1 /* 2 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that: (1) source code distributions 7 * retain the above copyright notice and this paragraph in its entirety, (2) 8 * distributions including binary code include the above copyright notice and 9 * this paragraph in its entirety in the documentation or other materials 10 * provided with the distribution, and (3) all advertising materials mentioning 11 * features or use of this software display the following acknowledgement: 12 * ``This product includes software developed by the University of California, 13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 14 * the University nor the names of its contributors may be used to endorse 15 * or promote products derived from this software without specific prior 16 * written permission. 17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 20 */ 21 22 #include <config.h> 23 24 #ifdef _WIN32 25 #include <ws2tcpip.h> 26 #else 27 #include <netinet/in.h> 28 #endif /* _WIN32 */ 29 30 #include <stdlib.h> 31 #include <string.h> 32 #include <memory.h> 33 #include <setjmp.h> 34 #include <stdarg.h> 35 #include <stdio.h> 36 37 #ifdef MSDOS 38 #include "pcap-dos.h" 39 #endif 40 41 #include "pcap-int.h" 42 43 #include "extract.h" 44 45 #include "ethertype.h" 46 #include "nlpid.h" 47 #include "llc.h" 48 #include "gencode.h" 49 #include "ieee80211.h" 50 #include "atmuni31.h" 51 #include "sunatmpos.h" 52 #include "pflog.h" 53 #include "ppp.h" 54 #include "pcap/sll.h" 55 #include "pcap/ipnet.h" 56 #include "arcnet.h" 57 #include "diag-control.h" 58 59 #include "scanner.h" 60 61 #if defined(__linux__) 62 #include <linux/types.h> 63 #include <linux/if_packet.h> 64 #include <linux/filter.h> 65 #endif 66 67 #ifndef offsetof 68 #define offsetof(s, e) ((size_t)&((s *)0)->e) 69 #endif 70 71 #ifdef _WIN32 72 #ifdef HAVE_NPCAP_BPF_H 73 /* Defines BPF extensions for Npcap */ 74 #include <npcap-bpf.h> 75 #endif 76 #ifdef INET6 77 #if defined(__MINGW32__) && defined(DEFINE_ADDITIONAL_IPV6_STUFF) 78 /* IPv6 address */ 79 struct in6_addr 80 { 81 union 82 { 83 uint8_t u6_addr8[16]; 84 uint16_t u6_addr16[8]; 85 uint32_t u6_addr32[4]; 86 } in6_u; 87 #define s6_addr in6_u.u6_addr8 88 #define s6_addr16 in6_u.u6_addr16 89 #define s6_addr32 in6_u.u6_addr32 90 #define s6_addr64 in6_u.u6_addr64 91 }; 92 93 typedef unsigned short sa_family_t; 94 95 #define __SOCKADDR_COMMON(sa_prefix) \ 96 sa_family_t sa_prefix##family 97 98 /* Ditto, for IPv6. */ 99 struct sockaddr_in6 100 { 101 __SOCKADDR_COMMON (sin6_); 102 uint16_t sin6_port; /* Transport layer port # */ 103 uint32_t sin6_flowinfo; /* IPv6 flow information */ 104 struct in6_addr sin6_addr; /* IPv6 address */ 105 }; 106 107 #ifndef EAI_ADDRFAMILY 108 struct addrinfo { 109 int ai_flags; /* AI_PASSIVE, AI_CANONNAME */ 110 int ai_family; /* PF_xxx */ 111 int ai_socktype; /* SOCK_xxx */ 112 int ai_protocol; /* 0 or IPPROTO_xxx for IPv4 and IPv6 */ 113 size_t ai_addrlen; /* length of ai_addr */ 114 char *ai_canonname; /* canonical name for hostname */ 115 struct sockaddr *ai_addr; /* binary address */ 116 struct addrinfo *ai_next; /* next structure in linked list */ 117 }; 118 #endif /* EAI_ADDRFAMILY */ 119 #endif /* defined(__MINGW32__) && defined(DEFINE_ADDITIONAL_IPV6_STUFF) */ 120 #endif /* INET6 */ 121 #else /* _WIN32 */ 122 #include <netdb.h> /* for "struct addrinfo" */ 123 #endif /* _WIN32 */ 124 #include <pcap/namedb.h> 125 126 #include "nametoaddr.h" 127 128 #define ETHERMTU 1500 129 130 #ifndef IPPROTO_HOPOPTS 131 #define IPPROTO_HOPOPTS 0 132 #endif 133 #ifndef IPPROTO_ROUTING 134 #define IPPROTO_ROUTING 43 135 #endif 136 #ifndef IPPROTO_FRAGMENT 137 #define IPPROTO_FRAGMENT 44 138 #endif 139 #ifndef IPPROTO_DSTOPTS 140 #define IPPROTO_DSTOPTS 60 141 #endif 142 #ifndef IPPROTO_SCTP 143 #define IPPROTO_SCTP 132 144 #endif 145 146 #define GENEVE_PORT 6081 147 148 #ifdef HAVE_OS_PROTO_H 149 #include "os-proto.h" 150 #endif 151 152 #define JMP(c) ((c)|BPF_JMP|BPF_K) 153 154 /* 155 * "Push" the current value of the link-layer header type and link-layer 156 * header offset onto a "stack", and set a new value. (It's not a 157 * full-blown stack; we keep only the top two items.) 158 */ 159 #define PUSH_LINKHDR(cs, new_linktype, new_is_variable, new_constant_part, new_reg) \ 160 { \ 161 (cs)->prevlinktype = (cs)->linktype; \ 162 (cs)->off_prevlinkhdr = (cs)->off_linkhdr; \ 163 (cs)->linktype = (new_linktype); \ 164 (cs)->off_linkhdr.is_variable = (new_is_variable); \ 165 (cs)->off_linkhdr.constant_part = (new_constant_part); \ 166 (cs)->off_linkhdr.reg = (new_reg); \ 167 (cs)->is_geneve = 0; \ 168 } 169 170 /* 171 * Offset "not set" value. 172 */ 173 #define OFFSET_NOT_SET 0xffffffffU 174 175 /* 176 * Absolute offsets, which are offsets from the beginning of the raw 177 * packet data, are, in the general case, the sum of a variable value 178 * and a constant value; the variable value may be absent, in which 179 * case the offset is only the constant value, and the constant value 180 * may be zero, in which case the offset is only the variable value. 181 * 182 * bpf_abs_offset is a structure containing all that information: 183 * 184 * is_variable is 1 if there's a variable part. 185 * 186 * constant_part is the constant part of the value, possibly zero; 187 * 188 * if is_variable is 1, reg is the register number for a register 189 * containing the variable value if the register has been assigned, 190 * and -1 otherwise. 191 */ 192 typedef struct { 193 int is_variable; 194 u_int constant_part; 195 int reg; 196 } bpf_abs_offset; 197 198 /* 199 * Value passed to gen_load_a() to indicate what the offset argument 200 * is relative to the beginning of. 201 */ 202 enum e_offrel { 203 OR_PACKET, /* full packet data */ 204 OR_LINKHDR, /* link-layer header */ 205 OR_PREVLINKHDR, /* previous link-layer header */ 206 OR_LLC, /* 802.2 LLC header */ 207 OR_PREVMPLSHDR, /* previous MPLS header */ 208 OR_LINKTYPE, /* link-layer type */ 209 OR_LINKPL, /* link-layer payload */ 210 OR_LINKPL_NOSNAP, /* link-layer payload, with no SNAP header at the link layer */ 211 OR_TRAN_IPV4, /* transport-layer header, with IPv4 network layer */ 212 OR_TRAN_IPV6 /* transport-layer header, with IPv6 network layer */ 213 }; 214 215 /* 216 * We divvy out chunks of memory rather than call malloc each time so 217 * we don't have to worry about leaking memory. It's probably 218 * not a big deal if all this memory was wasted but if this ever 219 * goes into a library that would probably not be a good idea. 220 * 221 * XXX - this *is* in a library.... 222 */ 223 #define NCHUNKS 16 224 #define CHUNK0SIZE 1024 225 struct chunk { 226 size_t n_left; 227 void *m; 228 }; 229 230 /* 231 * A chunk can store any of: 232 * - a string (guaranteed alignment 1 but present for completeness) 233 * - a block 234 * - an slist 235 * - an arth 236 * For this simple allocator every allocated chunk gets rounded up to the 237 * alignment needed for any chunk. 238 */ 239 struct chunk_align { 240 char dummy; 241 union { 242 char c; 243 struct block b; 244 struct slist s; 245 struct arth a; 246 } u; 247 }; 248 #define CHUNK_ALIGN (offsetof(struct chunk_align, u)) 249 250 /* Code generator state */ 251 252 struct _compiler_state { 253 jmp_buf top_ctx; 254 pcap_t *bpf_pcap; 255 int error_set; 256 257 struct icode ic; 258 259 int snaplen; 260 261 int linktype; 262 int prevlinktype; 263 int outermostlinktype; 264 265 bpf_u_int32 netmask; 266 int no_optimize; 267 268 /* Hack for handling VLAN and MPLS stacks. */ 269 u_int label_stack_depth; 270 u_int vlan_stack_depth; 271 272 /* XXX */ 273 u_int pcap_fddipad; 274 275 /* 276 * As errors are handled by a longjmp, anything allocated must 277 * be freed in the longjmp handler, so it must be reachable 278 * from that handler. 279 * 280 * One thing that's allocated is the result of pcap_nametoaddrinfo(); 281 * it must be freed with freeaddrinfo(). This variable points to 282 * any addrinfo structure that would need to be freed. 283 */ 284 struct addrinfo *ai; 285 286 /* 287 * Another thing that's allocated is the result of pcap_ether_aton(); 288 * it must be freed with free(). This variable points to any 289 * address that would need to be freed. 290 */ 291 u_char *e; 292 293 /* 294 * Various code constructs need to know the layout of the packet. 295 * These values give the necessary offsets from the beginning 296 * of the packet data. 297 */ 298 299 /* 300 * Absolute offset of the beginning of the link-layer header. 301 */ 302 bpf_abs_offset off_linkhdr; 303 304 /* 305 * If we're checking a link-layer header for a packet encapsulated 306 * in another protocol layer, this is the equivalent information 307 * for the previous layers' link-layer header from the beginning 308 * of the raw packet data. 309 */ 310 bpf_abs_offset off_prevlinkhdr; 311 312 /* 313 * This is the equivalent information for the outermost layers' 314 * link-layer header. 315 */ 316 bpf_abs_offset off_outermostlinkhdr; 317 318 /* 319 * Absolute offset of the beginning of the link-layer payload. 320 */ 321 bpf_abs_offset off_linkpl; 322 323 /* 324 * "off_linktype" is the offset to information in the link-layer 325 * header giving the packet type. This is an absolute offset 326 * from the beginning of the packet. 327 * 328 * For Ethernet, it's the offset of the Ethernet type field; this 329 * means that it must have a value that skips VLAN tags. 330 * 331 * For link-layer types that always use 802.2 headers, it's the 332 * offset of the LLC header; this means that it must have a value 333 * that skips VLAN tags. 334 * 335 * For PPP, it's the offset of the PPP type field. 336 * 337 * For Cisco HDLC, it's the offset of the CHDLC type field. 338 * 339 * For BSD loopback, it's the offset of the AF_ value. 340 * 341 * For Linux cooked sockets, it's the offset of the type field. 342 * 343 * off_linktype.constant_part is set to OFFSET_NOT_SET for no 344 * encapsulation, in which case, IP is assumed. 345 */ 346 bpf_abs_offset off_linktype; 347 348 /* 349 * TRUE if the link layer includes an ATM pseudo-header. 350 */ 351 int is_atm; 352 353 /* 354 * TRUE if "geneve" appeared in the filter; it causes us to 355 * generate code that checks for a Geneve header and assume 356 * that later filters apply to the encapsulated payload. 357 */ 358 int is_geneve; 359 360 /* 361 * TRUE if we need variable length part of VLAN offset 362 */ 363 int is_vlan_vloffset; 364 365 /* 366 * These are offsets for the ATM pseudo-header. 367 */ 368 u_int off_vpi; 369 u_int off_vci; 370 u_int off_proto; 371 372 /* 373 * These are offsets for the MTP2 fields. 374 */ 375 u_int off_li; 376 u_int off_li_hsl; 377 378 /* 379 * These are offsets for the MTP3 fields. 380 */ 381 u_int off_sio; 382 u_int off_opc; 383 u_int off_dpc; 384 u_int off_sls; 385 386 /* 387 * This is the offset of the first byte after the ATM pseudo_header, 388 * or -1 if there is no ATM pseudo-header. 389 */ 390 u_int off_payload; 391 392 /* 393 * These are offsets to the beginning of the network-layer header. 394 * They are relative to the beginning of the link-layer payload 395 * (i.e., they don't include off_linkhdr.constant_part or 396 * off_linkpl.constant_part). 397 * 398 * If the link layer never uses 802.2 LLC: 399 * 400 * "off_nl" and "off_nl_nosnap" are the same. 401 * 402 * If the link layer always uses 802.2 LLC: 403 * 404 * "off_nl" is the offset if there's a SNAP header following 405 * the 802.2 header; 406 * 407 * "off_nl_nosnap" is the offset if there's no SNAP header. 408 * 409 * If the link layer is Ethernet: 410 * 411 * "off_nl" is the offset if the packet is an Ethernet II packet 412 * (we assume no 802.3+802.2+SNAP); 413 * 414 * "off_nl_nosnap" is the offset if the packet is an 802.3 packet 415 * with an 802.2 header following it. 416 */ 417 u_int off_nl; 418 u_int off_nl_nosnap; 419 420 /* 421 * Here we handle simple allocation of the scratch registers. 422 * If too many registers are alloc'd, the allocator punts. 423 */ 424 int regused[BPF_MEMWORDS]; 425 int curreg; 426 427 /* 428 * Memory chunks. 429 */ 430 struct chunk chunks[NCHUNKS]; 431 int cur_chunk; 432 }; 433 434 /* 435 * For use by routines outside this file. 436 */ 437 /* VARARGS */ 438 void 439 bpf_set_error(compiler_state_t *cstate, const char *fmt, ...) 440 { 441 va_list ap; 442 443 /* 444 * If we've already set an error, don't override it. 445 * The lexical analyzer reports some errors by setting 446 * the error and then returning a LEX_ERROR token, which 447 * is not recognized by any grammar rule, and thus forces 448 * the parse to stop. We don't want the error reported 449 * by the lexical analyzer to be overwritten by the syntax 450 * error. 451 */ 452 if (!cstate->error_set) { 453 va_start(ap, fmt); 454 (void)vsnprintf(cstate->bpf_pcap->errbuf, PCAP_ERRBUF_SIZE, 455 fmt, ap); 456 va_end(ap); 457 cstate->error_set = 1; 458 } 459 } 460 461 /* 462 * For use *ONLY* in routines in this file. 463 */ 464 static void PCAP_NORETURN bpf_error(compiler_state_t *, const char *, ...) 465 PCAP_PRINTFLIKE(2, 3); 466 467 /* VARARGS */ 468 static void PCAP_NORETURN 469 bpf_error(compiler_state_t *cstate, const char *fmt, ...) 470 { 471 va_list ap; 472 473 va_start(ap, fmt); 474 (void)vsnprintf(cstate->bpf_pcap->errbuf, PCAP_ERRBUF_SIZE, 475 fmt, ap); 476 va_end(ap); 477 longjmp(cstate->top_ctx, 1); 478 /*NOTREACHED*/ 479 #ifdef _AIX 480 PCAP_UNREACHABLE 481 #endif /* _AIX */ 482 } 483 484 static int init_linktype(compiler_state_t *, pcap_t *); 485 486 static void init_regs(compiler_state_t *); 487 static int alloc_reg(compiler_state_t *); 488 static void free_reg(compiler_state_t *, int); 489 490 static void initchunks(compiler_state_t *cstate); 491 static void *newchunk_nolongjmp(compiler_state_t *cstate, size_t); 492 static void *newchunk(compiler_state_t *cstate, size_t); 493 static void freechunks(compiler_state_t *cstate); 494 static inline struct block *new_block(compiler_state_t *cstate, int); 495 static inline struct slist *new_stmt(compiler_state_t *cstate, int); 496 static struct block *gen_retblk(compiler_state_t *cstate, int); 497 static inline void syntax(compiler_state_t *cstate); 498 499 static void backpatch(struct block *, struct block *); 500 static void merge(struct block *, struct block *); 501 static struct block *gen_cmp(compiler_state_t *, enum e_offrel, u_int, 502 u_int, bpf_u_int32); 503 static struct block *gen_cmp_gt(compiler_state_t *, enum e_offrel, u_int, 504 u_int, bpf_u_int32); 505 static struct block *gen_cmp_ge(compiler_state_t *, enum e_offrel, u_int, 506 u_int, bpf_u_int32); 507 static struct block *gen_cmp_lt(compiler_state_t *, enum e_offrel, u_int, 508 u_int, bpf_u_int32); 509 static struct block *gen_cmp_le(compiler_state_t *, enum e_offrel, u_int, 510 u_int, bpf_u_int32); 511 static struct block *gen_mcmp(compiler_state_t *, enum e_offrel, u_int, 512 u_int, bpf_u_int32, bpf_u_int32); 513 static struct block *gen_bcmp(compiler_state_t *, enum e_offrel, u_int, 514 u_int, const u_char *); 515 static struct block *gen_ncmp(compiler_state_t *, enum e_offrel, u_int, 516 u_int, bpf_u_int32, int, int, bpf_u_int32); 517 static struct slist *gen_load_absoffsetrel(compiler_state_t *, bpf_abs_offset *, 518 u_int, u_int); 519 static struct slist *gen_load_a(compiler_state_t *, enum e_offrel, u_int, 520 u_int); 521 static struct slist *gen_loadx_iphdrlen(compiler_state_t *); 522 static struct block *gen_uncond(compiler_state_t *, int); 523 static inline struct block *gen_true(compiler_state_t *); 524 static inline struct block *gen_false(compiler_state_t *); 525 static struct block *gen_ether_linktype(compiler_state_t *, bpf_u_int32); 526 static struct block *gen_ipnet_linktype(compiler_state_t *, bpf_u_int32); 527 static struct block *gen_linux_sll_linktype(compiler_state_t *, bpf_u_int32); 528 static struct slist *gen_load_pflog_llprefixlen(compiler_state_t *); 529 static struct slist *gen_load_prism_llprefixlen(compiler_state_t *); 530 static struct slist *gen_load_avs_llprefixlen(compiler_state_t *); 531 static struct slist *gen_load_radiotap_llprefixlen(compiler_state_t *); 532 static struct slist *gen_load_ppi_llprefixlen(compiler_state_t *); 533 static void insert_compute_vloffsets(compiler_state_t *, struct block *); 534 static struct slist *gen_abs_offset_varpart(compiler_state_t *, 535 bpf_abs_offset *); 536 static bpf_u_int32 ethertype_to_ppptype(bpf_u_int32); 537 static struct block *gen_linktype(compiler_state_t *, bpf_u_int32); 538 static struct block *gen_snap(compiler_state_t *, bpf_u_int32, bpf_u_int32); 539 static struct block *gen_llc_linktype(compiler_state_t *, bpf_u_int32); 540 static struct block *gen_hostop(compiler_state_t *, bpf_u_int32, bpf_u_int32, 541 int, bpf_u_int32, u_int, u_int); 542 #ifdef INET6 543 static struct block *gen_hostop6(compiler_state_t *, struct in6_addr *, 544 struct in6_addr *, int, bpf_u_int32, u_int, u_int); 545 #endif 546 static struct block *gen_ahostop(compiler_state_t *, const uint8_t, int); 547 static struct block *gen_ehostop(compiler_state_t *, const u_char *, int); 548 static struct block *gen_fhostop(compiler_state_t *, const u_char *, int); 549 static struct block *gen_thostop(compiler_state_t *, const u_char *, int); 550 static struct block *gen_wlanhostop(compiler_state_t *, const u_char *, int); 551 static struct block *gen_ipfchostop(compiler_state_t *, const u_char *, int); 552 static struct block *gen_dnhostop(compiler_state_t *, bpf_u_int32, int); 553 static struct block *gen_mpls_linktype(compiler_state_t *, bpf_u_int32); 554 static struct block *gen_host(compiler_state_t *, bpf_u_int32, bpf_u_int32, 555 int, int, int); 556 #ifdef INET6 557 static struct block *gen_host6(compiler_state_t *, struct in6_addr *, 558 struct in6_addr *, int, int, int); 559 #endif 560 #ifndef INET6 561 static struct block *gen_gateway(compiler_state_t *, const u_char *, 562 struct addrinfo *, int, int); 563 #endif 564 static struct block *gen_ipfrag(compiler_state_t *); 565 static struct block *gen_portatom(compiler_state_t *, int, bpf_u_int32); 566 static struct block *gen_portrangeatom(compiler_state_t *, u_int, bpf_u_int32, 567 bpf_u_int32); 568 static struct block *gen_portatom6(compiler_state_t *, int, bpf_u_int32); 569 static struct block *gen_portrangeatom6(compiler_state_t *, u_int, bpf_u_int32, 570 bpf_u_int32); 571 static struct block *gen_portop(compiler_state_t *, u_int, u_int, int); 572 static struct block *gen_port(compiler_state_t *, u_int, int, int); 573 static struct block *gen_portrangeop(compiler_state_t *, u_int, u_int, 574 bpf_u_int32, int); 575 static struct block *gen_portrange(compiler_state_t *, u_int, u_int, int, int); 576 struct block *gen_portop6(compiler_state_t *, u_int, u_int, int); 577 static struct block *gen_port6(compiler_state_t *, u_int, int, int); 578 static struct block *gen_portrangeop6(compiler_state_t *, u_int, u_int, 579 bpf_u_int32, int); 580 static struct block *gen_portrange6(compiler_state_t *, u_int, u_int, int, int); 581 static int lookup_proto(compiler_state_t *, const char *, int); 582 #if !defined(NO_PROTOCHAIN) 583 static struct block *gen_protochain(compiler_state_t *, bpf_u_int32, int); 584 #endif /* !defined(NO_PROTOCHAIN) */ 585 static struct block *gen_proto(compiler_state_t *, bpf_u_int32, int, int); 586 static struct slist *xfer_to_x(compiler_state_t *, struct arth *); 587 static struct slist *xfer_to_a(compiler_state_t *, struct arth *); 588 static struct block *gen_mac_multicast(compiler_state_t *, int); 589 static struct block *gen_len(compiler_state_t *, int, int); 590 static struct block *gen_check_802_11_data_frame(compiler_state_t *); 591 static struct block *gen_geneve_ll_check(compiler_state_t *cstate); 592 593 static struct block *gen_ppi_dlt_check(compiler_state_t *); 594 static struct block *gen_atmfield_code_internal(compiler_state_t *, int, 595 bpf_u_int32, int, int); 596 static struct block *gen_atmtype_llc(compiler_state_t *); 597 static struct block *gen_msg_abbrev(compiler_state_t *, int type); 598 599 static void 600 initchunks(compiler_state_t *cstate) 601 { 602 int i; 603 604 for (i = 0; i < NCHUNKS; i++) { 605 cstate->chunks[i].n_left = 0; 606 cstate->chunks[i].m = NULL; 607 } 608 cstate->cur_chunk = 0; 609 } 610 611 static void * 612 newchunk_nolongjmp(compiler_state_t *cstate, size_t n) 613 { 614 struct chunk *cp; 615 int k; 616 size_t size; 617 618 /* Round up to chunk alignment. */ 619 n = (n + CHUNK_ALIGN - 1) & ~(CHUNK_ALIGN - 1); 620 621 cp = &cstate->chunks[cstate->cur_chunk]; 622 if (n > cp->n_left) { 623 ++cp; 624 k = ++cstate->cur_chunk; 625 if (k >= NCHUNKS) { 626 bpf_set_error(cstate, "out of memory"); 627 return (NULL); 628 } 629 size = CHUNK0SIZE << k; 630 cp->m = (void *)malloc(size); 631 if (cp->m == NULL) { 632 bpf_set_error(cstate, "out of memory"); 633 return (NULL); 634 } 635 memset((char *)cp->m, 0, size); 636 cp->n_left = size; 637 if (n > size) { 638 bpf_set_error(cstate, "out of memory"); 639 return (NULL); 640 } 641 } 642 cp->n_left -= n; 643 return (void *)((char *)cp->m + cp->n_left); 644 } 645 646 static void * 647 newchunk(compiler_state_t *cstate, size_t n) 648 { 649 void *p; 650 651 p = newchunk_nolongjmp(cstate, n); 652 if (p == NULL) { 653 longjmp(cstate->top_ctx, 1); 654 /*NOTREACHED*/ 655 } 656 return (p); 657 } 658 659 static void 660 freechunks(compiler_state_t *cstate) 661 { 662 int i; 663 664 for (i = 0; i < NCHUNKS; ++i) 665 if (cstate->chunks[i].m != NULL) 666 free(cstate->chunks[i].m); 667 } 668 669 /* 670 * A strdup whose allocations are freed after code generation is over. 671 * This is used by the lexical analyzer, so it can't longjmp; it just 672 * returns NULL on an allocation error, and the callers must check 673 * for it. 674 */ 675 char * 676 sdup(compiler_state_t *cstate, const char *s) 677 { 678 size_t n = strlen(s) + 1; 679 char *cp = newchunk_nolongjmp(cstate, n); 680 681 if (cp == NULL) 682 return (NULL); 683 pcapint_strlcpy(cp, s, n); 684 return (cp); 685 } 686 687 static inline struct block * 688 new_block(compiler_state_t *cstate, int code) 689 { 690 struct block *p; 691 692 p = (struct block *)newchunk(cstate, sizeof(*p)); 693 p->s.code = code; 694 p->head = p; 695 696 return p; 697 } 698 699 static inline struct slist * 700 new_stmt(compiler_state_t *cstate, int code) 701 { 702 struct slist *p; 703 704 p = (struct slist *)newchunk(cstate, sizeof(*p)); 705 p->s.code = code; 706 707 return p; 708 } 709 710 static struct block * 711 gen_retblk_internal(compiler_state_t *cstate, int v) 712 { 713 struct block *b = new_block(cstate, BPF_RET|BPF_K); 714 715 b->s.k = v; 716 return b; 717 } 718 719 static struct block * 720 gen_retblk(compiler_state_t *cstate, int v) 721 { 722 if (setjmp(cstate->top_ctx)) { 723 /* 724 * gen_retblk() only fails because a memory 725 * allocation failed in newchunk(), meaning 726 * that it can't return a pointer. 727 * 728 * Return NULL. 729 */ 730 return NULL; 731 } 732 return gen_retblk_internal(cstate, v); 733 } 734 735 static inline PCAP_NORETURN_DEF void 736 syntax(compiler_state_t *cstate) 737 { 738 bpf_error(cstate, "syntax error in filter expression"); 739 } 740 741 int 742 pcap_compile(pcap_t *p, struct bpf_program *program, 743 const char *buf, int optimize, bpf_u_int32 mask) 744 { 745 #ifdef _WIN32 746 static int done = 0; 747 #endif 748 compiler_state_t cstate; 749 yyscan_t scanner = NULL; 750 YY_BUFFER_STATE in_buffer = NULL; 751 u_int len; 752 int rc; 753 754 /* 755 * If this pcap_t hasn't been activated, it doesn't have a 756 * link-layer type, so we can't use it. 757 */ 758 if (!p->activated) { 759 (void)snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 760 "not-yet-activated pcap_t passed to pcap_compile"); 761 return (PCAP_ERROR); 762 } 763 764 #ifdef _WIN32 765 if (!done) { 766 pcap_wsockinit(); 767 done = 1; 768 } 769 #endif 770 771 #ifdef ENABLE_REMOTE 772 /* 773 * If the device on which we're capturing need to be notified 774 * that a new filter is being compiled, do so. 775 * 776 * This allows them to save a copy of it, in case, for example, 777 * they're implementing a form of remote packet capture, and 778 * want the remote machine to filter out the packets in which 779 * it's sending the packets it's captured. 780 * 781 * XXX - the fact that we happen to be compiling a filter 782 * doesn't necessarily mean we'll be installing it as the 783 * filter for this pcap_t; we might be running it from userland 784 * on captured packets to do packet classification. We really 785 * need a better way of handling this, but this is all that 786 * the WinPcap remote capture code did. 787 */ 788 if (p->save_current_filter_op != NULL) 789 (p->save_current_filter_op)(p, buf); 790 #endif 791 792 initchunks(&cstate); 793 cstate.no_optimize = 0; 794 #ifdef INET6 795 cstate.ai = NULL; 796 #endif 797 cstate.e = NULL; 798 cstate.ic.root = NULL; 799 cstate.ic.cur_mark = 0; 800 cstate.bpf_pcap = p; 801 cstate.error_set = 0; 802 init_regs(&cstate); 803 804 cstate.netmask = mask; 805 806 cstate.snaplen = pcap_snapshot(p); 807 if (cstate.snaplen == 0) { 808 (void)snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 809 "snaplen of 0 rejects all packets"); 810 rc = PCAP_ERROR; 811 goto quit; 812 } 813 814 if (pcap_lex_init(&scanner) != 0) { 815 pcapint_fmt_errmsg_for_errno(p->errbuf, PCAP_ERRBUF_SIZE, 816 errno, "can't initialize scanner"); 817 rc = PCAP_ERROR; 818 goto quit; 819 } 820 in_buffer = pcap__scan_string(buf ? buf : "", scanner); 821 822 /* 823 * Associate the compiler state with the lexical analyzer 824 * state. 825 */ 826 pcap_set_extra(&cstate, scanner); 827 828 if (init_linktype(&cstate, p) == -1) { 829 rc = PCAP_ERROR; 830 goto quit; 831 } 832 if (pcap_parse(scanner, &cstate) != 0) { 833 #ifdef INET6 834 if (cstate.ai != NULL) 835 freeaddrinfo(cstate.ai); 836 #endif 837 if (cstate.e != NULL) 838 free(cstate.e); 839 rc = PCAP_ERROR; 840 goto quit; 841 } 842 843 if (cstate.ic.root == NULL) { 844 cstate.ic.root = gen_retblk(&cstate, cstate.snaplen); 845 846 /* 847 * Catch errors reported by gen_retblk(). 848 */ 849 if (cstate.ic.root== NULL) { 850 rc = PCAP_ERROR; 851 goto quit; 852 } 853 } 854 855 if (optimize && !cstate.no_optimize) { 856 if (bpf_optimize(&cstate.ic, p->errbuf) == -1) { 857 /* Failure */ 858 rc = PCAP_ERROR; 859 goto quit; 860 } 861 if (cstate.ic.root == NULL || 862 (cstate.ic.root->s.code == (BPF_RET|BPF_K) && cstate.ic.root->s.k == 0)) { 863 (void)snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 864 "expression rejects all packets"); 865 rc = PCAP_ERROR; 866 goto quit; 867 } 868 } 869 program->bf_insns = icode_to_fcode(&cstate.ic, 870 cstate.ic.root, &len, p->errbuf); 871 if (program->bf_insns == NULL) { 872 /* Failure */ 873 rc = PCAP_ERROR; 874 goto quit; 875 } 876 program->bf_len = len; 877 878 rc = 0; /* We're all okay */ 879 880 quit: 881 /* 882 * Clean up everything for the lexical analyzer. 883 */ 884 if (in_buffer != NULL) 885 pcap__delete_buffer(in_buffer, scanner); 886 if (scanner != NULL) 887 pcap_lex_destroy(scanner); 888 889 /* 890 * Clean up our own allocated memory. 891 */ 892 freechunks(&cstate); 893 894 return (rc); 895 } 896 897 /* 898 * entry point for using the compiler with no pcap open 899 * pass in all the stuff that is needed explicitly instead. 900 */ 901 int 902 pcap_compile_nopcap(int snaplen_arg, int linktype_arg, 903 struct bpf_program *program, 904 const char *buf, int optimize, bpf_u_int32 mask) 905 { 906 pcap_t *p; 907 int ret; 908 909 p = pcap_open_dead(linktype_arg, snaplen_arg); 910 if (p == NULL) 911 return (PCAP_ERROR); 912 ret = pcap_compile(p, program, buf, optimize, mask); 913 pcap_close(p); 914 return (ret); 915 } 916 917 /* 918 * Clean up a "struct bpf_program" by freeing all the memory allocated 919 * in it. 920 */ 921 void 922 pcap_freecode(struct bpf_program *program) 923 { 924 program->bf_len = 0; 925 if (program->bf_insns != NULL) { 926 free((char *)program->bf_insns); 927 program->bf_insns = NULL; 928 } 929 } 930 931 /* 932 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates 933 * which of the jt and jf fields has been resolved and which is a pointer 934 * back to another unresolved block (or nil). At least one of the fields 935 * in each block is already resolved. 936 */ 937 static void 938 backpatch(struct block *list, struct block *target) 939 { 940 struct block *next; 941 942 while (list) { 943 if (!list->sense) { 944 next = JT(list); 945 JT(list) = target; 946 } else { 947 next = JF(list); 948 JF(list) = target; 949 } 950 list = next; 951 } 952 } 953 954 /* 955 * Merge the lists in b0 and b1, using the 'sense' field to indicate 956 * which of jt and jf is the link. 957 */ 958 static void 959 merge(struct block *b0, struct block *b1) 960 { 961 register struct block **p = &b0; 962 963 /* Find end of list. */ 964 while (*p) 965 p = !((*p)->sense) ? &JT(*p) : &JF(*p); 966 967 /* Concatenate the lists. */ 968 *p = b1; 969 } 970 971 int 972 finish_parse(compiler_state_t *cstate, struct block *p) 973 { 974 struct block *ppi_dlt_check; 975 976 /* 977 * Catch errors reported by us and routines below us, and return -1 978 * on an error. 979 */ 980 if (setjmp(cstate->top_ctx)) 981 return (-1); 982 983 /* 984 * Insert before the statements of the first (root) block any 985 * statements needed to load the lengths of any variable-length 986 * headers into registers. 987 * 988 * XXX - a fancier strategy would be to insert those before the 989 * statements of all blocks that use those lengths and that 990 * have no predecessors that use them, so that we only compute 991 * the lengths if we need them. There might be even better 992 * approaches than that. 993 * 994 * However, those strategies would be more complicated, and 995 * as we don't generate code to compute a length if the 996 * program has no tests that use the length, and as most 997 * tests will probably use those lengths, we would just 998 * postpone computing the lengths so that it's not done 999 * for tests that fail early, and it's not clear that's 1000 * worth the effort. 1001 */ 1002 insert_compute_vloffsets(cstate, p->head); 1003 1004 /* 1005 * For DLT_PPI captures, generate a check of the per-packet 1006 * DLT value to make sure it's DLT_IEEE802_11. 1007 * 1008 * XXX - TurboCap cards use DLT_PPI for Ethernet. 1009 * Can we just define some DLT_ETHERNET_WITH_PHDR pseudo-header 1010 * with appropriate Ethernet information and use that rather 1011 * than using something such as DLT_PPI where you don't know 1012 * the link-layer header type until runtime, which, in the 1013 * general case, would force us to generate both Ethernet *and* 1014 * 802.11 code (*and* anything else for which PPI is used) 1015 * and choose between them early in the BPF program? 1016 */ 1017 ppi_dlt_check = gen_ppi_dlt_check(cstate); 1018 if (ppi_dlt_check != NULL) 1019 gen_and(ppi_dlt_check, p); 1020 1021 backpatch(p, gen_retblk_internal(cstate, cstate->snaplen)); 1022 p->sense = !p->sense; 1023 backpatch(p, gen_retblk_internal(cstate, 0)); 1024 cstate->ic.root = p->head; 1025 return (0); 1026 } 1027 1028 void 1029 gen_and(struct block *b0, struct block *b1) 1030 { 1031 backpatch(b0, b1->head); 1032 b0->sense = !b0->sense; 1033 b1->sense = !b1->sense; 1034 merge(b1, b0); 1035 b1->sense = !b1->sense; 1036 b1->head = b0->head; 1037 } 1038 1039 void 1040 gen_or(struct block *b0, struct block *b1) 1041 { 1042 b0->sense = !b0->sense; 1043 backpatch(b0, b1->head); 1044 b0->sense = !b0->sense; 1045 merge(b1, b0); 1046 b1->head = b0->head; 1047 } 1048 1049 void 1050 gen_not(struct block *b) 1051 { 1052 b->sense = !b->sense; 1053 } 1054 1055 static struct block * 1056 gen_cmp(compiler_state_t *cstate, enum e_offrel offrel, u_int offset, 1057 u_int size, bpf_u_int32 v) 1058 { 1059 return gen_ncmp(cstate, offrel, offset, size, 0xffffffff, BPF_JEQ, 0, v); 1060 } 1061 1062 static struct block * 1063 gen_cmp_gt(compiler_state_t *cstate, enum e_offrel offrel, u_int offset, 1064 u_int size, bpf_u_int32 v) 1065 { 1066 return gen_ncmp(cstate, offrel, offset, size, 0xffffffff, BPF_JGT, 0, v); 1067 } 1068 1069 static struct block * 1070 gen_cmp_ge(compiler_state_t *cstate, enum e_offrel offrel, u_int offset, 1071 u_int size, bpf_u_int32 v) 1072 { 1073 return gen_ncmp(cstate, offrel, offset, size, 0xffffffff, BPF_JGE, 0, v); 1074 } 1075 1076 static struct block * 1077 gen_cmp_lt(compiler_state_t *cstate, enum e_offrel offrel, u_int offset, 1078 u_int size, bpf_u_int32 v) 1079 { 1080 return gen_ncmp(cstate, offrel, offset, size, 0xffffffff, BPF_JGE, 1, v); 1081 } 1082 1083 static struct block * 1084 gen_cmp_le(compiler_state_t *cstate, enum e_offrel offrel, u_int offset, 1085 u_int size, bpf_u_int32 v) 1086 { 1087 return gen_ncmp(cstate, offrel, offset, size, 0xffffffff, BPF_JGT, 1, v); 1088 } 1089 1090 static struct block * 1091 gen_mcmp(compiler_state_t *cstate, enum e_offrel offrel, u_int offset, 1092 u_int size, bpf_u_int32 v, bpf_u_int32 mask) 1093 { 1094 return gen_ncmp(cstate, offrel, offset, size, mask, BPF_JEQ, 0, v); 1095 } 1096 1097 static struct block * 1098 gen_bcmp(compiler_state_t *cstate, enum e_offrel offrel, u_int offset, 1099 u_int size, const u_char *v) 1100 { 1101 register struct block *b, *tmp; 1102 1103 b = NULL; 1104 while (size >= 4) { 1105 register const u_char *p = &v[size - 4]; 1106 1107 tmp = gen_cmp(cstate, offrel, offset + size - 4, BPF_W, 1108 EXTRACT_BE_U_4(p)); 1109 if (b != NULL) 1110 gen_and(b, tmp); 1111 b = tmp; 1112 size -= 4; 1113 } 1114 while (size >= 2) { 1115 register const u_char *p = &v[size - 2]; 1116 1117 tmp = gen_cmp(cstate, offrel, offset + size - 2, BPF_H, 1118 EXTRACT_BE_U_2(p)); 1119 if (b != NULL) 1120 gen_and(b, tmp); 1121 b = tmp; 1122 size -= 2; 1123 } 1124 if (size > 0) { 1125 tmp = gen_cmp(cstate, offrel, offset, BPF_B, v[0]); 1126 if (b != NULL) 1127 gen_and(b, tmp); 1128 b = tmp; 1129 } 1130 return b; 1131 } 1132 1133 /* 1134 * AND the field of size "size" at offset "offset" relative to the header 1135 * specified by "offrel" with "mask", and compare it with the value "v" 1136 * with the test specified by "jtype"; if "reverse" is true, the test 1137 * should test the opposite of "jtype". 1138 */ 1139 static struct block * 1140 gen_ncmp(compiler_state_t *cstate, enum e_offrel offrel, u_int offset, 1141 u_int size, bpf_u_int32 mask, int jtype, int reverse, 1142 bpf_u_int32 v) 1143 { 1144 struct slist *s, *s2; 1145 struct block *b; 1146 1147 s = gen_load_a(cstate, offrel, offset, size); 1148 1149 if (mask != 0xffffffff) { 1150 s2 = new_stmt(cstate, BPF_ALU|BPF_AND|BPF_K); 1151 s2->s.k = mask; 1152 sappend(s, s2); 1153 } 1154 1155 b = new_block(cstate, JMP(jtype)); 1156 b->stmts = s; 1157 b->s.k = v; 1158 if (reverse && (jtype == BPF_JGT || jtype == BPF_JGE)) 1159 gen_not(b); 1160 return b; 1161 } 1162 1163 static int 1164 init_linktype(compiler_state_t *cstate, pcap_t *p) 1165 { 1166 cstate->pcap_fddipad = p->fddipad; 1167 1168 /* 1169 * We start out with only one link-layer header. 1170 */ 1171 cstate->outermostlinktype = pcap_datalink(p); 1172 cstate->off_outermostlinkhdr.constant_part = 0; 1173 cstate->off_outermostlinkhdr.is_variable = 0; 1174 cstate->off_outermostlinkhdr.reg = -1; 1175 1176 cstate->prevlinktype = cstate->outermostlinktype; 1177 cstate->off_prevlinkhdr.constant_part = 0; 1178 cstate->off_prevlinkhdr.is_variable = 0; 1179 cstate->off_prevlinkhdr.reg = -1; 1180 1181 cstate->linktype = cstate->outermostlinktype; 1182 cstate->off_linkhdr.constant_part = 0; 1183 cstate->off_linkhdr.is_variable = 0; 1184 cstate->off_linkhdr.reg = -1; 1185 1186 /* 1187 * XXX 1188 */ 1189 cstate->off_linkpl.constant_part = 0; 1190 cstate->off_linkpl.is_variable = 0; 1191 cstate->off_linkpl.reg = -1; 1192 1193 cstate->off_linktype.constant_part = 0; 1194 cstate->off_linktype.is_variable = 0; 1195 cstate->off_linktype.reg = -1; 1196 1197 /* 1198 * Assume it's not raw ATM with a pseudo-header, for now. 1199 */ 1200 cstate->is_atm = 0; 1201 cstate->off_vpi = OFFSET_NOT_SET; 1202 cstate->off_vci = OFFSET_NOT_SET; 1203 cstate->off_proto = OFFSET_NOT_SET; 1204 cstate->off_payload = OFFSET_NOT_SET; 1205 1206 /* 1207 * And not Geneve. 1208 */ 1209 cstate->is_geneve = 0; 1210 1211 /* 1212 * No variable length VLAN offset by default 1213 */ 1214 cstate->is_vlan_vloffset = 0; 1215 1216 /* 1217 * And assume we're not doing SS7. 1218 */ 1219 cstate->off_li = OFFSET_NOT_SET; 1220 cstate->off_li_hsl = OFFSET_NOT_SET; 1221 cstate->off_sio = OFFSET_NOT_SET; 1222 cstate->off_opc = OFFSET_NOT_SET; 1223 cstate->off_dpc = OFFSET_NOT_SET; 1224 cstate->off_sls = OFFSET_NOT_SET; 1225 1226 cstate->label_stack_depth = 0; 1227 cstate->vlan_stack_depth = 0; 1228 1229 switch (cstate->linktype) { 1230 1231 case DLT_ARCNET: 1232 cstate->off_linktype.constant_part = 2; 1233 cstate->off_linkpl.constant_part = 6; 1234 cstate->off_nl = 0; /* XXX in reality, variable! */ 1235 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */ 1236 break; 1237 1238 case DLT_ARCNET_LINUX: 1239 cstate->off_linktype.constant_part = 4; 1240 cstate->off_linkpl.constant_part = 8; 1241 cstate->off_nl = 0; /* XXX in reality, variable! */ 1242 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */ 1243 break; 1244 1245 case DLT_EN10MB: 1246 cstate->off_linktype.constant_part = 12; 1247 cstate->off_linkpl.constant_part = 14; /* Ethernet header length */ 1248 cstate->off_nl = 0; /* Ethernet II */ 1249 cstate->off_nl_nosnap = 3; /* 802.3+802.2 */ 1250 break; 1251 1252 case DLT_SLIP: 1253 /* 1254 * SLIP doesn't have a link level type. The 16 byte 1255 * header is hacked into our SLIP driver. 1256 */ 1257 cstate->off_linktype.constant_part = OFFSET_NOT_SET; 1258 cstate->off_linkpl.constant_part = 16; 1259 cstate->off_nl = 0; 1260 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */ 1261 break; 1262 1263 case DLT_SLIP_BSDOS: 1264 /* XXX this may be the same as the DLT_PPP_BSDOS case */ 1265 cstate->off_linktype.constant_part = OFFSET_NOT_SET; 1266 /* XXX end */ 1267 cstate->off_linkpl.constant_part = 24; 1268 cstate->off_nl = 0; 1269 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */ 1270 break; 1271 1272 case DLT_NULL: 1273 case DLT_LOOP: 1274 cstate->off_linktype.constant_part = 0; 1275 cstate->off_linkpl.constant_part = 4; 1276 cstate->off_nl = 0; 1277 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */ 1278 break; 1279 1280 case DLT_ENC: 1281 cstate->off_linktype.constant_part = 0; 1282 cstate->off_linkpl.constant_part = 12; 1283 cstate->off_nl = 0; 1284 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */ 1285 break; 1286 1287 case DLT_PPP: 1288 case DLT_PPP_PPPD: 1289 case DLT_C_HDLC: /* BSD/OS Cisco HDLC */ 1290 case DLT_HDLC: /* NetBSD (Cisco) HDLC */ 1291 case DLT_PPP_SERIAL: /* NetBSD sync/async serial PPP */ 1292 cstate->off_linktype.constant_part = 2; /* skip HDLC-like framing */ 1293 cstate->off_linkpl.constant_part = 4; /* skip HDLC-like framing and protocol field */ 1294 cstate->off_nl = 0; 1295 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */ 1296 break; 1297 1298 case DLT_PPP_ETHER: 1299 /* 1300 * This does no include the Ethernet header, and 1301 * only covers session state. 1302 */ 1303 cstate->off_linktype.constant_part = 6; 1304 cstate->off_linkpl.constant_part = 8; 1305 cstate->off_nl = 0; 1306 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */ 1307 break; 1308 1309 case DLT_PPP_BSDOS: 1310 cstate->off_linktype.constant_part = 5; 1311 cstate->off_linkpl.constant_part = 24; 1312 cstate->off_nl = 0; 1313 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */ 1314 break; 1315 1316 case DLT_FDDI: 1317 /* 1318 * FDDI doesn't really have a link-level type field. 1319 * We set "off_linktype" to the offset of the LLC header. 1320 * 1321 * To check for Ethernet types, we assume that SSAP = SNAP 1322 * is being used and pick out the encapsulated Ethernet type. 1323 * XXX - should we generate code to check for SNAP? 1324 */ 1325 cstate->off_linktype.constant_part = 13; 1326 cstate->off_linktype.constant_part += cstate->pcap_fddipad; 1327 cstate->off_linkpl.constant_part = 13; /* FDDI MAC header length */ 1328 cstate->off_linkpl.constant_part += cstate->pcap_fddipad; 1329 cstate->off_nl = 8; /* 802.2+SNAP */ 1330 cstate->off_nl_nosnap = 3; /* 802.2 */ 1331 break; 1332 1333 case DLT_IEEE802: 1334 /* 1335 * Token Ring doesn't really have a link-level type field. 1336 * We set "off_linktype" to the offset of the LLC header. 1337 * 1338 * To check for Ethernet types, we assume that SSAP = SNAP 1339 * is being used and pick out the encapsulated Ethernet type. 1340 * XXX - should we generate code to check for SNAP? 1341 * 1342 * XXX - the header is actually variable-length. 1343 * Some various Linux patched versions gave 38 1344 * as "off_linktype" and 40 as "off_nl"; however, 1345 * if a token ring packet has *no* routing 1346 * information, i.e. is not source-routed, the correct 1347 * values are 20 and 22, as they are in the vanilla code. 1348 * 1349 * A packet is source-routed iff the uppermost bit 1350 * of the first byte of the source address, at an 1351 * offset of 8, has the uppermost bit set. If the 1352 * packet is source-routed, the total number of bytes 1353 * of routing information is 2 plus bits 0x1F00 of 1354 * the 16-bit value at an offset of 14 (shifted right 1355 * 8 - figure out which byte that is). 1356 */ 1357 cstate->off_linktype.constant_part = 14; 1358 cstate->off_linkpl.constant_part = 14; /* Token Ring MAC header length */ 1359 cstate->off_nl = 8; /* 802.2+SNAP */ 1360 cstate->off_nl_nosnap = 3; /* 802.2 */ 1361 break; 1362 1363 case DLT_PRISM_HEADER: 1364 case DLT_IEEE802_11_RADIO_AVS: 1365 case DLT_IEEE802_11_RADIO: 1366 cstate->off_linkhdr.is_variable = 1; 1367 /* Fall through, 802.11 doesn't have a variable link 1368 * prefix but is otherwise the same. */ 1369 /* FALLTHROUGH */ 1370 1371 case DLT_IEEE802_11: 1372 /* 1373 * 802.11 doesn't really have a link-level type field. 1374 * We set "off_linktype.constant_part" to the offset of 1375 * the LLC header. 1376 * 1377 * To check for Ethernet types, we assume that SSAP = SNAP 1378 * is being used and pick out the encapsulated Ethernet type. 1379 * XXX - should we generate code to check for SNAP? 1380 * 1381 * We also handle variable-length radio headers here. 1382 * The Prism header is in theory variable-length, but in 1383 * practice it's always 144 bytes long. However, some 1384 * drivers on Linux use ARPHRD_IEEE80211_PRISM, but 1385 * sometimes or always supply an AVS header, so we 1386 * have to check whether the radio header is a Prism 1387 * header or an AVS header, so, in practice, it's 1388 * variable-length. 1389 */ 1390 cstate->off_linktype.constant_part = 24; 1391 cstate->off_linkpl.constant_part = 0; /* link-layer header is variable-length */ 1392 cstate->off_linkpl.is_variable = 1; 1393 cstate->off_nl = 8; /* 802.2+SNAP */ 1394 cstate->off_nl_nosnap = 3; /* 802.2 */ 1395 break; 1396 1397 case DLT_PPI: 1398 /* 1399 * At the moment we treat PPI the same way that we treat 1400 * normal Radiotap encoded packets. The difference is in 1401 * the function that generates the code at the beginning 1402 * to compute the header length. Since this code generator 1403 * of PPI supports bare 802.11 encapsulation only (i.e. 1404 * the encapsulated DLT should be DLT_IEEE802_11) we 1405 * generate code to check for this too. 1406 */ 1407 cstate->off_linktype.constant_part = 24; 1408 cstate->off_linkpl.constant_part = 0; /* link-layer header is variable-length */ 1409 cstate->off_linkpl.is_variable = 1; 1410 cstate->off_linkhdr.is_variable = 1; 1411 cstate->off_nl = 8; /* 802.2+SNAP */ 1412 cstate->off_nl_nosnap = 3; /* 802.2 */ 1413 break; 1414 1415 case DLT_ATM_RFC1483: 1416 case DLT_ATM_CLIP: /* Linux ATM defines this */ 1417 /* 1418 * assume routed, non-ISO PDUs 1419 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00) 1420 * 1421 * XXX - what about ISO PDUs, e.g. CLNP, ISIS, ESIS, 1422 * or PPP with the PPP NLPID (e.g., PPPoA)? The 1423 * latter would presumably be treated the way PPPoE 1424 * should be, so you can do "pppoe and udp port 2049" 1425 * or "pppoa and tcp port 80" and have it check for 1426 * PPPo{A,E} and a PPP protocol of IP and.... 1427 */ 1428 cstate->off_linktype.constant_part = 0; 1429 cstate->off_linkpl.constant_part = 0; /* packet begins with LLC header */ 1430 cstate->off_nl = 8; /* 802.2+SNAP */ 1431 cstate->off_nl_nosnap = 3; /* 802.2 */ 1432 break; 1433 1434 case DLT_SUNATM: 1435 /* 1436 * Full Frontal ATM; you get AALn PDUs with an ATM 1437 * pseudo-header. 1438 */ 1439 cstate->is_atm = 1; 1440 cstate->off_vpi = SUNATM_VPI_POS; 1441 cstate->off_vci = SUNATM_VCI_POS; 1442 cstate->off_proto = PROTO_POS; 1443 cstate->off_payload = SUNATM_PKT_BEGIN_POS; 1444 cstate->off_linktype.constant_part = cstate->off_payload; 1445 cstate->off_linkpl.constant_part = cstate->off_payload; /* if LLC-encapsulated */ 1446 cstate->off_nl = 8; /* 802.2+SNAP */ 1447 cstate->off_nl_nosnap = 3; /* 802.2 */ 1448 break; 1449 1450 case DLT_RAW: 1451 case DLT_IPV4: 1452 case DLT_IPV6: 1453 cstate->off_linktype.constant_part = OFFSET_NOT_SET; 1454 cstate->off_linkpl.constant_part = 0; 1455 cstate->off_nl = 0; 1456 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */ 1457 break; 1458 1459 case DLT_LINUX_SLL: /* fake header for Linux cooked socket v1 */ 1460 cstate->off_linktype.constant_part = 14; 1461 cstate->off_linkpl.constant_part = 16; 1462 cstate->off_nl = 0; 1463 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */ 1464 break; 1465 1466 case DLT_LINUX_SLL2: /* fake header for Linux cooked socket v2 */ 1467 cstate->off_linktype.constant_part = 0; 1468 cstate->off_linkpl.constant_part = 20; 1469 cstate->off_nl = 0; 1470 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */ 1471 break; 1472 1473 case DLT_LTALK: 1474 /* 1475 * LocalTalk does have a 1-byte type field in the LLAP header, 1476 * but really it just indicates whether there is a "short" or 1477 * "long" DDP packet following. 1478 */ 1479 cstate->off_linktype.constant_part = OFFSET_NOT_SET; 1480 cstate->off_linkpl.constant_part = 0; 1481 cstate->off_nl = 0; 1482 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */ 1483 break; 1484 1485 case DLT_IP_OVER_FC: 1486 /* 1487 * RFC 2625 IP-over-Fibre-Channel doesn't really have a 1488 * link-level type field. We set "off_linktype" to the 1489 * offset of the LLC header. 1490 * 1491 * To check for Ethernet types, we assume that SSAP = SNAP 1492 * is being used and pick out the encapsulated Ethernet type. 1493 * XXX - should we generate code to check for SNAP? RFC 1494 * 2625 says SNAP should be used. 1495 */ 1496 cstate->off_linktype.constant_part = 16; 1497 cstate->off_linkpl.constant_part = 16; 1498 cstate->off_nl = 8; /* 802.2+SNAP */ 1499 cstate->off_nl_nosnap = 3; /* 802.2 */ 1500 break; 1501 1502 case DLT_FRELAY: 1503 /* 1504 * XXX - we should set this to handle SNAP-encapsulated 1505 * frames (NLPID of 0x80). 1506 */ 1507 cstate->off_linktype.constant_part = OFFSET_NOT_SET; 1508 cstate->off_linkpl.constant_part = 0; 1509 cstate->off_nl = 0; 1510 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */ 1511 break; 1512 1513 /* 1514 * the only BPF-interesting FRF.16 frames are non-control frames; 1515 * Frame Relay has a variable length link-layer 1516 * so lets start with offset 4 for now and increments later on (FIXME); 1517 */ 1518 case DLT_MFR: 1519 cstate->off_linktype.constant_part = OFFSET_NOT_SET; 1520 cstate->off_linkpl.constant_part = 0; 1521 cstate->off_nl = 4; 1522 cstate->off_nl_nosnap = 0; /* XXX - for now -> no 802.2 LLC */ 1523 break; 1524 1525 case DLT_APPLE_IP_OVER_IEEE1394: 1526 cstate->off_linktype.constant_part = 16; 1527 cstate->off_linkpl.constant_part = 18; 1528 cstate->off_nl = 0; 1529 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */ 1530 break; 1531 1532 case DLT_SYMANTEC_FIREWALL: 1533 cstate->off_linktype.constant_part = 6; 1534 cstate->off_linkpl.constant_part = 44; 1535 cstate->off_nl = 0; /* Ethernet II */ 1536 cstate->off_nl_nosnap = 0; /* XXX - what does it do with 802.3 packets? */ 1537 break; 1538 1539 case DLT_PFLOG: 1540 cstate->off_linktype.constant_part = 0; 1541 cstate->off_linkpl.constant_part = 0; /* link-layer header is variable-length */ 1542 cstate->off_linkpl.is_variable = 1; 1543 cstate->off_nl = 0; 1544 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */ 1545 break; 1546 1547 case DLT_JUNIPER_MFR: 1548 case DLT_JUNIPER_MLFR: 1549 case DLT_JUNIPER_MLPPP: 1550 case DLT_JUNIPER_PPP: 1551 case DLT_JUNIPER_CHDLC: 1552 case DLT_JUNIPER_FRELAY: 1553 cstate->off_linktype.constant_part = 4; 1554 cstate->off_linkpl.constant_part = 4; 1555 cstate->off_nl = 0; 1556 cstate->off_nl_nosnap = OFFSET_NOT_SET; /* no 802.2 LLC */ 1557 break; 1558 1559 case DLT_JUNIPER_ATM1: 1560 cstate->off_linktype.constant_part = 4; /* in reality variable between 4-8 */ 1561 cstate->off_linkpl.constant_part = 4; /* in reality variable between 4-8 */ 1562 cstate->off_nl = 0; 1563 cstate->off_nl_nosnap = 10; 1564 break; 1565 1566 case DLT_JUNIPER_ATM2: 1567 cstate->off_linktype.constant_part = 8; /* in reality variable between 8-12 */ 1568 cstate->off_linkpl.constant_part = 8; /* in reality variable between 8-12 */ 1569 cstate->off_nl = 0; 1570 cstate->off_nl_nosnap = 10; 1571 break; 1572 1573 /* frames captured on a Juniper PPPoE service PIC 1574 * contain raw ethernet frames */ 1575 case DLT_JUNIPER_PPPOE: 1576 case DLT_JUNIPER_ETHER: 1577 cstate->off_linkpl.constant_part = 14; 1578 cstate->off_linktype.constant_part = 16; 1579 cstate->off_nl = 18; /* Ethernet II */ 1580 cstate->off_nl_nosnap = 21; /* 802.3+802.2 */ 1581 break; 1582 1583 case DLT_JUNIPER_PPPOE_ATM: 1584 cstate->off_linktype.constant_part = 4; 1585 cstate->off_linkpl.constant_part = 6; 1586 cstate->off_nl = 0; 1587 cstate->off_nl_nosnap = OFFSET_NOT_SET; /* no 802.2 LLC */ 1588 break; 1589 1590 case DLT_JUNIPER_GGSN: 1591 cstate->off_linktype.constant_part = 6; 1592 cstate->off_linkpl.constant_part = 12; 1593 cstate->off_nl = 0; 1594 cstate->off_nl_nosnap = OFFSET_NOT_SET; /* no 802.2 LLC */ 1595 break; 1596 1597 case DLT_JUNIPER_ES: 1598 cstate->off_linktype.constant_part = 6; 1599 cstate->off_linkpl.constant_part = OFFSET_NOT_SET; /* not really a network layer but raw IP addresses */ 1600 cstate->off_nl = OFFSET_NOT_SET; /* not really a network layer but raw IP addresses */ 1601 cstate->off_nl_nosnap = OFFSET_NOT_SET; /* no 802.2 LLC */ 1602 break; 1603 1604 case DLT_JUNIPER_MONITOR: 1605 cstate->off_linktype.constant_part = 12; 1606 cstate->off_linkpl.constant_part = 12; 1607 cstate->off_nl = 0; /* raw IP/IP6 header */ 1608 cstate->off_nl_nosnap = OFFSET_NOT_SET; /* no 802.2 LLC */ 1609 break; 1610 1611 case DLT_BACNET_MS_TP: 1612 cstate->off_linktype.constant_part = OFFSET_NOT_SET; 1613 cstate->off_linkpl.constant_part = OFFSET_NOT_SET; 1614 cstate->off_nl = OFFSET_NOT_SET; 1615 cstate->off_nl_nosnap = OFFSET_NOT_SET; 1616 break; 1617 1618 case DLT_JUNIPER_SERVICES: 1619 cstate->off_linktype.constant_part = 12; 1620 cstate->off_linkpl.constant_part = OFFSET_NOT_SET; /* L3 proto location dep. on cookie type */ 1621 cstate->off_nl = OFFSET_NOT_SET; /* L3 proto location dep. on cookie type */ 1622 cstate->off_nl_nosnap = OFFSET_NOT_SET; /* no 802.2 LLC */ 1623 break; 1624 1625 case DLT_JUNIPER_VP: 1626 cstate->off_linktype.constant_part = 18; 1627 cstate->off_linkpl.constant_part = OFFSET_NOT_SET; 1628 cstate->off_nl = OFFSET_NOT_SET; 1629 cstate->off_nl_nosnap = OFFSET_NOT_SET; 1630 break; 1631 1632 case DLT_JUNIPER_ST: 1633 cstate->off_linktype.constant_part = 18; 1634 cstate->off_linkpl.constant_part = OFFSET_NOT_SET; 1635 cstate->off_nl = OFFSET_NOT_SET; 1636 cstate->off_nl_nosnap = OFFSET_NOT_SET; 1637 break; 1638 1639 case DLT_JUNIPER_ISM: 1640 cstate->off_linktype.constant_part = 8; 1641 cstate->off_linkpl.constant_part = OFFSET_NOT_SET; 1642 cstate->off_nl = OFFSET_NOT_SET; 1643 cstate->off_nl_nosnap = OFFSET_NOT_SET; 1644 break; 1645 1646 case DLT_JUNIPER_VS: 1647 case DLT_JUNIPER_SRX_E2E: 1648 case DLT_JUNIPER_FIBRECHANNEL: 1649 case DLT_JUNIPER_ATM_CEMIC: 1650 cstate->off_linktype.constant_part = 8; 1651 cstate->off_linkpl.constant_part = OFFSET_NOT_SET; 1652 cstate->off_nl = OFFSET_NOT_SET; 1653 cstate->off_nl_nosnap = OFFSET_NOT_SET; 1654 break; 1655 1656 case DLT_MTP2: 1657 cstate->off_li = 2; 1658 cstate->off_li_hsl = 4; 1659 cstate->off_sio = 3; 1660 cstate->off_opc = 4; 1661 cstate->off_dpc = 4; 1662 cstate->off_sls = 7; 1663 cstate->off_linktype.constant_part = OFFSET_NOT_SET; 1664 cstate->off_linkpl.constant_part = OFFSET_NOT_SET; 1665 cstate->off_nl = OFFSET_NOT_SET; 1666 cstate->off_nl_nosnap = OFFSET_NOT_SET; 1667 break; 1668 1669 case DLT_MTP2_WITH_PHDR: 1670 cstate->off_li = 6; 1671 cstate->off_li_hsl = 8; 1672 cstate->off_sio = 7; 1673 cstate->off_opc = 8; 1674 cstate->off_dpc = 8; 1675 cstate->off_sls = 11; 1676 cstate->off_linktype.constant_part = OFFSET_NOT_SET; 1677 cstate->off_linkpl.constant_part = OFFSET_NOT_SET; 1678 cstate->off_nl = OFFSET_NOT_SET; 1679 cstate->off_nl_nosnap = OFFSET_NOT_SET; 1680 break; 1681 1682 case DLT_ERF: 1683 cstate->off_li = 22; 1684 cstate->off_li_hsl = 24; 1685 cstate->off_sio = 23; 1686 cstate->off_opc = 24; 1687 cstate->off_dpc = 24; 1688 cstate->off_sls = 27; 1689 cstate->off_linktype.constant_part = OFFSET_NOT_SET; 1690 cstate->off_linkpl.constant_part = OFFSET_NOT_SET; 1691 cstate->off_nl = OFFSET_NOT_SET; 1692 cstate->off_nl_nosnap = OFFSET_NOT_SET; 1693 break; 1694 1695 case DLT_PFSYNC: 1696 cstate->off_linktype.constant_part = OFFSET_NOT_SET; 1697 cstate->off_linkpl.constant_part = 4; 1698 cstate->off_nl = 0; 1699 cstate->off_nl_nosnap = 0; 1700 break; 1701 1702 case DLT_AX25_KISS: 1703 /* 1704 * Currently, only raw "link[N:M]" filtering is supported. 1705 */ 1706 cstate->off_linktype.constant_part = OFFSET_NOT_SET; /* variable, min 15, max 71 steps of 7 */ 1707 cstate->off_linkpl.constant_part = OFFSET_NOT_SET; 1708 cstate->off_nl = OFFSET_NOT_SET; /* variable, min 16, max 71 steps of 7 */ 1709 cstate->off_nl_nosnap = OFFSET_NOT_SET; /* no 802.2 LLC */ 1710 break; 1711 1712 case DLT_IPNET: 1713 cstate->off_linktype.constant_part = 1; 1714 cstate->off_linkpl.constant_part = 24; /* ipnet header length */ 1715 cstate->off_nl = 0; 1716 cstate->off_nl_nosnap = OFFSET_NOT_SET; 1717 break; 1718 1719 case DLT_NETANALYZER: 1720 cstate->off_linkhdr.constant_part = 4; /* Ethernet header is past 4-byte pseudo-header */ 1721 cstate->off_linktype.constant_part = cstate->off_linkhdr.constant_part + 12; 1722 cstate->off_linkpl.constant_part = cstate->off_linkhdr.constant_part + 14; /* pseudo-header+Ethernet header length */ 1723 cstate->off_nl = 0; /* Ethernet II */ 1724 cstate->off_nl_nosnap = 3; /* 802.3+802.2 */ 1725 break; 1726 1727 case DLT_NETANALYZER_TRANSPARENT: 1728 cstate->off_linkhdr.constant_part = 12; /* MAC header is past 4-byte pseudo-header, preamble, and SFD */ 1729 cstate->off_linktype.constant_part = cstate->off_linkhdr.constant_part + 12; 1730 cstate->off_linkpl.constant_part = cstate->off_linkhdr.constant_part + 14; /* pseudo-header+preamble+SFD+Ethernet header length */ 1731 cstate->off_nl = 0; /* Ethernet II */ 1732 cstate->off_nl_nosnap = 3; /* 802.3+802.2 */ 1733 break; 1734 1735 case DLT_EN3MB: 1736 /* 1737 * Currently, only raw "link[N:M]" filtering is supported. 1738 */ 1739 cstate->off_linktype.constant_part = OFFSET_NOT_SET; /* variable, min 15, max 71 steps of 7 */ 1740 cstate->off_linkpl.constant_part = OFFSET_NOT_SET; 1741 cstate->off_nl = OFFSET_NOT_SET; /* variable, min 16, max 71 steps of 7 */ 1742 cstate->off_nl_nosnap = OFFSET_NOT_SET; /* no 802.2 LLC */ 1743 break; 1744 1745 case DLT_AX25: 1746 /* 1747 * Currently, only raw "link[N:M]" filtering is supported. 1748 */ 1749 cstate->off_linktype.constant_part = OFFSET_NOT_SET; /* variable, min 15, max 71 steps of 7 */ 1750 cstate->off_linkpl.constant_part = OFFSET_NOT_SET; 1751 cstate->off_nl = OFFSET_NOT_SET; /* variable, min 16, max 71 steps of 7 */ 1752 cstate->off_nl_nosnap = OFFSET_NOT_SET; /* no 802.2 LLC */ 1753 break; 1754 1755 case DLT_PRONET: 1756 /* 1757 * Currently, only raw "link[N:M]" filtering is supported. 1758 */ 1759 cstate->off_linktype.constant_part = OFFSET_NOT_SET; /* variable, min 15, max 71 steps of 7 */ 1760 cstate->off_linkpl.constant_part = OFFSET_NOT_SET; 1761 cstate->off_nl = OFFSET_NOT_SET; /* variable, min 16, max 71 steps of 7 */ 1762 cstate->off_nl_nosnap = OFFSET_NOT_SET; /* no 802.2 LLC */ 1763 break; 1764 1765 case DLT_CHAOS: 1766 /* 1767 * Currently, only raw "link[N:M]" filtering is supported. 1768 */ 1769 cstate->off_linktype.constant_part = OFFSET_NOT_SET; /* variable, min 15, max 71 steps of 7 */ 1770 cstate->off_linkpl.constant_part = OFFSET_NOT_SET; 1771 cstate->off_nl = OFFSET_NOT_SET; /* variable, min 16, max 71 steps of 7 */ 1772 cstate->off_nl_nosnap = OFFSET_NOT_SET; /* no 802.2 LLC */ 1773 break; 1774 1775 #ifdef DLT_HIPPI 1776 case DLT_HIPPI: 1777 /* 1778 * Currently, only raw "link[N:M]" filtering is supported. 1779 */ 1780 cstate->off_linktype.constant_part = OFFSET_NOT_SET; /* variable, min 15, max 71 steps of 7 */ 1781 cstate->off_linkpl.constant_part = OFFSET_NOT_SET; 1782 cstate->off_nl = OFFSET_NOT_SET; /* variable, min 16, max 71 steps of 7 */ 1783 cstate->off_nl_nosnap = OFFSET_NOT_SET; /* no 802.2 LLC */ 1784 break; 1785 1786 #endif 1787 1788 case DLT_REDBACK_SMARTEDGE: 1789 /* 1790 * Currently, only raw "link[N:M]" filtering is supported. 1791 */ 1792 cstate->off_linktype.constant_part = OFFSET_NOT_SET; /* variable, min 15, max 71 steps of 7 */ 1793 cstate->off_linkpl.constant_part = OFFSET_NOT_SET; 1794 cstate->off_nl = OFFSET_NOT_SET; /* variable, min 16, max 71 steps of 7 */ 1795 cstate->off_nl_nosnap = OFFSET_NOT_SET; /* no 802.2 LLC */ 1796 break; 1797 1798 1799 #ifdef DLT_HHDLC 1800 case DLT_HHDLC: 1801 /* 1802 * Currently, only raw "link[N:M]" filtering is supported. 1803 */ 1804 cstate->off_linktype.constant_part = OFFSET_NOT_SET; /* variable, min 15, max 71 steps of 7 */ 1805 cstate->off_linkpl.constant_part = OFFSET_NOT_SET; 1806 cstate->off_nl = OFFSET_NOT_SET; /* variable, min 16, max 71 steps of 7 */ 1807 cstate->off_nl_nosnap = OFFSET_NOT_SET; /* no 802.2 LLC */ 1808 break; 1809 1810 #endif 1811 1812 default: 1813 /* 1814 * For values in the range in which we've assigned new 1815 * DLT_ values, only raw "link[N:M]" filtering is supported. 1816 */ 1817 if (cstate->linktype >= DLT_HIGH_MATCHING_MIN && 1818 cstate->linktype <= DLT_HIGH_MATCHING_MAX) { 1819 cstate->off_linktype.constant_part = OFFSET_NOT_SET; 1820 cstate->off_linkpl.constant_part = OFFSET_NOT_SET; 1821 cstate->off_nl = OFFSET_NOT_SET; 1822 cstate->off_nl_nosnap = OFFSET_NOT_SET; 1823 } else { 1824 bpf_set_error(cstate, "unknown data link type %d", 1825 cstate->linktype); 1826 return (-1); 1827 } 1828 break; 1829 } 1830 1831 cstate->off_outermostlinkhdr = cstate->off_prevlinkhdr = cstate->off_linkhdr; 1832 return (0); 1833 } 1834 1835 /* 1836 * Load a value relative to the specified absolute offset. 1837 */ 1838 static struct slist * 1839 gen_load_absoffsetrel(compiler_state_t *cstate, bpf_abs_offset *abs_offset, 1840 u_int offset, u_int size) 1841 { 1842 struct slist *s, *s2; 1843 1844 s = gen_abs_offset_varpart(cstate, abs_offset); 1845 1846 /* 1847 * If "s" is non-null, it has code to arrange that the X register 1848 * contains the variable part of the absolute offset, so we 1849 * generate a load relative to that, with an offset of 1850 * abs_offset->constant_part + offset. 1851 * 1852 * Otherwise, we can do an absolute load with an offset of 1853 * abs_offset->constant_part + offset. 1854 */ 1855 if (s != NULL) { 1856 /* 1857 * "s" points to a list of statements that puts the 1858 * variable part of the absolute offset into the X register. 1859 * Do an indirect load, to use the X register as an offset. 1860 */ 1861 s2 = new_stmt(cstate, BPF_LD|BPF_IND|size); 1862 s2->s.k = abs_offset->constant_part + offset; 1863 sappend(s, s2); 1864 } else { 1865 /* 1866 * There is no variable part of the absolute offset, so 1867 * just do an absolute load. 1868 */ 1869 s = new_stmt(cstate, BPF_LD|BPF_ABS|size); 1870 s->s.k = abs_offset->constant_part + offset; 1871 } 1872 return s; 1873 } 1874 1875 /* 1876 * Load a value relative to the beginning of the specified header. 1877 */ 1878 static struct slist * 1879 gen_load_a(compiler_state_t *cstate, enum e_offrel offrel, u_int offset, 1880 u_int size) 1881 { 1882 struct slist *s, *s2; 1883 1884 /* 1885 * Squelch warnings from compilers that *don't* assume that 1886 * offrel always has a valid enum value and therefore don't 1887 * assume that we'll always go through one of the case arms. 1888 * 1889 * If we have a default case, compilers that *do* assume that 1890 * will then complain about the default case code being 1891 * unreachable. 1892 * 1893 * Damned if you do, damned if you don't. 1894 */ 1895 s = NULL; 1896 1897 switch (offrel) { 1898 1899 case OR_PACKET: 1900 s = new_stmt(cstate, BPF_LD|BPF_ABS|size); 1901 s->s.k = offset; 1902 break; 1903 1904 case OR_LINKHDR: 1905 s = gen_load_absoffsetrel(cstate, &cstate->off_linkhdr, offset, size); 1906 break; 1907 1908 case OR_PREVLINKHDR: 1909 s = gen_load_absoffsetrel(cstate, &cstate->off_prevlinkhdr, offset, size); 1910 break; 1911 1912 case OR_LLC: 1913 s = gen_load_absoffsetrel(cstate, &cstate->off_linkpl, offset, size); 1914 break; 1915 1916 case OR_PREVMPLSHDR: 1917 s = gen_load_absoffsetrel(cstate, &cstate->off_linkpl, cstate->off_nl - 4 + offset, size); 1918 break; 1919 1920 case OR_LINKPL: 1921 s = gen_load_absoffsetrel(cstate, &cstate->off_linkpl, cstate->off_nl + offset, size); 1922 break; 1923 1924 case OR_LINKPL_NOSNAP: 1925 s = gen_load_absoffsetrel(cstate, &cstate->off_linkpl, cstate->off_nl_nosnap + offset, size); 1926 break; 1927 1928 case OR_LINKTYPE: 1929 s = gen_load_absoffsetrel(cstate, &cstate->off_linktype, offset, size); 1930 break; 1931 1932 case OR_TRAN_IPV4: 1933 /* 1934 * Load the X register with the length of the IPv4 header 1935 * (plus the offset of the link-layer header, if it's 1936 * preceded by a variable-length header such as a radio 1937 * header), in bytes. 1938 */ 1939 s = gen_loadx_iphdrlen(cstate); 1940 1941 /* 1942 * Load the item at {offset of the link-layer payload} + 1943 * {offset, relative to the start of the link-layer 1944 * payload, of the IPv4 header} + {length of the IPv4 header} + 1945 * {specified offset}. 1946 * 1947 * If the offset of the link-layer payload is variable, 1948 * the variable part of that offset is included in the 1949 * value in the X register, and we include the constant 1950 * part in the offset of the load. 1951 */ 1952 s2 = new_stmt(cstate, BPF_LD|BPF_IND|size); 1953 s2->s.k = cstate->off_linkpl.constant_part + cstate->off_nl + offset; 1954 sappend(s, s2); 1955 break; 1956 1957 case OR_TRAN_IPV6: 1958 s = gen_load_absoffsetrel(cstate, &cstate->off_linkpl, cstate->off_nl + 40 + offset, size); 1959 break; 1960 } 1961 return s; 1962 } 1963 1964 /* 1965 * Generate code to load into the X register the sum of the length of 1966 * the IPv4 header and the variable part of the offset of the link-layer 1967 * payload. 1968 */ 1969 static struct slist * 1970 gen_loadx_iphdrlen(compiler_state_t *cstate) 1971 { 1972 struct slist *s, *s2; 1973 1974 s = gen_abs_offset_varpart(cstate, &cstate->off_linkpl); 1975 if (s != NULL) { 1976 /* 1977 * The offset of the link-layer payload has a variable 1978 * part. "s" points to a list of statements that put 1979 * the variable part of that offset into the X register. 1980 * 1981 * The 4*([k]&0xf) addressing mode can't be used, as we 1982 * don't have a constant offset, so we have to load the 1983 * value in question into the A register and add to it 1984 * the value from the X register. 1985 */ 1986 s2 = new_stmt(cstate, BPF_LD|BPF_IND|BPF_B); 1987 s2->s.k = cstate->off_linkpl.constant_part + cstate->off_nl; 1988 sappend(s, s2); 1989 s2 = new_stmt(cstate, BPF_ALU|BPF_AND|BPF_K); 1990 s2->s.k = 0xf; 1991 sappend(s, s2); 1992 s2 = new_stmt(cstate, BPF_ALU|BPF_LSH|BPF_K); 1993 s2->s.k = 2; 1994 sappend(s, s2); 1995 1996 /* 1997 * The A register now contains the length of the IP header. 1998 * We need to add to it the variable part of the offset of 1999 * the link-layer payload, which is still in the X 2000 * register, and move the result into the X register. 2001 */ 2002 sappend(s, new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_X)); 2003 sappend(s, new_stmt(cstate, BPF_MISC|BPF_TAX)); 2004 } else { 2005 /* 2006 * The offset of the link-layer payload is a constant, 2007 * so no code was generated to load the (nonexistent) 2008 * variable part of that offset. 2009 * 2010 * This means we can use the 4*([k]&0xf) addressing 2011 * mode. Load the length of the IPv4 header, which 2012 * is at an offset of cstate->off_nl from the beginning of 2013 * the link-layer payload, and thus at an offset of 2014 * cstate->off_linkpl.constant_part + cstate->off_nl from the beginning 2015 * of the raw packet data, using that addressing mode. 2016 */ 2017 s = new_stmt(cstate, BPF_LDX|BPF_MSH|BPF_B); 2018 s->s.k = cstate->off_linkpl.constant_part + cstate->off_nl; 2019 } 2020 return s; 2021 } 2022 2023 2024 static struct block * 2025 gen_uncond(compiler_state_t *cstate, int rsense) 2026 { 2027 struct block *b; 2028 struct slist *s; 2029 2030 s = new_stmt(cstate, BPF_LD|BPF_IMM); 2031 s->s.k = !rsense; 2032 b = new_block(cstate, JMP(BPF_JEQ)); 2033 b->stmts = s; 2034 2035 return b; 2036 } 2037 2038 static inline struct block * 2039 gen_true(compiler_state_t *cstate) 2040 { 2041 return gen_uncond(cstate, 1); 2042 } 2043 2044 static inline struct block * 2045 gen_false(compiler_state_t *cstate) 2046 { 2047 return gen_uncond(cstate, 0); 2048 } 2049 2050 /* 2051 * Byte-swap a 32-bit number. 2052 * ("htonl()" or "ntohl()" won't work - we want to byte-swap even on 2053 * big-endian platforms.) 2054 */ 2055 #define SWAPLONG(y) \ 2056 ((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff)) 2057 2058 /* 2059 * Generate code to match a particular packet type. 2060 * 2061 * "proto" is an Ethernet type value, if > ETHERMTU, or an LLC SAP 2062 * value, if <= ETHERMTU. We use that to determine whether to 2063 * match the type/length field or to check the type/length field for 2064 * a value <= ETHERMTU to see whether it's a type field and then do 2065 * the appropriate test. 2066 */ 2067 static struct block * 2068 gen_ether_linktype(compiler_state_t *cstate, bpf_u_int32 ll_proto) 2069 { 2070 struct block *b0, *b1; 2071 2072 switch (ll_proto) { 2073 2074 case LLCSAP_ISONS: 2075 case LLCSAP_IP: 2076 case LLCSAP_NETBEUI: 2077 /* 2078 * OSI protocols and NetBEUI always use 802.2 encapsulation, 2079 * so we check the DSAP and SSAP. 2080 * 2081 * LLCSAP_IP checks for IP-over-802.2, rather 2082 * than IP-over-Ethernet or IP-over-SNAP. 2083 * 2084 * XXX - should we check both the DSAP and the 2085 * SSAP, like this, or should we check just the 2086 * DSAP, as we do for other types <= ETHERMTU 2087 * (i.e., other SAP values)? 2088 */ 2089 b0 = gen_cmp_gt(cstate, OR_LINKTYPE, 0, BPF_H, ETHERMTU); 2090 gen_not(b0); 2091 b1 = gen_cmp(cstate, OR_LLC, 0, BPF_H, (ll_proto << 8) | ll_proto); 2092 gen_and(b0, b1); 2093 return b1; 2094 2095 case LLCSAP_IPX: 2096 /* 2097 * Check for; 2098 * 2099 * Ethernet_II frames, which are Ethernet 2100 * frames with a frame type of ETHERTYPE_IPX; 2101 * 2102 * Ethernet_802.3 frames, which are 802.3 2103 * frames (i.e., the type/length field is 2104 * a length field, <= ETHERMTU, rather than 2105 * a type field) with the first two bytes 2106 * after the Ethernet/802.3 header being 2107 * 0xFFFF; 2108 * 2109 * Ethernet_802.2 frames, which are 802.3 2110 * frames with an 802.2 LLC header and 2111 * with the IPX LSAP as the DSAP in the LLC 2112 * header; 2113 * 2114 * Ethernet_SNAP frames, which are 802.3 2115 * frames with an LLC header and a SNAP 2116 * header and with an OUI of 0x000000 2117 * (encapsulated Ethernet) and a protocol 2118 * ID of ETHERTYPE_IPX in the SNAP header. 2119 * 2120 * XXX - should we generate the same code both 2121 * for tests for LLCSAP_IPX and for ETHERTYPE_IPX? 2122 */ 2123 2124 /* 2125 * This generates code to check both for the 2126 * IPX LSAP (Ethernet_802.2) and for Ethernet_802.3. 2127 */ 2128 b0 = gen_cmp(cstate, OR_LLC, 0, BPF_B, LLCSAP_IPX); 2129 b1 = gen_cmp(cstate, OR_LLC, 0, BPF_H, 0xFFFF); 2130 gen_or(b0, b1); 2131 2132 /* 2133 * Now we add code to check for SNAP frames with 2134 * ETHERTYPE_IPX, i.e. Ethernet_SNAP. 2135 */ 2136 b0 = gen_snap(cstate, 0x000000, ETHERTYPE_IPX); 2137 gen_or(b0, b1); 2138 2139 /* 2140 * Now we generate code to check for 802.3 2141 * frames in general. 2142 */ 2143 b0 = gen_cmp_gt(cstate, OR_LINKTYPE, 0, BPF_H, ETHERMTU); 2144 gen_not(b0); 2145 2146 /* 2147 * Now add the check for 802.3 frames before the 2148 * check for Ethernet_802.2 and Ethernet_802.3, 2149 * as those checks should only be done on 802.3 2150 * frames, not on Ethernet frames. 2151 */ 2152 gen_and(b0, b1); 2153 2154 /* 2155 * Now add the check for Ethernet_II frames, and 2156 * do that before checking for the other frame 2157 * types. 2158 */ 2159 b0 = gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, ETHERTYPE_IPX); 2160 gen_or(b0, b1); 2161 return b1; 2162 2163 case ETHERTYPE_ATALK: 2164 case ETHERTYPE_AARP: 2165 /* 2166 * EtherTalk (AppleTalk protocols on Ethernet link 2167 * layer) may use 802.2 encapsulation. 2168 */ 2169 2170 /* 2171 * Check for 802.2 encapsulation (EtherTalk phase 2?); 2172 * we check for an Ethernet type field less than 2173 * 1500, which means it's an 802.3 length field. 2174 */ 2175 b0 = gen_cmp_gt(cstate, OR_LINKTYPE, 0, BPF_H, ETHERMTU); 2176 gen_not(b0); 2177 2178 /* 2179 * 802.2-encapsulated ETHERTYPE_ATALK packets are 2180 * SNAP packets with an organization code of 2181 * 0x080007 (Apple, for Appletalk) and a protocol 2182 * type of ETHERTYPE_ATALK (Appletalk). 2183 * 2184 * 802.2-encapsulated ETHERTYPE_AARP packets are 2185 * SNAP packets with an organization code of 2186 * 0x000000 (encapsulated Ethernet) and a protocol 2187 * type of ETHERTYPE_AARP (Appletalk ARP). 2188 */ 2189 if (ll_proto == ETHERTYPE_ATALK) 2190 b1 = gen_snap(cstate, 0x080007, ETHERTYPE_ATALK); 2191 else /* ll_proto == ETHERTYPE_AARP */ 2192 b1 = gen_snap(cstate, 0x000000, ETHERTYPE_AARP); 2193 gen_and(b0, b1); 2194 2195 /* 2196 * Check for Ethernet encapsulation (Ethertalk 2197 * phase 1?); we just check for the Ethernet 2198 * protocol type. 2199 */ 2200 b0 = gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, ll_proto); 2201 2202 gen_or(b0, b1); 2203 return b1; 2204 2205 default: 2206 if (ll_proto <= ETHERMTU) { 2207 /* 2208 * This is an LLC SAP value, so the frames 2209 * that match would be 802.2 frames. 2210 * Check that the frame is an 802.2 frame 2211 * (i.e., that the length/type field is 2212 * a length field, <= ETHERMTU) and 2213 * then check the DSAP. 2214 */ 2215 b0 = gen_cmp_gt(cstate, OR_LINKTYPE, 0, BPF_H, ETHERMTU); 2216 gen_not(b0); 2217 b1 = gen_cmp(cstate, OR_LINKTYPE, 2, BPF_B, ll_proto); 2218 gen_and(b0, b1); 2219 return b1; 2220 } else { 2221 /* 2222 * This is an Ethernet type, so compare 2223 * the length/type field with it (if 2224 * the frame is an 802.2 frame, the length 2225 * field will be <= ETHERMTU, and, as 2226 * "ll_proto" is > ETHERMTU, this test 2227 * will fail and the frame won't match, 2228 * which is what we want). 2229 */ 2230 return gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, ll_proto); 2231 } 2232 } 2233 } 2234 2235 static struct block * 2236 gen_loopback_linktype(compiler_state_t *cstate, bpf_u_int32 ll_proto) 2237 { 2238 /* 2239 * For DLT_NULL, the link-layer header is a 32-bit word 2240 * containing an AF_ value in *host* byte order, and for 2241 * DLT_ENC, the link-layer header begins with a 32-bit 2242 * word containing an AF_ value in host byte order. 2243 * 2244 * In addition, if we're reading a saved capture file, 2245 * the host byte order in the capture may not be the 2246 * same as the host byte order on this machine. 2247 * 2248 * For DLT_LOOP, the link-layer header is a 32-bit 2249 * word containing an AF_ value in *network* byte order. 2250 */ 2251 if (cstate->linktype == DLT_NULL || cstate->linktype == DLT_ENC) { 2252 /* 2253 * The AF_ value is in host byte order, but the BPF 2254 * interpreter will convert it to network byte order. 2255 * 2256 * If this is a save file, and it's from a machine 2257 * with the opposite byte order to ours, we byte-swap 2258 * the AF_ value. 2259 * 2260 * Then we run it through "htonl()", and generate 2261 * code to compare against the result. 2262 */ 2263 if (cstate->bpf_pcap->rfile != NULL && cstate->bpf_pcap->swapped) 2264 ll_proto = SWAPLONG(ll_proto); 2265 ll_proto = htonl(ll_proto); 2266 } 2267 return (gen_cmp(cstate, OR_LINKHDR, 0, BPF_W, ll_proto)); 2268 } 2269 2270 /* 2271 * "proto" is an Ethernet type value and for IPNET, if it is not IPv4 2272 * or IPv6 then we have an error. 2273 */ 2274 static struct block * 2275 gen_ipnet_linktype(compiler_state_t *cstate, bpf_u_int32 ll_proto) 2276 { 2277 switch (ll_proto) { 2278 2279 case ETHERTYPE_IP: 2280 return gen_cmp(cstate, OR_LINKTYPE, 0, BPF_B, IPH_AF_INET); 2281 /*NOTREACHED*/ 2282 2283 case ETHERTYPE_IPV6: 2284 return gen_cmp(cstate, OR_LINKTYPE, 0, BPF_B, IPH_AF_INET6); 2285 /*NOTREACHED*/ 2286 2287 default: 2288 break; 2289 } 2290 2291 return gen_false(cstate); 2292 } 2293 2294 /* 2295 * Generate code to match a particular packet type. 2296 * 2297 * "ll_proto" is an Ethernet type value, if > ETHERMTU, or an LLC SAP 2298 * value, if <= ETHERMTU. We use that to determine whether to 2299 * match the type field or to check the type field for the special 2300 * LINUX_SLL_P_802_2 value and then do the appropriate test. 2301 */ 2302 static struct block * 2303 gen_linux_sll_linktype(compiler_state_t *cstate, bpf_u_int32 ll_proto) 2304 { 2305 struct block *b0, *b1; 2306 2307 switch (ll_proto) { 2308 2309 case LLCSAP_ISONS: 2310 case LLCSAP_IP: 2311 case LLCSAP_NETBEUI: 2312 /* 2313 * OSI protocols and NetBEUI always use 802.2 encapsulation, 2314 * so we check the DSAP and SSAP. 2315 * 2316 * LLCSAP_IP checks for IP-over-802.2, rather 2317 * than IP-over-Ethernet or IP-over-SNAP. 2318 * 2319 * XXX - should we check both the DSAP and the 2320 * SSAP, like this, or should we check just the 2321 * DSAP, as we do for other types <= ETHERMTU 2322 * (i.e., other SAP values)? 2323 */ 2324 b0 = gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, LINUX_SLL_P_802_2); 2325 b1 = gen_cmp(cstate, OR_LLC, 0, BPF_H, (ll_proto << 8) | ll_proto); 2326 gen_and(b0, b1); 2327 return b1; 2328 2329 case LLCSAP_IPX: 2330 /* 2331 * Ethernet_II frames, which are Ethernet 2332 * frames with a frame type of ETHERTYPE_IPX; 2333 * 2334 * Ethernet_802.3 frames, which have a frame 2335 * type of LINUX_SLL_P_802_3; 2336 * 2337 * Ethernet_802.2 frames, which are 802.3 2338 * frames with an 802.2 LLC header (i.e, have 2339 * a frame type of LINUX_SLL_P_802_2) and 2340 * with the IPX LSAP as the DSAP in the LLC 2341 * header; 2342 * 2343 * Ethernet_SNAP frames, which are 802.3 2344 * frames with an LLC header and a SNAP 2345 * header and with an OUI of 0x000000 2346 * (encapsulated Ethernet) and a protocol 2347 * ID of ETHERTYPE_IPX in the SNAP header. 2348 * 2349 * First, do the checks on LINUX_SLL_P_802_2 2350 * frames; generate the check for either 2351 * Ethernet_802.2 or Ethernet_SNAP frames, and 2352 * then put a check for LINUX_SLL_P_802_2 frames 2353 * before it. 2354 */ 2355 b0 = gen_cmp(cstate, OR_LLC, 0, BPF_B, LLCSAP_IPX); 2356 b1 = gen_snap(cstate, 0x000000, ETHERTYPE_IPX); 2357 gen_or(b0, b1); 2358 b0 = gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, LINUX_SLL_P_802_2); 2359 gen_and(b0, b1); 2360 2361 /* 2362 * Now check for 802.3 frames and OR that with 2363 * the previous test. 2364 */ 2365 b0 = gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, LINUX_SLL_P_802_3); 2366 gen_or(b0, b1); 2367 2368 /* 2369 * Now add the check for Ethernet_II frames, and 2370 * do that before checking for the other frame 2371 * types. 2372 */ 2373 b0 = gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, ETHERTYPE_IPX); 2374 gen_or(b0, b1); 2375 return b1; 2376 2377 case ETHERTYPE_ATALK: 2378 case ETHERTYPE_AARP: 2379 /* 2380 * EtherTalk (AppleTalk protocols on Ethernet link 2381 * layer) may use 802.2 encapsulation. 2382 */ 2383 2384 /* 2385 * Check for 802.2 encapsulation (EtherTalk phase 2?); 2386 * we check for the 802.2 protocol type in the 2387 * "Ethernet type" field. 2388 */ 2389 b0 = gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, LINUX_SLL_P_802_2); 2390 2391 /* 2392 * 802.2-encapsulated ETHERTYPE_ATALK packets are 2393 * SNAP packets with an organization code of 2394 * 0x080007 (Apple, for Appletalk) and a protocol 2395 * type of ETHERTYPE_ATALK (Appletalk). 2396 * 2397 * 802.2-encapsulated ETHERTYPE_AARP packets are 2398 * SNAP packets with an organization code of 2399 * 0x000000 (encapsulated Ethernet) and a protocol 2400 * type of ETHERTYPE_AARP (Appletalk ARP). 2401 */ 2402 if (ll_proto == ETHERTYPE_ATALK) 2403 b1 = gen_snap(cstate, 0x080007, ETHERTYPE_ATALK); 2404 else /* ll_proto == ETHERTYPE_AARP */ 2405 b1 = gen_snap(cstate, 0x000000, ETHERTYPE_AARP); 2406 gen_and(b0, b1); 2407 2408 /* 2409 * Check for Ethernet encapsulation (Ethertalk 2410 * phase 1?); we just check for the Ethernet 2411 * protocol type. 2412 */ 2413 b0 = gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, ll_proto); 2414 2415 gen_or(b0, b1); 2416 return b1; 2417 2418 default: 2419 if (ll_proto <= ETHERMTU) { 2420 /* 2421 * This is an LLC SAP value, so the frames 2422 * that match would be 802.2 frames. 2423 * Check for the 802.2 protocol type 2424 * in the "Ethernet type" field, and 2425 * then check the DSAP. 2426 */ 2427 b0 = gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, LINUX_SLL_P_802_2); 2428 b1 = gen_cmp(cstate, OR_LINKHDR, cstate->off_linkpl.constant_part, BPF_B, 2429 ll_proto); 2430 gen_and(b0, b1); 2431 return b1; 2432 } else { 2433 /* 2434 * This is an Ethernet type, so compare 2435 * the length/type field with it (if 2436 * the frame is an 802.2 frame, the length 2437 * field will be <= ETHERMTU, and, as 2438 * "ll_proto" is > ETHERMTU, this test 2439 * will fail and the frame won't match, 2440 * which is what we want). 2441 */ 2442 return gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, ll_proto); 2443 } 2444 } 2445 } 2446 2447 /* 2448 * Load a value relative to the beginning of the link-layer header after the 2449 * pflog header. 2450 */ 2451 static struct slist * 2452 gen_load_pflog_llprefixlen(compiler_state_t *cstate) 2453 { 2454 struct slist *s1, *s2; 2455 2456 /* 2457 * Generate code to load the length of the pflog header into 2458 * the register assigned to hold that length, if one has been 2459 * assigned. (If one hasn't been assigned, no code we've 2460 * generated uses that prefix, so we don't need to generate any 2461 * code to load it.) 2462 */ 2463 if (cstate->off_linkpl.reg != -1) { 2464 /* 2465 * The length is in the first byte of the header. 2466 */ 2467 s1 = new_stmt(cstate, BPF_LD|BPF_B|BPF_ABS); 2468 s1->s.k = 0; 2469 2470 /* 2471 * Round it up to a multiple of 4. 2472 * Add 3, and clear the lower 2 bits. 2473 */ 2474 s2 = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_K); 2475 s2->s.k = 3; 2476 sappend(s1, s2); 2477 s2 = new_stmt(cstate, BPF_ALU|BPF_AND|BPF_K); 2478 s2->s.k = 0xfffffffc; 2479 sappend(s1, s2); 2480 2481 /* 2482 * Now allocate a register to hold that value and store 2483 * it. 2484 */ 2485 s2 = new_stmt(cstate, BPF_ST); 2486 s2->s.k = cstate->off_linkpl.reg; 2487 sappend(s1, s2); 2488 2489 /* 2490 * Now move it into the X register. 2491 */ 2492 s2 = new_stmt(cstate, BPF_MISC|BPF_TAX); 2493 sappend(s1, s2); 2494 2495 return (s1); 2496 } else 2497 return (NULL); 2498 } 2499 2500 static struct slist * 2501 gen_load_prism_llprefixlen(compiler_state_t *cstate) 2502 { 2503 struct slist *s1, *s2; 2504 struct slist *sjeq_avs_cookie; 2505 struct slist *sjcommon; 2506 2507 /* 2508 * This code is not compatible with the optimizer, as 2509 * we are generating jmp instructions within a normal 2510 * slist of instructions 2511 */ 2512 cstate->no_optimize = 1; 2513 2514 /* 2515 * Generate code to load the length of the radio header into 2516 * the register assigned to hold that length, if one has been 2517 * assigned. (If one hasn't been assigned, no code we've 2518 * generated uses that prefix, so we don't need to generate any 2519 * code to load it.) 2520 * 2521 * Some Linux drivers use ARPHRD_IEEE80211_PRISM but sometimes 2522 * or always use the AVS header rather than the Prism header. 2523 * We load a 4-byte big-endian value at the beginning of the 2524 * raw packet data, and see whether, when masked with 0xFFFFF000, 2525 * it's equal to 0x80211000. If so, that indicates that it's 2526 * an AVS header (the masked-out bits are the version number). 2527 * Otherwise, it's a Prism header. 2528 * 2529 * XXX - the Prism header is also, in theory, variable-length, 2530 * but no known software generates headers that aren't 144 2531 * bytes long. 2532 */ 2533 if (cstate->off_linkhdr.reg != -1) { 2534 /* 2535 * Load the cookie. 2536 */ 2537 s1 = new_stmt(cstate, BPF_LD|BPF_W|BPF_ABS); 2538 s1->s.k = 0; 2539 2540 /* 2541 * AND it with 0xFFFFF000. 2542 */ 2543 s2 = new_stmt(cstate, BPF_ALU|BPF_AND|BPF_K); 2544 s2->s.k = 0xFFFFF000; 2545 sappend(s1, s2); 2546 2547 /* 2548 * Compare with 0x80211000. 2549 */ 2550 sjeq_avs_cookie = new_stmt(cstate, JMP(BPF_JEQ)); 2551 sjeq_avs_cookie->s.k = 0x80211000; 2552 sappend(s1, sjeq_avs_cookie); 2553 2554 /* 2555 * If it's AVS: 2556 * 2557 * The 4 bytes at an offset of 4 from the beginning of 2558 * the AVS header are the length of the AVS header. 2559 * That field is big-endian. 2560 */ 2561 s2 = new_stmt(cstate, BPF_LD|BPF_W|BPF_ABS); 2562 s2->s.k = 4; 2563 sappend(s1, s2); 2564 sjeq_avs_cookie->s.jt = s2; 2565 2566 /* 2567 * Now jump to the code to allocate a register 2568 * into which to save the header length and 2569 * store the length there. (The "jump always" 2570 * instruction needs to have the k field set; 2571 * it's added to the PC, so, as we're jumping 2572 * over a single instruction, it should be 1.) 2573 */ 2574 sjcommon = new_stmt(cstate, JMP(BPF_JA)); 2575 sjcommon->s.k = 1; 2576 sappend(s1, sjcommon); 2577 2578 /* 2579 * Now for the code that handles the Prism header. 2580 * Just load the length of the Prism header (144) 2581 * into the A register. Have the test for an AVS 2582 * header branch here if we don't have an AVS header. 2583 */ 2584 s2 = new_stmt(cstate, BPF_LD|BPF_W|BPF_IMM); 2585 s2->s.k = 144; 2586 sappend(s1, s2); 2587 sjeq_avs_cookie->s.jf = s2; 2588 2589 /* 2590 * Now allocate a register to hold that value and store 2591 * it. The code for the AVS header will jump here after 2592 * loading the length of the AVS header. 2593 */ 2594 s2 = new_stmt(cstate, BPF_ST); 2595 s2->s.k = cstate->off_linkhdr.reg; 2596 sappend(s1, s2); 2597 sjcommon->s.jf = s2; 2598 2599 /* 2600 * Now move it into the X register. 2601 */ 2602 s2 = new_stmt(cstate, BPF_MISC|BPF_TAX); 2603 sappend(s1, s2); 2604 2605 return (s1); 2606 } else 2607 return (NULL); 2608 } 2609 2610 static struct slist * 2611 gen_load_avs_llprefixlen(compiler_state_t *cstate) 2612 { 2613 struct slist *s1, *s2; 2614 2615 /* 2616 * Generate code to load the length of the AVS header into 2617 * the register assigned to hold that length, if one has been 2618 * assigned. (If one hasn't been assigned, no code we've 2619 * generated uses that prefix, so we don't need to generate any 2620 * code to load it.) 2621 */ 2622 if (cstate->off_linkhdr.reg != -1) { 2623 /* 2624 * The 4 bytes at an offset of 4 from the beginning of 2625 * the AVS header are the length of the AVS header. 2626 * That field is big-endian. 2627 */ 2628 s1 = new_stmt(cstate, BPF_LD|BPF_W|BPF_ABS); 2629 s1->s.k = 4; 2630 2631 /* 2632 * Now allocate a register to hold that value and store 2633 * it. 2634 */ 2635 s2 = new_stmt(cstate, BPF_ST); 2636 s2->s.k = cstate->off_linkhdr.reg; 2637 sappend(s1, s2); 2638 2639 /* 2640 * Now move it into the X register. 2641 */ 2642 s2 = new_stmt(cstate, BPF_MISC|BPF_TAX); 2643 sappend(s1, s2); 2644 2645 return (s1); 2646 } else 2647 return (NULL); 2648 } 2649 2650 static struct slist * 2651 gen_load_radiotap_llprefixlen(compiler_state_t *cstate) 2652 { 2653 struct slist *s1, *s2; 2654 2655 /* 2656 * Generate code to load the length of the radiotap header into 2657 * the register assigned to hold that length, if one has been 2658 * assigned. (If one hasn't been assigned, no code we've 2659 * generated uses that prefix, so we don't need to generate any 2660 * code to load it.) 2661 */ 2662 if (cstate->off_linkhdr.reg != -1) { 2663 /* 2664 * The 2 bytes at offsets of 2 and 3 from the beginning 2665 * of the radiotap header are the length of the radiotap 2666 * header; unfortunately, it's little-endian, so we have 2667 * to load it a byte at a time and construct the value. 2668 */ 2669 2670 /* 2671 * Load the high-order byte, at an offset of 3, shift it 2672 * left a byte, and put the result in the X register. 2673 */ 2674 s1 = new_stmt(cstate, BPF_LD|BPF_B|BPF_ABS); 2675 s1->s.k = 3; 2676 s2 = new_stmt(cstate, BPF_ALU|BPF_LSH|BPF_K); 2677 sappend(s1, s2); 2678 s2->s.k = 8; 2679 s2 = new_stmt(cstate, BPF_MISC|BPF_TAX); 2680 sappend(s1, s2); 2681 2682 /* 2683 * Load the next byte, at an offset of 2, and OR the 2684 * value from the X register into it. 2685 */ 2686 s2 = new_stmt(cstate, BPF_LD|BPF_B|BPF_ABS); 2687 sappend(s1, s2); 2688 s2->s.k = 2; 2689 s2 = new_stmt(cstate, BPF_ALU|BPF_OR|BPF_X); 2690 sappend(s1, s2); 2691 2692 /* 2693 * Now allocate a register to hold that value and store 2694 * it. 2695 */ 2696 s2 = new_stmt(cstate, BPF_ST); 2697 s2->s.k = cstate->off_linkhdr.reg; 2698 sappend(s1, s2); 2699 2700 /* 2701 * Now move it into the X register. 2702 */ 2703 s2 = new_stmt(cstate, BPF_MISC|BPF_TAX); 2704 sappend(s1, s2); 2705 2706 return (s1); 2707 } else 2708 return (NULL); 2709 } 2710 2711 /* 2712 * At the moment we treat PPI as normal Radiotap encoded 2713 * packets. The difference is in the function that generates 2714 * the code at the beginning to compute the header length. 2715 * Since this code generator of PPI supports bare 802.11 2716 * encapsulation only (i.e. the encapsulated DLT should be 2717 * DLT_IEEE802_11) we generate code to check for this too; 2718 * that's done in finish_parse(). 2719 */ 2720 static struct slist * 2721 gen_load_ppi_llprefixlen(compiler_state_t *cstate) 2722 { 2723 struct slist *s1, *s2; 2724 2725 /* 2726 * Generate code to load the length of the radiotap header 2727 * into the register assigned to hold that length, if one has 2728 * been assigned. 2729 */ 2730 if (cstate->off_linkhdr.reg != -1) { 2731 /* 2732 * The 2 bytes at offsets of 2 and 3 from the beginning 2733 * of the radiotap header are the length of the radiotap 2734 * header; unfortunately, it's little-endian, so we have 2735 * to load it a byte at a time and construct the value. 2736 */ 2737 2738 /* 2739 * Load the high-order byte, at an offset of 3, shift it 2740 * left a byte, and put the result in the X register. 2741 */ 2742 s1 = new_stmt(cstate, BPF_LD|BPF_B|BPF_ABS); 2743 s1->s.k = 3; 2744 s2 = new_stmt(cstate, BPF_ALU|BPF_LSH|BPF_K); 2745 sappend(s1, s2); 2746 s2->s.k = 8; 2747 s2 = new_stmt(cstate, BPF_MISC|BPF_TAX); 2748 sappend(s1, s2); 2749 2750 /* 2751 * Load the next byte, at an offset of 2, and OR the 2752 * value from the X register into it. 2753 */ 2754 s2 = new_stmt(cstate, BPF_LD|BPF_B|BPF_ABS); 2755 sappend(s1, s2); 2756 s2->s.k = 2; 2757 s2 = new_stmt(cstate, BPF_ALU|BPF_OR|BPF_X); 2758 sappend(s1, s2); 2759 2760 /* 2761 * Now allocate a register to hold that value and store 2762 * it. 2763 */ 2764 s2 = new_stmt(cstate, BPF_ST); 2765 s2->s.k = cstate->off_linkhdr.reg; 2766 sappend(s1, s2); 2767 2768 /* 2769 * Now move it into the X register. 2770 */ 2771 s2 = new_stmt(cstate, BPF_MISC|BPF_TAX); 2772 sappend(s1, s2); 2773 2774 return (s1); 2775 } else 2776 return (NULL); 2777 } 2778 2779 /* 2780 * Load a value relative to the beginning of the link-layer header after the 802.11 2781 * header, i.e. LLC_SNAP. 2782 * The link-layer header doesn't necessarily begin at the beginning 2783 * of the packet data; there might be a variable-length prefix containing 2784 * radio information. 2785 */ 2786 static struct slist * 2787 gen_load_802_11_header_len(compiler_state_t *cstate, struct slist *s, struct slist *snext) 2788 { 2789 struct slist *s2; 2790 struct slist *sjset_data_frame_1; 2791 struct slist *sjset_data_frame_2; 2792 struct slist *sjset_qos; 2793 struct slist *sjset_radiotap_flags_present; 2794 struct slist *sjset_radiotap_ext_present; 2795 struct slist *sjset_radiotap_tsft_present; 2796 struct slist *sjset_tsft_datapad, *sjset_notsft_datapad; 2797 struct slist *s_roundup; 2798 2799 if (cstate->off_linkpl.reg == -1) { 2800 /* 2801 * No register has been assigned to the offset of 2802 * the link-layer payload, which means nobody needs 2803 * it; don't bother computing it - just return 2804 * what we already have. 2805 */ 2806 return (s); 2807 } 2808 2809 /* 2810 * This code is not compatible with the optimizer, as 2811 * we are generating jmp instructions within a normal 2812 * slist of instructions 2813 */ 2814 cstate->no_optimize = 1; 2815 2816 /* 2817 * If "s" is non-null, it has code to arrange that the X register 2818 * contains the length of the prefix preceding the link-layer 2819 * header. 2820 * 2821 * Otherwise, the length of the prefix preceding the link-layer 2822 * header is "off_outermostlinkhdr.constant_part". 2823 */ 2824 if (s == NULL) { 2825 /* 2826 * There is no variable-length header preceding the 2827 * link-layer header. 2828 * 2829 * Load the length of the fixed-length prefix preceding 2830 * the link-layer header (if any) into the X register, 2831 * and store it in the cstate->off_linkpl.reg register. 2832 * That length is off_outermostlinkhdr.constant_part. 2833 */ 2834 s = new_stmt(cstate, BPF_LDX|BPF_IMM); 2835 s->s.k = cstate->off_outermostlinkhdr.constant_part; 2836 } 2837 2838 /* 2839 * The X register contains the offset of the beginning of the 2840 * link-layer header; add 24, which is the minimum length 2841 * of the MAC header for a data frame, to that, and store it 2842 * in cstate->off_linkpl.reg, and then load the Frame Control field, 2843 * which is at the offset in the X register, with an indexed load. 2844 */ 2845 s2 = new_stmt(cstate, BPF_MISC|BPF_TXA); 2846 sappend(s, s2); 2847 s2 = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_K); 2848 s2->s.k = 24; 2849 sappend(s, s2); 2850 s2 = new_stmt(cstate, BPF_ST); 2851 s2->s.k = cstate->off_linkpl.reg; 2852 sappend(s, s2); 2853 2854 s2 = new_stmt(cstate, BPF_LD|BPF_IND|BPF_B); 2855 s2->s.k = 0; 2856 sappend(s, s2); 2857 2858 /* 2859 * Check the Frame Control field to see if this is a data frame; 2860 * a data frame has the 0x08 bit (b3) in that field set and the 2861 * 0x04 bit (b2) clear. 2862 */ 2863 sjset_data_frame_1 = new_stmt(cstate, JMP(BPF_JSET)); 2864 sjset_data_frame_1->s.k = 0x08; 2865 sappend(s, sjset_data_frame_1); 2866 2867 /* 2868 * If b3 is set, test b2, otherwise go to the first statement of 2869 * the rest of the program. 2870 */ 2871 sjset_data_frame_1->s.jt = sjset_data_frame_2 = new_stmt(cstate, JMP(BPF_JSET)); 2872 sjset_data_frame_2->s.k = 0x04; 2873 sappend(s, sjset_data_frame_2); 2874 sjset_data_frame_1->s.jf = snext; 2875 2876 /* 2877 * If b2 is not set, this is a data frame; test the QoS bit. 2878 * Otherwise, go to the first statement of the rest of the 2879 * program. 2880 */ 2881 sjset_data_frame_2->s.jt = snext; 2882 sjset_data_frame_2->s.jf = sjset_qos = new_stmt(cstate, JMP(BPF_JSET)); 2883 sjset_qos->s.k = 0x80; /* QoS bit */ 2884 sappend(s, sjset_qos); 2885 2886 /* 2887 * If it's set, add 2 to cstate->off_linkpl.reg, to skip the QoS 2888 * field. 2889 * Otherwise, go to the first statement of the rest of the 2890 * program. 2891 */ 2892 sjset_qos->s.jt = s2 = new_stmt(cstate, BPF_LD|BPF_MEM); 2893 s2->s.k = cstate->off_linkpl.reg; 2894 sappend(s, s2); 2895 s2 = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_IMM); 2896 s2->s.k = 2; 2897 sappend(s, s2); 2898 s2 = new_stmt(cstate, BPF_ST); 2899 s2->s.k = cstate->off_linkpl.reg; 2900 sappend(s, s2); 2901 2902 /* 2903 * If we have a radiotap header, look at it to see whether 2904 * there's Atheros padding between the MAC-layer header 2905 * and the payload. 2906 * 2907 * Note: all of the fields in the radiotap header are 2908 * little-endian, so we byte-swap all of the values 2909 * we test against, as they will be loaded as big-endian 2910 * values. 2911 * 2912 * XXX - in the general case, we would have to scan through 2913 * *all* the presence bits, if there's more than one word of 2914 * presence bits. That would require a loop, meaning that 2915 * we wouldn't be able to run the filter in the kernel. 2916 * 2917 * We assume here that the Atheros adapters that insert the 2918 * annoying padding don't have multiple antennae and therefore 2919 * do not generate radiotap headers with multiple presence words. 2920 */ 2921 if (cstate->linktype == DLT_IEEE802_11_RADIO) { 2922 /* 2923 * Is the IEEE80211_RADIOTAP_FLAGS bit (0x0000002) set 2924 * in the first presence flag word? 2925 */ 2926 sjset_qos->s.jf = s2 = new_stmt(cstate, BPF_LD|BPF_ABS|BPF_W); 2927 s2->s.k = 4; 2928 sappend(s, s2); 2929 2930 sjset_radiotap_flags_present = new_stmt(cstate, JMP(BPF_JSET)); 2931 sjset_radiotap_flags_present->s.k = SWAPLONG(0x00000002); 2932 sappend(s, sjset_radiotap_flags_present); 2933 2934 /* 2935 * If not, skip all of this. 2936 */ 2937 sjset_radiotap_flags_present->s.jf = snext; 2938 2939 /* 2940 * Otherwise, is the "extension" bit set in that word? 2941 */ 2942 sjset_radiotap_ext_present = new_stmt(cstate, JMP(BPF_JSET)); 2943 sjset_radiotap_ext_present->s.k = SWAPLONG(0x80000000); 2944 sappend(s, sjset_radiotap_ext_present); 2945 sjset_radiotap_flags_present->s.jt = sjset_radiotap_ext_present; 2946 2947 /* 2948 * If so, skip all of this. 2949 */ 2950 sjset_radiotap_ext_present->s.jt = snext; 2951 2952 /* 2953 * Otherwise, is the IEEE80211_RADIOTAP_TSFT bit set? 2954 */ 2955 sjset_radiotap_tsft_present = new_stmt(cstate, JMP(BPF_JSET)); 2956 sjset_radiotap_tsft_present->s.k = SWAPLONG(0x00000001); 2957 sappend(s, sjset_radiotap_tsft_present); 2958 sjset_radiotap_ext_present->s.jf = sjset_radiotap_tsft_present; 2959 2960 /* 2961 * If IEEE80211_RADIOTAP_TSFT is set, the flags field is 2962 * at an offset of 16 from the beginning of the raw packet 2963 * data (8 bytes for the radiotap header and 8 bytes for 2964 * the TSFT field). 2965 * 2966 * Test whether the IEEE80211_RADIOTAP_F_DATAPAD bit (0x20) 2967 * is set. 2968 */ 2969 s2 = new_stmt(cstate, BPF_LD|BPF_ABS|BPF_B); 2970 s2->s.k = 16; 2971 sappend(s, s2); 2972 sjset_radiotap_tsft_present->s.jt = s2; 2973 2974 sjset_tsft_datapad = new_stmt(cstate, JMP(BPF_JSET)); 2975 sjset_tsft_datapad->s.k = 0x20; 2976 sappend(s, sjset_tsft_datapad); 2977 2978 /* 2979 * If IEEE80211_RADIOTAP_TSFT is not set, the flags field is 2980 * at an offset of 8 from the beginning of the raw packet 2981 * data (8 bytes for the radiotap header). 2982 * 2983 * Test whether the IEEE80211_RADIOTAP_F_DATAPAD bit (0x20) 2984 * is set. 2985 */ 2986 s2 = new_stmt(cstate, BPF_LD|BPF_ABS|BPF_B); 2987 s2->s.k = 8; 2988 sappend(s, s2); 2989 sjset_radiotap_tsft_present->s.jf = s2; 2990 2991 sjset_notsft_datapad = new_stmt(cstate, JMP(BPF_JSET)); 2992 sjset_notsft_datapad->s.k = 0x20; 2993 sappend(s, sjset_notsft_datapad); 2994 2995 /* 2996 * In either case, if IEEE80211_RADIOTAP_F_DATAPAD is 2997 * set, round the length of the 802.11 header to 2998 * a multiple of 4. Do that by adding 3 and then 2999 * dividing by and multiplying by 4, which we do by 3000 * ANDing with ~3. 3001 */ 3002 s_roundup = new_stmt(cstate, BPF_LD|BPF_MEM); 3003 s_roundup->s.k = cstate->off_linkpl.reg; 3004 sappend(s, s_roundup); 3005 s2 = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_IMM); 3006 s2->s.k = 3; 3007 sappend(s, s2); 3008 s2 = new_stmt(cstate, BPF_ALU|BPF_AND|BPF_IMM); 3009 s2->s.k = (bpf_u_int32)~3; 3010 sappend(s, s2); 3011 s2 = new_stmt(cstate, BPF_ST); 3012 s2->s.k = cstate->off_linkpl.reg; 3013 sappend(s, s2); 3014 3015 sjset_tsft_datapad->s.jt = s_roundup; 3016 sjset_tsft_datapad->s.jf = snext; 3017 sjset_notsft_datapad->s.jt = s_roundup; 3018 sjset_notsft_datapad->s.jf = snext; 3019 } else 3020 sjset_qos->s.jf = snext; 3021 3022 return s; 3023 } 3024 3025 static void 3026 insert_compute_vloffsets(compiler_state_t *cstate, struct block *b) 3027 { 3028 struct slist *s; 3029 3030 /* There is an implicit dependency between the link 3031 * payload and link header since the payload computation 3032 * includes the variable part of the header. Therefore, 3033 * if nobody else has allocated a register for the link 3034 * header and we need it, do it now. */ 3035 if (cstate->off_linkpl.reg != -1 && cstate->off_linkhdr.is_variable && 3036 cstate->off_linkhdr.reg == -1) 3037 cstate->off_linkhdr.reg = alloc_reg(cstate); 3038 3039 /* 3040 * For link-layer types that have a variable-length header 3041 * preceding the link-layer header, generate code to load 3042 * the offset of the link-layer header into the register 3043 * assigned to that offset, if any. 3044 * 3045 * XXX - this, and the next switch statement, won't handle 3046 * encapsulation of 802.11 or 802.11+radio information in 3047 * some other protocol stack. That's significantly more 3048 * complicated. 3049 */ 3050 switch (cstate->outermostlinktype) { 3051 3052 case DLT_PRISM_HEADER: 3053 s = gen_load_prism_llprefixlen(cstate); 3054 break; 3055 3056 case DLT_IEEE802_11_RADIO_AVS: 3057 s = gen_load_avs_llprefixlen(cstate); 3058 break; 3059 3060 case DLT_IEEE802_11_RADIO: 3061 s = gen_load_radiotap_llprefixlen(cstate); 3062 break; 3063 3064 case DLT_PPI: 3065 s = gen_load_ppi_llprefixlen(cstate); 3066 break; 3067 3068 default: 3069 s = NULL; 3070 break; 3071 } 3072 3073 /* 3074 * For link-layer types that have a variable-length link-layer 3075 * header, generate code to load the offset of the link-layer 3076 * payload into the register assigned to that offset, if any. 3077 */ 3078 switch (cstate->outermostlinktype) { 3079 3080 case DLT_IEEE802_11: 3081 case DLT_PRISM_HEADER: 3082 case DLT_IEEE802_11_RADIO_AVS: 3083 case DLT_IEEE802_11_RADIO: 3084 case DLT_PPI: 3085 s = gen_load_802_11_header_len(cstate, s, b->stmts); 3086 break; 3087 3088 case DLT_PFLOG: 3089 s = gen_load_pflog_llprefixlen(cstate); 3090 break; 3091 } 3092 3093 /* 3094 * If there is no initialization yet and we need variable 3095 * length offsets for VLAN, initialize them to zero 3096 */ 3097 if (s == NULL && cstate->is_vlan_vloffset) { 3098 struct slist *s2; 3099 3100 if (cstate->off_linkpl.reg == -1) 3101 cstate->off_linkpl.reg = alloc_reg(cstate); 3102 if (cstate->off_linktype.reg == -1) 3103 cstate->off_linktype.reg = alloc_reg(cstate); 3104 3105 s = new_stmt(cstate, BPF_LD|BPF_W|BPF_IMM); 3106 s->s.k = 0; 3107 s2 = new_stmt(cstate, BPF_ST); 3108 s2->s.k = cstate->off_linkpl.reg; 3109 sappend(s, s2); 3110 s2 = new_stmt(cstate, BPF_ST); 3111 s2->s.k = cstate->off_linktype.reg; 3112 sappend(s, s2); 3113 } 3114 3115 /* 3116 * If we have any offset-loading code, append all the 3117 * existing statements in the block to those statements, 3118 * and make the resulting list the list of statements 3119 * for the block. 3120 */ 3121 if (s != NULL) { 3122 sappend(s, b->stmts); 3123 b->stmts = s; 3124 } 3125 } 3126 3127 static struct block * 3128 gen_ppi_dlt_check(compiler_state_t *cstate) 3129 { 3130 struct slist *s_load_dlt; 3131 struct block *b; 3132 3133 if (cstate->linktype == DLT_PPI) 3134 { 3135 /* Create the statements that check for the DLT 3136 */ 3137 s_load_dlt = new_stmt(cstate, BPF_LD|BPF_W|BPF_ABS); 3138 s_load_dlt->s.k = 4; 3139 3140 b = new_block(cstate, JMP(BPF_JEQ)); 3141 3142 b->stmts = s_load_dlt; 3143 b->s.k = SWAPLONG(DLT_IEEE802_11); 3144 } 3145 else 3146 { 3147 b = NULL; 3148 } 3149 3150 return b; 3151 } 3152 3153 /* 3154 * Take an absolute offset, and: 3155 * 3156 * if it has no variable part, return NULL; 3157 * 3158 * if it has a variable part, generate code to load the register 3159 * containing that variable part into the X register, returning 3160 * a pointer to that code - if no register for that offset has 3161 * been allocated, allocate it first. 3162 * 3163 * (The code to set that register will be generated later, but will 3164 * be placed earlier in the code sequence.) 3165 */ 3166 static struct slist * 3167 gen_abs_offset_varpart(compiler_state_t *cstate, bpf_abs_offset *off) 3168 { 3169 struct slist *s; 3170 3171 if (off->is_variable) { 3172 if (off->reg == -1) { 3173 /* 3174 * We haven't yet assigned a register for the 3175 * variable part of the offset of the link-layer 3176 * header; allocate one. 3177 */ 3178 off->reg = alloc_reg(cstate); 3179 } 3180 3181 /* 3182 * Load the register containing the variable part of the 3183 * offset of the link-layer header into the X register. 3184 */ 3185 s = new_stmt(cstate, BPF_LDX|BPF_MEM); 3186 s->s.k = off->reg; 3187 return s; 3188 } else { 3189 /* 3190 * That offset isn't variable, there's no variable part, 3191 * so we don't need to generate any code. 3192 */ 3193 return NULL; 3194 } 3195 } 3196 3197 /* 3198 * Map an Ethernet type to the equivalent PPP type. 3199 */ 3200 static bpf_u_int32 3201 ethertype_to_ppptype(bpf_u_int32 ll_proto) 3202 { 3203 switch (ll_proto) { 3204 3205 case ETHERTYPE_IP: 3206 ll_proto = PPP_IP; 3207 break; 3208 3209 case ETHERTYPE_IPV6: 3210 ll_proto = PPP_IPV6; 3211 break; 3212 3213 case ETHERTYPE_DN: 3214 ll_proto = PPP_DECNET; 3215 break; 3216 3217 case ETHERTYPE_ATALK: 3218 ll_proto = PPP_APPLE; 3219 break; 3220 3221 case ETHERTYPE_NS: 3222 ll_proto = PPP_NS; 3223 break; 3224 3225 case LLCSAP_ISONS: 3226 ll_proto = PPP_OSI; 3227 break; 3228 3229 case LLCSAP_8021D: 3230 /* 3231 * I'm assuming the "Bridging PDU"s that go 3232 * over PPP are Spanning Tree Protocol 3233 * Bridging PDUs. 3234 */ 3235 ll_proto = PPP_BRPDU; 3236 break; 3237 3238 case LLCSAP_IPX: 3239 ll_proto = PPP_IPX; 3240 break; 3241 } 3242 return (ll_proto); 3243 } 3244 3245 /* 3246 * Generate any tests that, for encapsulation of a link-layer packet 3247 * inside another protocol stack, need to be done to check for those 3248 * link-layer packets (and that haven't already been done by a check 3249 * for that encapsulation). 3250 */ 3251 static struct block * 3252 gen_prevlinkhdr_check(compiler_state_t *cstate) 3253 { 3254 struct block *b0; 3255 3256 if (cstate->is_geneve) 3257 return gen_geneve_ll_check(cstate); 3258 3259 switch (cstate->prevlinktype) { 3260 3261 case DLT_SUNATM: 3262 /* 3263 * This is LANE-encapsulated Ethernet; check that the LANE 3264 * packet doesn't begin with an LE Control marker, i.e. 3265 * that it's data, not a control message. 3266 * 3267 * (We've already generated a test for LANE.) 3268 */ 3269 b0 = gen_cmp(cstate, OR_PREVLINKHDR, SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00); 3270 gen_not(b0); 3271 return b0; 3272 3273 default: 3274 /* 3275 * No such tests are necessary. 3276 */ 3277 return NULL; 3278 } 3279 /*NOTREACHED*/ 3280 } 3281 3282 /* 3283 * The three different values we should check for when checking for an 3284 * IPv6 packet with DLT_NULL. 3285 */ 3286 #define BSD_AFNUM_INET6_BSD 24 /* NetBSD, OpenBSD, BSD/OS, Npcap */ 3287 #define BSD_AFNUM_INET6_FREEBSD 28 /* FreeBSD */ 3288 #define BSD_AFNUM_INET6_DARWIN 30 /* macOS, iOS, other Darwin-based OSes */ 3289 3290 /* 3291 * Generate code to match a particular packet type by matching the 3292 * link-layer type field or fields in the 802.2 LLC header. 3293 * 3294 * "proto" is an Ethernet type value, if > ETHERMTU, or an LLC SAP 3295 * value, if <= ETHERMTU. 3296 */ 3297 static struct block * 3298 gen_linktype(compiler_state_t *cstate, bpf_u_int32 ll_proto) 3299 { 3300 struct block *b0, *b1, *b2; 3301 const char *description; 3302 3303 /* are we checking MPLS-encapsulated packets? */ 3304 if (cstate->label_stack_depth > 0) 3305 return gen_mpls_linktype(cstate, ll_proto); 3306 3307 switch (cstate->linktype) { 3308 3309 case DLT_EN10MB: 3310 case DLT_NETANALYZER: 3311 case DLT_NETANALYZER_TRANSPARENT: 3312 /* Geneve has an EtherType regardless of whether there is an 3313 * L2 header. */ 3314 if (!cstate->is_geneve) 3315 b0 = gen_prevlinkhdr_check(cstate); 3316 else 3317 b0 = NULL; 3318 3319 b1 = gen_ether_linktype(cstate, ll_proto); 3320 if (b0 != NULL) 3321 gen_and(b0, b1); 3322 return b1; 3323 /*NOTREACHED*/ 3324 3325 case DLT_C_HDLC: 3326 case DLT_HDLC: 3327 switch (ll_proto) { 3328 3329 case LLCSAP_ISONS: 3330 ll_proto = (ll_proto << 8 | LLCSAP_ISONS); 3331 /* fall through */ 3332 3333 default: 3334 return gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, ll_proto); 3335 /*NOTREACHED*/ 3336 } 3337 3338 case DLT_IEEE802_11: 3339 case DLT_PRISM_HEADER: 3340 case DLT_IEEE802_11_RADIO_AVS: 3341 case DLT_IEEE802_11_RADIO: 3342 case DLT_PPI: 3343 /* 3344 * Check that we have a data frame. 3345 */ 3346 b0 = gen_check_802_11_data_frame(cstate); 3347 3348 /* 3349 * Now check for the specified link-layer type. 3350 */ 3351 b1 = gen_llc_linktype(cstate, ll_proto); 3352 gen_and(b0, b1); 3353 return b1; 3354 /*NOTREACHED*/ 3355 3356 case DLT_FDDI: 3357 /* 3358 * XXX - check for LLC frames. 3359 */ 3360 return gen_llc_linktype(cstate, ll_proto); 3361 /*NOTREACHED*/ 3362 3363 case DLT_IEEE802: 3364 /* 3365 * XXX - check for LLC PDUs, as per IEEE 802.5. 3366 */ 3367 return gen_llc_linktype(cstate, ll_proto); 3368 /*NOTREACHED*/ 3369 3370 case DLT_ATM_RFC1483: 3371 case DLT_ATM_CLIP: 3372 case DLT_IP_OVER_FC: 3373 return gen_llc_linktype(cstate, ll_proto); 3374 /*NOTREACHED*/ 3375 3376 case DLT_SUNATM: 3377 /* 3378 * Check for an LLC-encapsulated version of this protocol; 3379 * if we were checking for LANE, linktype would no longer 3380 * be DLT_SUNATM. 3381 * 3382 * Check for LLC encapsulation and then check the protocol. 3383 */ 3384 b0 = gen_atmfield_code_internal(cstate, A_PROTOTYPE, PT_LLC, BPF_JEQ, 0); 3385 b1 = gen_llc_linktype(cstate, ll_proto); 3386 gen_and(b0, b1); 3387 return b1; 3388 /*NOTREACHED*/ 3389 3390 case DLT_LINUX_SLL: 3391 return gen_linux_sll_linktype(cstate, ll_proto); 3392 /*NOTREACHED*/ 3393 3394 case DLT_SLIP: 3395 case DLT_SLIP_BSDOS: 3396 case DLT_RAW: 3397 /* 3398 * These types don't provide any type field; packets 3399 * are always IPv4 or IPv6. 3400 * 3401 * XXX - for IPv4, check for a version number of 4, and, 3402 * for IPv6, check for a version number of 6? 3403 */ 3404 switch (ll_proto) { 3405 3406 case ETHERTYPE_IP: 3407 /* Check for a version number of 4. */ 3408 return gen_mcmp(cstate, OR_LINKHDR, 0, BPF_B, 0x40, 0xF0); 3409 3410 case ETHERTYPE_IPV6: 3411 /* Check for a version number of 6. */ 3412 return gen_mcmp(cstate, OR_LINKHDR, 0, BPF_B, 0x60, 0xF0); 3413 3414 default: 3415 return gen_false(cstate); /* always false */ 3416 } 3417 /*NOTREACHED*/ 3418 3419 case DLT_IPV4: 3420 /* 3421 * Raw IPv4, so no type field. 3422 */ 3423 if (ll_proto == ETHERTYPE_IP) 3424 return gen_true(cstate); /* always true */ 3425 3426 /* Checking for something other than IPv4; always false */ 3427 return gen_false(cstate); 3428 /*NOTREACHED*/ 3429 3430 case DLT_IPV6: 3431 /* 3432 * Raw IPv6, so no type field. 3433 */ 3434 if (ll_proto == ETHERTYPE_IPV6) 3435 return gen_true(cstate); /* always true */ 3436 3437 /* Checking for something other than IPv6; always false */ 3438 return gen_false(cstate); 3439 /*NOTREACHED*/ 3440 3441 case DLT_PPP: 3442 case DLT_PPP_PPPD: 3443 case DLT_PPP_SERIAL: 3444 case DLT_PPP_ETHER: 3445 /* 3446 * We use Ethernet protocol types inside libpcap; 3447 * map them to the corresponding PPP protocol types. 3448 */ 3449 return gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, 3450 ethertype_to_ppptype(ll_proto)); 3451 /*NOTREACHED*/ 3452 3453 case DLT_PPP_BSDOS: 3454 /* 3455 * We use Ethernet protocol types inside libpcap; 3456 * map them to the corresponding PPP protocol types. 3457 */ 3458 switch (ll_proto) { 3459 3460 case ETHERTYPE_IP: 3461 /* 3462 * Also check for Van Jacobson-compressed IP. 3463 * XXX - do this for other forms of PPP? 3464 */ 3465 b0 = gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, PPP_IP); 3466 b1 = gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, PPP_VJC); 3467 gen_or(b0, b1); 3468 b0 = gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, PPP_VJNC); 3469 gen_or(b1, b0); 3470 return b0; 3471 3472 default: 3473 return gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, 3474 ethertype_to_ppptype(ll_proto)); 3475 } 3476 /*NOTREACHED*/ 3477 3478 case DLT_NULL: 3479 case DLT_LOOP: 3480 case DLT_ENC: 3481 switch (ll_proto) { 3482 3483 case ETHERTYPE_IP: 3484 return (gen_loopback_linktype(cstate, AF_INET)); 3485 3486 case ETHERTYPE_IPV6: 3487 /* 3488 * AF_ values may, unfortunately, be platform- 3489 * dependent; AF_INET isn't, because everybody 3490 * used 4.2BSD's value, but AF_INET6 is, because 3491 * 4.2BSD didn't have a value for it (given that 3492 * IPv6 didn't exist back in the early 1980's), 3493 * and they all picked their own values. 3494 * 3495 * This means that, if we're reading from a 3496 * savefile, we need to check for all the 3497 * possible values. 3498 * 3499 * If we're doing a live capture, we only need 3500 * to check for this platform's value; however, 3501 * Npcap uses 24, which isn't Windows's AF_INET6 3502 * value. (Given the multiple different values, 3503 * programs that read pcap files shouldn't be 3504 * checking for their platform's AF_INET6 value 3505 * anyway, they should check for all of the 3506 * possible values. and they might as well do 3507 * that even for live captures.) 3508 */ 3509 if (cstate->bpf_pcap->rfile != NULL) { 3510 /* 3511 * Savefile - check for all three 3512 * possible IPv6 values. 3513 */ 3514 b0 = gen_loopback_linktype(cstate, BSD_AFNUM_INET6_BSD); 3515 b1 = gen_loopback_linktype(cstate, BSD_AFNUM_INET6_FREEBSD); 3516 gen_or(b0, b1); 3517 b0 = gen_loopback_linktype(cstate, BSD_AFNUM_INET6_DARWIN); 3518 gen_or(b0, b1); 3519 return (b1); 3520 } else { 3521 /* 3522 * Live capture, so we only need to 3523 * check for the value used on this 3524 * platform. 3525 */ 3526 #ifdef _WIN32 3527 /* 3528 * Npcap doesn't use Windows's AF_INET6, 3529 * as that collides with AF_IPX on 3530 * some BSDs (both have the value 23). 3531 * Instead, it uses 24. 3532 */ 3533 return (gen_loopback_linktype(cstate, 24)); 3534 #else /* _WIN32 */ 3535 #ifdef AF_INET6 3536 return (gen_loopback_linktype(cstate, AF_INET6)); 3537 #else /* AF_INET6 */ 3538 /* 3539 * I guess this platform doesn't support 3540 * IPv6, so we just reject all packets. 3541 */ 3542 return gen_false(cstate); 3543 #endif /* AF_INET6 */ 3544 #endif /* _WIN32 */ 3545 } 3546 3547 default: 3548 /* 3549 * Not a type on which we support filtering. 3550 * XXX - support those that have AF_ values 3551 * #defined on this platform, at least? 3552 */ 3553 return gen_false(cstate); 3554 } 3555 3556 case DLT_PFLOG: 3557 /* 3558 * af field is host byte order in contrast to the rest of 3559 * the packet. 3560 */ 3561 if (ll_proto == ETHERTYPE_IP) 3562 return (gen_cmp(cstate, OR_LINKHDR, offsetof(struct pfloghdr, af), 3563 BPF_B, AF_INET)); 3564 else if (ll_proto == ETHERTYPE_IPV6) 3565 return (gen_cmp(cstate, OR_LINKHDR, offsetof(struct pfloghdr, af), 3566 BPF_B, AF_INET6)); 3567 else 3568 return gen_false(cstate); 3569 /*NOTREACHED*/ 3570 3571 case DLT_ARCNET: 3572 case DLT_ARCNET_LINUX: 3573 /* 3574 * XXX should we check for first fragment if the protocol 3575 * uses PHDS? 3576 */ 3577 switch (ll_proto) { 3578 3579 default: 3580 return gen_false(cstate); 3581 3582 case ETHERTYPE_IPV6: 3583 return (gen_cmp(cstate, OR_LINKTYPE, 0, BPF_B, 3584 ARCTYPE_INET6)); 3585 3586 case ETHERTYPE_IP: 3587 b0 = gen_cmp(cstate, OR_LINKTYPE, 0, BPF_B, 3588 ARCTYPE_IP); 3589 b1 = gen_cmp(cstate, OR_LINKTYPE, 0, BPF_B, 3590 ARCTYPE_IP_OLD); 3591 gen_or(b0, b1); 3592 return (b1); 3593 3594 case ETHERTYPE_ARP: 3595 b0 = gen_cmp(cstate, OR_LINKTYPE, 0, BPF_B, 3596 ARCTYPE_ARP); 3597 b1 = gen_cmp(cstate, OR_LINKTYPE, 0, BPF_B, 3598 ARCTYPE_ARP_OLD); 3599 gen_or(b0, b1); 3600 return (b1); 3601 3602 case ETHERTYPE_REVARP: 3603 return (gen_cmp(cstate, OR_LINKTYPE, 0, BPF_B, 3604 ARCTYPE_REVARP)); 3605 3606 case ETHERTYPE_ATALK: 3607 return (gen_cmp(cstate, OR_LINKTYPE, 0, BPF_B, 3608 ARCTYPE_ATALK)); 3609 } 3610 /*NOTREACHED*/ 3611 3612 case DLT_LTALK: 3613 switch (ll_proto) { 3614 case ETHERTYPE_ATALK: 3615 return gen_true(cstate); 3616 default: 3617 return gen_false(cstate); 3618 } 3619 /*NOTREACHED*/ 3620 3621 case DLT_FRELAY: 3622 /* 3623 * XXX - assumes a 2-byte Frame Relay header with 3624 * DLCI and flags. What if the address is longer? 3625 */ 3626 switch (ll_proto) { 3627 3628 case ETHERTYPE_IP: 3629 /* 3630 * Check for the special NLPID for IP. 3631 */ 3632 return gen_cmp(cstate, OR_LINKHDR, 2, BPF_H, (0x03<<8) | 0xcc); 3633 3634 case ETHERTYPE_IPV6: 3635 /* 3636 * Check for the special NLPID for IPv6. 3637 */ 3638 return gen_cmp(cstate, OR_LINKHDR, 2, BPF_H, (0x03<<8) | 0x8e); 3639 3640 case LLCSAP_ISONS: 3641 /* 3642 * Check for several OSI protocols. 3643 * 3644 * Frame Relay packets typically have an OSI 3645 * NLPID at the beginning; we check for each 3646 * of them. 3647 * 3648 * What we check for is the NLPID and a frame 3649 * control field of UI, i.e. 0x03 followed 3650 * by the NLPID. 3651 */ 3652 b0 = gen_cmp(cstate, OR_LINKHDR, 2, BPF_H, (0x03<<8) | ISO8473_CLNP); 3653 b1 = gen_cmp(cstate, OR_LINKHDR, 2, BPF_H, (0x03<<8) | ISO9542_ESIS); 3654 b2 = gen_cmp(cstate, OR_LINKHDR, 2, BPF_H, (0x03<<8) | ISO10589_ISIS); 3655 gen_or(b1, b2); 3656 gen_or(b0, b2); 3657 return b2; 3658 3659 default: 3660 return gen_false(cstate); 3661 } 3662 /*NOTREACHED*/ 3663 3664 case DLT_MFR: 3665 bpf_error(cstate, "Multi-link Frame Relay link-layer type filtering not implemented"); 3666 3667 case DLT_JUNIPER_MFR: 3668 case DLT_JUNIPER_MLFR: 3669 case DLT_JUNIPER_MLPPP: 3670 case DLT_JUNIPER_ATM1: 3671 case DLT_JUNIPER_ATM2: 3672 case DLT_JUNIPER_PPPOE: 3673 case DLT_JUNIPER_PPPOE_ATM: 3674 case DLT_JUNIPER_GGSN: 3675 case DLT_JUNIPER_ES: 3676 case DLT_JUNIPER_MONITOR: 3677 case DLT_JUNIPER_SERVICES: 3678 case DLT_JUNIPER_ETHER: 3679 case DLT_JUNIPER_PPP: 3680 case DLT_JUNIPER_FRELAY: 3681 case DLT_JUNIPER_CHDLC: 3682 case DLT_JUNIPER_VP: 3683 case DLT_JUNIPER_ST: 3684 case DLT_JUNIPER_ISM: 3685 case DLT_JUNIPER_VS: 3686 case DLT_JUNIPER_SRX_E2E: 3687 case DLT_JUNIPER_FIBRECHANNEL: 3688 case DLT_JUNIPER_ATM_CEMIC: 3689 3690 /* just lets verify the magic number for now - 3691 * on ATM we may have up to 6 different encapsulations on the wire 3692 * and need a lot of heuristics to figure out that the payload 3693 * might be; 3694 * 3695 * FIXME encapsulation specific BPF_ filters 3696 */ 3697 return gen_mcmp(cstate, OR_LINKHDR, 0, BPF_W, 0x4d474300, 0xffffff00); /* compare the magic number */ 3698 3699 case DLT_BACNET_MS_TP: 3700 return gen_mcmp(cstate, OR_LINKHDR, 0, BPF_W, 0x55FF0000, 0xffff0000); 3701 3702 case DLT_IPNET: 3703 return gen_ipnet_linktype(cstate, ll_proto); 3704 3705 case DLT_LINUX_IRDA: 3706 bpf_error(cstate, "IrDA link-layer type filtering not implemented"); 3707 3708 case DLT_DOCSIS: 3709 bpf_error(cstate, "DOCSIS link-layer type filtering not implemented"); 3710 3711 case DLT_MTP2: 3712 case DLT_MTP2_WITH_PHDR: 3713 bpf_error(cstate, "MTP2 link-layer type filtering not implemented"); 3714 3715 case DLT_ERF: 3716 bpf_error(cstate, "ERF link-layer type filtering not implemented"); 3717 3718 case DLT_PFSYNC: 3719 bpf_error(cstate, "PFSYNC link-layer type filtering not implemented"); 3720 3721 case DLT_LINUX_LAPD: 3722 bpf_error(cstate, "LAPD link-layer type filtering not implemented"); 3723 3724 case DLT_USB_FREEBSD: 3725 case DLT_USB_LINUX: 3726 case DLT_USB_LINUX_MMAPPED: 3727 case DLT_USBPCAP: 3728 bpf_error(cstate, "USB link-layer type filtering not implemented"); 3729 3730 case DLT_BLUETOOTH_HCI_H4: 3731 case DLT_BLUETOOTH_HCI_H4_WITH_PHDR: 3732 bpf_error(cstate, "Bluetooth link-layer type filtering not implemented"); 3733 3734 case DLT_CAN20B: 3735 case DLT_CAN_SOCKETCAN: 3736 bpf_error(cstate, "CAN link-layer type filtering not implemented"); 3737 3738 case DLT_IEEE802_15_4: 3739 case DLT_IEEE802_15_4_LINUX: 3740 case DLT_IEEE802_15_4_NONASK_PHY: 3741 case DLT_IEEE802_15_4_NOFCS: 3742 case DLT_IEEE802_15_4_TAP: 3743 bpf_error(cstate, "IEEE 802.15.4 link-layer type filtering not implemented"); 3744 3745 case DLT_IEEE802_16_MAC_CPS_RADIO: 3746 bpf_error(cstate, "IEEE 802.16 link-layer type filtering not implemented"); 3747 3748 case DLT_SITA: 3749 bpf_error(cstate, "SITA link-layer type filtering not implemented"); 3750 3751 case DLT_RAIF1: 3752 bpf_error(cstate, "RAIF1 link-layer type filtering not implemented"); 3753 3754 case DLT_IPMB_KONTRON: 3755 case DLT_IPMB_LINUX: 3756 bpf_error(cstate, "IPMB link-layer type filtering not implemented"); 3757 3758 case DLT_AX25_KISS: 3759 bpf_error(cstate, "AX.25 link-layer type filtering not implemented"); 3760 3761 case DLT_NFLOG: 3762 /* Using the fixed-size NFLOG header it is possible to tell only 3763 * the address family of the packet, other meaningful data is 3764 * either missing or behind TLVs. 3765 */ 3766 bpf_error(cstate, "NFLOG link-layer type filtering not implemented"); 3767 3768 default: 3769 /* 3770 * Does this link-layer header type have a field 3771 * indicating the type of the next protocol? If 3772 * so, off_linktype.constant_part will be the offset of that 3773 * field in the packet; if not, it will be OFFSET_NOT_SET. 3774 */ 3775 if (cstate->off_linktype.constant_part != OFFSET_NOT_SET) { 3776 /* 3777 * Yes; assume it's an Ethernet type. (If 3778 * it's not, it needs to be handled specially 3779 * above.) 3780 */ 3781 return gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, ll_proto); 3782 /*NOTREACHED */ 3783 } else { 3784 /* 3785 * No; report an error. 3786 */ 3787 description = pcap_datalink_val_to_description_or_dlt(cstate->linktype); 3788 bpf_error(cstate, "%s link-layer type filtering not implemented", 3789 description); 3790 /*NOTREACHED */ 3791 } 3792 } 3793 } 3794 3795 /* 3796 * Check for an LLC SNAP packet with a given organization code and 3797 * protocol type; we check the entire contents of the 802.2 LLC and 3798 * snap headers, checking for DSAP and SSAP of SNAP and a control 3799 * field of 0x03 in the LLC header, and for the specified organization 3800 * code and protocol type in the SNAP header. 3801 */ 3802 static struct block * 3803 gen_snap(compiler_state_t *cstate, bpf_u_int32 orgcode, bpf_u_int32 ptype) 3804 { 3805 u_char snapblock[8]; 3806 3807 snapblock[0] = LLCSAP_SNAP; /* DSAP = SNAP */ 3808 snapblock[1] = LLCSAP_SNAP; /* SSAP = SNAP */ 3809 snapblock[2] = 0x03; /* control = UI */ 3810 snapblock[3] = (u_char)(orgcode >> 16); /* upper 8 bits of organization code */ 3811 snapblock[4] = (u_char)(orgcode >> 8); /* middle 8 bits of organization code */ 3812 snapblock[5] = (u_char)(orgcode >> 0); /* lower 8 bits of organization code */ 3813 snapblock[6] = (u_char)(ptype >> 8); /* upper 8 bits of protocol type */ 3814 snapblock[7] = (u_char)(ptype >> 0); /* lower 8 bits of protocol type */ 3815 return gen_bcmp(cstate, OR_LLC, 0, 8, snapblock); 3816 } 3817 3818 /* 3819 * Generate code to match frames with an LLC header. 3820 */ 3821 static struct block * 3822 gen_llc_internal(compiler_state_t *cstate) 3823 { 3824 struct block *b0, *b1; 3825 3826 switch (cstate->linktype) { 3827 3828 case DLT_EN10MB: 3829 /* 3830 * We check for an Ethernet type field less than 3831 * 1500, which means it's an 802.3 length field. 3832 */ 3833 b0 = gen_cmp_gt(cstate, OR_LINKTYPE, 0, BPF_H, ETHERMTU); 3834 gen_not(b0); 3835 3836 /* 3837 * Now check for the purported DSAP and SSAP not being 3838 * 0xFF, to rule out NetWare-over-802.3. 3839 */ 3840 b1 = gen_cmp(cstate, OR_LLC, 0, BPF_H, 0xFFFF); 3841 gen_not(b1); 3842 gen_and(b0, b1); 3843 return b1; 3844 3845 case DLT_SUNATM: 3846 /* 3847 * We check for LLC traffic. 3848 */ 3849 b0 = gen_atmtype_llc(cstate); 3850 return b0; 3851 3852 case DLT_IEEE802: /* Token Ring */ 3853 /* 3854 * XXX - check for LLC frames. 3855 */ 3856 return gen_true(cstate); 3857 3858 case DLT_FDDI: 3859 /* 3860 * XXX - check for LLC frames. 3861 */ 3862 return gen_true(cstate); 3863 3864 case DLT_ATM_RFC1483: 3865 /* 3866 * For LLC encapsulation, these are defined to have an 3867 * 802.2 LLC header. 3868 * 3869 * For VC encapsulation, they don't, but there's no 3870 * way to check for that; the protocol used on the VC 3871 * is negotiated out of band. 3872 */ 3873 return gen_true(cstate); 3874 3875 case DLT_IEEE802_11: 3876 case DLT_PRISM_HEADER: 3877 case DLT_IEEE802_11_RADIO: 3878 case DLT_IEEE802_11_RADIO_AVS: 3879 case DLT_PPI: 3880 /* 3881 * Check that we have a data frame. 3882 */ 3883 b0 = gen_check_802_11_data_frame(cstate); 3884 return b0; 3885 3886 default: 3887 bpf_error(cstate, "'llc' not supported for %s", 3888 pcap_datalink_val_to_description_or_dlt(cstate->linktype)); 3889 /*NOTREACHED*/ 3890 } 3891 } 3892 3893 struct block * 3894 gen_llc(compiler_state_t *cstate) 3895 { 3896 /* 3897 * Catch errors reported by us and routines below us, and return NULL 3898 * on an error. 3899 */ 3900 if (setjmp(cstate->top_ctx)) 3901 return (NULL); 3902 3903 return gen_llc_internal(cstate); 3904 } 3905 3906 struct block * 3907 gen_llc_i(compiler_state_t *cstate) 3908 { 3909 struct block *b0, *b1; 3910 struct slist *s; 3911 3912 /* 3913 * Catch errors reported by us and routines below us, and return NULL 3914 * on an error. 3915 */ 3916 if (setjmp(cstate->top_ctx)) 3917 return (NULL); 3918 3919 /* 3920 * Check whether this is an LLC frame. 3921 */ 3922 b0 = gen_llc_internal(cstate); 3923 3924 /* 3925 * Load the control byte and test the low-order bit; it must 3926 * be clear for I frames. 3927 */ 3928 s = gen_load_a(cstate, OR_LLC, 2, BPF_B); 3929 b1 = new_block(cstate, JMP(BPF_JSET)); 3930 b1->s.k = 0x01; 3931 b1->stmts = s; 3932 gen_not(b1); 3933 gen_and(b0, b1); 3934 return b1; 3935 } 3936 3937 struct block * 3938 gen_llc_s(compiler_state_t *cstate) 3939 { 3940 struct block *b0, *b1; 3941 3942 /* 3943 * Catch errors reported by us and routines below us, and return NULL 3944 * on an error. 3945 */ 3946 if (setjmp(cstate->top_ctx)) 3947 return (NULL); 3948 3949 /* 3950 * Check whether this is an LLC frame. 3951 */ 3952 b0 = gen_llc_internal(cstate); 3953 3954 /* 3955 * Now compare the low-order 2 bit of the control byte against 3956 * the appropriate value for S frames. 3957 */ 3958 b1 = gen_mcmp(cstate, OR_LLC, 2, BPF_B, LLC_S_FMT, 0x03); 3959 gen_and(b0, b1); 3960 return b1; 3961 } 3962 3963 struct block * 3964 gen_llc_u(compiler_state_t *cstate) 3965 { 3966 struct block *b0, *b1; 3967 3968 /* 3969 * Catch errors reported by us and routines below us, and return NULL 3970 * on an error. 3971 */ 3972 if (setjmp(cstate->top_ctx)) 3973 return (NULL); 3974 3975 /* 3976 * Check whether this is an LLC frame. 3977 */ 3978 b0 = gen_llc_internal(cstate); 3979 3980 /* 3981 * Now compare the low-order 2 bit of the control byte against 3982 * the appropriate value for U frames. 3983 */ 3984 b1 = gen_mcmp(cstate, OR_LLC, 2, BPF_B, LLC_U_FMT, 0x03); 3985 gen_and(b0, b1); 3986 return b1; 3987 } 3988 3989 struct block * 3990 gen_llc_s_subtype(compiler_state_t *cstate, bpf_u_int32 subtype) 3991 { 3992 struct block *b0, *b1; 3993 3994 /* 3995 * Catch errors reported by us and routines below us, and return NULL 3996 * on an error. 3997 */ 3998 if (setjmp(cstate->top_ctx)) 3999 return (NULL); 4000 4001 /* 4002 * Check whether this is an LLC frame. 4003 */ 4004 b0 = gen_llc_internal(cstate); 4005 4006 /* 4007 * Now check for an S frame with the appropriate type. 4008 */ 4009 b1 = gen_mcmp(cstate, OR_LLC, 2, BPF_B, subtype, LLC_S_CMD_MASK); 4010 gen_and(b0, b1); 4011 return b1; 4012 } 4013 4014 struct block * 4015 gen_llc_u_subtype(compiler_state_t *cstate, bpf_u_int32 subtype) 4016 { 4017 struct block *b0, *b1; 4018 4019 /* 4020 * Catch errors reported by us and routines below us, and return NULL 4021 * on an error. 4022 */ 4023 if (setjmp(cstate->top_ctx)) 4024 return (NULL); 4025 4026 /* 4027 * Check whether this is an LLC frame. 4028 */ 4029 b0 = gen_llc_internal(cstate); 4030 4031 /* 4032 * Now check for a U frame with the appropriate type. 4033 */ 4034 b1 = gen_mcmp(cstate, OR_LLC, 2, BPF_B, subtype, LLC_U_CMD_MASK); 4035 gen_and(b0, b1); 4036 return b1; 4037 } 4038 4039 /* 4040 * Generate code to match a particular packet type, for link-layer types 4041 * using 802.2 LLC headers. 4042 * 4043 * This is *NOT* used for Ethernet; "gen_ether_linktype()" is used 4044 * for that - it handles the D/I/X Ethernet vs. 802.3+802.2 issues. 4045 * 4046 * "proto" is an Ethernet type value, if > ETHERMTU, or an LLC SAP 4047 * value, if <= ETHERMTU. We use that to determine whether to 4048 * match the DSAP or both DSAP and LSAP or to check the OUI and 4049 * protocol ID in a SNAP header. 4050 */ 4051 static struct block * 4052 gen_llc_linktype(compiler_state_t *cstate, bpf_u_int32 ll_proto) 4053 { 4054 /* 4055 * XXX - handle token-ring variable-length header. 4056 */ 4057 switch (ll_proto) { 4058 4059 case LLCSAP_IP: 4060 case LLCSAP_ISONS: 4061 case LLCSAP_NETBEUI: 4062 /* 4063 * XXX - should we check both the DSAP and the 4064 * SSAP, like this, or should we check just the 4065 * DSAP, as we do for other SAP values? 4066 */ 4067 return gen_cmp(cstate, OR_LLC, 0, BPF_H, (bpf_u_int32) 4068 ((ll_proto << 8) | ll_proto)); 4069 4070 case LLCSAP_IPX: 4071 /* 4072 * XXX - are there ever SNAP frames for IPX on 4073 * non-Ethernet 802.x networks? 4074 */ 4075 return gen_cmp(cstate, OR_LLC, 0, BPF_B, LLCSAP_IPX); 4076 4077 case ETHERTYPE_ATALK: 4078 /* 4079 * 802.2-encapsulated ETHERTYPE_ATALK packets are 4080 * SNAP packets with an organization code of 4081 * 0x080007 (Apple, for Appletalk) and a protocol 4082 * type of ETHERTYPE_ATALK (Appletalk). 4083 * 4084 * XXX - check for an organization code of 4085 * encapsulated Ethernet as well? 4086 */ 4087 return gen_snap(cstate, 0x080007, ETHERTYPE_ATALK); 4088 4089 default: 4090 /* 4091 * XXX - we don't have to check for IPX 802.3 4092 * here, but should we check for the IPX Ethertype? 4093 */ 4094 if (ll_proto <= ETHERMTU) { 4095 /* 4096 * This is an LLC SAP value, so check 4097 * the DSAP. 4098 */ 4099 return gen_cmp(cstate, OR_LLC, 0, BPF_B, ll_proto); 4100 } else { 4101 /* 4102 * This is an Ethernet type; we assume that it's 4103 * unlikely that it'll appear in the right place 4104 * at random, and therefore check only the 4105 * location that would hold the Ethernet type 4106 * in a SNAP frame with an organization code of 4107 * 0x000000 (encapsulated Ethernet). 4108 * 4109 * XXX - if we were to check for the SNAP DSAP and 4110 * LSAP, as per XXX, and were also to check for an 4111 * organization code of 0x000000 (encapsulated 4112 * Ethernet), we'd do 4113 * 4114 * return gen_snap(cstate, 0x000000, ll_proto); 4115 * 4116 * here; for now, we don't, as per the above. 4117 * I don't know whether it's worth the extra CPU 4118 * time to do the right check or not. 4119 */ 4120 return gen_cmp(cstate, OR_LLC, 6, BPF_H, ll_proto); 4121 } 4122 } 4123 } 4124 4125 static struct block * 4126 gen_hostop(compiler_state_t *cstate, bpf_u_int32 addr, bpf_u_int32 mask, 4127 int dir, bpf_u_int32 ll_proto, u_int src_off, u_int dst_off) 4128 { 4129 struct block *b0, *b1; 4130 u_int offset; 4131 4132 switch (dir) { 4133 4134 case Q_SRC: 4135 offset = src_off; 4136 break; 4137 4138 case Q_DST: 4139 offset = dst_off; 4140 break; 4141 4142 case Q_AND: 4143 b0 = gen_hostop(cstate, addr, mask, Q_SRC, ll_proto, src_off, dst_off); 4144 b1 = gen_hostop(cstate, addr, mask, Q_DST, ll_proto, src_off, dst_off); 4145 gen_and(b0, b1); 4146 return b1; 4147 4148 case Q_DEFAULT: 4149 case Q_OR: 4150 b0 = gen_hostop(cstate, addr, mask, Q_SRC, ll_proto, src_off, dst_off); 4151 b1 = gen_hostop(cstate, addr, mask, Q_DST, ll_proto, src_off, dst_off); 4152 gen_or(b0, b1); 4153 return b1; 4154 4155 case Q_ADDR1: 4156 bpf_error(cstate, "'addr1' and 'address1' are not valid qualifiers for addresses other than 802.11 MAC addresses"); 4157 /*NOTREACHED*/ 4158 4159 case Q_ADDR2: 4160 bpf_error(cstate, "'addr2' and 'address2' are not valid qualifiers for addresses other than 802.11 MAC addresses"); 4161 /*NOTREACHED*/ 4162 4163 case Q_ADDR3: 4164 bpf_error(cstate, "'addr3' and 'address3' are not valid qualifiers for addresses other than 802.11 MAC addresses"); 4165 /*NOTREACHED*/ 4166 4167 case Q_ADDR4: 4168 bpf_error(cstate, "'addr4' and 'address4' are not valid qualifiers for addresses other than 802.11 MAC addresses"); 4169 /*NOTREACHED*/ 4170 4171 case Q_RA: 4172 bpf_error(cstate, "'ra' is not a valid qualifier for addresses other than 802.11 MAC addresses"); 4173 /*NOTREACHED*/ 4174 4175 case Q_TA: 4176 bpf_error(cstate, "'ta' is not a valid qualifier for addresses other than 802.11 MAC addresses"); 4177 /*NOTREACHED*/ 4178 4179 default: 4180 abort(); 4181 /*NOTREACHED*/ 4182 } 4183 b0 = gen_linktype(cstate, ll_proto); 4184 b1 = gen_mcmp(cstate, OR_LINKPL, offset, BPF_W, addr, mask); 4185 gen_and(b0, b1); 4186 return b1; 4187 } 4188 4189 #ifdef INET6 4190 static struct block * 4191 gen_hostop6(compiler_state_t *cstate, struct in6_addr *addr, 4192 struct in6_addr *mask, int dir, bpf_u_int32 ll_proto, u_int src_off, 4193 u_int dst_off) 4194 { 4195 struct block *b0, *b1; 4196 u_int offset; 4197 /* 4198 * Code below needs to access four separate 32-bit parts of the 128-bit 4199 * IPv6 address and mask. In some OSes this is as simple as using the 4200 * s6_addr32 pseudo-member of struct in6_addr, which contains a union of 4201 * 8-, 16- and 32-bit arrays. In other OSes this is not the case, as 4202 * far as libpcap sees it. Hence copy the data before use to avoid 4203 * potential unaligned memory access and the associated compiler 4204 * warnings (whether genuine or not). 4205 */ 4206 bpf_u_int32 a[4], m[4]; 4207 4208 switch (dir) { 4209 4210 case Q_SRC: 4211 offset = src_off; 4212 break; 4213 4214 case Q_DST: 4215 offset = dst_off; 4216 break; 4217 4218 case Q_AND: 4219 b0 = gen_hostop6(cstate, addr, mask, Q_SRC, ll_proto, src_off, dst_off); 4220 b1 = gen_hostop6(cstate, addr, mask, Q_DST, ll_proto, src_off, dst_off); 4221 gen_and(b0, b1); 4222 return b1; 4223 4224 case Q_DEFAULT: 4225 case Q_OR: 4226 b0 = gen_hostop6(cstate, addr, mask, Q_SRC, ll_proto, src_off, dst_off); 4227 b1 = gen_hostop6(cstate, addr, mask, Q_DST, ll_proto, src_off, dst_off); 4228 gen_or(b0, b1); 4229 return b1; 4230 4231 case Q_ADDR1: 4232 bpf_error(cstate, "'addr1' and 'address1' are not valid qualifiers for addresses other than 802.11 MAC addresses"); 4233 /*NOTREACHED*/ 4234 4235 case Q_ADDR2: 4236 bpf_error(cstate, "'addr2' and 'address2' are not valid qualifiers for addresses other than 802.11 MAC addresses"); 4237 /*NOTREACHED*/ 4238 4239 case Q_ADDR3: 4240 bpf_error(cstate, "'addr3' and 'address3' are not valid qualifiers for addresses other than 802.11 MAC addresses"); 4241 /*NOTREACHED*/ 4242 4243 case Q_ADDR4: 4244 bpf_error(cstate, "'addr4' and 'address4' are not valid qualifiers for addresses other than 802.11 MAC addresses"); 4245 /*NOTREACHED*/ 4246 4247 case Q_RA: 4248 bpf_error(cstate, "'ra' is not a valid qualifier for addresses other than 802.11 MAC addresses"); 4249 /*NOTREACHED*/ 4250 4251 case Q_TA: 4252 bpf_error(cstate, "'ta' is not a valid qualifier for addresses other than 802.11 MAC addresses"); 4253 /*NOTREACHED*/ 4254 4255 default: 4256 abort(); 4257 /*NOTREACHED*/ 4258 } 4259 /* this order is important */ 4260 memcpy(a, addr, sizeof(a)); 4261 memcpy(m, mask, sizeof(m)); 4262 b1 = gen_mcmp(cstate, OR_LINKPL, offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3])); 4263 b0 = gen_mcmp(cstate, OR_LINKPL, offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2])); 4264 gen_and(b0, b1); 4265 b0 = gen_mcmp(cstate, OR_LINKPL, offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1])); 4266 gen_and(b0, b1); 4267 b0 = gen_mcmp(cstate, OR_LINKPL, offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0])); 4268 gen_and(b0, b1); 4269 b0 = gen_linktype(cstate, ll_proto); 4270 gen_and(b0, b1); 4271 return b1; 4272 } 4273 #endif 4274 4275 static struct block * 4276 gen_ehostop(compiler_state_t *cstate, const u_char *eaddr, int dir) 4277 { 4278 register struct block *b0, *b1; 4279 4280 switch (dir) { 4281 case Q_SRC: 4282 return gen_bcmp(cstate, OR_LINKHDR, 6, 6, eaddr); 4283 4284 case Q_DST: 4285 return gen_bcmp(cstate, OR_LINKHDR, 0, 6, eaddr); 4286 4287 case Q_AND: 4288 b0 = gen_ehostop(cstate, eaddr, Q_SRC); 4289 b1 = gen_ehostop(cstate, eaddr, Q_DST); 4290 gen_and(b0, b1); 4291 return b1; 4292 4293 case Q_DEFAULT: 4294 case Q_OR: 4295 b0 = gen_ehostop(cstate, eaddr, Q_SRC); 4296 b1 = gen_ehostop(cstate, eaddr, Q_DST); 4297 gen_or(b0, b1); 4298 return b1; 4299 4300 case Q_ADDR1: 4301 bpf_error(cstate, "'addr1' and 'address1' are only supported on 802.11 with 802.11 headers"); 4302 /*NOTREACHED*/ 4303 4304 case Q_ADDR2: 4305 bpf_error(cstate, "'addr2' and 'address2' are only supported on 802.11 with 802.11 headers"); 4306 /*NOTREACHED*/ 4307 4308 case Q_ADDR3: 4309 bpf_error(cstate, "'addr3' and 'address3' are only supported on 802.11 with 802.11 headers"); 4310 /*NOTREACHED*/ 4311 4312 case Q_ADDR4: 4313 bpf_error(cstate, "'addr4' and 'address4' are only supported on 802.11 with 802.11 headers"); 4314 /*NOTREACHED*/ 4315 4316 case Q_RA: 4317 bpf_error(cstate, "'ra' is only supported on 802.11 with 802.11 headers"); 4318 /*NOTREACHED*/ 4319 4320 case Q_TA: 4321 bpf_error(cstate, "'ta' is only supported on 802.11 with 802.11 headers"); 4322 /*NOTREACHED*/ 4323 } 4324 abort(); 4325 /*NOTREACHED*/ 4326 } 4327 4328 /* 4329 * Like gen_ehostop, but for DLT_FDDI 4330 */ 4331 static struct block * 4332 gen_fhostop(compiler_state_t *cstate, const u_char *eaddr, int dir) 4333 { 4334 struct block *b0, *b1; 4335 4336 switch (dir) { 4337 case Q_SRC: 4338 return gen_bcmp(cstate, OR_LINKHDR, 6 + 1 + cstate->pcap_fddipad, 6, eaddr); 4339 4340 case Q_DST: 4341 return gen_bcmp(cstate, OR_LINKHDR, 0 + 1 + cstate->pcap_fddipad, 6, eaddr); 4342 4343 case Q_AND: 4344 b0 = gen_fhostop(cstate, eaddr, Q_SRC); 4345 b1 = gen_fhostop(cstate, eaddr, Q_DST); 4346 gen_and(b0, b1); 4347 return b1; 4348 4349 case Q_DEFAULT: 4350 case Q_OR: 4351 b0 = gen_fhostop(cstate, eaddr, Q_SRC); 4352 b1 = gen_fhostop(cstate, eaddr, Q_DST); 4353 gen_or(b0, b1); 4354 return b1; 4355 4356 case Q_ADDR1: 4357 bpf_error(cstate, "'addr1' and 'address1' are only supported on 802.11"); 4358 /*NOTREACHED*/ 4359 4360 case Q_ADDR2: 4361 bpf_error(cstate, "'addr2' and 'address2' are only supported on 802.11"); 4362 /*NOTREACHED*/ 4363 4364 case Q_ADDR3: 4365 bpf_error(cstate, "'addr3' and 'address3' are only supported on 802.11"); 4366 /*NOTREACHED*/ 4367 4368 case Q_ADDR4: 4369 bpf_error(cstate, "'addr4' and 'address4' are only supported on 802.11"); 4370 /*NOTREACHED*/ 4371 4372 case Q_RA: 4373 bpf_error(cstate, "'ra' is only supported on 802.11"); 4374 /*NOTREACHED*/ 4375 4376 case Q_TA: 4377 bpf_error(cstate, "'ta' is only supported on 802.11"); 4378 /*NOTREACHED*/ 4379 } 4380 abort(); 4381 /*NOTREACHED*/ 4382 } 4383 4384 /* 4385 * Like gen_ehostop, but for DLT_IEEE802 (Token Ring) 4386 */ 4387 static struct block * 4388 gen_thostop(compiler_state_t *cstate, const u_char *eaddr, int dir) 4389 { 4390 register struct block *b0, *b1; 4391 4392 switch (dir) { 4393 case Q_SRC: 4394 return gen_bcmp(cstate, OR_LINKHDR, 8, 6, eaddr); 4395 4396 case Q_DST: 4397 return gen_bcmp(cstate, OR_LINKHDR, 2, 6, eaddr); 4398 4399 case Q_AND: 4400 b0 = gen_thostop(cstate, eaddr, Q_SRC); 4401 b1 = gen_thostop(cstate, eaddr, Q_DST); 4402 gen_and(b0, b1); 4403 return b1; 4404 4405 case Q_DEFAULT: 4406 case Q_OR: 4407 b0 = gen_thostop(cstate, eaddr, Q_SRC); 4408 b1 = gen_thostop(cstate, eaddr, Q_DST); 4409 gen_or(b0, b1); 4410 return b1; 4411 4412 case Q_ADDR1: 4413 bpf_error(cstate, "'addr1' and 'address1' are only supported on 802.11"); 4414 /*NOTREACHED*/ 4415 4416 case Q_ADDR2: 4417 bpf_error(cstate, "'addr2' and 'address2' are only supported on 802.11"); 4418 /*NOTREACHED*/ 4419 4420 case Q_ADDR3: 4421 bpf_error(cstate, "'addr3' and 'address3' are only supported on 802.11"); 4422 /*NOTREACHED*/ 4423 4424 case Q_ADDR4: 4425 bpf_error(cstate, "'addr4' and 'address4' are only supported on 802.11"); 4426 /*NOTREACHED*/ 4427 4428 case Q_RA: 4429 bpf_error(cstate, "'ra' is only supported on 802.11"); 4430 /*NOTREACHED*/ 4431 4432 case Q_TA: 4433 bpf_error(cstate, "'ta' is only supported on 802.11"); 4434 /*NOTREACHED*/ 4435 } 4436 abort(); 4437 /*NOTREACHED*/ 4438 } 4439 4440 /* 4441 * Like gen_ehostop, but for DLT_IEEE802_11 (802.11 wireless LAN) and 4442 * various 802.11 + radio headers. 4443 */ 4444 static struct block * 4445 gen_wlanhostop(compiler_state_t *cstate, const u_char *eaddr, int dir) 4446 { 4447 register struct block *b0, *b1, *b2; 4448 register struct slist *s; 4449 4450 #ifdef ENABLE_WLAN_FILTERING_PATCH 4451 /* 4452 * TODO GV 20070613 4453 * We need to disable the optimizer because the optimizer is buggy 4454 * and wipes out some LD instructions generated by the below 4455 * code to validate the Frame Control bits 4456 */ 4457 cstate->no_optimize = 1; 4458 #endif /* ENABLE_WLAN_FILTERING_PATCH */ 4459 4460 switch (dir) { 4461 case Q_SRC: 4462 /* 4463 * Oh, yuk. 4464 * 4465 * For control frames, there is no SA. 4466 * 4467 * For management frames, SA is at an 4468 * offset of 10 from the beginning of 4469 * the packet. 4470 * 4471 * For data frames, SA is at an offset 4472 * of 10 from the beginning of the packet 4473 * if From DS is clear, at an offset of 4474 * 16 from the beginning of the packet 4475 * if From DS is set and To DS is clear, 4476 * and an offset of 24 from the beginning 4477 * of the packet if From DS is set and To DS 4478 * is set. 4479 */ 4480 4481 /* 4482 * Generate the tests to be done for data frames 4483 * with From DS set. 4484 * 4485 * First, check for To DS set, i.e. check "link[1] & 0x01". 4486 */ 4487 s = gen_load_a(cstate, OR_LINKHDR, 1, BPF_B); 4488 b1 = new_block(cstate, JMP(BPF_JSET)); 4489 b1->s.k = 0x01; /* To DS */ 4490 b1->stmts = s; 4491 4492 /* 4493 * If To DS is set, the SA is at 24. 4494 */ 4495 b0 = gen_bcmp(cstate, OR_LINKHDR, 24, 6, eaddr); 4496 gen_and(b1, b0); 4497 4498 /* 4499 * Now, check for To DS not set, i.e. check 4500 * "!(link[1] & 0x01)". 4501 */ 4502 s = gen_load_a(cstate, OR_LINKHDR, 1, BPF_B); 4503 b2 = new_block(cstate, JMP(BPF_JSET)); 4504 b2->s.k = 0x01; /* To DS */ 4505 b2->stmts = s; 4506 gen_not(b2); 4507 4508 /* 4509 * If To DS is not set, the SA is at 16. 4510 */ 4511 b1 = gen_bcmp(cstate, OR_LINKHDR, 16, 6, eaddr); 4512 gen_and(b2, b1); 4513 4514 /* 4515 * Now OR together the last two checks. That gives 4516 * the complete set of checks for data frames with 4517 * From DS set. 4518 */ 4519 gen_or(b1, b0); 4520 4521 /* 4522 * Now check for From DS being set, and AND that with 4523 * the ORed-together checks. 4524 */ 4525 s = gen_load_a(cstate, OR_LINKHDR, 1, BPF_B); 4526 b1 = new_block(cstate, JMP(BPF_JSET)); 4527 b1->s.k = 0x02; /* From DS */ 4528 b1->stmts = s; 4529 gen_and(b1, b0); 4530 4531 /* 4532 * Now check for data frames with From DS not set. 4533 */ 4534 s = gen_load_a(cstate, OR_LINKHDR, 1, BPF_B); 4535 b2 = new_block(cstate, JMP(BPF_JSET)); 4536 b2->s.k = 0x02; /* From DS */ 4537 b2->stmts = s; 4538 gen_not(b2); 4539 4540 /* 4541 * If From DS isn't set, the SA is at 10. 4542 */ 4543 b1 = gen_bcmp(cstate, OR_LINKHDR, 10, 6, eaddr); 4544 gen_and(b2, b1); 4545 4546 /* 4547 * Now OR together the checks for data frames with 4548 * From DS not set and for data frames with From DS 4549 * set; that gives the checks done for data frames. 4550 */ 4551 gen_or(b1, b0); 4552 4553 /* 4554 * Now check for a data frame. 4555 * I.e, check "link[0] & 0x08". 4556 */ 4557 s = gen_load_a(cstate, OR_LINKHDR, 0, BPF_B); 4558 b1 = new_block(cstate, JMP(BPF_JSET)); 4559 b1->s.k = 0x08; 4560 b1->stmts = s; 4561 4562 /* 4563 * AND that with the checks done for data frames. 4564 */ 4565 gen_and(b1, b0); 4566 4567 /* 4568 * If the high-order bit of the type value is 0, this 4569 * is a management frame. 4570 * I.e, check "!(link[0] & 0x08)". 4571 */ 4572 s = gen_load_a(cstate, OR_LINKHDR, 0, BPF_B); 4573 b2 = new_block(cstate, JMP(BPF_JSET)); 4574 b2->s.k = 0x08; 4575 b2->stmts = s; 4576 gen_not(b2); 4577 4578 /* 4579 * For management frames, the SA is at 10. 4580 */ 4581 b1 = gen_bcmp(cstate, OR_LINKHDR, 10, 6, eaddr); 4582 gen_and(b2, b1); 4583 4584 /* 4585 * OR that with the checks done for data frames. 4586 * That gives the checks done for management and 4587 * data frames. 4588 */ 4589 gen_or(b1, b0); 4590 4591 /* 4592 * If the low-order bit of the type value is 1, 4593 * this is either a control frame or a frame 4594 * with a reserved type, and thus not a 4595 * frame with an SA. 4596 * 4597 * I.e., check "!(link[0] & 0x04)". 4598 */ 4599 s = gen_load_a(cstate, OR_LINKHDR, 0, BPF_B); 4600 b1 = new_block(cstate, JMP(BPF_JSET)); 4601 b1->s.k = 0x04; 4602 b1->stmts = s; 4603 gen_not(b1); 4604 4605 /* 4606 * AND that with the checks for data and management 4607 * frames. 4608 */ 4609 gen_and(b1, b0); 4610 return b0; 4611 4612 case Q_DST: 4613 /* 4614 * Oh, yuk. 4615 * 4616 * For control frames, there is no DA. 4617 * 4618 * For management frames, DA is at an 4619 * offset of 4 from the beginning of 4620 * the packet. 4621 * 4622 * For data frames, DA is at an offset 4623 * of 4 from the beginning of the packet 4624 * if To DS is clear and at an offset of 4625 * 16 from the beginning of the packet 4626 * if To DS is set. 4627 */ 4628 4629 /* 4630 * Generate the tests to be done for data frames. 4631 * 4632 * First, check for To DS set, i.e. "link[1] & 0x01". 4633 */ 4634 s = gen_load_a(cstate, OR_LINKHDR, 1, BPF_B); 4635 b1 = new_block(cstate, JMP(BPF_JSET)); 4636 b1->s.k = 0x01; /* To DS */ 4637 b1->stmts = s; 4638 4639 /* 4640 * If To DS is set, the DA is at 16. 4641 */ 4642 b0 = gen_bcmp(cstate, OR_LINKHDR, 16, 6, eaddr); 4643 gen_and(b1, b0); 4644 4645 /* 4646 * Now, check for To DS not set, i.e. check 4647 * "!(link[1] & 0x01)". 4648 */ 4649 s = gen_load_a(cstate, OR_LINKHDR, 1, BPF_B); 4650 b2 = new_block(cstate, JMP(BPF_JSET)); 4651 b2->s.k = 0x01; /* To DS */ 4652 b2->stmts = s; 4653 gen_not(b2); 4654 4655 /* 4656 * If To DS is not set, the DA is at 4. 4657 */ 4658 b1 = gen_bcmp(cstate, OR_LINKHDR, 4, 6, eaddr); 4659 gen_and(b2, b1); 4660 4661 /* 4662 * Now OR together the last two checks. That gives 4663 * the complete set of checks for data frames. 4664 */ 4665 gen_or(b1, b0); 4666 4667 /* 4668 * Now check for a data frame. 4669 * I.e, check "link[0] & 0x08". 4670 */ 4671 s = gen_load_a(cstate, OR_LINKHDR, 0, BPF_B); 4672 b1 = new_block(cstate, JMP(BPF_JSET)); 4673 b1->s.k = 0x08; 4674 b1->stmts = s; 4675 4676 /* 4677 * AND that with the checks done for data frames. 4678 */ 4679 gen_and(b1, b0); 4680 4681 /* 4682 * If the high-order bit of the type value is 0, this 4683 * is a management frame. 4684 * I.e, check "!(link[0] & 0x08)". 4685 */ 4686 s = gen_load_a(cstate, OR_LINKHDR, 0, BPF_B); 4687 b2 = new_block(cstate, JMP(BPF_JSET)); 4688 b2->s.k = 0x08; 4689 b2->stmts = s; 4690 gen_not(b2); 4691 4692 /* 4693 * For management frames, the DA is at 4. 4694 */ 4695 b1 = gen_bcmp(cstate, OR_LINKHDR, 4, 6, eaddr); 4696 gen_and(b2, b1); 4697 4698 /* 4699 * OR that with the checks done for data frames. 4700 * That gives the checks done for management and 4701 * data frames. 4702 */ 4703 gen_or(b1, b0); 4704 4705 /* 4706 * If the low-order bit of the type value is 1, 4707 * this is either a control frame or a frame 4708 * with a reserved type, and thus not a 4709 * frame with an SA. 4710 * 4711 * I.e., check "!(link[0] & 0x04)". 4712 */ 4713 s = gen_load_a(cstate, OR_LINKHDR, 0, BPF_B); 4714 b1 = new_block(cstate, JMP(BPF_JSET)); 4715 b1->s.k = 0x04; 4716 b1->stmts = s; 4717 gen_not(b1); 4718 4719 /* 4720 * AND that with the checks for data and management 4721 * frames. 4722 */ 4723 gen_and(b1, b0); 4724 return b0; 4725 4726 case Q_AND: 4727 b0 = gen_wlanhostop(cstate, eaddr, Q_SRC); 4728 b1 = gen_wlanhostop(cstate, eaddr, Q_DST); 4729 gen_and(b0, b1); 4730 return b1; 4731 4732 case Q_DEFAULT: 4733 case Q_OR: 4734 b0 = gen_wlanhostop(cstate, eaddr, Q_SRC); 4735 b1 = gen_wlanhostop(cstate, eaddr, Q_DST); 4736 gen_or(b0, b1); 4737 return b1; 4738 4739 /* 4740 * XXX - add BSSID keyword? 4741 */ 4742 case Q_ADDR1: 4743 return (gen_bcmp(cstate, OR_LINKHDR, 4, 6, eaddr)); 4744 4745 case Q_ADDR2: 4746 /* 4747 * Not present in CTS or ACK control frames. 4748 */ 4749 b0 = gen_mcmp(cstate, OR_LINKHDR, 0, BPF_B, IEEE80211_FC0_TYPE_CTL, 4750 IEEE80211_FC0_TYPE_MASK); 4751 gen_not(b0); 4752 b1 = gen_mcmp(cstate, OR_LINKHDR, 0, BPF_B, IEEE80211_FC0_SUBTYPE_CTS, 4753 IEEE80211_FC0_SUBTYPE_MASK); 4754 gen_not(b1); 4755 b2 = gen_mcmp(cstate, OR_LINKHDR, 0, BPF_B, IEEE80211_FC0_SUBTYPE_ACK, 4756 IEEE80211_FC0_SUBTYPE_MASK); 4757 gen_not(b2); 4758 gen_and(b1, b2); 4759 gen_or(b0, b2); 4760 b1 = gen_bcmp(cstate, OR_LINKHDR, 10, 6, eaddr); 4761 gen_and(b2, b1); 4762 return b1; 4763 4764 case Q_ADDR3: 4765 /* 4766 * Not present in control frames. 4767 */ 4768 b0 = gen_mcmp(cstate, OR_LINKHDR, 0, BPF_B, IEEE80211_FC0_TYPE_CTL, 4769 IEEE80211_FC0_TYPE_MASK); 4770 gen_not(b0); 4771 b1 = gen_bcmp(cstate, OR_LINKHDR, 16, 6, eaddr); 4772 gen_and(b0, b1); 4773 return b1; 4774 4775 case Q_ADDR4: 4776 /* 4777 * Present only if the direction mask has both "From DS" 4778 * and "To DS" set. Neither control frames nor management 4779 * frames should have both of those set, so we don't 4780 * check the frame type. 4781 */ 4782 b0 = gen_mcmp(cstate, OR_LINKHDR, 1, BPF_B, 4783 IEEE80211_FC1_DIR_DSTODS, IEEE80211_FC1_DIR_MASK); 4784 b1 = gen_bcmp(cstate, OR_LINKHDR, 24, 6, eaddr); 4785 gen_and(b0, b1); 4786 return b1; 4787 4788 case Q_RA: 4789 /* 4790 * Not present in management frames; addr1 in other 4791 * frames. 4792 */ 4793 4794 /* 4795 * If the high-order bit of the type value is 0, this 4796 * is a management frame. 4797 * I.e, check "(link[0] & 0x08)". 4798 */ 4799 s = gen_load_a(cstate, OR_LINKHDR, 0, BPF_B); 4800 b1 = new_block(cstate, JMP(BPF_JSET)); 4801 b1->s.k = 0x08; 4802 b1->stmts = s; 4803 4804 /* 4805 * Check addr1. 4806 */ 4807 b0 = gen_bcmp(cstate, OR_LINKHDR, 4, 6, eaddr); 4808 4809 /* 4810 * AND that with the check of addr1. 4811 */ 4812 gen_and(b1, b0); 4813 return (b0); 4814 4815 case Q_TA: 4816 /* 4817 * Not present in management frames; addr2, if present, 4818 * in other frames. 4819 */ 4820 4821 /* 4822 * Not present in CTS or ACK control frames. 4823 */ 4824 b0 = gen_mcmp(cstate, OR_LINKHDR, 0, BPF_B, IEEE80211_FC0_TYPE_CTL, 4825 IEEE80211_FC0_TYPE_MASK); 4826 gen_not(b0); 4827 b1 = gen_mcmp(cstate, OR_LINKHDR, 0, BPF_B, IEEE80211_FC0_SUBTYPE_CTS, 4828 IEEE80211_FC0_SUBTYPE_MASK); 4829 gen_not(b1); 4830 b2 = gen_mcmp(cstate, OR_LINKHDR, 0, BPF_B, IEEE80211_FC0_SUBTYPE_ACK, 4831 IEEE80211_FC0_SUBTYPE_MASK); 4832 gen_not(b2); 4833 gen_and(b1, b2); 4834 gen_or(b0, b2); 4835 4836 /* 4837 * If the high-order bit of the type value is 0, this 4838 * is a management frame. 4839 * I.e, check "(link[0] & 0x08)". 4840 */ 4841 s = gen_load_a(cstate, OR_LINKHDR, 0, BPF_B); 4842 b1 = new_block(cstate, JMP(BPF_JSET)); 4843 b1->s.k = 0x08; 4844 b1->stmts = s; 4845 4846 /* 4847 * AND that with the check for frames other than 4848 * CTS and ACK frames. 4849 */ 4850 gen_and(b1, b2); 4851 4852 /* 4853 * Check addr2. 4854 */ 4855 b1 = gen_bcmp(cstate, OR_LINKHDR, 10, 6, eaddr); 4856 gen_and(b2, b1); 4857 return b1; 4858 } 4859 abort(); 4860 /*NOTREACHED*/ 4861 } 4862 4863 /* 4864 * Like gen_ehostop, but for RFC 2625 IP-over-Fibre-Channel. 4865 * (We assume that the addresses are IEEE 48-bit MAC addresses, 4866 * as the RFC states.) 4867 */ 4868 static struct block * 4869 gen_ipfchostop(compiler_state_t *cstate, const u_char *eaddr, int dir) 4870 { 4871 register struct block *b0, *b1; 4872 4873 switch (dir) { 4874 case Q_SRC: 4875 return gen_bcmp(cstate, OR_LINKHDR, 10, 6, eaddr); 4876 4877 case Q_DST: 4878 return gen_bcmp(cstate, OR_LINKHDR, 2, 6, eaddr); 4879 4880 case Q_AND: 4881 b0 = gen_ipfchostop(cstate, eaddr, Q_SRC); 4882 b1 = gen_ipfchostop(cstate, eaddr, Q_DST); 4883 gen_and(b0, b1); 4884 return b1; 4885 4886 case Q_DEFAULT: 4887 case Q_OR: 4888 b0 = gen_ipfchostop(cstate, eaddr, Q_SRC); 4889 b1 = gen_ipfchostop(cstate, eaddr, Q_DST); 4890 gen_or(b0, b1); 4891 return b1; 4892 4893 case Q_ADDR1: 4894 bpf_error(cstate, "'addr1' and 'address1' are only supported on 802.11"); 4895 /*NOTREACHED*/ 4896 4897 case Q_ADDR2: 4898 bpf_error(cstate, "'addr2' and 'address2' are only supported on 802.11"); 4899 /*NOTREACHED*/ 4900 4901 case Q_ADDR3: 4902 bpf_error(cstate, "'addr3' and 'address3' are only supported on 802.11"); 4903 /*NOTREACHED*/ 4904 4905 case Q_ADDR4: 4906 bpf_error(cstate, "'addr4' and 'address4' are only supported on 802.11"); 4907 /*NOTREACHED*/ 4908 4909 case Q_RA: 4910 bpf_error(cstate, "'ra' is only supported on 802.11"); 4911 /*NOTREACHED*/ 4912 4913 case Q_TA: 4914 bpf_error(cstate, "'ta' is only supported on 802.11"); 4915 /*NOTREACHED*/ 4916 } 4917 abort(); 4918 /*NOTREACHED*/ 4919 } 4920 4921 /* 4922 * This is quite tricky because there may be pad bytes in front of the 4923 * DECNET header, and then there are two possible data packet formats that 4924 * carry both src and dst addresses, plus 5 packet types in a format that 4925 * carries only the src node, plus 2 types that use a different format and 4926 * also carry just the src node. 4927 * 4928 * Yuck. 4929 * 4930 * Instead of doing those all right, we just look for data packets with 4931 * 0 or 1 bytes of padding. If you want to look at other packets, that 4932 * will require a lot more hacking. 4933 * 4934 * To add support for filtering on DECNET "areas" (network numbers) 4935 * one would want to add a "mask" argument to this routine. That would 4936 * make the filter even more inefficient, although one could be clever 4937 * and not generate masking instructions if the mask is 0xFFFF. 4938 */ 4939 static struct block * 4940 gen_dnhostop(compiler_state_t *cstate, bpf_u_int32 addr, int dir) 4941 { 4942 struct block *b0, *b1, *b2, *tmp; 4943 u_int offset_lh; /* offset if long header is received */ 4944 u_int offset_sh; /* offset if short header is received */ 4945 4946 switch (dir) { 4947 4948 case Q_DST: 4949 offset_sh = 1; /* follows flags */ 4950 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */ 4951 break; 4952 4953 case Q_SRC: 4954 offset_sh = 3; /* follows flags, dstnode */ 4955 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */ 4956 break; 4957 4958 case Q_AND: 4959 /* Inefficient because we do our Calvinball dance twice */ 4960 b0 = gen_dnhostop(cstate, addr, Q_SRC); 4961 b1 = gen_dnhostop(cstate, addr, Q_DST); 4962 gen_and(b0, b1); 4963 return b1; 4964 4965 case Q_DEFAULT: 4966 case Q_OR: 4967 /* Inefficient because we do our Calvinball dance twice */ 4968 b0 = gen_dnhostop(cstate, addr, Q_SRC); 4969 b1 = gen_dnhostop(cstate, addr, Q_DST); 4970 gen_or(b0, b1); 4971 return b1; 4972 4973 case Q_ADDR1: 4974 bpf_error(cstate, "'addr1' and 'address1' are not valid qualifiers for addresses other than 802.11 MAC addresses"); 4975 /*NOTREACHED*/ 4976 4977 case Q_ADDR2: 4978 bpf_error(cstate, "'addr2' and 'address2' are not valid qualifiers for addresses other than 802.11 MAC addresses"); 4979 /*NOTREACHED*/ 4980 4981 case Q_ADDR3: 4982 bpf_error(cstate, "'addr3' and 'address3' are not valid qualifiers for addresses other than 802.11 MAC addresses"); 4983 /*NOTREACHED*/ 4984 4985 case Q_ADDR4: 4986 bpf_error(cstate, "'addr4' and 'address4' are not valid qualifiers for addresses other than 802.11 MAC addresses"); 4987 /*NOTREACHED*/ 4988 4989 case Q_RA: 4990 bpf_error(cstate, "'ra' is not a valid qualifier for addresses other than 802.11 MAC addresses"); 4991 /*NOTREACHED*/ 4992 4993 case Q_TA: 4994 bpf_error(cstate, "'ta' is not a valid qualifier for addresses other than 802.11 MAC addresses"); 4995 /*NOTREACHED*/ 4996 4997 default: 4998 abort(); 4999 /*NOTREACHED*/ 5000 } 5001 b0 = gen_linktype(cstate, ETHERTYPE_DN); 5002 /* Check for pad = 1, long header case */ 5003 tmp = gen_mcmp(cstate, OR_LINKPL, 2, BPF_H, 5004 (bpf_u_int32)ntohs(0x0681), (bpf_u_int32)ntohs(0x07FF)); 5005 b1 = gen_cmp(cstate, OR_LINKPL, 2 + 1 + offset_lh, 5006 BPF_H, (bpf_u_int32)ntohs((u_short)addr)); 5007 gen_and(tmp, b1); 5008 /* Check for pad = 0, long header case */ 5009 tmp = gen_mcmp(cstate, OR_LINKPL, 2, BPF_B, (bpf_u_int32)0x06, 5010 (bpf_u_int32)0x7); 5011 b2 = gen_cmp(cstate, OR_LINKPL, 2 + offset_lh, BPF_H, 5012 (bpf_u_int32)ntohs((u_short)addr)); 5013 gen_and(tmp, b2); 5014 gen_or(b2, b1); 5015 /* Check for pad = 1, short header case */ 5016 tmp = gen_mcmp(cstate, OR_LINKPL, 2, BPF_H, 5017 (bpf_u_int32)ntohs(0x0281), (bpf_u_int32)ntohs(0x07FF)); 5018 b2 = gen_cmp(cstate, OR_LINKPL, 2 + 1 + offset_sh, BPF_H, 5019 (bpf_u_int32)ntohs((u_short)addr)); 5020 gen_and(tmp, b2); 5021 gen_or(b2, b1); 5022 /* Check for pad = 0, short header case */ 5023 tmp = gen_mcmp(cstate, OR_LINKPL, 2, BPF_B, (bpf_u_int32)0x02, 5024 (bpf_u_int32)0x7); 5025 b2 = gen_cmp(cstate, OR_LINKPL, 2 + offset_sh, BPF_H, 5026 (bpf_u_int32)ntohs((u_short)addr)); 5027 gen_and(tmp, b2); 5028 gen_or(b2, b1); 5029 5030 /* Combine with test for cstate->linktype */ 5031 gen_and(b0, b1); 5032 return b1; 5033 } 5034 5035 /* 5036 * Generate a check for IPv4 or IPv6 for MPLS-encapsulated packets; 5037 * test the bottom-of-stack bit, and then check the version number 5038 * field in the IP header. 5039 */ 5040 static struct block * 5041 gen_mpls_linktype(compiler_state_t *cstate, bpf_u_int32 ll_proto) 5042 { 5043 struct block *b0, *b1; 5044 5045 switch (ll_proto) { 5046 5047 case ETHERTYPE_IP: 5048 /* match the bottom-of-stack bit */ 5049 b0 = gen_mcmp(cstate, OR_LINKPL, (u_int)-2, BPF_B, 0x01, 0x01); 5050 /* match the IPv4 version number */ 5051 b1 = gen_mcmp(cstate, OR_LINKPL, 0, BPF_B, 0x40, 0xf0); 5052 gen_and(b0, b1); 5053 return b1; 5054 5055 case ETHERTYPE_IPV6: 5056 /* match the bottom-of-stack bit */ 5057 b0 = gen_mcmp(cstate, OR_LINKPL, (u_int)-2, BPF_B, 0x01, 0x01); 5058 /* match the IPv4 version number */ 5059 b1 = gen_mcmp(cstate, OR_LINKPL, 0, BPF_B, 0x60, 0xf0); 5060 gen_and(b0, b1); 5061 return b1; 5062 5063 default: 5064 /* FIXME add other L3 proto IDs */ 5065 bpf_error(cstate, "unsupported protocol over mpls"); 5066 /*NOTREACHED*/ 5067 } 5068 } 5069 5070 static struct block * 5071 gen_host(compiler_state_t *cstate, bpf_u_int32 addr, bpf_u_int32 mask, 5072 int proto, int dir, int type) 5073 { 5074 struct block *b0, *b1; 5075 const char *typestr; 5076 5077 if (type == Q_NET) 5078 typestr = "net"; 5079 else 5080 typestr = "host"; 5081 5082 switch (proto) { 5083 5084 case Q_DEFAULT: 5085 b0 = gen_host(cstate, addr, mask, Q_IP, dir, type); 5086 /* 5087 * Only check for non-IPv4 addresses if we're not 5088 * checking MPLS-encapsulated packets. 5089 */ 5090 if (cstate->label_stack_depth == 0) { 5091 b1 = gen_host(cstate, addr, mask, Q_ARP, dir, type); 5092 gen_or(b0, b1); 5093 b0 = gen_host(cstate, addr, mask, Q_RARP, dir, type); 5094 gen_or(b1, b0); 5095 } 5096 return b0; 5097 5098 case Q_LINK: 5099 bpf_error(cstate, "link-layer modifier applied to %s", typestr); 5100 5101 case Q_IP: 5102 return gen_hostop(cstate, addr, mask, dir, ETHERTYPE_IP, 12, 16); 5103 5104 case Q_RARP: 5105 return gen_hostop(cstate, addr, mask, dir, ETHERTYPE_REVARP, 14, 24); 5106 5107 case Q_ARP: 5108 return gen_hostop(cstate, addr, mask, dir, ETHERTYPE_ARP, 14, 24); 5109 5110 case Q_SCTP: 5111 bpf_error(cstate, "'sctp' modifier applied to %s", typestr); 5112 5113 case Q_TCP: 5114 bpf_error(cstate, "'tcp' modifier applied to %s", typestr); 5115 5116 case Q_UDP: 5117 bpf_error(cstate, "'udp' modifier applied to %s", typestr); 5118 5119 case Q_ICMP: 5120 bpf_error(cstate, "'icmp' modifier applied to %s", typestr); 5121 5122 case Q_IGMP: 5123 bpf_error(cstate, "'igmp' modifier applied to %s", typestr); 5124 5125 case Q_IGRP: 5126 bpf_error(cstate, "'igrp' modifier applied to %s", typestr); 5127 5128 case Q_ATALK: 5129 bpf_error(cstate, "AppleTalk host filtering not implemented"); 5130 5131 case Q_DECNET: 5132 return gen_dnhostop(cstate, addr, dir); 5133 5134 case Q_LAT: 5135 bpf_error(cstate, "LAT host filtering not implemented"); 5136 5137 case Q_SCA: 5138 bpf_error(cstate, "SCA host filtering not implemented"); 5139 5140 case Q_MOPRC: 5141 bpf_error(cstate, "MOPRC host filtering not implemented"); 5142 5143 case Q_MOPDL: 5144 bpf_error(cstate, "MOPDL host filtering not implemented"); 5145 5146 case Q_IPV6: 5147 bpf_error(cstate, "'ip6' modifier applied to ip host"); 5148 5149 case Q_ICMPV6: 5150 bpf_error(cstate, "'icmp6' modifier applied to %s", typestr); 5151 5152 case Q_AH: 5153 bpf_error(cstate, "'ah' modifier applied to %s", typestr); 5154 5155 case Q_ESP: 5156 bpf_error(cstate, "'esp' modifier applied to %s", typestr); 5157 5158 case Q_PIM: 5159 bpf_error(cstate, "'pim' modifier applied to %s", typestr); 5160 5161 case Q_VRRP: 5162 bpf_error(cstate, "'vrrp' modifier applied to %s", typestr); 5163 5164 case Q_AARP: 5165 bpf_error(cstate, "AARP host filtering not implemented"); 5166 5167 case Q_ISO: 5168 bpf_error(cstate, "ISO host filtering not implemented"); 5169 5170 case Q_ESIS: 5171 bpf_error(cstate, "'esis' modifier applied to %s", typestr); 5172 5173 case Q_ISIS: 5174 bpf_error(cstate, "'isis' modifier applied to %s", typestr); 5175 5176 case Q_CLNP: 5177 bpf_error(cstate, "'clnp' modifier applied to %s", typestr); 5178 5179 case Q_STP: 5180 bpf_error(cstate, "'stp' modifier applied to %s", typestr); 5181 5182 case Q_IPX: 5183 bpf_error(cstate, "IPX host filtering not implemented"); 5184 5185 case Q_NETBEUI: 5186 bpf_error(cstate, "'netbeui' modifier applied to %s", typestr); 5187 5188 case Q_ISIS_L1: 5189 bpf_error(cstate, "'l1' modifier applied to %s", typestr); 5190 5191 case Q_ISIS_L2: 5192 bpf_error(cstate, "'l2' modifier applied to %s", typestr); 5193 5194 case Q_ISIS_IIH: 5195 bpf_error(cstate, "'iih' modifier applied to %s", typestr); 5196 5197 case Q_ISIS_SNP: 5198 bpf_error(cstate, "'snp' modifier applied to %s", typestr); 5199 5200 case Q_ISIS_CSNP: 5201 bpf_error(cstate, "'csnp' modifier applied to %s", typestr); 5202 5203 case Q_ISIS_PSNP: 5204 bpf_error(cstate, "'psnp' modifier applied to %s", typestr); 5205 5206 case Q_ISIS_LSP: 5207 bpf_error(cstate, "'lsp' modifier applied to %s", typestr); 5208 5209 case Q_RADIO: 5210 bpf_error(cstate, "'radio' modifier applied to %s", typestr); 5211 5212 case Q_CARP: 5213 bpf_error(cstate, "'carp' modifier applied to %s", typestr); 5214 5215 default: 5216 abort(); 5217 } 5218 /*NOTREACHED*/ 5219 } 5220 5221 #ifdef INET6 5222 static struct block * 5223 gen_host6(compiler_state_t *cstate, struct in6_addr *addr, 5224 struct in6_addr *mask, int proto, int dir, int type) 5225 { 5226 const char *typestr; 5227 5228 if (type == Q_NET) 5229 typestr = "net"; 5230 else 5231 typestr = "host"; 5232 5233 switch (proto) { 5234 5235 case Q_DEFAULT: 5236 return gen_host6(cstate, addr, mask, Q_IPV6, dir, type); 5237 5238 case Q_LINK: 5239 bpf_error(cstate, "link-layer modifier applied to ip6 %s", typestr); 5240 5241 case Q_IP: 5242 bpf_error(cstate, "'ip' modifier applied to ip6 %s", typestr); 5243 5244 case Q_RARP: 5245 bpf_error(cstate, "'rarp' modifier applied to ip6 %s", typestr); 5246 5247 case Q_ARP: 5248 bpf_error(cstate, "'arp' modifier applied to ip6 %s", typestr); 5249 5250 case Q_SCTP: 5251 bpf_error(cstate, "'sctp' modifier applied to ip6 %s", typestr); 5252 5253 case Q_TCP: 5254 bpf_error(cstate, "'tcp' modifier applied to ip6 %s", typestr); 5255 5256 case Q_UDP: 5257 bpf_error(cstate, "'udp' modifier applied to ip6 %s", typestr); 5258 5259 case Q_ICMP: 5260 bpf_error(cstate, "'icmp' modifier applied to ip6 %s", typestr); 5261 5262 case Q_IGMP: 5263 bpf_error(cstate, "'igmp' modifier applied to ip6 %s", typestr); 5264 5265 case Q_IGRP: 5266 bpf_error(cstate, "'igrp' modifier applied to ip6 %s", typestr); 5267 5268 case Q_ATALK: 5269 bpf_error(cstate, "AppleTalk modifier applied to ip6 %s", typestr); 5270 5271 case Q_DECNET: 5272 bpf_error(cstate, "'decnet' modifier applied to ip6 %s", typestr); 5273 5274 case Q_LAT: 5275 bpf_error(cstate, "'lat' modifier applied to ip6 %s", typestr); 5276 5277 case Q_SCA: 5278 bpf_error(cstate, "'sca' modifier applied to ip6 %s", typestr); 5279 5280 case Q_MOPRC: 5281 bpf_error(cstate, "'moprc' modifier applied to ip6 %s", typestr); 5282 5283 case Q_MOPDL: 5284 bpf_error(cstate, "'mopdl' modifier applied to ip6 %s", typestr); 5285 5286 case Q_IPV6: 5287 return gen_hostop6(cstate, addr, mask, dir, ETHERTYPE_IPV6, 8, 24); 5288 5289 case Q_ICMPV6: 5290 bpf_error(cstate, "'icmp6' modifier applied to ip6 %s", typestr); 5291 5292 case Q_AH: 5293 bpf_error(cstate, "'ah' modifier applied to ip6 %s", typestr); 5294 5295 case Q_ESP: 5296 bpf_error(cstate, "'esp' modifier applied to ip6 %s", typestr); 5297 5298 case Q_PIM: 5299 bpf_error(cstate, "'pim' modifier applied to ip6 %s", typestr); 5300 5301 case Q_VRRP: 5302 bpf_error(cstate, "'vrrp' modifier applied to ip6 %s", typestr); 5303 5304 case Q_AARP: 5305 bpf_error(cstate, "'aarp' modifier applied to ip6 %s", typestr); 5306 5307 case Q_ISO: 5308 bpf_error(cstate, "'iso' modifier applied to ip6 %s", typestr); 5309 5310 case Q_ESIS: 5311 bpf_error(cstate, "'esis' modifier applied to ip6 %s", typestr); 5312 5313 case Q_ISIS: 5314 bpf_error(cstate, "'isis' modifier applied to ip6 %s", typestr); 5315 5316 case Q_CLNP: 5317 bpf_error(cstate, "'clnp' modifier applied to ip6 %s", typestr); 5318 5319 case Q_STP: 5320 bpf_error(cstate, "'stp' modifier applied to ip6 %s", typestr); 5321 5322 case Q_IPX: 5323 bpf_error(cstate, "'ipx' modifier applied to ip6 %s", typestr); 5324 5325 case Q_NETBEUI: 5326 bpf_error(cstate, "'netbeui' modifier applied to ip6 %s", typestr); 5327 5328 case Q_ISIS_L1: 5329 bpf_error(cstate, "'l1' modifier applied to ip6 %s", typestr); 5330 5331 case Q_ISIS_L2: 5332 bpf_error(cstate, "'l2' modifier applied to ip6 %s", typestr); 5333 5334 case Q_ISIS_IIH: 5335 bpf_error(cstate, "'iih' modifier applied to ip6 %s", typestr); 5336 5337 case Q_ISIS_SNP: 5338 bpf_error(cstate, "'snp' modifier applied to ip6 %s", typestr); 5339 5340 case Q_ISIS_CSNP: 5341 bpf_error(cstate, "'csnp' modifier applied to ip6 %s", typestr); 5342 5343 case Q_ISIS_PSNP: 5344 bpf_error(cstate, "'psnp' modifier applied to ip6 %s", typestr); 5345 5346 case Q_ISIS_LSP: 5347 bpf_error(cstate, "'lsp' modifier applied to ip6 %s", typestr); 5348 5349 case Q_RADIO: 5350 bpf_error(cstate, "'radio' modifier applied to ip6 %s", typestr); 5351 5352 case Q_CARP: 5353 bpf_error(cstate, "'carp' modifier applied to ip6 %s", typestr); 5354 5355 default: 5356 abort(); 5357 } 5358 /*NOTREACHED*/ 5359 } 5360 #endif 5361 5362 #ifndef INET6 5363 static struct block * 5364 gen_gateway(compiler_state_t *cstate, const u_char *eaddr, 5365 struct addrinfo *alist, int proto, int dir) 5366 { 5367 struct block *b0, *b1, *tmp; 5368 struct addrinfo *ai; 5369 struct sockaddr_in *sin; 5370 5371 if (dir != 0) 5372 bpf_error(cstate, "direction applied to 'gateway'"); 5373 5374 switch (proto) { 5375 case Q_DEFAULT: 5376 case Q_IP: 5377 case Q_ARP: 5378 case Q_RARP: 5379 switch (cstate->linktype) { 5380 case DLT_EN10MB: 5381 case DLT_NETANALYZER: 5382 case DLT_NETANALYZER_TRANSPARENT: 5383 b1 = gen_prevlinkhdr_check(cstate); 5384 b0 = gen_ehostop(cstate, eaddr, Q_OR); 5385 if (b1 != NULL) 5386 gen_and(b1, b0); 5387 break; 5388 case DLT_FDDI: 5389 b0 = gen_fhostop(cstate, eaddr, Q_OR); 5390 break; 5391 case DLT_IEEE802: 5392 b0 = gen_thostop(cstate, eaddr, Q_OR); 5393 break; 5394 case DLT_IEEE802_11: 5395 case DLT_PRISM_HEADER: 5396 case DLT_IEEE802_11_RADIO_AVS: 5397 case DLT_IEEE802_11_RADIO: 5398 case DLT_PPI: 5399 b0 = gen_wlanhostop(cstate, eaddr, Q_OR); 5400 break; 5401 case DLT_SUNATM: 5402 /* 5403 * This is LLC-multiplexed traffic; if it were 5404 * LANE, cstate->linktype would have been set to 5405 * DLT_EN10MB. 5406 */ 5407 bpf_error(cstate, 5408 "'gateway' supported only on ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel"); 5409 case DLT_IP_OVER_FC: 5410 b0 = gen_ipfchostop(cstate, eaddr, Q_OR); 5411 break; 5412 default: 5413 bpf_error(cstate, 5414 "'gateway' supported only on ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel"); 5415 } 5416 b1 = NULL; 5417 for (ai = alist; ai != NULL; ai = ai->ai_next) { 5418 /* 5419 * Does it have an address? 5420 */ 5421 if (ai->ai_addr != NULL) { 5422 /* 5423 * Yes. Is it an IPv4 address? 5424 */ 5425 if (ai->ai_addr->sa_family == AF_INET) { 5426 /* 5427 * Generate an entry for it. 5428 */ 5429 sin = (struct sockaddr_in *)ai->ai_addr; 5430 tmp = gen_host(cstate, 5431 ntohl(sin->sin_addr.s_addr), 5432 0xffffffff, proto, Q_OR, Q_HOST); 5433 /* 5434 * Is it the *first* IPv4 address? 5435 */ 5436 if (b1 == NULL) { 5437 /* 5438 * Yes, so start with it. 5439 */ 5440 b1 = tmp; 5441 } else { 5442 /* 5443 * No, so OR it into the 5444 * existing set of 5445 * addresses. 5446 */ 5447 gen_or(b1, tmp); 5448 b1 = tmp; 5449 } 5450 } 5451 } 5452 } 5453 if (b1 == NULL) { 5454 /* 5455 * No IPv4 addresses found. 5456 */ 5457 return (NULL); 5458 } 5459 gen_not(b1); 5460 gen_and(b0, b1); 5461 return b1; 5462 } 5463 bpf_error(cstate, "illegal modifier of 'gateway'"); 5464 /*NOTREACHED*/ 5465 } 5466 #endif 5467 5468 static struct block * 5469 gen_proto_abbrev_internal(compiler_state_t *cstate, int proto) 5470 { 5471 struct block *b0; 5472 struct block *b1; 5473 5474 switch (proto) { 5475 5476 case Q_SCTP: 5477 b1 = gen_proto(cstate, IPPROTO_SCTP, Q_DEFAULT, Q_DEFAULT); 5478 break; 5479 5480 case Q_TCP: 5481 b1 = gen_proto(cstate, IPPROTO_TCP, Q_DEFAULT, Q_DEFAULT); 5482 break; 5483 5484 case Q_UDP: 5485 b1 = gen_proto(cstate, IPPROTO_UDP, Q_DEFAULT, Q_DEFAULT); 5486 break; 5487 5488 case Q_ICMP: 5489 b1 = gen_proto(cstate, IPPROTO_ICMP, Q_IP, Q_DEFAULT); 5490 break; 5491 5492 #ifndef IPPROTO_IGMP 5493 #define IPPROTO_IGMP 2 5494 #endif 5495 5496 case Q_IGMP: 5497 b1 = gen_proto(cstate, IPPROTO_IGMP, Q_IP, Q_DEFAULT); 5498 break; 5499 5500 #ifndef IPPROTO_IGRP 5501 #define IPPROTO_IGRP 9 5502 #endif 5503 case Q_IGRP: 5504 b1 = gen_proto(cstate, IPPROTO_IGRP, Q_IP, Q_DEFAULT); 5505 break; 5506 5507 #ifndef IPPROTO_PIM 5508 #define IPPROTO_PIM 103 5509 #endif 5510 5511 case Q_PIM: 5512 b1 = gen_proto(cstate, IPPROTO_PIM, Q_DEFAULT, Q_DEFAULT); 5513 break; 5514 5515 #ifndef IPPROTO_VRRP 5516 #define IPPROTO_VRRP 112 5517 #endif 5518 5519 case Q_VRRP: 5520 b1 = gen_proto(cstate, IPPROTO_VRRP, Q_IP, Q_DEFAULT); 5521 break; 5522 5523 #ifndef IPPROTO_CARP 5524 #define IPPROTO_CARP 112 5525 #endif 5526 5527 case Q_CARP: 5528 b1 = gen_proto(cstate, IPPROTO_CARP, Q_IP, Q_DEFAULT); 5529 break; 5530 5531 case Q_IP: 5532 b1 = gen_linktype(cstate, ETHERTYPE_IP); 5533 break; 5534 5535 case Q_ARP: 5536 b1 = gen_linktype(cstate, ETHERTYPE_ARP); 5537 break; 5538 5539 case Q_RARP: 5540 b1 = gen_linktype(cstate, ETHERTYPE_REVARP); 5541 break; 5542 5543 case Q_LINK: 5544 bpf_error(cstate, "link layer applied in wrong context"); 5545 5546 case Q_ATALK: 5547 b1 = gen_linktype(cstate, ETHERTYPE_ATALK); 5548 break; 5549 5550 case Q_AARP: 5551 b1 = gen_linktype(cstate, ETHERTYPE_AARP); 5552 break; 5553 5554 case Q_DECNET: 5555 b1 = gen_linktype(cstate, ETHERTYPE_DN); 5556 break; 5557 5558 case Q_SCA: 5559 b1 = gen_linktype(cstate, ETHERTYPE_SCA); 5560 break; 5561 5562 case Q_LAT: 5563 b1 = gen_linktype(cstate, ETHERTYPE_LAT); 5564 break; 5565 5566 case Q_MOPDL: 5567 b1 = gen_linktype(cstate, ETHERTYPE_MOPDL); 5568 break; 5569 5570 case Q_MOPRC: 5571 b1 = gen_linktype(cstate, ETHERTYPE_MOPRC); 5572 break; 5573 5574 case Q_IPV6: 5575 b1 = gen_linktype(cstate, ETHERTYPE_IPV6); 5576 break; 5577 5578 #ifndef IPPROTO_ICMPV6 5579 #define IPPROTO_ICMPV6 58 5580 #endif 5581 case Q_ICMPV6: 5582 b1 = gen_proto(cstate, IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT); 5583 break; 5584 5585 #ifndef IPPROTO_AH 5586 #define IPPROTO_AH 51 5587 #endif 5588 case Q_AH: 5589 b1 = gen_proto(cstate, IPPROTO_AH, Q_DEFAULT, Q_DEFAULT); 5590 break; 5591 5592 #ifndef IPPROTO_ESP 5593 #define IPPROTO_ESP 50 5594 #endif 5595 case Q_ESP: 5596 b1 = gen_proto(cstate, IPPROTO_ESP, Q_DEFAULT, Q_DEFAULT); 5597 break; 5598 5599 case Q_ISO: 5600 b1 = gen_linktype(cstate, LLCSAP_ISONS); 5601 break; 5602 5603 case Q_ESIS: 5604 b1 = gen_proto(cstate, ISO9542_ESIS, Q_ISO, Q_DEFAULT); 5605 break; 5606 5607 case Q_ISIS: 5608 b1 = gen_proto(cstate, ISO10589_ISIS, Q_ISO, Q_DEFAULT); 5609 break; 5610 5611 case Q_ISIS_L1: /* all IS-IS Level1 PDU-Types */ 5612 b0 = gen_proto(cstate, ISIS_L1_LAN_IIH, Q_ISIS, Q_DEFAULT); 5613 b1 = gen_proto(cstate, ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT); /* FIXME extract the circuit-type bits */ 5614 gen_or(b0, b1); 5615 b0 = gen_proto(cstate, ISIS_L1_LSP, Q_ISIS, Q_DEFAULT); 5616 gen_or(b0, b1); 5617 b0 = gen_proto(cstate, ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT); 5618 gen_or(b0, b1); 5619 b0 = gen_proto(cstate, ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT); 5620 gen_or(b0, b1); 5621 break; 5622 5623 case Q_ISIS_L2: /* all IS-IS Level2 PDU-Types */ 5624 b0 = gen_proto(cstate, ISIS_L2_LAN_IIH, Q_ISIS, Q_DEFAULT); 5625 b1 = gen_proto(cstate, ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT); /* FIXME extract the circuit-type bits */ 5626 gen_or(b0, b1); 5627 b0 = gen_proto(cstate, ISIS_L2_LSP, Q_ISIS, Q_DEFAULT); 5628 gen_or(b0, b1); 5629 b0 = gen_proto(cstate, ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT); 5630 gen_or(b0, b1); 5631 b0 = gen_proto(cstate, ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT); 5632 gen_or(b0, b1); 5633 break; 5634 5635 case Q_ISIS_IIH: /* all IS-IS Hello PDU-Types */ 5636 b0 = gen_proto(cstate, ISIS_L1_LAN_IIH, Q_ISIS, Q_DEFAULT); 5637 b1 = gen_proto(cstate, ISIS_L2_LAN_IIH, Q_ISIS, Q_DEFAULT); 5638 gen_or(b0, b1); 5639 b0 = gen_proto(cstate, ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT); 5640 gen_or(b0, b1); 5641 break; 5642 5643 case Q_ISIS_LSP: 5644 b0 = gen_proto(cstate, ISIS_L1_LSP, Q_ISIS, Q_DEFAULT); 5645 b1 = gen_proto(cstate, ISIS_L2_LSP, Q_ISIS, Q_DEFAULT); 5646 gen_or(b0, b1); 5647 break; 5648 5649 case Q_ISIS_SNP: 5650 b0 = gen_proto(cstate, ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT); 5651 b1 = gen_proto(cstate, ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT); 5652 gen_or(b0, b1); 5653 b0 = gen_proto(cstate, ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT); 5654 gen_or(b0, b1); 5655 b0 = gen_proto(cstate, ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT); 5656 gen_or(b0, b1); 5657 break; 5658 5659 case Q_ISIS_CSNP: 5660 b0 = gen_proto(cstate, ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT); 5661 b1 = gen_proto(cstate, ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT); 5662 gen_or(b0, b1); 5663 break; 5664 5665 case Q_ISIS_PSNP: 5666 b0 = gen_proto(cstate, ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT); 5667 b1 = gen_proto(cstate, ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT); 5668 gen_or(b0, b1); 5669 break; 5670 5671 case Q_CLNP: 5672 b1 = gen_proto(cstate, ISO8473_CLNP, Q_ISO, Q_DEFAULT); 5673 break; 5674 5675 case Q_STP: 5676 b1 = gen_linktype(cstate, LLCSAP_8021D); 5677 break; 5678 5679 case Q_IPX: 5680 b1 = gen_linktype(cstate, LLCSAP_IPX); 5681 break; 5682 5683 case Q_NETBEUI: 5684 b1 = gen_linktype(cstate, LLCSAP_NETBEUI); 5685 break; 5686 5687 case Q_RADIO: 5688 bpf_error(cstate, "'radio' is not a valid protocol type"); 5689 5690 default: 5691 abort(); 5692 } 5693 return b1; 5694 } 5695 5696 struct block * 5697 gen_proto_abbrev(compiler_state_t *cstate, int proto) 5698 { 5699 /* 5700 * Catch errors reported by us and routines below us, and return NULL 5701 * on an error. 5702 */ 5703 if (setjmp(cstate->top_ctx)) 5704 return (NULL); 5705 5706 return gen_proto_abbrev_internal(cstate, proto); 5707 } 5708 5709 static struct block * 5710 gen_ipfrag(compiler_state_t *cstate) 5711 { 5712 struct slist *s; 5713 struct block *b; 5714 5715 /* not IPv4 frag other than the first frag */ 5716 s = gen_load_a(cstate, OR_LINKPL, 6, BPF_H); 5717 b = new_block(cstate, JMP(BPF_JSET)); 5718 b->s.k = 0x1fff; 5719 b->stmts = s; 5720 gen_not(b); 5721 5722 return b; 5723 } 5724 5725 /* 5726 * Generate a comparison to a port value in the transport-layer header 5727 * at the specified offset from the beginning of that header. 5728 * 5729 * XXX - this handles a variable-length prefix preceding the link-layer 5730 * header, such as the radiotap or AVS radio prefix, but doesn't handle 5731 * variable-length link-layer headers (such as Token Ring or 802.11 5732 * headers). 5733 */ 5734 static struct block * 5735 gen_portatom(compiler_state_t *cstate, int off, bpf_u_int32 v) 5736 { 5737 return gen_cmp(cstate, OR_TRAN_IPV4, off, BPF_H, v); 5738 } 5739 5740 static struct block * 5741 gen_portatom6(compiler_state_t *cstate, int off, bpf_u_int32 v) 5742 { 5743 return gen_cmp(cstate, OR_TRAN_IPV6, off, BPF_H, v); 5744 } 5745 5746 static struct block * 5747 gen_portop(compiler_state_t *cstate, u_int port, u_int proto, int dir) 5748 { 5749 struct block *b0, *b1, *tmp; 5750 5751 /* ip proto 'proto' and not a fragment other than the first fragment */ 5752 tmp = gen_cmp(cstate, OR_LINKPL, 9, BPF_B, proto); 5753 b0 = gen_ipfrag(cstate); 5754 gen_and(tmp, b0); 5755 5756 switch (dir) { 5757 case Q_SRC: 5758 b1 = gen_portatom(cstate, 0, port); 5759 break; 5760 5761 case Q_DST: 5762 b1 = gen_portatom(cstate, 2, port); 5763 break; 5764 5765 case Q_AND: 5766 tmp = gen_portatom(cstate, 0, port); 5767 b1 = gen_portatom(cstate, 2, port); 5768 gen_and(tmp, b1); 5769 break; 5770 5771 case Q_DEFAULT: 5772 case Q_OR: 5773 tmp = gen_portatom(cstate, 0, port); 5774 b1 = gen_portatom(cstate, 2, port); 5775 gen_or(tmp, b1); 5776 break; 5777 5778 case Q_ADDR1: 5779 bpf_error(cstate, "'addr1' and 'address1' are not valid qualifiers for ports"); 5780 /*NOTREACHED*/ 5781 5782 case Q_ADDR2: 5783 bpf_error(cstate, "'addr2' and 'address2' are not valid qualifiers for ports"); 5784 /*NOTREACHED*/ 5785 5786 case Q_ADDR3: 5787 bpf_error(cstate, "'addr3' and 'address3' are not valid qualifiers for ports"); 5788 /*NOTREACHED*/ 5789 5790 case Q_ADDR4: 5791 bpf_error(cstate, "'addr4' and 'address4' are not valid qualifiers for ports"); 5792 /*NOTREACHED*/ 5793 5794 case Q_RA: 5795 bpf_error(cstate, "'ra' is not a valid qualifier for ports"); 5796 /*NOTREACHED*/ 5797 5798 case Q_TA: 5799 bpf_error(cstate, "'ta' is not a valid qualifier for ports"); 5800 /*NOTREACHED*/ 5801 5802 default: 5803 abort(); 5804 /*NOTREACHED*/ 5805 } 5806 gen_and(b0, b1); 5807 5808 return b1; 5809 } 5810 5811 static struct block * 5812 gen_port(compiler_state_t *cstate, u_int port, int ip_proto, int dir) 5813 { 5814 struct block *b0, *b1, *tmp; 5815 5816 /* 5817 * ether proto ip 5818 * 5819 * For FDDI, RFC 1188 says that SNAP encapsulation is used, 5820 * not LLC encapsulation with LLCSAP_IP. 5821 * 5822 * For IEEE 802 networks - which includes 802.5 token ring 5823 * (which is what DLT_IEEE802 means) and 802.11 - RFC 1042 5824 * says that SNAP encapsulation is used, not LLC encapsulation 5825 * with LLCSAP_IP. 5826 * 5827 * For LLC-encapsulated ATM/"Classical IP", RFC 1483 and 5828 * RFC 2225 say that SNAP encapsulation is used, not LLC 5829 * encapsulation with LLCSAP_IP. 5830 * 5831 * So we always check for ETHERTYPE_IP. 5832 */ 5833 b0 = gen_linktype(cstate, ETHERTYPE_IP); 5834 5835 switch (ip_proto) { 5836 case IPPROTO_UDP: 5837 case IPPROTO_TCP: 5838 case IPPROTO_SCTP: 5839 b1 = gen_portop(cstate, port, (u_int)ip_proto, dir); 5840 break; 5841 5842 case PROTO_UNDEF: 5843 tmp = gen_portop(cstate, port, IPPROTO_TCP, dir); 5844 b1 = gen_portop(cstate, port, IPPROTO_UDP, dir); 5845 gen_or(tmp, b1); 5846 tmp = gen_portop(cstate, port, IPPROTO_SCTP, dir); 5847 gen_or(tmp, b1); 5848 break; 5849 5850 default: 5851 abort(); 5852 } 5853 gen_and(b0, b1); 5854 return b1; 5855 } 5856 5857 struct block * 5858 gen_portop6(compiler_state_t *cstate, u_int port, u_int proto, int dir) 5859 { 5860 struct block *b0, *b1, *tmp; 5861 5862 /* ip6 proto 'proto' */ 5863 /* XXX - catch the first fragment of a fragmented packet? */ 5864 b0 = gen_cmp(cstate, OR_LINKPL, 6, BPF_B, proto); 5865 5866 switch (dir) { 5867 case Q_SRC: 5868 b1 = gen_portatom6(cstate, 0, port); 5869 break; 5870 5871 case Q_DST: 5872 b1 = gen_portatom6(cstate, 2, port); 5873 break; 5874 5875 case Q_AND: 5876 tmp = gen_portatom6(cstate, 0, port); 5877 b1 = gen_portatom6(cstate, 2, port); 5878 gen_and(tmp, b1); 5879 break; 5880 5881 case Q_DEFAULT: 5882 case Q_OR: 5883 tmp = gen_portatom6(cstate, 0, port); 5884 b1 = gen_portatom6(cstate, 2, port); 5885 gen_or(tmp, b1); 5886 break; 5887 5888 default: 5889 abort(); 5890 } 5891 gen_and(b0, b1); 5892 5893 return b1; 5894 } 5895 5896 static struct block * 5897 gen_port6(compiler_state_t *cstate, u_int port, int ip_proto, int dir) 5898 { 5899 struct block *b0, *b1, *tmp; 5900 5901 /* link proto ip6 */ 5902 b0 = gen_linktype(cstate, ETHERTYPE_IPV6); 5903 5904 switch (ip_proto) { 5905 case IPPROTO_UDP: 5906 case IPPROTO_TCP: 5907 case IPPROTO_SCTP: 5908 b1 = gen_portop6(cstate, port, (u_int)ip_proto, dir); 5909 break; 5910 5911 case PROTO_UNDEF: 5912 tmp = gen_portop6(cstate, port, IPPROTO_TCP, dir); 5913 b1 = gen_portop6(cstate, port, IPPROTO_UDP, dir); 5914 gen_or(tmp, b1); 5915 tmp = gen_portop6(cstate, port, IPPROTO_SCTP, dir); 5916 gen_or(tmp, b1); 5917 break; 5918 5919 default: 5920 abort(); 5921 } 5922 gen_and(b0, b1); 5923 return b1; 5924 } 5925 5926 /* gen_portrange code */ 5927 static struct block * 5928 gen_portrangeatom(compiler_state_t *cstate, u_int off, bpf_u_int32 v1, 5929 bpf_u_int32 v2) 5930 { 5931 struct block *b1, *b2; 5932 5933 if (v1 > v2) { 5934 /* 5935 * Reverse the order of the ports, so v1 is the lower one. 5936 */ 5937 bpf_u_int32 vtemp; 5938 5939 vtemp = v1; 5940 v1 = v2; 5941 v2 = vtemp; 5942 } 5943 5944 b1 = gen_cmp_ge(cstate, OR_TRAN_IPV4, off, BPF_H, v1); 5945 b2 = gen_cmp_le(cstate, OR_TRAN_IPV4, off, BPF_H, v2); 5946 5947 gen_and(b1, b2); 5948 5949 return b2; 5950 } 5951 5952 static struct block * 5953 gen_portrangeop(compiler_state_t *cstate, u_int port1, u_int port2, 5954 bpf_u_int32 proto, int dir) 5955 { 5956 struct block *b0, *b1, *tmp; 5957 5958 /* ip proto 'proto' and not a fragment other than the first fragment */ 5959 tmp = gen_cmp(cstate, OR_LINKPL, 9, BPF_B, proto); 5960 b0 = gen_ipfrag(cstate); 5961 gen_and(tmp, b0); 5962 5963 switch (dir) { 5964 case Q_SRC: 5965 b1 = gen_portrangeatom(cstate, 0, port1, port2); 5966 break; 5967 5968 case Q_DST: 5969 b1 = gen_portrangeatom(cstate, 2, port1, port2); 5970 break; 5971 5972 case Q_AND: 5973 tmp = gen_portrangeatom(cstate, 0, port1, port2); 5974 b1 = gen_portrangeatom(cstate, 2, port1, port2); 5975 gen_and(tmp, b1); 5976 break; 5977 5978 case Q_DEFAULT: 5979 case Q_OR: 5980 tmp = gen_portrangeatom(cstate, 0, port1, port2); 5981 b1 = gen_portrangeatom(cstate, 2, port1, port2); 5982 gen_or(tmp, b1); 5983 break; 5984 5985 case Q_ADDR1: 5986 bpf_error(cstate, "'addr1' and 'address1' are not valid qualifiers for port ranges"); 5987 /*NOTREACHED*/ 5988 5989 case Q_ADDR2: 5990 bpf_error(cstate, "'addr2' and 'address2' are not valid qualifiers for port ranges"); 5991 /*NOTREACHED*/ 5992 5993 case Q_ADDR3: 5994 bpf_error(cstate, "'addr3' and 'address3' are not valid qualifiers for port ranges"); 5995 /*NOTREACHED*/ 5996 5997 case Q_ADDR4: 5998 bpf_error(cstate, "'addr4' and 'address4' are not valid qualifiers for port ranges"); 5999 /*NOTREACHED*/ 6000 6001 case Q_RA: 6002 bpf_error(cstate, "'ra' is not a valid qualifier for port ranges"); 6003 /*NOTREACHED*/ 6004 6005 case Q_TA: 6006 bpf_error(cstate, "'ta' is not a valid qualifier for port ranges"); 6007 /*NOTREACHED*/ 6008 6009 default: 6010 abort(); 6011 /*NOTREACHED*/ 6012 } 6013 gen_and(b0, b1); 6014 6015 return b1; 6016 } 6017 6018 static struct block * 6019 gen_portrange(compiler_state_t *cstate, u_int port1, u_int port2, int ip_proto, 6020 int dir) 6021 { 6022 struct block *b0, *b1, *tmp; 6023 6024 /* link proto ip */ 6025 b0 = gen_linktype(cstate, ETHERTYPE_IP); 6026 6027 switch (ip_proto) { 6028 case IPPROTO_UDP: 6029 case IPPROTO_TCP: 6030 case IPPROTO_SCTP: 6031 b1 = gen_portrangeop(cstate, port1, port2, (bpf_u_int32)ip_proto, 6032 dir); 6033 break; 6034 6035 case PROTO_UNDEF: 6036 tmp = gen_portrangeop(cstate, port1, port2, IPPROTO_TCP, dir); 6037 b1 = gen_portrangeop(cstate, port1, port2, IPPROTO_UDP, dir); 6038 gen_or(tmp, b1); 6039 tmp = gen_portrangeop(cstate, port1, port2, IPPROTO_SCTP, dir); 6040 gen_or(tmp, b1); 6041 break; 6042 6043 default: 6044 abort(); 6045 } 6046 gen_and(b0, b1); 6047 return b1; 6048 } 6049 6050 static struct block * 6051 gen_portrangeatom6(compiler_state_t *cstate, u_int off, bpf_u_int32 v1, 6052 bpf_u_int32 v2) 6053 { 6054 struct block *b1, *b2; 6055 6056 if (v1 > v2) { 6057 /* 6058 * Reverse the order of the ports, so v1 is the lower one. 6059 */ 6060 bpf_u_int32 vtemp; 6061 6062 vtemp = v1; 6063 v1 = v2; 6064 v2 = vtemp; 6065 } 6066 6067 b1 = gen_cmp_ge(cstate, OR_TRAN_IPV6, off, BPF_H, v1); 6068 b2 = gen_cmp_le(cstate, OR_TRAN_IPV6, off, BPF_H, v2); 6069 6070 gen_and(b1, b2); 6071 6072 return b2; 6073 } 6074 6075 static struct block * 6076 gen_portrangeop6(compiler_state_t *cstate, u_int port1, u_int port2, 6077 bpf_u_int32 proto, int dir) 6078 { 6079 struct block *b0, *b1, *tmp; 6080 6081 /* ip6 proto 'proto' */ 6082 /* XXX - catch the first fragment of a fragmented packet? */ 6083 b0 = gen_cmp(cstate, OR_LINKPL, 6, BPF_B, proto); 6084 6085 switch (dir) { 6086 case Q_SRC: 6087 b1 = gen_portrangeatom6(cstate, 0, port1, port2); 6088 break; 6089 6090 case Q_DST: 6091 b1 = gen_portrangeatom6(cstate, 2, port1, port2); 6092 break; 6093 6094 case Q_AND: 6095 tmp = gen_portrangeatom6(cstate, 0, port1, port2); 6096 b1 = gen_portrangeatom6(cstate, 2, port1, port2); 6097 gen_and(tmp, b1); 6098 break; 6099 6100 case Q_DEFAULT: 6101 case Q_OR: 6102 tmp = gen_portrangeatom6(cstate, 0, port1, port2); 6103 b1 = gen_portrangeatom6(cstate, 2, port1, port2); 6104 gen_or(tmp, b1); 6105 break; 6106 6107 default: 6108 abort(); 6109 } 6110 gen_and(b0, b1); 6111 6112 return b1; 6113 } 6114 6115 static struct block * 6116 gen_portrange6(compiler_state_t *cstate, u_int port1, u_int port2, int ip_proto, 6117 int dir) 6118 { 6119 struct block *b0, *b1, *tmp; 6120 6121 /* link proto ip6 */ 6122 b0 = gen_linktype(cstate, ETHERTYPE_IPV6); 6123 6124 switch (ip_proto) { 6125 case IPPROTO_UDP: 6126 case IPPROTO_TCP: 6127 case IPPROTO_SCTP: 6128 b1 = gen_portrangeop6(cstate, port1, port2, (bpf_u_int32)ip_proto, 6129 dir); 6130 break; 6131 6132 case PROTO_UNDEF: 6133 tmp = gen_portrangeop6(cstate, port1, port2, IPPROTO_TCP, dir); 6134 b1 = gen_portrangeop6(cstate, port1, port2, IPPROTO_UDP, dir); 6135 gen_or(tmp, b1); 6136 tmp = gen_portrangeop6(cstate, port1, port2, IPPROTO_SCTP, dir); 6137 gen_or(tmp, b1); 6138 break; 6139 6140 default: 6141 abort(); 6142 } 6143 gen_and(b0, b1); 6144 return b1; 6145 } 6146 6147 static int 6148 lookup_proto(compiler_state_t *cstate, const char *name, int proto) 6149 { 6150 register int v; 6151 6152 switch (proto) { 6153 6154 case Q_DEFAULT: 6155 case Q_IP: 6156 case Q_IPV6: 6157 v = pcap_nametoproto(name); 6158 if (v == PROTO_UNDEF) 6159 bpf_error(cstate, "unknown ip proto '%s'", name); 6160 break; 6161 6162 case Q_LINK: 6163 /* XXX should look up h/w protocol type based on cstate->linktype */ 6164 v = pcap_nametoeproto(name); 6165 if (v == PROTO_UNDEF) { 6166 v = pcap_nametollc(name); 6167 if (v == PROTO_UNDEF) 6168 bpf_error(cstate, "unknown ether proto '%s'", name); 6169 } 6170 break; 6171 6172 case Q_ISO: 6173 if (strcmp(name, "esis") == 0) 6174 v = ISO9542_ESIS; 6175 else if (strcmp(name, "isis") == 0) 6176 v = ISO10589_ISIS; 6177 else if (strcmp(name, "clnp") == 0) 6178 v = ISO8473_CLNP; 6179 else 6180 bpf_error(cstate, "unknown osi proto '%s'", name); 6181 break; 6182 6183 default: 6184 v = PROTO_UNDEF; 6185 break; 6186 } 6187 return v; 6188 } 6189 6190 #if !defined(NO_PROTOCHAIN) 6191 static struct block * 6192 gen_protochain(compiler_state_t *cstate, bpf_u_int32 v, int proto) 6193 { 6194 struct block *b0, *b; 6195 struct slist *s[100]; 6196 int fix2, fix3, fix4, fix5; 6197 int ahcheck, again, end; 6198 int i, max; 6199 int reg2 = alloc_reg(cstate); 6200 6201 memset(s, 0, sizeof(s)); 6202 fix3 = fix4 = fix5 = 0; 6203 6204 switch (proto) { 6205 case Q_IP: 6206 case Q_IPV6: 6207 break; 6208 case Q_DEFAULT: 6209 b0 = gen_protochain(cstate, v, Q_IP); 6210 b = gen_protochain(cstate, v, Q_IPV6); 6211 gen_or(b0, b); 6212 return b; 6213 default: 6214 bpf_error(cstate, "bad protocol applied for 'protochain'"); 6215 /*NOTREACHED*/ 6216 } 6217 6218 /* 6219 * We don't handle variable-length prefixes before the link-layer 6220 * header, or variable-length link-layer headers, here yet. 6221 * We might want to add BPF instructions to do the protochain 6222 * work, to simplify that and, on platforms that have a BPF 6223 * interpreter with the new instructions, let the filtering 6224 * be done in the kernel. (We already require a modified BPF 6225 * engine to do the protochain stuff, to support backward 6226 * branches, and backward branch support is unlikely to appear 6227 * in kernel BPF engines.) 6228 */ 6229 if (cstate->off_linkpl.is_variable) 6230 bpf_error(cstate, "'protochain' not supported with variable length headers"); 6231 6232 /* 6233 * To quote a comment in optimize.c: 6234 * 6235 * "These data structures are used in a Cocke and Schwartz style 6236 * value numbering scheme. Since the flowgraph is acyclic, 6237 * exit values can be propagated from a node's predecessors 6238 * provided it is uniquely defined." 6239 * 6240 * "Acyclic" means "no backward branches", which means "no 6241 * loops", so we have to turn the optimizer off. 6242 */ 6243 cstate->no_optimize = 1; 6244 6245 /* 6246 * s[0] is a dummy entry to protect other BPF insn from damage 6247 * by s[fix] = foo with uninitialized variable "fix". It is somewhat 6248 * hard to find interdependency made by jump table fixup. 6249 */ 6250 i = 0; 6251 s[i] = new_stmt(cstate, 0); /*dummy*/ 6252 i++; 6253 6254 switch (proto) { 6255 case Q_IP: 6256 b0 = gen_linktype(cstate, ETHERTYPE_IP); 6257 6258 /* A = ip->ip_p */ 6259 s[i] = new_stmt(cstate, BPF_LD|BPF_ABS|BPF_B); 6260 s[i]->s.k = cstate->off_linkpl.constant_part + cstate->off_nl + 9; 6261 i++; 6262 /* X = ip->ip_hl << 2 */ 6263 s[i] = new_stmt(cstate, BPF_LDX|BPF_MSH|BPF_B); 6264 s[i]->s.k = cstate->off_linkpl.constant_part + cstate->off_nl; 6265 i++; 6266 break; 6267 6268 case Q_IPV6: 6269 b0 = gen_linktype(cstate, ETHERTYPE_IPV6); 6270 6271 /* A = ip6->ip_nxt */ 6272 s[i] = new_stmt(cstate, BPF_LD|BPF_ABS|BPF_B); 6273 s[i]->s.k = cstate->off_linkpl.constant_part + cstate->off_nl + 6; 6274 i++; 6275 /* X = sizeof(struct ip6_hdr) */ 6276 s[i] = new_stmt(cstate, BPF_LDX|BPF_IMM); 6277 s[i]->s.k = 40; 6278 i++; 6279 break; 6280 6281 default: 6282 bpf_error(cstate, "unsupported proto to gen_protochain"); 6283 /*NOTREACHED*/ 6284 } 6285 6286 /* again: if (A == v) goto end; else fall through; */ 6287 again = i; 6288 s[i] = new_stmt(cstate, BPF_JMP|BPF_JEQ|BPF_K); 6289 s[i]->s.k = v; 6290 s[i]->s.jt = NULL; /*later*/ 6291 s[i]->s.jf = NULL; /*update in next stmt*/ 6292 fix5 = i; 6293 i++; 6294 6295 #ifndef IPPROTO_NONE 6296 #define IPPROTO_NONE 59 6297 #endif 6298 /* if (A == IPPROTO_NONE) goto end */ 6299 s[i] = new_stmt(cstate, BPF_JMP|BPF_JEQ|BPF_K); 6300 s[i]->s.jt = NULL; /*later*/ 6301 s[i]->s.jf = NULL; /*update in next stmt*/ 6302 s[i]->s.k = IPPROTO_NONE; 6303 s[fix5]->s.jf = s[i]; 6304 fix2 = i; 6305 i++; 6306 6307 if (proto == Q_IPV6) { 6308 int v6start, v6end, v6advance, j; 6309 6310 v6start = i; 6311 /* if (A == IPPROTO_HOPOPTS) goto v6advance */ 6312 s[i] = new_stmt(cstate, BPF_JMP|BPF_JEQ|BPF_K); 6313 s[i]->s.jt = NULL; /*later*/ 6314 s[i]->s.jf = NULL; /*update in next stmt*/ 6315 s[i]->s.k = IPPROTO_HOPOPTS; 6316 s[fix2]->s.jf = s[i]; 6317 i++; 6318 /* if (A == IPPROTO_DSTOPTS) goto v6advance */ 6319 s[i - 1]->s.jf = s[i] = new_stmt(cstate, BPF_JMP|BPF_JEQ|BPF_K); 6320 s[i]->s.jt = NULL; /*later*/ 6321 s[i]->s.jf = NULL; /*update in next stmt*/ 6322 s[i]->s.k = IPPROTO_DSTOPTS; 6323 i++; 6324 /* if (A == IPPROTO_ROUTING) goto v6advance */ 6325 s[i - 1]->s.jf = s[i] = new_stmt(cstate, BPF_JMP|BPF_JEQ|BPF_K); 6326 s[i]->s.jt = NULL; /*later*/ 6327 s[i]->s.jf = NULL; /*update in next stmt*/ 6328 s[i]->s.k = IPPROTO_ROUTING; 6329 i++; 6330 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */ 6331 s[i - 1]->s.jf = s[i] = new_stmt(cstate, BPF_JMP|BPF_JEQ|BPF_K); 6332 s[i]->s.jt = NULL; /*later*/ 6333 s[i]->s.jf = NULL; /*later*/ 6334 s[i]->s.k = IPPROTO_FRAGMENT; 6335 fix3 = i; 6336 v6end = i; 6337 i++; 6338 6339 /* v6advance: */ 6340 v6advance = i; 6341 6342 /* 6343 * in short, 6344 * A = P[X + packet head]; 6345 * X = X + (P[X + packet head + 1] + 1) * 8; 6346 */ 6347 /* A = P[X + packet head] */ 6348 s[i] = new_stmt(cstate, BPF_LD|BPF_IND|BPF_B); 6349 s[i]->s.k = cstate->off_linkpl.constant_part + cstate->off_nl; 6350 i++; 6351 /* MEM[reg2] = A */ 6352 s[i] = new_stmt(cstate, BPF_ST); 6353 s[i]->s.k = reg2; 6354 i++; 6355 /* A = P[X + packet head + 1]; */ 6356 s[i] = new_stmt(cstate, BPF_LD|BPF_IND|BPF_B); 6357 s[i]->s.k = cstate->off_linkpl.constant_part + cstate->off_nl + 1; 6358 i++; 6359 /* A += 1 */ 6360 s[i] = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_K); 6361 s[i]->s.k = 1; 6362 i++; 6363 /* A *= 8 */ 6364 s[i] = new_stmt(cstate, BPF_ALU|BPF_MUL|BPF_K); 6365 s[i]->s.k = 8; 6366 i++; 6367 /* A += X */ 6368 s[i] = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_X); 6369 s[i]->s.k = 0; 6370 i++; 6371 /* X = A; */ 6372 s[i] = new_stmt(cstate, BPF_MISC|BPF_TAX); 6373 i++; 6374 /* A = MEM[reg2] */ 6375 s[i] = new_stmt(cstate, BPF_LD|BPF_MEM); 6376 s[i]->s.k = reg2; 6377 i++; 6378 6379 /* goto again; (must use BPF_JA for backward jump) */ 6380 s[i] = new_stmt(cstate, BPF_JMP|BPF_JA); 6381 s[i]->s.k = again - i - 1; 6382 s[i - 1]->s.jf = s[i]; 6383 i++; 6384 6385 /* fixup */ 6386 for (j = v6start; j <= v6end; j++) 6387 s[j]->s.jt = s[v6advance]; 6388 } else { 6389 /* nop */ 6390 s[i] = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_K); 6391 s[i]->s.k = 0; 6392 s[fix2]->s.jf = s[i]; 6393 i++; 6394 } 6395 6396 /* ahcheck: */ 6397 ahcheck = i; 6398 /* if (A == IPPROTO_AH) then fall through; else goto end; */ 6399 s[i] = new_stmt(cstate, BPF_JMP|BPF_JEQ|BPF_K); 6400 s[i]->s.jt = NULL; /*later*/ 6401 s[i]->s.jf = NULL; /*later*/ 6402 s[i]->s.k = IPPROTO_AH; 6403 if (fix3) 6404 s[fix3]->s.jf = s[ahcheck]; 6405 fix4 = i; 6406 i++; 6407 6408 /* 6409 * in short, 6410 * A = P[X]; 6411 * X = X + (P[X + 1] + 2) * 4; 6412 */ 6413 /* A = X */ 6414 s[i - 1]->s.jt = s[i] = new_stmt(cstate, BPF_MISC|BPF_TXA); 6415 i++; 6416 /* A = P[X + packet head]; */ 6417 s[i] = new_stmt(cstate, BPF_LD|BPF_IND|BPF_B); 6418 s[i]->s.k = cstate->off_linkpl.constant_part + cstate->off_nl; 6419 i++; 6420 /* MEM[reg2] = A */ 6421 s[i] = new_stmt(cstate, BPF_ST); 6422 s[i]->s.k = reg2; 6423 i++; 6424 /* A = X */ 6425 s[i - 1]->s.jt = s[i] = new_stmt(cstate, BPF_MISC|BPF_TXA); 6426 i++; 6427 /* A += 1 */ 6428 s[i] = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_K); 6429 s[i]->s.k = 1; 6430 i++; 6431 /* X = A */ 6432 s[i] = new_stmt(cstate, BPF_MISC|BPF_TAX); 6433 i++; 6434 /* A = P[X + packet head] */ 6435 s[i] = new_stmt(cstate, BPF_LD|BPF_IND|BPF_B); 6436 s[i]->s.k = cstate->off_linkpl.constant_part + cstate->off_nl; 6437 i++; 6438 /* A += 2 */ 6439 s[i] = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_K); 6440 s[i]->s.k = 2; 6441 i++; 6442 /* A *= 4 */ 6443 s[i] = new_stmt(cstate, BPF_ALU|BPF_MUL|BPF_K); 6444 s[i]->s.k = 4; 6445 i++; 6446 /* X = A; */ 6447 s[i] = new_stmt(cstate, BPF_MISC|BPF_TAX); 6448 i++; 6449 /* A = MEM[reg2] */ 6450 s[i] = new_stmt(cstate, BPF_LD|BPF_MEM); 6451 s[i]->s.k = reg2; 6452 i++; 6453 6454 /* goto again; (must use BPF_JA for backward jump) */ 6455 s[i] = new_stmt(cstate, BPF_JMP|BPF_JA); 6456 s[i]->s.k = again - i - 1; 6457 i++; 6458 6459 /* end: nop */ 6460 end = i; 6461 s[i] = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_K); 6462 s[i]->s.k = 0; 6463 s[fix2]->s.jt = s[end]; 6464 s[fix4]->s.jf = s[end]; 6465 s[fix5]->s.jt = s[end]; 6466 i++; 6467 6468 /* 6469 * make slist chain 6470 */ 6471 max = i; 6472 for (i = 0; i < max - 1; i++) 6473 s[i]->next = s[i + 1]; 6474 s[max - 1]->next = NULL; 6475 6476 /* 6477 * emit final check 6478 */ 6479 b = new_block(cstate, JMP(BPF_JEQ)); 6480 b->stmts = s[1]; /*remember, s[0] is dummy*/ 6481 b->s.k = v; 6482 6483 free_reg(cstate, reg2); 6484 6485 gen_and(b0, b); 6486 return b; 6487 } 6488 #endif /* !defined(NO_PROTOCHAIN) */ 6489 6490 static struct block * 6491 gen_check_802_11_data_frame(compiler_state_t *cstate) 6492 { 6493 struct slist *s; 6494 struct block *b0, *b1; 6495 6496 /* 6497 * A data frame has the 0x08 bit (b3) in the frame control field set 6498 * and the 0x04 bit (b2) clear. 6499 */ 6500 s = gen_load_a(cstate, OR_LINKHDR, 0, BPF_B); 6501 b0 = new_block(cstate, JMP(BPF_JSET)); 6502 b0->s.k = 0x08; 6503 b0->stmts = s; 6504 6505 s = gen_load_a(cstate, OR_LINKHDR, 0, BPF_B); 6506 b1 = new_block(cstate, JMP(BPF_JSET)); 6507 b1->s.k = 0x04; 6508 b1->stmts = s; 6509 gen_not(b1); 6510 6511 gen_and(b1, b0); 6512 6513 return b0; 6514 } 6515 6516 /* 6517 * Generate code that checks whether the packet is a packet for protocol 6518 * <proto> and whether the type field in that protocol's header has 6519 * the value <v>, e.g. if <proto> is Q_IP, it checks whether it's an 6520 * IP packet and checks the protocol number in the IP header against <v>. 6521 * 6522 * If <proto> is Q_DEFAULT, i.e. just "proto" was specified, it checks 6523 * against Q_IP and Q_IPV6. 6524 */ 6525 static struct block * 6526 gen_proto(compiler_state_t *cstate, bpf_u_int32 v, int proto, int dir) 6527 { 6528 struct block *b0, *b1; 6529 struct block *b2; 6530 6531 if (dir != Q_DEFAULT) 6532 bpf_error(cstate, "direction applied to 'proto'"); 6533 6534 switch (proto) { 6535 case Q_DEFAULT: 6536 b0 = gen_proto(cstate, v, Q_IP, dir); 6537 b1 = gen_proto(cstate, v, Q_IPV6, dir); 6538 gen_or(b0, b1); 6539 return b1; 6540 6541 case Q_LINK: 6542 return gen_linktype(cstate, v); 6543 6544 case Q_IP: 6545 /* 6546 * For FDDI, RFC 1188 says that SNAP encapsulation is used, 6547 * not LLC encapsulation with LLCSAP_IP. 6548 * 6549 * For IEEE 802 networks - which includes 802.5 token ring 6550 * (which is what DLT_IEEE802 means) and 802.11 - RFC 1042 6551 * says that SNAP encapsulation is used, not LLC encapsulation 6552 * with LLCSAP_IP. 6553 * 6554 * For LLC-encapsulated ATM/"Classical IP", RFC 1483 and 6555 * RFC 2225 say that SNAP encapsulation is used, not LLC 6556 * encapsulation with LLCSAP_IP. 6557 * 6558 * So we always check for ETHERTYPE_IP. 6559 */ 6560 b0 = gen_linktype(cstate, ETHERTYPE_IP); 6561 b1 = gen_cmp(cstate, OR_LINKPL, 9, BPF_B, v); 6562 gen_and(b0, b1); 6563 return b1; 6564 6565 case Q_ARP: 6566 bpf_error(cstate, "arp does not encapsulate another protocol"); 6567 /*NOTREACHED*/ 6568 6569 case Q_RARP: 6570 bpf_error(cstate, "rarp does not encapsulate another protocol"); 6571 /*NOTREACHED*/ 6572 6573 case Q_SCTP: 6574 bpf_error(cstate, "'sctp proto' is bogus"); 6575 /*NOTREACHED*/ 6576 6577 case Q_TCP: 6578 bpf_error(cstate, "'tcp proto' is bogus"); 6579 /*NOTREACHED*/ 6580 6581 case Q_UDP: 6582 bpf_error(cstate, "'udp proto' is bogus"); 6583 /*NOTREACHED*/ 6584 6585 case Q_ICMP: 6586 bpf_error(cstate, "'icmp proto' is bogus"); 6587 /*NOTREACHED*/ 6588 6589 case Q_IGMP: 6590 bpf_error(cstate, "'igmp proto' is bogus"); 6591 /*NOTREACHED*/ 6592 6593 case Q_IGRP: 6594 bpf_error(cstate, "'igrp proto' is bogus"); 6595 /*NOTREACHED*/ 6596 6597 case Q_ATALK: 6598 bpf_error(cstate, "AppleTalk encapsulation is not specifiable"); 6599 /*NOTREACHED*/ 6600 6601 case Q_DECNET: 6602 bpf_error(cstate, "DECNET encapsulation is not specifiable"); 6603 /*NOTREACHED*/ 6604 6605 case Q_LAT: 6606 bpf_error(cstate, "LAT does not encapsulate another protocol"); 6607 /*NOTREACHED*/ 6608 6609 case Q_SCA: 6610 bpf_error(cstate, "SCA does not encapsulate another protocol"); 6611 /*NOTREACHED*/ 6612 6613 case Q_MOPRC: 6614 bpf_error(cstate, "MOPRC does not encapsulate another protocol"); 6615 /*NOTREACHED*/ 6616 6617 case Q_MOPDL: 6618 bpf_error(cstate, "MOPDL does not encapsulate another protocol"); 6619 /*NOTREACHED*/ 6620 6621 case Q_IPV6: 6622 b0 = gen_linktype(cstate, ETHERTYPE_IPV6); 6623 /* 6624 * Also check for a fragment header before the final 6625 * header. 6626 */ 6627 b2 = gen_cmp(cstate, OR_LINKPL, 6, BPF_B, IPPROTO_FRAGMENT); 6628 b1 = gen_cmp(cstate, OR_LINKPL, 40, BPF_B, v); 6629 gen_and(b2, b1); 6630 b2 = gen_cmp(cstate, OR_LINKPL, 6, BPF_B, v); 6631 gen_or(b2, b1); 6632 gen_and(b0, b1); 6633 return b1; 6634 6635 case Q_ICMPV6: 6636 bpf_error(cstate, "'icmp6 proto' is bogus"); 6637 /*NOTREACHED*/ 6638 6639 case Q_AH: 6640 bpf_error(cstate, "'ah proto' is bogus"); 6641 /*NOTREACHED*/ 6642 6643 case Q_ESP: 6644 bpf_error(cstate, "'esp proto' is bogus"); 6645 /*NOTREACHED*/ 6646 6647 case Q_PIM: 6648 bpf_error(cstate, "'pim proto' is bogus"); 6649 /*NOTREACHED*/ 6650 6651 case Q_VRRP: 6652 bpf_error(cstate, "'vrrp proto' is bogus"); 6653 /*NOTREACHED*/ 6654 6655 case Q_AARP: 6656 bpf_error(cstate, "'aarp proto' is bogus"); 6657 /*NOTREACHED*/ 6658 6659 case Q_ISO: 6660 switch (cstate->linktype) { 6661 6662 case DLT_FRELAY: 6663 /* 6664 * Frame Relay packets typically have an OSI 6665 * NLPID at the beginning; "gen_linktype(cstate, LLCSAP_ISONS)" 6666 * generates code to check for all the OSI 6667 * NLPIDs, so calling it and then adding a check 6668 * for the particular NLPID for which we're 6669 * looking is bogus, as we can just check for 6670 * the NLPID. 6671 * 6672 * What we check for is the NLPID and a frame 6673 * control field value of UI, i.e. 0x03 followed 6674 * by the NLPID. 6675 * 6676 * XXX - assumes a 2-byte Frame Relay header with 6677 * DLCI and flags. What if the address is longer? 6678 * 6679 * XXX - what about SNAP-encapsulated frames? 6680 */ 6681 return gen_cmp(cstate, OR_LINKHDR, 2, BPF_H, (0x03<<8) | v); 6682 /*NOTREACHED*/ 6683 6684 case DLT_C_HDLC: 6685 case DLT_HDLC: 6686 /* 6687 * Cisco uses an Ethertype lookalike - for OSI, 6688 * it's 0xfefe. 6689 */ 6690 b0 = gen_linktype(cstate, LLCSAP_ISONS<<8 | LLCSAP_ISONS); 6691 /* OSI in C-HDLC is stuffed with a fudge byte */ 6692 b1 = gen_cmp(cstate, OR_LINKPL_NOSNAP, 1, BPF_B, v); 6693 gen_and(b0, b1); 6694 return b1; 6695 6696 default: 6697 b0 = gen_linktype(cstate, LLCSAP_ISONS); 6698 b1 = gen_cmp(cstate, OR_LINKPL_NOSNAP, 0, BPF_B, v); 6699 gen_and(b0, b1); 6700 return b1; 6701 } 6702 6703 case Q_ESIS: 6704 bpf_error(cstate, "'esis proto' is bogus"); 6705 /*NOTREACHED*/ 6706 6707 case Q_ISIS: 6708 b0 = gen_proto(cstate, ISO10589_ISIS, Q_ISO, Q_DEFAULT); 6709 /* 6710 * 4 is the offset of the PDU type relative to the IS-IS 6711 * header. 6712 */ 6713 b1 = gen_cmp(cstate, OR_LINKPL_NOSNAP, 4, BPF_B, v); 6714 gen_and(b0, b1); 6715 return b1; 6716 6717 case Q_CLNP: 6718 bpf_error(cstate, "'clnp proto' is not supported"); 6719 /*NOTREACHED*/ 6720 6721 case Q_STP: 6722 bpf_error(cstate, "'stp proto' is bogus"); 6723 /*NOTREACHED*/ 6724 6725 case Q_IPX: 6726 bpf_error(cstate, "'ipx proto' is bogus"); 6727 /*NOTREACHED*/ 6728 6729 case Q_NETBEUI: 6730 bpf_error(cstate, "'netbeui proto' is bogus"); 6731 /*NOTREACHED*/ 6732 6733 case Q_ISIS_L1: 6734 bpf_error(cstate, "'l1 proto' is bogus"); 6735 /*NOTREACHED*/ 6736 6737 case Q_ISIS_L2: 6738 bpf_error(cstate, "'l2 proto' is bogus"); 6739 /*NOTREACHED*/ 6740 6741 case Q_ISIS_IIH: 6742 bpf_error(cstate, "'iih proto' is bogus"); 6743 /*NOTREACHED*/ 6744 6745 case Q_ISIS_SNP: 6746 bpf_error(cstate, "'snp proto' is bogus"); 6747 /*NOTREACHED*/ 6748 6749 case Q_ISIS_CSNP: 6750 bpf_error(cstate, "'csnp proto' is bogus"); 6751 /*NOTREACHED*/ 6752 6753 case Q_ISIS_PSNP: 6754 bpf_error(cstate, "'psnp proto' is bogus"); 6755 /*NOTREACHED*/ 6756 6757 case Q_ISIS_LSP: 6758 bpf_error(cstate, "'lsp proto' is bogus"); 6759 /*NOTREACHED*/ 6760 6761 case Q_RADIO: 6762 bpf_error(cstate, "'radio proto' is bogus"); 6763 /*NOTREACHED*/ 6764 6765 case Q_CARP: 6766 bpf_error(cstate, "'carp proto' is bogus"); 6767 /*NOTREACHED*/ 6768 6769 default: 6770 abort(); 6771 /*NOTREACHED*/ 6772 } 6773 /*NOTREACHED*/ 6774 } 6775 6776 /* 6777 * Convert a non-numeric name to a port number. 6778 */ 6779 static int 6780 nametoport(compiler_state_t *cstate, const char *name, int ipproto) 6781 { 6782 struct addrinfo hints, *res, *ai; 6783 int error; 6784 struct sockaddr_in *in4; 6785 #ifdef INET6 6786 struct sockaddr_in6 *in6; 6787 #endif 6788 int port = -1; 6789 6790 /* 6791 * We check for both TCP and UDP in case there are 6792 * ambiguous entries. 6793 */ 6794 memset(&hints, 0, sizeof(hints)); 6795 hints.ai_family = PF_UNSPEC; 6796 hints.ai_socktype = (ipproto == IPPROTO_TCP) ? SOCK_STREAM : SOCK_DGRAM; 6797 hints.ai_protocol = ipproto; 6798 error = getaddrinfo(NULL, name, &hints, &res); 6799 if (error != 0) { 6800 switch (error) { 6801 6802 case EAI_NONAME: 6803 case EAI_SERVICE: 6804 /* 6805 * No such port. Just return -1. 6806 */ 6807 break; 6808 6809 #ifdef EAI_SYSTEM 6810 case EAI_SYSTEM: 6811 /* 6812 * We don't use strerror() because it's not 6813 * guaranteed to be thread-safe on all platforms 6814 * (probably because it might use a non-thread-local 6815 * buffer into which to format an error message 6816 * if the error code isn't one for which it has 6817 * a canned string; three cheers for C string 6818 * handling). 6819 */ 6820 bpf_set_error(cstate, "getaddrinfo(\"%s\" fails with system error: %d", 6821 name, errno); 6822 port = -2; /* a real error */ 6823 break; 6824 #endif 6825 6826 default: 6827 /* 6828 * This is a real error, not just "there's 6829 * no such service name". 6830 * 6831 * We don't use gai_strerror() because it's not 6832 * guaranteed to be thread-safe on all platforms 6833 * (probably because it might use a non-thread-local 6834 * buffer into which to format an error message 6835 * if the error code isn't one for which it has 6836 * a canned string; three cheers for C string 6837 * handling). 6838 */ 6839 bpf_set_error(cstate, "getaddrinfo(\"%s\") fails with error: %d", 6840 name, error); 6841 port = -2; /* a real error */ 6842 break; 6843 } 6844 } else { 6845 /* 6846 * OK, we found it. Did it find anything? 6847 */ 6848 for (ai = res; ai != NULL; ai = ai->ai_next) { 6849 /* 6850 * Does it have an address? 6851 */ 6852 if (ai->ai_addr != NULL) { 6853 /* 6854 * Yes. Get a port number; we're done. 6855 */ 6856 if (ai->ai_addr->sa_family == AF_INET) { 6857 in4 = (struct sockaddr_in *)ai->ai_addr; 6858 port = ntohs(in4->sin_port); 6859 break; 6860 } 6861 #ifdef INET6 6862 if (ai->ai_addr->sa_family == AF_INET6) { 6863 in6 = (struct sockaddr_in6 *)ai->ai_addr; 6864 port = ntohs(in6->sin6_port); 6865 break; 6866 } 6867 #endif 6868 } 6869 } 6870 freeaddrinfo(res); 6871 } 6872 return port; 6873 } 6874 6875 /* 6876 * Convert a string to a port number. 6877 */ 6878 static bpf_u_int32 6879 stringtoport(compiler_state_t *cstate, const char *string, size_t string_size, 6880 int *proto) 6881 { 6882 stoulen_ret ret; 6883 char *cpy; 6884 bpf_u_int32 val; 6885 int tcp_port = -1; 6886 int udp_port = -1; 6887 6888 /* 6889 * See if it's a number. 6890 */ 6891 ret = stoulen(string, string_size, &val, cstate); 6892 switch (ret) { 6893 6894 case STOULEN_OK: 6895 /* Unknown port type - it's just a number. */ 6896 *proto = PROTO_UNDEF; 6897 break; 6898 6899 case STOULEN_NOT_OCTAL_NUMBER: 6900 case STOULEN_NOT_HEX_NUMBER: 6901 case STOULEN_NOT_DECIMAL_NUMBER: 6902 /* 6903 * Not a valid number; try looking it up as a port. 6904 */ 6905 cpy = malloc(string_size + 1); /* +1 for terminating '\0' */ 6906 memcpy(cpy, string, string_size); 6907 cpy[string_size] = '\0'; 6908 tcp_port = nametoport(cstate, cpy, IPPROTO_TCP); 6909 if (tcp_port == -2) { 6910 /* 6911 * We got a hard error; the error string has 6912 * already been set. 6913 */ 6914 free(cpy); 6915 longjmp(cstate->top_ctx, 1); 6916 /*NOTREACHED*/ 6917 } 6918 udp_port = nametoport(cstate, cpy, IPPROTO_UDP); 6919 if (udp_port == -2) { 6920 /* 6921 * We got a hard error; the error string has 6922 * already been set. 6923 */ 6924 free(cpy); 6925 longjmp(cstate->top_ctx, 1); 6926 /*NOTREACHED*/ 6927 } 6928 6929 /* 6930 * We need to check /etc/services for ambiguous entries. 6931 * If we find an ambiguous entry, and it has the 6932 * same port number, change the proto to PROTO_UNDEF 6933 * so both TCP and UDP will be checked. 6934 */ 6935 if (tcp_port >= 0) { 6936 val = (bpf_u_int32)tcp_port; 6937 *proto = IPPROTO_TCP; 6938 if (udp_port >= 0) { 6939 if (udp_port == tcp_port) 6940 *proto = PROTO_UNDEF; 6941 #ifdef notdef 6942 else 6943 /* Can't handle ambiguous names that refer 6944 to different port numbers. */ 6945 warning("ambiguous port %s in /etc/services", 6946 cpy); 6947 #endif 6948 } 6949 free(cpy); 6950 break; 6951 } 6952 if (udp_port >= 0) { 6953 val = (bpf_u_int32)udp_port; 6954 *proto = IPPROTO_UDP; 6955 free(cpy); 6956 break; 6957 } 6958 #if defined(ultrix) || defined(__osf__) 6959 /* Special hack in case NFS isn't in /etc/services */ 6960 if (strcmp(cpy, "nfs") == 0) { 6961 val = 2049; 6962 *proto = PROTO_UNDEF; 6963 free(cpy); 6964 break; 6965 } 6966 #endif 6967 bpf_set_error(cstate, "'%s' is not a valid port", cpy); 6968 free(cpy); 6969 longjmp(cstate->top_ctx, 1); 6970 /*NOTREACHED*/ 6971 6972 case STOULEN_ERROR: 6973 /* Error already set. */ 6974 longjmp(cstate->top_ctx, 1); 6975 /*NOTREACHED*/ 6976 6977 default: 6978 /* Should not happen */ 6979 bpf_set_error(cstate, "stoulen returned %d - this should not happen", ret); 6980 longjmp(cstate->top_ctx, 1); 6981 /*NOTREACHED*/ 6982 } 6983 return (val); 6984 } 6985 6986 /* 6987 * Convert a string in the form PPP-PPP, which correspond to ports, to 6988 * a starting and ending port in a port range. 6989 */ 6990 static void 6991 stringtoportrange(compiler_state_t *cstate, const char *string, 6992 bpf_u_int32 *port1, bpf_u_int32 *port2, int *proto) 6993 { 6994 char *hyphen_off; 6995 const char *first, *second; 6996 size_t first_size, second_size; 6997 int save_proto; 6998 6999 if ((hyphen_off = strchr(string, '-')) == NULL) 7000 bpf_error(cstate, "port range '%s' contains no hyphen", string); 7001 7002 /* 7003 * Make sure there are no other hyphens. 7004 * 7005 * XXX - we support named ports, but there are some port names 7006 * in /etc/services that include hyphens, so this would rule 7007 * that out. 7008 */ 7009 if (strchr(hyphen_off + 1, '-') != NULL) 7010 bpf_error(cstate, "port range '%s' contains more than one hyphen", 7011 string); 7012 7013 /* 7014 * Get the length of the first port. 7015 */ 7016 first = string; 7017 first_size = hyphen_off - string; 7018 if (first_size == 0) { 7019 /* Range of "-port", which we don't support. */ 7020 bpf_error(cstate, "port range '%s' has no starting port", string); 7021 } 7022 7023 /* 7024 * Try to convert it to a port. 7025 */ 7026 *port1 = stringtoport(cstate, first, first_size, proto); 7027 save_proto = *proto; 7028 7029 /* 7030 * Get the length of the second port. 7031 */ 7032 second = hyphen_off + 1; 7033 second_size = strlen(second); 7034 if (second_size == 0) { 7035 /* Range of "port-", which we don't support. */ 7036 bpf_error(cstate, "port range '%s' has no ending port", string); 7037 } 7038 7039 /* 7040 * Try to convert it to a port. 7041 */ 7042 *port2 = stringtoport(cstate, second, second_size, proto); 7043 if (*proto != save_proto) 7044 *proto = PROTO_UNDEF; 7045 } 7046 7047 struct block * 7048 gen_scode(compiler_state_t *cstate, const char *name, struct qual q) 7049 { 7050 int proto = q.proto; 7051 int dir = q.dir; 7052 int tproto; 7053 u_char *eaddrp; 7054 u_char eaddr[6]; 7055 bpf_u_int32 mask, addr; 7056 struct addrinfo *res, *res0; 7057 struct sockaddr_in *sin4; 7058 #ifdef INET6 7059 int tproto6; 7060 struct sockaddr_in6 *sin6; 7061 struct in6_addr mask128; 7062 #endif /*INET6*/ 7063 struct block *b, *tmp; 7064 int port, real_proto; 7065 bpf_u_int32 port1, port2; 7066 7067 /* 7068 * Catch errors reported by us and routines below us, and return NULL 7069 * on an error. 7070 */ 7071 if (setjmp(cstate->top_ctx)) 7072 return (NULL); 7073 7074 switch (q.addr) { 7075 7076 case Q_NET: 7077 addr = pcap_nametonetaddr(name); 7078 if (addr == 0) 7079 bpf_error(cstate, "unknown network '%s'", name); 7080 /* Left justify network addr and calculate its network mask */ 7081 mask = 0xffffffff; 7082 while (addr && (addr & 0xff000000) == 0) { 7083 addr <<= 8; 7084 mask <<= 8; 7085 } 7086 return gen_host(cstate, addr, mask, proto, dir, q.addr); 7087 7088 case Q_DEFAULT: 7089 case Q_HOST: 7090 if (proto == Q_LINK) { 7091 switch (cstate->linktype) { 7092 7093 case DLT_EN10MB: 7094 case DLT_NETANALYZER: 7095 case DLT_NETANALYZER_TRANSPARENT: 7096 eaddrp = pcap_ether_hostton(name); 7097 if (eaddrp == NULL) 7098 bpf_error(cstate, 7099 "unknown ether host '%s'", name); 7100 memcpy(eaddr, eaddrp, sizeof(eaddr)); 7101 free(eaddrp); 7102 tmp = gen_prevlinkhdr_check(cstate); 7103 b = gen_ehostop(cstate, eaddr, dir); 7104 if (tmp != NULL) 7105 gen_and(tmp, b); 7106 return b; 7107 7108 case DLT_FDDI: 7109 eaddrp = pcap_ether_hostton(name); 7110 if (eaddrp == NULL) 7111 bpf_error(cstate, 7112 "unknown FDDI host '%s'", name); 7113 memcpy(eaddr, eaddrp, sizeof(eaddr)); 7114 free(eaddrp); 7115 b = gen_fhostop(cstate, eaddr, dir); 7116 return b; 7117 7118 case DLT_IEEE802: 7119 eaddrp = pcap_ether_hostton(name); 7120 if (eaddrp == NULL) 7121 bpf_error(cstate, 7122 "unknown token ring host '%s'", name); 7123 memcpy(eaddr, eaddrp, sizeof(eaddr)); 7124 free(eaddrp); 7125 b = gen_thostop(cstate, eaddr, dir); 7126 return b; 7127 7128 case DLT_IEEE802_11: 7129 case DLT_PRISM_HEADER: 7130 case DLT_IEEE802_11_RADIO_AVS: 7131 case DLT_IEEE802_11_RADIO: 7132 case DLT_PPI: 7133 eaddrp = pcap_ether_hostton(name); 7134 if (eaddrp == NULL) 7135 bpf_error(cstate, 7136 "unknown 802.11 host '%s'", name); 7137 memcpy(eaddr, eaddrp, sizeof(eaddr)); 7138 free(eaddrp); 7139 b = gen_wlanhostop(cstate, eaddr, dir); 7140 return b; 7141 7142 case DLT_IP_OVER_FC: 7143 eaddrp = pcap_ether_hostton(name); 7144 if (eaddrp == NULL) 7145 bpf_error(cstate, 7146 "unknown Fibre Channel host '%s'", name); 7147 memcpy(eaddr, eaddrp, sizeof(eaddr)); 7148 free(eaddrp); 7149 b = gen_ipfchostop(cstate, eaddr, dir); 7150 return b; 7151 } 7152 7153 bpf_error(cstate, "only ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel supports link-level host name"); 7154 } else if (proto == Q_DECNET) { 7155 unsigned short dn_addr; 7156 7157 if (!__pcap_nametodnaddr(name, &dn_addr)) { 7158 #ifdef DECNETLIB 7159 bpf_error(cstate, "unknown decnet host name '%s'\n", name); 7160 #else 7161 bpf_error(cstate, "decnet name support not included, '%s' cannot be translated\n", 7162 name); 7163 #endif 7164 } 7165 /* 7166 * I don't think DECNET hosts can be multihomed, so 7167 * there is no need to build up a list of addresses 7168 */ 7169 return (gen_host(cstate, dn_addr, 0, proto, dir, q.addr)); 7170 } else { 7171 #ifdef INET6 7172 memset(&mask128, 0xff, sizeof(mask128)); 7173 #endif 7174 res0 = res = pcap_nametoaddrinfo(name); 7175 if (res == NULL) 7176 bpf_error(cstate, "unknown host '%s'", name); 7177 cstate->ai = res; 7178 b = tmp = NULL; 7179 tproto = proto; 7180 #ifdef INET6 7181 tproto6 = proto; 7182 #endif 7183 if (cstate->off_linktype.constant_part == OFFSET_NOT_SET && 7184 tproto == Q_DEFAULT) { 7185 tproto = Q_IP; 7186 #ifdef INET6 7187 tproto6 = Q_IPV6; 7188 #endif 7189 } 7190 for (res = res0; res; res = res->ai_next) { 7191 switch (res->ai_family) { 7192 case AF_INET: 7193 #ifdef INET6 7194 /* 7195 * Ignore any IPv4 addresses when resolving 7196 * "ip6 host NAME", validate all other proto 7197 * qualifiers in gen_host(). 7198 */ 7199 if (tproto == Q_IPV6) 7200 continue; 7201 #endif 7202 7203 sin4 = (struct sockaddr_in *) 7204 res->ai_addr; 7205 tmp = gen_host(cstate, ntohl(sin4->sin_addr.s_addr), 7206 0xffffffff, tproto, dir, q.addr); 7207 break; 7208 #ifdef INET6 7209 case AF_INET6: 7210 /* 7211 * Ignore any IPv6 addresses when resolving 7212 * "(arp|ip|rarp) host NAME", validate all 7213 * other proto qualifiers in gen_host6(). 7214 */ 7215 if (tproto6 == Q_ARP || tproto6 == Q_IP || 7216 tproto6 == Q_RARP) 7217 continue; 7218 7219 sin6 = (struct sockaddr_in6 *) 7220 res->ai_addr; 7221 tmp = gen_host6(cstate, &sin6->sin6_addr, 7222 &mask128, tproto6, dir, q.addr); 7223 break; 7224 #endif 7225 default: 7226 continue; 7227 } 7228 if (b) 7229 gen_or(b, tmp); 7230 b = tmp; 7231 } 7232 cstate->ai = NULL; 7233 freeaddrinfo(res0); 7234 if (b == NULL) { 7235 bpf_error(cstate, "unknown host '%s'%s", name, 7236 (proto == Q_DEFAULT) 7237 ? "" 7238 : " for specified address family"); 7239 } 7240 return b; 7241 } 7242 7243 case Q_PORT: 7244 if (proto != Q_DEFAULT && 7245 proto != Q_UDP && proto != Q_TCP && proto != Q_SCTP) 7246 bpf_error(cstate, "illegal qualifier of 'port'"); 7247 if (pcap_nametoport(name, &port, &real_proto) == 0) 7248 bpf_error(cstate, "unknown port '%s'", name); 7249 if (proto == Q_UDP) { 7250 if (real_proto == IPPROTO_TCP) 7251 bpf_error(cstate, "port '%s' is tcp", name); 7252 else if (real_proto == IPPROTO_SCTP) 7253 bpf_error(cstate, "port '%s' is sctp", name); 7254 else 7255 /* override PROTO_UNDEF */ 7256 real_proto = IPPROTO_UDP; 7257 } 7258 if (proto == Q_TCP) { 7259 if (real_proto == IPPROTO_UDP) 7260 bpf_error(cstate, "port '%s' is udp", name); 7261 7262 else if (real_proto == IPPROTO_SCTP) 7263 bpf_error(cstate, "port '%s' is sctp", name); 7264 else 7265 /* override PROTO_UNDEF */ 7266 real_proto = IPPROTO_TCP; 7267 } 7268 if (proto == Q_SCTP) { 7269 if (real_proto == IPPROTO_UDP) 7270 bpf_error(cstate, "port '%s' is udp", name); 7271 7272 else if (real_proto == IPPROTO_TCP) 7273 bpf_error(cstate, "port '%s' is tcp", name); 7274 else 7275 /* override PROTO_UNDEF */ 7276 real_proto = IPPROTO_SCTP; 7277 } 7278 if (port < 0) 7279 bpf_error(cstate, "illegal port number %d < 0", port); 7280 if (port > 65535) 7281 bpf_error(cstate, "illegal port number %d > 65535", port); 7282 b = gen_port(cstate, port, real_proto, dir); 7283 gen_or(gen_port6(cstate, port, real_proto, dir), b); 7284 return b; 7285 7286 case Q_PORTRANGE: 7287 if (proto != Q_DEFAULT && 7288 proto != Q_UDP && proto != Q_TCP && proto != Q_SCTP) 7289 bpf_error(cstate, "illegal qualifier of 'portrange'"); 7290 stringtoportrange(cstate, name, &port1, &port2, &real_proto); 7291 if (proto == Q_UDP) { 7292 if (real_proto == IPPROTO_TCP) 7293 bpf_error(cstate, "port in range '%s' is tcp", name); 7294 else if (real_proto == IPPROTO_SCTP) 7295 bpf_error(cstate, "port in range '%s' is sctp", name); 7296 else 7297 /* override PROTO_UNDEF */ 7298 real_proto = IPPROTO_UDP; 7299 } 7300 if (proto == Q_TCP) { 7301 if (real_proto == IPPROTO_UDP) 7302 bpf_error(cstate, "port in range '%s' is udp", name); 7303 else if (real_proto == IPPROTO_SCTP) 7304 bpf_error(cstate, "port in range '%s' is sctp", name); 7305 else 7306 /* override PROTO_UNDEF */ 7307 real_proto = IPPROTO_TCP; 7308 } 7309 if (proto == Q_SCTP) { 7310 if (real_proto == IPPROTO_UDP) 7311 bpf_error(cstate, "port in range '%s' is udp", name); 7312 else if (real_proto == IPPROTO_TCP) 7313 bpf_error(cstate, "port in range '%s' is tcp", name); 7314 else 7315 /* override PROTO_UNDEF */ 7316 real_proto = IPPROTO_SCTP; 7317 } 7318 if (port1 > 65535) 7319 bpf_error(cstate, "illegal port number %d > 65535", port1); 7320 if (port2 > 65535) 7321 bpf_error(cstate, "illegal port number %d > 65535", port2); 7322 7323 b = gen_portrange(cstate, port1, port2, real_proto, dir); 7324 gen_or(gen_portrange6(cstate, port1, port2, real_proto, dir), b); 7325 return b; 7326 7327 case Q_GATEWAY: 7328 #ifndef INET6 7329 eaddrp = pcap_ether_hostton(name); 7330 if (eaddrp == NULL) 7331 bpf_error(cstate, "unknown ether host: %s", name); 7332 memcpy(eaddr, eaddrp, sizeof(eaddr)); 7333 free(eaddrp); 7334 7335 res = pcap_nametoaddrinfo(name); 7336 cstate->ai = res; 7337 if (res == NULL) 7338 bpf_error(cstate, "unknown host '%s'", name); 7339 b = gen_gateway(cstate, eaddr, res, proto, dir); 7340 cstate->ai = NULL; 7341 freeaddrinfo(res); 7342 if (b == NULL) 7343 bpf_error(cstate, "unknown host '%s'", name); 7344 return b; 7345 #else 7346 bpf_error(cstate, "'gateway' not supported in this configuration"); 7347 #endif /*INET6*/ 7348 7349 case Q_PROTO: 7350 real_proto = lookup_proto(cstate, name, proto); 7351 if (real_proto >= 0) 7352 return gen_proto(cstate, real_proto, proto, dir); 7353 else 7354 bpf_error(cstate, "unknown protocol: %s", name); 7355 7356 #if !defined(NO_PROTOCHAIN) 7357 case Q_PROTOCHAIN: 7358 real_proto = lookup_proto(cstate, name, proto); 7359 if (real_proto >= 0) 7360 return gen_protochain(cstate, real_proto, proto); 7361 else 7362 bpf_error(cstate, "unknown protocol: %s", name); 7363 #endif /* !defined(NO_PROTOCHAIN) */ 7364 7365 case Q_UNDEF: 7366 syntax(cstate); 7367 /*NOTREACHED*/ 7368 } 7369 abort(); 7370 /*NOTREACHED*/ 7371 } 7372 7373 struct block * 7374 gen_mcode(compiler_state_t *cstate, const char *s1, const char *s2, 7375 bpf_u_int32 masklen, struct qual q) 7376 { 7377 register int nlen, mlen; 7378 bpf_u_int32 n, m; 7379 uint64_t m64; 7380 7381 /* 7382 * Catch errors reported by us and routines below us, and return NULL 7383 * on an error. 7384 */ 7385 if (setjmp(cstate->top_ctx)) 7386 return (NULL); 7387 7388 nlen = __pcap_atoin(s1, &n); 7389 if (nlen < 0) 7390 bpf_error(cstate, "invalid IPv4 address '%s'", s1); 7391 /* Promote short ipaddr */ 7392 n <<= 32 - nlen; 7393 7394 if (s2 != NULL) { 7395 mlen = __pcap_atoin(s2, &m); 7396 if (mlen < 0) 7397 bpf_error(cstate, "invalid IPv4 address '%s'", s2); 7398 /* Promote short ipaddr */ 7399 m <<= 32 - mlen; 7400 if ((n & ~m) != 0) 7401 bpf_error(cstate, "non-network bits set in \"%s mask %s\"", 7402 s1, s2); 7403 } else { 7404 /* Convert mask len to mask */ 7405 if (masklen > 32) 7406 bpf_error(cstate, "mask length must be <= 32"); 7407 m64 = UINT64_C(0xffffffff) << (32 - masklen); 7408 m = (bpf_u_int32)m64; 7409 if ((n & ~m) != 0) 7410 bpf_error(cstate, "non-network bits set in \"%s/%d\"", 7411 s1, masklen); 7412 } 7413 7414 switch (q.addr) { 7415 7416 case Q_NET: 7417 return gen_host(cstate, n, m, q.proto, q.dir, q.addr); 7418 7419 default: 7420 bpf_error(cstate, "Mask syntax for networks only"); 7421 /*NOTREACHED*/ 7422 } 7423 /*NOTREACHED*/ 7424 } 7425 7426 struct block * 7427 gen_ncode(compiler_state_t *cstate, const char *s, bpf_u_int32 v, struct qual q) 7428 { 7429 bpf_u_int32 mask; 7430 int proto; 7431 int dir; 7432 register int vlen; 7433 7434 /* 7435 * Catch errors reported by us and routines below us, and return NULL 7436 * on an error. 7437 */ 7438 if (setjmp(cstate->top_ctx)) 7439 return (NULL); 7440 7441 proto = q.proto; 7442 dir = q.dir; 7443 if (s == NULL) 7444 vlen = 32; 7445 else if (q.proto == Q_DECNET) { 7446 vlen = __pcap_atodn(s, &v); 7447 if (vlen == 0) 7448 bpf_error(cstate, "malformed decnet address '%s'", s); 7449 } else { 7450 vlen = __pcap_atoin(s, &v); 7451 if (vlen < 0) 7452 bpf_error(cstate, "invalid IPv4 address '%s'", s); 7453 } 7454 7455 switch (q.addr) { 7456 7457 case Q_DEFAULT: 7458 case Q_HOST: 7459 case Q_NET: 7460 if (proto == Q_DECNET) 7461 return gen_host(cstate, v, 0, proto, dir, q.addr); 7462 else if (proto == Q_LINK) { 7463 bpf_error(cstate, "illegal link layer address"); 7464 } else { 7465 mask = 0xffffffff; 7466 if (s == NULL && q.addr == Q_NET) { 7467 /* Promote short net number */ 7468 while (v && (v & 0xff000000) == 0) { 7469 v <<= 8; 7470 mask <<= 8; 7471 } 7472 } else { 7473 /* Promote short ipaddr */ 7474 v <<= 32 - vlen; 7475 mask <<= 32 - vlen ; 7476 } 7477 return gen_host(cstate, v, mask, proto, dir, q.addr); 7478 } 7479 7480 case Q_PORT: 7481 if (proto == Q_UDP) 7482 proto = IPPROTO_UDP; 7483 else if (proto == Q_TCP) 7484 proto = IPPROTO_TCP; 7485 else if (proto == Q_SCTP) 7486 proto = IPPROTO_SCTP; 7487 else if (proto == Q_DEFAULT) 7488 proto = PROTO_UNDEF; 7489 else 7490 bpf_error(cstate, "illegal qualifier of 'port'"); 7491 7492 if (v > 65535) 7493 bpf_error(cstate, "illegal port number %u > 65535", v); 7494 7495 { 7496 struct block *b; 7497 b = gen_port(cstate, v, proto, dir); 7498 gen_or(gen_port6(cstate, v, proto, dir), b); 7499 return b; 7500 } 7501 7502 case Q_PORTRANGE: 7503 if (proto == Q_UDP) 7504 proto = IPPROTO_UDP; 7505 else if (proto == Q_TCP) 7506 proto = IPPROTO_TCP; 7507 else if (proto == Q_SCTP) 7508 proto = IPPROTO_SCTP; 7509 else if (proto == Q_DEFAULT) 7510 proto = PROTO_UNDEF; 7511 else 7512 bpf_error(cstate, "illegal qualifier of 'portrange'"); 7513 7514 if (v > 65535) 7515 bpf_error(cstate, "illegal port number %u > 65535", v); 7516 7517 { 7518 struct block *b; 7519 b = gen_portrange(cstate, v, v, proto, dir); 7520 gen_or(gen_portrange6(cstate, v, v, proto, dir), b); 7521 return b; 7522 } 7523 7524 case Q_GATEWAY: 7525 bpf_error(cstate, "'gateway' requires a name"); 7526 /*NOTREACHED*/ 7527 7528 case Q_PROTO: 7529 return gen_proto(cstate, v, proto, dir); 7530 7531 #if !defined(NO_PROTOCHAIN) 7532 case Q_PROTOCHAIN: 7533 return gen_protochain(cstate, v, proto); 7534 #endif 7535 7536 case Q_UNDEF: 7537 syntax(cstate); 7538 /*NOTREACHED*/ 7539 7540 default: 7541 abort(); 7542 /*NOTREACHED*/ 7543 } 7544 /*NOTREACHED*/ 7545 } 7546 7547 #ifdef INET6 7548 struct block * 7549 gen_mcode6(compiler_state_t *cstate, const char *s, bpf_u_int32 masklen, 7550 struct qual q) 7551 { 7552 struct addrinfo *res; 7553 struct in6_addr *addr; 7554 struct in6_addr mask; 7555 struct block *b; 7556 bpf_u_int32 a[4], m[4]; /* Same as in gen_hostop6(). */ 7557 7558 /* 7559 * Catch errors reported by us and routines below us, and return NULL 7560 * on an error. 7561 */ 7562 if (setjmp(cstate->top_ctx)) 7563 return (NULL); 7564 7565 res = pcap_nametoaddrinfo(s); 7566 if (!res) 7567 bpf_error(cstate, "invalid ip6 address %s", s); 7568 cstate->ai = res; 7569 if (res->ai_next) 7570 bpf_error(cstate, "%s resolved to multiple address", s); 7571 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr; 7572 7573 if (masklen > sizeof(mask.s6_addr) * 8) 7574 bpf_error(cstate, "mask length must be <= %zu", sizeof(mask.s6_addr) * 8); 7575 memset(&mask, 0, sizeof(mask)); 7576 memset(&mask.s6_addr, 0xff, masklen / 8); 7577 if (masklen % 8) { 7578 mask.s6_addr[masklen / 8] = 7579 (0xff << (8 - masklen % 8)) & 0xff; 7580 } 7581 7582 memcpy(a, addr, sizeof(a)); 7583 memcpy(m, &mask, sizeof(m)); 7584 if ((a[0] & ~m[0]) || (a[1] & ~m[1]) 7585 || (a[2] & ~m[2]) || (a[3] & ~m[3])) { 7586 bpf_error(cstate, "non-network bits set in \"%s/%d\"", s, masklen); 7587 } 7588 7589 switch (q.addr) { 7590 7591 case Q_DEFAULT: 7592 case Q_HOST: 7593 if (masklen != 128) 7594 bpf_error(cstate, "Mask syntax for networks only"); 7595 /* FALLTHROUGH */ 7596 7597 case Q_NET: 7598 b = gen_host6(cstate, addr, &mask, q.proto, q.dir, q.addr); 7599 cstate->ai = NULL; 7600 freeaddrinfo(res); 7601 return b; 7602 7603 default: 7604 bpf_error(cstate, "invalid qualifier against IPv6 address"); 7605 /*NOTREACHED*/ 7606 } 7607 } 7608 #endif /*INET6*/ 7609 7610 struct block * 7611 gen_ecode(compiler_state_t *cstate, const char *s, struct qual q) 7612 { 7613 struct block *b, *tmp; 7614 7615 /* 7616 * Catch errors reported by us and routines below us, and return NULL 7617 * on an error. 7618 */ 7619 if (setjmp(cstate->top_ctx)) 7620 return (NULL); 7621 7622 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) { 7623 /* 7624 * Because the lexer guards the input string format, in this 7625 * context the function returns NULL iff the implicit malloc() 7626 * has failed. 7627 */ 7628 cstate->e = pcap_ether_aton(s); 7629 if (cstate->e == NULL) 7630 bpf_error(cstate, "malloc"); 7631 switch (cstate->linktype) { 7632 case DLT_EN10MB: 7633 case DLT_NETANALYZER: 7634 case DLT_NETANALYZER_TRANSPARENT: 7635 tmp = gen_prevlinkhdr_check(cstate); 7636 b = gen_ehostop(cstate, cstate->e, (int)q.dir); 7637 if (tmp != NULL) 7638 gen_and(tmp, b); 7639 break; 7640 case DLT_FDDI: 7641 b = gen_fhostop(cstate, cstate->e, (int)q.dir); 7642 break; 7643 case DLT_IEEE802: 7644 b = gen_thostop(cstate, cstate->e, (int)q.dir); 7645 break; 7646 case DLT_IEEE802_11: 7647 case DLT_PRISM_HEADER: 7648 case DLT_IEEE802_11_RADIO_AVS: 7649 case DLT_IEEE802_11_RADIO: 7650 case DLT_PPI: 7651 b = gen_wlanhostop(cstate, cstate->e, (int)q.dir); 7652 break; 7653 case DLT_IP_OVER_FC: 7654 b = gen_ipfchostop(cstate, cstate->e, (int)q.dir); 7655 break; 7656 default: 7657 free(cstate->e); 7658 cstate->e = NULL; 7659 bpf_error(cstate, "ethernet addresses supported only on ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel"); 7660 /*NOTREACHED*/ 7661 } 7662 free(cstate->e); 7663 cstate->e = NULL; 7664 return (b); 7665 } 7666 bpf_error(cstate, "ethernet address used in non-ether expression"); 7667 /*NOTREACHED*/ 7668 } 7669 7670 void 7671 sappend(struct slist *s0, struct slist *s1) 7672 { 7673 /* 7674 * This is definitely not the best way to do this, but the 7675 * lists will rarely get long. 7676 */ 7677 while (s0->next) 7678 s0 = s0->next; 7679 s0->next = s1; 7680 } 7681 7682 static struct slist * 7683 xfer_to_x(compiler_state_t *cstate, struct arth *a) 7684 { 7685 struct slist *s; 7686 7687 s = new_stmt(cstate, BPF_LDX|BPF_MEM); 7688 s->s.k = a->regno; 7689 return s; 7690 } 7691 7692 static struct slist * 7693 xfer_to_a(compiler_state_t *cstate, struct arth *a) 7694 { 7695 struct slist *s; 7696 7697 s = new_stmt(cstate, BPF_LD|BPF_MEM); 7698 s->s.k = a->regno; 7699 return s; 7700 } 7701 7702 /* 7703 * Modify "index" to use the value stored into its register as an 7704 * offset relative to the beginning of the header for the protocol 7705 * "proto", and allocate a register and put an item "size" bytes long 7706 * (1, 2, or 4) at that offset into that register, making it the register 7707 * for "index". 7708 */ 7709 static struct arth * 7710 gen_load_internal(compiler_state_t *cstate, int proto, struct arth *inst, 7711 bpf_u_int32 size) 7712 { 7713 int size_code; 7714 struct slist *s, *tmp; 7715 struct block *b; 7716 int regno = alloc_reg(cstate); 7717 7718 free_reg(cstate, inst->regno); 7719 switch (size) { 7720 7721 default: 7722 bpf_error(cstate, "data size must be 1, 2, or 4"); 7723 /*NOTREACHED*/ 7724 7725 case 1: 7726 size_code = BPF_B; 7727 break; 7728 7729 case 2: 7730 size_code = BPF_H; 7731 break; 7732 7733 case 4: 7734 size_code = BPF_W; 7735 break; 7736 } 7737 switch (proto) { 7738 default: 7739 bpf_error(cstate, "unsupported index operation"); 7740 7741 case Q_RADIO: 7742 /* 7743 * The offset is relative to the beginning of the packet 7744 * data, if we have a radio header. (If we don't, this 7745 * is an error.) 7746 */ 7747 if (cstate->linktype != DLT_IEEE802_11_RADIO_AVS && 7748 cstate->linktype != DLT_IEEE802_11_RADIO && 7749 cstate->linktype != DLT_PRISM_HEADER) 7750 bpf_error(cstate, "radio information not present in capture"); 7751 7752 /* 7753 * Load into the X register the offset computed into the 7754 * register specified by "index". 7755 */ 7756 s = xfer_to_x(cstate, inst); 7757 7758 /* 7759 * Load the item at that offset. 7760 */ 7761 tmp = new_stmt(cstate, BPF_LD|BPF_IND|size_code); 7762 sappend(s, tmp); 7763 sappend(inst->s, s); 7764 break; 7765 7766 case Q_LINK: 7767 /* 7768 * The offset is relative to the beginning of 7769 * the link-layer header. 7770 * 7771 * XXX - what about ATM LANE? Should the index be 7772 * relative to the beginning of the AAL5 frame, so 7773 * that 0 refers to the beginning of the LE Control 7774 * field, or relative to the beginning of the LAN 7775 * frame, so that 0 refers, for Ethernet LANE, to 7776 * the beginning of the destination address? 7777 */ 7778 s = gen_abs_offset_varpart(cstate, &cstate->off_linkhdr); 7779 7780 /* 7781 * If "s" is non-null, it has code to arrange that the 7782 * X register contains the length of the prefix preceding 7783 * the link-layer header. Add to it the offset computed 7784 * into the register specified by "index", and move that 7785 * into the X register. Otherwise, just load into the X 7786 * register the offset computed into the register specified 7787 * by "index". 7788 */ 7789 if (s != NULL) { 7790 sappend(s, xfer_to_a(cstate, inst)); 7791 sappend(s, new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_X)); 7792 sappend(s, new_stmt(cstate, BPF_MISC|BPF_TAX)); 7793 } else 7794 s = xfer_to_x(cstate, inst); 7795 7796 /* 7797 * Load the item at the sum of the offset we've put in the 7798 * X register and the offset of the start of the link 7799 * layer header (which is 0 if the radio header is 7800 * variable-length; that header length is what we put 7801 * into the X register and then added to the index). 7802 */ 7803 tmp = new_stmt(cstate, BPF_LD|BPF_IND|size_code); 7804 tmp->s.k = cstate->off_linkhdr.constant_part; 7805 sappend(s, tmp); 7806 sappend(inst->s, s); 7807 break; 7808 7809 case Q_IP: 7810 case Q_ARP: 7811 case Q_RARP: 7812 case Q_ATALK: 7813 case Q_DECNET: 7814 case Q_SCA: 7815 case Q_LAT: 7816 case Q_MOPRC: 7817 case Q_MOPDL: 7818 case Q_IPV6: 7819 /* 7820 * The offset is relative to the beginning of 7821 * the network-layer header. 7822 * XXX - are there any cases where we want 7823 * cstate->off_nl_nosnap? 7824 */ 7825 s = gen_abs_offset_varpart(cstate, &cstate->off_linkpl); 7826 7827 /* 7828 * If "s" is non-null, it has code to arrange that the 7829 * X register contains the variable part of the offset 7830 * of the link-layer payload. Add to it the offset 7831 * computed into the register specified by "index", 7832 * and move that into the X register. Otherwise, just 7833 * load into the X register the offset computed into 7834 * the register specified by "index". 7835 */ 7836 if (s != NULL) { 7837 sappend(s, xfer_to_a(cstate, inst)); 7838 sappend(s, new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_X)); 7839 sappend(s, new_stmt(cstate, BPF_MISC|BPF_TAX)); 7840 } else 7841 s = xfer_to_x(cstate, inst); 7842 7843 /* 7844 * Load the item at the sum of the offset we've put in the 7845 * X register, the offset of the start of the network 7846 * layer header from the beginning of the link-layer 7847 * payload, and the constant part of the offset of the 7848 * start of the link-layer payload. 7849 */ 7850 tmp = new_stmt(cstate, BPF_LD|BPF_IND|size_code); 7851 tmp->s.k = cstate->off_linkpl.constant_part + cstate->off_nl; 7852 sappend(s, tmp); 7853 sappend(inst->s, s); 7854 7855 /* 7856 * Do the computation only if the packet contains 7857 * the protocol in question. 7858 */ 7859 b = gen_proto_abbrev_internal(cstate, proto); 7860 if (inst->b) 7861 gen_and(inst->b, b); 7862 inst->b = b; 7863 break; 7864 7865 case Q_SCTP: 7866 case Q_TCP: 7867 case Q_UDP: 7868 case Q_ICMP: 7869 case Q_IGMP: 7870 case Q_IGRP: 7871 case Q_PIM: 7872 case Q_VRRP: 7873 case Q_CARP: 7874 /* 7875 * The offset is relative to the beginning of 7876 * the transport-layer header. 7877 * 7878 * Load the X register with the length of the IPv4 header 7879 * (plus the offset of the link-layer header, if it's 7880 * a variable-length header), in bytes. 7881 * 7882 * XXX - are there any cases where we want 7883 * cstate->off_nl_nosnap? 7884 * XXX - we should, if we're built with 7885 * IPv6 support, generate code to load either 7886 * IPv4, IPv6, or both, as appropriate. 7887 */ 7888 s = gen_loadx_iphdrlen(cstate); 7889 7890 /* 7891 * The X register now contains the sum of the variable 7892 * part of the offset of the link-layer payload and the 7893 * length of the network-layer header. 7894 * 7895 * Load into the A register the offset relative to 7896 * the beginning of the transport layer header, 7897 * add the X register to that, move that to the 7898 * X register, and load with an offset from the 7899 * X register equal to the sum of the constant part of 7900 * the offset of the link-layer payload and the offset, 7901 * relative to the beginning of the link-layer payload, 7902 * of the network-layer header. 7903 */ 7904 sappend(s, xfer_to_a(cstate, inst)); 7905 sappend(s, new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_X)); 7906 sappend(s, new_stmt(cstate, BPF_MISC|BPF_TAX)); 7907 sappend(s, tmp = new_stmt(cstate, BPF_LD|BPF_IND|size_code)); 7908 tmp->s.k = cstate->off_linkpl.constant_part + cstate->off_nl; 7909 sappend(inst->s, s); 7910 7911 /* 7912 * Do the computation only if the packet contains 7913 * the protocol in question - which is true only 7914 * if this is an IP datagram and is the first or 7915 * only fragment of that datagram. 7916 */ 7917 gen_and(gen_proto_abbrev_internal(cstate, proto), b = gen_ipfrag(cstate)); 7918 if (inst->b) 7919 gen_and(inst->b, b); 7920 gen_and(gen_proto_abbrev_internal(cstate, Q_IP), b); 7921 inst->b = b; 7922 break; 7923 case Q_ICMPV6: 7924 /* 7925 * Do the computation only if the packet contains 7926 * the protocol in question. 7927 */ 7928 b = gen_proto_abbrev_internal(cstate, Q_IPV6); 7929 if (inst->b) 7930 gen_and(inst->b, b); 7931 inst->b = b; 7932 7933 /* 7934 * Check if we have an icmp6 next header 7935 */ 7936 b = gen_cmp(cstate, OR_LINKPL, 6, BPF_B, 58); 7937 if (inst->b) 7938 gen_and(inst->b, b); 7939 inst->b = b; 7940 7941 s = gen_abs_offset_varpart(cstate, &cstate->off_linkpl); 7942 /* 7943 * If "s" is non-null, it has code to arrange that the 7944 * X register contains the variable part of the offset 7945 * of the link-layer payload. Add to it the offset 7946 * computed into the register specified by "index", 7947 * and move that into the X register. Otherwise, just 7948 * load into the X register the offset computed into 7949 * the register specified by "index". 7950 */ 7951 if (s != NULL) { 7952 sappend(s, xfer_to_a(cstate, inst)); 7953 sappend(s, new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_X)); 7954 sappend(s, new_stmt(cstate, BPF_MISC|BPF_TAX)); 7955 } else 7956 s = xfer_to_x(cstate, inst); 7957 7958 /* 7959 * Load the item at the sum of the offset we've put in the 7960 * X register, the offset of the start of the network 7961 * layer header from the beginning of the link-layer 7962 * payload, and the constant part of the offset of the 7963 * start of the link-layer payload. 7964 */ 7965 tmp = new_stmt(cstate, BPF_LD|BPF_IND|size_code); 7966 tmp->s.k = cstate->off_linkpl.constant_part + cstate->off_nl + 40; 7967 7968 sappend(s, tmp); 7969 sappend(inst->s, s); 7970 7971 break; 7972 } 7973 inst->regno = regno; 7974 s = new_stmt(cstate, BPF_ST); 7975 s->s.k = regno; 7976 sappend(inst->s, s); 7977 7978 return inst; 7979 } 7980 7981 struct arth * 7982 gen_load(compiler_state_t *cstate, int proto, struct arth *inst, 7983 bpf_u_int32 size) 7984 { 7985 /* 7986 * Catch errors reported by us and routines below us, and return NULL 7987 * on an error. 7988 */ 7989 if (setjmp(cstate->top_ctx)) 7990 return (NULL); 7991 7992 return gen_load_internal(cstate, proto, inst, size); 7993 } 7994 7995 static struct block * 7996 gen_relation_internal(compiler_state_t *cstate, int code, struct arth *a0, 7997 struct arth *a1, int reversed) 7998 { 7999 struct slist *s0, *s1, *s2; 8000 struct block *b, *tmp; 8001 8002 s0 = xfer_to_x(cstate, a1); 8003 s1 = xfer_to_a(cstate, a0); 8004 if (code == BPF_JEQ) { 8005 s2 = new_stmt(cstate, BPF_ALU|BPF_SUB|BPF_X); 8006 b = new_block(cstate, JMP(code)); 8007 sappend(s1, s2); 8008 } 8009 else 8010 b = new_block(cstate, BPF_JMP|code|BPF_X); 8011 if (reversed) 8012 gen_not(b); 8013 8014 sappend(s0, s1); 8015 sappend(a1->s, s0); 8016 sappend(a0->s, a1->s); 8017 8018 b->stmts = a0->s; 8019 8020 free_reg(cstate, a0->regno); 8021 free_reg(cstate, a1->regno); 8022 8023 /* 'and' together protocol checks */ 8024 if (a0->b) { 8025 if (a1->b) { 8026 gen_and(a0->b, tmp = a1->b); 8027 } 8028 else 8029 tmp = a0->b; 8030 } else 8031 tmp = a1->b; 8032 8033 if (tmp) 8034 gen_and(tmp, b); 8035 8036 return b; 8037 } 8038 8039 struct block * 8040 gen_relation(compiler_state_t *cstate, int code, struct arth *a0, 8041 struct arth *a1, int reversed) 8042 { 8043 /* 8044 * Catch errors reported by us and routines below us, and return NULL 8045 * on an error. 8046 */ 8047 if (setjmp(cstate->top_ctx)) 8048 return (NULL); 8049 8050 return gen_relation_internal(cstate, code, a0, a1, reversed); 8051 } 8052 8053 struct arth * 8054 gen_loadlen(compiler_state_t *cstate) 8055 { 8056 int regno; 8057 struct arth *a; 8058 struct slist *s; 8059 8060 /* 8061 * Catch errors reported by us and routines below us, and return NULL 8062 * on an error. 8063 */ 8064 if (setjmp(cstate->top_ctx)) 8065 return (NULL); 8066 8067 regno = alloc_reg(cstate); 8068 a = (struct arth *)newchunk(cstate, sizeof(*a)); 8069 s = new_stmt(cstate, BPF_LD|BPF_LEN); 8070 s->next = new_stmt(cstate, BPF_ST); 8071 s->next->s.k = regno; 8072 a->s = s; 8073 a->regno = regno; 8074 8075 return a; 8076 } 8077 8078 static struct arth * 8079 gen_loadi_internal(compiler_state_t *cstate, bpf_u_int32 val) 8080 { 8081 struct arth *a; 8082 struct slist *s; 8083 int reg; 8084 8085 a = (struct arth *)newchunk(cstate, sizeof(*a)); 8086 8087 reg = alloc_reg(cstate); 8088 8089 s = new_stmt(cstate, BPF_LD|BPF_IMM); 8090 s->s.k = val; 8091 s->next = new_stmt(cstate, BPF_ST); 8092 s->next->s.k = reg; 8093 a->s = s; 8094 a->regno = reg; 8095 8096 return a; 8097 } 8098 8099 struct arth * 8100 gen_loadi(compiler_state_t *cstate, bpf_u_int32 val) 8101 { 8102 /* 8103 * Catch errors reported by us and routines below us, and return NULL 8104 * on an error. 8105 */ 8106 if (setjmp(cstate->top_ctx)) 8107 return (NULL); 8108 8109 return gen_loadi_internal(cstate, val); 8110 } 8111 8112 /* 8113 * The a_arg dance is to avoid annoying whining by compilers that 8114 * a might be clobbered by longjmp - yeah, it might, but *WHO CARES*? 8115 * It's not *used* after setjmp returns. 8116 */ 8117 struct arth * 8118 gen_neg(compiler_state_t *cstate, struct arth *a_arg) 8119 { 8120 struct arth *a = a_arg; 8121 struct slist *s; 8122 8123 /* 8124 * Catch errors reported by us and routines below us, and return NULL 8125 * on an error. 8126 */ 8127 if (setjmp(cstate->top_ctx)) 8128 return (NULL); 8129 8130 s = xfer_to_a(cstate, a); 8131 sappend(a->s, s); 8132 s = new_stmt(cstate, BPF_ALU|BPF_NEG); 8133 s->s.k = 0; 8134 sappend(a->s, s); 8135 s = new_stmt(cstate, BPF_ST); 8136 s->s.k = a->regno; 8137 sappend(a->s, s); 8138 8139 return a; 8140 } 8141 8142 /* 8143 * The a0_arg dance is to avoid annoying whining by compilers that 8144 * a0 might be clobbered by longjmp - yeah, it might, but *WHO CARES*? 8145 * It's not *used* after setjmp returns. 8146 */ 8147 struct arth * 8148 gen_arth(compiler_state_t *cstate, int code, struct arth *a0_arg, 8149 struct arth *a1) 8150 { 8151 struct arth *a0 = a0_arg; 8152 struct slist *s0, *s1, *s2; 8153 8154 /* 8155 * Catch errors reported by us and routines below us, and return NULL 8156 * on an error. 8157 */ 8158 if (setjmp(cstate->top_ctx)) 8159 return (NULL); 8160 8161 /* 8162 * Disallow division by, or modulus by, zero; we do this here 8163 * so that it gets done even if the optimizer is disabled. 8164 * 8165 * Also disallow shifts by a value greater than 31; we do this 8166 * here, for the same reason. 8167 */ 8168 if (code == BPF_DIV) { 8169 if (a1->s->s.code == (BPF_LD|BPF_IMM) && a1->s->s.k == 0) 8170 bpf_error(cstate, "division by zero"); 8171 } else if (code == BPF_MOD) { 8172 if (a1->s->s.code == (BPF_LD|BPF_IMM) && a1->s->s.k == 0) 8173 bpf_error(cstate, "modulus by zero"); 8174 } else if (code == BPF_LSH || code == BPF_RSH) { 8175 if (a1->s->s.code == (BPF_LD|BPF_IMM) && a1->s->s.k > 31) 8176 bpf_error(cstate, "shift by more than 31 bits"); 8177 } 8178 s0 = xfer_to_x(cstate, a1); 8179 s1 = xfer_to_a(cstate, a0); 8180 s2 = new_stmt(cstate, BPF_ALU|BPF_X|code); 8181 8182 sappend(s1, s2); 8183 sappend(s0, s1); 8184 sappend(a1->s, s0); 8185 sappend(a0->s, a1->s); 8186 8187 free_reg(cstate, a0->regno); 8188 free_reg(cstate, a1->regno); 8189 8190 s0 = new_stmt(cstate, BPF_ST); 8191 a0->regno = s0->s.k = alloc_reg(cstate); 8192 sappend(a0->s, s0); 8193 8194 return a0; 8195 } 8196 8197 /* 8198 * Initialize the table of used registers and the current register. 8199 */ 8200 static void 8201 init_regs(compiler_state_t *cstate) 8202 { 8203 cstate->curreg = 0; 8204 memset(cstate->regused, 0, sizeof cstate->regused); 8205 } 8206 8207 /* 8208 * Return the next free register. 8209 */ 8210 static int 8211 alloc_reg(compiler_state_t *cstate) 8212 { 8213 int n = BPF_MEMWORDS; 8214 8215 while (--n >= 0) { 8216 if (cstate->regused[cstate->curreg]) 8217 cstate->curreg = (cstate->curreg + 1) % BPF_MEMWORDS; 8218 else { 8219 cstate->regused[cstate->curreg] = 1; 8220 return cstate->curreg; 8221 } 8222 } 8223 bpf_error(cstate, "too many registers needed to evaluate expression"); 8224 /*NOTREACHED*/ 8225 } 8226 8227 /* 8228 * Return a register to the table so it can 8229 * be used later. 8230 */ 8231 static void 8232 free_reg(compiler_state_t *cstate, int n) 8233 { 8234 cstate->regused[n] = 0; 8235 } 8236 8237 static struct block * 8238 gen_len(compiler_state_t *cstate, int jmp, int n) 8239 { 8240 struct slist *s; 8241 struct block *b; 8242 8243 s = new_stmt(cstate, BPF_LD|BPF_LEN); 8244 b = new_block(cstate, JMP(jmp)); 8245 b->stmts = s; 8246 b->s.k = n; 8247 8248 return b; 8249 } 8250 8251 struct block * 8252 gen_greater(compiler_state_t *cstate, int n) 8253 { 8254 /* 8255 * Catch errors reported by us and routines below us, and return NULL 8256 * on an error. 8257 */ 8258 if (setjmp(cstate->top_ctx)) 8259 return (NULL); 8260 8261 return gen_len(cstate, BPF_JGE, n); 8262 } 8263 8264 /* 8265 * Actually, this is less than or equal. 8266 */ 8267 struct block * 8268 gen_less(compiler_state_t *cstate, int n) 8269 { 8270 struct block *b; 8271 8272 /* 8273 * Catch errors reported by us and routines below us, and return NULL 8274 * on an error. 8275 */ 8276 if (setjmp(cstate->top_ctx)) 8277 return (NULL); 8278 8279 b = gen_len(cstate, BPF_JGT, n); 8280 gen_not(b); 8281 8282 return b; 8283 } 8284 8285 /* 8286 * This is for "byte {idx} {op} {val}"; "idx" is treated as relative to 8287 * the beginning of the link-layer header. 8288 * XXX - that means you can't test values in the radiotap header, but 8289 * as that header is difficult if not impossible to parse generally 8290 * without a loop, that might not be a severe problem. A new keyword 8291 * "radio" could be added for that, although what you'd really want 8292 * would be a way of testing particular radio header values, which 8293 * would generate code appropriate to the radio header in question. 8294 */ 8295 struct block * 8296 gen_byteop(compiler_state_t *cstate, int op, int idx, bpf_u_int32 val) 8297 { 8298 struct block *b; 8299 struct slist *s; 8300 8301 /* 8302 * Catch errors reported by us and routines below us, and return NULL 8303 * on an error. 8304 */ 8305 if (setjmp(cstate->top_ctx)) 8306 return (NULL); 8307 8308 switch (op) { 8309 default: 8310 abort(); 8311 8312 case '=': 8313 return gen_cmp(cstate, OR_LINKHDR, (u_int)idx, BPF_B, val); 8314 8315 case '<': 8316 b = gen_cmp_lt(cstate, OR_LINKHDR, (u_int)idx, BPF_B, val); 8317 return b; 8318 8319 case '>': 8320 b = gen_cmp_gt(cstate, OR_LINKHDR, (u_int)idx, BPF_B, val); 8321 return b; 8322 8323 case '|': 8324 s = new_stmt(cstate, BPF_ALU|BPF_OR|BPF_K); 8325 break; 8326 8327 case '&': 8328 s = new_stmt(cstate, BPF_ALU|BPF_AND|BPF_K); 8329 break; 8330 } 8331 s->s.k = val; 8332 b = new_block(cstate, JMP(BPF_JEQ)); 8333 b->stmts = s; 8334 gen_not(b); 8335 8336 return b; 8337 } 8338 8339 struct block * 8340 gen_broadcast(compiler_state_t *cstate, int proto) 8341 { 8342 bpf_u_int32 hostmask; 8343 struct block *b0, *b1, *b2; 8344 static const u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 8345 8346 /* 8347 * Catch errors reported by us and routines below us, and return NULL 8348 * on an error. 8349 */ 8350 if (setjmp(cstate->top_ctx)) 8351 return (NULL); 8352 8353 switch (proto) { 8354 8355 case Q_DEFAULT: 8356 case Q_LINK: 8357 switch (cstate->linktype) { 8358 case DLT_ARCNET: 8359 case DLT_ARCNET_LINUX: 8360 // ARCnet broadcast is [8-bit] destination address 0. 8361 return gen_ahostop(cstate, 0, Q_DST); 8362 case DLT_EN10MB: 8363 case DLT_NETANALYZER: 8364 case DLT_NETANALYZER_TRANSPARENT: 8365 b1 = gen_prevlinkhdr_check(cstate); 8366 b0 = gen_ehostop(cstate, ebroadcast, Q_DST); 8367 if (b1 != NULL) 8368 gen_and(b1, b0); 8369 return b0; 8370 case DLT_FDDI: 8371 return gen_fhostop(cstate, ebroadcast, Q_DST); 8372 case DLT_IEEE802: 8373 return gen_thostop(cstate, ebroadcast, Q_DST); 8374 case DLT_IEEE802_11: 8375 case DLT_PRISM_HEADER: 8376 case DLT_IEEE802_11_RADIO_AVS: 8377 case DLT_IEEE802_11_RADIO: 8378 case DLT_PPI: 8379 return gen_wlanhostop(cstate, ebroadcast, Q_DST); 8380 case DLT_IP_OVER_FC: 8381 return gen_ipfchostop(cstate, ebroadcast, Q_DST); 8382 default: 8383 bpf_error(cstate, "not a broadcast link"); 8384 } 8385 /*NOTREACHED*/ 8386 8387 case Q_IP: 8388 /* 8389 * We treat a netmask of PCAP_NETMASK_UNKNOWN (0xffffffff) 8390 * as an indication that we don't know the netmask, and fail 8391 * in that case. 8392 */ 8393 if (cstate->netmask == PCAP_NETMASK_UNKNOWN) 8394 bpf_error(cstate, "netmask not known, so 'ip broadcast' not supported"); 8395 b0 = gen_linktype(cstate, ETHERTYPE_IP); 8396 hostmask = ~cstate->netmask; 8397 b1 = gen_mcmp(cstate, OR_LINKPL, 16, BPF_W, 0, hostmask); 8398 b2 = gen_mcmp(cstate, OR_LINKPL, 16, BPF_W, 8399 ~0 & hostmask, hostmask); 8400 gen_or(b1, b2); 8401 gen_and(b0, b2); 8402 return b2; 8403 } 8404 bpf_error(cstate, "only link-layer/IP broadcast filters supported"); 8405 /*NOTREACHED*/ 8406 } 8407 8408 /* 8409 * Generate code to test the low-order bit of a MAC address (that's 8410 * the bottom bit of the *first* byte). 8411 */ 8412 static struct block * 8413 gen_mac_multicast(compiler_state_t *cstate, int offset) 8414 { 8415 register struct block *b0; 8416 register struct slist *s; 8417 8418 /* link[offset] & 1 != 0 */ 8419 s = gen_load_a(cstate, OR_LINKHDR, offset, BPF_B); 8420 b0 = new_block(cstate, JMP(BPF_JSET)); 8421 b0->s.k = 1; 8422 b0->stmts = s; 8423 return b0; 8424 } 8425 8426 struct block * 8427 gen_multicast(compiler_state_t *cstate, int proto) 8428 { 8429 register struct block *b0, *b1, *b2; 8430 register struct slist *s; 8431 8432 /* 8433 * Catch errors reported by us and routines below us, and return NULL 8434 * on an error. 8435 */ 8436 if (setjmp(cstate->top_ctx)) 8437 return (NULL); 8438 8439 switch (proto) { 8440 8441 case Q_DEFAULT: 8442 case Q_LINK: 8443 switch (cstate->linktype) { 8444 case DLT_ARCNET: 8445 case DLT_ARCNET_LINUX: 8446 // ARCnet multicast is the same as broadcast. 8447 return gen_ahostop(cstate, 0, Q_DST); 8448 case DLT_EN10MB: 8449 case DLT_NETANALYZER: 8450 case DLT_NETANALYZER_TRANSPARENT: 8451 b1 = gen_prevlinkhdr_check(cstate); 8452 /* ether[0] & 1 != 0 */ 8453 b0 = gen_mac_multicast(cstate, 0); 8454 if (b1 != NULL) 8455 gen_and(b1, b0); 8456 return b0; 8457 case DLT_FDDI: 8458 /* 8459 * XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX 8460 * 8461 * XXX - was that referring to bit-order issues? 8462 */ 8463 /* fddi[1] & 1 != 0 */ 8464 return gen_mac_multicast(cstate, 1); 8465 case DLT_IEEE802: 8466 /* tr[2] & 1 != 0 */ 8467 return gen_mac_multicast(cstate, 2); 8468 case DLT_IEEE802_11: 8469 case DLT_PRISM_HEADER: 8470 case DLT_IEEE802_11_RADIO_AVS: 8471 case DLT_IEEE802_11_RADIO: 8472 case DLT_PPI: 8473 /* 8474 * Oh, yuk. 8475 * 8476 * For control frames, there is no DA. 8477 * 8478 * For management frames, DA is at an 8479 * offset of 4 from the beginning of 8480 * the packet. 8481 * 8482 * For data frames, DA is at an offset 8483 * of 4 from the beginning of the packet 8484 * if To DS is clear and at an offset of 8485 * 16 from the beginning of the packet 8486 * if To DS is set. 8487 */ 8488 8489 /* 8490 * Generate the tests to be done for data frames. 8491 * 8492 * First, check for To DS set, i.e. "link[1] & 0x01". 8493 */ 8494 s = gen_load_a(cstate, OR_LINKHDR, 1, BPF_B); 8495 b1 = new_block(cstate, JMP(BPF_JSET)); 8496 b1->s.k = 0x01; /* To DS */ 8497 b1->stmts = s; 8498 8499 /* 8500 * If To DS is set, the DA is at 16. 8501 */ 8502 b0 = gen_mac_multicast(cstate, 16); 8503 gen_and(b1, b0); 8504 8505 /* 8506 * Now, check for To DS not set, i.e. check 8507 * "!(link[1] & 0x01)". 8508 */ 8509 s = gen_load_a(cstate, OR_LINKHDR, 1, BPF_B); 8510 b2 = new_block(cstate, JMP(BPF_JSET)); 8511 b2->s.k = 0x01; /* To DS */ 8512 b2->stmts = s; 8513 gen_not(b2); 8514 8515 /* 8516 * If To DS is not set, the DA is at 4. 8517 */ 8518 b1 = gen_mac_multicast(cstate, 4); 8519 gen_and(b2, b1); 8520 8521 /* 8522 * Now OR together the last two checks. That gives 8523 * the complete set of checks for data frames. 8524 */ 8525 gen_or(b1, b0); 8526 8527 /* 8528 * Now check for a data frame. 8529 * I.e, check "link[0] & 0x08". 8530 */ 8531 s = gen_load_a(cstate, OR_LINKHDR, 0, BPF_B); 8532 b1 = new_block(cstate, JMP(BPF_JSET)); 8533 b1->s.k = 0x08; 8534 b1->stmts = s; 8535 8536 /* 8537 * AND that with the checks done for data frames. 8538 */ 8539 gen_and(b1, b0); 8540 8541 /* 8542 * If the high-order bit of the type value is 0, this 8543 * is a management frame. 8544 * I.e, check "!(link[0] & 0x08)". 8545 */ 8546 s = gen_load_a(cstate, OR_LINKHDR, 0, BPF_B); 8547 b2 = new_block(cstate, JMP(BPF_JSET)); 8548 b2->s.k = 0x08; 8549 b2->stmts = s; 8550 gen_not(b2); 8551 8552 /* 8553 * For management frames, the DA is at 4. 8554 */ 8555 b1 = gen_mac_multicast(cstate, 4); 8556 gen_and(b2, b1); 8557 8558 /* 8559 * OR that with the checks done for data frames. 8560 * That gives the checks done for management and 8561 * data frames. 8562 */ 8563 gen_or(b1, b0); 8564 8565 /* 8566 * If the low-order bit of the type value is 1, 8567 * this is either a control frame or a frame 8568 * with a reserved type, and thus not a 8569 * frame with an SA. 8570 * 8571 * I.e., check "!(link[0] & 0x04)". 8572 */ 8573 s = gen_load_a(cstate, OR_LINKHDR, 0, BPF_B); 8574 b1 = new_block(cstate, JMP(BPF_JSET)); 8575 b1->s.k = 0x04; 8576 b1->stmts = s; 8577 gen_not(b1); 8578 8579 /* 8580 * AND that with the checks for data and management 8581 * frames. 8582 */ 8583 gen_and(b1, b0); 8584 return b0; 8585 case DLT_IP_OVER_FC: 8586 b0 = gen_mac_multicast(cstate, 2); 8587 return b0; 8588 default: 8589 break; 8590 } 8591 /* Link not known to support multicasts */ 8592 break; 8593 8594 case Q_IP: 8595 b0 = gen_linktype(cstate, ETHERTYPE_IP); 8596 8597 /* 8598 * Compare address with 224.0.0.0/4 8599 */ 8600 b1 = gen_mcmp(cstate, OR_LINKPL, 16, BPF_B, 0xe0, 0xf0); 8601 8602 gen_and(b0, b1); 8603 return b1; 8604 8605 case Q_IPV6: 8606 b0 = gen_linktype(cstate, ETHERTYPE_IPV6); 8607 b1 = gen_cmp(cstate, OR_LINKPL, 24, BPF_B, 255); 8608 gen_and(b0, b1); 8609 return b1; 8610 } 8611 bpf_error(cstate, "link-layer multicast filters supported only on ethernet/FDDI/token ring/ARCNET/802.11/ATM LANE/Fibre Channel"); 8612 /*NOTREACHED*/ 8613 } 8614 8615 struct block * 8616 gen_ifindex(compiler_state_t *cstate, int ifindex) 8617 { 8618 register struct block *b0; 8619 8620 /* 8621 * Catch errors reported by us and routines below us, and return NULL 8622 * on an error. 8623 */ 8624 if (setjmp(cstate->top_ctx)) 8625 return (NULL); 8626 8627 /* 8628 * Only some data link types support ifindex qualifiers. 8629 */ 8630 switch (cstate->linktype) { 8631 case DLT_LINUX_SLL2: 8632 /* match packets on this interface */ 8633 b0 = gen_cmp(cstate, OR_LINKHDR, 4, BPF_W, ifindex); 8634 break; 8635 default: 8636 #if defined(__linux__) 8637 /* 8638 * This is Linux; we require PF_PACKET support. 8639 * If this is a *live* capture, we can look at 8640 * special meta-data in the filter expression; 8641 * if it's a savefile, we can't. 8642 */ 8643 if (cstate->bpf_pcap->rfile != NULL) { 8644 /* We have a FILE *, so this is a savefile */ 8645 bpf_error(cstate, "ifindex not supported on %s when reading savefiles", 8646 pcap_datalink_val_to_description_or_dlt(cstate->linktype)); 8647 /*NOTREACHED*/ 8648 } 8649 /* match ifindex */ 8650 b0 = gen_cmp(cstate, OR_LINKHDR, SKF_AD_OFF + SKF_AD_IFINDEX, BPF_W, 8651 ifindex); 8652 #else /* defined(__linux__) */ 8653 bpf_error(cstate, "ifindex not supported on %s", 8654 pcap_datalink_val_to_description_or_dlt(cstate->linktype)); 8655 /*NOTREACHED*/ 8656 #endif /* defined(__linux__) */ 8657 } 8658 return (b0); 8659 } 8660 8661 /* 8662 * Filter on inbound (dir == 0) or outbound (dir == 1) traffic. 8663 * Outbound traffic is sent by this machine, while inbound traffic is 8664 * sent by a remote machine (and may include packets destined for a 8665 * unicast or multicast link-layer address we are not subscribing to). 8666 * These are the same definitions implemented by pcap_setdirection(). 8667 * Capturing only unicast traffic destined for this host is probably 8668 * better accomplished using a higher-layer filter. 8669 */ 8670 struct block * 8671 gen_inbound(compiler_state_t *cstate, int dir) 8672 { 8673 register struct block *b0; 8674 8675 /* 8676 * Catch errors reported by us and routines below us, and return NULL 8677 * on an error. 8678 */ 8679 if (setjmp(cstate->top_ctx)) 8680 return (NULL); 8681 8682 /* 8683 * Only some data link types support inbound/outbound qualifiers. 8684 */ 8685 switch (cstate->linktype) { 8686 case DLT_SLIP: 8687 b0 = gen_relation_internal(cstate, BPF_JEQ, 8688 gen_load_internal(cstate, Q_LINK, gen_loadi_internal(cstate, 0), 1), 8689 gen_loadi_internal(cstate, 0), 8690 dir); 8691 break; 8692 8693 case DLT_IPNET: 8694 if (dir) { 8695 /* match outgoing packets */ 8696 b0 = gen_cmp(cstate, OR_LINKHDR, 2, BPF_H, IPNET_OUTBOUND); 8697 } else { 8698 /* match incoming packets */ 8699 b0 = gen_cmp(cstate, OR_LINKHDR, 2, BPF_H, IPNET_INBOUND); 8700 } 8701 break; 8702 8703 case DLT_LINUX_SLL: 8704 /* match outgoing packets */ 8705 b0 = gen_cmp(cstate, OR_LINKHDR, 0, BPF_H, LINUX_SLL_OUTGOING); 8706 if (!dir) { 8707 /* to filter on inbound traffic, invert the match */ 8708 gen_not(b0); 8709 } 8710 break; 8711 8712 case DLT_LINUX_SLL2: 8713 /* match outgoing packets */ 8714 b0 = gen_cmp(cstate, OR_LINKHDR, 10, BPF_B, LINUX_SLL_OUTGOING); 8715 if (!dir) { 8716 /* to filter on inbound traffic, invert the match */ 8717 gen_not(b0); 8718 } 8719 break; 8720 8721 case DLT_PFLOG: 8722 b0 = gen_cmp(cstate, OR_LINKHDR, offsetof(struct pfloghdr, dir), BPF_B, 8723 ((dir == 0) ? PF_IN : PF_OUT)); 8724 break; 8725 8726 case DLT_PPP_PPPD: 8727 if (dir) { 8728 /* match outgoing packets */ 8729 b0 = gen_cmp(cstate, OR_LINKHDR, 0, BPF_B, PPP_PPPD_OUT); 8730 } else { 8731 /* match incoming packets */ 8732 b0 = gen_cmp(cstate, OR_LINKHDR, 0, BPF_B, PPP_PPPD_IN); 8733 } 8734 break; 8735 8736 case DLT_JUNIPER_MFR: 8737 case DLT_JUNIPER_MLFR: 8738 case DLT_JUNIPER_MLPPP: 8739 case DLT_JUNIPER_ATM1: 8740 case DLT_JUNIPER_ATM2: 8741 case DLT_JUNIPER_PPPOE: 8742 case DLT_JUNIPER_PPPOE_ATM: 8743 case DLT_JUNIPER_GGSN: 8744 case DLT_JUNIPER_ES: 8745 case DLT_JUNIPER_MONITOR: 8746 case DLT_JUNIPER_SERVICES: 8747 case DLT_JUNIPER_ETHER: 8748 case DLT_JUNIPER_PPP: 8749 case DLT_JUNIPER_FRELAY: 8750 case DLT_JUNIPER_CHDLC: 8751 case DLT_JUNIPER_VP: 8752 case DLT_JUNIPER_ST: 8753 case DLT_JUNIPER_ISM: 8754 case DLT_JUNIPER_VS: 8755 case DLT_JUNIPER_SRX_E2E: 8756 case DLT_JUNIPER_FIBRECHANNEL: 8757 case DLT_JUNIPER_ATM_CEMIC: 8758 8759 /* juniper flags (including direction) are stored 8760 * the byte after the 3-byte magic number */ 8761 if (dir) { 8762 /* match outgoing packets */ 8763 b0 = gen_mcmp(cstate, OR_LINKHDR, 3, BPF_B, 0, 0x01); 8764 } else { 8765 /* match incoming packets */ 8766 b0 = gen_mcmp(cstate, OR_LINKHDR, 3, BPF_B, 1, 0x01); 8767 } 8768 break; 8769 8770 default: 8771 /* 8772 * If we have packet meta-data indicating a direction, 8773 * and that metadata can be checked by BPF code, check 8774 * it. Otherwise, give up, as this link-layer type has 8775 * nothing in the packet data. 8776 * 8777 * Currently, the only platform where a BPF filter can 8778 * check that metadata is Linux with the in-kernel 8779 * BPF interpreter. If other packet capture mechanisms 8780 * and BPF filters also supported this, it would be 8781 * nice. It would be even better if they made that 8782 * metadata available so that we could provide it 8783 * with newer capture APIs, allowing it to be saved 8784 * in pcapng files. 8785 */ 8786 #if defined(__linux__) 8787 /* 8788 * This is Linux; we require PF_PACKET support. 8789 * If this is a *live* capture, we can look at 8790 * special meta-data in the filter expression; 8791 * if it's a savefile, we can't. 8792 */ 8793 if (cstate->bpf_pcap->rfile != NULL) { 8794 /* We have a FILE *, so this is a savefile */ 8795 bpf_error(cstate, "inbound/outbound not supported on %s when reading savefiles", 8796 pcap_datalink_val_to_description_or_dlt(cstate->linktype)); 8797 /*NOTREACHED*/ 8798 } 8799 /* match outgoing packets */ 8800 b0 = gen_cmp(cstate, OR_LINKHDR, SKF_AD_OFF + SKF_AD_PKTTYPE, BPF_H, 8801 PACKET_OUTGOING); 8802 if (!dir) { 8803 /* to filter on inbound traffic, invert the match */ 8804 gen_not(b0); 8805 } 8806 #else /* defined(__linux__) */ 8807 bpf_error(cstate, "inbound/outbound not supported on %s", 8808 pcap_datalink_val_to_description_or_dlt(cstate->linktype)); 8809 /*NOTREACHED*/ 8810 #endif /* defined(__linux__) */ 8811 } 8812 return (b0); 8813 } 8814 8815 /* PF firewall log matched interface */ 8816 struct block * 8817 gen_pf_ifname(compiler_state_t *cstate, const char *ifname) 8818 { 8819 struct block *b0; 8820 u_int len, off; 8821 8822 /* 8823 * Catch errors reported by us and routines below us, and return NULL 8824 * on an error. 8825 */ 8826 if (setjmp(cstate->top_ctx)) 8827 return (NULL); 8828 8829 if (cstate->linktype != DLT_PFLOG) { 8830 bpf_error(cstate, "ifname supported only on PF linktype"); 8831 /*NOTREACHED*/ 8832 } 8833 len = sizeof(((struct pfloghdr *)0)->ifname); 8834 off = offsetof(struct pfloghdr, ifname); 8835 if (strlen(ifname) >= len) { 8836 bpf_error(cstate, "ifname interface names can only be %d characters", 8837 len-1); 8838 /*NOTREACHED*/ 8839 } 8840 b0 = gen_bcmp(cstate, OR_LINKHDR, off, (u_int)strlen(ifname), 8841 (const u_char *)ifname); 8842 return (b0); 8843 } 8844 8845 /* PF firewall log ruleset name */ 8846 struct block * 8847 gen_pf_ruleset(compiler_state_t *cstate, char *ruleset) 8848 { 8849 struct block *b0; 8850 8851 /* 8852 * Catch errors reported by us and routines below us, and return NULL 8853 * on an error. 8854 */ 8855 if (setjmp(cstate->top_ctx)) 8856 return (NULL); 8857 8858 if (cstate->linktype != DLT_PFLOG) { 8859 bpf_error(cstate, "ruleset supported only on PF linktype"); 8860 /*NOTREACHED*/ 8861 } 8862 8863 if (strlen(ruleset) >= sizeof(((struct pfloghdr *)0)->ruleset)) { 8864 bpf_error(cstate, "ruleset names can only be %ld characters", 8865 (long)(sizeof(((struct pfloghdr *)0)->ruleset) - 1)); 8866 /*NOTREACHED*/ 8867 } 8868 8869 b0 = gen_bcmp(cstate, OR_LINKHDR, offsetof(struct pfloghdr, ruleset), 8870 (u_int)strlen(ruleset), (const u_char *)ruleset); 8871 return (b0); 8872 } 8873 8874 /* PF firewall log rule number */ 8875 struct block * 8876 gen_pf_rnr(compiler_state_t *cstate, int rnr) 8877 { 8878 struct block *b0; 8879 8880 /* 8881 * Catch errors reported by us and routines below us, and return NULL 8882 * on an error. 8883 */ 8884 if (setjmp(cstate->top_ctx)) 8885 return (NULL); 8886 8887 if (cstate->linktype != DLT_PFLOG) { 8888 bpf_error(cstate, "rnr supported only on PF linktype"); 8889 /*NOTREACHED*/ 8890 } 8891 8892 b0 = gen_cmp(cstate, OR_LINKHDR, offsetof(struct pfloghdr, rulenr), BPF_W, 8893 (bpf_u_int32)rnr); 8894 return (b0); 8895 } 8896 8897 /* PF firewall log sub-rule number */ 8898 struct block * 8899 gen_pf_srnr(compiler_state_t *cstate, int srnr) 8900 { 8901 struct block *b0; 8902 8903 /* 8904 * Catch errors reported by us and routines below us, and return NULL 8905 * on an error. 8906 */ 8907 if (setjmp(cstate->top_ctx)) 8908 return (NULL); 8909 8910 if (cstate->linktype != DLT_PFLOG) { 8911 bpf_error(cstate, "srnr supported only on PF linktype"); 8912 /*NOTREACHED*/ 8913 } 8914 8915 b0 = gen_cmp(cstate, OR_LINKHDR, offsetof(struct pfloghdr, subrulenr), BPF_W, 8916 (bpf_u_int32)srnr); 8917 return (b0); 8918 } 8919 8920 /* PF firewall log reason code */ 8921 struct block * 8922 gen_pf_reason(compiler_state_t *cstate, int reason) 8923 { 8924 struct block *b0; 8925 8926 /* 8927 * Catch errors reported by us and routines below us, and return NULL 8928 * on an error. 8929 */ 8930 if (setjmp(cstate->top_ctx)) 8931 return (NULL); 8932 8933 if (cstate->linktype != DLT_PFLOG) { 8934 bpf_error(cstate, "reason supported only on PF linktype"); 8935 /*NOTREACHED*/ 8936 } 8937 8938 b0 = gen_cmp(cstate, OR_LINKHDR, offsetof(struct pfloghdr, reason), BPF_B, 8939 (bpf_u_int32)reason); 8940 return (b0); 8941 } 8942 8943 /* PF firewall log action */ 8944 struct block * 8945 gen_pf_action(compiler_state_t *cstate, int action) 8946 { 8947 struct block *b0; 8948 8949 /* 8950 * Catch errors reported by us and routines below us, and return NULL 8951 * on an error. 8952 */ 8953 if (setjmp(cstate->top_ctx)) 8954 return (NULL); 8955 8956 if (cstate->linktype != DLT_PFLOG) { 8957 bpf_error(cstate, "action supported only on PF linktype"); 8958 /*NOTREACHED*/ 8959 } 8960 8961 b0 = gen_cmp(cstate, OR_LINKHDR, offsetof(struct pfloghdr, action), BPF_B, 8962 (bpf_u_int32)action); 8963 return (b0); 8964 } 8965 8966 /* IEEE 802.11 wireless header */ 8967 struct block * 8968 gen_p80211_type(compiler_state_t *cstate, bpf_u_int32 type, bpf_u_int32 mask) 8969 { 8970 struct block *b0; 8971 8972 /* 8973 * Catch errors reported by us and routines below us, and return NULL 8974 * on an error. 8975 */ 8976 if (setjmp(cstate->top_ctx)) 8977 return (NULL); 8978 8979 switch (cstate->linktype) { 8980 8981 case DLT_IEEE802_11: 8982 case DLT_PRISM_HEADER: 8983 case DLT_IEEE802_11_RADIO_AVS: 8984 case DLT_IEEE802_11_RADIO: 8985 b0 = gen_mcmp(cstate, OR_LINKHDR, 0, BPF_B, type, mask); 8986 break; 8987 8988 default: 8989 bpf_error(cstate, "802.11 link-layer types supported only on 802.11"); 8990 /*NOTREACHED*/ 8991 } 8992 8993 return (b0); 8994 } 8995 8996 struct block * 8997 gen_p80211_fcdir(compiler_state_t *cstate, bpf_u_int32 fcdir) 8998 { 8999 struct block *b0; 9000 9001 /* 9002 * Catch errors reported by us and routines below us, and return NULL 9003 * on an error. 9004 */ 9005 if (setjmp(cstate->top_ctx)) 9006 return (NULL); 9007 9008 switch (cstate->linktype) { 9009 9010 case DLT_IEEE802_11: 9011 case DLT_PRISM_HEADER: 9012 case DLT_IEEE802_11_RADIO_AVS: 9013 case DLT_IEEE802_11_RADIO: 9014 break; 9015 9016 default: 9017 bpf_error(cstate, "frame direction supported only with 802.11 headers"); 9018 /*NOTREACHED*/ 9019 } 9020 9021 b0 = gen_mcmp(cstate, OR_LINKHDR, 1, BPF_B, fcdir, 9022 IEEE80211_FC1_DIR_MASK); 9023 9024 return (b0); 9025 } 9026 9027 // Process an ARCnet host address string. 9028 struct block * 9029 gen_acode(compiler_state_t *cstate, const char *s, struct qual q) 9030 { 9031 /* 9032 * Catch errors reported by us and routines below us, and return NULL 9033 * on an error. 9034 */ 9035 if (setjmp(cstate->top_ctx)) 9036 return (NULL); 9037 9038 switch (cstate->linktype) { 9039 9040 case DLT_ARCNET: 9041 case DLT_ARCNET_LINUX: 9042 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && 9043 q.proto == Q_LINK) { 9044 uint8_t addr; 9045 /* 9046 * The lexer currently defines the address format in a 9047 * way that makes this error condition never true. 9048 * Let's check it anyway in case this part of the lexer 9049 * changes in future. 9050 */ 9051 if (! pcapint_atoan(s, &addr)) 9052 bpf_error(cstate, "invalid ARCnet address '%s'", s); 9053 return gen_ahostop(cstate, addr, (int)q.dir); 9054 } else 9055 bpf_error(cstate, "ARCnet address used in non-arc expression"); 9056 /*NOTREACHED*/ 9057 9058 default: 9059 bpf_error(cstate, "aid supported only on ARCnet"); 9060 /*NOTREACHED*/ 9061 } 9062 } 9063 9064 // Compare an ARCnet host address with the given value. 9065 static struct block * 9066 gen_ahostop(compiler_state_t *cstate, const uint8_t eaddr, int dir) 9067 { 9068 register struct block *b0, *b1; 9069 9070 switch (dir) { 9071 /* 9072 * ARCnet is different from Ethernet: the source address comes before 9073 * the destination address, each is one byte long. This holds for all 9074 * three "buffer formats" in RFC 1201 Section 2.1, see also page 4-10 9075 * in the 1983 edition of the "ARCNET Designer's Handbook" published 9076 * by Datapoint (document number 61610-01). 9077 */ 9078 case Q_SRC: 9079 return gen_cmp(cstate, OR_LINKHDR, 0, BPF_B, eaddr); 9080 9081 case Q_DST: 9082 return gen_cmp(cstate, OR_LINKHDR, 1, BPF_B, eaddr); 9083 9084 case Q_AND: 9085 b0 = gen_ahostop(cstate, eaddr, Q_SRC); 9086 b1 = gen_ahostop(cstate, eaddr, Q_DST); 9087 gen_and(b0, b1); 9088 return b1; 9089 9090 case Q_DEFAULT: 9091 case Q_OR: 9092 b0 = gen_ahostop(cstate, eaddr, Q_SRC); 9093 b1 = gen_ahostop(cstate, eaddr, Q_DST); 9094 gen_or(b0, b1); 9095 return b1; 9096 9097 case Q_ADDR1: 9098 bpf_error(cstate, "'addr1' and 'address1' are only supported on 802.11"); 9099 /*NOTREACHED*/ 9100 9101 case Q_ADDR2: 9102 bpf_error(cstate, "'addr2' and 'address2' are only supported on 802.11"); 9103 /*NOTREACHED*/ 9104 9105 case Q_ADDR3: 9106 bpf_error(cstate, "'addr3' and 'address3' are only supported on 802.11"); 9107 /*NOTREACHED*/ 9108 9109 case Q_ADDR4: 9110 bpf_error(cstate, "'addr4' and 'address4' are only supported on 802.11"); 9111 /*NOTREACHED*/ 9112 9113 case Q_RA: 9114 bpf_error(cstate, "'ra' is only supported on 802.11"); 9115 /*NOTREACHED*/ 9116 9117 case Q_TA: 9118 bpf_error(cstate, "'ta' is only supported on 802.11"); 9119 /*NOTREACHED*/ 9120 } 9121 abort(); 9122 /*NOTREACHED*/ 9123 } 9124 9125 static struct block * 9126 gen_vlan_tpid_test(compiler_state_t *cstate) 9127 { 9128 struct block *b0, *b1; 9129 9130 /* check for VLAN, including 802.1ad and QinQ */ 9131 b0 = gen_linktype(cstate, ETHERTYPE_8021Q); 9132 b1 = gen_linktype(cstate, ETHERTYPE_8021AD); 9133 gen_or(b0,b1); 9134 b0 = b1; 9135 b1 = gen_linktype(cstate, ETHERTYPE_8021QINQ); 9136 gen_or(b0,b1); 9137 9138 return b1; 9139 } 9140 9141 static struct block * 9142 gen_vlan_vid_test(compiler_state_t *cstate, bpf_u_int32 vlan_num) 9143 { 9144 if (vlan_num > 0x0fff) { 9145 bpf_error(cstate, "VLAN tag %u greater than maximum %u", 9146 vlan_num, 0x0fff); 9147 } 9148 return gen_mcmp(cstate, OR_LINKPL, 0, BPF_H, vlan_num, 0x0fff); 9149 } 9150 9151 static struct block * 9152 gen_vlan_no_bpf_extensions(compiler_state_t *cstate, bpf_u_int32 vlan_num, 9153 int has_vlan_tag) 9154 { 9155 struct block *b0, *b1; 9156 9157 b0 = gen_vlan_tpid_test(cstate); 9158 9159 if (has_vlan_tag) { 9160 b1 = gen_vlan_vid_test(cstate, vlan_num); 9161 gen_and(b0, b1); 9162 b0 = b1; 9163 } 9164 9165 /* 9166 * Both payload and link header type follow the VLAN tags so that 9167 * both need to be updated. 9168 */ 9169 cstate->off_linkpl.constant_part += 4; 9170 cstate->off_linktype.constant_part += 4; 9171 9172 return b0; 9173 } 9174 9175 #if defined(SKF_AD_VLAN_TAG_PRESENT) 9176 /* add v to variable part of off */ 9177 static void 9178 gen_vlan_vloffset_add(compiler_state_t *cstate, bpf_abs_offset *off, 9179 bpf_u_int32 v, struct slist *s) 9180 { 9181 struct slist *s2; 9182 9183 if (!off->is_variable) 9184 off->is_variable = 1; 9185 if (off->reg == -1) 9186 off->reg = alloc_reg(cstate); 9187 9188 s2 = new_stmt(cstate, BPF_LD|BPF_MEM); 9189 s2->s.k = off->reg; 9190 sappend(s, s2); 9191 s2 = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_IMM); 9192 s2->s.k = v; 9193 sappend(s, s2); 9194 s2 = new_stmt(cstate, BPF_ST); 9195 s2->s.k = off->reg; 9196 sappend(s, s2); 9197 } 9198 9199 /* 9200 * patch block b_tpid (VLAN TPID test) to update variable parts of link payload 9201 * and link type offsets first 9202 */ 9203 static void 9204 gen_vlan_patch_tpid_test(compiler_state_t *cstate, struct block *b_tpid) 9205 { 9206 struct slist s; 9207 9208 /* offset determined at run time, shift variable part */ 9209 s.next = NULL; 9210 cstate->is_vlan_vloffset = 1; 9211 gen_vlan_vloffset_add(cstate, &cstate->off_linkpl, 4, &s); 9212 gen_vlan_vloffset_add(cstate, &cstate->off_linktype, 4, &s); 9213 9214 /* we get a pointer to a chain of or-ed blocks, patch first of them */ 9215 sappend(s.next, b_tpid->head->stmts); 9216 b_tpid->head->stmts = s.next; 9217 } 9218 9219 /* 9220 * patch block b_vid (VLAN id test) to load VID value either from packet 9221 * metadata (using BPF extensions) if SKF_AD_VLAN_TAG_PRESENT is true 9222 */ 9223 static void 9224 gen_vlan_patch_vid_test(compiler_state_t *cstate, struct block *b_vid) 9225 { 9226 struct slist *s, *s2, *sjeq; 9227 unsigned cnt; 9228 9229 s = new_stmt(cstate, BPF_LD|BPF_B|BPF_ABS); 9230 s->s.k = (bpf_u_int32)(SKF_AD_OFF + SKF_AD_VLAN_TAG_PRESENT); 9231 9232 /* true -> next instructions, false -> beginning of b_vid */ 9233 sjeq = new_stmt(cstate, JMP(BPF_JEQ)); 9234 sjeq->s.k = 1; 9235 sjeq->s.jf = b_vid->stmts; 9236 sappend(s, sjeq); 9237 9238 s2 = new_stmt(cstate, BPF_LD|BPF_H|BPF_ABS); 9239 s2->s.k = (bpf_u_int32)(SKF_AD_OFF + SKF_AD_VLAN_TAG); 9240 sappend(s, s2); 9241 sjeq->s.jt = s2; 9242 9243 /* Jump to the test in b_vid. We need to jump one instruction before 9244 * the end of the b_vid block so that we only skip loading the TCI 9245 * from packet data and not the 'and' instruction extracting VID. 9246 */ 9247 cnt = 0; 9248 for (s2 = b_vid->stmts; s2; s2 = s2->next) 9249 cnt++; 9250 s2 = new_stmt(cstate, JMP(BPF_JA)); 9251 s2->s.k = cnt - 1; 9252 sappend(s, s2); 9253 9254 /* insert our statements at the beginning of b_vid */ 9255 sappend(s, b_vid->stmts); 9256 b_vid->stmts = s; 9257 } 9258 9259 /* 9260 * Generate check for "vlan" or "vlan <id>" on systems with support for BPF 9261 * extensions. Even if kernel supports VLAN BPF extensions, (outermost) VLAN 9262 * tag can be either in metadata or in packet data; therefore if the 9263 * SKF_AD_VLAN_TAG_PRESENT test is negative, we need to check link 9264 * header for VLAN tag. As the decision is done at run time, we need 9265 * update variable part of the offsets 9266 */ 9267 static struct block * 9268 gen_vlan_bpf_extensions(compiler_state_t *cstate, bpf_u_int32 vlan_num, 9269 int has_vlan_tag) 9270 { 9271 struct block *b0, *b_tpid, *b_vid = NULL; 9272 struct slist *s; 9273 9274 /* generate new filter code based on extracting packet 9275 * metadata */ 9276 s = new_stmt(cstate, BPF_LD|BPF_B|BPF_ABS); 9277 s->s.k = (bpf_u_int32)(SKF_AD_OFF + SKF_AD_VLAN_TAG_PRESENT); 9278 9279 b0 = new_block(cstate, JMP(BPF_JEQ)); 9280 b0->stmts = s; 9281 b0->s.k = 1; 9282 9283 /* 9284 * This is tricky. We need to insert the statements updating variable 9285 * parts of offsets before the traditional TPID and VID tests so 9286 * that they are called whenever SKF_AD_VLAN_TAG_PRESENT fails but 9287 * we do not want this update to affect those checks. That's why we 9288 * generate both test blocks first and insert the statements updating 9289 * variable parts of both offsets after that. This wouldn't work if 9290 * there already were variable length link header when entering this 9291 * function but gen_vlan_bpf_extensions() isn't called in that case. 9292 */ 9293 b_tpid = gen_vlan_tpid_test(cstate); 9294 if (has_vlan_tag) 9295 b_vid = gen_vlan_vid_test(cstate, vlan_num); 9296 9297 gen_vlan_patch_tpid_test(cstate, b_tpid); 9298 gen_or(b0, b_tpid); 9299 b0 = b_tpid; 9300 9301 if (has_vlan_tag) { 9302 gen_vlan_patch_vid_test(cstate, b_vid); 9303 gen_and(b0, b_vid); 9304 b0 = b_vid; 9305 } 9306 9307 return b0; 9308 } 9309 #endif 9310 9311 /* 9312 * support IEEE 802.1Q VLAN trunk over ethernet 9313 */ 9314 struct block * 9315 gen_vlan(compiler_state_t *cstate, bpf_u_int32 vlan_num, int has_vlan_tag) 9316 { 9317 struct block *b0; 9318 9319 /* 9320 * Catch errors reported by us and routines below us, and return NULL 9321 * on an error. 9322 */ 9323 if (setjmp(cstate->top_ctx)) 9324 return (NULL); 9325 9326 /* can't check for VLAN-encapsulated packets inside MPLS */ 9327 if (cstate->label_stack_depth > 0) 9328 bpf_error(cstate, "no VLAN match after MPLS"); 9329 9330 /* 9331 * Check for a VLAN packet, and then change the offsets to point 9332 * to the type and data fields within the VLAN packet. Just 9333 * increment the offsets, so that we can support a hierarchy, e.g. 9334 * "vlan 300 && vlan 200" to capture VLAN 200 encapsulated within 9335 * VLAN 100. 9336 * 9337 * XXX - this is a bit of a kludge. If we were to split the 9338 * compiler into a parser that parses an expression and 9339 * generates an expression tree, and a code generator that 9340 * takes an expression tree (which could come from our 9341 * parser or from some other parser) and generates BPF code, 9342 * we could perhaps make the offsets parameters of routines 9343 * and, in the handler for an "AND" node, pass to subnodes 9344 * other than the VLAN node the adjusted offsets. 9345 * 9346 * This would mean that "vlan" would, instead of changing the 9347 * behavior of *all* tests after it, change only the behavior 9348 * of tests ANDed with it. That would change the documented 9349 * semantics of "vlan", which might break some expressions. 9350 * However, it would mean that "(vlan and ip) or ip" would check 9351 * both for VLAN-encapsulated IP and IP-over-Ethernet, rather than 9352 * checking only for VLAN-encapsulated IP, so that could still 9353 * be considered worth doing; it wouldn't break expressions 9354 * that are of the form "vlan and ..." or "vlan N and ...", 9355 * which I suspect are the most common expressions involving 9356 * "vlan". "vlan or ..." doesn't necessarily do what the user 9357 * would really want, now, as all the "or ..." tests would 9358 * be done assuming a VLAN, even though the "or" could be viewed 9359 * as meaning "or, if this isn't a VLAN packet...". 9360 */ 9361 switch (cstate->linktype) { 9362 9363 case DLT_EN10MB: 9364 case DLT_NETANALYZER: 9365 case DLT_NETANALYZER_TRANSPARENT: 9366 #if defined(SKF_AD_VLAN_TAG_PRESENT) 9367 /* Verify that this is the outer part of the packet and 9368 * not encapsulated somehow. */ 9369 if (cstate->vlan_stack_depth == 0 && !cstate->off_linkhdr.is_variable && 9370 cstate->off_linkhdr.constant_part == 9371 cstate->off_outermostlinkhdr.constant_part) { 9372 /* 9373 * Do we need special VLAN handling? 9374 */ 9375 if (cstate->bpf_pcap->bpf_codegen_flags & BPF_SPECIAL_VLAN_HANDLING) 9376 b0 = gen_vlan_bpf_extensions(cstate, vlan_num, 9377 has_vlan_tag); 9378 else 9379 b0 = gen_vlan_no_bpf_extensions(cstate, 9380 vlan_num, has_vlan_tag); 9381 } else 9382 #endif 9383 b0 = gen_vlan_no_bpf_extensions(cstate, vlan_num, 9384 has_vlan_tag); 9385 break; 9386 9387 case DLT_IEEE802_11: 9388 case DLT_PRISM_HEADER: 9389 case DLT_IEEE802_11_RADIO_AVS: 9390 case DLT_IEEE802_11_RADIO: 9391 b0 = gen_vlan_no_bpf_extensions(cstate, vlan_num, has_vlan_tag); 9392 break; 9393 9394 default: 9395 bpf_error(cstate, "no VLAN support for %s", 9396 pcap_datalink_val_to_description_or_dlt(cstate->linktype)); 9397 /*NOTREACHED*/ 9398 } 9399 9400 cstate->vlan_stack_depth++; 9401 9402 return (b0); 9403 } 9404 9405 /* 9406 * support for MPLS 9407 * 9408 * The label_num_arg dance is to avoid annoying whining by compilers that 9409 * label_num might be clobbered by longjmp - yeah, it might, but *WHO CARES*? 9410 * It's not *used* after setjmp returns. 9411 */ 9412 static struct block * 9413 gen_mpls_internal(compiler_state_t *cstate, bpf_u_int32 label_num, 9414 int has_label_num) 9415 { 9416 struct block *b0, *b1; 9417 9418 if (cstate->label_stack_depth > 0) { 9419 /* just match the bottom-of-stack bit clear */ 9420 b0 = gen_mcmp(cstate, OR_PREVMPLSHDR, 2, BPF_B, 0, 0x01); 9421 } else { 9422 /* 9423 * We're not in an MPLS stack yet, so check the link-layer 9424 * type against MPLS. 9425 */ 9426 switch (cstate->linktype) { 9427 9428 case DLT_C_HDLC: /* fall through */ 9429 case DLT_HDLC: 9430 case DLT_EN10MB: 9431 case DLT_NETANALYZER: 9432 case DLT_NETANALYZER_TRANSPARENT: 9433 b0 = gen_linktype(cstate, ETHERTYPE_MPLS); 9434 break; 9435 9436 case DLT_PPP: 9437 b0 = gen_linktype(cstate, PPP_MPLS_UCAST); 9438 break; 9439 9440 /* FIXME add other DLT_s ... 9441 * for Frame-Relay/and ATM this may get messy due to SNAP headers 9442 * leave it for now */ 9443 9444 default: 9445 bpf_error(cstate, "no MPLS support for %s", 9446 pcap_datalink_val_to_description_or_dlt(cstate->linktype)); 9447 /*NOTREACHED*/ 9448 } 9449 } 9450 9451 /* If a specific MPLS label is requested, check it */ 9452 if (has_label_num) { 9453 if (label_num > 0xFFFFF) { 9454 bpf_error(cstate, "MPLS label %u greater than maximum %u", 9455 label_num, 0xFFFFF); 9456 } 9457 label_num = label_num << 12; /* label is shifted 12 bits on the wire */ 9458 b1 = gen_mcmp(cstate, OR_LINKPL, 0, BPF_W, label_num, 9459 0xfffff000); /* only compare the first 20 bits */ 9460 gen_and(b0, b1); 9461 b0 = b1; 9462 } 9463 9464 /* 9465 * Change the offsets to point to the type and data fields within 9466 * the MPLS packet. Just increment the offsets, so that we 9467 * can support a hierarchy, e.g. "mpls 100000 && mpls 1024" to 9468 * capture packets with an outer label of 100000 and an inner 9469 * label of 1024. 9470 * 9471 * Increment the MPLS stack depth as well; this indicates that 9472 * we're checking MPLS-encapsulated headers, to make sure higher 9473 * level code generators don't try to match against IP-related 9474 * protocols such as Q_ARP, Q_RARP etc. 9475 * 9476 * XXX - this is a bit of a kludge. See comments in gen_vlan(). 9477 */ 9478 cstate->off_nl_nosnap += 4; 9479 cstate->off_nl += 4; 9480 cstate->label_stack_depth++; 9481 return (b0); 9482 } 9483 9484 struct block * 9485 gen_mpls(compiler_state_t *cstate, bpf_u_int32 label_num, int has_label_num) 9486 { 9487 /* 9488 * Catch errors reported by us and routines below us, and return NULL 9489 * on an error. 9490 */ 9491 if (setjmp(cstate->top_ctx)) 9492 return (NULL); 9493 9494 return gen_mpls_internal(cstate, label_num, has_label_num); 9495 } 9496 9497 /* 9498 * Support PPPOE discovery and session. 9499 */ 9500 struct block * 9501 gen_pppoed(compiler_state_t *cstate) 9502 { 9503 /* 9504 * Catch errors reported by us and routines below us, and return NULL 9505 * on an error. 9506 */ 9507 if (setjmp(cstate->top_ctx)) 9508 return (NULL); 9509 9510 /* check for PPPoE discovery */ 9511 return gen_linktype(cstate, ETHERTYPE_PPPOED); 9512 } 9513 9514 struct block * 9515 gen_pppoes(compiler_state_t *cstate, bpf_u_int32 sess_num, int has_sess_num) 9516 { 9517 struct block *b0, *b1; 9518 9519 /* 9520 * Catch errors reported by us and routines below us, and return NULL 9521 * on an error. 9522 */ 9523 if (setjmp(cstate->top_ctx)) 9524 return (NULL); 9525 9526 /* 9527 * Test against the PPPoE session link-layer type. 9528 */ 9529 b0 = gen_linktype(cstate, ETHERTYPE_PPPOES); 9530 9531 /* If a specific session is requested, check PPPoE session id */ 9532 if (has_sess_num) { 9533 if (sess_num > 0x0000ffff) { 9534 bpf_error(cstate, "PPPoE session number %u greater than maximum %u", 9535 sess_num, 0x0000ffff); 9536 } 9537 b1 = gen_mcmp(cstate, OR_LINKPL, 0, BPF_W, sess_num, 0x0000ffff); 9538 gen_and(b0, b1); 9539 b0 = b1; 9540 } 9541 9542 /* 9543 * Change the offsets to point to the type and data fields within 9544 * the PPP packet, and note that this is PPPoE rather than 9545 * raw PPP. 9546 * 9547 * XXX - this is a bit of a kludge. See the comments in 9548 * gen_vlan(). 9549 * 9550 * The "network-layer" protocol is PPPoE, which has a 6-byte 9551 * PPPoE header, followed by a PPP packet. 9552 * 9553 * There is no HDLC encapsulation for the PPP packet (it's 9554 * encapsulated in PPPoES instead), so the link-layer type 9555 * starts at the first byte of the PPP packet. For PPPoE, 9556 * that offset is relative to the beginning of the total 9557 * link-layer payload, including any 802.2 LLC header, so 9558 * it's 6 bytes past cstate->off_nl. 9559 */ 9560 PUSH_LINKHDR(cstate, DLT_PPP, cstate->off_linkpl.is_variable, 9561 cstate->off_linkpl.constant_part + cstate->off_nl + 6, /* 6 bytes past the PPPoE header */ 9562 cstate->off_linkpl.reg); 9563 9564 cstate->off_linktype = cstate->off_linkhdr; 9565 cstate->off_linkpl.constant_part = cstate->off_linkhdr.constant_part + 2; 9566 9567 cstate->off_nl = 0; 9568 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */ 9569 9570 return b0; 9571 } 9572 9573 /* Check that this is Geneve and the VNI is correct if 9574 * specified. Parameterized to handle both IPv4 and IPv6. */ 9575 static struct block * 9576 gen_geneve_check(compiler_state_t *cstate, 9577 struct block *(*gen_portfn)(compiler_state_t *, u_int, int, int), 9578 enum e_offrel offrel, bpf_u_int32 vni, int has_vni) 9579 { 9580 struct block *b0, *b1; 9581 9582 b0 = gen_portfn(cstate, GENEVE_PORT, IPPROTO_UDP, Q_DST); 9583 9584 /* Check that we are operating on version 0. Otherwise, we 9585 * can't decode the rest of the fields. The version is 2 bits 9586 * in the first byte of the Geneve header. */ 9587 b1 = gen_mcmp(cstate, offrel, 8, BPF_B, 0, 0xc0); 9588 gen_and(b0, b1); 9589 b0 = b1; 9590 9591 if (has_vni) { 9592 if (vni > 0xffffff) { 9593 bpf_error(cstate, "Geneve VNI %u greater than maximum %u", 9594 vni, 0xffffff); 9595 } 9596 vni <<= 8; /* VNI is in the upper 3 bytes */ 9597 b1 = gen_mcmp(cstate, offrel, 12, BPF_W, vni, 0xffffff00); 9598 gen_and(b0, b1); 9599 b0 = b1; 9600 } 9601 9602 return b0; 9603 } 9604 9605 /* The IPv4 and IPv6 Geneve checks need to do two things: 9606 * - Verify that this actually is Geneve with the right VNI. 9607 * - Place the IP header length (plus variable link prefix if 9608 * needed) into register A to be used later to compute 9609 * the inner packet offsets. */ 9610 static struct block * 9611 gen_geneve4(compiler_state_t *cstate, bpf_u_int32 vni, int has_vni) 9612 { 9613 struct block *b0, *b1; 9614 struct slist *s, *s1; 9615 9616 b0 = gen_geneve_check(cstate, gen_port, OR_TRAN_IPV4, vni, has_vni); 9617 9618 /* Load the IP header length into A. */ 9619 s = gen_loadx_iphdrlen(cstate); 9620 9621 s1 = new_stmt(cstate, BPF_MISC|BPF_TXA); 9622 sappend(s, s1); 9623 9624 /* Forcibly append these statements to the true condition 9625 * of the protocol check by creating a new block that is 9626 * always true and ANDing them. */ 9627 b1 = new_block(cstate, BPF_JMP|BPF_JEQ|BPF_X); 9628 b1->stmts = s; 9629 b1->s.k = 0; 9630 9631 gen_and(b0, b1); 9632 9633 return b1; 9634 } 9635 9636 static struct block * 9637 gen_geneve6(compiler_state_t *cstate, bpf_u_int32 vni, int has_vni) 9638 { 9639 struct block *b0, *b1; 9640 struct slist *s, *s1; 9641 9642 b0 = gen_geneve_check(cstate, gen_port6, OR_TRAN_IPV6, vni, has_vni); 9643 9644 /* Load the IP header length. We need to account for a 9645 * variable length link prefix if there is one. */ 9646 s = gen_abs_offset_varpart(cstate, &cstate->off_linkpl); 9647 if (s) { 9648 s1 = new_stmt(cstate, BPF_LD|BPF_IMM); 9649 s1->s.k = 40; 9650 sappend(s, s1); 9651 9652 s1 = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_X); 9653 s1->s.k = 0; 9654 sappend(s, s1); 9655 } else { 9656 s = new_stmt(cstate, BPF_LD|BPF_IMM); 9657 s->s.k = 40; 9658 } 9659 9660 /* Forcibly append these statements to the true condition 9661 * of the protocol check by creating a new block that is 9662 * always true and ANDing them. */ 9663 s1 = new_stmt(cstate, BPF_MISC|BPF_TAX); 9664 sappend(s, s1); 9665 9666 b1 = new_block(cstate, BPF_JMP|BPF_JEQ|BPF_X); 9667 b1->stmts = s; 9668 b1->s.k = 0; 9669 9670 gen_and(b0, b1); 9671 9672 return b1; 9673 } 9674 9675 /* We need to store three values based on the Geneve header:: 9676 * - The offset of the linktype. 9677 * - The offset of the end of the Geneve header. 9678 * - The offset of the end of the encapsulated MAC header. */ 9679 static struct slist * 9680 gen_geneve_offsets(compiler_state_t *cstate) 9681 { 9682 struct slist *s, *s1, *s_proto; 9683 9684 /* First we need to calculate the offset of the Geneve header 9685 * itself. This is composed of the IP header previously calculated 9686 * (include any variable link prefix) and stored in A plus the 9687 * fixed sized headers (fixed link prefix, MAC length, and UDP 9688 * header). */ 9689 s = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_K); 9690 s->s.k = cstate->off_linkpl.constant_part + cstate->off_nl + 8; 9691 9692 /* Stash this in X since we'll need it later. */ 9693 s1 = new_stmt(cstate, BPF_MISC|BPF_TAX); 9694 sappend(s, s1); 9695 9696 /* The EtherType in Geneve is 2 bytes in. Calculate this and 9697 * store it. */ 9698 s1 = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_K); 9699 s1->s.k = 2; 9700 sappend(s, s1); 9701 9702 cstate->off_linktype.reg = alloc_reg(cstate); 9703 cstate->off_linktype.is_variable = 1; 9704 cstate->off_linktype.constant_part = 0; 9705 9706 s1 = new_stmt(cstate, BPF_ST); 9707 s1->s.k = cstate->off_linktype.reg; 9708 sappend(s, s1); 9709 9710 /* Load the Geneve option length and mask and shift to get the 9711 * number of bytes. It is stored in the first byte of the Geneve 9712 * header. */ 9713 s1 = new_stmt(cstate, BPF_LD|BPF_IND|BPF_B); 9714 s1->s.k = 0; 9715 sappend(s, s1); 9716 9717 s1 = new_stmt(cstate, BPF_ALU|BPF_AND|BPF_K); 9718 s1->s.k = 0x3f; 9719 sappend(s, s1); 9720 9721 s1 = new_stmt(cstate, BPF_ALU|BPF_MUL|BPF_K); 9722 s1->s.k = 4; 9723 sappend(s, s1); 9724 9725 /* Add in the rest of the Geneve base header. */ 9726 s1 = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_K); 9727 s1->s.k = 8; 9728 sappend(s, s1); 9729 9730 /* Add the Geneve header length to its offset and store. */ 9731 s1 = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_X); 9732 s1->s.k = 0; 9733 sappend(s, s1); 9734 9735 /* Set the encapsulated type as Ethernet. Even though we may 9736 * not actually have Ethernet inside there are two reasons this 9737 * is useful: 9738 * - The linktype field is always in EtherType format regardless 9739 * of whether it is in Geneve or an inner Ethernet frame. 9740 * - The only link layer that we have specific support for is 9741 * Ethernet. We will confirm that the packet actually is 9742 * Ethernet at runtime before executing these checks. */ 9743 PUSH_LINKHDR(cstate, DLT_EN10MB, 1, 0, alloc_reg(cstate)); 9744 9745 s1 = new_stmt(cstate, BPF_ST); 9746 s1->s.k = cstate->off_linkhdr.reg; 9747 sappend(s, s1); 9748 9749 /* Calculate whether we have an Ethernet header or just raw IP/ 9750 * MPLS/etc. If we have Ethernet, advance the end of the MAC offset 9751 * and linktype by 14 bytes so that the network header can be found 9752 * seamlessly. Otherwise, keep what we've calculated already. */ 9753 9754 /* We have a bare jmp so we can't use the optimizer. */ 9755 cstate->no_optimize = 1; 9756 9757 /* Load the EtherType in the Geneve header, 2 bytes in. */ 9758 s1 = new_stmt(cstate, BPF_LD|BPF_IND|BPF_H); 9759 s1->s.k = 2; 9760 sappend(s, s1); 9761 9762 /* Load X with the end of the Geneve header. */ 9763 s1 = new_stmt(cstate, BPF_LDX|BPF_MEM); 9764 s1->s.k = cstate->off_linkhdr.reg; 9765 sappend(s, s1); 9766 9767 /* Check if the EtherType is Transparent Ethernet Bridging. At the 9768 * end of this check, we should have the total length in X. In 9769 * the non-Ethernet case, it's already there. */ 9770 s_proto = new_stmt(cstate, JMP(BPF_JEQ)); 9771 s_proto->s.k = ETHERTYPE_TEB; 9772 sappend(s, s_proto); 9773 9774 s1 = new_stmt(cstate, BPF_MISC|BPF_TXA); 9775 sappend(s, s1); 9776 s_proto->s.jt = s1; 9777 9778 /* Since this is Ethernet, use the EtherType of the payload 9779 * directly as the linktype. Overwrite what we already have. */ 9780 s1 = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_K); 9781 s1->s.k = 12; 9782 sappend(s, s1); 9783 9784 s1 = new_stmt(cstate, BPF_ST); 9785 s1->s.k = cstate->off_linktype.reg; 9786 sappend(s, s1); 9787 9788 /* Advance two bytes further to get the end of the Ethernet 9789 * header. */ 9790 s1 = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_K); 9791 s1->s.k = 2; 9792 sappend(s, s1); 9793 9794 /* Move the result to X. */ 9795 s1 = new_stmt(cstate, BPF_MISC|BPF_TAX); 9796 sappend(s, s1); 9797 9798 /* Store the final result of our linkpl calculation. */ 9799 cstate->off_linkpl.reg = alloc_reg(cstate); 9800 cstate->off_linkpl.is_variable = 1; 9801 cstate->off_linkpl.constant_part = 0; 9802 9803 s1 = new_stmt(cstate, BPF_STX); 9804 s1->s.k = cstate->off_linkpl.reg; 9805 sappend(s, s1); 9806 s_proto->s.jf = s1; 9807 9808 cstate->off_nl = 0; 9809 9810 return s; 9811 } 9812 9813 /* Check to see if this is a Geneve packet. */ 9814 struct block * 9815 gen_geneve(compiler_state_t *cstate, bpf_u_int32 vni, int has_vni) 9816 { 9817 struct block *b0, *b1; 9818 struct slist *s; 9819 9820 /* 9821 * Catch errors reported by us and routines below us, and return NULL 9822 * on an error. 9823 */ 9824 if (setjmp(cstate->top_ctx)) 9825 return (NULL); 9826 9827 b0 = gen_geneve4(cstate, vni, has_vni); 9828 b1 = gen_geneve6(cstate, vni, has_vni); 9829 9830 gen_or(b0, b1); 9831 b0 = b1; 9832 9833 /* Later filters should act on the payload of the Geneve frame, 9834 * update all of the header pointers. Attach this code so that 9835 * it gets executed in the event that the Geneve filter matches. */ 9836 s = gen_geneve_offsets(cstate); 9837 9838 b1 = gen_true(cstate); 9839 sappend(s, b1->stmts); 9840 b1->stmts = s; 9841 9842 gen_and(b0, b1); 9843 9844 cstate->is_geneve = 1; 9845 9846 return b1; 9847 } 9848 9849 /* Check that the encapsulated frame has a link layer header 9850 * for Ethernet filters. */ 9851 static struct block * 9852 gen_geneve_ll_check(compiler_state_t *cstate) 9853 { 9854 struct block *b0; 9855 struct slist *s, *s1; 9856 9857 /* The easiest way to see if there is a link layer present 9858 * is to check if the link layer header and payload are not 9859 * the same. */ 9860 9861 /* Geneve always generates pure variable offsets so we can 9862 * compare only the registers. */ 9863 s = new_stmt(cstate, BPF_LD|BPF_MEM); 9864 s->s.k = cstate->off_linkhdr.reg; 9865 9866 s1 = new_stmt(cstate, BPF_LDX|BPF_MEM); 9867 s1->s.k = cstate->off_linkpl.reg; 9868 sappend(s, s1); 9869 9870 b0 = new_block(cstate, BPF_JMP|BPF_JEQ|BPF_X); 9871 b0->stmts = s; 9872 b0->s.k = 0; 9873 gen_not(b0); 9874 9875 return b0; 9876 } 9877 9878 static struct block * 9879 gen_atmfield_code_internal(compiler_state_t *cstate, int atmfield, 9880 bpf_u_int32 jvalue, int jtype, int reverse) 9881 { 9882 struct block *b0; 9883 9884 switch (atmfield) { 9885 9886 case A_VPI: 9887 if (!cstate->is_atm) 9888 bpf_error(cstate, "'vpi' supported only on raw ATM"); 9889 if (cstate->off_vpi == OFFSET_NOT_SET) 9890 abort(); 9891 b0 = gen_ncmp(cstate, OR_LINKHDR, cstate->off_vpi, BPF_B, 9892 0xffffffffU, jtype, reverse, jvalue); 9893 break; 9894 9895 case A_VCI: 9896 if (!cstate->is_atm) 9897 bpf_error(cstate, "'vci' supported only on raw ATM"); 9898 if (cstate->off_vci == OFFSET_NOT_SET) 9899 abort(); 9900 b0 = gen_ncmp(cstate, OR_LINKHDR, cstate->off_vci, BPF_H, 9901 0xffffffffU, jtype, reverse, jvalue); 9902 break; 9903 9904 case A_PROTOTYPE: 9905 if (cstate->off_proto == OFFSET_NOT_SET) 9906 abort(); /* XXX - this isn't on FreeBSD */ 9907 b0 = gen_ncmp(cstate, OR_LINKHDR, cstate->off_proto, BPF_B, 9908 0x0fU, jtype, reverse, jvalue); 9909 break; 9910 9911 case A_MSGTYPE: 9912 if (cstate->off_payload == OFFSET_NOT_SET) 9913 abort(); 9914 b0 = gen_ncmp(cstate, OR_LINKHDR, cstate->off_payload + MSG_TYPE_POS, BPF_B, 9915 0xffffffffU, jtype, reverse, jvalue); 9916 break; 9917 9918 case A_CALLREFTYPE: 9919 if (!cstate->is_atm) 9920 bpf_error(cstate, "'callref' supported only on raw ATM"); 9921 if (cstate->off_proto == OFFSET_NOT_SET) 9922 abort(); 9923 b0 = gen_ncmp(cstate, OR_LINKHDR, cstate->off_proto, BPF_B, 9924 0xffffffffU, jtype, reverse, jvalue); 9925 break; 9926 9927 default: 9928 abort(); 9929 } 9930 return b0; 9931 } 9932 9933 static struct block * 9934 gen_atmtype_metac(compiler_state_t *cstate) 9935 { 9936 struct block *b0, *b1; 9937 9938 b0 = gen_atmfield_code_internal(cstate, A_VPI, 0, BPF_JEQ, 0); 9939 b1 = gen_atmfield_code_internal(cstate, A_VCI, 1, BPF_JEQ, 0); 9940 gen_and(b0, b1); 9941 return b1; 9942 } 9943 9944 static struct block * 9945 gen_atmtype_sc(compiler_state_t *cstate) 9946 { 9947 struct block *b0, *b1; 9948 9949 b0 = gen_atmfield_code_internal(cstate, A_VPI, 0, BPF_JEQ, 0); 9950 b1 = gen_atmfield_code_internal(cstate, A_VCI, 5, BPF_JEQ, 0); 9951 gen_and(b0, b1); 9952 return b1; 9953 } 9954 9955 static struct block * 9956 gen_atmtype_llc(compiler_state_t *cstate) 9957 { 9958 struct block *b0; 9959 9960 b0 = gen_atmfield_code_internal(cstate, A_PROTOTYPE, PT_LLC, BPF_JEQ, 0); 9961 cstate->linktype = cstate->prevlinktype; 9962 return b0; 9963 } 9964 9965 struct block * 9966 gen_atmfield_code(compiler_state_t *cstate, int atmfield, 9967 bpf_u_int32 jvalue, int jtype, int reverse) 9968 { 9969 /* 9970 * Catch errors reported by us and routines below us, and return NULL 9971 * on an error. 9972 */ 9973 if (setjmp(cstate->top_ctx)) 9974 return (NULL); 9975 9976 return gen_atmfield_code_internal(cstate, atmfield, jvalue, jtype, 9977 reverse); 9978 } 9979 9980 struct block * 9981 gen_atmtype_abbrev(compiler_state_t *cstate, int type) 9982 { 9983 struct block *b0, *b1; 9984 9985 /* 9986 * Catch errors reported by us and routines below us, and return NULL 9987 * on an error. 9988 */ 9989 if (setjmp(cstate->top_ctx)) 9990 return (NULL); 9991 9992 switch (type) { 9993 9994 case A_METAC: 9995 /* Get all packets in Meta signalling Circuit */ 9996 if (!cstate->is_atm) 9997 bpf_error(cstate, "'metac' supported only on raw ATM"); 9998 b1 = gen_atmtype_metac(cstate); 9999 break; 10000 10001 case A_BCC: 10002 /* Get all packets in Broadcast Circuit*/ 10003 if (!cstate->is_atm) 10004 bpf_error(cstate, "'bcc' supported only on raw ATM"); 10005 b0 = gen_atmfield_code_internal(cstate, A_VPI, 0, BPF_JEQ, 0); 10006 b1 = gen_atmfield_code_internal(cstate, A_VCI, 2, BPF_JEQ, 0); 10007 gen_and(b0, b1); 10008 break; 10009 10010 case A_OAMF4SC: 10011 /* Get all cells in Segment OAM F4 circuit*/ 10012 if (!cstate->is_atm) 10013 bpf_error(cstate, "'oam4sc' supported only on raw ATM"); 10014 b0 = gen_atmfield_code_internal(cstate, A_VPI, 0, BPF_JEQ, 0); 10015 b1 = gen_atmfield_code_internal(cstate, A_VCI, 3, BPF_JEQ, 0); 10016 gen_and(b0, b1); 10017 break; 10018 10019 case A_OAMF4EC: 10020 /* Get all cells in End-to-End OAM F4 Circuit*/ 10021 if (!cstate->is_atm) 10022 bpf_error(cstate, "'oam4ec' supported only on raw ATM"); 10023 b0 = gen_atmfield_code_internal(cstate, A_VPI, 0, BPF_JEQ, 0); 10024 b1 = gen_atmfield_code_internal(cstate, A_VCI, 4, BPF_JEQ, 0); 10025 gen_and(b0, b1); 10026 break; 10027 10028 case A_SC: 10029 /* Get all packets in connection Signalling Circuit */ 10030 if (!cstate->is_atm) 10031 bpf_error(cstate, "'sc' supported only on raw ATM"); 10032 b1 = gen_atmtype_sc(cstate); 10033 break; 10034 10035 case A_ILMIC: 10036 /* Get all packets in ILMI Circuit */ 10037 if (!cstate->is_atm) 10038 bpf_error(cstate, "'ilmic' supported only on raw ATM"); 10039 b0 = gen_atmfield_code_internal(cstate, A_VPI, 0, BPF_JEQ, 0); 10040 b1 = gen_atmfield_code_internal(cstate, A_VCI, 16, BPF_JEQ, 0); 10041 gen_and(b0, b1); 10042 break; 10043 10044 case A_LANE: 10045 /* Get all LANE packets */ 10046 if (!cstate->is_atm) 10047 bpf_error(cstate, "'lane' supported only on raw ATM"); 10048 b1 = gen_atmfield_code_internal(cstate, A_PROTOTYPE, PT_LANE, BPF_JEQ, 0); 10049 10050 /* 10051 * Arrange that all subsequent tests assume LANE 10052 * rather than LLC-encapsulated packets, and set 10053 * the offsets appropriately for LANE-encapsulated 10054 * Ethernet. 10055 * 10056 * We assume LANE means Ethernet, not Token Ring. 10057 */ 10058 PUSH_LINKHDR(cstate, DLT_EN10MB, 0, 10059 cstate->off_payload + 2, /* Ethernet header */ 10060 -1); 10061 cstate->off_linktype.constant_part = cstate->off_linkhdr.constant_part + 12; 10062 cstate->off_linkpl.constant_part = cstate->off_linkhdr.constant_part + 14; /* Ethernet */ 10063 cstate->off_nl = 0; /* Ethernet II */ 10064 cstate->off_nl_nosnap = 3; /* 802.3+802.2 */ 10065 break; 10066 10067 case A_LLC: 10068 /* Get all LLC-encapsulated packets */ 10069 if (!cstate->is_atm) 10070 bpf_error(cstate, "'llc' supported only on raw ATM"); 10071 b1 = gen_atmtype_llc(cstate); 10072 break; 10073 10074 default: 10075 abort(); 10076 } 10077 return b1; 10078 } 10079 10080 /* 10081 * Filtering for MTP2 messages based on li value 10082 * FISU, length is null 10083 * LSSU, length is 1 or 2 10084 * MSU, length is 3 or more 10085 * For MTP2_HSL, sequences are on 2 bytes, and length on 9 bits 10086 */ 10087 struct block * 10088 gen_mtp2type_abbrev(compiler_state_t *cstate, int type) 10089 { 10090 struct block *b0, *b1; 10091 10092 /* 10093 * Catch errors reported by us and routines below us, and return NULL 10094 * on an error. 10095 */ 10096 if (setjmp(cstate->top_ctx)) 10097 return (NULL); 10098 10099 switch (type) { 10100 10101 case M_FISU: 10102 if ( (cstate->linktype != DLT_MTP2) && 10103 (cstate->linktype != DLT_ERF) && 10104 (cstate->linktype != DLT_MTP2_WITH_PHDR) ) 10105 bpf_error(cstate, "'fisu' supported only on MTP2"); 10106 /* gen_ncmp(cstate, offrel, offset, size, mask, jtype, reverse, value) */ 10107 b0 = gen_ncmp(cstate, OR_PACKET, cstate->off_li, BPF_B, 10108 0x3fU, BPF_JEQ, 0, 0U); 10109 break; 10110 10111 case M_LSSU: 10112 if ( (cstate->linktype != DLT_MTP2) && 10113 (cstate->linktype != DLT_ERF) && 10114 (cstate->linktype != DLT_MTP2_WITH_PHDR) ) 10115 bpf_error(cstate, "'lssu' supported only on MTP2"); 10116 b0 = gen_ncmp(cstate, OR_PACKET, cstate->off_li, BPF_B, 10117 0x3fU, BPF_JGT, 1, 2U); 10118 b1 = gen_ncmp(cstate, OR_PACKET, cstate->off_li, BPF_B, 10119 0x3fU, BPF_JGT, 0, 0U); 10120 gen_and(b1, b0); 10121 break; 10122 10123 case M_MSU: 10124 if ( (cstate->linktype != DLT_MTP2) && 10125 (cstate->linktype != DLT_ERF) && 10126 (cstate->linktype != DLT_MTP2_WITH_PHDR) ) 10127 bpf_error(cstate, "'msu' supported only on MTP2"); 10128 b0 = gen_ncmp(cstate, OR_PACKET, cstate->off_li, BPF_B, 10129 0x3fU, BPF_JGT, 0, 2U); 10130 break; 10131 10132 case MH_FISU: 10133 if ( (cstate->linktype != DLT_MTP2) && 10134 (cstate->linktype != DLT_ERF) && 10135 (cstate->linktype != DLT_MTP2_WITH_PHDR) ) 10136 bpf_error(cstate, "'hfisu' supported only on MTP2_HSL"); 10137 /* gen_ncmp(cstate, offrel, offset, size, mask, jtype, reverse, value) */ 10138 b0 = gen_ncmp(cstate, OR_PACKET, cstate->off_li_hsl, BPF_H, 10139 0xff80U, BPF_JEQ, 0, 0U); 10140 break; 10141 10142 case MH_LSSU: 10143 if ( (cstate->linktype != DLT_MTP2) && 10144 (cstate->linktype != DLT_ERF) && 10145 (cstate->linktype != DLT_MTP2_WITH_PHDR) ) 10146 bpf_error(cstate, "'hlssu' supported only on MTP2_HSL"); 10147 b0 = gen_ncmp(cstate, OR_PACKET, cstate->off_li_hsl, BPF_H, 10148 0xff80U, BPF_JGT, 1, 0x0100U); 10149 b1 = gen_ncmp(cstate, OR_PACKET, cstate->off_li_hsl, BPF_H, 10150 0xff80U, BPF_JGT, 0, 0U); 10151 gen_and(b1, b0); 10152 break; 10153 10154 case MH_MSU: 10155 if ( (cstate->linktype != DLT_MTP2) && 10156 (cstate->linktype != DLT_ERF) && 10157 (cstate->linktype != DLT_MTP2_WITH_PHDR) ) 10158 bpf_error(cstate, "'hmsu' supported only on MTP2_HSL"); 10159 b0 = gen_ncmp(cstate, OR_PACKET, cstate->off_li_hsl, BPF_H, 10160 0xff80U, BPF_JGT, 0, 0x0100U); 10161 break; 10162 10163 default: 10164 abort(); 10165 } 10166 return b0; 10167 } 10168 10169 static struct block * 10170 gen_mtp3field_code_internal(compiler_state_t *cstate, int mtp3field, 10171 bpf_u_int32 jvalue, int jtype, int reverse) 10172 { 10173 struct block *b0; 10174 bpf_u_int32 val1 , val2 , val3; 10175 u_int newoff_sio; 10176 u_int newoff_opc; 10177 u_int newoff_dpc; 10178 u_int newoff_sls; 10179 10180 newoff_sio = cstate->off_sio; 10181 newoff_opc = cstate->off_opc; 10182 newoff_dpc = cstate->off_dpc; 10183 newoff_sls = cstate->off_sls; 10184 switch (mtp3field) { 10185 10186 case MH_SIO: 10187 newoff_sio += 3; /* offset for MTP2_HSL */ 10188 /* FALLTHROUGH */ 10189 10190 case M_SIO: 10191 if (cstate->off_sio == OFFSET_NOT_SET) 10192 bpf_error(cstate, "'sio' supported only on SS7"); 10193 /* sio coded on 1 byte so max value 255 */ 10194 if(jvalue > 255) 10195 bpf_error(cstate, "sio value %u too big; max value = 255", 10196 jvalue); 10197 b0 = gen_ncmp(cstate, OR_PACKET, newoff_sio, BPF_B, 0xffffffffU, 10198 jtype, reverse, jvalue); 10199 break; 10200 10201 case MH_OPC: 10202 newoff_opc += 3; 10203 10204 /* FALLTHROUGH */ 10205 case M_OPC: 10206 if (cstate->off_opc == OFFSET_NOT_SET) 10207 bpf_error(cstate, "'opc' supported only on SS7"); 10208 /* opc coded on 14 bits so max value 16383 */ 10209 if (jvalue > 16383) 10210 bpf_error(cstate, "opc value %u too big; max value = 16383", 10211 jvalue); 10212 /* the following instructions are made to convert jvalue 10213 * to the form used to write opc in an ss7 message*/ 10214 val1 = jvalue & 0x00003c00; 10215 val1 = val1 >>10; 10216 val2 = jvalue & 0x000003fc; 10217 val2 = val2 <<6; 10218 val3 = jvalue & 0x00000003; 10219 val3 = val3 <<22; 10220 jvalue = val1 + val2 + val3; 10221 b0 = gen_ncmp(cstate, OR_PACKET, newoff_opc, BPF_W, 0x00c0ff0fU, 10222 jtype, reverse, jvalue); 10223 break; 10224 10225 case MH_DPC: 10226 newoff_dpc += 3; 10227 /* FALLTHROUGH */ 10228 10229 case M_DPC: 10230 if (cstate->off_dpc == OFFSET_NOT_SET) 10231 bpf_error(cstate, "'dpc' supported only on SS7"); 10232 /* dpc coded on 14 bits so max value 16383 */ 10233 if (jvalue > 16383) 10234 bpf_error(cstate, "dpc value %u too big; max value = 16383", 10235 jvalue); 10236 /* the following instructions are made to convert jvalue 10237 * to the forme used to write dpc in an ss7 message*/ 10238 val1 = jvalue & 0x000000ff; 10239 val1 = val1 << 24; 10240 val2 = jvalue & 0x00003f00; 10241 val2 = val2 << 8; 10242 jvalue = val1 + val2; 10243 b0 = gen_ncmp(cstate, OR_PACKET, newoff_dpc, BPF_W, 0xff3f0000U, 10244 jtype, reverse, jvalue); 10245 break; 10246 10247 case MH_SLS: 10248 newoff_sls += 3; 10249 /* FALLTHROUGH */ 10250 10251 case M_SLS: 10252 if (cstate->off_sls == OFFSET_NOT_SET) 10253 bpf_error(cstate, "'sls' supported only on SS7"); 10254 /* sls coded on 4 bits so max value 15 */ 10255 if (jvalue > 15) 10256 bpf_error(cstate, "sls value %u too big; max value = 15", 10257 jvalue); 10258 /* the following instruction is made to convert jvalue 10259 * to the forme used to write sls in an ss7 message*/ 10260 jvalue = jvalue << 4; 10261 b0 = gen_ncmp(cstate, OR_PACKET, newoff_sls, BPF_B, 0xf0U, 10262 jtype, reverse, jvalue); 10263 break; 10264 10265 default: 10266 abort(); 10267 } 10268 return b0; 10269 } 10270 10271 struct block * 10272 gen_mtp3field_code(compiler_state_t *cstate, int mtp3field, 10273 bpf_u_int32 jvalue, int jtype, int reverse) 10274 { 10275 /* 10276 * Catch errors reported by us and routines below us, and return NULL 10277 * on an error. 10278 */ 10279 if (setjmp(cstate->top_ctx)) 10280 return (NULL); 10281 10282 return gen_mtp3field_code_internal(cstate, mtp3field, jvalue, jtype, 10283 reverse); 10284 } 10285 10286 static struct block * 10287 gen_msg_abbrev(compiler_state_t *cstate, int type) 10288 { 10289 struct block *b1; 10290 10291 /* 10292 * Q.2931 signalling protocol messages for handling virtual circuits 10293 * establishment and teardown 10294 */ 10295 switch (type) { 10296 10297 case A_SETUP: 10298 b1 = gen_atmfield_code_internal(cstate, A_MSGTYPE, SETUP, BPF_JEQ, 0); 10299 break; 10300 10301 case A_CALLPROCEED: 10302 b1 = gen_atmfield_code_internal(cstate, A_MSGTYPE, CALL_PROCEED, BPF_JEQ, 0); 10303 break; 10304 10305 case A_CONNECT: 10306 b1 = gen_atmfield_code_internal(cstate, A_MSGTYPE, CONNECT, BPF_JEQ, 0); 10307 break; 10308 10309 case A_CONNECTACK: 10310 b1 = gen_atmfield_code_internal(cstate, A_MSGTYPE, CONNECT_ACK, BPF_JEQ, 0); 10311 break; 10312 10313 case A_RELEASE: 10314 b1 = gen_atmfield_code_internal(cstate, A_MSGTYPE, RELEASE, BPF_JEQ, 0); 10315 break; 10316 10317 case A_RELEASE_DONE: 10318 b1 = gen_atmfield_code_internal(cstate, A_MSGTYPE, RELEASE_DONE, BPF_JEQ, 0); 10319 break; 10320 10321 default: 10322 abort(); 10323 } 10324 return b1; 10325 } 10326 10327 struct block * 10328 gen_atmmulti_abbrev(compiler_state_t *cstate, int type) 10329 { 10330 struct block *b0, *b1; 10331 10332 /* 10333 * Catch errors reported by us and routines below us, and return NULL 10334 * on an error. 10335 */ 10336 if (setjmp(cstate->top_ctx)) 10337 return (NULL); 10338 10339 switch (type) { 10340 10341 case A_OAM: 10342 if (!cstate->is_atm) 10343 bpf_error(cstate, "'oam' supported only on raw ATM"); 10344 /* OAM F4 type */ 10345 b0 = gen_atmfield_code_internal(cstate, A_VCI, 3, BPF_JEQ, 0); 10346 b1 = gen_atmfield_code_internal(cstate, A_VCI, 4, BPF_JEQ, 0); 10347 gen_or(b0, b1); 10348 b0 = gen_atmfield_code_internal(cstate, A_VPI, 0, BPF_JEQ, 0); 10349 gen_and(b0, b1); 10350 break; 10351 10352 case A_OAMF4: 10353 if (!cstate->is_atm) 10354 bpf_error(cstate, "'oamf4' supported only on raw ATM"); 10355 /* OAM F4 type */ 10356 b0 = gen_atmfield_code_internal(cstate, A_VCI, 3, BPF_JEQ, 0); 10357 b1 = gen_atmfield_code_internal(cstate, A_VCI, 4, BPF_JEQ, 0); 10358 gen_or(b0, b1); 10359 b0 = gen_atmfield_code_internal(cstate, A_VPI, 0, BPF_JEQ, 0); 10360 gen_and(b0, b1); 10361 break; 10362 10363 case A_CONNECTMSG: 10364 /* 10365 * Get Q.2931 signalling messages for switched 10366 * virtual connection 10367 */ 10368 if (!cstate->is_atm) 10369 bpf_error(cstate, "'connectmsg' supported only on raw ATM"); 10370 b0 = gen_msg_abbrev(cstate, A_SETUP); 10371 b1 = gen_msg_abbrev(cstate, A_CALLPROCEED); 10372 gen_or(b0, b1); 10373 b0 = gen_msg_abbrev(cstate, A_CONNECT); 10374 gen_or(b0, b1); 10375 b0 = gen_msg_abbrev(cstate, A_CONNECTACK); 10376 gen_or(b0, b1); 10377 b0 = gen_msg_abbrev(cstate, A_RELEASE); 10378 gen_or(b0, b1); 10379 b0 = gen_msg_abbrev(cstate, A_RELEASE_DONE); 10380 gen_or(b0, b1); 10381 b0 = gen_atmtype_sc(cstate); 10382 gen_and(b0, b1); 10383 break; 10384 10385 case A_METACONNECT: 10386 if (!cstate->is_atm) 10387 bpf_error(cstate, "'metaconnect' supported only on raw ATM"); 10388 b0 = gen_msg_abbrev(cstate, A_SETUP); 10389 b1 = gen_msg_abbrev(cstate, A_CALLPROCEED); 10390 gen_or(b0, b1); 10391 b0 = gen_msg_abbrev(cstate, A_CONNECT); 10392 gen_or(b0, b1); 10393 b0 = gen_msg_abbrev(cstate, A_RELEASE); 10394 gen_or(b0, b1); 10395 b0 = gen_msg_abbrev(cstate, A_RELEASE_DONE); 10396 gen_or(b0, b1); 10397 b0 = gen_atmtype_metac(cstate); 10398 gen_and(b0, b1); 10399 break; 10400 10401 default: 10402 abort(); 10403 } 10404 return b1; 10405 } 10406