Deleted Added
full compact
gencode.c (146771) gencode.c (147897)
1/*#define CHASE_CHAIN*/
2/*
3 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998
4 * The Regents of the University of California. All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that: (1) source code distributions
8 * retain the above copyright notice and this paragraph in its entirety, (2)
9 * distributions including binary code include the above copyright notice and
10 * this paragraph in its entirety in the documentation or other materials
11 * provided with the distribution, and (3) all advertising materials mentioning
12 * features or use of this software display the following acknowledgement:
13 * ``This product includes software developed by the University of California,
14 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
15 * the University nor the names of its contributors may be used to endorse
16 * or promote products derived from this software without specific prior
17 * written permission.
18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
19 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
20 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
21 *
1/*#define CHASE_CHAIN*/
2/*
3 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998
4 * The Regents of the University of California. All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that: (1) source code distributions
8 * retain the above copyright notice and this paragraph in its entirety, (2)
9 * distributions including binary code include the above copyright notice and
10 * this paragraph in its entirety in the documentation or other materials
11 * provided with the distribution, and (3) all advertising materials mentioning
12 * features or use of this software display the following acknowledgement:
13 * ``This product includes software developed by the University of California,
14 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
15 * the University nor the names of its contributors may be used to endorse
16 * or promote products derived from this software without specific prior
17 * written permission.
18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
19 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
20 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
21 *
22 * $FreeBSD: head/contrib/libpcap/gencode.c 146771 2005-05-29 18:09:04Z sam $
22 * $FreeBSD: head/contrib/libpcap/gencode.c 147897 2005-07-11 03:43:25Z sam $
23 */
24#ifndef lint
25static const char rcsid[] _U_ =
23 */
24#ifndef lint
25static const char rcsid[] _U_ =
26 "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.221 2005/03/27 22:10:23 guy Exp $ (LBL)";
26 "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.221.2.24 2005/06/20 21:52:53 guy Exp $ (LBL)";
27#endif
28
29#ifdef HAVE_CONFIG_H
30#include "config.h"
31#endif
32
33#ifdef WIN32
34#include <pcap-stdinc.h>
35#else /* WIN32 */
36#include <sys/types.h>
37#include <sys/socket.h>
38#endif /* WIN32 */
39
40/*
41 * XXX - why was this included even on UNIX?
42 */
43#ifdef __MINGW32__
44#include "IP6_misc.h"
45#endif
46
47#ifndef WIN32
48
49#ifdef __NetBSD__
50#include <sys/param.h>
51#endif
52
53#include <netinet/in.h>
54
55#endif /* WIN32 */
56
57#include <stdlib.h>
58#include <string.h>
59#include <memory.h>
60#include <setjmp.h>
61#include <stdarg.h>
62
63#ifdef MSDOS
64#include "pcap-dos.h"
65#endif
66
67#include "pcap-int.h"
68
69#include "ethertype.h"
70#include "nlpid.h"
71#include "llc.h"
72#include "gencode.h"
73#include "atmuni31.h"
74#include "sunatmpos.h"
75#include "ppp.h"
76#include "sll.h"
77#include "arcnet.h"
78#include "pf.h"
79#ifndef offsetof
80#define offsetof(s, e) ((size_t)&((s *)0)->e)
81#endif
82#ifdef INET6
83#ifndef WIN32
84#include <netdb.h> /* for "struct addrinfo" */
85#endif /* WIN32 */
86#endif /*INET6*/
87#include <pcap-namedb.h>
88
89#undef ETHERMTU
90#define ETHERMTU 1500
91
92#ifndef IPPROTO_SCTP
93#define IPPROTO_SCTP 132
94#endif
95
96#ifdef HAVE_OS_PROTO_H
97#include "os-proto.h"
98#endif
99
100#define JMP(c) ((c)|BPF_JMP|BPF_K)
101
102/* Locals */
103static jmp_buf top_ctx;
104static pcap_t *bpf_pcap;
105
106/* Hack for updating VLAN, MPLS offsets. */
27#endif
28
29#ifdef HAVE_CONFIG_H
30#include "config.h"
31#endif
32
33#ifdef WIN32
34#include <pcap-stdinc.h>
35#else /* WIN32 */
36#include <sys/types.h>
37#include <sys/socket.h>
38#endif /* WIN32 */
39
40/*
41 * XXX - why was this included even on UNIX?
42 */
43#ifdef __MINGW32__
44#include "IP6_misc.h"
45#endif
46
47#ifndef WIN32
48
49#ifdef __NetBSD__
50#include <sys/param.h>
51#endif
52
53#include <netinet/in.h>
54
55#endif /* WIN32 */
56
57#include <stdlib.h>
58#include <string.h>
59#include <memory.h>
60#include <setjmp.h>
61#include <stdarg.h>
62
63#ifdef MSDOS
64#include "pcap-dos.h"
65#endif
66
67#include "pcap-int.h"
68
69#include "ethertype.h"
70#include "nlpid.h"
71#include "llc.h"
72#include "gencode.h"
73#include "atmuni31.h"
74#include "sunatmpos.h"
75#include "ppp.h"
76#include "sll.h"
77#include "arcnet.h"
78#include "pf.h"
79#ifndef offsetof
80#define offsetof(s, e) ((size_t)&((s *)0)->e)
81#endif
82#ifdef INET6
83#ifndef WIN32
84#include <netdb.h> /* for "struct addrinfo" */
85#endif /* WIN32 */
86#endif /*INET6*/
87#include <pcap-namedb.h>
88
89#undef ETHERMTU
90#define ETHERMTU 1500
91
92#ifndef IPPROTO_SCTP
93#define IPPROTO_SCTP 132
94#endif
95
96#ifdef HAVE_OS_PROTO_H
97#include "os-proto.h"
98#endif
99
100#define JMP(c) ((c)|BPF_JMP|BPF_K)
101
102/* Locals */
103static jmp_buf top_ctx;
104static pcap_t *bpf_pcap;
105
106/* Hack for updating VLAN, MPLS offsets. */
107static u_int orig_linktype = -1U, orig_nl = -1U, orig_nl_nosnap = -1U;
107static u_int orig_linktype = -1U, orig_nl = -1U;
108
109/* XXX */
110#ifdef PCAP_FDDIPAD
111static int pcap_fddipad;
112#endif
113
114/* VARARGS */
115void
116bpf_error(const char *fmt, ...)
108
109/* XXX */
110#ifdef PCAP_FDDIPAD
111static int pcap_fddipad;
112#endif
113
114/* VARARGS */
115void
116bpf_error(const char *fmt, ...)
117
118{
119 va_list ap;
120
121 va_start(ap, fmt);
122 if (bpf_pcap != NULL)
123 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE,
124 fmt, ap);
125 va_end(ap);
126 longjmp(top_ctx, 1);
127 /* NOTREACHED */
128}
129
130static void init_linktype(pcap_t *);
131
132static int alloc_reg(void);
133static void free_reg(int);
134
135static struct block *root;
136
137/*
117{
118 va_list ap;
119
120 va_start(ap, fmt);
121 if (bpf_pcap != NULL)
122 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE,
123 fmt, ap);
124 va_end(ap);
125 longjmp(top_ctx, 1);
126 /* NOTREACHED */
127}
128
129static void init_linktype(pcap_t *);
130
131static int alloc_reg(void);
132static void free_reg(int);
133
134static struct block *root;
135
136/*
137 * Value passed to gen_load_a() to indicate what the offset argument
138 * is relative to.
139 */
140enum e_offrel {
141 OR_PACKET, /* relative to the beginning of the packet */
142 OR_LINK, /* relative to the link-layer header */
143 OR_NET, /* relative to the network-layer header */
144 OR_NET_NOSNAP, /* relative to the network-layer header, with no SNAP header at the link layer */
145 OR_TRAN_IPV4, /* relative to the transport-layer header, with IPv4 network layer */
146 OR_TRAN_IPV6 /* relative to the transport-layer header, with IPv6 network layer */
147};
148
149/*
138 * We divy out chunks of memory rather than call malloc each time so
139 * we don't have to worry about leaking memory. It's probably
140 * not a big deal if all this memory was wasted but if this ever
141 * goes into a library that would probably not be a good idea.
142 *
143 * XXX - this *is* in a library....
144 */
145#define NCHUNKS 16
146#define CHUNK0SIZE 1024
147struct chunk {
148 u_int n_left;
149 void *m;
150};
151
152static struct chunk chunks[NCHUNKS];
153static int cur_chunk;
154
155static void *newchunk(u_int);
156static void freechunks(void);
157static inline struct block *new_block(int);
158static inline struct slist *new_stmt(int);
159static struct block *gen_retblk(int);
160static inline void syntax(void);
161
162static void backpatch(struct block *, struct block *);
163static void merge(struct block *, struct block *);
150 * We divy out chunks of memory rather than call malloc each time so
151 * we don't have to worry about leaking memory. It's probably
152 * not a big deal if all this memory was wasted but if this ever
153 * goes into a library that would probably not be a good idea.
154 *
155 * XXX - this *is* in a library....
156 */
157#define NCHUNKS 16
158#define CHUNK0SIZE 1024
159struct chunk {
160 u_int n_left;
161 void *m;
162};
163
164static struct chunk chunks[NCHUNKS];
165static int cur_chunk;
166
167static void *newchunk(u_int);
168static void freechunks(void);
169static inline struct block *new_block(int);
170static inline struct slist *new_stmt(int);
171static struct block *gen_retblk(int);
172static inline void syntax(void);
173
174static void backpatch(struct block *, struct block *);
175static void merge(struct block *, struct block *);
164static struct block *gen_cmp(u_int, u_int, bpf_int32);
165static struct block *gen_cmp_gt(u_int, u_int, bpf_int32);
166static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32);
167static struct block *gen_bcmp(u_int, u_int, const u_char *);
168static struct block *gen_ncmp(bpf_u_int32, bpf_u_int32, bpf_u_int32,
169 bpf_u_int32, bpf_u_int32, int);
176static struct block *gen_cmp(enum e_offrel, u_int, u_int, bpf_int32);
177static struct block *gen_cmp_gt(enum e_offrel, u_int, u_int, bpf_int32);
178static struct block *gen_cmp_ge(enum e_offrel, u_int, u_int, bpf_int32);
179static struct block *gen_cmp_lt(enum e_offrel, u_int, u_int, bpf_int32);
180static struct block *gen_cmp_le(enum e_offrel, u_int, u_int, bpf_int32);
181static struct block *gen_mcmp(enum e_offrel, u_int, u_int, bpf_int32,
182 bpf_u_int32);
183static struct block *gen_bcmp(enum e_offrel, u_int, u_int, const u_char *);
184static struct block *gen_ncmp(enum e_offrel, bpf_u_int32, bpf_u_int32,
185 bpf_u_int32, bpf_u_int32, int, bpf_int32);
186static struct slist *gen_load_llrel(u_int, u_int);
187static struct slist *gen_load_a(enum e_offrel, u_int, u_int);
188static struct slist *gen_loadx_iphdrlen(void);
170static struct block *gen_uncond(int);
171static inline struct block *gen_true(void);
172static inline struct block *gen_false(void);
173static struct block *gen_ether_linktype(int);
174static struct block *gen_linux_sll_linktype(int);
189static struct block *gen_uncond(int);
190static inline struct block *gen_true(void);
191static inline struct block *gen_false(void);
192static struct block *gen_ether_linktype(int);
193static struct block *gen_linux_sll_linktype(int);
194static void insert_radiotap_load_llprefixlen(struct block *);
195static void insert_load_llprefixlen(struct block *);
196static struct slist *gen_llprefixlen(void);
175static struct block *gen_linktype(int);
176static struct block *gen_snap(bpf_u_int32, bpf_u_int32, u_int);
197static struct block *gen_linktype(int);
198static struct block *gen_snap(bpf_u_int32, bpf_u_int32, u_int);
177static struct block *gen_llc(int);
199static struct block *gen_llc_linktype(int);
178static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int);
179#ifdef INET6
180static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int);
181#endif
182static struct block *gen_ahostop(const u_char *, int);
183static struct block *gen_ehostop(const u_char *, int);
184static struct block *gen_fhostop(const u_char *, int);
185static struct block *gen_thostop(const u_char *, int);
186static struct block *gen_wlanhostop(const u_char *, int);
187static struct block *gen_ipfchostop(const u_char *, int);
200static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int);
201#ifdef INET6
202static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int);
203#endif
204static struct block *gen_ahostop(const u_char *, int);
205static struct block *gen_ehostop(const u_char *, int);
206static struct block *gen_fhostop(const u_char *, int);
207static struct block *gen_thostop(const u_char *, int);
208static struct block *gen_wlanhostop(const u_char *, int);
209static struct block *gen_ipfchostop(const u_char *, int);
188static struct block *gen_dnhostop(bpf_u_int32, int, u_int);
210static struct block *gen_dnhostop(bpf_u_int32, int);
189static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int);
190#ifdef INET6
191static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int);
192#endif
193#ifndef INET6
194static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int);
195#endif
196static struct block *gen_ipfrag(void);
197static struct block *gen_portatom(int, bpf_int32);
211static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int);
212#ifdef INET6
213static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int);
214#endif
215#ifndef INET6
216static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int);
217#endif
218static struct block *gen_ipfrag(void);
219static struct block *gen_portatom(int, bpf_int32);
220static struct block *gen_portrangeatom(int, bpf_int32, bpf_int32);
198#ifdef INET6
199static struct block *gen_portatom6(int, bpf_int32);
221#ifdef INET6
222static struct block *gen_portatom6(int, bpf_int32);
223static struct block *gen_portrangeatom6(int, bpf_int32, bpf_int32);
200#endif
201struct block *gen_portop(int, int, int);
202static struct block *gen_port(int, int, int);
224#endif
225struct block *gen_portop(int, int, int);
226static struct block *gen_port(int, int, int);
227struct block *gen_portrangeop(int, int, int, int);
228static struct block *gen_portrange(int, int, int, int);
203#ifdef INET6
204struct block *gen_portop6(int, int, int);
205static struct block *gen_port6(int, int, int);
229#ifdef INET6
230struct block *gen_portop6(int, int, int);
231static struct block *gen_port6(int, int, int);
232struct block *gen_portrangeop6(int, int, int, int);
233static struct block *gen_portrange6(int, int, int, int);
206#endif
207static int lookup_proto(const char *, int);
208static struct block *gen_protochain(int, int, int);
209static struct block *gen_proto(int, int, int);
210static struct slist *xfer_to_x(struct arth *);
211static struct slist *xfer_to_a(struct arth *);
212static struct block *gen_mac_multicast(int);
213static struct block *gen_len(int, int);
214
215static struct block *gen_msg_abbrev(int type);
216
217static void *
218newchunk(n)
219 u_int n;
220{
221 struct chunk *cp;
222 int k;
223 size_t size;
224
225#ifndef __NetBSD__
226 /* XXX Round up to nearest long. */
227 n = (n + sizeof(long) - 1) & ~(sizeof(long) - 1);
228#else
229 /* XXX Round up to structure boundary. */
230 n = ALIGN(n);
231#endif
232
233 cp = &chunks[cur_chunk];
234 if (n > cp->n_left) {
235 ++cp, k = ++cur_chunk;
236 if (k >= NCHUNKS)
237 bpf_error("out of memory");
238 size = CHUNK0SIZE << k;
239 cp->m = (void *)malloc(size);
240 if (cp->m == NULL)
241 bpf_error("out of memory");
242 memset((char *)cp->m, 0, size);
243 cp->n_left = size;
244 if (n > size)
245 bpf_error("out of memory");
246 }
247 cp->n_left -= n;
248 return (void *)((char *)cp->m + cp->n_left);
249}
250
251static void
252freechunks()
253{
254 int i;
255
256 cur_chunk = 0;
257 for (i = 0; i < NCHUNKS; ++i)
258 if (chunks[i].m != NULL) {
259 free(chunks[i].m);
260 chunks[i].m = NULL;
261 }
262}
263
264/*
265 * A strdup whose allocations are freed after code generation is over.
266 */
267char *
268sdup(s)
269 register const char *s;
270{
271 int n = strlen(s) + 1;
272 char *cp = newchunk(n);
273
274 strlcpy(cp, s, n);
275 return (cp);
276}
277
278static inline struct block *
279new_block(code)
280 int code;
281{
282 struct block *p;
283
284 p = (struct block *)newchunk(sizeof(*p));
285 p->s.code = code;
286 p->head = p;
287
288 return p;
289}
290
291static inline struct slist *
292new_stmt(code)
293 int code;
294{
295 struct slist *p;
296
297 p = (struct slist *)newchunk(sizeof(*p));
298 p->s.code = code;
299
300 return p;
301}
302
303static struct block *
304gen_retblk(v)
305 int v;
306{
307 struct block *b = new_block(BPF_RET|BPF_K);
308
309 b->s.k = v;
310 return b;
311}
312
313static inline void
314syntax()
315{
316 bpf_error("syntax error in filter expression");
317}
318
319static bpf_u_int32 netmask;
320static int snaplen;
321int no_optimize;
322
323int
324pcap_compile(pcap_t *p, struct bpf_program *program,
325 char *buf, int optimize, bpf_u_int32 mask)
326{
327 extern int n_errors;
328 int len;
329
330 no_optimize = 0;
331 n_errors = 0;
332 root = NULL;
333 bpf_pcap = p;
334 if (setjmp(top_ctx)) {
335 lex_cleanup();
336 freechunks();
337 return (-1);
338 }
339
340 netmask = mask;
341
342 snaplen = pcap_snapshot(p);
343 if (snaplen == 0) {
344 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
345 "snaplen of 0 rejects all packets");
346 return -1;
347 }
348
349 lex_init(buf ? buf : "");
350 init_linktype(p);
351 (void)pcap_parse();
352
353 if (n_errors)
354 syntax();
355
356 if (root == NULL)
357 root = gen_retblk(snaplen);
358
359 if (optimize && !no_optimize) {
360 bpf_optimize(&root);
361 if (root == NULL ||
362 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0))
363 bpf_error("expression rejects all packets");
364 }
365 program->bf_insns = icode_to_fcode(root, &len);
366 program->bf_len = len;
367
368 lex_cleanup();
369 freechunks();
370 return (0);
371}
372
373/*
374 * entry point for using the compiler with no pcap open
375 * pass in all the stuff that is needed explicitly instead.
376 */
377int
378pcap_compile_nopcap(int snaplen_arg, int linktype_arg,
379 struct bpf_program *program,
380 char *buf, int optimize, bpf_u_int32 mask)
381{
382 pcap_t *p;
383 int ret;
384
385 p = pcap_open_dead(linktype_arg, snaplen_arg);
386 if (p == NULL)
387 return (-1);
388 ret = pcap_compile(p, program, buf, optimize, mask);
389 pcap_close(p);
390 return (ret);
391}
392
393/*
394 * Clean up a "struct bpf_program" by freeing all the memory allocated
395 * in it.
396 */
397void
398pcap_freecode(struct bpf_program *program)
399{
400 program->bf_len = 0;
401 if (program->bf_insns != NULL) {
402 free((char *)program->bf_insns);
403 program->bf_insns = NULL;
404 }
405}
406
407/*
408 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates
409 * which of the jt and jf fields has been resolved and which is a pointer
410 * back to another unresolved block (or nil). At least one of the fields
411 * in each block is already resolved.
412 */
413static void
414backpatch(list, target)
415 struct block *list, *target;
416{
417 struct block *next;
418
419 while (list) {
420 if (!list->sense) {
421 next = JT(list);
422 JT(list) = target;
423 } else {
424 next = JF(list);
425 JF(list) = target;
426 }
427 list = next;
428 }
429}
430
431/*
432 * Merge the lists in b0 and b1, using the 'sense' field to indicate
433 * which of jt and jf is the link.
434 */
435static void
436merge(b0, b1)
437 struct block *b0, *b1;
438{
439 register struct block **p = &b0;
440
441 /* Find end of list. */
442 while (*p)
443 p = !((*p)->sense) ? &JT(*p) : &JF(*p);
444
445 /* Concatenate the lists. */
446 *p = b1;
447}
448
449void
450finish_parse(p)
451 struct block *p;
452{
453 backpatch(p, gen_retblk(snaplen));
454 p->sense = !p->sense;
455 backpatch(p, gen_retblk(0));
456 root = p->head;
234#endif
235static int lookup_proto(const char *, int);
236static struct block *gen_protochain(int, int, int);
237static struct block *gen_proto(int, int, int);
238static struct slist *xfer_to_x(struct arth *);
239static struct slist *xfer_to_a(struct arth *);
240static struct block *gen_mac_multicast(int);
241static struct block *gen_len(int, int);
242
243static struct block *gen_msg_abbrev(int type);
244
245static void *
246newchunk(n)
247 u_int n;
248{
249 struct chunk *cp;
250 int k;
251 size_t size;
252
253#ifndef __NetBSD__
254 /* XXX Round up to nearest long. */
255 n = (n + sizeof(long) - 1) & ~(sizeof(long) - 1);
256#else
257 /* XXX Round up to structure boundary. */
258 n = ALIGN(n);
259#endif
260
261 cp = &chunks[cur_chunk];
262 if (n > cp->n_left) {
263 ++cp, k = ++cur_chunk;
264 if (k >= NCHUNKS)
265 bpf_error("out of memory");
266 size = CHUNK0SIZE << k;
267 cp->m = (void *)malloc(size);
268 if (cp->m == NULL)
269 bpf_error("out of memory");
270 memset((char *)cp->m, 0, size);
271 cp->n_left = size;
272 if (n > size)
273 bpf_error("out of memory");
274 }
275 cp->n_left -= n;
276 return (void *)((char *)cp->m + cp->n_left);
277}
278
279static void
280freechunks()
281{
282 int i;
283
284 cur_chunk = 0;
285 for (i = 0; i < NCHUNKS; ++i)
286 if (chunks[i].m != NULL) {
287 free(chunks[i].m);
288 chunks[i].m = NULL;
289 }
290}
291
292/*
293 * A strdup whose allocations are freed after code generation is over.
294 */
295char *
296sdup(s)
297 register const char *s;
298{
299 int n = strlen(s) + 1;
300 char *cp = newchunk(n);
301
302 strlcpy(cp, s, n);
303 return (cp);
304}
305
306static inline struct block *
307new_block(code)
308 int code;
309{
310 struct block *p;
311
312 p = (struct block *)newchunk(sizeof(*p));
313 p->s.code = code;
314 p->head = p;
315
316 return p;
317}
318
319static inline struct slist *
320new_stmt(code)
321 int code;
322{
323 struct slist *p;
324
325 p = (struct slist *)newchunk(sizeof(*p));
326 p->s.code = code;
327
328 return p;
329}
330
331static struct block *
332gen_retblk(v)
333 int v;
334{
335 struct block *b = new_block(BPF_RET|BPF_K);
336
337 b->s.k = v;
338 return b;
339}
340
341static inline void
342syntax()
343{
344 bpf_error("syntax error in filter expression");
345}
346
347static bpf_u_int32 netmask;
348static int snaplen;
349int no_optimize;
350
351int
352pcap_compile(pcap_t *p, struct bpf_program *program,
353 char *buf, int optimize, bpf_u_int32 mask)
354{
355 extern int n_errors;
356 int len;
357
358 no_optimize = 0;
359 n_errors = 0;
360 root = NULL;
361 bpf_pcap = p;
362 if (setjmp(top_ctx)) {
363 lex_cleanup();
364 freechunks();
365 return (-1);
366 }
367
368 netmask = mask;
369
370 snaplen = pcap_snapshot(p);
371 if (snaplen == 0) {
372 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
373 "snaplen of 0 rejects all packets");
374 return -1;
375 }
376
377 lex_init(buf ? buf : "");
378 init_linktype(p);
379 (void)pcap_parse();
380
381 if (n_errors)
382 syntax();
383
384 if (root == NULL)
385 root = gen_retblk(snaplen);
386
387 if (optimize && !no_optimize) {
388 bpf_optimize(&root);
389 if (root == NULL ||
390 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0))
391 bpf_error("expression rejects all packets");
392 }
393 program->bf_insns = icode_to_fcode(root, &len);
394 program->bf_len = len;
395
396 lex_cleanup();
397 freechunks();
398 return (0);
399}
400
401/*
402 * entry point for using the compiler with no pcap open
403 * pass in all the stuff that is needed explicitly instead.
404 */
405int
406pcap_compile_nopcap(int snaplen_arg, int linktype_arg,
407 struct bpf_program *program,
408 char *buf, int optimize, bpf_u_int32 mask)
409{
410 pcap_t *p;
411 int ret;
412
413 p = pcap_open_dead(linktype_arg, snaplen_arg);
414 if (p == NULL)
415 return (-1);
416 ret = pcap_compile(p, program, buf, optimize, mask);
417 pcap_close(p);
418 return (ret);
419}
420
421/*
422 * Clean up a "struct bpf_program" by freeing all the memory allocated
423 * in it.
424 */
425void
426pcap_freecode(struct bpf_program *program)
427{
428 program->bf_len = 0;
429 if (program->bf_insns != NULL) {
430 free((char *)program->bf_insns);
431 program->bf_insns = NULL;
432 }
433}
434
435/*
436 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates
437 * which of the jt and jf fields has been resolved and which is a pointer
438 * back to another unresolved block (or nil). At least one of the fields
439 * in each block is already resolved.
440 */
441static void
442backpatch(list, target)
443 struct block *list, *target;
444{
445 struct block *next;
446
447 while (list) {
448 if (!list->sense) {
449 next = JT(list);
450 JT(list) = target;
451 } else {
452 next = JF(list);
453 JF(list) = target;
454 }
455 list = next;
456 }
457}
458
459/*
460 * Merge the lists in b0 and b1, using the 'sense' field to indicate
461 * which of jt and jf is the link.
462 */
463static void
464merge(b0, b1)
465 struct block *b0, *b1;
466{
467 register struct block **p = &b0;
468
469 /* Find end of list. */
470 while (*p)
471 p = !((*p)->sense) ? &JT(*p) : &JF(*p);
472
473 /* Concatenate the lists. */
474 *p = b1;
475}
476
477void
478finish_parse(p)
479 struct block *p;
480{
481 backpatch(p, gen_retblk(snaplen));
482 p->sense = !p->sense;
483 backpatch(p, gen_retblk(0));
484 root = p->head;
485
486 /*
487 * Insert before the statements of the first (root) block any
488 * statements needed to load the lengths of any variable-length
489 * headers into registers.
490 *
491 * XXX - a fancier strategy would be to insert those before the
492 * statements of all blocks that use those lengths and that
493 * have no predecessors that use them, so that we only compute
494 * the lengths if we need them. There might be even better
495 * approaches than that. However, as we're currently only
496 * handling variable-length radiotap headers, and as all
497 * filtering expressions other than raw link[M:N] tests
498 * require the length of that header, doing more for that
499 * header length isn't really worth the effort.
500 */
501 insert_load_llprefixlen(root);
457}
458
459void
460gen_and(b0, b1)
461 struct block *b0, *b1;
462{
463 backpatch(b0, b1->head);
464 b0->sense = !b0->sense;
465 b1->sense = !b1->sense;
466 merge(b1, b0);
467 b1->sense = !b1->sense;
468 b1->head = b0->head;
469}
470
471void
472gen_or(b0, b1)
473 struct block *b0, *b1;
474{
475 b0->sense = !b0->sense;
476 backpatch(b0, b1->head);
477 b0->sense = !b0->sense;
478 merge(b1, b0);
479 b1->head = b0->head;
480}
481
482void
483gen_not(b)
484 struct block *b;
485{
486 b->sense = !b->sense;
487}
488
489static struct block *
502}
503
504void
505gen_and(b0, b1)
506 struct block *b0, *b1;
507{
508 backpatch(b0, b1->head);
509 b0->sense = !b0->sense;
510 b1->sense = !b1->sense;
511 merge(b1, b0);
512 b1->sense = !b1->sense;
513 b1->head = b0->head;
514}
515
516void
517gen_or(b0, b1)
518 struct block *b0, *b1;
519{
520 b0->sense = !b0->sense;
521 backpatch(b0, b1->head);
522 b0->sense = !b0->sense;
523 merge(b1, b0);
524 b1->head = b0->head;
525}
526
527void
528gen_not(b)
529 struct block *b;
530{
531 b->sense = !b->sense;
532}
533
534static struct block *
490gen_cmp(offset, size, v)
535gen_cmp(offrel, offset, size, v)
536 enum e_offrel offrel;
491 u_int offset, size;
492 bpf_int32 v;
493{
537 u_int offset, size;
538 bpf_int32 v;
539{
494 struct slist *s;
495 struct block *b;
540 return gen_ncmp(offrel, offset, size, 0xffffffff, BPF_JEQ, 0, v);
541}
496
542
497 s = new_stmt(BPF_LD|BPF_ABS|size);
498 s->s.k = offset;
543static struct block *
544gen_cmp_gt(offrel, offset, size, v)
545 enum e_offrel offrel;
546 u_int offset, size;
547 bpf_int32 v;
548{
549 return gen_ncmp(offrel, offset, size, 0xffffffff, BPF_JGT, 0, v);
550}
499
551
500 b = new_block(JMP(BPF_JEQ));
501 b->stmts = s;
502 b->s.k = v;
503
504 return b;
552static struct block *
553gen_cmp_ge(offrel, offset, size, v)
554 enum e_offrel offrel;
555 u_int offset, size;
556 bpf_int32 v;
557{
558 return gen_ncmp(offrel, offset, size, 0xffffffff, BPF_JGE, 0, v);
505}
506
507static struct block *
559}
560
561static struct block *
508gen_cmp_gt(offset, size, v)
562gen_cmp_lt(offrel, offset, size, v)
563 enum e_offrel offrel;
509 u_int offset, size;
510 bpf_int32 v;
511{
564 u_int offset, size;
565 bpf_int32 v;
566{
512 struct slist *s;
513 struct block *b;
567 return gen_ncmp(offrel, offset, size, 0xffffffff, BPF_JGE, 1, v);
568}
514
569
515 s = new_stmt(BPF_LD|BPF_ABS|size);
516 s->s.k = offset;
517
518 b = new_block(JMP(BPF_JGT));
519 b->stmts = s;
520 b->s.k = v;
521
522 return b;
570static struct block *
571gen_cmp_le(offrel, offset, size, v)
572 enum e_offrel offrel;
573 u_int offset, size;
574 bpf_int32 v;
575{
576 return gen_ncmp(offrel, offset, size, 0xffffffff, BPF_JGT, 1, v);
523}
524
525static struct block *
577}
578
579static struct block *
526gen_mcmp(offset, size, v, mask)
580gen_mcmp(offrel, offset, size, v, mask)
581 enum e_offrel offrel;
527 u_int offset, size;
528 bpf_int32 v;
529 bpf_u_int32 mask;
530{
582 u_int offset, size;
583 bpf_int32 v;
584 bpf_u_int32 mask;
585{
531 struct block *b = gen_cmp(offset, size, v);
532 struct slist *s;
533
534 if (mask != 0xffffffff) {
535 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
536 s->s.k = mask;
537 b->stmts->next = s;
538 }
539 return b;
586 return gen_ncmp(offrel, offset, size, mask, BPF_JEQ, 0, v);
540}
541
542static struct block *
587}
588
589static struct block *
543gen_bcmp(offset, size, v)
590gen_bcmp(offrel, offset, size, v)
591 enum e_offrel offrel;
544 register u_int offset, size;
545 register const u_char *v;
546{
547 register struct block *b, *tmp;
548
549 b = NULL;
550 while (size >= 4) {
551 register const u_char *p = &v[size - 4];
552 bpf_int32 w = ((bpf_int32)p[0] << 24) |
553 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3];
554
592 register u_int offset, size;
593 register const u_char *v;
594{
595 register struct block *b, *tmp;
596
597 b = NULL;
598 while (size >= 4) {
599 register const u_char *p = &v[size - 4];
600 bpf_int32 w = ((bpf_int32)p[0] << 24) |
601 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3];
602
555 tmp = gen_cmp(offset + size - 4, BPF_W, w);
603 tmp = gen_cmp(offrel, offset + size - 4, BPF_W, w);
556 if (b != NULL)
557 gen_and(b, tmp);
558 b = tmp;
559 size -= 4;
560 }
561 while (size >= 2) {
562 register const u_char *p = &v[size - 2];
563 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1];
564
604 if (b != NULL)
605 gen_and(b, tmp);
606 b = tmp;
607 size -= 4;
608 }
609 while (size >= 2) {
610 register const u_char *p = &v[size - 2];
611 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1];
612
565 tmp = gen_cmp(offset + size - 2, BPF_H, w);
613 tmp = gen_cmp(offrel, offset + size - 2, BPF_H, w);
566 if (b != NULL)
567 gen_and(b, tmp);
568 b = tmp;
569 size -= 2;
570 }
571 if (size > 0) {
614 if (b != NULL)
615 gen_and(b, tmp);
616 b = tmp;
617 size -= 2;
618 }
619 if (size > 0) {
572 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]);
620 tmp = gen_cmp(offrel, offset, BPF_B, (bpf_int32)v[0]);
573 if (b != NULL)
574 gen_and(b, tmp);
575 b = tmp;
576 }
577 return b;
578}
579
621 if (b != NULL)
622 gen_and(b, tmp);
623 b = tmp;
624 }
625 return b;
626}
627
628/*
629 * AND the field of size "size" at offset "offset" relative to the header
630 * specified by "offrel" with "mask", and compare it with the value "v"
631 * with the test specified by "jtype"; if "reverse" is true, the test
632 * should test the opposite of "jtype".
633 */
580static struct block *
634static struct block *
581gen_ncmp(datasize, offset, mask, jtype, jvalue, reverse)
582 bpf_u_int32 datasize, offset, mask, jtype, jvalue;
635gen_ncmp(offrel, offset, size, mask, jtype, reverse, v)
636 enum e_offrel offrel;
637 bpf_int32 v;
638 bpf_u_int32 offset, size, mask, jtype;
583 int reverse;
584{
639 int reverse;
640{
585 struct slist *s;
641 struct slist *s, *s2;
586 struct block *b;
587
642 struct block *b;
643
588 s = new_stmt(BPF_LD|datasize|BPF_ABS);
589 s->s.k = offset;
644 s = gen_load_a(offrel, offset, size);
590
591 if (mask != 0xffffffff) {
645
646 if (mask != 0xffffffff) {
592 s->next = new_stmt(BPF_ALU|BPF_AND|BPF_K);
593 s->next->s.k = mask;
647 s2 = new_stmt(BPF_ALU|BPF_AND|BPF_K);
648 s2->s.k = mask;
649 sappend(s, s2);
594 }
595
596 b = new_block(JMP(jtype));
597 b->stmts = s;
650 }
651
652 b = new_block(JMP(jtype));
653 b->stmts = s;
598 b->s.k = jvalue;
654 b->s.k = v;
599 if (reverse && (jtype == BPF_JGT || jtype == BPF_JGE))
600 gen_not(b);
601 return b;
602}
603
604/*
605 * Various code constructs need to know the layout of the data link
655 if (reverse && (jtype == BPF_JGT || jtype == BPF_JGE))
656 gen_not(b);
657 return b;
658}
659
660/*
661 * Various code constructs need to know the layout of the data link
606 * layer. These variables give the necessary offsets.
662 * layer. These variables give the necessary offsets from the beginning
663 * of the packet data.
664 *
665 * If the link layer has variable_length headers, the offsets are offsets
666 * from the end of the link-link-layer header, and "reg_ll_size" is
667 * the register number for a register containing the length of the
668 * link-layer header. Otherwise, "reg_ll_size" is -1.
607 */
669 */
670static int reg_ll_size;
608
609/*
671
672/*
673 * This is the offset of the beginning of the link-layer header.
674 * It's usually 0, except for 802.11 with a fixed-length radio header.
675 */
676static u_int off_ll;
677
678/*
610 * This is the offset of the beginning of the MAC-layer header.
611 * It's usually 0, except for ATM LANE.
612 */
613static u_int off_mac;
614
615/*
616 * "off_linktype" is the offset to information in the link-layer header
617 * giving the packet type.
618 *
619 * For Ethernet, it's the offset of the Ethernet type field.
620 *
621 * For link-layer types that always use 802.2 headers, it's the
622 * offset of the LLC header.
623 *
624 * For PPP, it's the offset of the PPP type field.
625 *
626 * For Cisco HDLC, it's the offset of the CHDLC type field.
627 *
628 * For BSD loopback, it's the offset of the AF_ value.
629 *
630 * For Linux cooked sockets, it's the offset of the type field.
631 *
632 * It's set to -1 for no encapsulation, in which case, IP is assumed.
633 */
634static u_int off_linktype;
635
636/*
637 * TRUE if the link layer includes an ATM pseudo-header.
638 */
639static int is_atm = 0;
640
641/*
642 * TRUE if "lane" appeared in the filter; it causes us to generate
643 * code that assumes LANE rather than LLC-encapsulated traffic in SunATM.
644 */
645static int is_lane = 0;
646
647/*
648 * These are offsets for the ATM pseudo-header.
649 */
650static u_int off_vpi;
651static u_int off_vci;
652static u_int off_proto;
653
654/*
679 * This is the offset of the beginning of the MAC-layer header.
680 * It's usually 0, except for ATM LANE.
681 */
682static u_int off_mac;
683
684/*
685 * "off_linktype" is the offset to information in the link-layer header
686 * giving the packet type.
687 *
688 * For Ethernet, it's the offset of the Ethernet type field.
689 *
690 * For link-layer types that always use 802.2 headers, it's the
691 * offset of the LLC header.
692 *
693 * For PPP, it's the offset of the PPP type field.
694 *
695 * For Cisco HDLC, it's the offset of the CHDLC type field.
696 *
697 * For BSD loopback, it's the offset of the AF_ value.
698 *
699 * For Linux cooked sockets, it's the offset of the type field.
700 *
701 * It's set to -1 for no encapsulation, in which case, IP is assumed.
702 */
703static u_int off_linktype;
704
705/*
706 * TRUE if the link layer includes an ATM pseudo-header.
707 */
708static int is_atm = 0;
709
710/*
711 * TRUE if "lane" appeared in the filter; it causes us to generate
712 * code that assumes LANE rather than LLC-encapsulated traffic in SunATM.
713 */
714static int is_lane = 0;
715
716/*
717 * These are offsets for the ATM pseudo-header.
718 */
719static u_int off_vpi;
720static u_int off_vci;
721static u_int off_proto;
722
723/*
724 * These are offsets for the MTP3 fields.
725 */
726static u_int off_sio;
727static u_int off_opc;
728static u_int off_dpc;
729static u_int off_sls;
730
731/*
655 * This is the offset of the first byte after the ATM pseudo_header,
656 * or -1 if there is no ATM pseudo-header.
657 */
658static u_int off_payload;
659
660/*
661 * These are offsets to the beginning of the network-layer header.
662 *
663 * If the link layer never uses 802.2 LLC:
664 *
665 * "off_nl" and "off_nl_nosnap" are the same.
666 *
667 * If the link layer always uses 802.2 LLC:
668 *
669 * "off_nl" is the offset if there's a SNAP header following
670 * the 802.2 header;
671 *
672 * "off_nl_nosnap" is the offset if there's no SNAP header.
673 *
674 * If the link layer is Ethernet:
675 *
676 * "off_nl" is the offset if the packet is an Ethernet II packet
677 * (we assume no 802.3+802.2+SNAP);
678 *
679 * "off_nl_nosnap" is the offset if the packet is an 802.3 packet
680 * with an 802.2 header following it.
681 */
682static u_int off_nl;
683static u_int off_nl_nosnap;
684
685static int linktype;
686
687static void
688init_linktype(p)
689 pcap_t *p;
690{
691 linktype = pcap_datalink(p);
692#ifdef PCAP_FDDIPAD
693 pcap_fddipad = p->fddipad;
694#endif
695
696 /*
697 * Assume it's not raw ATM with a pseudo-header, for now.
698 */
699 off_mac = 0;
700 is_atm = 0;
701 is_lane = 0;
702 off_vpi = -1;
703 off_vci = -1;
704 off_proto = -1;
705 off_payload = -1;
706
732 * This is the offset of the first byte after the ATM pseudo_header,
733 * or -1 if there is no ATM pseudo-header.
734 */
735static u_int off_payload;
736
737/*
738 * These are offsets to the beginning of the network-layer header.
739 *
740 * If the link layer never uses 802.2 LLC:
741 *
742 * "off_nl" and "off_nl_nosnap" are the same.
743 *
744 * If the link layer always uses 802.2 LLC:
745 *
746 * "off_nl" is the offset if there's a SNAP header following
747 * the 802.2 header;
748 *
749 * "off_nl_nosnap" is the offset if there's no SNAP header.
750 *
751 * If the link layer is Ethernet:
752 *
753 * "off_nl" is the offset if the packet is an Ethernet II packet
754 * (we assume no 802.3+802.2+SNAP);
755 *
756 * "off_nl_nosnap" is the offset if the packet is an 802.3 packet
757 * with an 802.2 header following it.
758 */
759static u_int off_nl;
760static u_int off_nl_nosnap;
761
762static int linktype;
763
764static void
765init_linktype(p)
766 pcap_t *p;
767{
768 linktype = pcap_datalink(p);
769#ifdef PCAP_FDDIPAD
770 pcap_fddipad = p->fddipad;
771#endif
772
773 /*
774 * Assume it's not raw ATM with a pseudo-header, for now.
775 */
776 off_mac = 0;
777 is_atm = 0;
778 is_lane = 0;
779 off_vpi = -1;
780 off_vci = -1;
781 off_proto = -1;
782 off_payload = -1;
783
784 off_sio = -1;
785 off_opc = -1;
786 off_dpc = -1;
787 off_sls = -1;
788
789 /*
790 * Also assume it's not 802.11 with a fixed-length radio header.
791 */
792 off_ll = 0;
793
707 orig_linktype = -1;
708 orig_nl = -1;
794 orig_linktype = -1;
795 orig_nl = -1;
709 orig_nl_nosnap = -1;
710
796
797 reg_ll_size = -1;
798
711 switch (linktype) {
712
713 case DLT_ARCNET:
714 off_linktype = 2;
715 off_nl = 6; /* XXX in reality, variable! */
716 off_nl_nosnap = 6; /* no 802.2 LLC */
717 return;
718
719 case DLT_ARCNET_LINUX:
720 off_linktype = 4;
721 off_nl = 8; /* XXX in reality, variable! */
722 off_nl_nosnap = 8; /* no 802.2 LLC */
723 return;
724
725 case DLT_EN10MB:
726 off_linktype = 12;
727 off_nl = 14; /* Ethernet II */
728 off_nl_nosnap = 17; /* 802.3+802.2 */
729 return;
730
731 case DLT_SLIP:
732 /*
733 * SLIP doesn't have a link level type. The 16 byte
734 * header is hacked into our SLIP driver.
735 */
736 off_linktype = -1;
737 off_nl = 16;
738 off_nl_nosnap = 16; /* no 802.2 LLC */
739 return;
740
741 case DLT_SLIP_BSDOS:
742 /* XXX this may be the same as the DLT_PPP_BSDOS case */
743 off_linktype = -1;
744 /* XXX end */
745 off_nl = 24;
746 off_nl_nosnap = 24; /* no 802.2 LLC */
747 return;
748
749 case DLT_NULL:
750 case DLT_LOOP:
751 off_linktype = 0;
752 off_nl = 4;
753 off_nl_nosnap = 4; /* no 802.2 LLC */
754 return;
755
756 case DLT_ENC:
757 off_linktype = 0;
758 off_nl = 12;
759 off_nl_nosnap = 12; /* no 802.2 LLC */
760 return;
761
762 case DLT_PPP:
763 case DLT_PPP_PPPD:
764 case DLT_C_HDLC: /* BSD/OS Cisco HDLC */
765 case DLT_PPP_SERIAL: /* NetBSD sync/async serial PPP */
766 off_linktype = 2;
767 off_nl = 4;
768 off_nl_nosnap = 4; /* no 802.2 LLC */
769 return;
770
771 case DLT_PPP_ETHER:
772 /*
773 * This does no include the Ethernet header, and
774 * only covers session state.
775 */
776 off_linktype = 6;
777 off_nl = 8;
778 off_nl_nosnap = 8; /* no 802.2 LLC */
779 return;
780
781 case DLT_PPP_BSDOS:
782 off_linktype = 5;
783 off_nl = 24;
784 off_nl_nosnap = 24; /* no 802.2 LLC */
785 return;
786
787 case DLT_FDDI:
788 /*
789 * FDDI doesn't really have a link-level type field.
790 * We set "off_linktype" to the offset of the LLC header.
791 *
792 * To check for Ethernet types, we assume that SSAP = SNAP
793 * is being used and pick out the encapsulated Ethernet type.
794 * XXX - should we generate code to check for SNAP?
795 */
796 off_linktype = 13;
797#ifdef PCAP_FDDIPAD
798 off_linktype += pcap_fddipad;
799#endif
800 off_nl = 21; /* FDDI+802.2+SNAP */
801 off_nl_nosnap = 16; /* FDDI+802.2 */
802#ifdef PCAP_FDDIPAD
803 off_nl += pcap_fddipad;
804 off_nl_nosnap += pcap_fddipad;
805#endif
806 return;
807
808 case DLT_IEEE802:
809 /*
810 * Token Ring doesn't really have a link-level type field.
811 * We set "off_linktype" to the offset of the LLC header.
812 *
813 * To check for Ethernet types, we assume that SSAP = SNAP
814 * is being used and pick out the encapsulated Ethernet type.
815 * XXX - should we generate code to check for SNAP?
816 *
817 * XXX - the header is actually variable-length.
818 * Some various Linux patched versions gave 38
819 * as "off_linktype" and 40 as "off_nl"; however,
820 * if a token ring packet has *no* routing
821 * information, i.e. is not source-routed, the correct
822 * values are 20 and 22, as they are in the vanilla code.
823 *
824 * A packet is source-routed iff the uppermost bit
825 * of the first byte of the source address, at an
826 * offset of 8, has the uppermost bit set. If the
827 * packet is source-routed, the total number of bytes
828 * of routing information is 2 plus bits 0x1F00 of
829 * the 16-bit value at an offset of 14 (shifted right
830 * 8 - figure out which byte that is).
831 */
832 off_linktype = 14;
833 off_nl = 22; /* Token Ring+802.2+SNAP */
834 off_nl_nosnap = 17; /* Token Ring+802.2 */
835 return;
836
837 case DLT_IEEE802_11:
838 /*
839 * 802.11 doesn't really have a link-level type field.
840 * We set "off_linktype" to the offset of the LLC header.
841 *
842 * To check for Ethernet types, we assume that SSAP = SNAP
843 * is being used and pick out the encapsulated Ethernet type.
844 * XXX - should we generate code to check for SNAP?
845 *
846 * XXX - the header is actually variable-length. We
847 * assume a 24-byte link-layer header, as appears in
848 * data frames in networks with no bridges. If the
849 * fromds and tods 802.11 header bits are both set,
850 * it's actually supposed to be 30 bytes.
851 */
852 off_linktype = 24;
853 off_nl = 32; /* 802.11+802.2+SNAP */
854 off_nl_nosnap = 27; /* 802.11+802.2 */
855 return;
856
857 case DLT_PRISM_HEADER:
858 /*
859 * Same as 802.11, but with an additional header before
860 * the 802.11 header, containing a bunch of additional
861 * information including radio-level information.
862 *
863 * The header is 144 bytes long.
864 *
865 * XXX - same variable-length header problem; at least
866 * the Prism header is fixed-length.
867 */
799 switch (linktype) {
800
801 case DLT_ARCNET:
802 off_linktype = 2;
803 off_nl = 6; /* XXX in reality, variable! */
804 off_nl_nosnap = 6; /* no 802.2 LLC */
805 return;
806
807 case DLT_ARCNET_LINUX:
808 off_linktype = 4;
809 off_nl = 8; /* XXX in reality, variable! */
810 off_nl_nosnap = 8; /* no 802.2 LLC */
811 return;
812
813 case DLT_EN10MB:
814 off_linktype = 12;
815 off_nl = 14; /* Ethernet II */
816 off_nl_nosnap = 17; /* 802.3+802.2 */
817 return;
818
819 case DLT_SLIP:
820 /*
821 * SLIP doesn't have a link level type. The 16 byte
822 * header is hacked into our SLIP driver.
823 */
824 off_linktype = -1;
825 off_nl = 16;
826 off_nl_nosnap = 16; /* no 802.2 LLC */
827 return;
828
829 case DLT_SLIP_BSDOS:
830 /* XXX this may be the same as the DLT_PPP_BSDOS case */
831 off_linktype = -1;
832 /* XXX end */
833 off_nl = 24;
834 off_nl_nosnap = 24; /* no 802.2 LLC */
835 return;
836
837 case DLT_NULL:
838 case DLT_LOOP:
839 off_linktype = 0;
840 off_nl = 4;
841 off_nl_nosnap = 4; /* no 802.2 LLC */
842 return;
843
844 case DLT_ENC:
845 off_linktype = 0;
846 off_nl = 12;
847 off_nl_nosnap = 12; /* no 802.2 LLC */
848 return;
849
850 case DLT_PPP:
851 case DLT_PPP_PPPD:
852 case DLT_C_HDLC: /* BSD/OS Cisco HDLC */
853 case DLT_PPP_SERIAL: /* NetBSD sync/async serial PPP */
854 off_linktype = 2;
855 off_nl = 4;
856 off_nl_nosnap = 4; /* no 802.2 LLC */
857 return;
858
859 case DLT_PPP_ETHER:
860 /*
861 * This does no include the Ethernet header, and
862 * only covers session state.
863 */
864 off_linktype = 6;
865 off_nl = 8;
866 off_nl_nosnap = 8; /* no 802.2 LLC */
867 return;
868
869 case DLT_PPP_BSDOS:
870 off_linktype = 5;
871 off_nl = 24;
872 off_nl_nosnap = 24; /* no 802.2 LLC */
873 return;
874
875 case DLT_FDDI:
876 /*
877 * FDDI doesn't really have a link-level type field.
878 * We set "off_linktype" to the offset of the LLC header.
879 *
880 * To check for Ethernet types, we assume that SSAP = SNAP
881 * is being used and pick out the encapsulated Ethernet type.
882 * XXX - should we generate code to check for SNAP?
883 */
884 off_linktype = 13;
885#ifdef PCAP_FDDIPAD
886 off_linktype += pcap_fddipad;
887#endif
888 off_nl = 21; /* FDDI+802.2+SNAP */
889 off_nl_nosnap = 16; /* FDDI+802.2 */
890#ifdef PCAP_FDDIPAD
891 off_nl += pcap_fddipad;
892 off_nl_nosnap += pcap_fddipad;
893#endif
894 return;
895
896 case DLT_IEEE802:
897 /*
898 * Token Ring doesn't really have a link-level type field.
899 * We set "off_linktype" to the offset of the LLC header.
900 *
901 * To check for Ethernet types, we assume that SSAP = SNAP
902 * is being used and pick out the encapsulated Ethernet type.
903 * XXX - should we generate code to check for SNAP?
904 *
905 * XXX - the header is actually variable-length.
906 * Some various Linux patched versions gave 38
907 * as "off_linktype" and 40 as "off_nl"; however,
908 * if a token ring packet has *no* routing
909 * information, i.e. is not source-routed, the correct
910 * values are 20 and 22, as they are in the vanilla code.
911 *
912 * A packet is source-routed iff the uppermost bit
913 * of the first byte of the source address, at an
914 * offset of 8, has the uppermost bit set. If the
915 * packet is source-routed, the total number of bytes
916 * of routing information is 2 plus bits 0x1F00 of
917 * the 16-bit value at an offset of 14 (shifted right
918 * 8 - figure out which byte that is).
919 */
920 off_linktype = 14;
921 off_nl = 22; /* Token Ring+802.2+SNAP */
922 off_nl_nosnap = 17; /* Token Ring+802.2 */
923 return;
924
925 case DLT_IEEE802_11:
926 /*
927 * 802.11 doesn't really have a link-level type field.
928 * We set "off_linktype" to the offset of the LLC header.
929 *
930 * To check for Ethernet types, we assume that SSAP = SNAP
931 * is being used and pick out the encapsulated Ethernet type.
932 * XXX - should we generate code to check for SNAP?
933 *
934 * XXX - the header is actually variable-length. We
935 * assume a 24-byte link-layer header, as appears in
936 * data frames in networks with no bridges. If the
937 * fromds and tods 802.11 header bits are both set,
938 * it's actually supposed to be 30 bytes.
939 */
940 off_linktype = 24;
941 off_nl = 32; /* 802.11+802.2+SNAP */
942 off_nl_nosnap = 27; /* 802.11+802.2 */
943 return;
944
945 case DLT_PRISM_HEADER:
946 /*
947 * Same as 802.11, but with an additional header before
948 * the 802.11 header, containing a bunch of additional
949 * information including radio-level information.
950 *
951 * The header is 144 bytes long.
952 *
953 * XXX - same variable-length header problem; at least
954 * the Prism header is fixed-length.
955 */
956 off_ll = 144;
868 off_linktype = 144+24;
869 off_nl = 144+32; /* Prism+802.11+802.2+SNAP */
870 off_nl_nosnap = 144+27; /* Prism+802.11+802.2 */
871 return;
872
873 case DLT_IEEE802_11_RADIO_AVS:
874 /*
875 * Same as 802.11, but with an additional header before
876 * the 802.11 header, containing a bunch of additional
877 * information including radio-level information.
878 *
879 * The header is 64 bytes long, at least in its
880 * current incarnation.
881 *
882 * XXX - same variable-length header problem, only
883 * more so; this header is also variable-length,
884 * with the length being the 32-bit big-endian
885 * number at an offset of 4 from the beginning
886 * of the radio header.
887 */
957 off_linktype = 144+24;
958 off_nl = 144+32; /* Prism+802.11+802.2+SNAP */
959 off_nl_nosnap = 144+27; /* Prism+802.11+802.2 */
960 return;
961
962 case DLT_IEEE802_11_RADIO_AVS:
963 /*
964 * Same as 802.11, but with an additional header before
965 * the 802.11 header, containing a bunch of additional
966 * information including radio-level information.
967 *
968 * The header is 64 bytes long, at least in its
969 * current incarnation.
970 *
971 * XXX - same variable-length header problem, only
972 * more so; this header is also variable-length,
973 * with the length being the 32-bit big-endian
974 * number at an offset of 4 from the beginning
975 * of the radio header.
976 */
977 off_ll = 64;
888 off_linktype = 64+24;
889 off_nl = 64+32; /* Radio+802.11+802.2+SNAP */
890 off_nl_nosnap = 64+27; /* Radio+802.11+802.2 */
891 return;
892
893 case DLT_IEEE802_11_RADIO:
894 /*
895 * Same as 802.11, but with an additional header before
896 * the 802.11 header, containing a bunch of additional
897 * information including radio-level information.
898 *
978 off_linktype = 64+24;
979 off_nl = 64+32; /* Radio+802.11+802.2+SNAP */
980 off_nl_nosnap = 64+27; /* Radio+802.11+802.2 */
981 return;
982
983 case DLT_IEEE802_11_RADIO:
984 /*
985 * Same as 802.11, but with an additional header before
986 * the 802.11 header, containing a bunch of additional
987 * information including radio-level information.
988 *
899 * XXX - same variable-length header problem, only
900 * even *more* so; this header is also variable-length,
901 * with the length being the 16-bit number at an offset
902 * of 2 from the beginning of the radio header, and it's
903 * device-dependent (different devices might supply
904 * different amounts of information), so we can't even
905 * assume a fixed length for the current version of the
906 * header.
907 *
908 * Therefore, currently, only raw "link[N:M]" filtering is
909 * supported.
989 * The radiotap header is variable length, and we
990 * generate code to compute its length and store it
991 * in a register. These offsets are relative to the
992 * beginning of the 802.11 header.
910 */
993 */
911 off_linktype = -1;
912 off_nl = -1;
913 off_nl_nosnap = -1;
994 off_linktype = 24;
995 off_nl = 32; /* 802.11+802.2+SNAP */
996 off_nl_nosnap = 27; /* 802.11+802.2 */
914 return;
915
916 case DLT_ATM_RFC1483:
917 case DLT_ATM_CLIP: /* Linux ATM defines this */
918 /*
919 * assume routed, non-ISO PDUs
920 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00)
997 return;
998
999 case DLT_ATM_RFC1483:
1000 case DLT_ATM_CLIP: /* Linux ATM defines this */
1001 /*
1002 * assume routed, non-ISO PDUs
1003 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00)
1004 *
1005 * XXX - what about ISO PDUs, e.g. CLNP, ISIS, ESIS,
1006 * or PPP with the PPP NLPID (e.g., PPPoA)? The
1007 * latter would presumably be treated the way PPPoE
1008 * should be, so you can do "pppoe and udp port 2049"
1009 * or "pppoa and tcp port 80" and have it check for
1010 * PPPo{A,E} and a PPP protocol of IP and....
921 */
922 off_linktype = 0;
923 off_nl = 8; /* 802.2+SNAP */
924 off_nl_nosnap = 3; /* 802.2 */
925 return;
926
927 case DLT_SUNATM:
928 /*
929 * Full Frontal ATM; you get AALn PDUs with an ATM
930 * pseudo-header.
931 */
932 is_atm = 1;
933 off_vpi = SUNATM_VPI_POS;
934 off_vci = SUNATM_VCI_POS;
935 off_proto = PROTO_POS;
936 off_mac = -1; /* LLC-encapsulated, so no MAC-layer header */
937 off_payload = SUNATM_PKT_BEGIN_POS;
938 off_linktype = off_payload;
939 off_nl = off_payload+8; /* 802.2+SNAP */
940 off_nl_nosnap = off_payload+3; /* 802.2 */
941 return;
942
943 case DLT_RAW:
944 off_linktype = -1;
945 off_nl = 0;
946 off_nl_nosnap = 0; /* no 802.2 LLC */
947 return;
948
949 case DLT_LINUX_SLL: /* fake header for Linux cooked socket */
950 off_linktype = 14;
951 off_nl = 16;
952 off_nl_nosnap = 16; /* no 802.2 LLC */
953 return;
954
955 case DLT_LTALK:
956 /*
957 * LocalTalk does have a 1-byte type field in the LLAP header,
958 * but really it just indicates whether there is a "short" or
959 * "long" DDP packet following.
960 */
961 off_linktype = -1;
962 off_nl = 0;
963 off_nl_nosnap = 0; /* no 802.2 LLC */
964 return;
965
966 case DLT_IP_OVER_FC:
967 /*
968 * RFC 2625 IP-over-Fibre-Channel doesn't really have a
969 * link-level type field. We set "off_linktype" to the
970 * offset of the LLC header.
971 *
972 * To check for Ethernet types, we assume that SSAP = SNAP
973 * is being used and pick out the encapsulated Ethernet type.
974 * XXX - should we generate code to check for SNAP? RFC
975 * 2625 says SNAP should be used.
976 */
977 off_linktype = 16;
978 off_nl = 24; /* IPFC+802.2+SNAP */
979 off_nl_nosnap = 19; /* IPFC+802.2 */
980 return;
981
982 case DLT_FRELAY:
983 /*
984 * XXX - we should set this to handle SNAP-encapsulated
985 * frames (NLPID of 0x80).
986 */
987 off_linktype = -1;
988 off_nl = 0;
989 off_nl_nosnap = 0; /* no 802.2 LLC */
990 return;
991
992 case DLT_APPLE_IP_OVER_IEEE1394:
993 off_linktype = 16;
994 off_nl = 18;
1011 */
1012 off_linktype = 0;
1013 off_nl = 8; /* 802.2+SNAP */
1014 off_nl_nosnap = 3; /* 802.2 */
1015 return;
1016
1017 case DLT_SUNATM:
1018 /*
1019 * Full Frontal ATM; you get AALn PDUs with an ATM
1020 * pseudo-header.
1021 */
1022 is_atm = 1;
1023 off_vpi = SUNATM_VPI_POS;
1024 off_vci = SUNATM_VCI_POS;
1025 off_proto = PROTO_POS;
1026 off_mac = -1; /* LLC-encapsulated, so no MAC-layer header */
1027 off_payload = SUNATM_PKT_BEGIN_POS;
1028 off_linktype = off_payload;
1029 off_nl = off_payload+8; /* 802.2+SNAP */
1030 off_nl_nosnap = off_payload+3; /* 802.2 */
1031 return;
1032
1033 case DLT_RAW:
1034 off_linktype = -1;
1035 off_nl = 0;
1036 off_nl_nosnap = 0; /* no 802.2 LLC */
1037 return;
1038
1039 case DLT_LINUX_SLL: /* fake header for Linux cooked socket */
1040 off_linktype = 14;
1041 off_nl = 16;
1042 off_nl_nosnap = 16; /* no 802.2 LLC */
1043 return;
1044
1045 case DLT_LTALK:
1046 /*
1047 * LocalTalk does have a 1-byte type field in the LLAP header,
1048 * but really it just indicates whether there is a "short" or
1049 * "long" DDP packet following.
1050 */
1051 off_linktype = -1;
1052 off_nl = 0;
1053 off_nl_nosnap = 0; /* no 802.2 LLC */
1054 return;
1055
1056 case DLT_IP_OVER_FC:
1057 /*
1058 * RFC 2625 IP-over-Fibre-Channel doesn't really have a
1059 * link-level type field. We set "off_linktype" to the
1060 * offset of the LLC header.
1061 *
1062 * To check for Ethernet types, we assume that SSAP = SNAP
1063 * is being used and pick out the encapsulated Ethernet type.
1064 * XXX - should we generate code to check for SNAP? RFC
1065 * 2625 says SNAP should be used.
1066 */
1067 off_linktype = 16;
1068 off_nl = 24; /* IPFC+802.2+SNAP */
1069 off_nl_nosnap = 19; /* IPFC+802.2 */
1070 return;
1071
1072 case DLT_FRELAY:
1073 /*
1074 * XXX - we should set this to handle SNAP-encapsulated
1075 * frames (NLPID of 0x80).
1076 */
1077 off_linktype = -1;
1078 off_nl = 0;
1079 off_nl_nosnap = 0; /* no 802.2 LLC */
1080 return;
1081
1082 case DLT_APPLE_IP_OVER_IEEE1394:
1083 off_linktype = 16;
1084 off_nl = 18;
995 off_nl_nosnap = 0; /* no 802.2 LLC */
1085 off_nl_nosnap = 18; /* no 802.2 LLC */
996 return;
997
998 case DLT_LINUX_IRDA:
999 /*
1000 * Currently, only raw "link[N:M]" filtering is supported.
1001 */
1002 off_linktype = -1;
1003 off_nl = -1;
1004 off_nl_nosnap = -1;
1005 return;
1006
1007 case DLT_DOCSIS:
1008 /*
1009 * Currently, only raw "link[N:M]" filtering is supported.
1010 */
1011 off_linktype = -1;
1012 off_nl = -1;
1013 off_nl_nosnap = -1;
1014 return;
1015
1016 case DLT_SYMANTEC_FIREWALL:
1017 off_linktype = 6;
1018 off_nl = 44; /* Ethernet II */
1019 off_nl_nosnap = 44; /* XXX - what does it do with 802.3 packets? */
1020 return;
1021
1022 case DLT_PFLOG:
1023 off_linktype = 0;
1086 return;
1087
1088 case DLT_LINUX_IRDA:
1089 /*
1090 * Currently, only raw "link[N:M]" filtering is supported.
1091 */
1092 off_linktype = -1;
1093 off_nl = -1;
1094 off_nl_nosnap = -1;
1095 return;
1096
1097 case DLT_DOCSIS:
1098 /*
1099 * Currently, only raw "link[N:M]" filtering is supported.
1100 */
1101 off_linktype = -1;
1102 off_nl = -1;
1103 off_nl_nosnap = -1;
1104 return;
1105
1106 case DLT_SYMANTEC_FIREWALL:
1107 off_linktype = 6;
1108 off_nl = 44; /* Ethernet II */
1109 off_nl_nosnap = 44; /* XXX - what does it do with 802.3 packets? */
1110 return;
1111
1112 case DLT_PFLOG:
1113 off_linktype = 0;
1024 /* XXX read from header? */
1114 /* XXX read this from pf.h? */
1025 off_nl = PFLOG_HDRLEN;
1115 off_nl = PFLOG_HDRLEN;
1026 off_nl_nosnap = PFLOG_HDRLEN;
1116 off_nl_nosnap = PFLOG_HDRLEN; /* no 802.2 LLC */
1027 return;
1028
1029 case DLT_JUNIPER_MLFR:
1030 case DLT_JUNIPER_MLPPP:
1031 off_linktype = 4;
1032 off_nl = 4;
1117 return;
1118
1119 case DLT_JUNIPER_MLFR:
1120 case DLT_JUNIPER_MLPPP:
1121 off_linktype = 4;
1122 off_nl = 4;
1033 off_nl_nosnap = -1;
1123 off_nl_nosnap = -1; /* no 802.2 LLC */
1034 return;
1035
1036 case DLT_JUNIPER_ATM1:
1037 off_linktype = 4; /* in reality variable between 4-8 */
1038 off_nl = 4;
1039 off_nl_nosnap = 14;
1040 return;
1041
1042 case DLT_JUNIPER_ATM2:
1043 off_linktype = 8; /* in reality variable between 8-12 */
1044 off_nl = 8;
1045 off_nl_nosnap = 18;
1046 return;
1047
1124 return;
1125
1126 case DLT_JUNIPER_ATM1:
1127 off_linktype = 4; /* in reality variable between 4-8 */
1128 off_nl = 4;
1129 off_nl_nosnap = 14;
1130 return;
1131
1132 case DLT_JUNIPER_ATM2:
1133 off_linktype = 8; /* in reality variable between 8-12 */
1134 off_nl = 8;
1135 off_nl_nosnap = 18;
1136 return;
1137
1138 /* frames captured on a Juniper PPPoE service PIC
1139 * contain raw ethernet frames */
1140 case DLT_JUNIPER_PPPOE:
1141 off_linktype = 16;
1142 off_nl = 18; /* Ethernet II */
1143 off_nl_nosnap = 21; /* 802.3+802.2 */
1144 return;
1145
1146 case DLT_JUNIPER_PPPOE_ATM:
1147 off_linktype = 4;
1148 off_nl = 6;
1149 off_nl_nosnap = -1; /* no 802.2 LLC */
1150 return;
1151
1152 case DLT_JUNIPER_GGSN:
1153 off_linktype = 6;
1154 off_nl = 12;
1155 off_nl_nosnap = -1; /* no 802.2 LLC */
1156 return;
1157
1158 case DLT_JUNIPER_ES:
1159 off_linktype = 6;
1160 off_nl = -1; /* not really a network layer but raw IP adresses */
1161 off_nl_nosnap = -1; /* no 802.2 LLC */
1162 return;
1163
1164 case DLT_JUNIPER_MONITOR:
1165 off_linktype = 12;
1166 off_nl = 12; /* raw IP/IP6 header */
1167 off_nl_nosnap = -1; /* no 802.2 LLC */
1168 return;
1169
1170 case DLT_JUNIPER_SERVICES:
1171 off_linktype = 12;
1172 off_nl = -1; /* L3 proto location dep. on cookie type */
1173 off_nl_nosnap = -1; /* no 802.2 LLC */
1174 return;
1175
1176 case DLT_MTP2:
1177 off_sio = 3;
1178 off_opc = 4;
1179 off_dpc = 4;
1180 off_sls = 7;
1181 off_linktype = -1;
1182 off_nl = -1;
1183 off_nl_nosnap = -1;
1184 return;
1185
1048#ifdef DLT_PFSYNC
1049 case DLT_PFSYNC:
1050 off_linktype = -1;
1051 off_nl = 4;
1052 off_nl_nosnap = 4;
1053 return;
1054#endif
1186#ifdef DLT_PFSYNC
1187 case DLT_PFSYNC:
1188 off_linktype = -1;
1189 off_nl = 4;
1190 off_nl_nosnap = 4;
1191 return;
1192#endif
1193
1194 case DLT_LINUX_LAPD:
1195 /*
1196 * Currently, only raw "link[N:M]" filtering is supported.
1197 */
1198 off_linktype = -1;
1199 off_nl = -1;
1200 off_nl_nosnap = -1;
1201 return;
1055 }
1056 bpf_error("unknown data link type %d", linktype);
1057 /* NOTREACHED */
1058}
1059
1202 }
1203 bpf_error("unknown data link type %d", linktype);
1204 /* NOTREACHED */
1205}
1206
1207/*
1208 * Load a value relative to the beginning of the link-layer header.
1209 * The link-layer header doesn't necessarily begin at the beginning
1210 * of the packet data; there might be a variable-length prefix containing
1211 * radio information.
1212 */
1213static struct slist *
1214gen_load_llrel(offset, size)
1215 u_int offset, size;
1216{
1217 struct slist *s, *s2;
1218
1219 s = gen_llprefixlen();
1220
1221 /*
1222 * If "s" is non-null, it has code to arrange that the X register
1223 * contains the length of the prefix preceding the link-layer
1224 * header.
1225 */
1226 if (s != NULL) {
1227 s2 = new_stmt(BPF_LD|BPF_IND|size);
1228 s2->s.k = offset;
1229 sappend(s, s2);
1230 } else {
1231 s = new_stmt(BPF_LD|BPF_ABS|size);
1232 s->s.k = offset;
1233 }
1234 return s;
1235}
1236
1237/*
1238 * Load a value relative to the beginning of the specified header.
1239 */
1240static struct slist *
1241gen_load_a(offrel, offset, size)
1242 enum e_offrel offrel;
1243 u_int offset, size;
1244{
1245 struct slist *s, *s2;
1246
1247 switch (offrel) {
1248
1249 case OR_PACKET:
1250 s = gen_load_llrel(offset, size);
1251 break;
1252
1253 case OR_LINK:
1254 s = gen_load_llrel(off_ll + offset, size);
1255 break;
1256
1257 case OR_NET:
1258 s = gen_load_llrel(off_nl + offset, size);
1259 break;
1260
1261 case OR_NET_NOSNAP:
1262 s = gen_load_llrel(off_nl_nosnap + offset, size);
1263 break;
1264
1265 case OR_TRAN_IPV4:
1266 /*
1267 * Load the X register with the length of the IPv4 header,
1268 * in bytes.
1269 */
1270 s = gen_loadx_iphdrlen();
1271
1272 /*
1273 * Load the item at {length of the link-layer header} +
1274 * {length of the IPv4 header} + {specified offset}.
1275 */
1276 s2 = new_stmt(BPF_LD|BPF_IND|size);
1277 s2->s.k = off_nl + offset;
1278 sappend(s, s2);
1279 break;
1280
1281 case OR_TRAN_IPV6:
1282 s = gen_load_llrel(off_nl + 40 + offset, size);
1283 break;
1284
1285 default:
1286 abort();
1287 return NULL;
1288 }
1289 return s;
1290}
1291
1292/*
1293 * Generate code to load into the X register the sum of the length of
1294 * the IPv4 header and any variable-length header preceding the link-layer
1295 * header.
1296 */
1297static struct slist *
1298gen_loadx_iphdrlen()
1299{
1300 struct slist *s, *s2;
1301
1302 s = gen_llprefixlen();
1303 if (s != NULL) {
1304 /*
1305 * There's a variable-length prefix preceding the
1306 * link-layer header. "s" points to a list of statements
1307 * that put the length of that prefix into the X register.
1308 * The 4*([k]&0xf) addressing mode can't be used, as we
1309 * don't have a constant offset, so we have to load the
1310 * value in question into the A register and add to it
1311 * the value from the X register.
1312 */
1313 s2 = new_stmt(BPF_LD|BPF_IND|BPF_B);
1314 s2->s.k = off_nl;
1315 sappend(s, s2);
1316 s2 = new_stmt(BPF_ALU|BPF_AND|BPF_K);
1317 s2->s.k = 0xf;
1318 sappend(s, s2);
1319 s2 = new_stmt(BPF_ALU|BPF_LSH|BPF_K);
1320 s2->s.k = 2;
1321 sappend(s, s2);
1322
1323 /*
1324 * The A register now contains the length of the
1325 * IP header. We need to add to it the length
1326 * of the prefix preceding the link-layer
1327 * header, which is still in the X register, and
1328 * move the result into the X register.
1329 */
1330 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X));
1331 sappend(s, new_stmt(BPF_MISC|BPF_TAX));
1332 } else {
1333 /*
1334 * There is no variable-length header preceding the
1335 * link-layer header; if there's a fixed-length
1336 * header preceding it, its length is included in
1337 * the off_ variables, so it doesn't need to be added.
1338 */
1339 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
1340 s->s.k = off_nl;
1341 }
1342 return s;
1343}
1344
1060static struct block *
1061gen_uncond(rsense)
1062 int rsense;
1063{
1064 struct block *b;
1065 struct slist *s;
1066
1067 s = new_stmt(BPF_LD|BPF_IMM);
1068 s->s.k = !rsense;
1069 b = new_block(JMP(BPF_JEQ));
1070 b->stmts = s;
1071
1072 return b;
1073}
1074
1075static inline struct block *
1076gen_true()
1077{
1078 return gen_uncond(1);
1079}
1080
1081static inline struct block *
1082gen_false()
1083{
1084 return gen_uncond(0);
1085}
1086
1087/*
1088 * Byte-swap a 32-bit number.
1089 * ("htonl()" or "ntohl()" won't work - we want to byte-swap even on
1090 * big-endian platforms.)
1091 */
1092#define SWAPLONG(y) \
1093((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff))
1094
1345static struct block *
1346gen_uncond(rsense)
1347 int rsense;
1348{
1349 struct block *b;
1350 struct slist *s;
1351
1352 s = new_stmt(BPF_LD|BPF_IMM);
1353 s->s.k = !rsense;
1354 b = new_block(JMP(BPF_JEQ));
1355 b->stmts = s;
1356
1357 return b;
1358}
1359
1360static inline struct block *
1361gen_true()
1362{
1363 return gen_uncond(1);
1364}
1365
1366static inline struct block *
1367gen_false()
1368{
1369 return gen_uncond(0);
1370}
1371
1372/*
1373 * Byte-swap a 32-bit number.
1374 * ("htonl()" or "ntohl()" won't work - we want to byte-swap even on
1375 * big-endian platforms.)
1376 */
1377#define SWAPLONG(y) \
1378((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff))
1379
1380/*
1381 * Generate code to match a particular packet type.
1382 *
1383 * "proto" is an Ethernet type value, if > ETHERMTU, or an LLC SAP
1384 * value, if <= ETHERMTU. We use that to determine whether to
1385 * match the type/length field or to check the type/length field for
1386 * a value <= ETHERMTU to see whether it's a type field and then do
1387 * the appropriate test.
1388 */
1095static struct block *
1096gen_ether_linktype(proto)
1097 register int proto;
1098{
1099 struct block *b0, *b1;
1100
1101 switch (proto) {
1102
1103 case LLCSAP_ISONS:
1389static struct block *
1390gen_ether_linktype(proto)
1391 register int proto;
1392{
1393 struct block *b0, *b1;
1394
1395 switch (proto) {
1396
1397 case LLCSAP_ISONS:
1104 /*
1105 * OSI protocols always use 802.2 encapsulation.
1106 * XXX - should we check both the DSAP and the
1107 * SSAP, like this, or should we check just the
1108 * DSAP?
1109 */
1110 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1111 gen_not(b0);
1112 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1113 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
1114 gen_and(b0, b1);
1115 return b1;
1116
1117 case LLCSAP_IP:
1398 case LLCSAP_IP:
1118 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1119 gen_not(b0);
1120 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1121 ((LLCSAP_IP << 8) | LLCSAP_IP));
1122 gen_and(b0, b1);
1123 return b1;
1124
1125 case LLCSAP_NETBEUI:
1126 /*
1399 case LLCSAP_NETBEUI:
1400 /*
1127 * NetBEUI always uses 802.2 encapsulation.
1401 * OSI protocols and NetBEUI always use 802.2 encapsulation,
1402 * so we check the DSAP and SSAP.
1403 *
1404 * LLCSAP_IP checks for IP-over-802.2, rather
1405 * than IP-over-Ethernet or IP-over-SNAP.
1406 *
1128 * XXX - should we check both the DSAP and the
1129 * SSAP, like this, or should we check just the
1407 * XXX - should we check both the DSAP and the
1408 * SSAP, like this, or should we check just the
1130 * DSAP?
1409 * DSAP, as we do for other types <= ETHERMTU
1410 * (i.e., other SAP values)?
1131 */
1411 */
1132 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1412 b0 = gen_cmp_gt(OR_LINK, off_linktype, BPF_H, ETHERMTU);
1133 gen_not(b0);
1413 gen_not(b0);
1134 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1135 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
1414 b1 = gen_cmp(OR_LINK, off_linktype + 2, BPF_H, (bpf_int32)
1415 ((proto << 8) | proto));
1136 gen_and(b0, b1);
1137 return b1;
1138
1139 case LLCSAP_IPX:
1140 /*
1141 * Check for;
1142 *
1143 * Ethernet_II frames, which are Ethernet
1144 * frames with a frame type of ETHERTYPE_IPX;
1145 *
1146 * Ethernet_802.3 frames, which are 802.3
1147 * frames (i.e., the type/length field is
1148 * a length field, <= ETHERMTU, rather than
1149 * a type field) with the first two bytes
1150 * after the Ethernet/802.3 header being
1151 * 0xFFFF;
1152 *
1153 * Ethernet_802.2 frames, which are 802.3
1154 * frames with an 802.2 LLC header and
1155 * with the IPX LSAP as the DSAP in the LLC
1156 * header;
1157 *
1158 * Ethernet_SNAP frames, which are 802.3
1159 * frames with an LLC header and a SNAP
1160 * header and with an OUI of 0x000000
1161 * (encapsulated Ethernet) and a protocol
1162 * ID of ETHERTYPE_IPX in the SNAP header.
1163 *
1164 * XXX - should we generate the same code both
1165 * for tests for LLCSAP_IPX and for ETHERTYPE_IPX?
1166 */
1167
1168 /*
1169 * This generates code to check both for the
1170 * IPX LSAP (Ethernet_802.2) and for Ethernet_802.3.
1171 */
1416 gen_and(b0, b1);
1417 return b1;
1418
1419 case LLCSAP_IPX:
1420 /*
1421 * Check for;
1422 *
1423 * Ethernet_II frames, which are Ethernet
1424 * frames with a frame type of ETHERTYPE_IPX;
1425 *
1426 * Ethernet_802.3 frames, which are 802.3
1427 * frames (i.e., the type/length field is
1428 * a length field, <= ETHERMTU, rather than
1429 * a type field) with the first two bytes
1430 * after the Ethernet/802.3 header being
1431 * 0xFFFF;
1432 *
1433 * Ethernet_802.2 frames, which are 802.3
1434 * frames with an 802.2 LLC header and
1435 * with the IPX LSAP as the DSAP in the LLC
1436 * header;
1437 *
1438 * Ethernet_SNAP frames, which are 802.3
1439 * frames with an LLC header and a SNAP
1440 * header and with an OUI of 0x000000
1441 * (encapsulated Ethernet) and a protocol
1442 * ID of ETHERTYPE_IPX in the SNAP header.
1443 *
1444 * XXX - should we generate the same code both
1445 * for tests for LLCSAP_IPX and for ETHERTYPE_IPX?
1446 */
1447
1448 /*
1449 * This generates code to check both for the
1450 * IPX LSAP (Ethernet_802.2) and for Ethernet_802.3.
1451 */
1172 b0 = gen_cmp(off_linktype + 2, BPF_B, (bpf_int32)LLCSAP_IPX);
1173 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)0xFFFF);
1452 b0 = gen_cmp(OR_LINK, off_linktype + 2, BPF_B,
1453 (bpf_int32)LLCSAP_IPX);
1454 b1 = gen_cmp(OR_LINK, off_linktype + 2, BPF_H,
1455 (bpf_int32)0xFFFF);
1174 gen_or(b0, b1);
1175
1176 /*
1177 * Now we add code to check for SNAP frames with
1178 * ETHERTYPE_IPX, i.e. Ethernet_SNAP.
1179 */
1180 b0 = gen_snap(0x000000, ETHERTYPE_IPX, 14);
1181 gen_or(b0, b1);
1182
1183 /*
1184 * Now we generate code to check for 802.3
1185 * frames in general.
1186 */
1456 gen_or(b0, b1);
1457
1458 /*
1459 * Now we add code to check for SNAP frames with
1460 * ETHERTYPE_IPX, i.e. Ethernet_SNAP.
1461 */
1462 b0 = gen_snap(0x000000, ETHERTYPE_IPX, 14);
1463 gen_or(b0, b1);
1464
1465 /*
1466 * Now we generate code to check for 802.3
1467 * frames in general.
1468 */
1187 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1469 b0 = gen_cmp_gt(OR_LINK, off_linktype, BPF_H, ETHERMTU);
1188 gen_not(b0);
1189
1190 /*
1191 * Now add the check for 802.3 frames before the
1192 * check for Ethernet_802.2 and Ethernet_802.3,
1193 * as those checks should only be done on 802.3
1194 * frames, not on Ethernet frames.
1195 */
1196 gen_and(b0, b1);
1197
1198 /*
1199 * Now add the check for Ethernet_II frames, and
1200 * do that before checking for the other frame
1201 * types.
1202 */
1470 gen_not(b0);
1471
1472 /*
1473 * Now add the check for 802.3 frames before the
1474 * check for Ethernet_802.2 and Ethernet_802.3,
1475 * as those checks should only be done on 802.3
1476 * frames, not on Ethernet frames.
1477 */
1478 gen_and(b0, b1);
1479
1480 /*
1481 * Now add the check for Ethernet_II frames, and
1482 * do that before checking for the other frame
1483 * types.
1484 */
1203 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)ETHERTYPE_IPX);
1485 b0 = gen_cmp(OR_LINK, off_linktype, BPF_H,
1486 (bpf_int32)ETHERTYPE_IPX);
1204 gen_or(b0, b1);
1205 return b1;
1206
1207 case ETHERTYPE_ATALK:
1208 case ETHERTYPE_AARP:
1209 /*
1210 * EtherTalk (AppleTalk protocols on Ethernet link
1211 * layer) may use 802.2 encapsulation.
1212 */
1213
1214 /*
1215 * Check for 802.2 encapsulation (EtherTalk phase 2?);
1216 * we check for an Ethernet type field less than
1217 * 1500, which means it's an 802.3 length field.
1218 */
1487 gen_or(b0, b1);
1488 return b1;
1489
1490 case ETHERTYPE_ATALK:
1491 case ETHERTYPE_AARP:
1492 /*
1493 * EtherTalk (AppleTalk protocols on Ethernet link
1494 * layer) may use 802.2 encapsulation.
1495 */
1496
1497 /*
1498 * Check for 802.2 encapsulation (EtherTalk phase 2?);
1499 * we check for an Ethernet type field less than
1500 * 1500, which means it's an 802.3 length field.
1501 */
1219 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1502 b0 = gen_cmp_gt(OR_LINK, off_linktype, BPF_H, ETHERMTU);
1220 gen_not(b0);
1221
1222 /*
1223 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1224 * SNAP packets with an organization code of
1225 * 0x080007 (Apple, for Appletalk) and a protocol
1226 * type of ETHERTYPE_ATALK (Appletalk).
1227 *
1228 * 802.2-encapsulated ETHERTYPE_AARP packets are
1229 * SNAP packets with an organization code of
1230 * 0x000000 (encapsulated Ethernet) and a protocol
1231 * type of ETHERTYPE_AARP (Appletalk ARP).
1232 */
1233 if (proto == ETHERTYPE_ATALK)
1234 b1 = gen_snap(0x080007, ETHERTYPE_ATALK, 14);
1235 else /* proto == ETHERTYPE_AARP */
1236 b1 = gen_snap(0x000000, ETHERTYPE_AARP, 14);
1237 gen_and(b0, b1);
1238
1239 /*
1240 * Check for Ethernet encapsulation (Ethertalk
1241 * phase 1?); we just check for the Ethernet
1242 * protocol type.
1243 */
1503 gen_not(b0);
1504
1505 /*
1506 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1507 * SNAP packets with an organization code of
1508 * 0x080007 (Apple, for Appletalk) and a protocol
1509 * type of ETHERTYPE_ATALK (Appletalk).
1510 *
1511 * 802.2-encapsulated ETHERTYPE_AARP packets are
1512 * SNAP packets with an organization code of
1513 * 0x000000 (encapsulated Ethernet) and a protocol
1514 * type of ETHERTYPE_AARP (Appletalk ARP).
1515 */
1516 if (proto == ETHERTYPE_ATALK)
1517 b1 = gen_snap(0x080007, ETHERTYPE_ATALK, 14);
1518 else /* proto == ETHERTYPE_AARP */
1519 b1 = gen_snap(0x000000, ETHERTYPE_AARP, 14);
1520 gen_and(b0, b1);
1521
1522 /*
1523 * Check for Ethernet encapsulation (Ethertalk
1524 * phase 1?); we just check for the Ethernet
1525 * protocol type.
1526 */
1244 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1527 b0 = gen_cmp(OR_LINK, off_linktype, BPF_H, (bpf_int32)proto);
1245
1246 gen_or(b0, b1);
1247 return b1;
1248
1249 default:
1250 if (proto <= ETHERMTU) {
1251 /*
1252 * This is an LLC SAP value, so the frames
1253 * that match would be 802.2 frames.
1254 * Check that the frame is an 802.2 frame
1255 * (i.e., that the length/type field is
1256 * a length field, <= ETHERMTU) and
1257 * then check the DSAP.
1258 */
1528
1529 gen_or(b0, b1);
1530 return b1;
1531
1532 default:
1533 if (proto <= ETHERMTU) {
1534 /*
1535 * This is an LLC SAP value, so the frames
1536 * that match would be 802.2 frames.
1537 * Check that the frame is an 802.2 frame
1538 * (i.e., that the length/type field is
1539 * a length field, <= ETHERMTU) and
1540 * then check the DSAP.
1541 */
1259 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
1542 b0 = gen_cmp_gt(OR_LINK, off_linktype, BPF_H, ETHERMTU);
1260 gen_not(b0);
1543 gen_not(b0);
1261 b1 = gen_cmp(off_linktype + 2, BPF_B, (bpf_int32)proto);
1544 b1 = gen_cmp(OR_LINK, off_linktype + 2, BPF_B,
1545 (bpf_int32)proto);
1262 gen_and(b0, b1);
1263 return b1;
1264 } else {
1265 /*
1266 * This is an Ethernet type, so compare
1267 * the length/type field with it (if
1268 * the frame is an 802.2 frame, the length
1269 * field will be <= ETHERMTU, and, as
1270 * "proto" is > ETHERMTU, this test
1271 * will fail and the frame won't match,
1272 * which is what we want).
1273 */
1546 gen_and(b0, b1);
1547 return b1;
1548 } else {
1549 /*
1550 * This is an Ethernet type, so compare
1551 * the length/type field with it (if
1552 * the frame is an 802.2 frame, the length
1553 * field will be <= ETHERMTU, and, as
1554 * "proto" is > ETHERMTU, this test
1555 * will fail and the frame won't match,
1556 * which is what we want).
1557 */
1274 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1558 return gen_cmp(OR_LINK, off_linktype, BPF_H,
1559 (bpf_int32)proto);
1275 }
1276 }
1277}
1278
1560 }
1561 }
1562}
1563
1564/*
1565 * Generate code to match a particular packet type.
1566 *
1567 * "proto" is an Ethernet type value, if > ETHERMTU, or an LLC SAP
1568 * value, if <= ETHERMTU. We use that to determine whether to
1569 * match the type field or to check the type field for the special
1570 * LINUX_SLL_P_802_2 value and then do the appropriate test.
1571 */
1279static struct block *
1280gen_linux_sll_linktype(proto)
1281 register int proto;
1282{
1283 struct block *b0, *b1;
1284
1285 switch (proto) {
1286
1572static struct block *
1573gen_linux_sll_linktype(proto)
1574 register int proto;
1575{
1576 struct block *b0, *b1;
1577
1578 switch (proto) {
1579
1287 case LLCSAP_IP:
1288 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1289 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1290 ((LLCSAP_IP << 8) | LLCSAP_IP));
1291 gen_and(b0, b1);
1292 return b1;
1293
1294 case LLCSAP_ISONS:
1580 case LLCSAP_ISONS:
1581 case LLCSAP_IP:
1582 case LLCSAP_NETBEUI:
1295 /*
1583 /*
1296 * OSI protocols always use 802.2 encapsulation.
1584 * OSI protocols and NetBEUI always use 802.2 encapsulation,
1585 * so we check the DSAP and SSAP.
1586 *
1587 * LLCSAP_IP checks for IP-over-802.2, rather
1588 * than IP-over-Ethernet or IP-over-SNAP.
1589 *
1297 * XXX - should we check both the DSAP and the
1298 * SSAP, like this, or should we check just the
1590 * XXX - should we check both the DSAP and the
1591 * SSAP, like this, or should we check just the
1299 * DSAP?
1592 * DSAP, as we do for other types <= ETHERMTU
1593 * (i.e., other SAP values)?
1300 */
1594 */
1301 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1302 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1303 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
1595 b0 = gen_cmp(OR_LINK, off_linktype, BPF_H, LINUX_SLL_P_802_2);
1596 b1 = gen_cmp(OR_LINK, off_linktype + 2, BPF_H, (bpf_int32)
1597 ((proto << 8) | proto));
1304 gen_and(b0, b1);
1305 return b1;
1306
1598 gen_and(b0, b1);
1599 return b1;
1600
1307 case LLCSAP_NETBEUI:
1308 /*
1309 * NetBEUI always uses 802.2 encapsulation.
1310 * XXX - should we check both the DSAP and the
1311 * LSAP, like this, or should we check just the
1312 * DSAP?
1313 */
1314 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1315 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
1316 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
1317 gen_and(b0, b1);
1318 return b1;
1319
1320 case LLCSAP_IPX:
1321 /*
1322 * Ethernet_II frames, which are Ethernet
1323 * frames with a frame type of ETHERTYPE_IPX;
1324 *
1325 * Ethernet_802.3 frames, which have a frame
1326 * type of LINUX_SLL_P_802_3;
1327 *
1328 * Ethernet_802.2 frames, which are 802.3
1329 * frames with an 802.2 LLC header (i.e, have
1330 * a frame type of LINUX_SLL_P_802_2) and
1331 * with the IPX LSAP as the DSAP in the LLC
1332 * header;
1333 *
1334 * Ethernet_SNAP frames, which are 802.3
1335 * frames with an LLC header and a SNAP
1336 * header and with an OUI of 0x000000
1337 * (encapsulated Ethernet) and a protocol
1338 * ID of ETHERTYPE_IPX in the SNAP header.
1339 *
1340 * First, do the checks on LINUX_SLL_P_802_2
1341 * frames; generate the check for either
1342 * Ethernet_802.2 or Ethernet_SNAP frames, and
1343 * then put a check for LINUX_SLL_P_802_2 frames
1344 * before it.
1345 */
1601 case LLCSAP_IPX:
1602 /*
1603 * Ethernet_II frames, which are Ethernet
1604 * frames with a frame type of ETHERTYPE_IPX;
1605 *
1606 * Ethernet_802.3 frames, which have a frame
1607 * type of LINUX_SLL_P_802_3;
1608 *
1609 * Ethernet_802.2 frames, which are 802.3
1610 * frames with an 802.2 LLC header (i.e, have
1611 * a frame type of LINUX_SLL_P_802_2) and
1612 * with the IPX LSAP as the DSAP in the LLC
1613 * header;
1614 *
1615 * Ethernet_SNAP frames, which are 802.3
1616 * frames with an LLC header and a SNAP
1617 * header and with an OUI of 0x000000
1618 * (encapsulated Ethernet) and a protocol
1619 * ID of ETHERTYPE_IPX in the SNAP header.
1620 *
1621 * First, do the checks on LINUX_SLL_P_802_2
1622 * frames; generate the check for either
1623 * Ethernet_802.2 or Ethernet_SNAP frames, and
1624 * then put a check for LINUX_SLL_P_802_2 frames
1625 * before it.
1626 */
1346 b0 = gen_cmp(off_linktype + 2, BPF_B,
1627 b0 = gen_cmp(OR_LINK, off_linktype + 2, BPF_B,
1347 (bpf_int32)LLCSAP_IPX);
1348 b1 = gen_snap(0x000000, ETHERTYPE_IPX,
1349 off_linktype + 2);
1350 gen_or(b0, b1);
1628 (bpf_int32)LLCSAP_IPX);
1629 b1 = gen_snap(0x000000, ETHERTYPE_IPX,
1630 off_linktype + 2);
1631 gen_or(b0, b1);
1351 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1632 b0 = gen_cmp(OR_LINK, off_linktype, BPF_H, LINUX_SLL_P_802_2);
1352 gen_and(b0, b1);
1353
1354 /*
1355 * Now check for 802.3 frames and OR that with
1356 * the previous test.
1357 */
1633 gen_and(b0, b1);
1634
1635 /*
1636 * Now check for 802.3 frames and OR that with
1637 * the previous test.
1638 */
1358 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_3);
1639 b0 = gen_cmp(OR_LINK, off_linktype, BPF_H, LINUX_SLL_P_802_3);
1359 gen_or(b0, b1);
1360
1361 /*
1362 * Now add the check for Ethernet_II frames, and
1363 * do that before checking for the other frame
1364 * types.
1365 */
1640 gen_or(b0, b1);
1641
1642 /*
1643 * Now add the check for Ethernet_II frames, and
1644 * do that before checking for the other frame
1645 * types.
1646 */
1366 b0 = gen_cmp(off_linktype, BPF_H,
1647 b0 = gen_cmp(OR_LINK, off_linktype, BPF_H,
1367 (bpf_int32)ETHERTYPE_IPX);
1368 gen_or(b0, b1);
1369 return b1;
1370
1371 case ETHERTYPE_ATALK:
1372 case ETHERTYPE_AARP:
1373 /*
1374 * EtherTalk (AppleTalk protocols on Ethernet link
1375 * layer) may use 802.2 encapsulation.
1376 */
1377
1378 /*
1379 * Check for 802.2 encapsulation (EtherTalk phase 2?);
1380 * we check for the 802.2 protocol type in the
1381 * "Ethernet type" field.
1382 */
1648 (bpf_int32)ETHERTYPE_IPX);
1649 gen_or(b0, b1);
1650 return b1;
1651
1652 case ETHERTYPE_ATALK:
1653 case ETHERTYPE_AARP:
1654 /*
1655 * EtherTalk (AppleTalk protocols on Ethernet link
1656 * layer) may use 802.2 encapsulation.
1657 */
1658
1659 /*
1660 * Check for 802.2 encapsulation (EtherTalk phase 2?);
1661 * we check for the 802.2 protocol type in the
1662 * "Ethernet type" field.
1663 */
1383 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
1664 b0 = gen_cmp(OR_LINK, off_linktype, BPF_H, LINUX_SLL_P_802_2);
1384
1385 /*
1386 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1387 * SNAP packets with an organization code of
1388 * 0x080007 (Apple, for Appletalk) and a protocol
1389 * type of ETHERTYPE_ATALK (Appletalk).
1390 *
1391 * 802.2-encapsulated ETHERTYPE_AARP packets are
1392 * SNAP packets with an organization code of
1393 * 0x000000 (encapsulated Ethernet) and a protocol
1394 * type of ETHERTYPE_AARP (Appletalk ARP).
1395 */
1396 if (proto == ETHERTYPE_ATALK)
1397 b1 = gen_snap(0x080007, ETHERTYPE_ATALK,
1398 off_linktype + 2);
1399 else /* proto == ETHERTYPE_AARP */
1400 b1 = gen_snap(0x000000, ETHERTYPE_AARP,
1401 off_linktype + 2);
1402 gen_and(b0, b1);
1403
1404 /*
1405 * Check for Ethernet encapsulation (Ethertalk
1406 * phase 1?); we just check for the Ethernet
1407 * protocol type.
1408 */
1665
1666 /*
1667 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1668 * SNAP packets with an organization code of
1669 * 0x080007 (Apple, for Appletalk) and a protocol
1670 * type of ETHERTYPE_ATALK (Appletalk).
1671 *
1672 * 802.2-encapsulated ETHERTYPE_AARP packets are
1673 * SNAP packets with an organization code of
1674 * 0x000000 (encapsulated Ethernet) and a protocol
1675 * type of ETHERTYPE_AARP (Appletalk ARP).
1676 */
1677 if (proto == ETHERTYPE_ATALK)
1678 b1 = gen_snap(0x080007, ETHERTYPE_ATALK,
1679 off_linktype + 2);
1680 else /* proto == ETHERTYPE_AARP */
1681 b1 = gen_snap(0x000000, ETHERTYPE_AARP,
1682 off_linktype + 2);
1683 gen_and(b0, b1);
1684
1685 /*
1686 * Check for Ethernet encapsulation (Ethertalk
1687 * phase 1?); we just check for the Ethernet
1688 * protocol type.
1689 */
1409 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1690 b0 = gen_cmp(OR_LINK, off_linktype, BPF_H, (bpf_int32)proto);
1410
1411 gen_or(b0, b1);
1412 return b1;
1413
1414 default:
1415 if (proto <= ETHERMTU) {
1416 /*
1417 * This is an LLC SAP value, so the frames
1418 * that match would be 802.2 frames.
1419 * Check for the 802.2 protocol type
1420 * in the "Ethernet type" field, and
1421 * then check the DSAP.
1422 */
1691
1692 gen_or(b0, b1);
1693 return b1;
1694
1695 default:
1696 if (proto <= ETHERMTU) {
1697 /*
1698 * This is an LLC SAP value, so the frames
1699 * that match would be 802.2 frames.
1700 * Check for the 802.2 protocol type
1701 * in the "Ethernet type" field, and
1702 * then check the DSAP.
1703 */
1423 b0 = gen_cmp(off_linktype, BPF_H,
1704 b0 = gen_cmp(OR_LINK, off_linktype, BPF_H,
1424 LINUX_SLL_P_802_2);
1705 LINUX_SLL_P_802_2);
1425 b1 = gen_cmp(off_linktype + 2, BPF_B,
1706 b1 = gen_cmp(OR_LINK, off_linktype + 2, BPF_B,
1426 (bpf_int32)proto);
1427 gen_and(b0, b1);
1428 return b1;
1429 } else {
1430 /*
1431 * This is an Ethernet type, so compare
1432 * the length/type field with it (if
1433 * the frame is an 802.2 frame, the length
1434 * field will be <= ETHERMTU, and, as
1435 * "proto" is > ETHERMTU, this test
1436 * will fail and the frame won't match,
1437 * which is what we want).
1438 */
1707 (bpf_int32)proto);
1708 gen_and(b0, b1);
1709 return b1;
1710 } else {
1711 /*
1712 * This is an Ethernet type, so compare
1713 * the length/type field with it (if
1714 * the frame is an 802.2 frame, the length
1715 * field will be <= ETHERMTU, and, as
1716 * "proto" is > ETHERMTU, this test
1717 * will fail and the frame won't match,
1718 * which is what we want).
1719 */
1439 return gen_cmp(off_linktype, BPF_H,
1720 return gen_cmp(OR_LINK, off_linktype, BPF_H,
1440 (bpf_int32)proto);
1441 }
1442 }
1443}
1444
1721 (bpf_int32)proto);
1722 }
1723 }
1724}
1725
1726static void
1727insert_radiotap_load_llprefixlen(b)
1728 struct block *b;
1729{
1730 struct slist *s1, *s2;
1731
1732 /*
1733 * Prepend to the statements in this block code to load the
1734 * length of the radiotap header into the register assigned
1735 * to hold that length, if one has been assigned.
1736 */
1737 if (reg_ll_size != -1) {
1738 /*
1739 * The 2 bytes at offsets of 2 and 3 from the beginning
1740 * of the radiotap header are the length of the radiotap
1741 * header; unfortunately, it's little-endian, so we have
1742 * to load it a byte at a time and construct the value.
1743 */
1744
1745 /*
1746 * Load the high-order byte, at an offset of 3, shift it
1747 * left a byte, and put the result in the X register.
1748 */
1749 s1 = new_stmt(BPF_LD|BPF_B|BPF_ABS);
1750 s1->s.k = 3;
1751 s2 = new_stmt(BPF_ALU|BPF_LSH|BPF_K);
1752 sappend(s1, s2);
1753 s2->s.k = 8;
1754 s2 = new_stmt(BPF_MISC|BPF_TAX);
1755 sappend(s1, s2);
1756
1757 /*
1758 * Load the next byte, at an offset of 2, and OR the
1759 * value from the X register into it.
1760 */
1761 s2 = new_stmt(BPF_LD|BPF_B|BPF_ABS);
1762 sappend(s1, s2);
1763 s2->s.k = 2;
1764 s2 = new_stmt(BPF_ALU|BPF_OR|BPF_X);
1765 sappend(s1, s2);
1766
1767 /*
1768 * Now allocate a register to hold that value and store
1769 * it.
1770 */
1771 s2 = new_stmt(BPF_ST);
1772 s2->s.k = reg_ll_size;
1773 sappend(s1, s2);
1774
1775 /*
1776 * Now move it into the X register.
1777 */
1778 s2 = new_stmt(BPF_MISC|BPF_TAX);
1779 sappend(s1, s2);
1780
1781 /*
1782 * Now append all the existing statements in this
1783 * block to these statements.
1784 */
1785 sappend(s1, b->stmts);
1786 b->stmts = s1;
1787 }
1788}
1789
1790
1791static void
1792insert_load_llprefixlen(b)
1793 struct block *b;
1794{
1795 switch (linktype) {
1796
1797 case DLT_IEEE802_11_RADIO:
1798 insert_radiotap_load_llprefixlen(b);
1799 }
1800}
1801
1802
1803static struct slist *
1804gen_radiotap_llprefixlen(void)
1805{
1806 struct slist *s;
1807
1808 if (reg_ll_size == -1) {
1809 /*
1810 * We haven't yet assigned a register for the length
1811 * of the radiotap header; allocate one.
1812 */
1813 reg_ll_size = alloc_reg();
1814 }
1815
1816 /*
1817 * Load the register containing the radiotap length
1818 * into the X register.
1819 */
1820 s = new_stmt(BPF_LDX|BPF_MEM);
1821 s->s.k = reg_ll_size;
1822 return s;
1823}
1824
1825/*
1826 * Generate code to compute the link-layer header length, if necessary,
1827 * putting it into the X register, and to return either a pointer to a
1828 * "struct slist" for the list of statements in that code, or NULL if
1829 * no code is necessary.
1830 */
1831static struct slist *
1832gen_llprefixlen(void)
1833{
1834 switch (linktype) {
1835
1836 case DLT_IEEE802_11_RADIO:
1837 return gen_radiotap_llprefixlen();
1838
1839 default:
1840 return NULL;
1841 }
1842}
1843
1844/*
1845 * Generate code to match a particular packet type by matching the
1846 * link-layer type field or fields in the 802.2 LLC header.
1847 *
1848 * "proto" is an Ethernet type value, if > ETHERMTU, or an LLC SAP
1849 * value, if <= ETHERMTU.
1850 */
1445static struct block *
1446gen_linktype(proto)
1447 register int proto;
1448{
1449 struct block *b0, *b1, *b2;
1450
1451 switch (linktype) {
1452
1453 case DLT_EN10MB:
1454 return gen_ether_linktype(proto);
1455 /*NOTREACHED*/
1456 break;
1457
1458 case DLT_C_HDLC:
1459 switch (proto) {
1460
1461 case LLCSAP_ISONS:
1462 proto = (proto << 8 | LLCSAP_ISONS);
1463 /* fall through */
1464
1465 default:
1851static struct block *
1852gen_linktype(proto)
1853 register int proto;
1854{
1855 struct block *b0, *b1, *b2;
1856
1857 switch (linktype) {
1858
1859 case DLT_EN10MB:
1860 return gen_ether_linktype(proto);
1861 /*NOTREACHED*/
1862 break;
1863
1864 case DLT_C_HDLC:
1865 switch (proto) {
1866
1867 case LLCSAP_ISONS:
1868 proto = (proto << 8 | LLCSAP_ISONS);
1869 /* fall through */
1870
1871 default:
1466 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
1872 return gen_cmp(OR_LINK, off_linktype, BPF_H,
1873 (bpf_int32)proto);
1467 /*NOTREACHED*/
1468 break;
1469 }
1470 break;
1471
1874 /*NOTREACHED*/
1875 break;
1876 }
1877 break;
1878
1472 case DLT_IEEE802_11:
1473 case DLT_PRISM_HEADER:
1474 case DLT_IEEE802_11_RADIO:
1475 case DLT_FDDI:
1476 case DLT_IEEE802:
1879 case DLT_FDDI:
1880 case DLT_IEEE802:
1881 case DLT_IEEE802_11:
1882 case DLT_IEEE802_11_RADIO_AVS:
1883 case DLT_IEEE802_11_RADIO:
1884 case DLT_PRISM_HEADER:
1477 case DLT_ATM_RFC1483:
1478 case DLT_ATM_CLIP:
1479 case DLT_IP_OVER_FC:
1885 case DLT_ATM_RFC1483:
1886 case DLT_ATM_CLIP:
1887 case DLT_IP_OVER_FC:
1480 return gen_llc(proto);
1888 return gen_llc_linktype(proto);
1481 /*NOTREACHED*/
1482 break;
1483
1484 case DLT_SUNATM:
1485 /*
1486 * If "is_lane" is set, check for a LANE-encapsulated
1487 * version of this protocol, otherwise check for an
1488 * LLC-encapsulated version of this protocol.
1489 *
1490 * We assume LANE means Ethernet, not Token Ring.
1491 */
1492 if (is_lane) {
1493 /*
1494 * Check that the packet doesn't begin with an
1495 * LE Control marker. (We've already generated
1496 * a test for LANE.)
1497 */
1889 /*NOTREACHED*/
1890 break;
1891
1892 case DLT_SUNATM:
1893 /*
1894 * If "is_lane" is set, check for a LANE-encapsulated
1895 * version of this protocol, otherwise check for an
1896 * LLC-encapsulated version of this protocol.
1897 *
1898 * We assume LANE means Ethernet, not Token Ring.
1899 */
1900 if (is_lane) {
1901 /*
1902 * Check that the packet doesn't begin with an
1903 * LE Control marker. (We've already generated
1904 * a test for LANE.)
1905 */
1498 b0 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
1906 b0 = gen_cmp(OR_LINK, SUNATM_PKT_BEGIN_POS, BPF_H,
1907 0xFF00);
1499 gen_not(b0);
1500
1501 /*
1502 * Now generate an Ethernet test.
1503 */
1504 b1 = gen_ether_linktype(proto);
1505 gen_and(b0, b1);
1506 return b1;
1507 } else {
1508 /*
1509 * Check for LLC encapsulation and then check the
1510 * protocol.
1511 */
1512 b0 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0);
1908 gen_not(b0);
1909
1910 /*
1911 * Now generate an Ethernet test.
1912 */
1913 b1 = gen_ether_linktype(proto);
1914 gen_and(b0, b1);
1915 return b1;
1916 } else {
1917 /*
1918 * Check for LLC encapsulation and then check the
1919 * protocol.
1920 */
1921 b0 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0);
1513 b1 = gen_llc(proto);
1922 b1 = gen_llc_linktype(proto);
1514 gen_and(b0, b1);
1515 return b1;
1516 }
1923 gen_and(b0, b1);
1924 return b1;
1925 }
1926 /*NOTREACHED*/
1927 break;
1517
1518 case DLT_LINUX_SLL:
1519 return gen_linux_sll_linktype(proto);
1520 /*NOTREACHED*/
1521 break;
1522
1523 case DLT_SLIP:
1524 case DLT_SLIP_BSDOS:
1525 case DLT_RAW:
1526 /*
1527 * These types don't provide any type field; packets
1528 * are always IP.
1529 *
1530 * XXX - for IPv4, check for a version number of 4, and,
1531 * for IPv6, check for a version number of 6?
1532 */
1533 switch (proto) {
1534
1535 case ETHERTYPE_IP:
1536#ifdef INET6
1537 case ETHERTYPE_IPV6:
1538#endif
1539 return gen_true(); /* always true */
1540
1541 default:
1542 return gen_false(); /* always false */
1543 }
1544 /*NOTREACHED*/
1545 break;
1546
1547 case DLT_PPP:
1548 case DLT_PPP_PPPD:
1549 case DLT_PPP_SERIAL:
1550 case DLT_PPP_ETHER:
1551 /*
1552 * We use Ethernet protocol types inside libpcap;
1553 * map them to the corresponding PPP protocol types.
1554 */
1555 switch (proto) {
1556
1557 case ETHERTYPE_IP:
1558 proto = PPP_IP;
1559 break;
1560
1561#ifdef INET6
1562 case ETHERTYPE_IPV6:
1563 proto = PPP_IPV6;
1564 break;
1565#endif
1566
1567 case ETHERTYPE_DN:
1568 proto = PPP_DECNET;
1569 break;
1570
1571 case ETHERTYPE_ATALK:
1572 proto = PPP_APPLE;
1573 break;
1574
1575 case ETHERTYPE_NS:
1576 proto = PPP_NS;
1577 break;
1578
1579 case LLCSAP_ISONS:
1580 proto = PPP_OSI;
1581 break;
1582
1583 case LLCSAP_8021D:
1584 /*
1585 * I'm assuming the "Bridging PDU"s that go
1586 * over PPP are Spanning Tree Protocol
1587 * Bridging PDUs.
1588 */
1589 proto = PPP_BRPDU;
1590 break;
1591
1592 case LLCSAP_IPX:
1593 proto = PPP_IPX;
1594 break;
1595 }
1596 break;
1597
1598 case DLT_PPP_BSDOS:
1599 /*
1600 * We use Ethernet protocol types inside libpcap;
1601 * map them to the corresponding PPP protocol types.
1602 */
1603 switch (proto) {
1604
1605 case ETHERTYPE_IP:
1928
1929 case DLT_LINUX_SLL:
1930 return gen_linux_sll_linktype(proto);
1931 /*NOTREACHED*/
1932 break;
1933
1934 case DLT_SLIP:
1935 case DLT_SLIP_BSDOS:
1936 case DLT_RAW:
1937 /*
1938 * These types don't provide any type field; packets
1939 * are always IP.
1940 *
1941 * XXX - for IPv4, check for a version number of 4, and,
1942 * for IPv6, check for a version number of 6?
1943 */
1944 switch (proto) {
1945
1946 case ETHERTYPE_IP:
1947#ifdef INET6
1948 case ETHERTYPE_IPV6:
1949#endif
1950 return gen_true(); /* always true */
1951
1952 default:
1953 return gen_false(); /* always false */
1954 }
1955 /*NOTREACHED*/
1956 break;
1957
1958 case DLT_PPP:
1959 case DLT_PPP_PPPD:
1960 case DLT_PPP_SERIAL:
1961 case DLT_PPP_ETHER:
1962 /*
1963 * We use Ethernet protocol types inside libpcap;
1964 * map them to the corresponding PPP protocol types.
1965 */
1966 switch (proto) {
1967
1968 case ETHERTYPE_IP:
1969 proto = PPP_IP;
1970 break;
1971
1972#ifdef INET6
1973 case ETHERTYPE_IPV6:
1974 proto = PPP_IPV6;
1975 break;
1976#endif
1977
1978 case ETHERTYPE_DN:
1979 proto = PPP_DECNET;
1980 break;
1981
1982 case ETHERTYPE_ATALK:
1983 proto = PPP_APPLE;
1984 break;
1985
1986 case ETHERTYPE_NS:
1987 proto = PPP_NS;
1988 break;
1989
1990 case LLCSAP_ISONS:
1991 proto = PPP_OSI;
1992 break;
1993
1994 case LLCSAP_8021D:
1995 /*
1996 * I'm assuming the "Bridging PDU"s that go
1997 * over PPP are Spanning Tree Protocol
1998 * Bridging PDUs.
1999 */
2000 proto = PPP_BRPDU;
2001 break;
2002
2003 case LLCSAP_IPX:
2004 proto = PPP_IPX;
2005 break;
2006 }
2007 break;
2008
2009 case DLT_PPP_BSDOS:
2010 /*
2011 * We use Ethernet protocol types inside libpcap;
2012 * map them to the corresponding PPP protocol types.
2013 */
2014 switch (proto) {
2015
2016 case ETHERTYPE_IP:
1606 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP);
1607 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC);
2017 b0 = gen_cmp(OR_LINK, off_linktype, BPF_H, PPP_IP);
2018 b1 = gen_cmp(OR_LINK, off_linktype, BPF_H, PPP_VJC);
1608 gen_or(b0, b1);
2019 gen_or(b0, b1);
1609 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC);
2020 b0 = gen_cmp(OR_LINK, off_linktype, BPF_H, PPP_VJNC);
1610 gen_or(b1, b0);
1611 return b0;
1612
1613#ifdef INET6
1614 case ETHERTYPE_IPV6:
1615 proto = PPP_IPV6;
1616 /* more to go? */
1617 break;
1618#endif
1619
1620 case ETHERTYPE_DN:
1621 proto = PPP_DECNET;
1622 break;
1623
1624 case ETHERTYPE_ATALK:
1625 proto = PPP_APPLE;
1626 break;
1627
1628 case ETHERTYPE_NS:
1629 proto = PPP_NS;
1630 break;
1631
1632 case LLCSAP_ISONS:
1633 proto = PPP_OSI;
1634 break;
1635
1636 case LLCSAP_8021D:
1637 /*
1638 * I'm assuming the "Bridging PDU"s that go
1639 * over PPP are Spanning Tree Protocol
1640 * Bridging PDUs.
1641 */
1642 proto = PPP_BRPDU;
1643 break;
1644
1645 case LLCSAP_IPX:
1646 proto = PPP_IPX;
1647 break;
1648 }
1649 break;
1650
1651 case DLT_NULL:
1652 case DLT_LOOP:
1653 case DLT_ENC:
1654 /*
1655 * For DLT_NULL, the link-layer header is a 32-bit
1656 * word containing an AF_ value in *host* byte order,
1657 * and for DLT_ENC, the link-layer header begins
1658 * with a 32-bit work containing an AF_ value in
1659 * host byte order.
1660 *
1661 * In addition, if we're reading a saved capture file,
1662 * the host byte order in the capture may not be the
1663 * same as the host byte order on this machine.
1664 *
1665 * For DLT_LOOP, the link-layer header is a 32-bit
1666 * word containing an AF_ value in *network* byte order.
1667 *
1668 * XXX - AF_ values may, unfortunately, be platform-
1669 * dependent; for example, FreeBSD's AF_INET6 is 24
1670 * whilst NetBSD's and OpenBSD's is 26.
1671 *
1672 * This means that, when reading a capture file, just
1673 * checking for our AF_INET6 value won't work if the
1674 * capture file came from another OS.
1675 */
1676 switch (proto) {
1677
1678 case ETHERTYPE_IP:
1679 proto = AF_INET;
1680 break;
1681
1682#ifdef INET6
1683 case ETHERTYPE_IPV6:
1684 proto = AF_INET6;
1685 break;
1686#endif
1687
1688 default:
1689 /*
1690 * Not a type on which we support filtering.
1691 * XXX - support those that have AF_ values
1692 * #defined on this platform, at least?
1693 */
1694 return gen_false();
1695 }
1696
1697 if (linktype == DLT_NULL || linktype == DLT_ENC) {
1698 /*
1699 * The AF_ value is in host byte order, but
1700 * the BPF interpreter will convert it to
1701 * network byte order.
1702 *
1703 * If this is a save file, and it's from a
1704 * machine with the opposite byte order to
1705 * ours, we byte-swap the AF_ value.
1706 *
1707 * Then we run it through "htonl()", and
1708 * generate code to compare against the result.
1709 */
1710 if (bpf_pcap->sf.rfile != NULL &&
1711 bpf_pcap->sf.swapped)
1712 proto = SWAPLONG(proto);
1713 proto = htonl(proto);
1714 }
2021 gen_or(b1, b0);
2022 return b0;
2023
2024#ifdef INET6
2025 case ETHERTYPE_IPV6:
2026 proto = PPP_IPV6;
2027 /* more to go? */
2028 break;
2029#endif
2030
2031 case ETHERTYPE_DN:
2032 proto = PPP_DECNET;
2033 break;
2034
2035 case ETHERTYPE_ATALK:
2036 proto = PPP_APPLE;
2037 break;
2038
2039 case ETHERTYPE_NS:
2040 proto = PPP_NS;
2041 break;
2042
2043 case LLCSAP_ISONS:
2044 proto = PPP_OSI;
2045 break;
2046
2047 case LLCSAP_8021D:
2048 /*
2049 * I'm assuming the "Bridging PDU"s that go
2050 * over PPP are Spanning Tree Protocol
2051 * Bridging PDUs.
2052 */
2053 proto = PPP_BRPDU;
2054 break;
2055
2056 case LLCSAP_IPX:
2057 proto = PPP_IPX;
2058 break;
2059 }
2060 break;
2061
2062 case DLT_NULL:
2063 case DLT_LOOP:
2064 case DLT_ENC:
2065 /*
2066 * For DLT_NULL, the link-layer header is a 32-bit
2067 * word containing an AF_ value in *host* byte order,
2068 * and for DLT_ENC, the link-layer header begins
2069 * with a 32-bit work containing an AF_ value in
2070 * host byte order.
2071 *
2072 * In addition, if we're reading a saved capture file,
2073 * the host byte order in the capture may not be the
2074 * same as the host byte order on this machine.
2075 *
2076 * For DLT_LOOP, the link-layer header is a 32-bit
2077 * word containing an AF_ value in *network* byte order.
2078 *
2079 * XXX - AF_ values may, unfortunately, be platform-
2080 * dependent; for example, FreeBSD's AF_INET6 is 24
2081 * whilst NetBSD's and OpenBSD's is 26.
2082 *
2083 * This means that, when reading a capture file, just
2084 * checking for our AF_INET6 value won't work if the
2085 * capture file came from another OS.
2086 */
2087 switch (proto) {
2088
2089 case ETHERTYPE_IP:
2090 proto = AF_INET;
2091 break;
2092
2093#ifdef INET6
2094 case ETHERTYPE_IPV6:
2095 proto = AF_INET6;
2096 break;
2097#endif
2098
2099 default:
2100 /*
2101 * Not a type on which we support filtering.
2102 * XXX - support those that have AF_ values
2103 * #defined on this platform, at least?
2104 */
2105 return gen_false();
2106 }
2107
2108 if (linktype == DLT_NULL || linktype == DLT_ENC) {
2109 /*
2110 * The AF_ value is in host byte order, but
2111 * the BPF interpreter will convert it to
2112 * network byte order.
2113 *
2114 * If this is a save file, and it's from a
2115 * machine with the opposite byte order to
2116 * ours, we byte-swap the AF_ value.
2117 *
2118 * Then we run it through "htonl()", and
2119 * generate code to compare against the result.
2120 */
2121 if (bpf_pcap->sf.rfile != NULL &&
2122 bpf_pcap->sf.swapped)
2123 proto = SWAPLONG(proto);
2124 proto = htonl(proto);
2125 }
1715 return (gen_cmp(0, BPF_W, (bpf_int32)proto));
2126 return (gen_cmp(OR_LINK, 0, BPF_W, (bpf_int32)proto));
1716
1717 case DLT_PFLOG:
1718 /*
1719 * af field is host byte order in contrast to the rest of
1720 * the packet.
1721 */
1722 if (proto == ETHERTYPE_IP)
2127
2128 case DLT_PFLOG:
2129 /*
2130 * af field is host byte order in contrast to the rest of
2131 * the packet.
2132 */
2133 if (proto == ETHERTYPE_IP)
1723 return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B,
1724 (bpf_int32)AF_INET));
2134 return (gen_cmp(OR_LINK, offsetof(struct pfloghdr, af),
2135 BPF_B, (bpf_int32)AF_INET));
1725#ifdef INET6
1726 else if (proto == ETHERTYPE_IPV6)
2136#ifdef INET6
2137 else if (proto == ETHERTYPE_IPV6)
1727 return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B,
1728 (bpf_int32)AF_INET6));
2138 return (gen_cmp(OR_LINK, offsetof(struct pfloghdr, af),
2139 BPF_B, (bpf_int32)AF_INET6));
1729#endif /* INET6 */
1730 else
1731 return gen_false();
1732 /*NOTREACHED*/
1733 break;
1734
1735 case DLT_ARCNET:
1736 case DLT_ARCNET_LINUX:
1737 /*
1738 * XXX should we check for first fragment if the protocol
1739 * uses PHDS?
1740 */
1741 switch (proto) {
1742
1743 default:
1744 return gen_false();
1745
1746#ifdef INET6
1747 case ETHERTYPE_IPV6:
2140#endif /* INET6 */
2141 else
2142 return gen_false();
2143 /*NOTREACHED*/
2144 break;
2145
2146 case DLT_ARCNET:
2147 case DLT_ARCNET_LINUX:
2148 /*
2149 * XXX should we check for first fragment if the protocol
2150 * uses PHDS?
2151 */
2152 switch (proto) {
2153
2154 default:
2155 return gen_false();
2156
2157#ifdef INET6
2158 case ETHERTYPE_IPV6:
1748 return (gen_cmp(off_linktype, BPF_B,
2159 return (gen_cmp(OR_LINK, off_linktype, BPF_B,
1749 (bpf_int32)ARCTYPE_INET6));
1750#endif /* INET6 */
1751
1752 case ETHERTYPE_IP:
2160 (bpf_int32)ARCTYPE_INET6));
2161#endif /* INET6 */
2162
2163 case ETHERTYPE_IP:
1753 b0 = gen_cmp(off_linktype, BPF_B,
2164 b0 = gen_cmp(OR_LINK, off_linktype, BPF_B,
1754 (bpf_int32)ARCTYPE_IP);
2165 (bpf_int32)ARCTYPE_IP);
1755 b1 = gen_cmp(off_linktype, BPF_B,
2166 b1 = gen_cmp(OR_LINK, off_linktype, BPF_B,
1756 (bpf_int32)ARCTYPE_IP_OLD);
1757 gen_or(b0, b1);
1758 return (b1);
1759
1760 case ETHERTYPE_ARP:
2167 (bpf_int32)ARCTYPE_IP_OLD);
2168 gen_or(b0, b1);
2169 return (b1);
2170
2171 case ETHERTYPE_ARP:
1761 b0 = gen_cmp(off_linktype, BPF_B,
2172 b0 = gen_cmp(OR_LINK, off_linktype, BPF_B,
1762 (bpf_int32)ARCTYPE_ARP);
2173 (bpf_int32)ARCTYPE_ARP);
1763 b1 = gen_cmp(off_linktype, BPF_B,
2174 b1 = gen_cmp(OR_LINK, off_linktype, BPF_B,
1764 (bpf_int32)ARCTYPE_ARP_OLD);
1765 gen_or(b0, b1);
1766 return (b1);
1767
1768 case ETHERTYPE_REVARP:
2175 (bpf_int32)ARCTYPE_ARP_OLD);
2176 gen_or(b0, b1);
2177 return (b1);
2178
2179 case ETHERTYPE_REVARP:
1769 return (gen_cmp(off_linktype, BPF_B,
2180 return (gen_cmp(OR_LINK, off_linktype, BPF_B,
1770 (bpf_int32)ARCTYPE_REVARP));
1771
1772 case ETHERTYPE_ATALK:
2181 (bpf_int32)ARCTYPE_REVARP));
2182
2183 case ETHERTYPE_ATALK:
1773 return (gen_cmp(off_linktype, BPF_B,
2184 return (gen_cmp(OR_LINK, off_linktype, BPF_B,
1774 (bpf_int32)ARCTYPE_ATALK));
1775 }
1776 /*NOTREACHED*/
1777 break;
1778
1779 case DLT_LTALK:
1780 switch (proto) {
1781 case ETHERTYPE_ATALK:
1782 return gen_true();
1783 default:
1784 return gen_false();
1785 }
1786 /*NOTREACHED*/
1787 break;
1788
1789 case DLT_FRELAY:
1790 /*
1791 * XXX - assumes a 2-byte Frame Relay header with
1792 * DLCI and flags. What if the address is longer?
1793 */
1794 switch (proto) {
1795
1796 case ETHERTYPE_IP:
1797 /*
1798 * Check for the special NLPID for IP.
1799 */
2185 (bpf_int32)ARCTYPE_ATALK));
2186 }
2187 /*NOTREACHED*/
2188 break;
2189
2190 case DLT_LTALK:
2191 switch (proto) {
2192 case ETHERTYPE_ATALK:
2193 return gen_true();
2194 default:
2195 return gen_false();
2196 }
2197 /*NOTREACHED*/
2198 break;
2199
2200 case DLT_FRELAY:
2201 /*
2202 * XXX - assumes a 2-byte Frame Relay header with
2203 * DLCI and flags. What if the address is longer?
2204 */
2205 switch (proto) {
2206
2207 case ETHERTYPE_IP:
2208 /*
2209 * Check for the special NLPID for IP.
2210 */
1800 return gen_cmp(2, BPF_H, (0x03<<8) | 0xcc);
2211 return gen_cmp(OR_LINK, 2, BPF_H, (0x03<<8) | 0xcc);
1801
1802#ifdef INET6
1803 case ETHERTYPE_IPV6:
1804 /*
1805 * Check for the special NLPID for IPv6.
1806 */
2212
2213#ifdef INET6
2214 case ETHERTYPE_IPV6:
2215 /*
2216 * Check for the special NLPID for IPv6.
2217 */
1807 return gen_cmp(2, BPF_H, (0x03<<8) | 0x8e);
2218 return gen_cmp(OR_LINK, 2, BPF_H, (0x03<<8) | 0x8e);
1808#endif
1809
1810 case LLCSAP_ISONS:
1811 /*
1812 * Check for several OSI protocols.
1813 *
1814 * Frame Relay packets typically have an OSI
1815 * NLPID at the beginning; we check for each
1816 * of them.
1817 *
1818 * What we check for is the NLPID and a frame
1819 * control field of UI, i.e. 0x03 followed
1820 * by the NLPID.
1821 */
2219#endif
2220
2221 case LLCSAP_ISONS:
2222 /*
2223 * Check for several OSI protocols.
2224 *
2225 * Frame Relay packets typically have an OSI
2226 * NLPID at the beginning; we check for each
2227 * of them.
2228 *
2229 * What we check for is the NLPID and a frame
2230 * control field of UI, i.e. 0x03 followed
2231 * by the NLPID.
2232 */
1822 b0 = gen_cmp(2, BPF_H, (0x03<<8) | ISO8473_CLNP);
1823 b1 = gen_cmp(2, BPF_H, (0x03<<8) | ISO9542_ESIS);
1824 b2 = gen_cmp(2, BPF_H, (0x03<<8) | ISO10589_ISIS);
2233 b0 = gen_cmp(OR_LINK, 2, BPF_H, (0x03<<8) | ISO8473_CLNP);
2234 b1 = gen_cmp(OR_LINK, 2, BPF_H, (0x03<<8) | ISO9542_ESIS);
2235 b2 = gen_cmp(OR_LINK, 2, BPF_H, (0x03<<8) | ISO10589_ISIS);
1825 gen_or(b1, b2);
1826 gen_or(b0, b2);
1827 return b2;
1828
1829 default:
1830 return gen_false();
1831 }
1832 /*NOTREACHED*/
1833 break;
1834
1835 case DLT_JUNIPER_MLFR:
1836 case DLT_JUNIPER_MLPPP:
1837 case DLT_JUNIPER_ATM1:
1838 case DLT_JUNIPER_ATM2:
2236 gen_or(b1, b2);
2237 gen_or(b0, b2);
2238 return b2;
2239
2240 default:
2241 return gen_false();
2242 }
2243 /*NOTREACHED*/
2244 break;
2245
2246 case DLT_JUNIPER_MLFR:
2247 case DLT_JUNIPER_MLPPP:
2248 case DLT_JUNIPER_ATM1:
2249 case DLT_JUNIPER_ATM2:
2250 case DLT_JUNIPER_PPPOE:
2251 case DLT_JUNIPER_PPPOE_ATM:
2252 case DLT_JUNIPER_GGSN:
2253 case DLT_JUNIPER_ES:
2254 case DLT_JUNIPER_MONITOR:
2255 case DLT_JUNIPER_SERVICES:
1839 /* just lets verify the magic number for now -
1840 * on ATM we may have up to 6 different encapsulations on the wire
1841 * and need a lot of heuristics to figure out that the payload
1842 * might be;
1843 *
1844 * FIXME encapsulation specific BPF_ filters
1845 */
2256 /* just lets verify the magic number for now -
2257 * on ATM we may have up to 6 different encapsulations on the wire
2258 * and need a lot of heuristics to figure out that the payload
2259 * might be;
2260 *
2261 * FIXME encapsulation specific BPF_ filters
2262 */
1846 return gen_mcmp(0, BPF_W, 0x4d474300, 0xffffff00); /* compare the magic number */
2263 return gen_mcmp(OR_LINK, 0, BPF_W, 0x4d474300, 0xffffff00); /* compare the magic number */
1847
1848 case DLT_LINUX_IRDA:
1849 bpf_error("IrDA link-layer type filtering not implemented");
1850
1851 case DLT_DOCSIS:
1852 bpf_error("DOCSIS link-layer type filtering not implemented");
2264
2265 case DLT_LINUX_IRDA:
2266 bpf_error("IrDA link-layer type filtering not implemented");
2267
2268 case DLT_DOCSIS:
2269 bpf_error("DOCSIS link-layer type filtering not implemented");
2270
2271 case DLT_LINUX_LAPD:
2272 bpf_error("LAPD link-layer type filtering not implemented");
1853 }
1854
1855 /*
1856 * All the types that have no encapsulation should either be
1857 * handled as DLT_SLIP, DLT_SLIP_BSDOS, and DLT_RAW are, if
1858 * all packets are IP packets, or should be handled in some
1859 * special case, if none of them are (if some are and some
1860 * aren't, the lack of encapsulation is a problem, as we'd
1861 * have to find some other way of determining the packet type).
1862 *
1863 * Therefore, if "off_linktype" is -1, there's an error.
1864 */
1865 if (off_linktype == (u_int)-1)
1866 abort();
1867
1868 /*
1869 * Any type not handled above should always have an Ethernet
1870 * type at an offset of "off_linktype". (PPP is partially
1871 * handled above - the protocol type is mapped from the
1872 * Ethernet and LLC types we use internally to the corresponding
1873 * PPP type - but the PPP type is always specified by a value
1874 * at "off_linktype", so we don't have to do the code generation
1875 * above.)
1876 */
2273 }
2274
2275 /*
2276 * All the types that have no encapsulation should either be
2277 * handled as DLT_SLIP, DLT_SLIP_BSDOS, and DLT_RAW are, if
2278 * all packets are IP packets, or should be handled in some
2279 * special case, if none of them are (if some are and some
2280 * aren't, the lack of encapsulation is a problem, as we'd
2281 * have to find some other way of determining the packet type).
2282 *
2283 * Therefore, if "off_linktype" is -1, there's an error.
2284 */
2285 if (off_linktype == (u_int)-1)
2286 abort();
2287
2288 /*
2289 * Any type not handled above should always have an Ethernet
2290 * type at an offset of "off_linktype". (PPP is partially
2291 * handled above - the protocol type is mapped from the
2292 * Ethernet and LLC types we use internally to the corresponding
2293 * PPP type - but the PPP type is always specified by a value
2294 * at "off_linktype", so we don't have to do the code generation
2295 * above.)
2296 */
1877 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
2297 return gen_cmp(OR_LINK, off_linktype, BPF_H, (bpf_int32)proto);
1878}
1879
1880/*
1881 * Check for an LLC SNAP packet with a given organization code and
1882 * protocol type; we check the entire contents of the 802.2 LLC and
1883 * snap headers, checking for DSAP and SSAP of SNAP and a control
1884 * field of 0x03 in the LLC header, and for the specified organization
1885 * code and protocol type in the SNAP header.
1886 */
1887static struct block *
1888gen_snap(orgcode, ptype, offset)
1889 bpf_u_int32 orgcode;
1890 bpf_u_int32 ptype;
1891 u_int offset;
1892{
1893 u_char snapblock[8];
1894
1895 snapblock[0] = LLCSAP_SNAP; /* DSAP = SNAP */
1896 snapblock[1] = LLCSAP_SNAP; /* SSAP = SNAP */
1897 snapblock[2] = 0x03; /* control = UI */
1898 snapblock[3] = (orgcode >> 16); /* upper 8 bits of organization code */
1899 snapblock[4] = (orgcode >> 8); /* middle 8 bits of organization code */
1900 snapblock[5] = (orgcode >> 0); /* lower 8 bits of organization code */
1901 snapblock[6] = (ptype >> 8); /* upper 8 bits of protocol type */
1902 snapblock[7] = (ptype >> 0); /* lower 8 bits of protocol type */
2298}
2299
2300/*
2301 * Check for an LLC SNAP packet with a given organization code and
2302 * protocol type; we check the entire contents of the 802.2 LLC and
2303 * snap headers, checking for DSAP and SSAP of SNAP and a control
2304 * field of 0x03 in the LLC header, and for the specified organization
2305 * code and protocol type in the SNAP header.
2306 */
2307static struct block *
2308gen_snap(orgcode, ptype, offset)
2309 bpf_u_int32 orgcode;
2310 bpf_u_int32 ptype;
2311 u_int offset;
2312{
2313 u_char snapblock[8];
2314
2315 snapblock[0] = LLCSAP_SNAP; /* DSAP = SNAP */
2316 snapblock[1] = LLCSAP_SNAP; /* SSAP = SNAP */
2317 snapblock[2] = 0x03; /* control = UI */
2318 snapblock[3] = (orgcode >> 16); /* upper 8 bits of organization code */
2319 snapblock[4] = (orgcode >> 8); /* middle 8 bits of organization code */
2320 snapblock[5] = (orgcode >> 0); /* lower 8 bits of organization code */
2321 snapblock[6] = (ptype >> 8); /* upper 8 bits of protocol type */
2322 snapblock[7] = (ptype >> 0); /* lower 8 bits of protocol type */
1903 return gen_bcmp(offset, 8, snapblock);
2323 return gen_bcmp(OR_LINK, offset, 8, snapblock);
1904}
1905
1906/*
2324}
2325
2326/*
1907 * Check for a given protocol value assuming an 802.2 LLC header.
2327 * Generate code to match a particular packet type, for link-layer types
2328 * using 802.2 LLC headers.
2329 *
2330 * This is *NOT* used for Ethernet; "gen_ether_linktype()" is used
2331 * for that - it handles the D/I/X Ethernet vs. 802.3+802.2 issues.
2332 *
2333 * "proto" is an Ethernet type value, if > ETHERMTU, or an LLC SAP
2334 * value, if <= ETHERMTU. We use that to determine whether to
2335 * match the DSAP or both DSAP and LSAP or to check the OUI and
2336 * protocol ID in a SNAP header.
1908 */
1909static struct block *
2337 */
2338static struct block *
1910gen_llc(proto)
2339gen_llc_linktype(proto)
1911 int proto;
1912{
1913 /*
1914 * XXX - handle token-ring variable-length header.
1915 */
1916 switch (proto) {
1917
1918 case LLCSAP_IP:
2340 int proto;
2341{
2342 /*
2343 * XXX - handle token-ring variable-length header.
2344 */
2345 switch (proto) {
2346
2347 case LLCSAP_IP:
1919 return gen_cmp(off_linktype, BPF_H, (long)
1920 ((LLCSAP_IP << 8) | LLCSAP_IP));
1921
1922 case LLCSAP_ISONS:
2348 case LLCSAP_ISONS:
1923 return gen_cmp(off_linktype, BPF_H, (long)
1924 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
1925
1926 case LLCSAP_NETBEUI:
2349 case LLCSAP_NETBEUI:
1927 return gen_cmp(off_linktype, BPF_H, (long)
1928 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
2350 /*
2351 * XXX - should we check both the DSAP and the
2352 * SSAP, like this, or should we check just the
2353 * DSAP, as we do for other types <= ETHERMTU
2354 * (i.e., other SAP values)?
2355 */
2356 return gen_cmp(OR_LINK, off_linktype, BPF_H, (bpf_u_int32)
2357 ((proto << 8) | proto));
1929
1930 case LLCSAP_IPX:
1931 /*
1932 * XXX - are there ever SNAP frames for IPX on
1933 * non-Ethernet 802.x networks?
1934 */
2358
2359 case LLCSAP_IPX:
2360 /*
2361 * XXX - are there ever SNAP frames for IPX on
2362 * non-Ethernet 802.x networks?
2363 */
1935 return gen_cmp(off_linktype, BPF_B, (bpf_int32)LLCSAP_IPX);
2364 return gen_cmp(OR_LINK, off_linktype, BPF_B,
2365 (bpf_int32)LLCSAP_IPX);
1936
1937 case ETHERTYPE_ATALK:
1938 /*
1939 * 802.2-encapsulated ETHERTYPE_ATALK packets are
1940 * SNAP packets with an organization code of
1941 * 0x080007 (Apple, for Appletalk) and a protocol
1942 * type of ETHERTYPE_ATALK (Appletalk).
1943 *
1944 * XXX - check for an organization code of
1945 * encapsulated Ethernet as well?
1946 */
1947 return gen_snap(0x080007, ETHERTYPE_ATALK, off_linktype);
1948
1949 default:
1950 /*
1951 * XXX - we don't have to check for IPX 802.3
1952 * here, but should we check for the IPX Ethertype?
1953 */
1954 if (proto <= ETHERMTU) {
1955 /*
1956 * This is an LLC SAP value, so check
1957 * the DSAP.
1958 */
2366
2367 case ETHERTYPE_ATALK:
2368 /*
2369 * 802.2-encapsulated ETHERTYPE_ATALK packets are
2370 * SNAP packets with an organization code of
2371 * 0x080007 (Apple, for Appletalk) and a protocol
2372 * type of ETHERTYPE_ATALK (Appletalk).
2373 *
2374 * XXX - check for an organization code of
2375 * encapsulated Ethernet as well?
2376 */
2377 return gen_snap(0x080007, ETHERTYPE_ATALK, off_linktype);
2378
2379 default:
2380 /*
2381 * XXX - we don't have to check for IPX 802.3
2382 * here, but should we check for the IPX Ethertype?
2383 */
2384 if (proto <= ETHERMTU) {
2385 /*
2386 * This is an LLC SAP value, so check
2387 * the DSAP.
2388 */
1959 return gen_cmp(off_linktype, BPF_B, (bpf_int32)proto);
2389 return gen_cmp(OR_LINK, off_linktype, BPF_B,
2390 (bpf_int32)proto);
1960 } else {
1961 /*
1962 * This is an Ethernet type; we assume that it's
1963 * unlikely that it'll appear in the right place
1964 * at random, and therefore check only the
1965 * location that would hold the Ethernet type
1966 * in a SNAP frame with an organization code of
1967 * 0x000000 (encapsulated Ethernet).
1968 *
1969 * XXX - if we were to check for the SNAP DSAP and
1970 * LSAP, as per XXX, and were also to check for an
1971 * organization code of 0x000000 (encapsulated
1972 * Ethernet), we'd do
1973 *
1974 * return gen_snap(0x000000, proto,
1975 * off_linktype);
1976 *
1977 * here; for now, we don't, as per the above.
1978 * I don't know whether it's worth the extra CPU
1979 * time to do the right check or not.
1980 */
2391 } else {
2392 /*
2393 * This is an Ethernet type; we assume that it's
2394 * unlikely that it'll appear in the right place
2395 * at random, and therefore check only the
2396 * location that would hold the Ethernet type
2397 * in a SNAP frame with an organization code of
2398 * 0x000000 (encapsulated Ethernet).
2399 *
2400 * XXX - if we were to check for the SNAP DSAP and
2401 * LSAP, as per XXX, and were also to check for an
2402 * organization code of 0x000000 (encapsulated
2403 * Ethernet), we'd do
2404 *
2405 * return gen_snap(0x000000, proto,
2406 * off_linktype);
2407 *
2408 * here; for now, we don't, as per the above.
2409 * I don't know whether it's worth the extra CPU
2410 * time to do the right check or not.
2411 */
1981 return gen_cmp(off_linktype+6, BPF_H, (bpf_int32)proto);
2412 return gen_cmp(OR_LINK, off_linktype+6, BPF_H,
2413 (bpf_int32)proto);
1982 }
1983 }
1984}
1985
1986static struct block *
1987gen_hostop(addr, mask, dir, proto, src_off, dst_off)
1988 bpf_u_int32 addr;
1989 bpf_u_int32 mask;
1990 int dir, proto;
1991 u_int src_off, dst_off;
1992{
1993 struct block *b0, *b1;
1994 u_int offset;
1995
1996 switch (dir) {
1997
1998 case Q_SRC:
1999 offset = src_off;
2000 break;
2001
2002 case Q_DST:
2003 offset = dst_off;
2004 break;
2005
2006 case Q_AND:
2007 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
2008 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
2009 gen_and(b0, b1);
2010 return b1;
2011
2012 case Q_OR:
2013 case Q_DEFAULT:
2014 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
2015 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
2016 gen_or(b0, b1);
2017 return b1;
2018
2019 default:
2020 abort();
2021 }
2022 b0 = gen_linktype(proto);
2414 }
2415 }
2416}
2417
2418static struct block *
2419gen_hostop(addr, mask, dir, proto, src_off, dst_off)
2420 bpf_u_int32 addr;
2421 bpf_u_int32 mask;
2422 int dir, proto;
2423 u_int src_off, dst_off;
2424{
2425 struct block *b0, *b1;
2426 u_int offset;
2427
2428 switch (dir) {
2429
2430 case Q_SRC:
2431 offset = src_off;
2432 break;
2433
2434 case Q_DST:
2435 offset = dst_off;
2436 break;
2437
2438 case Q_AND:
2439 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
2440 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
2441 gen_and(b0, b1);
2442 return b1;
2443
2444 case Q_OR:
2445 case Q_DEFAULT:
2446 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
2447 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
2448 gen_or(b0, b1);
2449 return b1;
2450
2451 default:
2452 abort();
2453 }
2454 b0 = gen_linktype(proto);
2023 b1 = gen_mcmp(offset, BPF_W, (bpf_int32)addr, mask);
2455 b1 = gen_mcmp(OR_NET, offset, BPF_W, (bpf_int32)addr, mask);
2024 gen_and(b0, b1);
2025 return b1;
2026}
2027
2028#ifdef INET6
2029static struct block *
2030gen_hostop6(addr, mask, dir, proto, src_off, dst_off)
2031 struct in6_addr *addr;
2032 struct in6_addr *mask;
2033 int dir, proto;
2034 u_int src_off, dst_off;
2035{
2036 struct block *b0, *b1;
2037 u_int offset;
2038 u_int32_t *a, *m;
2039
2040 switch (dir) {
2041
2042 case Q_SRC:
2043 offset = src_off;
2044 break;
2045
2046 case Q_DST:
2047 offset = dst_off;
2048 break;
2049
2050 case Q_AND:
2051 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
2052 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
2053 gen_and(b0, b1);
2054 return b1;
2055
2056 case Q_OR:
2057 case Q_DEFAULT:
2058 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
2059 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
2060 gen_or(b0, b1);
2061 return b1;
2062
2063 default:
2064 abort();
2065 }
2066 /* this order is important */
2067 a = (u_int32_t *)addr;
2068 m = (u_int32_t *)mask;
2456 gen_and(b0, b1);
2457 return b1;
2458}
2459
2460#ifdef INET6
2461static struct block *
2462gen_hostop6(addr, mask, dir, proto, src_off, dst_off)
2463 struct in6_addr *addr;
2464 struct in6_addr *mask;
2465 int dir, proto;
2466 u_int src_off, dst_off;
2467{
2468 struct block *b0, *b1;
2469 u_int offset;
2470 u_int32_t *a, *m;
2471
2472 switch (dir) {
2473
2474 case Q_SRC:
2475 offset = src_off;
2476 break;
2477
2478 case Q_DST:
2479 offset = dst_off;
2480 break;
2481
2482 case Q_AND:
2483 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
2484 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
2485 gen_and(b0, b1);
2486 return b1;
2487
2488 case Q_OR:
2489 case Q_DEFAULT:
2490 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
2491 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
2492 gen_or(b0, b1);
2493 return b1;
2494
2495 default:
2496 abort();
2497 }
2498 /* this order is important */
2499 a = (u_int32_t *)addr;
2500 m = (u_int32_t *)mask;
2069 b1 = gen_mcmp(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3]));
2070 b0 = gen_mcmp(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2]));
2501 b1 = gen_mcmp(OR_NET, offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3]));
2502 b0 = gen_mcmp(OR_NET, offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2]));
2071 gen_and(b0, b1);
2503 gen_and(b0, b1);
2072 b0 = gen_mcmp(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1]));
2504 b0 = gen_mcmp(OR_NET, offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1]));
2073 gen_and(b0, b1);
2505 gen_and(b0, b1);
2074 b0 = gen_mcmp(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0]));
2506 b0 = gen_mcmp(OR_NET, offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0]));
2075 gen_and(b0, b1);
2076 b0 = gen_linktype(proto);
2077 gen_and(b0, b1);
2078 return b1;
2079}
2080#endif /*INET6*/
2081
2082static struct block *
2083gen_ehostop(eaddr, dir)
2084 register const u_char *eaddr;
2085 register int dir;
2086{
2087 register struct block *b0, *b1;
2088
2089 switch (dir) {
2090 case Q_SRC:
2507 gen_and(b0, b1);
2508 b0 = gen_linktype(proto);
2509 gen_and(b0, b1);
2510 return b1;
2511}
2512#endif /*INET6*/
2513
2514static struct block *
2515gen_ehostop(eaddr, dir)
2516 register const u_char *eaddr;
2517 register int dir;
2518{
2519 register struct block *b0, *b1;
2520
2521 switch (dir) {
2522 case Q_SRC:
2091 return gen_bcmp(off_mac + 6, 6, eaddr);
2523 return gen_bcmp(OR_LINK, off_mac + 6, 6, eaddr);
2092
2093 case Q_DST:
2524
2525 case Q_DST:
2094 return gen_bcmp(off_mac + 0, 6, eaddr);
2526 return gen_bcmp(OR_LINK, off_mac + 0, 6, eaddr);
2095
2096 case Q_AND:
2097 b0 = gen_ehostop(eaddr, Q_SRC);
2098 b1 = gen_ehostop(eaddr, Q_DST);
2099 gen_and(b0, b1);
2100 return b1;
2101
2102 case Q_DEFAULT:
2103 case Q_OR:
2104 b0 = gen_ehostop(eaddr, Q_SRC);
2105 b1 = gen_ehostop(eaddr, Q_DST);
2106 gen_or(b0, b1);
2107 return b1;
2108 }
2109 abort();
2110 /* NOTREACHED */
2111}
2112
2113/*
2114 * Like gen_ehostop, but for DLT_FDDI
2115 */
2116static struct block *
2117gen_fhostop(eaddr, dir)
2118 register const u_char *eaddr;
2119 register int dir;
2120{
2121 struct block *b0, *b1;
2122
2123 switch (dir) {
2124 case Q_SRC:
2125#ifdef PCAP_FDDIPAD
2527
2528 case Q_AND:
2529 b0 = gen_ehostop(eaddr, Q_SRC);
2530 b1 = gen_ehostop(eaddr, Q_DST);
2531 gen_and(b0, b1);
2532 return b1;
2533
2534 case Q_DEFAULT:
2535 case Q_OR:
2536 b0 = gen_ehostop(eaddr, Q_SRC);
2537 b1 = gen_ehostop(eaddr, Q_DST);
2538 gen_or(b0, b1);
2539 return b1;
2540 }
2541 abort();
2542 /* NOTREACHED */
2543}
2544
2545/*
2546 * Like gen_ehostop, but for DLT_FDDI
2547 */
2548static struct block *
2549gen_fhostop(eaddr, dir)
2550 register const u_char *eaddr;
2551 register int dir;
2552{
2553 struct block *b0, *b1;
2554
2555 switch (dir) {
2556 case Q_SRC:
2557#ifdef PCAP_FDDIPAD
2126 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr);
2558 return gen_bcmp(OR_LINK, 6 + 1 + pcap_fddipad, 6, eaddr);
2127#else
2559#else
2128 return gen_bcmp(6 + 1, 6, eaddr);
2560 return gen_bcmp(OR_LINK, 6 + 1, 6, eaddr);
2129#endif
2130
2131 case Q_DST:
2132#ifdef PCAP_FDDIPAD
2561#endif
2562
2563 case Q_DST:
2564#ifdef PCAP_FDDIPAD
2133 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr);
2565 return gen_bcmp(OR_LINK, 0 + 1 + pcap_fddipad, 6, eaddr);
2134#else
2566#else
2135 return gen_bcmp(0 + 1, 6, eaddr);
2567 return gen_bcmp(OR_LINK, 0 + 1, 6, eaddr);
2136#endif
2137
2138 case Q_AND:
2139 b0 = gen_fhostop(eaddr, Q_SRC);
2140 b1 = gen_fhostop(eaddr, Q_DST);
2141 gen_and(b0, b1);
2142 return b1;
2143
2144 case Q_DEFAULT:
2145 case Q_OR:
2146 b0 = gen_fhostop(eaddr, Q_SRC);
2147 b1 = gen_fhostop(eaddr, Q_DST);
2148 gen_or(b0, b1);
2149 return b1;
2150 }
2151 abort();
2152 /* NOTREACHED */
2153}
2154
2155/*
2156 * Like gen_ehostop, but for DLT_IEEE802 (Token Ring)
2157 */
2158static struct block *
2159gen_thostop(eaddr, dir)
2160 register const u_char *eaddr;
2161 register int dir;
2162{
2163 register struct block *b0, *b1;
2164
2165 switch (dir) {
2166 case Q_SRC:
2568#endif
2569
2570 case Q_AND:
2571 b0 = gen_fhostop(eaddr, Q_SRC);
2572 b1 = gen_fhostop(eaddr, Q_DST);
2573 gen_and(b0, b1);
2574 return b1;
2575
2576 case Q_DEFAULT:
2577 case Q_OR:
2578 b0 = gen_fhostop(eaddr, Q_SRC);
2579 b1 = gen_fhostop(eaddr, Q_DST);
2580 gen_or(b0, b1);
2581 return b1;
2582 }
2583 abort();
2584 /* NOTREACHED */
2585}
2586
2587/*
2588 * Like gen_ehostop, but for DLT_IEEE802 (Token Ring)
2589 */
2590static struct block *
2591gen_thostop(eaddr, dir)
2592 register const u_char *eaddr;
2593 register int dir;
2594{
2595 register struct block *b0, *b1;
2596
2597 switch (dir) {
2598 case Q_SRC:
2167 return gen_bcmp(8, 6, eaddr);
2599 return gen_bcmp(OR_LINK, 8, 6, eaddr);
2168
2169 case Q_DST:
2600
2601 case Q_DST:
2170 return gen_bcmp(2, 6, eaddr);
2602 return gen_bcmp(OR_LINK, 2, 6, eaddr);
2171
2172 case Q_AND:
2173 b0 = gen_thostop(eaddr, Q_SRC);
2174 b1 = gen_thostop(eaddr, Q_DST);
2175 gen_and(b0, b1);
2176 return b1;
2177
2178 case Q_DEFAULT:
2179 case Q_OR:
2180 b0 = gen_thostop(eaddr, Q_SRC);
2181 b1 = gen_thostop(eaddr, Q_DST);
2182 gen_or(b0, b1);
2183 return b1;
2184 }
2185 abort();
2186 /* NOTREACHED */
2187}
2188
2189/*
2190 * Like gen_ehostop, but for DLT_IEEE802_11 (802.11 wireless LAN)
2191 */
2192static struct block *
2193gen_wlanhostop(eaddr, dir)
2194 register const u_char *eaddr;
2195 register int dir;
2196{
2197 register struct block *b0, *b1, *b2;
2198 register struct slist *s;
2199
2200 switch (dir) {
2201 case Q_SRC:
2202 /*
2203 * Oh, yuk.
2204 *
2205 * For control frames, there is no SA.
2206 *
2207 * For management frames, SA is at an
2208 * offset of 10 from the beginning of
2209 * the packet.
2210 *
2211 * For data frames, SA is at an offset
2212 * of 10 from the beginning of the packet
2213 * if From DS is clear, at an offset of
2214 * 16 from the beginning of the packet
2215 * if From DS is set and To DS is clear,
2216 * and an offset of 24 from the beginning
2217 * of the packet if From DS is set and To DS
2218 * is set.
2219 */
2220
2221 /*
2222 * Generate the tests to be done for data frames
2223 * with From DS set.
2224 *
2225 * First, check for To DS set, i.e. check "link[1] & 0x01".
2226 */
2603
2604 case Q_AND:
2605 b0 = gen_thostop(eaddr, Q_SRC);
2606 b1 = gen_thostop(eaddr, Q_DST);
2607 gen_and(b0, b1);
2608 return b1;
2609
2610 case Q_DEFAULT:
2611 case Q_OR:
2612 b0 = gen_thostop(eaddr, Q_SRC);
2613 b1 = gen_thostop(eaddr, Q_DST);
2614 gen_or(b0, b1);
2615 return b1;
2616 }
2617 abort();
2618 /* NOTREACHED */
2619}
2620
2621/*
2622 * Like gen_ehostop, but for DLT_IEEE802_11 (802.11 wireless LAN)
2623 */
2624static struct block *
2625gen_wlanhostop(eaddr, dir)
2626 register const u_char *eaddr;
2627 register int dir;
2628{
2629 register struct block *b0, *b1, *b2;
2630 register struct slist *s;
2631
2632 switch (dir) {
2633 case Q_SRC:
2634 /*
2635 * Oh, yuk.
2636 *
2637 * For control frames, there is no SA.
2638 *
2639 * For management frames, SA is at an
2640 * offset of 10 from the beginning of
2641 * the packet.
2642 *
2643 * For data frames, SA is at an offset
2644 * of 10 from the beginning of the packet
2645 * if From DS is clear, at an offset of
2646 * 16 from the beginning of the packet
2647 * if From DS is set and To DS is clear,
2648 * and an offset of 24 from the beginning
2649 * of the packet if From DS is set and To DS
2650 * is set.
2651 */
2652
2653 /*
2654 * Generate the tests to be done for data frames
2655 * with From DS set.
2656 *
2657 * First, check for To DS set, i.e. check "link[1] & 0x01".
2658 */
2227 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2228 s->s.k = 1;
2659 s = gen_load_a(OR_LINK, 1, BPF_B);
2229 b1 = new_block(JMP(BPF_JSET));
2230 b1->s.k = 0x01; /* To DS */
2231 b1->stmts = s;
2232
2233 /*
2234 * If To DS is set, the SA is at 24.
2235 */
2660 b1 = new_block(JMP(BPF_JSET));
2661 b1->s.k = 0x01; /* To DS */
2662 b1->stmts = s;
2663
2664 /*
2665 * If To DS is set, the SA is at 24.
2666 */
2236 b0 = gen_bcmp(24, 6, eaddr);
2667 b0 = gen_bcmp(OR_LINK, 24, 6, eaddr);
2237 gen_and(b1, b0);
2238
2239 /*
2240 * Now, check for To DS not set, i.e. check
2241 * "!(link[1] & 0x01)".
2242 */
2668 gen_and(b1, b0);
2669
2670 /*
2671 * Now, check for To DS not set, i.e. check
2672 * "!(link[1] & 0x01)".
2673 */
2243 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2244 s->s.k = 1;
2674 s = gen_load_a(OR_LINK, 1, BPF_B);
2245 b2 = new_block(JMP(BPF_JSET));
2246 b2->s.k = 0x01; /* To DS */
2247 b2->stmts = s;
2248 gen_not(b2);
2249
2250 /*
2251 * If To DS is not set, the SA is at 16.
2252 */
2675 b2 = new_block(JMP(BPF_JSET));
2676 b2->s.k = 0x01; /* To DS */
2677 b2->stmts = s;
2678 gen_not(b2);
2679
2680 /*
2681 * If To DS is not set, the SA is at 16.
2682 */
2253 b1 = gen_bcmp(16, 6, eaddr);
2683 b1 = gen_bcmp(OR_LINK, 16, 6, eaddr);
2254 gen_and(b2, b1);
2255
2256 /*
2257 * Now OR together the last two checks. That gives
2258 * the complete set of checks for data frames with
2259 * From DS set.
2260 */
2261 gen_or(b1, b0);
2262
2263 /*
2264 * Now check for From DS being set, and AND that with
2265 * the ORed-together checks.
2266 */
2684 gen_and(b2, b1);
2685
2686 /*
2687 * Now OR together the last two checks. That gives
2688 * the complete set of checks for data frames with
2689 * From DS set.
2690 */
2691 gen_or(b1, b0);
2692
2693 /*
2694 * Now check for From DS being set, and AND that with
2695 * the ORed-together checks.
2696 */
2267 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2268 s->s.k = 1;
2697 s = gen_load_a(OR_LINK, 1, BPF_B);
2269 b1 = new_block(JMP(BPF_JSET));
2270 b1->s.k = 0x02; /* From DS */
2271 b1->stmts = s;
2272 gen_and(b1, b0);
2273
2274 /*
2275 * Now check for data frames with From DS not set.
2276 */
2698 b1 = new_block(JMP(BPF_JSET));
2699 b1->s.k = 0x02; /* From DS */
2700 b1->stmts = s;
2701 gen_and(b1, b0);
2702
2703 /*
2704 * Now check for data frames with From DS not set.
2705 */
2277 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2278 s->s.k = 1;
2706 s = gen_load_a(OR_LINK, 1, BPF_B);
2279 b2 = new_block(JMP(BPF_JSET));
2280 b2->s.k = 0x02; /* From DS */
2281 b2->stmts = s;
2282 gen_not(b2);
2283
2284 /*
2285 * If From DS isn't set, the SA is at 10.
2286 */
2707 b2 = new_block(JMP(BPF_JSET));
2708 b2->s.k = 0x02; /* From DS */
2709 b2->stmts = s;
2710 gen_not(b2);
2711
2712 /*
2713 * If From DS isn't set, the SA is at 10.
2714 */
2287 b1 = gen_bcmp(10, 6, eaddr);
2715 b1 = gen_bcmp(OR_LINK, 10, 6, eaddr);
2288 gen_and(b2, b1);
2289
2290 /*
2291 * Now OR together the checks for data frames with
2292 * From DS not set and for data frames with From DS
2293 * set; that gives the checks done for data frames.
2294 */
2295 gen_or(b1, b0);
2296
2297 /*
2298 * Now check for a data frame.
2299 * I.e, check "link[0] & 0x08".
2300 */
2716 gen_and(b2, b1);
2717
2718 /*
2719 * Now OR together the checks for data frames with
2720 * From DS not set and for data frames with From DS
2721 * set; that gives the checks done for data frames.
2722 */
2723 gen_or(b1, b0);
2724
2725 /*
2726 * Now check for a data frame.
2727 * I.e, check "link[0] & 0x08".
2728 */
2301 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2302 s->s.k = 0;
2729 gen_load_a(OR_LINK, 0, BPF_B);
2303 b1 = new_block(JMP(BPF_JSET));
2304 b1->s.k = 0x08;
2305 b1->stmts = s;
2306
2307 /*
2308 * AND that with the checks done for data frames.
2309 */
2310 gen_and(b1, b0);
2311
2312 /*
2313 * If the high-order bit of the type value is 0, this
2314 * is a management frame.
2315 * I.e, check "!(link[0] & 0x08)".
2316 */
2730 b1 = new_block(JMP(BPF_JSET));
2731 b1->s.k = 0x08;
2732 b1->stmts = s;
2733
2734 /*
2735 * AND that with the checks done for data frames.
2736 */
2737 gen_and(b1, b0);
2738
2739 /*
2740 * If the high-order bit of the type value is 0, this
2741 * is a management frame.
2742 * I.e, check "!(link[0] & 0x08)".
2743 */
2317 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2318 s->s.k = 0;
2744 s = gen_load_a(OR_LINK, 0, BPF_B);
2319 b2 = new_block(JMP(BPF_JSET));
2320 b2->s.k = 0x08;
2321 b2->stmts = s;
2322 gen_not(b2);
2323
2324 /*
2325 * For management frames, the SA is at 10.
2326 */
2745 b2 = new_block(JMP(BPF_JSET));
2746 b2->s.k = 0x08;
2747 b2->stmts = s;
2748 gen_not(b2);
2749
2750 /*
2751 * For management frames, the SA is at 10.
2752 */
2327 b1 = gen_bcmp(10, 6, eaddr);
2753 b1 = gen_bcmp(OR_LINK, 10, 6, eaddr);
2328 gen_and(b2, b1);
2329
2330 /*
2331 * OR that with the checks done for data frames.
2332 * That gives the checks done for management and
2333 * data frames.
2334 */
2335 gen_or(b1, b0);
2336
2337 /*
2338 * If the low-order bit of the type value is 1,
2339 * this is either a control frame or a frame
2340 * with a reserved type, and thus not a
2341 * frame with an SA.
2342 *
2343 * I.e., check "!(link[0] & 0x04)".
2344 */
2754 gen_and(b2, b1);
2755
2756 /*
2757 * OR that with the checks done for data frames.
2758 * That gives the checks done for management and
2759 * data frames.
2760 */
2761 gen_or(b1, b0);
2762
2763 /*
2764 * If the low-order bit of the type value is 1,
2765 * this is either a control frame or a frame
2766 * with a reserved type, and thus not a
2767 * frame with an SA.
2768 *
2769 * I.e., check "!(link[0] & 0x04)".
2770 */
2345 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2346 s->s.k = 0;
2771 s = gen_load_a(OR_LINK, 0, BPF_B);
2347 b1 = new_block(JMP(BPF_JSET));
2348 b1->s.k = 0x04;
2349 b1->stmts = s;
2350 gen_not(b1);
2351
2352 /*
2353 * AND that with the checks for data and management
2354 * frames.
2355 */
2356 gen_and(b1, b0);
2357 return b0;
2358
2359 case Q_DST:
2360 /*
2361 * Oh, yuk.
2362 *
2363 * For control frames, there is no DA.
2364 *
2365 * For management frames, DA is at an
2366 * offset of 4 from the beginning of
2367 * the packet.
2368 *
2369 * For data frames, DA is at an offset
2370 * of 4 from the beginning of the packet
2371 * if To DS is clear and at an offset of
2372 * 16 from the beginning of the packet
2373 * if To DS is set.
2374 */
2375
2376 /*
2377 * Generate the tests to be done for data frames.
2378 *
2379 * First, check for To DS set, i.e. "link[1] & 0x01".
2380 */
2772 b1 = new_block(JMP(BPF_JSET));
2773 b1->s.k = 0x04;
2774 b1->stmts = s;
2775 gen_not(b1);
2776
2777 /*
2778 * AND that with the checks for data and management
2779 * frames.
2780 */
2781 gen_and(b1, b0);
2782 return b0;
2783
2784 case Q_DST:
2785 /*
2786 * Oh, yuk.
2787 *
2788 * For control frames, there is no DA.
2789 *
2790 * For management frames, DA is at an
2791 * offset of 4 from the beginning of
2792 * the packet.
2793 *
2794 * For data frames, DA is at an offset
2795 * of 4 from the beginning of the packet
2796 * if To DS is clear and at an offset of
2797 * 16 from the beginning of the packet
2798 * if To DS is set.
2799 */
2800
2801 /*
2802 * Generate the tests to be done for data frames.
2803 *
2804 * First, check for To DS set, i.e. "link[1] & 0x01".
2805 */
2381 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2382 s->s.k = 1;
2806 s = gen_load_a(OR_LINK, 1, BPF_B);
2383 b1 = new_block(JMP(BPF_JSET));
2384 b1->s.k = 0x01; /* To DS */
2385 b1->stmts = s;
2386
2387 /*
2388 * If To DS is set, the DA is at 16.
2389 */
2807 b1 = new_block(JMP(BPF_JSET));
2808 b1->s.k = 0x01; /* To DS */
2809 b1->stmts = s;
2810
2811 /*
2812 * If To DS is set, the DA is at 16.
2813 */
2390 b0 = gen_bcmp(16, 6, eaddr);
2814 b0 = gen_bcmp(OR_LINK, 16, 6, eaddr);
2391 gen_and(b1, b0);
2392
2393 /*
2394 * Now, check for To DS not set, i.e. check
2395 * "!(link[1] & 0x01)".
2396 */
2815 gen_and(b1, b0);
2816
2817 /*
2818 * Now, check for To DS not set, i.e. check
2819 * "!(link[1] & 0x01)".
2820 */
2397 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2398 s->s.k = 1;
2821 s = gen_load_a(OR_LINK, 1, BPF_B);
2399 b2 = new_block(JMP(BPF_JSET));
2400 b2->s.k = 0x01; /* To DS */
2401 b2->stmts = s;
2402 gen_not(b2);
2403
2404 /*
2405 * If To DS is not set, the DA is at 4.
2406 */
2822 b2 = new_block(JMP(BPF_JSET));
2823 b2->s.k = 0x01; /* To DS */
2824 b2->stmts = s;
2825 gen_not(b2);
2826
2827 /*
2828 * If To DS is not set, the DA is at 4.
2829 */
2407 b1 = gen_bcmp(4, 6, eaddr);
2830 b1 = gen_bcmp(OR_LINK, 4, 6, eaddr);
2408 gen_and(b2, b1);
2409
2410 /*
2411 * Now OR together the last two checks. That gives
2412 * the complete set of checks for data frames.
2413 */
2414 gen_or(b1, b0);
2415
2416 /*
2417 * Now check for a data frame.
2418 * I.e, check "link[0] & 0x08".
2419 */
2831 gen_and(b2, b1);
2832
2833 /*
2834 * Now OR together the last two checks. That gives
2835 * the complete set of checks for data frames.
2836 */
2837 gen_or(b1, b0);
2838
2839 /*
2840 * Now check for a data frame.
2841 * I.e, check "link[0] & 0x08".
2842 */
2420 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2421 s->s.k = 0;
2843 s = gen_load_a(OR_LINK, 0, BPF_B);
2422 b1 = new_block(JMP(BPF_JSET));
2423 b1->s.k = 0x08;
2424 b1->stmts = s;
2425
2426 /*
2427 * AND that with the checks done for data frames.
2428 */
2429 gen_and(b1, b0);
2430
2431 /*
2432 * If the high-order bit of the type value is 0, this
2433 * is a management frame.
2434 * I.e, check "!(link[0] & 0x08)".
2435 */
2844 b1 = new_block(JMP(BPF_JSET));
2845 b1->s.k = 0x08;
2846 b1->stmts = s;
2847
2848 /*
2849 * AND that with the checks done for data frames.
2850 */
2851 gen_and(b1, b0);
2852
2853 /*
2854 * If the high-order bit of the type value is 0, this
2855 * is a management frame.
2856 * I.e, check "!(link[0] & 0x08)".
2857 */
2436 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2437 s->s.k = 0;
2858 s = gen_load_a(OR_LINK, 0, BPF_B);
2438 b2 = new_block(JMP(BPF_JSET));
2439 b2->s.k = 0x08;
2440 b2->stmts = s;
2441 gen_not(b2);
2442
2443 /*
2444 * For management frames, the DA is at 4.
2445 */
2859 b2 = new_block(JMP(BPF_JSET));
2860 b2->s.k = 0x08;
2861 b2->stmts = s;
2862 gen_not(b2);
2863
2864 /*
2865 * For management frames, the DA is at 4.
2866 */
2446 b1 = gen_bcmp(4, 6, eaddr);
2867 b1 = gen_bcmp(OR_LINK, 4, 6, eaddr);
2447 gen_and(b2, b1);
2448
2449 /*
2450 * OR that with the checks done for data frames.
2451 * That gives the checks done for management and
2452 * data frames.
2453 */
2454 gen_or(b1, b0);
2455
2456 /*
2457 * If the low-order bit of the type value is 1,
2458 * this is either a control frame or a frame
2459 * with a reserved type, and thus not a
2460 * frame with an SA.
2461 *
2462 * I.e., check "!(link[0] & 0x04)".
2463 */
2868 gen_and(b2, b1);
2869
2870 /*
2871 * OR that with the checks done for data frames.
2872 * That gives the checks done for management and
2873 * data frames.
2874 */
2875 gen_or(b1, b0);
2876
2877 /*
2878 * If the low-order bit of the type value is 1,
2879 * this is either a control frame or a frame
2880 * with a reserved type, and thus not a
2881 * frame with an SA.
2882 *
2883 * I.e., check "!(link[0] & 0x04)".
2884 */
2464 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
2465 s->s.k = 0;
2885 s = gen_load_a(OR_LINK, 0, BPF_B);
2466 b1 = new_block(JMP(BPF_JSET));
2467 b1->s.k = 0x04;
2468 b1->stmts = s;
2469 gen_not(b1);
2470
2471 /*
2472 * AND that with the checks for data and management
2473 * frames.
2474 */
2475 gen_and(b1, b0);
2476 return b0;
2477
2478 case Q_AND:
2479 b0 = gen_wlanhostop(eaddr, Q_SRC);
2480 b1 = gen_wlanhostop(eaddr, Q_DST);
2481 gen_and(b0, b1);
2482 return b1;
2483
2484 case Q_DEFAULT:
2485 case Q_OR:
2486 b0 = gen_wlanhostop(eaddr, Q_SRC);
2487 b1 = gen_wlanhostop(eaddr, Q_DST);
2488 gen_or(b0, b1);
2489 return b1;
2490 }
2491 abort();
2492 /* NOTREACHED */
2493}
2494
2495/*
2496 * Like gen_ehostop, but for RFC 2625 IP-over-Fibre-Channel.
2497 * (We assume that the addresses are IEEE 48-bit MAC addresses,
2498 * as the RFC states.)
2499 */
2500static struct block *
2501gen_ipfchostop(eaddr, dir)
2502 register const u_char *eaddr;
2503 register int dir;
2504{
2505 register struct block *b0, *b1;
2506
2507 switch (dir) {
2508 case Q_SRC:
2886 b1 = new_block(JMP(BPF_JSET));
2887 b1->s.k = 0x04;
2888 b1->stmts = s;
2889 gen_not(b1);
2890
2891 /*
2892 * AND that with the checks for data and management
2893 * frames.
2894 */
2895 gen_and(b1, b0);
2896 return b0;
2897
2898 case Q_AND:
2899 b0 = gen_wlanhostop(eaddr, Q_SRC);
2900 b1 = gen_wlanhostop(eaddr, Q_DST);
2901 gen_and(b0, b1);
2902 return b1;
2903
2904 case Q_DEFAULT:
2905 case Q_OR:
2906 b0 = gen_wlanhostop(eaddr, Q_SRC);
2907 b1 = gen_wlanhostop(eaddr, Q_DST);
2908 gen_or(b0, b1);
2909 return b1;
2910 }
2911 abort();
2912 /* NOTREACHED */
2913}
2914
2915/*
2916 * Like gen_ehostop, but for RFC 2625 IP-over-Fibre-Channel.
2917 * (We assume that the addresses are IEEE 48-bit MAC addresses,
2918 * as the RFC states.)
2919 */
2920static struct block *
2921gen_ipfchostop(eaddr, dir)
2922 register const u_char *eaddr;
2923 register int dir;
2924{
2925 register struct block *b0, *b1;
2926
2927 switch (dir) {
2928 case Q_SRC:
2509 return gen_bcmp(10, 6, eaddr);
2929 return gen_bcmp(OR_LINK, 10, 6, eaddr);
2510
2511 case Q_DST:
2930
2931 case Q_DST:
2512 return gen_bcmp(2, 6, eaddr);
2932 return gen_bcmp(OR_LINK, 2, 6, eaddr);
2513
2514 case Q_AND:
2515 b0 = gen_ipfchostop(eaddr, Q_SRC);
2516 b1 = gen_ipfchostop(eaddr, Q_DST);
2517 gen_and(b0, b1);
2518 return b1;
2519
2520 case Q_DEFAULT:
2521 case Q_OR:
2522 b0 = gen_ipfchostop(eaddr, Q_SRC);
2523 b1 = gen_ipfchostop(eaddr, Q_DST);
2524 gen_or(b0, b1);
2525 return b1;
2526 }
2527 abort();
2528 /* NOTREACHED */
2529}
2530
2531/*
2532 * This is quite tricky because there may be pad bytes in front of the
2533 * DECNET header, and then there are two possible data packet formats that
2534 * carry both src and dst addresses, plus 5 packet types in a format that
2535 * carries only the src node, plus 2 types that use a different format and
2536 * also carry just the src node.
2537 *
2538 * Yuck.
2539 *
2540 * Instead of doing those all right, we just look for data packets with
2541 * 0 or 1 bytes of padding. If you want to look at other packets, that
2542 * will require a lot more hacking.
2543 *
2544 * To add support for filtering on DECNET "areas" (network numbers)
2545 * one would want to add a "mask" argument to this routine. That would
2546 * make the filter even more inefficient, although one could be clever
2547 * and not generate masking instructions if the mask is 0xFFFF.
2548 */
2549static struct block *
2933
2934 case Q_AND:
2935 b0 = gen_ipfchostop(eaddr, Q_SRC);
2936 b1 = gen_ipfchostop(eaddr, Q_DST);
2937 gen_and(b0, b1);
2938 return b1;
2939
2940 case Q_DEFAULT:
2941 case Q_OR:
2942 b0 = gen_ipfchostop(eaddr, Q_SRC);
2943 b1 = gen_ipfchostop(eaddr, Q_DST);
2944 gen_or(b0, b1);
2945 return b1;
2946 }
2947 abort();
2948 /* NOTREACHED */
2949}
2950
2951/*
2952 * This is quite tricky because there may be pad bytes in front of the
2953 * DECNET header, and then there are two possible data packet formats that
2954 * carry both src and dst addresses, plus 5 packet types in a format that
2955 * carries only the src node, plus 2 types that use a different format and
2956 * also carry just the src node.
2957 *
2958 * Yuck.
2959 *
2960 * Instead of doing those all right, we just look for data packets with
2961 * 0 or 1 bytes of padding. If you want to look at other packets, that
2962 * will require a lot more hacking.
2963 *
2964 * To add support for filtering on DECNET "areas" (network numbers)
2965 * one would want to add a "mask" argument to this routine. That would
2966 * make the filter even more inefficient, although one could be clever
2967 * and not generate masking instructions if the mask is 0xFFFF.
2968 */
2969static struct block *
2550gen_dnhostop(addr, dir, base_off)
2970gen_dnhostop(addr, dir)
2551 bpf_u_int32 addr;
2552 int dir;
2971 bpf_u_int32 addr;
2972 int dir;
2553 u_int base_off;
2554{
2555 struct block *b0, *b1, *b2, *tmp;
2556 u_int offset_lh; /* offset if long header is received */
2557 u_int offset_sh; /* offset if short header is received */
2558
2559 switch (dir) {
2560
2561 case Q_DST:
2562 offset_sh = 1; /* follows flags */
2563 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */
2564 break;
2565
2566 case Q_SRC:
2567 offset_sh = 3; /* follows flags, dstnode */
2568 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */
2569 break;
2570
2571 case Q_AND:
2572 /* Inefficient because we do our Calvinball dance twice */
2973{
2974 struct block *b0, *b1, *b2, *tmp;
2975 u_int offset_lh; /* offset if long header is received */
2976 u_int offset_sh; /* offset if short header is received */
2977
2978 switch (dir) {
2979
2980 case Q_DST:
2981 offset_sh = 1; /* follows flags */
2982 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */
2983 break;
2984
2985 case Q_SRC:
2986 offset_sh = 3; /* follows flags, dstnode */
2987 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */
2988 break;
2989
2990 case Q_AND:
2991 /* Inefficient because we do our Calvinball dance twice */
2573 b0 = gen_dnhostop(addr, Q_SRC, base_off);
2574 b1 = gen_dnhostop(addr, Q_DST, base_off);
2992 b0 = gen_dnhostop(addr, Q_SRC);
2993 b1 = gen_dnhostop(addr, Q_DST);
2575 gen_and(b0, b1);
2576 return b1;
2577
2578 case Q_OR:
2579 case Q_DEFAULT:
2580 /* Inefficient because we do our Calvinball dance twice */
2994 gen_and(b0, b1);
2995 return b1;
2996
2997 case Q_OR:
2998 case Q_DEFAULT:
2999 /* Inefficient because we do our Calvinball dance twice */
2581 b0 = gen_dnhostop(addr, Q_SRC, base_off);
2582 b1 = gen_dnhostop(addr, Q_DST, base_off);
3000 b0 = gen_dnhostop(addr, Q_SRC);
3001 b1 = gen_dnhostop(addr, Q_DST);
2583 gen_or(b0, b1);
2584 return b1;
2585
2586 case Q_ISO:
2587 bpf_error("ISO host filtering not implemented");
2588
2589 default:
2590 abort();
2591 }
2592 b0 = gen_linktype(ETHERTYPE_DN);
2593 /* Check for pad = 1, long header case */
3002 gen_or(b0, b1);
3003 return b1;
3004
3005 case Q_ISO:
3006 bpf_error("ISO host filtering not implemented");
3007
3008 default:
3009 abort();
3010 }
3011 b0 = gen_linktype(ETHERTYPE_DN);
3012 /* Check for pad = 1, long header case */
2594 tmp = gen_mcmp(base_off + 2, BPF_H,
3013 tmp = gen_mcmp(OR_NET, 2, BPF_H,
2595 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF));
3014 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF));
2596 b1 = gen_cmp(base_off + 2 + 1 + offset_lh,
3015 b1 = gen_cmp(OR_NET, 2 + 1 + offset_lh,
2597 BPF_H, (bpf_int32)ntohs(addr));
2598 gen_and(tmp, b1);
2599 /* Check for pad = 0, long header case */
3016 BPF_H, (bpf_int32)ntohs(addr));
3017 gen_and(tmp, b1);
3018 /* Check for pad = 0, long header case */
2600 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7);
2601 b2 = gen_cmp(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr));
3019 tmp = gen_mcmp(OR_NET, 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7);
3020 b2 = gen_cmp(OR_NET, 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr));
2602 gen_and(tmp, b2);
2603 gen_or(b2, b1);
2604 /* Check for pad = 1, short header case */
3021 gen_and(tmp, b2);
3022 gen_or(b2, b1);
3023 /* Check for pad = 1, short header case */
2605 tmp = gen_mcmp(base_off + 2, BPF_H,
3024 tmp = gen_mcmp(OR_NET, 2, BPF_H,
2606 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF));
3025 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF));
2607 b2 = gen_cmp(base_off + 2 + 1 + offset_sh,
2608 BPF_H, (bpf_int32)ntohs(addr));
3026 b2 = gen_cmp(OR_NET, 2 + 1 + offset_sh, BPF_H, (bpf_int32)ntohs(addr));
2609 gen_and(tmp, b2);
2610 gen_or(b2, b1);
2611 /* Check for pad = 0, short header case */
3027 gen_and(tmp, b2);
3028 gen_or(b2, b1);
3029 /* Check for pad = 0, short header case */
2612 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7);
2613 b2 = gen_cmp(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr));
3030 tmp = gen_mcmp(OR_NET, 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7);
3031 b2 = gen_cmp(OR_NET, 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr));
2614 gen_and(tmp, b2);
2615 gen_or(b2, b1);
2616
2617 /* Combine with test for linktype */
2618 gen_and(b0, b1);
2619 return b1;
2620}
2621
2622static struct block *
2623gen_host(addr, mask, proto, dir)
2624 bpf_u_int32 addr;
2625 bpf_u_int32 mask;
2626 int proto;
2627 int dir;
2628{
2629 struct block *b0, *b1;
2630
2631 switch (proto) {
2632
2633 case Q_DEFAULT:
2634 b0 = gen_host(addr, mask, Q_IP, dir);
2635 if (off_linktype != (u_int)-1) {
2636 b1 = gen_host(addr, mask, Q_ARP, dir);
2637 gen_or(b0, b1);
2638 b0 = gen_host(addr, mask, Q_RARP, dir);
2639 gen_or(b1, b0);
2640 }
2641 return b0;
2642
2643 case Q_IP:
3032 gen_and(tmp, b2);
3033 gen_or(b2, b1);
3034
3035 /* Combine with test for linktype */
3036 gen_and(b0, b1);
3037 return b1;
3038}
3039
3040static struct block *
3041gen_host(addr, mask, proto, dir)
3042 bpf_u_int32 addr;
3043 bpf_u_int32 mask;
3044 int proto;
3045 int dir;
3046{
3047 struct block *b0, *b1;
3048
3049 switch (proto) {
3050
3051 case Q_DEFAULT:
3052 b0 = gen_host(addr, mask, Q_IP, dir);
3053 if (off_linktype != (u_int)-1) {
3054 b1 = gen_host(addr, mask, Q_ARP, dir);
3055 gen_or(b0, b1);
3056 b0 = gen_host(addr, mask, Q_RARP, dir);
3057 gen_or(b1, b0);
3058 }
3059 return b0;
3060
3061 case Q_IP:
2644 return gen_hostop(addr, mask, dir, ETHERTYPE_IP,
2645 off_nl + 12, off_nl + 16);
3062 return gen_hostop(addr, mask, dir, ETHERTYPE_IP, 12, 16);
2646
2647 case Q_RARP:
3063
3064 case Q_RARP:
2648 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP,
2649 off_nl + 14, off_nl + 24);
3065 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP, 14, 24);
2650
2651 case Q_ARP:
3066
3067 case Q_ARP:
2652 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP,
2653 off_nl + 14, off_nl + 24);
3068 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP, 14, 24);
2654
2655 case Q_TCP:
2656 bpf_error("'tcp' modifier applied to host");
2657
2658 case Q_SCTP:
2659 bpf_error("'sctp' modifier applied to host");
2660
2661 case Q_UDP:
2662 bpf_error("'udp' modifier applied to host");
2663
2664 case Q_ICMP:
2665 bpf_error("'icmp' modifier applied to host");
2666
2667 case Q_IGMP:
2668 bpf_error("'igmp' modifier applied to host");
2669
2670 case Q_IGRP:
2671 bpf_error("'igrp' modifier applied to host");
2672
2673 case Q_PIM:
2674 bpf_error("'pim' modifier applied to host");
2675
2676 case Q_VRRP:
2677 bpf_error("'vrrp' modifier applied to host");
2678
2679 case Q_ATALK:
2680 bpf_error("ATALK host filtering not implemented");
2681
2682 case Q_AARP:
2683 bpf_error("AARP host filtering not implemented");
2684
2685 case Q_DECNET:
3069
3070 case Q_TCP:
3071 bpf_error("'tcp' modifier applied to host");
3072
3073 case Q_SCTP:
3074 bpf_error("'sctp' modifier applied to host");
3075
3076 case Q_UDP:
3077 bpf_error("'udp' modifier applied to host");
3078
3079 case Q_ICMP:
3080 bpf_error("'icmp' modifier applied to host");
3081
3082 case Q_IGMP:
3083 bpf_error("'igmp' modifier applied to host");
3084
3085 case Q_IGRP:
3086 bpf_error("'igrp' modifier applied to host");
3087
3088 case Q_PIM:
3089 bpf_error("'pim' modifier applied to host");
3090
3091 case Q_VRRP:
3092 bpf_error("'vrrp' modifier applied to host");
3093
3094 case Q_ATALK:
3095 bpf_error("ATALK host filtering not implemented");
3096
3097 case Q_AARP:
3098 bpf_error("AARP host filtering not implemented");
3099
3100 case Q_DECNET:
2686 return gen_dnhostop(addr, dir, off_nl);
3101 return gen_dnhostop(addr, dir);
2687
2688 case Q_SCA:
2689 bpf_error("SCA host filtering not implemented");
2690
2691 case Q_LAT:
2692 bpf_error("LAT host filtering not implemented");
2693
2694 case Q_MOPDL:
2695 bpf_error("MOPDL host filtering not implemented");
2696
2697 case Q_MOPRC:
2698 bpf_error("MOPRC host filtering not implemented");
2699
2700#ifdef INET6
2701 case Q_IPV6:
2702 bpf_error("'ip6' modifier applied to ip host");
2703
2704 case Q_ICMPV6:
2705 bpf_error("'icmp6' modifier applied to host");
2706#endif /* INET6 */
2707
2708 case Q_AH:
2709 bpf_error("'ah' modifier applied to host");
2710
2711 case Q_ESP:
2712 bpf_error("'esp' modifier applied to host");
2713
2714 case Q_ISO:
2715 bpf_error("ISO host filtering not implemented");
2716
2717 case Q_ESIS:
2718 bpf_error("'esis' modifier applied to host");
2719
2720 case Q_ISIS:
2721 bpf_error("'isis' modifier applied to host");
2722
2723 case Q_CLNP:
2724 bpf_error("'clnp' modifier applied to host");
2725
2726 case Q_STP:
2727 bpf_error("'stp' modifier applied to host");
2728
2729 case Q_IPX:
2730 bpf_error("IPX host filtering not implemented");
2731
2732 case Q_NETBEUI:
2733 bpf_error("'netbeui' modifier applied to host");
2734
3102
3103 case Q_SCA:
3104 bpf_error("SCA host filtering not implemented");
3105
3106 case Q_LAT:
3107 bpf_error("LAT host filtering not implemented");
3108
3109 case Q_MOPDL:
3110 bpf_error("MOPDL host filtering not implemented");
3111
3112 case Q_MOPRC:
3113 bpf_error("MOPRC host filtering not implemented");
3114
3115#ifdef INET6
3116 case Q_IPV6:
3117 bpf_error("'ip6' modifier applied to ip host");
3118
3119 case Q_ICMPV6:
3120 bpf_error("'icmp6' modifier applied to host");
3121#endif /* INET6 */
3122
3123 case Q_AH:
3124 bpf_error("'ah' modifier applied to host");
3125
3126 case Q_ESP:
3127 bpf_error("'esp' modifier applied to host");
3128
3129 case Q_ISO:
3130 bpf_error("ISO host filtering not implemented");
3131
3132 case Q_ESIS:
3133 bpf_error("'esis' modifier applied to host");
3134
3135 case Q_ISIS:
3136 bpf_error("'isis' modifier applied to host");
3137
3138 case Q_CLNP:
3139 bpf_error("'clnp' modifier applied to host");
3140
3141 case Q_STP:
3142 bpf_error("'stp' modifier applied to host");
3143
3144 case Q_IPX:
3145 bpf_error("IPX host filtering not implemented");
3146
3147 case Q_NETBEUI:
3148 bpf_error("'netbeui' modifier applied to host");
3149
3150 case Q_RADIO:
3151 bpf_error("'radio' modifier applied to host");
3152
2735 default:
2736 abort();
2737 }
2738 /* NOTREACHED */
2739}
2740
2741#ifdef INET6
2742static struct block *
2743gen_host6(addr, mask, proto, dir)
2744 struct in6_addr *addr;
2745 struct in6_addr *mask;
2746 int proto;
2747 int dir;
2748{
2749 switch (proto) {
2750
2751 case Q_DEFAULT:
2752 return gen_host6(addr, mask, Q_IPV6, dir);
2753
2754 case Q_IP:
2755 bpf_error("'ip' modifier applied to ip6 host");
2756
2757 case Q_RARP:
2758 bpf_error("'rarp' modifier applied to ip6 host");
2759
2760 case Q_ARP:
2761 bpf_error("'arp' modifier applied to ip6 host");
2762
2763 case Q_SCTP:
2764 bpf_error("'sctp' modifier applied to host");
2765
2766 case Q_TCP:
2767 bpf_error("'tcp' modifier applied to host");
2768
2769 case Q_UDP:
2770 bpf_error("'udp' modifier applied to host");
2771
2772 case Q_ICMP:
2773 bpf_error("'icmp' modifier applied to host");
2774
2775 case Q_IGMP:
2776 bpf_error("'igmp' modifier applied to host");
2777
2778 case Q_IGRP:
2779 bpf_error("'igrp' modifier applied to host");
2780
2781 case Q_PIM:
2782 bpf_error("'pim' modifier applied to host");
2783
2784 case Q_VRRP:
2785 bpf_error("'vrrp' modifier applied to host");
2786
2787 case Q_ATALK:
2788 bpf_error("ATALK host filtering not implemented");
2789
2790 case Q_AARP:
2791 bpf_error("AARP host filtering not implemented");
2792
2793 case Q_DECNET:
2794 bpf_error("'decnet' modifier applied to ip6 host");
2795
2796 case Q_SCA:
2797 bpf_error("SCA host filtering not implemented");
2798
2799 case Q_LAT:
2800 bpf_error("LAT host filtering not implemented");
2801
2802 case Q_MOPDL:
2803 bpf_error("MOPDL host filtering not implemented");
2804
2805 case Q_MOPRC:
2806 bpf_error("MOPRC host filtering not implemented");
2807
2808 case Q_IPV6:
3153 default:
3154 abort();
3155 }
3156 /* NOTREACHED */
3157}
3158
3159#ifdef INET6
3160static struct block *
3161gen_host6(addr, mask, proto, dir)
3162 struct in6_addr *addr;
3163 struct in6_addr *mask;
3164 int proto;
3165 int dir;
3166{
3167 switch (proto) {
3168
3169 case Q_DEFAULT:
3170 return gen_host6(addr, mask, Q_IPV6, dir);
3171
3172 case Q_IP:
3173 bpf_error("'ip' modifier applied to ip6 host");
3174
3175 case Q_RARP:
3176 bpf_error("'rarp' modifier applied to ip6 host");
3177
3178 case Q_ARP:
3179 bpf_error("'arp' modifier applied to ip6 host");
3180
3181 case Q_SCTP:
3182 bpf_error("'sctp' modifier applied to host");
3183
3184 case Q_TCP:
3185 bpf_error("'tcp' modifier applied to host");
3186
3187 case Q_UDP:
3188 bpf_error("'udp' modifier applied to host");
3189
3190 case Q_ICMP:
3191 bpf_error("'icmp' modifier applied to host");
3192
3193 case Q_IGMP:
3194 bpf_error("'igmp' modifier applied to host");
3195
3196 case Q_IGRP:
3197 bpf_error("'igrp' modifier applied to host");
3198
3199 case Q_PIM:
3200 bpf_error("'pim' modifier applied to host");
3201
3202 case Q_VRRP:
3203 bpf_error("'vrrp' modifier applied to host");
3204
3205 case Q_ATALK:
3206 bpf_error("ATALK host filtering not implemented");
3207
3208 case Q_AARP:
3209 bpf_error("AARP host filtering not implemented");
3210
3211 case Q_DECNET:
3212 bpf_error("'decnet' modifier applied to ip6 host");
3213
3214 case Q_SCA:
3215 bpf_error("SCA host filtering not implemented");
3216
3217 case Q_LAT:
3218 bpf_error("LAT host filtering not implemented");
3219
3220 case Q_MOPDL:
3221 bpf_error("MOPDL host filtering not implemented");
3222
3223 case Q_MOPRC:
3224 bpf_error("MOPRC host filtering not implemented");
3225
3226 case Q_IPV6:
2809 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6,
2810 off_nl + 8, off_nl + 24);
3227 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6, 8, 24);
2811
2812 case Q_ICMPV6:
2813 bpf_error("'icmp6' modifier applied to host");
2814
2815 case Q_AH:
2816 bpf_error("'ah' modifier applied to host");
2817
2818 case Q_ESP:
2819 bpf_error("'esp' modifier applied to host");
2820
2821 case Q_ISO:
2822 bpf_error("ISO host filtering not implemented");
2823
2824 case Q_ESIS:
2825 bpf_error("'esis' modifier applied to host");
2826
2827 case Q_ISIS:
2828 bpf_error("'isis' modifier applied to host");
2829
2830 case Q_CLNP:
2831 bpf_error("'clnp' modifier applied to host");
2832
2833 case Q_STP:
2834 bpf_error("'stp' modifier applied to host");
2835
2836 case Q_IPX:
2837 bpf_error("IPX host filtering not implemented");
2838
2839 case Q_NETBEUI:
2840 bpf_error("'netbeui' modifier applied to host");
2841
3228
3229 case Q_ICMPV6:
3230 bpf_error("'icmp6' modifier applied to host");
3231
3232 case Q_AH:
3233 bpf_error("'ah' modifier applied to host");
3234
3235 case Q_ESP:
3236 bpf_error("'esp' modifier applied to host");
3237
3238 case Q_ISO:
3239 bpf_error("ISO host filtering not implemented");
3240
3241 case Q_ESIS:
3242 bpf_error("'esis' modifier applied to host");
3243
3244 case Q_ISIS:
3245 bpf_error("'isis' modifier applied to host");
3246
3247 case Q_CLNP:
3248 bpf_error("'clnp' modifier applied to host");
3249
3250 case Q_STP:
3251 bpf_error("'stp' modifier applied to host");
3252
3253 case Q_IPX:
3254 bpf_error("IPX host filtering not implemented");
3255
3256 case Q_NETBEUI:
3257 bpf_error("'netbeui' modifier applied to host");
3258
3259 case Q_RADIO:
3260 bpf_error("'radio' modifier applied to host");
3261
2842 default:
2843 abort();
2844 }
2845 /* NOTREACHED */
2846}
2847#endif /*INET6*/
2848
2849#ifndef INET6
2850static struct block *
2851gen_gateway(eaddr, alist, proto, dir)
2852 const u_char *eaddr;
2853 bpf_u_int32 **alist;
2854 int proto;
2855 int dir;
2856{
2857 struct block *b0, *b1, *tmp;
2858
2859 if (dir != 0)
2860 bpf_error("direction applied to 'gateway'");
2861
2862 switch (proto) {
2863 case Q_DEFAULT:
2864 case Q_IP:
2865 case Q_ARP:
2866 case Q_RARP:
2867 if (linktype == DLT_EN10MB)
2868 b0 = gen_ehostop(eaddr, Q_OR);
2869 else if (linktype == DLT_FDDI)
2870 b0 = gen_fhostop(eaddr, Q_OR);
2871 else if (linktype == DLT_IEEE802)
2872 b0 = gen_thostop(eaddr, Q_OR);
3262 default:
3263 abort();
3264 }
3265 /* NOTREACHED */
3266}
3267#endif /*INET6*/
3268
3269#ifndef INET6
3270static struct block *
3271gen_gateway(eaddr, alist, proto, dir)
3272 const u_char *eaddr;
3273 bpf_u_int32 **alist;
3274 int proto;
3275 int dir;
3276{
3277 struct block *b0, *b1, *tmp;
3278
3279 if (dir != 0)
3280 bpf_error("direction applied to 'gateway'");
3281
3282 switch (proto) {
3283 case Q_DEFAULT:
3284 case Q_IP:
3285 case Q_ARP:
3286 case Q_RARP:
3287 if (linktype == DLT_EN10MB)
3288 b0 = gen_ehostop(eaddr, Q_OR);
3289 else if (linktype == DLT_FDDI)
3290 b0 = gen_fhostop(eaddr, Q_OR);
3291 else if (linktype == DLT_IEEE802)
3292 b0 = gen_thostop(eaddr, Q_OR);
2873 else if (linktype == DLT_IEEE802_11)
3293 else if (linktype == DLT_IEEE802_11 ||
3294 linktype == DLT_IEEE802_11_RADIO_AVS ||
3295 linktype == DLT_IEEE802_11_RADIO ||
3296 linktype == DLT_PRISM_HEADER)
2874 b0 = gen_wlanhostop(eaddr, Q_OR);
2875 else if (linktype == DLT_SUNATM && is_lane) {
2876 /*
2877 * Check that the packet doesn't begin with an
2878 * LE Control marker. (We've already generated
2879 * a test for LANE.)
2880 */
3297 b0 = gen_wlanhostop(eaddr, Q_OR);
3298 else if (linktype == DLT_SUNATM && is_lane) {
3299 /*
3300 * Check that the packet doesn't begin with an
3301 * LE Control marker. (We've already generated
3302 * a test for LANE.)
3303 */
2881 b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
3304 b1 = gen_cmp(OR_LINK, SUNATM_PKT_BEGIN_POS, BPF_H,
3305 0xFF00);
2882 gen_not(b1);
2883
2884 /*
2885 * Now check the MAC address.
2886 */
2887 b0 = gen_ehostop(eaddr, Q_OR);
2888 gen_and(b1, b0);
2889 } else if (linktype == DLT_IP_OVER_FC)
2890 b0 = gen_ipfchostop(eaddr, Q_OR);
2891 else
2892 bpf_error(
2893 "'gateway' supported only on ethernet/FDDI/token ring/802.11/Fibre Channel");
2894
2895 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR);
2896 while (*alist) {
2897 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR);
2898 gen_or(b1, tmp);
2899 b1 = tmp;
2900 }
2901 gen_not(b1);
2902 gen_and(b0, b1);
2903 return b1;
2904 }
2905 bpf_error("illegal modifier of 'gateway'");
2906 /* NOTREACHED */
2907}
2908#endif
2909
2910struct block *
2911gen_proto_abbrev(proto)
2912 int proto;
2913{
2914 struct block *b0;
2915 struct block *b1;
2916
2917 switch (proto) {
2918
2919 case Q_SCTP:
2920 b1 = gen_proto(IPPROTO_SCTP, Q_IP, Q_DEFAULT);
2921#ifdef INET6
2922 b0 = gen_proto(IPPROTO_SCTP, Q_IPV6, Q_DEFAULT);
2923 gen_or(b0, b1);
2924#endif
2925 break;
2926
2927 case Q_TCP:
2928 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT);
2929#ifdef INET6
2930 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT);
2931 gen_or(b0, b1);
2932#endif
2933 break;
2934
2935 case Q_UDP:
2936 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT);
2937#ifdef INET6
2938 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT);
2939 gen_or(b0, b1);
2940#endif
2941 break;
2942
2943 case Q_ICMP:
2944 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT);
2945 break;
2946
2947#ifndef IPPROTO_IGMP
2948#define IPPROTO_IGMP 2
2949#endif
2950
2951 case Q_IGMP:
2952 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT);
2953 break;
2954
2955#ifndef IPPROTO_IGRP
2956#define IPPROTO_IGRP 9
2957#endif
2958 case Q_IGRP:
2959 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT);
2960 break;
2961
2962#ifndef IPPROTO_PIM
2963#define IPPROTO_PIM 103
2964#endif
2965
2966 case Q_PIM:
2967 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT);
2968#ifdef INET6
2969 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT);
2970 gen_or(b0, b1);
2971#endif
2972 break;
2973
2974#ifndef IPPROTO_VRRP
2975#define IPPROTO_VRRP 112
2976#endif
2977
2978 case Q_VRRP:
2979 b1 = gen_proto(IPPROTO_VRRP, Q_IP, Q_DEFAULT);
2980 break;
2981
2982 case Q_IP:
2983 b1 = gen_linktype(ETHERTYPE_IP);
2984 break;
2985
2986 case Q_ARP:
2987 b1 = gen_linktype(ETHERTYPE_ARP);
2988 break;
2989
2990 case Q_RARP:
2991 b1 = gen_linktype(ETHERTYPE_REVARP);
2992 break;
2993
2994 case Q_LINK:
2995 bpf_error("link layer applied in wrong context");
2996
2997 case Q_ATALK:
2998 b1 = gen_linktype(ETHERTYPE_ATALK);
2999 break;
3000
3001 case Q_AARP:
3002 b1 = gen_linktype(ETHERTYPE_AARP);
3003 break;
3004
3005 case Q_DECNET:
3006 b1 = gen_linktype(ETHERTYPE_DN);
3007 break;
3008
3009 case Q_SCA:
3010 b1 = gen_linktype(ETHERTYPE_SCA);
3011 break;
3012
3013 case Q_LAT:
3014 b1 = gen_linktype(ETHERTYPE_LAT);
3015 break;
3016
3017 case Q_MOPDL:
3018 b1 = gen_linktype(ETHERTYPE_MOPDL);
3019 break;
3020
3021 case Q_MOPRC:
3022 b1 = gen_linktype(ETHERTYPE_MOPRC);
3023 break;
3024
3025#ifdef INET6
3026 case Q_IPV6:
3027 b1 = gen_linktype(ETHERTYPE_IPV6);
3028 break;
3029
3030#ifndef IPPROTO_ICMPV6
3031#define IPPROTO_ICMPV6 58
3032#endif
3033 case Q_ICMPV6:
3034 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT);
3035 break;
3036#endif /* INET6 */
3037
3038#ifndef IPPROTO_AH
3039#define IPPROTO_AH 51
3040#endif
3041 case Q_AH:
3042 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT);
3043#ifdef INET6
3044 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT);
3045 gen_or(b0, b1);
3046#endif
3047 break;
3048
3049#ifndef IPPROTO_ESP
3050#define IPPROTO_ESP 50
3051#endif
3052 case Q_ESP:
3053 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT);
3054#ifdef INET6
3055 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT);
3056 gen_or(b0, b1);
3057#endif
3058 break;
3059
3060 case Q_ISO:
3061 b1 = gen_linktype(LLCSAP_ISONS);
3062 break;
3063
3064 case Q_ESIS:
3065 b1 = gen_proto(ISO9542_ESIS, Q_ISO, Q_DEFAULT);
3066 break;
3067
3068 case Q_ISIS:
3069 b1 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT);
3070 break;
3071
3072 case Q_ISIS_L1: /* all IS-IS Level1 PDU-Types */
3073 b0 = gen_proto(ISIS_L1_LAN_IIH, Q_ISIS, Q_DEFAULT);
3074 b1 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT); /* FIXME extract the circuit-type bits */
3075 gen_or(b0, b1);
3076 b0 = gen_proto(ISIS_L1_LSP, Q_ISIS, Q_DEFAULT);
3077 gen_or(b0, b1);
3078 b0 = gen_proto(ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT);
3079 gen_or(b0, b1);
3080 b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT);
3081 gen_or(b0, b1);
3082 break;
3083
3084 case Q_ISIS_L2: /* all IS-IS Level2 PDU-Types */
3085 b0 = gen_proto(ISIS_L2_LAN_IIH, Q_ISIS, Q_DEFAULT);
3086 b1 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT); /* FIXME extract the circuit-type bits */
3087 gen_or(b0, b1);
3088 b0 = gen_proto(ISIS_L2_LSP, Q_ISIS, Q_DEFAULT);
3089 gen_or(b0, b1);
3090 b0 = gen_proto(ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT);
3091 gen_or(b0, b1);
3092 b0 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT);
3093 gen_or(b0, b1);
3094 break;
3095
3096 case Q_ISIS_IIH: /* all IS-IS Hello PDU-Types */
3097 b0 = gen_proto(ISIS_L1_LAN_IIH, Q_ISIS, Q_DEFAULT);
3098 b1 = gen_proto(ISIS_L2_LAN_IIH, Q_ISIS, Q_DEFAULT);
3099 gen_or(b0, b1);
3100 b0 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT);
3101 gen_or(b0, b1);
3102 break;
3103
3104 case Q_ISIS_LSP:
3105 b0 = gen_proto(ISIS_L1_LSP, Q_ISIS, Q_DEFAULT);
3106 b1 = gen_proto(ISIS_L2_LSP, Q_ISIS, Q_DEFAULT);
3107 gen_or(b0, b1);
3108 break;
3109
3110 case Q_ISIS_SNP:
3111 b0 = gen_proto(ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT);
3112 b1 = gen_proto(ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT);
3113 gen_or(b0, b1);
3114 b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT);
3115 gen_or(b0, b1);
3116 b0 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT);
3117 gen_or(b0, b1);
3118 break;
3119
3120 case Q_ISIS_CSNP:
3121 b0 = gen_proto(ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT);
3122 b1 = gen_proto(ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT);
3123 gen_or(b0, b1);
3124 break;
3125
3126 case Q_ISIS_PSNP:
3127 b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT);
3128 b1 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT);
3129 gen_or(b0, b1);
3130 break;
3131
3132 case Q_CLNP:
3133 b1 = gen_proto(ISO8473_CLNP, Q_ISO, Q_DEFAULT);
3134 break;
3135
3136 case Q_STP:
3137 b1 = gen_linktype(LLCSAP_8021D);
3138 break;
3139
3140 case Q_IPX:
3141 b1 = gen_linktype(LLCSAP_IPX);
3142 break;
3143
3144 case Q_NETBEUI:
3145 b1 = gen_linktype(LLCSAP_NETBEUI);
3146 break;
3147
3306 gen_not(b1);
3307
3308 /*
3309 * Now check the MAC address.
3310 */
3311 b0 = gen_ehostop(eaddr, Q_OR);
3312 gen_and(b1, b0);
3313 } else if (linktype == DLT_IP_OVER_FC)
3314 b0 = gen_ipfchostop(eaddr, Q_OR);
3315 else
3316 bpf_error(
3317 "'gateway' supported only on ethernet/FDDI/token ring/802.11/Fibre Channel");
3318
3319 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR);
3320 while (*alist) {
3321 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR);
3322 gen_or(b1, tmp);
3323 b1 = tmp;
3324 }
3325 gen_not(b1);
3326 gen_and(b0, b1);
3327 return b1;
3328 }
3329 bpf_error("illegal modifier of 'gateway'");
3330 /* NOTREACHED */
3331}
3332#endif
3333
3334struct block *
3335gen_proto_abbrev(proto)
3336 int proto;
3337{
3338 struct block *b0;
3339 struct block *b1;
3340
3341 switch (proto) {
3342
3343 case Q_SCTP:
3344 b1 = gen_proto(IPPROTO_SCTP, Q_IP, Q_DEFAULT);
3345#ifdef INET6
3346 b0 = gen_proto(IPPROTO_SCTP, Q_IPV6, Q_DEFAULT);
3347 gen_or(b0, b1);
3348#endif
3349 break;
3350
3351 case Q_TCP:
3352 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT);
3353#ifdef INET6
3354 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT);
3355 gen_or(b0, b1);
3356#endif
3357 break;
3358
3359 case Q_UDP:
3360 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT);
3361#ifdef INET6
3362 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT);
3363 gen_or(b0, b1);
3364#endif
3365 break;
3366
3367 case Q_ICMP:
3368 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT);
3369 break;
3370
3371#ifndef IPPROTO_IGMP
3372#define IPPROTO_IGMP 2
3373#endif
3374
3375 case Q_IGMP:
3376 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT);
3377 break;
3378
3379#ifndef IPPROTO_IGRP
3380#define IPPROTO_IGRP 9
3381#endif
3382 case Q_IGRP:
3383 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT);
3384 break;
3385
3386#ifndef IPPROTO_PIM
3387#define IPPROTO_PIM 103
3388#endif
3389
3390 case Q_PIM:
3391 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT);
3392#ifdef INET6
3393 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT);
3394 gen_or(b0, b1);
3395#endif
3396 break;
3397
3398#ifndef IPPROTO_VRRP
3399#define IPPROTO_VRRP 112
3400#endif
3401
3402 case Q_VRRP:
3403 b1 = gen_proto(IPPROTO_VRRP, Q_IP, Q_DEFAULT);
3404 break;
3405
3406 case Q_IP:
3407 b1 = gen_linktype(ETHERTYPE_IP);
3408 break;
3409
3410 case Q_ARP:
3411 b1 = gen_linktype(ETHERTYPE_ARP);
3412 break;
3413
3414 case Q_RARP:
3415 b1 = gen_linktype(ETHERTYPE_REVARP);
3416 break;
3417
3418 case Q_LINK:
3419 bpf_error("link layer applied in wrong context");
3420
3421 case Q_ATALK:
3422 b1 = gen_linktype(ETHERTYPE_ATALK);
3423 break;
3424
3425 case Q_AARP:
3426 b1 = gen_linktype(ETHERTYPE_AARP);
3427 break;
3428
3429 case Q_DECNET:
3430 b1 = gen_linktype(ETHERTYPE_DN);
3431 break;
3432
3433 case Q_SCA:
3434 b1 = gen_linktype(ETHERTYPE_SCA);
3435 break;
3436
3437 case Q_LAT:
3438 b1 = gen_linktype(ETHERTYPE_LAT);
3439 break;
3440
3441 case Q_MOPDL:
3442 b1 = gen_linktype(ETHERTYPE_MOPDL);
3443 break;
3444
3445 case Q_MOPRC:
3446 b1 = gen_linktype(ETHERTYPE_MOPRC);
3447 break;
3448
3449#ifdef INET6
3450 case Q_IPV6:
3451 b1 = gen_linktype(ETHERTYPE_IPV6);
3452 break;
3453
3454#ifndef IPPROTO_ICMPV6
3455#define IPPROTO_ICMPV6 58
3456#endif
3457 case Q_ICMPV6:
3458 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT);
3459 break;
3460#endif /* INET6 */
3461
3462#ifndef IPPROTO_AH
3463#define IPPROTO_AH 51
3464#endif
3465 case Q_AH:
3466 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT);
3467#ifdef INET6
3468 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT);
3469 gen_or(b0, b1);
3470#endif
3471 break;
3472
3473#ifndef IPPROTO_ESP
3474#define IPPROTO_ESP 50
3475#endif
3476 case Q_ESP:
3477 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT);
3478#ifdef INET6
3479 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT);
3480 gen_or(b0, b1);
3481#endif
3482 break;
3483
3484 case Q_ISO:
3485 b1 = gen_linktype(LLCSAP_ISONS);
3486 break;
3487
3488 case Q_ESIS:
3489 b1 = gen_proto(ISO9542_ESIS, Q_ISO, Q_DEFAULT);
3490 break;
3491
3492 case Q_ISIS:
3493 b1 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT);
3494 break;
3495
3496 case Q_ISIS_L1: /* all IS-IS Level1 PDU-Types */
3497 b0 = gen_proto(ISIS_L1_LAN_IIH, Q_ISIS, Q_DEFAULT);
3498 b1 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT); /* FIXME extract the circuit-type bits */
3499 gen_or(b0, b1);
3500 b0 = gen_proto(ISIS_L1_LSP, Q_ISIS, Q_DEFAULT);
3501 gen_or(b0, b1);
3502 b0 = gen_proto(ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT);
3503 gen_or(b0, b1);
3504 b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT);
3505 gen_or(b0, b1);
3506 break;
3507
3508 case Q_ISIS_L2: /* all IS-IS Level2 PDU-Types */
3509 b0 = gen_proto(ISIS_L2_LAN_IIH, Q_ISIS, Q_DEFAULT);
3510 b1 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT); /* FIXME extract the circuit-type bits */
3511 gen_or(b0, b1);
3512 b0 = gen_proto(ISIS_L2_LSP, Q_ISIS, Q_DEFAULT);
3513 gen_or(b0, b1);
3514 b0 = gen_proto(ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT);
3515 gen_or(b0, b1);
3516 b0 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT);
3517 gen_or(b0, b1);
3518 break;
3519
3520 case Q_ISIS_IIH: /* all IS-IS Hello PDU-Types */
3521 b0 = gen_proto(ISIS_L1_LAN_IIH, Q_ISIS, Q_DEFAULT);
3522 b1 = gen_proto(ISIS_L2_LAN_IIH, Q_ISIS, Q_DEFAULT);
3523 gen_or(b0, b1);
3524 b0 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT);
3525 gen_or(b0, b1);
3526 break;
3527
3528 case Q_ISIS_LSP:
3529 b0 = gen_proto(ISIS_L1_LSP, Q_ISIS, Q_DEFAULT);
3530 b1 = gen_proto(ISIS_L2_LSP, Q_ISIS, Q_DEFAULT);
3531 gen_or(b0, b1);
3532 break;
3533
3534 case Q_ISIS_SNP:
3535 b0 = gen_proto(ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT);
3536 b1 = gen_proto(ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT);
3537 gen_or(b0, b1);
3538 b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT);
3539 gen_or(b0, b1);
3540 b0 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT);
3541 gen_or(b0, b1);
3542 break;
3543
3544 case Q_ISIS_CSNP:
3545 b0 = gen_proto(ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT);
3546 b1 = gen_proto(ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT);
3547 gen_or(b0, b1);
3548 break;
3549
3550 case Q_ISIS_PSNP:
3551 b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT);
3552 b1 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT);
3553 gen_or(b0, b1);
3554 break;
3555
3556 case Q_CLNP:
3557 b1 = gen_proto(ISO8473_CLNP, Q_ISO, Q_DEFAULT);
3558 break;
3559
3560 case Q_STP:
3561 b1 = gen_linktype(LLCSAP_8021D);
3562 break;
3563
3564 case Q_IPX:
3565 b1 = gen_linktype(LLCSAP_IPX);
3566 break;
3567
3568 case Q_NETBEUI:
3569 b1 = gen_linktype(LLCSAP_NETBEUI);
3570 break;
3571
3572 case Q_RADIO:
3573 bpf_error("'radio' is not a valid protocol type");
3574
3148 default:
3149 abort();
3150 }
3151 return b1;
3152}
3153
3154static struct block *
3155gen_ipfrag()
3156{
3157 struct slist *s;
3158 struct block *b;
3159
3160 /* not ip frag */
3575 default:
3576 abort();
3577 }
3578 return b1;
3579}
3580
3581static struct block *
3582gen_ipfrag()
3583{
3584 struct slist *s;
3585 struct block *b;
3586
3587 /* not ip frag */
3161 s = new_stmt(BPF_LD|BPF_H|BPF_ABS);
3162 s->s.k = off_nl + 6;
3588 s = gen_load_a(OR_NET, 6, BPF_H);
3163 b = new_block(JMP(BPF_JSET));
3164 b->s.k = 0x1fff;
3165 b->stmts = s;
3166 gen_not(b);
3167
3168 return b;
3169}
3170
3589 b = new_block(JMP(BPF_JSET));
3590 b->s.k = 0x1fff;
3591 b->stmts = s;
3592 gen_not(b);
3593
3594 return b;
3595}
3596
3597/*
3598 * Generate a comparison to a port value in the transport-layer header
3599 * at the specified offset from the beginning of that header.
3600 *
3601 * XXX - this handles a variable-length prefix preceding the link-layer
3602 * header, such as the radiotap or AVS radio prefix, but doesn't handle
3603 * variable-length link-layer headers (such as Token Ring or 802.11
3604 * headers).
3605 */
3171static struct block *
3172gen_portatom(off, v)
3173 int off;
3174 bpf_int32 v;
3175{
3606static struct block *
3607gen_portatom(off, v)
3608 int off;
3609 bpf_int32 v;
3610{
3176 struct slist *s;
3177 struct block *b;
3178
3179 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
3180 s->s.k = off_nl;
3181
3182 s->next = new_stmt(BPF_LD|BPF_IND|BPF_H);
3183 s->next->s.k = off_nl + off;
3184
3185 b = new_block(JMP(BPF_JEQ));
3186 b->stmts = s;
3187 b->s.k = v;
3188
3189 return b;
3611 return gen_cmp(OR_TRAN_IPV4, off, BPF_H, v);
3190}
3191
3192#ifdef INET6
3193static struct block *
3194gen_portatom6(off, v)
3195 int off;
3196 bpf_int32 v;
3197{
3612}
3613
3614#ifdef INET6
3615static struct block *
3616gen_portatom6(off, v)
3617 int off;
3618 bpf_int32 v;
3619{
3198 return gen_cmp(off_nl + 40 + off, BPF_H, v);
3620 return gen_cmp(OR_TRAN_IPV6, off, BPF_H, v);
3199}
3200#endif/*INET6*/
3201
3202struct block *
3203gen_portop(port, proto, dir)
3204 int port, proto, dir;
3205{
3206 struct block *b0, *b1, *tmp;
3207
3208 /* ip proto 'proto' */
3621}
3622#endif/*INET6*/
3623
3624struct block *
3625gen_portop(port, proto, dir)
3626 int port, proto, dir;
3627{
3628 struct block *b0, *b1, *tmp;
3629
3630 /* ip proto 'proto' */
3209 tmp = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)proto);
3631 tmp = gen_cmp(OR_NET, 9, BPF_B, (bpf_int32)proto);
3210 b0 = gen_ipfrag();
3211 gen_and(tmp, b0);
3212
3213 switch (dir) {
3214 case Q_SRC:
3215 b1 = gen_portatom(0, (bpf_int32)port);
3216 break;
3217
3218 case Q_DST:
3219 b1 = gen_portatom(2, (bpf_int32)port);
3220 break;
3221
3222 case Q_OR:
3223 case Q_DEFAULT:
3224 tmp = gen_portatom(0, (bpf_int32)port);
3225 b1 = gen_portatom(2, (bpf_int32)port);
3226 gen_or(tmp, b1);
3227 break;
3228
3229 case Q_AND:
3230 tmp = gen_portatom(0, (bpf_int32)port);
3231 b1 = gen_portatom(2, (bpf_int32)port);
3232 gen_and(tmp, b1);
3233 break;
3234
3235 default:
3236 abort();
3237 }
3238 gen_and(b0, b1);
3239
3240 return b1;
3241}
3242
3243static struct block *
3244gen_port(port, ip_proto, dir)
3245 int port;
3246 int ip_proto;
3247 int dir;
3248{
3249 struct block *b0, *b1, *tmp;
3250
3251 /*
3252 * ether proto ip
3253 *
3254 * For FDDI, RFC 1188 says that SNAP encapsulation is used,
3255 * not LLC encapsulation with LLCSAP_IP.
3256 *
3257 * For IEEE 802 networks - which includes 802.5 token ring
3258 * (which is what DLT_IEEE802 means) and 802.11 - RFC 1042
3259 * says that SNAP encapsulation is used, not LLC encapsulation
3260 * with LLCSAP_IP.
3261 *
3262 * For LLC-encapsulated ATM/"Classical IP", RFC 1483 and
3263 * RFC 2225 say that SNAP encapsulation is used, not LLC
3264 * encapsulation with LLCSAP_IP.
3265 *
3266 * So we always check for ETHERTYPE_IP.
3267 */
3268 b0 = gen_linktype(ETHERTYPE_IP);
3269
3270 switch (ip_proto) {
3271 case IPPROTO_UDP:
3272 case IPPROTO_TCP:
3273 case IPPROTO_SCTP:
3274 b1 = gen_portop(port, ip_proto, dir);
3275 break;
3276
3277 case PROTO_UNDEF:
3278 tmp = gen_portop(port, IPPROTO_TCP, dir);
3279 b1 = gen_portop(port, IPPROTO_UDP, dir);
3280 gen_or(tmp, b1);
3281 tmp = gen_portop(port, IPPROTO_SCTP, dir);
3282 gen_or(tmp, b1);
3283 break;
3284
3285 default:
3286 abort();
3287 }
3288 gen_and(b0, b1);
3289 return b1;
3290}
3291
3292#ifdef INET6
3293struct block *
3294gen_portop6(port, proto, dir)
3295 int port, proto, dir;
3296{
3297 struct block *b0, *b1, *tmp;
3298
3632 b0 = gen_ipfrag();
3633 gen_and(tmp, b0);
3634
3635 switch (dir) {
3636 case Q_SRC:
3637 b1 = gen_portatom(0, (bpf_int32)port);
3638 break;
3639
3640 case Q_DST:
3641 b1 = gen_portatom(2, (bpf_int32)port);
3642 break;
3643
3644 case Q_OR:
3645 case Q_DEFAULT:
3646 tmp = gen_portatom(0, (bpf_int32)port);
3647 b1 = gen_portatom(2, (bpf_int32)port);
3648 gen_or(tmp, b1);
3649 break;
3650
3651 case Q_AND:
3652 tmp = gen_portatom(0, (bpf_int32)port);
3653 b1 = gen_portatom(2, (bpf_int32)port);
3654 gen_and(tmp, b1);
3655 break;
3656
3657 default:
3658 abort();
3659 }
3660 gen_and(b0, b1);
3661
3662 return b1;
3663}
3664
3665static struct block *
3666gen_port(port, ip_proto, dir)
3667 int port;
3668 int ip_proto;
3669 int dir;
3670{
3671 struct block *b0, *b1, *tmp;
3672
3673 /*
3674 * ether proto ip
3675 *
3676 * For FDDI, RFC 1188 says that SNAP encapsulation is used,
3677 * not LLC encapsulation with LLCSAP_IP.
3678 *
3679 * For IEEE 802 networks - which includes 802.5 token ring
3680 * (which is what DLT_IEEE802 means) and 802.11 - RFC 1042
3681 * says that SNAP encapsulation is used, not LLC encapsulation
3682 * with LLCSAP_IP.
3683 *
3684 * For LLC-encapsulated ATM/"Classical IP", RFC 1483 and
3685 * RFC 2225 say that SNAP encapsulation is used, not LLC
3686 * encapsulation with LLCSAP_IP.
3687 *
3688 * So we always check for ETHERTYPE_IP.
3689 */
3690 b0 = gen_linktype(ETHERTYPE_IP);
3691
3692 switch (ip_proto) {
3693 case IPPROTO_UDP:
3694 case IPPROTO_TCP:
3695 case IPPROTO_SCTP:
3696 b1 = gen_portop(port, ip_proto, dir);
3697 break;
3698
3699 case PROTO_UNDEF:
3700 tmp = gen_portop(port, IPPROTO_TCP, dir);
3701 b1 = gen_portop(port, IPPROTO_UDP, dir);
3702 gen_or(tmp, b1);
3703 tmp = gen_portop(port, IPPROTO_SCTP, dir);
3704 gen_or(tmp, b1);
3705 break;
3706
3707 default:
3708 abort();
3709 }
3710 gen_and(b0, b1);
3711 return b1;
3712}
3713
3714#ifdef INET6
3715struct block *
3716gen_portop6(port, proto, dir)
3717 int port, proto, dir;
3718{
3719 struct block *b0, *b1, *tmp;
3720
3299 /* ip proto 'proto' */
3300 b0 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)proto);
3721 /* ip6 proto 'proto' */
3722 b0 = gen_cmp(OR_NET, 6, BPF_B, (bpf_int32)proto);
3301
3302 switch (dir) {
3303 case Q_SRC:
3304 b1 = gen_portatom6(0, (bpf_int32)port);
3305 break;
3306
3307 case Q_DST:
3308 b1 = gen_portatom6(2, (bpf_int32)port);
3309 break;
3310
3311 case Q_OR:
3312 case Q_DEFAULT:
3313 tmp = gen_portatom6(0, (bpf_int32)port);
3314 b1 = gen_portatom6(2, (bpf_int32)port);
3315 gen_or(tmp, b1);
3316 break;
3317
3318 case Q_AND:
3319 tmp = gen_portatom6(0, (bpf_int32)port);
3320 b1 = gen_portatom6(2, (bpf_int32)port);
3321 gen_and(tmp, b1);
3322 break;
3323
3324 default:
3325 abort();
3326 }
3327 gen_and(b0, b1);
3328
3329 return b1;
3330}
3331
3332static struct block *
3333gen_port6(port, ip_proto, dir)
3334 int port;
3335 int ip_proto;
3336 int dir;
3337{
3338 struct block *b0, *b1, *tmp;
3339
3723
3724 switch (dir) {
3725 case Q_SRC:
3726 b1 = gen_portatom6(0, (bpf_int32)port);
3727 break;
3728
3729 case Q_DST:
3730 b1 = gen_portatom6(2, (bpf_int32)port);
3731 break;
3732
3733 case Q_OR:
3734 case Q_DEFAULT:
3735 tmp = gen_portatom6(0, (bpf_int32)port);
3736 b1 = gen_portatom6(2, (bpf_int32)port);
3737 gen_or(tmp, b1);
3738 break;
3739
3740 case Q_AND:
3741 tmp = gen_portatom6(0, (bpf_int32)port);
3742 b1 = gen_portatom6(2, (bpf_int32)port);
3743 gen_and(tmp, b1);
3744 break;
3745
3746 default:
3747 abort();
3748 }
3749 gen_and(b0, b1);
3750
3751 return b1;
3752}
3753
3754static struct block *
3755gen_port6(port, ip_proto, dir)
3756 int port;
3757 int ip_proto;
3758 int dir;
3759{
3760 struct block *b0, *b1, *tmp;
3761
3340 /* ether proto ip */
3762 /* link proto ip6 */
3341 b0 = gen_linktype(ETHERTYPE_IPV6);
3342
3343 switch (ip_proto) {
3344 case IPPROTO_UDP:
3345 case IPPROTO_TCP:
3346 case IPPROTO_SCTP:
3347 b1 = gen_portop6(port, ip_proto, dir);
3348 break;
3349
3350 case PROTO_UNDEF:
3351 tmp = gen_portop6(port, IPPROTO_TCP, dir);
3352 b1 = gen_portop6(port, IPPROTO_UDP, dir);
3353 gen_or(tmp, b1);
3354 tmp = gen_portop6(port, IPPROTO_SCTP, dir);
3355 gen_or(tmp, b1);
3356 break;
3357
3358 default:
3359 abort();
3360 }
3361 gen_and(b0, b1);
3362 return b1;
3363}
3364#endif /* INET6 */
3365
3763 b0 = gen_linktype(ETHERTYPE_IPV6);
3764
3765 switch (ip_proto) {
3766 case IPPROTO_UDP:
3767 case IPPROTO_TCP:
3768 case IPPROTO_SCTP:
3769 b1 = gen_portop6(port, ip_proto, dir);
3770 break;
3771
3772 case PROTO_UNDEF:
3773 tmp = gen_portop6(port, IPPROTO_TCP, dir);
3774 b1 = gen_portop6(port, IPPROTO_UDP, dir);
3775 gen_or(tmp, b1);
3776 tmp = gen_portop6(port, IPPROTO_SCTP, dir);
3777 gen_or(tmp, b1);
3778 break;
3779
3780 default:
3781 abort();
3782 }
3783 gen_and(b0, b1);
3784 return b1;
3785}
3786#endif /* INET6 */
3787
3788/* gen_portrange code */
3789static struct block *
3790gen_portrangeatom(off, v1, v2)
3791 int off;
3792 bpf_int32 v1, v2;
3793{
3794 struct block *b1, *b2;
3795
3796 if (v1 > v2) {
3797 /*
3798 * Reverse the order of the ports, so v1 is the lower one.
3799 */
3800 bpf_int32 vtemp;
3801
3802 vtemp = v1;
3803 v1 = v2;
3804 v2 = vtemp;
3805 }
3806
3807 b1 = gen_cmp_ge(OR_TRAN_IPV4, off, BPF_H, v1);
3808 b2 = gen_cmp_le(OR_TRAN_IPV4, off, BPF_H, v2);
3809
3810 gen_and(b1, b2);
3811
3812 return b2;
3813}
3814
3815struct block *
3816gen_portrangeop(port1, port2, proto, dir)
3817 int port1, port2;
3818 int proto;
3819 int dir;
3820{
3821 struct block *b0, *b1, *tmp;
3822
3823 /* ip proto 'proto' */
3824 tmp = gen_cmp(OR_NET, 9, BPF_B, (bpf_int32)proto);
3825 b0 = gen_ipfrag();
3826 gen_and(tmp, b0);
3827
3828 switch (dir) {
3829 case Q_SRC:
3830 b1 = gen_portrangeatom(0, (bpf_int32)port1, (bpf_int32)port2);
3831 break;
3832
3833 case Q_DST:
3834 b1 = gen_portrangeatom(2, (bpf_int32)port1, (bpf_int32)port2);
3835 break;
3836
3837 case Q_OR:
3838 case Q_DEFAULT:
3839 tmp = gen_portrangeatom(0, (bpf_int32)port1, (bpf_int32)port2);
3840 b1 = gen_portrangeatom(2, (bpf_int32)port1, (bpf_int32)port2);
3841 gen_or(tmp, b1);
3842 break;
3843
3844 case Q_AND:
3845 tmp = gen_portrangeatom(0, (bpf_int32)port1, (bpf_int32)port2);
3846 b1 = gen_portrangeatom(2, (bpf_int32)port1, (bpf_int32)port2);
3847 gen_and(tmp, b1);
3848 break;
3849
3850 default:
3851 abort();
3852 }
3853 gen_and(b0, b1);
3854
3855 return b1;
3856}
3857
3858static struct block *
3859gen_portrange(port1, port2, ip_proto, dir)
3860 int port1, port2;
3861 int ip_proto;
3862 int dir;
3863{
3864 struct block *b0, *b1, *tmp;
3865
3866 /* link proto ip */
3867 b0 = gen_linktype(ETHERTYPE_IP);
3868
3869 switch (ip_proto) {
3870 case IPPROTO_UDP:
3871 case IPPROTO_TCP:
3872 case IPPROTO_SCTP:
3873 b1 = gen_portrangeop(port1, port2, ip_proto, dir);
3874 break;
3875
3876 case PROTO_UNDEF:
3877 tmp = gen_portrangeop(port1, port2, IPPROTO_TCP, dir);
3878 b1 = gen_portrangeop(port1, port2, IPPROTO_UDP, dir);
3879 gen_or(tmp, b1);
3880 tmp = gen_portrangeop(port1, port2, IPPROTO_SCTP, dir);
3881 gen_or(tmp, b1);
3882 break;
3883
3884 default:
3885 abort();
3886 }
3887 gen_and(b0, b1);
3888 return b1;
3889}
3890
3891#ifdef INET6
3892static struct block *
3893gen_portrangeatom6(off, v1, v2)
3894 int off;
3895 bpf_int32 v1, v2;
3896{
3897 struct block *b1, *b2;
3898
3899 if (v1 > v2) {
3900 /*
3901 * Reverse the order of the ports, so v1 is the lower one.
3902 */
3903 bpf_int32 vtemp;
3904
3905 vtemp = v1;
3906 v1 = v2;
3907 v2 = vtemp;
3908 }
3909
3910 b1 = gen_cmp_ge(OR_TRAN_IPV6, off, BPF_H, v1);
3911 b2 = gen_cmp_le(OR_TRAN_IPV6, off, BPF_H, v2);
3912
3913 gen_and(b1, b2);
3914
3915 return b2;
3916}
3917
3918struct block *
3919gen_portrangeop6(port1, port2, proto, dir)
3920 int port1, port2;
3921 int proto;
3922 int dir;
3923{
3924 struct block *b0, *b1, *tmp;
3925
3926 /* ip6 proto 'proto' */
3927 b0 = gen_cmp(OR_NET, 6, BPF_B, (bpf_int32)proto);
3928
3929 switch (dir) {
3930 case Q_SRC:
3931 b1 = gen_portrangeatom6(0, (bpf_int32)port1, (bpf_int32)port2);
3932 break;
3933
3934 case Q_DST:
3935 b1 = gen_portrangeatom6(2, (bpf_int32)port1, (bpf_int32)port2);
3936 break;
3937
3938 case Q_OR:
3939 case Q_DEFAULT:
3940 tmp = gen_portrangeatom6(0, (bpf_int32)port1, (bpf_int32)port2);
3941 b1 = gen_portrangeatom6(2, (bpf_int32)port1, (bpf_int32)port2);
3942 gen_or(tmp, b1);
3943 break;
3944
3945 case Q_AND:
3946 tmp = gen_portrangeatom6(0, (bpf_int32)port1, (bpf_int32)port2);
3947 b1 = gen_portrangeatom6(2, (bpf_int32)port1, (bpf_int32)port2);
3948 gen_and(tmp, b1);
3949 break;
3950
3951 default:
3952 abort();
3953 }
3954 gen_and(b0, b1);
3955
3956 return b1;
3957}
3958
3959static struct block *
3960gen_portrange6(port1, port2, ip_proto, dir)
3961 int port1, port2;
3962 int ip_proto;
3963 int dir;
3964{
3965 struct block *b0, *b1, *tmp;
3966
3967 /* link proto ip6 */
3968 b0 = gen_linktype(ETHERTYPE_IPV6);
3969
3970 switch (ip_proto) {
3971 case IPPROTO_UDP:
3972 case IPPROTO_TCP:
3973 case IPPROTO_SCTP:
3974 b1 = gen_portrangeop6(port1, port2, ip_proto, dir);
3975 break;
3976
3977 case PROTO_UNDEF:
3978 tmp = gen_portrangeop6(port1, port2, IPPROTO_TCP, dir);
3979 b1 = gen_portrangeop6(port1, port2, IPPROTO_UDP, dir);
3980 gen_or(tmp, b1);
3981 tmp = gen_portrangeop6(port1, port2, IPPROTO_SCTP, dir);
3982 gen_or(tmp, b1);
3983 break;
3984
3985 default:
3986 abort();
3987 }
3988 gen_and(b0, b1);
3989 return b1;
3990}
3991#endif /* INET6 */
3992
3366static int
3367lookup_proto(name, proto)
3368 register const char *name;
3369 register int proto;
3370{
3371 register int v;
3372
3373 switch (proto) {
3374
3375 case Q_DEFAULT:
3376 case Q_IP:
3377 case Q_IPV6:
3378 v = pcap_nametoproto(name);
3379 if (v == PROTO_UNDEF)
3380 bpf_error("unknown ip proto '%s'", name);
3381 break;
3382
3383 case Q_LINK:
3384 /* XXX should look up h/w protocol type based on linktype */
3385 v = pcap_nametoeproto(name);
3386 if (v == PROTO_UNDEF) {
3387 v = pcap_nametollc(name);
3388 if (v == PROTO_UNDEF)
3389 bpf_error("unknown ether proto '%s'", name);
3390 }
3391 break;
3392
3393 case Q_ISO:
3394 if (strcmp(name, "esis") == 0)
3395 v = ISO9542_ESIS;
3396 else if (strcmp(name, "isis") == 0)
3397 v = ISO10589_ISIS;
3398 else if (strcmp(name, "clnp") == 0)
3399 v = ISO8473_CLNP;
3400 else
3401 bpf_error("unknown osi proto '%s'", name);
3402 break;
3403
3404 default:
3405 v = PROTO_UNDEF;
3406 break;
3407 }
3408 return v;
3409}
3410
3411#if 0
3412struct stmt *
3413gen_joinsp(s, n)
3414 struct stmt **s;
3415 int n;
3416{
3417 return NULL;
3418}
3419#endif
3420
3421static struct block *
3422gen_protochain(v, proto, dir)
3423 int v;
3424 int proto;
3425 int dir;
3426{
3427#ifdef NO_PROTOCHAIN
3428 return gen_proto(v, proto, dir);
3429#else
3430 struct block *b0, *b;
3431 struct slist *s[100];
3432 int fix2, fix3, fix4, fix5;
3433 int ahcheck, again, end;
3434 int i, max;
3435 int reg2 = alloc_reg();
3436
3437 memset(s, 0, sizeof(s));
3438 fix2 = fix3 = fix4 = fix5 = 0;
3439
3440 switch (proto) {
3441 case Q_IP:
3442 case Q_IPV6:
3443 break;
3444 case Q_DEFAULT:
3445 b0 = gen_protochain(v, Q_IP, dir);
3446 b = gen_protochain(v, Q_IPV6, dir);
3447 gen_or(b0, b);
3448 return b;
3449 default:
3450 bpf_error("bad protocol applied for 'protochain'");
3451 /*NOTREACHED*/
3452 }
3453
3993static int
3994lookup_proto(name, proto)
3995 register const char *name;
3996 register int proto;
3997{
3998 register int v;
3999
4000 switch (proto) {
4001
4002 case Q_DEFAULT:
4003 case Q_IP:
4004 case Q_IPV6:
4005 v = pcap_nametoproto(name);
4006 if (v == PROTO_UNDEF)
4007 bpf_error("unknown ip proto '%s'", name);
4008 break;
4009
4010 case Q_LINK:
4011 /* XXX should look up h/w protocol type based on linktype */
4012 v = pcap_nametoeproto(name);
4013 if (v == PROTO_UNDEF) {
4014 v = pcap_nametollc(name);
4015 if (v == PROTO_UNDEF)
4016 bpf_error("unknown ether proto '%s'", name);
4017 }
4018 break;
4019
4020 case Q_ISO:
4021 if (strcmp(name, "esis") == 0)
4022 v = ISO9542_ESIS;
4023 else if (strcmp(name, "isis") == 0)
4024 v = ISO10589_ISIS;
4025 else if (strcmp(name, "clnp") == 0)
4026 v = ISO8473_CLNP;
4027 else
4028 bpf_error("unknown osi proto '%s'", name);
4029 break;
4030
4031 default:
4032 v = PROTO_UNDEF;
4033 break;
4034 }
4035 return v;
4036}
4037
4038#if 0
4039struct stmt *
4040gen_joinsp(s, n)
4041 struct stmt **s;
4042 int n;
4043{
4044 return NULL;
4045}
4046#endif
4047
4048static struct block *
4049gen_protochain(v, proto, dir)
4050 int v;
4051 int proto;
4052 int dir;
4053{
4054#ifdef NO_PROTOCHAIN
4055 return gen_proto(v, proto, dir);
4056#else
4057 struct block *b0, *b;
4058 struct slist *s[100];
4059 int fix2, fix3, fix4, fix5;
4060 int ahcheck, again, end;
4061 int i, max;
4062 int reg2 = alloc_reg();
4063
4064 memset(s, 0, sizeof(s));
4065 fix2 = fix3 = fix4 = fix5 = 0;
4066
4067 switch (proto) {
4068 case Q_IP:
4069 case Q_IPV6:
4070 break;
4071 case Q_DEFAULT:
4072 b0 = gen_protochain(v, Q_IP, dir);
4073 b = gen_protochain(v, Q_IPV6, dir);
4074 gen_or(b0, b);
4075 return b;
4076 default:
4077 bpf_error("bad protocol applied for 'protochain'");
4078 /*NOTREACHED*/
4079 }
4080
4081 /*
4082 * We don't handle variable-length radiotap here headers yet.
4083 * We might want to add BPF instructions to do the protochain
4084 * work, to simplify that and, on platforms that have a BPF
4085 * interpreter with the new instructions, let the filtering
4086 * be done in the kernel. (We already require a modified BPF
4087 * engine to do the protochain stuff, to support backward
4088 * branches, and backward branch support is unlikely to appear
4089 * in kernel BPF engines.)
4090 */
4091 if (linktype == DLT_IEEE802_11_RADIO)
4092 bpf_error("'protochain' not supported with radiotap headers");
4093
3454 no_optimize = 1; /*this code is not compatible with optimzer yet */
3455
3456 /*
4094 no_optimize = 1; /*this code is not compatible with optimzer yet */
4095
4096 /*
3457 * s[0] is a dummy entry to protect other BPF insn from damaged
4097 * s[0] is a dummy entry to protect other BPF insn from damage
3458 * by s[fix] = foo with uninitialized variable "fix". It is somewhat
3459 * hard to find interdependency made by jump table fixup.
3460 */
3461 i = 0;
3462 s[i] = new_stmt(0); /*dummy*/
3463 i++;
3464
3465 switch (proto) {
3466 case Q_IP:
3467 b0 = gen_linktype(ETHERTYPE_IP);
3468
3469 /* A = ip->ip_p */
3470 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
3471 s[i]->s.k = off_nl + 9;
3472 i++;
3473 /* X = ip->ip_hl << 2 */
3474 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
3475 s[i]->s.k = off_nl;
3476 i++;
3477 break;
3478#ifdef INET6
3479 case Q_IPV6:
3480 b0 = gen_linktype(ETHERTYPE_IPV6);
3481
3482 /* A = ip6->ip_nxt */
3483 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
3484 s[i]->s.k = off_nl + 6;
3485 i++;
3486 /* X = sizeof(struct ip6_hdr) */
3487 s[i] = new_stmt(BPF_LDX|BPF_IMM);
3488 s[i]->s.k = 40;
3489 i++;
3490 break;
3491#endif
3492 default:
3493 bpf_error("unsupported proto to gen_protochain");
3494 /*NOTREACHED*/
3495 }
3496
3497 /* again: if (A == v) goto end; else fall through; */
3498 again = i;
3499 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3500 s[i]->s.k = v;
3501 s[i]->s.jt = NULL; /*later*/
3502 s[i]->s.jf = NULL; /*update in next stmt*/
3503 fix5 = i;
3504 i++;
3505
3506#ifndef IPPROTO_NONE
3507#define IPPROTO_NONE 59
3508#endif
3509 /* if (A == IPPROTO_NONE) goto end */
3510 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3511 s[i]->s.jt = NULL; /*later*/
3512 s[i]->s.jf = NULL; /*update in next stmt*/
3513 s[i]->s.k = IPPROTO_NONE;
3514 s[fix5]->s.jf = s[i];
3515 fix2 = i;
3516 i++;
3517
3518#ifdef INET6
3519 if (proto == Q_IPV6) {
3520 int v6start, v6end, v6advance, j;
3521
3522 v6start = i;
3523 /* if (A == IPPROTO_HOPOPTS) goto v6advance */
3524 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3525 s[i]->s.jt = NULL; /*later*/
3526 s[i]->s.jf = NULL; /*update in next stmt*/
3527 s[i]->s.k = IPPROTO_HOPOPTS;
3528 s[fix2]->s.jf = s[i];
3529 i++;
3530 /* if (A == IPPROTO_DSTOPTS) goto v6advance */
3531 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3532 s[i]->s.jt = NULL; /*later*/
3533 s[i]->s.jf = NULL; /*update in next stmt*/
3534 s[i]->s.k = IPPROTO_DSTOPTS;
3535 i++;
3536 /* if (A == IPPROTO_ROUTING) goto v6advance */
3537 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3538 s[i]->s.jt = NULL; /*later*/
3539 s[i]->s.jf = NULL; /*update in next stmt*/
3540 s[i]->s.k = IPPROTO_ROUTING;
3541 i++;
3542 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */
3543 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3544 s[i]->s.jt = NULL; /*later*/
3545 s[i]->s.jf = NULL; /*later*/
3546 s[i]->s.k = IPPROTO_FRAGMENT;
3547 fix3 = i;
3548 v6end = i;
3549 i++;
3550
3551 /* v6advance: */
3552 v6advance = i;
3553
3554 /*
3555 * in short,
3556 * A = P[X];
3557 * X = X + (P[X + 1] + 1) * 8;
3558 */
3559 /* A = X */
3560 s[i] = new_stmt(BPF_MISC|BPF_TXA);
3561 i++;
3562 /* A = P[X + packet head] */
3563 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
3564 s[i]->s.k = off_nl;
3565 i++;
3566 /* MEM[reg2] = A */
3567 s[i] = new_stmt(BPF_ST);
3568 s[i]->s.k = reg2;
3569 i++;
3570 /* A = X */
3571 s[i] = new_stmt(BPF_MISC|BPF_TXA);
3572 i++;
3573 /* A += 1 */
3574 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3575 s[i]->s.k = 1;
3576 i++;
3577 /* X = A */
3578 s[i] = new_stmt(BPF_MISC|BPF_TAX);
3579 i++;
3580 /* A = P[X + packet head]; */
3581 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
3582 s[i]->s.k = off_nl;
3583 i++;
3584 /* A += 1 */
3585 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3586 s[i]->s.k = 1;
3587 i++;
3588 /* A *= 8 */
3589 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
3590 s[i]->s.k = 8;
3591 i++;
3592 /* X = A; */
3593 s[i] = new_stmt(BPF_MISC|BPF_TAX);
3594 i++;
3595 /* A = MEM[reg2] */
3596 s[i] = new_stmt(BPF_LD|BPF_MEM);
3597 s[i]->s.k = reg2;
3598 i++;
3599
3600 /* goto again; (must use BPF_JA for backward jump) */
3601 s[i] = new_stmt(BPF_JMP|BPF_JA);
3602 s[i]->s.k = again - i - 1;
3603 s[i - 1]->s.jf = s[i];
3604 i++;
3605
3606 /* fixup */
3607 for (j = v6start; j <= v6end; j++)
3608 s[j]->s.jt = s[v6advance];
3609 } else
3610#endif
3611 {
3612 /* nop */
3613 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3614 s[i]->s.k = 0;
3615 s[fix2]->s.jf = s[i];
3616 i++;
3617 }
3618
3619 /* ahcheck: */
3620 ahcheck = i;
3621 /* if (A == IPPROTO_AH) then fall through; else goto end; */
3622 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
3623 s[i]->s.jt = NULL; /*later*/
3624 s[i]->s.jf = NULL; /*later*/
3625 s[i]->s.k = IPPROTO_AH;
3626 if (fix3)
3627 s[fix3]->s.jf = s[ahcheck];
3628 fix4 = i;
3629 i++;
3630
3631 /*
3632 * in short,
3633 * A = P[X];
3634 * X = X + (P[X + 1] + 2) * 4;
3635 */
3636 /* A = X */
3637 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
3638 i++;
3639 /* A = P[X + packet head]; */
3640 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
3641 s[i]->s.k = off_nl;
3642 i++;
3643 /* MEM[reg2] = A */
3644 s[i] = new_stmt(BPF_ST);
3645 s[i]->s.k = reg2;
3646 i++;
3647 /* A = X */
3648 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
3649 i++;
3650 /* A += 1 */
3651 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3652 s[i]->s.k = 1;
3653 i++;
3654 /* X = A */
3655 s[i] = new_stmt(BPF_MISC|BPF_TAX);
3656 i++;
3657 /* A = P[X + packet head] */
3658 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
3659 s[i]->s.k = off_nl;
3660 i++;
3661 /* A += 2 */
3662 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3663 s[i]->s.k = 2;
3664 i++;
3665 /* A *= 4 */
3666 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
3667 s[i]->s.k = 4;
3668 i++;
3669 /* X = A; */
3670 s[i] = new_stmt(BPF_MISC|BPF_TAX);
3671 i++;
3672 /* A = MEM[reg2] */
3673 s[i] = new_stmt(BPF_LD|BPF_MEM);
3674 s[i]->s.k = reg2;
3675 i++;
3676
3677 /* goto again; (must use BPF_JA for backward jump) */
3678 s[i] = new_stmt(BPF_JMP|BPF_JA);
3679 s[i]->s.k = again - i - 1;
3680 i++;
3681
3682 /* end: nop */
3683 end = i;
3684 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
3685 s[i]->s.k = 0;
3686 s[fix2]->s.jt = s[end];
3687 s[fix4]->s.jf = s[end];
3688 s[fix5]->s.jt = s[end];
3689 i++;
3690
3691 /*
3692 * make slist chain
3693 */
3694 max = i;
3695 for (i = 0; i < max - 1; i++)
3696 s[i]->next = s[i + 1];
3697 s[max - 1]->next = NULL;
3698
3699 /*
3700 * emit final check
3701 */
3702 b = new_block(JMP(BPF_JEQ));
3703 b->stmts = s[1]; /*remember, s[0] is dummy*/
3704 b->s.k = v;
3705
3706 free_reg(reg2);
3707
3708 gen_and(b0, b);
3709 return b;
3710#endif
3711}
3712
4098 * by s[fix] = foo with uninitialized variable "fix". It is somewhat
4099 * hard to find interdependency made by jump table fixup.
4100 */
4101 i = 0;
4102 s[i] = new_stmt(0); /*dummy*/
4103 i++;
4104
4105 switch (proto) {
4106 case Q_IP:
4107 b0 = gen_linktype(ETHERTYPE_IP);
4108
4109 /* A = ip->ip_p */
4110 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
4111 s[i]->s.k = off_nl + 9;
4112 i++;
4113 /* X = ip->ip_hl << 2 */
4114 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
4115 s[i]->s.k = off_nl;
4116 i++;
4117 break;
4118#ifdef INET6
4119 case Q_IPV6:
4120 b0 = gen_linktype(ETHERTYPE_IPV6);
4121
4122 /* A = ip6->ip_nxt */
4123 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
4124 s[i]->s.k = off_nl + 6;
4125 i++;
4126 /* X = sizeof(struct ip6_hdr) */
4127 s[i] = new_stmt(BPF_LDX|BPF_IMM);
4128 s[i]->s.k = 40;
4129 i++;
4130 break;
4131#endif
4132 default:
4133 bpf_error("unsupported proto to gen_protochain");
4134 /*NOTREACHED*/
4135 }
4136
4137 /* again: if (A == v) goto end; else fall through; */
4138 again = i;
4139 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
4140 s[i]->s.k = v;
4141 s[i]->s.jt = NULL; /*later*/
4142 s[i]->s.jf = NULL; /*update in next stmt*/
4143 fix5 = i;
4144 i++;
4145
4146#ifndef IPPROTO_NONE
4147#define IPPROTO_NONE 59
4148#endif
4149 /* if (A == IPPROTO_NONE) goto end */
4150 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
4151 s[i]->s.jt = NULL; /*later*/
4152 s[i]->s.jf = NULL; /*update in next stmt*/
4153 s[i]->s.k = IPPROTO_NONE;
4154 s[fix5]->s.jf = s[i];
4155 fix2 = i;
4156 i++;
4157
4158#ifdef INET6
4159 if (proto == Q_IPV6) {
4160 int v6start, v6end, v6advance, j;
4161
4162 v6start = i;
4163 /* if (A == IPPROTO_HOPOPTS) goto v6advance */
4164 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
4165 s[i]->s.jt = NULL; /*later*/
4166 s[i]->s.jf = NULL; /*update in next stmt*/
4167 s[i]->s.k = IPPROTO_HOPOPTS;
4168 s[fix2]->s.jf = s[i];
4169 i++;
4170 /* if (A == IPPROTO_DSTOPTS) goto v6advance */
4171 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
4172 s[i]->s.jt = NULL; /*later*/
4173 s[i]->s.jf = NULL; /*update in next stmt*/
4174 s[i]->s.k = IPPROTO_DSTOPTS;
4175 i++;
4176 /* if (A == IPPROTO_ROUTING) goto v6advance */
4177 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
4178 s[i]->s.jt = NULL; /*later*/
4179 s[i]->s.jf = NULL; /*update in next stmt*/
4180 s[i]->s.k = IPPROTO_ROUTING;
4181 i++;
4182 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */
4183 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
4184 s[i]->s.jt = NULL; /*later*/
4185 s[i]->s.jf = NULL; /*later*/
4186 s[i]->s.k = IPPROTO_FRAGMENT;
4187 fix3 = i;
4188 v6end = i;
4189 i++;
4190
4191 /* v6advance: */
4192 v6advance = i;
4193
4194 /*
4195 * in short,
4196 * A = P[X];
4197 * X = X + (P[X + 1] + 1) * 8;
4198 */
4199 /* A = X */
4200 s[i] = new_stmt(BPF_MISC|BPF_TXA);
4201 i++;
4202 /* A = P[X + packet head] */
4203 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
4204 s[i]->s.k = off_nl;
4205 i++;
4206 /* MEM[reg2] = A */
4207 s[i] = new_stmt(BPF_ST);
4208 s[i]->s.k = reg2;
4209 i++;
4210 /* A = X */
4211 s[i] = new_stmt(BPF_MISC|BPF_TXA);
4212 i++;
4213 /* A += 1 */
4214 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
4215 s[i]->s.k = 1;
4216 i++;
4217 /* X = A */
4218 s[i] = new_stmt(BPF_MISC|BPF_TAX);
4219 i++;
4220 /* A = P[X + packet head]; */
4221 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
4222 s[i]->s.k = off_nl;
4223 i++;
4224 /* A += 1 */
4225 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
4226 s[i]->s.k = 1;
4227 i++;
4228 /* A *= 8 */
4229 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
4230 s[i]->s.k = 8;
4231 i++;
4232 /* X = A; */
4233 s[i] = new_stmt(BPF_MISC|BPF_TAX);
4234 i++;
4235 /* A = MEM[reg2] */
4236 s[i] = new_stmt(BPF_LD|BPF_MEM);
4237 s[i]->s.k = reg2;
4238 i++;
4239
4240 /* goto again; (must use BPF_JA for backward jump) */
4241 s[i] = new_stmt(BPF_JMP|BPF_JA);
4242 s[i]->s.k = again - i - 1;
4243 s[i - 1]->s.jf = s[i];
4244 i++;
4245
4246 /* fixup */
4247 for (j = v6start; j <= v6end; j++)
4248 s[j]->s.jt = s[v6advance];
4249 } else
4250#endif
4251 {
4252 /* nop */
4253 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
4254 s[i]->s.k = 0;
4255 s[fix2]->s.jf = s[i];
4256 i++;
4257 }
4258
4259 /* ahcheck: */
4260 ahcheck = i;
4261 /* if (A == IPPROTO_AH) then fall through; else goto end; */
4262 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
4263 s[i]->s.jt = NULL; /*later*/
4264 s[i]->s.jf = NULL; /*later*/
4265 s[i]->s.k = IPPROTO_AH;
4266 if (fix3)
4267 s[fix3]->s.jf = s[ahcheck];
4268 fix4 = i;
4269 i++;
4270
4271 /*
4272 * in short,
4273 * A = P[X];
4274 * X = X + (P[X + 1] + 2) * 4;
4275 */
4276 /* A = X */
4277 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
4278 i++;
4279 /* A = P[X + packet head]; */
4280 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
4281 s[i]->s.k = off_nl;
4282 i++;
4283 /* MEM[reg2] = A */
4284 s[i] = new_stmt(BPF_ST);
4285 s[i]->s.k = reg2;
4286 i++;
4287 /* A = X */
4288 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
4289 i++;
4290 /* A += 1 */
4291 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
4292 s[i]->s.k = 1;
4293 i++;
4294 /* X = A */
4295 s[i] = new_stmt(BPF_MISC|BPF_TAX);
4296 i++;
4297 /* A = P[X + packet head] */
4298 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
4299 s[i]->s.k = off_nl;
4300 i++;
4301 /* A += 2 */
4302 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
4303 s[i]->s.k = 2;
4304 i++;
4305 /* A *= 4 */
4306 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
4307 s[i]->s.k = 4;
4308 i++;
4309 /* X = A; */
4310 s[i] = new_stmt(BPF_MISC|BPF_TAX);
4311 i++;
4312 /* A = MEM[reg2] */
4313 s[i] = new_stmt(BPF_LD|BPF_MEM);
4314 s[i]->s.k = reg2;
4315 i++;
4316
4317 /* goto again; (must use BPF_JA for backward jump) */
4318 s[i] = new_stmt(BPF_JMP|BPF_JA);
4319 s[i]->s.k = again - i - 1;
4320 i++;
4321
4322 /* end: nop */
4323 end = i;
4324 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
4325 s[i]->s.k = 0;
4326 s[fix2]->s.jt = s[end];
4327 s[fix4]->s.jf = s[end];
4328 s[fix5]->s.jt = s[end];
4329 i++;
4330
4331 /*
4332 * make slist chain
4333 */
4334 max = i;
4335 for (i = 0; i < max - 1; i++)
4336 s[i]->next = s[i + 1];
4337 s[max - 1]->next = NULL;
4338
4339 /*
4340 * emit final check
4341 */
4342 b = new_block(JMP(BPF_JEQ));
4343 b->stmts = s[1]; /*remember, s[0] is dummy*/
4344 b->s.k = v;
4345
4346 free_reg(reg2);
4347
4348 gen_and(b0, b);
4349 return b;
4350#endif
4351}
4352
4353/*
4354 * Generate code that checks whether the packet is a packet for protocol
4355 * <proto> and whether the type field in that protocol's header has
4356 * the value <v>, e.g. if <proto> is Q_IP, it checks whether it's an
4357 * IP packet and checks the protocol number in the IP header against <v>.
4358 *
4359 * If <proto> is Q_DEFAULT, i.e. just "proto" was specified, it checks
4360 * against Q_IP and Q_IPV6.
4361 */
3713static struct block *
3714gen_proto(v, proto, dir)
3715 int v;
3716 int proto;
3717 int dir;
3718{
3719 struct block *b0, *b1;
3720
3721 if (dir != Q_DEFAULT)
3722 bpf_error("direction applied to 'proto'");
3723
3724 switch (proto) {
3725 case Q_DEFAULT:
3726#ifdef INET6
3727 b0 = gen_proto(v, Q_IP, dir);
3728 b1 = gen_proto(v, Q_IPV6, dir);
3729 gen_or(b0, b1);
3730 return b1;
3731#else
3732 /*FALLTHROUGH*/
3733#endif
3734 case Q_IP:
3735 /*
3736 * For FDDI, RFC 1188 says that SNAP encapsulation is used,
3737 * not LLC encapsulation with LLCSAP_IP.
3738 *
3739 * For IEEE 802 networks - which includes 802.5 token ring
3740 * (which is what DLT_IEEE802 means) and 802.11 - RFC 1042
3741 * says that SNAP encapsulation is used, not LLC encapsulation
3742 * with LLCSAP_IP.
3743 *
3744 * For LLC-encapsulated ATM/"Classical IP", RFC 1483 and
3745 * RFC 2225 say that SNAP encapsulation is used, not LLC
3746 * encapsulation with LLCSAP_IP.
3747 *
3748 * So we always check for ETHERTYPE_IP.
3749 */
3750 b0 = gen_linktype(ETHERTYPE_IP);
3751#ifndef CHASE_CHAIN
4362static struct block *
4363gen_proto(v, proto, dir)
4364 int v;
4365 int proto;
4366 int dir;
4367{
4368 struct block *b0, *b1;
4369
4370 if (dir != Q_DEFAULT)
4371 bpf_error("direction applied to 'proto'");
4372
4373 switch (proto) {
4374 case Q_DEFAULT:
4375#ifdef INET6
4376 b0 = gen_proto(v, Q_IP, dir);
4377 b1 = gen_proto(v, Q_IPV6, dir);
4378 gen_or(b0, b1);
4379 return b1;
4380#else
4381 /*FALLTHROUGH*/
4382#endif
4383 case Q_IP:
4384 /*
4385 * For FDDI, RFC 1188 says that SNAP encapsulation is used,
4386 * not LLC encapsulation with LLCSAP_IP.
4387 *
4388 * For IEEE 802 networks - which includes 802.5 token ring
4389 * (which is what DLT_IEEE802 means) and 802.11 - RFC 1042
4390 * says that SNAP encapsulation is used, not LLC encapsulation
4391 * with LLCSAP_IP.
4392 *
4393 * For LLC-encapsulated ATM/"Classical IP", RFC 1483 and
4394 * RFC 2225 say that SNAP encapsulation is used, not LLC
4395 * encapsulation with LLCSAP_IP.
4396 *
4397 * So we always check for ETHERTYPE_IP.
4398 */
4399 b0 = gen_linktype(ETHERTYPE_IP);
4400#ifndef CHASE_CHAIN
3752 b1 = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)v);
4401 b1 = gen_cmp(OR_NET, 9, BPF_B, (bpf_int32)v);
3753#else
3754 b1 = gen_protochain(v, Q_IP);
3755#endif
3756 gen_and(b0, b1);
3757 return b1;
3758
3759 case Q_ISO:
3760 switch (linktype) {
3761
3762 case DLT_FRELAY:
3763 /*
3764 * Frame Relay packets typically have an OSI
3765 * NLPID at the beginning; "gen_linktype(LLCSAP_ISONS)"
3766 * generates code to check for all the OSI
3767 * NLPIDs, so calling it and then adding a check
3768 * for the particular NLPID for which we're
3769 * looking is bogus, as we can just check for
3770 * the NLPID.
3771 *
3772 * What we check for is the NLPID and a frame
3773 * control field value of UI, i.e. 0x03 followed
3774 * by the NLPID.
3775 *
3776 * XXX - assumes a 2-byte Frame Relay header with
3777 * DLCI and flags. What if the address is longer?
3778 *
3779 * XXX - what about SNAP-encapsulated frames?
3780 */
4402#else
4403 b1 = gen_protochain(v, Q_IP);
4404#endif
4405 gen_and(b0, b1);
4406 return b1;
4407
4408 case Q_ISO:
4409 switch (linktype) {
4410
4411 case DLT_FRELAY:
4412 /*
4413 * Frame Relay packets typically have an OSI
4414 * NLPID at the beginning; "gen_linktype(LLCSAP_ISONS)"
4415 * generates code to check for all the OSI
4416 * NLPIDs, so calling it and then adding a check
4417 * for the particular NLPID for which we're
4418 * looking is bogus, as we can just check for
4419 * the NLPID.
4420 *
4421 * What we check for is the NLPID and a frame
4422 * control field value of UI, i.e. 0x03 followed
4423 * by the NLPID.
4424 *
4425 * XXX - assumes a 2-byte Frame Relay header with
4426 * DLCI and flags. What if the address is longer?
4427 *
4428 * XXX - what about SNAP-encapsulated frames?
4429 */
3781 return gen_cmp(2, BPF_H, (0x03<<8) | v);
4430 return gen_cmp(OR_LINK, 2, BPF_H, (0x03<<8) | v);
3782 /*NOTREACHED*/
3783 break;
3784
3785 case DLT_C_HDLC:
3786 /*
3787 * Cisco uses an Ethertype lookalike - for OSI,
3788 * it's 0xfefe.
3789 */
3790 b0 = gen_linktype(LLCSAP_ISONS<<8 | LLCSAP_ISONS);
3791 /* OSI in C-HDLC is stuffed with a fudge byte */
4431 /*NOTREACHED*/
4432 break;
4433
4434 case DLT_C_HDLC:
4435 /*
4436 * Cisco uses an Ethertype lookalike - for OSI,
4437 * it's 0xfefe.
4438 */
4439 b0 = gen_linktype(LLCSAP_ISONS<<8 | LLCSAP_ISONS);
4440 /* OSI in C-HDLC is stuffed with a fudge byte */
3792 b1 = gen_cmp(off_nl_nosnap+1, BPF_B, (long)v);
4441 b1 = gen_cmp(OR_NET_NOSNAP, 1, BPF_B, (long)v);
3793 gen_and(b0, b1);
3794 return b1;
3795
3796 default:
3797 b0 = gen_linktype(LLCSAP_ISONS);
4442 gen_and(b0, b1);
4443 return b1;
4444
4445 default:
4446 b0 = gen_linktype(LLCSAP_ISONS);
3798 b1 = gen_cmp(off_nl_nosnap, BPF_B, (long)v);
4447 b1 = gen_cmp(OR_NET_NOSNAP, 0, BPF_B, (long)v);
3799 gen_and(b0, b1);
3800 return b1;
3801 }
3802
3803 case Q_ISIS:
3804 b0 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT);
3805 /*
3806 * 4 is the offset of the PDU type relative to the IS-IS
3807 * header.
3808 */
4448 gen_and(b0, b1);
4449 return b1;
4450 }
4451
4452 case Q_ISIS:
4453 b0 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT);
4454 /*
4455 * 4 is the offset of the PDU type relative to the IS-IS
4456 * header.
4457 */
3809 b1 = gen_cmp(off_nl_nosnap+4, BPF_B, (long)v);
4458 b1 = gen_cmp(OR_NET_NOSNAP, 4, BPF_B, (long)v);
3810 gen_and(b0, b1);
3811 return b1;
3812
3813 case Q_ARP:
3814 bpf_error("arp does not encapsulate another protocol");
3815 /* NOTREACHED */
3816
3817 case Q_RARP:
3818 bpf_error("rarp does not encapsulate another protocol");
3819 /* NOTREACHED */
3820
3821 case Q_ATALK:
3822 bpf_error("atalk encapsulation is not specifiable");
3823 /* NOTREACHED */
3824
3825 case Q_DECNET:
3826 bpf_error("decnet encapsulation is not specifiable");
3827 /* NOTREACHED */
3828
3829 case Q_SCA:
3830 bpf_error("sca does not encapsulate another protocol");
3831 /* NOTREACHED */
3832
3833 case Q_LAT:
3834 bpf_error("lat does not encapsulate another protocol");
3835 /* NOTREACHED */
3836
3837 case Q_MOPRC:
3838 bpf_error("moprc does not encapsulate another protocol");
3839 /* NOTREACHED */
3840
3841 case Q_MOPDL:
3842 bpf_error("mopdl does not encapsulate another protocol");
3843 /* NOTREACHED */
3844
3845 case Q_LINK:
3846 return gen_linktype(v);
3847
3848 case Q_UDP:
3849 bpf_error("'udp proto' is bogus");
3850 /* NOTREACHED */
3851
3852 case Q_TCP:
3853 bpf_error("'tcp proto' is bogus");
3854 /* NOTREACHED */
3855
3856 case Q_SCTP:
3857 bpf_error("'sctp proto' is bogus");
3858 /* NOTREACHED */
3859
3860 case Q_ICMP:
3861 bpf_error("'icmp proto' is bogus");
3862 /* NOTREACHED */
3863
3864 case Q_IGMP:
3865 bpf_error("'igmp proto' is bogus");
3866 /* NOTREACHED */
3867
3868 case Q_IGRP:
3869 bpf_error("'igrp proto' is bogus");
3870 /* NOTREACHED */
3871
3872 case Q_PIM:
3873 bpf_error("'pim proto' is bogus");
3874 /* NOTREACHED */
3875
3876 case Q_VRRP:
3877 bpf_error("'vrrp proto' is bogus");
3878 /* NOTREACHED */
3879
3880#ifdef INET6
3881 case Q_IPV6:
3882 b0 = gen_linktype(ETHERTYPE_IPV6);
3883#ifndef CHASE_CHAIN
4459 gen_and(b0, b1);
4460 return b1;
4461
4462 case Q_ARP:
4463 bpf_error("arp does not encapsulate another protocol");
4464 /* NOTREACHED */
4465
4466 case Q_RARP:
4467 bpf_error("rarp does not encapsulate another protocol");
4468 /* NOTREACHED */
4469
4470 case Q_ATALK:
4471 bpf_error("atalk encapsulation is not specifiable");
4472 /* NOTREACHED */
4473
4474 case Q_DECNET:
4475 bpf_error("decnet encapsulation is not specifiable");
4476 /* NOTREACHED */
4477
4478 case Q_SCA:
4479 bpf_error("sca does not encapsulate another protocol");
4480 /* NOTREACHED */
4481
4482 case Q_LAT:
4483 bpf_error("lat does not encapsulate another protocol");
4484 /* NOTREACHED */
4485
4486 case Q_MOPRC:
4487 bpf_error("moprc does not encapsulate another protocol");
4488 /* NOTREACHED */
4489
4490 case Q_MOPDL:
4491 bpf_error("mopdl does not encapsulate another protocol");
4492 /* NOTREACHED */
4493
4494 case Q_LINK:
4495 return gen_linktype(v);
4496
4497 case Q_UDP:
4498 bpf_error("'udp proto' is bogus");
4499 /* NOTREACHED */
4500
4501 case Q_TCP:
4502 bpf_error("'tcp proto' is bogus");
4503 /* NOTREACHED */
4504
4505 case Q_SCTP:
4506 bpf_error("'sctp proto' is bogus");
4507 /* NOTREACHED */
4508
4509 case Q_ICMP:
4510 bpf_error("'icmp proto' is bogus");
4511 /* NOTREACHED */
4512
4513 case Q_IGMP:
4514 bpf_error("'igmp proto' is bogus");
4515 /* NOTREACHED */
4516
4517 case Q_IGRP:
4518 bpf_error("'igrp proto' is bogus");
4519 /* NOTREACHED */
4520
4521 case Q_PIM:
4522 bpf_error("'pim proto' is bogus");
4523 /* NOTREACHED */
4524
4525 case Q_VRRP:
4526 bpf_error("'vrrp proto' is bogus");
4527 /* NOTREACHED */
4528
4529#ifdef INET6
4530 case Q_IPV6:
4531 b0 = gen_linktype(ETHERTYPE_IPV6);
4532#ifndef CHASE_CHAIN
3884 b1 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)v);
4533 b1 = gen_cmp(OR_NET, 6, BPF_B, (bpf_int32)v);
3885#else
3886 b1 = gen_protochain(v, Q_IPV6);
3887#endif
3888 gen_and(b0, b1);
3889 return b1;
3890
3891 case Q_ICMPV6:
3892 bpf_error("'icmp6 proto' is bogus");
3893#endif /* INET6 */
3894
3895 case Q_AH:
3896 bpf_error("'ah proto' is bogus");
3897
3898 case Q_ESP:
3899 bpf_error("'ah proto' is bogus");
3900
3901 case Q_STP:
3902 bpf_error("'stp proto' is bogus");
3903
3904 case Q_IPX:
3905 bpf_error("'ipx proto' is bogus");
3906
3907 case Q_NETBEUI:
3908 bpf_error("'netbeui proto' is bogus");
3909
4534#else
4535 b1 = gen_protochain(v, Q_IPV6);
4536#endif
4537 gen_and(b0, b1);
4538 return b1;
4539
4540 case Q_ICMPV6:
4541 bpf_error("'icmp6 proto' is bogus");
4542#endif /* INET6 */
4543
4544 case Q_AH:
4545 bpf_error("'ah proto' is bogus");
4546
4547 case Q_ESP:
4548 bpf_error("'ah proto' is bogus");
4549
4550 case Q_STP:
4551 bpf_error("'stp proto' is bogus");
4552
4553 case Q_IPX:
4554 bpf_error("'ipx proto' is bogus");
4555
4556 case Q_NETBEUI:
4557 bpf_error("'netbeui proto' is bogus");
4558
4559 case Q_RADIO:
4560 bpf_error("'radio proto' is bogus");
4561
3910 default:
3911 abort();
3912 /* NOTREACHED */
3913 }
3914 /* NOTREACHED */
3915}
3916
3917struct block *
3918gen_scode(name, q)
3919 register const char *name;
3920 struct qual q;
3921{
3922 int proto = q.proto;
3923 int dir = q.dir;
3924 int tproto;
3925 u_char *eaddr;
3926 bpf_u_int32 mask, addr;
3927#ifndef INET6
3928 bpf_u_int32 **alist;
3929#else
3930 int tproto6;
3931 struct sockaddr_in *sin;
3932 struct sockaddr_in6 *sin6;
3933 struct addrinfo *res, *res0;
3934 struct in6_addr mask128;
3935#endif /*INET6*/
3936 struct block *b, *tmp;
3937 int port, real_proto;
4562 default:
4563 abort();
4564 /* NOTREACHED */
4565 }
4566 /* NOTREACHED */
4567}
4568
4569struct block *
4570gen_scode(name, q)
4571 register const char *name;
4572 struct qual q;
4573{
4574 int proto = q.proto;
4575 int dir = q.dir;
4576 int tproto;
4577 u_char *eaddr;
4578 bpf_u_int32 mask, addr;
4579#ifndef INET6
4580 bpf_u_int32 **alist;
4581#else
4582 int tproto6;
4583 struct sockaddr_in *sin;
4584 struct sockaddr_in6 *sin6;
4585 struct addrinfo *res, *res0;
4586 struct in6_addr mask128;
4587#endif /*INET6*/
4588 struct block *b, *tmp;
4589 int port, real_proto;
4590 int port1, port2;
3938
3939 switch (q.addr) {
3940
3941 case Q_NET:
3942 addr = pcap_nametonetaddr(name);
3943 if (addr == 0)
3944 bpf_error("unknown network '%s'", name);
3945 /* Left justify network addr and calculate its network mask */
3946 mask = 0xffffffff;
3947 while (addr && (addr & 0xff000000) == 0) {
3948 addr <<= 8;
3949 mask <<= 8;
3950 }
3951 return gen_host(addr, mask, proto, dir);
3952
3953 case Q_DEFAULT:
3954 case Q_HOST:
3955 if (proto == Q_LINK) {
3956 switch (linktype) {
3957
3958 case DLT_EN10MB:
3959 eaddr = pcap_ether_hostton(name);
3960 if (eaddr == NULL)
3961 bpf_error(
3962 "unknown ether host '%s'", name);
3963 b = gen_ehostop(eaddr, dir);
3964 free(eaddr);
3965 return b;
3966
3967 case DLT_FDDI:
3968 eaddr = pcap_ether_hostton(name);
3969 if (eaddr == NULL)
3970 bpf_error(
3971 "unknown FDDI host '%s'", name);
3972 b = gen_fhostop(eaddr, dir);
3973 free(eaddr);
3974 return b;
3975
3976 case DLT_IEEE802:
3977 eaddr = pcap_ether_hostton(name);
3978 if (eaddr == NULL)
3979 bpf_error(
3980 "unknown token ring host '%s'", name);
3981 b = gen_thostop(eaddr, dir);
3982 free(eaddr);
3983 return b;
3984
3985 case DLT_IEEE802_11:
4591
4592 switch (q.addr) {
4593
4594 case Q_NET:
4595 addr = pcap_nametonetaddr(name);
4596 if (addr == 0)
4597 bpf_error("unknown network '%s'", name);
4598 /* Left justify network addr and calculate its network mask */
4599 mask = 0xffffffff;
4600 while (addr && (addr & 0xff000000) == 0) {
4601 addr <<= 8;
4602 mask <<= 8;
4603 }
4604 return gen_host(addr, mask, proto, dir);
4605
4606 case Q_DEFAULT:
4607 case Q_HOST:
4608 if (proto == Q_LINK) {
4609 switch (linktype) {
4610
4611 case DLT_EN10MB:
4612 eaddr = pcap_ether_hostton(name);
4613 if (eaddr == NULL)
4614 bpf_error(
4615 "unknown ether host '%s'", name);
4616 b = gen_ehostop(eaddr, dir);
4617 free(eaddr);
4618 return b;
4619
4620 case DLT_FDDI:
4621 eaddr = pcap_ether_hostton(name);
4622 if (eaddr == NULL)
4623 bpf_error(
4624 "unknown FDDI host '%s'", name);
4625 b = gen_fhostop(eaddr, dir);
4626 free(eaddr);
4627 return b;
4628
4629 case DLT_IEEE802:
4630 eaddr = pcap_ether_hostton(name);
4631 if (eaddr == NULL)
4632 bpf_error(
4633 "unknown token ring host '%s'", name);
4634 b = gen_thostop(eaddr, dir);
4635 free(eaddr);
4636 return b;
4637
4638 case DLT_IEEE802_11:
4639 case DLT_IEEE802_11_RADIO_AVS:
4640 case DLT_IEEE802_11_RADIO:
4641 case DLT_PRISM_HEADER:
3986 eaddr = pcap_ether_hostton(name);
3987 if (eaddr == NULL)
3988 bpf_error(
3989 "unknown 802.11 host '%s'", name);
3990 b = gen_wlanhostop(eaddr, dir);
3991 free(eaddr);
3992 return b;
3993
3994 case DLT_IP_OVER_FC:
3995 eaddr = pcap_ether_hostton(name);
3996 if (eaddr == NULL)
3997 bpf_error(
3998 "unknown Fibre Channel host '%s'", name);
3999 b = gen_ipfchostop(eaddr, dir);
4000 free(eaddr);
4001 return b;
4002
4003 case DLT_SUNATM:
4004 if (!is_lane)
4005 break;
4006
4007 /*
4008 * Check that the packet doesn't begin
4009 * with an LE Control marker. (We've
4010 * already generated a test for LANE.)
4011 */
4642 eaddr = pcap_ether_hostton(name);
4643 if (eaddr == NULL)
4644 bpf_error(
4645 "unknown 802.11 host '%s'", name);
4646 b = gen_wlanhostop(eaddr, dir);
4647 free(eaddr);
4648 return b;
4649
4650 case DLT_IP_OVER_FC:
4651 eaddr = pcap_ether_hostton(name);
4652 if (eaddr == NULL)
4653 bpf_error(
4654 "unknown Fibre Channel host '%s'", name);
4655 b = gen_ipfchostop(eaddr, dir);
4656 free(eaddr);
4657 return b;
4658
4659 case DLT_SUNATM:
4660 if (!is_lane)
4661 break;
4662
4663 /*
4664 * Check that the packet doesn't begin
4665 * with an LE Control marker. (We've
4666 * already generated a test for LANE.)
4667 */
4012 tmp = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H,
4013 0xFF00);
4668 tmp = gen_cmp(OR_LINK, SUNATM_PKT_BEGIN_POS,
4669 BPF_H, 0xFF00);
4014 gen_not(tmp);
4015
4016 eaddr = pcap_ether_hostton(name);
4017 if (eaddr == NULL)
4018 bpf_error(
4019 "unknown ether host '%s'", name);
4020 b = gen_ehostop(eaddr, dir);
4021 gen_and(tmp, b);
4022 free(eaddr);
4023 return b;
4024 }
4025
4026 bpf_error("only ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel supports link-level host name");
4027 } else if (proto == Q_DECNET) {
4028 unsigned short dn_addr = __pcap_nametodnaddr(name);
4029 /*
4030 * I don't think DECNET hosts can be multihomed, so
4031 * there is no need to build up a list of addresses
4032 */
4033 return (gen_host(dn_addr, 0, proto, dir));
4034 } else {
4035#ifndef INET6
4036 alist = pcap_nametoaddr(name);
4037 if (alist == NULL || *alist == NULL)
4038 bpf_error("unknown host '%s'", name);
4039 tproto = proto;
4040 if (off_linktype == (u_int)-1 && tproto == Q_DEFAULT)
4041 tproto = Q_IP;
4042 b = gen_host(**alist++, 0xffffffff, tproto, dir);
4043 while (*alist) {
4044 tmp = gen_host(**alist++, 0xffffffff,
4045 tproto, dir);
4046 gen_or(b, tmp);
4047 b = tmp;
4048 }
4049 return b;
4050#else
4051 memset(&mask128, 0xff, sizeof(mask128));
4052 res0 = res = pcap_nametoaddrinfo(name);
4053 if (res == NULL)
4054 bpf_error("unknown host '%s'", name);
4055 b = tmp = NULL;
4056 tproto = tproto6 = proto;
4057 if (off_linktype == -1 && tproto == Q_DEFAULT) {
4058 tproto = Q_IP;
4059 tproto6 = Q_IPV6;
4060 }
4061 for (res = res0; res; res = res->ai_next) {
4062 switch (res->ai_family) {
4063 case AF_INET:
4064 if (tproto == Q_IPV6)
4065 continue;
4066
4067 sin = (struct sockaddr_in *)
4068 res->ai_addr;
4069 tmp = gen_host(ntohl(sin->sin_addr.s_addr),
4070 0xffffffff, tproto, dir);
4071 break;
4072 case AF_INET6:
4073 if (tproto6 == Q_IP)
4074 continue;
4075
4076 sin6 = (struct sockaddr_in6 *)
4077 res->ai_addr;
4078 tmp = gen_host6(&sin6->sin6_addr,
4079 &mask128, tproto6, dir);
4080 break;
4081 default:
4082 continue;
4083 }
4084 if (b)
4085 gen_or(b, tmp);
4086 b = tmp;
4087 }
4088 freeaddrinfo(res0);
4089 if (b == NULL) {
4090 bpf_error("unknown host '%s'%s", name,
4091 (proto == Q_DEFAULT)
4092 ? ""
4093 : " for specified address family");
4094 }
4095 return b;
4096#endif /*INET6*/
4097 }
4098
4099 case Q_PORT:
4100 if (proto != Q_DEFAULT &&
4101 proto != Q_UDP && proto != Q_TCP && proto != Q_SCTP)
4102 bpf_error("illegal qualifier of 'port'");
4103 if (pcap_nametoport(name, &port, &real_proto) == 0)
4104 bpf_error("unknown port '%s'", name);
4105 if (proto == Q_UDP) {
4106 if (real_proto == IPPROTO_TCP)
4107 bpf_error("port '%s' is tcp", name);
4108 else if (real_proto == IPPROTO_SCTP)
4109 bpf_error("port '%s' is sctp", name);
4110 else
4111 /* override PROTO_UNDEF */
4112 real_proto = IPPROTO_UDP;
4113 }
4114 if (proto == Q_TCP) {
4115 if (real_proto == IPPROTO_UDP)
4116 bpf_error("port '%s' is udp", name);
4117
4118 else if (real_proto == IPPROTO_SCTP)
4119 bpf_error("port '%s' is sctp", name);
4120 else
4121 /* override PROTO_UNDEF */
4122 real_proto = IPPROTO_TCP;
4123 }
4124 if (proto == Q_SCTP) {
4125 if (real_proto == IPPROTO_UDP)
4126 bpf_error("port '%s' is udp", name);
4127
4128 else if (real_proto == IPPROTO_TCP)
4129 bpf_error("port '%s' is tcp", name);
4130 else
4131 /* override PROTO_UNDEF */
4132 real_proto = IPPROTO_SCTP;
4133 }
4134#ifndef INET6
4135 return gen_port(port, real_proto, dir);
4136#else
4137 {
4138 struct block *b;
4139 b = gen_port(port, real_proto, dir);
4140 gen_or(gen_port6(port, real_proto, dir), b);
4141 return b;
4142 }
4143#endif /* INET6 */
4144
4670 gen_not(tmp);
4671
4672 eaddr = pcap_ether_hostton(name);
4673 if (eaddr == NULL)
4674 bpf_error(
4675 "unknown ether host '%s'", name);
4676 b = gen_ehostop(eaddr, dir);
4677 gen_and(tmp, b);
4678 free(eaddr);
4679 return b;
4680 }
4681
4682 bpf_error("only ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel supports link-level host name");
4683 } else if (proto == Q_DECNET) {
4684 unsigned short dn_addr = __pcap_nametodnaddr(name);
4685 /*
4686 * I don't think DECNET hosts can be multihomed, so
4687 * there is no need to build up a list of addresses
4688 */
4689 return (gen_host(dn_addr, 0, proto, dir));
4690 } else {
4691#ifndef INET6
4692 alist = pcap_nametoaddr(name);
4693 if (alist == NULL || *alist == NULL)
4694 bpf_error("unknown host '%s'", name);
4695 tproto = proto;
4696 if (off_linktype == (u_int)-1 && tproto == Q_DEFAULT)
4697 tproto = Q_IP;
4698 b = gen_host(**alist++, 0xffffffff, tproto, dir);
4699 while (*alist) {
4700 tmp = gen_host(**alist++, 0xffffffff,
4701 tproto, dir);
4702 gen_or(b, tmp);
4703 b = tmp;
4704 }
4705 return b;
4706#else
4707 memset(&mask128, 0xff, sizeof(mask128));
4708 res0 = res = pcap_nametoaddrinfo(name);
4709 if (res == NULL)
4710 bpf_error("unknown host '%s'", name);
4711 b = tmp = NULL;
4712 tproto = tproto6 = proto;
4713 if (off_linktype == -1 && tproto == Q_DEFAULT) {
4714 tproto = Q_IP;
4715 tproto6 = Q_IPV6;
4716 }
4717 for (res = res0; res; res = res->ai_next) {
4718 switch (res->ai_family) {
4719 case AF_INET:
4720 if (tproto == Q_IPV6)
4721 continue;
4722
4723 sin = (struct sockaddr_in *)
4724 res->ai_addr;
4725 tmp = gen_host(ntohl(sin->sin_addr.s_addr),
4726 0xffffffff, tproto, dir);
4727 break;
4728 case AF_INET6:
4729 if (tproto6 == Q_IP)
4730 continue;
4731
4732 sin6 = (struct sockaddr_in6 *)
4733 res->ai_addr;
4734 tmp = gen_host6(&sin6->sin6_addr,
4735 &mask128, tproto6, dir);
4736 break;
4737 default:
4738 continue;
4739 }
4740 if (b)
4741 gen_or(b, tmp);
4742 b = tmp;
4743 }
4744 freeaddrinfo(res0);
4745 if (b == NULL) {
4746 bpf_error("unknown host '%s'%s", name,
4747 (proto == Q_DEFAULT)
4748 ? ""
4749 : " for specified address family");
4750 }
4751 return b;
4752#endif /*INET6*/
4753 }
4754
4755 case Q_PORT:
4756 if (proto != Q_DEFAULT &&
4757 proto != Q_UDP && proto != Q_TCP && proto != Q_SCTP)
4758 bpf_error("illegal qualifier of 'port'");
4759 if (pcap_nametoport(name, &port, &real_proto) == 0)
4760 bpf_error("unknown port '%s'", name);
4761 if (proto == Q_UDP) {
4762 if (real_proto == IPPROTO_TCP)
4763 bpf_error("port '%s' is tcp", name);
4764 else if (real_proto == IPPROTO_SCTP)
4765 bpf_error("port '%s' is sctp", name);
4766 else
4767 /* override PROTO_UNDEF */
4768 real_proto = IPPROTO_UDP;
4769 }
4770 if (proto == Q_TCP) {
4771 if (real_proto == IPPROTO_UDP)
4772 bpf_error("port '%s' is udp", name);
4773
4774 else if (real_proto == IPPROTO_SCTP)
4775 bpf_error("port '%s' is sctp", name);
4776 else
4777 /* override PROTO_UNDEF */
4778 real_proto = IPPROTO_TCP;
4779 }
4780 if (proto == Q_SCTP) {
4781 if (real_proto == IPPROTO_UDP)
4782 bpf_error("port '%s' is udp", name);
4783
4784 else if (real_proto == IPPROTO_TCP)
4785 bpf_error("port '%s' is tcp", name);
4786 else
4787 /* override PROTO_UNDEF */
4788 real_proto = IPPROTO_SCTP;
4789 }
4790#ifndef INET6
4791 return gen_port(port, real_proto, dir);
4792#else
4793 {
4794 struct block *b;
4795 b = gen_port(port, real_proto, dir);
4796 gen_or(gen_port6(port, real_proto, dir), b);
4797 return b;
4798 }
4799#endif /* INET6 */
4800
4801 case Q_PORTRANGE:
4802 if (proto != Q_DEFAULT &&
4803 proto != Q_UDP && proto != Q_TCP && proto != Q_SCTP)
4804 bpf_error("illegal qualifier of 'portrange'");
4805 if (pcap_nametoportrange(name, &port1, &port2, &real_proto) == 0)
4806 bpf_error("unknown port in range '%s'", name);
4807 if (proto == Q_UDP) {
4808 if (real_proto == IPPROTO_TCP)
4809 bpf_error("port in range '%s' is tcp", name);
4810 else if (real_proto == IPPROTO_SCTP)
4811 bpf_error("port in range '%s' is sctp", name);
4812 else
4813 /* override PROTO_UNDEF */
4814 real_proto = IPPROTO_UDP;
4815 }
4816 if (proto == Q_TCP) {
4817 if (real_proto == IPPROTO_UDP)
4818 bpf_error("port in range '%s' is udp", name);
4819 else if (real_proto == IPPROTO_SCTP)
4820 bpf_error("port in range '%s' is sctp", name);
4821 else
4822 /* override PROTO_UNDEF */
4823 real_proto = IPPROTO_TCP;
4824 }
4825 if (proto == Q_SCTP) {
4826 if (real_proto == IPPROTO_UDP)
4827 bpf_error("port in range '%s' is udp", name);
4828 else if (real_proto == IPPROTO_TCP)
4829 bpf_error("port in range '%s' is tcp", name);
4830 else
4831 /* override PROTO_UNDEF */
4832 real_proto = IPPROTO_SCTP;
4833 }
4834#ifndef INET6
4835 return gen_portrange(port1, port2, real_proto, dir);
4836#else
4837 {
4838 struct block *b;
4839 b = gen_portrange(port1, port2, real_proto, dir);
4840 gen_or(gen_portrange6(port1, port2, real_proto, dir), b);
4841 return b;
4842 }
4843#endif /* INET6 */
4844
4145 case Q_GATEWAY:
4146#ifndef INET6
4147 eaddr = pcap_ether_hostton(name);
4148 if (eaddr == NULL)
4149 bpf_error("unknown ether host: %s", name);
4150
4151 alist = pcap_nametoaddr(name);
4152 if (alist == NULL || *alist == NULL)
4153 bpf_error("unknown host '%s'", name);
4154 b = gen_gateway(eaddr, alist, proto, dir);
4155 free(eaddr);
4156 return b;
4157#else
4158 bpf_error("'gateway' not supported in this configuration");
4159#endif /*INET6*/
4160
4161 case Q_PROTO:
4162 real_proto = lookup_proto(name, proto);
4163 if (real_proto >= 0)
4164 return gen_proto(real_proto, proto, dir);
4165 else
4166 bpf_error("unknown protocol: %s", name);
4167
4168 case Q_PROTOCHAIN:
4169 real_proto = lookup_proto(name, proto);
4170 if (real_proto >= 0)
4171 return gen_protochain(real_proto, proto, dir);
4172 else
4173 bpf_error("unknown protocol: %s", name);
4174
4175
4176 case Q_UNDEF:
4177 syntax();
4178 /* NOTREACHED */
4179 }
4180 abort();
4181 /* NOTREACHED */
4182}
4183
4184struct block *
4185gen_mcode(s1, s2, masklen, q)
4186 register const char *s1, *s2;
4187 register int masklen;
4188 struct qual q;
4189{
4190 register int nlen, mlen;
4191 bpf_u_int32 n, m;
4192
4193 nlen = __pcap_atoin(s1, &n);
4194 /* Promote short ipaddr */
4195 n <<= 32 - nlen;
4196
4197 if (s2 != NULL) {
4198 mlen = __pcap_atoin(s2, &m);
4199 /* Promote short ipaddr */
4200 m <<= 32 - mlen;
4201 if ((n & ~m) != 0)
4202 bpf_error("non-network bits set in \"%s mask %s\"",
4203 s1, s2);
4204 } else {
4205 /* Convert mask len to mask */
4206 if (masklen > 32)
4207 bpf_error("mask length must be <= 32");
4208 m = 0xffffffff << (32 - masklen);
4209 if ((n & ~m) != 0)
4210 bpf_error("non-network bits set in \"%s/%d\"",
4211 s1, masklen);
4212 }
4213
4214 switch (q.addr) {
4215
4216 case Q_NET:
4217 return gen_host(n, m, q.proto, q.dir);
4218
4219 default:
4220 bpf_error("Mask syntax for networks only");
4221 /* NOTREACHED */
4222 }
4223 /* NOTREACHED */
4224}
4225
4226struct block *
4227gen_ncode(s, v, q)
4228 register const char *s;
4229 bpf_u_int32 v;
4230 struct qual q;
4231{
4232 bpf_u_int32 mask;
4233 int proto = q.proto;
4234 int dir = q.dir;
4235 register int vlen;
4236
4237 if (s == NULL)
4238 vlen = 32;
4239 else if (q.proto == Q_DECNET)
4240 vlen = __pcap_atodn(s, &v);
4241 else
4242 vlen = __pcap_atoin(s, &v);
4243
4244 switch (q.addr) {
4245
4246 case Q_DEFAULT:
4247 case Q_HOST:
4248 case Q_NET:
4249 if (proto == Q_DECNET)
4250 return gen_host(v, 0, proto, dir);
4251 else if (proto == Q_LINK) {
4252 bpf_error("illegal link layer address");
4253 } else {
4254 mask = 0xffffffff;
4255 if (s == NULL && q.addr == Q_NET) {
4256 /* Promote short net number */
4257 while (v && (v & 0xff000000) == 0) {
4258 v <<= 8;
4259 mask <<= 8;
4260 }
4261 } else {
4262 /* Promote short ipaddr */
4263 v <<= 32 - vlen;
4264 mask <<= 32 - vlen;
4265 }
4266 return gen_host(v, mask, proto, dir);
4267 }
4268
4269 case Q_PORT:
4270 if (proto == Q_UDP)
4271 proto = IPPROTO_UDP;
4272 else if (proto == Q_TCP)
4273 proto = IPPROTO_TCP;
4274 else if (proto == Q_SCTP)
4275 proto = IPPROTO_SCTP;
4276 else if (proto == Q_DEFAULT)
4277 proto = PROTO_UNDEF;
4278 else
4279 bpf_error("illegal qualifier of 'port'");
4280
4281#ifndef INET6
4282 return gen_port((int)v, proto, dir);
4283#else
4284 {
4285 struct block *b;
4286 b = gen_port((int)v, proto, dir);
4287 gen_or(gen_port6((int)v, proto, dir), b);
4288 return b;
4289 }
4290#endif /* INET6 */
4291
4845 case Q_GATEWAY:
4846#ifndef INET6
4847 eaddr = pcap_ether_hostton(name);
4848 if (eaddr == NULL)
4849 bpf_error("unknown ether host: %s", name);
4850
4851 alist = pcap_nametoaddr(name);
4852 if (alist == NULL || *alist == NULL)
4853 bpf_error("unknown host '%s'", name);
4854 b = gen_gateway(eaddr, alist, proto, dir);
4855 free(eaddr);
4856 return b;
4857#else
4858 bpf_error("'gateway' not supported in this configuration");
4859#endif /*INET6*/
4860
4861 case Q_PROTO:
4862 real_proto = lookup_proto(name, proto);
4863 if (real_proto >= 0)
4864 return gen_proto(real_proto, proto, dir);
4865 else
4866 bpf_error("unknown protocol: %s", name);
4867
4868 case Q_PROTOCHAIN:
4869 real_proto = lookup_proto(name, proto);
4870 if (real_proto >= 0)
4871 return gen_protochain(real_proto, proto, dir);
4872 else
4873 bpf_error("unknown protocol: %s", name);
4874
4875
4876 case Q_UNDEF:
4877 syntax();
4878 /* NOTREACHED */
4879 }
4880 abort();
4881 /* NOTREACHED */
4882}
4883
4884struct block *
4885gen_mcode(s1, s2, masklen, q)
4886 register const char *s1, *s2;
4887 register int masklen;
4888 struct qual q;
4889{
4890 register int nlen, mlen;
4891 bpf_u_int32 n, m;
4892
4893 nlen = __pcap_atoin(s1, &n);
4894 /* Promote short ipaddr */
4895 n <<= 32 - nlen;
4896
4897 if (s2 != NULL) {
4898 mlen = __pcap_atoin(s2, &m);
4899 /* Promote short ipaddr */
4900 m <<= 32 - mlen;
4901 if ((n & ~m) != 0)
4902 bpf_error("non-network bits set in \"%s mask %s\"",
4903 s1, s2);
4904 } else {
4905 /* Convert mask len to mask */
4906 if (masklen > 32)
4907 bpf_error("mask length must be <= 32");
4908 m = 0xffffffff << (32 - masklen);
4909 if ((n & ~m) != 0)
4910 bpf_error("non-network bits set in \"%s/%d\"",
4911 s1, masklen);
4912 }
4913
4914 switch (q.addr) {
4915
4916 case Q_NET:
4917 return gen_host(n, m, q.proto, q.dir);
4918
4919 default:
4920 bpf_error("Mask syntax for networks only");
4921 /* NOTREACHED */
4922 }
4923 /* NOTREACHED */
4924}
4925
4926struct block *
4927gen_ncode(s, v, q)
4928 register const char *s;
4929 bpf_u_int32 v;
4930 struct qual q;
4931{
4932 bpf_u_int32 mask;
4933 int proto = q.proto;
4934 int dir = q.dir;
4935 register int vlen;
4936
4937 if (s == NULL)
4938 vlen = 32;
4939 else if (q.proto == Q_DECNET)
4940 vlen = __pcap_atodn(s, &v);
4941 else
4942 vlen = __pcap_atoin(s, &v);
4943
4944 switch (q.addr) {
4945
4946 case Q_DEFAULT:
4947 case Q_HOST:
4948 case Q_NET:
4949 if (proto == Q_DECNET)
4950 return gen_host(v, 0, proto, dir);
4951 else if (proto == Q_LINK) {
4952 bpf_error("illegal link layer address");
4953 } else {
4954 mask = 0xffffffff;
4955 if (s == NULL && q.addr == Q_NET) {
4956 /* Promote short net number */
4957 while (v && (v & 0xff000000) == 0) {
4958 v <<= 8;
4959 mask <<= 8;
4960 }
4961 } else {
4962 /* Promote short ipaddr */
4963 v <<= 32 - vlen;
4964 mask <<= 32 - vlen;
4965 }
4966 return gen_host(v, mask, proto, dir);
4967 }
4968
4969 case Q_PORT:
4970 if (proto == Q_UDP)
4971 proto = IPPROTO_UDP;
4972 else if (proto == Q_TCP)
4973 proto = IPPROTO_TCP;
4974 else if (proto == Q_SCTP)
4975 proto = IPPROTO_SCTP;
4976 else if (proto == Q_DEFAULT)
4977 proto = PROTO_UNDEF;
4978 else
4979 bpf_error("illegal qualifier of 'port'");
4980
4981#ifndef INET6
4982 return gen_port((int)v, proto, dir);
4983#else
4984 {
4985 struct block *b;
4986 b = gen_port((int)v, proto, dir);
4987 gen_or(gen_port6((int)v, proto, dir), b);
4988 return b;
4989 }
4990#endif /* INET6 */
4991
4992 case Q_PORTRANGE:
4993 if (proto == Q_UDP)
4994 proto = IPPROTO_UDP;
4995 else if (proto == Q_TCP)
4996 proto = IPPROTO_TCP;
4997 else if (proto == Q_SCTP)
4998 proto = IPPROTO_SCTP;
4999 else if (proto == Q_DEFAULT)
5000 proto = PROTO_UNDEF;
5001 else
5002 bpf_error("illegal qualifier of 'portrange'");
5003
5004#ifndef INET6
5005 return gen_portrange((int)v, (int)v, proto, dir);
5006#else
5007 {
5008 struct block *b;
5009 b = gen_portrange((int)v, (int)v, proto, dir);
5010 gen_or(gen_portrange6((int)v, (int)v, proto, dir), b);
5011 return b;
5012 }
5013#endif /* INET6 */
5014
4292 case Q_GATEWAY:
4293 bpf_error("'gateway' requires a name");
4294 /* NOTREACHED */
4295
4296 case Q_PROTO:
4297 return gen_proto((int)v, proto, dir);
4298
4299 case Q_PROTOCHAIN:
4300 return gen_protochain((int)v, proto, dir);
4301
4302 case Q_UNDEF:
4303 syntax();
4304 /* NOTREACHED */
4305
4306 default:
4307 abort();
4308 /* NOTREACHED */
4309 }
4310 /* NOTREACHED */
4311}
4312
4313#ifdef INET6
4314struct block *
4315gen_mcode6(s1, s2, masklen, q)
4316 register const char *s1, *s2;
4317 register int masklen;
4318 struct qual q;
4319{
4320 struct addrinfo *res;
4321 struct in6_addr *addr;
4322 struct in6_addr mask;
4323 struct block *b;
4324 u_int32_t *a, *m;
4325
4326 if (s2)
4327 bpf_error("no mask %s supported", s2);
4328
4329 res = pcap_nametoaddrinfo(s1);
4330 if (!res)
4331 bpf_error("invalid ip6 address %s", s1);
4332 if (res->ai_next)
4333 bpf_error("%s resolved to multiple address", s1);
4334 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr;
4335
4336 if (sizeof(mask) * 8 < masklen)
4337 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8));
4338 memset(&mask, 0, sizeof(mask));
4339 memset(&mask, 0xff, masklen / 8);
4340 if (masklen % 8) {
4341 mask.s6_addr[masklen / 8] =
4342 (0xff << (8 - masklen % 8)) & 0xff;
4343 }
4344
4345 a = (u_int32_t *)addr;
4346 m = (u_int32_t *)&mask;
4347 if ((a[0] & ~m[0]) || (a[1] & ~m[1])
4348 || (a[2] & ~m[2]) || (a[3] & ~m[3])) {
4349 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen);
4350 }
4351
4352 switch (q.addr) {
4353
4354 case Q_DEFAULT:
4355 case Q_HOST:
4356 if (masklen != 128)
4357 bpf_error("Mask syntax for networks only");
4358 /* FALLTHROUGH */
4359
4360 case Q_NET:
4361 b = gen_host6(addr, &mask, q.proto, q.dir);
4362 freeaddrinfo(res);
4363 return b;
4364
4365 default:
4366 bpf_error("invalid qualifier against IPv6 address");
4367 /* NOTREACHED */
4368 }
4369}
4370#endif /*INET6*/
4371
4372struct block *
4373gen_ecode(eaddr, q)
4374 register const u_char *eaddr;
4375 struct qual q;
4376{
4377 struct block *b, *tmp;
4378
4379 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
4380 if (linktype == DLT_EN10MB)
4381 return gen_ehostop(eaddr, (int)q.dir);
4382 if (linktype == DLT_FDDI)
4383 return gen_fhostop(eaddr, (int)q.dir);
4384 if (linktype == DLT_IEEE802)
4385 return gen_thostop(eaddr, (int)q.dir);
5015 case Q_GATEWAY:
5016 bpf_error("'gateway' requires a name");
5017 /* NOTREACHED */
5018
5019 case Q_PROTO:
5020 return gen_proto((int)v, proto, dir);
5021
5022 case Q_PROTOCHAIN:
5023 return gen_protochain((int)v, proto, dir);
5024
5025 case Q_UNDEF:
5026 syntax();
5027 /* NOTREACHED */
5028
5029 default:
5030 abort();
5031 /* NOTREACHED */
5032 }
5033 /* NOTREACHED */
5034}
5035
5036#ifdef INET6
5037struct block *
5038gen_mcode6(s1, s2, masklen, q)
5039 register const char *s1, *s2;
5040 register int masklen;
5041 struct qual q;
5042{
5043 struct addrinfo *res;
5044 struct in6_addr *addr;
5045 struct in6_addr mask;
5046 struct block *b;
5047 u_int32_t *a, *m;
5048
5049 if (s2)
5050 bpf_error("no mask %s supported", s2);
5051
5052 res = pcap_nametoaddrinfo(s1);
5053 if (!res)
5054 bpf_error("invalid ip6 address %s", s1);
5055 if (res->ai_next)
5056 bpf_error("%s resolved to multiple address", s1);
5057 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr;
5058
5059 if (sizeof(mask) * 8 < masklen)
5060 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8));
5061 memset(&mask, 0, sizeof(mask));
5062 memset(&mask, 0xff, masklen / 8);
5063 if (masklen % 8) {
5064 mask.s6_addr[masklen / 8] =
5065 (0xff << (8 - masklen % 8)) & 0xff;
5066 }
5067
5068 a = (u_int32_t *)addr;
5069 m = (u_int32_t *)&mask;
5070 if ((a[0] & ~m[0]) || (a[1] & ~m[1])
5071 || (a[2] & ~m[2]) || (a[3] & ~m[3])) {
5072 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen);
5073 }
5074
5075 switch (q.addr) {
5076
5077 case Q_DEFAULT:
5078 case Q_HOST:
5079 if (masklen != 128)
5080 bpf_error("Mask syntax for networks only");
5081 /* FALLTHROUGH */
5082
5083 case Q_NET:
5084 b = gen_host6(addr, &mask, q.proto, q.dir);
5085 freeaddrinfo(res);
5086 return b;
5087
5088 default:
5089 bpf_error("invalid qualifier against IPv6 address");
5090 /* NOTREACHED */
5091 }
5092}
5093#endif /*INET6*/
5094
5095struct block *
5096gen_ecode(eaddr, q)
5097 register const u_char *eaddr;
5098 struct qual q;
5099{
5100 struct block *b, *tmp;
5101
5102 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
5103 if (linktype == DLT_EN10MB)
5104 return gen_ehostop(eaddr, (int)q.dir);
5105 if (linktype == DLT_FDDI)
5106 return gen_fhostop(eaddr, (int)q.dir);
5107 if (linktype == DLT_IEEE802)
5108 return gen_thostop(eaddr, (int)q.dir);
4386 if (linktype == DLT_IEEE802_11)
5109 if (linktype == DLT_IEEE802_11 ||
5110 linktype == DLT_IEEE802_11_RADIO_AVS ||
5111 linktype == DLT_IEEE802_11_RADIO ||
5112 linktype == DLT_PRISM_HEADER)
4387 return gen_wlanhostop(eaddr, (int)q.dir);
4388 if (linktype == DLT_SUNATM && is_lane) {
4389 /*
4390 * Check that the packet doesn't begin with an
4391 * LE Control marker. (We've already generated
4392 * a test for LANE.)
4393 */
5113 return gen_wlanhostop(eaddr, (int)q.dir);
5114 if (linktype == DLT_SUNATM && is_lane) {
5115 /*
5116 * Check that the packet doesn't begin with an
5117 * LE Control marker. (We've already generated
5118 * a test for LANE.)
5119 */
4394 tmp = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
5120 tmp = gen_cmp(OR_LINK, SUNATM_PKT_BEGIN_POS, BPF_H,
5121 0xFF00);
4395 gen_not(tmp);
4396
4397 /*
4398 * Now check the MAC address.
4399 */
4400 b = gen_ehostop(eaddr, (int)q.dir);
4401 gen_and(tmp, b);
4402 return b;
4403 }
4404 if (linktype == DLT_IP_OVER_FC)
4405 return gen_ipfchostop(eaddr, (int)q.dir);
4406 bpf_error("ethernet addresses supported only on ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel");
4407 }
4408 bpf_error("ethernet address used in non-ether expression");
4409 /* NOTREACHED */
4410}
4411
4412void
4413sappend(s0, s1)
4414 struct slist *s0, *s1;
4415{
4416 /*
4417 * This is definitely not the best way to do this, but the
4418 * lists will rarely get long.
4419 */
4420 while (s0->next)
4421 s0 = s0->next;
4422 s0->next = s1;
4423}
4424
4425static struct slist *
4426xfer_to_x(a)
4427 struct arth *a;
4428{
4429 struct slist *s;
4430
4431 s = new_stmt(BPF_LDX|BPF_MEM);
4432 s->s.k = a->regno;
4433 return s;
4434}
4435
4436static struct slist *
4437xfer_to_a(a)
4438 struct arth *a;
4439{
4440 struct slist *s;
4441
4442 s = new_stmt(BPF_LD|BPF_MEM);
4443 s->s.k = a->regno;
4444 return s;
4445}
4446
5122 gen_not(tmp);
5123
5124 /*
5125 * Now check the MAC address.
5126 */
5127 b = gen_ehostop(eaddr, (int)q.dir);
5128 gen_and(tmp, b);
5129 return b;
5130 }
5131 if (linktype == DLT_IP_OVER_FC)
5132 return gen_ipfchostop(eaddr, (int)q.dir);
5133 bpf_error("ethernet addresses supported only on ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel");
5134 }
5135 bpf_error("ethernet address used in non-ether expression");
5136 /* NOTREACHED */
5137}
5138
5139void
5140sappend(s0, s1)
5141 struct slist *s0, *s1;
5142{
5143 /*
5144 * This is definitely not the best way to do this, but the
5145 * lists will rarely get long.
5146 */
5147 while (s0->next)
5148 s0 = s0->next;
5149 s0->next = s1;
5150}
5151
5152static struct slist *
5153xfer_to_x(a)
5154 struct arth *a;
5155{
5156 struct slist *s;
5157
5158 s = new_stmt(BPF_LDX|BPF_MEM);
5159 s->s.k = a->regno;
5160 return s;
5161}
5162
5163static struct slist *
5164xfer_to_a(a)
5165 struct arth *a;
5166{
5167 struct slist *s;
5168
5169 s = new_stmt(BPF_LD|BPF_MEM);
5170 s->s.k = a->regno;
5171 return s;
5172}
5173
5174/*
5175 * Modify "index" to use the value stored into its register as an
5176 * offset relative to the beginning of the header for the protocol
5177 * "proto", and allocate a register and put an item "size" bytes long
5178 * (1, 2, or 4) at that offset into that register, making it the register
5179 * for "index".
5180 */
4447struct arth *
4448gen_load(proto, index, size)
4449 int proto;
4450 struct arth *index;
4451 int size;
4452{
4453 struct slist *s, *tmp;
4454 struct block *b;
4455 int regno = alloc_reg();
4456
4457 free_reg(index->regno);
4458 switch (size) {
4459
4460 default:
4461 bpf_error("data size must be 1, 2, or 4");
4462
4463 case 1:
4464 size = BPF_B;
4465 break;
4466
4467 case 2:
4468 size = BPF_H;
4469 break;
4470
4471 case 4:
4472 size = BPF_W;
4473 break;
4474 }
4475 switch (proto) {
4476 default:
4477 bpf_error("unsupported index operation");
4478
5181struct arth *
5182gen_load(proto, index, size)
5183 int proto;
5184 struct arth *index;
5185 int size;
5186{
5187 struct slist *s, *tmp;
5188 struct block *b;
5189 int regno = alloc_reg();
5190
5191 free_reg(index->regno);
5192 switch (size) {
5193
5194 default:
5195 bpf_error("data size must be 1, 2, or 4");
5196
5197 case 1:
5198 size = BPF_B;
5199 break;
5200
5201 case 2:
5202 size = BPF_H;
5203 break;
5204
5205 case 4:
5206 size = BPF_W;
5207 break;
5208 }
5209 switch (proto) {
5210 default:
5211 bpf_error("unsupported index operation");
5212
5213 case Q_RADIO:
5214 /*
5215 * The offset is relative to the beginning of the packet
5216 * data, if we have a radio header. (If we don't, this
5217 * is an error.)
5218 */
5219 if (linktype != DLT_IEEE802_11_RADIO_AVS &&
5220 linktype != DLT_IEEE802_11_RADIO &&
5221 linktype != DLT_PRISM_HEADER)
5222 bpf_error("radio information not present in capture");
5223
5224 /*
5225 * Load into the X register the offset computed into the
5226 * register specifed by "index".
5227 */
5228 s = xfer_to_x(index);
5229
5230 /*
5231 * Load the item at that offset.
5232 */
5233 tmp = new_stmt(BPF_LD|BPF_IND|size);
5234 sappend(s, tmp);
5235 sappend(index->s, s);
5236 break;
5237
4479 case Q_LINK:
4480 /*
5238 case Q_LINK:
5239 /*
5240 * The offset is relative to the beginning of
5241 * the link-layer header.
5242 *
4481 * XXX - what about ATM LANE? Should the index be
4482 * relative to the beginning of the AAL5 frame, so
4483 * that 0 refers to the beginning of the LE Control
4484 * field, or relative to the beginning of the LAN
4485 * frame, so that 0 refers, for Ethernet LANE, to
4486 * the beginning of the destination address?
4487 */
5243 * XXX - what about ATM LANE? Should the index be
5244 * relative to the beginning of the AAL5 frame, so
5245 * that 0 refers to the beginning of the LE Control
5246 * field, or relative to the beginning of the LAN
5247 * frame, so that 0 refers, for Ethernet LANE, to
5248 * the beginning of the destination address?
5249 */
4488 s = xfer_to_x(index);
5250 s = gen_llprefixlen();
5251
5252 /*
5253 * If "s" is non-null, it has code to arrange that the
5254 * X register contains the length of the prefix preceding
5255 * the link-layer header. Add to it the offset computed
5256 * into the register specified by "index", and move that
5257 * into the X register. Otherwise, just load into the X
5258 * register the offset computed into the register specifed
5259 * by "index".
5260 */
5261 if (s != NULL) {
5262 sappend(s, xfer_to_a(index));
5263 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X));
5264 sappend(s, new_stmt(BPF_MISC|BPF_TAX));
5265 } else
5266 s = xfer_to_x(index);
5267
5268 /*
5269 * Load the item at the sum of the offset we've put in the
5270 * X register and the offset of the start of the link
5271 * layer header (which is 0 if the radio header is
5272 * variable-length; that header length is what we put
5273 * into the X register and then added to the index).
5274 */
4489 tmp = new_stmt(BPF_LD|BPF_IND|size);
5275 tmp = new_stmt(BPF_LD|BPF_IND|size);
5276 tmp->s.k = off_ll;
4490 sappend(s, tmp);
4491 sappend(index->s, s);
4492 break;
4493
4494 case Q_IP:
4495 case Q_ARP:
4496 case Q_RARP:
4497 case Q_ATALK:
4498 case Q_DECNET:
4499 case Q_SCA:
4500 case Q_LAT:
4501 case Q_MOPRC:
4502 case Q_MOPDL:
4503#ifdef INET6
4504 case Q_IPV6:
4505#endif
5277 sappend(s, tmp);
5278 sappend(index->s, s);
5279 break;
5280
5281 case Q_IP:
5282 case Q_ARP:
5283 case Q_RARP:
5284 case Q_ATALK:
5285 case Q_DECNET:
5286 case Q_SCA:
5287 case Q_LAT:
5288 case Q_MOPRC:
5289 case Q_MOPDL:
5290#ifdef INET6
5291 case Q_IPV6:
5292#endif
4506 /* XXX Note that we assume a fixed link header here. */
4507 s = xfer_to_x(index);
5293 /*
5294 * The offset is relative to the beginning of
5295 * the network-layer header.
5296 * XXX - are there any cases where we want
5297 * off_nl_nosnap?
5298 */
5299 s = gen_llprefixlen();
5300
5301 /*
5302 * If "s" is non-null, it has code to arrange that the
5303 * X register contains the length of the prefix preceding
5304 * the link-layer header. Add to it the offset computed
5305 * into the register specified by "index", and move that
5306 * into the X register. Otherwise, just load into the X
5307 * register the offset computed into the register specifed
5308 * by "index".
5309 */
5310 if (s != NULL) {
5311 sappend(s, xfer_to_a(index));
5312 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X));
5313 sappend(s, new_stmt(BPF_MISC|BPF_TAX));
5314 } else
5315 s = xfer_to_x(index);
5316
5317 /*
5318 * Load the item at the sum of the offset we've put in the
5319 * X register and the offset of the start of the network
5320 * layer header.
5321 */
4508 tmp = new_stmt(BPF_LD|BPF_IND|size);
4509 tmp->s.k = off_nl;
4510 sappend(s, tmp);
4511 sappend(index->s, s);
4512
5322 tmp = new_stmt(BPF_LD|BPF_IND|size);
5323 tmp->s.k = off_nl;
5324 sappend(s, tmp);
5325 sappend(index->s, s);
5326
5327 /*
5328 * Do the computation only if the packet contains
5329 * the protocol in question.
5330 */
4513 b = gen_proto_abbrev(proto);
4514 if (index->b)
4515 gen_and(index->b, b);
4516 index->b = b;
4517 break;
4518
4519 case Q_SCTP:
4520 case Q_TCP:
4521 case Q_UDP:
4522 case Q_ICMP:
4523 case Q_IGMP:
4524 case Q_IGRP:
4525 case Q_PIM:
4526 case Q_VRRP:
5331 b = gen_proto_abbrev(proto);
5332 if (index->b)
5333 gen_and(index->b, b);
5334 index->b = b;
5335 break;
5336
5337 case Q_SCTP:
5338 case Q_TCP:
5339 case Q_UDP:
5340 case Q_ICMP:
5341 case Q_IGMP:
5342 case Q_IGRP:
5343 case Q_PIM:
5344 case Q_VRRP:
4527 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
4528 s->s.k = off_nl;
5345 /*
5346 * The offset is relative to the beginning of
5347 * the transport-layer header.
5348 * XXX - are there any cases where we want
5349 * off_nl_nosnap?
5350 * XXX - we should, if we're built with
5351 * IPv6 support, generate code to load either
5352 * IPv4, IPv6, or both, as appropriate.
5353 */
5354 s = gen_loadx_iphdrlen();
5355
5356 /*
5357 * The X register now contains the sum of the offset
5358 * of the beginning of the link-layer header and
5359 * the length of the network-layer header. Load
5360 * into the A register the offset relative to
5361 * the beginning of the transport layer header,
5362 * add the X register to that, move that to the
5363 * X register, and load with an offset from the
5364 * X register equal to the offset of the network
5365 * layer header relative to the beginning of
5366 * the link-layer header.
5367 */
4529 sappend(s, xfer_to_a(index));
4530 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X));
4531 sappend(s, new_stmt(BPF_MISC|BPF_TAX));
4532 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size));
4533 tmp->s.k = off_nl;
4534 sappend(index->s, s);
4535
5368 sappend(s, xfer_to_a(index));
5369 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X));
5370 sappend(s, new_stmt(BPF_MISC|BPF_TAX));
5371 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size));
5372 tmp->s.k = off_nl;
5373 sappend(index->s, s);
5374
5375 /*
5376 * Do the computation only if the packet contains
5377 * the protocol in question - which is true only
5378 * if this is an IP datagram and is the first or
5379 * only fragment of that datagram.
5380 */
4536 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag());
4537 if (index->b)
4538 gen_and(index->b, b);
4539#ifdef INET6
4540 gen_and(gen_proto_abbrev(Q_IP), b);
4541#endif
4542 index->b = b;
4543 break;
4544#ifdef INET6
4545 case Q_ICMPV6:
4546 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]");
4547 /*NOTREACHED*/
4548#endif
4549 }
4550 index->regno = regno;
4551 s = new_stmt(BPF_ST);
4552 s->s.k = regno;
4553 sappend(index->s, s);
4554
4555 return index;
4556}
4557
4558struct block *
4559gen_relation(code, a0, a1, reversed)
4560 int code;
4561 struct arth *a0, *a1;
4562 int reversed;
4563{
4564 struct slist *s0, *s1, *s2;
4565 struct block *b, *tmp;
4566
4567 s0 = xfer_to_x(a1);
4568 s1 = xfer_to_a(a0);
4569 if (code == BPF_JEQ) {
4570 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X);
4571 b = new_block(JMP(code));
4572 sappend(s1, s2);
4573 }
4574 else
4575 b = new_block(BPF_JMP|code|BPF_X);
4576 if (reversed)
4577 gen_not(b);
4578
4579 sappend(s0, s1);
4580 sappend(a1->s, s0);
4581 sappend(a0->s, a1->s);
4582
4583 b->stmts = a0->s;
4584
4585 free_reg(a0->regno);
4586 free_reg(a1->regno);
4587
4588 /* 'and' together protocol checks */
4589 if (a0->b) {
4590 if (a1->b) {
4591 gen_and(a0->b, tmp = a1->b);
4592 }
4593 else
4594 tmp = a0->b;
4595 } else
4596 tmp = a1->b;
4597
4598 if (tmp)
4599 gen_and(tmp, b);
4600
4601 return b;
4602}
4603
4604struct arth *
4605gen_loadlen()
4606{
4607 int regno = alloc_reg();
4608 struct arth *a = (struct arth *)newchunk(sizeof(*a));
4609 struct slist *s;
4610
4611 s = new_stmt(BPF_LD|BPF_LEN);
4612 s->next = new_stmt(BPF_ST);
4613 s->next->s.k = regno;
4614 a->s = s;
4615 a->regno = regno;
4616
4617 return a;
4618}
4619
4620struct arth *
4621gen_loadi(val)
4622 int val;
4623{
4624 struct arth *a;
4625 struct slist *s;
4626 int reg;
4627
4628 a = (struct arth *)newchunk(sizeof(*a));
4629
4630 reg = alloc_reg();
4631
4632 s = new_stmt(BPF_LD|BPF_IMM);
4633 s->s.k = val;
4634 s->next = new_stmt(BPF_ST);
4635 s->next->s.k = reg;
4636 a->s = s;
4637 a->regno = reg;
4638
4639 return a;
4640}
4641
4642struct arth *
4643gen_neg(a)
4644 struct arth *a;
4645{
4646 struct slist *s;
4647
4648 s = xfer_to_a(a);
4649 sappend(a->s, s);
4650 s = new_stmt(BPF_ALU|BPF_NEG);
4651 s->s.k = 0;
4652 sappend(a->s, s);
4653 s = new_stmt(BPF_ST);
4654 s->s.k = a->regno;
4655 sappend(a->s, s);
4656
4657 return a;
4658}
4659
4660struct arth *
4661gen_arth(code, a0, a1)
4662 int code;
4663 struct arth *a0, *a1;
4664{
4665 struct slist *s0, *s1, *s2;
4666
4667 s0 = xfer_to_x(a1);
4668 s1 = xfer_to_a(a0);
4669 s2 = new_stmt(BPF_ALU|BPF_X|code);
4670
4671 sappend(s1, s2);
4672 sappend(s0, s1);
4673 sappend(a1->s, s0);
4674 sappend(a0->s, a1->s);
4675
4676 free_reg(a0->regno);
4677 free_reg(a1->regno);
4678
4679 s0 = new_stmt(BPF_ST);
4680 a0->regno = s0->s.k = alloc_reg();
4681 sappend(a0->s, s0);
4682
4683 return a0;
4684}
4685
4686/*
4687 * Here we handle simple allocation of the scratch registers.
4688 * If too many registers are alloc'd, the allocator punts.
4689 */
4690static int regused[BPF_MEMWORDS];
4691static int curreg;
4692
4693/*
4694 * Return the next free register.
4695 */
4696static int
4697alloc_reg()
4698{
4699 int n = BPF_MEMWORDS;
4700
4701 while (--n >= 0) {
4702 if (regused[curreg])
4703 curreg = (curreg + 1) % BPF_MEMWORDS;
4704 else {
4705 regused[curreg] = 1;
4706 return curreg;
4707 }
4708 }
4709 bpf_error("too many registers needed to evaluate expression");
4710 /* NOTREACHED */
4711}
4712
4713/*
4714 * Return a register to the table so it can
4715 * be used later.
4716 */
4717static void
4718free_reg(n)
4719 int n;
4720{
4721 regused[n] = 0;
4722}
4723
4724static struct block *
4725gen_len(jmp, n)
4726 int jmp, n;
4727{
4728 struct slist *s;
4729 struct block *b;
4730
4731 s = new_stmt(BPF_LD|BPF_LEN);
4732 b = new_block(JMP(jmp));
4733 b->stmts = s;
4734 b->s.k = n;
4735
4736 return b;
4737}
4738
4739struct block *
4740gen_greater(n)
4741 int n;
4742{
4743 return gen_len(BPF_JGE, n);
4744}
4745
4746/*
4747 * Actually, this is less than or equal.
4748 */
4749struct block *
4750gen_less(n)
4751 int n;
4752{
4753 struct block *b;
4754
4755 b = gen_len(BPF_JGT, n);
4756 gen_not(b);
4757
4758 return b;
4759}
4760
5381 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag());
5382 if (index->b)
5383 gen_and(index->b, b);
5384#ifdef INET6
5385 gen_and(gen_proto_abbrev(Q_IP), b);
5386#endif
5387 index->b = b;
5388 break;
5389#ifdef INET6
5390 case Q_ICMPV6:
5391 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]");
5392 /*NOTREACHED*/
5393#endif
5394 }
5395 index->regno = regno;
5396 s = new_stmt(BPF_ST);
5397 s->s.k = regno;
5398 sappend(index->s, s);
5399
5400 return index;
5401}
5402
5403struct block *
5404gen_relation(code, a0, a1, reversed)
5405 int code;
5406 struct arth *a0, *a1;
5407 int reversed;
5408{
5409 struct slist *s0, *s1, *s2;
5410 struct block *b, *tmp;
5411
5412 s0 = xfer_to_x(a1);
5413 s1 = xfer_to_a(a0);
5414 if (code == BPF_JEQ) {
5415 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X);
5416 b = new_block(JMP(code));
5417 sappend(s1, s2);
5418 }
5419 else
5420 b = new_block(BPF_JMP|code|BPF_X);
5421 if (reversed)
5422 gen_not(b);
5423
5424 sappend(s0, s1);
5425 sappend(a1->s, s0);
5426 sappend(a0->s, a1->s);
5427
5428 b->stmts = a0->s;
5429
5430 free_reg(a0->regno);
5431 free_reg(a1->regno);
5432
5433 /* 'and' together protocol checks */
5434 if (a0->b) {
5435 if (a1->b) {
5436 gen_and(a0->b, tmp = a1->b);
5437 }
5438 else
5439 tmp = a0->b;
5440 } else
5441 tmp = a1->b;
5442
5443 if (tmp)
5444 gen_and(tmp, b);
5445
5446 return b;
5447}
5448
5449struct arth *
5450gen_loadlen()
5451{
5452 int regno = alloc_reg();
5453 struct arth *a = (struct arth *)newchunk(sizeof(*a));
5454 struct slist *s;
5455
5456 s = new_stmt(BPF_LD|BPF_LEN);
5457 s->next = new_stmt(BPF_ST);
5458 s->next->s.k = regno;
5459 a->s = s;
5460 a->regno = regno;
5461
5462 return a;
5463}
5464
5465struct arth *
5466gen_loadi(val)
5467 int val;
5468{
5469 struct arth *a;
5470 struct slist *s;
5471 int reg;
5472
5473 a = (struct arth *)newchunk(sizeof(*a));
5474
5475 reg = alloc_reg();
5476
5477 s = new_stmt(BPF_LD|BPF_IMM);
5478 s->s.k = val;
5479 s->next = new_stmt(BPF_ST);
5480 s->next->s.k = reg;
5481 a->s = s;
5482 a->regno = reg;
5483
5484 return a;
5485}
5486
5487struct arth *
5488gen_neg(a)
5489 struct arth *a;
5490{
5491 struct slist *s;
5492
5493 s = xfer_to_a(a);
5494 sappend(a->s, s);
5495 s = new_stmt(BPF_ALU|BPF_NEG);
5496 s->s.k = 0;
5497 sappend(a->s, s);
5498 s = new_stmt(BPF_ST);
5499 s->s.k = a->regno;
5500 sappend(a->s, s);
5501
5502 return a;
5503}
5504
5505struct arth *
5506gen_arth(code, a0, a1)
5507 int code;
5508 struct arth *a0, *a1;
5509{
5510 struct slist *s0, *s1, *s2;
5511
5512 s0 = xfer_to_x(a1);
5513 s1 = xfer_to_a(a0);
5514 s2 = new_stmt(BPF_ALU|BPF_X|code);
5515
5516 sappend(s1, s2);
5517 sappend(s0, s1);
5518 sappend(a1->s, s0);
5519 sappend(a0->s, a1->s);
5520
5521 free_reg(a0->regno);
5522 free_reg(a1->regno);
5523
5524 s0 = new_stmt(BPF_ST);
5525 a0->regno = s0->s.k = alloc_reg();
5526 sappend(a0->s, s0);
5527
5528 return a0;
5529}
5530
5531/*
5532 * Here we handle simple allocation of the scratch registers.
5533 * If too many registers are alloc'd, the allocator punts.
5534 */
5535static int regused[BPF_MEMWORDS];
5536static int curreg;
5537
5538/*
5539 * Return the next free register.
5540 */
5541static int
5542alloc_reg()
5543{
5544 int n = BPF_MEMWORDS;
5545
5546 while (--n >= 0) {
5547 if (regused[curreg])
5548 curreg = (curreg + 1) % BPF_MEMWORDS;
5549 else {
5550 regused[curreg] = 1;
5551 return curreg;
5552 }
5553 }
5554 bpf_error("too many registers needed to evaluate expression");
5555 /* NOTREACHED */
5556}
5557
5558/*
5559 * Return a register to the table so it can
5560 * be used later.
5561 */
5562static void
5563free_reg(n)
5564 int n;
5565{
5566 regused[n] = 0;
5567}
5568
5569static struct block *
5570gen_len(jmp, n)
5571 int jmp, n;
5572{
5573 struct slist *s;
5574 struct block *b;
5575
5576 s = new_stmt(BPF_LD|BPF_LEN);
5577 b = new_block(JMP(jmp));
5578 b->stmts = s;
5579 b->s.k = n;
5580
5581 return b;
5582}
5583
5584struct block *
5585gen_greater(n)
5586 int n;
5587{
5588 return gen_len(BPF_JGE, n);
5589}
5590
5591/*
5592 * Actually, this is less than or equal.
5593 */
5594struct block *
5595gen_less(n)
5596 int n;
5597{
5598 struct block *b;
5599
5600 b = gen_len(BPF_JGT, n);
5601 gen_not(b);
5602
5603 return b;
5604}
5605
5606/*
5607 * This is for "byte {idx} {op} {val}"; "idx" is treated as relative to
5608 * the beginning of the link-layer header.
5609 * XXX - that means you can't test values in the radiotap header, but
5610 * as that header is difficult if not impossible to parse generally
5611 * without a loop, that might not be a severe problem. A new keyword
5612 * "radio" could be added for that, although what you'd really want
5613 * would be a way of testing particular radio header values, which
5614 * would generate code appropriate to the radio header in question.
5615 */
4761struct block *
4762gen_byteop(op, idx, val)
4763 int op, idx, val;
4764{
4765 struct block *b;
4766 struct slist *s;
4767
4768 switch (op) {
4769 default:
4770 abort();
4771
4772 case '=':
5616struct block *
5617gen_byteop(op, idx, val)
5618 int op, idx, val;
5619{
5620 struct block *b;
5621 struct slist *s;
5622
5623 switch (op) {
5624 default:
5625 abort();
5626
5627 case '=':
4773 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
5628 return gen_cmp(OR_LINK, (u_int)idx, BPF_B, (bpf_int32)val);
4774
4775 case '<':
5629
5630 case '<':
4776 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
4777 b->s.code = JMP(BPF_JGE);
4778 gen_not(b);
5631 b = gen_cmp_lt(OR_LINK, (u_int)idx, BPF_B, (bpf_int32)val);
4779 return b;
4780
4781 case '>':
5632 return b;
5633
5634 case '>':
4782 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
4783 b->s.code = JMP(BPF_JGT);
5635 b = gen_cmp_gt(OR_LINK, (u_int)idx, BPF_B, (bpf_int32)val);
4784 return b;
4785
4786 case '|':
4787 s = new_stmt(BPF_ALU|BPF_OR|BPF_K);
4788 break;
4789
4790 case '&':
4791 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
4792 break;
4793 }
4794 s->s.k = val;
4795 b = new_block(JMP(BPF_JEQ));
4796 b->stmts = s;
4797 gen_not(b);
4798
4799 return b;
4800}
4801
4802static u_char abroadcast[] = { 0x0 };
4803
4804struct block *
4805gen_broadcast(proto)
4806 int proto;
4807{
4808 bpf_u_int32 hostmask;
4809 struct block *b0, *b1, *b2;
4810 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
4811
4812 switch (proto) {
4813
4814 case Q_DEFAULT:
4815 case Q_LINK:
4816 if (linktype == DLT_ARCNET || linktype == DLT_ARCNET_LINUX)
4817 return gen_ahostop(abroadcast, Q_DST);
4818 if (linktype == DLT_EN10MB)
4819 return gen_ehostop(ebroadcast, Q_DST);
4820 if (linktype == DLT_FDDI)
4821 return gen_fhostop(ebroadcast, Q_DST);
4822 if (linktype == DLT_IEEE802)
4823 return gen_thostop(ebroadcast, Q_DST);
5636 return b;
5637
5638 case '|':
5639 s = new_stmt(BPF_ALU|BPF_OR|BPF_K);
5640 break;
5641
5642 case '&':
5643 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
5644 break;
5645 }
5646 s->s.k = val;
5647 b = new_block(JMP(BPF_JEQ));
5648 b->stmts = s;
5649 gen_not(b);
5650
5651 return b;
5652}
5653
5654static u_char abroadcast[] = { 0x0 };
5655
5656struct block *
5657gen_broadcast(proto)
5658 int proto;
5659{
5660 bpf_u_int32 hostmask;
5661 struct block *b0, *b1, *b2;
5662 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
5663
5664 switch (proto) {
5665
5666 case Q_DEFAULT:
5667 case Q_LINK:
5668 if (linktype == DLT_ARCNET || linktype == DLT_ARCNET_LINUX)
5669 return gen_ahostop(abroadcast, Q_DST);
5670 if (linktype == DLT_EN10MB)
5671 return gen_ehostop(ebroadcast, Q_DST);
5672 if (linktype == DLT_FDDI)
5673 return gen_fhostop(ebroadcast, Q_DST);
5674 if (linktype == DLT_IEEE802)
5675 return gen_thostop(ebroadcast, Q_DST);
4824 if (linktype == DLT_IEEE802_11)
5676 if (linktype == DLT_IEEE802_11 ||
5677 linktype == DLT_IEEE802_11_RADIO_AVS ||
5678 linktype == DLT_IEEE802_11_RADIO ||
5679 linktype == DLT_PRISM_HEADER)
4825 return gen_wlanhostop(ebroadcast, Q_DST);
4826 if (linktype == DLT_IP_OVER_FC)
4827 return gen_ipfchostop(ebroadcast, Q_DST);
4828 if (linktype == DLT_SUNATM && is_lane) {
4829 /*
4830 * Check that the packet doesn't begin with an
4831 * LE Control marker. (We've already generated
4832 * a test for LANE.)
4833 */
5680 return gen_wlanhostop(ebroadcast, Q_DST);
5681 if (linktype == DLT_IP_OVER_FC)
5682 return gen_ipfchostop(ebroadcast, Q_DST);
5683 if (linktype == DLT_SUNATM && is_lane) {
5684 /*
5685 * Check that the packet doesn't begin with an
5686 * LE Control marker. (We've already generated
5687 * a test for LANE.)
5688 */
4834 b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
5689 b1 = gen_cmp(OR_LINK, SUNATM_PKT_BEGIN_POS, BPF_H,
5690 0xFF00);
4835 gen_not(b1);
4836
4837 /*
4838 * Now check the MAC address.
4839 */
4840 b0 = gen_ehostop(ebroadcast, Q_DST);
4841 gen_and(b1, b0);
4842 return b0;
4843 }
4844 bpf_error("not a broadcast link");
4845 break;
4846
4847 case Q_IP:
4848 b0 = gen_linktype(ETHERTYPE_IP);
4849 hostmask = ~netmask;
5691 gen_not(b1);
5692
5693 /*
5694 * Now check the MAC address.
5695 */
5696 b0 = gen_ehostop(ebroadcast, Q_DST);
5697 gen_and(b1, b0);
5698 return b0;
5699 }
5700 bpf_error("not a broadcast link");
5701 break;
5702
5703 case Q_IP:
5704 b0 = gen_linktype(ETHERTYPE_IP);
5705 hostmask = ~netmask;
4850 b1 = gen_mcmp(off_nl + 16, BPF_W, (bpf_int32)0, hostmask);
4851 b2 = gen_mcmp(off_nl + 16, BPF_W,
5706 b1 = gen_mcmp(OR_NET, 16, BPF_W, (bpf_int32)0, hostmask);
5707 b2 = gen_mcmp(OR_NET, 16, BPF_W,
4852 (bpf_int32)(~0 & hostmask), hostmask);
4853 gen_or(b1, b2);
4854 gen_and(b0, b2);
4855 return b2;
4856 }
4857 bpf_error("only link-layer/IP broadcast filters supported");
4858 /* NOTREACHED */
4859}
4860
4861/*
4862 * Generate code to test the low-order bit of a MAC address (that's
4863 * the bottom bit of the *first* byte).
4864 */
4865static struct block *
4866gen_mac_multicast(offset)
4867 int offset;
4868{
4869 register struct block *b0;
4870 register struct slist *s;
4871
4872 /* link[offset] & 1 != 0 */
5708 (bpf_int32)(~0 & hostmask), hostmask);
5709 gen_or(b1, b2);
5710 gen_and(b0, b2);
5711 return b2;
5712 }
5713 bpf_error("only link-layer/IP broadcast filters supported");
5714 /* NOTREACHED */
5715}
5716
5717/*
5718 * Generate code to test the low-order bit of a MAC address (that's
5719 * the bottom bit of the *first* byte).
5720 */
5721static struct block *
5722gen_mac_multicast(offset)
5723 int offset;
5724{
5725 register struct block *b0;
5726 register struct slist *s;
5727
5728 /* link[offset] & 1 != 0 */
4873 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4874 s->s.k = offset;
5729 s = gen_load_a(OR_LINK, offset, BPF_B);
4875 b0 = new_block(JMP(BPF_JSET));
4876 b0->s.k = 1;
4877 b0->stmts = s;
4878 return b0;
4879}
4880
4881struct block *
4882gen_multicast(proto)
4883 int proto;
4884{
4885 register struct block *b0, *b1, *b2;
4886 register struct slist *s;
4887
4888 switch (proto) {
4889
4890 case Q_DEFAULT:
4891 case Q_LINK:
4892 if (linktype == DLT_ARCNET || linktype == DLT_ARCNET_LINUX)
4893 /* all ARCnet multicasts use the same address */
4894 return gen_ahostop(abroadcast, Q_DST);
4895
4896 if (linktype == DLT_EN10MB) {
4897 /* ether[0] & 1 != 0 */
4898 return gen_mac_multicast(0);
4899 }
4900
4901 if (linktype == DLT_FDDI) {
4902 /*
4903 * XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX
4904 *
4905 * XXX - was that referring to bit-order issues?
4906 */
4907 /* fddi[1] & 1 != 0 */
4908 return gen_mac_multicast(1);
4909 }
4910
4911 if (linktype == DLT_IEEE802) {
4912 /* tr[2] & 1 != 0 */
4913 return gen_mac_multicast(2);
4914 }
4915
5730 b0 = new_block(JMP(BPF_JSET));
5731 b0->s.k = 1;
5732 b0->stmts = s;
5733 return b0;
5734}
5735
5736struct block *
5737gen_multicast(proto)
5738 int proto;
5739{
5740 register struct block *b0, *b1, *b2;
5741 register struct slist *s;
5742
5743 switch (proto) {
5744
5745 case Q_DEFAULT:
5746 case Q_LINK:
5747 if (linktype == DLT_ARCNET || linktype == DLT_ARCNET_LINUX)
5748 /* all ARCnet multicasts use the same address */
5749 return gen_ahostop(abroadcast, Q_DST);
5750
5751 if (linktype == DLT_EN10MB) {
5752 /* ether[0] & 1 != 0 */
5753 return gen_mac_multicast(0);
5754 }
5755
5756 if (linktype == DLT_FDDI) {
5757 /*
5758 * XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX
5759 *
5760 * XXX - was that referring to bit-order issues?
5761 */
5762 /* fddi[1] & 1 != 0 */
5763 return gen_mac_multicast(1);
5764 }
5765
5766 if (linktype == DLT_IEEE802) {
5767 /* tr[2] & 1 != 0 */
5768 return gen_mac_multicast(2);
5769 }
5770
4916 if (linktype == DLT_IEEE802_11) {
5771 if (linktype == DLT_IEEE802_11 ||
5772 linktype == DLT_IEEE802_11_RADIO_AVS ||
5773 linktype == DLT_IEEE802_11_RADIO ||
5774 linktype == DLT_PRISM_HEADER) {
4917 /*
4918 * Oh, yuk.
4919 *
4920 * For control frames, there is no DA.
4921 *
4922 * For management frames, DA is at an
4923 * offset of 4 from the beginning of
4924 * the packet.
4925 *
4926 * For data frames, DA is at an offset
4927 * of 4 from the beginning of the packet
4928 * if To DS is clear and at an offset of
4929 * 16 from the beginning of the packet
4930 * if To DS is set.
4931 */
4932
4933 /*
4934 * Generate the tests to be done for data frames.
4935 *
4936 * First, check for To DS set, i.e. "link[1] & 0x01".
4937 */
5775 /*
5776 * Oh, yuk.
5777 *
5778 * For control frames, there is no DA.
5779 *
5780 * For management frames, DA is at an
5781 * offset of 4 from the beginning of
5782 * the packet.
5783 *
5784 * For data frames, DA is at an offset
5785 * of 4 from the beginning of the packet
5786 * if To DS is clear and at an offset of
5787 * 16 from the beginning of the packet
5788 * if To DS is set.
5789 */
5790
5791 /*
5792 * Generate the tests to be done for data frames.
5793 *
5794 * First, check for To DS set, i.e. "link[1] & 0x01".
5795 */
4938 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4939 s->s.k = 1;
5796 s = gen_load_a(OR_LINK, 1, BPF_B);
4940 b1 = new_block(JMP(BPF_JSET));
4941 b1->s.k = 0x01; /* To DS */
4942 b1->stmts = s;
4943
4944 /*
4945 * If To DS is set, the DA is at 16.
4946 */
4947 b0 = gen_mac_multicast(16);
4948 gen_and(b1, b0);
4949
4950 /*
4951 * Now, check for To DS not set, i.e. check
4952 * "!(link[1] & 0x01)".
4953 */
5797 b1 = new_block(JMP(BPF_JSET));
5798 b1->s.k = 0x01; /* To DS */
5799 b1->stmts = s;
5800
5801 /*
5802 * If To DS is set, the DA is at 16.
5803 */
5804 b0 = gen_mac_multicast(16);
5805 gen_and(b1, b0);
5806
5807 /*
5808 * Now, check for To DS not set, i.e. check
5809 * "!(link[1] & 0x01)".
5810 */
4954 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4955 s->s.k = 1;
5811 s = gen_load_a(OR_LINK, 1, BPF_B);
4956 b2 = new_block(JMP(BPF_JSET));
4957 b2->s.k = 0x01; /* To DS */
4958 b2->stmts = s;
4959 gen_not(b2);
4960
4961 /*
4962 * If To DS is not set, the DA is at 4.
4963 */
4964 b1 = gen_mac_multicast(4);
4965 gen_and(b2, b1);
4966
4967 /*
4968 * Now OR together the last two checks. That gives
4969 * the complete set of checks for data frames.
4970 */
4971 gen_or(b1, b0);
4972
4973 /*
4974 * Now check for a data frame.
4975 * I.e, check "link[0] & 0x08".
4976 */
5812 b2 = new_block(JMP(BPF_JSET));
5813 b2->s.k = 0x01; /* To DS */
5814 b2->stmts = s;
5815 gen_not(b2);
5816
5817 /*
5818 * If To DS is not set, the DA is at 4.
5819 */
5820 b1 = gen_mac_multicast(4);
5821 gen_and(b2, b1);
5822
5823 /*
5824 * Now OR together the last two checks. That gives
5825 * the complete set of checks for data frames.
5826 */
5827 gen_or(b1, b0);
5828
5829 /*
5830 * Now check for a data frame.
5831 * I.e, check "link[0] & 0x08".
5832 */
4977 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4978 s->s.k = 0;
5833 s = gen_load_a(OR_LINK, 0, BPF_B);
4979 b1 = new_block(JMP(BPF_JSET));
4980 b1->s.k = 0x08;
4981 b1->stmts = s;
4982
4983 /*
4984 * AND that with the checks done for data frames.
4985 */
4986 gen_and(b1, b0);
4987
4988 /*
4989 * If the high-order bit of the type value is 0, this
4990 * is a management frame.
4991 * I.e, check "!(link[0] & 0x08)".
4992 */
5834 b1 = new_block(JMP(BPF_JSET));
5835 b1->s.k = 0x08;
5836 b1->stmts = s;
5837
5838 /*
5839 * AND that with the checks done for data frames.
5840 */
5841 gen_and(b1, b0);
5842
5843 /*
5844 * If the high-order bit of the type value is 0, this
5845 * is a management frame.
5846 * I.e, check "!(link[0] & 0x08)".
5847 */
4993 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
4994 s->s.k = 0;
5848 s = gen_load_a(OR_LINK, 0, BPF_B);
4995 b2 = new_block(JMP(BPF_JSET));
4996 b2->s.k = 0x08;
4997 b2->stmts = s;
4998 gen_not(b2);
4999
5000 /*
5001 * For management frames, the DA is at 4.
5002 */
5003 b1 = gen_mac_multicast(4);
5004 gen_and(b2, b1);
5005
5006 /*
5007 * OR that with the checks done for data frames.
5008 * That gives the checks done for management and
5009 * data frames.
5010 */
5011 gen_or(b1, b0);
5012
5013 /*
5014 * If the low-order bit of the type value is 1,
5015 * this is either a control frame or a frame
5016 * with a reserved type, and thus not a
5017 * frame with an SA.
5018 *
5019 * I.e., check "!(link[0] & 0x04)".
5020 */
5849 b2 = new_block(JMP(BPF_JSET));
5850 b2->s.k = 0x08;
5851 b2->stmts = s;
5852 gen_not(b2);
5853
5854 /*
5855 * For management frames, the DA is at 4.
5856 */
5857 b1 = gen_mac_multicast(4);
5858 gen_and(b2, b1);
5859
5860 /*
5861 * OR that with the checks done for data frames.
5862 * That gives the checks done for management and
5863 * data frames.
5864 */
5865 gen_or(b1, b0);
5866
5867 /*
5868 * If the low-order bit of the type value is 1,
5869 * this is either a control frame or a frame
5870 * with a reserved type, and thus not a
5871 * frame with an SA.
5872 *
5873 * I.e., check "!(link[0] & 0x04)".
5874 */
5021 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
5022 s->s.k = 0;
5875 s = gen_load_a(OR_LINK, 0, BPF_B);
5023 b1 = new_block(JMP(BPF_JSET));
5024 b1->s.k = 0x04;
5025 b1->stmts = s;
5026 gen_not(b1);
5027
5028 /*
5029 * AND that with the checks for data and management
5030 * frames.
5031 */
5032 gen_and(b1, b0);
5033 return b0;
5034 }
5035
5036 if (linktype == DLT_IP_OVER_FC) {
5037 b0 = gen_mac_multicast(2);
5038 return b0;
5039 }
5040
5041 if (linktype == DLT_SUNATM && is_lane) {
5042 /*
5043 * Check that the packet doesn't begin with an
5044 * LE Control marker. (We've already generated
5045 * a test for LANE.)
5046 */
5876 b1 = new_block(JMP(BPF_JSET));
5877 b1->s.k = 0x04;
5878 b1->stmts = s;
5879 gen_not(b1);
5880
5881 /*
5882 * AND that with the checks for data and management
5883 * frames.
5884 */
5885 gen_and(b1, b0);
5886 return b0;
5887 }
5888
5889 if (linktype == DLT_IP_OVER_FC) {
5890 b0 = gen_mac_multicast(2);
5891 return b0;
5892 }
5893
5894 if (linktype == DLT_SUNATM && is_lane) {
5895 /*
5896 * Check that the packet doesn't begin with an
5897 * LE Control marker. (We've already generated
5898 * a test for LANE.)
5899 */
5047 b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
5900 b1 = gen_cmp(OR_LINK, SUNATM_PKT_BEGIN_POS, BPF_H,
5901 0xFF00);
5048 gen_not(b1);
5049
5050 /* ether[off_mac] & 1 != 0 */
5051 b0 = gen_mac_multicast(off_mac);
5052 gen_and(b1, b0);
5053 return b0;
5054 }
5055
5056 /* Link not known to support multicasts */
5057 break;
5058
5059 case Q_IP:
5060 b0 = gen_linktype(ETHERTYPE_IP);
5902 gen_not(b1);
5903
5904 /* ether[off_mac] & 1 != 0 */
5905 b0 = gen_mac_multicast(off_mac);
5906 gen_and(b1, b0);
5907 return b0;
5908 }
5909
5910 /* Link not known to support multicasts */
5911 break;
5912
5913 case Q_IP:
5914 b0 = gen_linktype(ETHERTYPE_IP);
5061 b1 = gen_cmp(off_nl + 16, BPF_B, (bpf_int32)224);
5062 b1->s.code = JMP(BPF_JGE);
5915 b1 = gen_cmp_ge(OR_NET, 16, BPF_B, (bpf_int32)224);
5063 gen_and(b0, b1);
5064 return b1;
5065
5066#ifdef INET6
5067 case Q_IPV6:
5068 b0 = gen_linktype(ETHERTYPE_IPV6);
5916 gen_and(b0, b1);
5917 return b1;
5918
5919#ifdef INET6
5920 case Q_IPV6:
5921 b0 = gen_linktype(ETHERTYPE_IPV6);
5069 b1 = gen_cmp(off_nl + 24, BPF_B, (bpf_int32)255);
5922 b1 = gen_cmp(OR_NET, 24, BPF_B, (bpf_int32)255);
5070 gen_and(b0, b1);
5071 return b1;
5072#endif /* INET6 */
5073 }
5074 bpf_error("link-layer multicast filters supported only on ethernet/FDDI/token ring/ARCNET/802.11/ATM LANE/Fibre Channel");
5075 /* NOTREACHED */
5076}
5077
5078/*
5079 * generate command for inbound/outbound. It's here so we can
5080 * make it link-type specific. 'dir' = 0 implies "inbound",
5081 * = 1 implies "outbound".
5082 */
5083struct block *
5084gen_inbound(dir)
5085 int dir;
5086{
5087 register struct block *b0;
5088
5089 /*
5090 * Only some data link types support inbound/outbound qualifiers.
5091 */
5092 switch (linktype) {
5093 case DLT_SLIP:
5094 b0 = gen_relation(BPF_JEQ,
5095 gen_load(Q_LINK, gen_loadi(0), 1),
5096 gen_loadi(0),
5097 dir);
5098 break;
5099
5100 case DLT_LINUX_SLL:
5101 if (dir) {
5102 /*
5103 * Match packets sent by this machine.
5104 */
5923 gen_and(b0, b1);
5924 return b1;
5925#endif /* INET6 */
5926 }
5927 bpf_error("link-layer multicast filters supported only on ethernet/FDDI/token ring/ARCNET/802.11/ATM LANE/Fibre Channel");
5928 /* NOTREACHED */
5929}
5930
5931/*
5932 * generate command for inbound/outbound. It's here so we can
5933 * make it link-type specific. 'dir' = 0 implies "inbound",
5934 * = 1 implies "outbound".
5935 */
5936struct block *
5937gen_inbound(dir)
5938 int dir;
5939{
5940 register struct block *b0;
5941
5942 /*
5943 * Only some data link types support inbound/outbound qualifiers.
5944 */
5945 switch (linktype) {
5946 case DLT_SLIP:
5947 b0 = gen_relation(BPF_JEQ,
5948 gen_load(Q_LINK, gen_loadi(0), 1),
5949 gen_loadi(0),
5950 dir);
5951 break;
5952
5953 case DLT_LINUX_SLL:
5954 if (dir) {
5955 /*
5956 * Match packets sent by this machine.
5957 */
5105 b0 = gen_cmp(0, BPF_H, LINUX_SLL_OUTGOING);
5958 b0 = gen_cmp(OR_LINK, 0, BPF_H, LINUX_SLL_OUTGOING);
5106 } else {
5107 /*
5108 * Match packets sent to this machine.
5109 * (No broadcast or multicast packets, or
5110 * packets sent to some other machine and
5111 * received promiscuously.)
5112 *
5113 * XXX - packets sent to other machines probably
5114 * shouldn't be matched, but what about broadcast
5115 * or multicast packets we received?
5116 */
5959 } else {
5960 /*
5961 * Match packets sent to this machine.
5962 * (No broadcast or multicast packets, or
5963 * packets sent to some other machine and
5964 * received promiscuously.)
5965 *
5966 * XXX - packets sent to other machines probably
5967 * shouldn't be matched, but what about broadcast
5968 * or multicast packets we received?
5969 */
5117 b0 = gen_cmp(0, BPF_H, LINUX_SLL_HOST);
5970 b0 = gen_cmp(OR_LINK, 0, BPF_H, LINUX_SLL_HOST);
5118 }
5119 break;
5120
5121 case DLT_PFLOG:
5971 }
5972 break;
5973
5974 case DLT_PFLOG:
5122 b0 = gen_cmp(offsetof(struct pfloghdr, dir), BPF_B,
5975 b0 = gen_cmp(OR_LINK, offsetof(struct pfloghdr, dir), BPF_B,
5123 (bpf_int32)((dir == 0) ? PF_IN : PF_OUT));
5124 break;
5125
5126 case DLT_PPP_PPPD:
5127 if (dir) {
5128 /* match outgoing packets */
5976 (bpf_int32)((dir == 0) ? PF_IN : PF_OUT));
5977 break;
5978
5979 case DLT_PPP_PPPD:
5980 if (dir) {
5981 /* match outgoing packets */
5129 b0 = gen_cmp(0, BPF_B, PPP_PPPD_OUT);
5982 b0 = gen_cmp(OR_LINK, 0, BPF_B, PPP_PPPD_OUT);
5130 } else {
5131 /* match incoming packets */
5983 } else {
5984 /* match incoming packets */
5132 b0 = gen_cmp(0, BPF_B, PPP_PPPD_IN);
5985 b0 = gen_cmp(OR_LINK, 0, BPF_B, PPP_PPPD_IN);
5133 }
5134 break;
5135
5136 case DLT_JUNIPER_MLFR:
5137 case DLT_JUNIPER_MLPPP:
5138 case DLT_JUNIPER_ATM1:
5139 case DLT_JUNIPER_ATM2:
5986 }
5987 break;
5988
5989 case DLT_JUNIPER_MLFR:
5990 case DLT_JUNIPER_MLPPP:
5991 case DLT_JUNIPER_ATM1:
5992 case DLT_JUNIPER_ATM2:
5993 case DLT_JUNIPER_PPPOE:
5994 case DLT_JUNIPER_PPPOE_ATM:
5995 case DLT_JUNIPER_GGSN:
5996 case DLT_JUNIPER_ES:
5997 case DLT_JUNIPER_MONITOR:
5998 case DLT_JUNIPER_SERVICES:
5140 /* juniper flags (including direction) are stored
5141 * the byte after the 3-byte magic number */
5142 if (dir) {
5143 /* match outgoing packets */
5999 /* juniper flags (including direction) are stored
6000 * the byte after the 3-byte magic number */
6001 if (dir) {
6002 /* match outgoing packets */
5144 b0 = gen_mcmp(3, BPF_B, 0, 0x01);
6003 b0 = gen_mcmp(OR_LINK, 3, BPF_B, 0, 0x01);
5145 } else {
5146 /* match incoming packets */
6004 } else {
6005 /* match incoming packets */
5147 b0 = gen_mcmp(3, BPF_B, 1, 0x01);
6006 b0 = gen_mcmp(OR_LINK, 3, BPF_B, 1, 0x01);
5148 }
5149 break;
5150
5151 default:
5152 bpf_error("inbound/outbound not supported on linktype %d",
5153 linktype);
5154 b0 = NULL;
5155 /* NOTREACHED */
5156 }
5157 return (b0);
5158}
5159
5160/* PF firewall log matched interface */
5161struct block *
5162gen_pf_ifname(const char *ifname)
5163{
5164 struct block *b0;
5165 u_int len, off;
5166
5167 if (linktype == DLT_PFLOG) {
5168 len = sizeof(((struct pfloghdr *)0)->ifname);
5169 off = offsetof(struct pfloghdr, ifname);
5170 } else {
5171 bpf_error("ifname not supported on linktype 0x%x", linktype);
5172 /* NOTREACHED */
5173 }
5174 if (strlen(ifname) >= len) {
5175 bpf_error("ifname interface names can only be %d characters",
5176 len-1);
5177 /* NOTREACHED */
5178 }
6007 }
6008 break;
6009
6010 default:
6011 bpf_error("inbound/outbound not supported on linktype %d",
6012 linktype);
6013 b0 = NULL;
6014 /* NOTREACHED */
6015 }
6016 return (b0);
6017}
6018
6019/* PF firewall log matched interface */
6020struct block *
6021gen_pf_ifname(const char *ifname)
6022{
6023 struct block *b0;
6024 u_int len, off;
6025
6026 if (linktype == DLT_PFLOG) {
6027 len = sizeof(((struct pfloghdr *)0)->ifname);
6028 off = offsetof(struct pfloghdr, ifname);
6029 } else {
6030 bpf_error("ifname not supported on linktype 0x%x", linktype);
6031 /* NOTREACHED */
6032 }
6033 if (strlen(ifname) >= len) {
6034 bpf_error("ifname interface names can only be %d characters",
6035 len-1);
6036 /* NOTREACHED */
6037 }
5179 b0 = gen_bcmp(off, strlen(ifname), (const u_char *)ifname);
6038 b0 = gen_bcmp(OR_LINK, off, strlen(ifname), (const u_char *)ifname);
5180 return (b0);
5181}
5182
5183/* PF firewall log matched interface */
5184struct block *
5185gen_pf_ruleset(char *ruleset)
5186{
5187 struct block *b0;
5188
5189 if (linktype != DLT_PFLOG) {
5190 bpf_error("ruleset not supported on linktype 0x%x", linktype);
5191 /* NOTREACHED */
5192 }
5193 if (strlen(ruleset) >= sizeof(((struct pfloghdr *)0)->ruleset)) {
5194 bpf_error("ruleset names can only be %ld characters",
5195 (long)(sizeof(((struct pfloghdr *)0)->ruleset) - 1));
5196 /* NOTREACHED */
5197 }
6039 return (b0);
6040}
6041
6042/* PF firewall log matched interface */
6043struct block *
6044gen_pf_ruleset(char *ruleset)
6045{
6046 struct block *b0;
6047
6048 if (linktype != DLT_PFLOG) {
6049 bpf_error("ruleset not supported on linktype 0x%x", linktype);
6050 /* NOTREACHED */
6051 }
6052 if (strlen(ruleset) >= sizeof(((struct pfloghdr *)0)->ruleset)) {
6053 bpf_error("ruleset names can only be %ld characters",
6054 (long)(sizeof(((struct pfloghdr *)0)->ruleset) - 1));
6055 /* NOTREACHED */
6056 }
5198 b0 = gen_bcmp(offsetof(struct pfloghdr, ruleset),
6057 b0 = gen_bcmp(OR_LINK, offsetof(struct pfloghdr, ruleset),
5199 strlen(ruleset), (const u_char *)ruleset);
5200 return (b0);
5201}
5202
5203/* PF firewall log rule number */
5204struct block *
5205gen_pf_rnr(int rnr)
5206{
5207 struct block *b0;
5208
5209 if (linktype == DLT_PFLOG) {
6058 strlen(ruleset), (const u_char *)ruleset);
6059 return (b0);
6060}
6061
6062/* PF firewall log rule number */
6063struct block *
6064gen_pf_rnr(int rnr)
6065{
6066 struct block *b0;
6067
6068 if (linktype == DLT_PFLOG) {
5210 b0 = gen_cmp(offsetof(struct pfloghdr, rulenr), BPF_W,
6069 b0 = gen_cmp(OR_LINK, offsetof(struct pfloghdr, rulenr), BPF_W,
5211 (bpf_int32)rnr);
5212 } else {
5213 bpf_error("rnr not supported on linktype 0x%x", linktype);
5214 /* NOTREACHED */
5215 }
5216
5217 return (b0);
5218}
5219
5220/* PF firewall log sub-rule number */
5221struct block *
5222gen_pf_srnr(int srnr)
5223{
5224 struct block *b0;
5225
5226 if (linktype != DLT_PFLOG) {
5227 bpf_error("srnr not supported on linktype 0x%x", linktype);
5228 /* NOTREACHED */
5229 }
5230
6070 (bpf_int32)rnr);
6071 } else {
6072 bpf_error("rnr not supported on linktype 0x%x", linktype);
6073 /* NOTREACHED */
6074 }
6075
6076 return (b0);
6077}
6078
6079/* PF firewall log sub-rule number */
6080struct block *
6081gen_pf_srnr(int srnr)
6082{
6083 struct block *b0;
6084
6085 if (linktype != DLT_PFLOG) {
6086 bpf_error("srnr not supported on linktype 0x%x", linktype);
6087 /* NOTREACHED */
6088 }
6089
5231 b0 = gen_cmp(offsetof(struct pfloghdr, subrulenr), BPF_W,
6090 b0 = gen_cmp(OR_LINK, offsetof(struct pfloghdr, subrulenr), BPF_W,
5232 (bpf_int32)srnr);
5233 return (b0);
5234}
5235
5236/* PF firewall log reason code */
5237struct block *
5238gen_pf_reason(int reason)
5239{
5240 struct block *b0;
5241
5242 if (linktype == DLT_PFLOG) {
6091 (bpf_int32)srnr);
6092 return (b0);
6093}
6094
6095/* PF firewall log reason code */
6096struct block *
6097gen_pf_reason(int reason)
6098{
6099 struct block *b0;
6100
6101 if (linktype == DLT_PFLOG) {
5243 b0 = gen_cmp(offsetof(struct pfloghdr, reason), BPF_B,
6102 b0 = gen_cmp(OR_LINK, offsetof(struct pfloghdr, reason), BPF_B,
5244 (bpf_int32)reason);
5245 } else {
5246 bpf_error("reason not supported on linktype 0x%x", linktype);
5247 /* NOTREACHED */
5248 }
5249
5250 return (b0);
5251}
5252
5253/* PF firewall log action */
5254struct block *
5255gen_pf_action(int action)
5256{
5257 struct block *b0;
5258
5259 if (linktype == DLT_PFLOG) {
6103 (bpf_int32)reason);
6104 } else {
6105 bpf_error("reason not supported on linktype 0x%x", linktype);
6106 /* NOTREACHED */
6107 }
6108
6109 return (b0);
6110}
6111
6112/* PF firewall log action */
6113struct block *
6114gen_pf_action(int action)
6115{
6116 struct block *b0;
6117
6118 if (linktype == DLT_PFLOG) {
5260 b0 = gen_cmp(offsetof(struct pfloghdr, action), BPF_B,
6119 b0 = gen_cmp(OR_LINK, offsetof(struct pfloghdr, action), BPF_B,
5261 (bpf_int32)action);
5262 } else {
5263 bpf_error("action not supported on linktype 0x%x", linktype);
5264 /* NOTREACHED */
5265 }
5266
5267 return (b0);
5268}
5269
5270struct block *
5271gen_acode(eaddr, q)
5272 register const u_char *eaddr;
5273 struct qual q;
5274{
5275 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
5276 if (linktype == DLT_ARCNET || linktype == DLT_ARCNET_LINUX)
5277 return gen_ahostop(eaddr, (int)q.dir);
5278 }
5279 bpf_error("ARCnet address used in non-arc expression");
5280 /* NOTREACHED */
5281}
5282
5283static struct block *
5284gen_ahostop(eaddr, dir)
5285 register const u_char *eaddr;
5286 register int dir;
5287{
5288 register struct block *b0, *b1;
5289
5290 switch (dir) {
5291 /* src comes first, different from Ethernet */
5292 case Q_SRC:
6120 (bpf_int32)action);
6121 } else {
6122 bpf_error("action not supported on linktype 0x%x", linktype);
6123 /* NOTREACHED */
6124 }
6125
6126 return (b0);
6127}
6128
6129struct block *
6130gen_acode(eaddr, q)
6131 register const u_char *eaddr;
6132 struct qual q;
6133{
6134 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
6135 if (linktype == DLT_ARCNET || linktype == DLT_ARCNET_LINUX)
6136 return gen_ahostop(eaddr, (int)q.dir);
6137 }
6138 bpf_error("ARCnet address used in non-arc expression");
6139 /* NOTREACHED */
6140}
6141
6142static struct block *
6143gen_ahostop(eaddr, dir)
6144 register const u_char *eaddr;
6145 register int dir;
6146{
6147 register struct block *b0, *b1;
6148
6149 switch (dir) {
6150 /* src comes first, different from Ethernet */
6151 case Q_SRC:
5293 return gen_bcmp(0, 1, eaddr);
6152 return gen_bcmp(OR_LINK, 0, 1, eaddr);
5294
5295 case Q_DST:
6153
6154 case Q_DST:
5296 return gen_bcmp(1, 1, eaddr);
6155 return gen_bcmp(OR_LINK, 1, 1, eaddr);
5297
5298 case Q_AND:
5299 b0 = gen_ahostop(eaddr, Q_SRC);
5300 b1 = gen_ahostop(eaddr, Q_DST);
5301 gen_and(b0, b1);
5302 return b1;
5303
5304 case Q_DEFAULT:
5305 case Q_OR:
5306 b0 = gen_ahostop(eaddr, Q_SRC);
5307 b1 = gen_ahostop(eaddr, Q_DST);
5308 gen_or(b0, b1);
5309 return b1;
5310 }
5311 abort();
5312 /* NOTREACHED */
5313}
5314
5315/*
5316 * support IEEE 802.1Q VLAN trunk over ethernet
5317 */
5318struct block *
5319gen_vlan(vlan_num)
5320 int vlan_num;
5321{
5322 struct block *b0;
5323
5324 /*
5325 * Change the offsets to point to the type and data fields within
6156
6157 case Q_AND:
6158 b0 = gen_ahostop(eaddr, Q_SRC);
6159 b1 = gen_ahostop(eaddr, Q_DST);
6160 gen_and(b0, b1);
6161 return b1;
6162
6163 case Q_DEFAULT:
6164 case Q_OR:
6165 b0 = gen_ahostop(eaddr, Q_SRC);
6166 b1 = gen_ahostop(eaddr, Q_DST);
6167 gen_or(b0, b1);
6168 return b1;
6169 }
6170 abort();
6171 /* NOTREACHED */
6172}
6173
6174/*
6175 * support IEEE 802.1Q VLAN trunk over ethernet
6176 */
6177struct block *
6178gen_vlan(vlan_num)
6179 int vlan_num;
6180{
6181 struct block *b0;
6182
6183 /*
6184 * Change the offsets to point to the type and data fields within
5326 * the VLAN packet. This is somewhat of a kludge.
6185 * the VLAN packet. Just increment the offsets, so that we
6186 * can support a hierarchy, e.g. "vlan 300 && vlan 200" to
6187 * capture VLAN 200 encapsulated within VLAN 100.
6188 *
6189 * XXX - this is a bit of a kludge. If we were to split the
6190 * compiler into a parser that parses an expression and
6191 * generates an expression tree, and a code generator that
6192 * takes an expression tree (which could come from our
6193 * parser or from some other parser) and generates BPF code,
6194 * we could perhaps make the offsets parameters of routines
6195 * and, in the handler for an "AND" node, pass to subnodes
6196 * other than the VLAN node the adjusted offsets.
6197 *
6198 * This would mean that "vlan" would, instead of changing the
6199 * behavior of *all* tests after it, change only the behavior
6200 * of tests ANDed with it. That would change the documented
6201 * semantics of "vlan", which might break some expressions.
6202 * However, it would mean that "(vlan and ip) or ip" would check
6203 * both for VLAN-encapsulated IP and IP-over-Ethernet, rather than
6204 * checking only for VLAN-encapsulated IP, so that could still
6205 * be considered worth doing; it wouldn't break expressions
6206 * that are of the form "vlan and ..." or "vlan N and ...",
6207 * which I suspect are the most common expressions involving
6208 * "vlan". "vlan or ..." doesn't necessarily do what the user
6209 * would really want, now, as all the "or ..." tests would
6210 * be done assuming a VLAN, even though the "or" could be viewed
6211 * as meaning "or, if this isn't a VLAN packet...".
5327 */
6212 */
5328 if (orig_nl == (u_int)-1) {
5329 orig_linktype = off_linktype; /* save original values */
5330 orig_nl = off_nl;
5331 orig_nl_nosnap = off_nl_nosnap;
6213 orig_linktype = off_linktype; /* save original values */
6214 orig_nl = off_nl;
5332
6215
5333 switch (linktype) {
6216 switch (linktype) {
5334
6217
5335 case DLT_EN10MB:
5336 off_linktype = 16;
5337 off_nl_nosnap = 18;
5338 off_nl = 18;
5339 break;
6218 case DLT_EN10MB:
6219 off_linktype += 4;
6220 off_nl_nosnap += 4;
6221 off_nl += 4;
6222 break;
5340
6223
5341 default:
5342 bpf_error("no VLAN support for data link type %d",
5343 linktype);
5344 /*NOTREACHED*/
5345 }
5346 }
6224 default:
6225 bpf_error("no VLAN support for data link type %d",
6226 linktype);
6227 /*NOTREACHED*/
6228 }
5347
5348 /* check for VLAN */
6229
6230 /* check for VLAN */
5349 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q);
6231 b0 = gen_cmp(OR_LINK, orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q);
5350
5351 /* If a specific VLAN is requested, check VLAN id */
5352 if (vlan_num >= 0) {
5353 struct block *b1;
5354
6232
6233 /* If a specific VLAN is requested, check VLAN id */
6234 if (vlan_num >= 0) {
6235 struct block *b1;
6236
5355 b1 = gen_mcmp(orig_nl, BPF_H, (bpf_int32)vlan_num, 0x0fff);
6237 b1 = gen_mcmp(OR_LINK, orig_nl, BPF_H, (bpf_int32)vlan_num,
6238 0x0fff);
5356 gen_and(b0, b1);
5357 b0 = b1;
5358 }
5359
5360 return (b0);
5361}
5362
5363/*
5364 * support for MPLS
5365 */
5366struct block *
5367gen_mpls(label_num)
5368 int label_num;
5369{
5370 struct block *b0;
5371
5372 /*
5373 * Change the offsets to point to the type and data fields within
6239 gen_and(b0, b1);
6240 b0 = b1;
6241 }
6242
6243 return (b0);
6244}
6245
6246/*
6247 * support for MPLS
6248 */
6249struct block *
6250gen_mpls(label_num)
6251 int label_num;
6252{
6253 struct block *b0;
6254
6255 /*
6256 * Change the offsets to point to the type and data fields within
5374 * the MPLS packet. This is somewhat of a kludge.
6257 * the MPLS packet. Just increment the offsets, so that we
6258 * can support a hierarchy, e.g. "mpls 100000 && mpls 1024" to
6259 * capture packets with an outer label of 100000 and an inner
6260 * label of 1024.
6261 *
6262 * XXX - this is a bit of a kludge. See comments in gen_vlan().
5375 */
6263 */
5376 if (orig_nl == (u_int)-1) {
5377 orig_linktype = off_linktype; /* save original values */
5378 orig_nl = off_nl;
5379 orig_nl_nosnap = off_nl_nosnap;
6264 orig_linktype = off_linktype; /* save original values */
6265 orig_nl = off_nl;
5380
6266
5381 switch (linktype) {
6267 switch (linktype) {
6268
6269 case DLT_C_HDLC: /* fall through */
6270 case DLT_EN10MB:
6271 off_nl_nosnap += 4;
6272 off_nl += 4;
6273
6274 b0 = gen_cmp(OR_LINK, orig_linktype, BPF_H,
6275 (bpf_int32)ETHERTYPE_MPLS);
6276 break;
5382
6277
5383 case DLT_EN10MB:
5384 off_linktype = 16;
5385 off_nl_nosnap = 18;
5386 off_nl = 18;
6278 case DLT_PPP:
6279 off_nl_nosnap += 4;
6280 off_nl += 4;
5387
6281
5388 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_MPLS);
5389 break;
6282 b0 = gen_cmp(OR_LINK, orig_linktype, BPF_H,
6283 (bpf_int32)PPP_MPLS_UCAST);
6284 break;
5390
6285
5391 case DLT_PPP:
5392 off_linktype = 6;
5393 off_nl_nosnap = 8;
5394 off_nl = 8;
6286 /* FIXME add other DLT_s ...
6287 * for Frame-Relay/and ATM this may get messy due to SNAP headers
6288 * leave it for now */
5395
6289
5396 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)PPP_MPLS_UCAST);
5397 break;
6290 default:
6291 bpf_error("no MPLS support for data link type %d",
6292 linktype);
6293 b0 = NULL;
6294 /*NOTREACHED*/
6295 break;
6296 }
5398
6297
5399 case DLT_C_HDLC:
5400 off_linktype = 6;
5401 off_nl_nosnap = 8;
5402 off_nl = 8;
5403
5404 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_MPLS);
5405 break;
5406
5407 /* FIXME add other DLT_s ...
5408 * for Frame-Relay/and ATM this may get messy due to SNAP headers
5409 * leave it for now */
5410
5411 default:
5412 bpf_error("no MPLS support for data link type %d",
5413 linktype);
5414 b0 = NULL;
5415 /*NOTREACHED*/
5416 }
5417 } else {
5418 bpf_error("'mpls' can't be combined with 'vlan' or another 'mpls'");
5419 b0 = NULL;
5420 /*NOTREACHED*/
5421 }
5422
5423 /* If a specific MPLS label is requested, check it */
5424 if (label_num >= 0) {
5425 struct block *b1;
5426
5427 label_num = label_num << 12; /* label is shifted 12 bits on the wire */
6298 /* If a specific MPLS label is requested, check it */
6299 if (label_num >= 0) {
6300 struct block *b1;
6301
6302 label_num = label_num << 12; /* label is shifted 12 bits on the wire */
5428 b1 = gen_mcmp(orig_nl, BPF_W, (bpf_int32)label_num, 0xfffff000); /* only compare the first 20 bits */
6303 b1 = gen_mcmp(OR_LINK, orig_nl, BPF_W, (bpf_int32)label_num,
6304 0xfffff000); /* only compare the first 20 bits */
5429 gen_and(b0, b1);
5430 b0 = b1;
5431 }
5432
5433 return (b0);
5434}
5435
5436struct block *
5437gen_atmfield_code(atmfield, jvalue, jtype, reverse)
5438 int atmfield;
6305 gen_and(b0, b1);
6306 b0 = b1;
6307 }
6308
6309 return (b0);
6310}
6311
6312struct block *
6313gen_atmfield_code(atmfield, jvalue, jtype, reverse)
6314 int atmfield;
5439 bpf_u_int32 jvalue;
6315 bpf_int32 jvalue;
5440 bpf_u_int32 jtype;
5441 int reverse;
5442{
5443 struct block *b0;
5444
5445 switch (atmfield) {
5446
5447 case A_VPI:
5448 if (!is_atm)
5449 bpf_error("'vpi' supported only on raw ATM");
5450 if (off_vpi == (u_int)-1)
5451 abort();
6316 bpf_u_int32 jtype;
6317 int reverse;
6318{
6319 struct block *b0;
6320
6321 switch (atmfield) {
6322
6323 case A_VPI:
6324 if (!is_atm)
6325 bpf_error("'vpi' supported only on raw ATM");
6326 if (off_vpi == (u_int)-1)
6327 abort();
5452 b0 = gen_ncmp(BPF_B, off_vpi, 0xffffffff, (u_int)jtype,
5453 (u_int)jvalue, reverse);
6328 b0 = gen_ncmp(OR_LINK, off_vpi, BPF_B, 0xffffffff, jtype,
6329 reverse, jvalue);
5454 break;
5455
5456 case A_VCI:
5457 if (!is_atm)
5458 bpf_error("'vci' supported only on raw ATM");
5459 if (off_vci == (u_int)-1)
5460 abort();
6330 break;
6331
6332 case A_VCI:
6333 if (!is_atm)
6334 bpf_error("'vci' supported only on raw ATM");
6335 if (off_vci == (u_int)-1)
6336 abort();
5461 b0 = gen_ncmp(BPF_H, off_vci, 0xffffffff, (u_int)jtype,
5462 (u_int)jvalue, reverse);
6337 b0 = gen_ncmp(OR_LINK, off_vci, BPF_H, 0xffffffff, jtype,
6338 reverse, jvalue);
5463 break;
5464
5465 case A_PROTOTYPE:
5466 if (off_proto == (u_int)-1)
5467 abort(); /* XXX - this isn't on FreeBSD */
6339 break;
6340
6341 case A_PROTOTYPE:
6342 if (off_proto == (u_int)-1)
6343 abort(); /* XXX - this isn't on FreeBSD */
5468 b0 = gen_ncmp(BPF_B, off_proto, 0x0f, (u_int)jtype,
5469 (u_int)jvalue, reverse);
6344 b0 = gen_ncmp(OR_LINK, off_proto, BPF_B, 0x0f, jtype,
6345 reverse, jvalue);
5470 break;
5471
5472 case A_MSGTYPE:
5473 if (off_payload == (u_int)-1)
5474 abort();
6346 break;
6347
6348 case A_MSGTYPE:
6349 if (off_payload == (u_int)-1)
6350 abort();
5475 b0 = gen_ncmp(BPF_B, off_payload + MSG_TYPE_POS, 0xffffffff,
5476 (u_int)jtype, (u_int)jvalue, reverse);
6351 b0 = gen_ncmp(OR_LINK, off_payload + MSG_TYPE_POS, BPF_B,
6352 0xffffffff, jtype, reverse, jvalue);
5477 break;
5478
5479 case A_CALLREFTYPE:
5480 if (!is_atm)
5481 bpf_error("'callref' supported only on raw ATM");
5482 if (off_proto == (u_int)-1)
5483 abort();
6353 break;
6354
6355 case A_CALLREFTYPE:
6356 if (!is_atm)
6357 bpf_error("'callref' supported only on raw ATM");
6358 if (off_proto == (u_int)-1)
6359 abort();
5484 b0 = gen_ncmp(BPF_B, off_proto, 0xffffffff, (u_int)jtype,
5485 (u_int)jvalue, reverse);
6360 b0 = gen_ncmp(OR_LINK, off_proto, BPF_B, 0xffffffff,
6361 jtype, reverse, jvalue);
5486 break;
5487
5488 default:
5489 abort();
5490 }
5491 return b0;
5492}
5493
5494struct block *
5495gen_atmtype_abbrev(type)
5496 int type;
5497{
5498 struct block *b0, *b1;
5499
5500 switch (type) {
5501
5502 case A_METAC:
5503 /* Get all packets in Meta signalling Circuit */
5504 if (!is_atm)
5505 bpf_error("'metac' supported only on raw ATM");
5506 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5507 b1 = gen_atmfield_code(A_VCI, 1, BPF_JEQ, 0);
5508 gen_and(b0, b1);
5509 break;
5510
5511 case A_BCC:
5512 /* Get all packets in Broadcast Circuit*/
5513 if (!is_atm)
5514 bpf_error("'bcc' supported only on raw ATM");
5515 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5516 b1 = gen_atmfield_code(A_VCI, 2, BPF_JEQ, 0);
5517 gen_and(b0, b1);
5518 break;
5519
5520 case A_OAMF4SC:
5521 /* Get all cells in Segment OAM F4 circuit*/
5522 if (!is_atm)
5523 bpf_error("'oam4sc' supported only on raw ATM");
5524 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5525 b1 = gen_atmfield_code(A_VCI, 3, BPF_JEQ, 0);
5526 gen_and(b0, b1);
5527 break;
5528
5529 case A_OAMF4EC:
5530 /* Get all cells in End-to-End OAM F4 Circuit*/
5531 if (!is_atm)
5532 bpf_error("'oam4ec' supported only on raw ATM");
5533 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5534 b1 = gen_atmfield_code(A_VCI, 4, BPF_JEQ, 0);
5535 gen_and(b0, b1);
5536 break;
5537
5538 case A_SC:
5539 /* Get all packets in connection Signalling Circuit */
5540 if (!is_atm)
5541 bpf_error("'sc' supported only on raw ATM");
5542 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5543 b1 = gen_atmfield_code(A_VCI, 5, BPF_JEQ, 0);
5544 gen_and(b0, b1);
5545 break;
5546
5547 case A_ILMIC:
5548 /* Get all packets in ILMI Circuit */
5549 if (!is_atm)
5550 bpf_error("'ilmic' supported only on raw ATM");
5551 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5552 b1 = gen_atmfield_code(A_VCI, 16, BPF_JEQ, 0);
5553 gen_and(b0, b1);
5554 break;
5555
5556 case A_LANE:
5557 /* Get all LANE packets */
5558 if (!is_atm)
5559 bpf_error("'lane' supported only on raw ATM");
5560 b1 = gen_atmfield_code(A_PROTOTYPE, PT_LANE, BPF_JEQ, 0);
5561
5562 /*
5563 * Arrange that all subsequent tests assume LANE
5564 * rather than LLC-encapsulated packets, and set
5565 * the offsets appropriately for LANE-encapsulated
5566 * Ethernet.
5567 *
5568 * "off_mac" is the offset of the Ethernet header,
5569 * which is 2 bytes past the ATM pseudo-header
5570 * (skipping the pseudo-header and 2-byte LE Client
5571 * field). The other offsets are Ethernet offsets
5572 * relative to "off_mac".
5573 */
5574 is_lane = 1;
5575 off_mac = off_payload + 2; /* MAC header */
5576 off_linktype = off_mac + 12;
5577 off_nl = off_mac + 14; /* Ethernet II */
5578 off_nl_nosnap = off_mac + 17; /* 802.3+802.2 */
5579 break;
5580
5581 case A_LLC:
5582 /* Get all LLC-encapsulated packets */
5583 if (!is_atm)
5584 bpf_error("'llc' supported only on raw ATM");
5585 b1 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0);
5586 is_lane = 0;
5587 break;
5588
5589 default:
5590 abort();
5591 }
5592 return b1;
5593}
5594
6362 break;
6363
6364 default:
6365 abort();
6366 }
6367 return b0;
6368}
6369
6370struct block *
6371gen_atmtype_abbrev(type)
6372 int type;
6373{
6374 struct block *b0, *b1;
6375
6376 switch (type) {
6377
6378 case A_METAC:
6379 /* Get all packets in Meta signalling Circuit */
6380 if (!is_atm)
6381 bpf_error("'metac' supported only on raw ATM");
6382 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
6383 b1 = gen_atmfield_code(A_VCI, 1, BPF_JEQ, 0);
6384 gen_and(b0, b1);
6385 break;
6386
6387 case A_BCC:
6388 /* Get all packets in Broadcast Circuit*/
6389 if (!is_atm)
6390 bpf_error("'bcc' supported only on raw ATM");
6391 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
6392 b1 = gen_atmfield_code(A_VCI, 2, BPF_JEQ, 0);
6393 gen_and(b0, b1);
6394 break;
6395
6396 case A_OAMF4SC:
6397 /* Get all cells in Segment OAM F4 circuit*/
6398 if (!is_atm)
6399 bpf_error("'oam4sc' supported only on raw ATM");
6400 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
6401 b1 = gen_atmfield_code(A_VCI, 3, BPF_JEQ, 0);
6402 gen_and(b0, b1);
6403 break;
6404
6405 case A_OAMF4EC:
6406 /* Get all cells in End-to-End OAM F4 Circuit*/
6407 if (!is_atm)
6408 bpf_error("'oam4ec' supported only on raw ATM");
6409 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
6410 b1 = gen_atmfield_code(A_VCI, 4, BPF_JEQ, 0);
6411 gen_and(b0, b1);
6412 break;
6413
6414 case A_SC:
6415 /* Get all packets in connection Signalling Circuit */
6416 if (!is_atm)
6417 bpf_error("'sc' supported only on raw ATM");
6418 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
6419 b1 = gen_atmfield_code(A_VCI, 5, BPF_JEQ, 0);
6420 gen_and(b0, b1);
6421 break;
6422
6423 case A_ILMIC:
6424 /* Get all packets in ILMI Circuit */
6425 if (!is_atm)
6426 bpf_error("'ilmic' supported only on raw ATM");
6427 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
6428 b1 = gen_atmfield_code(A_VCI, 16, BPF_JEQ, 0);
6429 gen_and(b0, b1);
6430 break;
6431
6432 case A_LANE:
6433 /* Get all LANE packets */
6434 if (!is_atm)
6435 bpf_error("'lane' supported only on raw ATM");
6436 b1 = gen_atmfield_code(A_PROTOTYPE, PT_LANE, BPF_JEQ, 0);
6437
6438 /*
6439 * Arrange that all subsequent tests assume LANE
6440 * rather than LLC-encapsulated packets, and set
6441 * the offsets appropriately for LANE-encapsulated
6442 * Ethernet.
6443 *
6444 * "off_mac" is the offset of the Ethernet header,
6445 * which is 2 bytes past the ATM pseudo-header
6446 * (skipping the pseudo-header and 2-byte LE Client
6447 * field). The other offsets are Ethernet offsets
6448 * relative to "off_mac".
6449 */
6450 is_lane = 1;
6451 off_mac = off_payload + 2; /* MAC header */
6452 off_linktype = off_mac + 12;
6453 off_nl = off_mac + 14; /* Ethernet II */
6454 off_nl_nosnap = off_mac + 17; /* 802.3+802.2 */
6455 break;
6456
6457 case A_LLC:
6458 /* Get all LLC-encapsulated packets */
6459 if (!is_atm)
6460 bpf_error("'llc' supported only on raw ATM");
6461 b1 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0);
6462 is_lane = 0;
6463 break;
6464
6465 default:
6466 abort();
6467 }
6468 return b1;
6469}
6470
6471struct block *
6472gen_mtp3field_code(mtp3field, jvalue, jtype, reverse)
6473 int mtp3field;
6474 bpf_u_int32 jvalue;
6475 bpf_u_int32 jtype;
6476 int reverse;
6477{
6478 struct block *b0;
6479 bpf_u_int32 val1 , val2 , val3;
5595
6480
6481 switch (mtp3field) {
6482
6483 case M_SIO:
6484 if (off_sio == (u_int)-1)
6485 bpf_error("'sio' supported only on SS7");
6486 /* sio coded on 1 byte so max value 255 */
6487 if(jvalue > 255)
6488 bpf_error("sio value %u too big; max value = 255",
6489 jvalue);
6490 b0 = gen_ncmp(OR_PACKET, off_sio, BPF_B, 0xffffffff,
6491 (u_int)jtype, reverse, (u_int)jvalue);
6492 break;
6493
6494 case M_OPC:
6495 if (off_opc == (u_int)-1)
6496 bpf_error("'opc' supported only on SS7");
6497 /* opc coded on 14 bits so max value 16383 */
6498 if (jvalue > 16383)
6499 bpf_error("opc value %u too big; max value = 16383",
6500 jvalue);
6501 /* the following instructions are made to convert jvalue
6502 * to the form used to write opc in an ss7 message*/
6503 val1 = jvalue & 0x00003c00;
6504 val1 = val1 >>10;
6505 val2 = jvalue & 0x000003fc;
6506 val2 = val2 <<6;
6507 val3 = jvalue & 0x00000003;
6508 val3 = val3 <<22;
6509 jvalue = val1 + val2 + val3;
6510 b0 = gen_ncmp(OR_PACKET, off_opc, BPF_W, 0x00c0ff0f,
6511 (u_int)jtype, reverse, (u_int)jvalue);
6512 break;
6513
6514 case M_DPC:
6515 if (off_dpc == (u_int)-1)
6516 bpf_error("'dpc' supported only on SS7");
6517 /* dpc coded on 14 bits so max value 16383 */
6518 if (jvalue > 16383)
6519 bpf_error("dpc value %u too big; max value = 16383",
6520 jvalue);
6521 /* the following instructions are made to convert jvalue
6522 * to the forme used to write dpc in an ss7 message*/
6523 val1 = jvalue & 0x000000ff;
6524 val1 = val1 << 24;
6525 val2 = jvalue & 0x00003f00;
6526 val2 = val2 << 8;
6527 jvalue = val1 + val2;
6528 b0 = gen_ncmp(OR_PACKET, off_dpc, BPF_W, 0xff3f0000,
6529 (u_int)jtype, reverse, (u_int)jvalue);
6530 break;
6531
6532 case M_SLS:
6533 if (off_sls == (u_int)-1)
6534 bpf_error("'sls' supported only on SS7");
6535 /* sls coded on 4 bits so max value 15 */
6536 if (jvalue > 15)
6537 bpf_error("sls value %u too big; max value = 15",
6538 jvalue);
6539 /* the following instruction is made to convert jvalue
6540 * to the forme used to write sls in an ss7 message*/
6541 jvalue = jvalue << 4;
6542 b0 = gen_ncmp(OR_PACKET, off_sls, BPF_B, 0xf0,
6543 (u_int)jtype,reverse, (u_int)jvalue);
6544 break;
6545
6546 default:
6547 abort();
6548 }
6549 return b0;
6550}
6551
5596static struct block *
5597gen_msg_abbrev(type)
5598 int type;
5599{
5600 struct block *b1;
5601
5602 /*
5603 * Q.2931 signalling protocol messages for handling virtual circuits
5604 * establishment and teardown
5605 */
5606 switch (type) {
5607
5608 case A_SETUP:
5609 b1 = gen_atmfield_code(A_MSGTYPE, SETUP, BPF_JEQ, 0);
5610 break;
5611
5612 case A_CALLPROCEED:
5613 b1 = gen_atmfield_code(A_MSGTYPE, CALL_PROCEED, BPF_JEQ, 0);
5614 break;
5615
5616 case A_CONNECT:
5617 b1 = gen_atmfield_code(A_MSGTYPE, CONNECT, BPF_JEQ, 0);
5618 break;
5619
5620 case A_CONNECTACK:
5621 b1 = gen_atmfield_code(A_MSGTYPE, CONNECT_ACK, BPF_JEQ, 0);
5622 break;
5623
5624 case A_RELEASE:
5625 b1 = gen_atmfield_code(A_MSGTYPE, RELEASE, BPF_JEQ, 0);
5626 break;
5627
5628 case A_RELEASE_DONE:
5629 b1 = gen_atmfield_code(A_MSGTYPE, RELEASE_DONE, BPF_JEQ, 0);
5630 break;
5631
5632 default:
5633 abort();
5634 }
5635 return b1;
5636}
5637
5638struct block *
5639gen_atmmulti_abbrev(type)
5640 int type;
5641{
5642 struct block *b0, *b1;
5643
5644 switch (type) {
5645
5646 case A_OAM:
5647 if (!is_atm)
5648 bpf_error("'oam' supported only on raw ATM");
5649 b1 = gen_atmmulti_abbrev(A_OAMF4);
5650 break;
5651
5652 case A_OAMF4:
5653 if (!is_atm)
5654 bpf_error("'oamf4' supported only on raw ATM");
5655 /* OAM F4 type */
5656 b0 = gen_atmfield_code(A_VCI, 3, BPF_JEQ, 0);
5657 b1 = gen_atmfield_code(A_VCI, 4, BPF_JEQ, 0);
5658 gen_or(b0, b1);
5659 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
5660 gen_and(b0, b1);
5661 break;
5662
5663 case A_CONNECTMSG:
5664 /*
5665 * Get Q.2931 signalling messages for switched
5666 * virtual connection
5667 */
5668 if (!is_atm)
5669 bpf_error("'connectmsg' supported only on raw ATM");
5670 b0 = gen_msg_abbrev(A_SETUP);
5671 b1 = gen_msg_abbrev(A_CALLPROCEED);
5672 gen_or(b0, b1);
5673 b0 = gen_msg_abbrev(A_CONNECT);
5674 gen_or(b0, b1);
5675 b0 = gen_msg_abbrev(A_CONNECTACK);
5676 gen_or(b0, b1);
5677 b0 = gen_msg_abbrev(A_RELEASE);
5678 gen_or(b0, b1);
5679 b0 = gen_msg_abbrev(A_RELEASE_DONE);
5680 gen_or(b0, b1);
5681 b0 = gen_atmtype_abbrev(A_SC);
5682 gen_and(b0, b1);
5683 break;
5684
5685 case A_METACONNECT:
5686 if (!is_atm)
5687 bpf_error("'metaconnect' supported only on raw ATM");
5688 b0 = gen_msg_abbrev(A_SETUP);
5689 b1 = gen_msg_abbrev(A_CALLPROCEED);
5690 gen_or(b0, b1);
5691 b0 = gen_msg_abbrev(A_CONNECT);
5692 gen_or(b0, b1);
5693 b0 = gen_msg_abbrev(A_RELEASE);
5694 gen_or(b0, b1);
5695 b0 = gen_msg_abbrev(A_RELEASE_DONE);
5696 gen_or(b0, b1);
5697 b0 = gen_atmtype_abbrev(A_METAC);
5698 gen_and(b0, b1);
5699 break;
5700
5701 default:
5702 abort();
5703 }
5704 return b1;
5705}
6552static struct block *
6553gen_msg_abbrev(type)
6554 int type;
6555{
6556 struct block *b1;
6557
6558 /*
6559 * Q.2931 signalling protocol messages for handling virtual circuits
6560 * establishment and teardown
6561 */
6562 switch (type) {
6563
6564 case A_SETUP:
6565 b1 = gen_atmfield_code(A_MSGTYPE, SETUP, BPF_JEQ, 0);
6566 break;
6567
6568 case A_CALLPROCEED:
6569 b1 = gen_atmfield_code(A_MSGTYPE, CALL_PROCEED, BPF_JEQ, 0);
6570 break;
6571
6572 case A_CONNECT:
6573 b1 = gen_atmfield_code(A_MSGTYPE, CONNECT, BPF_JEQ, 0);
6574 break;
6575
6576 case A_CONNECTACK:
6577 b1 = gen_atmfield_code(A_MSGTYPE, CONNECT_ACK, BPF_JEQ, 0);
6578 break;
6579
6580 case A_RELEASE:
6581 b1 = gen_atmfield_code(A_MSGTYPE, RELEASE, BPF_JEQ, 0);
6582 break;
6583
6584 case A_RELEASE_DONE:
6585 b1 = gen_atmfield_code(A_MSGTYPE, RELEASE_DONE, BPF_JEQ, 0);
6586 break;
6587
6588 default:
6589 abort();
6590 }
6591 return b1;
6592}
6593
6594struct block *
6595gen_atmmulti_abbrev(type)
6596 int type;
6597{
6598 struct block *b0, *b1;
6599
6600 switch (type) {
6601
6602 case A_OAM:
6603 if (!is_atm)
6604 bpf_error("'oam' supported only on raw ATM");
6605 b1 = gen_atmmulti_abbrev(A_OAMF4);
6606 break;
6607
6608 case A_OAMF4:
6609 if (!is_atm)
6610 bpf_error("'oamf4' supported only on raw ATM");
6611 /* OAM F4 type */
6612 b0 = gen_atmfield_code(A_VCI, 3, BPF_JEQ, 0);
6613 b1 = gen_atmfield_code(A_VCI, 4, BPF_JEQ, 0);
6614 gen_or(b0, b1);
6615 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
6616 gen_and(b0, b1);
6617 break;
6618
6619 case A_CONNECTMSG:
6620 /*
6621 * Get Q.2931 signalling messages for switched
6622 * virtual connection
6623 */
6624 if (!is_atm)
6625 bpf_error("'connectmsg' supported only on raw ATM");
6626 b0 = gen_msg_abbrev(A_SETUP);
6627 b1 = gen_msg_abbrev(A_CALLPROCEED);
6628 gen_or(b0, b1);
6629 b0 = gen_msg_abbrev(A_CONNECT);
6630 gen_or(b0, b1);
6631 b0 = gen_msg_abbrev(A_CONNECTACK);
6632 gen_or(b0, b1);
6633 b0 = gen_msg_abbrev(A_RELEASE);
6634 gen_or(b0, b1);
6635 b0 = gen_msg_abbrev(A_RELEASE_DONE);
6636 gen_or(b0, b1);
6637 b0 = gen_atmtype_abbrev(A_SC);
6638 gen_and(b0, b1);
6639 break;
6640
6641 case A_METACONNECT:
6642 if (!is_atm)
6643 bpf_error("'metaconnect' supported only on raw ATM");
6644 b0 = gen_msg_abbrev(A_SETUP);
6645 b1 = gen_msg_abbrev(A_CALLPROCEED);
6646 gen_or(b0, b1);
6647 b0 = gen_msg_abbrev(A_CONNECT);
6648 gen_or(b0, b1);
6649 b0 = gen_msg_abbrev(A_RELEASE);
6650 gen_or(b0, b1);
6651 b0 = gen_msg_abbrev(A_RELEASE_DONE);
6652 gen_or(b0, b1);
6653 b0 = gen_atmtype_abbrev(A_METAC);
6654 gen_and(b0, b1);
6655 break;
6656
6657 default:
6658 abort();
6659 }
6660 return b1;
6661}