]> The Tcpdump Group git mirrors - libpcap/blob - gencode.c
projects / libpcap / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Add "ipx", which checks for the LLC SAP for IPX as well as, on Ethernet,
[libpcap] / gencode.c
1 /*#define CHASE_CHAIN*/
2 /*
3 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998
4 * The Regents of the University of California. All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that: (1) source code distributions
8 * retain the above copyright notice and this paragraph in its entirety, (2)
9 * distributions including binary code include the above copyright notice and
10 * this paragraph in its entirety in the documentation or other materials
11 * provided with the distribution, and (3) all advertising materials mentioning
12 * features or use of this software display the following acknowledgement:
13 * ``This product includes software developed by the University of California,
14 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
15 * the University nor the names of its contributors may be used to endorse
16 * or promote products derived from this software without specific prior
17 * written permission.
18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
19 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
20 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
21 */
22 #ifndef lint
23 static const char rcsid[] =
24 "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.143 2001-01-14 07:57:47 guy Exp $ (LBL)";
25 #endif
26
27 #ifdef HAVE_CONFIG_H
28 #include "config.h"
29 #endif
30
31 #include <sys/types.h>
32 #include <sys/socket.h>
33 #include <sys/time.h>
34 #ifdef __NetBSD__
35 #include <sys/param.h>
36 #endif
37
38 struct mbuf;
39 struct rtentry;
40 #include <net/if.h>
41
42 #include <netinet/in.h>
43
44 #include <stdlib.h>
45 #include <string.h>
46 #include <memory.h>
47 #include <setjmp.h>
48 #include <stdarg.h>
49
50 #include "pcap-int.h"
51
52 #include "ethertype.h"
53 #include "nlpid.h"
54 #include "gencode.h"
55 #include "ppp.h"
56 #include "sll.h"
57 #include <pcap-namedb.h>
58 #ifdef INET6
59 #include <netdb.h>
60 #include <sys/socket.h>
61 #endif /*INET6*/
62
63 /*
64 * LLC SAP values.
65 * Note that these fit in one byte, and are thus less than 1500, and
66 * are thus distinguishable from ETHERTYPE_ values, so we can use them
67 * as protocol types values.
68 */
69 #define LLC_SNAP_LSAP 0xaa
70 #define LLC_ISO_LSAP 0xfe
71 #define LLC_STP_LSAP 0x42
72 #define LLC_IPX_LSAP 0xe0
73
74 #define ETHERMTU 1500
75
76 #ifdef HAVE_OS_PROTO_H
77 #include "os-proto.h"
78 #endif
79
80 #define JMP(c) ((c)|BPF_JMP|BPF_K)
81
82 /* Locals */
83 static jmp_buf top_ctx;
84 static pcap_t *bpf_pcap;
85
86 /* XXX */
87 #ifdef PCAP_FDDIPAD
88 int pcap_fddipad = PCAP_FDDIPAD;
89 #else
90 int pcap_fddipad;
91 #endif
92
93 /* VARARGS */
94 void
95 bpf_error(const char *fmt, ...)
96
97 {
98 va_list ap;
99
100 va_start(ap, fmt);
101 if (bpf_pcap != NULL)
102 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE,
103 fmt, ap);
104 va_end(ap);
105 longjmp(top_ctx, 1);
106 /* NOTREACHED */
107 }
108
109 static void init_linktype(int);
110
111 static int alloc_reg(void);
112 static void free_reg(int);
113
114 static struct block *root;
115
116 /*
117 * We divy out chunks of memory rather than call malloc each time so
118 * we don't have to worry about leaking memory. It's probably
119 * not a big deal if all this memory was wasted but it this ever
120 * goes into a library that would probably not be a good idea.
121 */
122 #define NCHUNKS 16
123 #define CHUNK0SIZE 1024
124 struct chunk {
125 u_int n_left;
126 void *m;
127 };
128
129 static struct chunk chunks[NCHUNKS];
130 static int cur_chunk;
131
132 static void *newchunk(u_int);
133 static void freechunks(void);
134 static inline struct block *new_block(int);
135 static inline struct slist *new_stmt(int);
136 static struct block *gen_retblk(int);
137 static inline void syntax(void);
138
139 static void backpatch(struct block *, struct block *);
140 static void merge(struct block *, struct block *);
141 static struct block *gen_cmp(u_int, u_int, bpf_int32);
142 static struct block *gen_cmp_gt(u_int, u_int, bpf_int32);
143 static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32);
144 static struct block *gen_bcmp(u_int, u_int, const u_char *);
145 static struct block *gen_uncond(int);
146 static inline struct block *gen_true(void);
147 static inline struct block *gen_false(void);
148 static struct block *gen_linktype(int);
149 static struct block *gen_snap(bpf_u_int32, bpf_u_int32, u_int);
150 static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int);
151 #ifdef INET6
152 static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int);
153 #endif
154 static struct block *gen_ehostop(const u_char *, int);
155 static struct block *gen_fhostop(const u_char *, int);
156 static struct block *gen_thostop(const u_char *, int);
157 static struct block *gen_dnhostop(bpf_u_int32, int, u_int);
158 static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int);
159 #ifdef INET6
160 static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int);
161 #endif
162 #ifndef INET6
163 static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int);
164 #endif
165 static struct block *gen_ipfrag(void);
166 static struct block *gen_portatom(int, bpf_int32);
167 #ifdef INET6
168 static struct block *gen_portatom6(int, bpf_int32);
169 #endif
170 struct block *gen_portop(int, int, int);
171 static struct block *gen_port(int, int, int);
172 #ifdef INET6
173 struct block *gen_portop6(int, int, int);
174 static struct block *gen_port6(int, int, int);
175 #endif
176 static int lookup_proto(const char *, int);
177 static struct block *gen_protochain(int, int, int);
178 static struct block *gen_proto(int, int, int);
179 static struct slist *xfer_to_x(struct arth *);
180 static struct slist *xfer_to_a(struct arth *);
181 static struct block *gen_len(int, int);
182
183 static void *
184 newchunk(n)
185 u_int n;
186 {
187 struct chunk *cp;
188 int k, size;
189
190 #ifndef __NetBSD__
191 /* XXX Round up to nearest long. */
192 n = (n + sizeof(long) - 1) & ~(sizeof(long) - 1);
193 #else
194 /* XXX Round up to structure boundary. */
195 n = ALIGN(n);
196 #endif
197
198 cp = &chunks[cur_chunk];
199 if (n > cp->n_left) {
200 ++cp, k = ++cur_chunk;
201 if (k >= NCHUNKS)
202 bpf_error("out of memory");
203 size = CHUNK0SIZE << k;
204 cp->m = (void *)malloc(size);
205 memset((char *)cp->m, 0, size);
206 cp->n_left = size;
207 if (n > size)
208 bpf_error("out of memory");
209 }
210 cp->n_left -= n;
211 return (void *)((char *)cp->m + cp->n_left);
212 }
213
214 static void
215 freechunks()
216 {
217 int i;
218
219 cur_chunk = 0;
220 for (i = 0; i < NCHUNKS; ++i)
221 if (chunks[i].m != NULL) {
222 free(chunks[i].m);
223 chunks[i].m = NULL;
224 }
225 }
226
227 /*
228 * A strdup whose allocations are freed after code generation is over.
229 */
230 char *
231 sdup(s)
232 register const char *s;
233 {
234 int n = strlen(s) + 1;
235 char *cp = newchunk(n);
236
237 strlcpy(cp, s, n);
238 return (cp);
239 }
240
241 static inline struct block *
242 new_block(code)
243 int code;
244 {
245 struct block *p;
246
247 p = (struct block *)newchunk(sizeof(*p));
248 p->s.code = code;
249 p->head = p;
250
251 return p;
252 }
253
254 static inline struct slist *
255 new_stmt(code)
256 int code;
257 {
258 struct slist *p;
259
260 p = (struct slist *)newchunk(sizeof(*p));
261 p->s.code = code;
262
263 return p;
264 }
265
266 static struct block *
267 gen_retblk(v)
268 int v;
269 {
270 struct block *b = new_block(BPF_RET|BPF_K);
271
272 b->s.k = v;
273 return b;
274 }
275
276 static inline void
277 syntax()
278 {
279 bpf_error("syntax error in filter expression");
280 }
281
282 static bpf_u_int32 netmask;
283 static int snaplen;
284 int no_optimize;
285
286 int
287 pcap_compile(pcap_t *p, struct bpf_program *program,
288 char *buf, int optimize, bpf_u_int32 mask)
289 {
290 extern int n_errors;
291 int len;
292
293 no_optimize = 0;
294 n_errors = 0;
295 root = NULL;
296 bpf_pcap = p;
297 if (setjmp(top_ctx)) {
298 lex_cleanup();
299 freechunks();
300 return (-1);
301 }
302
303 netmask = mask;
304
305 snaplen = pcap_snapshot(p);
306 if (snaplen == 0) {
307 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
308 "snaplen of 0 rejects all packets");
309 return -1;
310 }
311
312 lex_init(buf ? buf : "");
313 init_linktype(pcap_datalink(p));
314 (void)pcap_parse();
315
316 if (n_errors)
317 syntax();
318
319 if (root == NULL)
320 root = gen_retblk(snaplen);
321
322 if (optimize && !no_optimize) {
323 bpf_optimize(&root);
324 if (root == NULL ||
325 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0))
326 bpf_error("expression rejects all packets");
327 }
328 program->bf_insns = icode_to_fcode(root, &len);
329 program->bf_len = len;
330
331 lex_cleanup();
332 freechunks();
333 return (0);
334 }
335
336 /*
337 * entry point for using the compiler with no pcap open
338 * pass in all the stuff that is needed explicitly instead.
339 */
340 int
341 pcap_compile_nopcap(int snaplen_arg, int linktype_arg,
342 struct bpf_program *program,
343 char *buf, int optimize, bpf_u_int32 mask)
344 {
345 pcap_t *p;
346 int ret;
347
348 p = pcap_open_dead(linktype_arg, snaplen_arg);
349 if (p == NULL)
350 return (-1);
351 ret = pcap_compile(p, program, buf, optimize, mask);
352 pcap_close(p);
353 return (ret);
354 }
355
356 /*
357 * Clean up a "struct bpf_program" by freeing all the memory allocated
358 * in it.
359 */
360 void
361 pcap_freecode(struct bpf_program *program)
362 {
363 program->bf_len = 0;
364 if (program->bf_insns != NULL) {
365 free((char *)program->bf_insns);
366 program->bf_insns = NULL;
367 }
368 }
369
370 /*
371 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates
372 * which of the jt and jf fields has been resolved and which is a pointer
373 * back to another unresolved block (or nil). At least one of the fields
374 * in each block is already resolved.
375 */
376 static void
377 backpatch(list, target)
378 struct block *list, *target;
379 {
380 struct block *next;
381
382 while (list) {
383 if (!list->sense) {
384 next = JT(list);
385 JT(list) = target;
386 } else {
387 next = JF(list);
388 JF(list) = target;
389 }
390 list = next;
391 }
392 }
393
394 /*
395 * Merge the lists in b0 and b1, using the 'sense' field to indicate
396 * which of jt and jf is the link.
397 */
398 static void
399 merge(b0, b1)
400 struct block *b0, *b1;
401 {
402 register struct block **p = &b0;
403
404 /* Find end of list. */
405 while (*p)
406 p = !((*p)->sense) ? &JT(*p) : &JF(*p);
407
408 /* Concatenate the lists. */
409 *p = b1;
410 }
411
412 void
413 finish_parse(p)
414 struct block *p;
415 {
416 backpatch(p, gen_retblk(snaplen));
417 p->sense = !p->sense;
418 backpatch(p, gen_retblk(0));
419 root = p->head;
420 }
421
422 void
423 gen_and(b0, b1)
424 struct block *b0, *b1;
425 {
426 backpatch(b0, b1->head);
427 b0->sense = !b0->sense;
428 b1->sense = !b1->sense;
429 merge(b1, b0);
430 b1->sense = !b1->sense;
431 b1->head = b0->head;
432 }
433
434 void
435 gen_or(b0, b1)
436 struct block *b0, *b1;
437 {
438 b0->sense = !b0->sense;
439 backpatch(b0, b1->head);
440 b0->sense = !b0->sense;
441 merge(b1, b0);
442 b1->head = b0->head;
443 }
444
445 void
446 gen_not(b)
447 struct block *b;
448 {
449 b->sense = !b->sense;
450 }
451
452 static struct block *
453 gen_cmp(offset, size, v)
454 u_int offset, size;
455 bpf_int32 v;
456 {
457 struct slist *s;
458 struct block *b;
459
460 s = new_stmt(BPF_LD|BPF_ABS|size);
461 s->s.k = offset;
462
463 b = new_block(JMP(BPF_JEQ));
464 b->stmts = s;
465 b->s.k = v;
466
467 return b;
468 }
469
470 static struct block *
471 gen_cmp_gt(offset, size, v)
472 u_int offset, size;
473 bpf_int32 v;
474 {
475 struct slist *s;
476 struct block *b;
477
478 s = new_stmt(BPF_LD|BPF_ABS|size);
479 s->s.k = offset;
480
481 b = new_block(JMP(BPF_JGT));
482 b->stmts = s;
483 b->s.k = v;
484
485 return b;
486 }
487
488 static struct block *
489 gen_mcmp(offset, size, v, mask)
490 u_int offset, size;
491 bpf_int32 v;
492 bpf_u_int32 mask;
493 {
494 struct block *b = gen_cmp(offset, size, v);
495 struct slist *s;
496
497 if (mask != 0xffffffff) {
498 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
499 s->s.k = mask;
500 b->stmts->next = s;
501 }
502 return b;
503 }
504
505 static struct block *
506 gen_bcmp(offset, size, v)
507 register u_int offset, size;
508 register const u_char *v;
509 {
510 register struct block *b, *tmp;
511
512 b = NULL;
513 while (size >= 4) {
514 register const u_char *p = &v[size - 4];
515 bpf_int32 w = ((bpf_int32)p[0] << 24) |
516 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3];
517
518 tmp = gen_cmp(offset + size - 4, BPF_W, w);
519 if (b != NULL)
520 gen_and(b, tmp);
521 b = tmp;
522 size -= 4;
523 }
524 while (size >= 2) {
525 register const u_char *p = &v[size - 2];
526 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1];
527
528 tmp = gen_cmp(offset + size - 2, BPF_H, w);
529 if (b != NULL)
530 gen_and(b, tmp);
531 b = tmp;
532 size -= 2;
533 }
534 if (size > 0) {
535 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]);
536 if (b != NULL)
537 gen_and(b, tmp);
538 b = tmp;
539 }
540 return b;
541 }
542
543 /*
544 * Various code constructs need to know the layout of the data link
545 * layer. These variables give the necessary offsets. off_linktype
546 * is set to -1 for no encapsulation, in which case, IP is assumed.
547 */
548 static u_int off_linktype;
549 static u_int off_nl;
550 static int linktype;
551
552 static void
553 init_linktype(type)
554 int type;
555 {
556 linktype = type;
557
558 switch (type) {
559
560 case DLT_EN10MB:
561 off_linktype = 12;
562 off_nl = 14;
563 return;
564
565 case DLT_SLIP:
566 /*
567 * SLIP doesn't have a link level type. The 16 byte
568 * header is hacked into our SLIP driver.
569 */
570 off_linktype = -1;
571 off_nl = 16;
572 return;
573
574 case DLT_SLIP_BSDOS:
575 /* XXX this may be the same as the DLT_PPP_BSDOS case */
576 off_linktype = -1;
577 /* XXX end */
578 off_nl = 24;
579 return;
580
581 case DLT_NULL:
582 case DLT_LOOP:
583 off_linktype = 0;
584 off_nl = 4;
585 return;
586
587 case DLT_PPP:
588 case DLT_C_HDLC:
589 case DLT_PPP_SERIAL:
590 off_linktype = 2;
591 off_nl = 4;
592 return;
593
594 case DLT_PPP_BSDOS:
595 off_linktype = 5;
596 off_nl = 24;
597 return;
598
599 case DLT_FDDI:
600 /*
601 * FDDI doesn't really have a link-level type field.
602 * We set "off_linktype" to the offset of the LLC header.
603 *
604 * To check for Ethernet types, we assume that SSAP = SNAP
605 * is being used and pick out the encapsulated Ethernet type.
606 * XXX - should we generate code to check for SNAP?
607 */
608 off_linktype = 13;
609 #ifdef PCAP_FDDIPAD
610 off_linktype += pcap_fddipad;
611 #endif
612 off_nl = 21;
613 #ifdef PCAP_FDDIPAD
614 off_nl += pcap_fddipad;
615 #endif
616 return;
617
618 case DLT_IEEE802:
619 /*
620 * Token Ring doesn't really have a link-level type field.
621 * We set "off_linktype" to the offset of the LLC header.
622 *
623 * To check for Ethernet types, we assume that SSAP = SNAP
624 * is being used and pick out the encapsulated Ethernet type.
625 * XXX - should we generate code to check for SNAP?
626 *
627 * XXX - the header is actually variable-length.
628 * Some various Linux patched versions gave 38
629 * as "off_linktype" and 40 as "off_nl"; however,
630 * if a token ring packet has *no* routing
631 * information, i.e. is not source-routed, the correct
632 * values are 20 and 22, as they are in the vanilla code.
633 *
634 * A packet is source-routed iff the uppermost bit
635 * of the first byte of the source address, at an
636 * offset of 8, has the uppermost bit set. If the
637 * packet is source-routed, the total number of bytes
638 * of routing information is 2 plus bits 0x1F00 of
639 * the 16-bit value at an offset of 14 (shifted right
640 * 8 - figure out which byte that is).
641 */
642 off_linktype = 14;
643 off_nl = 22;
644 return;
645
646 case DLT_ATM_RFC1483:
647 /*
648 * assume routed, non-ISO PDUs
649 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00)
650 */
651 off_linktype = 6;
652 off_nl = 8;
653 return;
654
655 case DLT_RAW:
656 off_linktype = -1;
657 off_nl = 0;
658 return;
659
660 case DLT_ATM_CLIP: /* Linux ATM defines this */
661 off_linktype = 6;
662 off_nl = 8;
663 return;
664
665 case DLT_LINUX_SLL: /* fake header for Linux cooked socket */
666 off_linktype = 14;
667 off_nl = 16;
668 return;
669 }
670 bpf_error("unknown data link type %d", linktype);
671 /* NOTREACHED */
672 }
673
674 static struct block *
675 gen_uncond(rsense)
676 int rsense;
677 {
678 struct block *b;
679 struct slist *s;
680
681 s = new_stmt(BPF_LD|BPF_IMM);
682 s->s.k = !rsense;
683 b = new_block(JMP(BPF_JEQ));
684 b->stmts = s;
685
686 return b;
687 }
688
689 static inline struct block *
690 gen_true()
691 {
692 return gen_uncond(1);
693 }
694
695 static inline struct block *
696 gen_false()
697 {
698 return gen_uncond(0);
699 }
700
701 /*
702 * Byte-swap a 32-bit number.
703 * ("htonl()" or "ntohl()" won't work - we want to byte-swap even on
704 * big-endian platforms.)
705 */
706 #define SWAPLONG(y) \
707 ((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff))
708
709 static struct block *
710 gen_linktype(proto)
711 register int proto;
712 {
713 struct block *b0, *b1;
714
715 switch (linktype) {
716
717 case DLT_EN10MB:
718 switch (proto) {
719
720 case LLC_ISO_LSAP:
721 /*
722 * OSI protocols always use 802.2 encapsulation.
723 * XXX - should we check both the DSAP and the
724 * SSAP, like this, or should we check just the
725 * DSAP?
726 */
727 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
728 gen_not(b0);
729 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
730 ((LLC_ISO_LSAP << 8) | LLC_ISO_LSAP));
731 gen_and(b0, b1);
732 return b1;
733
734 case LLC_IPX_LSAP:
735 /*
736 * Check both for the IPX LSAP as the DSAP and
737 * for Netware 802.3, where the type/length
738 * field is a length field (i.e., <= ETHERMTU)
739 * and the first two bytes after the LLC header
740 * are 0xFFFF.
741 *
742 * XXX - check for the IPX Ethertype, 0x8137,
743 * as well?
744 *
745 * This generates code to check both for the
746 * IPX LSAP and for Netware 802.3.
747 */
748 b0 = gen_cmp(off_linktype + 2, BPF_B,
749 (bpf_int32)LLC_IPX_LSAP);
750 b1 = gen_cmp(off_linktype + 2, BPF_H,
751 (bpf_int32)0xFFFF);
752 gen_or(b0, b1);
753
754 /*
755 * Now we generate code to check for 802.3
756 * frames in general.
757 */
758 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
759 gen_not(b0);
760
761 /*
762 * Now check for 802.3 frames and, if that passes,
763 * check for either of the flavors of IPX.
764 */
765 gen_and(b0, b1);
766 return b1;
767
768 case ETHERTYPE_ATALK:
769 case ETHERTYPE_AARP:
770 /*
771 * EtherTalk (AppleTalk protocols on Ethernet link
772 * layer) may use 802.2 encapsulation.
773 */
774
775 /*
776 * Check for 802.2 encapsulation (EtherTalk phase 2?);
777 * we check for an Ethernet type field less than
778 * 1500, which means it's an 802.3 length field.
779 */
780 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
781 gen_not(b0);
782
783 /*
784 * 802.2-encapsulated ETHERTYPE_ATALK packets are
785 * SNAP packets with an organization code of
786 * 0x080007 (Apple, for Appletalk) and a protocol
787 * type of ETHERTYPE_ATALK (Appletalk).
788 *
789 * 802.2-encapsulated ETHERTYPE_AARP packets are
790 * SNAP packets with an organization code of
791 * 0x000000 (encapsulated Ethernet) and a protocol
792 * type of ETHERTYPE_AARP (Appletalk ARP).
793 */
794 if (proto == ETHERTYPE_ATALK)
795 b1 = gen_snap(0x080007, ETHERTYPE_ATALK, 14);
796 else /* proto == ETHERTYPE_AARP */
797 b1 = gen_snap(0x000000, ETHERTYPE_AARP, 14);
798 gen_and(b0, b1);
799
800 /*
801 * Check for Ethernet encapsulation (Ethertalk
802 * phase 1?); we just check for the Ethernet
803 * protocol type.
804 */
805 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
806
807 gen_or(b0, b1);
808 return b1;
809
810 default:
811 if (proto <= ETHERMTU) {
812 /*
813 * This is an LLC SAP value, so the frames
814 * that match would be 802.2 frames.
815 * Check that the frame is an 802.2 frame
816 * (i.e., that the length/type field is
817 * a length field, <= ETHERMTU) and
818 * then check the DSAP.
819 */
820 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
821 gen_not(b0);
822 b1 = gen_cmp(off_linktype + 2, BPF_B,
823 (bpf_int32)proto);
824 gen_and(b0, b1);
825 return b1;
826 } else {
827 /*
828 * This is an Ethernet type, so compare
829 * the length/type field with it (if
830 * the frame is an 802.2 frame, the length
831 * field will be <= ETHERMTU, and, as
832 * "proto" is > ETHERMTU, this test
833 * will fail and the frame won't match,
834 * which is what we want).
835 */
836 return gen_cmp(off_linktype, BPF_H,
837 (bpf_int32)proto);
838 }
839 }
840 break;
841
842 case DLT_FDDI:
843 case DLT_IEEE802:
844 case DLT_ATM_RFC1483:
845 case DLT_ATM_CLIP:
846 /*
847 * XXX - handle token-ring variable-length header.
848 */
849 switch (proto) {
850
851 case LLC_ISO_LSAP:
852 return gen_cmp(off_linktype, BPF_H, (long)
853 ((LLC_ISO_LSAP << 8) | LLC_ISO_LSAP));
854
855 case ETHERTYPE_ATALK:
856 /*
857 * 802.2-encapsulated ETHERTYPE_ATALK packets are
858 * SNAP packets with an organization code of
859 * 0x080007 (Apple, for Appletalk) and a protocol
860 * type of ETHERTYPE_ATALK (Appletalk).
861 *
862 * XXX - check for an organization code of
863 * encapsulated Ethernet as well?
864 */
865 return gen_snap(0x080007, ETHERTYPE_ATALK,
866 off_linktype);
867 break;
868
869 default:
870 /*
871 * XXX - we don't have to check for IPX 802.3
872 * here, but should we check for the IPX Ethertype?
873 */
874 if (proto <= ETHERMTU) {
875 /*
876 * This is an LLC SAP value, so check
877 * the DSAP.
878 */
879 return gen_cmp(off_linktype, BPF_B,
880 (bpf_int32)proto);
881 } else {
882 /*
883 * This is an Ethernet type; we assume
884 * that it's unlikely that it'll
885 * appear in the right place at random,
886 * and therefore check only the
887 * location that would hold the Ethernet
888 * type in a SNAP frame with an organization
889 * code of 0x000000 (encapsulated Ethernet).
890 *
891 * XXX - if we were to check for the SNAP DSAP
892 * and LSAP, as per XXX, and were also to check
893 * for an organization code of 0x000000
894 * (encapsulated Ethernet), we'd do
895 *
896 * return gen_snap(0x000000, proto,
897 * off_linktype);
898 *
899 * here; for now, we don't, as per the above.
900 * I don't know whether it's worth the
901 * extra CPU time to do the right check
902 * or not.
903 */
904 return gen_cmp(off_linktype+6, BPF_H,
905 (bpf_int32)proto);
906 }
907 }
908 break;
909
910 case DLT_LINUX_SLL:
911 switch (proto) {
912
913 case LLC_ISO_LSAP:
914 /*
915 * OSI protocols always use 802.2 encapsulation.
916 * XXX - should we check both the DSAP and the
917 * LSAP, like this, or should we check just the
918 * DSAP?
919 */
920 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
921 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
922 ((LLC_ISO_LSAP << 8) | LLC_ISO_LSAP));
923 gen_and(b0, b1);
924 return b1;
925
926 case LLC_IPX_LSAP:
927 /*
928 * Check both for 802.2 frames with the IPX LSAP as
929 * the DSAP and for Netware 802.3 frames.
930 *
931 * This generates code to check for 802.2 frames
932 * with the IPX LSAP.
933 */
934 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
935 b1 = gen_cmp(off_linktype + 2, BPF_B,
936 (bpf_int32)LLC_IPX_LSAP);
937 gen_and(b0, b1);
938
939 /*
940 * Now check for 802.3 frames and OR that with
941 * the previous test.
942 */
943 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_3);
944 gen_or(b0, b1);
945 return b1;
946
947 case ETHERTYPE_ATALK:
948 case ETHERTYPE_AARP:
949 /*
950 * EtherTalk (AppleTalk protocols on Ethernet link
951 * layer) may use 802.2 encapsulation.
952 */
953
954 /*
955 * Check for 802.2 encapsulation (EtherTalk phase 2?);
956 * we check for the 802.2 protocol type in the
957 * "Ethernet type" field.
958 */
959 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
960
961 /*
962 * 802.2-encapsulated ETHERTYPE_ATALK packets are
963 * SNAP packets with an organization code of
964 * 0x080007 (Apple, for Appletalk) and a protocol
965 * type of ETHERTYPE_ATALK (Appletalk).
966 *
967 * 802.2-encapsulated ETHERTYPE_AARP packets are
968 * SNAP packets with an organization code of
969 * 0x000000 (encapsulated Ethernet) and a protocol
970 * type of ETHERTYPE_AARP (Appletalk ARP).
971 */
972 if (proto == ETHERTYPE_ATALK)
973 b1 = gen_snap(0x080007, ETHERTYPE_ATALK,
974 off_linktype + 2);
975 else /* proto == ETHERTYPE_AARP */
976 b1 = gen_snap(0x000000, ETHERTYPE_AARP,
977 off_linktype + 2);
978 gen_and(b0, b1);
979
980 /*
981 * Check for Ethernet encapsulation (Ethertalk
982 * phase 1?); we just check for the Ethernet
983 * protocol type.
984 */
985 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
986
987 gen_or(b0, b1);
988 return b1;
989
990 default:
991 if (proto <= ETHERMTU) {
992 /*
993 * This is an LLC SAP value, so the frames
994 * that match would be 802.2 frames.
995 * Check for the 802.2 protocol type
996 * in the "Ethernet type" field, and
997 * then check the DSAP.
998 */
999 b0 = gen_cmp(off_linktype, BPF_H,
1000 LINUX_SLL_P_802_2);
1001 b1 = gen_cmp(off_linktype + 2, BPF_B,
1002 (bpf_int32)proto);
1003 gen_and(b0, b1);
1004 return b1;
1005 } else {
1006 /*
1007 * This is an Ethernet type, so compare
1008 * the length/type field with it (if
1009 * the frame is an 802.2 frame, the length
1010 * field will be <= ETHERMTU, and, as
1011 * "proto" is > ETHERMTU, this test
1012 * will fail and the frame won't match,
1013 * which is what we want).
1014 */
1015 return gen_cmp(off_linktype, BPF_H,
1016 (bpf_int32)proto);
1017 }
1018 }
1019 break;
1020
1021 case DLT_SLIP:
1022 case DLT_SLIP_BSDOS:
1023 case DLT_RAW:
1024 /*
1025 * These types don't provide any type field; packets
1026 * are always IP.
1027 *
1028 * XXX - for IPv4, check for a version number of 4, and,
1029 * for IPv6, check for a version number of 6?
1030 */
1031 switch (proto) {
1032
1033 case ETHERTYPE_IP:
1034 #ifdef INET6
1035 case ETHERTYPE_IPV6:
1036 #endif
1037 return gen_true(); /* always true */
1038
1039 default:
1040 return gen_false(); /* always false */
1041 }
1042 break;
1043
1044 case DLT_PPP:
1045 case DLT_PPP_SERIAL:
1046 /*
1047 * We use Ethernet protocol types inside libpcap;
1048 * map them to the corresponding PPP protocol types.
1049 */
1050 switch (proto) {
1051
1052 case ETHERTYPE_IP:
1053 proto = PPP_IP; /* XXX was 0x21 */
1054 break;
1055
1056 #ifdef INET6
1057 case ETHERTYPE_IPV6:
1058 proto = PPP_IPV6;
1059 break;
1060 #endif
1061
1062 case ETHERTYPE_DN:
1063 proto = PPP_DECNET;
1064 break;
1065
1066 case ETHERTYPE_ATALK:
1067 proto = PPP_APPLE;
1068 break;
1069
1070 case ETHERTYPE_NS:
1071 proto = PPP_NS;
1072 break;
1073
1074 case LLC_ISO_LSAP:
1075 proto = PPP_OSI;
1076 break;
1077 }
1078 break;
1079
1080 case DLT_PPP_BSDOS:
1081 /*
1082 * We use Ethernet protocol types inside libpcap;
1083 * map them to the corresponding PPP protocol types.
1084 */
1085 switch (proto) {
1086
1087 case ETHERTYPE_IP:
1088 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP);
1089 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC);
1090 gen_or(b0, b1);
1091 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC);
1092 gen_or(b1, b0);
1093 return b0;
1094
1095 #ifdef INET6
1096 case ETHERTYPE_IPV6:
1097 proto = PPP_IPV6;
1098 /* more to go? */
1099 break;
1100 #endif
1101
1102 case ETHERTYPE_DN:
1103 proto = PPP_DECNET;
1104 break;
1105
1106 case ETHERTYPE_ATALK:
1107 proto = PPP_APPLE;
1108 break;
1109
1110 case ETHERTYPE_NS:
1111 proto = PPP_NS;
1112 break;
1113
1114 case LLC_ISO_LSAP:
1115 proto = PPP_OSI;
1116 break;
1117 }
1118 break;
1119
1120 case DLT_NULL:
1121 case DLT_LOOP:
1122 /*
1123 * For DLT_NULL, the link-layer header is a 32-bit
1124 * word containing an AF_ value in *host* byte order.
1125 *
1126 * In addition, if we're reading a saved capture file,
1127 * the host byte order in the capture may not be the
1128 * same as the host byte order on this machine.
1129 *
1130 * For DLT_LOOP, the link-layer header is a 32-bit
1131 * word containing an AF_ value in *network* byte order.
1132 *
1133 * XXX - AF_ values may, unfortunately, be platform-
1134 * dependent; for example, FreeBSD's AF_INET6 is 24
1135 * whilst NetBSD's and OpenBSD's is 26.
1136 *
1137 * This means that, when reading a capture file, just
1138 * checking for our AF_INET6 value won't work if the
1139 * capture file came from another OS.
1140 */
1141 switch (proto) {
1142
1143 case ETHERTYPE_IP:
1144 proto = AF_INET;
1145 break;
1146
1147 #ifdef INET6
1148 case ETHERTYPE_IPV6:
1149 proto = AF_INET6;
1150 break;
1151 #endif
1152
1153 default:
1154 /*
1155 * Not a type on which we support filtering.
1156 * XXX - support those that have AF_ values
1157 * #defined on this platform, at least?
1158 */
1159 return gen_false();
1160 }
1161
1162 if (linktype == DLT_NULL) {
1163 /*
1164 * The AF_ value is in host byte order, but
1165 * the BPF interpreter will convert it to
1166 * network byte order.
1167 *
1168 * If this is a save file, and it's from a
1169 * machine with the opposite byte order to
1170 * ours, we byte-swap the AF_ value.
1171 *
1172 * Then we run it through "htonl()", and
1173 * generate code to compare against the result.
1174 */
1175 if (bpf_pcap->sf.rfile != NULL &&
1176 bpf_pcap->sf.swapped)
1177 proto = SWAPLONG(proto);
1178 proto = htonl(proto);
1179 }
1180 return (gen_cmp(0, BPF_W, (bpf_int32)proto));
1181 }
1182
1183 /*
1184 * All the types that have no encapsulation should either be
1185 * handled as DLT_SLIP, DLT_SLIP_BSDOS, and DLT_RAW are, if
1186 * all packets are IP packets, or should be handled in some
1187 * special case, if none of them are (if some are and some
1188 * aren't, the lack of encapsulation is a problem, as we'd
1189 * have to find some other way of determining the packet type).
1190 *
1191 * Therefore, if "off_linktype" is -1, there's an error.
1192 */
1193 if (off_linktype == -1)
1194 abort();
1195
1196 /*
1197 * Any type not handled above should always have an Ethernet
1198 * type at an offset of "off_linktype".
1199 */
1200 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1201 }
1202
1203 /*
1204 * Check for an LLC SNAP packet with a given organization code and
1205 * protocol type; we check the entire contents of the 802.2 LLC and
1206 * snap headers, checking for DSAP and SSAP of SNAP and a control
1207 * field of 0x03 in the LLC header, and for the specified organization
1208 * code and protocol type in the SNAP header.
1209 */
1210 static struct block *
1211 gen_snap(orgcode, ptype, offset)
1212 bpf_u_int32 orgcode;
1213 bpf_u_int32 ptype;
1214 u_int offset;
1215 {
1216 u_char snapblock[8];
1217
1218 snapblock[0] = LLC_SNAP_LSAP; /* DSAP = SNAP */
1219 snapblock[1] = LLC_SNAP_LSAP; /* SSAP = SNAP */
1220 snapblock[2] = 0x03; /* control = UI */
1221 snapblock[3] = (orgcode >> 16); /* upper 8 bits of organization code */
1222 snapblock[4] = (orgcode >> 8); /* middle 8 bits of organization code */
1223 snapblock[5] = (orgcode >> 0); /* lower 8 bits of organization code */
1224 snapblock[6] = (ptype >> 8); /* upper 8 bits of protocol type */
1225 snapblock[7] = (ptype >> 0); /* lower 8 bits of protocol type */
1226 return gen_bcmp(offset, 8, snapblock);
1227 }
1228
1229 static struct block *
1230 gen_hostop(addr, mask, dir, proto, src_off, dst_off)
1231 bpf_u_int32 addr;
1232 bpf_u_int32 mask;
1233 int dir, proto;
1234 u_int src_off, dst_off;
1235 {
1236 struct block *b0, *b1;
1237 u_int offset;
1238
1239 switch (dir) {
1240
1241 case Q_SRC:
1242 offset = src_off;
1243 break;
1244
1245 case Q_DST:
1246 offset = dst_off;
1247 break;
1248
1249 case Q_AND:
1250 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
1251 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
1252 gen_and(b0, b1);
1253 return b1;
1254
1255 case Q_OR:
1256 case Q_DEFAULT:
1257 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
1258 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
1259 gen_or(b0, b1);
1260 return b1;
1261
1262 default:
1263 abort();
1264 }
1265 b0 = gen_linktype(proto);
1266 b1 = gen_mcmp(offset, BPF_W, (bpf_int32)addr, mask);
1267 gen_and(b0, b1);
1268 return b1;
1269 }
1270
1271 #ifdef INET6
1272 static struct block *
1273 gen_hostop6(addr, mask, dir, proto, src_off, dst_off)
1274 struct in6_addr *addr;
1275 struct in6_addr *mask;
1276 int dir, proto;
1277 u_int src_off, dst_off;
1278 {
1279 struct block *b0, *b1;
1280 u_int offset;
1281 u_int32_t *a, *m;
1282
1283 switch (dir) {
1284
1285 case Q_SRC:
1286 offset = src_off;
1287 break;
1288
1289 case Q_DST:
1290 offset = dst_off;
1291 break;
1292
1293 case Q_AND:
1294 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
1295 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
1296 gen_and(b0, b1);
1297 return b1;
1298
1299 case Q_OR:
1300 case Q_DEFAULT:
1301 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
1302 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
1303 gen_or(b0, b1);
1304 return b1;
1305
1306 default:
1307 abort();
1308 }
1309 /* this order is important */
1310 a = (u_int32_t *)addr;
1311 m = (u_int32_t *)mask;
1312 b1 = gen_mcmp(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3]));
1313 b0 = gen_mcmp(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2]));
1314 gen_and(b0, b1);
1315 b0 = gen_mcmp(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1]));
1316 gen_and(b0, b1);
1317 b0 = gen_mcmp(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0]));
1318 gen_and(b0, b1);
1319 b0 = gen_linktype(proto);
1320 gen_and(b0, b1);
1321 return b1;
1322 }
1323 #endif /*INET6*/
1324
1325 static struct block *
1326 gen_ehostop(eaddr, dir)
1327 register const u_char *eaddr;
1328 register int dir;
1329 {
1330 register struct block *b0, *b1;
1331
1332 switch (dir) {
1333 case Q_SRC:
1334 return gen_bcmp(6, 6, eaddr);
1335
1336 case Q_DST:
1337 return gen_bcmp(0, 6, eaddr);
1338
1339 case Q_AND:
1340 b0 = gen_ehostop(eaddr, Q_SRC);
1341 b1 = gen_ehostop(eaddr, Q_DST);
1342 gen_and(b0, b1);
1343 return b1;
1344
1345 case Q_DEFAULT:
1346 case Q_OR:
1347 b0 = gen_ehostop(eaddr, Q_SRC);
1348 b1 = gen_ehostop(eaddr, Q_DST);
1349 gen_or(b0, b1);
1350 return b1;
1351 }
1352 abort();
1353 /* NOTREACHED */
1354 }
1355
1356 /*
1357 * Like gen_ehostop, but for DLT_FDDI
1358 */
1359 static struct block *
1360 gen_fhostop(eaddr, dir)
1361 register const u_char *eaddr;
1362 register int dir;
1363 {
1364 struct block *b0, *b1;
1365
1366 switch (dir) {
1367 case Q_SRC:
1368 #ifdef PCAP_FDDIPAD
1369 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr);
1370 #else
1371 return gen_bcmp(6 + 1, 6, eaddr);
1372 #endif
1373
1374 case Q_DST:
1375 #ifdef PCAP_FDDIPAD
1376 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr);
1377 #else
1378 return gen_bcmp(0 + 1, 6, eaddr);
1379 #endif
1380
1381 case Q_AND:
1382 b0 = gen_fhostop(eaddr, Q_SRC);
1383 b1 = gen_fhostop(eaddr, Q_DST);
1384 gen_and(b0, b1);
1385 return b1;
1386
1387 case Q_DEFAULT:
1388 case Q_OR:
1389 b0 = gen_fhostop(eaddr, Q_SRC);
1390 b1 = gen_fhostop(eaddr, Q_DST);
1391 gen_or(b0, b1);
1392 return b1;
1393 }
1394 abort();
1395 /* NOTREACHED */
1396 }
1397
1398 /*
1399 * Like gen_ehostop, but for DLT_IEEE802 (Token Ring)
1400 */
1401 static struct block *
1402 gen_thostop(eaddr, dir)
1403 register const u_char *eaddr;
1404 register int dir;
1405 {
1406 register struct block *b0, *b1;
1407
1408 switch (dir) {
1409 case Q_SRC:
1410 return gen_bcmp(8, 6, eaddr);
1411
1412 case Q_DST:
1413 return gen_bcmp(2, 6, eaddr);
1414
1415 case Q_AND:
1416 b0 = gen_thostop(eaddr, Q_SRC);
1417 b1 = gen_thostop(eaddr, Q_DST);
1418 gen_and(b0, b1);
1419 return b1;
1420
1421 case Q_DEFAULT:
1422 case Q_OR:
1423 b0 = gen_thostop(eaddr, Q_SRC);
1424 b1 = gen_thostop(eaddr, Q_DST);
1425 gen_or(b0, b1);
1426 return b1;
1427 }
1428 abort();
1429 /* NOTREACHED */
1430 }
1431
1432 /*
1433 * This is quite tricky because there may be pad bytes in front of the
1434 * DECNET header, and then there are two possible data packet formats that
1435 * carry both src and dst addresses, plus 5 packet types in a format that
1436 * carries only the src node, plus 2 types that use a different format and
1437 * also carry just the src node.
1438 *
1439 * Yuck.
1440 *
1441 * Instead of doing those all right, we just look for data packets with
1442 * 0 or 1 bytes of padding. If you want to look at other packets, that
1443 * will require a lot more hacking.
1444 *
1445 * To add support for filtering on DECNET "areas" (network numbers)
1446 * one would want to add a "mask" argument to this routine. That would
1447 * make the filter even more inefficient, although one could be clever
1448 * and not generate masking instructions if the mask is 0xFFFF.
1449 */
1450 static struct block *
1451 gen_dnhostop(addr, dir, base_off)
1452 bpf_u_int32 addr;
1453 int dir;
1454 u_int base_off;
1455 {
1456 struct block *b0, *b1, *b2, *tmp;
1457 u_int offset_lh; /* offset if long header is received */
1458 u_int offset_sh; /* offset if short header is received */
1459
1460 switch (dir) {
1461
1462 case Q_DST:
1463 offset_sh = 1; /* follows flags */
1464 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */
1465 break;
1466
1467 case Q_SRC:
1468 offset_sh = 3; /* follows flags, dstnode */
1469 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */
1470 break;
1471
1472 case Q_AND:
1473 /* Inefficient because we do our Calvinball dance twice */
1474 b0 = gen_dnhostop(addr, Q_SRC, base_off);
1475 b1 = gen_dnhostop(addr, Q_DST, base_off);
1476 gen_and(b0, b1);
1477 return b1;
1478
1479 case Q_OR:
1480 case Q_DEFAULT:
1481 /* Inefficient because we do our Calvinball dance twice */
1482 b0 = gen_dnhostop(addr, Q_SRC, base_off);
1483 b1 = gen_dnhostop(addr, Q_DST, base_off);
1484 gen_or(b0, b1);
1485 return b1;
1486
1487 case Q_ISO:
1488 bpf_error("ISO host filtering not implemented");
1489
1490 default:
1491 abort();
1492 }
1493 b0 = gen_linktype(ETHERTYPE_DN);
1494 /* Check for pad = 1, long header case */
1495 tmp = gen_mcmp(base_off + 2, BPF_H,
1496 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF));
1497 b1 = gen_cmp(base_off + 2 + 1 + offset_lh,
1498 BPF_H, (bpf_int32)ntohs(addr));
1499 gen_and(tmp, b1);
1500 /* Check for pad = 0, long header case */
1501 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7);
1502 b2 = gen_cmp(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr));
1503 gen_and(tmp, b2);
1504 gen_or(b2, b1);
1505 /* Check for pad = 1, short header case */
1506 tmp = gen_mcmp(base_off + 2, BPF_H,
1507 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF));
1508 b2 = gen_cmp(base_off + 2 + 1 + offset_sh,
1509 BPF_H, (bpf_int32)ntohs(addr));
1510 gen_and(tmp, b2);
1511 gen_or(b2, b1);
1512 /* Check for pad = 0, short header case */
1513 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7);
1514 b2 = gen_cmp(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr));
1515 gen_and(tmp, b2);
1516 gen_or(b2, b1);
1517
1518 /* Combine with test for linktype */
1519 gen_and(b0, b1);
1520 return b1;
1521 }
1522
1523 static struct block *
1524 gen_host(addr, mask, proto, dir)
1525 bpf_u_int32 addr;
1526 bpf_u_int32 mask;
1527 int proto;
1528 int dir;
1529 {
1530 struct block *b0, *b1;
1531
1532 switch (proto) {
1533
1534 case Q_DEFAULT:
1535 b0 = gen_host(addr, mask, Q_IP, dir);
1536 if (off_linktype != -1) {
1537 b1 = gen_host(addr, mask, Q_ARP, dir);
1538 gen_or(b0, b1);
1539 b0 = gen_host(addr, mask, Q_RARP, dir);
1540 gen_or(b1, b0);
1541 }
1542 return b0;
1543
1544 case Q_IP:
1545 return gen_hostop(addr, mask, dir, ETHERTYPE_IP,
1546 off_nl + 12, off_nl + 16);
1547
1548 case Q_RARP:
1549 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP,
1550 off_nl + 14, off_nl + 24);
1551
1552 case Q_ARP:
1553 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP,
1554 off_nl + 14, off_nl + 24);
1555
1556 case Q_TCP:
1557 bpf_error("'tcp' modifier applied to host");
1558
1559 case Q_UDP:
1560 bpf_error("'udp' modifier applied to host");
1561
1562 case Q_ICMP:
1563 bpf_error("'icmp' modifier applied to host");
1564
1565 case Q_IGMP:
1566 bpf_error("'igmp' modifier applied to host");
1567
1568 case Q_IGRP:
1569 bpf_error("'igrp' modifier applied to host");
1570
1571 case Q_PIM:
1572 bpf_error("'pim' modifier applied to host");
1573
1574 case Q_ATALK:
1575 bpf_error("ATALK host filtering not implemented");
1576
1577 case Q_AARP:
1578 bpf_error("AARP host filtering not implemented");
1579
1580 case Q_DECNET:
1581 return gen_dnhostop(addr, dir, off_nl);
1582
1583 case Q_SCA:
1584 bpf_error("SCA host filtering not implemented");
1585
1586 case Q_LAT:
1587 bpf_error("LAT host filtering not implemented");
1588
1589 case Q_MOPDL:
1590 bpf_error("MOPDL host filtering not implemented");
1591
1592 case Q_MOPRC:
1593 bpf_error("MOPRC host filtering not implemented");
1594
1595 #ifdef INET6
1596 case Q_IPV6:
1597 bpf_error("'ip6' modifier applied to ip host");
1598
1599 case Q_ICMPV6:
1600 bpf_error("'icmp6' modifier applied to host");
1601 #endif /* INET6 */
1602
1603 case Q_AH:
1604 bpf_error("'ah' modifier applied to host");
1605
1606 case Q_ESP:
1607 bpf_error("'esp' modifier applied to host");
1608
1609 case Q_ISO:
1610 bpf_error("ISO host filtering not implemented");
1611
1612 case Q_ESIS:
1613 bpf_error("'esis' modifier applied to host");
1614
1615 case Q_ISIS:
1616 bpf_error("'isis' modifier applied to host");
1617
1618 case Q_CLNP:
1619 bpf_error("'clnp' modifier applied to host");
1620
1621 case Q_STP:
1622 bpf_error("'stp' modifier applied to host");
1623
1624 case Q_IPX:
1625 bpf_error("IPX host filtering not implemented");
1626
1627 default:
1628 abort();
1629 }
1630 /* NOTREACHED */
1631 }
1632
1633 #ifdef INET6
1634 static struct block *
1635 gen_host6(addr, mask, proto, dir)
1636 struct in6_addr *addr;
1637 struct in6_addr *mask;
1638 int proto;
1639 int dir;
1640 {
1641 switch (proto) {
1642
1643 case Q_DEFAULT:
1644 return gen_host6(addr, mask, Q_IPV6, dir);
1645
1646 case Q_IP:
1647 bpf_error("'ip' modifier applied to ip6 host");
1648
1649 case Q_RARP:
1650 bpf_error("'rarp' modifier applied to ip6 host");
1651
1652 case Q_ARP:
1653 bpf_error("'arp' modifier applied to ip6 host");
1654
1655 case Q_TCP:
1656 bpf_error("'tcp' modifier applied to host");
1657
1658 case Q_UDP:
1659 bpf_error("'udp' modifier applied to host");
1660
1661 case Q_ICMP:
1662 bpf_error("'icmp' modifier applied to host");
1663
1664 case Q_IGMP:
1665 bpf_error("'igmp' modifier applied to host");
1666
1667 case Q_IGRP:
1668 bpf_error("'igrp' modifier applied to host");
1669
1670 case Q_PIM:
1671 bpf_error("'pim' modifier applied to host");
1672
1673 case Q_ATALK:
1674 bpf_error("ATALK host filtering not implemented");
1675
1676 case Q_AARP:
1677 bpf_error("AARP host filtering not implemented");
1678
1679 case Q_DECNET:
1680 bpf_error("'decnet' modifier applied to ip6 host");
1681
1682 case Q_SCA:
1683 bpf_error("SCA host filtering not implemented");
1684
1685 case Q_LAT:
1686 bpf_error("LAT host filtering not implemented");
1687
1688 case Q_MOPDL:
1689 bpf_error("MOPDL host filtering not implemented");
1690
1691 case Q_MOPRC:
1692 bpf_error("MOPRC host filtering not implemented");
1693
1694 case Q_IPV6:
1695 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6,
1696 off_nl + 8, off_nl + 24);
1697
1698 case Q_ICMPV6:
1699 bpf_error("'icmp6' modifier applied to host");
1700
1701 case Q_AH:
1702 bpf_error("'ah' modifier applied to host");
1703
1704 case Q_ESP:
1705 bpf_error("'esp' modifier applied to host");
1706
1707 case Q_ISO:
1708 bpf_error("ISO host filtering not implemented");
1709
1710 case Q_ESIS:
1711 bpf_error("'esis' modifier applied to host");
1712
1713 case Q_ISIS:
1714 bpf_error("'isis' modifier applied to host");
1715
1716 case Q_CLNP:
1717 bpf_error("'clnp' modifier applied to host");
1718
1719 case Q_STP:
1720 bpf_error("'stp' modifier applied to host");
1721
1722 case Q_IPX:
1723 bpf_error("IPX host filtering not implemented");
1724
1725 default:
1726 abort();
1727 }
1728 /* NOTREACHED */
1729 }
1730 #endif /*INET6*/
1731
1732 #ifndef INET6
1733 static struct block *
1734 gen_gateway(eaddr, alist, proto, dir)
1735 const u_char *eaddr;
1736 bpf_u_int32 **alist;
1737 int proto;
1738 int dir;
1739 {
1740 struct block *b0, *b1, *tmp;
1741
1742 if (dir != 0)
1743 bpf_error("direction applied to 'gateway'");
1744
1745 switch (proto) {
1746 case Q_DEFAULT:
1747 case Q_IP:
1748 case Q_ARP:
1749 case Q_RARP:
1750 if (linktype == DLT_EN10MB)
1751 b0 = gen_ehostop(eaddr, Q_OR);
1752 else if (linktype == DLT_FDDI)
1753 b0 = gen_fhostop(eaddr, Q_OR);
1754 else if (linktype == DLT_IEEE802)
1755 b0 = gen_thostop(eaddr, Q_OR);
1756 else
1757 bpf_error(
1758 "'gateway' supported only on ethernet, FDDI or token ring");
1759
1760 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR);
1761 while (*alist) {
1762 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR);
1763 gen_or(b1, tmp);
1764 b1 = tmp;
1765 }
1766 gen_not(b1);
1767 gen_and(b0, b1);
1768 return b1;
1769 }
1770 bpf_error("illegal modifier of 'gateway'");
1771 /* NOTREACHED */
1772 }
1773 #endif
1774
1775 struct block *
1776 gen_proto_abbrev(proto)
1777 int proto;
1778 {
1779 #ifdef INET6
1780 struct block *b0;
1781 #endif
1782 struct block *b1;
1783
1784 switch (proto) {
1785
1786 case Q_TCP:
1787 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT);
1788 #ifdef INET6
1789 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT);
1790 gen_or(b0, b1);
1791 #endif
1792 break;
1793
1794 case Q_UDP:
1795 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT);
1796 #ifdef INET6
1797 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT);
1798 gen_or(b0, b1);
1799 #endif
1800 break;
1801
1802 case Q_ICMP:
1803 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT);
1804 break;
1805
1806 #ifndef IPPROTO_IGMP
1807 #define IPPROTO_IGMP 2
1808 #endif
1809
1810 case Q_IGMP:
1811 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT);
1812 break;
1813
1814 #ifndef IPPROTO_IGRP
1815 #define IPPROTO_IGRP 9
1816 #endif
1817 case Q_IGRP:
1818 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT);
1819 break;
1820
1821 #ifndef IPPROTO_PIM
1822 #define IPPROTO_PIM 103
1823 #endif
1824
1825 case Q_PIM:
1826 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT);
1827 #ifdef INET6
1828 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT);
1829 gen_or(b0, b1);
1830 #endif
1831 break;
1832
1833 case Q_IP:
1834 b1 = gen_linktype(ETHERTYPE_IP);
1835 break;
1836
1837 case Q_ARP:
1838 b1 = gen_linktype(ETHERTYPE_ARP);
1839 break;
1840
1841 case Q_RARP:
1842 b1 = gen_linktype(ETHERTYPE_REVARP);
1843 break;
1844
1845 case Q_LINK:
1846 bpf_error("link layer applied in wrong context");
1847
1848 case Q_ATALK:
1849 b1 = gen_linktype(ETHERTYPE_ATALK);
1850 break;
1851
1852 case Q_AARP:
1853 b1 = gen_linktype(ETHERTYPE_AARP);
1854 break;
1855
1856 case Q_DECNET:
1857 b1 = gen_linktype(ETHERTYPE_DN);
1858 break;
1859
1860 case Q_SCA:
1861 b1 = gen_linktype(ETHERTYPE_SCA);
1862 break;
1863
1864 case Q_LAT:
1865 b1 = gen_linktype(ETHERTYPE_LAT);
1866 break;
1867
1868 case Q_MOPDL:
1869 b1 = gen_linktype(ETHERTYPE_MOPDL);
1870 break;
1871
1872 case Q_MOPRC:
1873 b1 = gen_linktype(ETHERTYPE_MOPRC);
1874 break;
1875
1876 #ifdef INET6
1877 case Q_IPV6:
1878 b1 = gen_linktype(ETHERTYPE_IPV6);
1879 break;
1880
1881 #ifndef IPPROTO_ICMPV6
1882 #define IPPROTO_ICMPV6 58
1883 #endif
1884 case Q_ICMPV6:
1885 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT);
1886 break;
1887 #endif /* INET6 */
1888
1889 #ifndef IPPROTO_AH
1890 #define IPPROTO_AH 51
1891 #endif
1892 case Q_AH:
1893 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT);
1894 #ifdef INET6
1895 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT);
1896 gen_or(b0, b1);
1897 #endif
1898 break;
1899
1900 #ifndef IPPROTO_ESP
1901 #define IPPROTO_ESP 50
1902 #endif
1903 case Q_ESP:
1904 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT);
1905 #ifdef INET6
1906 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT);
1907 gen_or(b0, b1);
1908 #endif
1909 break;
1910
1911 case Q_ISO:
1912 b1 = gen_linktype(LLC_ISO_LSAP);
1913 break;
1914
1915 case Q_ESIS:
1916 b1 = gen_proto(ISO9542_ESIS, Q_ISO, Q_DEFAULT);
1917 break;
1918
1919 case Q_ISIS:
1920 b1 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT);
1921 break;
1922
1923 case Q_CLNP:
1924 b1 = gen_proto(ISO8473_CLNP, Q_ISO, Q_DEFAULT);
1925 break;
1926
1927 case Q_STP:
1928 b1 = gen_linktype(LLC_STP_LSAP);
1929 break;
1930
1931 case Q_IPX:
1932 b1 = gen_linktype(LLC_IPX_LSAP);
1933 break;
1934
1935 default:
1936 abort();
1937 }
1938 return b1;
1939 }
1940
1941 static struct block *
1942 gen_ipfrag()
1943 {
1944 struct slist *s;
1945 struct block *b;
1946
1947 /* not ip frag */
1948 s = new_stmt(BPF_LD|BPF_H|BPF_ABS);
1949 s->s.k = off_nl + 6;
1950 b = new_block(JMP(BPF_JSET));
1951 b->s.k = 0x1fff;
1952 b->stmts = s;
1953 gen_not(b);
1954
1955 return b;
1956 }
1957
1958 static struct block *
1959 gen_portatom(off, v)
1960 int off;
1961 bpf_int32 v;
1962 {
1963 struct slist *s;
1964 struct block *b;
1965
1966 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
1967 s->s.k = off_nl;
1968
1969 s->next = new_stmt(BPF_LD|BPF_IND|BPF_H);
1970 s->next->s.k = off_nl + off;
1971
1972 b = new_block(JMP(BPF_JEQ));
1973 b->stmts = s;
1974 b->s.k = v;
1975
1976 return b;
1977 }
1978
1979 #ifdef INET6
1980 static struct block *
1981 gen_portatom6(off, v)
1982 int off;
1983 bpf_int32 v;
1984 {
1985 return gen_cmp(off_nl + 40 + off, BPF_H, v);
1986 }
1987 #endif/*INET6*/
1988
1989 struct block *
1990 gen_portop(port, proto, dir)
1991 int port, proto, dir;
1992 {
1993 struct block *b0, *b1, *tmp;
1994
1995 /* ip proto 'proto' */
1996 tmp = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)proto);
1997 b0 = gen_ipfrag();
1998 gen_and(tmp, b0);
1999
2000 switch (dir) {
2001 case Q_SRC:
2002 b1 = gen_portatom(0, (bpf_int32)port);
2003 break;
2004
2005 case Q_DST:
2006 b1 = gen_portatom(2, (bpf_int32)port);
2007 break;
2008
2009 case Q_OR:
2010 case Q_DEFAULT:
2011 tmp = gen_portatom(0, (bpf_int32)port);
2012 b1 = gen_portatom(2, (bpf_int32)port);
2013 gen_or(tmp, b1);
2014 break;
2015
2016 case Q_AND:
2017 tmp = gen_portatom(0, (bpf_int32)port);
2018 b1 = gen_portatom(2, (bpf_int32)port);
2019 gen_and(tmp, b1);
2020 break;
2021
2022 default:
2023 abort();
2024 }
2025 gen_and(b0, b1);
2026
2027 return b1;
2028 }
2029
2030 static struct block *
2031 gen_port(port, ip_proto, dir)
2032 int port;
2033 int ip_proto;
2034 int dir;
2035 {
2036 struct block *b0, *b1, *tmp;
2037
2038 /* ether proto ip */
2039 b0 = gen_linktype(ETHERTYPE_IP);
2040
2041 switch (ip_proto) {
2042 case IPPROTO_UDP:
2043 case IPPROTO_TCP:
2044 b1 = gen_portop(port, ip_proto, dir);
2045 break;
2046
2047 case PROTO_UNDEF:
2048 tmp = gen_portop(port, IPPROTO_TCP, dir);
2049 b1 = gen_portop(port, IPPROTO_UDP, dir);
2050 gen_or(tmp, b1);
2051 break;
2052
2053 default:
2054 abort();
2055 }
2056 gen_and(b0, b1);
2057 return b1;
2058 }
2059
2060 #ifdef INET6
2061 struct block *
2062 gen_portop6(port, proto, dir)
2063 int port, proto, dir;
2064 {
2065 struct block *b0, *b1, *tmp;
2066
2067 /* ip proto 'proto' */
2068 b0 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)proto);
2069
2070 switch (dir) {
2071 case Q_SRC:
2072 b1 = gen_portatom6(0, (bpf_int32)port);
2073 break;
2074
2075 case Q_DST:
2076 b1 = gen_portatom6(2, (bpf_int32)port);
2077 break;
2078
2079 case Q_OR:
2080 case Q_DEFAULT:
2081 tmp = gen_portatom6(0, (bpf_int32)port);
2082 b1 = gen_portatom6(2, (bpf_int32)port);
2083 gen_or(tmp, b1);
2084 break;
2085
2086 case Q_AND:
2087 tmp = gen_portatom6(0, (bpf_int32)port);
2088 b1 = gen_portatom6(2, (bpf_int32)port);
2089 gen_and(tmp, b1);
2090 break;
2091
2092 default:
2093 abort();
2094 }
2095 gen_and(b0, b1);
2096
2097 return b1;
2098 }
2099
2100 static struct block *
2101 gen_port6(port, ip_proto, dir)
2102 int port;
2103 int ip_proto;
2104 int dir;
2105 {
2106 struct block *b0, *b1, *tmp;
2107
2108 /* ether proto ip */
2109 b0 = gen_linktype(ETHERTYPE_IPV6);
2110
2111 switch (ip_proto) {
2112 case IPPROTO_UDP:
2113 case IPPROTO_TCP:
2114 b1 = gen_portop6(port, ip_proto, dir);
2115 break;
2116
2117 case PROTO_UNDEF:
2118 tmp = gen_portop6(port, IPPROTO_TCP, dir);
2119 b1 = gen_portop6(port, IPPROTO_UDP, dir);
2120 gen_or(tmp, b1);
2121 break;
2122
2123 default:
2124 abort();
2125 }
2126 gen_and(b0, b1);
2127 return b1;
2128 }
2129 #endif /* INET6 */
2130
2131 static int
2132 lookup_proto(name, proto)
2133 register const char *name;
2134 register int proto;
2135 {
2136 register int v;
2137
2138 switch (proto) {
2139
2140 case Q_DEFAULT:
2141 case Q_IP:
2142 v = pcap_nametoproto(name);
2143 if (v == PROTO_UNDEF)
2144 bpf_error("unknown ip proto '%s'", name);
2145 break;
2146
2147 case Q_LINK:
2148 /* XXX should look up h/w protocol type based on linktype */
2149 v = pcap_nametoeproto(name);
2150 if (v == PROTO_UNDEF)
2151 bpf_error("unknown ether proto '%s'", name);
2152 break;
2153
2154 case Q_ISO:
2155 if (strcmp(name, "esis") == 0)
2156 v = ISO9542_ESIS;
2157 else if (strcmp(name, "isis") == 0)
2158 v = ISO10589_ISIS;
2159 else if (strcmp(name, "clnp") == 0)
2160 v = ISO8473_CLNP;
2161 else
2162 bpf_error("unknown osi proto '%s'", name);
2163 break;
2164
2165 default:
2166 v = PROTO_UNDEF;
2167 break;
2168 }
2169 return v;
2170 }
2171
2172 #if 0
2173 struct stmt *
2174 gen_joinsp(s, n)
2175 struct stmt **s;
2176 int n;
2177 {
2178 return NULL;
2179 }
2180 #endif
2181
2182 static struct block *
2183 gen_protochain(v, proto, dir)
2184 int v;
2185 int proto;
2186 int dir;
2187 {
2188 #ifdef NO_PROTOCHAIN
2189 return gen_proto(v, proto, dir);
2190 #else
2191 struct block *b0, *b;
2192 struct slist *s[100];
2193 int fix2, fix3, fix4, fix5;
2194 int ahcheck, again, end;
2195 int i, max;
2196 int reg2 = alloc_reg();
2197
2198 memset(s, 0, sizeof(s));
2199 fix2 = fix3 = fix4 = fix5 = 0;
2200
2201 switch (proto) {
2202 case Q_IP:
2203 case Q_IPV6:
2204 break;
2205 case Q_DEFAULT:
2206 b0 = gen_protochain(v, Q_IP, dir);
2207 b = gen_protochain(v, Q_IPV6, dir);
2208 gen_or(b0, b);
2209 return b;
2210 default:
2211 bpf_error("bad protocol applied for 'protochain'");
2212 /*NOTREACHED*/
2213 }
2214
2215 no_optimize = 1; /*this code is not compatible with optimzer yet */
2216
2217 /*
2218 * s[0] is a dummy entry to protect other BPF insn from damaged
2219 * by s[fix] = foo with uninitialized variable "fix". It is somewhat
2220 * hard to find interdependency made by jump table fixup.
2221 */
2222 i = 0;
2223 s[i] = new_stmt(0); /*dummy*/
2224 i++;
2225
2226 switch (proto) {
2227 case Q_IP:
2228 b0 = gen_linktype(ETHERTYPE_IP);
2229
2230 /* A = ip->ip_p */
2231 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
2232 s[i]->s.k = off_nl + 9;
2233 i++;
2234 /* X = ip->ip_hl << 2 */
2235 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
2236 s[i]->s.k = off_nl;
2237 i++;
2238 break;
2239 #ifdef INET6
2240 case Q_IPV6:
2241 b0 = gen_linktype(ETHERTYPE_IPV6);
2242
2243 /* A = ip6->ip_nxt */
2244 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
2245 s[i]->s.k = off_nl + 6;
2246 i++;
2247 /* X = sizeof(struct ip6_hdr) */
2248 s[i] = new_stmt(BPF_LDX|BPF_IMM);
2249 s[i]->s.k = 40;
2250 i++;
2251 break;
2252 #endif
2253 default:
2254 bpf_error("unsupported proto to gen_protochain");
2255 /*NOTREACHED*/
2256 }
2257
2258 /* again: if (A == v) goto end; else fall through; */
2259 again = i;
2260 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2261 s[i]->s.k = v;
2262 s[i]->s.jt = NULL; /*later*/
2263 s[i]->s.jf = NULL; /*update in next stmt*/
2264 fix5 = i;
2265 i++;
2266
2267 #ifndef IPPROTO_NONE
2268 #define IPPROTO_NONE 59
2269 #endif
2270 /* if (A == IPPROTO_NONE) goto end */
2271 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2272 s[i]->s.jt = NULL; /*later*/
2273 s[i]->s.jf = NULL; /*update in next stmt*/
2274 s[i]->s.k = IPPROTO_NONE;
2275 s[fix5]->s.jf = s[i];
2276 fix2 = i;
2277 i++;
2278
2279 #ifdef INET6
2280 if (proto == Q_IPV6) {
2281 int v6start, v6end, v6advance, j;
2282
2283 v6start = i;
2284 /* if (A == IPPROTO_HOPOPTS) goto v6advance */
2285 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2286 s[i]->s.jt = NULL; /*later*/
2287 s[i]->s.jf = NULL; /*update in next stmt*/
2288 s[i]->s.k = IPPROTO_HOPOPTS;
2289 s[fix2]->s.jf = s[i];
2290 i++;
2291 /* if (A == IPPROTO_DSTOPTS) goto v6advance */
2292 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2293 s[i]->s.jt = NULL; /*later*/
2294 s[i]->s.jf = NULL; /*update in next stmt*/
2295 s[i]->s.k = IPPROTO_DSTOPTS;
2296 i++;
2297 /* if (A == IPPROTO_ROUTING) goto v6advance */
2298 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2299 s[i]->s.jt = NULL; /*later*/
2300 s[i]->s.jf = NULL; /*update in next stmt*/
2301 s[i]->s.k = IPPROTO_ROUTING;
2302 i++;
2303 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */
2304 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2305 s[i]->s.jt = NULL; /*later*/
2306 s[i]->s.jf = NULL; /*later*/
2307 s[i]->s.k = IPPROTO_FRAGMENT;
2308 fix3 = i;
2309 v6end = i;
2310 i++;
2311
2312 /* v6advance: */
2313 v6advance = i;
2314
2315 /*
2316 * in short,
2317 * A = P[X];
2318 * X = X + (P[X + 1] + 1) * 8;
2319 */
2320 /* A = X */
2321 s[i] = new_stmt(BPF_MISC|BPF_TXA);
2322 i++;
2323 /* A = P[X + packet head] */
2324 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2325 s[i]->s.k = off_nl;
2326 i++;
2327 /* MEM[reg2] = A */
2328 s[i] = new_stmt(BPF_ST);
2329 s[i]->s.k = reg2;
2330 i++;
2331 /* A = X */
2332 s[i] = new_stmt(BPF_MISC|BPF_TXA);
2333 i++;
2334 /* A += 1 */
2335 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2336 s[i]->s.k = 1;
2337 i++;
2338 /* X = A */
2339 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2340 i++;
2341 /* A = P[X + packet head]; */
2342 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2343 s[i]->s.k = off_nl;
2344 i++;
2345 /* A += 1 */
2346 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2347 s[i]->s.k = 1;
2348 i++;
2349 /* A *= 8 */
2350 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
2351 s[i]->s.k = 8;
2352 i++;
2353 /* X = A; */
2354 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2355 i++;
2356 /* A = MEM[reg2] */
2357 s[i] = new_stmt(BPF_LD|BPF_MEM);
2358 s[i]->s.k = reg2;
2359 i++;
2360
2361 /* goto again; (must use BPF_JA for backward jump) */
2362 s[i] = new_stmt(BPF_JMP|BPF_JA);
2363 s[i]->s.k = again - i - 1;
2364 s[i - 1]->s.jf = s[i];
2365 i++;
2366
2367 /* fixup */
2368 for (j = v6start; j <= v6end; j++)
2369 s[j]->s.jt = s[v6advance];
2370 } else
2371 #endif
2372 {
2373 /* nop */
2374 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2375 s[i]->s.k = 0;
2376 s[fix2]->s.jf = s[i];
2377 i++;
2378 }
2379
2380 /* ahcheck: */
2381 ahcheck = i;
2382 /* if (A == IPPROTO_AH) then fall through; else goto end; */
2383 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2384 s[i]->s.jt = NULL; /*later*/
2385 s[i]->s.jf = NULL; /*later*/
2386 s[i]->s.k = IPPROTO_AH;
2387 if (fix3)
2388 s[fix3]->s.jf = s[ahcheck];
2389 fix4 = i;
2390 i++;
2391
2392 /*
2393 * in short,
2394 * A = P[X];
2395 * X = X + (P[X + 1] + 2) * 4;
2396 */
2397 /* A = X */
2398 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
2399 i++;
2400 /* A = P[X + packet head]; */
2401 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2402 s[i]->s.k = off_nl;
2403 i++;
2404 /* MEM[reg2] = A */
2405 s[i] = new_stmt(BPF_ST);
2406 s[i]->s.k = reg2;
2407 i++;
2408 /* A = X */
2409 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
2410 i++;
2411 /* A += 1 */
2412 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2413 s[i]->s.k = 1;
2414 i++;
2415 /* X = A */
2416 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2417 i++;
2418 /* A = P[X + packet head] */
2419 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2420 s[i]->s.k = off_nl;
2421 i++;
2422 /* A += 2 */
2423 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2424 s[i]->s.k = 2;
2425 i++;
2426 /* A *= 4 */
2427 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
2428 s[i]->s.k = 4;
2429 i++;
2430 /* X = A; */
2431 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2432 i++;
2433 /* A = MEM[reg2] */
2434 s[i] = new_stmt(BPF_LD|BPF_MEM);
2435 s[i]->s.k = reg2;
2436 i++;
2437
2438 /* goto again; (must use BPF_JA for backward jump) */
2439 s[i] = new_stmt(BPF_JMP|BPF_JA);
2440 s[i]->s.k = again - i - 1;
2441 i++;
2442
2443 /* end: nop */
2444 end = i;
2445 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2446 s[i]->s.k = 0;
2447 s[fix2]->s.jt = s[end];
2448 s[fix4]->s.jf = s[end];
2449 s[fix5]->s.jt = s[end];
2450 i++;
2451
2452 /*
2453 * make slist chain
2454 */
2455 max = i;
2456 for (i = 0; i < max - 1; i++)
2457 s[i]->next = s[i + 1];
2458 s[max - 1]->next = NULL;
2459
2460 /*
2461 * emit final check
2462 */
2463 b = new_block(JMP(BPF_JEQ));
2464 b->stmts = s[1]; /*remember, s[0] is dummy*/
2465 b->s.k = v;
2466
2467 free_reg(reg2);
2468
2469 gen_and(b0, b);
2470 return b;
2471 #endif
2472 }
2473
2474 static struct block *
2475 gen_proto(v, proto, dir)
2476 int v;
2477 int proto;
2478 int dir;
2479 {
2480 struct block *b0, *b1;
2481
2482 if (dir != Q_DEFAULT)
2483 bpf_error("direction applied to 'proto'");
2484
2485 switch (proto) {
2486 case Q_DEFAULT:
2487 #ifdef INET6
2488 b0 = gen_proto(v, Q_IP, dir);
2489 b1 = gen_proto(v, Q_IPV6, dir);
2490 gen_or(b0, b1);
2491 return b1;
2492 #else
2493 /*FALLTHROUGH*/
2494 #endif
2495 case Q_IP:
2496 b0 = gen_linktype(ETHERTYPE_IP);
2497 #ifndef CHASE_CHAIN
2498 b1 = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)v);
2499 #else
2500 b1 = gen_protochain(v, Q_IP);
2501 #endif
2502 gen_and(b0, b1);
2503 return b1;
2504
2505 case Q_ISO:
2506 b0 = gen_linktype(LLC_ISO_LSAP);
2507 b1 = gen_cmp(off_nl + 3, BPF_B, (long)v);
2508 gen_and(b0, b1);
2509 return b1;
2510
2511 case Q_ARP:
2512 bpf_error("arp does not encapsulate another protocol");
2513 /* NOTREACHED */
2514
2515 case Q_RARP:
2516 bpf_error("rarp does not encapsulate another protocol");
2517 /* NOTREACHED */
2518
2519 case Q_ATALK:
2520 bpf_error("atalk encapsulation is not specifiable");
2521 /* NOTREACHED */
2522
2523 case Q_DECNET:
2524 bpf_error("decnet encapsulation is not specifiable");
2525 /* NOTREACHED */
2526
2527 case Q_SCA:
2528 bpf_error("sca does not encapsulate another protocol");
2529 /* NOTREACHED */
2530
2531 case Q_LAT:
2532 bpf_error("lat does not encapsulate another protocol");
2533 /* NOTREACHED */
2534
2535 case Q_MOPRC:
2536 bpf_error("moprc does not encapsulate another protocol");
2537 /* NOTREACHED */
2538
2539 case Q_MOPDL:
2540 bpf_error("mopdl does not encapsulate another protocol");
2541 /* NOTREACHED */
2542
2543 case Q_LINK:
2544 return gen_linktype(v);
2545
2546 case Q_UDP:
2547 bpf_error("'udp proto' is bogus");
2548 /* NOTREACHED */
2549
2550 case Q_TCP:
2551 bpf_error("'tcp proto' is bogus");
2552 /* NOTREACHED */
2553
2554 case Q_ICMP:
2555 bpf_error("'icmp proto' is bogus");
2556 /* NOTREACHED */
2557
2558 case Q_IGMP:
2559 bpf_error("'igmp proto' is bogus");
2560 /* NOTREACHED */
2561
2562 case Q_IGRP:
2563 bpf_error("'igrp proto' is bogus");
2564 /* NOTREACHED */
2565
2566 case Q_PIM:
2567 bpf_error("'pim proto' is bogus");
2568 /* NOTREACHED */
2569
2570 #ifdef INET6
2571 case Q_IPV6:
2572 b0 = gen_linktype(ETHERTYPE_IPV6);
2573 #ifndef CHASE_CHAIN
2574 b1 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)v);
2575 #else
2576 b1 = gen_protochain(v, Q_IPV6);
2577 #endif
2578 gen_and(b0, b1);
2579 return b1;
2580
2581 case Q_ICMPV6:
2582 bpf_error("'icmp6 proto' is bogus");
2583 #endif /* INET6 */
2584
2585 case Q_AH:
2586 bpf_error("'ah proto' is bogus");
2587
2588 case Q_ESP:
2589 bpf_error("'ah proto' is bogus");
2590
2591 case Q_STP:
2592 bpf_error("'stp proto' is bogus");
2593
2594 case Q_IPX:
2595 bpf_error("'ipx proto' is bogus");
2596
2597 default:
2598 abort();
2599 /* NOTREACHED */
2600 }
2601 /* NOTREACHED */
2602 }
2603
2604 struct block *
2605 gen_scode(name, q)
2606 register const char *name;
2607 struct qual q;
2608 {
2609 int proto = q.proto;
2610 int dir = q.dir;
2611 int tproto;
2612 u_char *eaddr;
2613 bpf_u_int32 mask, addr;
2614 #ifndef INET6
2615 bpf_u_int32 **alist;
2616 #else
2617 int tproto6;
2618 struct sockaddr_in *sin;
2619 struct sockaddr_in6 *sin6;
2620 struct addrinfo *res, *res0;
2621 struct in6_addr mask128;
2622 #endif /*INET6*/
2623 struct block *b, *tmp;
2624 int port, real_proto;
2625
2626 switch (q.addr) {
2627
2628 case Q_NET:
2629 addr = pcap_nametonetaddr(name);
2630 if (addr == 0)
2631 bpf_error("unknown network '%s'", name);
2632 /* Left justify network addr and calculate its network mask */
2633 mask = 0xffffffff;
2634 while (addr && (addr & 0xff000000) == 0) {
2635 addr <<= 8;
2636 mask <<= 8;
2637 }
2638 return gen_host(addr, mask, proto, dir);
2639
2640 case Q_DEFAULT:
2641 case Q_HOST:
2642 if (proto == Q_LINK) {
2643 switch (linktype) {
2644
2645 case DLT_EN10MB:
2646 eaddr = pcap_ether_hostton(name);
2647 if (eaddr == NULL)
2648 bpf_error(
2649 "unknown ether host '%s'", name);
2650 return gen_ehostop(eaddr, dir);
2651
2652 case DLT_FDDI:
2653 eaddr = pcap_ether_hostton(name);
2654 if (eaddr == NULL)
2655 bpf_error(
2656 "unknown FDDI host '%s'", name);
2657 return gen_fhostop(eaddr, dir);
2658
2659 case DLT_IEEE802:
2660 eaddr = pcap_ether_hostton(name);
2661 if (eaddr == NULL)
2662 bpf_error(
2663 "unknown token ring host '%s'", name);
2664 return gen_thostop(eaddr, dir);
2665
2666 default:
2667 bpf_error(
2668 "only ethernet/FDDI/token ring supports link-level host name");
2669 break;
2670 }
2671 } else if (proto == Q_DECNET) {
2672 unsigned short dn_addr = __pcap_nametodnaddr(name);
2673 /*
2674 * I don't think DECNET hosts can be multihomed, so
2675 * there is no need to build up a list of addresses
2676 */
2677 return (gen_host(dn_addr, 0, proto, dir));
2678 } else {
2679 #ifndef INET6
2680 alist = pcap_nametoaddr(name);
2681 if (alist == NULL || *alist == NULL)
2682 bpf_error("unknown host '%s'", name);
2683 tproto = proto;
2684 if (off_linktype == -1 && tproto == Q_DEFAULT)
2685 tproto = Q_IP;
2686 b = gen_host(**alist++, 0xffffffff, tproto, dir);
2687 while (*alist) {
2688 tmp = gen_host(**alist++, 0xffffffff,
2689 tproto, dir);
2690 gen_or(b, tmp);
2691 b = tmp;
2692 }
2693 return b;
2694 #else
2695 memset(&mask128, 0xff, sizeof(mask128));
2696 res0 = res = pcap_nametoaddrinfo(name);
2697 if (res == NULL)
2698 bpf_error("unknown host '%s'", name);
2699 b = tmp = NULL;
2700 tproto = tproto6 = proto;
2701 if (off_linktype == -1 && tproto == Q_DEFAULT) {
2702 tproto = Q_IP;
2703 tproto6 = Q_IPV6;
2704 }
2705 for (res = res0; res; res = res->ai_next) {
2706 switch (res->ai_family) {
2707 case AF_INET:
2708 if (tproto == Q_IPV6)
2709 continue;
2710
2711 sin = (struct sockaddr_in *)
2712 res->ai_addr;
2713 tmp = gen_host(ntohl(sin->sin_addr.s_addr),
2714 0xffffffff, tproto, dir);
2715 break;
2716 case AF_INET6:
2717 if (tproto6 == Q_IP)
2718 continue;
2719
2720 sin6 = (struct sockaddr_in6 *)
2721 res->ai_addr;
2722 tmp = gen_host6(&sin6->sin6_addr,
2723 &mask128, tproto6, dir);
2724 break;
2725 }
2726 if (b)
2727 gen_or(b, tmp);
2728 b = tmp;
2729 }
2730 freeaddrinfo(res0);
2731 if (b == NULL) {
2732 bpf_error("unknown host '%s'%s", name,
2733 (proto == Q_DEFAULT)
2734 ? ""
2735 : " for specified address family");
2736 }
2737 return b;
2738 #endif /*INET6*/
2739 }
2740
2741 case Q_PORT:
2742 if (proto != Q_DEFAULT && proto != Q_UDP && proto != Q_TCP)
2743 bpf_error("illegal qualifier of 'port'");
2744 if (pcap_nametoport(name, &port, &real_proto) == 0)
2745 bpf_error("unknown port '%s'", name);
2746 if (proto == Q_UDP) {
2747 if (real_proto == IPPROTO_TCP)
2748 bpf_error("port '%s' is tcp", name);
2749 else
2750 /* override PROTO_UNDEF */
2751 real_proto = IPPROTO_UDP;
2752 }
2753 if (proto == Q_TCP) {
2754 if (real_proto == IPPROTO_UDP)
2755 bpf_error("port '%s' is udp", name);
2756 else
2757 /* override PROTO_UNDEF */
2758 real_proto = IPPROTO_TCP;
2759 }
2760 #ifndef INET6
2761 return gen_port(port, real_proto, dir);
2762 #else
2763 {
2764 struct block *b;
2765 b = gen_port(port, real_proto, dir);
2766 gen_or(gen_port6(port, real_proto, dir), b);
2767 return b;
2768 }
2769 #endif /* INET6 */
2770
2771 case Q_GATEWAY:
2772 #ifndef INET6
2773 eaddr = pcap_ether_hostton(name);
2774 if (eaddr == NULL)
2775 bpf_error("unknown ether host: %s", name);
2776
2777 alist = pcap_nametoaddr(name);
2778 if (alist == NULL || *alist == NULL)
2779 bpf_error("unknown host '%s'", name);
2780 return gen_gateway(eaddr, alist, proto, dir);
2781 #else
2782 bpf_error("'gateway' not supported in this configuration");
2783 #endif /*INET6*/
2784
2785 case Q_PROTO:
2786 real_proto = lookup_proto(name, proto);
2787 if (real_proto >= 0)
2788 return gen_proto(real_proto, proto, dir);
2789 else
2790 bpf_error("unknown protocol: %s", name);
2791
2792 case Q_PROTOCHAIN:
2793 real_proto = lookup_proto(name, proto);
2794 if (real_proto >= 0)
2795 return gen_protochain(real_proto, proto, dir);
2796 else
2797 bpf_error("unknown protocol: %s", name);
2798
2799
2800 case Q_UNDEF:
2801 syntax();
2802 /* NOTREACHED */
2803 }
2804 abort();
2805 /* NOTREACHED */
2806 }
2807
2808 struct block *
2809 gen_mcode(s1, s2, masklen, q)
2810 register const char *s1, *s2;
2811 register int masklen;
2812 struct qual q;
2813 {
2814 register int nlen, mlen;
2815 bpf_u_int32 n, m;
2816
2817 nlen = __pcap_atoin(s1, &n);
2818 /* Promote short ipaddr */
2819 n <<= 32 - nlen;
2820
2821 if (s2 != NULL) {
2822 mlen = __pcap_atoin(s2, &m);
2823 /* Promote short ipaddr */
2824 m <<= 32 - mlen;
2825 if ((n & ~m) != 0)
2826 bpf_error("non-network bits set in \"%s mask %s\"",
2827 s1, s2);
2828 } else {
2829 /* Convert mask len to mask */
2830 if (masklen > 32)
2831 bpf_error("mask length must be <= 32");
2832 m = 0xffffffff << (32 - masklen);
2833 if ((n & ~m) != 0)
2834 bpf_error("non-network bits set in \"%s/%d\"",
2835 s1, masklen);
2836 }
2837
2838 switch (q.addr) {
2839
2840 case Q_NET:
2841 return gen_host(n, m, q.proto, q.dir);
2842
2843 default:
2844 bpf_error("Mask syntax for networks only");
2845 /* NOTREACHED */
2846 }
2847 }
2848
2849 struct block *
2850 gen_ncode(s, v, q)
2851 register const char *s;
2852 bpf_u_int32 v;
2853 struct qual q;
2854 {
2855 bpf_u_int32 mask;
2856 int proto = q.proto;
2857 int dir = q.dir;
2858 register int vlen;
2859
2860 if (s == NULL)
2861 vlen = 32;
2862 else if (q.proto == Q_DECNET)
2863 vlen = __pcap_atodn(s, &v);
2864 else
2865 vlen = __pcap_atoin(s, &v);
2866
2867 switch (q.addr) {
2868
2869 case Q_DEFAULT:
2870 case Q_HOST:
2871 case Q_NET:
2872 if (proto == Q_DECNET)
2873 return gen_host(v, 0, proto, dir);
2874 else if (proto == Q_LINK) {
2875 bpf_error("illegal link layer address");
2876 } else {
2877 mask = 0xffffffff;
2878 if (s == NULL && q.addr == Q_NET) {
2879 /* Promote short net number */
2880 while (v && (v & 0xff000000) == 0) {
2881 v <<= 8;
2882 mask <<= 8;
2883 }
2884 } else {
2885 /* Promote short ipaddr */
2886 v <<= 32 - vlen;
2887 mask <<= 32 - vlen;
2888 }
2889 return gen_host(v, mask, proto, dir);
2890 }
2891
2892 case Q_PORT:
2893 if (proto == Q_UDP)
2894 proto = IPPROTO_UDP;
2895 else if (proto == Q_TCP)
2896 proto = IPPROTO_TCP;
2897 else if (proto == Q_DEFAULT)
2898 proto = PROTO_UNDEF;
2899 else
2900 bpf_error("illegal qualifier of 'port'");
2901
2902 #ifndef INET6
2903 return gen_port((int)v, proto, dir);
2904 #else
2905 {
2906 struct block *b;
2907 b = gen_port((int)v, proto, dir);
2908 gen_or(gen_port6((int)v, proto, dir), b);
2909 return b;
2910 }
2911 #endif /* INET6 */
2912
2913 case Q_GATEWAY:
2914 bpf_error("'gateway' requires a name");
2915 /* NOTREACHED */
2916
2917 case Q_PROTO:
2918 return gen_proto((int)v, proto, dir);
2919
2920 case Q_PROTOCHAIN:
2921 return gen_protochain((int)v, proto, dir);
2922
2923 case Q_UNDEF:
2924 syntax();
2925 /* NOTREACHED */
2926
2927 default:
2928 abort();
2929 /* NOTREACHED */
2930 }
2931 /* NOTREACHED */
2932 }
2933
2934 #ifdef INET6
2935 struct block *
2936 gen_mcode6(s1, s2, masklen, q)
2937 register const char *s1, *s2;
2938 register int masklen;
2939 struct qual q;
2940 {
2941 struct addrinfo *res;
2942 struct in6_addr *addr;
2943 struct in6_addr mask;
2944 struct block *b;
2945 u_int32_t *a, *m;
2946
2947 if (s2)
2948 bpf_error("no mask %s supported", s2);
2949
2950 res = pcap_nametoaddrinfo(s1);
2951 if (!res)
2952 bpf_error("invalid ip6 address %s", s1);
2953 if (res->ai_next)
2954 bpf_error("%s resolved to multiple address", s1);
2955 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr;
2956
2957 if (sizeof(mask) * 8 < masklen)
2958 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8));
2959 memset(&mask, 0xff, masklen / 8);
2960 if (masklen % 8) {
2961 mask.s6_addr[masklen / 8] =
2962 (0xff << (8 - masklen % 8)) & 0xff;
2963 }
2964
2965 a = (u_int32_t *)addr;
2966 m = (u_int32_t *)&mask;
2967 if ((a[0] & ~m[0]) || (a[1] & ~m[1])
2968 || (a[2] & ~m[2]) || (a[3] & ~m[3])) {
2969 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen);
2970 }
2971
2972 switch (q.addr) {
2973
2974 case Q_DEFAULT:
2975 case Q_HOST:
2976 if (masklen != 128)
2977 bpf_error("Mask syntax for networks only");
2978 /* FALLTHROUGH */
2979
2980 case Q_NET:
2981 b = gen_host6(addr, &mask, q.proto, q.dir);
2982 freeaddrinfo(res);
2983 return b;
2984
2985 default:
2986 bpf_error("invalid qualifier against IPv6 address");
2987 /* NOTREACHED */
2988 }
2989 }
2990 #endif /*INET6*/
2991
2992 struct block *
2993 gen_ecode(eaddr, q)
2994 register const u_char *eaddr;
2995 struct qual q;
2996 {
2997 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
2998 if (linktype == DLT_EN10MB)
2999 return gen_ehostop(eaddr, (int)q.dir);
3000 if (linktype == DLT_FDDI)
3001 return gen_fhostop(eaddr, (int)q.dir);
3002 if (linktype == DLT_IEEE802)
3003 return gen_thostop(eaddr, (int)q.dir);
3004 bpf_error("ethernet addresses supported only on ethernet, FDDI or token ring");
3005 }
3006 bpf_error("ethernet address used in non-ether expression");
3007 /* NOTREACHED */
3008 }
3009
3010 void
3011 sappend(s0, s1)
3012 struct slist *s0, *s1;
3013 {
3014 /*
3015 * This is definitely not the best way to do this, but the
3016 * lists will rarely get long.
3017 */
3018 while (s0->next)
3019 s0 = s0->next;
3020 s0->next = s1;
3021 }
3022
3023 static struct slist *
3024 xfer_to_x(a)
3025 struct arth *a;
3026 {
3027 struct slist *s;
3028
3029 s = new_stmt(BPF_LDX|BPF_MEM);
3030 s->s.k = a->regno;
3031 return s;
3032 }
3033
3034 static struct slist *
3035 xfer_to_a(a)
3036 struct arth *a;
3037 {
3038 struct slist *s;
3039
3040 s = new_stmt(BPF_LD|BPF_MEM);
3041 s->s.k = a->regno;
3042 return s;
3043 }
3044
3045 struct arth *
3046 gen_load(proto, index, size)
3047 int proto;
3048 struct arth *index;
3049 int size;
3050 {
3051 struct slist *s, *tmp;
3052 struct block *b;
3053 int regno = alloc_reg();
3054
3055 free_reg(index->regno);
3056 switch (size) {
3057
3058 default:
3059 bpf_error("data size must be 1, 2, or 4");
3060
3061 case 1:
3062 size = BPF_B;
3063 break;
3064
3065 case 2:
3066 size = BPF_H;
3067 break;
3068
3069 case 4:
3070 size = BPF_W;
3071 break;
3072 }
3073 switch (proto) {
3074 default:
3075 bpf_error("unsupported index operation");
3076
3077 case Q_LINK:
3078 s = xfer_to_x(index);
3079 tmp = new_stmt(BPF_LD|BPF_IND|size);
3080 sappend(s, tmp);
3081 sappend(index->s, s);
3082 break;
3083
3084 case Q_IP:
3085 case Q_ARP:
3086 case Q_RARP:
3087 case Q_ATALK:
3088 case Q_DECNET:
3089 case Q_SCA:
3090 case Q_LAT:
3091 case Q_MOPRC:
3092 case Q_MOPDL:
3093 #ifdef INET6
3094 case Q_IPV6:
3095 #endif
3096 /* XXX Note that we assume a fixed link header here. */
3097 s = xfer_to_x(index);
3098 tmp = new_stmt(BPF_LD|BPF_IND|size);
3099 tmp->s.k = off_nl;
3100 sappend(s, tmp);
3101 sappend(index->s, s);
3102
3103 b = gen_proto_abbrev(proto);
3104 if (index->b)
3105 gen_and(index->b, b);
3106 index->b = b;
3107 break;
3108
3109 case Q_TCP:
3110 case Q_UDP:
3111 case Q_ICMP:
3112 case Q_IGMP:
3113 case Q_IGRP:
3114 case Q_PIM:
3115 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
3116 s->s.k = off_nl;
3117 sappend(s, xfer_to_a(index));
3118 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X));
3119 sappend(s, new_stmt(BPF_MISC|BPF_TAX));
3120 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size));
3121 tmp->s.k = off_nl;
3122 sappend(index->s, s);
3123
3124 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag());
3125 if (index->b)
3126 gen_and(index->b, b);
3127 #ifdef INET6
3128 gen_and(gen_proto_abbrev(Q_IP), b);
3129 #endif
3130 index->b = b;
3131 break;
3132 #ifdef INET6
3133 case Q_ICMPV6:
3134 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]");
3135 /*NOTREACHED*/
3136 #endif
3137 }
3138 index->regno = regno;
3139 s = new_stmt(BPF_ST);
3140 s->s.k = regno;
3141 sappend(index->s, s);
3142
3143 return index;
3144 }
3145
3146 struct block *
3147 gen_relation(code, a0, a1, reversed)
3148 int code;
3149 struct arth *a0, *a1;
3150 int reversed;
3151 {
3152 struct slist *s0, *s1, *s2;
3153 struct block *b, *tmp;
3154
3155 s0 = xfer_to_x(a1);
3156 s1 = xfer_to_a(a0);
3157 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X);
3158 b = new_block(JMP(code));
3159 if (code == BPF_JGT || code == BPF_JGE) {
3160 reversed = !reversed;
3161 b->s.k = 0x80000000;
3162 }
3163 if (reversed)
3164 gen_not(b);
3165
3166 sappend(s1, s2);
3167 sappend(s0, s1);
3168 sappend(a1->s, s0);
3169 sappend(a0->s, a1->s);
3170
3171 b->stmts = a0->s;
3172
3173 free_reg(a0->regno);
3174 free_reg(a1->regno);
3175
3176 /* 'and' together protocol checks */
3177 if (a0->b) {
3178 if (a1->b) {
3179 gen_and(a0->b, tmp = a1->b);
3180 }
3181 else
3182 tmp = a0->b;
3183 } else
3184 tmp = a1->b;
3185
3186 if (tmp)
3187 gen_and(tmp, b);
3188
3189 return b;
3190 }
3191
3192 struct arth *
3193 gen_loadlen()
3194 {
3195 int regno = alloc_reg();
3196 struct arth *a = (struct arth *)newchunk(sizeof(*a));
3197 struct slist *s;
3198
3199 s = new_stmt(BPF_LD|BPF_LEN);
3200 s->next = new_stmt(BPF_ST);
3201 s->next->s.k = regno;
3202 a->s = s;
3203 a->regno = regno;
3204
3205 return a;
3206 }
3207
3208 struct arth *
3209 gen_loadi(val)
3210 int val;
3211 {
3212 struct arth *a;
3213 struct slist *s;
3214 int reg;
3215
3216 a = (struct arth *)newchunk(sizeof(*a));
3217
3218 reg = alloc_reg();
3219
3220 s = new_stmt(BPF_LD|BPF_IMM);
3221 s->s.k = val;
3222 s->next = new_stmt(BPF_ST);
3223 s->next->s.k = reg;
3224 a->s = s;
3225 a->regno = reg;
3226
3227 return a;
3228 }
3229
3230 struct arth *
3231 gen_neg(a)
3232 struct arth *a;
3233 {
3234 struct slist *s;
3235
3236 s = xfer_to_a(a);
3237 sappend(a->s, s);
3238 s = new_stmt(BPF_ALU|BPF_NEG);
3239 s->s.k = 0;
3240 sappend(a->s, s);
3241 s = new_stmt(BPF_ST);
3242 s->s.k = a->regno;
3243 sappend(a->s, s);
3244
3245 return a;
3246 }
3247
3248 struct arth *
3249 gen_arth(code, a0, a1)
3250 int code;
3251 struct arth *a0, *a1;
3252 {
3253 struct slist *s0, *s1, *s2;
3254
3255 s0 = xfer_to_x(a1);
3256 s1 = xfer_to_a(a0);
3257 s2 = new_stmt(BPF_ALU|BPF_X|code);
3258
3259 sappend(s1, s2);
3260 sappend(s0, s1);
3261 sappend(a1->s, s0);
3262 sappend(a0->s, a1->s);
3263
3264 free_reg(a1->regno);
3265
3266 s0 = new_stmt(BPF_ST);
3267 a0->regno = s0->s.k = alloc_reg();
3268 sappend(a0->s, s0);
3269
3270 return a0;
3271 }
3272
3273 /*
3274 * Here we handle simple allocation of the scratch registers.
3275 * If too many registers are alloc'd, the allocator punts.
3276 */
3277 static int regused[BPF_MEMWORDS];
3278 static int curreg;
3279
3280 /*
3281 * Return the next free register.
3282 */
3283 static int
3284 alloc_reg()
3285 {
3286 int n = BPF_MEMWORDS;
3287
3288 while (--n >= 0) {
3289 if (regused[curreg])
3290 curreg = (curreg + 1) % BPF_MEMWORDS;
3291 else {
3292 regused[curreg] = 1;
3293 return curreg;
3294 }
3295 }
3296 bpf_error("too many registers needed to evaluate expression");
3297 /* NOTREACHED */
3298 }
3299
3300 /*
3301 * Return a register to the table so it can
3302 * be used later.
3303 */
3304 static void
3305 free_reg(n)
3306 int n;
3307 {
3308 regused[n] = 0;
3309 }
3310
3311 static struct block *
3312 gen_len(jmp, n)
3313 int jmp, n;
3314 {
3315 struct slist *s;
3316 struct block *b;
3317
3318 s = new_stmt(BPF_LD|BPF_LEN);
3319 b = new_block(JMP(jmp));
3320 b->stmts = s;
3321 b->s.k = n;
3322
3323 return b;
3324 }
3325
3326 struct block *
3327 gen_greater(n)
3328 int n;
3329 {
3330 return gen_len(BPF_JGE, n);
3331 }
3332
3333 /*
3334 * Actually, this is less than or equal.
3335 */
3336 struct block *
3337 gen_less(n)
3338 int n;
3339 {
3340 struct block *b;
3341
3342 b = gen_len(BPF_JGT, n);
3343 gen_not(b);
3344
3345 return b;
3346 }
3347
3348 struct block *
3349 gen_byteop(op, idx, val)
3350 int op, idx, val;
3351 {
3352 struct block *b;
3353 struct slist *s;
3354
3355 switch (op) {
3356 default:
3357 abort();
3358
3359 case '=':
3360 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
3361
3362 case '<':
3363 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
3364 b->s.code = JMP(BPF_JGE);
3365 gen_not(b);
3366 return b;
3367
3368 case '>':
3369 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
3370 b->s.code = JMP(BPF_JGT);
3371 return b;
3372
3373 case '|':
3374 s = new_stmt(BPF_ALU|BPF_OR|BPF_K);
3375 break;
3376
3377 case '&':
3378 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
3379 break;
3380 }
3381 s->s.k = val;
3382 b = new_block(JMP(BPF_JEQ));
3383 b->stmts = s;
3384 gen_not(b);
3385
3386 return b;
3387 }
3388
3389 struct block *
3390 gen_broadcast(proto)
3391 int proto;
3392 {
3393 bpf_u_int32 hostmask;
3394 struct block *b0, *b1, *b2;
3395 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
3396
3397 switch (proto) {
3398
3399 case Q_DEFAULT:
3400 case Q_LINK:
3401 if (linktype == DLT_EN10MB)
3402 return gen_ehostop(ebroadcast, Q_DST);
3403 if (linktype == DLT_FDDI)
3404 return gen_fhostop(ebroadcast, Q_DST);
3405 if (linktype == DLT_IEEE802)
3406 return gen_thostop(ebroadcast, Q_DST);
3407 bpf_error("not a broadcast link");
3408 break;
3409
3410 case Q_IP:
3411 b0 = gen_linktype(ETHERTYPE_IP);
3412 hostmask = ~netmask;
3413 b1 = gen_mcmp(off_nl + 16, BPF_W, (bpf_int32)0, hostmask);
3414 b2 = gen_mcmp(off_nl + 16, BPF_W,
3415 (bpf_int32)(~0 & hostmask), hostmask);
3416 gen_or(b1, b2);
3417 gen_and(b0, b2);
3418 return b2;
3419 }
3420 bpf_error("only ether/ip broadcast filters supported");
3421 }
3422
3423 struct block *
3424 gen_multicast(proto)
3425 int proto;
3426 {
3427 register struct block *b0, *b1;
3428 register struct slist *s;
3429
3430 switch (proto) {
3431
3432 case Q_DEFAULT:
3433 case Q_LINK:
3434 if (linktype == DLT_EN10MB) {
3435 /* ether[0] & 1 != 0 */
3436 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
3437 s->s.k = 0;
3438 b0 = new_block(JMP(BPF_JSET));
3439 b0->s.k = 1;
3440 b0->stmts = s;
3441 return b0;
3442 }
3443
3444 if (linktype == DLT_FDDI) {
3445 /* XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX */
3446 /* fddi[1] & 1 != 0 */
3447 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
3448 s->s.k = 1;
3449 b0 = new_block(JMP(BPF_JSET));
3450 b0->s.k = 1;
3451 b0->stmts = s;
3452 return b0;
3453 }
3454
3455 /* TODO - check how token ring handles multicast */
3456 /* if (linktype == DLT_IEEE802) ... */
3457
3458 /* Link not known to support multicasts */
3459 break;
3460
3461 case Q_IP:
3462 b0 = gen_linktype(ETHERTYPE_IP);
3463 b1 = gen_cmp(off_nl + 16, BPF_B, (bpf_int32)224);
3464 b1->s.code = JMP(BPF_JGE);
3465 gen_and(b0, b1);
3466 return b1;
3467
3468 #ifdef INET6
3469 case Q_IPV6:
3470 b0 = gen_linktype(ETHERTYPE_IPV6);
3471 b1 = gen_cmp(off_nl + 24, BPF_B, (bpf_int32)255);
3472 gen_and(b0, b1);
3473 return b1;
3474 #endif /* INET6 */
3475 }
3476 bpf_error("only IP multicast filters supported on ethernet/FDDI");
3477 }
3478
3479 /*
3480 * generate command for inbound/outbound. It's here so we can
3481 * make it link-type specific. 'dir' = 0 implies "inbound",
3482 * = 1 implies "outbound".
3483 */
3484 struct block *
3485 gen_inbound(dir)
3486 int dir;
3487 {
3488 register struct block *b0;
3489
3490 /*
3491 * Only some data link types support inbound/outbound qualifiers.
3492 */
3493 switch (linktype) {
3494 case DLT_SLIP:
3495 case DLT_PPP:
3496 b0 = gen_relation(BPF_JEQ,
3497 gen_load(Q_LINK, gen_loadi(0), 1),
3498 gen_loadi(0),
3499 dir);
3500 break;
3501
3502 default:
3503 bpf_error("inbound/outbound not supported on linktype %d\n",
3504 linktype);
3505 b0 = NULL;
3506 /* NOTREACHED */
3507 }
3508 return (b0);
3509 }
3510
3511 /*
3512 * support IEEE 802.1Q VLAN trunk over ethernet
3513 */
3514 struct block *
3515 gen_vlan(vlan_num)
3516 int vlan_num;
3517 {
3518 static u_int orig_linktype = -1, orig_nl = -1;
3519 struct block *b0;
3520
3521 /*
3522 * Change the offsets to point to the type and data fields within
3523 * the VLAN packet. This is somewhat of a kludge.
3524 */
3525 if (orig_nl == (u_int)-1) {
3526 orig_linktype = off_linktype; /* save original values */
3527 orig_nl = off_nl;
3528
3529 switch (linktype) {
3530
3531 case DLT_EN10MB:
3532 off_linktype = 16;
3533 off_nl = 18;
3534 break;
3535
3536 default:
3537 bpf_error("no VLAN support for data link type %d",
3538 linktype);
3539 /*NOTREACHED*/
3540 }
3541 }
3542
3543 /* check for VLAN */
3544 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q);
3545
3546 /* If a specific VLAN is requested, check VLAN id */
3547 if (vlan_num >= 0) {
3548 struct block *b1;
3549
3550 b1 = gen_cmp(orig_nl, BPF_H, (bpf_int32)vlan_num);
3551 gen_and(b0, b1);
3552 b0 = b1;
3553 }
3554
3555 return (b0);
3556 }
[mirror] the LIBpcap interface to various kernel packet capture mechanism