Cross Reference: /freebsd-10.0-release/contrib/libpcap/gencode.c

Deleted Added

sdiff udiff text old ( 122029 ) new ( 127667 )

full compact

gencode.c (122029)	gencode.c (127667)
1/#define CHASE_CHAIN/ 2/* 3 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998 4 * The Regents of the University of California. All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that: (1) source code distributions 8 * retain the above copyright notice and this paragraph in its entirety, (2) --- 5 unchanged lines hidden (view full) --- 14 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 15 * the University nor the names of its contributors may be used to endorse 16 * or promote products derived from this software without specific prior 17 * written permission. 18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 19 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 20 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 21 *	1/#define CHASE_CHAIN/ 2/* 3 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998 4 * The Regents of the University of California. All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that: (1) source code distributions 8 * retain the above copyright notice and this paragraph in its entirety, (2) --- 5 unchanged lines hidden (view full) --- 14 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 15 * the University nor the names of its contributors may be used to endorse 16 * or promote products derived from this software without specific prior 17 * written permission. 18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 19 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 20 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 21 *
22 * $FreeBSD: head/contrib/libpcap/gencode.c 122029 2003-11-04 06:12:21Z green $	22 * $FreeBSD: head/contrib/libpcap/gencode.c 127667 2004-03-31 09:15:09Z bms $
23 */ 24#ifndef lint	23 */ 24#ifndef lint
25static const char rcsid[] = 26 "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.160 2001/11/30 07:25:48 guy Exp $ (LBL)";	25static const char rcsid[] _U_ = 26 "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.193.2.8 2004/03/29 20:53:47 guy Exp $ (LBL)";
27#endif 28 29#ifdef HAVE_CONFIG_H 30#include "config.h" 31#endif 32	27#endif 28 29#ifdef HAVE_CONFIG_H 30#include "config.h" 31#endif 32
	33#ifdef WIN32 34#include <pcap-stdinc.h> 35#else /* WIN32 */
33#include <sys/types.h> 34#include <sys/socket.h> 35#include <sys/time.h>	36#include <sys/types.h> 37#include <sys/socket.h> 38#include <sys/time.h>
	39#endif /* WIN32 / 40 41/ 42 * XXX - why was this included even on UNIX? 43 */ 44#ifdef __MINGW32__ 45#include "IP6_misc.h" 46#endif 47 48#ifndef WIN32 49
36#ifdef __NetBSD__ 37#include <sys/param.h> 38#endif 39	50#ifdef __NetBSD__ 51#include <sys/param.h> 52#endif 53
40struct mbuf; 41struct rtentry; 42#include <net/if.h> 43
44#include <netinet/in.h> 45	54#include <netinet/in.h> 55
	56#endif /* WIN32 */ 57
46#include <stdlib.h> 47#include <string.h> 48#include <memory.h> 49#include <setjmp.h> 50#include <stdarg.h> 51 52#include "pcap-int.h" 53 54#include "ethertype.h" 55#include "nlpid.h" 56#include "llc.h" 57#include "gencode.h"	58#include <stdlib.h> 59#include <string.h> 60#include <memory.h> 61#include <setjmp.h> 62#include <stdarg.h> 63 64#include "pcap-int.h" 65 66#include "ethertype.h" 67#include "nlpid.h" 68#include "llc.h" 69#include "gencode.h"
	70#include "atmuni31.h" 71#include "sunatmpos.h"
58#include "ppp.h" 59#include "sll.h" 60#include "arcnet.h"	72#include "ppp.h" 73#include "sll.h" 74#include "arcnet.h"
61#include <pcap-namedb.h>	75#include "pf.h" 76#ifndef offsetof 77#define offsetof(s, e) ((size_t)&((s *)0)->e) 78#endif
62#ifdef INET6	79#ifdef INET6
63#include <netdb.h> 64#include <sys/socket.h>	80#ifndef WIN32 81#include <netdb.h> /* for "struct addrinfo" / 82#endif / WIN32 */
65#endif /INET6/	83#endif /INET6/
	84#include <pcap-namedb.h>
66 67#undef ETHERMTU 68#define ETHERMTU 1500 69 70#ifndef IPPROTO_SCTP 71#define IPPROTO_SCTP 132 72#endif 73 74#ifdef HAVE_OS_PROTO_H 75#include "os-proto.h" 76#endif 77 78#define JMP(c) ((c)\|BPF_JMP\|BPF_K) 79 80/* Locals / 81static jmp_buf top_ctx; 82static pcap_t bpf_pcap; 83 84/* Hack for updating VLAN offsets. */	85 86#undef ETHERMTU 87#define ETHERMTU 1500 88 89#ifndef IPPROTO_SCTP 90#define IPPROTO_SCTP 132 91#endif 92 93#ifdef HAVE_OS_PROTO_H 94#include "os-proto.h" 95#endif 96 97#define JMP(c) ((c)\|BPF_JMP\|BPF_K) 98 99/* Locals / 100static jmp_buf top_ctx; 101static pcap_t bpf_pcap; 102 103/* Hack for updating VLAN offsets. */
85static u_int orig_linktype = -1, orig_nl = -1;	104static u_int orig_linktype = -1, orig_nl = -1, orig_nl_nosnap = -1;
86 87/* XXX / 88#ifdef PCAP_FDDIPAD 89int pcap_fddipad = PCAP_FDDIPAD; 90#else 91int pcap_fddipad; 92#endif 93 --- 44 unchanged lines hidden* (view full) --- 138static inline void syntax(void); 139 140static void backpatch(struct block , struct block ); 141static void merge(struct block , struct block ); 142static struct block gen_cmp(u_int, u_int, bpf_int32); 143static struct block gen_cmp_gt(u_int, u_int, bpf_int32); 144static struct block gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32); 145static struct block gen_bcmp(u_int, u_int, const u_char *);	105 106/* XXX / 107#ifdef PCAP_FDDIPAD 108int pcap_fddipad = PCAP_FDDIPAD; 109#else 110int pcap_fddipad; 111#endif 112* --- 44 unchanged lines hidden (view full) --- 157static inline void syntax(void); 158 159static void backpatch(struct block , struct block ); 160static void merge(struct block , struct block ); 161static struct block gen_cmp(u_int, u_int, bpf_int32); 162static struct block gen_cmp_gt(u_int, u_int, bpf_int32); 163static struct block gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32); 164static struct block gen_bcmp(u_int, u_int, const u_char *);
	165static struct block gen_ncmp(bpf_u_int32, bpf_u_int32, bpf_u_int32, 166* bpf_u_int32, bpf_u_int32, int);
146static struct block gen_uncond(int); 147static inline struct block gen_true(void); 148static inline struct block *gen_false(void);	167static struct block gen_uncond(int); 168static inline struct block gen_true(void); 169static inline struct block *gen_false(void);
	170static struct block *gen_ether_linktype(int);
149static struct block gen_linktype(int); 150static struct block gen_snap(bpf_u_int32, bpf_u_int32, u_int);	171static struct block gen_linktype(int); 172static struct block gen_snap(bpf_u_int32, bpf_u_int32, u_int);
	173static struct block *gen_llc(int);
151static struct block gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int); 152#ifdef INET6 153static struct block gen_hostop6(struct in6_addr , struct in6_addr , int, int, u_int, u_int); 154#endif 155static struct block gen_ahostop(const u_char , int); 156static struct block gen_ehostop(const u_char , int); 157static struct block gen_fhostop(const u_char , int); 158static struct block gen_thostop(const u_char , int);	174static struct block gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int); 175#ifdef INET6 176static struct block gen_hostop6(struct in6_addr , struct in6_addr , int, int, u_int, u_int); 177#endif 178static struct block gen_ahostop(const u_char , int); 179static struct block gen_ehostop(const u_char , int); 180static struct block gen_fhostop(const u_char , int); 181static struct block gen_thostop(const u_char , int);
159static struct block gen_whostop(const u_char , int);	182static struct block gen_wlanhostop(const u_char , int); 183static struct block gen_ipfchostop(const u_char , int);
160static struct block gen_dnhostop(bpf_u_int32, int, u_int); 161static struct block gen_host(bpf_u_int32, bpf_u_int32, int, int); 162#ifdef INET6 163static struct block gen_host6(struct in6_addr , struct in6_addr , int, int); 164#endif 165#ifndef INET6 166static struct block gen_gateway(const u_char , bpf_u_int32 , int, int); 167#endif --- 8 unchanged lines hidden* (view full) --- 176struct block gen_portop6(int, int, int); 177static struct block gen_port6(int, int, int); 178#endif 179static int lookup_proto(const char , int); 180static struct block gen_protochain(int, int, int); 181static struct block gen_proto(int, int, int); 182static struct slist xfer_to_x(struct arth ); 183static struct slist xfer_to_a(struct arth *);	184static struct block gen_dnhostop(bpf_u_int32, int, u_int); 185static struct block gen_host(bpf_u_int32, bpf_u_int32, int, int); 186#ifdef INET6 187static struct block gen_host6(struct in6_addr , struct in6_addr , int, int); 188#endif 189#ifndef INET6 190static struct block gen_gateway(const u_char , bpf_u_int32 , int, int); 191#endif --- 8 unchanged lines hidden* (view full) --- 200struct block gen_portop6(int, int, int); 201static struct block gen_port6(int, int, int); 202#endif 203static int lookup_proto(const char , int); 204static struct block gen_protochain(int, int, int); 205static struct block gen_proto(int, int, int); 206static struct slist xfer_to_x(struct arth ); 207static struct slist xfer_to_a(struct arth *);
	208static struct block *gen_mac_multicast(int);
184static struct block gen_len(int, int); 185*	209static struct block gen_len(int, int); 210*
	211static struct block gen_msg_abbrev(int type); 212*
186static void * 187newchunk(n) 188 u_int n; 189{ 190 struct chunk *cp;	213static void * 214newchunk(n) 215 u_int n; 216{ 217 struct chunk *cp;
191 int k, size;	218 int k; 219 size_t size;
192 193#ifndef __NetBSD__ 194 /* XXX Round up to nearest long. / 195* n = (n + sizeof(long) - 1) & ~(sizeof(long) - 1); 196#else 197 /* XXX Round up to structure boundary. / 198* n = ALIGN(n); 199#endif 200 201 cp = &chunks[cur_chunk]; 202 if (n > cp->n_left) { 203 ++cp, k = ++cur_chunk; 204 if (k >= NCHUNKS) 205 bpf_error("out of memory"); 206 size = CHUNK0SIZE << k; 207 cp->m = (void *)malloc(size);	220 221#ifndef __NetBSD__ 222 /* XXX Round up to nearest long. / 223* n = (n + sizeof(long) - 1) & ~(sizeof(long) - 1); 224#else 225 /* XXX Round up to structure boundary. / 226* n = ALIGN(n); 227#endif 228 229 cp = &chunks[cur_chunk]; 230 if (n > cp->n_left) { 231 ++cp, k = ++cur_chunk; 232 if (k >= NCHUNKS) 233 bpf_error("out of memory"); 234 size = CHUNK0SIZE << k; 235 cp->m = (void *)malloc(size);
	236 if (cp->m == NULL) 237 bpf_error("out of memory");
208 memset((char )cp->m, 0, size); 209* cp->n_left = size; 210 if (n > size) 211 bpf_error("out of memory"); 212 } 213 cp->n_left -= n; 214 return (void )((char )cp->m + cp->n_left); 215} --- 83 unchanged lines hidden (view full) --- 299 bpf_pcap = p; 300 if (setjmp(top_ctx)) { 301 lex_cleanup(); 302 freechunks(); 303 return (-1); 304 } 305 306 netmask = mask;	238 memset((char )cp->m, 0, size); 239* cp->n_left = size; 240 if (n > size) 241 bpf_error("out of memory"); 242 } 243 cp->n_left -= n; 244 return (void )((char )cp->m + cp->n_left); 245} --- 83 unchanged lines hidden (view full) --- 329 bpf_pcap = p; 330 if (setjmp(top_ctx)) { 331 lex_cleanup(); 332 freechunks(); 333 return (-1); 334 } 335 336 netmask = mask;
307	337
308 snaplen = pcap_snapshot(p); 309 if (snaplen == 0) { 310 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 311 "snaplen of 0 rejects all packets"); 312 return -1; 313 } 314 315 lex_init(buf ? buf : ""); --- 222 unchanged lines hidden (view full) --- 538 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]); 539 if (b != NULL) 540 gen_and(b, tmp); 541 b = tmp; 542 } 543 return b; 544} 545	338 snaplen = pcap_snapshot(p); 339 if (snaplen == 0) { 340 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 341 "snaplen of 0 rejects all packets"); 342 return -1; 343 } 344 345 lex_init(buf ? buf : ""); --- 222 unchanged lines hidden (view full) --- 568 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]); 569 if (b != NULL) 570 gen_and(b, tmp); 571 b = tmp; 572 } 573 return b; 574} 575
	576static struct block * 577gen_ncmp(datasize, offset, mask, jtype, jvalue, reverse) 578 bpf_u_int32 datasize, offset, mask, jtype, jvalue; 579 int reverse; 580{ 581 struct slist s; 582* struct block b; 583* 584 s = new_stmt(BPF_LD\|datasize\|BPF_ABS); 585 s->s.k = offset; 586 587 if (mask != 0xffffffff) { 588 s->next = new_stmt(BPF_ALU\|BPF_AND\|BPF_K); 589 s->next->s.k = mask; 590 } 591 592 b = new_block(JMP(jtype)); 593 b->stmts = s; 594 b->s.k = jvalue; 595 if (reverse && (jtype == BPF_JGT \|\| jtype == BPF_JGE)) 596 gen_not(b); 597 return b; 598} 599
546/* 547 * Various code constructs need to know the layout of the data link	600/* 601 * Various code constructs need to know the layout of the data link
548 * layer. These variables give the necessary offsets. off_linktype 549 * is set to -1 for no encapsulation, in which case, IP is assumed.	602 * layer. These variables give the necessary offsets.
550 */	603 */
	604 605/* 606 * This is the offset of the beginning of the MAC-layer header. 607 * It's usually 0, except for ATM LANE. 608 / 609static u_int off_mac; 610* 611/* 612 * "off_linktype" is the offset to information in the link-layer header 613 * giving the packet type. 614 * 615 * For Ethernet, it's the offset of the Ethernet type field. 616 * 617 * For link-layer types that always use 802.2 headers, it's the 618 * offset of the LLC header. 619 * 620 * For PPP, it's the offset of the PPP type field. 621 * 622 * For Cisco HDLC, it's the offset of the CHDLC type field. 623 * 624 * For BSD loopback, it's the offset of the AF_ value. 625 * 626 * For Linux cooked sockets, it's the offset of the type field. 627 * 628 * It's set to -1 for no encapsulation, in which case, IP is assumed. 629 */
551static u_int off_linktype;	630static u_int off_linktype;
	631 632/* 633 * TRUE if the link layer includes an ATM pseudo-header. 634 / 635static int is_atm = 0; 636* 637/* 638 * TRUE if "lane" appeared in the filter; it causes us to generate 639 * code that assumes LANE rather than LLC-encapsulated traffic in SunATM. 640 / 641static int is_lane = 0; 642* 643/* 644 * These are offsets for the ATM pseudo-header. 645 / 646static u_int off_vpi; 647static u_int off_vci; 648static u_int off_proto; 649* 650/* 651 * This is the offset of the first byte after the ATM pseudo_header, 652 * or -1 if there is no ATM pseudo-header. 653 / 654static u_int off_payload; 655* 656/* 657 * These are offsets to the beginning of the network-layer header. 658 * 659 * If the link layer never uses 802.2 LLC: 660 * 661 * "off_nl" and "off_nl_nosnap" are the same. 662 * 663 * If the link layer always uses 802.2 LLC: 664 * 665 * "off_nl" is the offset if there's a SNAP header following 666 * the 802.2 header; 667 * 668 * "off_nl_nosnap" is the offset if there's no SNAP header. 669 * 670 * If the link layer is Ethernet: 671 * 672 * "off_nl" is the offset if the packet is an Ethernet II packet 673 * (we assume no 802.3+802.2+SNAP); 674 * 675 * "off_nl_nosnap" is the offset if the packet is an 802.3 packet 676 * with an 802.2 header following it. 677 */
552static u_int off_nl;	678static u_int off_nl;
	679static u_int off_nl_nosnap; 680
553static int linktype; 554 555static void 556init_linktype(type) 557 int type; 558{ 559 linktype = type; 560	681static int linktype; 682 683static void 684init_linktype(type) 685 int type; 686{ 687 linktype = type; 688
	689 /* 690 * Assume it's not raw ATM with a pseudo-header, for now. 691 / 692* off_mac = 0; 693 is_atm = 0; 694 is_lane = 0; 695 off_vpi = -1; 696 off_vci = -1; 697 off_proto = -1; 698 off_payload = -1; 699
561 orig_linktype = -1; 562 orig_nl = -1;	700 orig_linktype = -1; 701 orig_nl = -1;
	702 orig_nl_nosnap = -1;
563 564 switch (type) { 565 566 case DLT_ARCNET: 567 off_linktype = 2;	703 704 switch (type) { 705 706 case DLT_ARCNET: 707 off_linktype = 2;
568 off_nl = 6; /* XXX in reality, variable! */	708 off_nl = 6; /* XXX in reality, variable! / 709* off_nl_nosnap = 6; /* no 802.2 LLC */
569 return; 570	710 return; 711
	712 case DLT_ARCNET_LINUX: 713 off_linktype = 4; 714 off_nl = 8; /* XXX in reality, variable! / 715* off_nl_nosnap = 8; /* no 802.2 LLC / 716* return; 717
571 case DLT_EN10MB: 572 off_linktype = 12;	718 case DLT_EN10MB: 719 off_linktype = 12;
573 off_nl = 14;	720 off_nl = 14; /* Ethernet II / 721* off_nl_nosnap = 17; /* 802.3+802.2 */
574 return; 575 576 case DLT_SLIP: 577 /* 578 * SLIP doesn't have a link level type. The 16 byte 579 * header is hacked into our SLIP driver. 580 / 581* off_linktype = -1; 582 off_nl = 16;	722 return; 723 724 case DLT_SLIP: 725 /* 726 * SLIP doesn't have a link level type. The 16 byte 727 * header is hacked into our SLIP driver. 728 / 729* off_linktype = -1; 730 off_nl = 16;
	731 off_nl_nosnap = 16; /* no 802.2 LLC */
583 return; 584 585 case DLT_SLIP_BSDOS: 586 /* XXX this may be the same as the DLT_PPP_BSDOS case / 587* off_linktype = -1; 588 /* XXX end / 589* off_nl = 24;	732 return; 733 734 case DLT_SLIP_BSDOS: 735 /* XXX this may be the same as the DLT_PPP_BSDOS case / 736* off_linktype = -1; 737 /* XXX end / 738* off_nl = 24;
	739 off_nl_nosnap = 24; /* no 802.2 LLC */
590 return; 591 592 case DLT_NULL: 593 case DLT_LOOP: 594 off_linktype = 0; 595 off_nl = 4;	740 return; 741 742 case DLT_NULL: 743 case DLT_LOOP: 744 off_linktype = 0; 745 off_nl = 4;
	746 off_nl_nosnap = 4; /* no 802.2 LLC */
596 return; 597	747 return; 748
	749 case DLT_ENC: 750 off_linktype = 0; 751 off_nl = 12; 752 off_nl_nosnap = 12; /* no 802.2 LLC / 753* return; 754
598 case DLT_PPP: 599 case DLT_C_HDLC: /* BSD/OS Cisco HDLC / 600* case DLT_PPP_SERIAL: /* NetBSD sync/async serial PPP / 601* off_linktype = 2; 602 off_nl = 4;	755 case DLT_PPP: 756 case DLT_C_HDLC: /* BSD/OS Cisco HDLC / 757* case DLT_PPP_SERIAL: /* NetBSD sync/async serial PPP / 758* off_linktype = 2; 759 off_nl = 4;
	760 off_nl_nosnap = 4; /* no 802.2 LLC */
603 return; 604 605 case DLT_PPP_ETHER: 606 /* 607 * This does no include the Ethernet header, and 608 * only covers session state. 609 / 610* off_linktype = 6; 611 off_nl = 8;	761 return; 762 763 case DLT_PPP_ETHER: 764 /* 765 * This does no include the Ethernet header, and 766 * only covers session state. 767 / 768* off_linktype = 6; 769 off_nl = 8;
	770 off_nl_nosnap = 8; /* no 802.2 LLC */
612 return; 613 614 case DLT_PPP_BSDOS: 615 off_linktype = 5; 616 off_nl = 24;	771 return; 772 773 case DLT_PPP_BSDOS: 774 off_linktype = 5; 775 off_nl = 24;
	776 off_nl_nosnap = 24; /* no 802.2 LLC */
617 return; 618 619 case DLT_FDDI: 620 /* 621 * FDDI doesn't really have a link-level type field. 622 * We set "off_linktype" to the offset of the LLC header. 623 * 624 * To check for Ethernet types, we assume that SSAP = SNAP 625 * is being used and pick out the encapsulated Ethernet type. 626 * XXX - should we generate code to check for SNAP? 627 / 628* off_linktype = 13; 629#ifdef PCAP_FDDIPAD 630 off_linktype += pcap_fddipad; 631#endif	777 return; 778 779 case DLT_FDDI: 780 /* 781 * FDDI doesn't really have a link-level type field. 782 * We set "off_linktype" to the offset of the LLC header. 783 * 784 * To check for Ethernet types, we assume that SSAP = SNAP 785 * is being used and pick out the encapsulated Ethernet type. 786 * XXX - should we generate code to check for SNAP? 787 / 788* off_linktype = 13; 789#ifdef PCAP_FDDIPAD 790 off_linktype += pcap_fddipad; 791#endif
632 off_nl = 21;	792 off_nl = 21; /* FDDI+802.2+SNAP / 793* off_nl_nosnap = 16; /* FDDI+802.2 */
633#ifdef PCAP_FDDIPAD 634 off_nl += pcap_fddipad;	794#ifdef PCAP_FDDIPAD 795 off_nl += pcap_fddipad;
	796 off_nl_nosnap += pcap_fddipad;
635#endif 636 return; 637 638 case DLT_IEEE802: 639 /* 640 * Token Ring doesn't really have a link-level type field. 641 * We set "off_linktype" to the offset of the LLC header. 642 * --- 12 unchanged lines hidden (view full) --- 655 * of the first byte of the source address, at an 656 * offset of 8, has the uppermost bit set. If the 657 * packet is source-routed, the total number of bytes 658 * of routing information is 2 plus bits 0x1F00 of 659 * the 16-bit value at an offset of 14 (shifted right 660 * 8 - figure out which byte that is). 661 / 662* off_linktype = 14;	797#endif 798 return; 799 800 case DLT_IEEE802: 801 /* 802 * Token Ring doesn't really have a link-level type field. 803 * We set "off_linktype" to the offset of the LLC header. 804 * --- 12 unchanged lines hidden (view full) --- 817 * of the first byte of the source address, at an 818 * offset of 8, has the uppermost bit set. If the 819 * packet is source-routed, the total number of bytes 820 * of routing information is 2 plus bits 0x1F00 of 821 * the 16-bit value at an offset of 14 (shifted right 822 * 8 - figure out which byte that is). 823 / 824* off_linktype = 14;
663 off_nl = 22;	825 off_nl = 22; /* Token Ring+802.2+SNAP / 826* off_nl_nosnap = 17; /* Token Ring+802.2 */
664 return; 665 666 case DLT_IEEE802_11: 667 /* 668 * 802.11 doesn't really have a link-level type field. 669 * We set "off_linktype" to the offset of the LLC header. 670 * 671 * To check for Ethernet types, we assume that SSAP = SNAP 672 * is being used and pick out the encapsulated Ethernet type. 673 * XXX - should we generate code to check for SNAP? 674 * 675 * XXX - the header is actually variable-length. We 676 * assume a 24-byte link-layer header, as appears in 677 * data frames in networks with no bridges. If the 678 * fromds and tods 802.11 header bits are both set, 679 * it's actually supposed to be 30 bytes. 680 / 681* off_linktype = 24;	827 return; 828 829 case DLT_IEEE802_11: 830 /* 831 * 802.11 doesn't really have a link-level type field. 832 * We set "off_linktype" to the offset of the LLC header. 833 * 834 * To check for Ethernet types, we assume that SSAP = SNAP 835 * is being used and pick out the encapsulated Ethernet type. 836 * XXX - should we generate code to check for SNAP? 837 * 838 * XXX - the header is actually variable-length. We 839 * assume a 24-byte link-layer header, as appears in 840 * data frames in networks with no bridges. If the 841 * fromds and tods 802.11 header bits are both set, 842 * it's actually supposed to be 30 bytes. 843 / 844* off_linktype = 24;
682 off_nl = 32;	845 off_nl = 32; /* 802.11+802.2+SNAP / 846* off_nl_nosnap = 27; /* 802.11+802.2 */
683 return; 684 685 case DLT_PRISM_HEADER: 686 /* 687 * Same as 802.11, but with an additional header before 688 * the 802.11 header, containing a bunch of additional 689 * information including radio-level information. 690 * 691 * The header is 144 bytes long. 692 * 693 * XXX - same variable-length header problem; at least 694 * the Prism header is fixed-length. 695 / 696* off_linktype = 144+24;	847 return; 848 849 case DLT_PRISM_HEADER: 850 /* 851 * Same as 802.11, but with an additional header before 852 * the 802.11 header, containing a bunch of additional 853 * information including radio-level information. 854 * 855 * The header is 144 bytes long. 856 * 857 * XXX - same variable-length header problem; at least 858 * the Prism header is fixed-length. 859 / 860* off_linktype = 144+24;
697 off_nl = 144+30;	861 off_nl = 144+32; /* Prism+802.11+802.2+SNAP / 862* off_nl_nosnap = 144+27; /* Prism+802.11+802.2 */
698 return; 699	863 return; 864
	865 case DLT_IEEE802_11_RADIO_AVS: 866 /* 867 * Same as 802.11, but with an additional header before 868 * the 802.11 header, containing a bunch of additional 869 * information including radio-level information. 870 * 871 * The header is 64 bytes long, at least in its 872 * current incarnation. 873 * 874 * XXX - same variable-length header problem, only 875 * more so; this header is also variable-length, 876 * with the length being the 32-bit big-endian 877 * number at an offset of 4 from the beginning 878 * of the radio header. 879 / 880* off_linktype = 64+24; 881 off_nl = 64+32; /* Radio+802.11+802.2+SNAP / 882* off_nl_nosnap = 64+27; /* Radio+802.11+802.2 / 883* return; 884 885 case DLT_IEEE802_11_RADIO: 886 /* 887 * Same as 802.11, but with an additional header before 888 * the 802.11 header, containing a bunch of additional 889 * information including radio-level information. 890 * 891 * XXX - same variable-length header problem, only 892 * even more so; this header is also variable-length, 893 * with the length being the 16-bit number at an offset 894 * of 2 from the beginning of the radio header, and it's 895 * device-dependent (different devices might supply 896 * different amounts of information), so we can't even 897 * assume a fixed length for the current version of the 898 * header. 899 * 900 * Therefore, currently, only raw "link[N:M]" filtering is 901 * supported. 902 / 903* off_linktype = -1; 904 off_nl = -1; 905 off_nl_nosnap = -1; 906 return; 907
700 case DLT_ATM_RFC1483:	908 case DLT_ATM_RFC1483:
	909 case DLT_ATM_CLIP: /* Linux ATM defines this */
701 /* 702 * assume routed, non-ISO PDUs 703 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00) 704 */	910 /* 911 * assume routed, non-ISO PDUs 912 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00) 913 */
705 off_linktype = 6; 706 off_nl = 8;	914 off_linktype = 0; 915 off_nl = 8; /* 802.2+SNAP / 916* off_nl_nosnap = 3; /* 802.2 */
707 return; 708	917 return; 918
	919 case DLT_SUNATM: 920 /* 921 * Full Frontal ATM; you get AALn PDUs with an ATM 922 * pseudo-header. 923 / 924* is_atm = 1; 925 off_vpi = SUNATM_VPI_POS; 926 off_vci = SUNATM_VCI_POS; 927 off_proto = PROTO_POS; 928 off_mac = -1; /* LLC-encapsulated, so no MAC-layer header / 929* off_payload = SUNATM_PKT_BEGIN_POS; 930 off_linktype = off_payload; 931 off_nl = off_payload+8; /* 802.2+SNAP / 932* off_nl_nosnap = off_payload+3; /* 802.2 / 933* return; 934
709 case DLT_RAW: 710 off_linktype = -1; 711 off_nl = 0;	935 case DLT_RAW: 936 off_linktype = -1; 937 off_nl = 0;
	938 off_nl_nosnap = 0; /* no 802.2 LLC */
712 return; 713	939 return; 940
714 case DLT_ATM_CLIP: /* Linux ATM defines this / 715* off_linktype = 6; 716 off_nl = 8; 717 return; 718
719 case DLT_LINUX_SLL: /* fake header for Linux cooked socket / 720* off_linktype = 14; 721 off_nl = 16;	941 case DLT_LINUX_SLL: /* fake header for Linux cooked socket / 942* off_linktype = 14; 943 off_nl = 16;
	944 off_nl_nosnap = 16; /* no 802.2 LLC */
722 return; 723 724 case DLT_LTALK: 725 /* 726 * LocalTalk does have a 1-byte type field in the LLAP header, 727 * but really it just indicates whether there is a "short" or 728 * "long" DDP packet following. 729 / 730* off_linktype = -1; 731 off_nl = 0;	945 return; 946 947 case DLT_LTALK: 948 /* 949 * LocalTalk does have a 1-byte type field in the LLAP header, 950 * but really it just indicates whether there is a "short" or 951 * "long" DDP packet following. 952 / 953* off_linktype = -1; 954 off_nl = 0;
	955 off_nl_nosnap = 0; /* no 802.2 LLC */
732 return;	956 return;
	957 958 case DLT_IP_OVER_FC: 959 /* 960 * RFC 2625 IP-over-Fibre-Channel doesn't really have a 961 * link-level type field. We set "off_linktype" to the 962 * offset of the LLC header. 963 * 964 * To check for Ethernet types, we assume that SSAP = SNAP 965 * is being used and pick out the encapsulated Ethernet type. 966 * XXX - should we generate code to check for SNAP? RFC 967 * 2625 says SNAP should be used. 968 / 969* off_linktype = 16; 970 off_nl = 24; /* IPFC+802.2+SNAP / 971* off_nl_nosnap = 19; /* IPFC+802.2 / 972* return; 973 974 case DLT_FRELAY: 975 /* 976 * XXX - we should set this to handle SNAP-encapsulated 977 * frames (NLPID of 0x80). 978 / 979* off_linktype = -1; 980 off_nl = 0; 981 off_nl_nosnap = 0; /* no 802.2 LLC / 982* return; 983 984 case DLT_APPLE_IP_OVER_IEEE1394: 985 off_linktype = 16; 986 off_nl = 18; 987 off_nl_nosnap = 0; /* no 802.2 LLC / 988* return; 989 990 case DLT_LINUX_IRDA: 991 /* 992 * Currently, only raw "link[N:M]" filtering is supported. 993 / 994* off_linktype = -1; 995 off_nl = -1; 996 off_nl_nosnap = -1; 997 return; 998 999 case DLT_PFLOG: 1000 off_linktype = 0; 1001 /* XXX read from header? / 1002* off_nl = PFLOG_HDRLEN; 1003 off_nl_nosnap = PFLOG_HDRLEN; 1004 return; 1005 1006#ifdef DLT_PFSYNC 1007 case DLT_PFSYNC: 1008 off_linktype = -1; 1009 off_nl = 4; 1010 off_nl_nosnap = 4; 1011 return; 1012#endif
733 } 734 bpf_error("unknown data link type %d", linktype); 735 /* NOTREACHED / 736} 737* 738static struct block * 739gen_uncond(rsense) 740 int rsense; --- 25 unchanged lines hidden (view full) --- 766 * Byte-swap a 32-bit number. 767 * ("htonl()" or "ntohl()" won't work - we want to byte-swap even on 768 * big-endian platforms.) 769 / 770#define SWAPLONG(y) \ 771((((y)&0xff)<<24) \| (((y)&0xff00)<<8) \| (((y)&0xff0000)>>8) \| (((y)>>24)&0xff)) 772* 773static struct block *	1013 } 1014 bpf_error("unknown data link type %d", linktype); 1015 /* NOTREACHED / 1016} 1017* 1018static struct block * 1019gen_uncond(rsense) 1020 int rsense; --- 25 unchanged lines hidden (view full) --- 1046 * Byte-swap a 32-bit number. 1047 * ("htonl()" or "ntohl()" won't work - we want to byte-swap even on 1048 * big-endian platforms.) 1049 / 1050#define SWAPLONG(y) \ 1051((((y)&0xff)<<24) \| (((y)&0xff00)<<8) \| (((y)&0xff0000)>>8) \| (((y)>>24)&0xff)) 1052* 1053static struct block *
774gen_linktype(proto)	1054gen_ether_linktype(proto)
775 register int proto; 776{ 777 struct block b0, b1; 778	1055 register int proto; 1056{ 1057 struct block b0, b1; 1058
779 switch (linktype) {	1059 switch (proto) {
780	1060
781 case DLT_EN10MB: 782 switch (proto) {	1061 case LLCSAP_ISONS: 1062 /* 1063 * OSI protocols always use 802.2 encapsulation. 1064 * XXX - should we check both the DSAP and the 1065 * SSAP, like this, or should we check just the 1066 * DSAP? 1067 / 1068* b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 1069 gen_not(b0); 1070 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32) 1071 ((LLCSAP_ISONS << 8) \| LLCSAP_ISONS)); 1072 gen_and(b0, b1); 1073 return b1;
783	1074
784 case LLCSAP_ISONS: 785 /* 786 * OSI protocols always use 802.2 encapsulation. 787 * XXX - should we check both the DSAP and the 788 * SSAP, like this, or should we check just the 789 * DSAP? 790 / 791* b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 792 gen_not(b0); 793 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32) 794 ((LLCSAP_ISONS << 8) \| LLCSAP_ISONS)); 795 gen_and(b0, b1); 796 return b1;	1075 case LLCSAP_IP: 1076 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 1077 gen_not(b0); 1078 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32) 1079 ((LLCSAP_IP << 8) \| LLCSAP_IP)); 1080 gen_and(b0, b1); 1081 return b1;
797	1082
798 case LLCSAP_NETBEUI: 799 /* 800 * NetBEUI always uses 802.2 encapsulation. 801 * XXX - should we check both the DSAP and the 802 * SSAP, like this, or should we check just the 803 * DSAP? 804 / 805* b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 806 gen_not(b0); 807 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32) 808 ((LLCSAP_NETBEUI << 8) \| LLCSAP_NETBEUI)); 809 gen_and(b0, b1); 810 return b1;	1083 case LLCSAP_NETBEUI: 1084 /* 1085 * NetBEUI always uses 802.2 encapsulation. 1086 * XXX - should we check both the DSAP and the 1087 * SSAP, like this, or should we check just the 1088 * DSAP? 1089 / 1090* b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 1091 gen_not(b0); 1092 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32) 1093 ((LLCSAP_NETBEUI << 8) \| LLCSAP_NETBEUI)); 1094 gen_and(b0, b1); 1095 return b1;
811	1096
812 case LLCSAP_IPX: 813 /* 814 * Check for; 815 * 816 * Ethernet_II frames, which are Ethernet 817 * frames with a frame type of ETHERTYPE_IPX; 818 * 819 * Ethernet_802.3 frames, which are 802.3 820 * frames (i.e., the type/length field is 821 * a length field, <= ETHERMTU, rather than 822 * a type field) with the first two bytes 823 * after the Ethernet/802.3 header being 824 * 0xFFFF; 825 * 826 * Ethernet_802.2 frames, which are 802.3 827 * frames with an 802.2 LLC header and 828 * with the IPX LSAP as the DSAP in the LLC 829 * header; 830 * 831 * Ethernet_SNAP frames, which are 802.3 832 * frames with an LLC header and a SNAP 833 * header and with an OUI of 0x000000 834 * (encapsulated Ethernet) and a protocol 835 * ID of ETHERTYPE_IPX in the SNAP header. 836 * 837 * XXX - should we generate the same code both 838 * for tests for LLCSAP_IPX and for ETHERTYPE_IPX? 839 */	1097 case LLCSAP_IPX: 1098 /* 1099 * Check for; 1100 * 1101 * Ethernet_II frames, which are Ethernet 1102 * frames with a frame type of ETHERTYPE_IPX; 1103 * 1104 * Ethernet_802.3 frames, which are 802.3 1105 * frames (i.e., the type/length field is 1106 * a length field, <= ETHERMTU, rather than 1107 * a type field) with the first two bytes 1108 * after the Ethernet/802.3 header being 1109 * 0xFFFF; 1110 * 1111 * Ethernet_802.2 frames, which are 802.3 1112 * frames with an 802.2 LLC header and 1113 * with the IPX LSAP as the DSAP in the LLC 1114 * header; 1115 * 1116 * Ethernet_SNAP frames, which are 802.3 1117 * frames with an LLC header and a SNAP 1118 * header and with an OUI of 0x000000 1119 * (encapsulated Ethernet) and a protocol 1120 * ID of ETHERTYPE_IPX in the SNAP header. 1121 * 1122 * XXX - should we generate the same code both 1123 * for tests for LLCSAP_IPX and for ETHERTYPE_IPX? 1124 */
840	1125
841 /* 842 * This generates code to check both for the 843 * IPX LSAP (Ethernet_802.2) and for Ethernet_802.3. 844 / 845* b0 = gen_cmp(off_linktype + 2, BPF_B, 846 (bpf_int32)LLCSAP_IPX); 847 b1 = gen_cmp(off_linktype + 2, BPF_H, 848 (bpf_int32)0xFFFF); 849 gen_or(b0, b1);	1126 /* 1127 * This generates code to check both for the 1128 * IPX LSAP (Ethernet_802.2) and for Ethernet_802.3. 1129 / 1130* b0 = gen_cmp(off_linktype + 2, BPF_B, (bpf_int32)LLCSAP_IPX); 1131 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)0xFFFF); 1132 gen_or(b0, b1);
850	1133
851 /* 852 * Now we add code to check for SNAP frames with 853 * ETHERTYPE_IPX, i.e. Ethernet_SNAP. 854 / 855* b0 = gen_snap(0x000000, ETHERTYPE_IPX, 14); 856 gen_or(b0, b1);	1134 /* 1135 * Now we add code to check for SNAP frames with 1136 * ETHERTYPE_IPX, i.e. Ethernet_SNAP. 1137 / 1138* b0 = gen_snap(0x000000, ETHERTYPE_IPX, 14); 1139 gen_or(b0, b1);
857	1140
858 /* 859 * Now we generate code to check for 802.3 860 * frames in general. 861 / 862* b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 863 gen_not(b0);	1141 /* 1142 * Now we generate code to check for 802.3 1143 * frames in general. 1144 / 1145* b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 1146 gen_not(b0);
864	1147
865 /* 866 * Now add the check for 802.3 frames before the 867 * check for Ethernet_802.2 and Ethernet_802.3, 868 * as those checks should only be done on 802.3 869 * frames, not on Ethernet frames. 870 / 871* gen_and(b0, b1);	1148 /* 1149 * Now add the check for 802.3 frames before the 1150 * check for Ethernet_802.2 and Ethernet_802.3, 1151 * as those checks should only be done on 802.3 1152 * frames, not on Ethernet frames. 1153 / 1154* gen_and(b0, b1);
872	1155
873 /* 874 * Now add the check for Ethernet_II frames, and 875 * do that before checking for the other frame 876 * types. 877 / 878* b0 = gen_cmp(off_linktype, BPF_H, 879 (bpf_int32)ETHERTYPE_IPX); 880 gen_or(b0, b1); 881 return b1;	1156 /* 1157 * Now add the check for Ethernet_II frames, and 1158 * do that before checking for the other frame 1159 * types. 1160 / 1161* b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)ETHERTYPE_IPX); 1162 gen_or(b0, b1); 1163 return b1;
882	1164
883 case ETHERTYPE_ATALK: 884 case ETHERTYPE_AARP: 885 /* 886 * EtherTalk (AppleTalk protocols on Ethernet link 887 * layer) may use 802.2 encapsulation. 888 */	1165 case ETHERTYPE_ATALK: 1166 case ETHERTYPE_AARP: 1167 /* 1168 * EtherTalk (AppleTalk protocols on Ethernet link 1169 * layer) may use 802.2 encapsulation. 1170 */
889	1171
	1172 /* 1173 * Check for 802.2 encapsulation (EtherTalk phase 2?); 1174 * we check for an Ethernet type field less than 1175 * 1500, which means it's an 802.3 length field. 1176 / 1177* b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 1178 gen_not(b0); 1179 1180 /* 1181 * 802.2-encapsulated ETHERTYPE_ATALK packets are 1182 * SNAP packets with an organization code of 1183 * 0x080007 (Apple, for Appletalk) and a protocol 1184 * type of ETHERTYPE_ATALK (Appletalk). 1185 * 1186 * 802.2-encapsulated ETHERTYPE_AARP packets are 1187 * SNAP packets with an organization code of 1188 * 0x000000 (encapsulated Ethernet) and a protocol 1189 * type of ETHERTYPE_AARP (Appletalk ARP). 1190 / 1191* if (proto == ETHERTYPE_ATALK) 1192 b1 = gen_snap(0x080007, ETHERTYPE_ATALK, 14); 1193 else /* proto == ETHERTYPE_AARP / 1194* b1 = gen_snap(0x000000, ETHERTYPE_AARP, 14); 1195 gen_and(b0, b1); 1196 1197 /* 1198 * Check for Ethernet encapsulation (Ethertalk 1199 * phase 1?); we just check for the Ethernet 1200 * protocol type. 1201 / 1202* b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 1203 1204 gen_or(b0, b1); 1205 return b1; 1206 1207 default: 1208 if (proto <= ETHERMTU) {
890 /*	1209 /*
891 * Check for 802.2 encapsulation (EtherTalk phase 2?); 892 * we check for an Ethernet type field less than 893 * 1500, which means it's an 802.3 length field.	1210 * This is an LLC SAP value, so the frames 1211 * that match would be 802.2 frames. 1212 * Check that the frame is an 802.2 frame 1213 * (i.e., that the length/type field is 1214 * a length field, <= ETHERMTU) and 1215 * then check the DSAP.
894 / 895* b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 896 gen_not(b0);	1216 / 1217* b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 1218 gen_not(b0);
897 898 /* 899 * 802.2-encapsulated ETHERTYPE_ATALK packets are 900 * SNAP packets with an organization code of 901 * 0x080007 (Apple, for Appletalk) and a protocol 902 * type of ETHERTYPE_ATALK (Appletalk). 903 * 904 * 802.2-encapsulated ETHERTYPE_AARP packets are 905 * SNAP packets with an organization code of 906 * 0x000000 (encapsulated Ethernet) and a protocol 907 * type of ETHERTYPE_AARP (Appletalk ARP). 908 / 909* if (proto == ETHERTYPE_ATALK) 910 b1 = gen_snap(0x080007, ETHERTYPE_ATALK, 14); 911 else /* proto == ETHERTYPE_AARP / 912* b1 = gen_snap(0x000000, ETHERTYPE_AARP, 14);	1219 b1 = gen_cmp(off_linktype + 2, BPF_B, (bpf_int32)proto);
913 gen_and(b0, b1);	1220 gen_and(b0, b1);
914	1221 return b1; 1222 } else {
915 /*	1223 /*
916 * Check for Ethernet encapsulation (Ethertalk 917 * phase 1?); we just check for the Ethernet 918 * protocol type.	1224 * This is an Ethernet type, so compare 1225 * the length/type field with it (if 1226 * the frame is an 802.2 frame, the length 1227 * field will be <= ETHERMTU, and, as 1228 * "proto" is > ETHERMTU, this test 1229 * will fail and the frame won't match, 1230 * which is what we want).
919 */	1231 */
920 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);	1232 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 1233 } 1234 } 1235}
921	1236
922 gen_or(b0, b1); 923 return b1;	1237static struct block * 1238gen_linktype(proto) 1239 register int proto; 1240{ 1241 struct block b0, b1, *b2;
924	1242
	1243 switch (linktype) { 1244 1245 case DLT_EN10MB: 1246 return gen_ether_linktype(proto); 1247 break; 1248 1249 case DLT_C_HDLC: 1250 switch (proto) { 1251 1252 case LLCSAP_ISONS: 1253 proto = (proto << 8 \| LLCSAP_ISONS); 1254 /* fall through / 1255*
925 default:	1256 default:
926 if (proto <= ETHERMTU) { 927 /* 928 * This is an LLC SAP value, so the frames 929 * that match would be 802.2 frames. 930 * Check that the frame is an 802.2 frame 931 * (i.e., that the length/type field is 932 * a length field, <= ETHERMTU) and 933 * then check the DSAP. 934 / 935* b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 936 gen_not(b0); 937 b1 = gen_cmp(off_linktype + 2, BPF_B, 938 (bpf_int32)proto); 939 gen_and(b0, b1); 940 return b1; 941 } else { 942 /* 943 * This is an Ethernet type, so compare 944 * the length/type field with it (if 945 * the frame is an 802.2 frame, the length 946 * field will be <= ETHERMTU, and, as 947 * "proto" is > ETHERMTU, this test 948 * will fail and the frame won't match, 949 * which is what we want). 950 / 951* return gen_cmp(off_linktype, BPF_H, 952 (bpf_int32)proto); 953 }	1257 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 1258 break;
954 } 955 break; 956 957 case DLT_IEEE802_11:	1259 } 1260 break; 1261 1262 case DLT_IEEE802_11:
958 return gen_snap(0x000000, proto, off_linktype);
959 case DLT_PRISM_HEADER:	1263 case DLT_PRISM_HEADER:
	1264 case DLT_IEEE802_11_RADIO:
960 case DLT_FDDI: 961 case DLT_IEEE802: 962 case DLT_ATM_RFC1483: 963 case DLT_ATM_CLIP:	1265 case DLT_FDDI: 1266 case DLT_IEEE802: 1267 case DLT_ATM_RFC1483: 1268 case DLT_ATM_CLIP:
	1269 case DLT_IP_OVER_FC: 1270 return gen_llc(proto); 1271 break; 1272 1273 case DLT_SUNATM:
964 /*	1274 /*
965 * XXX - handle token-ring variable-length header.	1275 * If "is_lane" is set, check for a LANE-encapsulated 1276 * version of this protocol, otherwise check for an 1277 * LLC-encapsulated version of this protocol. 1278 * 1279 * We assume LANE means Ethernet, not Token Ring.
966 */	1280 */
967 switch (proto) { 968 969 case LLCSAP_ISONS: 970 return gen_cmp(off_linktype, BPF_H, (long) 971 ((LLCSAP_ISONS << 8) \| LLCSAP_ISONS)); 972 973 case LLCSAP_NETBEUI: 974 return gen_cmp(off_linktype, BPF_H, (long) 975 ((LLCSAP_NETBEUI << 8) \| LLCSAP_NETBEUI)); 976 977 case LLCSAP_IPX:	1281 if (is_lane) {
978 /*	1282 /*
979 * XXX - are there ever SNAP frames for IPX on 980 * non-Ethernet 802.x networks?	1283 * Check that the packet doesn't begin with an 1284 * LE Control marker. (We've already generated 1285 * a test for LANE.)
981 */	1286 */
982 return gen_cmp(off_linktype, BPF_B, 983 (bpf_int32)LLCSAP_IPX);	1287 b0 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00); 1288 gen_not(b0);
984	1289
985 case ETHERTYPE_ATALK:
986 /*	1290 /*
987 * 802.2-encapsulated ETHERTYPE_ATALK packets are 988 * SNAP packets with an organization code of 989 * 0x080007 (Apple, for Appletalk) and a protocol 990 * type of ETHERTYPE_ATALK (Appletalk). 991 * 992 * XXX - check for an organization code of 993 * encapsulated Ethernet as well?	1291 * Now generate an Ethernet test.
994 */	1292 */
995 return gen_snap(0x080007, ETHERTYPE_ATALK, 996 off_linktype); 997 break; 998 999 default:	1293 b1 = gen_ether_linktype(proto); 1294 gen_and(b0, b1); 1295 return b1; 1296 } else {
1000 /*	1297 /*
1001 * XXX - we don't have to check for IPX 802.3 1002 * here, but should we check for the IPX Ethertype?	1298 * Check for LLC encapsulation and then check the 1299 * protocol.
1003 */	1300 */
1004 if (proto <= ETHERMTU) { 1005 /* 1006 * This is an LLC SAP value, so check 1007 * the DSAP. 1008 / 1009* return gen_cmp(off_linktype, BPF_B, 1010 (bpf_int32)proto); 1011 } else { 1012 /* 1013 * This is an Ethernet type; we assume 1014 * that it's unlikely that it'll 1015 * appear in the right place at random, 1016 * and therefore check only the 1017 * location that would hold the Ethernet 1018 * type in a SNAP frame with an organization 1019 * code of 0x000000 (encapsulated Ethernet). 1020 * 1021 * XXX - if we were to check for the SNAP DSAP 1022 * and LSAP, as per XXX, and were also to check 1023 * for an organization code of 0x000000 1024 * (encapsulated Ethernet), we'd do 1025 * 1026 * return gen_snap(0x000000, proto, 1027 * off_linktype); 1028 * 1029 * here; for now, we don't, as per the above. 1030 * I don't know whether it's worth the 1031 * extra CPU time to do the right check 1032 * or not. 1033 / 1034* return gen_cmp(off_linktype+6, BPF_H, 1035 (bpf_int32)proto); 1036 }	1301 b0 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0); 1302 b1 = gen_llc(proto); 1303 gen_and(b0, b1); 1304 return b1;
1037 }	1305 }
1038 break;
1039 1040 case DLT_LINUX_SLL: 1041 switch (proto) { 1042	1306 1307 case DLT_LINUX_SLL: 1308 switch (proto) { 1309
	1310 case LLCSAP_IP: 1311 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2); 1312 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32) 1313 ((LLCSAP_IP << 8) \| LLCSAP_IP)); 1314 gen_and(b0, b1); 1315 return b1; 1316
1043 case LLCSAP_ISONS: 1044 /* 1045 * OSI protocols always use 802.2 encapsulation. 1046 * XXX - should we check both the DSAP and the 1047 * LSAP, like this, or should we check just the 1048 * DSAP? 1049 / 1050* b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2); --- 168 unchanged lines hidden (view full) --- 1219 case DLT_PPP_ETHER: 1220 /* 1221 * We use Ethernet protocol types inside libpcap; 1222 * map them to the corresponding PPP protocol types. 1223 / 1224* switch (proto) { 1225 1226 case ETHERTYPE_IP:	1317 case LLCSAP_ISONS: 1318 /* 1319 * OSI protocols always use 802.2 encapsulation. 1320 * XXX - should we check both the DSAP and the 1321 * LSAP, like this, or should we check just the 1322 * DSAP? 1323 / 1324* b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2); --- 168 unchanged lines hidden (view full) --- 1493 case DLT_PPP_ETHER: 1494 /* 1495 * We use Ethernet protocol types inside libpcap; 1496 * map them to the corresponding PPP protocol types. 1497 / 1498* switch (proto) { 1499 1500 case ETHERTYPE_IP:
1227 proto = PPP_IP; /* XXX was 0x21 */	1501 proto = PPP_IP;
1228 break; 1229 1230#ifdef INET6 1231 case ETHERTYPE_IPV6: 1232 proto = PPP_IPV6; 1233 break; 1234#endif 1235 --- 78 unchanged lines hidden (view full) --- 1314 case LLCSAP_IPX: 1315 proto = PPP_IPX; 1316 break; 1317 } 1318 break; 1319 1320 case DLT_NULL: 1321 case DLT_LOOP:	1502 break; 1503 1504#ifdef INET6 1505 case ETHERTYPE_IPV6: 1506 proto = PPP_IPV6; 1507 break; 1508#endif 1509 --- 78 unchanged lines hidden (view full) --- 1588 case LLCSAP_IPX: 1589 proto = PPP_IPX; 1590 break; 1591 } 1592 break; 1593 1594 case DLT_NULL: 1595 case DLT_LOOP:
	1596 case DLT_ENC:
1322 /* 1323 * For DLT_NULL, the link-layer header is a 32-bit	1597 /* 1598 * For DLT_NULL, the link-layer header is a 32-bit
1324 * word containing an AF_ value in host byte order.	1599 * word containing an AF_ value in host byte order, 1600 * and for DLT_ENC, the link-layer header begins 1601 * with a 32-bit work containing an AF_ value in 1602 * host byte order.
1325 * 1326 * In addition, if we're reading a saved capture file, 1327 * the host byte order in the capture may not be the 1328 * same as the host byte order on this machine. 1329 * 1330 * For DLT_LOOP, the link-layer header is a 32-bit 1331 * word containing an AF_ value in network byte order. 1332 * --- 21 unchanged lines hidden (view full) --- 1354 /* 1355 * Not a type on which we support filtering. 1356 * XXX - support those that have AF_ values 1357 * #defined on this platform, at least? 1358 / 1359* return gen_false(); 1360 } 1361	1603 * 1604 * In addition, if we're reading a saved capture file, 1605 * the host byte order in the capture may not be the 1606 * same as the host byte order on this machine. 1607 * 1608 * For DLT_LOOP, the link-layer header is a 32-bit 1609 * word containing an AF_ value in network byte order. 1610 * --- 21 unchanged lines hidden (view full) --- 1632 /* 1633 * Not a type on which we support filtering. 1634 * XXX - support those that have AF_ values 1635 * #defined on this platform, at least? 1636 / 1637* return gen_false(); 1638 } 1639
1362 if (linktype == DLT_NULL) {	1640 if (linktype == DLT_NULL \|\| linktype == DLT_ENC) {
1363 /* 1364 * The AF_ value is in host byte order, but 1365 * the BPF interpreter will convert it to 1366 * network byte order. 1367 * 1368 * If this is a save file, and it's from a 1369 * machine with the opposite byte order to 1370 * ours, we byte-swap the AF_ value. 1371 * 1372 * Then we run it through "htonl()", and 1373 * generate code to compare against the result. 1374 / 1375* if (bpf_pcap->sf.rfile != NULL && 1376 bpf_pcap->sf.swapped) 1377 proto = SWAPLONG(proto); 1378 proto = htonl(proto); 1379 } 1380 return (gen_cmp(0, BPF_W, (bpf_int32)proto)); 1381	1641 /* 1642 * The AF_ value is in host byte order, but 1643 * the BPF interpreter will convert it to 1644 * network byte order. 1645 * 1646 * If this is a save file, and it's from a 1647 * machine with the opposite byte order to 1648 * ours, we byte-swap the AF_ value. 1649 * 1650 * Then we run it through "htonl()", and 1651 * generate code to compare against the result. 1652 / 1653* if (bpf_pcap->sf.rfile != NULL && 1654 bpf_pcap->sf.swapped) 1655 proto = SWAPLONG(proto); 1656 proto = htonl(proto); 1657 } 1658 return (gen_cmp(0, BPF_W, (bpf_int32)proto)); 1659
	1660 case DLT_PFLOG: 1661 /* 1662 * af field is host byte order in contrast to the rest of 1663 * the packet. 1664 / 1665* if (proto == ETHERTYPE_IP) 1666 return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B, 1667 (bpf_int32)AF_INET)); 1668#ifdef INET6 1669 else if (proto == ETHERTYPE_IPV6) 1670 return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B, 1671 (bpf_int32)AF_INET6)); 1672#endif /* INET6 / 1673* else 1674 return gen_false(); 1675 break; 1676
1382 case DLT_ARCNET:	1677 case DLT_ARCNET:
	1678 case DLT_ARCNET_LINUX:
1383 /* 1384 * XXX should we check for first fragment if the protocol 1385 * uses PHDS? 1386 */	1679 /* 1680 * XXX should we check for first fragment if the protocol 1681 * uses PHDS? 1682 */
1387 switch(proto) {	1683 switch (proto) { 1684
1388 default: 1389 return gen_false();	1685 default: 1686 return gen_false();
	1687
1390#ifdef INET6 1391 case ETHERTYPE_IPV6:	1688#ifdef INET6 1689 case ETHERTYPE_IPV6:
1392 return(gen_cmp(2, BPF_B, 1393 (bpf_int32)htonl(ARCTYPE_INET6)));	1690 return (gen_cmp(off_linktype, BPF_B, 1691 (bpf_int32)ARCTYPE_INET6));
1394#endif /* INET6 */	1692#endif /* INET6 */
	1693
1395 case ETHERTYPE_IP:	1694 case ETHERTYPE_IP:
1396 b0 = gen_cmp(2, BPF_B, (bpf_int32)htonl(ARCTYPE_IP)); 1397 b1 = gen_cmp(2, BPF_B, 1398 (bpf_int32)htonl(ARCTYPE_IP_OLD));	1695 b0 = gen_cmp(off_linktype, BPF_B, 1696 (bpf_int32)ARCTYPE_IP); 1697 b1 = gen_cmp(off_linktype, BPF_B, 1698 (bpf_int32)ARCTYPE_IP_OLD);
1399 gen_or(b0, b1);	1699 gen_or(b0, b1);
1400 return(b1);	1700 return (b1); 1701
1401 case ETHERTYPE_ARP:	1702 case ETHERTYPE_ARP:
1402 b0 = gen_cmp(2, BPF_B, (bpf_int32)htonl(ARCTYPE_ARP)); 1403 b1 = gen_cmp(2, BPF_B, 1404 (bpf_int32)htonl(ARCTYPE_ARP_OLD));	1703 b0 = gen_cmp(off_linktype, BPF_B, 1704 (bpf_int32)ARCTYPE_ARP); 1705 b1 = gen_cmp(off_linktype, BPF_B, 1706 (bpf_int32)ARCTYPE_ARP_OLD);
1405 gen_or(b0, b1);	1707 gen_or(b0, b1);
1406 return(b1);	1708 return (b1); 1709
1407 case ETHERTYPE_REVARP:	1710 case ETHERTYPE_REVARP:
1408 return(gen_cmp(2, BPF_B, 1409 (bpf_int32)htonl(ARCTYPE_REVARP)));	1711 return (gen_cmp(off_linktype, BPF_B, 1712 (bpf_int32)ARCTYPE_REVARP)); 1713
1410 case ETHERTYPE_ATALK:	1714 case ETHERTYPE_ATALK:
1411 return(gen_cmp(2, BPF_B, 1412 (bpf_int32)htonl(ARCTYPE_ATALK)));	1715 return (gen_cmp(off_linktype, BPF_B, 1716 (bpf_int32)ARCTYPE_ATALK));
1413 } 1414 break; 1415 1416 case DLT_LTALK: 1417 switch (proto) { 1418 case ETHERTYPE_ATALK: 1419 return gen_true(); 1420 default: 1421 return gen_false(); 1422 } 1423 break;	1717 } 1718 break; 1719 1720 case DLT_LTALK: 1721 switch (proto) { 1722 case ETHERTYPE_ATALK: 1723 return gen_true(); 1724 default: 1725 return gen_false(); 1726 } 1727 break;
	1728 1729 case DLT_FRELAY: 1730 /* 1731 * XXX - assumes a 2-byte Frame Relay header with 1732 * DLCI and flags. What if the address is longer? 1733 / 1734* switch (proto) { 1735 1736 case ETHERTYPE_IP: 1737 /* 1738 * Check for the special NLPID for IP. 1739 / 1740* return gen_cmp(2, BPF_H, (0x03<<8) \| 0xcc); 1741 1742#ifdef INET6 1743 case ETHERTYPE_IPV6: 1744 /* 1745 * Check for the special NLPID for IPv6. 1746 / 1747* return gen_cmp(2, BPF_H, (0x03<<8) \| 0x8e); 1748#endif 1749 1750 case LLCSAP_ISONS: 1751 /* 1752 * Check for several OSI protocols. 1753 * 1754 * Frame Relay packets typically have an OSI 1755 * NLPID at the beginning; we check for each 1756 * of them. 1757 * 1758 * What we check for is the NLPID and a frame 1759 * control field of UI, i.e. 0x03 followed 1760 * by the NLPID. 1761 / 1762* b0 = gen_cmp(2, BPF_H, (0x03<<8) \| ISO8473_CLNP); 1763 b1 = gen_cmp(2, BPF_H, (0x03<<8) \| ISO9542_ESIS); 1764 b2 = gen_cmp(2, BPF_H, (0x03<<8) \| ISO10589_ISIS); 1765 gen_or(b1, b2); 1766 gen_or(b0, b2); 1767 return b2; 1768 1769 default: 1770 return gen_false(); 1771 } 1772 break; 1773 1774 case DLT_LINUX_IRDA: 1775 bpf_error("IrDA link-layer type filtering not implemented");
1424 } 1425 1426 /* 1427 * All the types that have no encapsulation should either be 1428 * handled as DLT_SLIP, DLT_SLIP_BSDOS, and DLT_RAW are, if 1429 * all packets are IP packets, or should be handled in some 1430 * special case, if none of them are (if some are and some 1431 * aren't, the lack of encapsulation is a problem, as we'd 1432 * have to find some other way of determining the packet type). 1433 * 1434 * Therefore, if "off_linktype" is -1, there's an error. 1435 */	1776 } 1777 1778 /* 1779 * All the types that have no encapsulation should either be 1780 * handled as DLT_SLIP, DLT_SLIP_BSDOS, and DLT_RAW are, if 1781 * all packets are IP packets, or should be handled in some 1782 * special case, if none of them are (if some are and some 1783 * aren't, the lack of encapsulation is a problem, as we'd 1784 * have to find some other way of determining the packet type). 1785 * 1786 * Therefore, if "off_linktype" is -1, there's an error. 1787 */
1436 if (off_linktype == -1)	1788 if (off_linktype == (u_int)-1)
1437 abort(); 1438 1439 /* 1440 * Any type not handled above should always have an Ethernet 1441 * type at an offset of "off_linktype". (PPP is partially 1442 * handled above - the protocol type is mapped from the 1443 * Ethernet and LLC types we use internally to the corresponding 1444 * PPP type - but the PPP type is always specified by a value --- 15 unchanged lines hidden (view full) --- 1460 bpf_u_int32 orgcode; 1461 bpf_u_int32 ptype; 1462 u_int offset; 1463{ 1464 u_char snapblock[8]; 1465 1466 snapblock[0] = LLCSAP_SNAP; /* DSAP = SNAP / 1467* snapblock[1] = LLCSAP_SNAP; /* SSAP = SNAP */	1789 abort(); 1790 1791 /* 1792 * Any type not handled above should always have an Ethernet 1793 * type at an offset of "off_linktype". (PPP is partially 1794 * handled above - the protocol type is mapped from the 1795 * Ethernet and LLC types we use internally to the corresponding 1796 * PPP type - but the PPP type is always specified by a value --- 15 unchanged lines hidden (view full) --- 1812 bpf_u_int32 orgcode; 1813 bpf_u_int32 ptype; 1814 u_int offset; 1815{ 1816 u_char snapblock[8]; 1817 1818 snapblock[0] = LLCSAP_SNAP; /* DSAP = SNAP / 1819* snapblock[1] = LLCSAP_SNAP; /* SSAP = SNAP */
1468 snapblock[2] = 0x03; /* control = UI */	1820 snapblock[2] = 0x03; /* control = UI */
1469 snapblock[3] = (orgcode >> 16); /* upper 8 bits of organization code / 1470* snapblock[4] = (orgcode >> 8); /* middle 8 bits of organization code / 1471* snapblock[5] = (orgcode >> 0); /* lower 8 bits of organization code / 1472* snapblock[6] = (ptype >> 8); /* upper 8 bits of protocol type / 1473* snapblock[7] = (ptype >> 0); /* lower 8 bits of protocol type / 1474* return gen_bcmp(offset, 8, snapblock); 1475} 1476	1821 snapblock[3] = (orgcode >> 16); /* upper 8 bits of organization code / 1822* snapblock[4] = (orgcode >> 8); /* middle 8 bits of organization code / 1823* snapblock[5] = (orgcode >> 0); /* lower 8 bits of organization code / 1824* snapblock[6] = (ptype >> 8); /* upper 8 bits of protocol type / 1825* snapblock[7] = (ptype >> 0); /* lower 8 bits of protocol type / 1826* return gen_bcmp(offset, 8, snapblock); 1827} 1828
	1829/* 1830 * Check for a given protocol value assuming an 802.2 LLC header. 1831 */
1477static struct block *	1832static struct block *
	1833gen_llc(proto) 1834 int proto; 1835{ 1836 /* 1837 * XXX - handle token-ring variable-length header. 1838 / 1839* switch (proto) { 1840 1841 case LLCSAP_IP: 1842 return gen_cmp(off_linktype, BPF_H, (long) 1843 ((LLCSAP_IP << 8) \| LLCSAP_IP)); 1844 1845 case LLCSAP_ISONS: 1846 return gen_cmp(off_linktype, BPF_H, (long) 1847 ((LLCSAP_ISONS << 8) \| LLCSAP_ISONS)); 1848 1849 case LLCSAP_NETBEUI: 1850 return gen_cmp(off_linktype, BPF_H, (long) 1851 ((LLCSAP_NETBEUI << 8) \| LLCSAP_NETBEUI)); 1852 1853 case LLCSAP_IPX: 1854 /* 1855 * XXX - are there ever SNAP frames for IPX on 1856 * non-Ethernet 802.x networks? 1857 / 1858* return gen_cmp(off_linktype, BPF_B, (bpf_int32)LLCSAP_IPX); 1859 1860 case ETHERTYPE_ATALK: 1861 /* 1862 * 802.2-encapsulated ETHERTYPE_ATALK packets are 1863 * SNAP packets with an organization code of 1864 * 0x080007 (Apple, for Appletalk) and a protocol 1865 * type of ETHERTYPE_ATALK (Appletalk). 1866 * 1867 * XXX - check for an organization code of 1868 * encapsulated Ethernet as well? 1869 / 1870* return gen_snap(0x080007, ETHERTYPE_ATALK, off_linktype); 1871 1872 default: 1873 /* 1874 * XXX - we don't have to check for IPX 802.3 1875 * here, but should we check for the IPX Ethertype? 1876 / 1877* if (proto <= ETHERMTU) { 1878 /* 1879 * This is an LLC SAP value, so check 1880 * the DSAP. 1881 / 1882* return gen_cmp(off_linktype, BPF_B, (bpf_int32)proto); 1883 } else { 1884 /* 1885 * This is an Ethernet type; we assume that it's 1886 * unlikely that it'll appear in the right place 1887 * at random, and therefore check only the 1888 * location that would hold the Ethernet type 1889 * in a SNAP frame with an organization code of 1890 * 0x000000 (encapsulated Ethernet). 1891 * 1892 * XXX - if we were to check for the SNAP DSAP and 1893 * LSAP, as per XXX, and were also to check for an 1894 * organization code of 0x000000 (encapsulated 1895 * Ethernet), we'd do 1896 * 1897 * return gen_snap(0x000000, proto, 1898 * off_linktype); 1899 * 1900 * here; for now, we don't, as per the above. 1901 * I don't know whether it's worth the extra CPU 1902 * time to do the right check or not. 1903 / 1904* return gen_cmp(off_linktype+6, BPF_H, (bpf_int32)proto); 1905 } 1906 } 1907} 1908 1909static struct block *
1478gen_hostop(addr, mask, dir, proto, src_off, dst_off) 1479 bpf_u_int32 addr; 1480 bpf_u_int32 mask; 1481 int dir, proto; 1482 u_int src_off, dst_off; 1483{ 1484 struct block b0, b1; 1485 u_int offset; --- 88 unchanged lines hidden (view full) --- 1574gen_ehostop(eaddr, dir) 1575 register const u_char eaddr; 1576* register int dir; 1577{ 1578 register struct block b0, b1; 1579 1580 switch (dir) { 1581 case Q_SRC:	1910gen_hostop(addr, mask, dir, proto, src_off, dst_off) 1911 bpf_u_int32 addr; 1912 bpf_u_int32 mask; 1913 int dir, proto; 1914 u_int src_off, dst_off; 1915{ 1916 struct block b0, b1; 1917 u_int offset; --- 88 unchanged lines hidden (view full) --- 2006gen_ehostop(eaddr, dir) 2007 register const u_char eaddr; 2008* register int dir; 2009{ 2010 register struct block b0, b1; 2011 2012 switch (dir) { 2013 case Q_SRC:
1582 return gen_bcmp(6, 6, eaddr);	2014 return gen_bcmp(off_mac + 6, 6, eaddr);
1583 1584 case Q_DST:	2015 2016 case Q_DST:
1585 return gen_bcmp(0, 6, eaddr);	2017 return gen_bcmp(off_mac + 0, 6, eaddr);
1586 1587 case Q_AND: 1588 b0 = gen_ehostop(eaddr, Q_SRC); 1589 b1 = gen_ehostop(eaddr, Q_DST); 1590 gen_and(b0, b1); 1591 return b1; 1592 1593 case Q_DEFAULT: --- 79 unchanged lines hidden (view full) --- 1673 gen_or(b0, b1); 1674 return b1; 1675 } 1676 abort(); 1677 /* NOTREACHED / 1678} 1679* 1680/*	2018 2019 case Q_AND: 2020 b0 = gen_ehostop(eaddr, Q_SRC); 2021 b1 = gen_ehostop(eaddr, Q_DST); 2022 gen_and(b0, b1); 2023 return b1; 2024 2025 case Q_DEFAULT: --- 79 unchanged lines hidden (view full) --- 2105 gen_or(b0, b1); 2106 return b1; 2107 } 2108 abort(); 2109 /* NOTREACHED / 2110} 2111* 2112/*
1681 * Like gen_ehostop, but for DLT_IEEE802_11 (Wireless)	2113 * Like gen_ehostop, but for DLT_IEEE802_11 (802.11 wireless LAN)
1682 / 1683static struct block	2114 / 2115static struct block
1684gen_whostop(eaddr, dir)	2116gen_wlanhostop(eaddr, dir)
1685 register const u_char eaddr; 1686* register int dir; 1687{	2117 register const u_char eaddr; 2118* register int dir; 2119{
	2120 register struct block b0, b1, b2; 2121* register struct slist s; 2122* 2123 switch (dir) { 2124 case Q_SRC: 2125 /* 2126 * Oh, yuk. 2127 * 2128 * For control frames, there is no SA. 2129 * 2130 * For management frames, SA is at an 2131 * offset of 10 from the beginning of 2132 * the packet. 2133 * 2134 * For data frames, SA is at an offset 2135 * of 10 from the beginning of the packet 2136 * if From DS is clear, at an offset of 2137 * 16 from the beginning of the packet 2138 * if From DS is set and To DS is clear, 2139 * and an offset of 24 from the beginning 2140 * of the packet if From DS is set and To DS 2141 * is set. 2142 / 2143* 2144 /* 2145 * Generate the tests to be done for data frames 2146 * with From DS set. 2147 * 2148 * First, check for To DS set, i.e. check "link[1] & 0x01". 2149 / 2150* s = new_stmt(BPF_LD\|BPF_B\|BPF_ABS); 2151 s->s.k = 1; 2152 b1 = new_block(JMP(BPF_JSET)); 2153 b1->s.k = 0x01; /* To DS / 2154* b1->stmts = s; 2155 2156 /* 2157 * If To DS is set, the SA is at 24. 2158 / 2159* b0 = gen_bcmp(24, 6, eaddr); 2160 gen_and(b1, b0); 2161 2162 /* 2163 * Now, check for To DS not set, i.e. check 2164 * "!(link[1] & 0x01)". 2165 / 2166* s = new_stmt(BPF_LD\|BPF_B\|BPF_ABS); 2167 s->s.k = 1; 2168 b2 = new_block(JMP(BPF_JSET)); 2169 b2->s.k = 0x01; /* To DS / 2170* b2->stmts = s; 2171 gen_not(b2); 2172 2173 /* 2174 * If To DS is not set, the SA is at 16. 2175 / 2176* b1 = gen_bcmp(16, 6, eaddr); 2177 gen_and(b2, b1); 2178 2179 /* 2180 * Now OR together the last two checks. That gives 2181 * the complete set of checks for data frames with 2182 * From DS set. 2183 / 2184* gen_or(b1, b0); 2185 2186 /* 2187 * Now check for From DS being set, and AND that with 2188 * the ORed-together checks. 2189 / 2190* s = new_stmt(BPF_LD\|BPF_B\|BPF_ABS); 2191 s->s.k = 1; 2192 b1 = new_block(JMP(BPF_JSET)); 2193 b1->s.k = 0x02; /* From DS / 2194* b1->stmts = s; 2195 gen_and(b1, b0); 2196 2197 /* 2198 * Now check for data frames with From DS not set. 2199 / 2200* s = new_stmt(BPF_LD\|BPF_B\|BPF_ABS); 2201 s->s.k = 1; 2202 b2 = new_block(JMP(BPF_JSET)); 2203 b2->s.k = 0x02; /* From DS / 2204* b2->stmts = s; 2205 gen_not(b2); 2206 2207 /* 2208 * If From DS isn't set, the SA is at 10. 2209 / 2210* b1 = gen_bcmp(10, 6, eaddr); 2211 gen_and(b2, b1); 2212 2213 /* 2214 * Now OR together the checks for data frames with 2215 * From DS not set and for data frames with From DS 2216 * set; that gives the checks done for data frames. 2217 / 2218* gen_or(b1, b0); 2219 2220 /* 2221 * Now check for a data frame. 2222 * I.e, check "link[0] & 0x08". 2223 / 2224* s = new_stmt(BPF_LD\|BPF_B\|BPF_ABS); 2225 s->s.k = 0; 2226 b1 = new_block(JMP(BPF_JSET)); 2227 b1->s.k = 0x08; 2228 b1->stmts = s; 2229 2230 /* 2231 * AND that with the checks done for data frames. 2232 / 2233* gen_and(b1, b0); 2234 2235 /* 2236 * If the high-order bit of the type value is 0, this 2237 * is a management frame. 2238 * I.e, check "!(link[0] & 0x08)". 2239 / 2240* s = new_stmt(BPF_LD\|BPF_B\|BPF_ABS); 2241 s->s.k = 0; 2242 b2 = new_block(JMP(BPF_JSET)); 2243 b2->s.k = 0x08; 2244 b2->stmts = s; 2245 gen_not(b2); 2246 2247 /* 2248 * For management frames, the SA is at 10. 2249 / 2250* b1 = gen_bcmp(10, 6, eaddr); 2251 gen_and(b2, b1); 2252 2253 /* 2254 * OR that with the checks done for data frames. 2255 * That gives the checks done for management and 2256 * data frames. 2257 / 2258* gen_or(b1, b0); 2259 2260 /* 2261 * If the low-order bit of the type value is 1, 2262 * this is either a control frame or a frame 2263 * with a reserved type, and thus not a 2264 * frame with an SA. 2265 * 2266 * I.e., check "!(link[0] & 0x04)". 2267 / 2268* s = new_stmt(BPF_LD\|BPF_B\|BPF_ABS); 2269 s->s.k = 0; 2270 b1 = new_block(JMP(BPF_JSET)); 2271 b1->s.k = 0x04; 2272 b1->stmts = s; 2273 gen_not(b1); 2274 2275 /* 2276 * AND that with the checks for data and management 2277 * frames. 2278 / 2279* gen_and(b1, b0); 2280 return b0; 2281 2282 case Q_DST: 2283 /* 2284 * Oh, yuk. 2285 * 2286 * For control frames, there is no DA. 2287 * 2288 * For management frames, DA is at an 2289 * offset of 4 from the beginning of 2290 * the packet. 2291 * 2292 * For data frames, DA is at an offset 2293 * of 4 from the beginning of the packet 2294 * if To DS is clear and at an offset of 2295 * 16 from the beginning of the packet 2296 * if To DS is set. 2297 / 2298* 2299 /* 2300 * Generate the tests to be done for data frames. 2301 * 2302 * First, check for To DS set, i.e. "link[1] & 0x01". 2303 / 2304* s = new_stmt(BPF_LD\|BPF_B\|BPF_ABS); 2305 s->s.k = 1; 2306 b1 = new_block(JMP(BPF_JSET)); 2307 b1->s.k = 0x01; /* To DS / 2308* b1->stmts = s; 2309 2310 /* 2311 * If To DS is set, the DA is at 16. 2312 / 2313* b0 = gen_bcmp(16, 6, eaddr); 2314 gen_and(b1, b0); 2315 2316 /* 2317 * Now, check for To DS not set, i.e. check 2318 * "!(link[1] & 0x01)". 2319 / 2320* s = new_stmt(BPF_LD\|BPF_B\|BPF_ABS); 2321 s->s.k = 1; 2322 b2 = new_block(JMP(BPF_JSET)); 2323 b2->s.k = 0x01; /* To DS / 2324* b2->stmts = s; 2325 gen_not(b2); 2326 2327 /* 2328 * If To DS is not set, the DA is at 4. 2329 / 2330* b1 = gen_bcmp(4, 6, eaddr); 2331 gen_and(b2, b1); 2332 2333 /* 2334 * Now OR together the last two checks. That gives 2335 * the complete set of checks for data frames. 2336 / 2337* gen_or(b1, b0); 2338 2339 /* 2340 * Now check for a data frame. 2341 * I.e, check "link[0] & 0x08". 2342 / 2343* s = new_stmt(BPF_LD\|BPF_B\|BPF_ABS); 2344 s->s.k = 0; 2345 b1 = new_block(JMP(BPF_JSET)); 2346 b1->s.k = 0x08; 2347 b1->stmts = s; 2348 2349 /* 2350 * AND that with the checks done for data frames. 2351 / 2352* gen_and(b1, b0); 2353 2354 /* 2355 * If the high-order bit of the type value is 0, this 2356 * is a management frame. 2357 * I.e, check "!(link[0] & 0x08)". 2358 / 2359* s = new_stmt(BPF_LD\|BPF_B\|BPF_ABS); 2360 s->s.k = 0; 2361 b2 = new_block(JMP(BPF_JSET)); 2362 b2->s.k = 0x08; 2363 b2->stmts = s; 2364 gen_not(b2); 2365 2366 /* 2367 * For management frames, the DA is at 4. 2368 / 2369* b1 = gen_bcmp(4, 6, eaddr); 2370 gen_and(b2, b1); 2371 2372 /* 2373 * OR that with the checks done for data frames. 2374 * That gives the checks done for management and 2375 * data frames. 2376 / 2377* gen_or(b1, b0); 2378 2379 /* 2380 * If the low-order bit of the type value is 1, 2381 * this is either a control frame or a frame 2382 * with a reserved type, and thus not a 2383 * frame with an SA. 2384 * 2385 * I.e., check "!(link[0] & 0x04)". 2386 / 2387* s = new_stmt(BPF_LD\|BPF_B\|BPF_ABS); 2388 s->s.k = 0; 2389 b1 = new_block(JMP(BPF_JSET)); 2390 b1->s.k = 0x04; 2391 b1->stmts = s; 2392 gen_not(b1); 2393 2394 /* 2395 * AND that with the checks for data and management 2396 * frames. 2397 / 2398* gen_and(b1, b0); 2399 return b0; 2400 2401 case Q_AND: 2402 b0 = gen_wlanhostop(eaddr, Q_SRC); 2403 b1 = gen_wlanhostop(eaddr, Q_DST); 2404 gen_and(b0, b1); 2405 return b1; 2406 2407 case Q_DEFAULT: 2408 case Q_OR: 2409 b0 = gen_wlanhostop(eaddr, Q_SRC); 2410 b1 = gen_wlanhostop(eaddr, Q_DST); 2411 gen_or(b0, b1); 2412 return b1; 2413 } 2414 abort(); 2415 /* NOTREACHED / 2416} 2417* 2418/* 2419 * Like gen_ehostop, but for RFC 2625 IP-over-Fibre-Channel. 2420 * (We assume that the addresses are IEEE 48-bit MAC addresses, 2421 * as the RFC states.) 2422 / 2423static struct block 2424gen_ipfchostop(eaddr, dir) 2425 register const u_char eaddr; 2426* register int dir; 2427{
1688 register struct block b0, b1; 1689 1690 switch (dir) { 1691 case Q_SRC: 1692 return gen_bcmp(10, 6, eaddr); 1693 1694 case Q_DST:	2428 register struct block b0, b1; 2429 2430 switch (dir) { 2431 case Q_SRC: 2432 return gen_bcmp(10, 6, eaddr); 2433 2434 case Q_DST:
1695 return gen_bcmp(4, 6, eaddr);	2435 return gen_bcmp(2, 6, eaddr);
1696 1697 case Q_AND:	2436 2437 case Q_AND:
1698 b0 = gen_whostop(eaddr, Q_SRC); 1699 b1 = gen_whostop(eaddr, Q_DST);	2438 b0 = gen_ipfchostop(eaddr, Q_SRC); 2439 b1 = gen_ipfchostop(eaddr, Q_DST);
1700 gen_and(b0, b1); 1701 return b1; 1702 1703 case Q_DEFAULT: 1704 case Q_OR:	2440 gen_and(b0, b1); 2441 return b1; 2442 2443 case Q_DEFAULT: 2444 case Q_OR:
1705 b0 = gen_whostop(eaddr, Q_SRC); 1706 b1 = gen_whostop(eaddr, Q_DST);	2445 b0 = gen_ipfchostop(eaddr, Q_SRC); 2446 b1 = gen_ipfchostop(eaddr, Q_DST);
1707 gen_or(b0, b1); 1708 return b1; 1709 } 1710 abort(); 1711 /* NOTREACHED / 1712} 1713* 1714/* --- 48 unchanged lines hidden (view full) --- 1763 /* Inefficient because we do our Calvinball dance twice / 1764* b0 = gen_dnhostop(addr, Q_SRC, base_off); 1765 b1 = gen_dnhostop(addr, Q_DST, base_off); 1766 gen_or(b0, b1); 1767 return b1; 1768 1769 case Q_ISO: 1770 bpf_error("ISO host filtering not implemented");	2447 gen_or(b0, b1); 2448 return b1; 2449 } 2450 abort(); 2451 /* NOTREACHED / 2452} 2453* 2454/* --- 48 unchanged lines hidden (view full) --- 2503 /* Inefficient because we do our Calvinball dance twice / 2504* b0 = gen_dnhostop(addr, Q_SRC, base_off); 2505 b1 = gen_dnhostop(addr, Q_DST, base_off); 2506 gen_or(b0, b1); 2507 return b1; 2508 2509 case Q_ISO: 2510 bpf_error("ISO host filtering not implemented");
1771	2511
1772 default: 1773 abort(); 1774 } 1775 b0 = gen_linktype(ETHERTYPE_DN); 1776 /* Check for pad = 1, long header case / 1777* tmp = gen_mcmp(base_off + 2, BPF_H, 1778 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF)); 1779 b1 = gen_cmp(base_off + 2 + 1 + offset_lh, --- 30 unchanged lines hidden (view full) --- 1810 int dir; 1811{ 1812 struct block b0, b1; 1813 1814 switch (proto) { 1815 1816 case Q_DEFAULT: 1817 b0 = gen_host(addr, mask, Q_IP, dir);	2512 default: 2513 abort(); 2514 } 2515 b0 = gen_linktype(ETHERTYPE_DN); 2516 /* Check for pad = 1, long header case / 2517* tmp = gen_mcmp(base_off + 2, BPF_H, 2518 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF)); 2519 b1 = gen_cmp(base_off + 2 + 1 + offset_lh, --- 30 unchanged lines hidden (view full) --- 2550 int dir; 2551{ 2552 struct block b0, b1; 2553 2554 switch (proto) { 2555 2556 case Q_DEFAULT: 2557 b0 = gen_host(addr, mask, Q_IP, dir);
1818 if (off_linktype != -1) {	2558 if (off_linktype != (u_int)-1) {
1819 b1 = gen_host(addr, mask, Q_ARP, dir); 1820 gen_or(b0, b1); 1821 b0 = gen_host(addr, mask, Q_RARP, dir); 1822 gen_or(b1, b0); 1823 } 1824 return b0; 1825 1826 case Q_IP: --- 222 unchanged lines hidden (view full) --- 2049 case Q_RARP: 2050 if (linktype == DLT_EN10MB) 2051 b0 = gen_ehostop(eaddr, Q_OR); 2052 else if (linktype == DLT_FDDI) 2053 b0 = gen_fhostop(eaddr, Q_OR); 2054 else if (linktype == DLT_IEEE802) 2055 b0 = gen_thostop(eaddr, Q_OR); 2056 else if (linktype == DLT_IEEE802_11)	2559 b1 = gen_host(addr, mask, Q_ARP, dir); 2560 gen_or(b0, b1); 2561 b0 = gen_host(addr, mask, Q_RARP, dir); 2562 gen_or(b1, b0); 2563 } 2564 return b0; 2565 2566 case Q_IP: --- 222 unchanged lines hidden (view full) --- 2789 case Q_RARP: 2790 if (linktype == DLT_EN10MB) 2791 b0 = gen_ehostop(eaddr, Q_OR); 2792 else if (linktype == DLT_FDDI) 2793 b0 = gen_fhostop(eaddr, Q_OR); 2794 else if (linktype == DLT_IEEE802) 2795 b0 = gen_thostop(eaddr, Q_OR); 2796 else if (linktype == DLT_IEEE802_11)
2057 b0 = gen_whostop(eaddr, Q_OR);	2797 b0 = gen_wlanhostop(eaddr, Q_OR); 2798 else if (linktype == DLT_SUNATM && is_lane) { 2799 /* 2800 * Check that the packet doesn't begin with an 2801 * LE Control marker. (We've already generated 2802 * a test for LANE.) 2803 / 2804* b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00); 2805 gen_not(b1); 2806 2807 /* 2808 * Now check the MAC address. 2809 / 2810* b0 = gen_ehostop(eaddr, Q_OR); 2811 gen_and(b1, b0); 2812 } else if (linktype == DLT_IP_OVER_FC) 2813 b0 = gen_ipfchostop(eaddr, Q_OR);
2058 else 2059 bpf_error(	2814 else 2815 bpf_error(
2060 "'gateway' supported only on ethernet, FDDI or token ring");	2816 "'gateway' supported only on ethernet/FDDI/token ring/802.11/Fibre Channel");
2061 2062 b1 = gen_host(*alist++, 0xffffffff, proto, Q_OR); 2063* while (alist) { 2064* tmp = gen_host(*alist++, 0xffffffff, proto, Q_OR); 2065* gen_or(b1, tmp); 2066 b1 = tmp; 2067 } 2068 gen_not(b1); --- 4 unchanged lines hidden (view full) --- 2073 /* NOTREACHED / 2074} 2075#endif 2076* 2077struct block * 2078gen_proto_abbrev(proto) 2079 int proto; 2080{	2817 2818 b1 = gen_host(*alist++, 0xffffffff, proto, Q_OR); 2819* while (alist) { 2820* tmp = gen_host(*alist++, 0xffffffff, proto, Q_OR); 2821* gen_or(b1, tmp); 2822 b1 = tmp; 2823 } 2824 gen_not(b1); --- 4 unchanged lines hidden (view full) --- 2829 /* NOTREACHED / 2830} 2831#endif 2832* 2833struct block * 2834gen_proto_abbrev(proto) 2835 int proto; 2836{
2081#ifdef INET6
2082 struct block *b0;	2837 struct block *b0;
2083#endif
2084 struct block b1; 2085* 2086 switch (proto) { 2087 2088 case Q_SCTP: 2089 b1 = gen_proto(IPPROTO_SCTP, Q_IP, Q_DEFAULT); 2090#ifdef INET6 2091 b0 = gen_proto(IPPROTO_SCTP, Q_IPV6, Q_DEFAULT); --- 141 unchanged lines hidden (view full) --- 2233 case Q_ESIS: 2234 b1 = gen_proto(ISO9542_ESIS, Q_ISO, Q_DEFAULT); 2235 break; 2236 2237 case Q_ISIS: 2238 b1 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT); 2239 break; 2240	2838 struct block b1; 2839* 2840 switch (proto) { 2841 2842 case Q_SCTP: 2843 b1 = gen_proto(IPPROTO_SCTP, Q_IP, Q_DEFAULT); 2844#ifdef INET6 2845 b0 = gen_proto(IPPROTO_SCTP, Q_IPV6, Q_DEFAULT); --- 141 unchanged lines hidden (view full) --- 2987 case Q_ESIS: 2988 b1 = gen_proto(ISO9542_ESIS, Q_ISO, Q_DEFAULT); 2989 break; 2990 2991 case Q_ISIS: 2992 b1 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT); 2993 break; 2994
	2995 case Q_ISIS_L1: /* all IS-IS Level1 PDU-Types / 2996* b0 = gen_proto(ISIS_L1_LAN_IIH, Q_ISIS, Q_DEFAULT); 2997 b1 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT); /* FIXME extract the circuit-type bits / 2998* gen_or(b0, b1); 2999 b0 = gen_proto(ISIS_L1_LSP, Q_ISIS, Q_DEFAULT); 3000 gen_or(b0, b1); 3001 b0 = gen_proto(ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT); 3002 gen_or(b0, b1); 3003 b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT); 3004 gen_or(b0, b1); 3005 break; 3006 3007 case Q_ISIS_L2: /* all IS-IS Level2 PDU-Types / 3008* b0 = gen_proto(ISIS_L2_LAN_IIH, Q_ISIS, Q_DEFAULT); 3009 b1 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT); /* FIXME extract the circuit-type bits / 3010* gen_or(b0, b1); 3011 b0 = gen_proto(ISIS_L2_LSP, Q_ISIS, Q_DEFAULT); 3012 gen_or(b0, b1); 3013 b0 = gen_proto(ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT); 3014 gen_or(b0, b1); 3015 b0 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT); 3016 gen_or(b0, b1); 3017 break; 3018 3019 case Q_ISIS_IIH: /* all IS-IS Hello PDU-Types / 3020* b0 = gen_proto(ISIS_L1_LAN_IIH, Q_ISIS, Q_DEFAULT); 3021 b1 = gen_proto(ISIS_L2_LAN_IIH, Q_ISIS, Q_DEFAULT); 3022 gen_or(b0, b1); 3023 b0 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT); 3024 gen_or(b0, b1); 3025 break; 3026 3027 case Q_ISIS_LSP: 3028 b0 = gen_proto(ISIS_L1_LSP, Q_ISIS, Q_DEFAULT); 3029 b1 = gen_proto(ISIS_L2_LSP, Q_ISIS, Q_DEFAULT); 3030 gen_or(b0, b1); 3031 break; 3032 3033 case Q_ISIS_SNP: 3034 b0 = gen_proto(ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT); 3035 b1 = gen_proto(ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT); 3036 gen_or(b0, b1); 3037 b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT); 3038 gen_or(b0, b1); 3039 b0 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT); 3040 gen_or(b0, b1); 3041 break; 3042 3043 case Q_ISIS_CSNP: 3044 b0 = gen_proto(ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT); 3045 b1 = gen_proto(ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT); 3046 gen_or(b0, b1); 3047 break; 3048 3049 case Q_ISIS_PSNP: 3050 b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT); 3051 b1 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT); 3052 gen_or(b0, b1); 3053 break; 3054
2241 case Q_CLNP: 2242 b1 = gen_proto(ISO8473_CLNP, Q_ISO, Q_DEFAULT); 2243 break; 2244 2245 case Q_STP: 2246 b1 = gen_linktype(LLCSAP_8021D); 2247 break; 2248 --- 103 unchanged lines hidden (view full) --- 2352static struct block * 2353gen_port(port, ip_proto, dir) 2354 int port; 2355 int ip_proto; 2356 int dir; 2357{ 2358 struct block b0, b1, tmp; 2359*	3055 case Q_CLNP: 3056 b1 = gen_proto(ISO8473_CLNP, Q_ISO, Q_DEFAULT); 3057 break; 3058 3059 case Q_STP: 3060 b1 = gen_linktype(LLCSAP_8021D); 3061 break; 3062 --- 103 unchanged lines hidden (view full) --- 3166static struct block * 3167gen_port(port, ip_proto, dir) 3168 int port; 3169 int ip_proto; 3170 int dir; 3171{ 3172 struct block b0, b1, tmp; 3173*
2360 /* ether proto ip */	3174 /* 3175 * ether proto ip 3176 * 3177 * For FDDI, RFC 1188 says that SNAP encapsulation is used, 3178 * not LLC encapsulation with LLCSAP_IP. 3179 * 3180 * For IEEE 802 networks - which includes 802.5 token ring 3181 * (which is what DLT_IEEE802 means) and 802.11 - RFC 1042 3182 * says that SNAP encapsulation is used, not LLC encapsulation 3183 * with LLCSAP_IP. 3184 * 3185 * For LLC-encapsulated ATM/"Classical IP", RFC 1483 and 3186 * RFC 2225 say that SNAP encapsulation is used, not LLC 3187 * encapsulation with LLCSAP_IP. 3188 * 3189 * So we always check for ETHERTYPE_IP. 3190 */
2361 b0 = gen_linktype(ETHERTYPE_IP); 2362 2363 switch (ip_proto) { 2364 case IPPROTO_UDP: 2365 case IPPROTO_TCP: 2366 case IPPROTO_SCTP: 2367 b1 = gen_portop(port, ip_proto, dir); 2368 break; --- 448 unchanged lines hidden (view full) --- 2817 b0 = gen_proto(v, Q_IP, dir); 2818 b1 = gen_proto(v, Q_IPV6, dir); 2819 gen_or(b0, b1); 2820 return b1; 2821#else 2822 /FALLTHROUGH/ 2823#endif 2824 case Q_IP:	3191 b0 = gen_linktype(ETHERTYPE_IP); 3192 3193 switch (ip_proto) { 3194 case IPPROTO_UDP: 3195 case IPPROTO_TCP: 3196 case IPPROTO_SCTP: 3197 b1 = gen_portop(port, ip_proto, dir); 3198 break; --- 448 unchanged lines hidden (view full) --- 3647 b0 = gen_proto(v, Q_IP, dir); 3648 b1 = gen_proto(v, Q_IPV6, dir); 3649 gen_or(b0, b1); 3650 return b1; 3651#else 3652 /FALLTHROUGH/ 3653#endif 3654 case Q_IP:
	3655 /* 3656 * For FDDI, RFC 1188 says that SNAP encapsulation is used, 3657 * not LLC encapsulation with LLCSAP_IP. 3658 * 3659 * For IEEE 802 networks - which includes 802.5 token ring 3660 * (which is what DLT_IEEE802 means) and 802.11 - RFC 1042 3661 * says that SNAP encapsulation is used, not LLC encapsulation 3662 * with LLCSAP_IP. 3663 * 3664 * For LLC-encapsulated ATM/"Classical IP", RFC 1483 and 3665 * RFC 2225 say that SNAP encapsulation is used, not LLC 3666 * encapsulation with LLCSAP_IP. 3667 * 3668 * So we always check for ETHERTYPE_IP. 3669 */
2825 b0 = gen_linktype(ETHERTYPE_IP); 2826#ifndef CHASE_CHAIN 2827 b1 = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)v); 2828#else 2829 b1 = gen_protochain(v, Q_IP); 2830#endif 2831 gen_and(b0, b1); 2832 return b1; 2833 2834 case Q_ISO:	3670 b0 = gen_linktype(ETHERTYPE_IP); 3671#ifndef CHASE_CHAIN 3672 b1 = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)v); 3673#else 3674 b1 = gen_protochain(v, Q_IP); 3675#endif 3676 gen_and(b0, b1); 3677 return b1; 3678 3679 case Q_ISO:
2835 b0 = gen_linktype(LLCSAP_ISONS); 2836 b1 = gen_cmp(off_nl + 3, BPF_B, (long)v);	3680 switch (linktype) { 3681 3682 case DLT_FRELAY: 3683 /* 3684 * Frame Relay packets typically have an OSI 3685 * NLPID at the beginning; "gen_linktype(LLCSAP_ISONS)" 3686 * generates code to check for all the OSI 3687 * NLPIDs, so calling it and then adding a check 3688 * for the particular NLPID for which we're 3689 * looking is bogus, as we can just check for 3690 * the NLPID. 3691 * 3692 * What we check for is the NLPID and a frame 3693 * control field value of UI, i.e. 0x03 followed 3694 * by the NLPID. 3695 * 3696 * XXX - assumes a 2-byte Frame Relay header with 3697 * DLCI and flags. What if the address is longer? 3698 * 3699 * XXX - what about SNAP-encapsulated frames? 3700 / 3701* return gen_cmp(2, BPF_H, (0x03<<8) \| v); 3702 break; 3703 3704 case DLT_C_HDLC: 3705 /* 3706 * Cisco uses an Ethertype lookalike - for OSI, 3707 * it's 0xfefe. 3708 / 3709* b0 = gen_linktype(LLCSAP_ISONS<<8 \| LLCSAP_ISONS); 3710 /* OSI in C-HDLC is stuffed with a fudge byte / 3711* b1 = gen_cmp(off_nl_nosnap+1, BPF_B, (long)v); 3712 gen_and(b0, b1); 3713 return b1; 3714 3715 default: 3716 b0 = gen_linktype(LLCSAP_ISONS); 3717 b1 = gen_cmp(off_nl_nosnap, BPF_B, (long)v); 3718 gen_and(b0, b1); 3719 return b1; 3720 } 3721 3722 case Q_ISIS: 3723 b0 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT); 3724 /* 3725 * 4 is the offset of the PDU type relative to the IS-IS 3726 * header. 3727 / 3728* b1 = gen_cmp(off_nl_nosnap+4, BPF_B, (long)v);
2837 gen_and(b0, b1); 2838 return b1; 2839 2840 case Q_ARP: 2841 bpf_error("arp does not encapsulate another protocol"); 2842 /* NOTREACHED / 2843* 2844 case Q_RARP: --- 163 unchanged lines hidden (view full) --- 3008 b = gen_thostop(eaddr, dir); 3009 free(eaddr); 3010 return b; 3011 3012 case DLT_IEEE802_11: 3013 eaddr = pcap_ether_hostton(name); 3014 if (eaddr == NULL) 3015 bpf_error(	3729 gen_and(b0, b1); 3730 return b1; 3731 3732 case Q_ARP: 3733 bpf_error("arp does not encapsulate another protocol"); 3734 /* NOTREACHED / 3735* 3736 case Q_RARP: --- 163 unchanged lines hidden (view full) --- 3900 b = gen_thostop(eaddr, dir); 3901 free(eaddr); 3902 return b; 3903 3904 case DLT_IEEE802_11: 3905 eaddr = pcap_ether_hostton(name); 3906 if (eaddr == NULL) 3907 bpf_error(
3016 "unknown ether host '%s'", name); 3017 b = gen_whostop(eaddr, dir);	3908 "unknown 802.11 host '%s'", name); 3909 b = gen_wlanhostop(eaddr, dir);
3018 free(eaddr); 3019 return b; 3020	3910 free(eaddr); 3911 return b; 3912
3021 default: 3022 bpf_error( 3023 "only ethernet/FDDI/token ring supports link-level host name"); 3024 break;	3913 case DLT_IP_OVER_FC: 3914 eaddr = pcap_ether_hostton(name); 3915 if (eaddr == NULL) 3916 bpf_error( 3917 "unknown Fibre Channel host '%s'", name); 3918 b = gen_ipfchostop(eaddr, dir); 3919 free(eaddr); 3920 return b; 3921 3922 case DLT_SUNATM: 3923 if (!is_lane) 3924 break; 3925 3926 /* 3927 * Check that the packet doesn't begin 3928 * with an LE Control marker. (We've 3929 * already generated a test for LANE.) 3930 / 3931* tmp = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 3932 0xFF00); 3933 gen_not(tmp); 3934 3935 eaddr = pcap_ether_hostton(name); 3936 if (eaddr == NULL) 3937 bpf_error( 3938 "unknown ether host '%s'", name); 3939 b = gen_ehostop(eaddr, dir); 3940 gen_and(tmp, b); 3941 free(eaddr); 3942 return b;
3025 }	3943 }
	3944 3945 bpf_error("only ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel supports link-level host name");
3026 } else if (proto == Q_DECNET) { 3027 unsigned short dn_addr = __pcap_nametodnaddr(name); 3028 /* 3029 * I don't think DECNET hosts can be multihomed, so 3030 * there is no need to build up a list of addresses 3031 / 3032* return (gen_host(dn_addr, 0, proto, dir)); 3033 } else { 3034#ifndef INET6 3035 alist = pcap_nametoaddr(name); 3036 if (alist == NULL \|\| alist == NULL) 3037* bpf_error("unknown host '%s'", name); 3038 tproto = proto;	3946 } else if (proto == Q_DECNET) { 3947 unsigned short dn_addr = __pcap_nametodnaddr(name); 3948 /* 3949 * I don't think DECNET hosts can be multihomed, so 3950 * there is no need to build up a list of addresses 3951 / 3952* return (gen_host(dn_addr, 0, proto, dir)); 3953 } else { 3954#ifndef INET6 3955 alist = pcap_nametoaddr(name); 3956 if (alist == NULL \|\| alist == NULL) 3957* bpf_error("unknown host '%s'", name); 3958 tproto = proto;
3039 if (off_linktype == -1 && tproto == Q_DEFAULT)	3959 if (off_linktype == (u_int)-1 && tproto == Q_DEFAULT)
3040 tproto = Q_IP; 3041 b = gen_host(*alist++, 0xffffffff, tproto, dir); 3042* while (alist) { 3043* tmp = gen_host(*alist++, 0xffffffff, 3044* tproto, dir); 3045 gen_or(b, tmp); 3046 b = tmp; 3047 } --- 319 unchanged lines hidden (view full) --- 3367} 3368#endif /INET6/ 3369 3370struct block * 3371gen_ecode(eaddr, q) 3372 register const u_char eaddr; 3373* struct qual q; 3374{	3960 tproto = Q_IP; 3961 b = gen_host(*alist++, 0xffffffff, tproto, dir); 3962* while (alist) { 3963* tmp = gen_host(*alist++, 0xffffffff, 3964* tproto, dir); 3965 gen_or(b, tmp); 3966 b = tmp; 3967 } --- 319 unchanged lines hidden (view full) --- 4287} 4288#endif /INET6/ 4289 4290struct block * 4291gen_ecode(eaddr, q) 4292 register const u_char eaddr; 4293* struct qual q; 4294{
	4295 struct block b, tmp; 4296
3375 if ((q.addr == Q_HOST \|\| q.addr == Q_DEFAULT) && q.proto == Q_LINK) { 3376 if (linktype == DLT_EN10MB) 3377 return gen_ehostop(eaddr, (int)q.dir); 3378 if (linktype == DLT_FDDI) 3379 return gen_fhostop(eaddr, (int)q.dir); 3380 if (linktype == DLT_IEEE802) 3381 return gen_thostop(eaddr, (int)q.dir); 3382 if (linktype == DLT_IEEE802_11)	4297 if ((q.addr == Q_HOST \|\| q.addr == Q_DEFAULT) && q.proto == Q_LINK) { 4298 if (linktype == DLT_EN10MB) 4299 return gen_ehostop(eaddr, (int)q.dir); 4300 if (linktype == DLT_FDDI) 4301 return gen_fhostop(eaddr, (int)q.dir); 4302 if (linktype == DLT_IEEE802) 4303 return gen_thostop(eaddr, (int)q.dir); 4304 if (linktype == DLT_IEEE802_11)
3383 return gen_whostop(eaddr, (int)q.dir); 3384 bpf_error("ethernet addresses supported only on ethernet, FDDI or token ring");	4305 return gen_wlanhostop(eaddr, (int)q.dir); 4306 if (linktype == DLT_SUNATM && is_lane) { 4307 /* 4308 * Check that the packet doesn't begin with an 4309 * LE Control marker. (We've already generated 4310 * a test for LANE.) 4311 / 4312* tmp = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00); 4313 gen_not(tmp); 4314 4315 /* 4316 * Now check the MAC address. 4317 / 4318* b = gen_ehostop(eaddr, (int)q.dir); 4319 gen_and(tmp, b); 4320 return b; 4321 } 4322 if (linktype == DLT_IP_OVER_FC) 4323 return gen_ipfchostop(eaddr, (int)q.dir); 4324 bpf_error("ethernet addresses supported only on ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel");
3385 } 3386 bpf_error("ethernet address used in non-ether expression"); 3387 /* NOTREACHED / 3388} 3389* 3390void 3391sappend(s0, s1) 3392 struct slist s0, s1; --- 57 unchanged lines hidden (view full) --- 3450 size = BPF_W; 3451 break; 3452 } 3453 switch (proto) { 3454 default: 3455 bpf_error("unsupported index operation"); 3456 3457 case Q_LINK:	4325 } 4326 bpf_error("ethernet address used in non-ether expression"); 4327 /* NOTREACHED / 4328} 4329* 4330void 4331sappend(s0, s1) 4332 struct slist s0, s1; --- 57 unchanged lines hidden (view full) --- 4390 size = BPF_W; 4391 break; 4392 } 4393 switch (proto) { 4394 default: 4395 bpf_error("unsupported index operation"); 4396 4397 case Q_LINK:
	4398 /* 4399 * XXX - what about ATM LANE? Should the index be 4400 * relative to the beginning of the AAL5 frame, so 4401 * that 0 refers to the beginning of the LE Control 4402 * field, or relative to the beginning of the LAN 4403 * frame, so that 0 refers, for Ethernet LANE, to 4404 * the beginning of the destination address? 4405 */
3458 s = xfer_to_x(index); 3459 tmp = new_stmt(BPF_LD\|BPF_IND\|size); 3460 sappend(s, tmp); 3461 sappend(index->s, s); 3462 break; 3463 3464 case Q_IP: 3465 case Q_ARP: --- 65 unchanged lines hidden (view full) --- 3531 struct arth a0, a1; 3532 int reversed; 3533{ 3534 struct slist s0, s1, s2; 3535* struct block b, tmp; 3536 3537 s0 = xfer_to_x(a1); 3538 s1 = xfer_to_a(a0);	4406 s = xfer_to_x(index); 4407 tmp = new_stmt(BPF_LD\|BPF_IND\|size); 4408 sappend(s, tmp); 4409 sappend(index->s, s); 4410 break; 4411 4412 case Q_IP: 4413 case Q_ARP: --- 65 unchanged lines hidden (view full) --- 4479 struct arth a0, a1; 4480 int reversed; 4481{ 4482 struct slist s0, s1, s2; 4483* struct block b, tmp; 4484 4485 s0 = xfer_to_x(a1); 4486 s1 = xfer_to_a(a0);
3539 s2 = new_stmt(BPF_ALU\|BPF_SUB\|BPF_X); 3540 b = new_block(JMP(code)); 3541 if (code == BPF_JGT \|\| code == BPF_JGE) { 3542 reversed = !reversed; 3543 b->s.k = 0x80000000;	4487 if (code == BPF_JEQ) { 4488 s2 = new_stmt(BPF_ALU\|BPF_SUB\|BPF_X); 4489 b = new_block(JMP(code)); 4490 sappend(s1, s2);
3544 }	4491 }
	4492 else 4493 b = new_block(BPF_JMP\|code\|BPF_X);
3545 if (reversed) 3546 gen_not(b); 3547	4494 if (reversed) 4495 gen_not(b); 4496
3548 sappend(s1, s2);
3549 sappend(s0, s1); 3550 sappend(a1->s, s0); 3551 sappend(a0->s, a1->s); 3552 3553 b->stmts = a0->s; 3554 3555 free_reg(a0->regno); 3556 free_reg(a1->regno); --- 81 unchanged lines hidden (view full) --- 3638 s1 = xfer_to_a(a0); 3639 s2 = new_stmt(BPF_ALU\|BPF_X\|code); 3640 3641 sappend(s1, s2); 3642 sappend(s0, s1); 3643 sappend(a1->s, s0); 3644 sappend(a0->s, a1->s); 3645	4497 sappend(s0, s1); 4498 sappend(a1->s, s0); 4499 sappend(a0->s, a1->s); 4500 4501 b->stmts = a0->s; 4502 4503 free_reg(a0->regno); 4504 free_reg(a1->regno); --- 81 unchanged lines hidden (view full) --- 4586 s1 = xfer_to_a(a0); 4587 s2 = new_stmt(BPF_ALU\|BPF_X\|code); 4588 4589 sappend(s1, s2); 4590 sappend(s0, s1); 4591 sappend(a1->s, s0); 4592 sappend(a0->s, a1->s); 4593
	4594 free_reg(a0->regno);
3646 free_reg(a1->regno); 3647 3648 s0 = new_stmt(BPF_ST); 3649 a0->regno = s0->s.k = alloc_reg(); 3650 sappend(a0->s, s0); 3651 3652 return a0; 3653} --- 123 unchanged lines hidden (view full) --- 3777 bpf_u_int32 hostmask; 3778 struct block b0, b1, b2; 3779* static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 3780 3781 switch (proto) { 3782 3783 case Q_DEFAULT: 3784 case Q_LINK:	4595 free_reg(a1->regno); 4596 4597 s0 = new_stmt(BPF_ST); 4598 a0->regno = s0->s.k = alloc_reg(); 4599 sappend(a0->s, s0); 4600 4601 return a0; 4602} --- 123 unchanged lines hidden (view full) --- 4726 bpf_u_int32 hostmask; 4727 struct block b0, b1, b2; 4728* static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 4729 4730 switch (proto) { 4731 4732 case Q_DEFAULT: 4733 case Q_LINK:
3785 if (linktype == DLT_ARCNET)	4734 if (linktype == DLT_ARCNET \|\| linktype == DLT_ARCNET_LINUX)
3786 return gen_ahostop(abroadcast, Q_DST); 3787 if (linktype == DLT_EN10MB) 3788 return gen_ehostop(ebroadcast, Q_DST); 3789 if (linktype == DLT_FDDI) 3790 return gen_fhostop(ebroadcast, Q_DST); 3791 if (linktype == DLT_IEEE802) 3792 return gen_thostop(ebroadcast, Q_DST); 3793 if (linktype == DLT_IEEE802_11)	4735 return gen_ahostop(abroadcast, Q_DST); 4736 if (linktype == DLT_EN10MB) 4737 return gen_ehostop(ebroadcast, Q_DST); 4738 if (linktype == DLT_FDDI) 4739 return gen_fhostop(ebroadcast, Q_DST); 4740 if (linktype == DLT_IEEE802) 4741 return gen_thostop(ebroadcast, Q_DST); 4742 if (linktype == DLT_IEEE802_11)
3794 return gen_whostop(ebroadcast, Q_DST);	4743 return gen_wlanhostop(ebroadcast, Q_DST); 4744 if (linktype == DLT_IP_OVER_FC) 4745 return gen_ipfchostop(ebroadcast, Q_DST); 4746 if (linktype == DLT_SUNATM && is_lane) { 4747 /* 4748 * Check that the packet doesn't begin with an 4749 * LE Control marker. (We've already generated 4750 * a test for LANE.) 4751 / 4752* b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00); 4753 gen_not(b1); 4754 4755 /* 4756 * Now check the MAC address. 4757 / 4758* b0 = gen_ehostop(ebroadcast, Q_DST); 4759 gen_and(b1, b0); 4760 return b0; 4761 }
3795 bpf_error("not a broadcast link"); 3796 break; 3797 3798 case Q_IP: 3799 b0 = gen_linktype(ETHERTYPE_IP); 3800 hostmask = ~netmask; 3801 b1 = gen_mcmp(off_nl + 16, BPF_W, (bpf_int32)0, hostmask); 3802 b2 = gen_mcmp(off_nl + 16, BPF_W, 3803 (bpf_int32)(~0 & hostmask), hostmask); 3804 gen_or(b1, b2); 3805 gen_and(b0, b2); 3806 return b2; 3807 }	4762 bpf_error("not a broadcast link"); 4763 break; 4764 4765 case Q_IP: 4766 b0 = gen_linktype(ETHERTYPE_IP); 4767 hostmask = ~netmask; 4768 b1 = gen_mcmp(off_nl + 16, BPF_W, (bpf_int32)0, hostmask); 4769 b2 = gen_mcmp(off_nl + 16, BPF_W, 4770 (bpf_int32)(~0 & hostmask), hostmask); 4771 gen_or(b1, b2); 4772 gen_and(b0, b2); 4773 return b2; 4774 }
3808 bpf_error("only ether/ip broadcast filters supported");	4775 bpf_error("only link-layer/IP broadcast filters supported");
3809} 3810	4776} 4777
	4778/* 4779 * Generate code to test the low-order bit of a MAC address (that's 4780 * the bottom bit of the first byte). 4781 / 4782static struct block 4783gen_mac_multicast(offset) 4784 int offset; 4785{ 4786 register struct block b0; 4787* register struct slist s; 4788* 4789 /* link[offset] & 1 != 0 / 4790* s = new_stmt(BPF_LD\|BPF_B\|BPF_ABS); 4791 s->s.k = offset; 4792 b0 = new_block(JMP(BPF_JSET)); 4793 b0->s.k = 1; 4794 b0->stmts = s; 4795 return b0; 4796} 4797
3811struct block * 3812gen_multicast(proto) 3813 int proto; 3814{	4798struct block * 4799gen_multicast(proto) 4800 int proto; 4801{
3815 register struct block b0, b1;	4802 register struct block b0, b1, *b2;
3816 register struct slist s; 3817* 3818 switch (proto) { 3819 3820 case Q_DEFAULT: 3821 case Q_LINK:	4803 register struct slist s; 4804* 4805 switch (proto) { 4806 4807 case Q_DEFAULT: 4808 case Q_LINK:
3822 if (linktype == DLT_ARCNET)	4809 if (linktype == DLT_ARCNET \|\| linktype == DLT_ARCNET_LINUX)
3823 /* all ARCnet multicasts use the same address / 3824* return gen_ahostop(abroadcast, Q_DST); 3825 3826 if (linktype == DLT_EN10MB) { 3827 /* ether[0] & 1 != 0 */	4810 /* all ARCnet multicasts use the same address / 4811* return gen_ahostop(abroadcast, Q_DST); 4812 4813 if (linktype == DLT_EN10MB) { 4814 /* ether[0] & 1 != 0 */
3828 s = new_stmt(BPF_LD\|BPF_B\|BPF_ABS); 3829 s->s.k = 0; 3830 b0 = new_block(JMP(BPF_JSET)); 3831 b0->s.k = 1; 3832 b0->stmts = s; 3833 return b0;	4815 return gen_mac_multicast(0);
3834 } 3835 3836 if (linktype == DLT_FDDI) {	4816 } 4817 4818 if (linktype == DLT_FDDI) {
3837 /* XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX */	4819 /* 4820 * XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX 4821 * 4822 * XXX - was that referring to bit-order issues? 4823 */
3838 /* fddi[1] & 1 != 0 */	4824 /* fddi[1] & 1 != 0 */
	4825 return gen_mac_multicast(1); 4826 } 4827 4828 if (linktype == DLT_IEEE802) { 4829 /* tr[2] & 1 != 0 / 4830* return gen_mac_multicast(2); 4831 } 4832 4833 if (linktype == DLT_IEEE802_11) { 4834 /* 4835 * Oh, yuk. 4836 * 4837 * For control frames, there is no DA. 4838 * 4839 * For management frames, DA is at an 4840 * offset of 4 from the beginning of 4841 * the packet. 4842 * 4843 * For data frames, DA is at an offset 4844 * of 4 from the beginning of the packet 4845 * if To DS is clear and at an offset of 4846 * 16 from the beginning of the packet 4847 * if To DS is set. 4848 / 4849* 4850 /* 4851 * Generate the tests to be done for data frames. 4852 * 4853 * First, check for To DS set, i.e. "link[1] & 0x01". 4854 */
3839 s = new_stmt(BPF_LD\|BPF_B\|BPF_ABS); 3840 s->s.k = 1;	4855 s = new_stmt(BPF_LD\|BPF_B\|BPF_ABS); 4856 s->s.k = 1;
3841 b0 = new_block(JMP(BPF_JSET)); 3842 b0->s.k = 1; 3843 b0->stmts = s;	4857 b1 = new_block(JMP(BPF_JSET)); 4858 b1->s.k = 0x01; /* To DS / 4859* b1->stmts = s; 4860 4861 /* 4862 * If To DS is set, the DA is at 16. 4863 / 4864* b0 = gen_mac_multicast(16); 4865 gen_and(b1, b0); 4866 4867 /* 4868 * Now, check for To DS not set, i.e. check 4869 * "!(link[1] & 0x01)". 4870 / 4871* s = new_stmt(BPF_LD\|BPF_B\|BPF_ABS); 4872 s->s.k = 1; 4873 b2 = new_block(JMP(BPF_JSET)); 4874 b2->s.k = 0x01; /* To DS / 4875* b2->stmts = s; 4876 gen_not(b2); 4877 4878 /* 4879 * If To DS is not set, the DA is at 4. 4880 / 4881* b1 = gen_mac_multicast(4); 4882 gen_and(b2, b1); 4883 4884 /* 4885 * Now OR together the last two checks. That gives 4886 * the complete set of checks for data frames. 4887 / 4888* gen_or(b1, b0); 4889 4890 /* 4891 * Now check for a data frame. 4892 * I.e, check "link[0] & 0x08". 4893 / 4894* s = new_stmt(BPF_LD\|BPF_B\|BPF_ABS); 4895 s->s.k = 0; 4896 b1 = new_block(JMP(BPF_JSET)); 4897 b1->s.k = 0x08; 4898 b1->stmts = s; 4899 4900 /* 4901 * AND that with the checks done for data frames. 4902 / 4903* gen_and(b1, b0); 4904 4905 /* 4906 * If the high-order bit of the type value is 0, this 4907 * is a management frame. 4908 * I.e, check "!(link[0] & 0x08)". 4909 / 4910* s = new_stmt(BPF_LD\|BPF_B\|BPF_ABS); 4911 s->s.k = 0; 4912 b2 = new_block(JMP(BPF_JSET)); 4913 b2->s.k = 0x08; 4914 b2->stmts = s; 4915 gen_not(b2); 4916 4917 /* 4918 * For management frames, the DA is at 4. 4919 / 4920* b1 = gen_mac_multicast(4); 4921 gen_and(b2, b1); 4922 4923 /* 4924 * OR that with the checks done for data frames. 4925 * That gives the checks done for management and 4926 * data frames. 4927 / 4928* gen_or(b1, b0); 4929 4930 /* 4931 * If the low-order bit of the type value is 1, 4932 * this is either a control frame or a frame 4933 * with a reserved type, and thus not a 4934 * frame with an SA. 4935 * 4936 * I.e., check "!(link[0] & 0x04)". 4937 / 4938* s = new_stmt(BPF_LD\|BPF_B\|BPF_ABS); 4939 s->s.k = 0; 4940 b1 = new_block(JMP(BPF_JSET)); 4941 b1->s.k = 0x04; 4942 b1->stmts = s; 4943 gen_not(b1); 4944 4945 /* 4946 * AND that with the checks for data and management 4947 * frames. 4948 / 4949* gen_and(b1, b0);
3844 return b0; 3845 } 3846	4950 return b0; 4951 } 4952
3847 /* TODO - check how token ring handles multicast / 3848* /* if (linktype == DLT_IEEE802) ... */	4953 if (linktype == DLT_IP_OVER_FC) { 4954 b0 = gen_mac_multicast(2); 4955 return b0; 4956 }
3849	4957
	4958 if (linktype == DLT_SUNATM && is_lane) { 4959 /* 4960 * Check that the packet doesn't begin with an 4961 * LE Control marker. (We've already generated 4962 * a test for LANE.) 4963 / 4964* b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00); 4965 gen_not(b1); 4966 4967 /* ether[off_mac] & 1 != 0 / 4968* b0 = gen_mac_multicast(off_mac); 4969 gen_and(b1, b0); 4970 return b0; 4971 } 4972
3850 /* Link not known to support multicasts / 3851* break; 3852 3853 case Q_IP: 3854 b0 = gen_linktype(ETHERTYPE_IP); 3855 b1 = gen_cmp(off_nl + 16, BPF_B, (bpf_int32)224); 3856 b1->s.code = JMP(BPF_JGE); 3857 gen_and(b0, b1); 3858 return b1; 3859 3860#ifdef INET6 3861 case Q_IPV6: 3862 b0 = gen_linktype(ETHERTYPE_IPV6); 3863 b1 = gen_cmp(off_nl + 24, BPF_B, (bpf_int32)255); 3864 gen_and(b0, b1); 3865 return b1; 3866#endif /* INET6 / 3867* }	4973 /* Link not known to support multicasts / 4974* break; 4975 4976 case Q_IP: 4977 b0 = gen_linktype(ETHERTYPE_IP); 4978 b1 = gen_cmp(off_nl + 16, BPF_B, (bpf_int32)224); 4979 b1->s.code = JMP(BPF_JGE); 4980 gen_and(b0, b1); 4981 return b1; 4982 4983#ifdef INET6 4984 case Q_IPV6: 4985 b0 = gen_linktype(ETHERTYPE_IPV6); 4986 b1 = gen_cmp(off_nl + 24, BPF_B, (bpf_int32)255); 4987 gen_and(b0, b1); 4988 return b1; 4989#endif /* INET6 / 4990* }
3868 bpf_error("only IP multicast filters supported on ethernet/FDDI");	4991 bpf_error("link-layer multicast filters supported only on ethernet/FDDI/token ring/ARCNET/802.11/ATM LANE/Fibre Channel");
3869} 3870 3871/* 3872 * generate command for inbound/outbound. It's here so we can 3873 * make it link-type specific. 'dir' = 0 implies "inbound", 3874 * = 1 implies "outbound". 3875 / 3876struct block 3877gen_inbound(dir) 3878 int dir; 3879{ 3880 register struct block b0; 3881* 3882 /* 3883 * Only some data link types support inbound/outbound qualifiers. 3884 / 3885* switch (linktype) { 3886 case DLT_SLIP:	4992} 4993 4994/* 4995 * generate command for inbound/outbound. It's here so we can 4996 * make it link-type specific. 'dir' = 0 implies "inbound", 4997 * = 1 implies "outbound". 4998 / 4999struct block 5000gen_inbound(dir) 5001 int dir; 5002{ 5003 register struct block b0; 5004* 5005 /* 5006 * Only some data link types support inbound/outbound qualifiers. 5007 / 5008* switch (linktype) { 5009 case DLT_SLIP:
3887 case DLT_PPP:
3888 b0 = gen_relation(BPF_JEQ, 3889 gen_load(Q_LINK, gen_loadi(0), 1), 3890 gen_loadi(0), 3891 dir); 3892 break; 3893	5010 b0 = gen_relation(BPF_JEQ, 5011 gen_load(Q_LINK, gen_loadi(0), 1), 5012 gen_loadi(0), 5013 dir); 5014 break; 5015
	5016 case DLT_LINUX_SLL: 5017 if (dir) { 5018 /* 5019 * Match packets sent by this machine. 5020 / 5021* b0 = gen_cmp(0, BPF_H, LINUX_SLL_OUTGOING); 5022 } else { 5023 /* 5024 * Match packets sent to this machine. 5025 * (No broadcast or multicast packets, or 5026 * packets sent to some other machine and 5027 * received promiscuously.) 5028 * 5029 * XXX - packets sent to other machines probably 5030 * shouldn't be matched, but what about broadcast 5031 * or multicast packets we received? 5032 / 5033* b0 = gen_cmp(0, BPF_H, LINUX_SLL_HOST); 5034 } 5035 break; 5036 5037 case DLT_PFLOG: 5038 b0 = gen_cmp(offsetof(struct pfloghdr, dir), BPF_B, 5039 (bpf_int32)((dir == 0) ? PF_IN : PF_OUT)); 5040 break; 5041
3894 default:	5042 default:
3895 bpf_error("inbound/outbound not supported on linktype %d\n",	5043 bpf_error("inbound/outbound not supported on linktype %d",
3896 linktype); 3897 b0 = NULL; 3898 /* NOTREACHED / 3899* } 3900 return (b0); 3901} 3902	5044 linktype); 5045 b0 = NULL; 5046 /* NOTREACHED / 5047* } 5048 return (b0); 5049} 5050
	5051/* PF firewall log matched interface */
3903struct block *	5052struct block *
	5053gen_pf_ifname(const char ifname) 5054{ 5055* struct block b0; 5056* u_int len, off; 5057 5058 if (linktype == DLT_PFLOG) { 5059 len = sizeof(((struct pfloghdr )0)->ifname); 5060* off = offsetof(struct pfloghdr, ifname); 5061 } else { 5062 bpf_error("ifname not supported on linktype 0x%x", linktype); 5063 /* NOTREACHED / 5064* } 5065 if (strlen(ifname) >= len) { 5066 bpf_error("ifname interface names can only be %d characters", 5067 len-1); 5068 /* NOTREACHED / 5069* } 5070 b0 = gen_bcmp(off, strlen(ifname), ifname); 5071 return (b0); 5072} 5073 5074/* PF firewall log matched interface / 5075struct block 5076gen_pf_ruleset(char ruleset) 5077{ 5078* struct block b0; 5079* 5080 if (linktype != DLT_PFLOG) { 5081 bpf_error("ruleset not supported on linktype 0x%x", linktype); 5082 /* NOTREACHED / 5083* } 5084 if (strlen(ruleset) >= sizeof(((struct pfloghdr )0)->ruleset)) { 5085* bpf_error("ruleset names can only be %ld characters", 5086 (long)(sizeof(((struct pfloghdr )0)->ruleset) - 1)); 5087* /* NOTREACHED / 5088* } 5089 b0 = gen_bcmp(offsetof(struct pfloghdr, ruleset), 5090 strlen(ruleset), ruleset); 5091 return (b0); 5092} 5093 5094/* PF firewall log rule number / 5095struct block 5096gen_pf_rnr(int rnr) 5097{ 5098 struct block b0; 5099* 5100 if (linktype == DLT_PFLOG) { 5101 b0 = gen_cmp(offsetof(struct pfloghdr, rulenr), BPF_W, 5102 (bpf_int32)rnr); 5103 } else { 5104 bpf_error("rnr not supported on linktype 0x%x", linktype); 5105 /* NOTREACHED / 5106* } 5107 5108 return (b0); 5109} 5110 5111/* PF firewall log sub-rule number / 5112struct block 5113gen_pf_srnr(int srnr) 5114{ 5115 struct block b0; 5116* 5117 if (linktype != DLT_PFLOG) { 5118 bpf_error("srnr not supported on linktype 0x%x", linktype); 5119 /* NOTREACHED / 5120* } 5121 5122 b0 = gen_cmp(offsetof(struct pfloghdr, subrulenr), BPF_W, 5123 (bpf_int32)srnr); 5124 return (b0); 5125} 5126 5127/* PF firewall log reason code / 5128struct block 5129gen_pf_reason(int reason) 5130{ 5131 struct block b0; 5132* 5133 if (linktype == DLT_PFLOG) { 5134 b0 = gen_cmp(offsetof(struct pfloghdr, reason), BPF_B, 5135 (bpf_int32)reason); 5136 } else { 5137 bpf_error("reason not supported on linktype 0x%x", linktype); 5138 /* NOTREACHED / 5139* } 5140 5141 return (b0); 5142} 5143 5144/* PF firewall log action / 5145struct block 5146gen_pf_action(int action) 5147{ 5148 struct block b0; 5149* 5150 if (linktype == DLT_PFLOG) { 5151 b0 = gen_cmp(offsetof(struct pfloghdr, action), BPF_B, 5152 (bpf_int32)action); 5153 } else { 5154 bpf_error("action not supported on linktype 0x%x", linktype); 5155 /* NOTREACHED / 5156* } 5157 5158 return (b0); 5159} 5160 5161struct block *
3904gen_acode(eaddr, q) 3905 register const u_char eaddr; 3906* struct qual q; 3907{ 3908 if ((q.addr == Q_HOST \|\| q.addr == Q_DEFAULT) && q.proto == Q_LINK) {	5162gen_acode(eaddr, q) 5163 register const u_char eaddr; 5164* struct qual q; 5165{ 5166 if ((q.addr == Q_HOST \|\| q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
3909 if (linktype == DLT_ARCNET)	5167 if (linktype == DLT_ARCNET \|\| linktype == DLT_ARCNET_LINUX)
3910 return gen_ahostop(eaddr, (int)q.dir); 3911 } 3912 bpf_error("ARCnet address used in non-arc expression"); 3913 /* NOTREACHED / 3914} 3915* 3916static struct block * 3917gen_ahostop(eaddr, dir) --- 38 unchanged lines hidden (view full) --- 3956 3957 /* 3958 * Change the offsets to point to the type and data fields within 3959 * the VLAN packet. This is somewhat of a kludge. 3960 / 3961* if (orig_nl == (u_int)-1) { 3962 orig_linktype = off_linktype; /* save original values / 3963* orig_nl = off_nl;	5168 return gen_ahostop(eaddr, (int)q.dir); 5169 } 5170 bpf_error("ARCnet address used in non-arc expression"); 5171 /* NOTREACHED / 5172} 5173* 5174static struct block * 5175gen_ahostop(eaddr, dir) --- 38 unchanged lines hidden (view full) --- 5214 5215 /* 5216 * Change the offsets to point to the type and data fields within 5217 * the VLAN packet. This is somewhat of a kludge. 5218 / 5219* if (orig_nl == (u_int)-1) { 5220 orig_linktype = off_linktype; /* save original values / 5221* orig_nl = off_nl;
	5222 orig_nl_nosnap = off_nl_nosnap;
3964 3965 switch (linktype) { 3966 3967 case DLT_EN10MB: 3968 off_linktype = 16;	5223 5224 switch (linktype) { 5225 5226 case DLT_EN10MB: 5227 off_linktype = 16;
	5228 off_nl_nosnap = 18;
3969 off_nl = 18; 3970 break; 3971 3972 default: 3973 bpf_error("no VLAN support for data link type %d", 3974 linktype); 3975 /NOTREACHED/ 3976 } --- 8 unchanged lines hidden (view full) --- 3985 3986 b1 = gen_cmp(orig_nl, BPF_H, (bpf_int32)vlan_num); 3987 gen_and(b0, b1); 3988 b0 = b1; 3989 } 3990 3991 return (b0); 3992}	5229 off_nl = 18; 5230 break; 5231 5232 default: 5233 bpf_error("no VLAN support for data link type %d", 5234 linktype); 5235 /NOTREACHED/ 5236 } --- 8 unchanged lines hidden (view full) --- 5245 5246 b1 = gen_cmp(orig_nl, BPF_H, (bpf_int32)vlan_num); 5247 gen_and(b0, b1); 5248 b0 = b1; 5249 } 5250 5251 return (b0); 5252}
	5253 5254struct block * 5255gen_atmfield_code(atmfield, jvalue, jtype, reverse) 5256 int atmfield; 5257 bpf_u_int32 jvalue; 5258 bpf_u_int32 jtype; 5259 int reverse; 5260{ 5261 struct block b0; 5262* 5263 switch (atmfield) { 5264 5265 case A_VPI: 5266 if (!is_atm) 5267 bpf_error("'vpi' supported only on raw ATM"); 5268 if (off_vpi == (u_int)-1) 5269 abort(); 5270 b0 = gen_ncmp(BPF_B, off_vpi, 0xffffffff, (u_int)jtype, 5271 (u_int)jvalue, reverse); 5272 break; 5273 5274 case A_VCI: 5275 if (!is_atm) 5276 bpf_error("'vci' supported only on raw ATM"); 5277 if (off_vci == (u_int)-1) 5278 abort(); 5279 b0 = gen_ncmp(BPF_H, off_vci, 0xffffffff, (u_int)jtype, 5280 (u_int)jvalue, reverse); 5281 break; 5282 5283 case A_PROTOTYPE: 5284 if (off_proto == (u_int)-1) 5285 abort(); /* XXX - this isn't on FreeBSD / 5286* b0 = gen_ncmp(BPF_B, off_proto, 0x0f, (u_int)jtype, 5287 (u_int)jvalue, reverse); 5288 break; 5289 5290 case A_MSGTYPE: 5291 if (off_payload == (u_int)-1) 5292 abort(); 5293 b0 = gen_ncmp(BPF_B, off_payload + MSG_TYPE_POS, 0xffffffff, 5294 (u_int)jtype, (u_int)jvalue, reverse); 5295 break; 5296 5297 case A_CALLREFTYPE: 5298 if (!is_atm) 5299 bpf_error("'callref' supported only on raw ATM"); 5300 if (off_proto == (u_int)-1) 5301 abort(); 5302 b0 = gen_ncmp(BPF_B, off_proto, 0xffffffff, (u_int)jtype, 5303 (u_int)jvalue, reverse); 5304 break; 5305 5306 default: 5307 abort(); 5308 } 5309 return b0; 5310} 5311 5312struct block * 5313gen_atmtype_abbrev(type) 5314 int type; 5315{ 5316 struct block b0, b1; 5317 5318 switch (type) { 5319 5320 case A_METAC: 5321 /* Get all packets in Meta signalling Circuit / 5322* if (!is_atm) 5323 bpf_error("'metac' supported only on raw ATM"); 5324 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0); 5325 b1 = gen_atmfield_code(A_VCI, 1, BPF_JEQ, 0); 5326 gen_and(b0, b1); 5327 break; 5328 5329 case A_BCC: 5330 /* Get all packets in Broadcast Circuit/ 5331* if (!is_atm) 5332 bpf_error("'bcc' supported only on raw ATM"); 5333 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0); 5334 b1 = gen_atmfield_code(A_VCI, 2, BPF_JEQ, 0); 5335 gen_and(b0, b1); 5336 break; 5337 5338 case A_OAMF4SC: 5339 /* Get all cells in Segment OAM F4 circuit/ 5340* if (!is_atm) 5341 bpf_error("'oam4sc' supported only on raw ATM"); 5342 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0); 5343 b1 = gen_atmfield_code(A_VCI, 3, BPF_JEQ, 0); 5344 gen_and(b0, b1); 5345 break; 5346 5347 case A_OAMF4EC: 5348 /* Get all cells in End-to-End OAM F4 Circuit/ 5349* if (!is_atm) 5350 bpf_error("'oam4ec' supported only on raw ATM"); 5351 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0); 5352 b1 = gen_atmfield_code(A_VCI, 4, BPF_JEQ, 0); 5353 gen_and(b0, b1); 5354 break; 5355 5356 case A_SC: 5357 /* Get all packets in connection Signalling Circuit / 5358* if (!is_atm) 5359 bpf_error("'sc' supported only on raw ATM"); 5360 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0); 5361 b1 = gen_atmfield_code(A_VCI, 5, BPF_JEQ, 0); 5362 gen_and(b0, b1); 5363 break; 5364 5365 case A_ILMIC: 5366 /* Get all packets in ILMI Circuit / 5367* if (!is_atm) 5368 bpf_error("'ilmic' supported only on raw ATM"); 5369 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0); 5370 b1 = gen_atmfield_code(A_VCI, 16, BPF_JEQ, 0); 5371 gen_and(b0, b1); 5372 break; 5373 5374 case A_LANE: 5375 /* Get all LANE packets / 5376* if (!is_atm) 5377 bpf_error("'lane' supported only on raw ATM"); 5378 b1 = gen_atmfield_code(A_PROTOTYPE, PT_LANE, BPF_JEQ, 0); 5379 5380 /* 5381 * Arrange that all subsequent tests assume LANE 5382 * rather than LLC-encapsulated packets, and set 5383 * the offsets appropriately for LANE-encapsulated 5384 * Ethernet. 5385 * 5386 * "off_mac" is the offset of the Ethernet header, 5387 * which is 2 bytes past the ATM pseudo-header 5388 * (skipping the pseudo-header and 2-byte LE Client 5389 * field). The other offsets are Ethernet offsets 5390 * relative to "off_mac". 5391 / 5392* is_lane = 1; 5393 off_mac = off_payload + 2; /* MAC header / 5394* off_linktype = off_mac + 12; 5395 off_nl = off_mac + 14; /* Ethernet II / 5396* off_nl_nosnap = off_mac + 17; /* 802.3+802.2 / 5397* break; 5398 5399 case A_LLC: 5400 /* Get all LLC-encapsulated packets / 5401* if (!is_atm) 5402 bpf_error("'llc' supported only on raw ATM"); 5403 b1 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0); 5404 is_lane = 0; 5405 break; 5406 5407 default: 5408 abort(); 5409 } 5410 return b1; 5411} 5412 5413 5414static struct block * 5415gen_msg_abbrev(type) 5416 int type; 5417{ 5418 struct block b1; 5419* 5420 /* 5421 * Q.2931 signalling protocol messages for handling virtual circuits 5422 * establishment and teardown 5423 / 5424* switch (type) { 5425 5426 case A_SETUP: 5427 b1 = gen_atmfield_code(A_MSGTYPE, SETUP, BPF_JEQ, 0); 5428 break; 5429 5430 case A_CALLPROCEED: 5431 b1 = gen_atmfield_code(A_MSGTYPE, CALL_PROCEED, BPF_JEQ, 0); 5432 break; 5433 5434 case A_CONNECT: 5435 b1 = gen_atmfield_code(A_MSGTYPE, CONNECT, BPF_JEQ, 0); 5436 break; 5437 5438 case A_CONNECTACK: 5439 b1 = gen_atmfield_code(A_MSGTYPE, CONNECT_ACK, BPF_JEQ, 0); 5440 break; 5441 5442 case A_RELEASE: 5443 b1 = gen_atmfield_code(A_MSGTYPE, RELEASE, BPF_JEQ, 0); 5444 break; 5445 5446 case A_RELEASE_DONE: 5447 b1 = gen_atmfield_code(A_MSGTYPE, RELEASE_DONE, BPF_JEQ, 0); 5448 break; 5449 5450 default: 5451 abort(); 5452 } 5453 return b1; 5454} 5455 5456struct block * 5457gen_atmmulti_abbrev(type) 5458 int type; 5459{ 5460 struct block b0, b1; 5461 5462 switch (type) { 5463 5464 case A_OAM: 5465 if (!is_atm) 5466 bpf_error("'oam' supported only on raw ATM"); 5467 b1 = gen_atmmulti_abbrev(A_OAMF4); 5468 break; 5469 5470 case A_OAMF4: 5471 if (!is_atm) 5472 bpf_error("'oamf4' supported only on raw ATM"); 5473 /* OAM F4 type / 5474* b0 = gen_atmfield_code(A_VCI, 3, BPF_JEQ, 0); 5475 b1 = gen_atmfield_code(A_VCI, 4, BPF_JEQ, 0); 5476 gen_or(b0, b1); 5477 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0); 5478 gen_and(b0, b1); 5479 break; 5480 5481 case A_CONNECTMSG: 5482 /* 5483 * Get Q.2931 signalling messages for switched 5484 * virtual connection 5485 / 5486* if (!is_atm) 5487 bpf_error("'connectmsg' supported only on raw ATM"); 5488 b0 = gen_msg_abbrev(A_SETUP); 5489 b1 = gen_msg_abbrev(A_CALLPROCEED); 5490 gen_or(b0, b1); 5491 b0 = gen_msg_abbrev(A_CONNECT); 5492 gen_or(b0, b1); 5493 b0 = gen_msg_abbrev(A_CONNECTACK); 5494 gen_or(b0, b1); 5495 b0 = gen_msg_abbrev(A_RELEASE); 5496 gen_or(b0, b1); 5497 b0 = gen_msg_abbrev(A_RELEASE_DONE); 5498 gen_or(b0, b1); 5499 b0 = gen_atmtype_abbrev(A_SC); 5500 gen_and(b0, b1); 5501 break; 5502 5503 case A_METACONNECT: 5504 if (!is_atm) 5505 bpf_error("'metaconnect' supported only on raw ATM"); 5506 b0 = gen_msg_abbrev(A_SETUP); 5507 b1 = gen_msg_abbrev(A_CALLPROCEED); 5508 gen_or(b0, b1); 5509 b0 = gen_msg_abbrev(A_CONNECT); 5510 gen_or(b0, b1); 5511 b0 = gen_msg_abbrev(A_RELEASE); 5512 gen_or(b0, b1); 5513 b0 = gen_msg_abbrev(A_RELEASE_DONE); 5514 gen_or(b0, b1); 5515 b0 = gen_atmtype_abbrev(A_METAC); 5516 gen_and(b0, b1); 5517 break; 5518 5519 default: 5520 abort(); 5521 } 5522 return b1; 5523}