1/*#define CHASE_CHAIN*/ 2/* 3 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998 4 * The Regents of the University of California. All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that: (1) source code distributions 8 * retain the above copyright notice and this paragraph in its entirety, (2) 9 * distributions including binary code include the above copyright notice and 10 * this paragraph in its entirety in the documentation or other materials 11 * provided with the distribution, and (3) all advertising materials mentioning 12 * features or use of this software display the following acknowledgement: 13 * ``This product includes software developed by the University of California, 14 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 15 * the University nor the names of its contributors may be used to endorse 16 * or promote products derived from this software without specific prior 17 * written permission. 18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 19 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 20 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 21 *
| 1/*#define CHASE_CHAIN*/ 2/* 3 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998 4 * The Regents of the University of California. All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that: (1) source code distributions 8 * retain the above copyright notice and this paragraph in its entirety, (2) 9 * distributions including binary code include the above copyright notice and 10 * this paragraph in its entirety in the documentation or other materials 11 * provided with the distribution, and (3) all advertising materials mentioning 12 * features or use of this software display the following acknowledgement: 13 * ``This product includes software developed by the University of California, 14 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 15 * the University nor the names of its contributors may be used to endorse 16 * or promote products derived from this software without specific prior 17 * written permission. 18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 19 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 20 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 21 *
|
22 * $FreeBSD: head/contrib/libpcap/gencode.c 146771 2005-05-29 18:09:04Z sam $
| 22 * $FreeBSD: head/contrib/libpcap/gencode.c 147897 2005-07-11 03:43:25Z sam $
|
23 */ 24#ifndef lint 25static const char rcsid[] _U_ =
| 23 */ 24#ifndef lint 25static const char rcsid[] _U_ =
|
26 "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.221 2005/03/27 22:10:23 guy Exp $ (LBL)";
| 26 "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.221.2.24 2005/06/20 21:52:53 guy Exp $ (LBL)";
|
27#endif 28 29#ifdef HAVE_CONFIG_H 30#include "config.h" 31#endif 32 33#ifdef WIN32 34#include <pcap-stdinc.h> 35#else /* WIN32 */ 36#include <sys/types.h> 37#include <sys/socket.h> 38#endif /* WIN32 */ 39 40/* 41 * XXX - why was this included even on UNIX? 42 */ 43#ifdef __MINGW32__ 44#include "IP6_misc.h" 45#endif 46 47#ifndef WIN32 48 49#ifdef __NetBSD__ 50#include <sys/param.h> 51#endif 52 53#include <netinet/in.h> 54 55#endif /* WIN32 */ 56 57#include <stdlib.h> 58#include <string.h> 59#include <memory.h> 60#include <setjmp.h> 61#include <stdarg.h> 62 63#ifdef MSDOS 64#include "pcap-dos.h" 65#endif 66 67#include "pcap-int.h" 68 69#include "ethertype.h" 70#include "nlpid.h" 71#include "llc.h" 72#include "gencode.h" 73#include "atmuni31.h" 74#include "sunatmpos.h" 75#include "ppp.h" 76#include "sll.h" 77#include "arcnet.h" 78#include "pf.h" 79#ifndef offsetof 80#define offsetof(s, e) ((size_t)&((s *)0)->e) 81#endif 82#ifdef INET6 83#ifndef WIN32 84#include <netdb.h> /* for "struct addrinfo" */ 85#endif /* WIN32 */ 86#endif /*INET6*/ 87#include <pcap-namedb.h> 88 89#undef ETHERMTU 90#define ETHERMTU 1500 91 92#ifndef IPPROTO_SCTP 93#define IPPROTO_SCTP 132 94#endif 95 96#ifdef HAVE_OS_PROTO_H 97#include "os-proto.h" 98#endif 99 100#define JMP(c) ((c)|BPF_JMP|BPF_K) 101 102/* Locals */ 103static jmp_buf top_ctx; 104static pcap_t *bpf_pcap; 105 106/* Hack for updating VLAN, MPLS offsets. */
| 27#endif 28 29#ifdef HAVE_CONFIG_H 30#include "config.h" 31#endif 32 33#ifdef WIN32 34#include <pcap-stdinc.h> 35#else /* WIN32 */ 36#include <sys/types.h> 37#include <sys/socket.h> 38#endif /* WIN32 */ 39 40/* 41 * XXX - why was this included even on UNIX? 42 */ 43#ifdef __MINGW32__ 44#include "IP6_misc.h" 45#endif 46 47#ifndef WIN32 48 49#ifdef __NetBSD__ 50#include <sys/param.h> 51#endif 52 53#include <netinet/in.h> 54 55#endif /* WIN32 */ 56 57#include <stdlib.h> 58#include <string.h> 59#include <memory.h> 60#include <setjmp.h> 61#include <stdarg.h> 62 63#ifdef MSDOS 64#include "pcap-dos.h" 65#endif 66 67#include "pcap-int.h" 68 69#include "ethertype.h" 70#include "nlpid.h" 71#include "llc.h" 72#include "gencode.h" 73#include "atmuni31.h" 74#include "sunatmpos.h" 75#include "ppp.h" 76#include "sll.h" 77#include "arcnet.h" 78#include "pf.h" 79#ifndef offsetof 80#define offsetof(s, e) ((size_t)&((s *)0)->e) 81#endif 82#ifdef INET6 83#ifndef WIN32 84#include <netdb.h> /* for "struct addrinfo" */ 85#endif /* WIN32 */ 86#endif /*INET6*/ 87#include <pcap-namedb.h> 88 89#undef ETHERMTU 90#define ETHERMTU 1500 91 92#ifndef IPPROTO_SCTP 93#define IPPROTO_SCTP 132 94#endif 95 96#ifdef HAVE_OS_PROTO_H 97#include "os-proto.h" 98#endif 99 100#define JMP(c) ((c)|BPF_JMP|BPF_K) 101 102/* Locals */ 103static jmp_buf top_ctx; 104static pcap_t *bpf_pcap; 105 106/* Hack for updating VLAN, MPLS offsets. */
|
107static u_int orig_linktype = -1U, orig_nl = -1U, orig_nl_nosnap = -1U;
| 107static u_int orig_linktype = -1U, orig_nl = -1U;
|
108 109/* XXX */ 110#ifdef PCAP_FDDIPAD 111static int pcap_fddipad; 112#endif 113 114/* VARARGS */ 115void 116bpf_error(const char *fmt, ...)
| 108 109/* XXX */ 110#ifdef PCAP_FDDIPAD 111static int pcap_fddipad; 112#endif 113 114/* VARARGS */ 115void 116bpf_error(const char *fmt, ...)
|
117
| |
118{ 119 va_list ap; 120 121 va_start(ap, fmt); 122 if (bpf_pcap != NULL) 123 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE, 124 fmt, ap); 125 va_end(ap); 126 longjmp(top_ctx, 1); 127 /* NOTREACHED */ 128} 129 130static void init_linktype(pcap_t *); 131 132static int alloc_reg(void); 133static void free_reg(int); 134 135static struct block *root; 136 137/*
| 117{ 118 va_list ap; 119 120 va_start(ap, fmt); 121 if (bpf_pcap != NULL) 122 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE, 123 fmt, ap); 124 va_end(ap); 125 longjmp(top_ctx, 1); 126 /* NOTREACHED */ 127} 128 129static void init_linktype(pcap_t *); 130 131static int alloc_reg(void); 132static void free_reg(int); 133 134static struct block *root; 135 136/*
|
| 137 * Value passed to gen_load_a() to indicate what the offset argument 138 * is relative to. 139 */ 140enum e_offrel { 141 OR_PACKET, /* relative to the beginning of the packet */ 142 OR_LINK, /* relative to the link-layer header */ 143 OR_NET, /* relative to the network-layer header */ 144 OR_NET_NOSNAP, /* relative to the network-layer header, with no SNAP header at the link layer */ 145 OR_TRAN_IPV4, /* relative to the transport-layer header, with IPv4 network layer */ 146 OR_TRAN_IPV6 /* relative to the transport-layer header, with IPv6 network layer */ 147}; 148 149/*
|
138 * We divy out chunks of memory rather than call malloc each time so 139 * we don't have to worry about leaking memory. It's probably 140 * not a big deal if all this memory was wasted but if this ever 141 * goes into a library that would probably not be a good idea. 142 * 143 * XXX - this *is* in a library.... 144 */ 145#define NCHUNKS 16 146#define CHUNK0SIZE 1024 147struct chunk { 148 u_int n_left; 149 void *m; 150}; 151 152static struct chunk chunks[NCHUNKS]; 153static int cur_chunk; 154 155static void *newchunk(u_int); 156static void freechunks(void); 157static inline struct block *new_block(int); 158static inline struct slist *new_stmt(int); 159static struct block *gen_retblk(int); 160static inline void syntax(void); 161 162static void backpatch(struct block *, struct block *); 163static void merge(struct block *, struct block *);
| 150 * We divy out chunks of memory rather than call malloc each time so 151 * we don't have to worry about leaking memory. It's probably 152 * not a big deal if all this memory was wasted but if this ever 153 * goes into a library that would probably not be a good idea. 154 * 155 * XXX - this *is* in a library.... 156 */ 157#define NCHUNKS 16 158#define CHUNK0SIZE 1024 159struct chunk { 160 u_int n_left; 161 void *m; 162}; 163 164static struct chunk chunks[NCHUNKS]; 165static int cur_chunk; 166 167static void *newchunk(u_int); 168static void freechunks(void); 169static inline struct block *new_block(int); 170static inline struct slist *new_stmt(int); 171static struct block *gen_retblk(int); 172static inline void syntax(void); 173 174static void backpatch(struct block *, struct block *); 175static void merge(struct block *, struct block *);
|
164static struct block *gen_cmp(u_int, u_int, bpf_int32); 165static struct block *gen_cmp_gt(u_int, u_int, bpf_int32); 166static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32); 167static struct block *gen_bcmp(u_int, u_int, const u_char *); 168static struct block *gen_ncmp(bpf_u_int32, bpf_u_int32, bpf_u_int32, 169 bpf_u_int32, bpf_u_int32, int);
| 176static struct block *gen_cmp(enum e_offrel, u_int, u_int, bpf_int32); 177static struct block *gen_cmp_gt(enum e_offrel, u_int, u_int, bpf_int32); 178static struct block *gen_cmp_ge(enum e_offrel, u_int, u_int, bpf_int32); 179static struct block *gen_cmp_lt(enum e_offrel, u_int, u_int, bpf_int32); 180static struct block *gen_cmp_le(enum e_offrel, u_int, u_int, bpf_int32); 181static struct block *gen_mcmp(enum e_offrel, u_int, u_int, bpf_int32, 182 bpf_u_int32); 183static struct block *gen_bcmp(enum e_offrel, u_int, u_int, const u_char *); 184static struct block *gen_ncmp(enum e_offrel, bpf_u_int32, bpf_u_int32, 185 bpf_u_int32, bpf_u_int32, int, bpf_int32); 186static struct slist *gen_load_llrel(u_int, u_int); 187static struct slist *gen_load_a(enum e_offrel, u_int, u_int); 188static struct slist *gen_loadx_iphdrlen(void);
|
170static struct block *gen_uncond(int); 171static inline struct block *gen_true(void); 172static inline struct block *gen_false(void); 173static struct block *gen_ether_linktype(int); 174static struct block *gen_linux_sll_linktype(int);
| 189static struct block *gen_uncond(int); 190static inline struct block *gen_true(void); 191static inline struct block *gen_false(void); 192static struct block *gen_ether_linktype(int); 193static struct block *gen_linux_sll_linktype(int);
|
| 194static void insert_radiotap_load_llprefixlen(struct block *); 195static void insert_load_llprefixlen(struct block *); 196static struct slist *gen_llprefixlen(void);
|
175static struct block *gen_linktype(int); 176static struct block *gen_snap(bpf_u_int32, bpf_u_int32, u_int);
| 197static struct block *gen_linktype(int); 198static struct block *gen_snap(bpf_u_int32, bpf_u_int32, u_int);
|
177static struct block *gen_llc(int);
| 199static struct block *gen_llc_linktype(int);
|
178static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int); 179#ifdef INET6 180static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int); 181#endif 182static struct block *gen_ahostop(const u_char *, int); 183static struct block *gen_ehostop(const u_char *, int); 184static struct block *gen_fhostop(const u_char *, int); 185static struct block *gen_thostop(const u_char *, int); 186static struct block *gen_wlanhostop(const u_char *, int); 187static struct block *gen_ipfchostop(const u_char *, int);
| 200static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int); 201#ifdef INET6 202static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int); 203#endif 204static struct block *gen_ahostop(const u_char *, int); 205static struct block *gen_ehostop(const u_char *, int); 206static struct block *gen_fhostop(const u_char *, int); 207static struct block *gen_thostop(const u_char *, int); 208static struct block *gen_wlanhostop(const u_char *, int); 209static struct block *gen_ipfchostop(const u_char *, int);
|
188static struct block *gen_dnhostop(bpf_u_int32, int, u_int);
| 210static struct block *gen_dnhostop(bpf_u_int32, int);
|
189static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int); 190#ifdef INET6 191static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int); 192#endif 193#ifndef INET6 194static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int); 195#endif 196static struct block *gen_ipfrag(void); 197static struct block *gen_portatom(int, bpf_int32);
| 211static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int); 212#ifdef INET6 213static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int); 214#endif 215#ifndef INET6 216static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int); 217#endif 218static struct block *gen_ipfrag(void); 219static struct block *gen_portatom(int, bpf_int32);
|
| 220static struct block *gen_portrangeatom(int, bpf_int32, bpf_int32);
|
198#ifdef INET6 199static struct block *gen_portatom6(int, bpf_int32);
| 221#ifdef INET6 222static struct block *gen_portatom6(int, bpf_int32);
|
| 223static struct block *gen_portrangeatom6(int, bpf_int32, bpf_int32);
|
200#endif 201struct block *gen_portop(int, int, int); 202static struct block *gen_port(int, int, int);
| 224#endif 225struct block *gen_portop(int, int, int); 226static struct block *gen_port(int, int, int);
|
| 227struct block *gen_portrangeop(int, int, int, int); 228static struct block *gen_portrange(int, int, int, int);
|
203#ifdef INET6 204struct block *gen_portop6(int, int, int); 205static struct block *gen_port6(int, int, int);
| 229#ifdef INET6 230struct block *gen_portop6(int, int, int); 231static struct block *gen_port6(int, int, int);
|
| 232struct block *gen_portrangeop6(int, int, int, int); 233static struct block *gen_portrange6(int, int, int, int);
|
206#endif 207static int lookup_proto(const char *, int); 208static struct block *gen_protochain(int, int, int); 209static struct block *gen_proto(int, int, int); 210static struct slist *xfer_to_x(struct arth *); 211static struct slist *xfer_to_a(struct arth *); 212static struct block *gen_mac_multicast(int); 213static struct block *gen_len(int, int); 214 215static struct block *gen_msg_abbrev(int type); 216 217static void * 218newchunk(n) 219 u_int n; 220{ 221 struct chunk *cp; 222 int k; 223 size_t size; 224 225#ifndef __NetBSD__ 226 /* XXX Round up to nearest long. */ 227 n = (n + sizeof(long) - 1) & ~(sizeof(long) - 1); 228#else 229 /* XXX Round up to structure boundary. */ 230 n = ALIGN(n); 231#endif 232 233 cp = &chunks[cur_chunk]; 234 if (n > cp->n_left) { 235 ++cp, k = ++cur_chunk; 236 if (k >= NCHUNKS) 237 bpf_error("out of memory"); 238 size = CHUNK0SIZE << k; 239 cp->m = (void *)malloc(size); 240 if (cp->m == NULL) 241 bpf_error("out of memory"); 242 memset((char *)cp->m, 0, size); 243 cp->n_left = size; 244 if (n > size) 245 bpf_error("out of memory"); 246 } 247 cp->n_left -= n; 248 return (void *)((char *)cp->m + cp->n_left); 249} 250 251static void 252freechunks() 253{ 254 int i; 255 256 cur_chunk = 0; 257 for (i = 0; i < NCHUNKS; ++i) 258 if (chunks[i].m != NULL) { 259 free(chunks[i].m); 260 chunks[i].m = NULL; 261 } 262} 263 264/* 265 * A strdup whose allocations are freed after code generation is over. 266 */ 267char * 268sdup(s) 269 register const char *s; 270{ 271 int n = strlen(s) + 1; 272 char *cp = newchunk(n); 273 274 strlcpy(cp, s, n); 275 return (cp); 276} 277 278static inline struct block * 279new_block(code) 280 int code; 281{ 282 struct block *p; 283 284 p = (struct block *)newchunk(sizeof(*p)); 285 p->s.code = code; 286 p->head = p; 287 288 return p; 289} 290 291static inline struct slist * 292new_stmt(code) 293 int code; 294{ 295 struct slist *p; 296 297 p = (struct slist *)newchunk(sizeof(*p)); 298 p->s.code = code; 299 300 return p; 301} 302 303static struct block * 304gen_retblk(v) 305 int v; 306{ 307 struct block *b = new_block(BPF_RET|BPF_K); 308 309 b->s.k = v; 310 return b; 311} 312 313static inline void 314syntax() 315{ 316 bpf_error("syntax error in filter expression"); 317} 318 319static bpf_u_int32 netmask; 320static int snaplen; 321int no_optimize; 322 323int 324pcap_compile(pcap_t *p, struct bpf_program *program, 325 char *buf, int optimize, bpf_u_int32 mask) 326{ 327 extern int n_errors; 328 int len; 329 330 no_optimize = 0; 331 n_errors = 0; 332 root = NULL; 333 bpf_pcap = p; 334 if (setjmp(top_ctx)) { 335 lex_cleanup(); 336 freechunks(); 337 return (-1); 338 } 339 340 netmask = mask; 341 342 snaplen = pcap_snapshot(p); 343 if (snaplen == 0) { 344 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 345 "snaplen of 0 rejects all packets"); 346 return -1; 347 } 348 349 lex_init(buf ? buf : ""); 350 init_linktype(p); 351 (void)pcap_parse(); 352 353 if (n_errors) 354 syntax(); 355 356 if (root == NULL) 357 root = gen_retblk(snaplen); 358 359 if (optimize && !no_optimize) { 360 bpf_optimize(&root); 361 if (root == NULL || 362 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0)) 363 bpf_error("expression rejects all packets"); 364 } 365 program->bf_insns = icode_to_fcode(root, &len); 366 program->bf_len = len; 367 368 lex_cleanup(); 369 freechunks(); 370 return (0); 371} 372 373/* 374 * entry point for using the compiler with no pcap open 375 * pass in all the stuff that is needed explicitly instead. 376 */ 377int 378pcap_compile_nopcap(int snaplen_arg, int linktype_arg, 379 struct bpf_program *program, 380 char *buf, int optimize, bpf_u_int32 mask) 381{ 382 pcap_t *p; 383 int ret; 384 385 p = pcap_open_dead(linktype_arg, snaplen_arg); 386 if (p == NULL) 387 return (-1); 388 ret = pcap_compile(p, program, buf, optimize, mask); 389 pcap_close(p); 390 return (ret); 391} 392 393/* 394 * Clean up a "struct bpf_program" by freeing all the memory allocated 395 * in it. 396 */ 397void 398pcap_freecode(struct bpf_program *program) 399{ 400 program->bf_len = 0; 401 if (program->bf_insns != NULL) { 402 free((char *)program->bf_insns); 403 program->bf_insns = NULL; 404 } 405} 406 407/* 408 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates 409 * which of the jt and jf fields has been resolved and which is a pointer 410 * back to another unresolved block (or nil). At least one of the fields 411 * in each block is already resolved. 412 */ 413static void 414backpatch(list, target) 415 struct block *list, *target; 416{ 417 struct block *next; 418 419 while (list) { 420 if (!list->sense) { 421 next = JT(list); 422 JT(list) = target; 423 } else { 424 next = JF(list); 425 JF(list) = target; 426 } 427 list = next; 428 } 429} 430 431/* 432 * Merge the lists in b0 and b1, using the 'sense' field to indicate 433 * which of jt and jf is the link. 434 */ 435static void 436merge(b0, b1) 437 struct block *b0, *b1; 438{ 439 register struct block **p = &b0; 440 441 /* Find end of list. */ 442 while (*p) 443 p = !((*p)->sense) ? &JT(*p) : &JF(*p); 444 445 /* Concatenate the lists. */ 446 *p = b1; 447} 448 449void 450finish_parse(p) 451 struct block *p; 452{ 453 backpatch(p, gen_retblk(snaplen)); 454 p->sense = !p->sense; 455 backpatch(p, gen_retblk(0)); 456 root = p->head;
| 234#endif 235static int lookup_proto(const char *, int); 236static struct block *gen_protochain(int, int, int); 237static struct block *gen_proto(int, int, int); 238static struct slist *xfer_to_x(struct arth *); 239static struct slist *xfer_to_a(struct arth *); 240static struct block *gen_mac_multicast(int); 241static struct block *gen_len(int, int); 242 243static struct block *gen_msg_abbrev(int type); 244 245static void * 246newchunk(n) 247 u_int n; 248{ 249 struct chunk *cp; 250 int k; 251 size_t size; 252 253#ifndef __NetBSD__ 254 /* XXX Round up to nearest long. */ 255 n = (n + sizeof(long) - 1) & ~(sizeof(long) - 1); 256#else 257 /* XXX Round up to structure boundary. */ 258 n = ALIGN(n); 259#endif 260 261 cp = &chunks[cur_chunk]; 262 if (n > cp->n_left) { 263 ++cp, k = ++cur_chunk; 264 if (k >= NCHUNKS) 265 bpf_error("out of memory"); 266 size = CHUNK0SIZE << k; 267 cp->m = (void *)malloc(size); 268 if (cp->m == NULL) 269 bpf_error("out of memory"); 270 memset((char *)cp->m, 0, size); 271 cp->n_left = size; 272 if (n > size) 273 bpf_error("out of memory"); 274 } 275 cp->n_left -= n; 276 return (void *)((char *)cp->m + cp->n_left); 277} 278 279static void 280freechunks() 281{ 282 int i; 283 284 cur_chunk = 0; 285 for (i = 0; i < NCHUNKS; ++i) 286 if (chunks[i].m != NULL) { 287 free(chunks[i].m); 288 chunks[i].m = NULL; 289 } 290} 291 292/* 293 * A strdup whose allocations are freed after code generation is over. 294 */ 295char * 296sdup(s) 297 register const char *s; 298{ 299 int n = strlen(s) + 1; 300 char *cp = newchunk(n); 301 302 strlcpy(cp, s, n); 303 return (cp); 304} 305 306static inline struct block * 307new_block(code) 308 int code; 309{ 310 struct block *p; 311 312 p = (struct block *)newchunk(sizeof(*p)); 313 p->s.code = code; 314 p->head = p; 315 316 return p; 317} 318 319static inline struct slist * 320new_stmt(code) 321 int code; 322{ 323 struct slist *p; 324 325 p = (struct slist *)newchunk(sizeof(*p)); 326 p->s.code = code; 327 328 return p; 329} 330 331static struct block * 332gen_retblk(v) 333 int v; 334{ 335 struct block *b = new_block(BPF_RET|BPF_K); 336 337 b->s.k = v; 338 return b; 339} 340 341static inline void 342syntax() 343{ 344 bpf_error("syntax error in filter expression"); 345} 346 347static bpf_u_int32 netmask; 348static int snaplen; 349int no_optimize; 350 351int 352pcap_compile(pcap_t *p, struct bpf_program *program, 353 char *buf, int optimize, bpf_u_int32 mask) 354{ 355 extern int n_errors; 356 int len; 357 358 no_optimize = 0; 359 n_errors = 0; 360 root = NULL; 361 bpf_pcap = p; 362 if (setjmp(top_ctx)) { 363 lex_cleanup(); 364 freechunks(); 365 return (-1); 366 } 367 368 netmask = mask; 369 370 snaplen = pcap_snapshot(p); 371 if (snaplen == 0) { 372 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 373 "snaplen of 0 rejects all packets"); 374 return -1; 375 } 376 377 lex_init(buf ? buf : ""); 378 init_linktype(p); 379 (void)pcap_parse(); 380 381 if (n_errors) 382 syntax(); 383 384 if (root == NULL) 385 root = gen_retblk(snaplen); 386 387 if (optimize && !no_optimize) { 388 bpf_optimize(&root); 389 if (root == NULL || 390 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0)) 391 bpf_error("expression rejects all packets"); 392 } 393 program->bf_insns = icode_to_fcode(root, &len); 394 program->bf_len = len; 395 396 lex_cleanup(); 397 freechunks(); 398 return (0); 399} 400 401/* 402 * entry point for using the compiler with no pcap open 403 * pass in all the stuff that is needed explicitly instead. 404 */ 405int 406pcap_compile_nopcap(int snaplen_arg, int linktype_arg, 407 struct bpf_program *program, 408 char *buf, int optimize, bpf_u_int32 mask) 409{ 410 pcap_t *p; 411 int ret; 412 413 p = pcap_open_dead(linktype_arg, snaplen_arg); 414 if (p == NULL) 415 return (-1); 416 ret = pcap_compile(p, program, buf, optimize, mask); 417 pcap_close(p); 418 return (ret); 419} 420 421/* 422 * Clean up a "struct bpf_program" by freeing all the memory allocated 423 * in it. 424 */ 425void 426pcap_freecode(struct bpf_program *program) 427{ 428 program->bf_len = 0; 429 if (program->bf_insns != NULL) { 430 free((char *)program->bf_insns); 431 program->bf_insns = NULL; 432 } 433} 434 435/* 436 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates 437 * which of the jt and jf fields has been resolved and which is a pointer 438 * back to another unresolved block (or nil). At least one of the fields 439 * in each block is already resolved. 440 */ 441static void 442backpatch(list, target) 443 struct block *list, *target; 444{ 445 struct block *next; 446 447 while (list) { 448 if (!list->sense) { 449 next = JT(list); 450 JT(list) = target; 451 } else { 452 next = JF(list); 453 JF(list) = target; 454 } 455 list = next; 456 } 457} 458 459/* 460 * Merge the lists in b0 and b1, using the 'sense' field to indicate 461 * which of jt and jf is the link. 462 */ 463static void 464merge(b0, b1) 465 struct block *b0, *b1; 466{ 467 register struct block **p = &b0; 468 469 /* Find end of list. */ 470 while (*p) 471 p = !((*p)->sense) ? &JT(*p) : &JF(*p); 472 473 /* Concatenate the lists. */ 474 *p = b1; 475} 476 477void 478finish_parse(p) 479 struct block *p; 480{ 481 backpatch(p, gen_retblk(snaplen)); 482 p->sense = !p->sense; 483 backpatch(p, gen_retblk(0)); 484 root = p->head;
|
| 485 486 /* 487 * Insert before the statements of the first (root) block any 488 * statements needed to load the lengths of any variable-length 489 * headers into registers. 490 * 491 * XXX - a fancier strategy would be to insert those before the 492 * statements of all blocks that use those lengths and that 493 * have no predecessors that use them, so that we only compute 494 * the lengths if we need them. There might be even better 495 * approaches than that. However, as we're currently only 496 * handling variable-length radiotap headers, and as all 497 * filtering expressions other than raw link[M:N] tests 498 * require the length of that header, doing more for that 499 * header length isn't really worth the effort. 500 */ 501 insert_load_llprefixlen(root);
|
457} 458 459void 460gen_and(b0, b1) 461 struct block *b0, *b1; 462{ 463 backpatch(b0, b1->head); 464 b0->sense = !b0->sense; 465 b1->sense = !b1->sense; 466 merge(b1, b0); 467 b1->sense = !b1->sense; 468 b1->head = b0->head; 469} 470 471void 472gen_or(b0, b1) 473 struct block *b0, *b1; 474{ 475 b0->sense = !b0->sense; 476 backpatch(b0, b1->head); 477 b0->sense = !b0->sense; 478 merge(b1, b0); 479 b1->head = b0->head; 480} 481 482void 483gen_not(b) 484 struct block *b; 485{ 486 b->sense = !b->sense; 487} 488 489static struct block *
| 502} 503 504void 505gen_and(b0, b1) 506 struct block *b0, *b1; 507{ 508 backpatch(b0, b1->head); 509 b0->sense = !b0->sense; 510 b1->sense = !b1->sense; 511 merge(b1, b0); 512 b1->sense = !b1->sense; 513 b1->head = b0->head; 514} 515 516void 517gen_or(b0, b1) 518 struct block *b0, *b1; 519{ 520 b0->sense = !b0->sense; 521 backpatch(b0, b1->head); 522 b0->sense = !b0->sense; 523 merge(b1, b0); 524 b1->head = b0->head; 525} 526 527void 528gen_not(b) 529 struct block *b; 530{ 531 b->sense = !b->sense; 532} 533 534static struct block *
|
490gen_cmp(offset, size, v)
| 535gen_cmp(offrel, offset, size, v) 536 enum e_offrel offrel;
|
491 u_int offset, size; 492 bpf_int32 v; 493{
| 537 u_int offset, size; 538 bpf_int32 v; 539{
|
494 struct slist *s; 495 struct block *b;
| 540 return gen_ncmp(offrel, offset, size, 0xffffffff, BPF_JEQ, 0, v); 541}
|
496
| 542
|
497 s = new_stmt(BPF_LD|BPF_ABS|size); 498 s->s.k = offset;
| 543static struct block * 544gen_cmp_gt(offrel, offset, size, v) 545 enum e_offrel offrel; 546 u_int offset, size; 547 bpf_int32 v; 548{ 549 return gen_ncmp(offrel, offset, size, 0xffffffff, BPF_JGT, 0, v); 550}
|
499
| 551
|
500 b = new_block(JMP(BPF_JEQ)); 501 b->stmts = s; 502 b->s.k = v; 503 504 return b;
| 552static struct block * 553gen_cmp_ge(offrel, offset, size, v) 554 enum e_offrel offrel; 555 u_int offset, size; 556 bpf_int32 v; 557{ 558 return gen_ncmp(offrel, offset, size, 0xffffffff, BPF_JGE, 0, v);
|
505} 506 507static struct block *
| 559} 560 561static struct block *
|
508gen_cmp_gt(offset, size, v)
| 562gen_cmp_lt(offrel, offset, size, v) 563 enum e_offrel offrel;
|
509 u_int offset, size; 510 bpf_int32 v; 511{
| 564 u_int offset, size; 565 bpf_int32 v; 566{
|
512 struct slist *s; 513 struct block *b;
| 567 return gen_ncmp(offrel, offset, size, 0xffffffff, BPF_JGE, 1, v); 568}
|
514
| 569
|
515 s = new_stmt(BPF_LD|BPF_ABS|size); 516 s->s.k = offset; 517 518 b = new_block(JMP(BPF_JGT)); 519 b->stmts = s; 520 b->s.k = v; 521 522 return b;
| 570static struct block * 571gen_cmp_le(offrel, offset, size, v) 572 enum e_offrel offrel; 573 u_int offset, size; 574 bpf_int32 v; 575{ 576 return gen_ncmp(offrel, offset, size, 0xffffffff, BPF_JGT, 1, v);
|
523} 524 525static struct block *
| 577} 578 579static struct block *
|
526gen_mcmp(offset, size, v, mask)
| 580gen_mcmp(offrel, offset, size, v, mask) 581 enum e_offrel offrel;
|
527 u_int offset, size; 528 bpf_int32 v; 529 bpf_u_int32 mask; 530{
| 582 u_int offset, size; 583 bpf_int32 v; 584 bpf_u_int32 mask; 585{
|
531 struct block *b = gen_cmp(offset, size, v); 532 struct slist *s; 533 534 if (mask != 0xffffffff) { 535 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 536 s->s.k = mask; 537 b->stmts->next = s; 538 } 539 return b;
| 586 return gen_ncmp(offrel, offset, size, mask, BPF_JEQ, 0, v);
|
540} 541 542static struct block *
| 587} 588 589static struct block *
|
543gen_bcmp(offset, size, v)
| 590gen_bcmp(offrel, offset, size, v) 591 enum e_offrel offrel;
|
544 register u_int offset, size; 545 register const u_char *v; 546{ 547 register struct block *b, *tmp; 548 549 b = NULL; 550 while (size >= 4) { 551 register const u_char *p = &v[size - 4]; 552 bpf_int32 w = ((bpf_int32)p[0] << 24) | 553 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3]; 554
| 592 register u_int offset, size; 593 register const u_char *v; 594{ 595 register struct block *b, *tmp; 596 597 b = NULL; 598 while (size >= 4) { 599 register const u_char *p = &v[size - 4]; 600 bpf_int32 w = ((bpf_int32)p[0] << 24) | 601 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3]; 602
|
555 tmp = gen_cmp(offset + size - 4, BPF_W, w);
| 603 tmp = gen_cmp(offrel, offset + size - 4, BPF_W, w);
|
556 if (b != NULL) 557 gen_and(b, tmp); 558 b = tmp; 559 size -= 4; 560 } 561 while (size >= 2) { 562 register const u_char *p = &v[size - 2]; 563 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1]; 564
| 604 if (b != NULL) 605 gen_and(b, tmp); 606 b = tmp; 607 size -= 4; 608 } 609 while (size >= 2) { 610 register const u_char *p = &v[size - 2]; 611 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1]; 612
|
565 tmp = gen_cmp(offset + size - 2, BPF_H, w);
| 613 tmp = gen_cmp(offrel, offset + size - 2, BPF_H, w);
|
566 if (b != NULL) 567 gen_and(b, tmp); 568 b = tmp; 569 size -= 2; 570 } 571 if (size > 0) {
| 614 if (b != NULL) 615 gen_and(b, tmp); 616 b = tmp; 617 size -= 2; 618 } 619 if (size > 0) {
|
572 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]);
| 620 tmp = gen_cmp(offrel, offset, BPF_B, (bpf_int32)v[0]);
|
573 if (b != NULL) 574 gen_and(b, tmp); 575 b = tmp; 576 } 577 return b; 578} 579
| 621 if (b != NULL) 622 gen_and(b, tmp); 623 b = tmp; 624 } 625 return b; 626} 627
|
| 628/* 629 * AND the field of size "size" at offset "offset" relative to the header 630 * specified by "offrel" with "mask", and compare it with the value "v" 631 * with the test specified by "jtype"; if "reverse" is true, the test 632 * should test the opposite of "jtype". 633 */
|
580static struct block *
| 634static struct block *
|
581gen_ncmp(datasize, offset, mask, jtype, jvalue, reverse) 582 bpf_u_int32 datasize, offset, mask, jtype, jvalue;
| 635gen_ncmp(offrel, offset, size, mask, jtype, reverse, v) 636 enum e_offrel offrel; 637 bpf_int32 v; 638 bpf_u_int32 offset, size, mask, jtype;
|
583 int reverse; 584{
| 639 int reverse; 640{
|
585 struct slist *s;
| 641 struct slist *s, *s2;
|
586 struct block *b; 587
| 642 struct block *b; 643
|
588 s = new_stmt(BPF_LD|datasize|BPF_ABS); 589 s->s.k = offset;
| 644 s = gen_load_a(offrel, offset, size);
|
590 591 if (mask != 0xffffffff) {
| 645 646 if (mask != 0xffffffff) {
|
592 s->next = new_stmt(BPF_ALU|BPF_AND|BPF_K); 593 s->next->s.k = mask;
| 647 s2 = new_stmt(BPF_ALU|BPF_AND|BPF_K); 648 s2->s.k = mask; 649 sappend(s, s2);
|
594 } 595 596 b = new_block(JMP(jtype)); 597 b->stmts = s;
| 650 } 651 652 b = new_block(JMP(jtype)); 653 b->stmts = s;
|
598 b->s.k = jvalue;
| 654 b->s.k = v;
|
599 if (reverse && (jtype == BPF_JGT || jtype == BPF_JGE)) 600 gen_not(b); 601 return b; 602} 603 604/* 605 * Various code constructs need to know the layout of the data link
| 655 if (reverse && (jtype == BPF_JGT || jtype == BPF_JGE)) 656 gen_not(b); 657 return b; 658} 659 660/* 661 * Various code constructs need to know the layout of the data link
|
606 * layer. These variables give the necessary offsets.
| 662 * layer. These variables give the necessary offsets from the beginning 663 * of the packet data. 664 * 665 * If the link layer has variable_length headers, the offsets are offsets 666 * from the end of the link-link-layer header, and "reg_ll_size" is 667 * the register number for a register containing the length of the 668 * link-layer header. Otherwise, "reg_ll_size" is -1.
|
607 */
| 669 */
|
| 670static int reg_ll_size;
|
608 609/*
| 671 672/*
|
| 673 * This is the offset of the beginning of the link-layer header. 674 * It's usually 0, except for 802.11 with a fixed-length radio header. 675 */ 676static u_int off_ll; 677 678/*
|
610 * This is the offset of the beginning of the MAC-layer header. 611 * It's usually 0, except for ATM LANE. 612 */ 613static u_int off_mac; 614 615/* 616 * "off_linktype" is the offset to information in the link-layer header 617 * giving the packet type. 618 * 619 * For Ethernet, it's the offset of the Ethernet type field. 620 * 621 * For link-layer types that always use 802.2 headers, it's the 622 * offset of the LLC header. 623 * 624 * For PPP, it's the offset of the PPP type field. 625 * 626 * For Cisco HDLC, it's the offset of the CHDLC type field. 627 * 628 * For BSD loopback, it's the offset of the AF_ value. 629 * 630 * For Linux cooked sockets, it's the offset of the type field. 631 * 632 * It's set to -1 for no encapsulation, in which case, IP is assumed. 633 */ 634static u_int off_linktype; 635 636/* 637 * TRUE if the link layer includes an ATM pseudo-header. 638 */ 639static int is_atm = 0; 640 641/* 642 * TRUE if "lane" appeared in the filter; it causes us to generate 643 * code that assumes LANE rather than LLC-encapsulated traffic in SunATM. 644 */ 645static int is_lane = 0; 646 647/* 648 * These are offsets for the ATM pseudo-header. 649 */ 650static u_int off_vpi; 651static u_int off_vci; 652static u_int off_proto; 653 654/*
| 679 * This is the offset of the beginning of the MAC-layer header. 680 * It's usually 0, except for ATM LANE. 681 */ 682static u_int off_mac; 683 684/* 685 * "off_linktype" is the offset to information in the link-layer header 686 * giving the packet type. 687 * 688 * For Ethernet, it's the offset of the Ethernet type field. 689 * 690 * For link-layer types that always use 802.2 headers, it's the 691 * offset of the LLC header. 692 * 693 * For PPP, it's the offset of the PPP type field. 694 * 695 * For Cisco HDLC, it's the offset of the CHDLC type field. 696 * 697 * For BSD loopback, it's the offset of the AF_ value. 698 * 699 * For Linux cooked sockets, it's the offset of the type field. 700 * 701 * It's set to -1 for no encapsulation, in which case, IP is assumed. 702 */ 703static u_int off_linktype; 704 705/* 706 * TRUE if the link layer includes an ATM pseudo-header. 707 */ 708static int is_atm = 0; 709 710/* 711 * TRUE if "lane" appeared in the filter; it causes us to generate 712 * code that assumes LANE rather than LLC-encapsulated traffic in SunATM. 713 */ 714static int is_lane = 0; 715 716/* 717 * These are offsets for the ATM pseudo-header. 718 */ 719static u_int off_vpi; 720static u_int off_vci; 721static u_int off_proto; 722 723/*
|
| 724 * These are offsets for the MTP3 fields. 725 */ 726static u_int off_sio; 727static u_int off_opc; 728static u_int off_dpc; 729static u_int off_sls; 730 731/*
|
655 * This is the offset of the first byte after the ATM pseudo_header, 656 * or -1 if there is no ATM pseudo-header. 657 */ 658static u_int off_payload; 659 660/* 661 * These are offsets to the beginning of the network-layer header. 662 * 663 * If the link layer never uses 802.2 LLC: 664 * 665 * "off_nl" and "off_nl_nosnap" are the same. 666 * 667 * If the link layer always uses 802.2 LLC: 668 * 669 * "off_nl" is the offset if there's a SNAP header following 670 * the 802.2 header; 671 * 672 * "off_nl_nosnap" is the offset if there's no SNAP header. 673 * 674 * If the link layer is Ethernet: 675 * 676 * "off_nl" is the offset if the packet is an Ethernet II packet 677 * (we assume no 802.3+802.2+SNAP); 678 * 679 * "off_nl_nosnap" is the offset if the packet is an 802.3 packet 680 * with an 802.2 header following it. 681 */ 682static u_int off_nl; 683static u_int off_nl_nosnap; 684 685static int linktype; 686 687static void 688init_linktype(p) 689 pcap_t *p; 690{ 691 linktype = pcap_datalink(p); 692#ifdef PCAP_FDDIPAD 693 pcap_fddipad = p->fddipad; 694#endif 695 696 /* 697 * Assume it's not raw ATM with a pseudo-header, for now. 698 */ 699 off_mac = 0; 700 is_atm = 0; 701 is_lane = 0; 702 off_vpi = -1; 703 off_vci = -1; 704 off_proto = -1; 705 off_payload = -1; 706
| 732 * This is the offset of the first byte after the ATM pseudo_header, 733 * or -1 if there is no ATM pseudo-header. 734 */ 735static u_int off_payload; 736 737/* 738 * These are offsets to the beginning of the network-layer header. 739 * 740 * If the link layer never uses 802.2 LLC: 741 * 742 * "off_nl" and "off_nl_nosnap" are the same. 743 * 744 * If the link layer always uses 802.2 LLC: 745 * 746 * "off_nl" is the offset if there's a SNAP header following 747 * the 802.2 header; 748 * 749 * "off_nl_nosnap" is the offset if there's no SNAP header. 750 * 751 * If the link layer is Ethernet: 752 * 753 * "off_nl" is the offset if the packet is an Ethernet II packet 754 * (we assume no 802.3+802.2+SNAP); 755 * 756 * "off_nl_nosnap" is the offset if the packet is an 802.3 packet 757 * with an 802.2 header following it. 758 */ 759static u_int off_nl; 760static u_int off_nl_nosnap; 761 762static int linktype; 763 764static void 765init_linktype(p) 766 pcap_t *p; 767{ 768 linktype = pcap_datalink(p); 769#ifdef PCAP_FDDIPAD 770 pcap_fddipad = p->fddipad; 771#endif 772 773 /* 774 * Assume it's not raw ATM with a pseudo-header, for now. 775 */ 776 off_mac = 0; 777 is_atm = 0; 778 is_lane = 0; 779 off_vpi = -1; 780 off_vci = -1; 781 off_proto = -1; 782 off_payload = -1; 783
|
| 784 off_sio = -1; 785 off_opc = -1; 786 off_dpc = -1; 787 off_sls = -1; 788 789 /* 790 * Also assume it's not 802.11 with a fixed-length radio header. 791 */ 792 off_ll = 0; 793
|
707 orig_linktype = -1; 708 orig_nl = -1;
| 794 orig_linktype = -1; 795 orig_nl = -1;
|
709 orig_nl_nosnap = -1;
| |
710
| 796
|
| 797 reg_ll_size = -1; 798
|
711 switch (linktype) { 712 713 case DLT_ARCNET: 714 off_linktype = 2; 715 off_nl = 6; /* XXX in reality, variable! */ 716 off_nl_nosnap = 6; /* no 802.2 LLC */ 717 return; 718 719 case DLT_ARCNET_LINUX: 720 off_linktype = 4; 721 off_nl = 8; /* XXX in reality, variable! */ 722 off_nl_nosnap = 8; /* no 802.2 LLC */ 723 return; 724 725 case DLT_EN10MB: 726 off_linktype = 12; 727 off_nl = 14; /* Ethernet II */ 728 off_nl_nosnap = 17; /* 802.3+802.2 */ 729 return; 730 731 case DLT_SLIP: 732 /* 733 * SLIP doesn't have a link level type. The 16 byte 734 * header is hacked into our SLIP driver. 735 */ 736 off_linktype = -1; 737 off_nl = 16; 738 off_nl_nosnap = 16; /* no 802.2 LLC */ 739 return; 740 741 case DLT_SLIP_BSDOS: 742 /* XXX this may be the same as the DLT_PPP_BSDOS case */ 743 off_linktype = -1; 744 /* XXX end */ 745 off_nl = 24; 746 off_nl_nosnap = 24; /* no 802.2 LLC */ 747 return; 748 749 case DLT_NULL: 750 case DLT_LOOP: 751 off_linktype = 0; 752 off_nl = 4; 753 off_nl_nosnap = 4; /* no 802.2 LLC */ 754 return; 755 756 case DLT_ENC: 757 off_linktype = 0; 758 off_nl = 12; 759 off_nl_nosnap = 12; /* no 802.2 LLC */ 760 return; 761 762 case DLT_PPP: 763 case DLT_PPP_PPPD: 764 case DLT_C_HDLC: /* BSD/OS Cisco HDLC */ 765 case DLT_PPP_SERIAL: /* NetBSD sync/async serial PPP */ 766 off_linktype = 2; 767 off_nl = 4; 768 off_nl_nosnap = 4; /* no 802.2 LLC */ 769 return; 770 771 case DLT_PPP_ETHER: 772 /* 773 * This does no include the Ethernet header, and 774 * only covers session state. 775 */ 776 off_linktype = 6; 777 off_nl = 8; 778 off_nl_nosnap = 8; /* no 802.2 LLC */ 779 return; 780 781 case DLT_PPP_BSDOS: 782 off_linktype = 5; 783 off_nl = 24; 784 off_nl_nosnap = 24; /* no 802.2 LLC */ 785 return; 786 787 case DLT_FDDI: 788 /* 789 * FDDI doesn't really have a link-level type field. 790 * We set "off_linktype" to the offset of the LLC header. 791 * 792 * To check for Ethernet types, we assume that SSAP = SNAP 793 * is being used and pick out the encapsulated Ethernet type. 794 * XXX - should we generate code to check for SNAP? 795 */ 796 off_linktype = 13; 797#ifdef PCAP_FDDIPAD 798 off_linktype += pcap_fddipad; 799#endif 800 off_nl = 21; /* FDDI+802.2+SNAP */ 801 off_nl_nosnap = 16; /* FDDI+802.2 */ 802#ifdef PCAP_FDDIPAD 803 off_nl += pcap_fddipad; 804 off_nl_nosnap += pcap_fddipad; 805#endif 806 return; 807 808 case DLT_IEEE802: 809 /* 810 * Token Ring doesn't really have a link-level type field. 811 * We set "off_linktype" to the offset of the LLC header. 812 * 813 * To check for Ethernet types, we assume that SSAP = SNAP 814 * is being used and pick out the encapsulated Ethernet type. 815 * XXX - should we generate code to check for SNAP? 816 * 817 * XXX - the header is actually variable-length. 818 * Some various Linux patched versions gave 38 819 * as "off_linktype" and 40 as "off_nl"; however, 820 * if a token ring packet has *no* routing 821 * information, i.e. is not source-routed, the correct 822 * values are 20 and 22, as they are in the vanilla code. 823 * 824 * A packet is source-routed iff the uppermost bit 825 * of the first byte of the source address, at an 826 * offset of 8, has the uppermost bit set. If the 827 * packet is source-routed, the total number of bytes 828 * of routing information is 2 plus bits 0x1F00 of 829 * the 16-bit value at an offset of 14 (shifted right 830 * 8 - figure out which byte that is). 831 */ 832 off_linktype = 14; 833 off_nl = 22; /* Token Ring+802.2+SNAP */ 834 off_nl_nosnap = 17; /* Token Ring+802.2 */ 835 return; 836 837 case DLT_IEEE802_11: 838 /* 839 * 802.11 doesn't really have a link-level type field. 840 * We set "off_linktype" to the offset of the LLC header. 841 * 842 * To check for Ethernet types, we assume that SSAP = SNAP 843 * is being used and pick out the encapsulated Ethernet type. 844 * XXX - should we generate code to check for SNAP? 845 * 846 * XXX - the header is actually variable-length. We 847 * assume a 24-byte link-layer header, as appears in 848 * data frames in networks with no bridges. If the 849 * fromds and tods 802.11 header bits are both set, 850 * it's actually supposed to be 30 bytes. 851 */ 852 off_linktype = 24; 853 off_nl = 32; /* 802.11+802.2+SNAP */ 854 off_nl_nosnap = 27; /* 802.11+802.2 */ 855 return; 856 857 case DLT_PRISM_HEADER: 858 /* 859 * Same as 802.11, but with an additional header before 860 * the 802.11 header, containing a bunch of additional 861 * information including radio-level information. 862 * 863 * The header is 144 bytes long. 864 * 865 * XXX - same variable-length header problem; at least 866 * the Prism header is fixed-length. 867 */
| 799 switch (linktype) { 800 801 case DLT_ARCNET: 802 off_linktype = 2; 803 off_nl = 6; /* XXX in reality, variable! */ 804 off_nl_nosnap = 6; /* no 802.2 LLC */ 805 return; 806 807 case DLT_ARCNET_LINUX: 808 off_linktype = 4; 809 off_nl = 8; /* XXX in reality, variable! */ 810 off_nl_nosnap = 8; /* no 802.2 LLC */ 811 return; 812 813 case DLT_EN10MB: 814 off_linktype = 12; 815 off_nl = 14; /* Ethernet II */ 816 off_nl_nosnap = 17; /* 802.3+802.2 */ 817 return; 818 819 case DLT_SLIP: 820 /* 821 * SLIP doesn't have a link level type. The 16 byte 822 * header is hacked into our SLIP driver. 823 */ 824 off_linktype = -1; 825 off_nl = 16; 826 off_nl_nosnap = 16; /* no 802.2 LLC */ 827 return; 828 829 case DLT_SLIP_BSDOS: 830 /* XXX this may be the same as the DLT_PPP_BSDOS case */ 831 off_linktype = -1; 832 /* XXX end */ 833 off_nl = 24; 834 off_nl_nosnap = 24; /* no 802.2 LLC */ 835 return; 836 837 case DLT_NULL: 838 case DLT_LOOP: 839 off_linktype = 0; 840 off_nl = 4; 841 off_nl_nosnap = 4; /* no 802.2 LLC */ 842 return; 843 844 case DLT_ENC: 845 off_linktype = 0; 846 off_nl = 12; 847 off_nl_nosnap = 12; /* no 802.2 LLC */ 848 return; 849 850 case DLT_PPP: 851 case DLT_PPP_PPPD: 852 case DLT_C_HDLC: /* BSD/OS Cisco HDLC */ 853 case DLT_PPP_SERIAL: /* NetBSD sync/async serial PPP */ 854 off_linktype = 2; 855 off_nl = 4; 856 off_nl_nosnap = 4; /* no 802.2 LLC */ 857 return; 858 859 case DLT_PPP_ETHER: 860 /* 861 * This does no include the Ethernet header, and 862 * only covers session state. 863 */ 864 off_linktype = 6; 865 off_nl = 8; 866 off_nl_nosnap = 8; /* no 802.2 LLC */ 867 return; 868 869 case DLT_PPP_BSDOS: 870 off_linktype = 5; 871 off_nl = 24; 872 off_nl_nosnap = 24; /* no 802.2 LLC */ 873 return; 874 875 case DLT_FDDI: 876 /* 877 * FDDI doesn't really have a link-level type field. 878 * We set "off_linktype" to the offset of the LLC header. 879 * 880 * To check for Ethernet types, we assume that SSAP = SNAP 881 * is being used and pick out the encapsulated Ethernet type. 882 * XXX - should we generate code to check for SNAP? 883 */ 884 off_linktype = 13; 885#ifdef PCAP_FDDIPAD 886 off_linktype += pcap_fddipad; 887#endif 888 off_nl = 21; /* FDDI+802.2+SNAP */ 889 off_nl_nosnap = 16; /* FDDI+802.2 */ 890#ifdef PCAP_FDDIPAD 891 off_nl += pcap_fddipad; 892 off_nl_nosnap += pcap_fddipad; 893#endif 894 return; 895 896 case DLT_IEEE802: 897 /* 898 * Token Ring doesn't really have a link-level type field. 899 * We set "off_linktype" to the offset of the LLC header. 900 * 901 * To check for Ethernet types, we assume that SSAP = SNAP 902 * is being used and pick out the encapsulated Ethernet type. 903 * XXX - should we generate code to check for SNAP? 904 * 905 * XXX - the header is actually variable-length. 906 * Some various Linux patched versions gave 38 907 * as "off_linktype" and 40 as "off_nl"; however, 908 * if a token ring packet has *no* routing 909 * information, i.e. is not source-routed, the correct 910 * values are 20 and 22, as they are in the vanilla code. 911 * 912 * A packet is source-routed iff the uppermost bit 913 * of the first byte of the source address, at an 914 * offset of 8, has the uppermost bit set. If the 915 * packet is source-routed, the total number of bytes 916 * of routing information is 2 plus bits 0x1F00 of 917 * the 16-bit value at an offset of 14 (shifted right 918 * 8 - figure out which byte that is). 919 */ 920 off_linktype = 14; 921 off_nl = 22; /* Token Ring+802.2+SNAP */ 922 off_nl_nosnap = 17; /* Token Ring+802.2 */ 923 return; 924 925 case DLT_IEEE802_11: 926 /* 927 * 802.11 doesn't really have a link-level type field. 928 * We set "off_linktype" to the offset of the LLC header. 929 * 930 * To check for Ethernet types, we assume that SSAP = SNAP 931 * is being used and pick out the encapsulated Ethernet type. 932 * XXX - should we generate code to check for SNAP? 933 * 934 * XXX - the header is actually variable-length. We 935 * assume a 24-byte link-layer header, as appears in 936 * data frames in networks with no bridges. If the 937 * fromds and tods 802.11 header bits are both set, 938 * it's actually supposed to be 30 bytes. 939 */ 940 off_linktype = 24; 941 off_nl = 32; /* 802.11+802.2+SNAP */ 942 off_nl_nosnap = 27; /* 802.11+802.2 */ 943 return; 944 945 case DLT_PRISM_HEADER: 946 /* 947 * Same as 802.11, but with an additional header before 948 * the 802.11 header, containing a bunch of additional 949 * information including radio-level information. 950 * 951 * The header is 144 bytes long. 952 * 953 * XXX - same variable-length header problem; at least 954 * the Prism header is fixed-length. 955 */
|
| 956 off_ll = 144;
|
868 off_linktype = 144+24; 869 off_nl = 144+32; /* Prism+802.11+802.2+SNAP */ 870 off_nl_nosnap = 144+27; /* Prism+802.11+802.2 */ 871 return; 872 873 case DLT_IEEE802_11_RADIO_AVS: 874 /* 875 * Same as 802.11, but with an additional header before 876 * the 802.11 header, containing a bunch of additional 877 * information including radio-level information. 878 * 879 * The header is 64 bytes long, at least in its 880 * current incarnation. 881 * 882 * XXX - same variable-length header problem, only 883 * more so; this header is also variable-length, 884 * with the length being the 32-bit big-endian 885 * number at an offset of 4 from the beginning 886 * of the radio header. 887 */
| 957 off_linktype = 144+24; 958 off_nl = 144+32; /* Prism+802.11+802.2+SNAP */ 959 off_nl_nosnap = 144+27; /* Prism+802.11+802.2 */ 960 return; 961 962 case DLT_IEEE802_11_RADIO_AVS: 963 /* 964 * Same as 802.11, but with an additional header before 965 * the 802.11 header, containing a bunch of additional 966 * information including radio-level information. 967 * 968 * The header is 64 bytes long, at least in its 969 * current incarnation. 970 * 971 * XXX - same variable-length header problem, only 972 * more so; this header is also variable-length, 973 * with the length being the 32-bit big-endian 974 * number at an offset of 4 from the beginning 975 * of the radio header. 976 */
|
| 977 off_ll = 64;
|
888 off_linktype = 64+24; 889 off_nl = 64+32; /* Radio+802.11+802.2+SNAP */ 890 off_nl_nosnap = 64+27; /* Radio+802.11+802.2 */ 891 return; 892 893 case DLT_IEEE802_11_RADIO: 894 /* 895 * Same as 802.11, but with an additional header before 896 * the 802.11 header, containing a bunch of additional 897 * information including radio-level information. 898 *
| 978 off_linktype = 64+24; 979 off_nl = 64+32; /* Radio+802.11+802.2+SNAP */ 980 off_nl_nosnap = 64+27; /* Radio+802.11+802.2 */ 981 return; 982 983 case DLT_IEEE802_11_RADIO: 984 /* 985 * Same as 802.11, but with an additional header before 986 * the 802.11 header, containing a bunch of additional 987 * information including radio-level information. 988 *
|
899 * XXX - same variable-length header problem, only 900 * even *more* so; this header is also variable-length, 901 * with the length being the 16-bit number at an offset 902 * of 2 from the beginning of the radio header, and it's 903 * device-dependent (different devices might supply 904 * different amounts of information), so we can't even 905 * assume a fixed length for the current version of the 906 * header. 907 * 908 * Therefore, currently, only raw "link[N:M]" filtering is 909 * supported.
| 989 * The radiotap header is variable length, and we 990 * generate code to compute its length and store it 991 * in a register. These offsets are relative to the 992 * beginning of the 802.11 header.
|
910 */
| 993 */
|
911 off_linktype = -1; 912 off_nl = -1; 913 off_nl_nosnap = -1;
| 994 off_linktype = 24; 995 off_nl = 32; /* 802.11+802.2+SNAP */ 996 off_nl_nosnap = 27; /* 802.11+802.2 */
|
914 return; 915 916 case DLT_ATM_RFC1483: 917 case DLT_ATM_CLIP: /* Linux ATM defines this */ 918 /* 919 * assume routed, non-ISO PDUs 920 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00)
| 997 return; 998 999 case DLT_ATM_RFC1483: 1000 case DLT_ATM_CLIP: /* Linux ATM defines this */ 1001 /* 1002 * assume routed, non-ISO PDUs 1003 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00)
|
| 1004 * 1005 * XXX - what about ISO PDUs, e.g. CLNP, ISIS, ESIS, 1006 * or PPP with the PPP NLPID (e.g., PPPoA)? The 1007 * latter would presumably be treated the way PPPoE 1008 * should be, so you can do "pppoe and udp port 2049" 1009 * or "pppoa and tcp port 80" and have it check for 1010 * PPPo{A,E} and a PPP protocol of IP and....
|
921 */ 922 off_linktype = 0; 923 off_nl = 8; /* 802.2+SNAP */ 924 off_nl_nosnap = 3; /* 802.2 */ 925 return; 926 927 case DLT_SUNATM: 928 /* 929 * Full Frontal ATM; you get AALn PDUs with an ATM 930 * pseudo-header. 931 */ 932 is_atm = 1; 933 off_vpi = SUNATM_VPI_POS; 934 off_vci = SUNATM_VCI_POS; 935 off_proto = PROTO_POS; 936 off_mac = -1; /* LLC-encapsulated, so no MAC-layer header */ 937 off_payload = SUNATM_PKT_BEGIN_POS; 938 off_linktype = off_payload; 939 off_nl = off_payload+8; /* 802.2+SNAP */ 940 off_nl_nosnap = off_payload+3; /* 802.2 */ 941 return; 942 943 case DLT_RAW: 944 off_linktype = -1; 945 off_nl = 0; 946 off_nl_nosnap = 0; /* no 802.2 LLC */ 947 return; 948 949 case DLT_LINUX_SLL: /* fake header for Linux cooked socket */ 950 off_linktype = 14; 951 off_nl = 16; 952 off_nl_nosnap = 16; /* no 802.2 LLC */ 953 return; 954 955 case DLT_LTALK: 956 /* 957 * LocalTalk does have a 1-byte type field in the LLAP header, 958 * but really it just indicates whether there is a "short" or 959 * "long" DDP packet following. 960 */ 961 off_linktype = -1; 962 off_nl = 0; 963 off_nl_nosnap = 0; /* no 802.2 LLC */ 964 return; 965 966 case DLT_IP_OVER_FC: 967 /* 968 * RFC 2625 IP-over-Fibre-Channel doesn't really have a 969 * link-level type field. We set "off_linktype" to the 970 * offset of the LLC header. 971 * 972 * To check for Ethernet types, we assume that SSAP = SNAP 973 * is being used and pick out the encapsulated Ethernet type. 974 * XXX - should we generate code to check for SNAP? RFC 975 * 2625 says SNAP should be used. 976 */ 977 off_linktype = 16; 978 off_nl = 24; /* IPFC+802.2+SNAP */ 979 off_nl_nosnap = 19; /* IPFC+802.2 */ 980 return; 981 982 case DLT_FRELAY: 983 /* 984 * XXX - we should set this to handle SNAP-encapsulated 985 * frames (NLPID of 0x80). 986 */ 987 off_linktype = -1; 988 off_nl = 0; 989 off_nl_nosnap = 0; /* no 802.2 LLC */ 990 return; 991 992 case DLT_APPLE_IP_OVER_IEEE1394: 993 off_linktype = 16; 994 off_nl = 18;
| 1011 */ 1012 off_linktype = 0; 1013 off_nl = 8; /* 802.2+SNAP */ 1014 off_nl_nosnap = 3; /* 802.2 */ 1015 return; 1016 1017 case DLT_SUNATM: 1018 /* 1019 * Full Frontal ATM; you get AALn PDUs with an ATM 1020 * pseudo-header. 1021 */ 1022 is_atm = 1; 1023 off_vpi = SUNATM_VPI_POS; 1024 off_vci = SUNATM_VCI_POS; 1025 off_proto = PROTO_POS; 1026 off_mac = -1; /* LLC-encapsulated, so no MAC-layer header */ 1027 off_payload = SUNATM_PKT_BEGIN_POS; 1028 off_linktype = off_payload; 1029 off_nl = off_payload+8; /* 802.2+SNAP */ 1030 off_nl_nosnap = off_payload+3; /* 802.2 */ 1031 return; 1032 1033 case DLT_RAW: 1034 off_linktype = -1; 1035 off_nl = 0; 1036 off_nl_nosnap = 0; /* no 802.2 LLC */ 1037 return; 1038 1039 case DLT_LINUX_SLL: /* fake header for Linux cooked socket */ 1040 off_linktype = 14; 1041 off_nl = 16; 1042 off_nl_nosnap = 16; /* no 802.2 LLC */ 1043 return; 1044 1045 case DLT_LTALK: 1046 /* 1047 * LocalTalk does have a 1-byte type field in the LLAP header, 1048 * but really it just indicates whether there is a "short" or 1049 * "long" DDP packet following. 1050 */ 1051 off_linktype = -1; 1052 off_nl = 0; 1053 off_nl_nosnap = 0; /* no 802.2 LLC */ 1054 return; 1055 1056 case DLT_IP_OVER_FC: 1057 /* 1058 * RFC 2625 IP-over-Fibre-Channel doesn't really have a 1059 * link-level type field. We set "off_linktype" to the 1060 * offset of the LLC header. 1061 * 1062 * To check for Ethernet types, we assume that SSAP = SNAP 1063 * is being used and pick out the encapsulated Ethernet type. 1064 * XXX - should we generate code to check for SNAP? RFC 1065 * 2625 says SNAP should be used. 1066 */ 1067 off_linktype = 16; 1068 off_nl = 24; /* IPFC+802.2+SNAP */ 1069 off_nl_nosnap = 19; /* IPFC+802.2 */ 1070 return; 1071 1072 case DLT_FRELAY: 1073 /* 1074 * XXX - we should set this to handle SNAP-encapsulated 1075 * frames (NLPID of 0x80). 1076 */ 1077 off_linktype = -1; 1078 off_nl = 0; 1079 off_nl_nosnap = 0; /* no 802.2 LLC */ 1080 return; 1081 1082 case DLT_APPLE_IP_OVER_IEEE1394: 1083 off_linktype = 16; 1084 off_nl = 18;
|
995 off_nl_nosnap = 0; /* no 802.2 LLC */
| 1085 off_nl_nosnap = 18; /* no 802.2 LLC */
|
996 return; 997 998 case DLT_LINUX_IRDA: 999 /* 1000 * Currently, only raw "link[N:M]" filtering is supported. 1001 */ 1002 off_linktype = -1; 1003 off_nl = -1; 1004 off_nl_nosnap = -1; 1005 return; 1006 1007 case DLT_DOCSIS: 1008 /* 1009 * Currently, only raw "link[N:M]" filtering is supported. 1010 */ 1011 off_linktype = -1; 1012 off_nl = -1; 1013 off_nl_nosnap = -1; 1014 return; 1015 1016 case DLT_SYMANTEC_FIREWALL: 1017 off_linktype = 6; 1018 off_nl = 44; /* Ethernet II */ 1019 off_nl_nosnap = 44; /* XXX - what does it do with 802.3 packets? */ 1020 return; 1021 1022 case DLT_PFLOG: 1023 off_linktype = 0;
| 1086 return; 1087 1088 case DLT_LINUX_IRDA: 1089 /* 1090 * Currently, only raw "link[N:M]" filtering is supported. 1091 */ 1092 off_linktype = -1; 1093 off_nl = -1; 1094 off_nl_nosnap = -1; 1095 return; 1096 1097 case DLT_DOCSIS: 1098 /* 1099 * Currently, only raw "link[N:M]" filtering is supported. 1100 */ 1101 off_linktype = -1; 1102 off_nl = -1; 1103 off_nl_nosnap = -1; 1104 return; 1105 1106 case DLT_SYMANTEC_FIREWALL: 1107 off_linktype = 6; 1108 off_nl = 44; /* Ethernet II */ 1109 off_nl_nosnap = 44; /* XXX - what does it do with 802.3 packets? */ 1110 return; 1111 1112 case DLT_PFLOG: 1113 off_linktype = 0;
|
1024 /* XXX read from header? */
| 1114 /* XXX read this from pf.h? */
|
1025 off_nl = PFLOG_HDRLEN;
| 1115 off_nl = PFLOG_HDRLEN;
|
1026 off_nl_nosnap = PFLOG_HDRLEN;
| 1116 off_nl_nosnap = PFLOG_HDRLEN; /* no 802.2 LLC */
|
1027 return; 1028 1029 case DLT_JUNIPER_MLFR: 1030 case DLT_JUNIPER_MLPPP: 1031 off_linktype = 4; 1032 off_nl = 4;
| 1117 return; 1118 1119 case DLT_JUNIPER_MLFR: 1120 case DLT_JUNIPER_MLPPP: 1121 off_linktype = 4; 1122 off_nl = 4;
|
1033 off_nl_nosnap = -1;
| 1123 off_nl_nosnap = -1; /* no 802.2 LLC */
|
1034 return; 1035 1036 case DLT_JUNIPER_ATM1: 1037 off_linktype = 4; /* in reality variable between 4-8 */ 1038 off_nl = 4; 1039 off_nl_nosnap = 14; 1040 return; 1041 1042 case DLT_JUNIPER_ATM2: 1043 off_linktype = 8; /* in reality variable between 8-12 */ 1044 off_nl = 8; 1045 off_nl_nosnap = 18; 1046 return; 1047
| 1124 return; 1125 1126 case DLT_JUNIPER_ATM1: 1127 off_linktype = 4; /* in reality variable between 4-8 */ 1128 off_nl = 4; 1129 off_nl_nosnap = 14; 1130 return; 1131 1132 case DLT_JUNIPER_ATM2: 1133 off_linktype = 8; /* in reality variable between 8-12 */ 1134 off_nl = 8; 1135 off_nl_nosnap = 18; 1136 return; 1137
|
| 1138 /* frames captured on a Juniper PPPoE service PIC 1139 * contain raw ethernet frames */ 1140 case DLT_JUNIPER_PPPOE: 1141 off_linktype = 16; 1142 off_nl = 18; /* Ethernet II */ 1143 off_nl_nosnap = 21; /* 802.3+802.2 */ 1144 return; 1145 1146 case DLT_JUNIPER_PPPOE_ATM: 1147 off_linktype = 4; 1148 off_nl = 6; 1149 off_nl_nosnap = -1; /* no 802.2 LLC */ 1150 return; 1151 1152 case DLT_JUNIPER_GGSN: 1153 off_linktype = 6; 1154 off_nl = 12; 1155 off_nl_nosnap = -1; /* no 802.2 LLC */ 1156 return; 1157 1158 case DLT_JUNIPER_ES: 1159 off_linktype = 6; 1160 off_nl = -1; /* not really a network layer but raw IP adresses */ 1161 off_nl_nosnap = -1; /* no 802.2 LLC */ 1162 return; 1163 1164 case DLT_JUNIPER_MONITOR: 1165 off_linktype = 12; 1166 off_nl = 12; /* raw IP/IP6 header */ 1167 off_nl_nosnap = -1; /* no 802.2 LLC */ 1168 return; 1169 1170 case DLT_JUNIPER_SERVICES: 1171 off_linktype = 12; 1172 off_nl = -1; /* L3 proto location dep. on cookie type */ 1173 off_nl_nosnap = -1; /* no 802.2 LLC */ 1174 return; 1175 1176 case DLT_MTP2: 1177 off_sio = 3; 1178 off_opc = 4; 1179 off_dpc = 4; 1180 off_sls = 7; 1181 off_linktype = -1; 1182 off_nl = -1; 1183 off_nl_nosnap = -1; 1184 return; 1185
|
1048#ifdef DLT_PFSYNC 1049 case DLT_PFSYNC: 1050 off_linktype = -1; 1051 off_nl = 4; 1052 off_nl_nosnap = 4; 1053 return; 1054#endif
| 1186#ifdef DLT_PFSYNC 1187 case DLT_PFSYNC: 1188 off_linktype = -1; 1189 off_nl = 4; 1190 off_nl_nosnap = 4; 1191 return; 1192#endif
|
| 1193 1194 case DLT_LINUX_LAPD: 1195 /* 1196 * Currently, only raw "link[N:M]" filtering is supported. 1197 */ 1198 off_linktype = -1; 1199 off_nl = -1; 1200 off_nl_nosnap = -1; 1201 return;
|
1055 } 1056 bpf_error("unknown data link type %d", linktype); 1057 /* NOTREACHED */ 1058} 1059
| 1202 } 1203 bpf_error("unknown data link type %d", linktype); 1204 /* NOTREACHED */ 1205} 1206
|
| 1207/* 1208 * Load a value relative to the beginning of the link-layer header. 1209 * The link-layer header doesn't necessarily begin at the beginning 1210 * of the packet data; there might be a variable-length prefix containing 1211 * radio information. 1212 */ 1213static struct slist * 1214gen_load_llrel(offset, size) 1215 u_int offset, size; 1216{ 1217 struct slist *s, *s2; 1218 1219 s = gen_llprefixlen(); 1220 1221 /* 1222 * If "s" is non-null, it has code to arrange that the X register 1223 * contains the length of the prefix preceding the link-layer 1224 * header. 1225 */ 1226 if (s != NULL) { 1227 s2 = new_stmt(BPF_LD|BPF_IND|size); 1228 s2->s.k = offset; 1229 sappend(s, s2); 1230 } else { 1231 s = new_stmt(BPF_LD|BPF_ABS|size); 1232 s->s.k = offset; 1233 } 1234 return s; 1235} 1236 1237/* 1238 * Load a value relative to the beginning of the specified header. 1239 */ 1240static struct slist * 1241gen_load_a(offrel, offset, size) 1242 enum e_offrel offrel; 1243 u_int offset, size; 1244{ 1245 struct slist *s, *s2; 1246 1247 switch (offrel) { 1248 1249 case OR_PACKET: 1250 s = gen_load_llrel(offset, size); 1251 break; 1252 1253 case OR_LINK: 1254 s = gen_load_llrel(off_ll + offset, size); 1255 break; 1256 1257 case OR_NET: 1258 s = gen_load_llrel(off_nl + offset, size); 1259 break; 1260 1261 case OR_NET_NOSNAP: 1262 s = gen_load_llrel(off_nl_nosnap + offset, size); 1263 break; 1264 1265 case OR_TRAN_IPV4: 1266 /* 1267 * Load the X register with the length of the IPv4 header, 1268 * in bytes. 1269 */ 1270 s = gen_loadx_iphdrlen(); 1271 1272 /* 1273 * Load the item at {length of the link-layer header} + 1274 * {length of the IPv4 header} + {specified offset}. 1275 */ 1276 s2 = new_stmt(BPF_LD|BPF_IND|size); 1277 s2->s.k = off_nl + offset; 1278 sappend(s, s2); 1279 break; 1280 1281 case OR_TRAN_IPV6: 1282 s = gen_load_llrel(off_nl + 40 + offset, size); 1283 break; 1284 1285 default: 1286 abort(); 1287 return NULL; 1288 } 1289 return s; 1290} 1291 1292/* 1293 * Generate code to load into the X register the sum of the length of 1294 * the IPv4 header and any variable-length header preceding the link-layer 1295 * header. 1296 */ 1297static struct slist * 1298gen_loadx_iphdrlen() 1299{ 1300 struct slist *s, *s2; 1301 1302 s = gen_llprefixlen(); 1303 if (s != NULL) { 1304 /* 1305 * There's a variable-length prefix preceding the 1306 * link-layer header. "s" points to a list of statements 1307 * that put the length of that prefix into the X register. 1308 * The 4*([k]&0xf) addressing mode can't be used, as we 1309 * don't have a constant offset, so we have to load the 1310 * value in question into the A register and add to it 1311 * the value from the X register. 1312 */ 1313 s2 = new_stmt(BPF_LD|BPF_IND|BPF_B); 1314 s2->s.k = off_nl; 1315 sappend(s, s2); 1316 s2 = new_stmt(BPF_ALU|BPF_AND|BPF_K); 1317 s2->s.k = 0xf; 1318 sappend(s, s2); 1319 s2 = new_stmt(BPF_ALU|BPF_LSH|BPF_K); 1320 s2->s.k = 2; 1321 sappend(s, s2); 1322 1323 /* 1324 * The A register now contains the length of the 1325 * IP header. We need to add to it the length 1326 * of the prefix preceding the link-layer 1327 * header, which is still in the X register, and 1328 * move the result into the X register. 1329 */ 1330 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X)); 1331 sappend(s, new_stmt(BPF_MISC|BPF_TAX)); 1332 } else { 1333 /* 1334 * There is no variable-length header preceding the 1335 * link-layer header; if there's a fixed-length 1336 * header preceding it, its length is included in 1337 * the off_ variables, so it doesn't need to be added. 1338 */ 1339 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 1340 s->s.k = off_nl; 1341 } 1342 return s; 1343} 1344
|
1060static struct block * 1061gen_uncond(rsense) 1062 int rsense; 1063{ 1064 struct block *b; 1065 struct slist *s; 1066 1067 s = new_stmt(BPF_LD|BPF_IMM); 1068 s->s.k = !rsense; 1069 b = new_block(JMP(BPF_JEQ)); 1070 b->stmts = s; 1071 1072 return b; 1073} 1074 1075static inline struct block * 1076gen_true() 1077{ 1078 return gen_uncond(1); 1079} 1080 1081static inline struct block * 1082gen_false() 1083{ 1084 return gen_uncond(0); 1085} 1086 1087/* 1088 * Byte-swap a 32-bit number. 1089 * ("htonl()" or "ntohl()" won't work - we want to byte-swap even on 1090 * big-endian platforms.) 1091 */ 1092#define SWAPLONG(y) \ 1093((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff)) 1094
| 1345static struct block * 1346gen_uncond(rsense) 1347 int rsense; 1348{ 1349 struct block *b; 1350 struct slist *s; 1351 1352 s = new_stmt(BPF_LD|BPF_IMM); 1353 s->s.k = !rsense; 1354 b = new_block(JMP(BPF_JEQ)); 1355 b->stmts = s; 1356 1357 return b; 1358} 1359 1360static inline struct block * 1361gen_true() 1362{ 1363 return gen_uncond(1); 1364} 1365 1366static inline struct block * 1367gen_false() 1368{ 1369 return gen_uncond(0); 1370} 1371 1372/* 1373 * Byte-swap a 32-bit number. 1374 * ("htonl()" or "ntohl()" won't work - we want to byte-swap even on 1375 * big-endian platforms.) 1376 */ 1377#define SWAPLONG(y) \ 1378((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff)) 1379
|
| 1380/* 1381 * Generate code to match a particular packet type. 1382 * 1383 * "proto" is an Ethernet type value, if > ETHERMTU, or an LLC SAP 1384 * value, if <= ETHERMTU. We use that to determine whether to 1385 * match the type/length field or to check the type/length field for 1386 * a value <= ETHERMTU to see whether it's a type field and then do 1387 * the appropriate test. 1388 */
|
1095static struct block * 1096gen_ether_linktype(proto) 1097 register int proto; 1098{ 1099 struct block *b0, *b1; 1100 1101 switch (proto) { 1102 1103 case LLCSAP_ISONS:
| 1389static struct block * 1390gen_ether_linktype(proto) 1391 register int proto; 1392{ 1393 struct block *b0, *b1; 1394 1395 switch (proto) { 1396 1397 case LLCSAP_ISONS:
|
1104 /* 1105 * OSI protocols always use 802.2 encapsulation. 1106 * XXX - should we check both the DSAP and the 1107 * SSAP, like this, or should we check just the 1108 * DSAP? 1109 */ 1110 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 1111 gen_not(b0); 1112 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32) 1113 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS)); 1114 gen_and(b0, b1); 1115 return b1; 1116
| |
1117 case LLCSAP_IP:
| 1398 case LLCSAP_IP:
|
1118 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 1119 gen_not(b0); 1120 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32) 1121 ((LLCSAP_IP << 8) | LLCSAP_IP)); 1122 gen_and(b0, b1); 1123 return b1; 1124
| |
1125 case LLCSAP_NETBEUI: 1126 /*
| 1399 case LLCSAP_NETBEUI: 1400 /*
|
1127 * NetBEUI always uses 802.2 encapsulation.
| 1401 * OSI protocols and NetBEUI always use 802.2 encapsulation, 1402 * so we check the DSAP and SSAP. 1403 * 1404 * LLCSAP_IP checks for IP-over-802.2, rather 1405 * than IP-over-Ethernet or IP-over-SNAP. 1406 *
|
1128 * XXX - should we check both the DSAP and the 1129 * SSAP, like this, or should we check just the
| 1407 * XXX - should we check both the DSAP and the 1408 * SSAP, like this, or should we check just the
|
1130 * DSAP?
| 1409 * DSAP, as we do for other types <= ETHERMTU 1410 * (i.e., other SAP values)?
|
1131 */
| 1411 */
|
1132 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
| 1412 b0 = gen_cmp_gt(OR_LINK, off_linktype, BPF_H, ETHERMTU);
|
1133 gen_not(b0);
| 1413 gen_not(b0);
|
1134 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32) 1135 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
| 1414 b1 = gen_cmp(OR_LINK, off_linktype + 2, BPF_H, (bpf_int32) 1415 ((proto << 8) | proto));
|
1136 gen_and(b0, b1); 1137 return b1; 1138 1139 case LLCSAP_IPX: 1140 /* 1141 * Check for; 1142 * 1143 * Ethernet_II frames, which are Ethernet 1144 * frames with a frame type of ETHERTYPE_IPX; 1145 * 1146 * Ethernet_802.3 frames, which are 802.3 1147 * frames (i.e., the type/length field is 1148 * a length field, <= ETHERMTU, rather than 1149 * a type field) with the first two bytes 1150 * after the Ethernet/802.3 header being 1151 * 0xFFFF; 1152 * 1153 * Ethernet_802.2 frames, which are 802.3 1154 * frames with an 802.2 LLC header and 1155 * with the IPX LSAP as the DSAP in the LLC 1156 * header; 1157 * 1158 * Ethernet_SNAP frames, which are 802.3 1159 * frames with an LLC header and a SNAP 1160 * header and with an OUI of 0x000000 1161 * (encapsulated Ethernet) and a protocol 1162 * ID of ETHERTYPE_IPX in the SNAP header. 1163 * 1164 * XXX - should we generate the same code both 1165 * for tests for LLCSAP_IPX and for ETHERTYPE_IPX? 1166 */ 1167 1168 /* 1169 * This generates code to check both for the 1170 * IPX LSAP (Ethernet_802.2) and for Ethernet_802.3. 1171 */
| 1416 gen_and(b0, b1); 1417 return b1; 1418 1419 case LLCSAP_IPX: 1420 /* 1421 * Check for; 1422 * 1423 * Ethernet_II frames, which are Ethernet 1424 * frames with a frame type of ETHERTYPE_IPX; 1425 * 1426 * Ethernet_802.3 frames, which are 802.3 1427 * frames (i.e., the type/length field is 1428 * a length field, <= ETHERMTU, rather than 1429 * a type field) with the first two bytes 1430 * after the Ethernet/802.3 header being 1431 * 0xFFFF; 1432 * 1433 * Ethernet_802.2 frames, which are 802.3 1434 * frames with an 802.2 LLC header and 1435 * with the IPX LSAP as the DSAP in the LLC 1436 * header; 1437 * 1438 * Ethernet_SNAP frames, which are 802.3 1439 * frames with an LLC header and a SNAP 1440 * header and with an OUI of 0x000000 1441 * (encapsulated Ethernet) and a protocol 1442 * ID of ETHERTYPE_IPX in the SNAP header. 1443 * 1444 * XXX - should we generate the same code both 1445 * for tests for LLCSAP_IPX and for ETHERTYPE_IPX? 1446 */ 1447 1448 /* 1449 * This generates code to check both for the 1450 * IPX LSAP (Ethernet_802.2) and for Ethernet_802.3. 1451 */
|
1172 b0 = gen_cmp(off_linktype + 2, BPF_B, (bpf_int32)LLCSAP_IPX); 1173 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)0xFFFF);
| 1452 b0 = gen_cmp(OR_LINK, off_linktype + 2, BPF_B, 1453 (bpf_int32)LLCSAP_IPX); 1454 b1 = gen_cmp(OR_LINK, off_linktype + 2, BPF_H, 1455 (bpf_int32)0xFFFF);
|
1174 gen_or(b0, b1); 1175 1176 /* 1177 * Now we add code to check for SNAP frames with 1178 * ETHERTYPE_IPX, i.e. Ethernet_SNAP. 1179 */ 1180 b0 = gen_snap(0x000000, ETHERTYPE_IPX, 14); 1181 gen_or(b0, b1); 1182 1183 /* 1184 * Now we generate code to check for 802.3 1185 * frames in general. 1186 */
| 1456 gen_or(b0, b1); 1457 1458 /* 1459 * Now we add code to check for SNAP frames with 1460 * ETHERTYPE_IPX, i.e. Ethernet_SNAP. 1461 */ 1462 b0 = gen_snap(0x000000, ETHERTYPE_IPX, 14); 1463 gen_or(b0, b1); 1464 1465 /* 1466 * Now we generate code to check for 802.3 1467 * frames in general. 1468 */
|
1187 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
| 1469 b0 = gen_cmp_gt(OR_LINK, off_linktype, BPF_H, ETHERMTU);
|
1188 gen_not(b0); 1189 1190 /* 1191 * Now add the check for 802.3 frames before the 1192 * check for Ethernet_802.2 and Ethernet_802.3, 1193 * as those checks should only be done on 802.3 1194 * frames, not on Ethernet frames. 1195 */ 1196 gen_and(b0, b1); 1197 1198 /* 1199 * Now add the check for Ethernet_II frames, and 1200 * do that before checking for the other frame 1201 * types. 1202 */
| 1470 gen_not(b0); 1471 1472 /* 1473 * Now add the check for 802.3 frames before the 1474 * check for Ethernet_802.2 and Ethernet_802.3, 1475 * as those checks should only be done on 802.3 1476 * frames, not on Ethernet frames. 1477 */ 1478 gen_and(b0, b1); 1479 1480 /* 1481 * Now add the check for Ethernet_II frames, and 1482 * do that before checking for the other frame 1483 * types. 1484 */
|
1203 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)ETHERTYPE_IPX);
| 1485 b0 = gen_cmp(OR_LINK, off_linktype, BPF_H, 1486 (bpf_int32)ETHERTYPE_IPX);
|
1204 gen_or(b0, b1); 1205 return b1; 1206 1207 case ETHERTYPE_ATALK: 1208 case ETHERTYPE_AARP: 1209 /* 1210 * EtherTalk (AppleTalk protocols on Ethernet link 1211 * layer) may use 802.2 encapsulation. 1212 */ 1213 1214 /* 1215 * Check for 802.2 encapsulation (EtherTalk phase 2?); 1216 * we check for an Ethernet type field less than 1217 * 1500, which means it's an 802.3 length field. 1218 */
| 1487 gen_or(b0, b1); 1488 return b1; 1489 1490 case ETHERTYPE_ATALK: 1491 case ETHERTYPE_AARP: 1492 /* 1493 * EtherTalk (AppleTalk protocols on Ethernet link 1494 * layer) may use 802.2 encapsulation. 1495 */ 1496 1497 /* 1498 * Check for 802.2 encapsulation (EtherTalk phase 2?); 1499 * we check for an Ethernet type field less than 1500 * 1500, which means it's an 802.3 length field. 1501 */
|
1219 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
| 1502 b0 = gen_cmp_gt(OR_LINK, off_linktype, BPF_H, ETHERMTU);
|
1220 gen_not(b0); 1221 1222 /* 1223 * 802.2-encapsulated ETHERTYPE_ATALK packets are 1224 * SNAP packets with an organization code of 1225 * 0x080007 (Apple, for Appletalk) and a protocol 1226 * type of ETHERTYPE_ATALK (Appletalk). 1227 * 1228 * 802.2-encapsulated ETHERTYPE_AARP packets are 1229 * SNAP packets with an organization code of 1230 * 0x000000 (encapsulated Ethernet) and a protocol 1231 * type of ETHERTYPE_AARP (Appletalk ARP). 1232 */ 1233 if (proto == ETHERTYPE_ATALK) 1234 b1 = gen_snap(0x080007, ETHERTYPE_ATALK, 14); 1235 else /* proto == ETHERTYPE_AARP */ 1236 b1 = gen_snap(0x000000, ETHERTYPE_AARP, 14); 1237 gen_and(b0, b1); 1238 1239 /* 1240 * Check for Ethernet encapsulation (Ethertalk 1241 * phase 1?); we just check for the Ethernet 1242 * protocol type. 1243 */
| 1503 gen_not(b0); 1504 1505 /* 1506 * 802.2-encapsulated ETHERTYPE_ATALK packets are 1507 * SNAP packets with an organization code of 1508 * 0x080007 (Apple, for Appletalk) and a protocol 1509 * type of ETHERTYPE_ATALK (Appletalk). 1510 * 1511 * 802.2-encapsulated ETHERTYPE_AARP packets are 1512 * SNAP packets with an organization code of 1513 * 0x000000 (encapsulated Ethernet) and a protocol 1514 * type of ETHERTYPE_AARP (Appletalk ARP). 1515 */ 1516 if (proto == ETHERTYPE_ATALK) 1517 b1 = gen_snap(0x080007, ETHERTYPE_ATALK, 14); 1518 else /* proto == ETHERTYPE_AARP */ 1519 b1 = gen_snap(0x000000, ETHERTYPE_AARP, 14); 1520 gen_and(b0, b1); 1521 1522 /* 1523 * Check for Ethernet encapsulation (Ethertalk 1524 * phase 1?); we just check for the Ethernet 1525 * protocol type. 1526 */
|
1244 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
| 1527 b0 = gen_cmp(OR_LINK, off_linktype, BPF_H, (bpf_int32)proto);
|
1245 1246 gen_or(b0, b1); 1247 return b1; 1248 1249 default: 1250 if (proto <= ETHERMTU) { 1251 /* 1252 * This is an LLC SAP value, so the frames 1253 * that match would be 802.2 frames. 1254 * Check that the frame is an 802.2 frame 1255 * (i.e., that the length/type field is 1256 * a length field, <= ETHERMTU) and 1257 * then check the DSAP. 1258 */
| 1528 1529 gen_or(b0, b1); 1530 return b1; 1531 1532 default: 1533 if (proto <= ETHERMTU) { 1534 /* 1535 * This is an LLC SAP value, so the frames 1536 * that match would be 802.2 frames. 1537 * Check that the frame is an 802.2 frame 1538 * (i.e., that the length/type field is 1539 * a length field, <= ETHERMTU) and 1540 * then check the DSAP. 1541 */
|
1259 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
| 1542 b0 = gen_cmp_gt(OR_LINK, off_linktype, BPF_H, ETHERMTU);
|
1260 gen_not(b0);
| 1543 gen_not(b0);
|
1261 b1 = gen_cmp(off_linktype + 2, BPF_B, (bpf_int32)proto);
| 1544 b1 = gen_cmp(OR_LINK, off_linktype + 2, BPF_B, 1545 (bpf_int32)proto);
|
1262 gen_and(b0, b1); 1263 return b1; 1264 } else { 1265 /* 1266 * This is an Ethernet type, so compare 1267 * the length/type field with it (if 1268 * the frame is an 802.2 frame, the length 1269 * field will be <= ETHERMTU, and, as 1270 * "proto" is > ETHERMTU, this test 1271 * will fail and the frame won't match, 1272 * which is what we want). 1273 */
| 1546 gen_and(b0, b1); 1547 return b1; 1548 } else { 1549 /* 1550 * This is an Ethernet type, so compare 1551 * the length/type field with it (if 1552 * the frame is an 802.2 frame, the length 1553 * field will be <= ETHERMTU, and, as 1554 * "proto" is > ETHERMTU, this test 1555 * will fail and the frame won't match, 1556 * which is what we want). 1557 */
|
1274 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
| 1558 return gen_cmp(OR_LINK, off_linktype, BPF_H, 1559 (bpf_int32)proto);
|
1275 } 1276 } 1277} 1278
| 1560 } 1561 } 1562} 1563
|
| 1564/* 1565 * Generate code to match a particular packet type. 1566 * 1567 * "proto" is an Ethernet type value, if > ETHERMTU, or an LLC SAP 1568 * value, if <= ETHERMTU. We use that to determine whether to 1569 * match the type field or to check the type field for the special 1570 * LINUX_SLL_P_802_2 value and then do the appropriate test. 1571 */
|
1279static struct block * 1280gen_linux_sll_linktype(proto) 1281 register int proto; 1282{ 1283 struct block *b0, *b1; 1284 1285 switch (proto) { 1286
| 1572static struct block * 1573gen_linux_sll_linktype(proto) 1574 register int proto; 1575{ 1576 struct block *b0, *b1; 1577 1578 switch (proto) { 1579
|
1287 case LLCSAP_IP: 1288 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2); 1289 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32) 1290 ((LLCSAP_IP << 8) | LLCSAP_IP)); 1291 gen_and(b0, b1); 1292 return b1; 1293
| |
1294 case LLCSAP_ISONS:
| 1580 case LLCSAP_ISONS:
|
| 1581 case LLCSAP_IP: 1582 case LLCSAP_NETBEUI:
|
1295 /*
| 1583 /*
|
1296 * OSI protocols always use 802.2 encapsulation.
| 1584 * OSI protocols and NetBEUI always use 802.2 encapsulation, 1585 * so we check the DSAP and SSAP. 1586 * 1587 * LLCSAP_IP checks for IP-over-802.2, rather 1588 * than IP-over-Ethernet or IP-over-SNAP. 1589 *
|
1297 * XXX - should we check both the DSAP and the 1298 * SSAP, like this, or should we check just the
| 1590 * XXX - should we check both the DSAP and the 1591 * SSAP, like this, or should we check just the
|
1299 * DSAP?
| 1592 * DSAP, as we do for other types <= ETHERMTU 1593 * (i.e., other SAP values)?
|
1300 */
| 1594 */
|
1301 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2); 1302 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32) 1303 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
| 1595 b0 = gen_cmp(OR_LINK, off_linktype, BPF_H, LINUX_SLL_P_802_2); 1596 b1 = gen_cmp(OR_LINK, off_linktype + 2, BPF_H, (bpf_int32) 1597 ((proto << 8) | proto));
|
1304 gen_and(b0, b1); 1305 return b1; 1306
| 1598 gen_and(b0, b1); 1599 return b1; 1600
|
1307 case LLCSAP_NETBEUI: 1308 /* 1309 * NetBEUI always uses 802.2 encapsulation. 1310 * XXX - should we check both the DSAP and the 1311 * LSAP, like this, or should we check just the 1312 * DSAP? 1313 */ 1314 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2); 1315 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32) 1316 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI)); 1317 gen_and(b0, b1); 1318 return b1; 1319
| |
1320 case LLCSAP_IPX: 1321 /* 1322 * Ethernet_II frames, which are Ethernet 1323 * frames with a frame type of ETHERTYPE_IPX; 1324 * 1325 * Ethernet_802.3 frames, which have a frame 1326 * type of LINUX_SLL_P_802_3; 1327 * 1328 * Ethernet_802.2 frames, which are 802.3 1329 * frames with an 802.2 LLC header (i.e, have 1330 * a frame type of LINUX_SLL_P_802_2) and 1331 * with the IPX LSAP as the DSAP in the LLC 1332 * header; 1333 * 1334 * Ethernet_SNAP frames, which are 802.3 1335 * frames with an LLC header and a SNAP 1336 * header and with an OUI of 0x000000 1337 * (encapsulated Ethernet) and a protocol 1338 * ID of ETHERTYPE_IPX in the SNAP header. 1339 * 1340 * First, do the checks on LINUX_SLL_P_802_2 1341 * frames; generate the check for either 1342 * Ethernet_802.2 or Ethernet_SNAP frames, and 1343 * then put a check for LINUX_SLL_P_802_2 frames 1344 * before it. 1345 */
| 1601 case LLCSAP_IPX: 1602 /* 1603 * Ethernet_II frames, which are Ethernet 1604 * frames with a frame type of ETHERTYPE_IPX; 1605 * 1606 * Ethernet_802.3 frames, which have a frame 1607 * type of LINUX_SLL_P_802_3; 1608 * 1609 * Ethernet_802.2 frames, which are 802.3 1610 * frames with an 802.2 LLC header (i.e, have 1611 * a frame type of LINUX_SLL_P_802_2) and 1612 * with the IPX LSAP as the DSAP in the LLC 1613 * header; 1614 * 1615 * Ethernet_SNAP frames, which are 802.3 1616 * frames with an LLC header and a SNAP 1617 * header and with an OUI of 0x000000 1618 * (encapsulated Ethernet) and a protocol 1619 * ID of ETHERTYPE_IPX in the SNAP header. 1620 * 1621 * First, do the checks on LINUX_SLL_P_802_2 1622 * frames; generate the check for either 1623 * Ethernet_802.2 or Ethernet_SNAP frames, and 1624 * then put a check for LINUX_SLL_P_802_2 frames 1625 * before it. 1626 */
|
1346 b0 = gen_cmp(off_linktype + 2, BPF_B,
| 1627 b0 = gen_cmp(OR_LINK, off_linktype + 2, BPF_B,
|
1347 (bpf_int32)LLCSAP_IPX); 1348 b1 = gen_snap(0x000000, ETHERTYPE_IPX, 1349 off_linktype + 2); 1350 gen_or(b0, b1);
| 1628 (bpf_int32)LLCSAP_IPX); 1629 b1 = gen_snap(0x000000, ETHERTYPE_IPX, 1630 off_linktype + 2); 1631 gen_or(b0, b1);
|
1351 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
| 1632 b0 = gen_cmp(OR_LINK, off_linktype, BPF_H, LINUX_SLL_P_802_2);
|
1352 gen_and(b0, b1); 1353 1354 /* 1355 * Now check for 802.3 frames and OR that with 1356 * the previous test. 1357 */
| 1633 gen_and(b0, b1); 1634 1635 /* 1636 * Now check for 802.3 frames and OR that with 1637 * the previous test. 1638 */
|
1358 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_3);
| 1639 b0 = gen_cmp(OR_LINK, off_linktype, BPF_H, LINUX_SLL_P_802_3);
|
1359 gen_or(b0, b1); 1360 1361 /* 1362 * Now add the check for Ethernet_II frames, and 1363 * do that before checking for the other frame 1364 * types. 1365 */
| 1640 gen_or(b0, b1); 1641 1642 /* 1643 * Now add the check for Ethernet_II frames, and 1644 * do that before checking for the other frame 1645 * types. 1646 */
|
1366 b0 = gen_cmp(off_linktype, BPF_H,
| 1647 b0 = gen_cmp(OR_LINK, off_linktype, BPF_H,
|
1367 (bpf_int32)ETHERTYPE_IPX); 1368 gen_or(b0, b1); 1369 return b1; 1370 1371 case ETHERTYPE_ATALK: 1372 case ETHERTYPE_AARP: 1373 /* 1374 * EtherTalk (AppleTalk protocols on Ethernet link 1375 * layer) may use 802.2 encapsulation. 1376 */ 1377 1378 /* 1379 * Check for 802.2 encapsulation (EtherTalk phase 2?); 1380 * we check for the 802.2 protocol type in the 1381 * "Ethernet type" field. 1382 */
| 1648 (bpf_int32)ETHERTYPE_IPX); 1649 gen_or(b0, b1); 1650 return b1; 1651 1652 case ETHERTYPE_ATALK: 1653 case ETHERTYPE_AARP: 1654 /* 1655 * EtherTalk (AppleTalk protocols on Ethernet link 1656 * layer) may use 802.2 encapsulation. 1657 */ 1658 1659 /* 1660 * Check for 802.2 encapsulation (EtherTalk phase 2?); 1661 * we check for the 802.2 protocol type in the 1662 * "Ethernet type" field. 1663 */
|
1383 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
| 1664 b0 = gen_cmp(OR_LINK, off_linktype, BPF_H, LINUX_SLL_P_802_2);
|
1384 1385 /* 1386 * 802.2-encapsulated ETHERTYPE_ATALK packets are 1387 * SNAP packets with an organization code of 1388 * 0x080007 (Apple, for Appletalk) and a protocol 1389 * type of ETHERTYPE_ATALK (Appletalk). 1390 * 1391 * 802.2-encapsulated ETHERTYPE_AARP packets are 1392 * SNAP packets with an organization code of 1393 * 0x000000 (encapsulated Ethernet) and a protocol 1394 * type of ETHERTYPE_AARP (Appletalk ARP). 1395 */ 1396 if (proto == ETHERTYPE_ATALK) 1397 b1 = gen_snap(0x080007, ETHERTYPE_ATALK, 1398 off_linktype + 2); 1399 else /* proto == ETHERTYPE_AARP */ 1400 b1 = gen_snap(0x000000, ETHERTYPE_AARP, 1401 off_linktype + 2); 1402 gen_and(b0, b1); 1403 1404 /* 1405 * Check for Ethernet encapsulation (Ethertalk 1406 * phase 1?); we just check for the Ethernet 1407 * protocol type. 1408 */
| 1665 1666 /* 1667 * 802.2-encapsulated ETHERTYPE_ATALK packets are 1668 * SNAP packets with an organization code of 1669 * 0x080007 (Apple, for Appletalk) and a protocol 1670 * type of ETHERTYPE_ATALK (Appletalk). 1671 * 1672 * 802.2-encapsulated ETHERTYPE_AARP packets are 1673 * SNAP packets with an organization code of 1674 * 0x000000 (encapsulated Ethernet) and a protocol 1675 * type of ETHERTYPE_AARP (Appletalk ARP). 1676 */ 1677 if (proto == ETHERTYPE_ATALK) 1678 b1 = gen_snap(0x080007, ETHERTYPE_ATALK, 1679 off_linktype + 2); 1680 else /* proto == ETHERTYPE_AARP */ 1681 b1 = gen_snap(0x000000, ETHERTYPE_AARP, 1682 off_linktype + 2); 1683 gen_and(b0, b1); 1684 1685 /* 1686 * Check for Ethernet encapsulation (Ethertalk 1687 * phase 1?); we just check for the Ethernet 1688 * protocol type. 1689 */
|
1409 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
| 1690 b0 = gen_cmp(OR_LINK, off_linktype, BPF_H, (bpf_int32)proto);
|
1410 1411 gen_or(b0, b1); 1412 return b1; 1413 1414 default: 1415 if (proto <= ETHERMTU) { 1416 /* 1417 * This is an LLC SAP value, so the frames 1418 * that match would be 802.2 frames. 1419 * Check for the 802.2 protocol type 1420 * in the "Ethernet type" field, and 1421 * then check the DSAP. 1422 */
| 1691 1692 gen_or(b0, b1); 1693 return b1; 1694 1695 default: 1696 if (proto <= ETHERMTU) { 1697 /* 1698 * This is an LLC SAP value, so the frames 1699 * that match would be 802.2 frames. 1700 * Check for the 802.2 protocol type 1701 * in the "Ethernet type" field, and 1702 * then check the DSAP. 1703 */
|
1423 b0 = gen_cmp(off_linktype, BPF_H,
| 1704 b0 = gen_cmp(OR_LINK, off_linktype, BPF_H,
|
1424 LINUX_SLL_P_802_2);
| 1705 LINUX_SLL_P_802_2);
|
1425 b1 = gen_cmp(off_linktype + 2, BPF_B,
| 1706 b1 = gen_cmp(OR_LINK, off_linktype + 2, BPF_B,
|
1426 (bpf_int32)proto); 1427 gen_and(b0, b1); 1428 return b1; 1429 } else { 1430 /* 1431 * This is an Ethernet type, so compare 1432 * the length/type field with it (if 1433 * the frame is an 802.2 frame, the length 1434 * field will be <= ETHERMTU, and, as 1435 * "proto" is > ETHERMTU, this test 1436 * will fail and the frame won't match, 1437 * which is what we want). 1438 */
| 1707 (bpf_int32)proto); 1708 gen_and(b0, b1); 1709 return b1; 1710 } else { 1711 /* 1712 * This is an Ethernet type, so compare 1713 * the length/type field with it (if 1714 * the frame is an 802.2 frame, the length 1715 * field will be <= ETHERMTU, and, as 1716 * "proto" is > ETHERMTU, this test 1717 * will fail and the frame won't match, 1718 * which is what we want). 1719 */
|
1439 return gen_cmp(off_linktype, BPF_H,
| 1720 return gen_cmp(OR_LINK, off_linktype, BPF_H,
|
1440 (bpf_int32)proto); 1441 } 1442 } 1443} 1444
| 1721 (bpf_int32)proto); 1722 } 1723 } 1724} 1725
|
| 1726static void 1727insert_radiotap_load_llprefixlen(b) 1728 struct block *b; 1729{ 1730 struct slist *s1, *s2; 1731 1732 /* 1733 * Prepend to the statements in this block code to load the 1734 * length of the radiotap header into the register assigned 1735 * to hold that length, if one has been assigned. 1736 */ 1737 if (reg_ll_size != -1) { 1738 /* 1739 * The 2 bytes at offsets of 2 and 3 from the beginning 1740 * of the radiotap header are the length of the radiotap 1741 * header; unfortunately, it's little-endian, so we have 1742 * to load it a byte at a time and construct the value. 1743 */ 1744 1745 /* 1746 * Load the high-order byte, at an offset of 3, shift it 1747 * left a byte, and put the result in the X register. 1748 */ 1749 s1 = new_stmt(BPF_LD|BPF_B|BPF_ABS); 1750 s1->s.k = 3; 1751 s2 = new_stmt(BPF_ALU|BPF_LSH|BPF_K); 1752 sappend(s1, s2); 1753 s2->s.k = 8; 1754 s2 = new_stmt(BPF_MISC|BPF_TAX); 1755 sappend(s1, s2); 1756 1757 /* 1758 * Load the next byte, at an offset of 2, and OR the 1759 * value from the X register into it. 1760 */ 1761 s2 = new_stmt(BPF_LD|BPF_B|BPF_ABS); 1762 sappend(s1, s2); 1763 s2->s.k = 2; 1764 s2 = new_stmt(BPF_ALU|BPF_OR|BPF_X); 1765 sappend(s1, s2); 1766 1767 /* 1768 * Now allocate a register to hold that value and store 1769 * it. 1770 */ 1771 s2 = new_stmt(BPF_ST); 1772 s2->s.k = reg_ll_size; 1773 sappend(s1, s2); 1774 1775 /* 1776 * Now move it into the X register. 1777 */ 1778 s2 = new_stmt(BPF_MISC|BPF_TAX); 1779 sappend(s1, s2); 1780 1781 /* 1782 * Now append all the existing statements in this 1783 * block to these statements. 1784 */ 1785 sappend(s1, b->stmts); 1786 b->stmts = s1; 1787 } 1788} 1789 1790 1791static void 1792insert_load_llprefixlen(b) 1793 struct block *b; 1794{ 1795 switch (linktype) { 1796 1797 case DLT_IEEE802_11_RADIO: 1798 insert_radiotap_load_llprefixlen(b); 1799 } 1800} 1801 1802 1803static struct slist * 1804gen_radiotap_llprefixlen(void) 1805{ 1806 struct slist *s; 1807 1808 if (reg_ll_size == -1) { 1809 /* 1810 * We haven't yet assigned a register for the length 1811 * of the radiotap header; allocate one. 1812 */ 1813 reg_ll_size = alloc_reg(); 1814 } 1815 1816 /* 1817 * Load the register containing the radiotap length 1818 * into the X register. 1819 */ 1820 s = new_stmt(BPF_LDX|BPF_MEM); 1821 s->s.k = reg_ll_size; 1822 return s; 1823} 1824 1825/* 1826 * Generate code to compute the link-layer header length, if necessary, 1827 * putting it into the X register, and to return either a pointer to a 1828 * "struct slist" for the list of statements in that code, or NULL if 1829 * no code is necessary. 1830 */ 1831static struct slist * 1832gen_llprefixlen(void) 1833{ 1834 switch (linktype) { 1835 1836 case DLT_IEEE802_11_RADIO: 1837 return gen_radiotap_llprefixlen(); 1838 1839 default: 1840 return NULL; 1841 } 1842} 1843 1844/* 1845 * Generate code to match a particular packet type by matching the 1846 * link-layer type field or fields in the 802.2 LLC header. 1847 * 1848 * "proto" is an Ethernet type value, if > ETHERMTU, or an LLC SAP 1849 * value, if <= ETHERMTU. 1850 */
|
1445static struct block * 1446gen_linktype(proto) 1447 register int proto; 1448{ 1449 struct block *b0, *b1, *b2; 1450 1451 switch (linktype) { 1452 1453 case DLT_EN10MB: 1454 return gen_ether_linktype(proto); 1455 /*NOTREACHED*/ 1456 break; 1457 1458 case DLT_C_HDLC: 1459 switch (proto) { 1460 1461 case LLCSAP_ISONS: 1462 proto = (proto << 8 | LLCSAP_ISONS); 1463 /* fall through */ 1464 1465 default:
| 1851static struct block * 1852gen_linktype(proto) 1853 register int proto; 1854{ 1855 struct block *b0, *b1, *b2; 1856 1857 switch (linktype) { 1858 1859 case DLT_EN10MB: 1860 return gen_ether_linktype(proto); 1861 /*NOTREACHED*/ 1862 break; 1863 1864 case DLT_C_HDLC: 1865 switch (proto) { 1866 1867 case LLCSAP_ISONS: 1868 proto = (proto << 8 | LLCSAP_ISONS); 1869 /* fall through */ 1870 1871 default:
|
1466 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
| 1872 return gen_cmp(OR_LINK, off_linktype, BPF_H, 1873 (bpf_int32)proto);
|
1467 /*NOTREACHED*/ 1468 break; 1469 } 1470 break; 1471
| 1874 /*NOTREACHED*/ 1875 break; 1876 } 1877 break; 1878
|
1472 case DLT_IEEE802_11: 1473 case DLT_PRISM_HEADER: 1474 case DLT_IEEE802_11_RADIO:
| |
1475 case DLT_FDDI: 1476 case DLT_IEEE802:
| 1879 case DLT_FDDI: 1880 case DLT_IEEE802:
|
| 1881 case DLT_IEEE802_11: 1882 case DLT_IEEE802_11_RADIO_AVS: 1883 case DLT_IEEE802_11_RADIO: 1884 case DLT_PRISM_HEADER:
|
1477 case DLT_ATM_RFC1483: 1478 case DLT_ATM_CLIP: 1479 case DLT_IP_OVER_FC:
| 1885 case DLT_ATM_RFC1483: 1886 case DLT_ATM_CLIP: 1887 case DLT_IP_OVER_FC:
|
1480 return gen_llc(proto);
| 1888 return gen_llc_linktype(proto);
|
1481 /*NOTREACHED*/ 1482 break; 1483 1484 case DLT_SUNATM: 1485 /* 1486 * If "is_lane" is set, check for a LANE-encapsulated 1487 * version of this protocol, otherwise check for an 1488 * LLC-encapsulated version of this protocol. 1489 * 1490 * We assume LANE means Ethernet, not Token Ring. 1491 */ 1492 if (is_lane) { 1493 /* 1494 * Check that the packet doesn't begin with an 1495 * LE Control marker. (We've already generated 1496 * a test for LANE.) 1497 */
| 1889 /*NOTREACHED*/ 1890 break; 1891 1892 case DLT_SUNATM: 1893 /* 1894 * If "is_lane" is set, check for a LANE-encapsulated 1895 * version of this protocol, otherwise check for an 1896 * LLC-encapsulated version of this protocol. 1897 * 1898 * We assume LANE means Ethernet, not Token Ring. 1899 */ 1900 if (is_lane) { 1901 /* 1902 * Check that the packet doesn't begin with an 1903 * LE Control marker. (We've already generated 1904 * a test for LANE.) 1905 */
|
1498 b0 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
| 1906 b0 = gen_cmp(OR_LINK, SUNATM_PKT_BEGIN_POS, BPF_H, 1907 0xFF00);
|
1499 gen_not(b0); 1500 1501 /* 1502 * Now generate an Ethernet test. 1503 */ 1504 b1 = gen_ether_linktype(proto); 1505 gen_and(b0, b1); 1506 return b1; 1507 } else { 1508 /* 1509 * Check for LLC encapsulation and then check the 1510 * protocol. 1511 */ 1512 b0 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0);
| 1908 gen_not(b0); 1909 1910 /* 1911 * Now generate an Ethernet test. 1912 */ 1913 b1 = gen_ether_linktype(proto); 1914 gen_and(b0, b1); 1915 return b1; 1916 } else { 1917 /* 1918 * Check for LLC encapsulation and then check the 1919 * protocol. 1920 */ 1921 b0 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0);
|
1513 b1 = gen_llc(proto);
| 1922 b1 = gen_llc_linktype(proto);
|
1514 gen_and(b0, b1); 1515 return b1; 1516 }
| 1923 gen_and(b0, b1); 1924 return b1; 1925 }
|
| 1926 /*NOTREACHED*/ 1927 break;
|
1517 1518 case DLT_LINUX_SLL: 1519 return gen_linux_sll_linktype(proto); 1520 /*NOTREACHED*/ 1521 break; 1522 1523 case DLT_SLIP: 1524 case DLT_SLIP_BSDOS: 1525 case DLT_RAW: 1526 /* 1527 * These types don't provide any type field; packets 1528 * are always IP. 1529 * 1530 * XXX - for IPv4, check for a version number of 4, and, 1531 * for IPv6, check for a version number of 6? 1532 */ 1533 switch (proto) { 1534 1535 case ETHERTYPE_IP: 1536#ifdef INET6 1537 case ETHERTYPE_IPV6: 1538#endif 1539 return gen_true(); /* always true */ 1540 1541 default: 1542 return gen_false(); /* always false */ 1543 } 1544 /*NOTREACHED*/ 1545 break; 1546 1547 case DLT_PPP: 1548 case DLT_PPP_PPPD: 1549 case DLT_PPP_SERIAL: 1550 case DLT_PPP_ETHER: 1551 /* 1552 * We use Ethernet protocol types inside libpcap; 1553 * map them to the corresponding PPP protocol types. 1554 */ 1555 switch (proto) { 1556 1557 case ETHERTYPE_IP: 1558 proto = PPP_IP; 1559 break; 1560 1561#ifdef INET6 1562 case ETHERTYPE_IPV6: 1563 proto = PPP_IPV6; 1564 break; 1565#endif 1566 1567 case ETHERTYPE_DN: 1568 proto = PPP_DECNET; 1569 break; 1570 1571 case ETHERTYPE_ATALK: 1572 proto = PPP_APPLE; 1573 break; 1574 1575 case ETHERTYPE_NS: 1576 proto = PPP_NS; 1577 break; 1578 1579 case LLCSAP_ISONS: 1580 proto = PPP_OSI; 1581 break; 1582 1583 case LLCSAP_8021D: 1584 /* 1585 * I'm assuming the "Bridging PDU"s that go 1586 * over PPP are Spanning Tree Protocol 1587 * Bridging PDUs. 1588 */ 1589 proto = PPP_BRPDU; 1590 break; 1591 1592 case LLCSAP_IPX: 1593 proto = PPP_IPX; 1594 break; 1595 } 1596 break; 1597 1598 case DLT_PPP_BSDOS: 1599 /* 1600 * We use Ethernet protocol types inside libpcap; 1601 * map them to the corresponding PPP protocol types. 1602 */ 1603 switch (proto) { 1604 1605 case ETHERTYPE_IP:
| 1928 1929 case DLT_LINUX_SLL: 1930 return gen_linux_sll_linktype(proto); 1931 /*NOTREACHED*/ 1932 break; 1933 1934 case DLT_SLIP: 1935 case DLT_SLIP_BSDOS: 1936 case DLT_RAW: 1937 /* 1938 * These types don't provide any type field; packets 1939 * are always IP. 1940 * 1941 * XXX - for IPv4, check for a version number of 4, and, 1942 * for IPv6, check for a version number of 6? 1943 */ 1944 switch (proto) { 1945 1946 case ETHERTYPE_IP: 1947#ifdef INET6 1948 case ETHERTYPE_IPV6: 1949#endif 1950 return gen_true(); /* always true */ 1951 1952 default: 1953 return gen_false(); /* always false */ 1954 } 1955 /*NOTREACHED*/ 1956 break; 1957 1958 case DLT_PPP: 1959 case DLT_PPP_PPPD: 1960 case DLT_PPP_SERIAL: 1961 case DLT_PPP_ETHER: 1962 /* 1963 * We use Ethernet protocol types inside libpcap; 1964 * map them to the corresponding PPP protocol types. 1965 */ 1966 switch (proto) { 1967 1968 case ETHERTYPE_IP: 1969 proto = PPP_IP; 1970 break; 1971 1972#ifdef INET6 1973 case ETHERTYPE_IPV6: 1974 proto = PPP_IPV6; 1975 break; 1976#endif 1977 1978 case ETHERTYPE_DN: 1979 proto = PPP_DECNET; 1980 break; 1981 1982 case ETHERTYPE_ATALK: 1983 proto = PPP_APPLE; 1984 break; 1985 1986 case ETHERTYPE_NS: 1987 proto = PPP_NS; 1988 break; 1989 1990 case LLCSAP_ISONS: 1991 proto = PPP_OSI; 1992 break; 1993 1994 case LLCSAP_8021D: 1995 /* 1996 * I'm assuming the "Bridging PDU"s that go 1997 * over PPP are Spanning Tree Protocol 1998 * Bridging PDUs. 1999 */ 2000 proto = PPP_BRPDU; 2001 break; 2002 2003 case LLCSAP_IPX: 2004 proto = PPP_IPX; 2005 break; 2006 } 2007 break; 2008 2009 case DLT_PPP_BSDOS: 2010 /* 2011 * We use Ethernet protocol types inside libpcap; 2012 * map them to the corresponding PPP protocol types. 2013 */ 2014 switch (proto) { 2015 2016 case ETHERTYPE_IP:
|
1606 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP); 1607 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC);
| 2017 b0 = gen_cmp(OR_LINK, off_linktype, BPF_H, PPP_IP); 2018 b1 = gen_cmp(OR_LINK, off_linktype, BPF_H, PPP_VJC);
|
1608 gen_or(b0, b1);
| 2019 gen_or(b0, b1);
|
1609 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC);
| 2020 b0 = gen_cmp(OR_LINK, off_linktype, BPF_H, PPP_VJNC);
|
1610 gen_or(b1, b0); 1611 return b0; 1612 1613#ifdef INET6 1614 case ETHERTYPE_IPV6: 1615 proto = PPP_IPV6; 1616 /* more to go? */ 1617 break; 1618#endif 1619 1620 case ETHERTYPE_DN: 1621 proto = PPP_DECNET; 1622 break; 1623 1624 case ETHERTYPE_ATALK: 1625 proto = PPP_APPLE; 1626 break; 1627 1628 case ETHERTYPE_NS: 1629 proto = PPP_NS; 1630 break; 1631 1632 case LLCSAP_ISONS: 1633 proto = PPP_OSI; 1634 break; 1635 1636 case LLCSAP_8021D: 1637 /* 1638 * I'm assuming the "Bridging PDU"s that go 1639 * over PPP are Spanning Tree Protocol 1640 * Bridging PDUs. 1641 */ 1642 proto = PPP_BRPDU; 1643 break; 1644 1645 case LLCSAP_IPX: 1646 proto = PPP_IPX; 1647 break; 1648 } 1649 break; 1650 1651 case DLT_NULL: 1652 case DLT_LOOP: 1653 case DLT_ENC: 1654 /* 1655 * For DLT_NULL, the link-layer header is a 32-bit 1656 * word containing an AF_ value in *host* byte order, 1657 * and for DLT_ENC, the link-layer header begins 1658 * with a 32-bit work containing an AF_ value in 1659 * host byte order. 1660 * 1661 * In addition, if we're reading a saved capture file, 1662 * the host byte order in the capture may not be the 1663 * same as the host byte order on this machine. 1664 * 1665 * For DLT_LOOP, the link-layer header is a 32-bit 1666 * word containing an AF_ value in *network* byte order. 1667 * 1668 * XXX - AF_ values may, unfortunately, be platform- 1669 * dependent; for example, FreeBSD's AF_INET6 is 24 1670 * whilst NetBSD's and OpenBSD's is 26. 1671 * 1672 * This means that, when reading a capture file, just 1673 * checking for our AF_INET6 value won't work if the 1674 * capture file came from another OS. 1675 */ 1676 switch (proto) { 1677 1678 case ETHERTYPE_IP: 1679 proto = AF_INET; 1680 break; 1681 1682#ifdef INET6 1683 case ETHERTYPE_IPV6: 1684 proto = AF_INET6; 1685 break; 1686#endif 1687 1688 default: 1689 /* 1690 * Not a type on which we support filtering. 1691 * XXX - support those that have AF_ values 1692 * #defined on this platform, at least? 1693 */ 1694 return gen_false(); 1695 } 1696 1697 if (linktype == DLT_NULL || linktype == DLT_ENC) { 1698 /* 1699 * The AF_ value is in host byte order, but 1700 * the BPF interpreter will convert it to 1701 * network byte order. 1702 * 1703 * If this is a save file, and it's from a 1704 * machine with the opposite byte order to 1705 * ours, we byte-swap the AF_ value. 1706 * 1707 * Then we run it through "htonl()", and 1708 * generate code to compare against the result. 1709 */ 1710 if (bpf_pcap->sf.rfile != NULL && 1711 bpf_pcap->sf.swapped) 1712 proto = SWAPLONG(proto); 1713 proto = htonl(proto); 1714 }
| 2021 gen_or(b1, b0); 2022 return b0; 2023 2024#ifdef INET6 2025 case ETHERTYPE_IPV6: 2026 proto = PPP_IPV6; 2027 /* more to go? */ 2028 break; 2029#endif 2030 2031 case ETHERTYPE_DN: 2032 proto = PPP_DECNET; 2033 break; 2034 2035 case ETHERTYPE_ATALK: 2036 proto = PPP_APPLE; 2037 break; 2038 2039 case ETHERTYPE_NS: 2040 proto = PPP_NS; 2041 break; 2042 2043 case LLCSAP_ISONS: 2044 proto = PPP_OSI; 2045 break; 2046 2047 case LLCSAP_8021D: 2048 /* 2049 * I'm assuming the "Bridging PDU"s that go 2050 * over PPP are Spanning Tree Protocol 2051 * Bridging PDUs. 2052 */ 2053 proto = PPP_BRPDU; 2054 break; 2055 2056 case LLCSAP_IPX: 2057 proto = PPP_IPX; 2058 break; 2059 } 2060 break; 2061 2062 case DLT_NULL: 2063 case DLT_LOOP: 2064 case DLT_ENC: 2065 /* 2066 * For DLT_NULL, the link-layer header is a 32-bit 2067 * word containing an AF_ value in *host* byte order, 2068 * and for DLT_ENC, the link-layer header begins 2069 * with a 32-bit work containing an AF_ value in 2070 * host byte order. 2071 * 2072 * In addition, if we're reading a saved capture file, 2073 * the host byte order in the capture may not be the 2074 * same as the host byte order on this machine. 2075 * 2076 * For DLT_LOOP, the link-layer header is a 32-bit 2077 * word containing an AF_ value in *network* byte order. 2078 * 2079 * XXX - AF_ values may, unfortunately, be platform- 2080 * dependent; for example, FreeBSD's AF_INET6 is 24 2081 * whilst NetBSD's and OpenBSD's is 26. 2082 * 2083 * This means that, when reading a capture file, just 2084 * checking for our AF_INET6 value won't work if the 2085 * capture file came from another OS. 2086 */ 2087 switch (proto) { 2088 2089 case ETHERTYPE_IP: 2090 proto = AF_INET; 2091 break; 2092 2093#ifdef INET6 2094 case ETHERTYPE_IPV6: 2095 proto = AF_INET6; 2096 break; 2097#endif 2098 2099 default: 2100 /* 2101 * Not a type on which we support filtering. 2102 * XXX - support those that have AF_ values 2103 * #defined on this platform, at least? 2104 */ 2105 return gen_false(); 2106 } 2107 2108 if (linktype == DLT_NULL || linktype == DLT_ENC) { 2109 /* 2110 * The AF_ value is in host byte order, but 2111 * the BPF interpreter will convert it to 2112 * network byte order. 2113 * 2114 * If this is a save file, and it's from a 2115 * machine with the opposite byte order to 2116 * ours, we byte-swap the AF_ value. 2117 * 2118 * Then we run it through "htonl()", and 2119 * generate code to compare against the result. 2120 */ 2121 if (bpf_pcap->sf.rfile != NULL && 2122 bpf_pcap->sf.swapped) 2123 proto = SWAPLONG(proto); 2124 proto = htonl(proto); 2125 }
|
1715 return (gen_cmp(0, BPF_W, (bpf_int32)proto));
| 2126 return (gen_cmp(OR_LINK, 0, BPF_W, (bpf_int32)proto));
|
1716 1717 case DLT_PFLOG: 1718 /* 1719 * af field is host byte order in contrast to the rest of 1720 * the packet. 1721 */ 1722 if (proto == ETHERTYPE_IP)
| 2127 2128 case DLT_PFLOG: 2129 /* 2130 * af field is host byte order in contrast to the rest of 2131 * the packet. 2132 */ 2133 if (proto == ETHERTYPE_IP)
|
1723 return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B, 1724 (bpf_int32)AF_INET));
| 2134 return (gen_cmp(OR_LINK, offsetof(struct pfloghdr, af), 2135 BPF_B, (bpf_int32)AF_INET));
|
1725#ifdef INET6 1726 else if (proto == ETHERTYPE_IPV6)
| 2136#ifdef INET6 2137 else if (proto == ETHERTYPE_IPV6)
|
1727 return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B, 1728 (bpf_int32)AF_INET6));
| 2138 return (gen_cmp(OR_LINK, offsetof(struct pfloghdr, af), 2139 BPF_B, (bpf_int32)AF_INET6));
|
1729#endif /* INET6 */ 1730 else 1731 return gen_false(); 1732 /*NOTREACHED*/ 1733 break; 1734 1735 case DLT_ARCNET: 1736 case DLT_ARCNET_LINUX: 1737 /* 1738 * XXX should we check for first fragment if the protocol 1739 * uses PHDS? 1740 */ 1741 switch (proto) { 1742 1743 default: 1744 return gen_false(); 1745 1746#ifdef INET6 1747 case ETHERTYPE_IPV6:
| 2140#endif /* INET6 */ 2141 else 2142 return gen_false(); 2143 /*NOTREACHED*/ 2144 break; 2145 2146 case DLT_ARCNET: 2147 case DLT_ARCNET_LINUX: 2148 /* 2149 * XXX should we check for first fragment if the protocol 2150 * uses PHDS? 2151 */ 2152 switch (proto) { 2153 2154 default: 2155 return gen_false(); 2156 2157#ifdef INET6 2158 case ETHERTYPE_IPV6:
|
1748 return (gen_cmp(off_linktype, BPF_B,
| 2159 return (gen_cmp(OR_LINK, off_linktype, BPF_B,
|
1749 (bpf_int32)ARCTYPE_INET6)); 1750#endif /* INET6 */ 1751 1752 case ETHERTYPE_IP:
| 2160 (bpf_int32)ARCTYPE_INET6)); 2161#endif /* INET6 */ 2162 2163 case ETHERTYPE_IP:
|
1753 b0 = gen_cmp(off_linktype, BPF_B,
| 2164 b0 = gen_cmp(OR_LINK, off_linktype, BPF_B,
|
1754 (bpf_int32)ARCTYPE_IP);
| 2165 (bpf_int32)ARCTYPE_IP);
|
1755 b1 = gen_cmp(off_linktype, BPF_B,
| 2166 b1 = gen_cmp(OR_LINK, off_linktype, BPF_B,
|
1756 (bpf_int32)ARCTYPE_IP_OLD); 1757 gen_or(b0, b1); 1758 return (b1); 1759 1760 case ETHERTYPE_ARP:
| 2167 (bpf_int32)ARCTYPE_IP_OLD); 2168 gen_or(b0, b1); 2169 return (b1); 2170 2171 case ETHERTYPE_ARP:
|
1761 b0 = gen_cmp(off_linktype, BPF_B,
| 2172 b0 = gen_cmp(OR_LINK, off_linktype, BPF_B,
|
1762 (bpf_int32)ARCTYPE_ARP);
| 2173 (bpf_int32)ARCTYPE_ARP);
|
1763 b1 = gen_cmp(off_linktype, BPF_B,
| 2174 b1 = gen_cmp(OR_LINK, off_linktype, BPF_B,
|
1764 (bpf_int32)ARCTYPE_ARP_OLD); 1765 gen_or(b0, b1); 1766 return (b1); 1767 1768 case ETHERTYPE_REVARP:
| 2175 (bpf_int32)ARCTYPE_ARP_OLD); 2176 gen_or(b0, b1); 2177 return (b1); 2178 2179 case ETHERTYPE_REVARP:
|
1769 return (gen_cmp(off_linktype, BPF_B,
| 2180 return (gen_cmp(OR_LINK, off_linktype, BPF_B,
|
1770 (bpf_int32)ARCTYPE_REVARP)); 1771 1772 case ETHERTYPE_ATALK:
| 2181 (bpf_int32)ARCTYPE_REVARP)); 2182 2183 case ETHERTYPE_ATALK:
|
1773 return (gen_cmp(off_linktype, BPF_B,
| 2184 return (gen_cmp(OR_LINK, off_linktype, BPF_B,
|
1774 (bpf_int32)ARCTYPE_ATALK)); 1775 } 1776 /*NOTREACHED*/ 1777 break; 1778 1779 case DLT_LTALK: 1780 switch (proto) { 1781 case ETHERTYPE_ATALK: 1782 return gen_true(); 1783 default: 1784 return gen_false(); 1785 } 1786 /*NOTREACHED*/ 1787 break; 1788 1789 case DLT_FRELAY: 1790 /* 1791 * XXX - assumes a 2-byte Frame Relay header with 1792 * DLCI and flags. What if the address is longer? 1793 */ 1794 switch (proto) { 1795 1796 case ETHERTYPE_IP: 1797 /* 1798 * Check for the special NLPID for IP. 1799 */
| 2185 (bpf_int32)ARCTYPE_ATALK)); 2186 } 2187 /*NOTREACHED*/ 2188 break; 2189 2190 case DLT_LTALK: 2191 switch (proto) { 2192 case ETHERTYPE_ATALK: 2193 return gen_true(); 2194 default: 2195 return gen_false(); 2196 } 2197 /*NOTREACHED*/ 2198 break; 2199 2200 case DLT_FRELAY: 2201 /* 2202 * XXX - assumes a 2-byte Frame Relay header with 2203 * DLCI and flags. What if the address is longer? 2204 */ 2205 switch (proto) { 2206 2207 case ETHERTYPE_IP: 2208 /* 2209 * Check for the special NLPID for IP. 2210 */
|
1800 return gen_cmp(2, BPF_H, (0x03<<8) | 0xcc);
| 2211 return gen_cmp(OR_LINK, 2, BPF_H, (0x03<<8) | 0xcc);
|
1801 1802#ifdef INET6 1803 case ETHERTYPE_IPV6: 1804 /* 1805 * Check for the special NLPID for IPv6. 1806 */
| 2212 2213#ifdef INET6 2214 case ETHERTYPE_IPV6: 2215 /* 2216 * Check for the special NLPID for IPv6. 2217 */
|
1807 return gen_cmp(2, BPF_H, (0x03<<8) | 0x8e);
| 2218 return gen_cmp(OR_LINK, 2, BPF_H, (0x03<<8) | 0x8e);
|
1808#endif 1809 1810 case LLCSAP_ISONS: 1811 /* 1812 * Check for several OSI protocols. 1813 * 1814 * Frame Relay packets typically have an OSI 1815 * NLPID at the beginning; we check for each 1816 * of them. 1817 * 1818 * What we check for is the NLPID and a frame 1819 * control field of UI, i.e. 0x03 followed 1820 * by the NLPID. 1821 */
| 2219#endif 2220 2221 case LLCSAP_ISONS: 2222 /* 2223 * Check for several OSI protocols. 2224 * 2225 * Frame Relay packets typically have an OSI 2226 * NLPID at the beginning; we check for each 2227 * of them. 2228 * 2229 * What we check for is the NLPID and a frame 2230 * control field of UI, i.e. 0x03 followed 2231 * by the NLPID. 2232 */
|
1822 b0 = gen_cmp(2, BPF_H, (0x03<<8) | ISO8473_CLNP); 1823 b1 = gen_cmp(2, BPF_H, (0x03<<8) | ISO9542_ESIS); 1824 b2 = gen_cmp(2, BPF_H, (0x03<<8) | ISO10589_ISIS);
| 2233 b0 = gen_cmp(OR_LINK, 2, BPF_H, (0x03<<8) | ISO8473_CLNP); 2234 b1 = gen_cmp(OR_LINK, 2, BPF_H, (0x03<<8) | ISO9542_ESIS); 2235 b2 = gen_cmp(OR_LINK, 2, BPF_H, (0x03<<8) | ISO10589_ISIS);
|
1825 gen_or(b1, b2); 1826 gen_or(b0, b2); 1827 return b2; 1828 1829 default: 1830 return gen_false(); 1831 } 1832 /*NOTREACHED*/ 1833 break; 1834 1835 case DLT_JUNIPER_MLFR: 1836 case DLT_JUNIPER_MLPPP: 1837 case DLT_JUNIPER_ATM1: 1838 case DLT_JUNIPER_ATM2:
| 2236 gen_or(b1, b2); 2237 gen_or(b0, b2); 2238 return b2; 2239 2240 default: 2241 return gen_false(); 2242 } 2243 /*NOTREACHED*/ 2244 break; 2245 2246 case DLT_JUNIPER_MLFR: 2247 case DLT_JUNIPER_MLPPP: 2248 case DLT_JUNIPER_ATM1: 2249 case DLT_JUNIPER_ATM2:
|
| 2250 case DLT_JUNIPER_PPPOE: 2251 case DLT_JUNIPER_PPPOE_ATM: 2252 case DLT_JUNIPER_GGSN: 2253 case DLT_JUNIPER_ES: 2254 case DLT_JUNIPER_MONITOR: 2255 case DLT_JUNIPER_SERVICES:
|
1839 /* just lets verify the magic number for now - 1840 * on ATM we may have up to 6 different encapsulations on the wire 1841 * and need a lot of heuristics to figure out that the payload 1842 * might be; 1843 * 1844 * FIXME encapsulation specific BPF_ filters 1845 */
| 2256 /* just lets verify the magic number for now - 2257 * on ATM we may have up to 6 different encapsulations on the wire 2258 * and need a lot of heuristics to figure out that the payload 2259 * might be; 2260 * 2261 * FIXME encapsulation specific BPF_ filters 2262 */
|
1846 return gen_mcmp(0, BPF_W, 0x4d474300, 0xffffff00); /* compare the magic number */
| 2263 return gen_mcmp(OR_LINK, 0, BPF_W, 0x4d474300, 0xffffff00); /* compare the magic number */
|
1847 1848 case DLT_LINUX_IRDA: 1849 bpf_error("IrDA link-layer type filtering not implemented"); 1850 1851 case DLT_DOCSIS: 1852 bpf_error("DOCSIS link-layer type filtering not implemented");
| 2264 2265 case DLT_LINUX_IRDA: 2266 bpf_error("IrDA link-layer type filtering not implemented"); 2267 2268 case DLT_DOCSIS: 2269 bpf_error("DOCSIS link-layer type filtering not implemented");
|
| 2270 2271 case DLT_LINUX_LAPD: 2272 bpf_error("LAPD link-layer type filtering not implemented");
|
1853 } 1854 1855 /* 1856 * All the types that have no encapsulation should either be 1857 * handled as DLT_SLIP, DLT_SLIP_BSDOS, and DLT_RAW are, if 1858 * all packets are IP packets, or should be handled in some 1859 * special case, if none of them are (if some are and some 1860 * aren't, the lack of encapsulation is a problem, as we'd 1861 * have to find some other way of determining the packet type). 1862 * 1863 * Therefore, if "off_linktype" is -1, there's an error. 1864 */ 1865 if (off_linktype == (u_int)-1) 1866 abort(); 1867 1868 /* 1869 * Any type not handled above should always have an Ethernet 1870 * type at an offset of "off_linktype". (PPP is partially 1871 * handled above - the protocol type is mapped from the 1872 * Ethernet and LLC types we use internally to the corresponding 1873 * PPP type - but the PPP type is always specified by a value 1874 * at "off_linktype", so we don't have to do the code generation 1875 * above.) 1876 */
| 2273 } 2274 2275 /* 2276 * All the types that have no encapsulation should either be 2277 * handled as DLT_SLIP, DLT_SLIP_BSDOS, and DLT_RAW are, if 2278 * all packets are IP packets, or should be handled in some 2279 * special case, if none of them are (if some are and some 2280 * aren't, the lack of encapsulation is a problem, as we'd 2281 * have to find some other way of determining the packet type). 2282 * 2283 * Therefore, if "off_linktype" is -1, there's an error. 2284 */ 2285 if (off_linktype == (u_int)-1) 2286 abort(); 2287 2288 /* 2289 * Any type not handled above should always have an Ethernet 2290 * type at an offset of "off_linktype". (PPP is partially 2291 * handled above - the protocol type is mapped from the 2292 * Ethernet and LLC types we use internally to the corresponding 2293 * PPP type - but the PPP type is always specified by a value 2294 * at "off_linktype", so we don't have to do the code generation 2295 * above.) 2296 */
|
1877 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
| 2297 return gen_cmp(OR_LINK, off_linktype, BPF_H, (bpf_int32)proto);
|
1878} 1879 1880/* 1881 * Check for an LLC SNAP packet with a given organization code and 1882 * protocol type; we check the entire contents of the 802.2 LLC and 1883 * snap headers, checking for DSAP and SSAP of SNAP and a control 1884 * field of 0x03 in the LLC header, and for the specified organization 1885 * code and protocol type in the SNAP header. 1886 */ 1887static struct block * 1888gen_snap(orgcode, ptype, offset) 1889 bpf_u_int32 orgcode; 1890 bpf_u_int32 ptype; 1891 u_int offset; 1892{ 1893 u_char snapblock[8]; 1894 1895 snapblock[0] = LLCSAP_SNAP; /* DSAP = SNAP */ 1896 snapblock[1] = LLCSAP_SNAP; /* SSAP = SNAP */ 1897 snapblock[2] = 0x03; /* control = UI */ 1898 snapblock[3] = (orgcode >> 16); /* upper 8 bits of organization code */ 1899 snapblock[4] = (orgcode >> 8); /* middle 8 bits of organization code */ 1900 snapblock[5] = (orgcode >> 0); /* lower 8 bits of organization code */ 1901 snapblock[6] = (ptype >> 8); /* upper 8 bits of protocol type */ 1902 snapblock[7] = (ptype >> 0); /* lower 8 bits of protocol type */
| 2298} 2299 2300/* 2301 * Check for an LLC SNAP packet with a given organization code and 2302 * protocol type; we check the entire contents of the 802.2 LLC and 2303 * snap headers, checking for DSAP and SSAP of SNAP and a control 2304 * field of 0x03 in the LLC header, and for the specified organization 2305 * code and protocol type in the SNAP header. 2306 */ 2307static struct block * 2308gen_snap(orgcode, ptype, offset) 2309 bpf_u_int32 orgcode; 2310 bpf_u_int32 ptype; 2311 u_int offset; 2312{ 2313 u_char snapblock[8]; 2314 2315 snapblock[0] = LLCSAP_SNAP; /* DSAP = SNAP */ 2316 snapblock[1] = LLCSAP_SNAP; /* SSAP = SNAP */ 2317 snapblock[2] = 0x03; /* control = UI */ 2318 snapblock[3] = (orgcode >> 16); /* upper 8 bits of organization code */ 2319 snapblock[4] = (orgcode >> 8); /* middle 8 bits of organization code */ 2320 snapblock[5] = (orgcode >> 0); /* lower 8 bits of organization code */ 2321 snapblock[6] = (ptype >> 8); /* upper 8 bits of protocol type */ 2322 snapblock[7] = (ptype >> 0); /* lower 8 bits of protocol type */
|
1903 return gen_bcmp(offset, 8, snapblock);
| 2323 return gen_bcmp(OR_LINK, offset, 8, snapblock);
|
1904} 1905 1906/*
| 2324} 2325 2326/*
|
1907 * Check for a given protocol value assuming an 802.2 LLC header.
| 2327 * Generate code to match a particular packet type, for link-layer types 2328 * using 802.2 LLC headers. 2329 * 2330 * This is *NOT* used for Ethernet; "gen_ether_linktype()" is used 2331 * for that - it handles the D/I/X Ethernet vs. 802.3+802.2 issues. 2332 * 2333 * "proto" is an Ethernet type value, if > ETHERMTU, or an LLC SAP 2334 * value, if <= ETHERMTU. We use that to determine whether to 2335 * match the DSAP or both DSAP and LSAP or to check the OUI and 2336 * protocol ID in a SNAP header.
|
1908 */ 1909static struct block *
| 2337 */ 2338static struct block *
|
1910gen_llc(proto)
| 2339gen_llc_linktype(proto)
|
1911 int proto; 1912{ 1913 /* 1914 * XXX - handle token-ring variable-length header. 1915 */ 1916 switch (proto) { 1917 1918 case LLCSAP_IP:
| 2340 int proto; 2341{ 2342 /* 2343 * XXX - handle token-ring variable-length header. 2344 */ 2345 switch (proto) { 2346 2347 case LLCSAP_IP:
|
1919 return gen_cmp(off_linktype, BPF_H, (long) 1920 ((LLCSAP_IP << 8) | LLCSAP_IP)); 1921
| |
1922 case LLCSAP_ISONS:
| 2348 case LLCSAP_ISONS:
|
1923 return gen_cmp(off_linktype, BPF_H, (long) 1924 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS)); 1925
| |
1926 case LLCSAP_NETBEUI:
| 2349 case LLCSAP_NETBEUI:
|
1927 return gen_cmp(off_linktype, BPF_H, (long) 1928 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
| 2350 /* 2351 * XXX - should we check both the DSAP and the 2352 * SSAP, like this, or should we check just the 2353 * DSAP, as we do for other types <= ETHERMTU 2354 * (i.e., other SAP values)? 2355 */ 2356 return gen_cmp(OR_LINK, off_linktype, BPF_H, (bpf_u_int32) 2357 ((proto << 8) | proto));
|
1929 1930 case LLCSAP_IPX: 1931 /* 1932 * XXX - are there ever SNAP frames for IPX on 1933 * non-Ethernet 802.x networks? 1934 */
| 2358 2359 case LLCSAP_IPX: 2360 /* 2361 * XXX - are there ever SNAP frames for IPX on 2362 * non-Ethernet 802.x networks? 2363 */
|
1935 return gen_cmp(off_linktype, BPF_B, (bpf_int32)LLCSAP_IPX);
| 2364 return gen_cmp(OR_LINK, off_linktype, BPF_B, 2365 (bpf_int32)LLCSAP_IPX);
|
1936 1937 case ETHERTYPE_ATALK: 1938 /* 1939 * 802.2-encapsulated ETHERTYPE_ATALK packets are 1940 * SNAP packets with an organization code of 1941 * 0x080007 (Apple, for Appletalk) and a protocol 1942 * type of ETHERTYPE_ATALK (Appletalk). 1943 * 1944 * XXX - check for an organization code of 1945 * encapsulated Ethernet as well? 1946 */ 1947 return gen_snap(0x080007, ETHERTYPE_ATALK, off_linktype); 1948 1949 default: 1950 /* 1951 * XXX - we don't have to check for IPX 802.3 1952 * here, but should we check for the IPX Ethertype? 1953 */ 1954 if (proto <= ETHERMTU) { 1955 /* 1956 * This is an LLC SAP value, so check 1957 * the DSAP. 1958 */
| 2366 2367 case ETHERTYPE_ATALK: 2368 /* 2369 * 802.2-encapsulated ETHERTYPE_ATALK packets are 2370 * SNAP packets with an organization code of 2371 * 0x080007 (Apple, for Appletalk) and a protocol 2372 * type of ETHERTYPE_ATALK (Appletalk). 2373 * 2374 * XXX - check for an organization code of 2375 * encapsulated Ethernet as well? 2376 */ 2377 return gen_snap(0x080007, ETHERTYPE_ATALK, off_linktype); 2378 2379 default: 2380 /* 2381 * XXX - we don't have to check for IPX 802.3 2382 * here, but should we check for the IPX Ethertype? 2383 */ 2384 if (proto <= ETHERMTU) { 2385 /* 2386 * This is an LLC SAP value, so check 2387 * the DSAP. 2388 */
|
1959 return gen_cmp(off_linktype, BPF_B, (bpf_int32)proto);
| 2389 return gen_cmp(OR_LINK, off_linktype, BPF_B, 2390 (bpf_int32)proto);
|
1960 } else { 1961 /* 1962 * This is an Ethernet type; we assume that it's 1963 * unlikely that it'll appear in the right place 1964 * at random, and therefore check only the 1965 * location that would hold the Ethernet type 1966 * in a SNAP frame with an organization code of 1967 * 0x000000 (encapsulated Ethernet). 1968 * 1969 * XXX - if we were to check for the SNAP DSAP and 1970 * LSAP, as per XXX, and were also to check for an 1971 * organization code of 0x000000 (encapsulated 1972 * Ethernet), we'd do 1973 * 1974 * return gen_snap(0x000000, proto, 1975 * off_linktype); 1976 * 1977 * here; for now, we don't, as per the above. 1978 * I don't know whether it's worth the extra CPU 1979 * time to do the right check or not. 1980 */
| 2391 } else { 2392 /* 2393 * This is an Ethernet type; we assume that it's 2394 * unlikely that it'll appear in the right place 2395 * at random, and therefore check only the 2396 * location that would hold the Ethernet type 2397 * in a SNAP frame with an organization code of 2398 * 0x000000 (encapsulated Ethernet). 2399 * 2400 * XXX - if we were to check for the SNAP DSAP and 2401 * LSAP, as per XXX, and were also to check for an 2402 * organization code of 0x000000 (encapsulated 2403 * Ethernet), we'd do 2404 * 2405 * return gen_snap(0x000000, proto, 2406 * off_linktype); 2407 * 2408 * here; for now, we don't, as per the above. 2409 * I don't know whether it's worth the extra CPU 2410 * time to do the right check or not. 2411 */
|
1981 return gen_cmp(off_linktype+6, BPF_H, (bpf_int32)proto);
| 2412 return gen_cmp(OR_LINK, off_linktype+6, BPF_H, 2413 (bpf_int32)proto);
|
1982 } 1983 } 1984} 1985 1986static struct block * 1987gen_hostop(addr, mask, dir, proto, src_off, dst_off) 1988 bpf_u_int32 addr; 1989 bpf_u_int32 mask; 1990 int dir, proto; 1991 u_int src_off, dst_off; 1992{ 1993 struct block *b0, *b1; 1994 u_int offset; 1995 1996 switch (dir) { 1997 1998 case Q_SRC: 1999 offset = src_off; 2000 break; 2001 2002 case Q_DST: 2003 offset = dst_off; 2004 break; 2005 2006 case Q_AND: 2007 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off); 2008 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off); 2009 gen_and(b0, b1); 2010 return b1; 2011 2012 case Q_OR: 2013 case Q_DEFAULT: 2014 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off); 2015 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off); 2016 gen_or(b0, b1); 2017 return b1; 2018 2019 default: 2020 abort(); 2021 } 2022 b0 = gen_linktype(proto);
| 2414 } 2415 } 2416} 2417 2418static struct block * 2419gen_hostop(addr, mask, dir, proto, src_off, dst_off) 2420 bpf_u_int32 addr; 2421 bpf_u_int32 mask; 2422 int dir, proto; 2423 u_int src_off, dst_off; 2424{ 2425 struct block *b0, *b1; 2426 u_int offset; 2427 2428 switch (dir) { 2429 2430 case Q_SRC: 2431 offset = src_off; 2432 break; 2433 2434 case Q_DST: 2435 offset = dst_off; 2436 break; 2437 2438 case Q_AND: 2439 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off); 2440 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off); 2441 gen_and(b0, b1); 2442 return b1; 2443 2444 case Q_OR: 2445 case Q_DEFAULT: 2446 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off); 2447 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off); 2448 gen_or(b0, b1); 2449 return b1; 2450 2451 default: 2452 abort(); 2453 } 2454 b0 = gen_linktype(proto);
|
2023 b1 = gen_mcmp(offset, BPF_W, (bpf_int32)addr, mask);
| 2455 b1 = gen_mcmp(OR_NET, offset, BPF_W, (bpf_int32)addr, mask);
|
2024 gen_and(b0, b1); 2025 return b1; 2026} 2027 2028#ifdef INET6 2029static struct block * 2030gen_hostop6(addr, mask, dir, proto, src_off, dst_off) 2031 struct in6_addr *addr; 2032 struct in6_addr *mask; 2033 int dir, proto; 2034 u_int src_off, dst_off; 2035{ 2036 struct block *b0, *b1; 2037 u_int offset; 2038 u_int32_t *a, *m; 2039 2040 switch (dir) { 2041 2042 case Q_SRC: 2043 offset = src_off; 2044 break; 2045 2046 case Q_DST: 2047 offset = dst_off; 2048 break; 2049 2050 case Q_AND: 2051 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off); 2052 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off); 2053 gen_and(b0, b1); 2054 return b1; 2055 2056 case Q_OR: 2057 case Q_DEFAULT: 2058 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off); 2059 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off); 2060 gen_or(b0, b1); 2061 return b1; 2062 2063 default: 2064 abort(); 2065 } 2066 /* this order is important */ 2067 a = (u_int32_t *)addr; 2068 m = (u_int32_t *)mask;
| 2456 gen_and(b0, b1); 2457 return b1; 2458} 2459 2460#ifdef INET6 2461static struct block * 2462gen_hostop6(addr, mask, dir, proto, src_off, dst_off) 2463 struct in6_addr *addr; 2464 struct in6_addr *mask; 2465 int dir, proto; 2466 u_int src_off, dst_off; 2467{ 2468 struct block *b0, *b1; 2469 u_int offset; 2470 u_int32_t *a, *m; 2471 2472 switch (dir) { 2473 2474 case Q_SRC: 2475 offset = src_off; 2476 break; 2477 2478 case Q_DST: 2479 offset = dst_off; 2480 break; 2481 2482 case Q_AND: 2483 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off); 2484 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off); 2485 gen_and(b0, b1); 2486 return b1; 2487 2488 case Q_OR: 2489 case Q_DEFAULT: 2490 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off); 2491 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off); 2492 gen_or(b0, b1); 2493 return b1; 2494 2495 default: 2496 abort(); 2497 } 2498 /* this order is important */ 2499 a = (u_int32_t *)addr; 2500 m = (u_int32_t *)mask;
|
2069 b1 = gen_mcmp(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3])); 2070 b0 = gen_mcmp(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2]));
| 2501 b1 = gen_mcmp(OR_NET, offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3])); 2502 b0 = gen_mcmp(OR_NET, offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2]));
|
2071 gen_and(b0, b1);
| 2503 gen_and(b0, b1);
|
2072 b0 = gen_mcmp(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1]));
| 2504 b0 = gen_mcmp(OR_NET, offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1]));
|
2073 gen_and(b0, b1);
| 2505 gen_and(b0, b1);
|
2074 b0 = gen_mcmp(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0]));
| 2506 b0 = gen_mcmp(OR_NET, offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0]));
|
2075 gen_and(b0, b1); 2076 b0 = gen_linktype(proto); 2077 gen_and(b0, b1); 2078 return b1; 2079} 2080#endif /*INET6*/ 2081 2082static struct block * 2083gen_ehostop(eaddr, dir) 2084 register const u_char *eaddr; 2085 register int dir; 2086{ 2087 register struct block *b0, *b1; 2088 2089 switch (dir) { 2090 case Q_SRC:
| 2507 gen_and(b0, b1); 2508 b0 = gen_linktype(proto); 2509 gen_and(b0, b1); 2510 return b1; 2511} 2512#endif /*INET6*/ 2513 2514static struct block * 2515gen_ehostop(eaddr, dir) 2516 register const u_char *eaddr; 2517 register int dir; 2518{ 2519 register struct block *b0, *b1; 2520 2521 switch (dir) { 2522 case Q_SRC:
|
2091 return gen_bcmp(off_mac + 6, 6, eaddr);
| 2523 return gen_bcmp(OR_LINK, off_mac + 6, 6, eaddr);
|
2092 2093 case Q_DST:
| 2524 2525 case Q_DST:
|
2094 return gen_bcmp(off_mac + 0, 6, eaddr);
| 2526 return gen_bcmp(OR_LINK, off_mac + 0, 6, eaddr);
|
2095 2096 case Q_AND: 2097 b0 = gen_ehostop(eaddr, Q_SRC); 2098 b1 = gen_ehostop(eaddr, Q_DST); 2099 gen_and(b0, b1); 2100 return b1; 2101 2102 case Q_DEFAULT: 2103 case Q_OR: 2104 b0 = gen_ehostop(eaddr, Q_SRC); 2105 b1 = gen_ehostop(eaddr, Q_DST); 2106 gen_or(b0, b1); 2107 return b1; 2108 } 2109 abort(); 2110 /* NOTREACHED */ 2111} 2112 2113/* 2114 * Like gen_ehostop, but for DLT_FDDI 2115 */ 2116static struct block * 2117gen_fhostop(eaddr, dir) 2118 register const u_char *eaddr; 2119 register int dir; 2120{ 2121 struct block *b0, *b1; 2122 2123 switch (dir) { 2124 case Q_SRC: 2125#ifdef PCAP_FDDIPAD
| 2527 2528 case Q_AND: 2529 b0 = gen_ehostop(eaddr, Q_SRC); 2530 b1 = gen_ehostop(eaddr, Q_DST); 2531 gen_and(b0, b1); 2532 return b1; 2533 2534 case Q_DEFAULT: 2535 case Q_OR: 2536 b0 = gen_ehostop(eaddr, Q_SRC); 2537 b1 = gen_ehostop(eaddr, Q_DST); 2538 gen_or(b0, b1); 2539 return b1; 2540 } 2541 abort(); 2542 /* NOTREACHED */ 2543} 2544 2545/* 2546 * Like gen_ehostop, but for DLT_FDDI 2547 */ 2548static struct block * 2549gen_fhostop(eaddr, dir) 2550 register const u_char *eaddr; 2551 register int dir; 2552{ 2553 struct block *b0, *b1; 2554 2555 switch (dir) { 2556 case Q_SRC: 2557#ifdef PCAP_FDDIPAD
|
2126 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr);
| 2558 return gen_bcmp(OR_LINK, 6 + 1 + pcap_fddipad, 6, eaddr);
|
2127#else
| 2559#else
|
2128 return gen_bcmp(6 + 1, 6, eaddr);
| 2560 return gen_bcmp(OR_LINK, 6 + 1, 6, eaddr);
|
2129#endif 2130 2131 case Q_DST: 2132#ifdef PCAP_FDDIPAD
| 2561#endif 2562 2563 case Q_DST: 2564#ifdef PCAP_FDDIPAD
|
2133 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr);
| 2565 return gen_bcmp(OR_LINK, 0 + 1 + pcap_fddipad, 6, eaddr);
|
2134#else
| 2566#else
|
2135 return gen_bcmp(0 + 1, 6, eaddr);
| 2567 return gen_bcmp(OR_LINK, 0 + 1, 6, eaddr);
|
2136#endif 2137 2138 case Q_AND: 2139 b0 = gen_fhostop(eaddr, Q_SRC); 2140 b1 = gen_fhostop(eaddr, Q_DST); 2141 gen_and(b0, b1); 2142 return b1; 2143 2144 case Q_DEFAULT: 2145 case Q_OR: 2146 b0 = gen_fhostop(eaddr, Q_SRC); 2147 b1 = gen_fhostop(eaddr, Q_DST); 2148 gen_or(b0, b1); 2149 return b1; 2150 } 2151 abort(); 2152 /* NOTREACHED */ 2153} 2154 2155/* 2156 * Like gen_ehostop, but for DLT_IEEE802 (Token Ring) 2157 */ 2158static struct block * 2159gen_thostop(eaddr, dir) 2160 register const u_char *eaddr; 2161 register int dir; 2162{ 2163 register struct block *b0, *b1; 2164 2165 switch (dir) { 2166 case Q_SRC:
| 2568#endif 2569 2570 case Q_AND: 2571 b0 = gen_fhostop(eaddr, Q_SRC); 2572 b1 = gen_fhostop(eaddr, Q_DST); 2573 gen_and(b0, b1); 2574 return b1; 2575 2576 case Q_DEFAULT: 2577 case Q_OR: 2578 b0 = gen_fhostop(eaddr, Q_SRC); 2579 b1 = gen_fhostop(eaddr, Q_DST); 2580 gen_or(b0, b1); 2581 return b1; 2582 } 2583 abort(); 2584 /* NOTREACHED */ 2585} 2586 2587/* 2588 * Like gen_ehostop, but for DLT_IEEE802 (Token Ring) 2589 */ 2590static struct block * 2591gen_thostop(eaddr, dir) 2592 register const u_char *eaddr; 2593 register int dir; 2594{ 2595 register struct block *b0, *b1; 2596 2597 switch (dir) { 2598 case Q_SRC:
|
2167 return gen_bcmp(8, 6, eaddr);
| 2599 return gen_bcmp(OR_LINK, 8, 6, eaddr);
|
2168 2169 case Q_DST:
| 2600 2601 case Q_DST:
|
2170 return gen_bcmp(2, 6, eaddr);
| 2602 return gen_bcmp(OR_LINK, 2, 6, eaddr);
|
2171 2172 case Q_AND: 2173 b0 = gen_thostop(eaddr, Q_SRC); 2174 b1 = gen_thostop(eaddr, Q_DST); 2175 gen_and(b0, b1); 2176 return b1; 2177 2178 case Q_DEFAULT: 2179 case Q_OR: 2180 b0 = gen_thostop(eaddr, Q_SRC); 2181 b1 = gen_thostop(eaddr, Q_DST); 2182 gen_or(b0, b1); 2183 return b1; 2184 } 2185 abort(); 2186 /* NOTREACHED */ 2187} 2188 2189/* 2190 * Like gen_ehostop, but for DLT_IEEE802_11 (802.11 wireless LAN) 2191 */ 2192static struct block * 2193gen_wlanhostop(eaddr, dir) 2194 register const u_char *eaddr; 2195 register int dir; 2196{ 2197 register struct block *b0, *b1, *b2; 2198 register struct slist *s; 2199 2200 switch (dir) { 2201 case Q_SRC: 2202 /* 2203 * Oh, yuk. 2204 * 2205 * For control frames, there is no SA. 2206 * 2207 * For management frames, SA is at an 2208 * offset of 10 from the beginning of 2209 * the packet. 2210 * 2211 * For data frames, SA is at an offset 2212 * of 10 from the beginning of the packet 2213 * if From DS is clear, at an offset of 2214 * 16 from the beginning of the packet 2215 * if From DS is set and To DS is clear, 2216 * and an offset of 24 from the beginning 2217 * of the packet if From DS is set and To DS 2218 * is set. 2219 */ 2220 2221 /* 2222 * Generate the tests to be done for data frames 2223 * with From DS set. 2224 * 2225 * First, check for To DS set, i.e. check "link[1] & 0x01". 2226 */
| 2603 2604 case Q_AND: 2605 b0 = gen_thostop(eaddr, Q_SRC); 2606 b1 = gen_thostop(eaddr, Q_DST); 2607 gen_and(b0, b1); 2608 return b1; 2609 2610 case Q_DEFAULT: 2611 case Q_OR: 2612 b0 = gen_thostop(eaddr, Q_SRC); 2613 b1 = gen_thostop(eaddr, Q_DST); 2614 gen_or(b0, b1); 2615 return b1; 2616 } 2617 abort(); 2618 /* NOTREACHED */ 2619} 2620 2621/* 2622 * Like gen_ehostop, but for DLT_IEEE802_11 (802.11 wireless LAN) 2623 */ 2624static struct block * 2625gen_wlanhostop(eaddr, dir) 2626 register const u_char *eaddr; 2627 register int dir; 2628{ 2629 register struct block *b0, *b1, *b2; 2630 register struct slist *s; 2631 2632 switch (dir) { 2633 case Q_SRC: 2634 /* 2635 * Oh, yuk. 2636 * 2637 * For control frames, there is no SA. 2638 * 2639 * For management frames, SA is at an 2640 * offset of 10 from the beginning of 2641 * the packet. 2642 * 2643 * For data frames, SA is at an offset 2644 * of 10 from the beginning of the packet 2645 * if From DS is clear, at an offset of 2646 * 16 from the beginning of the packet 2647 * if From DS is set and To DS is clear, 2648 * and an offset of 24 from the beginning 2649 * of the packet if From DS is set and To DS 2650 * is set. 2651 */ 2652 2653 /* 2654 * Generate the tests to be done for data frames 2655 * with From DS set. 2656 * 2657 * First, check for To DS set, i.e. check "link[1] & 0x01". 2658 */
|
2227 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 2228 s->s.k = 1;
| 2659 s = gen_load_a(OR_LINK, 1, BPF_B);
|
2229 b1 = new_block(JMP(BPF_JSET)); 2230 b1->s.k = 0x01; /* To DS */ 2231 b1->stmts = s; 2232 2233 /* 2234 * If To DS is set, the SA is at 24. 2235 */
| 2660 b1 = new_block(JMP(BPF_JSET)); 2661 b1->s.k = 0x01; /* To DS */ 2662 b1->stmts = s; 2663 2664 /* 2665 * If To DS is set, the SA is at 24. 2666 */
|
2236 b0 = gen_bcmp(24, 6, eaddr);
| 2667 b0 = gen_bcmp(OR_LINK, 24, 6, eaddr);
|
2237 gen_and(b1, b0); 2238 2239 /* 2240 * Now, check for To DS not set, i.e. check 2241 * "!(link[1] & 0x01)". 2242 */
| 2668 gen_and(b1, b0); 2669 2670 /* 2671 * Now, check for To DS not set, i.e. check 2672 * "!(link[1] & 0x01)". 2673 */
|
2243 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 2244 s->s.k = 1;
| 2674 s = gen_load_a(OR_LINK, 1, BPF_B);
|
2245 b2 = new_block(JMP(BPF_JSET)); 2246 b2->s.k = 0x01; /* To DS */ 2247 b2->stmts = s; 2248 gen_not(b2); 2249 2250 /* 2251 * If To DS is not set, the SA is at 16. 2252 */
| 2675 b2 = new_block(JMP(BPF_JSET)); 2676 b2->s.k = 0x01; /* To DS */ 2677 b2->stmts = s; 2678 gen_not(b2); 2679 2680 /* 2681 * If To DS is not set, the SA is at 16. 2682 */
|
2253 b1 = gen_bcmp(16, 6, eaddr);
| 2683 b1 = gen_bcmp(OR_LINK, 16, 6, eaddr);
|
2254 gen_and(b2, b1); 2255 2256 /* 2257 * Now OR together the last two checks. That gives 2258 * the complete set of checks for data frames with 2259 * From DS set. 2260 */ 2261 gen_or(b1, b0); 2262 2263 /* 2264 * Now check for From DS being set, and AND that with 2265 * the ORed-together checks. 2266 */
| 2684 gen_and(b2, b1); 2685 2686 /* 2687 * Now OR together the last two checks. That gives 2688 * the complete set of checks for data frames with 2689 * From DS set. 2690 */ 2691 gen_or(b1, b0); 2692 2693 /* 2694 * Now check for From DS being set, and AND that with 2695 * the ORed-together checks. 2696 */
|
2267 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 2268 s->s.k = 1;
| 2697 s = gen_load_a(OR_LINK, 1, BPF_B);
|
2269 b1 = new_block(JMP(BPF_JSET)); 2270 b1->s.k = 0x02; /* From DS */ 2271 b1->stmts = s; 2272 gen_and(b1, b0); 2273 2274 /* 2275 * Now check for data frames with From DS not set. 2276 */
| 2698 b1 = new_block(JMP(BPF_JSET)); 2699 b1->s.k = 0x02; /* From DS */ 2700 b1->stmts = s; 2701 gen_and(b1, b0); 2702 2703 /* 2704 * Now check for data frames with From DS not set. 2705 */
|
2277 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 2278 s->s.k = 1;
| 2706 s = gen_load_a(OR_LINK, 1, BPF_B);
|
2279 b2 = new_block(JMP(BPF_JSET)); 2280 b2->s.k = 0x02; /* From DS */ 2281 b2->stmts = s; 2282 gen_not(b2); 2283 2284 /* 2285 * If From DS isn't set, the SA is at 10. 2286 */
| 2707 b2 = new_block(JMP(BPF_JSET)); 2708 b2->s.k = 0x02; /* From DS */ 2709 b2->stmts = s; 2710 gen_not(b2); 2711 2712 /* 2713 * If From DS isn't set, the SA is at 10. 2714 */
|
2287 b1 = gen_bcmp(10, 6, eaddr);
| 2715 b1 = gen_bcmp(OR_LINK, 10, 6, eaddr);
|
2288 gen_and(b2, b1); 2289 2290 /* 2291 * Now OR together the checks for data frames with 2292 * From DS not set and for data frames with From DS 2293 * set; that gives the checks done for data frames. 2294 */ 2295 gen_or(b1, b0); 2296 2297 /* 2298 * Now check for a data frame. 2299 * I.e, check "link[0] & 0x08". 2300 */
| 2716 gen_and(b2, b1); 2717 2718 /* 2719 * Now OR together the checks for data frames with 2720 * From DS not set and for data frames with From DS 2721 * set; that gives the checks done for data frames. 2722 */ 2723 gen_or(b1, b0); 2724 2725 /* 2726 * Now check for a data frame. 2727 * I.e, check "link[0] & 0x08". 2728 */
|
2301 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 2302 s->s.k = 0;
| 2729 gen_load_a(OR_LINK, 0, BPF_B);
|
2303 b1 = new_block(JMP(BPF_JSET)); 2304 b1->s.k = 0x08; 2305 b1->stmts = s; 2306 2307 /* 2308 * AND that with the checks done for data frames. 2309 */ 2310 gen_and(b1, b0); 2311 2312 /* 2313 * If the high-order bit of the type value is 0, this 2314 * is a management frame. 2315 * I.e, check "!(link[0] & 0x08)". 2316 */
| 2730 b1 = new_block(JMP(BPF_JSET)); 2731 b1->s.k = 0x08; 2732 b1->stmts = s; 2733 2734 /* 2735 * AND that with the checks done for data frames. 2736 */ 2737 gen_and(b1, b0); 2738 2739 /* 2740 * If the high-order bit of the type value is 0, this 2741 * is a management frame. 2742 * I.e, check "!(link[0] & 0x08)". 2743 */
|
2317 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 2318 s->s.k = 0;
| 2744 s = gen_load_a(OR_LINK, 0, BPF_B);
|
2319 b2 = new_block(JMP(BPF_JSET)); 2320 b2->s.k = 0x08; 2321 b2->stmts = s; 2322 gen_not(b2); 2323 2324 /* 2325 * For management frames, the SA is at 10. 2326 */
| 2745 b2 = new_block(JMP(BPF_JSET)); 2746 b2->s.k = 0x08; 2747 b2->stmts = s; 2748 gen_not(b2); 2749 2750 /* 2751 * For management frames, the SA is at 10. 2752 */
|
2327 b1 = gen_bcmp(10, 6, eaddr);
| 2753 b1 = gen_bcmp(OR_LINK, 10, 6, eaddr);
|
2328 gen_and(b2, b1); 2329 2330 /* 2331 * OR that with the checks done for data frames. 2332 * That gives the checks done for management and 2333 * data frames. 2334 */ 2335 gen_or(b1, b0); 2336 2337 /* 2338 * If the low-order bit of the type value is 1, 2339 * this is either a control frame or a frame 2340 * with a reserved type, and thus not a 2341 * frame with an SA. 2342 * 2343 * I.e., check "!(link[0] & 0x04)". 2344 */
| 2754 gen_and(b2, b1); 2755 2756 /* 2757 * OR that with the checks done for data frames. 2758 * That gives the checks done for management and 2759 * data frames. 2760 */ 2761 gen_or(b1, b0); 2762 2763 /* 2764 * If the low-order bit of the type value is 1, 2765 * this is either a control frame or a frame 2766 * with a reserved type, and thus not a 2767 * frame with an SA. 2768 * 2769 * I.e., check "!(link[0] & 0x04)". 2770 */
|
2345 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 2346 s->s.k = 0;
| 2771 s = gen_load_a(OR_LINK, 0, BPF_B);
|
2347 b1 = new_block(JMP(BPF_JSET)); 2348 b1->s.k = 0x04; 2349 b1->stmts = s; 2350 gen_not(b1); 2351 2352 /* 2353 * AND that with the checks for data and management 2354 * frames. 2355 */ 2356 gen_and(b1, b0); 2357 return b0; 2358 2359 case Q_DST: 2360 /* 2361 * Oh, yuk. 2362 * 2363 * For control frames, there is no DA. 2364 * 2365 * For management frames, DA is at an 2366 * offset of 4 from the beginning of 2367 * the packet. 2368 * 2369 * For data frames, DA is at an offset 2370 * of 4 from the beginning of the packet 2371 * if To DS is clear and at an offset of 2372 * 16 from the beginning of the packet 2373 * if To DS is set. 2374 */ 2375 2376 /* 2377 * Generate the tests to be done for data frames. 2378 * 2379 * First, check for To DS set, i.e. "link[1] & 0x01". 2380 */
| 2772 b1 = new_block(JMP(BPF_JSET)); 2773 b1->s.k = 0x04; 2774 b1->stmts = s; 2775 gen_not(b1); 2776 2777 /* 2778 * AND that with the checks for data and management 2779 * frames. 2780 */ 2781 gen_and(b1, b0); 2782 return b0; 2783 2784 case Q_DST: 2785 /* 2786 * Oh, yuk. 2787 * 2788 * For control frames, there is no DA. 2789 * 2790 * For management frames, DA is at an 2791 * offset of 4 from the beginning of 2792 * the packet. 2793 * 2794 * For data frames, DA is at an offset 2795 * of 4 from the beginning of the packet 2796 * if To DS is clear and at an offset of 2797 * 16 from the beginning of the packet 2798 * if To DS is set. 2799 */ 2800 2801 /* 2802 * Generate the tests to be done for data frames. 2803 * 2804 * First, check for To DS set, i.e. "link[1] & 0x01". 2805 */
|
2381 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 2382 s->s.k = 1;
| 2806 s = gen_load_a(OR_LINK, 1, BPF_B);
|
2383 b1 = new_block(JMP(BPF_JSET)); 2384 b1->s.k = 0x01; /* To DS */ 2385 b1->stmts = s; 2386 2387 /* 2388 * If To DS is set, the DA is at 16. 2389 */
| 2807 b1 = new_block(JMP(BPF_JSET)); 2808 b1->s.k = 0x01; /* To DS */ 2809 b1->stmts = s; 2810 2811 /* 2812 * If To DS is set, the DA is at 16. 2813 */
|
2390 b0 = gen_bcmp(16, 6, eaddr);
| 2814 b0 = gen_bcmp(OR_LINK, 16, 6, eaddr);
|
2391 gen_and(b1, b0); 2392 2393 /* 2394 * Now, check for To DS not set, i.e. check 2395 * "!(link[1] & 0x01)". 2396 */
| 2815 gen_and(b1, b0); 2816 2817 /* 2818 * Now, check for To DS not set, i.e. check 2819 * "!(link[1] & 0x01)". 2820 */
|
2397 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 2398 s->s.k = 1;
| 2821 s = gen_load_a(OR_LINK, 1, BPF_B);
|
2399 b2 = new_block(JMP(BPF_JSET)); 2400 b2->s.k = 0x01; /* To DS */ 2401 b2->stmts = s; 2402 gen_not(b2); 2403 2404 /* 2405 * If To DS is not set, the DA is at 4. 2406 */
| 2822 b2 = new_block(JMP(BPF_JSET)); 2823 b2->s.k = 0x01; /* To DS */ 2824 b2->stmts = s; 2825 gen_not(b2); 2826 2827 /* 2828 * If To DS is not set, the DA is at 4. 2829 */
|
2407 b1 = gen_bcmp(4, 6, eaddr);
| 2830 b1 = gen_bcmp(OR_LINK, 4, 6, eaddr);
|
2408 gen_and(b2, b1); 2409 2410 /* 2411 * Now OR together the last two checks. That gives 2412 * the complete set of checks for data frames. 2413 */ 2414 gen_or(b1, b0); 2415 2416 /* 2417 * Now check for a data frame. 2418 * I.e, check "link[0] & 0x08". 2419 */
| 2831 gen_and(b2, b1); 2832 2833 /* 2834 * Now OR together the last two checks. That gives 2835 * the complete set of checks for data frames. 2836 */ 2837 gen_or(b1, b0); 2838 2839 /* 2840 * Now check for a data frame. 2841 * I.e, check "link[0] & 0x08". 2842 */
|
2420 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 2421 s->s.k = 0;
| 2843 s = gen_load_a(OR_LINK, 0, BPF_B);
|
2422 b1 = new_block(JMP(BPF_JSET)); 2423 b1->s.k = 0x08; 2424 b1->stmts = s; 2425 2426 /* 2427 * AND that with the checks done for data frames. 2428 */ 2429 gen_and(b1, b0); 2430 2431 /* 2432 * If the high-order bit of the type value is 0, this 2433 * is a management frame. 2434 * I.e, check "!(link[0] & 0x08)". 2435 */
| 2844 b1 = new_block(JMP(BPF_JSET)); 2845 b1->s.k = 0x08; 2846 b1->stmts = s; 2847 2848 /* 2849 * AND that with the checks done for data frames. 2850 */ 2851 gen_and(b1, b0); 2852 2853 /* 2854 * If the high-order bit of the type value is 0, this 2855 * is a management frame. 2856 * I.e, check "!(link[0] & 0x08)". 2857 */
|
2436 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 2437 s->s.k = 0;
| 2858 s = gen_load_a(OR_LINK, 0, BPF_B);
|
2438 b2 = new_block(JMP(BPF_JSET)); 2439 b2->s.k = 0x08; 2440 b2->stmts = s; 2441 gen_not(b2); 2442 2443 /* 2444 * For management frames, the DA is at 4. 2445 */
| 2859 b2 = new_block(JMP(BPF_JSET)); 2860 b2->s.k = 0x08; 2861 b2->stmts = s; 2862 gen_not(b2); 2863 2864 /* 2865 * For management frames, the DA is at 4. 2866 */
|
2446 b1 = gen_bcmp(4, 6, eaddr);
| 2867 b1 = gen_bcmp(OR_LINK, 4, 6, eaddr);
|
2447 gen_and(b2, b1); 2448 2449 /* 2450 * OR that with the checks done for data frames. 2451 * That gives the checks done for management and 2452 * data frames. 2453 */ 2454 gen_or(b1, b0); 2455 2456 /* 2457 * If the low-order bit of the type value is 1, 2458 * this is either a control frame or a frame 2459 * with a reserved type, and thus not a 2460 * frame with an SA. 2461 * 2462 * I.e., check "!(link[0] & 0x04)". 2463 */
| 2868 gen_and(b2, b1); 2869 2870 /* 2871 * OR that with the checks done for data frames. 2872 * That gives the checks done for management and 2873 * data frames. 2874 */ 2875 gen_or(b1, b0); 2876 2877 /* 2878 * If the low-order bit of the type value is 1, 2879 * this is either a control frame or a frame 2880 * with a reserved type, and thus not a 2881 * frame with an SA. 2882 * 2883 * I.e., check "!(link[0] & 0x04)". 2884 */
|
2464 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 2465 s->s.k = 0;
| 2885 s = gen_load_a(OR_LINK, 0, BPF_B);
|
2466 b1 = new_block(JMP(BPF_JSET)); 2467 b1->s.k = 0x04; 2468 b1->stmts = s; 2469 gen_not(b1); 2470 2471 /* 2472 * AND that with the checks for data and management 2473 * frames. 2474 */ 2475 gen_and(b1, b0); 2476 return b0; 2477 2478 case Q_AND: 2479 b0 = gen_wlanhostop(eaddr, Q_SRC); 2480 b1 = gen_wlanhostop(eaddr, Q_DST); 2481 gen_and(b0, b1); 2482 return b1; 2483 2484 case Q_DEFAULT: 2485 case Q_OR: 2486 b0 = gen_wlanhostop(eaddr, Q_SRC); 2487 b1 = gen_wlanhostop(eaddr, Q_DST); 2488 gen_or(b0, b1); 2489 return b1; 2490 } 2491 abort(); 2492 /* NOTREACHED */ 2493} 2494 2495/* 2496 * Like gen_ehostop, but for RFC 2625 IP-over-Fibre-Channel. 2497 * (We assume that the addresses are IEEE 48-bit MAC addresses, 2498 * as the RFC states.) 2499 */ 2500static struct block * 2501gen_ipfchostop(eaddr, dir) 2502 register const u_char *eaddr; 2503 register int dir; 2504{ 2505 register struct block *b0, *b1; 2506 2507 switch (dir) { 2508 case Q_SRC:
| 2886 b1 = new_block(JMP(BPF_JSET)); 2887 b1->s.k = 0x04; 2888 b1->stmts = s; 2889 gen_not(b1); 2890 2891 /* 2892 * AND that with the checks for data and management 2893 * frames. 2894 */ 2895 gen_and(b1, b0); 2896 return b0; 2897 2898 case Q_AND: 2899 b0 = gen_wlanhostop(eaddr, Q_SRC); 2900 b1 = gen_wlanhostop(eaddr, Q_DST); 2901 gen_and(b0, b1); 2902 return b1; 2903 2904 case Q_DEFAULT: 2905 case Q_OR: 2906 b0 = gen_wlanhostop(eaddr, Q_SRC); 2907 b1 = gen_wlanhostop(eaddr, Q_DST); 2908 gen_or(b0, b1); 2909 return b1; 2910 } 2911 abort(); 2912 /* NOTREACHED */ 2913} 2914 2915/* 2916 * Like gen_ehostop, but for RFC 2625 IP-over-Fibre-Channel. 2917 * (We assume that the addresses are IEEE 48-bit MAC addresses, 2918 * as the RFC states.) 2919 */ 2920static struct block * 2921gen_ipfchostop(eaddr, dir) 2922 register const u_char *eaddr; 2923 register int dir; 2924{ 2925 register struct block *b0, *b1; 2926 2927 switch (dir) { 2928 case Q_SRC:
|
2509 return gen_bcmp(10, 6, eaddr);
| 2929 return gen_bcmp(OR_LINK, 10, 6, eaddr);
|
2510 2511 case Q_DST:
| 2930 2931 case Q_DST:
|
2512 return gen_bcmp(2, 6, eaddr);
| 2932 return gen_bcmp(OR_LINK, 2, 6, eaddr);
|
2513 2514 case Q_AND: 2515 b0 = gen_ipfchostop(eaddr, Q_SRC); 2516 b1 = gen_ipfchostop(eaddr, Q_DST); 2517 gen_and(b0, b1); 2518 return b1; 2519 2520 case Q_DEFAULT: 2521 case Q_OR: 2522 b0 = gen_ipfchostop(eaddr, Q_SRC); 2523 b1 = gen_ipfchostop(eaddr, Q_DST); 2524 gen_or(b0, b1); 2525 return b1; 2526 } 2527 abort(); 2528 /* NOTREACHED */ 2529} 2530 2531/* 2532 * This is quite tricky because there may be pad bytes in front of the 2533 * DECNET header, and then there are two possible data packet formats that 2534 * carry both src and dst addresses, plus 5 packet types in a format that 2535 * carries only the src node, plus 2 types that use a different format and 2536 * also carry just the src node. 2537 * 2538 * Yuck. 2539 * 2540 * Instead of doing those all right, we just look for data packets with 2541 * 0 or 1 bytes of padding. If you want to look at other packets, that 2542 * will require a lot more hacking. 2543 * 2544 * To add support for filtering on DECNET "areas" (network numbers) 2545 * one would want to add a "mask" argument to this routine. That would 2546 * make the filter even more inefficient, although one could be clever 2547 * and not generate masking instructions if the mask is 0xFFFF. 2548 */ 2549static struct block *
| 2933 2934 case Q_AND: 2935 b0 = gen_ipfchostop(eaddr, Q_SRC); 2936 b1 = gen_ipfchostop(eaddr, Q_DST); 2937 gen_and(b0, b1); 2938 return b1; 2939 2940 case Q_DEFAULT: 2941 case Q_OR: 2942 b0 = gen_ipfchostop(eaddr, Q_SRC); 2943 b1 = gen_ipfchostop(eaddr, Q_DST); 2944 gen_or(b0, b1); 2945 return b1; 2946 } 2947 abort(); 2948 /* NOTREACHED */ 2949} 2950 2951/* 2952 * This is quite tricky because there may be pad bytes in front of the 2953 * DECNET header, and then there are two possible data packet formats that 2954 * carry both src and dst addresses, plus 5 packet types in a format that 2955 * carries only the src node, plus 2 types that use a different format and 2956 * also carry just the src node. 2957 * 2958 * Yuck. 2959 * 2960 * Instead of doing those all right, we just look for data packets with 2961 * 0 or 1 bytes of padding. If you want to look at other packets, that 2962 * will require a lot more hacking. 2963 * 2964 * To add support for filtering on DECNET "areas" (network numbers) 2965 * one would want to add a "mask" argument to this routine. That would 2966 * make the filter even more inefficient, although one could be clever 2967 * and not generate masking instructions if the mask is 0xFFFF. 2968 */ 2969static struct block *
|
2550gen_dnhostop(addr, dir, base_off)
| 2970gen_dnhostop(addr, dir)
|
2551 bpf_u_int32 addr; 2552 int dir;
| 2971 bpf_u_int32 addr; 2972 int dir;
|
2553 u_int base_off;
| |
2554{ 2555 struct block *b0, *b1, *b2, *tmp; 2556 u_int offset_lh; /* offset if long header is received */ 2557 u_int offset_sh; /* offset if short header is received */ 2558 2559 switch (dir) { 2560 2561 case Q_DST: 2562 offset_sh = 1; /* follows flags */ 2563 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */ 2564 break; 2565 2566 case Q_SRC: 2567 offset_sh = 3; /* follows flags, dstnode */ 2568 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */ 2569 break; 2570 2571 case Q_AND: 2572 /* Inefficient because we do our Calvinball dance twice */
| 2973{ 2974 struct block *b0, *b1, *b2, *tmp; 2975 u_int offset_lh; /* offset if long header is received */ 2976 u_int offset_sh; /* offset if short header is received */ 2977 2978 switch (dir) { 2979 2980 case Q_DST: 2981 offset_sh = 1; /* follows flags */ 2982 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */ 2983 break; 2984 2985 case Q_SRC: 2986 offset_sh = 3; /* follows flags, dstnode */ 2987 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */ 2988 break; 2989 2990 case Q_AND: 2991 /* Inefficient because we do our Calvinball dance twice */
|
2573 b0 = gen_dnhostop(addr, Q_SRC, base_off); 2574 b1 = gen_dnhostop(addr, Q_DST, base_off);
| 2992 b0 = gen_dnhostop(addr, Q_SRC); 2993 b1 = gen_dnhostop(addr, Q_DST);
|
2575 gen_and(b0, b1); 2576 return b1; 2577 2578 case Q_OR: 2579 case Q_DEFAULT: 2580 /* Inefficient because we do our Calvinball dance twice */
| 2994 gen_and(b0, b1); 2995 return b1; 2996 2997 case Q_OR: 2998 case Q_DEFAULT: 2999 /* Inefficient because we do our Calvinball dance twice */
|
2581 b0 = gen_dnhostop(addr, Q_SRC, base_off); 2582 b1 = gen_dnhostop(addr, Q_DST, base_off);
| 3000 b0 = gen_dnhostop(addr, Q_SRC); 3001 b1 = gen_dnhostop(addr, Q_DST);
|
2583 gen_or(b0, b1); 2584 return b1; 2585 2586 case Q_ISO: 2587 bpf_error("ISO host filtering not implemented"); 2588 2589 default: 2590 abort(); 2591 } 2592 b0 = gen_linktype(ETHERTYPE_DN); 2593 /* Check for pad = 1, long header case */
| 3002 gen_or(b0, b1); 3003 return b1; 3004 3005 case Q_ISO: 3006 bpf_error("ISO host filtering not implemented"); 3007 3008 default: 3009 abort(); 3010 } 3011 b0 = gen_linktype(ETHERTYPE_DN); 3012 /* Check for pad = 1, long header case */
|
2594 tmp = gen_mcmp(base_off + 2, BPF_H,
| 3013 tmp = gen_mcmp(OR_NET, 2, BPF_H,
|
2595 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF));
| 3014 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF));
|
2596 b1 = gen_cmp(base_off + 2 + 1 + offset_lh,
| 3015 b1 = gen_cmp(OR_NET, 2 + 1 + offset_lh,
|
2597 BPF_H, (bpf_int32)ntohs(addr)); 2598 gen_and(tmp, b1); 2599 /* Check for pad = 0, long header case */
| 3016 BPF_H, (bpf_int32)ntohs(addr)); 3017 gen_and(tmp, b1); 3018 /* Check for pad = 0, long header case */
|
2600 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7); 2601 b2 = gen_cmp(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr));
| 3019 tmp = gen_mcmp(OR_NET, 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7); 3020 b2 = gen_cmp(OR_NET, 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr));
|
2602 gen_and(tmp, b2); 2603 gen_or(b2, b1); 2604 /* Check for pad = 1, short header case */
| 3021 gen_and(tmp, b2); 3022 gen_or(b2, b1); 3023 /* Check for pad = 1, short header case */
|
2605 tmp = gen_mcmp(base_off + 2, BPF_H,
| 3024 tmp = gen_mcmp(OR_NET, 2, BPF_H,
|
2606 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF));
| 3025 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF));
|
2607 b2 = gen_cmp(base_off + 2 + 1 + offset_sh, 2608 BPF_H, (bpf_int32)ntohs(addr));
| 3026 b2 = gen_cmp(OR_NET, 2 + 1 + offset_sh, BPF_H, (bpf_int32)ntohs(addr));
|
2609 gen_and(tmp, b2); 2610 gen_or(b2, b1); 2611 /* Check for pad = 0, short header case */
| 3027 gen_and(tmp, b2); 3028 gen_or(b2, b1); 3029 /* Check for pad = 0, short header case */
|
2612 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7); 2613 b2 = gen_cmp(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr));
| 3030 tmp = gen_mcmp(OR_NET, 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7); 3031 b2 = gen_cmp(OR_NET, 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr));
|
2614 gen_and(tmp, b2); 2615 gen_or(b2, b1); 2616 2617 /* Combine with test for linktype */ 2618 gen_and(b0, b1); 2619 return b1; 2620} 2621 2622static struct block * 2623gen_host(addr, mask, proto, dir) 2624 bpf_u_int32 addr; 2625 bpf_u_int32 mask; 2626 int proto; 2627 int dir; 2628{ 2629 struct block *b0, *b1; 2630 2631 switch (proto) { 2632 2633 case Q_DEFAULT: 2634 b0 = gen_host(addr, mask, Q_IP, dir); 2635 if (off_linktype != (u_int)-1) { 2636 b1 = gen_host(addr, mask, Q_ARP, dir); 2637 gen_or(b0, b1); 2638 b0 = gen_host(addr, mask, Q_RARP, dir); 2639 gen_or(b1, b0); 2640 } 2641 return b0; 2642 2643 case Q_IP:
| 3032 gen_and(tmp, b2); 3033 gen_or(b2, b1); 3034 3035 /* Combine with test for linktype */ 3036 gen_and(b0, b1); 3037 return b1; 3038} 3039 3040static struct block * 3041gen_host(addr, mask, proto, dir) 3042 bpf_u_int32 addr; 3043 bpf_u_int32 mask; 3044 int proto; 3045 int dir; 3046{ 3047 struct block *b0, *b1; 3048 3049 switch (proto) { 3050 3051 case Q_DEFAULT: 3052 b0 = gen_host(addr, mask, Q_IP, dir); 3053 if (off_linktype != (u_int)-1) { 3054 b1 = gen_host(addr, mask, Q_ARP, dir); 3055 gen_or(b0, b1); 3056 b0 = gen_host(addr, mask, Q_RARP, dir); 3057 gen_or(b1, b0); 3058 } 3059 return b0; 3060 3061 case Q_IP:
|
2644 return gen_hostop(addr, mask, dir, ETHERTYPE_IP, 2645 off_nl + 12, off_nl + 16);
| 3062 return gen_hostop(addr, mask, dir, ETHERTYPE_IP, 12, 16);
|
2646 2647 case Q_RARP:
| 3063 3064 case Q_RARP:
|
2648 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP, 2649 off_nl + 14, off_nl + 24);
| 3065 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP, 14, 24);
|
2650 2651 case Q_ARP:
| 3066 3067 case Q_ARP:
|
2652 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP, 2653 off_nl + 14, off_nl + 24);
| 3068 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP, 14, 24);
|
2654 2655 case Q_TCP: 2656 bpf_error("'tcp' modifier applied to host"); 2657 2658 case Q_SCTP: 2659 bpf_error("'sctp' modifier applied to host"); 2660 2661 case Q_UDP: 2662 bpf_error("'udp' modifier applied to host"); 2663 2664 case Q_ICMP: 2665 bpf_error("'icmp' modifier applied to host"); 2666 2667 case Q_IGMP: 2668 bpf_error("'igmp' modifier applied to host"); 2669 2670 case Q_IGRP: 2671 bpf_error("'igrp' modifier applied to host"); 2672 2673 case Q_PIM: 2674 bpf_error("'pim' modifier applied to host"); 2675 2676 case Q_VRRP: 2677 bpf_error("'vrrp' modifier applied to host"); 2678 2679 case Q_ATALK: 2680 bpf_error("ATALK host filtering not implemented"); 2681 2682 case Q_AARP: 2683 bpf_error("AARP host filtering not implemented"); 2684 2685 case Q_DECNET:
| 3069 3070 case Q_TCP: 3071 bpf_error("'tcp' modifier applied to host"); 3072 3073 case Q_SCTP: 3074 bpf_error("'sctp' modifier applied to host"); 3075 3076 case Q_UDP: 3077 bpf_error("'udp' modifier applied to host"); 3078 3079 case Q_ICMP: 3080 bpf_error("'icmp' modifier applied to host"); 3081 3082 case Q_IGMP: 3083 bpf_error("'igmp' modifier applied to host"); 3084 3085 case Q_IGRP: 3086 bpf_error("'igrp' modifier applied to host"); 3087 3088 case Q_PIM: 3089 bpf_error("'pim' modifier applied to host"); 3090 3091 case Q_VRRP: 3092 bpf_error("'vrrp' modifier applied to host"); 3093 3094 case Q_ATALK: 3095 bpf_error("ATALK host filtering not implemented"); 3096 3097 case Q_AARP: 3098 bpf_error("AARP host filtering not implemented"); 3099 3100 case Q_DECNET:
|
2686 return gen_dnhostop(addr, dir, off_nl);
| 3101 return gen_dnhostop(addr, dir);
|
2687 2688 case Q_SCA: 2689 bpf_error("SCA host filtering not implemented"); 2690 2691 case Q_LAT: 2692 bpf_error("LAT host filtering not implemented"); 2693 2694 case Q_MOPDL: 2695 bpf_error("MOPDL host filtering not implemented"); 2696 2697 case Q_MOPRC: 2698 bpf_error("MOPRC host filtering not implemented"); 2699 2700#ifdef INET6 2701 case Q_IPV6: 2702 bpf_error("'ip6' modifier applied to ip host"); 2703 2704 case Q_ICMPV6: 2705 bpf_error("'icmp6' modifier applied to host"); 2706#endif /* INET6 */ 2707 2708 case Q_AH: 2709 bpf_error("'ah' modifier applied to host"); 2710 2711 case Q_ESP: 2712 bpf_error("'esp' modifier applied to host"); 2713 2714 case Q_ISO: 2715 bpf_error("ISO host filtering not implemented"); 2716 2717 case Q_ESIS: 2718 bpf_error("'esis' modifier applied to host"); 2719 2720 case Q_ISIS: 2721 bpf_error("'isis' modifier applied to host"); 2722 2723 case Q_CLNP: 2724 bpf_error("'clnp' modifier applied to host"); 2725 2726 case Q_STP: 2727 bpf_error("'stp' modifier applied to host"); 2728 2729 case Q_IPX: 2730 bpf_error("IPX host filtering not implemented"); 2731 2732 case Q_NETBEUI: 2733 bpf_error("'netbeui' modifier applied to host"); 2734
| 3102 3103 case Q_SCA: 3104 bpf_error("SCA host filtering not implemented"); 3105 3106 case Q_LAT: 3107 bpf_error("LAT host filtering not implemented"); 3108 3109 case Q_MOPDL: 3110 bpf_error("MOPDL host filtering not implemented"); 3111 3112 case Q_MOPRC: 3113 bpf_error("MOPRC host filtering not implemented"); 3114 3115#ifdef INET6 3116 case Q_IPV6: 3117 bpf_error("'ip6' modifier applied to ip host"); 3118 3119 case Q_ICMPV6: 3120 bpf_error("'icmp6' modifier applied to host"); 3121#endif /* INET6 */ 3122 3123 case Q_AH: 3124 bpf_error("'ah' modifier applied to host"); 3125 3126 case Q_ESP: 3127 bpf_error("'esp' modifier applied to host"); 3128 3129 case Q_ISO: 3130 bpf_error("ISO host filtering not implemented"); 3131 3132 case Q_ESIS: 3133 bpf_error("'esis' modifier applied to host"); 3134 3135 case Q_ISIS: 3136 bpf_error("'isis' modifier applied to host"); 3137 3138 case Q_CLNP: 3139 bpf_error("'clnp' modifier applied to host"); 3140 3141 case Q_STP: 3142 bpf_error("'stp' modifier applied to host"); 3143 3144 case Q_IPX: 3145 bpf_error("IPX host filtering not implemented"); 3146 3147 case Q_NETBEUI: 3148 bpf_error("'netbeui' modifier applied to host"); 3149
|
| 3150 case Q_RADIO: 3151 bpf_error("'radio' modifier applied to host"); 3152
|
2735 default: 2736 abort(); 2737 } 2738 /* NOTREACHED */ 2739} 2740 2741#ifdef INET6 2742static struct block * 2743gen_host6(addr, mask, proto, dir) 2744 struct in6_addr *addr; 2745 struct in6_addr *mask; 2746 int proto; 2747 int dir; 2748{ 2749 switch (proto) { 2750 2751 case Q_DEFAULT: 2752 return gen_host6(addr, mask, Q_IPV6, dir); 2753 2754 case Q_IP: 2755 bpf_error("'ip' modifier applied to ip6 host"); 2756 2757 case Q_RARP: 2758 bpf_error("'rarp' modifier applied to ip6 host"); 2759 2760 case Q_ARP: 2761 bpf_error("'arp' modifier applied to ip6 host"); 2762 2763 case Q_SCTP: 2764 bpf_error("'sctp' modifier applied to host"); 2765 2766 case Q_TCP: 2767 bpf_error("'tcp' modifier applied to host"); 2768 2769 case Q_UDP: 2770 bpf_error("'udp' modifier applied to host"); 2771 2772 case Q_ICMP: 2773 bpf_error("'icmp' modifier applied to host"); 2774 2775 case Q_IGMP: 2776 bpf_error("'igmp' modifier applied to host"); 2777 2778 case Q_IGRP: 2779 bpf_error("'igrp' modifier applied to host"); 2780 2781 case Q_PIM: 2782 bpf_error("'pim' modifier applied to host"); 2783 2784 case Q_VRRP: 2785 bpf_error("'vrrp' modifier applied to host"); 2786 2787 case Q_ATALK: 2788 bpf_error("ATALK host filtering not implemented"); 2789 2790 case Q_AARP: 2791 bpf_error("AARP host filtering not implemented"); 2792 2793 case Q_DECNET: 2794 bpf_error("'decnet' modifier applied to ip6 host"); 2795 2796 case Q_SCA: 2797 bpf_error("SCA host filtering not implemented"); 2798 2799 case Q_LAT: 2800 bpf_error("LAT host filtering not implemented"); 2801 2802 case Q_MOPDL: 2803 bpf_error("MOPDL host filtering not implemented"); 2804 2805 case Q_MOPRC: 2806 bpf_error("MOPRC host filtering not implemented"); 2807 2808 case Q_IPV6:
| 3153 default: 3154 abort(); 3155 } 3156 /* NOTREACHED */ 3157} 3158 3159#ifdef INET6 3160static struct block * 3161gen_host6(addr, mask, proto, dir) 3162 struct in6_addr *addr; 3163 struct in6_addr *mask; 3164 int proto; 3165 int dir; 3166{ 3167 switch (proto) { 3168 3169 case Q_DEFAULT: 3170 return gen_host6(addr, mask, Q_IPV6, dir); 3171 3172 case Q_IP: 3173 bpf_error("'ip' modifier applied to ip6 host"); 3174 3175 case Q_RARP: 3176 bpf_error("'rarp' modifier applied to ip6 host"); 3177 3178 case Q_ARP: 3179 bpf_error("'arp' modifier applied to ip6 host"); 3180 3181 case Q_SCTP: 3182 bpf_error("'sctp' modifier applied to host"); 3183 3184 case Q_TCP: 3185 bpf_error("'tcp' modifier applied to host"); 3186 3187 case Q_UDP: 3188 bpf_error("'udp' modifier applied to host"); 3189 3190 case Q_ICMP: 3191 bpf_error("'icmp' modifier applied to host"); 3192 3193 case Q_IGMP: 3194 bpf_error("'igmp' modifier applied to host"); 3195 3196 case Q_IGRP: 3197 bpf_error("'igrp' modifier applied to host"); 3198 3199 case Q_PIM: 3200 bpf_error("'pim' modifier applied to host"); 3201 3202 case Q_VRRP: 3203 bpf_error("'vrrp' modifier applied to host"); 3204 3205 case Q_ATALK: 3206 bpf_error("ATALK host filtering not implemented"); 3207 3208 case Q_AARP: 3209 bpf_error("AARP host filtering not implemented"); 3210 3211 case Q_DECNET: 3212 bpf_error("'decnet' modifier applied to ip6 host"); 3213 3214 case Q_SCA: 3215 bpf_error("SCA host filtering not implemented"); 3216 3217 case Q_LAT: 3218 bpf_error("LAT host filtering not implemented"); 3219 3220 case Q_MOPDL: 3221 bpf_error("MOPDL host filtering not implemented"); 3222 3223 case Q_MOPRC: 3224 bpf_error("MOPRC host filtering not implemented"); 3225 3226 case Q_IPV6:
|
2809 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6, 2810 off_nl + 8, off_nl + 24);
| 3227 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6, 8, 24);
|
2811 2812 case Q_ICMPV6: 2813 bpf_error("'icmp6' modifier applied to host"); 2814 2815 case Q_AH: 2816 bpf_error("'ah' modifier applied to host"); 2817 2818 case Q_ESP: 2819 bpf_error("'esp' modifier applied to host"); 2820 2821 case Q_ISO: 2822 bpf_error("ISO host filtering not implemented"); 2823 2824 case Q_ESIS: 2825 bpf_error("'esis' modifier applied to host"); 2826 2827 case Q_ISIS: 2828 bpf_error("'isis' modifier applied to host"); 2829 2830 case Q_CLNP: 2831 bpf_error("'clnp' modifier applied to host"); 2832 2833 case Q_STP: 2834 bpf_error("'stp' modifier applied to host"); 2835 2836 case Q_IPX: 2837 bpf_error("IPX host filtering not implemented"); 2838 2839 case Q_NETBEUI: 2840 bpf_error("'netbeui' modifier applied to host"); 2841
| 3228 3229 case Q_ICMPV6: 3230 bpf_error("'icmp6' modifier applied to host"); 3231 3232 case Q_AH: 3233 bpf_error("'ah' modifier applied to host"); 3234 3235 case Q_ESP: 3236 bpf_error("'esp' modifier applied to host"); 3237 3238 case Q_ISO: 3239 bpf_error("ISO host filtering not implemented"); 3240 3241 case Q_ESIS: 3242 bpf_error("'esis' modifier applied to host"); 3243 3244 case Q_ISIS: 3245 bpf_error("'isis' modifier applied to host"); 3246 3247 case Q_CLNP: 3248 bpf_error("'clnp' modifier applied to host"); 3249 3250 case Q_STP: 3251 bpf_error("'stp' modifier applied to host"); 3252 3253 case Q_IPX: 3254 bpf_error("IPX host filtering not implemented"); 3255 3256 case Q_NETBEUI: 3257 bpf_error("'netbeui' modifier applied to host"); 3258
|
| 3259 case Q_RADIO: 3260 bpf_error("'radio' modifier applied to host"); 3261
|
2842 default: 2843 abort(); 2844 } 2845 /* NOTREACHED */ 2846} 2847#endif /*INET6*/ 2848 2849#ifndef INET6 2850static struct block * 2851gen_gateway(eaddr, alist, proto, dir) 2852 const u_char *eaddr; 2853 bpf_u_int32 **alist; 2854 int proto; 2855 int dir; 2856{ 2857 struct block *b0, *b1, *tmp; 2858 2859 if (dir != 0) 2860 bpf_error("direction applied to 'gateway'"); 2861 2862 switch (proto) { 2863 case Q_DEFAULT: 2864 case Q_IP: 2865 case Q_ARP: 2866 case Q_RARP: 2867 if (linktype == DLT_EN10MB) 2868 b0 = gen_ehostop(eaddr, Q_OR); 2869 else if (linktype == DLT_FDDI) 2870 b0 = gen_fhostop(eaddr, Q_OR); 2871 else if (linktype == DLT_IEEE802) 2872 b0 = gen_thostop(eaddr, Q_OR);
| 3262 default: 3263 abort(); 3264 } 3265 /* NOTREACHED */ 3266} 3267#endif /*INET6*/ 3268 3269#ifndef INET6 3270static struct block * 3271gen_gateway(eaddr, alist, proto, dir) 3272 const u_char *eaddr; 3273 bpf_u_int32 **alist; 3274 int proto; 3275 int dir; 3276{ 3277 struct block *b0, *b1, *tmp; 3278 3279 if (dir != 0) 3280 bpf_error("direction applied to 'gateway'"); 3281 3282 switch (proto) { 3283 case Q_DEFAULT: 3284 case Q_IP: 3285 case Q_ARP: 3286 case Q_RARP: 3287 if (linktype == DLT_EN10MB) 3288 b0 = gen_ehostop(eaddr, Q_OR); 3289 else if (linktype == DLT_FDDI) 3290 b0 = gen_fhostop(eaddr, Q_OR); 3291 else if (linktype == DLT_IEEE802) 3292 b0 = gen_thostop(eaddr, Q_OR);
|
2873 else if (linktype == DLT_IEEE802_11)
| 3293 else if (linktype == DLT_IEEE802_11 || 3294 linktype == DLT_IEEE802_11_RADIO_AVS || 3295 linktype == DLT_IEEE802_11_RADIO || 3296 linktype == DLT_PRISM_HEADER)
|
2874 b0 = gen_wlanhostop(eaddr, Q_OR); 2875 else if (linktype == DLT_SUNATM && is_lane) { 2876 /* 2877 * Check that the packet doesn't begin with an 2878 * LE Control marker. (We've already generated 2879 * a test for LANE.) 2880 */
| 3297 b0 = gen_wlanhostop(eaddr, Q_OR); 3298 else if (linktype == DLT_SUNATM && is_lane) { 3299 /* 3300 * Check that the packet doesn't begin with an 3301 * LE Control marker. (We've already generated 3302 * a test for LANE.) 3303 */
|
2881 b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
| 3304 b1 = gen_cmp(OR_LINK, SUNATM_PKT_BEGIN_POS, BPF_H, 3305 0xFF00);
|
2882 gen_not(b1); 2883 2884 /* 2885 * Now check the MAC address. 2886 */ 2887 b0 = gen_ehostop(eaddr, Q_OR); 2888 gen_and(b1, b0); 2889 } else if (linktype == DLT_IP_OVER_FC) 2890 b0 = gen_ipfchostop(eaddr, Q_OR); 2891 else 2892 bpf_error( 2893 "'gateway' supported only on ethernet/FDDI/token ring/802.11/Fibre Channel"); 2894 2895 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR); 2896 while (*alist) { 2897 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR); 2898 gen_or(b1, tmp); 2899 b1 = tmp; 2900 } 2901 gen_not(b1); 2902 gen_and(b0, b1); 2903 return b1; 2904 } 2905 bpf_error("illegal modifier of 'gateway'"); 2906 /* NOTREACHED */ 2907} 2908#endif 2909 2910struct block * 2911gen_proto_abbrev(proto) 2912 int proto; 2913{ 2914 struct block *b0; 2915 struct block *b1; 2916 2917 switch (proto) { 2918 2919 case Q_SCTP: 2920 b1 = gen_proto(IPPROTO_SCTP, Q_IP, Q_DEFAULT); 2921#ifdef INET6 2922 b0 = gen_proto(IPPROTO_SCTP, Q_IPV6, Q_DEFAULT); 2923 gen_or(b0, b1); 2924#endif 2925 break; 2926 2927 case Q_TCP: 2928 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT); 2929#ifdef INET6 2930 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT); 2931 gen_or(b0, b1); 2932#endif 2933 break; 2934 2935 case Q_UDP: 2936 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT); 2937#ifdef INET6 2938 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT); 2939 gen_or(b0, b1); 2940#endif 2941 break; 2942 2943 case Q_ICMP: 2944 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT); 2945 break; 2946 2947#ifndef IPPROTO_IGMP 2948#define IPPROTO_IGMP 2 2949#endif 2950 2951 case Q_IGMP: 2952 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT); 2953 break; 2954 2955#ifndef IPPROTO_IGRP 2956#define IPPROTO_IGRP 9 2957#endif 2958 case Q_IGRP: 2959 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT); 2960 break; 2961 2962#ifndef IPPROTO_PIM 2963#define IPPROTO_PIM 103 2964#endif 2965 2966 case Q_PIM: 2967 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT); 2968#ifdef INET6 2969 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT); 2970 gen_or(b0, b1); 2971#endif 2972 break; 2973 2974#ifndef IPPROTO_VRRP 2975#define IPPROTO_VRRP 112 2976#endif 2977 2978 case Q_VRRP: 2979 b1 = gen_proto(IPPROTO_VRRP, Q_IP, Q_DEFAULT); 2980 break; 2981 2982 case Q_IP: 2983 b1 = gen_linktype(ETHERTYPE_IP); 2984 break; 2985 2986 case Q_ARP: 2987 b1 = gen_linktype(ETHERTYPE_ARP); 2988 break; 2989 2990 case Q_RARP: 2991 b1 = gen_linktype(ETHERTYPE_REVARP); 2992 break; 2993 2994 case Q_LINK: 2995 bpf_error("link layer applied in wrong context"); 2996 2997 case Q_ATALK: 2998 b1 = gen_linktype(ETHERTYPE_ATALK); 2999 break; 3000 3001 case Q_AARP: 3002 b1 = gen_linktype(ETHERTYPE_AARP); 3003 break; 3004 3005 case Q_DECNET: 3006 b1 = gen_linktype(ETHERTYPE_DN); 3007 break; 3008 3009 case Q_SCA: 3010 b1 = gen_linktype(ETHERTYPE_SCA); 3011 break; 3012 3013 case Q_LAT: 3014 b1 = gen_linktype(ETHERTYPE_LAT); 3015 break; 3016 3017 case Q_MOPDL: 3018 b1 = gen_linktype(ETHERTYPE_MOPDL); 3019 break; 3020 3021 case Q_MOPRC: 3022 b1 = gen_linktype(ETHERTYPE_MOPRC); 3023 break; 3024 3025#ifdef INET6 3026 case Q_IPV6: 3027 b1 = gen_linktype(ETHERTYPE_IPV6); 3028 break; 3029 3030#ifndef IPPROTO_ICMPV6 3031#define IPPROTO_ICMPV6 58 3032#endif 3033 case Q_ICMPV6: 3034 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT); 3035 break; 3036#endif /* INET6 */ 3037 3038#ifndef IPPROTO_AH 3039#define IPPROTO_AH 51 3040#endif 3041 case Q_AH: 3042 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT); 3043#ifdef INET6 3044 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT); 3045 gen_or(b0, b1); 3046#endif 3047 break; 3048 3049#ifndef IPPROTO_ESP 3050#define IPPROTO_ESP 50 3051#endif 3052 case Q_ESP: 3053 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT); 3054#ifdef INET6 3055 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT); 3056 gen_or(b0, b1); 3057#endif 3058 break; 3059 3060 case Q_ISO: 3061 b1 = gen_linktype(LLCSAP_ISONS); 3062 break; 3063 3064 case Q_ESIS: 3065 b1 = gen_proto(ISO9542_ESIS, Q_ISO, Q_DEFAULT); 3066 break; 3067 3068 case Q_ISIS: 3069 b1 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT); 3070 break; 3071 3072 case Q_ISIS_L1: /* all IS-IS Level1 PDU-Types */ 3073 b0 = gen_proto(ISIS_L1_LAN_IIH, Q_ISIS, Q_DEFAULT); 3074 b1 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT); /* FIXME extract the circuit-type bits */ 3075 gen_or(b0, b1); 3076 b0 = gen_proto(ISIS_L1_LSP, Q_ISIS, Q_DEFAULT); 3077 gen_or(b0, b1); 3078 b0 = gen_proto(ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT); 3079 gen_or(b0, b1); 3080 b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT); 3081 gen_or(b0, b1); 3082 break; 3083 3084 case Q_ISIS_L2: /* all IS-IS Level2 PDU-Types */ 3085 b0 = gen_proto(ISIS_L2_LAN_IIH, Q_ISIS, Q_DEFAULT); 3086 b1 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT); /* FIXME extract the circuit-type bits */ 3087 gen_or(b0, b1); 3088 b0 = gen_proto(ISIS_L2_LSP, Q_ISIS, Q_DEFAULT); 3089 gen_or(b0, b1); 3090 b0 = gen_proto(ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT); 3091 gen_or(b0, b1); 3092 b0 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT); 3093 gen_or(b0, b1); 3094 break; 3095 3096 case Q_ISIS_IIH: /* all IS-IS Hello PDU-Types */ 3097 b0 = gen_proto(ISIS_L1_LAN_IIH, Q_ISIS, Q_DEFAULT); 3098 b1 = gen_proto(ISIS_L2_LAN_IIH, Q_ISIS, Q_DEFAULT); 3099 gen_or(b0, b1); 3100 b0 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT); 3101 gen_or(b0, b1); 3102 break; 3103 3104 case Q_ISIS_LSP: 3105 b0 = gen_proto(ISIS_L1_LSP, Q_ISIS, Q_DEFAULT); 3106 b1 = gen_proto(ISIS_L2_LSP, Q_ISIS, Q_DEFAULT); 3107 gen_or(b0, b1); 3108 break; 3109 3110 case Q_ISIS_SNP: 3111 b0 = gen_proto(ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT); 3112 b1 = gen_proto(ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT); 3113 gen_or(b0, b1); 3114 b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT); 3115 gen_or(b0, b1); 3116 b0 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT); 3117 gen_or(b0, b1); 3118 break; 3119 3120 case Q_ISIS_CSNP: 3121 b0 = gen_proto(ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT); 3122 b1 = gen_proto(ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT); 3123 gen_or(b0, b1); 3124 break; 3125 3126 case Q_ISIS_PSNP: 3127 b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT); 3128 b1 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT); 3129 gen_or(b0, b1); 3130 break; 3131 3132 case Q_CLNP: 3133 b1 = gen_proto(ISO8473_CLNP, Q_ISO, Q_DEFAULT); 3134 break; 3135 3136 case Q_STP: 3137 b1 = gen_linktype(LLCSAP_8021D); 3138 break; 3139 3140 case Q_IPX: 3141 b1 = gen_linktype(LLCSAP_IPX); 3142 break; 3143 3144 case Q_NETBEUI: 3145 b1 = gen_linktype(LLCSAP_NETBEUI); 3146 break; 3147
| 3306 gen_not(b1); 3307 3308 /* 3309 * Now check the MAC address. 3310 */ 3311 b0 = gen_ehostop(eaddr, Q_OR); 3312 gen_and(b1, b0); 3313 } else if (linktype == DLT_IP_OVER_FC) 3314 b0 = gen_ipfchostop(eaddr, Q_OR); 3315 else 3316 bpf_error( 3317 "'gateway' supported only on ethernet/FDDI/token ring/802.11/Fibre Channel"); 3318 3319 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR); 3320 while (*alist) { 3321 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR); 3322 gen_or(b1, tmp); 3323 b1 = tmp; 3324 } 3325 gen_not(b1); 3326 gen_and(b0, b1); 3327 return b1; 3328 } 3329 bpf_error("illegal modifier of 'gateway'"); 3330 /* NOTREACHED */ 3331} 3332#endif 3333 3334struct block * 3335gen_proto_abbrev(proto) 3336 int proto; 3337{ 3338 struct block *b0; 3339 struct block *b1; 3340 3341 switch (proto) { 3342 3343 case Q_SCTP: 3344 b1 = gen_proto(IPPROTO_SCTP, Q_IP, Q_DEFAULT); 3345#ifdef INET6 3346 b0 = gen_proto(IPPROTO_SCTP, Q_IPV6, Q_DEFAULT); 3347 gen_or(b0, b1); 3348#endif 3349 break; 3350 3351 case Q_TCP: 3352 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT); 3353#ifdef INET6 3354 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT); 3355 gen_or(b0, b1); 3356#endif 3357 break; 3358 3359 case Q_UDP: 3360 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT); 3361#ifdef INET6 3362 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT); 3363 gen_or(b0, b1); 3364#endif 3365 break; 3366 3367 case Q_ICMP: 3368 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT); 3369 break; 3370 3371#ifndef IPPROTO_IGMP 3372#define IPPROTO_IGMP 2 3373#endif 3374 3375 case Q_IGMP: 3376 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT); 3377 break; 3378 3379#ifndef IPPROTO_IGRP 3380#define IPPROTO_IGRP 9 3381#endif 3382 case Q_IGRP: 3383 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT); 3384 break; 3385 3386#ifndef IPPROTO_PIM 3387#define IPPROTO_PIM 103 3388#endif 3389 3390 case Q_PIM: 3391 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT); 3392#ifdef INET6 3393 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT); 3394 gen_or(b0, b1); 3395#endif 3396 break; 3397 3398#ifndef IPPROTO_VRRP 3399#define IPPROTO_VRRP 112 3400#endif 3401 3402 case Q_VRRP: 3403 b1 = gen_proto(IPPROTO_VRRP, Q_IP, Q_DEFAULT); 3404 break; 3405 3406 case Q_IP: 3407 b1 = gen_linktype(ETHERTYPE_IP); 3408 break; 3409 3410 case Q_ARP: 3411 b1 = gen_linktype(ETHERTYPE_ARP); 3412 break; 3413 3414 case Q_RARP: 3415 b1 = gen_linktype(ETHERTYPE_REVARP); 3416 break; 3417 3418 case Q_LINK: 3419 bpf_error("link layer applied in wrong context"); 3420 3421 case Q_ATALK: 3422 b1 = gen_linktype(ETHERTYPE_ATALK); 3423 break; 3424 3425 case Q_AARP: 3426 b1 = gen_linktype(ETHERTYPE_AARP); 3427 break; 3428 3429 case Q_DECNET: 3430 b1 = gen_linktype(ETHERTYPE_DN); 3431 break; 3432 3433 case Q_SCA: 3434 b1 = gen_linktype(ETHERTYPE_SCA); 3435 break; 3436 3437 case Q_LAT: 3438 b1 = gen_linktype(ETHERTYPE_LAT); 3439 break; 3440 3441 case Q_MOPDL: 3442 b1 = gen_linktype(ETHERTYPE_MOPDL); 3443 break; 3444 3445 case Q_MOPRC: 3446 b1 = gen_linktype(ETHERTYPE_MOPRC); 3447 break; 3448 3449#ifdef INET6 3450 case Q_IPV6: 3451 b1 = gen_linktype(ETHERTYPE_IPV6); 3452 break; 3453 3454#ifndef IPPROTO_ICMPV6 3455#define IPPROTO_ICMPV6 58 3456#endif 3457 case Q_ICMPV6: 3458 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT); 3459 break; 3460#endif /* INET6 */ 3461 3462#ifndef IPPROTO_AH 3463#define IPPROTO_AH 51 3464#endif 3465 case Q_AH: 3466 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT); 3467#ifdef INET6 3468 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT); 3469 gen_or(b0, b1); 3470#endif 3471 break; 3472 3473#ifndef IPPROTO_ESP 3474#define IPPROTO_ESP 50 3475#endif 3476 case Q_ESP: 3477 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT); 3478#ifdef INET6 3479 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT); 3480 gen_or(b0, b1); 3481#endif 3482 break; 3483 3484 case Q_ISO: 3485 b1 = gen_linktype(LLCSAP_ISONS); 3486 break; 3487 3488 case Q_ESIS: 3489 b1 = gen_proto(ISO9542_ESIS, Q_ISO, Q_DEFAULT); 3490 break; 3491 3492 case Q_ISIS: 3493 b1 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT); 3494 break; 3495 3496 case Q_ISIS_L1: /* all IS-IS Level1 PDU-Types */ 3497 b0 = gen_proto(ISIS_L1_LAN_IIH, Q_ISIS, Q_DEFAULT); 3498 b1 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT); /* FIXME extract the circuit-type bits */ 3499 gen_or(b0, b1); 3500 b0 = gen_proto(ISIS_L1_LSP, Q_ISIS, Q_DEFAULT); 3501 gen_or(b0, b1); 3502 b0 = gen_proto(ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT); 3503 gen_or(b0, b1); 3504 b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT); 3505 gen_or(b0, b1); 3506 break; 3507 3508 case Q_ISIS_L2: /* all IS-IS Level2 PDU-Types */ 3509 b0 = gen_proto(ISIS_L2_LAN_IIH, Q_ISIS, Q_DEFAULT); 3510 b1 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT); /* FIXME extract the circuit-type bits */ 3511 gen_or(b0, b1); 3512 b0 = gen_proto(ISIS_L2_LSP, Q_ISIS, Q_DEFAULT); 3513 gen_or(b0, b1); 3514 b0 = gen_proto(ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT); 3515 gen_or(b0, b1); 3516 b0 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT); 3517 gen_or(b0, b1); 3518 break; 3519 3520 case Q_ISIS_IIH: /* all IS-IS Hello PDU-Types */ 3521 b0 = gen_proto(ISIS_L1_LAN_IIH, Q_ISIS, Q_DEFAULT); 3522 b1 = gen_proto(ISIS_L2_LAN_IIH, Q_ISIS, Q_DEFAULT); 3523 gen_or(b0, b1); 3524 b0 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT); 3525 gen_or(b0, b1); 3526 break; 3527 3528 case Q_ISIS_LSP: 3529 b0 = gen_proto(ISIS_L1_LSP, Q_ISIS, Q_DEFAULT); 3530 b1 = gen_proto(ISIS_L2_LSP, Q_ISIS, Q_DEFAULT); 3531 gen_or(b0, b1); 3532 break; 3533 3534 case Q_ISIS_SNP: 3535 b0 = gen_proto(ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT); 3536 b1 = gen_proto(ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT); 3537 gen_or(b0, b1); 3538 b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT); 3539 gen_or(b0, b1); 3540 b0 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT); 3541 gen_or(b0, b1); 3542 break; 3543 3544 case Q_ISIS_CSNP: 3545 b0 = gen_proto(ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT); 3546 b1 = gen_proto(ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT); 3547 gen_or(b0, b1); 3548 break; 3549 3550 case Q_ISIS_PSNP: 3551 b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT); 3552 b1 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT); 3553 gen_or(b0, b1); 3554 break; 3555 3556 case Q_CLNP: 3557 b1 = gen_proto(ISO8473_CLNP, Q_ISO, Q_DEFAULT); 3558 break; 3559 3560 case Q_STP: 3561 b1 = gen_linktype(LLCSAP_8021D); 3562 break; 3563 3564 case Q_IPX: 3565 b1 = gen_linktype(LLCSAP_IPX); 3566 break; 3567 3568 case Q_NETBEUI: 3569 b1 = gen_linktype(LLCSAP_NETBEUI); 3570 break; 3571
|
| 3572 case Q_RADIO: 3573 bpf_error("'radio' is not a valid protocol type"); 3574
|
3148 default: 3149 abort(); 3150 } 3151 return b1; 3152} 3153 3154static struct block * 3155gen_ipfrag() 3156{ 3157 struct slist *s; 3158 struct block *b; 3159 3160 /* not ip frag */
| 3575 default: 3576 abort(); 3577 } 3578 return b1; 3579} 3580 3581static struct block * 3582gen_ipfrag() 3583{ 3584 struct slist *s; 3585 struct block *b; 3586 3587 /* not ip frag */
|
3161 s = new_stmt(BPF_LD|BPF_H|BPF_ABS); 3162 s->s.k = off_nl + 6;
| 3588 s = gen_load_a(OR_NET, 6, BPF_H);
|
3163 b = new_block(JMP(BPF_JSET)); 3164 b->s.k = 0x1fff; 3165 b->stmts = s; 3166 gen_not(b); 3167 3168 return b; 3169} 3170
| 3589 b = new_block(JMP(BPF_JSET)); 3590 b->s.k = 0x1fff; 3591 b->stmts = s; 3592 gen_not(b); 3593 3594 return b; 3595} 3596
|
| 3597/* 3598 * Generate a comparison to a port value in the transport-layer header 3599 * at the specified offset from the beginning of that header. 3600 * 3601 * XXX - this handles a variable-length prefix preceding the link-layer 3602 * header, such as the radiotap or AVS radio prefix, but doesn't handle 3603 * variable-length link-layer headers (such as Token Ring or 802.11 3604 * headers). 3605 */
|
3171static struct block * 3172gen_portatom(off, v) 3173 int off; 3174 bpf_int32 v; 3175{
| 3606static struct block * 3607gen_portatom(off, v) 3608 int off; 3609 bpf_int32 v; 3610{
|
3176 struct slist *s; 3177 struct block *b; 3178 3179 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 3180 s->s.k = off_nl; 3181 3182 s->next = new_stmt(BPF_LD|BPF_IND|BPF_H); 3183 s->next->s.k = off_nl + off; 3184 3185 b = new_block(JMP(BPF_JEQ)); 3186 b->stmts = s; 3187 b->s.k = v; 3188 3189 return b;
| 3611 return gen_cmp(OR_TRAN_IPV4, off, BPF_H, v);
|
3190} 3191 3192#ifdef INET6 3193static struct block * 3194gen_portatom6(off, v) 3195 int off; 3196 bpf_int32 v; 3197{
| 3612} 3613 3614#ifdef INET6 3615static struct block * 3616gen_portatom6(off, v) 3617 int off; 3618 bpf_int32 v; 3619{
|
3198 return gen_cmp(off_nl + 40 + off, BPF_H, v);
| 3620 return gen_cmp(OR_TRAN_IPV6, off, BPF_H, v);
|
3199} 3200#endif/*INET6*/ 3201 3202struct block * 3203gen_portop(port, proto, dir) 3204 int port, proto, dir; 3205{ 3206 struct block *b0, *b1, *tmp; 3207 3208 /* ip proto 'proto' */
| 3621} 3622#endif/*INET6*/ 3623 3624struct block * 3625gen_portop(port, proto, dir) 3626 int port, proto, dir; 3627{ 3628 struct block *b0, *b1, *tmp; 3629 3630 /* ip proto 'proto' */
|
3209 tmp = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)proto);
| 3631 tmp = gen_cmp(OR_NET, 9, BPF_B, (bpf_int32)proto);
|
3210 b0 = gen_ipfrag(); 3211 gen_and(tmp, b0); 3212 3213 switch (dir) { 3214 case Q_SRC: 3215 b1 = gen_portatom(0, (bpf_int32)port); 3216 break; 3217 3218 case Q_DST: 3219 b1 = gen_portatom(2, (bpf_int32)port); 3220 break; 3221 3222 case Q_OR: 3223 case Q_DEFAULT: 3224 tmp = gen_portatom(0, (bpf_int32)port); 3225 b1 = gen_portatom(2, (bpf_int32)port); 3226 gen_or(tmp, b1); 3227 break; 3228 3229 case Q_AND: 3230 tmp = gen_portatom(0, (bpf_int32)port); 3231 b1 = gen_portatom(2, (bpf_int32)port); 3232 gen_and(tmp, b1); 3233 break; 3234 3235 default: 3236 abort(); 3237 } 3238 gen_and(b0, b1); 3239 3240 return b1; 3241} 3242 3243static struct block * 3244gen_port(port, ip_proto, dir) 3245 int port; 3246 int ip_proto; 3247 int dir; 3248{ 3249 struct block *b0, *b1, *tmp; 3250 3251 /* 3252 * ether proto ip 3253 * 3254 * For FDDI, RFC 1188 says that SNAP encapsulation is used, 3255 * not LLC encapsulation with LLCSAP_IP. 3256 * 3257 * For IEEE 802 networks - which includes 802.5 token ring 3258 * (which is what DLT_IEEE802 means) and 802.11 - RFC 1042 3259 * says that SNAP encapsulation is used, not LLC encapsulation 3260 * with LLCSAP_IP. 3261 * 3262 * For LLC-encapsulated ATM/"Classical IP", RFC 1483 and 3263 * RFC 2225 say that SNAP encapsulation is used, not LLC 3264 * encapsulation with LLCSAP_IP. 3265 * 3266 * So we always check for ETHERTYPE_IP. 3267 */ 3268 b0 = gen_linktype(ETHERTYPE_IP); 3269 3270 switch (ip_proto) { 3271 case IPPROTO_UDP: 3272 case IPPROTO_TCP: 3273 case IPPROTO_SCTP: 3274 b1 = gen_portop(port, ip_proto, dir); 3275 break; 3276 3277 case PROTO_UNDEF: 3278 tmp = gen_portop(port, IPPROTO_TCP, dir); 3279 b1 = gen_portop(port, IPPROTO_UDP, dir); 3280 gen_or(tmp, b1); 3281 tmp = gen_portop(port, IPPROTO_SCTP, dir); 3282 gen_or(tmp, b1); 3283 break; 3284 3285 default: 3286 abort(); 3287 } 3288 gen_and(b0, b1); 3289 return b1; 3290} 3291 3292#ifdef INET6 3293struct block * 3294gen_portop6(port, proto, dir) 3295 int port, proto, dir; 3296{ 3297 struct block *b0, *b1, *tmp; 3298
| 3632 b0 = gen_ipfrag(); 3633 gen_and(tmp, b0); 3634 3635 switch (dir) { 3636 case Q_SRC: 3637 b1 = gen_portatom(0, (bpf_int32)port); 3638 break; 3639 3640 case Q_DST: 3641 b1 = gen_portatom(2, (bpf_int32)port); 3642 break; 3643 3644 case Q_OR: 3645 case Q_DEFAULT: 3646 tmp = gen_portatom(0, (bpf_int32)port); 3647 b1 = gen_portatom(2, (bpf_int32)port); 3648 gen_or(tmp, b1); 3649 break; 3650 3651 case Q_AND: 3652 tmp = gen_portatom(0, (bpf_int32)port); 3653 b1 = gen_portatom(2, (bpf_int32)port); 3654 gen_and(tmp, b1); 3655 break; 3656 3657 default: 3658 abort(); 3659 } 3660 gen_and(b0, b1); 3661 3662 return b1; 3663} 3664 3665static struct block * 3666gen_port(port, ip_proto, dir) 3667 int port; 3668 int ip_proto; 3669 int dir; 3670{ 3671 struct block *b0, *b1, *tmp; 3672 3673 /* 3674 * ether proto ip 3675 * 3676 * For FDDI, RFC 1188 says that SNAP encapsulation is used, 3677 * not LLC encapsulation with LLCSAP_IP. 3678 * 3679 * For IEEE 802 networks - which includes 802.5 token ring 3680 * (which is what DLT_IEEE802 means) and 802.11 - RFC 1042 3681 * says that SNAP encapsulation is used, not LLC encapsulation 3682 * with LLCSAP_IP. 3683 * 3684 * For LLC-encapsulated ATM/"Classical IP", RFC 1483 and 3685 * RFC 2225 say that SNAP encapsulation is used, not LLC 3686 * encapsulation with LLCSAP_IP. 3687 * 3688 * So we always check for ETHERTYPE_IP. 3689 */ 3690 b0 = gen_linktype(ETHERTYPE_IP); 3691 3692 switch (ip_proto) { 3693 case IPPROTO_UDP: 3694 case IPPROTO_TCP: 3695 case IPPROTO_SCTP: 3696 b1 = gen_portop(port, ip_proto, dir); 3697 break; 3698 3699 case PROTO_UNDEF: 3700 tmp = gen_portop(port, IPPROTO_TCP, dir); 3701 b1 = gen_portop(port, IPPROTO_UDP, dir); 3702 gen_or(tmp, b1); 3703 tmp = gen_portop(port, IPPROTO_SCTP, dir); 3704 gen_or(tmp, b1); 3705 break; 3706 3707 default: 3708 abort(); 3709 } 3710 gen_and(b0, b1); 3711 return b1; 3712} 3713 3714#ifdef INET6 3715struct block * 3716gen_portop6(port, proto, dir) 3717 int port, proto, dir; 3718{ 3719 struct block *b0, *b1, *tmp; 3720
|
3299 /* ip proto 'proto' */ 3300 b0 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)proto);
| 3721 /* ip6 proto 'proto' */ 3722 b0 = gen_cmp(OR_NET, 6, BPF_B, (bpf_int32)proto);
|
3301 3302 switch (dir) { 3303 case Q_SRC: 3304 b1 = gen_portatom6(0, (bpf_int32)port); 3305 break; 3306 3307 case Q_DST: 3308 b1 = gen_portatom6(2, (bpf_int32)port); 3309 break; 3310 3311 case Q_OR: 3312 case Q_DEFAULT: 3313 tmp = gen_portatom6(0, (bpf_int32)port); 3314 b1 = gen_portatom6(2, (bpf_int32)port); 3315 gen_or(tmp, b1); 3316 break; 3317 3318 case Q_AND: 3319 tmp = gen_portatom6(0, (bpf_int32)port); 3320 b1 = gen_portatom6(2, (bpf_int32)port); 3321 gen_and(tmp, b1); 3322 break; 3323 3324 default: 3325 abort(); 3326 } 3327 gen_and(b0, b1); 3328 3329 return b1; 3330} 3331 3332static struct block * 3333gen_port6(port, ip_proto, dir) 3334 int port; 3335 int ip_proto; 3336 int dir; 3337{ 3338 struct block *b0, *b1, *tmp; 3339
| 3723 3724 switch (dir) { 3725 case Q_SRC: 3726 b1 = gen_portatom6(0, (bpf_int32)port); 3727 break; 3728 3729 case Q_DST: 3730 b1 = gen_portatom6(2, (bpf_int32)port); 3731 break; 3732 3733 case Q_OR: 3734 case Q_DEFAULT: 3735 tmp = gen_portatom6(0, (bpf_int32)port); 3736 b1 = gen_portatom6(2, (bpf_int32)port); 3737 gen_or(tmp, b1); 3738 break; 3739 3740 case Q_AND: 3741 tmp = gen_portatom6(0, (bpf_int32)port); 3742 b1 = gen_portatom6(2, (bpf_int32)port); 3743 gen_and(tmp, b1); 3744 break; 3745 3746 default: 3747 abort(); 3748 } 3749 gen_and(b0, b1); 3750 3751 return b1; 3752} 3753 3754static struct block * 3755gen_port6(port, ip_proto, dir) 3756 int port; 3757 int ip_proto; 3758 int dir; 3759{ 3760 struct block *b0, *b1, *tmp; 3761
|
3340 /* ether proto ip */
| 3762 /* link proto ip6 */
|
3341 b0 = gen_linktype(ETHERTYPE_IPV6); 3342 3343 switch (ip_proto) { 3344 case IPPROTO_UDP: 3345 case IPPROTO_TCP: 3346 case IPPROTO_SCTP: 3347 b1 = gen_portop6(port, ip_proto, dir); 3348 break; 3349 3350 case PROTO_UNDEF: 3351 tmp = gen_portop6(port, IPPROTO_TCP, dir); 3352 b1 = gen_portop6(port, IPPROTO_UDP, dir); 3353 gen_or(tmp, b1); 3354 tmp = gen_portop6(port, IPPROTO_SCTP, dir); 3355 gen_or(tmp, b1); 3356 break; 3357 3358 default: 3359 abort(); 3360 } 3361 gen_and(b0, b1); 3362 return b1; 3363} 3364#endif /* INET6 */ 3365
| 3763 b0 = gen_linktype(ETHERTYPE_IPV6); 3764 3765 switch (ip_proto) { 3766 case IPPROTO_UDP: 3767 case IPPROTO_TCP: 3768 case IPPROTO_SCTP: 3769 b1 = gen_portop6(port, ip_proto, dir); 3770 break; 3771 3772 case PROTO_UNDEF: 3773 tmp = gen_portop6(port, IPPROTO_TCP, dir); 3774 b1 = gen_portop6(port, IPPROTO_UDP, dir); 3775 gen_or(tmp, b1); 3776 tmp = gen_portop6(port, IPPROTO_SCTP, dir); 3777 gen_or(tmp, b1); 3778 break; 3779 3780 default: 3781 abort(); 3782 } 3783 gen_and(b0, b1); 3784 return b1; 3785} 3786#endif /* INET6 */ 3787
|
| 3788/* gen_portrange code */ 3789static struct block * 3790gen_portrangeatom(off, v1, v2) 3791 int off; 3792 bpf_int32 v1, v2; 3793{ 3794 struct block *b1, *b2; 3795 3796 if (v1 > v2) { 3797 /* 3798 * Reverse the order of the ports, so v1 is the lower one. 3799 */ 3800 bpf_int32 vtemp; 3801 3802 vtemp = v1; 3803 v1 = v2; 3804 v2 = vtemp; 3805 } 3806 3807 b1 = gen_cmp_ge(OR_TRAN_IPV4, off, BPF_H, v1); 3808 b2 = gen_cmp_le(OR_TRAN_IPV4, off, BPF_H, v2); 3809 3810 gen_and(b1, b2); 3811 3812 return b2; 3813} 3814 3815struct block * 3816gen_portrangeop(port1, port2, proto, dir) 3817 int port1, port2; 3818 int proto; 3819 int dir; 3820{ 3821 struct block *b0, *b1, *tmp; 3822 3823 /* ip proto 'proto' */ 3824 tmp = gen_cmp(OR_NET, 9, BPF_B, (bpf_int32)proto); 3825 b0 = gen_ipfrag(); 3826 gen_and(tmp, b0); 3827 3828 switch (dir) { 3829 case Q_SRC: 3830 b1 = gen_portrangeatom(0, (bpf_int32)port1, (bpf_int32)port2); 3831 break; 3832 3833 case Q_DST: 3834 b1 = gen_portrangeatom(2, (bpf_int32)port1, (bpf_int32)port2); 3835 break; 3836 3837 case Q_OR: 3838 case Q_DEFAULT: 3839 tmp = gen_portrangeatom(0, (bpf_int32)port1, (bpf_int32)port2); 3840 b1 = gen_portrangeatom(2, (bpf_int32)port1, (bpf_int32)port2); 3841 gen_or(tmp, b1); 3842 break; 3843 3844 case Q_AND: 3845 tmp = gen_portrangeatom(0, (bpf_int32)port1, (bpf_int32)port2); 3846 b1 = gen_portrangeatom(2, (bpf_int32)port1, (bpf_int32)port2); 3847 gen_and(tmp, b1); 3848 break; 3849 3850 default: 3851 abort(); 3852 } 3853 gen_and(b0, b1); 3854 3855 return b1; 3856} 3857 3858static struct block * 3859gen_portrange(port1, port2, ip_proto, dir) 3860 int port1, port2; 3861 int ip_proto; 3862 int dir; 3863{ 3864 struct block *b0, *b1, *tmp; 3865 3866 /* link proto ip */ 3867 b0 = gen_linktype(ETHERTYPE_IP); 3868 3869 switch (ip_proto) { 3870 case IPPROTO_UDP: 3871 case IPPROTO_TCP: 3872 case IPPROTO_SCTP: 3873 b1 = gen_portrangeop(port1, port2, ip_proto, dir); 3874 break; 3875 3876 case PROTO_UNDEF: 3877 tmp = gen_portrangeop(port1, port2, IPPROTO_TCP, dir); 3878 b1 = gen_portrangeop(port1, port2, IPPROTO_UDP, dir); 3879 gen_or(tmp, b1); 3880 tmp = gen_portrangeop(port1, port2, IPPROTO_SCTP, dir); 3881 gen_or(tmp, b1); 3882 break; 3883 3884 default: 3885 abort(); 3886 } 3887 gen_and(b0, b1); 3888 return b1; 3889} 3890 3891#ifdef INET6 3892static struct block * 3893gen_portrangeatom6(off, v1, v2) 3894 int off; 3895 bpf_int32 v1, v2; 3896{ 3897 struct block *b1, *b2; 3898 3899 if (v1 > v2) { 3900 /* 3901 * Reverse the order of the ports, so v1 is the lower one. 3902 */ 3903 bpf_int32 vtemp; 3904 3905 vtemp = v1; 3906 v1 = v2; 3907 v2 = vtemp; 3908 } 3909 3910 b1 = gen_cmp_ge(OR_TRAN_IPV6, off, BPF_H, v1); 3911 b2 = gen_cmp_le(OR_TRAN_IPV6, off, BPF_H, v2); 3912 3913 gen_and(b1, b2); 3914 3915 return b2; 3916} 3917 3918struct block * 3919gen_portrangeop6(port1, port2, proto, dir) 3920 int port1, port2; 3921 int proto; 3922 int dir; 3923{ 3924 struct block *b0, *b1, *tmp; 3925 3926 /* ip6 proto 'proto' */ 3927 b0 = gen_cmp(OR_NET, 6, BPF_B, (bpf_int32)proto); 3928 3929 switch (dir) { 3930 case Q_SRC: 3931 b1 = gen_portrangeatom6(0, (bpf_int32)port1, (bpf_int32)port2); 3932 break; 3933 3934 case Q_DST: 3935 b1 = gen_portrangeatom6(2, (bpf_int32)port1, (bpf_int32)port2); 3936 break; 3937 3938 case Q_OR: 3939 case Q_DEFAULT: 3940 tmp = gen_portrangeatom6(0, (bpf_int32)port1, (bpf_int32)port2); 3941 b1 = gen_portrangeatom6(2, (bpf_int32)port1, (bpf_int32)port2); 3942 gen_or(tmp, b1); 3943 break; 3944 3945 case Q_AND: 3946 tmp = gen_portrangeatom6(0, (bpf_int32)port1, (bpf_int32)port2); 3947 b1 = gen_portrangeatom6(2, (bpf_int32)port1, (bpf_int32)port2); 3948 gen_and(tmp, b1); 3949 break; 3950 3951 default: 3952 abort(); 3953 } 3954 gen_and(b0, b1); 3955 3956 return b1; 3957} 3958 3959static struct block * 3960gen_portrange6(port1, port2, ip_proto, dir) 3961 int port1, port2; 3962 int ip_proto; 3963 int dir; 3964{ 3965 struct block *b0, *b1, *tmp; 3966 3967 /* link proto ip6 */ 3968 b0 = gen_linktype(ETHERTYPE_IPV6); 3969 3970 switch (ip_proto) { 3971 case IPPROTO_UDP: 3972 case IPPROTO_TCP: 3973 case IPPROTO_SCTP: 3974 b1 = gen_portrangeop6(port1, port2, ip_proto, dir); 3975 break; 3976 3977 case PROTO_UNDEF: 3978 tmp = gen_portrangeop6(port1, port2, IPPROTO_TCP, dir); 3979 b1 = gen_portrangeop6(port1, port2, IPPROTO_UDP, dir); 3980 gen_or(tmp, b1); 3981 tmp = gen_portrangeop6(port1, port2, IPPROTO_SCTP, dir); 3982 gen_or(tmp, b1); 3983 break; 3984 3985 default: 3986 abort(); 3987 } 3988 gen_and(b0, b1); 3989 return b1; 3990} 3991#endif /* INET6 */ 3992
|
3366static int 3367lookup_proto(name, proto) 3368 register const char *name; 3369 register int proto; 3370{ 3371 register int v; 3372 3373 switch (proto) { 3374 3375 case Q_DEFAULT: 3376 case Q_IP: 3377 case Q_IPV6: 3378 v = pcap_nametoproto(name); 3379 if (v == PROTO_UNDEF) 3380 bpf_error("unknown ip proto '%s'", name); 3381 break; 3382 3383 case Q_LINK: 3384 /* XXX should look up h/w protocol type based on linktype */ 3385 v = pcap_nametoeproto(name); 3386 if (v == PROTO_UNDEF) { 3387 v = pcap_nametollc(name); 3388 if (v == PROTO_UNDEF) 3389 bpf_error("unknown ether proto '%s'", name); 3390 } 3391 break; 3392 3393 case Q_ISO: 3394 if (strcmp(name, "esis") == 0) 3395 v = ISO9542_ESIS; 3396 else if (strcmp(name, "isis") == 0) 3397 v = ISO10589_ISIS; 3398 else if (strcmp(name, "clnp") == 0) 3399 v = ISO8473_CLNP; 3400 else 3401 bpf_error("unknown osi proto '%s'", name); 3402 break; 3403 3404 default: 3405 v = PROTO_UNDEF; 3406 break; 3407 } 3408 return v; 3409} 3410 3411#if 0 3412struct stmt * 3413gen_joinsp(s, n) 3414 struct stmt **s; 3415 int n; 3416{ 3417 return NULL; 3418} 3419#endif 3420 3421static struct block * 3422gen_protochain(v, proto, dir) 3423 int v; 3424 int proto; 3425 int dir; 3426{ 3427#ifdef NO_PROTOCHAIN 3428 return gen_proto(v, proto, dir); 3429#else 3430 struct block *b0, *b; 3431 struct slist *s[100]; 3432 int fix2, fix3, fix4, fix5; 3433 int ahcheck, again, end; 3434 int i, max; 3435 int reg2 = alloc_reg(); 3436 3437 memset(s, 0, sizeof(s)); 3438 fix2 = fix3 = fix4 = fix5 = 0; 3439 3440 switch (proto) { 3441 case Q_IP: 3442 case Q_IPV6: 3443 break; 3444 case Q_DEFAULT: 3445 b0 = gen_protochain(v, Q_IP, dir); 3446 b = gen_protochain(v, Q_IPV6, dir); 3447 gen_or(b0, b); 3448 return b; 3449 default: 3450 bpf_error("bad protocol applied for 'protochain'"); 3451 /*NOTREACHED*/ 3452 } 3453
| 3993static int 3994lookup_proto(name, proto) 3995 register const char *name; 3996 register int proto; 3997{ 3998 register int v; 3999 4000 switch (proto) { 4001 4002 case Q_DEFAULT: 4003 case Q_IP: 4004 case Q_IPV6: 4005 v = pcap_nametoproto(name); 4006 if (v == PROTO_UNDEF) 4007 bpf_error("unknown ip proto '%s'", name); 4008 break; 4009 4010 case Q_LINK: 4011 /* XXX should look up h/w protocol type based on linktype */ 4012 v = pcap_nametoeproto(name); 4013 if (v == PROTO_UNDEF) { 4014 v = pcap_nametollc(name); 4015 if (v == PROTO_UNDEF) 4016 bpf_error("unknown ether proto '%s'", name); 4017 } 4018 break; 4019 4020 case Q_ISO: 4021 if (strcmp(name, "esis") == 0) 4022 v = ISO9542_ESIS; 4023 else if (strcmp(name, "isis") == 0) 4024 v = ISO10589_ISIS; 4025 else if (strcmp(name, "clnp") == 0) 4026 v = ISO8473_CLNP; 4027 else 4028 bpf_error("unknown osi proto '%s'", name); 4029 break; 4030 4031 default: 4032 v = PROTO_UNDEF; 4033 break; 4034 } 4035 return v; 4036} 4037 4038#if 0 4039struct stmt * 4040gen_joinsp(s, n) 4041 struct stmt **s; 4042 int n; 4043{ 4044 return NULL; 4045} 4046#endif 4047 4048static struct block * 4049gen_protochain(v, proto, dir) 4050 int v; 4051 int proto; 4052 int dir; 4053{ 4054#ifdef NO_PROTOCHAIN 4055 return gen_proto(v, proto, dir); 4056#else 4057 struct block *b0, *b; 4058 struct slist *s[100]; 4059 int fix2, fix3, fix4, fix5; 4060 int ahcheck, again, end; 4061 int i, max; 4062 int reg2 = alloc_reg(); 4063 4064 memset(s, 0, sizeof(s)); 4065 fix2 = fix3 = fix4 = fix5 = 0; 4066 4067 switch (proto) { 4068 case Q_IP: 4069 case Q_IPV6: 4070 break; 4071 case Q_DEFAULT: 4072 b0 = gen_protochain(v, Q_IP, dir); 4073 b = gen_protochain(v, Q_IPV6, dir); 4074 gen_or(b0, b); 4075 return b; 4076 default: 4077 bpf_error("bad protocol applied for 'protochain'"); 4078 /*NOTREACHED*/ 4079 } 4080
|
| 4081 /* 4082 * We don't handle variable-length radiotap here headers yet. 4083 * We might want to add BPF instructions to do the protochain 4084 * work, to simplify that and, on platforms that have a BPF 4085 * interpreter with the new instructions, let the filtering 4086 * be done in the kernel. (We already require a modified BPF 4087 * engine to do the protochain stuff, to support backward 4088 * branches, and backward branch support is unlikely to appear 4089 * in kernel BPF engines.) 4090 */ 4091 if (linktype == DLT_IEEE802_11_RADIO) 4092 bpf_error("'protochain' not supported with radiotap headers"); 4093
|
3454 no_optimize = 1; /*this code is not compatible with optimzer yet */ 3455 3456 /*
| 4094 no_optimize = 1; /*this code is not compatible with optimzer yet */ 4095 4096 /*
|
3457 * s[0] is a dummy entry to protect other BPF insn from damaged
| 4097 * s[0] is a dummy entry to protect other BPF insn from damage
|
3458 * by s[fix] = foo with uninitialized variable "fix". It is somewhat 3459 * hard to find interdependency made by jump table fixup. 3460 */ 3461 i = 0; 3462 s[i] = new_stmt(0); /*dummy*/ 3463 i++; 3464 3465 switch (proto) { 3466 case Q_IP: 3467 b0 = gen_linktype(ETHERTYPE_IP); 3468 3469 /* A = ip->ip_p */ 3470 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B); 3471 s[i]->s.k = off_nl + 9; 3472 i++; 3473 /* X = ip->ip_hl << 2 */ 3474 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 3475 s[i]->s.k = off_nl; 3476 i++; 3477 break; 3478#ifdef INET6 3479 case Q_IPV6: 3480 b0 = gen_linktype(ETHERTYPE_IPV6); 3481 3482 /* A = ip6->ip_nxt */ 3483 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B); 3484 s[i]->s.k = off_nl + 6; 3485 i++; 3486 /* X = sizeof(struct ip6_hdr) */ 3487 s[i] = new_stmt(BPF_LDX|BPF_IMM); 3488 s[i]->s.k = 40; 3489 i++; 3490 break; 3491#endif 3492 default: 3493 bpf_error("unsupported proto to gen_protochain"); 3494 /*NOTREACHED*/ 3495 } 3496 3497 /* again: if (A == v) goto end; else fall through; */ 3498 again = i; 3499 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 3500 s[i]->s.k = v; 3501 s[i]->s.jt = NULL; /*later*/ 3502 s[i]->s.jf = NULL; /*update in next stmt*/ 3503 fix5 = i; 3504 i++; 3505 3506#ifndef IPPROTO_NONE 3507#define IPPROTO_NONE 59 3508#endif 3509 /* if (A == IPPROTO_NONE) goto end */ 3510 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 3511 s[i]->s.jt = NULL; /*later*/ 3512 s[i]->s.jf = NULL; /*update in next stmt*/ 3513 s[i]->s.k = IPPROTO_NONE; 3514 s[fix5]->s.jf = s[i]; 3515 fix2 = i; 3516 i++; 3517 3518#ifdef INET6 3519 if (proto == Q_IPV6) { 3520 int v6start, v6end, v6advance, j; 3521 3522 v6start = i; 3523 /* if (A == IPPROTO_HOPOPTS) goto v6advance */ 3524 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 3525 s[i]->s.jt = NULL; /*later*/ 3526 s[i]->s.jf = NULL; /*update in next stmt*/ 3527 s[i]->s.k = IPPROTO_HOPOPTS; 3528 s[fix2]->s.jf = s[i]; 3529 i++; 3530 /* if (A == IPPROTO_DSTOPTS) goto v6advance */ 3531 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 3532 s[i]->s.jt = NULL; /*later*/ 3533 s[i]->s.jf = NULL; /*update in next stmt*/ 3534 s[i]->s.k = IPPROTO_DSTOPTS; 3535 i++; 3536 /* if (A == IPPROTO_ROUTING) goto v6advance */ 3537 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 3538 s[i]->s.jt = NULL; /*later*/ 3539 s[i]->s.jf = NULL; /*update in next stmt*/ 3540 s[i]->s.k = IPPROTO_ROUTING; 3541 i++; 3542 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */ 3543 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 3544 s[i]->s.jt = NULL; /*later*/ 3545 s[i]->s.jf = NULL; /*later*/ 3546 s[i]->s.k = IPPROTO_FRAGMENT; 3547 fix3 = i; 3548 v6end = i; 3549 i++; 3550 3551 /* v6advance: */ 3552 v6advance = i; 3553 3554 /* 3555 * in short, 3556 * A = P[X]; 3557 * X = X + (P[X + 1] + 1) * 8; 3558 */ 3559 /* A = X */ 3560 s[i] = new_stmt(BPF_MISC|BPF_TXA); 3561 i++; 3562 /* A = P[X + packet head] */ 3563 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 3564 s[i]->s.k = off_nl; 3565 i++; 3566 /* MEM[reg2] = A */ 3567 s[i] = new_stmt(BPF_ST); 3568 s[i]->s.k = reg2; 3569 i++; 3570 /* A = X */ 3571 s[i] = new_stmt(BPF_MISC|BPF_TXA); 3572 i++; 3573 /* A += 1 */ 3574 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 3575 s[i]->s.k = 1; 3576 i++; 3577 /* X = A */ 3578 s[i] = new_stmt(BPF_MISC|BPF_TAX); 3579 i++; 3580 /* A = P[X + packet head]; */ 3581 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 3582 s[i]->s.k = off_nl; 3583 i++; 3584 /* A += 1 */ 3585 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 3586 s[i]->s.k = 1; 3587 i++; 3588 /* A *= 8 */ 3589 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K); 3590 s[i]->s.k = 8; 3591 i++; 3592 /* X = A; */ 3593 s[i] = new_stmt(BPF_MISC|BPF_TAX); 3594 i++; 3595 /* A = MEM[reg2] */ 3596 s[i] = new_stmt(BPF_LD|BPF_MEM); 3597 s[i]->s.k = reg2; 3598 i++; 3599 3600 /* goto again; (must use BPF_JA for backward jump) */ 3601 s[i] = new_stmt(BPF_JMP|BPF_JA); 3602 s[i]->s.k = again - i - 1; 3603 s[i - 1]->s.jf = s[i]; 3604 i++; 3605 3606 /* fixup */ 3607 for (j = v6start; j <= v6end; j++) 3608 s[j]->s.jt = s[v6advance]; 3609 } else 3610#endif 3611 { 3612 /* nop */ 3613 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 3614 s[i]->s.k = 0; 3615 s[fix2]->s.jf = s[i]; 3616 i++; 3617 } 3618 3619 /* ahcheck: */ 3620 ahcheck = i; 3621 /* if (A == IPPROTO_AH) then fall through; else goto end; */ 3622 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 3623 s[i]->s.jt = NULL; /*later*/ 3624 s[i]->s.jf = NULL; /*later*/ 3625 s[i]->s.k = IPPROTO_AH; 3626 if (fix3) 3627 s[fix3]->s.jf = s[ahcheck]; 3628 fix4 = i; 3629 i++; 3630 3631 /* 3632 * in short, 3633 * A = P[X]; 3634 * X = X + (P[X + 1] + 2) * 4; 3635 */ 3636 /* A = X */ 3637 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA); 3638 i++; 3639 /* A = P[X + packet head]; */ 3640 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 3641 s[i]->s.k = off_nl; 3642 i++; 3643 /* MEM[reg2] = A */ 3644 s[i] = new_stmt(BPF_ST); 3645 s[i]->s.k = reg2; 3646 i++; 3647 /* A = X */ 3648 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA); 3649 i++; 3650 /* A += 1 */ 3651 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 3652 s[i]->s.k = 1; 3653 i++; 3654 /* X = A */ 3655 s[i] = new_stmt(BPF_MISC|BPF_TAX); 3656 i++; 3657 /* A = P[X + packet head] */ 3658 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 3659 s[i]->s.k = off_nl; 3660 i++; 3661 /* A += 2 */ 3662 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 3663 s[i]->s.k = 2; 3664 i++; 3665 /* A *= 4 */ 3666 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K); 3667 s[i]->s.k = 4; 3668 i++; 3669 /* X = A; */ 3670 s[i] = new_stmt(BPF_MISC|BPF_TAX); 3671 i++; 3672 /* A = MEM[reg2] */ 3673 s[i] = new_stmt(BPF_LD|BPF_MEM); 3674 s[i]->s.k = reg2; 3675 i++; 3676 3677 /* goto again; (must use BPF_JA for backward jump) */ 3678 s[i] = new_stmt(BPF_JMP|BPF_JA); 3679 s[i]->s.k = again - i - 1; 3680 i++; 3681 3682 /* end: nop */ 3683 end = i; 3684 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 3685 s[i]->s.k = 0; 3686 s[fix2]->s.jt = s[end]; 3687 s[fix4]->s.jf = s[end]; 3688 s[fix5]->s.jt = s[end]; 3689 i++; 3690 3691 /* 3692 * make slist chain 3693 */ 3694 max = i; 3695 for (i = 0; i < max - 1; i++) 3696 s[i]->next = s[i + 1]; 3697 s[max - 1]->next = NULL; 3698 3699 /* 3700 * emit final check 3701 */ 3702 b = new_block(JMP(BPF_JEQ)); 3703 b->stmts = s[1]; /*remember, s[0] is dummy*/ 3704 b->s.k = v; 3705 3706 free_reg(reg2); 3707 3708 gen_and(b0, b); 3709 return b; 3710#endif 3711} 3712
| 4098 * by s[fix] = foo with uninitialized variable "fix". It is somewhat 4099 * hard to find interdependency made by jump table fixup. 4100 */ 4101 i = 0; 4102 s[i] = new_stmt(0); /*dummy*/ 4103 i++; 4104 4105 switch (proto) { 4106 case Q_IP: 4107 b0 = gen_linktype(ETHERTYPE_IP); 4108 4109 /* A = ip->ip_p */ 4110 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B); 4111 s[i]->s.k = off_nl + 9; 4112 i++; 4113 /* X = ip->ip_hl << 2 */ 4114 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 4115 s[i]->s.k = off_nl; 4116 i++; 4117 break; 4118#ifdef INET6 4119 case Q_IPV6: 4120 b0 = gen_linktype(ETHERTYPE_IPV6); 4121 4122 /* A = ip6->ip_nxt */ 4123 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B); 4124 s[i]->s.k = off_nl + 6; 4125 i++; 4126 /* X = sizeof(struct ip6_hdr) */ 4127 s[i] = new_stmt(BPF_LDX|BPF_IMM); 4128 s[i]->s.k = 40; 4129 i++; 4130 break; 4131#endif 4132 default: 4133 bpf_error("unsupported proto to gen_protochain"); 4134 /*NOTREACHED*/ 4135 } 4136 4137 /* again: if (A == v) goto end; else fall through; */ 4138 again = i; 4139 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 4140 s[i]->s.k = v; 4141 s[i]->s.jt = NULL; /*later*/ 4142 s[i]->s.jf = NULL; /*update in next stmt*/ 4143 fix5 = i; 4144 i++; 4145 4146#ifndef IPPROTO_NONE 4147#define IPPROTO_NONE 59 4148#endif 4149 /* if (A == IPPROTO_NONE) goto end */ 4150 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 4151 s[i]->s.jt = NULL; /*later*/ 4152 s[i]->s.jf = NULL; /*update in next stmt*/ 4153 s[i]->s.k = IPPROTO_NONE; 4154 s[fix5]->s.jf = s[i]; 4155 fix2 = i; 4156 i++; 4157 4158#ifdef INET6 4159 if (proto == Q_IPV6) { 4160 int v6start, v6end, v6advance, j; 4161 4162 v6start = i; 4163 /* if (A == IPPROTO_HOPOPTS) goto v6advance */ 4164 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 4165 s[i]->s.jt = NULL; /*later*/ 4166 s[i]->s.jf = NULL; /*update in next stmt*/ 4167 s[i]->s.k = IPPROTO_HOPOPTS; 4168 s[fix2]->s.jf = s[i]; 4169 i++; 4170 /* if (A == IPPROTO_DSTOPTS) goto v6advance */ 4171 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 4172 s[i]->s.jt = NULL; /*later*/ 4173 s[i]->s.jf = NULL; /*update in next stmt*/ 4174 s[i]->s.k = IPPROTO_DSTOPTS; 4175 i++; 4176 /* if (A == IPPROTO_ROUTING) goto v6advance */ 4177 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 4178 s[i]->s.jt = NULL; /*later*/ 4179 s[i]->s.jf = NULL; /*update in next stmt*/ 4180 s[i]->s.k = IPPROTO_ROUTING; 4181 i++; 4182 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */ 4183 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 4184 s[i]->s.jt = NULL; /*later*/ 4185 s[i]->s.jf = NULL; /*later*/ 4186 s[i]->s.k = IPPROTO_FRAGMENT; 4187 fix3 = i; 4188 v6end = i; 4189 i++; 4190 4191 /* v6advance: */ 4192 v6advance = i; 4193 4194 /* 4195 * in short, 4196 * A = P[X]; 4197 * X = X + (P[X + 1] + 1) * 8; 4198 */ 4199 /* A = X */ 4200 s[i] = new_stmt(BPF_MISC|BPF_TXA); 4201 i++; 4202 /* A = P[X + packet head] */ 4203 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 4204 s[i]->s.k = off_nl; 4205 i++; 4206 /* MEM[reg2] = A */ 4207 s[i] = new_stmt(BPF_ST); 4208 s[i]->s.k = reg2; 4209 i++; 4210 /* A = X */ 4211 s[i] = new_stmt(BPF_MISC|BPF_TXA); 4212 i++; 4213 /* A += 1 */ 4214 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 4215 s[i]->s.k = 1; 4216 i++; 4217 /* X = A */ 4218 s[i] = new_stmt(BPF_MISC|BPF_TAX); 4219 i++; 4220 /* A = P[X + packet head]; */ 4221 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 4222 s[i]->s.k = off_nl; 4223 i++; 4224 /* A += 1 */ 4225 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 4226 s[i]->s.k = 1; 4227 i++; 4228 /* A *= 8 */ 4229 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K); 4230 s[i]->s.k = 8; 4231 i++; 4232 /* X = A; */ 4233 s[i] = new_stmt(BPF_MISC|BPF_TAX); 4234 i++; 4235 /* A = MEM[reg2] */ 4236 s[i] = new_stmt(BPF_LD|BPF_MEM); 4237 s[i]->s.k = reg2; 4238 i++; 4239 4240 /* goto again; (must use BPF_JA for backward jump) */ 4241 s[i] = new_stmt(BPF_JMP|BPF_JA); 4242 s[i]->s.k = again - i - 1; 4243 s[i - 1]->s.jf = s[i]; 4244 i++; 4245 4246 /* fixup */ 4247 for (j = v6start; j <= v6end; j++) 4248 s[j]->s.jt = s[v6advance]; 4249 } else 4250#endif 4251 { 4252 /* nop */ 4253 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 4254 s[i]->s.k = 0; 4255 s[fix2]->s.jf = s[i]; 4256 i++; 4257 } 4258 4259 /* ahcheck: */ 4260 ahcheck = i; 4261 /* if (A == IPPROTO_AH) then fall through; else goto end; */ 4262 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 4263 s[i]->s.jt = NULL; /*later*/ 4264 s[i]->s.jf = NULL; /*later*/ 4265 s[i]->s.k = IPPROTO_AH; 4266 if (fix3) 4267 s[fix3]->s.jf = s[ahcheck]; 4268 fix4 = i; 4269 i++; 4270 4271 /* 4272 * in short, 4273 * A = P[X]; 4274 * X = X + (P[X + 1] + 2) * 4; 4275 */ 4276 /* A = X */ 4277 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA); 4278 i++; 4279 /* A = P[X + packet head]; */ 4280 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 4281 s[i]->s.k = off_nl; 4282 i++; 4283 /* MEM[reg2] = A */ 4284 s[i] = new_stmt(BPF_ST); 4285 s[i]->s.k = reg2; 4286 i++; 4287 /* A = X */ 4288 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA); 4289 i++; 4290 /* A += 1 */ 4291 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 4292 s[i]->s.k = 1; 4293 i++; 4294 /* X = A */ 4295 s[i] = new_stmt(BPF_MISC|BPF_TAX); 4296 i++; 4297 /* A = P[X + packet head] */ 4298 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 4299 s[i]->s.k = off_nl; 4300 i++; 4301 /* A += 2 */ 4302 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 4303 s[i]->s.k = 2; 4304 i++; 4305 /* A *= 4 */ 4306 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K); 4307 s[i]->s.k = 4; 4308 i++; 4309 /* X = A; */ 4310 s[i] = new_stmt(BPF_MISC|BPF_TAX); 4311 i++; 4312 /* A = MEM[reg2] */ 4313 s[i] = new_stmt(BPF_LD|BPF_MEM); 4314 s[i]->s.k = reg2; 4315 i++; 4316 4317 /* goto again; (must use BPF_JA for backward jump) */ 4318 s[i] = new_stmt(BPF_JMP|BPF_JA); 4319 s[i]->s.k = again - i - 1; 4320 i++; 4321 4322 /* end: nop */ 4323 end = i; 4324 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 4325 s[i]->s.k = 0; 4326 s[fix2]->s.jt = s[end]; 4327 s[fix4]->s.jf = s[end]; 4328 s[fix5]->s.jt = s[end]; 4329 i++; 4330 4331 /* 4332 * make slist chain 4333 */ 4334 max = i; 4335 for (i = 0; i < max - 1; i++) 4336 s[i]->next = s[i + 1]; 4337 s[max - 1]->next = NULL; 4338 4339 /* 4340 * emit final check 4341 */ 4342 b = new_block(JMP(BPF_JEQ)); 4343 b->stmts = s[1]; /*remember, s[0] is dummy*/ 4344 b->s.k = v; 4345 4346 free_reg(reg2); 4347 4348 gen_and(b0, b); 4349 return b; 4350#endif 4351} 4352
|
| 4353/* 4354 * Generate code that checks whether the packet is a packet for protocol 4355 * <proto> and whether the type field in that protocol's header has 4356 * the value <v>, e.g. if <proto> is Q_IP, it checks whether it's an 4357 * IP packet and checks the protocol number in the IP header against <v>. 4358 * 4359 * If <proto> is Q_DEFAULT, i.e. just "proto" was specified, it checks 4360 * against Q_IP and Q_IPV6. 4361 */
|
3713static struct block * 3714gen_proto(v, proto, dir) 3715 int v; 3716 int proto; 3717 int dir; 3718{ 3719 struct block *b0, *b1; 3720 3721 if (dir != Q_DEFAULT) 3722 bpf_error("direction applied to 'proto'"); 3723 3724 switch (proto) { 3725 case Q_DEFAULT: 3726#ifdef INET6 3727 b0 = gen_proto(v, Q_IP, dir); 3728 b1 = gen_proto(v, Q_IPV6, dir); 3729 gen_or(b0, b1); 3730 return b1; 3731#else 3732 /*FALLTHROUGH*/ 3733#endif 3734 case Q_IP: 3735 /* 3736 * For FDDI, RFC 1188 says that SNAP encapsulation is used, 3737 * not LLC encapsulation with LLCSAP_IP. 3738 * 3739 * For IEEE 802 networks - which includes 802.5 token ring 3740 * (which is what DLT_IEEE802 means) and 802.11 - RFC 1042 3741 * says that SNAP encapsulation is used, not LLC encapsulation 3742 * with LLCSAP_IP. 3743 * 3744 * For LLC-encapsulated ATM/"Classical IP", RFC 1483 and 3745 * RFC 2225 say that SNAP encapsulation is used, not LLC 3746 * encapsulation with LLCSAP_IP. 3747 * 3748 * So we always check for ETHERTYPE_IP. 3749 */ 3750 b0 = gen_linktype(ETHERTYPE_IP); 3751#ifndef CHASE_CHAIN
| 4362static struct block * 4363gen_proto(v, proto, dir) 4364 int v; 4365 int proto; 4366 int dir; 4367{ 4368 struct block *b0, *b1; 4369 4370 if (dir != Q_DEFAULT) 4371 bpf_error("direction applied to 'proto'"); 4372 4373 switch (proto) { 4374 case Q_DEFAULT: 4375#ifdef INET6 4376 b0 = gen_proto(v, Q_IP, dir); 4377 b1 = gen_proto(v, Q_IPV6, dir); 4378 gen_or(b0, b1); 4379 return b1; 4380#else 4381 /*FALLTHROUGH*/ 4382#endif 4383 case Q_IP: 4384 /* 4385 * For FDDI, RFC 1188 says that SNAP encapsulation is used, 4386 * not LLC encapsulation with LLCSAP_IP. 4387 * 4388 * For IEEE 802 networks - which includes 802.5 token ring 4389 * (which is what DLT_IEEE802 means) and 802.11 - RFC 1042 4390 * says that SNAP encapsulation is used, not LLC encapsulation 4391 * with LLCSAP_IP. 4392 * 4393 * For LLC-encapsulated ATM/"Classical IP", RFC 1483 and 4394 * RFC 2225 say that SNAP encapsulation is used, not LLC 4395 * encapsulation with LLCSAP_IP. 4396 * 4397 * So we always check for ETHERTYPE_IP. 4398 */ 4399 b0 = gen_linktype(ETHERTYPE_IP); 4400#ifndef CHASE_CHAIN
|
3752 b1 = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)v);
| 4401 b1 = gen_cmp(OR_NET, 9, BPF_B, (bpf_int32)v);
|
3753#else 3754 b1 = gen_protochain(v, Q_IP); 3755#endif 3756 gen_and(b0, b1); 3757 return b1; 3758 3759 case Q_ISO: 3760 switch (linktype) { 3761 3762 case DLT_FRELAY: 3763 /* 3764 * Frame Relay packets typically have an OSI 3765 * NLPID at the beginning; "gen_linktype(LLCSAP_ISONS)" 3766 * generates code to check for all the OSI 3767 * NLPIDs, so calling it and then adding a check 3768 * for the particular NLPID for which we're 3769 * looking is bogus, as we can just check for 3770 * the NLPID. 3771 * 3772 * What we check for is the NLPID and a frame 3773 * control field value of UI, i.e. 0x03 followed 3774 * by the NLPID. 3775 * 3776 * XXX - assumes a 2-byte Frame Relay header with 3777 * DLCI and flags. What if the address is longer? 3778 * 3779 * XXX - what about SNAP-encapsulated frames? 3780 */
| 4402#else 4403 b1 = gen_protochain(v, Q_IP); 4404#endif 4405 gen_and(b0, b1); 4406 return b1; 4407 4408 case Q_ISO: 4409 switch (linktype) { 4410 4411 case DLT_FRELAY: 4412 /* 4413 * Frame Relay packets typically have an OSI 4414 * NLPID at the beginning; "gen_linktype(LLCSAP_ISONS)" 4415 * generates code to check for all the OSI 4416 * NLPIDs, so calling it and then adding a check 4417 * for the particular NLPID for which we're 4418 * looking is bogus, as we can just check for 4419 * the NLPID. 4420 * 4421 * What we check for is the NLPID and a frame 4422 * control field value of UI, i.e. 0x03 followed 4423 * by the NLPID. 4424 * 4425 * XXX - assumes a 2-byte Frame Relay header with 4426 * DLCI and flags. What if the address is longer? 4427 * 4428 * XXX - what about SNAP-encapsulated frames? 4429 */
|
3781 return gen_cmp(2, BPF_H, (0x03<<8) | v);
| 4430 return gen_cmp(OR_LINK, 2, BPF_H, (0x03<<8) | v);
|
3782 /*NOTREACHED*/ 3783 break; 3784 3785 case DLT_C_HDLC: 3786 /* 3787 * Cisco uses an Ethertype lookalike - for OSI, 3788 * it's 0xfefe. 3789 */ 3790 b0 = gen_linktype(LLCSAP_ISONS<<8 | LLCSAP_ISONS); 3791 /* OSI in C-HDLC is stuffed with a fudge byte */
| 4431 /*NOTREACHED*/ 4432 break; 4433 4434 case DLT_C_HDLC: 4435 /* 4436 * Cisco uses an Ethertype lookalike - for OSI, 4437 * it's 0xfefe. 4438 */ 4439 b0 = gen_linktype(LLCSAP_ISONS<<8 | LLCSAP_ISONS); 4440 /* OSI in C-HDLC is stuffed with a fudge byte */
|
3792 b1 = gen_cmp(off_nl_nosnap+1, BPF_B, (long)v);
| 4441 b1 = gen_cmp(OR_NET_NOSNAP, 1, BPF_B, (long)v);
|
3793 gen_and(b0, b1); 3794 return b1; 3795 3796 default: 3797 b0 = gen_linktype(LLCSAP_ISONS);
| 4442 gen_and(b0, b1); 4443 return b1; 4444 4445 default: 4446 b0 = gen_linktype(LLCSAP_ISONS);
|
3798 b1 = gen_cmp(off_nl_nosnap, BPF_B, (long)v);
| 4447 b1 = gen_cmp(OR_NET_NOSNAP, 0, BPF_B, (long)v);
|
3799 gen_and(b0, b1); 3800 return b1; 3801 } 3802 3803 case Q_ISIS: 3804 b0 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT); 3805 /* 3806 * 4 is the offset of the PDU type relative to the IS-IS 3807 * header. 3808 */
| 4448 gen_and(b0, b1); 4449 return b1; 4450 } 4451 4452 case Q_ISIS: 4453 b0 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT); 4454 /* 4455 * 4 is the offset of the PDU type relative to the IS-IS 4456 * header. 4457 */
|
3809 b1 = gen_cmp(off_nl_nosnap+4, BPF_B, (long)v);
| 4458 b1 = gen_cmp(OR_NET_NOSNAP, 4, BPF_B, (long)v);
|
3810 gen_and(b0, b1); 3811 return b1; 3812 3813 case Q_ARP: 3814 bpf_error("arp does not encapsulate another protocol"); 3815 /* NOTREACHED */ 3816 3817 case Q_RARP: 3818 bpf_error("rarp does not encapsulate another protocol"); 3819 /* NOTREACHED */ 3820 3821 case Q_ATALK: 3822 bpf_error("atalk encapsulation is not specifiable"); 3823 /* NOTREACHED */ 3824 3825 case Q_DECNET: 3826 bpf_error("decnet encapsulation is not specifiable"); 3827 /* NOTREACHED */ 3828 3829 case Q_SCA: 3830 bpf_error("sca does not encapsulate another protocol"); 3831 /* NOTREACHED */ 3832 3833 case Q_LAT: 3834 bpf_error("lat does not encapsulate another protocol"); 3835 /* NOTREACHED */ 3836 3837 case Q_MOPRC: 3838 bpf_error("moprc does not encapsulate another protocol"); 3839 /* NOTREACHED */ 3840 3841 case Q_MOPDL: 3842 bpf_error("mopdl does not encapsulate another protocol"); 3843 /* NOTREACHED */ 3844 3845 case Q_LINK: 3846 return gen_linktype(v); 3847 3848 case Q_UDP: 3849 bpf_error("'udp proto' is bogus"); 3850 /* NOTREACHED */ 3851 3852 case Q_TCP: 3853 bpf_error("'tcp proto' is bogus"); 3854 /* NOTREACHED */ 3855 3856 case Q_SCTP: 3857 bpf_error("'sctp proto' is bogus"); 3858 /* NOTREACHED */ 3859 3860 case Q_ICMP: 3861 bpf_error("'icmp proto' is bogus"); 3862 /* NOTREACHED */ 3863 3864 case Q_IGMP: 3865 bpf_error("'igmp proto' is bogus"); 3866 /* NOTREACHED */ 3867 3868 case Q_IGRP: 3869 bpf_error("'igrp proto' is bogus"); 3870 /* NOTREACHED */ 3871 3872 case Q_PIM: 3873 bpf_error("'pim proto' is bogus"); 3874 /* NOTREACHED */ 3875 3876 case Q_VRRP: 3877 bpf_error("'vrrp proto' is bogus"); 3878 /* NOTREACHED */ 3879 3880#ifdef INET6 3881 case Q_IPV6: 3882 b0 = gen_linktype(ETHERTYPE_IPV6); 3883#ifndef CHASE_CHAIN
| 4459 gen_and(b0, b1); 4460 return b1; 4461 4462 case Q_ARP: 4463 bpf_error("arp does not encapsulate another protocol"); 4464 /* NOTREACHED */ 4465 4466 case Q_RARP: 4467 bpf_error("rarp does not encapsulate another protocol"); 4468 /* NOTREACHED */ 4469 4470 case Q_ATALK: 4471 bpf_error("atalk encapsulation is not specifiable"); 4472 /* NOTREACHED */ 4473 4474 case Q_DECNET: 4475 bpf_error("decnet encapsulation is not specifiable"); 4476 /* NOTREACHED */ 4477 4478 case Q_SCA: 4479 bpf_error("sca does not encapsulate another protocol"); 4480 /* NOTREACHED */ 4481 4482 case Q_LAT: 4483 bpf_error("lat does not encapsulate another protocol"); 4484 /* NOTREACHED */ 4485 4486 case Q_MOPRC: 4487 bpf_error("moprc does not encapsulate another protocol"); 4488 /* NOTREACHED */ 4489 4490 case Q_MOPDL: 4491 bpf_error("mopdl does not encapsulate another protocol"); 4492 /* NOTREACHED */ 4493 4494 case Q_LINK: 4495 return gen_linktype(v); 4496 4497 case Q_UDP: 4498 bpf_error("'udp proto' is bogus"); 4499 /* NOTREACHED */ 4500 4501 case Q_TCP: 4502 bpf_error("'tcp proto' is bogus"); 4503 /* NOTREACHED */ 4504 4505 case Q_SCTP: 4506 bpf_error("'sctp proto' is bogus"); 4507 /* NOTREACHED */ 4508 4509 case Q_ICMP: 4510 bpf_error("'icmp proto' is bogus"); 4511 /* NOTREACHED */ 4512 4513 case Q_IGMP: 4514 bpf_error("'igmp proto' is bogus"); 4515 /* NOTREACHED */ 4516 4517 case Q_IGRP: 4518 bpf_error("'igrp proto' is bogus"); 4519 /* NOTREACHED */ 4520 4521 case Q_PIM: 4522 bpf_error("'pim proto' is bogus"); 4523 /* NOTREACHED */ 4524 4525 case Q_VRRP: 4526 bpf_error("'vrrp proto' is bogus"); 4527 /* NOTREACHED */ 4528 4529#ifdef INET6 4530 case Q_IPV6: 4531 b0 = gen_linktype(ETHERTYPE_IPV6); 4532#ifndef CHASE_CHAIN
|
3884 b1 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)v);
| 4533 b1 = gen_cmp(OR_NET, 6, BPF_B, (bpf_int32)v);
|
3885#else 3886 b1 = gen_protochain(v, Q_IPV6); 3887#endif 3888 gen_and(b0, b1); 3889 return b1; 3890 3891 case Q_ICMPV6: 3892 bpf_error("'icmp6 proto' is bogus"); 3893#endif /* INET6 */ 3894 3895 case Q_AH: 3896 bpf_error("'ah proto' is bogus"); 3897 3898 case Q_ESP: 3899 bpf_error("'ah proto' is bogus"); 3900 3901 case Q_STP: 3902 bpf_error("'stp proto' is bogus"); 3903 3904 case Q_IPX: 3905 bpf_error("'ipx proto' is bogus"); 3906 3907 case Q_NETBEUI: 3908 bpf_error("'netbeui proto' is bogus"); 3909
| 4534#else 4535 b1 = gen_protochain(v, Q_IPV6); 4536#endif 4537 gen_and(b0, b1); 4538 return b1; 4539 4540 case Q_ICMPV6: 4541 bpf_error("'icmp6 proto' is bogus"); 4542#endif /* INET6 */ 4543 4544 case Q_AH: 4545 bpf_error("'ah proto' is bogus"); 4546 4547 case Q_ESP: 4548 bpf_error("'ah proto' is bogus"); 4549 4550 case Q_STP: 4551 bpf_error("'stp proto' is bogus"); 4552 4553 case Q_IPX: 4554 bpf_error("'ipx proto' is bogus"); 4555 4556 case Q_NETBEUI: 4557 bpf_error("'netbeui proto' is bogus"); 4558
|
| 4559 case Q_RADIO: 4560 bpf_error("'radio proto' is bogus"); 4561
|
3910 default: 3911 abort(); 3912 /* NOTREACHED */ 3913 } 3914 /* NOTREACHED */ 3915} 3916 3917struct block * 3918gen_scode(name, q) 3919 register const char *name; 3920 struct qual q; 3921{ 3922 int proto = q.proto; 3923 int dir = q.dir; 3924 int tproto; 3925 u_char *eaddr; 3926 bpf_u_int32 mask, addr; 3927#ifndef INET6 3928 bpf_u_int32 **alist; 3929#else 3930 int tproto6; 3931 struct sockaddr_in *sin; 3932 struct sockaddr_in6 *sin6; 3933 struct addrinfo *res, *res0; 3934 struct in6_addr mask128; 3935#endif /*INET6*/ 3936 struct block *b, *tmp; 3937 int port, real_proto;
| 4562 default: 4563 abort(); 4564 /* NOTREACHED */ 4565 } 4566 /* NOTREACHED */ 4567} 4568 4569struct block * 4570gen_scode(name, q) 4571 register const char *name; 4572 struct qual q; 4573{ 4574 int proto = q.proto; 4575 int dir = q.dir; 4576 int tproto; 4577 u_char *eaddr; 4578 bpf_u_int32 mask, addr; 4579#ifndef INET6 4580 bpf_u_int32 **alist; 4581#else 4582 int tproto6; 4583 struct sockaddr_in *sin; 4584 struct sockaddr_in6 *sin6; 4585 struct addrinfo *res, *res0; 4586 struct in6_addr mask128; 4587#endif /*INET6*/ 4588 struct block *b, *tmp; 4589 int port, real_proto;
|
| 4590 int port1, port2;
|
3938 3939 switch (q.addr) { 3940 3941 case Q_NET: 3942 addr = pcap_nametonetaddr(name); 3943 if (addr == 0) 3944 bpf_error("unknown network '%s'", name); 3945 /* Left justify network addr and calculate its network mask */ 3946 mask = 0xffffffff; 3947 while (addr && (addr & 0xff000000) == 0) { 3948 addr <<= 8; 3949 mask <<= 8; 3950 } 3951 return gen_host(addr, mask, proto, dir); 3952 3953 case Q_DEFAULT: 3954 case Q_HOST: 3955 if (proto == Q_LINK) { 3956 switch (linktype) { 3957 3958 case DLT_EN10MB: 3959 eaddr = pcap_ether_hostton(name); 3960 if (eaddr == NULL) 3961 bpf_error( 3962 "unknown ether host '%s'", name); 3963 b = gen_ehostop(eaddr, dir); 3964 free(eaddr); 3965 return b; 3966 3967 case DLT_FDDI: 3968 eaddr = pcap_ether_hostton(name); 3969 if (eaddr == NULL) 3970 bpf_error( 3971 "unknown FDDI host '%s'", name); 3972 b = gen_fhostop(eaddr, dir); 3973 free(eaddr); 3974 return b; 3975 3976 case DLT_IEEE802: 3977 eaddr = pcap_ether_hostton(name); 3978 if (eaddr == NULL) 3979 bpf_error( 3980 "unknown token ring host '%s'", name); 3981 b = gen_thostop(eaddr, dir); 3982 free(eaddr); 3983 return b; 3984 3985 case DLT_IEEE802_11:
| 4591 4592 switch (q.addr) { 4593 4594 case Q_NET: 4595 addr = pcap_nametonetaddr(name); 4596 if (addr == 0) 4597 bpf_error("unknown network '%s'", name); 4598 /* Left justify network addr and calculate its network mask */ 4599 mask = 0xffffffff; 4600 while (addr && (addr & 0xff000000) == 0) { 4601 addr <<= 8; 4602 mask <<= 8; 4603 } 4604 return gen_host(addr, mask, proto, dir); 4605 4606 case Q_DEFAULT: 4607 case Q_HOST: 4608 if (proto == Q_LINK) { 4609 switch (linktype) { 4610 4611 case DLT_EN10MB: 4612 eaddr = pcap_ether_hostton(name); 4613 if (eaddr == NULL) 4614 bpf_error( 4615 "unknown ether host '%s'", name); 4616 b = gen_ehostop(eaddr, dir); 4617 free(eaddr); 4618 return b; 4619 4620 case DLT_FDDI: 4621 eaddr = pcap_ether_hostton(name); 4622 if (eaddr == NULL) 4623 bpf_error( 4624 "unknown FDDI host '%s'", name); 4625 b = gen_fhostop(eaddr, dir); 4626 free(eaddr); 4627 return b; 4628 4629 case DLT_IEEE802: 4630 eaddr = pcap_ether_hostton(name); 4631 if (eaddr == NULL) 4632 bpf_error( 4633 "unknown token ring host '%s'", name); 4634 b = gen_thostop(eaddr, dir); 4635 free(eaddr); 4636 return b; 4637 4638 case DLT_IEEE802_11:
|
| 4639 case DLT_IEEE802_11_RADIO_AVS: 4640 case DLT_IEEE802_11_RADIO: 4641 case DLT_PRISM_HEADER:
|
3986 eaddr = pcap_ether_hostton(name); 3987 if (eaddr == NULL) 3988 bpf_error( 3989 "unknown 802.11 host '%s'", name); 3990 b = gen_wlanhostop(eaddr, dir); 3991 free(eaddr); 3992 return b; 3993 3994 case DLT_IP_OVER_FC: 3995 eaddr = pcap_ether_hostton(name); 3996 if (eaddr == NULL) 3997 bpf_error( 3998 "unknown Fibre Channel host '%s'", name); 3999 b = gen_ipfchostop(eaddr, dir); 4000 free(eaddr); 4001 return b; 4002 4003 case DLT_SUNATM: 4004 if (!is_lane) 4005 break; 4006 4007 /* 4008 * Check that the packet doesn't begin 4009 * with an LE Control marker. (We've 4010 * already generated a test for LANE.) 4011 */
| 4642 eaddr = pcap_ether_hostton(name); 4643 if (eaddr == NULL) 4644 bpf_error( 4645 "unknown 802.11 host '%s'", name); 4646 b = gen_wlanhostop(eaddr, dir); 4647 free(eaddr); 4648 return b; 4649 4650 case DLT_IP_OVER_FC: 4651 eaddr = pcap_ether_hostton(name); 4652 if (eaddr == NULL) 4653 bpf_error( 4654 "unknown Fibre Channel host '%s'", name); 4655 b = gen_ipfchostop(eaddr, dir); 4656 free(eaddr); 4657 return b; 4658 4659 case DLT_SUNATM: 4660 if (!is_lane) 4661 break; 4662 4663 /* 4664 * Check that the packet doesn't begin 4665 * with an LE Control marker. (We've 4666 * already generated a test for LANE.) 4667 */
|
4012 tmp = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 4013 0xFF00);
| 4668 tmp = gen_cmp(OR_LINK, SUNATM_PKT_BEGIN_POS, 4669 BPF_H, 0xFF00);
|
4014 gen_not(tmp); 4015 4016 eaddr = pcap_ether_hostton(name); 4017 if (eaddr == NULL) 4018 bpf_error( 4019 "unknown ether host '%s'", name); 4020 b = gen_ehostop(eaddr, dir); 4021 gen_and(tmp, b); 4022 free(eaddr); 4023 return b; 4024 } 4025 4026 bpf_error("only ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel supports link-level host name"); 4027 } else if (proto == Q_DECNET) { 4028 unsigned short dn_addr = __pcap_nametodnaddr(name); 4029 /* 4030 * I don't think DECNET hosts can be multihomed, so 4031 * there is no need to build up a list of addresses 4032 */ 4033 return (gen_host(dn_addr, 0, proto, dir)); 4034 } else { 4035#ifndef INET6 4036 alist = pcap_nametoaddr(name); 4037 if (alist == NULL || *alist == NULL) 4038 bpf_error("unknown host '%s'", name); 4039 tproto = proto; 4040 if (off_linktype == (u_int)-1 && tproto == Q_DEFAULT) 4041 tproto = Q_IP; 4042 b = gen_host(**alist++, 0xffffffff, tproto, dir); 4043 while (*alist) { 4044 tmp = gen_host(**alist++, 0xffffffff, 4045 tproto, dir); 4046 gen_or(b, tmp); 4047 b = tmp; 4048 } 4049 return b; 4050#else 4051 memset(&mask128, 0xff, sizeof(mask128)); 4052 res0 = res = pcap_nametoaddrinfo(name); 4053 if (res == NULL) 4054 bpf_error("unknown host '%s'", name); 4055 b = tmp = NULL; 4056 tproto = tproto6 = proto; 4057 if (off_linktype == -1 && tproto == Q_DEFAULT) { 4058 tproto = Q_IP; 4059 tproto6 = Q_IPV6; 4060 } 4061 for (res = res0; res; res = res->ai_next) { 4062 switch (res->ai_family) { 4063 case AF_INET: 4064 if (tproto == Q_IPV6) 4065 continue; 4066 4067 sin = (struct sockaddr_in *) 4068 res->ai_addr; 4069 tmp = gen_host(ntohl(sin->sin_addr.s_addr), 4070 0xffffffff, tproto, dir); 4071 break; 4072 case AF_INET6: 4073 if (tproto6 == Q_IP) 4074 continue; 4075 4076 sin6 = (struct sockaddr_in6 *) 4077 res->ai_addr; 4078 tmp = gen_host6(&sin6->sin6_addr, 4079 &mask128, tproto6, dir); 4080 break; 4081 default: 4082 continue; 4083 } 4084 if (b) 4085 gen_or(b, tmp); 4086 b = tmp; 4087 } 4088 freeaddrinfo(res0); 4089 if (b == NULL) { 4090 bpf_error("unknown host '%s'%s", name, 4091 (proto == Q_DEFAULT) 4092 ? "" 4093 : " for specified address family"); 4094 } 4095 return b; 4096#endif /*INET6*/ 4097 } 4098 4099 case Q_PORT: 4100 if (proto != Q_DEFAULT && 4101 proto != Q_UDP && proto != Q_TCP && proto != Q_SCTP) 4102 bpf_error("illegal qualifier of 'port'"); 4103 if (pcap_nametoport(name, &port, &real_proto) == 0) 4104 bpf_error("unknown port '%s'", name); 4105 if (proto == Q_UDP) { 4106 if (real_proto == IPPROTO_TCP) 4107 bpf_error("port '%s' is tcp", name); 4108 else if (real_proto == IPPROTO_SCTP) 4109 bpf_error("port '%s' is sctp", name); 4110 else 4111 /* override PROTO_UNDEF */ 4112 real_proto = IPPROTO_UDP; 4113 } 4114 if (proto == Q_TCP) { 4115 if (real_proto == IPPROTO_UDP) 4116 bpf_error("port '%s' is udp", name); 4117 4118 else if (real_proto == IPPROTO_SCTP) 4119 bpf_error("port '%s' is sctp", name); 4120 else 4121 /* override PROTO_UNDEF */ 4122 real_proto = IPPROTO_TCP; 4123 } 4124 if (proto == Q_SCTP) { 4125 if (real_proto == IPPROTO_UDP) 4126 bpf_error("port '%s' is udp", name); 4127 4128 else if (real_proto == IPPROTO_TCP) 4129 bpf_error("port '%s' is tcp", name); 4130 else 4131 /* override PROTO_UNDEF */ 4132 real_proto = IPPROTO_SCTP; 4133 } 4134#ifndef INET6 4135 return gen_port(port, real_proto, dir); 4136#else 4137 { 4138 struct block *b; 4139 b = gen_port(port, real_proto, dir); 4140 gen_or(gen_port6(port, real_proto, dir), b); 4141 return b; 4142 } 4143#endif /* INET6 */ 4144
| 4670 gen_not(tmp); 4671 4672 eaddr = pcap_ether_hostton(name); 4673 if (eaddr == NULL) 4674 bpf_error( 4675 "unknown ether host '%s'", name); 4676 b = gen_ehostop(eaddr, dir); 4677 gen_and(tmp, b); 4678 free(eaddr); 4679 return b; 4680 } 4681 4682 bpf_error("only ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel supports link-level host name"); 4683 } else if (proto == Q_DECNET) { 4684 unsigned short dn_addr = __pcap_nametodnaddr(name); 4685 /* 4686 * I don't think DECNET hosts can be multihomed, so 4687 * there is no need to build up a list of addresses 4688 */ 4689 return (gen_host(dn_addr, 0, proto, dir)); 4690 } else { 4691#ifndef INET6 4692 alist = pcap_nametoaddr(name); 4693 if (alist == NULL || *alist == NULL) 4694 bpf_error("unknown host '%s'", name); 4695 tproto = proto; 4696 if (off_linktype == (u_int)-1 && tproto == Q_DEFAULT) 4697 tproto = Q_IP; 4698 b = gen_host(**alist++, 0xffffffff, tproto, dir); 4699 while (*alist) { 4700 tmp = gen_host(**alist++, 0xffffffff, 4701 tproto, dir); 4702 gen_or(b, tmp); 4703 b = tmp; 4704 } 4705 return b; 4706#else 4707 memset(&mask128, 0xff, sizeof(mask128)); 4708 res0 = res = pcap_nametoaddrinfo(name); 4709 if (res == NULL) 4710 bpf_error("unknown host '%s'", name); 4711 b = tmp = NULL; 4712 tproto = tproto6 = proto; 4713 if (off_linktype == -1 && tproto == Q_DEFAULT) { 4714 tproto = Q_IP; 4715 tproto6 = Q_IPV6; 4716 } 4717 for (res = res0; res; res = res->ai_next) { 4718 switch (res->ai_family) { 4719 case AF_INET: 4720 if (tproto == Q_IPV6) 4721 continue; 4722 4723 sin = (struct sockaddr_in *) 4724 res->ai_addr; 4725 tmp = gen_host(ntohl(sin->sin_addr.s_addr), 4726 0xffffffff, tproto, dir); 4727 break; 4728 case AF_INET6: 4729 if (tproto6 == Q_IP) 4730 continue; 4731 4732 sin6 = (struct sockaddr_in6 *) 4733 res->ai_addr; 4734 tmp = gen_host6(&sin6->sin6_addr, 4735 &mask128, tproto6, dir); 4736 break; 4737 default: 4738 continue; 4739 } 4740 if (b) 4741 gen_or(b, tmp); 4742 b = tmp; 4743 } 4744 freeaddrinfo(res0); 4745 if (b == NULL) { 4746 bpf_error("unknown host '%s'%s", name, 4747 (proto == Q_DEFAULT) 4748 ? "" 4749 : " for specified address family"); 4750 } 4751 return b; 4752#endif /*INET6*/ 4753 } 4754 4755 case Q_PORT: 4756 if (proto != Q_DEFAULT && 4757 proto != Q_UDP && proto != Q_TCP && proto != Q_SCTP) 4758 bpf_error("illegal qualifier of 'port'"); 4759 if (pcap_nametoport(name, &port, &real_proto) == 0) 4760 bpf_error("unknown port '%s'", name); 4761 if (proto == Q_UDP) { 4762 if (real_proto == IPPROTO_TCP) 4763 bpf_error("port '%s' is tcp", name); 4764 else if (real_proto == IPPROTO_SCTP) 4765 bpf_error("port '%s' is sctp", name); 4766 else 4767 /* override PROTO_UNDEF */ 4768 real_proto = IPPROTO_UDP; 4769 } 4770 if (proto == Q_TCP) { 4771 if (real_proto == IPPROTO_UDP) 4772 bpf_error("port '%s' is udp", name); 4773 4774 else if (real_proto == IPPROTO_SCTP) 4775 bpf_error("port '%s' is sctp", name); 4776 else 4777 /* override PROTO_UNDEF */ 4778 real_proto = IPPROTO_TCP; 4779 } 4780 if (proto == Q_SCTP) { 4781 if (real_proto == IPPROTO_UDP) 4782 bpf_error("port '%s' is udp", name); 4783 4784 else if (real_proto == IPPROTO_TCP) 4785 bpf_error("port '%s' is tcp", name); 4786 else 4787 /* override PROTO_UNDEF */ 4788 real_proto = IPPROTO_SCTP; 4789 } 4790#ifndef INET6 4791 return gen_port(port, real_proto, dir); 4792#else 4793 { 4794 struct block *b; 4795 b = gen_port(port, real_proto, dir); 4796 gen_or(gen_port6(port, real_proto, dir), b); 4797 return b; 4798 } 4799#endif /* INET6 */ 4800
|
| 4801 case Q_PORTRANGE: 4802 if (proto != Q_DEFAULT && 4803 proto != Q_UDP && proto != Q_TCP && proto != Q_SCTP) 4804 bpf_error("illegal qualifier of 'portrange'"); 4805 if (pcap_nametoportrange(name, &port1, &port2, &real_proto) == 0) 4806 bpf_error("unknown port in range '%s'", name); 4807 if (proto == Q_UDP) { 4808 if (real_proto == IPPROTO_TCP) 4809 bpf_error("port in range '%s' is tcp", name); 4810 else if (real_proto == IPPROTO_SCTP) 4811 bpf_error("port in range '%s' is sctp", name); 4812 else 4813 /* override PROTO_UNDEF */ 4814 real_proto = IPPROTO_UDP; 4815 } 4816 if (proto == Q_TCP) { 4817 if (real_proto == IPPROTO_UDP) 4818 bpf_error("port in range '%s' is udp", name); 4819 else if (real_proto == IPPROTO_SCTP) 4820 bpf_error("port in range '%s' is sctp", name); 4821 else 4822 /* override PROTO_UNDEF */ 4823 real_proto = IPPROTO_TCP; 4824 } 4825 if (proto == Q_SCTP) { 4826 if (real_proto == IPPROTO_UDP) 4827 bpf_error("port in range '%s' is udp", name); 4828 else if (real_proto == IPPROTO_TCP) 4829 bpf_error("port in range '%s' is tcp", name); 4830 else 4831 /* override PROTO_UNDEF */ 4832 real_proto = IPPROTO_SCTP; 4833 } 4834#ifndef INET6 4835 return gen_portrange(port1, port2, real_proto, dir); 4836#else 4837 { 4838 struct block *b; 4839 b = gen_portrange(port1, port2, real_proto, dir); 4840 gen_or(gen_portrange6(port1, port2, real_proto, dir), b); 4841 return b; 4842 } 4843#endif /* INET6 */ 4844
|
4145 case Q_GATEWAY: 4146#ifndef INET6 4147 eaddr = pcap_ether_hostton(name); 4148 if (eaddr == NULL) 4149 bpf_error("unknown ether host: %s", name); 4150 4151 alist = pcap_nametoaddr(name); 4152 if (alist == NULL || *alist == NULL) 4153 bpf_error("unknown host '%s'", name); 4154 b = gen_gateway(eaddr, alist, proto, dir); 4155 free(eaddr); 4156 return b; 4157#else 4158 bpf_error("'gateway' not supported in this configuration"); 4159#endif /*INET6*/ 4160 4161 case Q_PROTO: 4162 real_proto = lookup_proto(name, proto); 4163 if (real_proto >= 0) 4164 return gen_proto(real_proto, proto, dir); 4165 else 4166 bpf_error("unknown protocol: %s", name); 4167 4168 case Q_PROTOCHAIN: 4169 real_proto = lookup_proto(name, proto); 4170 if (real_proto >= 0) 4171 return gen_protochain(real_proto, proto, dir); 4172 else 4173 bpf_error("unknown protocol: %s", name); 4174 4175 4176 case Q_UNDEF: 4177 syntax(); 4178 /* NOTREACHED */ 4179 } 4180 abort(); 4181 /* NOTREACHED */ 4182} 4183 4184struct block * 4185gen_mcode(s1, s2, masklen, q) 4186 register const char *s1, *s2; 4187 register int masklen; 4188 struct qual q; 4189{ 4190 register int nlen, mlen; 4191 bpf_u_int32 n, m; 4192 4193 nlen = __pcap_atoin(s1, &n); 4194 /* Promote short ipaddr */ 4195 n <<= 32 - nlen; 4196 4197 if (s2 != NULL) { 4198 mlen = __pcap_atoin(s2, &m); 4199 /* Promote short ipaddr */ 4200 m <<= 32 - mlen; 4201 if ((n & ~m) != 0) 4202 bpf_error("non-network bits set in \"%s mask %s\"", 4203 s1, s2); 4204 } else { 4205 /* Convert mask len to mask */ 4206 if (masklen > 32) 4207 bpf_error("mask length must be <= 32"); 4208 m = 0xffffffff << (32 - masklen); 4209 if ((n & ~m) != 0) 4210 bpf_error("non-network bits set in \"%s/%d\"", 4211 s1, masklen); 4212 } 4213 4214 switch (q.addr) { 4215 4216 case Q_NET: 4217 return gen_host(n, m, q.proto, q.dir); 4218 4219 default: 4220 bpf_error("Mask syntax for networks only"); 4221 /* NOTREACHED */ 4222 } 4223 /* NOTREACHED */ 4224} 4225 4226struct block * 4227gen_ncode(s, v, q) 4228 register const char *s; 4229 bpf_u_int32 v; 4230 struct qual q; 4231{ 4232 bpf_u_int32 mask; 4233 int proto = q.proto; 4234 int dir = q.dir; 4235 register int vlen; 4236 4237 if (s == NULL) 4238 vlen = 32; 4239 else if (q.proto == Q_DECNET) 4240 vlen = __pcap_atodn(s, &v); 4241 else 4242 vlen = __pcap_atoin(s, &v); 4243 4244 switch (q.addr) { 4245 4246 case Q_DEFAULT: 4247 case Q_HOST: 4248 case Q_NET: 4249 if (proto == Q_DECNET) 4250 return gen_host(v, 0, proto, dir); 4251 else if (proto == Q_LINK) { 4252 bpf_error("illegal link layer address"); 4253 } else { 4254 mask = 0xffffffff; 4255 if (s == NULL && q.addr == Q_NET) { 4256 /* Promote short net number */ 4257 while (v && (v & 0xff000000) == 0) { 4258 v <<= 8; 4259 mask <<= 8; 4260 } 4261 } else { 4262 /* Promote short ipaddr */ 4263 v <<= 32 - vlen; 4264 mask <<= 32 - vlen; 4265 } 4266 return gen_host(v, mask, proto, dir); 4267 } 4268 4269 case Q_PORT: 4270 if (proto == Q_UDP) 4271 proto = IPPROTO_UDP; 4272 else if (proto == Q_TCP) 4273 proto = IPPROTO_TCP; 4274 else if (proto == Q_SCTP) 4275 proto = IPPROTO_SCTP; 4276 else if (proto == Q_DEFAULT) 4277 proto = PROTO_UNDEF; 4278 else 4279 bpf_error("illegal qualifier of 'port'"); 4280 4281#ifndef INET6 4282 return gen_port((int)v, proto, dir); 4283#else 4284 { 4285 struct block *b; 4286 b = gen_port((int)v, proto, dir); 4287 gen_or(gen_port6((int)v, proto, dir), b); 4288 return b; 4289 } 4290#endif /* INET6 */ 4291
| 4845 case Q_GATEWAY: 4846#ifndef INET6 4847 eaddr = pcap_ether_hostton(name); 4848 if (eaddr == NULL) 4849 bpf_error("unknown ether host: %s", name); 4850 4851 alist = pcap_nametoaddr(name); 4852 if (alist == NULL || *alist == NULL) 4853 bpf_error("unknown host '%s'", name); 4854 b = gen_gateway(eaddr, alist, proto, dir); 4855 free(eaddr); 4856 return b; 4857#else 4858 bpf_error("'gateway' not supported in this configuration"); 4859#endif /*INET6*/ 4860 4861 case Q_PROTO: 4862 real_proto = lookup_proto(name, proto); 4863 if (real_proto >= 0) 4864 return gen_proto(real_proto, proto, dir); 4865 else 4866 bpf_error("unknown protocol: %s", name); 4867 4868 case Q_PROTOCHAIN: 4869 real_proto = lookup_proto(name, proto); 4870 if (real_proto >= 0) 4871 return gen_protochain(real_proto, proto, dir); 4872 else 4873 bpf_error("unknown protocol: %s", name); 4874 4875 4876 case Q_UNDEF: 4877 syntax(); 4878 /* NOTREACHED */ 4879 } 4880 abort(); 4881 /* NOTREACHED */ 4882} 4883 4884struct block * 4885gen_mcode(s1, s2, masklen, q) 4886 register const char *s1, *s2; 4887 register int masklen; 4888 struct qual q; 4889{ 4890 register int nlen, mlen; 4891 bpf_u_int32 n, m; 4892 4893 nlen = __pcap_atoin(s1, &n); 4894 /* Promote short ipaddr */ 4895 n <<= 32 - nlen; 4896 4897 if (s2 != NULL) { 4898 mlen = __pcap_atoin(s2, &m); 4899 /* Promote short ipaddr */ 4900 m <<= 32 - mlen; 4901 if ((n & ~m) != 0) 4902 bpf_error("non-network bits set in \"%s mask %s\"", 4903 s1, s2); 4904 } else { 4905 /* Convert mask len to mask */ 4906 if (masklen > 32) 4907 bpf_error("mask length must be <= 32"); 4908 m = 0xffffffff << (32 - masklen); 4909 if ((n & ~m) != 0) 4910 bpf_error("non-network bits set in \"%s/%d\"", 4911 s1, masklen); 4912 } 4913 4914 switch (q.addr) { 4915 4916 case Q_NET: 4917 return gen_host(n, m, q.proto, q.dir); 4918 4919 default: 4920 bpf_error("Mask syntax for networks only"); 4921 /* NOTREACHED */ 4922 } 4923 /* NOTREACHED */ 4924} 4925 4926struct block * 4927gen_ncode(s, v, q) 4928 register const char *s; 4929 bpf_u_int32 v; 4930 struct qual q; 4931{ 4932 bpf_u_int32 mask; 4933 int proto = q.proto; 4934 int dir = q.dir; 4935 register int vlen; 4936 4937 if (s == NULL) 4938 vlen = 32; 4939 else if (q.proto == Q_DECNET) 4940 vlen = __pcap_atodn(s, &v); 4941 else 4942 vlen = __pcap_atoin(s, &v); 4943 4944 switch (q.addr) { 4945 4946 case Q_DEFAULT: 4947 case Q_HOST: 4948 case Q_NET: 4949 if (proto == Q_DECNET) 4950 return gen_host(v, 0, proto, dir); 4951 else if (proto == Q_LINK) { 4952 bpf_error("illegal link layer address"); 4953 } else { 4954 mask = 0xffffffff; 4955 if (s == NULL && q.addr == Q_NET) { 4956 /* Promote short net number */ 4957 while (v && (v & 0xff000000) == 0) { 4958 v <<= 8; 4959 mask <<= 8; 4960 } 4961 } else { 4962 /* Promote short ipaddr */ 4963 v <<= 32 - vlen; 4964 mask <<= 32 - vlen; 4965 } 4966 return gen_host(v, mask, proto, dir); 4967 } 4968 4969 case Q_PORT: 4970 if (proto == Q_UDP) 4971 proto = IPPROTO_UDP; 4972 else if (proto == Q_TCP) 4973 proto = IPPROTO_TCP; 4974 else if (proto == Q_SCTP) 4975 proto = IPPROTO_SCTP; 4976 else if (proto == Q_DEFAULT) 4977 proto = PROTO_UNDEF; 4978 else 4979 bpf_error("illegal qualifier of 'port'"); 4980 4981#ifndef INET6 4982 return gen_port((int)v, proto, dir); 4983#else 4984 { 4985 struct block *b; 4986 b = gen_port((int)v, proto, dir); 4987 gen_or(gen_port6((int)v, proto, dir), b); 4988 return b; 4989 } 4990#endif /* INET6 */ 4991
|
| 4992 case Q_PORTRANGE: 4993 if (proto == Q_UDP) 4994 proto = IPPROTO_UDP; 4995 else if (proto == Q_TCP) 4996 proto = IPPROTO_TCP; 4997 else if (proto == Q_SCTP) 4998 proto = IPPROTO_SCTP; 4999 else if (proto == Q_DEFAULT) 5000 proto = PROTO_UNDEF; 5001 else 5002 bpf_error("illegal qualifier of 'portrange'"); 5003 5004#ifndef INET6 5005 return gen_portrange((int)v, (int)v, proto, dir); 5006#else 5007 { 5008 struct block *b; 5009 b = gen_portrange((int)v, (int)v, proto, dir); 5010 gen_or(gen_portrange6((int)v, (int)v, proto, dir), b); 5011 return b; 5012 } 5013#endif /* INET6 */ 5014
|
4292 case Q_GATEWAY: 4293 bpf_error("'gateway' requires a name"); 4294 /* NOTREACHED */ 4295 4296 case Q_PROTO: 4297 return gen_proto((int)v, proto, dir); 4298 4299 case Q_PROTOCHAIN: 4300 return gen_protochain((int)v, proto, dir); 4301 4302 case Q_UNDEF: 4303 syntax(); 4304 /* NOTREACHED */ 4305 4306 default: 4307 abort(); 4308 /* NOTREACHED */ 4309 } 4310 /* NOTREACHED */ 4311} 4312 4313#ifdef INET6 4314struct block * 4315gen_mcode6(s1, s2, masklen, q) 4316 register const char *s1, *s2; 4317 register int masklen; 4318 struct qual q; 4319{ 4320 struct addrinfo *res; 4321 struct in6_addr *addr; 4322 struct in6_addr mask; 4323 struct block *b; 4324 u_int32_t *a, *m; 4325 4326 if (s2) 4327 bpf_error("no mask %s supported", s2); 4328 4329 res = pcap_nametoaddrinfo(s1); 4330 if (!res) 4331 bpf_error("invalid ip6 address %s", s1); 4332 if (res->ai_next) 4333 bpf_error("%s resolved to multiple address", s1); 4334 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr; 4335 4336 if (sizeof(mask) * 8 < masklen) 4337 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8)); 4338 memset(&mask, 0, sizeof(mask)); 4339 memset(&mask, 0xff, masklen / 8); 4340 if (masklen % 8) { 4341 mask.s6_addr[masklen / 8] = 4342 (0xff << (8 - masklen % 8)) & 0xff; 4343 } 4344 4345 a = (u_int32_t *)addr; 4346 m = (u_int32_t *)&mask; 4347 if ((a[0] & ~m[0]) || (a[1] & ~m[1]) 4348 || (a[2] & ~m[2]) || (a[3] & ~m[3])) { 4349 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen); 4350 } 4351 4352 switch (q.addr) { 4353 4354 case Q_DEFAULT: 4355 case Q_HOST: 4356 if (masklen != 128) 4357 bpf_error("Mask syntax for networks only"); 4358 /* FALLTHROUGH */ 4359 4360 case Q_NET: 4361 b = gen_host6(addr, &mask, q.proto, q.dir); 4362 freeaddrinfo(res); 4363 return b; 4364 4365 default: 4366 bpf_error("invalid qualifier against IPv6 address"); 4367 /* NOTREACHED */ 4368 } 4369} 4370#endif /*INET6*/ 4371 4372struct block * 4373gen_ecode(eaddr, q) 4374 register const u_char *eaddr; 4375 struct qual q; 4376{ 4377 struct block *b, *tmp; 4378 4379 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) { 4380 if (linktype == DLT_EN10MB) 4381 return gen_ehostop(eaddr, (int)q.dir); 4382 if (linktype == DLT_FDDI) 4383 return gen_fhostop(eaddr, (int)q.dir); 4384 if (linktype == DLT_IEEE802) 4385 return gen_thostop(eaddr, (int)q.dir);
| 5015 case Q_GATEWAY: 5016 bpf_error("'gateway' requires a name"); 5017 /* NOTREACHED */ 5018 5019 case Q_PROTO: 5020 return gen_proto((int)v, proto, dir); 5021 5022 case Q_PROTOCHAIN: 5023 return gen_protochain((int)v, proto, dir); 5024 5025 case Q_UNDEF: 5026 syntax(); 5027 /* NOTREACHED */ 5028 5029 default: 5030 abort(); 5031 /* NOTREACHED */ 5032 } 5033 /* NOTREACHED */ 5034} 5035 5036#ifdef INET6 5037struct block * 5038gen_mcode6(s1, s2, masklen, q) 5039 register const char *s1, *s2; 5040 register int masklen; 5041 struct qual q; 5042{ 5043 struct addrinfo *res; 5044 struct in6_addr *addr; 5045 struct in6_addr mask; 5046 struct block *b; 5047 u_int32_t *a, *m; 5048 5049 if (s2) 5050 bpf_error("no mask %s supported", s2); 5051 5052 res = pcap_nametoaddrinfo(s1); 5053 if (!res) 5054 bpf_error("invalid ip6 address %s", s1); 5055 if (res->ai_next) 5056 bpf_error("%s resolved to multiple address", s1); 5057 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr; 5058 5059 if (sizeof(mask) * 8 < masklen) 5060 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8)); 5061 memset(&mask, 0, sizeof(mask)); 5062 memset(&mask, 0xff, masklen / 8); 5063 if (masklen % 8) { 5064 mask.s6_addr[masklen / 8] = 5065 (0xff << (8 - masklen % 8)) & 0xff; 5066 } 5067 5068 a = (u_int32_t *)addr; 5069 m = (u_int32_t *)&mask; 5070 if ((a[0] & ~m[0]) || (a[1] & ~m[1]) 5071 || (a[2] & ~m[2]) || (a[3] & ~m[3])) { 5072 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen); 5073 } 5074 5075 switch (q.addr) { 5076 5077 case Q_DEFAULT: 5078 case Q_HOST: 5079 if (masklen != 128) 5080 bpf_error("Mask syntax for networks only"); 5081 /* FALLTHROUGH */ 5082 5083 case Q_NET: 5084 b = gen_host6(addr, &mask, q.proto, q.dir); 5085 freeaddrinfo(res); 5086 return b; 5087 5088 default: 5089 bpf_error("invalid qualifier against IPv6 address"); 5090 /* NOTREACHED */ 5091 } 5092} 5093#endif /*INET6*/ 5094 5095struct block * 5096gen_ecode(eaddr, q) 5097 register const u_char *eaddr; 5098 struct qual q; 5099{ 5100 struct block *b, *tmp; 5101 5102 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) { 5103 if (linktype == DLT_EN10MB) 5104 return gen_ehostop(eaddr, (int)q.dir); 5105 if (linktype == DLT_FDDI) 5106 return gen_fhostop(eaddr, (int)q.dir); 5107 if (linktype == DLT_IEEE802) 5108 return gen_thostop(eaddr, (int)q.dir);
|
4386 if (linktype == DLT_IEEE802_11)
| 5109 if (linktype == DLT_IEEE802_11 || 5110 linktype == DLT_IEEE802_11_RADIO_AVS || 5111 linktype == DLT_IEEE802_11_RADIO || 5112 linktype == DLT_PRISM_HEADER)
|
4387 return gen_wlanhostop(eaddr, (int)q.dir); 4388 if (linktype == DLT_SUNATM && is_lane) { 4389 /* 4390 * Check that the packet doesn't begin with an 4391 * LE Control marker. (We've already generated 4392 * a test for LANE.) 4393 */
| 5113 return gen_wlanhostop(eaddr, (int)q.dir); 5114 if (linktype == DLT_SUNATM && is_lane) { 5115 /* 5116 * Check that the packet doesn't begin with an 5117 * LE Control marker. (We've already generated 5118 * a test for LANE.) 5119 */
|
4394 tmp = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
| 5120 tmp = gen_cmp(OR_LINK, SUNATM_PKT_BEGIN_POS, BPF_H, 5121 0xFF00);
|
4395 gen_not(tmp); 4396 4397 /* 4398 * Now check the MAC address. 4399 */ 4400 b = gen_ehostop(eaddr, (int)q.dir); 4401 gen_and(tmp, b); 4402 return b; 4403 } 4404 if (linktype == DLT_IP_OVER_FC) 4405 return gen_ipfchostop(eaddr, (int)q.dir); 4406 bpf_error("ethernet addresses supported only on ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel"); 4407 } 4408 bpf_error("ethernet address used in non-ether expression"); 4409 /* NOTREACHED */ 4410} 4411 4412void 4413sappend(s0, s1) 4414 struct slist *s0, *s1; 4415{ 4416 /* 4417 * This is definitely not the best way to do this, but the 4418 * lists will rarely get long. 4419 */ 4420 while (s0->next) 4421 s0 = s0->next; 4422 s0->next = s1; 4423} 4424 4425static struct slist * 4426xfer_to_x(a) 4427 struct arth *a; 4428{ 4429 struct slist *s; 4430 4431 s = new_stmt(BPF_LDX|BPF_MEM); 4432 s->s.k = a->regno; 4433 return s; 4434} 4435 4436static struct slist * 4437xfer_to_a(a) 4438 struct arth *a; 4439{ 4440 struct slist *s; 4441 4442 s = new_stmt(BPF_LD|BPF_MEM); 4443 s->s.k = a->regno; 4444 return s; 4445} 4446
| 5122 gen_not(tmp); 5123 5124 /* 5125 * Now check the MAC address. 5126 */ 5127 b = gen_ehostop(eaddr, (int)q.dir); 5128 gen_and(tmp, b); 5129 return b; 5130 } 5131 if (linktype == DLT_IP_OVER_FC) 5132 return gen_ipfchostop(eaddr, (int)q.dir); 5133 bpf_error("ethernet addresses supported only on ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel"); 5134 } 5135 bpf_error("ethernet address used in non-ether expression"); 5136 /* NOTREACHED */ 5137} 5138 5139void 5140sappend(s0, s1) 5141 struct slist *s0, *s1; 5142{ 5143 /* 5144 * This is definitely not the best way to do this, but the 5145 * lists will rarely get long. 5146 */ 5147 while (s0->next) 5148 s0 = s0->next; 5149 s0->next = s1; 5150} 5151 5152static struct slist * 5153xfer_to_x(a) 5154 struct arth *a; 5155{ 5156 struct slist *s; 5157 5158 s = new_stmt(BPF_LDX|BPF_MEM); 5159 s->s.k = a->regno; 5160 return s; 5161} 5162 5163static struct slist * 5164xfer_to_a(a) 5165 struct arth *a; 5166{ 5167 struct slist *s; 5168 5169 s = new_stmt(BPF_LD|BPF_MEM); 5170 s->s.k = a->regno; 5171 return s; 5172} 5173
|
| 5174/* 5175 * Modify "index" to use the value stored into its register as an 5176 * offset relative to the beginning of the header for the protocol 5177 * "proto", and allocate a register and put an item "size" bytes long 5178 * (1, 2, or 4) at that offset into that register, making it the register 5179 * for "index". 5180 */
|
4447struct arth * 4448gen_load(proto, index, size) 4449 int proto; 4450 struct arth *index; 4451 int size; 4452{ 4453 struct slist *s, *tmp; 4454 struct block *b; 4455 int regno = alloc_reg(); 4456 4457 free_reg(index->regno); 4458 switch (size) { 4459 4460 default: 4461 bpf_error("data size must be 1, 2, or 4"); 4462 4463 case 1: 4464 size = BPF_B; 4465 break; 4466 4467 case 2: 4468 size = BPF_H; 4469 break; 4470 4471 case 4: 4472 size = BPF_W; 4473 break; 4474 } 4475 switch (proto) { 4476 default: 4477 bpf_error("unsupported index operation"); 4478
| 5181struct arth * 5182gen_load(proto, index, size) 5183 int proto; 5184 struct arth *index; 5185 int size; 5186{ 5187 struct slist *s, *tmp; 5188 struct block *b; 5189 int regno = alloc_reg(); 5190 5191 free_reg(index->regno); 5192 switch (size) { 5193 5194 default: 5195 bpf_error("data size must be 1, 2, or 4"); 5196 5197 case 1: 5198 size = BPF_B; 5199 break; 5200 5201 case 2: 5202 size = BPF_H; 5203 break; 5204 5205 case 4: 5206 size = BPF_W; 5207 break; 5208 } 5209 switch (proto) { 5210 default: 5211 bpf_error("unsupported index operation"); 5212
|
| 5213 case Q_RADIO: 5214 /* 5215 * The offset is relative to the beginning of the packet 5216 * data, if we have a radio header. (If we don't, this 5217 * is an error.) 5218 */ 5219 if (linktype != DLT_IEEE802_11_RADIO_AVS && 5220 linktype != DLT_IEEE802_11_RADIO && 5221 linktype != DLT_PRISM_HEADER) 5222 bpf_error("radio information not present in capture"); 5223 5224 /* 5225 * Load into the X register the offset computed into the 5226 * register specifed by "index". 5227 */ 5228 s = xfer_to_x(index); 5229 5230 /* 5231 * Load the item at that offset. 5232 */ 5233 tmp = new_stmt(BPF_LD|BPF_IND|size); 5234 sappend(s, tmp); 5235 sappend(index->s, s); 5236 break; 5237
|
4479 case Q_LINK: 4480 /*
| 5238 case Q_LINK: 5239 /*
|
| 5240 * The offset is relative to the beginning of 5241 * the link-layer header. 5242 *
|
4481 * XXX - what about ATM LANE? Should the index be 4482 * relative to the beginning of the AAL5 frame, so 4483 * that 0 refers to the beginning of the LE Control 4484 * field, or relative to the beginning of the LAN 4485 * frame, so that 0 refers, for Ethernet LANE, to 4486 * the beginning of the destination address? 4487 */
| 5243 * XXX - what about ATM LANE? Should the index be 5244 * relative to the beginning of the AAL5 frame, so 5245 * that 0 refers to the beginning of the LE Control 5246 * field, or relative to the beginning of the LAN 5247 * frame, so that 0 refers, for Ethernet LANE, to 5248 * the beginning of the destination address? 5249 */
|
4488 s = xfer_to_x(index);
| 5250 s = gen_llprefixlen(); 5251 5252 /* 5253 * If "s" is non-null, it has code to arrange that the 5254 * X register contains the length of the prefix preceding 5255 * the link-layer header. Add to it the offset computed 5256 * into the register specified by "index", and move that 5257 * into the X register. Otherwise, just load into the X 5258 * register the offset computed into the register specifed 5259 * by "index". 5260 */ 5261 if (s != NULL) { 5262 sappend(s, xfer_to_a(index)); 5263 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X)); 5264 sappend(s, new_stmt(BPF_MISC|BPF_TAX)); 5265 } else 5266 s = xfer_to_x(index); 5267 5268 /* 5269 * Load the item at the sum of the offset we've put in the 5270 * X register and the offset of the start of the link 5271 * layer header (which is 0 if the radio header is 5272 * variable-length; that header length is what we put 5273 * into the X register and then added to the index). 5274 */
|
4489 tmp = new_stmt(BPF_LD|BPF_IND|size);
| 5275 tmp = new_stmt(BPF_LD|BPF_IND|size);
|
| 5276 tmp->s.k = off_ll;
|
4490 sappend(s, tmp); 4491 sappend(index->s, s); 4492 break; 4493 4494 case Q_IP: 4495 case Q_ARP: 4496 case Q_RARP: 4497 case Q_ATALK: 4498 case Q_DECNET: 4499 case Q_SCA: 4500 case Q_LAT: 4501 case Q_MOPRC: 4502 case Q_MOPDL: 4503#ifdef INET6 4504 case Q_IPV6: 4505#endif
| 5277 sappend(s, tmp); 5278 sappend(index->s, s); 5279 break; 5280 5281 case Q_IP: 5282 case Q_ARP: 5283 case Q_RARP: 5284 case Q_ATALK: 5285 case Q_DECNET: 5286 case Q_SCA: 5287 case Q_LAT: 5288 case Q_MOPRC: 5289 case Q_MOPDL: 5290#ifdef INET6 5291 case Q_IPV6: 5292#endif
|
4506 /* XXX Note that we assume a fixed link header here. */ 4507 s = xfer_to_x(index);
| 5293 /* 5294 * The offset is relative to the beginning of 5295 * the network-layer header. 5296 * XXX - are there any cases where we want 5297 * off_nl_nosnap? 5298 */ 5299 s = gen_llprefixlen(); 5300 5301 /* 5302 * If "s" is non-null, it has code to arrange that the 5303 * X register contains the length of the prefix preceding 5304 * the link-layer header. Add to it the offset computed 5305 * into the register specified by "index", and move that 5306 * into the X register. Otherwise, just load into the X 5307 * register the offset computed into the register specifed 5308 * by "index". 5309 */ 5310 if (s != NULL) { 5311 sappend(s, xfer_to_a(index)); 5312 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X)); 5313 sappend(s, new_stmt(BPF_MISC|BPF_TAX)); 5314 } else 5315 s = xfer_to_x(index); 5316 5317 /* 5318 * Load the item at the sum of the offset we've put in the 5319 * X register and the offset of the start of the network 5320 * layer header. 5321 */
|
4508 tmp = new_stmt(BPF_LD|BPF_IND|size); 4509 tmp->s.k = off_nl; 4510 sappend(s, tmp); 4511 sappend(index->s, s); 4512
| 5322 tmp = new_stmt(BPF_LD|BPF_IND|size); 5323 tmp->s.k = off_nl; 5324 sappend(s, tmp); 5325 sappend(index->s, s); 5326
|
| 5327 /* 5328 * Do the computation only if the packet contains 5329 * the protocol in question. 5330 */
|
4513 b = gen_proto_abbrev(proto); 4514 if (index->b) 4515 gen_and(index->b, b); 4516 index->b = b; 4517 break; 4518 4519 case Q_SCTP: 4520 case Q_TCP: 4521 case Q_UDP: 4522 case Q_ICMP: 4523 case Q_IGMP: 4524 case Q_IGRP: 4525 case Q_PIM: 4526 case Q_VRRP:
| 5331 b = gen_proto_abbrev(proto); 5332 if (index->b) 5333 gen_and(index->b, b); 5334 index->b = b; 5335 break; 5336 5337 case Q_SCTP: 5338 case Q_TCP: 5339 case Q_UDP: 5340 case Q_ICMP: 5341 case Q_IGMP: 5342 case Q_IGRP: 5343 case Q_PIM: 5344 case Q_VRRP:
|
4527 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 4528 s->s.k = off_nl;
| 5345 /* 5346 * The offset is relative to the beginning of 5347 * the transport-layer header. 5348 * XXX - are there any cases where we want 5349 * off_nl_nosnap? 5350 * XXX - we should, if we're built with 5351 * IPv6 support, generate code to load either 5352 * IPv4, IPv6, or both, as appropriate. 5353 */ 5354 s = gen_loadx_iphdrlen(); 5355 5356 /* 5357 * The X register now contains the sum of the offset 5358 * of the beginning of the link-layer header and 5359 * the length of the network-layer header. Load 5360 * into the A register the offset relative to 5361 * the beginning of the transport layer header, 5362 * add the X register to that, move that to the 5363 * X register, and load with an offset from the 5364 * X register equal to the offset of the network 5365 * layer header relative to the beginning of 5366 * the link-layer header. 5367 */
|
4529 sappend(s, xfer_to_a(index)); 4530 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X)); 4531 sappend(s, new_stmt(BPF_MISC|BPF_TAX)); 4532 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size)); 4533 tmp->s.k = off_nl; 4534 sappend(index->s, s); 4535
| 5368 sappend(s, xfer_to_a(index)); 5369 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X)); 5370 sappend(s, new_stmt(BPF_MISC|BPF_TAX)); 5371 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size)); 5372 tmp->s.k = off_nl; 5373 sappend(index->s, s); 5374
|
| 5375 /* 5376 * Do the computation only if the packet contains 5377 * the protocol in question - which is true only 5378 * if this is an IP datagram and is the first or 5379 * only fragment of that datagram. 5380 */
|
4536 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag()); 4537 if (index->b) 4538 gen_and(index->b, b); 4539#ifdef INET6 4540 gen_and(gen_proto_abbrev(Q_IP), b); 4541#endif 4542 index->b = b; 4543 break; 4544#ifdef INET6 4545 case Q_ICMPV6: 4546 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]"); 4547 /*NOTREACHED*/ 4548#endif 4549 } 4550 index->regno = regno; 4551 s = new_stmt(BPF_ST); 4552 s->s.k = regno; 4553 sappend(index->s, s); 4554 4555 return index; 4556} 4557 4558struct block * 4559gen_relation(code, a0, a1, reversed) 4560 int code; 4561 struct arth *a0, *a1; 4562 int reversed; 4563{ 4564 struct slist *s0, *s1, *s2; 4565 struct block *b, *tmp; 4566 4567 s0 = xfer_to_x(a1); 4568 s1 = xfer_to_a(a0); 4569 if (code == BPF_JEQ) { 4570 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X); 4571 b = new_block(JMP(code)); 4572 sappend(s1, s2); 4573 } 4574 else 4575 b = new_block(BPF_JMP|code|BPF_X); 4576 if (reversed) 4577 gen_not(b); 4578 4579 sappend(s0, s1); 4580 sappend(a1->s, s0); 4581 sappend(a0->s, a1->s); 4582 4583 b->stmts = a0->s; 4584 4585 free_reg(a0->regno); 4586 free_reg(a1->regno); 4587 4588 /* 'and' together protocol checks */ 4589 if (a0->b) { 4590 if (a1->b) { 4591 gen_and(a0->b, tmp = a1->b); 4592 } 4593 else 4594 tmp = a0->b; 4595 } else 4596 tmp = a1->b; 4597 4598 if (tmp) 4599 gen_and(tmp, b); 4600 4601 return b; 4602} 4603 4604struct arth * 4605gen_loadlen() 4606{ 4607 int regno = alloc_reg(); 4608 struct arth *a = (struct arth *)newchunk(sizeof(*a)); 4609 struct slist *s; 4610 4611 s = new_stmt(BPF_LD|BPF_LEN); 4612 s->next = new_stmt(BPF_ST); 4613 s->next->s.k = regno; 4614 a->s = s; 4615 a->regno = regno; 4616 4617 return a; 4618} 4619 4620struct arth * 4621gen_loadi(val) 4622 int val; 4623{ 4624 struct arth *a; 4625 struct slist *s; 4626 int reg; 4627 4628 a = (struct arth *)newchunk(sizeof(*a)); 4629 4630 reg = alloc_reg(); 4631 4632 s = new_stmt(BPF_LD|BPF_IMM); 4633 s->s.k = val; 4634 s->next = new_stmt(BPF_ST); 4635 s->next->s.k = reg; 4636 a->s = s; 4637 a->regno = reg; 4638 4639 return a; 4640} 4641 4642struct arth * 4643gen_neg(a) 4644 struct arth *a; 4645{ 4646 struct slist *s; 4647 4648 s = xfer_to_a(a); 4649 sappend(a->s, s); 4650 s = new_stmt(BPF_ALU|BPF_NEG); 4651 s->s.k = 0; 4652 sappend(a->s, s); 4653 s = new_stmt(BPF_ST); 4654 s->s.k = a->regno; 4655 sappend(a->s, s); 4656 4657 return a; 4658} 4659 4660struct arth * 4661gen_arth(code, a0, a1) 4662 int code; 4663 struct arth *a0, *a1; 4664{ 4665 struct slist *s0, *s1, *s2; 4666 4667 s0 = xfer_to_x(a1); 4668 s1 = xfer_to_a(a0); 4669 s2 = new_stmt(BPF_ALU|BPF_X|code); 4670 4671 sappend(s1, s2); 4672 sappend(s0, s1); 4673 sappend(a1->s, s0); 4674 sappend(a0->s, a1->s); 4675 4676 free_reg(a0->regno); 4677 free_reg(a1->regno); 4678 4679 s0 = new_stmt(BPF_ST); 4680 a0->regno = s0->s.k = alloc_reg(); 4681 sappend(a0->s, s0); 4682 4683 return a0; 4684} 4685 4686/* 4687 * Here we handle simple allocation of the scratch registers. 4688 * If too many registers are alloc'd, the allocator punts. 4689 */ 4690static int regused[BPF_MEMWORDS]; 4691static int curreg; 4692 4693/* 4694 * Return the next free register. 4695 */ 4696static int 4697alloc_reg() 4698{ 4699 int n = BPF_MEMWORDS; 4700 4701 while (--n >= 0) { 4702 if (regused[curreg]) 4703 curreg = (curreg + 1) % BPF_MEMWORDS; 4704 else { 4705 regused[curreg] = 1; 4706 return curreg; 4707 } 4708 } 4709 bpf_error("too many registers needed to evaluate expression"); 4710 /* NOTREACHED */ 4711} 4712 4713/* 4714 * Return a register to the table so it can 4715 * be used later. 4716 */ 4717static void 4718free_reg(n) 4719 int n; 4720{ 4721 regused[n] = 0; 4722} 4723 4724static struct block * 4725gen_len(jmp, n) 4726 int jmp, n; 4727{ 4728 struct slist *s; 4729 struct block *b; 4730 4731 s = new_stmt(BPF_LD|BPF_LEN); 4732 b = new_block(JMP(jmp)); 4733 b->stmts = s; 4734 b->s.k = n; 4735 4736 return b; 4737} 4738 4739struct block * 4740gen_greater(n) 4741 int n; 4742{ 4743 return gen_len(BPF_JGE, n); 4744} 4745 4746/* 4747 * Actually, this is less than or equal. 4748 */ 4749struct block * 4750gen_less(n) 4751 int n; 4752{ 4753 struct block *b; 4754 4755 b = gen_len(BPF_JGT, n); 4756 gen_not(b); 4757 4758 return b; 4759} 4760
| 5381 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag()); 5382 if (index->b) 5383 gen_and(index->b, b); 5384#ifdef INET6 5385 gen_and(gen_proto_abbrev(Q_IP), b); 5386#endif 5387 index->b = b; 5388 break; 5389#ifdef INET6 5390 case Q_ICMPV6: 5391 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]"); 5392 /*NOTREACHED*/ 5393#endif 5394 } 5395 index->regno = regno; 5396 s = new_stmt(BPF_ST); 5397 s->s.k = regno; 5398 sappend(index->s, s); 5399 5400 return index; 5401} 5402 5403struct block * 5404gen_relation(code, a0, a1, reversed) 5405 int code; 5406 struct arth *a0, *a1; 5407 int reversed; 5408{ 5409 struct slist *s0, *s1, *s2; 5410 struct block *b, *tmp; 5411 5412 s0 = xfer_to_x(a1); 5413 s1 = xfer_to_a(a0); 5414 if (code == BPF_JEQ) { 5415 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X); 5416 b = new_block(JMP(code)); 5417 sappend(s1, s2); 5418 } 5419 else 5420 b = new_block(BPF_JMP|code|BPF_X); 5421 if (reversed) 5422 gen_not(b); 5423 5424 sappend(s0, s1); 5425 sappend(a1->s, s0); 5426 sappend(a0->s, a1->s); 5427 5428 b->stmts = a0->s; 5429 5430 free_reg(a0->regno); 5431 free_reg(a1->regno); 5432 5433 /* 'and' together protocol checks */ 5434 if (a0->b) { 5435 if (a1->b) { 5436 gen_and(a0->b, tmp = a1->b); 5437 } 5438 else 5439 tmp = a0->b; 5440 } else 5441 tmp = a1->b; 5442 5443 if (tmp) 5444 gen_and(tmp, b); 5445 5446 return b; 5447} 5448 5449struct arth * 5450gen_loadlen() 5451{ 5452 int regno = alloc_reg(); 5453 struct arth *a = (struct arth *)newchunk(sizeof(*a)); 5454 struct slist *s; 5455 5456 s = new_stmt(BPF_LD|BPF_LEN); 5457 s->next = new_stmt(BPF_ST); 5458 s->next->s.k = regno; 5459 a->s = s; 5460 a->regno = regno; 5461 5462 return a; 5463} 5464 5465struct arth * 5466gen_loadi(val) 5467 int val; 5468{ 5469 struct arth *a; 5470 struct slist *s; 5471 int reg; 5472 5473 a = (struct arth *)newchunk(sizeof(*a)); 5474 5475 reg = alloc_reg(); 5476 5477 s = new_stmt(BPF_LD|BPF_IMM); 5478 s->s.k = val; 5479 s->next = new_stmt(BPF_ST); 5480 s->next->s.k = reg; 5481 a->s = s; 5482 a->regno = reg; 5483 5484 return a; 5485} 5486 5487struct arth * 5488gen_neg(a) 5489 struct arth *a; 5490{ 5491 struct slist *s; 5492 5493 s = xfer_to_a(a); 5494 sappend(a->s, s); 5495 s = new_stmt(BPF_ALU|BPF_NEG); 5496 s->s.k = 0; 5497 sappend(a->s, s); 5498 s = new_stmt(BPF_ST); 5499 s->s.k = a->regno; 5500 sappend(a->s, s); 5501 5502 return a; 5503} 5504 5505struct arth * 5506gen_arth(code, a0, a1) 5507 int code; 5508 struct arth *a0, *a1; 5509{ 5510 struct slist *s0, *s1, *s2; 5511 5512 s0 = xfer_to_x(a1); 5513 s1 = xfer_to_a(a0); 5514 s2 = new_stmt(BPF_ALU|BPF_X|code); 5515 5516 sappend(s1, s2); 5517 sappend(s0, s1); 5518 sappend(a1->s, s0); 5519 sappend(a0->s, a1->s); 5520 5521 free_reg(a0->regno); 5522 free_reg(a1->regno); 5523 5524 s0 = new_stmt(BPF_ST); 5525 a0->regno = s0->s.k = alloc_reg(); 5526 sappend(a0->s, s0); 5527 5528 return a0; 5529} 5530 5531/* 5532 * Here we handle simple allocation of the scratch registers. 5533 * If too many registers are alloc'd, the allocator punts. 5534 */ 5535static int regused[BPF_MEMWORDS]; 5536static int curreg; 5537 5538/* 5539 * Return the next free register. 5540 */ 5541static int 5542alloc_reg() 5543{ 5544 int n = BPF_MEMWORDS; 5545 5546 while (--n >= 0) { 5547 if (regused[curreg]) 5548 curreg = (curreg + 1) % BPF_MEMWORDS; 5549 else { 5550 regused[curreg] = 1; 5551 return curreg; 5552 } 5553 } 5554 bpf_error("too many registers needed to evaluate expression"); 5555 /* NOTREACHED */ 5556} 5557 5558/* 5559 * Return a register to the table so it can 5560 * be used later. 5561 */ 5562static void 5563free_reg(n) 5564 int n; 5565{ 5566 regused[n] = 0; 5567} 5568 5569static struct block * 5570gen_len(jmp, n) 5571 int jmp, n; 5572{ 5573 struct slist *s; 5574 struct block *b; 5575 5576 s = new_stmt(BPF_LD|BPF_LEN); 5577 b = new_block(JMP(jmp)); 5578 b->stmts = s; 5579 b->s.k = n; 5580 5581 return b; 5582} 5583 5584struct block * 5585gen_greater(n) 5586 int n; 5587{ 5588 return gen_len(BPF_JGE, n); 5589} 5590 5591/* 5592 * Actually, this is less than or equal. 5593 */ 5594struct block * 5595gen_less(n) 5596 int n; 5597{ 5598 struct block *b; 5599 5600 b = gen_len(BPF_JGT, n); 5601 gen_not(b); 5602 5603 return b; 5604} 5605
|
| 5606/* 5607 * This is for "byte {idx} {op} {val}"; "idx" is treated as relative to 5608 * the beginning of the link-layer header. 5609 * XXX - that means you can't test values in the radiotap header, but 5610 * as that header is difficult if not impossible to parse generally 5611 * without a loop, that might not be a severe problem. A new keyword 5612 * "radio" could be added for that, although what you'd really want 5613 * would be a way of testing particular radio header values, which 5614 * would generate code appropriate to the radio header in question. 5615 */
|
4761struct block * 4762gen_byteop(op, idx, val) 4763 int op, idx, val; 4764{ 4765 struct block *b; 4766 struct slist *s; 4767 4768 switch (op) { 4769 default: 4770 abort(); 4771 4772 case '=':
| 5616struct block * 5617gen_byteop(op, idx, val) 5618 int op, idx, val; 5619{ 5620 struct block *b; 5621 struct slist *s; 5622 5623 switch (op) { 5624 default: 5625 abort(); 5626 5627 case '=':
|
4773 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
| 5628 return gen_cmp(OR_LINK, (u_int)idx, BPF_B, (bpf_int32)val);
|
4774 4775 case '<':
| 5629 5630 case '<':
|
4776 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 4777 b->s.code = JMP(BPF_JGE); 4778 gen_not(b);
| 5631 b = gen_cmp_lt(OR_LINK, (u_int)idx, BPF_B, (bpf_int32)val);
|
4779 return b; 4780 4781 case '>':
| 5632 return b; 5633 5634 case '>':
|
4782 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 4783 b->s.code = JMP(BPF_JGT);
| 5635 b = gen_cmp_gt(OR_LINK, (u_int)idx, BPF_B, (bpf_int32)val);
|
4784 return b; 4785 4786 case '|': 4787 s = new_stmt(BPF_ALU|BPF_OR|BPF_K); 4788 break; 4789 4790 case '&': 4791 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 4792 break; 4793 } 4794 s->s.k = val; 4795 b = new_block(JMP(BPF_JEQ)); 4796 b->stmts = s; 4797 gen_not(b); 4798 4799 return b; 4800} 4801 4802static u_char abroadcast[] = { 0x0 }; 4803 4804struct block * 4805gen_broadcast(proto) 4806 int proto; 4807{ 4808 bpf_u_int32 hostmask; 4809 struct block *b0, *b1, *b2; 4810 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 4811 4812 switch (proto) { 4813 4814 case Q_DEFAULT: 4815 case Q_LINK: 4816 if (linktype == DLT_ARCNET || linktype == DLT_ARCNET_LINUX) 4817 return gen_ahostop(abroadcast, Q_DST); 4818 if (linktype == DLT_EN10MB) 4819 return gen_ehostop(ebroadcast, Q_DST); 4820 if (linktype == DLT_FDDI) 4821 return gen_fhostop(ebroadcast, Q_DST); 4822 if (linktype == DLT_IEEE802) 4823 return gen_thostop(ebroadcast, Q_DST);
| 5636 return b; 5637 5638 case '|': 5639 s = new_stmt(BPF_ALU|BPF_OR|BPF_K); 5640 break; 5641 5642 case '&': 5643 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 5644 break; 5645 } 5646 s->s.k = val; 5647 b = new_block(JMP(BPF_JEQ)); 5648 b->stmts = s; 5649 gen_not(b); 5650 5651 return b; 5652} 5653 5654static u_char abroadcast[] = { 0x0 }; 5655 5656struct block * 5657gen_broadcast(proto) 5658 int proto; 5659{ 5660 bpf_u_int32 hostmask; 5661 struct block *b0, *b1, *b2; 5662 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 5663 5664 switch (proto) { 5665 5666 case Q_DEFAULT: 5667 case Q_LINK: 5668 if (linktype == DLT_ARCNET || linktype == DLT_ARCNET_LINUX) 5669 return gen_ahostop(abroadcast, Q_DST); 5670 if (linktype == DLT_EN10MB) 5671 return gen_ehostop(ebroadcast, Q_DST); 5672 if (linktype == DLT_FDDI) 5673 return gen_fhostop(ebroadcast, Q_DST); 5674 if (linktype == DLT_IEEE802) 5675 return gen_thostop(ebroadcast, Q_DST);
|
4824 if (linktype == DLT_IEEE802_11)
| 5676 if (linktype == DLT_IEEE802_11 || 5677 linktype == DLT_IEEE802_11_RADIO_AVS || 5678 linktype == DLT_IEEE802_11_RADIO || 5679 linktype == DLT_PRISM_HEADER)
|
4825 return gen_wlanhostop(ebroadcast, Q_DST); 4826 if (linktype == DLT_IP_OVER_FC) 4827 return gen_ipfchostop(ebroadcast, Q_DST); 4828 if (linktype == DLT_SUNATM && is_lane) { 4829 /* 4830 * Check that the packet doesn't begin with an 4831 * LE Control marker. (We've already generated 4832 * a test for LANE.) 4833 */
| 5680 return gen_wlanhostop(ebroadcast, Q_DST); 5681 if (linktype == DLT_IP_OVER_FC) 5682 return gen_ipfchostop(ebroadcast, Q_DST); 5683 if (linktype == DLT_SUNATM && is_lane) { 5684 /* 5685 * Check that the packet doesn't begin with an 5686 * LE Control marker. (We've already generated 5687 * a test for LANE.) 5688 */
|
4834 b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
| 5689 b1 = gen_cmp(OR_LINK, SUNATM_PKT_BEGIN_POS, BPF_H, 5690 0xFF00);
|
4835 gen_not(b1); 4836 4837 /* 4838 * Now check the MAC address. 4839 */ 4840 b0 = gen_ehostop(ebroadcast, Q_DST); 4841 gen_and(b1, b0); 4842 return b0; 4843 } 4844 bpf_error("not a broadcast link"); 4845 break; 4846 4847 case Q_IP: 4848 b0 = gen_linktype(ETHERTYPE_IP); 4849 hostmask = ~netmask;
| 5691 gen_not(b1); 5692 5693 /* 5694 * Now check the MAC address. 5695 */ 5696 b0 = gen_ehostop(ebroadcast, Q_DST); 5697 gen_and(b1, b0); 5698 return b0; 5699 } 5700 bpf_error("not a broadcast link"); 5701 break; 5702 5703 case Q_IP: 5704 b0 = gen_linktype(ETHERTYPE_IP); 5705 hostmask = ~netmask;
|
4850 b1 = gen_mcmp(off_nl + 16, BPF_W, (bpf_int32)0, hostmask); 4851 b2 = gen_mcmp(off_nl + 16, BPF_W,
| 5706 b1 = gen_mcmp(OR_NET, 16, BPF_W, (bpf_int32)0, hostmask); 5707 b2 = gen_mcmp(OR_NET, 16, BPF_W,
|
4852 (bpf_int32)(~0 & hostmask), hostmask); 4853 gen_or(b1, b2); 4854 gen_and(b0, b2); 4855 return b2; 4856 } 4857 bpf_error("only link-layer/IP broadcast filters supported"); 4858 /* NOTREACHED */ 4859} 4860 4861/* 4862 * Generate code to test the low-order bit of a MAC address (that's 4863 * the bottom bit of the *first* byte). 4864 */ 4865static struct block * 4866gen_mac_multicast(offset) 4867 int offset; 4868{ 4869 register struct block *b0; 4870 register struct slist *s; 4871 4872 /* link[offset] & 1 != 0 */
| 5708 (bpf_int32)(~0 & hostmask), hostmask); 5709 gen_or(b1, b2); 5710 gen_and(b0, b2); 5711 return b2; 5712 } 5713 bpf_error("only link-layer/IP broadcast filters supported"); 5714 /* NOTREACHED */ 5715} 5716 5717/* 5718 * Generate code to test the low-order bit of a MAC address (that's 5719 * the bottom bit of the *first* byte). 5720 */ 5721static struct block * 5722gen_mac_multicast(offset) 5723 int offset; 5724{ 5725 register struct block *b0; 5726 register struct slist *s; 5727 5728 /* link[offset] & 1 != 0 */
|
4873 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 4874 s->s.k = offset;
| 5729 s = gen_load_a(OR_LINK, offset, BPF_B);
|
4875 b0 = new_block(JMP(BPF_JSET)); 4876 b0->s.k = 1; 4877 b0->stmts = s; 4878 return b0; 4879} 4880 4881struct block * 4882gen_multicast(proto) 4883 int proto; 4884{ 4885 register struct block *b0, *b1, *b2; 4886 register struct slist *s; 4887 4888 switch (proto) { 4889 4890 case Q_DEFAULT: 4891 case Q_LINK: 4892 if (linktype == DLT_ARCNET || linktype == DLT_ARCNET_LINUX) 4893 /* all ARCnet multicasts use the same address */ 4894 return gen_ahostop(abroadcast, Q_DST); 4895 4896 if (linktype == DLT_EN10MB) { 4897 /* ether[0] & 1 != 0 */ 4898 return gen_mac_multicast(0); 4899 } 4900 4901 if (linktype == DLT_FDDI) { 4902 /* 4903 * XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX 4904 * 4905 * XXX - was that referring to bit-order issues? 4906 */ 4907 /* fddi[1] & 1 != 0 */ 4908 return gen_mac_multicast(1); 4909 } 4910 4911 if (linktype == DLT_IEEE802) { 4912 /* tr[2] & 1 != 0 */ 4913 return gen_mac_multicast(2); 4914 } 4915
| 5730 b0 = new_block(JMP(BPF_JSET)); 5731 b0->s.k = 1; 5732 b0->stmts = s; 5733 return b0; 5734} 5735 5736struct block * 5737gen_multicast(proto) 5738 int proto; 5739{ 5740 register struct block *b0, *b1, *b2; 5741 register struct slist *s; 5742 5743 switch (proto) { 5744 5745 case Q_DEFAULT: 5746 case Q_LINK: 5747 if (linktype == DLT_ARCNET || linktype == DLT_ARCNET_LINUX) 5748 /* all ARCnet multicasts use the same address */ 5749 return gen_ahostop(abroadcast, Q_DST); 5750 5751 if (linktype == DLT_EN10MB) { 5752 /* ether[0] & 1 != 0 */ 5753 return gen_mac_multicast(0); 5754 } 5755 5756 if (linktype == DLT_FDDI) { 5757 /* 5758 * XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX 5759 * 5760 * XXX - was that referring to bit-order issues? 5761 */ 5762 /* fddi[1] & 1 != 0 */ 5763 return gen_mac_multicast(1); 5764 } 5765 5766 if (linktype == DLT_IEEE802) { 5767 /* tr[2] & 1 != 0 */ 5768 return gen_mac_multicast(2); 5769 } 5770
|
4916 if (linktype == DLT_IEEE802_11) {
| 5771 if (linktype == DLT_IEEE802_11 || 5772 linktype == DLT_IEEE802_11_RADIO_AVS || 5773 linktype == DLT_IEEE802_11_RADIO || 5774 linktype == DLT_PRISM_HEADER) {
|
4917 /* 4918 * Oh, yuk. 4919 * 4920 * For control frames, there is no DA. 4921 * 4922 * For management frames, DA is at an 4923 * offset of 4 from the beginning of 4924 * the packet. 4925 * 4926 * For data frames, DA is at an offset 4927 * of 4 from the beginning of the packet 4928 * if To DS is clear and at an offset of 4929 * 16 from the beginning of the packet 4930 * if To DS is set. 4931 */ 4932 4933 /* 4934 * Generate the tests to be done for data frames. 4935 * 4936 * First, check for To DS set, i.e. "link[1] & 0x01". 4937 */
| 5775 /* 5776 * Oh, yuk. 5777 * 5778 * For control frames, there is no DA. 5779 * 5780 * For management frames, DA is at an 5781 * offset of 4 from the beginning of 5782 * the packet. 5783 * 5784 * For data frames, DA is at an offset 5785 * of 4 from the beginning of the packet 5786 * if To DS is clear and at an offset of 5787 * 16 from the beginning of the packet 5788 * if To DS is set. 5789 */ 5790 5791 /* 5792 * Generate the tests to be done for data frames. 5793 * 5794 * First, check for To DS set, i.e. "link[1] & 0x01". 5795 */
|
4938 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 4939 s->s.k = 1;
| 5796 s = gen_load_a(OR_LINK, 1, BPF_B);
|
4940 b1 = new_block(JMP(BPF_JSET)); 4941 b1->s.k = 0x01; /* To DS */ 4942 b1->stmts = s; 4943 4944 /* 4945 * If To DS is set, the DA is at 16. 4946 */ 4947 b0 = gen_mac_multicast(16); 4948 gen_and(b1, b0); 4949 4950 /* 4951 * Now, check for To DS not set, i.e. check 4952 * "!(link[1] & 0x01)". 4953 */
| 5797 b1 = new_block(JMP(BPF_JSET)); 5798 b1->s.k = 0x01; /* To DS */ 5799 b1->stmts = s; 5800 5801 /* 5802 * If To DS is set, the DA is at 16. 5803 */ 5804 b0 = gen_mac_multicast(16); 5805 gen_and(b1, b0); 5806 5807 /* 5808 * Now, check for To DS not set, i.e. check 5809 * "!(link[1] & 0x01)". 5810 */
|
4954 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 4955 s->s.k = 1;
| 5811 s = gen_load_a(OR_LINK, 1, BPF_B);
|
4956 b2 = new_block(JMP(BPF_JSET)); 4957 b2->s.k = 0x01; /* To DS */ 4958 b2->stmts = s; 4959 gen_not(b2); 4960 4961 /* 4962 * If To DS is not set, the DA is at 4. 4963 */ 4964 b1 = gen_mac_multicast(4); 4965 gen_and(b2, b1); 4966 4967 /* 4968 * Now OR together the last two checks. That gives 4969 * the complete set of checks for data frames. 4970 */ 4971 gen_or(b1, b0); 4972 4973 /* 4974 * Now check for a data frame. 4975 * I.e, check "link[0] & 0x08". 4976 */
| 5812 b2 = new_block(JMP(BPF_JSET)); 5813 b2->s.k = 0x01; /* To DS */ 5814 b2->stmts = s; 5815 gen_not(b2); 5816 5817 /* 5818 * If To DS is not set, the DA is at 4. 5819 */ 5820 b1 = gen_mac_multicast(4); 5821 gen_and(b2, b1); 5822 5823 /* 5824 * Now OR together the last two checks. That gives 5825 * the complete set of checks for data frames. 5826 */ 5827 gen_or(b1, b0); 5828 5829 /* 5830 * Now check for a data frame. 5831 * I.e, check "link[0] & 0x08". 5832 */
|
4977 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 4978 s->s.k = 0;
| 5833 s = gen_load_a(OR_LINK, 0, BPF_B);
|
4979 b1 = new_block(JMP(BPF_JSET)); 4980 b1->s.k = 0x08; 4981 b1->stmts = s; 4982 4983 /* 4984 * AND that with the checks done for data frames. 4985 */ 4986 gen_and(b1, b0); 4987 4988 /* 4989 * If the high-order bit of the type value is 0, this 4990 * is a management frame. 4991 * I.e, check "!(link[0] & 0x08)". 4992 */
| 5834 b1 = new_block(JMP(BPF_JSET)); 5835 b1->s.k = 0x08; 5836 b1->stmts = s; 5837 5838 /* 5839 * AND that with the checks done for data frames. 5840 */ 5841 gen_and(b1, b0); 5842 5843 /* 5844 * If the high-order bit of the type value is 0, this 5845 * is a management frame. 5846 * I.e, check "!(link[0] & 0x08)". 5847 */
|
4993 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 4994 s->s.k = 0;
| 5848 s = gen_load_a(OR_LINK, 0, BPF_B);
|
4995 b2 = new_block(JMP(BPF_JSET)); 4996 b2->s.k = 0x08; 4997 b2->stmts = s; 4998 gen_not(b2); 4999 5000 /* 5001 * For management frames, the DA is at 4. 5002 */ 5003 b1 = gen_mac_multicast(4); 5004 gen_and(b2, b1); 5005 5006 /* 5007 * OR that with the checks done for data frames. 5008 * That gives the checks done for management and 5009 * data frames. 5010 */ 5011 gen_or(b1, b0); 5012 5013 /* 5014 * If the low-order bit of the type value is 1, 5015 * this is either a control frame or a frame 5016 * with a reserved type, and thus not a 5017 * frame with an SA. 5018 * 5019 * I.e., check "!(link[0] & 0x04)". 5020 */
| 5849 b2 = new_block(JMP(BPF_JSET)); 5850 b2->s.k = 0x08; 5851 b2->stmts = s; 5852 gen_not(b2); 5853 5854 /* 5855 * For management frames, the DA is at 4. 5856 */ 5857 b1 = gen_mac_multicast(4); 5858 gen_and(b2, b1); 5859 5860 /* 5861 * OR that with the checks done for data frames. 5862 * That gives the checks done for management and 5863 * data frames. 5864 */ 5865 gen_or(b1, b0); 5866 5867 /* 5868 * If the low-order bit of the type value is 1, 5869 * this is either a control frame or a frame 5870 * with a reserved type, and thus not a 5871 * frame with an SA. 5872 * 5873 * I.e., check "!(link[0] & 0x04)". 5874 */
|
5021 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 5022 s->s.k = 0;
| 5875 s = gen_load_a(OR_LINK, 0, BPF_B);
|
5023 b1 = new_block(JMP(BPF_JSET)); 5024 b1->s.k = 0x04; 5025 b1->stmts = s; 5026 gen_not(b1); 5027 5028 /* 5029 * AND that with the checks for data and management 5030 * frames. 5031 */ 5032 gen_and(b1, b0); 5033 return b0; 5034 } 5035 5036 if (linktype == DLT_IP_OVER_FC) { 5037 b0 = gen_mac_multicast(2); 5038 return b0; 5039 } 5040 5041 if (linktype == DLT_SUNATM && is_lane) { 5042 /* 5043 * Check that the packet doesn't begin with an 5044 * LE Control marker. (We've already generated 5045 * a test for LANE.) 5046 */
| 5876 b1 = new_block(JMP(BPF_JSET)); 5877 b1->s.k = 0x04; 5878 b1->stmts = s; 5879 gen_not(b1); 5880 5881 /* 5882 * AND that with the checks for data and management 5883 * frames. 5884 */ 5885 gen_and(b1, b0); 5886 return b0; 5887 } 5888 5889 if (linktype == DLT_IP_OVER_FC) { 5890 b0 = gen_mac_multicast(2); 5891 return b0; 5892 } 5893 5894 if (linktype == DLT_SUNATM && is_lane) { 5895 /* 5896 * Check that the packet doesn't begin with an 5897 * LE Control marker. (We've already generated 5898 * a test for LANE.) 5899 */
|
5047 b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
| 5900 b1 = gen_cmp(OR_LINK, SUNATM_PKT_BEGIN_POS, BPF_H, 5901 0xFF00);
|
5048 gen_not(b1); 5049 5050 /* ether[off_mac] & 1 != 0 */ 5051 b0 = gen_mac_multicast(off_mac); 5052 gen_and(b1, b0); 5053 return b0; 5054 } 5055 5056 /* Link not known to support multicasts */ 5057 break; 5058 5059 case Q_IP: 5060 b0 = gen_linktype(ETHERTYPE_IP);
| 5902 gen_not(b1); 5903 5904 /* ether[off_mac] & 1 != 0 */ 5905 b0 = gen_mac_multicast(off_mac); 5906 gen_and(b1, b0); 5907 return b0; 5908 } 5909 5910 /* Link not known to support multicasts */ 5911 break; 5912 5913 case Q_IP: 5914 b0 = gen_linktype(ETHERTYPE_IP);
|
5061 b1 = gen_cmp(off_nl + 16, BPF_B, (bpf_int32)224); 5062 b1->s.code = JMP(BPF_JGE);
| 5915 b1 = gen_cmp_ge(OR_NET, 16, BPF_B, (bpf_int32)224);
|
5063 gen_and(b0, b1); 5064 return b1; 5065 5066#ifdef INET6 5067 case Q_IPV6: 5068 b0 = gen_linktype(ETHERTYPE_IPV6);
| 5916 gen_and(b0, b1); 5917 return b1; 5918 5919#ifdef INET6 5920 case Q_IPV6: 5921 b0 = gen_linktype(ETHERTYPE_IPV6);
|
5069 b1 = gen_cmp(off_nl + 24, BPF_B, (bpf_int32)255);
| 5922 b1 = gen_cmp(OR_NET, 24, BPF_B, (bpf_int32)255);
|
5070 gen_and(b0, b1); 5071 return b1; 5072#endif /* INET6 */ 5073 } 5074 bpf_error("link-layer multicast filters supported only on ethernet/FDDI/token ring/ARCNET/802.11/ATM LANE/Fibre Channel"); 5075 /* NOTREACHED */ 5076} 5077 5078/* 5079 * generate command for inbound/outbound. It's here so we can 5080 * make it link-type specific. 'dir' = 0 implies "inbound", 5081 * = 1 implies "outbound". 5082 */ 5083struct block * 5084gen_inbound(dir) 5085 int dir; 5086{ 5087 register struct block *b0; 5088 5089 /* 5090 * Only some data link types support inbound/outbound qualifiers. 5091 */ 5092 switch (linktype) { 5093 case DLT_SLIP: 5094 b0 = gen_relation(BPF_JEQ, 5095 gen_load(Q_LINK, gen_loadi(0), 1), 5096 gen_loadi(0), 5097 dir); 5098 break; 5099 5100 case DLT_LINUX_SLL: 5101 if (dir) { 5102 /* 5103 * Match packets sent by this machine. 5104 */
| 5923 gen_and(b0, b1); 5924 return b1; 5925#endif /* INET6 */ 5926 } 5927 bpf_error("link-layer multicast filters supported only on ethernet/FDDI/token ring/ARCNET/802.11/ATM LANE/Fibre Channel"); 5928 /* NOTREACHED */ 5929} 5930 5931/* 5932 * generate command for inbound/outbound. It's here so we can 5933 * make it link-type specific. 'dir' = 0 implies "inbound", 5934 * = 1 implies "outbound". 5935 */ 5936struct block * 5937gen_inbound(dir) 5938 int dir; 5939{ 5940 register struct block *b0; 5941 5942 /* 5943 * Only some data link types support inbound/outbound qualifiers. 5944 */ 5945 switch (linktype) { 5946 case DLT_SLIP: 5947 b0 = gen_relation(BPF_JEQ, 5948 gen_load(Q_LINK, gen_loadi(0), 1), 5949 gen_loadi(0), 5950 dir); 5951 break; 5952 5953 case DLT_LINUX_SLL: 5954 if (dir) { 5955 /* 5956 * Match packets sent by this machine. 5957 */
|
5105 b0 = gen_cmp(0, BPF_H, LINUX_SLL_OUTGOING);
| 5958 b0 = gen_cmp(OR_LINK, 0, BPF_H, LINUX_SLL_OUTGOING);
|
5106 } else { 5107 /* 5108 * Match packets sent to this machine. 5109 * (No broadcast or multicast packets, or 5110 * packets sent to some other machine and 5111 * received promiscuously.) 5112 * 5113 * XXX - packets sent to other machines probably 5114 * shouldn't be matched, but what about broadcast 5115 * or multicast packets we received? 5116 */
| 5959 } else { 5960 /* 5961 * Match packets sent to this machine. 5962 * (No broadcast or multicast packets, or 5963 * packets sent to some other machine and 5964 * received promiscuously.) 5965 * 5966 * XXX - packets sent to other machines probably 5967 * shouldn't be matched, but what about broadcast 5968 * or multicast packets we received? 5969 */
|
5117 b0 = gen_cmp(0, BPF_H, LINUX_SLL_HOST);
| 5970 b0 = gen_cmp(OR_LINK, 0, BPF_H, LINUX_SLL_HOST);
|
5118 } 5119 break; 5120 5121 case DLT_PFLOG:
| 5971 } 5972 break; 5973 5974 case DLT_PFLOG:
|
5122 b0 = gen_cmp(offsetof(struct pfloghdr, dir), BPF_B,
| 5975 b0 = gen_cmp(OR_LINK, offsetof(struct pfloghdr, dir), BPF_B,
|
5123 (bpf_int32)((dir == 0) ? PF_IN : PF_OUT)); 5124 break; 5125 5126 case DLT_PPP_PPPD: 5127 if (dir) { 5128 /* match outgoing packets */
| 5976 (bpf_int32)((dir == 0) ? PF_IN : PF_OUT)); 5977 break; 5978 5979 case DLT_PPP_PPPD: 5980 if (dir) { 5981 /* match outgoing packets */
|
5129 b0 = gen_cmp(0, BPF_B, PPP_PPPD_OUT);
| 5982 b0 = gen_cmp(OR_LINK, 0, BPF_B, PPP_PPPD_OUT);
|
5130 } else { 5131 /* match incoming packets */
| 5983 } else { 5984 /* match incoming packets */
|
5132 b0 = gen_cmp(0, BPF_B, PPP_PPPD_IN);
| 5985 b0 = gen_cmp(OR_LINK, 0, BPF_B, PPP_PPPD_IN);
|
5133 } 5134 break; 5135 5136 case DLT_JUNIPER_MLFR: 5137 case DLT_JUNIPER_MLPPP: 5138 case DLT_JUNIPER_ATM1: 5139 case DLT_JUNIPER_ATM2:
| 5986 } 5987 break; 5988 5989 case DLT_JUNIPER_MLFR: 5990 case DLT_JUNIPER_MLPPP: 5991 case DLT_JUNIPER_ATM1: 5992 case DLT_JUNIPER_ATM2:
|
| 5993 case DLT_JUNIPER_PPPOE: 5994 case DLT_JUNIPER_PPPOE_ATM: 5995 case DLT_JUNIPER_GGSN: 5996 case DLT_JUNIPER_ES: 5997 case DLT_JUNIPER_MONITOR: 5998 case DLT_JUNIPER_SERVICES:
|
5140 /* juniper flags (including direction) are stored 5141 * the byte after the 3-byte magic number */ 5142 if (dir) { 5143 /* match outgoing packets */
| 5999 /* juniper flags (including direction) are stored 6000 * the byte after the 3-byte magic number */ 6001 if (dir) { 6002 /* match outgoing packets */
|
5144 b0 = gen_mcmp(3, BPF_B, 0, 0x01);
| 6003 b0 = gen_mcmp(OR_LINK, 3, BPF_B, 0, 0x01);
|
5145 } else { 5146 /* match incoming packets */
| 6004 } else { 6005 /* match incoming packets */
|
5147 b0 = gen_mcmp(3, BPF_B, 1, 0x01);
| 6006 b0 = gen_mcmp(OR_LINK, 3, BPF_B, 1, 0x01);
|
5148 } 5149 break; 5150 5151 default: 5152 bpf_error("inbound/outbound not supported on linktype %d", 5153 linktype); 5154 b0 = NULL; 5155 /* NOTREACHED */ 5156 } 5157 return (b0); 5158} 5159 5160/* PF firewall log matched interface */ 5161struct block * 5162gen_pf_ifname(const char *ifname) 5163{ 5164 struct block *b0; 5165 u_int len, off; 5166 5167 if (linktype == DLT_PFLOG) { 5168 len = sizeof(((struct pfloghdr *)0)->ifname); 5169 off = offsetof(struct pfloghdr, ifname); 5170 } else { 5171 bpf_error("ifname not supported on linktype 0x%x", linktype); 5172 /* NOTREACHED */ 5173 } 5174 if (strlen(ifname) >= len) { 5175 bpf_error("ifname interface names can only be %d characters", 5176 len-1); 5177 /* NOTREACHED */ 5178 }
| 6007 } 6008 break; 6009 6010 default: 6011 bpf_error("inbound/outbound not supported on linktype %d", 6012 linktype); 6013 b0 = NULL; 6014 /* NOTREACHED */ 6015 } 6016 return (b0); 6017} 6018 6019/* PF firewall log matched interface */ 6020struct block * 6021gen_pf_ifname(const char *ifname) 6022{ 6023 struct block *b0; 6024 u_int len, off; 6025 6026 if (linktype == DLT_PFLOG) { 6027 len = sizeof(((struct pfloghdr *)0)->ifname); 6028 off = offsetof(struct pfloghdr, ifname); 6029 } else { 6030 bpf_error("ifname not supported on linktype 0x%x", linktype); 6031 /* NOTREACHED */ 6032 } 6033 if (strlen(ifname) >= len) { 6034 bpf_error("ifname interface names can only be %d characters", 6035 len-1); 6036 /* NOTREACHED */ 6037 }
|
5179 b0 = gen_bcmp(off, strlen(ifname), (const u_char *)ifname);
| 6038 b0 = gen_bcmp(OR_LINK, off, strlen(ifname), (const u_char *)ifname);
|
5180 return (b0); 5181} 5182 5183/* PF firewall log matched interface */ 5184struct block * 5185gen_pf_ruleset(char *ruleset) 5186{ 5187 struct block *b0; 5188 5189 if (linktype != DLT_PFLOG) { 5190 bpf_error("ruleset not supported on linktype 0x%x", linktype); 5191 /* NOTREACHED */ 5192 } 5193 if (strlen(ruleset) >= sizeof(((struct pfloghdr *)0)->ruleset)) { 5194 bpf_error("ruleset names can only be %ld characters", 5195 (long)(sizeof(((struct pfloghdr *)0)->ruleset) - 1)); 5196 /* NOTREACHED */ 5197 }
| 6039 return (b0); 6040} 6041 6042/* PF firewall log matched interface */ 6043struct block * 6044gen_pf_ruleset(char *ruleset) 6045{ 6046 struct block *b0; 6047 6048 if (linktype != DLT_PFLOG) { 6049 bpf_error("ruleset not supported on linktype 0x%x", linktype); 6050 /* NOTREACHED */ 6051 } 6052 if (strlen(ruleset) >= sizeof(((struct pfloghdr *)0)->ruleset)) { 6053 bpf_error("ruleset names can only be %ld characters", 6054 (long)(sizeof(((struct pfloghdr *)0)->ruleset) - 1)); 6055 /* NOTREACHED */ 6056 }
|
5198 b0 = gen_bcmp(offsetof(struct pfloghdr, ruleset),
| 6057 b0 = gen_bcmp(OR_LINK, offsetof(struct pfloghdr, ruleset),
|
5199 strlen(ruleset), (const u_char *)ruleset); 5200 return (b0); 5201} 5202 5203/* PF firewall log rule number */ 5204struct block * 5205gen_pf_rnr(int rnr) 5206{ 5207 struct block *b0; 5208 5209 if (linktype == DLT_PFLOG) {
| 6058 strlen(ruleset), (const u_char *)ruleset); 6059 return (b0); 6060} 6061 6062/* PF firewall log rule number */ 6063struct block * 6064gen_pf_rnr(int rnr) 6065{ 6066 struct block *b0; 6067 6068 if (linktype == DLT_PFLOG) {
|
5210 b0 = gen_cmp(offsetof(struct pfloghdr, rulenr), BPF_W,
| 6069 b0 = gen_cmp(OR_LINK, offsetof(struct pfloghdr, rulenr), BPF_W,
|
5211 (bpf_int32)rnr); 5212 } else { 5213 bpf_error("rnr not supported on linktype 0x%x", linktype); 5214 /* NOTREACHED */ 5215 } 5216 5217 return (b0); 5218} 5219 5220/* PF firewall log sub-rule number */ 5221struct block * 5222gen_pf_srnr(int srnr) 5223{ 5224 struct block *b0; 5225 5226 if (linktype != DLT_PFLOG) { 5227 bpf_error("srnr not supported on linktype 0x%x", linktype); 5228 /* NOTREACHED */ 5229 } 5230
| 6070 (bpf_int32)rnr); 6071 } else { 6072 bpf_error("rnr not supported on linktype 0x%x", linktype); 6073 /* NOTREACHED */ 6074 } 6075 6076 return (b0); 6077} 6078 6079/* PF firewall log sub-rule number */ 6080struct block * 6081gen_pf_srnr(int srnr) 6082{ 6083 struct block *b0; 6084 6085 if (linktype != DLT_PFLOG) { 6086 bpf_error("srnr not supported on linktype 0x%x", linktype); 6087 /* NOTREACHED */ 6088 } 6089
|
5231 b0 = gen_cmp(offsetof(struct pfloghdr, subrulenr), BPF_W,
| 6090 b0 = gen_cmp(OR_LINK, offsetof(struct pfloghdr, subrulenr), BPF_W,
|
5232 (bpf_int32)srnr); 5233 return (b0); 5234} 5235 5236/* PF firewall log reason code */ 5237struct block * 5238gen_pf_reason(int reason) 5239{ 5240 struct block *b0; 5241 5242 if (linktype == DLT_PFLOG) {
| 6091 (bpf_int32)srnr); 6092 return (b0); 6093} 6094 6095/* PF firewall log reason code */ 6096struct block * 6097gen_pf_reason(int reason) 6098{ 6099 struct block *b0; 6100 6101 if (linktype == DLT_PFLOG) {
|
5243 b0 = gen_cmp(offsetof(struct pfloghdr, reason), BPF_B,
| 6102 b0 = gen_cmp(OR_LINK, offsetof(struct pfloghdr, reason), BPF_B,
|
5244 (bpf_int32)reason); 5245 } else { 5246 bpf_error("reason not supported on linktype 0x%x", linktype); 5247 /* NOTREACHED */ 5248 } 5249 5250 return (b0); 5251} 5252 5253/* PF firewall log action */ 5254struct block * 5255gen_pf_action(int action) 5256{ 5257 struct block *b0; 5258 5259 if (linktype == DLT_PFLOG) {
| 6103 (bpf_int32)reason); 6104 } else { 6105 bpf_error("reason not supported on linktype 0x%x", linktype); 6106 /* NOTREACHED */ 6107 } 6108 6109 return (b0); 6110} 6111 6112/* PF firewall log action */ 6113struct block * 6114gen_pf_action(int action) 6115{ 6116 struct block *b0; 6117 6118 if (linktype == DLT_PFLOG) {
|
5260 b0 = gen_cmp(offsetof(struct pfloghdr, action), BPF_B,
| 6119 b0 = gen_cmp(OR_LINK, offsetof(struct pfloghdr, action), BPF_B,
|
5261 (bpf_int32)action); 5262 } else { 5263 bpf_error("action not supported on linktype 0x%x", linktype); 5264 /* NOTREACHED */ 5265 } 5266 5267 return (b0); 5268} 5269 5270struct block * 5271gen_acode(eaddr, q) 5272 register const u_char *eaddr; 5273 struct qual q; 5274{ 5275 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) { 5276 if (linktype == DLT_ARCNET || linktype == DLT_ARCNET_LINUX) 5277 return gen_ahostop(eaddr, (int)q.dir); 5278 } 5279 bpf_error("ARCnet address used in non-arc expression"); 5280 /* NOTREACHED */ 5281} 5282 5283static struct block * 5284gen_ahostop(eaddr, dir) 5285 register const u_char *eaddr; 5286 register int dir; 5287{ 5288 register struct block *b0, *b1; 5289 5290 switch (dir) { 5291 /* src comes first, different from Ethernet */ 5292 case Q_SRC:
| 6120 (bpf_int32)action); 6121 } else { 6122 bpf_error("action not supported on linktype 0x%x", linktype); 6123 /* NOTREACHED */ 6124 } 6125 6126 return (b0); 6127} 6128 6129struct block * 6130gen_acode(eaddr, q) 6131 register const u_char *eaddr; 6132 struct qual q; 6133{ 6134 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) { 6135 if (linktype == DLT_ARCNET || linktype == DLT_ARCNET_LINUX) 6136 return gen_ahostop(eaddr, (int)q.dir); 6137 } 6138 bpf_error("ARCnet address used in non-arc expression"); 6139 /* NOTREACHED */ 6140} 6141 6142static struct block * 6143gen_ahostop(eaddr, dir) 6144 register const u_char *eaddr; 6145 register int dir; 6146{ 6147 register struct block *b0, *b1; 6148 6149 switch (dir) { 6150 /* src comes first, different from Ethernet */ 6151 case Q_SRC:
|
5293 return gen_bcmp(0, 1, eaddr);
| 6152 return gen_bcmp(OR_LINK, 0, 1, eaddr);
|
5294 5295 case Q_DST:
| 6153 6154 case Q_DST:
|
5296 return gen_bcmp(1, 1, eaddr);
| 6155 return gen_bcmp(OR_LINK, 1, 1, eaddr);
|
5297 5298 case Q_AND: 5299 b0 = gen_ahostop(eaddr, Q_SRC); 5300 b1 = gen_ahostop(eaddr, Q_DST); 5301 gen_and(b0, b1); 5302 return b1; 5303 5304 case Q_DEFAULT: 5305 case Q_OR: 5306 b0 = gen_ahostop(eaddr, Q_SRC); 5307 b1 = gen_ahostop(eaddr, Q_DST); 5308 gen_or(b0, b1); 5309 return b1; 5310 } 5311 abort(); 5312 /* NOTREACHED */ 5313} 5314 5315/* 5316 * support IEEE 802.1Q VLAN trunk over ethernet 5317 */ 5318struct block * 5319gen_vlan(vlan_num) 5320 int vlan_num; 5321{ 5322 struct block *b0; 5323 5324 /* 5325 * Change the offsets to point to the type and data fields within
| 6156 6157 case Q_AND: 6158 b0 = gen_ahostop(eaddr, Q_SRC); 6159 b1 = gen_ahostop(eaddr, Q_DST); 6160 gen_and(b0, b1); 6161 return b1; 6162 6163 case Q_DEFAULT: 6164 case Q_OR: 6165 b0 = gen_ahostop(eaddr, Q_SRC); 6166 b1 = gen_ahostop(eaddr, Q_DST); 6167 gen_or(b0, b1); 6168 return b1; 6169 } 6170 abort(); 6171 /* NOTREACHED */ 6172} 6173 6174/* 6175 * support IEEE 802.1Q VLAN trunk over ethernet 6176 */ 6177struct block * 6178gen_vlan(vlan_num) 6179 int vlan_num; 6180{ 6181 struct block *b0; 6182 6183 /* 6184 * Change the offsets to point to the type and data fields within
|
5326 * the VLAN packet. This is somewhat of a kludge.
| 6185 * the VLAN packet. Just increment the offsets, so that we 6186 * can support a hierarchy, e.g. "vlan 300 && vlan 200" to 6187 * capture VLAN 200 encapsulated within VLAN 100. 6188 * 6189 * XXX - this is a bit of a kludge. If we were to split the 6190 * compiler into a parser that parses an expression and 6191 * generates an expression tree, and a code generator that 6192 * takes an expression tree (which could come from our 6193 * parser or from some other parser) and generates BPF code, 6194 * we could perhaps make the offsets parameters of routines 6195 * and, in the handler for an "AND" node, pass to subnodes 6196 * other than the VLAN node the adjusted offsets. 6197 * 6198 * This would mean that "vlan" would, instead of changing the 6199 * behavior of *all* tests after it, change only the behavior 6200 * of tests ANDed with it. That would change the documented 6201 * semantics of "vlan", which might break some expressions. 6202 * However, it would mean that "(vlan and ip) or ip" would check 6203 * both for VLAN-encapsulated IP and IP-over-Ethernet, rather than 6204 * checking only for VLAN-encapsulated IP, so that could still 6205 * be considered worth doing; it wouldn't break expressions 6206 * that are of the form "vlan and ..." or "vlan N and ...", 6207 * which I suspect are the most common expressions involving 6208 * "vlan". "vlan or ..." doesn't necessarily do what the user 6209 * would really want, now, as all the "or ..." tests would 6210 * be done assuming a VLAN, even though the "or" could be viewed 6211 * as meaning "or, if this isn't a VLAN packet...".
|
5327 */
| 6212 */
|
5328 if (orig_nl == (u_int)-1) { 5329 orig_linktype = off_linktype; /* save original values */ 5330 orig_nl = off_nl; 5331 orig_nl_nosnap = off_nl_nosnap;
| 6213 orig_linktype = off_linktype; /* save original values */ 6214 orig_nl = off_nl;
|
5332
| 6215
|
5333 switch (linktype) {
| 6216 switch (linktype) {
|
5334
| 6217
|
5335 case DLT_EN10MB: 5336 off_linktype = 16; 5337 off_nl_nosnap = 18; 5338 off_nl = 18; 5339 break;
| 6218 case DLT_EN10MB: 6219 off_linktype += 4; 6220 off_nl_nosnap += 4; 6221 off_nl += 4; 6222 break;
|
5340
| 6223
|
5341 default: 5342 bpf_error("no VLAN support for data link type %d", 5343 linktype); 5344 /*NOTREACHED*/ 5345 } 5346 }
| 6224 default: 6225 bpf_error("no VLAN support for data link type %d", 6226 linktype); 6227 /*NOTREACHED*/ 6228 }
|
5347 5348 /* check for VLAN */
| 6229 6230 /* check for VLAN */
|
5349 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q);
| 6231 b0 = gen_cmp(OR_LINK, orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q);
|
5350 5351 /* If a specific VLAN is requested, check VLAN id */ 5352 if (vlan_num >= 0) { 5353 struct block *b1; 5354
| 6232 6233 /* If a specific VLAN is requested, check VLAN id */ 6234 if (vlan_num >= 0) { 6235 struct block *b1; 6236
|
5355 b1 = gen_mcmp(orig_nl, BPF_H, (bpf_int32)vlan_num, 0x0fff);
| 6237 b1 = gen_mcmp(OR_LINK, orig_nl, BPF_H, (bpf_int32)vlan_num, 6238 0x0fff);
|
5356 gen_and(b0, b1); 5357 b0 = b1; 5358 } 5359 5360 return (b0); 5361} 5362 5363/* 5364 * support for MPLS 5365 */ 5366struct block * 5367gen_mpls(label_num) 5368 int label_num; 5369{ 5370 struct block *b0; 5371 5372 /* 5373 * Change the offsets to point to the type and data fields within
| 6239 gen_and(b0, b1); 6240 b0 = b1; 6241 } 6242 6243 return (b0); 6244} 6245 6246/* 6247 * support for MPLS 6248 */ 6249struct block * 6250gen_mpls(label_num) 6251 int label_num; 6252{ 6253 struct block *b0; 6254 6255 /* 6256 * Change the offsets to point to the type and data fields within
|
5374 * the MPLS packet. This is somewhat of a kludge.
| 6257 * the MPLS packet. Just increment the offsets, so that we 6258 * can support a hierarchy, e.g. "mpls 100000 && mpls 1024" to 6259 * capture packets with an outer label of 100000 and an inner 6260 * label of 1024. 6261 * 6262 * XXX - this is a bit of a kludge. See comments in gen_vlan().
|
5375 */
| 6263 */
|
5376 if (orig_nl == (u_int)-1) { 5377 orig_linktype = off_linktype; /* save original values */ 5378 orig_nl = off_nl; 5379 orig_nl_nosnap = off_nl_nosnap;
| 6264 orig_linktype = off_linktype; /* save original values */ 6265 orig_nl = off_nl;
|
5380
| 6266
|
5381 switch (linktype) {
| 6267 switch (linktype) { 6268 6269 case DLT_C_HDLC: /* fall through */ 6270 case DLT_EN10MB: 6271 off_nl_nosnap += 4; 6272 off_nl += 4; 6273 6274 b0 = gen_cmp(OR_LINK, orig_linktype, BPF_H, 6275 (bpf_int32)ETHERTYPE_MPLS); 6276 break;
|
5382
| 6277
|
5383 case DLT_EN10MB: 5384 off_linktype = 16; 5385 off_nl_nosnap = 18; 5386 off_nl = 18;
| 6278 case DLT_PPP: 6279 off_nl_nosnap += 4; 6280 off_nl += 4;
|
5387
| 6281
|
5388 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_MPLS); 5389 break;
| 6282 b0 = gen_cmp(OR_LINK, orig_linktype, BPF_H, 6283 (bpf_int32)PPP_MPLS_UCAST); 6284 break;
|
5390
| 6285
|
5391 case DLT_PPP: 5392 off_linktype = 6; 5393 off_nl_nosnap = 8; 5394 off_nl = 8;
| 6286 /* FIXME add other DLT_s ... 6287 * for Frame-Relay/and ATM this may get messy due to SNAP headers 6288 * leave it for now */
|
5395
| 6289
|
5396 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)PPP_MPLS_UCAST); 5397 break;
| 6290 default: 6291 bpf_error("no MPLS support for data link type %d", 6292 linktype); 6293 b0 = NULL; 6294 /*NOTREACHED*/ 6295 break; 6296 }
|
5398
| 6297
|
5399 case DLT_C_HDLC: 5400 off_linktype = 6; 5401 off_nl_nosnap = 8; 5402 off_nl = 8; 5403 5404 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_MPLS); 5405 break; 5406 5407 /* FIXME add other DLT_s ... 5408 * for Frame-Relay/and ATM this may get messy due to SNAP headers 5409 * leave it for now */ 5410 5411 default: 5412 bpf_error("no MPLS support for data link type %d", 5413 linktype); 5414 b0 = NULL; 5415 /*NOTREACHED*/ 5416 } 5417 } else { 5418 bpf_error("'mpls' can't be combined with 'vlan' or another 'mpls'"); 5419 b0 = NULL; 5420 /*NOTREACHED*/ 5421 } 5422
| |
5423 /* If a specific MPLS label is requested, check it */ 5424 if (label_num >= 0) { 5425 struct block *b1; 5426 5427 label_num = label_num << 12; /* label is shifted 12 bits on the wire */
| 6298 /* If a specific MPLS label is requested, check it */ 6299 if (label_num >= 0) { 6300 struct block *b1; 6301 6302 label_num = label_num << 12; /* label is shifted 12 bits on the wire */
|
5428 b1 = gen_mcmp(orig_nl, BPF_W, (bpf_int32)label_num, 0xfffff000); /* only compare the first 20 bits */
| 6303 b1 = gen_mcmp(OR_LINK, orig_nl, BPF_W, (bpf_int32)label_num, 6304 0xfffff000); /* only compare the first 20 bits */
|
5429 gen_and(b0, b1); 5430 b0 = b1; 5431 } 5432 5433 return (b0); 5434} 5435 5436struct block * 5437gen_atmfield_code(atmfield, jvalue, jtype, reverse) 5438 int atmfield;
| 6305 gen_and(b0, b1); 6306 b0 = b1; 6307 } 6308 6309 return (b0); 6310} 6311 6312struct block * 6313gen_atmfield_code(atmfield, jvalue, jtype, reverse) 6314 int atmfield;
|
5439 bpf_u_int32 jvalue;
| 6315 bpf_int32 jvalue;
|
5440 bpf_u_int32 jtype; 5441 int reverse; 5442{ 5443 struct block *b0; 5444 5445 switch (atmfield) { 5446 5447 case A_VPI: 5448 if (!is_atm) 5449 bpf_error("'vpi' supported only on raw ATM"); 5450 if (off_vpi == (u_int)-1) 5451 abort();
| 6316 bpf_u_int32 jtype; 6317 int reverse; 6318{ 6319 struct block *b0; 6320 6321 switch (atmfield) { 6322 6323 case A_VPI: 6324 if (!is_atm) 6325 bpf_error("'vpi' supported only on raw ATM"); 6326 if (off_vpi == (u_int)-1) 6327 abort();
|
5452 b0 = gen_ncmp(BPF_B, off_vpi, 0xffffffff, (u_int)jtype, 5453 (u_int)jvalue, reverse);
| 6328 b0 = gen_ncmp(OR_LINK, off_vpi, BPF_B, 0xffffffff, jtype, 6329 reverse, jvalue);
|
5454 break; 5455 5456 case A_VCI: 5457 if (!is_atm) 5458 bpf_error("'vci' supported only on raw ATM"); 5459 if (off_vci == (u_int)-1) 5460 abort();
| 6330 break; 6331 6332 case A_VCI: 6333 if (!is_atm) 6334 bpf_error("'vci' supported only on raw ATM"); 6335 if (off_vci == (u_int)-1) 6336 abort();
|
5461 b0 = gen_ncmp(BPF_H, off_vci, 0xffffffff, (u_int)jtype, 5462 (u_int)jvalue, reverse);
| 6337 b0 = gen_ncmp(OR_LINK, off_vci, BPF_H, 0xffffffff, jtype, 6338 reverse, jvalue);
|
5463 break; 5464 5465 case A_PROTOTYPE: 5466 if (off_proto == (u_int)-1) 5467 abort(); /* XXX - this isn't on FreeBSD */
| 6339 break; 6340 6341 case A_PROTOTYPE: 6342 if (off_proto == (u_int)-1) 6343 abort(); /* XXX - this isn't on FreeBSD */
|
5468 b0 = gen_ncmp(BPF_B, off_proto, 0x0f, (u_int)jtype, 5469 (u_int)jvalue, reverse);
| 6344 b0 = gen_ncmp(OR_LINK, off_proto, BPF_B, 0x0f, jtype, 6345 reverse, jvalue);
|
5470 break; 5471 5472 case A_MSGTYPE: 5473 if (off_payload == (u_int)-1) 5474 abort();
| 6346 break; 6347 6348 case A_MSGTYPE: 6349 if (off_payload == (u_int)-1) 6350 abort();
|
5475 b0 = gen_ncmp(BPF_B, off_payload + MSG_TYPE_POS, 0xffffffff, 5476 (u_int)jtype, (u_int)jvalue, reverse);
| 6351 b0 = gen_ncmp(OR_LINK, off_payload + MSG_TYPE_POS, BPF_B, 6352 0xffffffff, jtype, reverse, jvalue);
|
5477 break; 5478 5479 case A_CALLREFTYPE: 5480 if (!is_atm) 5481 bpf_error("'callref' supported only on raw ATM"); 5482 if (off_proto == (u_int)-1) 5483 abort();
| 6353 break; 6354 6355 case A_CALLREFTYPE: 6356 if (!is_atm) 6357 bpf_error("'callref' supported only on raw ATM"); 6358 if (off_proto == (u_int)-1) 6359 abort();
|
5484 b0 = gen_ncmp(BPF_B, off_proto, 0xffffffff, (u_int)jtype, 5485 (u_int)jvalue, reverse);
| 6360 b0 = gen_ncmp(OR_LINK, off_proto, BPF_B, 0xffffffff, 6361 jtype, reverse, jvalue);
|
5486 break; 5487 5488 default: 5489 abort(); 5490 } 5491 return b0; 5492} 5493 5494struct block * 5495gen_atmtype_abbrev(type) 5496 int type; 5497{ 5498 struct block *b0, *b1; 5499 5500 switch (type) { 5501 5502 case A_METAC: 5503 /* Get all packets in Meta signalling Circuit */ 5504 if (!is_atm) 5505 bpf_error("'metac' supported only on raw ATM"); 5506 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0); 5507 b1 = gen_atmfield_code(A_VCI, 1, BPF_JEQ, 0); 5508 gen_and(b0, b1); 5509 break; 5510 5511 case A_BCC: 5512 /* Get all packets in Broadcast Circuit*/ 5513 if (!is_atm) 5514 bpf_error("'bcc' supported only on raw ATM"); 5515 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0); 5516 b1 = gen_atmfield_code(A_VCI, 2, BPF_JEQ, 0); 5517 gen_and(b0, b1); 5518 break; 5519 5520 case A_OAMF4SC: 5521 /* Get all cells in Segment OAM F4 circuit*/ 5522 if (!is_atm) 5523 bpf_error("'oam4sc' supported only on raw ATM"); 5524 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0); 5525 b1 = gen_atmfield_code(A_VCI, 3, BPF_JEQ, 0); 5526 gen_and(b0, b1); 5527 break; 5528 5529 case A_OAMF4EC: 5530 /* Get all cells in End-to-End OAM F4 Circuit*/ 5531 if (!is_atm) 5532 bpf_error("'oam4ec' supported only on raw ATM"); 5533 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0); 5534 b1 = gen_atmfield_code(A_VCI, 4, BPF_JEQ, 0); 5535 gen_and(b0, b1); 5536 break; 5537 5538 case A_SC: 5539 /* Get all packets in connection Signalling Circuit */ 5540 if (!is_atm) 5541 bpf_error("'sc' supported only on raw ATM"); 5542 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0); 5543 b1 = gen_atmfield_code(A_VCI, 5, BPF_JEQ, 0); 5544 gen_and(b0, b1); 5545 break; 5546 5547 case A_ILMIC: 5548 /* Get all packets in ILMI Circuit */ 5549 if (!is_atm) 5550 bpf_error("'ilmic' supported only on raw ATM"); 5551 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0); 5552 b1 = gen_atmfield_code(A_VCI, 16, BPF_JEQ, 0); 5553 gen_and(b0, b1); 5554 break; 5555 5556 case A_LANE: 5557 /* Get all LANE packets */ 5558 if (!is_atm) 5559 bpf_error("'lane' supported only on raw ATM"); 5560 b1 = gen_atmfield_code(A_PROTOTYPE, PT_LANE, BPF_JEQ, 0); 5561 5562 /* 5563 * Arrange that all subsequent tests assume LANE 5564 * rather than LLC-encapsulated packets, and set 5565 * the offsets appropriately for LANE-encapsulated 5566 * Ethernet. 5567 * 5568 * "off_mac" is the offset of the Ethernet header, 5569 * which is 2 bytes past the ATM pseudo-header 5570 * (skipping the pseudo-header and 2-byte LE Client 5571 * field). The other offsets are Ethernet offsets 5572 * relative to "off_mac". 5573 */ 5574 is_lane = 1; 5575 off_mac = off_payload + 2; /* MAC header */ 5576 off_linktype = off_mac + 12; 5577 off_nl = off_mac + 14; /* Ethernet II */ 5578 off_nl_nosnap = off_mac + 17; /* 802.3+802.2 */ 5579 break; 5580 5581 case A_LLC: 5582 /* Get all LLC-encapsulated packets */ 5583 if (!is_atm) 5584 bpf_error("'llc' supported only on raw ATM"); 5585 b1 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0); 5586 is_lane = 0; 5587 break; 5588 5589 default: 5590 abort(); 5591 } 5592 return b1; 5593} 5594
| 6362 break; 6363 6364 default: 6365 abort(); 6366 } 6367 return b0; 6368} 6369 6370struct block * 6371gen_atmtype_abbrev(type) 6372 int type; 6373{ 6374 struct block *b0, *b1; 6375 6376 switch (type) { 6377 6378 case A_METAC: 6379 /* Get all packets in Meta signalling Circuit */ 6380 if (!is_atm) 6381 bpf_error("'metac' supported only on raw ATM"); 6382 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0); 6383 b1 = gen_atmfield_code(A_VCI, 1, BPF_JEQ, 0); 6384 gen_and(b0, b1); 6385 break; 6386 6387 case A_BCC: 6388 /* Get all packets in Broadcast Circuit*/ 6389 if (!is_atm) 6390 bpf_error("'bcc' supported only on raw ATM"); 6391 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0); 6392 b1 = gen_atmfield_code(A_VCI, 2, BPF_JEQ, 0); 6393 gen_and(b0, b1); 6394 break; 6395 6396 case A_OAMF4SC: 6397 /* Get all cells in Segment OAM F4 circuit*/ 6398 if (!is_atm) 6399 bpf_error("'oam4sc' supported only on raw ATM"); 6400 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0); 6401 b1 = gen_atmfield_code(A_VCI, 3, BPF_JEQ, 0); 6402 gen_and(b0, b1); 6403 break; 6404 6405 case A_OAMF4EC: 6406 /* Get all cells in End-to-End OAM F4 Circuit*/ 6407 if (!is_atm) 6408 bpf_error("'oam4ec' supported only on raw ATM"); 6409 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0); 6410 b1 = gen_atmfield_code(A_VCI, 4, BPF_JEQ, 0); 6411 gen_and(b0, b1); 6412 break; 6413 6414 case A_SC: 6415 /* Get all packets in connection Signalling Circuit */ 6416 if (!is_atm) 6417 bpf_error("'sc' supported only on raw ATM"); 6418 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0); 6419 b1 = gen_atmfield_code(A_VCI, 5, BPF_JEQ, 0); 6420 gen_and(b0, b1); 6421 break; 6422 6423 case A_ILMIC: 6424 /* Get all packets in ILMI Circuit */ 6425 if (!is_atm) 6426 bpf_error("'ilmic' supported only on raw ATM"); 6427 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0); 6428 b1 = gen_atmfield_code(A_VCI, 16, BPF_JEQ, 0); 6429 gen_and(b0, b1); 6430 break; 6431 6432 case A_LANE: 6433 /* Get all LANE packets */ 6434 if (!is_atm) 6435 bpf_error("'lane' supported only on raw ATM"); 6436 b1 = gen_atmfield_code(A_PROTOTYPE, PT_LANE, BPF_JEQ, 0); 6437 6438 /* 6439 * Arrange that all subsequent tests assume LANE 6440 * rather than LLC-encapsulated packets, and set 6441 * the offsets appropriately for LANE-encapsulated 6442 * Ethernet. 6443 * 6444 * "off_mac" is the offset of the Ethernet header, 6445 * which is 2 bytes past the ATM pseudo-header 6446 * (skipping the pseudo-header and 2-byte LE Client 6447 * field). The other offsets are Ethernet offsets 6448 * relative to "off_mac". 6449 */ 6450 is_lane = 1; 6451 off_mac = off_payload + 2; /* MAC header */ 6452 off_linktype = off_mac + 12; 6453 off_nl = off_mac + 14; /* Ethernet II */ 6454 off_nl_nosnap = off_mac + 17; /* 802.3+802.2 */ 6455 break; 6456 6457 case A_LLC: 6458 /* Get all LLC-encapsulated packets */ 6459 if (!is_atm) 6460 bpf_error("'llc' supported only on raw ATM"); 6461 b1 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0); 6462 is_lane = 0; 6463 break; 6464 6465 default: 6466 abort(); 6467 } 6468 return b1; 6469} 6470
|
| 6471struct block * 6472gen_mtp3field_code(mtp3field, jvalue, jtype, reverse) 6473 int mtp3field; 6474 bpf_u_int32 jvalue; 6475 bpf_u_int32 jtype; 6476 int reverse; 6477{ 6478 struct block *b0; 6479 bpf_u_int32 val1 , val2 , val3;
|
5595
| 6480
|
| 6481 switch (mtp3field) { 6482 6483 case M_SIO: 6484 if (off_sio == (u_int)-1) 6485 bpf_error("'sio' supported only on SS7"); 6486 /* sio coded on 1 byte so max value 255 */ 6487 if(jvalue > 255) 6488 bpf_error("sio value %u too big; max value = 255", 6489 jvalue); 6490 b0 = gen_ncmp(OR_PACKET, off_sio, BPF_B, 0xffffffff, 6491 (u_int)jtype, reverse, (u_int)jvalue); 6492 break; 6493 6494 case M_OPC: 6495 if (off_opc == (u_int)-1) 6496 bpf_error("'opc' supported only on SS7"); 6497 /* opc coded on 14 bits so max value 16383 */ 6498 if (jvalue > 16383) 6499 bpf_error("opc value %u too big; max value = 16383", 6500 jvalue); 6501 /* the following instructions are made to convert jvalue 6502 * to the form used to write opc in an ss7 message*/ 6503 val1 = jvalue & 0x00003c00; 6504 val1 = val1 >>10; 6505 val2 = jvalue & 0x000003fc; 6506 val2 = val2 <<6; 6507 val3 = jvalue & 0x00000003; 6508 val3 = val3 <<22; 6509 jvalue = val1 + val2 + val3; 6510 b0 = gen_ncmp(OR_PACKET, off_opc, BPF_W, 0x00c0ff0f, 6511 (u_int)jtype, reverse, (u_int)jvalue); 6512 break; 6513 6514 case M_DPC: 6515 if (off_dpc == (u_int)-1) 6516 bpf_error("'dpc' supported only on SS7"); 6517 /* dpc coded on 14 bits so max value 16383 */ 6518 if (jvalue > 16383) 6519 bpf_error("dpc value %u too big; max value = 16383", 6520 jvalue); 6521 /* the following instructions are made to convert jvalue 6522 * to the forme used to write dpc in an ss7 message*/ 6523 val1 = jvalue & 0x000000ff; 6524 val1 = val1 << 24; 6525 val2 = jvalue & 0x00003f00; 6526 val2 = val2 << 8; 6527 jvalue = val1 + val2; 6528 b0 = gen_ncmp(OR_PACKET, off_dpc, BPF_W, 0xff3f0000, 6529 (u_int)jtype, reverse, (u_int)jvalue); 6530 break; 6531 6532 case M_SLS: 6533 if (off_sls == (u_int)-1) 6534 bpf_error("'sls' supported only on SS7"); 6535 /* sls coded on 4 bits so max value 15 */ 6536 if (jvalue > 15) 6537 bpf_error("sls value %u too big; max value = 15", 6538 jvalue); 6539 /* the following instruction is made to convert jvalue 6540 * to the forme used to write sls in an ss7 message*/ 6541 jvalue = jvalue << 4; 6542 b0 = gen_ncmp(OR_PACKET, off_sls, BPF_B, 0xf0, 6543 (u_int)jtype,reverse, (u_int)jvalue); 6544 break; 6545 6546 default: 6547 abort(); 6548 } 6549 return b0; 6550} 6551
|
5596static struct block * 5597gen_msg_abbrev(type) 5598 int type; 5599{ 5600 struct block *b1; 5601 5602 /* 5603 * Q.2931 signalling protocol messages for handling virtual circuits 5604 * establishment and teardown 5605 */ 5606 switch (type) { 5607 5608 case A_SETUP: 5609 b1 = gen_atmfield_code(A_MSGTYPE, SETUP, BPF_JEQ, 0); 5610 break; 5611 5612 case A_CALLPROCEED: 5613 b1 = gen_atmfield_code(A_MSGTYPE, CALL_PROCEED, BPF_JEQ, 0); 5614 break; 5615 5616 case A_CONNECT: 5617 b1 = gen_atmfield_code(A_MSGTYPE, CONNECT, BPF_JEQ, 0); 5618 break; 5619 5620 case A_CONNECTACK: 5621 b1 = gen_atmfield_code(A_MSGTYPE, CONNECT_ACK, BPF_JEQ, 0); 5622 break; 5623 5624 case A_RELEASE: 5625 b1 = gen_atmfield_code(A_MSGTYPE, RELEASE, BPF_JEQ, 0); 5626 break; 5627 5628 case A_RELEASE_DONE: 5629 b1 = gen_atmfield_code(A_MSGTYPE, RELEASE_DONE, BPF_JEQ, 0); 5630 break; 5631 5632 default: 5633 abort(); 5634 } 5635 return b1; 5636} 5637 5638struct block * 5639gen_atmmulti_abbrev(type) 5640 int type; 5641{ 5642 struct block *b0, *b1; 5643 5644 switch (type) { 5645 5646 case A_OAM: 5647 if (!is_atm) 5648 bpf_error("'oam' supported only on raw ATM"); 5649 b1 = gen_atmmulti_abbrev(A_OAMF4); 5650 break; 5651 5652 case A_OAMF4: 5653 if (!is_atm) 5654 bpf_error("'oamf4' supported only on raw ATM"); 5655 /* OAM F4 type */ 5656 b0 = gen_atmfield_code(A_VCI, 3, BPF_JEQ, 0); 5657 b1 = gen_atmfield_code(A_VCI, 4, BPF_JEQ, 0); 5658 gen_or(b0, b1); 5659 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0); 5660 gen_and(b0, b1); 5661 break; 5662 5663 case A_CONNECTMSG: 5664 /* 5665 * Get Q.2931 signalling messages for switched 5666 * virtual connection 5667 */ 5668 if (!is_atm) 5669 bpf_error("'connectmsg' supported only on raw ATM"); 5670 b0 = gen_msg_abbrev(A_SETUP); 5671 b1 = gen_msg_abbrev(A_CALLPROCEED); 5672 gen_or(b0, b1); 5673 b0 = gen_msg_abbrev(A_CONNECT); 5674 gen_or(b0, b1); 5675 b0 = gen_msg_abbrev(A_CONNECTACK); 5676 gen_or(b0, b1); 5677 b0 = gen_msg_abbrev(A_RELEASE); 5678 gen_or(b0, b1); 5679 b0 = gen_msg_abbrev(A_RELEASE_DONE); 5680 gen_or(b0, b1); 5681 b0 = gen_atmtype_abbrev(A_SC); 5682 gen_and(b0, b1); 5683 break; 5684 5685 case A_METACONNECT: 5686 if (!is_atm) 5687 bpf_error("'metaconnect' supported only on raw ATM"); 5688 b0 = gen_msg_abbrev(A_SETUP); 5689 b1 = gen_msg_abbrev(A_CALLPROCEED); 5690 gen_or(b0, b1); 5691 b0 = gen_msg_abbrev(A_CONNECT); 5692 gen_or(b0, b1); 5693 b0 = gen_msg_abbrev(A_RELEASE); 5694 gen_or(b0, b1); 5695 b0 = gen_msg_abbrev(A_RELEASE_DONE); 5696 gen_or(b0, b1); 5697 b0 = gen_atmtype_abbrev(A_METAC); 5698 gen_and(b0, b1); 5699 break; 5700 5701 default: 5702 abort(); 5703 } 5704 return b1; 5705}
| 6552static struct block * 6553gen_msg_abbrev(type) 6554 int type; 6555{ 6556 struct block *b1; 6557 6558 /* 6559 * Q.2931 signalling protocol messages for handling virtual circuits 6560 * establishment and teardown 6561 */ 6562 switch (type) { 6563 6564 case A_SETUP: 6565 b1 = gen_atmfield_code(A_MSGTYPE, SETUP, BPF_JEQ, 0); 6566 break; 6567 6568 case A_CALLPROCEED: 6569 b1 = gen_atmfield_code(A_MSGTYPE, CALL_PROCEED, BPF_JEQ, 0); 6570 break; 6571 6572 case A_CONNECT: 6573 b1 = gen_atmfield_code(A_MSGTYPE, CONNECT, BPF_JEQ, 0); 6574 break; 6575 6576 case A_CONNECTACK: 6577 b1 = gen_atmfield_code(A_MSGTYPE, CONNECT_ACK, BPF_JEQ, 0); 6578 break; 6579 6580 case A_RELEASE: 6581 b1 = gen_atmfield_code(A_MSGTYPE, RELEASE, BPF_JEQ, 0); 6582 break; 6583 6584 case A_RELEASE_DONE: 6585 b1 = gen_atmfield_code(A_MSGTYPE, RELEASE_DONE, BPF_JEQ, 0); 6586 break; 6587 6588 default: 6589 abort(); 6590 } 6591 return b1; 6592} 6593 6594struct block * 6595gen_atmmulti_abbrev(type) 6596 int type; 6597{ 6598 struct block *b0, *b1; 6599 6600 switch (type) { 6601 6602 case A_OAM: 6603 if (!is_atm) 6604 bpf_error("'oam' supported only on raw ATM"); 6605 b1 = gen_atmmulti_abbrev(A_OAMF4); 6606 break; 6607 6608 case A_OAMF4: 6609 if (!is_atm) 6610 bpf_error("'oamf4' supported only on raw ATM"); 6611 /* OAM F4 type */ 6612 b0 = gen_atmfield_code(A_VCI, 3, BPF_JEQ, 0); 6613 b1 = gen_atmfield_code(A_VCI, 4, BPF_JEQ, 0); 6614 gen_or(b0, b1); 6615 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0); 6616 gen_and(b0, b1); 6617 break; 6618 6619 case A_CONNECTMSG: 6620 /* 6621 * Get Q.2931 signalling messages for switched 6622 * virtual connection 6623 */ 6624 if (!is_atm) 6625 bpf_error("'connectmsg' supported only on raw ATM"); 6626 b0 = gen_msg_abbrev(A_SETUP); 6627 b1 = gen_msg_abbrev(A_CALLPROCEED); 6628 gen_or(b0, b1); 6629 b0 = gen_msg_abbrev(A_CONNECT); 6630 gen_or(b0, b1); 6631 b0 = gen_msg_abbrev(A_CONNECTACK); 6632 gen_or(b0, b1); 6633 b0 = gen_msg_abbrev(A_RELEASE); 6634 gen_or(b0, b1); 6635 b0 = gen_msg_abbrev(A_RELEASE_DONE); 6636 gen_or(b0, b1); 6637 b0 = gen_atmtype_abbrev(A_SC); 6638 gen_and(b0, b1); 6639 break; 6640 6641 case A_METACONNECT: 6642 if (!is_atm) 6643 bpf_error("'metaconnect' supported only on raw ATM"); 6644 b0 = gen_msg_abbrev(A_SETUP); 6645 b1 = gen_msg_abbrev(A_CALLPROCEED); 6646 gen_or(b0, b1); 6647 b0 = gen_msg_abbrev(A_CONNECT); 6648 gen_or(b0, b1); 6649 b0 = gen_msg_abbrev(A_RELEASE); 6650 gen_or(b0, b1); 6651 b0 = gen_msg_abbrev(A_RELEASE_DONE); 6652 gen_or(b0, b1); 6653 b0 = gen_atmtype_abbrev(A_METAC); 6654 gen_and(b0, b1); 6655 break; 6656 6657 default: 6658 abort(); 6659 } 6660 return b1; 6661}
|