1 /*#define CHASE_CHAIN*/ 2 /* 3 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998 4 * The Regents of the University of California. All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that: (1) source code distributions 8 * retain the above copyright notice and this paragraph in its entirety, (2) 9 * distributions including binary code include the above copyright notice and 10 * this paragraph in its entirety in the documentation or other materials 11 * provided with the distribution, and (3) all advertising materials mentioning 12 * features or use of this software display the following acknowledgement: 13 * ``This product includes software developed by the University of California, 14 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 15 * the University nor the names of its contributors may be used to endorse 16 * or promote products derived from this software without specific prior 17 * written permission. 18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 19 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 20 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 21 * 22 * $FreeBSD$ 23 */ 24 #ifndef lint 25 static const char rcsid[] = 26 "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.160 2001/11/30 07:25:48 guy Exp $ (LBL)"; 27 #endif 28 29 #ifdef HAVE_CONFIG_H 30 #include "config.h" 31 #endif 32 33 #include <sys/types.h> 34 #include <sys/socket.h> 35 #include <sys/time.h> 36 #ifdef __NetBSD__ 37 #include <sys/param.h> 38 #endif 39 40 struct mbuf; 41 struct rtentry; 42 #include <net/if.h> 43 44 #include <netinet/in.h> 45 46 #include <stdlib.h> 47 #include <string.h> 48 #include <memory.h> 49 #include <setjmp.h> 50 #include <stdarg.h> 51 52 #include "pcap-int.h" 53 54 #include "ethertype.h" 55 #include "nlpid.h" 56 #include "llc.h" 57 #include "gencode.h" 58 #include "ppp.h" 59 #include "sll.h" 60 #include "arcnet.h" 61 #include <pcap-namedb.h> 62 #ifdef INET6 63 #include <netdb.h> 64 #include <sys/socket.h> 65 #endif /*INET6*/ 66 67 #undef ETHERMTU 68 #define ETHERMTU 1500 69 70 #ifndef IPPROTO_SCTP 71 #define IPPROTO_SCTP 132 72 #endif 73 74 #ifdef HAVE_OS_PROTO_H 75 #include "os-proto.h" 76 #endif 77 78 #define JMP(c) ((c)|BPF_JMP|BPF_K) 79 80 /* Locals */ 81 static jmp_buf top_ctx; 82 static pcap_t *bpf_pcap; 83 84 /* Hack for updating VLAN offsets. */ 85 static u_int orig_linktype = -1, orig_nl = -1; 86 87 /* XXX */ 88 #ifdef PCAP_FDDIPAD 89 int pcap_fddipad = PCAP_FDDIPAD; 90 #else 91 int pcap_fddipad; 92 #endif 93 94 /* VARARGS */ 95 void 96 bpf_error(const char *fmt, ...) 97 98 { 99 va_list ap; 100 101 va_start(ap, fmt); 102 if (bpf_pcap != NULL) 103 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE, 104 fmt, ap); 105 va_end(ap); 106 longjmp(top_ctx, 1); 107 /* NOTREACHED */ 108 } 109 110 static void init_linktype(int); 111 112 static int alloc_reg(void); 113 static void free_reg(int); 114 115 static struct block *root; 116 117 /* 118 * We divy out chunks of memory rather than call malloc each time so 119 * we don't have to worry about leaking memory. It's probably 120 * not a big deal if all this memory was wasted but it this ever 121 * goes into a library that would probably not be a good idea. 122 */ 123 #define NCHUNKS 16 124 #define CHUNK0SIZE 1024 125 struct chunk { 126 u_int n_left; 127 void *m; 128 }; 129 130 static struct chunk chunks[NCHUNKS]; 131 static int cur_chunk; 132 133 static void *newchunk(u_int); 134 static void freechunks(void); 135 static inline struct block *new_block(int); 136 static inline struct slist *new_stmt(int); 137 static struct block *gen_retblk(int); 138 static inline void syntax(void); 139 140 static void backpatch(struct block *, struct block *); 141 static void merge(struct block *, struct block *); 142 static struct block *gen_cmp(u_int, u_int, bpf_int32); 143 static struct block *gen_cmp_gt(u_int, u_int, bpf_int32); 144 static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32); 145 static struct block *gen_bcmp(u_int, u_int, const u_char *); 146 static struct block *gen_uncond(int); 147 static inline struct block *gen_true(void); 148 static inline struct block *gen_false(void); 149 static struct block *gen_linktype(int); 150 static struct block *gen_snap(bpf_u_int32, bpf_u_int32, u_int); 151 static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int); 152 #ifdef INET6 153 static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int); 154 #endif 155 static struct block *gen_ahostop(const u_char *, int); 156 static struct block *gen_ehostop(const u_char *, int); 157 static struct block *gen_fhostop(const u_char *, int); 158 static struct block *gen_thostop(const u_char *, int); 159 static struct block *gen_whostop(const u_char *, int); 160 static struct block *gen_dnhostop(bpf_u_int32, int, u_int); 161 static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int); 162 #ifdef INET6 163 static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int); 164 #endif 165 #ifndef INET6 166 static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int); 167 #endif 168 static struct block *gen_ipfrag(void); 169 static struct block *gen_portatom(int, bpf_int32); 170 #ifdef INET6 171 static struct block *gen_portatom6(int, bpf_int32); 172 #endif 173 struct block *gen_portop(int, int, int); 174 static struct block *gen_port(int, int, int); 175 #ifdef INET6 176 struct block *gen_portop6(int, int, int); 177 static struct block *gen_port6(int, int, int); 178 #endif 179 static int lookup_proto(const char *, int); 180 static struct block *gen_protochain(int, int, int); 181 static struct block *gen_proto(int, int, int); 182 static struct slist *xfer_to_x(struct arth *); 183 static struct slist *xfer_to_a(struct arth *); 184 static struct block *gen_len(int, int); 185 186 static void * 187 newchunk(n) 188 u_int n; 189 { 190 struct chunk *cp; 191 int k, size; 192 193 #ifndef __NetBSD__ 194 /* XXX Round up to nearest long. */ 195 n = (n + sizeof(long) - 1) & ~(sizeof(long) - 1); 196 #else 197 /* XXX Round up to structure boundary. */ 198 n = ALIGN(n); 199 #endif 200 201 cp = &chunks[cur_chunk]; 202 if (n > cp->n_left) { 203 ++cp, k = ++cur_chunk; 204 if (k >= NCHUNKS) 205 bpf_error("out of memory"); 206 size = CHUNK0SIZE << k; 207 cp->m = (void *)malloc(size); 208 memset((char *)cp->m, 0, size); 209 cp->n_left = size; 210 if (n > size) 211 bpf_error("out of memory"); 212 } 213 cp->n_left -= n; 214 return (void *)((char *)cp->m + cp->n_left); 215 } 216 217 static void 218 freechunks() 219 { 220 int i; 221 222 cur_chunk = 0; 223 for (i = 0; i < NCHUNKS; ++i) 224 if (chunks[i].m != NULL) { 225 free(chunks[i].m); 226 chunks[i].m = NULL; 227 } 228 } 229 230 /* 231 * A strdup whose allocations are freed after code generation is over. 232 */ 233 char * 234 sdup(s) 235 register const char *s; 236 { 237 int n = strlen(s) + 1; 238 char *cp = newchunk(n); 239 240 strlcpy(cp, s, n); 241 return (cp); 242 } 243 244 static inline struct block * 245 new_block(code) 246 int code; 247 { 248 struct block *p; 249 250 p = (struct block *)newchunk(sizeof(*p)); 251 p->s.code = code; 252 p->head = p; 253 254 return p; 255 } 256 257 static inline struct slist * 258 new_stmt(code) 259 int code; 260 { 261 struct slist *p; 262 263 p = (struct slist *)newchunk(sizeof(*p)); 264 p->s.code = code; 265 266 return p; 267 } 268 269 static struct block * 270 gen_retblk(v) 271 int v; 272 { 273 struct block *b = new_block(BPF_RET|BPF_K); 274 275 b->s.k = v; 276 return b; 277 } 278 279 static inline void 280 syntax() 281 { 282 bpf_error("syntax error in filter expression"); 283 } 284 285 static bpf_u_int32 netmask; 286 static int snaplen; 287 int no_optimize; 288 289 int 290 pcap_compile(pcap_t *p, struct bpf_program *program, 291 char *buf, int optimize, bpf_u_int32 mask) 292 { 293 extern int n_errors; 294 int len; 295 296 no_optimize = 0; 297 n_errors = 0; 298 root = NULL; 299 bpf_pcap = p; 300 if (setjmp(top_ctx)) { 301 lex_cleanup(); 302 freechunks(); 303 return (-1); 304 } 305 306 netmask = mask; 307 308 snaplen = pcap_snapshot(p); 309 if (snaplen == 0) { 310 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 311 "snaplen of 0 rejects all packets"); 312 return -1; 313 } 314 315 lex_init(buf ? buf : ""); 316 init_linktype(pcap_datalink(p)); 317 (void)pcap_parse(); 318 319 if (n_errors) 320 syntax(); 321 322 if (root == NULL) 323 root = gen_retblk(snaplen); 324 325 if (optimize && !no_optimize) { 326 bpf_optimize(&root); 327 if (root == NULL || 328 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0)) 329 bpf_error("expression rejects all packets"); 330 } 331 program->bf_insns = icode_to_fcode(root, &len); 332 program->bf_len = len; 333 334 lex_cleanup(); 335 freechunks(); 336 return (0); 337 } 338 339 /* 340 * entry point for using the compiler with no pcap open 341 * pass in all the stuff that is needed explicitly instead. 342 */ 343 int 344 pcap_compile_nopcap(int snaplen_arg, int linktype_arg, 345 struct bpf_program *program, 346 char *buf, int optimize, bpf_u_int32 mask) 347 { 348 pcap_t *p; 349 int ret; 350 351 p = pcap_open_dead(linktype_arg, snaplen_arg); 352 if (p == NULL) 353 return (-1); 354 ret = pcap_compile(p, program, buf, optimize, mask); 355 pcap_close(p); 356 return (ret); 357 } 358 359 /* 360 * Clean up a "struct bpf_program" by freeing all the memory allocated 361 * in it. 362 */ 363 void 364 pcap_freecode(struct bpf_program *program) 365 { 366 program->bf_len = 0; 367 if (program->bf_insns != NULL) { 368 free((char *)program->bf_insns); 369 program->bf_insns = NULL; 370 } 371 } 372 373 /* 374 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates 375 * which of the jt and jf fields has been resolved and which is a pointer 376 * back to another unresolved block (or nil). At least one of the fields 377 * in each block is already resolved. 378 */ 379 static void 380 backpatch(list, target) 381 struct block *list, *target; 382 { 383 struct block *next; 384 385 while (list) { 386 if (!list->sense) { 387 next = JT(list); 388 JT(list) = target; 389 } else { 390 next = JF(list); 391 JF(list) = target; 392 } 393 list = next; 394 } 395 } 396 397 /* 398 * Merge the lists in b0 and b1, using the 'sense' field to indicate 399 * which of jt and jf is the link. 400 */ 401 static void 402 merge(b0, b1) 403 struct block *b0, *b1; 404 { 405 register struct block **p = &b0; 406 407 /* Find end of list. */ 408 while (*p) 409 p = !((*p)->sense) ? &JT(*p) : &JF(*p); 410 411 /* Concatenate the lists. */ 412 *p = b1; 413 } 414 415 void 416 finish_parse(p) 417 struct block *p; 418 { 419 backpatch(p, gen_retblk(snaplen)); 420 p->sense = !p->sense; 421 backpatch(p, gen_retblk(0)); 422 root = p->head; 423 } 424 425 void 426 gen_and(b0, b1) 427 struct block *b0, *b1; 428 { 429 backpatch(b0, b1->head); 430 b0->sense = !b0->sense; 431 b1->sense = !b1->sense; 432 merge(b1, b0); 433 b1->sense = !b1->sense; 434 b1->head = b0->head; 435 } 436 437 void 438 gen_or(b0, b1) 439 struct block *b0, *b1; 440 { 441 b0->sense = !b0->sense; 442 backpatch(b0, b1->head); 443 b0->sense = !b0->sense; 444 merge(b1, b0); 445 b1->head = b0->head; 446 } 447 448 void 449 gen_not(b) 450 struct block *b; 451 { 452 b->sense = !b->sense; 453 } 454 455 static struct block * 456 gen_cmp(offset, size, v) 457 u_int offset, size; 458 bpf_int32 v; 459 { 460 struct slist *s; 461 struct block *b; 462 463 s = new_stmt(BPF_LD|BPF_ABS|size); 464 s->s.k = offset; 465 466 b = new_block(JMP(BPF_JEQ)); 467 b->stmts = s; 468 b->s.k = v; 469 470 return b; 471 } 472 473 static struct block * 474 gen_cmp_gt(offset, size, v) 475 u_int offset, size; 476 bpf_int32 v; 477 { 478 struct slist *s; 479 struct block *b; 480 481 s = new_stmt(BPF_LD|BPF_ABS|size); 482 s->s.k = offset; 483 484 b = new_block(JMP(BPF_JGT)); 485 b->stmts = s; 486 b->s.k = v; 487 488 return b; 489 } 490 491 static struct block * 492 gen_mcmp(offset, size, v, mask) 493 u_int offset, size; 494 bpf_int32 v; 495 bpf_u_int32 mask; 496 { 497 struct block *b = gen_cmp(offset, size, v); 498 struct slist *s; 499 500 if (mask != 0xffffffff) { 501 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 502 s->s.k = mask; 503 b->stmts->next = s; 504 } 505 return b; 506 } 507 508 static struct block * 509 gen_bcmp(offset, size, v) 510 register u_int offset, size; 511 register const u_char *v; 512 { 513 register struct block *b, *tmp; 514 515 b = NULL; 516 while (size >= 4) { 517 register const u_char *p = &v[size - 4]; 518 bpf_int32 w = ((bpf_int32)p[0] << 24) | 519 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3]; 520 521 tmp = gen_cmp(offset + size - 4, BPF_W, w); 522 if (b != NULL) 523 gen_and(b, tmp); 524 b = tmp; 525 size -= 4; 526 } 527 while (size >= 2) { 528 register const u_char *p = &v[size - 2]; 529 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1]; 530 531 tmp = gen_cmp(offset + size - 2, BPF_H, w); 532 if (b != NULL) 533 gen_and(b, tmp); 534 b = tmp; 535 size -= 2; 536 } 537 if (size > 0) { 538 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]); 539 if (b != NULL) 540 gen_and(b, tmp); 541 b = tmp; 542 } 543 return b; 544 } 545 546 /* 547 * Various code constructs need to know the layout of the data link 548 * layer. These variables give the necessary offsets. off_linktype 549 * is set to -1 for no encapsulation, in which case, IP is assumed. 550 */ 551 static u_int off_linktype; 552 static u_int off_nl; 553 static int linktype; 554 555 static void 556 init_linktype(type) 557 int type; 558 { 559 linktype = type; 560 561 orig_linktype = -1; 562 orig_nl = -1; 563 564 switch (type) { 565 566 case DLT_ARCNET: 567 off_linktype = 2; 568 off_nl = 6; /* XXX in reality, variable! */ 569 return; 570 571 case DLT_EN10MB: 572 off_linktype = 12; 573 off_nl = 14; 574 return; 575 576 case DLT_SLIP: 577 /* 578 * SLIP doesn't have a link level type. The 16 byte 579 * header is hacked into our SLIP driver. 580 */ 581 off_linktype = -1; 582 off_nl = 16; 583 return; 584 585 case DLT_SLIP_BSDOS: 586 /* XXX this may be the same as the DLT_PPP_BSDOS case */ 587 off_linktype = -1; 588 /* XXX end */ 589 off_nl = 24; 590 return; 591 592 case DLT_NULL: 593 case DLT_LOOP: 594 off_linktype = 0; 595 off_nl = 4; 596 return; 597 598 case DLT_PPP: 599 case DLT_C_HDLC: /* BSD/OS Cisco HDLC */ 600 case DLT_PPP_SERIAL: /* NetBSD sync/async serial PPP */ 601 off_linktype = 2; 602 off_nl = 4; 603 return; 604 605 case DLT_PPP_ETHER: 606 /* 607 * This does no include the Ethernet header, and 608 * only covers session state. 609 */ 610 off_linktype = 6; 611 off_nl = 8; 612 return; 613 614 case DLT_PPP_BSDOS: 615 off_linktype = 5; 616 off_nl = 24; 617 return; 618 619 case DLT_FDDI: 620 /* 621 * FDDI doesn't really have a link-level type field. 622 * We set "off_linktype" to the offset of the LLC header. 623 * 624 * To check for Ethernet types, we assume that SSAP = SNAP 625 * is being used and pick out the encapsulated Ethernet type. 626 * XXX - should we generate code to check for SNAP? 627 */ 628 off_linktype = 13; 629 #ifdef PCAP_FDDIPAD 630 off_linktype += pcap_fddipad; 631 #endif 632 off_nl = 21; 633 #ifdef PCAP_FDDIPAD 634 off_nl += pcap_fddipad; 635 #endif 636 return; 637 638 case DLT_IEEE802: 639 /* 640 * Token Ring doesn't really have a link-level type field. 641 * We set "off_linktype" to the offset of the LLC header. 642 * 643 * To check for Ethernet types, we assume that SSAP = SNAP 644 * is being used and pick out the encapsulated Ethernet type. 645 * XXX - should we generate code to check for SNAP? 646 * 647 * XXX - the header is actually variable-length. 648 * Some various Linux patched versions gave 38 649 * as "off_linktype" and 40 as "off_nl"; however, 650 * if a token ring packet has *no* routing 651 * information, i.e. is not source-routed, the correct 652 * values are 20 and 22, as they are in the vanilla code. 653 * 654 * A packet is source-routed iff the uppermost bit 655 * of the first byte of the source address, at an 656 * offset of 8, has the uppermost bit set. If the 657 * packet is source-routed, the total number of bytes 658 * of routing information is 2 plus bits 0x1F00 of 659 * the 16-bit value at an offset of 14 (shifted right 660 * 8 - figure out which byte that is). 661 */ 662 off_linktype = 14; 663 off_nl = 22; 664 return; 665 666 case DLT_IEEE802_11: 667 /* 668 * 802.11 doesn't really have a link-level type field. 669 * We set "off_linktype" to the offset of the LLC header. 670 * 671 * To check for Ethernet types, we assume that SSAP = SNAP 672 * is being used and pick out the encapsulated Ethernet type. 673 * XXX - should we generate code to check for SNAP? 674 * 675 * XXX - the header is actually variable-length. We 676 * assume a 24-byte link-layer header, as appears in 677 * data frames in networks with no bridges. If the 678 * fromds and tods 802.11 header bits are both set, 679 * it's actually supposed to be 30 bytes. 680 */ 681 off_linktype = 24; 682 off_nl = 32; 683 return; 684 685 case DLT_PRISM_HEADER: 686 /* 687 * Same as 802.11, but with an additional header before 688 * the 802.11 header, containing a bunch of additional 689 * information including radio-level information. 690 * 691 * The header is 144 bytes long. 692 * 693 * XXX - same variable-length header problem; at least 694 * the Prism header is fixed-length. 695 */ 696 off_linktype = 144+24; 697 off_nl = 144+30; 698 return; 699 700 case DLT_ATM_RFC1483: 701 /* 702 * assume routed, non-ISO PDUs 703 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00) 704 */ 705 off_linktype = 6; 706 off_nl = 8; 707 return; 708 709 case DLT_RAW: 710 off_linktype = -1; 711 off_nl = 0; 712 return; 713 714 case DLT_ATM_CLIP: /* Linux ATM defines this */ 715 off_linktype = 6; 716 off_nl = 8; 717 return; 718 719 case DLT_LINUX_SLL: /* fake header for Linux cooked socket */ 720 off_linktype = 14; 721 off_nl = 16; 722 return; 723 724 case DLT_LTALK: 725 /* 726 * LocalTalk does have a 1-byte type field in the LLAP header, 727 * but really it just indicates whether there is a "short" or 728 * "long" DDP packet following. 729 */ 730 off_linktype = -1; 731 off_nl = 0; 732 return; 733 } 734 bpf_error("unknown data link type %d", linktype); 735 /* NOTREACHED */ 736 } 737 738 static struct block * 739 gen_uncond(rsense) 740 int rsense; 741 { 742 struct block *b; 743 struct slist *s; 744 745 s = new_stmt(BPF_LD|BPF_IMM); 746 s->s.k = !rsense; 747 b = new_block(JMP(BPF_JEQ)); 748 b->stmts = s; 749 750 return b; 751 } 752 753 static inline struct block * 754 gen_true() 755 { 756 return gen_uncond(1); 757 } 758 759 static inline struct block * 760 gen_false() 761 { 762 return gen_uncond(0); 763 } 764 765 /* 766 * Byte-swap a 32-bit number. 767 * ("htonl()" or "ntohl()" won't work - we want to byte-swap even on 768 * big-endian platforms.) 769 */ 770 #define SWAPLONG(y) \ 771 ((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff)) 772 773 static struct block * 774 gen_linktype(proto) 775 register int proto; 776 { 777 struct block *b0, *b1; 778 779 switch (linktype) { 780 781 case DLT_EN10MB: 782 switch (proto) { 783 784 case LLCSAP_ISONS: 785 /* 786 * OSI protocols always use 802.2 encapsulation. 787 * XXX - should we check both the DSAP and the 788 * SSAP, like this, or should we check just the 789 * DSAP? 790 */ 791 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 792 gen_not(b0); 793 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32) 794 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS)); 795 gen_and(b0, b1); 796 return b1; 797 798 case LLCSAP_NETBEUI: 799 /* 800 * NetBEUI always uses 802.2 encapsulation. 801 * XXX - should we check both the DSAP and the 802 * SSAP, like this, or should we check just the 803 * DSAP? 804 */ 805 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 806 gen_not(b0); 807 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32) 808 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI)); 809 gen_and(b0, b1); 810 return b1; 811 812 case LLCSAP_IPX: 813 /* 814 * Check for; 815 * 816 * Ethernet_II frames, which are Ethernet 817 * frames with a frame type of ETHERTYPE_IPX; 818 * 819 * Ethernet_802.3 frames, which are 802.3 820 * frames (i.e., the type/length field is 821 * a length field, <= ETHERMTU, rather than 822 * a type field) with the first two bytes 823 * after the Ethernet/802.3 header being 824 * 0xFFFF; 825 * 826 * Ethernet_802.2 frames, which are 802.3 827 * frames with an 802.2 LLC header and 828 * with the IPX LSAP as the DSAP in the LLC 829 * header; 830 * 831 * Ethernet_SNAP frames, which are 802.3 832 * frames with an LLC header and a SNAP 833 * header and with an OUI of 0x000000 834 * (encapsulated Ethernet) and a protocol 835 * ID of ETHERTYPE_IPX in the SNAP header. 836 * 837 * XXX - should we generate the same code both 838 * for tests for LLCSAP_IPX and for ETHERTYPE_IPX? 839 */ 840 841 /* 842 * This generates code to check both for the 843 * IPX LSAP (Ethernet_802.2) and for Ethernet_802.3. 844 */ 845 b0 = gen_cmp(off_linktype + 2, BPF_B, 846 (bpf_int32)LLCSAP_IPX); 847 b1 = gen_cmp(off_linktype + 2, BPF_H, 848 (bpf_int32)0xFFFF); 849 gen_or(b0, b1); 850 851 /* 852 * Now we add code to check for SNAP frames with 853 * ETHERTYPE_IPX, i.e. Ethernet_SNAP. 854 */ 855 b0 = gen_snap(0x000000, ETHERTYPE_IPX, 14); 856 gen_or(b0, b1); 857 858 /* 859 * Now we generate code to check for 802.3 860 * frames in general. 861 */ 862 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 863 gen_not(b0); 864 865 /* 866 * Now add the check for 802.3 frames before the 867 * check for Ethernet_802.2 and Ethernet_802.3, 868 * as those checks should only be done on 802.3 869 * frames, not on Ethernet frames. 870 */ 871 gen_and(b0, b1); 872 873 /* 874 * Now add the check for Ethernet_II frames, and 875 * do that before checking for the other frame 876 * types. 877 */ 878 b0 = gen_cmp(off_linktype, BPF_H, 879 (bpf_int32)ETHERTYPE_IPX); 880 gen_or(b0, b1); 881 return b1; 882 883 case ETHERTYPE_ATALK: 884 case ETHERTYPE_AARP: 885 /* 886 * EtherTalk (AppleTalk protocols on Ethernet link 887 * layer) may use 802.2 encapsulation. 888 */ 889 890 /* 891 * Check for 802.2 encapsulation (EtherTalk phase 2?); 892 * we check for an Ethernet type field less than 893 * 1500, which means it's an 802.3 length field. 894 */ 895 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 896 gen_not(b0); 897 898 /* 899 * 802.2-encapsulated ETHERTYPE_ATALK packets are 900 * SNAP packets with an organization code of 901 * 0x080007 (Apple, for Appletalk) and a protocol 902 * type of ETHERTYPE_ATALK (Appletalk). 903 * 904 * 802.2-encapsulated ETHERTYPE_AARP packets are 905 * SNAP packets with an organization code of 906 * 0x000000 (encapsulated Ethernet) and a protocol 907 * type of ETHERTYPE_AARP (Appletalk ARP). 908 */ 909 if (proto == ETHERTYPE_ATALK) 910 b1 = gen_snap(0x080007, ETHERTYPE_ATALK, 14); 911 else /* proto == ETHERTYPE_AARP */ 912 b1 = gen_snap(0x000000, ETHERTYPE_AARP, 14); 913 gen_and(b0, b1); 914 915 /* 916 * Check for Ethernet encapsulation (Ethertalk 917 * phase 1?); we just check for the Ethernet 918 * protocol type. 919 */ 920 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 921 922 gen_or(b0, b1); 923 return b1; 924 925 default: 926 if (proto <= ETHERMTU) { 927 /* 928 * This is an LLC SAP value, so the frames 929 * that match would be 802.2 frames. 930 * Check that the frame is an 802.2 frame 931 * (i.e., that the length/type field is 932 * a length field, <= ETHERMTU) and 933 * then check the DSAP. 934 */ 935 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 936 gen_not(b0); 937 b1 = gen_cmp(off_linktype + 2, BPF_B, 938 (bpf_int32)proto); 939 gen_and(b0, b1); 940 return b1; 941 } else { 942 /* 943 * This is an Ethernet type, so compare 944 * the length/type field with it (if 945 * the frame is an 802.2 frame, the length 946 * field will be <= ETHERMTU, and, as 947 * "proto" is > ETHERMTU, this test 948 * will fail and the frame won't match, 949 * which is what we want). 950 */ 951 return gen_cmp(off_linktype, BPF_H, 952 (bpf_int32)proto); 953 } 954 } 955 break; 956 957 case DLT_IEEE802_11: 958 return gen_snap(0x000000, proto, off_linktype); 959 case DLT_PRISM_HEADER: 960 case DLT_FDDI: 961 case DLT_IEEE802: 962 case DLT_ATM_RFC1483: 963 case DLT_ATM_CLIP: 964 /* 965 * XXX - handle token-ring variable-length header. 966 */ 967 switch (proto) { 968 969 case LLCSAP_ISONS: 970 return gen_cmp(off_linktype, BPF_H, (long) 971 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS)); 972 973 case LLCSAP_NETBEUI: 974 return gen_cmp(off_linktype, BPF_H, (long) 975 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI)); 976 977 case LLCSAP_IPX: 978 /* 979 * XXX - are there ever SNAP frames for IPX on 980 * non-Ethernet 802.x networks? 981 */ 982 return gen_cmp(off_linktype, BPF_B, 983 (bpf_int32)LLCSAP_IPX); 984 985 case ETHERTYPE_ATALK: 986 /* 987 * 802.2-encapsulated ETHERTYPE_ATALK packets are 988 * SNAP packets with an organization code of 989 * 0x080007 (Apple, for Appletalk) and a protocol 990 * type of ETHERTYPE_ATALK (Appletalk). 991 * 992 * XXX - check for an organization code of 993 * encapsulated Ethernet as well? 994 */ 995 return gen_snap(0x080007, ETHERTYPE_ATALK, 996 off_linktype); 997 break; 998 999 default: 1000 /* 1001 * XXX - we don't have to check for IPX 802.3 1002 * here, but should we check for the IPX Ethertype? 1003 */ 1004 if (proto <= ETHERMTU) { 1005 /* 1006 * This is an LLC SAP value, so check 1007 * the DSAP. 1008 */ 1009 return gen_cmp(off_linktype, BPF_B, 1010 (bpf_int32)proto); 1011 } else { 1012 /* 1013 * This is an Ethernet type; we assume 1014 * that it's unlikely that it'll 1015 * appear in the right place at random, 1016 * and therefore check only the 1017 * location that would hold the Ethernet 1018 * type in a SNAP frame with an organization 1019 * code of 0x000000 (encapsulated Ethernet). 1020 * 1021 * XXX - if we were to check for the SNAP DSAP 1022 * and LSAP, as per XXX, and were also to check 1023 * for an organization code of 0x000000 1024 * (encapsulated Ethernet), we'd do 1025 * 1026 * return gen_snap(0x000000, proto, 1027 * off_linktype); 1028 * 1029 * here; for now, we don't, as per the above. 1030 * I don't know whether it's worth the 1031 * extra CPU time to do the right check 1032 * or not. 1033 */ 1034 return gen_cmp(off_linktype+6, BPF_H, 1035 (bpf_int32)proto); 1036 } 1037 } 1038 break; 1039 1040 case DLT_LINUX_SLL: 1041 switch (proto) { 1042 1043 case LLCSAP_ISONS: 1044 /* 1045 * OSI protocols always use 802.2 encapsulation. 1046 * XXX - should we check both the DSAP and the 1047 * LSAP, like this, or should we check just the 1048 * DSAP? 1049 */ 1050 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2); 1051 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32) 1052 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS)); 1053 gen_and(b0, b1); 1054 return b1; 1055 1056 case LLCSAP_NETBEUI: 1057 /* 1058 * NetBEUI always uses 802.2 encapsulation. 1059 * XXX - should we check both the DSAP and the 1060 * LSAP, like this, or should we check just the 1061 * DSAP? 1062 */ 1063 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2); 1064 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32) 1065 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI)); 1066 gen_and(b0, b1); 1067 return b1; 1068 1069 case LLCSAP_IPX: 1070 /* 1071 * Ethernet_II frames, which are Ethernet 1072 * frames with a frame type of ETHERTYPE_IPX; 1073 * 1074 * Ethernet_802.3 frames, which have a frame 1075 * type of LINUX_SLL_P_802_3; 1076 * 1077 * Ethernet_802.2 frames, which are 802.3 1078 * frames with an 802.2 LLC header (i.e, have 1079 * a frame type of LINUX_SLL_P_802_2) and 1080 * with the IPX LSAP as the DSAP in the LLC 1081 * header; 1082 * 1083 * Ethernet_SNAP frames, which are 802.3 1084 * frames with an LLC header and a SNAP 1085 * header and with an OUI of 0x000000 1086 * (encapsulated Ethernet) and a protocol 1087 * ID of ETHERTYPE_IPX in the SNAP header. 1088 * 1089 * First, do the checks on LINUX_SLL_P_802_2 1090 * frames; generate the check for either 1091 * Ethernet_802.2 or Ethernet_SNAP frames, and 1092 * then put a check for LINUX_SLL_P_802_2 frames 1093 * before it. 1094 */ 1095 b0 = gen_cmp(off_linktype + 2, BPF_B, 1096 (bpf_int32)LLCSAP_IPX); 1097 b1 = gen_snap(0x000000, ETHERTYPE_IPX, 1098 off_linktype + 2); 1099 gen_or(b0, b1); 1100 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2); 1101 gen_and(b0, b1); 1102 1103 /* 1104 * Now check for 802.3 frames and OR that with 1105 * the previous test. 1106 */ 1107 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_3); 1108 gen_or(b0, b1); 1109 1110 /* 1111 * Now add the check for Ethernet_II frames, and 1112 * do that before checking for the other frame 1113 * types. 1114 */ 1115 b0 = gen_cmp(off_linktype, BPF_H, 1116 (bpf_int32)ETHERTYPE_IPX); 1117 gen_or(b0, b1); 1118 return b1; 1119 1120 case ETHERTYPE_ATALK: 1121 case ETHERTYPE_AARP: 1122 /* 1123 * EtherTalk (AppleTalk protocols on Ethernet link 1124 * layer) may use 802.2 encapsulation. 1125 */ 1126 1127 /* 1128 * Check for 802.2 encapsulation (EtherTalk phase 2?); 1129 * we check for the 802.2 protocol type in the 1130 * "Ethernet type" field. 1131 */ 1132 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2); 1133 1134 /* 1135 * 802.2-encapsulated ETHERTYPE_ATALK packets are 1136 * SNAP packets with an organization code of 1137 * 0x080007 (Apple, for Appletalk) and a protocol 1138 * type of ETHERTYPE_ATALK (Appletalk). 1139 * 1140 * 802.2-encapsulated ETHERTYPE_AARP packets are 1141 * SNAP packets with an organization code of 1142 * 0x000000 (encapsulated Ethernet) and a protocol 1143 * type of ETHERTYPE_AARP (Appletalk ARP). 1144 */ 1145 if (proto == ETHERTYPE_ATALK) 1146 b1 = gen_snap(0x080007, ETHERTYPE_ATALK, 1147 off_linktype + 2); 1148 else /* proto == ETHERTYPE_AARP */ 1149 b1 = gen_snap(0x000000, ETHERTYPE_AARP, 1150 off_linktype + 2); 1151 gen_and(b0, b1); 1152 1153 /* 1154 * Check for Ethernet encapsulation (Ethertalk 1155 * phase 1?); we just check for the Ethernet 1156 * protocol type. 1157 */ 1158 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 1159 1160 gen_or(b0, b1); 1161 return b1; 1162 1163 default: 1164 if (proto <= ETHERMTU) { 1165 /* 1166 * This is an LLC SAP value, so the frames 1167 * that match would be 802.2 frames. 1168 * Check for the 802.2 protocol type 1169 * in the "Ethernet type" field, and 1170 * then check the DSAP. 1171 */ 1172 b0 = gen_cmp(off_linktype, BPF_H, 1173 LINUX_SLL_P_802_2); 1174 b1 = gen_cmp(off_linktype + 2, BPF_B, 1175 (bpf_int32)proto); 1176 gen_and(b0, b1); 1177 return b1; 1178 } else { 1179 /* 1180 * This is an Ethernet type, so compare 1181 * the length/type field with it (if 1182 * the frame is an 802.2 frame, the length 1183 * field will be <= ETHERMTU, and, as 1184 * "proto" is > ETHERMTU, this test 1185 * will fail and the frame won't match, 1186 * which is what we want). 1187 */ 1188 return gen_cmp(off_linktype, BPF_H, 1189 (bpf_int32)proto); 1190 } 1191 } 1192 break; 1193 1194 case DLT_SLIP: 1195 case DLT_SLIP_BSDOS: 1196 case DLT_RAW: 1197 /* 1198 * These types don't provide any type field; packets 1199 * are always IP. 1200 * 1201 * XXX - for IPv4, check for a version number of 4, and, 1202 * for IPv6, check for a version number of 6? 1203 */ 1204 switch (proto) { 1205 1206 case ETHERTYPE_IP: 1207 #ifdef INET6 1208 case ETHERTYPE_IPV6: 1209 #endif 1210 return gen_true(); /* always true */ 1211 1212 default: 1213 return gen_false(); /* always false */ 1214 } 1215 break; 1216 1217 case DLT_PPP: 1218 case DLT_PPP_SERIAL: 1219 case DLT_PPP_ETHER: 1220 /* 1221 * We use Ethernet protocol types inside libpcap; 1222 * map them to the corresponding PPP protocol types. 1223 */ 1224 switch (proto) { 1225 1226 case ETHERTYPE_IP: 1227 proto = PPP_IP; /* XXX was 0x21 */ 1228 break; 1229 1230 #ifdef INET6 1231 case ETHERTYPE_IPV6: 1232 proto = PPP_IPV6; 1233 break; 1234 #endif 1235 1236 case ETHERTYPE_DN: 1237 proto = PPP_DECNET; 1238 break; 1239 1240 case ETHERTYPE_ATALK: 1241 proto = PPP_APPLE; 1242 break; 1243 1244 case ETHERTYPE_NS: 1245 proto = PPP_NS; 1246 break; 1247 1248 case LLCSAP_ISONS: 1249 proto = PPP_OSI; 1250 break; 1251 1252 case LLCSAP_8021D: 1253 /* 1254 * I'm assuming the "Bridging PDU"s that go 1255 * over PPP are Spanning Tree Protocol 1256 * Bridging PDUs. 1257 */ 1258 proto = PPP_BRPDU; 1259 break; 1260 1261 case LLCSAP_IPX: 1262 proto = PPP_IPX; 1263 break; 1264 } 1265 break; 1266 1267 case DLT_PPP_BSDOS: 1268 /* 1269 * We use Ethernet protocol types inside libpcap; 1270 * map them to the corresponding PPP protocol types. 1271 */ 1272 switch (proto) { 1273 1274 case ETHERTYPE_IP: 1275 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP); 1276 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC); 1277 gen_or(b0, b1); 1278 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC); 1279 gen_or(b1, b0); 1280 return b0; 1281 1282 #ifdef INET6 1283 case ETHERTYPE_IPV6: 1284 proto = PPP_IPV6; 1285 /* more to go? */ 1286 break; 1287 #endif 1288 1289 case ETHERTYPE_DN: 1290 proto = PPP_DECNET; 1291 break; 1292 1293 case ETHERTYPE_ATALK: 1294 proto = PPP_APPLE; 1295 break; 1296 1297 case ETHERTYPE_NS: 1298 proto = PPP_NS; 1299 break; 1300 1301 case LLCSAP_ISONS: 1302 proto = PPP_OSI; 1303 break; 1304 1305 case LLCSAP_8021D: 1306 /* 1307 * I'm assuming the "Bridging PDU"s that go 1308 * over PPP are Spanning Tree Protocol 1309 * Bridging PDUs. 1310 */ 1311 proto = PPP_BRPDU; 1312 break; 1313 1314 case LLCSAP_IPX: 1315 proto = PPP_IPX; 1316 break; 1317 } 1318 break; 1319 1320 case DLT_NULL: 1321 case DLT_LOOP: 1322 /* 1323 * For DLT_NULL, the link-layer header is a 32-bit 1324 * word containing an AF_ value in *host* byte order. 1325 * 1326 * In addition, if we're reading a saved capture file, 1327 * the host byte order in the capture may not be the 1328 * same as the host byte order on this machine. 1329 * 1330 * For DLT_LOOP, the link-layer header is a 32-bit 1331 * word containing an AF_ value in *network* byte order. 1332 * 1333 * XXX - AF_ values may, unfortunately, be platform- 1334 * dependent; for example, FreeBSD's AF_INET6 is 24 1335 * whilst NetBSD's and OpenBSD's is 26. 1336 * 1337 * This means that, when reading a capture file, just 1338 * checking for our AF_INET6 value won't work if the 1339 * capture file came from another OS. 1340 */ 1341 switch (proto) { 1342 1343 case ETHERTYPE_IP: 1344 proto = AF_INET; 1345 break; 1346 1347 #ifdef INET6 1348 case ETHERTYPE_IPV6: 1349 proto = AF_INET6; 1350 break; 1351 #endif 1352 1353 default: 1354 /* 1355 * Not a type on which we support filtering. 1356 * XXX - support those that have AF_ values 1357 * #defined on this platform, at least? 1358 */ 1359 return gen_false(); 1360 } 1361 1362 if (linktype == DLT_NULL) { 1363 /* 1364 * The AF_ value is in host byte order, but 1365 * the BPF interpreter will convert it to 1366 * network byte order. 1367 * 1368 * If this is a save file, and it's from a 1369 * machine with the opposite byte order to 1370 * ours, we byte-swap the AF_ value. 1371 * 1372 * Then we run it through "htonl()", and 1373 * generate code to compare against the result. 1374 */ 1375 if (bpf_pcap->sf.rfile != NULL && 1376 bpf_pcap->sf.swapped) 1377 proto = SWAPLONG(proto); 1378 proto = htonl(proto); 1379 } 1380 return (gen_cmp(0, BPF_W, (bpf_int32)proto)); 1381 1382 case DLT_ARCNET: 1383 /* 1384 * XXX should we check for first fragment if the protocol 1385 * uses PHDS? 1386 */ 1387 switch(proto) { 1388 default: 1389 return gen_false(); 1390 #ifdef INET6 1391 case ETHERTYPE_IPV6: 1392 return(gen_cmp(2, BPF_B, 1393 (bpf_int32)htonl(ARCTYPE_INET6))); 1394 #endif /* INET6 */ 1395 case ETHERTYPE_IP: 1396 b0 = gen_cmp(2, BPF_B, (bpf_int32)htonl(ARCTYPE_IP)); 1397 b1 = gen_cmp(2, BPF_B, 1398 (bpf_int32)htonl(ARCTYPE_IP_OLD)); 1399 gen_or(b0, b1); 1400 return(b1); 1401 case ETHERTYPE_ARP: 1402 b0 = gen_cmp(2, BPF_B, (bpf_int32)htonl(ARCTYPE_ARP)); 1403 b1 = gen_cmp(2, BPF_B, 1404 (bpf_int32)htonl(ARCTYPE_ARP_OLD)); 1405 gen_or(b0, b1); 1406 return(b1); 1407 case ETHERTYPE_REVARP: 1408 return(gen_cmp(2, BPF_B, 1409 (bpf_int32)htonl(ARCTYPE_REVARP))); 1410 case ETHERTYPE_ATALK: 1411 return(gen_cmp(2, BPF_B, 1412 (bpf_int32)htonl(ARCTYPE_ATALK))); 1413 } 1414 break; 1415 1416 case DLT_LTALK: 1417 switch (proto) { 1418 case ETHERTYPE_ATALK: 1419 return gen_true(); 1420 default: 1421 return gen_false(); 1422 } 1423 break; 1424 } 1425 1426 /* 1427 * All the types that have no encapsulation should either be 1428 * handled as DLT_SLIP, DLT_SLIP_BSDOS, and DLT_RAW are, if 1429 * all packets are IP packets, or should be handled in some 1430 * special case, if none of them are (if some are and some 1431 * aren't, the lack of encapsulation is a problem, as we'd 1432 * have to find some other way of determining the packet type). 1433 * 1434 * Therefore, if "off_linktype" is -1, there's an error. 1435 */ 1436 if (off_linktype == -1) 1437 abort(); 1438 1439 /* 1440 * Any type not handled above should always have an Ethernet 1441 * type at an offset of "off_linktype". (PPP is partially 1442 * handled above - the protocol type is mapped from the 1443 * Ethernet and LLC types we use internally to the corresponding 1444 * PPP type - but the PPP type is always specified by a value 1445 * at "off_linktype", so we don't have to do the code generation 1446 * above.) 1447 */ 1448 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 1449 } 1450 1451 /* 1452 * Check for an LLC SNAP packet with a given organization code and 1453 * protocol type; we check the entire contents of the 802.2 LLC and 1454 * snap headers, checking for DSAP and SSAP of SNAP and a control 1455 * field of 0x03 in the LLC header, and for the specified organization 1456 * code and protocol type in the SNAP header. 1457 */ 1458 static struct block * 1459 gen_snap(orgcode, ptype, offset) 1460 bpf_u_int32 orgcode; 1461 bpf_u_int32 ptype; 1462 u_int offset; 1463 { 1464 u_char snapblock[8]; 1465 1466 snapblock[0] = LLCSAP_SNAP; /* DSAP = SNAP */ 1467 snapblock[1] = LLCSAP_SNAP; /* SSAP = SNAP */ 1468 snapblock[2] = 0x03; /* control = UI */ 1469 snapblock[3] = (orgcode >> 16); /* upper 8 bits of organization code */ 1470 snapblock[4] = (orgcode >> 8); /* middle 8 bits of organization code */ 1471 snapblock[5] = (orgcode >> 0); /* lower 8 bits of organization code */ 1472 snapblock[6] = (ptype >> 8); /* upper 8 bits of protocol type */ 1473 snapblock[7] = (ptype >> 0); /* lower 8 bits of protocol type */ 1474 return gen_bcmp(offset, 8, snapblock); 1475 } 1476 1477 static struct block * 1478 gen_hostop(addr, mask, dir, proto, src_off, dst_off) 1479 bpf_u_int32 addr; 1480 bpf_u_int32 mask; 1481 int dir, proto; 1482 u_int src_off, dst_off; 1483 { 1484 struct block *b0, *b1; 1485 u_int offset; 1486 1487 switch (dir) { 1488 1489 case Q_SRC: 1490 offset = src_off; 1491 break; 1492 1493 case Q_DST: 1494 offset = dst_off; 1495 break; 1496 1497 case Q_AND: 1498 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off); 1499 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off); 1500 gen_and(b0, b1); 1501 return b1; 1502 1503 case Q_OR: 1504 case Q_DEFAULT: 1505 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off); 1506 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off); 1507 gen_or(b0, b1); 1508 return b1; 1509 1510 default: 1511 abort(); 1512 } 1513 b0 = gen_linktype(proto); 1514 b1 = gen_mcmp(offset, BPF_W, (bpf_int32)addr, mask); 1515 gen_and(b0, b1); 1516 return b1; 1517 } 1518 1519 #ifdef INET6 1520 static struct block * 1521 gen_hostop6(addr, mask, dir, proto, src_off, dst_off) 1522 struct in6_addr *addr; 1523 struct in6_addr *mask; 1524 int dir, proto; 1525 u_int src_off, dst_off; 1526 { 1527 struct block *b0, *b1; 1528 u_int offset; 1529 u_int32_t *a, *m; 1530 1531 switch (dir) { 1532 1533 case Q_SRC: 1534 offset = src_off; 1535 break; 1536 1537 case Q_DST: 1538 offset = dst_off; 1539 break; 1540 1541 case Q_AND: 1542 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off); 1543 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off); 1544 gen_and(b0, b1); 1545 return b1; 1546 1547 case Q_OR: 1548 case Q_DEFAULT: 1549 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off); 1550 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off); 1551 gen_or(b0, b1); 1552 return b1; 1553 1554 default: 1555 abort(); 1556 } 1557 /* this order is important */ 1558 a = (u_int32_t *)addr; 1559 m = (u_int32_t *)mask; 1560 b1 = gen_mcmp(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3])); 1561 b0 = gen_mcmp(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2])); 1562 gen_and(b0, b1); 1563 b0 = gen_mcmp(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1])); 1564 gen_and(b0, b1); 1565 b0 = gen_mcmp(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0])); 1566 gen_and(b0, b1); 1567 b0 = gen_linktype(proto); 1568 gen_and(b0, b1); 1569 return b1; 1570 } 1571 #endif /*INET6*/ 1572 1573 static struct block * 1574 gen_ehostop(eaddr, dir) 1575 register const u_char *eaddr; 1576 register int dir; 1577 { 1578 register struct block *b0, *b1; 1579 1580 switch (dir) { 1581 case Q_SRC: 1582 return gen_bcmp(6, 6, eaddr); 1583 1584 case Q_DST: 1585 return gen_bcmp(0, 6, eaddr); 1586 1587 case Q_AND: 1588 b0 = gen_ehostop(eaddr, Q_SRC); 1589 b1 = gen_ehostop(eaddr, Q_DST); 1590 gen_and(b0, b1); 1591 return b1; 1592 1593 case Q_DEFAULT: 1594 case Q_OR: 1595 b0 = gen_ehostop(eaddr, Q_SRC); 1596 b1 = gen_ehostop(eaddr, Q_DST); 1597 gen_or(b0, b1); 1598 return b1; 1599 } 1600 abort(); 1601 /* NOTREACHED */ 1602 } 1603 1604 /* 1605 * Like gen_ehostop, but for DLT_FDDI 1606 */ 1607 static struct block * 1608 gen_fhostop(eaddr, dir) 1609 register const u_char *eaddr; 1610 register int dir; 1611 { 1612 struct block *b0, *b1; 1613 1614 switch (dir) { 1615 case Q_SRC: 1616 #ifdef PCAP_FDDIPAD 1617 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr); 1618 #else 1619 return gen_bcmp(6 + 1, 6, eaddr); 1620 #endif 1621 1622 case Q_DST: 1623 #ifdef PCAP_FDDIPAD 1624 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr); 1625 #else 1626 return gen_bcmp(0 + 1, 6, eaddr); 1627 #endif 1628 1629 case Q_AND: 1630 b0 = gen_fhostop(eaddr, Q_SRC); 1631 b1 = gen_fhostop(eaddr, Q_DST); 1632 gen_and(b0, b1); 1633 return b1; 1634 1635 case Q_DEFAULT: 1636 case Q_OR: 1637 b0 = gen_fhostop(eaddr, Q_SRC); 1638 b1 = gen_fhostop(eaddr, Q_DST); 1639 gen_or(b0, b1); 1640 return b1; 1641 } 1642 abort(); 1643 /* NOTREACHED */ 1644 } 1645 1646 /* 1647 * Like gen_ehostop, but for DLT_IEEE802 (Token Ring) 1648 */ 1649 static struct block * 1650 gen_thostop(eaddr, dir) 1651 register const u_char *eaddr; 1652 register int dir; 1653 { 1654 register struct block *b0, *b1; 1655 1656 switch (dir) { 1657 case Q_SRC: 1658 return gen_bcmp(8, 6, eaddr); 1659 1660 case Q_DST: 1661 return gen_bcmp(2, 6, eaddr); 1662 1663 case Q_AND: 1664 b0 = gen_thostop(eaddr, Q_SRC); 1665 b1 = gen_thostop(eaddr, Q_DST); 1666 gen_and(b0, b1); 1667 return b1; 1668 1669 case Q_DEFAULT: 1670 case Q_OR: 1671 b0 = gen_thostop(eaddr, Q_SRC); 1672 b1 = gen_thostop(eaddr, Q_DST); 1673 gen_or(b0, b1); 1674 return b1; 1675 } 1676 abort(); 1677 /* NOTREACHED */ 1678 } 1679 1680 /* 1681 * Like gen_ehostop, but for DLT_IEEE802_11 (Wireless) 1682 */ 1683 static struct block * 1684 gen_whostop(eaddr, dir) 1685 register const u_char *eaddr; 1686 register int dir; 1687 { 1688 register struct block *b0, *b1; 1689 1690 switch (dir) { 1691 case Q_SRC: 1692 return gen_bcmp(10, 6, eaddr); 1693 1694 case Q_DST: 1695 return gen_bcmp(4, 6, eaddr); 1696 1697 case Q_AND: 1698 b0 = gen_whostop(eaddr, Q_SRC); 1699 b1 = gen_whostop(eaddr, Q_DST); 1700 gen_and(b0, b1); 1701 return b1; 1702 1703 case Q_DEFAULT: 1704 case Q_OR: 1705 b0 = gen_whostop(eaddr, Q_SRC); 1706 b1 = gen_whostop(eaddr, Q_DST); 1707 gen_or(b0, b1); 1708 return b1; 1709 } 1710 abort(); 1711 /* NOTREACHED */ 1712 } 1713 1714 /* 1715 * This is quite tricky because there may be pad bytes in front of the 1716 * DECNET header, and then there are two possible data packet formats that 1717 * carry both src and dst addresses, plus 5 packet types in a format that 1718 * carries only the src node, plus 2 types that use a different format and 1719 * also carry just the src node. 1720 * 1721 * Yuck. 1722 * 1723 * Instead of doing those all right, we just look for data packets with 1724 * 0 or 1 bytes of padding. If you want to look at other packets, that 1725 * will require a lot more hacking. 1726 * 1727 * To add support for filtering on DECNET "areas" (network numbers) 1728 * one would want to add a "mask" argument to this routine. That would 1729 * make the filter even more inefficient, although one could be clever 1730 * and not generate masking instructions if the mask is 0xFFFF. 1731 */ 1732 static struct block * 1733 gen_dnhostop(addr, dir, base_off) 1734 bpf_u_int32 addr; 1735 int dir; 1736 u_int base_off; 1737 { 1738 struct block *b0, *b1, *b2, *tmp; 1739 u_int offset_lh; /* offset if long header is received */ 1740 u_int offset_sh; /* offset if short header is received */ 1741 1742 switch (dir) { 1743 1744 case Q_DST: 1745 offset_sh = 1; /* follows flags */ 1746 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */ 1747 break; 1748 1749 case Q_SRC: 1750 offset_sh = 3; /* follows flags, dstnode */ 1751 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */ 1752 break; 1753 1754 case Q_AND: 1755 /* Inefficient because we do our Calvinball dance twice */ 1756 b0 = gen_dnhostop(addr, Q_SRC, base_off); 1757 b1 = gen_dnhostop(addr, Q_DST, base_off); 1758 gen_and(b0, b1); 1759 return b1; 1760 1761 case Q_OR: 1762 case Q_DEFAULT: 1763 /* Inefficient because we do our Calvinball dance twice */ 1764 b0 = gen_dnhostop(addr, Q_SRC, base_off); 1765 b1 = gen_dnhostop(addr, Q_DST, base_off); 1766 gen_or(b0, b1); 1767 return b1; 1768 1769 case Q_ISO: 1770 bpf_error("ISO host filtering not implemented"); 1771 1772 default: 1773 abort(); 1774 } 1775 b0 = gen_linktype(ETHERTYPE_DN); 1776 /* Check for pad = 1, long header case */ 1777 tmp = gen_mcmp(base_off + 2, BPF_H, 1778 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF)); 1779 b1 = gen_cmp(base_off + 2 + 1 + offset_lh, 1780 BPF_H, (bpf_int32)ntohs(addr)); 1781 gen_and(tmp, b1); 1782 /* Check for pad = 0, long header case */ 1783 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7); 1784 b2 = gen_cmp(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr)); 1785 gen_and(tmp, b2); 1786 gen_or(b2, b1); 1787 /* Check for pad = 1, short header case */ 1788 tmp = gen_mcmp(base_off + 2, BPF_H, 1789 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF)); 1790 b2 = gen_cmp(base_off + 2 + 1 + offset_sh, 1791 BPF_H, (bpf_int32)ntohs(addr)); 1792 gen_and(tmp, b2); 1793 gen_or(b2, b1); 1794 /* Check for pad = 0, short header case */ 1795 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7); 1796 b2 = gen_cmp(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr)); 1797 gen_and(tmp, b2); 1798 gen_or(b2, b1); 1799 1800 /* Combine with test for linktype */ 1801 gen_and(b0, b1); 1802 return b1; 1803 } 1804 1805 static struct block * 1806 gen_host(addr, mask, proto, dir) 1807 bpf_u_int32 addr; 1808 bpf_u_int32 mask; 1809 int proto; 1810 int dir; 1811 { 1812 struct block *b0, *b1; 1813 1814 switch (proto) { 1815 1816 case Q_DEFAULT: 1817 b0 = gen_host(addr, mask, Q_IP, dir); 1818 if (off_linktype != -1) { 1819 b1 = gen_host(addr, mask, Q_ARP, dir); 1820 gen_or(b0, b1); 1821 b0 = gen_host(addr, mask, Q_RARP, dir); 1822 gen_or(b1, b0); 1823 } 1824 return b0; 1825 1826 case Q_IP: 1827 return gen_hostop(addr, mask, dir, ETHERTYPE_IP, 1828 off_nl + 12, off_nl + 16); 1829 1830 case Q_RARP: 1831 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP, 1832 off_nl + 14, off_nl + 24); 1833 1834 case Q_ARP: 1835 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP, 1836 off_nl + 14, off_nl + 24); 1837 1838 case Q_TCP: 1839 bpf_error("'tcp' modifier applied to host"); 1840 1841 case Q_SCTP: 1842 bpf_error("'sctp' modifier applied to host"); 1843 1844 case Q_UDP: 1845 bpf_error("'udp' modifier applied to host"); 1846 1847 case Q_ICMP: 1848 bpf_error("'icmp' modifier applied to host"); 1849 1850 case Q_IGMP: 1851 bpf_error("'igmp' modifier applied to host"); 1852 1853 case Q_IGRP: 1854 bpf_error("'igrp' modifier applied to host"); 1855 1856 case Q_PIM: 1857 bpf_error("'pim' modifier applied to host"); 1858 1859 case Q_VRRP: 1860 bpf_error("'vrrp' modifier applied to host"); 1861 1862 case Q_ATALK: 1863 bpf_error("ATALK host filtering not implemented"); 1864 1865 case Q_AARP: 1866 bpf_error("AARP host filtering not implemented"); 1867 1868 case Q_DECNET: 1869 return gen_dnhostop(addr, dir, off_nl); 1870 1871 case Q_SCA: 1872 bpf_error("SCA host filtering not implemented"); 1873 1874 case Q_LAT: 1875 bpf_error("LAT host filtering not implemented"); 1876 1877 case Q_MOPDL: 1878 bpf_error("MOPDL host filtering not implemented"); 1879 1880 case Q_MOPRC: 1881 bpf_error("MOPRC host filtering not implemented"); 1882 1883 #ifdef INET6 1884 case Q_IPV6: 1885 bpf_error("'ip6' modifier applied to ip host"); 1886 1887 case Q_ICMPV6: 1888 bpf_error("'icmp6' modifier applied to host"); 1889 #endif /* INET6 */ 1890 1891 case Q_AH: 1892 bpf_error("'ah' modifier applied to host"); 1893 1894 case Q_ESP: 1895 bpf_error("'esp' modifier applied to host"); 1896 1897 case Q_ISO: 1898 bpf_error("ISO host filtering not implemented"); 1899 1900 case Q_ESIS: 1901 bpf_error("'esis' modifier applied to host"); 1902 1903 case Q_ISIS: 1904 bpf_error("'isis' modifier applied to host"); 1905 1906 case Q_CLNP: 1907 bpf_error("'clnp' modifier applied to host"); 1908 1909 case Q_STP: 1910 bpf_error("'stp' modifier applied to host"); 1911 1912 case Q_IPX: 1913 bpf_error("IPX host filtering not implemented"); 1914 1915 case Q_NETBEUI: 1916 bpf_error("'netbeui' modifier applied to host"); 1917 1918 default: 1919 abort(); 1920 } 1921 /* NOTREACHED */ 1922 } 1923 1924 #ifdef INET6 1925 static struct block * 1926 gen_host6(addr, mask, proto, dir) 1927 struct in6_addr *addr; 1928 struct in6_addr *mask; 1929 int proto; 1930 int dir; 1931 { 1932 switch (proto) { 1933 1934 case Q_DEFAULT: 1935 return gen_host6(addr, mask, Q_IPV6, dir); 1936 1937 case Q_IP: 1938 bpf_error("'ip' modifier applied to ip6 host"); 1939 1940 case Q_RARP: 1941 bpf_error("'rarp' modifier applied to ip6 host"); 1942 1943 case Q_ARP: 1944 bpf_error("'arp' modifier applied to ip6 host"); 1945 1946 case Q_SCTP: 1947 bpf_error("'sctp' modifier applied to host"); 1948 1949 case Q_TCP: 1950 bpf_error("'tcp' modifier applied to host"); 1951 1952 case Q_UDP: 1953 bpf_error("'udp' modifier applied to host"); 1954 1955 case Q_ICMP: 1956 bpf_error("'icmp' modifier applied to host"); 1957 1958 case Q_IGMP: 1959 bpf_error("'igmp' modifier applied to host"); 1960 1961 case Q_IGRP: 1962 bpf_error("'igrp' modifier applied to host"); 1963 1964 case Q_PIM: 1965 bpf_error("'pim' modifier applied to host"); 1966 1967 case Q_VRRP: 1968 bpf_error("'vrrp' modifier applied to host"); 1969 1970 case Q_ATALK: 1971 bpf_error("ATALK host filtering not implemented"); 1972 1973 case Q_AARP: 1974 bpf_error("AARP host filtering not implemented"); 1975 1976 case Q_DECNET: 1977 bpf_error("'decnet' modifier applied to ip6 host"); 1978 1979 case Q_SCA: 1980 bpf_error("SCA host filtering not implemented"); 1981 1982 case Q_LAT: 1983 bpf_error("LAT host filtering not implemented"); 1984 1985 case Q_MOPDL: 1986 bpf_error("MOPDL host filtering not implemented"); 1987 1988 case Q_MOPRC: 1989 bpf_error("MOPRC host filtering not implemented"); 1990 1991 case Q_IPV6: 1992 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6, 1993 off_nl + 8, off_nl + 24); 1994 1995 case Q_ICMPV6: 1996 bpf_error("'icmp6' modifier applied to host"); 1997 1998 case Q_AH: 1999 bpf_error("'ah' modifier applied to host"); 2000 2001 case Q_ESP: 2002 bpf_error("'esp' modifier applied to host"); 2003 2004 case Q_ISO: 2005 bpf_error("ISO host filtering not implemented"); 2006 2007 case Q_ESIS: 2008 bpf_error("'esis' modifier applied to host"); 2009 2010 case Q_ISIS: 2011 bpf_error("'isis' modifier applied to host"); 2012 2013 case Q_CLNP: 2014 bpf_error("'clnp' modifier applied to host"); 2015 2016 case Q_STP: 2017 bpf_error("'stp' modifier applied to host"); 2018 2019 case Q_IPX: 2020 bpf_error("IPX host filtering not implemented"); 2021 2022 case Q_NETBEUI: 2023 bpf_error("'netbeui' modifier applied to host"); 2024 2025 default: 2026 abort(); 2027 } 2028 /* NOTREACHED */ 2029 } 2030 #endif /*INET6*/ 2031 2032 #ifndef INET6 2033 static struct block * 2034 gen_gateway(eaddr, alist, proto, dir) 2035 const u_char *eaddr; 2036 bpf_u_int32 **alist; 2037 int proto; 2038 int dir; 2039 { 2040 struct block *b0, *b1, *tmp; 2041 2042 if (dir != 0) 2043 bpf_error("direction applied to 'gateway'"); 2044 2045 switch (proto) { 2046 case Q_DEFAULT: 2047 case Q_IP: 2048 case Q_ARP: 2049 case Q_RARP: 2050 if (linktype == DLT_EN10MB) 2051 b0 = gen_ehostop(eaddr, Q_OR); 2052 else if (linktype == DLT_FDDI) 2053 b0 = gen_fhostop(eaddr, Q_OR); 2054 else if (linktype == DLT_IEEE802) 2055 b0 = gen_thostop(eaddr, Q_OR); 2056 else if (linktype == DLT_IEEE802_11) 2057 b0 = gen_whostop(eaddr, Q_OR); 2058 else 2059 bpf_error( 2060 "'gateway' supported only on ethernet, FDDI or token ring"); 2061 2062 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR); 2063 while (*alist) { 2064 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR); 2065 gen_or(b1, tmp); 2066 b1 = tmp; 2067 } 2068 gen_not(b1); 2069 gen_and(b0, b1); 2070 return b1; 2071 } 2072 bpf_error("illegal modifier of 'gateway'"); 2073 /* NOTREACHED */ 2074 } 2075 #endif 2076 2077 struct block * 2078 gen_proto_abbrev(proto) 2079 int proto; 2080 { 2081 #ifdef INET6 2082 struct block *b0; 2083 #endif 2084 struct block *b1; 2085 2086 switch (proto) { 2087 2088 case Q_SCTP: 2089 b1 = gen_proto(IPPROTO_SCTP, Q_IP, Q_DEFAULT); 2090 #ifdef INET6 2091 b0 = gen_proto(IPPROTO_SCTP, Q_IPV6, Q_DEFAULT); 2092 gen_or(b0, b1); 2093 #endif 2094 break; 2095 2096 case Q_TCP: 2097 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT); 2098 #ifdef INET6 2099 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT); 2100 gen_or(b0, b1); 2101 #endif 2102 break; 2103 2104 case Q_UDP: 2105 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT); 2106 #ifdef INET6 2107 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT); 2108 gen_or(b0, b1); 2109 #endif 2110 break; 2111 2112 case Q_ICMP: 2113 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT); 2114 break; 2115 2116 #ifndef IPPROTO_IGMP 2117 #define IPPROTO_IGMP 2 2118 #endif 2119 2120 case Q_IGMP: 2121 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT); 2122 break; 2123 2124 #ifndef IPPROTO_IGRP 2125 #define IPPROTO_IGRP 9 2126 #endif 2127 case Q_IGRP: 2128 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT); 2129 break; 2130 2131 #ifndef IPPROTO_PIM 2132 #define IPPROTO_PIM 103 2133 #endif 2134 2135 case Q_PIM: 2136 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT); 2137 #ifdef INET6 2138 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT); 2139 gen_or(b0, b1); 2140 #endif 2141 break; 2142 2143 #ifndef IPPROTO_VRRP 2144 #define IPPROTO_VRRP 112 2145 #endif 2146 2147 case Q_VRRP: 2148 b1 = gen_proto(IPPROTO_VRRP, Q_IP, Q_DEFAULT); 2149 break; 2150 2151 case Q_IP: 2152 b1 = gen_linktype(ETHERTYPE_IP); 2153 break; 2154 2155 case Q_ARP: 2156 b1 = gen_linktype(ETHERTYPE_ARP); 2157 break; 2158 2159 case Q_RARP: 2160 b1 = gen_linktype(ETHERTYPE_REVARP); 2161 break; 2162 2163 case Q_LINK: 2164 bpf_error("link layer applied in wrong context"); 2165 2166 case Q_ATALK: 2167 b1 = gen_linktype(ETHERTYPE_ATALK); 2168 break; 2169 2170 case Q_AARP: 2171 b1 = gen_linktype(ETHERTYPE_AARP); 2172 break; 2173 2174 case Q_DECNET: 2175 b1 = gen_linktype(ETHERTYPE_DN); 2176 break; 2177 2178 case Q_SCA: 2179 b1 = gen_linktype(ETHERTYPE_SCA); 2180 break; 2181 2182 case Q_LAT: 2183 b1 = gen_linktype(ETHERTYPE_LAT); 2184 break; 2185 2186 case Q_MOPDL: 2187 b1 = gen_linktype(ETHERTYPE_MOPDL); 2188 break; 2189 2190 case Q_MOPRC: 2191 b1 = gen_linktype(ETHERTYPE_MOPRC); 2192 break; 2193 2194 #ifdef INET6 2195 case Q_IPV6: 2196 b1 = gen_linktype(ETHERTYPE_IPV6); 2197 break; 2198 2199 #ifndef IPPROTO_ICMPV6 2200 #define IPPROTO_ICMPV6 58 2201 #endif 2202 case Q_ICMPV6: 2203 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT); 2204 break; 2205 #endif /* INET6 */ 2206 2207 #ifndef IPPROTO_AH 2208 #define IPPROTO_AH 51 2209 #endif 2210 case Q_AH: 2211 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT); 2212 #ifdef INET6 2213 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT); 2214 gen_or(b0, b1); 2215 #endif 2216 break; 2217 2218 #ifndef IPPROTO_ESP 2219 #define IPPROTO_ESP 50 2220 #endif 2221 case Q_ESP: 2222 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT); 2223 #ifdef INET6 2224 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT); 2225 gen_or(b0, b1); 2226 #endif 2227 break; 2228 2229 case Q_ISO: 2230 b1 = gen_linktype(LLCSAP_ISONS); 2231 break; 2232 2233 case Q_ESIS: 2234 b1 = gen_proto(ISO9542_ESIS, Q_ISO, Q_DEFAULT); 2235 break; 2236 2237 case Q_ISIS: 2238 b1 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT); 2239 break; 2240 2241 case Q_CLNP: 2242 b1 = gen_proto(ISO8473_CLNP, Q_ISO, Q_DEFAULT); 2243 break; 2244 2245 case Q_STP: 2246 b1 = gen_linktype(LLCSAP_8021D); 2247 break; 2248 2249 case Q_IPX: 2250 b1 = gen_linktype(LLCSAP_IPX); 2251 break; 2252 2253 case Q_NETBEUI: 2254 b1 = gen_linktype(LLCSAP_NETBEUI); 2255 break; 2256 2257 default: 2258 abort(); 2259 } 2260 return b1; 2261 } 2262 2263 static struct block * 2264 gen_ipfrag() 2265 { 2266 struct slist *s; 2267 struct block *b; 2268 2269 /* not ip frag */ 2270 s = new_stmt(BPF_LD|BPF_H|BPF_ABS); 2271 s->s.k = off_nl + 6; 2272 b = new_block(JMP(BPF_JSET)); 2273 b->s.k = 0x1fff; 2274 b->stmts = s; 2275 gen_not(b); 2276 2277 return b; 2278 } 2279 2280 static struct block * 2281 gen_portatom(off, v) 2282 int off; 2283 bpf_int32 v; 2284 { 2285 struct slist *s; 2286 struct block *b; 2287 2288 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 2289 s->s.k = off_nl; 2290 2291 s->next = new_stmt(BPF_LD|BPF_IND|BPF_H); 2292 s->next->s.k = off_nl + off; 2293 2294 b = new_block(JMP(BPF_JEQ)); 2295 b->stmts = s; 2296 b->s.k = v; 2297 2298 return b; 2299 } 2300 2301 #ifdef INET6 2302 static struct block * 2303 gen_portatom6(off, v) 2304 int off; 2305 bpf_int32 v; 2306 { 2307 return gen_cmp(off_nl + 40 + off, BPF_H, v); 2308 } 2309 #endif/*INET6*/ 2310 2311 struct block * 2312 gen_portop(port, proto, dir) 2313 int port, proto, dir; 2314 { 2315 struct block *b0, *b1, *tmp; 2316 2317 /* ip proto 'proto' */ 2318 tmp = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)proto); 2319 b0 = gen_ipfrag(); 2320 gen_and(tmp, b0); 2321 2322 switch (dir) { 2323 case Q_SRC: 2324 b1 = gen_portatom(0, (bpf_int32)port); 2325 break; 2326 2327 case Q_DST: 2328 b1 = gen_portatom(2, (bpf_int32)port); 2329 break; 2330 2331 case Q_OR: 2332 case Q_DEFAULT: 2333 tmp = gen_portatom(0, (bpf_int32)port); 2334 b1 = gen_portatom(2, (bpf_int32)port); 2335 gen_or(tmp, b1); 2336 break; 2337 2338 case Q_AND: 2339 tmp = gen_portatom(0, (bpf_int32)port); 2340 b1 = gen_portatom(2, (bpf_int32)port); 2341 gen_and(tmp, b1); 2342 break; 2343 2344 default: 2345 abort(); 2346 } 2347 gen_and(b0, b1); 2348 2349 return b1; 2350 } 2351 2352 static struct block * 2353 gen_port(port, ip_proto, dir) 2354 int port; 2355 int ip_proto; 2356 int dir; 2357 { 2358 struct block *b0, *b1, *tmp; 2359 2360 /* ether proto ip */ 2361 b0 = gen_linktype(ETHERTYPE_IP); 2362 2363 switch (ip_proto) { 2364 case IPPROTO_UDP: 2365 case IPPROTO_TCP: 2366 case IPPROTO_SCTP: 2367 b1 = gen_portop(port, ip_proto, dir); 2368 break; 2369 2370 case PROTO_UNDEF: 2371 tmp = gen_portop(port, IPPROTO_TCP, dir); 2372 b1 = gen_portop(port, IPPROTO_UDP, dir); 2373 gen_or(tmp, b1); 2374 tmp = gen_portop(port, IPPROTO_SCTP, dir); 2375 gen_or(tmp, b1); 2376 break; 2377 2378 default: 2379 abort(); 2380 } 2381 gen_and(b0, b1); 2382 return b1; 2383 } 2384 2385 #ifdef INET6 2386 struct block * 2387 gen_portop6(port, proto, dir) 2388 int port, proto, dir; 2389 { 2390 struct block *b0, *b1, *tmp; 2391 2392 /* ip proto 'proto' */ 2393 b0 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)proto); 2394 2395 switch (dir) { 2396 case Q_SRC: 2397 b1 = gen_portatom6(0, (bpf_int32)port); 2398 break; 2399 2400 case Q_DST: 2401 b1 = gen_portatom6(2, (bpf_int32)port); 2402 break; 2403 2404 case Q_OR: 2405 case Q_DEFAULT: 2406 tmp = gen_portatom6(0, (bpf_int32)port); 2407 b1 = gen_portatom6(2, (bpf_int32)port); 2408 gen_or(tmp, b1); 2409 break; 2410 2411 case Q_AND: 2412 tmp = gen_portatom6(0, (bpf_int32)port); 2413 b1 = gen_portatom6(2, (bpf_int32)port); 2414 gen_and(tmp, b1); 2415 break; 2416 2417 default: 2418 abort(); 2419 } 2420 gen_and(b0, b1); 2421 2422 return b1; 2423 } 2424 2425 static struct block * 2426 gen_port6(port, ip_proto, dir) 2427 int port; 2428 int ip_proto; 2429 int dir; 2430 { 2431 struct block *b0, *b1, *tmp; 2432 2433 /* ether proto ip */ 2434 b0 = gen_linktype(ETHERTYPE_IPV6); 2435 2436 switch (ip_proto) { 2437 case IPPROTO_UDP: 2438 case IPPROTO_TCP: 2439 case IPPROTO_SCTP: 2440 b1 = gen_portop6(port, ip_proto, dir); 2441 break; 2442 2443 case PROTO_UNDEF: 2444 tmp = gen_portop6(port, IPPROTO_TCP, dir); 2445 b1 = gen_portop6(port, IPPROTO_UDP, dir); 2446 gen_or(tmp, b1); 2447 tmp = gen_portop6(port, IPPROTO_SCTP, dir); 2448 gen_or(tmp, b1); 2449 break; 2450 2451 default: 2452 abort(); 2453 } 2454 gen_and(b0, b1); 2455 return b1; 2456 } 2457 #endif /* INET6 */ 2458 2459 static int 2460 lookup_proto(name, proto) 2461 register const char *name; 2462 register int proto; 2463 { 2464 register int v; 2465 2466 switch (proto) { 2467 2468 case Q_DEFAULT: 2469 case Q_IP: 2470 case Q_IPV6: 2471 v = pcap_nametoproto(name); 2472 if (v == PROTO_UNDEF) 2473 bpf_error("unknown ip proto '%s'", name); 2474 break; 2475 2476 case Q_LINK: 2477 /* XXX should look up h/w protocol type based on linktype */ 2478 v = pcap_nametoeproto(name); 2479 if (v == PROTO_UNDEF) 2480 bpf_error("unknown ether proto '%s'", name); 2481 break; 2482 2483 case Q_ISO: 2484 if (strcmp(name, "esis") == 0) 2485 v = ISO9542_ESIS; 2486 else if (strcmp(name, "isis") == 0) 2487 v = ISO10589_ISIS; 2488 else if (strcmp(name, "clnp") == 0) 2489 v = ISO8473_CLNP; 2490 else 2491 bpf_error("unknown osi proto '%s'", name); 2492 break; 2493 2494 default: 2495 v = PROTO_UNDEF; 2496 break; 2497 } 2498 return v; 2499 } 2500 2501 #if 0 2502 struct stmt * 2503 gen_joinsp(s, n) 2504 struct stmt **s; 2505 int n; 2506 { 2507 return NULL; 2508 } 2509 #endif 2510 2511 static struct block * 2512 gen_protochain(v, proto, dir) 2513 int v; 2514 int proto; 2515 int dir; 2516 { 2517 #ifdef NO_PROTOCHAIN 2518 return gen_proto(v, proto, dir); 2519 #else 2520 struct block *b0, *b; 2521 struct slist *s[100]; 2522 int fix2, fix3, fix4, fix5; 2523 int ahcheck, again, end; 2524 int i, max; 2525 int reg2 = alloc_reg(); 2526 2527 memset(s, 0, sizeof(s)); 2528 fix2 = fix3 = fix4 = fix5 = 0; 2529 2530 switch (proto) { 2531 case Q_IP: 2532 case Q_IPV6: 2533 break; 2534 case Q_DEFAULT: 2535 b0 = gen_protochain(v, Q_IP, dir); 2536 b = gen_protochain(v, Q_IPV6, dir); 2537 gen_or(b0, b); 2538 return b; 2539 default: 2540 bpf_error("bad protocol applied for 'protochain'"); 2541 /*NOTREACHED*/ 2542 } 2543 2544 no_optimize = 1; /*this code is not compatible with optimzer yet */ 2545 2546 /* 2547 * s[0] is a dummy entry to protect other BPF insn from damaged 2548 * by s[fix] = foo with uninitialized variable "fix". It is somewhat 2549 * hard to find interdependency made by jump table fixup. 2550 */ 2551 i = 0; 2552 s[i] = new_stmt(0); /*dummy*/ 2553 i++; 2554 2555 switch (proto) { 2556 case Q_IP: 2557 b0 = gen_linktype(ETHERTYPE_IP); 2558 2559 /* A = ip->ip_p */ 2560 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B); 2561 s[i]->s.k = off_nl + 9; 2562 i++; 2563 /* X = ip->ip_hl << 2 */ 2564 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 2565 s[i]->s.k = off_nl; 2566 i++; 2567 break; 2568 #ifdef INET6 2569 case Q_IPV6: 2570 b0 = gen_linktype(ETHERTYPE_IPV6); 2571 2572 /* A = ip6->ip_nxt */ 2573 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B); 2574 s[i]->s.k = off_nl + 6; 2575 i++; 2576 /* X = sizeof(struct ip6_hdr) */ 2577 s[i] = new_stmt(BPF_LDX|BPF_IMM); 2578 s[i]->s.k = 40; 2579 i++; 2580 break; 2581 #endif 2582 default: 2583 bpf_error("unsupported proto to gen_protochain"); 2584 /*NOTREACHED*/ 2585 } 2586 2587 /* again: if (A == v) goto end; else fall through; */ 2588 again = i; 2589 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 2590 s[i]->s.k = v; 2591 s[i]->s.jt = NULL; /*later*/ 2592 s[i]->s.jf = NULL; /*update in next stmt*/ 2593 fix5 = i; 2594 i++; 2595 2596 #ifndef IPPROTO_NONE 2597 #define IPPROTO_NONE 59 2598 #endif 2599 /* if (A == IPPROTO_NONE) goto end */ 2600 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 2601 s[i]->s.jt = NULL; /*later*/ 2602 s[i]->s.jf = NULL; /*update in next stmt*/ 2603 s[i]->s.k = IPPROTO_NONE; 2604 s[fix5]->s.jf = s[i]; 2605 fix2 = i; 2606 i++; 2607 2608 #ifdef INET6 2609 if (proto == Q_IPV6) { 2610 int v6start, v6end, v6advance, j; 2611 2612 v6start = i; 2613 /* if (A == IPPROTO_HOPOPTS) goto v6advance */ 2614 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 2615 s[i]->s.jt = NULL; /*later*/ 2616 s[i]->s.jf = NULL; /*update in next stmt*/ 2617 s[i]->s.k = IPPROTO_HOPOPTS; 2618 s[fix2]->s.jf = s[i]; 2619 i++; 2620 /* if (A == IPPROTO_DSTOPTS) goto v6advance */ 2621 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 2622 s[i]->s.jt = NULL; /*later*/ 2623 s[i]->s.jf = NULL; /*update in next stmt*/ 2624 s[i]->s.k = IPPROTO_DSTOPTS; 2625 i++; 2626 /* if (A == IPPROTO_ROUTING) goto v6advance */ 2627 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 2628 s[i]->s.jt = NULL; /*later*/ 2629 s[i]->s.jf = NULL; /*update in next stmt*/ 2630 s[i]->s.k = IPPROTO_ROUTING; 2631 i++; 2632 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */ 2633 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 2634 s[i]->s.jt = NULL; /*later*/ 2635 s[i]->s.jf = NULL; /*later*/ 2636 s[i]->s.k = IPPROTO_FRAGMENT; 2637 fix3 = i; 2638 v6end = i; 2639 i++; 2640 2641 /* v6advance: */ 2642 v6advance = i; 2643 2644 /* 2645 * in short, 2646 * A = P[X]; 2647 * X = X + (P[X + 1] + 1) * 8; 2648 */ 2649 /* A = X */ 2650 s[i] = new_stmt(BPF_MISC|BPF_TXA); 2651 i++; 2652 /* A = P[X + packet head] */ 2653 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 2654 s[i]->s.k = off_nl; 2655 i++; 2656 /* MEM[reg2] = A */ 2657 s[i] = new_stmt(BPF_ST); 2658 s[i]->s.k = reg2; 2659 i++; 2660 /* A = X */ 2661 s[i] = new_stmt(BPF_MISC|BPF_TXA); 2662 i++; 2663 /* A += 1 */ 2664 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2665 s[i]->s.k = 1; 2666 i++; 2667 /* X = A */ 2668 s[i] = new_stmt(BPF_MISC|BPF_TAX); 2669 i++; 2670 /* A = P[X + packet head]; */ 2671 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 2672 s[i]->s.k = off_nl; 2673 i++; 2674 /* A += 1 */ 2675 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2676 s[i]->s.k = 1; 2677 i++; 2678 /* A *= 8 */ 2679 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K); 2680 s[i]->s.k = 8; 2681 i++; 2682 /* X = A; */ 2683 s[i] = new_stmt(BPF_MISC|BPF_TAX); 2684 i++; 2685 /* A = MEM[reg2] */ 2686 s[i] = new_stmt(BPF_LD|BPF_MEM); 2687 s[i]->s.k = reg2; 2688 i++; 2689 2690 /* goto again; (must use BPF_JA for backward jump) */ 2691 s[i] = new_stmt(BPF_JMP|BPF_JA); 2692 s[i]->s.k = again - i - 1; 2693 s[i - 1]->s.jf = s[i]; 2694 i++; 2695 2696 /* fixup */ 2697 for (j = v6start; j <= v6end; j++) 2698 s[j]->s.jt = s[v6advance]; 2699 } else 2700 #endif 2701 { 2702 /* nop */ 2703 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2704 s[i]->s.k = 0; 2705 s[fix2]->s.jf = s[i]; 2706 i++; 2707 } 2708 2709 /* ahcheck: */ 2710 ahcheck = i; 2711 /* if (A == IPPROTO_AH) then fall through; else goto end; */ 2712 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 2713 s[i]->s.jt = NULL; /*later*/ 2714 s[i]->s.jf = NULL; /*later*/ 2715 s[i]->s.k = IPPROTO_AH; 2716 if (fix3) 2717 s[fix3]->s.jf = s[ahcheck]; 2718 fix4 = i; 2719 i++; 2720 2721 /* 2722 * in short, 2723 * A = P[X]; 2724 * X = X + (P[X + 1] + 2) * 4; 2725 */ 2726 /* A = X */ 2727 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA); 2728 i++; 2729 /* A = P[X + packet head]; */ 2730 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 2731 s[i]->s.k = off_nl; 2732 i++; 2733 /* MEM[reg2] = A */ 2734 s[i] = new_stmt(BPF_ST); 2735 s[i]->s.k = reg2; 2736 i++; 2737 /* A = X */ 2738 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA); 2739 i++; 2740 /* A += 1 */ 2741 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2742 s[i]->s.k = 1; 2743 i++; 2744 /* X = A */ 2745 s[i] = new_stmt(BPF_MISC|BPF_TAX); 2746 i++; 2747 /* A = P[X + packet head] */ 2748 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 2749 s[i]->s.k = off_nl; 2750 i++; 2751 /* A += 2 */ 2752 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2753 s[i]->s.k = 2; 2754 i++; 2755 /* A *= 4 */ 2756 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K); 2757 s[i]->s.k = 4; 2758 i++; 2759 /* X = A; */ 2760 s[i] = new_stmt(BPF_MISC|BPF_TAX); 2761 i++; 2762 /* A = MEM[reg2] */ 2763 s[i] = new_stmt(BPF_LD|BPF_MEM); 2764 s[i]->s.k = reg2; 2765 i++; 2766 2767 /* goto again; (must use BPF_JA for backward jump) */ 2768 s[i] = new_stmt(BPF_JMP|BPF_JA); 2769 s[i]->s.k = again - i - 1; 2770 i++; 2771 2772 /* end: nop */ 2773 end = i; 2774 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2775 s[i]->s.k = 0; 2776 s[fix2]->s.jt = s[end]; 2777 s[fix4]->s.jf = s[end]; 2778 s[fix5]->s.jt = s[end]; 2779 i++; 2780 2781 /* 2782 * make slist chain 2783 */ 2784 max = i; 2785 for (i = 0; i < max - 1; i++) 2786 s[i]->next = s[i + 1]; 2787 s[max - 1]->next = NULL; 2788 2789 /* 2790 * emit final check 2791 */ 2792 b = new_block(JMP(BPF_JEQ)); 2793 b->stmts = s[1]; /*remember, s[0] is dummy*/ 2794 b->s.k = v; 2795 2796 free_reg(reg2); 2797 2798 gen_and(b0, b); 2799 return b; 2800 #endif 2801 } 2802 2803 static struct block * 2804 gen_proto(v, proto, dir) 2805 int v; 2806 int proto; 2807 int dir; 2808 { 2809 struct block *b0, *b1; 2810 2811 if (dir != Q_DEFAULT) 2812 bpf_error("direction applied to 'proto'"); 2813 2814 switch (proto) { 2815 case Q_DEFAULT: 2816 #ifdef INET6 2817 b0 = gen_proto(v, Q_IP, dir); 2818 b1 = gen_proto(v, Q_IPV6, dir); 2819 gen_or(b0, b1); 2820 return b1; 2821 #else 2822 /*FALLTHROUGH*/ 2823 #endif 2824 case Q_IP: 2825 b0 = gen_linktype(ETHERTYPE_IP); 2826 #ifndef CHASE_CHAIN 2827 b1 = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)v); 2828 #else 2829 b1 = gen_protochain(v, Q_IP); 2830 #endif 2831 gen_and(b0, b1); 2832 return b1; 2833 2834 case Q_ISO: 2835 b0 = gen_linktype(LLCSAP_ISONS); 2836 b1 = gen_cmp(off_nl + 3, BPF_B, (long)v); 2837 gen_and(b0, b1); 2838 return b1; 2839 2840 case Q_ARP: 2841 bpf_error("arp does not encapsulate another protocol"); 2842 /* NOTREACHED */ 2843 2844 case Q_RARP: 2845 bpf_error("rarp does not encapsulate another protocol"); 2846 /* NOTREACHED */ 2847 2848 case Q_ATALK: 2849 bpf_error("atalk encapsulation is not specifiable"); 2850 /* NOTREACHED */ 2851 2852 case Q_DECNET: 2853 bpf_error("decnet encapsulation is not specifiable"); 2854 /* NOTREACHED */ 2855 2856 case Q_SCA: 2857 bpf_error("sca does not encapsulate another protocol"); 2858 /* NOTREACHED */ 2859 2860 case Q_LAT: 2861 bpf_error("lat does not encapsulate another protocol"); 2862 /* NOTREACHED */ 2863 2864 case Q_MOPRC: 2865 bpf_error("moprc does not encapsulate another protocol"); 2866 /* NOTREACHED */ 2867 2868 case Q_MOPDL: 2869 bpf_error("mopdl does not encapsulate another protocol"); 2870 /* NOTREACHED */ 2871 2872 case Q_LINK: 2873 return gen_linktype(v); 2874 2875 case Q_UDP: 2876 bpf_error("'udp proto' is bogus"); 2877 /* NOTREACHED */ 2878 2879 case Q_TCP: 2880 bpf_error("'tcp proto' is bogus"); 2881 /* NOTREACHED */ 2882 2883 case Q_SCTP: 2884 bpf_error("'sctp proto' is bogus"); 2885 /* NOTREACHED */ 2886 2887 case Q_ICMP: 2888 bpf_error("'icmp proto' is bogus"); 2889 /* NOTREACHED */ 2890 2891 case Q_IGMP: 2892 bpf_error("'igmp proto' is bogus"); 2893 /* NOTREACHED */ 2894 2895 case Q_IGRP: 2896 bpf_error("'igrp proto' is bogus"); 2897 /* NOTREACHED */ 2898 2899 case Q_PIM: 2900 bpf_error("'pim proto' is bogus"); 2901 /* NOTREACHED */ 2902 2903 case Q_VRRP: 2904 bpf_error("'vrrp proto' is bogus"); 2905 /* NOTREACHED */ 2906 2907 #ifdef INET6 2908 case Q_IPV6: 2909 b0 = gen_linktype(ETHERTYPE_IPV6); 2910 #ifndef CHASE_CHAIN 2911 b1 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)v); 2912 #else 2913 b1 = gen_protochain(v, Q_IPV6); 2914 #endif 2915 gen_and(b0, b1); 2916 return b1; 2917 2918 case Q_ICMPV6: 2919 bpf_error("'icmp6 proto' is bogus"); 2920 #endif /* INET6 */ 2921 2922 case Q_AH: 2923 bpf_error("'ah proto' is bogus"); 2924 2925 case Q_ESP: 2926 bpf_error("'ah proto' is bogus"); 2927 2928 case Q_STP: 2929 bpf_error("'stp proto' is bogus"); 2930 2931 case Q_IPX: 2932 bpf_error("'ipx proto' is bogus"); 2933 2934 case Q_NETBEUI: 2935 bpf_error("'netbeui proto' is bogus"); 2936 2937 default: 2938 abort(); 2939 /* NOTREACHED */ 2940 } 2941 /* NOTREACHED */ 2942 } 2943 2944 struct block * 2945 gen_scode(name, q) 2946 register const char *name; 2947 struct qual q; 2948 { 2949 int proto = q.proto; 2950 int dir = q.dir; 2951 int tproto; 2952 u_char *eaddr; 2953 bpf_u_int32 mask, addr; 2954 #ifndef INET6 2955 bpf_u_int32 **alist; 2956 #else 2957 int tproto6; 2958 struct sockaddr_in *sin; 2959 struct sockaddr_in6 *sin6; 2960 struct addrinfo *res, *res0; 2961 struct in6_addr mask128; 2962 #endif /*INET6*/ 2963 struct block *b, *tmp; 2964 int port, real_proto; 2965 2966 switch (q.addr) { 2967 2968 case Q_NET: 2969 addr = pcap_nametonetaddr(name); 2970 if (addr == 0) 2971 bpf_error("unknown network '%s'", name); 2972 /* Left justify network addr and calculate its network mask */ 2973 mask = 0xffffffff; 2974 while (addr && (addr & 0xff000000) == 0) { 2975 addr <<= 8; 2976 mask <<= 8; 2977 } 2978 return gen_host(addr, mask, proto, dir); 2979 2980 case Q_DEFAULT: 2981 case Q_HOST: 2982 if (proto == Q_LINK) { 2983 switch (linktype) { 2984 2985 case DLT_EN10MB: 2986 eaddr = pcap_ether_hostton(name); 2987 if (eaddr == NULL) 2988 bpf_error( 2989 "unknown ether host '%s'", name); 2990 b = gen_ehostop(eaddr, dir); 2991 free(eaddr); 2992 return b; 2993 2994 case DLT_FDDI: 2995 eaddr = pcap_ether_hostton(name); 2996 if (eaddr == NULL) 2997 bpf_error( 2998 "unknown FDDI host '%s'", name); 2999 b = gen_fhostop(eaddr, dir); 3000 free(eaddr); 3001 return b; 3002 3003 case DLT_IEEE802: 3004 eaddr = pcap_ether_hostton(name); 3005 if (eaddr == NULL) 3006 bpf_error( 3007 "unknown token ring host '%s'", name); 3008 b = gen_thostop(eaddr, dir); 3009 free(eaddr); 3010 return b; 3011 3012 case DLT_IEEE802_11: 3013 eaddr = pcap_ether_hostton(name); 3014 if (eaddr == NULL) 3015 bpf_error( 3016 "unknown ether host '%s'", name); 3017 b = gen_whostop(eaddr, dir); 3018 free(eaddr); 3019 return b; 3020 3021 default: 3022 bpf_error( 3023 "only ethernet/FDDI/token ring supports link-level host name"); 3024 break; 3025 } 3026 } else if (proto == Q_DECNET) { 3027 unsigned short dn_addr = __pcap_nametodnaddr(name); 3028 /* 3029 * I don't think DECNET hosts can be multihomed, so 3030 * there is no need to build up a list of addresses 3031 */ 3032 return (gen_host(dn_addr, 0, proto, dir)); 3033 } else { 3034 #ifndef INET6 3035 alist = pcap_nametoaddr(name); 3036 if (alist == NULL || *alist == NULL) 3037 bpf_error("unknown host '%s'", name); 3038 tproto = proto; 3039 if (off_linktype == -1 && tproto == Q_DEFAULT) 3040 tproto = Q_IP; 3041 b = gen_host(**alist++, 0xffffffff, tproto, dir); 3042 while (*alist) { 3043 tmp = gen_host(**alist++, 0xffffffff, 3044 tproto, dir); 3045 gen_or(b, tmp); 3046 b = tmp; 3047 } 3048 return b; 3049 #else 3050 memset(&mask128, 0xff, sizeof(mask128)); 3051 res0 = res = pcap_nametoaddrinfo(name); 3052 if (res == NULL) 3053 bpf_error("unknown host '%s'", name); 3054 b = tmp = NULL; 3055 tproto = tproto6 = proto; 3056 if (off_linktype == -1 && tproto == Q_DEFAULT) { 3057 tproto = Q_IP; 3058 tproto6 = Q_IPV6; 3059 } 3060 for (res = res0; res; res = res->ai_next) { 3061 switch (res->ai_family) { 3062 case AF_INET: 3063 if (tproto == Q_IPV6) 3064 continue; 3065 3066 sin = (struct sockaddr_in *) 3067 res->ai_addr; 3068 tmp = gen_host(ntohl(sin->sin_addr.s_addr), 3069 0xffffffff, tproto, dir); 3070 break; 3071 case AF_INET6: 3072 if (tproto6 == Q_IP) 3073 continue; 3074 3075 sin6 = (struct sockaddr_in6 *) 3076 res->ai_addr; 3077 tmp = gen_host6(&sin6->sin6_addr, 3078 &mask128, tproto6, dir); 3079 break; 3080 default: 3081 continue; 3082 } 3083 if (b) 3084 gen_or(b, tmp); 3085 b = tmp; 3086 } 3087 freeaddrinfo(res0); 3088 if (b == NULL) { 3089 bpf_error("unknown host '%s'%s", name, 3090 (proto == Q_DEFAULT) 3091 ? "" 3092 : " for specified address family"); 3093 } 3094 return b; 3095 #endif /*INET6*/ 3096 } 3097 3098 case Q_PORT: 3099 if (proto != Q_DEFAULT && 3100 proto != Q_UDP && proto != Q_TCP && proto != Q_SCTP) 3101 bpf_error("illegal qualifier of 'port'"); 3102 if (pcap_nametoport(name, &port, &real_proto) == 0) 3103 bpf_error("unknown port '%s'", name); 3104 if (proto == Q_UDP) { 3105 if (real_proto == IPPROTO_TCP) 3106 bpf_error("port '%s' is tcp", name); 3107 else if (real_proto == IPPROTO_SCTP) 3108 bpf_error("port '%s' is sctp", name); 3109 else 3110 /* override PROTO_UNDEF */ 3111 real_proto = IPPROTO_UDP; 3112 } 3113 if (proto == Q_TCP) { 3114 if (real_proto == IPPROTO_UDP) 3115 bpf_error("port '%s' is udp", name); 3116 3117 else if (real_proto == IPPROTO_SCTP) 3118 bpf_error("port '%s' is sctp", name); 3119 else 3120 /* override PROTO_UNDEF */ 3121 real_proto = IPPROTO_TCP; 3122 } 3123 if (proto == Q_SCTP) { 3124 if (real_proto == IPPROTO_UDP) 3125 bpf_error("port '%s' is udp", name); 3126 3127 else if (real_proto == IPPROTO_TCP) 3128 bpf_error("port '%s' is tcp", name); 3129 else 3130 /* override PROTO_UNDEF */ 3131 real_proto = IPPROTO_SCTP; 3132 } 3133 #ifndef INET6 3134 return gen_port(port, real_proto, dir); 3135 #else 3136 { 3137 struct block *b; 3138 b = gen_port(port, real_proto, dir); 3139 gen_or(gen_port6(port, real_proto, dir), b); 3140 return b; 3141 } 3142 #endif /* INET6 */ 3143 3144 case Q_GATEWAY: 3145 #ifndef INET6 3146 eaddr = pcap_ether_hostton(name); 3147 if (eaddr == NULL) 3148 bpf_error("unknown ether host: %s", name); 3149 3150 alist = pcap_nametoaddr(name); 3151 if (alist == NULL || *alist == NULL) 3152 bpf_error("unknown host '%s'", name); 3153 b = gen_gateway(eaddr, alist, proto, dir); 3154 free(eaddr); 3155 return b; 3156 #else 3157 bpf_error("'gateway' not supported in this configuration"); 3158 #endif /*INET6*/ 3159 3160 case Q_PROTO: 3161 real_proto = lookup_proto(name, proto); 3162 if (real_proto >= 0) 3163 return gen_proto(real_proto, proto, dir); 3164 else 3165 bpf_error("unknown protocol: %s", name); 3166 3167 case Q_PROTOCHAIN: 3168 real_proto = lookup_proto(name, proto); 3169 if (real_proto >= 0) 3170 return gen_protochain(real_proto, proto, dir); 3171 else 3172 bpf_error("unknown protocol: %s", name); 3173 3174 3175 case Q_UNDEF: 3176 syntax(); 3177 /* NOTREACHED */ 3178 } 3179 abort(); 3180 /* NOTREACHED */ 3181 } 3182 3183 struct block * 3184 gen_mcode(s1, s2, masklen, q) 3185 register const char *s1, *s2; 3186 register int masklen; 3187 struct qual q; 3188 { 3189 register int nlen, mlen; 3190 bpf_u_int32 n, m; 3191 3192 nlen = __pcap_atoin(s1, &n); 3193 /* Promote short ipaddr */ 3194 n <<= 32 - nlen; 3195 3196 if (s2 != NULL) { 3197 mlen = __pcap_atoin(s2, &m); 3198 /* Promote short ipaddr */ 3199 m <<= 32 - mlen; 3200 if ((n & ~m) != 0) 3201 bpf_error("non-network bits set in \"%s mask %s\"", 3202 s1, s2); 3203 } else { 3204 /* Convert mask len to mask */ 3205 if (masklen > 32) 3206 bpf_error("mask length must be <= 32"); 3207 m = 0xffffffff << (32 - masklen); 3208 if ((n & ~m) != 0) 3209 bpf_error("non-network bits set in \"%s/%d\"", 3210 s1, masklen); 3211 } 3212 3213 switch (q.addr) { 3214 3215 case Q_NET: 3216 return gen_host(n, m, q.proto, q.dir); 3217 3218 default: 3219 bpf_error("Mask syntax for networks only"); 3220 /* NOTREACHED */ 3221 } 3222 } 3223 3224 struct block * 3225 gen_ncode(s, v, q) 3226 register const char *s; 3227 bpf_u_int32 v; 3228 struct qual q; 3229 { 3230 bpf_u_int32 mask; 3231 int proto = q.proto; 3232 int dir = q.dir; 3233 register int vlen; 3234 3235 if (s == NULL) 3236 vlen = 32; 3237 else if (q.proto == Q_DECNET) 3238 vlen = __pcap_atodn(s, &v); 3239 else 3240 vlen = __pcap_atoin(s, &v); 3241 3242 switch (q.addr) { 3243 3244 case Q_DEFAULT: 3245 case Q_HOST: 3246 case Q_NET: 3247 if (proto == Q_DECNET) 3248 return gen_host(v, 0, proto, dir); 3249 else if (proto == Q_LINK) { 3250 bpf_error("illegal link layer address"); 3251 } else { 3252 mask = 0xffffffff; 3253 if (s == NULL && q.addr == Q_NET) { 3254 /* Promote short net number */ 3255 while (v && (v & 0xff000000) == 0) { 3256 v <<= 8; 3257 mask <<= 8; 3258 } 3259 } else { 3260 /* Promote short ipaddr */ 3261 v <<= 32 - vlen; 3262 mask <<= 32 - vlen; 3263 } 3264 return gen_host(v, mask, proto, dir); 3265 } 3266 3267 case Q_PORT: 3268 if (proto == Q_UDP) 3269 proto = IPPROTO_UDP; 3270 else if (proto == Q_TCP) 3271 proto = IPPROTO_TCP; 3272 else if (proto == Q_SCTP) 3273 proto = IPPROTO_SCTP; 3274 else if (proto == Q_DEFAULT) 3275 proto = PROTO_UNDEF; 3276 else 3277 bpf_error("illegal qualifier of 'port'"); 3278 3279 #ifndef INET6 3280 return gen_port((int)v, proto, dir); 3281 #else 3282 { 3283 struct block *b; 3284 b = gen_port((int)v, proto, dir); 3285 gen_or(gen_port6((int)v, proto, dir), b); 3286 return b; 3287 } 3288 #endif /* INET6 */ 3289 3290 case Q_GATEWAY: 3291 bpf_error("'gateway' requires a name"); 3292 /* NOTREACHED */ 3293 3294 case Q_PROTO: 3295 return gen_proto((int)v, proto, dir); 3296 3297 case Q_PROTOCHAIN: 3298 return gen_protochain((int)v, proto, dir); 3299 3300 case Q_UNDEF: 3301 syntax(); 3302 /* NOTREACHED */ 3303 3304 default: 3305 abort(); 3306 /* NOTREACHED */ 3307 } 3308 /* NOTREACHED */ 3309 } 3310 3311 #ifdef INET6 3312 struct block * 3313 gen_mcode6(s1, s2, masklen, q) 3314 register const char *s1, *s2; 3315 register int masklen; 3316 struct qual q; 3317 { 3318 struct addrinfo *res; 3319 struct in6_addr *addr; 3320 struct in6_addr mask; 3321 struct block *b; 3322 u_int32_t *a, *m; 3323 3324 if (s2) 3325 bpf_error("no mask %s supported", s2); 3326 3327 res = pcap_nametoaddrinfo(s1); 3328 if (!res) 3329 bpf_error("invalid ip6 address %s", s1); 3330 if (res->ai_next) 3331 bpf_error("%s resolved to multiple address", s1); 3332 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr; 3333 3334 if (sizeof(mask) * 8 < masklen) 3335 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8)); 3336 memset(&mask, 0, sizeof(mask)); 3337 memset(&mask, 0xff, masklen / 8); 3338 if (masklen % 8) { 3339 mask.s6_addr[masklen / 8] = 3340 (0xff << (8 - masklen % 8)) & 0xff; 3341 } 3342 3343 a = (u_int32_t *)addr; 3344 m = (u_int32_t *)&mask; 3345 if ((a[0] & ~m[0]) || (a[1] & ~m[1]) 3346 || (a[2] & ~m[2]) || (a[3] & ~m[3])) { 3347 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen); 3348 } 3349 3350 switch (q.addr) { 3351 3352 case Q_DEFAULT: 3353 case Q_HOST: 3354 if (masklen != 128) 3355 bpf_error("Mask syntax for networks only"); 3356 /* FALLTHROUGH */ 3357 3358 case Q_NET: 3359 b = gen_host6(addr, &mask, q.proto, q.dir); 3360 freeaddrinfo(res); 3361 return b; 3362 3363 default: 3364 bpf_error("invalid qualifier against IPv6 address"); 3365 /* NOTREACHED */ 3366 } 3367 } 3368 #endif /*INET6*/ 3369 3370 struct block * 3371 gen_ecode(eaddr, q) 3372 register const u_char *eaddr; 3373 struct qual q; 3374 { 3375 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) { 3376 if (linktype == DLT_EN10MB) 3377 return gen_ehostop(eaddr, (int)q.dir); 3378 if (linktype == DLT_FDDI) 3379 return gen_fhostop(eaddr, (int)q.dir); 3380 if (linktype == DLT_IEEE802) 3381 return gen_thostop(eaddr, (int)q.dir); 3382 if (linktype == DLT_IEEE802_11) 3383 return gen_whostop(eaddr, (int)q.dir); 3384 bpf_error("ethernet addresses supported only on ethernet, FDDI or token ring"); 3385 } 3386 bpf_error("ethernet address used in non-ether expression"); 3387 /* NOTREACHED */ 3388 } 3389 3390 void 3391 sappend(s0, s1) 3392 struct slist *s0, *s1; 3393 { 3394 /* 3395 * This is definitely not the best way to do this, but the 3396 * lists will rarely get long. 3397 */ 3398 while (s0->next) 3399 s0 = s0->next; 3400 s0->next = s1; 3401 } 3402 3403 static struct slist * 3404 xfer_to_x(a) 3405 struct arth *a; 3406 { 3407 struct slist *s; 3408 3409 s = new_stmt(BPF_LDX|BPF_MEM); 3410 s->s.k = a->regno; 3411 return s; 3412 } 3413 3414 static struct slist * 3415 xfer_to_a(a) 3416 struct arth *a; 3417 { 3418 struct slist *s; 3419 3420 s = new_stmt(BPF_LD|BPF_MEM); 3421 s->s.k = a->regno; 3422 return s; 3423 } 3424 3425 struct arth * 3426 gen_load(proto, index, size) 3427 int proto; 3428 struct arth *index; 3429 int size; 3430 { 3431 struct slist *s, *tmp; 3432 struct block *b; 3433 int regno = alloc_reg(); 3434 3435 free_reg(index->regno); 3436 switch (size) { 3437 3438 default: 3439 bpf_error("data size must be 1, 2, or 4"); 3440 3441 case 1: 3442 size = BPF_B; 3443 break; 3444 3445 case 2: 3446 size = BPF_H; 3447 break; 3448 3449 case 4: 3450 size = BPF_W; 3451 break; 3452 } 3453 switch (proto) { 3454 default: 3455 bpf_error("unsupported index operation"); 3456 3457 case Q_LINK: 3458 s = xfer_to_x(index); 3459 tmp = new_stmt(BPF_LD|BPF_IND|size); 3460 sappend(s, tmp); 3461 sappend(index->s, s); 3462 break; 3463 3464 case Q_IP: 3465 case Q_ARP: 3466 case Q_RARP: 3467 case Q_ATALK: 3468 case Q_DECNET: 3469 case Q_SCA: 3470 case Q_LAT: 3471 case Q_MOPRC: 3472 case Q_MOPDL: 3473 #ifdef INET6 3474 case Q_IPV6: 3475 #endif 3476 /* XXX Note that we assume a fixed link header here. */ 3477 s = xfer_to_x(index); 3478 tmp = new_stmt(BPF_LD|BPF_IND|size); 3479 tmp->s.k = off_nl; 3480 sappend(s, tmp); 3481 sappend(index->s, s); 3482 3483 b = gen_proto_abbrev(proto); 3484 if (index->b) 3485 gen_and(index->b, b); 3486 index->b = b; 3487 break; 3488 3489 case Q_SCTP: 3490 case Q_TCP: 3491 case Q_UDP: 3492 case Q_ICMP: 3493 case Q_IGMP: 3494 case Q_IGRP: 3495 case Q_PIM: 3496 case Q_VRRP: 3497 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 3498 s->s.k = off_nl; 3499 sappend(s, xfer_to_a(index)); 3500 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X)); 3501 sappend(s, new_stmt(BPF_MISC|BPF_TAX)); 3502 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size)); 3503 tmp->s.k = off_nl; 3504 sappend(index->s, s); 3505 3506 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag()); 3507 if (index->b) 3508 gen_and(index->b, b); 3509 #ifdef INET6 3510 gen_and(gen_proto_abbrev(Q_IP), b); 3511 #endif 3512 index->b = b; 3513 break; 3514 #ifdef INET6 3515 case Q_ICMPV6: 3516 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]"); 3517 /*NOTREACHED*/ 3518 #endif 3519 } 3520 index->regno = regno; 3521 s = new_stmt(BPF_ST); 3522 s->s.k = regno; 3523 sappend(index->s, s); 3524 3525 return index; 3526 } 3527 3528 struct block * 3529 gen_relation(code, a0, a1, reversed) 3530 int code; 3531 struct arth *a0, *a1; 3532 int reversed; 3533 { 3534 struct slist *s0, *s1, *s2; 3535 struct block *b, *tmp; 3536 3537 s0 = xfer_to_x(a1); 3538 s1 = xfer_to_a(a0); 3539 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X); 3540 b = new_block(JMP(code)); 3541 if (code == BPF_JGT || code == BPF_JGE) { 3542 reversed = !reversed; 3543 b->s.k = 0x80000000; 3544 } 3545 if (reversed) 3546 gen_not(b); 3547 3548 sappend(s1, s2); 3549 sappend(s0, s1); 3550 sappend(a1->s, s0); 3551 sappend(a0->s, a1->s); 3552 3553 b->stmts = a0->s; 3554 3555 free_reg(a0->regno); 3556 free_reg(a1->regno); 3557 3558 /* 'and' together protocol checks */ 3559 if (a0->b) { 3560 if (a1->b) { 3561 gen_and(a0->b, tmp = a1->b); 3562 } 3563 else 3564 tmp = a0->b; 3565 } else 3566 tmp = a1->b; 3567 3568 if (tmp) 3569 gen_and(tmp, b); 3570 3571 return b; 3572 } 3573 3574 struct arth * 3575 gen_loadlen() 3576 { 3577 int regno = alloc_reg(); 3578 struct arth *a = (struct arth *)newchunk(sizeof(*a)); 3579 struct slist *s; 3580 3581 s = new_stmt(BPF_LD|BPF_LEN); 3582 s->next = new_stmt(BPF_ST); 3583 s->next->s.k = regno; 3584 a->s = s; 3585 a->regno = regno; 3586 3587 return a; 3588 } 3589 3590 struct arth * 3591 gen_loadi(val) 3592 int val; 3593 { 3594 struct arth *a; 3595 struct slist *s; 3596 int reg; 3597 3598 a = (struct arth *)newchunk(sizeof(*a)); 3599 3600 reg = alloc_reg(); 3601 3602 s = new_stmt(BPF_LD|BPF_IMM); 3603 s->s.k = val; 3604 s->next = new_stmt(BPF_ST); 3605 s->next->s.k = reg; 3606 a->s = s; 3607 a->regno = reg; 3608 3609 return a; 3610 } 3611 3612 struct arth * 3613 gen_neg(a) 3614 struct arth *a; 3615 { 3616 struct slist *s; 3617 3618 s = xfer_to_a(a); 3619 sappend(a->s, s); 3620 s = new_stmt(BPF_ALU|BPF_NEG); 3621 s->s.k = 0; 3622 sappend(a->s, s); 3623 s = new_stmt(BPF_ST); 3624 s->s.k = a->regno; 3625 sappend(a->s, s); 3626 3627 return a; 3628 } 3629 3630 struct arth * 3631 gen_arth(code, a0, a1) 3632 int code; 3633 struct arth *a0, *a1; 3634 { 3635 struct slist *s0, *s1, *s2; 3636 3637 s0 = xfer_to_x(a1); 3638 s1 = xfer_to_a(a0); 3639 s2 = new_stmt(BPF_ALU|BPF_X|code); 3640 3641 sappend(s1, s2); 3642 sappend(s0, s1); 3643 sappend(a1->s, s0); 3644 sappend(a0->s, a1->s); 3645 3646 free_reg(a1->regno); 3647 3648 s0 = new_stmt(BPF_ST); 3649 a0->regno = s0->s.k = alloc_reg(); 3650 sappend(a0->s, s0); 3651 3652 return a0; 3653 } 3654 3655 /* 3656 * Here we handle simple allocation of the scratch registers. 3657 * If too many registers are alloc'd, the allocator punts. 3658 */ 3659 static int regused[BPF_MEMWORDS]; 3660 static int curreg; 3661 3662 /* 3663 * Return the next free register. 3664 */ 3665 static int 3666 alloc_reg() 3667 { 3668 int n = BPF_MEMWORDS; 3669 3670 while (--n >= 0) { 3671 if (regused[curreg]) 3672 curreg = (curreg + 1) % BPF_MEMWORDS; 3673 else { 3674 regused[curreg] = 1; 3675 return curreg; 3676 } 3677 } 3678 bpf_error("too many registers needed to evaluate expression"); 3679 /* NOTREACHED */ 3680 } 3681 3682 /* 3683 * Return a register to the table so it can 3684 * be used later. 3685 */ 3686 static void 3687 free_reg(n) 3688 int n; 3689 { 3690 regused[n] = 0; 3691 } 3692 3693 static struct block * 3694 gen_len(jmp, n) 3695 int jmp, n; 3696 { 3697 struct slist *s; 3698 struct block *b; 3699 3700 s = new_stmt(BPF_LD|BPF_LEN); 3701 b = new_block(JMP(jmp)); 3702 b->stmts = s; 3703 b->s.k = n; 3704 3705 return b; 3706 } 3707 3708 struct block * 3709 gen_greater(n) 3710 int n; 3711 { 3712 return gen_len(BPF_JGE, n); 3713 } 3714 3715 /* 3716 * Actually, this is less than or equal. 3717 */ 3718 struct block * 3719 gen_less(n) 3720 int n; 3721 { 3722 struct block *b; 3723 3724 b = gen_len(BPF_JGT, n); 3725 gen_not(b); 3726 3727 return b; 3728 } 3729 3730 struct block * 3731 gen_byteop(op, idx, val) 3732 int op, idx, val; 3733 { 3734 struct block *b; 3735 struct slist *s; 3736 3737 switch (op) { 3738 default: 3739 abort(); 3740 3741 case '=': 3742 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 3743 3744 case '<': 3745 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 3746 b->s.code = JMP(BPF_JGE); 3747 gen_not(b); 3748 return b; 3749 3750 case '>': 3751 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 3752 b->s.code = JMP(BPF_JGT); 3753 return b; 3754 3755 case '|': 3756 s = new_stmt(BPF_ALU|BPF_OR|BPF_K); 3757 break; 3758 3759 case '&': 3760 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 3761 break; 3762 } 3763 s->s.k = val; 3764 b = new_block(JMP(BPF_JEQ)); 3765 b->stmts = s; 3766 gen_not(b); 3767 3768 return b; 3769 } 3770 3771 static u_char abroadcast[] = { 0x0 }; 3772 3773 struct block * 3774 gen_broadcast(proto) 3775 int proto; 3776 { 3777 bpf_u_int32 hostmask; 3778 struct block *b0, *b1, *b2; 3779 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 3780 3781 switch (proto) { 3782 3783 case Q_DEFAULT: 3784 case Q_LINK: 3785 if (linktype == DLT_ARCNET) 3786 return gen_ahostop(abroadcast, Q_DST); 3787 if (linktype == DLT_EN10MB) 3788 return gen_ehostop(ebroadcast, Q_DST); 3789 if (linktype == DLT_FDDI) 3790 return gen_fhostop(ebroadcast, Q_DST); 3791 if (linktype == DLT_IEEE802) 3792 return gen_thostop(ebroadcast, Q_DST); 3793 if (linktype == DLT_IEEE802_11) 3794 return gen_whostop(ebroadcast, Q_DST); 3795 bpf_error("not a broadcast link"); 3796 break; 3797 3798 case Q_IP: 3799 b0 = gen_linktype(ETHERTYPE_IP); 3800 hostmask = ~netmask; 3801 b1 = gen_mcmp(off_nl + 16, BPF_W, (bpf_int32)0, hostmask); 3802 b2 = gen_mcmp(off_nl + 16, BPF_W, 3803 (bpf_int32)(~0 & hostmask), hostmask); 3804 gen_or(b1, b2); 3805 gen_and(b0, b2); 3806 return b2; 3807 } 3808 bpf_error("only ether/ip broadcast filters supported"); 3809 } 3810 3811 struct block * 3812 gen_multicast(proto) 3813 int proto; 3814 { 3815 register struct block *b0, *b1; 3816 register struct slist *s; 3817 3818 switch (proto) { 3819 3820 case Q_DEFAULT: 3821 case Q_LINK: 3822 if (linktype == DLT_ARCNET) 3823 /* all ARCnet multicasts use the same address */ 3824 return gen_ahostop(abroadcast, Q_DST); 3825 3826 if (linktype == DLT_EN10MB) { 3827 /* ether[0] & 1 != 0 */ 3828 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 3829 s->s.k = 0; 3830 b0 = new_block(JMP(BPF_JSET)); 3831 b0->s.k = 1; 3832 b0->stmts = s; 3833 return b0; 3834 } 3835 3836 if (linktype == DLT_FDDI) { 3837 /* XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX */ 3838 /* fddi[1] & 1 != 0 */ 3839 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 3840 s->s.k = 1; 3841 b0 = new_block(JMP(BPF_JSET)); 3842 b0->s.k = 1; 3843 b0->stmts = s; 3844 return b0; 3845 } 3846 3847 /* TODO - check how token ring handles multicast */ 3848 /* if (linktype == DLT_IEEE802) ... */ 3849 3850 /* Link not known to support multicasts */ 3851 break; 3852 3853 case Q_IP: 3854 b0 = gen_linktype(ETHERTYPE_IP); 3855 b1 = gen_cmp(off_nl + 16, BPF_B, (bpf_int32)224); 3856 b1->s.code = JMP(BPF_JGE); 3857 gen_and(b0, b1); 3858 return b1; 3859 3860 #ifdef INET6 3861 case Q_IPV6: 3862 b0 = gen_linktype(ETHERTYPE_IPV6); 3863 b1 = gen_cmp(off_nl + 24, BPF_B, (bpf_int32)255); 3864 gen_and(b0, b1); 3865 return b1; 3866 #endif /* INET6 */ 3867 } 3868 bpf_error("only IP multicast filters supported on ethernet/FDDI"); 3869 } 3870 3871 /* 3872 * generate command for inbound/outbound. It's here so we can 3873 * make it link-type specific. 'dir' = 0 implies "inbound", 3874 * = 1 implies "outbound". 3875 */ 3876 struct block * 3877 gen_inbound(dir) 3878 int dir; 3879 { 3880 register struct block *b0; 3881 3882 /* 3883 * Only some data link types support inbound/outbound qualifiers. 3884 */ 3885 switch (linktype) { 3886 case DLT_SLIP: 3887 case DLT_PPP: 3888 b0 = gen_relation(BPF_JEQ, 3889 gen_load(Q_LINK, gen_loadi(0), 1), 3890 gen_loadi(0), 3891 dir); 3892 break; 3893 3894 default: 3895 bpf_error("inbound/outbound not supported on linktype %d\n", 3896 linktype); 3897 b0 = NULL; 3898 /* NOTREACHED */ 3899 } 3900 return (b0); 3901 } 3902 3903 struct block * 3904 gen_acode(eaddr, q) 3905 register const u_char *eaddr; 3906 struct qual q; 3907 { 3908 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) { 3909 if (linktype == DLT_ARCNET) 3910 return gen_ahostop(eaddr, (int)q.dir); 3911 } 3912 bpf_error("ARCnet address used in non-arc expression"); 3913 /* NOTREACHED */ 3914 } 3915 3916 static struct block * 3917 gen_ahostop(eaddr, dir) 3918 register const u_char *eaddr; 3919 register int dir; 3920 { 3921 register struct block *b0, *b1; 3922 3923 switch (dir) { 3924 /* src comes first, different from Ethernet */ 3925 case Q_SRC: 3926 return gen_bcmp(0, 1, eaddr); 3927 3928 case Q_DST: 3929 return gen_bcmp(1, 1, eaddr); 3930 3931 case Q_AND: 3932 b0 = gen_ahostop(eaddr, Q_SRC); 3933 b1 = gen_ahostop(eaddr, Q_DST); 3934 gen_and(b0, b1); 3935 return b1; 3936 3937 case Q_DEFAULT: 3938 case Q_OR: 3939 b0 = gen_ahostop(eaddr, Q_SRC); 3940 b1 = gen_ahostop(eaddr, Q_DST); 3941 gen_or(b0, b1); 3942 return b1; 3943 } 3944 abort(); 3945 /* NOTREACHED */ 3946 } 3947 3948 /* 3949 * support IEEE 802.1Q VLAN trunk over ethernet 3950 */ 3951 struct block * 3952 gen_vlan(vlan_num) 3953 int vlan_num; 3954 { 3955 struct block *b0; 3956 3957 /* 3958 * Change the offsets to point to the type and data fields within 3959 * the VLAN packet. This is somewhat of a kludge. 3960 */ 3961 if (orig_nl == (u_int)-1) { 3962 orig_linktype = off_linktype; /* save original values */ 3963 orig_nl = off_nl; 3964 3965 switch (linktype) { 3966 3967 case DLT_EN10MB: 3968 off_linktype = 16; 3969 off_nl = 18; 3970 break; 3971 3972 default: 3973 bpf_error("no VLAN support for data link type %d", 3974 linktype); 3975 /*NOTREACHED*/ 3976 } 3977 } 3978 3979 /* check for VLAN */ 3980 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q); 3981 3982 /* If a specific VLAN is requested, check VLAN id */ 3983 if (vlan_num >= 0) { 3984 struct block *b1; 3985 3986 b1 = gen_cmp(orig_nl, BPF_H, (bpf_int32)vlan_num); 3987 gen_and(b0, b1); 3988 b0 = b1; 3989 } 3990 3991 return (b0); 3992 } 3993