]> The Tcpdump Group git mirrors - libpcap/blob - gencode.c
projects / libpcap / blob


e85f6cfd07e056796ce9816c632055fc9ccbb9e9
[libpcap] / gencode.c
1 /*#define CHASE_CHAIN*/
2 /*
3 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998
4 * The Regents of the University of California. All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that: (1) source code distributions
8 * retain the above copyright notice and this paragraph in its entirety, (2)
9 * distributions including binary code include the above copyright notice and
10 * this paragraph in its entirety in the documentation or other materials
11 * provided with the distribution, and (3) all advertising materials mentioning
12 * features or use of this software display the following acknowledgement:
13 * ``This product includes software developed by the University of California,
14 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
15 * the University nor the names of its contributors may be used to endorse
16 * or promote products derived from this software without specific prior
17 * written permission.
18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
19 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
20 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
21 */
22 #ifndef lint
23 static const char rcsid[] =
24 "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.152 2001-05-10 14:48:01 fenner Exp $ (LBL)";
25 #endif
26
27 #ifdef HAVE_CONFIG_H
28 #include "config.h"
29 #endif
30
31 #include <sys/types.h>
32 #include <sys/socket.h>
33 #include <sys/time.h>
34 #ifdef __NetBSD__
35 #include <sys/param.h>
36 #endif
37
38 struct mbuf;
39 struct rtentry;
40 #include <net/if.h>
41
42 #include <netinet/in.h>
43
44 #include <stdlib.h>
45 #include <string.h>
46 #include <memory.h>
47 #include <setjmp.h>
48 #include <stdarg.h>
49
50 #include "pcap-int.h"
51
52 #include "ethertype.h"
53 #include "nlpid.h"
54 #include "llc.h"
55 #include "gencode.h"
56 #include "ppp.h"
57 #include "sll.h"
58 #include "arcnet.h"
59 #include <pcap-namedb.h>
60 #ifdef INET6
61 #include <netdb.h>
62 #include <sys/socket.h>
63 #endif /*INET6*/
64
65 #define ETHERMTU 1500
66
67 #ifndef IPPROTO_SCTP
68 #define IPPROTO_SCTP 132
69 #endif
70
71 #ifdef HAVE_OS_PROTO_H
72 #include "os-proto.h"
73 #endif
74
75 #define JMP(c) ((c)|BPF_JMP|BPF_K)
76
77 /* Locals */
78 static jmp_buf top_ctx;
79 static pcap_t *bpf_pcap;
80
81 /* XXX */
82 #ifdef PCAP_FDDIPAD
83 int pcap_fddipad = PCAP_FDDIPAD;
84 #else
85 int pcap_fddipad;
86 #endif
87
88 /* VARARGS */
89 void
90 bpf_error(const char *fmt, ...)
91
92 {
93 va_list ap;
94
95 va_start(ap, fmt);
96 if (bpf_pcap != NULL)
97 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE,
98 fmt, ap);
99 va_end(ap);
100 longjmp(top_ctx, 1);
101 /* NOTREACHED */
102 }
103
104 static void init_linktype(int);
105
106 static int alloc_reg(void);
107 static void free_reg(int);
108
109 static struct block *root;
110
111 /*
112 * We divy out chunks of memory rather than call malloc each time so
113 * we don't have to worry about leaking memory. It's probably
114 * not a big deal if all this memory was wasted but it this ever
115 * goes into a library that would probably not be a good idea.
116 */
117 #define NCHUNKS 16
118 #define CHUNK0SIZE 1024
119 struct chunk {
120 u_int n_left;
121 void *m;
122 };
123
124 static struct chunk chunks[NCHUNKS];
125 static int cur_chunk;
126
127 static void *newchunk(u_int);
128 static void freechunks(void);
129 static inline struct block *new_block(int);
130 static inline struct slist *new_stmt(int);
131 static struct block *gen_retblk(int);
132 static inline void syntax(void);
133
134 static void backpatch(struct block *, struct block *);
135 static void merge(struct block *, struct block *);
136 static struct block *gen_cmp(u_int, u_int, bpf_int32);
137 static struct block *gen_cmp_gt(u_int, u_int, bpf_int32);
138 static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32);
139 static struct block *gen_bcmp(u_int, u_int, const u_char *);
140 static struct block *gen_uncond(int);
141 static inline struct block *gen_true(void);
142 static inline struct block *gen_false(void);
143 static struct block *gen_linktype(int);
144 static struct block *gen_snap(bpf_u_int32, bpf_u_int32, u_int);
145 static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int);
146 #ifdef INET6
147 static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int);
148 #endif
149 static struct block *gen_ahostop(const u_char *, int);
150 static struct block *gen_ehostop(const u_char *, int);
151 static struct block *gen_fhostop(const u_char *, int);
152 static struct block *gen_thostop(const u_char *, int);
153 static struct block *gen_dnhostop(bpf_u_int32, int, u_int);
154 static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int);
155 #ifdef INET6
156 static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int);
157 #endif
158 #ifndef INET6
159 static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int);
160 #endif
161 static struct block *gen_ipfrag(void);
162 static struct block *gen_portatom(int, bpf_int32);
163 #ifdef INET6
164 static struct block *gen_portatom6(int, bpf_int32);
165 #endif
166 struct block *gen_portop(int, int, int);
167 static struct block *gen_port(int, int, int);
168 #ifdef INET6
169 struct block *gen_portop6(int, int, int);
170 static struct block *gen_port6(int, int, int);
171 #endif
172 static int lookup_proto(const char *, int);
173 static struct block *gen_protochain(int, int, int);
174 static struct block *gen_proto(int, int, int);
175 static struct slist *xfer_to_x(struct arth *);
176 static struct slist *xfer_to_a(struct arth *);
177 static struct block *gen_len(int, int);
178
179 static void *
180 newchunk(n)
181 u_int n;
182 {
183 struct chunk *cp;
184 int k, size;
185
186 #ifndef __NetBSD__
187 /* XXX Round up to nearest long. */
188 n = (n + sizeof(long) - 1) & ~(sizeof(long) - 1);
189 #else
190 /* XXX Round up to structure boundary. */
191 n = ALIGN(n);
192 #endif
193
194 cp = &chunks[cur_chunk];
195 if (n > cp->n_left) {
196 ++cp, k = ++cur_chunk;
197 if (k >= NCHUNKS)
198 bpf_error("out of memory");
199 size = CHUNK0SIZE << k;
200 cp->m = (void *)malloc(size);
201 memset((char *)cp->m, 0, size);
202 cp->n_left = size;
203 if (n > size)
204 bpf_error("out of memory");
205 }
206 cp->n_left -= n;
207 return (void *)((char *)cp->m + cp->n_left);
208 }
209
210 static void
211 freechunks()
212 {
213 int i;
214
215 cur_chunk = 0;
216 for (i = 0; i < NCHUNKS; ++i)
217 if (chunks[i].m != NULL) {
218 free(chunks[i].m);
219 chunks[i].m = NULL;
220 }
221 }
222
223 /*
224 * A strdup whose allocations are freed after code generation is over.
225 */
226 char *
227 sdup(s)
228 register const char *s;
229 {
230 int n = strlen(s) + 1;
231 char *cp = newchunk(n);
232
233 strlcpy(cp, s, n);
234 return (cp);
235 }
236
237 static inline struct block *
238 new_block(code)
239 int code;
240 {
241 struct block *p;
242
243 p = (struct block *)newchunk(sizeof(*p));
244 p->s.code = code;
245 p->head = p;
246
247 return p;
248 }
249
250 static inline struct slist *
251 new_stmt(code)
252 int code;
253 {
254 struct slist *p;
255
256 p = (struct slist *)newchunk(sizeof(*p));
257 p->s.code = code;
258
259 return p;
260 }
261
262 static struct block *
263 gen_retblk(v)
264 int v;
265 {
266 struct block *b = new_block(BPF_RET|BPF_K);
267
268 b->s.k = v;
269 return b;
270 }
271
272 static inline void
273 syntax()
274 {
275 bpf_error("syntax error in filter expression");
276 }
277
278 static bpf_u_int32 netmask;
279 static int snaplen;
280 int no_optimize;
281
282 int
283 pcap_compile(pcap_t *p, struct bpf_program *program,
284 char *buf, int optimize, bpf_u_int32 mask)
285 {
286 extern int n_errors;
287 int len;
288
289 no_optimize = 0;
290 n_errors = 0;
291 root = NULL;
292 bpf_pcap = p;
293 if (setjmp(top_ctx)) {
294 lex_cleanup();
295 freechunks();
296 return (-1);
297 }
298
299 netmask = mask;
300
301 snaplen = pcap_snapshot(p);
302 if (snaplen == 0) {
303 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
304 "snaplen of 0 rejects all packets");
305 return -1;
306 }
307
308 lex_init(buf ? buf : "");
309 init_linktype(pcap_datalink(p));
310 (void)pcap_parse();
311
312 if (n_errors)
313 syntax();
314
315 if (root == NULL)
316 root = gen_retblk(snaplen);
317
318 if (optimize && !no_optimize) {
319 bpf_optimize(&root);
320 if (root == NULL ||
321 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0))
322 bpf_error("expression rejects all packets");
323 }
324 program->bf_insns = icode_to_fcode(root, &len);
325 program->bf_len = len;
326
327 lex_cleanup();
328 freechunks();
329 return (0);
330 }
331
332 /*
333 * entry point for using the compiler with no pcap open
334 * pass in all the stuff that is needed explicitly instead.
335 */
336 int
337 pcap_compile_nopcap(int snaplen_arg, int linktype_arg,
338 struct bpf_program *program,
339 char *buf, int optimize, bpf_u_int32 mask)
340 {
341 pcap_t *p;
342 int ret;
343
344 p = pcap_open_dead(linktype_arg, snaplen_arg);
345 if (p == NULL)
346 return (-1);
347 ret = pcap_compile(p, program, buf, optimize, mask);
348 pcap_close(p);
349 return (ret);
350 }
351
352 /*
353 * Clean up a "struct bpf_program" by freeing all the memory allocated
354 * in it.
355 */
356 void
357 pcap_freecode(struct bpf_program *program)
358 {
359 program->bf_len = 0;
360 if (program->bf_insns != NULL) {
361 free((char *)program->bf_insns);
362 program->bf_insns = NULL;
363 }
364 }
365
366 /*
367 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates
368 * which of the jt and jf fields has been resolved and which is a pointer
369 * back to another unresolved block (or nil). At least one of the fields
370 * in each block is already resolved.
371 */
372 static void
373 backpatch(list, target)
374 struct block *list, *target;
375 {
376 struct block *next;
377
378 while (list) {
379 if (!list->sense) {
380 next = JT(list);
381 JT(list) = target;
382 } else {
383 next = JF(list);
384 JF(list) = target;
385 }
386 list = next;
387 }
388 }
389
390 /*
391 * Merge the lists in b0 and b1, using the 'sense' field to indicate
392 * which of jt and jf is the link.
393 */
394 static void
395 merge(b0, b1)
396 struct block *b0, *b1;
397 {
398 register struct block **p = &b0;
399
400 /* Find end of list. */
401 while (*p)
402 p = !((*p)->sense) ? &JT(*p) : &JF(*p);
403
404 /* Concatenate the lists. */
405 *p = b1;
406 }
407
408 void
409 finish_parse(p)
410 struct block *p;
411 {
412 backpatch(p, gen_retblk(snaplen));
413 p->sense = !p->sense;
414 backpatch(p, gen_retblk(0));
415 root = p->head;
416 }
417
418 void
419 gen_and(b0, b1)
420 struct block *b0, *b1;
421 {
422 backpatch(b0, b1->head);
423 b0->sense = !b0->sense;
424 b1->sense = !b1->sense;
425 merge(b1, b0);
426 b1->sense = !b1->sense;
427 b1->head = b0->head;
428 }
429
430 void
431 gen_or(b0, b1)
432 struct block *b0, *b1;
433 {
434 b0->sense = !b0->sense;
435 backpatch(b0, b1->head);
436 b0->sense = !b0->sense;
437 merge(b1, b0);
438 b1->head = b0->head;
439 }
440
441 void
442 gen_not(b)
443 struct block *b;
444 {
445 b->sense = !b->sense;
446 }
447
448 static struct block *
449 gen_cmp(offset, size, v)
450 u_int offset, size;
451 bpf_int32 v;
452 {
453 struct slist *s;
454 struct block *b;
455
456 s = new_stmt(BPF_LD|BPF_ABS|size);
457 s->s.k = offset;
458
459 b = new_block(JMP(BPF_JEQ));
460 b->stmts = s;
461 b->s.k = v;
462
463 return b;
464 }
465
466 static struct block *
467 gen_cmp_gt(offset, size, v)
468 u_int offset, size;
469 bpf_int32 v;
470 {
471 struct slist *s;
472 struct block *b;
473
474 s = new_stmt(BPF_LD|BPF_ABS|size);
475 s->s.k = offset;
476
477 b = new_block(JMP(BPF_JGT));
478 b->stmts = s;
479 b->s.k = v;
480
481 return b;
482 }
483
484 static struct block *
485 gen_mcmp(offset, size, v, mask)
486 u_int offset, size;
487 bpf_int32 v;
488 bpf_u_int32 mask;
489 {
490 struct block *b = gen_cmp(offset, size, v);
491 struct slist *s;
492
493 if (mask != 0xffffffff) {
494 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
495 s->s.k = mask;
496 b->stmts->next = s;
497 }
498 return b;
499 }
500
501 static struct block *
502 gen_bcmp(offset, size, v)
503 register u_int offset, size;
504 register const u_char *v;
505 {
506 register struct block *b, *tmp;
507
508 b = NULL;
509 while (size >= 4) {
510 register const u_char *p = &v[size - 4];
511 bpf_int32 w = ((bpf_int32)p[0] << 24) |
512 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3];
513
514 tmp = gen_cmp(offset + size - 4, BPF_W, w);
515 if (b != NULL)
516 gen_and(b, tmp);
517 b = tmp;
518 size -= 4;
519 }
520 while (size >= 2) {
521 register const u_char *p = &v[size - 2];
522 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1];
523
524 tmp = gen_cmp(offset + size - 2, BPF_H, w);
525 if (b != NULL)
526 gen_and(b, tmp);
527 b = tmp;
528 size -= 2;
529 }
530 if (size > 0) {
531 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]);
532 if (b != NULL)
533 gen_and(b, tmp);
534 b = tmp;
535 }
536 return b;
537 }
538
539 /*
540 * Various code constructs need to know the layout of the data link
541 * layer. These variables give the necessary offsets. off_linktype
542 * is set to -1 for no encapsulation, in which case, IP is assumed.
543 */
544 static u_int off_linktype;
545 static u_int off_nl;
546 static int linktype;
547
548 static void
549 init_linktype(type)
550 int type;
551 {
552 linktype = type;
553
554 switch (type) {
555
556 case DLT_ARCNET:
557 off_linktype = 2;
558 off_nl = 6; /* XXX in reality, variable! */
559 return;
560
561 case DLT_EN10MB:
562 off_linktype = 12;
563 off_nl = 14;
564 return;
565
566 case DLT_SLIP:
567 /*
568 * SLIP doesn't have a link level type. The 16 byte
569 * header is hacked into our SLIP driver.
570 */
571 off_linktype = -1;
572 off_nl = 16;
573 return;
574
575 case DLT_SLIP_BSDOS:
576 /* XXX this may be the same as the DLT_PPP_BSDOS case */
577 off_linktype = -1;
578 /* XXX end */
579 off_nl = 24;
580 return;
581
582 case DLT_NULL:
583 case DLT_LOOP:
584 off_linktype = 0;
585 off_nl = 4;
586 return;
587
588 case DLT_PPP:
589 case DLT_C_HDLC: /* BSD/OS Cisco HDLC */
590 case DLT_PPP_SERIAL: /* NetBSD sync/async serial PPP */
591 off_linktype = 2;
592 off_nl = 4;
593 return;
594
595 case DLT_PPP_ETHER: /* NetBSD PPP over Ethernet */
596 /*
597 * This includes the Ethernet header (since we need
598 * the ethertype to dispatch Session vs. Discovery)
599 * and the PPPoE (RFC 2516) header.
600 */
601 off_linktype = 20;
602 off_nl = 22;
603 return;
604
605 case DLT_PPP_BSDOS:
606 off_linktype = 5;
607 off_nl = 24;
608 return;
609
610 case DLT_FDDI:
611 /*
612 * FDDI doesn't really have a link-level type field.
613 * We set "off_linktype" to the offset of the LLC header.
614 *
615 * To check for Ethernet types, we assume that SSAP = SNAP
616 * is being used and pick out the encapsulated Ethernet type.
617 * XXX - should we generate code to check for SNAP?
618 */
619 off_linktype = 13;
620 #ifdef PCAP_FDDIPAD
621 off_linktype += pcap_fddipad;
622 #endif
623 off_nl = 21;
624 #ifdef PCAP_FDDIPAD
625 off_nl += pcap_fddipad;
626 #endif
627 return;
628
629 case DLT_IEEE802:
630 /*
631 * Token Ring doesn't really have a link-level type field.
632 * We set "off_linktype" to the offset of the LLC header.
633 *
634 * To check for Ethernet types, we assume that SSAP = SNAP
635 * is being used and pick out the encapsulated Ethernet type.
636 * XXX - should we generate code to check for SNAP?
637 *
638 * XXX - the header is actually variable-length.
639 * Some various Linux patched versions gave 38
640 * as "off_linktype" and 40 as "off_nl"; however,
641 * if a token ring packet has *no* routing
642 * information, i.e. is not source-routed, the correct
643 * values are 20 and 22, as they are in the vanilla code.
644 *
645 * A packet is source-routed iff the uppermost bit
646 * of the first byte of the source address, at an
647 * offset of 8, has the uppermost bit set. If the
648 * packet is source-routed, the total number of bytes
649 * of routing information is 2 plus bits 0x1F00 of
650 * the 16-bit value at an offset of 14 (shifted right
651 * 8 - figure out which byte that is).
652 */
653 off_linktype = 14;
654 off_nl = 22;
655 return;
656
657 case DLT_ATM_RFC1483:
658 /*
659 * assume routed, non-ISO PDUs
660 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00)
661 */
662 off_linktype = 6;
663 off_nl = 8;
664 return;
665
666 case DLT_RAW:
667 off_linktype = -1;
668 off_nl = 0;
669 return;
670
671 case DLT_ATM_CLIP: /* Linux ATM defines this */
672 off_linktype = 6;
673 off_nl = 8;
674 return;
675
676 case DLT_LINUX_SLL: /* fake header for Linux cooked socket */
677 off_linktype = 14;
678 off_nl = 16;
679 return;
680 }
681 bpf_error("unknown data link type %d", linktype);
682 /* NOTREACHED */
683 }
684
685 static struct block *
686 gen_uncond(rsense)
687 int rsense;
688 {
689 struct block *b;
690 struct slist *s;
691
692 s = new_stmt(BPF_LD|BPF_IMM);
693 s->s.k = !rsense;
694 b = new_block(JMP(BPF_JEQ));
695 b->stmts = s;
696
697 return b;
698 }
699
700 static inline struct block *
701 gen_true()
702 {
703 return gen_uncond(1);
704 }
705
706 static inline struct block *
707 gen_false()
708 {
709 return gen_uncond(0);
710 }
711
712 /*
713 * Byte-swap a 32-bit number.
714 * ("htonl()" or "ntohl()" won't work - we want to byte-swap even on
715 * big-endian platforms.)
716 */
717 #define SWAPLONG(y) \
718 ((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff))
719
720 static struct block *
721 gen_linktype(proto)
722 register int proto;
723 {
724 struct block *b0, *b1;
725
726 switch (linktype) {
727
728 case DLT_EN10MB:
729 switch (proto) {
730
731 case LLCSAP_ISONS:
732 /*
733 * OSI protocols always use 802.2 encapsulation.
734 * XXX - should we check both the DSAP and the
735 * SSAP, like this, or should we check just the
736 * DSAP?
737 */
738 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
739 gen_not(b0);
740 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
741 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
742 gen_and(b0, b1);
743 return b1;
744
745 case LLCSAP_NETBEUI:
746 /*
747 * NetBEUI always uses 802.2 encapsulation.
748 * XXX - should we check both the DSAP and the
749 * SSAP, like this, or should we check just the
750 * DSAP?
751 */
752 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
753 gen_not(b0);
754 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
755 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
756 gen_and(b0, b1);
757 return b1;
758
759 case LLCSAP_IPX:
760 /*
761 * Check for;
762 *
763 * Ethernet_II frames, which are Ethernet
764 * frames with a frame type of ETHERTYPE_IPX;
765 *
766 * Ethernet_802.3 frames, which are 802.3
767 * frames (i.e., the type/length field is
768 * a length field, <= ETHERMTU, rather than
769 * a type field) with the first two bytes
770 * after the Ethernet/802.3 header being
771 * 0xFFFF;
772 *
773 * Ethernet_802.2 frames, which are 802.3
774 * frames with an 802.2 LLC header and
775 * with the IPX LSAP as the DSAP in the LLC
776 * header;
777 *
778 * Ethernet_SNAP frames, which are 802.3
779 * frames with an LLC header and a SNAP
780 * header and with an OUI of 0x000000
781 * (encapsulated Ethernet) and a protocol
782 * ID of ETHERTYPE_IPX in the SNAP header.
783 *
784 * XXX - should we generate the same code both
785 * for tests for LLCSAP_IPX and for ETHERTYPE_IPX?
786 */
787
788 /*
789 * This generates code to check both for the
790 * IPX LSAP (Ethernet_802.2) and for Ethernet_802.3.
791 */
792 b0 = gen_cmp(off_linktype + 2, BPF_B,
793 (bpf_int32)LLCSAP_IPX);
794 b1 = gen_cmp(off_linktype + 2, BPF_H,
795 (bpf_int32)0xFFFF);
796 gen_or(b0, b1);
797
798 /*
799 * Now we add code to check for SNAP frames with
800 * ETHERTYPE_IPX, i.e. Ethernet_SNAP.
801 */
802 b0 = gen_snap(0x000000, ETHERTYPE_IPX, 14);
803 gen_or(b0, b1);
804
805 /*
806 * Now we generate code to check for 802.3
807 * frames in general.
808 */
809 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
810 gen_not(b0);
811
812 /*
813 * Now add the check for 802.3 frames before the
814 * check for Ethernet_802.2 and Ethernet_802.3,
815 * as those checks should only be done on 802.3
816 * frames, not on Ethernet frames.
817 */
818 gen_and(b0, b1);
819
820 /*
821 * Now add the check for Ethernet_II frames, and
822 * do that before checking for the other frame
823 * types.
824 */
825 b0 = gen_cmp(off_linktype, BPF_H,
826 (bpf_int32)ETHERTYPE_IPX);
827 gen_or(b0, b1);
828 return b1;
829
830 case ETHERTYPE_ATALK:
831 case ETHERTYPE_AARP:
832 /*
833 * EtherTalk (AppleTalk protocols on Ethernet link
834 * layer) may use 802.2 encapsulation.
835 */
836
837 /*
838 * Check for 802.2 encapsulation (EtherTalk phase 2?);
839 * we check for an Ethernet type field less than
840 * 1500, which means it's an 802.3 length field.
841 */
842 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
843 gen_not(b0);
844
845 /*
846 * 802.2-encapsulated ETHERTYPE_ATALK packets are
847 * SNAP packets with an organization code of
848 * 0x080007 (Apple, for Appletalk) and a protocol
849 * type of ETHERTYPE_ATALK (Appletalk).
850 *
851 * 802.2-encapsulated ETHERTYPE_AARP packets are
852 * SNAP packets with an organization code of
853 * 0x000000 (encapsulated Ethernet) and a protocol
854 * type of ETHERTYPE_AARP (Appletalk ARP).
855 */
856 if (proto == ETHERTYPE_ATALK)
857 b1 = gen_snap(0x080007, ETHERTYPE_ATALK, 14);
858 else /* proto == ETHERTYPE_AARP */
859 b1 = gen_snap(0x000000, ETHERTYPE_AARP, 14);
860 gen_and(b0, b1);
861
862 /*
863 * Check for Ethernet encapsulation (Ethertalk
864 * phase 1?); we just check for the Ethernet
865 * protocol type.
866 */
867 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
868
869 gen_or(b0, b1);
870 return b1;
871
872 default:
873 if (proto <= ETHERMTU) {
874 /*
875 * This is an LLC SAP value, so the frames
876 * that match would be 802.2 frames.
877 * Check that the frame is an 802.2 frame
878 * (i.e., that the length/type field is
879 * a length field, <= ETHERMTU) and
880 * then check the DSAP.
881 */
882 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
883 gen_not(b0);
884 b1 = gen_cmp(off_linktype + 2, BPF_B,
885 (bpf_int32)proto);
886 gen_and(b0, b1);
887 return b1;
888 } else {
889 /*
890 * This is an Ethernet type, so compare
891 * the length/type field with it (if
892 * the frame is an 802.2 frame, the length
893 * field will be <= ETHERMTU, and, as
894 * "proto" is > ETHERMTU, this test
895 * will fail and the frame won't match,
896 * which is what we want).
897 */
898 return gen_cmp(off_linktype, BPF_H,
899 (bpf_int32)proto);
900 }
901 }
902 break;
903
904 case DLT_FDDI:
905 case DLT_IEEE802:
906 case DLT_ATM_RFC1483:
907 case DLT_ATM_CLIP:
908 /*
909 * XXX - handle token-ring variable-length header.
910 */
911 switch (proto) {
912
913 case LLCSAP_ISONS:
914 return gen_cmp(off_linktype, BPF_H, (long)
915 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
916
917 case LLCSAP_NETBEUI:
918 return gen_cmp(off_linktype, BPF_H, (long)
919 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
920
921 case LLCSAP_IPX:
922 /*
923 * XXX - are there ever SNAP frames for IPX on
924 * non-Ethernet 802.x networks?
925 */
926 return gen_cmp(off_linktype, BPF_B,
927 (bpf_int32)LLCSAP_IPX);
928
929 case ETHERTYPE_ATALK:
930 /*
931 * 802.2-encapsulated ETHERTYPE_ATALK packets are
932 * SNAP packets with an organization code of
933 * 0x080007 (Apple, for Appletalk) and a protocol
934 * type of ETHERTYPE_ATALK (Appletalk).
935 *
936 * XXX - check for an organization code of
937 * encapsulated Ethernet as well?
938 */
939 return gen_snap(0x080007, ETHERTYPE_ATALK,
940 off_linktype);
941 break;
942
943 default:
944 /*
945 * XXX - we don't have to check for IPX 802.3
946 * here, but should we check for the IPX Ethertype?
947 */
948 if (proto <= ETHERMTU) {
949 /*
950 * This is an LLC SAP value, so check
951 * the DSAP.
952 */
953 return gen_cmp(off_linktype, BPF_B,
954 (bpf_int32)proto);
955 } else {
956 /*
957 * This is an Ethernet type; we assume
958 * that it's unlikely that it'll
959 * appear in the right place at random,
960 * and therefore check only the
961 * location that would hold the Ethernet
962 * type in a SNAP frame with an organization
963 * code of 0x000000 (encapsulated Ethernet).
964 *
965 * XXX - if we were to check for the SNAP DSAP
966 * and LSAP, as per XXX, and were also to check
967 * for an organization code of 0x000000
968 * (encapsulated Ethernet), we'd do
969 *
970 * return gen_snap(0x000000, proto,
971 * off_linktype);
972 *
973 * here; for now, we don't, as per the above.
974 * I don't know whether it's worth the
975 * extra CPU time to do the right check
976 * or not.
977 */
978 return gen_cmp(off_linktype+6, BPF_H,
979 (bpf_int32)proto);
980 }
981 }
982 break;
983
984 case DLT_LINUX_SLL:
985 switch (proto) {
986
987 case LLCSAP_ISONS:
988 /*
989 * OSI protocols always use 802.2 encapsulation.
990 * XXX - should we check both the DSAP and the
991 * LSAP, like this, or should we check just the
992 * DSAP?
993 */
994 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
995 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
996 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
997 gen_and(b0, b1);
998 return b1;
999
1000 case LLCSAP_NETBEUI:
1001 /*
1002 * NetBEUI always uses 802.2 encapsulation.
1003 * XXX - should we check both the DSAP and the
1004 * LSAP, like this, or should we check just the
1005 * DSAP?
1006 */
1007 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1008 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1009 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
1010 gen_and(b0, b1);
1011 return b1;
1012
1013 case LLCSAP_IPX:
1014 /*
1015 * Ethernet_II frames, which are Ethernet
1016 * frames with a frame type of ETHERTYPE_IPX;
1017 *
1018 * Ethernet_802.3 frames, which have a frame
1019 * type of LINUX_SLL_P_802_3;
1020 *
1021 * Ethernet_802.2 frames, which are 802.3
1022 * frames with an 802.2 LLC header (i.e, have
1023 * a frame type of LINUX_SLL_P_802_2) and
1024 * with the IPX LSAP as the DSAP in the LLC
1025 * header;
1026 *
1027 * Ethernet_SNAP frames, which are 802.3
1028 * frames with an LLC header and a SNAP
1029 * header and with an OUI of 0x000000
1030 * (encapsulated Ethernet) and a protocol
1031 * ID of ETHERTYPE_IPX in the SNAP header.
1032 *
1033 * First, do the checks on LINUX_SLL_P_802_2
1034 * frames; generate the check for either
1035 * Ethernet_802.2 or Ethernet_SNAP frames, and
1036 * then put a check for LINUX_SLL_P_802_2 frames
1037 * before it.
1038 */
1039 b0 = gen_cmp(off_linktype + 2, BPF_B,
1040 (bpf_int32)LLCSAP_IPX);
1041 b1 = gen_snap(0x000000, ETHERTYPE_IPX,
1042 off_linktype + 2);
1043 gen_or(b0, b1);
1044 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1045 gen_and(b0, b1);
1046
1047 /*
1048 * Now check for 802.3 frames and OR that with
1049 * the previous test.
1050 */
1051 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_3);
1052 gen_or(b0, b1);
1053
1054 /*
1055 * Now add the check for Ethernet_II frames, and
1056 * do that before checking for the other frame
1057 * types.
1058 */
1059 b0 = gen_cmp(off_linktype, BPF_H,
1060 (bpf_int32)ETHERTYPE_IPX);
1061 gen_or(b0, b1);
1062 return b1;
1063
1064 case ETHERTYPE_ATALK:
1065 case ETHERTYPE_AARP:
1066 /*
1067 * EtherTalk (AppleTalk protocols on Ethernet link
1068 * layer) may use 802.2 encapsulation.
1069 */
1070
1071 /*
1072 * Check for 802.2 encapsulation (EtherTalk phase 2?);
1073 * we check for the 802.2 protocol type in the
1074 * "Ethernet type" field.
1075 */
1076 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1077
1078 /*
1079 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1080 * SNAP packets with an organization code of
1081 * 0x080007 (Apple, for Appletalk) and a protocol
1082 * type of ETHERTYPE_ATALK (Appletalk).
1083 *
1084 * 802.2-encapsulated ETHERTYPE_AARP packets are
1085 * SNAP packets with an organization code of
1086 * 0x000000 (encapsulated Ethernet) and a protocol
1087 * type of ETHERTYPE_AARP (Appletalk ARP).
1088 */
1089 if (proto == ETHERTYPE_ATALK)
1090 b1 = gen_snap(0x080007, ETHERTYPE_ATALK,
1091 off_linktype + 2);
1092 else /* proto == ETHERTYPE_AARP */
1093 b1 = gen_snap(0x000000, ETHERTYPE_AARP,
1094 off_linktype + 2);
1095 gen_and(b0, b1);
1096
1097 /*
1098 * Check for Ethernet encapsulation (Ethertalk
1099 * phase 1?); we just check for the Ethernet
1100 * protocol type.
1101 */
1102 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1103
1104 gen_or(b0, b1);
1105 return b1;
1106
1107 default:
1108 if (proto <= ETHERMTU) {
1109 /*
1110 * This is an LLC SAP value, so the frames
1111 * that match would be 802.2 frames.
1112 * Check for the 802.2 protocol type
1113 * in the "Ethernet type" field, and
1114 * then check the DSAP.
1115 */
1116 b0 = gen_cmp(off_linktype, BPF_H,
1117 LINUX_SLL_P_802_2);
1118 b1 = gen_cmp(off_linktype + 2, BPF_B,
1119 (bpf_int32)proto);
1120 gen_and(b0, b1);
1121 return b1;
1122 } else {
1123 /*
1124 * This is an Ethernet type, so compare
1125 * the length/type field with it (if
1126 * the frame is an 802.2 frame, the length
1127 * field will be <= ETHERMTU, and, as
1128 * "proto" is > ETHERMTU, this test
1129 * will fail and the frame won't match,
1130 * which is what we want).
1131 */
1132 return gen_cmp(off_linktype, BPF_H,
1133 (bpf_int32)proto);
1134 }
1135 }
1136 break;
1137
1138 case DLT_SLIP:
1139 case DLT_SLIP_BSDOS:
1140 case DLT_RAW:
1141 /*
1142 * These types don't provide any type field; packets
1143 * are always IP.
1144 *
1145 * XXX - for IPv4, check for a version number of 4, and,
1146 * for IPv6, check for a version number of 6?
1147 */
1148 switch (proto) {
1149
1150 case ETHERTYPE_IP:
1151 #ifdef INET6
1152 case ETHERTYPE_IPV6:
1153 #endif
1154 return gen_true(); /* always true */
1155
1156 default:
1157 return gen_false(); /* always false */
1158 }
1159 break;
1160
1161 case DLT_PPP:
1162 case DLT_PPP_SERIAL:
1163 /*
1164 * We use Ethernet protocol types inside libpcap;
1165 * map them to the corresponding PPP protocol types.
1166 */
1167 switch (proto) {
1168
1169 case ETHERTYPE_IP:
1170 proto = PPP_IP; /* XXX was 0x21 */
1171 break;
1172
1173 #ifdef INET6
1174 case ETHERTYPE_IPV6:
1175 proto = PPP_IPV6;
1176 break;
1177 #endif
1178
1179 case ETHERTYPE_DN:
1180 proto = PPP_DECNET;
1181 break;
1182
1183 case ETHERTYPE_ATALK:
1184 proto = PPP_APPLE;
1185 break;
1186
1187 case ETHERTYPE_NS:
1188 proto = PPP_NS;
1189 break;
1190
1191 case LLCSAP_ISONS:
1192 proto = PPP_OSI;
1193 break;
1194
1195 case LLCSAP_8021D:
1196 /*
1197 * I'm assuming the "Bridging PDU"s that go
1198 * over PPP are Spanning Tree Protocol
1199 * Bridging PDUs.
1200 */
1201 proto = PPP_BRPDU;
1202 break;
1203
1204 case LLCSAP_IPX:
1205 proto = PPP_IPX;
1206 break;
1207 }
1208 break;
1209
1210 case DLT_PPP_BSDOS:
1211 /*
1212 * We use Ethernet protocol types inside libpcap;
1213 * map them to the corresponding PPP protocol types.
1214 */
1215 switch (proto) {
1216
1217 case ETHERTYPE_IP:
1218 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP);
1219 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC);
1220 gen_or(b0, b1);
1221 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC);
1222 gen_or(b1, b0);
1223 return b0;
1224
1225 #ifdef INET6
1226 case ETHERTYPE_IPV6:
1227 proto = PPP_IPV6;
1228 /* more to go? */
1229 break;
1230 #endif
1231
1232 case ETHERTYPE_DN:
1233 proto = PPP_DECNET;
1234 break;
1235
1236 case ETHERTYPE_ATALK:
1237 proto = PPP_APPLE;
1238 break;
1239
1240 case ETHERTYPE_NS:
1241 proto = PPP_NS;
1242 break;
1243
1244 case LLCSAP_ISONS:
1245 proto = PPP_OSI;
1246 break;
1247
1248 case LLCSAP_8021D:
1249 /*
1250 * I'm assuming the "Bridging PDU"s that go
1251 * over PPP are Spanning Tree Protocol
1252 * Bridging PDUs.
1253 */
1254 proto = PPP_BRPDU;
1255 break;
1256
1257 case LLCSAP_IPX:
1258 proto = PPP_IPX;
1259 break;
1260 }
1261 break;
1262
1263 case DLT_NULL:
1264 case DLT_LOOP:
1265 /*
1266 * For DLT_NULL, the link-layer header is a 32-bit
1267 * word containing an AF_ value in *host* byte order.
1268 *
1269 * In addition, if we're reading a saved capture file,
1270 * the host byte order in the capture may not be the
1271 * same as the host byte order on this machine.
1272 *
1273 * For DLT_LOOP, the link-layer header is a 32-bit
1274 * word containing an AF_ value in *network* byte order.
1275 *
1276 * XXX - AF_ values may, unfortunately, be platform-
1277 * dependent; for example, FreeBSD's AF_INET6 is 24
1278 * whilst NetBSD's and OpenBSD's is 26.
1279 *
1280 * This means that, when reading a capture file, just
1281 * checking for our AF_INET6 value won't work if the
1282 * capture file came from another OS.
1283 */
1284 switch (proto) {
1285
1286 case ETHERTYPE_IP:
1287 proto = AF_INET;
1288 break;
1289
1290 #ifdef INET6
1291 case ETHERTYPE_IPV6:
1292 proto = AF_INET6;
1293 break;
1294 #endif
1295
1296 default:
1297 /*
1298 * Not a type on which we support filtering.
1299 * XXX - support those that have AF_ values
1300 * #defined on this platform, at least?
1301 */
1302 return gen_false();
1303 }
1304
1305 if (linktype == DLT_NULL) {
1306 /*
1307 * The AF_ value is in host byte order, but
1308 * the BPF interpreter will convert it to
1309 * network byte order.
1310 *
1311 * If this is a save file, and it's from a
1312 * machine with the opposite byte order to
1313 * ours, we byte-swap the AF_ value.
1314 *
1315 * Then we run it through "htonl()", and
1316 * generate code to compare against the result.
1317 */
1318 if (bpf_pcap->sf.rfile != NULL &&
1319 bpf_pcap->sf.swapped)
1320 proto = SWAPLONG(proto);
1321 proto = htonl(proto);
1322 }
1323 return (gen_cmp(0, BPF_W, (bpf_int32)proto));
1324
1325 case DLT_ARCNET:
1326 /*
1327 * XXX should we check for first fragment if the protocol
1328 * uses PHDS?
1329 */
1330 switch(proto) {
1331 default:
1332 return gen_false();
1333 #ifdef INET6
1334 case ETHERTYPE_IPV6:
1335 return(gen_cmp(2, BPF_B,
1336 (bpf_int32)htonl(ARCTYPE_INET6)));
1337 #endif /* INET6 */
1338 case ETHERTYPE_IP:
1339 b0 = gen_cmp(2, BPF_B, (bpf_int32)htonl(ARCTYPE_IP));
1340 b1 = gen_cmp(2, BPF_B,
1341 (bpf_int32)htonl(ARCTYPE_IP_OLD));
1342 gen_or(b0, b1);
1343 return(b1);
1344 case ETHERTYPE_ARP:
1345 b0 = gen_cmp(2, BPF_B, (bpf_int32)htonl(ARCTYPE_ARP));
1346 b1 = gen_cmp(2, BPF_B,
1347 (bpf_int32)htonl(ARCTYPE_ARP_OLD));
1348 gen_or(b0, b1);
1349 return(b1);
1350 case ETHERTYPE_REVARP:
1351 return(gen_cmp(2, BPF_B,
1352 (bpf_int32)htonl(ARCTYPE_REVARP)));
1353 case ETHERTYPE_ATALK:
1354 return(gen_cmp(2, BPF_B,
1355 (bpf_int32)htonl(ARCTYPE_ATALK)));
1356 }
1357 break;
1358 }
1359
1360 /*
1361 * All the types that have no encapsulation should either be
1362 * handled as DLT_SLIP, DLT_SLIP_BSDOS, and DLT_RAW are, if
1363 * all packets are IP packets, or should be handled in some
1364 * special case, if none of them are (if some are and some
1365 * aren't, the lack of encapsulation is a problem, as we'd
1366 * have to find some other way of determining the packet type).
1367 *
1368 * Therefore, if "off_linktype" is -1, there's an error.
1369 */
1370 if (off_linktype == -1)
1371 abort();
1372
1373 /*
1374 * Any type not handled above should always have an Ethernet
1375 * type at an offset of "off_linktype". (PPP is partially
1376 * handled above - the protocol type is mapped from the
1377 * Ethernet and LLC types we use internally to the corresponding
1378 * PPP type - but the PPP type is always specified by a value
1379 * at "off_linktype", so we don't have to do the code generation
1380 * above.)
1381 */
1382 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1383 }
1384
1385 /*
1386 * Check for an LLC SNAP packet with a given organization code and
1387 * protocol type; we check the entire contents of the 802.2 LLC and
1388 * snap headers, checking for DSAP and SSAP of SNAP and a control
1389 * field of 0x03 in the LLC header, and for the specified organization
1390 * code and protocol type in the SNAP header.
1391 */
1392 static struct block *
1393 gen_snap(orgcode, ptype, offset)
1394 bpf_u_int32 orgcode;
1395 bpf_u_int32 ptype;
1396 u_int offset;
1397 {
1398 u_char snapblock[8];
1399
1400 snapblock[0] = LLCSAP_SNAP; /* DSAP = SNAP */
1401 snapblock[1] = LLCSAP_SNAP; /* SSAP = SNAP */
1402 snapblock[2] = 0x03; /* control = UI */
1403 snapblock[3] = (orgcode >> 16); /* upper 8 bits of organization code */
1404 snapblock[4] = (orgcode >> 8); /* middle 8 bits of organization code */
1405 snapblock[5] = (orgcode >> 0); /* lower 8 bits of organization code */
1406 snapblock[6] = (ptype >> 8); /* upper 8 bits of protocol type */
1407 snapblock[7] = (ptype >> 0); /* lower 8 bits of protocol type */
1408 return gen_bcmp(offset, 8, snapblock);
1409 }
1410
1411 static struct block *
1412 gen_hostop(addr, mask, dir, proto, src_off, dst_off)
1413 bpf_u_int32 addr;
1414 bpf_u_int32 mask;
1415 int dir, proto;
1416 u_int src_off, dst_off;
1417 {
1418 struct block *b0, *b1;
1419 u_int offset;
1420
1421 switch (dir) {
1422
1423 case Q_SRC:
1424 offset = src_off;
1425 break;
1426
1427 case Q_DST:
1428 offset = dst_off;
1429 break;
1430
1431 case Q_AND:
1432 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
1433 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
1434 gen_and(b0, b1);
1435 return b1;
1436
1437 case Q_OR:
1438 case Q_DEFAULT:
1439 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
1440 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
1441 gen_or(b0, b1);
1442 return b1;
1443
1444 default:
1445 abort();
1446 }
1447 b0 = gen_linktype(proto);
1448 b1 = gen_mcmp(offset, BPF_W, (bpf_int32)addr, mask);
1449 gen_and(b0, b1);
1450 return b1;
1451 }
1452
1453 #ifdef INET6
1454 static struct block *
1455 gen_hostop6(addr, mask, dir, proto, src_off, dst_off)
1456 struct in6_addr *addr;
1457 struct in6_addr *mask;
1458 int dir, proto;
1459 u_int src_off, dst_off;
1460 {
1461 struct block *b0, *b1;
1462 u_int offset;
1463 u_int32_t *a, *m;
1464
1465 switch (dir) {
1466
1467 case Q_SRC:
1468 offset = src_off;
1469 break;
1470
1471 case Q_DST:
1472 offset = dst_off;
1473 break;
1474
1475 case Q_AND:
1476 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
1477 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
1478 gen_and(b0, b1);
1479 return b1;
1480
1481 case Q_OR:
1482 case Q_DEFAULT:
1483 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
1484 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
1485 gen_or(b0, b1);
1486 return b1;
1487
1488 default:
1489 abort();
1490 }
1491 /* this order is important */
1492 a = (u_int32_t *)addr;
1493 m = (u_int32_t *)mask;
1494 b1 = gen_mcmp(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3]));
1495 b0 = gen_mcmp(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2]));
1496 gen_and(b0, b1);
1497 b0 = gen_mcmp(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1]));
1498 gen_and(b0, b1);
1499 b0 = gen_mcmp(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0]));
1500 gen_and(b0, b1);
1501 b0 = gen_linktype(proto);
1502 gen_and(b0, b1);
1503 return b1;
1504 }
1505 #endif /*INET6*/
1506
1507 static struct block *
1508 gen_ehostop(eaddr, dir)
1509 register const u_char *eaddr;
1510 register int dir;
1511 {
1512 register struct block *b0, *b1;
1513
1514 switch (dir) {
1515 case Q_SRC:
1516 return gen_bcmp(6, 6, eaddr);
1517
1518 case Q_DST:
1519 return gen_bcmp(0, 6, eaddr);
1520
1521 case Q_AND:
1522 b0 = gen_ehostop(eaddr, Q_SRC);
1523 b1 = gen_ehostop(eaddr, Q_DST);
1524 gen_and(b0, b1);
1525 return b1;
1526
1527 case Q_DEFAULT:
1528 case Q_OR:
1529 b0 = gen_ehostop(eaddr, Q_SRC);
1530 b1 = gen_ehostop(eaddr, Q_DST);
1531 gen_or(b0, b1);
1532 return b1;
1533 }
1534 abort();
1535 /* NOTREACHED */
1536 }
1537
1538 /*
1539 * Like gen_ehostop, but for DLT_FDDI
1540 */
1541 static struct block *
1542 gen_fhostop(eaddr, dir)
1543 register const u_char *eaddr;
1544 register int dir;
1545 {
1546 struct block *b0, *b1;
1547
1548 switch (dir) {
1549 case Q_SRC:
1550 #ifdef PCAP_FDDIPAD
1551 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr);
1552 #else
1553 return gen_bcmp(6 + 1, 6, eaddr);
1554 #endif
1555
1556 case Q_DST:
1557 #ifdef PCAP_FDDIPAD
1558 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr);
1559 #else
1560 return gen_bcmp(0 + 1, 6, eaddr);
1561 #endif
1562
1563 case Q_AND:
1564 b0 = gen_fhostop(eaddr, Q_SRC);
1565 b1 = gen_fhostop(eaddr, Q_DST);
1566 gen_and(b0, b1);
1567 return b1;
1568
1569 case Q_DEFAULT:
1570 case Q_OR:
1571 b0 = gen_fhostop(eaddr, Q_SRC);
1572 b1 = gen_fhostop(eaddr, Q_DST);
1573 gen_or(b0, b1);
1574 return b1;
1575 }
1576 abort();
1577 /* NOTREACHED */
1578 }
1579
1580 /*
1581 * Like gen_ehostop, but for DLT_IEEE802 (Token Ring)
1582 */
1583 static struct block *
1584 gen_thostop(eaddr, dir)
1585 register const u_char *eaddr;
1586 register int dir;
1587 {
1588 register struct block *b0, *b1;
1589
1590 switch (dir) {
1591 case Q_SRC:
1592 return gen_bcmp(8, 6, eaddr);
1593
1594 case Q_DST:
1595 return gen_bcmp(2, 6, eaddr);
1596
1597 case Q_AND:
1598 b0 = gen_thostop(eaddr, Q_SRC);
1599 b1 = gen_thostop(eaddr, Q_DST);
1600 gen_and(b0, b1);
1601 return b1;
1602
1603 case Q_DEFAULT:
1604 case Q_OR:
1605 b0 = gen_thostop(eaddr, Q_SRC);
1606 b1 = gen_thostop(eaddr, Q_DST);
1607 gen_or(b0, b1);
1608 return b1;
1609 }
1610 abort();
1611 /* NOTREACHED */
1612 }
1613
1614 /*
1615 * This is quite tricky because there may be pad bytes in front of the
1616 * DECNET header, and then there are two possible data packet formats that
1617 * carry both src and dst addresses, plus 5 packet types in a format that
1618 * carries only the src node, plus 2 types that use a different format and
1619 * also carry just the src node.
1620 *
1621 * Yuck.
1622 *
1623 * Instead of doing those all right, we just look for data packets with
1624 * 0 or 1 bytes of padding. If you want to look at other packets, that
1625 * will require a lot more hacking.
1626 *
1627 * To add support for filtering on DECNET "areas" (network numbers)
1628 * one would want to add a "mask" argument to this routine. That would
1629 * make the filter even more inefficient, although one could be clever
1630 * and not generate masking instructions if the mask is 0xFFFF.
1631 */
1632 static struct block *
1633 gen_dnhostop(addr, dir, base_off)
1634 bpf_u_int32 addr;
1635 int dir;
1636 u_int base_off;
1637 {
1638 struct block *b0, *b1, *b2, *tmp;
1639 u_int offset_lh; /* offset if long header is received */
1640 u_int offset_sh; /* offset if short header is received */
1641
1642 switch (dir) {
1643
1644 case Q_DST:
1645 offset_sh = 1; /* follows flags */
1646 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */
1647 break;
1648
1649 case Q_SRC:
1650 offset_sh = 3; /* follows flags, dstnode */
1651 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */
1652 break;
1653
1654 case Q_AND:
1655 /* Inefficient because we do our Calvinball dance twice */
1656 b0 = gen_dnhostop(addr, Q_SRC, base_off);
1657 b1 = gen_dnhostop(addr, Q_DST, base_off);
1658 gen_and(b0, b1);
1659 return b1;
1660
1661 case Q_OR:
1662 case Q_DEFAULT:
1663 /* Inefficient because we do our Calvinball dance twice */
1664 b0 = gen_dnhostop(addr, Q_SRC, base_off);
1665 b1 = gen_dnhostop(addr, Q_DST, base_off);
1666 gen_or(b0, b1);
1667 return b1;
1668
1669 case Q_ISO:
1670 bpf_error("ISO host filtering not implemented");
1671
1672 default:
1673 abort();
1674 }
1675 b0 = gen_linktype(ETHERTYPE_DN);
1676 /* Check for pad = 1, long header case */
1677 tmp = gen_mcmp(base_off + 2, BPF_H,
1678 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF));
1679 b1 = gen_cmp(base_off + 2 + 1 + offset_lh,
1680 BPF_H, (bpf_int32)ntohs(addr));
1681 gen_and(tmp, b1);
1682 /* Check for pad = 0, long header case */
1683 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7);
1684 b2 = gen_cmp(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr));
1685 gen_and(tmp, b2);
1686 gen_or(b2, b1);
1687 /* Check for pad = 1, short header case */
1688 tmp = gen_mcmp(base_off + 2, BPF_H,
1689 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF));
1690 b2 = gen_cmp(base_off + 2 + 1 + offset_sh,
1691 BPF_H, (bpf_int32)ntohs(addr));
1692 gen_and(tmp, b2);
1693 gen_or(b2, b1);
1694 /* Check for pad = 0, short header case */
1695 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7);
1696 b2 = gen_cmp(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr));
1697 gen_and(tmp, b2);
1698 gen_or(b2, b1);
1699
1700 /* Combine with test for linktype */
1701 gen_and(b0, b1);
1702 return b1;
1703 }
1704
1705 static struct block *
1706 gen_host(addr, mask, proto, dir)
1707 bpf_u_int32 addr;
1708 bpf_u_int32 mask;
1709 int proto;
1710 int dir;
1711 {
1712 struct block *b0, *b1;
1713
1714 switch (proto) {
1715
1716 case Q_DEFAULT:
1717 b0 = gen_host(addr, mask, Q_IP, dir);
1718 if (off_linktype != -1) {
1719 b1 = gen_host(addr, mask, Q_ARP, dir);
1720 gen_or(b0, b1);
1721 b0 = gen_host(addr, mask, Q_RARP, dir);
1722 gen_or(b1, b0);
1723 }
1724 return b0;
1725
1726 case Q_IP:
1727 return gen_hostop(addr, mask, dir, ETHERTYPE_IP,
1728 off_nl + 12, off_nl + 16);
1729
1730 case Q_RARP:
1731 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP,
1732 off_nl + 14, off_nl + 24);
1733
1734 case Q_ARP:
1735 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP,
1736 off_nl + 14, off_nl + 24);
1737
1738 case Q_TCP:
1739 bpf_error("'tcp' modifier applied to host");
1740
1741 case Q_SCTP:
1742 bpf_error("'sctp' modifier applied to host");
1743
1744 case Q_UDP:
1745 bpf_error("'udp' modifier applied to host");
1746
1747 case Q_ICMP:
1748 bpf_error("'icmp' modifier applied to host");
1749
1750 case Q_IGMP:
1751 bpf_error("'igmp' modifier applied to host");
1752
1753 case Q_IGRP:
1754 bpf_error("'igrp' modifier applied to host");
1755
1756 case Q_PIM:
1757 bpf_error("'pim' modifier applied to host");
1758
1759 case Q_VRRP:
1760 bpf_error("'vrrp' modifier applied to host");
1761
1762 case Q_ATALK:
1763 bpf_error("ATALK host filtering not implemented");
1764
1765 case Q_AARP:
1766 bpf_error("AARP host filtering not implemented");
1767
1768 case Q_DECNET:
1769 return gen_dnhostop(addr, dir, off_nl);
1770
1771 case Q_SCA:
1772 bpf_error("SCA host filtering not implemented");
1773
1774 case Q_LAT:
1775 bpf_error("LAT host filtering not implemented");
1776
1777 case Q_MOPDL:
1778 bpf_error("MOPDL host filtering not implemented");
1779
1780 case Q_MOPRC:
1781 bpf_error("MOPRC host filtering not implemented");
1782
1783 #ifdef INET6
1784 case Q_IPV6:
1785 bpf_error("'ip6' modifier applied to ip host");
1786
1787 case Q_ICMPV6:
1788 bpf_error("'icmp6' modifier applied to host");
1789 #endif /* INET6 */
1790
1791 case Q_AH:
1792 bpf_error("'ah' modifier applied to host");
1793
1794 case Q_ESP:
1795 bpf_error("'esp' modifier applied to host");
1796
1797 case Q_ISO:
1798 bpf_error("ISO host filtering not implemented");
1799
1800 case Q_ESIS:
1801 bpf_error("'esis' modifier applied to host");
1802
1803 case Q_ISIS:
1804 bpf_error("'isis' modifier applied to host");
1805
1806 case Q_CLNP:
1807 bpf_error("'clnp' modifier applied to host");
1808
1809 case Q_STP:
1810 bpf_error("'stp' modifier applied to host");
1811
1812 case Q_IPX:
1813 bpf_error("IPX host filtering not implemented");
1814
1815 case Q_NETBEUI:
1816 bpf_error("'netbeui' modifier applied to host");
1817
1818 default:
1819 abort();
1820 }
1821 /* NOTREACHED */
1822 }
1823
1824 #ifdef INET6
1825 static struct block *
1826 gen_host6(addr, mask, proto, dir)
1827 struct in6_addr *addr;
1828 struct in6_addr *mask;
1829 int proto;
1830 int dir;
1831 {
1832 switch (proto) {
1833
1834 case Q_DEFAULT:
1835 return gen_host6(addr, mask, Q_IPV6, dir);
1836
1837 case Q_IP:
1838 bpf_error("'ip' modifier applied to ip6 host");
1839
1840 case Q_RARP:
1841 bpf_error("'rarp' modifier applied to ip6 host");
1842
1843 case Q_ARP:
1844 bpf_error("'arp' modifier applied to ip6 host");
1845
1846 case Q_SCTP:
1847 bpf_error("'sctp' modifier applied to host");
1848
1849 case Q_TCP:
1850 bpf_error("'tcp' modifier applied to host");
1851
1852 case Q_UDP:
1853 bpf_error("'udp' modifier applied to host");
1854
1855 case Q_ICMP:
1856 bpf_error("'icmp' modifier applied to host");
1857
1858 case Q_IGMP:
1859 bpf_error("'igmp' modifier applied to host");
1860
1861 case Q_IGRP:
1862 bpf_error("'igrp' modifier applied to host");
1863
1864 case Q_PIM:
1865 bpf_error("'pim' modifier applied to host");
1866
1867 case Q_VRRP:
1868 bpf_error("'vrrp' modifier applied to host");
1869
1870 case Q_ATALK:
1871 bpf_error("ATALK host filtering not implemented");
1872
1873 case Q_AARP:
1874 bpf_error("AARP host filtering not implemented");
1875
1876 case Q_DECNET:
1877 bpf_error("'decnet' modifier applied to ip6 host");
1878
1879 case Q_SCA:
1880 bpf_error("SCA host filtering not implemented");
1881
1882 case Q_LAT:
1883 bpf_error("LAT host filtering not implemented");
1884
1885 case Q_MOPDL:
1886 bpf_error("MOPDL host filtering not implemented");
1887
1888 case Q_MOPRC:
1889 bpf_error("MOPRC host filtering not implemented");
1890
1891 case Q_IPV6:
1892 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6,
1893 off_nl + 8, off_nl + 24);
1894
1895 case Q_ICMPV6:
1896 bpf_error("'icmp6' modifier applied to host");
1897
1898 case Q_AH:
1899 bpf_error("'ah' modifier applied to host");
1900
1901 case Q_ESP:
1902 bpf_error("'esp' modifier applied to host");
1903
1904 case Q_ISO:
1905 bpf_error("ISO host filtering not implemented");
1906
1907 case Q_ESIS:
1908 bpf_error("'esis' modifier applied to host");
1909
1910 case Q_ISIS:
1911 bpf_error("'isis' modifier applied to host");
1912
1913 case Q_CLNP:
1914 bpf_error("'clnp' modifier applied to host");
1915
1916 case Q_STP:
1917 bpf_error("'stp' modifier applied to host");
1918
1919 case Q_IPX:
1920 bpf_error("IPX host filtering not implemented");
1921
1922 case Q_NETBEUI:
1923 bpf_error("'netbeui' modifier applied to host");
1924
1925 default:
1926 abort();
1927 }
1928 /* NOTREACHED */
1929 }
1930 #endif /*INET6*/
1931
1932 #ifndef INET6
1933 static struct block *
1934 gen_gateway(eaddr, alist, proto, dir)
1935 const u_char *eaddr;
1936 bpf_u_int32 **alist;
1937 int proto;
1938 int dir;
1939 {
1940 struct block *b0, *b1, *tmp;
1941
1942 if (dir != 0)
1943 bpf_error("direction applied to 'gateway'");
1944
1945 switch (proto) {
1946 case Q_DEFAULT:
1947 case Q_IP:
1948 case Q_ARP:
1949 case Q_RARP:
1950 if (linktype == DLT_EN10MB)
1951 b0 = gen_ehostop(eaddr, Q_OR);
1952 else if (linktype == DLT_FDDI)
1953 b0 = gen_fhostop(eaddr, Q_OR);
1954 else if (linktype == DLT_IEEE802)
1955 b0 = gen_thostop(eaddr, Q_OR);
1956 else
1957 bpf_error(
1958 "'gateway' supported only on ethernet, FDDI or token ring");
1959
1960 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR);
1961 while (*alist) {
1962 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR);
1963 gen_or(b1, tmp);
1964 b1 = tmp;
1965 }
1966 gen_not(b1);
1967 gen_and(b0, b1);
1968 return b1;
1969 }
1970 bpf_error("illegal modifier of 'gateway'");
1971 /* NOTREACHED */
1972 }
1973 #endif
1974
1975 struct block *
1976 gen_proto_abbrev(proto)
1977 int proto;
1978 {
1979 #ifdef INET6
1980 struct block *b0;
1981 #endif
1982 struct block *b1;
1983
1984 switch (proto) {
1985
1986 case Q_SCTP:
1987 b1 = gen_proto(IPPROTO_SCTP, Q_IP, Q_DEFAULT);
1988 #ifdef INET6
1989 b0 = gen_proto(IPPROTO_SCTP, Q_IPV6, Q_DEFAULT);
1990 gen_or(b0, b1);
1991 #endif
1992 break;
1993
1994 case Q_TCP:
1995 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT);
1996 #ifdef INET6
1997 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT);
1998 gen_or(b0, b1);
1999 #endif
2000 break;
2001
2002 case Q_UDP:
2003 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT);
2004 #ifdef INET6
2005 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT);
2006 gen_or(b0, b1);
2007 #endif
2008 break;
2009
2010 case Q_ICMP:
2011 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT);
2012 break;
2013
2014 #ifndef IPPROTO_IGMP
2015 #define IPPROTO_IGMP 2
2016 #endif
2017
2018 case Q_IGMP:
2019 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT);
2020 break;
2021
2022 #ifndef IPPROTO_IGRP
2023 #define IPPROTO_IGRP 9
2024 #endif
2025 case Q_IGRP:
2026 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT);
2027 break;
2028
2029 #ifndef IPPROTO_PIM
2030 #define IPPROTO_PIM 103
2031 #endif
2032
2033 case Q_PIM:
2034 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT);
2035 #ifdef INET6
2036 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT);
2037 gen_or(b0, b1);
2038 #endif
2039 break;
2040
2041 #ifndef IPPROTO_VRRP
2042 #define IPPROTO_VRRP 112
2043 #endif
2044
2045 case Q_VRRP:
2046 b1 = gen_proto(IPPROTO_VRRP, Q_IP, Q_DEFAULT);
2047 break;
2048
2049 case Q_IP:
2050 b1 = gen_linktype(ETHERTYPE_IP);
2051 break;
2052
2053 case Q_ARP:
2054 b1 = gen_linktype(ETHERTYPE_ARP);
2055 break;
2056
2057 case Q_RARP:
2058 b1 = gen_linktype(ETHERTYPE_REVARP);
2059 break;
2060
2061 case Q_LINK:
2062 bpf_error("link layer applied in wrong context");
2063
2064 case Q_ATALK:
2065 b1 = gen_linktype(ETHERTYPE_ATALK);
2066 break;
2067
2068 case Q_AARP:
2069 b1 = gen_linktype(ETHERTYPE_AARP);
2070 break;
2071
2072 case Q_DECNET:
2073 b1 = gen_linktype(ETHERTYPE_DN);
2074 break;
2075
2076 case Q_SCA:
2077 b1 = gen_linktype(ETHERTYPE_SCA);
2078 break;
2079
2080 case Q_LAT:
2081 b1 = gen_linktype(ETHERTYPE_LAT);
2082 break;
2083
2084 case Q_MOPDL:
2085 b1 = gen_linktype(ETHERTYPE_MOPDL);
2086 break;
2087
2088 case Q_MOPRC:
2089 b1 = gen_linktype(ETHERTYPE_MOPRC);
2090 break;
2091
2092 #ifdef INET6
2093 case Q_IPV6:
2094 b1 = gen_linktype(ETHERTYPE_IPV6);
2095 break;
2096
2097 #ifndef IPPROTO_ICMPV6
2098 #define IPPROTO_ICMPV6 58
2099 #endif
2100 case Q_ICMPV6:
2101 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT);
2102 break;
2103 #endif /* INET6 */
2104
2105 #ifndef IPPROTO_AH
2106 #define IPPROTO_AH 51
2107 #endif
2108 case Q_AH:
2109 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT);
2110 #ifdef INET6
2111 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT);
2112 gen_or(b0, b1);
2113 #endif
2114 break;
2115
2116 #ifndef IPPROTO_ESP
2117 #define IPPROTO_ESP 50
2118 #endif
2119 case Q_ESP:
2120 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT);
2121 #ifdef INET6
2122 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT);
2123 gen_or(b0, b1);
2124 #endif
2125 break;
2126
2127 case Q_ISO:
2128 b1 = gen_linktype(LLCSAP_ISONS);
2129 break;
2130
2131 case Q_ESIS:
2132 b1 = gen_proto(ISO9542_ESIS, Q_ISO, Q_DEFAULT);
2133 break;
2134
2135 case Q_ISIS:
2136 b1 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT);
2137 break;
2138
2139 case Q_CLNP:
2140 b1 = gen_proto(ISO8473_CLNP, Q_ISO, Q_DEFAULT);
2141 break;
2142
2143 case Q_STP:
2144 b1 = gen_linktype(LLCSAP_8021D);
2145 break;
2146
2147 case Q_IPX:
2148 b1 = gen_linktype(LLCSAP_IPX);
2149 break;
2150
2151 case Q_NETBEUI:
2152 b1 = gen_linktype(LLCSAP_NETBEUI);
2153 break;
2154
2155 default:
2156 abort();
2157 }
2158 return b1;
2159 }
2160
2161 static struct block *
2162 gen_ipfrag()
2163 {
2164 struct slist *s;
2165 struct block *b;
2166
2167 /* not ip frag */
2168 s = new_stmt(BPF_LD|BPF_H|BPF_ABS);
2169 s->s.k = off_nl + 6;
2170 b = new_block(JMP(BPF_JSET));
2171 b->s.k = 0x1fff;
2172 b->stmts = s;
2173 gen_not(b);
2174
2175 return b;
2176 }
2177
2178 static struct block *
2179 gen_portatom(off, v)
2180 int off;
2181 bpf_int32 v;
2182 {
2183 struct slist *s;
2184 struct block *b;
2185
2186 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
2187 s->s.k = off_nl;
2188
2189 s->next = new_stmt(BPF_LD|BPF_IND|BPF_H);
2190 s->next->s.k = off_nl + off;
2191
2192 b = new_block(JMP(BPF_JEQ));
2193 b->stmts = s;
2194 b->s.k = v;
2195
2196 return b;
2197 }
2198
2199 #ifdef INET6
2200 static struct block *
2201 gen_portatom6(off, v)
2202 int off;
2203 bpf_int32 v;
2204 {
2205 return gen_cmp(off_nl + 40 + off, BPF_H, v);
2206 }
2207 #endif/*INET6*/
2208
2209 struct block *
2210 gen_portop(port, proto, dir)
2211 int port, proto, dir;
2212 {
2213 struct block *b0, *b1, *tmp;
2214
2215 /* ip proto 'proto' */
2216 tmp = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)proto);
2217 b0 = gen_ipfrag();
2218 gen_and(tmp, b0);
2219
2220 switch (dir) {
2221 case Q_SRC:
2222 b1 = gen_portatom(0, (bpf_int32)port);
2223 break;
2224
2225 case Q_DST:
2226 b1 = gen_portatom(2, (bpf_int32)port);
2227 break;
2228
2229 case Q_OR:
2230 case Q_DEFAULT:
2231 tmp = gen_portatom(0, (bpf_int32)port);
2232 b1 = gen_portatom(2, (bpf_int32)port);
2233 gen_or(tmp, b1);
2234 break;
2235
2236 case Q_AND:
2237 tmp = gen_portatom(0, (bpf_int32)port);
2238 b1 = gen_portatom(2, (bpf_int32)port);
2239 gen_and(tmp, b1);
2240 break;
2241
2242 default:
2243 abort();
2244 }
2245 gen_and(b0, b1);
2246
2247 return b1;
2248 }
2249
2250 static struct block *
2251 gen_port(port, ip_proto, dir)
2252 int port;
2253 int ip_proto;
2254 int dir;
2255 {
2256 struct block *b0, *b1, *tmp;
2257
2258 /* ether proto ip */
2259 b0 = gen_linktype(ETHERTYPE_IP);
2260
2261 switch (ip_proto) {
2262 case IPPROTO_UDP:
2263 case IPPROTO_TCP:
2264 case IPPROTO_SCTP:
2265 b1 = gen_portop(port, ip_proto, dir);
2266 break;
2267
2268 case PROTO_UNDEF:
2269 tmp = gen_portop(port, IPPROTO_TCP, dir);
2270 b1 = gen_portop(port, IPPROTO_UDP, dir);
2271 gen_or(tmp, b1);
2272 tmp = gen_portop(port, IPPROTO_SCTP, dir);
2273 gen_or(tmp, b1);
2274 break;
2275
2276 default:
2277 abort();
2278 }
2279 gen_and(b0, b1);
2280 return b1;
2281 }
2282
2283 #ifdef INET6
2284 struct block *
2285 gen_portop6(port, proto, dir)
2286 int port, proto, dir;
2287 {
2288 struct block *b0, *b1, *tmp;
2289
2290 /* ip proto 'proto' */
2291 b0 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)proto);
2292
2293 switch (dir) {
2294 case Q_SRC:
2295 b1 = gen_portatom6(0, (bpf_int32)port);
2296 break;
2297
2298 case Q_DST:
2299 b1 = gen_portatom6(2, (bpf_int32)port);
2300 break;
2301
2302 case Q_OR:
2303 case Q_DEFAULT:
2304 tmp = gen_portatom6(0, (bpf_int32)port);
2305 b1 = gen_portatom6(2, (bpf_int32)port);
2306 gen_or(tmp, b1);
2307 break;
2308
2309 case Q_AND:
2310 tmp = gen_portatom6(0, (bpf_int32)port);
2311 b1 = gen_portatom6(2, (bpf_int32)port);
2312 gen_and(tmp, b1);
2313 break;
2314
2315 default:
2316 abort();
2317 }
2318 gen_and(b0, b1);
2319
2320 return b1;
2321 }
2322
2323 static struct block *
2324 gen_port6(port, ip_proto, dir)
2325 int port;
2326 int ip_proto;
2327 int dir;
2328 {
2329 struct block *b0, *b1, *tmp;
2330
2331 /* ether proto ip */
2332 b0 = gen_linktype(ETHERTYPE_IPV6);
2333
2334 switch (ip_proto) {
2335 case IPPROTO_UDP:
2336 case IPPROTO_TCP:
2337 case IPPROTO_SCTP:
2338 b1 = gen_portop6(port, ip_proto, dir);
2339 break;
2340
2341 case PROTO_UNDEF:
2342 tmp = gen_portop6(port, IPPROTO_TCP, dir);
2343 b1 = gen_portop6(port, IPPROTO_UDP, dir);
2344 gen_or(tmp, b1);
2345 tmp = gen_portop6(port, IPPROTO_SCTP, dir);
2346 gen_or(tmp, b1);
2347 break;
2348
2349 default:
2350 abort();
2351 }
2352 gen_and(b0, b1);
2353 return b1;
2354 }
2355 #endif /* INET6 */
2356
2357 static int
2358 lookup_proto(name, proto)
2359 register const char *name;
2360 register int proto;
2361 {
2362 register int v;
2363
2364 switch (proto) {
2365
2366 case Q_DEFAULT:
2367 case Q_IP:
2368 v = pcap_nametoproto(name);
2369 if (v == PROTO_UNDEF)
2370 bpf_error("unknown ip proto '%s'", name);
2371 break;
2372
2373 case Q_LINK:
2374 /* XXX should look up h/w protocol type based on linktype */
2375 v = pcap_nametoeproto(name);
2376 if (v == PROTO_UNDEF)
2377 bpf_error("unknown ether proto '%s'", name);
2378 break;
2379
2380 case Q_ISO:
2381 if (strcmp(name, "esis") == 0)
2382 v = ISO9542_ESIS;
2383 else if (strcmp(name, "isis") == 0)
2384 v = ISO10589_ISIS;
2385 else if (strcmp(name, "clnp") == 0)
2386 v = ISO8473_CLNP;
2387 else
2388 bpf_error("unknown osi proto '%s'", name);
2389 break;
2390
2391 default:
2392 v = PROTO_UNDEF;
2393 break;
2394 }
2395 return v;
2396 }
2397
2398 #if 0
2399 struct stmt *
2400 gen_joinsp(s, n)
2401 struct stmt **s;
2402 int n;
2403 {
2404 return NULL;
2405 }
2406 #endif
2407
2408 static struct block *
2409 gen_protochain(v, proto, dir)
2410 int v;
2411 int proto;
2412 int dir;
2413 {
2414 #ifdef NO_PROTOCHAIN
2415 return gen_proto(v, proto, dir);
2416 #else
2417 struct block *b0, *b;
2418 struct slist *s[100];
2419 int fix2, fix3, fix4, fix5;
2420 int ahcheck, again, end;
2421 int i, max;
2422 int reg2 = alloc_reg();
2423
2424 memset(s, 0, sizeof(s));
2425 fix2 = fix3 = fix4 = fix5 = 0;
2426
2427 switch (proto) {
2428 case Q_IP:
2429 case Q_IPV6:
2430 break;
2431 case Q_DEFAULT:
2432 b0 = gen_protochain(v, Q_IP, dir);
2433 b = gen_protochain(v, Q_IPV6, dir);
2434 gen_or(b0, b);
2435 return b;
2436 default:
2437 bpf_error("bad protocol applied for 'protochain'");
2438 /*NOTREACHED*/
2439 }
2440
2441 no_optimize = 1; /*this code is not compatible with optimzer yet */
2442
2443 /*
2444 * s[0] is a dummy entry to protect other BPF insn from damaged
2445 * by s[fix] = foo with uninitialized variable "fix". It is somewhat
2446 * hard to find interdependency made by jump table fixup.
2447 */
2448 i = 0;
2449 s[i] = new_stmt(0); /*dummy*/
2450 i++;
2451
2452 switch (proto) {
2453 case Q_IP:
2454 b0 = gen_linktype(ETHERTYPE_IP);
2455
2456 /* A = ip->ip_p */
2457 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
2458 s[i]->s.k = off_nl + 9;
2459 i++;
2460 /* X = ip->ip_hl << 2 */
2461 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
2462 s[i]->s.k = off_nl;
2463 i++;
2464 break;
2465 #ifdef INET6
2466 case Q_IPV6:
2467 b0 = gen_linktype(ETHERTYPE_IPV6);
2468
2469 /* A = ip6->ip_nxt */
2470 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
2471 s[i]->s.k = off_nl + 6;
2472 i++;
2473 /* X = sizeof(struct ip6_hdr) */
2474 s[i] = new_stmt(BPF_LDX|BPF_IMM);
2475 s[i]->s.k = 40;
2476 i++;
2477 break;
2478 #endif
2479 default:
2480 bpf_error("unsupported proto to gen_protochain");
2481 /*NOTREACHED*/
2482 }
2483
2484 /* again: if (A == v) goto end; else fall through; */
2485 again = i;
2486 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2487 s[i]->s.k = v;
2488 s[i]->s.jt = NULL; /*later*/
2489 s[i]->s.jf = NULL; /*update in next stmt*/
2490 fix5 = i;
2491 i++;
2492
2493 #ifndef IPPROTO_NONE
2494 #define IPPROTO_NONE 59
2495 #endif
2496 /* if (A == IPPROTO_NONE) goto end */
2497 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2498 s[i]->s.jt = NULL; /*later*/
2499 s[i]->s.jf = NULL; /*update in next stmt*/
2500 s[i]->s.k = IPPROTO_NONE;
2501 s[fix5]->s.jf = s[i];
2502 fix2 = i;
2503 i++;
2504
2505 #ifdef INET6
2506 if (proto == Q_IPV6) {
2507 int v6start, v6end, v6advance, j;
2508
2509 v6start = i;
2510 /* if (A == IPPROTO_HOPOPTS) goto v6advance */
2511 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2512 s[i]->s.jt = NULL; /*later*/
2513 s[i]->s.jf = NULL; /*update in next stmt*/
2514 s[i]->s.k = IPPROTO_HOPOPTS;
2515 s[fix2]->s.jf = s[i];
2516 i++;
2517 /* if (A == IPPROTO_DSTOPTS) goto v6advance */
2518 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2519 s[i]->s.jt = NULL; /*later*/
2520 s[i]->s.jf = NULL; /*update in next stmt*/
2521 s[i]->s.k = IPPROTO_DSTOPTS;
2522 i++;
2523 /* if (A == IPPROTO_ROUTING) goto v6advance */
2524 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2525 s[i]->s.jt = NULL; /*later*/
2526 s[i]->s.jf = NULL; /*update in next stmt*/
2527 s[i]->s.k = IPPROTO_ROUTING;
2528 i++;
2529 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */
2530 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2531 s[i]->s.jt = NULL; /*later*/
2532 s[i]->s.jf = NULL; /*later*/
2533 s[i]->s.k = IPPROTO_FRAGMENT;
2534 fix3 = i;
2535 v6end = i;
2536 i++;
2537
2538 /* v6advance: */
2539 v6advance = i;
2540
2541 /*
2542 * in short,
2543 * A = P[X];
2544 * X = X + (P[X + 1] + 1) * 8;
2545 */
2546 /* A = X */
2547 s[i] = new_stmt(BPF_MISC|BPF_TXA);
2548 i++;
2549 /* A = P[X + packet head] */
2550 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2551 s[i]->s.k = off_nl;
2552 i++;
2553 /* MEM[reg2] = A */
2554 s[i] = new_stmt(BPF_ST);
2555 s[i]->s.k = reg2;
2556 i++;
2557 /* A = X */
2558 s[i] = new_stmt(BPF_MISC|BPF_TXA);
2559 i++;
2560 /* A += 1 */
2561 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2562 s[i]->s.k = 1;
2563 i++;
2564 /* X = A */
2565 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2566 i++;
2567 /* A = P[X + packet head]; */
2568 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2569 s[i]->s.k = off_nl;
2570 i++;
2571 /* A += 1 */
2572 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2573 s[i]->s.k = 1;
2574 i++;
2575 /* A *= 8 */
2576 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
2577 s[i]->s.k = 8;
2578 i++;
2579 /* X = A; */
2580 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2581 i++;
2582 /* A = MEM[reg2] */
2583 s[i] = new_stmt(BPF_LD|BPF_MEM);
2584 s[i]->s.k = reg2;
2585 i++;
2586
2587 /* goto again; (must use BPF_JA for backward jump) */
2588 s[i] = new_stmt(BPF_JMP|BPF_JA);
2589 s[i]->s.k = again - i - 1;
2590 s[i - 1]->s.jf = s[i];
2591 i++;
2592
2593 /* fixup */
2594 for (j = v6start; j <= v6end; j++)
2595 s[j]->s.jt = s[v6advance];
2596 } else
2597 #endif
2598 {
2599 /* nop */
2600 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2601 s[i]->s.k = 0;
2602 s[fix2]->s.jf = s[i];
2603 i++;
2604 }
2605
2606 /* ahcheck: */
2607 ahcheck = i;
2608 /* if (A == IPPROTO_AH) then fall through; else goto end; */
2609 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2610 s[i]->s.jt = NULL; /*later*/
2611 s[i]->s.jf = NULL; /*later*/
2612 s[i]->s.k = IPPROTO_AH;
2613 if (fix3)
2614 s[fix3]->s.jf = s[ahcheck];
2615 fix4 = i;
2616 i++;
2617
2618 /*
2619 * in short,
2620 * A = P[X];
2621 * X = X + (P[X + 1] + 2) * 4;
2622 */
2623 /* A = X */
2624 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
2625 i++;
2626 /* A = P[X + packet head]; */
2627 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2628 s[i]->s.k = off_nl;
2629 i++;
2630 /* MEM[reg2] = A */
2631 s[i] = new_stmt(BPF_ST);
2632 s[i]->s.k = reg2;
2633 i++;
2634 /* A = X */
2635 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
2636 i++;
2637 /* A += 1 */
2638 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2639 s[i]->s.k = 1;
2640 i++;
2641 /* X = A */
2642 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2643 i++;
2644 /* A = P[X + packet head] */
2645 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2646 s[i]->s.k = off_nl;
2647 i++;
2648 /* A += 2 */
2649 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2650 s[i]->s.k = 2;
2651 i++;
2652 /* A *= 4 */
2653 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
2654 s[i]->s.k = 4;
2655 i++;
2656 /* X = A; */
2657 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2658 i++;
2659 /* A = MEM[reg2] */
2660 s[i] = new_stmt(BPF_LD|BPF_MEM);
2661 s[i]->s.k = reg2;
2662 i++;
2663
2664 /* goto again; (must use BPF_JA for backward jump) */
2665 s[i] = new_stmt(BPF_JMP|BPF_JA);
2666 s[i]->s.k = again - i - 1;
2667 i++;
2668
2669 /* end: nop */
2670 end = i;
2671 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2672 s[i]->s.k = 0;
2673 s[fix2]->s.jt = s[end];
2674 s[fix4]->s.jf = s[end];
2675 s[fix5]->s.jt = s[end];
2676 i++;
2677
2678 /*
2679 * make slist chain
2680 */
2681 max = i;
2682 for (i = 0; i < max - 1; i++)
2683 s[i]->next = s[i + 1];
2684 s[max - 1]->next = NULL;
2685
2686 /*
2687 * emit final check
2688 */
2689 b = new_block(JMP(BPF_JEQ));
2690 b->stmts = s[1]; /*remember, s[0] is dummy*/
2691 b->s.k = v;
2692
2693 free_reg(reg2);
2694
2695 gen_and(b0, b);
2696 return b;
2697 #endif
2698 }
2699
2700 static struct block *
2701 gen_proto(v, proto, dir)
2702 int v;
2703 int proto;
2704 int dir;
2705 {
2706 struct block *b0, *b1;
2707
2708 if (dir != Q_DEFAULT)
2709 bpf_error("direction applied to 'proto'");
2710
2711 switch (proto) {
2712 case Q_DEFAULT:
2713 #ifdef INET6
2714 b0 = gen_proto(v, Q_IP, dir);
2715 b1 = gen_proto(v, Q_IPV6, dir);
2716 gen_or(b0, b1);
2717 return b1;
2718 #else
2719 /*FALLTHROUGH*/
2720 #endif
2721 case Q_IP:
2722 b0 = gen_linktype(ETHERTYPE_IP);
2723 #ifndef CHASE_CHAIN
2724 b1 = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)v);
2725 #else
2726 b1 = gen_protochain(v, Q_IP);
2727 #endif
2728 gen_and(b0, b1);
2729 return b1;
2730
2731 case Q_ISO:
2732 b0 = gen_linktype(LLCSAP_ISONS);
2733 b1 = gen_cmp(off_nl + 3, BPF_B, (long)v);
2734 gen_and(b0, b1);
2735 return b1;
2736
2737 case Q_ARP:
2738 bpf_error("arp does not encapsulate another protocol");
2739 /* NOTREACHED */
2740
2741 case Q_RARP:
2742 bpf_error("rarp does not encapsulate another protocol");
2743 /* NOTREACHED */
2744
2745 case Q_ATALK:
2746 bpf_error("atalk encapsulation is not specifiable");
2747 /* NOTREACHED */
2748
2749 case Q_DECNET:
2750 bpf_error("decnet encapsulation is not specifiable");
2751 /* NOTREACHED */
2752
2753 case Q_SCA:
2754 bpf_error("sca does not encapsulate another protocol");
2755 /* NOTREACHED */
2756
2757 case Q_LAT:
2758 bpf_error("lat does not encapsulate another protocol");
2759 /* NOTREACHED */
2760
2761 case Q_MOPRC:
2762 bpf_error("moprc does not encapsulate another protocol");
2763 /* NOTREACHED */
2764
2765 case Q_MOPDL:
2766 bpf_error("mopdl does not encapsulate another protocol");
2767 /* NOTREACHED */
2768
2769 case Q_LINK:
2770 return gen_linktype(v);
2771
2772 case Q_UDP:
2773 bpf_error("'udp proto' is bogus");
2774 /* NOTREACHED */
2775
2776 case Q_TCP:
2777 bpf_error("'tcp proto' is bogus");
2778 /* NOTREACHED */
2779
2780 case Q_SCTP:
2781 bpf_error("'sctp proto' is bogus");
2782 /* NOTREACHED */
2783
2784 case Q_ICMP:
2785 bpf_error("'icmp proto' is bogus");
2786 /* NOTREACHED */
2787
2788 case Q_IGMP:
2789 bpf_error("'igmp proto' is bogus");
2790 /* NOTREACHED */
2791
2792 case Q_IGRP:
2793 bpf_error("'igrp proto' is bogus");
2794 /* NOTREACHED */
2795
2796 case Q_PIM:
2797 bpf_error("'pim proto' is bogus");
2798 /* NOTREACHED */
2799
2800 case Q_VRRP:
2801 bpf_error("'vrrp proto' is bogus");
2802 /* NOTREACHED */
2803
2804 #ifdef INET6
2805 case Q_IPV6:
2806 b0 = gen_linktype(ETHERTYPE_IPV6);
2807 #ifndef CHASE_CHAIN
2808 b1 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)v);
2809 #else
2810 b1 = gen_protochain(v, Q_IPV6);
2811 #endif
2812 gen_and(b0, b1);
2813 return b1;
2814
2815 case Q_ICMPV6:
2816 bpf_error("'icmp6 proto' is bogus");
2817 #endif /* INET6 */
2818
2819 case Q_AH:
2820 bpf_error("'ah proto' is bogus");
2821
2822 case Q_ESP:
2823 bpf_error("'ah proto' is bogus");
2824
2825 case Q_STP:
2826 bpf_error("'stp proto' is bogus");
2827
2828 case Q_IPX:
2829 bpf_error("'ipx proto' is bogus");
2830
2831 case Q_NETBEUI:
2832 bpf_error("'netbeui proto' is bogus");
2833
2834 default:
2835 abort();
2836 /* NOTREACHED */
2837 }
2838 /* NOTREACHED */
2839 }
2840
2841 struct block *
2842 gen_scode(name, q)
2843 register const char *name;
2844 struct qual q;
2845 {
2846 int proto = q.proto;
2847 int dir = q.dir;
2848 int tproto;
2849 u_char *eaddr;
2850 bpf_u_int32 mask, addr;
2851 #ifndef INET6
2852 bpf_u_int32 **alist;
2853 #else
2854 int tproto6;
2855 struct sockaddr_in *sin;
2856 struct sockaddr_in6 *sin6;
2857 struct addrinfo *res, *res0;
2858 struct in6_addr mask128;
2859 #endif /*INET6*/
2860 struct block *b, *tmp;
2861 int port, real_proto;
2862
2863 switch (q.addr) {
2864
2865 case Q_NET:
2866 addr = pcap_nametonetaddr(name);
2867 if (addr == 0)
2868 bpf_error("unknown network '%s'", name);
2869 /* Left justify network addr and calculate its network mask */
2870 mask = 0xffffffff;
2871 while (addr && (addr & 0xff000000) == 0) {
2872 addr <<= 8;
2873 mask <<= 8;
2874 }
2875 return gen_host(addr, mask, proto, dir);
2876
2877 case Q_DEFAULT:
2878 case Q_HOST:
2879 if (proto == Q_LINK) {
2880 switch (linktype) {
2881
2882 case DLT_EN10MB:
2883 eaddr = pcap_ether_hostton(name);
2884 if (eaddr == NULL)
2885 bpf_error(
2886 "unknown ether host '%s'", name);
2887 return gen_ehostop(eaddr, dir);
2888
2889 case DLT_FDDI:
2890 eaddr = pcap_ether_hostton(name);
2891 if (eaddr == NULL)
2892 bpf_error(
2893 "unknown FDDI host '%s'", name);
2894 return gen_fhostop(eaddr, dir);
2895
2896 case DLT_IEEE802:
2897 eaddr = pcap_ether_hostton(name);
2898 if (eaddr == NULL)
2899 bpf_error(
2900 "unknown token ring host '%s'", name);
2901 return gen_thostop(eaddr, dir);
2902
2903 default:
2904 bpf_error(
2905 "only ethernet/FDDI/token ring supports link-level host name");
2906 break;
2907 }
2908 } else if (proto == Q_DECNET) {
2909 unsigned short dn_addr = __pcap_nametodnaddr(name);
2910 /*
2911 * I don't think DECNET hosts can be multihomed, so
2912 * there is no need to build up a list of addresses
2913 */
2914 return (gen_host(dn_addr, 0, proto, dir));
2915 } else {
2916 #ifndef INET6
2917 alist = pcap_nametoaddr(name);
2918 if (alist == NULL || *alist == NULL)
2919 bpf_error("unknown host '%s'", name);
2920 tproto = proto;
2921 if (off_linktype == -1 && tproto == Q_DEFAULT)
2922 tproto = Q_IP;
2923 b = gen_host(**alist++, 0xffffffff, tproto, dir);
2924 while (*alist) {
2925 tmp = gen_host(**alist++, 0xffffffff,
2926 tproto, dir);
2927 gen_or(b, tmp);
2928 b = tmp;
2929 }
2930 return b;
2931 #else
2932 memset(&mask128, 0xff, sizeof(mask128));
2933 res0 = res = pcap_nametoaddrinfo(name);
2934 if (res == NULL)
2935 bpf_error("unknown host '%s'", name);
2936 b = tmp = NULL;
2937 tproto = tproto6 = proto;
2938 if (off_linktype == -1 && tproto == Q_DEFAULT) {
2939 tproto = Q_IP;
2940 tproto6 = Q_IPV6;
2941 }
2942 for (res = res0; res; res = res->ai_next) {
2943 switch (res->ai_family) {
2944 case AF_INET:
2945 if (tproto == Q_IPV6)
2946 continue;
2947
2948 sin = (struct sockaddr_in *)
2949 res->ai_addr;
2950 tmp = gen_host(ntohl(sin->sin_addr.s_addr),
2951 0xffffffff, tproto, dir);
2952 break;
2953 case AF_INET6:
2954 if (tproto6 == Q_IP)
2955 continue;
2956
2957 sin6 = (struct sockaddr_in6 *)
2958 res->ai_addr;
2959 tmp = gen_host6(&sin6->sin6_addr,
2960 &mask128, tproto6, dir);
2961 break;
2962 default:
2963 continue;
2964 }
2965 if (b)
2966 gen_or(b, tmp);
2967 b = tmp;
2968 }
2969 freeaddrinfo(res0);
2970 if (b == NULL) {
2971 bpf_error("unknown host '%s'%s", name,
2972 (proto == Q_DEFAULT)
2973 ? ""
2974 : " for specified address family");
2975 }
2976 return b;
2977 #endif /*INET6*/
2978 }
2979
2980 case Q_PORT:
2981 if (proto != Q_DEFAULT &&
2982 proto != Q_UDP && proto != Q_TCP && proto != Q_SCTP)
2983 bpf_error("illegal qualifier of 'port'");
2984 if (pcap_nametoport(name, &port, &real_proto) == 0)
2985 bpf_error("unknown port '%s'", name);
2986 if (proto == Q_UDP) {
2987 if (real_proto == IPPROTO_TCP)
2988 bpf_error("port '%s' is tcp", name);
2989 else if (real_proto == IPPROTO_SCTP)
2990 bpf_error("port '%s' is sctp", name);
2991 else
2992 /* override PROTO_UNDEF */
2993 real_proto = IPPROTO_UDP;
2994 }
2995 if (proto == Q_TCP) {
2996 if (real_proto == IPPROTO_UDP)
2997 bpf_error("port '%s' is udp", name);
2998
2999 else if (real_proto == IPPROTO_SCTP)
3000 bpf_error("port '%s' is sctp", name);
3001 else
3002 /* override PROTO_UNDEF */
3003 real_proto = IPPROTO_TCP;
3004 }
3005 if (proto == Q_SCTP) {
3006 if (real_proto == IPPROTO_UDP)
3007 bpf_error("port '%s' is udp", name);
3008
3009 else if (real_proto == IPPROTO_TCP)
3010 bpf_error("port '%s' is tcp", name);
3011 else
3012 /* override PROTO_UNDEF */
3013 real_proto = IPPROTO_SCTP;
3014 }
3015 #ifndef INET6
3016 return gen_port(port, real_proto, dir);
3017 #else
3018 {
3019 struct block *b;
3020 b = gen_port(port, real_proto, dir);
3021 gen_or(gen_port6(port, real_proto, dir), b);
3022 return b;
3023 }
3024 #endif /* INET6 */
3025
3026 case Q_GATEWAY:
3027 #ifndef INET6
3028 eaddr = pcap_ether_hostton(name);
3029 if (eaddr == NULL)
3030 bpf_error("unknown ether host: %s", name);
3031
3032 alist = pcap_nametoaddr(name);
3033 if (alist == NULL || *alist == NULL)
3034 bpf_error("unknown host '%s'", name);
3035 return gen_gateway(eaddr, alist, proto, dir);
3036 #else
3037 bpf_error("'gateway' not supported in this configuration");
3038 #endif /*INET6*/
3039
3040 case Q_PROTO:
3041 real_proto = lookup_proto(name, proto);
3042 if (real_proto >= 0)
3043 return gen_proto(real_proto, proto, dir);
3044 else
3045 bpf_error("unknown protocol: %s", name);
3046
3047 case Q_PROTOCHAIN:
3048 real_proto = lookup_proto(name, proto);
3049 if (real_proto >= 0)
3050 return gen_protochain(real_proto, proto, dir);
3051 else
3052 bpf_error("unknown protocol: %s", name);
3053
3054
3055 case Q_UNDEF:
3056 syntax();
3057 /* NOTREACHED */
3058 }
3059 abort();
3060 /* NOTREACHED */
3061 }
3062
3063 struct block *
3064 gen_mcode(s1, s2, masklen, q)
3065 register const char *s1, *s2;
3066 register int masklen;
3067 struct qual q;
3068 {
3069 register int nlen, mlen;
3070 bpf_u_int32 n, m;
3071
3072 nlen = __pcap_atoin(s1, &n);
3073 /* Promote short ipaddr */
3074 n <<= 32 - nlen;
3075
3076 if (s2 != NULL) {
3077 mlen = __pcap_atoin(s2, &m);
3078 /* Promote short ipaddr */
3079 m <<= 32 - mlen;
3080 if ((n & ~m) != 0)
3081 bpf_error("non-network bits set in \"%s mask %s\"",
3082 s1, s2);
3083 } else {
3084 /* Convert mask len to mask */
3085 if (masklen > 32)
3086 bpf_error("mask length must be <= 32");
3087 m = 0xffffffff << (32 - masklen);
3088 if ((n & ~m) != 0)
3089 bpf_error("non-network bits set in \"%s/%d\"",
3090 s1, masklen);
3091 }
3092
3093 switch (q.addr) {
3094
3095 case Q_NET:
3096 return gen_host(n, m, q.proto, q.dir);
3097
3098 default:
3099 bpf_error("Mask syntax for networks only");
3100 /* NOTREACHED */
3101 }
3102 }
3103
3104 struct block *
3105 gen_ncode(s, v, q)
3106 register const char *s;
3107 bpf_u_int32 v;
3108 struct qual q;
3109 {
3110 bpf_u_int32 mask;
3111 int proto = q.proto;
3112 int dir = q.dir;
3113 register int vlen;
3114
3115 if (s == NULL)
3116 vlen = 32;
3117 else if (q.proto == Q_DECNET)
3118 vlen = __pcap_atodn(s, &v);
3119 else
3120 vlen = __pcap_atoin(s, &v);
3121
3122 switch (q.addr) {
3123
3124 case Q_DEFAULT:
3125 case Q_HOST:
3126 case Q_NET:
3127 if (proto == Q_DECNET)
3128 return gen_host(v, 0, proto, dir);
3129 else if (proto == Q_LINK) {
3130 bpf_error("illegal link layer address");
3131 } else {
3132 mask = 0xffffffff;
3133 if (s == NULL && q.addr == Q_NET) {
3134 /* Promote short net number */
3135 while (v && (v & 0xff000000) == 0) {
3136 v <<= 8;
3137 mask <<= 8;
3138 }
3139 } else {
3140 /* Promote short ipaddr */
3141 v <<= 32 - vlen;
3142 mask <<= 32 - vlen;
3143 }
3144 return gen_host(v, mask, proto, dir);
3145 }
3146
3147 case Q_PORT:
3148 if (proto == Q_UDP)
3149 proto = IPPROTO_UDP;
3150 else if (proto == Q_TCP)
3151 proto = IPPROTO_TCP;
3152 else if (proto == Q_SCTP)
3153 proto = IPPROTO_SCTP;
3154 else if (proto == Q_DEFAULT)
3155 proto = PROTO_UNDEF;
3156 else
3157 bpf_error("illegal qualifier of 'port'");
3158
3159 #ifndef INET6
3160 return gen_port((int)v, proto, dir);
3161 #else
3162 {
3163 struct block *b;
3164 b = gen_port((int)v, proto, dir);
3165 gen_or(gen_port6((int)v, proto, dir), b);
3166 return b;
3167 }
3168 #endif /* INET6 */
3169
3170 case Q_GATEWAY:
3171 bpf_error("'gateway' requires a name");
3172 /* NOTREACHED */
3173
3174 case Q_PROTO:
3175 return gen_proto((int)v, proto, dir);
3176
3177 case Q_PROTOCHAIN:
3178 return gen_protochain((int)v, proto, dir);
3179
3180 case Q_UNDEF:
3181 syntax();
3182 /* NOTREACHED */
3183
3184 default:
3185 abort();
3186 /* NOTREACHED */
3187 }
3188 /* NOTREACHED */
3189 }
3190
3191 #ifdef INET6
3192 struct block *
3193 gen_mcode6(s1, s2, masklen, q)
3194 register const char *s1, *s2;
3195 register int masklen;
3196 struct qual q;
3197 {
3198 struct addrinfo *res;
3199 struct in6_addr *addr;
3200 struct in6_addr mask;
3201 struct block *b;
3202 u_int32_t *a, *m;
3203
3204 if (s2)
3205 bpf_error("no mask %s supported", s2);
3206
3207 res = pcap_nametoaddrinfo(s1);
3208 if (!res)
3209 bpf_error("invalid ip6 address %s", s1);
3210 if (res->ai_next)
3211 bpf_error("%s resolved to multiple address", s1);
3212 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr;
3213
3214 if (sizeof(mask) * 8 < masklen)
3215 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8));
3216 memset(&mask, 0xff, masklen / 8);
3217 if (masklen % 8) {
3218 mask.s6_addr[masklen / 8] =
3219 (0xff << (8 - masklen % 8)) & 0xff;
3220 }
3221
3222 a = (u_int32_t *)addr;
3223 m = (u_int32_t *)&mask;
3224 if ((a[0] & ~m[0]) || (a[1] & ~m[1])
3225 || (a[2] & ~m[2]) || (a[3] & ~m[3])) {
3226 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen);
3227 }
3228
3229 switch (q.addr) {
3230
3231 case Q_DEFAULT:
3232 case Q_HOST:
3233 if (masklen != 128)
3234 bpf_error("Mask syntax for networks only");
3235 /* FALLTHROUGH */
3236
3237 case Q_NET:
3238 b = gen_host6(addr, &mask, q.proto, q.dir);
3239 freeaddrinfo(res);
3240 return b;
3241
3242 default:
3243 bpf_error("invalid qualifier against IPv6 address");
3244 /* NOTREACHED */
3245 }
3246 }
3247 #endif /*INET6*/
3248
3249 struct block *
3250 gen_ecode(eaddr, q)
3251 register const u_char *eaddr;
3252 struct qual q;
3253 {
3254 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
3255 if (linktype == DLT_EN10MB)
3256 return gen_ehostop(eaddr, (int)q.dir);
3257 if (linktype == DLT_FDDI)
3258 return gen_fhostop(eaddr, (int)q.dir);
3259 if (linktype == DLT_IEEE802)
3260 return gen_thostop(eaddr, (int)q.dir);
3261 bpf_error("ethernet addresses supported only on ethernet, FDDI or token ring");
3262 }
3263 bpf_error("ethernet address used in non-ether expression");
3264 /* NOTREACHED */
3265 }
3266
3267 void
3268 sappend(s0, s1)
3269 struct slist *s0, *s1;
3270 {
3271 /*
3272 * This is definitely not the best way to do this, but the
3273 * lists will rarely get long.
3274 */
3275 while (s0->next)
3276 s0 = s0->next;
3277 s0->next = s1;
3278 }
3279
3280 static struct slist *
3281 xfer_to_x(a)
3282 struct arth *a;
3283 {
3284 struct slist *s;
3285
3286 s = new_stmt(BPF_LDX|BPF_MEM);
3287 s->s.k = a->regno;
3288 return s;
3289 }
3290
3291 static struct slist *
3292 xfer_to_a(a)
3293 struct arth *a;
3294 {
3295 struct slist *s;
3296
3297 s = new_stmt(BPF_LD|BPF_MEM);
3298 s->s.k = a->regno;
3299 return s;
3300 }
3301
3302 struct arth *
3303 gen_load(proto, index, size)
3304 int proto;
3305 struct arth *index;
3306 int size;
3307 {
3308 struct slist *s, *tmp;
3309 struct block *b;
3310 int regno = alloc_reg();
3311
3312 free_reg(index->regno);
3313 switch (size) {
3314
3315 default:
3316 bpf_error("data size must be 1, 2, or 4");
3317
3318 case 1:
3319 size = BPF_B;
3320 break;
3321
3322 case 2:
3323 size = BPF_H;
3324 break;
3325
3326 case 4:
3327 size = BPF_W;
3328 break;
3329 }
3330 switch (proto) {
3331 default:
3332 bpf_error("unsupported index operation");
3333
3334 case Q_LINK:
3335 s = xfer_to_x(index);
3336 tmp = new_stmt(BPF_LD|BPF_IND|size);
3337 sappend(s, tmp);
3338 sappend(index->s, s);
3339 break;
3340
3341 case Q_IP:
3342 case Q_ARP:
3343 case Q_RARP:
3344 case Q_ATALK:
3345 case Q_DECNET:
3346 case Q_SCA:
3347 case Q_LAT:
3348 case Q_MOPRC:
3349 case Q_MOPDL:
3350 #ifdef INET6
3351 case Q_IPV6:
3352 #endif
3353 /* XXX Note that we assume a fixed link header here. */
3354 s = xfer_to_x(index);
3355 tmp = new_stmt(BPF_LD|BPF_IND|size);
3356 tmp->s.k = off_nl;
3357 sappend(s, tmp);
3358 sappend(index->s, s);
3359
3360 b = gen_proto_abbrev(proto);
3361 if (index->b)
3362 gen_and(index->b, b);
3363 index->b = b;
3364 break;
3365
3366 case Q_SCTP:
3367 case Q_TCP:
3368 case Q_UDP:
3369 case Q_ICMP:
3370 case Q_IGMP:
3371 case Q_IGRP:
3372 case Q_PIM:
3373 case Q_VRRP:
3374 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
3375 s->s.k = off_nl;
3376 sappend(s, xfer_to_a(index));
3377 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X));
3378 sappend(s, new_stmt(BPF_MISC|BPF_TAX));
3379 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size));
3380 tmp->s.k = off_nl;
3381 sappend(index->s, s);
3382
3383 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag());
3384 if (index->b)
3385 gen_and(index->b, b);
3386 #ifdef INET6
3387 gen_and(gen_proto_abbrev(Q_IP), b);
3388 #endif
3389 index->b = b;
3390 break;
3391 #ifdef INET6
3392 case Q_ICMPV6:
3393 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]");
3394 /*NOTREACHED*/
3395 #endif
3396 }
3397 index->regno = regno;
3398 s = new_stmt(BPF_ST);
3399 s->s.k = regno;
3400 sappend(index->s, s);
3401
3402 return index;
3403 }
3404
3405 struct block *
3406 gen_relation(code, a0, a1, reversed)
3407 int code;
3408 struct arth *a0, *a1;
3409 int reversed;
3410 {
3411 struct slist *s0, *s1, *s2;
3412 struct block *b, *tmp;
3413
3414 s0 = xfer_to_x(a1);
3415 s1 = xfer_to_a(a0);
3416 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X);
3417 b = new_block(JMP(code));
3418 if (code == BPF_JGT || code == BPF_JGE) {
3419 reversed = !reversed;
3420 b->s.k = 0x80000000;
3421 }
3422 if (reversed)
3423 gen_not(b);
3424
3425 sappend(s1, s2);
3426 sappend(s0, s1);
3427 sappend(a1->s, s0);
3428 sappend(a0->s, a1->s);
3429
3430 b->stmts = a0->s;
3431
3432 free_reg(a0->regno);
3433 free_reg(a1->regno);
3434
3435 /* 'and' together protocol checks */
3436 if (a0->b) {
3437 if (a1->b) {
3438 gen_and(a0->b, tmp = a1->b);
3439 }
3440 else
3441 tmp = a0->b;
3442 } else
3443 tmp = a1->b;
3444
3445 if (tmp)
3446 gen_and(tmp, b);
3447
3448 return b;
3449 }
3450
3451 struct arth *
3452 gen_loadlen()
3453 {
3454 int regno = alloc_reg();
3455 struct arth *a = (struct arth *)newchunk(sizeof(*a));
3456 struct slist *s;
3457
3458 s = new_stmt(BPF_LD|BPF_LEN);
3459 s->next = new_stmt(BPF_ST);
3460 s->next->s.k = regno;
3461 a->s = s;
3462 a->regno = regno;
3463
3464 return a;
3465 }
3466
3467 struct arth *
3468 gen_loadi(val)
3469 int val;
3470 {
3471 struct arth *a;
3472 struct slist *s;
3473 int reg;
3474
3475 a = (struct arth *)newchunk(sizeof(*a));
3476
3477 reg = alloc_reg();
3478
3479 s = new_stmt(BPF_LD|BPF_IMM);
3480 s->s.k = val;
3481 s->next = new_stmt(BPF_ST);
3482 s->next->s.k = reg;
3483 a->s = s;
3484 a->regno = reg;
3485
3486 return a;
3487 }
3488
3489 struct arth *
3490 gen_neg(a)
3491 struct arth *a;
3492 {
3493 struct slist *s;
3494
3495 s = xfer_to_a(a);
3496 sappend(a->s, s);
3497 s = new_stmt(BPF_ALU|BPF_NEG);
3498 s->s.k = 0;
3499 sappend(a->s, s);
3500 s = new_stmt(BPF_ST);
3501 s->s.k = a->regno;
3502 sappend(a->s, s);
3503
3504 return a;
3505 }
3506
3507 struct arth *
3508 gen_arth(code, a0, a1)
3509 int code;
3510 struct arth *a0, *a1;
3511 {
3512 struct slist *s0, *s1, *s2;
3513
3514 s0 = xfer_to_x(a1);
3515 s1 = xfer_to_a(a0);
3516 s2 = new_stmt(BPF_ALU|BPF_X|code);
3517
3518 sappend(s1, s2);
3519 sappend(s0, s1);
3520 sappend(a1->s, s0);
3521 sappend(a0->s, a1->s);
3522
3523 free_reg(a1->regno);
3524
3525 s0 = new_stmt(BPF_ST);
3526 a0->regno = s0->s.k = alloc_reg();
3527 sappend(a0->s, s0);
3528
3529 return a0;
3530 }
3531
3532 /*
3533 * Here we handle simple allocation of the scratch registers.
3534 * If too many registers are alloc'd, the allocator punts.
3535 */
3536 static int regused[BPF_MEMWORDS];
3537 static int curreg;
3538
3539 /*
3540 * Return the next free register.
3541 */
3542 static int
3543 alloc_reg()
3544 {
3545 int n = BPF_MEMWORDS;
3546
3547 while (--n >= 0) {
3548 if (regused[curreg])
3549 curreg = (curreg + 1) % BPF_MEMWORDS;
3550 else {
3551 regused[curreg] = 1;
3552 return curreg;
3553 }
3554 }
3555 bpf_error("too many registers needed to evaluate expression");
3556 /* NOTREACHED */
3557 }
3558
3559 /*
3560 * Return a register to the table so it can
3561 * be used later.
3562 */
3563 static void
3564 free_reg(n)
3565 int n;
3566 {
3567 regused[n] = 0;
3568 }
3569
3570 static struct block *
3571 gen_len(jmp, n)
3572 int jmp, n;
3573 {
3574 struct slist *s;
3575 struct block *b;
3576
3577 s = new_stmt(BPF_LD|BPF_LEN);
3578 b = new_block(JMP(jmp));
3579 b->stmts = s;
3580 b->s.k = n;
3581
3582 return b;
3583 }
3584
3585 struct block *
3586 gen_greater(n)
3587 int n;
3588 {
3589 return gen_len(BPF_JGE, n);
3590 }
3591
3592 /*
3593 * Actually, this is less than or equal.
3594 */
3595 struct block *
3596 gen_less(n)
3597 int n;
3598 {
3599 struct block *b;
3600
3601 b = gen_len(BPF_JGT, n);
3602 gen_not(b);
3603
3604 return b;
3605 }
3606
3607 struct block *
3608 gen_byteop(op, idx, val)
3609 int op, idx, val;
3610 {
3611 struct block *b;
3612 struct slist *s;
3613
3614 switch (op) {
3615 default:
3616 abort();
3617
3618 case '=':
3619 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
3620
3621 case '<':
3622 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
3623 b->s.code = JMP(BPF_JGE);
3624 gen_not(b);
3625 return b;
3626
3627 case '>':
3628 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
3629 b->s.code = JMP(BPF_JGT);
3630 return b;
3631
3632 case '|':
3633 s = new_stmt(BPF_ALU|BPF_OR|BPF_K);
3634 break;
3635
3636 case '&':
3637 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
3638 break;
3639 }
3640 s->s.k = val;
3641 b = new_block(JMP(BPF_JEQ));
3642 b->stmts = s;
3643 gen_not(b);
3644
3645 return b;
3646 }
3647
3648 static u_char abroadcast[] = { 0x0 };
3649
3650 struct block *
3651 gen_broadcast(proto)
3652 int proto;
3653 {
3654 bpf_u_int32 hostmask;
3655 struct block *b0, *b1, *b2;
3656 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
3657
3658 switch (proto) {
3659
3660 case Q_DEFAULT:
3661 case Q_LINK:
3662 if (linktype == DLT_ARCNET)
3663 return gen_ahostop(abroadcast, Q_DST);
3664 if (linktype == DLT_EN10MB)
3665 return gen_ehostop(ebroadcast, Q_DST);
3666 if (linktype == DLT_FDDI)
3667 return gen_fhostop(ebroadcast, Q_DST);
3668 if (linktype == DLT_IEEE802)
3669 return gen_thostop(ebroadcast, Q_DST);
3670 bpf_error("not a broadcast link");
3671 break;
3672
3673 case Q_IP:
3674 b0 = gen_linktype(ETHERTYPE_IP);
3675 hostmask = ~netmask;
3676 b1 = gen_mcmp(off_nl + 16, BPF_W, (bpf_int32)0, hostmask);
3677 b2 = gen_mcmp(off_nl + 16, BPF_W,
3678 (bpf_int32)(~0 & hostmask), hostmask);
3679 gen_or(b1, b2);
3680 gen_and(b0, b2);
3681 return b2;
3682 }
3683 bpf_error("only ether/ip broadcast filters supported");
3684 }
3685
3686 struct block *
3687 gen_multicast(proto)
3688 int proto;
3689 {
3690 register struct block *b0, *b1;
3691 register struct slist *s;
3692
3693 switch (proto) {
3694
3695 case Q_DEFAULT:
3696 case Q_LINK:
3697 if (linktype == DLT_ARCNET)
3698 /* all ARCnet multicasts use the same address */
3699 return gen_ahostop(abroadcast, Q_DST);
3700
3701 if (linktype == DLT_EN10MB) {
3702 /* ether[0] & 1 != 0 */
3703 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
3704 s->s.k = 0;
3705 b0 = new_block(JMP(BPF_JSET));
3706 b0->s.k = 1;
3707 b0->stmts = s;
3708 return b0;
3709 }
3710
3711 if (linktype == DLT_FDDI) {
3712 /* XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX */
3713 /* fddi[1] & 1 != 0 */
3714 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
3715 s->s.k = 1;
3716 b0 = new_block(JMP(BPF_JSET));
3717 b0->s.k = 1;
3718 b0->stmts = s;
3719 return b0;
3720 }
3721
3722 /* TODO - check how token ring handles multicast */
3723 /* if (linktype == DLT_IEEE802) ... */
3724
3725 /* Link not known to support multicasts */
3726 break;
3727
3728 case Q_IP:
3729 b0 = gen_linktype(ETHERTYPE_IP);
3730 b1 = gen_cmp(off_nl + 16, BPF_B, (bpf_int32)224);
3731 b1->s.code = JMP(BPF_JGE);
3732 gen_and(b0, b1);
3733 return b1;
3734
3735 #ifdef INET6
3736 case Q_IPV6:
3737 b0 = gen_linktype(ETHERTYPE_IPV6);
3738 b1 = gen_cmp(off_nl + 24, BPF_B, (bpf_int32)255);
3739 gen_and(b0, b1);
3740 return b1;
3741 #endif /* INET6 */
3742 }
3743 bpf_error("only IP multicast filters supported on ethernet/FDDI");
3744 }
3745
3746 /*
3747 * generate command for inbound/outbound. It's here so we can
3748 * make it link-type specific. 'dir' = 0 implies "inbound",
3749 * = 1 implies "outbound".
3750 */
3751 struct block *
3752 gen_inbound(dir)
3753 int dir;
3754 {
3755 register struct block *b0;
3756
3757 /*
3758 * Only some data link types support inbound/outbound qualifiers.
3759 */
3760 switch (linktype) {
3761 case DLT_SLIP:
3762 case DLT_PPP:
3763 b0 = gen_relation(BPF_JEQ,
3764 gen_load(Q_LINK, gen_loadi(0), 1),
3765 gen_loadi(0),
3766 dir);
3767 break;
3768
3769 default:
3770 bpf_error("inbound/outbound not supported on linktype %d\n",
3771 linktype);
3772 b0 = NULL;
3773 /* NOTREACHED */
3774 }
3775 return (b0);
3776 }
3777
3778 struct block *
3779 gen_acode(eaddr, q)
3780 register const u_char *eaddr;
3781 struct qual q;
3782 {
3783 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
3784 if (linktype == DLT_ARCNET)
3785 return gen_ahostop(eaddr, (int)q.dir);
3786 }
3787 bpf_error("ARCnet address used in non-arc expression");
3788 /* NOTREACHED */
3789 }
3790
3791 static struct block *
3792 gen_ahostop(eaddr, dir)
3793 register const u_char *eaddr;
3794 register int dir;
3795 {
3796 register struct block *b0, *b1;
3797
3798 switch (dir) {
3799 /* src comes first, different from Ethernet */
3800 case Q_SRC:
3801 return gen_bcmp(0, 1, eaddr);
3802
3803 case Q_DST:
3804 return gen_bcmp(1, 1, eaddr);
3805
3806 case Q_AND:
3807 b0 = gen_ahostop(eaddr, Q_SRC);
3808 b1 = gen_ahostop(eaddr, Q_DST);
3809 gen_and(b0, b1);
3810 return b1;
3811
3812 case Q_DEFAULT:
3813 case Q_OR:
3814 b0 = gen_ahostop(eaddr, Q_SRC);
3815 b1 = gen_ahostop(eaddr, Q_DST);
3816 gen_or(b0, b1);
3817 return b1;
3818 }
3819 abort();
3820 /* NOTREACHED */
3821 }
3822
3823 /*
3824 * support IEEE 802.1Q VLAN trunk over ethernet
3825 */
3826 struct block *
3827 gen_vlan(vlan_num)
3828 int vlan_num;
3829 {
3830 static u_int orig_linktype = -1, orig_nl = -1;
3831 struct block *b0;
3832
3833 /*
3834 * Change the offsets to point to the type and data fields within
3835 * the VLAN packet. This is somewhat of a kludge.
3836 */
3837 if (orig_nl == (u_int)-1) {
3838 orig_linktype = off_linktype; /* save original values */
3839 orig_nl = off_nl;
3840
3841 switch (linktype) {
3842
3843 case DLT_EN10MB:
3844 off_linktype = 16;
3845 off_nl = 18;
3846 break;
3847
3848 default:
3849 bpf_error("no VLAN support for data link type %d",
3850 linktype);
3851 /*NOTREACHED*/
3852 }
3853 }
3854
3855 /* check for VLAN */
3856 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q);
3857
3858 /* If a specific VLAN is requested, check VLAN id */
3859 if (vlan_num >= 0) {
3860 struct block *b1;
3861
3862 b1 = gen_cmp(orig_nl, BPF_H, (bpf_int32)vlan_num);
3863 gen_and(b0, b1);
3864 b0 = b1;
3865 }
3866
3867 return (b0);
3868 }
[mirror] the LIBpcap interface to various kernel packet capture mechanism