1 /*#define CHASE_CHAIN*/ 2 /* 3 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998 4 * The Regents of the University of California. All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that: (1) source code distributions 8 * retain the above copyright notice and this paragraph in its entirety, (2) 9 * distributions including binary code include the above copyright notice and 10 * this paragraph in its entirety in the documentation or other materials 11 * provided with the distribution, and (3) all advertising materials mentioning 12 * features or use of this software display the following acknowledgement: 13 * ``This product includes software developed by the University of California, 14 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 15 * the University nor the names of its contributors may be used to endorse 16 * or promote products derived from this software without specific prior 17 * written permission. 18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 19 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 20 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 21 * 22 * $FreeBSD$ 23 */ 24 #ifndef lint 25 static const char rcsid[] _U_ = 26 "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.193.2.8 2004/03/29 20:53:47 guy Exp $ (LBL)"; 27 #endif 28 29 #ifdef HAVE_CONFIG_H 30 #include "config.h" 31 #endif 32 33 #ifdef WIN32 34 #include <pcap-stdinc.h> 35 #else /* WIN32 */ 36 #include <sys/types.h> 37 #include <sys/socket.h> 38 #include <sys/time.h> 39 #endif /* WIN32 */ 40 41 /* 42 * XXX - why was this included even on UNIX? 43 */ 44 #ifdef __MINGW32__ 45 #include "IP6_misc.h" 46 #endif 47 48 #ifndef WIN32 49 50 #ifdef __NetBSD__ 51 #include <sys/param.h> 52 #endif 53 54 #include <netinet/in.h> 55 56 #endif /* WIN32 */ 57 58 #include <stdlib.h> 59 #include <string.h> 60 #include <memory.h> 61 #include <setjmp.h> 62 #include <stdarg.h> 63 64 #include "pcap-int.h" 65 66 #include "ethertype.h" 67 #include "nlpid.h" 68 #include "llc.h" 69 #include "gencode.h" 70 #include "atmuni31.h" 71 #include "sunatmpos.h" 72 #include "ppp.h" 73 #include "sll.h" 74 #include "arcnet.h" 75 #include "pf.h" 76 #ifndef offsetof 77 #define offsetof(s, e) ((size_t)&((s *)0)->e) 78 #endif 79 #ifdef INET6 80 #ifndef WIN32 81 #include <netdb.h> /* for "struct addrinfo" */ 82 #endif /* WIN32 */ 83 #endif /*INET6*/ 84 #include <pcap-namedb.h> 85 86 #undef ETHERMTU 87 #define ETHERMTU 1500 88 89 #ifndef IPPROTO_SCTP 90 #define IPPROTO_SCTP 132 91 #endif 92 93 #ifdef HAVE_OS_PROTO_H 94 #include "os-proto.h" 95 #endif 96 97 #define JMP(c) ((c)|BPF_JMP|BPF_K) 98 99 /* Locals */ 100 static jmp_buf top_ctx; 101 static pcap_t *bpf_pcap; 102 103 /* Hack for updating VLAN offsets. */ 104 static u_int orig_linktype = -1, orig_nl = -1, orig_nl_nosnap = -1; 105 106 /* XXX */ 107 #ifdef PCAP_FDDIPAD 108 int pcap_fddipad = PCAP_FDDIPAD; 109 #else 110 int pcap_fddipad; 111 #endif 112 113 /* VARARGS */ 114 void 115 bpf_error(const char *fmt, ...) 116 117 { 118 va_list ap; 119 120 va_start(ap, fmt); 121 if (bpf_pcap != NULL) 122 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE, 123 fmt, ap); 124 va_end(ap); 125 longjmp(top_ctx, 1); 126 /* NOTREACHED */ 127 } 128 129 static void init_linktype(int); 130 131 static int alloc_reg(void); 132 static void free_reg(int); 133 134 static struct block *root; 135 136 /* 137 * We divy out chunks of memory rather than call malloc each time so 138 * we don't have to worry about leaking memory. It's probably 139 * not a big deal if all this memory was wasted but it this ever 140 * goes into a library that would probably not be a good idea. 141 */ 142 #define NCHUNKS 16 143 #define CHUNK0SIZE 1024 144 struct chunk { 145 u_int n_left; 146 void *m; 147 }; 148 149 static struct chunk chunks[NCHUNKS]; 150 static int cur_chunk; 151 152 static void *newchunk(u_int); 153 static void freechunks(void); 154 static inline struct block *new_block(int); 155 static inline struct slist *new_stmt(int); 156 static struct block *gen_retblk(int); 157 static inline void syntax(void); 158 159 static void backpatch(struct block *, struct block *); 160 static void merge(struct block *, struct block *); 161 static struct block *gen_cmp(u_int, u_int, bpf_int32); 162 static struct block *gen_cmp_gt(u_int, u_int, bpf_int32); 163 static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32); 164 static struct block *gen_bcmp(u_int, u_int, const u_char *); 165 static struct block *gen_ncmp(bpf_u_int32, bpf_u_int32, bpf_u_int32, 166 bpf_u_int32, bpf_u_int32, int); 167 static struct block *gen_uncond(int); 168 static inline struct block *gen_true(void); 169 static inline struct block *gen_false(void); 170 static struct block *gen_ether_linktype(int); 171 static struct block *gen_linktype(int); 172 static struct block *gen_snap(bpf_u_int32, bpf_u_int32, u_int); 173 static struct block *gen_llc(int); 174 static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int); 175 #ifdef INET6 176 static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int); 177 #endif 178 static struct block *gen_ahostop(const u_char *, int); 179 static struct block *gen_ehostop(const u_char *, int); 180 static struct block *gen_fhostop(const u_char *, int); 181 static struct block *gen_thostop(const u_char *, int); 182 static struct block *gen_wlanhostop(const u_char *, int); 183 static struct block *gen_ipfchostop(const u_char *, int); 184 static struct block *gen_dnhostop(bpf_u_int32, int, u_int); 185 static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int); 186 #ifdef INET6 187 static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int); 188 #endif 189 #ifndef INET6 190 static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int); 191 #endif 192 static struct block *gen_ipfrag(void); 193 static struct block *gen_portatom(int, bpf_int32); 194 #ifdef INET6 195 static struct block *gen_portatom6(int, bpf_int32); 196 #endif 197 struct block *gen_portop(int, int, int); 198 static struct block *gen_port(int, int, int); 199 #ifdef INET6 200 struct block *gen_portop6(int, int, int); 201 static struct block *gen_port6(int, int, int); 202 #endif 203 static int lookup_proto(const char *, int); 204 static struct block *gen_protochain(int, int, int); 205 static struct block *gen_proto(int, int, int); 206 static struct slist *xfer_to_x(struct arth *); 207 static struct slist *xfer_to_a(struct arth *); 208 static struct block *gen_mac_multicast(int); 209 static struct block *gen_len(int, int); 210 211 static struct block *gen_msg_abbrev(int type); 212 213 static void * 214 newchunk(n) 215 u_int n; 216 { 217 struct chunk *cp; 218 int k; 219 size_t size; 220 221 #ifndef __NetBSD__ 222 /* XXX Round up to nearest long. */ 223 n = (n + sizeof(long) - 1) & ~(sizeof(long) - 1); 224 #else 225 /* XXX Round up to structure boundary. */ 226 n = ALIGN(n); 227 #endif 228 229 cp = &chunks[cur_chunk]; 230 if (n > cp->n_left) { 231 ++cp, k = ++cur_chunk; 232 if (k >= NCHUNKS) 233 bpf_error("out of memory"); 234 size = CHUNK0SIZE << k; 235 cp->m = (void *)malloc(size); 236 if (cp->m == NULL) 237 bpf_error("out of memory"); 238 memset((char *)cp->m, 0, size); 239 cp->n_left = size; 240 if (n > size) 241 bpf_error("out of memory"); 242 } 243 cp->n_left -= n; 244 return (void *)((char *)cp->m + cp->n_left); 245 } 246 247 static void 248 freechunks() 249 { 250 int i; 251 252 cur_chunk = 0; 253 for (i = 0; i < NCHUNKS; ++i) 254 if (chunks[i].m != NULL) { 255 free(chunks[i].m); 256 chunks[i].m = NULL; 257 } 258 } 259 260 /* 261 * A strdup whose allocations are freed after code generation is over. 262 */ 263 char * 264 sdup(s) 265 register const char *s; 266 { 267 int n = strlen(s) + 1; 268 char *cp = newchunk(n); 269 270 strlcpy(cp, s, n); 271 return (cp); 272 } 273 274 static inline struct block * 275 new_block(code) 276 int code; 277 { 278 struct block *p; 279 280 p = (struct block *)newchunk(sizeof(*p)); 281 p->s.code = code; 282 p->head = p; 283 284 return p; 285 } 286 287 static inline struct slist * 288 new_stmt(code) 289 int code; 290 { 291 struct slist *p; 292 293 p = (struct slist *)newchunk(sizeof(*p)); 294 p->s.code = code; 295 296 return p; 297 } 298 299 static struct block * 300 gen_retblk(v) 301 int v; 302 { 303 struct block *b = new_block(BPF_RET|BPF_K); 304 305 b->s.k = v; 306 return b; 307 } 308 309 static inline void 310 syntax() 311 { 312 bpf_error("syntax error in filter expression"); 313 } 314 315 static bpf_u_int32 netmask; 316 static int snaplen; 317 int no_optimize; 318 319 int 320 pcap_compile(pcap_t *p, struct bpf_program *program, 321 char *buf, int optimize, bpf_u_int32 mask) 322 { 323 extern int n_errors; 324 int len; 325 326 no_optimize = 0; 327 n_errors = 0; 328 root = NULL; 329 bpf_pcap = p; 330 if (setjmp(top_ctx)) { 331 lex_cleanup(); 332 freechunks(); 333 return (-1); 334 } 335 336 netmask = mask; 337 338 snaplen = pcap_snapshot(p); 339 if (snaplen == 0) { 340 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 341 "snaplen of 0 rejects all packets"); 342 return -1; 343 } 344 345 lex_init(buf ? buf : ""); 346 init_linktype(pcap_datalink(p)); 347 (void)pcap_parse(); 348 349 if (n_errors) 350 syntax(); 351 352 if (root == NULL) 353 root = gen_retblk(snaplen); 354 355 if (optimize && !no_optimize) { 356 bpf_optimize(&root); 357 if (root == NULL || 358 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0)) 359 bpf_error("expression rejects all packets"); 360 } 361 program->bf_insns = icode_to_fcode(root, &len); 362 program->bf_len = len; 363 364 lex_cleanup(); 365 freechunks(); 366 return (0); 367 } 368 369 /* 370 * entry point for using the compiler with no pcap open 371 * pass in all the stuff that is needed explicitly instead. 372 */ 373 int 374 pcap_compile_nopcap(int snaplen_arg, int linktype_arg, 375 struct bpf_program *program, 376 char *buf, int optimize, bpf_u_int32 mask) 377 { 378 pcap_t *p; 379 int ret; 380 381 p = pcap_open_dead(linktype_arg, snaplen_arg); 382 if (p == NULL) 383 return (-1); 384 ret = pcap_compile(p, program, buf, optimize, mask); 385 pcap_close(p); 386 return (ret); 387 } 388 389 /* 390 * Clean up a "struct bpf_program" by freeing all the memory allocated 391 * in it. 392 */ 393 void 394 pcap_freecode(struct bpf_program *program) 395 { 396 program->bf_len = 0; 397 if (program->bf_insns != NULL) { 398 free((char *)program->bf_insns); 399 program->bf_insns = NULL; 400 } 401 } 402 403 /* 404 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates 405 * which of the jt and jf fields has been resolved and which is a pointer 406 * back to another unresolved block (or nil). At least one of the fields 407 * in each block is already resolved. 408 */ 409 static void 410 backpatch(list, target) 411 struct block *list, *target; 412 { 413 struct block *next; 414 415 while (list) { 416 if (!list->sense) { 417 next = JT(list); 418 JT(list) = target; 419 } else { 420 next = JF(list); 421 JF(list) = target; 422 } 423 list = next; 424 } 425 } 426 427 /* 428 * Merge the lists in b0 and b1, using the 'sense' field to indicate 429 * which of jt and jf is the link. 430 */ 431 static void 432 merge(b0, b1) 433 struct block *b0, *b1; 434 { 435 register struct block **p = &b0; 436 437 /* Find end of list. */ 438 while (*p) 439 p = !((*p)->sense) ? &JT(*p) : &JF(*p); 440 441 /* Concatenate the lists. */ 442 *p = b1; 443 } 444 445 void 446 finish_parse(p) 447 struct block *p; 448 { 449 backpatch(p, gen_retblk(snaplen)); 450 p->sense = !p->sense; 451 backpatch(p, gen_retblk(0)); 452 root = p->head; 453 } 454 455 void 456 gen_and(b0, b1) 457 struct block *b0, *b1; 458 { 459 backpatch(b0, b1->head); 460 b0->sense = !b0->sense; 461 b1->sense = !b1->sense; 462 merge(b1, b0); 463 b1->sense = !b1->sense; 464 b1->head = b0->head; 465 } 466 467 void 468 gen_or(b0, b1) 469 struct block *b0, *b1; 470 { 471 b0->sense = !b0->sense; 472 backpatch(b0, b1->head); 473 b0->sense = !b0->sense; 474 merge(b1, b0); 475 b1->head = b0->head; 476 } 477 478 void 479 gen_not(b) 480 struct block *b; 481 { 482 b->sense = !b->sense; 483 } 484 485 static struct block * 486 gen_cmp(offset, size, v) 487 u_int offset, size; 488 bpf_int32 v; 489 { 490 struct slist *s; 491 struct block *b; 492 493 s = new_stmt(BPF_LD|BPF_ABS|size); 494 s->s.k = offset; 495 496 b = new_block(JMP(BPF_JEQ)); 497 b->stmts = s; 498 b->s.k = v; 499 500 return b; 501 } 502 503 static struct block * 504 gen_cmp_gt(offset, size, v) 505 u_int offset, size; 506 bpf_int32 v; 507 { 508 struct slist *s; 509 struct block *b; 510 511 s = new_stmt(BPF_LD|BPF_ABS|size); 512 s->s.k = offset; 513 514 b = new_block(JMP(BPF_JGT)); 515 b->stmts = s; 516 b->s.k = v; 517 518 return b; 519 } 520 521 static struct block * 522 gen_mcmp(offset, size, v, mask) 523 u_int offset, size; 524 bpf_int32 v; 525 bpf_u_int32 mask; 526 { 527 struct block *b = gen_cmp(offset, size, v); 528 struct slist *s; 529 530 if (mask != 0xffffffff) { 531 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 532 s->s.k = mask; 533 b->stmts->next = s; 534 } 535 return b; 536 } 537 538 static struct block * 539 gen_bcmp(offset, size, v) 540 register u_int offset, size; 541 register const u_char *v; 542 { 543 register struct block *b, *tmp; 544 545 b = NULL; 546 while (size >= 4) { 547 register const u_char *p = &v[size - 4]; 548 bpf_int32 w = ((bpf_int32)p[0] << 24) | 549 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3]; 550 551 tmp = gen_cmp(offset + size - 4, BPF_W, w); 552 if (b != NULL) 553 gen_and(b, tmp); 554 b = tmp; 555 size -= 4; 556 } 557 while (size >= 2) { 558 register const u_char *p = &v[size - 2]; 559 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1]; 560 561 tmp = gen_cmp(offset + size - 2, BPF_H, w); 562 if (b != NULL) 563 gen_and(b, tmp); 564 b = tmp; 565 size -= 2; 566 } 567 if (size > 0) { 568 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]); 569 if (b != NULL) 570 gen_and(b, tmp); 571 b = tmp; 572 } 573 return b; 574 } 575 576 static struct block * 577 gen_ncmp(datasize, offset, mask, jtype, jvalue, reverse) 578 bpf_u_int32 datasize, offset, mask, jtype, jvalue; 579 int reverse; 580 { 581 struct slist *s; 582 struct block *b; 583 584 s = new_stmt(BPF_LD|datasize|BPF_ABS); 585 s->s.k = offset; 586 587 if (mask != 0xffffffff) { 588 s->next = new_stmt(BPF_ALU|BPF_AND|BPF_K); 589 s->next->s.k = mask; 590 } 591 592 b = new_block(JMP(jtype)); 593 b->stmts = s; 594 b->s.k = jvalue; 595 if (reverse && (jtype == BPF_JGT || jtype == BPF_JGE)) 596 gen_not(b); 597 return b; 598 } 599 600 /* 601 * Various code constructs need to know the layout of the data link 602 * layer. These variables give the necessary offsets. 603 */ 604 605 /* 606 * This is the offset of the beginning of the MAC-layer header. 607 * It's usually 0, except for ATM LANE. 608 */ 609 static u_int off_mac; 610 611 /* 612 * "off_linktype" is the offset to information in the link-layer header 613 * giving the packet type. 614 * 615 * For Ethernet, it's the offset of the Ethernet type field. 616 * 617 * For link-layer types that always use 802.2 headers, it's the 618 * offset of the LLC header. 619 * 620 * For PPP, it's the offset of the PPP type field. 621 * 622 * For Cisco HDLC, it's the offset of the CHDLC type field. 623 * 624 * For BSD loopback, it's the offset of the AF_ value. 625 * 626 * For Linux cooked sockets, it's the offset of the type field. 627 * 628 * It's set to -1 for no encapsulation, in which case, IP is assumed. 629 */ 630 static u_int off_linktype; 631 632 /* 633 * TRUE if the link layer includes an ATM pseudo-header. 634 */ 635 static int is_atm = 0; 636 637 /* 638 * TRUE if "lane" appeared in the filter; it causes us to generate 639 * code that assumes LANE rather than LLC-encapsulated traffic in SunATM. 640 */ 641 static int is_lane = 0; 642 643 /* 644 * These are offsets for the ATM pseudo-header. 645 */ 646 static u_int off_vpi; 647 static u_int off_vci; 648 static u_int off_proto; 649 650 /* 651 * This is the offset of the first byte after the ATM pseudo_header, 652 * or -1 if there is no ATM pseudo-header. 653 */ 654 static u_int off_payload; 655 656 /* 657 * These are offsets to the beginning of the network-layer header. 658 * 659 * If the link layer never uses 802.2 LLC: 660 * 661 * "off_nl" and "off_nl_nosnap" are the same. 662 * 663 * If the link layer always uses 802.2 LLC: 664 * 665 * "off_nl" is the offset if there's a SNAP header following 666 * the 802.2 header; 667 * 668 * "off_nl_nosnap" is the offset if there's no SNAP header. 669 * 670 * If the link layer is Ethernet: 671 * 672 * "off_nl" is the offset if the packet is an Ethernet II packet 673 * (we assume no 802.3+802.2+SNAP); 674 * 675 * "off_nl_nosnap" is the offset if the packet is an 802.3 packet 676 * with an 802.2 header following it. 677 */ 678 static u_int off_nl; 679 static u_int off_nl_nosnap; 680 681 static int linktype; 682 683 static void 684 init_linktype(type) 685 int type; 686 { 687 linktype = type; 688 689 /* 690 * Assume it's not raw ATM with a pseudo-header, for now. 691 */ 692 off_mac = 0; 693 is_atm = 0; 694 is_lane = 0; 695 off_vpi = -1; 696 off_vci = -1; 697 off_proto = -1; 698 off_payload = -1; 699 700 orig_linktype = -1; 701 orig_nl = -1; 702 orig_nl_nosnap = -1; 703 704 switch (type) { 705 706 case DLT_ARCNET: 707 off_linktype = 2; 708 off_nl = 6; /* XXX in reality, variable! */ 709 off_nl_nosnap = 6; /* no 802.2 LLC */ 710 return; 711 712 case DLT_ARCNET_LINUX: 713 off_linktype = 4; 714 off_nl = 8; /* XXX in reality, variable! */ 715 off_nl_nosnap = 8; /* no 802.2 LLC */ 716 return; 717 718 case DLT_EN10MB: 719 off_linktype = 12; 720 off_nl = 14; /* Ethernet II */ 721 off_nl_nosnap = 17; /* 802.3+802.2 */ 722 return; 723 724 case DLT_SLIP: 725 /* 726 * SLIP doesn't have a link level type. The 16 byte 727 * header is hacked into our SLIP driver. 728 */ 729 off_linktype = -1; 730 off_nl = 16; 731 off_nl_nosnap = 16; /* no 802.2 LLC */ 732 return; 733 734 case DLT_SLIP_BSDOS: 735 /* XXX this may be the same as the DLT_PPP_BSDOS case */ 736 off_linktype = -1; 737 /* XXX end */ 738 off_nl = 24; 739 off_nl_nosnap = 24; /* no 802.2 LLC */ 740 return; 741 742 case DLT_NULL: 743 case DLT_LOOP: 744 off_linktype = 0; 745 off_nl = 4; 746 off_nl_nosnap = 4; /* no 802.2 LLC */ 747 return; 748 749 case DLT_ENC: 750 off_linktype = 0; 751 off_nl = 12; 752 off_nl_nosnap = 12; /* no 802.2 LLC */ 753 return; 754 755 case DLT_PPP: 756 case DLT_C_HDLC: /* BSD/OS Cisco HDLC */ 757 case DLT_PPP_SERIAL: /* NetBSD sync/async serial PPP */ 758 off_linktype = 2; 759 off_nl = 4; 760 off_nl_nosnap = 4; /* no 802.2 LLC */ 761 return; 762 763 case DLT_PPP_ETHER: 764 /* 765 * This does no include the Ethernet header, and 766 * only covers session state. 767 */ 768 off_linktype = 6; 769 off_nl = 8; 770 off_nl_nosnap = 8; /* no 802.2 LLC */ 771 return; 772 773 case DLT_PPP_BSDOS: 774 off_linktype = 5; 775 off_nl = 24; 776 off_nl_nosnap = 24; /* no 802.2 LLC */ 777 return; 778 779 case DLT_FDDI: 780 /* 781 * FDDI doesn't really have a link-level type field. 782 * We set "off_linktype" to the offset of the LLC header. 783 * 784 * To check for Ethernet types, we assume that SSAP = SNAP 785 * is being used and pick out the encapsulated Ethernet type. 786 * XXX - should we generate code to check for SNAP? 787 */ 788 off_linktype = 13; 789 #ifdef PCAP_FDDIPAD 790 off_linktype += pcap_fddipad; 791 #endif 792 off_nl = 21; /* FDDI+802.2+SNAP */ 793 off_nl_nosnap = 16; /* FDDI+802.2 */ 794 #ifdef PCAP_FDDIPAD 795 off_nl += pcap_fddipad; 796 off_nl_nosnap += pcap_fddipad; 797 #endif 798 return; 799 800 case DLT_IEEE802: 801 /* 802 * Token Ring doesn't really have a link-level type field. 803 * We set "off_linktype" to the offset of the LLC header. 804 * 805 * To check for Ethernet types, we assume that SSAP = SNAP 806 * is being used and pick out the encapsulated Ethernet type. 807 * XXX - should we generate code to check for SNAP? 808 * 809 * XXX - the header is actually variable-length. 810 * Some various Linux patched versions gave 38 811 * as "off_linktype" and 40 as "off_nl"; however, 812 * if a token ring packet has *no* routing 813 * information, i.e. is not source-routed, the correct 814 * values are 20 and 22, as they are in the vanilla code. 815 * 816 * A packet is source-routed iff the uppermost bit 817 * of the first byte of the source address, at an 818 * offset of 8, has the uppermost bit set. If the 819 * packet is source-routed, the total number of bytes 820 * of routing information is 2 plus bits 0x1F00 of 821 * the 16-bit value at an offset of 14 (shifted right 822 * 8 - figure out which byte that is). 823 */ 824 off_linktype = 14; 825 off_nl = 22; /* Token Ring+802.2+SNAP */ 826 off_nl_nosnap = 17; /* Token Ring+802.2 */ 827 return; 828 829 case DLT_IEEE802_11: 830 /* 831 * 802.11 doesn't really have a link-level type field. 832 * We set "off_linktype" to the offset of the LLC header. 833 * 834 * To check for Ethernet types, we assume that SSAP = SNAP 835 * is being used and pick out the encapsulated Ethernet type. 836 * XXX - should we generate code to check for SNAP? 837 * 838 * XXX - the header is actually variable-length. We 839 * assume a 24-byte link-layer header, as appears in 840 * data frames in networks with no bridges. If the 841 * fromds and tods 802.11 header bits are both set, 842 * it's actually supposed to be 30 bytes. 843 */ 844 off_linktype = 24; 845 off_nl = 32; /* 802.11+802.2+SNAP */ 846 off_nl_nosnap = 27; /* 802.11+802.2 */ 847 return; 848 849 case DLT_PRISM_HEADER: 850 /* 851 * Same as 802.11, but with an additional header before 852 * the 802.11 header, containing a bunch of additional 853 * information including radio-level information. 854 * 855 * The header is 144 bytes long. 856 * 857 * XXX - same variable-length header problem; at least 858 * the Prism header is fixed-length. 859 */ 860 off_linktype = 144+24; 861 off_nl = 144+32; /* Prism+802.11+802.2+SNAP */ 862 off_nl_nosnap = 144+27; /* Prism+802.11+802.2 */ 863 return; 864 865 case DLT_IEEE802_11_RADIO_AVS: 866 /* 867 * Same as 802.11, but with an additional header before 868 * the 802.11 header, containing a bunch of additional 869 * information including radio-level information. 870 * 871 * The header is 64 bytes long, at least in its 872 * current incarnation. 873 * 874 * XXX - same variable-length header problem, only 875 * more so; this header is also variable-length, 876 * with the length being the 32-bit big-endian 877 * number at an offset of 4 from the beginning 878 * of the radio header. 879 */ 880 off_linktype = 64+24; 881 off_nl = 64+32; /* Radio+802.11+802.2+SNAP */ 882 off_nl_nosnap = 64+27; /* Radio+802.11+802.2 */ 883 return; 884 885 case DLT_IEEE802_11_RADIO: 886 /* 887 * Same as 802.11, but with an additional header before 888 * the 802.11 header, containing a bunch of additional 889 * information including radio-level information. 890 * 891 * XXX - same variable-length header problem, only 892 * even *more* so; this header is also variable-length, 893 * with the length being the 16-bit number at an offset 894 * of 2 from the beginning of the radio header, and it's 895 * device-dependent (different devices might supply 896 * different amounts of information), so we can't even 897 * assume a fixed length for the current version of the 898 * header. 899 * 900 * Therefore, currently, only raw "link[N:M]" filtering is 901 * supported. 902 */ 903 off_linktype = -1; 904 off_nl = -1; 905 off_nl_nosnap = -1; 906 return; 907 908 case DLT_ATM_RFC1483: 909 case DLT_ATM_CLIP: /* Linux ATM defines this */ 910 /* 911 * assume routed, non-ISO PDUs 912 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00) 913 */ 914 off_linktype = 0; 915 off_nl = 8; /* 802.2+SNAP */ 916 off_nl_nosnap = 3; /* 802.2 */ 917 return; 918 919 case DLT_SUNATM: 920 /* 921 * Full Frontal ATM; you get AALn PDUs with an ATM 922 * pseudo-header. 923 */ 924 is_atm = 1; 925 off_vpi = SUNATM_VPI_POS; 926 off_vci = SUNATM_VCI_POS; 927 off_proto = PROTO_POS; 928 off_mac = -1; /* LLC-encapsulated, so no MAC-layer header */ 929 off_payload = SUNATM_PKT_BEGIN_POS; 930 off_linktype = off_payload; 931 off_nl = off_payload+8; /* 802.2+SNAP */ 932 off_nl_nosnap = off_payload+3; /* 802.2 */ 933 return; 934 935 case DLT_RAW: 936 off_linktype = -1; 937 off_nl = 0; 938 off_nl_nosnap = 0; /* no 802.2 LLC */ 939 return; 940 941 case DLT_LINUX_SLL: /* fake header for Linux cooked socket */ 942 off_linktype = 14; 943 off_nl = 16; 944 off_nl_nosnap = 16; /* no 802.2 LLC */ 945 return; 946 947 case DLT_LTALK: 948 /* 949 * LocalTalk does have a 1-byte type field in the LLAP header, 950 * but really it just indicates whether there is a "short" or 951 * "long" DDP packet following. 952 */ 953 off_linktype = -1; 954 off_nl = 0; 955 off_nl_nosnap = 0; /* no 802.2 LLC */ 956 return; 957 958 case DLT_IP_OVER_FC: 959 /* 960 * RFC 2625 IP-over-Fibre-Channel doesn't really have a 961 * link-level type field. We set "off_linktype" to the 962 * offset of the LLC header. 963 * 964 * To check for Ethernet types, we assume that SSAP = SNAP 965 * is being used and pick out the encapsulated Ethernet type. 966 * XXX - should we generate code to check for SNAP? RFC 967 * 2625 says SNAP should be used. 968 */ 969 off_linktype = 16; 970 off_nl = 24; /* IPFC+802.2+SNAP */ 971 off_nl_nosnap = 19; /* IPFC+802.2 */ 972 return; 973 974 case DLT_FRELAY: 975 /* 976 * XXX - we should set this to handle SNAP-encapsulated 977 * frames (NLPID of 0x80). 978 */ 979 off_linktype = -1; 980 off_nl = 0; 981 off_nl_nosnap = 0; /* no 802.2 LLC */ 982 return; 983 984 case DLT_APPLE_IP_OVER_IEEE1394: 985 off_linktype = 16; 986 off_nl = 18; 987 off_nl_nosnap = 0; /* no 802.2 LLC */ 988 return; 989 990 case DLT_LINUX_IRDA: 991 /* 992 * Currently, only raw "link[N:M]" filtering is supported. 993 */ 994 off_linktype = -1; 995 off_nl = -1; 996 off_nl_nosnap = -1; 997 return; 998 999 case DLT_PFLOG: 1000 off_linktype = 0; 1001 /* XXX read from header? */ 1002 off_nl = PFLOG_HDRLEN; 1003 off_nl_nosnap = PFLOG_HDRLEN; 1004 return; 1005 1006 #ifdef DLT_PFSYNC 1007 case DLT_PFSYNC: 1008 off_linktype = -1; 1009 off_nl = 4; 1010 off_nl_nosnap = 4; 1011 return; 1012 #endif 1013 } 1014 bpf_error("unknown data link type %d", linktype); 1015 /* NOTREACHED */ 1016 } 1017 1018 static struct block * 1019 gen_uncond(rsense) 1020 int rsense; 1021 { 1022 struct block *b; 1023 struct slist *s; 1024 1025 s = new_stmt(BPF_LD|BPF_IMM); 1026 s->s.k = !rsense; 1027 b = new_block(JMP(BPF_JEQ)); 1028 b->stmts = s; 1029 1030 return b; 1031 } 1032 1033 static inline struct block * 1034 gen_true() 1035 { 1036 return gen_uncond(1); 1037 } 1038 1039 static inline struct block * 1040 gen_false() 1041 { 1042 return gen_uncond(0); 1043 } 1044 1045 /* 1046 * Byte-swap a 32-bit number. 1047 * ("htonl()" or "ntohl()" won't work - we want to byte-swap even on 1048 * big-endian platforms.) 1049 */ 1050 #define SWAPLONG(y) \ 1051 ((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff)) 1052 1053 static struct block * 1054 gen_ether_linktype(proto) 1055 register int proto; 1056 { 1057 struct block *b0, *b1; 1058 1059 switch (proto) { 1060 1061 case LLCSAP_ISONS: 1062 /* 1063 * OSI protocols always use 802.2 encapsulation. 1064 * XXX - should we check both the DSAP and the 1065 * SSAP, like this, or should we check just the 1066 * DSAP? 1067 */ 1068 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 1069 gen_not(b0); 1070 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32) 1071 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS)); 1072 gen_and(b0, b1); 1073 return b1; 1074 1075 case LLCSAP_IP: 1076 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 1077 gen_not(b0); 1078 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32) 1079 ((LLCSAP_IP << 8) | LLCSAP_IP)); 1080 gen_and(b0, b1); 1081 return b1; 1082 1083 case LLCSAP_NETBEUI: 1084 /* 1085 * NetBEUI always uses 802.2 encapsulation. 1086 * XXX - should we check both the DSAP and the 1087 * SSAP, like this, or should we check just the 1088 * DSAP? 1089 */ 1090 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 1091 gen_not(b0); 1092 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32) 1093 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI)); 1094 gen_and(b0, b1); 1095 return b1; 1096 1097 case LLCSAP_IPX: 1098 /* 1099 * Check for; 1100 * 1101 * Ethernet_II frames, which are Ethernet 1102 * frames with a frame type of ETHERTYPE_IPX; 1103 * 1104 * Ethernet_802.3 frames, which are 802.3 1105 * frames (i.e., the type/length field is 1106 * a length field, <= ETHERMTU, rather than 1107 * a type field) with the first two bytes 1108 * after the Ethernet/802.3 header being 1109 * 0xFFFF; 1110 * 1111 * Ethernet_802.2 frames, which are 802.3 1112 * frames with an 802.2 LLC header and 1113 * with the IPX LSAP as the DSAP in the LLC 1114 * header; 1115 * 1116 * Ethernet_SNAP frames, which are 802.3 1117 * frames with an LLC header and a SNAP 1118 * header and with an OUI of 0x000000 1119 * (encapsulated Ethernet) and a protocol 1120 * ID of ETHERTYPE_IPX in the SNAP header. 1121 * 1122 * XXX - should we generate the same code both 1123 * for tests for LLCSAP_IPX and for ETHERTYPE_IPX? 1124 */ 1125 1126 /* 1127 * This generates code to check both for the 1128 * IPX LSAP (Ethernet_802.2) and for Ethernet_802.3. 1129 */ 1130 b0 = gen_cmp(off_linktype + 2, BPF_B, (bpf_int32)LLCSAP_IPX); 1131 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)0xFFFF); 1132 gen_or(b0, b1); 1133 1134 /* 1135 * Now we add code to check for SNAP frames with 1136 * ETHERTYPE_IPX, i.e. Ethernet_SNAP. 1137 */ 1138 b0 = gen_snap(0x000000, ETHERTYPE_IPX, 14); 1139 gen_or(b0, b1); 1140 1141 /* 1142 * Now we generate code to check for 802.3 1143 * frames in general. 1144 */ 1145 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 1146 gen_not(b0); 1147 1148 /* 1149 * Now add the check for 802.3 frames before the 1150 * check for Ethernet_802.2 and Ethernet_802.3, 1151 * as those checks should only be done on 802.3 1152 * frames, not on Ethernet frames. 1153 */ 1154 gen_and(b0, b1); 1155 1156 /* 1157 * Now add the check for Ethernet_II frames, and 1158 * do that before checking for the other frame 1159 * types. 1160 */ 1161 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)ETHERTYPE_IPX); 1162 gen_or(b0, b1); 1163 return b1; 1164 1165 case ETHERTYPE_ATALK: 1166 case ETHERTYPE_AARP: 1167 /* 1168 * EtherTalk (AppleTalk protocols on Ethernet link 1169 * layer) may use 802.2 encapsulation. 1170 */ 1171 1172 /* 1173 * Check for 802.2 encapsulation (EtherTalk phase 2?); 1174 * we check for an Ethernet type field less than 1175 * 1500, which means it's an 802.3 length field. 1176 */ 1177 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 1178 gen_not(b0); 1179 1180 /* 1181 * 802.2-encapsulated ETHERTYPE_ATALK packets are 1182 * SNAP packets with an organization code of 1183 * 0x080007 (Apple, for Appletalk) and a protocol 1184 * type of ETHERTYPE_ATALK (Appletalk). 1185 * 1186 * 802.2-encapsulated ETHERTYPE_AARP packets are 1187 * SNAP packets with an organization code of 1188 * 0x000000 (encapsulated Ethernet) and a protocol 1189 * type of ETHERTYPE_AARP (Appletalk ARP). 1190 */ 1191 if (proto == ETHERTYPE_ATALK) 1192 b1 = gen_snap(0x080007, ETHERTYPE_ATALK, 14); 1193 else /* proto == ETHERTYPE_AARP */ 1194 b1 = gen_snap(0x000000, ETHERTYPE_AARP, 14); 1195 gen_and(b0, b1); 1196 1197 /* 1198 * Check for Ethernet encapsulation (Ethertalk 1199 * phase 1?); we just check for the Ethernet 1200 * protocol type. 1201 */ 1202 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 1203 1204 gen_or(b0, b1); 1205 return b1; 1206 1207 default: 1208 if (proto <= ETHERMTU) { 1209 /* 1210 * This is an LLC SAP value, so the frames 1211 * that match would be 802.2 frames. 1212 * Check that the frame is an 802.2 frame 1213 * (i.e., that the length/type field is 1214 * a length field, <= ETHERMTU) and 1215 * then check the DSAP. 1216 */ 1217 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 1218 gen_not(b0); 1219 b1 = gen_cmp(off_linktype + 2, BPF_B, (bpf_int32)proto); 1220 gen_and(b0, b1); 1221 return b1; 1222 } else { 1223 /* 1224 * This is an Ethernet type, so compare 1225 * the length/type field with it (if 1226 * the frame is an 802.2 frame, the length 1227 * field will be <= ETHERMTU, and, as 1228 * "proto" is > ETHERMTU, this test 1229 * will fail and the frame won't match, 1230 * which is what we want). 1231 */ 1232 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 1233 } 1234 } 1235 } 1236 1237 static struct block * 1238 gen_linktype(proto) 1239 register int proto; 1240 { 1241 struct block *b0, *b1, *b2; 1242 1243 switch (linktype) { 1244 1245 case DLT_EN10MB: 1246 return gen_ether_linktype(proto); 1247 break; 1248 1249 case DLT_C_HDLC: 1250 switch (proto) { 1251 1252 case LLCSAP_ISONS: 1253 proto = (proto << 8 | LLCSAP_ISONS); 1254 /* fall through */ 1255 1256 default: 1257 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 1258 break; 1259 } 1260 break; 1261 1262 case DLT_IEEE802_11: 1263 case DLT_PRISM_HEADER: 1264 case DLT_IEEE802_11_RADIO: 1265 case DLT_FDDI: 1266 case DLT_IEEE802: 1267 case DLT_ATM_RFC1483: 1268 case DLT_ATM_CLIP: 1269 case DLT_IP_OVER_FC: 1270 return gen_llc(proto); 1271 break; 1272 1273 case DLT_SUNATM: 1274 /* 1275 * If "is_lane" is set, check for a LANE-encapsulated 1276 * version of this protocol, otherwise check for an 1277 * LLC-encapsulated version of this protocol. 1278 * 1279 * We assume LANE means Ethernet, not Token Ring. 1280 */ 1281 if (is_lane) { 1282 /* 1283 * Check that the packet doesn't begin with an 1284 * LE Control marker. (We've already generated 1285 * a test for LANE.) 1286 */ 1287 b0 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00); 1288 gen_not(b0); 1289 1290 /* 1291 * Now generate an Ethernet test. 1292 */ 1293 b1 = gen_ether_linktype(proto); 1294 gen_and(b0, b1); 1295 return b1; 1296 } else { 1297 /* 1298 * Check for LLC encapsulation and then check the 1299 * protocol. 1300 */ 1301 b0 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0); 1302 b1 = gen_llc(proto); 1303 gen_and(b0, b1); 1304 return b1; 1305 } 1306 1307 case DLT_LINUX_SLL: 1308 switch (proto) { 1309 1310 case LLCSAP_IP: 1311 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2); 1312 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32) 1313 ((LLCSAP_IP << 8) | LLCSAP_IP)); 1314 gen_and(b0, b1); 1315 return b1; 1316 1317 case LLCSAP_ISONS: 1318 /* 1319 * OSI protocols always use 802.2 encapsulation. 1320 * XXX - should we check both the DSAP and the 1321 * LSAP, like this, or should we check just the 1322 * DSAP? 1323 */ 1324 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2); 1325 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32) 1326 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS)); 1327 gen_and(b0, b1); 1328 return b1; 1329 1330 case LLCSAP_NETBEUI: 1331 /* 1332 * NetBEUI always uses 802.2 encapsulation. 1333 * XXX - should we check both the DSAP and the 1334 * LSAP, like this, or should we check just the 1335 * DSAP? 1336 */ 1337 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2); 1338 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32) 1339 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI)); 1340 gen_and(b0, b1); 1341 return b1; 1342 1343 case LLCSAP_IPX: 1344 /* 1345 * Ethernet_II frames, which are Ethernet 1346 * frames with a frame type of ETHERTYPE_IPX; 1347 * 1348 * Ethernet_802.3 frames, which have a frame 1349 * type of LINUX_SLL_P_802_3; 1350 * 1351 * Ethernet_802.2 frames, which are 802.3 1352 * frames with an 802.2 LLC header (i.e, have 1353 * a frame type of LINUX_SLL_P_802_2) and 1354 * with the IPX LSAP as the DSAP in the LLC 1355 * header; 1356 * 1357 * Ethernet_SNAP frames, which are 802.3 1358 * frames with an LLC header and a SNAP 1359 * header and with an OUI of 0x000000 1360 * (encapsulated Ethernet) and a protocol 1361 * ID of ETHERTYPE_IPX in the SNAP header. 1362 * 1363 * First, do the checks on LINUX_SLL_P_802_2 1364 * frames; generate the check for either 1365 * Ethernet_802.2 or Ethernet_SNAP frames, and 1366 * then put a check for LINUX_SLL_P_802_2 frames 1367 * before it. 1368 */ 1369 b0 = gen_cmp(off_linktype + 2, BPF_B, 1370 (bpf_int32)LLCSAP_IPX); 1371 b1 = gen_snap(0x000000, ETHERTYPE_IPX, 1372 off_linktype + 2); 1373 gen_or(b0, b1); 1374 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2); 1375 gen_and(b0, b1); 1376 1377 /* 1378 * Now check for 802.3 frames and OR that with 1379 * the previous test. 1380 */ 1381 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_3); 1382 gen_or(b0, b1); 1383 1384 /* 1385 * Now add the check for Ethernet_II frames, and 1386 * do that before checking for the other frame 1387 * types. 1388 */ 1389 b0 = gen_cmp(off_linktype, BPF_H, 1390 (bpf_int32)ETHERTYPE_IPX); 1391 gen_or(b0, b1); 1392 return b1; 1393 1394 case ETHERTYPE_ATALK: 1395 case ETHERTYPE_AARP: 1396 /* 1397 * EtherTalk (AppleTalk protocols on Ethernet link 1398 * layer) may use 802.2 encapsulation. 1399 */ 1400 1401 /* 1402 * Check for 802.2 encapsulation (EtherTalk phase 2?); 1403 * we check for the 802.2 protocol type in the 1404 * "Ethernet type" field. 1405 */ 1406 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2); 1407 1408 /* 1409 * 802.2-encapsulated ETHERTYPE_ATALK packets are 1410 * SNAP packets with an organization code of 1411 * 0x080007 (Apple, for Appletalk) and a protocol 1412 * type of ETHERTYPE_ATALK (Appletalk). 1413 * 1414 * 802.2-encapsulated ETHERTYPE_AARP packets are 1415 * SNAP packets with an organization code of 1416 * 0x000000 (encapsulated Ethernet) and a protocol 1417 * type of ETHERTYPE_AARP (Appletalk ARP). 1418 */ 1419 if (proto == ETHERTYPE_ATALK) 1420 b1 = gen_snap(0x080007, ETHERTYPE_ATALK, 1421 off_linktype + 2); 1422 else /* proto == ETHERTYPE_AARP */ 1423 b1 = gen_snap(0x000000, ETHERTYPE_AARP, 1424 off_linktype + 2); 1425 gen_and(b0, b1); 1426 1427 /* 1428 * Check for Ethernet encapsulation (Ethertalk 1429 * phase 1?); we just check for the Ethernet 1430 * protocol type. 1431 */ 1432 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 1433 1434 gen_or(b0, b1); 1435 return b1; 1436 1437 default: 1438 if (proto <= ETHERMTU) { 1439 /* 1440 * This is an LLC SAP value, so the frames 1441 * that match would be 802.2 frames. 1442 * Check for the 802.2 protocol type 1443 * in the "Ethernet type" field, and 1444 * then check the DSAP. 1445 */ 1446 b0 = gen_cmp(off_linktype, BPF_H, 1447 LINUX_SLL_P_802_2); 1448 b1 = gen_cmp(off_linktype + 2, BPF_B, 1449 (bpf_int32)proto); 1450 gen_and(b0, b1); 1451 return b1; 1452 } else { 1453 /* 1454 * This is an Ethernet type, so compare 1455 * the length/type field with it (if 1456 * the frame is an 802.2 frame, the length 1457 * field will be <= ETHERMTU, and, as 1458 * "proto" is > ETHERMTU, this test 1459 * will fail and the frame won't match, 1460 * which is what we want). 1461 */ 1462 return gen_cmp(off_linktype, BPF_H, 1463 (bpf_int32)proto); 1464 } 1465 } 1466 break; 1467 1468 case DLT_SLIP: 1469 case DLT_SLIP_BSDOS: 1470 case DLT_RAW: 1471 /* 1472 * These types don't provide any type field; packets 1473 * are always IP. 1474 * 1475 * XXX - for IPv4, check for a version number of 4, and, 1476 * for IPv6, check for a version number of 6? 1477 */ 1478 switch (proto) { 1479 1480 case ETHERTYPE_IP: 1481 #ifdef INET6 1482 case ETHERTYPE_IPV6: 1483 #endif 1484 return gen_true(); /* always true */ 1485 1486 default: 1487 return gen_false(); /* always false */ 1488 } 1489 break; 1490 1491 case DLT_PPP: 1492 case DLT_PPP_SERIAL: 1493 case DLT_PPP_ETHER: 1494 /* 1495 * We use Ethernet protocol types inside libpcap; 1496 * map them to the corresponding PPP protocol types. 1497 */ 1498 switch (proto) { 1499 1500 case ETHERTYPE_IP: 1501 proto = PPP_IP; 1502 break; 1503 1504 #ifdef INET6 1505 case ETHERTYPE_IPV6: 1506 proto = PPP_IPV6; 1507 break; 1508 #endif 1509 1510 case ETHERTYPE_DN: 1511 proto = PPP_DECNET; 1512 break; 1513 1514 case ETHERTYPE_ATALK: 1515 proto = PPP_APPLE; 1516 break; 1517 1518 case ETHERTYPE_NS: 1519 proto = PPP_NS; 1520 break; 1521 1522 case LLCSAP_ISONS: 1523 proto = PPP_OSI; 1524 break; 1525 1526 case LLCSAP_8021D: 1527 /* 1528 * I'm assuming the "Bridging PDU"s that go 1529 * over PPP are Spanning Tree Protocol 1530 * Bridging PDUs. 1531 */ 1532 proto = PPP_BRPDU; 1533 break; 1534 1535 case LLCSAP_IPX: 1536 proto = PPP_IPX; 1537 break; 1538 } 1539 break; 1540 1541 case DLT_PPP_BSDOS: 1542 /* 1543 * We use Ethernet protocol types inside libpcap; 1544 * map them to the corresponding PPP protocol types. 1545 */ 1546 switch (proto) { 1547 1548 case ETHERTYPE_IP: 1549 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP); 1550 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC); 1551 gen_or(b0, b1); 1552 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC); 1553 gen_or(b1, b0); 1554 return b0; 1555 1556 #ifdef INET6 1557 case ETHERTYPE_IPV6: 1558 proto = PPP_IPV6; 1559 /* more to go? */ 1560 break; 1561 #endif 1562 1563 case ETHERTYPE_DN: 1564 proto = PPP_DECNET; 1565 break; 1566 1567 case ETHERTYPE_ATALK: 1568 proto = PPP_APPLE; 1569 break; 1570 1571 case ETHERTYPE_NS: 1572 proto = PPP_NS; 1573 break; 1574 1575 case LLCSAP_ISONS: 1576 proto = PPP_OSI; 1577 break; 1578 1579 case LLCSAP_8021D: 1580 /* 1581 * I'm assuming the "Bridging PDU"s that go 1582 * over PPP are Spanning Tree Protocol 1583 * Bridging PDUs. 1584 */ 1585 proto = PPP_BRPDU; 1586 break; 1587 1588 case LLCSAP_IPX: 1589 proto = PPP_IPX; 1590 break; 1591 } 1592 break; 1593 1594 case DLT_NULL: 1595 case DLT_LOOP: 1596 case DLT_ENC: 1597 /* 1598 * For DLT_NULL, the link-layer header is a 32-bit 1599 * word containing an AF_ value in *host* byte order, 1600 * and for DLT_ENC, the link-layer header begins 1601 * with a 32-bit work containing an AF_ value in 1602 * host byte order. 1603 * 1604 * In addition, if we're reading a saved capture file, 1605 * the host byte order in the capture may not be the 1606 * same as the host byte order on this machine. 1607 * 1608 * For DLT_LOOP, the link-layer header is a 32-bit 1609 * word containing an AF_ value in *network* byte order. 1610 * 1611 * XXX - AF_ values may, unfortunately, be platform- 1612 * dependent; for example, FreeBSD's AF_INET6 is 24 1613 * whilst NetBSD's and OpenBSD's is 26. 1614 * 1615 * This means that, when reading a capture file, just 1616 * checking for our AF_INET6 value won't work if the 1617 * capture file came from another OS. 1618 */ 1619 switch (proto) { 1620 1621 case ETHERTYPE_IP: 1622 proto = AF_INET; 1623 break; 1624 1625 #ifdef INET6 1626 case ETHERTYPE_IPV6: 1627 proto = AF_INET6; 1628 break; 1629 #endif 1630 1631 default: 1632 /* 1633 * Not a type on which we support filtering. 1634 * XXX - support those that have AF_ values 1635 * #defined on this platform, at least? 1636 */ 1637 return gen_false(); 1638 } 1639 1640 if (linktype == DLT_NULL || linktype == DLT_ENC) { 1641 /* 1642 * The AF_ value is in host byte order, but 1643 * the BPF interpreter will convert it to 1644 * network byte order. 1645 * 1646 * If this is a save file, and it's from a 1647 * machine with the opposite byte order to 1648 * ours, we byte-swap the AF_ value. 1649 * 1650 * Then we run it through "htonl()", and 1651 * generate code to compare against the result. 1652 */ 1653 if (bpf_pcap->sf.rfile != NULL && 1654 bpf_pcap->sf.swapped) 1655 proto = SWAPLONG(proto); 1656 proto = htonl(proto); 1657 } 1658 return (gen_cmp(0, BPF_W, (bpf_int32)proto)); 1659 1660 case DLT_PFLOG: 1661 /* 1662 * af field is host byte order in contrast to the rest of 1663 * the packet. 1664 */ 1665 if (proto == ETHERTYPE_IP) 1666 return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B, 1667 (bpf_int32)AF_INET)); 1668 #ifdef INET6 1669 else if (proto == ETHERTYPE_IPV6) 1670 return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B, 1671 (bpf_int32)AF_INET6)); 1672 #endif /* INET6 */ 1673 else 1674 return gen_false(); 1675 break; 1676 1677 case DLT_ARCNET: 1678 case DLT_ARCNET_LINUX: 1679 /* 1680 * XXX should we check for first fragment if the protocol 1681 * uses PHDS? 1682 */ 1683 switch (proto) { 1684 1685 default: 1686 return gen_false(); 1687 1688 #ifdef INET6 1689 case ETHERTYPE_IPV6: 1690 return (gen_cmp(off_linktype, BPF_B, 1691 (bpf_int32)ARCTYPE_INET6)); 1692 #endif /* INET6 */ 1693 1694 case ETHERTYPE_IP: 1695 b0 = gen_cmp(off_linktype, BPF_B, 1696 (bpf_int32)ARCTYPE_IP); 1697 b1 = gen_cmp(off_linktype, BPF_B, 1698 (bpf_int32)ARCTYPE_IP_OLD); 1699 gen_or(b0, b1); 1700 return (b1); 1701 1702 case ETHERTYPE_ARP: 1703 b0 = gen_cmp(off_linktype, BPF_B, 1704 (bpf_int32)ARCTYPE_ARP); 1705 b1 = gen_cmp(off_linktype, BPF_B, 1706 (bpf_int32)ARCTYPE_ARP_OLD); 1707 gen_or(b0, b1); 1708 return (b1); 1709 1710 case ETHERTYPE_REVARP: 1711 return (gen_cmp(off_linktype, BPF_B, 1712 (bpf_int32)ARCTYPE_REVARP)); 1713 1714 case ETHERTYPE_ATALK: 1715 return (gen_cmp(off_linktype, BPF_B, 1716 (bpf_int32)ARCTYPE_ATALK)); 1717 } 1718 break; 1719 1720 case DLT_LTALK: 1721 switch (proto) { 1722 case ETHERTYPE_ATALK: 1723 return gen_true(); 1724 default: 1725 return gen_false(); 1726 } 1727 break; 1728 1729 case DLT_FRELAY: 1730 /* 1731 * XXX - assumes a 2-byte Frame Relay header with 1732 * DLCI and flags. What if the address is longer? 1733 */ 1734 switch (proto) { 1735 1736 case ETHERTYPE_IP: 1737 /* 1738 * Check for the special NLPID for IP. 1739 */ 1740 return gen_cmp(2, BPF_H, (0x03<<8) | 0xcc); 1741 1742 #ifdef INET6 1743 case ETHERTYPE_IPV6: 1744 /* 1745 * Check for the special NLPID for IPv6. 1746 */ 1747 return gen_cmp(2, BPF_H, (0x03<<8) | 0x8e); 1748 #endif 1749 1750 case LLCSAP_ISONS: 1751 /* 1752 * Check for several OSI protocols. 1753 * 1754 * Frame Relay packets typically have an OSI 1755 * NLPID at the beginning; we check for each 1756 * of them. 1757 * 1758 * What we check for is the NLPID and a frame 1759 * control field of UI, i.e. 0x03 followed 1760 * by the NLPID. 1761 */ 1762 b0 = gen_cmp(2, BPF_H, (0x03<<8) | ISO8473_CLNP); 1763 b1 = gen_cmp(2, BPF_H, (0x03<<8) | ISO9542_ESIS); 1764 b2 = gen_cmp(2, BPF_H, (0x03<<8) | ISO10589_ISIS); 1765 gen_or(b1, b2); 1766 gen_or(b0, b2); 1767 return b2; 1768 1769 default: 1770 return gen_false(); 1771 } 1772 break; 1773 1774 case DLT_LINUX_IRDA: 1775 bpf_error("IrDA link-layer type filtering not implemented"); 1776 } 1777 1778 /* 1779 * All the types that have no encapsulation should either be 1780 * handled as DLT_SLIP, DLT_SLIP_BSDOS, and DLT_RAW are, if 1781 * all packets are IP packets, or should be handled in some 1782 * special case, if none of them are (if some are and some 1783 * aren't, the lack of encapsulation is a problem, as we'd 1784 * have to find some other way of determining the packet type). 1785 * 1786 * Therefore, if "off_linktype" is -1, there's an error. 1787 */ 1788 if (off_linktype == (u_int)-1) 1789 abort(); 1790 1791 /* 1792 * Any type not handled above should always have an Ethernet 1793 * type at an offset of "off_linktype". (PPP is partially 1794 * handled above - the protocol type is mapped from the 1795 * Ethernet and LLC types we use internally to the corresponding 1796 * PPP type - but the PPP type is always specified by a value 1797 * at "off_linktype", so we don't have to do the code generation 1798 * above.) 1799 */ 1800 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 1801 } 1802 1803 /* 1804 * Check for an LLC SNAP packet with a given organization code and 1805 * protocol type; we check the entire contents of the 802.2 LLC and 1806 * snap headers, checking for DSAP and SSAP of SNAP and a control 1807 * field of 0x03 in the LLC header, and for the specified organization 1808 * code and protocol type in the SNAP header. 1809 */ 1810 static struct block * 1811 gen_snap(orgcode, ptype, offset) 1812 bpf_u_int32 orgcode; 1813 bpf_u_int32 ptype; 1814 u_int offset; 1815 { 1816 u_char snapblock[8]; 1817 1818 snapblock[0] = LLCSAP_SNAP; /* DSAP = SNAP */ 1819 snapblock[1] = LLCSAP_SNAP; /* SSAP = SNAP */ 1820 snapblock[2] = 0x03; /* control = UI */ 1821 snapblock[3] = (orgcode >> 16); /* upper 8 bits of organization code */ 1822 snapblock[4] = (orgcode >> 8); /* middle 8 bits of organization code */ 1823 snapblock[5] = (orgcode >> 0); /* lower 8 bits of organization code */ 1824 snapblock[6] = (ptype >> 8); /* upper 8 bits of protocol type */ 1825 snapblock[7] = (ptype >> 0); /* lower 8 bits of protocol type */ 1826 return gen_bcmp(offset, 8, snapblock); 1827 } 1828 1829 /* 1830 * Check for a given protocol value assuming an 802.2 LLC header. 1831 */ 1832 static struct block * 1833 gen_llc(proto) 1834 int proto; 1835 { 1836 /* 1837 * XXX - handle token-ring variable-length header. 1838 */ 1839 switch (proto) { 1840 1841 case LLCSAP_IP: 1842 return gen_cmp(off_linktype, BPF_H, (long) 1843 ((LLCSAP_IP << 8) | LLCSAP_IP)); 1844 1845 case LLCSAP_ISONS: 1846 return gen_cmp(off_linktype, BPF_H, (long) 1847 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS)); 1848 1849 case LLCSAP_NETBEUI: 1850 return gen_cmp(off_linktype, BPF_H, (long) 1851 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI)); 1852 1853 case LLCSAP_IPX: 1854 /* 1855 * XXX - are there ever SNAP frames for IPX on 1856 * non-Ethernet 802.x networks? 1857 */ 1858 return gen_cmp(off_linktype, BPF_B, (bpf_int32)LLCSAP_IPX); 1859 1860 case ETHERTYPE_ATALK: 1861 /* 1862 * 802.2-encapsulated ETHERTYPE_ATALK packets are 1863 * SNAP packets with an organization code of 1864 * 0x080007 (Apple, for Appletalk) and a protocol 1865 * type of ETHERTYPE_ATALK (Appletalk). 1866 * 1867 * XXX - check for an organization code of 1868 * encapsulated Ethernet as well? 1869 */ 1870 return gen_snap(0x080007, ETHERTYPE_ATALK, off_linktype); 1871 1872 default: 1873 /* 1874 * XXX - we don't have to check for IPX 802.3 1875 * here, but should we check for the IPX Ethertype? 1876 */ 1877 if (proto <= ETHERMTU) { 1878 /* 1879 * This is an LLC SAP value, so check 1880 * the DSAP. 1881 */ 1882 return gen_cmp(off_linktype, BPF_B, (bpf_int32)proto); 1883 } else { 1884 /* 1885 * This is an Ethernet type; we assume that it's 1886 * unlikely that it'll appear in the right place 1887 * at random, and therefore check only the 1888 * location that would hold the Ethernet type 1889 * in a SNAP frame with an organization code of 1890 * 0x000000 (encapsulated Ethernet). 1891 * 1892 * XXX - if we were to check for the SNAP DSAP and 1893 * LSAP, as per XXX, and were also to check for an 1894 * organization code of 0x000000 (encapsulated 1895 * Ethernet), we'd do 1896 * 1897 * return gen_snap(0x000000, proto, 1898 * off_linktype); 1899 * 1900 * here; for now, we don't, as per the above. 1901 * I don't know whether it's worth the extra CPU 1902 * time to do the right check or not. 1903 */ 1904 return gen_cmp(off_linktype+6, BPF_H, (bpf_int32)proto); 1905 } 1906 } 1907 } 1908 1909 static struct block * 1910 gen_hostop(addr, mask, dir, proto, src_off, dst_off) 1911 bpf_u_int32 addr; 1912 bpf_u_int32 mask; 1913 int dir, proto; 1914 u_int src_off, dst_off; 1915 { 1916 struct block *b0, *b1; 1917 u_int offset; 1918 1919 switch (dir) { 1920 1921 case Q_SRC: 1922 offset = src_off; 1923 break; 1924 1925 case Q_DST: 1926 offset = dst_off; 1927 break; 1928 1929 case Q_AND: 1930 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off); 1931 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off); 1932 gen_and(b0, b1); 1933 return b1; 1934 1935 case Q_OR: 1936 case Q_DEFAULT: 1937 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off); 1938 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off); 1939 gen_or(b0, b1); 1940 return b1; 1941 1942 default: 1943 abort(); 1944 } 1945 b0 = gen_linktype(proto); 1946 b1 = gen_mcmp(offset, BPF_W, (bpf_int32)addr, mask); 1947 gen_and(b0, b1); 1948 return b1; 1949 } 1950 1951 #ifdef INET6 1952 static struct block * 1953 gen_hostop6(addr, mask, dir, proto, src_off, dst_off) 1954 struct in6_addr *addr; 1955 struct in6_addr *mask; 1956 int dir, proto; 1957 u_int src_off, dst_off; 1958 { 1959 struct block *b0, *b1; 1960 u_int offset; 1961 u_int32_t *a, *m; 1962 1963 switch (dir) { 1964 1965 case Q_SRC: 1966 offset = src_off; 1967 break; 1968 1969 case Q_DST: 1970 offset = dst_off; 1971 break; 1972 1973 case Q_AND: 1974 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off); 1975 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off); 1976 gen_and(b0, b1); 1977 return b1; 1978 1979 case Q_OR: 1980 case Q_DEFAULT: 1981 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off); 1982 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off); 1983 gen_or(b0, b1); 1984 return b1; 1985 1986 default: 1987 abort(); 1988 } 1989 /* this order is important */ 1990 a = (u_int32_t *)addr; 1991 m = (u_int32_t *)mask; 1992 b1 = gen_mcmp(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3])); 1993 b0 = gen_mcmp(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2])); 1994 gen_and(b0, b1); 1995 b0 = gen_mcmp(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1])); 1996 gen_and(b0, b1); 1997 b0 = gen_mcmp(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0])); 1998 gen_and(b0, b1); 1999 b0 = gen_linktype(proto); 2000 gen_and(b0, b1); 2001 return b1; 2002 } 2003 #endif /*INET6*/ 2004 2005 static struct block * 2006 gen_ehostop(eaddr, dir) 2007 register const u_char *eaddr; 2008 register int dir; 2009 { 2010 register struct block *b0, *b1; 2011 2012 switch (dir) { 2013 case Q_SRC: 2014 return gen_bcmp(off_mac + 6, 6, eaddr); 2015 2016 case Q_DST: 2017 return gen_bcmp(off_mac + 0, 6, eaddr); 2018 2019 case Q_AND: 2020 b0 = gen_ehostop(eaddr, Q_SRC); 2021 b1 = gen_ehostop(eaddr, Q_DST); 2022 gen_and(b0, b1); 2023 return b1; 2024 2025 case Q_DEFAULT: 2026 case Q_OR: 2027 b0 = gen_ehostop(eaddr, Q_SRC); 2028 b1 = gen_ehostop(eaddr, Q_DST); 2029 gen_or(b0, b1); 2030 return b1; 2031 } 2032 abort(); 2033 /* NOTREACHED */ 2034 } 2035 2036 /* 2037 * Like gen_ehostop, but for DLT_FDDI 2038 */ 2039 static struct block * 2040 gen_fhostop(eaddr, dir) 2041 register const u_char *eaddr; 2042 register int dir; 2043 { 2044 struct block *b0, *b1; 2045 2046 switch (dir) { 2047 case Q_SRC: 2048 #ifdef PCAP_FDDIPAD 2049 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr); 2050 #else 2051 return gen_bcmp(6 + 1, 6, eaddr); 2052 #endif 2053 2054 case Q_DST: 2055 #ifdef PCAP_FDDIPAD 2056 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr); 2057 #else 2058 return gen_bcmp(0 + 1, 6, eaddr); 2059 #endif 2060 2061 case Q_AND: 2062 b0 = gen_fhostop(eaddr, Q_SRC); 2063 b1 = gen_fhostop(eaddr, Q_DST); 2064 gen_and(b0, b1); 2065 return b1; 2066 2067 case Q_DEFAULT: 2068 case Q_OR: 2069 b0 = gen_fhostop(eaddr, Q_SRC); 2070 b1 = gen_fhostop(eaddr, Q_DST); 2071 gen_or(b0, b1); 2072 return b1; 2073 } 2074 abort(); 2075 /* NOTREACHED */ 2076 } 2077 2078 /* 2079 * Like gen_ehostop, but for DLT_IEEE802 (Token Ring) 2080 */ 2081 static struct block * 2082 gen_thostop(eaddr, dir) 2083 register const u_char *eaddr; 2084 register int dir; 2085 { 2086 register struct block *b0, *b1; 2087 2088 switch (dir) { 2089 case Q_SRC: 2090 return gen_bcmp(8, 6, eaddr); 2091 2092 case Q_DST: 2093 return gen_bcmp(2, 6, eaddr); 2094 2095 case Q_AND: 2096 b0 = gen_thostop(eaddr, Q_SRC); 2097 b1 = gen_thostop(eaddr, Q_DST); 2098 gen_and(b0, b1); 2099 return b1; 2100 2101 case Q_DEFAULT: 2102 case Q_OR: 2103 b0 = gen_thostop(eaddr, Q_SRC); 2104 b1 = gen_thostop(eaddr, Q_DST); 2105 gen_or(b0, b1); 2106 return b1; 2107 } 2108 abort(); 2109 /* NOTREACHED */ 2110 } 2111 2112 /* 2113 * Like gen_ehostop, but for DLT_IEEE802_11 (802.11 wireless LAN) 2114 */ 2115 static struct block * 2116 gen_wlanhostop(eaddr, dir) 2117 register const u_char *eaddr; 2118 register int dir; 2119 { 2120 register struct block *b0, *b1, *b2; 2121 register struct slist *s; 2122 2123 switch (dir) { 2124 case Q_SRC: 2125 /* 2126 * Oh, yuk. 2127 * 2128 * For control frames, there is no SA. 2129 * 2130 * For management frames, SA is at an 2131 * offset of 10 from the beginning of 2132 * the packet. 2133 * 2134 * For data frames, SA is at an offset 2135 * of 10 from the beginning of the packet 2136 * if From DS is clear, at an offset of 2137 * 16 from the beginning of the packet 2138 * if From DS is set and To DS is clear, 2139 * and an offset of 24 from the beginning 2140 * of the packet if From DS is set and To DS 2141 * is set. 2142 */ 2143 2144 /* 2145 * Generate the tests to be done for data frames 2146 * with From DS set. 2147 * 2148 * First, check for To DS set, i.e. check "link[1] & 0x01". 2149 */ 2150 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 2151 s->s.k = 1; 2152 b1 = new_block(JMP(BPF_JSET)); 2153 b1->s.k = 0x01; /* To DS */ 2154 b1->stmts = s; 2155 2156 /* 2157 * If To DS is set, the SA is at 24. 2158 */ 2159 b0 = gen_bcmp(24, 6, eaddr); 2160 gen_and(b1, b0); 2161 2162 /* 2163 * Now, check for To DS not set, i.e. check 2164 * "!(link[1] & 0x01)". 2165 */ 2166 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 2167 s->s.k = 1; 2168 b2 = new_block(JMP(BPF_JSET)); 2169 b2->s.k = 0x01; /* To DS */ 2170 b2->stmts = s; 2171 gen_not(b2); 2172 2173 /* 2174 * If To DS is not set, the SA is at 16. 2175 */ 2176 b1 = gen_bcmp(16, 6, eaddr); 2177 gen_and(b2, b1); 2178 2179 /* 2180 * Now OR together the last two checks. That gives 2181 * the complete set of checks for data frames with 2182 * From DS set. 2183 */ 2184 gen_or(b1, b0); 2185 2186 /* 2187 * Now check for From DS being set, and AND that with 2188 * the ORed-together checks. 2189 */ 2190 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 2191 s->s.k = 1; 2192 b1 = new_block(JMP(BPF_JSET)); 2193 b1->s.k = 0x02; /* From DS */ 2194 b1->stmts = s; 2195 gen_and(b1, b0); 2196 2197 /* 2198 * Now check for data frames with From DS not set. 2199 */ 2200 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 2201 s->s.k = 1; 2202 b2 = new_block(JMP(BPF_JSET)); 2203 b2->s.k = 0x02; /* From DS */ 2204 b2->stmts = s; 2205 gen_not(b2); 2206 2207 /* 2208 * If From DS isn't set, the SA is at 10. 2209 */ 2210 b1 = gen_bcmp(10, 6, eaddr); 2211 gen_and(b2, b1); 2212 2213 /* 2214 * Now OR together the checks for data frames with 2215 * From DS not set and for data frames with From DS 2216 * set; that gives the checks done for data frames. 2217 */ 2218 gen_or(b1, b0); 2219 2220 /* 2221 * Now check for a data frame. 2222 * I.e, check "link[0] & 0x08". 2223 */ 2224 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 2225 s->s.k = 0; 2226 b1 = new_block(JMP(BPF_JSET)); 2227 b1->s.k = 0x08; 2228 b1->stmts = s; 2229 2230 /* 2231 * AND that with the checks done for data frames. 2232 */ 2233 gen_and(b1, b0); 2234 2235 /* 2236 * If the high-order bit of the type value is 0, this 2237 * is a management frame. 2238 * I.e, check "!(link[0] & 0x08)". 2239 */ 2240 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 2241 s->s.k = 0; 2242 b2 = new_block(JMP(BPF_JSET)); 2243 b2->s.k = 0x08; 2244 b2->stmts = s; 2245 gen_not(b2); 2246 2247 /* 2248 * For management frames, the SA is at 10. 2249 */ 2250 b1 = gen_bcmp(10, 6, eaddr); 2251 gen_and(b2, b1); 2252 2253 /* 2254 * OR that with the checks done for data frames. 2255 * That gives the checks done for management and 2256 * data frames. 2257 */ 2258 gen_or(b1, b0); 2259 2260 /* 2261 * If the low-order bit of the type value is 1, 2262 * this is either a control frame or a frame 2263 * with a reserved type, and thus not a 2264 * frame with an SA. 2265 * 2266 * I.e., check "!(link[0] & 0x04)". 2267 */ 2268 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 2269 s->s.k = 0; 2270 b1 = new_block(JMP(BPF_JSET)); 2271 b1->s.k = 0x04; 2272 b1->stmts = s; 2273 gen_not(b1); 2274 2275 /* 2276 * AND that with the checks for data and management 2277 * frames. 2278 */ 2279 gen_and(b1, b0); 2280 return b0; 2281 2282 case Q_DST: 2283 /* 2284 * Oh, yuk. 2285 * 2286 * For control frames, there is no DA. 2287 * 2288 * For management frames, DA is at an 2289 * offset of 4 from the beginning of 2290 * the packet. 2291 * 2292 * For data frames, DA is at an offset 2293 * of 4 from the beginning of the packet 2294 * if To DS is clear and at an offset of 2295 * 16 from the beginning of the packet 2296 * if To DS is set. 2297 */ 2298 2299 /* 2300 * Generate the tests to be done for data frames. 2301 * 2302 * First, check for To DS set, i.e. "link[1] & 0x01". 2303 */ 2304 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 2305 s->s.k = 1; 2306 b1 = new_block(JMP(BPF_JSET)); 2307 b1->s.k = 0x01; /* To DS */ 2308 b1->stmts = s; 2309 2310 /* 2311 * If To DS is set, the DA is at 16. 2312 */ 2313 b0 = gen_bcmp(16, 6, eaddr); 2314 gen_and(b1, b0); 2315 2316 /* 2317 * Now, check for To DS not set, i.e. check 2318 * "!(link[1] & 0x01)". 2319 */ 2320 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 2321 s->s.k = 1; 2322 b2 = new_block(JMP(BPF_JSET)); 2323 b2->s.k = 0x01; /* To DS */ 2324 b2->stmts = s; 2325 gen_not(b2); 2326 2327 /* 2328 * If To DS is not set, the DA is at 4. 2329 */ 2330 b1 = gen_bcmp(4, 6, eaddr); 2331 gen_and(b2, b1); 2332 2333 /* 2334 * Now OR together the last two checks. That gives 2335 * the complete set of checks for data frames. 2336 */ 2337 gen_or(b1, b0); 2338 2339 /* 2340 * Now check for a data frame. 2341 * I.e, check "link[0] & 0x08". 2342 */ 2343 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 2344 s->s.k = 0; 2345 b1 = new_block(JMP(BPF_JSET)); 2346 b1->s.k = 0x08; 2347 b1->stmts = s; 2348 2349 /* 2350 * AND that with the checks done for data frames. 2351 */ 2352 gen_and(b1, b0); 2353 2354 /* 2355 * If the high-order bit of the type value is 0, this 2356 * is a management frame. 2357 * I.e, check "!(link[0] & 0x08)". 2358 */ 2359 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 2360 s->s.k = 0; 2361 b2 = new_block(JMP(BPF_JSET)); 2362 b2->s.k = 0x08; 2363 b2->stmts = s; 2364 gen_not(b2); 2365 2366 /* 2367 * For management frames, the DA is at 4. 2368 */ 2369 b1 = gen_bcmp(4, 6, eaddr); 2370 gen_and(b2, b1); 2371 2372 /* 2373 * OR that with the checks done for data frames. 2374 * That gives the checks done for management and 2375 * data frames. 2376 */ 2377 gen_or(b1, b0); 2378 2379 /* 2380 * If the low-order bit of the type value is 1, 2381 * this is either a control frame or a frame 2382 * with a reserved type, and thus not a 2383 * frame with an SA. 2384 * 2385 * I.e., check "!(link[0] & 0x04)". 2386 */ 2387 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 2388 s->s.k = 0; 2389 b1 = new_block(JMP(BPF_JSET)); 2390 b1->s.k = 0x04; 2391 b1->stmts = s; 2392 gen_not(b1); 2393 2394 /* 2395 * AND that with the checks for data and management 2396 * frames. 2397 */ 2398 gen_and(b1, b0); 2399 return b0; 2400 2401 case Q_AND: 2402 b0 = gen_wlanhostop(eaddr, Q_SRC); 2403 b1 = gen_wlanhostop(eaddr, Q_DST); 2404 gen_and(b0, b1); 2405 return b1; 2406 2407 case Q_DEFAULT: 2408 case Q_OR: 2409 b0 = gen_wlanhostop(eaddr, Q_SRC); 2410 b1 = gen_wlanhostop(eaddr, Q_DST); 2411 gen_or(b0, b1); 2412 return b1; 2413 } 2414 abort(); 2415 /* NOTREACHED */ 2416 } 2417 2418 /* 2419 * Like gen_ehostop, but for RFC 2625 IP-over-Fibre-Channel. 2420 * (We assume that the addresses are IEEE 48-bit MAC addresses, 2421 * as the RFC states.) 2422 */ 2423 static struct block * 2424 gen_ipfchostop(eaddr, dir) 2425 register const u_char *eaddr; 2426 register int dir; 2427 { 2428 register struct block *b0, *b1; 2429 2430 switch (dir) { 2431 case Q_SRC: 2432 return gen_bcmp(10, 6, eaddr); 2433 2434 case Q_DST: 2435 return gen_bcmp(2, 6, eaddr); 2436 2437 case Q_AND: 2438 b0 = gen_ipfchostop(eaddr, Q_SRC); 2439 b1 = gen_ipfchostop(eaddr, Q_DST); 2440 gen_and(b0, b1); 2441 return b1; 2442 2443 case Q_DEFAULT: 2444 case Q_OR: 2445 b0 = gen_ipfchostop(eaddr, Q_SRC); 2446 b1 = gen_ipfchostop(eaddr, Q_DST); 2447 gen_or(b0, b1); 2448 return b1; 2449 } 2450 abort(); 2451 /* NOTREACHED */ 2452 } 2453 2454 /* 2455 * This is quite tricky because there may be pad bytes in front of the 2456 * DECNET header, and then there are two possible data packet formats that 2457 * carry both src and dst addresses, plus 5 packet types in a format that 2458 * carries only the src node, plus 2 types that use a different format and 2459 * also carry just the src node. 2460 * 2461 * Yuck. 2462 * 2463 * Instead of doing those all right, we just look for data packets with 2464 * 0 or 1 bytes of padding. If you want to look at other packets, that 2465 * will require a lot more hacking. 2466 * 2467 * To add support for filtering on DECNET "areas" (network numbers) 2468 * one would want to add a "mask" argument to this routine. That would 2469 * make the filter even more inefficient, although one could be clever 2470 * and not generate masking instructions if the mask is 0xFFFF. 2471 */ 2472 static struct block * 2473 gen_dnhostop(addr, dir, base_off) 2474 bpf_u_int32 addr; 2475 int dir; 2476 u_int base_off; 2477 { 2478 struct block *b0, *b1, *b2, *tmp; 2479 u_int offset_lh; /* offset if long header is received */ 2480 u_int offset_sh; /* offset if short header is received */ 2481 2482 switch (dir) { 2483 2484 case Q_DST: 2485 offset_sh = 1; /* follows flags */ 2486 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */ 2487 break; 2488 2489 case Q_SRC: 2490 offset_sh = 3; /* follows flags, dstnode */ 2491 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */ 2492 break; 2493 2494 case Q_AND: 2495 /* Inefficient because we do our Calvinball dance twice */ 2496 b0 = gen_dnhostop(addr, Q_SRC, base_off); 2497 b1 = gen_dnhostop(addr, Q_DST, base_off); 2498 gen_and(b0, b1); 2499 return b1; 2500 2501 case Q_OR: 2502 case Q_DEFAULT: 2503 /* Inefficient because we do our Calvinball dance twice */ 2504 b0 = gen_dnhostop(addr, Q_SRC, base_off); 2505 b1 = gen_dnhostop(addr, Q_DST, base_off); 2506 gen_or(b0, b1); 2507 return b1; 2508 2509 case Q_ISO: 2510 bpf_error("ISO host filtering not implemented"); 2511 2512 default: 2513 abort(); 2514 } 2515 b0 = gen_linktype(ETHERTYPE_DN); 2516 /* Check for pad = 1, long header case */ 2517 tmp = gen_mcmp(base_off + 2, BPF_H, 2518 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF)); 2519 b1 = gen_cmp(base_off + 2 + 1 + offset_lh, 2520 BPF_H, (bpf_int32)ntohs(addr)); 2521 gen_and(tmp, b1); 2522 /* Check for pad = 0, long header case */ 2523 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7); 2524 b2 = gen_cmp(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr)); 2525 gen_and(tmp, b2); 2526 gen_or(b2, b1); 2527 /* Check for pad = 1, short header case */ 2528 tmp = gen_mcmp(base_off + 2, BPF_H, 2529 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF)); 2530 b2 = gen_cmp(base_off + 2 + 1 + offset_sh, 2531 BPF_H, (bpf_int32)ntohs(addr)); 2532 gen_and(tmp, b2); 2533 gen_or(b2, b1); 2534 /* Check for pad = 0, short header case */ 2535 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7); 2536 b2 = gen_cmp(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr)); 2537 gen_and(tmp, b2); 2538 gen_or(b2, b1); 2539 2540 /* Combine with test for linktype */ 2541 gen_and(b0, b1); 2542 return b1; 2543 } 2544 2545 static struct block * 2546 gen_host(addr, mask, proto, dir) 2547 bpf_u_int32 addr; 2548 bpf_u_int32 mask; 2549 int proto; 2550 int dir; 2551 { 2552 struct block *b0, *b1; 2553 2554 switch (proto) { 2555 2556 case Q_DEFAULT: 2557 b0 = gen_host(addr, mask, Q_IP, dir); 2558 if (off_linktype != (u_int)-1) { 2559 b1 = gen_host(addr, mask, Q_ARP, dir); 2560 gen_or(b0, b1); 2561 b0 = gen_host(addr, mask, Q_RARP, dir); 2562 gen_or(b1, b0); 2563 } 2564 return b0; 2565 2566 case Q_IP: 2567 return gen_hostop(addr, mask, dir, ETHERTYPE_IP, 2568 off_nl + 12, off_nl + 16); 2569 2570 case Q_RARP: 2571 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP, 2572 off_nl + 14, off_nl + 24); 2573 2574 case Q_ARP: 2575 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP, 2576 off_nl + 14, off_nl + 24); 2577 2578 case Q_TCP: 2579 bpf_error("'tcp' modifier applied to host"); 2580 2581 case Q_SCTP: 2582 bpf_error("'sctp' modifier applied to host"); 2583 2584 case Q_UDP: 2585 bpf_error("'udp' modifier applied to host"); 2586 2587 case Q_ICMP: 2588 bpf_error("'icmp' modifier applied to host"); 2589 2590 case Q_IGMP: 2591 bpf_error("'igmp' modifier applied to host"); 2592 2593 case Q_IGRP: 2594 bpf_error("'igrp' modifier applied to host"); 2595 2596 case Q_PIM: 2597 bpf_error("'pim' modifier applied to host"); 2598 2599 case Q_VRRP: 2600 bpf_error("'vrrp' modifier applied to host"); 2601 2602 case Q_ATALK: 2603 bpf_error("ATALK host filtering not implemented"); 2604 2605 case Q_AARP: 2606 bpf_error("AARP host filtering not implemented"); 2607 2608 case Q_DECNET: 2609 return gen_dnhostop(addr, dir, off_nl); 2610 2611 case Q_SCA: 2612 bpf_error("SCA host filtering not implemented"); 2613 2614 case Q_LAT: 2615 bpf_error("LAT host filtering not implemented"); 2616 2617 case Q_MOPDL: 2618 bpf_error("MOPDL host filtering not implemented"); 2619 2620 case Q_MOPRC: 2621 bpf_error("MOPRC host filtering not implemented"); 2622 2623 #ifdef INET6 2624 case Q_IPV6: 2625 bpf_error("'ip6' modifier applied to ip host"); 2626 2627 case Q_ICMPV6: 2628 bpf_error("'icmp6' modifier applied to host"); 2629 #endif /* INET6 */ 2630 2631 case Q_AH: 2632 bpf_error("'ah' modifier applied to host"); 2633 2634 case Q_ESP: 2635 bpf_error("'esp' modifier applied to host"); 2636 2637 case Q_ISO: 2638 bpf_error("ISO host filtering not implemented"); 2639 2640 case Q_ESIS: 2641 bpf_error("'esis' modifier applied to host"); 2642 2643 case Q_ISIS: 2644 bpf_error("'isis' modifier applied to host"); 2645 2646 case Q_CLNP: 2647 bpf_error("'clnp' modifier applied to host"); 2648 2649 case Q_STP: 2650 bpf_error("'stp' modifier applied to host"); 2651 2652 case Q_IPX: 2653 bpf_error("IPX host filtering not implemented"); 2654 2655 case Q_NETBEUI: 2656 bpf_error("'netbeui' modifier applied to host"); 2657 2658 default: 2659 abort(); 2660 } 2661 /* NOTREACHED */ 2662 } 2663 2664 #ifdef INET6 2665 static struct block * 2666 gen_host6(addr, mask, proto, dir) 2667 struct in6_addr *addr; 2668 struct in6_addr *mask; 2669 int proto; 2670 int dir; 2671 { 2672 switch (proto) { 2673 2674 case Q_DEFAULT: 2675 return gen_host6(addr, mask, Q_IPV6, dir); 2676 2677 case Q_IP: 2678 bpf_error("'ip' modifier applied to ip6 host"); 2679 2680 case Q_RARP: 2681 bpf_error("'rarp' modifier applied to ip6 host"); 2682 2683 case Q_ARP: 2684 bpf_error("'arp' modifier applied to ip6 host"); 2685 2686 case Q_SCTP: 2687 bpf_error("'sctp' modifier applied to host"); 2688 2689 case Q_TCP: 2690 bpf_error("'tcp' modifier applied to host"); 2691 2692 case Q_UDP: 2693 bpf_error("'udp' modifier applied to host"); 2694 2695 case Q_ICMP: 2696 bpf_error("'icmp' modifier applied to host"); 2697 2698 case Q_IGMP: 2699 bpf_error("'igmp' modifier applied to host"); 2700 2701 case Q_IGRP: 2702 bpf_error("'igrp' modifier applied to host"); 2703 2704 case Q_PIM: 2705 bpf_error("'pim' modifier applied to host"); 2706 2707 case Q_VRRP: 2708 bpf_error("'vrrp' modifier applied to host"); 2709 2710 case Q_ATALK: 2711 bpf_error("ATALK host filtering not implemented"); 2712 2713 case Q_AARP: 2714 bpf_error("AARP host filtering not implemented"); 2715 2716 case Q_DECNET: 2717 bpf_error("'decnet' modifier applied to ip6 host"); 2718 2719 case Q_SCA: 2720 bpf_error("SCA host filtering not implemented"); 2721 2722 case Q_LAT: 2723 bpf_error("LAT host filtering not implemented"); 2724 2725 case Q_MOPDL: 2726 bpf_error("MOPDL host filtering not implemented"); 2727 2728 case Q_MOPRC: 2729 bpf_error("MOPRC host filtering not implemented"); 2730 2731 case Q_IPV6: 2732 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6, 2733 off_nl + 8, off_nl + 24); 2734 2735 case Q_ICMPV6: 2736 bpf_error("'icmp6' modifier applied to host"); 2737 2738 case Q_AH: 2739 bpf_error("'ah' modifier applied to host"); 2740 2741 case Q_ESP: 2742 bpf_error("'esp' modifier applied to host"); 2743 2744 case Q_ISO: 2745 bpf_error("ISO host filtering not implemented"); 2746 2747 case Q_ESIS: 2748 bpf_error("'esis' modifier applied to host"); 2749 2750 case Q_ISIS: 2751 bpf_error("'isis' modifier applied to host"); 2752 2753 case Q_CLNP: 2754 bpf_error("'clnp' modifier applied to host"); 2755 2756 case Q_STP: 2757 bpf_error("'stp' modifier applied to host"); 2758 2759 case Q_IPX: 2760 bpf_error("IPX host filtering not implemented"); 2761 2762 case Q_NETBEUI: 2763 bpf_error("'netbeui' modifier applied to host"); 2764 2765 default: 2766 abort(); 2767 } 2768 /* NOTREACHED */ 2769 } 2770 #endif /*INET6*/ 2771 2772 #ifndef INET6 2773 static struct block * 2774 gen_gateway(eaddr, alist, proto, dir) 2775 const u_char *eaddr; 2776 bpf_u_int32 **alist; 2777 int proto; 2778 int dir; 2779 { 2780 struct block *b0, *b1, *tmp; 2781 2782 if (dir != 0) 2783 bpf_error("direction applied to 'gateway'"); 2784 2785 switch (proto) { 2786 case Q_DEFAULT: 2787 case Q_IP: 2788 case Q_ARP: 2789 case Q_RARP: 2790 if (linktype == DLT_EN10MB) 2791 b0 = gen_ehostop(eaddr, Q_OR); 2792 else if (linktype == DLT_FDDI) 2793 b0 = gen_fhostop(eaddr, Q_OR); 2794 else if (linktype == DLT_IEEE802) 2795 b0 = gen_thostop(eaddr, Q_OR); 2796 else if (linktype == DLT_IEEE802_11) 2797 b0 = gen_wlanhostop(eaddr, Q_OR); 2798 else if (linktype == DLT_SUNATM && is_lane) { 2799 /* 2800 * Check that the packet doesn't begin with an 2801 * LE Control marker. (We've already generated 2802 * a test for LANE.) 2803 */ 2804 b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00); 2805 gen_not(b1); 2806 2807 /* 2808 * Now check the MAC address. 2809 */ 2810 b0 = gen_ehostop(eaddr, Q_OR); 2811 gen_and(b1, b0); 2812 } else if (linktype == DLT_IP_OVER_FC) 2813 b0 = gen_ipfchostop(eaddr, Q_OR); 2814 else 2815 bpf_error( 2816 "'gateway' supported only on ethernet/FDDI/token ring/802.11/Fibre Channel"); 2817 2818 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR); 2819 while (*alist) { 2820 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR); 2821 gen_or(b1, tmp); 2822 b1 = tmp; 2823 } 2824 gen_not(b1); 2825 gen_and(b0, b1); 2826 return b1; 2827 } 2828 bpf_error("illegal modifier of 'gateway'"); 2829 /* NOTREACHED */ 2830 } 2831 #endif 2832 2833 struct block * 2834 gen_proto_abbrev(proto) 2835 int proto; 2836 { 2837 struct block *b0; 2838 struct block *b1; 2839 2840 switch (proto) { 2841 2842 case Q_SCTP: 2843 b1 = gen_proto(IPPROTO_SCTP, Q_IP, Q_DEFAULT); 2844 #ifdef INET6 2845 b0 = gen_proto(IPPROTO_SCTP, Q_IPV6, Q_DEFAULT); 2846 gen_or(b0, b1); 2847 #endif 2848 break; 2849 2850 case Q_TCP: 2851 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT); 2852 #ifdef INET6 2853 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT); 2854 gen_or(b0, b1); 2855 #endif 2856 break; 2857 2858 case Q_UDP: 2859 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT); 2860 #ifdef INET6 2861 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT); 2862 gen_or(b0, b1); 2863 #endif 2864 break; 2865 2866 case Q_ICMP: 2867 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT); 2868 break; 2869 2870 #ifndef IPPROTO_IGMP 2871 #define IPPROTO_IGMP 2 2872 #endif 2873 2874 case Q_IGMP: 2875 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT); 2876 break; 2877 2878 #ifndef IPPROTO_IGRP 2879 #define IPPROTO_IGRP 9 2880 #endif 2881 case Q_IGRP: 2882 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT); 2883 break; 2884 2885 #ifndef IPPROTO_PIM 2886 #define IPPROTO_PIM 103 2887 #endif 2888 2889 case Q_PIM: 2890 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT); 2891 #ifdef INET6 2892 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT); 2893 gen_or(b0, b1); 2894 #endif 2895 break; 2896 2897 #ifndef IPPROTO_VRRP 2898 #define IPPROTO_VRRP 112 2899 #endif 2900 2901 case Q_VRRP: 2902 b1 = gen_proto(IPPROTO_VRRP, Q_IP, Q_DEFAULT); 2903 break; 2904 2905 case Q_IP: 2906 b1 = gen_linktype(ETHERTYPE_IP); 2907 break; 2908 2909 case Q_ARP: 2910 b1 = gen_linktype(ETHERTYPE_ARP); 2911 break; 2912 2913 case Q_RARP: 2914 b1 = gen_linktype(ETHERTYPE_REVARP); 2915 break; 2916 2917 case Q_LINK: 2918 bpf_error("link layer applied in wrong context"); 2919 2920 case Q_ATALK: 2921 b1 = gen_linktype(ETHERTYPE_ATALK); 2922 break; 2923 2924 case Q_AARP: 2925 b1 = gen_linktype(ETHERTYPE_AARP); 2926 break; 2927 2928 case Q_DECNET: 2929 b1 = gen_linktype(ETHERTYPE_DN); 2930 break; 2931 2932 case Q_SCA: 2933 b1 = gen_linktype(ETHERTYPE_SCA); 2934 break; 2935 2936 case Q_LAT: 2937 b1 = gen_linktype(ETHERTYPE_LAT); 2938 break; 2939 2940 case Q_MOPDL: 2941 b1 = gen_linktype(ETHERTYPE_MOPDL); 2942 break; 2943 2944 case Q_MOPRC: 2945 b1 = gen_linktype(ETHERTYPE_MOPRC); 2946 break; 2947 2948 #ifdef INET6 2949 case Q_IPV6: 2950 b1 = gen_linktype(ETHERTYPE_IPV6); 2951 break; 2952 2953 #ifndef IPPROTO_ICMPV6 2954 #define IPPROTO_ICMPV6 58 2955 #endif 2956 case Q_ICMPV6: 2957 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT); 2958 break; 2959 #endif /* INET6 */ 2960 2961 #ifndef IPPROTO_AH 2962 #define IPPROTO_AH 51 2963 #endif 2964 case Q_AH: 2965 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT); 2966 #ifdef INET6 2967 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT); 2968 gen_or(b0, b1); 2969 #endif 2970 break; 2971 2972 #ifndef IPPROTO_ESP 2973 #define IPPROTO_ESP 50 2974 #endif 2975 case Q_ESP: 2976 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT); 2977 #ifdef INET6 2978 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT); 2979 gen_or(b0, b1); 2980 #endif 2981 break; 2982 2983 case Q_ISO: 2984 b1 = gen_linktype(LLCSAP_ISONS); 2985 break; 2986 2987 case Q_ESIS: 2988 b1 = gen_proto(ISO9542_ESIS, Q_ISO, Q_DEFAULT); 2989 break; 2990 2991 case Q_ISIS: 2992 b1 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT); 2993 break; 2994 2995 case Q_ISIS_L1: /* all IS-IS Level1 PDU-Types */ 2996 b0 = gen_proto(ISIS_L1_LAN_IIH, Q_ISIS, Q_DEFAULT); 2997 b1 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT); /* FIXME extract the circuit-type bits */ 2998 gen_or(b0, b1); 2999 b0 = gen_proto(ISIS_L1_LSP, Q_ISIS, Q_DEFAULT); 3000 gen_or(b0, b1); 3001 b0 = gen_proto(ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT); 3002 gen_or(b0, b1); 3003 b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT); 3004 gen_or(b0, b1); 3005 break; 3006 3007 case Q_ISIS_L2: /* all IS-IS Level2 PDU-Types */ 3008 b0 = gen_proto(ISIS_L2_LAN_IIH, Q_ISIS, Q_DEFAULT); 3009 b1 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT); /* FIXME extract the circuit-type bits */ 3010 gen_or(b0, b1); 3011 b0 = gen_proto(ISIS_L2_LSP, Q_ISIS, Q_DEFAULT); 3012 gen_or(b0, b1); 3013 b0 = gen_proto(ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT); 3014 gen_or(b0, b1); 3015 b0 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT); 3016 gen_or(b0, b1); 3017 break; 3018 3019 case Q_ISIS_IIH: /* all IS-IS Hello PDU-Types */ 3020 b0 = gen_proto(ISIS_L1_LAN_IIH, Q_ISIS, Q_DEFAULT); 3021 b1 = gen_proto(ISIS_L2_LAN_IIH, Q_ISIS, Q_DEFAULT); 3022 gen_or(b0, b1); 3023 b0 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT); 3024 gen_or(b0, b1); 3025 break; 3026 3027 case Q_ISIS_LSP: 3028 b0 = gen_proto(ISIS_L1_LSP, Q_ISIS, Q_DEFAULT); 3029 b1 = gen_proto(ISIS_L2_LSP, Q_ISIS, Q_DEFAULT); 3030 gen_or(b0, b1); 3031 break; 3032 3033 case Q_ISIS_SNP: 3034 b0 = gen_proto(ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT); 3035 b1 = gen_proto(ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT); 3036 gen_or(b0, b1); 3037 b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT); 3038 gen_or(b0, b1); 3039 b0 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT); 3040 gen_or(b0, b1); 3041 break; 3042 3043 case Q_ISIS_CSNP: 3044 b0 = gen_proto(ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT); 3045 b1 = gen_proto(ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT); 3046 gen_or(b0, b1); 3047 break; 3048 3049 case Q_ISIS_PSNP: 3050 b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT); 3051 b1 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT); 3052 gen_or(b0, b1); 3053 break; 3054 3055 case Q_CLNP: 3056 b1 = gen_proto(ISO8473_CLNP, Q_ISO, Q_DEFAULT); 3057 break; 3058 3059 case Q_STP: 3060 b1 = gen_linktype(LLCSAP_8021D); 3061 break; 3062 3063 case Q_IPX: 3064 b1 = gen_linktype(LLCSAP_IPX); 3065 break; 3066 3067 case Q_NETBEUI: 3068 b1 = gen_linktype(LLCSAP_NETBEUI); 3069 break; 3070 3071 default: 3072 abort(); 3073 } 3074 return b1; 3075 } 3076 3077 static struct block * 3078 gen_ipfrag() 3079 { 3080 struct slist *s; 3081 struct block *b; 3082 3083 /* not ip frag */ 3084 s = new_stmt(BPF_LD|BPF_H|BPF_ABS); 3085 s->s.k = off_nl + 6; 3086 b = new_block(JMP(BPF_JSET)); 3087 b->s.k = 0x1fff; 3088 b->stmts = s; 3089 gen_not(b); 3090 3091 return b; 3092 } 3093 3094 static struct block * 3095 gen_portatom(off, v) 3096 int off; 3097 bpf_int32 v; 3098 { 3099 struct slist *s; 3100 struct block *b; 3101 3102 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 3103 s->s.k = off_nl; 3104 3105 s->next = new_stmt(BPF_LD|BPF_IND|BPF_H); 3106 s->next->s.k = off_nl + off; 3107 3108 b = new_block(JMP(BPF_JEQ)); 3109 b->stmts = s; 3110 b->s.k = v; 3111 3112 return b; 3113 } 3114 3115 #ifdef INET6 3116 static struct block * 3117 gen_portatom6(off, v) 3118 int off; 3119 bpf_int32 v; 3120 { 3121 return gen_cmp(off_nl + 40 + off, BPF_H, v); 3122 } 3123 #endif/*INET6*/ 3124 3125 struct block * 3126 gen_portop(port, proto, dir) 3127 int port, proto, dir; 3128 { 3129 struct block *b0, *b1, *tmp; 3130 3131 /* ip proto 'proto' */ 3132 tmp = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)proto); 3133 b0 = gen_ipfrag(); 3134 gen_and(tmp, b0); 3135 3136 switch (dir) { 3137 case Q_SRC: 3138 b1 = gen_portatom(0, (bpf_int32)port); 3139 break; 3140 3141 case Q_DST: 3142 b1 = gen_portatom(2, (bpf_int32)port); 3143 break; 3144 3145 case Q_OR: 3146 case Q_DEFAULT: 3147 tmp = gen_portatom(0, (bpf_int32)port); 3148 b1 = gen_portatom(2, (bpf_int32)port); 3149 gen_or(tmp, b1); 3150 break; 3151 3152 case Q_AND: 3153 tmp = gen_portatom(0, (bpf_int32)port); 3154 b1 = gen_portatom(2, (bpf_int32)port); 3155 gen_and(tmp, b1); 3156 break; 3157 3158 default: 3159 abort(); 3160 } 3161 gen_and(b0, b1); 3162 3163 return b1; 3164 } 3165 3166 static struct block * 3167 gen_port(port, ip_proto, dir) 3168 int port; 3169 int ip_proto; 3170 int dir; 3171 { 3172 struct block *b0, *b1, *tmp; 3173 3174 /* 3175 * ether proto ip 3176 * 3177 * For FDDI, RFC 1188 says that SNAP encapsulation is used, 3178 * not LLC encapsulation with LLCSAP_IP. 3179 * 3180 * For IEEE 802 networks - which includes 802.5 token ring 3181 * (which is what DLT_IEEE802 means) and 802.11 - RFC 1042 3182 * says that SNAP encapsulation is used, not LLC encapsulation 3183 * with LLCSAP_IP. 3184 * 3185 * For LLC-encapsulated ATM/"Classical IP", RFC 1483 and 3186 * RFC 2225 say that SNAP encapsulation is used, not LLC 3187 * encapsulation with LLCSAP_IP. 3188 * 3189 * So we always check for ETHERTYPE_IP. 3190 */ 3191 b0 = gen_linktype(ETHERTYPE_IP); 3192 3193 switch (ip_proto) { 3194 case IPPROTO_UDP: 3195 case IPPROTO_TCP: 3196 case IPPROTO_SCTP: 3197 b1 = gen_portop(port, ip_proto, dir); 3198 break; 3199 3200 case PROTO_UNDEF: 3201 tmp = gen_portop(port, IPPROTO_TCP, dir); 3202 b1 = gen_portop(port, IPPROTO_UDP, dir); 3203 gen_or(tmp, b1); 3204 tmp = gen_portop(port, IPPROTO_SCTP, dir); 3205 gen_or(tmp, b1); 3206 break; 3207 3208 default: 3209 abort(); 3210 } 3211 gen_and(b0, b1); 3212 return b1; 3213 } 3214 3215 #ifdef INET6 3216 struct block * 3217 gen_portop6(port, proto, dir) 3218 int port, proto, dir; 3219 { 3220 struct block *b0, *b1, *tmp; 3221 3222 /* ip proto 'proto' */ 3223 b0 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)proto); 3224 3225 switch (dir) { 3226 case Q_SRC: 3227 b1 = gen_portatom6(0, (bpf_int32)port); 3228 break; 3229 3230 case Q_DST: 3231 b1 = gen_portatom6(2, (bpf_int32)port); 3232 break; 3233 3234 case Q_OR: 3235 case Q_DEFAULT: 3236 tmp = gen_portatom6(0, (bpf_int32)port); 3237 b1 = gen_portatom6(2, (bpf_int32)port); 3238 gen_or(tmp, b1); 3239 break; 3240 3241 case Q_AND: 3242 tmp = gen_portatom6(0, (bpf_int32)port); 3243 b1 = gen_portatom6(2, (bpf_int32)port); 3244 gen_and(tmp, b1); 3245 break; 3246 3247 default: 3248 abort(); 3249 } 3250 gen_and(b0, b1); 3251 3252 return b1; 3253 } 3254 3255 static struct block * 3256 gen_port6(port, ip_proto, dir) 3257 int port; 3258 int ip_proto; 3259 int dir; 3260 { 3261 struct block *b0, *b1, *tmp; 3262 3263 /* ether proto ip */ 3264 b0 = gen_linktype(ETHERTYPE_IPV6); 3265 3266 switch (ip_proto) { 3267 case IPPROTO_UDP: 3268 case IPPROTO_TCP: 3269 case IPPROTO_SCTP: 3270 b1 = gen_portop6(port, ip_proto, dir); 3271 break; 3272 3273 case PROTO_UNDEF: 3274 tmp = gen_portop6(port, IPPROTO_TCP, dir); 3275 b1 = gen_portop6(port, IPPROTO_UDP, dir); 3276 gen_or(tmp, b1); 3277 tmp = gen_portop6(port, IPPROTO_SCTP, dir); 3278 gen_or(tmp, b1); 3279 break; 3280 3281 default: 3282 abort(); 3283 } 3284 gen_and(b0, b1); 3285 return b1; 3286 } 3287 #endif /* INET6 */ 3288 3289 static int 3290 lookup_proto(name, proto) 3291 register const char *name; 3292 register int proto; 3293 { 3294 register int v; 3295 3296 switch (proto) { 3297 3298 case Q_DEFAULT: 3299 case Q_IP: 3300 case Q_IPV6: 3301 v = pcap_nametoproto(name); 3302 if (v == PROTO_UNDEF) 3303 bpf_error("unknown ip proto '%s'", name); 3304 break; 3305 3306 case Q_LINK: 3307 /* XXX should look up h/w protocol type based on linktype */ 3308 v = pcap_nametoeproto(name); 3309 if (v == PROTO_UNDEF) 3310 bpf_error("unknown ether proto '%s'", name); 3311 break; 3312 3313 case Q_ISO: 3314 if (strcmp(name, "esis") == 0) 3315 v = ISO9542_ESIS; 3316 else if (strcmp(name, "isis") == 0) 3317 v = ISO10589_ISIS; 3318 else if (strcmp(name, "clnp") == 0) 3319 v = ISO8473_CLNP; 3320 else 3321 bpf_error("unknown osi proto '%s'", name); 3322 break; 3323 3324 default: 3325 v = PROTO_UNDEF; 3326 break; 3327 } 3328 return v; 3329 } 3330 3331 #if 0 3332 struct stmt * 3333 gen_joinsp(s, n) 3334 struct stmt **s; 3335 int n; 3336 { 3337 return NULL; 3338 } 3339 #endif 3340 3341 static struct block * 3342 gen_protochain(v, proto, dir) 3343 int v; 3344 int proto; 3345 int dir; 3346 { 3347 #ifdef NO_PROTOCHAIN 3348 return gen_proto(v, proto, dir); 3349 #else 3350 struct block *b0, *b; 3351 struct slist *s[100]; 3352 int fix2, fix3, fix4, fix5; 3353 int ahcheck, again, end; 3354 int i, max; 3355 int reg2 = alloc_reg(); 3356 3357 memset(s, 0, sizeof(s)); 3358 fix2 = fix3 = fix4 = fix5 = 0; 3359 3360 switch (proto) { 3361 case Q_IP: 3362 case Q_IPV6: 3363 break; 3364 case Q_DEFAULT: 3365 b0 = gen_protochain(v, Q_IP, dir); 3366 b = gen_protochain(v, Q_IPV6, dir); 3367 gen_or(b0, b); 3368 return b; 3369 default: 3370 bpf_error("bad protocol applied for 'protochain'"); 3371 /*NOTREACHED*/ 3372 } 3373 3374 no_optimize = 1; /*this code is not compatible with optimzer yet */ 3375 3376 /* 3377 * s[0] is a dummy entry to protect other BPF insn from damaged 3378 * by s[fix] = foo with uninitialized variable "fix". It is somewhat 3379 * hard to find interdependency made by jump table fixup. 3380 */ 3381 i = 0; 3382 s[i] = new_stmt(0); /*dummy*/ 3383 i++; 3384 3385 switch (proto) { 3386 case Q_IP: 3387 b0 = gen_linktype(ETHERTYPE_IP); 3388 3389 /* A = ip->ip_p */ 3390 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B); 3391 s[i]->s.k = off_nl + 9; 3392 i++; 3393 /* X = ip->ip_hl << 2 */ 3394 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 3395 s[i]->s.k = off_nl; 3396 i++; 3397 break; 3398 #ifdef INET6 3399 case Q_IPV6: 3400 b0 = gen_linktype(ETHERTYPE_IPV6); 3401 3402 /* A = ip6->ip_nxt */ 3403 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B); 3404 s[i]->s.k = off_nl + 6; 3405 i++; 3406 /* X = sizeof(struct ip6_hdr) */ 3407 s[i] = new_stmt(BPF_LDX|BPF_IMM); 3408 s[i]->s.k = 40; 3409 i++; 3410 break; 3411 #endif 3412 default: 3413 bpf_error("unsupported proto to gen_protochain"); 3414 /*NOTREACHED*/ 3415 } 3416 3417 /* again: if (A == v) goto end; else fall through; */ 3418 again = i; 3419 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 3420 s[i]->s.k = v; 3421 s[i]->s.jt = NULL; /*later*/ 3422 s[i]->s.jf = NULL; /*update in next stmt*/ 3423 fix5 = i; 3424 i++; 3425 3426 #ifndef IPPROTO_NONE 3427 #define IPPROTO_NONE 59 3428 #endif 3429 /* if (A == IPPROTO_NONE) goto end */ 3430 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 3431 s[i]->s.jt = NULL; /*later*/ 3432 s[i]->s.jf = NULL; /*update in next stmt*/ 3433 s[i]->s.k = IPPROTO_NONE; 3434 s[fix5]->s.jf = s[i]; 3435 fix2 = i; 3436 i++; 3437 3438 #ifdef INET6 3439 if (proto == Q_IPV6) { 3440 int v6start, v6end, v6advance, j; 3441 3442 v6start = i; 3443 /* if (A == IPPROTO_HOPOPTS) goto v6advance */ 3444 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 3445 s[i]->s.jt = NULL; /*later*/ 3446 s[i]->s.jf = NULL; /*update in next stmt*/ 3447 s[i]->s.k = IPPROTO_HOPOPTS; 3448 s[fix2]->s.jf = s[i]; 3449 i++; 3450 /* if (A == IPPROTO_DSTOPTS) goto v6advance */ 3451 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 3452 s[i]->s.jt = NULL; /*later*/ 3453 s[i]->s.jf = NULL; /*update in next stmt*/ 3454 s[i]->s.k = IPPROTO_DSTOPTS; 3455 i++; 3456 /* if (A == IPPROTO_ROUTING) goto v6advance */ 3457 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 3458 s[i]->s.jt = NULL; /*later*/ 3459 s[i]->s.jf = NULL; /*update in next stmt*/ 3460 s[i]->s.k = IPPROTO_ROUTING; 3461 i++; 3462 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */ 3463 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 3464 s[i]->s.jt = NULL; /*later*/ 3465 s[i]->s.jf = NULL; /*later*/ 3466 s[i]->s.k = IPPROTO_FRAGMENT; 3467 fix3 = i; 3468 v6end = i; 3469 i++; 3470 3471 /* v6advance: */ 3472 v6advance = i; 3473 3474 /* 3475 * in short, 3476 * A = P[X]; 3477 * X = X + (P[X + 1] + 1) * 8; 3478 */ 3479 /* A = X */ 3480 s[i] = new_stmt(BPF_MISC|BPF_TXA); 3481 i++; 3482 /* A = P[X + packet head] */ 3483 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 3484 s[i]->s.k = off_nl; 3485 i++; 3486 /* MEM[reg2] = A */ 3487 s[i] = new_stmt(BPF_ST); 3488 s[i]->s.k = reg2; 3489 i++; 3490 /* A = X */ 3491 s[i] = new_stmt(BPF_MISC|BPF_TXA); 3492 i++; 3493 /* A += 1 */ 3494 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 3495 s[i]->s.k = 1; 3496 i++; 3497 /* X = A */ 3498 s[i] = new_stmt(BPF_MISC|BPF_TAX); 3499 i++; 3500 /* A = P[X + packet head]; */ 3501 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 3502 s[i]->s.k = off_nl; 3503 i++; 3504 /* A += 1 */ 3505 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 3506 s[i]->s.k = 1; 3507 i++; 3508 /* A *= 8 */ 3509 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K); 3510 s[i]->s.k = 8; 3511 i++; 3512 /* X = A; */ 3513 s[i] = new_stmt(BPF_MISC|BPF_TAX); 3514 i++; 3515 /* A = MEM[reg2] */ 3516 s[i] = new_stmt(BPF_LD|BPF_MEM); 3517 s[i]->s.k = reg2; 3518 i++; 3519 3520 /* goto again; (must use BPF_JA for backward jump) */ 3521 s[i] = new_stmt(BPF_JMP|BPF_JA); 3522 s[i]->s.k = again - i - 1; 3523 s[i - 1]->s.jf = s[i]; 3524 i++; 3525 3526 /* fixup */ 3527 for (j = v6start; j <= v6end; j++) 3528 s[j]->s.jt = s[v6advance]; 3529 } else 3530 #endif 3531 { 3532 /* nop */ 3533 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 3534 s[i]->s.k = 0; 3535 s[fix2]->s.jf = s[i]; 3536 i++; 3537 } 3538 3539 /* ahcheck: */ 3540 ahcheck = i; 3541 /* if (A == IPPROTO_AH) then fall through; else goto end; */ 3542 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 3543 s[i]->s.jt = NULL; /*later*/ 3544 s[i]->s.jf = NULL; /*later*/ 3545 s[i]->s.k = IPPROTO_AH; 3546 if (fix3) 3547 s[fix3]->s.jf = s[ahcheck]; 3548 fix4 = i; 3549 i++; 3550 3551 /* 3552 * in short, 3553 * A = P[X]; 3554 * X = X + (P[X + 1] + 2) * 4; 3555 */ 3556 /* A = X */ 3557 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA); 3558 i++; 3559 /* A = P[X + packet head]; */ 3560 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 3561 s[i]->s.k = off_nl; 3562 i++; 3563 /* MEM[reg2] = A */ 3564 s[i] = new_stmt(BPF_ST); 3565 s[i]->s.k = reg2; 3566 i++; 3567 /* A = X */ 3568 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA); 3569 i++; 3570 /* A += 1 */ 3571 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 3572 s[i]->s.k = 1; 3573 i++; 3574 /* X = A */ 3575 s[i] = new_stmt(BPF_MISC|BPF_TAX); 3576 i++; 3577 /* A = P[X + packet head] */ 3578 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 3579 s[i]->s.k = off_nl; 3580 i++; 3581 /* A += 2 */ 3582 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 3583 s[i]->s.k = 2; 3584 i++; 3585 /* A *= 4 */ 3586 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K); 3587 s[i]->s.k = 4; 3588 i++; 3589 /* X = A; */ 3590 s[i] = new_stmt(BPF_MISC|BPF_TAX); 3591 i++; 3592 /* A = MEM[reg2] */ 3593 s[i] = new_stmt(BPF_LD|BPF_MEM); 3594 s[i]->s.k = reg2; 3595 i++; 3596 3597 /* goto again; (must use BPF_JA for backward jump) */ 3598 s[i] = new_stmt(BPF_JMP|BPF_JA); 3599 s[i]->s.k = again - i - 1; 3600 i++; 3601 3602 /* end: nop */ 3603 end = i; 3604 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 3605 s[i]->s.k = 0; 3606 s[fix2]->s.jt = s[end]; 3607 s[fix4]->s.jf = s[end]; 3608 s[fix5]->s.jt = s[end]; 3609 i++; 3610 3611 /* 3612 * make slist chain 3613 */ 3614 max = i; 3615 for (i = 0; i < max - 1; i++) 3616 s[i]->next = s[i + 1]; 3617 s[max - 1]->next = NULL; 3618 3619 /* 3620 * emit final check 3621 */ 3622 b = new_block(JMP(BPF_JEQ)); 3623 b->stmts = s[1]; /*remember, s[0] is dummy*/ 3624 b->s.k = v; 3625 3626 free_reg(reg2); 3627 3628 gen_and(b0, b); 3629 return b; 3630 #endif 3631 } 3632 3633 static struct block * 3634 gen_proto(v, proto, dir) 3635 int v; 3636 int proto; 3637 int dir; 3638 { 3639 struct block *b0, *b1; 3640 3641 if (dir != Q_DEFAULT) 3642 bpf_error("direction applied to 'proto'"); 3643 3644 switch (proto) { 3645 case Q_DEFAULT: 3646 #ifdef INET6 3647 b0 = gen_proto(v, Q_IP, dir); 3648 b1 = gen_proto(v, Q_IPV6, dir); 3649 gen_or(b0, b1); 3650 return b1; 3651 #else 3652 /*FALLTHROUGH*/ 3653 #endif 3654 case Q_IP: 3655 /* 3656 * For FDDI, RFC 1188 says that SNAP encapsulation is used, 3657 * not LLC encapsulation with LLCSAP_IP. 3658 * 3659 * For IEEE 802 networks - which includes 802.5 token ring 3660 * (which is what DLT_IEEE802 means) and 802.11 - RFC 1042 3661 * says that SNAP encapsulation is used, not LLC encapsulation 3662 * with LLCSAP_IP. 3663 * 3664 * For LLC-encapsulated ATM/"Classical IP", RFC 1483 and 3665 * RFC 2225 say that SNAP encapsulation is used, not LLC 3666 * encapsulation with LLCSAP_IP. 3667 * 3668 * So we always check for ETHERTYPE_IP. 3669 */ 3670 b0 = gen_linktype(ETHERTYPE_IP); 3671 #ifndef CHASE_CHAIN 3672 b1 = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)v); 3673 #else 3674 b1 = gen_protochain(v, Q_IP); 3675 #endif 3676 gen_and(b0, b1); 3677 return b1; 3678 3679 case Q_ISO: 3680 switch (linktype) { 3681 3682 case DLT_FRELAY: 3683 /* 3684 * Frame Relay packets typically have an OSI 3685 * NLPID at the beginning; "gen_linktype(LLCSAP_ISONS)" 3686 * generates code to check for all the OSI 3687 * NLPIDs, so calling it and then adding a check 3688 * for the particular NLPID for which we're 3689 * looking is bogus, as we can just check for 3690 * the NLPID. 3691 * 3692 * What we check for is the NLPID and a frame 3693 * control field value of UI, i.e. 0x03 followed 3694 * by the NLPID. 3695 * 3696 * XXX - assumes a 2-byte Frame Relay header with 3697 * DLCI and flags. What if the address is longer? 3698 * 3699 * XXX - what about SNAP-encapsulated frames? 3700 */ 3701 return gen_cmp(2, BPF_H, (0x03<<8) | v); 3702 break; 3703 3704 case DLT_C_HDLC: 3705 /* 3706 * Cisco uses an Ethertype lookalike - for OSI, 3707 * it's 0xfefe. 3708 */ 3709 b0 = gen_linktype(LLCSAP_ISONS<<8 | LLCSAP_ISONS); 3710 /* OSI in C-HDLC is stuffed with a fudge byte */ 3711 b1 = gen_cmp(off_nl_nosnap+1, BPF_B, (long)v); 3712 gen_and(b0, b1); 3713 return b1; 3714 3715 default: 3716 b0 = gen_linktype(LLCSAP_ISONS); 3717 b1 = gen_cmp(off_nl_nosnap, BPF_B, (long)v); 3718 gen_and(b0, b1); 3719 return b1; 3720 } 3721 3722 case Q_ISIS: 3723 b0 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT); 3724 /* 3725 * 4 is the offset of the PDU type relative to the IS-IS 3726 * header. 3727 */ 3728 b1 = gen_cmp(off_nl_nosnap+4, BPF_B, (long)v); 3729 gen_and(b0, b1); 3730 return b1; 3731 3732 case Q_ARP: 3733 bpf_error("arp does not encapsulate another protocol"); 3734 /* NOTREACHED */ 3735 3736 case Q_RARP: 3737 bpf_error("rarp does not encapsulate another protocol"); 3738 /* NOTREACHED */ 3739 3740 case Q_ATALK: 3741 bpf_error("atalk encapsulation is not specifiable"); 3742 /* NOTREACHED */ 3743 3744 case Q_DECNET: 3745 bpf_error("decnet encapsulation is not specifiable"); 3746 /* NOTREACHED */ 3747 3748 case Q_SCA: 3749 bpf_error("sca does not encapsulate another protocol"); 3750 /* NOTREACHED */ 3751 3752 case Q_LAT: 3753 bpf_error("lat does not encapsulate another protocol"); 3754 /* NOTREACHED */ 3755 3756 case Q_MOPRC: 3757 bpf_error("moprc does not encapsulate another protocol"); 3758 /* NOTREACHED */ 3759 3760 case Q_MOPDL: 3761 bpf_error("mopdl does not encapsulate another protocol"); 3762 /* NOTREACHED */ 3763 3764 case Q_LINK: 3765 return gen_linktype(v); 3766 3767 case Q_UDP: 3768 bpf_error("'udp proto' is bogus"); 3769 /* NOTREACHED */ 3770 3771 case Q_TCP: 3772 bpf_error("'tcp proto' is bogus"); 3773 /* NOTREACHED */ 3774 3775 case Q_SCTP: 3776 bpf_error("'sctp proto' is bogus"); 3777 /* NOTREACHED */ 3778 3779 case Q_ICMP: 3780 bpf_error("'icmp proto' is bogus"); 3781 /* NOTREACHED */ 3782 3783 case Q_IGMP: 3784 bpf_error("'igmp proto' is bogus"); 3785 /* NOTREACHED */ 3786 3787 case Q_IGRP: 3788 bpf_error("'igrp proto' is bogus"); 3789 /* NOTREACHED */ 3790 3791 case Q_PIM: 3792 bpf_error("'pim proto' is bogus"); 3793 /* NOTREACHED */ 3794 3795 case Q_VRRP: 3796 bpf_error("'vrrp proto' is bogus"); 3797 /* NOTREACHED */ 3798 3799 #ifdef INET6 3800 case Q_IPV6: 3801 b0 = gen_linktype(ETHERTYPE_IPV6); 3802 #ifndef CHASE_CHAIN 3803 b1 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)v); 3804 #else 3805 b1 = gen_protochain(v, Q_IPV6); 3806 #endif 3807 gen_and(b0, b1); 3808 return b1; 3809 3810 case Q_ICMPV6: 3811 bpf_error("'icmp6 proto' is bogus"); 3812 #endif /* INET6 */ 3813 3814 case Q_AH: 3815 bpf_error("'ah proto' is bogus"); 3816 3817 case Q_ESP: 3818 bpf_error("'ah proto' is bogus"); 3819 3820 case Q_STP: 3821 bpf_error("'stp proto' is bogus"); 3822 3823 case Q_IPX: 3824 bpf_error("'ipx proto' is bogus"); 3825 3826 case Q_NETBEUI: 3827 bpf_error("'netbeui proto' is bogus"); 3828 3829 default: 3830 abort(); 3831 /* NOTREACHED */ 3832 } 3833 /* NOTREACHED */ 3834 } 3835 3836 struct block * 3837 gen_scode(name, q) 3838 register const char *name; 3839 struct qual q; 3840 { 3841 int proto = q.proto; 3842 int dir = q.dir; 3843 int tproto; 3844 u_char *eaddr; 3845 bpf_u_int32 mask, addr; 3846 #ifndef INET6 3847 bpf_u_int32 **alist; 3848 #else 3849 int tproto6; 3850 struct sockaddr_in *sin; 3851 struct sockaddr_in6 *sin6; 3852 struct addrinfo *res, *res0; 3853 struct in6_addr mask128; 3854 #endif /*INET6*/ 3855 struct block *b, *tmp; 3856 int port, real_proto; 3857 3858 switch (q.addr) { 3859 3860 case Q_NET: 3861 addr = pcap_nametonetaddr(name); 3862 if (addr == 0) 3863 bpf_error("unknown network '%s'", name); 3864 /* Left justify network addr and calculate its network mask */ 3865 mask = 0xffffffff; 3866 while (addr && (addr & 0xff000000) == 0) { 3867 addr <<= 8; 3868 mask <<= 8; 3869 } 3870 return gen_host(addr, mask, proto, dir); 3871 3872 case Q_DEFAULT: 3873 case Q_HOST: 3874 if (proto == Q_LINK) { 3875 switch (linktype) { 3876 3877 case DLT_EN10MB: 3878 eaddr = pcap_ether_hostton(name); 3879 if (eaddr == NULL) 3880 bpf_error( 3881 "unknown ether host '%s'", name); 3882 b = gen_ehostop(eaddr, dir); 3883 free(eaddr); 3884 return b; 3885 3886 case DLT_FDDI: 3887 eaddr = pcap_ether_hostton(name); 3888 if (eaddr == NULL) 3889 bpf_error( 3890 "unknown FDDI host '%s'", name); 3891 b = gen_fhostop(eaddr, dir); 3892 free(eaddr); 3893 return b; 3894 3895 case DLT_IEEE802: 3896 eaddr = pcap_ether_hostton(name); 3897 if (eaddr == NULL) 3898 bpf_error( 3899 "unknown token ring host '%s'", name); 3900 b = gen_thostop(eaddr, dir); 3901 free(eaddr); 3902 return b; 3903 3904 case DLT_IEEE802_11: 3905 eaddr = pcap_ether_hostton(name); 3906 if (eaddr == NULL) 3907 bpf_error( 3908 "unknown 802.11 host '%s'", name); 3909 b = gen_wlanhostop(eaddr, dir); 3910 free(eaddr); 3911 return b; 3912 3913 case DLT_IP_OVER_FC: 3914 eaddr = pcap_ether_hostton(name); 3915 if (eaddr == NULL) 3916 bpf_error( 3917 "unknown Fibre Channel host '%s'", name); 3918 b = gen_ipfchostop(eaddr, dir); 3919 free(eaddr); 3920 return b; 3921 3922 case DLT_SUNATM: 3923 if (!is_lane) 3924 break; 3925 3926 /* 3927 * Check that the packet doesn't begin 3928 * with an LE Control marker. (We've 3929 * already generated a test for LANE.) 3930 */ 3931 tmp = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 3932 0xFF00); 3933 gen_not(tmp); 3934 3935 eaddr = pcap_ether_hostton(name); 3936 if (eaddr == NULL) 3937 bpf_error( 3938 "unknown ether host '%s'", name); 3939 b = gen_ehostop(eaddr, dir); 3940 gen_and(tmp, b); 3941 free(eaddr); 3942 return b; 3943 } 3944 3945 bpf_error("only ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel supports link-level host name"); 3946 } else if (proto == Q_DECNET) { 3947 unsigned short dn_addr = __pcap_nametodnaddr(name); 3948 /* 3949 * I don't think DECNET hosts can be multihomed, so 3950 * there is no need to build up a list of addresses 3951 */ 3952 return (gen_host(dn_addr, 0, proto, dir)); 3953 } else { 3954 #ifndef INET6 3955 alist = pcap_nametoaddr(name); 3956 if (alist == NULL || *alist == NULL) 3957 bpf_error("unknown host '%s'", name); 3958 tproto = proto; 3959 if (off_linktype == (u_int)-1 && tproto == Q_DEFAULT) 3960 tproto = Q_IP; 3961 b = gen_host(**alist++, 0xffffffff, tproto, dir); 3962 while (*alist) { 3963 tmp = gen_host(**alist++, 0xffffffff, 3964 tproto, dir); 3965 gen_or(b, tmp); 3966 b = tmp; 3967 } 3968 return b; 3969 #else 3970 memset(&mask128, 0xff, sizeof(mask128)); 3971 res0 = res = pcap_nametoaddrinfo(name); 3972 if (res == NULL) 3973 bpf_error("unknown host '%s'", name); 3974 b = tmp = NULL; 3975 tproto = tproto6 = proto; 3976 if (off_linktype == -1 && tproto == Q_DEFAULT) { 3977 tproto = Q_IP; 3978 tproto6 = Q_IPV6; 3979 } 3980 for (res = res0; res; res = res->ai_next) { 3981 switch (res->ai_family) { 3982 case AF_INET: 3983 if (tproto == Q_IPV6) 3984 continue; 3985 3986 sin = (struct sockaddr_in *) 3987 res->ai_addr; 3988 tmp = gen_host(ntohl(sin->sin_addr.s_addr), 3989 0xffffffff, tproto, dir); 3990 break; 3991 case AF_INET6: 3992 if (tproto6 == Q_IP) 3993 continue; 3994 3995 sin6 = (struct sockaddr_in6 *) 3996 res->ai_addr; 3997 tmp = gen_host6(&sin6->sin6_addr, 3998 &mask128, tproto6, dir); 3999 break; 4000 default: 4001 continue; 4002 } 4003 if (b) 4004 gen_or(b, tmp); 4005 b = tmp; 4006 } 4007 freeaddrinfo(res0); 4008 if (b == NULL) { 4009 bpf_error("unknown host '%s'%s", name, 4010 (proto == Q_DEFAULT) 4011 ? "" 4012 : " for specified address family"); 4013 } 4014 return b; 4015 #endif /*INET6*/ 4016 } 4017 4018 case Q_PORT: 4019 if (proto != Q_DEFAULT && 4020 proto != Q_UDP && proto != Q_TCP && proto != Q_SCTP) 4021 bpf_error("illegal qualifier of 'port'"); 4022 if (pcap_nametoport(name, &port, &real_proto) == 0) 4023 bpf_error("unknown port '%s'", name); 4024 if (proto == Q_UDP) { 4025 if (real_proto == IPPROTO_TCP) 4026 bpf_error("port '%s' is tcp", name); 4027 else if (real_proto == IPPROTO_SCTP) 4028 bpf_error("port '%s' is sctp", name); 4029 else 4030 /* override PROTO_UNDEF */ 4031 real_proto = IPPROTO_UDP; 4032 } 4033 if (proto == Q_TCP) { 4034 if (real_proto == IPPROTO_UDP) 4035 bpf_error("port '%s' is udp", name); 4036 4037 else if (real_proto == IPPROTO_SCTP) 4038 bpf_error("port '%s' is sctp", name); 4039 else 4040 /* override PROTO_UNDEF */ 4041 real_proto = IPPROTO_TCP; 4042 } 4043 if (proto == Q_SCTP) { 4044 if (real_proto == IPPROTO_UDP) 4045 bpf_error("port '%s' is udp", name); 4046 4047 else if (real_proto == IPPROTO_TCP) 4048 bpf_error("port '%s' is tcp", name); 4049 else 4050 /* override PROTO_UNDEF */ 4051 real_proto = IPPROTO_SCTP; 4052 } 4053 #ifndef INET6 4054 return gen_port(port, real_proto, dir); 4055 #else 4056 { 4057 struct block *b; 4058 b = gen_port(port, real_proto, dir); 4059 gen_or(gen_port6(port, real_proto, dir), b); 4060 return b; 4061 } 4062 #endif /* INET6 */ 4063 4064 case Q_GATEWAY: 4065 #ifndef INET6 4066 eaddr = pcap_ether_hostton(name); 4067 if (eaddr == NULL) 4068 bpf_error("unknown ether host: %s", name); 4069 4070 alist = pcap_nametoaddr(name); 4071 if (alist == NULL || *alist == NULL) 4072 bpf_error("unknown host '%s'", name); 4073 b = gen_gateway(eaddr, alist, proto, dir); 4074 free(eaddr); 4075 return b; 4076 #else 4077 bpf_error("'gateway' not supported in this configuration"); 4078 #endif /*INET6*/ 4079 4080 case Q_PROTO: 4081 real_proto = lookup_proto(name, proto); 4082 if (real_proto >= 0) 4083 return gen_proto(real_proto, proto, dir); 4084 else 4085 bpf_error("unknown protocol: %s", name); 4086 4087 case Q_PROTOCHAIN: 4088 real_proto = lookup_proto(name, proto); 4089 if (real_proto >= 0) 4090 return gen_protochain(real_proto, proto, dir); 4091 else 4092 bpf_error("unknown protocol: %s", name); 4093 4094 4095 case Q_UNDEF: 4096 syntax(); 4097 /* NOTREACHED */ 4098 } 4099 abort(); 4100 /* NOTREACHED */ 4101 } 4102 4103 struct block * 4104 gen_mcode(s1, s2, masklen, q) 4105 register const char *s1, *s2; 4106 register int masklen; 4107 struct qual q; 4108 { 4109 register int nlen, mlen; 4110 bpf_u_int32 n, m; 4111 4112 nlen = __pcap_atoin(s1, &n); 4113 /* Promote short ipaddr */ 4114 n <<= 32 - nlen; 4115 4116 if (s2 != NULL) { 4117 mlen = __pcap_atoin(s2, &m); 4118 /* Promote short ipaddr */ 4119 m <<= 32 - mlen; 4120 if ((n & ~m) != 0) 4121 bpf_error("non-network bits set in \"%s mask %s\"", 4122 s1, s2); 4123 } else { 4124 /* Convert mask len to mask */ 4125 if (masklen > 32) 4126 bpf_error("mask length must be <= 32"); 4127 m = 0xffffffff << (32 - masklen); 4128 if ((n & ~m) != 0) 4129 bpf_error("non-network bits set in \"%s/%d\"", 4130 s1, masklen); 4131 } 4132 4133 switch (q.addr) { 4134 4135 case Q_NET: 4136 return gen_host(n, m, q.proto, q.dir); 4137 4138 default: 4139 bpf_error("Mask syntax for networks only"); 4140 /* NOTREACHED */ 4141 } 4142 } 4143 4144 struct block * 4145 gen_ncode(s, v, q) 4146 register const char *s; 4147 bpf_u_int32 v; 4148 struct qual q; 4149 { 4150 bpf_u_int32 mask; 4151 int proto = q.proto; 4152 int dir = q.dir; 4153 register int vlen; 4154 4155 if (s == NULL) 4156 vlen = 32; 4157 else if (q.proto == Q_DECNET) 4158 vlen = __pcap_atodn(s, &v); 4159 else 4160 vlen = __pcap_atoin(s, &v); 4161 4162 switch (q.addr) { 4163 4164 case Q_DEFAULT: 4165 case Q_HOST: 4166 case Q_NET: 4167 if (proto == Q_DECNET) 4168 return gen_host(v, 0, proto, dir); 4169 else if (proto == Q_LINK) { 4170 bpf_error("illegal link layer address"); 4171 } else { 4172 mask = 0xffffffff; 4173 if (s == NULL && q.addr == Q_NET) { 4174 /* Promote short net number */ 4175 while (v && (v & 0xff000000) == 0) { 4176 v <<= 8; 4177 mask <<= 8; 4178 } 4179 } else { 4180 /* Promote short ipaddr */ 4181 v <<= 32 - vlen; 4182 mask <<= 32 - vlen; 4183 } 4184 return gen_host(v, mask, proto, dir); 4185 } 4186 4187 case Q_PORT: 4188 if (proto == Q_UDP) 4189 proto = IPPROTO_UDP; 4190 else if (proto == Q_TCP) 4191 proto = IPPROTO_TCP; 4192 else if (proto == Q_SCTP) 4193 proto = IPPROTO_SCTP; 4194 else if (proto == Q_DEFAULT) 4195 proto = PROTO_UNDEF; 4196 else 4197 bpf_error("illegal qualifier of 'port'"); 4198 4199 #ifndef INET6 4200 return gen_port((int)v, proto, dir); 4201 #else 4202 { 4203 struct block *b; 4204 b = gen_port((int)v, proto, dir); 4205 gen_or(gen_port6((int)v, proto, dir), b); 4206 return b; 4207 } 4208 #endif /* INET6 */ 4209 4210 case Q_GATEWAY: 4211 bpf_error("'gateway' requires a name"); 4212 /* NOTREACHED */ 4213 4214 case Q_PROTO: 4215 return gen_proto((int)v, proto, dir); 4216 4217 case Q_PROTOCHAIN: 4218 return gen_protochain((int)v, proto, dir); 4219 4220 case Q_UNDEF: 4221 syntax(); 4222 /* NOTREACHED */ 4223 4224 default: 4225 abort(); 4226 /* NOTREACHED */ 4227 } 4228 /* NOTREACHED */ 4229 } 4230 4231 #ifdef INET6 4232 struct block * 4233 gen_mcode6(s1, s2, masklen, q) 4234 register const char *s1, *s2; 4235 register int masklen; 4236 struct qual q; 4237 { 4238 struct addrinfo *res; 4239 struct in6_addr *addr; 4240 struct in6_addr mask; 4241 struct block *b; 4242 u_int32_t *a, *m; 4243 4244 if (s2) 4245 bpf_error("no mask %s supported", s2); 4246 4247 res = pcap_nametoaddrinfo(s1); 4248 if (!res) 4249 bpf_error("invalid ip6 address %s", s1); 4250 if (res->ai_next) 4251 bpf_error("%s resolved to multiple address", s1); 4252 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr; 4253 4254 if (sizeof(mask) * 8 < masklen) 4255 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8)); 4256 memset(&mask, 0, sizeof(mask)); 4257 memset(&mask, 0xff, masklen / 8); 4258 if (masklen % 8) { 4259 mask.s6_addr[masklen / 8] = 4260 (0xff << (8 - masklen % 8)) & 0xff; 4261 } 4262 4263 a = (u_int32_t *)addr; 4264 m = (u_int32_t *)&mask; 4265 if ((a[0] & ~m[0]) || (a[1] & ~m[1]) 4266 || (a[2] & ~m[2]) || (a[3] & ~m[3])) { 4267 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen); 4268 } 4269 4270 switch (q.addr) { 4271 4272 case Q_DEFAULT: 4273 case Q_HOST: 4274 if (masklen != 128) 4275 bpf_error("Mask syntax for networks only"); 4276 /* FALLTHROUGH */ 4277 4278 case Q_NET: 4279 b = gen_host6(addr, &mask, q.proto, q.dir); 4280 freeaddrinfo(res); 4281 return b; 4282 4283 default: 4284 bpf_error("invalid qualifier against IPv6 address"); 4285 /* NOTREACHED */ 4286 } 4287 } 4288 #endif /*INET6*/ 4289 4290 struct block * 4291 gen_ecode(eaddr, q) 4292 register const u_char *eaddr; 4293 struct qual q; 4294 { 4295 struct block *b, *tmp; 4296 4297 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) { 4298 if (linktype == DLT_EN10MB) 4299 return gen_ehostop(eaddr, (int)q.dir); 4300 if (linktype == DLT_FDDI) 4301 return gen_fhostop(eaddr, (int)q.dir); 4302 if (linktype == DLT_IEEE802) 4303 return gen_thostop(eaddr, (int)q.dir); 4304 if (linktype == DLT_IEEE802_11) 4305 return gen_wlanhostop(eaddr, (int)q.dir); 4306 if (linktype == DLT_SUNATM && is_lane) { 4307 /* 4308 * Check that the packet doesn't begin with an 4309 * LE Control marker. (We've already generated 4310 * a test for LANE.) 4311 */ 4312 tmp = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00); 4313 gen_not(tmp); 4314 4315 /* 4316 * Now check the MAC address. 4317 */ 4318 b = gen_ehostop(eaddr, (int)q.dir); 4319 gen_and(tmp, b); 4320 return b; 4321 } 4322 if (linktype == DLT_IP_OVER_FC) 4323 return gen_ipfchostop(eaddr, (int)q.dir); 4324 bpf_error("ethernet addresses supported only on ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel"); 4325 } 4326 bpf_error("ethernet address used in non-ether expression"); 4327 /* NOTREACHED */ 4328 } 4329 4330 void 4331 sappend(s0, s1) 4332 struct slist *s0, *s1; 4333 { 4334 /* 4335 * This is definitely not the best way to do this, but the 4336 * lists will rarely get long. 4337 */ 4338 while (s0->next) 4339 s0 = s0->next; 4340 s0->next = s1; 4341 } 4342 4343 static struct slist * 4344 xfer_to_x(a) 4345 struct arth *a; 4346 { 4347 struct slist *s; 4348 4349 s = new_stmt(BPF_LDX|BPF_MEM); 4350 s->s.k = a->regno; 4351 return s; 4352 } 4353 4354 static struct slist * 4355 xfer_to_a(a) 4356 struct arth *a; 4357 { 4358 struct slist *s; 4359 4360 s = new_stmt(BPF_LD|BPF_MEM); 4361 s->s.k = a->regno; 4362 return s; 4363 } 4364 4365 struct arth * 4366 gen_load(proto, index, size) 4367 int proto; 4368 struct arth *index; 4369 int size; 4370 { 4371 struct slist *s, *tmp; 4372 struct block *b; 4373 int regno = alloc_reg(); 4374 4375 free_reg(index->regno); 4376 switch (size) { 4377 4378 default: 4379 bpf_error("data size must be 1, 2, or 4"); 4380 4381 case 1: 4382 size = BPF_B; 4383 break; 4384 4385 case 2: 4386 size = BPF_H; 4387 break; 4388 4389 case 4: 4390 size = BPF_W; 4391 break; 4392 } 4393 switch (proto) { 4394 default: 4395 bpf_error("unsupported index operation"); 4396 4397 case Q_LINK: 4398 /* 4399 * XXX - what about ATM LANE? Should the index be 4400 * relative to the beginning of the AAL5 frame, so 4401 * that 0 refers to the beginning of the LE Control 4402 * field, or relative to the beginning of the LAN 4403 * frame, so that 0 refers, for Ethernet LANE, to 4404 * the beginning of the destination address? 4405 */ 4406 s = xfer_to_x(index); 4407 tmp = new_stmt(BPF_LD|BPF_IND|size); 4408 sappend(s, tmp); 4409 sappend(index->s, s); 4410 break; 4411 4412 case Q_IP: 4413 case Q_ARP: 4414 case Q_RARP: 4415 case Q_ATALK: 4416 case Q_DECNET: 4417 case Q_SCA: 4418 case Q_LAT: 4419 case Q_MOPRC: 4420 case Q_MOPDL: 4421 #ifdef INET6 4422 case Q_IPV6: 4423 #endif 4424 /* XXX Note that we assume a fixed link header here. */ 4425 s = xfer_to_x(index); 4426 tmp = new_stmt(BPF_LD|BPF_IND|size); 4427 tmp->s.k = off_nl; 4428 sappend(s, tmp); 4429 sappend(index->s, s); 4430 4431 b = gen_proto_abbrev(proto); 4432 if (index->b) 4433 gen_and(index->b, b); 4434 index->b = b; 4435 break; 4436 4437 case Q_SCTP: 4438 case Q_TCP: 4439 case Q_UDP: 4440 case Q_ICMP: 4441 case Q_IGMP: 4442 case Q_IGRP: 4443 case Q_PIM: 4444 case Q_VRRP: 4445 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 4446 s->s.k = off_nl; 4447 sappend(s, xfer_to_a(index)); 4448 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X)); 4449 sappend(s, new_stmt(BPF_MISC|BPF_TAX)); 4450 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size)); 4451 tmp->s.k = off_nl; 4452 sappend(index->s, s); 4453 4454 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag()); 4455 if (index->b) 4456 gen_and(index->b, b); 4457 #ifdef INET6 4458 gen_and(gen_proto_abbrev(Q_IP), b); 4459 #endif 4460 index->b = b; 4461 break; 4462 #ifdef INET6 4463 case Q_ICMPV6: 4464 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]"); 4465 /*NOTREACHED*/ 4466 #endif 4467 } 4468 index->regno = regno; 4469 s = new_stmt(BPF_ST); 4470 s->s.k = regno; 4471 sappend(index->s, s); 4472 4473 return index; 4474 } 4475 4476 struct block * 4477 gen_relation(code, a0, a1, reversed) 4478 int code; 4479 struct arth *a0, *a1; 4480 int reversed; 4481 { 4482 struct slist *s0, *s1, *s2; 4483 struct block *b, *tmp; 4484 4485 s0 = xfer_to_x(a1); 4486 s1 = xfer_to_a(a0); 4487 if (code == BPF_JEQ) { 4488 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X); 4489 b = new_block(JMP(code)); 4490 sappend(s1, s2); 4491 } 4492 else 4493 b = new_block(BPF_JMP|code|BPF_X); 4494 if (reversed) 4495 gen_not(b); 4496 4497 sappend(s0, s1); 4498 sappend(a1->s, s0); 4499 sappend(a0->s, a1->s); 4500 4501 b->stmts = a0->s; 4502 4503 free_reg(a0->regno); 4504 free_reg(a1->regno); 4505 4506 /* 'and' together protocol checks */ 4507 if (a0->b) { 4508 if (a1->b) { 4509 gen_and(a0->b, tmp = a1->b); 4510 } 4511 else 4512 tmp = a0->b; 4513 } else 4514 tmp = a1->b; 4515 4516 if (tmp) 4517 gen_and(tmp, b); 4518 4519 return b; 4520 } 4521 4522 struct arth * 4523 gen_loadlen() 4524 { 4525 int regno = alloc_reg(); 4526 struct arth *a = (struct arth *)newchunk(sizeof(*a)); 4527 struct slist *s; 4528 4529 s = new_stmt(BPF_LD|BPF_LEN); 4530 s->next = new_stmt(BPF_ST); 4531 s->next->s.k = regno; 4532 a->s = s; 4533 a->regno = regno; 4534 4535 return a; 4536 } 4537 4538 struct arth * 4539 gen_loadi(val) 4540 int val; 4541 { 4542 struct arth *a; 4543 struct slist *s; 4544 int reg; 4545 4546 a = (struct arth *)newchunk(sizeof(*a)); 4547 4548 reg = alloc_reg(); 4549 4550 s = new_stmt(BPF_LD|BPF_IMM); 4551 s->s.k = val; 4552 s->next = new_stmt(BPF_ST); 4553 s->next->s.k = reg; 4554 a->s = s; 4555 a->regno = reg; 4556 4557 return a; 4558 } 4559 4560 struct arth * 4561 gen_neg(a) 4562 struct arth *a; 4563 { 4564 struct slist *s; 4565 4566 s = xfer_to_a(a); 4567 sappend(a->s, s); 4568 s = new_stmt(BPF_ALU|BPF_NEG); 4569 s->s.k = 0; 4570 sappend(a->s, s); 4571 s = new_stmt(BPF_ST); 4572 s->s.k = a->regno; 4573 sappend(a->s, s); 4574 4575 return a; 4576 } 4577 4578 struct arth * 4579 gen_arth(code, a0, a1) 4580 int code; 4581 struct arth *a0, *a1; 4582 { 4583 struct slist *s0, *s1, *s2; 4584 4585 s0 = xfer_to_x(a1); 4586 s1 = xfer_to_a(a0); 4587 s2 = new_stmt(BPF_ALU|BPF_X|code); 4588 4589 sappend(s1, s2); 4590 sappend(s0, s1); 4591 sappend(a1->s, s0); 4592 sappend(a0->s, a1->s); 4593 4594 free_reg(a0->regno); 4595 free_reg(a1->regno); 4596 4597 s0 = new_stmt(BPF_ST); 4598 a0->regno = s0->s.k = alloc_reg(); 4599 sappend(a0->s, s0); 4600 4601 return a0; 4602 } 4603 4604 /* 4605 * Here we handle simple allocation of the scratch registers. 4606 * If too many registers are alloc'd, the allocator punts. 4607 */ 4608 static int regused[BPF_MEMWORDS]; 4609 static int curreg; 4610 4611 /* 4612 * Return the next free register. 4613 */ 4614 static int 4615 alloc_reg() 4616 { 4617 int n = BPF_MEMWORDS; 4618 4619 while (--n >= 0) { 4620 if (regused[curreg]) 4621 curreg = (curreg + 1) % BPF_MEMWORDS; 4622 else { 4623 regused[curreg] = 1; 4624 return curreg; 4625 } 4626 } 4627 bpf_error("too many registers needed to evaluate expression"); 4628 /* NOTREACHED */ 4629 } 4630 4631 /* 4632 * Return a register to the table so it can 4633 * be used later. 4634 */ 4635 static void 4636 free_reg(n) 4637 int n; 4638 { 4639 regused[n] = 0; 4640 } 4641 4642 static struct block * 4643 gen_len(jmp, n) 4644 int jmp, n; 4645 { 4646 struct slist *s; 4647 struct block *b; 4648 4649 s = new_stmt(BPF_LD|BPF_LEN); 4650 b = new_block(JMP(jmp)); 4651 b->stmts = s; 4652 b->s.k = n; 4653 4654 return b; 4655 } 4656 4657 struct block * 4658 gen_greater(n) 4659 int n; 4660 { 4661 return gen_len(BPF_JGE, n); 4662 } 4663 4664 /* 4665 * Actually, this is less than or equal. 4666 */ 4667 struct block * 4668 gen_less(n) 4669 int n; 4670 { 4671 struct block *b; 4672 4673 b = gen_len(BPF_JGT, n); 4674 gen_not(b); 4675 4676 return b; 4677 } 4678 4679 struct block * 4680 gen_byteop(op, idx, val) 4681 int op, idx, val; 4682 { 4683 struct block *b; 4684 struct slist *s; 4685 4686 switch (op) { 4687 default: 4688 abort(); 4689 4690 case '=': 4691 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 4692 4693 case '<': 4694 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 4695 b->s.code = JMP(BPF_JGE); 4696 gen_not(b); 4697 return b; 4698 4699 case '>': 4700 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 4701 b->s.code = JMP(BPF_JGT); 4702 return b; 4703 4704 case '|': 4705 s = new_stmt(BPF_ALU|BPF_OR|BPF_K); 4706 break; 4707 4708 case '&': 4709 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 4710 break; 4711 } 4712 s->s.k = val; 4713 b = new_block(JMP(BPF_JEQ)); 4714 b->stmts = s; 4715 gen_not(b); 4716 4717 return b; 4718 } 4719 4720 static u_char abroadcast[] = { 0x0 }; 4721 4722 struct block * 4723 gen_broadcast(proto) 4724 int proto; 4725 { 4726 bpf_u_int32 hostmask; 4727 struct block *b0, *b1, *b2; 4728 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 4729 4730 switch (proto) { 4731 4732 case Q_DEFAULT: 4733 case Q_LINK: 4734 if (linktype == DLT_ARCNET || linktype == DLT_ARCNET_LINUX) 4735 return gen_ahostop(abroadcast, Q_DST); 4736 if (linktype == DLT_EN10MB) 4737 return gen_ehostop(ebroadcast, Q_DST); 4738 if (linktype == DLT_FDDI) 4739 return gen_fhostop(ebroadcast, Q_DST); 4740 if (linktype == DLT_IEEE802) 4741 return gen_thostop(ebroadcast, Q_DST); 4742 if (linktype == DLT_IEEE802_11) 4743 return gen_wlanhostop(ebroadcast, Q_DST); 4744 if (linktype == DLT_IP_OVER_FC) 4745 return gen_ipfchostop(ebroadcast, Q_DST); 4746 if (linktype == DLT_SUNATM && is_lane) { 4747 /* 4748 * Check that the packet doesn't begin with an 4749 * LE Control marker. (We've already generated 4750 * a test for LANE.) 4751 */ 4752 b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00); 4753 gen_not(b1); 4754 4755 /* 4756 * Now check the MAC address. 4757 */ 4758 b0 = gen_ehostop(ebroadcast, Q_DST); 4759 gen_and(b1, b0); 4760 return b0; 4761 } 4762 bpf_error("not a broadcast link"); 4763 break; 4764 4765 case Q_IP: 4766 b0 = gen_linktype(ETHERTYPE_IP); 4767 hostmask = ~netmask; 4768 b1 = gen_mcmp(off_nl + 16, BPF_W, (bpf_int32)0, hostmask); 4769 b2 = gen_mcmp(off_nl + 16, BPF_W, 4770 (bpf_int32)(~0 & hostmask), hostmask); 4771 gen_or(b1, b2); 4772 gen_and(b0, b2); 4773 return b2; 4774 } 4775 bpf_error("only link-layer/IP broadcast filters supported"); 4776 } 4777 4778 /* 4779 * Generate code to test the low-order bit of a MAC address (that's 4780 * the bottom bit of the *first* byte). 4781 */ 4782 static struct block * 4783 gen_mac_multicast(offset) 4784 int offset; 4785 { 4786 register struct block *b0; 4787 register struct slist *s; 4788 4789 /* link[offset] & 1 != 0 */ 4790 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 4791 s->s.k = offset; 4792 b0 = new_block(JMP(BPF_JSET)); 4793 b0->s.k = 1; 4794 b0->stmts = s; 4795 return b0; 4796 } 4797 4798 struct block * 4799 gen_multicast(proto) 4800 int proto; 4801 { 4802 register struct block *b0, *b1, *b2; 4803 register struct slist *s; 4804 4805 switch (proto) { 4806 4807 case Q_DEFAULT: 4808 case Q_LINK: 4809 if (linktype == DLT_ARCNET || linktype == DLT_ARCNET_LINUX) 4810 /* all ARCnet multicasts use the same address */ 4811 return gen_ahostop(abroadcast, Q_DST); 4812 4813 if (linktype == DLT_EN10MB) { 4814 /* ether[0] & 1 != 0 */ 4815 return gen_mac_multicast(0); 4816 } 4817 4818 if (linktype == DLT_FDDI) { 4819 /* 4820 * XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX 4821 * 4822 * XXX - was that referring to bit-order issues? 4823 */ 4824 /* fddi[1] & 1 != 0 */ 4825 return gen_mac_multicast(1); 4826 } 4827 4828 if (linktype == DLT_IEEE802) { 4829 /* tr[2] & 1 != 0 */ 4830 return gen_mac_multicast(2); 4831 } 4832 4833 if (linktype == DLT_IEEE802_11) { 4834 /* 4835 * Oh, yuk. 4836 * 4837 * For control frames, there is no DA. 4838 * 4839 * For management frames, DA is at an 4840 * offset of 4 from the beginning of 4841 * the packet. 4842 * 4843 * For data frames, DA is at an offset 4844 * of 4 from the beginning of the packet 4845 * if To DS is clear and at an offset of 4846 * 16 from the beginning of the packet 4847 * if To DS is set. 4848 */ 4849 4850 /* 4851 * Generate the tests to be done for data frames. 4852 * 4853 * First, check for To DS set, i.e. "link[1] & 0x01". 4854 */ 4855 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 4856 s->s.k = 1; 4857 b1 = new_block(JMP(BPF_JSET)); 4858 b1->s.k = 0x01; /* To DS */ 4859 b1->stmts = s; 4860 4861 /* 4862 * If To DS is set, the DA is at 16. 4863 */ 4864 b0 = gen_mac_multicast(16); 4865 gen_and(b1, b0); 4866 4867 /* 4868 * Now, check for To DS not set, i.e. check 4869 * "!(link[1] & 0x01)". 4870 */ 4871 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 4872 s->s.k = 1; 4873 b2 = new_block(JMP(BPF_JSET)); 4874 b2->s.k = 0x01; /* To DS */ 4875 b2->stmts = s; 4876 gen_not(b2); 4877 4878 /* 4879 * If To DS is not set, the DA is at 4. 4880 */ 4881 b1 = gen_mac_multicast(4); 4882 gen_and(b2, b1); 4883 4884 /* 4885 * Now OR together the last two checks. That gives 4886 * the complete set of checks for data frames. 4887 */ 4888 gen_or(b1, b0); 4889 4890 /* 4891 * Now check for a data frame. 4892 * I.e, check "link[0] & 0x08". 4893 */ 4894 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 4895 s->s.k = 0; 4896 b1 = new_block(JMP(BPF_JSET)); 4897 b1->s.k = 0x08; 4898 b1->stmts = s; 4899 4900 /* 4901 * AND that with the checks done for data frames. 4902 */ 4903 gen_and(b1, b0); 4904 4905 /* 4906 * If the high-order bit of the type value is 0, this 4907 * is a management frame. 4908 * I.e, check "!(link[0] & 0x08)". 4909 */ 4910 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 4911 s->s.k = 0; 4912 b2 = new_block(JMP(BPF_JSET)); 4913 b2->s.k = 0x08; 4914 b2->stmts = s; 4915 gen_not(b2); 4916 4917 /* 4918 * For management frames, the DA is at 4. 4919 */ 4920 b1 = gen_mac_multicast(4); 4921 gen_and(b2, b1); 4922 4923 /* 4924 * OR that with the checks done for data frames. 4925 * That gives the checks done for management and 4926 * data frames. 4927 */ 4928 gen_or(b1, b0); 4929 4930 /* 4931 * If the low-order bit of the type value is 1, 4932 * this is either a control frame or a frame 4933 * with a reserved type, and thus not a 4934 * frame with an SA. 4935 * 4936 * I.e., check "!(link[0] & 0x04)". 4937 */ 4938 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 4939 s->s.k = 0; 4940 b1 = new_block(JMP(BPF_JSET)); 4941 b1->s.k = 0x04; 4942 b1->stmts = s; 4943 gen_not(b1); 4944 4945 /* 4946 * AND that with the checks for data and management 4947 * frames. 4948 */ 4949 gen_and(b1, b0); 4950 return b0; 4951 } 4952 4953 if (linktype == DLT_IP_OVER_FC) { 4954 b0 = gen_mac_multicast(2); 4955 return b0; 4956 } 4957 4958 if (linktype == DLT_SUNATM && is_lane) { 4959 /* 4960 * Check that the packet doesn't begin with an 4961 * LE Control marker. (We've already generated 4962 * a test for LANE.) 4963 */ 4964 b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00); 4965 gen_not(b1); 4966 4967 /* ether[off_mac] & 1 != 0 */ 4968 b0 = gen_mac_multicast(off_mac); 4969 gen_and(b1, b0); 4970 return b0; 4971 } 4972 4973 /* Link not known to support multicasts */ 4974 break; 4975 4976 case Q_IP: 4977 b0 = gen_linktype(ETHERTYPE_IP); 4978 b1 = gen_cmp(off_nl + 16, BPF_B, (bpf_int32)224); 4979 b1->s.code = JMP(BPF_JGE); 4980 gen_and(b0, b1); 4981 return b1; 4982 4983 #ifdef INET6 4984 case Q_IPV6: 4985 b0 = gen_linktype(ETHERTYPE_IPV6); 4986 b1 = gen_cmp(off_nl + 24, BPF_B, (bpf_int32)255); 4987 gen_and(b0, b1); 4988 return b1; 4989 #endif /* INET6 */ 4990 } 4991 bpf_error("link-layer multicast filters supported only on ethernet/FDDI/token ring/ARCNET/802.11/ATM LANE/Fibre Channel"); 4992 } 4993 4994 /* 4995 * generate command for inbound/outbound. It's here so we can 4996 * make it link-type specific. 'dir' = 0 implies "inbound", 4997 * = 1 implies "outbound". 4998 */ 4999 struct block * 5000 gen_inbound(dir) 5001 int dir; 5002 { 5003 register struct block *b0; 5004 5005 /* 5006 * Only some data link types support inbound/outbound qualifiers. 5007 */ 5008 switch (linktype) { 5009 case DLT_SLIP: 5010 b0 = gen_relation(BPF_JEQ, 5011 gen_load(Q_LINK, gen_loadi(0), 1), 5012 gen_loadi(0), 5013 dir); 5014 break; 5015 5016 case DLT_LINUX_SLL: 5017 if (dir) { 5018 /* 5019 * Match packets sent by this machine. 5020 */ 5021 b0 = gen_cmp(0, BPF_H, LINUX_SLL_OUTGOING); 5022 } else { 5023 /* 5024 * Match packets sent to this machine. 5025 * (No broadcast or multicast packets, or 5026 * packets sent to some other machine and 5027 * received promiscuously.) 5028 * 5029 * XXX - packets sent to other machines probably 5030 * shouldn't be matched, but what about broadcast 5031 * or multicast packets we received? 5032 */ 5033 b0 = gen_cmp(0, BPF_H, LINUX_SLL_HOST); 5034 } 5035 break; 5036 5037 case DLT_PFLOG: 5038 b0 = gen_cmp(offsetof(struct pfloghdr, dir), BPF_B, 5039 (bpf_int32)((dir == 0) ? PF_IN : PF_OUT)); 5040 break; 5041 5042 default: 5043 bpf_error("inbound/outbound not supported on linktype %d", 5044 linktype); 5045 b0 = NULL; 5046 /* NOTREACHED */ 5047 } 5048 return (b0); 5049 } 5050 5051 /* PF firewall log matched interface */ 5052 struct block * 5053 gen_pf_ifname(const char *ifname) 5054 { 5055 struct block *b0; 5056 u_int len, off; 5057 5058 if (linktype == DLT_PFLOG) { 5059 len = sizeof(((struct pfloghdr *)0)->ifname); 5060 off = offsetof(struct pfloghdr, ifname); 5061 } else { 5062 bpf_error("ifname not supported on linktype 0x%x", linktype); 5063 /* NOTREACHED */ 5064 } 5065 if (strlen(ifname) >= len) { 5066 bpf_error("ifname interface names can only be %d characters", 5067 len-1); 5068 /* NOTREACHED */ 5069 } 5070 b0 = gen_bcmp(off, strlen(ifname), ifname); 5071 return (b0); 5072 } 5073 5074 /* PF firewall log matched interface */ 5075 struct block * 5076 gen_pf_ruleset(char *ruleset) 5077 { 5078 struct block *b0; 5079 5080 if (linktype != DLT_PFLOG) { 5081 bpf_error("ruleset not supported on linktype 0x%x", linktype); 5082 /* NOTREACHED */ 5083 } 5084 if (strlen(ruleset) >= sizeof(((struct pfloghdr *)0)->ruleset)) { 5085 bpf_error("ruleset names can only be %ld characters", 5086 (long)(sizeof(((struct pfloghdr *)0)->ruleset) - 1)); 5087 /* NOTREACHED */ 5088 } 5089 b0 = gen_bcmp(offsetof(struct pfloghdr, ruleset), 5090 strlen(ruleset), ruleset); 5091 return (b0); 5092 } 5093 5094 /* PF firewall log rule number */ 5095 struct block * 5096 gen_pf_rnr(int rnr) 5097 { 5098 struct block *b0; 5099 5100 if (linktype == DLT_PFLOG) { 5101 b0 = gen_cmp(offsetof(struct pfloghdr, rulenr), BPF_W, 5102 (bpf_int32)rnr); 5103 } else { 5104 bpf_error("rnr not supported on linktype 0x%x", linktype); 5105 /* NOTREACHED */ 5106 } 5107 5108 return (b0); 5109 } 5110 5111 /* PF firewall log sub-rule number */ 5112 struct block * 5113 gen_pf_srnr(int srnr) 5114 { 5115 struct block *b0; 5116 5117 if (linktype != DLT_PFLOG) { 5118 bpf_error("srnr not supported on linktype 0x%x", linktype); 5119 /* NOTREACHED */ 5120 } 5121 5122 b0 = gen_cmp(offsetof(struct pfloghdr, subrulenr), BPF_W, 5123 (bpf_int32)srnr); 5124 return (b0); 5125 } 5126 5127 /* PF firewall log reason code */ 5128 struct block * 5129 gen_pf_reason(int reason) 5130 { 5131 struct block *b0; 5132 5133 if (linktype == DLT_PFLOG) { 5134 b0 = gen_cmp(offsetof(struct pfloghdr, reason), BPF_B, 5135 (bpf_int32)reason); 5136 } else { 5137 bpf_error("reason not supported on linktype 0x%x", linktype); 5138 /* NOTREACHED */ 5139 } 5140 5141 return (b0); 5142 } 5143 5144 /* PF firewall log action */ 5145 struct block * 5146 gen_pf_action(int action) 5147 { 5148 struct block *b0; 5149 5150 if (linktype == DLT_PFLOG) { 5151 b0 = gen_cmp(offsetof(struct pfloghdr, action), BPF_B, 5152 (bpf_int32)action); 5153 } else { 5154 bpf_error("action not supported on linktype 0x%x", linktype); 5155 /* NOTREACHED */ 5156 } 5157 5158 return (b0); 5159 } 5160 5161 struct block * 5162 gen_acode(eaddr, q) 5163 register const u_char *eaddr; 5164 struct qual q; 5165 { 5166 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) { 5167 if (linktype == DLT_ARCNET || linktype == DLT_ARCNET_LINUX) 5168 return gen_ahostop(eaddr, (int)q.dir); 5169 } 5170 bpf_error("ARCnet address used in non-arc expression"); 5171 /* NOTREACHED */ 5172 } 5173 5174 static struct block * 5175 gen_ahostop(eaddr, dir) 5176 register const u_char *eaddr; 5177 register int dir; 5178 { 5179 register struct block *b0, *b1; 5180 5181 switch (dir) { 5182 /* src comes first, different from Ethernet */ 5183 case Q_SRC: 5184 return gen_bcmp(0, 1, eaddr); 5185 5186 case Q_DST: 5187 return gen_bcmp(1, 1, eaddr); 5188 5189 case Q_AND: 5190 b0 = gen_ahostop(eaddr, Q_SRC); 5191 b1 = gen_ahostop(eaddr, Q_DST); 5192 gen_and(b0, b1); 5193 return b1; 5194 5195 case Q_DEFAULT: 5196 case Q_OR: 5197 b0 = gen_ahostop(eaddr, Q_SRC); 5198 b1 = gen_ahostop(eaddr, Q_DST); 5199 gen_or(b0, b1); 5200 return b1; 5201 } 5202 abort(); 5203 /* NOTREACHED */ 5204 } 5205 5206 /* 5207 * support IEEE 802.1Q VLAN trunk over ethernet 5208 */ 5209 struct block * 5210 gen_vlan(vlan_num) 5211 int vlan_num; 5212 { 5213 struct block *b0; 5214 5215 /* 5216 * Change the offsets to point to the type and data fields within 5217 * the VLAN packet. This is somewhat of a kludge. 5218 */ 5219 if (orig_nl == (u_int)-1) { 5220 orig_linktype = off_linktype; /* save original values */ 5221 orig_nl = off_nl; 5222 orig_nl_nosnap = off_nl_nosnap; 5223 5224 switch (linktype) { 5225 5226 case DLT_EN10MB: 5227 off_linktype = 16; 5228 off_nl_nosnap = 18; 5229 off_nl = 18; 5230 break; 5231 5232 default: 5233 bpf_error("no VLAN support for data link type %d", 5234 linktype); 5235 /*NOTREACHED*/ 5236 } 5237 } 5238 5239 /* check for VLAN */ 5240 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q); 5241 5242 /* If a specific VLAN is requested, check VLAN id */ 5243 if (vlan_num >= 0) { 5244 struct block *b1; 5245 5246 b1 = gen_cmp(orig_nl, BPF_H, (bpf_int32)vlan_num); 5247 gen_and(b0, b1); 5248 b0 = b1; 5249 } 5250 5251 return (b0); 5252 } 5253 5254 struct block * 5255 gen_atmfield_code(atmfield, jvalue, jtype, reverse) 5256 int atmfield; 5257 bpf_u_int32 jvalue; 5258 bpf_u_int32 jtype; 5259 int reverse; 5260 { 5261 struct block *b0; 5262 5263 switch (atmfield) { 5264 5265 case A_VPI: 5266 if (!is_atm) 5267 bpf_error("'vpi' supported only on raw ATM"); 5268 if (off_vpi == (u_int)-1) 5269 abort(); 5270 b0 = gen_ncmp(BPF_B, off_vpi, 0xffffffff, (u_int)jtype, 5271 (u_int)jvalue, reverse); 5272 break; 5273 5274 case A_VCI: 5275 if (!is_atm) 5276 bpf_error("'vci' supported only on raw ATM"); 5277 if (off_vci == (u_int)-1) 5278 abort(); 5279 b0 = gen_ncmp(BPF_H, off_vci, 0xffffffff, (u_int)jtype, 5280 (u_int)jvalue, reverse); 5281 break; 5282 5283 case A_PROTOTYPE: 5284 if (off_proto == (u_int)-1) 5285 abort(); /* XXX - this isn't on FreeBSD */ 5286 b0 = gen_ncmp(BPF_B, off_proto, 0x0f, (u_int)jtype, 5287 (u_int)jvalue, reverse); 5288 break; 5289 5290 case A_MSGTYPE: 5291 if (off_payload == (u_int)-1) 5292 abort(); 5293 b0 = gen_ncmp(BPF_B, off_payload + MSG_TYPE_POS, 0xffffffff, 5294 (u_int)jtype, (u_int)jvalue, reverse); 5295 break; 5296 5297 case A_CALLREFTYPE: 5298 if (!is_atm) 5299 bpf_error("'callref' supported only on raw ATM"); 5300 if (off_proto == (u_int)-1) 5301 abort(); 5302 b0 = gen_ncmp(BPF_B, off_proto, 0xffffffff, (u_int)jtype, 5303 (u_int)jvalue, reverse); 5304 break; 5305 5306 default: 5307 abort(); 5308 } 5309 return b0; 5310 } 5311 5312 struct block * 5313 gen_atmtype_abbrev(type) 5314 int type; 5315 { 5316 struct block *b0, *b1; 5317 5318 switch (type) { 5319 5320 case A_METAC: 5321 /* Get all packets in Meta signalling Circuit */ 5322 if (!is_atm) 5323 bpf_error("'metac' supported only on raw ATM"); 5324 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0); 5325 b1 = gen_atmfield_code(A_VCI, 1, BPF_JEQ, 0); 5326 gen_and(b0, b1); 5327 break; 5328 5329 case A_BCC: 5330 /* Get all packets in Broadcast Circuit*/ 5331 if (!is_atm) 5332 bpf_error("'bcc' supported only on raw ATM"); 5333 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0); 5334 b1 = gen_atmfield_code(A_VCI, 2, BPF_JEQ, 0); 5335 gen_and(b0, b1); 5336 break; 5337 5338 case A_OAMF4SC: 5339 /* Get all cells in Segment OAM F4 circuit*/ 5340 if (!is_atm) 5341 bpf_error("'oam4sc' supported only on raw ATM"); 5342 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0); 5343 b1 = gen_atmfield_code(A_VCI, 3, BPF_JEQ, 0); 5344 gen_and(b0, b1); 5345 break; 5346 5347 case A_OAMF4EC: 5348 /* Get all cells in End-to-End OAM F4 Circuit*/ 5349 if (!is_atm) 5350 bpf_error("'oam4ec' supported only on raw ATM"); 5351 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0); 5352 b1 = gen_atmfield_code(A_VCI, 4, BPF_JEQ, 0); 5353 gen_and(b0, b1); 5354 break; 5355 5356 case A_SC: 5357 /* Get all packets in connection Signalling Circuit */ 5358 if (!is_atm) 5359 bpf_error("'sc' supported only on raw ATM"); 5360 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0); 5361 b1 = gen_atmfield_code(A_VCI, 5, BPF_JEQ, 0); 5362 gen_and(b0, b1); 5363 break; 5364 5365 case A_ILMIC: 5366 /* Get all packets in ILMI Circuit */ 5367 if (!is_atm) 5368 bpf_error("'ilmic' supported only on raw ATM"); 5369 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0); 5370 b1 = gen_atmfield_code(A_VCI, 16, BPF_JEQ, 0); 5371 gen_and(b0, b1); 5372 break; 5373 5374 case A_LANE: 5375 /* Get all LANE packets */ 5376 if (!is_atm) 5377 bpf_error("'lane' supported only on raw ATM"); 5378 b1 = gen_atmfield_code(A_PROTOTYPE, PT_LANE, BPF_JEQ, 0); 5379 5380 /* 5381 * Arrange that all subsequent tests assume LANE 5382 * rather than LLC-encapsulated packets, and set 5383 * the offsets appropriately for LANE-encapsulated 5384 * Ethernet. 5385 * 5386 * "off_mac" is the offset of the Ethernet header, 5387 * which is 2 bytes past the ATM pseudo-header 5388 * (skipping the pseudo-header and 2-byte LE Client 5389 * field). The other offsets are Ethernet offsets 5390 * relative to "off_mac". 5391 */ 5392 is_lane = 1; 5393 off_mac = off_payload + 2; /* MAC header */ 5394 off_linktype = off_mac + 12; 5395 off_nl = off_mac + 14; /* Ethernet II */ 5396 off_nl_nosnap = off_mac + 17; /* 802.3+802.2 */ 5397 break; 5398 5399 case A_LLC: 5400 /* Get all LLC-encapsulated packets */ 5401 if (!is_atm) 5402 bpf_error("'llc' supported only on raw ATM"); 5403 b1 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0); 5404 is_lane = 0; 5405 break; 5406 5407 default: 5408 abort(); 5409 } 5410 return b1; 5411 } 5412 5413 5414 static struct block * 5415 gen_msg_abbrev(type) 5416 int type; 5417 { 5418 struct block *b1; 5419 5420 /* 5421 * Q.2931 signalling protocol messages for handling virtual circuits 5422 * establishment and teardown 5423 */ 5424 switch (type) { 5425 5426 case A_SETUP: 5427 b1 = gen_atmfield_code(A_MSGTYPE, SETUP, BPF_JEQ, 0); 5428 break; 5429 5430 case A_CALLPROCEED: 5431 b1 = gen_atmfield_code(A_MSGTYPE, CALL_PROCEED, BPF_JEQ, 0); 5432 break; 5433 5434 case A_CONNECT: 5435 b1 = gen_atmfield_code(A_MSGTYPE, CONNECT, BPF_JEQ, 0); 5436 break; 5437 5438 case A_CONNECTACK: 5439 b1 = gen_atmfield_code(A_MSGTYPE, CONNECT_ACK, BPF_JEQ, 0); 5440 break; 5441 5442 case A_RELEASE: 5443 b1 = gen_atmfield_code(A_MSGTYPE, RELEASE, BPF_JEQ, 0); 5444 break; 5445 5446 case A_RELEASE_DONE: 5447 b1 = gen_atmfield_code(A_MSGTYPE, RELEASE_DONE, BPF_JEQ, 0); 5448 break; 5449 5450 default: 5451 abort(); 5452 } 5453 return b1; 5454 } 5455 5456 struct block * 5457 gen_atmmulti_abbrev(type) 5458 int type; 5459 { 5460 struct block *b0, *b1; 5461 5462 switch (type) { 5463 5464 case A_OAM: 5465 if (!is_atm) 5466 bpf_error("'oam' supported only on raw ATM"); 5467 b1 = gen_atmmulti_abbrev(A_OAMF4); 5468 break; 5469 5470 case A_OAMF4: 5471 if (!is_atm) 5472 bpf_error("'oamf4' supported only on raw ATM"); 5473 /* OAM F4 type */ 5474 b0 = gen_atmfield_code(A_VCI, 3, BPF_JEQ, 0); 5475 b1 = gen_atmfield_code(A_VCI, 4, BPF_JEQ, 0); 5476 gen_or(b0, b1); 5477 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0); 5478 gen_and(b0, b1); 5479 break; 5480 5481 case A_CONNECTMSG: 5482 /* 5483 * Get Q.2931 signalling messages for switched 5484 * virtual connection 5485 */ 5486 if (!is_atm) 5487 bpf_error("'connectmsg' supported only on raw ATM"); 5488 b0 = gen_msg_abbrev(A_SETUP); 5489 b1 = gen_msg_abbrev(A_CALLPROCEED); 5490 gen_or(b0, b1); 5491 b0 = gen_msg_abbrev(A_CONNECT); 5492 gen_or(b0, b1); 5493 b0 = gen_msg_abbrev(A_CONNECTACK); 5494 gen_or(b0, b1); 5495 b0 = gen_msg_abbrev(A_RELEASE); 5496 gen_or(b0, b1); 5497 b0 = gen_msg_abbrev(A_RELEASE_DONE); 5498 gen_or(b0, b1); 5499 b0 = gen_atmtype_abbrev(A_SC); 5500 gen_and(b0, b1); 5501 break; 5502 5503 case A_METACONNECT: 5504 if (!is_atm) 5505 bpf_error("'metaconnect' supported only on raw ATM"); 5506 b0 = gen_msg_abbrev(A_SETUP); 5507 b1 = gen_msg_abbrev(A_CALLPROCEED); 5508 gen_or(b0, b1); 5509 b0 = gen_msg_abbrev(A_CONNECT); 5510 gen_or(b0, b1); 5511 b0 = gen_msg_abbrev(A_RELEASE); 5512 gen_or(b0, b1); 5513 b0 = gen_msg_abbrev(A_RELEASE_DONE); 5514 gen_or(b0, b1); 5515 b0 = gen_atmtype_abbrev(A_METAC); 5516 gen_and(b0, b1); 5517 break; 5518 5519 default: 5520 abort(); 5521 } 5522 return b1; 5523 } 5524