1/*#define CHASE_CHAIN*/
2/*
3 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998
4 * The Regents of the University of California. All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that: (1) source code distributions
8 * retain the above copyright notice and this paragraph in its entirety, (2)
--- 5 unchanged lines hidden (view full) ---
14 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
15 * the University nor the names of its contributors may be used to endorse
16 * or promote products derived from this software without specific prior
17 * written permission.
18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
19 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
20 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
21 *
22 * $FreeBSD: head/contrib/libpcap/gencode.c 146771 2005-05-29 18:09:04Z sam $
23 */
24#ifndef lint
25static const char rcsid[] _U_ =
26 "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.221 2005/03/27 22:10:23 guy Exp $ (LBL)";
27#endif
28
29#ifdef HAVE_CONFIG_H
30#include "config.h"
31#endif
32
33#ifdef WIN32
34#include <pcap-stdinc.h>
--- 64 unchanged lines hidden (view full) ---
99
100#define JMP(c) ((c)|BPF_JMP|BPF_K)
101
102/* Locals */
103static jmp_buf top_ctx;
104static pcap_t *bpf_pcap;
105
106/* Hack for updating VLAN, MPLS offsets. */
107static u_int orig_linktype = -1U, orig_nl = -1U, orig_nl_nosnap = -1U;
108
109/* XXX */
110#ifdef PCAP_FDDIPAD
111static int pcap_fddipad;
112#endif
113
114/* VARARGS */
115void
116bpf_error(const char *fmt, ...)
117
118{
119 va_list ap;
120
121 va_start(ap, fmt);
122 if (bpf_pcap != NULL)
123 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE,
124 fmt, ap);
125 va_end(ap);
--- 4 unchanged lines hidden (view full) ---
130static void init_linktype(pcap_t *);
131
132static int alloc_reg(void);
133static void free_reg(int);
134
135static struct block *root;
136
137/*
138 * We divy out chunks of memory rather than call malloc each time so
139 * we don't have to worry about leaking memory. It's probably
140 * not a big deal if all this memory was wasted but if this ever
141 * goes into a library that would probably not be a good idea.
142 *
143 * XXX - this *is* in a library....
144 */
145#define NCHUNKS 16
--- 10 unchanged lines hidden (view full) ---
156static void freechunks(void);
157static inline struct block *new_block(int);
158static inline struct slist *new_stmt(int);
159static struct block *gen_retblk(int);
160static inline void syntax(void);
161
162static void backpatch(struct block *, struct block *);
163static void merge(struct block *, struct block *);
164static struct block *gen_cmp(u_int, u_int, bpf_int32);
165static struct block *gen_cmp_gt(u_int, u_int, bpf_int32);
166static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32);
167static struct block *gen_bcmp(u_int, u_int, const u_char *);
168static struct block *gen_ncmp(bpf_u_int32, bpf_u_int32, bpf_u_int32,
169 bpf_u_int32, bpf_u_int32, int);
170static struct block *gen_uncond(int);
171static inline struct block *gen_true(void);
172static inline struct block *gen_false(void);
173static struct block *gen_ether_linktype(int);
174static struct block *gen_linux_sll_linktype(int);
175static struct block *gen_linktype(int);
176static struct block *gen_snap(bpf_u_int32, bpf_u_int32, u_int);
177static struct block *gen_llc(int);
178static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int);
179#ifdef INET6
180static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int);
181#endif
182static struct block *gen_ahostop(const u_char *, int);
183static struct block *gen_ehostop(const u_char *, int);
184static struct block *gen_fhostop(const u_char *, int);
185static struct block *gen_thostop(const u_char *, int);
186static struct block *gen_wlanhostop(const u_char *, int);
187static struct block *gen_ipfchostop(const u_char *, int);
188static struct block *gen_dnhostop(bpf_u_int32, int, u_int);
189static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int);
190#ifdef INET6
191static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int);
192#endif
193#ifndef INET6
194static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int);
195#endif
196static struct block *gen_ipfrag(void);
197static struct block *gen_portatom(int, bpf_int32);
198#ifdef INET6
199static struct block *gen_portatom6(int, bpf_int32);
200#endif
201struct block *gen_portop(int, int, int);
202static struct block *gen_port(int, int, int);
203#ifdef INET6
204struct block *gen_portop6(int, int, int);
205static struct block *gen_port6(int, int, int);
206#endif
207static int lookup_proto(const char *, int);
208static struct block *gen_protochain(int, int, int);
209static struct block *gen_proto(int, int, int);
210static struct slist *xfer_to_x(struct arth *);
211static struct slist *xfer_to_a(struct arth *);
212static struct block *gen_mac_multicast(int);
213static struct block *gen_len(int, int);
--- 235 unchanged lines hidden (view full) ---
449void
450finish_parse(p)
451 struct block *p;
452{
453 backpatch(p, gen_retblk(snaplen));
454 p->sense = !p->sense;
455 backpatch(p, gen_retblk(0));
456 root = p->head;
457}
458
459void
460gen_and(b0, b1)
461 struct block *b0, *b1;
462{
463 backpatch(b0, b1->head);
464 b0->sense = !b0->sense;
--- 17 unchanged lines hidden (view full) ---
482void
483gen_not(b)
484 struct block *b;
485{
486 b->sense = !b->sense;
487}
488
489static struct block *
490gen_cmp(offset, size, v)
491 u_int offset, size;
492 bpf_int32 v;
493{
494 struct slist *s;
495 struct block *b;
496
497 s = new_stmt(BPF_LD|BPF_ABS|size);
498 s->s.k = offset;
499
500 b = new_block(JMP(BPF_JEQ));
501 b->stmts = s;
502 b->s.k = v;
503
504 return b;
505}
506
507static struct block *
508gen_cmp_gt(offset, size, v)
509 u_int offset, size;
510 bpf_int32 v;
511{
512 struct slist *s;
513 struct block *b;
514
515 s = new_stmt(BPF_LD|BPF_ABS|size);
516 s->s.k = offset;
517
518 b = new_block(JMP(BPF_JGT));
519 b->stmts = s;
520 b->s.k = v;
521
522 return b;
523}
524
525static struct block *
526gen_mcmp(offset, size, v, mask)
527 u_int offset, size;
528 bpf_int32 v;
529 bpf_u_int32 mask;
530{
531 struct block *b = gen_cmp(offset, size, v);
532 struct slist *s;
533
534 if (mask != 0xffffffff) {
535 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
536 s->s.k = mask;
537 b->stmts->next = s;
538 }
539 return b;
540}
541
542static struct block *
543gen_bcmp(offset, size, v)
544 register u_int offset, size;
545 register const u_char *v;
546{
547 register struct block *b, *tmp;
548
549 b = NULL;
550 while (size >= 4) {
551 register const u_char *p = &v[size - 4];
552 bpf_int32 w = ((bpf_int32)p[0] << 24) |
553 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3];
554
555 tmp = gen_cmp(offset + size - 4, BPF_W, w);
556 if (b != NULL)
557 gen_and(b, tmp);
558 b = tmp;
559 size -= 4;
560 }
561 while (size >= 2) {
562 register const u_char *p = &v[size - 2];
563 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1];
564
565 tmp = gen_cmp(offset + size - 2, BPF_H, w);
566 if (b != NULL)
567 gen_and(b, tmp);
568 b = tmp;
569 size -= 2;
570 }
571 if (size > 0) {
572 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]);
573 if (b != NULL)
574 gen_and(b, tmp);
575 b = tmp;
576 }
577 return b;
578}
579
580static struct block *
581gen_ncmp(datasize, offset, mask, jtype, jvalue, reverse)
582 bpf_u_int32 datasize, offset, mask, jtype, jvalue;
583 int reverse;
584{
585 struct slist *s;
586 struct block *b;
587
588 s = new_stmt(BPF_LD|datasize|BPF_ABS);
589 s->s.k = offset;
590
591 if (mask != 0xffffffff) {
592 s->next = new_stmt(BPF_ALU|BPF_AND|BPF_K);
593 s->next->s.k = mask;
594 }
595
596 b = new_block(JMP(jtype));
597 b->stmts = s;
598 b->s.k = jvalue;
599 if (reverse && (jtype == BPF_JGT || jtype == BPF_JGE))
600 gen_not(b);
601 return b;
602}
603
604/*
605 * Various code constructs need to know the layout of the data link
606 * layer. These variables give the necessary offsets.
607 */
608
609/*
610 * This is the offset of the beginning of the MAC-layer header.
611 * It's usually 0, except for ATM LANE.
612 */
613static u_int off_mac;
614
615/*
616 * "off_linktype" is the offset to information in the link-layer header
617 * giving the packet type.
--- 29 unchanged lines hidden (view full) ---
647/*
648 * These are offsets for the ATM pseudo-header.
649 */
650static u_int off_vpi;
651static u_int off_vci;
652static u_int off_proto;
653
654/*
655 * This is the offset of the first byte after the ATM pseudo_header,
656 * or -1 if there is no ATM pseudo-header.
657 */
658static u_int off_payload;
659
660/*
661 * These are offsets to the beginning of the network-layer header.
662 *
--- 36 unchanged lines hidden (view full) ---
699 off_mac = 0;
700 is_atm = 0;
701 is_lane = 0;
702 off_vpi = -1;
703 off_vci = -1;
704 off_proto = -1;
705 off_payload = -1;
706
707 orig_linktype = -1;
708 orig_nl = -1;
709 orig_nl_nosnap = -1;
710
711 switch (linktype) {
712
713 case DLT_ARCNET:
714 off_linktype = 2;
715 off_nl = 6; /* XXX in reality, variable! */
716 off_nl_nosnap = 6; /* no 802.2 LLC */
717 return;
718
--- 141 unchanged lines hidden (view full) ---
860 * the 802.11 header, containing a bunch of additional
861 * information including radio-level information.
862 *
863 * The header is 144 bytes long.
864 *
865 * XXX - same variable-length header problem; at least
866 * the Prism header is fixed-length.
867 */
868 off_linktype = 144+24;
869 off_nl = 144+32; /* Prism+802.11+802.2+SNAP */
870 off_nl_nosnap = 144+27; /* Prism+802.11+802.2 */
871 return;
872
873 case DLT_IEEE802_11_RADIO_AVS:
874 /*
875 * Same as 802.11, but with an additional header before
--- 4 unchanged lines hidden (view full) ---
880 * current incarnation.
881 *
882 * XXX - same variable-length header problem, only
883 * more so; this header is also variable-length,
884 * with the length being the 32-bit big-endian
885 * number at an offset of 4 from the beginning
886 * of the radio header.
887 */
888 off_linktype = 64+24;
889 off_nl = 64+32; /* Radio+802.11+802.2+SNAP */
890 off_nl_nosnap = 64+27; /* Radio+802.11+802.2 */
891 return;
892
893 case DLT_IEEE802_11_RADIO:
894 /*
895 * Same as 802.11, but with an additional header before
896 * the 802.11 header, containing a bunch of additional
897 * information including radio-level information.
898 *
899 * XXX - same variable-length header problem, only
900 * even *more* so; this header is also variable-length,
901 * with the length being the 16-bit number at an offset
902 * of 2 from the beginning of the radio header, and it's
903 * device-dependent (different devices might supply
904 * different amounts of information), so we can't even
905 * assume a fixed length for the current version of the
906 * header.
907 *
908 * Therefore, currently, only raw "link[N:M]" filtering is
909 * supported.
910 */
911 off_linktype = -1;
912 off_nl = -1;
913 off_nl_nosnap = -1;
914 return;
915
916 case DLT_ATM_RFC1483:
917 case DLT_ATM_CLIP: /* Linux ATM defines this */
918 /*
919 * assume routed, non-ISO PDUs
920 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00)
921 */
922 off_linktype = 0;
923 off_nl = 8; /* 802.2+SNAP */
924 off_nl_nosnap = 3; /* 802.2 */
925 return;
926
927 case DLT_SUNATM:
928 /*
--- 58 unchanged lines hidden (view full) ---
987 off_linktype = -1;
988 off_nl = 0;
989 off_nl_nosnap = 0; /* no 802.2 LLC */
990 return;
991
992 case DLT_APPLE_IP_OVER_IEEE1394:
993 off_linktype = 16;
994 off_nl = 18;
995 off_nl_nosnap = 0; /* no 802.2 LLC */
996 return;
997
998 case DLT_LINUX_IRDA:
999 /*
1000 * Currently, only raw "link[N:M]" filtering is supported.
1001 */
1002 off_linktype = -1;
1003 off_nl = -1;
--- 12 unchanged lines hidden (view full) ---
1016 case DLT_SYMANTEC_FIREWALL:
1017 off_linktype = 6;
1018 off_nl = 44; /* Ethernet II */
1019 off_nl_nosnap = 44; /* XXX - what does it do with 802.3 packets? */
1020 return;
1021
1022 case DLT_PFLOG:
1023 off_linktype = 0;
1024 /* XXX read from header? */
1025 off_nl = PFLOG_HDRLEN;
1026 off_nl_nosnap = PFLOG_HDRLEN;
1027 return;
1028
1029 case DLT_JUNIPER_MLFR:
1030 case DLT_JUNIPER_MLPPP:
1031 off_linktype = 4;
1032 off_nl = 4;
1033 off_nl_nosnap = -1;
1034 return;
1035
1036 case DLT_JUNIPER_ATM1:
1037 off_linktype = 4; /* in reality variable between 4-8 */
1038 off_nl = 4;
1039 off_nl_nosnap = 14;
1040 return;
1041
1042 case DLT_JUNIPER_ATM2:
1043 off_linktype = 8; /* in reality variable between 8-12 */
1044 off_nl = 8;
1045 off_nl_nosnap = 18;
1046 return;
1047
1048#ifdef DLT_PFSYNC
1049 case DLT_PFSYNC:
1050 off_linktype = -1;
1051 off_nl = 4;
1052 off_nl_nosnap = 4;
1053 return;
1054#endif
1055 }
1056 bpf_error("unknown data link type %d", linktype);
1057 /* NOTREACHED */
1058}
1059
1060static struct block *
1061gen_uncond(rsense)
1062 int rsense;
1063{
1064 struct block *b;
1065 struct slist *s;
1066
1067 s = new_stmt(BPF_LD|BPF_IMM);
--- 19 unchanged lines hidden (view full) ---
1087/*
1088 * Byte-swap a 32-bit number.
1089 * ("htonl()" or "ntohl()" won't work - we want to byte-swap even on
1090 * big-endian platforms.)
1091 */
1092#define SWAPLONG(y) \
1093((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff))
1094
1095static struct block *
1096gen_ether_linktype(proto)
1097 register int proto;
1098{
1099 struct block *b0, *b1;
1100
1101 switch (proto) {
1102
1103 case LLCSAP_ISONS:
1104 /*
1105 * OSI protocols always use 802.2 encapsulation.
1106 * XXX - should we check both the DSAP and the
1107 * SSAP, like this, or should we check just the
1108 * DSAP?
1109 */
1110 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1111 gen_not(b0);
1112 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1113 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
1114 gen_and(b0, b1);
1115 return b1;
1116
1117 case LLCSAP_IP:
1118 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1119 gen_not(b0);
1120 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1121 ((LLCSAP_IP << 8) | LLCSAP_IP));
1122 gen_and(b0, b1);
1123 return b1;
1124
1125 case LLCSAP_NETBEUI:
1126 /*
1127 * NetBEUI always uses 802.2 encapsulation.
1128 * XXX - should we check both the DSAP and the
1129 * SSAP, like this, or should we check just the
1130 * DSAP?
1131 */
1132 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1133 gen_not(b0);
1134 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1135 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
1136 gen_and(b0, b1);
1137 return b1;
1138
1139 case LLCSAP_IPX:
1140 /*
1141 * Check for;
1142 *
1143 * Ethernet_II frames, which are Ethernet
--- 20 unchanged lines hidden (view full) ---
1164 * XXX - should we generate the same code both
1165 * for tests for LLCSAP_IPX and for ETHERTYPE_IPX?
1166 */
1167
1168 /*
1169 * This generates code to check both for the
1170 * IPX LSAP (Ethernet_802.2) and for Ethernet_802.3.
1171 */
1172 b0 = gen_cmp(off_linktype + 2, BPF_B, (bpf_int32)LLCSAP_IPX);
1173 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)0xFFFF);
1174 gen_or(b0, b1);
1175
1176 /*
1177 * Now we add code to check for SNAP frames with
1178 * ETHERTYPE_IPX, i.e. Ethernet_SNAP.
1179 */
1180 b0 = gen_snap(0x000000, ETHERTYPE_IPX, 14);
1181 gen_or(b0, b1);
1182
1183 /*
1184 * Now we generate code to check for 802.3
1185 * frames in general.
1186 */
1187 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1188 gen_not(b0);
1189
1190 /*
1191 * Now add the check for 802.3 frames before the
1192 * check for Ethernet_802.2 and Ethernet_802.3,
1193 * as those checks should only be done on 802.3
1194 * frames, not on Ethernet frames.
1195 */
1196 gen_and(b0, b1);
1197
1198 /*
1199 * Now add the check for Ethernet_II frames, and
1200 * do that before checking for the other frame
1201 * types.
1202 */
1203 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)ETHERTYPE_IPX);
1204 gen_or(b0, b1);
1205 return b1;
1206
1207 case ETHERTYPE_ATALK:
1208 case ETHERTYPE_AARP:
1209 /*
1210 * EtherTalk (AppleTalk protocols on Ethernet link
1211 * layer) may use 802.2 encapsulation.
1212 */
1213
1214 /*
1215 * Check for 802.2 encapsulation (EtherTalk phase 2?);
1216 * we check for an Ethernet type field less than
1217 * 1500, which means it's an 802.3 length field.
1218 */
1219 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1220 gen_not(b0);
1221
1222 /*
1223 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1224 * SNAP packets with an organization code of
1225 * 0x080007 (Apple, for Appletalk) and a protocol
1226 * type of ETHERTYPE_ATALK (Appletalk).
1227 *
--- 8 unchanged lines hidden (view full) ---
1236 b1 = gen_snap(0x000000, ETHERTYPE_AARP, 14);
1237 gen_and(b0, b1);
1238
1239 /*
1240 * Check for Ethernet encapsulation (Ethertalk
1241 * phase 1?); we just check for the Ethernet
1242 * protocol type.
1243 */
1244 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1245
1246 gen_or(b0, b1);
1247 return b1;
1248
1249 default:
1250 if (proto <= ETHERMTU) {
1251 /*
1252 * This is an LLC SAP value, so the frames
1253 * that match would be 802.2 frames.
1254 * Check that the frame is an 802.2 frame
1255 * (i.e., that the length/type field is
1256 * a length field, <= ETHERMTU) and
1257 * then check the DSAP.
1258 */
1259 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1260 gen_not(b0);
1261 b1 = gen_cmp(off_linktype + 2, BPF_B, (bpf_int32)proto);
1262 gen_and(b0, b1);
1263 return b1;
1264 } else {
1265 /*
1266 * This is an Ethernet type, so compare
1267 * the length/type field with it (if
1268 * the frame is an 802.2 frame, the length
1269 * field will be <= ETHERMTU, and, as
1270 * "proto" is > ETHERMTU, this test
1271 * will fail and the frame won't match,
1272 * which is what we want).
1273 */
1274 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1275 }
1276 }
1277}
1278
1279static struct block *
1280gen_linux_sll_linktype(proto)
1281 register int proto;
1282{
1283 struct block *b0, *b1;
1284
1285 switch (proto) {
1286
1287 case LLCSAP_IP:
1288 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1289 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1290 ((LLCSAP_IP << 8) | LLCSAP_IP));
1291 gen_and(b0, b1);
1292 return b1;
1293
1294 case LLCSAP_ISONS:
1295 /*
1296 * OSI protocols always use 802.2 encapsulation.
1297 * XXX - should we check both the DSAP and the
1298 * SSAP, like this, or should we check just the
1299 * DSAP?
1300 */
1301 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1302 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1303 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
1304 gen_and(b0, b1);
1305 return b1;
1306
1307 case LLCSAP_NETBEUI:
1308 /*
1309 * NetBEUI always uses 802.2 encapsulation.
1310 * XXX - should we check both the DSAP and the
1311 * LSAP, like this, or should we check just the
1312 * DSAP?
1313 */
1314 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1315 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1316 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
1317 gen_and(b0, b1);
1318 return b1;
1319
1320 case LLCSAP_IPX:
1321 /*
1322 * Ethernet_II frames, which are Ethernet
1323 * frames with a frame type of ETHERTYPE_IPX;
1324 *
1325 * Ethernet_802.3 frames, which have a frame
1326 * type of LINUX_SLL_P_802_3;
1327 *
--- 10 unchanged lines hidden (view full) ---
1338 * ID of ETHERTYPE_IPX in the SNAP header.
1339 *
1340 * First, do the checks on LINUX_SLL_P_802_2
1341 * frames; generate the check for either
1342 * Ethernet_802.2 or Ethernet_SNAP frames, and
1343 * then put a check for LINUX_SLL_P_802_2 frames
1344 * before it.
1345 */
1346 b0 = gen_cmp(off_linktype + 2, BPF_B,
1347 (bpf_int32)LLCSAP_IPX);
1348 b1 = gen_snap(0x000000, ETHERTYPE_IPX,
1349 off_linktype + 2);
1350 gen_or(b0, b1);
1351 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1352 gen_and(b0, b1);
1353
1354 /*
1355 * Now check for 802.3 frames and OR that with
1356 * the previous test.
1357 */
1358 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_3);
1359 gen_or(b0, b1);
1360
1361 /*
1362 * Now add the check for Ethernet_II frames, and
1363 * do that before checking for the other frame
1364 * types.
1365 */
1366 b0 = gen_cmp(off_linktype, BPF_H,
1367 (bpf_int32)ETHERTYPE_IPX);
1368 gen_or(b0, b1);
1369 return b1;
1370
1371 case ETHERTYPE_ATALK:
1372 case ETHERTYPE_AARP:
1373 /*
1374 * EtherTalk (AppleTalk protocols on Ethernet link
1375 * layer) may use 802.2 encapsulation.
1376 */
1377
1378 /*
1379 * Check for 802.2 encapsulation (EtherTalk phase 2?);
1380 * we check for the 802.2 protocol type in the
1381 * "Ethernet type" field.
1382 */
1383 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1384
1385 /*
1386 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1387 * SNAP packets with an organization code of
1388 * 0x080007 (Apple, for Appletalk) and a protocol
1389 * type of ETHERTYPE_ATALK (Appletalk).
1390 *
1391 * 802.2-encapsulated ETHERTYPE_AARP packets are
--- 9 unchanged lines hidden (view full) ---
1401 off_linktype + 2);
1402 gen_and(b0, b1);
1403
1404 /*
1405 * Check for Ethernet encapsulation (Ethertalk
1406 * phase 1?); we just check for the Ethernet
1407 * protocol type.
1408 */
1409 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1410
1411 gen_or(b0, b1);
1412 return b1;
1413
1414 default:
1415 if (proto <= ETHERMTU) {
1416 /*
1417 * This is an LLC SAP value, so the frames
1418 * that match would be 802.2 frames.
1419 * Check for the 802.2 protocol type
1420 * in the "Ethernet type" field, and
1421 * then check the DSAP.
1422 */
1423 b0 = gen_cmp(off_linktype, BPF_H,
1424 LINUX_SLL_P_802_2);
1425 b1 = gen_cmp(off_linktype + 2, BPF_B,
1426 (bpf_int32)proto);
1427 gen_and(b0, b1);
1428 return b1;
1429 } else {
1430 /*
1431 * This is an Ethernet type, so compare
1432 * the length/type field with it (if
1433 * the frame is an 802.2 frame, the length
1434 * field will be <= ETHERMTU, and, as
1435 * "proto" is > ETHERMTU, this test
1436 * will fail and the frame won't match,
1437 * which is what we want).
1438 */
1439 return gen_cmp(off_linktype, BPF_H,
1440 (bpf_int32)proto);
1441 }
1442 }
1443}
1444
1445static struct block *
1446gen_linktype(proto)
1447 register int proto;
1448{
1449 struct block *b0, *b1, *b2;
1450
1451 switch (linktype) {
1452
--- 5 unchanged lines hidden (view full) ---
1458 case DLT_C_HDLC:
1459 switch (proto) {
1460
1461 case LLCSAP_ISONS:
1462 proto = (proto << 8 | LLCSAP_ISONS);
1463 /* fall through */
1464
1465 default:
1466 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1467 /*NOTREACHED*/
1468 break;
1469 }
1470 break;
1471
1472 case DLT_IEEE802_11:
1473 case DLT_PRISM_HEADER:
1474 case DLT_IEEE802_11_RADIO:
1475 case DLT_FDDI:
1476 case DLT_IEEE802:
1477 case DLT_ATM_RFC1483:
1478 case DLT_ATM_CLIP:
1479 case DLT_IP_OVER_FC:
1480 return gen_llc(proto);
1481 /*NOTREACHED*/
1482 break;
1483
1484 case DLT_SUNATM:
1485 /*
1486 * If "is_lane" is set, check for a LANE-encapsulated
1487 * version of this protocol, otherwise check for an
1488 * LLC-encapsulated version of this protocol.
1489 *
1490 * We assume LANE means Ethernet, not Token Ring.
1491 */
1492 if (is_lane) {
1493 /*
1494 * Check that the packet doesn't begin with an
1495 * LE Control marker. (We've already generated
1496 * a test for LANE.)
1497 */
1498 b0 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
1499 gen_not(b0);
1500
1501 /*
1502 * Now generate an Ethernet test.
1503 */
1504 b1 = gen_ether_linktype(proto);
1505 gen_and(b0, b1);
1506 return b1;
1507 } else {
1508 /*
1509 * Check for LLC encapsulation and then check the
1510 * protocol.
1511 */
1512 b0 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0);
1513 b1 = gen_llc(proto);
1514 gen_and(b0, b1);
1515 return b1;
1516 }
1517
1518 case DLT_LINUX_SLL:
1519 return gen_linux_sll_linktype(proto);
1520 /*NOTREACHED*/
1521 break;
1522
1523 case DLT_SLIP:
1524 case DLT_SLIP_BSDOS:
--- 73 unchanged lines hidden (view full) ---
1598 case DLT_PPP_BSDOS:
1599 /*
1600 * We use Ethernet protocol types inside libpcap;
1601 * map them to the corresponding PPP protocol types.
1602 */
1603 switch (proto) {
1604
1605 case ETHERTYPE_IP:
1606 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP);
1607 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC);
1608 gen_or(b0, b1);
1609 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC);
1610 gen_or(b1, b0);
1611 return b0;
1612
1613#ifdef INET6
1614 case ETHERTYPE_IPV6:
1615 proto = PPP_IPV6;
1616 /* more to go? */
1617 break;
--- 89 unchanged lines hidden (view full) ---
1707 * Then we run it through "htonl()", and
1708 * generate code to compare against the result.
1709 */
1710 if (bpf_pcap->sf.rfile != NULL &&
1711 bpf_pcap->sf.swapped)
1712 proto = SWAPLONG(proto);
1713 proto = htonl(proto);
1714 }
1715 return (gen_cmp(0, BPF_W, (bpf_int32)proto));
1716
1717 case DLT_PFLOG:
1718 /*
1719 * af field is host byte order in contrast to the rest of
1720 * the packet.
1721 */
1722 if (proto == ETHERTYPE_IP)
1723 return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B,
1724 (bpf_int32)AF_INET));
1725#ifdef INET6
1726 else if (proto == ETHERTYPE_IPV6)
1727 return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B,
1728 (bpf_int32)AF_INET6));
1729#endif /* INET6 */
1730 else
1731 return gen_false();
1732 /*NOTREACHED*/
1733 break;
1734
1735 case DLT_ARCNET:
1736 case DLT_ARCNET_LINUX:
1737 /*
1738 * XXX should we check for first fragment if the protocol
1739 * uses PHDS?
1740 */
1741 switch (proto) {
1742
1743 default:
1744 return gen_false();
1745
1746#ifdef INET6
1747 case ETHERTYPE_IPV6:
1748 return (gen_cmp(off_linktype, BPF_B,
1749 (bpf_int32)ARCTYPE_INET6));
1750#endif /* INET6 */
1751
1752 case ETHERTYPE_IP:
1753 b0 = gen_cmp(off_linktype, BPF_B,
1754 (bpf_int32)ARCTYPE_IP);
1755 b1 = gen_cmp(off_linktype, BPF_B,
1756 (bpf_int32)ARCTYPE_IP_OLD);
1757 gen_or(b0, b1);
1758 return (b1);
1759
1760 case ETHERTYPE_ARP:
1761 b0 = gen_cmp(off_linktype, BPF_B,
1762 (bpf_int32)ARCTYPE_ARP);
1763 b1 = gen_cmp(off_linktype, BPF_B,
1764 (bpf_int32)ARCTYPE_ARP_OLD);
1765 gen_or(b0, b1);
1766 return (b1);
1767
1768 case ETHERTYPE_REVARP:
1769 return (gen_cmp(off_linktype, BPF_B,
1770 (bpf_int32)ARCTYPE_REVARP));
1771
1772 case ETHERTYPE_ATALK:
1773 return (gen_cmp(off_linktype, BPF_B,
1774 (bpf_int32)ARCTYPE_ATALK));
1775 }
1776 /*NOTREACHED*/
1777 break;
1778
1779 case DLT_LTALK:
1780 switch (proto) {
1781 case ETHERTYPE_ATALK:
--- 10 unchanged lines hidden (view full) ---
1792 * DLCI and flags. What if the address is longer?
1793 */
1794 switch (proto) {
1795
1796 case ETHERTYPE_IP:
1797 /*
1798 * Check for the special NLPID for IP.
1799 */
1800 return gen_cmp(2, BPF_H, (0x03<<8) | 0xcc);
1801
1802#ifdef INET6
1803 case ETHERTYPE_IPV6:
1804 /*
1805 * Check for the special NLPID for IPv6.
1806 */
1807 return gen_cmp(2, BPF_H, (0x03<<8) | 0x8e);
1808#endif
1809
1810 case LLCSAP_ISONS:
1811 /*
1812 * Check for several OSI protocols.
1813 *
1814 * Frame Relay packets typically have an OSI
1815 * NLPID at the beginning; we check for each
1816 * of them.
1817 *
1818 * What we check for is the NLPID and a frame
1819 * control field of UI, i.e. 0x03 followed
1820 * by the NLPID.
1821 */
1822 b0 = gen_cmp(2, BPF_H, (0x03<<8) | ISO8473_CLNP);
1823 b1 = gen_cmp(2, BPF_H, (0x03<<8) | ISO9542_ESIS);
1824 b2 = gen_cmp(2, BPF_H, (0x03<<8) | ISO10589_ISIS);
1825 gen_or(b1, b2);
1826 gen_or(b0, b2);
1827 return b2;
1828
1829 default:
1830 return gen_false();
1831 }
1832 /*NOTREACHED*/
1833 break;
1834
1835 case DLT_JUNIPER_MLFR:
1836 case DLT_JUNIPER_MLPPP:
1837 case DLT_JUNIPER_ATM1:
1838 case DLT_JUNIPER_ATM2:
1839 /* just lets verify the magic number for now -
1840 * on ATM we may have up to 6 different encapsulations on the wire
1841 * and need a lot of heuristics to figure out that the payload
1842 * might be;
1843 *
1844 * FIXME encapsulation specific BPF_ filters
1845 */
1846 return gen_mcmp(0, BPF_W, 0x4d474300, 0xffffff00); /* compare the magic number */
1847
1848 case DLT_LINUX_IRDA:
1849 bpf_error("IrDA link-layer type filtering not implemented");
1850
1851 case DLT_DOCSIS:
1852 bpf_error("DOCSIS link-layer type filtering not implemented");
1853 }
1854
1855 /*
1856 * All the types that have no encapsulation should either be
1857 * handled as DLT_SLIP, DLT_SLIP_BSDOS, and DLT_RAW are, if
1858 * all packets are IP packets, or should be handled in some
1859 * special case, if none of them are (if some are and some
1860 * aren't, the lack of encapsulation is a problem, as we'd
--- 8 unchanged lines hidden (view full) ---
1869 * Any type not handled above should always have an Ethernet
1870 * type at an offset of "off_linktype". (PPP is partially
1871 * handled above - the protocol type is mapped from the
1872 * Ethernet and LLC types we use internally to the corresponding
1873 * PPP type - but the PPP type is always specified by a value
1874 * at "off_linktype", so we don't have to do the code generation
1875 * above.)
1876 */
1877 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1878}
1879
1880/*
1881 * Check for an LLC SNAP packet with a given organization code and
1882 * protocol type; we check the entire contents of the 802.2 LLC and
1883 * snap headers, checking for DSAP and SSAP of SNAP and a control
1884 * field of 0x03 in the LLC header, and for the specified organization
1885 * code and protocol type in the SNAP header.
--- 9 unchanged lines hidden (view full) ---
1895 snapblock[0] = LLCSAP_SNAP; /* DSAP = SNAP */
1896 snapblock[1] = LLCSAP_SNAP; /* SSAP = SNAP */
1897 snapblock[2] = 0x03; /* control = UI */
1898 snapblock[3] = (orgcode >> 16); /* upper 8 bits of organization code */
1899 snapblock[4] = (orgcode >> 8); /* middle 8 bits of organization code */
1900 snapblock[5] = (orgcode >> 0); /* lower 8 bits of organization code */
1901 snapblock[6] = (ptype >> 8); /* upper 8 bits of protocol type */
1902 snapblock[7] = (ptype >> 0); /* lower 8 bits of protocol type */
1903 return gen_bcmp(offset, 8, snapblock);
1904}
1905
1906/*
1907 * Check for a given protocol value assuming an 802.2 LLC header.
1908 */
1909static struct block *
1910gen_llc(proto)
1911 int proto;
1912{
1913 /*
1914 * XXX - handle token-ring variable-length header.
1915 */
1916 switch (proto) {
1917
1918 case LLCSAP_IP:
1919 return gen_cmp(off_linktype, BPF_H, (long)
1920 ((LLCSAP_IP << 8) | LLCSAP_IP));
1921
1922 case LLCSAP_ISONS:
1923 return gen_cmp(off_linktype, BPF_H, (long)
1924 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
1925
1926 case LLCSAP_NETBEUI:
1927 return gen_cmp(off_linktype, BPF_H, (long)
1928 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
1929
1930 case LLCSAP_IPX:
1931 /*
1932 * XXX - are there ever SNAP frames for IPX on
1933 * non-Ethernet 802.x networks?
1934 */
1935 return gen_cmp(off_linktype, BPF_B, (bpf_int32)LLCSAP_IPX);
1936
1937 case ETHERTYPE_ATALK:
1938 /*
1939 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1940 * SNAP packets with an organization code of
1941 * 0x080007 (Apple, for Appletalk) and a protocol
1942 * type of ETHERTYPE_ATALK (Appletalk).
1943 *
--- 7 unchanged lines hidden (view full) ---
1951 * XXX - we don't have to check for IPX 802.3
1952 * here, but should we check for the IPX Ethertype?
1953 */
1954 if (proto <= ETHERMTU) {
1955 /*
1956 * This is an LLC SAP value, so check
1957 * the DSAP.
1958 */
1959 return gen_cmp(off_linktype, BPF_B, (bpf_int32)proto);
1960 } else {
1961 /*
1962 * This is an Ethernet type; we assume that it's
1963 * unlikely that it'll appear in the right place
1964 * at random, and therefore check only the
1965 * location that would hold the Ethernet type
1966 * in a SNAP frame with an organization code of
1967 * 0x000000 (encapsulated Ethernet).
--- 5 unchanged lines hidden (view full) ---
1973 *
1974 * return gen_snap(0x000000, proto,
1975 * off_linktype);
1976 *
1977 * here; for now, we don't, as per the above.
1978 * I don't know whether it's worth the extra CPU
1979 * time to do the right check or not.
1980 */
1981 return gen_cmp(off_linktype+6, BPF_H, (bpf_int32)proto);
1982 }
1983 }
1984}
1985
1986static struct block *
1987gen_hostop(addr, mask, dir, proto, src_off, dst_off)
1988 bpf_u_int32 addr;
1989 bpf_u_int32 mask;
--- 25 unchanged lines hidden (view full) ---
2015 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
2016 gen_or(b0, b1);
2017 return b1;
2018
2019 default:
2020 abort();
2021 }
2022 b0 = gen_linktype(proto);
2023 b1 = gen_mcmp(offset, BPF_W, (bpf_int32)addr, mask);
2024 gen_and(b0, b1);
2025 return b1;
2026}
2027
2028#ifdef INET6
2029static struct block *
2030gen_hostop6(addr, mask, dir, proto, src_off, dst_off)
2031 struct in6_addr *addr;
--- 29 unchanged lines hidden (view full) ---
2061 return b1;
2062
2063 default:
2064 abort();
2065 }
2066 /* this order is important */
2067 a = (u_int32_t *)addr;
2068 m = (u_int32_t *)mask;
2069 b1 = gen_mcmp(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3]));
2070 b0 = gen_mcmp(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2]));
2071 gen_and(b0, b1);
2072 b0 = gen_mcmp(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1]));
2073 gen_and(b0, b1);
2074 b0 = gen_mcmp(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0]));
2075 gen_and(b0, b1);
2076 b0 = gen_linktype(proto);
2077 gen_and(b0, b1);
2078 return b1;
2079}
2080#endif /*INET6*/
2081
2082static struct block *
2083gen_ehostop(eaddr, dir)
2084 register const u_char *eaddr;
2085 register int dir;
2086{
2087 register struct block *b0, *b1;
2088
2089 switch (dir) {
2090 case Q_SRC:
2091 return gen_bcmp(off_mac + 6, 6, eaddr);
2092
2093 case Q_DST:
2094 return gen_bcmp(off_mac + 0, 6, eaddr);
2095
2096 case Q_AND:
2097 b0 = gen_ehostop(eaddr, Q_SRC);
2098 b1 = gen_ehostop(eaddr, Q_DST);
2099 gen_and(b0, b1);
2100 return b1;
2101
2102 case Q_DEFAULT:
--- 15 unchanged lines hidden (view full) ---
2118 register const u_char *eaddr;
2119 register int dir;
2120{
2121 struct block *b0, *b1;
2122
2123 switch (dir) {
2124 case Q_SRC:
2125#ifdef PCAP_FDDIPAD
2126 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr);
2127#else
2128 return gen_bcmp(6 + 1, 6, eaddr);
2129#endif
2130
2131 case Q_DST:
2132#ifdef PCAP_FDDIPAD
2133 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr);
2134#else
2135 return gen_bcmp(0 + 1, 6, eaddr);
2136#endif
2137
2138 case Q_AND:
2139 b0 = gen_fhostop(eaddr, Q_SRC);
2140 b1 = gen_fhostop(eaddr, Q_DST);
2141 gen_and(b0, b1);
2142 return b1;
2143
--- 15 unchanged lines hidden (view full) ---
2159gen_thostop(eaddr, dir)
2160 register const u_char *eaddr;
2161 register int dir;
2162{
2163 register struct block *b0, *b1;
2164
2165 switch (dir) {
2166 case Q_SRC:
2167 return gen_bcmp(8, 6, eaddr);
2168
2169 case Q_DST:
2170 return gen_bcmp(2, 6, eaddr);
2171
2172 case Q_AND:
2173 b0 = gen_thostop(eaddr, Q_SRC);
2174 b1 = gen_thostop(eaddr, Q_DST);
2175 gen_and(b0, b1);
2176 return b1;
2177
2178 case Q_DEFAULT:
--- 40 unchanged lines hidden (view full) ---
2219 */
2220
2221 /*
2222 * Generate the tests to be done for data frames
2223 * with From DS set.
2224 *
2225 * First, check for To DS set, i.e. check "link[1] & 0x01".
2226 */
2227 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2228 s->s.k = 1;
2229 b1 = new_block(JMP(BPF_JSET));
2230 b1->s.k = 0x01; /* To DS */
2231 b1->stmts = s;
2232
2233 /*
2234 * If To DS is set, the SA is at 24.
2235 */
2236 b0 = gen_bcmp(24, 6, eaddr);
2237 gen_and(b1, b0);
2238
2239 /*
2240 * Now, check for To DS not set, i.e. check
2241 * "!(link[1] & 0x01)".
2242 */
2243 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2244 s->s.k = 1;
2245 b2 = new_block(JMP(BPF_JSET));
2246 b2->s.k = 0x01; /* To DS */
2247 b2->stmts = s;
2248 gen_not(b2);
2249
2250 /*
2251 * If To DS is not set, the SA is at 16.
2252 */
2253 b1 = gen_bcmp(16, 6, eaddr);
2254 gen_and(b2, b1);
2255
2256 /*
2257 * Now OR together the last two checks. That gives
2258 * the complete set of checks for data frames with
2259 * From DS set.
2260 */
2261 gen_or(b1, b0);
2262
2263 /*
2264 * Now check for From DS being set, and AND that with
2265 * the ORed-together checks.
2266 */
2267 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2268 s->s.k = 1;
2269 b1 = new_block(JMP(BPF_JSET));
2270 b1->s.k = 0x02; /* From DS */
2271 b1->stmts = s;
2272 gen_and(b1, b0);
2273
2274 /*
2275 * Now check for data frames with From DS not set.
2276 */
2277 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2278 s->s.k = 1;
2279 b2 = new_block(JMP(BPF_JSET));
2280 b2->s.k = 0x02; /* From DS */
2281 b2->stmts = s;
2282 gen_not(b2);
2283
2284 /*
2285 * If From DS isn't set, the SA is at 10.
2286 */
2287 b1 = gen_bcmp(10, 6, eaddr);
2288 gen_and(b2, b1);
2289
2290 /*
2291 * Now OR together the checks for data frames with
2292 * From DS not set and for data frames with From DS
2293 * set; that gives the checks done for data frames.
2294 */
2295 gen_or(b1, b0);
2296
2297 /*
2298 * Now check for a data frame.
2299 * I.e, check "link[0] & 0x08".
2300 */
2301 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2302 s->s.k = 0;
2303 b1 = new_block(JMP(BPF_JSET));
2304 b1->s.k = 0x08;
2305 b1->stmts = s;
2306
2307 /*
2308 * AND that with the checks done for data frames.
2309 */
2310 gen_and(b1, b0);
2311
2312 /*
2313 * If the high-order bit of the type value is 0, this
2314 * is a management frame.
2315 * I.e, check "!(link[0] & 0x08)".
2316 */
2317 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2318 s->s.k = 0;
2319 b2 = new_block(JMP(BPF_JSET));
2320 b2->s.k = 0x08;
2321 b2->stmts = s;
2322 gen_not(b2);
2323
2324 /*
2325 * For management frames, the SA is at 10.
2326 */
2327 b1 = gen_bcmp(10, 6, eaddr);
2328 gen_and(b2, b1);
2329
2330 /*
2331 * OR that with the checks done for data frames.
2332 * That gives the checks done for management and
2333 * data frames.
2334 */
2335 gen_or(b1, b0);
2336
2337 /*
2338 * If the low-order bit of the type value is 1,
2339 * this is either a control frame or a frame
2340 * with a reserved type, and thus not a
2341 * frame with an SA.
2342 *
2343 * I.e., check "!(link[0] & 0x04)".
2344 */
2345 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2346 s->s.k = 0;
2347 b1 = new_block(JMP(BPF_JSET));
2348 b1->s.k = 0x04;
2349 b1->stmts = s;
2350 gen_not(b1);
2351
2352 /*
2353 * AND that with the checks for data and management
2354 * frames.
--- 18 unchanged lines hidden (view full) ---
2373 * if To DS is set.
2374 */
2375
2376 /*
2377 * Generate the tests to be done for data frames.
2378 *
2379 * First, check for To DS set, i.e. "link[1] & 0x01".
2380 */
2381 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2382 s->s.k = 1;
2383 b1 = new_block(JMP(BPF_JSET));
2384 b1->s.k = 0x01; /* To DS */
2385 b1->stmts = s;
2386
2387 /*
2388 * If To DS is set, the DA is at 16.
2389 */
2390 b0 = gen_bcmp(16, 6, eaddr);
2391 gen_and(b1, b0);
2392
2393 /*
2394 * Now, check for To DS not set, i.e. check
2395 * "!(link[1] & 0x01)".
2396 */
2397 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2398 s->s.k = 1;
2399 b2 = new_block(JMP(BPF_JSET));
2400 b2->s.k = 0x01; /* To DS */
2401 b2->stmts = s;
2402 gen_not(b2);
2403
2404 /*
2405 * If To DS is not set, the DA is at 4.
2406 */
2407 b1 = gen_bcmp(4, 6, eaddr);
2408 gen_and(b2, b1);
2409
2410 /*
2411 * Now OR together the last two checks. That gives
2412 * the complete set of checks for data frames.
2413 */
2414 gen_or(b1, b0);
2415
2416 /*
2417 * Now check for a data frame.
2418 * I.e, check "link[0] & 0x08".
2419 */
2420 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2421 s->s.k = 0;
2422 b1 = new_block(JMP(BPF_JSET));
2423 b1->s.k = 0x08;
2424 b1->stmts = s;
2425
2426 /*
2427 * AND that with the checks done for data frames.
2428 */
2429 gen_and(b1, b0);
2430
2431 /*
2432 * If the high-order bit of the type value is 0, this
2433 * is a management frame.
2434 * I.e, check "!(link[0] & 0x08)".
2435 */
2436 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2437 s->s.k = 0;
2438 b2 = new_block(JMP(BPF_JSET));
2439 b2->s.k = 0x08;
2440 b2->stmts = s;
2441 gen_not(b2);
2442
2443 /*
2444 * For management frames, the DA is at 4.
2445 */
2446 b1 = gen_bcmp(4, 6, eaddr);
2447 gen_and(b2, b1);
2448
2449 /*
2450 * OR that with the checks done for data frames.
2451 * That gives the checks done for management and
2452 * data frames.
2453 */
2454 gen_or(b1, b0);
2455
2456 /*
2457 * If the low-order bit of the type value is 1,
2458 * this is either a control frame or a frame
2459 * with a reserved type, and thus not a
2460 * frame with an SA.
2461 *
2462 * I.e., check "!(link[0] & 0x04)".
2463 */
2464 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2465 s->s.k = 0;
2466 b1 = new_block(JMP(BPF_JSET));
2467 b1->s.k = 0x04;
2468 b1->stmts = s;
2469 gen_not(b1);
2470
2471 /*
2472 * AND that with the checks for data and management
2473 * frames.
--- 27 unchanged lines hidden (view full) ---
2501gen_ipfchostop(eaddr, dir)
2502 register const u_char *eaddr;
2503 register int dir;
2504{
2505 register struct block *b0, *b1;
2506
2507 switch (dir) {
2508 case Q_SRC:
2509 return gen_bcmp(10, 6, eaddr);
2510
2511 case Q_DST:
2512 return gen_bcmp(2, 6, eaddr);
2513
2514 case Q_AND:
2515 b0 = gen_ipfchostop(eaddr, Q_SRC);
2516 b1 = gen_ipfchostop(eaddr, Q_DST);
2517 gen_and(b0, b1);
2518 return b1;
2519
2520 case Q_DEFAULT:
--- 21 unchanged lines hidden (view full) ---
2542 * will require a lot more hacking.
2543 *
2544 * To add support for filtering on DECNET "areas" (network numbers)
2545 * one would want to add a "mask" argument to this routine. That would
2546 * make the filter even more inefficient, although one could be clever
2547 * and not generate masking instructions if the mask is 0xFFFF.
2548 */
2549static struct block *
2550gen_dnhostop(addr, dir, base_off)
2551 bpf_u_int32 addr;
2552 int dir;
2553 u_int base_off;
2554{
2555 struct block *b0, *b1, *b2, *tmp;
2556 u_int offset_lh; /* offset if long header is received */
2557 u_int offset_sh; /* offset if short header is received */
2558
2559 switch (dir) {
2560
2561 case Q_DST:
2562 offset_sh = 1; /* follows flags */
2563 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */
2564 break;
2565
2566 case Q_SRC:
2567 offset_sh = 3; /* follows flags, dstnode */
2568 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */
2569 break;
2570
2571 case Q_AND:
2572 /* Inefficient because we do our Calvinball dance twice */
2573 b0 = gen_dnhostop(addr, Q_SRC, base_off);
2574 b1 = gen_dnhostop(addr, Q_DST, base_off);
2575 gen_and(b0, b1);
2576 return b1;
2577
2578 case Q_OR:
2579 case Q_DEFAULT:
2580 /* Inefficient because we do our Calvinball dance twice */
2581 b0 = gen_dnhostop(addr, Q_SRC, base_off);
2582 b1 = gen_dnhostop(addr, Q_DST, base_off);
2583 gen_or(b0, b1);
2584 return b1;
2585
2586 case Q_ISO:
2587 bpf_error("ISO host filtering not implemented");
2588
2589 default:
2590 abort();
2591 }
2592 b0 = gen_linktype(ETHERTYPE_DN);
2593 /* Check for pad = 1, long header case */
2594 tmp = gen_mcmp(base_off + 2, BPF_H,
2595 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF));
2596 b1 = gen_cmp(base_off + 2 + 1 + offset_lh,
2597 BPF_H, (bpf_int32)ntohs(addr));
2598 gen_and(tmp, b1);
2599 /* Check for pad = 0, long header case */
2600 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7);
2601 b2 = gen_cmp(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr));
2602 gen_and(tmp, b2);
2603 gen_or(b2, b1);
2604 /* Check for pad = 1, short header case */
2605 tmp = gen_mcmp(base_off + 2, BPF_H,
2606 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF));
2607 b2 = gen_cmp(base_off + 2 + 1 + offset_sh,
2608 BPF_H, (bpf_int32)ntohs(addr));
2609 gen_and(tmp, b2);
2610 gen_or(b2, b1);
2611 /* Check for pad = 0, short header case */
2612 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7);
2613 b2 = gen_cmp(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr));
2614 gen_and(tmp, b2);
2615 gen_or(b2, b1);
2616
2617 /* Combine with test for linktype */
2618 gen_and(b0, b1);
2619 return b1;
2620}
2621
--- 14 unchanged lines hidden (view full) ---
2636 b1 = gen_host(addr, mask, Q_ARP, dir);
2637 gen_or(b0, b1);
2638 b0 = gen_host(addr, mask, Q_RARP, dir);
2639 gen_or(b1, b0);
2640 }
2641 return b0;
2642
2643 case Q_IP:
2644 return gen_hostop(addr, mask, dir, ETHERTYPE_IP,
2645 off_nl + 12, off_nl + 16);
2646
2647 case Q_RARP:
2648 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP,
2649 off_nl + 14, off_nl + 24);
2650
2651 case Q_ARP:
2652 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP,
2653 off_nl + 14, off_nl + 24);
2654
2655 case Q_TCP:
2656 bpf_error("'tcp' modifier applied to host");
2657
2658 case Q_SCTP:
2659 bpf_error("'sctp' modifier applied to host");
2660
2661 case Q_UDP:
--- 16 unchanged lines hidden (view full) ---
2678
2679 case Q_ATALK:
2680 bpf_error("ATALK host filtering not implemented");
2681
2682 case Q_AARP:
2683 bpf_error("AARP host filtering not implemented");
2684
2685 case Q_DECNET:
2686 return gen_dnhostop(addr, dir, off_nl);
2687
2688 case Q_SCA:
2689 bpf_error("SCA host filtering not implemented");
2690
2691 case Q_LAT:
2692 bpf_error("LAT host filtering not implemented");
2693
2694 case Q_MOPDL:
--- 32 unchanged lines hidden (view full) ---
2727 bpf_error("'stp' modifier applied to host");
2728
2729 case Q_IPX:
2730 bpf_error("IPX host filtering not implemented");
2731
2732 case Q_NETBEUI:
2733 bpf_error("'netbeui' modifier applied to host");
2734
2735 default:
2736 abort();
2737 }
2738 /* NOTREACHED */
2739}
2740
2741#ifdef INET6
2742static struct block *
--- 58 unchanged lines hidden (view full) ---
2801
2802 case Q_MOPDL:
2803 bpf_error("MOPDL host filtering not implemented");
2804
2805 case Q_MOPRC:
2806 bpf_error("MOPRC host filtering not implemented");
2807
2808 case Q_IPV6:
2809 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6,
2810 off_nl + 8, off_nl + 24);
2811
2812 case Q_ICMPV6:
2813 bpf_error("'icmp6' modifier applied to host");
2814
2815 case Q_AH:
2816 bpf_error("'ah' modifier applied to host");
2817
2818 case Q_ESP:
--- 15 unchanged lines hidden (view full) ---
2834 bpf_error("'stp' modifier applied to host");
2835
2836 case Q_IPX:
2837 bpf_error("IPX host filtering not implemented");
2838
2839 case Q_NETBEUI:
2840 bpf_error("'netbeui' modifier applied to host");
2841
2842 default:
2843 abort();
2844 }
2845 /* NOTREACHED */
2846}
2847#endif /*INET6*/
2848
2849#ifndef INET6
--- 15 unchanged lines hidden (view full) ---
2865 case Q_ARP:
2866 case Q_RARP:
2867 if (linktype == DLT_EN10MB)
2868 b0 = gen_ehostop(eaddr, Q_OR);
2869 else if (linktype == DLT_FDDI)
2870 b0 = gen_fhostop(eaddr, Q_OR);
2871 else if (linktype == DLT_IEEE802)
2872 b0 = gen_thostop(eaddr, Q_OR);
2873 else if (linktype == DLT_IEEE802_11)
2874 b0 = gen_wlanhostop(eaddr, Q_OR);
2875 else if (linktype == DLT_SUNATM && is_lane) {
2876 /*
2877 * Check that the packet doesn't begin with an
2878 * LE Control marker. (We've already generated
2879 * a test for LANE.)
2880 */
2881 b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
2882 gen_not(b1);
2883
2884 /*
2885 * Now check the MAC address.
2886 */
2887 b0 = gen_ehostop(eaddr, Q_OR);
2888 gen_and(b1, b0);
2889 } else if (linktype == DLT_IP_OVER_FC)
--- 250 unchanged lines hidden (view full) ---
3140 case Q_IPX:
3141 b1 = gen_linktype(LLCSAP_IPX);
3142 break;
3143
3144 case Q_NETBEUI:
3145 b1 = gen_linktype(LLCSAP_NETBEUI);
3146 break;
3147
3148 default:
3149 abort();
3150 }
3151 return b1;
3152}
3153
3154static struct block *
3155gen_ipfrag()
3156{
3157 struct slist *s;
3158 struct block *b;
3159
3160 /* not ip frag */
3161 s = new_stmt(BPF_LD|BPF_H|BPF_ABS);
3162 s->s.k = off_nl + 6;
3163 b = new_block(JMP(BPF_JSET));
3164 b->s.k = 0x1fff;
3165 b->stmts = s;
3166 gen_not(b);
3167
3168 return b;
3169}
3170
3171static struct block *
3172gen_portatom(off, v)
3173 int off;
3174 bpf_int32 v;
3175{
3176 struct slist *s;
3177 struct block *b;
3178
3179 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
3180 s->s.k = off_nl;
3181
3182 s->next = new_stmt(BPF_LD|BPF_IND|BPF_H);
3183 s->next->s.k = off_nl + off;
3184
3185 b = new_block(JMP(BPF_JEQ));
3186 b->stmts = s;
3187 b->s.k = v;
3188
3189 return b;
3190}
3191
3192#ifdef INET6
3193static struct block *
3194gen_portatom6(off, v)
3195 int off;
3196 bpf_int32 v;
3197{
3198 return gen_cmp(off_nl + 40 + off, BPF_H, v);
3199}
3200#endif/*INET6*/
3201
3202struct block *
3203gen_portop(port, proto, dir)
3204 int port, proto, dir;
3205{
3206 struct block *b0, *b1, *tmp;
3207
3208 /* ip proto 'proto' */
3209 tmp = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)proto);
3210 b0 = gen_ipfrag();
3211 gen_and(tmp, b0);
3212
3213 switch (dir) {
3214 case Q_SRC:
3215 b1 = gen_portatom(0, (bpf_int32)port);
3216 break;
3217
--- 73 unchanged lines hidden (view full) ---
3291
3292#ifdef INET6
3293struct block *
3294gen_portop6(port, proto, dir)
3295 int port, proto, dir;
3296{
3297 struct block *b0, *b1, *tmp;
3298
3299 /* ip proto 'proto' */
3300 b0 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)proto);
3301
3302 switch (dir) {
3303 case Q_SRC:
3304 b1 = gen_portatom6(0, (bpf_int32)port);
3305 break;
3306
3307 case Q_DST:
3308 b1 = gen_portatom6(2, (bpf_int32)port);
--- 23 unchanged lines hidden (view full) ---
3332static struct block *
3333gen_port6(port, ip_proto, dir)
3334 int port;
3335 int ip_proto;
3336 int dir;
3337{
3338 struct block *b0, *b1, *tmp;
3339
3340 /* ether proto ip */
3341 b0 = gen_linktype(ETHERTYPE_IPV6);
3342
3343 switch (ip_proto) {
3344 case IPPROTO_UDP:
3345 case IPPROTO_TCP:
3346 case IPPROTO_SCTP:
3347 b1 = gen_portop6(port, ip_proto, dir);
3348 break;
--- 9 unchanged lines hidden (view full) ---
3358 default:
3359 abort();
3360 }
3361 gen_and(b0, b1);
3362 return b1;
3363}
3364#endif /* INET6 */
3365
3366static int
3367lookup_proto(name, proto)
3368 register const char *name;
3369 register int proto;
3370{
3371 register int v;
3372
3373 switch (proto) {
--- 72 unchanged lines hidden (view full) ---
3446 b = gen_protochain(v, Q_IPV6, dir);
3447 gen_or(b0, b);
3448 return b;
3449 default:
3450 bpf_error("bad protocol applied for 'protochain'");
3451 /*NOTREACHED*/
3452 }
3453
3454 no_optimize = 1; /*this code is not compatible with optimzer yet */
3455
3456 /*
3457 * s[0] is a dummy entry to protect other BPF insn from damaged
3458 * by s[fix] = foo with uninitialized variable "fix". It is somewhat
3459 * hard to find interdependency made by jump table fixup.
3460 */
3461 i = 0;
3462 s[i] = new_stmt(0); /*dummy*/
3463 i++;
3464
3465 switch (proto) {
--- 239 unchanged lines hidden (view full) ---
3705
3706 free_reg(reg2);
3707
3708 gen_and(b0, b);
3709 return b;
3710#endif
3711}
3712
3713static struct block *
3714gen_proto(v, proto, dir)
3715 int v;
3716 int proto;
3717 int dir;
3718{
3719 struct block *b0, *b1;
3720
--- 23 unchanged lines hidden (view full) ---
3744 * For LLC-encapsulated ATM/"Classical IP", RFC 1483 and
3745 * RFC 2225 say that SNAP encapsulation is used, not LLC
3746 * encapsulation with LLCSAP_IP.
3747 *
3748 * So we always check for ETHERTYPE_IP.
3749 */
3750 b0 = gen_linktype(ETHERTYPE_IP);
3751#ifndef CHASE_CHAIN
3752 b1 = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)v);
3753#else
3754 b1 = gen_protochain(v, Q_IP);
3755#endif
3756 gen_and(b0, b1);
3757 return b1;
3758
3759 case Q_ISO:
3760 switch (linktype) {
--- 12 unchanged lines hidden (view full) ---
3773 * control field value of UI, i.e. 0x03 followed
3774 * by the NLPID.
3775 *
3776 * XXX - assumes a 2-byte Frame Relay header with
3777 * DLCI and flags. What if the address is longer?
3778 *
3779 * XXX - what about SNAP-encapsulated frames?
3780 */
3781 return gen_cmp(2, BPF_H, (0x03<<8) | v);
3782 /*NOTREACHED*/
3783 break;
3784
3785 case DLT_C_HDLC:
3786 /*
3787 * Cisco uses an Ethertype lookalike - for OSI,
3788 * it's 0xfefe.
3789 */
3790 b0 = gen_linktype(LLCSAP_ISONS<<8 | LLCSAP_ISONS);
3791 /* OSI in C-HDLC is stuffed with a fudge byte */
3792 b1 = gen_cmp(off_nl_nosnap+1, BPF_B, (long)v);
3793 gen_and(b0, b1);
3794 return b1;
3795
3796 default:
3797 b0 = gen_linktype(LLCSAP_ISONS);
3798 b1 = gen_cmp(off_nl_nosnap, BPF_B, (long)v);
3799 gen_and(b0, b1);
3800 return b1;
3801 }
3802
3803 case Q_ISIS:
3804 b0 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT);
3805 /*
3806 * 4 is the offset of the PDU type relative to the IS-IS
3807 * header.
3808 */
3809 b1 = gen_cmp(off_nl_nosnap+4, BPF_B, (long)v);
3810 gen_and(b0, b1);
3811 return b1;
3812
3813 case Q_ARP:
3814 bpf_error("arp does not encapsulate another protocol");
3815 /* NOTREACHED */
3816
3817 case Q_RARP:
--- 58 unchanged lines hidden (view full) ---
3876 case Q_VRRP:
3877 bpf_error("'vrrp proto' is bogus");
3878 /* NOTREACHED */
3879
3880#ifdef INET6
3881 case Q_IPV6:
3882 b0 = gen_linktype(ETHERTYPE_IPV6);
3883#ifndef CHASE_CHAIN
3884 b1 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)v);
3885#else
3886 b1 = gen_protochain(v, Q_IPV6);
3887#endif
3888 gen_and(b0, b1);
3889 return b1;
3890
3891 case Q_ICMPV6:
3892 bpf_error("'icmp6 proto' is bogus");
--- 9 unchanged lines hidden (view full) ---
3902 bpf_error("'stp proto' is bogus");
3903
3904 case Q_IPX:
3905 bpf_error("'ipx proto' is bogus");
3906
3907 case Q_NETBEUI:
3908 bpf_error("'netbeui proto' is bogus");
3909
3910 default:
3911 abort();
3912 /* NOTREACHED */
3913 }
3914 /* NOTREACHED */
3915}
3916
3917struct block *
--- 12 unchanged lines hidden (view full) ---
3930 int tproto6;
3931 struct sockaddr_in *sin;
3932 struct sockaddr_in6 *sin6;
3933 struct addrinfo *res, *res0;
3934 struct in6_addr mask128;
3935#endif /*INET6*/
3936 struct block *b, *tmp;
3937 int port, real_proto;
3938
3939 switch (q.addr) {
3940
3941 case Q_NET:
3942 addr = pcap_nametonetaddr(name);
3943 if (addr == 0)
3944 bpf_error("unknown network '%s'", name);
3945 /* Left justify network addr and calculate its network mask */
--- 32 unchanged lines hidden (view full) ---
3978 if (eaddr == NULL)
3979 bpf_error(
3980 "unknown token ring host '%s'", name);
3981 b = gen_thostop(eaddr, dir);
3982 free(eaddr);
3983 return b;
3984
3985 case DLT_IEEE802_11:
3986 eaddr = pcap_ether_hostton(name);
3987 if (eaddr == NULL)
3988 bpf_error(
3989 "unknown 802.11 host '%s'", name);
3990 b = gen_wlanhostop(eaddr, dir);
3991 free(eaddr);
3992 return b;
3993
--- 10 unchanged lines hidden (view full) ---
4004 if (!is_lane)
4005 break;
4006
4007 /*
4008 * Check that the packet doesn't begin
4009 * with an LE Control marker. (We've
4010 * already generated a test for LANE.)
4011 */
4012 tmp = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H,
4013 0xFF00);
4014 gen_not(tmp);
4015
4016 eaddr = pcap_ether_hostton(name);
4017 if (eaddr == NULL)
4018 bpf_error(
4019 "unknown ether host '%s'", name);
4020 b = gen_ehostop(eaddr, dir);
4021 gen_and(tmp, b);
--- 115 unchanged lines hidden (view full) ---
4137 {
4138 struct block *b;
4139 b = gen_port(port, real_proto, dir);
4140 gen_or(gen_port6(port, real_proto, dir), b);
4141 return b;
4142 }
4143#endif /* INET6 */
4144
4145 case Q_GATEWAY:
4146#ifndef INET6
4147 eaddr = pcap_ether_hostton(name);
4148 if (eaddr == NULL)
4149 bpf_error("unknown ether host: %s", name);
4150
4151 alist = pcap_nametoaddr(name);
4152 if (alist == NULL || *alist == NULL)
--- 131 unchanged lines hidden (view full) ---
4284 {
4285 struct block *b;
4286 b = gen_port((int)v, proto, dir);
4287 gen_or(gen_port6((int)v, proto, dir), b);
4288 return b;
4289 }
4290#endif /* INET6 */
4291
4292 case Q_GATEWAY:
4293 bpf_error("'gateway' requires a name");
4294 /* NOTREACHED */
4295
4296 case Q_PROTO:
4297 return gen_proto((int)v, proto, dir);
4298
4299 case Q_PROTOCHAIN:
--- 78 unchanged lines hidden (view full) ---
4378
4379 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
4380 if (linktype == DLT_EN10MB)
4381 return gen_ehostop(eaddr, (int)q.dir);
4382 if (linktype == DLT_FDDI)
4383 return gen_fhostop(eaddr, (int)q.dir);
4384 if (linktype == DLT_IEEE802)
4385 return gen_thostop(eaddr, (int)q.dir);
4386 if (linktype == DLT_IEEE802_11)
4387 return gen_wlanhostop(eaddr, (int)q.dir);
4388 if (linktype == DLT_SUNATM && is_lane) {
4389 /*
4390 * Check that the packet doesn't begin with an
4391 * LE Control marker. (We've already generated
4392 * a test for LANE.)
4393 */
4394 tmp = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
4395 gen_not(tmp);
4396
4397 /*
4398 * Now check the MAC address.
4399 */
4400 b = gen_ehostop(eaddr, (int)q.dir);
4401 gen_and(tmp, b);
4402 return b;
--- 36 unchanged lines hidden (view full) ---
4439{
4440 struct slist *s;
4441
4442 s = new_stmt(BPF_LD|BPF_MEM);
4443 s->s.k = a->regno;
4444 return s;
4445}
4446
4447struct arth *
4448gen_load(proto, index, size)
4449 int proto;
4450 struct arth *index;
4451 int size;
4452{
4453 struct slist *s, *tmp;
4454 struct block *b;
--- 16 unchanged lines hidden (view full) ---
4471 case 4:
4472 size = BPF_W;
4473 break;
4474 }
4475 switch (proto) {
4476 default:
4477 bpf_error("unsupported index operation");
4478
4479 case Q_LINK:
4480 /*
4481 * XXX - what about ATM LANE? Should the index be
4482 * relative to the beginning of the AAL5 frame, so
4483 * that 0 refers to the beginning of the LE Control
4484 * field, or relative to the beginning of the LAN
4485 * frame, so that 0 refers, for Ethernet LANE, to
4486 * the beginning of the destination address?
4487 */
4488 s = xfer_to_x(index);
4489 tmp = new_stmt(BPF_LD|BPF_IND|size);
4490 sappend(s, tmp);
4491 sappend(index->s, s);
4492 break;
4493
4494 case Q_IP:
4495 case Q_ARP:
4496 case Q_RARP:
4497 case Q_ATALK:
4498 case Q_DECNET:
4499 case Q_SCA:
4500 case Q_LAT:
4501 case Q_MOPRC:
4502 case Q_MOPDL:
4503#ifdef INET6
4504 case Q_IPV6:
4505#endif
4506 /* XXX Note that we assume a fixed link header here. */
4507 s = xfer_to_x(index);
4508 tmp = new_stmt(BPF_LD|BPF_IND|size);
4509 tmp->s.k = off_nl;
4510 sappend(s, tmp);
4511 sappend(index->s, s);
4512
4513 b = gen_proto_abbrev(proto);
4514 if (index->b)
4515 gen_and(index->b, b);
4516 index->b = b;
4517 break;
4518
4519 case Q_SCTP:
4520 case Q_TCP:
4521 case Q_UDP:
4522 case Q_ICMP:
4523 case Q_IGMP:
4524 case Q_IGRP:
4525 case Q_PIM:
4526 case Q_VRRP:
4527 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
4528 s->s.k = off_nl;
4529 sappend(s, xfer_to_a(index));
4530 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X));
4531 sappend(s, new_stmt(BPF_MISC|BPF_TAX));
4532 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size));
4533 tmp->s.k = off_nl;
4534 sappend(index->s, s);
4535
4536 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag());
4537 if (index->b)
4538 gen_and(index->b, b);
4539#ifdef INET6
4540 gen_and(gen_proto_abbrev(Q_IP), b);
4541#endif
4542 index->b = b;
4543 break;
--- 209 unchanged lines hidden (view full) ---
4753 struct block *b;
4754
4755 b = gen_len(BPF_JGT, n);
4756 gen_not(b);
4757
4758 return b;
4759}
4760
4761struct block *
4762gen_byteop(op, idx, val)
4763 int op, idx, val;
4764{
4765 struct block *b;
4766 struct slist *s;
4767
4768 switch (op) {
4769 default:
4770 abort();
4771
4772 case '=':
4773 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
4774
4775 case '<':
4776 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
4777 b->s.code = JMP(BPF_JGE);
4778 gen_not(b);
4779 return b;
4780
4781 case '>':
4782 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
4783 b->s.code = JMP(BPF_JGT);
4784 return b;
4785
4786 case '|':
4787 s = new_stmt(BPF_ALU|BPF_OR|BPF_K);
4788 break;
4789
4790 case '&':
4791 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
--- 24 unchanged lines hidden (view full) ---
4816 if (linktype == DLT_ARCNET || linktype == DLT_ARCNET_LINUX)
4817 return gen_ahostop(abroadcast, Q_DST);
4818 if (linktype == DLT_EN10MB)
4819 return gen_ehostop(ebroadcast, Q_DST);
4820 if (linktype == DLT_FDDI)
4821 return gen_fhostop(ebroadcast, Q_DST);
4822 if (linktype == DLT_IEEE802)
4823 return gen_thostop(ebroadcast, Q_DST);
4824 if (linktype == DLT_IEEE802_11)
4825 return gen_wlanhostop(ebroadcast, Q_DST);
4826 if (linktype == DLT_IP_OVER_FC)
4827 return gen_ipfchostop(ebroadcast, Q_DST);
4828 if (linktype == DLT_SUNATM && is_lane) {
4829 /*
4830 * Check that the packet doesn't begin with an
4831 * LE Control marker. (We've already generated
4832 * a test for LANE.)
4833 */
4834 b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
4835 gen_not(b1);
4836
4837 /*
4838 * Now check the MAC address.
4839 */
4840 b0 = gen_ehostop(ebroadcast, Q_DST);
4841 gen_and(b1, b0);
4842 return b0;
4843 }
4844 bpf_error("not a broadcast link");
4845 break;
4846
4847 case Q_IP:
4848 b0 = gen_linktype(ETHERTYPE_IP);
4849 hostmask = ~netmask;
4850 b1 = gen_mcmp(off_nl + 16, BPF_W, (bpf_int32)0, hostmask);
4851 b2 = gen_mcmp(off_nl + 16, BPF_W,
4852 (bpf_int32)(~0 & hostmask), hostmask);
4853 gen_or(b1, b2);
4854 gen_and(b0, b2);
4855 return b2;
4856 }
4857 bpf_error("only link-layer/IP broadcast filters supported");
4858 /* NOTREACHED */
4859}
--- 5 unchanged lines hidden (view full) ---
4865static struct block *
4866gen_mac_multicast(offset)
4867 int offset;
4868{
4869 register struct block *b0;
4870 register struct slist *s;
4871
4872 /* link[offset] & 1 != 0 */
4873 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4874 s->s.k = offset;
4875 b0 = new_block(JMP(BPF_JSET));
4876 b0->s.k = 1;
4877 b0->stmts = s;
4878 return b0;
4879}
4880
4881struct block *
4882gen_multicast(proto)
--- 25 unchanged lines hidden (view full) ---
4908 return gen_mac_multicast(1);
4909 }
4910
4911 if (linktype == DLT_IEEE802) {
4912 /* tr[2] & 1 != 0 */
4913 return gen_mac_multicast(2);
4914 }
4915
4916 if (linktype == DLT_IEEE802_11) {
4917 /*
4918 * Oh, yuk.
4919 *
4920 * For control frames, there is no DA.
4921 *
4922 * For management frames, DA is at an
4923 * offset of 4 from the beginning of
4924 * the packet.
--- 5 unchanged lines hidden (view full) ---
4930 * if To DS is set.
4931 */
4932
4933 /*
4934 * Generate the tests to be done for data frames.
4935 *
4936 * First, check for To DS set, i.e. "link[1] & 0x01".
4937 */
4938 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4939 s->s.k = 1;
4940 b1 = new_block(JMP(BPF_JSET));
4941 b1->s.k = 0x01; /* To DS */
4942 b1->stmts = s;
4943
4944 /*
4945 * If To DS is set, the DA is at 16.
4946 */
4947 b0 = gen_mac_multicast(16);
4948 gen_and(b1, b0);
4949
4950 /*
4951 * Now, check for To DS not set, i.e. check
4952 * "!(link[1] & 0x01)".
4953 */
4954 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4955 s->s.k = 1;
4956 b2 = new_block(JMP(BPF_JSET));
4957 b2->s.k = 0x01; /* To DS */
4958 b2->stmts = s;
4959 gen_not(b2);
4960
4961 /*
4962 * If To DS is not set, the DA is at 4.
4963 */
--- 5 unchanged lines hidden (view full) ---
4969 * the complete set of checks for data frames.
4970 */
4971 gen_or(b1, b0);
4972
4973 /*
4974 * Now check for a data frame.
4975 * I.e, check "link[0] & 0x08".
4976 */
4977 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4978 s->s.k = 0;
4979 b1 = new_block(JMP(BPF_JSET));
4980 b1->s.k = 0x08;
4981 b1->stmts = s;
4982
4983 /*
4984 * AND that with the checks done for data frames.
4985 */
4986 gen_and(b1, b0);
4987
4988 /*
4989 * If the high-order bit of the type value is 0, this
4990 * is a management frame.
4991 * I.e, check "!(link[0] & 0x08)".
4992 */
4993 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4994 s->s.k = 0;
4995 b2 = new_block(JMP(BPF_JSET));
4996 b2->s.k = 0x08;
4997 b2->stmts = s;
4998 gen_not(b2);
4999
5000 /*
5001 * For management frames, the DA is at 4.
5002 */
--- 10 unchanged lines hidden (view full) ---
5013 /*
5014 * If the low-order bit of the type value is 1,
5015 * this is either a control frame or a frame
5016 * with a reserved type, and thus not a
5017 * frame with an SA.
5018 *
5019 * I.e., check "!(link[0] & 0x04)".
5020 */
5021 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
5022 s->s.k = 0;
5023 b1 = new_block(JMP(BPF_JSET));
5024 b1->s.k = 0x04;
5025 b1->stmts = s;
5026 gen_not(b1);
5027
5028 /*
5029 * AND that with the checks for data and management
5030 * frames.
--- 8 unchanged lines hidden (view full) ---
5039 }
5040
5041 if (linktype == DLT_SUNATM && is_lane) {
5042 /*
5043 * Check that the packet doesn't begin with an
5044 * LE Control marker. (We've already generated
5045 * a test for LANE.)
5046 */
5047 b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
5048 gen_not(b1);
5049
5050 /* ether[off_mac] & 1 != 0 */
5051 b0 = gen_mac_multicast(off_mac);
5052 gen_and(b1, b0);
5053 return b0;
5054 }
5055
5056 /* Link not known to support multicasts */
5057 break;
5058
5059 case Q_IP:
5060 b0 = gen_linktype(ETHERTYPE_IP);
5061 b1 = gen_cmp(off_nl + 16, BPF_B, (bpf_int32)224);
5062 b1->s.code = JMP(BPF_JGE);
5063 gen_and(b0, b1);
5064 return b1;
5065
5066#ifdef INET6
5067 case Q_IPV6:
5068 b0 = gen_linktype(ETHERTYPE_IPV6);
5069 b1 = gen_cmp(off_nl + 24, BPF_B, (bpf_int32)255);
5070 gen_and(b0, b1);
5071 return b1;
5072#endif /* INET6 */
5073 }
5074 bpf_error("link-layer multicast filters supported only on ethernet/FDDI/token ring/ARCNET/802.11/ATM LANE/Fibre Channel");
5075 /* NOTREACHED */
5076}
5077
--- 19 unchanged lines hidden (view full) ---
5097 dir);
5098 break;
5099
5100 case DLT_LINUX_SLL:
5101 if (dir) {
5102 /*
5103 * Match packets sent by this machine.
5104 */
5105 b0 = gen_cmp(0, BPF_H, LINUX_SLL_OUTGOING);
5106 } else {
5107 /*
5108 * Match packets sent to this machine.
5109 * (No broadcast or multicast packets, or
5110 * packets sent to some other machine and
5111 * received promiscuously.)
5112 *
5113 * XXX - packets sent to other machines probably
5114 * shouldn't be matched, but what about broadcast
5115 * or multicast packets we received?
5116 */
5117 b0 = gen_cmp(0, BPF_H, LINUX_SLL_HOST);
5118 }
5119 break;
5120
5121 case DLT_PFLOG:
5122 b0 = gen_cmp(offsetof(struct pfloghdr, dir), BPF_B,
5123 (bpf_int32)((dir == 0) ? PF_IN : PF_OUT));
5124 break;
5125
5126 case DLT_PPP_PPPD:
5127 if (dir) {
5128 /* match outgoing packets */
5129 b0 = gen_cmp(0, BPF_B, PPP_PPPD_OUT);
5130 } else {
5131 /* match incoming packets */
5132 b0 = gen_cmp(0, BPF_B, PPP_PPPD_IN);
5133 }
5134 break;
5135
5136 case DLT_JUNIPER_MLFR:
5137 case DLT_JUNIPER_MLPPP:
5138 case DLT_JUNIPER_ATM1:
5139 case DLT_JUNIPER_ATM2:
5140 /* juniper flags (including direction) are stored
5141 * the byte after the 3-byte magic number */
5142 if (dir) {
5143 /* match outgoing packets */
5144 b0 = gen_mcmp(3, BPF_B, 0, 0x01);
5145 } else {
5146 /* match incoming packets */
5147 b0 = gen_mcmp(3, BPF_B, 1, 0x01);
5148 }
5149 break;
5150
5151 default:
5152 bpf_error("inbound/outbound not supported on linktype %d",
5153 linktype);
5154 b0 = NULL;
5155 /* NOTREACHED */
--- 15 unchanged lines hidden (view full) ---
5171 bpf_error("ifname not supported on linktype 0x%x", linktype);
5172 /* NOTREACHED */
5173 }
5174 if (strlen(ifname) >= len) {
5175 bpf_error("ifname interface names can only be %d characters",
5176 len-1);
5177 /* NOTREACHED */
5178 }
5179 b0 = gen_bcmp(off, strlen(ifname), (const u_char *)ifname);
5180 return (b0);
5181}
5182
5183/* PF firewall log matched interface */
5184struct block *
5185gen_pf_ruleset(char *ruleset)
5186{
5187 struct block *b0;
5188
5189 if (linktype != DLT_PFLOG) {
5190 bpf_error("ruleset not supported on linktype 0x%x", linktype);
5191 /* NOTREACHED */
5192 }
5193 if (strlen(ruleset) >= sizeof(((struct pfloghdr *)0)->ruleset)) {
5194 bpf_error("ruleset names can only be %ld characters",
5195 (long)(sizeof(((struct pfloghdr *)0)->ruleset) - 1));
5196 /* NOTREACHED */
5197 }
5198 b0 = gen_bcmp(offsetof(struct pfloghdr, ruleset),
5199 strlen(ruleset), (const u_char *)ruleset);
5200 return (b0);
5201}
5202
5203/* PF firewall log rule number */
5204struct block *
5205gen_pf_rnr(int rnr)
5206{
5207 struct block *b0;
5208
5209 if (linktype == DLT_PFLOG) {
5210 b0 = gen_cmp(offsetof(struct pfloghdr, rulenr), BPF_W,
5211 (bpf_int32)rnr);
5212 } else {
5213 bpf_error("rnr not supported on linktype 0x%x", linktype);
5214 /* NOTREACHED */
5215 }
5216
5217 return (b0);
5218}
--- 4 unchanged lines hidden (view full) ---
5223{
5224 struct block *b0;
5225
5226 if (linktype != DLT_PFLOG) {
5227 bpf_error("srnr not supported on linktype 0x%x", linktype);
5228 /* NOTREACHED */
5229 }
5230
5231 b0 = gen_cmp(offsetof(struct pfloghdr, subrulenr), BPF_W,
5232 (bpf_int32)srnr);
5233 return (b0);
5234}
5235
5236/* PF firewall log reason code */
5237struct block *
5238gen_pf_reason(int reason)
5239{
5240 struct block *b0;
5241
5242 if (linktype == DLT_PFLOG) {
5243 b0 = gen_cmp(offsetof(struct pfloghdr, reason), BPF_B,
5244 (bpf_int32)reason);
5245 } else {
5246 bpf_error("reason not supported on linktype 0x%x", linktype);
5247 /* NOTREACHED */
5248 }
5249
5250 return (b0);
5251}
5252
5253/* PF firewall log action */
5254struct block *
5255gen_pf_action(int action)
5256{
5257 struct block *b0;
5258
5259 if (linktype == DLT_PFLOG) {
5260 b0 = gen_cmp(offsetof(struct pfloghdr, action), BPF_B,
5261 (bpf_int32)action);
5262 } else {
5263 bpf_error("action not supported on linktype 0x%x", linktype);
5264 /* NOTREACHED */
5265 }
5266
5267 return (b0);
5268}
--- 16 unchanged lines hidden (view full) ---
5285 register const u_char *eaddr;
5286 register int dir;
5287{
5288 register struct block *b0, *b1;
5289
5290 switch (dir) {
5291 /* src comes first, different from Ethernet */
5292 case Q_SRC:
5293 return gen_bcmp(0, 1, eaddr);
5294
5295 case Q_DST:
5296 return gen_bcmp(1, 1, eaddr);
5297
5298 case Q_AND:
5299 b0 = gen_ahostop(eaddr, Q_SRC);
5300 b1 = gen_ahostop(eaddr, Q_DST);
5301 gen_and(b0, b1);
5302 return b1;
5303
5304 case Q_DEFAULT:
--- 13 unchanged lines hidden (view full) ---
5318struct block *
5319gen_vlan(vlan_num)
5320 int vlan_num;
5321{
5322 struct block *b0;
5323
5324 /*
5325 * Change the offsets to point to the type and data fields within
5326 * the VLAN packet. This is somewhat of a kludge.
5327 */
5328 if (orig_nl == (u_int)-1) {
5329 orig_linktype = off_linktype; /* save original values */
5330 orig_nl = off_nl;
5331 orig_nl_nosnap = off_nl_nosnap;
5332
5333 switch (linktype) {
5334
5335 case DLT_EN10MB:
5336 off_linktype = 16;
5337 off_nl_nosnap = 18;
5338 off_nl = 18;
5339 break;
5340
5341 default:
5342 bpf_error("no VLAN support for data link type %d",
5343 linktype);
5344 /*NOTREACHED*/
5345 }
5346 }
5347
5348 /* check for VLAN */
5349 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q);
5350
5351 /* If a specific VLAN is requested, check VLAN id */
5352 if (vlan_num >= 0) {
5353 struct block *b1;
5354
5355 b1 = gen_mcmp(orig_nl, BPF_H, (bpf_int32)vlan_num, 0x0fff);
5356 gen_and(b0, b1);
5357 b0 = b1;
5358 }
5359
5360 return (b0);
5361}
5362
5363/*
5364 * support for MPLS
5365 */
5366struct block *
5367gen_mpls(label_num)
5368 int label_num;
5369{
5370 struct block *b0;
5371
5372 /*
5373 * Change the offsets to point to the type and data fields within
5374 * the MPLS packet. This is somewhat of a kludge.
5375 */
5376 if (orig_nl == (u_int)-1) {
5377 orig_linktype = off_linktype; /* save original values */
5378 orig_nl = off_nl;
5379 orig_nl_nosnap = off_nl_nosnap;
5380
5381 switch (linktype) {
5382
5383 case DLT_EN10MB:
5384 off_linktype = 16;
5385 off_nl_nosnap = 18;
5386 off_nl = 18;
5387
5388 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_MPLS);
5389 break;
5390
5391 case DLT_PPP:
5392 off_linktype = 6;
5393 off_nl_nosnap = 8;
5394 off_nl = 8;
5395
5396 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)PPP_MPLS_UCAST);
5397 break;
5398
5399 case DLT_C_HDLC:
5400 off_linktype = 6;
5401 off_nl_nosnap = 8;
5402 off_nl = 8;
5403
5404 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_MPLS);
5405 break;
5406
5407 /* FIXME add other DLT_s ...
5408 * for Frame-Relay/and ATM this may get messy due to SNAP headers
5409 * leave it for now */
5410
5411 default:
5412 bpf_error("no MPLS support for data link type %d",
5413 linktype);
5414 b0 = NULL;
5415 /*NOTREACHED*/
5416 }
5417 } else {
5418 bpf_error("'mpls' can't be combined with 'vlan' or another 'mpls'");
5419 b0 = NULL;
5420 /*NOTREACHED*/
5421 }
5422
5423 /* If a specific MPLS label is requested, check it */
5424 if (label_num >= 0) {
5425 struct block *b1;
5426
5427 label_num = label_num << 12; /* label is shifted 12 bits on the wire */
5428 b1 = gen_mcmp(orig_nl, BPF_W, (bpf_int32)label_num, 0xfffff000); /* only compare the first 20 bits */
5429 gen_and(b0, b1);
5430 b0 = b1;
5431 }
5432
5433 return (b0);
5434}
5435
5436struct block *
5437gen_atmfield_code(atmfield, jvalue, jtype, reverse)
5438 int atmfield;
5439 bpf_u_int32 jvalue;
5440 bpf_u_int32 jtype;
5441 int reverse;
5442{
5443 struct block *b0;
5444
5445 switch (atmfield) {
5446
5447 case A_VPI:
5448 if (!is_atm)
5449 bpf_error("'vpi' supported only on raw ATM");
5450 if (off_vpi == (u_int)-1)
5451 abort();
5452 b0 = gen_ncmp(BPF_B, off_vpi, 0xffffffff, (u_int)jtype,
5453 (u_int)jvalue, reverse);
5454 break;
5455
5456 case A_VCI:
5457 if (!is_atm)
5458 bpf_error("'vci' supported only on raw ATM");
5459 if (off_vci == (u_int)-1)
5460 abort();
5461 b0 = gen_ncmp(BPF_H, off_vci, 0xffffffff, (u_int)jtype,
5462 (u_int)jvalue, reverse);
5463 break;
5464
5465 case A_PROTOTYPE:
5466 if (off_proto == (u_int)-1)
5467 abort(); /* XXX - this isn't on FreeBSD */
5468 b0 = gen_ncmp(BPF_B, off_proto, 0x0f, (u_int)jtype,
5469 (u_int)jvalue, reverse);
5470 break;
5471
5472 case A_MSGTYPE:
5473 if (off_payload == (u_int)-1)
5474 abort();
5475 b0 = gen_ncmp(BPF_B, off_payload + MSG_TYPE_POS, 0xffffffff,
5476 (u_int)jtype, (u_int)jvalue, reverse);
5477 break;
5478
5479 case A_CALLREFTYPE:
5480 if (!is_atm)
5481 bpf_error("'callref' supported only on raw ATM");
5482 if (off_proto == (u_int)-1)
5483 abort();
5484 b0 = gen_ncmp(BPF_B, off_proto, 0xffffffff, (u_int)jtype,
5485 (u_int)jvalue, reverse);
5486 break;
5487
5488 default:
5489 abort();
5490 }
5491 return b0;
5492}
5493
--- 93 unchanged lines hidden (view full) ---
5587 break;
5588
5589 default:
5590 abort();
5591 }
5592 return b1;
5593}
5594
5595
5596static struct block *
5597gen_msg_abbrev(type)
5598 int type;
5599{
5600 struct block *b1;
5601
5602 /*
5603 * Q.2931 signalling protocol messages for handling virtual circuits
--- 102 unchanged lines hidden ---
2/*
3 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998
4 * The Regents of the University of California. All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that: (1) source code distributions
8 * retain the above copyright notice and this paragraph in its entirety, (2)
--- 5 unchanged lines hidden (view full) ---
14 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
15 * the University nor the names of its contributors may be used to endorse
16 * or promote products derived from this software without specific prior
17 * written permission.
18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
19 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
20 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
21 *
22 * $FreeBSD: head/contrib/libpcap/gencode.c 146771 2005-05-29 18:09:04Z sam $
23 */
24#ifndef lint
25static const char rcsid[] _U_ =
26 "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.221 2005/03/27 22:10:23 guy Exp $ (LBL)";
27#endif
28
29#ifdef HAVE_CONFIG_H
30#include "config.h"
31#endif
32
33#ifdef WIN32
34#include <pcap-stdinc.h>
--- 64 unchanged lines hidden (view full) ---
99
100#define JMP(c) ((c)|BPF_JMP|BPF_K)
101
102/* Locals */
103static jmp_buf top_ctx;
104static pcap_t *bpf_pcap;
105
106/* Hack for updating VLAN, MPLS offsets. */
107static u_int orig_linktype = -1U, orig_nl = -1U, orig_nl_nosnap = -1U;
108
109/* XXX */
110#ifdef PCAP_FDDIPAD
111static int pcap_fddipad;
112#endif
113
114/* VARARGS */
115void
116bpf_error(const char *fmt, ...)
117
118{
119 va_list ap;
120
121 va_start(ap, fmt);
122 if (bpf_pcap != NULL)
123 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE,
124 fmt, ap);
125 va_end(ap);
--- 4 unchanged lines hidden (view full) ---
130static void init_linktype(pcap_t *);
131
132static int alloc_reg(void);
133static void free_reg(int);
134
135static struct block *root;
136
137/*
138 * We divy out chunks of memory rather than call malloc each time so
139 * we don't have to worry about leaking memory. It's probably
140 * not a big deal if all this memory was wasted but if this ever
141 * goes into a library that would probably not be a good idea.
142 *
143 * XXX - this *is* in a library....
144 */
145#define NCHUNKS 16
--- 10 unchanged lines hidden (view full) ---
156static void freechunks(void);
157static inline struct block *new_block(int);
158static inline struct slist *new_stmt(int);
159static struct block *gen_retblk(int);
160static inline void syntax(void);
161
162static void backpatch(struct block *, struct block *);
163static void merge(struct block *, struct block *);
164static struct block *gen_cmp(u_int, u_int, bpf_int32);
165static struct block *gen_cmp_gt(u_int, u_int, bpf_int32);
166static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32);
167static struct block *gen_bcmp(u_int, u_int, const u_char *);
168static struct block *gen_ncmp(bpf_u_int32, bpf_u_int32, bpf_u_int32,
169 bpf_u_int32, bpf_u_int32, int);
170static struct block *gen_uncond(int);
171static inline struct block *gen_true(void);
172static inline struct block *gen_false(void);
173static struct block *gen_ether_linktype(int);
174static struct block *gen_linux_sll_linktype(int);
175static struct block *gen_linktype(int);
176static struct block *gen_snap(bpf_u_int32, bpf_u_int32, u_int);
177static struct block *gen_llc(int);
178static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int);
179#ifdef INET6
180static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int);
181#endif
182static struct block *gen_ahostop(const u_char *, int);
183static struct block *gen_ehostop(const u_char *, int);
184static struct block *gen_fhostop(const u_char *, int);
185static struct block *gen_thostop(const u_char *, int);
186static struct block *gen_wlanhostop(const u_char *, int);
187static struct block *gen_ipfchostop(const u_char *, int);
188static struct block *gen_dnhostop(bpf_u_int32, int, u_int);
189static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int);
190#ifdef INET6
191static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int);
192#endif
193#ifndef INET6
194static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int);
195#endif
196static struct block *gen_ipfrag(void);
197static struct block *gen_portatom(int, bpf_int32);
198#ifdef INET6
199static struct block *gen_portatom6(int, bpf_int32);
200#endif
201struct block *gen_portop(int, int, int);
202static struct block *gen_port(int, int, int);
203#ifdef INET6
204struct block *gen_portop6(int, int, int);
205static struct block *gen_port6(int, int, int);
206#endif
207static int lookup_proto(const char *, int);
208static struct block *gen_protochain(int, int, int);
209static struct block *gen_proto(int, int, int);
210static struct slist *xfer_to_x(struct arth *);
211static struct slist *xfer_to_a(struct arth *);
212static struct block *gen_mac_multicast(int);
213static struct block *gen_len(int, int);
--- 235 unchanged lines hidden (view full) ---
449void
450finish_parse(p)
451 struct block *p;
452{
453 backpatch(p, gen_retblk(snaplen));
454 p->sense = !p->sense;
455 backpatch(p, gen_retblk(0));
456 root = p->head;
457}
458
459void
460gen_and(b0, b1)
461 struct block *b0, *b1;
462{
463 backpatch(b0, b1->head);
464 b0->sense = !b0->sense;
--- 17 unchanged lines hidden (view full) ---
482void
483gen_not(b)
484 struct block *b;
485{
486 b->sense = !b->sense;
487}
488
489static struct block *
490gen_cmp(offset, size, v)
491 u_int offset, size;
492 bpf_int32 v;
493{
494 struct slist *s;
495 struct block *b;
496
497 s = new_stmt(BPF_LD|BPF_ABS|size);
498 s->s.k = offset;
499
500 b = new_block(JMP(BPF_JEQ));
501 b->stmts = s;
502 b->s.k = v;
503
504 return b;
505}
506
507static struct block *
508gen_cmp_gt(offset, size, v)
509 u_int offset, size;
510 bpf_int32 v;
511{
512 struct slist *s;
513 struct block *b;
514
515 s = new_stmt(BPF_LD|BPF_ABS|size);
516 s->s.k = offset;
517
518 b = new_block(JMP(BPF_JGT));
519 b->stmts = s;
520 b->s.k = v;
521
522 return b;
523}
524
525static struct block *
526gen_mcmp(offset, size, v, mask)
527 u_int offset, size;
528 bpf_int32 v;
529 bpf_u_int32 mask;
530{
531 struct block *b = gen_cmp(offset, size, v);
532 struct slist *s;
533
534 if (mask != 0xffffffff) {
535 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
536 s->s.k = mask;
537 b->stmts->next = s;
538 }
539 return b;
540}
541
542static struct block *
543gen_bcmp(offset, size, v)
544 register u_int offset, size;
545 register const u_char *v;
546{
547 register struct block *b, *tmp;
548
549 b = NULL;
550 while (size >= 4) {
551 register const u_char *p = &v[size - 4];
552 bpf_int32 w = ((bpf_int32)p[0] << 24) |
553 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3];
554
555 tmp = gen_cmp(offset + size - 4, BPF_W, w);
556 if (b != NULL)
557 gen_and(b, tmp);
558 b = tmp;
559 size -= 4;
560 }
561 while (size >= 2) {
562 register const u_char *p = &v[size - 2];
563 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1];
564
565 tmp = gen_cmp(offset + size - 2, BPF_H, w);
566 if (b != NULL)
567 gen_and(b, tmp);
568 b = tmp;
569 size -= 2;
570 }
571 if (size > 0) {
572 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]);
573 if (b != NULL)
574 gen_and(b, tmp);
575 b = tmp;
576 }
577 return b;
578}
579
580static struct block *
581gen_ncmp(datasize, offset, mask, jtype, jvalue, reverse)
582 bpf_u_int32 datasize, offset, mask, jtype, jvalue;
583 int reverse;
584{
585 struct slist *s;
586 struct block *b;
587
588 s = new_stmt(BPF_LD|datasize|BPF_ABS);
589 s->s.k = offset;
590
591 if (mask != 0xffffffff) {
592 s->next = new_stmt(BPF_ALU|BPF_AND|BPF_K);
593 s->next->s.k = mask;
594 }
595
596 b = new_block(JMP(jtype));
597 b->stmts = s;
598 b->s.k = jvalue;
599 if (reverse && (jtype == BPF_JGT || jtype == BPF_JGE))
600 gen_not(b);
601 return b;
602}
603
604/*
605 * Various code constructs need to know the layout of the data link
606 * layer. These variables give the necessary offsets.
607 */
608
609/*
610 * This is the offset of the beginning of the MAC-layer header.
611 * It's usually 0, except for ATM LANE.
612 */
613static u_int off_mac;
614
615/*
616 * "off_linktype" is the offset to information in the link-layer header
617 * giving the packet type.
--- 29 unchanged lines hidden (view full) ---
647/*
648 * These are offsets for the ATM pseudo-header.
649 */
650static u_int off_vpi;
651static u_int off_vci;
652static u_int off_proto;
653
654/*
655 * This is the offset of the first byte after the ATM pseudo_header,
656 * or -1 if there is no ATM pseudo-header.
657 */
658static u_int off_payload;
659
660/*
661 * These are offsets to the beginning of the network-layer header.
662 *
--- 36 unchanged lines hidden (view full) ---
699 off_mac = 0;
700 is_atm = 0;
701 is_lane = 0;
702 off_vpi = -1;
703 off_vci = -1;
704 off_proto = -1;
705 off_payload = -1;
706
707 orig_linktype = -1;
708 orig_nl = -1;
709 orig_nl_nosnap = -1;
710
711 switch (linktype) {
712
713 case DLT_ARCNET:
714 off_linktype = 2;
715 off_nl = 6; /* XXX in reality, variable! */
716 off_nl_nosnap = 6; /* no 802.2 LLC */
717 return;
718
--- 141 unchanged lines hidden (view full) ---
860 * the 802.11 header, containing a bunch of additional
861 * information including radio-level information.
862 *
863 * The header is 144 bytes long.
864 *
865 * XXX - same variable-length header problem; at least
866 * the Prism header is fixed-length.
867 */
868 off_linktype = 144+24;
869 off_nl = 144+32; /* Prism+802.11+802.2+SNAP */
870 off_nl_nosnap = 144+27; /* Prism+802.11+802.2 */
871 return;
872
873 case DLT_IEEE802_11_RADIO_AVS:
874 /*
875 * Same as 802.11, but with an additional header before
--- 4 unchanged lines hidden (view full) ---
880 * current incarnation.
881 *
882 * XXX - same variable-length header problem, only
883 * more so; this header is also variable-length,
884 * with the length being the 32-bit big-endian
885 * number at an offset of 4 from the beginning
886 * of the radio header.
887 */
888 off_linktype = 64+24;
889 off_nl = 64+32; /* Radio+802.11+802.2+SNAP */
890 off_nl_nosnap = 64+27; /* Radio+802.11+802.2 */
891 return;
892
893 case DLT_IEEE802_11_RADIO:
894 /*
895 * Same as 802.11, but with an additional header before
896 * the 802.11 header, containing a bunch of additional
897 * information including radio-level information.
898 *
899 * XXX - same variable-length header problem, only
900 * even *more* so; this header is also variable-length,
901 * with the length being the 16-bit number at an offset
902 * of 2 from the beginning of the radio header, and it's
903 * device-dependent (different devices might supply
904 * different amounts of information), so we can't even
905 * assume a fixed length for the current version of the
906 * header.
907 *
908 * Therefore, currently, only raw "link[N:M]" filtering is
909 * supported.
910 */
911 off_linktype = -1;
912 off_nl = -1;
913 off_nl_nosnap = -1;
914 return;
915
916 case DLT_ATM_RFC1483:
917 case DLT_ATM_CLIP: /* Linux ATM defines this */
918 /*
919 * assume routed, non-ISO PDUs
920 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00)
921 */
922 off_linktype = 0;
923 off_nl = 8; /* 802.2+SNAP */
924 off_nl_nosnap = 3; /* 802.2 */
925 return;
926
927 case DLT_SUNATM:
928 /*
--- 58 unchanged lines hidden (view full) ---
987 off_linktype = -1;
988 off_nl = 0;
989 off_nl_nosnap = 0; /* no 802.2 LLC */
990 return;
991
992 case DLT_APPLE_IP_OVER_IEEE1394:
993 off_linktype = 16;
994 off_nl = 18;
995 off_nl_nosnap = 0; /* no 802.2 LLC */
996 return;
997
998 case DLT_LINUX_IRDA:
999 /*
1000 * Currently, only raw "link[N:M]" filtering is supported.
1001 */
1002 off_linktype = -1;
1003 off_nl = -1;
--- 12 unchanged lines hidden (view full) ---
1016 case DLT_SYMANTEC_FIREWALL:
1017 off_linktype = 6;
1018 off_nl = 44; /* Ethernet II */
1019 off_nl_nosnap = 44; /* XXX - what does it do with 802.3 packets? */
1020 return;
1021
1022 case DLT_PFLOG:
1023 off_linktype = 0;
1024 /* XXX read from header? */
1025 off_nl = PFLOG_HDRLEN;
1026 off_nl_nosnap = PFLOG_HDRLEN;
1027 return;
1028
1029 case DLT_JUNIPER_MLFR:
1030 case DLT_JUNIPER_MLPPP:
1031 off_linktype = 4;
1032 off_nl = 4;
1033 off_nl_nosnap = -1;
1034 return;
1035
1036 case DLT_JUNIPER_ATM1:
1037 off_linktype = 4; /* in reality variable between 4-8 */
1038 off_nl = 4;
1039 off_nl_nosnap = 14;
1040 return;
1041
1042 case DLT_JUNIPER_ATM2:
1043 off_linktype = 8; /* in reality variable between 8-12 */
1044 off_nl = 8;
1045 off_nl_nosnap = 18;
1046 return;
1047
1048#ifdef DLT_PFSYNC
1049 case DLT_PFSYNC:
1050 off_linktype = -1;
1051 off_nl = 4;
1052 off_nl_nosnap = 4;
1053 return;
1054#endif
1055 }
1056 bpf_error("unknown data link type %d", linktype);
1057 /* NOTREACHED */
1058}
1059
1060static struct block *
1061gen_uncond(rsense)
1062 int rsense;
1063{
1064 struct block *b;
1065 struct slist *s;
1066
1067 s = new_stmt(BPF_LD|BPF_IMM);
--- 19 unchanged lines hidden (view full) ---
1087/*
1088 * Byte-swap a 32-bit number.
1089 * ("htonl()" or "ntohl()" won't work - we want to byte-swap even on
1090 * big-endian platforms.)
1091 */
1092#define SWAPLONG(y) \
1093((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff))
1094
1095static struct block *
1096gen_ether_linktype(proto)
1097 register int proto;
1098{
1099 struct block *b0, *b1;
1100
1101 switch (proto) {
1102
1103 case LLCSAP_ISONS:
1104 /*
1105 * OSI protocols always use 802.2 encapsulation.
1106 * XXX - should we check both the DSAP and the
1107 * SSAP, like this, or should we check just the
1108 * DSAP?
1109 */
1110 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1111 gen_not(b0);
1112 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1113 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
1114 gen_and(b0, b1);
1115 return b1;
1116
1117 case LLCSAP_IP:
1118 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1119 gen_not(b0);
1120 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1121 ((LLCSAP_IP << 8) | LLCSAP_IP));
1122 gen_and(b0, b1);
1123 return b1;
1124
1125 case LLCSAP_NETBEUI:
1126 /*
1127 * NetBEUI always uses 802.2 encapsulation.
1128 * XXX - should we check both the DSAP and the
1129 * SSAP, like this, or should we check just the
1130 * DSAP?
1131 */
1132 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1133 gen_not(b0);
1134 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1135 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
1136 gen_and(b0, b1);
1137 return b1;
1138
1139 case LLCSAP_IPX:
1140 /*
1141 * Check for;
1142 *
1143 * Ethernet_II frames, which are Ethernet
--- 20 unchanged lines hidden (view full) ---
1164 * XXX - should we generate the same code both
1165 * for tests for LLCSAP_IPX and for ETHERTYPE_IPX?
1166 */
1167
1168 /*
1169 * This generates code to check both for the
1170 * IPX LSAP (Ethernet_802.2) and for Ethernet_802.3.
1171 */
1172 b0 = gen_cmp(off_linktype + 2, BPF_B, (bpf_int32)LLCSAP_IPX);
1173 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)0xFFFF);
1174 gen_or(b0, b1);
1175
1176 /*
1177 * Now we add code to check for SNAP frames with
1178 * ETHERTYPE_IPX, i.e. Ethernet_SNAP.
1179 */
1180 b0 = gen_snap(0x000000, ETHERTYPE_IPX, 14);
1181 gen_or(b0, b1);
1182
1183 /*
1184 * Now we generate code to check for 802.3
1185 * frames in general.
1186 */
1187 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1188 gen_not(b0);
1189
1190 /*
1191 * Now add the check for 802.3 frames before the
1192 * check for Ethernet_802.2 and Ethernet_802.3,
1193 * as those checks should only be done on 802.3
1194 * frames, not on Ethernet frames.
1195 */
1196 gen_and(b0, b1);
1197
1198 /*
1199 * Now add the check for Ethernet_II frames, and
1200 * do that before checking for the other frame
1201 * types.
1202 */
1203 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)ETHERTYPE_IPX);
1204 gen_or(b0, b1);
1205 return b1;
1206
1207 case ETHERTYPE_ATALK:
1208 case ETHERTYPE_AARP:
1209 /*
1210 * EtherTalk (AppleTalk protocols on Ethernet link
1211 * layer) may use 802.2 encapsulation.
1212 */
1213
1214 /*
1215 * Check for 802.2 encapsulation (EtherTalk phase 2?);
1216 * we check for an Ethernet type field less than
1217 * 1500, which means it's an 802.3 length field.
1218 */
1219 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1220 gen_not(b0);
1221
1222 /*
1223 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1224 * SNAP packets with an organization code of
1225 * 0x080007 (Apple, for Appletalk) and a protocol
1226 * type of ETHERTYPE_ATALK (Appletalk).
1227 *
--- 8 unchanged lines hidden (view full) ---
1236 b1 = gen_snap(0x000000, ETHERTYPE_AARP, 14);
1237 gen_and(b0, b1);
1238
1239 /*
1240 * Check for Ethernet encapsulation (Ethertalk
1241 * phase 1?); we just check for the Ethernet
1242 * protocol type.
1243 */
1244 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1245
1246 gen_or(b0, b1);
1247 return b1;
1248
1249 default:
1250 if (proto <= ETHERMTU) {
1251 /*
1252 * This is an LLC SAP value, so the frames
1253 * that match would be 802.2 frames.
1254 * Check that the frame is an 802.2 frame
1255 * (i.e., that the length/type field is
1256 * a length field, <= ETHERMTU) and
1257 * then check the DSAP.
1258 */
1259 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1260 gen_not(b0);
1261 b1 = gen_cmp(off_linktype + 2, BPF_B, (bpf_int32)proto);
1262 gen_and(b0, b1);
1263 return b1;
1264 } else {
1265 /*
1266 * This is an Ethernet type, so compare
1267 * the length/type field with it (if
1268 * the frame is an 802.2 frame, the length
1269 * field will be <= ETHERMTU, and, as
1270 * "proto" is > ETHERMTU, this test
1271 * will fail and the frame won't match,
1272 * which is what we want).
1273 */
1274 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1275 }
1276 }
1277}
1278
1279static struct block *
1280gen_linux_sll_linktype(proto)
1281 register int proto;
1282{
1283 struct block *b0, *b1;
1284
1285 switch (proto) {
1286
1287 case LLCSAP_IP:
1288 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1289 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1290 ((LLCSAP_IP << 8) | LLCSAP_IP));
1291 gen_and(b0, b1);
1292 return b1;
1293
1294 case LLCSAP_ISONS:
1295 /*
1296 * OSI protocols always use 802.2 encapsulation.
1297 * XXX - should we check both the DSAP and the
1298 * SSAP, like this, or should we check just the
1299 * DSAP?
1300 */
1301 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1302 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1303 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
1304 gen_and(b0, b1);
1305 return b1;
1306
1307 case LLCSAP_NETBEUI:
1308 /*
1309 * NetBEUI always uses 802.2 encapsulation.
1310 * XXX - should we check both the DSAP and the
1311 * LSAP, like this, or should we check just the
1312 * DSAP?
1313 */
1314 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1315 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1316 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
1317 gen_and(b0, b1);
1318 return b1;
1319
1320 case LLCSAP_IPX:
1321 /*
1322 * Ethernet_II frames, which are Ethernet
1323 * frames with a frame type of ETHERTYPE_IPX;
1324 *
1325 * Ethernet_802.3 frames, which have a frame
1326 * type of LINUX_SLL_P_802_3;
1327 *
--- 10 unchanged lines hidden (view full) ---
1338 * ID of ETHERTYPE_IPX in the SNAP header.
1339 *
1340 * First, do the checks on LINUX_SLL_P_802_2
1341 * frames; generate the check for either
1342 * Ethernet_802.2 or Ethernet_SNAP frames, and
1343 * then put a check for LINUX_SLL_P_802_2 frames
1344 * before it.
1345 */
1346 b0 = gen_cmp(off_linktype + 2, BPF_B,
1347 (bpf_int32)LLCSAP_IPX);
1348 b1 = gen_snap(0x000000, ETHERTYPE_IPX,
1349 off_linktype + 2);
1350 gen_or(b0, b1);
1351 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1352 gen_and(b0, b1);
1353
1354 /*
1355 * Now check for 802.3 frames and OR that with
1356 * the previous test.
1357 */
1358 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_3);
1359 gen_or(b0, b1);
1360
1361 /*
1362 * Now add the check for Ethernet_II frames, and
1363 * do that before checking for the other frame
1364 * types.
1365 */
1366 b0 = gen_cmp(off_linktype, BPF_H,
1367 (bpf_int32)ETHERTYPE_IPX);
1368 gen_or(b0, b1);
1369 return b1;
1370
1371 case ETHERTYPE_ATALK:
1372 case ETHERTYPE_AARP:
1373 /*
1374 * EtherTalk (AppleTalk protocols on Ethernet link
1375 * layer) may use 802.2 encapsulation.
1376 */
1377
1378 /*
1379 * Check for 802.2 encapsulation (EtherTalk phase 2?);
1380 * we check for the 802.2 protocol type in the
1381 * "Ethernet type" field.
1382 */
1383 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1384
1385 /*
1386 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1387 * SNAP packets with an organization code of
1388 * 0x080007 (Apple, for Appletalk) and a protocol
1389 * type of ETHERTYPE_ATALK (Appletalk).
1390 *
1391 * 802.2-encapsulated ETHERTYPE_AARP packets are
--- 9 unchanged lines hidden (view full) ---
1401 off_linktype + 2);
1402 gen_and(b0, b1);
1403
1404 /*
1405 * Check for Ethernet encapsulation (Ethertalk
1406 * phase 1?); we just check for the Ethernet
1407 * protocol type.
1408 */
1409 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1410
1411 gen_or(b0, b1);
1412 return b1;
1413
1414 default:
1415 if (proto <= ETHERMTU) {
1416 /*
1417 * This is an LLC SAP value, so the frames
1418 * that match would be 802.2 frames.
1419 * Check for the 802.2 protocol type
1420 * in the "Ethernet type" field, and
1421 * then check the DSAP.
1422 */
1423 b0 = gen_cmp(off_linktype, BPF_H,
1424 LINUX_SLL_P_802_2);
1425 b1 = gen_cmp(off_linktype + 2, BPF_B,
1426 (bpf_int32)proto);
1427 gen_and(b0, b1);
1428 return b1;
1429 } else {
1430 /*
1431 * This is an Ethernet type, so compare
1432 * the length/type field with it (if
1433 * the frame is an 802.2 frame, the length
1434 * field will be <= ETHERMTU, and, as
1435 * "proto" is > ETHERMTU, this test
1436 * will fail and the frame won't match,
1437 * which is what we want).
1438 */
1439 return gen_cmp(off_linktype, BPF_H,
1440 (bpf_int32)proto);
1441 }
1442 }
1443}
1444
1445static struct block *
1446gen_linktype(proto)
1447 register int proto;
1448{
1449 struct block *b0, *b1, *b2;
1450
1451 switch (linktype) {
1452
--- 5 unchanged lines hidden (view full) ---
1458 case DLT_C_HDLC:
1459 switch (proto) {
1460
1461 case LLCSAP_ISONS:
1462 proto = (proto << 8 | LLCSAP_ISONS);
1463 /* fall through */
1464
1465 default:
1466 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1467 /*NOTREACHED*/
1468 break;
1469 }
1470 break;
1471
1472 case DLT_IEEE802_11:
1473 case DLT_PRISM_HEADER:
1474 case DLT_IEEE802_11_RADIO:
1475 case DLT_FDDI:
1476 case DLT_IEEE802:
1477 case DLT_ATM_RFC1483:
1478 case DLT_ATM_CLIP:
1479 case DLT_IP_OVER_FC:
1480 return gen_llc(proto);
1481 /*NOTREACHED*/
1482 break;
1483
1484 case DLT_SUNATM:
1485 /*
1486 * If "is_lane" is set, check for a LANE-encapsulated
1487 * version of this protocol, otherwise check for an
1488 * LLC-encapsulated version of this protocol.
1489 *
1490 * We assume LANE means Ethernet, not Token Ring.
1491 */
1492 if (is_lane) {
1493 /*
1494 * Check that the packet doesn't begin with an
1495 * LE Control marker. (We've already generated
1496 * a test for LANE.)
1497 */
1498 b0 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
1499 gen_not(b0);
1500
1501 /*
1502 * Now generate an Ethernet test.
1503 */
1504 b1 = gen_ether_linktype(proto);
1505 gen_and(b0, b1);
1506 return b1;
1507 } else {
1508 /*
1509 * Check for LLC encapsulation and then check the
1510 * protocol.
1511 */
1512 b0 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0);
1513 b1 = gen_llc(proto);
1514 gen_and(b0, b1);
1515 return b1;
1516 }
1517
1518 case DLT_LINUX_SLL:
1519 return gen_linux_sll_linktype(proto);
1520 /*NOTREACHED*/
1521 break;
1522
1523 case DLT_SLIP:
1524 case DLT_SLIP_BSDOS:
--- 73 unchanged lines hidden (view full) ---
1598 case DLT_PPP_BSDOS:
1599 /*
1600 * We use Ethernet protocol types inside libpcap;
1601 * map them to the corresponding PPP protocol types.
1602 */
1603 switch (proto) {
1604
1605 case ETHERTYPE_IP:
1606 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP);
1607 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC);
1608 gen_or(b0, b1);
1609 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC);
1610 gen_or(b1, b0);
1611 return b0;
1612
1613#ifdef INET6
1614 case ETHERTYPE_IPV6:
1615 proto = PPP_IPV6;
1616 /* more to go? */
1617 break;
--- 89 unchanged lines hidden (view full) ---
1707 * Then we run it through "htonl()", and
1708 * generate code to compare against the result.
1709 */
1710 if (bpf_pcap->sf.rfile != NULL &&
1711 bpf_pcap->sf.swapped)
1712 proto = SWAPLONG(proto);
1713 proto = htonl(proto);
1714 }
1715 return (gen_cmp(0, BPF_W, (bpf_int32)proto));
1716
1717 case DLT_PFLOG:
1718 /*
1719 * af field is host byte order in contrast to the rest of
1720 * the packet.
1721 */
1722 if (proto == ETHERTYPE_IP)
1723 return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B,
1724 (bpf_int32)AF_INET));
1725#ifdef INET6
1726 else if (proto == ETHERTYPE_IPV6)
1727 return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B,
1728 (bpf_int32)AF_INET6));
1729#endif /* INET6 */
1730 else
1731 return gen_false();
1732 /*NOTREACHED*/
1733 break;
1734
1735 case DLT_ARCNET:
1736 case DLT_ARCNET_LINUX:
1737 /*
1738 * XXX should we check for first fragment if the protocol
1739 * uses PHDS?
1740 */
1741 switch (proto) {
1742
1743 default:
1744 return gen_false();
1745
1746#ifdef INET6
1747 case ETHERTYPE_IPV6:
1748 return (gen_cmp(off_linktype, BPF_B,
1749 (bpf_int32)ARCTYPE_INET6));
1750#endif /* INET6 */
1751
1752 case ETHERTYPE_IP:
1753 b0 = gen_cmp(off_linktype, BPF_B,
1754 (bpf_int32)ARCTYPE_IP);
1755 b1 = gen_cmp(off_linktype, BPF_B,
1756 (bpf_int32)ARCTYPE_IP_OLD);
1757 gen_or(b0, b1);
1758 return (b1);
1759
1760 case ETHERTYPE_ARP:
1761 b0 = gen_cmp(off_linktype, BPF_B,
1762 (bpf_int32)ARCTYPE_ARP);
1763 b1 = gen_cmp(off_linktype, BPF_B,
1764 (bpf_int32)ARCTYPE_ARP_OLD);
1765 gen_or(b0, b1);
1766 return (b1);
1767
1768 case ETHERTYPE_REVARP:
1769 return (gen_cmp(off_linktype, BPF_B,
1770 (bpf_int32)ARCTYPE_REVARP));
1771
1772 case ETHERTYPE_ATALK:
1773 return (gen_cmp(off_linktype, BPF_B,
1774 (bpf_int32)ARCTYPE_ATALK));
1775 }
1776 /*NOTREACHED*/
1777 break;
1778
1779 case DLT_LTALK:
1780 switch (proto) {
1781 case ETHERTYPE_ATALK:
--- 10 unchanged lines hidden (view full) ---
1792 * DLCI and flags. What if the address is longer?
1793 */
1794 switch (proto) {
1795
1796 case ETHERTYPE_IP:
1797 /*
1798 * Check for the special NLPID for IP.
1799 */
1800 return gen_cmp(2, BPF_H, (0x03<<8) | 0xcc);
1801
1802#ifdef INET6
1803 case ETHERTYPE_IPV6:
1804 /*
1805 * Check for the special NLPID for IPv6.
1806 */
1807 return gen_cmp(2, BPF_H, (0x03<<8) | 0x8e);
1808#endif
1809
1810 case LLCSAP_ISONS:
1811 /*
1812 * Check for several OSI protocols.
1813 *
1814 * Frame Relay packets typically have an OSI
1815 * NLPID at the beginning; we check for each
1816 * of them.
1817 *
1818 * What we check for is the NLPID and a frame
1819 * control field of UI, i.e. 0x03 followed
1820 * by the NLPID.
1821 */
1822 b0 = gen_cmp(2, BPF_H, (0x03<<8) | ISO8473_CLNP);
1823 b1 = gen_cmp(2, BPF_H, (0x03<<8) | ISO9542_ESIS);
1824 b2 = gen_cmp(2, BPF_H, (0x03<<8) | ISO10589_ISIS);
1825 gen_or(b1, b2);
1826 gen_or(b0, b2);
1827 return b2;
1828
1829 default:
1830 return gen_false();
1831 }
1832 /*NOTREACHED*/
1833 break;
1834
1835 case DLT_JUNIPER_MLFR:
1836 case DLT_JUNIPER_MLPPP:
1837 case DLT_JUNIPER_ATM1:
1838 case DLT_JUNIPER_ATM2:
1839 /* just lets verify the magic number for now -
1840 * on ATM we may have up to 6 different encapsulations on the wire
1841 * and need a lot of heuristics to figure out that the payload
1842 * might be;
1843 *
1844 * FIXME encapsulation specific BPF_ filters
1845 */
1846 return gen_mcmp(0, BPF_W, 0x4d474300, 0xffffff00); /* compare the magic number */
1847
1848 case DLT_LINUX_IRDA:
1849 bpf_error("IrDA link-layer type filtering not implemented");
1850
1851 case DLT_DOCSIS:
1852 bpf_error("DOCSIS link-layer type filtering not implemented");
1853 }
1854
1855 /*
1856 * All the types that have no encapsulation should either be
1857 * handled as DLT_SLIP, DLT_SLIP_BSDOS, and DLT_RAW are, if
1858 * all packets are IP packets, or should be handled in some
1859 * special case, if none of them are (if some are and some
1860 * aren't, the lack of encapsulation is a problem, as we'd
--- 8 unchanged lines hidden (view full) ---
1869 * Any type not handled above should always have an Ethernet
1870 * type at an offset of "off_linktype". (PPP is partially
1871 * handled above - the protocol type is mapped from the
1872 * Ethernet and LLC types we use internally to the corresponding
1873 * PPP type - but the PPP type is always specified by a value
1874 * at "off_linktype", so we don't have to do the code generation
1875 * above.)
1876 */
1877 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1878}
1879
1880/*
1881 * Check for an LLC SNAP packet with a given organization code and
1882 * protocol type; we check the entire contents of the 802.2 LLC and
1883 * snap headers, checking for DSAP and SSAP of SNAP and a control
1884 * field of 0x03 in the LLC header, and for the specified organization
1885 * code and protocol type in the SNAP header.
--- 9 unchanged lines hidden (view full) ---
1895 snapblock[0] = LLCSAP_SNAP; /* DSAP = SNAP */
1896 snapblock[1] = LLCSAP_SNAP; /* SSAP = SNAP */
1897 snapblock[2] = 0x03; /* control = UI */
1898 snapblock[3] = (orgcode >> 16); /* upper 8 bits of organization code */
1899 snapblock[4] = (orgcode >> 8); /* middle 8 bits of organization code */
1900 snapblock[5] = (orgcode >> 0); /* lower 8 bits of organization code */
1901 snapblock[6] = (ptype >> 8); /* upper 8 bits of protocol type */
1902 snapblock[7] = (ptype >> 0); /* lower 8 bits of protocol type */
1903 return gen_bcmp(offset, 8, snapblock);
1904}
1905
1906/*
1907 * Check for a given protocol value assuming an 802.2 LLC header.
1908 */
1909static struct block *
1910gen_llc(proto)
1911 int proto;
1912{
1913 /*
1914 * XXX - handle token-ring variable-length header.
1915 */
1916 switch (proto) {
1917
1918 case LLCSAP_IP:
1919 return gen_cmp(off_linktype, BPF_H, (long)
1920 ((LLCSAP_IP << 8) | LLCSAP_IP));
1921
1922 case LLCSAP_ISONS:
1923 return gen_cmp(off_linktype, BPF_H, (long)
1924 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
1925
1926 case LLCSAP_NETBEUI:
1927 return gen_cmp(off_linktype, BPF_H, (long)
1928 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
1929
1930 case LLCSAP_IPX:
1931 /*
1932 * XXX - are there ever SNAP frames for IPX on
1933 * non-Ethernet 802.x networks?
1934 */
1935 return gen_cmp(off_linktype, BPF_B, (bpf_int32)LLCSAP_IPX);
1936
1937 case ETHERTYPE_ATALK:
1938 /*
1939 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1940 * SNAP packets with an organization code of
1941 * 0x080007 (Apple, for Appletalk) and a protocol
1942 * type of ETHERTYPE_ATALK (Appletalk).
1943 *
--- 7 unchanged lines hidden (view full) ---
1951 * XXX - we don't have to check for IPX 802.3
1952 * here, but should we check for the IPX Ethertype?
1953 */
1954 if (proto <= ETHERMTU) {
1955 /*
1956 * This is an LLC SAP value, so check
1957 * the DSAP.
1958 */
1959 return gen_cmp(off_linktype, BPF_B, (bpf_int32)proto);
1960 } else {
1961 /*
1962 * This is an Ethernet type; we assume that it's
1963 * unlikely that it'll appear in the right place
1964 * at random, and therefore check only the
1965 * location that would hold the Ethernet type
1966 * in a SNAP frame with an organization code of
1967 * 0x000000 (encapsulated Ethernet).
--- 5 unchanged lines hidden (view full) ---
1973 *
1974 * return gen_snap(0x000000, proto,
1975 * off_linktype);
1976 *
1977 * here; for now, we don't, as per the above.
1978 * I don't know whether it's worth the extra CPU
1979 * time to do the right check or not.
1980 */
1981 return gen_cmp(off_linktype+6, BPF_H, (bpf_int32)proto);
1982 }
1983 }
1984}
1985
1986static struct block *
1987gen_hostop(addr, mask, dir, proto, src_off, dst_off)
1988 bpf_u_int32 addr;
1989 bpf_u_int32 mask;
--- 25 unchanged lines hidden (view full) ---
2015 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
2016 gen_or(b0, b1);
2017 return b1;
2018
2019 default:
2020 abort();
2021 }
2022 b0 = gen_linktype(proto);
2023 b1 = gen_mcmp(offset, BPF_W, (bpf_int32)addr, mask);
2024 gen_and(b0, b1);
2025 return b1;
2026}
2027
2028#ifdef INET6
2029static struct block *
2030gen_hostop6(addr, mask, dir, proto, src_off, dst_off)
2031 struct in6_addr *addr;
--- 29 unchanged lines hidden (view full) ---
2061 return b1;
2062
2063 default:
2064 abort();
2065 }
2066 /* this order is important */
2067 a = (u_int32_t *)addr;
2068 m = (u_int32_t *)mask;
2069 b1 = gen_mcmp(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3]));
2070 b0 = gen_mcmp(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2]));
2071 gen_and(b0, b1);
2072 b0 = gen_mcmp(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1]));
2073 gen_and(b0, b1);
2074 b0 = gen_mcmp(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0]));
2075 gen_and(b0, b1);
2076 b0 = gen_linktype(proto);
2077 gen_and(b0, b1);
2078 return b1;
2079}
2080#endif /*INET6*/
2081
2082static struct block *
2083gen_ehostop(eaddr, dir)
2084 register const u_char *eaddr;
2085 register int dir;
2086{
2087 register struct block *b0, *b1;
2088
2089 switch (dir) {
2090 case Q_SRC:
2091 return gen_bcmp(off_mac + 6, 6, eaddr);
2092
2093 case Q_DST:
2094 return gen_bcmp(off_mac + 0, 6, eaddr);
2095
2096 case Q_AND:
2097 b0 = gen_ehostop(eaddr, Q_SRC);
2098 b1 = gen_ehostop(eaddr, Q_DST);
2099 gen_and(b0, b1);
2100 return b1;
2101
2102 case Q_DEFAULT:
--- 15 unchanged lines hidden (view full) ---
2118 register const u_char *eaddr;
2119 register int dir;
2120{
2121 struct block *b0, *b1;
2122
2123 switch (dir) {
2124 case Q_SRC:
2125#ifdef PCAP_FDDIPAD
2126 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr);
2127#else
2128 return gen_bcmp(6 + 1, 6, eaddr);
2129#endif
2130
2131 case Q_DST:
2132#ifdef PCAP_FDDIPAD
2133 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr);
2134#else
2135 return gen_bcmp(0 + 1, 6, eaddr);
2136#endif
2137
2138 case Q_AND:
2139 b0 = gen_fhostop(eaddr, Q_SRC);
2140 b1 = gen_fhostop(eaddr, Q_DST);
2141 gen_and(b0, b1);
2142 return b1;
2143
--- 15 unchanged lines hidden (view full) ---
2159gen_thostop(eaddr, dir)
2160 register const u_char *eaddr;
2161 register int dir;
2162{
2163 register struct block *b0, *b1;
2164
2165 switch (dir) {
2166 case Q_SRC:
2167 return gen_bcmp(8, 6, eaddr);
2168
2169 case Q_DST:
2170 return gen_bcmp(2, 6, eaddr);
2171
2172 case Q_AND:
2173 b0 = gen_thostop(eaddr, Q_SRC);
2174 b1 = gen_thostop(eaddr, Q_DST);
2175 gen_and(b0, b1);
2176 return b1;
2177
2178 case Q_DEFAULT:
--- 40 unchanged lines hidden (view full) ---
2219 */
2220
2221 /*
2222 * Generate the tests to be done for data frames
2223 * with From DS set.
2224 *
2225 * First, check for To DS set, i.e. check "link[1] & 0x01".
2226 */
2227 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2228 s->s.k = 1;
2229 b1 = new_block(JMP(BPF_JSET));
2230 b1->s.k = 0x01; /* To DS */
2231 b1->stmts = s;
2232
2233 /*
2234 * If To DS is set, the SA is at 24.
2235 */
2236 b0 = gen_bcmp(24, 6, eaddr);
2237 gen_and(b1, b0);
2238
2239 /*
2240 * Now, check for To DS not set, i.e. check
2241 * "!(link[1] & 0x01)".
2242 */
2243 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2244 s->s.k = 1;
2245 b2 = new_block(JMP(BPF_JSET));
2246 b2->s.k = 0x01; /* To DS */
2247 b2->stmts = s;
2248 gen_not(b2);
2249
2250 /*
2251 * If To DS is not set, the SA is at 16.
2252 */
2253 b1 = gen_bcmp(16, 6, eaddr);
2254 gen_and(b2, b1);
2255
2256 /*
2257 * Now OR together the last two checks. That gives
2258 * the complete set of checks for data frames with
2259 * From DS set.
2260 */
2261 gen_or(b1, b0);
2262
2263 /*
2264 * Now check for From DS being set, and AND that with
2265 * the ORed-together checks.
2266 */
2267 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2268 s->s.k = 1;
2269 b1 = new_block(JMP(BPF_JSET));
2270 b1->s.k = 0x02; /* From DS */
2271 b1->stmts = s;
2272 gen_and(b1, b0);
2273
2274 /*
2275 * Now check for data frames with From DS not set.
2276 */
2277 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2278 s->s.k = 1;
2279 b2 = new_block(JMP(BPF_JSET));
2280 b2->s.k = 0x02; /* From DS */
2281 b2->stmts = s;
2282 gen_not(b2);
2283
2284 /*
2285 * If From DS isn't set, the SA is at 10.
2286 */
2287 b1 = gen_bcmp(10, 6, eaddr);
2288 gen_and(b2, b1);
2289
2290 /*
2291 * Now OR together the checks for data frames with
2292 * From DS not set and for data frames with From DS
2293 * set; that gives the checks done for data frames.
2294 */
2295 gen_or(b1, b0);
2296
2297 /*
2298 * Now check for a data frame.
2299 * I.e, check "link[0] & 0x08".
2300 */
2301 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2302 s->s.k = 0;
2303 b1 = new_block(JMP(BPF_JSET));
2304 b1->s.k = 0x08;
2305 b1->stmts = s;
2306
2307 /*
2308 * AND that with the checks done for data frames.
2309 */
2310 gen_and(b1, b0);
2311
2312 /*
2313 * If the high-order bit of the type value is 0, this
2314 * is a management frame.
2315 * I.e, check "!(link[0] & 0x08)".
2316 */
2317 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2318 s->s.k = 0;
2319 b2 = new_block(JMP(BPF_JSET));
2320 b2->s.k = 0x08;
2321 b2->stmts = s;
2322 gen_not(b2);
2323
2324 /*
2325 * For management frames, the SA is at 10.
2326 */
2327 b1 = gen_bcmp(10, 6, eaddr);
2328 gen_and(b2, b1);
2329
2330 /*
2331 * OR that with the checks done for data frames.
2332 * That gives the checks done for management and
2333 * data frames.
2334 */
2335 gen_or(b1, b0);
2336
2337 /*
2338 * If the low-order bit of the type value is 1,
2339 * this is either a control frame or a frame
2340 * with a reserved type, and thus not a
2341 * frame with an SA.
2342 *
2343 * I.e., check "!(link[0] & 0x04)".
2344 */
2345 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2346 s->s.k = 0;
2347 b1 = new_block(JMP(BPF_JSET));
2348 b1->s.k = 0x04;
2349 b1->stmts = s;
2350 gen_not(b1);
2351
2352 /*
2353 * AND that with the checks for data and management
2354 * frames.
--- 18 unchanged lines hidden (view full) ---
2373 * if To DS is set.
2374 */
2375
2376 /*
2377 * Generate the tests to be done for data frames.
2378 *
2379 * First, check for To DS set, i.e. "link[1] & 0x01".
2380 */
2381 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2382 s->s.k = 1;
2383 b1 = new_block(JMP(BPF_JSET));
2384 b1->s.k = 0x01; /* To DS */
2385 b1->stmts = s;
2386
2387 /*
2388 * If To DS is set, the DA is at 16.
2389 */
2390 b0 = gen_bcmp(16, 6, eaddr);
2391 gen_and(b1, b0);
2392
2393 /*
2394 * Now, check for To DS not set, i.e. check
2395 * "!(link[1] & 0x01)".
2396 */
2397 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2398 s->s.k = 1;
2399 b2 = new_block(JMP(BPF_JSET));
2400 b2->s.k = 0x01; /* To DS */
2401 b2->stmts = s;
2402 gen_not(b2);
2403
2404 /*
2405 * If To DS is not set, the DA is at 4.
2406 */
2407 b1 = gen_bcmp(4, 6, eaddr);
2408 gen_and(b2, b1);
2409
2410 /*
2411 * Now OR together the last two checks. That gives
2412 * the complete set of checks for data frames.
2413 */
2414 gen_or(b1, b0);
2415
2416 /*
2417 * Now check for a data frame.
2418 * I.e, check "link[0] & 0x08".
2419 */
2420 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2421 s->s.k = 0;
2422 b1 = new_block(JMP(BPF_JSET));
2423 b1->s.k = 0x08;
2424 b1->stmts = s;
2425
2426 /*
2427 * AND that with the checks done for data frames.
2428 */
2429 gen_and(b1, b0);
2430
2431 /*
2432 * If the high-order bit of the type value is 0, this
2433 * is a management frame.
2434 * I.e, check "!(link[0] & 0x08)".
2435 */
2436 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2437 s->s.k = 0;
2438 b2 = new_block(JMP(BPF_JSET));
2439 b2->s.k = 0x08;
2440 b2->stmts = s;
2441 gen_not(b2);
2442
2443 /*
2444 * For management frames, the DA is at 4.
2445 */
2446 b1 = gen_bcmp(4, 6, eaddr);
2447 gen_and(b2, b1);
2448
2449 /*
2450 * OR that with the checks done for data frames.
2451 * That gives the checks done for management and
2452 * data frames.
2453 */
2454 gen_or(b1, b0);
2455
2456 /*
2457 * If the low-order bit of the type value is 1,
2458 * this is either a control frame or a frame
2459 * with a reserved type, and thus not a
2460 * frame with an SA.
2461 *
2462 * I.e., check "!(link[0] & 0x04)".
2463 */
2464 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2465 s->s.k = 0;
2466 b1 = new_block(JMP(BPF_JSET));
2467 b1->s.k = 0x04;
2468 b1->stmts = s;
2469 gen_not(b1);
2470
2471 /*
2472 * AND that with the checks for data and management
2473 * frames.
--- 27 unchanged lines hidden (view full) ---
2501gen_ipfchostop(eaddr, dir)
2502 register const u_char *eaddr;
2503 register int dir;
2504{
2505 register struct block *b0, *b1;
2506
2507 switch (dir) {
2508 case Q_SRC:
2509 return gen_bcmp(10, 6, eaddr);
2510
2511 case Q_DST:
2512 return gen_bcmp(2, 6, eaddr);
2513
2514 case Q_AND:
2515 b0 = gen_ipfchostop(eaddr, Q_SRC);
2516 b1 = gen_ipfchostop(eaddr, Q_DST);
2517 gen_and(b0, b1);
2518 return b1;
2519
2520 case Q_DEFAULT:
--- 21 unchanged lines hidden (view full) ---
2542 * will require a lot more hacking.
2543 *
2544 * To add support for filtering on DECNET "areas" (network numbers)
2545 * one would want to add a "mask" argument to this routine. That would
2546 * make the filter even more inefficient, although one could be clever
2547 * and not generate masking instructions if the mask is 0xFFFF.
2548 */
2549static struct block *
2550gen_dnhostop(addr, dir, base_off)
2551 bpf_u_int32 addr;
2552 int dir;
2553 u_int base_off;
2554{
2555 struct block *b0, *b1, *b2, *tmp;
2556 u_int offset_lh; /* offset if long header is received */
2557 u_int offset_sh; /* offset if short header is received */
2558
2559 switch (dir) {
2560
2561 case Q_DST:
2562 offset_sh = 1; /* follows flags */
2563 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */
2564 break;
2565
2566 case Q_SRC:
2567 offset_sh = 3; /* follows flags, dstnode */
2568 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */
2569 break;
2570
2571 case Q_AND:
2572 /* Inefficient because we do our Calvinball dance twice */
2573 b0 = gen_dnhostop(addr, Q_SRC, base_off);
2574 b1 = gen_dnhostop(addr, Q_DST, base_off);
2575 gen_and(b0, b1);
2576 return b1;
2577
2578 case Q_OR:
2579 case Q_DEFAULT:
2580 /* Inefficient because we do our Calvinball dance twice */
2581 b0 = gen_dnhostop(addr, Q_SRC, base_off);
2582 b1 = gen_dnhostop(addr, Q_DST, base_off);
2583 gen_or(b0, b1);
2584 return b1;
2585
2586 case Q_ISO:
2587 bpf_error("ISO host filtering not implemented");
2588
2589 default:
2590 abort();
2591 }
2592 b0 = gen_linktype(ETHERTYPE_DN);
2593 /* Check for pad = 1, long header case */
2594 tmp = gen_mcmp(base_off + 2, BPF_H,
2595 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF));
2596 b1 = gen_cmp(base_off + 2 + 1 + offset_lh,
2597 BPF_H, (bpf_int32)ntohs(addr));
2598 gen_and(tmp, b1);
2599 /* Check for pad = 0, long header case */
2600 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7);
2601 b2 = gen_cmp(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr));
2602 gen_and(tmp, b2);
2603 gen_or(b2, b1);
2604 /* Check for pad = 1, short header case */
2605 tmp = gen_mcmp(base_off + 2, BPF_H,
2606 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF));
2607 b2 = gen_cmp(base_off + 2 + 1 + offset_sh,
2608 BPF_H, (bpf_int32)ntohs(addr));
2609 gen_and(tmp, b2);
2610 gen_or(b2, b1);
2611 /* Check for pad = 0, short header case */
2612 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7);
2613 b2 = gen_cmp(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr));
2614 gen_and(tmp, b2);
2615 gen_or(b2, b1);
2616
2617 /* Combine with test for linktype */
2618 gen_and(b0, b1);
2619 return b1;
2620}
2621
--- 14 unchanged lines hidden (view full) ---
2636 b1 = gen_host(addr, mask, Q_ARP, dir);
2637 gen_or(b0, b1);
2638 b0 = gen_host(addr, mask, Q_RARP, dir);
2639 gen_or(b1, b0);
2640 }
2641 return b0;
2642
2643 case Q_IP:
2644 return gen_hostop(addr, mask, dir, ETHERTYPE_IP,
2645 off_nl + 12, off_nl + 16);
2646
2647 case Q_RARP:
2648 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP,
2649 off_nl + 14, off_nl + 24);
2650
2651 case Q_ARP:
2652 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP,
2653 off_nl + 14, off_nl + 24);
2654
2655 case Q_TCP:
2656 bpf_error("'tcp' modifier applied to host");
2657
2658 case Q_SCTP:
2659 bpf_error("'sctp' modifier applied to host");
2660
2661 case Q_UDP:
--- 16 unchanged lines hidden (view full) ---
2678
2679 case Q_ATALK:
2680 bpf_error("ATALK host filtering not implemented");
2681
2682 case Q_AARP:
2683 bpf_error("AARP host filtering not implemented");
2684
2685 case Q_DECNET:
2686 return gen_dnhostop(addr, dir, off_nl);
2687
2688 case Q_SCA:
2689 bpf_error("SCA host filtering not implemented");
2690
2691 case Q_LAT:
2692 bpf_error("LAT host filtering not implemented");
2693
2694 case Q_MOPDL:
--- 32 unchanged lines hidden (view full) ---
2727 bpf_error("'stp' modifier applied to host");
2728
2729 case Q_IPX:
2730 bpf_error("IPX host filtering not implemented");
2731
2732 case Q_NETBEUI:
2733 bpf_error("'netbeui' modifier applied to host");
2734
2735 default:
2736 abort();
2737 }
2738 /* NOTREACHED */
2739}
2740
2741#ifdef INET6
2742static struct block *
--- 58 unchanged lines hidden (view full) ---
2801
2802 case Q_MOPDL:
2803 bpf_error("MOPDL host filtering not implemented");
2804
2805 case Q_MOPRC:
2806 bpf_error("MOPRC host filtering not implemented");
2807
2808 case Q_IPV6:
2809 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6,
2810 off_nl + 8, off_nl + 24);
2811
2812 case Q_ICMPV6:
2813 bpf_error("'icmp6' modifier applied to host");
2814
2815 case Q_AH:
2816 bpf_error("'ah' modifier applied to host");
2817
2818 case Q_ESP:
--- 15 unchanged lines hidden (view full) ---
2834 bpf_error("'stp' modifier applied to host");
2835
2836 case Q_IPX:
2837 bpf_error("IPX host filtering not implemented");
2838
2839 case Q_NETBEUI:
2840 bpf_error("'netbeui' modifier applied to host");
2841
2842 default:
2843 abort();
2844 }
2845 /* NOTREACHED */
2846}
2847#endif /*INET6*/
2848
2849#ifndef INET6
--- 15 unchanged lines hidden (view full) ---
2865 case Q_ARP:
2866 case Q_RARP:
2867 if (linktype == DLT_EN10MB)
2868 b0 = gen_ehostop(eaddr, Q_OR);
2869 else if (linktype == DLT_FDDI)
2870 b0 = gen_fhostop(eaddr, Q_OR);
2871 else if (linktype == DLT_IEEE802)
2872 b0 = gen_thostop(eaddr, Q_OR);
2873 else if (linktype == DLT_IEEE802_11)
2874 b0 = gen_wlanhostop(eaddr, Q_OR);
2875 else if (linktype == DLT_SUNATM && is_lane) {
2876 /*
2877 * Check that the packet doesn't begin with an
2878 * LE Control marker. (We've already generated
2879 * a test for LANE.)
2880 */
2881 b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
2882 gen_not(b1);
2883
2884 /*
2885 * Now check the MAC address.
2886 */
2887 b0 = gen_ehostop(eaddr, Q_OR);
2888 gen_and(b1, b0);
2889 } else if (linktype == DLT_IP_OVER_FC)
--- 250 unchanged lines hidden (view full) ---
3140 case Q_IPX:
3141 b1 = gen_linktype(LLCSAP_IPX);
3142 break;
3143
3144 case Q_NETBEUI:
3145 b1 = gen_linktype(LLCSAP_NETBEUI);
3146 break;
3147
3148 default:
3149 abort();
3150 }
3151 return b1;
3152}
3153
3154static struct block *
3155gen_ipfrag()
3156{
3157 struct slist *s;
3158 struct block *b;
3159
3160 /* not ip frag */
3161 s = new_stmt(BPF_LD|BPF_H|BPF_ABS);
3162 s->s.k = off_nl + 6;
3163 b = new_block(JMP(BPF_JSET));
3164 b->s.k = 0x1fff;
3165 b->stmts = s;
3166 gen_not(b);
3167
3168 return b;
3169}
3170
3171static struct block *
3172gen_portatom(off, v)
3173 int off;
3174 bpf_int32 v;
3175{
3176 struct slist *s;
3177 struct block *b;
3178
3179 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
3180 s->s.k = off_nl;
3181
3182 s->next = new_stmt(BPF_LD|BPF_IND|BPF_H);
3183 s->next->s.k = off_nl + off;
3184
3185 b = new_block(JMP(BPF_JEQ));
3186 b->stmts = s;
3187 b->s.k = v;
3188
3189 return b;
3190}
3191
3192#ifdef INET6
3193static struct block *
3194gen_portatom6(off, v)
3195 int off;
3196 bpf_int32 v;
3197{
3198 return gen_cmp(off_nl + 40 + off, BPF_H, v);
3199}
3200#endif/*INET6*/
3201
3202struct block *
3203gen_portop(port, proto, dir)
3204 int port, proto, dir;
3205{
3206 struct block *b0, *b1, *tmp;
3207
3208 /* ip proto 'proto' */
3209 tmp = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)proto);
3210 b0 = gen_ipfrag();
3211 gen_and(tmp, b0);
3212
3213 switch (dir) {
3214 case Q_SRC:
3215 b1 = gen_portatom(0, (bpf_int32)port);
3216 break;
3217
--- 73 unchanged lines hidden (view full) ---
3291
3292#ifdef INET6
3293struct block *
3294gen_portop6(port, proto, dir)
3295 int port, proto, dir;
3296{
3297 struct block *b0, *b1, *tmp;
3298
3299 /* ip proto 'proto' */
3300 b0 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)proto);
3301
3302 switch (dir) {
3303 case Q_SRC:
3304 b1 = gen_portatom6(0, (bpf_int32)port);
3305 break;
3306
3307 case Q_DST:
3308 b1 = gen_portatom6(2, (bpf_int32)port);
--- 23 unchanged lines hidden (view full) ---
3332static struct block *
3333gen_port6(port, ip_proto, dir)
3334 int port;
3335 int ip_proto;
3336 int dir;
3337{
3338 struct block *b0, *b1, *tmp;
3339
3340 /* ether proto ip */
3341 b0 = gen_linktype(ETHERTYPE_IPV6);
3342
3343 switch (ip_proto) {
3344 case IPPROTO_UDP:
3345 case IPPROTO_TCP:
3346 case IPPROTO_SCTP:
3347 b1 = gen_portop6(port, ip_proto, dir);
3348 break;
--- 9 unchanged lines hidden (view full) ---
3358 default:
3359 abort();
3360 }
3361 gen_and(b0, b1);
3362 return b1;
3363}
3364#endif /* INET6 */
3365
3366static int
3367lookup_proto(name, proto)
3368 register const char *name;
3369 register int proto;
3370{
3371 register int v;
3372
3373 switch (proto) {
--- 72 unchanged lines hidden (view full) ---
3446 b = gen_protochain(v, Q_IPV6, dir);
3447 gen_or(b0, b);
3448 return b;
3449 default:
3450 bpf_error("bad protocol applied for 'protochain'");
3451 /*NOTREACHED*/
3452 }
3453
3454 no_optimize = 1; /*this code is not compatible with optimzer yet */
3455
3456 /*
3457 * s[0] is a dummy entry to protect other BPF insn from damaged
3458 * by s[fix] = foo with uninitialized variable "fix". It is somewhat
3459 * hard to find interdependency made by jump table fixup.
3460 */
3461 i = 0;
3462 s[i] = new_stmt(0); /*dummy*/
3463 i++;
3464
3465 switch (proto) {
--- 239 unchanged lines hidden (view full) ---
3705
3706 free_reg(reg2);
3707
3708 gen_and(b0, b);
3709 return b;
3710#endif
3711}
3712
3713static struct block *
3714gen_proto(v, proto, dir)
3715 int v;
3716 int proto;
3717 int dir;
3718{
3719 struct block *b0, *b1;
3720
--- 23 unchanged lines hidden (view full) ---
3744 * For LLC-encapsulated ATM/"Classical IP", RFC 1483 and
3745 * RFC 2225 say that SNAP encapsulation is used, not LLC
3746 * encapsulation with LLCSAP_IP.
3747 *
3748 * So we always check for ETHERTYPE_IP.
3749 */
3750 b0 = gen_linktype(ETHERTYPE_IP);
3751#ifndef CHASE_CHAIN
3752 b1 = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)v);
3753#else
3754 b1 = gen_protochain(v, Q_IP);
3755#endif
3756 gen_and(b0, b1);
3757 return b1;
3758
3759 case Q_ISO:
3760 switch (linktype) {
--- 12 unchanged lines hidden (view full) ---
3773 * control field value of UI, i.e. 0x03 followed
3774 * by the NLPID.
3775 *
3776 * XXX - assumes a 2-byte Frame Relay header with
3777 * DLCI and flags. What if the address is longer?
3778 *
3779 * XXX - what about SNAP-encapsulated frames?
3780 */
3781 return gen_cmp(2, BPF_H, (0x03<<8) | v);
3782 /*NOTREACHED*/
3783 break;
3784
3785 case DLT_C_HDLC:
3786 /*
3787 * Cisco uses an Ethertype lookalike - for OSI,
3788 * it's 0xfefe.
3789 */
3790 b0 = gen_linktype(LLCSAP_ISONS<<8 | LLCSAP_ISONS);
3791 /* OSI in C-HDLC is stuffed with a fudge byte */
3792 b1 = gen_cmp(off_nl_nosnap+1, BPF_B, (long)v);
3793 gen_and(b0, b1);
3794 return b1;
3795
3796 default:
3797 b0 = gen_linktype(LLCSAP_ISONS);
3798 b1 = gen_cmp(off_nl_nosnap, BPF_B, (long)v);
3799 gen_and(b0, b1);
3800 return b1;
3801 }
3802
3803 case Q_ISIS:
3804 b0 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT);
3805 /*
3806 * 4 is the offset of the PDU type relative to the IS-IS
3807 * header.
3808 */
3809 b1 = gen_cmp(off_nl_nosnap+4, BPF_B, (long)v);
3810 gen_and(b0, b1);
3811 return b1;
3812
3813 case Q_ARP:
3814 bpf_error("arp does not encapsulate another protocol");
3815 /* NOTREACHED */
3816
3817 case Q_RARP:
--- 58 unchanged lines hidden (view full) ---
3876 case Q_VRRP:
3877 bpf_error("'vrrp proto' is bogus");
3878 /* NOTREACHED */
3879
3880#ifdef INET6
3881 case Q_IPV6:
3882 b0 = gen_linktype(ETHERTYPE_IPV6);
3883#ifndef CHASE_CHAIN
3884 b1 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)v);
3885#else
3886 b1 = gen_protochain(v, Q_IPV6);
3887#endif
3888 gen_and(b0, b1);
3889 return b1;
3890
3891 case Q_ICMPV6:
3892 bpf_error("'icmp6 proto' is bogus");
--- 9 unchanged lines hidden (view full) ---
3902 bpf_error("'stp proto' is bogus");
3903
3904 case Q_IPX:
3905 bpf_error("'ipx proto' is bogus");
3906
3907 case Q_NETBEUI:
3908 bpf_error("'netbeui proto' is bogus");
3909
3910 default:
3911 abort();
3912 /* NOTREACHED */
3913 }
3914 /* NOTREACHED */
3915}
3916
3917struct block *
--- 12 unchanged lines hidden (view full) ---
3930 int tproto6;
3931 struct sockaddr_in *sin;
3932 struct sockaddr_in6 *sin6;
3933 struct addrinfo *res, *res0;
3934 struct in6_addr mask128;
3935#endif /*INET6*/
3936 struct block *b, *tmp;
3937 int port, real_proto;
3938
3939 switch (q.addr) {
3940
3941 case Q_NET:
3942 addr = pcap_nametonetaddr(name);
3943 if (addr == 0)
3944 bpf_error("unknown network '%s'", name);
3945 /* Left justify network addr and calculate its network mask */
--- 32 unchanged lines hidden (view full) ---
3978 if (eaddr == NULL)
3979 bpf_error(
3980 "unknown token ring host '%s'", name);
3981 b = gen_thostop(eaddr, dir);
3982 free(eaddr);
3983 return b;
3984
3985 case DLT_IEEE802_11:
3986 eaddr = pcap_ether_hostton(name);
3987 if (eaddr == NULL)
3988 bpf_error(
3989 "unknown 802.11 host '%s'", name);
3990 b = gen_wlanhostop(eaddr, dir);
3991 free(eaddr);
3992 return b;
3993
--- 10 unchanged lines hidden (view full) ---
4004 if (!is_lane)
4005 break;
4006
4007 /*
4008 * Check that the packet doesn't begin
4009 * with an LE Control marker. (We've
4010 * already generated a test for LANE.)
4011 */
4012 tmp = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H,
4013 0xFF00);
4014 gen_not(tmp);
4015
4016 eaddr = pcap_ether_hostton(name);
4017 if (eaddr == NULL)
4018 bpf_error(
4019 "unknown ether host '%s'", name);
4020 b = gen_ehostop(eaddr, dir);
4021 gen_and(tmp, b);
--- 115 unchanged lines hidden (view full) ---
4137 {
4138 struct block *b;
4139 b = gen_port(port, real_proto, dir);
4140 gen_or(gen_port6(port, real_proto, dir), b);
4141 return b;
4142 }
4143#endif /* INET6 */
4144
4145 case Q_GATEWAY:
4146#ifndef INET6
4147 eaddr = pcap_ether_hostton(name);
4148 if (eaddr == NULL)
4149 bpf_error("unknown ether host: %s", name);
4150
4151 alist = pcap_nametoaddr(name);
4152 if (alist == NULL || *alist == NULL)
--- 131 unchanged lines hidden (view full) ---
4284 {
4285 struct block *b;
4286 b = gen_port((int)v, proto, dir);
4287 gen_or(gen_port6((int)v, proto, dir), b);
4288 return b;
4289 }
4290#endif /* INET6 */
4291
4292 case Q_GATEWAY:
4293 bpf_error("'gateway' requires a name");
4294 /* NOTREACHED */
4295
4296 case Q_PROTO:
4297 return gen_proto((int)v, proto, dir);
4298
4299 case Q_PROTOCHAIN:
--- 78 unchanged lines hidden (view full) ---
4378
4379 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
4380 if (linktype == DLT_EN10MB)
4381 return gen_ehostop(eaddr, (int)q.dir);
4382 if (linktype == DLT_FDDI)
4383 return gen_fhostop(eaddr, (int)q.dir);
4384 if (linktype == DLT_IEEE802)
4385 return gen_thostop(eaddr, (int)q.dir);
4386 if (linktype == DLT_IEEE802_11)
4387 return gen_wlanhostop(eaddr, (int)q.dir);
4388 if (linktype == DLT_SUNATM && is_lane) {
4389 /*
4390 * Check that the packet doesn't begin with an
4391 * LE Control marker. (We've already generated
4392 * a test for LANE.)
4393 */
4394 tmp = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
4395 gen_not(tmp);
4396
4397 /*
4398 * Now check the MAC address.
4399 */
4400 b = gen_ehostop(eaddr, (int)q.dir);
4401 gen_and(tmp, b);
4402 return b;
--- 36 unchanged lines hidden (view full) ---
4439{
4440 struct slist *s;
4441
4442 s = new_stmt(BPF_LD|BPF_MEM);
4443 s->s.k = a->regno;
4444 return s;
4445}
4446
4447struct arth *
4448gen_load(proto, index, size)
4449 int proto;
4450 struct arth *index;
4451 int size;
4452{
4453 struct slist *s, *tmp;
4454 struct block *b;
--- 16 unchanged lines hidden (view full) ---
4471 case 4:
4472 size = BPF_W;
4473 break;
4474 }
4475 switch (proto) {
4476 default:
4477 bpf_error("unsupported index operation");
4478
4479 case Q_LINK:
4480 /*
4481 * XXX - what about ATM LANE? Should the index be
4482 * relative to the beginning of the AAL5 frame, so
4483 * that 0 refers to the beginning of the LE Control
4484 * field, or relative to the beginning of the LAN
4485 * frame, so that 0 refers, for Ethernet LANE, to
4486 * the beginning of the destination address?
4487 */
4488 s = xfer_to_x(index);
4489 tmp = new_stmt(BPF_LD|BPF_IND|size);
4490 sappend(s, tmp);
4491 sappend(index->s, s);
4492 break;
4493
4494 case Q_IP:
4495 case Q_ARP:
4496 case Q_RARP:
4497 case Q_ATALK:
4498 case Q_DECNET:
4499 case Q_SCA:
4500 case Q_LAT:
4501 case Q_MOPRC:
4502 case Q_MOPDL:
4503#ifdef INET6
4504 case Q_IPV6:
4505#endif
4506 /* XXX Note that we assume a fixed link header here. */
4507 s = xfer_to_x(index);
4508 tmp = new_stmt(BPF_LD|BPF_IND|size);
4509 tmp->s.k = off_nl;
4510 sappend(s, tmp);
4511 sappend(index->s, s);
4512
4513 b = gen_proto_abbrev(proto);
4514 if (index->b)
4515 gen_and(index->b, b);
4516 index->b = b;
4517 break;
4518
4519 case Q_SCTP:
4520 case Q_TCP:
4521 case Q_UDP:
4522 case Q_ICMP:
4523 case Q_IGMP:
4524 case Q_IGRP:
4525 case Q_PIM:
4526 case Q_VRRP:
4527 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
4528 s->s.k = off_nl;
4529 sappend(s, xfer_to_a(index));
4530 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X));
4531 sappend(s, new_stmt(BPF_MISC|BPF_TAX));
4532 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size));
4533 tmp->s.k = off_nl;
4534 sappend(index->s, s);
4535
4536 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag());
4537 if (index->b)
4538 gen_and(index->b, b);
4539#ifdef INET6
4540 gen_and(gen_proto_abbrev(Q_IP), b);
4541#endif
4542 index->b = b;
4543 break;
--- 209 unchanged lines hidden (view full) ---
4753 struct block *b;
4754
4755 b = gen_len(BPF_JGT, n);
4756 gen_not(b);
4757
4758 return b;
4759}
4760
4761struct block *
4762gen_byteop(op, idx, val)
4763 int op, idx, val;
4764{
4765 struct block *b;
4766 struct slist *s;
4767
4768 switch (op) {
4769 default:
4770 abort();
4771
4772 case '=':
4773 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
4774
4775 case '<':
4776 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
4777 b->s.code = JMP(BPF_JGE);
4778 gen_not(b);
4779 return b;
4780
4781 case '>':
4782 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
4783 b->s.code = JMP(BPF_JGT);
4784 return b;
4785
4786 case '|':
4787 s = new_stmt(BPF_ALU|BPF_OR|BPF_K);
4788 break;
4789
4790 case '&':
4791 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
--- 24 unchanged lines hidden (view full) ---
4816 if (linktype == DLT_ARCNET || linktype == DLT_ARCNET_LINUX)
4817 return gen_ahostop(abroadcast, Q_DST);
4818 if (linktype == DLT_EN10MB)
4819 return gen_ehostop(ebroadcast, Q_DST);
4820 if (linktype == DLT_FDDI)
4821 return gen_fhostop(ebroadcast, Q_DST);
4822 if (linktype == DLT_IEEE802)
4823 return gen_thostop(ebroadcast, Q_DST);
4824 if (linktype == DLT_IEEE802_11)
4825 return gen_wlanhostop(ebroadcast, Q_DST);
4826 if (linktype == DLT_IP_OVER_FC)
4827 return gen_ipfchostop(ebroadcast, Q_DST);
4828 if (linktype == DLT_SUNATM && is_lane) {
4829 /*
4830 * Check that the packet doesn't begin with an
4831 * LE Control marker. (We've already generated
4832 * a test for LANE.)
4833 */
4834 b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
4835 gen_not(b1);
4836
4837 /*
4838 * Now check the MAC address.
4839 */
4840 b0 = gen_ehostop(ebroadcast, Q_DST);
4841 gen_and(b1, b0);
4842 return b0;
4843 }
4844 bpf_error("not a broadcast link");
4845 break;
4846
4847 case Q_IP:
4848 b0 = gen_linktype(ETHERTYPE_IP);
4849 hostmask = ~netmask;
4850 b1 = gen_mcmp(off_nl + 16, BPF_W, (bpf_int32)0, hostmask);
4851 b2 = gen_mcmp(off_nl + 16, BPF_W,
4852 (bpf_int32)(~0 & hostmask), hostmask);
4853 gen_or(b1, b2);
4854 gen_and(b0, b2);
4855 return b2;
4856 }
4857 bpf_error("only link-layer/IP broadcast filters supported");
4858 /* NOTREACHED */
4859}
--- 5 unchanged lines hidden (view full) ---
4865static struct block *
4866gen_mac_multicast(offset)
4867 int offset;
4868{
4869 register struct block *b0;
4870 register struct slist *s;
4871
4872 /* link[offset] & 1 != 0 */
4873 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4874 s->s.k = offset;
4875 b0 = new_block(JMP(BPF_JSET));
4876 b0->s.k = 1;
4877 b0->stmts = s;
4878 return b0;
4879}
4880
4881struct block *
4882gen_multicast(proto)
--- 25 unchanged lines hidden (view full) ---
4908 return gen_mac_multicast(1);
4909 }
4910
4911 if (linktype == DLT_IEEE802) {
4912 /* tr[2] & 1 != 0 */
4913 return gen_mac_multicast(2);
4914 }
4915
4916 if (linktype == DLT_IEEE802_11) {
4917 /*
4918 * Oh, yuk.
4919 *
4920 * For control frames, there is no DA.
4921 *
4922 * For management frames, DA is at an
4923 * offset of 4 from the beginning of
4924 * the packet.
--- 5 unchanged lines hidden (view full) ---
4930 * if To DS is set.
4931 */
4932
4933 /*
4934 * Generate the tests to be done for data frames.
4935 *
4936 * First, check for To DS set, i.e. "link[1] & 0x01".
4937 */
4938 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4939 s->s.k = 1;
4940 b1 = new_block(JMP(BPF_JSET));
4941 b1->s.k = 0x01; /* To DS */
4942 b1->stmts = s;
4943
4944 /*
4945 * If To DS is set, the DA is at 16.
4946 */
4947 b0 = gen_mac_multicast(16);
4948 gen_and(b1, b0);
4949
4950 /*
4951 * Now, check for To DS not set, i.e. check
4952 * "!(link[1] & 0x01)".
4953 */
4954 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4955 s->s.k = 1;
4956 b2 = new_block(JMP(BPF_JSET));
4957 b2->s.k = 0x01; /* To DS */
4958 b2->stmts = s;
4959 gen_not(b2);
4960
4961 /*
4962 * If To DS is not set, the DA is at 4.
4963 */
--- 5 unchanged lines hidden (view full) ---
4969 * the complete set of checks for data frames.
4970 */
4971 gen_or(b1, b0);
4972
4973 /*
4974 * Now check for a data frame.
4975 * I.e, check "link[0] & 0x08".
4976 */
4977 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4978 s->s.k = 0;
4979 b1 = new_block(JMP(BPF_JSET));
4980 b1->s.k = 0x08;
4981 b1->stmts = s;
4982
4983 /*
4984 * AND that with the checks done for data frames.
4985 */
4986 gen_and(b1, b0);
4987
4988 /*
4989 * If the high-order bit of the type value is 0, this
4990 * is a management frame.
4991 * I.e, check "!(link[0] & 0x08)".
4992 */
4993 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4994 s->s.k = 0;
4995 b2 = new_block(JMP(BPF_JSET));
4996 b2->s.k = 0x08;
4997 b2->stmts = s;
4998 gen_not(b2);
4999
5000 /*
5001 * For management frames, the DA is at 4.
5002 */
--- 10 unchanged lines hidden (view full) ---
5013 /*
5014 * If the low-order bit of the type value is 1,
5015 * this is either a control frame or a frame
5016 * with a reserved type, and thus not a
5017 * frame with an SA.
5018 *
5019 * I.e., check "!(link[0] & 0x04)".
5020 */
5021 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
5022 s->s.k = 0;
5023 b1 = new_block(JMP(BPF_JSET));
5024 b1->s.k = 0x04;
5025 b1->stmts = s;
5026 gen_not(b1);
5027
5028 /*
5029 * AND that with the checks for data and management
5030 * frames.
--- 8 unchanged lines hidden (view full) ---
5039 }
5040
5041 if (linktype == DLT_SUNATM && is_lane) {
5042 /*
5043 * Check that the packet doesn't begin with an
5044 * LE Control marker. (We've already generated
5045 * a test for LANE.)
5046 */
5047 b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
5048 gen_not(b1);
5049
5050 /* ether[off_mac] & 1 != 0 */
5051 b0 = gen_mac_multicast(off_mac);
5052 gen_and(b1, b0);
5053 return b0;
5054 }
5055
5056 /* Link not known to support multicasts */
5057 break;
5058
5059 case Q_IP:
5060 b0 = gen_linktype(ETHERTYPE_IP);
5061 b1 = gen_cmp(off_nl + 16, BPF_B, (bpf_int32)224);
5062 b1->s.code = JMP(BPF_JGE);
5063 gen_and(b0, b1);
5064 return b1;
5065
5066#ifdef INET6
5067 case Q_IPV6:
5068 b0 = gen_linktype(ETHERTYPE_IPV6);
5069 b1 = gen_cmp(off_nl + 24, BPF_B, (bpf_int32)255);
5070 gen_and(b0, b1);
5071 return b1;
5072#endif /* INET6 */
5073 }
5074 bpf_error("link-layer multicast filters supported only on ethernet/FDDI/token ring/ARCNET/802.11/ATM LANE/Fibre Channel");
5075 /* NOTREACHED */
5076}
5077
--- 19 unchanged lines hidden (view full) ---
5097 dir);
5098 break;
5099
5100 case DLT_LINUX_SLL:
5101 if (dir) {
5102 /*
5103 * Match packets sent by this machine.
5104 */
5105 b0 = gen_cmp(0, BPF_H, LINUX_SLL_OUTGOING);
5106 } else {
5107 /*
5108 * Match packets sent to this machine.
5109 * (No broadcast or multicast packets, or
5110 * packets sent to some other machine and
5111 * received promiscuously.)
5112 *
5113 * XXX - packets sent to other machines probably
5114 * shouldn't be matched, but what about broadcast
5115 * or multicast packets we received?
5116 */
5117 b0 = gen_cmp(0, BPF_H, LINUX_SLL_HOST);
5118 }
5119 break;
5120
5121 case DLT_PFLOG:
5122 b0 = gen_cmp(offsetof(struct pfloghdr, dir), BPF_B,
5123 (bpf_int32)((dir == 0) ? PF_IN : PF_OUT));
5124 break;
5125
5126 case DLT_PPP_PPPD:
5127 if (dir) {
5128 /* match outgoing packets */
5129 b0 = gen_cmp(0, BPF_B, PPP_PPPD_OUT);
5130 } else {
5131 /* match incoming packets */
5132 b0 = gen_cmp(0, BPF_B, PPP_PPPD_IN);
5133 }
5134 break;
5135
5136 case DLT_JUNIPER_MLFR:
5137 case DLT_JUNIPER_MLPPP:
5138 case DLT_JUNIPER_ATM1:
5139 case DLT_JUNIPER_ATM2:
5140 /* juniper flags (including direction) are stored
5141 * the byte after the 3-byte magic number */
5142 if (dir) {
5143 /* match outgoing packets */
5144 b0 = gen_mcmp(3, BPF_B, 0, 0x01);
5145 } else {
5146 /* match incoming packets */
5147 b0 = gen_mcmp(3, BPF_B, 1, 0x01);
5148 }
5149 break;
5150
5151 default:
5152 bpf_error("inbound/outbound not supported on linktype %d",
5153 linktype);
5154 b0 = NULL;
5155 /* NOTREACHED */
--- 15 unchanged lines hidden (view full) ---
5171 bpf_error("ifname not supported on linktype 0x%x", linktype);
5172 /* NOTREACHED */
5173 }
5174 if (strlen(ifname) >= len) {
5175 bpf_error("ifname interface names can only be %d characters",
5176 len-1);
5177 /* NOTREACHED */
5178 }
5179 b0 = gen_bcmp(off, strlen(ifname), (const u_char *)ifname);
5180 return (b0);
5181}
5182
5183/* PF firewall log matched interface */
5184struct block *
5185gen_pf_ruleset(char *ruleset)
5186{
5187 struct block *b0;
5188
5189 if (linktype != DLT_PFLOG) {
5190 bpf_error("ruleset not supported on linktype 0x%x", linktype);
5191 /* NOTREACHED */
5192 }
5193 if (strlen(ruleset) >= sizeof(((struct pfloghdr *)0)->ruleset)) {
5194 bpf_error("ruleset names can only be %ld characters",
5195 (long)(sizeof(((struct pfloghdr *)0)->ruleset) - 1));
5196 /* NOTREACHED */
5197 }
5198 b0 = gen_bcmp(offsetof(struct pfloghdr, ruleset),
5199 strlen(ruleset), (const u_char *)ruleset);
5200 return (b0);
5201}
5202
5203/* PF firewall log rule number */
5204struct block *
5205gen_pf_rnr(int rnr)
5206{
5207 struct block *b0;
5208
5209 if (linktype == DLT_PFLOG) {
5210 b0 = gen_cmp(offsetof(struct pfloghdr, rulenr), BPF_W,
5211 (bpf_int32)rnr);
5212 } else {
5213 bpf_error("rnr not supported on linktype 0x%x", linktype);
5214 /* NOTREACHED */
5215 }
5216
5217 return (b0);
5218}
--- 4 unchanged lines hidden (view full) ---
5223{
5224 struct block *b0;
5225
5226 if (linktype != DLT_PFLOG) {
5227 bpf_error("srnr not supported on linktype 0x%x", linktype);
5228 /* NOTREACHED */
5229 }
5230
5231 b0 = gen_cmp(offsetof(struct pfloghdr, subrulenr), BPF_W,
5232 (bpf_int32)srnr);
5233 return (b0);
5234}
5235
5236/* PF firewall log reason code */
5237struct block *
5238gen_pf_reason(int reason)
5239{
5240 struct block *b0;
5241
5242 if (linktype == DLT_PFLOG) {
5243 b0 = gen_cmp(offsetof(struct pfloghdr, reason), BPF_B,
5244 (bpf_int32)reason);
5245 } else {
5246 bpf_error("reason not supported on linktype 0x%x", linktype);
5247 /* NOTREACHED */
5248 }
5249
5250 return (b0);
5251}
5252
5253/* PF firewall log action */
5254struct block *
5255gen_pf_action(int action)
5256{
5257 struct block *b0;
5258
5259 if (linktype == DLT_PFLOG) {
5260 b0 = gen_cmp(offsetof(struct pfloghdr, action), BPF_B,
5261 (bpf_int32)action);
5262 } else {
5263 bpf_error("action not supported on linktype 0x%x", linktype);
5264 /* NOTREACHED */
5265 }
5266
5267 return (b0);
5268}
--- 16 unchanged lines hidden (view full) ---
5285 register const u_char *eaddr;
5286 register int dir;
5287{
5288 register struct block *b0, *b1;
5289
5290 switch (dir) {
5291 /* src comes first, different from Ethernet */
5292 case Q_SRC:
5293 return gen_bcmp(0, 1, eaddr);
5294
5295 case Q_DST:
5296 return gen_bcmp(1, 1, eaddr);
5297
5298 case Q_AND:
5299 b0 = gen_ahostop(eaddr, Q_SRC);
5300 b1 = gen_ahostop(eaddr, Q_DST);
5301 gen_and(b0, b1);
5302 return b1;
5303
5304 case Q_DEFAULT:
--- 13 unchanged lines hidden (view full) ---
5318struct block *
5319gen_vlan(vlan_num)
5320 int vlan_num;
5321{
5322 struct block *b0;
5323
5324 /*
5325 * Change the offsets to point to the type and data fields within
5326 * the VLAN packet. This is somewhat of a kludge.
5327 */
5328 if (orig_nl == (u_int)-1) {
5329 orig_linktype = off_linktype; /* save original values */
5330 orig_nl = off_nl;
5331 orig_nl_nosnap = off_nl_nosnap;
5332
5333 switch (linktype) {
5334
5335 case DLT_EN10MB:
5336 off_linktype = 16;
5337 off_nl_nosnap = 18;
5338 off_nl = 18;
5339 break;
5340
5341 default:
5342 bpf_error("no VLAN support for data link type %d",
5343 linktype);
5344 /*NOTREACHED*/
5345 }
5346 }
5347
5348 /* check for VLAN */
5349 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q);
5350
5351 /* If a specific VLAN is requested, check VLAN id */
5352 if (vlan_num >= 0) {
5353 struct block *b1;
5354
5355 b1 = gen_mcmp(orig_nl, BPF_H, (bpf_int32)vlan_num, 0x0fff);
5356 gen_and(b0, b1);
5357 b0 = b1;
5358 }
5359
5360 return (b0);
5361}
5362
5363/*
5364 * support for MPLS
5365 */
5366struct block *
5367gen_mpls(label_num)
5368 int label_num;
5369{
5370 struct block *b0;
5371
5372 /*
5373 * Change the offsets to point to the type and data fields within
5374 * the MPLS packet. This is somewhat of a kludge.
5375 */
5376 if (orig_nl == (u_int)-1) {
5377 orig_linktype = off_linktype; /* save original values */
5378 orig_nl = off_nl;
5379 orig_nl_nosnap = off_nl_nosnap;
5380
5381 switch (linktype) {
5382
5383 case DLT_EN10MB:
5384 off_linktype = 16;
5385 off_nl_nosnap = 18;
5386 off_nl = 18;
5387
5388 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_MPLS);
5389 break;
5390
5391 case DLT_PPP:
5392 off_linktype = 6;
5393 off_nl_nosnap = 8;
5394 off_nl = 8;
5395
5396 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)PPP_MPLS_UCAST);
5397 break;
5398
5399 case DLT_C_HDLC:
5400 off_linktype = 6;
5401 off_nl_nosnap = 8;
5402 off_nl = 8;
5403
5404 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_MPLS);
5405 break;
5406
5407 /* FIXME add other DLT_s ...
5408 * for Frame-Relay/and ATM this may get messy due to SNAP headers
5409 * leave it for now */
5410
5411 default:
5412 bpf_error("no MPLS support for data link type %d",
5413 linktype);
5414 b0 = NULL;
5415 /*NOTREACHED*/
5416 }
5417 } else {
5418 bpf_error("'mpls' can't be combined with 'vlan' or another 'mpls'");
5419 b0 = NULL;
5420 /*NOTREACHED*/
5421 }
5422
5423 /* If a specific MPLS label is requested, check it */
5424 if (label_num >= 0) {
5425 struct block *b1;
5426
5427 label_num = label_num << 12; /* label is shifted 12 bits on the wire */
5428 b1 = gen_mcmp(orig_nl, BPF_W, (bpf_int32)label_num, 0xfffff000); /* only compare the first 20 bits */
5429 gen_and(b0, b1);
5430 b0 = b1;
5431 }
5432
5433 return (b0);
5434}
5435
5436struct block *
5437gen_atmfield_code(atmfield, jvalue, jtype, reverse)
5438 int atmfield;
5439 bpf_u_int32 jvalue;
5440 bpf_u_int32 jtype;
5441 int reverse;
5442{
5443 struct block *b0;
5444
5445 switch (atmfield) {
5446
5447 case A_VPI:
5448 if (!is_atm)
5449 bpf_error("'vpi' supported only on raw ATM");
5450 if (off_vpi == (u_int)-1)
5451 abort();
5452 b0 = gen_ncmp(BPF_B, off_vpi, 0xffffffff, (u_int)jtype,
5453 (u_int)jvalue, reverse);
5454 break;
5455
5456 case A_VCI:
5457 if (!is_atm)
5458 bpf_error("'vci' supported only on raw ATM");
5459 if (off_vci == (u_int)-1)
5460 abort();
5461 b0 = gen_ncmp(BPF_H, off_vci, 0xffffffff, (u_int)jtype,
5462 (u_int)jvalue, reverse);
5463 break;
5464
5465 case A_PROTOTYPE:
5466 if (off_proto == (u_int)-1)
5467 abort(); /* XXX - this isn't on FreeBSD */
5468 b0 = gen_ncmp(BPF_B, off_proto, 0x0f, (u_int)jtype,
5469 (u_int)jvalue, reverse);
5470 break;
5471
5472 case A_MSGTYPE:
5473 if (off_payload == (u_int)-1)
5474 abort();
5475 b0 = gen_ncmp(BPF_B, off_payload + MSG_TYPE_POS, 0xffffffff,
5476 (u_int)jtype, (u_int)jvalue, reverse);
5477 break;
5478
5479 case A_CALLREFTYPE:
5480 if (!is_atm)
5481 bpf_error("'callref' supported only on raw ATM");
5482 if (off_proto == (u_int)-1)
5483 abort();
5484 b0 = gen_ncmp(BPF_B, off_proto, 0xffffffff, (u_int)jtype,
5485 (u_int)jvalue, reverse);
5486 break;
5487
5488 default:
5489 abort();
5490 }
5491 return b0;
5492}
5493
--- 93 unchanged lines hidden (view full) ---
5587 break;
5588
5589 default:
5590 abort();
5591 }
5592 return b1;
5593}
5594
5595
5596static struct block *
5597gen_msg_abbrev(type)
5598 int type;
5599{
5600 struct block *b1;
5601
5602 /*
5603 * Q.2931 signalling protocol messages for handling virtual circuits
--- 102 unchanged lines hidden ---