]> The Tcpdump Group git mirrors - libpcap/blob - gencode.c
projects / libpcap / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Allow "ip6 proto ___" constructs.
[libpcap] / gencode.c
1 /*#define CHASE_CHAIN*/
2 /*
3 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998
4 * The Regents of the University of California. All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that: (1) source code distributions
8 * retain the above copyright notice and this paragraph in its entirety, (2)
9 * distributions including binary code include the above copyright notice and
10 * this paragraph in its entirety in the documentation or other materials
11 * provided with the distribution, and (3) all advertising materials mentioning
12 * features or use of this software display the following acknowledgement:
13 * ``This product includes software developed by the University of California,
14 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
15 * the University nor the names of its contributors may be used to endorse
16 * or promote products derived from this software without specific prior
17 * written permission.
18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
19 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
20 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
21 */
22 #ifndef lint
23 static const char rcsid[] =
24 "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.153 2001-05-30 01:27:21 fenner Exp $ (LBL)";
25 #endif
26
27 #ifdef HAVE_CONFIG_H
28 #include "config.h"
29 #endif
30
31 #include <sys/types.h>
32 #include <sys/socket.h>
33 #include <sys/time.h>
34 #ifdef __NetBSD__
35 #include <sys/param.h>
36 #endif
37
38 struct mbuf;
39 struct rtentry;
40 #include <net/if.h>
41
42 #include <netinet/in.h>
43
44 #include <stdlib.h>
45 #include <string.h>
46 #include <memory.h>
47 #include <setjmp.h>
48 #include <stdarg.h>
49
50 #include "pcap-int.h"
51
52 #include "ethertype.h"
53 #include "nlpid.h"
54 #include "llc.h"
55 #include "gencode.h"
56 #include "ppp.h"
57 #include "sll.h"
58 #include "arcnet.h"
59 #include <pcap-namedb.h>
60 #ifdef INET6
61 #include <netdb.h>
62 #include <sys/socket.h>
63 #endif /*INET6*/
64
65 #define ETHERMTU 1500
66
67 #ifndef IPPROTO_SCTP
68 #define IPPROTO_SCTP 132
69 #endif
70
71 #ifdef HAVE_OS_PROTO_H
72 #include "os-proto.h"
73 #endif
74
75 #define JMP(c) ((c)|BPF_JMP|BPF_K)
76
77 /* Locals */
78 static jmp_buf top_ctx;
79 static pcap_t *bpf_pcap;
80
81 /* XXX */
82 #ifdef PCAP_FDDIPAD
83 int pcap_fddipad = PCAP_FDDIPAD;
84 #else
85 int pcap_fddipad;
86 #endif
87
88 /* VARARGS */
89 void
90 bpf_error(const char *fmt, ...)
91
92 {
93 va_list ap;
94
95 va_start(ap, fmt);
96 if (bpf_pcap != NULL)
97 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE,
98 fmt, ap);
99 va_end(ap);
100 longjmp(top_ctx, 1);
101 /* NOTREACHED */
102 }
103
104 static void init_linktype(int);
105
106 static int alloc_reg(void);
107 static void free_reg(int);
108
109 static struct block *root;
110
111 /*
112 * We divy out chunks of memory rather than call malloc each time so
113 * we don't have to worry about leaking memory. It's probably
114 * not a big deal if all this memory was wasted but it this ever
115 * goes into a library that would probably not be a good idea.
116 */
117 #define NCHUNKS 16
118 #define CHUNK0SIZE 1024
119 struct chunk {
120 u_int n_left;
121 void *m;
122 };
123
124 static struct chunk chunks[NCHUNKS];
125 static int cur_chunk;
126
127 static void *newchunk(u_int);
128 static void freechunks(void);
129 static inline struct block *new_block(int);
130 static inline struct slist *new_stmt(int);
131 static struct block *gen_retblk(int);
132 static inline void syntax(void);
133
134 static void backpatch(struct block *, struct block *);
135 static void merge(struct block *, struct block *);
136 static struct block *gen_cmp(u_int, u_int, bpf_int32);
137 static struct block *gen_cmp_gt(u_int, u_int, bpf_int32);
138 static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32);
139 static struct block *gen_bcmp(u_int, u_int, const u_char *);
140 static struct block *gen_uncond(int);
141 static inline struct block *gen_true(void);
142 static inline struct block *gen_false(void);
143 static struct block *gen_linktype(int);
144 static struct block *gen_snap(bpf_u_int32, bpf_u_int32, u_int);
145 static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int);
146 #ifdef INET6
147 static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int);
148 #endif
149 static struct block *gen_ahostop(const u_char *, int);
150 static struct block *gen_ehostop(const u_char *, int);
151 static struct block *gen_fhostop(const u_char *, int);
152 static struct block *gen_thostop(const u_char *, int);
153 static struct block *gen_dnhostop(bpf_u_int32, int, u_int);
154 static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int);
155 #ifdef INET6
156 static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int);
157 #endif
158 #ifndef INET6
159 static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int);
160 #endif
161 static struct block *gen_ipfrag(void);
162 static struct block *gen_portatom(int, bpf_int32);
163 #ifdef INET6
164 static struct block *gen_portatom6(int, bpf_int32);
165 #endif
166 struct block *gen_portop(int, int, int);
167 static struct block *gen_port(int, int, int);
168 #ifdef INET6
169 struct block *gen_portop6(int, int, int);
170 static struct block *gen_port6(int, int, int);
171 #endif
172 static int lookup_proto(const char *, int);
173 static struct block *gen_protochain(int, int, int);
174 static struct block *gen_proto(int, int, int);
175 static struct slist *xfer_to_x(struct arth *);
176 static struct slist *xfer_to_a(struct arth *);
177 static struct block *gen_len(int, int);
178
179 static void *
180 newchunk(n)
181 u_int n;
182 {
183 struct chunk *cp;
184 int k, size;
185
186 #ifndef __NetBSD__
187 /* XXX Round up to nearest long. */
188 n = (n + sizeof(long) - 1) & ~(sizeof(long) - 1);
189 #else
190 /* XXX Round up to structure boundary. */
191 n = ALIGN(n);
192 #endif
193
194 cp = &chunks[cur_chunk];
195 if (n > cp->n_left) {
196 ++cp, k = ++cur_chunk;
197 if (k >= NCHUNKS)
198 bpf_error("out of memory");
199 size = CHUNK0SIZE << k;
200 cp->m = (void *)malloc(size);
201 memset((char *)cp->m, 0, size);
202 cp->n_left = size;
203 if (n > size)
204 bpf_error("out of memory");
205 }
206 cp->n_left -= n;
207 return (void *)((char *)cp->m + cp->n_left);
208 }
209
210 static void
211 freechunks()
212 {
213 int i;
214
215 cur_chunk = 0;
216 for (i = 0; i < NCHUNKS; ++i)
217 if (chunks[i].m != NULL) {
218 free(chunks[i].m);
219 chunks[i].m = NULL;
220 }
221 }
222
223 /*
224 * A strdup whose allocations are freed after code generation is over.
225 */
226 char *
227 sdup(s)
228 register const char *s;
229 {
230 int n = strlen(s) + 1;
231 char *cp = newchunk(n);
232
233 strlcpy(cp, s, n);
234 return (cp);
235 }
236
237 static inline struct block *
238 new_block(code)
239 int code;
240 {
241 struct block *p;
242
243 p = (struct block *)newchunk(sizeof(*p));
244 p->s.code = code;
245 p->head = p;
246
247 return p;
248 }
249
250 static inline struct slist *
251 new_stmt(code)
252 int code;
253 {
254 struct slist *p;
255
256 p = (struct slist *)newchunk(sizeof(*p));
257 p->s.code = code;
258
259 return p;
260 }
261
262 static struct block *
263 gen_retblk(v)
264 int v;
265 {
266 struct block *b = new_block(BPF_RET|BPF_K);
267
268 b->s.k = v;
269 return b;
270 }
271
272 static inline void
273 syntax()
274 {
275 bpf_error("syntax error in filter expression");
276 }
277
278 static bpf_u_int32 netmask;
279 static int snaplen;
280 int no_optimize;
281
282 int
283 pcap_compile(pcap_t *p, struct bpf_program *program,
284 char *buf, int optimize, bpf_u_int32 mask)
285 {
286 extern int n_errors;
287 int len;
288
289 no_optimize = 0;
290 n_errors = 0;
291 root = NULL;
292 bpf_pcap = p;
293 if (setjmp(top_ctx)) {
294 lex_cleanup();
295 freechunks();
296 return (-1);
297 }
298
299 netmask = mask;
300
301 snaplen = pcap_snapshot(p);
302 if (snaplen == 0) {
303 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
304 "snaplen of 0 rejects all packets");
305 return -1;
306 }
307
308 lex_init(buf ? buf : "");
309 init_linktype(pcap_datalink(p));
310 (void)pcap_parse();
311
312 if (n_errors)
313 syntax();
314
315 if (root == NULL)
316 root = gen_retblk(snaplen);
317
318 if (optimize && !no_optimize) {
319 bpf_optimize(&root);
320 if (root == NULL ||
321 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0))
322 bpf_error("expression rejects all packets");
323 }
324 program->bf_insns = icode_to_fcode(root, &len);
325 program->bf_len = len;
326
327 lex_cleanup();
328 freechunks();
329 return (0);
330 }
331
332 /*
333 * entry point for using the compiler with no pcap open
334 * pass in all the stuff that is needed explicitly instead.
335 */
336 int
337 pcap_compile_nopcap(int snaplen_arg, int linktype_arg,
338 struct bpf_program *program,
339 char *buf, int optimize, bpf_u_int32 mask)
340 {
341 pcap_t *p;
342 int ret;
343
344 p = pcap_open_dead(linktype_arg, snaplen_arg);
345 if (p == NULL)
346 return (-1);
347 ret = pcap_compile(p, program, buf, optimize, mask);
348 pcap_close(p);
349 return (ret);
350 }
351
352 /*
353 * Clean up a "struct bpf_program" by freeing all the memory allocated
354 * in it.
355 */
356 void
357 pcap_freecode(struct bpf_program *program)
358 {
359 program->bf_len = 0;
360 if (program->bf_insns != NULL) {
361 free((char *)program->bf_insns);
362 program->bf_insns = NULL;
363 }
364 }
365
366 /*
367 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates
368 * which of the jt and jf fields has been resolved and which is a pointer
369 * back to another unresolved block (or nil). At least one of the fields
370 * in each block is already resolved.
371 */
372 static void
373 backpatch(list, target)
374 struct block *list, *target;
375 {
376 struct block *next;
377
378 while (list) {
379 if (!list->sense) {
380 next = JT(list);
381 JT(list) = target;
382 } else {
383 next = JF(list);
384 JF(list) = target;
385 }
386 list = next;
387 }
388 }
389
390 /*
391 * Merge the lists in b0 and b1, using the 'sense' field to indicate
392 * which of jt and jf is the link.
393 */
394 static void
395 merge(b0, b1)
396 struct block *b0, *b1;
397 {
398 register struct block **p = &b0;
399
400 /* Find end of list. */
401 while (*p)
402 p = !((*p)->sense) ? &JT(*p) : &JF(*p);
403
404 /* Concatenate the lists. */
405 *p = b1;
406 }
407
408 void
409 finish_parse(p)
410 struct block *p;
411 {
412 backpatch(p, gen_retblk(snaplen));
413 p->sense = !p->sense;
414 backpatch(p, gen_retblk(0));
415 root = p->head;
416 }
417
418 void
419 gen_and(b0, b1)
420 struct block *b0, *b1;
421 {
422 backpatch(b0, b1->head);
423 b0->sense = !b0->sense;
424 b1->sense = !b1->sense;
425 merge(b1, b0);
426 b1->sense = !b1->sense;
427 b1->head = b0->head;
428 }
429
430 void
431 gen_or(b0, b1)
432 struct block *b0, *b1;
433 {
434 b0->sense = !b0->sense;
435 backpatch(b0, b1->head);
436 b0->sense = !b0->sense;
437 merge(b1, b0);
438 b1->head = b0->head;
439 }
440
441 void
442 gen_not(b)
443 struct block *b;
444 {
445 b->sense = !b->sense;
446 }
447
448 static struct block *
449 gen_cmp(offset, size, v)
450 u_int offset, size;
451 bpf_int32 v;
452 {
453 struct slist *s;
454 struct block *b;
455
456 s = new_stmt(BPF_LD|BPF_ABS|size);
457 s->s.k = offset;
458
459 b = new_block(JMP(BPF_JEQ));
460 b->stmts = s;
461 b->s.k = v;
462
463 return b;
464 }
465
466 static struct block *
467 gen_cmp_gt(offset, size, v)
468 u_int offset, size;
469 bpf_int32 v;
470 {
471 struct slist *s;
472 struct block *b;
473
474 s = new_stmt(BPF_LD|BPF_ABS|size);
475 s->s.k = offset;
476
477 b = new_block(JMP(BPF_JGT));
478 b->stmts = s;
479 b->s.k = v;
480
481 return b;
482 }
483
484 static struct block *
485 gen_mcmp(offset, size, v, mask)
486 u_int offset, size;
487 bpf_int32 v;
488 bpf_u_int32 mask;
489 {
490 struct block *b = gen_cmp(offset, size, v);
491 struct slist *s;
492
493 if (mask != 0xffffffff) {
494 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
495 s->s.k = mask;
496 b->stmts->next = s;
497 }
498 return b;
499 }
500
501 static struct block *
502 gen_bcmp(offset, size, v)
503 register u_int offset, size;
504 register const u_char *v;
505 {
506 register struct block *b, *tmp;
507
508 b = NULL;
509 while (size >= 4) {
510 register const u_char *p = &v[size - 4];
511 bpf_int32 w = ((bpf_int32)p[0] << 24) |
512 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3];
513
514 tmp = gen_cmp(offset + size - 4, BPF_W, w);
515 if (b != NULL)
516 gen_and(b, tmp);
517 b = tmp;
518 size -= 4;
519 }
520 while (size >= 2) {
521 register const u_char *p = &v[size - 2];
522 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1];
523
524 tmp = gen_cmp(offset + size - 2, BPF_H, w);
525 if (b != NULL)
526 gen_and(b, tmp);
527 b = tmp;
528 size -= 2;
529 }
530 if (size > 0) {
531 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]);
532 if (b != NULL)
533 gen_and(b, tmp);
534 b = tmp;
535 }
536 return b;
537 }
538
539 /*
540 * Various code constructs need to know the layout of the data link
541 * layer. These variables give the necessary offsets. off_linktype
542 * is set to -1 for no encapsulation, in which case, IP is assumed.
543 */
544 static u_int off_linktype;
545 static u_int off_nl;
546 static int linktype;
547
548 static void
549 init_linktype(type)
550 int type;
551 {
552 linktype = type;
553
554 switch (type) {
555
556 case DLT_ARCNET:
557 off_linktype = 2;
558 off_nl = 6; /* XXX in reality, variable! */
559 return;
560
561 case DLT_EN10MB:
562 off_linktype = 12;
563 off_nl = 14;
564 return;
565
566 case DLT_SLIP:
567 /*
568 * SLIP doesn't have a link level type. The 16 byte
569 * header is hacked into our SLIP driver.
570 */
571 off_linktype = -1;
572 off_nl = 16;
573 return;
574
575 case DLT_SLIP_BSDOS:
576 /* XXX this may be the same as the DLT_PPP_BSDOS case */
577 off_linktype = -1;
578 /* XXX end */
579 off_nl = 24;
580 return;
581
582 case DLT_NULL:
583 case DLT_LOOP:
584 off_linktype = 0;
585 off_nl = 4;
586 return;
587
588 case DLT_PPP:
589 case DLT_C_HDLC: /* BSD/OS Cisco HDLC */
590 case DLT_PPP_SERIAL: /* NetBSD sync/async serial PPP */
591 off_linktype = 2;
592 off_nl = 4;
593 return;
594
595 case DLT_PPP_ETHER: /* NetBSD PPP over Ethernet */
596 /*
597 * This includes the Ethernet header (since we need
598 * the ethertype to dispatch Session vs. Discovery)
599 * and the PPPoE (RFC 2516) header.
600 */
601 off_linktype = 20;
602 off_nl = 22;
603 return;
604
605 case DLT_PPP_BSDOS:
606 off_linktype = 5;
607 off_nl = 24;
608 return;
609
610 case DLT_FDDI:
611 /*
612 * FDDI doesn't really have a link-level type field.
613 * We set "off_linktype" to the offset of the LLC header.
614 *
615 * To check for Ethernet types, we assume that SSAP = SNAP
616 * is being used and pick out the encapsulated Ethernet type.
617 * XXX - should we generate code to check for SNAP?
618 */
619 off_linktype = 13;
620 #ifdef PCAP_FDDIPAD
621 off_linktype += pcap_fddipad;
622 #endif
623 off_nl = 21;
624 #ifdef PCAP_FDDIPAD
625 off_nl += pcap_fddipad;
626 #endif
627 return;
628
629 case DLT_IEEE802:
630 /*
631 * Token Ring doesn't really have a link-level type field.
632 * We set "off_linktype" to the offset of the LLC header.
633 *
634 * To check for Ethernet types, we assume that SSAP = SNAP
635 * is being used and pick out the encapsulated Ethernet type.
636 * XXX - should we generate code to check for SNAP?
637 *
638 * XXX - the header is actually variable-length.
639 * Some various Linux patched versions gave 38
640 * as "off_linktype" and 40 as "off_nl"; however,
641 * if a token ring packet has *no* routing
642 * information, i.e. is not source-routed, the correct
643 * values are 20 and 22, as they are in the vanilla code.
644 *
645 * A packet is source-routed iff the uppermost bit
646 * of the first byte of the source address, at an
647 * offset of 8, has the uppermost bit set. If the
648 * packet is source-routed, the total number of bytes
649 * of routing information is 2 plus bits 0x1F00 of
650 * the 16-bit value at an offset of 14 (shifted right
651 * 8 - figure out which byte that is).
652 */
653 off_linktype = 14;
654 off_nl = 22;
655 return;
656
657 case DLT_ATM_RFC1483:
658 /*
659 * assume routed, non-ISO PDUs
660 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00)
661 */
662 off_linktype = 6;
663 off_nl = 8;
664 return;
665
666 case DLT_RAW:
667 off_linktype = -1;
668 off_nl = 0;
669 return;
670
671 case DLT_ATM_CLIP: /* Linux ATM defines this */
672 off_linktype = 6;
673 off_nl = 8;
674 return;
675
676 case DLT_LINUX_SLL: /* fake header for Linux cooked socket */
677 off_linktype = 14;
678 off_nl = 16;
679 return;
680 }
681 bpf_error("unknown data link type %d", linktype);
682 /* NOTREACHED */
683 }
684
685 static struct block *
686 gen_uncond(rsense)
687 int rsense;
688 {
689 struct block *b;
690 struct slist *s;
691
692 s = new_stmt(BPF_LD|BPF_IMM);
693 s->s.k = !rsense;
694 b = new_block(JMP(BPF_JEQ));
695 b->stmts = s;
696
697 return b;
698 }
699
700 static inline struct block *
701 gen_true()
702 {
703 return gen_uncond(1);
704 }
705
706 static inline struct block *
707 gen_false()
708 {
709 return gen_uncond(0);
710 }
711
712 /*
713 * Byte-swap a 32-bit number.
714 * ("htonl()" or "ntohl()" won't work - we want to byte-swap even on
715 * big-endian platforms.)
716 */
717 #define SWAPLONG(y) \
718 ((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff))
719
720 static struct block *
721 gen_linktype(proto)
722 register int proto;
723 {
724 struct block *b0, *b1;
725
726 switch (linktype) {
727
728 case DLT_EN10MB:
729 switch (proto) {
730
731 case LLCSAP_ISONS:
732 /*
733 * OSI protocols always use 802.2 encapsulation.
734 * XXX - should we check both the DSAP and the
735 * SSAP, like this, or should we check just the
736 * DSAP?
737 */
738 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
739 gen_not(b0);
740 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
741 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
742 gen_and(b0, b1);
743 return b1;
744
745 case LLCSAP_NETBEUI:
746 /*
747 * NetBEUI always uses 802.2 encapsulation.
748 * XXX - should we check both the DSAP and the
749 * SSAP, like this, or should we check just the
750 * DSAP?
751 */
752 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
753 gen_not(b0);
754 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
755 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
756 gen_and(b0, b1);
757 return b1;
758
759 case LLCSAP_IPX:
760 /*
761 * Check for;
762 *
763 * Ethernet_II frames, which are Ethernet
764 * frames with a frame type of ETHERTYPE_IPX;
765 *
766 * Ethernet_802.3 frames, which are 802.3
767 * frames (i.e., the type/length field is
768 * a length field, <= ETHERMTU, rather than
769 * a type field) with the first two bytes
770 * after the Ethernet/802.3 header being
771 * 0xFFFF;
772 *
773 * Ethernet_802.2 frames, which are 802.3
774 * frames with an 802.2 LLC header and
775 * with the IPX LSAP as the DSAP in the LLC
776 * header;
777 *
778 * Ethernet_SNAP frames, which are 802.3
779 * frames with an LLC header and a SNAP
780 * header and with an OUI of 0x000000
781 * (encapsulated Ethernet) and a protocol
782 * ID of ETHERTYPE_IPX in the SNAP header.
783 *
784 * XXX - should we generate the same code both
785 * for tests for LLCSAP_IPX and for ETHERTYPE_IPX?
786 */
787
788 /*
789 * This generates code to check both for the
790 * IPX LSAP (Ethernet_802.2) and for Ethernet_802.3.
791 */
792 b0 = gen_cmp(off_linktype + 2, BPF_B,
793 (bpf_int32)LLCSAP_IPX);
794 b1 = gen_cmp(off_linktype + 2, BPF_H,
795 (bpf_int32)0xFFFF);
796 gen_or(b0, b1);
797
798 /*
799 * Now we add code to check for SNAP frames with
800 * ETHERTYPE_IPX, i.e. Ethernet_SNAP.
801 */
802 b0 = gen_snap(0x000000, ETHERTYPE_IPX, 14);
803 gen_or(b0, b1);
804
805 /*
806 * Now we generate code to check for 802.3
807 * frames in general.
808 */
809 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
810 gen_not(b0);
811
812 /*
813 * Now add the check for 802.3 frames before the
814 * check for Ethernet_802.2 and Ethernet_802.3,
815 * as those checks should only be done on 802.3
816 * frames, not on Ethernet frames.
817 */
818 gen_and(b0, b1);
819
820 /*
821 * Now add the check for Ethernet_II frames, and
822 * do that before checking for the other frame
823 * types.
824 */
825 b0 = gen_cmp(off_linktype, BPF_H,
826 (bpf_int32)ETHERTYPE_IPX);
827 gen_or(b0, b1);
828 return b1;
829
830 case ETHERTYPE_ATALK:
831 case ETHERTYPE_AARP:
832 /*
833 * EtherTalk (AppleTalk protocols on Ethernet link
834 * layer) may use 802.2 encapsulation.
835 */
836
837 /*
838 * Check for 802.2 encapsulation (EtherTalk phase 2?);
839 * we check for an Ethernet type field less than
840 * 1500, which means it's an 802.3 length field.
841 */
842 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
843 gen_not(b0);
844
845 /*
846 * 802.2-encapsulated ETHERTYPE_ATALK packets are
847 * SNAP packets with an organization code of
848 * 0x080007 (Apple, for Appletalk) and a protocol
849 * type of ETHERTYPE_ATALK (Appletalk).
850 *
851 * 802.2-encapsulated ETHERTYPE_AARP packets are
852 * SNAP packets with an organization code of
853 * 0x000000 (encapsulated Ethernet) and a protocol
854 * type of ETHERTYPE_AARP (Appletalk ARP).
855 */
856 if (proto == ETHERTYPE_ATALK)
857 b1 = gen_snap(0x080007, ETHERTYPE_ATALK, 14);
858 else /* proto == ETHERTYPE_AARP */
859 b1 = gen_snap(0x000000, ETHERTYPE_AARP, 14);
860 gen_and(b0, b1);
861
862 /*
863 * Check for Ethernet encapsulation (Ethertalk
864 * phase 1?); we just check for the Ethernet
865 * protocol type.
866 */
867 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
868
869 gen_or(b0, b1);
870 return b1;
871
872 default:
873 if (proto <= ETHERMTU) {
874 /*
875 * This is an LLC SAP value, so the frames
876 * that match would be 802.2 frames.
877 * Check that the frame is an 802.2 frame
878 * (i.e., that the length/type field is
879 * a length field, <= ETHERMTU) and
880 * then check the DSAP.
881 */
882 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
883 gen_not(b0);
884 b1 = gen_cmp(off_linktype + 2, BPF_B,
885 (bpf_int32)proto);
886 gen_and(b0, b1);
887 return b1;
888 } else {
889 /*
890 * This is an Ethernet type, so compare
891 * the length/type field with it (if
892 * the frame is an 802.2 frame, the length
893 * field will be <= ETHERMTU, and, as
894 * "proto" is > ETHERMTU, this test
895 * will fail and the frame won't match,
896 * which is what we want).
897 */
898 return gen_cmp(off_linktype, BPF_H,
899 (bpf_int32)proto);
900 }
901 }
902 break;
903
904 case DLT_FDDI:
905 case DLT_IEEE802:
906 case DLT_ATM_RFC1483:
907 case DLT_ATM_CLIP:
908 /*
909 * XXX - handle token-ring variable-length header.
910 */
911 switch (proto) {
912
913 case LLCSAP_ISONS:
914 return gen_cmp(off_linktype, BPF_H, (long)
915 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
916
917 case LLCSAP_NETBEUI:
918 return gen_cmp(off_linktype, BPF_H, (long)
919 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
920
921 case LLCSAP_IPX:
922 /*
923 * XXX - are there ever SNAP frames for IPX on
924 * non-Ethernet 802.x networks?
925 */
926 return gen_cmp(off_linktype, BPF_B,
927 (bpf_int32)LLCSAP_IPX);
928
929 case ETHERTYPE_ATALK:
930 /*
931 * 802.2-encapsulated ETHERTYPE_ATALK packets are
932 * SNAP packets with an organization code of
933 * 0x080007 (Apple, for Appletalk) and a protocol
934 * type of ETHERTYPE_ATALK (Appletalk).
935 *
936 * XXX - check for an organization code of
937 * encapsulated Ethernet as well?
938 */
939 return gen_snap(0x080007, ETHERTYPE_ATALK,
940 off_linktype);
941 break;
942
943 default:
944 /*
945 * XXX - we don't have to check for IPX 802.3
946 * here, but should we check for the IPX Ethertype?
947 */
948 if (proto <= ETHERMTU) {
949 /*
950 * This is an LLC SAP value, so check
951 * the DSAP.
952 */
953 return gen_cmp(off_linktype, BPF_B,
954 (bpf_int32)proto);
955 } else {
956 /*
957 * This is an Ethernet type; we assume
958 * that it's unlikely that it'll
959 * appear in the right place at random,
960 * and therefore check only the
961 * location that would hold the Ethernet
962 * type in a SNAP frame with an organization
963 * code of 0x000000 (encapsulated Ethernet).
964 *
965 * XXX - if we were to check for the SNAP DSAP
966 * and LSAP, as per XXX, and were also to check
967 * for an organization code of 0x000000
968 * (encapsulated Ethernet), we'd do
969 *
970 * return gen_snap(0x000000, proto,
971 * off_linktype);
972 *
973 * here; for now, we don't, as per the above.
974 * I don't know whether it's worth the
975 * extra CPU time to do the right check
976 * or not.
977 */
978 return gen_cmp(off_linktype+6, BPF_H,
979 (bpf_int32)proto);
980 }
981 }
982 break;
983
984 case DLT_LINUX_SLL:
985 switch (proto) {
986
987 case LLCSAP_ISONS:
988 /*
989 * OSI protocols always use 802.2 encapsulation.
990 * XXX - should we check both the DSAP and the
991 * LSAP, like this, or should we check just the
992 * DSAP?
993 */
994 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
995 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
996 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
997 gen_and(b0, b1);
998 return b1;
999
1000 case LLCSAP_NETBEUI:
1001 /*
1002 * NetBEUI always uses 802.2 encapsulation.
1003 * XXX - should we check both the DSAP and the
1004 * LSAP, like this, or should we check just the
1005 * DSAP?
1006 */
1007 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1008 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1009 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
1010 gen_and(b0, b1);
1011 return b1;
1012
1013 case LLCSAP_IPX:
1014 /*
1015 * Ethernet_II frames, which are Ethernet
1016 * frames with a frame type of ETHERTYPE_IPX;
1017 *
1018 * Ethernet_802.3 frames, which have a frame
1019 * type of LINUX_SLL_P_802_3;
1020 *
1021 * Ethernet_802.2 frames, which are 802.3
1022 * frames with an 802.2 LLC header (i.e, have
1023 * a frame type of LINUX_SLL_P_802_2) and
1024 * with the IPX LSAP as the DSAP in the LLC
1025 * header;
1026 *
1027 * Ethernet_SNAP frames, which are 802.3
1028 * frames with an LLC header and a SNAP
1029 * header and with an OUI of 0x000000
1030 * (encapsulated Ethernet) and a protocol
1031 * ID of ETHERTYPE_IPX in the SNAP header.
1032 *
1033 * First, do the checks on LINUX_SLL_P_802_2
1034 * frames; generate the check for either
1035 * Ethernet_802.2 or Ethernet_SNAP frames, and
1036 * then put a check for LINUX_SLL_P_802_2 frames
1037 * before it.
1038 */
1039 b0 = gen_cmp(off_linktype + 2, BPF_B,
1040 (bpf_int32)LLCSAP_IPX);
1041 b1 = gen_snap(0x000000, ETHERTYPE_IPX,
1042 off_linktype + 2);
1043 gen_or(b0, b1);
1044 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1045 gen_and(b0, b1);
1046
1047 /*
1048 * Now check for 802.3 frames and OR that with
1049 * the previous test.
1050 */
1051 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_3);
1052 gen_or(b0, b1);
1053
1054 /*
1055 * Now add the check for Ethernet_II frames, and
1056 * do that before checking for the other frame
1057 * types.
1058 */
1059 b0 = gen_cmp(off_linktype, BPF_H,
1060 (bpf_int32)ETHERTYPE_IPX);
1061 gen_or(b0, b1);
1062 return b1;
1063
1064 case ETHERTYPE_ATALK:
1065 case ETHERTYPE_AARP:
1066 /*
1067 * EtherTalk (AppleTalk protocols on Ethernet link
1068 * layer) may use 802.2 encapsulation.
1069 */
1070
1071 /*
1072 * Check for 802.2 encapsulation (EtherTalk phase 2?);
1073 * we check for the 802.2 protocol type in the
1074 * "Ethernet type" field.
1075 */
1076 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1077
1078 /*
1079 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1080 * SNAP packets with an organization code of
1081 * 0x080007 (Apple, for Appletalk) and a protocol
1082 * type of ETHERTYPE_ATALK (Appletalk).
1083 *
1084 * 802.2-encapsulated ETHERTYPE_AARP packets are
1085 * SNAP packets with an organization code of
1086 * 0x000000 (encapsulated Ethernet) and a protocol
1087 * type of ETHERTYPE_AARP (Appletalk ARP).
1088 */
1089 if (proto == ETHERTYPE_ATALK)
1090 b1 = gen_snap(0x080007, ETHERTYPE_ATALK,
1091 off_linktype + 2);
1092 else /* proto == ETHERTYPE_AARP */
1093 b1 = gen_snap(0x000000, ETHERTYPE_AARP,
1094 off_linktype + 2);
1095 gen_and(b0, b1);
1096
1097 /*
1098 * Check for Ethernet encapsulation (Ethertalk
1099 * phase 1?); we just check for the Ethernet
1100 * protocol type.
1101 */
1102 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1103
1104 gen_or(b0, b1);
1105 return b1;
1106
1107 default:
1108 if (proto <= ETHERMTU) {
1109 /*
1110 * This is an LLC SAP value, so the frames
1111 * that match would be 802.2 frames.
1112 * Check for the 802.2 protocol type
1113 * in the "Ethernet type" field, and
1114 * then check the DSAP.
1115 */
1116 b0 = gen_cmp(off_linktype, BPF_H,
1117 LINUX_SLL_P_802_2);
1118 b1 = gen_cmp(off_linktype + 2, BPF_B,
1119 (bpf_int32)proto);
1120 gen_and(b0, b1);
1121 return b1;
1122 } else {
1123 /*
1124 * This is an Ethernet type, so compare
1125 * the length/type field with it (if
1126 * the frame is an 802.2 frame, the length
1127 * field will be <= ETHERMTU, and, as
1128 * "proto" is > ETHERMTU, this test
1129 * will fail and the frame won't match,
1130 * which is what we want).
1131 */
1132 return gen_cmp(off_linktype, BPF_H,
1133 (bpf_int32)proto);
1134 }
1135 }
1136 break;
1137
1138 case DLT_SLIP:
1139 case DLT_SLIP_BSDOS:
1140 case DLT_RAW:
1141 /*
1142 * These types don't provide any type field; packets
1143 * are always IP.
1144 *
1145 * XXX - for IPv4, check for a version number of 4, and,
1146 * for IPv6, check for a version number of 6?
1147 */
1148 switch (proto) {
1149
1150 case ETHERTYPE_IP:
1151 #ifdef INET6
1152 case ETHERTYPE_IPV6:
1153 #endif
1154 return gen_true(); /* always true */
1155
1156 default:
1157 return gen_false(); /* always false */
1158 }
1159 break;
1160
1161 case DLT_PPP:
1162 case DLT_PPP_SERIAL:
1163 /*
1164 * We use Ethernet protocol types inside libpcap;
1165 * map them to the corresponding PPP protocol types.
1166 */
1167 switch (proto) {
1168
1169 case ETHERTYPE_IP:
1170 proto = PPP_IP; /* XXX was 0x21 */
1171 break;
1172
1173 #ifdef INET6
1174 case ETHERTYPE_IPV6:
1175 proto = PPP_IPV6;
1176 break;
1177 #endif
1178
1179 case ETHERTYPE_DN:
1180 proto = PPP_DECNET;
1181 break;
1182
1183 case ETHERTYPE_ATALK:
1184 proto = PPP_APPLE;
1185 break;
1186
1187 case ETHERTYPE_NS:
1188 proto = PPP_NS;
1189 break;
1190
1191 case LLCSAP_ISONS:
1192 proto = PPP_OSI;
1193 break;
1194
1195 case LLCSAP_8021D:
1196 /*
1197 * I'm assuming the "Bridging PDU"s that go
1198 * over PPP are Spanning Tree Protocol
1199 * Bridging PDUs.
1200 */
1201 proto = PPP_BRPDU;
1202 break;
1203
1204 case LLCSAP_IPX:
1205 proto = PPP_IPX;
1206 break;
1207 }
1208 break;
1209
1210 case DLT_PPP_BSDOS:
1211 /*
1212 * We use Ethernet protocol types inside libpcap;
1213 * map them to the corresponding PPP protocol types.
1214 */
1215 switch (proto) {
1216
1217 case ETHERTYPE_IP:
1218 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP);
1219 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC);
1220 gen_or(b0, b1);
1221 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC);
1222 gen_or(b1, b0);
1223 return b0;
1224
1225 #ifdef INET6
1226 case ETHERTYPE_IPV6:
1227 proto = PPP_IPV6;
1228 /* more to go? */
1229 break;
1230 #endif
1231
1232 case ETHERTYPE_DN:
1233 proto = PPP_DECNET;
1234 break;
1235
1236 case ETHERTYPE_ATALK:
1237 proto = PPP_APPLE;
1238 break;
1239
1240 case ETHERTYPE_NS:
1241 proto = PPP_NS;
1242 break;
1243
1244 case LLCSAP_ISONS:
1245 proto = PPP_OSI;
1246 break;
1247
1248 case LLCSAP_8021D:
1249 /*
1250 * I'm assuming the "Bridging PDU"s that go
1251 * over PPP are Spanning Tree Protocol
1252 * Bridging PDUs.
1253 */
1254 proto = PPP_BRPDU;
1255 break;
1256
1257 case LLCSAP_IPX:
1258 proto = PPP_IPX;
1259 break;
1260 }
1261 break;
1262
1263 case DLT_NULL:
1264 case DLT_LOOP:
1265 /*
1266 * For DLT_NULL, the link-layer header is a 32-bit
1267 * word containing an AF_ value in *host* byte order.
1268 *
1269 * In addition, if we're reading a saved capture file,
1270 * the host byte order in the capture may not be the
1271 * same as the host byte order on this machine.
1272 *
1273 * For DLT_LOOP, the link-layer header is a 32-bit
1274 * word containing an AF_ value in *network* byte order.
1275 *
1276 * XXX - AF_ values may, unfortunately, be platform-
1277 * dependent; for example, FreeBSD's AF_INET6 is 24
1278 * whilst NetBSD's and OpenBSD's is 26.
1279 *
1280 * This means that, when reading a capture file, just
1281 * checking for our AF_INET6 value won't work if the
1282 * capture file came from another OS.
1283 */
1284 switch (proto) {
1285
1286 case ETHERTYPE_IP:
1287 proto = AF_INET;
1288 break;
1289
1290 #ifdef INET6
1291 case ETHERTYPE_IPV6:
1292 proto = AF_INET6;
1293 break;
1294 #endif
1295
1296 default:
1297 /*
1298 * Not a type on which we support filtering.
1299 * XXX - support those that have AF_ values
1300 * #defined on this platform, at least?
1301 */
1302 return gen_false();
1303 }
1304
1305 if (linktype == DLT_NULL) {
1306 /*
1307 * The AF_ value is in host byte order, but
1308 * the BPF interpreter will convert it to
1309 * network byte order.
1310 *
1311 * If this is a save file, and it's from a
1312 * machine with the opposite byte order to
1313 * ours, we byte-swap the AF_ value.
1314 *
1315 * Then we run it through "htonl()", and
1316 * generate code to compare against the result.
1317 */
1318 if (bpf_pcap->sf.rfile != NULL &&
1319 bpf_pcap->sf.swapped)
1320 proto = SWAPLONG(proto);
1321 proto = htonl(proto);
1322 }
1323 return (gen_cmp(0, BPF_W, (bpf_int32)proto));
1324
1325 case DLT_ARCNET:
1326 /*
1327 * XXX should we check for first fragment if the protocol
1328 * uses PHDS?
1329 */
1330 switch(proto) {
1331 default:
1332 return gen_false();
1333 #ifdef INET6
1334 case ETHERTYPE_IPV6:
1335 return(gen_cmp(2, BPF_B,
1336 (bpf_int32)htonl(ARCTYPE_INET6)));
1337 #endif /* INET6 */
1338 case ETHERTYPE_IP:
1339 b0 = gen_cmp(2, BPF_B, (bpf_int32)htonl(ARCTYPE_IP));
1340 b1 = gen_cmp(2, BPF_B,
1341 (bpf_int32)htonl(ARCTYPE_IP_OLD));
1342 gen_or(b0, b1);
1343 return(b1);
1344 case ETHERTYPE_ARP:
1345 b0 = gen_cmp(2, BPF_B, (bpf_int32)htonl(ARCTYPE_ARP));
1346 b1 = gen_cmp(2, BPF_B,
1347 (bpf_int32)htonl(ARCTYPE_ARP_OLD));
1348 gen_or(b0, b1);
1349 return(b1);
1350 case ETHERTYPE_REVARP:
1351 return(gen_cmp(2, BPF_B,
1352 (bpf_int32)htonl(ARCTYPE_REVARP)));
1353 case ETHERTYPE_ATALK:
1354 return(gen_cmp(2, BPF_B,
1355 (bpf_int32)htonl(ARCTYPE_ATALK)));
1356 }
1357 break;
1358 }
1359
1360 /*
1361 * All the types that have no encapsulation should either be
1362 * handled as DLT_SLIP, DLT_SLIP_BSDOS, and DLT_RAW are, if
1363 * all packets are IP packets, or should be handled in some
1364 * special case, if none of them are (if some are and some
1365 * aren't, the lack of encapsulation is a problem, as we'd
1366 * have to find some other way of determining the packet type).
1367 *
1368 * Therefore, if "off_linktype" is -1, there's an error.
1369 */
1370 if (off_linktype == -1)
1371 abort();
1372
1373 /*
1374 * Any type not handled above should always have an Ethernet
1375 * type at an offset of "off_linktype". (PPP is partially
1376 * handled above - the protocol type is mapped from the
1377 * Ethernet and LLC types we use internally to the corresponding
1378 * PPP type - but the PPP type is always specified by a value
1379 * at "off_linktype", so we don't have to do the code generation
1380 * above.)
1381 */
1382 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1383 }
1384
1385 /*
1386 * Check for an LLC SNAP packet with a given organization code and
1387 * protocol type; we check the entire contents of the 802.2 LLC and
1388 * snap headers, checking for DSAP and SSAP of SNAP and a control
1389 * field of 0x03 in the LLC header, and for the specified organization
1390 * code and protocol type in the SNAP header.
1391 */
1392 static struct block *
1393 gen_snap(orgcode, ptype, offset)
1394 bpf_u_int32 orgcode;
1395 bpf_u_int32 ptype;
1396 u_int offset;
1397 {
1398 u_char snapblock[8];
1399
1400 snapblock[0] = LLCSAP_SNAP; /* DSAP = SNAP */
1401 snapblock[1] = LLCSAP_SNAP; /* SSAP = SNAP */
1402 snapblock[2] = 0x03; /* control = UI */
1403 snapblock[3] = (orgcode >> 16); /* upper 8 bits of organization code */
1404 snapblock[4] = (orgcode >> 8); /* middle 8 bits of organization code */
1405 snapblock[5] = (orgcode >> 0); /* lower 8 bits of organization code */
1406 snapblock[6] = (ptype >> 8); /* upper 8 bits of protocol type */
1407 snapblock[7] = (ptype >> 0); /* lower 8 bits of protocol type */
1408 return gen_bcmp(offset, 8, snapblock);
1409 }
1410
1411 static struct block *
1412 gen_hostop(addr, mask, dir, proto, src_off, dst_off)
1413 bpf_u_int32 addr;
1414 bpf_u_int32 mask;
1415 int dir, proto;
1416 u_int src_off, dst_off;
1417 {
1418 struct block *b0, *b1;
1419 u_int offset;
1420
1421 switch (dir) {
1422
1423 case Q_SRC:
1424 offset = src_off;
1425 break;
1426
1427 case Q_DST:
1428 offset = dst_off;
1429 break;
1430
1431 case Q_AND:
1432 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
1433 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
1434 gen_and(b0, b1);
1435 return b1;
1436
1437 case Q_OR:
1438 case Q_DEFAULT:
1439 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
1440 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
1441 gen_or(b0, b1);
1442 return b1;
1443
1444 default:
1445 abort();
1446 }
1447 b0 = gen_linktype(proto);
1448 b1 = gen_mcmp(offset, BPF_W, (bpf_int32)addr, mask);
1449 gen_and(b0, b1);
1450 return b1;
1451 }
1452
1453 #ifdef INET6
1454 static struct block *
1455 gen_hostop6(addr, mask, dir, proto, src_off, dst_off)
1456 struct in6_addr *addr;
1457 struct in6_addr *mask;
1458 int dir, proto;
1459 u_int src_off, dst_off;
1460 {
1461 struct block *b0, *b1;
1462 u_int offset;
1463 u_int32_t *a, *m;
1464
1465 switch (dir) {
1466
1467 case Q_SRC:
1468 offset = src_off;
1469 break;
1470
1471 case Q_DST:
1472 offset = dst_off;
1473 break;
1474
1475 case Q_AND:
1476 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
1477 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
1478 gen_and(b0, b1);
1479 return b1;
1480
1481 case Q_OR:
1482 case Q_DEFAULT:
1483 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
1484 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
1485 gen_or(b0, b1);
1486 return b1;
1487
1488 default:
1489 abort();
1490 }
1491 /* this order is important */
1492 a = (u_int32_t *)addr;
1493 m = (u_int32_t *)mask;
1494 b1 = gen_mcmp(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3]));
1495 b0 = gen_mcmp(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2]));
1496 gen_and(b0, b1);
1497 b0 = gen_mcmp(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1]));
1498 gen_and(b0, b1);
1499 b0 = gen_mcmp(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0]));
1500 gen_and(b0, b1);
1501 b0 = gen_linktype(proto);
1502 gen_and(b0, b1);
1503 return b1;
1504 }
1505 #endif /*INET6*/
1506
1507 static struct block *
1508 gen_ehostop(eaddr, dir)
1509 register const u_char *eaddr;
1510 register int dir;
1511 {
1512 register struct block *b0, *b1;
1513
1514 switch (dir) {
1515 case Q_SRC:
1516 return gen_bcmp(6, 6, eaddr);
1517
1518 case Q_DST:
1519 return gen_bcmp(0, 6, eaddr);
1520
1521 case Q_AND:
1522 b0 = gen_ehostop(eaddr, Q_SRC);
1523 b1 = gen_ehostop(eaddr, Q_DST);
1524 gen_and(b0, b1);
1525 return b1;
1526
1527 case Q_DEFAULT:
1528 case Q_OR:
1529 b0 = gen_ehostop(eaddr, Q_SRC);
1530 b1 = gen_ehostop(eaddr, Q_DST);
1531 gen_or(b0, b1);
1532 return b1;
1533 }
1534 abort();
1535 /* NOTREACHED */
1536 }
1537
1538 /*
1539 * Like gen_ehostop, but for DLT_FDDI
1540 */
1541 static struct block *
1542 gen_fhostop(eaddr, dir)
1543 register const u_char *eaddr;
1544 register int dir;
1545 {
1546 struct block *b0, *b1;
1547
1548 switch (dir) {
1549 case Q_SRC:
1550 #ifdef PCAP_FDDIPAD
1551 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr);
1552 #else
1553 return gen_bcmp(6 + 1, 6, eaddr);
1554 #endif
1555
1556 case Q_DST:
1557 #ifdef PCAP_FDDIPAD
1558 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr);
1559 #else
1560 return gen_bcmp(0 + 1, 6, eaddr);
1561 #endif
1562
1563 case Q_AND:
1564 b0 = gen_fhostop(eaddr, Q_SRC);
1565 b1 = gen_fhostop(eaddr, Q_DST);
1566 gen_and(b0, b1);
1567 return b1;
1568
1569 case Q_DEFAULT:
1570 case Q_OR:
1571 b0 = gen_fhostop(eaddr, Q_SRC);
1572 b1 = gen_fhostop(eaddr, Q_DST);
1573 gen_or(b0, b1);
1574 return b1;
1575 }
1576 abort();
1577 /* NOTREACHED */
1578 }
1579
1580 /*
1581 * Like gen_ehostop, but for DLT_IEEE802 (Token Ring)
1582 */
1583 static struct block *
1584 gen_thostop(eaddr, dir)
1585 register const u_char *eaddr;
1586 register int dir;
1587 {
1588 register struct block *b0, *b1;
1589
1590 switch (dir) {
1591 case Q_SRC:
1592 return gen_bcmp(8, 6, eaddr);
1593
1594 case Q_DST:
1595 return gen_bcmp(2, 6, eaddr);
1596
1597 case Q_AND:
1598 b0 = gen_thostop(eaddr, Q_SRC);
1599 b1 = gen_thostop(eaddr, Q_DST);
1600 gen_and(b0, b1);
1601 return b1;
1602
1603 case Q_DEFAULT:
1604 case Q_OR:
1605 b0 = gen_thostop(eaddr, Q_SRC);
1606 b1 = gen_thostop(eaddr, Q_DST);
1607 gen_or(b0, b1);
1608 return b1;
1609 }
1610 abort();
1611 /* NOTREACHED */
1612 }
1613
1614 /*
1615 * This is quite tricky because there may be pad bytes in front of the
1616 * DECNET header, and then there are two possible data packet formats that
1617 * carry both src and dst addresses, plus 5 packet types in a format that
1618 * carries only the src node, plus 2 types that use a different format and
1619 * also carry just the src node.
1620 *
1621 * Yuck.
1622 *
1623 * Instead of doing those all right, we just look for data packets with
1624 * 0 or 1 bytes of padding. If you want to look at other packets, that
1625 * will require a lot more hacking.
1626 *
1627 * To add support for filtering on DECNET "areas" (network numbers)
1628 * one would want to add a "mask" argument to this routine. That would
1629 * make the filter even more inefficient, although one could be clever
1630 * and not generate masking instructions if the mask is 0xFFFF.
1631 */
1632 static struct block *
1633 gen_dnhostop(addr, dir, base_off)
1634 bpf_u_int32 addr;
1635 int dir;
1636 u_int base_off;
1637 {
1638 struct block *b0, *b1, *b2, *tmp;
1639 u_int offset_lh; /* offset if long header is received */
1640 u_int offset_sh; /* offset if short header is received */
1641
1642 switch (dir) {
1643
1644 case Q_DST:
1645 offset_sh = 1; /* follows flags */
1646 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */
1647 break;
1648
1649 case Q_SRC:
1650 offset_sh = 3; /* follows flags, dstnode */
1651 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */
1652 break;
1653
1654 case Q_AND:
1655 /* Inefficient because we do our Calvinball dance twice */
1656 b0 = gen_dnhostop(addr, Q_SRC, base_off);
1657 b1 = gen_dnhostop(addr, Q_DST, base_off);
1658 gen_and(b0, b1);
1659 return b1;
1660
1661 case Q_OR:
1662 case Q_DEFAULT:
1663 /* Inefficient because we do our Calvinball dance twice */
1664 b0 = gen_dnhostop(addr, Q_SRC, base_off);
1665 b1 = gen_dnhostop(addr, Q_DST, base_off);
1666 gen_or(b0, b1);
1667 return b1;
1668
1669 case Q_ISO:
1670 bpf_error("ISO host filtering not implemented");
1671
1672 default:
1673 abort();
1674 }
1675 b0 = gen_linktype(ETHERTYPE_DN);
1676 /* Check for pad = 1, long header case */
1677 tmp = gen_mcmp(base_off + 2, BPF_H,
1678 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF));
1679 b1 = gen_cmp(base_off + 2 + 1 + offset_lh,
1680 BPF_H, (bpf_int32)ntohs(addr));
1681 gen_and(tmp, b1);
1682 /* Check for pad = 0, long header case */
1683 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7);
1684 b2 = gen_cmp(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr));
1685 gen_and(tmp, b2);
1686 gen_or(b2, b1);
1687 /* Check for pad = 1, short header case */
1688 tmp = gen_mcmp(base_off + 2, BPF_H,
1689 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF));
1690 b2 = gen_cmp(base_off + 2 + 1 + offset_sh,
1691 BPF_H, (bpf_int32)ntohs(addr));
1692 gen_and(tmp, b2);
1693 gen_or(b2, b1);
1694 /* Check for pad = 0, short header case */
1695 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7);
1696 b2 = gen_cmp(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr));
1697 gen_and(tmp, b2);
1698 gen_or(b2, b1);
1699
1700 /* Combine with test for linktype */
1701 gen_and(b0, b1);
1702 return b1;
1703 }
1704
1705 static struct block *
1706 gen_host(addr, mask, proto, dir)
1707 bpf_u_int32 addr;
1708 bpf_u_int32 mask;
1709 int proto;
1710 int dir;
1711 {
1712 struct block *b0, *b1;
1713
1714 switch (proto) {
1715
1716 case Q_DEFAULT:
1717 b0 = gen_host(addr, mask, Q_IP, dir);
1718 if (off_linktype != -1) {
1719 b1 = gen_host(addr, mask, Q_ARP, dir);
1720 gen_or(b0, b1);
1721 b0 = gen_host(addr, mask, Q_RARP, dir);
1722 gen_or(b1, b0);
1723 }
1724 return b0;
1725
1726 case Q_IP:
1727 return gen_hostop(addr, mask, dir, ETHERTYPE_IP,
1728 off_nl + 12, off_nl + 16);
1729
1730 case Q_RARP:
1731 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP,
1732 off_nl + 14, off_nl + 24);
1733
1734 case Q_ARP:
1735 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP,
1736 off_nl + 14, off_nl + 24);
1737
1738 case Q_TCP:
1739 bpf_error("'tcp' modifier applied to host");
1740
1741 case Q_SCTP:
1742 bpf_error("'sctp' modifier applied to host");
1743
1744 case Q_UDP:
1745 bpf_error("'udp' modifier applied to host");
1746
1747 case Q_ICMP:
1748 bpf_error("'icmp' modifier applied to host");
1749
1750 case Q_IGMP:
1751 bpf_error("'igmp' modifier applied to host");
1752
1753 case Q_IGRP:
1754 bpf_error("'igrp' modifier applied to host");
1755
1756 case Q_PIM:
1757 bpf_error("'pim' modifier applied to host");
1758
1759 case Q_VRRP:
1760 bpf_error("'vrrp' modifier applied to host");
1761
1762 case Q_ATALK:
1763 bpf_error("ATALK host filtering not implemented");
1764
1765 case Q_AARP:
1766 bpf_error("AARP host filtering not implemented");
1767
1768 case Q_DECNET:
1769 return gen_dnhostop(addr, dir, off_nl);
1770
1771 case Q_SCA:
1772 bpf_error("SCA host filtering not implemented");
1773
1774 case Q_LAT:
1775 bpf_error("LAT host filtering not implemented");
1776
1777 case Q_MOPDL:
1778 bpf_error("MOPDL host filtering not implemented");
1779
1780 case Q_MOPRC:
1781 bpf_error("MOPRC host filtering not implemented");
1782
1783 #ifdef INET6
1784 case Q_IPV6:
1785 bpf_error("'ip6' modifier applied to ip host");
1786
1787 case Q_ICMPV6:
1788 bpf_error("'icmp6' modifier applied to host");
1789 #endif /* INET6 */
1790
1791 case Q_AH:
1792 bpf_error("'ah' modifier applied to host");
1793
1794 case Q_ESP:
1795 bpf_error("'esp' modifier applied to host");
1796
1797 case Q_ISO:
1798 bpf_error("ISO host filtering not implemented");
1799
1800 case Q_ESIS:
1801 bpf_error("'esis' modifier applied to host");
1802
1803 case Q_ISIS:
1804 bpf_error("'isis' modifier applied to host");
1805
1806 case Q_CLNP:
1807 bpf_error("'clnp' modifier applied to host");
1808
1809 case Q_STP:
1810 bpf_error("'stp' modifier applied to host");
1811
1812 case Q_IPX:
1813 bpf_error("IPX host filtering not implemented");
1814
1815 case Q_NETBEUI:
1816 bpf_error("'netbeui' modifier applied to host");
1817
1818 default:
1819 abort();
1820 }
1821 /* NOTREACHED */
1822 }
1823
1824 #ifdef INET6
1825 static struct block *
1826 gen_host6(addr, mask, proto, dir)
1827 struct in6_addr *addr;
1828 struct in6_addr *mask;
1829 int proto;
1830 int dir;
1831 {
1832 switch (proto) {
1833
1834 case Q_DEFAULT:
1835 return gen_host6(addr, mask, Q_IPV6, dir);
1836
1837 case Q_IP:
1838 bpf_error("'ip' modifier applied to ip6 host");
1839
1840 case Q_RARP:
1841 bpf_error("'rarp' modifier applied to ip6 host");
1842
1843 case Q_ARP:
1844 bpf_error("'arp' modifier applied to ip6 host");
1845
1846 case Q_SCTP:
1847 bpf_error("'sctp' modifier applied to host");
1848
1849 case Q_TCP:
1850 bpf_error("'tcp' modifier applied to host");
1851
1852 case Q_UDP:
1853 bpf_error("'udp' modifier applied to host");
1854
1855 case Q_ICMP:
1856 bpf_error("'icmp' modifier applied to host");
1857
1858 case Q_IGMP:
1859 bpf_error("'igmp' modifier applied to host");
1860
1861 case Q_IGRP:
1862 bpf_error("'igrp' modifier applied to host");
1863
1864 case Q_PIM:
1865 bpf_error("'pim' modifier applied to host");
1866
1867 case Q_VRRP:
1868 bpf_error("'vrrp' modifier applied to host");
1869
1870 case Q_ATALK:
1871 bpf_error("ATALK host filtering not implemented");
1872
1873 case Q_AARP:
1874 bpf_error("AARP host filtering not implemented");
1875
1876 case Q_DECNET:
1877 bpf_error("'decnet' modifier applied to ip6 host");
1878
1879 case Q_SCA:
1880 bpf_error("SCA host filtering not implemented");
1881
1882 case Q_LAT:
1883 bpf_error("LAT host filtering not implemented");
1884
1885 case Q_MOPDL:
1886 bpf_error("MOPDL host filtering not implemented");
1887
1888 case Q_MOPRC:
1889 bpf_error("MOPRC host filtering not implemented");
1890
1891 case Q_IPV6:
1892 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6,
1893 off_nl + 8, off_nl + 24);
1894
1895 case Q_ICMPV6:
1896 bpf_error("'icmp6' modifier applied to host");
1897
1898 case Q_AH:
1899 bpf_error("'ah' modifier applied to host");
1900
1901 case Q_ESP:
1902 bpf_error("'esp' modifier applied to host");
1903
1904 case Q_ISO:
1905 bpf_error("ISO host filtering not implemented");
1906
1907 case Q_ESIS:
1908 bpf_error("'esis' modifier applied to host");
1909
1910 case Q_ISIS:
1911 bpf_error("'isis' modifier applied to host");
1912
1913 case Q_CLNP:
1914 bpf_error("'clnp' modifier applied to host");
1915
1916 case Q_STP:
1917 bpf_error("'stp' modifier applied to host");
1918
1919 case Q_IPX:
1920 bpf_error("IPX host filtering not implemented");
1921
1922 case Q_NETBEUI:
1923 bpf_error("'netbeui' modifier applied to host");
1924
1925 default:
1926 abort();
1927 }
1928 /* NOTREACHED */
1929 }
1930 #endif /*INET6*/
1931
1932 #ifndef INET6
1933 static struct block *
1934 gen_gateway(eaddr, alist, proto, dir)
1935 const u_char *eaddr;
1936 bpf_u_int32 **alist;
1937 int proto;
1938 int dir;
1939 {
1940 struct block *b0, *b1, *tmp;
1941
1942 if (dir != 0)
1943 bpf_error("direction applied to 'gateway'");
1944
1945 switch (proto) {
1946 case Q_DEFAULT:
1947 case Q_IP:
1948 case Q_ARP:
1949 case Q_RARP:
1950 if (linktype == DLT_EN10MB)
1951 b0 = gen_ehostop(eaddr, Q_OR);
1952 else if (linktype == DLT_FDDI)
1953 b0 = gen_fhostop(eaddr, Q_OR);
1954 else if (linktype == DLT_IEEE802)
1955 b0 = gen_thostop(eaddr, Q_OR);
1956 else
1957 bpf_error(
1958 "'gateway' supported only on ethernet, FDDI or token ring");
1959
1960 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR);
1961 while (*alist) {
1962 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR);
1963 gen_or(b1, tmp);
1964 b1 = tmp;
1965 }
1966 gen_not(b1);
1967 gen_and(b0, b1);
1968 return b1;
1969 }
1970 bpf_error("illegal modifier of 'gateway'");
1971 /* NOTREACHED */
1972 }
1973 #endif
1974
1975 struct block *
1976 gen_proto_abbrev(proto)
1977 int proto;
1978 {
1979 #ifdef INET6
1980 struct block *b0;
1981 #endif
1982 struct block *b1;
1983
1984 switch (proto) {
1985
1986 case Q_SCTP:
1987 b1 = gen_proto(IPPROTO_SCTP, Q_IP, Q_DEFAULT);
1988 #ifdef INET6
1989 b0 = gen_proto(IPPROTO_SCTP, Q_IPV6, Q_DEFAULT);
1990 gen_or(b0, b1);
1991 #endif
1992 break;
1993
1994 case Q_TCP:
1995 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT);
1996 #ifdef INET6
1997 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT);
1998 gen_or(b0, b1);
1999 #endif
2000 break;
2001
2002 case Q_UDP:
2003 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT);
2004 #ifdef INET6
2005 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT);
2006 gen_or(b0, b1);
2007 #endif
2008 break;
2009
2010 case Q_ICMP:
2011 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT);
2012 break;
2013
2014 #ifndef IPPROTO_IGMP
2015 #define IPPROTO_IGMP 2
2016 #endif
2017
2018 case Q_IGMP:
2019 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT);
2020 break;
2021
2022 #ifndef IPPROTO_IGRP
2023 #define IPPROTO_IGRP 9
2024 #endif
2025 case Q_IGRP:
2026 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT);
2027 break;
2028
2029 #ifndef IPPROTO_PIM
2030 #define IPPROTO_PIM 103
2031 #endif
2032
2033 case Q_PIM:
2034 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT);
2035 #ifdef INET6
2036 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT);
2037 gen_or(b0, b1);
2038 #endif
2039 break;
2040
2041 #ifndef IPPROTO_VRRP
2042 #define IPPROTO_VRRP 112
2043 #endif
2044
2045 case Q_VRRP:
2046 b1 = gen_proto(IPPROTO_VRRP, Q_IP, Q_DEFAULT);
2047 break;
2048
2049 case Q_IP:
2050 b1 = gen_linktype(ETHERTYPE_IP);
2051 break;
2052
2053 case Q_ARP:
2054 b1 = gen_linktype(ETHERTYPE_ARP);
2055 break;
2056
2057 case Q_RARP:
2058 b1 = gen_linktype(ETHERTYPE_REVARP);
2059 break;
2060
2061 case Q_LINK:
2062 bpf_error("link layer applied in wrong context");
2063
2064 case Q_ATALK:
2065 b1 = gen_linktype(ETHERTYPE_ATALK);
2066 break;
2067
2068 case Q_AARP:
2069 b1 = gen_linktype(ETHERTYPE_AARP);
2070 break;
2071
2072 case Q_DECNET:
2073 b1 = gen_linktype(ETHERTYPE_DN);
2074 break;
2075
2076 case Q_SCA:
2077 b1 = gen_linktype(ETHERTYPE_SCA);
2078 break;
2079
2080 case Q_LAT:
2081 b1 = gen_linktype(ETHERTYPE_LAT);
2082 break;
2083
2084 case Q_MOPDL:
2085 b1 = gen_linktype(ETHERTYPE_MOPDL);
2086 break;
2087
2088 case Q_MOPRC:
2089 b1 = gen_linktype(ETHERTYPE_MOPRC);
2090 break;
2091
2092 #ifdef INET6
2093 case Q_IPV6:
2094 b1 = gen_linktype(ETHERTYPE_IPV6);
2095 break;
2096
2097 #ifndef IPPROTO_ICMPV6
2098 #define IPPROTO_ICMPV6 58
2099 #endif
2100 case Q_ICMPV6:
2101 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT);
2102 break;
2103 #endif /* INET6 */
2104
2105 #ifndef IPPROTO_AH
2106 #define IPPROTO_AH 51
2107 #endif
2108 case Q_AH:
2109 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT);
2110 #ifdef INET6
2111 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT);
2112 gen_or(b0, b1);
2113 #endif
2114 break;
2115
2116 #ifndef IPPROTO_ESP
2117 #define IPPROTO_ESP 50
2118 #endif
2119 case Q_ESP:
2120 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT);
2121 #ifdef INET6
2122 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT);
2123 gen_or(b0, b1);
2124 #endif
2125 break;
2126
2127 case Q_ISO:
2128 b1 = gen_linktype(LLCSAP_ISONS);
2129 break;
2130
2131 case Q_ESIS:
2132 b1 = gen_proto(ISO9542_ESIS, Q_ISO, Q_DEFAULT);
2133 break;
2134
2135 case Q_ISIS:
2136 b1 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT);
2137 break;
2138
2139 case Q_CLNP:
2140 b1 = gen_proto(ISO8473_CLNP, Q_ISO, Q_DEFAULT);
2141 break;
2142
2143 case Q_STP:
2144 b1 = gen_linktype(LLCSAP_8021D);
2145 break;
2146
2147 case Q_IPX:
2148 b1 = gen_linktype(LLCSAP_IPX);
2149 break;
2150
2151 case Q_NETBEUI:
2152 b1 = gen_linktype(LLCSAP_NETBEUI);
2153 break;
2154
2155 default:
2156 abort();
2157 }
2158 return b1;
2159 }
2160
2161 static struct block *
2162 gen_ipfrag()
2163 {
2164 struct slist *s;
2165 struct block *b;
2166
2167 /* not ip frag */
2168 s = new_stmt(BPF_LD|BPF_H|BPF_ABS);
2169 s->s.k = off_nl + 6;
2170 b = new_block(JMP(BPF_JSET));
2171 b->s.k = 0x1fff;
2172 b->stmts = s;
2173 gen_not(b);
2174
2175 return b;
2176 }
2177
2178 static struct block *
2179 gen_portatom(off, v)
2180 int off;
2181 bpf_int32 v;
2182 {
2183 struct slist *s;
2184 struct block *b;
2185
2186 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
2187 s->s.k = off_nl;
2188
2189 s->next = new_stmt(BPF_LD|BPF_IND|BPF_H);
2190 s->next->s.k = off_nl + off;
2191
2192 b = new_block(JMP(BPF_JEQ));
2193 b->stmts = s;
2194 b->s.k = v;
2195
2196 return b;
2197 }
2198
2199 #ifdef INET6
2200 static struct block *
2201 gen_portatom6(off, v)
2202 int off;
2203 bpf_int32 v;
2204 {
2205 return gen_cmp(off_nl + 40 + off, BPF_H, v);
2206 }
2207 #endif/*INET6*/
2208
2209 struct block *
2210 gen_portop(port, proto, dir)
2211 int port, proto, dir;
2212 {
2213 struct block *b0, *b1, *tmp;
2214
2215 /* ip proto 'proto' */
2216 tmp = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)proto);
2217 b0 = gen_ipfrag();
2218 gen_and(tmp, b0);
2219
2220 switch (dir) {
2221 case Q_SRC:
2222 b1 = gen_portatom(0, (bpf_int32)port);
2223 break;
2224
2225 case Q_DST:
2226 b1 = gen_portatom(2, (bpf_int32)port);
2227 break;
2228
2229 case Q_OR:
2230 case Q_DEFAULT:
2231 tmp = gen_portatom(0, (bpf_int32)port);
2232 b1 = gen_portatom(2, (bpf_int32)port);
2233 gen_or(tmp, b1);
2234 break;
2235
2236 case Q_AND:
2237 tmp = gen_portatom(0, (bpf_int32)port);
2238 b1 = gen_portatom(2, (bpf_int32)port);
2239 gen_and(tmp, b1);
2240 break;
2241
2242 default:
2243 abort();
2244 }
2245 gen_and(b0, b1);
2246
2247 return b1;
2248 }
2249
2250 static struct block *
2251 gen_port(port, ip_proto, dir)
2252 int port;
2253 int ip_proto;
2254 int dir;
2255 {
2256 struct block *b0, *b1, *tmp;
2257
2258 /* ether proto ip */
2259 b0 = gen_linktype(ETHERTYPE_IP);
2260
2261 switch (ip_proto) {
2262 case IPPROTO_UDP:
2263 case IPPROTO_TCP:
2264 case IPPROTO_SCTP:
2265 b1 = gen_portop(port, ip_proto, dir);
2266 break;
2267
2268 case PROTO_UNDEF:
2269 tmp = gen_portop(port, IPPROTO_TCP, dir);
2270 b1 = gen_portop(port, IPPROTO_UDP, dir);
2271 gen_or(tmp, b1);
2272 tmp = gen_portop(port, IPPROTO_SCTP, dir);
2273 gen_or(tmp, b1);
2274 break;
2275
2276 default:
2277 abort();
2278 }
2279 gen_and(b0, b1);
2280 return b1;
2281 }
2282
2283 #ifdef INET6
2284 struct block *
2285 gen_portop6(port, proto, dir)
2286 int port, proto, dir;
2287 {
2288 struct block *b0, *b1, *tmp;
2289
2290 /* ip proto 'proto' */
2291 b0 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)proto);
2292
2293 switch (dir) {
2294 case Q_SRC:
2295 b1 = gen_portatom6(0, (bpf_int32)port);
2296 break;
2297
2298 case Q_DST:
2299 b1 = gen_portatom6(2, (bpf_int32)port);
2300 break;
2301
2302 case Q_OR:
2303 case Q_DEFAULT:
2304 tmp = gen_portatom6(0, (bpf_int32)port);
2305 b1 = gen_portatom6(2, (bpf_int32)port);
2306 gen_or(tmp, b1);
2307 break;
2308
2309 case Q_AND:
2310 tmp = gen_portatom6(0, (bpf_int32)port);
2311 b1 = gen_portatom6(2, (bpf_int32)port);
2312 gen_and(tmp, b1);
2313 break;
2314
2315 default:
2316 abort();
2317 }
2318 gen_and(b0, b1);
2319
2320 return b1;
2321 }
2322
2323 static struct block *
2324 gen_port6(port, ip_proto, dir)
2325 int port;
2326 int ip_proto;
2327 int dir;
2328 {
2329 struct block *b0, *b1, *tmp;
2330
2331 /* ether proto ip */
2332 b0 = gen_linktype(ETHERTYPE_IPV6);
2333
2334 switch (ip_proto) {
2335 case IPPROTO_UDP:
2336 case IPPROTO_TCP:
2337 case IPPROTO_SCTP:
2338 b1 = gen_portop6(port, ip_proto, dir);
2339 break;
2340
2341 case PROTO_UNDEF:
2342 tmp = gen_portop6(port, IPPROTO_TCP, dir);
2343 b1 = gen_portop6(port, IPPROTO_UDP, dir);
2344 gen_or(tmp, b1);
2345 tmp = gen_portop6(port, IPPROTO_SCTP, dir);
2346 gen_or(tmp, b1);
2347 break;
2348
2349 default:
2350 abort();
2351 }
2352 gen_and(b0, b1);
2353 return b1;
2354 }
2355 #endif /* INET6 */
2356
2357 static int
2358 lookup_proto(name, proto)
2359 register const char *name;
2360 register int proto;
2361 {
2362 register int v;
2363
2364 switch (proto) {
2365
2366 case Q_DEFAULT:
2367 case Q_IP:
2368 case Q_IPV6:
2369 v = pcap_nametoproto(name);
2370 if (v == PROTO_UNDEF)
2371 bpf_error("unknown ip proto '%s'", name);
2372 break;
2373
2374 case Q_LINK:
2375 /* XXX should look up h/w protocol type based on linktype */
2376 v = pcap_nametoeproto(name);
2377 if (v == PROTO_UNDEF)
2378 bpf_error("unknown ether proto '%s'", name);
2379 break;
2380
2381 case Q_ISO:
2382 if (strcmp(name, "esis") == 0)
2383 v = ISO9542_ESIS;
2384 else if (strcmp(name, "isis") == 0)
2385 v = ISO10589_ISIS;
2386 else if (strcmp(name, "clnp") == 0)
2387 v = ISO8473_CLNP;
2388 else
2389 bpf_error("unknown osi proto '%s'", name);
2390 break;
2391
2392 default:
2393 v = PROTO_UNDEF;
2394 break;
2395 }
2396 return v;
2397 }
2398
2399 #if 0
2400 struct stmt *
2401 gen_joinsp(s, n)
2402 struct stmt **s;
2403 int n;
2404 {
2405 return NULL;
2406 }
2407 #endif
2408
2409 static struct block *
2410 gen_protochain(v, proto, dir)
2411 int v;
2412 int proto;
2413 int dir;
2414 {
2415 #ifdef NO_PROTOCHAIN
2416 return gen_proto(v, proto, dir);
2417 #else
2418 struct block *b0, *b;
2419 struct slist *s[100];
2420 int fix2, fix3, fix4, fix5;
2421 int ahcheck, again, end;
2422 int i, max;
2423 int reg2 = alloc_reg();
2424
2425 memset(s, 0, sizeof(s));
2426 fix2 = fix3 = fix4 = fix5 = 0;
2427
2428 switch (proto) {
2429 case Q_IP:
2430 case Q_IPV6:
2431 break;
2432 case Q_DEFAULT:
2433 b0 = gen_protochain(v, Q_IP, dir);
2434 b = gen_protochain(v, Q_IPV6, dir);
2435 gen_or(b0, b);
2436 return b;
2437 default:
2438 bpf_error("bad protocol applied for 'protochain'");
2439 /*NOTREACHED*/
2440 }
2441
2442 no_optimize = 1; /*this code is not compatible with optimzer yet */
2443
2444 /*
2445 * s[0] is a dummy entry to protect other BPF insn from damaged
2446 * by s[fix] = foo with uninitialized variable "fix". It is somewhat
2447 * hard to find interdependency made by jump table fixup.
2448 */
2449 i = 0;
2450 s[i] = new_stmt(0); /*dummy*/
2451 i++;
2452
2453 switch (proto) {
2454 case Q_IP:
2455 b0 = gen_linktype(ETHERTYPE_IP);
2456
2457 /* A = ip->ip_p */
2458 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
2459 s[i]->s.k = off_nl + 9;
2460 i++;
2461 /* X = ip->ip_hl << 2 */
2462 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
2463 s[i]->s.k = off_nl;
2464 i++;
2465 break;
2466 #ifdef INET6
2467 case Q_IPV6:
2468 b0 = gen_linktype(ETHERTYPE_IPV6);
2469
2470 /* A = ip6->ip_nxt */
2471 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
2472 s[i]->s.k = off_nl + 6;
2473 i++;
2474 /* X = sizeof(struct ip6_hdr) */
2475 s[i] = new_stmt(BPF_LDX|BPF_IMM);
2476 s[i]->s.k = 40;
2477 i++;
2478 break;
2479 #endif
2480 default:
2481 bpf_error("unsupported proto to gen_protochain");
2482 /*NOTREACHED*/
2483 }
2484
2485 /* again: if (A == v) goto end; else fall through; */
2486 again = i;
2487 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2488 s[i]->s.k = v;
2489 s[i]->s.jt = NULL; /*later*/
2490 s[i]->s.jf = NULL; /*update in next stmt*/
2491 fix5 = i;
2492 i++;
2493
2494 #ifndef IPPROTO_NONE
2495 #define IPPROTO_NONE 59
2496 #endif
2497 /* if (A == IPPROTO_NONE) goto end */
2498 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2499 s[i]->s.jt = NULL; /*later*/
2500 s[i]->s.jf = NULL; /*update in next stmt*/
2501 s[i]->s.k = IPPROTO_NONE;
2502 s[fix5]->s.jf = s[i];
2503 fix2 = i;
2504 i++;
2505
2506 #ifdef INET6
2507 if (proto == Q_IPV6) {
2508 int v6start, v6end, v6advance, j;
2509
2510 v6start = i;
2511 /* if (A == IPPROTO_HOPOPTS) goto v6advance */
2512 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2513 s[i]->s.jt = NULL; /*later*/
2514 s[i]->s.jf = NULL; /*update in next stmt*/
2515 s[i]->s.k = IPPROTO_HOPOPTS;
2516 s[fix2]->s.jf = s[i];
2517 i++;
2518 /* if (A == IPPROTO_DSTOPTS) goto v6advance */
2519 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2520 s[i]->s.jt = NULL; /*later*/
2521 s[i]->s.jf = NULL; /*update in next stmt*/
2522 s[i]->s.k = IPPROTO_DSTOPTS;
2523 i++;
2524 /* if (A == IPPROTO_ROUTING) goto v6advance */
2525 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2526 s[i]->s.jt = NULL; /*later*/
2527 s[i]->s.jf = NULL; /*update in next stmt*/
2528 s[i]->s.k = IPPROTO_ROUTING;
2529 i++;
2530 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */
2531 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2532 s[i]->s.jt = NULL; /*later*/
2533 s[i]->s.jf = NULL; /*later*/
2534 s[i]->s.k = IPPROTO_FRAGMENT;
2535 fix3 = i;
2536 v6end = i;
2537 i++;
2538
2539 /* v6advance: */
2540 v6advance = i;
2541
2542 /*
2543 * in short,
2544 * A = P[X];
2545 * X = X + (P[X + 1] + 1) * 8;
2546 */
2547 /* A = X */
2548 s[i] = new_stmt(BPF_MISC|BPF_TXA);
2549 i++;
2550 /* A = P[X + packet head] */
2551 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2552 s[i]->s.k = off_nl;
2553 i++;
2554 /* MEM[reg2] = A */
2555 s[i] = new_stmt(BPF_ST);
2556 s[i]->s.k = reg2;
2557 i++;
2558 /* A = X */
2559 s[i] = new_stmt(BPF_MISC|BPF_TXA);
2560 i++;
2561 /* A += 1 */
2562 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2563 s[i]->s.k = 1;
2564 i++;
2565 /* X = A */
2566 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2567 i++;
2568 /* A = P[X + packet head]; */
2569 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2570 s[i]->s.k = off_nl;
2571 i++;
2572 /* A += 1 */
2573 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2574 s[i]->s.k = 1;
2575 i++;
2576 /* A *= 8 */
2577 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
2578 s[i]->s.k = 8;
2579 i++;
2580 /* X = A; */
2581 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2582 i++;
2583 /* A = MEM[reg2] */
2584 s[i] = new_stmt(BPF_LD|BPF_MEM);
2585 s[i]->s.k = reg2;
2586 i++;
2587
2588 /* goto again; (must use BPF_JA for backward jump) */
2589 s[i] = new_stmt(BPF_JMP|BPF_JA);
2590 s[i]->s.k = again - i - 1;
2591 s[i - 1]->s.jf = s[i];
2592 i++;
2593
2594 /* fixup */
2595 for (j = v6start; j <= v6end; j++)
2596 s[j]->s.jt = s[v6advance];
2597 } else
2598 #endif
2599 {
2600 /* nop */
2601 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2602 s[i]->s.k = 0;
2603 s[fix2]->s.jf = s[i];
2604 i++;
2605 }
2606
2607 /* ahcheck: */
2608 ahcheck = i;
2609 /* if (A == IPPROTO_AH) then fall through; else goto end; */
2610 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2611 s[i]->s.jt = NULL; /*later*/
2612 s[i]->s.jf = NULL; /*later*/
2613 s[i]->s.k = IPPROTO_AH;
2614 if (fix3)
2615 s[fix3]->s.jf = s[ahcheck];
2616 fix4 = i;
2617 i++;
2618
2619 /*
2620 * in short,
2621 * A = P[X];
2622 * X = X + (P[X + 1] + 2) * 4;
2623 */
2624 /* A = X */
2625 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
2626 i++;
2627 /* A = P[X + packet head]; */
2628 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2629 s[i]->s.k = off_nl;
2630 i++;
2631 /* MEM[reg2] = A */
2632 s[i] = new_stmt(BPF_ST);
2633 s[i]->s.k = reg2;
2634 i++;
2635 /* A = X */
2636 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
2637 i++;
2638 /* A += 1 */
2639 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2640 s[i]->s.k = 1;
2641 i++;
2642 /* X = A */
2643 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2644 i++;
2645 /* A = P[X + packet head] */
2646 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2647 s[i]->s.k = off_nl;
2648 i++;
2649 /* A += 2 */
2650 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2651 s[i]->s.k = 2;
2652 i++;
2653 /* A *= 4 */
2654 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
2655 s[i]->s.k = 4;
2656 i++;
2657 /* X = A; */
2658 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2659 i++;
2660 /* A = MEM[reg2] */
2661 s[i] = new_stmt(BPF_LD|BPF_MEM);
2662 s[i]->s.k = reg2;
2663 i++;
2664
2665 /* goto again; (must use BPF_JA for backward jump) */
2666 s[i] = new_stmt(BPF_JMP|BPF_JA);
2667 s[i]->s.k = again - i - 1;
2668 i++;
2669
2670 /* end: nop */
2671 end = i;
2672 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2673 s[i]->s.k = 0;
2674 s[fix2]->s.jt = s[end];
2675 s[fix4]->s.jf = s[end];
2676 s[fix5]->s.jt = s[end];
2677 i++;
2678
2679 /*
2680 * make slist chain
2681 */
2682 max = i;
2683 for (i = 0; i < max - 1; i++)
2684 s[i]->next = s[i + 1];
2685 s[max - 1]->next = NULL;
2686
2687 /*
2688 * emit final check
2689 */
2690 b = new_block(JMP(BPF_JEQ));
2691 b->stmts = s[1]; /*remember, s[0] is dummy*/
2692 b->s.k = v;
2693
2694 free_reg(reg2);
2695
2696 gen_and(b0, b);
2697 return b;
2698 #endif
2699 }
2700
2701 static struct block *
2702 gen_proto(v, proto, dir)
2703 int v;
2704 int proto;
2705 int dir;
2706 {
2707 struct block *b0, *b1;
2708
2709 if (dir != Q_DEFAULT)
2710 bpf_error("direction applied to 'proto'");
2711
2712 switch (proto) {
2713 case Q_DEFAULT:
2714 #ifdef INET6
2715 b0 = gen_proto(v, Q_IP, dir);
2716 b1 = gen_proto(v, Q_IPV6, dir);
2717 gen_or(b0, b1);
2718 return b1;
2719 #else
2720 /*FALLTHROUGH*/
2721 #endif
2722 case Q_IP:
2723 b0 = gen_linktype(ETHERTYPE_IP);
2724 #ifndef CHASE_CHAIN
2725 b1 = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)v);
2726 #else
2727 b1 = gen_protochain(v, Q_IP);
2728 #endif
2729 gen_and(b0, b1);
2730 return b1;
2731
2732 case Q_ISO:
2733 b0 = gen_linktype(LLCSAP_ISONS);
2734 b1 = gen_cmp(off_nl + 3, BPF_B, (long)v);
2735 gen_and(b0, b1);
2736 return b1;
2737
2738 case Q_ARP:
2739 bpf_error("arp does not encapsulate another protocol");
2740 /* NOTREACHED */
2741
2742 case Q_RARP:
2743 bpf_error("rarp does not encapsulate another protocol");
2744 /* NOTREACHED */
2745
2746 case Q_ATALK:
2747 bpf_error("atalk encapsulation is not specifiable");
2748 /* NOTREACHED */
2749
2750 case Q_DECNET:
2751 bpf_error("decnet encapsulation is not specifiable");
2752 /* NOTREACHED */
2753
2754 case Q_SCA:
2755 bpf_error("sca does not encapsulate another protocol");
2756 /* NOTREACHED */
2757
2758 case Q_LAT:
2759 bpf_error("lat does not encapsulate another protocol");
2760 /* NOTREACHED */
2761
2762 case Q_MOPRC:
2763 bpf_error("moprc does not encapsulate another protocol");
2764 /* NOTREACHED */
2765
2766 case Q_MOPDL:
2767 bpf_error("mopdl does not encapsulate another protocol");
2768 /* NOTREACHED */
2769
2770 case Q_LINK:
2771 return gen_linktype(v);
2772
2773 case Q_UDP:
2774 bpf_error("'udp proto' is bogus");
2775 /* NOTREACHED */
2776
2777 case Q_TCP:
2778 bpf_error("'tcp proto' is bogus");
2779 /* NOTREACHED */
2780
2781 case Q_SCTP:
2782 bpf_error("'sctp proto' is bogus");
2783 /* NOTREACHED */
2784
2785 case Q_ICMP:
2786 bpf_error("'icmp proto' is bogus");
2787 /* NOTREACHED */
2788
2789 case Q_IGMP:
2790 bpf_error("'igmp proto' is bogus");
2791 /* NOTREACHED */
2792
2793 case Q_IGRP:
2794 bpf_error("'igrp proto' is bogus");
2795 /* NOTREACHED */
2796
2797 case Q_PIM:
2798 bpf_error("'pim proto' is bogus");
2799 /* NOTREACHED */
2800
2801 case Q_VRRP:
2802 bpf_error("'vrrp proto' is bogus");
2803 /* NOTREACHED */
2804
2805 #ifdef INET6
2806 case Q_IPV6:
2807 b0 = gen_linktype(ETHERTYPE_IPV6);
2808 #ifndef CHASE_CHAIN
2809 b1 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)v);
2810 #else
2811 b1 = gen_protochain(v, Q_IPV6);
2812 #endif
2813 gen_and(b0, b1);
2814 return b1;
2815
2816 case Q_ICMPV6:
2817 bpf_error("'icmp6 proto' is bogus");
2818 #endif /* INET6 */
2819
2820 case Q_AH:
2821 bpf_error("'ah proto' is bogus");
2822
2823 case Q_ESP:
2824 bpf_error("'ah proto' is bogus");
2825
2826 case Q_STP:
2827 bpf_error("'stp proto' is bogus");
2828
2829 case Q_IPX:
2830 bpf_error("'ipx proto' is bogus");
2831
2832 case Q_NETBEUI:
2833 bpf_error("'netbeui proto' is bogus");
2834
2835 default:
2836 abort();
2837 /* NOTREACHED */
2838 }
2839 /* NOTREACHED */
2840 }
2841
2842 struct block *
2843 gen_scode(name, q)
2844 register const char *name;
2845 struct qual q;
2846 {
2847 int proto = q.proto;
2848 int dir = q.dir;
2849 int tproto;
2850 u_char *eaddr;
2851 bpf_u_int32 mask, addr;
2852 #ifndef INET6
2853 bpf_u_int32 **alist;
2854 #else
2855 int tproto6;
2856 struct sockaddr_in *sin;
2857 struct sockaddr_in6 *sin6;
2858 struct addrinfo *res, *res0;
2859 struct in6_addr mask128;
2860 #endif /*INET6*/
2861 struct block *b, *tmp;
2862 int port, real_proto;
2863
2864 switch (q.addr) {
2865
2866 case Q_NET:
2867 addr = pcap_nametonetaddr(name);
2868 if (addr == 0)
2869 bpf_error("unknown network '%s'", name);
2870 /* Left justify network addr and calculate its network mask */
2871 mask = 0xffffffff;
2872 while (addr && (addr & 0xff000000) == 0) {
2873 addr <<= 8;
2874 mask <<= 8;
2875 }
2876 return gen_host(addr, mask, proto, dir);
2877
2878 case Q_DEFAULT:
2879 case Q_HOST:
2880 if (proto == Q_LINK) {
2881 switch (linktype) {
2882
2883 case DLT_EN10MB:
2884 eaddr = pcap_ether_hostton(name);
2885 if (eaddr == NULL)
2886 bpf_error(
2887 "unknown ether host '%s'", name);
2888 return gen_ehostop(eaddr, dir);
2889
2890 case DLT_FDDI:
2891 eaddr = pcap_ether_hostton(name);
2892 if (eaddr == NULL)
2893 bpf_error(
2894 "unknown FDDI host '%s'", name);
2895 return gen_fhostop(eaddr, dir);
2896
2897 case DLT_IEEE802:
2898 eaddr = pcap_ether_hostton(name);
2899 if (eaddr == NULL)
2900 bpf_error(
2901 "unknown token ring host '%s'", name);
2902 return gen_thostop(eaddr, dir);
2903
2904 default:
2905 bpf_error(
2906 "only ethernet/FDDI/token ring supports link-level host name");
2907 break;
2908 }
2909 } else if (proto == Q_DECNET) {
2910 unsigned short dn_addr = __pcap_nametodnaddr(name);
2911 /*
2912 * I don't think DECNET hosts can be multihomed, so
2913 * there is no need to build up a list of addresses
2914 */
2915 return (gen_host(dn_addr, 0, proto, dir));
2916 } else {
2917 #ifndef INET6
2918 alist = pcap_nametoaddr(name);
2919 if (alist == NULL || *alist == NULL)
2920 bpf_error("unknown host '%s'", name);
2921 tproto = proto;
2922 if (off_linktype == -1 && tproto == Q_DEFAULT)
2923 tproto = Q_IP;
2924 b = gen_host(**alist++, 0xffffffff, tproto, dir);
2925 while (*alist) {
2926 tmp = gen_host(**alist++, 0xffffffff,
2927 tproto, dir);
2928 gen_or(b, tmp);
2929 b = tmp;
2930 }
2931 return b;
2932 #else
2933 memset(&mask128, 0xff, sizeof(mask128));
2934 res0 = res = pcap_nametoaddrinfo(name);
2935 if (res == NULL)
2936 bpf_error("unknown host '%s'", name);
2937 b = tmp = NULL;
2938 tproto = tproto6 = proto;
2939 if (off_linktype == -1 && tproto == Q_DEFAULT) {
2940 tproto = Q_IP;
2941 tproto6 = Q_IPV6;
2942 }
2943 for (res = res0; res; res = res->ai_next) {
2944 switch (res->ai_family) {
2945 case AF_INET:
2946 if (tproto == Q_IPV6)
2947 continue;
2948
2949 sin = (struct sockaddr_in *)
2950 res->ai_addr;
2951 tmp = gen_host(ntohl(sin->sin_addr.s_addr),
2952 0xffffffff, tproto, dir);
2953 break;
2954 case AF_INET6:
2955 if (tproto6 == Q_IP)
2956 continue;
2957
2958 sin6 = (struct sockaddr_in6 *)
2959 res->ai_addr;
2960 tmp = gen_host6(&sin6->sin6_addr,
2961 &mask128, tproto6, dir);
2962 break;
2963 default:
2964 continue;
2965 }
2966 if (b)
2967 gen_or(b, tmp);
2968 b = tmp;
2969 }
2970 freeaddrinfo(res0);
2971 if (b == NULL) {
2972 bpf_error("unknown host '%s'%s", name,
2973 (proto == Q_DEFAULT)
2974 ? ""
2975 : " for specified address family");
2976 }
2977 return b;
2978 #endif /*INET6*/
2979 }
2980
2981 case Q_PORT:
2982 if (proto != Q_DEFAULT &&
2983 proto != Q_UDP && proto != Q_TCP && proto != Q_SCTP)
2984 bpf_error("illegal qualifier of 'port'");
2985 if (pcap_nametoport(name, &port, &real_proto) == 0)
2986 bpf_error("unknown port '%s'", name);
2987 if (proto == Q_UDP) {
2988 if (real_proto == IPPROTO_TCP)
2989 bpf_error("port '%s' is tcp", name);
2990 else if (real_proto == IPPROTO_SCTP)
2991 bpf_error("port '%s' is sctp", name);
2992 else
2993 /* override PROTO_UNDEF */
2994 real_proto = IPPROTO_UDP;
2995 }
2996 if (proto == Q_TCP) {
2997 if (real_proto == IPPROTO_UDP)
2998 bpf_error("port '%s' is udp", name);
2999
3000 else if (real_proto == IPPROTO_SCTP)
3001 bpf_error("port '%s' is sctp", name);
3002 else
3003 /* override PROTO_UNDEF */
3004 real_proto = IPPROTO_TCP;
3005 }
3006 if (proto == Q_SCTP) {
3007 if (real_proto == IPPROTO_UDP)
3008 bpf_error("port '%s' is udp", name);
3009
3010 else if (real_proto == IPPROTO_TCP)
3011 bpf_error("port '%s' is tcp", name);
3012 else
3013 /* override PROTO_UNDEF */
3014 real_proto = IPPROTO_SCTP;
3015 }
3016 #ifndef INET6
3017 return gen_port(port, real_proto, dir);
3018 #else
3019 {
3020 struct block *b;
3021 b = gen_port(port, real_proto, dir);
3022 gen_or(gen_port6(port, real_proto, dir), b);
3023 return b;
3024 }
3025 #endif /* INET6 */
3026
3027 case Q_GATEWAY:
3028 #ifndef INET6
3029 eaddr = pcap_ether_hostton(name);
3030 if (eaddr == NULL)
3031 bpf_error("unknown ether host: %s", name);
3032
3033 alist = pcap_nametoaddr(name);
3034 if (alist == NULL || *alist == NULL)
3035 bpf_error("unknown host '%s'", name);
3036 return gen_gateway(eaddr, alist, proto, dir);
3037 #else
3038 bpf_error("'gateway' not supported in this configuration");
3039 #endif /*INET6*/
3040
3041 case Q_PROTO:
3042 real_proto = lookup_proto(name, proto);
3043 if (real_proto >= 0)
3044 return gen_proto(real_proto, proto, dir);
3045 else
3046 bpf_error("unknown protocol: %s", name);
3047
3048 case Q_PROTOCHAIN:
3049 real_proto = lookup_proto(name, proto);
3050 if (real_proto >= 0)
3051 return gen_protochain(real_proto, proto, dir);
3052 else
3053 bpf_error("unknown protocol: %s", name);
3054
3055
3056 case Q_UNDEF:
3057 syntax();
3058 /* NOTREACHED */
3059 }
3060 abort();
3061 /* NOTREACHED */
3062 }
3063
3064 struct block *
3065 gen_mcode(s1, s2, masklen, q)
3066 register const char *s1, *s2;
3067 register int masklen;
3068 struct qual q;
3069 {
3070 register int nlen, mlen;
3071 bpf_u_int32 n, m;
3072
3073 nlen = __pcap_atoin(s1, &n);
3074 /* Promote short ipaddr */
3075 n <<= 32 - nlen;
3076
3077 if (s2 != NULL) {
3078 mlen = __pcap_atoin(s2, &m);
3079 /* Promote short ipaddr */
3080 m <<= 32 - mlen;
3081 if ((n & ~m) != 0)
3082 bpf_error("non-network bits set in \"%s mask %s\"",
3083 s1, s2);
3084 } else {
3085 /* Convert mask len to mask */
3086 if (masklen > 32)
3087 bpf_error("mask length must be <= 32");
3088 m = 0xffffffff << (32 - masklen);
3089 if ((n & ~m) != 0)
3090 bpf_error("non-network bits set in \"%s/%d\"",
3091 s1, masklen);
3092 }
3093
3094 switch (q.addr) {
3095
3096 case Q_NET:
3097 return gen_host(n, m, q.proto, q.dir);
3098
3099 default:
3100 bpf_error("Mask syntax for networks only");
3101 /* NOTREACHED */
3102 }
3103 }
3104
3105 struct block *
3106 gen_ncode(s, v, q)
3107 register const char *s;
3108 bpf_u_int32 v;
3109 struct qual q;
3110 {
3111 bpf_u_int32 mask;
3112 int proto = q.proto;
3113 int dir = q.dir;
3114 register int vlen;
3115
3116 if (s == NULL)
3117 vlen = 32;
3118 else if (q.proto == Q_DECNET)
3119 vlen = __pcap_atodn(s, &v);
3120 else
3121 vlen = __pcap_atoin(s, &v);
3122
3123 switch (q.addr) {
3124
3125 case Q_DEFAULT:
3126 case Q_HOST:
3127 case Q_NET:
3128 if (proto == Q_DECNET)
3129 return gen_host(v, 0, proto, dir);
3130 else if (proto == Q_LINK) {
3131 bpf_error("illegal link layer address");
3132 } else {
3133 mask = 0xffffffff;
3134 if (s == NULL && q.addr == Q_NET) {
3135 /* Promote short net number */
3136 while (v && (v & 0xff000000) == 0) {
3137 v <<= 8;
3138 mask <<= 8;
3139 }
3140 } else {
3141 /* Promote short ipaddr */
3142 v <<= 32 - vlen;
3143 mask <<= 32 - vlen;
3144 }
3145 return gen_host(v, mask, proto, dir);
3146 }
3147
3148 case Q_PORT:
3149 if (proto == Q_UDP)
3150 proto = IPPROTO_UDP;
3151 else if (proto == Q_TCP)
3152 proto = IPPROTO_TCP;
3153 else if (proto == Q_SCTP)
3154 proto = IPPROTO_SCTP;
3155 else if (proto == Q_DEFAULT)
3156 proto = PROTO_UNDEF;
3157 else
3158 bpf_error("illegal qualifier of 'port'");
3159
3160 #ifndef INET6
3161 return gen_port((int)v, proto, dir);
3162 #else
3163 {
3164 struct block *b;
3165 b = gen_port((int)v, proto, dir);
3166 gen_or(gen_port6((int)v, proto, dir), b);
3167 return b;
3168 }
3169 #endif /* INET6 */
3170
3171 case Q_GATEWAY:
3172 bpf_error("'gateway' requires a name");
3173 /* NOTREACHED */
3174
3175 case Q_PROTO:
3176 return gen_proto((int)v, proto, dir);
3177
3178 case Q_PROTOCHAIN:
3179 return gen_protochain((int)v, proto, dir);
3180
3181 case Q_UNDEF:
3182 syntax();
3183 /* NOTREACHED */
3184
3185 default:
3186 abort();
3187 /* NOTREACHED */
3188 }
3189 /* NOTREACHED */
3190 }
3191
3192 #ifdef INET6
3193 struct block *
3194 gen_mcode6(s1, s2, masklen, q)
3195 register const char *s1, *s2;
3196 register int masklen;
3197 struct qual q;
3198 {
3199 struct addrinfo *res;
3200 struct in6_addr *addr;
3201 struct in6_addr mask;
3202 struct block *b;
3203 u_int32_t *a, *m;
3204
3205 if (s2)
3206 bpf_error("no mask %s supported", s2);
3207
3208 res = pcap_nametoaddrinfo(s1);
3209 if (!res)
3210 bpf_error("invalid ip6 address %s", s1);
3211 if (res->ai_next)
3212 bpf_error("%s resolved to multiple address", s1);
3213 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr;
3214
3215 if (sizeof(mask) * 8 < masklen)
3216 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8));
3217 memset(&mask, 0xff, masklen / 8);
3218 if (masklen % 8) {
3219 mask.s6_addr[masklen / 8] =
3220 (0xff << (8 - masklen % 8)) & 0xff;
3221 }
3222
3223 a = (u_int32_t *)addr;
3224 m = (u_int32_t *)&mask;
3225 if ((a[0] & ~m[0]) || (a[1] & ~m[1])
3226 || (a[2] & ~m[2]) || (a[3] & ~m[3])) {
3227 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen);
3228 }
3229
3230 switch (q.addr) {
3231
3232 case Q_DEFAULT:
3233 case Q_HOST:
3234 if (masklen != 128)
3235 bpf_error("Mask syntax for networks only");
3236 /* FALLTHROUGH */
3237
3238 case Q_NET:
3239 b = gen_host6(addr, &mask, q.proto, q.dir);
3240 freeaddrinfo(res);
3241 return b;
3242
3243 default:
3244 bpf_error("invalid qualifier against IPv6 address");
3245 /* NOTREACHED */
3246 }
3247 }
3248 #endif /*INET6*/
3249
3250 struct block *
3251 gen_ecode(eaddr, q)
3252 register const u_char *eaddr;
3253 struct qual q;
3254 {
3255 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
3256 if (linktype == DLT_EN10MB)
3257 return gen_ehostop(eaddr, (int)q.dir);
3258 if (linktype == DLT_FDDI)
3259 return gen_fhostop(eaddr, (int)q.dir);
3260 if (linktype == DLT_IEEE802)
3261 return gen_thostop(eaddr, (int)q.dir);
3262 bpf_error("ethernet addresses supported only on ethernet, FDDI or token ring");
3263 }
3264 bpf_error("ethernet address used in non-ether expression");
3265 /* NOTREACHED */
3266 }
3267
3268 void
3269 sappend(s0, s1)
3270 struct slist *s0, *s1;
3271 {
3272 /*
3273 * This is definitely not the best way to do this, but the
3274 * lists will rarely get long.
3275 */
3276 while (s0->next)
3277 s0 = s0->next;
3278 s0->next = s1;
3279 }
3280
3281 static struct slist *
3282 xfer_to_x(a)
3283 struct arth *a;
3284 {
3285 struct slist *s;
3286
3287 s = new_stmt(BPF_LDX|BPF_MEM);
3288 s->s.k = a->regno;
3289 return s;
3290 }
3291
3292 static struct slist *
3293 xfer_to_a(a)
3294 struct arth *a;
3295 {
3296 struct slist *s;
3297
3298 s = new_stmt(BPF_LD|BPF_MEM);
3299 s->s.k = a->regno;
3300 return s;
3301 }
3302
3303 struct arth *
3304 gen_load(proto, index, size)
3305 int proto;
3306 struct arth *index;
3307 int size;
3308 {
3309 struct slist *s, *tmp;
3310 struct block *b;
3311 int regno = alloc_reg();
3312
3313 free_reg(index->regno);
3314 switch (size) {
3315
3316 default:
3317 bpf_error("data size must be 1, 2, or 4");
3318
3319 case 1:
3320 size = BPF_B;
3321 break;
3322
3323 case 2:
3324 size = BPF_H;
3325 break;
3326
3327 case 4:
3328 size = BPF_W;
3329 break;
3330 }
3331 switch (proto) {
3332 default:
3333 bpf_error("unsupported index operation");
3334
3335 case Q_LINK:
3336 s = xfer_to_x(index);
3337 tmp = new_stmt(BPF_LD|BPF_IND|size);
3338 sappend(s, tmp);
3339 sappend(index->s, s);
3340 break;
3341
3342 case Q_IP:
3343 case Q_ARP:
3344 case Q_RARP:
3345 case Q_ATALK:
3346 case Q_DECNET:
3347 case Q_SCA:
3348 case Q_LAT:
3349 case Q_MOPRC:
3350 case Q_MOPDL:
3351 #ifdef INET6
3352 case Q_IPV6:
3353 #endif
3354 /* XXX Note that we assume a fixed link header here. */
3355 s = xfer_to_x(index);
3356 tmp = new_stmt(BPF_LD|BPF_IND|size);
3357 tmp->s.k = off_nl;
3358 sappend(s, tmp);
3359 sappend(index->s, s);
3360
3361 b = gen_proto_abbrev(proto);
3362 if (index->b)
3363 gen_and(index->b, b);
3364 index->b = b;
3365 break;
3366
3367 case Q_SCTP:
3368 case Q_TCP:
3369 case Q_UDP:
3370 case Q_ICMP:
3371 case Q_IGMP:
3372 case Q_IGRP:
3373 case Q_PIM:
3374 case Q_VRRP:
3375 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
3376 s->s.k = off_nl;
3377 sappend(s, xfer_to_a(index));
3378 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X));
3379 sappend(s, new_stmt(BPF_MISC|BPF_TAX));
3380 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size));
3381 tmp->s.k = off_nl;
3382 sappend(index->s, s);
3383
3384 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag());
3385 if (index->b)
3386 gen_and(index->b, b);
3387 #ifdef INET6
3388 gen_and(gen_proto_abbrev(Q_IP), b);
3389 #endif
3390 index->b = b;
3391 break;
3392 #ifdef INET6
3393 case Q_ICMPV6:
3394 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]");
3395 /*NOTREACHED*/
3396 #endif
3397 }
3398 index->regno = regno;
3399 s = new_stmt(BPF_ST);
3400 s->s.k = regno;
3401 sappend(index->s, s);
3402
3403 return index;
3404 }
3405
3406 struct block *
3407 gen_relation(code, a0, a1, reversed)
3408 int code;
3409 struct arth *a0, *a1;
3410 int reversed;
3411 {
3412 struct slist *s0, *s1, *s2;
3413 struct block *b, *tmp;
3414
3415 s0 = xfer_to_x(a1);
3416 s1 = xfer_to_a(a0);
3417 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X);
3418 b = new_block(JMP(code));
3419 if (code == BPF_JGT || code == BPF_JGE) {
3420 reversed = !reversed;
3421 b->s.k = 0x80000000;
3422 }
3423 if (reversed)
3424 gen_not(b);
3425
3426 sappend(s1, s2);
3427 sappend(s0, s1);
3428 sappend(a1->s, s0);
3429 sappend(a0->s, a1->s);
3430
3431 b->stmts = a0->s;
3432
3433 free_reg(a0->regno);
3434 free_reg(a1->regno);
3435
3436 /* 'and' together protocol checks */
3437 if (a0->b) {
3438 if (a1->b) {
3439 gen_and(a0->b, tmp = a1->b);
3440 }
3441 else
3442 tmp = a0->b;
3443 } else
3444 tmp = a1->b;
3445
3446 if (tmp)
3447 gen_and(tmp, b);
3448
3449 return b;
3450 }
3451
3452 struct arth *
3453 gen_loadlen()
3454 {
3455 int regno = alloc_reg();
3456 struct arth *a = (struct arth *)newchunk(sizeof(*a));
3457 struct slist *s;
3458
3459 s = new_stmt(BPF_LD|BPF_LEN);
3460 s->next = new_stmt(BPF_ST);
3461 s->next->s.k = regno;
3462 a->s = s;
3463 a->regno = regno;
3464
3465 return a;
3466 }
3467
3468 struct arth *
3469 gen_loadi(val)
3470 int val;
3471 {
3472 struct arth *a;
3473 struct slist *s;
3474 int reg;
3475
3476 a = (struct arth *)newchunk(sizeof(*a));
3477
3478 reg = alloc_reg();
3479
3480 s = new_stmt(BPF_LD|BPF_IMM);
3481 s->s.k = val;
3482 s->next = new_stmt(BPF_ST);
3483 s->next->s.k = reg;
3484 a->s = s;
3485 a->regno = reg;
3486
3487 return a;
3488 }
3489
3490 struct arth *
3491 gen_neg(a)
3492 struct arth *a;
3493 {
3494 struct slist *s;
3495
3496 s = xfer_to_a(a);
3497 sappend(a->s, s);
3498 s = new_stmt(BPF_ALU|BPF_NEG);
3499 s->s.k = 0;
3500 sappend(a->s, s);
3501 s = new_stmt(BPF_ST);
3502 s->s.k = a->regno;
3503 sappend(a->s, s);
3504
3505 return a;
3506 }
3507
3508 struct arth *
3509 gen_arth(code, a0, a1)
3510 int code;
3511 struct arth *a0, *a1;
3512 {
3513 struct slist *s0, *s1, *s2;
3514
3515 s0 = xfer_to_x(a1);
3516 s1 = xfer_to_a(a0);
3517 s2 = new_stmt(BPF_ALU|BPF_X|code);
3518
3519 sappend(s1, s2);
3520 sappend(s0, s1);
3521 sappend(a1->s, s0);
3522 sappend(a0->s, a1->s);
3523
3524 free_reg(a1->regno);
3525
3526 s0 = new_stmt(BPF_ST);
3527 a0->regno = s0->s.k = alloc_reg();
3528 sappend(a0->s, s0);
3529
3530 return a0;
3531 }
3532
3533 /*
3534 * Here we handle simple allocation of the scratch registers.
3535 * If too many registers are alloc'd, the allocator punts.
3536 */
3537 static int regused[BPF_MEMWORDS];
3538 static int curreg;
3539
3540 /*
3541 * Return the next free register.
3542 */
3543 static int
3544 alloc_reg()
3545 {
3546 int n = BPF_MEMWORDS;
3547
3548 while (--n >= 0) {
3549 if (regused[curreg])
3550 curreg = (curreg + 1) % BPF_MEMWORDS;
3551 else {
3552 regused[curreg] = 1;
3553 return curreg;
3554 }
3555 }
3556 bpf_error("too many registers needed to evaluate expression");
3557 /* NOTREACHED */
3558 }
3559
3560 /*
3561 * Return a register to the table so it can
3562 * be used later.
3563 */
3564 static void
3565 free_reg(n)
3566 int n;
3567 {
3568 regused[n] = 0;
3569 }
3570
3571 static struct block *
3572 gen_len(jmp, n)
3573 int jmp, n;
3574 {
3575 struct slist *s;
3576 struct block *b;
3577
3578 s = new_stmt(BPF_LD|BPF_LEN);
3579 b = new_block(JMP(jmp));
3580 b->stmts = s;
3581 b->s.k = n;
3582
3583 return b;
3584 }
3585
3586 struct block *
3587 gen_greater(n)
3588 int n;
3589 {
3590 return gen_len(BPF_JGE, n);
3591 }
3592
3593 /*
3594 * Actually, this is less than or equal.
3595 */
3596 struct block *
3597 gen_less(n)
3598 int n;
3599 {
3600 struct block *b;
3601
3602 b = gen_len(BPF_JGT, n);
3603 gen_not(b);
3604
3605 return b;
3606 }
3607
3608 struct block *
3609 gen_byteop(op, idx, val)
3610 int op, idx, val;
3611 {
3612 struct block *b;
3613 struct slist *s;
3614
3615 switch (op) {
3616 default:
3617 abort();
3618
3619 case '=':
3620 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
3621
3622 case '<':
3623 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
3624 b->s.code = JMP(BPF_JGE);
3625 gen_not(b);
3626 return b;
3627
3628 case '>':
3629 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
3630 b->s.code = JMP(BPF_JGT);
3631 return b;
3632
3633 case '|':
3634 s = new_stmt(BPF_ALU|BPF_OR|BPF_K);
3635 break;
3636
3637 case '&':
3638 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
3639 break;
3640 }
3641 s->s.k = val;
3642 b = new_block(JMP(BPF_JEQ));
3643 b->stmts = s;
3644 gen_not(b);
3645
3646 return b;
3647 }
3648
3649 static u_char abroadcast[] = { 0x0 };
3650
3651 struct block *
3652 gen_broadcast(proto)
3653 int proto;
3654 {
3655 bpf_u_int32 hostmask;
3656 struct block *b0, *b1, *b2;
3657 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
3658
3659 switch (proto) {
3660
3661 case Q_DEFAULT:
3662 case Q_LINK:
3663 if (linktype == DLT_ARCNET)
3664 return gen_ahostop(abroadcast, Q_DST);
3665 if (linktype == DLT_EN10MB)
3666 return gen_ehostop(ebroadcast, Q_DST);
3667 if (linktype == DLT_FDDI)
3668 return gen_fhostop(ebroadcast, Q_DST);
3669 if (linktype == DLT_IEEE802)
3670 return gen_thostop(ebroadcast, Q_DST);
3671 bpf_error("not a broadcast link");
3672 break;
3673
3674 case Q_IP:
3675 b0 = gen_linktype(ETHERTYPE_IP);
3676 hostmask = ~netmask;
3677 b1 = gen_mcmp(off_nl + 16, BPF_W, (bpf_int32)0, hostmask);
3678 b2 = gen_mcmp(off_nl + 16, BPF_W,
3679 (bpf_int32)(~0 & hostmask), hostmask);
3680 gen_or(b1, b2);
3681 gen_and(b0, b2);
3682 return b2;
3683 }
3684 bpf_error("only ether/ip broadcast filters supported");
3685 }
3686
3687 struct block *
3688 gen_multicast(proto)
3689 int proto;
3690 {
3691 register struct block *b0, *b1;
3692 register struct slist *s;
3693
3694 switch (proto) {
3695
3696 case Q_DEFAULT:
3697 case Q_LINK:
3698 if (linktype == DLT_ARCNET)
3699 /* all ARCnet multicasts use the same address */
3700 return gen_ahostop(abroadcast, Q_DST);
3701
3702 if (linktype == DLT_EN10MB) {
3703 /* ether[0] & 1 != 0 */
3704 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
3705 s->s.k = 0;
3706 b0 = new_block(JMP(BPF_JSET));
3707 b0->s.k = 1;
3708 b0->stmts = s;
3709 return b0;
3710 }
3711
3712 if (linktype == DLT_FDDI) {
3713 /* XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX */
3714 /* fddi[1] & 1 != 0 */
3715 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
3716 s->s.k = 1;
3717 b0 = new_block(JMP(BPF_JSET));
3718 b0->s.k = 1;
3719 b0->stmts = s;
3720 return b0;
3721 }
3722
3723 /* TODO - check how token ring handles multicast */
3724 /* if (linktype == DLT_IEEE802) ... */
3725
3726 /* Link not known to support multicasts */
3727 break;
3728
3729 case Q_IP:
3730 b0 = gen_linktype(ETHERTYPE_IP);
3731 b1 = gen_cmp(off_nl + 16, BPF_B, (bpf_int32)224);
3732 b1->s.code = JMP(BPF_JGE);
3733 gen_and(b0, b1);
3734 return b1;
3735
3736 #ifdef INET6
3737 case Q_IPV6:
3738 b0 = gen_linktype(ETHERTYPE_IPV6);
3739 b1 = gen_cmp(off_nl + 24, BPF_B, (bpf_int32)255);
3740 gen_and(b0, b1);
3741 return b1;
3742 #endif /* INET6 */
3743 }
3744 bpf_error("only IP multicast filters supported on ethernet/FDDI");
3745 }
3746
3747 /*
3748 * generate command for inbound/outbound. It's here so we can
3749 * make it link-type specific. 'dir' = 0 implies "inbound",
3750 * = 1 implies "outbound".
3751 */
3752 struct block *
3753 gen_inbound(dir)
3754 int dir;
3755 {
3756 register struct block *b0;
3757
3758 /*
3759 * Only some data link types support inbound/outbound qualifiers.
3760 */
3761 switch (linktype) {
3762 case DLT_SLIP:
3763 case DLT_PPP:
3764 b0 = gen_relation(BPF_JEQ,
3765 gen_load(Q_LINK, gen_loadi(0), 1),
3766 gen_loadi(0),
3767 dir);
3768 break;
3769
3770 default:
3771 bpf_error("inbound/outbound not supported on linktype %d\n",
3772 linktype);
3773 b0 = NULL;
3774 /* NOTREACHED */
3775 }
3776 return (b0);
3777 }
3778
3779 struct block *
3780 gen_acode(eaddr, q)
3781 register const u_char *eaddr;
3782 struct qual q;
3783 {
3784 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
3785 if (linktype == DLT_ARCNET)
3786 return gen_ahostop(eaddr, (int)q.dir);
3787 }
3788 bpf_error("ARCnet address used in non-arc expression");
3789 /* NOTREACHED */
3790 }
3791
3792 static struct block *
3793 gen_ahostop(eaddr, dir)
3794 register const u_char *eaddr;
3795 register int dir;
3796 {
3797 register struct block *b0, *b1;
3798
3799 switch (dir) {
3800 /* src comes first, different from Ethernet */
3801 case Q_SRC:
3802 return gen_bcmp(0, 1, eaddr);
3803
3804 case Q_DST:
3805 return gen_bcmp(1, 1, eaddr);
3806
3807 case Q_AND:
3808 b0 = gen_ahostop(eaddr, Q_SRC);
3809 b1 = gen_ahostop(eaddr, Q_DST);
3810 gen_and(b0, b1);
3811 return b1;
3812
3813 case Q_DEFAULT:
3814 case Q_OR:
3815 b0 = gen_ahostop(eaddr, Q_SRC);
3816 b1 = gen_ahostop(eaddr, Q_DST);
3817 gen_or(b0, b1);
3818 return b1;
3819 }
3820 abort();
3821 /* NOTREACHED */
3822 }
3823
3824 /*
3825 * support IEEE 802.1Q VLAN trunk over ethernet
3826 */
3827 struct block *
3828 gen_vlan(vlan_num)
3829 int vlan_num;
3830 {
3831 static u_int orig_linktype = -1, orig_nl = -1;
3832 struct block *b0;
3833
3834 /*
3835 * Change the offsets to point to the type and data fields within
3836 * the VLAN packet. This is somewhat of a kludge.
3837 */
3838 if (orig_nl == (u_int)-1) {
3839 orig_linktype = off_linktype; /* save original values */
3840 orig_nl = off_nl;
3841
3842 switch (linktype) {
3843
3844 case DLT_EN10MB:
3845 off_linktype = 16;
3846 off_nl = 18;
3847 break;
3848
3849 default:
3850 bpf_error("no VLAN support for data link type %d",
3851 linktype);
3852 /*NOTREACHED*/
3853 }
3854 }
3855
3856 /* check for VLAN */
3857 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q);
3858
3859 /* If a specific VLAN is requested, check VLAN id */
3860 if (vlan_num >= 0) {
3861 struct block *b1;
3862
3863 b1 = gen_cmp(orig_nl, BPF_H, (bpf_int32)vlan_num);
3864 gen_and(b0, b1);
3865 b0 = b1;
3866 }
3867
3868 return (b0);
3869 }
[mirror] the LIBpcap interface to various kernel packet capture mechanism