]> The Tcpdump Group git mirrors - libpcap/blob - gencode.c
projects / libpcap / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Add comments to explain the incomplete definitions of "struct mbuf" and
[libpcap] / gencode.c
1 /*#define CHASE_CHAIN*/
2 /*
3 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998
4 * The Regents of the University of California. All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that: (1) source code distributions
8 * retain the above copyright notice and this paragraph in its entirety, (2)
9 * distributions including binary code include the above copyright notice and
10 * this paragraph in its entirety in the documentation or other materials
11 * provided with the distribution, and (3) all advertising materials mentioning
12 * features or use of this software display the following acknowledgement:
13 * ``This product includes software developed by the University of California,
14 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
15 * the University nor the names of its contributors may be used to endorse
16 * or promote products derived from this software without specific prior
17 * written permission.
18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
19 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
20 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
21 */
22 #ifndef lint
23 static const char rcsid[] =
24 "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.165 2002-06-01 23:22:57 guy Exp $ (LBL)";
25 #endif
26
27 #ifdef HAVE_CONFIG_H
28 #include "config.h"
29 #endif
30
31 #include <sys/types.h>
32 #include <sys/socket.h>
33 #include <sys/time.h>
34 #ifdef __NetBSD__
35 #include <sys/param.h>
36 #endif
37
38 struct mbuf; /* Squelch compiler warnings on some platforms for */
39 struct rtentry; /* declarations in <net/if.h> */
40 #include <net/if.h>
41
42 #include <netinet/in.h>
43
44 #include <stdlib.h>
45 #include <string.h>
46 #include <memory.h>
47 #include <setjmp.h>
48 #include <stdarg.h>
49
50 #include "pcap-int.h"
51
52 #include "ethertype.h"
53 #include "nlpid.h"
54 #include "llc.h"
55 #include "gencode.h"
56 #include "ppp.h"
57 #include "sll.h"
58 #include "arcnet.h"
59 #ifdef INET6
60 #include <netdb.h> /* for "struct addrinfo" */
61 #endif /*INET6*/
62 #include <pcap-namedb.h>
63
64 #define ETHERMTU 1500
65
66 #ifndef IPPROTO_SCTP
67 #define IPPROTO_SCTP 132
68 #endif
69
70 #ifdef HAVE_OS_PROTO_H
71 #include "os-proto.h"
72 #endif
73
74 #define JMP(c) ((c)|BPF_JMP|BPF_K)
75
76 /* Locals */
77 static jmp_buf top_ctx;
78 static pcap_t *bpf_pcap;
79
80 /* Hack for updating VLAN offsets. */
81 static u_int orig_linktype = -1, orig_nl = -1, orig_nl_nosnap = -1;
82
83 /* XXX */
84 #ifdef PCAP_FDDIPAD
85 int pcap_fddipad = PCAP_FDDIPAD;
86 #else
87 int pcap_fddipad;
88 #endif
89
90 /* VARARGS */
91 void
92 bpf_error(const char *fmt, ...)
93
94 {
95 va_list ap;
96
97 va_start(ap, fmt);
98 if (bpf_pcap != NULL)
99 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE,
100 fmt, ap);
101 va_end(ap);
102 longjmp(top_ctx, 1);
103 /* NOTREACHED */
104 }
105
106 static void init_linktype(int);
107
108 static int alloc_reg(void);
109 static void free_reg(int);
110
111 static struct block *root;
112
113 /*
114 * We divy out chunks of memory rather than call malloc each time so
115 * we don't have to worry about leaking memory. It's probably
116 * not a big deal if all this memory was wasted but it this ever
117 * goes into a library that would probably not be a good idea.
118 */
119 #define NCHUNKS 16
120 #define CHUNK0SIZE 1024
121 struct chunk {
122 u_int n_left;
123 void *m;
124 };
125
126 static struct chunk chunks[NCHUNKS];
127 static int cur_chunk;
128
129 static void *newchunk(u_int);
130 static void freechunks(void);
131 static inline struct block *new_block(int);
132 static inline struct slist *new_stmt(int);
133 static struct block *gen_retblk(int);
134 static inline void syntax(void);
135
136 static void backpatch(struct block *, struct block *);
137 static void merge(struct block *, struct block *);
138 static struct block *gen_cmp(u_int, u_int, bpf_int32);
139 static struct block *gen_cmp_gt(u_int, u_int, bpf_int32);
140 static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32);
141 static struct block *gen_bcmp(u_int, u_int, const u_char *);
142 static struct block *gen_uncond(int);
143 static inline struct block *gen_true(void);
144 static inline struct block *gen_false(void);
145 static struct block *gen_linktype(int);
146 static struct block *gen_snap(bpf_u_int32, bpf_u_int32, u_int);
147 static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int);
148 #ifdef INET6
149 static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int);
150 #endif
151 static struct block *gen_ahostop(const u_char *, int);
152 static struct block *gen_ehostop(const u_char *, int);
153 static struct block *gen_fhostop(const u_char *, int);
154 static struct block *gen_thostop(const u_char *, int);
155 static struct block *gen_dnhostop(bpf_u_int32, int, u_int);
156 static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int);
157 #ifdef INET6
158 static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int);
159 #endif
160 #ifndef INET6
161 static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int);
162 #endif
163 static struct block *gen_ipfrag(void);
164 static struct block *gen_portatom(int, bpf_int32);
165 #ifdef INET6
166 static struct block *gen_portatom6(int, bpf_int32);
167 #endif
168 struct block *gen_portop(int, int, int);
169 static struct block *gen_port(int, int, int);
170 #ifdef INET6
171 struct block *gen_portop6(int, int, int);
172 static struct block *gen_port6(int, int, int);
173 #endif
174 static int lookup_proto(const char *, int);
175 static struct block *gen_protochain(int, int, int);
176 static struct block *gen_proto(int, int, int);
177 static struct slist *xfer_to_x(struct arth *);
178 static struct slist *xfer_to_a(struct arth *);
179 static struct block *gen_len(int, int);
180
181 static void *
182 newchunk(n)
183 u_int n;
184 {
185 struct chunk *cp;
186 int k, size;
187
188 #ifndef __NetBSD__
189 /* XXX Round up to nearest long. */
190 n = (n + sizeof(long) - 1) & ~(sizeof(long) - 1);
191 #else
192 /* XXX Round up to structure boundary. */
193 n = ALIGN(n);
194 #endif
195
196 cp = &chunks[cur_chunk];
197 if (n > cp->n_left) {
198 ++cp, k = ++cur_chunk;
199 if (k >= NCHUNKS)
200 bpf_error("out of memory");
201 size = CHUNK0SIZE << k;
202 cp->m = (void *)malloc(size);
203 memset((char *)cp->m, 0, size);
204 cp->n_left = size;
205 if (n > size)
206 bpf_error("out of memory");
207 }
208 cp->n_left -= n;
209 return (void *)((char *)cp->m + cp->n_left);
210 }
211
212 static void
213 freechunks()
214 {
215 int i;
216
217 cur_chunk = 0;
218 for (i = 0; i < NCHUNKS; ++i)
219 if (chunks[i].m != NULL) {
220 free(chunks[i].m);
221 chunks[i].m = NULL;
222 }
223 }
224
225 /*
226 * A strdup whose allocations are freed after code generation is over.
227 */
228 char *
229 sdup(s)
230 register const char *s;
231 {
232 int n = strlen(s) + 1;
233 char *cp = newchunk(n);
234
235 strlcpy(cp, s, n);
236 return (cp);
237 }
238
239 static inline struct block *
240 new_block(code)
241 int code;
242 {
243 struct block *p;
244
245 p = (struct block *)newchunk(sizeof(*p));
246 p->s.code = code;
247 p->head = p;
248
249 return p;
250 }
251
252 static inline struct slist *
253 new_stmt(code)
254 int code;
255 {
256 struct slist *p;
257
258 p = (struct slist *)newchunk(sizeof(*p));
259 p->s.code = code;
260
261 return p;
262 }
263
264 static struct block *
265 gen_retblk(v)
266 int v;
267 {
268 struct block *b = new_block(BPF_RET|BPF_K);
269
270 b->s.k = v;
271 return b;
272 }
273
274 static inline void
275 syntax()
276 {
277 bpf_error("syntax error in filter expression");
278 }
279
280 static bpf_u_int32 netmask;
281 static int snaplen;
282 int no_optimize;
283
284 int
285 pcap_compile(pcap_t *p, struct bpf_program *program,
286 char *buf, int optimize, bpf_u_int32 mask)
287 {
288 extern int n_errors;
289 int len;
290
291 no_optimize = 0;
292 n_errors = 0;
293 root = NULL;
294 bpf_pcap = p;
295 if (setjmp(top_ctx)) {
296 lex_cleanup();
297 freechunks();
298 return (-1);
299 }
300
301 netmask = mask;
302
303 snaplen = pcap_snapshot(p);
304 if (snaplen == 0) {
305 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
306 "snaplen of 0 rejects all packets");
307 return -1;
308 }
309
310 lex_init(buf ? buf : "");
311 init_linktype(pcap_datalink(p));
312 (void)pcap_parse();
313
314 if (n_errors)
315 syntax();
316
317 if (root == NULL)
318 root = gen_retblk(snaplen);
319
320 if (optimize && !no_optimize) {
321 bpf_optimize(&root);
322 if (root == NULL ||
323 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0))
324 bpf_error("expression rejects all packets");
325 }
326 program->bf_insns = icode_to_fcode(root, &len);
327 program->bf_len = len;
328
329 lex_cleanup();
330 freechunks();
331 return (0);
332 }
333
334 /*
335 * entry point for using the compiler with no pcap open
336 * pass in all the stuff that is needed explicitly instead.
337 */
338 int
339 pcap_compile_nopcap(int snaplen_arg, int linktype_arg,
340 struct bpf_program *program,
341 char *buf, int optimize, bpf_u_int32 mask)
342 {
343 pcap_t *p;
344 int ret;
345
346 p = pcap_open_dead(linktype_arg, snaplen_arg);
347 if (p == NULL)
348 return (-1);
349 ret = pcap_compile(p, program, buf, optimize, mask);
350 pcap_close(p);
351 return (ret);
352 }
353
354 /*
355 * Clean up a "struct bpf_program" by freeing all the memory allocated
356 * in it.
357 */
358 void
359 pcap_freecode(struct bpf_program *program)
360 {
361 program->bf_len = 0;
362 if (program->bf_insns != NULL) {
363 free((char *)program->bf_insns);
364 program->bf_insns = NULL;
365 }
366 }
367
368 /*
369 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates
370 * which of the jt and jf fields has been resolved and which is a pointer
371 * back to another unresolved block (or nil). At least one of the fields
372 * in each block is already resolved.
373 */
374 static void
375 backpatch(list, target)
376 struct block *list, *target;
377 {
378 struct block *next;
379
380 while (list) {
381 if (!list->sense) {
382 next = JT(list);
383 JT(list) = target;
384 } else {
385 next = JF(list);
386 JF(list) = target;
387 }
388 list = next;
389 }
390 }
391
392 /*
393 * Merge the lists in b0 and b1, using the 'sense' field to indicate
394 * which of jt and jf is the link.
395 */
396 static void
397 merge(b0, b1)
398 struct block *b0, *b1;
399 {
400 register struct block **p = &b0;
401
402 /* Find end of list. */
403 while (*p)
404 p = !((*p)->sense) ? &JT(*p) : &JF(*p);
405
406 /* Concatenate the lists. */
407 *p = b1;
408 }
409
410 void
411 finish_parse(p)
412 struct block *p;
413 {
414 backpatch(p, gen_retblk(snaplen));
415 p->sense = !p->sense;
416 backpatch(p, gen_retblk(0));
417 root = p->head;
418 }
419
420 void
421 gen_and(b0, b1)
422 struct block *b0, *b1;
423 {
424 backpatch(b0, b1->head);
425 b0->sense = !b0->sense;
426 b1->sense = !b1->sense;
427 merge(b1, b0);
428 b1->sense = !b1->sense;
429 b1->head = b0->head;
430 }
431
432 void
433 gen_or(b0, b1)
434 struct block *b0, *b1;
435 {
436 b0->sense = !b0->sense;
437 backpatch(b0, b1->head);
438 b0->sense = !b0->sense;
439 merge(b1, b0);
440 b1->head = b0->head;
441 }
442
443 void
444 gen_not(b)
445 struct block *b;
446 {
447 b->sense = !b->sense;
448 }
449
450 static struct block *
451 gen_cmp(offset, size, v)
452 u_int offset, size;
453 bpf_int32 v;
454 {
455 struct slist *s;
456 struct block *b;
457
458 s = new_stmt(BPF_LD|BPF_ABS|size);
459 s->s.k = offset;
460
461 b = new_block(JMP(BPF_JEQ));
462 b->stmts = s;
463 b->s.k = v;
464
465 return b;
466 }
467
468 static struct block *
469 gen_cmp_gt(offset, size, v)
470 u_int offset, size;
471 bpf_int32 v;
472 {
473 struct slist *s;
474 struct block *b;
475
476 s = new_stmt(BPF_LD|BPF_ABS|size);
477 s->s.k = offset;
478
479 b = new_block(JMP(BPF_JGT));
480 b->stmts = s;
481 b->s.k = v;
482
483 return b;
484 }
485
486 static struct block *
487 gen_mcmp(offset, size, v, mask)
488 u_int offset, size;
489 bpf_int32 v;
490 bpf_u_int32 mask;
491 {
492 struct block *b = gen_cmp(offset, size, v);
493 struct slist *s;
494
495 if (mask != 0xffffffff) {
496 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
497 s->s.k = mask;
498 b->stmts->next = s;
499 }
500 return b;
501 }
502
503 static struct block *
504 gen_bcmp(offset, size, v)
505 register u_int offset, size;
506 register const u_char *v;
507 {
508 register struct block *b, *tmp;
509
510 b = NULL;
511 while (size >= 4) {
512 register const u_char *p = &v[size - 4];
513 bpf_int32 w = ((bpf_int32)p[0] << 24) |
514 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3];
515
516 tmp = gen_cmp(offset + size - 4, BPF_W, w);
517 if (b != NULL)
518 gen_and(b, tmp);
519 b = tmp;
520 size -= 4;
521 }
522 while (size >= 2) {
523 register const u_char *p = &v[size - 2];
524 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1];
525
526 tmp = gen_cmp(offset + size - 2, BPF_H, w);
527 if (b != NULL)
528 gen_and(b, tmp);
529 b = tmp;
530 size -= 2;
531 }
532 if (size > 0) {
533 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]);
534 if (b != NULL)
535 gen_and(b, tmp);
536 b = tmp;
537 }
538 return b;
539 }
540
541 /*
542 * Various code constructs need to know the layout of the data link
543 * layer. These variables give the necessary offsets.
544 */
545
546 /*
547 * "off_linktype" is the offset to information in the link-layer header
548 * giving the packet type.
549 *
550 * For Ethernet, it's the offset of the Ethernet type field.
551 *
552 * For link-layer types that always use 802.2 headers, it's the
553 * offset of the LLC header.
554 *
555 * For PPP, it's the offset of the PPP type field.
556 *
557 * For Cisco HDLC, it's the offset of the CHDLC type field.
558 *
559 * For BSD loopback, it's the offset of the AF_ value.
560 *
561 * For Linux cooked sockets, it's the offset of the type field.
562 *
563 * It's set to -1 for no encapsulation, in which case, IP is assumed.
564 */
565 static u_int off_linktype;
566
567 /*
568 * These are offsets to the beginning of the network-layer header.
569 *
570 * If the link layer never uses 802.2 LLC:
571 *
572 * "off_nl" and "off_nl_nosnap" are the same.
573 *
574 * If the link layer always uses 802.2 LLC:
575 *
576 * "off_nl" is the offset if there's a SNAP header following
577 * the 802.2 header;
578 *
579 * "off_nl_nosnap" is the offset if there's no SNAP header.
580 *
581 * If the link layer is Ethernet:
582 *
583 * "off_nl" is the offset if the packet is an Ethernet II packet
584 * (we assume no 802.3+802.2+SNAP);
585 *
586 * "off_nl_nosnap" is the offset if the packet is an 802.3 packet
587 * with an 802.2 header following it.
588 */
589 static u_int off_nl;
590 static u_int off_nl_nosnap;
591
592 static int linktype;
593
594 static void
595 init_linktype(type)
596 int type;
597 {
598 linktype = type;
599
600 orig_linktype = -1;
601 orig_nl = -1;
602 orig_nl_nosnap = -1;
603
604 switch (type) {
605
606 case DLT_ARCNET:
607 off_linktype = 2;
608 off_nl = 6; /* XXX in reality, variable! */
609 off_nl_nosnap = 6; /* no 802.2 LLC */
610 return;
611
612 case DLT_EN10MB:
613 off_linktype = 12;
614 off_nl = 14; /* Ethernet II */
615 off_nl_nosnap = 17; /* 802.3+802.2 */
616 return;
617
618 case DLT_SLIP:
619 /*
620 * SLIP doesn't have a link level type. The 16 byte
621 * header is hacked into our SLIP driver.
622 */
623 off_linktype = -1;
624 off_nl = 16;
625 off_nl_nosnap = 16; /* no 802.2 LLC */
626 return;
627
628 case DLT_SLIP_BSDOS:
629 /* XXX this may be the same as the DLT_PPP_BSDOS case */
630 off_linktype = -1;
631 /* XXX end */
632 off_nl = 24;
633 off_nl_nosnap = 24; /* no 802.2 LLC */
634 return;
635
636 case DLT_NULL:
637 case DLT_LOOP:
638 off_linktype = 0;
639 off_nl = 4;
640 off_nl_nosnap = 4; /* no 802.2 LLC */
641 return;
642
643 case DLT_PPP:
644 case DLT_C_HDLC: /* BSD/OS Cisco HDLC */
645 case DLT_PPP_SERIAL: /* NetBSD sync/async serial PPP */
646 off_linktype = 2;
647 off_nl = 4;
648 off_nl_nosnap = 4; /* no 802.2 LLC */
649 return;
650
651 case DLT_PPP_ETHER:
652 /*
653 * This does no include the Ethernet header, and
654 * only covers session state.
655 */
656 off_linktype = 6;
657 off_nl = 8;
658 off_nl_nosnap = 8; /* no 802.2 LLC */
659 return;
660
661 case DLT_PPP_BSDOS:
662 off_linktype = 5;
663 off_nl = 24;
664 off_nl_nosnap = 24; /* no 802.2 LLC */
665 return;
666
667 case DLT_FDDI:
668 /*
669 * FDDI doesn't really have a link-level type field.
670 * We set "off_linktype" to the offset of the LLC header.
671 *
672 * To check for Ethernet types, we assume that SSAP = SNAP
673 * is being used and pick out the encapsulated Ethernet type.
674 * XXX - should we generate code to check for SNAP?
675 */
676 off_linktype = 13;
677 #ifdef PCAP_FDDIPAD
678 off_linktype += pcap_fddipad;
679 #endif
680 off_nl = 21; /* FDDI+802.2+SNAP */
681 off_nl_nosnap = 16; /* FDDI+802.2 */
682 #ifdef PCAP_FDDIPAD
683 off_nl += pcap_fddipad;
684 off_nl_nosnap += pcap_fddipad;
685 #endif
686 return;
687
688 case DLT_IEEE802:
689 /*
690 * Token Ring doesn't really have a link-level type field.
691 * We set "off_linktype" to the offset of the LLC header.
692 *
693 * To check for Ethernet types, we assume that SSAP = SNAP
694 * is being used and pick out the encapsulated Ethernet type.
695 * XXX - should we generate code to check for SNAP?
696 *
697 * XXX - the header is actually variable-length.
698 * Some various Linux patched versions gave 38
699 * as "off_linktype" and 40 as "off_nl"; however,
700 * if a token ring packet has *no* routing
701 * information, i.e. is not source-routed, the correct
702 * values are 20 and 22, as they are in the vanilla code.
703 *
704 * A packet is source-routed iff the uppermost bit
705 * of the first byte of the source address, at an
706 * offset of 8, has the uppermost bit set. If the
707 * packet is source-routed, the total number of bytes
708 * of routing information is 2 plus bits 0x1F00 of
709 * the 16-bit value at an offset of 14 (shifted right
710 * 8 - figure out which byte that is).
711 */
712 off_linktype = 14;
713 off_nl = 22; /* Token Ring+802.2+SNAP */
714 off_nl_nosnap = 17; /* Token Ring+802.2 */
715 return;
716
717 case DLT_IEEE802_11:
718 /*
719 * 802.11 doesn't really have a link-level type field.
720 * We set "off_linktype" to the offset of the LLC header.
721 *
722 * To check for Ethernet types, we assume that SSAP = SNAP
723 * is being used and pick out the encapsulated Ethernet type.
724 * XXX - should we generate code to check for SNAP?
725 *
726 * XXX - the header is actually variable-length. We
727 * assume a 24-byte link-layer header, as appears in
728 * data frames in networks with no bridges.
729 */
730 off_linktype = 24;
731 off_nl = 32; /* 802.11+802.2+SNAP */
732 off_nl_nosnap = 27; /* 802.22+802.2 */
733 return;
734
735 case DLT_PRISM_HEADER:
736 /*
737 * Same as 802.11, but with an additional header before
738 * the 802.11 header, containing a bunch of additional
739 * information including radio-level information.
740 *
741 * The header is 144 bytes long.
742 *
743 * XXX - same variable-length header problem; at least
744 * the Prism header is fixed-length.
745 */
746 off_linktype = 144+24;
747 off_nl = 144+32; /* Prism+802.11+802.2+SNAP */
748 off_nl_nosnap = 144+27; /* Prism+802.11+802.2 */
749 return;
750
751 case DLT_ATM_RFC1483:
752 case DLT_ATM_CLIP: /* Linux ATM defines this */
753 /*
754 * assume routed, non-ISO PDUs
755 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00)
756 */
757 off_linktype = 0;
758 off_nl = 8; /* 802.2+SNAP */
759 off_nl_nosnap = 3; /* 802.2 */
760 return;
761
762 case DLT_RAW:
763 off_linktype = -1;
764 off_nl = 0;
765 off_nl_nosnap = 0; /* no 802.2 LLC */
766 return;
767
768 case DLT_LINUX_SLL: /* fake header for Linux cooked socket */
769 off_linktype = 14;
770 off_nl = 16;
771 off_nl_nosnap = 16; /* no 802.2 LLC */
772 return;
773
774 case DLT_LTALK:
775 /*
776 * LocalTalk does have a 1-byte type field in the LLAP header,
777 * but really it just indicates whether there is a "short" or
778 * "long" DDP packet following.
779 */
780 off_linktype = -1;
781 off_nl = 0;
782 off_nl_nosnap = 0; /* no 802.2 LLC */
783 return;
784 }
785 bpf_error("unknown data link type %d", linktype);
786 /* NOTREACHED */
787 }
788
789 static struct block *
790 gen_uncond(rsense)
791 int rsense;
792 {
793 struct block *b;
794 struct slist *s;
795
796 s = new_stmt(BPF_LD|BPF_IMM);
797 s->s.k = !rsense;
798 b = new_block(JMP(BPF_JEQ));
799 b->stmts = s;
800
801 return b;
802 }
803
804 static inline struct block *
805 gen_true()
806 {
807 return gen_uncond(1);
808 }
809
810 static inline struct block *
811 gen_false()
812 {
813 return gen_uncond(0);
814 }
815
816 /*
817 * Byte-swap a 32-bit number.
818 * ("htonl()" or "ntohl()" won't work - we want to byte-swap even on
819 * big-endian platforms.)
820 */
821 #define SWAPLONG(y) \
822 ((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff))
823
824 static struct block *
825 gen_linktype(proto)
826 register int proto;
827 {
828 struct block *b0, *b1;
829
830 switch (linktype) {
831
832 case DLT_EN10MB:
833 switch (proto) {
834
835 case LLCSAP_ISONS:
836 /*
837 * OSI protocols always use 802.2 encapsulation.
838 * XXX - should we check both the DSAP and the
839 * SSAP, like this, or should we check just the
840 * DSAP?
841 */
842 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
843 gen_not(b0);
844 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
845 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
846 gen_and(b0, b1);
847 return b1;
848
849 case LLCSAP_NETBEUI:
850 /*
851 * NetBEUI always uses 802.2 encapsulation.
852 * XXX - should we check both the DSAP and the
853 * SSAP, like this, or should we check just the
854 * DSAP?
855 */
856 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
857 gen_not(b0);
858 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
859 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
860 gen_and(b0, b1);
861 return b1;
862
863 case LLCSAP_IPX:
864 /*
865 * Check for;
866 *
867 * Ethernet_II frames, which are Ethernet
868 * frames with a frame type of ETHERTYPE_IPX;
869 *
870 * Ethernet_802.3 frames, which are 802.3
871 * frames (i.e., the type/length field is
872 * a length field, <= ETHERMTU, rather than
873 * a type field) with the first two bytes
874 * after the Ethernet/802.3 header being
875 * 0xFFFF;
876 *
877 * Ethernet_802.2 frames, which are 802.3
878 * frames with an 802.2 LLC header and
879 * with the IPX LSAP as the DSAP in the LLC
880 * header;
881 *
882 * Ethernet_SNAP frames, which are 802.3
883 * frames with an LLC header and a SNAP
884 * header and with an OUI of 0x000000
885 * (encapsulated Ethernet) and a protocol
886 * ID of ETHERTYPE_IPX in the SNAP header.
887 *
888 * XXX - should we generate the same code both
889 * for tests for LLCSAP_IPX and for ETHERTYPE_IPX?
890 */
891
892 /*
893 * This generates code to check both for the
894 * IPX LSAP (Ethernet_802.2) and for Ethernet_802.3.
895 */
896 b0 = gen_cmp(off_linktype + 2, BPF_B,
897 (bpf_int32)LLCSAP_IPX);
898 b1 = gen_cmp(off_linktype + 2, BPF_H,
899 (bpf_int32)0xFFFF);
900 gen_or(b0, b1);
901
902 /*
903 * Now we add code to check for SNAP frames with
904 * ETHERTYPE_IPX, i.e. Ethernet_SNAP.
905 */
906 b0 = gen_snap(0x000000, ETHERTYPE_IPX, 14);
907 gen_or(b0, b1);
908
909 /*
910 * Now we generate code to check for 802.3
911 * frames in general.
912 */
913 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
914 gen_not(b0);
915
916 /*
917 * Now add the check for 802.3 frames before the
918 * check for Ethernet_802.2 and Ethernet_802.3,
919 * as those checks should only be done on 802.3
920 * frames, not on Ethernet frames.
921 */
922 gen_and(b0, b1);
923
924 /*
925 * Now add the check for Ethernet_II frames, and
926 * do that before checking for the other frame
927 * types.
928 */
929 b0 = gen_cmp(off_linktype, BPF_H,
930 (bpf_int32)ETHERTYPE_IPX);
931 gen_or(b0, b1);
932 return b1;
933
934 case ETHERTYPE_ATALK:
935 case ETHERTYPE_AARP:
936 /*
937 * EtherTalk (AppleTalk protocols on Ethernet link
938 * layer) may use 802.2 encapsulation.
939 */
940
941 /*
942 * Check for 802.2 encapsulation (EtherTalk phase 2?);
943 * we check for an Ethernet type field less than
944 * 1500, which means it's an 802.3 length field.
945 */
946 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
947 gen_not(b0);
948
949 /*
950 * 802.2-encapsulated ETHERTYPE_ATALK packets are
951 * SNAP packets with an organization code of
952 * 0x080007 (Apple, for Appletalk) and a protocol
953 * type of ETHERTYPE_ATALK (Appletalk).
954 *
955 * 802.2-encapsulated ETHERTYPE_AARP packets are
956 * SNAP packets with an organization code of
957 * 0x000000 (encapsulated Ethernet) and a protocol
958 * type of ETHERTYPE_AARP (Appletalk ARP).
959 */
960 if (proto == ETHERTYPE_ATALK)
961 b1 = gen_snap(0x080007, ETHERTYPE_ATALK, 14);
962 else /* proto == ETHERTYPE_AARP */
963 b1 = gen_snap(0x000000, ETHERTYPE_AARP, 14);
964 gen_and(b0, b1);
965
966 /*
967 * Check for Ethernet encapsulation (Ethertalk
968 * phase 1?); we just check for the Ethernet
969 * protocol type.
970 */
971 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
972
973 gen_or(b0, b1);
974 return b1;
975
976 default:
977 if (proto <= ETHERMTU) {
978 /*
979 * This is an LLC SAP value, so the frames
980 * that match would be 802.2 frames.
981 * Check that the frame is an 802.2 frame
982 * (i.e., that the length/type field is
983 * a length field, <= ETHERMTU) and
984 * then check the DSAP.
985 */
986 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
987 gen_not(b0);
988 b1 = gen_cmp(off_linktype + 2, BPF_B,
989 (bpf_int32)proto);
990 gen_and(b0, b1);
991 return b1;
992 } else {
993 /*
994 * This is an Ethernet type, so compare
995 * the length/type field with it (if
996 * the frame is an 802.2 frame, the length
997 * field will be <= ETHERMTU, and, as
998 * "proto" is > ETHERMTU, this test
999 * will fail and the frame won't match,
1000 * which is what we want).
1001 */
1002 return gen_cmp(off_linktype, BPF_H,
1003 (bpf_int32)proto);
1004 }
1005 }
1006 break;
1007
1008 case DLT_IEEE802_11:
1009 case DLT_PRISM_HEADER:
1010 case DLT_FDDI:
1011 case DLT_IEEE802:
1012 case DLT_ATM_RFC1483:
1013 case DLT_ATM_CLIP:
1014 /*
1015 * XXX - handle token-ring variable-length header.
1016 */
1017 switch (proto) {
1018
1019 case LLCSAP_ISONS:
1020 return gen_cmp(off_linktype, BPF_H, (long)
1021 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
1022
1023 case LLCSAP_NETBEUI:
1024 return gen_cmp(off_linktype, BPF_H, (long)
1025 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
1026
1027 case LLCSAP_IPX:
1028 /*
1029 * XXX - are there ever SNAP frames for IPX on
1030 * non-Ethernet 802.x networks?
1031 */
1032 return gen_cmp(off_linktype, BPF_B,
1033 (bpf_int32)LLCSAP_IPX);
1034
1035 case ETHERTYPE_ATALK:
1036 /*
1037 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1038 * SNAP packets with an organization code of
1039 * 0x080007 (Apple, for Appletalk) and a protocol
1040 * type of ETHERTYPE_ATALK (Appletalk).
1041 *
1042 * XXX - check for an organization code of
1043 * encapsulated Ethernet as well?
1044 */
1045 return gen_snap(0x080007, ETHERTYPE_ATALK,
1046 off_linktype);
1047 break;
1048
1049 default:
1050 /*
1051 * XXX - we don't have to check for IPX 802.3
1052 * here, but should we check for the IPX Ethertype?
1053 */
1054 if (proto <= ETHERMTU) {
1055 /*
1056 * This is an LLC SAP value, so check
1057 * the DSAP.
1058 */
1059 return gen_cmp(off_linktype, BPF_B,
1060 (bpf_int32)proto);
1061 } else {
1062 /*
1063 * This is an Ethernet type; we assume
1064 * that it's unlikely that it'll
1065 * appear in the right place at random,
1066 * and therefore check only the
1067 * location that would hold the Ethernet
1068 * type in a SNAP frame with an organization
1069 * code of 0x000000 (encapsulated Ethernet).
1070 *
1071 * XXX - if we were to check for the SNAP DSAP
1072 * and LSAP, as per XXX, and were also to check
1073 * for an organization code of 0x000000
1074 * (encapsulated Ethernet), we'd do
1075 *
1076 * return gen_snap(0x000000, proto,
1077 * off_linktype);
1078 *
1079 * here; for now, we don't, as per the above.
1080 * I don't know whether it's worth the
1081 * extra CPU time to do the right check
1082 * or not.
1083 */
1084 return gen_cmp(off_linktype+6, BPF_H,
1085 (bpf_int32)proto);
1086 }
1087 }
1088 break;
1089
1090 case DLT_LINUX_SLL:
1091 switch (proto) {
1092
1093 case LLCSAP_ISONS:
1094 /*
1095 * OSI protocols always use 802.2 encapsulation.
1096 * XXX - should we check both the DSAP and the
1097 * LSAP, like this, or should we check just the
1098 * DSAP?
1099 */
1100 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1101 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1102 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
1103 gen_and(b0, b1);
1104 return b1;
1105
1106 case LLCSAP_NETBEUI:
1107 /*
1108 * NetBEUI always uses 802.2 encapsulation.
1109 * XXX - should we check both the DSAP and the
1110 * LSAP, like this, or should we check just the
1111 * DSAP?
1112 */
1113 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1114 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1115 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
1116 gen_and(b0, b1);
1117 return b1;
1118
1119 case LLCSAP_IPX:
1120 /*
1121 * Ethernet_II frames, which are Ethernet
1122 * frames with a frame type of ETHERTYPE_IPX;
1123 *
1124 * Ethernet_802.3 frames, which have a frame
1125 * type of LINUX_SLL_P_802_3;
1126 *
1127 * Ethernet_802.2 frames, which are 802.3
1128 * frames with an 802.2 LLC header (i.e, have
1129 * a frame type of LINUX_SLL_P_802_2) and
1130 * with the IPX LSAP as the DSAP in the LLC
1131 * header;
1132 *
1133 * Ethernet_SNAP frames, which are 802.3
1134 * frames with an LLC header and a SNAP
1135 * header and with an OUI of 0x000000
1136 * (encapsulated Ethernet) and a protocol
1137 * ID of ETHERTYPE_IPX in the SNAP header.
1138 *
1139 * First, do the checks on LINUX_SLL_P_802_2
1140 * frames; generate the check for either
1141 * Ethernet_802.2 or Ethernet_SNAP frames, and
1142 * then put a check for LINUX_SLL_P_802_2 frames
1143 * before it.
1144 */
1145 b0 = gen_cmp(off_linktype + 2, BPF_B,
1146 (bpf_int32)LLCSAP_IPX);
1147 b1 = gen_snap(0x000000, ETHERTYPE_IPX,
1148 off_linktype + 2);
1149 gen_or(b0, b1);
1150 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1151 gen_and(b0, b1);
1152
1153 /*
1154 * Now check for 802.3 frames and OR that with
1155 * the previous test.
1156 */
1157 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_3);
1158 gen_or(b0, b1);
1159
1160 /*
1161 * Now add the check for Ethernet_II frames, and
1162 * do that before checking for the other frame
1163 * types.
1164 */
1165 b0 = gen_cmp(off_linktype, BPF_H,
1166 (bpf_int32)ETHERTYPE_IPX);
1167 gen_or(b0, b1);
1168 return b1;
1169
1170 case ETHERTYPE_ATALK:
1171 case ETHERTYPE_AARP:
1172 /*
1173 * EtherTalk (AppleTalk protocols on Ethernet link
1174 * layer) may use 802.2 encapsulation.
1175 */
1176
1177 /*
1178 * Check for 802.2 encapsulation (EtherTalk phase 2?);
1179 * we check for the 802.2 protocol type in the
1180 * "Ethernet type" field.
1181 */
1182 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1183
1184 /*
1185 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1186 * SNAP packets with an organization code of
1187 * 0x080007 (Apple, for Appletalk) and a protocol
1188 * type of ETHERTYPE_ATALK (Appletalk).
1189 *
1190 * 802.2-encapsulated ETHERTYPE_AARP packets are
1191 * SNAP packets with an organization code of
1192 * 0x000000 (encapsulated Ethernet) and a protocol
1193 * type of ETHERTYPE_AARP (Appletalk ARP).
1194 */
1195 if (proto == ETHERTYPE_ATALK)
1196 b1 = gen_snap(0x080007, ETHERTYPE_ATALK,
1197 off_linktype + 2);
1198 else /* proto == ETHERTYPE_AARP */
1199 b1 = gen_snap(0x000000, ETHERTYPE_AARP,
1200 off_linktype + 2);
1201 gen_and(b0, b1);
1202
1203 /*
1204 * Check for Ethernet encapsulation (Ethertalk
1205 * phase 1?); we just check for the Ethernet
1206 * protocol type.
1207 */
1208 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1209
1210 gen_or(b0, b1);
1211 return b1;
1212
1213 default:
1214 if (proto <= ETHERMTU) {
1215 /*
1216 * This is an LLC SAP value, so the frames
1217 * that match would be 802.2 frames.
1218 * Check for the 802.2 protocol type
1219 * in the "Ethernet type" field, and
1220 * then check the DSAP.
1221 */
1222 b0 = gen_cmp(off_linktype, BPF_H,
1223 LINUX_SLL_P_802_2);
1224 b1 = gen_cmp(off_linktype + 2, BPF_B,
1225 (bpf_int32)proto);
1226 gen_and(b0, b1);
1227 return b1;
1228 } else {
1229 /*
1230 * This is an Ethernet type, so compare
1231 * the length/type field with it (if
1232 * the frame is an 802.2 frame, the length
1233 * field will be <= ETHERMTU, and, as
1234 * "proto" is > ETHERMTU, this test
1235 * will fail and the frame won't match,
1236 * which is what we want).
1237 */
1238 return gen_cmp(off_linktype, BPF_H,
1239 (bpf_int32)proto);
1240 }
1241 }
1242 break;
1243
1244 case DLT_SLIP:
1245 case DLT_SLIP_BSDOS:
1246 case DLT_RAW:
1247 /*
1248 * These types don't provide any type field; packets
1249 * are always IP.
1250 *
1251 * XXX - for IPv4, check for a version number of 4, and,
1252 * for IPv6, check for a version number of 6?
1253 */
1254 switch (proto) {
1255
1256 case ETHERTYPE_IP:
1257 #ifdef INET6
1258 case ETHERTYPE_IPV6:
1259 #endif
1260 return gen_true(); /* always true */
1261
1262 default:
1263 return gen_false(); /* always false */
1264 }
1265 break;
1266
1267 case DLT_PPP:
1268 case DLT_PPP_SERIAL:
1269 case DLT_PPP_ETHER:
1270 /*
1271 * We use Ethernet protocol types inside libpcap;
1272 * map them to the corresponding PPP protocol types.
1273 */
1274 switch (proto) {
1275
1276 case ETHERTYPE_IP:
1277 proto = PPP_IP; /* XXX was 0x21 */
1278 break;
1279
1280 #ifdef INET6
1281 case ETHERTYPE_IPV6:
1282 proto = PPP_IPV6;
1283 break;
1284 #endif
1285
1286 case ETHERTYPE_DN:
1287 proto = PPP_DECNET;
1288 break;
1289
1290 case ETHERTYPE_ATALK:
1291 proto = PPP_APPLE;
1292 break;
1293
1294 case ETHERTYPE_NS:
1295 proto = PPP_NS;
1296 break;
1297
1298 case LLCSAP_ISONS:
1299 proto = PPP_OSI;
1300 break;
1301
1302 case LLCSAP_8021D:
1303 /*
1304 * I'm assuming the "Bridging PDU"s that go
1305 * over PPP are Spanning Tree Protocol
1306 * Bridging PDUs.
1307 */
1308 proto = PPP_BRPDU;
1309 break;
1310
1311 case LLCSAP_IPX:
1312 proto = PPP_IPX;
1313 break;
1314 }
1315 break;
1316
1317 case DLT_PPP_BSDOS:
1318 /*
1319 * We use Ethernet protocol types inside libpcap;
1320 * map them to the corresponding PPP protocol types.
1321 */
1322 switch (proto) {
1323
1324 case ETHERTYPE_IP:
1325 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP);
1326 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC);
1327 gen_or(b0, b1);
1328 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC);
1329 gen_or(b1, b0);
1330 return b0;
1331
1332 #ifdef INET6
1333 case ETHERTYPE_IPV6:
1334 proto = PPP_IPV6;
1335 /* more to go? */
1336 break;
1337 #endif
1338
1339 case ETHERTYPE_DN:
1340 proto = PPP_DECNET;
1341 break;
1342
1343 case ETHERTYPE_ATALK:
1344 proto = PPP_APPLE;
1345 break;
1346
1347 case ETHERTYPE_NS:
1348 proto = PPP_NS;
1349 break;
1350
1351 case LLCSAP_ISONS:
1352 proto = PPP_OSI;
1353 break;
1354
1355 case LLCSAP_8021D:
1356 /*
1357 * I'm assuming the "Bridging PDU"s that go
1358 * over PPP are Spanning Tree Protocol
1359 * Bridging PDUs.
1360 */
1361 proto = PPP_BRPDU;
1362 break;
1363
1364 case LLCSAP_IPX:
1365 proto = PPP_IPX;
1366 break;
1367 }
1368 break;
1369
1370 case DLT_NULL:
1371 case DLT_LOOP:
1372 /*
1373 * For DLT_NULL, the link-layer header is a 32-bit
1374 * word containing an AF_ value in *host* byte order.
1375 *
1376 * In addition, if we're reading a saved capture file,
1377 * the host byte order in the capture may not be the
1378 * same as the host byte order on this machine.
1379 *
1380 * For DLT_LOOP, the link-layer header is a 32-bit
1381 * word containing an AF_ value in *network* byte order.
1382 *
1383 * XXX - AF_ values may, unfortunately, be platform-
1384 * dependent; for example, FreeBSD's AF_INET6 is 24
1385 * whilst NetBSD's and OpenBSD's is 26.
1386 *
1387 * This means that, when reading a capture file, just
1388 * checking for our AF_INET6 value won't work if the
1389 * capture file came from another OS.
1390 */
1391 switch (proto) {
1392
1393 case ETHERTYPE_IP:
1394 proto = AF_INET;
1395 break;
1396
1397 #ifdef INET6
1398 case ETHERTYPE_IPV6:
1399 proto = AF_INET6;
1400 break;
1401 #endif
1402
1403 default:
1404 /*
1405 * Not a type on which we support filtering.
1406 * XXX - support those that have AF_ values
1407 * #defined on this platform, at least?
1408 */
1409 return gen_false();
1410 }
1411
1412 if (linktype == DLT_NULL) {
1413 /*
1414 * The AF_ value is in host byte order, but
1415 * the BPF interpreter will convert it to
1416 * network byte order.
1417 *
1418 * If this is a save file, and it's from a
1419 * machine with the opposite byte order to
1420 * ours, we byte-swap the AF_ value.
1421 *
1422 * Then we run it through "htonl()", and
1423 * generate code to compare against the result.
1424 */
1425 if (bpf_pcap->sf.rfile != NULL &&
1426 bpf_pcap->sf.swapped)
1427 proto = SWAPLONG(proto);
1428 proto = htonl(proto);
1429 }
1430 return (gen_cmp(0, BPF_W, (bpf_int32)proto));
1431
1432 case DLT_ARCNET:
1433 /*
1434 * XXX should we check for first fragment if the protocol
1435 * uses PHDS?
1436 */
1437 switch(proto) {
1438 default:
1439 return gen_false();
1440 #ifdef INET6
1441 case ETHERTYPE_IPV6:
1442 return(gen_cmp(2, BPF_B,
1443 (bpf_int32)htonl(ARCTYPE_INET6)));
1444 #endif /* INET6 */
1445 case ETHERTYPE_IP:
1446 b0 = gen_cmp(2, BPF_B, (bpf_int32)htonl(ARCTYPE_IP));
1447 b1 = gen_cmp(2, BPF_B,
1448 (bpf_int32)htonl(ARCTYPE_IP_OLD));
1449 gen_or(b0, b1);
1450 return(b1);
1451 case ETHERTYPE_ARP:
1452 b0 = gen_cmp(2, BPF_B, (bpf_int32)htonl(ARCTYPE_ARP));
1453 b1 = gen_cmp(2, BPF_B,
1454 (bpf_int32)htonl(ARCTYPE_ARP_OLD));
1455 gen_or(b0, b1);
1456 return(b1);
1457 case ETHERTYPE_REVARP:
1458 return(gen_cmp(2, BPF_B,
1459 (bpf_int32)htonl(ARCTYPE_REVARP)));
1460 case ETHERTYPE_ATALK:
1461 return(gen_cmp(2, BPF_B,
1462 (bpf_int32)htonl(ARCTYPE_ATALK)));
1463 }
1464 break;
1465
1466 case DLT_LTALK:
1467 switch (proto) {
1468 case ETHERTYPE_ATALK:
1469 return gen_true();
1470 default:
1471 return gen_false();
1472 }
1473 break;
1474 }
1475
1476 /*
1477 * All the types that have no encapsulation should either be
1478 * handled as DLT_SLIP, DLT_SLIP_BSDOS, and DLT_RAW are, if
1479 * all packets are IP packets, or should be handled in some
1480 * special case, if none of them are (if some are and some
1481 * aren't, the lack of encapsulation is a problem, as we'd
1482 * have to find some other way of determining the packet type).
1483 *
1484 * Therefore, if "off_linktype" is -1, there's an error.
1485 */
1486 if (off_linktype == -1)
1487 abort();
1488
1489 /*
1490 * Any type not handled above should always have an Ethernet
1491 * type at an offset of "off_linktype". (PPP is partially
1492 * handled above - the protocol type is mapped from the
1493 * Ethernet and LLC types we use internally to the corresponding
1494 * PPP type - but the PPP type is always specified by a value
1495 * at "off_linktype", so we don't have to do the code generation
1496 * above.)
1497 */
1498 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1499 }
1500
1501 /*
1502 * Check for an LLC SNAP packet with a given organization code and
1503 * protocol type; we check the entire contents of the 802.2 LLC and
1504 * snap headers, checking for DSAP and SSAP of SNAP and a control
1505 * field of 0x03 in the LLC header, and for the specified organization
1506 * code and protocol type in the SNAP header.
1507 */
1508 static struct block *
1509 gen_snap(orgcode, ptype, offset)
1510 bpf_u_int32 orgcode;
1511 bpf_u_int32 ptype;
1512 u_int offset;
1513 {
1514 u_char snapblock[8];
1515
1516 snapblock[0] = LLCSAP_SNAP; /* DSAP = SNAP */
1517 snapblock[1] = LLCSAP_SNAP; /* SSAP = SNAP */
1518 snapblock[2] = 0x03; /* control = UI */
1519 snapblock[3] = (orgcode >> 16); /* upper 8 bits of organization code */
1520 snapblock[4] = (orgcode >> 8); /* middle 8 bits of organization code */
1521 snapblock[5] = (orgcode >> 0); /* lower 8 bits of organization code */
1522 snapblock[6] = (ptype >> 8); /* upper 8 bits of protocol type */
1523 snapblock[7] = (ptype >> 0); /* lower 8 bits of protocol type */
1524 return gen_bcmp(offset, 8, snapblock);
1525 }
1526
1527 static struct block *
1528 gen_hostop(addr, mask, dir, proto, src_off, dst_off)
1529 bpf_u_int32 addr;
1530 bpf_u_int32 mask;
1531 int dir, proto;
1532 u_int src_off, dst_off;
1533 {
1534 struct block *b0, *b1;
1535 u_int offset;
1536
1537 switch (dir) {
1538
1539 case Q_SRC:
1540 offset = src_off;
1541 break;
1542
1543 case Q_DST:
1544 offset = dst_off;
1545 break;
1546
1547 case Q_AND:
1548 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
1549 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
1550 gen_and(b0, b1);
1551 return b1;
1552
1553 case Q_OR:
1554 case Q_DEFAULT:
1555 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
1556 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
1557 gen_or(b0, b1);
1558 return b1;
1559
1560 default:
1561 abort();
1562 }
1563 b0 = gen_linktype(proto);
1564 b1 = gen_mcmp(offset, BPF_W, (bpf_int32)addr, mask);
1565 gen_and(b0, b1);
1566 return b1;
1567 }
1568
1569 #ifdef INET6
1570 static struct block *
1571 gen_hostop6(addr, mask, dir, proto, src_off, dst_off)
1572 struct in6_addr *addr;
1573 struct in6_addr *mask;
1574 int dir, proto;
1575 u_int src_off, dst_off;
1576 {
1577 struct block *b0, *b1;
1578 u_int offset;
1579 u_int32_t *a, *m;
1580
1581 switch (dir) {
1582
1583 case Q_SRC:
1584 offset = src_off;
1585 break;
1586
1587 case Q_DST:
1588 offset = dst_off;
1589 break;
1590
1591 case Q_AND:
1592 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
1593 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
1594 gen_and(b0, b1);
1595 return b1;
1596
1597 case Q_OR:
1598 case Q_DEFAULT:
1599 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
1600 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
1601 gen_or(b0, b1);
1602 return b1;
1603
1604 default:
1605 abort();
1606 }
1607 /* this order is important */
1608 a = (u_int32_t *)addr;
1609 m = (u_int32_t *)mask;
1610 b1 = gen_mcmp(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3]));
1611 b0 = gen_mcmp(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2]));
1612 gen_and(b0, b1);
1613 b0 = gen_mcmp(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1]));
1614 gen_and(b0, b1);
1615 b0 = gen_mcmp(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0]));
1616 gen_and(b0, b1);
1617 b0 = gen_linktype(proto);
1618 gen_and(b0, b1);
1619 return b1;
1620 }
1621 #endif /*INET6*/
1622
1623 static struct block *
1624 gen_ehostop(eaddr, dir)
1625 register const u_char *eaddr;
1626 register int dir;
1627 {
1628 register struct block *b0, *b1;
1629
1630 switch (dir) {
1631 case Q_SRC:
1632 return gen_bcmp(6, 6, eaddr);
1633
1634 case Q_DST:
1635 return gen_bcmp(0, 6, eaddr);
1636
1637 case Q_AND:
1638 b0 = gen_ehostop(eaddr, Q_SRC);
1639 b1 = gen_ehostop(eaddr, Q_DST);
1640 gen_and(b0, b1);
1641 return b1;
1642
1643 case Q_DEFAULT:
1644 case Q_OR:
1645 b0 = gen_ehostop(eaddr, Q_SRC);
1646 b1 = gen_ehostop(eaddr, Q_DST);
1647 gen_or(b0, b1);
1648 return b1;
1649 }
1650 abort();
1651 /* NOTREACHED */
1652 }
1653
1654 /*
1655 * Like gen_ehostop, but for DLT_FDDI
1656 */
1657 static struct block *
1658 gen_fhostop(eaddr, dir)
1659 register const u_char *eaddr;
1660 register int dir;
1661 {
1662 struct block *b0, *b1;
1663
1664 switch (dir) {
1665 case Q_SRC:
1666 #ifdef PCAP_FDDIPAD
1667 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr);
1668 #else
1669 return gen_bcmp(6 + 1, 6, eaddr);
1670 #endif
1671
1672 case Q_DST:
1673 #ifdef PCAP_FDDIPAD
1674 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr);
1675 #else
1676 return gen_bcmp(0 + 1, 6, eaddr);
1677 #endif
1678
1679 case Q_AND:
1680 b0 = gen_fhostop(eaddr, Q_SRC);
1681 b1 = gen_fhostop(eaddr, Q_DST);
1682 gen_and(b0, b1);
1683 return b1;
1684
1685 case Q_DEFAULT:
1686 case Q_OR:
1687 b0 = gen_fhostop(eaddr, Q_SRC);
1688 b1 = gen_fhostop(eaddr, Q_DST);
1689 gen_or(b0, b1);
1690 return b1;
1691 }
1692 abort();
1693 /* NOTREACHED */
1694 }
1695
1696 /*
1697 * Like gen_ehostop, but for DLT_IEEE802 (Token Ring)
1698 */
1699 static struct block *
1700 gen_thostop(eaddr, dir)
1701 register const u_char *eaddr;
1702 register int dir;
1703 {
1704 register struct block *b0, *b1;
1705
1706 switch (dir) {
1707 case Q_SRC:
1708 return gen_bcmp(8, 6, eaddr);
1709
1710 case Q_DST:
1711 return gen_bcmp(2, 6, eaddr);
1712
1713 case Q_AND:
1714 b0 = gen_thostop(eaddr, Q_SRC);
1715 b1 = gen_thostop(eaddr, Q_DST);
1716 gen_and(b0, b1);
1717 return b1;
1718
1719 case Q_DEFAULT:
1720 case Q_OR:
1721 b0 = gen_thostop(eaddr, Q_SRC);
1722 b1 = gen_thostop(eaddr, Q_DST);
1723 gen_or(b0, b1);
1724 return b1;
1725 }
1726 abort();
1727 /* NOTREACHED */
1728 }
1729
1730 /*
1731 * This is quite tricky because there may be pad bytes in front of the
1732 * DECNET header, and then there are two possible data packet formats that
1733 * carry both src and dst addresses, plus 5 packet types in a format that
1734 * carries only the src node, plus 2 types that use a different format and
1735 * also carry just the src node.
1736 *
1737 * Yuck.
1738 *
1739 * Instead of doing those all right, we just look for data packets with
1740 * 0 or 1 bytes of padding. If you want to look at other packets, that
1741 * will require a lot more hacking.
1742 *
1743 * To add support for filtering on DECNET "areas" (network numbers)
1744 * one would want to add a "mask" argument to this routine. That would
1745 * make the filter even more inefficient, although one could be clever
1746 * and not generate masking instructions if the mask is 0xFFFF.
1747 */
1748 static struct block *
1749 gen_dnhostop(addr, dir, base_off)
1750 bpf_u_int32 addr;
1751 int dir;
1752 u_int base_off;
1753 {
1754 struct block *b0, *b1, *b2, *tmp;
1755 u_int offset_lh; /* offset if long header is received */
1756 u_int offset_sh; /* offset if short header is received */
1757
1758 switch (dir) {
1759
1760 case Q_DST:
1761 offset_sh = 1; /* follows flags */
1762 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */
1763 break;
1764
1765 case Q_SRC:
1766 offset_sh = 3; /* follows flags, dstnode */
1767 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */
1768 break;
1769
1770 case Q_AND:
1771 /* Inefficient because we do our Calvinball dance twice */
1772 b0 = gen_dnhostop(addr, Q_SRC, base_off);
1773 b1 = gen_dnhostop(addr, Q_DST, base_off);
1774 gen_and(b0, b1);
1775 return b1;
1776
1777 case Q_OR:
1778 case Q_DEFAULT:
1779 /* Inefficient because we do our Calvinball dance twice */
1780 b0 = gen_dnhostop(addr, Q_SRC, base_off);
1781 b1 = gen_dnhostop(addr, Q_DST, base_off);
1782 gen_or(b0, b1);
1783 return b1;
1784
1785 case Q_ISO:
1786 bpf_error("ISO host filtering not implemented");
1787
1788 default:
1789 abort();
1790 }
1791 b0 = gen_linktype(ETHERTYPE_DN);
1792 /* Check for pad = 1, long header case */
1793 tmp = gen_mcmp(base_off + 2, BPF_H,
1794 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF));
1795 b1 = gen_cmp(base_off + 2 + 1 + offset_lh,
1796 BPF_H, (bpf_int32)ntohs(addr));
1797 gen_and(tmp, b1);
1798 /* Check for pad = 0, long header case */
1799 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7);
1800 b2 = gen_cmp(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr));
1801 gen_and(tmp, b2);
1802 gen_or(b2, b1);
1803 /* Check for pad = 1, short header case */
1804 tmp = gen_mcmp(base_off + 2, BPF_H,
1805 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF));
1806 b2 = gen_cmp(base_off + 2 + 1 + offset_sh,
1807 BPF_H, (bpf_int32)ntohs(addr));
1808 gen_and(tmp, b2);
1809 gen_or(b2, b1);
1810 /* Check for pad = 0, short header case */
1811 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7);
1812 b2 = gen_cmp(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr));
1813 gen_and(tmp, b2);
1814 gen_or(b2, b1);
1815
1816 /* Combine with test for linktype */
1817 gen_and(b0, b1);
1818 return b1;
1819 }
1820
1821 static struct block *
1822 gen_host(addr, mask, proto, dir)
1823 bpf_u_int32 addr;
1824 bpf_u_int32 mask;
1825 int proto;
1826 int dir;
1827 {
1828 struct block *b0, *b1;
1829
1830 switch (proto) {
1831
1832 case Q_DEFAULT:
1833 b0 = gen_host(addr, mask, Q_IP, dir);
1834 if (off_linktype != -1) {
1835 b1 = gen_host(addr, mask, Q_ARP, dir);
1836 gen_or(b0, b1);
1837 b0 = gen_host(addr, mask, Q_RARP, dir);
1838 gen_or(b1, b0);
1839 }
1840 return b0;
1841
1842 case Q_IP:
1843 return gen_hostop(addr, mask, dir, ETHERTYPE_IP,
1844 off_nl + 12, off_nl + 16);
1845
1846 case Q_RARP:
1847 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP,
1848 off_nl + 14, off_nl + 24);
1849
1850 case Q_ARP:
1851 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP,
1852 off_nl + 14, off_nl + 24);
1853
1854 case Q_TCP:
1855 bpf_error("'tcp' modifier applied to host");
1856
1857 case Q_SCTP:
1858 bpf_error("'sctp' modifier applied to host");
1859
1860 case Q_UDP:
1861 bpf_error("'udp' modifier applied to host");
1862
1863 case Q_ICMP:
1864 bpf_error("'icmp' modifier applied to host");
1865
1866 case Q_IGMP:
1867 bpf_error("'igmp' modifier applied to host");
1868
1869 case Q_IGRP:
1870 bpf_error("'igrp' modifier applied to host");
1871
1872 case Q_PIM:
1873 bpf_error("'pim' modifier applied to host");
1874
1875 case Q_VRRP:
1876 bpf_error("'vrrp' modifier applied to host");
1877
1878 case Q_ATALK:
1879 bpf_error("ATALK host filtering not implemented");
1880
1881 case Q_AARP:
1882 bpf_error("AARP host filtering not implemented");
1883
1884 case Q_DECNET:
1885 return gen_dnhostop(addr, dir, off_nl);
1886
1887 case Q_SCA:
1888 bpf_error("SCA host filtering not implemented");
1889
1890 case Q_LAT:
1891 bpf_error("LAT host filtering not implemented");
1892
1893 case Q_MOPDL:
1894 bpf_error("MOPDL host filtering not implemented");
1895
1896 case Q_MOPRC:
1897 bpf_error("MOPRC host filtering not implemented");
1898
1899 #ifdef INET6
1900 case Q_IPV6:
1901 bpf_error("'ip6' modifier applied to ip host");
1902
1903 case Q_ICMPV6:
1904 bpf_error("'icmp6' modifier applied to host");
1905 #endif /* INET6 */
1906
1907 case Q_AH:
1908 bpf_error("'ah' modifier applied to host");
1909
1910 case Q_ESP:
1911 bpf_error("'esp' modifier applied to host");
1912
1913 case Q_ISO:
1914 bpf_error("ISO host filtering not implemented");
1915
1916 case Q_ESIS:
1917 bpf_error("'esis' modifier applied to host");
1918
1919 case Q_ISIS:
1920 bpf_error("'isis' modifier applied to host");
1921
1922 case Q_CLNP:
1923 bpf_error("'clnp' modifier applied to host");
1924
1925 case Q_STP:
1926 bpf_error("'stp' modifier applied to host");
1927
1928 case Q_IPX:
1929 bpf_error("IPX host filtering not implemented");
1930
1931 case Q_NETBEUI:
1932 bpf_error("'netbeui' modifier applied to host");
1933
1934 default:
1935 abort();
1936 }
1937 /* NOTREACHED */
1938 }
1939
1940 #ifdef INET6
1941 static struct block *
1942 gen_host6(addr, mask, proto, dir)
1943 struct in6_addr *addr;
1944 struct in6_addr *mask;
1945 int proto;
1946 int dir;
1947 {
1948 switch (proto) {
1949
1950 case Q_DEFAULT:
1951 return gen_host6(addr, mask, Q_IPV6, dir);
1952
1953 case Q_IP:
1954 bpf_error("'ip' modifier applied to ip6 host");
1955
1956 case Q_RARP:
1957 bpf_error("'rarp' modifier applied to ip6 host");
1958
1959 case Q_ARP:
1960 bpf_error("'arp' modifier applied to ip6 host");
1961
1962 case Q_SCTP:
1963 bpf_error("'sctp' modifier applied to host");
1964
1965 case Q_TCP:
1966 bpf_error("'tcp' modifier applied to host");
1967
1968 case Q_UDP:
1969 bpf_error("'udp' modifier applied to host");
1970
1971 case Q_ICMP:
1972 bpf_error("'icmp' modifier applied to host");
1973
1974 case Q_IGMP:
1975 bpf_error("'igmp' modifier applied to host");
1976
1977 case Q_IGRP:
1978 bpf_error("'igrp' modifier applied to host");
1979
1980 case Q_PIM:
1981 bpf_error("'pim' modifier applied to host");
1982
1983 case Q_VRRP:
1984 bpf_error("'vrrp' modifier applied to host");
1985
1986 case Q_ATALK:
1987 bpf_error("ATALK host filtering not implemented");
1988
1989 case Q_AARP:
1990 bpf_error("AARP host filtering not implemented");
1991
1992 case Q_DECNET:
1993 bpf_error("'decnet' modifier applied to ip6 host");
1994
1995 case Q_SCA:
1996 bpf_error("SCA host filtering not implemented");
1997
1998 case Q_LAT:
1999 bpf_error("LAT host filtering not implemented");
2000
2001 case Q_MOPDL:
2002 bpf_error("MOPDL host filtering not implemented");
2003
2004 case Q_MOPRC:
2005 bpf_error("MOPRC host filtering not implemented");
2006
2007 case Q_IPV6:
2008 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6,
2009 off_nl + 8, off_nl + 24);
2010
2011 case Q_ICMPV6:
2012 bpf_error("'icmp6' modifier applied to host");
2013
2014 case Q_AH:
2015 bpf_error("'ah' modifier applied to host");
2016
2017 case Q_ESP:
2018 bpf_error("'esp' modifier applied to host");
2019
2020 case Q_ISO:
2021 bpf_error("ISO host filtering not implemented");
2022
2023 case Q_ESIS:
2024 bpf_error("'esis' modifier applied to host");
2025
2026 case Q_ISIS:
2027 bpf_error("'isis' modifier applied to host");
2028
2029 case Q_CLNP:
2030 bpf_error("'clnp' modifier applied to host");
2031
2032 case Q_STP:
2033 bpf_error("'stp' modifier applied to host");
2034
2035 case Q_IPX:
2036 bpf_error("IPX host filtering not implemented");
2037
2038 case Q_NETBEUI:
2039 bpf_error("'netbeui' modifier applied to host");
2040
2041 default:
2042 abort();
2043 }
2044 /* NOTREACHED */
2045 }
2046 #endif /*INET6*/
2047
2048 #ifndef INET6
2049 static struct block *
2050 gen_gateway(eaddr, alist, proto, dir)
2051 const u_char *eaddr;
2052 bpf_u_int32 **alist;
2053 int proto;
2054 int dir;
2055 {
2056 struct block *b0, *b1, *tmp;
2057
2058 if (dir != 0)
2059 bpf_error("direction applied to 'gateway'");
2060
2061 switch (proto) {
2062 case Q_DEFAULT:
2063 case Q_IP:
2064 case Q_ARP:
2065 case Q_RARP:
2066 if (linktype == DLT_EN10MB)
2067 b0 = gen_ehostop(eaddr, Q_OR);
2068 else if (linktype == DLT_FDDI)
2069 b0 = gen_fhostop(eaddr, Q_OR);
2070 else if (linktype == DLT_IEEE802)
2071 b0 = gen_thostop(eaddr, Q_OR);
2072 else
2073 bpf_error(
2074 "'gateway' supported only on ethernet, FDDI or token ring");
2075
2076 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR);
2077 while (*alist) {
2078 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR);
2079 gen_or(b1, tmp);
2080 b1 = tmp;
2081 }
2082 gen_not(b1);
2083 gen_and(b0, b1);
2084 return b1;
2085 }
2086 bpf_error("illegal modifier of 'gateway'");
2087 /* NOTREACHED */
2088 }
2089 #endif
2090
2091 struct block *
2092 gen_proto_abbrev(proto)
2093 int proto;
2094 {
2095 #ifdef INET6
2096 struct block *b0;
2097 #endif
2098 struct block *b1;
2099
2100 switch (proto) {
2101
2102 case Q_SCTP:
2103 b1 = gen_proto(IPPROTO_SCTP, Q_IP, Q_DEFAULT);
2104 #ifdef INET6
2105 b0 = gen_proto(IPPROTO_SCTP, Q_IPV6, Q_DEFAULT);
2106 gen_or(b0, b1);
2107 #endif
2108 break;
2109
2110 case Q_TCP:
2111 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT);
2112 #ifdef INET6
2113 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT);
2114 gen_or(b0, b1);
2115 #endif
2116 break;
2117
2118 case Q_UDP:
2119 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT);
2120 #ifdef INET6
2121 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT);
2122 gen_or(b0, b1);
2123 #endif
2124 break;
2125
2126 case Q_ICMP:
2127 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT);
2128 break;
2129
2130 #ifndef IPPROTO_IGMP
2131 #define IPPROTO_IGMP 2
2132 #endif
2133
2134 case Q_IGMP:
2135 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT);
2136 break;
2137
2138 #ifndef IPPROTO_IGRP
2139 #define IPPROTO_IGRP 9
2140 #endif
2141 case Q_IGRP:
2142 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT);
2143 break;
2144
2145 #ifndef IPPROTO_PIM
2146 #define IPPROTO_PIM 103
2147 #endif
2148
2149 case Q_PIM:
2150 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT);
2151 #ifdef INET6
2152 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT);
2153 gen_or(b0, b1);
2154 #endif
2155 break;
2156
2157 #ifndef IPPROTO_VRRP
2158 #define IPPROTO_VRRP 112
2159 #endif
2160
2161 case Q_VRRP:
2162 b1 = gen_proto(IPPROTO_VRRP, Q_IP, Q_DEFAULT);
2163 break;
2164
2165 case Q_IP:
2166 b1 = gen_linktype(ETHERTYPE_IP);
2167 break;
2168
2169 case Q_ARP:
2170 b1 = gen_linktype(ETHERTYPE_ARP);
2171 break;
2172
2173 case Q_RARP:
2174 b1 = gen_linktype(ETHERTYPE_REVARP);
2175 break;
2176
2177 case Q_LINK:
2178 bpf_error("link layer applied in wrong context");
2179
2180 case Q_ATALK:
2181 b1 = gen_linktype(ETHERTYPE_ATALK);
2182 break;
2183
2184 case Q_AARP:
2185 b1 = gen_linktype(ETHERTYPE_AARP);
2186 break;
2187
2188 case Q_DECNET:
2189 b1 = gen_linktype(ETHERTYPE_DN);
2190 break;
2191
2192 case Q_SCA:
2193 b1 = gen_linktype(ETHERTYPE_SCA);
2194 break;
2195
2196 case Q_LAT:
2197 b1 = gen_linktype(ETHERTYPE_LAT);
2198 break;
2199
2200 case Q_MOPDL:
2201 b1 = gen_linktype(ETHERTYPE_MOPDL);
2202 break;
2203
2204 case Q_MOPRC:
2205 b1 = gen_linktype(ETHERTYPE_MOPRC);
2206 break;
2207
2208 #ifdef INET6
2209 case Q_IPV6:
2210 b1 = gen_linktype(ETHERTYPE_IPV6);
2211 break;
2212
2213 #ifndef IPPROTO_ICMPV6
2214 #define IPPROTO_ICMPV6 58
2215 #endif
2216 case Q_ICMPV6:
2217 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT);
2218 break;
2219 #endif /* INET6 */
2220
2221 #ifndef IPPROTO_AH
2222 #define IPPROTO_AH 51
2223 #endif
2224 case Q_AH:
2225 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT);
2226 #ifdef INET6
2227 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT);
2228 gen_or(b0, b1);
2229 #endif
2230 break;
2231
2232 #ifndef IPPROTO_ESP
2233 #define IPPROTO_ESP 50
2234 #endif
2235 case Q_ESP:
2236 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT);
2237 #ifdef INET6
2238 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT);
2239 gen_or(b0, b1);
2240 #endif
2241 break;
2242
2243 case Q_ISO:
2244 b1 = gen_linktype(LLCSAP_ISONS);
2245 break;
2246
2247 case Q_ESIS:
2248 b1 = gen_proto(ISO9542_ESIS, Q_ISO, Q_DEFAULT);
2249 break;
2250
2251 case Q_ISIS:
2252 b1 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT);
2253 break;
2254
2255 case Q_CLNP:
2256 b1 = gen_proto(ISO8473_CLNP, Q_ISO, Q_DEFAULT);
2257 break;
2258
2259 case Q_STP:
2260 b1 = gen_linktype(LLCSAP_8021D);
2261 break;
2262
2263 case Q_IPX:
2264 b1 = gen_linktype(LLCSAP_IPX);
2265 break;
2266
2267 case Q_NETBEUI:
2268 b1 = gen_linktype(LLCSAP_NETBEUI);
2269 break;
2270
2271 default:
2272 abort();
2273 }
2274 return b1;
2275 }
2276
2277 static struct block *
2278 gen_ipfrag()
2279 {
2280 struct slist *s;
2281 struct block *b;
2282
2283 /* not ip frag */
2284 s = new_stmt(BPF_LD|BPF_H|BPF_ABS);
2285 s->s.k = off_nl + 6;
2286 b = new_block(JMP(BPF_JSET));
2287 b->s.k = 0x1fff;
2288 b->stmts = s;
2289 gen_not(b);
2290
2291 return b;
2292 }
2293
2294 static struct block *
2295 gen_portatom(off, v)
2296 int off;
2297 bpf_int32 v;
2298 {
2299 struct slist *s;
2300 struct block *b;
2301
2302 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
2303 s->s.k = off_nl;
2304
2305 s->next = new_stmt(BPF_LD|BPF_IND|BPF_H);
2306 s->next->s.k = off_nl + off;
2307
2308 b = new_block(JMP(BPF_JEQ));
2309 b->stmts = s;
2310 b->s.k = v;
2311
2312 return b;
2313 }
2314
2315 #ifdef INET6
2316 static struct block *
2317 gen_portatom6(off, v)
2318 int off;
2319 bpf_int32 v;
2320 {
2321 return gen_cmp(off_nl + 40 + off, BPF_H, v);
2322 }
2323 #endif/*INET6*/
2324
2325 struct block *
2326 gen_portop(port, proto, dir)
2327 int port, proto, dir;
2328 {
2329 struct block *b0, *b1, *tmp;
2330
2331 /* ip proto 'proto' */
2332 tmp = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)proto);
2333 b0 = gen_ipfrag();
2334 gen_and(tmp, b0);
2335
2336 switch (dir) {
2337 case Q_SRC:
2338 b1 = gen_portatom(0, (bpf_int32)port);
2339 break;
2340
2341 case Q_DST:
2342 b1 = gen_portatom(2, (bpf_int32)port);
2343 break;
2344
2345 case Q_OR:
2346 case Q_DEFAULT:
2347 tmp = gen_portatom(0, (bpf_int32)port);
2348 b1 = gen_portatom(2, (bpf_int32)port);
2349 gen_or(tmp, b1);
2350 break;
2351
2352 case Q_AND:
2353 tmp = gen_portatom(0, (bpf_int32)port);
2354 b1 = gen_portatom(2, (bpf_int32)port);
2355 gen_and(tmp, b1);
2356 break;
2357
2358 default:
2359 abort();
2360 }
2361 gen_and(b0, b1);
2362
2363 return b1;
2364 }
2365
2366 static struct block *
2367 gen_port(port, ip_proto, dir)
2368 int port;
2369 int ip_proto;
2370 int dir;
2371 {
2372 struct block *b0, *b1, *tmp;
2373
2374 /* ether proto ip */
2375 b0 = gen_linktype(ETHERTYPE_IP);
2376
2377 switch (ip_proto) {
2378 case IPPROTO_UDP:
2379 case IPPROTO_TCP:
2380 case IPPROTO_SCTP:
2381 b1 = gen_portop(port, ip_proto, dir);
2382 break;
2383
2384 case PROTO_UNDEF:
2385 tmp = gen_portop(port, IPPROTO_TCP, dir);
2386 b1 = gen_portop(port, IPPROTO_UDP, dir);
2387 gen_or(tmp, b1);
2388 tmp = gen_portop(port, IPPROTO_SCTP, dir);
2389 gen_or(tmp, b1);
2390 break;
2391
2392 default:
2393 abort();
2394 }
2395 gen_and(b0, b1);
2396 return b1;
2397 }
2398
2399 #ifdef INET6
2400 struct block *
2401 gen_portop6(port, proto, dir)
2402 int port, proto, dir;
2403 {
2404 struct block *b0, *b1, *tmp;
2405
2406 /* ip proto 'proto' */
2407 b0 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)proto);
2408
2409 switch (dir) {
2410 case Q_SRC:
2411 b1 = gen_portatom6(0, (bpf_int32)port);
2412 break;
2413
2414 case Q_DST:
2415 b1 = gen_portatom6(2, (bpf_int32)port);
2416 break;
2417
2418 case Q_OR:
2419 case Q_DEFAULT:
2420 tmp = gen_portatom6(0, (bpf_int32)port);
2421 b1 = gen_portatom6(2, (bpf_int32)port);
2422 gen_or(tmp, b1);
2423 break;
2424
2425 case Q_AND:
2426 tmp = gen_portatom6(0, (bpf_int32)port);
2427 b1 = gen_portatom6(2, (bpf_int32)port);
2428 gen_and(tmp, b1);
2429 break;
2430
2431 default:
2432 abort();
2433 }
2434 gen_and(b0, b1);
2435
2436 return b1;
2437 }
2438
2439 static struct block *
2440 gen_port6(port, ip_proto, dir)
2441 int port;
2442 int ip_proto;
2443 int dir;
2444 {
2445 struct block *b0, *b1, *tmp;
2446
2447 /* ether proto ip */
2448 b0 = gen_linktype(ETHERTYPE_IPV6);
2449
2450 switch (ip_proto) {
2451 case IPPROTO_UDP:
2452 case IPPROTO_TCP:
2453 case IPPROTO_SCTP:
2454 b1 = gen_portop6(port, ip_proto, dir);
2455 break;
2456
2457 case PROTO_UNDEF:
2458 tmp = gen_portop6(port, IPPROTO_TCP, dir);
2459 b1 = gen_portop6(port, IPPROTO_UDP, dir);
2460 gen_or(tmp, b1);
2461 tmp = gen_portop6(port, IPPROTO_SCTP, dir);
2462 gen_or(tmp, b1);
2463 break;
2464
2465 default:
2466 abort();
2467 }
2468 gen_and(b0, b1);
2469 return b1;
2470 }
2471 #endif /* INET6 */
2472
2473 static int
2474 lookup_proto(name, proto)
2475 register const char *name;
2476 register int proto;
2477 {
2478 register int v;
2479
2480 switch (proto) {
2481
2482 case Q_DEFAULT:
2483 case Q_IP:
2484 case Q_IPV6:
2485 v = pcap_nametoproto(name);
2486 if (v == PROTO_UNDEF)
2487 bpf_error("unknown ip proto '%s'", name);
2488 break;
2489
2490 case Q_LINK:
2491 /* XXX should look up h/w protocol type based on linktype */
2492 v = pcap_nametoeproto(name);
2493 if (v == PROTO_UNDEF)
2494 bpf_error("unknown ether proto '%s'", name);
2495 break;
2496
2497 case Q_ISO:
2498 if (strcmp(name, "esis") == 0)
2499 v = ISO9542_ESIS;
2500 else if (strcmp(name, "isis") == 0)
2501 v = ISO10589_ISIS;
2502 else if (strcmp(name, "clnp") == 0)
2503 v = ISO8473_CLNP;
2504 else
2505 bpf_error("unknown osi proto '%s'", name);
2506 break;
2507
2508 default:
2509 v = PROTO_UNDEF;
2510 break;
2511 }
2512 return v;
2513 }
2514
2515 #if 0
2516 struct stmt *
2517 gen_joinsp(s, n)
2518 struct stmt **s;
2519 int n;
2520 {
2521 return NULL;
2522 }
2523 #endif
2524
2525 static struct block *
2526 gen_protochain(v, proto, dir)
2527 int v;
2528 int proto;
2529 int dir;
2530 {
2531 #ifdef NO_PROTOCHAIN
2532 return gen_proto(v, proto, dir);
2533 #else
2534 struct block *b0, *b;
2535 struct slist *s[100];
2536 int fix2, fix3, fix4, fix5;
2537 int ahcheck, again, end;
2538 int i, max;
2539 int reg2 = alloc_reg();
2540
2541 memset(s, 0, sizeof(s));
2542 fix2 = fix3 = fix4 = fix5 = 0;
2543
2544 switch (proto) {
2545 case Q_IP:
2546 case Q_IPV6:
2547 break;
2548 case Q_DEFAULT:
2549 b0 = gen_protochain(v, Q_IP, dir);
2550 b = gen_protochain(v, Q_IPV6, dir);
2551 gen_or(b0, b);
2552 return b;
2553 default:
2554 bpf_error("bad protocol applied for 'protochain'");
2555 /*NOTREACHED*/
2556 }
2557
2558 no_optimize = 1; /*this code is not compatible with optimzer yet */
2559
2560 /*
2561 * s[0] is a dummy entry to protect other BPF insn from damaged
2562 * by s[fix] = foo with uninitialized variable "fix". It is somewhat
2563 * hard to find interdependency made by jump table fixup.
2564 */
2565 i = 0;
2566 s[i] = new_stmt(0); /*dummy*/
2567 i++;
2568
2569 switch (proto) {
2570 case Q_IP:
2571 b0 = gen_linktype(ETHERTYPE_IP);
2572
2573 /* A = ip->ip_p */
2574 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
2575 s[i]->s.k = off_nl + 9;
2576 i++;
2577 /* X = ip->ip_hl << 2 */
2578 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
2579 s[i]->s.k = off_nl;
2580 i++;
2581 break;
2582 #ifdef INET6
2583 case Q_IPV6:
2584 b0 = gen_linktype(ETHERTYPE_IPV6);
2585
2586 /* A = ip6->ip_nxt */
2587 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
2588 s[i]->s.k = off_nl + 6;
2589 i++;
2590 /* X = sizeof(struct ip6_hdr) */
2591 s[i] = new_stmt(BPF_LDX|BPF_IMM);
2592 s[i]->s.k = 40;
2593 i++;
2594 break;
2595 #endif
2596 default:
2597 bpf_error("unsupported proto to gen_protochain");
2598 /*NOTREACHED*/
2599 }
2600
2601 /* again: if (A == v) goto end; else fall through; */
2602 again = i;
2603 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2604 s[i]->s.k = v;
2605 s[i]->s.jt = NULL; /*later*/
2606 s[i]->s.jf = NULL; /*update in next stmt*/
2607 fix5 = i;
2608 i++;
2609
2610 #ifndef IPPROTO_NONE
2611 #define IPPROTO_NONE 59
2612 #endif
2613 /* if (A == IPPROTO_NONE) goto end */
2614 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2615 s[i]->s.jt = NULL; /*later*/
2616 s[i]->s.jf = NULL; /*update in next stmt*/
2617 s[i]->s.k = IPPROTO_NONE;
2618 s[fix5]->s.jf = s[i];
2619 fix2 = i;
2620 i++;
2621
2622 #ifdef INET6
2623 if (proto == Q_IPV6) {
2624 int v6start, v6end, v6advance, j;
2625
2626 v6start = i;
2627 /* if (A == IPPROTO_HOPOPTS) goto v6advance */
2628 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2629 s[i]->s.jt = NULL; /*later*/
2630 s[i]->s.jf = NULL; /*update in next stmt*/
2631 s[i]->s.k = IPPROTO_HOPOPTS;
2632 s[fix2]->s.jf = s[i];
2633 i++;
2634 /* if (A == IPPROTO_DSTOPTS) goto v6advance */
2635 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2636 s[i]->s.jt = NULL; /*later*/
2637 s[i]->s.jf = NULL; /*update in next stmt*/
2638 s[i]->s.k = IPPROTO_DSTOPTS;
2639 i++;
2640 /* if (A == IPPROTO_ROUTING) goto v6advance */
2641 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2642 s[i]->s.jt = NULL; /*later*/
2643 s[i]->s.jf = NULL; /*update in next stmt*/
2644 s[i]->s.k = IPPROTO_ROUTING;
2645 i++;
2646 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */
2647 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2648 s[i]->s.jt = NULL; /*later*/
2649 s[i]->s.jf = NULL; /*later*/
2650 s[i]->s.k = IPPROTO_FRAGMENT;
2651 fix3 = i;
2652 v6end = i;
2653 i++;
2654
2655 /* v6advance: */
2656 v6advance = i;
2657
2658 /*
2659 * in short,
2660 * A = P[X];
2661 * X = X + (P[X + 1] + 1) * 8;
2662 */
2663 /* A = X */
2664 s[i] = new_stmt(BPF_MISC|BPF_TXA);
2665 i++;
2666 /* A = P[X + packet head] */
2667 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2668 s[i]->s.k = off_nl;
2669 i++;
2670 /* MEM[reg2] = A */
2671 s[i] = new_stmt(BPF_ST);
2672 s[i]->s.k = reg2;
2673 i++;
2674 /* A = X */
2675 s[i] = new_stmt(BPF_MISC|BPF_TXA);
2676 i++;
2677 /* A += 1 */
2678 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2679 s[i]->s.k = 1;
2680 i++;
2681 /* X = A */
2682 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2683 i++;
2684 /* A = P[X + packet head]; */
2685 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2686 s[i]->s.k = off_nl;
2687 i++;
2688 /* A += 1 */
2689 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2690 s[i]->s.k = 1;
2691 i++;
2692 /* A *= 8 */
2693 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
2694 s[i]->s.k = 8;
2695 i++;
2696 /* X = A; */
2697 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2698 i++;
2699 /* A = MEM[reg2] */
2700 s[i] = new_stmt(BPF_LD|BPF_MEM);
2701 s[i]->s.k = reg2;
2702 i++;
2703
2704 /* goto again; (must use BPF_JA for backward jump) */
2705 s[i] = new_stmt(BPF_JMP|BPF_JA);
2706 s[i]->s.k = again - i - 1;
2707 s[i - 1]->s.jf = s[i];
2708 i++;
2709
2710 /* fixup */
2711 for (j = v6start; j <= v6end; j++)
2712 s[j]->s.jt = s[v6advance];
2713 } else
2714 #endif
2715 {
2716 /* nop */
2717 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2718 s[i]->s.k = 0;
2719 s[fix2]->s.jf = s[i];
2720 i++;
2721 }
2722
2723 /* ahcheck: */
2724 ahcheck = i;
2725 /* if (A == IPPROTO_AH) then fall through; else goto end; */
2726 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
2727 s[i]->s.jt = NULL; /*later*/
2728 s[i]->s.jf = NULL; /*later*/
2729 s[i]->s.k = IPPROTO_AH;
2730 if (fix3)
2731 s[fix3]->s.jf = s[ahcheck];
2732 fix4 = i;
2733 i++;
2734
2735 /*
2736 * in short,
2737 * A = P[X];
2738 * X = X + (P[X + 1] + 2) * 4;
2739 */
2740 /* A = X */
2741 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
2742 i++;
2743 /* A = P[X + packet head]; */
2744 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2745 s[i]->s.k = off_nl;
2746 i++;
2747 /* MEM[reg2] = A */
2748 s[i] = new_stmt(BPF_ST);
2749 s[i]->s.k = reg2;
2750 i++;
2751 /* A = X */
2752 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
2753 i++;
2754 /* A += 1 */
2755 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2756 s[i]->s.k = 1;
2757 i++;
2758 /* X = A */
2759 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2760 i++;
2761 /* A = P[X + packet head] */
2762 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2763 s[i]->s.k = off_nl;
2764 i++;
2765 /* A += 2 */
2766 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2767 s[i]->s.k = 2;
2768 i++;
2769 /* A *= 4 */
2770 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
2771 s[i]->s.k = 4;
2772 i++;
2773 /* X = A; */
2774 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2775 i++;
2776 /* A = MEM[reg2] */
2777 s[i] = new_stmt(BPF_LD|BPF_MEM);
2778 s[i]->s.k = reg2;
2779 i++;
2780
2781 /* goto again; (must use BPF_JA for backward jump) */
2782 s[i] = new_stmt(BPF_JMP|BPF_JA);
2783 s[i]->s.k = again - i - 1;
2784 i++;
2785
2786 /* end: nop */
2787 end = i;
2788 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2789 s[i]->s.k = 0;
2790 s[fix2]->s.jt = s[end];
2791 s[fix4]->s.jf = s[end];
2792 s[fix5]->s.jt = s[end];
2793 i++;
2794
2795 /*
2796 * make slist chain
2797 */
2798 max = i;
2799 for (i = 0; i < max - 1; i++)
2800 s[i]->next = s[i + 1];
2801 s[max - 1]->next = NULL;
2802
2803 /*
2804 * emit final check
2805 */
2806 b = new_block(JMP(BPF_JEQ));
2807 b->stmts = s[1]; /*remember, s[0] is dummy*/
2808 b->s.k = v;
2809
2810 free_reg(reg2);
2811
2812 gen_and(b0, b);
2813 return b;
2814 #endif
2815 }
2816
2817 static struct block *
2818 gen_proto(v, proto, dir)
2819 int v;
2820 int proto;
2821 int dir;
2822 {
2823 struct block *b0, *b1;
2824
2825 if (dir != Q_DEFAULT)
2826 bpf_error("direction applied to 'proto'");
2827
2828 switch (proto) {
2829 case Q_DEFAULT:
2830 #ifdef INET6
2831 b0 = gen_proto(v, Q_IP, dir);
2832 b1 = gen_proto(v, Q_IPV6, dir);
2833 gen_or(b0, b1);
2834 return b1;
2835 #else
2836 /*FALLTHROUGH*/
2837 #endif
2838 case Q_IP:
2839 b0 = gen_linktype(ETHERTYPE_IP);
2840 #ifndef CHASE_CHAIN
2841 b1 = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)v);
2842 #else
2843 b1 = gen_protochain(v, Q_IP);
2844 #endif
2845 gen_and(b0, b1);
2846 return b1;
2847
2848 case Q_ISO:
2849 b0 = gen_linktype(LLCSAP_ISONS);
2850 b1 = gen_cmp(off_nl_nosnap, BPF_B, (long)v);
2851 gen_and(b0, b1);
2852 return b1;
2853
2854 case Q_ARP:
2855 bpf_error("arp does not encapsulate another protocol");
2856 /* NOTREACHED */
2857
2858 case Q_RARP:
2859 bpf_error("rarp does not encapsulate another protocol");
2860 /* NOTREACHED */
2861
2862 case Q_ATALK:
2863 bpf_error("atalk encapsulation is not specifiable");
2864 /* NOTREACHED */
2865
2866 case Q_DECNET:
2867 bpf_error("decnet encapsulation is not specifiable");
2868 /* NOTREACHED */
2869
2870 case Q_SCA:
2871 bpf_error("sca does not encapsulate another protocol");
2872 /* NOTREACHED */
2873
2874 case Q_LAT:
2875 bpf_error("lat does not encapsulate another protocol");
2876 /* NOTREACHED */
2877
2878 case Q_MOPRC:
2879 bpf_error("moprc does not encapsulate another protocol");
2880 /* NOTREACHED */
2881
2882 case Q_MOPDL:
2883 bpf_error("mopdl does not encapsulate another protocol");
2884 /* NOTREACHED */
2885
2886 case Q_LINK:
2887 return gen_linktype(v);
2888
2889 case Q_UDP:
2890 bpf_error("'udp proto' is bogus");
2891 /* NOTREACHED */
2892
2893 case Q_TCP:
2894 bpf_error("'tcp proto' is bogus");
2895 /* NOTREACHED */
2896
2897 case Q_SCTP:
2898 bpf_error("'sctp proto' is bogus");
2899 /* NOTREACHED */
2900
2901 case Q_ICMP:
2902 bpf_error("'icmp proto' is bogus");
2903 /* NOTREACHED */
2904
2905 case Q_IGMP:
2906 bpf_error("'igmp proto' is bogus");
2907 /* NOTREACHED */
2908
2909 case Q_IGRP:
2910 bpf_error("'igrp proto' is bogus");
2911 /* NOTREACHED */
2912
2913 case Q_PIM:
2914 bpf_error("'pim proto' is bogus");
2915 /* NOTREACHED */
2916
2917 case Q_VRRP:
2918 bpf_error("'vrrp proto' is bogus");
2919 /* NOTREACHED */
2920
2921 #ifdef INET6
2922 case Q_IPV6:
2923 b0 = gen_linktype(ETHERTYPE_IPV6);
2924 #ifndef CHASE_CHAIN
2925 b1 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)v);
2926 #else
2927 b1 = gen_protochain(v, Q_IPV6);
2928 #endif
2929 gen_and(b0, b1);
2930 return b1;
2931
2932 case Q_ICMPV6:
2933 bpf_error("'icmp6 proto' is bogus");
2934 #endif /* INET6 */
2935
2936 case Q_AH:
2937 bpf_error("'ah proto' is bogus");
2938
2939 case Q_ESP:
2940 bpf_error("'ah proto' is bogus");
2941
2942 case Q_STP:
2943 bpf_error("'stp proto' is bogus");
2944
2945 case Q_IPX:
2946 bpf_error("'ipx proto' is bogus");
2947
2948 case Q_NETBEUI:
2949 bpf_error("'netbeui proto' is bogus");
2950
2951 default:
2952 abort();
2953 /* NOTREACHED */
2954 }
2955 /* NOTREACHED */
2956 }
2957
2958 struct block *
2959 gen_scode(name, q)
2960 register const char *name;
2961 struct qual q;
2962 {
2963 int proto = q.proto;
2964 int dir = q.dir;
2965 int tproto;
2966 u_char *eaddr;
2967 bpf_u_int32 mask, addr;
2968 #ifndef INET6
2969 bpf_u_int32 **alist;
2970 #else
2971 int tproto6;
2972 struct sockaddr_in *sin;
2973 struct sockaddr_in6 *sin6;
2974 struct addrinfo *res, *res0;
2975 struct in6_addr mask128;
2976 #endif /*INET6*/
2977 struct block *b, *tmp;
2978 int port, real_proto;
2979
2980 switch (q.addr) {
2981
2982 case Q_NET:
2983 addr = pcap_nametonetaddr(name);
2984 if (addr == 0)
2985 bpf_error("unknown network '%s'", name);
2986 /* Left justify network addr and calculate its network mask */
2987 mask = 0xffffffff;
2988 while (addr && (addr & 0xff000000) == 0) {
2989 addr <<= 8;
2990 mask <<= 8;
2991 }
2992 return gen_host(addr, mask, proto, dir);
2993
2994 case Q_DEFAULT:
2995 case Q_HOST:
2996 if (proto == Q_LINK) {
2997 switch (linktype) {
2998
2999 case DLT_EN10MB:
3000 eaddr = pcap_ether_hostton(name);
3001 if (eaddr == NULL)
3002 bpf_error(
3003 "unknown ether host '%s'", name);
3004 b = gen_ehostop(eaddr, dir);
3005 free(eaddr);
3006 return b;
3007
3008 case DLT_FDDI:
3009 eaddr = pcap_ether_hostton(name);
3010 if (eaddr == NULL)
3011 bpf_error(
3012 "unknown FDDI host '%s'", name);
3013 b = gen_fhostop(eaddr, dir);
3014 free(eaddr);
3015 return b;
3016
3017 case DLT_IEEE802:
3018 eaddr = pcap_ether_hostton(name);
3019 if (eaddr == NULL)
3020 bpf_error(
3021 "unknown token ring host '%s'", name);
3022 b = gen_thostop(eaddr, dir);
3023 free(eaddr);
3024 return b;
3025
3026 default:
3027 bpf_error(
3028 "only ethernet/FDDI/token ring supports link-level host name");
3029 break;
3030 }
3031 } else if (proto == Q_DECNET) {
3032 unsigned short dn_addr = __pcap_nametodnaddr(name);
3033 /*
3034 * I don't think DECNET hosts can be multihomed, so
3035 * there is no need to build up a list of addresses
3036 */
3037 return (gen_host(dn_addr, 0, proto, dir));
3038 } else {
3039 #ifndef INET6
3040 alist = pcap_nametoaddr(name);
3041 if (alist == NULL || *alist == NULL)
3042 bpf_error("unknown host '%s'", name);
3043 tproto = proto;
3044 if (off_linktype == -1 && tproto == Q_DEFAULT)
3045 tproto = Q_IP;
3046 b = gen_host(**alist++, 0xffffffff, tproto, dir);
3047 while (*alist) {
3048 tmp = gen_host(**alist++, 0xffffffff,
3049 tproto, dir);
3050 gen_or(b, tmp);
3051 b = tmp;
3052 }
3053 return b;
3054 #else
3055 memset(&mask128, 0xff, sizeof(mask128));
3056 res0 = res = pcap_nametoaddrinfo(name);
3057 if (res == NULL)
3058 bpf_error("unknown host '%s'", name);
3059 b = tmp = NULL;
3060 tproto = tproto6 = proto;
3061 if (off_linktype == -1 && tproto == Q_DEFAULT) {
3062 tproto = Q_IP;
3063 tproto6 = Q_IPV6;
3064 }
3065 for (res = res0; res; res = res->ai_next) {
3066 switch (res->ai_family) {
3067 case AF_INET:
3068 if (tproto == Q_IPV6)
3069 continue;
3070
3071 sin = (struct sockaddr_in *)
3072 res->ai_addr;
3073 tmp = gen_host(ntohl(sin->sin_addr.s_addr),
3074 0xffffffff, tproto, dir);
3075 break;
3076 case AF_INET6:
3077 if (tproto6 == Q_IP)
3078 continue;
3079
3080 sin6 = (struct sockaddr_in6 *)
3081 res->ai_addr;
3082 tmp = gen_host6(&sin6->sin6_addr,
3083 &mask128, tproto6, dir);
3084 break;
3085 default:
3086 continue;
3087 }
3088 if (b)
3089 gen_or(b, tmp);
3090 b = tmp;
3091 }
3092 freeaddrinfo(res0);
3093 if (b == NULL) {
3094 bpf_error("unknown host '%s'%s", name,
3095 (proto == Q_DEFAULT)
3096 ? ""
3097 : " for specified address family");
3098 }
3099 return b;
3100 #endif /*INET6*/
3101 }
3102
3103 case Q_PORT:
3104 if (proto != Q_DEFAULT &&
3105 proto != Q_UDP && proto != Q_TCP && proto != Q_SCTP)
3106 bpf_error("illegal qualifier of 'port'");
3107 if (pcap_nametoport(name, &port, &real_proto) == 0)
3108 bpf_error("unknown port '%s'", name);
3109 if (proto == Q_UDP) {
3110 if (real_proto == IPPROTO_TCP)
3111 bpf_error("port '%s' is tcp", name);
3112 else if (real_proto == IPPROTO_SCTP)
3113 bpf_error("port '%s' is sctp", name);
3114 else
3115 /* override PROTO_UNDEF */
3116 real_proto = IPPROTO_UDP;
3117 }
3118 if (proto == Q_TCP) {
3119 if (real_proto == IPPROTO_UDP)
3120 bpf_error("port '%s' is udp", name);
3121
3122 else if (real_proto == IPPROTO_SCTP)
3123 bpf_error("port '%s' is sctp", name);
3124 else
3125 /* override PROTO_UNDEF */
3126 real_proto = IPPROTO_TCP;
3127 }
3128 if (proto == Q_SCTP) {
3129 if (real_proto == IPPROTO_UDP)
3130 bpf_error("port '%s' is udp", name);
3131
3132 else if (real_proto == IPPROTO_TCP)
3133 bpf_error("port '%s' is tcp", name);
3134 else
3135 /* override PROTO_UNDEF */
3136 real_proto = IPPROTO_SCTP;
3137 }
3138 #ifndef INET6
3139 return gen_port(port, real_proto, dir);
3140 #else
3141 {
3142 struct block *b;
3143 b = gen_port(port, real_proto, dir);
3144 gen_or(gen_port6(port, real_proto, dir), b);
3145 return b;
3146 }
3147 #endif /* INET6 */
3148
3149 case Q_GATEWAY:
3150 #ifndef INET6
3151 eaddr = pcap_ether_hostton(name);
3152 if (eaddr == NULL)
3153 bpf_error("unknown ether host: %s", name);
3154
3155 alist = pcap_nametoaddr(name);
3156 if (alist == NULL || *alist == NULL)
3157 bpf_error("unknown host '%s'", name);
3158 b = gen_gateway(eaddr, alist, proto, dir);
3159 free(eaddr);
3160 return b;
3161 #else
3162 bpf_error("'gateway' not supported in this configuration");
3163 #endif /*INET6*/
3164
3165 case Q_PROTO:
3166 real_proto = lookup_proto(name, proto);
3167 if (real_proto >= 0)
3168 return gen_proto(real_proto, proto, dir);
3169 else
3170 bpf_error("unknown protocol: %s", name);
3171
3172 case Q_PROTOCHAIN:
3173 real_proto = lookup_proto(name, proto);
3174 if (real_proto >= 0)
3175 return gen_protochain(real_proto, proto, dir);
3176 else
3177 bpf_error("unknown protocol: %s", name);
3178
3179
3180 case Q_UNDEF:
3181 syntax();
3182 /* NOTREACHED */
3183 }
3184 abort();
3185 /* NOTREACHED */
3186 }
3187
3188 struct block *
3189 gen_mcode(s1, s2, masklen, q)
3190 register const char *s1, *s2;
3191 register int masklen;
3192 struct qual q;
3193 {
3194 register int nlen, mlen;
3195 bpf_u_int32 n, m;
3196
3197 nlen = __pcap_atoin(s1, &n);
3198 /* Promote short ipaddr */
3199 n <<= 32 - nlen;
3200
3201 if (s2 != NULL) {
3202 mlen = __pcap_atoin(s2, &m);
3203 /* Promote short ipaddr */
3204 m <<= 32 - mlen;
3205 if ((n & ~m) != 0)
3206 bpf_error("non-network bits set in \"%s mask %s\"",
3207 s1, s2);
3208 } else {
3209 /* Convert mask len to mask */
3210 if (masklen > 32)
3211 bpf_error("mask length must be <= 32");
3212 m = 0xffffffff << (32 - masklen);
3213 if ((n & ~m) != 0)
3214 bpf_error("non-network bits set in \"%s/%d\"",
3215 s1, masklen);
3216 }
3217
3218 switch (q.addr) {
3219
3220 case Q_NET:
3221 return gen_host(n, m, q.proto, q.dir);
3222
3223 default:
3224 bpf_error("Mask syntax for networks only");
3225 /* NOTREACHED */
3226 }
3227 }
3228
3229 struct block *
3230 gen_ncode(s, v, q)
3231 register const char *s;
3232 bpf_u_int32 v;
3233 struct qual q;
3234 {
3235 bpf_u_int32 mask;
3236 int proto = q.proto;
3237 int dir = q.dir;
3238 register int vlen;
3239
3240 if (s == NULL)
3241 vlen = 32;
3242 else if (q.proto == Q_DECNET)
3243 vlen = __pcap_atodn(s, &v);
3244 else
3245 vlen = __pcap_atoin(s, &v);
3246
3247 switch (q.addr) {
3248
3249 case Q_DEFAULT:
3250 case Q_HOST:
3251 case Q_NET:
3252 if (proto == Q_DECNET)
3253 return gen_host(v, 0, proto, dir);
3254 else if (proto == Q_LINK) {
3255 bpf_error("illegal link layer address");
3256 } else {
3257 mask = 0xffffffff;
3258 if (s == NULL && q.addr == Q_NET) {
3259 /* Promote short net number */
3260 while (v && (v & 0xff000000) == 0) {
3261 v <<= 8;
3262 mask <<= 8;
3263 }
3264 } else {
3265 /* Promote short ipaddr */
3266 v <<= 32 - vlen;
3267 mask <<= 32 - vlen;
3268 }
3269 return gen_host(v, mask, proto, dir);
3270 }
3271
3272 case Q_PORT:
3273 if (proto == Q_UDP)
3274 proto = IPPROTO_UDP;
3275 else if (proto == Q_TCP)
3276 proto = IPPROTO_TCP;
3277 else if (proto == Q_SCTP)
3278 proto = IPPROTO_SCTP;
3279 else if (proto == Q_DEFAULT)
3280 proto = PROTO_UNDEF;
3281 else
3282 bpf_error("illegal qualifier of 'port'");
3283
3284 #ifndef INET6
3285 return gen_port((int)v, proto, dir);
3286 #else
3287 {
3288 struct block *b;
3289 b = gen_port((int)v, proto, dir);
3290 gen_or(gen_port6((int)v, proto, dir), b);
3291 return b;
3292 }
3293 #endif /* INET6 */
3294
3295 case Q_GATEWAY:
3296 bpf_error("'gateway' requires a name");
3297 /* NOTREACHED */
3298
3299 case Q_PROTO:
3300 return gen_proto((int)v, proto, dir);
3301
3302 case Q_PROTOCHAIN:
3303 return gen_protochain((int)v, proto, dir);
3304
3305 case Q_UNDEF:
3306 syntax();
3307 /* NOTREACHED */
3308
3309 default:
3310 abort();
3311 /* NOTREACHED */
3312 }
3313 /* NOTREACHED */
3314 }
3315
3316 #ifdef INET6
3317 struct block *
3318 gen_mcode6(s1, s2, masklen, q)
3319 register const char *s1, *s2;
3320 register int masklen;
3321 struct qual q;
3322 {
3323 struct addrinfo *res;
3324 struct in6_addr *addr;
3325 struct in6_addr mask;
3326 struct block *b;
3327 u_int32_t *a, *m;
3328
3329 if (s2)
3330 bpf_error("no mask %s supported", s2);
3331
3332 res = pcap_nametoaddrinfo(s1);
3333 if (!res)
3334 bpf_error("invalid ip6 address %s", s1);
3335 if (res->ai_next)
3336 bpf_error("%s resolved to multiple address", s1);
3337 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr;
3338
3339 if (sizeof(mask) * 8 < masklen)
3340 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8));
3341 memset(&mask, 0, sizeof(mask));
3342 memset(&mask, 0xff, masklen / 8);
3343 if (masklen % 8) {
3344 mask.s6_addr[masklen / 8] =
3345 (0xff << (8 - masklen % 8)) & 0xff;
3346 }
3347
3348 a = (u_int32_t *)addr;
3349 m = (u_int32_t *)&mask;
3350 if ((a[0] & ~m[0]) || (a[1] & ~m[1])
3351 || (a[2] & ~m[2]) || (a[3] & ~m[3])) {
3352 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen);
3353 }
3354
3355 switch (q.addr) {
3356
3357 case Q_DEFAULT:
3358 case Q_HOST:
3359 if (masklen != 128)
3360 bpf_error("Mask syntax for networks only");
3361 /* FALLTHROUGH */
3362
3363 case Q_NET:
3364 b = gen_host6(addr, &mask, q.proto, q.dir);
3365 freeaddrinfo(res);
3366 return b;
3367
3368 default:
3369 bpf_error("invalid qualifier against IPv6 address");
3370 /* NOTREACHED */
3371 }
3372 }
3373 #endif /*INET6*/
3374
3375 struct block *
3376 gen_ecode(eaddr, q)
3377 register const u_char *eaddr;
3378 struct qual q;
3379 {
3380 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
3381 if (linktype == DLT_EN10MB)
3382 return gen_ehostop(eaddr, (int)q.dir);
3383 if (linktype == DLT_FDDI)
3384 return gen_fhostop(eaddr, (int)q.dir);
3385 if (linktype == DLT_IEEE802)
3386 return gen_thostop(eaddr, (int)q.dir);
3387 bpf_error("ethernet addresses supported only on ethernet, FDDI or token ring");
3388 }
3389 bpf_error("ethernet address used in non-ether expression");
3390 /* NOTREACHED */
3391 }
3392
3393 void
3394 sappend(s0, s1)
3395 struct slist *s0, *s1;
3396 {
3397 /*
3398 * This is definitely not the best way to do this, but the
3399 * lists will rarely get long.
3400 */
3401 while (s0->next)
3402 s0 = s0->next;
3403 s0->next = s1;
3404 }
3405
3406 static struct slist *
3407 xfer_to_x(a)
3408 struct arth *a;
3409 {
3410 struct slist *s;
3411
3412 s = new_stmt(BPF_LDX|BPF_MEM);
3413 s->s.k = a->regno;
3414 return s;
3415 }
3416
3417 static struct slist *
3418 xfer_to_a(a)
3419 struct arth *a;
3420 {
3421 struct slist *s;
3422
3423 s = new_stmt(BPF_LD|BPF_MEM);
3424 s->s.k = a->regno;
3425 return s;
3426 }
3427
3428 struct arth *
3429 gen_load(proto, index, size)
3430 int proto;
3431 struct arth *index;
3432 int size;
3433 {
3434 struct slist *s, *tmp;
3435 struct block *b;
3436 int regno = alloc_reg();
3437
3438 free_reg(index->regno);
3439 switch (size) {
3440
3441 default:
3442 bpf_error("data size must be 1, 2, or 4");
3443
3444 case 1:
3445 size = BPF_B;
3446 break;
3447
3448 case 2:
3449 size = BPF_H;
3450 break;
3451
3452 case 4:
3453 size = BPF_W;
3454 break;
3455 }
3456 switch (proto) {
3457 default:
3458 bpf_error("unsupported index operation");
3459
3460 case Q_LINK:
3461 s = xfer_to_x(index);
3462 tmp = new_stmt(BPF_LD|BPF_IND|size);
3463 sappend(s, tmp);
3464 sappend(index->s, s);
3465 break;
3466
3467 case Q_IP:
3468 case Q_ARP:
3469 case Q_RARP:
3470 case Q_ATALK:
3471 case Q_DECNET:
3472 case Q_SCA:
3473 case Q_LAT:
3474 case Q_MOPRC:
3475 case Q_MOPDL:
3476 #ifdef INET6
3477 case Q_IPV6:
3478 #endif
3479 /* XXX Note that we assume a fixed link header here. */
3480 s = xfer_to_x(index);
3481 tmp = new_stmt(BPF_LD|BPF_IND|size);
3482 tmp->s.k = off_nl;
3483 sappend(s, tmp);
3484 sappend(index->s, s);
3485
3486 b = gen_proto_abbrev(proto);
3487 if (index->b)
3488 gen_and(index->b, b);
3489 index->b = b;
3490 break;
3491
3492 case Q_SCTP:
3493 case Q_TCP:
3494 case Q_UDP:
3495 case Q_ICMP:
3496 case Q_IGMP:
3497 case Q_IGRP:
3498 case Q_PIM:
3499 case Q_VRRP:
3500 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
3501 s->s.k = off_nl;
3502 sappend(s, xfer_to_a(index));
3503 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X));
3504 sappend(s, new_stmt(BPF_MISC|BPF_TAX));
3505 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size));
3506 tmp->s.k = off_nl;
3507 sappend(index->s, s);
3508
3509 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag());
3510 if (index->b)
3511 gen_and(index->b, b);
3512 #ifdef INET6
3513 gen_and(gen_proto_abbrev(Q_IP), b);
3514 #endif
3515 index->b = b;
3516 break;
3517 #ifdef INET6
3518 case Q_ICMPV6:
3519 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]");
3520 /*NOTREACHED*/
3521 #endif
3522 }
3523 index->regno = regno;
3524 s = new_stmt(BPF_ST);
3525 s->s.k = regno;
3526 sappend(index->s, s);
3527
3528 return index;
3529 }
3530
3531 struct block *
3532 gen_relation(code, a0, a1, reversed)
3533 int code;
3534 struct arth *a0, *a1;
3535 int reversed;
3536 {
3537 struct slist *s0, *s1, *s2;
3538 struct block *b, *tmp;
3539
3540 s0 = xfer_to_x(a1);
3541 s1 = xfer_to_a(a0);
3542 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X);
3543 b = new_block(JMP(code));
3544 if (code == BPF_JGT || code == BPF_JGE) {
3545 reversed = !reversed;
3546 b->s.k = 0x80000000;
3547 }
3548 if (reversed)
3549 gen_not(b);
3550
3551 sappend(s1, s2);
3552 sappend(s0, s1);
3553 sappend(a1->s, s0);
3554 sappend(a0->s, a1->s);
3555
3556 b->stmts = a0->s;
3557
3558 free_reg(a0->regno);
3559 free_reg(a1->regno);
3560
3561 /* 'and' together protocol checks */
3562 if (a0->b) {
3563 if (a1->b) {
3564 gen_and(a0->b, tmp = a1->b);
3565 }
3566 else
3567 tmp = a0->b;
3568 } else
3569 tmp = a1->b;
3570
3571 if (tmp)
3572 gen_and(tmp, b);
3573
3574 return b;
3575 }
3576
3577 struct arth *
3578 gen_loadlen()
3579 {
3580 int regno = alloc_reg();
3581 struct arth *a = (struct arth *)newchunk(sizeof(*a));
3582 struct slist *s;
3583
3584 s = new_stmt(BPF_LD|BPF_LEN);
3585 s->next = new_stmt(BPF_ST);
3586 s->next->s.k = regno;
3587 a->s = s;
3588 a->regno = regno;
3589
3590 return a;
3591 }
3592
3593 struct arth *
3594 gen_loadi(val)
3595 int val;
3596 {
3597 struct arth *a;
3598 struct slist *s;
3599 int reg;
3600
3601 a = (struct arth *)newchunk(sizeof(*a));
3602
3603 reg = alloc_reg();
3604
3605 s = new_stmt(BPF_LD|BPF_IMM);
3606 s->s.k = val;
3607 s->next = new_stmt(BPF_ST);
3608 s->next->s.k = reg;
3609 a->s = s;
3610 a->regno = reg;
3611
3612 return a;
3613 }
3614
3615 struct arth *
3616 gen_neg(a)
3617 struct arth *a;
3618 {
3619 struct slist *s;
3620
3621 s = xfer_to_a(a);
3622 sappend(a->s, s);
3623 s = new_stmt(BPF_ALU|BPF_NEG);
3624 s->s.k = 0;
3625 sappend(a->s, s);
3626 s = new_stmt(BPF_ST);
3627 s->s.k = a->regno;
3628 sappend(a->s, s);
3629
3630 return a;
3631 }
3632
3633 struct arth *
3634 gen_arth(code, a0, a1)
3635 int code;
3636 struct arth *a0, *a1;
3637 {
3638 struct slist *s0, *s1, *s2;
3639
3640 s0 = xfer_to_x(a1);
3641 s1 = xfer_to_a(a0);
3642 s2 = new_stmt(BPF_ALU|BPF_X|code);
3643
3644 sappend(s1, s2);
3645 sappend(s0, s1);
3646 sappend(a1->s, s0);
3647 sappend(a0->s, a1->s);
3648
3649 free_reg(a0->regno);
3650 free_reg(a1->regno);
3651
3652 s0 = new_stmt(BPF_ST);
3653 a0->regno = s0->s.k = alloc_reg();
3654 sappend(a0->s, s0);
3655
3656 return a0;
3657 }
3658
3659 /*
3660 * Here we handle simple allocation of the scratch registers.
3661 * If too many registers are alloc'd, the allocator punts.
3662 */
3663 static int regused[BPF_MEMWORDS];
3664 static int curreg;
3665
3666 /*
3667 * Return the next free register.
3668 */
3669 static int
3670 alloc_reg()
3671 {
3672 int n = BPF_MEMWORDS;
3673
3674 while (--n >= 0) {
3675 if (regused[curreg])
3676 curreg = (curreg + 1) % BPF_MEMWORDS;
3677 else {
3678 regused[curreg] = 1;
3679 return curreg;
3680 }
3681 }
3682 bpf_error("too many registers needed to evaluate expression");
3683 /* NOTREACHED */
3684 }
3685
3686 /*
3687 * Return a register to the table so it can
3688 * be used later.
3689 */
3690 static void
3691 free_reg(n)
3692 int n;
3693 {
3694 regused[n] = 0;
3695 }
3696
3697 static struct block *
3698 gen_len(jmp, n)
3699 int jmp, n;
3700 {
3701 struct slist *s;
3702 struct block *b;
3703
3704 s = new_stmt(BPF_LD|BPF_LEN);
3705 b = new_block(JMP(jmp));
3706 b->stmts = s;
3707 b->s.k = n;
3708
3709 return b;
3710 }
3711
3712 struct block *
3713 gen_greater(n)
3714 int n;
3715 {
3716 return gen_len(BPF_JGE, n);
3717 }
3718
3719 /*
3720 * Actually, this is less than or equal.
3721 */
3722 struct block *
3723 gen_less(n)
3724 int n;
3725 {
3726 struct block *b;
3727
3728 b = gen_len(BPF_JGT, n);
3729 gen_not(b);
3730
3731 return b;
3732 }
3733
3734 struct block *
3735 gen_byteop(op, idx, val)
3736 int op, idx, val;
3737 {
3738 struct block *b;
3739 struct slist *s;
3740
3741 switch (op) {
3742 default:
3743 abort();
3744
3745 case '=':
3746 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
3747
3748 case '<':
3749 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
3750 b->s.code = JMP(BPF_JGE);
3751 gen_not(b);
3752 return b;
3753
3754 case '>':
3755 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
3756 b->s.code = JMP(BPF_JGT);
3757 return b;
3758
3759 case '|':
3760 s = new_stmt(BPF_ALU|BPF_OR|BPF_K);
3761 break;
3762
3763 case '&':
3764 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
3765 break;
3766 }
3767 s->s.k = val;
3768 b = new_block(JMP(BPF_JEQ));
3769 b->stmts = s;
3770 gen_not(b);
3771
3772 return b;
3773 }
3774
3775 static u_char abroadcast[] = { 0x0 };
3776
3777 struct block *
3778 gen_broadcast(proto)
3779 int proto;
3780 {
3781 bpf_u_int32 hostmask;
3782 struct block *b0, *b1, *b2;
3783 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
3784
3785 switch (proto) {
3786
3787 case Q_DEFAULT:
3788 case Q_LINK:
3789 if (linktype == DLT_ARCNET)
3790 return gen_ahostop(abroadcast, Q_DST);
3791 if (linktype == DLT_EN10MB)
3792 return gen_ehostop(ebroadcast, Q_DST);
3793 if (linktype == DLT_FDDI)
3794 return gen_fhostop(ebroadcast, Q_DST);
3795 if (linktype == DLT_IEEE802)
3796 return gen_thostop(ebroadcast, Q_DST);
3797 bpf_error("not a broadcast link");
3798 break;
3799
3800 case Q_IP:
3801 b0 = gen_linktype(ETHERTYPE_IP);
3802 hostmask = ~netmask;
3803 b1 = gen_mcmp(off_nl + 16, BPF_W, (bpf_int32)0, hostmask);
3804 b2 = gen_mcmp(off_nl + 16, BPF_W,
3805 (bpf_int32)(~0 & hostmask), hostmask);
3806 gen_or(b1, b2);
3807 gen_and(b0, b2);
3808 return b2;
3809 }
3810 bpf_error("only ether/ip broadcast filters supported");
3811 }
3812
3813 struct block *
3814 gen_multicast(proto)
3815 int proto;
3816 {
3817 register struct block *b0, *b1;
3818 register struct slist *s;
3819
3820 switch (proto) {
3821
3822 case Q_DEFAULT:
3823 case Q_LINK:
3824 if (linktype == DLT_ARCNET)
3825 /* all ARCnet multicasts use the same address */
3826 return gen_ahostop(abroadcast, Q_DST);
3827
3828 if (linktype == DLT_EN10MB) {
3829 /* ether[0] & 1 != 0 */
3830 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
3831 s->s.k = 0;
3832 b0 = new_block(JMP(BPF_JSET));
3833 b0->s.k = 1;
3834 b0->stmts = s;
3835 return b0;
3836 }
3837
3838 if (linktype == DLT_FDDI) {
3839 /* XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX */
3840 /* fddi[1] & 1 != 0 */
3841 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
3842 s->s.k = 1;
3843 b0 = new_block(JMP(BPF_JSET));
3844 b0->s.k = 1;
3845 b0->stmts = s;
3846 return b0;
3847 }
3848
3849 /* TODO - check how token ring handles multicast */
3850 /* if (linktype == DLT_IEEE802) ... */
3851
3852 /* Link not known to support multicasts */
3853 break;
3854
3855 case Q_IP:
3856 b0 = gen_linktype(ETHERTYPE_IP);
3857 b1 = gen_cmp(off_nl + 16, BPF_B, (bpf_int32)224);
3858 b1->s.code = JMP(BPF_JGE);
3859 gen_and(b0, b1);
3860 return b1;
3861
3862 #ifdef INET6
3863 case Q_IPV6:
3864 b0 = gen_linktype(ETHERTYPE_IPV6);
3865 b1 = gen_cmp(off_nl + 24, BPF_B, (bpf_int32)255);
3866 gen_and(b0, b1);
3867 return b1;
3868 #endif /* INET6 */
3869 }
3870 bpf_error("only IP multicast filters supported on ethernet/FDDI");
3871 }
3872
3873 /*
3874 * generate command for inbound/outbound. It's here so we can
3875 * make it link-type specific. 'dir' = 0 implies "inbound",
3876 * = 1 implies "outbound".
3877 */
3878 struct block *
3879 gen_inbound(dir)
3880 int dir;
3881 {
3882 register struct block *b0;
3883
3884 /*
3885 * Only some data link types support inbound/outbound qualifiers.
3886 */
3887 switch (linktype) {
3888 case DLT_SLIP:
3889 case DLT_PPP:
3890 b0 = gen_relation(BPF_JEQ,
3891 gen_load(Q_LINK, gen_loadi(0), 1),
3892 gen_loadi(0),
3893 dir);
3894 break;
3895
3896 default:
3897 bpf_error("inbound/outbound not supported on linktype %d\n",
3898 linktype);
3899 b0 = NULL;
3900 /* NOTREACHED */
3901 }
3902 return (b0);
3903 }
3904
3905 struct block *
3906 gen_acode(eaddr, q)
3907 register const u_char *eaddr;
3908 struct qual q;
3909 {
3910 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
3911 if (linktype == DLT_ARCNET)
3912 return gen_ahostop(eaddr, (int)q.dir);
3913 }
3914 bpf_error("ARCnet address used in non-arc expression");
3915 /* NOTREACHED */
3916 }
3917
3918 static struct block *
3919 gen_ahostop(eaddr, dir)
3920 register const u_char *eaddr;
3921 register int dir;
3922 {
3923 register struct block *b0, *b1;
3924
3925 switch (dir) {
3926 /* src comes first, different from Ethernet */
3927 case Q_SRC:
3928 return gen_bcmp(0, 1, eaddr);
3929
3930 case Q_DST:
3931 return gen_bcmp(1, 1, eaddr);
3932
3933 case Q_AND:
3934 b0 = gen_ahostop(eaddr, Q_SRC);
3935 b1 = gen_ahostop(eaddr, Q_DST);
3936 gen_and(b0, b1);
3937 return b1;
3938
3939 case Q_DEFAULT:
3940 case Q_OR:
3941 b0 = gen_ahostop(eaddr, Q_SRC);
3942 b1 = gen_ahostop(eaddr, Q_DST);
3943 gen_or(b0, b1);
3944 return b1;
3945 }
3946 abort();
3947 /* NOTREACHED */
3948 }
3949
3950 /*
3951 * support IEEE 802.1Q VLAN trunk over ethernet
3952 */
3953 struct block *
3954 gen_vlan(vlan_num)
3955 int vlan_num;
3956 {
3957 struct block *b0;
3958
3959 /*
3960 * Change the offsets to point to the type and data fields within
3961 * the VLAN packet. This is somewhat of a kludge.
3962 */
3963 if (orig_nl == (u_int)-1) {
3964 orig_linktype = off_linktype; /* save original values */
3965 orig_nl = off_nl;
3966 orig_nl_nosnap = off_nl_nosnap;
3967
3968 switch (linktype) {
3969
3970 case DLT_EN10MB:
3971 off_linktype = 16;
3972 off_nl_nosnap = 18;
3973 off_nl = 18;
3974 break;
3975
3976 default:
3977 bpf_error("no VLAN support for data link type %d",
3978 linktype);
3979 /*NOTREACHED*/
3980 }
3981 }
3982
3983 /* check for VLAN */
3984 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q);
3985
3986 /* If a specific VLAN is requested, check VLAN id */
3987 if (vlan_num >= 0) {
3988 struct block *b1;
3989
3990 b1 = gen_cmp(orig_nl, BPF_H, (bpf_int32)vlan_num);
3991 gen_and(b0, b1);
3992 b0 = b1;
3993 }
3994
3995 return (b0);
3996 }
[mirror] the LIBpcap interface to various kernel packet capture mechanism