]> The Tcpdump Group git mirrors - libpcap/blob - gencode.c
projects / libpcap / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Fix a typo in a comment.
[libpcap] / gencode.c
1 /*#define CHASE_CHAIN*/
2 /*
3 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998
4 * The Regents of the University of California. All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that: (1) source code distributions
8 * retain the above copyright notice and this paragraph in its entirety, (2)
9 * distributions including binary code include the above copyright notice and
10 * this paragraph in its entirety in the documentation or other materials
11 * provided with the distribution, and (3) all advertising materials mentioning
12 * features or use of this software display the following acknowledgement:
13 * ``This product includes software developed by the University of California,
14 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
15 * the University nor the names of its contributors may be used to endorse
16 * or promote products derived from this software without specific prior
17 * written permission.
18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
19 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
20 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
21 */
22 #ifndef lint
23 static const char rcsid[] =
24 "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.174 2002-08-06 06:13:20 guy Exp $ (LBL)";
25 #endif
26
27 #ifdef HAVE_CONFIG_H
28 #include "config.h"
29 #endif
30
31 #ifdef WIN32
32 #include <pcap-stdinc.h>
33 #else /* WIN32 */
34 #include <sys/types.h>
35 #include <sys/socket.h>
36 #include <sys/time.h>
37 #endif /* WIN32 */
38
39 /*
40 * XXX - why was this included even on UNIX?
41 */
42 #ifdef __MINGW32__
43 #include "IP6_misc.h"
44 #endif
45
46 #ifndef WIN32
47
48 #ifdef __NetBSD__
49 #include <sys/param.h>
50 #endif
51
52 #include <netinet/in.h>
53
54 #endif /* WIN32 */
55
56 #include <stdlib.h>
57 #include <string.h>
58 #include <memory.h>
59 #include <setjmp.h>
60 #include <stdarg.h>
61
62 #include "pcap-int.h"
63
64 #include "ethertype.h"
65 #include "nlpid.h"
66 #include "llc.h"
67 #include "gencode.h"
68 #include "atmuni31.h"
69 #include "sunatmpos.h"
70 #include "ppp.h"
71 #include "sll.h"
72 #include "arcnet.h"
73 #ifdef INET6
74 #ifndef WIN32
75 #include <netdb.h> /* for "struct addrinfo" */
76 #endif /* WIN32 */
77 #endif /*INET6*/
78 #include <pcap-namedb.h>
79
80 #define ETHERMTU 1500
81
82 #ifndef IPPROTO_SCTP
83 #define IPPROTO_SCTP 132
84 #endif
85
86 #ifdef HAVE_OS_PROTO_H
87 #include "os-proto.h"
88 #endif
89
90 #define JMP(c) ((c)|BPF_JMP|BPF_K)
91
92 /* Locals */
93 static jmp_buf top_ctx;
94 static pcap_t *bpf_pcap;
95
96 /* Hack for updating VLAN offsets. */
97 static u_int orig_linktype = -1, orig_nl = -1, orig_nl_nosnap = -1;
98
99 /* XXX */
100 #ifdef PCAP_FDDIPAD
101 int pcap_fddipad = PCAP_FDDIPAD;
102 #else
103 int pcap_fddipad;
104 #endif
105
106 /* VARARGS */
107 void
108 bpf_error(const char *fmt, ...)
109
110 {
111 va_list ap;
112
113 va_start(ap, fmt);
114 if (bpf_pcap != NULL)
115 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE,
116 fmt, ap);
117 va_end(ap);
118 longjmp(top_ctx, 1);
119 /* NOTREACHED */
120 }
121
122 static void init_linktype(int);
123
124 static int alloc_reg(void);
125 static void free_reg(int);
126
127 static struct block *root;
128
129 /*
130 * We divy out chunks of memory rather than call malloc each time so
131 * we don't have to worry about leaking memory. It's probably
132 * not a big deal if all this memory was wasted but it this ever
133 * goes into a library that would probably not be a good idea.
134 */
135 #define NCHUNKS 16
136 #define CHUNK0SIZE 1024
137 struct chunk {
138 u_int n_left;
139 void *m;
140 };
141
142 static struct chunk chunks[NCHUNKS];
143 static int cur_chunk;
144
145 static void *newchunk(u_int);
146 static void freechunks(void);
147 static inline struct block *new_block(int);
148 static inline struct slist *new_stmt(int);
149 static struct block *gen_retblk(int);
150 static inline void syntax(void);
151
152 static void backpatch(struct block *, struct block *);
153 static void merge(struct block *, struct block *);
154 static struct block *gen_cmp(u_int, u_int, bpf_int32);
155 static struct block *gen_cmp_gt(u_int, u_int, bpf_int32);
156 static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32);
157 static struct block *gen_bcmp(u_int, u_int, const u_char *);
158 static struct block *gen_ncmp(bpf_u_int32, bpf_u_int32, bpf_u_int32,
159 bpf_u_int32, bpf_u_int32, int);
160 static struct block *gen_uncond(int);
161 static inline struct block *gen_true(void);
162 static inline struct block *gen_false(void);
163 static struct block *gen_linktype(int);
164 static struct block *gen_snap(bpf_u_int32, bpf_u_int32, u_int);
165 static struct block *gen_llc(int);
166 static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int);
167 #ifdef INET6
168 static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int);
169 #endif
170 static struct block *gen_ahostop(const u_char *, int);
171 static struct block *gen_ehostop(const u_char *, int);
172 static struct block *gen_fhostop(const u_char *, int);
173 static struct block *gen_thostop(const u_char *, int);
174 static struct block *gen_dnhostop(bpf_u_int32, int, u_int);
175 static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int);
176 #ifdef INET6
177 static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int);
178 #endif
179 #ifndef INET6
180 static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int);
181 #endif
182 static struct block *gen_ipfrag(void);
183 static struct block *gen_portatom(int, bpf_int32);
184 #ifdef INET6
185 static struct block *gen_portatom6(int, bpf_int32);
186 #endif
187 struct block *gen_portop(int, int, int);
188 static struct block *gen_port(int, int, int);
189 #ifdef INET6
190 struct block *gen_portop6(int, int, int);
191 static struct block *gen_port6(int, int, int);
192 #endif
193 static int lookup_proto(const char *, int);
194 static struct block *gen_protochain(int, int, int);
195 static struct block *gen_proto(int, int, int);
196 static struct slist *xfer_to_x(struct arth *);
197 static struct slist *xfer_to_a(struct arth *);
198 static struct block *gen_len(int, int);
199
200 static struct block *gen_msg_abbrev(int type);
201
202 static void *
203 newchunk(n)
204 u_int n;
205 {
206 struct chunk *cp;
207 int k, size;
208
209 #ifndef __NetBSD__
210 /* XXX Round up to nearest long. */
211 n = (n + sizeof(long) - 1) & ~(sizeof(long) - 1);
212 #else
213 /* XXX Round up to structure boundary. */
214 n = ALIGN(n);
215 #endif
216
217 cp = &chunks[cur_chunk];
218 if (n > cp->n_left) {
219 ++cp, k = ++cur_chunk;
220 if (k >= NCHUNKS)
221 bpf_error("out of memory");
222 size = CHUNK0SIZE << k;
223 cp->m = (void *)malloc(size);
224 memset((char *)cp->m, 0, size);
225 cp->n_left = size;
226 if (n > size)
227 bpf_error("out of memory");
228 }
229 cp->n_left -= n;
230 return (void *)((char *)cp->m + cp->n_left);
231 }
232
233 static void
234 freechunks()
235 {
236 int i;
237
238 cur_chunk = 0;
239 for (i = 0; i < NCHUNKS; ++i)
240 if (chunks[i].m != NULL) {
241 free(chunks[i].m);
242 chunks[i].m = NULL;
243 }
244 }
245
246 /*
247 * A strdup whose allocations are freed after code generation is over.
248 */
249 char *
250 sdup(s)
251 register const char *s;
252 {
253 int n = strlen(s) + 1;
254 char *cp = newchunk(n);
255
256 strlcpy(cp, s, n);
257 return (cp);
258 }
259
260 static inline struct block *
261 new_block(code)
262 int code;
263 {
264 struct block *p;
265
266 p = (struct block *)newchunk(sizeof(*p));
267 p->s.code = code;
268 p->head = p;
269
270 return p;
271 }
272
273 static inline struct slist *
274 new_stmt(code)
275 int code;
276 {
277 struct slist *p;
278
279 p = (struct slist *)newchunk(sizeof(*p));
280 p->s.code = code;
281
282 return p;
283 }
284
285 static struct block *
286 gen_retblk(v)
287 int v;
288 {
289 struct block *b = new_block(BPF_RET|BPF_K);
290
291 b->s.k = v;
292 return b;
293 }
294
295 static inline void
296 syntax()
297 {
298 bpf_error("syntax error in filter expression");
299 }
300
301 static bpf_u_int32 netmask;
302 static int snaplen;
303 int no_optimize;
304
305 int
306 pcap_compile(pcap_t *p, struct bpf_program *program,
307 char *buf, int optimize, bpf_u_int32 mask)
308 {
309 extern int n_errors;
310 int len;
311
312 no_optimize = 0;
313 n_errors = 0;
314 root = NULL;
315 bpf_pcap = p;
316 if (setjmp(top_ctx)) {
317 lex_cleanup();
318 freechunks();
319 return (-1);
320 }
321
322 netmask = mask;
323
324 snaplen = pcap_snapshot(p);
325 if (snaplen == 0) {
326 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
327 "snaplen of 0 rejects all packets");
328 return -1;
329 }
330
331 lex_init(buf ? buf : "");
332 init_linktype(pcap_datalink(p));
333 (void)pcap_parse();
334
335 if (n_errors)
336 syntax();
337
338 if (root == NULL)
339 root = gen_retblk(snaplen);
340
341 if (optimize && !no_optimize) {
342 bpf_optimize(&root);
343 if (root == NULL ||
344 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0))
345 bpf_error("expression rejects all packets");
346 }
347 program->bf_insns = icode_to_fcode(root, &len);
348 program->bf_len = len;
349
350 lex_cleanup();
351 freechunks();
352 return (0);
353 }
354
355 /*
356 * entry point for using the compiler with no pcap open
357 * pass in all the stuff that is needed explicitly instead.
358 */
359 int
360 pcap_compile_nopcap(int snaplen_arg, int linktype_arg,
361 struct bpf_program *program,
362 char *buf, int optimize, bpf_u_int32 mask)
363 {
364 pcap_t *p;
365 int ret;
366
367 p = pcap_open_dead(linktype_arg, snaplen_arg);
368 if (p == NULL)
369 return (-1);
370 ret = pcap_compile(p, program, buf, optimize, mask);
371 pcap_close(p);
372 return (ret);
373 }
374
375 /*
376 * Clean up a "struct bpf_program" by freeing all the memory allocated
377 * in it.
378 */
379 void
380 pcap_freecode(struct bpf_program *program)
381 {
382 program->bf_len = 0;
383 if (program->bf_insns != NULL) {
384 free((char *)program->bf_insns);
385 program->bf_insns = NULL;
386 }
387 }
388
389 /*
390 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates
391 * which of the jt and jf fields has been resolved and which is a pointer
392 * back to another unresolved block (or nil). At least one of the fields
393 * in each block is already resolved.
394 */
395 static void
396 backpatch(list, target)
397 struct block *list, *target;
398 {
399 struct block *next;
400
401 while (list) {
402 if (!list->sense) {
403 next = JT(list);
404 JT(list) = target;
405 } else {
406 next = JF(list);
407 JF(list) = target;
408 }
409 list = next;
410 }
411 }
412
413 /*
414 * Merge the lists in b0 and b1, using the 'sense' field to indicate
415 * which of jt and jf is the link.
416 */
417 static void
418 merge(b0, b1)
419 struct block *b0, *b1;
420 {
421 register struct block **p = &b0;
422
423 /* Find end of list. */
424 while (*p)
425 p = !((*p)->sense) ? &JT(*p) : &JF(*p);
426
427 /* Concatenate the lists. */
428 *p = b1;
429 }
430
431 void
432 finish_parse(p)
433 struct block *p;
434 {
435 backpatch(p, gen_retblk(snaplen));
436 p->sense = !p->sense;
437 backpatch(p, gen_retblk(0));
438 root = p->head;
439 }
440
441 void
442 gen_and(b0, b1)
443 struct block *b0, *b1;
444 {
445 backpatch(b0, b1->head);
446 b0->sense = !b0->sense;
447 b1->sense = !b1->sense;
448 merge(b1, b0);
449 b1->sense = !b1->sense;
450 b1->head = b0->head;
451 }
452
453 void
454 gen_or(b0, b1)
455 struct block *b0, *b1;
456 {
457 b0->sense = !b0->sense;
458 backpatch(b0, b1->head);
459 b0->sense = !b0->sense;
460 merge(b1, b0);
461 b1->head = b0->head;
462 }
463
464 void
465 gen_not(b)
466 struct block *b;
467 {
468 b->sense = !b->sense;
469 }
470
471 static struct block *
472 gen_cmp(offset, size, v)
473 u_int offset, size;
474 bpf_int32 v;
475 {
476 struct slist *s;
477 struct block *b;
478
479 s = new_stmt(BPF_LD|BPF_ABS|size);
480 s->s.k = offset;
481
482 b = new_block(JMP(BPF_JEQ));
483 b->stmts = s;
484 b->s.k = v;
485
486 return b;
487 }
488
489 static struct block *
490 gen_cmp_gt(offset, size, v)
491 u_int offset, size;
492 bpf_int32 v;
493 {
494 struct slist *s;
495 struct block *b;
496
497 s = new_stmt(BPF_LD|BPF_ABS|size);
498 s->s.k = offset;
499
500 b = new_block(JMP(BPF_JGT));
501 b->stmts = s;
502 b->s.k = v;
503
504 return b;
505 }
506
507 static struct block *
508 gen_mcmp(offset, size, v, mask)
509 u_int offset, size;
510 bpf_int32 v;
511 bpf_u_int32 mask;
512 {
513 struct block *b = gen_cmp(offset, size, v);
514 struct slist *s;
515
516 if (mask != 0xffffffff) {
517 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
518 s->s.k = mask;
519 b->stmts->next = s;
520 }
521 return b;
522 }
523
524 static struct block *
525 gen_bcmp(offset, size, v)
526 register u_int offset, size;
527 register const u_char *v;
528 {
529 register struct block *b, *tmp;
530
531 b = NULL;
532 while (size >= 4) {
533 register const u_char *p = &v[size - 4];
534 bpf_int32 w = ((bpf_int32)p[0] << 24) |
535 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3];
536
537 tmp = gen_cmp(offset + size - 4, BPF_W, w);
538 if (b != NULL)
539 gen_and(b, tmp);
540 b = tmp;
541 size -= 4;
542 }
543 while (size >= 2) {
544 register const u_char *p = &v[size - 2];
545 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1];
546
547 tmp = gen_cmp(offset + size - 2, BPF_H, w);
548 if (b != NULL)
549 gen_and(b, tmp);
550 b = tmp;
551 size -= 2;
552 }
553 if (size > 0) {
554 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]);
555 if (b != NULL)
556 gen_and(b, tmp);
557 b = tmp;
558 }
559 return b;
560 }
561
562 static struct block *
563 gen_ncmp(datasize, offset, mask, jtype, jvalue, reverse)
564 bpf_u_int32 datasize, offset, mask, jtype, jvalue;
565 int reverse;
566 {
567 struct slist *s;
568 struct block *b;
569
570 s = new_stmt(BPF_LD|datasize|BPF_ABS);
571 s->s.k = offset;
572
573 if (mask != 0xffffffff) {
574 s->next = new_stmt(BPF_ALU|BPF_AND|BPF_K);
575 s->next->s.k = mask;
576 }
577
578 b = new_block(JMP(jtype));
579 b->stmts = s;
580 b->s.k = jvalue;
581 if (reverse && (jtype == BPF_JGT || jtype == BPF_JGE))
582 gen_not(b);
583 return b;
584 }
585
586 /*
587 * Various code constructs need to know the layout of the data link
588 * layer. These variables give the necessary offsets.
589 */
590
591 /*
592 * "off_linktype" is the offset to information in the link-layer header
593 * giving the packet type.
594 *
595 * For Ethernet, it's the offset of the Ethernet type field.
596 *
597 * For link-layer types that always use 802.2 headers, it's the
598 * offset of the LLC header.
599 *
600 * For PPP, it's the offset of the PPP type field.
601 *
602 * For Cisco HDLC, it's the offset of the CHDLC type field.
603 *
604 * For BSD loopback, it's the offset of the AF_ value.
605 *
606 * For Linux cooked sockets, it's the offset of the type field.
607 *
608 * It's set to -1 for no encapsulation, in which case, IP is assumed.
609 */
610 static u_int off_linktype;
611
612 /*
613 * TRUE if the link layer includes an ATM pseudo-header.
614 */
615 static int is_atm = 0;
616
617 /*
618 * These are offsets for the ATM pseudo-header.
619 */
620 static u_int off_vpi;
621 static u_int off_vci;
622 static u_int off_proto;
623
624 /*
625 * This is the offset to the message type for Q.2931 messages.
626 */
627 static u_int off_msg_type;
628
629 /*
630 * These are offsets to the beginning of the network-layer header.
631 *
632 * If the link layer never uses 802.2 LLC:
633 *
634 * "off_nl" and "off_nl_nosnap" are the same.
635 *
636 * If the link layer always uses 802.2 LLC:
637 *
638 * "off_nl" is the offset if there's a SNAP header following
639 * the 802.2 header;
640 *
641 * "off_nl_nosnap" is the offset if there's no SNAP header.
642 *
643 * If the link layer is Ethernet:
644 *
645 * "off_nl" is the offset if the packet is an Ethernet II packet
646 * (we assume no 802.3+802.2+SNAP);
647 *
648 * "off_nl_nosnap" is the offset if the packet is an 802.3 packet
649 * with an 802.2 header following it.
650 */
651 static u_int off_nl;
652 static u_int off_nl_nosnap;
653
654 static int linktype;
655
656 static void
657 init_linktype(type)
658 int type;
659 {
660 linktype = type;
661
662 /*
663 * Assume it's not raw ATM with a pseudo-header, for now.
664 */
665 is_atm = 0;
666 off_vpi = -1;
667 off_vci = -1;
668 off_proto = -1;
669 off_msg_type = -1;
670
671 orig_linktype = -1;
672 orig_nl = -1;
673 orig_nl_nosnap = -1;
674
675 switch (type) {
676
677 case DLT_ARCNET:
678 off_linktype = 2;
679 off_nl = 6; /* XXX in reality, variable! */
680 off_nl_nosnap = 6; /* no 802.2 LLC */
681 return;
682
683 case DLT_EN10MB:
684 off_linktype = 12;
685 off_nl = 14; /* Ethernet II */
686 off_nl_nosnap = 17; /* 802.3+802.2 */
687 return;
688
689 case DLT_SLIP:
690 /*
691 * SLIP doesn't have a link level type. The 16 byte
692 * header is hacked into our SLIP driver.
693 */
694 off_linktype = -1;
695 off_nl = 16;
696 off_nl_nosnap = 16; /* no 802.2 LLC */
697 return;
698
699 case DLT_SLIP_BSDOS:
700 /* XXX this may be the same as the DLT_PPP_BSDOS case */
701 off_linktype = -1;
702 /* XXX end */
703 off_nl = 24;
704 off_nl_nosnap = 24; /* no 802.2 LLC */
705 return;
706
707 case DLT_NULL:
708 case DLT_LOOP:
709 off_linktype = 0;
710 off_nl = 4;
711 off_nl_nosnap = 4; /* no 802.2 LLC */
712 return;
713
714 case DLT_PPP:
715 case DLT_C_HDLC: /* BSD/OS Cisco HDLC */
716 case DLT_PPP_SERIAL: /* NetBSD sync/async serial PPP */
717 off_linktype = 2;
718 off_nl = 4;
719 off_nl_nosnap = 4; /* no 802.2 LLC */
720 return;
721
722 case DLT_PPP_ETHER:
723 /*
724 * This does no include the Ethernet header, and
725 * only covers session state.
726 */
727 off_linktype = 6;
728 off_nl = 8;
729 off_nl_nosnap = 8; /* no 802.2 LLC */
730 return;
731
732 case DLT_PPP_BSDOS:
733 off_linktype = 5;
734 off_nl = 24;
735 off_nl_nosnap = 24; /* no 802.2 LLC */
736 return;
737
738 case DLT_FDDI:
739 /*
740 * FDDI doesn't really have a link-level type field.
741 * We set "off_linktype" to the offset of the LLC header.
742 *
743 * To check for Ethernet types, we assume that SSAP = SNAP
744 * is being used and pick out the encapsulated Ethernet type.
745 * XXX - should we generate code to check for SNAP?
746 */
747 off_linktype = 13;
748 #ifdef PCAP_FDDIPAD
749 off_linktype += pcap_fddipad;
750 #endif
751 off_nl = 21; /* FDDI+802.2+SNAP */
752 off_nl_nosnap = 16; /* FDDI+802.2 */
753 #ifdef PCAP_FDDIPAD
754 off_nl += pcap_fddipad;
755 off_nl_nosnap += pcap_fddipad;
756 #endif
757 return;
758
759 case DLT_IEEE802:
760 /*
761 * Token Ring doesn't really have a link-level type field.
762 * We set "off_linktype" to the offset of the LLC header.
763 *
764 * To check for Ethernet types, we assume that SSAP = SNAP
765 * is being used and pick out the encapsulated Ethernet type.
766 * XXX - should we generate code to check for SNAP?
767 *
768 * XXX - the header is actually variable-length.
769 * Some various Linux patched versions gave 38
770 * as "off_linktype" and 40 as "off_nl"; however,
771 * if a token ring packet has *no* routing
772 * information, i.e. is not source-routed, the correct
773 * values are 20 and 22, as they are in the vanilla code.
774 *
775 * A packet is source-routed iff the uppermost bit
776 * of the first byte of the source address, at an
777 * offset of 8, has the uppermost bit set. If the
778 * packet is source-routed, the total number of bytes
779 * of routing information is 2 plus bits 0x1F00 of
780 * the 16-bit value at an offset of 14 (shifted right
781 * 8 - figure out which byte that is).
782 */
783 off_linktype = 14;
784 off_nl = 22; /* Token Ring+802.2+SNAP */
785 off_nl_nosnap = 17; /* Token Ring+802.2 */
786 return;
787
788 case DLT_IEEE802_11:
789 /*
790 * 802.11 doesn't really have a link-level type field.
791 * We set "off_linktype" to the offset of the LLC header.
792 *
793 * To check for Ethernet types, we assume that SSAP = SNAP
794 * is being used and pick out the encapsulated Ethernet type.
795 * XXX - should we generate code to check for SNAP?
796 *
797 * XXX - the header is actually variable-length. We
798 * assume a 24-byte link-layer header, as appears in
799 * data frames in networks with no bridges.
800 */
801 off_linktype = 24;
802 off_nl = 32; /* 802.11+802.2+SNAP */
803 off_nl_nosnap = 27; /* 802.11+802.2 */
804 return;
805
806 case DLT_PRISM_HEADER:
807 /*
808 * Same as 802.11, but with an additional header before
809 * the 802.11 header, containing a bunch of additional
810 * information including radio-level information.
811 *
812 * The header is 144 bytes long.
813 *
814 * XXX - same variable-length header problem; at least
815 * the Prism header is fixed-length.
816 */
817 off_linktype = 144+24;
818 off_nl = 144+32; /* Prism+802.11+802.2+SNAP */
819 off_nl_nosnap = 144+27; /* Prism+802.11+802.2 */
820 return;
821
822 case DLT_ATM_RFC1483:
823 case DLT_ATM_CLIP: /* Linux ATM defines this */
824 /*
825 * assume routed, non-ISO PDUs
826 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00)
827 */
828 off_linktype = 0;
829 off_nl = 8; /* 802.2+SNAP */
830 off_nl_nosnap = 3; /* 802.2 */
831 return;
832
833 case DLT_SUNATM:
834 /*
835 * Full Frontal ATM; you get AALn PDUs with an ATM
836 * pseudo-header.
837 */
838 is_atm = 1;
839 off_linktype = SUNATM_PKT_BEGIN_POS;
840 off_vpi = SUNATM_VPI_POS;
841 off_vci = SUNATM_VCI_POS;
842 off_proto = PROTO_POS;
843 off_msg_type = SUNATM_PKT_BEGIN_POS+MSG_TYPE_POS;
844 off_nl = SUNATM_PKT_BEGIN_POS+8; /* 802.2+SNAP */
845 off_nl_nosnap = SUNATM_PKT_BEGIN_POS+3; /* 802.2 */
846 return;
847
848 case DLT_RAW:
849 off_linktype = -1;
850 off_nl = 0;
851 off_nl_nosnap = 0; /* no 802.2 LLC */
852 return;
853
854 case DLT_LINUX_SLL: /* fake header for Linux cooked socket */
855 off_linktype = 14;
856 off_nl = 16;
857 off_nl_nosnap = 16; /* no 802.2 LLC */
858 return;
859
860 case DLT_LTALK:
861 /*
862 * LocalTalk does have a 1-byte type field in the LLAP header,
863 * but really it just indicates whether there is a "short" or
864 * "long" DDP packet following.
865 */
866 off_linktype = -1;
867 off_nl = 0;
868 off_nl_nosnap = 0; /* no 802.2 LLC */
869 return;
870
871 case DLT_FRELAY:
872 /*
873 * XXX - we should set this to handle SNAP-encapsulated
874 * frames (NLPID of 0x80).
875 */
876 off_linktype = -1;
877 off_nl = 0;
878 off_nl_nosnap = 0; /* no 802.2 LLC */
879 return;
880 }
881 bpf_error("unknown data link type %d", linktype);
882 /* NOTREACHED */
883 }
884
885 static struct block *
886 gen_uncond(rsense)
887 int rsense;
888 {
889 struct block *b;
890 struct slist *s;
891
892 s = new_stmt(BPF_LD|BPF_IMM);
893 s->s.k = !rsense;
894 b = new_block(JMP(BPF_JEQ));
895 b->stmts = s;
896
897 return b;
898 }
899
900 static inline struct block *
901 gen_true()
902 {
903 return gen_uncond(1);
904 }
905
906 static inline struct block *
907 gen_false()
908 {
909 return gen_uncond(0);
910 }
911
912 /*
913 * Byte-swap a 32-bit number.
914 * ("htonl()" or "ntohl()" won't work - we want to byte-swap even on
915 * big-endian platforms.)
916 */
917 #define SWAPLONG(y) \
918 ((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff))
919
920 static struct block *
921 gen_linktype(proto)
922 register int proto;
923 {
924 struct block *b0, *b1, *b2;
925
926 switch (linktype) {
927
928 case DLT_EN10MB:
929 switch (proto) {
930
931 case LLCSAP_ISONS:
932 /*
933 * OSI protocols always use 802.2 encapsulation.
934 * XXX - should we check both the DSAP and the
935 * SSAP, like this, or should we check just the
936 * DSAP?
937 */
938 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
939 gen_not(b0);
940 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
941 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
942 gen_and(b0, b1);
943 return b1;
944
945 case LLCSAP_NETBEUI:
946 /*
947 * NetBEUI always uses 802.2 encapsulation.
948 * XXX - should we check both the DSAP and the
949 * SSAP, like this, or should we check just the
950 * DSAP?
951 */
952 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
953 gen_not(b0);
954 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
955 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
956 gen_and(b0, b1);
957 return b1;
958
959 case LLCSAP_IPX:
960 /*
961 * Check for;
962 *
963 * Ethernet_II frames, which are Ethernet
964 * frames with a frame type of ETHERTYPE_IPX;
965 *
966 * Ethernet_802.3 frames, which are 802.3
967 * frames (i.e., the type/length field is
968 * a length field, <= ETHERMTU, rather than
969 * a type field) with the first two bytes
970 * after the Ethernet/802.3 header being
971 * 0xFFFF;
972 *
973 * Ethernet_802.2 frames, which are 802.3
974 * frames with an 802.2 LLC header and
975 * with the IPX LSAP as the DSAP in the LLC
976 * header;
977 *
978 * Ethernet_SNAP frames, which are 802.3
979 * frames with an LLC header and a SNAP
980 * header and with an OUI of 0x000000
981 * (encapsulated Ethernet) and a protocol
982 * ID of ETHERTYPE_IPX in the SNAP header.
983 *
984 * XXX - should we generate the same code both
985 * for tests for LLCSAP_IPX and for ETHERTYPE_IPX?
986 */
987
988 /*
989 * This generates code to check both for the
990 * IPX LSAP (Ethernet_802.2) and for Ethernet_802.3.
991 */
992 b0 = gen_cmp(off_linktype + 2, BPF_B,
993 (bpf_int32)LLCSAP_IPX);
994 b1 = gen_cmp(off_linktype + 2, BPF_H,
995 (bpf_int32)0xFFFF);
996 gen_or(b0, b1);
997
998 /*
999 * Now we add code to check for SNAP frames with
1000 * ETHERTYPE_IPX, i.e. Ethernet_SNAP.
1001 */
1002 b0 = gen_snap(0x000000, ETHERTYPE_IPX, 14);
1003 gen_or(b0, b1);
1004
1005 /*
1006 * Now we generate code to check for 802.3
1007 * frames in general.
1008 */
1009 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1010 gen_not(b0);
1011
1012 /*
1013 * Now add the check for 802.3 frames before the
1014 * check for Ethernet_802.2 and Ethernet_802.3,
1015 * as those checks should only be done on 802.3
1016 * frames, not on Ethernet frames.
1017 */
1018 gen_and(b0, b1);
1019
1020 /*
1021 * Now add the check for Ethernet_II frames, and
1022 * do that before checking for the other frame
1023 * types.
1024 */
1025 b0 = gen_cmp(off_linktype, BPF_H,
1026 (bpf_int32)ETHERTYPE_IPX);
1027 gen_or(b0, b1);
1028 return b1;
1029
1030 case ETHERTYPE_ATALK:
1031 case ETHERTYPE_AARP:
1032 /*
1033 * EtherTalk (AppleTalk protocols on Ethernet link
1034 * layer) may use 802.2 encapsulation.
1035 */
1036
1037 /*
1038 * Check for 802.2 encapsulation (EtherTalk phase 2?);
1039 * we check for an Ethernet type field less than
1040 * 1500, which means it's an 802.3 length field.
1041 */
1042 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1043 gen_not(b0);
1044
1045 /*
1046 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1047 * SNAP packets with an organization code of
1048 * 0x080007 (Apple, for Appletalk) and a protocol
1049 * type of ETHERTYPE_ATALK (Appletalk).
1050 *
1051 * 802.2-encapsulated ETHERTYPE_AARP packets are
1052 * SNAP packets with an organization code of
1053 * 0x000000 (encapsulated Ethernet) and a protocol
1054 * type of ETHERTYPE_AARP (Appletalk ARP).
1055 */
1056 if (proto == ETHERTYPE_ATALK)
1057 b1 = gen_snap(0x080007, ETHERTYPE_ATALK, 14);
1058 else /* proto == ETHERTYPE_AARP */
1059 b1 = gen_snap(0x000000, ETHERTYPE_AARP, 14);
1060 gen_and(b0, b1);
1061
1062 /*
1063 * Check for Ethernet encapsulation (Ethertalk
1064 * phase 1?); we just check for the Ethernet
1065 * protocol type.
1066 */
1067 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1068
1069 gen_or(b0, b1);
1070 return b1;
1071
1072 default:
1073 if (proto <= ETHERMTU) {
1074 /*
1075 * This is an LLC SAP value, so the frames
1076 * that match would be 802.2 frames.
1077 * Check that the frame is an 802.2 frame
1078 * (i.e., that the length/type field is
1079 * a length field, <= ETHERMTU) and
1080 * then check the DSAP.
1081 */
1082 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1083 gen_not(b0);
1084 b1 = gen_cmp(off_linktype + 2, BPF_B,
1085 (bpf_int32)proto);
1086 gen_and(b0, b1);
1087 return b1;
1088 } else {
1089 /*
1090 * This is an Ethernet type, so compare
1091 * the length/type field with it (if
1092 * the frame is an 802.2 frame, the length
1093 * field will be <= ETHERMTU, and, as
1094 * "proto" is > ETHERMTU, this test
1095 * will fail and the frame won't match,
1096 * which is what we want).
1097 */
1098 return gen_cmp(off_linktype, BPF_H,
1099 (bpf_int32)proto);
1100 }
1101 }
1102 break;
1103
1104 case DLT_IEEE802_11:
1105 case DLT_PRISM_HEADER:
1106 case DLT_FDDI:
1107 case DLT_IEEE802:
1108 case DLT_ATM_RFC1483:
1109 case DLT_ATM_CLIP:
1110 return gen_llc(proto);
1111 break;
1112
1113 case DLT_SUNATM:
1114 /*
1115 * Check for LLC encapsulation and then check the protocol.
1116 * XXX - also check for LANE and then check for an Ethernet
1117 * type?
1118 */
1119 b0 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0);
1120 b1 = gen_llc(proto);
1121 gen_and(b0, b1);
1122 return b1;
1123
1124 case DLT_LINUX_SLL:
1125 switch (proto) {
1126
1127 case LLCSAP_ISONS:
1128 /*
1129 * OSI protocols always use 802.2 encapsulation.
1130 * XXX - should we check both the DSAP and the
1131 * LSAP, like this, or should we check just the
1132 * DSAP?
1133 */
1134 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1135 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1136 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
1137 gen_and(b0, b1);
1138 return b1;
1139
1140 case LLCSAP_NETBEUI:
1141 /*
1142 * NetBEUI always uses 802.2 encapsulation.
1143 * XXX - should we check both the DSAP and the
1144 * LSAP, like this, or should we check just the
1145 * DSAP?
1146 */
1147 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1148 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1149 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
1150 gen_and(b0, b1);
1151 return b1;
1152
1153 case LLCSAP_IPX:
1154 /*
1155 * Ethernet_II frames, which are Ethernet
1156 * frames with a frame type of ETHERTYPE_IPX;
1157 *
1158 * Ethernet_802.3 frames, which have a frame
1159 * type of LINUX_SLL_P_802_3;
1160 *
1161 * Ethernet_802.2 frames, which are 802.3
1162 * frames with an 802.2 LLC header (i.e, have
1163 * a frame type of LINUX_SLL_P_802_2) and
1164 * with the IPX LSAP as the DSAP in the LLC
1165 * header;
1166 *
1167 * Ethernet_SNAP frames, which are 802.3
1168 * frames with an LLC header and a SNAP
1169 * header and with an OUI of 0x000000
1170 * (encapsulated Ethernet) and a protocol
1171 * ID of ETHERTYPE_IPX in the SNAP header.
1172 *
1173 * First, do the checks on LINUX_SLL_P_802_2
1174 * frames; generate the check for either
1175 * Ethernet_802.2 or Ethernet_SNAP frames, and
1176 * then put a check for LINUX_SLL_P_802_2 frames
1177 * before it.
1178 */
1179 b0 = gen_cmp(off_linktype + 2, BPF_B,
1180 (bpf_int32)LLCSAP_IPX);
1181 b1 = gen_snap(0x000000, ETHERTYPE_IPX,
1182 off_linktype + 2);
1183 gen_or(b0, b1);
1184 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1185 gen_and(b0, b1);
1186
1187 /*
1188 * Now check for 802.3 frames and OR that with
1189 * the previous test.
1190 */
1191 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_3);
1192 gen_or(b0, b1);
1193
1194 /*
1195 * Now add the check for Ethernet_II frames, and
1196 * do that before checking for the other frame
1197 * types.
1198 */
1199 b0 = gen_cmp(off_linktype, BPF_H,
1200 (bpf_int32)ETHERTYPE_IPX);
1201 gen_or(b0, b1);
1202 return b1;
1203
1204 case ETHERTYPE_ATALK:
1205 case ETHERTYPE_AARP:
1206 /*
1207 * EtherTalk (AppleTalk protocols on Ethernet link
1208 * layer) may use 802.2 encapsulation.
1209 */
1210
1211 /*
1212 * Check for 802.2 encapsulation (EtherTalk phase 2?);
1213 * we check for the 802.2 protocol type in the
1214 * "Ethernet type" field.
1215 */
1216 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1217
1218 /*
1219 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1220 * SNAP packets with an organization code of
1221 * 0x080007 (Apple, for Appletalk) and a protocol
1222 * type of ETHERTYPE_ATALK (Appletalk).
1223 *
1224 * 802.2-encapsulated ETHERTYPE_AARP packets are
1225 * SNAP packets with an organization code of
1226 * 0x000000 (encapsulated Ethernet) and a protocol
1227 * type of ETHERTYPE_AARP (Appletalk ARP).
1228 */
1229 if (proto == ETHERTYPE_ATALK)
1230 b1 = gen_snap(0x080007, ETHERTYPE_ATALK,
1231 off_linktype + 2);
1232 else /* proto == ETHERTYPE_AARP */
1233 b1 = gen_snap(0x000000, ETHERTYPE_AARP,
1234 off_linktype + 2);
1235 gen_and(b0, b1);
1236
1237 /*
1238 * Check for Ethernet encapsulation (Ethertalk
1239 * phase 1?); we just check for the Ethernet
1240 * protocol type.
1241 */
1242 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1243
1244 gen_or(b0, b1);
1245 return b1;
1246
1247 default:
1248 if (proto <= ETHERMTU) {
1249 /*
1250 * This is an LLC SAP value, so the frames
1251 * that match would be 802.2 frames.
1252 * Check for the 802.2 protocol type
1253 * in the "Ethernet type" field, and
1254 * then check the DSAP.
1255 */
1256 b0 = gen_cmp(off_linktype, BPF_H,
1257 LINUX_SLL_P_802_2);
1258 b1 = gen_cmp(off_linktype + 2, BPF_B,
1259 (bpf_int32)proto);
1260 gen_and(b0, b1);
1261 return b1;
1262 } else {
1263 /*
1264 * This is an Ethernet type, so compare
1265 * the length/type field with it (if
1266 * the frame is an 802.2 frame, the length
1267 * field will be <= ETHERMTU, and, as
1268 * "proto" is > ETHERMTU, this test
1269 * will fail and the frame won't match,
1270 * which is what we want).
1271 */
1272 return gen_cmp(off_linktype, BPF_H,
1273 (bpf_int32)proto);
1274 }
1275 }
1276 break;
1277
1278 case DLT_SLIP:
1279 case DLT_SLIP_BSDOS:
1280 case DLT_RAW:
1281 /*
1282 * These types don't provide any type field; packets
1283 * are always IP.
1284 *
1285 * XXX - for IPv4, check for a version number of 4, and,
1286 * for IPv6, check for a version number of 6?
1287 */
1288 switch (proto) {
1289
1290 case ETHERTYPE_IP:
1291 #ifdef INET6
1292 case ETHERTYPE_IPV6:
1293 #endif
1294 return gen_true(); /* always true */
1295
1296 default:
1297 return gen_false(); /* always false */
1298 }
1299 break;
1300
1301 case DLT_PPP:
1302 case DLT_PPP_SERIAL:
1303 case DLT_PPP_ETHER:
1304 /*
1305 * We use Ethernet protocol types inside libpcap;
1306 * map them to the corresponding PPP protocol types.
1307 */
1308 switch (proto) {
1309
1310 case ETHERTYPE_IP:
1311 proto = PPP_IP; /* XXX was 0x21 */
1312 break;
1313
1314 #ifdef INET6
1315 case ETHERTYPE_IPV6:
1316 proto = PPP_IPV6;
1317 break;
1318 #endif
1319
1320 case ETHERTYPE_DN:
1321 proto = PPP_DECNET;
1322 break;
1323
1324 case ETHERTYPE_ATALK:
1325 proto = PPP_APPLE;
1326 break;
1327
1328 case ETHERTYPE_NS:
1329 proto = PPP_NS;
1330 break;
1331
1332 case LLCSAP_ISONS:
1333 proto = PPP_OSI;
1334 break;
1335
1336 case LLCSAP_8021D:
1337 /*
1338 * I'm assuming the "Bridging PDU"s that go
1339 * over PPP are Spanning Tree Protocol
1340 * Bridging PDUs.
1341 */
1342 proto = PPP_BRPDU;
1343 break;
1344
1345 case LLCSAP_IPX:
1346 proto = PPP_IPX;
1347 break;
1348 }
1349 break;
1350
1351 case DLT_PPP_BSDOS:
1352 /*
1353 * We use Ethernet protocol types inside libpcap;
1354 * map them to the corresponding PPP protocol types.
1355 */
1356 switch (proto) {
1357
1358 case ETHERTYPE_IP:
1359 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP);
1360 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC);
1361 gen_or(b0, b1);
1362 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC);
1363 gen_or(b1, b0);
1364 return b0;
1365
1366 #ifdef INET6
1367 case ETHERTYPE_IPV6:
1368 proto = PPP_IPV6;
1369 /* more to go? */
1370 break;
1371 #endif
1372
1373 case ETHERTYPE_DN:
1374 proto = PPP_DECNET;
1375 break;
1376
1377 case ETHERTYPE_ATALK:
1378 proto = PPP_APPLE;
1379 break;
1380
1381 case ETHERTYPE_NS:
1382 proto = PPP_NS;
1383 break;
1384
1385 case LLCSAP_ISONS:
1386 proto = PPP_OSI;
1387 break;
1388
1389 case LLCSAP_8021D:
1390 /*
1391 * I'm assuming the "Bridging PDU"s that go
1392 * over PPP are Spanning Tree Protocol
1393 * Bridging PDUs.
1394 */
1395 proto = PPP_BRPDU;
1396 break;
1397
1398 case LLCSAP_IPX:
1399 proto = PPP_IPX;
1400 break;
1401 }
1402 break;
1403
1404 case DLT_NULL:
1405 case DLT_LOOP:
1406 /*
1407 * For DLT_NULL, the link-layer header is a 32-bit
1408 * word containing an AF_ value in *host* byte order.
1409 *
1410 * In addition, if we're reading a saved capture file,
1411 * the host byte order in the capture may not be the
1412 * same as the host byte order on this machine.
1413 *
1414 * For DLT_LOOP, the link-layer header is a 32-bit
1415 * word containing an AF_ value in *network* byte order.
1416 *
1417 * XXX - AF_ values may, unfortunately, be platform-
1418 * dependent; for example, FreeBSD's AF_INET6 is 24
1419 * whilst NetBSD's and OpenBSD's is 26.
1420 *
1421 * This means that, when reading a capture file, just
1422 * checking for our AF_INET6 value won't work if the
1423 * capture file came from another OS.
1424 */
1425 switch (proto) {
1426
1427 case ETHERTYPE_IP:
1428 proto = AF_INET;
1429 break;
1430
1431 #ifdef INET6
1432 case ETHERTYPE_IPV6:
1433 proto = AF_INET6;
1434 break;
1435 #endif
1436
1437 default:
1438 /*
1439 * Not a type on which we support filtering.
1440 * XXX - support those that have AF_ values
1441 * #defined on this platform, at least?
1442 */
1443 return gen_false();
1444 }
1445
1446 if (linktype == DLT_NULL) {
1447 /*
1448 * The AF_ value is in host byte order, but
1449 * the BPF interpreter will convert it to
1450 * network byte order.
1451 *
1452 * If this is a save file, and it's from a
1453 * machine with the opposite byte order to
1454 * ours, we byte-swap the AF_ value.
1455 *
1456 * Then we run it through "htonl()", and
1457 * generate code to compare against the result.
1458 */
1459 if (bpf_pcap->sf.rfile != NULL &&
1460 bpf_pcap->sf.swapped)
1461 proto = SWAPLONG(proto);
1462 proto = htonl(proto);
1463 }
1464 return (gen_cmp(0, BPF_W, (bpf_int32)proto));
1465
1466 case DLT_ARCNET:
1467 /*
1468 * XXX should we check for first fragment if the protocol
1469 * uses PHDS?
1470 */
1471 switch(proto) {
1472 default:
1473 return gen_false();
1474 #ifdef INET6
1475 case ETHERTYPE_IPV6:
1476 return(gen_cmp(2, BPF_B,
1477 (bpf_int32)htonl(ARCTYPE_INET6)));
1478 #endif /* INET6 */
1479 case ETHERTYPE_IP:
1480 b0 = gen_cmp(2, BPF_B, (bpf_int32)htonl(ARCTYPE_IP));
1481 b1 = gen_cmp(2, BPF_B,
1482 (bpf_int32)htonl(ARCTYPE_IP_OLD));
1483 gen_or(b0, b1);
1484 return(b1);
1485 case ETHERTYPE_ARP:
1486 b0 = gen_cmp(2, BPF_B, (bpf_int32)htonl(ARCTYPE_ARP));
1487 b1 = gen_cmp(2, BPF_B,
1488 (bpf_int32)htonl(ARCTYPE_ARP_OLD));
1489 gen_or(b0, b1);
1490 return(b1);
1491 case ETHERTYPE_REVARP:
1492 return(gen_cmp(2, BPF_B,
1493 (bpf_int32)htonl(ARCTYPE_REVARP)));
1494 case ETHERTYPE_ATALK:
1495 return(gen_cmp(2, BPF_B,
1496 (bpf_int32)htonl(ARCTYPE_ATALK)));
1497 }
1498 break;
1499
1500 case DLT_LTALK:
1501 switch (proto) {
1502 case ETHERTYPE_ATALK:
1503 return gen_true();
1504 default:
1505 return gen_false();
1506 }
1507 break;
1508
1509 case DLT_FRELAY:
1510 /*
1511 * XXX - assumes a 2-byte Frame Relay header with
1512 * DLCI and flags. What if the address is longer?
1513 */
1514 switch (proto) {
1515
1516 case ETHERTYPE_IP:
1517 /*
1518 * Check for the special NLPID for IP.
1519 */
1520 return gen_cmp(2, BPF_H, (0x03<<8) | 0xcc);
1521
1522 #ifdef INET6
1523 case ETHERTYPE_IPV6:
1524 /*
1525 * Check for the special NLPID for IPv6.
1526 */
1527 return gen_cmp(2, BPF_H, (0x03<<8) | 0x8e);
1528 #endif
1529
1530 case LLCSAP_ISONS:
1531 /*
1532 * Check for several OSI protocols.
1533 *
1534 * Frame Relay packets typically have an OSI
1535 * NLPID at the beginning; we check for each
1536 * of them.
1537 *
1538 * What we check for is the NLPID and a frame
1539 * control field of UI, i.e. 0x03 followed
1540 * by the NLPID.
1541 */
1542 b0 = gen_cmp(2, BPF_H, (0x03<<8) | ISO8473_CLNP);
1543 b1 = gen_cmp(2, BPF_H, (0x03<<8) | ISO9542_ESIS);
1544 b2 = gen_cmp(2, BPF_H, (0x03<<8) | ISO10589_ISIS);
1545 gen_or(b1, b2);
1546 gen_or(b0, b2);
1547 return b2;
1548
1549 default:
1550 return gen_false();
1551 }
1552 break;
1553 }
1554
1555 /*
1556 * All the types that have no encapsulation should either be
1557 * handled as DLT_SLIP, DLT_SLIP_BSDOS, and DLT_RAW are, if
1558 * all packets are IP packets, or should be handled in some
1559 * special case, if none of them are (if some are and some
1560 * aren't, the lack of encapsulation is a problem, as we'd
1561 * have to find some other way of determining the packet type).
1562 *
1563 * Therefore, if "off_linktype" is -1, there's an error.
1564 */
1565 if (off_linktype == -1)
1566 abort();
1567
1568 /*
1569 * Any type not handled above should always have an Ethernet
1570 * type at an offset of "off_linktype". (PPP is partially
1571 * handled above - the protocol type is mapped from the
1572 * Ethernet and LLC types we use internally to the corresponding
1573 * PPP type - but the PPP type is always specified by a value
1574 * at "off_linktype", so we don't have to do the code generation
1575 * above.)
1576 */
1577 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1578 }
1579
1580 /*
1581 * Check for an LLC SNAP packet with a given organization code and
1582 * protocol type; we check the entire contents of the 802.2 LLC and
1583 * snap headers, checking for DSAP and SSAP of SNAP and a control
1584 * field of 0x03 in the LLC header, and for the specified organization
1585 * code and protocol type in the SNAP header.
1586 */
1587 static struct block *
1588 gen_snap(orgcode, ptype, offset)
1589 bpf_u_int32 orgcode;
1590 bpf_u_int32 ptype;
1591 u_int offset;
1592 {
1593 u_char snapblock[8];
1594
1595 snapblock[0] = LLCSAP_SNAP; /* DSAP = SNAP */
1596 snapblock[1] = LLCSAP_SNAP; /* SSAP = SNAP */
1597 snapblock[2] = 0x03; /* control = UI */
1598 snapblock[3] = (orgcode >> 16); /* upper 8 bits of organization code */
1599 snapblock[4] = (orgcode >> 8); /* middle 8 bits of organization code */
1600 snapblock[5] = (orgcode >> 0); /* lower 8 bits of organization code */
1601 snapblock[6] = (ptype >> 8); /* upper 8 bits of protocol type */
1602 snapblock[7] = (ptype >> 0); /* lower 8 bits of protocol type */
1603 return gen_bcmp(offset, 8, snapblock);
1604 }
1605
1606 /*
1607 * Check for a given protocol value assuming an 802.2 LLC header.
1608 */
1609 static struct block *
1610 gen_llc(proto)
1611 int proto;
1612 {
1613 /*
1614 * XXX - handle token-ring variable-length header.
1615 */
1616 switch (proto) {
1617
1618 case LLCSAP_ISONS:
1619 return gen_cmp(off_linktype, BPF_H, (long)
1620 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
1621
1622 case LLCSAP_NETBEUI:
1623 return gen_cmp(off_linktype, BPF_H, (long)
1624 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
1625
1626 case LLCSAP_IPX:
1627 /*
1628 * XXX - are there ever SNAP frames for IPX on
1629 * non-Ethernet 802.x networks?
1630 */
1631 return gen_cmp(off_linktype, BPF_B, (bpf_int32)LLCSAP_IPX);
1632
1633 case ETHERTYPE_ATALK:
1634 /*
1635 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1636 * SNAP packets with an organization code of
1637 * 0x080007 (Apple, for Appletalk) and a protocol
1638 * type of ETHERTYPE_ATALK (Appletalk).
1639 *
1640 * XXX - check for an organization code of
1641 * encapsulated Ethernet as well?
1642 */
1643 return gen_snap(0x080007, ETHERTYPE_ATALK, off_linktype);
1644
1645 default:
1646 /*
1647 * XXX - we don't have to check for IPX 802.3
1648 * here, but should we check for the IPX Ethertype?
1649 */
1650 if (proto <= ETHERMTU) {
1651 /*
1652 * This is an LLC SAP value, so check
1653 * the DSAP.
1654 */
1655 return gen_cmp(off_linktype, BPF_B, (bpf_int32)proto);
1656 } else {
1657 /*
1658 * This is an Ethernet type; we assume that it's
1659 * unlikely that it'll appear in the right place
1660 * at random, and therefore check only the
1661 * location that would hold the Ethernet type
1662 * in a SNAP frame with an organization code of
1663 * 0x000000 (encapsulated Ethernet).
1664 *
1665 * XXX - if we were to check for the SNAP DSAP and
1666 * LSAP, as per XXX, and were also to check for an
1667 * organization code of 0x000000 (encapsulated
1668 * Ethernet), we'd do
1669 *
1670 * return gen_snap(0x000000, proto,
1671 * off_linktype);
1672 *
1673 * here; for now, we don't, as per the above.
1674 * I don't know whether it's worth the extra CPU
1675 * time to do the right check or not.
1676 */
1677 return gen_cmp(off_linktype+6, BPF_H, (bpf_int32)proto);
1678 }
1679 }
1680 }
1681
1682 static struct block *
1683 gen_hostop(addr, mask, dir, proto, src_off, dst_off)
1684 bpf_u_int32 addr;
1685 bpf_u_int32 mask;
1686 int dir, proto;
1687 u_int src_off, dst_off;
1688 {
1689 struct block *b0, *b1;
1690 u_int offset;
1691
1692 switch (dir) {
1693
1694 case Q_SRC:
1695 offset = src_off;
1696 break;
1697
1698 case Q_DST:
1699 offset = dst_off;
1700 break;
1701
1702 case Q_AND:
1703 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
1704 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
1705 gen_and(b0, b1);
1706 return b1;
1707
1708 case Q_OR:
1709 case Q_DEFAULT:
1710 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
1711 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
1712 gen_or(b0, b1);
1713 return b1;
1714
1715 default:
1716 abort();
1717 }
1718 b0 = gen_linktype(proto);
1719 b1 = gen_mcmp(offset, BPF_W, (bpf_int32)addr, mask);
1720 gen_and(b0, b1);
1721 return b1;
1722 }
1723
1724 #ifdef INET6
1725 static struct block *
1726 gen_hostop6(addr, mask, dir, proto, src_off, dst_off)
1727 struct in6_addr *addr;
1728 struct in6_addr *mask;
1729 int dir, proto;
1730 u_int src_off, dst_off;
1731 {
1732 struct block *b0, *b1;
1733 u_int offset;
1734 u_int32_t *a, *m;
1735
1736 switch (dir) {
1737
1738 case Q_SRC:
1739 offset = src_off;
1740 break;
1741
1742 case Q_DST:
1743 offset = dst_off;
1744 break;
1745
1746 case Q_AND:
1747 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
1748 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
1749 gen_and(b0, b1);
1750 return b1;
1751
1752 case Q_OR:
1753 case Q_DEFAULT:
1754 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
1755 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
1756 gen_or(b0, b1);
1757 return b1;
1758
1759 default:
1760 abort();
1761 }
1762 /* this order is important */
1763 a = (u_int32_t *)addr;
1764 m = (u_int32_t *)mask;
1765 b1 = gen_mcmp(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3]));
1766 b0 = gen_mcmp(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2]));
1767 gen_and(b0, b1);
1768 b0 = gen_mcmp(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1]));
1769 gen_and(b0, b1);
1770 b0 = gen_mcmp(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0]));
1771 gen_and(b0, b1);
1772 b0 = gen_linktype(proto);
1773 gen_and(b0, b1);
1774 return b1;
1775 }
1776 #endif /*INET6*/
1777
1778 static struct block *
1779 gen_ehostop(eaddr, dir)
1780 register const u_char *eaddr;
1781 register int dir;
1782 {
1783 register struct block *b0, *b1;
1784
1785 switch (dir) {
1786 case Q_SRC:
1787 return gen_bcmp(6, 6, eaddr);
1788
1789 case Q_DST:
1790 return gen_bcmp(0, 6, eaddr);
1791
1792 case Q_AND:
1793 b0 = gen_ehostop(eaddr, Q_SRC);
1794 b1 = gen_ehostop(eaddr, Q_DST);
1795 gen_and(b0, b1);
1796 return b1;
1797
1798 case Q_DEFAULT:
1799 case Q_OR:
1800 b0 = gen_ehostop(eaddr, Q_SRC);
1801 b1 = gen_ehostop(eaddr, Q_DST);
1802 gen_or(b0, b1);
1803 return b1;
1804 }
1805 abort();
1806 /* NOTREACHED */
1807 }
1808
1809 /*
1810 * Like gen_ehostop, but for DLT_FDDI
1811 */
1812 static struct block *
1813 gen_fhostop(eaddr, dir)
1814 register const u_char *eaddr;
1815 register int dir;
1816 {
1817 struct block *b0, *b1;
1818
1819 switch (dir) {
1820 case Q_SRC:
1821 #ifdef PCAP_FDDIPAD
1822 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr);
1823 #else
1824 return gen_bcmp(6 + 1, 6, eaddr);
1825 #endif
1826
1827 case Q_DST:
1828 #ifdef PCAP_FDDIPAD
1829 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr);
1830 #else
1831 return gen_bcmp(0 + 1, 6, eaddr);
1832 #endif
1833
1834 case Q_AND:
1835 b0 = gen_fhostop(eaddr, Q_SRC);
1836 b1 = gen_fhostop(eaddr, Q_DST);
1837 gen_and(b0, b1);
1838 return b1;
1839
1840 case Q_DEFAULT:
1841 case Q_OR:
1842 b0 = gen_fhostop(eaddr, Q_SRC);
1843 b1 = gen_fhostop(eaddr, Q_DST);
1844 gen_or(b0, b1);
1845 return b1;
1846 }
1847 abort();
1848 /* NOTREACHED */
1849 }
1850
1851 /*
1852 * Like gen_ehostop, but for DLT_IEEE802 (Token Ring)
1853 */
1854 static struct block *
1855 gen_thostop(eaddr, dir)
1856 register const u_char *eaddr;
1857 register int dir;
1858 {
1859 register struct block *b0, *b1;
1860
1861 switch (dir) {
1862 case Q_SRC:
1863 return gen_bcmp(8, 6, eaddr);
1864
1865 case Q_DST:
1866 return gen_bcmp(2, 6, eaddr);
1867
1868 case Q_AND:
1869 b0 = gen_thostop(eaddr, Q_SRC);
1870 b1 = gen_thostop(eaddr, Q_DST);
1871 gen_and(b0, b1);
1872 return b1;
1873
1874 case Q_DEFAULT:
1875 case Q_OR:
1876 b0 = gen_thostop(eaddr, Q_SRC);
1877 b1 = gen_thostop(eaddr, Q_DST);
1878 gen_or(b0, b1);
1879 return b1;
1880 }
1881 abort();
1882 /* NOTREACHED */
1883 }
1884
1885 /*
1886 * This is quite tricky because there may be pad bytes in front of the
1887 * DECNET header, and then there are two possible data packet formats that
1888 * carry both src and dst addresses, plus 5 packet types in a format that
1889 * carries only the src node, plus 2 types that use a different format and
1890 * also carry just the src node.
1891 *
1892 * Yuck.
1893 *
1894 * Instead of doing those all right, we just look for data packets with
1895 * 0 or 1 bytes of padding. If you want to look at other packets, that
1896 * will require a lot more hacking.
1897 *
1898 * To add support for filtering on DECNET "areas" (network numbers)
1899 * one would want to add a "mask" argument to this routine. That would
1900 * make the filter even more inefficient, although one could be clever
1901 * and not generate masking instructions if the mask is 0xFFFF.
1902 */
1903 static struct block *
1904 gen_dnhostop(addr, dir, base_off)
1905 bpf_u_int32 addr;
1906 int dir;
1907 u_int base_off;
1908 {
1909 struct block *b0, *b1, *b2, *tmp;
1910 u_int offset_lh; /* offset if long header is received */
1911 u_int offset_sh; /* offset if short header is received */
1912
1913 switch (dir) {
1914
1915 case Q_DST:
1916 offset_sh = 1; /* follows flags */
1917 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */
1918 break;
1919
1920 case Q_SRC:
1921 offset_sh = 3; /* follows flags, dstnode */
1922 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */
1923 break;
1924
1925 case Q_AND:
1926 /* Inefficient because we do our Calvinball dance twice */
1927 b0 = gen_dnhostop(addr, Q_SRC, base_off);
1928 b1 = gen_dnhostop(addr, Q_DST, base_off);
1929 gen_and(b0, b1);
1930 return b1;
1931
1932 case Q_OR:
1933 case Q_DEFAULT:
1934 /* Inefficient because we do our Calvinball dance twice */
1935 b0 = gen_dnhostop(addr, Q_SRC, base_off);
1936 b1 = gen_dnhostop(addr, Q_DST, base_off);
1937 gen_or(b0, b1);
1938 return b1;
1939
1940 case Q_ISO:
1941 bpf_error("ISO host filtering not implemented");
1942
1943 default:
1944 abort();
1945 }
1946 b0 = gen_linktype(ETHERTYPE_DN);
1947 /* Check for pad = 1, long header case */
1948 tmp = gen_mcmp(base_off + 2, BPF_H,
1949 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF));
1950 b1 = gen_cmp(base_off + 2 + 1 + offset_lh,
1951 BPF_H, (bpf_int32)ntohs(addr));
1952 gen_and(tmp, b1);
1953 /* Check for pad = 0, long header case */
1954 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7);
1955 b2 = gen_cmp(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr));
1956 gen_and(tmp, b2);
1957 gen_or(b2, b1);
1958 /* Check for pad = 1, short header case */
1959 tmp = gen_mcmp(base_off + 2, BPF_H,
1960 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF));
1961 b2 = gen_cmp(base_off + 2 + 1 + offset_sh,
1962 BPF_H, (bpf_int32)ntohs(addr));
1963 gen_and(tmp, b2);
1964 gen_or(b2, b1);
1965 /* Check for pad = 0, short header case */
1966 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7);
1967 b2 = gen_cmp(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr));
1968 gen_and(tmp, b2);
1969 gen_or(b2, b1);
1970
1971 /* Combine with test for linktype */
1972 gen_and(b0, b1);
1973 return b1;
1974 }
1975
1976 static struct block *
1977 gen_host(addr, mask, proto, dir)
1978 bpf_u_int32 addr;
1979 bpf_u_int32 mask;
1980 int proto;
1981 int dir;
1982 {
1983 struct block *b0, *b1;
1984
1985 switch (proto) {
1986
1987 case Q_DEFAULT:
1988 b0 = gen_host(addr, mask, Q_IP, dir);
1989 if (off_linktype != -1) {
1990 b1 = gen_host(addr, mask, Q_ARP, dir);
1991 gen_or(b0, b1);
1992 b0 = gen_host(addr, mask, Q_RARP, dir);
1993 gen_or(b1, b0);
1994 }
1995 return b0;
1996
1997 case Q_IP:
1998 return gen_hostop(addr, mask, dir, ETHERTYPE_IP,
1999 off_nl + 12, off_nl + 16);
2000
2001 case Q_RARP:
2002 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP,
2003 off_nl + 14, off_nl + 24);
2004
2005 case Q_ARP:
2006 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP,
2007 off_nl + 14, off_nl + 24);
2008
2009 case Q_TCP:
2010 bpf_error("'tcp' modifier applied to host");
2011
2012 case Q_SCTP:
2013 bpf_error("'sctp' modifier applied to host");
2014
2015 case Q_UDP:
2016 bpf_error("'udp' modifier applied to host");
2017
2018 case Q_ICMP:
2019 bpf_error("'icmp' modifier applied to host");
2020
2021 case Q_IGMP:
2022 bpf_error("'igmp' modifier applied to host");
2023
2024 case Q_IGRP:
2025 bpf_error("'igrp' modifier applied to host");
2026
2027 case Q_PIM:
2028 bpf_error("'pim' modifier applied to host");
2029
2030 case Q_VRRP:
2031 bpf_error("'vrrp' modifier applied to host");
2032
2033 case Q_ATALK:
2034 bpf_error("ATALK host filtering not implemented");
2035
2036 case Q_AARP:
2037 bpf_error("AARP host filtering not implemented");
2038
2039 case Q_DECNET:
2040 return gen_dnhostop(addr, dir, off_nl);
2041
2042 case Q_SCA:
2043 bpf_error("SCA host filtering not implemented");
2044
2045 case Q_LAT:
2046 bpf_error("LAT host filtering not implemented");
2047
2048 case Q_MOPDL:
2049 bpf_error("MOPDL host filtering not implemented");
2050
2051 case Q_MOPRC:
2052 bpf_error("MOPRC host filtering not implemented");
2053
2054 #ifdef INET6
2055 case Q_IPV6:
2056 bpf_error("'ip6' modifier applied to ip host");
2057
2058 case Q_ICMPV6:
2059 bpf_error("'icmp6' modifier applied to host");
2060 #endif /* INET6 */
2061
2062 case Q_AH:
2063 bpf_error("'ah' modifier applied to host");
2064
2065 case Q_ESP:
2066 bpf_error("'esp' modifier applied to host");
2067
2068 case Q_ISO:
2069 bpf_error("ISO host filtering not implemented");
2070
2071 case Q_ESIS:
2072 bpf_error("'esis' modifier applied to host");
2073
2074 case Q_ISIS:
2075 bpf_error("'isis' modifier applied to host");
2076
2077 case Q_CLNP:
2078 bpf_error("'clnp' modifier applied to host");
2079
2080 case Q_STP:
2081 bpf_error("'stp' modifier applied to host");
2082
2083 case Q_IPX:
2084 bpf_error("IPX host filtering not implemented");
2085
2086 case Q_NETBEUI:
2087 bpf_error("'netbeui' modifier applied to host");
2088
2089 default:
2090 abort();
2091 }
2092 /* NOTREACHED */
2093 }
2094
2095 #ifdef INET6
2096 static struct block *
2097 gen_host6(addr, mask, proto, dir)
2098 struct in6_addr *addr;
2099 struct in6_addr *mask;
2100 int proto;
2101 int dir;
2102 {
2103 switch (proto) {
2104
2105 case Q_DEFAULT:
2106 return gen_host6(addr, mask, Q_IPV6, dir);
2107
2108 case Q_IP:
2109 bpf_error("'ip' modifier applied to ip6 host");
2110
2111 case Q_RARP:
2112 bpf_error("'rarp' modifier applied to ip6 host");
2113
2114 case Q_ARP:
2115 bpf_error("'arp' modifier applied to ip6 host");
2116
2117 case Q_SCTP:
2118 bpf_error("'sctp' modifier applied to host");
2119
2120 case Q_TCP:
2121 bpf_error("'tcp' modifier applied to host");
2122
2123 case Q_UDP:
2124 bpf_error("'udp' modifier applied to host");
2125
2126 case Q_ICMP:
2127 bpf_error("'icmp' modifier applied to host");
2128
2129 case Q_IGMP:
2130 bpf_error("'igmp' modifier applied to host");
2131
2132 case Q_IGRP:
2133 bpf_error("'igrp' modifier applied to host");
2134
2135 case Q_PIM:
2136 bpf_error("'pim' modifier applied to host");
2137
2138 case Q_VRRP:
2139 bpf_error("'vrrp' modifier applied to host");
2140
2141 case Q_ATALK:
2142 bpf_error("ATALK host filtering not implemented");
2143
2144 case Q_AARP:
2145 bpf_error("AARP host filtering not implemented");
2146
2147 case Q_DECNET:
2148 bpf_error("'decnet' modifier applied to ip6 host");
2149
2150 case Q_SCA:
2151 bpf_error("SCA host filtering not implemented");
2152
2153 case Q_LAT:
2154 bpf_error("LAT host filtering not implemented");
2155
2156 case Q_MOPDL:
2157 bpf_error("MOPDL host filtering not implemented");
2158
2159 case Q_MOPRC:
2160 bpf_error("MOPRC host filtering not implemented");
2161
2162 case Q_IPV6:
2163 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6,
2164 off_nl + 8, off_nl + 24);
2165
2166 case Q_ICMPV6:
2167 bpf_error("'icmp6' modifier applied to host");
2168
2169 case Q_AH:
2170 bpf_error("'ah' modifier applied to host");
2171
2172 case Q_ESP:
2173 bpf_error("'esp' modifier applied to host");
2174
2175 case Q_ISO:
2176 bpf_error("ISO host filtering not implemented");
2177
2178 case Q_ESIS:
2179 bpf_error("'esis' modifier applied to host");
2180
2181 case Q_ISIS:
2182 bpf_error("'isis' modifier applied to host");
2183
2184 case Q_CLNP:
2185 bpf_error("'clnp' modifier applied to host");
2186
2187 case Q_STP:
2188 bpf_error("'stp' modifier applied to host");
2189
2190 case Q_IPX:
2191 bpf_error("IPX host filtering not implemented");
2192
2193 case Q_NETBEUI:
2194 bpf_error("'netbeui' modifier applied to host");
2195
2196 default:
2197 abort();
2198 }
2199 /* NOTREACHED */
2200 }
2201 #endif /*INET6*/
2202
2203 #ifndef INET6
2204 static struct block *
2205 gen_gateway(eaddr, alist, proto, dir)
2206 const u_char *eaddr;
2207 bpf_u_int32 **alist;
2208 int proto;
2209 int dir;
2210 {
2211 struct block *b0, *b1, *tmp;
2212
2213 if (dir != 0)
2214 bpf_error("direction applied to 'gateway'");
2215
2216 switch (proto) {
2217 case Q_DEFAULT:
2218 case Q_IP:
2219 case Q_ARP:
2220 case Q_RARP:
2221 if (linktype == DLT_EN10MB)
2222 b0 = gen_ehostop(eaddr, Q_OR);
2223 else if (linktype == DLT_FDDI)
2224 b0 = gen_fhostop(eaddr, Q_OR);
2225 else if (linktype == DLT_IEEE802)
2226 b0 = gen_thostop(eaddr, Q_OR);
2227 else
2228 bpf_error(
2229 "'gateway' supported only on ethernet, FDDI or token ring");
2230
2231 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR);
2232 while (*alist) {
2233 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR);
2234 gen_or(b1, tmp);
2235 b1 = tmp;
2236 }
2237 gen_not(b1);
2238 gen_and(b0, b1);
2239 return b1;
2240 }
2241 bpf_error("illegal modifier of 'gateway'");
2242 /* NOTREACHED */
2243 }
2244 #endif
2245
2246 struct block *
2247 gen_proto_abbrev(proto)
2248 int proto;
2249 {
2250 #ifdef INET6
2251 struct block *b0;
2252 #endif
2253 struct block *b1;
2254
2255 switch (proto) {
2256
2257 case Q_SCTP:
2258 b1 = gen_proto(IPPROTO_SCTP, Q_IP, Q_DEFAULT);
2259 #ifdef INET6
2260 b0 = gen_proto(IPPROTO_SCTP, Q_IPV6, Q_DEFAULT);
2261 gen_or(b0, b1);
2262 #endif
2263 break;
2264
2265 case Q_TCP:
2266 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT);
2267 #ifdef INET6
2268 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT);
2269 gen_or(b0, b1);
2270 #endif
2271 break;
2272
2273 case Q_UDP:
2274 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT);
2275 #ifdef INET6
2276 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT);
2277 gen_or(b0, b1);
2278 #endif
2279 break;
2280
2281 case Q_ICMP:
2282 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT);
2283 break;
2284
2285 #ifndef IPPROTO_IGMP
2286 #define IPPROTO_IGMP 2
2287 #endif
2288
2289 case Q_IGMP:
2290 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT);
2291 break;
2292
2293 #ifndef IPPROTO_IGRP
2294 #define IPPROTO_IGRP 9
2295 #endif
2296 case Q_IGRP:
2297 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT);
2298 break;
2299
2300 #ifndef IPPROTO_PIM
2301 #define IPPROTO_PIM 103
2302 #endif
2303
2304 case Q_PIM:
2305 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT);
2306 #ifdef INET6
2307 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT);
2308 gen_or(b0, b1);
2309 #endif
2310 break;
2311
2312 #ifndef IPPROTO_VRRP
2313 #define IPPROTO_VRRP 112
2314 #endif
2315
2316 case Q_VRRP:
2317 b1 = gen_proto(IPPROTO_VRRP, Q_IP, Q_DEFAULT);
2318 break;
2319
2320 case Q_IP:
2321 b1 = gen_linktype(ETHERTYPE_IP);
2322 break;
2323
2324 case Q_ARP:
2325 b1 = gen_linktype(ETHERTYPE_ARP);
2326 break;
2327
2328 case Q_RARP:
2329 b1 = gen_linktype(ETHERTYPE_REVARP);
2330 break;
2331
2332 case Q_LINK:
2333 bpf_error("link layer applied in wrong context");
2334
2335 case Q_ATALK:
2336 b1 = gen_linktype(ETHERTYPE_ATALK);
2337 break;
2338
2339 case Q_AARP:
2340 b1 = gen_linktype(ETHERTYPE_AARP);
2341 break;
2342
2343 case Q_DECNET:
2344 b1 = gen_linktype(ETHERTYPE_DN);
2345 break;
2346
2347 case Q_SCA:
2348 b1 = gen_linktype(ETHERTYPE_SCA);
2349 break;
2350
2351 case Q_LAT:
2352 b1 = gen_linktype(ETHERTYPE_LAT);
2353 break;
2354
2355 case Q_MOPDL:
2356 b1 = gen_linktype(ETHERTYPE_MOPDL);
2357 break;
2358
2359 case Q_MOPRC:
2360 b1 = gen_linktype(ETHERTYPE_MOPRC);
2361 break;
2362
2363 #ifdef INET6
2364 case Q_IPV6:
2365 b1 = gen_linktype(ETHERTYPE_IPV6);
2366 break;
2367
2368 #ifndef IPPROTO_ICMPV6
2369 #define IPPROTO_ICMPV6 58
2370 #endif
2371 case Q_ICMPV6:
2372 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT);
2373 break;
2374 #endif /* INET6 */
2375
2376 #ifndef IPPROTO_AH
2377 #define IPPROTO_AH 51
2378 #endif
2379 case Q_AH:
2380 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT);
2381 #ifdef INET6
2382 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT);
2383 gen_or(b0, b1);
2384 #endif
2385 break;
2386
2387 #ifndef IPPROTO_ESP
2388 #define IPPROTO_ESP 50
2389 #endif
2390 case Q_ESP:
2391 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT);
2392 #ifdef INET6
2393 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT);
2394 gen_or(b0, b1);
2395 #endif
2396 break;
2397
2398 case Q_ISO:
2399 b1 = gen_linktype(LLCSAP_ISONS);
2400 break;
2401
2402 case Q_ESIS:
2403 b1 = gen_proto(ISO9542_ESIS, Q_ISO, Q_DEFAULT);
2404 break;
2405
2406 case Q_ISIS:
2407 b1 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT);
2408 break;
2409
2410 case Q_CLNP:
2411 b1 = gen_proto(ISO8473_CLNP, Q_ISO, Q_DEFAULT);
2412 break;
2413
2414 case Q_STP:
2415 b1 = gen_linktype(LLCSAP_8021D);
2416 break;
2417
2418 case Q_IPX:
2419 b1 = gen_linktype(LLCSAP_IPX);
2420 break;
2421
2422 case Q_NETBEUI:
2423 b1 = gen_linktype(LLCSAP_NETBEUI);
2424 break;
2425
2426 default:
2427 abort();
2428 }
2429 return b1;
2430 }
2431
2432 static struct block *
2433 gen_ipfrag()
2434 {
2435 struct slist *s;
2436 struct block *b;
2437
2438 /* not ip frag */
2439 s = new_stmt(BPF_LD|BPF_H|BPF_ABS);
2440 s->s.k = off_nl + 6;
2441 b = new_block(JMP(BPF_JSET));
2442 b->s.k = 0x1fff;
2443 b->stmts = s;
2444 gen_not(b);
2445
2446 return b;
2447 }
2448
2449 static struct block *
2450 gen_portatom(off, v)
2451 int off;
2452 bpf_int32 v;
2453 {
2454 struct slist *s;
2455 struct block *b;
2456
2457 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
2458 s->s.k = off_nl;
2459
2460 s->next = new_stmt(BPF_LD|BPF_IND|BPF_H);
2461 s->next->s.k = off_nl + off;
2462
2463 b = new_block(JMP(BPF_JEQ));
2464 b->stmts = s;
2465 b->s.k = v;
2466
2467 return b;
2468 }
2469
2470 #ifdef INET6
2471 static struct block *
2472 gen_portatom6(off, v)
2473 int off;
2474 bpf_int32 v;
2475 {
2476 return gen_cmp(off_nl + 40 + off, BPF_H, v);
2477 }
2478 #endif/*INET6*/
2479
2480 struct block *
2481 gen_portop(port, proto, dir)
2482 int port, proto, dir;
2483 {
2484 struct block *b0, *b1, *tmp;
2485
2486 /* ip proto 'proto' */
2487 tmp = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)proto);
2488 b0 = gen_ipfrag();
2489 gen_and(tmp, b0);
2490
2491 switch (dir) {
2492 case Q_SRC:
2493 b1 = gen_portatom(0, (bpf_int32)port);
2494 break;
2495
2496 case Q_DST:
2497 b1 = gen_portatom(2, (bpf_int32)port);
2498 break;
2499
2500 case Q_OR:
2501 case Q_DEFAULT:
2502 tmp = gen_portatom(0, (bpf_int32)port);
2503 b1 = gen_portatom(2, (bpf_int32)port);
2504 gen_or(tmp, b1);
2505 break;
2506
2507 case Q_AND:
2508 tmp = gen_portatom(0, (bpf_int32)port);
2509 b1 = gen_portatom(2, (bpf_int32)port);
2510 gen_and(tmp, b1);
2511 break;
2512
2513 default:
2514 abort();
2515 }
2516 gen_and(b0, b1);
2517
2518 return b1;
2519 }
2520
2521 static struct block *
2522 gen_port(port, ip_proto, dir)
2523 int port;
2524 int ip_proto;
2525 int dir;
2526 {
2527 struct block *b0, *b1, *tmp;
2528
2529 /* ether proto ip */
2530 b0 = gen_linktype(ETHERTYPE_IP);
2531
2532 switch (ip_proto) {
2533 case IPPROTO_UDP:
2534 case IPPROTO_TCP:
2535 case IPPROTO_SCTP:
2536 b1 = gen_portop(port, ip_proto, dir);
2537 break;
2538
2539 case PROTO_UNDEF:
2540 tmp = gen_portop(port, IPPROTO_TCP, dir);
2541 b1 = gen_portop(port, IPPROTO_UDP, dir);
2542 gen_or(tmp, b1);
2543 tmp = gen_portop(port, IPPROTO_SCTP, dir);
2544 gen_or(tmp, b1);
2545 break;
2546
2547 default:
2548 abort();
2549 }
2550 gen_and(b0, b1);
2551 return b1;
2552 }
2553
2554 #ifdef INET6
2555 struct block *
2556 gen_portop6(port, proto, dir)
2557 int port, proto, dir;
2558 {
2559 struct block *b0, *b1, *tmp;
2560
2561 /* ip proto 'proto' */
2562 b0 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)proto);
2563
2564 switch (dir) {
2565 case Q_SRC:
2566 b1 = gen_portatom6(0, (bpf_int32)port);
2567 break;
2568
2569 case Q_DST:
2570 b1 = gen_portatom6(2, (bpf_int32)port);
2571 break;
2572
2573 case Q_OR:
2574 case Q_DEFAULT:
2575 tmp = gen_portatom6(0, (bpf_int32)port);
2576 b1 = gen_portatom6(2, (bpf_int32)port);
2577 gen_or(tmp, b1);
2578 break;
2579
2580 case Q_AND:
2581 tmp = gen_portatom6(0, (bpf_int32)port);
2582 b1 = gen_portatom6(2, (bpf_int32)port);
2583 gen_and(tmp, b1);
2584 break;
2585
2586 default:
2587 abort();
2588 }
2589 gen_and(b0, b1);
2590
2591 return b1;
2592 }
2593
2594 static struct block *
2595 gen_port6(port, ip_proto, dir)
2596 int port;
2597 int ip_proto;
2598 int dir;
2599 {
2600 struct block *b0, *b1, *tmp;
2601
2602 /* ether proto ip */
2603 b0 = gen_linktype(ETHERTYPE_IPV6);
2604
2605 switch (ip_proto) {
2606 case IPPROTO_UDP:
2607 case IPPROTO_TCP:
2608 case IPPROTO_SCTP:
2609 b1 = gen_portop6(port, ip_proto, dir);
2610 break;
2611
2612 case PROTO_UNDEF:
2613 tmp = gen_portop6(port, IPPROTO_TCP, dir);
2614 b1 = gen_portop6(port, IPPROTO_UDP, dir);
2615 gen_or(tmp, b1);
2616 tmp = gen_portop6(port, IPPROTO_SCTP, dir);
2617 gen_or(tmp, b1);
2618 break;
2619
2620 default:
2621 abort();
2622 }
2623 gen_and(b0, b1);
2624 return b1;
2625 }
2626 #endif /* INET6 */
2627
2628 static int
2629 lookup_proto(name, proto)
2630 register const char *name;
2631 register int proto;
2632 {
2633 register int v;
2634
2635 switch (proto) {
2636
2637 case Q_DEFAULT:
2638 case Q_IP:
2639 case Q_IPV6:
2640 v = pcap_nametoproto(name);
2641 if (v == PROTO_UNDEF)
2642 bpf_error("unknown ip proto '%s'", name);
2643 break;
2644
2645 case Q_LINK:
2646 /* XXX should look up h/w protocol type based on linktype */
2647 v = pcap_nametoeproto(name);
2648 if (v == PROTO_UNDEF)
2649 bpf_error("unknown ether proto '%s'", name);
2650 break;
2651
2652 case Q_ISO:
2653 if (strcmp(name, "esis") == 0)
2654 v = ISO9542_ESIS;
2655 else if (strcmp(name, "isis") == 0)
2656 v = ISO10589_ISIS;
2657 else if (strcmp(name, "clnp") == 0)
2658 v = ISO8473_CLNP;
2659 else
2660 bpf_error("unknown osi proto '%s'", name);
2661 break;
2662
2663 default:
2664 v = PROTO_UNDEF;
2665 break;
2666 }
2667 return v;
2668 }
2669
2670 #if 0
2671 struct stmt *
2672 gen_joinsp(s, n)
2673 struct stmt **s;
2674 int n;
2675 {
2676 return NULL;
2677 }
2678 #endif
2679
2680 static struct block *
2681 gen_protochain(v, proto, dir)
2682 int v;
2683 int proto;
2684 int dir;
2685 {
2686 #ifdef NO_PROTOCHAIN
2687 return gen_proto(v, proto, dir);
2688 #else
2689 struct block *b0, *b;
2690 struct slist *s[100];
2691 int fix2, fix3, fix4, fix5;
2692 int ahcheck, again, end;
2693 int i, max;
2694 int reg2 = alloc_reg();
2695
2696 memset(s, 0, sizeof(s));
2697 fix2 = fix3 = fix4 = fix5 = 0;
2698
2699 switch (proto) {
2700 case Q_IP:
2701 case Q_IPV6:
2702 break;
2703 case Q_DEFAULT:
2704 b0 = gen_protochain(v, Q_IP, dir);
2705 b = gen_protochain(v, Q_IPV6, dir);
2706 gen_or(b0, b);
2707 return b;
2708 default:
2709 bpf_error("bad protocol applied for 'protochain'");
2710 /*NOTREACHED*/
2711 }
2712
2713 no_optimize = 1; /*this code is not compatible with optimzer yet */
2714
2715 /*
2716 * s[0] is a dummy entry to protect other BPF insn from damaged
2717 * by s[fix] = foo with uninitialized variable "fix". It is somewhat
2718 * hard to find interdependency made by jump table fixup.
2719 */
2720 i = 0;
2721 s[i] = new_stmt(0); /*dummy*/
2722 i++;
2723
2724 switch (proto) {
2725 case Q_IP:
2726 b0 = gen_linktype(ETHERTYPE_IP);
2727
2728 /* A = ip->ip_p */
2729 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
2730 s[i]->s.k = off_nl + 9;
2731 i++;
2732 /* X = ip->ip_hl << 2 */
2733 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
2734 s[i]->s.k = off_nl;
2735 i++;
2736 break;
2737 #ifdef INET6
2738 case Q_IPV6:
2739 b0 = gen_linktype(ETHERTYPE_IPV6);
2740
2741 /* A = ip6->ip_nxt */
2742 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
2743 s[i]->s.k = off_nl + 6;
2744 i++;
2745 /* X = sizeof(struct ip6_hdr) */
2746 s[i] = new_stmt(BPF_LDX|BPF_IMM);
2747 s[i]->s.k = 40;
2748 i++;
2749 break;
2750 #endif
2751 default:
2752 bpf_error("unsupported proto to gen_protochain");
2753 /*NOTREACHED*/
2754 }
2755
2756 /* again: if (A == v) goto end; else fall through; */
2757 again = i;
2758 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2759 s[i]->s.k = v;
2760 s[i]->s.jt = NULL; /*later*/
2761 s[i]->s.jf = NULL; /*update in next stmt*/
2762 fix5 = i;
2763 i++;
2764
2765 #ifndef IPPROTO_NONE
2766 #define IPPROTO_NONE 59
2767 #endif
2768 /* if (A == IPPROTO_NONE) goto end */
2769 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2770 s[i]->s.jt = NULL; /*later*/
2771 s[i]->s.jf = NULL; /*update in next stmt*/
2772 s[i]->s.k = IPPROTO_NONE;
2773 s[fix5]->s.jf = s[i];
2774 fix2 = i;
2775 i++;
2776
2777 #ifdef INET6
2778 if (proto == Q_IPV6) {
2779 int v6start, v6end, v6advance, j;
2780
2781 v6start = i;
2782 /* if (A == IPPROTO_HOPOPTS) goto v6advance */
2783 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2784 s[i]->s.jt = NULL; /*later*/
2785 s[i]->s.jf = NULL; /*update in next stmt*/
2786 s[i]->s.k = IPPROTO_HOPOPTS;
2787 s[fix2]->s.jf = s[i];
2788 i++;
2789 /* if (A == IPPROTO_DSTOPTS) goto v6advance */
2790 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2791 s[i]->s.jt = NULL; /*later*/
2792 s[i]->s.jf = NULL; /*update in next stmt*/
2793 s[i]->s.k = IPPROTO_DSTOPTS;
2794 i++;
2795 /* if (A == IPPROTO_ROUTING) goto v6advance */
2796 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2797 s[i]->s.jt = NULL; /*later*/
2798 s[i]->s.jf = NULL; /*update in next stmt*/
2799 s[i]->s.k = IPPROTO_ROUTING;
2800 i++;
2801 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */
2802 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2803 s[i]->s.jt = NULL; /*later*/
2804 s[i]->s.jf = NULL; /*later*/
2805 s[i]->s.k = IPPROTO_FRAGMENT;
2806 fix3 = i;
2807 v6end = i;
2808 i++;
2809
2810 /* v6advance: */
2811 v6advance = i;
2812
2813 /*
2814 * in short,
2815 * A = P[X];
2816 * X = X + (P[X + 1] + 1) * 8;
2817 */
2818 /* A = X */
2819 s[i] = new_stmt(BPF_MISC|BPF_TXA);
2820 i++;
2821 /* A = P[X + packet head] */
2822 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2823 s[i]->s.k = off_nl;
2824 i++;
2825 /* MEM[reg2] = A */
2826 s[i] = new_stmt(BPF_ST);
2827 s[i]->s.k = reg2;
2828 i++;
2829 /* A = X */
2830 s[i] = new_stmt(BPF_MISC|BPF_TXA);
2831 i++;
2832 /* A += 1 */
2833 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2834 s[i]->s.k = 1;
2835 i++;
2836 /* X = A */
2837 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2838 i++;
2839 /* A = P[X + packet head]; */
2840 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2841 s[i]->s.k = off_nl;
2842 i++;
2843 /* A += 1 */
2844 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2845 s[i]->s.k = 1;
2846 i++;
2847 /* A *= 8 */
2848 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
2849 s[i]->s.k = 8;
2850 i++;
2851 /* X = A; */
2852 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2853 i++;
2854 /* A = MEM[reg2] */
2855 s[i] = new_stmt(BPF_LD|BPF_MEM);
2856 s[i]->s.k = reg2;
2857 i++;
2858
2859 /* goto again; (must use BPF_JA for backward jump) */
2860 s[i] = new_stmt(BPF_JMP|BPF_JA);
2861 s[i]->s.k = again - i - 1;
2862 s[i - 1]->s.jf = s[i];
2863 i++;
2864
2865 /* fixup */
2866 for (j = v6start; j <= v6end; j++)
2867 s[j]->s.jt = s[v6advance];
2868 } else
2869 #endif
2870 {
2871 /* nop */
2872 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2873 s[i]->s.k = 0;
2874 s[fix2]->s.jf = s[i];
2875 i++;
2876 }
2877
2878 /* ahcheck: */
2879 ahcheck = i;
2880 /* if (A == IPPROTO_AH) then fall through; else goto end; */
2881 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2882 s[i]->s.jt = NULL; /*later*/
2883 s[i]->s.jf = NULL; /*later*/
2884 s[i]->s.k = IPPROTO_AH;
2885 if (fix3)
2886 s[fix3]->s.jf = s[ahcheck];
2887 fix4 = i;
2888 i++;
2889
2890 /*
2891 * in short,
2892 * A = P[X];
2893 * X = X + (P[X + 1] + 2) * 4;
2894 */
2895 /* A = X */
2896 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
2897 i++;
2898 /* A = P[X + packet head]; */
2899 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2900 s[i]->s.k = off_nl;
2901 i++;
2902 /* MEM[reg2] = A */
2903 s[i] = new_stmt(BPF_ST);
2904 s[i]->s.k = reg2;
2905 i++;
2906 /* A = X */
2907 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
2908 i++;
2909 /* A += 1 */
2910 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2911 s[i]->s.k = 1;
2912 i++;
2913 /* X = A */
2914 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2915 i++;
2916 /* A = P[X + packet head] */
2917 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2918 s[i]->s.k = off_nl;
2919 i++;
2920 /* A += 2 */
2921 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2922 s[i]->s.k = 2;
2923 i++;
2924 /* A *= 4 */
2925 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
2926 s[i]->s.k = 4;
2927 i++;
2928 /* X = A; */
2929 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2930 i++;
2931 /* A = MEM[reg2] */
2932 s[i] = new_stmt(BPF_LD|BPF_MEM);
2933 s[i]->s.k = reg2;
2934 i++;
2935
2936 /* goto again; (must use BPF_JA for backward jump) */
2937 s[i] = new_stmt(BPF_JMP|BPF_JA);
2938 s[i]->s.k = again - i - 1;
2939 i++;
2940
2941 /* end: nop */
2942 end = i;
2943 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2944 s[i]->s.k = 0;
2945 s[fix2]->s.jt = s[end];
2946 s[fix4]->s.jf = s[end];
2947 s[fix5]->s.jt = s[end];
2948 i++;
2949
2950 /*
2951 * make slist chain
2952 */
2953 max = i;
2954 for (i = 0; i < max - 1; i++)
2955 s[i]->next = s[i + 1];
2956 s[max - 1]->next = NULL;
2957
2958 /*
2959 * emit final check
2960 */
2961 b = new_block(JMP(BPF_JEQ));
2962 b->stmts = s[1]; /*remember, s[0] is dummy*/
2963 b->s.k = v;
2964
2965 free_reg(reg2);
2966
2967 gen_and(b0, b);
2968 return b;
2969 #endif
2970 }
2971
2972 static struct block *
2973 gen_proto(v, proto, dir)
2974 int v;
2975 int proto;
2976 int dir;
2977 {
2978 struct block *b0, *b1;
2979
2980 if (dir != Q_DEFAULT)
2981 bpf_error("direction applied to 'proto'");
2982
2983 switch (proto) {
2984 case Q_DEFAULT:
2985 #ifdef INET6
2986 b0 = gen_proto(v, Q_IP, dir);
2987 b1 = gen_proto(v, Q_IPV6, dir);
2988 gen_or(b0, b1);
2989 return b1;
2990 #else
2991 /*FALLTHROUGH*/
2992 #endif
2993 case Q_IP:
2994 b0 = gen_linktype(ETHERTYPE_IP);
2995 #ifndef CHASE_CHAIN
2996 b1 = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)v);
2997 #else
2998 b1 = gen_protochain(v, Q_IP);
2999 #endif
3000 gen_and(b0, b1);
3001 return b1;
3002
3003 case Q_ISO:
3004 switch (linktype) {
3005
3006 case DLT_FRELAY:
3007 /*
3008 * Frame Relay packets typically have an OSI
3009 * NLPID at the beginning; "gen_linktype(LLCSAP_ISONS)"
3010 * generates code to check for all the OSI
3011 * NLPIDs, so calling it and then adding a check
3012 * for the particular NLPID for which we're
3013 * looking is bogus, as we can just check for
3014 * the NLPID.
3015 *
3016 * What we check for is the NLPID and a frame
3017 * control field value of UI, i.e. 0x03 followed
3018 * by the NLPID.
3019 *
3020 * XXX - assumes a 2-byte Frame Relay header with
3021 * DLCI and flags. What if the address is longer?
3022 *
3023 * XXX - what about SNAP-encapsulated frames?
3024 */
3025 return gen_cmp(2, BPF_H, (0x03<<8) | v);
3026 break;
3027
3028 default:
3029 b0 = gen_linktype(LLCSAP_ISONS);
3030 b1 = gen_cmp(off_nl_nosnap, BPF_B, (long)v);
3031 gen_and(b0, b1);
3032 return b1;
3033 }
3034
3035 case Q_ARP:
3036 bpf_error("arp does not encapsulate another protocol");
3037 /* NOTREACHED */
3038
3039 case Q_RARP:
3040 bpf_error("rarp does not encapsulate another protocol");
3041 /* NOTREACHED */
3042
3043 case Q_ATALK:
3044 bpf_error("atalk encapsulation is not specifiable");
3045 /* NOTREACHED */
3046
3047 case Q_DECNET:
3048 bpf_error("decnet encapsulation is not specifiable");
3049 /* NOTREACHED */
3050
3051 case Q_SCA:
3052 bpf_error("sca does not encapsulate another protocol");
3053 /* NOTREACHED */
3054
3055 case Q_LAT:
3056 bpf_error("lat does not encapsulate another protocol");
3057 /* NOTREACHED */
3058
3059 case Q_MOPRC:
3060 bpf_error("moprc does not encapsulate another protocol");
3061 /* NOTREACHED */
3062
3063 case Q_MOPDL:
3064 bpf_error("mopdl does not encapsulate another protocol");
3065 /* NOTREACHED */
3066
3067 case Q_LINK:
3068 return gen_linktype(v);
3069
3070 case Q_UDP:
3071 bpf_error("'udp proto' is bogus");
3072 /* NOTREACHED */
3073
3074 case Q_TCP:
3075 bpf_error("'tcp proto' is bogus");
3076 /* NOTREACHED */
3077
3078 case Q_SCTP:
3079 bpf_error("'sctp proto' is bogus");
3080 /* NOTREACHED */
3081
3082 case Q_ICMP:
3083 bpf_error("'icmp proto' is bogus");
3084 /* NOTREACHED */
3085
3086 case Q_IGMP:
3087 bpf_error("'igmp proto' is bogus");
3088 /* NOTREACHED */
3089
3090 case Q_IGRP:
3091 bpf_error("'igrp proto' is bogus");
3092 /* NOTREACHED */
3093
3094 case Q_PIM:
3095 bpf_error("'pim proto' is bogus");
3096 /* NOTREACHED */
3097
3098 case Q_VRRP:
3099 bpf_error("'vrrp proto' is bogus");
3100 /* NOTREACHED */
3101
3102 #ifdef INET6
3103 case Q_IPV6:
3104 b0 = gen_linktype(ETHERTYPE_IPV6);
3105 #ifndef CHASE_CHAIN
3106 b1 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)v);
3107 #else
3108 b1 = gen_protochain(v, Q_IPV6);
3109 #endif
3110 gen_and(b0, b1);
3111 return b1;
3112
3113 case Q_ICMPV6:
3114 bpf_error("'icmp6 proto' is bogus");
3115 #endif /* INET6 */
3116
3117 case Q_AH:
3118 bpf_error("'ah proto' is bogus");
3119
3120 case Q_ESP:
3121 bpf_error("'ah proto' is bogus");
3122
3123 case Q_STP:
3124 bpf_error("'stp proto' is bogus");
3125
3126 case Q_IPX:
3127 bpf_error("'ipx proto' is bogus");
3128
3129 case Q_NETBEUI:
3130 bpf_error("'netbeui proto' is bogus");
3131
3132 default:
3133 abort();
3134 /* NOTREACHED */
3135 }
3136 /* NOTREACHED */
3137 }
3138
3139 struct block *
3140 gen_scode(name, q)
3141 register const char *name;
3142 struct qual q;
3143 {
3144 int proto = q.proto;
3145 int dir = q.dir;
3146 int tproto;
3147 u_char *eaddr;
3148 bpf_u_int32 mask, addr;
3149 #ifndef INET6
3150 bpf_u_int32 **alist;
3151 #else
3152 int tproto6;
3153 struct sockaddr_in *sin;
3154 struct sockaddr_in6 *sin6;
3155 struct addrinfo *res, *res0;
3156 struct in6_addr mask128;
3157 #endif /*INET6*/
3158 struct block *b, *tmp;
3159 int port, real_proto;
3160
3161 switch (q.addr) {
3162
3163 case Q_NET:
3164 addr = pcap_nametonetaddr(name);
3165 if (addr == 0)
3166 bpf_error("unknown network '%s'", name);
3167 /* Left justify network addr and calculate its network mask */
3168 mask = 0xffffffff;
3169 while (addr && (addr & 0xff000000) == 0) {
3170 addr <<= 8;
3171 mask <<= 8;
3172 }
3173 return gen_host(addr, mask, proto, dir);
3174
3175 case Q_DEFAULT:
3176 case Q_HOST:
3177 if (proto == Q_LINK) {
3178 switch (linktype) {
3179
3180 case DLT_EN10MB:
3181 eaddr = pcap_ether_hostton(name);
3182 if (eaddr == NULL)
3183 bpf_error(
3184 "unknown ether host '%s'", name);
3185 b = gen_ehostop(eaddr, dir);
3186 free(eaddr);
3187 return b;
3188
3189 case DLT_FDDI:
3190 eaddr = pcap_ether_hostton(name);
3191 if (eaddr == NULL)
3192 bpf_error(
3193 "unknown FDDI host '%s'", name);
3194 b = gen_fhostop(eaddr, dir);
3195 free(eaddr);
3196 return b;
3197
3198 case DLT_IEEE802:
3199 eaddr = pcap_ether_hostton(name);
3200 if (eaddr == NULL)
3201 bpf_error(
3202 "unknown token ring host '%s'", name);
3203 b = gen_thostop(eaddr, dir);
3204 free(eaddr);
3205 return b;
3206
3207 default:
3208 bpf_error(
3209 "only ethernet/FDDI/token ring supports link-level host name");
3210 break;
3211 }
3212 } else if (proto == Q_DECNET) {
3213 unsigned short dn_addr = __pcap_nametodnaddr(name);
3214 /*
3215 * I don't think DECNET hosts can be multihomed, so
3216 * there is no need to build up a list of addresses
3217 */
3218 return (gen_host(dn_addr, 0, proto, dir));
3219 } else {
3220 #ifndef INET6
3221 alist = pcap_nametoaddr(name);
3222 if (alist == NULL || *alist == NULL)
3223 bpf_error("unknown host '%s'", name);
3224 tproto = proto;
3225 if (off_linktype == -1 && tproto == Q_DEFAULT)
3226 tproto = Q_IP;
3227 b = gen_host(**alist++, 0xffffffff, tproto, dir);
3228 while (*alist) {
3229 tmp = gen_host(**alist++, 0xffffffff,
3230 tproto, dir);
3231 gen_or(b, tmp);
3232 b = tmp;
3233 }
3234 return b;
3235 #else
3236 memset(&mask128, 0xff, sizeof(mask128));
3237 res0 = res = pcap_nametoaddrinfo(name);
3238 if (res == NULL)
3239 bpf_error("unknown host '%s'", name);
3240 b = tmp = NULL;
3241 tproto = tproto6 = proto;
3242 if (off_linktype == -1 && tproto == Q_DEFAULT) {
3243 tproto = Q_IP;
3244 tproto6 = Q_IPV6;
3245 }
3246 for (res = res0; res; res = res->ai_next) {
3247 switch (res->ai_family) {
3248 case AF_INET:
3249 if (tproto == Q_IPV6)
3250 continue;
3251
3252 sin = (struct sockaddr_in *)
3253 res->ai_addr;
3254 tmp = gen_host(ntohl(sin->sin_addr.s_addr),
3255 0xffffffff, tproto, dir);
3256 break;
3257 case AF_INET6:
3258 if (tproto6 == Q_IP)
3259 continue;
3260
3261 sin6 = (struct sockaddr_in6 *)
3262 res->ai_addr;
3263 tmp = gen_host6(&sin6->sin6_addr,
3264 &mask128, tproto6, dir);
3265 break;
3266 default:
3267 continue;
3268 }
3269 if (b)
3270 gen_or(b, tmp);
3271 b = tmp;
3272 }
3273 freeaddrinfo(res0);
3274 if (b == NULL) {
3275 bpf_error("unknown host '%s'%s", name,
3276 (proto == Q_DEFAULT)
3277 ? ""
3278 : " for specified address family");
3279 }
3280 return b;
3281 #endif /*INET6*/
3282 }
3283
3284 case Q_PORT:
3285 if (proto != Q_DEFAULT &&
3286 proto != Q_UDP && proto != Q_TCP && proto != Q_SCTP)
3287 bpf_error("illegal qualifier of 'port'");
3288 if (pcap_nametoport(name, &port, &real_proto) == 0)
3289 bpf_error("unknown port '%s'", name);
3290 if (proto == Q_UDP) {
3291 if (real_proto == IPPROTO_TCP)
3292 bpf_error("port '%s' is tcp", name);
3293 else if (real_proto == IPPROTO_SCTP)
3294 bpf_error("port '%s' is sctp", name);
3295 else
3296 /* override PROTO_UNDEF */
3297 real_proto = IPPROTO_UDP;
3298 }
3299 if (proto == Q_TCP) {
3300 if (real_proto == IPPROTO_UDP)
3301 bpf_error("port '%s' is udp", name);
3302
3303 else if (real_proto == IPPROTO_SCTP)
3304 bpf_error("port '%s' is sctp", name);
3305 else
3306 /* override PROTO_UNDEF */
3307 real_proto = IPPROTO_TCP;
3308 }
3309 if (proto == Q_SCTP) {
3310 if (real_proto == IPPROTO_UDP)
3311 bpf_error("port '%s' is udp", name);
3312
3313 else if (real_proto == IPPROTO_TCP)
3314 bpf_error("port '%s' is tcp", name);
3315 else
3316 /* override PROTO_UNDEF */
3317 real_proto = IPPROTO_SCTP;
3318 }
3319 #ifndef INET6
3320 return gen_port(port, real_proto, dir);
3321 #else
3322 {
3323 struct block *b;
3324 b = gen_port(port, real_proto, dir);
3325 gen_or(gen_port6(port, real_proto, dir), b);
3326 return b;
3327 }
3328 #endif /* INET6 */
3329
3330 case Q_GATEWAY:
3331 #ifndef INET6
3332 eaddr = pcap_ether_hostton(name);
3333 if (eaddr == NULL)
3334 bpf_error("unknown ether host: %s", name);
3335
3336 alist = pcap_nametoaddr(name);
3337 if (alist == NULL || *alist == NULL)
3338 bpf_error("unknown host '%s'", name);
3339 b = gen_gateway(eaddr, alist, proto, dir);
3340 free(eaddr);
3341 return b;
3342 #else
3343 bpf_error("'gateway' not supported in this configuration");
3344 #endif /*INET6*/
3345
3346 case Q_PROTO:
3347 real_proto = lookup_proto(name, proto);
3348 if (real_proto >= 0)
3349 return gen_proto(real_proto, proto, dir);
3350 else
3351 bpf_error("unknown protocol: %s", name);
3352
3353 case Q_PROTOCHAIN:
3354 real_proto = lookup_proto(name, proto);
3355 if (real_proto >= 0)
3356 return gen_protochain(real_proto, proto, dir);
3357 else
3358 bpf_error("unknown protocol: %s", name);
3359
3360
3361 case Q_UNDEF:
3362 syntax();
3363 /* NOTREACHED */
3364 }
3365 abort();
3366 /* NOTREACHED */
3367 }
3368
3369 struct block *
3370 gen_mcode(s1, s2, masklen, q)
3371 register const char *s1, *s2;
3372 register int masklen;
3373 struct qual q;
3374 {
3375 register int nlen, mlen;
3376 bpf_u_int32 n, m;
3377
3378 nlen = __pcap_atoin(s1, &n);
3379 /* Promote short ipaddr */
3380 n <<= 32 - nlen;
3381
3382 if (s2 != NULL) {
3383 mlen = __pcap_atoin(s2, &m);
3384 /* Promote short ipaddr */
3385 m <<= 32 - mlen;
3386 if ((n & ~m) != 0)
3387 bpf_error("non-network bits set in \"%s mask %s\"",
3388 s1, s2);
3389 } else {
3390 /* Convert mask len to mask */
3391 if (masklen > 32)
3392 bpf_error("mask length must be <= 32");
3393 m = 0xffffffff << (32 - masklen);
3394 if ((n & ~m) != 0)
3395 bpf_error("non-network bits set in \"%s/%d\"",
3396 s1, masklen);
3397 }
3398
3399 switch (q.addr) {
3400
3401 case Q_NET:
3402 return gen_host(n, m, q.proto, q.dir);
3403
3404 default:
3405 bpf_error("Mask syntax for networks only");
3406 /* NOTREACHED */
3407 }
3408 }
3409
3410 struct block *
3411 gen_ncode(s, v, q)
3412 register const char *s;
3413 bpf_u_int32 v;
3414 struct qual q;
3415 {
3416 bpf_u_int32 mask;
3417 int proto = q.proto;
3418 int dir = q.dir;
3419 register int vlen;
3420
3421 if (s == NULL)
3422 vlen = 32;
3423 else if (q.proto == Q_DECNET)
3424 vlen = __pcap_atodn(s, &v);
3425 else
3426 vlen = __pcap_atoin(s, &v);
3427
3428 switch (q.addr) {
3429
3430 case Q_DEFAULT:
3431 case Q_HOST:
3432 case Q_NET:
3433 if (proto == Q_DECNET)
3434 return gen_host(v, 0, proto, dir);
3435 else if (proto == Q_LINK) {
3436 bpf_error("illegal link layer address");
3437 } else {
3438 mask = 0xffffffff;
3439 if (s == NULL && q.addr == Q_NET) {
3440 /* Promote short net number */
3441 while (v && (v & 0xff000000) == 0) {
3442 v <<= 8;
3443 mask <<= 8;
3444 }
3445 } else {
3446 /* Promote short ipaddr */
3447 v <<= 32 - vlen;
3448 mask <<= 32 - vlen;
3449 }
3450 return gen_host(v, mask, proto, dir);
3451 }
3452
3453 case Q_PORT:
3454 if (proto == Q_UDP)
3455 proto = IPPROTO_UDP;
3456 else if (proto == Q_TCP)
3457 proto = IPPROTO_TCP;
3458 else if (proto == Q_SCTP)
3459 proto = IPPROTO_SCTP;
3460 else if (proto == Q_DEFAULT)
3461 proto = PROTO_UNDEF;
3462 else
3463 bpf_error("illegal qualifier of 'port'");
3464
3465 #ifndef INET6
3466 return gen_port((int)v, proto, dir);
3467 #else
3468 {
3469 struct block *b;
3470 b = gen_port((int)v, proto, dir);
3471 gen_or(gen_port6((int)v, proto, dir), b);
3472 return b;
3473 }
3474 #endif /* INET6 */
3475
3476 case Q_GATEWAY:
3477 bpf_error("'gateway' requires a name");
3478 /* NOTREACHED */
3479
3480 case Q_PROTO:
3481 return gen_proto((int)v, proto, dir);
3482
3483 case Q_PROTOCHAIN:
3484 return gen_protochain((int)v, proto, dir);
3485
3486 case Q_UNDEF:
3487 syntax();
3488 /* NOTREACHED */
3489
3490 default:
3491 abort();
3492 /* NOTREACHED */
3493 }
3494 /* NOTREACHED */
3495 }
3496
3497 #ifdef INET6
3498 struct block *
3499 gen_mcode6(s1, s2, masklen, q)
3500 register const char *s1, *s2;
3501 register int masklen;
3502 struct qual q;
3503 {
3504 struct addrinfo *res;
3505 struct in6_addr *addr;
3506 struct in6_addr mask;
3507 struct block *b;
3508 u_int32_t *a, *m;
3509
3510 if (s2)
3511 bpf_error("no mask %s supported", s2);
3512
3513 res = pcap_nametoaddrinfo(s1);
3514 if (!res)
3515 bpf_error("invalid ip6 address %s", s1);
3516 if (res->ai_next)
3517 bpf_error("%s resolved to multiple address", s1);
3518 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr;
3519
3520 if (sizeof(mask) * 8 < masklen)
3521 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8));
3522 memset(&mask, 0, sizeof(mask));
3523 memset(&mask, 0xff, masklen / 8);
3524 if (masklen % 8) {
3525 mask.s6_addr[masklen / 8] =
3526 (0xff << (8 - masklen % 8)) & 0xff;
3527 }
3528
3529 a = (u_int32_t *)addr;
3530 m = (u_int32_t *)&mask;
3531 if ((a[0] & ~m[0]) || (a[1] & ~m[1])
3532 || (a[2] & ~m[2]) || (a[3] & ~m[3])) {
3533 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen);
3534 }
3535
3536 switch (q.addr) {
3537
3538 case Q_DEFAULT:
3539 case Q_HOST:
3540 if (masklen != 128)
3541 bpf_error("Mask syntax for networks only");
3542 /* FALLTHROUGH */
3543
3544 case Q_NET:
3545 b = gen_host6(addr, &mask, q.proto, q.dir);
3546 freeaddrinfo(res);
3547 return b;
3548
3549 default:
3550 bpf_error("invalid qualifier against IPv6 address");
3551 /* NOTREACHED */
3552 }
3553 }
3554 #endif /*INET6*/
3555
3556 struct block *
3557 gen_ecode(eaddr, q)
3558 register const u_char *eaddr;
3559 struct qual q;
3560 {
3561 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
3562 if (linktype == DLT_EN10MB)
3563 return gen_ehostop(eaddr, (int)q.dir);
3564 if (linktype == DLT_FDDI)
3565 return gen_fhostop(eaddr, (int)q.dir);
3566 if (linktype == DLT_IEEE802)
3567 return gen_thostop(eaddr, (int)q.dir);
3568 bpf_error("ethernet addresses supported only on ethernet, FDDI or token ring");
3569 }
3570 bpf_error("ethernet address used in non-ether expression");
3571 /* NOTREACHED */
3572 }
3573
3574 void
3575 sappend(s0, s1)
3576 struct slist *s0, *s1;
3577 {
3578 /*
3579 * This is definitely not the best way to do this, but the
3580 * lists will rarely get long.
3581 */
3582 while (s0->next)
3583 s0 = s0->next;
3584 s0->next = s1;
3585 }
3586
3587 static struct slist *
3588 xfer_to_x(a)
3589 struct arth *a;
3590 {
3591 struct slist *s;
3592
3593 s = new_stmt(BPF_LDX|BPF_MEM);
3594 s->s.k = a->regno;
3595 return s;
3596 }
3597
3598 static struct slist *
3599 xfer_to_a(a)
3600 struct arth *a;
3601 {
3602 struct slist *s;
3603
3604 s = new_stmt(BPF_LD|BPF_MEM);
3605 s->s.k = a->regno;
3606 return s;
3607 }
3608
3609 struct arth *
3610 gen_load(proto, index, size)
3611 int proto;
3612 struct arth *index;
3613 int size;
3614 {
3615 struct slist *s, *tmp;
3616 struct block *b;
3617 int regno = alloc_reg();
3618
3619 free_reg(index->regno);
3620 switch (size) {
3621
3622 default:
3623 bpf_error("data size must be 1, 2, or 4");
3624
3625 case 1:
3626 size = BPF_B;
3627 break;
3628
3629 case 2:
3630 size = BPF_H;
3631 break;
3632
3633 case 4:
3634 size = BPF_W;
3635 break;
3636 }
3637 switch (proto) {
3638 default:
3639 bpf_error("unsupported index operation");
3640
3641 case Q_LINK:
3642 s = xfer_to_x(index);
3643 tmp = new_stmt(BPF_LD|BPF_IND|size);
3644 sappend(s, tmp);
3645 sappend(index->s, s);
3646 break;
3647
3648 case Q_IP:
3649 case Q_ARP:
3650 case Q_RARP:
3651 case Q_ATALK:
3652 case Q_DECNET:
3653 case Q_SCA:
3654 case Q_LAT:
3655 case Q_MOPRC:
3656 case Q_MOPDL:
3657 #ifdef INET6
3658 case Q_IPV6:
3659 #endif
3660 /* XXX Note that we assume a fixed link header here. */
3661 s = xfer_to_x(index);
3662 tmp = new_stmt(BPF_LD|BPF_IND|size);
3663 tmp->s.k = off_nl;
3664 sappend(s, tmp);
3665 sappend(index->s, s);
3666
3667 b = gen_proto_abbrev(proto);
3668 if (index->b)
3669 gen_and(index->b, b);
3670 index->b = b;
3671 break;
3672
3673 case Q_SCTP:
3674 case Q_TCP:
3675 case Q_UDP:
3676 case Q_ICMP:
3677 case Q_IGMP:
3678 case Q_IGRP:
3679 case Q_PIM:
3680 case Q_VRRP:
3681 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
3682 s->s.k = off_nl;
3683 sappend(s, xfer_to_a(index));
3684 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X));
3685 sappend(s, new_stmt(BPF_MISC|BPF_TAX));
3686 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size));
3687 tmp->s.k = off_nl;
3688 sappend(index->s, s);
3689
3690 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag());
3691 if (index->b)
3692 gen_and(index->b, b);
3693 #ifdef INET6
3694 gen_and(gen_proto_abbrev(Q_IP), b);
3695 #endif
3696 index->b = b;
3697 break;
3698 #ifdef INET6
3699 case Q_ICMPV6:
3700 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]");
3701 /*NOTREACHED*/
3702 #endif
3703 }
3704 index->regno = regno;
3705 s = new_stmt(BPF_ST);
3706 s->s.k = regno;
3707 sappend(index->s, s);
3708
3709 return index;
3710 }
3711
3712 struct block *
3713 gen_relation(code, a0, a1, reversed)
3714 int code;
3715 struct arth *a0, *a1;
3716 int reversed;
3717 {
3718 struct slist *s0, *s1, *s2;
3719 struct block *b, *tmp;
3720
3721 s0 = xfer_to_x(a1);
3722 s1 = xfer_to_a(a0);
3723 if (code == BPF_JEQ) {
3724 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X);
3725 b = new_block(JMP(code));
3726 sappend(s1, s2);
3727 }
3728 else
3729 b = new_block(BPF_JMP|code|BPF_X);
3730 if (reversed)
3731 gen_not(b);
3732
3733 sappend(s0, s1);
3734 sappend(a1->s, s0);
3735 sappend(a0->s, a1->s);
3736
3737 b->stmts = a0->s;
3738
3739 free_reg(a0->regno);
3740 free_reg(a1->regno);
3741
3742 /* 'and' together protocol checks */
3743 if (a0->b) {
3744 if (a1->b) {
3745 gen_and(a0->b, tmp = a1->b);
3746 }
3747 else
3748 tmp = a0->b;
3749 } else
3750 tmp = a1->b;
3751
3752 if (tmp)
3753 gen_and(tmp, b);
3754
3755 return b;
3756 }
3757
3758 struct arth *
3759 gen_loadlen()
3760 {
3761 int regno = alloc_reg();
3762 struct arth *a = (struct arth *)newchunk(sizeof(*a));
3763 struct slist *s;
3764
3765 s = new_stmt(BPF_LD|BPF_LEN);
3766 s->next = new_stmt(BPF_ST);
3767 s->next->s.k = regno;
3768 a->s = s;
3769 a->regno = regno;
3770
3771 return a;
3772 }
3773
3774 struct arth *
3775 gen_loadi(val)
3776 int val;
3777 {
3778 struct arth *a;
3779 struct slist *s;
3780 int reg;
3781
3782 a = (struct arth *)newchunk(sizeof(*a));
3783
3784 reg = alloc_reg();
3785
3786 s = new_stmt(BPF_LD|BPF_IMM);
3787 s->s.k = val;
3788 s->next = new_stmt(BPF_ST);
3789 s->next->s.k = reg;
3790 a->s = s;
3791 a->regno = reg;
3792
3793 return a;
3794 }
3795
3796 struct arth *
3797 gen_neg(a)
3798 struct arth *a;
3799 {
3800 struct slist *s;
3801
3802 s = xfer_to_a(a);
3803 sappend(a->s, s);
3804 s = new_stmt(BPF_ALU|BPF_NEG);
3805 s->s.k = 0;
3806 sappend(a->s, s);
3807 s = new_stmt(BPF_ST);
3808 s->s.k = a->regno;
3809 sappend(a->s, s);
3810
3811 return a;
3812 }
3813
3814 struct arth *
3815 gen_arth(code, a0, a1)
3816 int code;
3817 struct arth *a0, *a1;
3818 {
3819 struct slist *s0, *s1, *s2;
3820
3821 s0 = xfer_to_x(a1);
3822 s1 = xfer_to_a(a0);
3823 s2 = new_stmt(BPF_ALU|BPF_X|code);
3824
3825 sappend(s1, s2);
3826 sappend(s0, s1);
3827 sappend(a1->s, s0);
3828 sappend(a0->s, a1->s);
3829
3830 free_reg(a0->regno);
3831 free_reg(a1->regno);
3832
3833 s0 = new_stmt(BPF_ST);
3834 a0->regno = s0->s.k = alloc_reg();
3835 sappend(a0->s, s0);
3836
3837 return a0;
3838 }
3839
3840 /*
3841 * Here we handle simple allocation of the scratch registers.
3842 * If too many registers are alloc'd, the allocator punts.
3843 */
3844 static int regused[BPF_MEMWORDS];
3845 static int curreg;
3846
3847 /*
3848 * Return the next free register.
3849 */
3850 static int
3851 alloc_reg()
3852 {
3853 int n = BPF_MEMWORDS;
3854
3855 while (--n >= 0) {
3856 if (regused[curreg])
3857 curreg = (curreg + 1) % BPF_MEMWORDS;
3858 else {
3859 regused[curreg] = 1;
3860 return curreg;
3861 }
3862 }
3863 bpf_error("too many registers needed to evaluate expression");
3864 /* NOTREACHED */
3865 }
3866
3867 /*
3868 * Return a register to the table so it can
3869 * be used later.
3870 */
3871 static void
3872 free_reg(n)
3873 int n;
3874 {
3875 regused[n] = 0;
3876 }
3877
3878 static struct block *
3879 gen_len(jmp, n)
3880 int jmp, n;
3881 {
3882 struct slist *s;
3883 struct block *b;
3884
3885 s = new_stmt(BPF_LD|BPF_LEN);
3886 b = new_block(JMP(jmp));
3887 b->stmts = s;
3888 b->s.k = n;
3889
3890 return b;
3891 }
3892
3893 struct block *
3894 gen_greater(n)
3895 int n;
3896 {
3897 return gen_len(BPF_JGE, n);
3898 }
3899
3900 /*
3901 * Actually, this is less than or equal.
3902 */
3903 struct block *
3904 gen_less(n)
3905 int n;
3906 {
3907 struct block *b;
3908
3909 b = gen_len(BPF_JGT, n);
3910 gen_not(b);
3911
3912 return b;
3913 }
3914
3915 struct block *
3916 gen_byteop(op, idx, val)
3917 int op, idx, val;
3918 {
3919 struct block *b;
3920 struct slist *s;
3921
3922 switch (op) {
3923 default:
3924 abort();
3925
3926 case '=':
3927 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
3928
3929 case '<':
3930 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
3931 b->s.code = JMP(BPF_JGE);
3932 gen_not(b);
3933 return b;
3934
3935 case '>':
3936 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
3937 b->s.code = JMP(BPF_JGT);
3938 return b;
3939
3940 case '|':
3941 s = new_stmt(BPF_ALU|BPF_OR|BPF_K);
3942 break;
3943
3944 case '&':
3945 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
3946 break;
3947 }
3948 s->s.k = val;
3949 b = new_block(JMP(BPF_JEQ));
3950 b->stmts = s;
3951 gen_not(b);
3952
3953 return b;
3954 }
3955
3956 static u_char abroadcast[] = { 0x0 };
3957
3958 struct block *
3959 gen_broadcast(proto)
3960 int proto;
3961 {
3962 bpf_u_int32 hostmask;
3963 struct block *b0, *b1, *b2;
3964 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
3965
3966 switch (proto) {
3967
3968 case Q_DEFAULT:
3969 case Q_LINK:
3970 if (linktype == DLT_ARCNET)
3971 return gen_ahostop(abroadcast, Q_DST);
3972 if (linktype == DLT_EN10MB)
3973 return gen_ehostop(ebroadcast, Q_DST);
3974 if (linktype == DLT_FDDI)
3975 return gen_fhostop(ebroadcast, Q_DST);
3976 if (linktype == DLT_IEEE802)
3977 return gen_thostop(ebroadcast, Q_DST);
3978 bpf_error("not a broadcast link");
3979 break;
3980
3981 case Q_IP:
3982 b0 = gen_linktype(ETHERTYPE_IP);
3983 hostmask = ~netmask;
3984 b1 = gen_mcmp(off_nl + 16, BPF_W, (bpf_int32)0, hostmask);
3985 b2 = gen_mcmp(off_nl + 16, BPF_W,
3986 (bpf_int32)(~0 & hostmask), hostmask);
3987 gen_or(b1, b2);
3988 gen_and(b0, b2);
3989 return b2;
3990 }
3991 bpf_error("only ether/ip broadcast filters supported");
3992 }
3993
3994 struct block *
3995 gen_multicast(proto)
3996 int proto;
3997 {
3998 register struct block *b0, *b1;
3999 register struct slist *s;
4000
4001 switch (proto) {
4002
4003 case Q_DEFAULT:
4004 case Q_LINK:
4005 if (linktype == DLT_ARCNET)
4006 /* all ARCnet multicasts use the same address */
4007 return gen_ahostop(abroadcast, Q_DST);
4008
4009 if (linktype == DLT_EN10MB) {
4010 /* ether[0] & 1 != 0 */
4011 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4012 s->s.k = 0;
4013 b0 = new_block(JMP(BPF_JSET));
4014 b0->s.k = 1;
4015 b0->stmts = s;
4016 return b0;
4017 }
4018
4019 if (linktype == DLT_FDDI) {
4020 /* XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX */
4021 /* fddi[1] & 1 != 0 */
4022 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4023 s->s.k = 1;
4024 b0 = new_block(JMP(BPF_JSET));
4025 b0->s.k = 1;
4026 b0->stmts = s;
4027 return b0;
4028 }
4029
4030 /* TODO - check how token ring handles multicast */
4031 /* if (linktype == DLT_IEEE802) ... */
4032
4033 /* Link not known to support multicasts */
4034 break;
4035
4036 case Q_IP:
4037 b0 = gen_linktype(ETHERTYPE_IP);
4038 b1 = gen_cmp(off_nl + 16, BPF_B, (bpf_int32)224);
4039 b1->s.code = JMP(BPF_JGE);
4040 gen_and(b0, b1);
4041 return b1;
4042
4043 #ifdef INET6
4044 case Q_IPV6:
4045 b0 = gen_linktype(ETHERTYPE_IPV6);
4046 b1 = gen_cmp(off_nl + 24, BPF_B, (bpf_int32)255);
4047 gen_and(b0, b1);
4048 return b1;
4049 #endif /* INET6 */
4050 }
4051 bpf_error("only IP multicast filters supported on ethernet/FDDI");
4052 }
4053
4054 /*
4055 * generate command for inbound/outbound. It's here so we can
4056 * make it link-type specific. 'dir' = 0 implies "inbound",
4057 * = 1 implies "outbound".
4058 */
4059 struct block *
4060 gen_inbound(dir)
4061 int dir;
4062 {
4063 register struct block *b0;
4064
4065 /*
4066 * Only some data link types support inbound/outbound qualifiers.
4067 */
4068 switch (linktype) {
4069 case DLT_SLIP:
4070 case DLT_PPP:
4071 b0 = gen_relation(BPF_JEQ,
4072 gen_load(Q_LINK, gen_loadi(0), 1),
4073 gen_loadi(0),
4074 dir);
4075 break;
4076
4077 default:
4078 bpf_error("inbound/outbound not supported on linktype %d\n",
4079 linktype);
4080 b0 = NULL;
4081 /* NOTREACHED */
4082 }
4083 return (b0);
4084 }
4085
4086 struct block *
4087 gen_acode(eaddr, q)
4088 register const u_char *eaddr;
4089 struct qual q;
4090 {
4091 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
4092 if (linktype == DLT_ARCNET)
4093 return gen_ahostop(eaddr, (int)q.dir);
4094 }
4095 bpf_error("ARCnet address used in non-arc expression");
4096 /* NOTREACHED */
4097 }
4098
4099 static struct block *
4100 gen_ahostop(eaddr, dir)
4101 register const u_char *eaddr;
4102 register int dir;
4103 {
4104 register struct block *b0, *b1;
4105
4106 switch (dir) {
4107 /* src comes first, different from Ethernet */
4108 case Q_SRC:
4109 return gen_bcmp(0, 1, eaddr);
4110
4111 case Q_DST:
4112 return gen_bcmp(1, 1, eaddr);
4113
4114 case Q_AND:
4115 b0 = gen_ahostop(eaddr, Q_SRC);
4116 b1 = gen_ahostop(eaddr, Q_DST);
4117 gen_and(b0, b1);
4118 return b1;
4119
4120 case Q_DEFAULT:
4121 case Q_OR:
4122 b0 = gen_ahostop(eaddr, Q_SRC);
4123 b1 = gen_ahostop(eaddr, Q_DST);
4124 gen_or(b0, b1);
4125 return b1;
4126 }
4127 abort();
4128 /* NOTREACHED */
4129 }
4130
4131 /*
4132 * support IEEE 802.1Q VLAN trunk over ethernet
4133 */
4134 struct block *
4135 gen_vlan(vlan_num)
4136 int vlan_num;
4137 {
4138 struct block *b0;
4139
4140 /*
4141 * Change the offsets to point to the type and data fields within
4142 * the VLAN packet. This is somewhat of a kludge.
4143 */
4144 if (orig_nl == (u_int)-1) {
4145 orig_linktype = off_linktype; /* save original values */
4146 orig_nl = off_nl;
4147 orig_nl_nosnap = off_nl_nosnap;
4148
4149 switch (linktype) {
4150
4151 case DLT_EN10MB:
4152 off_linktype = 16;
4153 off_nl_nosnap = 18;
4154 off_nl = 18;
4155 break;
4156
4157 default:
4158 bpf_error("no VLAN support for data link type %d",
4159 linktype);
4160 /*NOTREACHED*/
4161 }
4162 }
4163
4164 /* check for VLAN */
4165 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q);
4166
4167 /* If a specific VLAN is requested, check VLAN id */
4168 if (vlan_num >= 0) {
4169 struct block *b1;
4170
4171 b1 = gen_cmp(orig_nl, BPF_H, (bpf_int32)vlan_num);
4172 gen_and(b0, b1);
4173 b0 = b1;
4174 }
4175
4176 return (b0);
4177 }
4178
4179 struct block *
4180 gen_atmfield_code(atmfield, jvalue, jtype, reverse)
4181 int atmfield;
4182 bpf_u_int32 jvalue;
4183 bpf_u_int32 jtype;
4184 int reverse;
4185 {
4186 struct block *b0;
4187
4188 switch (atmfield) {
4189
4190 case A_VPI:
4191 if (!is_atm)
4192 bpf_error("'vpi' supported only on raw ATM");
4193 if (off_vpi == -1)
4194 abort();
4195 b0 = gen_ncmp(BPF_B, off_vpi, 0xffffffff, (u_int)jtype,
4196 (u_int)jvalue, reverse);
4197 break;
4198
4199 case A_VCI:
4200 if (!is_atm)
4201 bpf_error("'vci' supported only on raw ATM");
4202 if (off_vci == -1)
4203 abort();
4204 b0 = gen_ncmp(BPF_H, off_vci, 0xffffffff, (u_int)jtype,
4205 (u_int)jvalue, reverse);
4206 break;
4207
4208 case A_PROTOTYPE:
4209 if (off_proto == -1)
4210 abort(); /* XXX - this isn't on FreeBSD */
4211 b0 = gen_ncmp(BPF_B, off_proto, 0x0f, (u_int)jtype,
4212 (u_int)jvalue, reverse);
4213 break;
4214
4215 case A_MSGTYPE:
4216 if (off_msg_type == -1)
4217 abort();
4218 b0 = gen_ncmp(BPF_B, off_msg_type, 0xffffffff,
4219 (u_int)jtype, (u_int)jvalue, reverse);
4220 break;
4221
4222 case A_CALLREFTYPE:
4223 if (!is_atm)
4224 bpf_error("'callref' supported only on raw ATM");
4225 if (off_proto == -1)
4226 abort();
4227 b0 = gen_ncmp(BPF_B, off_proto, 0xffffffff, (u_int)jtype,
4228 (u_int)jvalue, reverse);
4229 break;
4230
4231 default:
4232 abort();
4233 }
4234 return b0;
4235 }
4236
4237 struct block *
4238 gen_atmtype_abbrev(type)
4239 int type;
4240 {
4241 struct block *b0, *b1;
4242
4243 switch (type) {
4244
4245 case A_METAC:
4246 /* Get all packets in Meta signalling Circuit */
4247 if (!is_atm)
4248 bpf_error("'metac' supported only on raw ATM");
4249 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
4250 b1 = gen_atmfield_code(A_VCI, 1, BPF_JEQ, 0);
4251 gen_and(b0, b1);
4252 break;
4253
4254 case A_BCC:
4255 /* Get all packets in Broadcast Circuit*/
4256 if (!is_atm)
4257 bpf_error("'bcc' supported only on raw ATM");
4258 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
4259 b1 = gen_atmfield_code(A_VCI, 2, BPF_JEQ, 0);
4260 gen_and(b0, b1);
4261 break;
4262
4263 case A_OAMF4SC:
4264 /* Get all cells in Segment OAM F4 circuit*/
4265 if (!is_atm)
4266 bpf_error("'oam4sc' supported only on raw ATM");
4267 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
4268 b1 = gen_atmfield_code(A_VCI, 3, BPF_JEQ, 0);
4269 gen_and(b0, b1);
4270 break;
4271
4272 case A_OAMF4EC:
4273 /* Get all cells in End-to-End OAM F4 Circuit*/
4274 if (!is_atm)
4275 bpf_error("'oam4ec' supported only on raw ATM");
4276 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
4277 b1 = gen_atmfield_code(A_VCI, 4, BPF_JEQ, 0);
4278 gen_and(b0, b1);
4279 break;
4280
4281 case A_SC:
4282 /* Get all packets in connection Signalling Circuit */
4283 if (!is_atm)
4284 bpf_error("'sc' supported only on raw ATM");
4285 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
4286 b1 = gen_atmfield_code(A_VCI, 5, BPF_JEQ, 0);
4287 gen_and(b0, b1);
4288 break;
4289
4290 case A_ILMIC:
4291 /* Get all packets in ILMI Circuit */
4292 if (!is_atm)
4293 bpf_error("'ilmic' supported only on raw ATM");
4294 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
4295 b1 = gen_atmfield_code(A_VCI, 16, BPF_JEQ, 0);
4296 gen_and(b0, b1);
4297 break;
4298
4299 case A_LANE:
4300 /* Get all LANE packets */
4301 if (!is_atm)
4302 bpf_error("'lane' supported only on raw ATM");
4303 b1 = gen_atmfield_code(A_PROTOTYPE, PT_LANE, BPF_JEQ, 0);
4304 break;
4305
4306 case A_LLC:
4307 /* Get all LLC-encapsulated packets */
4308 if (!is_atm)
4309 bpf_error("'llc' supported only on raw ATM");
4310 b1 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0);
4311 break;
4312
4313 default:
4314 abort();
4315 }
4316 return b1;
4317 }
4318
4319
4320 static struct block *
4321 gen_msg_abbrev(type)
4322 int type;
4323 {
4324 struct block *b1;
4325
4326 /*
4327 * Q.2931 signalling protocol messages for handling virtual circuits
4328 * establishment and teardown
4329 */
4330 switch (type) {
4331
4332 case A_SETUP:
4333 b1 = gen_atmfield_code(A_MSGTYPE, SETUP, BPF_JEQ, 0);
4334 break;
4335
4336 case A_CALLPROCEED:
4337 b1 = gen_atmfield_code(A_MSGTYPE, CALL_PROCEED, BPF_JEQ, 0);
4338 break;
4339
4340 case A_CONNECT:
4341 b1 = gen_atmfield_code(A_MSGTYPE, CONNECT, BPF_JEQ, 0);
4342 break;
4343
4344 case A_CONNECTACK:
4345 b1 = gen_atmfield_code(A_MSGTYPE, CONNECT_ACK, BPF_JEQ, 0);
4346 break;
4347
4348 case A_RELEASE:
4349 b1 = gen_atmfield_code(A_MSGTYPE, RELEASE, BPF_JEQ, 0);
4350 break;
4351
4352 case A_RELEASE_DONE:
4353 b1 = gen_atmfield_code(A_MSGTYPE, RELEASE_DONE, BPF_JEQ, 0);
4354 break;
4355
4356 default:
4357 abort();
4358 }
4359 return b1;
4360 }
4361
4362 struct block *
4363 gen_atmmulti_abbrev(type)
4364 int type;
4365 {
4366 struct block *b0, *b1;
4367
4368 switch (type) {
4369
4370 case A_OAM:
4371 if (!is_atm)
4372 bpf_error("'oam' supported only on raw ATM");
4373 b1 = gen_atmmulti_abbrev(A_OAMF4);
4374 break;
4375
4376 case A_OAMF4:
4377 if (!is_atm)
4378 bpf_error("'oamf4' supported only on raw ATM");
4379 /* OAM F4 type */
4380 b0 = gen_atmfield_code(A_VCI, 3, BPF_JEQ, 0);
4381 b1 = gen_atmfield_code(A_VCI, 4, BPF_JEQ, 0);
4382 gen_or(b0, b1);
4383 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
4384 gen_and(b0, b1);
4385 break;
4386
4387 case A_CONNECTMSG:
4388 /*
4389 * Get Q.2931 signalling messages for switched
4390 * virtual connection
4391 */
4392 if (!is_atm)
4393 bpf_error("'connectmsg' supported only on raw ATM");
4394 b0 = gen_msg_abbrev(A_SETUP);
4395 b1 = gen_msg_abbrev(A_CALLPROCEED);
4396 gen_or(b0, b1);
4397 b0 = gen_msg_abbrev(A_CONNECT);
4398 gen_or(b0, b1);
4399 b0 = gen_msg_abbrev(A_CONNECTACK);
4400 gen_or(b0, b1);
4401 b0 = gen_msg_abbrev(A_RELEASE);
4402 gen_or(b0, b1);
4403 b0 = gen_msg_abbrev(A_RELEASE_DONE);
4404 gen_or(b0, b1);
4405 b0 = gen_atmtype_abbrev(A_SC);
4406 gen_and(b0, b1);
4407 break;
4408
4409 case A_METACONNECT:
4410 if (!is_atm)
4411 bpf_error("'metaconnect' supported only on raw ATM");
4412 b0 = gen_msg_abbrev(A_SETUP);
4413 b1 = gen_msg_abbrev(A_CALLPROCEED);
4414 gen_or(b0, b1);
4415 b0 = gen_msg_abbrev(A_CONNECT);
4416 gen_or(b0, b1);
4417 b0 = gen_msg_abbrev(A_RELEASE);
4418 gen_or(b0, b1);
4419 b0 = gen_msg_abbrev(A_RELEASE_DONE);
4420 gen_or(b0, b1);
4421 b0 = gen_atmtype_abbrev(A_METAC);
4422 gen_and(b0, b1);
4423 break;
4424
4425 default:
4426 abort();
4427 }
4428 return b1;
4429 }
[mirror] the LIBpcap interface to various kernel packet capture mechanism