From: Denis Ovsienko <denis@ovsienko.info>
Date: Sun, 12 Jun 2022 16:19:46 +0000 (+0100)
Subject: Expand abbreviations into "proto X" properly.
X-Git-Url: https://git.tcpdump.org/libpcap/commitdiff_plain/c93c8ff003091f78c2bc70422d71a68bf95e5bde

Expand abbreviations into "proto X" properly.

Make the "ah", "esp", "pim", "sctp", "tcp" and "udp" abbreviations
compile exactly the same as what they expand into (as far as
pcap-filter(7) defines it).

Before commit 2ae1134 gen_proto_abbrev_internal() always generated the
IPv4 leg last; when IPv6 was enabled, it generated the IPv6 leg first
and ORed the two together;  gen_proto() always generated the IPv4 leg
first; when IPv6 was enabled, it generated the IPv6 leg last and ORed
the two together.  This way, with IPv6 enabled "ah" and "proto \ah"
produced different (although effectively equivalent) sequences of
statements.

After commit 2ae1134 the difference became unconditional and respective
code in gen_proto_abbrev_internal() effectively duplicated the code in
gen_proto().  Address that by calling the latter properly from the
former, so whatever the full syntax produces in the current revision,
the abbreviation always produces exactly the same.

The difference made it unnecessarily convoluted to compare compiled
filters when one filter used an abbreviation and the other used the full
syntax.  For example, without the source code and an up to date man page
trying to tell whether "sctp" and "proto \sctp" have the same effect is
as simple as the following:

$ tcpdump -y EN10MB -d 'proto \sctp'
(000) ldh      [12]
(001) jeq      #0x800           jt 2	jf 4
(002) ldb      [23]
(003) jeq      #0x84            jt 10	jf 11
(004) jeq      #0x86dd          jt 5	jf 11
(005) ldb      [20]
(006) jeq      #0x84            jt 10	jf 7
(007) jeq      #0x2c            jt 8	jf 11
(008) ldb      [54]
(009) jeq      #0x84            jt 10	jf 11
(010) ret      #262144
(011) ret      #0

$ tcpdump -y EN10MB -d 'sctp' # before this change
(000) ldh      [12]
(001) jeq      #0x86dd          jt 2	jf 7
(002) ldb      [20]
(003) jeq      #0x84            jt 10	jf 4
(004) jeq      #0x2c            jt 5	jf 11
(005) ldb      [54]
(006) jeq      #0x84            jt 10	jf 11
(007) jeq      #0x800           jt 8	jf 11
(008) ldb      [23]
(009) jeq      #0x84            jt 10	jf 11
(010) ret      #262144
(011) ret      #0

$ tcpdump -y EN10MB -d 'sctp' # after this change
(000) ldh      [12]
(001) jeq      #0x800           jt 2	jf 4
(002) ldb      [23]
(003) jeq      #0x84            jt 10	jf 11
(004) jeq      #0x86dd          jt 5	jf 11
(005) ldb      [20]
(006) jeq      #0x84            jt 10	jf 7
(007) jeq      #0x2c            jt 8	jf 11
(008) ldb      [54]
(009) jeq      #0x84            jt 10	jf 11
(010) ret      #262144
(011) ret      #0
---

diff --git a/CHANGES b/CHANGES
index cdb2c920..1b0ea5e2 100644
--- a/CHANGES
+++ b/CHANGES
@@ -8,6 +8,7 @@ Monthday, Month DD, YYYY:
     Packet filtering:
       Add support for Block Ack Req and Block Ack frame types (pull
         request #1039).
+      Expand abbreviations into "proto X" properly.
     Savefiles:
       Reject pcap files where one of the reserved fields in the
         "link-layer type plus other stuff" is non-zero.
diff --git a/gencode.c b/gencode.c
index 02c4bd58..61932901 100644
--- a/gencode.c
+++ b/gencode.c
@@ -5358,21 +5358,15 @@ gen_proto_abbrev_internal(compiler_state_t *cstate, int proto)
 	switch (proto) {
 
 	case Q_SCTP:
-		b1 = gen_proto(cstate, IPPROTO_SCTP, Q_IP, Q_DEFAULT);
-		b0 = gen_proto(cstate, IPPROTO_SCTP, Q_IPV6, Q_DEFAULT);
-		gen_or(b0, b1);
+		b1 = gen_proto(cstate, IPPROTO_SCTP, Q_DEFAULT, Q_DEFAULT);
 		break;
 
 	case Q_TCP:
-		b1 = gen_proto(cstate, IPPROTO_TCP, Q_IP, Q_DEFAULT);
-		b0 = gen_proto(cstate, IPPROTO_TCP, Q_IPV6, Q_DEFAULT);
-		gen_or(b0, b1);
+		b1 = gen_proto(cstate, IPPROTO_TCP, Q_DEFAULT, Q_DEFAULT);
 		break;
 
 	case Q_UDP:
-		b1 = gen_proto(cstate, IPPROTO_UDP, Q_IP, Q_DEFAULT);
-		b0 = gen_proto(cstate, IPPROTO_UDP, Q_IPV6, Q_DEFAULT);
-		gen_or(b0, b1);
+		b1 = gen_proto(cstate, IPPROTO_UDP, Q_DEFAULT, Q_DEFAULT);
 		break;
 
 	case Q_ICMP:
@@ -5399,9 +5393,7 @@ gen_proto_abbrev_internal(compiler_state_t *cstate, int proto)
 #endif
 
 	case Q_PIM:
-		b1 = gen_proto(cstate, IPPROTO_PIM, Q_IP, Q_DEFAULT);
-		b0 = gen_proto(cstate, IPPROTO_PIM, Q_IPV6, Q_DEFAULT);
-		gen_or(b0, b1);
+		b1 = gen_proto(cstate, IPPROTO_PIM, Q_DEFAULT, Q_DEFAULT);
 		break;
 
 #ifndef IPPROTO_VRRP
@@ -5478,18 +5470,14 @@ gen_proto_abbrev_internal(compiler_state_t *cstate, int proto)
 #define IPPROTO_AH	51
 #endif
 	case Q_AH:
-		b1 = gen_proto(cstate, IPPROTO_AH, Q_IP, Q_DEFAULT);
-		b0 = gen_proto(cstate, IPPROTO_AH, Q_IPV6, Q_DEFAULT);
-		gen_or(b0, b1);
+		b1 = gen_proto(cstate, IPPROTO_AH, Q_DEFAULT, Q_DEFAULT);
 		break;
 
 #ifndef IPPROTO_ESP
 #define IPPROTO_ESP	50
 #endif
 	case Q_ESP:
-		b1 = gen_proto(cstate, IPPROTO_ESP, Q_IP, Q_DEFAULT);
-		b0 = gen_proto(cstate, IPPROTO_ESP, Q_IPV6, Q_DEFAULT);
-		gen_or(b0, b1);
+		b1 = gen_proto(cstate, IPPROTO_ESP, Q_DEFAULT, Q_DEFAULT);
 		break;
 
 	case Q_ISO: