
590 struct block *b;
591
592 s = new_stmt(BPF_LD|datasize|BPF_ABS);
593 s->s.k = offset;
594
595 if (mask != 0xffffffff) {
596 s->next = new_stmt(BPF_ALU|BPF_AND|BPF_K);
597 s->next->s.k = mask;
598 }
599
600 b = new_block(JMP(jtype));
601 b->stmts = s;
602 b->s.k = jvalue;
603 if (reverse && (jtype == BPF_JGT || jtype == BPF_JGE))
604 gen_not(b);
605 return b;
606 }
607
608 /*
609 * Various code constructs need to know the layout of the data link
610 * layer. These variables give the necessary offsets.
611 */
612
613 /*
614 * This is the offset of the beginning of the MAC-layer header.
615 * It's usually 0, except for ATM LANE.
616 */
617 static u_int off_mac;
618
619 /*
620 * "off_linktype" is the offset to information in the link-layer header
621 * giving the packet type.
622 *
623 * For Ethernet, it's the offset of the Ethernet type field.
624 *
625 * For link-layer types that always use 802.2 headers, it's the
626 * offset of the LLC header.
627 *
628 * For PPP, it's the offset of the PPP type field.
629 *
630 * For Cisco HDLC, it's the offset of the CHDLC type field.
631 *
632 * For BSD loopback, it's the offset of the AF_ value.
633 *
634 * For Linux cooked sockets, it's the offset of the type field.
635 *
636 * It's set to -1 for no encapsulation, in which case, IP is assumed.
637 */
638 static u_int off_linktype;
639
640 /*
641 * TRUE if the link layer includes an ATM pseudo-header.
642 */
643 static int is_atm = 0;
644
645 /*
646 * TRUE if "lane" appeared in the filter; it causes us to generate
647 * code that assumes LANE rather than LLC-encapsulated traffic in SunATM.
648 */
649 static int is_lane = 0;
650
651 /*
652 * These are offsets for the ATM pseudo-header.
653 */
654 static u_int off_vpi;
655 static u_int off_vci;
656 static u_int off_proto;
657
658 /*
659 * This is the offset of the first byte after the ATM pseudo_header,
660 * or -1 if there is no ATM pseudo-header.
661 */
662 static u_int off_payload;
663
664 /*
665 * These are offsets to the beginning of the network-layer header.
666 *
667 * If the link layer never uses 802.2 LLC:
668 *
669 * "off_nl" and "off_nl_nosnap" are the same.
670 *
671 * If the link layer always uses 802.2 LLC:
672 *
673 * "off_nl" is the offset if there's a SNAP header following
674 * the 802.2 header;
675 *
676 * "off_nl_nosnap" is the offset if there's no SNAP header.
677 *
678 * If the link layer is Ethernet:
679 *
680 * "off_nl" is the offset if the packet is an Ethernet II packet
681 * (we assume no 802.3+802.2+SNAP);
682 *
683 * "off_nl_nosnap" is the offset if the packet is an 802.3 packet
684 * with an 802.2 header following it.
685 */
686 static u_int off_nl;
687 static u_int off_nl_nosnap;
688
689 static int linktype;
690
691 static void
692 init_linktype(p)
693 pcap_t *p;
694 {
695 linktype = pcap_datalink(p);
696 #ifdef PCAP_FDDIPAD
697 pcap_fddipad = p->fddipad;
698 #endif
699
700 /*
701 * Assume it's not raw ATM with a pseudo-header, for now.
702 */
703 off_mac = 0;
704 is_atm = 0;
705 is_lane = 0;
706 off_vpi = -1;
707 off_vci = -1;
708 off_proto = -1;
709 off_payload = -1;
710
711 orig_linktype = -1;
712 orig_nl = -1;
713
714 switch (linktype) {
715
716 case DLT_ARCNET:
717 off_linktype = 2;
718 off_nl = 6; /* XXX in reality, variable! */
719 off_nl_nosnap = 6; /* no 802.2 LLC */
720 return;
721
722 case DLT_ARCNET_LINUX:
723 off_linktype = 4;
724 off_nl = 8; /* XXX in reality, variable! */
725 off_nl_nosnap = 8; /* no 802.2 LLC */
726 return;
727
728 case DLT_EN10MB:
729 off_linktype = 12;
730 off_nl = 14; /* Ethernet II */
731 off_nl_nosnap = 17; /* 802.3+802.2 */
732 return;
733
734 case DLT_SLIP:
735 /*
736 * SLIP doesn't have a link level type. The 16 byte
737 * header is hacked into our SLIP driver.
738 */
739 off_linktype = -1;
740 off_nl = 16;
741 off_nl_nosnap = 16; /* no 802.2 LLC */
742 return;
743
744 case DLT_SLIP_BSDOS:
745 /* XXX this may be the same as the DLT_PPP_BSDOS case */
746 off_linktype = -1;
747 /* XXX end */
748 off_nl = 24;
749 off_nl_nosnap = 24; /* no 802.2 LLC */
750 return;
751
752 case DLT_NULL:
753 case DLT_LOOP:
754 off_linktype = 0;
755 off_nl = 4;
756 off_nl_nosnap = 4; /* no 802.2 LLC */
757 return;
758
759 case DLT_ENC:
760 off_linktype = 0;
761 off_nl = 12;
762 off_nl_nosnap = 12; /* no 802.2 LLC */
763 return;
764
765 case DLT_PPP:
766 case DLT_PPP_PPPD:
767 case DLT_C_HDLC: /* BSD/OS Cisco HDLC */
768 case DLT_PPP_SERIAL: /* NetBSD sync/async serial PPP */
769 off_linktype = 2;
770 off_nl = 4;
771 off_nl_nosnap = 4; /* no 802.2 LLC */
772 return;
773
774 case DLT_PPP_ETHER:
775 /*
776 * This does no include the Ethernet header, and
777 * only covers session state.
778 */
779 off_linktype = 6;
780 off_nl = 8;
781 off_nl_nosnap = 8; /* no 802.2 LLC */
782 return;
783
784 case DLT_PPP_BSDOS:
785 off_linktype = 5;
786 off_nl = 24;
787 off_nl_nosnap = 24; /* no 802.2 LLC */
788 return;
789
790 case DLT_FDDI:
791 /*
792 * FDDI doesn't really have a link-level type field.
793 * We set "off_linktype" to the offset of the LLC header.
794 *
795 * To check for Ethernet types, we assume that SSAP = SNAP
796 * is being used and pick out the encapsulated Ethernet type.
797 * XXX - should we generate code to check for SNAP?
798 */
799 off_linktype = 13;
800 #ifdef PCAP_FDDIPAD
801 off_linktype += pcap_fddipad;
802 #endif
803 off_nl = 21; /* FDDI+802.2+SNAP */
804 off_nl_nosnap = 16; /* FDDI+802.2 */
805 #ifdef PCAP_FDDIPAD
806 off_nl += pcap_fddipad;
807 off_nl_nosnap += pcap_fddipad;
808 #endif
809 return;
810
811 case DLT_IEEE802:
812 /*
813 * Token Ring doesn't really have a link-level type field.
814 * We set "off_linktype" to the offset of the LLC header.
815 *
816 * To check for Ethernet types, we assume that SSAP = SNAP
817 * is being used and pick out the encapsulated Ethernet type.
818 * XXX - should we generate code to check for SNAP?
819 *
820 * XXX - the header is actually variable-length.
821 * Some various Linux patched versions gave 38
822 * as "off_linktype" and 40 as "off_nl"; however,
823 * if a token ring packet has *no* routing
824 * information, i.e. is not source-routed, the correct
825 * values are 20 and 22, as they are in the vanilla code.
826 *
827 * A packet is source-routed iff the uppermost bit
828 * of the first byte of the source address, at an
829 * offset of 8, has the uppermost bit set. If the
830 * packet is source-routed, the total number of bytes
831 * of routing information is 2 plus bits 0x1F00 of
832 * the 16-bit value at an offset of 14 (shifted right
833 * 8 - figure out which byte that is).
834 */
835 off_linktype = 14;
836 off_nl = 22; /* Token Ring+802.2+SNAP */
837 off_nl_nosnap = 17; /* Token Ring+802.2 */
838 return;
839
840 case DLT_IEEE802_11:
841 /*
842 * 802.11 doesn't really have a link-level type field.
843 * We set "off_linktype" to the offset of the LLC header.
844 *
845 * To check for Ethernet types, we assume that SSAP = SNAP
846 * is being used and pick out the encapsulated Ethernet type.
847 * XXX - should we generate code to check for SNAP?
848 *
849 * XXX - the header is actually variable-length. We
850 * assume a 24-byte link-layer header, as appears in
851 * data frames in networks with no bridges. If the
852 * fromds and tods 802.11 header bits are both set,
853 * it's actually supposed to be 30 bytes.
854 */
855 off_linktype = 24;
856 off_nl = 32; /* 802.11+802.2+SNAP */
857 off_nl_nosnap = 27; /* 802.11+802.2 */
858 return;
859
860 case DLT_PRISM_HEADER:
861 /*
862 * Same as 802.11, but with an additional header before
863 * the 802.11 header, containing a bunch of additional
864 * information including radio-level information.
865 *
866 * The header is 144 bytes long.
867 *
868 * XXX - same variable-length header problem; at least
869 * the Prism header is fixed-length.
870 */
871 off_linktype = 144+24;
872 off_nl = 144+32; /* Prism+802.11+802.2+SNAP */
873 off_nl_nosnap = 144+27; /* Prism+802.11+802.2 */
874 return;
875
876 case DLT_IEEE802_11_RADIO_AVS:
877 /*
878 * Same as 802.11, but with an additional header before
879 * the 802.11 header, containing a bunch of additional
880 * information including radio-level information.
881 *
882 * The header is 64 bytes long, at least in its
883 * current incarnation.
884 *
885 * XXX - same variable-length header problem, only
886 * more so; this header is also variable-length,
887 * with the length being the 32-bit big-endian
888 * number at an offset of 4 from the beginning
889 * of the radio header.
890 */
891 off_linktype = 64+24;
892 off_nl = 64+32; /* Radio+802.11+802.2+SNAP */
893 off_nl_nosnap = 64+27; /* Radio+802.11+802.2 */
894 return;
895
896 case DLT_IEEE802_11_RADIO:
897 /*
898 * Same as 802.11, but with an additional header before
899 * the 802.11 header, containing a bunch of additional
900 * information including radio-level information.
901 *
902 * XXX - same variable-length header problem, only
903 * even *more* so; this header is also variable-length,
904 * with the length being the 16-bit number at an offset
905 * of 2 from the beginning of the radio header, and it's
906 * device-dependent (different devices might supply
907 * different amounts of information), so we can't even
908 * assume a fixed length for the current version of the
909 * header.
910 *
911 * Therefore, currently, only raw "link[N:M]" filtering is
912 * supported.
913 */
914 off_linktype = -1;
915 off_nl = -1;
916 off_nl_nosnap = -1;
917 return;
918
919 case DLT_ATM_RFC1483:
920 case DLT_ATM_CLIP: /* Linux ATM defines this */
921 /*
922 * assume routed, non-ISO PDUs
923 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00)
924 */
925 off_linktype = 0;
926 off_nl = 8; /* 802.2+SNAP */
927 off_nl_nosnap = 3; /* 802.2 */
928 return;
929
930 case DLT_SUNATM:
931 /*
932 * Full Frontal ATM; you get AALn PDUs with an ATM
933 * pseudo-header.
934 */
935 is_atm = 1;
936 off_vpi = SUNATM_VPI_POS;
937 off_vci = SUNATM_VCI_POS;
938 off_proto = PROTO_POS;
939 off_mac = -1; /* LLC-encapsulated, so no MAC-layer header */
940 off_payload = SUNATM_PKT_BEGIN_POS;
941 off_linktype = off_payload;
942 off_nl = off_payload+8; /* 802.2+SNAP */
943 off_nl_nosnap = off_payload+3; /* 802.2 */
944 return;
945
946 case DLT_RAW:
947 off_linktype = -1;
948 off_nl = 0;
949 off_nl_nosnap = 0; /* no 802.2 LLC */
950 return;
951
952 case DLT_LINUX_SLL: /* fake header for Linux cooked socket */
953 off_linktype = 14;
954 off_nl = 16;
955 off_nl_nosnap = 16; /* no 802.2 LLC */
956 return;
957
958 case DLT_LTALK:
959 /*
960 * LocalTalk does have a 1-byte type field in the LLAP header,
961 * but really it just indicates whether there is a "short" or
962 * "long" DDP packet following.
963 */
964 off_linktype = -1;
965 off_nl = 0;
966 off_nl_nosnap = 0; /* no 802.2 LLC */
967 return;
968
969 case DLT_IP_OVER_FC:
970 /*
971 * RFC 2625 IP-over-Fibre-Channel doesn't really have a
972 * link-level type field. We set "off_linktype" to the
973 * offset of the LLC header.
974 *
975 * To check for Ethernet types, we assume that SSAP = SNAP
976 * is being used and pick out the encapsulated Ethernet type.
977 * XXX - should we generate code to check for SNAP? RFC
978 * 2625 says SNAP should be used.
979 */
980 off_linktype = 16;
981 off_nl = 24; /* IPFC+802.2+SNAP */
982 off_nl_nosnap = 19; /* IPFC+802.2 */
983 return;
984
985 case DLT_FRELAY:
986 /*
987 * XXX - we should set this to handle SNAP-encapsulated
988 * frames (NLPID of 0x80).
989 */
990 off_linktype = -1;
991 off_nl = 0;
992 off_nl_nosnap = 0; /* no 802.2 LLC */
993 return;
994
995 case DLT_APPLE_IP_OVER_IEEE1394:
996 off_linktype = 16;
997 off_nl = 18;
998 off_nl_nosnap = 18; /* no 802.2 LLC */
999 return;
1000
1001 case DLT_LINUX_IRDA:
1002 /*
1003 * Currently, only raw "link[N:M]" filtering is supported.
1004 */
1005 off_linktype = -1;
1006 off_nl = -1;
1007 off_nl_nosnap = -1;
1008 return;
1009
1010 case DLT_DOCSIS:
1011 /*
1012 * Currently, only raw "link[N:M]" filtering is supported.
1013 */
1014 off_linktype = -1;
1015 off_nl = -1;
1016 off_nl_nosnap = -1;
1017 return;
1018
1019 case DLT_SYMANTEC_FIREWALL:
1020 off_linktype = 6;
1021 off_nl = 44; /* Ethernet II */
1022 off_nl_nosnap = 44; /* XXX - what does it do with 802.3 packets? */
1023 return;
1024
1025 case DLT_PFLOG:
1026 off_linktype = 0;
1027 /* XXX read this from pf.h? */
1028 off_nl = PFLOG_HDRLEN;
1029 off_nl_nosnap = PFLOG_HDRLEN; /* no 802.2 LLC */
1030 return;
1031
1032 case DLT_JUNIPER_MLFR:
1033 case DLT_JUNIPER_MLPPP:
1034 off_linktype = 4;
1035 off_nl = 4;
1036 off_nl_nosnap = -1; /* no 802.2 LLC */
1037 return;
1038
1039 case DLT_JUNIPER_ATM1:
1040 off_linktype = 4; /* in reality variable between 4-8 */
1041 off_nl = 4;
1042 off_nl_nosnap = 14;
1043 return;
1044
1045 case DLT_JUNIPER_ATM2:
1046 off_linktype = 8; /* in reality variable between 8-12 */
1047 off_nl = 8;
1048 off_nl_nosnap = 18;
1049 return;
1050
1051 #ifdef DLT_PFSYNC
1052 case DLT_PFSYNC:
1053 off_linktype = -1;
1054 off_nl = 4;
1055 off_nl_nosnap = 4;
1056 return;
1057 #endif
1058
1059 case DLT_LINUX_LAPD:
1060 /*
1061 * Currently, only raw "link[N:M]" filtering is supported.
1062 */
1063 off_linktype = -1;
1064 off_nl = -1;
1065 off_nl_nosnap = -1;
1066 return;
1067 }
1068 bpf_error("unknown data link type %d", linktype);
1069 /* NOTREACHED */
1070 }
1071
1072 static struct block *
1073 gen_uncond(rsense)
1074 int rsense;
1075 {
1076 struct block *b;
1077 struct slist *s;
1078
1079 s = new_stmt(BPF_LD|BPF_IMM);
1080 s->s.k = !rsense;
1081 b = new_block(JMP(BPF_JEQ));
1082 b->stmts = s;
1083
1084 return b;
1085 }
1086
1087 static inline struct block *
1088 gen_true()
1089 {
1090 return gen_uncond(1);
1091 }
1092
1093 static inline struct block *
1094 gen_false()
1095 {
1096 return gen_uncond(0);
1097 }
1098
1099 /*
1100 * Byte-swap a 32-bit number.
1101 * ("htonl()" or "ntohl()" won't work - we want to byte-swap even on
1102 * big-endian platforms.)
1103 */
1104 #define SWAPLONG(y) \
1105 ((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff))
1106
1107 /*
1108 * Generate code to match a particular packet type.
1109 *
1110 * "proto" is an Ethernet type value, if > ETHERMTU, or an LLC SAP
1111 * value, if <= ETHERMTU. We use that to determine whether to
1112 * match the type/length field or to check the type/length field for
1113 * a value <= ETHERMTU to see whether it's a type field and then do
1114 * the appropriate test.
1115 */
1116 static struct block *
1117 gen_ether_linktype(proto)
1118 register int proto;
1119 {
1120 struct block *b0, *b1;
1121
1122 switch (proto) {
1123
1124 case LLCSAP_ISONS:
1125 case LLCSAP_IP:
1126 case LLCSAP_NETBEUI:
1127 /*
1128 * OSI protocols and NetBEUI always use 802.2 encapsulation,
1129 * so we check the DSAP and SSAP.
1130 *
1131 * LLCSAP_IP checks for IP-over-802.2, rather
1132 * than IP-over-Ethernet or IP-over-SNAP.
1133 *
1134 * XXX - should we check both the DSAP and the
1135 * SSAP, like this, or should we check just the
1136 * DSAP, as we do for other types <= ETHERMTU
1137 * (i.e., other SAP values)?
1138 */
1139 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1140 gen_not(b0);
1141 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1142 ((proto << 8) | proto));
1143 gen_and(b0, b1);
1144 return b1;
1145
1146 case LLCSAP_IPX:
1147 /*
1148 * Check for;
1149 *
1150 * Ethernet_II frames, which are Ethernet
1151 * frames with a frame type of ETHERTYPE_IPX;
1152 *
1153 * Ethernet_802.3 frames, which are 802.3
1154 * frames (i.e., the type/length field is
1155 * a length field, <= ETHERMTU, rather than
1156 * a type field) with the first two bytes
1157 * after the Ethernet/802.3 header being
1158 * 0xFFFF;
1159 *
1160 * Ethernet_802.2 frames, which are 802.3
1161 * frames with an 802.2 LLC header and
1162 * with the IPX LSAP as the DSAP in the LLC
1163 * header;
1164 *
1165 * Ethernet_SNAP frames, which are 802.3
1166 * frames with an LLC header and a SNAP
1167 * header and with an OUI of 0x000000
1168 * (encapsulated Ethernet) and a protocol
1169 * ID of ETHERTYPE_IPX in the SNAP header.
1170 *
1171 * XXX - should we generate the same code both
1172 * for tests for LLCSAP_IPX and for ETHERTYPE_IPX?
1173 */
1174
1175 /*
1176 * This generates code to check both for the
1177 * IPX LSAP (Ethernet_802.2) and for Ethernet_802.3.
1178 */
1179 b0 = gen_cmp(off_linktype + 2, BPF_B, (bpf_int32)LLCSAP_IPX);
1180 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)0xFFFF);
1181 gen_or(b0, b1);
1182
1183 /*
1184 * Now we add code to check for SNAP frames with
1185 * ETHERTYPE_IPX, i.e. Ethernet_SNAP.
1186 */
1187 b0 = gen_snap(0x000000, ETHERTYPE_IPX, 14);
1188 gen_or(b0, b1);
1189
1190 /*
1191 * Now we generate code to check for 802.3
1192 * frames in general.
1193 */
1194 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1195 gen_not(b0);
1196
1197 /*
1198 * Now add the check for 802.3 frames before the
1199 * check for Ethernet_802.2 and Ethernet_802.3,
1200 * as those checks should only be done on 802.3
1201 * frames, not on Ethernet frames.
1202 */
1203 gen_and(b0, b1);
1204
1205 /*
1206 * Now add the check for Ethernet_II frames, and
1207 * do that before checking for the other frame
1208 * types.
1209 */
1210 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)ETHERTYPE_IPX);
1211 gen_or(b0, b1);
1212 return b1;
1213
1214 case ETHERTYPE_ATALK:
1215 case ETHERTYPE_AARP:
1216 /*
1217 * EtherTalk (AppleTalk protocols on Ethernet link
1218 * layer) may use 802.2 encapsulation.
1219 */
1220
1221 /*
1222 * Check for 802.2 encapsulation (EtherTalk phase 2?);
1223 * we check for an Ethernet type field less than
1224 * 1500, which means it's an 802.3 length field.
1225 */
1226 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1227 gen_not(b0);
1228
1229 /*
1230 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1231 * SNAP packets with an organization code of
1232 * 0x080007 (Apple, for Appletalk) and a protocol
1233 * type of ETHERTYPE_ATALK (Appletalk).
1234 *
1235 * 802.2-encapsulated ETHERTYPE_AARP packets are
1236 * SNAP packets with an organization code of
1237 * 0x000000 (encapsulated Ethernet) and a protocol
1238 * type of ETHERTYPE_AARP (Appletalk ARP).
1239 */
1240 if (proto == ETHERTYPE_ATALK)
1241 b1 = gen_snap(0x080007, ETHERTYPE_ATALK, 14);
1242 else /* proto == ETHERTYPE_AARP */
1243 b1 = gen_snap(0x000000, ETHERTYPE_AARP, 14);
1244 gen_and(b0, b1);
1245
1246 /*
1247 * Check for Ethernet encapsulation (Ethertalk
1248 * phase 1?); we just check for the Ethernet
1249 * protocol type.
1250 */
1251 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1252
1253 gen_or(b0, b1);
1254 return b1;
1255
1256 default:
1257 if (proto <= ETHERMTU) {
1258 /*
1259 * This is an LLC SAP value, so the frames
1260 * that match would be 802.2 frames.
1261 * Check that the frame is an 802.2 frame
1262 * (i.e., that the length/type field is
1263 * a length field, <= ETHERMTU) and
1264 * then check the DSAP.
1265 */
1266 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1267 gen_not(b0);
1268 b1 = gen_cmp(off_linktype + 2, BPF_B, (bpf_int32)proto);
1269 gen_and(b0, b1);
1270 return b1;
1271 } else {
1272 /*
1273 * This is an Ethernet type, so compare
1274 * the length/type field with it (if
1275 * the frame is an 802.2 frame, the length
1276 * field will be <= ETHERMTU, and, as
1277 * "proto" is > ETHERMTU, this test
1278 * will fail and the frame won't match,
1279 * which is what we want).
1280 */
1281 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1282 }
1283 }
1284 }
1285
1286 /*
1287 * Generate code to match a particular packet type.
1288 *
1289 * "proto" is an Ethernet type value, if > ETHERMTU, or an LLC SAP
1290 * value, if <= ETHERMTU. We use that to determine whether to
1291 * match the type field or to check the type field for the special
1292 * LINUX_SLL_P_802_2 value and then do the appropriate test.
1293 */
1294 static struct block *
1295 gen_linux_sll_linktype(proto)
1296 register int proto;
1297 {
1298 struct block *b0, *b1;
1299
1300 switch (proto) {
1301
1302 case LLCSAP_ISONS:
1303 case LLCSAP_IP:
1304 case LLCSAP_NETBEUI:
1305 /*
1306 * OSI protocols and NetBEUI always use 802.2 encapsulation,
1307 * so we check the DSAP and SSAP.
1308 *
1309 * LLCSAP_IP checks for IP-over-802.2, rather
1310 * than IP-over-Ethernet or IP-over-SNAP.
1311 *
1312 * XXX - should we check both the DSAP and the
1313 * SSAP, like this, or should we check just the
1314 * DSAP, as we do for other types <= ETHERMTU
1315 * (i.e., other SAP values)?
1316 */
1317 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1318 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1319 ((proto << 8) | proto));
1320 gen_and(b0, b1);
1321 return b1;
1322
1323 case LLCSAP_IPX:
1324 /*
1325 * Ethernet_II frames, which are Ethernet
1326 * frames with a frame type of ETHERTYPE_IPX;
1327 *
1328 * Ethernet_802.3 frames, which have a frame
1329 * type of LINUX_SLL_P_802_3;
1330 *
1331 * Ethernet_802.2 frames, which are 802.3
1332 * frames with an 802.2 LLC header (i.e, have
1333 * a frame type of LINUX_SLL_P_802_2) and
1334 * with the IPX LSAP as the DSAP in the LLC
1335 * header;
1336 *
1337 * Ethernet_SNAP frames, which are 802.3
1338 * frames with an LLC header and a SNAP
1339 * header and with an OUI of 0x000000
1340 * (encapsulated Ethernet) and a protocol
1341 * ID of ETHERTYPE_IPX in the SNAP header.
1342 *
1343 * First, do the checks on LINUX_SLL_P_802_2
1344 * frames; generate the check for either
1345 * Ethernet_802.2 or Ethernet_SNAP frames, and
1346 * then put a check for LINUX_SLL_P_802_2 frames
1347 * before it.
1348 */
1349 b0 = gen_cmp(off_linktype + 2, BPF_B,
1350 (bpf_int32)LLCSAP_IPX);
1351 b1 = gen_snap(0x000000, ETHERTYPE_IPX,
1352 off_linktype + 2);
1353 gen_or(b0, b1);
1354 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1355 gen_and(b0, b1);
1356
1357 /*
1358 * Now check for 802.3 frames and OR that with
1359 * the previous test.
1360 */
1361 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_3);
1362 gen_or(b0, b1);
1363
1364 /*
1365 * Now add the check for Ethernet_II frames, and
1366 * do that before checking for the other frame
1367 * types.
1368 */
1369 b0 = gen_cmp(off_linktype, BPF_H,
1370 (bpf_int32)ETHERTYPE_IPX);
1371 gen_or(b0, b1);
1372 return b1;
1373
1374 case ETHERTYPE_ATALK:
1375 case ETHERTYPE_AARP:
1376 /*
1377 * EtherTalk (AppleTalk protocols on Ethernet link
1378 * layer) may use 802.2 encapsulation.
1379 */
1380
1381 /*
1382 * Check for 802.2 encapsulation (EtherTalk phase 2?);
1383 * we check for the 802.2 protocol type in the
1384 * "Ethernet type" field.
1385 */
1386 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1387
1388 /*
1389 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1390 * SNAP packets with an organization code of
1391 * 0x080007 (Apple, for Appletalk) and a protocol
1392 * type of ETHERTYPE_ATALK (Appletalk).
1393 *
1394 * 802.2-encapsulated ETHERTYPE_AARP packets are
1395 * SNAP packets with an organization code of
1396 * 0x000000 (encapsulated Ethernet) and a protocol
1397 * type of ETHERTYPE_AARP (Appletalk ARP).
1398 */
1399 if (proto == ETHERTYPE_ATALK)
1400 b1 = gen_snap(0x080007, ETHERTYPE_ATALK,
1401 off_linktype + 2);
1402 else /* proto == ETHERTYPE_AARP */
1403 b1 = gen_snap(0x000000, ETHERTYPE_AARP,
1404 off_linktype + 2);
1405 gen_and(b0, b1);
1406
1407 /*
1408 * Check for Ethernet encapsulation (Ethertalk
1409 * phase 1?); we just check for the Ethernet
1410 * protocol type.
1411 */
1412 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1413
1414 gen_or(b0, b1);
1415 return b1;
1416
1417 default:
1418 if (proto <= ETHERMTU) {
1419 /*
1420 * This is an LLC SAP value, so the frames
1421 * that match would be 802.2 frames.
1422 * Check for the 802.2 protocol type
1423 * in the "Ethernet type" field, and
1424 * then check the DSAP.
1425 */
1426 b0 = gen_cmp(off_linktype, BPF_H,
1427 LINUX_SLL_P_802_2);
1428 b1 = gen_cmp(off_linktype + 2, BPF_B,
1429 (bpf_int32)proto);
1430 gen_and(b0, b1);
1431 return b1;
1432 } else {
1433 /*
1434 * This is an Ethernet type, so compare
1435 * the length/type field with it (if
1436 * the frame is an 802.2 frame, the length
1437 * field will be <= ETHERMTU, and, as
1438 * "proto" is > ETHERMTU, this test
1439 * will fail and the frame won't match,
1440 * which is what we want).
1441 */
1442 return gen_cmp(off_linktype, BPF_H,
1443 (bpf_int32)proto);
1444 }
1445 }
1446 }
1447
1448 /*
1449 * Generate code to match a particular packet type by matching the
1450 * link-layer type field or fields in the 802.2 LLC header.
1451 *
1452 * "proto" is an Ethernet type value, if > ETHERMTU, or an LLC SAP
1453 * value, if <= ETHERMTU.
1454 */
1455 static struct block *
1456 gen_linktype(proto)
1457 register int proto;
1458 {
1459 struct block *b0, *b1, *b2;
1460
1461 switch (linktype) {
1462
1463 case DLT_EN10MB:
1464 return gen_ether_linktype(proto);
1465 /*NOTREACHED*/
1466 break;
1467
1468 case DLT_C_HDLC:
1469 switch (proto) {
1470
1471 case LLCSAP_ISONS:
1472 proto = (proto << 8 | LLCSAP_ISONS);
1473 /* fall through */
1474
1475 default:
1476 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1477 /*NOTREACHED*/
1478 break;
1479 }
1480 break;
1481
1482 case DLT_IEEE802_11:
1483 case DLT_PRISM_HEADER:
1484 case DLT_IEEE802_11_RADIO:
1485 case DLT_FDDI:
1486 case DLT_IEEE802:
1487 case DLT_ATM_RFC1483:
1488 case DLT_ATM_CLIP:
1489 case DLT_IP_OVER_FC:
1490 return gen_llc_linktype(proto);
1491 /*NOTREACHED*/
1492 break;
1493
1494 case DLT_SUNATM:
1495 /*
1496 * If "is_lane" is set, check for a LANE-encapsulated
1497 * version of this protocol, otherwise check for an
1498 * LLC-encapsulated version of this protocol.
1499 *
1500 * We assume LANE means Ethernet, not Token Ring.
1501 */
1502 if (is_lane) {
1503 /*
1504 * Check that the packet doesn't begin with an
1505 * LE Control marker. (We've already generated
1506 * a test for LANE.)
1507 */
1508 b0 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
1509 gen_not(b0);
1510
1511 /*
1512 * Now generate an Ethernet test.
1513 */
1514 b1 = gen_ether_linktype(proto);
1515 gen_and(b0, b1);
1516 return b1;
1517 } else {
1518 /*
1519 * Check for LLC encapsulation and then check the
1520 * protocol.
1521 */
1522 b0 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0);
1523 b1 = gen_llc_linktype(proto);
1524 gen_and(b0, b1);
1525 return b1;
1526 }
1527 /*NOTREACHED*/
1528 break;
1529
1530 case DLT_LINUX_SLL:
1531 return gen_linux_sll_linktype(proto);
1532 /*NOTREACHED*/
1533 break;
1534
1535 case DLT_SLIP:
1536 case DLT_SLIP_BSDOS:
1537 case DLT_RAW:
1538 /*
1539 * These types don't provide any type field; packets
1540 * are always IP.
1541 *
1542 * XXX - for IPv4, check for a version number of 4, and,
1543 * for IPv6, check for a version number of 6?
1544 */
1545 switch (proto) {
1546
1547 case ETHERTYPE_IP:
1548 #ifdef INET6
1549 case ETHERTYPE_IPV6:
1550 #endif
1551 return gen_true(); /* always true */
1552
1553 default:
1554 return gen_false(); /* always false */
1555 }
1556 /*NOTREACHED*/
1557 break;
1558
1559 case DLT_PPP:
1560 case DLT_PPP_PPPD:
1561 case DLT_PPP_SERIAL:
1562 case DLT_PPP_ETHER:
1563 /*
1564 * We use Ethernet protocol types inside libpcap;
1565 * map them to the corresponding PPP protocol types.
1566 */
1567 switch (proto) {
1568
1569 case ETHERTYPE_IP:
1570 proto = PPP_IP;
1571 break;
1572
1573 #ifdef INET6
1574 case ETHERTYPE_IPV6:
1575 proto = PPP_IPV6;
1576 break;
1577 #endif
1578
1579 case ETHERTYPE_DN:
1580 proto = PPP_DECNET;
1581 break;
1582
1583 case ETHERTYPE_ATALK:
1584 proto = PPP_APPLE;
1585 break;
1586
1587 case ETHERTYPE_NS:
1588 proto = PPP_NS;
1589 break;
1590
1591 case LLCSAP_ISONS:
1592 proto = PPP_OSI;
1593 break;
1594
1595 case LLCSAP_8021D:
1596 /*
1597 * I'm assuming the "Bridging PDU"s that go
1598 * over PPP are Spanning Tree Protocol
1599 * Bridging PDUs.
1600 */
1601 proto = PPP_BRPDU;
1602 break;
1603
1604 case LLCSAP_IPX:
1605 proto = PPP_IPX;
1606 break;
1607 }
1608 break;
1609
1610 case DLT_PPP_BSDOS:
1611 /*
1612 * We use Ethernet protocol types inside libpcap;
1613 * map them to the corresponding PPP protocol types.
1614 */
1615 switch (proto) {
1616
1617 case ETHERTYPE_IP:
1618 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP);
1619 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC);
1620 gen_or(b0, b1);
1621 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC);
1622 gen_or(b1, b0);
1623 return b0;
1624
1625 #ifdef INET6
1626 case ETHERTYPE_IPV6:
1627 proto = PPP_IPV6;
1628 /* more to go? */
1629 break;
1630 #endif
1631
1632 case ETHERTYPE_DN:
1633 proto = PPP_DECNET;
1634 break;
1635
1636 case ETHERTYPE_ATALK:
1637 proto = PPP_APPLE;
1638 break;
1639
1640 case ETHERTYPE_NS:
1641 proto = PPP_NS;
1642 break;
1643
1644 case LLCSAP_ISONS:
1645 proto = PPP_OSI;
1646 break;
1647
1648 case LLCSAP_8021D:
1649 /*
1650 * I'm assuming the "Bridging PDU"s that go
1651 * over PPP are Spanning Tree Protocol
1652 * Bridging PDUs.
1653 */
1654 proto = PPP_BRPDU;
1655 break;
1656
1657 case LLCSAP_IPX:
1658 proto = PPP_IPX;
1659 break;
1660 }
1661 break;
1662
1663 case DLT_NULL:
1664 case DLT_LOOP:
1665 case DLT_ENC:
1666 /*
1667 * For DLT_NULL, the link-layer header is a 32-bit
1668 * word containing an AF_ value in *host* byte order,
1669 * and for DLT_ENC, the link-layer header begins
1670 * with a 32-bit work containing an AF_ value in
1671 * host byte order.
1672 *
1673 * In addition, if we're reading a saved capture file,
1674 * the host byte order in the capture may not be the
1675 * same as the host byte order on this machine.
1676 *
1677 * For DLT_LOOP, the link-layer header is a 32-bit
1678 * word containing an AF_ value in *network* byte order.
1679 *
1680 * XXX - AF_ values may, unfortunately, be platform-
1681 * dependent; for example, FreeBSD's AF_INET6 is 24
1682 * whilst NetBSD's and OpenBSD's is 26.
1683 *
1684 * This means that, when reading a capture file, just
1685 * checking for our AF_INET6 value won't work if the
1686 * capture file came from another OS.
1687 */
1688 switch (proto) {
1689
1690 case ETHERTYPE_IP:
1691 proto = AF_INET;
1692 break;
1693
1694 #ifdef INET6
1695 case ETHERTYPE_IPV6:
1696 proto = AF_INET6;
1697 break;
1698 #endif
1699
1700 default:
1701 /*
1702 * Not a type on which we support filtering.
1703 * XXX - support those that have AF_ values
1704 * #defined on this platform, at least?
1705 */
1706 return gen_false();
1707 }
1708
1709 if (linktype == DLT_NULL || linktype == DLT_ENC) {
1710 /*
1711 * The AF_ value is in host byte order, but
1712 * the BPF interpreter will convert it to
1713 * network byte order.
1714 *
1715 * If this is a save file, and it's from a
1716 * machine with the opposite byte order to
1717 * ours, we byte-swap the AF_ value.
1718 *
1719 * Then we run it through "htonl()", and
1720 * generate code to compare against the result.
1721 */
1722 if (bpf_pcap->sf.rfile != NULL &&
1723 bpf_pcap->sf.swapped)
1724 proto = SWAPLONG(proto);
1725 proto = htonl(proto);
1726 }
1727 return (gen_cmp(0, BPF_W, (bpf_int32)proto));
1728
1729 case DLT_PFLOG:
1730 /*
1731 * af field is host byte order in contrast to the rest of
1732 * the packet.
1733 */
1734 if (proto == ETHERTYPE_IP)
1735 return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B,
1736 (bpf_int32)AF_INET));
1737 #ifdef INET6
1738 else if (proto == ETHERTYPE_IPV6)
1739 return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B,
1740 (bpf_int32)AF_INET6));
1741 #endif /* INET6 */
1742 else
1743 return gen_false();
1744 /*NOTREACHED*/
1745 break;
1746
1747 case DLT_ARCNET:
1748 case DLT_ARCNET_LINUX:
1749 /*
1750 * XXX should we check for first fragment if the protocol
1751 * uses PHDS?
1752 */
1753 switch (proto) {
1754
1755 default:
1756 return gen_false();
1757
1758 #ifdef INET6
1759 case ETHERTYPE_IPV6:
1760 return (gen_cmp(off_linktype, BPF_B,
1761 (bpf_int32)ARCTYPE_INET6));
1762 #endif /* INET6 */
1763
1764 case ETHERTYPE_IP:
1765 b0 = gen_cmp(off_linktype, BPF_B,
1766 (bpf_int32)ARCTYPE_IP);
1767 b1 = gen_cmp(off_linktype, BPF_B,
1768 (bpf_int32)ARCTYPE_IP_OLD);
1769 gen_or(b0, b1);
1770 return (b1);
1771
1772 case ETHERTYPE_ARP:
1773 b0 = gen_cmp(off_linktype, BPF_B,
1774 (bpf_int32)ARCTYPE_ARP);
1775 b1 = gen_cmp(off_linktype, BPF_B,
1776 (bpf_int32)ARCTYPE_ARP_OLD);
1777 gen_or(b0, b1);
1778 return (b1);
1779
1780 case ETHERTYPE_REVARP:
1781 return (gen_cmp(off_linktype, BPF_B,
1782 (bpf_int32)ARCTYPE_REVARP));
1783
1784 case ETHERTYPE_ATALK:
1785 return (gen_cmp(off_linktype, BPF_B,
1786 (bpf_int32)ARCTYPE_ATALK));
1787 }
1788 /*NOTREACHED*/
1789 break;
1790
1791 case DLT_LTALK:
1792 switch (proto) {
1793 case ETHERTYPE_ATALK:
1794 return gen_true();
1795 default:
1796 return gen_false();
1797 }
1798 /*NOTREACHED*/
1799 break;
1800
1801 case DLT_FRELAY:
1802 /*
1803 * XXX - assumes a 2-byte Frame Relay header with
1804 * DLCI and flags. What if the address is longer?
1805 */
1806 switch (proto) {
1807
1808 case ETHERTYPE_IP:
1809 /*
1810 * Check for the special NLPID for IP.
1811 */
1812 return gen_cmp(2, BPF_H, (0x03<<8) | 0xcc);
1813
1814 #ifdef INET6
1815 case ETHERTYPE_IPV6:
1816 /*
1817 * Check for the special NLPID for IPv6.
1818 */
1819 return gen_cmp(2, BPF_H, (0x03<<8) | 0x8e);
1820 #endif
1821
1822 case LLCSAP_ISONS:
1823 /*
1824 * Check for several OSI protocols.
1825 *
1826 * Frame Relay packets typically have an OSI
1827 * NLPID at the beginning; we check for each
1828 * of them.
1829 *
1830 * What we check for is the NLPID and a frame
1831 * control field of UI, i.e. 0x03 followed
1832 * by the NLPID.
1833 */
1834 b0 = gen_cmp(2, BPF_H, (0x03<<8) | ISO8473_CLNP);
1835 b1 = gen_cmp(2, BPF_H, (0x03<<8) | ISO9542_ESIS);
1836 b2 = gen_cmp(2, BPF_H, (0x03<<8) | ISO10589_ISIS);
1837 gen_or(b1, b2);
1838 gen_or(b0, b2);
1839 return b2;
1840
1841 default:
1842 return gen_false();
1843 }
1844 /*NOTREACHED*/
1845 break;
1846
1847 case DLT_JUNIPER_MLFR:
1848 case DLT_JUNIPER_MLPPP:
1849 case DLT_JUNIPER_ATM1:
1850 case DLT_JUNIPER_ATM2:
1851 /* just lets verify the magic number for now -
1852 * on ATM we may have up to 6 different encapsulations on the wire
1853 * and need a lot of heuristics to figure out that the payload
1854 * might be;
1855 *
1856 * FIXME encapsulation specific BPF_ filters
1857 */
1858 return gen_mcmp(0, BPF_W, 0x4d474300, 0xffffff00); /* compare the magic number */
1859
1860 case DLT_LINUX_IRDA:
1861 bpf_error("IrDA link-layer type filtering not implemented");
1862
1863 case DLT_DOCSIS:
1864 bpf_error("DOCSIS link-layer type filtering not implemented");
1865
1866 case DLT_LINUX_LAPD:
1867 bpf_error("LAPD link-layer type filtering not implemented");
1868 }
1869
1870 /*
1871 * All the types that have no encapsulation should either be
1872 * handled as DLT_SLIP, DLT_SLIP_BSDOS, and DLT_RAW are, if
1873 * all packets are IP packets, or should be handled in some
1874 * special case, if none of them are (if some are and some
1875 * aren't, the lack of encapsulation is a problem, as we'd
1876 * have to find some other way of determining the packet type).
1877 *
1878 * Therefore, if "off_linktype" is -1, there's an error.
1879 */
1880 if (off_linktype == (u_int)-1)
1881 abort();
1882
1883 /*
1884 * Any type not handled above should always have an Ethernet
1885 * type at an offset of "off_linktype". (PPP is partially
1886 * handled above - the protocol type is mapped from the
1887 * Ethernet and LLC types we use internally to the corresponding
1888 * PPP type - but the PPP type is always specified by a value
1889 * at "off_linktype", so we don't have to do the code generation
1890 * above.)
1891 */
1892 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1893 }
1894
1895 /*
1896 * Check for an LLC SNAP packet with a given organization code and
1897 * protocol type; we check the entire contents of the 802.2 LLC and
1898 * snap headers, checking for DSAP and SSAP of SNAP and a control
1899 * field of 0x03 in the LLC header, and for the specified organization
1900 * code and protocol type in the SNAP header.
1901 */
1902 static struct block *
1903 gen_snap(orgcode, ptype, offset)
1904 bpf_u_int32 orgcode;
1905 bpf_u_int32 ptype;
1906 u_int offset;
1907 {
1908 u_char snapblock[8];
1909
1910 snapblock[0] = LLCSAP_SNAP; /* DSAP = SNAP */
1911 snapblock[1] = LLCSAP_SNAP; /* SSAP = SNAP */
1912 snapblock[2] = 0x03; /* control = UI */
1913 snapblock[3] = (orgcode >> 16); /* upper 8 bits of organization code */
1914 snapblock[4] = (orgcode >> 8); /* middle 8 bits of organization code */
1915 snapblock[5] = (orgcode >> 0); /* lower 8 bits of organization code */
1916 snapblock[6] = (ptype >> 8); /* upper 8 bits of protocol type */
1917 snapblock[7] = (ptype >> 0); /* lower 8 bits of protocol type */
1918 return gen_bcmp(offset, 8, snapblock);
1919 }
1920
1921 /*
1922 * Generate code to match a particular packet type, for link-layer types
1923 * using 802.2 LLC headers.
1924 *
1925 * This is *NOT* used for Ethernet; "gen_ether_linktype()" is used
1926 * for that - it handles the D/I/X Ethernet vs. 802.3+802.2 issues.
1927 *
1928 * "proto" is an Ethernet type value, if > ETHERMTU, or an LLC SAP
1929 * value, if <= ETHERMTU. We use that to determine whether to
1930 * match the DSAP or both DSAP and LSAP or to check the OUI and
1931 * protocol ID in a SNAP header.
1932 */
1933 static struct block *
1934 gen_llc_linktype(proto)
1935 int proto;
1936 {
1937 /*
1938 * XXX - handle token-ring variable-length header.
1939 */
1940 switch (proto) {
1941
1942 case LLCSAP_IP:
1943 case LLCSAP_ISONS:
1944 case LLCSAP_NETBEUI:
1945 /*
1946 * XXX - should we check both the DSAP and the
1947 * SSAP, like this, or should we check just the
1948 * DSAP, as we do for other types <= ETHERMTU
1949 * (i.e., other SAP values)?
1950 */
1951 return gen_cmp(off_linktype, BPF_H, (long)
1952 ((proto << 8) | proto));
1953
1954 case LLCSAP_IPX:
1955 /*
1956 * XXX - are there ever SNAP frames for IPX on
1957 * non-Ethernet 802.x networks?
1958 */
1959 return gen_cmp(off_linktype, BPF_B, (bpf_int32)LLCSAP_IPX);
1960
1961 case ETHERTYPE_ATALK:
1962 /*
1963 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1964 * SNAP packets with an organization code of
1965 * 0x080007 (Apple, for Appletalk) and a protocol
1966 * type of ETHERTYPE_ATALK (Appletalk).
1967 *
1968 * XXX - check for an organization code of
1969 * encapsulated Ethernet as well?
1970 */
1971 return gen_snap(0x080007, ETHERTYPE_ATALK, off_linktype);
1972
1973 default:
1974 /*
1975 * XXX - we don't have to check for IPX 802.3
1976 * here, but should we check for the IPX Ethertype?
1977 */
1978 if (proto <= ETHERMTU) {
1979 /*
1980 * This is an LLC SAP value, so check
1981 * the DSAP.
1982 */
1983 return gen_cmp(off_linktype, BPF_B, (bpf_int32)proto);
1984 } else {
1985 /*
1986 * This is an Ethernet type; we assume that it's
1987 * unlikely that it'll appear in the right place
1988 * at random, and therefore check only the
1989 * location that would hold the Ethernet type
1990 * in a SNAP frame with an organization code of
1991 * 0x000000 (encapsulated Ethernet).
1992 *
1993 * XXX - if we were to check for the SNAP DSAP and
1994 * LSAP, as per XXX, and were also to check for an
1995 * organization code of 0x000000 (encapsulated
1996 * Ethernet), we'd do
1997 *
1998 * return gen_snap(0x000000, proto,
1999 * off_linktype);
2000 *
2001 * here; for now, we don't, as per the above.
2002 * I don't know whether it's worth the extra CPU
2003 * time to do the right check or not.
2004 */
2005 return gen_cmp(off_linktype+6, BPF_H, (bpf_int32)proto);
2006 }
2007 }
2008 }
2009
2010 static struct block *
2011 gen_hostop(addr, mask, dir, proto, src_off, dst_off)
2012 bpf_u_int32 addr;
2013 bpf_u_int32 mask;
2014 int dir, proto;
2015 u_int src_off, dst_off;
2016 {
2017 struct block *b0, *b1;
2018 u_int offset;
2019
2020 switch (dir) {
2021
2022 case Q_SRC:
2023 offset = src_off;
2024 break;
2025
2026 case Q_DST:
2027 offset = dst_off;
2028 break;
2029
2030 case Q_AND:
2031 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
2032 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
2033 gen_and(b0, b1);
2034 return b1;
2035
2036 case Q_OR:
2037 case Q_DEFAULT:
2038 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
2039 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
2040 gen_or(b0, b1);
2041 return b1;
2042
2043 default:
2044 abort();
2045 }
2046 b0 = gen_linktype(proto);
2047 b1 = gen_mcmp(offset, BPF_W, (bpf_int32)addr, mask);
2048 gen_and(b0, b1);
2049 return b1;
2050 }
2051
2052 #ifdef INET6
2053 static struct block *
2054 gen_hostop6(addr, mask, dir, proto, src_off, dst_off)
2055 struct in6_addr *addr;
2056 struct in6_addr *mask;
2057 int dir, proto;
2058 u_int src_off, dst_off;
2059 {
2060 struct block *b0, *b1;
2061 u_int offset;
2062 u_int32_t *a, *m;
2063
2064 switch (dir) {
2065
2066 case Q_SRC:
2067 offset = src_off;
2068 break;
2069
2070 case Q_DST:
2071 offset = dst_off;
2072 break;
2073
2074 case Q_AND:
2075 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
2076 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
2077 gen_and(b0, b1);
2078 return b1;
2079
2080 case Q_OR:
2081 case Q_DEFAULT:
2082 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
2083 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
2084 gen_or(b0, b1);
2085 return b1;
2086
2087 default:
2088 abort();
2089 }
2090 /* this order is important */
2091 a = (u_int32_t *)addr;
2092 m = (u_int32_t *)mask;
2093 b1 = gen_mcmp(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3]));
2094 b0 = gen_mcmp(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2]));
2095 gen_and(b0, b1);
2096 b0 = gen_mcmp(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1]));
2097 gen_and(b0, b1);
2098 b0 = gen_mcmp(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0]));
2099 gen_and(b0, b1);
2100 b0 = gen_linktype(proto);
2101 gen_and(b0, b1);
2102 return b1;
2103 }
2104 #endif /*INET6*/
2105
2106 static struct block *
2107 gen_ehostop(eaddr, dir)
2108 register const u_char *eaddr;
2109 register int dir;
2110 {
2111 register struct block *b0, *b1;
2112
2113 switch (dir) {
2114 case Q_SRC:
2115 return gen_bcmp(off_mac + 6, 6, eaddr);
2116
2117 case Q_DST:
2118 return gen_bcmp(off_mac + 0, 6, eaddr);
2119
2120 case Q_AND:
2121 b0 = gen_ehostop(eaddr, Q_SRC);
2122 b1 = gen_ehostop(eaddr, Q_DST);
2123 gen_and(b0, b1);
2124 return b1;
2125
2126 case Q_DEFAULT:
2127 case Q_OR:
2128 b0 = gen_ehostop(eaddr, Q_SRC);
2129 b1 = gen_ehostop(eaddr, Q_DST);
2130 gen_or(b0, b1);
2131 return b1;
2132 }
2133 abort();
2134 /* NOTREACHED */
2135 }
2136
2137 /*
2138 * Like gen_ehostop, but for DLT_FDDI
2139 */
2140 static struct block *
2141 gen_fhostop(eaddr, dir)
2142 register const u_char *eaddr;
2143 register int dir;
2144 {
2145 struct block *b0, *b1;
2146
2147 switch (dir) {
2148 case Q_SRC:
2149 #ifdef PCAP_FDDIPAD
2150 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr);
2151 #else
2152 return gen_bcmp(6 + 1, 6, eaddr);
2153 #endif
2154
2155 case Q_DST:
2156 #ifdef PCAP_FDDIPAD
2157 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr);
2158 #else
2159 return gen_bcmp(0 + 1, 6, eaddr);
2160 #endif
2161
2162 case Q_AND:
2163 b0 = gen_fhostop(eaddr, Q_SRC);
2164 b1 = gen_fhostop(eaddr, Q_DST);
2165 gen_and(b0, b1);
2166 return b1;
2167
2168 case Q_DEFAULT:
2169 case Q_OR:
2170 b0 = gen_fhostop(eaddr, Q_SRC);
2171 b1 = gen_fhostop(eaddr, Q_DST);
2172 gen_or(b0, b1);
2173 return b1;
2174 }
2175 abort();
2176 /* NOTREACHED */
2177 }
2178
2179 /*
2180 * Like gen_ehostop, but for DLT_IEEE802 (Token Ring)
2181 */
2182 static struct block *
2183 gen_thostop(eaddr, dir)
2184 register const u_char *eaddr;
2185 register int dir;
2186 {
2187 register struct block *b0, *b1;
2188
2189 switch (dir) {
2190 case Q_SRC:
2191 return gen_bcmp(8, 6, eaddr);
2192
2193 case Q_DST:
2194 return gen_bcmp(2, 6, eaddr);
2195
2196 case Q_AND:
2197 b0 = gen_thostop(eaddr, Q_SRC);
2198 b1 = gen_thostop(eaddr, Q_DST);
2199 gen_and(b0, b1);
2200 return b1;
2201
2202 case Q_DEFAULT:
2203 case Q_OR:
2204 b0 = gen_thostop(eaddr, Q_SRC);
2205 b1 = gen_thostop(eaddr, Q_DST);
2206 gen_or(b0, b1);
2207 return b1;
2208 }
2209 abort();
2210 /* NOTREACHED */
2211 }
2212
2213 /*
2214 * Like gen_ehostop, but for DLT_IEEE802_11 (802.11 wireless LAN)
2215 */
2216 static struct block *
2217 gen_wlanhostop(eaddr, dir)
2218 register const u_char *eaddr;
2219 register int dir;
2220 {
2221 register struct block *b0, *b1, *b2;
2222 register struct slist *s;
2223
2224 switch (dir) {
2225 case Q_SRC:
2226 /*
2227 * Oh, yuk.
2228 *
2229 * For control frames, there is no SA.
2230 *
2231 * For management frames, SA is at an
2232 * offset of 10 from the beginning of
2233 * the packet.
2234 *
2235 * For data frames, SA is at an offset
2236 * of 10 from the beginning of the packet
2237 * if From DS is clear, at an offset of
2238 * 16 from the beginning of the packet
2239 * if From DS is set and To DS is clear,
2240 * and an offset of 24 from the beginning
2241 * of the packet if From DS is set and To DS
2242 * is set.
2243 */
2244
2245 /*
2246 * Generate the tests to be done for data frames
2247 * with From DS set.
2248 *
2249 * First, check for To DS set, i.e. check "link[1] & 0x01".
2250 */
2251 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2252 s->s.k = 1;
2253 b1 = new_block(JMP(BPF_JSET));
2254 b1->s.k = 0x01; /* To DS */
2255 b1->stmts = s;
2256
2257 /*
2258 * If To DS is set, the SA is at 24.
2259 */
2260 b0 = gen_bcmp(24, 6, eaddr);
2261 gen_and(b1, b0);
2262
2263 /*
2264 * Now, check for To DS not set, i.e. check
2265 * "!(link[1] & 0x01)".
2266 */
2267 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2268 s->s.k = 1;
2269 b2 = new_block(JMP(BPF_JSET));
2270 b2->s.k = 0x01; /* To DS */
2271 b2->stmts = s;
2272 gen_not(b2);
2273
2274 /*
2275 * If To DS is not set, the SA is at 16.
2276 */
2277 b1 = gen_bcmp(16, 6, eaddr);
2278 gen_and(b2, b1);
2279
2280 /*
2281 * Now OR together the last two checks. That gives
2282 * the complete set of checks for data frames with
2283 * From DS set.
2284 */
2285 gen_or(b1, b0);
2286
2287 /*
2288 * Now check for From DS being set, and AND that with
2289 * the ORed-together checks.
2290 */
2291 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2292 s->s.k = 1;
2293 b1 = new_block(JMP(BPF_JSET));
2294 b1->s.k = 0x02; /* From DS */
2295 b1->stmts = s;
2296 gen_and(b1, b0);
2297
2298 /*
2299 * Now check for data frames with From DS not set.
2300 */
2301 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2302 s->s.k = 1;
2303 b2 = new_block(JMP(BPF_JSET));
2304 b2->s.k = 0x02; /* From DS */
2305 b2->stmts = s;
2306 gen_not(b2);
2307
2308 /*
2309 * If From DS isn't set, the SA is at 10.
2310 */
2311 b1 = gen_bcmp(10, 6, eaddr);
2312 gen_and(b2, b1);
2313
2314 /*
2315 * Now OR together the checks for data frames with
2316 * From DS not set and for data frames with From DS
2317 * set; that gives the checks done for data frames.
2318 */
2319 gen_or(b1, b0);
2320
2321 /*
2322 * Now check for a data frame.
2323 * I.e, check "link[0] & 0x08".
2324 */
2325 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2326 s->s.k = 0;
2327 b1 = new_block(JMP(BPF_JSET));
2328 b1->s.k = 0x08;
2329 b1->stmts = s;
2330
2331 /*
2332 * AND that with the checks done for data frames.
2333 */
2334 gen_and(b1, b0);
2335
2336 /*
2337 * If the high-order bit of the type value is 0, this
2338 * is a management frame.
2339 * I.e, check "!(link[0] & 0x08)".
2340 */
2341 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2342 s->s.k = 0;
2343 b2 = new_block(JMP(BPF_JSET));
2344 b2->s.k = 0x08;
2345 b2->stmts = s;
2346 gen_not(b2);
2347
2348 /*
2349 * For management frames, the SA is at 10.
2350 */
2351 b1 = gen_bcmp(10, 6, eaddr);
2352 gen_and(b2, b1);
2353
2354 /*
2355 * OR that with the checks done for data frames.
2356 * That gives the checks done for management and
2357 * data frames.
2358 */
2359 gen_or(b1, b0);
2360
2361 /*
2362 * If the low-order bit of the type value is 1,
2363 * this is either a control frame or a frame
2364 * with a reserved type, and thus not a
2365 * frame with an SA.
2366 *
2367 * I.e., check "!(link[0] & 0x04)".
2368 */
2369 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2370 s->s.k = 0;
2371 b1 = new_block(JMP(BPF_JSET));
2372 b1->s.k = 0x04;
2373 b1->stmts = s;
2374 gen_not(b1);
2375
2376 /*
2377 * AND that with the checks for data and management
2378 * frames.
2379 */
2380 gen_and(b1, b0);
2381 return b0;
2382
2383 case Q_DST:
2384 /*
2385 * Oh, yuk.
2386 *
2387 * For control frames, there is no DA.
2388 *
2389 * For management frames, DA is at an
2390 * offset of 4 from the beginning of
2391 * the packet.
2392 *
2393 * For data frames, DA is at an offset
2394 * of 4 from the beginning of the packet
2395 * if To DS is clear and at an offset of
2396 * 16 from the beginning of the packet
2397 * if To DS is set.
2398 */
2399
2400 /*
2401 * Generate the tests to be done for data frames.
2402 *
2403 * First, check for To DS set, i.e. "link[1] & 0x01".
2404 */
2405 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2406 s->s.k = 1;
2407 b1 = new_block(JMP(BPF_JSET));
2408 b1->s.k = 0x01; /* To DS */
2409 b1->stmts = s;
2410
2411 /*
2412 * If To DS is set, the DA is at 16.
2413 */
2414 b0 = gen_bcmp(16, 6, eaddr);
2415 gen_and(b1, b0);
2416
2417 /*
2418 * Now, check for To DS not set, i.e. check
2419 * "!(link[1] & 0x01)".
2420 */
2421 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2422 s->s.k = 1;
2423 b2 = new_block(JMP(BPF_JSET));
2424 b2->s.k = 0x01; /* To DS */
2425 b2->stmts = s;
2426 gen_not(b2);
2427
2428 /*
2429 * If To DS is not set, the DA is at 4.
2430 */
2431 b1 = gen_bcmp(4, 6, eaddr);
2432 gen_and(b2, b1);
2433
2434 /*
2435 * Now OR together the last two checks. That gives
2436 * the complete set of checks for data frames.
2437 */
2438 gen_or(b1, b0);
2439
2440 /*
2441 * Now check for a data frame.
2442 * I.e, check "link[0] & 0x08".
2443 */
2444 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2445 s->s.k = 0;
2446 b1 = new_block(JMP(BPF_JSET));
2447 b1->s.k = 0x08;
2448 b1->stmts = s;
2449
2450 /*
2451 * AND that with the checks done for data frames.
2452 */
2453 gen_and(b1, b0);
2454
2455 /*
2456 * If the high-order bit of the type value is 0, this
2457 * is a management frame.
2458 * I.e, check "!(link[0] & 0x08)".
2459 */
2460 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2461 s->s.k = 0;
2462 b2 = new_block(JMP(BPF_JSET));
2463 b2->s.k = 0x08;
2464 b2->stmts = s;
2465 gen_not(b2);
2466
2467 /*
2468 * For management frames, the DA is at 4.
2469 */
2470 b1 = gen_bcmp(4, 6, eaddr);
2471 gen_and(b2, b1);
2472
2473 /*
2474 * OR that with the checks done for data frames.
2475 * That gives the checks done for management and
2476 * data frames.
2477 */
2478 gen_or(b1, b0);
2479
2480 /*
2481 * If the low-order bit of the type value is 1,
2482 * this is either a control frame or a frame
2483 * with a reserved type, and thus not a
2484 * frame with an SA.
2485 *
2486 * I.e., check "!(link[0] & 0x04)".
2487 */
2488 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2489 s->s.k = 0;
2490 b1 = new_block(JMP(BPF_JSET));
2491 b1->s.k = 0x04;
2492 b1->stmts = s;
2493 gen_not(b1);
2494
2495 /*
2496 * AND that with the checks for data and management
2497 * frames.
2498 */
2499 gen_and(b1, b0);
2500 return b0;
2501
2502 case Q_AND:
2503 b0 = gen_wlanhostop(eaddr, Q_SRC);
2504 b1 = gen_wlanhostop(eaddr, Q_DST);
2505 gen_and(b0, b1);
2506 return b1;
2507
2508 case Q_DEFAULT:
2509 case Q_OR:
2510 b0 = gen_wlanhostop(eaddr, Q_SRC);
2511 b1 = gen_wlanhostop(eaddr, Q_DST);
2512 gen_or(b0, b1);
2513 return b1;
2514 }
2515 abort();
2516 /* NOTREACHED */
2517 }
2518
2519 /*
2520 * Like gen_ehostop, but for RFC 2625 IP-over-Fibre-Channel.
2521 * (We assume that the addresses are IEEE 48-bit MAC addresses,
2522 * as the RFC states.)
2523 */
2524 static struct block *
2525 gen_ipfchostop(eaddr, dir)
2526 register const u_char *eaddr;
2527 register int dir;
2528 {
2529 register struct block *b0, *b1;
2530
2531 switch (dir) {
2532 case Q_SRC:
2533 return gen_bcmp(10, 6, eaddr);
2534
2535 case Q_DST:
2536 return gen_bcmp(2, 6, eaddr);
2537
2538 case Q_AND:
2539 b0 = gen_ipfchostop(eaddr, Q_SRC);
2540 b1 = gen_ipfchostop(eaddr, Q_DST);
2541 gen_and(b0, b1);
2542 return b1;
2543
2544 case Q_DEFAULT:
2545 case Q_OR:
2546 b0 = gen_ipfchostop(eaddr, Q_SRC);
2547 b1 = gen_ipfchostop(eaddr, Q_DST);
2548 gen_or(b0, b1);
2549 return b1;
2550 }
2551 abort();
2552 /* NOTREACHED */
2553 }
2554
2555 /*
2556 * This is quite tricky because there may be pad bytes in front of the
2557 * DECNET header, and then there are two possible data packet formats that
2558 * carry both src and dst addresses, plus 5 packet types in a format that
2559 * carries only the src node, plus 2 types that use a different format and
2560 * also carry just the src node.
2561 *
2562 * Yuck.
2563 *
2564 * Instead of doing those all right, we just look for data packets with
2565 * 0 or 1 bytes of padding. If you want to look at other packets, that
2566 * will require a lot more hacking.
2567 *
2568 * To add support for filtering on DECNET "areas" (network numbers)
2569 * one would want to add a "mask" argument to this routine. That would
2570 * make the filter even more inefficient, although one could be clever
2571 * and not generate masking instructions if the mask is 0xFFFF.
2572 */
2573 static struct block *
2574 gen_dnhostop(addr, dir, base_off)
2575 bpf_u_int32 addr;
2576 int dir;
2577 u_int base_off;
2578 {
2579 struct block *b0, *b1, *b2, *tmp;
2580 u_int offset_lh; /* offset if long header is received */
2581 u_int offset_sh; /* offset if short header is received */
2582
2583 switch (dir) {
2584
2585 case Q_DST:
2586 offset_sh = 1; /* follows flags */
2587 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */
2588 break;
2589
2590 case Q_SRC:
2591 offset_sh = 3; /* follows flags, dstnode */
2592 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */
2593 break;
2594
2595 case Q_AND:
2596 /* Inefficient because we do our Calvinball dance twice */
2597 b0 = gen_dnhostop(addr, Q_SRC, base_off);
2598 b1 = gen_dnhostop(addr, Q_DST, base_off);
2599 gen_and(b0, b1);
2600 return b1;
2601
2602 case Q_OR:
2603 case Q_DEFAULT:
2604 /* Inefficient because we do our Calvinball dance twice */
2605 b0 = gen_dnhostop(addr, Q_SRC, base_off);
2606 b1 = gen_dnhostop(addr, Q_DST, base_off);
2607 gen_or(b0, b1);
2608 return b1;
2609
2610 case Q_ISO:
2611 bpf_error("ISO host filtering not implemented");
2612
2613 default:
2614 abort();
2615 }
2616 b0 = gen_linktype(ETHERTYPE_DN);
2617 /* Check for pad = 1, long header case */
2618 tmp = gen_mcmp(base_off + 2, BPF_H,
2619 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF));
2620 b1 = gen_cmp(base_off + 2 + 1 + offset_lh,
2621 BPF_H, (bpf_int32)ntohs(addr));
2622 gen_and(tmp, b1);
2623 /* Check for pad = 0, long header case */
2624 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7);
2625 b2 = gen_cmp(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr));
2626 gen_and(tmp, b2);
2627 gen_or(b2, b1);
2628 /* Check for pad = 1, short header case */
2629 tmp = gen_mcmp(base_off + 2, BPF_H,
2630 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF));
2631 b2 = gen_cmp(base_off + 2 + 1 + offset_sh,
2632 BPF_H, (bpf_int32)ntohs(addr));
2633 gen_and(tmp, b2);
2634 gen_or(b2, b1);
2635 /* Check for pad = 0, short header case */
2636 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7);
2637 b2 = gen_cmp(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr));
2638 gen_and(tmp, b2);
2639 gen_or(b2, b1);
2640
2641 /* Combine with test for linktype */
2642 gen_and(b0, b1);
2643 return b1;
2644 }
2645
2646 static struct block *
2647 gen_host(addr, mask, proto, dir)
2648 bpf_u_int32 addr;
2649 bpf_u_int32 mask;
2650 int proto;
2651 int dir;
2652 {
2653 struct block *b0, *b1;
2654
2655 switch (proto) {
2656
2657 case Q_DEFAULT:
2658 b0 = gen_host(addr, mask, Q_IP, dir);
2659 if (off_linktype != (u_int)-1) {
2660 b1 = gen_host(addr, mask, Q_ARP, dir);
2661 gen_or(b0, b1);
2662 b0 = gen_host(addr, mask, Q_RARP, dir);
2663 gen_or(b1, b0);
2664 }
2665 return b0;
2666
2667 case Q_IP:
2668 return gen_hostop(addr, mask, dir, ETHERTYPE_IP,
2669 off_nl + 12, off_nl + 16);
2670
2671 case Q_RARP:
2672 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP,
2673 off_nl + 14, off_nl + 24);
2674
2675 case Q_ARP:
2676 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP,
2677 off_nl + 14, off_nl + 24);
2678
2679 case Q_TCP:
2680 bpf_error("'tcp' modifier applied to host");
2681
2682 case Q_SCTP:
2683 bpf_error("'sctp' modifier applied to host");
2684
2685 case Q_UDP:
2686 bpf_error("'udp' modifier applied to host");
2687
2688 case Q_ICMP:
2689 bpf_error("'icmp' modifier applied to host");
2690
2691 case Q_IGMP:
2692 bpf_error("'igmp' modifier applied to host");
2693
2694 case Q_IGRP:
2695 bpf_error("'igrp' modifier applied to host");
2696
2697 case Q_PIM:
2698 bpf_error("'pim' modifier applied to host");
2699
2700 case Q_VRRP:
2701 bpf_error("'vrrp' modifier applied to host");
2702
2703 case Q_ATALK:
2704 bpf_error("ATALK host filtering not implemented");
2705
2706 case Q_AARP:
2707 bpf_error("AARP host filtering not implemented");
2708
2709 case Q_DECNET:
2710 return gen_dnhostop(addr, dir, off_nl);
2711
2712 case Q_SCA:
2713 bpf_error("SCA host filtering not implemented");
2714
2715 case Q_LAT:
2716 bpf_error("LAT host filtering not implemented");
2717
2718 case Q_MOPDL:
2719 bpf_error("MOPDL host filtering not implemented");
2720
2721 case Q_MOPRC:
2722 bpf_error("MOPRC host filtering not implemented");
2723
2724 #ifdef INET6
2725 case Q_IPV6:
2726 bpf_error("'ip6' modifier applied to ip host");
2727
2728 case Q_ICMPV6:
2729 bpf_error("'icmp6' modifier applied to host");
2730 #endif /* INET6 */
2731
2732 case Q_AH:
2733 bpf_error("'ah' modifier applied to host");
2734
2735 case Q_ESP:
2736 bpf_error("'esp' modifier applied to host");
2737
2738 case Q_ISO:
2739 bpf_error("ISO host filtering not implemented");
2740
2741 case Q_ESIS:
2742 bpf_error("'esis' modifier applied to host");
2743
2744 case Q_ISIS:
2745 bpf_error("'isis' modifier applied to host");
2746
2747 case Q_CLNP:
2748 bpf_error("'clnp' modifier applied to host");
2749
2750 case Q_STP:
2751 bpf_error("'stp' modifier applied to host");
2752
2753 case Q_IPX:
2754 bpf_error("IPX host filtering not implemented");
2755
2756 case Q_NETBEUI:
2757 bpf_error("'netbeui' modifier applied to host");
2758
2759 default:
2760 abort();
2761 }
2762 /* NOTREACHED */
2763 }
2764
2765 #ifdef INET6
2766 static struct block *
2767 gen_host6(addr, mask, proto, dir)
2768 struct in6_addr *addr;
2769 struct in6_addr *mask;
2770 int proto;
2771 int dir;
2772 {
2773 switch (proto) {
2774
2775 case Q_DEFAULT:
2776 return gen_host6(addr, mask, Q_IPV6, dir);
2777
2778 case Q_IP:
2779 bpf_error("'ip' modifier applied to ip6 host");
2780
2781 case Q_RARP:
2782 bpf_error("'rarp' modifier applied to ip6 host");
2783
2784 case Q_ARP:
2785 bpf_error("'arp' modifier applied to ip6 host");
2786
2787 case Q_SCTP:
2788 bpf_error("'sctp' modifier applied to host");
2789
2790 case Q_TCP:
2791 bpf_error("'tcp' modifier applied to host");
2792
2793 case Q_UDP:
2794 bpf_error("'udp' modifier applied to host");
2795
2796 case Q_ICMP:
2797 bpf_error("'icmp' modifier applied to host");
2798
2799 case Q_IGMP:
2800 bpf_error("'igmp' modifier applied to host");
2801
2802 case Q_IGRP:
2803 bpf_error("'igrp' modifier applied to host");
2804
2805 case Q_PIM:
2806 bpf_error("'pim' modifier applied to host");
2807
2808 case Q_VRRP:
2809 bpf_error("'vrrp' modifier applied to host");
2810
2811 case Q_ATALK:
2812 bpf_error("ATALK host filtering not implemented");
2813
2814 case Q_AARP:
2815 bpf_error("AARP host filtering not implemented");
2816
2817 case Q_DECNET:
2818 bpf_error("'decnet' modifier applied to ip6 host");
2819
2820 case Q_SCA:
2821 bpf_error("SCA host filtering not implemented");
2822
2823 case Q_LAT:
2824 bpf_error("LAT host filtering not implemented");
2825
2826 case Q_MOPDL:
2827 bpf_error("MOPDL host filtering not implemented");
2828
2829 case Q_MOPRC:
2830 bpf_error("MOPRC host filtering not implemented");
2831
2832 case Q_IPV6:
2833 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6,
2834 off_nl + 8, off_nl + 24);
2835
2836 case Q_ICMPV6:
2837 bpf_error("'icmp6' modifier applied to host");
2838
2839 case Q_AH:
2840 bpf_error("'ah' modifier applied to host");
2841
2842 case Q_ESP:
2843 bpf_error("'esp' modifier applied to host");
2844
2845 case Q_ISO:
2846 bpf_error("ISO host filtering not implemented");
2847
2848 case Q_ESIS:
2849 bpf_error("'esis' modifier applied to host");
2850
2851 case Q_ISIS:
2852 bpf_error("'isis' modifier applied to host");
2853
2854 case Q_CLNP:
2855 bpf_error("'clnp' modifier applied to host");
2856
2857 case Q_STP:
2858 bpf_error("'stp' modifier applied to host");
2859
2860 case Q_IPX:
2861 bpf_error("IPX host filtering not implemented");
2862
2863 case Q_NETBEUI:
2864 bpf_error("'netbeui' modifier applied to host");
2865
2866 default:
2867 abort();
2868 }
2869 /* NOTREACHED */
2870 }
2871 #endif /*INET6*/
2872
2873 #ifndef INET6
2874 static struct block *
2875 gen_gateway(eaddr, alist, proto, dir)
2876 const u_char *eaddr;
2877 bpf_u_int32 **alist;
2878 int proto;
2879 int dir;
2880 {
2881 struct block *b0, *b1, *tmp;
2882
2883 if (dir != 0)
2884 bpf_error("direction applied to 'gateway'");
2885
2886 switch (proto) {
2887 case Q_DEFAULT:
2888 case Q_IP:
2889 case Q_ARP:
2890 case Q_RARP:
2891 if (linktype == DLT_EN10MB)
2892 b0 = gen_ehostop(eaddr, Q_OR);
2893 else if (linktype == DLT_FDDI)
2894 b0 = gen_fhostop(eaddr, Q_OR);
2895 else if (linktype == DLT_IEEE802)
2896 b0 = gen_thostop(eaddr, Q_OR);
2897 else if (linktype == DLT_IEEE802_11)
2898 b0 = gen_wlanhostop(eaddr, Q_OR);
2899 else if (linktype == DLT_SUNATM && is_lane) {
2900 /*
2901 * Check that the packet doesn't begin with an
2902 * LE Control marker. (We've already generated
2903 * a test for LANE.)
2904 */
2905 b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
2906 gen_not(b1);
2907
2908 /*
2909 * Now check the MAC address.
2910 */
2911 b0 = gen_ehostop(eaddr, Q_OR);
2912 gen_and(b1, b0);
2913 } else if (linktype == DLT_IP_OVER_FC)
2914 b0 = gen_ipfchostop(eaddr, Q_OR);
2915 else
2916 bpf_error(
2917 "'gateway' supported only on ethernet/FDDI/token ring/802.11/Fibre Channel");
2918
2919 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR);
2920 while (*alist) {
2921 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR);
2922 gen_or(b1, tmp);
2923 b1 = tmp;
2924 }
2925 gen_not(b1);
2926 gen_and(b0, b1);
2927 return b1;
2928 }
2929 bpf_error("illegal modifier of 'gateway'");
2930 /* NOTREACHED */
2931 }
2932 #endif
2933
2934 struct block *
2935 gen_proto_abbrev(proto)
2936 int proto;
2937 {
2938 struct block *b0;
2939 struct block *b1;
2940
2941 switch (proto) {
2942
2943 case Q_SCTP:
2944 b1 = gen_proto(IPPROTO_SCTP, Q_IP, Q_DEFAULT);
2945 #ifdef INET6
2946 b0 = gen_proto(IPPROTO_SCTP, Q_IPV6, Q_DEFAULT);
2947 gen_or(b0, b1);
2948 #endif
2949 break;
2950
2951 case Q_TCP:
2952 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT);
2953 #ifdef INET6
2954 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT);
2955 gen_or(b0, b1);
2956 #endif
2957 break;
2958
2959 case Q_UDP:
2960 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT);
2961 #ifdef INET6
2962 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT);
2963 gen_or(b0, b1);
2964 #endif
2965 break;
2966
2967 case Q_ICMP:
2968 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT);
2969 break;
2970
2971 #ifndef IPPROTO_IGMP
2972 #define IPPROTO_IGMP 2
2973 #endif
2974
2975 case Q_IGMP:
2976 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT);
2977 break;
2978
2979 #ifndef IPPROTO_IGRP
2980 #define IPPROTO_IGRP 9
2981 #endif
2982 case Q_IGRP:
2983 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT);
2984 break;
2985
2986 #ifndef IPPROTO_PIM
2987 #define IPPROTO_PIM 103
2988 #endif
2989
2990 case Q_PIM:
2991 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT);
2992 #ifdef INET6
2993 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT);
2994 gen_or(b0, b1);
2995 #endif
2996 break;
2997
2998 #ifndef IPPROTO_VRRP
2999 #define IPPROTO_VRRP 112
3000 #endif
3001
3002 case Q_VRRP:
3003 b1 = gen_proto(IPPROTO_VRRP, Q_IP, Q_DEFAULT);
3004 break;
3005
3006 case Q_IP:
3007 b1 = gen_linktype(ETHERTYPE_IP);
3008 break;
3009
3010 case Q_ARP:
3011 b1 = gen_linktype(ETHERTYPE_ARP);
3012 break;
3013
3014 case Q_RARP:
3015 b1 = gen_linktype(ETHERTYPE_REVARP);
3016 break;
3017
3018 case Q_LINK:
3019 bpf_error("link layer applied in wrong context");
3020
3021 case Q_ATALK:
3022 b1 = gen_linktype(ETHERTYPE_ATALK);
3023 break;
3024
3025 case Q_AARP:
3026 b1 = gen_linktype(ETHERTYPE_AARP);
3027 break;
3028
3029 case Q_DECNET:
3030 b1 = gen_linktype(ETHERTYPE_DN);
3031 break;
3032
3033 case Q_SCA:
3034 b1 = gen_linktype(ETHERTYPE_SCA);
3035 break;
3036
3037 case Q_LAT:
3038 b1 = gen_linktype(ETHERTYPE_LAT);
3039 break;
3040
3041 case Q_MOPDL:
3042 b1 = gen_linktype(ETHERTYPE_MOPDL);
3043 break;
3044
3045 case Q_MOPRC:
3046 b1 = gen_linktype(ETHERTYPE_MOPRC);
3047 break;
3048
3049 #ifdef INET6
3050 case Q_IPV6:
3051 b1 = gen_linktype(ETHERTYPE_IPV6);
3052 break;
3053
3054 #ifndef IPPROTO_ICMPV6
3055 #define IPPROTO_ICMPV6 58
3056 #endif
3057 case Q_ICMPV6:
3058 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT);
3059 break;
3060 #endif /* INET6 */
3061
3062 #ifndef IPPROTO_AH
3063 #define IPPROTO_AH 51
3064 #endif
3065 case Q_AH:
3066 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT);
3067 #ifdef INET6
3068 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT);
3069 gen_or(b0, b1);
3070 #endif
3071 break;
3072
3073 #ifndef IPPROTO_ESP
3074 #define IPPROTO_ESP 50
3075 #endif
3076 case Q_ESP:
3077 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT);
3078 #ifdef INET6
3079 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT);
3080 gen_or(b0, b1);
3081 #endif
3082 break;
3083
3084 case Q_ISO:
3085 b1 = gen_linktype(LLCSAP_ISONS);
3086 break;
3087
3088 case Q_ESIS:
3089 b1 = gen_proto(ISO9542_ESIS, Q_ISO, Q_DEFAULT);
3090 break;
3091
3092 case Q_ISIS:
3093 b1 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT);
3094 break;
3095
3096 case Q_ISIS_L1: /* all IS-IS Level1 PDU-Types */
3097 b0 = gen_proto(ISIS_L1_LAN_IIH, Q_ISIS, Q_DEFAULT);
3098 b1 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT); /* FIXME extract the circuit-type bits */
3099 gen_or(b0, b1);
3100 b0 = gen_proto(ISIS_L1_LSP, Q_ISIS, Q_DEFAULT);
3101 gen_or(b0, b1);
3102 b0 = gen_proto(ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT);
3103 gen_or(b0, b1);
3104 b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT);
3105 gen_or(b0, b1);
3106 break;
3107
3108 case Q_ISIS_L2: /* all IS-IS Level2 PDU-Types */
3109 b0 = gen_proto(ISIS_L2_LAN_IIH, Q_ISIS, Q_DEFAULT);
3110 b1 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT); /* FIXME extract the circuit-type bits */
3111 gen_or(b0, b1);
3112 b0 = gen_proto(ISIS_L2_LSP, Q_ISIS, Q_DEFAULT);
3113 gen_or(b0, b1);
3114 b0 = gen_proto(ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT);
3115 gen_or(b0, b1);
3116 b0 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT);
3117 gen_or(b0, b1);
3118 break;
3119
3120 case Q_ISIS_IIH: /* all IS-IS Hello PDU-Types */
3121 b0 = gen_proto(ISIS_L1_LAN_IIH, Q_ISIS, Q_DEFAULT);
3122 b1 = gen_proto(ISIS_L2_LAN_IIH, Q_ISIS, Q_DEFAULT);
3123 gen_or(b0, b1);
3124 b0 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT);
3125 gen_or(b0, b1);
3126 break;
3127
3128 case Q_ISIS_LSP:
3129 b0 = gen_proto(ISIS_L1_LSP, Q_ISIS, Q_DEFAULT);
3130 b1 = gen_proto(ISIS_L2_LSP, Q_ISIS, Q_DEFAULT);
3131 gen_or(b0, b1);
3132 break;
3133
3134 case Q_ISIS_SNP:
3135 b0 = gen_proto(ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT);
3136 b1 = gen_proto(ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT);
3137 gen_or(b0, b1);
3138 b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT);
3139 gen_or(b0, b1);
3140 b0 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT);
3141 gen_or(b0, b1);
3142 break;
3143
3144 case Q_ISIS_CSNP:
3145 b0 = gen_proto(ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT);
3146 b1 = gen_proto(ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT);
3147 gen_or(b0, b1);
3148 break;
3149
3150 case Q_ISIS_PSNP:
3151 b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT);
3152 b1 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT);
3153 gen_or(b0, b1);
3154 break;
3155
3156 case Q_CLNP:
3157 b1 = gen_proto(ISO8473_CLNP, Q_ISO, Q_DEFAULT);
3158 break;
3159
3160 case Q_STP:
3161 b1 = gen_linktype(LLCSAP_8021D);
3162 break;
3163
3164 case Q_IPX:
3165 b1 = gen_linktype(LLCSAP_IPX);
3166 break;
3167
3168 case Q_NETBEUI:
3169 b1 = gen_linktype(LLCSAP_NETBEUI);
3170 break;
3171
3172 default:
3173 abort();
3174 }
3175 return b1;
3176 }
3177
3178 static struct block *
3179 gen_ipfrag()
3180 {
3181 struct slist *s;
3182 struct block *b;
3183
3184 /* not ip frag */
3185 s = new_stmt(BPF_LD|BPF_H|BPF_ABS);
3186 s->s.k = off_nl + 6;
3187 b = new_block(JMP(BPF_JSET));
3188 b->s.k = 0x1fff;
3189 b->stmts = s;
3190 gen_not(b);
3191
3192 return b;
3193 }
3194
3195 static struct block *
3196 gen_portatom(off, v)
3197 int off;
3198 bpf_int32 v;
3199 {
3200 struct slist *s;
3201 struct block *b;
3202
3203 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
3204 s->s.k = off_nl;
3205
3206 s->next = new_stmt(BPF_LD|BPF_IND|BPF_H);
3207 s->next->s.k = off_nl + off;
3208
3209 b = new_block(JMP(BPF_JEQ));
3210 b->stmts = s;
3211 b->s.k = v;
3212
3213 return b;
3214 }
3215
3216 #ifdef INET6
3217 static struct block *
3218 gen_portatom6(off, v)
3219 int off;
3220 bpf_int32 v;
3221 {
3222 return gen_cmp(off_nl + 40 + off, BPF_H, v);
3223 }
3224 #endif/*INET6*/
3225
3226 struct block *
3227 gen_portop(port, proto, dir)
3228 int port, proto, dir;
3229 {
3230 struct block *b0, *b1, *tmp;
3231
3232 /* ip proto 'proto' */
3233 tmp = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)proto);
3234 b0 = gen_ipfrag();
3235 gen_and(tmp, b0);
3236
3237 switch (dir) {
3238 case Q_SRC:
3239 b1 = gen_portatom(0, (bpf_int32)port);
3240 break;
3241
3242 case Q_DST:
3243 b1 = gen_portatom(2, (bpf_int32)port);
3244 break;
3245
3246 case Q_OR:
3247 case Q_DEFAULT:
3248 tmp = gen_portatom(0, (bpf_int32)port);
3249 b1 = gen_portatom(2, (bpf_int32)port);
3250 gen_or(tmp, b1);
3251 break;
3252
3253 case Q_AND:
3254 tmp = gen_portatom(0, (bpf_int32)port);
3255 b1 = gen_portatom(2, (bpf_int32)port);
3256 gen_and(tmp, b1);
3257 break;
3258
3259 default:
3260 abort();
3261 }
3262 gen_and(b0, b1);
3263
3264 return b1;
3265 }
3266
3267 static struct block *
3268 gen_port(port, ip_proto, dir)
3269 int port;
3270 int ip_proto;
3271 int dir;
3272 {
3273 struct block *b0, *b1, *tmp;
3274
3275 /*
3276 * ether proto ip
3277 *
3278 * For FDDI, RFC 1188 says that SNAP encapsulation is used,
3279 * not LLC encapsulation with LLCSAP_IP.
3280 *
3281 * For IEEE 802 networks - which includes 802.5 token ring
3282 * (which is what DLT_IEEE802 means) and 802.11 - RFC 1042
3283 * says that SNAP encapsulation is used, not LLC encapsulation
3284 * with LLCSAP_IP.
3285 *
3286 * For LLC-encapsulated ATM/"Classical IP", RFC 1483 and
3287 * RFC 2225 say that SNAP encapsulation is used, not LLC
3288 * encapsulation with LLCSAP_IP.
3289 *
3290 * So we always check for ETHERTYPE_IP.
3291 */
3292 b0 = gen_linktype(ETHERTYPE_IP);
3293
3294 switch (ip_proto) {
3295 case IPPROTO_UDP:
3296 case IPPROTO_TCP:
3297 case IPPROTO_SCTP:
3298 b1 = gen_portop(port, ip_proto, dir);
3299 break;
3300
3301 case PROTO_UNDEF:
3302 tmp = gen_portop(port, IPPROTO_TCP, dir);
3303 b1 = gen_portop(port, IPPROTO_UDP, dir);
3304 gen_or(tmp, b1);
3305 tmp = gen_portop(port, IPPROTO_SCTP, dir);
3306 gen_or(tmp, b1);
3307 break;
3308
3309 default:
3310 abort();
3311 }
3312 gen_and(b0, b1);
3313 return b1;
3314 }
3315
3316 #ifdef INET6
3317 struct block *
3318 gen_portop6(port, proto, dir)
3319 int port, proto, dir;
3320 {
3321 struct block *b0, *b1, *tmp;
3322
3323 /* ip6 proto 'proto' */
3324 b0 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)proto);
3325
3326 switch (dir) {
3327 case Q_SRC:
3328 b1 = gen_portatom6(0, (bpf_int32)port);
3329 break;
3330
3331 case Q_DST:
3332 b1 = gen_portatom6(2, (bpf_int32)port);
3333 break;
3334
3335 case Q_OR:
3336 case Q_DEFAULT:
3337 tmp = gen_portatom6(0, (bpf_int32)port);
3338 b1 = gen_portatom6(2, (bpf_int32)port);
3339 gen_or(tmp, b1);
3340 break;
3341
3342 case Q_AND:
3343 tmp = gen_portatom6(0, (bpf_int32)port);
3344 b1 = gen_portatom6(2, (bpf_int32)port);
3345 gen_and(tmp, b1);
3346 break;
3347
3348 default:
3349 abort();
3350 }
3351 gen_and(b0, b1);
3352
3353 return b1;
3354 }
3355
3356 static struct block *
3357 gen_port6(port, ip_proto, dir)
3358 int port;
3359 int ip_proto;
3360 int dir;
3361 {
3362 struct block *b0, *b1, *tmp;
3363
3364 /* link proto ip6 */
3365 b0 = gen_linktype(ETHERTYPE_IPV6);
3366
3367 switch (ip_proto) {
3368 case IPPROTO_UDP:
3369 case IPPROTO_TCP:
3370 case IPPROTO_SCTP:
3371 b1 = gen_portop6(port, ip_proto, dir);
3372 break;
3373
3374 case PROTO_UNDEF:
3375 tmp = gen_portop6(port, IPPROTO_TCP, dir);
3376 b1 = gen_portop6(port, IPPROTO_UDP, dir);
3377 gen_or(tmp, b1);
3378 tmp = gen_portop6(port, IPPROTO_SCTP, dir);
3379 gen_or(tmp, b1);
3380 break;
3381
3382 default:
3383 abort();
3384 }
3385 gen_and(b0, b1);
3386 return b1;
3387 }
3388 #endif /* INET6 */
3389
3390 /* gen_portrange code */
3391 struct block *
3392 gen_portrangeatom(off, v1, v2)
3393 int off;
3394 bpf_int32 v1, v2;
3395 {
3396 struct slist *s1, *s2;
3397 struct block *b1, *b2;
3398
3399 if (v1 > v2) {
3400 /*
3401 * Reverse the order of the ports, so v1 is the lower one.
3402 */
3403 bpf_int32 vtemp;
3404
3405 vtemp = v1;
3406 v1 = v2;
3407 v2 = vtemp;
3408 }
3409 s1 = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
3410 s1->s.k = off_nl;
3411
3412 s1->next = new_stmt(BPF_LD|BPF_IND|BPF_H);
3413 s1->next->s.k = off_nl + off;
3414
3415 b1 = new_block(JMP(BPF_JGE));
3416 b1->stmts = s1;
3417 b1->s.k = v1;
3418
3419 s2 = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
3420 s2->s.k = off_nl;
3421
3422 s2->next = new_stmt(BPF_LD|BPF_IND|BPF_H);
3423 s2->next->s.k = off_nl + off;
3424
3425 b2 = new_block(JMP(BPF_JGT));
3426 gen_not(b2);
3427 b2->stmts = s2;
3428 b2->s.k = v2;
3429
3430 gen_and(b1, b2);
3431
3432 return b2;
3433 }
3434
3435 struct block *
3436 gen_portrangeop(port1, port2, proto, dir)
3437 int port1, port2;
3438 int proto;
3439 int dir;
3440 {
3441 struct block *b0, *b1, *tmp;
3442
3443 /* ip proto 'proto' */
3444 tmp = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)proto);
3445 b0 = gen_ipfrag();
3446 gen_and(tmp, b0);
3447
3448 switch (dir) {
3449 case Q_SRC:
3450 b1 = gen_portrangeatom(0, (bpf_int32)port1, (bpf_int32)port2);
3451 break;
3452
3453 case Q_DST:
3454 b1 = gen_portrangeatom(2, (bpf_int32)port1, (bpf_int32)port2);
3455 break;
3456
3457 case Q_OR:
3458 case Q_DEFAULT:
3459 tmp = gen_portrangeatom(0, (bpf_int32)port1, (bpf_int32)port2);
3460 b1 = gen_portrangeatom(2, (bpf_int32)port1, (bpf_int32)port2);
3461 gen_or(tmp, b1);
3462 break;
3463
3464 case Q_AND:
3465 tmp = gen_portrangeatom(0, (bpf_int32)port1, (bpf_int32)port2);
3466 b1 = gen_portrangeatom(2, (bpf_int32)port1, (bpf_int32)port2);
3467 gen_and(tmp, b1);
3468 break;
3469
3470 default:
3471 abort();
3472 }
3473 gen_and(b0, b1);
3474
3475 return b1;
3476 }
3477
3478 static struct block *
3479 gen_portrange(port1, port2, ip_proto, dir)
3480 int port1, port2;
3481 int ip_proto;
3482 int dir;
3483 {
3484 struct block *b0, *b1, *tmp;
3485
3486 /* link proto ip */
3487 b0 = gen_linktype(ETHERTYPE_IP);
3488
3489 switch (ip_proto) {
3490 case IPPROTO_UDP:
3491 case IPPROTO_TCP:
3492 case IPPROTO_SCTP:
3493 b1 = gen_portrangeop(port1, port2, ip_proto, dir);
3494 break;
3495
3496 case PROTO_UNDEF:
3497 tmp = gen_portrangeop(port1, port2, IPPROTO_TCP, dir);
3498 b1 = gen_portrangeop(port1, port2, IPPROTO_UDP, dir);
3499 gen_or(tmp, b1);
3500 tmp = gen_portrangeop(port1, port2, IPPROTO_SCTP, dir);
3501 gen_or(tmp, b1);
3502 break;
3503
3504 default:
3505 abort();
3506 }
3507 gen_and(b0, b1);
3508 return b1;
3509 }
3510
3511 #ifdef INET6
3512 struct block *
3513 gen_portrangeatom6(off, v1, v2)
3514 int off;
3515 bpf_int32 v1, v2;
3516 {
3517 struct slist *s1, *s2;
3518 struct block *b1, *b2;
3519
3520 if (v1 > v2) {
3521 /*
3522 * Reverse the order of the ports, so v1 is the lower one.
3523 */
3524 bpf_int32 vtemp;
3525
3526 vtemp = v1;
3527 v1 = v2;
3528 v2 = vtemp;
3529 }
3530
3531 s1 = new_stmt(BPF_LD|BPF_ABS|BPF_H);
3532 s1->s.k = off_nl + 40 + off;
3533
3534 b1 = new_block(JMP(BPF_JGE));
3535 b1->stmts = s1;
3536 b1->s.k = v1;
3537
3538 s2 = new_stmt(BPF_LD|BPF_ABS|BPF_H);
3539 s2->s.k = off_nl + 40 + off;
3540
3541 b2 = new_block(JMP(BPF_JGT));
3542 gen_not(b2);
3543 b2->stmts = s2;
3544 b2->s.k = v2;
3545
3546 gen_and(b1, b2);
3547
3548 return b2;
3549 }
3550
3551 struct block *
3552 gen_portrangeop6(port1, port2, proto, dir)
3553 int port1, port2;
3554 int proto;
3555 int dir;
3556 {
3557 struct block *b0, *b1, *tmp;
3558
3559 /* ip6 proto 'proto' */
3560 b0 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)proto);
3561
3562 switch (dir) {
3563 case Q_SRC:
3564 b1 = gen_portrangeatom6(0, (bpf_int32)port1, (bpf_int32)port2);
3565 break;
3566
3567 case Q_DST:
3568 b1 = gen_portrangeatom6(2, (bpf_int32)port1, (bpf_int32)port2);
3569 break;
3570
3571 case Q_OR:
3572 case Q_DEFAULT:
3573 tmp = gen_portrangeatom6(0, (bpf_int32)port1, (bpf_int32)port2);
3574 b1 = gen_portrangeatom6(2, (bpf_int32)port1, (bpf_int32)port2);
3575 gen_or(tmp, b1);
3576 break;
3577
3578 case Q_AND:
3579 tmp = gen_portrangeatom6(0, (bpf_int32)port1, (bpf_int32)port2);
3580 b1 = gen_portrangeatom6(2, (bpf_int32)port1, (bpf_int32)port2);
3581 gen_and(tmp, b1);
3582 break;
3583
3584 default:
3585 abort();
3586 }
3587 gen_and(b0, b1);
3588
3589 return b1;
3590 }
3591
3592 static struct block *
3593 gen_portrange6(port1, port2, ip_proto, dir)
3594 int port1, port2;
3595 int ip_proto;
3596 int dir;
3597 {
3598 struct block *b0, *b1, *tmp;
3599
3600 /* link proto ip6 */
3601 b0 = gen_linktype(ETHERTYPE_IPV6);
3602
3603 switch (ip_proto) {
3604 case IPPROTO_UDP:
3605 case IPPROTO_TCP:
3606 case IPPROTO_SCTP:
3607 b1 = gen_portrangeop6(port1, port2, ip_proto, dir);
3608 break;
3609
3610 case PROTO_UNDEF:
3611 tmp = gen_portrangeop6(port1, port2, IPPROTO_TCP, dir);
3612 b1 = gen_portrangeop6(port1, port2, IPPROTO_UDP, dir);
3613 gen_or(tmp, b1);
3614 tmp = gen_portrangeop6(port1, port2, IPPROTO_SCTP, dir);
3615 gen_or(tmp, b1);
3616 break;
3617
3618 default:
3619 abort();
3620 }
3621 gen_and(b0, b1);
3622 return b1;
3623 }
3624 #endif /* INET6 */
3625
3626 static int
3627 lookup_proto(name, proto)
3628 register const char *name;
3629 register int proto;
3630 {
3631 register int v;
3632
3633 switch (proto) {
3634
3635 case Q_DEFAULT:
3636 case Q_IP:
3637 case Q_IPV6:
3638 v = pcap_nametoproto(name);
3639 if (v == PROTO_UNDEF)
3640 bpf_error("unknown ip proto '%s'", name);
3641 break;
3642
3643 case Q_LINK:
3644 /* XXX should look up h/w protocol type based on linktype */
3645 v = pcap_nametoeproto(name);
3646 if (v == PROTO_UNDEF) {
3647 v = pcap_nametollc(name);
3648 if (v == PROTO_UNDEF)
3649 bpf_error("unknown ether proto '%s'", name);
3650 }
3651 break;
3652
3653 case Q_ISO:
3654 if (strcmp(name, "esis") == 0)
3655 v = ISO9542_ESIS;
3656 else if (strcmp(name, "isis") == 0)
3657 v = ISO10589_ISIS;
3658 else if (strcmp(name, "clnp") == 0)
3659 v = ISO8473_CLNP;
3660 else
3661 bpf_error("unknown osi proto '%s'", name);
3662 break;
3663
3664 default:
3665 v = PROTO_UNDEF;
3666 break;
3667 }
3668 return v;
3669 }
3670
3671 #if 0
3672 struct stmt *
3673 gen_joinsp(s, n)
3674 struct stmt **s;
3675 int n;
3676 {
3677 return NULL;
3678 }
3679 #endif
3680
3681 static struct block *
3682 gen_protochain(v, proto, dir)
3683 int v;
3684 int proto;
3685 int dir;
3686 {
3687 #ifdef NO_PROTOCHAIN
3688 return gen_proto(v, proto, dir);
3689 #else
3690 struct block *b0, *b;
3691 struct slist *s[100];
3692 int fix2, fix3, fix4, fix5;
3693 int ahcheck, again, end;
3694 int i, max;
3695 int reg2 = alloc_reg();
3696
3697 memset(s, 0, sizeof(s));
3698 fix2 = fix3 = fix4 = fix5 = 0;
3699
3700 switch (proto) {
3701 case Q_IP:
3702 case Q_IPV6:
3703 break;
3704 case Q_DEFAULT:
3705 b0 = gen_protochain(v, Q_IP, dir);
3706 b = gen_protochain(v, Q_IPV6, dir);
3707 gen_or(b0, b);
3708 return b;
3709 default:
3710 bpf_error("bad protocol applied for 'protochain'");
3711 /*NOTREACHED*/
3712 }
3713
3714 no_optimize = 1; /*this code is not compatible with optimzer yet */
3715
3716 /*
3717 * s[0] is a dummy entry to protect other BPF insn from damage
3718 * by s[fix] = foo with uninitialized variable "fix". It is somewhat
3719 * hard to find interdependency made by jump table fixup.
3720 */
3721 i = 0;
3722 s[i] = new_stmt(0); /*dummy*/
3723 i++;
3724
3725 switch (proto) {
3726 case Q_IP:
3727 b0 = gen_linktype(ETHERTYPE_IP);
3728
3729 /* A = ip->ip_p */
3730 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
3731 s[i]->s.k = off_nl + 9;
3732 i++;
3733 /* X = ip->ip_hl << 2 */
3734 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
3735 s[i]->s.k = off_nl;
3736 i++;
3737 break;
3738 #ifdef INET6
3739 case Q_IPV6:
3740 b0 = gen_linktype(ETHERTYPE_IPV6);
3741
3742 /* A = ip6->ip_nxt */
3743 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
3744 s[i]->s.k = off_nl + 6;
3745 i++;
3746 /* X = sizeof(struct ip6_hdr) */
3747 s[i] = new_stmt(BPF_LDX|BPF_IMM);
3748 s[i]->s.k = 40;
3749 i++;
3750 break;
3751 #endif
3752 default:
3753 bpf_error("unsupported proto to gen_protochain");
3754 /*NOTREACHED*/
3755 }
3756
3757 /* again: if (A == v) goto end; else fall through; */
3758 again = i;
3759 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3760 s[i]->s.k = v;
3761 s[i]->s.jt = NULL; /*later*/
3762 s[i]->s.jf = NULL; /*update in next stmt*/
3763 fix5 = i;
3764 i++;
3765
3766 #ifndef IPPROTO_NONE
3767 #define IPPROTO_NONE 59
3768 #endif
3769 /* if (A == IPPROTO_NONE) goto end */
3770 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3771 s[i]->s.jt = NULL; /*later*/
3772 s[i]->s.jf = NULL; /*update in next stmt*/
3773 s[i]->s.k = IPPROTO_NONE;
3774 s[fix5]->s.jf = s[i];
3775 fix2 = i;
3776 i++;
3777
3778 #ifdef INET6
3779 if (proto == Q_IPV6) {
3780 int v6start, v6end, v6advance, j;
3781
3782 v6start = i;
3783 /* if (A == IPPROTO_HOPOPTS) goto v6advance */
3784 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3785 s[i]->s.jt = NULL; /*later*/
3786 s[i]->s.jf = NULL; /*update in next stmt*/
3787 s[i]->s.k = IPPROTO_HOPOPTS;
3788 s[fix2]->s.jf = s[i];
3789 i++;
3790 /* if (A == IPPROTO_DSTOPTS) goto v6advance */
3791 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3792 s[i]->s.jt = NULL; /*later*/
3793 s[i]->s.jf = NULL; /*update in next stmt*/
3794 s[i]->s.k = IPPROTO_DSTOPTS;
3795 i++;
3796 /* if (A == IPPROTO_ROUTING) goto v6advance */
3797 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3798 s[i]->s.jt = NULL; /*later*/
3799 s[i]->s.jf = NULL; /*update in next stmt*/
3800 s[i]->s.k = IPPROTO_ROUTING;
3801 i++;
3802 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */
3803 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3804 s[i]->s.jt = NULL; /*later*/
3805 s[i]->s.jf = NULL; /*later*/
3806 s[i]->s.k = IPPROTO_FRAGMENT;
3807 fix3 = i;
3808 v6end = i;
3809 i++;
3810
3811 /* v6advance: */
3812 v6advance = i;
3813
3814 /*
3815 * in short,
3816 * A = P[X];
3817 * X = X + (P[X + 1] + 1) * 8;
3818 */
3819 /* A = X */
3820 s[i] = new_stmt(BPF_MISC|BPF_TXA);
3821 i++;
3822 /* A = P[X + packet head] */
3823 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
3824 s[i]->s.k = off_nl;
3825 i++;
3826 /* MEM[reg2] = A */
3827 s[i] = new_stmt(BPF_ST);
3828 s[i]->s.k = reg2;
3829 i++;
3830 /* A = X */
3831 s[i] = new_stmt(BPF_MISC|BPF_TXA);
3832 i++;
3833 /* A += 1 */
3834 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3835 s[i]->s.k = 1;
3836 i++;
3837 /* X = A */
3838 s[i] = new_stmt(BPF_MISC|BPF_TAX);
3839 i++;
3840 /* A = P[X + packet head]; */
3841 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
3842 s[i]->s.k = off_nl;
3843 i++;
3844 /* A += 1 */
3845 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3846 s[i]->s.k = 1;
3847 i++;
3848 /* A *= 8 */
3849 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
3850 s[i]->s.k = 8;
3851 i++;
3852 /* X = A; */
3853 s[i] = new_stmt(BPF_MISC|BPF_TAX);
3854 i++;
3855 /* A = MEM[reg2] */
3856 s[i] = new_stmt(BPF_LD|BPF_MEM);
3857 s[i]->s.k = reg2;
3858 i++;
3859
3860 /* goto again; (must use BPF_JA for backward jump) */
3861 s[i] = new_stmt(BPF_JMP|BPF_JA);
3862 s[i]->s.k = again - i - 1;
3863 s[i - 1]->s.jf = s[i];
3864 i++;
3865
3866 /* fixup */
3867 for (j = v6start; j <= v6end; j++)
3868 s[j]->s.jt = s[v6advance];
3869 } else
3870 #endif
3871 {
3872 /* nop */
3873 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3874 s[i]->s.k = 0;
3875 s[fix2]->s.jf = s[i];
3876 i++;
3877 }
3878
3879 /* ahcheck: */
3880 ahcheck = i;
3881 /* if (A == IPPROTO_AH) then fall through; else goto end; */
3882 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3883 s[i]->s.jt = NULL; /*later*/
3884 s[i]->s.jf = NULL; /*later*/
3885 s[i]->s.k = IPPROTO_AH;
3886 if (fix3)
3887 s[fix3]->s.jf = s[ahcheck];
3888 fix4 = i;
3889 i++;
3890
3891 /*
3892 * in short,
3893 * A = P[X];
3894 * X = X + (P[X + 1] + 2) * 4;
3895 */
3896 /* A = X */
3897 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
3898 i++;
3899 /* A = P[X + packet head]; */
3900 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
3901 s[i]->s.k = off_nl;
3902 i++;
3903 /* MEM[reg2] = A */
3904 s[i] = new_stmt(BPF_ST);
3905 s[i]->s.k = reg2;
3906 i++;
3907 /* A = X */
3908 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
3909 i++;
3910 /* A += 1 */
3911 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3912 s[i]->s.k = 1;
3913 i++;
3914 /* X = A */
3915 s[i] = new_stmt(BPF_MISC|BPF_TAX);
3916 i++;
3917 /* A = P[X + packet head] */
3918 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
3919 s[i]->s.k = off_nl;
3920 i++;
3921 /* A += 2 */
3922 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3923 s[i]->s.k = 2;
3924 i++;
3925 /* A *= 4 */
3926 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
3927 s[i]->s.k = 4;
3928 i++;
3929 /* X = A; */
3930 s[i] = new_stmt(BPF_MISC|BPF_TAX);
3931 i++;
3932 /* A = MEM[reg2] */
3933 s[i] = new_stmt(BPF_LD|BPF_MEM);
3934 s[i]->s.k = reg2;
3935 i++;
3936
3937 /* goto again; (must use BPF_JA for backward jump) */
3938 s[i] = new_stmt(BPF_JMP|BPF_JA);
3939 s[i]->s.k = again - i - 1;
3940 i++;
3941
3942 /* end: nop */
3943 end = i;
3944 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3945 s[i]->s.k = 0;
3946 s[fix2]->s.jt = s[end];
3947 s[fix4]->s.jf = s[end];
3948 s[fix5]->s.jt = s[end];
3949 i++;
3950
3951 /*
3952 * make slist chain
3953 */
3954 max = i;
3955 for (i = 0; i < max - 1; i++)
3956 s[i]->next = s[i + 1];
3957 s[max - 1]->next = NULL;
3958
3959 /*
3960 * emit final check
3961 */
3962 b = new_block(JMP(BPF_JEQ));
3963 b->stmts = s[1]; /*remember, s[0] is dummy*/
3964 b->s.k = v;
3965
3966 free_reg(reg2);
3967
3968 gen_and(b0, b);
3969 return b;
3970 #endif
3971 }
3972
3973 /*
3974 * Generate code that checks whether the packet is a packet for protocol
3975 * <proto> and whether the type field in that protocol's header has
3976 * the value <v>, e.g. if <proto> is Q_IP, it checks whether it's an
3977 * IP packet and checks the protocol number in the IP header against <v>.
3978 *
3979 * If <proto> is Q_DEFAULT, i.e. just "proto" was specified, it checks
3980 * against Q_IP and Q_IPV6.
3981 */
3982 static struct block *
3983 gen_proto(v, proto, dir)
3984 int v;
3985 int proto;
3986 int dir;
3987 {
3988 struct block *b0, *b1;
3989
3990 if (dir != Q_DEFAULT)
3991 bpf_error("direction applied to 'proto'");
3992
3993 switch (proto) {
3994 case Q_DEFAULT:
3995 #ifdef INET6
3996 b0 = gen_proto(v, Q_IP, dir);
3997 b1 = gen_proto(v, Q_IPV6, dir);
3998 gen_or(b0, b1);
3999 return b1;
4000 #else
4001 /*FALLTHROUGH*/
4002 #endif
4003 case Q_IP:
4004 /*
4005 * For FDDI, RFC 1188 says that SNAP encapsulation is used,
4006 * not LLC encapsulation with LLCSAP_IP.
4007 *
4008 * For IEEE 802 networks - which includes 802.5 token ring
4009 * (which is what DLT_IEEE802 means) and 802.11 - RFC 1042
4010 * says that SNAP encapsulation is used, not LLC encapsulation
4011 * with LLCSAP_IP.
4012 *
4013 * For LLC-encapsulated ATM/"Classical IP", RFC 1483 and
4014 * RFC 2225 say that SNAP encapsulation is used, not LLC
4015 * encapsulation with LLCSAP_IP.
4016 *
4017 * So we always check for ETHERTYPE_IP.
4018 */
4019 b0 = gen_linktype(ETHERTYPE_IP);
4020 #ifndef CHASE_CHAIN
4021 b1 = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)v);
4022 #else
4023 b1 = gen_protochain(v, Q_IP);
4024 #endif
4025 gen_and(b0, b1);
4026 return b1;
4027
4028 case Q_ISO:
4029 switch (linktype) {
4030
4031 case DLT_FRELAY:
4032 /*
4033 * Frame Relay packets typically have an OSI
4034 * NLPID at the beginning; "gen_linktype(LLCSAP_ISONS)"
4035 * generates code to check for all the OSI
4036 * NLPIDs, so calling it and then adding a check
4037 * for the particular NLPID for which we're
4038 * looking is bogus, as we can just check for
4039 * the NLPID.
4040 *
4041 * What we check for is the NLPID and a frame
4042 * control field value of UI, i.e. 0x03 followed
4043 * by the NLPID.
4044 *
4045 * XXX - assumes a 2-byte Frame Relay header with
4046 * DLCI and flags. What if the address is longer?
4047 *
4048 * XXX - what about SNAP-encapsulated frames?
4049 */
4050 return gen_cmp(2, BPF_H, (0x03<<8) | v);
4051 /*NOTREACHED*/
4052 break;
4053
4054 case DLT_C_HDLC:
4055 /*
4056 * Cisco uses an Ethertype lookalike - for OSI,
4057 * it's 0xfefe.
4058 */
4059 b0 = gen_linktype(LLCSAP_ISONS<<8 | LLCSAP_ISONS);
4060 /* OSI in C-HDLC is stuffed with a fudge byte */
4061 b1 = gen_cmp(off_nl_nosnap+1, BPF_B, (long)v);
4062 gen_and(b0, b1);
4063 return b1;
4064
4065 default:
4066 b0 = gen_linktype(LLCSAP_ISONS);
4067 b1 = gen_cmp(off_nl_nosnap, BPF_B, (long)v);
4068 gen_and(b0, b1);
4069 return b1;
4070 }
4071
4072 case Q_ISIS:
4073 b0 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT);
4074 /*
4075 * 4 is the offset of the PDU type relative to the IS-IS
4076 * header.
4077 */
4078 b1 = gen_cmp(off_nl_nosnap+4, BPF_B, (long)v);
4079 gen_and(b0, b1);
4080 return b1;
4081
4082 case Q_ARP:
4083 bpf_error("arp does not encapsulate another protocol");
4084 /* NOTREACHED */
4085
4086 case Q_RARP:
4087 bpf_error("rarp does not encapsulate another protocol");
4088 /* NOTREACHED */
4089
4090 case Q_ATALK:
4091 bpf_error("atalk encapsulation is not specifiable");
4092 /* NOTREACHED */
4093
4094 case Q_DECNET:
4095 bpf_error("decnet encapsulation is not specifiable");
4096 /* NOTREACHED */
4097
4098 case Q_SCA:
4099 bpf_error("sca does not encapsulate another protocol");
4100 /* NOTREACHED */
4101
4102 case Q_LAT:
4103 bpf_error("lat does not encapsulate another protocol");
4104 /* NOTREACHED */
4105
4106 case Q_MOPRC:
4107 bpf_error("moprc does not encapsulate another protocol");
4108 /* NOTREACHED */
4109
4110 case Q_MOPDL:
4111 bpf_error("mopdl does not encapsulate another protocol");
4112 /* NOTREACHED */
4113
4114 case Q_LINK:
4115 return gen_linktype(v);
4116
4117 case Q_UDP:
4118 bpf_error("'udp proto' is bogus");
4119 /* NOTREACHED */
4120
4121 case Q_TCP:
4122 bpf_error("'tcp proto' is bogus");
4123 /* NOTREACHED */
4124
4125 case Q_SCTP:
4126 bpf_error("'sctp proto' is bogus");
4127 /* NOTREACHED */
4128
4129 case Q_ICMP:
4130 bpf_error("'icmp proto' is bogus");
4131 /* NOTREACHED */
4132
4133 case Q_IGMP:
4134 bpf_error("'igmp proto' is bogus");
4135 /* NOTREACHED */
4136
4137 case Q_IGRP:
4138 bpf_error("'igrp proto' is bogus");
4139 /* NOTREACHED */
4140
4141 case Q_PIM:
4142 bpf_error("'pim proto' is bogus");
4143 /* NOTREACHED */
4144
4145 case Q_VRRP:
4146 bpf_error("'vrrp proto' is bogus");
4147 /* NOTREACHED */
4148
4149 #ifdef INET6
4150 case Q_IPV6:
4151 b0 = gen_linktype(ETHERTYPE_IPV6);
4152 #ifndef CHASE_CHAIN
4153 b1 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)v);
4154 #else
4155 b1 = gen_protochain(v, Q_IPV6);
4156 #endif
4157 gen_and(b0, b1);
4158 return b1;
4159
4160 case Q_ICMPV6:
4161 bpf_error("'icmp6 proto' is bogus");
4162 #endif /* INET6 */
4163
4164 case Q_AH:
4165 bpf_error("'ah proto' is bogus");
4166
4167 case Q_ESP:
4168 bpf_error("'ah proto' is bogus");
4169
4170 case Q_STP:
4171 bpf_error("'stp proto' is bogus");
4172
4173 case Q_IPX:
4174 bpf_error("'ipx proto' is bogus");
4175
4176 case Q_NETBEUI:
4177 bpf_error("'netbeui proto' is bogus");
4178
4179 default:
4180 abort();
4181 /* NOTREACHED */
4182 }
4183 /* NOTREACHED */
4184 }
4185
4186 struct block *
4187 gen_scode(name, q)
4188 register const char *name;
4189 struct qual q;
4190 {
4191 int proto = q.proto;
4192 int dir = q.dir;
4193 int tproto;
4194 u_char *eaddr;
4195 bpf_u_int32 mask, addr;
4196 #ifndef INET6
4197 bpf_u_int32 **alist;
4198 #else
4199 int tproto6;
4200 struct sockaddr_in *sin;
4201 struct sockaddr_in6 *sin6;
4202 struct addrinfo *res, *res0;
4203 struct in6_addr mask128;
4204 #endif /*INET6*/
4205 struct block *b, *tmp;
4206 int port, real_proto;
4207 int port1, port2;
4208
4209 switch (q.addr) {
4210
4211 case Q_NET:
4212 addr = pcap_nametonetaddr(name);
4213 if (addr == 0)
4214 bpf_error("unknown network '%s'", name);
4215 /* Left justify network addr and calculate its network mask */
4216 mask = 0xffffffff;
4217 while (addr && (addr & 0xff000000) == 0) {
4218 addr <<= 8;
4219 mask <<= 8;
4220 }
4221 return gen_host(addr, mask, proto, dir);
4222
4223 case Q_DEFAULT:
4224 case Q_HOST:
4225 if (proto == Q_LINK) {
4226 switch (linktype) {
4227
4228 case DLT_EN10MB:
4229 eaddr = pcap_ether_hostton(name);
4230 if (eaddr == NULL)
4231 bpf_error(
4232 "unknown ether host '%s'", name);
4233 b = gen_ehostop(eaddr, dir);
4234 free(eaddr);
4235 return b;
4236
4237 case DLT_FDDI:
4238 eaddr = pcap_ether_hostton(name);
4239 if (eaddr == NULL)
4240 bpf_error(
4241 "unknown FDDI host '%s'", name);
4242 b = gen_fhostop(eaddr, dir);
4243 free(eaddr);
4244 return b;
4245
4246 case DLT_IEEE802:
4247 eaddr = pcap_ether_hostton(name);
4248 if (eaddr == NULL)
4249 bpf_error(
4250 "unknown token ring host '%s'", name);
4251 b = gen_thostop(eaddr, dir);
4252 free(eaddr);
4253 return b;
4254
4255 case DLT_IEEE802_11:
4256 eaddr = pcap_ether_hostton(name);
4257 if (eaddr == NULL)
4258 bpf_error(
4259 "unknown 802.11 host '%s'", name);
4260 b = gen_wlanhostop(eaddr, dir);
4261 free(eaddr);
4262 return b;
4263
4264 case DLT_IP_OVER_FC:
4265 eaddr = pcap_ether_hostton(name);
4266 if (eaddr == NULL)
4267 bpf_error(
4268 "unknown Fibre Channel host '%s'", name);
4269 b = gen_ipfchostop(eaddr, dir);
4270 free(eaddr);
4271 return b;
4272
4273 case DLT_SUNATM:
4274 if (!is_lane)
4275 break;
4276
4277 /*
4278 * Check that the packet doesn't begin
4279 * with an LE Control marker. (We've
4280 * already generated a test for LANE.)
4281 */
4282 tmp = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H,
4283 0xFF00);
4284 gen_not(tmp);
4285
4286 eaddr = pcap_ether_hostton(name);
4287 if (eaddr == NULL)
4288 bpf_error(
4289 "unknown ether host '%s'", name);
4290 b = gen_ehostop(eaddr, dir);
4291 gen_and(tmp, b);
4292 free(eaddr);
4293 return b;
4294 }
4295
4296 bpf_error("only ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel supports link-level host name");
4297 } else if (proto == Q_DECNET) {
4298 unsigned short dn_addr = __pcap_nametodnaddr(name);
4299 /*
4300 * I don't think DECNET hosts can be multihomed, so
4301 * there is no need to build up a list of addresses
4302 */
4303 return (gen_host(dn_addr, 0, proto, dir));
4304 } else {
4305 #ifndef INET6
4306 alist = pcap_nametoaddr(name);
4307 if (alist == NULL || *alist == NULL)
4308 bpf_error("unknown host '%s'", name);
4309 tproto = proto;
4310 if (off_linktype == (u_int)-1 && tproto == Q_DEFAULT)
4311 tproto = Q_IP;
4312 b = gen_host(**alist++, 0xffffffff, tproto, dir);
4313 while (*alist) {
4314 tmp = gen_host(**alist++, 0xffffffff,
4315 tproto, dir);
4316 gen_or(b, tmp);
4317 b = tmp;
4318 }
4319 return b;
4320 #else
4321 memset(&mask128, 0xff, sizeof(mask128));
4322 res0 = res = pcap_nametoaddrinfo(name);
4323 if (res == NULL)
4324 bpf_error("unknown host '%s'", name);
4325 b = tmp = NULL;
4326 tproto = tproto6 = proto;
4327 if (off_linktype == -1 && tproto == Q_DEFAULT) {
4328 tproto = Q_IP;
4329 tproto6 = Q_IPV6;
4330 }
4331 for (res = res0; res; res = res->ai_next) {
4332 switch (res->ai_family) {
4333 case AF_INET:
4334 if (tproto == Q_IPV6)
4335 continue;
4336
4337 sin = (struct sockaddr_in *)
4338 res->ai_addr;
4339 tmp = gen_host(ntohl(sin->sin_addr.s_addr),
4340 0xffffffff, tproto, dir);
4341 break;
4342 case AF_INET6:
4343 if (tproto6 == Q_IP)
4344 continue;
4345
4346 sin6 = (struct sockaddr_in6 *)
4347 res->ai_addr;
4348 tmp = gen_host6(&sin6->sin6_addr,
4349 &mask128, tproto6, dir);
4350 break;
4351 default:
4352 continue;
4353 }
4354 if (b)
4355 gen_or(b, tmp);
4356 b = tmp;
4357 }
4358 freeaddrinfo(res0);
4359 if (b == NULL) {
4360 bpf_error("unknown host '%s'%s", name,
4361 (proto == Q_DEFAULT)
4362 ? ""
4363 : " for specified address family");
4364 }
4365 return b;
4366 #endif /*INET6*/
4367 }
4368
4369 case Q_PORT:
4370 if (proto != Q_DEFAULT &&
4371 proto != Q_UDP && proto != Q_TCP && proto != Q_SCTP)
4372 bpf_error("illegal qualifier of 'port'");
4373 if (pcap_nametoport(name, &port, &real_proto) == 0)
4374 bpf_error("unknown port '%s'", name);
4375 if (proto == Q_UDP) {
4376 if (real_proto == IPPROTO_TCP)
4377 bpf_error("port '%s' is tcp", name);
4378 else if (real_proto == IPPROTO_SCTP)
4379 bpf_error("port '%s' is sctp", name);
4380 else
4381 /* override PROTO_UNDEF */
4382 real_proto = IPPROTO_UDP;
4383 }
4384 if (proto == Q_TCP) {
4385 if (real_proto == IPPROTO_UDP)
4386 bpf_error("port '%s' is udp", name);
4387
4388 else if (real_proto == IPPROTO_SCTP)
4389 bpf_error("port '%s' is sctp", name);
4390 else
4391 /* override PROTO_UNDEF */
4392 real_proto = IPPROTO_TCP;
4393 }
4394 if (proto == Q_SCTP) {
4395 if (real_proto == IPPROTO_UDP)
4396 bpf_error("port '%s' is udp", name);
4397
4398 else if (real_proto == IPPROTO_TCP)
4399 bpf_error("port '%s' is tcp", name);
4400 else
4401 /* override PROTO_UNDEF */
4402 real_proto = IPPROTO_SCTP;
4403 }
4404 #ifndef INET6
4405 return gen_port(port, real_proto, dir);
4406 #else
4407 {
4408 struct block *b;
4409 b = gen_port(port, real_proto, dir);
4410 gen_or(gen_port6(port, real_proto, dir), b);
4411 return b;
4412 }
4413 #endif /* INET6 */
4414
4415 case Q_PORTRANGE:
4416 if (proto != Q_DEFAULT &&
4417 proto != Q_UDP && proto != Q_TCP && proto != Q_SCTP)
4418 bpf_error("illegal qualifier of 'portrange'");
4419 if (pcap_nametoportrange(name, &port1, &port2, &real_proto) == 0)
4420 bpf_error("unknown port in range '%s'", name);
4421 if (proto == Q_UDP) {
4422 if (real_proto == IPPROTO_TCP)
4423 bpf_error("port in range '%s' is tcp", name);
4424 else if (real_proto == IPPROTO_SCTP)
4425 bpf_error("port in range '%s' is sctp", name);
4426 else
4427 /* override PROTO_UNDEF */
4428 real_proto = IPPROTO_UDP;
4429 }
4430 if (proto == Q_TCP) {
4431 if (real_proto == IPPROTO_UDP)
4432 bpf_error("port in range '%s' is udp", name);
4433 else if (real_proto == IPPROTO_SCTP)
4434 bpf_error("port in range '%s' is sctp", name);
4435 else
4436 /* override PROTO_UNDEF */
4437 real_proto = IPPROTO_TCP;
4438 }
4439 if (proto == Q_SCTP) {
4440 if (real_proto == IPPROTO_UDP)
4441 bpf_error("port in range '%s' is udp", name);
4442 else if (real_proto == IPPROTO_TCP)
4443 bpf_error("port in range '%s' is tcp", name);
4444 else
4445 /* override PROTO_UNDEF */
4446 real_proto = IPPROTO_SCTP;
4447 }
4448 #ifndef INET6
4449 return gen_portrange(port1, port2, real_proto, dir);
4450 #else
4451 {
4452 struct block *b;
4453 b = gen_portrange(port1, port2, real_proto, dir);
4454 gen_or(gen_portrange6(port1, port2, real_proto, dir), b);
4455 return b;
4456 }
4457 #endif /* INET6 */
4458
4459 case Q_GATEWAY:
4460 #ifndef INET6
4461 eaddr = pcap_ether_hostton(name);
4462 if (eaddr == NULL)
4463 bpf_error("unknown ether host: %s", name);
4464
4465 alist = pcap_nametoaddr(name);
4466 if (alist == NULL || *alist == NULL)
4467 bpf_error("unknown host '%s'", name);
4468 b = gen_gateway(eaddr, alist, proto, dir);
4469 free(eaddr);
4470 return b;
4471 #else
4472 bpf_error("'gateway' not supported in this configuration");
4473 #endif /*INET6*/
4474
4475 case Q_PROTO:
4476 real_proto = lookup_proto(name, proto);
4477 if (real_proto >= 0)
4478 return gen_proto(real_proto, proto, dir);
4479 else
4480 bpf_error("unknown protocol: %s", name);
4481
4482 case Q_PROTOCHAIN:
4483 real_proto = lookup_proto(name, proto);
4484 if (real_proto >= 0)
4485 return gen_protochain(real_proto, proto, dir);
4486 else
4487 bpf_error("unknown protocol: %s", name);
4488
4489
4490 case Q_UNDEF:
4491 syntax();
4492 /* NOTREACHED */
4493 }
4494 abort();
4495 /* NOTREACHED */
4496 }
4497
4498 struct block *
4499 gen_mcode(s1, s2, masklen, q)
4500 register const char *s1, *s2;
4501 register int masklen;
4502 struct qual q;
4503 {
4504 register int nlen, mlen;
4505 bpf_u_int32 n, m;
4506
4507 nlen = __pcap_atoin(s1, &n);
4508 /* Promote short ipaddr */
4509 n <<= 32 - nlen;
4510
4511 if (s2 != NULL) {
4512 mlen = __pcap_atoin(s2, &m);
4513 /* Promote short ipaddr */
4514 m <<= 32 - mlen;
4515 if ((n & ~m) != 0)
4516 bpf_error("non-network bits set in \"%s mask %s\"",
4517 s1, s2);
4518 } else {
4519 /* Convert mask len to mask */
4520 if (masklen > 32)
4521 bpf_error("mask length must be <= 32");
4522 m = 0xffffffff << (32 - masklen);
4523 if ((n & ~m) != 0)
4524 bpf_error("non-network bits set in \"%s/%d\"",
4525 s1, masklen);
4526 }
4527
4528 switch (q.addr) {
4529
4530 case Q_NET:
4531 return gen_host(n, m, q.proto, q.dir);
4532
4533 default:
4534 bpf_error("Mask syntax for networks only");
4535 /* NOTREACHED */
4536 }
4537 /* NOTREACHED */
4538 }
4539
4540 struct block *
4541 gen_ncode(s, v, q)
4542 register const char *s;
4543 bpf_u_int32 v;
4544 struct qual q;
4545 {
4546 bpf_u_int32 mask;
4547 int proto = q.proto;
4548 int dir = q.dir;
4549 register int vlen;
4550
4551 if (s == NULL)
4552 vlen = 32;
4553 else if (q.proto == Q_DECNET)
4554 vlen = __pcap_atodn(s, &v);
4555 else
4556 vlen = __pcap_atoin(s, &v);
4557
4558 switch (q.addr) {
4559
4560 case Q_DEFAULT:
4561 case Q_HOST:
4562 case Q_NET:
4563 if (proto == Q_DECNET)
4564 return gen_host(v, 0, proto, dir);
4565 else if (proto == Q_LINK) {
4566 bpf_error("illegal link layer address");
4567 } else {
4568 mask = 0xffffffff;
4569 if (s == NULL && q.addr == Q_NET) {
4570 /* Promote short net number */
4571 while (v && (v & 0xff000000) == 0) {
4572 v <<= 8;
4573 mask <<= 8;
4574 }
4575 } else {
4576 /* Promote short ipaddr */
4577 v <<= 32 - vlen;
4578 mask <<= 32 - vlen;
4579 }
4580 return gen_host(v, mask, proto, dir);
4581 }
4582
4583 case Q_PORT:
4584 if (proto == Q_UDP)
4585 proto = IPPROTO_UDP;
4586 else if (proto == Q_TCP)
4587 proto = IPPROTO_TCP;
4588 else if (proto == Q_SCTP)
4589 proto = IPPROTO_SCTP;
4590 else if (proto == Q_DEFAULT)
4591 proto = PROTO_UNDEF;
4592 else
4593 bpf_error("illegal qualifier of 'port'");
4594
4595 #ifndef INET6
4596 return gen_port((int)v, proto, dir);
4597 #else
4598 {
4599 struct block *b;
4600 b = gen_port((int)v, proto, dir);
4601 gen_or(gen_port6((int)v, proto, dir), b);
4602 return b;
4603 }
4604 #endif /* INET6 */
4605
4606 case Q_PORTRANGE:
4607 if (proto == Q_UDP)
4608 proto = IPPROTO_UDP;
4609 else if (proto == Q_TCP)
4610 proto = IPPROTO_TCP;
4611 else if (proto == Q_SCTP)
4612 proto = IPPROTO_SCTP;
4613 else if (proto == Q_DEFAULT)
4614 proto = PROTO_UNDEF;
4615 else
4616 bpf_error("illegal qualifier of 'portrange'");
4617
4618 #ifndef INET6
4619 return gen_portrange((int)v, (int)v, proto, dir);
4620 #else
4621 {
4622 struct block *b;
4623 b = gen_portrange((int)v, (int)v, proto, dir);
4624 gen_or(gen_portrange6((int)v, (int)v, proto, dir), b);
4625 return b;
4626 }
4627 #endif /* INET6 */
4628
4629 case Q_GATEWAY:
4630 bpf_error("'gateway' requires a name");
4631 /* NOTREACHED */
4632
4633 case Q_PROTO:
4634 return gen_proto((int)v, proto, dir);
4635
4636 case Q_PROTOCHAIN:
4637 return gen_protochain((int)v, proto, dir);
4638
4639 case Q_UNDEF:
4640 syntax();
4641 /* NOTREACHED */
4642
4643 default:
4644 abort();
4645 /* NOTREACHED */
4646 }
4647 /* NOTREACHED */
4648 }
4649
4650 #ifdef INET6
4651 struct block *
4652 gen_mcode6(s1, s2, masklen, q)
4653 register const char *s1, *s2;
4654 register int masklen;
4655 struct qual q;
4656 {
4657 struct addrinfo *res;
4658 struct in6_addr *addr;
4659 struct in6_addr mask;
4660 struct block *b;
4661 u_int32_t *a, *m;
4662
4663 if (s2)
4664 bpf_error("no mask %s supported", s2);
4665
4666 res = pcap_nametoaddrinfo(s1);
4667 if (!res)
4668 bpf_error("invalid ip6 address %s", s1);
4669 if (res->ai_next)
4670 bpf_error("%s resolved to multiple address", s1);
4671 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr;
4672
4673 if (sizeof(mask) * 8 < masklen)
4674 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8));
4675 memset(&mask, 0, sizeof(mask));
4676 memset(&mask, 0xff, masklen / 8);
4677 if (masklen % 8) {
4678 mask.s6_addr[masklen / 8] =
4679 (0xff << (8 - masklen % 8)) & 0xff;
4680 }
4681
4682 a = (u_int32_t *)addr;
4683 m = (u_int32_t *)&mask;
4684 if ((a[0] & ~m[0]) || (a[1] & ~m[1])
4685 || (a[2] & ~m[2]) || (a[3] & ~m[3])) {
4686 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen);
4687 }
4688
4689 switch (q.addr) {
4690
4691 case Q_DEFAULT:
4692 case Q_HOST:
4693 if (masklen != 128)
4694 bpf_error("Mask syntax for networks only");
4695 /* FALLTHROUGH */
4696
4697 case Q_NET:
4698 b = gen_host6(addr, &mask, q.proto, q.dir);
4699 freeaddrinfo(res);
4700 return b;
4701
4702 default:
4703 bpf_error("invalid qualifier against IPv6 address");
4704 /* NOTREACHED */
4705 }
4706 }
4707 #endif /*INET6*/
4708
4709 struct block *
4710 gen_ecode(eaddr, q)
4711 register const u_char *eaddr;
4712 struct qual q;
4713 {
4714 struct block *b, *tmp;
4715
4716 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
4717 if (linktype == DLT_EN10MB)
4718 return gen_ehostop(eaddr, (int)q.dir);
4719 if (linktype == DLT_FDDI)
4720 return gen_fhostop(eaddr, (int)q.dir);
4721 if (linktype == DLT_IEEE802)
4722 return gen_thostop(eaddr, (int)q.dir);
4723 if (linktype == DLT_IEEE802_11)
4724 return gen_wlanhostop(eaddr, (int)q.dir);
4725 if (linktype == DLT_SUNATM && is_lane) {
4726 /*
4727 * Check that the packet doesn't begin with an
4728 * LE Control marker. (We've already generated
4729 * a test for LANE.)
4730 */
4731 tmp = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
4732 gen_not(tmp);
4733
4734 /*
4735 * Now check the MAC address.
4736 */
4737 b = gen_ehostop(eaddr, (int)q.dir);
4738 gen_and(tmp, b);
4739 return b;
4740 }
4741 if (linktype == DLT_IP_OVER_FC)
4742 return gen_ipfchostop(eaddr, (int)q.dir);
4743 bpf_error("ethernet addresses supported only on ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel");
4744 }
4745 bpf_error("ethernet address used in non-ether expression");
4746 /* NOTREACHED */
4747 }
4748
4749 void
4750 sappend(s0, s1)
4751 struct slist *s0, *s1;
4752 {
4753 /*
4754 * This is definitely not the best way to do this, but the
4755 * lists will rarely get long.
4756 */
4757 while (s0->next)
4758 s0 = s0->next;
4759 s0->next = s1;
4760 }
4761
4762 static struct slist *
4763 xfer_to_x(a)
4764 struct arth *a;
4765 {
4766 struct slist *s;
4767
4768 s = new_stmt(BPF_LDX|BPF_MEM);
4769 s->s.k = a->regno;
4770 return s;
4771 }
4772
4773 static struct slist *
4774 xfer_to_a(a)
4775 struct arth *a;
4776 {
4777 struct slist *s;
4778
4779 s = new_stmt(BPF_LD|BPF_MEM);
4780 s->s.k = a->regno;
4781 return s;
4782 }
4783
4784 struct arth *
4785 gen_load(proto, index, size)
4786 int proto;
4787 struct arth *index;
4788 int size;
4789 {
4790 struct slist *s, *tmp;
4791 struct block *b;
4792 int regno = alloc_reg();
4793
4794 free_reg(index->regno);
4795 switch (size) {
4796
4797 default:
4798 bpf_error("data size must be 1, 2, or 4");
4799
4800 case 1:
4801 size = BPF_B;
4802 break;
4803
4804 case 2:
4805 size = BPF_H;
4806 break;
4807
4808 case 4:
4809 size = BPF_W;
4810 break;
4811 }
4812 switch (proto) {
4813 default:
4814 bpf_error("unsupported index operation");
4815
4816 case Q_LINK:
4817 /*
4818 * XXX - what about ATM LANE? Should the index be
4819 * relative to the beginning of the AAL5 frame, so
4820 * that 0 refers to the beginning of the LE Control
4821 * field, or relative to the beginning of the LAN
4822 * frame, so that 0 refers, for Ethernet LANE, to
4823 * the beginning of the destination address?
4824 */
4825 s = xfer_to_x(index);
4826 tmp = new_stmt(BPF_LD|BPF_IND|size);
4827 sappend(s, tmp);
4828 sappend(index->s, s);
4829 break;
4830
4831 case Q_IP:
4832 case Q_ARP:
4833 case Q_RARP:
4834 case Q_ATALK:
4835 case Q_DECNET:
4836 case Q_SCA:
4837 case Q_LAT:
4838 case Q_MOPRC:
4839 case Q_MOPDL:
4840 #ifdef INET6
4841 case Q_IPV6:
4842 #endif
4843 /* XXX Note that we assume a fixed link header here. */
4844 s = xfer_to_x(index);
4845 tmp = new_stmt(BPF_LD|BPF_IND|size);
4846 tmp->s.k = off_nl;
4847 sappend(s, tmp);
4848 sappend(index->s, s);
4849
4850 b = gen_proto_abbrev(proto);
4851 if (index->b)
4852 gen_and(index->b, b);
4853 index->b = b;
4854 break;
4855
4856 case Q_SCTP:
4857 case Q_TCP:
4858 case Q_UDP:
4859 case Q_ICMP:
4860 case Q_IGMP:
4861 case Q_IGRP:
4862 case Q_PIM:
4863 case Q_VRRP:
4864 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
4865 s->s.k = off_nl;
4866 sappend(s, xfer_to_a(index));
4867 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X));
4868 sappend(s, new_stmt(BPF_MISC|BPF_TAX));
4869 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size));
4870 tmp->s.k = off_nl;
4871 sappend(index->s, s);
4872
4873 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag());
4874 if (index->b)
4875 gen_and(index->b, b);
4876 #ifdef INET6
4877 gen_and(gen_proto_abbrev(Q_IP), b);
4878 #endif
4879 index->b = b;
4880 break;
4881 #ifdef INET6
4882 case Q_ICMPV6:
4883 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]");
4884 /*NOTREACHED*/
4885 #endif
4886 }
4887 index->regno = regno;
4888 s = new_stmt(BPF_ST);
4889 s->s.k = regno;
4890 sappend(index->s, s);
4891
4892 return index;
4893 }
4894
4895 struct block *
4896 gen_relation(code, a0, a1, reversed)
4897 int code;
4898 struct arth *a0, *a1;
4899 int reversed;
4900 {
4901 struct slist *s0, *s1, *s2;
4902 struct block *b, *tmp;
4903
4904 s0 = xfer_to_x(a1);
4905 s1 = xfer_to_a(a0);
4906 if (code == BPF_JEQ) {
4907 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X);
4908 b = new_block(JMP(code));
4909 sappend(s1, s2);
4910 }
4911 else
4912 b = new_block(BPF_JMP|code|BPF_X);
4913 if (reversed)
4914 gen_not(b);
4915
4916 sappend(s0, s1);
4917 sappend(a1->s, s0);
4918 sappend(a0->s, a1->s);
4919
4920 b->stmts = a0->s;
4921
4922 free_reg(a0->regno);
4923 free_reg(a1->regno);
4924
4925 /* 'and' together protocol checks */
4926 if (a0->b) {
4927 if (a1->b) {
4928 gen_and(a0->b, tmp = a1->b);
4929 }
4930 else
4931 tmp = a0->b;
4932 } else
4933 tmp = a1->b;
4934
4935 if (tmp)
4936 gen_and(tmp, b);
4937
4938 return b;
4939 }
4940
4941 struct arth *
4942 gen_loadlen()
4943 {
4944 int regno = alloc_reg();
4945 struct arth *a = (struct arth *)newchunk(sizeof(*a));
4946 struct slist *s;
4947
4948 s = new_stmt(BPF_LD|BPF_LEN);
4949 s->next = new_stmt(BPF_ST);
4950 s->next->s.k = regno;
4951 a->s = s;
4952 a->regno = regno;
4953
4954 return a;
4955 }
4956
4957 struct arth *
4958 gen_loadi(val)
4959 int val;
4960 {
4961 struct arth *a;
4962 struct slist *s;
4963 int reg;
4964
4965 a = (struct arth *)newchunk(sizeof(*a));
4966
4967 reg = alloc_reg();
4968
4969 s = new_stmt(BPF_LD|BPF_IMM);
4970 s->s.k = val;
4971 s->next = new_stmt(BPF_ST);
4972 s->next->s.k = reg;
4973 a->s = s;
4974 a->regno = reg;
4975
4976 return a;
4977 }
4978
4979 struct arth *
4980 gen_neg(a)
4981 struct arth *a;
4982 {
4983 struct slist *s;
4984
4985 s = xfer_to_a(a);
4986 sappend(a->s, s);
4987 s = new_stmt(BPF_ALU|BPF_NEG);
4988 s->s.k = 0;
4989 sappend(a->s, s);
4990 s = new_stmt(BPF_ST);
4991 s->s.k = a->regno;
4992 sappend(a->s, s);
4993
4994 return a;
4995 }
4996
4997 struct arth *
4998 gen_arth(code, a0, a1)
4999 int code;
5000 struct arth *a0, *a1;
5001 {
5002 struct slist *s0, *s1, *s2;
5003
5004 s0 = xfer_to_x(a1);
5005 s1 = xfer_to_a(a0);
5006 s2 = new_stmt(BPF_ALU|BPF_X|code);
5007
5008 sappend(s1, s2);
5009 sappend(s0, s1);
5010 sappend(a1->s, s0);
5011 sappend(a0->s, a1->s);
5012
5013 free_reg(a0->regno);
5014 free_reg(a1->regno);
5015
5016 s0 = new_stmt(BPF_ST);
5017 a0->regno = s0->s.k = alloc_reg();
5018 sappend(a0->s, s0);
5019
5020 return a0;
5021 }
5022
5023 /*
5024 * Here we handle simple allocation of the scratch registers.
5025 * If too many registers are alloc'd, the allocator punts.
5026 */
5027 static int regused[BPF_MEMWORDS];
5028 static int curreg;
5029
5030 /*
5031 * Return the next free register.
5032 */
5033 static int
5034 alloc_reg()
5035 {
5036 int n = BPF_MEMWORDS;
5037
5038 while (--n >= 0) {
5039 if (regused[curreg])
5040 curreg = (curreg + 1) % BPF_MEMWORDS;
5041 else {
5042 regused[curreg] = 1;
5043 return curreg;
5044 }
5045 }
5046 bpf_error("too many registers needed to evaluate expression");
5047 /* NOTREACHED */
5048 }
5049
5050 /*
5051 * Return a register to the table so it can
5052 * be used later.
5053 */
5054 static void
5055 free_reg(n)
5056 int n;
5057 {
5058 regused[n] = 0;
5059 }
5060
5061 static struct block *
5062 gen_len(jmp, n)
5063 int jmp, n;
5064 {
5065 struct slist *s;
5066 struct block *b;
5067
5068 s = new_stmt(BPF_LD|BPF_LEN);
5069 b = new_block(JMP(jmp));
5070 b->stmts = s;
5071 b->s.k = n;
5072
5073 return b;
5074 }
5075
5076 struct block *
5077 gen_greater(n)
5078 int n;
5079 {
5080 return gen_len(BPF_JGE, n);
5081 }
5082
5083 /*
5084 * Actually, this is less than or equal.
5085 */
5086 struct block *
5087 gen_less(n)
5088 int n;
5089 {
5090 struct block *b;
5091
5092 b = gen_len(BPF_JGT, n);
5093 gen_not(b);
5094
5095 return b;
5096 }
5097
5098 struct block *
5099 gen_byteop(op, idx, val)
5100 int op, idx, val;
5101 {
5102 struct block *b;
5103 struct slist *s;
5104
5105 switch (op) {
5106 default:
5107 abort();
5108
5109 case '=':
5110 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
5111
5112 case '<':
5113 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
5114 b->s.code = JMP(BPF_JGE);
5115 gen_not(b);
5116 return b;
5117
5118 case '>':
5119 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
5120 b->s.code = JMP(BPF_JGT);
5121 return b;
5122
5123 case '|':
5124 s = new_stmt(BPF_ALU|BPF_OR|BPF_K);
5125 break;
5126
5127 case '&':
5128 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
5129 break;
5130 }
5131 s->s.k = val;
5132 b = new_block(JMP(BPF_JEQ));
5133 b->stmts = s;
5134 gen_not(b);
5135
5136 return b;
5137 }
5138
5139 static u_char abroadcast[] = { 0x0 };
5140
5141 struct block *
5142 gen_broadcast(proto)
5143 int proto;
5144 {
5145 bpf_u_int32 hostmask;
5146 struct block *b0, *b1, *b2;
5147 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
5148
5149 switch (proto) {
5150
5151 case Q_DEFAULT:
5152 case Q_LINK:
5153 if (linktype == DLT_ARCNET || linktype == DLT_ARCNET_LINUX)
5154 return gen_ahostop(abroadcast, Q_DST);
5155 if (linktype == DLT_EN10MB)
5156 return gen_ehostop(ebroadcast, Q_DST);
5157 if (linktype == DLT_FDDI)
5158 return gen_fhostop(ebroadcast, Q_DST);
5159 if (linktype == DLT_IEEE802)
5160 return gen_thostop(ebroadcast, Q_DST);
5161 if (linktype == DLT_IEEE802_11)
5162 return gen_wlanhostop(ebroadcast, Q_DST);
5163 if (linktype == DLT_IP_OVER_FC)
5164 return gen_ipfchostop(ebroadcast, Q_DST);
5165 if (linktype == DLT_SUNATM && is_lane) {
5166 /*
5167 * Check that the packet doesn't begin with an
5168 * LE Control marker. (We've already generated
5169 * a test for LANE.)
5170 */
5171 b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
5172 gen_not(b1);
5173
5174 /*
5175 * Now check the MAC address.
5176 */
5177 b0 = gen_ehostop(ebroadcast, Q_DST);
5178 gen_and(b1, b0);
5179 return b0;
5180 }
5181 bpf_error("not a broadcast link");
5182 break;
5183
5184 case Q_IP:
5185 b0 = gen_linktype(ETHERTYPE_IP);
5186 hostmask = ~netmask;
5187 b1 = gen_mcmp(off_nl + 16, BPF_W, (bpf_int32)0, hostmask);
5188 b2 = gen_mcmp(off_nl + 16, BPF_W,
5189 (bpf_int32)(~0 & hostmask), hostmask);
5190 gen_or(b1, b2);
5191 gen_and(b0, b2);
5192 return b2;
5193 }
5194 bpf_error("only link-layer/IP broadcast filters supported");
5195 /* NOTREACHED */
5196 }
5197
5198 /*
5199 * Generate code to test the low-order bit of a MAC address (that's
5200 * the bottom bit of the *first* byte).
5201 */
5202 static struct block *
5203 gen_mac_multicast(offset)
5204 int offset;
5205 {
5206 register struct block *b0;
5207 register struct slist *s;
5208
5209 /* link[offset] & 1 != 0 */
5210 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
5211 s->s.k = offset;
5212 b0 = new_block(JMP(BPF_JSET));
5213 b0->s.k = 1;
5214 b0->stmts = s;
5215 return b0;
5216 }
5217
5218 struct block *
5219 gen_multicast(proto)
5220 int proto;
5221 {
5222 register struct block *b0, *b1, *b2;
5223 register struct slist *s;
5224
5225 switch (proto) {
5226
5227 case Q_DEFAULT:
5228 case Q_LINK:
5229 if (linktype == DLT_ARCNET || linktype == DLT_ARCNET_LINUX)
5230 /* all ARCnet multicasts use the same address */
5231 return gen_ahostop(abroadcast, Q_DST);
5232
5233 if (linktype == DLT_EN10MB) {
5234 /* ether[0] & 1 != 0 */
5235 return gen_mac_multicast(0);
5236 }
5237
5238 if (linktype == DLT_FDDI) {
5239 /*
5240 * XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX
5241 *
5242 * XXX - was that referring to bit-order issues?
5243 */
5244 /* fddi[1] & 1 != 0 */
5245 return gen_mac_multicast(1);
5246 }
5247
5248 if (linktype == DLT_IEEE802) {
5249 /* tr[2] & 1 != 0 */
5250 return gen_mac_multicast(2);
5251 }
5252
5253 if (linktype == DLT_IEEE802_11) {
5254 /*
5255 * Oh, yuk.
5256 *
5257 * For control frames, there is no DA.
5258 *
5259 * For management frames, DA is at an
5260 * offset of 4 from the beginning of
5261 * the packet.
5262 *
5263 * For data frames, DA is at an offset
5264 * of 4 from the beginning of the packet
5265 * if To DS is clear and at an offset of
5266 * 16 from the beginning of the packet
5267 * if To DS is set.
5268 */
5269
5270 /*
5271 * Generate the tests to be done for data frames.
5272 *
5273 * First, check for To DS set, i.e. "link[1] & 0x01".
5274 */
5275 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
5276 s->s.k = 1;
5277 b1 = new_block(JMP(BPF_JSET));
5278 b1->s.k = 0x01; /* To DS */
5279 b1->stmts = s;
5280
5281 /*
5282 * If To DS is set, the DA is at 16.
5283 */
5284 b0 = gen_mac_multicast(16);
5285 gen_and(b1, b0);
5286
5287 /*
5288 * Now, check for To DS not set, i.e. check
5289 * "!(link[1] & 0x01)".
5290 */
5291 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
5292 s->s.k = 1;
5293 b2 = new_block(JMP(BPF_JSET));
5294 b2->s.k = 0x01; /* To DS */
5295 b2->stmts = s;
5296 gen_not(b2);
5297
5298 /*
5299 * If To DS is not set, the DA is at 4.
5300 */
5301 b1 = gen_mac_multicast(4);
5302 gen_and(b2, b1);
5303
5304 /*
5305 * Now OR together the last two checks. That gives
5306 * the complete set of checks for data frames.
5307 */
5308 gen_or(b1, b0);
5309
5310 /*
5311 * Now check for a data frame.
5312 * I.e, check "link[0] & 0x08".
5313 */
5314 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
5315 s->s.k = 0;
5316 b1 = new_block(JMP(BPF_JSET));
5317 b1->s.k = 0x08;
5318 b1->stmts = s;
5319
5320 /*
5321 * AND that with the checks done for data frames.
5322 */
5323 gen_and(b1, b0);
5324
5325 /*
5326 * If the high-order bit of the type value is 0, this
5327 * is a management frame.
5328 * I.e, check "!(link[0] & 0x08)".
5329 */
5330 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
5331 s->s.k = 0;
5332 b2 = new_block(JMP(BPF_JSET));
5333 b2->s.k = 0x08;
5334 b2->stmts = s;
5335 gen_not(b2);
5336
5337 /*
5338 * For management frames, the DA is at 4.
5339 */
5340 b1 = gen_mac_multicast(4);
5341 gen_and(b2, b1);
5342
5343 /*
5344 * OR that with the checks done for data frames.
5345 * That gives the checks done for management and
5346 * data frames.
5347 */
5348 gen_or(b1, b0);
5349
5350 /*
5351 * If the low-order bit of the type value is 1,
5352 * this is either a control frame or a frame
5353 * with a reserved type, and thus not a
5354 * frame with an SA.
5355 *
5356 * I.e., check "!(link[0] & 0x04)".
5357 */
5358 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
5359 s->s.k = 0;
5360 b1 = new_block(JMP(BPF_JSET));
5361 b1->s.k = 0x04;
5362 b1->stmts = s;
5363 gen_not(b1);
5364
5365 /*
5366 * AND that with the checks for data and management
5367 * frames.
5368 */
5369 gen_and(b1, b0);
5370 return b0;
5371 }
5372
5373 if (linktype == DLT_IP_OVER_FC) {
5374 b0 = gen_mac_multicast(2);
5375 return b0;
5376 }
5377
5378 if (linktype == DLT_SUNATM && is_lane) {
5379 /*
5380 * Check that the packet doesn't begin with an
5381 * LE Control marker. (We've already generated
5382 * a test for LANE.)
5383 */
5384 b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
5385 gen_not(b1);
5386
5387 /* ether[off_mac] & 1 != 0 */
5388 b0 = gen_mac_multicast(off_mac);
5389 gen_and(b1, b0);
5390 return b0;
5391 }
5392
5393 /* Link not known to support multicasts */
5394 break;
5395
5396 case Q_IP:
5397 b0 = gen_linktype(ETHERTYPE_IP);
5398 b1 = gen_cmp(off_nl + 16, BPF_B, (bpf_int32)224);
5399 b1->s.code = JMP(BPF_JGE);
5400 gen_and(b0, b1);
5401 return b1;
5402
5403 #ifdef INET6
5404 case Q_IPV6:
5405 b0 = gen_linktype(ETHERTYPE_IPV6);
5406 b1 = gen_cmp(off_nl + 24, BPF_B, (bpf_int32)255);
5407 gen_and(b0, b1);
5408 return b1;
5409 #endif /* INET6 */
5410 }
5411 bpf_error("link-layer multicast filters supported only on ethernet/FDDI/token ring/ARCNET/802.11/ATM LANE/Fibre Channel");
5412 /* NOTREACHED */
5413 }
5414
5415 /*
5416 * generate command for inbound/outbound. It's here so we can
5417 * make it link-type specific. 'dir' = 0 implies "inbound",
5418 * = 1 implies "outbound".
5419 */
5420 struct block *
5421 gen_inbound(dir)
5422 int dir;
5423 {
5424 register struct block *b0;
5425
5426 /*
5427 * Only some data link types support inbound/outbound qualifiers.
5428 */
5429 switch (linktype) {
5430 case DLT_SLIP:
5431 b0 = gen_relation(BPF_JEQ,
5432 gen_load(Q_LINK, gen_loadi(0), 1),
5433 gen_loadi(0),
5434 dir);
5435 break;
5436
5437 case DLT_LINUX_SLL:
5438 if (dir) {
5439 /*
5440 * Match packets sent by this machine.
5441 */
5442 b0 = gen_cmp(0, BPF_H, LINUX_SLL_OUTGOING);
5443 } else {
5444 /*
5445 * Match packets sent to this machine.
5446 * (No broadcast or multicast packets, or
5447 * packets sent to some other machine and
5448 * received promiscuously.)
5449 *
5450 * XXX - packets sent to other machines probably
5451 * shouldn't be matched, but what about broadcast
5452 * or multicast packets we received?
5453 */
5454 b0 = gen_cmp(0, BPF_H, LINUX_SLL_HOST);
5455 }
5456 break;
5457
5458 case DLT_PFLOG:
5459 b0 = gen_cmp(offsetof(struct pfloghdr, dir), BPF_B,
5460 (bpf_int32)((dir == 0) ? PF_IN : PF_OUT));
5461 break;
5462
5463 case DLT_PPP_PPPD:
5464 if (dir) {
5465 /* match outgoing packets */
5466 b0 = gen_cmp(0, BPF_B, PPP_PPPD_OUT);
5467 } else {
5468 /* match incoming packets */
5469 b0 = gen_cmp(0, BPF_B, PPP_PPPD_IN);
5470 }
5471 break;
5472
5473 case DLT_JUNIPER_MLFR:
5474 case DLT_JUNIPER_MLPPP:
5475 case DLT_JUNIPER_ATM1:
5476 case DLT_JUNIPER_ATM2:
5477 /* juniper flags (including direction) are stored
5478 * the byte after the 3-byte magic number */
5479 if (dir) {
5480 /* match outgoing packets */
5481 b0 = gen_mcmp(3, BPF_B, 0, 0x01);
5482 } else {
5483 /* match incoming packets */
5484 b0 = gen_mcmp(3, BPF_B, 1, 0x01);
5485 }
5486 break;
5487
5488 default:
5489 bpf_error("inbound/outbound not supported on linktype %d",
5490 linktype);
5491 b0 = NULL;
5492 /* NOTREACHED */
5493 }
5494 return (b0);
5495 }
5496
5497 /* PF firewall log matched interface */
5498 struct block *
5499 gen_pf_ifname(const char *ifname)
5500 {
5501 struct block *b0;
5502 u_int len, off;
5503
5504 if (linktype == DLT_PFLOG) {
5505 len = sizeof(((struct pfloghdr *)0)->ifname);
5506 off = offsetof(struct pfloghdr, ifname);
5507 } else {
5508 bpf_error("ifname not supported on linktype 0x%x", linktype);
5509 /* NOTREACHED */
5510 }
5511 if (strlen(ifname) >= len) {
5512 bpf_error("ifname interface names can only be %d characters",
5513 len-1);
5514 /* NOTREACHED */
5515 }
5516 b0 = gen_bcmp(off, strlen(ifname), (const u_char *)ifname);
5517 return (b0);
5518 }
5519
5520 /* PF firewall log matched interface */
5521 struct block *
5522 gen_pf_ruleset(char *ruleset)
5523 {
5524 struct block *b0;
5525
5526 if (linktype != DLT_PFLOG) {
5527 bpf_error("ruleset not supported on linktype 0x%x", linktype);
5528 /* NOTREACHED */
5529 }
5530 if (strlen(ruleset) >= sizeof(((struct pfloghdr *)0)->ruleset)) {
5531 bpf_error("ruleset names can only be %ld characters",
5532 (long)(sizeof(((struct pfloghdr *)0)->ruleset) - 1));
5533 /* NOTREACHED */
5534 }
5535 b0 = gen_bcmp(offsetof(struct pfloghdr, ruleset),
5536 strlen(ruleset), (const u_char *)ruleset);
5537 return (b0);
5538 }
5539
5540 /* PF firewall log rule number */
5541 struct block *
5542 gen_pf_rnr(int rnr)
5543 {
5544 struct block *b0;
5545
5546 if (linktype == DLT_PFLOG) {
5547 b0 = gen_cmp(offsetof(struct pfloghdr, rulenr), BPF_W,
5548 (bpf_int32)rnr);
5549 } else {
5550 bpf_error("rnr not supported on linktype 0x%x", linktype);
5551 /* NOTREACHED */
5552 }
5553
5554 return (b0);
5555 }
5556
5557 /* PF firewall log sub-rule number */
5558 struct block *
5559 gen_pf_srnr(int srnr)
5560 {
5561 struct block *b0;
5562
5563 if (linktype != DLT_PFLOG) {
5564 bpf_error("srnr not supported on linktype 0x%x", linktype);
5565 /* NOTREACHED */
5566 }
5567
5568 b0 = gen_cmp(offsetof(struct pfloghdr, subrulenr), BPF_W,
5569 (bpf_int32)srnr);
5570 return (b0);
5571 }
5572
5573 /* PF firewall log reason code */
5574 struct block *
5575 gen_pf_reason(int reason)
5576 {
5577 struct block *b0;
5578
5579 if (linktype == DLT_PFLOG) {
5580 b0 = gen_cmp(offsetof(struct pfloghdr, reason), BPF_B,
5581 (bpf_int32)reason);
5582 } else {
5583 bpf_error("reason not supported on linktype 0x%x", linktype);
5584 /* NOTREACHED */
5585 }
5586
5587 return (b0);
5588 }
5589
5590 /* PF firewall log action */
5591 struct block *
5592 gen_pf_action(int action)
5593 {
5594 struct block *b0;
5595
5596 if (linktype == DLT_PFLOG) {
5597 b0 = gen_cmp(offsetof(struct pfloghdr, action), BPF_B,
5598 (bpf_int32)action);
5599 } else {
5600 bpf_error("action not supported on linktype 0x%x", linktype);
5601 /* NOTREACHED */
5602 }
5603
5604 return (b0);
5605 }
5606
5607 struct block *
5608 gen_acode(eaddr, q)
5609 register const u_char *eaddr;
5610 struct qual q;
5611 {
5612 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
5613 if (linktype == DLT_ARCNET || linktype == DLT_ARCNET_LINUX)
5614 return gen_ahostop(eaddr, (int)q.dir);
5615 }
5616 bpf_error("ARCnet address used in non-arc expression");
5617 /* NOTREACHED */
5618 }
5619
5620 static struct block *
5621 gen_ahostop(eaddr, dir)
5622 register const u_char *eaddr;
5623 register int dir;
5624 {
5625 register struct block *b0, *b1;
5626
5627 switch (dir) {
5628 /* src comes first, different from Ethernet */
5629 case Q_SRC:
5630 return gen_bcmp(0, 1, eaddr);
5631
5632 case Q_DST:
5633 return gen_bcmp(1, 1, eaddr);
5634
5635 case Q_AND:
5636 b0 = gen_ahostop(eaddr, Q_SRC);
5637 b1 = gen_ahostop(eaddr, Q_DST);
5638 gen_and(b0, b1);
5639 return b1;
5640
5641 case Q_DEFAULT:
5642 case Q_OR:
5643 b0 = gen_ahostop(eaddr, Q_SRC);
5644 b1 = gen_ahostop(eaddr, Q_DST);
5645 gen_or(b0, b1);
5646 return b1;
5647 }
5648 abort();
5649 /* NOTREACHED */
5650 }
5651
5652 /*
5653 * support IEEE 802.1Q VLAN trunk over ethernet
5654 */
5655 struct block *
5656 gen_vlan(vlan_num)
5657 int vlan_num;
5658 {
5659 struct block *b0;
5660
5661 /*
5662 * Change the offsets to point to the type and data fields within
5663 * the VLAN packet. Just increment the offsets, so that we
5664 * can support a hierarchy, e.g. "vlan 300 && vlan 200" to
5665 * capture VLAN 200 encapsulated within VLAN 100.
5666 *
5667 * XXX - this is a bit of a kludge. If we were to split the
5668 * compiler into a parser that parses an expression and
5669 * generates an expression tree, and a code generator that
5670 * takes an expression tree (which could come from our
5671 * parser or from some other parser) and generates BPF code,
5672 * we could perhaps make the offsets parameters of routines
5673 * and, in the handler for an "AND" node, pass to subnodes
5674 * other than the VLAN node the adjusted offsets.
5675 *
5676 * This would mean that "vlan" would, instead of changing the
5677 * behavior of *all* tests after it, change only the behavior
5678 * of tests ANDed with it. That would change the documented
5679 * semantics of "vlan", which might break some expressions.
5680 * However, it would mean that "(vlan and ip) or ip" would check
5681 * both for VLAN-encapsulated IP and IP-over-Ethernet, rather than
5682 * checking only for VLAN-encapsulated IP, so that could still
5683 * be considered worth doing; it wouldn't break expressions
5684 * that are of the form "vlan and ..." or "vlan N and ...",
5685 * which I suspect are the most common expressions involving
5686 * "vlan". "vlan or ..." doesn't necessarily do what the user
5687 * would really want, now, as all the "or ..." tests would
5688 * be done assuming a VLAN, even though the "or" could be viewed
5689 * as meaning "or, if this isn't a VLAN packet...".
5690 */
5691 orig_linktype = off_linktype; /* save original values */
5692 orig_nl = off_nl;
5693
5694 switch (linktype) {
5695
5696 case DLT_EN10MB:
5697 off_linktype += 4;
5698 off_nl_nosnap += 4;
5699 off_nl += 4;
5700 break;
5701
5702 default:
5703 bpf_error("no VLAN support for data link type %d",
5704 linktype);
5705 /*NOTREACHED*/
5706 }
5707
5708 /* check for VLAN */
5709 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q);
5710
5711 /* If a specific VLAN is requested, check VLAN id */
5712 if (vlan_num >= 0) {
5713 struct block *b1;
5714
5715 b1 = gen_mcmp(orig_nl, BPF_H, (bpf_int32)vlan_num, 0x0fff);
5716 gen_and(b0, b1);
5717 b0 = b1;
5718 }
5719
5720 return (b0);
5721 }
5722
5723 /*
5724 * support for MPLS
5725 */
5726 struct block *
5727 gen_mpls(label_num)
5728 int label_num;
5729 {
5730 struct block *b0;
5731
5732 /*
5733 * Change the offsets to point to the type and data fields within
5734 * the MPLS packet. Just increment the offsets, so that we
5735 * can support a hierarchy, e.g. "mpls 100000 && mpls 1024" to
5736 * capture packets with an outer label of 100000 and an inner
5737 * label of 1024.
5738 *
5739 * XXX - this is a bit of a kludge. See comments in gen_vlan().
5740 */
5741 orig_linktype = off_linktype; /* save original values */
5742 orig_nl = off_nl;
5743
5744 switch (linktype) {
5745
5746 case DLT_C_HDLC: /* fall through */
5747 case DLT_EN10MB:
5748 off_linktype += 4;
5749 off_nl_nosnap += 4;
5750 off_nl += 4;
5751
5752 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_MPLS);
5753 break;
5754
5755 case DLT_PPP:
5756 off_linktype += 4;
5757 off_nl_nosnap += 4;
5758 off_nl += 4;
5759
5760 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)PPP_MPLS_UCAST);
5761 break;
5762
5763 /* FIXME add other DLT_s ...
5764 * for Frame-Relay/and ATM this may get messy due to SNAP headers
5765 * leave it for now */
5766
5767 default:
5768 bpf_error("no MPLS support for data link type %d",
5769 linktype);
5770 b0 = NULL;
5771 /*NOTREACHED*/
5772 break;
5773 }
5774
5775 /* If a specific MPLS label is requested, check it */
5776 if (label_num >= 0) {
5777 struct block *b1;
5778
5779 label_num = label_num << 12; /* label is shifted 12 bits on the wire */
5780 b1 = gen_mcmp(orig_nl, BPF_W, (bpf_int32)label_num, 0xfffff000); /* only compare the first 20 bits */
5781 gen_and(b0, b1);
5782 b0 = b1;
5783 }
5784
5785 return (b0);
5786 }
5787
5788 struct block *
5789 gen_atmfield_code(atmfield, jvalue, jtype, reverse)
5790 int atmfield;
5791 bpf_u_int32 jvalue;
5792 bpf_u_int32 jtype;
5793 int reverse;
5794 {
5795 struct block *b0;
5796
5797 switch (atmfield) {
5798
5799 case A_VPI:
5800 if (!is_atm)
5801 bpf_error("'vpi' supported only on raw ATM");
5802 if (off_vpi == (u_int)-1)
5803 abort();
5804 b0 = gen_ncmp(BPF_B, off_vpi, 0xffffffff, (u_int)jtype,
5805 (u_int)jvalue, reverse);
5806 break;
5807
5808 case A_VCI:
5809 if (!is_atm)
5810 bpf_error("'vci' supported only on raw ATM");
5811 if (off_vci == (u_int)-1)
5812 abort();
5813 b0 = gen_ncmp(BPF_H, off_vci, 0xffffffff, (u_int)jtype,
5814 (u_int)jvalue, reverse);
5815 break;
5816
5817 case A_PROTOTYPE:
5818 if (off_proto == (u_int)-1)
5819 abort(); /* XXX - this isn't on FreeBSD */
5820 b0 = gen_ncmp(BPF_B, off_proto, 0x0f, (u_int)jtype,
5821 (u_int)jvalue, reverse);
5822 break;
5823
5824 case A_MSGTYPE:
5825 if (off_payload == (u_int)-1)
5826 abort();
5827 b0 = gen_ncmp(BPF_B, off_payload + MSG_TYPE_POS, 0xffffffff,
5828 (u_int)jtype, (u_int)jvalue, reverse);
5829 break;
5830
5831 case A_CALLREFTYPE:
5832 if (!is_atm)
5833 bpf_error("'callref' supported only on raw ATM");
5834 if (off_proto == (u_int)-1)
5835 abort();
5836 b0 = gen_ncmp(BPF_B, off_proto, 0xffffffff, (u_int)jtype,
5837 (u_int)jvalue, reverse);
5838 break;
5839
5840 default:
5841 abort();
5842 }
5843 return b0;
5844 }
5845
5846 struct block *
5847 gen_atmtype_abbrev(type)
5848 int type;
5849 {
5850 struct block *b0, *b1;
5851
5852 switch (type) {
5853
5854 case A_METAC:
5855 /* Get all packets in Meta signalling Circuit */
5856 if (!is_atm)
5857 bpf_error("'metac' supported only on raw ATM");
5858 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5859 b1 = gen_atmfield_code(A_VCI, 1, BPF_JEQ, 0);
5860 gen_and(b0, b1);
5861 break;
5862
5863 case A_BCC:
5864 /* Get all packets in Broadcast Circuit*/
5865 if (!is_atm)
5866 bpf_error("'bcc' supported only on raw ATM");
5867 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5868 b1 = gen_atmfield_code(A_VCI, 2, BPF_JEQ, 0);
5869 gen_and(b0, b1);
5870 break;
5871
5872 case A_OAMF4SC:
5873 /* Get all cells in Segment OAM F4 circuit*/
5874 if (!is_atm)
5875 bpf_error("'oam4sc' supported only on raw ATM");
5876 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5877 b1 = gen_atmfield_code(A_VCI, 3, BPF_JEQ, 0);
5878 gen_and(b0, b1);
5879 break;
5880
5881 case A_OAMF4EC:
5882 /* Get all cells in End-to-End OAM F4 Circuit*/
5883 if (!is_atm)
5884 bpf_error("'oam4ec' supported only on raw ATM");
5885 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5886 b1 = gen_atmfield_code(A_VCI, 4, BPF_JEQ, 0);
5887 gen_and(b0, b1);
5888 break;
5889
5890 case A_SC:
5891 /* Get all packets in connection Signalling Circuit */
5892 if (!is_atm)
5893 bpf_error("'sc' supported only on raw ATM");
5894 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5895 b1 = gen_atmfield_code(A_VCI, 5, BPF_JEQ, 0);
5896 gen_and(b0, b1);
5897 break;
5898
5899 case A_ILMIC:
5900 /* Get all packets in ILMI Circuit */
5901 if (!is_atm)
5902 bpf_error("'ilmic' supported only on raw ATM");
5903 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5904 b1 = gen_atmfield_code(A_VCI, 16, BPF_JEQ, 0);
5905 gen_and(b0, b1);
5906 break;
5907
5908 case A_LANE:
5909 /* Get all LANE packets */
5910 if (!is_atm)
5911 bpf_error("'lane' supported only on raw ATM");
5912 b1 = gen_atmfield_code(A_PROTOTYPE, PT_LANE, BPF_JEQ, 0);
5913
5914 /*
5915 * Arrange that all subsequent tests assume LANE
5916 * rather than LLC-encapsulated packets, and set
5917 * the offsets appropriately for LANE-encapsulated
5918 * Ethernet.
5919 *
5920 * "off_mac" is the offset of the Ethernet header,
5921 * which is 2 bytes past the ATM pseudo-header
5922 * (skipping the pseudo-header and 2-byte LE Client
5923 * field). The other offsets are Ethernet offsets
5924 * relative to "off_mac".
5925 */
5926 is_lane = 1;
5927 off_mac = off_payload + 2; /* MAC header */
5928 off_linktype = off_mac + 12;
5929 off_nl = off_mac + 14; /* Ethernet II */
5930 off_nl_nosnap = off_mac + 17; /* 802.3+802.2 */
5931 break;
5932
5933 case A_LLC:
5934 /* Get all LLC-encapsulated packets */
5935 if (!is_atm)
5936 bpf_error("'llc' supported only on raw ATM");
5937 b1 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0);
5938 is_lane = 0;
5939 break;
5940
5941 default:
5942 abort();
5943 }
5944 return b1;
5945 }
5946
5947
5948 static struct block *
5949 gen_msg_abbrev(type)
5950 int type;
5951 {
5952 struct block *b1;
5953
5954 /*
5955 * Q.2931 signalling protocol messages for handling virtual circuits
5956 * establishment and teardown
5957 */
5958 switch (type) {
5959
5960 case A_SETUP:
5961 b1 = gen_atmfield_code(A_MSGTYPE, SETUP, BPF_JEQ, 0);
5962 break;
5963
5964 case A_CALLPROCEED:
5965 b1 = gen_atmfield_code(A_MSGTYPE, CALL_PROCEED, BPF_JEQ, 0);
5966 break;
5967
5968 case A_CONNECT:
5969 b1 = gen_atmfield_code(A_MSGTYPE, CONNECT, BPF_JEQ, 0);
5970 break;
5971
5972 case A_CONNECTACK:
5973 b1 = gen_atmfield_code(A_MSGTYPE, CONNECT_ACK, BPF_JEQ, 0);
5974 break;
5975
5976 case A_RELEASE:
5977 b1 = gen_atmfield_code(A_MSGTYPE, RELEASE, BPF_JEQ, 0);
5978 break;
5979
5980 case A_RELEASE_DONE:
5981 b1 = gen_atmfield_code(A_MSGTYPE, RELEASE_DONE, BPF_JEQ, 0);
5982 break;
5983
5984 default:
5985 abort();
5986 }
5987 return b1;
5988 }
5989
5990 struct block *
5991 gen_atmmulti_abbrev(type)
5992 int type;
5993 {
5994 struct block *b0, *b1;
5995
5996 switch (type) {
5997
5998 case A_OAM:
5999 if (!is_atm)
6000 bpf_error("'oam' supported only on raw ATM");
6001 b1 = gen_atmmulti_abbrev(A_OAMF4);
6002 break;
6003
6004 case A_OAMF4:
6005 if (!is_atm)
6006 bpf_error("'oamf4' supported only on raw ATM");
6007 /* OAM F4 type */
6008 b0 = gen_atmfield_code(A_VCI, 3, BPF_JEQ, 0);
6009 b1 = gen_atmfield_code(A_VCI, 4, BPF_JEQ, 0);
6010 gen_or(b0, b1);
6011 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
6012 gen_and(b0, b1);
6013 break;
6014
6015 case A_CONNECTMSG:
6016 /*
6017 * Get Q.2931 signalling messages for switched
6018 * virtual connection
6019 */
6020 if (!is_atm)
6021 bpf_error("'connectmsg' supported only on raw ATM");
6022 b0 = gen_msg_abbrev(A_SETUP);
6023 b1 = gen_msg_abbrev(A_CALLPROCEED);
6024 gen_or(b0, b1);
6025 b0 = gen_msg_abbrev(A_CONNECT);
6026 gen_or(b0, b1);
6027 b0 = gen_msg_abbrev(A_CONNECTACK);
6028 gen_or(b0, b1);
6029 b0 = gen_msg_abbrev(A_RELEASE);
6030 gen_or(b0, b1);
6031 b0 = gen_msg_abbrev(A_RELEASE_DONE);
6032 gen_or(b0, b1);
6033 b0 = gen_atmtype_abbrev(A_SC);
6034 gen_and(b0, b1);
6035 break;
6036
6037 case A_METACONNECT:
6038 if (!is_atm)
6039 bpf_error("'metaconnect' supported only on raw ATM");
6040 b0 = gen_msg_abbrev(A_SETUP);
6041 b1 = gen_msg_abbrev(A_CALLPROCEED);
6042 gen_or(b0, b1);
6043 b0 = gen_msg_abbrev(A_CONNECT);
6044 gen_or(b0, b1);
6045 b0 = gen_msg_abbrev(A_RELEASE);
6046 gen_or(b0, b1);
6047 b0 = gen_msg_abbrev(A_RELEASE_DONE);
6048 gen_or(b0, b1);
6049 b0 = gen_atmtype_abbrev(A_METAC);
6050 gen_and(b0, b1);
6051 break;
6052
6053 default:
6054 abort();
6055 }
6056 return b1;
6057 }
[mirror] the LIBpcap interface to various kernel packet capture mechanism