1 /*#define CHASE_CHAIN*/ 2 /* 3 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998 4 * The Regents of the University of California. All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that: (1) source code distributions 8 * retain the above copyright notice and this paragraph in its entirety, (2) 9 * distributions including binary code include the above copyright notice and 10 * this paragraph in its entirety in the documentation or other materials 11 * provided with the distribution, and (3) all advertising materials mentioning 12 * features or use of this software display the following acknowledgement: 13 * ``This product includes software developed by the University of California, 14 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 15 * the University nor the names of its contributors may be used to endorse 16 * or promote products derived from this software without specific prior 17 * written permission. 18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 19 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 20 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 21 * 22 * $FreeBSD$ 23 */ 24 #ifndef lint 25 static const char rcsid[] = 26 "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.160 2001/11/30 07:25:48 guy Exp $ (LBL)"; 27 #endif 28 29 #ifdef HAVE_CONFIG_H 30 #include "config.h" 31 #endif 32 33 #include <sys/types.h> 34 #include <sys/socket.h> 35 #include <sys/time.h> 36 #ifdef __NetBSD__ 37 #include <sys/param.h> 38 #endif 39 40 struct mbuf; 41 struct rtentry; 42 #include <net/if.h> 43 44 #include <netinet/in.h> 45 46 #include <stdlib.h> 47 #include <string.h> 48 #include <memory.h> 49 #include <setjmp.h> 50 #include <stdarg.h> 51 52 #include "pcap-int.h" 53 54 #include "ethertype.h" 55 #include "nlpid.h" 56 #include "llc.h" 57 #include "gencode.h" 58 #include "ppp.h" 59 #include "sll.h" 60 #include "arcnet.h" 61 #include <pcap-namedb.h> 62 #ifdef INET6 63 #include <netdb.h> 64 #include <sys/socket.h> 65 #endif /*INET6*/ 66 67 #undef ETHERMTU 68 #define ETHERMTU 1500 69 70 #ifndef IPPROTO_SCTP 71 #define IPPROTO_SCTP 132 72 #endif 73 74 #ifdef HAVE_OS_PROTO_H 75 #include "os-proto.h" 76 #endif 77 78 #define JMP(c) ((c)|BPF_JMP|BPF_K) 79 80 /* Locals */ 81 static jmp_buf top_ctx; 82 static pcap_t *bpf_pcap; 83 84 /* Hack for updating VLAN offsets. */ 85 static u_int orig_linktype = -1, orig_nl = -1; 86 87 /* XXX */ 88 #ifdef PCAP_FDDIPAD 89 int pcap_fddipad = PCAP_FDDIPAD; 90 #else 91 int pcap_fddipad; 92 #endif 93 94 /* VARARGS */ 95 void 96 bpf_error(const char *fmt, ...) 97 98 { 99 va_list ap; 100 101 va_start(ap, fmt); 102 if (bpf_pcap != NULL) 103 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE, 104 fmt, ap); 105 va_end(ap); 106 longjmp(top_ctx, 1); 107 /* NOTREACHED */ 108 } 109 110 static void init_linktype(int); 111 112 static int alloc_reg(void); 113 static void free_reg(int); 114 115 static struct block *root; 116 117 /* 118 * We divy out chunks of memory rather than call malloc each time so 119 * we don't have to worry about leaking memory. It's probably 120 * not a big deal if all this memory was wasted but it this ever 121 * goes into a library that would probably not be a good idea. 122 */ 123 #define NCHUNKS 16 124 #define CHUNK0SIZE 1024 125 struct chunk { 126 u_int n_left; 127 void *m; 128 }; 129 130 static struct chunk chunks[NCHUNKS]; 131 static int cur_chunk; 132 133 static void *newchunk(u_int); 134 static void freechunks(void); 135 static inline struct block *new_block(int); 136 static inline struct slist *new_stmt(int); 137 static struct block *gen_retblk(int); 138 static inline void syntax(void); 139 140 static void backpatch(struct block *, struct block *); 141 static void merge(struct block *, struct block *); 142 static struct block *gen_cmp(u_int, u_int, bpf_int32); 143 static struct block *gen_cmp_gt(u_int, u_int, bpf_int32); 144 static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32); 145 static struct block *gen_bcmp(u_int, u_int, const u_char *); 146 static struct block *gen_uncond(int); 147 static inline struct block *gen_true(void); 148 static inline struct block *gen_false(void); 149 static struct block *gen_linktype(int); 150 static struct block *gen_snap(bpf_u_int32, bpf_u_int32, u_int); 151 static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int); 152 #ifdef INET6 153 static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int); 154 #endif 155 static struct block *gen_ahostop(const u_char *, int); 156 static struct block *gen_ehostop(const u_char *, int); 157 static struct block *gen_fhostop(const u_char *, int); 158 static struct block *gen_thostop(const u_char *, int); 159 static struct block *gen_dnhostop(bpf_u_int32, int, u_int); 160 static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int); 161 #ifdef INET6 162 static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int); 163 #endif 164 #ifndef INET6 165 static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int); 166 #endif 167 static struct block *gen_ipfrag(void); 168 static struct block *gen_portatom(int, bpf_int32); 169 #ifdef INET6 170 static struct block *gen_portatom6(int, bpf_int32); 171 #endif 172 struct block *gen_portop(int, int, int); 173 static struct block *gen_port(int, int, int); 174 #ifdef INET6 175 struct block *gen_portop6(int, int, int); 176 static struct block *gen_port6(int, int, int); 177 #endif 178 static int lookup_proto(const char *, int); 179 static struct block *gen_protochain(int, int, int); 180 static struct block *gen_proto(int, int, int); 181 static struct slist *xfer_to_x(struct arth *); 182 static struct slist *xfer_to_a(struct arth *); 183 static struct block *gen_len(int, int); 184 185 static void * 186 newchunk(n) 187 u_int n; 188 { 189 struct chunk *cp; 190 int k, size; 191 192 #ifndef __NetBSD__ 193 /* XXX Round up to nearest long. */ 194 n = (n + sizeof(long) - 1) & ~(sizeof(long) - 1); 195 #else 196 /* XXX Round up to structure boundary. */ 197 n = ALIGN(n); 198 #endif 199 200 cp = &chunks[cur_chunk]; 201 if (n > cp->n_left) { 202 ++cp, k = ++cur_chunk; 203 if (k >= NCHUNKS) 204 bpf_error("out of memory"); 205 size = CHUNK0SIZE << k; 206 cp->m = (void *)malloc(size); 207 memset((char *)cp->m, 0, size); 208 cp->n_left = size; 209 if (n > size) 210 bpf_error("out of memory"); 211 } 212 cp->n_left -= n; 213 return (void *)((char *)cp->m + cp->n_left); 214 } 215 216 static void 217 freechunks() 218 { 219 int i; 220 221 cur_chunk = 0; 222 for (i = 0; i < NCHUNKS; ++i) 223 if (chunks[i].m != NULL) { 224 free(chunks[i].m); 225 chunks[i].m = NULL; 226 } 227 } 228 229 /* 230 * A strdup whose allocations are freed after code generation is over. 231 */ 232 char * 233 sdup(s) 234 register const char *s; 235 { 236 int n = strlen(s) + 1; 237 char *cp = newchunk(n); 238 239 strlcpy(cp, s, n); 240 return (cp); 241 } 242 243 static inline struct block * 244 new_block(code) 245 int code; 246 { 247 struct block *p; 248 249 p = (struct block *)newchunk(sizeof(*p)); 250 p->s.code = code; 251 p->head = p; 252 253 return p; 254 } 255 256 static inline struct slist * 257 new_stmt(code) 258 int code; 259 { 260 struct slist *p; 261 262 p = (struct slist *)newchunk(sizeof(*p)); 263 p->s.code = code; 264 265 return p; 266 } 267 268 static struct block * 269 gen_retblk(v) 270 int v; 271 { 272 struct block *b = new_block(BPF_RET|BPF_K); 273 274 b->s.k = v; 275 return b; 276 } 277 278 static inline void 279 syntax() 280 { 281 bpf_error("syntax error in filter expression"); 282 } 283 284 static bpf_u_int32 netmask; 285 static int snaplen; 286 int no_optimize; 287 288 int 289 pcap_compile(pcap_t *p, struct bpf_program *program, 290 char *buf, int optimize, bpf_u_int32 mask) 291 { 292 extern int n_errors; 293 int len; 294 295 no_optimize = 0; 296 n_errors = 0; 297 root = NULL; 298 bpf_pcap = p; 299 if (setjmp(top_ctx)) { 300 lex_cleanup(); 301 freechunks(); 302 return (-1); 303 } 304 305 netmask = mask; 306 307 snaplen = pcap_snapshot(p); 308 if (snaplen == 0) { 309 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 310 "snaplen of 0 rejects all packets"); 311 return -1; 312 } 313 314 lex_init(buf ? buf : ""); 315 init_linktype(pcap_datalink(p)); 316 (void)pcap_parse(); 317 318 if (n_errors) 319 syntax(); 320 321 if (root == NULL) 322 root = gen_retblk(snaplen); 323 324 if (optimize && !no_optimize) { 325 bpf_optimize(&root); 326 if (root == NULL || 327 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0)) 328 bpf_error("expression rejects all packets"); 329 } 330 program->bf_insns = icode_to_fcode(root, &len); 331 program->bf_len = len; 332 333 lex_cleanup(); 334 freechunks(); 335 return (0); 336 } 337 338 /* 339 * entry point for using the compiler with no pcap open 340 * pass in all the stuff that is needed explicitly instead. 341 */ 342 int 343 pcap_compile_nopcap(int snaplen_arg, int linktype_arg, 344 struct bpf_program *program, 345 char *buf, int optimize, bpf_u_int32 mask) 346 { 347 pcap_t *p; 348 int ret; 349 350 p = pcap_open_dead(linktype_arg, snaplen_arg); 351 if (p == NULL) 352 return (-1); 353 ret = pcap_compile(p, program, buf, optimize, mask); 354 pcap_close(p); 355 return (ret); 356 } 357 358 /* 359 * Clean up a "struct bpf_program" by freeing all the memory allocated 360 * in it. 361 */ 362 void 363 pcap_freecode(struct bpf_program *program) 364 { 365 program->bf_len = 0; 366 if (program->bf_insns != NULL) { 367 free((char *)program->bf_insns); 368 program->bf_insns = NULL; 369 } 370 } 371 372 /* 373 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates 374 * which of the jt and jf fields has been resolved and which is a pointer 375 * back to another unresolved block (or nil). At least one of the fields 376 * in each block is already resolved. 377 */ 378 static void 379 backpatch(list, target) 380 struct block *list, *target; 381 { 382 struct block *next; 383 384 while (list) { 385 if (!list->sense) { 386 next = JT(list); 387 JT(list) = target; 388 } else { 389 next = JF(list); 390 JF(list) = target; 391 } 392 list = next; 393 } 394 } 395 396 /* 397 * Merge the lists in b0 and b1, using the 'sense' field to indicate 398 * which of jt and jf is the link. 399 */ 400 static void 401 merge(b0, b1) 402 struct block *b0, *b1; 403 { 404 register struct block **p = &b0; 405 406 /* Find end of list. */ 407 while (*p) 408 p = !((*p)->sense) ? &JT(*p) : &JF(*p); 409 410 /* Concatenate the lists. */ 411 *p = b1; 412 } 413 414 void 415 finish_parse(p) 416 struct block *p; 417 { 418 backpatch(p, gen_retblk(snaplen)); 419 p->sense = !p->sense; 420 backpatch(p, gen_retblk(0)); 421 root = p->head; 422 } 423 424 void 425 gen_and(b0, b1) 426 struct block *b0, *b1; 427 { 428 backpatch(b0, b1->head); 429 b0->sense = !b0->sense; 430 b1->sense = !b1->sense; 431 merge(b1, b0); 432 b1->sense = !b1->sense; 433 b1->head = b0->head; 434 } 435 436 void 437 gen_or(b0, b1) 438 struct block *b0, *b1; 439 { 440 b0->sense = !b0->sense; 441 backpatch(b0, b1->head); 442 b0->sense = !b0->sense; 443 merge(b1, b0); 444 b1->head = b0->head; 445 } 446 447 void 448 gen_not(b) 449 struct block *b; 450 { 451 b->sense = !b->sense; 452 } 453 454 static struct block * 455 gen_cmp(offset, size, v) 456 u_int offset, size; 457 bpf_int32 v; 458 { 459 struct slist *s; 460 struct block *b; 461 462 s = new_stmt(BPF_LD|BPF_ABS|size); 463 s->s.k = offset; 464 465 b = new_block(JMP(BPF_JEQ)); 466 b->stmts = s; 467 b->s.k = v; 468 469 return b; 470 } 471 472 static struct block * 473 gen_cmp_gt(offset, size, v) 474 u_int offset, size; 475 bpf_int32 v; 476 { 477 struct slist *s; 478 struct block *b; 479 480 s = new_stmt(BPF_LD|BPF_ABS|size); 481 s->s.k = offset; 482 483 b = new_block(JMP(BPF_JGT)); 484 b->stmts = s; 485 b->s.k = v; 486 487 return b; 488 } 489 490 static struct block * 491 gen_mcmp(offset, size, v, mask) 492 u_int offset, size; 493 bpf_int32 v; 494 bpf_u_int32 mask; 495 { 496 struct block *b = gen_cmp(offset, size, v); 497 struct slist *s; 498 499 if (mask != 0xffffffff) { 500 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 501 s->s.k = mask; 502 b->stmts->next = s; 503 } 504 return b; 505 } 506 507 static struct block * 508 gen_bcmp(offset, size, v) 509 register u_int offset, size; 510 register const u_char *v; 511 { 512 register struct block *b, *tmp; 513 514 b = NULL; 515 while (size >= 4) { 516 register const u_char *p = &v[size - 4]; 517 bpf_int32 w = ((bpf_int32)p[0] << 24) | 518 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3]; 519 520 tmp = gen_cmp(offset + size - 4, BPF_W, w); 521 if (b != NULL) 522 gen_and(b, tmp); 523 b = tmp; 524 size -= 4; 525 } 526 while (size >= 2) { 527 register const u_char *p = &v[size - 2]; 528 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1]; 529 530 tmp = gen_cmp(offset + size - 2, BPF_H, w); 531 if (b != NULL) 532 gen_and(b, tmp); 533 b = tmp; 534 size -= 2; 535 } 536 if (size > 0) { 537 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]); 538 if (b != NULL) 539 gen_and(b, tmp); 540 b = tmp; 541 } 542 return b; 543 } 544 545 /* 546 * Various code constructs need to know the layout of the data link 547 * layer. These variables give the necessary offsets. off_linktype 548 * is set to -1 for no encapsulation, in which case, IP is assumed. 549 */ 550 static u_int off_linktype; 551 static u_int off_nl; 552 static int linktype; 553 554 static void 555 init_linktype(type) 556 int type; 557 { 558 linktype = type; 559 560 orig_linktype = -1; 561 orig_nl = -1; 562 563 switch (type) { 564 565 case DLT_ARCNET: 566 off_linktype = 2; 567 off_nl = 6; /* XXX in reality, variable! */ 568 return; 569 570 case DLT_IEEE802_11: 571 off_linktype = 30; /* XXX variable */ 572 off_nl = 32; 573 return; 574 575 case DLT_EN10MB: 576 off_linktype = 12; 577 off_nl = 14; 578 return; 579 580 case DLT_SLIP: 581 /* 582 * SLIP doesn't have a link level type. The 16 byte 583 * header is hacked into our SLIP driver. 584 */ 585 off_linktype = -1; 586 off_nl = 16; 587 return; 588 589 case DLT_SLIP_BSDOS: 590 /* XXX this may be the same as the DLT_PPP_BSDOS case */ 591 off_linktype = -1; 592 /* XXX end */ 593 off_nl = 24; 594 return; 595 596 case DLT_NULL: 597 case DLT_LOOP: 598 off_linktype = 0; 599 off_nl = 4; 600 return; 601 602 case DLT_PPP: 603 case DLT_C_HDLC: /* BSD/OS Cisco HDLC */ 604 case DLT_PPP_SERIAL: /* NetBSD sync/async serial PPP */ 605 off_linktype = 2; 606 off_nl = 4; 607 return; 608 609 case DLT_PPP_ETHER: 610 /* 611 * This does no include the Ethernet header, and 612 * only covers session state. 613 */ 614 off_linktype = 6; 615 off_nl = 8; 616 return; 617 618 case DLT_PPP_BSDOS: 619 off_linktype = 5; 620 off_nl = 24; 621 return; 622 623 case DLT_FDDI: 624 /* 625 * FDDI doesn't really have a link-level type field. 626 * We set "off_linktype" to the offset of the LLC header. 627 * 628 * To check for Ethernet types, we assume that SSAP = SNAP 629 * is being used and pick out the encapsulated Ethernet type. 630 * XXX - should we generate code to check for SNAP? 631 */ 632 off_linktype = 13; 633 #ifdef PCAP_FDDIPAD 634 off_linktype += pcap_fddipad; 635 #endif 636 off_nl = 21; 637 #ifdef PCAP_FDDIPAD 638 off_nl += pcap_fddipad; 639 #endif 640 return; 641 642 case DLT_IEEE802: 643 /* 644 * Token Ring doesn't really have a link-level type field. 645 * We set "off_linktype" to the offset of the LLC header. 646 * 647 * To check for Ethernet types, we assume that SSAP = SNAP 648 * is being used and pick out the encapsulated Ethernet type. 649 * XXX - should we generate code to check for SNAP? 650 * 651 * XXX - the header is actually variable-length. 652 * Some various Linux patched versions gave 38 653 * as "off_linktype" and 40 as "off_nl"; however, 654 * if a token ring packet has *no* routing 655 * information, i.e. is not source-routed, the correct 656 * values are 20 and 22, as they are in the vanilla code. 657 * 658 * A packet is source-routed iff the uppermost bit 659 * of the first byte of the source address, at an 660 * offset of 8, has the uppermost bit set. If the 661 * packet is source-routed, the total number of bytes 662 * of routing information is 2 plus bits 0x1F00 of 663 * the 16-bit value at an offset of 14 (shifted right 664 * 8 - figure out which byte that is). 665 */ 666 off_linktype = 14; 667 off_nl = 22; 668 return; 669 670 #ifdef notdef 671 case DLT_IEEE802_11: 672 /* 673 * 802.11 doesn't really have a link-level type field. 674 * We set "off_linktype" to the offset of the LLC header. 675 * 676 * To check for Ethernet types, we assume that SSAP = SNAP 677 * is being used and pick out the encapsulated Ethernet type. 678 * XXX - should we generate code to check for SNAP? 679 * 680 * XXX - the header is actually variable-length. We 681 * assume a 24-byte link-layer header, as appears in 682 * data frames in networks with no bridges. 683 */ 684 off_linktype = 24; 685 off_nl = 30; 686 return; 687 #endif 688 689 case DLT_PRISM_HEADER: 690 /* 691 * Same as 802.11, but with an additional header before 692 * the 802.11 header, containing a bunch of additional 693 * information including radio-level information. 694 * 695 * The header is 144 bytes long. 696 * 697 * XXX - same variable-length header problem; at least 698 * the Prism header is fixed-length. 699 */ 700 off_linktype = 144+24; 701 off_nl = 144+30; 702 return; 703 704 case DLT_ATM_RFC1483: 705 /* 706 * assume routed, non-ISO PDUs 707 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00) 708 */ 709 off_linktype = 6; 710 off_nl = 8; 711 return; 712 713 case DLT_RAW: 714 off_linktype = -1; 715 off_nl = 0; 716 return; 717 718 case DLT_ATM_CLIP: /* Linux ATM defines this */ 719 off_linktype = 6; 720 off_nl = 8; 721 return; 722 723 case DLT_LINUX_SLL: /* fake header for Linux cooked socket */ 724 off_linktype = 14; 725 off_nl = 16; 726 return; 727 728 case DLT_LTALK: 729 /* 730 * LocalTalk does have a 1-byte type field in the LLAP header, 731 * but really it just indicates whether there is a "short" or 732 * "long" DDP packet following. 733 */ 734 off_linktype = -1; 735 off_nl = 0; 736 return; 737 } 738 bpf_error("unknown data link type %d", linktype); 739 /* NOTREACHED */ 740 } 741 742 static struct block * 743 gen_uncond(rsense) 744 int rsense; 745 { 746 struct block *b; 747 struct slist *s; 748 749 s = new_stmt(BPF_LD|BPF_IMM); 750 s->s.k = !rsense; 751 b = new_block(JMP(BPF_JEQ)); 752 b->stmts = s; 753 754 return b; 755 } 756 757 static inline struct block * 758 gen_true() 759 { 760 return gen_uncond(1); 761 } 762 763 static inline struct block * 764 gen_false() 765 { 766 return gen_uncond(0); 767 } 768 769 /* 770 * Byte-swap a 32-bit number. 771 * ("htonl()" or "ntohl()" won't work - we want to byte-swap even on 772 * big-endian platforms.) 773 */ 774 #define SWAPLONG(y) \ 775 ((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff)) 776 777 static struct block * 778 gen_linktype(proto) 779 register int proto; 780 { 781 struct block *b0, *b1; 782 783 switch (linktype) { 784 785 case DLT_EN10MB: 786 switch (proto) { 787 788 case LLCSAP_ISONS: 789 /* 790 * OSI protocols always use 802.2 encapsulation. 791 * XXX - should we check both the DSAP and the 792 * SSAP, like this, or should we check just the 793 * DSAP? 794 */ 795 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 796 gen_not(b0); 797 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32) 798 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS)); 799 gen_and(b0, b1); 800 return b1; 801 802 case LLCSAP_NETBEUI: 803 /* 804 * NetBEUI always uses 802.2 encapsulation. 805 * XXX - should we check both the DSAP and the 806 * SSAP, like this, or should we check just the 807 * DSAP? 808 */ 809 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 810 gen_not(b0); 811 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32) 812 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI)); 813 gen_and(b0, b1); 814 return b1; 815 816 case LLCSAP_IPX: 817 /* 818 * Check for; 819 * 820 * Ethernet_II frames, which are Ethernet 821 * frames with a frame type of ETHERTYPE_IPX; 822 * 823 * Ethernet_802.3 frames, which are 802.3 824 * frames (i.e., the type/length field is 825 * a length field, <= ETHERMTU, rather than 826 * a type field) with the first two bytes 827 * after the Ethernet/802.3 header being 828 * 0xFFFF; 829 * 830 * Ethernet_802.2 frames, which are 802.3 831 * frames with an 802.2 LLC header and 832 * with the IPX LSAP as the DSAP in the LLC 833 * header; 834 * 835 * Ethernet_SNAP frames, which are 802.3 836 * frames with an LLC header and a SNAP 837 * header and with an OUI of 0x000000 838 * (encapsulated Ethernet) and a protocol 839 * ID of ETHERTYPE_IPX in the SNAP header. 840 * 841 * XXX - should we generate the same code both 842 * for tests for LLCSAP_IPX and for ETHERTYPE_IPX? 843 */ 844 845 /* 846 * This generates code to check both for the 847 * IPX LSAP (Ethernet_802.2) and for Ethernet_802.3. 848 */ 849 b0 = gen_cmp(off_linktype + 2, BPF_B, 850 (bpf_int32)LLCSAP_IPX); 851 b1 = gen_cmp(off_linktype + 2, BPF_H, 852 (bpf_int32)0xFFFF); 853 gen_or(b0, b1); 854 855 /* 856 * Now we add code to check for SNAP frames with 857 * ETHERTYPE_IPX, i.e. Ethernet_SNAP. 858 */ 859 b0 = gen_snap(0x000000, ETHERTYPE_IPX, 14); 860 gen_or(b0, b1); 861 862 /* 863 * Now we generate code to check for 802.3 864 * frames in general. 865 */ 866 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 867 gen_not(b0); 868 869 /* 870 * Now add the check for 802.3 frames before the 871 * check for Ethernet_802.2 and Ethernet_802.3, 872 * as those checks should only be done on 802.3 873 * frames, not on Ethernet frames. 874 */ 875 gen_and(b0, b1); 876 877 /* 878 * Now add the check for Ethernet_II frames, and 879 * do that before checking for the other frame 880 * types. 881 */ 882 b0 = gen_cmp(off_linktype, BPF_H, 883 (bpf_int32)ETHERTYPE_IPX); 884 gen_or(b0, b1); 885 return b1; 886 887 case ETHERTYPE_ATALK: 888 case ETHERTYPE_AARP: 889 /* 890 * EtherTalk (AppleTalk protocols on Ethernet link 891 * layer) may use 802.2 encapsulation. 892 */ 893 894 /* 895 * Check for 802.2 encapsulation (EtherTalk phase 2?); 896 * we check for an Ethernet type field less than 897 * 1500, which means it's an 802.3 length field. 898 */ 899 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 900 gen_not(b0); 901 902 /* 903 * 802.2-encapsulated ETHERTYPE_ATALK packets are 904 * SNAP packets with an organization code of 905 * 0x080007 (Apple, for Appletalk) and a protocol 906 * type of ETHERTYPE_ATALK (Appletalk). 907 * 908 * 802.2-encapsulated ETHERTYPE_AARP packets are 909 * SNAP packets with an organization code of 910 * 0x000000 (encapsulated Ethernet) and a protocol 911 * type of ETHERTYPE_AARP (Appletalk ARP). 912 */ 913 if (proto == ETHERTYPE_ATALK) 914 b1 = gen_snap(0x080007, ETHERTYPE_ATALK, 14); 915 else /* proto == ETHERTYPE_AARP */ 916 b1 = gen_snap(0x000000, ETHERTYPE_AARP, 14); 917 gen_and(b0, b1); 918 919 /* 920 * Check for Ethernet encapsulation (Ethertalk 921 * phase 1?); we just check for the Ethernet 922 * protocol type. 923 */ 924 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 925 926 gen_or(b0, b1); 927 return b1; 928 929 default: 930 if (proto <= ETHERMTU) { 931 /* 932 * This is an LLC SAP value, so the frames 933 * that match would be 802.2 frames. 934 * Check that the frame is an 802.2 frame 935 * (i.e., that the length/type field is 936 * a length field, <= ETHERMTU) and 937 * then check the DSAP. 938 */ 939 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 940 gen_not(b0); 941 b1 = gen_cmp(off_linktype + 2, BPF_B, 942 (bpf_int32)proto); 943 gen_and(b0, b1); 944 return b1; 945 } else { 946 /* 947 * This is an Ethernet type, so compare 948 * the length/type field with it (if 949 * the frame is an 802.2 frame, the length 950 * field will be <= ETHERMTU, and, as 951 * "proto" is > ETHERMTU, this test 952 * will fail and the frame won't match, 953 * which is what we want). 954 */ 955 return gen_cmp(off_linktype, BPF_H, 956 (bpf_int32)proto); 957 } 958 } 959 break; 960 961 case DLT_IEEE802_11: 962 case DLT_PRISM_HEADER: 963 case DLT_FDDI: 964 case DLT_IEEE802: 965 case DLT_ATM_RFC1483: 966 case DLT_ATM_CLIP: 967 /* 968 * XXX - handle token-ring variable-length header. 969 */ 970 switch (proto) { 971 972 case LLCSAP_ISONS: 973 return gen_cmp(off_linktype, BPF_H, (long) 974 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS)); 975 976 case LLCSAP_NETBEUI: 977 return gen_cmp(off_linktype, BPF_H, (long) 978 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI)); 979 980 case LLCSAP_IPX: 981 /* 982 * XXX - are there ever SNAP frames for IPX on 983 * non-Ethernet 802.x networks? 984 */ 985 return gen_cmp(off_linktype, BPF_B, 986 (bpf_int32)LLCSAP_IPX); 987 988 case ETHERTYPE_ATALK: 989 /* 990 * 802.2-encapsulated ETHERTYPE_ATALK packets are 991 * SNAP packets with an organization code of 992 * 0x080007 (Apple, for Appletalk) and a protocol 993 * type of ETHERTYPE_ATALK (Appletalk). 994 * 995 * XXX - check for an organization code of 996 * encapsulated Ethernet as well? 997 */ 998 return gen_snap(0x080007, ETHERTYPE_ATALK, 999 off_linktype); 1000 break; 1001 1002 default: 1003 /* 1004 * XXX - we don't have to check for IPX 802.3 1005 * here, but should we check for the IPX Ethertype? 1006 */ 1007 if (proto <= ETHERMTU) { 1008 /* 1009 * This is an LLC SAP value, so check 1010 * the DSAP. 1011 */ 1012 return gen_cmp(off_linktype, BPF_B, 1013 (bpf_int32)proto); 1014 } else { 1015 /* 1016 * This is an Ethernet type; we assume 1017 * that it's unlikely that it'll 1018 * appear in the right place at random, 1019 * and therefore check only the 1020 * location that would hold the Ethernet 1021 * type in a SNAP frame with an organization 1022 * code of 0x000000 (encapsulated Ethernet). 1023 * 1024 * XXX - if we were to check for the SNAP DSAP 1025 * and LSAP, as per XXX, and were also to check 1026 * for an organization code of 0x000000 1027 * (encapsulated Ethernet), we'd do 1028 * 1029 * return gen_snap(0x000000, proto, 1030 * off_linktype); 1031 * 1032 * here; for now, we don't, as per the above. 1033 * I don't know whether it's worth the 1034 * extra CPU time to do the right check 1035 * or not. 1036 */ 1037 return gen_cmp(off_linktype+6, BPF_H, 1038 (bpf_int32)proto); 1039 } 1040 } 1041 break; 1042 1043 case DLT_LINUX_SLL: 1044 switch (proto) { 1045 1046 case LLCSAP_ISONS: 1047 /* 1048 * OSI protocols always use 802.2 encapsulation. 1049 * XXX - should we check both the DSAP and the 1050 * LSAP, like this, or should we check just the 1051 * DSAP? 1052 */ 1053 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2); 1054 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32) 1055 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS)); 1056 gen_and(b0, b1); 1057 return b1; 1058 1059 case LLCSAP_NETBEUI: 1060 /* 1061 * NetBEUI always uses 802.2 encapsulation. 1062 * XXX - should we check both the DSAP and the 1063 * LSAP, like this, or should we check just the 1064 * DSAP? 1065 */ 1066 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2); 1067 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32) 1068 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI)); 1069 gen_and(b0, b1); 1070 return b1; 1071 1072 case LLCSAP_IPX: 1073 /* 1074 * Ethernet_II frames, which are Ethernet 1075 * frames with a frame type of ETHERTYPE_IPX; 1076 * 1077 * Ethernet_802.3 frames, which have a frame 1078 * type of LINUX_SLL_P_802_3; 1079 * 1080 * Ethernet_802.2 frames, which are 802.3 1081 * frames with an 802.2 LLC header (i.e, have 1082 * a frame type of LINUX_SLL_P_802_2) and 1083 * with the IPX LSAP as the DSAP in the LLC 1084 * header; 1085 * 1086 * Ethernet_SNAP frames, which are 802.3 1087 * frames with an LLC header and a SNAP 1088 * header and with an OUI of 0x000000 1089 * (encapsulated Ethernet) and a protocol 1090 * ID of ETHERTYPE_IPX in the SNAP header. 1091 * 1092 * First, do the checks on LINUX_SLL_P_802_2 1093 * frames; generate the check for either 1094 * Ethernet_802.2 or Ethernet_SNAP frames, and 1095 * then put a check for LINUX_SLL_P_802_2 frames 1096 * before it. 1097 */ 1098 b0 = gen_cmp(off_linktype + 2, BPF_B, 1099 (bpf_int32)LLCSAP_IPX); 1100 b1 = gen_snap(0x000000, ETHERTYPE_IPX, 1101 off_linktype + 2); 1102 gen_or(b0, b1); 1103 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2); 1104 gen_and(b0, b1); 1105 1106 /* 1107 * Now check for 802.3 frames and OR that with 1108 * the previous test. 1109 */ 1110 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_3); 1111 gen_or(b0, b1); 1112 1113 /* 1114 * Now add the check for Ethernet_II frames, and 1115 * do that before checking for the other frame 1116 * types. 1117 */ 1118 b0 = gen_cmp(off_linktype, BPF_H, 1119 (bpf_int32)ETHERTYPE_IPX); 1120 gen_or(b0, b1); 1121 return b1; 1122 1123 case ETHERTYPE_ATALK: 1124 case ETHERTYPE_AARP: 1125 /* 1126 * EtherTalk (AppleTalk protocols on Ethernet link 1127 * layer) may use 802.2 encapsulation. 1128 */ 1129 1130 /* 1131 * Check for 802.2 encapsulation (EtherTalk phase 2?); 1132 * we check for the 802.2 protocol type in the 1133 * "Ethernet type" field. 1134 */ 1135 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2); 1136 1137 /* 1138 * 802.2-encapsulated ETHERTYPE_ATALK packets are 1139 * SNAP packets with an organization code of 1140 * 0x080007 (Apple, for Appletalk) and a protocol 1141 * type of ETHERTYPE_ATALK (Appletalk). 1142 * 1143 * 802.2-encapsulated ETHERTYPE_AARP packets are 1144 * SNAP packets with an organization code of 1145 * 0x000000 (encapsulated Ethernet) and a protocol 1146 * type of ETHERTYPE_AARP (Appletalk ARP). 1147 */ 1148 if (proto == ETHERTYPE_ATALK) 1149 b1 = gen_snap(0x080007, ETHERTYPE_ATALK, 1150 off_linktype + 2); 1151 else /* proto == ETHERTYPE_AARP */ 1152 b1 = gen_snap(0x000000, ETHERTYPE_AARP, 1153 off_linktype + 2); 1154 gen_and(b0, b1); 1155 1156 /* 1157 * Check for Ethernet encapsulation (Ethertalk 1158 * phase 1?); we just check for the Ethernet 1159 * protocol type. 1160 */ 1161 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 1162 1163 gen_or(b0, b1); 1164 return b1; 1165 1166 default: 1167 if (proto <= ETHERMTU) { 1168 /* 1169 * This is an LLC SAP value, so the frames 1170 * that match would be 802.2 frames. 1171 * Check for the 802.2 protocol type 1172 * in the "Ethernet type" field, and 1173 * then check the DSAP. 1174 */ 1175 b0 = gen_cmp(off_linktype, BPF_H, 1176 LINUX_SLL_P_802_2); 1177 b1 = gen_cmp(off_linktype + 2, BPF_B, 1178 (bpf_int32)proto); 1179 gen_and(b0, b1); 1180 return b1; 1181 } else { 1182 /* 1183 * This is an Ethernet type, so compare 1184 * the length/type field with it (if 1185 * the frame is an 802.2 frame, the length 1186 * field will be <= ETHERMTU, and, as 1187 * "proto" is > ETHERMTU, this test 1188 * will fail and the frame won't match, 1189 * which is what we want). 1190 */ 1191 return gen_cmp(off_linktype, BPF_H, 1192 (bpf_int32)proto); 1193 } 1194 } 1195 break; 1196 1197 case DLT_SLIP: 1198 case DLT_SLIP_BSDOS: 1199 case DLT_RAW: 1200 /* 1201 * These types don't provide any type field; packets 1202 * are always IP. 1203 * 1204 * XXX - for IPv4, check for a version number of 4, and, 1205 * for IPv6, check for a version number of 6? 1206 */ 1207 switch (proto) { 1208 1209 case ETHERTYPE_IP: 1210 #ifdef INET6 1211 case ETHERTYPE_IPV6: 1212 #endif 1213 return gen_true(); /* always true */ 1214 1215 default: 1216 return gen_false(); /* always false */ 1217 } 1218 break; 1219 1220 case DLT_PPP: 1221 case DLT_PPP_SERIAL: 1222 case DLT_PPP_ETHER: 1223 /* 1224 * We use Ethernet protocol types inside libpcap; 1225 * map them to the corresponding PPP protocol types. 1226 */ 1227 switch (proto) { 1228 1229 case ETHERTYPE_IP: 1230 proto = PPP_IP; /* XXX was 0x21 */ 1231 break; 1232 1233 #ifdef INET6 1234 case ETHERTYPE_IPV6: 1235 proto = PPP_IPV6; 1236 break; 1237 #endif 1238 1239 case ETHERTYPE_DN: 1240 proto = PPP_DECNET; 1241 break; 1242 1243 case ETHERTYPE_ATALK: 1244 proto = PPP_APPLE; 1245 break; 1246 1247 case ETHERTYPE_NS: 1248 proto = PPP_NS; 1249 break; 1250 1251 case LLCSAP_ISONS: 1252 proto = PPP_OSI; 1253 break; 1254 1255 case LLCSAP_8021D: 1256 /* 1257 * I'm assuming the "Bridging PDU"s that go 1258 * over PPP are Spanning Tree Protocol 1259 * Bridging PDUs. 1260 */ 1261 proto = PPP_BRPDU; 1262 break; 1263 1264 case LLCSAP_IPX: 1265 proto = PPP_IPX; 1266 break; 1267 } 1268 break; 1269 1270 case DLT_PPP_BSDOS: 1271 /* 1272 * We use Ethernet protocol types inside libpcap; 1273 * map them to the corresponding PPP protocol types. 1274 */ 1275 switch (proto) { 1276 1277 case ETHERTYPE_IP: 1278 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP); 1279 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC); 1280 gen_or(b0, b1); 1281 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC); 1282 gen_or(b1, b0); 1283 return b0; 1284 1285 #ifdef INET6 1286 case ETHERTYPE_IPV6: 1287 proto = PPP_IPV6; 1288 /* more to go? */ 1289 break; 1290 #endif 1291 1292 case ETHERTYPE_DN: 1293 proto = PPP_DECNET; 1294 break; 1295 1296 case ETHERTYPE_ATALK: 1297 proto = PPP_APPLE; 1298 break; 1299 1300 case ETHERTYPE_NS: 1301 proto = PPP_NS; 1302 break; 1303 1304 case LLCSAP_ISONS: 1305 proto = PPP_OSI; 1306 break; 1307 1308 case LLCSAP_8021D: 1309 /* 1310 * I'm assuming the "Bridging PDU"s that go 1311 * over PPP are Spanning Tree Protocol 1312 * Bridging PDUs. 1313 */ 1314 proto = PPP_BRPDU; 1315 break; 1316 1317 case LLCSAP_IPX: 1318 proto = PPP_IPX; 1319 break; 1320 } 1321 break; 1322 1323 case DLT_NULL: 1324 case DLT_LOOP: 1325 /* 1326 * For DLT_NULL, the link-layer header is a 32-bit 1327 * word containing an AF_ value in *host* byte order. 1328 * 1329 * In addition, if we're reading a saved capture file, 1330 * the host byte order in the capture may not be the 1331 * same as the host byte order on this machine. 1332 * 1333 * For DLT_LOOP, the link-layer header is a 32-bit 1334 * word containing an AF_ value in *network* byte order. 1335 * 1336 * XXX - AF_ values may, unfortunately, be platform- 1337 * dependent; for example, FreeBSD's AF_INET6 is 24 1338 * whilst NetBSD's and OpenBSD's is 26. 1339 * 1340 * This means that, when reading a capture file, just 1341 * checking for our AF_INET6 value won't work if the 1342 * capture file came from another OS. 1343 */ 1344 switch (proto) { 1345 1346 case ETHERTYPE_IP: 1347 proto = AF_INET; 1348 break; 1349 1350 #ifdef INET6 1351 case ETHERTYPE_IPV6: 1352 proto = AF_INET6; 1353 break; 1354 #endif 1355 1356 default: 1357 /* 1358 * Not a type on which we support filtering. 1359 * XXX - support those that have AF_ values 1360 * #defined on this platform, at least? 1361 */ 1362 return gen_false(); 1363 } 1364 1365 if (linktype == DLT_NULL) { 1366 /* 1367 * The AF_ value is in host byte order, but 1368 * the BPF interpreter will convert it to 1369 * network byte order. 1370 * 1371 * If this is a save file, and it's from a 1372 * machine with the opposite byte order to 1373 * ours, we byte-swap the AF_ value. 1374 * 1375 * Then we run it through "htonl()", and 1376 * generate code to compare against the result. 1377 */ 1378 if (bpf_pcap->sf.rfile != NULL && 1379 bpf_pcap->sf.swapped) 1380 proto = SWAPLONG(proto); 1381 proto = htonl(proto); 1382 } 1383 return (gen_cmp(0, BPF_W, (bpf_int32)proto)); 1384 1385 case DLT_ARCNET: 1386 /* 1387 * XXX should we check for first fragment if the protocol 1388 * uses PHDS? 1389 */ 1390 switch(proto) { 1391 default: 1392 return gen_false(); 1393 #ifdef INET6 1394 case ETHERTYPE_IPV6: 1395 return(gen_cmp(2, BPF_B, 1396 (bpf_int32)htonl(ARCTYPE_INET6))); 1397 #endif /* INET6 */ 1398 case ETHERTYPE_IP: 1399 b0 = gen_cmp(2, BPF_B, (bpf_int32)htonl(ARCTYPE_IP)); 1400 b1 = gen_cmp(2, BPF_B, 1401 (bpf_int32)htonl(ARCTYPE_IP_OLD)); 1402 gen_or(b0, b1); 1403 return(b1); 1404 case ETHERTYPE_ARP: 1405 b0 = gen_cmp(2, BPF_B, (bpf_int32)htonl(ARCTYPE_ARP)); 1406 b1 = gen_cmp(2, BPF_B, 1407 (bpf_int32)htonl(ARCTYPE_ARP_OLD)); 1408 gen_or(b0, b1); 1409 return(b1); 1410 case ETHERTYPE_REVARP: 1411 return(gen_cmp(2, BPF_B, 1412 (bpf_int32)htonl(ARCTYPE_REVARP))); 1413 case ETHERTYPE_ATALK: 1414 return(gen_cmp(2, BPF_B, 1415 (bpf_int32)htonl(ARCTYPE_ATALK))); 1416 } 1417 break; 1418 1419 case DLT_LTALK: 1420 switch (proto) { 1421 case ETHERTYPE_ATALK: 1422 return gen_true(); 1423 default: 1424 return gen_false(); 1425 } 1426 break; 1427 } 1428 1429 /* 1430 * All the types that have no encapsulation should either be 1431 * handled as DLT_SLIP, DLT_SLIP_BSDOS, and DLT_RAW are, if 1432 * all packets are IP packets, or should be handled in some 1433 * special case, if none of them are (if some are and some 1434 * aren't, the lack of encapsulation is a problem, as we'd 1435 * have to find some other way of determining the packet type). 1436 * 1437 * Therefore, if "off_linktype" is -1, there's an error. 1438 */ 1439 if (off_linktype == -1) 1440 abort(); 1441 1442 /* 1443 * Any type not handled above should always have an Ethernet 1444 * type at an offset of "off_linktype". (PPP is partially 1445 * handled above - the protocol type is mapped from the 1446 * Ethernet and LLC types we use internally to the corresponding 1447 * PPP type - but the PPP type is always specified by a value 1448 * at "off_linktype", so we don't have to do the code generation 1449 * above.) 1450 */ 1451 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 1452 } 1453 1454 /* 1455 * Check for an LLC SNAP packet with a given organization code and 1456 * protocol type; we check the entire contents of the 802.2 LLC and 1457 * snap headers, checking for DSAP and SSAP of SNAP and a control 1458 * field of 0x03 in the LLC header, and for the specified organization 1459 * code and protocol type in the SNAP header. 1460 */ 1461 static struct block * 1462 gen_snap(orgcode, ptype, offset) 1463 bpf_u_int32 orgcode; 1464 bpf_u_int32 ptype; 1465 u_int offset; 1466 { 1467 u_char snapblock[8]; 1468 1469 snapblock[0] = LLCSAP_SNAP; /* DSAP = SNAP */ 1470 snapblock[1] = LLCSAP_SNAP; /* SSAP = SNAP */ 1471 snapblock[2] = 0x03; /* control = UI */ 1472 snapblock[3] = (orgcode >> 16); /* upper 8 bits of organization code */ 1473 snapblock[4] = (orgcode >> 8); /* middle 8 bits of organization code */ 1474 snapblock[5] = (orgcode >> 0); /* lower 8 bits of organization code */ 1475 snapblock[6] = (ptype >> 8); /* upper 8 bits of protocol type */ 1476 snapblock[7] = (ptype >> 0); /* lower 8 bits of protocol type */ 1477 return gen_bcmp(offset, 8, snapblock); 1478 } 1479 1480 static struct block * 1481 gen_hostop(addr, mask, dir, proto, src_off, dst_off) 1482 bpf_u_int32 addr; 1483 bpf_u_int32 mask; 1484 int dir, proto; 1485 u_int src_off, dst_off; 1486 { 1487 struct block *b0, *b1; 1488 u_int offset; 1489 1490 switch (dir) { 1491 1492 case Q_SRC: 1493 offset = src_off; 1494 break; 1495 1496 case Q_DST: 1497 offset = dst_off; 1498 break; 1499 1500 case Q_AND: 1501 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off); 1502 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off); 1503 gen_and(b0, b1); 1504 return b1; 1505 1506 case Q_OR: 1507 case Q_DEFAULT: 1508 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off); 1509 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off); 1510 gen_or(b0, b1); 1511 return b1; 1512 1513 default: 1514 abort(); 1515 } 1516 b0 = gen_linktype(proto); 1517 b1 = gen_mcmp(offset, BPF_W, (bpf_int32)addr, mask); 1518 gen_and(b0, b1); 1519 return b1; 1520 } 1521 1522 #ifdef INET6 1523 static struct block * 1524 gen_hostop6(addr, mask, dir, proto, src_off, dst_off) 1525 struct in6_addr *addr; 1526 struct in6_addr *mask; 1527 int dir, proto; 1528 u_int src_off, dst_off; 1529 { 1530 struct block *b0, *b1; 1531 u_int offset; 1532 u_int32_t *a, *m; 1533 1534 switch (dir) { 1535 1536 case Q_SRC: 1537 offset = src_off; 1538 break; 1539 1540 case Q_DST: 1541 offset = dst_off; 1542 break; 1543 1544 case Q_AND: 1545 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off); 1546 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off); 1547 gen_and(b0, b1); 1548 return b1; 1549 1550 case Q_OR: 1551 case Q_DEFAULT: 1552 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off); 1553 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off); 1554 gen_or(b0, b1); 1555 return b1; 1556 1557 default: 1558 abort(); 1559 } 1560 /* this order is important */ 1561 a = (u_int32_t *)addr; 1562 m = (u_int32_t *)mask; 1563 b1 = gen_mcmp(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3])); 1564 b0 = gen_mcmp(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2])); 1565 gen_and(b0, b1); 1566 b0 = gen_mcmp(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1])); 1567 gen_and(b0, b1); 1568 b0 = gen_mcmp(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0])); 1569 gen_and(b0, b1); 1570 b0 = gen_linktype(proto); 1571 gen_and(b0, b1); 1572 return b1; 1573 } 1574 #endif /*INET6*/ 1575 1576 static struct block * 1577 gen_ehostop(eaddr, dir) 1578 register const u_char *eaddr; 1579 register int dir; 1580 { 1581 register struct block *b0, *b1; 1582 1583 switch (dir) { 1584 case Q_SRC: 1585 return gen_bcmp(6, 6, eaddr); 1586 1587 case Q_DST: 1588 return gen_bcmp(0, 6, eaddr); 1589 1590 case Q_AND: 1591 b0 = gen_ehostop(eaddr, Q_SRC); 1592 b1 = gen_ehostop(eaddr, Q_DST); 1593 gen_and(b0, b1); 1594 return b1; 1595 1596 case Q_DEFAULT: 1597 case Q_OR: 1598 b0 = gen_ehostop(eaddr, Q_SRC); 1599 b1 = gen_ehostop(eaddr, Q_DST); 1600 gen_or(b0, b1); 1601 return b1; 1602 } 1603 abort(); 1604 /* NOTREACHED */ 1605 } 1606 1607 /* 1608 * Like gen_ehostop, but for DLT_FDDI 1609 */ 1610 static struct block * 1611 gen_fhostop(eaddr, dir) 1612 register const u_char *eaddr; 1613 register int dir; 1614 { 1615 struct block *b0, *b1; 1616 1617 switch (dir) { 1618 case Q_SRC: 1619 #ifdef PCAP_FDDIPAD 1620 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr); 1621 #else 1622 return gen_bcmp(6 + 1, 6, eaddr); 1623 #endif 1624 1625 case Q_DST: 1626 #ifdef PCAP_FDDIPAD 1627 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr); 1628 #else 1629 return gen_bcmp(0 + 1, 6, eaddr); 1630 #endif 1631 1632 case Q_AND: 1633 b0 = gen_fhostop(eaddr, Q_SRC); 1634 b1 = gen_fhostop(eaddr, Q_DST); 1635 gen_and(b0, b1); 1636 return b1; 1637 1638 case Q_DEFAULT: 1639 case Q_OR: 1640 b0 = gen_fhostop(eaddr, Q_SRC); 1641 b1 = gen_fhostop(eaddr, Q_DST); 1642 gen_or(b0, b1); 1643 return b1; 1644 } 1645 abort(); 1646 /* NOTREACHED */ 1647 } 1648 1649 /* 1650 * Like gen_ehostop, but for DLT_IEEE802 (Token Ring) 1651 */ 1652 static struct block * 1653 gen_thostop(eaddr, dir) 1654 register const u_char *eaddr; 1655 register int dir; 1656 { 1657 register struct block *b0, *b1; 1658 1659 switch (dir) { 1660 case Q_SRC: 1661 return gen_bcmp(8, 6, eaddr); 1662 1663 case Q_DST: 1664 return gen_bcmp(2, 6, eaddr); 1665 1666 case Q_AND: 1667 b0 = gen_thostop(eaddr, Q_SRC); 1668 b1 = gen_thostop(eaddr, Q_DST); 1669 gen_and(b0, b1); 1670 return b1; 1671 1672 case Q_DEFAULT: 1673 case Q_OR: 1674 b0 = gen_thostop(eaddr, Q_SRC); 1675 b1 = gen_thostop(eaddr, Q_DST); 1676 gen_or(b0, b1); 1677 return b1; 1678 } 1679 abort(); 1680 /* NOTREACHED */ 1681 } 1682 1683 /* 1684 * This is quite tricky because there may be pad bytes in front of the 1685 * DECNET header, and then there are two possible data packet formats that 1686 * carry both src and dst addresses, plus 5 packet types in a format that 1687 * carries only the src node, plus 2 types that use a different format and 1688 * also carry just the src node. 1689 * 1690 * Yuck. 1691 * 1692 * Instead of doing those all right, we just look for data packets with 1693 * 0 or 1 bytes of padding. If you want to look at other packets, that 1694 * will require a lot more hacking. 1695 * 1696 * To add support for filtering on DECNET "areas" (network numbers) 1697 * one would want to add a "mask" argument to this routine. That would 1698 * make the filter even more inefficient, although one could be clever 1699 * and not generate masking instructions if the mask is 0xFFFF. 1700 */ 1701 static struct block * 1702 gen_dnhostop(addr, dir, base_off) 1703 bpf_u_int32 addr; 1704 int dir; 1705 u_int base_off; 1706 { 1707 struct block *b0, *b1, *b2, *tmp; 1708 u_int offset_lh; /* offset if long header is received */ 1709 u_int offset_sh; /* offset if short header is received */ 1710 1711 switch (dir) { 1712 1713 case Q_DST: 1714 offset_sh = 1; /* follows flags */ 1715 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */ 1716 break; 1717 1718 case Q_SRC: 1719 offset_sh = 3; /* follows flags, dstnode */ 1720 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */ 1721 break; 1722 1723 case Q_AND: 1724 /* Inefficient because we do our Calvinball dance twice */ 1725 b0 = gen_dnhostop(addr, Q_SRC, base_off); 1726 b1 = gen_dnhostop(addr, Q_DST, base_off); 1727 gen_and(b0, b1); 1728 return b1; 1729 1730 case Q_OR: 1731 case Q_DEFAULT: 1732 /* Inefficient because we do our Calvinball dance twice */ 1733 b0 = gen_dnhostop(addr, Q_SRC, base_off); 1734 b1 = gen_dnhostop(addr, Q_DST, base_off); 1735 gen_or(b0, b1); 1736 return b1; 1737 1738 case Q_ISO: 1739 bpf_error("ISO host filtering not implemented"); 1740 1741 default: 1742 abort(); 1743 } 1744 b0 = gen_linktype(ETHERTYPE_DN); 1745 /* Check for pad = 1, long header case */ 1746 tmp = gen_mcmp(base_off + 2, BPF_H, 1747 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF)); 1748 b1 = gen_cmp(base_off + 2 + 1 + offset_lh, 1749 BPF_H, (bpf_int32)ntohs(addr)); 1750 gen_and(tmp, b1); 1751 /* Check for pad = 0, long header case */ 1752 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7); 1753 b2 = gen_cmp(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr)); 1754 gen_and(tmp, b2); 1755 gen_or(b2, b1); 1756 /* Check for pad = 1, short header case */ 1757 tmp = gen_mcmp(base_off + 2, BPF_H, 1758 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF)); 1759 b2 = gen_cmp(base_off + 2 + 1 + offset_sh, 1760 BPF_H, (bpf_int32)ntohs(addr)); 1761 gen_and(tmp, b2); 1762 gen_or(b2, b1); 1763 /* Check for pad = 0, short header case */ 1764 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7); 1765 b2 = gen_cmp(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr)); 1766 gen_and(tmp, b2); 1767 gen_or(b2, b1); 1768 1769 /* Combine with test for linktype */ 1770 gen_and(b0, b1); 1771 return b1; 1772 } 1773 1774 static struct block * 1775 gen_host(addr, mask, proto, dir) 1776 bpf_u_int32 addr; 1777 bpf_u_int32 mask; 1778 int proto; 1779 int dir; 1780 { 1781 struct block *b0, *b1; 1782 1783 switch (proto) { 1784 1785 case Q_DEFAULT: 1786 b0 = gen_host(addr, mask, Q_IP, dir); 1787 if (off_linktype != -1) { 1788 b1 = gen_host(addr, mask, Q_ARP, dir); 1789 gen_or(b0, b1); 1790 b0 = gen_host(addr, mask, Q_RARP, dir); 1791 gen_or(b1, b0); 1792 } 1793 return b0; 1794 1795 case Q_IP: 1796 return gen_hostop(addr, mask, dir, ETHERTYPE_IP, 1797 off_nl + 12, off_nl + 16); 1798 1799 case Q_RARP: 1800 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP, 1801 off_nl + 14, off_nl + 24); 1802 1803 case Q_ARP: 1804 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP, 1805 off_nl + 14, off_nl + 24); 1806 1807 case Q_TCP: 1808 bpf_error("'tcp' modifier applied to host"); 1809 1810 case Q_SCTP: 1811 bpf_error("'sctp' modifier applied to host"); 1812 1813 case Q_UDP: 1814 bpf_error("'udp' modifier applied to host"); 1815 1816 case Q_ICMP: 1817 bpf_error("'icmp' modifier applied to host"); 1818 1819 case Q_IGMP: 1820 bpf_error("'igmp' modifier applied to host"); 1821 1822 case Q_IGRP: 1823 bpf_error("'igrp' modifier applied to host"); 1824 1825 case Q_PIM: 1826 bpf_error("'pim' modifier applied to host"); 1827 1828 case Q_VRRP: 1829 bpf_error("'vrrp' modifier applied to host"); 1830 1831 case Q_ATALK: 1832 bpf_error("ATALK host filtering not implemented"); 1833 1834 case Q_AARP: 1835 bpf_error("AARP host filtering not implemented"); 1836 1837 case Q_DECNET: 1838 return gen_dnhostop(addr, dir, off_nl); 1839 1840 case Q_SCA: 1841 bpf_error("SCA host filtering not implemented"); 1842 1843 case Q_LAT: 1844 bpf_error("LAT host filtering not implemented"); 1845 1846 case Q_MOPDL: 1847 bpf_error("MOPDL host filtering not implemented"); 1848 1849 case Q_MOPRC: 1850 bpf_error("MOPRC host filtering not implemented"); 1851 1852 #ifdef INET6 1853 case Q_IPV6: 1854 bpf_error("'ip6' modifier applied to ip host"); 1855 1856 case Q_ICMPV6: 1857 bpf_error("'icmp6' modifier applied to host"); 1858 #endif /* INET6 */ 1859 1860 case Q_AH: 1861 bpf_error("'ah' modifier applied to host"); 1862 1863 case Q_ESP: 1864 bpf_error("'esp' modifier applied to host"); 1865 1866 case Q_ISO: 1867 bpf_error("ISO host filtering not implemented"); 1868 1869 case Q_ESIS: 1870 bpf_error("'esis' modifier applied to host"); 1871 1872 case Q_ISIS: 1873 bpf_error("'isis' modifier applied to host"); 1874 1875 case Q_CLNP: 1876 bpf_error("'clnp' modifier applied to host"); 1877 1878 case Q_STP: 1879 bpf_error("'stp' modifier applied to host"); 1880 1881 case Q_IPX: 1882 bpf_error("IPX host filtering not implemented"); 1883 1884 case Q_NETBEUI: 1885 bpf_error("'netbeui' modifier applied to host"); 1886 1887 default: 1888 abort(); 1889 } 1890 /* NOTREACHED */ 1891 } 1892 1893 #ifdef INET6 1894 static struct block * 1895 gen_host6(addr, mask, proto, dir) 1896 struct in6_addr *addr; 1897 struct in6_addr *mask; 1898 int proto; 1899 int dir; 1900 { 1901 switch (proto) { 1902 1903 case Q_DEFAULT: 1904 return gen_host6(addr, mask, Q_IPV6, dir); 1905 1906 case Q_IP: 1907 bpf_error("'ip' modifier applied to ip6 host"); 1908 1909 case Q_RARP: 1910 bpf_error("'rarp' modifier applied to ip6 host"); 1911 1912 case Q_ARP: 1913 bpf_error("'arp' modifier applied to ip6 host"); 1914 1915 case Q_SCTP: 1916 bpf_error("'sctp' modifier applied to host"); 1917 1918 case Q_TCP: 1919 bpf_error("'tcp' modifier applied to host"); 1920 1921 case Q_UDP: 1922 bpf_error("'udp' modifier applied to host"); 1923 1924 case Q_ICMP: 1925 bpf_error("'icmp' modifier applied to host"); 1926 1927 case Q_IGMP: 1928 bpf_error("'igmp' modifier applied to host"); 1929 1930 case Q_IGRP: 1931 bpf_error("'igrp' modifier applied to host"); 1932 1933 case Q_PIM: 1934 bpf_error("'pim' modifier applied to host"); 1935 1936 case Q_VRRP: 1937 bpf_error("'vrrp' modifier applied to host"); 1938 1939 case Q_ATALK: 1940 bpf_error("ATALK host filtering not implemented"); 1941 1942 case Q_AARP: 1943 bpf_error("AARP host filtering not implemented"); 1944 1945 case Q_DECNET: 1946 bpf_error("'decnet' modifier applied to ip6 host"); 1947 1948 case Q_SCA: 1949 bpf_error("SCA host filtering not implemented"); 1950 1951 case Q_LAT: 1952 bpf_error("LAT host filtering not implemented"); 1953 1954 case Q_MOPDL: 1955 bpf_error("MOPDL host filtering not implemented"); 1956 1957 case Q_MOPRC: 1958 bpf_error("MOPRC host filtering not implemented"); 1959 1960 case Q_IPV6: 1961 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6, 1962 off_nl + 8, off_nl + 24); 1963 1964 case Q_ICMPV6: 1965 bpf_error("'icmp6' modifier applied to host"); 1966 1967 case Q_AH: 1968 bpf_error("'ah' modifier applied to host"); 1969 1970 case Q_ESP: 1971 bpf_error("'esp' modifier applied to host"); 1972 1973 case Q_ISO: 1974 bpf_error("ISO host filtering not implemented"); 1975 1976 case Q_ESIS: 1977 bpf_error("'esis' modifier applied to host"); 1978 1979 case Q_ISIS: 1980 bpf_error("'isis' modifier applied to host"); 1981 1982 case Q_CLNP: 1983 bpf_error("'clnp' modifier applied to host"); 1984 1985 case Q_STP: 1986 bpf_error("'stp' modifier applied to host"); 1987 1988 case Q_IPX: 1989 bpf_error("IPX host filtering not implemented"); 1990 1991 case Q_NETBEUI: 1992 bpf_error("'netbeui' modifier applied to host"); 1993 1994 default: 1995 abort(); 1996 } 1997 /* NOTREACHED */ 1998 } 1999 #endif /*INET6*/ 2000 2001 #ifndef INET6 2002 static struct block * 2003 gen_gateway(eaddr, alist, proto, dir) 2004 const u_char *eaddr; 2005 bpf_u_int32 **alist; 2006 int proto; 2007 int dir; 2008 { 2009 struct block *b0, *b1, *tmp; 2010 2011 if (dir != 0) 2012 bpf_error("direction applied to 'gateway'"); 2013 2014 switch (proto) { 2015 case Q_DEFAULT: 2016 case Q_IP: 2017 case Q_ARP: 2018 case Q_RARP: 2019 if (linktype == DLT_EN10MB) 2020 b0 = gen_ehostop(eaddr, Q_OR); 2021 else if (linktype == DLT_FDDI) 2022 b0 = gen_fhostop(eaddr, Q_OR); 2023 else if (linktype == DLT_IEEE802) 2024 b0 = gen_thostop(eaddr, Q_OR); 2025 else 2026 bpf_error( 2027 "'gateway' supported only on ethernet, FDDI or token ring"); 2028 2029 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR); 2030 while (*alist) { 2031 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR); 2032 gen_or(b1, tmp); 2033 b1 = tmp; 2034 } 2035 gen_not(b1); 2036 gen_and(b0, b1); 2037 return b1; 2038 } 2039 bpf_error("illegal modifier of 'gateway'"); 2040 /* NOTREACHED */ 2041 } 2042 #endif 2043 2044 struct block * 2045 gen_proto_abbrev(proto) 2046 int proto; 2047 { 2048 #ifdef INET6 2049 struct block *b0; 2050 #endif 2051 struct block *b1; 2052 2053 switch (proto) { 2054 2055 case Q_SCTP: 2056 b1 = gen_proto(IPPROTO_SCTP, Q_IP, Q_DEFAULT); 2057 #ifdef INET6 2058 b0 = gen_proto(IPPROTO_SCTP, Q_IPV6, Q_DEFAULT); 2059 gen_or(b0, b1); 2060 #endif 2061 break; 2062 2063 case Q_TCP: 2064 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT); 2065 #ifdef INET6 2066 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT); 2067 gen_or(b0, b1); 2068 #endif 2069 break; 2070 2071 case Q_UDP: 2072 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT); 2073 #ifdef INET6 2074 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT); 2075 gen_or(b0, b1); 2076 #endif 2077 break; 2078 2079 case Q_ICMP: 2080 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT); 2081 break; 2082 2083 #ifndef IPPROTO_IGMP 2084 #define IPPROTO_IGMP 2 2085 #endif 2086 2087 case Q_IGMP: 2088 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT); 2089 break; 2090 2091 #ifndef IPPROTO_IGRP 2092 #define IPPROTO_IGRP 9 2093 #endif 2094 case Q_IGRP: 2095 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT); 2096 break; 2097 2098 #ifndef IPPROTO_PIM 2099 #define IPPROTO_PIM 103 2100 #endif 2101 2102 case Q_PIM: 2103 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT); 2104 #ifdef INET6 2105 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT); 2106 gen_or(b0, b1); 2107 #endif 2108 break; 2109 2110 #ifndef IPPROTO_VRRP 2111 #define IPPROTO_VRRP 112 2112 #endif 2113 2114 case Q_VRRP: 2115 b1 = gen_proto(IPPROTO_VRRP, Q_IP, Q_DEFAULT); 2116 break; 2117 2118 case Q_IP: 2119 b1 = gen_linktype(ETHERTYPE_IP); 2120 break; 2121 2122 case Q_ARP: 2123 b1 = gen_linktype(ETHERTYPE_ARP); 2124 break; 2125 2126 case Q_RARP: 2127 b1 = gen_linktype(ETHERTYPE_REVARP); 2128 break; 2129 2130 case Q_LINK: 2131 bpf_error("link layer applied in wrong context"); 2132 2133 case Q_ATALK: 2134 b1 = gen_linktype(ETHERTYPE_ATALK); 2135 break; 2136 2137 case Q_AARP: 2138 b1 = gen_linktype(ETHERTYPE_AARP); 2139 break; 2140 2141 case Q_DECNET: 2142 b1 = gen_linktype(ETHERTYPE_DN); 2143 break; 2144 2145 case Q_SCA: 2146 b1 = gen_linktype(ETHERTYPE_SCA); 2147 break; 2148 2149 case Q_LAT: 2150 b1 = gen_linktype(ETHERTYPE_LAT); 2151 break; 2152 2153 case Q_MOPDL: 2154 b1 = gen_linktype(ETHERTYPE_MOPDL); 2155 break; 2156 2157 case Q_MOPRC: 2158 b1 = gen_linktype(ETHERTYPE_MOPRC); 2159 break; 2160 2161 #ifdef INET6 2162 case Q_IPV6: 2163 b1 = gen_linktype(ETHERTYPE_IPV6); 2164 break; 2165 2166 #ifndef IPPROTO_ICMPV6 2167 #define IPPROTO_ICMPV6 58 2168 #endif 2169 case Q_ICMPV6: 2170 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT); 2171 break; 2172 #endif /* INET6 */ 2173 2174 #ifndef IPPROTO_AH 2175 #define IPPROTO_AH 51 2176 #endif 2177 case Q_AH: 2178 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT); 2179 #ifdef INET6 2180 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT); 2181 gen_or(b0, b1); 2182 #endif 2183 break; 2184 2185 #ifndef IPPROTO_ESP 2186 #define IPPROTO_ESP 50 2187 #endif 2188 case Q_ESP: 2189 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT); 2190 #ifdef INET6 2191 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT); 2192 gen_or(b0, b1); 2193 #endif 2194 break; 2195 2196 case Q_ISO: 2197 b1 = gen_linktype(LLCSAP_ISONS); 2198 break; 2199 2200 case Q_ESIS: 2201 b1 = gen_proto(ISO9542_ESIS, Q_ISO, Q_DEFAULT); 2202 break; 2203 2204 case Q_ISIS: 2205 b1 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT); 2206 break; 2207 2208 case Q_CLNP: 2209 b1 = gen_proto(ISO8473_CLNP, Q_ISO, Q_DEFAULT); 2210 break; 2211 2212 case Q_STP: 2213 b1 = gen_linktype(LLCSAP_8021D); 2214 break; 2215 2216 case Q_IPX: 2217 b1 = gen_linktype(LLCSAP_IPX); 2218 break; 2219 2220 case Q_NETBEUI: 2221 b1 = gen_linktype(LLCSAP_NETBEUI); 2222 break; 2223 2224 default: 2225 abort(); 2226 } 2227 return b1; 2228 } 2229 2230 static struct block * 2231 gen_ipfrag() 2232 { 2233 struct slist *s; 2234 struct block *b; 2235 2236 /* not ip frag */ 2237 s = new_stmt(BPF_LD|BPF_H|BPF_ABS); 2238 s->s.k = off_nl + 6; 2239 b = new_block(JMP(BPF_JSET)); 2240 b->s.k = 0x1fff; 2241 b->stmts = s; 2242 gen_not(b); 2243 2244 return b; 2245 } 2246 2247 static struct block * 2248 gen_portatom(off, v) 2249 int off; 2250 bpf_int32 v; 2251 { 2252 struct slist *s; 2253 struct block *b; 2254 2255 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 2256 s->s.k = off_nl; 2257 2258 s->next = new_stmt(BPF_LD|BPF_IND|BPF_H); 2259 s->next->s.k = off_nl + off; 2260 2261 b = new_block(JMP(BPF_JEQ)); 2262 b->stmts = s; 2263 b->s.k = v; 2264 2265 return b; 2266 } 2267 2268 #ifdef INET6 2269 static struct block * 2270 gen_portatom6(off, v) 2271 int off; 2272 bpf_int32 v; 2273 { 2274 return gen_cmp(off_nl + 40 + off, BPF_H, v); 2275 } 2276 #endif/*INET6*/ 2277 2278 struct block * 2279 gen_portop(port, proto, dir) 2280 int port, proto, dir; 2281 { 2282 struct block *b0, *b1, *tmp; 2283 2284 /* ip proto 'proto' */ 2285 tmp = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)proto); 2286 b0 = gen_ipfrag(); 2287 gen_and(tmp, b0); 2288 2289 switch (dir) { 2290 case Q_SRC: 2291 b1 = gen_portatom(0, (bpf_int32)port); 2292 break; 2293 2294 case Q_DST: 2295 b1 = gen_portatom(2, (bpf_int32)port); 2296 break; 2297 2298 case Q_OR: 2299 case Q_DEFAULT: 2300 tmp = gen_portatom(0, (bpf_int32)port); 2301 b1 = gen_portatom(2, (bpf_int32)port); 2302 gen_or(tmp, b1); 2303 break; 2304 2305 case Q_AND: 2306 tmp = gen_portatom(0, (bpf_int32)port); 2307 b1 = gen_portatom(2, (bpf_int32)port); 2308 gen_and(tmp, b1); 2309 break; 2310 2311 default: 2312 abort(); 2313 } 2314 gen_and(b0, b1); 2315 2316 return b1; 2317 } 2318 2319 static struct block * 2320 gen_port(port, ip_proto, dir) 2321 int port; 2322 int ip_proto; 2323 int dir; 2324 { 2325 struct block *b0, *b1, *tmp; 2326 2327 /* ether proto ip */ 2328 b0 = gen_linktype(ETHERTYPE_IP); 2329 2330 switch (ip_proto) { 2331 case IPPROTO_UDP: 2332 case IPPROTO_TCP: 2333 case IPPROTO_SCTP: 2334 b1 = gen_portop(port, ip_proto, dir); 2335 break; 2336 2337 case PROTO_UNDEF: 2338 tmp = gen_portop(port, IPPROTO_TCP, dir); 2339 b1 = gen_portop(port, IPPROTO_UDP, dir); 2340 gen_or(tmp, b1); 2341 tmp = gen_portop(port, IPPROTO_SCTP, dir); 2342 gen_or(tmp, b1); 2343 break; 2344 2345 default: 2346 abort(); 2347 } 2348 gen_and(b0, b1); 2349 return b1; 2350 } 2351 2352 #ifdef INET6 2353 struct block * 2354 gen_portop6(port, proto, dir) 2355 int port, proto, dir; 2356 { 2357 struct block *b0, *b1, *tmp; 2358 2359 /* ip proto 'proto' */ 2360 b0 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)proto); 2361 2362 switch (dir) { 2363 case Q_SRC: 2364 b1 = gen_portatom6(0, (bpf_int32)port); 2365 break; 2366 2367 case Q_DST: 2368 b1 = gen_portatom6(2, (bpf_int32)port); 2369 break; 2370 2371 case Q_OR: 2372 case Q_DEFAULT: 2373 tmp = gen_portatom6(0, (bpf_int32)port); 2374 b1 = gen_portatom6(2, (bpf_int32)port); 2375 gen_or(tmp, b1); 2376 break; 2377 2378 case Q_AND: 2379 tmp = gen_portatom6(0, (bpf_int32)port); 2380 b1 = gen_portatom6(2, (bpf_int32)port); 2381 gen_and(tmp, b1); 2382 break; 2383 2384 default: 2385 abort(); 2386 } 2387 gen_and(b0, b1); 2388 2389 return b1; 2390 } 2391 2392 static struct block * 2393 gen_port6(port, ip_proto, dir) 2394 int port; 2395 int ip_proto; 2396 int dir; 2397 { 2398 struct block *b0, *b1, *tmp; 2399 2400 /* ether proto ip */ 2401 b0 = gen_linktype(ETHERTYPE_IPV6); 2402 2403 switch (ip_proto) { 2404 case IPPROTO_UDP: 2405 case IPPROTO_TCP: 2406 case IPPROTO_SCTP: 2407 b1 = gen_portop6(port, ip_proto, dir); 2408 break; 2409 2410 case PROTO_UNDEF: 2411 tmp = gen_portop6(port, IPPROTO_TCP, dir); 2412 b1 = gen_portop6(port, IPPROTO_UDP, dir); 2413 gen_or(tmp, b1); 2414 tmp = gen_portop6(port, IPPROTO_SCTP, dir); 2415 gen_or(tmp, b1); 2416 break; 2417 2418 default: 2419 abort(); 2420 } 2421 gen_and(b0, b1); 2422 return b1; 2423 } 2424 #endif /* INET6 */ 2425 2426 static int 2427 lookup_proto(name, proto) 2428 register const char *name; 2429 register int proto; 2430 { 2431 register int v; 2432 2433 switch (proto) { 2434 2435 case Q_DEFAULT: 2436 case Q_IP: 2437 case Q_IPV6: 2438 v = pcap_nametoproto(name); 2439 if (v == PROTO_UNDEF) 2440 bpf_error("unknown ip proto '%s'", name); 2441 break; 2442 2443 case Q_LINK: 2444 /* XXX should look up h/w protocol type based on linktype */ 2445 v = pcap_nametoeproto(name); 2446 if (v == PROTO_UNDEF) 2447 bpf_error("unknown ether proto '%s'", name); 2448 break; 2449 2450 case Q_ISO: 2451 if (strcmp(name, "esis") == 0) 2452 v = ISO9542_ESIS; 2453 else if (strcmp(name, "isis") == 0) 2454 v = ISO10589_ISIS; 2455 else if (strcmp(name, "clnp") == 0) 2456 v = ISO8473_CLNP; 2457 else 2458 bpf_error("unknown osi proto '%s'", name); 2459 break; 2460 2461 default: 2462 v = PROTO_UNDEF; 2463 break; 2464 } 2465 return v; 2466 } 2467 2468 #if 0 2469 struct stmt * 2470 gen_joinsp(s, n) 2471 struct stmt **s; 2472 int n; 2473 { 2474 return NULL; 2475 } 2476 #endif 2477 2478 static struct block * 2479 gen_protochain(v, proto, dir) 2480 int v; 2481 int proto; 2482 int dir; 2483 { 2484 #ifdef NO_PROTOCHAIN 2485 return gen_proto(v, proto, dir); 2486 #else 2487 struct block *b0, *b; 2488 struct slist *s[100]; 2489 int fix2, fix3, fix4, fix5; 2490 int ahcheck, again, end; 2491 int i, max; 2492 int reg2 = alloc_reg(); 2493 2494 memset(s, 0, sizeof(s)); 2495 fix2 = fix3 = fix4 = fix5 = 0; 2496 2497 switch (proto) { 2498 case Q_IP: 2499 case Q_IPV6: 2500 break; 2501 case Q_DEFAULT: 2502 b0 = gen_protochain(v, Q_IP, dir); 2503 b = gen_protochain(v, Q_IPV6, dir); 2504 gen_or(b0, b); 2505 return b; 2506 default: 2507 bpf_error("bad protocol applied for 'protochain'"); 2508 /*NOTREACHED*/ 2509 } 2510 2511 no_optimize = 1; /*this code is not compatible with optimzer yet */ 2512 2513 /* 2514 * s[0] is a dummy entry to protect other BPF insn from damaged 2515 * by s[fix] = foo with uninitialized variable "fix". It is somewhat 2516 * hard to find interdependency made by jump table fixup. 2517 */ 2518 i = 0; 2519 s[i] = new_stmt(0); /*dummy*/ 2520 i++; 2521 2522 switch (proto) { 2523 case Q_IP: 2524 b0 = gen_linktype(ETHERTYPE_IP); 2525 2526 /* A = ip->ip_p */ 2527 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B); 2528 s[i]->s.k = off_nl + 9; 2529 i++; 2530 /* X = ip->ip_hl << 2 */ 2531 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 2532 s[i]->s.k = off_nl; 2533 i++; 2534 break; 2535 #ifdef INET6 2536 case Q_IPV6: 2537 b0 = gen_linktype(ETHERTYPE_IPV6); 2538 2539 /* A = ip6->ip_nxt */ 2540 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B); 2541 s[i]->s.k = off_nl + 6; 2542 i++; 2543 /* X = sizeof(struct ip6_hdr) */ 2544 s[i] = new_stmt(BPF_LDX|BPF_IMM); 2545 s[i]->s.k = 40; 2546 i++; 2547 break; 2548 #endif 2549 default: 2550 bpf_error("unsupported proto to gen_protochain"); 2551 /*NOTREACHED*/ 2552 } 2553 2554 /* again: if (A == v) goto end; else fall through; */ 2555 again = i; 2556 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 2557 s[i]->s.k = v; 2558 s[i]->s.jt = NULL; /*later*/ 2559 s[i]->s.jf = NULL; /*update in next stmt*/ 2560 fix5 = i; 2561 i++; 2562 2563 #ifndef IPPROTO_NONE 2564 #define IPPROTO_NONE 59 2565 #endif 2566 /* if (A == IPPROTO_NONE) goto end */ 2567 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 2568 s[i]->s.jt = NULL; /*later*/ 2569 s[i]->s.jf = NULL; /*update in next stmt*/ 2570 s[i]->s.k = IPPROTO_NONE; 2571 s[fix5]->s.jf = s[i]; 2572 fix2 = i; 2573 i++; 2574 2575 #ifdef INET6 2576 if (proto == Q_IPV6) { 2577 int v6start, v6end, v6advance, j; 2578 2579 v6start = i; 2580 /* if (A == IPPROTO_HOPOPTS) goto v6advance */ 2581 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 2582 s[i]->s.jt = NULL; /*later*/ 2583 s[i]->s.jf = NULL; /*update in next stmt*/ 2584 s[i]->s.k = IPPROTO_HOPOPTS; 2585 s[fix2]->s.jf = s[i]; 2586 i++; 2587 /* if (A == IPPROTO_DSTOPTS) goto v6advance */ 2588 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 2589 s[i]->s.jt = NULL; /*later*/ 2590 s[i]->s.jf = NULL; /*update in next stmt*/ 2591 s[i]->s.k = IPPROTO_DSTOPTS; 2592 i++; 2593 /* if (A == IPPROTO_ROUTING) goto v6advance */ 2594 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 2595 s[i]->s.jt = NULL; /*later*/ 2596 s[i]->s.jf = NULL; /*update in next stmt*/ 2597 s[i]->s.k = IPPROTO_ROUTING; 2598 i++; 2599 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */ 2600 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 2601 s[i]->s.jt = NULL; /*later*/ 2602 s[i]->s.jf = NULL; /*later*/ 2603 s[i]->s.k = IPPROTO_FRAGMENT; 2604 fix3 = i; 2605 v6end = i; 2606 i++; 2607 2608 /* v6advance: */ 2609 v6advance = i; 2610 2611 /* 2612 * in short, 2613 * A = P[X]; 2614 * X = X + (P[X + 1] + 1) * 8; 2615 */ 2616 /* A = X */ 2617 s[i] = new_stmt(BPF_MISC|BPF_TXA); 2618 i++; 2619 /* A = P[X + packet head] */ 2620 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 2621 s[i]->s.k = off_nl; 2622 i++; 2623 /* MEM[reg2] = A */ 2624 s[i] = new_stmt(BPF_ST); 2625 s[i]->s.k = reg2; 2626 i++; 2627 /* A = X */ 2628 s[i] = new_stmt(BPF_MISC|BPF_TXA); 2629 i++; 2630 /* A += 1 */ 2631 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2632 s[i]->s.k = 1; 2633 i++; 2634 /* X = A */ 2635 s[i] = new_stmt(BPF_MISC|BPF_TAX); 2636 i++; 2637 /* A = P[X + packet head]; */ 2638 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 2639 s[i]->s.k = off_nl; 2640 i++; 2641 /* A += 1 */ 2642 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2643 s[i]->s.k = 1; 2644 i++; 2645 /* A *= 8 */ 2646 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K); 2647 s[i]->s.k = 8; 2648 i++; 2649 /* X = A; */ 2650 s[i] = new_stmt(BPF_MISC|BPF_TAX); 2651 i++; 2652 /* A = MEM[reg2] */ 2653 s[i] = new_stmt(BPF_LD|BPF_MEM); 2654 s[i]->s.k = reg2; 2655 i++; 2656 2657 /* goto again; (must use BPF_JA for backward jump) */ 2658 s[i] = new_stmt(BPF_JMP|BPF_JA); 2659 s[i]->s.k = again - i - 1; 2660 s[i - 1]->s.jf = s[i]; 2661 i++; 2662 2663 /* fixup */ 2664 for (j = v6start; j <= v6end; j++) 2665 s[j]->s.jt = s[v6advance]; 2666 } else 2667 #endif 2668 { 2669 /* nop */ 2670 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2671 s[i]->s.k = 0; 2672 s[fix2]->s.jf = s[i]; 2673 i++; 2674 } 2675 2676 /* ahcheck: */ 2677 ahcheck = i; 2678 /* if (A == IPPROTO_AH) then fall through; else goto end; */ 2679 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 2680 s[i]->s.jt = NULL; /*later*/ 2681 s[i]->s.jf = NULL; /*later*/ 2682 s[i]->s.k = IPPROTO_AH; 2683 if (fix3) 2684 s[fix3]->s.jf = s[ahcheck]; 2685 fix4 = i; 2686 i++; 2687 2688 /* 2689 * in short, 2690 * A = P[X]; 2691 * X = X + (P[X + 1] + 2) * 4; 2692 */ 2693 /* A = X */ 2694 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA); 2695 i++; 2696 /* A = P[X + packet head]; */ 2697 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 2698 s[i]->s.k = off_nl; 2699 i++; 2700 /* MEM[reg2] = A */ 2701 s[i] = new_stmt(BPF_ST); 2702 s[i]->s.k = reg2; 2703 i++; 2704 /* A = X */ 2705 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA); 2706 i++; 2707 /* A += 1 */ 2708 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2709 s[i]->s.k = 1; 2710 i++; 2711 /* X = A */ 2712 s[i] = new_stmt(BPF_MISC|BPF_TAX); 2713 i++; 2714 /* A = P[X + packet head] */ 2715 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 2716 s[i]->s.k = off_nl; 2717 i++; 2718 /* A += 2 */ 2719 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2720 s[i]->s.k = 2; 2721 i++; 2722 /* A *= 4 */ 2723 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K); 2724 s[i]->s.k = 4; 2725 i++; 2726 /* X = A; */ 2727 s[i] = new_stmt(BPF_MISC|BPF_TAX); 2728 i++; 2729 /* A = MEM[reg2] */ 2730 s[i] = new_stmt(BPF_LD|BPF_MEM); 2731 s[i]->s.k = reg2; 2732 i++; 2733 2734 /* goto again; (must use BPF_JA for backward jump) */ 2735 s[i] = new_stmt(BPF_JMP|BPF_JA); 2736 s[i]->s.k = again - i - 1; 2737 i++; 2738 2739 /* end: nop */ 2740 end = i; 2741 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2742 s[i]->s.k = 0; 2743 s[fix2]->s.jt = s[end]; 2744 s[fix4]->s.jf = s[end]; 2745 s[fix5]->s.jt = s[end]; 2746 i++; 2747 2748 /* 2749 * make slist chain 2750 */ 2751 max = i; 2752 for (i = 0; i < max - 1; i++) 2753 s[i]->next = s[i + 1]; 2754 s[max - 1]->next = NULL; 2755 2756 /* 2757 * emit final check 2758 */ 2759 b = new_block(JMP(BPF_JEQ)); 2760 b->stmts = s[1]; /*remember, s[0] is dummy*/ 2761 b->s.k = v; 2762 2763 free_reg(reg2); 2764 2765 gen_and(b0, b); 2766 return b; 2767 #endif 2768 } 2769 2770 static struct block * 2771 gen_proto(v, proto, dir) 2772 int v; 2773 int proto; 2774 int dir; 2775 { 2776 struct block *b0, *b1; 2777 2778 if (dir != Q_DEFAULT) 2779 bpf_error("direction applied to 'proto'"); 2780 2781 switch (proto) { 2782 case Q_DEFAULT: 2783 #ifdef INET6 2784 b0 = gen_proto(v, Q_IP, dir); 2785 b1 = gen_proto(v, Q_IPV6, dir); 2786 gen_or(b0, b1); 2787 return b1; 2788 #else 2789 /*FALLTHROUGH*/ 2790 #endif 2791 case Q_IP: 2792 b0 = gen_linktype(ETHERTYPE_IP); 2793 #ifndef CHASE_CHAIN 2794 b1 = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)v); 2795 #else 2796 b1 = gen_protochain(v, Q_IP); 2797 #endif 2798 gen_and(b0, b1); 2799 return b1; 2800 2801 case Q_ISO: 2802 b0 = gen_linktype(LLCSAP_ISONS); 2803 b1 = gen_cmp(off_nl + 3, BPF_B, (long)v); 2804 gen_and(b0, b1); 2805 return b1; 2806 2807 case Q_ARP: 2808 bpf_error("arp does not encapsulate another protocol"); 2809 /* NOTREACHED */ 2810 2811 case Q_RARP: 2812 bpf_error("rarp does not encapsulate another protocol"); 2813 /* NOTREACHED */ 2814 2815 case Q_ATALK: 2816 bpf_error("atalk encapsulation is not specifiable"); 2817 /* NOTREACHED */ 2818 2819 case Q_DECNET: 2820 bpf_error("decnet encapsulation is not specifiable"); 2821 /* NOTREACHED */ 2822 2823 case Q_SCA: 2824 bpf_error("sca does not encapsulate another protocol"); 2825 /* NOTREACHED */ 2826 2827 case Q_LAT: 2828 bpf_error("lat does not encapsulate another protocol"); 2829 /* NOTREACHED */ 2830 2831 case Q_MOPRC: 2832 bpf_error("moprc does not encapsulate another protocol"); 2833 /* NOTREACHED */ 2834 2835 case Q_MOPDL: 2836 bpf_error("mopdl does not encapsulate another protocol"); 2837 /* NOTREACHED */ 2838 2839 case Q_LINK: 2840 return gen_linktype(v); 2841 2842 case Q_UDP: 2843 bpf_error("'udp proto' is bogus"); 2844 /* NOTREACHED */ 2845 2846 case Q_TCP: 2847 bpf_error("'tcp proto' is bogus"); 2848 /* NOTREACHED */ 2849 2850 case Q_SCTP: 2851 bpf_error("'sctp proto' is bogus"); 2852 /* NOTREACHED */ 2853 2854 case Q_ICMP: 2855 bpf_error("'icmp proto' is bogus"); 2856 /* NOTREACHED */ 2857 2858 case Q_IGMP: 2859 bpf_error("'igmp proto' is bogus"); 2860 /* NOTREACHED */ 2861 2862 case Q_IGRP: 2863 bpf_error("'igrp proto' is bogus"); 2864 /* NOTREACHED */ 2865 2866 case Q_PIM: 2867 bpf_error("'pim proto' is bogus"); 2868 /* NOTREACHED */ 2869 2870 case Q_VRRP: 2871 bpf_error("'vrrp proto' is bogus"); 2872 /* NOTREACHED */ 2873 2874 #ifdef INET6 2875 case Q_IPV6: 2876 b0 = gen_linktype(ETHERTYPE_IPV6); 2877 #ifndef CHASE_CHAIN 2878 b1 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)v); 2879 #else 2880 b1 = gen_protochain(v, Q_IPV6); 2881 #endif 2882 gen_and(b0, b1); 2883 return b1; 2884 2885 case Q_ICMPV6: 2886 bpf_error("'icmp6 proto' is bogus"); 2887 #endif /* INET6 */ 2888 2889 case Q_AH: 2890 bpf_error("'ah proto' is bogus"); 2891 2892 case Q_ESP: 2893 bpf_error("'ah proto' is bogus"); 2894 2895 case Q_STP: 2896 bpf_error("'stp proto' is bogus"); 2897 2898 case Q_IPX: 2899 bpf_error("'ipx proto' is bogus"); 2900 2901 case Q_NETBEUI: 2902 bpf_error("'netbeui proto' is bogus"); 2903 2904 default: 2905 abort(); 2906 /* NOTREACHED */ 2907 } 2908 /* NOTREACHED */ 2909 } 2910 2911 struct block * 2912 gen_scode(name, q) 2913 register const char *name; 2914 struct qual q; 2915 { 2916 int proto = q.proto; 2917 int dir = q.dir; 2918 int tproto; 2919 u_char *eaddr; 2920 bpf_u_int32 mask, addr; 2921 #ifndef INET6 2922 bpf_u_int32 **alist; 2923 #else 2924 int tproto6; 2925 struct sockaddr_in *sin; 2926 struct sockaddr_in6 *sin6; 2927 struct addrinfo *res, *res0; 2928 struct in6_addr mask128; 2929 #endif /*INET6*/ 2930 struct block *b, *tmp; 2931 int port, real_proto; 2932 2933 switch (q.addr) { 2934 2935 case Q_NET: 2936 addr = pcap_nametonetaddr(name); 2937 if (addr == 0) 2938 bpf_error("unknown network '%s'", name); 2939 /* Left justify network addr and calculate its network mask */ 2940 mask = 0xffffffff; 2941 while (addr && (addr & 0xff000000) == 0) { 2942 addr <<= 8; 2943 mask <<= 8; 2944 } 2945 return gen_host(addr, mask, proto, dir); 2946 2947 case Q_DEFAULT: 2948 case Q_HOST: 2949 if (proto == Q_LINK) { 2950 switch (linktype) { 2951 2952 case DLT_EN10MB: 2953 eaddr = pcap_ether_hostton(name); 2954 if (eaddr == NULL) 2955 bpf_error( 2956 "unknown ether host '%s'", name); 2957 b = gen_ehostop(eaddr, dir); 2958 free(eaddr); 2959 return b; 2960 2961 case DLT_FDDI: 2962 eaddr = pcap_ether_hostton(name); 2963 if (eaddr == NULL) 2964 bpf_error( 2965 "unknown FDDI host '%s'", name); 2966 b = gen_fhostop(eaddr, dir); 2967 free(eaddr); 2968 return b; 2969 2970 case DLT_IEEE802: 2971 eaddr = pcap_ether_hostton(name); 2972 if (eaddr == NULL) 2973 bpf_error( 2974 "unknown token ring host '%s'", name); 2975 b = gen_thostop(eaddr, dir); 2976 free(eaddr); 2977 return b; 2978 2979 default: 2980 bpf_error( 2981 "only ethernet/FDDI/token ring supports link-level host name"); 2982 break; 2983 } 2984 } else if (proto == Q_DECNET) { 2985 unsigned short dn_addr = __pcap_nametodnaddr(name); 2986 /* 2987 * I don't think DECNET hosts can be multihomed, so 2988 * there is no need to build up a list of addresses 2989 */ 2990 return (gen_host(dn_addr, 0, proto, dir)); 2991 } else { 2992 #ifndef INET6 2993 alist = pcap_nametoaddr(name); 2994 if (alist == NULL || *alist == NULL) 2995 bpf_error("unknown host '%s'", name); 2996 tproto = proto; 2997 if (off_linktype == -1 && tproto == Q_DEFAULT) 2998 tproto = Q_IP; 2999 b = gen_host(**alist++, 0xffffffff, tproto, dir); 3000 while (*alist) { 3001 tmp = gen_host(**alist++, 0xffffffff, 3002 tproto, dir); 3003 gen_or(b, tmp); 3004 b = tmp; 3005 } 3006 return b; 3007 #else 3008 memset(&mask128, 0xff, sizeof(mask128)); 3009 res0 = res = pcap_nametoaddrinfo(name); 3010 if (res == NULL) 3011 bpf_error("unknown host '%s'", name); 3012 b = tmp = NULL; 3013 tproto = tproto6 = proto; 3014 if (off_linktype == -1 && tproto == Q_DEFAULT) { 3015 tproto = Q_IP; 3016 tproto6 = Q_IPV6; 3017 } 3018 for (res = res0; res; res = res->ai_next) { 3019 switch (res->ai_family) { 3020 case AF_INET: 3021 if (tproto == Q_IPV6) 3022 continue; 3023 3024 sin = (struct sockaddr_in *) 3025 res->ai_addr; 3026 tmp = gen_host(ntohl(sin->sin_addr.s_addr), 3027 0xffffffff, tproto, dir); 3028 break; 3029 case AF_INET6: 3030 if (tproto6 == Q_IP) 3031 continue; 3032 3033 sin6 = (struct sockaddr_in6 *) 3034 res->ai_addr; 3035 tmp = gen_host6(&sin6->sin6_addr, 3036 &mask128, tproto6, dir); 3037 break; 3038 default: 3039 continue; 3040 } 3041 if (b) 3042 gen_or(b, tmp); 3043 b = tmp; 3044 } 3045 freeaddrinfo(res0); 3046 if (b == NULL) { 3047 bpf_error("unknown host '%s'%s", name, 3048 (proto == Q_DEFAULT) 3049 ? "" 3050 : " for specified address family"); 3051 } 3052 return b; 3053 #endif /*INET6*/ 3054 } 3055 3056 case Q_PORT: 3057 if (proto != Q_DEFAULT && 3058 proto != Q_UDP && proto != Q_TCP && proto != Q_SCTP) 3059 bpf_error("illegal qualifier of 'port'"); 3060 if (pcap_nametoport(name, &port, &real_proto) == 0) 3061 bpf_error("unknown port '%s'", name); 3062 if (proto == Q_UDP) { 3063 if (real_proto == IPPROTO_TCP) 3064 bpf_error("port '%s' is tcp", name); 3065 else if (real_proto == IPPROTO_SCTP) 3066 bpf_error("port '%s' is sctp", name); 3067 else 3068 /* override PROTO_UNDEF */ 3069 real_proto = IPPROTO_UDP; 3070 } 3071 if (proto == Q_TCP) { 3072 if (real_proto == IPPROTO_UDP) 3073 bpf_error("port '%s' is udp", name); 3074 3075 else if (real_proto == IPPROTO_SCTP) 3076 bpf_error("port '%s' is sctp", name); 3077 else 3078 /* override PROTO_UNDEF */ 3079 real_proto = IPPROTO_TCP; 3080 } 3081 if (proto == Q_SCTP) { 3082 if (real_proto == IPPROTO_UDP) 3083 bpf_error("port '%s' is udp", name); 3084 3085 else if (real_proto == IPPROTO_TCP) 3086 bpf_error("port '%s' is tcp", name); 3087 else 3088 /* override PROTO_UNDEF */ 3089 real_proto = IPPROTO_SCTP; 3090 } 3091 #ifndef INET6 3092 return gen_port(port, real_proto, dir); 3093 #else 3094 { 3095 struct block *b; 3096 b = gen_port(port, real_proto, dir); 3097 gen_or(gen_port6(port, real_proto, dir), b); 3098 return b; 3099 } 3100 #endif /* INET6 */ 3101 3102 case Q_GATEWAY: 3103 #ifndef INET6 3104 eaddr = pcap_ether_hostton(name); 3105 if (eaddr == NULL) 3106 bpf_error("unknown ether host: %s", name); 3107 3108 alist = pcap_nametoaddr(name); 3109 if (alist == NULL || *alist == NULL) 3110 bpf_error("unknown host '%s'", name); 3111 b = gen_gateway(eaddr, alist, proto, dir); 3112 free(eaddr); 3113 return b; 3114 #else 3115 bpf_error("'gateway' not supported in this configuration"); 3116 #endif /*INET6*/ 3117 3118 case Q_PROTO: 3119 real_proto = lookup_proto(name, proto); 3120 if (real_proto >= 0) 3121 return gen_proto(real_proto, proto, dir); 3122 else 3123 bpf_error("unknown protocol: %s", name); 3124 3125 case Q_PROTOCHAIN: 3126 real_proto = lookup_proto(name, proto); 3127 if (real_proto >= 0) 3128 return gen_protochain(real_proto, proto, dir); 3129 else 3130 bpf_error("unknown protocol: %s", name); 3131 3132 3133 case Q_UNDEF: 3134 syntax(); 3135 /* NOTREACHED */ 3136 } 3137 abort(); 3138 /* NOTREACHED */ 3139 } 3140 3141 struct block * 3142 gen_mcode(s1, s2, masklen, q) 3143 register const char *s1, *s2; 3144 register int masklen; 3145 struct qual q; 3146 { 3147 register int nlen, mlen; 3148 bpf_u_int32 n, m; 3149 3150 nlen = __pcap_atoin(s1, &n); 3151 /* Promote short ipaddr */ 3152 n <<= 32 - nlen; 3153 3154 if (s2 != NULL) { 3155 mlen = __pcap_atoin(s2, &m); 3156 /* Promote short ipaddr */ 3157 m <<= 32 - mlen; 3158 if ((n & ~m) != 0) 3159 bpf_error("non-network bits set in \"%s mask %s\"", 3160 s1, s2); 3161 } else { 3162 /* Convert mask len to mask */ 3163 if (masklen > 32) 3164 bpf_error("mask length must be <= 32"); 3165 m = 0xffffffff << (32 - masklen); 3166 if ((n & ~m) != 0) 3167 bpf_error("non-network bits set in \"%s/%d\"", 3168 s1, masklen); 3169 } 3170 3171 switch (q.addr) { 3172 3173 case Q_NET: 3174 return gen_host(n, m, q.proto, q.dir); 3175 3176 default: 3177 bpf_error("Mask syntax for networks only"); 3178 /* NOTREACHED */ 3179 } 3180 } 3181 3182 struct block * 3183 gen_ncode(s, v, q) 3184 register const char *s; 3185 bpf_u_int32 v; 3186 struct qual q; 3187 { 3188 bpf_u_int32 mask; 3189 int proto = q.proto; 3190 int dir = q.dir; 3191 register int vlen; 3192 3193 if (s == NULL) 3194 vlen = 32; 3195 else if (q.proto == Q_DECNET) 3196 vlen = __pcap_atodn(s, &v); 3197 else 3198 vlen = __pcap_atoin(s, &v); 3199 3200 switch (q.addr) { 3201 3202 case Q_DEFAULT: 3203 case Q_HOST: 3204 case Q_NET: 3205 if (proto == Q_DECNET) 3206 return gen_host(v, 0, proto, dir); 3207 else if (proto == Q_LINK) { 3208 bpf_error("illegal link layer address"); 3209 } else { 3210 mask = 0xffffffff; 3211 if (s == NULL && q.addr == Q_NET) { 3212 /* Promote short net number */ 3213 while (v && (v & 0xff000000) == 0) { 3214 v <<= 8; 3215 mask <<= 8; 3216 } 3217 } else { 3218 /* Promote short ipaddr */ 3219 v <<= 32 - vlen; 3220 mask <<= 32 - vlen; 3221 } 3222 return gen_host(v, mask, proto, dir); 3223 } 3224 3225 case Q_PORT: 3226 if (proto == Q_UDP) 3227 proto = IPPROTO_UDP; 3228 else if (proto == Q_TCP) 3229 proto = IPPROTO_TCP; 3230 else if (proto == Q_SCTP) 3231 proto = IPPROTO_SCTP; 3232 else if (proto == Q_DEFAULT) 3233 proto = PROTO_UNDEF; 3234 else 3235 bpf_error("illegal qualifier of 'port'"); 3236 3237 #ifndef INET6 3238 return gen_port((int)v, proto, dir); 3239 #else 3240 { 3241 struct block *b; 3242 b = gen_port((int)v, proto, dir); 3243 gen_or(gen_port6((int)v, proto, dir), b); 3244 return b; 3245 } 3246 #endif /* INET6 */ 3247 3248 case Q_GATEWAY: 3249 bpf_error("'gateway' requires a name"); 3250 /* NOTREACHED */ 3251 3252 case Q_PROTO: 3253 return gen_proto((int)v, proto, dir); 3254 3255 case Q_PROTOCHAIN: 3256 return gen_protochain((int)v, proto, dir); 3257 3258 case Q_UNDEF: 3259 syntax(); 3260 /* NOTREACHED */ 3261 3262 default: 3263 abort(); 3264 /* NOTREACHED */ 3265 } 3266 /* NOTREACHED */ 3267 } 3268 3269 #ifdef INET6 3270 struct block * 3271 gen_mcode6(s1, s2, masklen, q) 3272 register const char *s1, *s2; 3273 register int masklen; 3274 struct qual q; 3275 { 3276 struct addrinfo *res; 3277 struct in6_addr *addr; 3278 struct in6_addr mask; 3279 struct block *b; 3280 u_int32_t *a, *m; 3281 3282 if (s2) 3283 bpf_error("no mask %s supported", s2); 3284 3285 res = pcap_nametoaddrinfo(s1); 3286 if (!res) 3287 bpf_error("invalid ip6 address %s", s1); 3288 if (res->ai_next) 3289 bpf_error("%s resolved to multiple address", s1); 3290 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr; 3291 3292 if (sizeof(mask) * 8 < masklen) 3293 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8)); 3294 memset(&mask, 0, sizeof(mask)); 3295 memset(&mask, 0xff, masklen / 8); 3296 if (masklen % 8) { 3297 mask.s6_addr[masklen / 8] = 3298 (0xff << (8 - masklen % 8)) & 0xff; 3299 } 3300 3301 a = (u_int32_t *)addr; 3302 m = (u_int32_t *)&mask; 3303 if ((a[0] & ~m[0]) || (a[1] & ~m[1]) 3304 || (a[2] & ~m[2]) || (a[3] & ~m[3])) { 3305 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen); 3306 } 3307 3308 switch (q.addr) { 3309 3310 case Q_DEFAULT: 3311 case Q_HOST: 3312 if (masklen != 128) 3313 bpf_error("Mask syntax for networks only"); 3314 /* FALLTHROUGH */ 3315 3316 case Q_NET: 3317 b = gen_host6(addr, &mask, q.proto, q.dir); 3318 freeaddrinfo(res); 3319 return b; 3320 3321 default: 3322 bpf_error("invalid qualifier against IPv6 address"); 3323 /* NOTREACHED */ 3324 } 3325 } 3326 #endif /*INET6*/ 3327 3328 struct block * 3329 gen_ecode(eaddr, q) 3330 register const u_char *eaddr; 3331 struct qual q; 3332 { 3333 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) { 3334 if (linktype == DLT_EN10MB) 3335 return gen_ehostop(eaddr, (int)q.dir); 3336 if (linktype == DLT_FDDI) 3337 return gen_fhostop(eaddr, (int)q.dir); 3338 if (linktype == DLT_IEEE802) 3339 return gen_thostop(eaddr, (int)q.dir); 3340 bpf_error("ethernet addresses supported only on ethernet, FDDI or token ring"); 3341 } 3342 bpf_error("ethernet address used in non-ether expression"); 3343 /* NOTREACHED */ 3344 } 3345 3346 void 3347 sappend(s0, s1) 3348 struct slist *s0, *s1; 3349 { 3350 /* 3351 * This is definitely not the best way to do this, but the 3352 * lists will rarely get long. 3353 */ 3354 while (s0->next) 3355 s0 = s0->next; 3356 s0->next = s1; 3357 } 3358 3359 static struct slist * 3360 xfer_to_x(a) 3361 struct arth *a; 3362 { 3363 struct slist *s; 3364 3365 s = new_stmt(BPF_LDX|BPF_MEM); 3366 s->s.k = a->regno; 3367 return s; 3368 } 3369 3370 static struct slist * 3371 xfer_to_a(a) 3372 struct arth *a; 3373 { 3374 struct slist *s; 3375 3376 s = new_stmt(BPF_LD|BPF_MEM); 3377 s->s.k = a->regno; 3378 return s; 3379 } 3380 3381 struct arth * 3382 gen_load(proto, index, size) 3383 int proto; 3384 struct arth *index; 3385 int size; 3386 { 3387 struct slist *s, *tmp; 3388 struct block *b; 3389 int regno = alloc_reg(); 3390 3391 free_reg(index->regno); 3392 switch (size) { 3393 3394 default: 3395 bpf_error("data size must be 1, 2, or 4"); 3396 3397 case 1: 3398 size = BPF_B; 3399 break; 3400 3401 case 2: 3402 size = BPF_H; 3403 break; 3404 3405 case 4: 3406 size = BPF_W; 3407 break; 3408 } 3409 switch (proto) { 3410 default: 3411 bpf_error("unsupported index operation"); 3412 3413 case Q_LINK: 3414 s = xfer_to_x(index); 3415 tmp = new_stmt(BPF_LD|BPF_IND|size); 3416 sappend(s, tmp); 3417 sappend(index->s, s); 3418 break; 3419 3420 case Q_IP: 3421 case Q_ARP: 3422 case Q_RARP: 3423 case Q_ATALK: 3424 case Q_DECNET: 3425 case Q_SCA: 3426 case Q_LAT: 3427 case Q_MOPRC: 3428 case Q_MOPDL: 3429 #ifdef INET6 3430 case Q_IPV6: 3431 #endif 3432 /* XXX Note that we assume a fixed link header here. */ 3433 s = xfer_to_x(index); 3434 tmp = new_stmt(BPF_LD|BPF_IND|size); 3435 tmp->s.k = off_nl; 3436 sappend(s, tmp); 3437 sappend(index->s, s); 3438 3439 b = gen_proto_abbrev(proto); 3440 if (index->b) 3441 gen_and(index->b, b); 3442 index->b = b; 3443 break; 3444 3445 case Q_SCTP: 3446 case Q_TCP: 3447 case Q_UDP: 3448 case Q_ICMP: 3449 case Q_IGMP: 3450 case Q_IGRP: 3451 case Q_PIM: 3452 case Q_VRRP: 3453 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 3454 s->s.k = off_nl; 3455 sappend(s, xfer_to_a(index)); 3456 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X)); 3457 sappend(s, new_stmt(BPF_MISC|BPF_TAX)); 3458 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size)); 3459 tmp->s.k = off_nl; 3460 sappend(index->s, s); 3461 3462 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag()); 3463 if (index->b) 3464 gen_and(index->b, b); 3465 #ifdef INET6 3466 gen_and(gen_proto_abbrev(Q_IP), b); 3467 #endif 3468 index->b = b; 3469 break; 3470 #ifdef INET6 3471 case Q_ICMPV6: 3472 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]"); 3473 /*NOTREACHED*/ 3474 #endif 3475 } 3476 index->regno = regno; 3477 s = new_stmt(BPF_ST); 3478 s->s.k = regno; 3479 sappend(index->s, s); 3480 3481 return index; 3482 } 3483 3484 struct block * 3485 gen_relation(code, a0, a1, reversed) 3486 int code; 3487 struct arth *a0, *a1; 3488 int reversed; 3489 { 3490 struct slist *s0, *s1, *s2; 3491 struct block *b, *tmp; 3492 3493 s0 = xfer_to_x(a1); 3494 s1 = xfer_to_a(a0); 3495 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X); 3496 b = new_block(JMP(code)); 3497 if (code == BPF_JGT || code == BPF_JGE) { 3498 reversed = !reversed; 3499 b->s.k = 0x80000000; 3500 } 3501 if (reversed) 3502 gen_not(b); 3503 3504 sappend(s1, s2); 3505 sappend(s0, s1); 3506 sappend(a1->s, s0); 3507 sappend(a0->s, a1->s); 3508 3509 b->stmts = a0->s; 3510 3511 free_reg(a0->regno); 3512 free_reg(a1->regno); 3513 3514 /* 'and' together protocol checks */ 3515 if (a0->b) { 3516 if (a1->b) { 3517 gen_and(a0->b, tmp = a1->b); 3518 } 3519 else 3520 tmp = a0->b; 3521 } else 3522 tmp = a1->b; 3523 3524 if (tmp) 3525 gen_and(tmp, b); 3526 3527 return b; 3528 } 3529 3530 struct arth * 3531 gen_loadlen() 3532 { 3533 int regno = alloc_reg(); 3534 struct arth *a = (struct arth *)newchunk(sizeof(*a)); 3535 struct slist *s; 3536 3537 s = new_stmt(BPF_LD|BPF_LEN); 3538 s->next = new_stmt(BPF_ST); 3539 s->next->s.k = regno; 3540 a->s = s; 3541 a->regno = regno; 3542 3543 return a; 3544 } 3545 3546 struct arth * 3547 gen_loadi(val) 3548 int val; 3549 { 3550 struct arth *a; 3551 struct slist *s; 3552 int reg; 3553 3554 a = (struct arth *)newchunk(sizeof(*a)); 3555 3556 reg = alloc_reg(); 3557 3558 s = new_stmt(BPF_LD|BPF_IMM); 3559 s->s.k = val; 3560 s->next = new_stmt(BPF_ST); 3561 s->next->s.k = reg; 3562 a->s = s; 3563 a->regno = reg; 3564 3565 return a; 3566 } 3567 3568 struct arth * 3569 gen_neg(a) 3570 struct arth *a; 3571 { 3572 struct slist *s; 3573 3574 s = xfer_to_a(a); 3575 sappend(a->s, s); 3576 s = new_stmt(BPF_ALU|BPF_NEG); 3577 s->s.k = 0; 3578 sappend(a->s, s); 3579 s = new_stmt(BPF_ST); 3580 s->s.k = a->regno; 3581 sappend(a->s, s); 3582 3583 return a; 3584 } 3585 3586 struct arth * 3587 gen_arth(code, a0, a1) 3588 int code; 3589 struct arth *a0, *a1; 3590 { 3591 struct slist *s0, *s1, *s2; 3592 3593 s0 = xfer_to_x(a1); 3594 s1 = xfer_to_a(a0); 3595 s2 = new_stmt(BPF_ALU|BPF_X|code); 3596 3597 sappend(s1, s2); 3598 sappend(s0, s1); 3599 sappend(a1->s, s0); 3600 sappend(a0->s, a1->s); 3601 3602 free_reg(a1->regno); 3603 3604 s0 = new_stmt(BPF_ST); 3605 a0->regno = s0->s.k = alloc_reg(); 3606 sappend(a0->s, s0); 3607 3608 return a0; 3609 } 3610 3611 /* 3612 * Here we handle simple allocation of the scratch registers. 3613 * If too many registers are alloc'd, the allocator punts. 3614 */ 3615 static int regused[BPF_MEMWORDS]; 3616 static int curreg; 3617 3618 /* 3619 * Return the next free register. 3620 */ 3621 static int 3622 alloc_reg() 3623 { 3624 int n = BPF_MEMWORDS; 3625 3626 while (--n >= 0) { 3627 if (regused[curreg]) 3628 curreg = (curreg + 1) % BPF_MEMWORDS; 3629 else { 3630 regused[curreg] = 1; 3631 return curreg; 3632 } 3633 } 3634 bpf_error("too many registers needed to evaluate expression"); 3635 /* NOTREACHED */ 3636 } 3637 3638 /* 3639 * Return a register to the table so it can 3640 * be used later. 3641 */ 3642 static void 3643 free_reg(n) 3644 int n; 3645 { 3646 regused[n] = 0; 3647 } 3648 3649 static struct block * 3650 gen_len(jmp, n) 3651 int jmp, n; 3652 { 3653 struct slist *s; 3654 struct block *b; 3655 3656 s = new_stmt(BPF_LD|BPF_LEN); 3657 b = new_block(JMP(jmp)); 3658 b->stmts = s; 3659 b->s.k = n; 3660 3661 return b; 3662 } 3663 3664 struct block * 3665 gen_greater(n) 3666 int n; 3667 { 3668 return gen_len(BPF_JGE, n); 3669 } 3670 3671 /* 3672 * Actually, this is less than or equal. 3673 */ 3674 struct block * 3675 gen_less(n) 3676 int n; 3677 { 3678 struct block *b; 3679 3680 b = gen_len(BPF_JGT, n); 3681 gen_not(b); 3682 3683 return b; 3684 } 3685 3686 struct block * 3687 gen_byteop(op, idx, val) 3688 int op, idx, val; 3689 { 3690 struct block *b; 3691 struct slist *s; 3692 3693 switch (op) { 3694 default: 3695 abort(); 3696 3697 case '=': 3698 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 3699 3700 case '<': 3701 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 3702 b->s.code = JMP(BPF_JGE); 3703 gen_not(b); 3704 return b; 3705 3706 case '>': 3707 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 3708 b->s.code = JMP(BPF_JGT); 3709 return b; 3710 3711 case '|': 3712 s = new_stmt(BPF_ALU|BPF_OR|BPF_K); 3713 break; 3714 3715 case '&': 3716 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 3717 break; 3718 } 3719 s->s.k = val; 3720 b = new_block(JMP(BPF_JEQ)); 3721 b->stmts = s; 3722 gen_not(b); 3723 3724 return b; 3725 } 3726 3727 static u_char abroadcast[] = { 0x0 }; 3728 3729 struct block * 3730 gen_broadcast(proto) 3731 int proto; 3732 { 3733 bpf_u_int32 hostmask; 3734 struct block *b0, *b1, *b2; 3735 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 3736 3737 switch (proto) { 3738 3739 case Q_DEFAULT: 3740 case Q_LINK: 3741 if (linktype == DLT_ARCNET) 3742 return gen_ahostop(abroadcast, Q_DST); 3743 if (linktype == DLT_EN10MB) 3744 return gen_ehostop(ebroadcast, Q_DST); 3745 if (linktype == DLT_FDDI) 3746 return gen_fhostop(ebroadcast, Q_DST); 3747 if (linktype == DLT_IEEE802) 3748 return gen_thostop(ebroadcast, Q_DST); 3749 bpf_error("not a broadcast link"); 3750 break; 3751 3752 case Q_IP: 3753 b0 = gen_linktype(ETHERTYPE_IP); 3754 hostmask = ~netmask; 3755 b1 = gen_mcmp(off_nl + 16, BPF_W, (bpf_int32)0, hostmask); 3756 b2 = gen_mcmp(off_nl + 16, BPF_W, 3757 (bpf_int32)(~0 & hostmask), hostmask); 3758 gen_or(b1, b2); 3759 gen_and(b0, b2); 3760 return b2; 3761 } 3762 bpf_error("only ether/ip broadcast filters supported"); 3763 } 3764 3765 struct block * 3766 gen_multicast(proto) 3767 int proto; 3768 { 3769 register struct block *b0, *b1; 3770 register struct slist *s; 3771 3772 switch (proto) { 3773 3774 case Q_DEFAULT: 3775 case Q_LINK: 3776 if (linktype == DLT_ARCNET) 3777 /* all ARCnet multicasts use the same address */ 3778 return gen_ahostop(abroadcast, Q_DST); 3779 3780 if (linktype == DLT_EN10MB) { 3781 /* ether[0] & 1 != 0 */ 3782 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 3783 s->s.k = 0; 3784 b0 = new_block(JMP(BPF_JSET)); 3785 b0->s.k = 1; 3786 b0->stmts = s; 3787 return b0; 3788 } 3789 3790 if (linktype == DLT_FDDI) { 3791 /* XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX */ 3792 /* fddi[1] & 1 != 0 */ 3793 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 3794 s->s.k = 1; 3795 b0 = new_block(JMP(BPF_JSET)); 3796 b0->s.k = 1; 3797 b0->stmts = s; 3798 return b0; 3799 } 3800 3801 /* TODO - check how token ring handles multicast */ 3802 /* if (linktype == DLT_IEEE802) ... */ 3803 3804 /* Link not known to support multicasts */ 3805 break; 3806 3807 case Q_IP: 3808 b0 = gen_linktype(ETHERTYPE_IP); 3809 b1 = gen_cmp(off_nl + 16, BPF_B, (bpf_int32)224); 3810 b1->s.code = JMP(BPF_JGE); 3811 gen_and(b0, b1); 3812 return b1; 3813 3814 #ifdef INET6 3815 case Q_IPV6: 3816 b0 = gen_linktype(ETHERTYPE_IPV6); 3817 b1 = gen_cmp(off_nl + 24, BPF_B, (bpf_int32)255); 3818 gen_and(b0, b1); 3819 return b1; 3820 #endif /* INET6 */ 3821 } 3822 bpf_error("only IP multicast filters supported on ethernet/FDDI"); 3823 } 3824 3825 /* 3826 * generate command for inbound/outbound. It's here so we can 3827 * make it link-type specific. 'dir' = 0 implies "inbound", 3828 * = 1 implies "outbound". 3829 */ 3830 struct block * 3831 gen_inbound(dir) 3832 int dir; 3833 { 3834 register struct block *b0; 3835 3836 /* 3837 * Only some data link types support inbound/outbound qualifiers. 3838 */ 3839 switch (linktype) { 3840 case DLT_SLIP: 3841 case DLT_PPP: 3842 b0 = gen_relation(BPF_JEQ, 3843 gen_load(Q_LINK, gen_loadi(0), 1), 3844 gen_loadi(0), 3845 dir); 3846 break; 3847 3848 default: 3849 bpf_error("inbound/outbound not supported on linktype %d\n", 3850 linktype); 3851 b0 = NULL; 3852 /* NOTREACHED */ 3853 } 3854 return (b0); 3855 } 3856 3857 struct block * 3858 gen_acode(eaddr, q) 3859 register const u_char *eaddr; 3860 struct qual q; 3861 { 3862 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) { 3863 if (linktype == DLT_ARCNET) 3864 return gen_ahostop(eaddr, (int)q.dir); 3865 } 3866 bpf_error("ARCnet address used in non-arc expression"); 3867 /* NOTREACHED */ 3868 } 3869 3870 static struct block * 3871 gen_ahostop(eaddr, dir) 3872 register const u_char *eaddr; 3873 register int dir; 3874 { 3875 register struct block *b0, *b1; 3876 3877 switch (dir) { 3878 /* src comes first, different from Ethernet */ 3879 case Q_SRC: 3880 return gen_bcmp(0, 1, eaddr); 3881 3882 case Q_DST: 3883 return gen_bcmp(1, 1, eaddr); 3884 3885 case Q_AND: 3886 b0 = gen_ahostop(eaddr, Q_SRC); 3887 b1 = gen_ahostop(eaddr, Q_DST); 3888 gen_and(b0, b1); 3889 return b1; 3890 3891 case Q_DEFAULT: 3892 case Q_OR: 3893 b0 = gen_ahostop(eaddr, Q_SRC); 3894 b1 = gen_ahostop(eaddr, Q_DST); 3895 gen_or(b0, b1); 3896 return b1; 3897 } 3898 abort(); 3899 /* NOTREACHED */ 3900 } 3901 3902 /* 3903 * support IEEE 802.1Q VLAN trunk over ethernet 3904 */ 3905 struct block * 3906 gen_vlan(vlan_num) 3907 int vlan_num; 3908 { 3909 struct block *b0; 3910 3911 /* 3912 * Change the offsets to point to the type and data fields within 3913 * the VLAN packet. This is somewhat of a kludge. 3914 */ 3915 if (orig_nl == (u_int)-1) { 3916 orig_linktype = off_linktype; /* save original values */ 3917 orig_nl = off_nl; 3918 3919 switch (linktype) { 3920 3921 case DLT_EN10MB: 3922 off_linktype = 16; 3923 off_nl = 18; 3924 break; 3925 3926 default: 3927 bpf_error("no VLAN support for data link type %d", 3928 linktype); 3929 /*NOTREACHED*/ 3930 } 3931 } 3932 3933 /* check for VLAN */ 3934 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q); 3935 3936 /* If a specific VLAN is requested, check VLAN id */ 3937 if (vlan_num >= 0) { 3938 struct block *b1; 3939 3940 b1 = gen_cmp(orig_nl, BPF_H, (bpf_int32)vlan_num); 3941 gen_and(b0, b1); 3942 b0 = b1; 3943 } 3944 3945 return (b0); 3946 } 3947