Cross Reference: /freebsd-10.0-release/contrib/libpcap/gencode.c

Deleted Added

sdiff udiff text old ( 146771 ) new ( 147897 )

full compact

gencode.c (146771)	gencode.c (147897)
1/#define CHASE_CHAIN/ 2/* 3 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998 4 * The Regents of the University of California. All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that: (1) source code distributions 8 * retain the above copyright notice and this paragraph in its entirety, (2) --- 5 unchanged lines hidden (view full) --- 14 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 15 * the University nor the names of its contributors may be used to endorse 16 * or promote products derived from this software without specific prior 17 * written permission. 18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 19 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 20 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 21 *	1/#define CHASE_CHAIN/ 2/* 3 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998 4 * The Regents of the University of California. All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that: (1) source code distributions 8 * retain the above copyright notice and this paragraph in its entirety, (2) --- 5 unchanged lines hidden (view full) --- 14 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 15 * the University nor the names of its contributors may be used to endorse 16 * or promote products derived from this software without specific prior 17 * written permission. 18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 19 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 20 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 21 *
22 * $FreeBSD: head/contrib/libpcap/gencode.c 146771 2005-05-29 18:09:04Z sam $	22 * $FreeBSD: head/contrib/libpcap/gencode.c 147897 2005-07-11 03:43:25Z sam $
23 */ 24#ifndef lint 25static const char rcsid[] _U_ =	23 */ 24#ifndef lint 25static const char rcsid[] _U_ =
26 "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.221 2005/03/27 22:10:23 guy Exp $ (LBL)";	26 "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.221.2.24 2005/06/20 21:52:53 guy Exp $ (LBL)";
27#endif 28 29#ifdef HAVE_CONFIG_H 30#include "config.h" 31#endif 32 33#ifdef WIN32 34#include <pcap-stdinc.h> --- 64 unchanged lines hidden (view full) --- 99 100#define JMP(c) ((c)\|BPF_JMP\|BPF_K) 101 102/* Locals / 103static jmp_buf top_ctx; 104static pcap_t bpf_pcap; 105 106/* Hack for updating VLAN, MPLS offsets. */	27#endif 28 29#ifdef HAVE_CONFIG_H 30#include "config.h" 31#endif 32 33#ifdef WIN32 34#include <pcap-stdinc.h> --- 64 unchanged lines hidden (view full) --- 99 100#define JMP(c) ((c)\|BPF_JMP\|BPF_K) 101 102/* Locals / 103static jmp_buf top_ctx; 104static pcap_t bpf_pcap; 105 106/* Hack for updating VLAN, MPLS offsets. */
107static u_int orig_linktype = -1U, orig_nl = -1U, orig_nl_nosnap = -1U;	107static u_int orig_linktype = -1U, orig_nl = -1U;
108 109/* XXX / 110#ifdef PCAP_FDDIPAD 111static int pcap_fddipad; 112#endif 113* 114/* VARARGS / 115void 116bpf_error(const char fmt, ...)	108 109/* XXX / 110#ifdef PCAP_FDDIPAD 111static int pcap_fddipad; 112#endif 113* 114/* VARARGS / 115void 116bpf_error(const char fmt, ...)
117
118{ 119 va_list ap; 120 121 va_start(ap, fmt); 122 if (bpf_pcap != NULL) 123 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE, 124 fmt, ap); 125 va_end(ap); --- 4 unchanged lines hidden (view full) --- 130static void init_linktype(pcap_t ); 131* 132static int alloc_reg(void); 133static void free_reg(int); 134 135static struct block root; 136* 137/*	117{ 118 va_list ap; 119 120 va_start(ap, fmt); 121 if (bpf_pcap != NULL) 122 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE, 123 fmt, ap); 124 va_end(ap); --- 4 unchanged lines hidden (view full) --- 129static void init_linktype(pcap_t ); 130* 131static int alloc_reg(void); 132static void free_reg(int); 133 134static struct block root; 135* 136/*
	137 * Value passed to gen_load_a() to indicate what the offset argument 138 * is relative to. 139 / 140enum e_offrel { 141* OR_PACKET, /* relative to the beginning of the packet / 142* OR_LINK, /* relative to the link-layer header / 143* OR_NET, /* relative to the network-layer header / 144* OR_NET_NOSNAP, /* relative to the network-layer header, with no SNAP header at the link layer / 145* OR_TRAN_IPV4, /* relative to the transport-layer header, with IPv4 network layer / 146* OR_TRAN_IPV6 /* relative to the transport-layer header, with IPv6 network layer / 147}; 148* 149/*
138 * We divy out chunks of memory rather than call malloc each time so 139 * we don't have to worry about leaking memory. It's probably 140 * not a big deal if all this memory was wasted but if this ever 141 * goes into a library that would probably not be a good idea. 142 * 143 * XXX - this is in a library.... 144 / 145#define NCHUNKS 16 --- 10 unchanged lines hidden* (view full) --- 156static void freechunks(void); 157static inline struct block new_block(int); 158static inline struct slist new_stmt(int); 159static struct block gen_retblk(int); 160static inline void syntax(void); 161* 162static void backpatch(struct block , struct block ); 163static void merge(struct block , struct block );	150 * We divy out chunks of memory rather than call malloc each time so 151 * we don't have to worry about leaking memory. It's probably 152 * not a big deal if all this memory was wasted but if this ever 153 * goes into a library that would probably not be a good idea. 154 * 155 * XXX - this is in a library.... 156 / 157#define NCHUNKS 16 --- 10 unchanged lines hidden* (view full) --- 168static void freechunks(void); 169static inline struct block new_block(int); 170static inline struct slist new_stmt(int); 171static struct block gen_retblk(int); 172static inline void syntax(void); 173* 174static void backpatch(struct block , struct block ); 175static void merge(struct block , struct block );
164static struct block gen_cmp(u_int, u_int, bpf_int32); 165static struct block gen_cmp_gt(u_int, u_int, bpf_int32); 166static struct block gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32); 167static struct block gen_bcmp(u_int, u_int, const u_char ); 168static struct block gen_ncmp(bpf_u_int32, bpf_u_int32, bpf_u_int32, 169 bpf_u_int32, bpf_u_int32, int);	176static struct block gen_cmp(enum e_offrel, u_int, u_int, bpf_int32); 177static struct block gen_cmp_gt(enum e_offrel, u_int, u_int, bpf_int32); 178static struct block gen_cmp_ge(enum e_offrel, u_int, u_int, bpf_int32); 179static struct block gen_cmp_lt(enum e_offrel, u_int, u_int, bpf_int32); 180static struct block gen_cmp_le(enum e_offrel, u_int, u_int, bpf_int32); 181static struct block gen_mcmp(enum e_offrel, u_int, u_int, bpf_int32, 182 bpf_u_int32); 183static struct block gen_bcmp(enum e_offrel, u_int, u_int, const u_char ); 184static struct block gen_ncmp(enum e_offrel, bpf_u_int32, bpf_u_int32, 185* bpf_u_int32, bpf_u_int32, int, bpf_int32); 186static struct slist gen_load_llrel(u_int, u_int); 187static struct slist gen_load_a(enum e_offrel, u_int, u_int); 188static struct slist *gen_loadx_iphdrlen(void);
170static struct block gen_uncond(int); 171static inline struct block gen_true(void); 172static inline struct block gen_false(void); 173static struct block gen_ether_linktype(int); 174static struct block *gen_linux_sll_linktype(int);	189static struct block gen_uncond(int); 190static inline struct block gen_true(void); 191static inline struct block gen_false(void); 192static struct block gen_ether_linktype(int); 193static struct block *gen_linux_sll_linktype(int);
	194static void insert_radiotap_load_llprefixlen(struct block ); 195static void insert_load_llprefixlen(struct block ); 196static struct slist *gen_llprefixlen(void);
175static struct block gen_linktype(int); 176static struct block gen_snap(bpf_u_int32, bpf_u_int32, u_int);	197static struct block gen_linktype(int); 198static struct block gen_snap(bpf_u_int32, bpf_u_int32, u_int);
177static struct block *gen_llc(int);	199static struct block *gen_llc_linktype(int);
178static struct block gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int); 179#ifdef INET6 180static struct block gen_hostop6(struct in6_addr , struct in6_addr , int, int, u_int, u_int); 181#endif 182static struct block gen_ahostop(const u_char , int); 183static struct block gen_ehostop(const u_char , int); 184static struct block gen_fhostop(const u_char , int); 185static struct block gen_thostop(const u_char , int); 186static struct block gen_wlanhostop(const u_char , int); 187static struct block gen_ipfchostop(const u_char , int);	200static struct block gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int); 201#ifdef INET6 202static struct block gen_hostop6(struct in6_addr , struct in6_addr , int, int, u_int, u_int); 203#endif 204static struct block gen_ahostop(const u_char , int); 205static struct block gen_ehostop(const u_char , int); 206static struct block gen_fhostop(const u_char , int); 207static struct block gen_thostop(const u_char , int); 208static struct block gen_wlanhostop(const u_char , int); 209static struct block gen_ipfchostop(const u_char , int);
188static struct block *gen_dnhostop(bpf_u_int32, int, u_int);	210static struct block *gen_dnhostop(bpf_u_int32, int);
189static struct block gen_host(bpf_u_int32, bpf_u_int32, int, int); 190#ifdef INET6 191static struct block gen_host6(struct in6_addr , struct in6_addr , int, int); 192#endif 193#ifndef INET6 194static struct block gen_gateway(const u_char , bpf_u_int32 *, int, int); 195#endif 196static struct block gen_ipfrag(void); 197static struct block *gen_portatom(int, bpf_int32);	211static struct block gen_host(bpf_u_int32, bpf_u_int32, int, int); 212#ifdef INET6 213static struct block gen_host6(struct in6_addr , struct in6_addr , int, int); 214#endif 215#ifndef INET6 216static struct block gen_gateway(const u_char , bpf_u_int32 *, int, int); 217#endif 218static struct block gen_ipfrag(void); 219static struct block *gen_portatom(int, bpf_int32);
	220static struct block *gen_portrangeatom(int, bpf_int32, bpf_int32);
198#ifdef INET6 199static struct block *gen_portatom6(int, bpf_int32);	221#ifdef INET6 222static struct block *gen_portatom6(int, bpf_int32);
	223static struct block *gen_portrangeatom6(int, bpf_int32, bpf_int32);
200#endif 201struct block gen_portop(int, int, int); 202static struct block gen_port(int, int, int);	224#endif 225struct block gen_portop(int, int, int); 226static struct block gen_port(int, int, int);
	227struct block gen_portrangeop(int, int, int, int); 228static struct block gen_portrange(int, int, int, int);
203#ifdef INET6 204struct block gen_portop6(int, int, int); 205static struct block gen_port6(int, int, int);	229#ifdef INET6 230struct block gen_portop6(int, int, int); 231static struct block gen_port6(int, int, int);
	232struct block gen_portrangeop6(int, int, int, int); 233static struct block gen_portrange6(int, int, int, int);
206#endif 207static int lookup_proto(const char , int); 208static struct block gen_protochain(int, int, int); 209static struct block gen_proto(int, int, int); 210static struct slist xfer_to_x(struct arth ); 211static struct slist xfer_to_a(struct arth ); 212static struct block gen_mac_multicast(int); 213static struct block gen_len(int, int); --- 235 unchanged lines hidden* (view full) --- 449void 450finish_parse(p) 451 struct block p; 452{ 453* backpatch(p, gen_retblk(snaplen)); 454 p->sense = !p->sense; 455 backpatch(p, gen_retblk(0)); 456 root = p->head;	234#endif 235static int lookup_proto(const char , int); 236static struct block gen_protochain(int, int, int); 237static struct block gen_proto(int, int, int); 238static struct slist xfer_to_x(struct arth ); 239static struct slist xfer_to_a(struct arth ); 240static struct block gen_mac_multicast(int); 241static struct block gen_len(int, int); --- 235 unchanged lines hidden* (view full) --- 477void 478finish_parse(p) 479 struct block p; 480{ 481* backpatch(p, gen_retblk(snaplen)); 482 p->sense = !p->sense; 483 backpatch(p, gen_retblk(0)); 484 root = p->head;
	485 486 /* 487 * Insert before the statements of the first (root) block any 488 * statements needed to load the lengths of any variable-length 489 * headers into registers. 490 * 491 * XXX - a fancier strategy would be to insert those before the 492 * statements of all blocks that use those lengths and that 493 * have no predecessors that use them, so that we only compute 494 * the lengths if we need them. There might be even better 495 * approaches than that. However, as we're currently only 496 * handling variable-length radiotap headers, and as all 497 * filtering expressions other than raw link[M:N] tests 498 * require the length of that header, doing more for that 499 * header length isn't really worth the effort. 500 / 501* insert_load_llprefixlen(root);
457} 458 459void 460gen_and(b0, b1) 461 struct block b0, b1; 462{ 463 backpatch(b0, b1->head); 464 b0->sense = !b0->sense; --- 17 unchanged lines hidden (view full) --- 482void 483gen_not(b) 484 struct block b; 485{ 486* b->sense = !b->sense; 487} 488 489static struct block *	502} 503 504void 505gen_and(b0, b1) 506 struct block b0, b1; 507{ 508 backpatch(b0, b1->head); 509 b0->sense = !b0->sense; --- 17 unchanged lines hidden (view full) --- 527void 528gen_not(b) 529 struct block b; 530{ 531* b->sense = !b->sense; 532} 533 534static struct block *
490gen_cmp(offset, size, v)	535gen_cmp(offrel, offset, size, v) 536 enum e_offrel offrel;
491 u_int offset, size; 492 bpf_int32 v; 493{	537 u_int offset, size; 538 bpf_int32 v; 539{
494 struct slist s; 495* struct block *b;	540 return gen_ncmp(offrel, offset, size, 0xffffffff, BPF_JEQ, 0, v); 541}
496	542
497 s = new_stmt(BPF_LD\|BPF_ABS\|size); 498 s->s.k = offset;	543static struct block * 544gen_cmp_gt(offrel, offset, size, v) 545 enum e_offrel offrel; 546 u_int offset, size; 547 bpf_int32 v; 548{ 549 return gen_ncmp(offrel, offset, size, 0xffffffff, BPF_JGT, 0, v); 550}
499	551
500 b = new_block(JMP(BPF_JEQ)); 501 b->stmts = s; 502 b->s.k = v; 503 504 return b;	552static struct block * 553gen_cmp_ge(offrel, offset, size, v) 554 enum e_offrel offrel; 555 u_int offset, size; 556 bpf_int32 v; 557{ 558 return gen_ncmp(offrel, offset, size, 0xffffffff, BPF_JGE, 0, v);
505} 506 507static struct block *	559} 560 561static struct block *
508gen_cmp_gt(offset, size, v)	562gen_cmp_lt(offrel, offset, size, v) 563 enum e_offrel offrel;
509 u_int offset, size; 510 bpf_int32 v; 511{	564 u_int offset, size; 565 bpf_int32 v; 566{
512 struct slist s; 513* struct block *b;	567 return gen_ncmp(offrel, offset, size, 0xffffffff, BPF_JGE, 1, v); 568}
514	569
515 s = new_stmt(BPF_LD\|BPF_ABS\|size); 516 s->s.k = offset; 517 518 b = new_block(JMP(BPF_JGT)); 519 b->stmts = s; 520 b->s.k = v; 521 522 return b;	570static struct block * 571gen_cmp_le(offrel, offset, size, v) 572 enum e_offrel offrel; 573 u_int offset, size; 574 bpf_int32 v; 575{ 576 return gen_ncmp(offrel, offset, size, 0xffffffff, BPF_JGT, 1, v);
523} 524 525static struct block *	577} 578 579static struct block *
526gen_mcmp(offset, size, v, mask)	580gen_mcmp(offrel, offset, size, v, mask) 581 enum e_offrel offrel;
527 u_int offset, size; 528 bpf_int32 v; 529 bpf_u_int32 mask; 530{	582 u_int offset, size; 583 bpf_int32 v; 584 bpf_u_int32 mask; 585{
531 struct block b = gen_cmp(offset, size, v); 532* struct slist s; 533* 534 if (mask != 0xffffffff) { 535 s = new_stmt(BPF_ALU\|BPF_AND\|BPF_K); 536 s->s.k = mask; 537 b->stmts->next = s; 538 } 539 return b;	586 return gen_ncmp(offrel, offset, size, mask, BPF_JEQ, 0, v);
540} 541 542static struct block *	587} 588 589static struct block *
543gen_bcmp(offset, size, v)	590gen_bcmp(offrel, offset, size, v) 591 enum e_offrel offrel;
544 register u_int offset, size; 545 register const u_char v; 546{ 547* register struct block b, tmp; 548 549 b = NULL; 550 while (size >= 4) { 551 register const u_char p = &v[size - 4]; 552* bpf_int32 w = ((bpf_int32)p[0] << 24) \| 553 ((bpf_int32)p[1] << 16) \| ((bpf_int32)p[2] << 8) \| p[3]; 554	592 register u_int offset, size; 593 register const u_char v; 594{ 595* register struct block b, tmp; 596 597 b = NULL; 598 while (size >= 4) { 599 register const u_char p = &v[size - 4]; 600* bpf_int32 w = ((bpf_int32)p[0] << 24) \| 601 ((bpf_int32)p[1] << 16) \| ((bpf_int32)p[2] << 8) \| p[3]; 602
555 tmp = gen_cmp(offset + size - 4, BPF_W, w);	603 tmp = gen_cmp(offrel, offset + size - 4, BPF_W, w);
556 if (b != NULL) 557 gen_and(b, tmp); 558 b = tmp; 559 size -= 4; 560 } 561 while (size >= 2) { 562 register const u_char p = &v[size - 2]; 563* bpf_int32 w = ((bpf_int32)p[0] << 8) \| p[1]; 564	604 if (b != NULL) 605 gen_and(b, tmp); 606 b = tmp; 607 size -= 4; 608 } 609 while (size >= 2) { 610 register const u_char p = &v[size - 2]; 611* bpf_int32 w = ((bpf_int32)p[0] << 8) \| p[1]; 612
565 tmp = gen_cmp(offset + size - 2, BPF_H, w);	613 tmp = gen_cmp(offrel, offset + size - 2, BPF_H, w);
566 if (b != NULL) 567 gen_and(b, tmp); 568 b = tmp; 569 size -= 2; 570 } 571 if (size > 0) {	614 if (b != NULL) 615 gen_and(b, tmp); 616 b = tmp; 617 size -= 2; 618 } 619 if (size > 0) {
572 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]);	620 tmp = gen_cmp(offrel, offset, BPF_B, (bpf_int32)v[0]);
573 if (b != NULL) 574 gen_and(b, tmp); 575 b = tmp; 576 } 577 return b; 578} 579	621 if (b != NULL) 622 gen_and(b, tmp); 623 b = tmp; 624 } 625 return b; 626} 627
	628/* 629 * AND the field of size "size" at offset "offset" relative to the header 630 * specified by "offrel" with "mask", and compare it with the value "v" 631 * with the test specified by "jtype"; if "reverse" is true, the test 632 * should test the opposite of "jtype". 633 */
580static struct block *	634static struct block *
581gen_ncmp(datasize, offset, mask, jtype, jvalue, reverse) 582 bpf_u_int32 datasize, offset, mask, jtype, jvalue;	635gen_ncmp(offrel, offset, size, mask, jtype, reverse, v) 636 enum e_offrel offrel; 637 bpf_int32 v; 638 bpf_u_int32 offset, size, mask, jtype;
583 int reverse; 584{	639 int reverse; 640{
585 struct slist *s;	641 struct slist s, s2;
586 struct block b; 587*	642 struct block b; 643*
588 s = new_stmt(BPF_LD\|datasize\|BPF_ABS); 589 s->s.k = offset;	644 s = gen_load_a(offrel, offset, size);
590 591 if (mask != 0xffffffff) {	645 646 if (mask != 0xffffffff) {
592 s->next = new_stmt(BPF_ALU\|BPF_AND\|BPF_K); 593 s->next->s.k = mask;	647 s2 = new_stmt(BPF_ALU\|BPF_AND\|BPF_K); 648 s2->s.k = mask; 649 sappend(s, s2);
594 } 595 596 b = new_block(JMP(jtype)); 597 b->stmts = s;	650 } 651 652 b = new_block(JMP(jtype)); 653 b->stmts = s;
598 b->s.k = jvalue;	654 b->s.k = v;
599 if (reverse && (jtype == BPF_JGT \|\| jtype == BPF_JGE)) 600 gen_not(b); 601 return b; 602} 603 604/* 605 * Various code constructs need to know the layout of the data link	655 if (reverse && (jtype == BPF_JGT \|\| jtype == BPF_JGE)) 656 gen_not(b); 657 return b; 658} 659 660/* 661 * Various code constructs need to know the layout of the data link
606 * layer. These variables give the necessary offsets.	662 * layer. These variables give the necessary offsets from the beginning 663 * of the packet data. 664 * 665 * If the link layer has variable_length headers, the offsets are offsets 666 * from the end of the link-link-layer header, and "reg_ll_size" is 667 * the register number for a register containing the length of the 668 * link-layer header. Otherwise, "reg_ll_size" is -1.
607 */	669 */
	670static int reg_ll_size;
608 609/*	671 672/*
	673 * This is the offset of the beginning of the link-layer header. 674 * It's usually 0, except for 802.11 with a fixed-length radio header. 675 / 676static u_int off_ll; 677* 678/*
610 * This is the offset of the beginning of the MAC-layer header. 611 * It's usually 0, except for ATM LANE. 612 / 613static u_int off_mac; 614* 615/* 616 * "off_linktype" is the offset to information in the link-layer header 617 * giving the packet type. --- 29 unchanged lines hidden (view full) --- 647/* 648 * These are offsets for the ATM pseudo-header. 649 / 650static u_int off_vpi; 651static u_int off_vci; 652static u_int off_proto; 653* 654/*	679 * This is the offset of the beginning of the MAC-layer header. 680 * It's usually 0, except for ATM LANE. 681 / 682static u_int off_mac; 683* 684/* 685 * "off_linktype" is the offset to information in the link-layer header 686 * giving the packet type. --- 29 unchanged lines hidden (view full) --- 716/* 717 * These are offsets for the ATM pseudo-header. 718 / 719static u_int off_vpi; 720static u_int off_vci; 721static u_int off_proto; 722* 723/*
	724 * These are offsets for the MTP3 fields. 725 / 726static u_int off_sio; 727static u_int off_opc; 728static u_int off_dpc; 729static u_int off_sls; 730* 731/*
655 * This is the offset of the first byte after the ATM pseudo_header, 656 * or -1 if there is no ATM pseudo-header. 657 / 658static u_int off_payload; 659* 660/* 661 * These are offsets to the beginning of the network-layer header. 662 * --- 36 unchanged lines hidden (view full) --- 699 off_mac = 0; 700 is_atm = 0; 701 is_lane = 0; 702 off_vpi = -1; 703 off_vci = -1; 704 off_proto = -1; 705 off_payload = -1; 706	732 * This is the offset of the first byte after the ATM pseudo_header, 733 * or -1 if there is no ATM pseudo-header. 734 / 735static u_int off_payload; 736* 737/* 738 * These are offsets to the beginning of the network-layer header. 739 * --- 36 unchanged lines hidden (view full) --- 776 off_mac = 0; 777 is_atm = 0; 778 is_lane = 0; 779 off_vpi = -1; 780 off_vci = -1; 781 off_proto = -1; 782 off_payload = -1; 783
	784 off_sio = -1; 785 off_opc = -1; 786 off_dpc = -1; 787 off_sls = -1; 788 789 /* 790 * Also assume it's not 802.11 with a fixed-length radio header. 791 / 792* off_ll = 0; 793
707 orig_linktype = -1; 708 orig_nl = -1;	794 orig_linktype = -1; 795 orig_nl = -1;
709 orig_nl_nosnap = -1;
710	796
	797 reg_ll_size = -1; 798
711 switch (linktype) { 712 713 case DLT_ARCNET: 714 off_linktype = 2; 715 off_nl = 6; /* XXX in reality, variable! / 716* off_nl_nosnap = 6; /* no 802.2 LLC / 717* return; 718 --- 141 unchanged lines hidden (view full) --- 860 * the 802.11 header, containing a bunch of additional 861 * information including radio-level information. 862 * 863 * The header is 144 bytes long. 864 * 865 * XXX - same variable-length header problem; at least 866 * the Prism header is fixed-length. 867 */	799 switch (linktype) { 800 801 case DLT_ARCNET: 802 off_linktype = 2; 803 off_nl = 6; /* XXX in reality, variable! / 804* off_nl_nosnap = 6; /* no 802.2 LLC / 805* return; 806 --- 141 unchanged lines hidden (view full) --- 948 * the 802.11 header, containing a bunch of additional 949 * information including radio-level information. 950 * 951 * The header is 144 bytes long. 952 * 953 * XXX - same variable-length header problem; at least 954 * the Prism header is fixed-length. 955 */
	956 off_ll = 144;
868 off_linktype = 144+24; 869 off_nl = 144+32; /* Prism+802.11+802.2+SNAP / 870* off_nl_nosnap = 144+27; /* Prism+802.11+802.2 / 871* return; 872 873 case DLT_IEEE802_11_RADIO_AVS: 874 /* 875 * Same as 802.11, but with an additional header before --- 4 unchanged lines hidden (view full) --- 880 * current incarnation. 881 * 882 * XXX - same variable-length header problem, only 883 * more so; this header is also variable-length, 884 * with the length being the 32-bit big-endian 885 * number at an offset of 4 from the beginning 886 * of the radio header. 887 */	957 off_linktype = 144+24; 958 off_nl = 144+32; /* Prism+802.11+802.2+SNAP / 959* off_nl_nosnap = 144+27; /* Prism+802.11+802.2 / 960* return; 961 962 case DLT_IEEE802_11_RADIO_AVS: 963 /* 964 * Same as 802.11, but with an additional header before --- 4 unchanged lines hidden (view full) --- 969 * current incarnation. 970 * 971 * XXX - same variable-length header problem, only 972 * more so; this header is also variable-length, 973 * with the length being the 32-bit big-endian 974 * number at an offset of 4 from the beginning 975 * of the radio header. 976 */
	977 off_ll = 64;
888 off_linktype = 64+24; 889 off_nl = 64+32; /* Radio+802.11+802.2+SNAP / 890* off_nl_nosnap = 64+27; /* Radio+802.11+802.2 / 891* return; 892 893 case DLT_IEEE802_11_RADIO: 894 /* 895 * Same as 802.11, but with an additional header before 896 * the 802.11 header, containing a bunch of additional 897 * information including radio-level information. 898 *	978 off_linktype = 64+24; 979 off_nl = 64+32; /* Radio+802.11+802.2+SNAP / 980* off_nl_nosnap = 64+27; /* Radio+802.11+802.2 / 981* return; 982 983 case DLT_IEEE802_11_RADIO: 984 /* 985 * Same as 802.11, but with an additional header before 986 * the 802.11 header, containing a bunch of additional 987 * information including radio-level information. 988 *
899 * XXX - same variable-length header problem, only 900 * even more so; this header is also variable-length, 901 * with the length being the 16-bit number at an offset 902 * of 2 from the beginning of the radio header, and it's 903 * device-dependent (different devices might supply 904 * different amounts of information), so we can't even 905 * assume a fixed length for the current version of the 906 * header. 907 * 908 * Therefore, currently, only raw "link[N:M]" filtering is 909 * supported.	989 * The radiotap header is variable length, and we 990 * generate code to compute its length and store it 991 * in a register. These offsets are relative to the 992 * beginning of the 802.11 header.
910 */	993 */
911 off_linktype = -1; 912 off_nl = -1; 913 off_nl_nosnap = -1;	994 off_linktype = 24; 995 off_nl = 32; /* 802.11+802.2+SNAP / 996* off_nl_nosnap = 27; /* 802.11+802.2 */
914 return; 915 916 case DLT_ATM_RFC1483: 917 case DLT_ATM_CLIP: /* Linux ATM defines this / 918* /* 919 * assume routed, non-ISO PDUs 920 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00)	997 return; 998 999 case DLT_ATM_RFC1483: 1000 case DLT_ATM_CLIP: /* Linux ATM defines this / 1001* /* 1002 * assume routed, non-ISO PDUs 1003 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00)
	1004 * 1005 * XXX - what about ISO PDUs, e.g. CLNP, ISIS, ESIS, 1006 * or PPP with the PPP NLPID (e.g., PPPoA)? The 1007 * latter would presumably be treated the way PPPoE 1008 * should be, so you can do "pppoe and udp port 2049" 1009 * or "pppoa and tcp port 80" and have it check for 1010 * PPPo{A,E} and a PPP protocol of IP and....
921 / 922* off_linktype = 0; 923 off_nl = 8; /* 802.2+SNAP / 924* off_nl_nosnap = 3; /* 802.2 / 925* return; 926 927 case DLT_SUNATM: 928 /* --- 58 unchanged lines hidden (view full) --- 987 off_linktype = -1; 988 off_nl = 0; 989 off_nl_nosnap = 0; /* no 802.2 LLC / 990* return; 991 992 case DLT_APPLE_IP_OVER_IEEE1394: 993 off_linktype = 16; 994 off_nl = 18;	1011 / 1012* off_linktype = 0; 1013 off_nl = 8; /* 802.2+SNAP / 1014* off_nl_nosnap = 3; /* 802.2 / 1015* return; 1016 1017 case DLT_SUNATM: 1018 /* --- 58 unchanged lines hidden (view full) --- 1077 off_linktype = -1; 1078 off_nl = 0; 1079 off_nl_nosnap = 0; /* no 802.2 LLC / 1080* return; 1081 1082 case DLT_APPLE_IP_OVER_IEEE1394: 1083 off_linktype = 16; 1084 off_nl = 18;
995 off_nl_nosnap = 0; /* no 802.2 LLC */	1085 off_nl_nosnap = 18; /* no 802.2 LLC */
996 return; 997 998 case DLT_LINUX_IRDA: 999 /* 1000 * Currently, only raw "link[N:M]" filtering is supported. 1001 / 1002* off_linktype = -1; 1003 off_nl = -1; --- 12 unchanged lines hidden (view full) --- 1016 case DLT_SYMANTEC_FIREWALL: 1017 off_linktype = 6; 1018 off_nl = 44; /* Ethernet II / 1019* off_nl_nosnap = 44; /* XXX - what does it do with 802.3 packets? / 1020* return; 1021 1022 case DLT_PFLOG: 1023 off_linktype = 0;	1086 return; 1087 1088 case DLT_LINUX_IRDA: 1089 /* 1090 * Currently, only raw "link[N:M]" filtering is supported. 1091 / 1092* off_linktype = -1; 1093 off_nl = -1; --- 12 unchanged lines hidden (view full) --- 1106 case DLT_SYMANTEC_FIREWALL: 1107 off_linktype = 6; 1108 off_nl = 44; /* Ethernet II / 1109* off_nl_nosnap = 44; /* XXX - what does it do with 802.3 packets? / 1110* return; 1111 1112 case DLT_PFLOG: 1113 off_linktype = 0;
1024 /* XXX read from header? */	1114 /* XXX read this from pf.h? */
1025 off_nl = PFLOG_HDRLEN;	1115 off_nl = PFLOG_HDRLEN;
1026 off_nl_nosnap = PFLOG_HDRLEN;	1116 off_nl_nosnap = PFLOG_HDRLEN; /* no 802.2 LLC */
1027 return; 1028 1029 case DLT_JUNIPER_MLFR: 1030 case DLT_JUNIPER_MLPPP: 1031 off_linktype = 4; 1032 off_nl = 4;	1117 return; 1118 1119 case DLT_JUNIPER_MLFR: 1120 case DLT_JUNIPER_MLPPP: 1121 off_linktype = 4; 1122 off_nl = 4;
1033 off_nl_nosnap = -1;	1123 off_nl_nosnap = -1; /* no 802.2 LLC */
1034 return; 1035 1036 case DLT_JUNIPER_ATM1: 1037 off_linktype = 4; /* in reality variable between 4-8 / 1038* off_nl = 4; 1039 off_nl_nosnap = 14; 1040 return; 1041 1042 case DLT_JUNIPER_ATM2: 1043 off_linktype = 8; /* in reality variable between 8-12 / 1044* off_nl = 8; 1045 off_nl_nosnap = 18; 1046 return; 1047	1124 return; 1125 1126 case DLT_JUNIPER_ATM1: 1127 off_linktype = 4; /* in reality variable between 4-8 / 1128* off_nl = 4; 1129 off_nl_nosnap = 14; 1130 return; 1131 1132 case DLT_JUNIPER_ATM2: 1133 off_linktype = 8; /* in reality variable between 8-12 / 1134* off_nl = 8; 1135 off_nl_nosnap = 18; 1136 return; 1137
	1138 /* frames captured on a Juniper PPPoE service PIC 1139 * contain raw ethernet frames / 1140* case DLT_JUNIPER_PPPOE: 1141 off_linktype = 16; 1142 off_nl = 18; /* Ethernet II / 1143* off_nl_nosnap = 21; /* 802.3+802.2 / 1144* return; 1145 1146 case DLT_JUNIPER_PPPOE_ATM: 1147 off_linktype = 4; 1148 off_nl = 6; 1149 off_nl_nosnap = -1; /* no 802.2 LLC / 1150* return; 1151 1152 case DLT_JUNIPER_GGSN: 1153 off_linktype = 6; 1154 off_nl = 12; 1155 off_nl_nosnap = -1; /* no 802.2 LLC / 1156* return; 1157 1158 case DLT_JUNIPER_ES: 1159 off_linktype = 6; 1160 off_nl = -1; /* not really a network layer but raw IP adresses / 1161* off_nl_nosnap = -1; /* no 802.2 LLC / 1162* return; 1163 1164 case DLT_JUNIPER_MONITOR: 1165 off_linktype = 12; 1166 off_nl = 12; /* raw IP/IP6 header / 1167* off_nl_nosnap = -1; /* no 802.2 LLC / 1168* return; 1169 1170 case DLT_JUNIPER_SERVICES: 1171 off_linktype = 12; 1172 off_nl = -1; /* L3 proto location dep. on cookie type / 1173* off_nl_nosnap = -1; /* no 802.2 LLC / 1174* return; 1175 1176 case DLT_MTP2: 1177 off_sio = 3; 1178 off_opc = 4; 1179 off_dpc = 4; 1180 off_sls = 7; 1181 off_linktype = -1; 1182 off_nl = -1; 1183 off_nl_nosnap = -1; 1184 return; 1185
1048#ifdef DLT_PFSYNC 1049 case DLT_PFSYNC: 1050 off_linktype = -1; 1051 off_nl = 4; 1052 off_nl_nosnap = 4; 1053 return; 1054#endif	1186#ifdef DLT_PFSYNC 1187 case DLT_PFSYNC: 1188 off_linktype = -1; 1189 off_nl = 4; 1190 off_nl_nosnap = 4; 1191 return; 1192#endif
	1193 1194 case DLT_LINUX_LAPD: 1195 /* 1196 * Currently, only raw "link[N:M]" filtering is supported. 1197 / 1198* off_linktype = -1; 1199 off_nl = -1; 1200 off_nl_nosnap = -1; 1201 return;
1055 } 1056 bpf_error("unknown data link type %d", linktype); 1057 /* NOTREACHED / 1058} 1059*	1202 } 1203 bpf_error("unknown data link type %d", linktype); 1204 /* NOTREACHED / 1205} 1206*
	1207/* 1208 * Load a value relative to the beginning of the link-layer header. 1209 * The link-layer header doesn't necessarily begin at the beginning 1210 * of the packet data; there might be a variable-length prefix containing 1211 * radio information. 1212 / 1213static struct slist 1214gen_load_llrel(offset, size) 1215 u_int offset, size; 1216{ 1217 struct slist s, s2; 1218 1219 s = gen_llprefixlen(); 1220 1221 /* 1222 * If "s" is non-null, it has code to arrange that the X register 1223 * contains the length of the prefix preceding the link-layer 1224 * header. 1225 / 1226* if (s != NULL) { 1227 s2 = new_stmt(BPF_LD\|BPF_IND\|size); 1228 s2->s.k = offset; 1229 sappend(s, s2); 1230 } else { 1231 s = new_stmt(BPF_LD\|BPF_ABS\|size); 1232 s->s.k = offset; 1233 } 1234 return s; 1235} 1236 1237/* 1238 * Load a value relative to the beginning of the specified header. 1239 / 1240static struct slist 1241gen_load_a(offrel, offset, size) 1242 enum e_offrel offrel; 1243 u_int offset, size; 1244{ 1245 struct slist s, s2; 1246 1247 switch (offrel) { 1248 1249 case OR_PACKET: 1250 s = gen_load_llrel(offset, size); 1251 break; 1252 1253 case OR_LINK: 1254 s = gen_load_llrel(off_ll + offset, size); 1255 break; 1256 1257 case OR_NET: 1258 s = gen_load_llrel(off_nl + offset, size); 1259 break; 1260 1261 case OR_NET_NOSNAP: 1262 s = gen_load_llrel(off_nl_nosnap + offset, size); 1263 break; 1264 1265 case OR_TRAN_IPV4: 1266 /* 1267 * Load the X register with the length of the IPv4 header, 1268 * in bytes. 1269 / 1270* s = gen_loadx_iphdrlen(); 1271 1272 /* 1273 * Load the item at {length of the link-layer header} + 1274 * {length of the IPv4 header} + {specified offset}. 1275 / 1276* s2 = new_stmt(BPF_LD\|BPF_IND\|size); 1277 s2->s.k = off_nl + offset; 1278 sappend(s, s2); 1279 break; 1280 1281 case OR_TRAN_IPV6: 1282 s = gen_load_llrel(off_nl + 40 + offset, size); 1283 break; 1284 1285 default: 1286 abort(); 1287 return NULL; 1288 } 1289 return s; 1290} 1291 1292/* 1293 * Generate code to load into the X register the sum of the length of 1294 * the IPv4 header and any variable-length header preceding the link-layer 1295 * header. 1296 / 1297static struct slist 1298gen_loadx_iphdrlen() 1299{ 1300 struct slist s, s2; 1301 1302 s = gen_llprefixlen(); 1303 if (s != NULL) { 1304 /* 1305 * There's a variable-length prefix preceding the 1306 * link-layer header. "s" points to a list of statements 1307 * that put the length of that prefix into the X register. 1308 * The 4([k]&0xf) addressing mode can't be used, as we 1309* * don't have a constant offset, so we have to load the 1310 * value in question into the A register and add to it 1311 * the value from the X register. 1312 / 1313* s2 = new_stmt(BPF_LD\|BPF_IND\|BPF_B); 1314 s2->s.k = off_nl; 1315 sappend(s, s2); 1316 s2 = new_stmt(BPF_ALU\|BPF_AND\|BPF_K); 1317 s2->s.k = 0xf; 1318 sappend(s, s2); 1319 s2 = new_stmt(BPF_ALU\|BPF_LSH\|BPF_K); 1320 s2->s.k = 2; 1321 sappend(s, s2); 1322 1323 /* 1324 * The A register now contains the length of the 1325 * IP header. We need to add to it the length 1326 * of the prefix preceding the link-layer 1327 * header, which is still in the X register, and 1328 * move the result into the X register. 1329 / 1330* sappend(s, new_stmt(BPF_ALU\|BPF_ADD\|BPF_X)); 1331 sappend(s, new_stmt(BPF_MISC\|BPF_TAX)); 1332 } else { 1333 /* 1334 * There is no variable-length header preceding the 1335 * link-layer header; if there's a fixed-length 1336 * header preceding it, its length is included in 1337 * the off_ variables, so it doesn't need to be added. 1338 / 1339* s = new_stmt(BPF_LDX\|BPF_MSH\|BPF_B); 1340 s->s.k = off_nl; 1341 } 1342 return s; 1343} 1344
1060static struct block * 1061gen_uncond(rsense) 1062 int rsense; 1063{ 1064 struct block b; 1065* struct slist s; 1066* 1067 s = new_stmt(BPF_LD\|BPF_IMM); --- 19 unchanged lines hidden (view full) --- 1087/* 1088 * Byte-swap a 32-bit number. 1089 * ("htonl()" or "ntohl()" won't work - we want to byte-swap even on 1090 * big-endian platforms.) 1091 / 1092#define SWAPLONG(y) \ 1093((((y)&0xff)<<24) \| (((y)&0xff00)<<8) \| (((y)&0xff0000)>>8) \| (((y)>>24)&0xff)) 1094*	1345static struct block * 1346gen_uncond(rsense) 1347 int rsense; 1348{ 1349 struct block b; 1350* struct slist s; 1351* 1352 s = new_stmt(BPF_LD\|BPF_IMM); --- 19 unchanged lines hidden (view full) --- 1372/* 1373 * Byte-swap a 32-bit number. 1374 * ("htonl()" or "ntohl()" won't work - we want to byte-swap even on 1375 * big-endian platforms.) 1376 / 1377#define SWAPLONG(y) \ 1378((((y)&0xff)<<24) \| (((y)&0xff00)<<8) \| (((y)&0xff0000)>>8) \| (((y)>>24)&0xff)) 1379*
	1380/* 1381 * Generate code to match a particular packet type. 1382 * 1383 * "proto" is an Ethernet type value, if > ETHERMTU, or an LLC SAP 1384 * value, if <= ETHERMTU. We use that to determine whether to 1385 * match the type/length field or to check the type/length field for 1386 * a value <= ETHERMTU to see whether it's a type field and then do 1387 * the appropriate test. 1388 */
1095static struct block * 1096gen_ether_linktype(proto) 1097 register int proto; 1098{ 1099 struct block b0, b1; 1100 1101 switch (proto) { 1102 1103 case LLCSAP_ISONS:	1389static struct block * 1390gen_ether_linktype(proto) 1391 register int proto; 1392{ 1393 struct block b0, b1; 1394 1395 switch (proto) { 1396 1397 case LLCSAP_ISONS:
1104 /* 1105 * OSI protocols always use 802.2 encapsulation. 1106 * XXX - should we check both the DSAP and the 1107 * SSAP, like this, or should we check just the 1108 * DSAP? 1109 / 1110* b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 1111 gen_not(b0); 1112 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32) 1113 ((LLCSAP_ISONS << 8) \| LLCSAP_ISONS)); 1114 gen_and(b0, b1); 1115 return b1; 1116
1117 case LLCSAP_IP:	1398 case LLCSAP_IP:
1118 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 1119 gen_not(b0); 1120 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32) 1121 ((LLCSAP_IP << 8) \| LLCSAP_IP)); 1122 gen_and(b0, b1); 1123 return b1; 1124
1125 case LLCSAP_NETBEUI: 1126 /*	1399 case LLCSAP_NETBEUI: 1400 /*
1127 * NetBEUI always uses 802.2 encapsulation.	1401 * OSI protocols and NetBEUI always use 802.2 encapsulation, 1402 * so we check the DSAP and SSAP. 1403 * 1404 * LLCSAP_IP checks for IP-over-802.2, rather 1405 * than IP-over-Ethernet or IP-over-SNAP. 1406 *
1128 * XXX - should we check both the DSAP and the 1129 * SSAP, like this, or should we check just the	1407 * XXX - should we check both the DSAP and the 1408 * SSAP, like this, or should we check just the
1130 * DSAP?	1409 * DSAP, as we do for other types <= ETHERMTU 1410 * (i.e., other SAP values)?
1131 */	1411 */
1132 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);	1412 b0 = gen_cmp_gt(OR_LINK, off_linktype, BPF_H, ETHERMTU);
1133 gen_not(b0);	1413 gen_not(b0);
1134 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32) 1135 ((LLCSAP_NETBEUI << 8) \| LLCSAP_NETBEUI));	1414 b1 = gen_cmp(OR_LINK, off_linktype + 2, BPF_H, (bpf_int32) 1415 ((proto << 8) \| proto));
1136 gen_and(b0, b1); 1137 return b1; 1138 1139 case LLCSAP_IPX: 1140 /* 1141 * Check for; 1142 * 1143 * Ethernet_II frames, which are Ethernet --- 20 unchanged lines hidden (view full) --- 1164 * XXX - should we generate the same code both 1165 * for tests for LLCSAP_IPX and for ETHERTYPE_IPX? 1166 / 1167* 1168 /* 1169 * This generates code to check both for the 1170 * IPX LSAP (Ethernet_802.2) and for Ethernet_802.3. 1171 */	1416 gen_and(b0, b1); 1417 return b1; 1418 1419 case LLCSAP_IPX: 1420 /* 1421 * Check for; 1422 * 1423 * Ethernet_II frames, which are Ethernet --- 20 unchanged lines hidden (view full) --- 1444 * XXX - should we generate the same code both 1445 * for tests for LLCSAP_IPX and for ETHERTYPE_IPX? 1446 / 1447* 1448 /* 1449 * This generates code to check both for the 1450 * IPX LSAP (Ethernet_802.2) and for Ethernet_802.3. 1451 */
1172 b0 = gen_cmp(off_linktype + 2, BPF_B, (bpf_int32)LLCSAP_IPX); 1173 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)0xFFFF);	1452 b0 = gen_cmp(OR_LINK, off_linktype + 2, BPF_B, 1453 (bpf_int32)LLCSAP_IPX); 1454 b1 = gen_cmp(OR_LINK, off_linktype + 2, BPF_H, 1455 (bpf_int32)0xFFFF);
1174 gen_or(b0, b1); 1175 1176 /* 1177 * Now we add code to check for SNAP frames with 1178 * ETHERTYPE_IPX, i.e. Ethernet_SNAP. 1179 / 1180* b0 = gen_snap(0x000000, ETHERTYPE_IPX, 14); 1181 gen_or(b0, b1); 1182 1183 /* 1184 * Now we generate code to check for 802.3 1185 * frames in general. 1186 */	1456 gen_or(b0, b1); 1457 1458 /* 1459 * Now we add code to check for SNAP frames with 1460 * ETHERTYPE_IPX, i.e. Ethernet_SNAP. 1461 / 1462* b0 = gen_snap(0x000000, ETHERTYPE_IPX, 14); 1463 gen_or(b0, b1); 1464 1465 /* 1466 * Now we generate code to check for 802.3 1467 * frames in general. 1468 */
1187 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);	1469 b0 = gen_cmp_gt(OR_LINK, off_linktype, BPF_H, ETHERMTU);
1188 gen_not(b0); 1189 1190 /* 1191 * Now add the check for 802.3 frames before the 1192 * check for Ethernet_802.2 and Ethernet_802.3, 1193 * as those checks should only be done on 802.3 1194 * frames, not on Ethernet frames. 1195 / 1196* gen_and(b0, b1); 1197 1198 /* 1199 * Now add the check for Ethernet_II frames, and 1200 * do that before checking for the other frame 1201 * types. 1202 */	1470 gen_not(b0); 1471 1472 /* 1473 * Now add the check for 802.3 frames before the 1474 * check for Ethernet_802.2 and Ethernet_802.3, 1475 * as those checks should only be done on 802.3 1476 * frames, not on Ethernet frames. 1477 / 1478* gen_and(b0, b1); 1479 1480 /* 1481 * Now add the check for Ethernet_II frames, and 1482 * do that before checking for the other frame 1483 * types. 1484 */
1203 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)ETHERTYPE_IPX);	1485 b0 = gen_cmp(OR_LINK, off_linktype, BPF_H, 1486 (bpf_int32)ETHERTYPE_IPX);
1204 gen_or(b0, b1); 1205 return b1; 1206 1207 case ETHERTYPE_ATALK: 1208 case ETHERTYPE_AARP: 1209 /* 1210 * EtherTalk (AppleTalk protocols on Ethernet link 1211 * layer) may use 802.2 encapsulation. 1212 / 1213* 1214 /* 1215 * Check for 802.2 encapsulation (EtherTalk phase 2?); 1216 * we check for an Ethernet type field less than 1217 * 1500, which means it's an 802.3 length field. 1218 */	1487 gen_or(b0, b1); 1488 return b1; 1489 1490 case ETHERTYPE_ATALK: 1491 case ETHERTYPE_AARP: 1492 /* 1493 * EtherTalk (AppleTalk protocols on Ethernet link 1494 * layer) may use 802.2 encapsulation. 1495 / 1496* 1497 /* 1498 * Check for 802.2 encapsulation (EtherTalk phase 2?); 1499 * we check for an Ethernet type field less than 1500 * 1500, which means it's an 802.3 length field. 1501 */
1219 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);	1502 b0 = gen_cmp_gt(OR_LINK, off_linktype, BPF_H, ETHERMTU);
1220 gen_not(b0); 1221 1222 /* 1223 * 802.2-encapsulated ETHERTYPE_ATALK packets are 1224 * SNAP packets with an organization code of 1225 * 0x080007 (Apple, for Appletalk) and a protocol 1226 * type of ETHERTYPE_ATALK (Appletalk). 1227 * --- 8 unchanged lines hidden (view full) --- 1236 b1 = gen_snap(0x000000, ETHERTYPE_AARP, 14); 1237 gen_and(b0, b1); 1238 1239 /* 1240 * Check for Ethernet encapsulation (Ethertalk 1241 * phase 1?); we just check for the Ethernet 1242 * protocol type. 1243 */	1503 gen_not(b0); 1504 1505 /* 1506 * 802.2-encapsulated ETHERTYPE_ATALK packets are 1507 * SNAP packets with an organization code of 1508 * 0x080007 (Apple, for Appletalk) and a protocol 1509 * type of ETHERTYPE_ATALK (Appletalk). 1510 * --- 8 unchanged lines hidden (view full) --- 1519 b1 = gen_snap(0x000000, ETHERTYPE_AARP, 14); 1520 gen_and(b0, b1); 1521 1522 /* 1523 * Check for Ethernet encapsulation (Ethertalk 1524 * phase 1?); we just check for the Ethernet 1525 * protocol type. 1526 */
1244 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);	1527 b0 = gen_cmp(OR_LINK, off_linktype, BPF_H, (bpf_int32)proto);
1245 1246 gen_or(b0, b1); 1247 return b1; 1248 1249 default: 1250 if (proto <= ETHERMTU) { 1251 /* 1252 * This is an LLC SAP value, so the frames 1253 * that match would be 802.2 frames. 1254 * Check that the frame is an 802.2 frame 1255 * (i.e., that the length/type field is 1256 * a length field, <= ETHERMTU) and 1257 * then check the DSAP. 1258 */	1528 1529 gen_or(b0, b1); 1530 return b1; 1531 1532 default: 1533 if (proto <= ETHERMTU) { 1534 /* 1535 * This is an LLC SAP value, so the frames 1536 * that match would be 802.2 frames. 1537 * Check that the frame is an 802.2 frame 1538 * (i.e., that the length/type field is 1539 * a length field, <= ETHERMTU) and 1540 * then check the DSAP. 1541 */
1259 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);	1542 b0 = gen_cmp_gt(OR_LINK, off_linktype, BPF_H, ETHERMTU);
1260 gen_not(b0);	1543 gen_not(b0);
1261 b1 = gen_cmp(off_linktype + 2, BPF_B, (bpf_int32)proto);	1544 b1 = gen_cmp(OR_LINK, off_linktype + 2, BPF_B, 1545 (bpf_int32)proto);
1262 gen_and(b0, b1); 1263 return b1; 1264 } else { 1265 /* 1266 * This is an Ethernet type, so compare 1267 * the length/type field with it (if 1268 * the frame is an 802.2 frame, the length 1269 * field will be <= ETHERMTU, and, as 1270 * "proto" is > ETHERMTU, this test 1271 * will fail and the frame won't match, 1272 * which is what we want). 1273 */	1546 gen_and(b0, b1); 1547 return b1; 1548 } else { 1549 /* 1550 * This is an Ethernet type, so compare 1551 * the length/type field with it (if 1552 * the frame is an 802.2 frame, the length 1553 * field will be <= ETHERMTU, and, as 1554 * "proto" is > ETHERMTU, this test 1555 * will fail and the frame won't match, 1556 * which is what we want). 1557 */
1274 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);	1558 return gen_cmp(OR_LINK, off_linktype, BPF_H, 1559 (bpf_int32)proto);
1275 } 1276 } 1277} 1278	1560 } 1561 } 1562} 1563
	1564/* 1565 * Generate code to match a particular packet type. 1566 * 1567 * "proto" is an Ethernet type value, if > ETHERMTU, or an LLC SAP 1568 * value, if <= ETHERMTU. We use that to determine whether to 1569 * match the type field or to check the type field for the special 1570 * LINUX_SLL_P_802_2 value and then do the appropriate test. 1571 */
1279static struct block * 1280gen_linux_sll_linktype(proto) 1281 register int proto; 1282{ 1283 struct block b0, b1; 1284 1285 switch (proto) { 1286	1572static struct block * 1573gen_linux_sll_linktype(proto) 1574 register int proto; 1575{ 1576 struct block b0, b1; 1577 1578 switch (proto) { 1579
1287 case LLCSAP_IP: 1288 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2); 1289 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32) 1290 ((LLCSAP_IP << 8) \| LLCSAP_IP)); 1291 gen_and(b0, b1); 1292 return b1; 1293
1294 case LLCSAP_ISONS:	1580 case LLCSAP_ISONS:
	1581 case LLCSAP_IP: 1582 case LLCSAP_NETBEUI:
1295 /*	1583 /*
1296 * OSI protocols always use 802.2 encapsulation.	1584 * OSI protocols and NetBEUI always use 802.2 encapsulation, 1585 * so we check the DSAP and SSAP. 1586 * 1587 * LLCSAP_IP checks for IP-over-802.2, rather 1588 * than IP-over-Ethernet or IP-over-SNAP. 1589 *
1297 * XXX - should we check both the DSAP and the 1298 * SSAP, like this, or should we check just the	1590 * XXX - should we check both the DSAP and the 1591 * SSAP, like this, or should we check just the
1299 * DSAP?	1592 * DSAP, as we do for other types <= ETHERMTU 1593 * (i.e., other SAP values)?
1300 */	1594 */
1301 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2); 1302 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32) 1303 ((LLCSAP_ISONS << 8) \| LLCSAP_ISONS));	1595 b0 = gen_cmp(OR_LINK, off_linktype, BPF_H, LINUX_SLL_P_802_2); 1596 b1 = gen_cmp(OR_LINK, off_linktype + 2, BPF_H, (bpf_int32) 1597 ((proto << 8) \| proto));
1304 gen_and(b0, b1); 1305 return b1; 1306	1598 gen_and(b0, b1); 1599 return b1; 1600
1307 case LLCSAP_NETBEUI: 1308 /* 1309 * NetBEUI always uses 802.2 encapsulation. 1310 * XXX - should we check both the DSAP and the 1311 * LSAP, like this, or should we check just the 1312 * DSAP? 1313 / 1314* b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2); 1315 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32) 1316 ((LLCSAP_NETBEUI << 8) \| LLCSAP_NETBEUI)); 1317 gen_and(b0, b1); 1318 return b1; 1319
1320 case LLCSAP_IPX: 1321 /* 1322 * Ethernet_II frames, which are Ethernet 1323 * frames with a frame type of ETHERTYPE_IPX; 1324 * 1325 * Ethernet_802.3 frames, which have a frame 1326 * type of LINUX_SLL_P_802_3; 1327 * --- 10 unchanged lines hidden (view full) --- 1338 * ID of ETHERTYPE_IPX in the SNAP header. 1339 * 1340 * First, do the checks on LINUX_SLL_P_802_2 1341 * frames; generate the check for either 1342 * Ethernet_802.2 or Ethernet_SNAP frames, and 1343 * then put a check for LINUX_SLL_P_802_2 frames 1344 * before it. 1345 */	1601 case LLCSAP_IPX: 1602 /* 1603 * Ethernet_II frames, which are Ethernet 1604 * frames with a frame type of ETHERTYPE_IPX; 1605 * 1606 * Ethernet_802.3 frames, which have a frame 1607 * type of LINUX_SLL_P_802_3; 1608 * --- 10 unchanged lines hidden (view full) --- 1619 * ID of ETHERTYPE_IPX in the SNAP header. 1620 * 1621 * First, do the checks on LINUX_SLL_P_802_2 1622 * frames; generate the check for either 1623 * Ethernet_802.2 or Ethernet_SNAP frames, and 1624 * then put a check for LINUX_SLL_P_802_2 frames 1625 * before it. 1626 */
1346 b0 = gen_cmp(off_linktype + 2, BPF_B,	1627 b0 = gen_cmp(OR_LINK, off_linktype + 2, BPF_B,
1347 (bpf_int32)LLCSAP_IPX); 1348 b1 = gen_snap(0x000000, ETHERTYPE_IPX, 1349 off_linktype + 2); 1350 gen_or(b0, b1);	1628 (bpf_int32)LLCSAP_IPX); 1629 b1 = gen_snap(0x000000, ETHERTYPE_IPX, 1630 off_linktype + 2); 1631 gen_or(b0, b1);
1351 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);	1632 b0 = gen_cmp(OR_LINK, off_linktype, BPF_H, LINUX_SLL_P_802_2);
1352 gen_and(b0, b1); 1353 1354 /* 1355 * Now check for 802.3 frames and OR that with 1356 * the previous test. 1357 */	1633 gen_and(b0, b1); 1634 1635 /* 1636 * Now check for 802.3 frames and OR that with 1637 * the previous test. 1638 */
1358 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_3);	1639 b0 = gen_cmp(OR_LINK, off_linktype, BPF_H, LINUX_SLL_P_802_3);
1359 gen_or(b0, b1); 1360 1361 /* 1362 * Now add the check for Ethernet_II frames, and 1363 * do that before checking for the other frame 1364 * types. 1365 */	1640 gen_or(b0, b1); 1641 1642 /* 1643 * Now add the check for Ethernet_II frames, and 1644 * do that before checking for the other frame 1645 * types. 1646 */
1366 b0 = gen_cmp(off_linktype, BPF_H,	1647 b0 = gen_cmp(OR_LINK, off_linktype, BPF_H,
1367 (bpf_int32)ETHERTYPE_IPX); 1368 gen_or(b0, b1); 1369 return b1; 1370 1371 case ETHERTYPE_ATALK: 1372 case ETHERTYPE_AARP: 1373 /* 1374 * EtherTalk (AppleTalk protocols on Ethernet link 1375 * layer) may use 802.2 encapsulation. 1376 / 1377* 1378 /* 1379 * Check for 802.2 encapsulation (EtherTalk phase 2?); 1380 * we check for the 802.2 protocol type in the 1381 * "Ethernet type" field. 1382 */	1648 (bpf_int32)ETHERTYPE_IPX); 1649 gen_or(b0, b1); 1650 return b1; 1651 1652 case ETHERTYPE_ATALK: 1653 case ETHERTYPE_AARP: 1654 /* 1655 * EtherTalk (AppleTalk protocols on Ethernet link 1656 * layer) may use 802.2 encapsulation. 1657 / 1658* 1659 /* 1660 * Check for 802.2 encapsulation (EtherTalk phase 2?); 1661 * we check for the 802.2 protocol type in the 1662 * "Ethernet type" field. 1663 */
1383 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);	1664 b0 = gen_cmp(OR_LINK, off_linktype, BPF_H, LINUX_SLL_P_802_2);
1384 1385 /* 1386 * 802.2-encapsulated ETHERTYPE_ATALK packets are 1387 * SNAP packets with an organization code of 1388 * 0x080007 (Apple, for Appletalk) and a protocol 1389 * type of ETHERTYPE_ATALK (Appletalk). 1390 * 1391 * 802.2-encapsulated ETHERTYPE_AARP packets are --- 9 unchanged lines hidden (view full) --- 1401 off_linktype + 2); 1402 gen_and(b0, b1); 1403 1404 /* 1405 * Check for Ethernet encapsulation (Ethertalk 1406 * phase 1?); we just check for the Ethernet 1407 * protocol type. 1408 */	1665 1666 /* 1667 * 802.2-encapsulated ETHERTYPE_ATALK packets are 1668 * SNAP packets with an organization code of 1669 * 0x080007 (Apple, for Appletalk) and a protocol 1670 * type of ETHERTYPE_ATALK (Appletalk). 1671 * 1672 * 802.2-encapsulated ETHERTYPE_AARP packets are --- 9 unchanged lines hidden (view full) --- 1682 off_linktype + 2); 1683 gen_and(b0, b1); 1684 1685 /* 1686 * Check for Ethernet encapsulation (Ethertalk 1687 * phase 1?); we just check for the Ethernet 1688 * protocol type. 1689 */
1409 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);	1690 b0 = gen_cmp(OR_LINK, off_linktype, BPF_H, (bpf_int32)proto);
1410 1411 gen_or(b0, b1); 1412 return b1; 1413 1414 default: 1415 if (proto <= ETHERMTU) { 1416 /* 1417 * This is an LLC SAP value, so the frames 1418 * that match would be 802.2 frames. 1419 * Check for the 802.2 protocol type 1420 * in the "Ethernet type" field, and 1421 * then check the DSAP. 1422 */	1691 1692 gen_or(b0, b1); 1693 return b1; 1694 1695 default: 1696 if (proto <= ETHERMTU) { 1697 /* 1698 * This is an LLC SAP value, so the frames 1699 * that match would be 802.2 frames. 1700 * Check for the 802.2 protocol type 1701 * in the "Ethernet type" field, and 1702 * then check the DSAP. 1703 */
1423 b0 = gen_cmp(off_linktype, BPF_H,	1704 b0 = gen_cmp(OR_LINK, off_linktype, BPF_H,
1424 LINUX_SLL_P_802_2);	1705 LINUX_SLL_P_802_2);
1425 b1 = gen_cmp(off_linktype + 2, BPF_B,	1706 b1 = gen_cmp(OR_LINK, off_linktype + 2, BPF_B,
1426 (bpf_int32)proto); 1427 gen_and(b0, b1); 1428 return b1; 1429 } else { 1430 /* 1431 * This is an Ethernet type, so compare 1432 * the length/type field with it (if 1433 * the frame is an 802.2 frame, the length 1434 * field will be <= ETHERMTU, and, as 1435 * "proto" is > ETHERMTU, this test 1436 * will fail and the frame won't match, 1437 * which is what we want). 1438 */	1707 (bpf_int32)proto); 1708 gen_and(b0, b1); 1709 return b1; 1710 } else { 1711 /* 1712 * This is an Ethernet type, so compare 1713 * the length/type field with it (if 1714 * the frame is an 802.2 frame, the length 1715 * field will be <= ETHERMTU, and, as 1716 * "proto" is > ETHERMTU, this test 1717 * will fail and the frame won't match, 1718 * which is what we want). 1719 */
1439 return gen_cmp(off_linktype, BPF_H,	1720 return gen_cmp(OR_LINK, off_linktype, BPF_H,
1440 (bpf_int32)proto); 1441 } 1442 } 1443} 1444	1721 (bpf_int32)proto); 1722 } 1723 } 1724} 1725
	1726static void 1727insert_radiotap_load_llprefixlen(b) 1728 struct block b; 1729{ 1730* struct slist s1, s2; 1731 1732 /* 1733 * Prepend to the statements in this block code to load the 1734 * length of the radiotap header into the register assigned 1735 * to hold that length, if one has been assigned. 1736 / 1737* if (reg_ll_size != -1) { 1738 /* 1739 * The 2 bytes at offsets of 2 and 3 from the beginning 1740 * of the radiotap header are the length of the radiotap 1741 * header; unfortunately, it's little-endian, so we have 1742 * to load it a byte at a time and construct the value. 1743 / 1744* 1745 /* 1746 * Load the high-order byte, at an offset of 3, shift it 1747 * left a byte, and put the result in the X register. 1748 / 1749* s1 = new_stmt(BPF_LD\|BPF_B\|BPF_ABS); 1750 s1->s.k = 3; 1751 s2 = new_stmt(BPF_ALU\|BPF_LSH\|BPF_K); 1752 sappend(s1, s2); 1753 s2->s.k = 8; 1754 s2 = new_stmt(BPF_MISC\|BPF_TAX); 1755 sappend(s1, s2); 1756 1757 /* 1758 * Load the next byte, at an offset of 2, and OR the 1759 * value from the X register into it. 1760 / 1761* s2 = new_stmt(BPF_LD\|BPF_B\|BPF_ABS); 1762 sappend(s1, s2); 1763 s2->s.k = 2; 1764 s2 = new_stmt(BPF_ALU\|BPF_OR\|BPF_X); 1765 sappend(s1, s2); 1766 1767 /* 1768 * Now allocate a register to hold that value and store 1769 * it. 1770 / 1771* s2 = new_stmt(BPF_ST); 1772 s2->s.k = reg_ll_size; 1773 sappend(s1, s2); 1774 1775 /* 1776 * Now move it into the X register. 1777 / 1778* s2 = new_stmt(BPF_MISC\|BPF_TAX); 1779 sappend(s1, s2); 1780 1781 /* 1782 * Now append all the existing statements in this 1783 * block to these statements. 1784 / 1785* sappend(s1, b->stmts); 1786 b->stmts = s1; 1787 } 1788} 1789 1790 1791static void 1792insert_load_llprefixlen(b) 1793 struct block b; 1794{ 1795* switch (linktype) { 1796 1797 case DLT_IEEE802_11_RADIO: 1798 insert_radiotap_load_llprefixlen(b); 1799 } 1800} 1801 1802 1803static struct slist * 1804gen_radiotap_llprefixlen(void) 1805{ 1806 struct slist s; 1807* 1808 if (reg_ll_size == -1) { 1809 /* 1810 * We haven't yet assigned a register for the length 1811 * of the radiotap header; allocate one. 1812 / 1813* reg_ll_size = alloc_reg(); 1814 } 1815 1816 /* 1817 * Load the register containing the radiotap length 1818 * into the X register. 1819 / 1820* s = new_stmt(BPF_LDX\|BPF_MEM); 1821 s->s.k = reg_ll_size; 1822 return s; 1823} 1824 1825/* 1826 * Generate code to compute the link-layer header length, if necessary, 1827 * putting it into the X register, and to return either a pointer to a 1828 * "struct slist" for the list of statements in that code, or NULL if 1829 * no code is necessary. 1830 / 1831static struct slist 1832gen_llprefixlen(void) 1833{ 1834 switch (linktype) { 1835 1836 case DLT_IEEE802_11_RADIO: 1837 return gen_radiotap_llprefixlen(); 1838 1839 default: 1840 return NULL; 1841 } 1842} 1843 1844/* 1845 * Generate code to match a particular packet type by matching the 1846 * link-layer type field or fields in the 802.2 LLC header. 1847 * 1848 * "proto" is an Ethernet type value, if > ETHERMTU, or an LLC SAP 1849 * value, if <= ETHERMTU. 1850 */
1445static struct block * 1446gen_linktype(proto) 1447 register int proto; 1448{ 1449 struct block b0, b1, b2; 1450* 1451 switch (linktype) { 1452 --- 5 unchanged lines hidden (view full) --- 1458 case DLT_C_HDLC: 1459 switch (proto) { 1460 1461 case LLCSAP_ISONS: 1462 proto = (proto << 8 \| LLCSAP_ISONS); 1463 /* fall through / 1464* 1465 default:	1851static struct block * 1852gen_linktype(proto) 1853 register int proto; 1854{ 1855 struct block b0, b1, b2; 1856* 1857 switch (linktype) { 1858 --- 5 unchanged lines hidden (view full) --- 1864 case DLT_C_HDLC: 1865 switch (proto) { 1866 1867 case LLCSAP_ISONS: 1868 proto = (proto << 8 \| LLCSAP_ISONS); 1869 /* fall through / 1870* 1871 default:
1466 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);	1872 return gen_cmp(OR_LINK, off_linktype, BPF_H, 1873 (bpf_int32)proto);
1467 /NOTREACHED/ 1468 break; 1469 } 1470 break; 1471	1874 /NOTREACHED/ 1875 break; 1876 } 1877 break; 1878
1472 case DLT_IEEE802_11: 1473 case DLT_PRISM_HEADER: 1474 case DLT_IEEE802_11_RADIO:
1475 case DLT_FDDI: 1476 case DLT_IEEE802:	1879 case DLT_FDDI: 1880 case DLT_IEEE802:
	1881 case DLT_IEEE802_11: 1882 case DLT_IEEE802_11_RADIO_AVS: 1883 case DLT_IEEE802_11_RADIO: 1884 case DLT_PRISM_HEADER:
1477 case DLT_ATM_RFC1483: 1478 case DLT_ATM_CLIP: 1479 case DLT_IP_OVER_FC:	1885 case DLT_ATM_RFC1483: 1886 case DLT_ATM_CLIP: 1887 case DLT_IP_OVER_FC:
1480 return gen_llc(proto);	1888 return gen_llc_linktype(proto);
1481 /NOTREACHED/ 1482 break; 1483 1484 case DLT_SUNATM: 1485 /* 1486 * If "is_lane" is set, check for a LANE-encapsulated 1487 * version of this protocol, otherwise check for an 1488 * LLC-encapsulated version of this protocol. 1489 * 1490 * We assume LANE means Ethernet, not Token Ring. 1491 / 1492* if (is_lane) { 1493 /* 1494 * Check that the packet doesn't begin with an 1495 * LE Control marker. (We've already generated 1496 * a test for LANE.) 1497 */	1889 /NOTREACHED/ 1890 break; 1891 1892 case DLT_SUNATM: 1893 /* 1894 * If "is_lane" is set, check for a LANE-encapsulated 1895 * version of this protocol, otherwise check for an 1896 * LLC-encapsulated version of this protocol. 1897 * 1898 * We assume LANE means Ethernet, not Token Ring. 1899 / 1900* if (is_lane) { 1901 /* 1902 * Check that the packet doesn't begin with an 1903 * LE Control marker. (We've already generated 1904 * a test for LANE.) 1905 */
1498 b0 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);	1906 b0 = gen_cmp(OR_LINK, SUNATM_PKT_BEGIN_POS, BPF_H, 1907 0xFF00);
1499 gen_not(b0); 1500 1501 /* 1502 * Now generate an Ethernet test. 1503 / 1504* b1 = gen_ether_linktype(proto); 1505 gen_and(b0, b1); 1506 return b1; 1507 } else { 1508 /* 1509 * Check for LLC encapsulation and then check the 1510 * protocol. 1511 / 1512* b0 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0);	1908 gen_not(b0); 1909 1910 /* 1911 * Now generate an Ethernet test. 1912 / 1913* b1 = gen_ether_linktype(proto); 1914 gen_and(b0, b1); 1915 return b1; 1916 } else { 1917 /* 1918 * Check for LLC encapsulation and then check the 1919 * protocol. 1920 / 1921* b0 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0);
1513 b1 = gen_llc(proto);	1922 b1 = gen_llc_linktype(proto);
1514 gen_and(b0, b1); 1515 return b1; 1516 }	1923 gen_and(b0, b1); 1924 return b1; 1925 }
	1926 /NOTREACHED/ 1927 break;
1517 1518 case DLT_LINUX_SLL: 1519 return gen_linux_sll_linktype(proto); 1520 /NOTREACHED/ 1521 break; 1522 1523 case DLT_SLIP: 1524 case DLT_SLIP_BSDOS: --- 73 unchanged lines hidden (view full) --- 1598 case DLT_PPP_BSDOS: 1599 /* 1600 * We use Ethernet protocol types inside libpcap; 1601 * map them to the corresponding PPP protocol types. 1602 / 1603* switch (proto) { 1604 1605 case ETHERTYPE_IP:	1928 1929 case DLT_LINUX_SLL: 1930 return gen_linux_sll_linktype(proto); 1931 /NOTREACHED/ 1932 break; 1933 1934 case DLT_SLIP: 1935 case DLT_SLIP_BSDOS: --- 73 unchanged lines hidden (view full) --- 2009 case DLT_PPP_BSDOS: 2010 /* 2011 * We use Ethernet protocol types inside libpcap; 2012 * map them to the corresponding PPP protocol types. 2013 / 2014* switch (proto) { 2015 2016 case ETHERTYPE_IP:
1606 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP); 1607 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC);	2017 b0 = gen_cmp(OR_LINK, off_linktype, BPF_H, PPP_IP); 2018 b1 = gen_cmp(OR_LINK, off_linktype, BPF_H, PPP_VJC);
1608 gen_or(b0, b1);	2019 gen_or(b0, b1);
1609 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC);	2020 b0 = gen_cmp(OR_LINK, off_linktype, BPF_H, PPP_VJNC);
1610 gen_or(b1, b0); 1611 return b0; 1612 1613#ifdef INET6 1614 case ETHERTYPE_IPV6: 1615 proto = PPP_IPV6; 1616 /* more to go? / 1617* break; --- 89 unchanged lines hidden (view full) --- 1707 * Then we run it through "htonl()", and 1708 * generate code to compare against the result. 1709 / 1710* if (bpf_pcap->sf.rfile != NULL && 1711 bpf_pcap->sf.swapped) 1712 proto = SWAPLONG(proto); 1713 proto = htonl(proto); 1714 }	2021 gen_or(b1, b0); 2022 return b0; 2023 2024#ifdef INET6 2025 case ETHERTYPE_IPV6: 2026 proto = PPP_IPV6; 2027 /* more to go? / 2028* break; --- 89 unchanged lines hidden (view full) --- 2118 * Then we run it through "htonl()", and 2119 * generate code to compare against the result. 2120 / 2121* if (bpf_pcap->sf.rfile != NULL && 2122 bpf_pcap->sf.swapped) 2123 proto = SWAPLONG(proto); 2124 proto = htonl(proto); 2125 }
1715 return (gen_cmp(0, BPF_W, (bpf_int32)proto));	2126 return (gen_cmp(OR_LINK, 0, BPF_W, (bpf_int32)proto));
1716 1717 case DLT_PFLOG: 1718 /* 1719 * af field is host byte order in contrast to the rest of 1720 * the packet. 1721 / 1722* if (proto == ETHERTYPE_IP)	2127 2128 case DLT_PFLOG: 2129 /* 2130 * af field is host byte order in contrast to the rest of 2131 * the packet. 2132 / 2133* if (proto == ETHERTYPE_IP)
1723 return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B, 1724 (bpf_int32)AF_INET));	2134 return (gen_cmp(OR_LINK, offsetof(struct pfloghdr, af), 2135 BPF_B, (bpf_int32)AF_INET));
1725#ifdef INET6 1726 else if (proto == ETHERTYPE_IPV6)	2136#ifdef INET6 2137 else if (proto == ETHERTYPE_IPV6)
1727 return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B, 1728 (bpf_int32)AF_INET6));	2138 return (gen_cmp(OR_LINK, offsetof(struct pfloghdr, af), 2139 BPF_B, (bpf_int32)AF_INET6));
1729#endif /* INET6 / 1730* else 1731 return gen_false(); 1732 /NOTREACHED/ 1733 break; 1734 1735 case DLT_ARCNET: 1736 case DLT_ARCNET_LINUX: 1737 /* 1738 * XXX should we check for first fragment if the protocol 1739 * uses PHDS? 1740 / 1741* switch (proto) { 1742 1743 default: 1744 return gen_false(); 1745 1746#ifdef INET6 1747 case ETHERTYPE_IPV6:	2140#endif /* INET6 / 2141* else 2142 return gen_false(); 2143 /NOTREACHED/ 2144 break; 2145 2146 case DLT_ARCNET: 2147 case DLT_ARCNET_LINUX: 2148 /* 2149 * XXX should we check for first fragment if the protocol 2150 * uses PHDS? 2151 / 2152* switch (proto) { 2153 2154 default: 2155 return gen_false(); 2156 2157#ifdef INET6 2158 case ETHERTYPE_IPV6:
1748 return (gen_cmp(off_linktype, BPF_B,	2159 return (gen_cmp(OR_LINK, off_linktype, BPF_B,
1749 (bpf_int32)ARCTYPE_INET6)); 1750#endif /* INET6 / 1751* 1752 case ETHERTYPE_IP:	2160 (bpf_int32)ARCTYPE_INET6)); 2161#endif /* INET6 / 2162* 2163 case ETHERTYPE_IP:
1753 b0 = gen_cmp(off_linktype, BPF_B,	2164 b0 = gen_cmp(OR_LINK, off_linktype, BPF_B,
1754 (bpf_int32)ARCTYPE_IP);	2165 (bpf_int32)ARCTYPE_IP);
1755 b1 = gen_cmp(off_linktype, BPF_B,	2166 b1 = gen_cmp(OR_LINK, off_linktype, BPF_B,
1756 (bpf_int32)ARCTYPE_IP_OLD); 1757 gen_or(b0, b1); 1758 return (b1); 1759 1760 case ETHERTYPE_ARP:	2167 (bpf_int32)ARCTYPE_IP_OLD); 2168 gen_or(b0, b1); 2169 return (b1); 2170 2171 case ETHERTYPE_ARP:
1761 b0 = gen_cmp(off_linktype, BPF_B,	2172 b0 = gen_cmp(OR_LINK, off_linktype, BPF_B,
1762 (bpf_int32)ARCTYPE_ARP);	2173 (bpf_int32)ARCTYPE_ARP);
1763 b1 = gen_cmp(off_linktype, BPF_B,	2174 b1 = gen_cmp(OR_LINK, off_linktype, BPF_B,
1764 (bpf_int32)ARCTYPE_ARP_OLD); 1765 gen_or(b0, b1); 1766 return (b1); 1767 1768 case ETHERTYPE_REVARP:	2175 (bpf_int32)ARCTYPE_ARP_OLD); 2176 gen_or(b0, b1); 2177 return (b1); 2178 2179 case ETHERTYPE_REVARP:
1769 return (gen_cmp(off_linktype, BPF_B,	2180 return (gen_cmp(OR_LINK, off_linktype, BPF_B,
1770 (bpf_int32)ARCTYPE_REVARP)); 1771 1772 case ETHERTYPE_ATALK:	2181 (bpf_int32)ARCTYPE_REVARP)); 2182 2183 case ETHERTYPE_ATALK:
1773 return (gen_cmp(off_linktype, BPF_B,	2184 return (gen_cmp(OR_LINK, off_linktype, BPF_B,
1774 (bpf_int32)ARCTYPE_ATALK)); 1775 } 1776 /NOTREACHED/ 1777 break; 1778 1779 case DLT_LTALK: 1780 switch (proto) { 1781 case ETHERTYPE_ATALK: --- 10 unchanged lines hidden (view full) --- 1792 * DLCI and flags. What if the address is longer? 1793 / 1794* switch (proto) { 1795 1796 case ETHERTYPE_IP: 1797 /* 1798 * Check for the special NLPID for IP. 1799 */	2185 (bpf_int32)ARCTYPE_ATALK)); 2186 } 2187 /NOTREACHED/ 2188 break; 2189 2190 case DLT_LTALK: 2191 switch (proto) { 2192 case ETHERTYPE_ATALK: --- 10 unchanged lines hidden (view full) --- 2203 * DLCI and flags. What if the address is longer? 2204 / 2205* switch (proto) { 2206 2207 case ETHERTYPE_IP: 2208 /* 2209 * Check for the special NLPID for IP. 2210 */
1800 return gen_cmp(2, BPF_H, (0x03<<8) \| 0xcc);	2211 return gen_cmp(OR_LINK, 2, BPF_H, (0x03<<8) \| 0xcc);
1801 1802#ifdef INET6 1803 case ETHERTYPE_IPV6: 1804 /* 1805 * Check for the special NLPID for IPv6. 1806 */	2212 2213#ifdef INET6 2214 case ETHERTYPE_IPV6: 2215 /* 2216 * Check for the special NLPID for IPv6. 2217 */
1807 return gen_cmp(2, BPF_H, (0x03<<8) \| 0x8e);	2218 return gen_cmp(OR_LINK, 2, BPF_H, (0x03<<8) \| 0x8e);
1808#endif 1809 1810 case LLCSAP_ISONS: 1811 /* 1812 * Check for several OSI protocols. 1813 * 1814 * Frame Relay packets typically have an OSI 1815 * NLPID at the beginning; we check for each 1816 * of them. 1817 * 1818 * What we check for is the NLPID and a frame 1819 * control field of UI, i.e. 0x03 followed 1820 * by the NLPID. 1821 */	2219#endif 2220 2221 case LLCSAP_ISONS: 2222 /* 2223 * Check for several OSI protocols. 2224 * 2225 * Frame Relay packets typically have an OSI 2226 * NLPID at the beginning; we check for each 2227 * of them. 2228 * 2229 * What we check for is the NLPID and a frame 2230 * control field of UI, i.e. 0x03 followed 2231 * by the NLPID. 2232 */
1822 b0 = gen_cmp(2, BPF_H, (0x03<<8) \| ISO8473_CLNP); 1823 b1 = gen_cmp(2, BPF_H, (0x03<<8) \| ISO9542_ESIS); 1824 b2 = gen_cmp(2, BPF_H, (0x03<<8) \| ISO10589_ISIS);	2233 b0 = gen_cmp(OR_LINK, 2, BPF_H, (0x03<<8) \| ISO8473_CLNP); 2234 b1 = gen_cmp(OR_LINK, 2, BPF_H, (0x03<<8) \| ISO9542_ESIS); 2235 b2 = gen_cmp(OR_LINK, 2, BPF_H, (0x03<<8) \| ISO10589_ISIS);
1825 gen_or(b1, b2); 1826 gen_or(b0, b2); 1827 return b2; 1828 1829 default: 1830 return gen_false(); 1831 } 1832 /NOTREACHED/ 1833 break; 1834 1835 case DLT_JUNIPER_MLFR: 1836 case DLT_JUNIPER_MLPPP: 1837 case DLT_JUNIPER_ATM1: 1838 case DLT_JUNIPER_ATM2:	2236 gen_or(b1, b2); 2237 gen_or(b0, b2); 2238 return b2; 2239 2240 default: 2241 return gen_false(); 2242 } 2243 /NOTREACHED/ 2244 break; 2245 2246 case DLT_JUNIPER_MLFR: 2247 case DLT_JUNIPER_MLPPP: 2248 case DLT_JUNIPER_ATM1: 2249 case DLT_JUNIPER_ATM2:
	2250 case DLT_JUNIPER_PPPOE: 2251 case DLT_JUNIPER_PPPOE_ATM: 2252 case DLT_JUNIPER_GGSN: 2253 case DLT_JUNIPER_ES: 2254 case DLT_JUNIPER_MONITOR: 2255 case DLT_JUNIPER_SERVICES:
1839 /* just lets verify the magic number for now - 1840 * on ATM we may have up to 6 different encapsulations on the wire 1841 * and need a lot of heuristics to figure out that the payload 1842 * might be; 1843 * 1844 * FIXME encapsulation specific BPF_ filters 1845 */	2256 /* just lets verify the magic number for now - 2257 * on ATM we may have up to 6 different encapsulations on the wire 2258 * and need a lot of heuristics to figure out that the payload 2259 * might be; 2260 * 2261 * FIXME encapsulation specific BPF_ filters 2262 */
1846 return gen_mcmp(0, BPF_W, 0x4d474300, 0xffffff00); /* compare the magic number */	2263 return gen_mcmp(OR_LINK, 0, BPF_W, 0x4d474300, 0xffffff00); /* compare the magic number */
1847 1848 case DLT_LINUX_IRDA: 1849 bpf_error("IrDA link-layer type filtering not implemented"); 1850 1851 case DLT_DOCSIS: 1852 bpf_error("DOCSIS link-layer type filtering not implemented");	2264 2265 case DLT_LINUX_IRDA: 2266 bpf_error("IrDA link-layer type filtering not implemented"); 2267 2268 case DLT_DOCSIS: 2269 bpf_error("DOCSIS link-layer type filtering not implemented");
	2270 2271 case DLT_LINUX_LAPD: 2272 bpf_error("LAPD link-layer type filtering not implemented");
1853 } 1854 1855 /* 1856 * All the types that have no encapsulation should either be 1857 * handled as DLT_SLIP, DLT_SLIP_BSDOS, and DLT_RAW are, if 1858 * all packets are IP packets, or should be handled in some 1859 * special case, if none of them are (if some are and some 1860 * aren't, the lack of encapsulation is a problem, as we'd --- 8 unchanged lines hidden (view full) --- 1869 * Any type not handled above should always have an Ethernet 1870 * type at an offset of "off_linktype". (PPP is partially 1871 * handled above - the protocol type is mapped from the 1872 * Ethernet and LLC types we use internally to the corresponding 1873 * PPP type - but the PPP type is always specified by a value 1874 * at "off_linktype", so we don't have to do the code generation 1875 * above.) 1876 */	2273 } 2274 2275 /* 2276 * All the types that have no encapsulation should either be 2277 * handled as DLT_SLIP, DLT_SLIP_BSDOS, and DLT_RAW are, if 2278 * all packets are IP packets, or should be handled in some 2279 * special case, if none of them are (if some are and some 2280 * aren't, the lack of encapsulation is a problem, as we'd --- 8 unchanged lines hidden (view full) --- 2289 * Any type not handled above should always have an Ethernet 2290 * type at an offset of "off_linktype". (PPP is partially 2291 * handled above - the protocol type is mapped from the 2292 * Ethernet and LLC types we use internally to the corresponding 2293 * PPP type - but the PPP type is always specified by a value 2294 * at "off_linktype", so we don't have to do the code generation 2295 * above.) 2296 */
1877 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);	2297 return gen_cmp(OR_LINK, off_linktype, BPF_H, (bpf_int32)proto);
1878} 1879 1880/* 1881 * Check for an LLC SNAP packet with a given organization code and 1882 * protocol type; we check the entire contents of the 802.2 LLC and 1883 * snap headers, checking for DSAP and SSAP of SNAP and a control 1884 * field of 0x03 in the LLC header, and for the specified organization 1885 * code and protocol type in the SNAP header. --- 9 unchanged lines hidden (view full) --- 1895 snapblock[0] = LLCSAP_SNAP; /* DSAP = SNAP / 1896* snapblock[1] = LLCSAP_SNAP; /* SSAP = SNAP / 1897* snapblock[2] = 0x03; /* control = UI / 1898* snapblock[3] = (orgcode >> 16); /* upper 8 bits of organization code / 1899* snapblock[4] = (orgcode >> 8); /* middle 8 bits of organization code / 1900* snapblock[5] = (orgcode >> 0); /* lower 8 bits of organization code / 1901* snapblock[6] = (ptype >> 8); /* upper 8 bits of protocol type / 1902* snapblock[7] = (ptype >> 0); /* lower 8 bits of protocol type */	2298} 2299 2300/* 2301 * Check for an LLC SNAP packet with a given organization code and 2302 * protocol type; we check the entire contents of the 802.2 LLC and 2303 * snap headers, checking for DSAP and SSAP of SNAP and a control 2304 * field of 0x03 in the LLC header, and for the specified organization 2305 * code and protocol type in the SNAP header. --- 9 unchanged lines hidden (view full) --- 2315 snapblock[0] = LLCSAP_SNAP; /* DSAP = SNAP / 2316* snapblock[1] = LLCSAP_SNAP; /* SSAP = SNAP / 2317* snapblock[2] = 0x03; /* control = UI / 2318* snapblock[3] = (orgcode >> 16); /* upper 8 bits of organization code / 2319* snapblock[4] = (orgcode >> 8); /* middle 8 bits of organization code / 2320* snapblock[5] = (orgcode >> 0); /* lower 8 bits of organization code / 2321* snapblock[6] = (ptype >> 8); /* upper 8 bits of protocol type / 2322* snapblock[7] = (ptype >> 0); /* lower 8 bits of protocol type */
1903 return gen_bcmp(offset, 8, snapblock);	2323 return gen_bcmp(OR_LINK, offset, 8, snapblock);
1904} 1905 1906/*	2324} 2325 2326/*
1907 * Check for a given protocol value assuming an 802.2 LLC header.	2327 * Generate code to match a particular packet type, for link-layer types 2328 * using 802.2 LLC headers. 2329 * 2330 * This is NOT used for Ethernet; "gen_ether_linktype()" is used 2331 * for that - it handles the D/I/X Ethernet vs. 802.3+802.2 issues. 2332 * 2333 * "proto" is an Ethernet type value, if > ETHERMTU, or an LLC SAP 2334 * value, if <= ETHERMTU. We use that to determine whether to 2335 * match the DSAP or both DSAP and LSAP or to check the OUI and 2336 * protocol ID in a SNAP header.
1908 / 1909static struct block	2337 / 2338static struct block
1910gen_llc(proto)	2339gen_llc_linktype(proto)
1911 int proto; 1912{ 1913 /* 1914 * XXX - handle token-ring variable-length header. 1915 / 1916* switch (proto) { 1917 1918 case LLCSAP_IP:	2340 int proto; 2341{ 2342 /* 2343 * XXX - handle token-ring variable-length header. 2344 / 2345* switch (proto) { 2346 2347 case LLCSAP_IP:
1919 return gen_cmp(off_linktype, BPF_H, (long) 1920 ((LLCSAP_IP << 8) \| LLCSAP_IP)); 1921
1922 case LLCSAP_ISONS:	2348 case LLCSAP_ISONS:
1923 return gen_cmp(off_linktype, BPF_H, (long) 1924 ((LLCSAP_ISONS << 8) \| LLCSAP_ISONS)); 1925
1926 case LLCSAP_NETBEUI:	2349 case LLCSAP_NETBEUI:
1927 return gen_cmp(off_linktype, BPF_H, (long) 1928 ((LLCSAP_NETBEUI << 8) \| LLCSAP_NETBEUI));	2350 /* 2351 * XXX - should we check both the DSAP and the 2352 * SSAP, like this, or should we check just the 2353 * DSAP, as we do for other types <= ETHERMTU 2354 * (i.e., other SAP values)? 2355 / 2356* return gen_cmp(OR_LINK, off_linktype, BPF_H, (bpf_u_int32) 2357 ((proto << 8) \| proto));
1929 1930 case LLCSAP_IPX: 1931 /* 1932 * XXX - are there ever SNAP frames for IPX on 1933 * non-Ethernet 802.x networks? 1934 */	2358 2359 case LLCSAP_IPX: 2360 /* 2361 * XXX - are there ever SNAP frames for IPX on 2362 * non-Ethernet 802.x networks? 2363 */
1935 return gen_cmp(off_linktype, BPF_B, (bpf_int32)LLCSAP_IPX);	2364 return gen_cmp(OR_LINK, off_linktype, BPF_B, 2365 (bpf_int32)LLCSAP_IPX);
1936 1937 case ETHERTYPE_ATALK: 1938 /* 1939 * 802.2-encapsulated ETHERTYPE_ATALK packets are 1940 * SNAP packets with an organization code of 1941 * 0x080007 (Apple, for Appletalk) and a protocol 1942 * type of ETHERTYPE_ATALK (Appletalk). 1943 * --- 7 unchanged lines hidden (view full) --- 1951 * XXX - we don't have to check for IPX 802.3 1952 * here, but should we check for the IPX Ethertype? 1953 / 1954* if (proto <= ETHERMTU) { 1955 /* 1956 * This is an LLC SAP value, so check 1957 * the DSAP. 1958 */	2366 2367 case ETHERTYPE_ATALK: 2368 /* 2369 * 802.2-encapsulated ETHERTYPE_ATALK packets are 2370 * SNAP packets with an organization code of 2371 * 0x080007 (Apple, for Appletalk) and a protocol 2372 * type of ETHERTYPE_ATALK (Appletalk). 2373 * --- 7 unchanged lines hidden (view full) --- 2381 * XXX - we don't have to check for IPX 802.3 2382 * here, but should we check for the IPX Ethertype? 2383 / 2384* if (proto <= ETHERMTU) { 2385 /* 2386 * This is an LLC SAP value, so check 2387 * the DSAP. 2388 */
1959 return gen_cmp(off_linktype, BPF_B, (bpf_int32)proto);	2389 return gen_cmp(OR_LINK, off_linktype, BPF_B, 2390 (bpf_int32)proto);
1960 } else { 1961 /* 1962 * This is an Ethernet type; we assume that it's 1963 * unlikely that it'll appear in the right place 1964 * at random, and therefore check only the 1965 * location that would hold the Ethernet type 1966 * in a SNAP frame with an organization code of 1967 * 0x000000 (encapsulated Ethernet). --- 5 unchanged lines hidden (view full) --- 1973 * 1974 * return gen_snap(0x000000, proto, 1975 * off_linktype); 1976 * 1977 * here; for now, we don't, as per the above. 1978 * I don't know whether it's worth the extra CPU 1979 * time to do the right check or not. 1980 */	2391 } else { 2392 /* 2393 * This is an Ethernet type; we assume that it's 2394 * unlikely that it'll appear in the right place 2395 * at random, and therefore check only the 2396 * location that would hold the Ethernet type 2397 * in a SNAP frame with an organization code of 2398 * 0x000000 (encapsulated Ethernet). --- 5 unchanged lines hidden (view full) --- 2404 * 2405 * return gen_snap(0x000000, proto, 2406 * off_linktype); 2407 * 2408 * here; for now, we don't, as per the above. 2409 * I don't know whether it's worth the extra CPU 2410 * time to do the right check or not. 2411 */
1981 return gen_cmp(off_linktype+6, BPF_H, (bpf_int32)proto);	2412 return gen_cmp(OR_LINK, off_linktype+6, BPF_H, 2413 (bpf_int32)proto);
1982 } 1983 } 1984} 1985 1986static struct block * 1987gen_hostop(addr, mask, dir, proto, src_off, dst_off) 1988 bpf_u_int32 addr; 1989 bpf_u_int32 mask; --- 25 unchanged lines hidden (view full) --- 2015 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off); 2016 gen_or(b0, b1); 2017 return b1; 2018 2019 default: 2020 abort(); 2021 } 2022 b0 = gen_linktype(proto);	2414 } 2415 } 2416} 2417 2418static struct block * 2419gen_hostop(addr, mask, dir, proto, src_off, dst_off) 2420 bpf_u_int32 addr; 2421 bpf_u_int32 mask; --- 25 unchanged lines hidden (view full) --- 2447 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off); 2448 gen_or(b0, b1); 2449 return b1; 2450 2451 default: 2452 abort(); 2453 } 2454 b0 = gen_linktype(proto);
2023 b1 = gen_mcmp(offset, BPF_W, (bpf_int32)addr, mask);	2455 b1 = gen_mcmp(OR_NET, offset, BPF_W, (bpf_int32)addr, mask);
2024 gen_and(b0, b1); 2025 return b1; 2026} 2027 2028#ifdef INET6 2029static struct block * 2030gen_hostop6(addr, mask, dir, proto, src_off, dst_off) 2031 struct in6_addr addr; --- 29 unchanged lines hidden* (view full) --- 2061 return b1; 2062 2063 default: 2064 abort(); 2065 } 2066 /* this order is important / 2067* a = (u_int32_t )addr; 2068* m = (u_int32_t *)mask;	2456 gen_and(b0, b1); 2457 return b1; 2458} 2459 2460#ifdef INET6 2461static struct block * 2462gen_hostop6(addr, mask, dir, proto, src_off, dst_off) 2463 struct in6_addr addr; --- 29 unchanged lines hidden* (view full) --- 2493 return b1; 2494 2495 default: 2496 abort(); 2497 } 2498 /* this order is important / 2499* a = (u_int32_t )addr; 2500* m = (u_int32_t *)mask;
2069 b1 = gen_mcmp(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3])); 2070 b0 = gen_mcmp(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2]));	2501 b1 = gen_mcmp(OR_NET, offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3])); 2502 b0 = gen_mcmp(OR_NET, offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2]));
2071 gen_and(b0, b1);	2503 gen_and(b0, b1);
2072 b0 = gen_mcmp(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1]));	2504 b0 = gen_mcmp(OR_NET, offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1]));
2073 gen_and(b0, b1);	2505 gen_and(b0, b1);
2074 b0 = gen_mcmp(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0]));	2506 b0 = gen_mcmp(OR_NET, offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0]));
2075 gen_and(b0, b1); 2076 b0 = gen_linktype(proto); 2077 gen_and(b0, b1); 2078 return b1; 2079} 2080#endif /INET6/ 2081 2082static struct block * 2083gen_ehostop(eaddr, dir) 2084 register const u_char eaddr; 2085* register int dir; 2086{ 2087 register struct block b0, b1; 2088 2089 switch (dir) { 2090 case Q_SRC:	2507 gen_and(b0, b1); 2508 b0 = gen_linktype(proto); 2509 gen_and(b0, b1); 2510 return b1; 2511} 2512#endif /INET6/ 2513 2514static struct block * 2515gen_ehostop(eaddr, dir) 2516 register const u_char eaddr; 2517* register int dir; 2518{ 2519 register struct block b0, b1; 2520 2521 switch (dir) { 2522 case Q_SRC:
2091 return gen_bcmp(off_mac + 6, 6, eaddr);	2523 return gen_bcmp(OR_LINK, off_mac + 6, 6, eaddr);
2092 2093 case Q_DST:	2524 2525 case Q_DST:
2094 return gen_bcmp(off_mac + 0, 6, eaddr);	2526 return gen_bcmp(OR_LINK, off_mac + 0, 6, eaddr);
2095 2096 case Q_AND: 2097 b0 = gen_ehostop(eaddr, Q_SRC); 2098 b1 = gen_ehostop(eaddr, Q_DST); 2099 gen_and(b0, b1); 2100 return b1; 2101 2102 case Q_DEFAULT: --- 15 unchanged lines hidden (view full) --- 2118 register const u_char eaddr; 2119* register int dir; 2120{ 2121 struct block b0, b1; 2122 2123 switch (dir) { 2124 case Q_SRC: 2125#ifdef PCAP_FDDIPAD	2527 2528 case Q_AND: 2529 b0 = gen_ehostop(eaddr, Q_SRC); 2530 b1 = gen_ehostop(eaddr, Q_DST); 2531 gen_and(b0, b1); 2532 return b1; 2533 2534 case Q_DEFAULT: --- 15 unchanged lines hidden (view full) --- 2550 register const u_char eaddr; 2551* register int dir; 2552{ 2553 struct block b0, b1; 2554 2555 switch (dir) { 2556 case Q_SRC: 2557#ifdef PCAP_FDDIPAD
2126 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr);	2558 return gen_bcmp(OR_LINK, 6 + 1 + pcap_fddipad, 6, eaddr);
2127#else	2559#else
2128 return gen_bcmp(6 + 1, 6, eaddr);	2560 return gen_bcmp(OR_LINK, 6 + 1, 6, eaddr);
2129#endif 2130 2131 case Q_DST: 2132#ifdef PCAP_FDDIPAD	2561#endif 2562 2563 case Q_DST: 2564#ifdef PCAP_FDDIPAD
2133 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr);	2565 return gen_bcmp(OR_LINK, 0 + 1 + pcap_fddipad, 6, eaddr);
2134#else	2566#else
2135 return gen_bcmp(0 + 1, 6, eaddr);	2567 return gen_bcmp(OR_LINK, 0 + 1, 6, eaddr);
2136#endif 2137 2138 case Q_AND: 2139 b0 = gen_fhostop(eaddr, Q_SRC); 2140 b1 = gen_fhostop(eaddr, Q_DST); 2141 gen_and(b0, b1); 2142 return b1; 2143 --- 15 unchanged lines hidden (view full) --- 2159gen_thostop(eaddr, dir) 2160 register const u_char eaddr; 2161* register int dir; 2162{ 2163 register struct block b0, b1; 2164 2165 switch (dir) { 2166 case Q_SRC:	2568#endif 2569 2570 case Q_AND: 2571 b0 = gen_fhostop(eaddr, Q_SRC); 2572 b1 = gen_fhostop(eaddr, Q_DST); 2573 gen_and(b0, b1); 2574 return b1; 2575 --- 15 unchanged lines hidden (view full) --- 2591gen_thostop(eaddr, dir) 2592 register const u_char eaddr; 2593* register int dir; 2594{ 2595 register struct block b0, b1; 2596 2597 switch (dir) { 2598 case Q_SRC:
2167 return gen_bcmp(8, 6, eaddr);	2599 return gen_bcmp(OR_LINK, 8, 6, eaddr);
2168 2169 case Q_DST:	2600 2601 case Q_DST:
2170 return gen_bcmp(2, 6, eaddr);	2602 return gen_bcmp(OR_LINK, 2, 6, eaddr);
2171 2172 case Q_AND: 2173 b0 = gen_thostop(eaddr, Q_SRC); 2174 b1 = gen_thostop(eaddr, Q_DST); 2175 gen_and(b0, b1); 2176 return b1; 2177 2178 case Q_DEFAULT: --- 40 unchanged lines hidden (view full) --- 2219 / 2220* 2221 /* 2222 * Generate the tests to be done for data frames 2223 * with From DS set. 2224 * 2225 * First, check for To DS set, i.e. check "link[1] & 0x01". 2226 */	2603 2604 case Q_AND: 2605 b0 = gen_thostop(eaddr, Q_SRC); 2606 b1 = gen_thostop(eaddr, Q_DST); 2607 gen_and(b0, b1); 2608 return b1; 2609 2610 case Q_DEFAULT: --- 40 unchanged lines hidden (view full) --- 2651 / 2652* 2653 /* 2654 * Generate the tests to be done for data frames 2655 * with From DS set. 2656 * 2657 * First, check for To DS set, i.e. check "link[1] & 0x01". 2658 */
2227 s = new_stmt(BPF_LD\|BPF_B\|BPF_ABS); 2228 s->s.k = 1;	2659 s = gen_load_a(OR_LINK, 1, BPF_B);
2229 b1 = new_block(JMP(BPF_JSET)); 2230 b1->s.k = 0x01; /* To DS / 2231* b1->stmts = s; 2232 2233 /* 2234 * If To DS is set, the SA is at 24. 2235 */	2660 b1 = new_block(JMP(BPF_JSET)); 2661 b1->s.k = 0x01; /* To DS / 2662* b1->stmts = s; 2663 2664 /* 2665 * If To DS is set, the SA is at 24. 2666 */
2236 b0 = gen_bcmp(24, 6, eaddr);	2667 b0 = gen_bcmp(OR_LINK, 24, 6, eaddr);
2237 gen_and(b1, b0); 2238 2239 /* 2240 * Now, check for To DS not set, i.e. check 2241 * "!(link[1] & 0x01)". 2242 */	2668 gen_and(b1, b0); 2669 2670 /* 2671 * Now, check for To DS not set, i.e. check 2672 * "!(link[1] & 0x01)". 2673 */
2243 s = new_stmt(BPF_LD\|BPF_B\|BPF_ABS); 2244 s->s.k = 1;	2674 s = gen_load_a(OR_LINK, 1, BPF_B);
2245 b2 = new_block(JMP(BPF_JSET)); 2246 b2->s.k = 0x01; /* To DS / 2247* b2->stmts = s; 2248 gen_not(b2); 2249 2250 /* 2251 * If To DS is not set, the SA is at 16. 2252 */	2675 b2 = new_block(JMP(BPF_JSET)); 2676 b2->s.k = 0x01; /* To DS / 2677* b2->stmts = s; 2678 gen_not(b2); 2679 2680 /* 2681 * If To DS is not set, the SA is at 16. 2682 */
2253 b1 = gen_bcmp(16, 6, eaddr);	2683 b1 = gen_bcmp(OR_LINK, 16, 6, eaddr);
2254 gen_and(b2, b1); 2255 2256 /* 2257 * Now OR together the last two checks. That gives 2258 * the complete set of checks for data frames with 2259 * From DS set. 2260 / 2261* gen_or(b1, b0); 2262 2263 /* 2264 * Now check for From DS being set, and AND that with 2265 * the ORed-together checks. 2266 */	2684 gen_and(b2, b1); 2685 2686 /* 2687 * Now OR together the last two checks. That gives 2688 * the complete set of checks for data frames with 2689 * From DS set. 2690 / 2691* gen_or(b1, b0); 2692 2693 /* 2694 * Now check for From DS being set, and AND that with 2695 * the ORed-together checks. 2696 */
2267 s = new_stmt(BPF_LD\|BPF_B\|BPF_ABS); 2268 s->s.k = 1;	2697 s = gen_load_a(OR_LINK, 1, BPF_B);
2269 b1 = new_block(JMP(BPF_JSET)); 2270 b1->s.k = 0x02; /* From DS / 2271* b1->stmts = s; 2272 gen_and(b1, b0); 2273 2274 /* 2275 * Now check for data frames with From DS not set. 2276 */	2698 b1 = new_block(JMP(BPF_JSET)); 2699 b1->s.k = 0x02; /* From DS / 2700* b1->stmts = s; 2701 gen_and(b1, b0); 2702 2703 /* 2704 * Now check for data frames with From DS not set. 2705 */
2277 s = new_stmt(BPF_LD\|BPF_B\|BPF_ABS); 2278 s->s.k = 1;	2706 s = gen_load_a(OR_LINK, 1, BPF_B);
2279 b2 = new_block(JMP(BPF_JSET)); 2280 b2->s.k = 0x02; /* From DS / 2281* b2->stmts = s; 2282 gen_not(b2); 2283 2284 /* 2285 * If From DS isn't set, the SA is at 10. 2286 */	2707 b2 = new_block(JMP(BPF_JSET)); 2708 b2->s.k = 0x02; /* From DS / 2709* b2->stmts = s; 2710 gen_not(b2); 2711 2712 /* 2713 * If From DS isn't set, the SA is at 10. 2714 */
2287 b1 = gen_bcmp(10, 6, eaddr);	2715 b1 = gen_bcmp(OR_LINK, 10, 6, eaddr);
2288 gen_and(b2, b1); 2289 2290 /* 2291 * Now OR together the checks for data frames with 2292 * From DS not set and for data frames with From DS 2293 * set; that gives the checks done for data frames. 2294 / 2295* gen_or(b1, b0); 2296 2297 /* 2298 * Now check for a data frame. 2299 * I.e, check "link[0] & 0x08". 2300 */	2716 gen_and(b2, b1); 2717 2718 /* 2719 * Now OR together the checks for data frames with 2720 * From DS not set and for data frames with From DS 2721 * set; that gives the checks done for data frames. 2722 / 2723* gen_or(b1, b0); 2724 2725 /* 2726 * Now check for a data frame. 2727 * I.e, check "link[0] & 0x08". 2728 */
2301 s = new_stmt(BPF_LD\|BPF_B\|BPF_ABS); 2302 s->s.k = 0;	2729 gen_load_a(OR_LINK, 0, BPF_B);
2303 b1 = new_block(JMP(BPF_JSET)); 2304 b1->s.k = 0x08; 2305 b1->stmts = s; 2306 2307 /* 2308 * AND that with the checks done for data frames. 2309 / 2310* gen_and(b1, b0); 2311 2312 /* 2313 * If the high-order bit of the type value is 0, this 2314 * is a management frame. 2315 * I.e, check "!(link[0] & 0x08)". 2316 */	2730 b1 = new_block(JMP(BPF_JSET)); 2731 b1->s.k = 0x08; 2732 b1->stmts = s; 2733 2734 /* 2735 * AND that with the checks done for data frames. 2736 / 2737* gen_and(b1, b0); 2738 2739 /* 2740 * If the high-order bit of the type value is 0, this 2741 * is a management frame. 2742 * I.e, check "!(link[0] & 0x08)". 2743 */
2317 s = new_stmt(BPF_LD\|BPF_B\|BPF_ABS); 2318 s->s.k = 0;	2744 s = gen_load_a(OR_LINK, 0, BPF_B);
2319 b2 = new_block(JMP(BPF_JSET)); 2320 b2->s.k = 0x08; 2321 b2->stmts = s; 2322 gen_not(b2); 2323 2324 /* 2325 * For management frames, the SA is at 10. 2326 */	2745 b2 = new_block(JMP(BPF_JSET)); 2746 b2->s.k = 0x08; 2747 b2->stmts = s; 2748 gen_not(b2); 2749 2750 /* 2751 * For management frames, the SA is at 10. 2752 */
2327 b1 = gen_bcmp(10, 6, eaddr);	2753 b1 = gen_bcmp(OR_LINK, 10, 6, eaddr);
2328 gen_and(b2, b1); 2329 2330 /* 2331 * OR that with the checks done for data frames. 2332 * That gives the checks done for management and 2333 * data frames. 2334 / 2335* gen_or(b1, b0); 2336 2337 /* 2338 * If the low-order bit of the type value is 1, 2339 * this is either a control frame or a frame 2340 * with a reserved type, and thus not a 2341 * frame with an SA. 2342 * 2343 * I.e., check "!(link[0] & 0x04)". 2344 */	2754 gen_and(b2, b1); 2755 2756 /* 2757 * OR that with the checks done for data frames. 2758 * That gives the checks done for management and 2759 * data frames. 2760 / 2761* gen_or(b1, b0); 2762 2763 /* 2764 * If the low-order bit of the type value is 1, 2765 * this is either a control frame or a frame 2766 * with a reserved type, and thus not a 2767 * frame with an SA. 2768 * 2769 * I.e., check "!(link[0] & 0x04)". 2770 */
2345 s = new_stmt(BPF_LD\|BPF_B\|BPF_ABS); 2346 s->s.k = 0;	2771 s = gen_load_a(OR_LINK, 0, BPF_B);
2347 b1 = new_block(JMP(BPF_JSET)); 2348 b1->s.k = 0x04; 2349 b1->stmts = s; 2350 gen_not(b1); 2351 2352 /* 2353 * AND that with the checks for data and management 2354 * frames. --- 18 unchanged lines hidden (view full) --- 2373 * if To DS is set. 2374 / 2375* 2376 /* 2377 * Generate the tests to be done for data frames. 2378 * 2379 * First, check for To DS set, i.e. "link[1] & 0x01". 2380 */	2772 b1 = new_block(JMP(BPF_JSET)); 2773 b1->s.k = 0x04; 2774 b1->stmts = s; 2775 gen_not(b1); 2776 2777 /* 2778 * AND that with the checks for data and management 2779 * frames. --- 18 unchanged lines hidden (view full) --- 2798 * if To DS is set. 2799 / 2800* 2801 /* 2802 * Generate the tests to be done for data frames. 2803 * 2804 * First, check for To DS set, i.e. "link[1] & 0x01". 2805 */
2381 s = new_stmt(BPF_LD\|BPF_B\|BPF_ABS); 2382 s->s.k = 1;	2806 s = gen_load_a(OR_LINK, 1, BPF_B);
2383 b1 = new_block(JMP(BPF_JSET)); 2384 b1->s.k = 0x01; /* To DS / 2385* b1->stmts = s; 2386 2387 /* 2388 * If To DS is set, the DA is at 16. 2389 */	2807 b1 = new_block(JMP(BPF_JSET)); 2808 b1->s.k = 0x01; /* To DS / 2809* b1->stmts = s; 2810 2811 /* 2812 * If To DS is set, the DA is at 16. 2813 */
2390 b0 = gen_bcmp(16, 6, eaddr);	2814 b0 = gen_bcmp(OR_LINK, 16, 6, eaddr);
2391 gen_and(b1, b0); 2392 2393 /* 2394 * Now, check for To DS not set, i.e. check 2395 * "!(link[1] & 0x01)". 2396 */	2815 gen_and(b1, b0); 2816 2817 /* 2818 * Now, check for To DS not set, i.e. check 2819 * "!(link[1] & 0x01)". 2820 */
2397 s = new_stmt(BPF_LD\|BPF_B\|BPF_ABS); 2398 s->s.k = 1;	2821 s = gen_load_a(OR_LINK, 1, BPF_B);
2399 b2 = new_block(JMP(BPF_JSET)); 2400 b2->s.k = 0x01; /* To DS / 2401* b2->stmts = s; 2402 gen_not(b2); 2403 2404 /* 2405 * If To DS is not set, the DA is at 4. 2406 */	2822 b2 = new_block(JMP(BPF_JSET)); 2823 b2->s.k = 0x01; /* To DS / 2824* b2->stmts = s; 2825 gen_not(b2); 2826 2827 /* 2828 * If To DS is not set, the DA is at 4. 2829 */
2407 b1 = gen_bcmp(4, 6, eaddr);	2830 b1 = gen_bcmp(OR_LINK, 4, 6, eaddr);
2408 gen_and(b2, b1); 2409 2410 /* 2411 * Now OR together the last two checks. That gives 2412 * the complete set of checks for data frames. 2413 / 2414* gen_or(b1, b0); 2415 2416 /* 2417 * Now check for a data frame. 2418 * I.e, check "link[0] & 0x08". 2419 */	2831 gen_and(b2, b1); 2832 2833 /* 2834 * Now OR together the last two checks. That gives 2835 * the complete set of checks for data frames. 2836 / 2837* gen_or(b1, b0); 2838 2839 /* 2840 * Now check for a data frame. 2841 * I.e, check "link[0] & 0x08". 2842 */
2420 s = new_stmt(BPF_LD\|BPF_B\|BPF_ABS); 2421 s->s.k = 0;	2843 s = gen_load_a(OR_LINK, 0, BPF_B);
2422 b1 = new_block(JMP(BPF_JSET)); 2423 b1->s.k = 0x08; 2424 b1->stmts = s; 2425 2426 /* 2427 * AND that with the checks done for data frames. 2428 / 2429* gen_and(b1, b0); 2430 2431 /* 2432 * If the high-order bit of the type value is 0, this 2433 * is a management frame. 2434 * I.e, check "!(link[0] & 0x08)". 2435 */	2844 b1 = new_block(JMP(BPF_JSET)); 2845 b1->s.k = 0x08; 2846 b1->stmts = s; 2847 2848 /* 2849 * AND that with the checks done for data frames. 2850 / 2851* gen_and(b1, b0); 2852 2853 /* 2854 * If the high-order bit of the type value is 0, this 2855 * is a management frame. 2856 * I.e, check "!(link[0] & 0x08)". 2857 */
2436 s = new_stmt(BPF_LD\|BPF_B\|BPF_ABS); 2437 s->s.k = 0;	2858 s = gen_load_a(OR_LINK, 0, BPF_B);
2438 b2 = new_block(JMP(BPF_JSET)); 2439 b2->s.k = 0x08; 2440 b2->stmts = s; 2441 gen_not(b2); 2442 2443 /* 2444 * For management frames, the DA is at 4. 2445 */	2859 b2 = new_block(JMP(BPF_JSET)); 2860 b2->s.k = 0x08; 2861 b2->stmts = s; 2862 gen_not(b2); 2863 2864 /* 2865 * For management frames, the DA is at 4. 2866 */
2446 b1 = gen_bcmp(4, 6, eaddr);	2867 b1 = gen_bcmp(OR_LINK, 4, 6, eaddr);
2447 gen_and(b2, b1); 2448 2449 /* 2450 * OR that with the checks done for data frames. 2451 * That gives the checks done for management and 2452 * data frames. 2453 / 2454* gen_or(b1, b0); 2455 2456 /* 2457 * If the low-order bit of the type value is 1, 2458 * this is either a control frame or a frame 2459 * with a reserved type, and thus not a 2460 * frame with an SA. 2461 * 2462 * I.e., check "!(link[0] & 0x04)". 2463 */	2868 gen_and(b2, b1); 2869 2870 /* 2871 * OR that with the checks done for data frames. 2872 * That gives the checks done for management and 2873 * data frames. 2874 / 2875* gen_or(b1, b0); 2876 2877 /* 2878 * If the low-order bit of the type value is 1, 2879 * this is either a control frame or a frame 2880 * with a reserved type, and thus not a 2881 * frame with an SA. 2882 * 2883 * I.e., check "!(link[0] & 0x04)". 2884 */
2464 s = new_stmt(BPF_LD\|BPF_B\|BPF_ABS); 2465 s->s.k = 0;	2885 s = gen_load_a(OR_LINK, 0, BPF_B);
2466 b1 = new_block(JMP(BPF_JSET)); 2467 b1->s.k = 0x04; 2468 b1->stmts = s; 2469 gen_not(b1); 2470 2471 /* 2472 * AND that with the checks for data and management 2473 * frames. --- 27 unchanged lines hidden (view full) --- 2501gen_ipfchostop(eaddr, dir) 2502 register const u_char eaddr; 2503* register int dir; 2504{ 2505 register struct block b0, b1; 2506 2507 switch (dir) { 2508 case Q_SRC:	2886 b1 = new_block(JMP(BPF_JSET)); 2887 b1->s.k = 0x04; 2888 b1->stmts = s; 2889 gen_not(b1); 2890 2891 /* 2892 * AND that with the checks for data and management 2893 * frames. --- 27 unchanged lines hidden (view full) --- 2921gen_ipfchostop(eaddr, dir) 2922 register const u_char eaddr; 2923* register int dir; 2924{ 2925 register struct block b0, b1; 2926 2927 switch (dir) { 2928 case Q_SRC:
2509 return gen_bcmp(10, 6, eaddr);	2929 return gen_bcmp(OR_LINK, 10, 6, eaddr);
2510 2511 case Q_DST:	2930 2931 case Q_DST:
2512 return gen_bcmp(2, 6, eaddr);	2932 return gen_bcmp(OR_LINK, 2, 6, eaddr);
2513 2514 case Q_AND: 2515 b0 = gen_ipfchostop(eaddr, Q_SRC); 2516 b1 = gen_ipfchostop(eaddr, Q_DST); 2517 gen_and(b0, b1); 2518 return b1; 2519 2520 case Q_DEFAULT: --- 21 unchanged lines hidden (view full) --- 2542 * will require a lot more hacking. 2543 * 2544 * To add support for filtering on DECNET "areas" (network numbers) 2545 * one would want to add a "mask" argument to this routine. That would 2546 * make the filter even more inefficient, although one could be clever 2547 * and not generate masking instructions if the mask is 0xFFFF. 2548 / 2549static struct block	2933 2934 case Q_AND: 2935 b0 = gen_ipfchostop(eaddr, Q_SRC); 2936 b1 = gen_ipfchostop(eaddr, Q_DST); 2937 gen_and(b0, b1); 2938 return b1; 2939 2940 case Q_DEFAULT: --- 21 unchanged lines hidden (view full) --- 2962 * will require a lot more hacking. 2963 * 2964 * To add support for filtering on DECNET "areas" (network numbers) 2965 * one would want to add a "mask" argument to this routine. That would 2966 * make the filter even more inefficient, although one could be clever 2967 * and not generate masking instructions if the mask is 0xFFFF. 2968 / 2969static struct block
2550gen_dnhostop(addr, dir, base_off)	2970gen_dnhostop(addr, dir)
2551 bpf_u_int32 addr; 2552 int dir;	2971 bpf_u_int32 addr; 2972 int dir;
2553 u_int base_off;
2554{ 2555 struct block b0, b1, b2, tmp; 2556 u_int offset_lh; /* offset if long header is received / 2557* u_int offset_sh; /* offset if short header is received / 2558* 2559 switch (dir) { 2560 2561 case Q_DST: 2562 offset_sh = 1; /* follows flags / 2563* offset_lh = 7; /* flgs,darea,dsubarea,HIORD / 2564* break; 2565 2566 case Q_SRC: 2567 offset_sh = 3; /* follows flags, dstnode / 2568* offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD / 2569* break; 2570 2571 case Q_AND: 2572 /* Inefficient because we do our Calvinball dance twice */	2973{ 2974 struct block b0, b1, b2, tmp; 2975 u_int offset_lh; /* offset if long header is received / 2976* u_int offset_sh; /* offset if short header is received / 2977* 2978 switch (dir) { 2979 2980 case Q_DST: 2981 offset_sh = 1; /* follows flags / 2982* offset_lh = 7; /* flgs,darea,dsubarea,HIORD / 2983* break; 2984 2985 case Q_SRC: 2986 offset_sh = 3; /* follows flags, dstnode / 2987* offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD / 2988* break; 2989 2990 case Q_AND: 2991 /* Inefficient because we do our Calvinball dance twice */
2573 b0 = gen_dnhostop(addr, Q_SRC, base_off); 2574 b1 = gen_dnhostop(addr, Q_DST, base_off);	2992 b0 = gen_dnhostop(addr, Q_SRC); 2993 b1 = gen_dnhostop(addr, Q_DST);
2575 gen_and(b0, b1); 2576 return b1; 2577 2578 case Q_OR: 2579 case Q_DEFAULT: 2580 /* Inefficient because we do our Calvinball dance twice */	2994 gen_and(b0, b1); 2995 return b1; 2996 2997 case Q_OR: 2998 case Q_DEFAULT: 2999 /* Inefficient because we do our Calvinball dance twice */
2581 b0 = gen_dnhostop(addr, Q_SRC, base_off); 2582 b1 = gen_dnhostop(addr, Q_DST, base_off);	3000 b0 = gen_dnhostop(addr, Q_SRC); 3001 b1 = gen_dnhostop(addr, Q_DST);
2583 gen_or(b0, b1); 2584 return b1; 2585 2586 case Q_ISO: 2587 bpf_error("ISO host filtering not implemented"); 2588 2589 default: 2590 abort(); 2591 } 2592 b0 = gen_linktype(ETHERTYPE_DN); 2593 /* Check for pad = 1, long header case */	3002 gen_or(b0, b1); 3003 return b1; 3004 3005 case Q_ISO: 3006 bpf_error("ISO host filtering not implemented"); 3007 3008 default: 3009 abort(); 3010 } 3011 b0 = gen_linktype(ETHERTYPE_DN); 3012 /* Check for pad = 1, long header case */
2594 tmp = gen_mcmp(base_off + 2, BPF_H,	3013 tmp = gen_mcmp(OR_NET, 2, BPF_H,
2595 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF));	3014 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF));
2596 b1 = gen_cmp(base_off + 2 + 1 + offset_lh,	3015 b1 = gen_cmp(OR_NET, 2 + 1 + offset_lh,
2597 BPF_H, (bpf_int32)ntohs(addr)); 2598 gen_and(tmp, b1); 2599 /* Check for pad = 0, long header case */	3016 BPF_H, (bpf_int32)ntohs(addr)); 3017 gen_and(tmp, b1); 3018 /* Check for pad = 0, long header case */
2600 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7); 2601 b2 = gen_cmp(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr));	3019 tmp = gen_mcmp(OR_NET, 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7); 3020 b2 = gen_cmp(OR_NET, 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr));
2602 gen_and(tmp, b2); 2603 gen_or(b2, b1); 2604 /* Check for pad = 1, short header case */	3021 gen_and(tmp, b2); 3022 gen_or(b2, b1); 3023 /* Check for pad = 1, short header case */
2605 tmp = gen_mcmp(base_off + 2, BPF_H,	3024 tmp = gen_mcmp(OR_NET, 2, BPF_H,
2606 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF));	3025 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF));
2607 b2 = gen_cmp(base_off + 2 + 1 + offset_sh, 2608 BPF_H, (bpf_int32)ntohs(addr));	3026 b2 = gen_cmp(OR_NET, 2 + 1 + offset_sh, BPF_H, (bpf_int32)ntohs(addr));
2609 gen_and(tmp, b2); 2610 gen_or(b2, b1); 2611 /* Check for pad = 0, short header case */	3027 gen_and(tmp, b2); 3028 gen_or(b2, b1); 3029 /* Check for pad = 0, short header case */
2612 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7); 2613 b2 = gen_cmp(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr));	3030 tmp = gen_mcmp(OR_NET, 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7); 3031 b2 = gen_cmp(OR_NET, 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr));
2614 gen_and(tmp, b2); 2615 gen_or(b2, b1); 2616 2617 /* Combine with test for linktype / 2618* gen_and(b0, b1); 2619 return b1; 2620} 2621 --- 14 unchanged lines hidden (view full) --- 2636 b1 = gen_host(addr, mask, Q_ARP, dir); 2637 gen_or(b0, b1); 2638 b0 = gen_host(addr, mask, Q_RARP, dir); 2639 gen_or(b1, b0); 2640 } 2641 return b0; 2642 2643 case Q_IP:	3032 gen_and(tmp, b2); 3033 gen_or(b2, b1); 3034 3035 /* Combine with test for linktype / 3036* gen_and(b0, b1); 3037 return b1; 3038} 3039 --- 14 unchanged lines hidden (view full) --- 3054 b1 = gen_host(addr, mask, Q_ARP, dir); 3055 gen_or(b0, b1); 3056 b0 = gen_host(addr, mask, Q_RARP, dir); 3057 gen_or(b1, b0); 3058 } 3059 return b0; 3060 3061 case Q_IP:
2644 return gen_hostop(addr, mask, dir, ETHERTYPE_IP, 2645 off_nl + 12, off_nl + 16);	3062 return gen_hostop(addr, mask, dir, ETHERTYPE_IP, 12, 16);
2646 2647 case Q_RARP:	3063 3064 case Q_RARP:
2648 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP, 2649 off_nl + 14, off_nl + 24);	3065 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP, 14, 24);
2650 2651 case Q_ARP:	3066 3067 case Q_ARP:
2652 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP, 2653 off_nl + 14, off_nl + 24);	3068 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP, 14, 24);
2654 2655 case Q_TCP: 2656 bpf_error("'tcp' modifier applied to host"); 2657 2658 case Q_SCTP: 2659 bpf_error("'sctp' modifier applied to host"); 2660 2661 case Q_UDP: --- 16 unchanged lines hidden (view full) --- 2678 2679 case Q_ATALK: 2680 bpf_error("ATALK host filtering not implemented"); 2681 2682 case Q_AARP: 2683 bpf_error("AARP host filtering not implemented"); 2684 2685 case Q_DECNET:	3069 3070 case Q_TCP: 3071 bpf_error("'tcp' modifier applied to host"); 3072 3073 case Q_SCTP: 3074 bpf_error("'sctp' modifier applied to host"); 3075 3076 case Q_UDP: --- 16 unchanged lines hidden (view full) --- 3093 3094 case Q_ATALK: 3095 bpf_error("ATALK host filtering not implemented"); 3096 3097 case Q_AARP: 3098 bpf_error("AARP host filtering not implemented"); 3099 3100 case Q_DECNET:
2686 return gen_dnhostop(addr, dir, off_nl);	3101 return gen_dnhostop(addr, dir);
2687 2688 case Q_SCA: 2689 bpf_error("SCA host filtering not implemented"); 2690 2691 case Q_LAT: 2692 bpf_error("LAT host filtering not implemented"); 2693 2694 case Q_MOPDL: --- 32 unchanged lines hidden (view full) --- 2727 bpf_error("'stp' modifier applied to host"); 2728 2729 case Q_IPX: 2730 bpf_error("IPX host filtering not implemented"); 2731 2732 case Q_NETBEUI: 2733 bpf_error("'netbeui' modifier applied to host"); 2734	3102 3103 case Q_SCA: 3104 bpf_error("SCA host filtering not implemented"); 3105 3106 case Q_LAT: 3107 bpf_error("LAT host filtering not implemented"); 3108 3109 case Q_MOPDL: --- 32 unchanged lines hidden (view full) --- 3142 bpf_error("'stp' modifier applied to host"); 3143 3144 case Q_IPX: 3145 bpf_error("IPX host filtering not implemented"); 3146 3147 case Q_NETBEUI: 3148 bpf_error("'netbeui' modifier applied to host"); 3149
	3150 case Q_RADIO: 3151 bpf_error("'radio' modifier applied to host"); 3152
2735 default: 2736 abort(); 2737 } 2738 /* NOTREACHED / 2739} 2740* 2741#ifdef INET6 2742static struct block * --- 58 unchanged lines hidden (view full) --- 2801 2802 case Q_MOPDL: 2803 bpf_error("MOPDL host filtering not implemented"); 2804 2805 case Q_MOPRC: 2806 bpf_error("MOPRC host filtering not implemented"); 2807 2808 case Q_IPV6:	3153 default: 3154 abort(); 3155 } 3156 /* NOTREACHED / 3157} 3158* 3159#ifdef INET6 3160static struct block * --- 58 unchanged lines hidden (view full) --- 3219 3220 case Q_MOPDL: 3221 bpf_error("MOPDL host filtering not implemented"); 3222 3223 case Q_MOPRC: 3224 bpf_error("MOPRC host filtering not implemented"); 3225 3226 case Q_IPV6:
2809 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6, 2810 off_nl + 8, off_nl + 24);	3227 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6, 8, 24);
2811 2812 case Q_ICMPV6: 2813 bpf_error("'icmp6' modifier applied to host"); 2814 2815 case Q_AH: 2816 bpf_error("'ah' modifier applied to host"); 2817 2818 case Q_ESP: --- 15 unchanged lines hidden (view full) --- 2834 bpf_error("'stp' modifier applied to host"); 2835 2836 case Q_IPX: 2837 bpf_error("IPX host filtering not implemented"); 2838 2839 case Q_NETBEUI: 2840 bpf_error("'netbeui' modifier applied to host"); 2841	3228 3229 case Q_ICMPV6: 3230 bpf_error("'icmp6' modifier applied to host"); 3231 3232 case Q_AH: 3233 bpf_error("'ah' modifier applied to host"); 3234 3235 case Q_ESP: --- 15 unchanged lines hidden (view full) --- 3251 bpf_error("'stp' modifier applied to host"); 3252 3253 case Q_IPX: 3254 bpf_error("IPX host filtering not implemented"); 3255 3256 case Q_NETBEUI: 3257 bpf_error("'netbeui' modifier applied to host"); 3258
	3259 case Q_RADIO: 3260 bpf_error("'radio' modifier applied to host"); 3261
2842 default: 2843 abort(); 2844 } 2845 /* NOTREACHED / 2846} 2847#endif /INET6/ 2848* 2849#ifndef INET6 --- 15 unchanged lines hidden (view full) --- 2865 case Q_ARP: 2866 case Q_RARP: 2867 if (linktype == DLT_EN10MB) 2868 b0 = gen_ehostop(eaddr, Q_OR); 2869 else if (linktype == DLT_FDDI) 2870 b0 = gen_fhostop(eaddr, Q_OR); 2871 else if (linktype == DLT_IEEE802) 2872 b0 = gen_thostop(eaddr, Q_OR);	3262 default: 3263 abort(); 3264 } 3265 /* NOTREACHED / 3266} 3267#endif /INET6/ 3268* 3269#ifndef INET6 --- 15 unchanged lines hidden (view full) --- 3285 case Q_ARP: 3286 case Q_RARP: 3287 if (linktype == DLT_EN10MB) 3288 b0 = gen_ehostop(eaddr, Q_OR); 3289 else if (linktype == DLT_FDDI) 3290 b0 = gen_fhostop(eaddr, Q_OR); 3291 else if (linktype == DLT_IEEE802) 3292 b0 = gen_thostop(eaddr, Q_OR);
2873 else if (linktype == DLT_IEEE802_11)	3293 else if (linktype == DLT_IEEE802_11 \|\| 3294 linktype == DLT_IEEE802_11_RADIO_AVS \|\| 3295 linktype == DLT_IEEE802_11_RADIO \|\| 3296 linktype == DLT_PRISM_HEADER)
2874 b0 = gen_wlanhostop(eaddr, Q_OR); 2875 else if (linktype == DLT_SUNATM && is_lane) { 2876 /* 2877 * Check that the packet doesn't begin with an 2878 * LE Control marker. (We've already generated 2879 * a test for LANE.) 2880 */	3297 b0 = gen_wlanhostop(eaddr, Q_OR); 3298 else if (linktype == DLT_SUNATM && is_lane) { 3299 /* 3300 * Check that the packet doesn't begin with an 3301 * LE Control marker. (We've already generated 3302 * a test for LANE.) 3303 */
2881 b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);	3304 b1 = gen_cmp(OR_LINK, SUNATM_PKT_BEGIN_POS, BPF_H, 3305 0xFF00);
2882 gen_not(b1); 2883 2884 /* 2885 * Now check the MAC address. 2886 / 2887* b0 = gen_ehostop(eaddr, Q_OR); 2888 gen_and(b1, b0); 2889 } else if (linktype == DLT_IP_OVER_FC) --- 250 unchanged lines hidden (view full) --- 3140 case Q_IPX: 3141 b1 = gen_linktype(LLCSAP_IPX); 3142 break; 3143 3144 case Q_NETBEUI: 3145 b1 = gen_linktype(LLCSAP_NETBEUI); 3146 break; 3147	3306 gen_not(b1); 3307 3308 /* 3309 * Now check the MAC address. 3310 / 3311* b0 = gen_ehostop(eaddr, Q_OR); 3312 gen_and(b1, b0); 3313 } else if (linktype == DLT_IP_OVER_FC) --- 250 unchanged lines hidden (view full) --- 3564 case Q_IPX: 3565 b1 = gen_linktype(LLCSAP_IPX); 3566 break; 3567 3568 case Q_NETBEUI: 3569 b1 = gen_linktype(LLCSAP_NETBEUI); 3570 break; 3571
	3572 case Q_RADIO: 3573 bpf_error("'radio' is not a valid protocol type"); 3574
3148 default: 3149 abort(); 3150 } 3151 return b1; 3152} 3153 3154static struct block * 3155gen_ipfrag() 3156{ 3157 struct slist s; 3158* struct block b; 3159* 3160 /* not ip frag */	3575 default: 3576 abort(); 3577 } 3578 return b1; 3579} 3580 3581static struct block * 3582gen_ipfrag() 3583{ 3584 struct slist s; 3585* struct block b; 3586* 3587 /* not ip frag */
3161 s = new_stmt(BPF_LD\|BPF_H\|BPF_ABS); 3162 s->s.k = off_nl + 6;	3588 s = gen_load_a(OR_NET, 6, BPF_H);
3163 b = new_block(JMP(BPF_JSET)); 3164 b->s.k = 0x1fff; 3165 b->stmts = s; 3166 gen_not(b); 3167 3168 return b; 3169} 3170	3589 b = new_block(JMP(BPF_JSET)); 3590 b->s.k = 0x1fff; 3591 b->stmts = s; 3592 gen_not(b); 3593 3594 return b; 3595} 3596
	3597/* 3598 * Generate a comparison to a port value in the transport-layer header 3599 * at the specified offset from the beginning of that header. 3600 * 3601 * XXX - this handles a variable-length prefix preceding the link-layer 3602 * header, such as the radiotap or AVS radio prefix, but doesn't handle 3603 * variable-length link-layer headers (such as Token Ring or 802.11 3604 * headers). 3605 */
3171static struct block * 3172gen_portatom(off, v) 3173 int off; 3174 bpf_int32 v; 3175{	3606static struct block * 3607gen_portatom(off, v) 3608 int off; 3609 bpf_int32 v; 3610{
3176 struct slist s; 3177* struct block b; 3178* 3179 s = new_stmt(BPF_LDX\|BPF_MSH\|BPF_B); 3180 s->s.k = off_nl; 3181 3182 s->next = new_stmt(BPF_LD\|BPF_IND\|BPF_H); 3183 s->next->s.k = off_nl + off; 3184 3185 b = new_block(JMP(BPF_JEQ)); 3186 b->stmts = s; 3187 b->s.k = v; 3188 3189 return b;	3611 return gen_cmp(OR_TRAN_IPV4, off, BPF_H, v);
3190} 3191 3192#ifdef INET6 3193static struct block * 3194gen_portatom6(off, v) 3195 int off; 3196 bpf_int32 v; 3197{	3612} 3613 3614#ifdef INET6 3615static struct block * 3616gen_portatom6(off, v) 3617 int off; 3618 bpf_int32 v; 3619{
3198 return gen_cmp(off_nl + 40 + off, BPF_H, v);	3620 return gen_cmp(OR_TRAN_IPV6, off, BPF_H, v);
3199} 3200#endif/INET6/ 3201 3202struct block * 3203gen_portop(port, proto, dir) 3204 int port, proto, dir; 3205{ 3206 struct block b0, b1, tmp; 3207* 3208 /* ip proto 'proto' */	3621} 3622#endif/INET6/ 3623 3624struct block * 3625gen_portop(port, proto, dir) 3626 int port, proto, dir; 3627{ 3628 struct block b0, b1, tmp; 3629* 3630 /* ip proto 'proto' */
3209 tmp = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)proto);	3631 tmp = gen_cmp(OR_NET, 9, BPF_B, (bpf_int32)proto);
3210 b0 = gen_ipfrag(); 3211 gen_and(tmp, b0); 3212 3213 switch (dir) { 3214 case Q_SRC: 3215 b1 = gen_portatom(0, (bpf_int32)port); 3216 break; 3217 --- 73 unchanged lines hidden (view full) --- 3291 3292#ifdef INET6 3293struct block * 3294gen_portop6(port, proto, dir) 3295 int port, proto, dir; 3296{ 3297 struct block b0, b1, tmp; 3298*	3632 b0 = gen_ipfrag(); 3633 gen_and(tmp, b0); 3634 3635 switch (dir) { 3636 case Q_SRC: 3637 b1 = gen_portatom(0, (bpf_int32)port); 3638 break; 3639 --- 73 unchanged lines hidden (view full) --- 3713 3714#ifdef INET6 3715struct block * 3716gen_portop6(port, proto, dir) 3717 int port, proto, dir; 3718{ 3719 struct block b0, b1, tmp; 3720*
3299 /* ip proto 'proto' / 3300* b0 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)proto);	3721 /* ip6 proto 'proto' / 3722* b0 = gen_cmp(OR_NET, 6, BPF_B, (bpf_int32)proto);
3301 3302 switch (dir) { 3303 case Q_SRC: 3304 b1 = gen_portatom6(0, (bpf_int32)port); 3305 break; 3306 3307 case Q_DST: 3308 b1 = gen_portatom6(2, (bpf_int32)port); --- 23 unchanged lines hidden (view full) --- 3332static struct block * 3333gen_port6(port, ip_proto, dir) 3334 int port; 3335 int ip_proto; 3336 int dir; 3337{ 3338 struct block b0, b1, tmp; 3339*	3723 3724 switch (dir) { 3725 case Q_SRC: 3726 b1 = gen_portatom6(0, (bpf_int32)port); 3727 break; 3728 3729 case Q_DST: 3730 b1 = gen_portatom6(2, (bpf_int32)port); --- 23 unchanged lines hidden (view full) --- 3754static struct block * 3755gen_port6(port, ip_proto, dir) 3756 int port; 3757 int ip_proto; 3758 int dir; 3759{ 3760 struct block b0, b1, tmp; 3761*
3340 /* ether proto ip */	3762 /* link proto ip6 */
3341 b0 = gen_linktype(ETHERTYPE_IPV6); 3342 3343 switch (ip_proto) { 3344 case IPPROTO_UDP: 3345 case IPPROTO_TCP: 3346 case IPPROTO_SCTP: 3347 b1 = gen_portop6(port, ip_proto, dir); 3348 break; --- 9 unchanged lines hidden (view full) --- 3358 default: 3359 abort(); 3360 } 3361 gen_and(b0, b1); 3362 return b1; 3363} 3364#endif /* INET6 / 3365*	3763 b0 = gen_linktype(ETHERTYPE_IPV6); 3764 3765 switch (ip_proto) { 3766 case IPPROTO_UDP: 3767 case IPPROTO_TCP: 3768 case IPPROTO_SCTP: 3769 b1 = gen_portop6(port, ip_proto, dir); 3770 break; --- 9 unchanged lines hidden (view full) --- 3780 default: 3781 abort(); 3782 } 3783 gen_and(b0, b1); 3784 return b1; 3785} 3786#endif /* INET6 / 3787*
	3788/* gen_portrange code / 3789static struct block 3790gen_portrangeatom(off, v1, v2) 3791 int off; 3792 bpf_int32 v1, v2; 3793{ 3794 struct block b1, b2; 3795 3796 if (v1 > v2) { 3797 /* 3798 * Reverse the order of the ports, so v1 is the lower one. 3799 / 3800* bpf_int32 vtemp; 3801 3802 vtemp = v1; 3803 v1 = v2; 3804 v2 = vtemp; 3805 } 3806 3807 b1 = gen_cmp_ge(OR_TRAN_IPV4, off, BPF_H, v1); 3808 b2 = gen_cmp_le(OR_TRAN_IPV4, off, BPF_H, v2); 3809 3810 gen_and(b1, b2); 3811 3812 return b2; 3813} 3814 3815struct block * 3816gen_portrangeop(port1, port2, proto, dir) 3817 int port1, port2; 3818 int proto; 3819 int dir; 3820{ 3821 struct block b0, b1, tmp; 3822* 3823 /* ip proto 'proto' / 3824* tmp = gen_cmp(OR_NET, 9, BPF_B, (bpf_int32)proto); 3825 b0 = gen_ipfrag(); 3826 gen_and(tmp, b0); 3827 3828 switch (dir) { 3829 case Q_SRC: 3830 b1 = gen_portrangeatom(0, (bpf_int32)port1, (bpf_int32)port2); 3831 break; 3832 3833 case Q_DST: 3834 b1 = gen_portrangeatom(2, (bpf_int32)port1, (bpf_int32)port2); 3835 break; 3836 3837 case Q_OR: 3838 case Q_DEFAULT: 3839 tmp = gen_portrangeatom(0, (bpf_int32)port1, (bpf_int32)port2); 3840 b1 = gen_portrangeatom(2, (bpf_int32)port1, (bpf_int32)port2); 3841 gen_or(tmp, b1); 3842 break; 3843 3844 case Q_AND: 3845 tmp = gen_portrangeatom(0, (bpf_int32)port1, (bpf_int32)port2); 3846 b1 = gen_portrangeatom(2, (bpf_int32)port1, (bpf_int32)port2); 3847 gen_and(tmp, b1); 3848 break; 3849 3850 default: 3851 abort(); 3852 } 3853 gen_and(b0, b1); 3854 3855 return b1; 3856} 3857 3858static struct block * 3859gen_portrange(port1, port2, ip_proto, dir) 3860 int port1, port2; 3861 int ip_proto; 3862 int dir; 3863{ 3864 struct block b0, b1, tmp; 3865* 3866 /* link proto ip / 3867* b0 = gen_linktype(ETHERTYPE_IP); 3868 3869 switch (ip_proto) { 3870 case IPPROTO_UDP: 3871 case IPPROTO_TCP: 3872 case IPPROTO_SCTP: 3873 b1 = gen_portrangeop(port1, port2, ip_proto, dir); 3874 break; 3875 3876 case PROTO_UNDEF: 3877 tmp = gen_portrangeop(port1, port2, IPPROTO_TCP, dir); 3878 b1 = gen_portrangeop(port1, port2, IPPROTO_UDP, dir); 3879 gen_or(tmp, b1); 3880 tmp = gen_portrangeop(port1, port2, IPPROTO_SCTP, dir); 3881 gen_or(tmp, b1); 3882 break; 3883 3884 default: 3885 abort(); 3886 } 3887 gen_and(b0, b1); 3888 return b1; 3889} 3890 3891#ifdef INET6 3892static struct block * 3893gen_portrangeatom6(off, v1, v2) 3894 int off; 3895 bpf_int32 v1, v2; 3896{ 3897 struct block b1, b2; 3898 3899 if (v1 > v2) { 3900 /* 3901 * Reverse the order of the ports, so v1 is the lower one. 3902 / 3903* bpf_int32 vtemp; 3904 3905 vtemp = v1; 3906 v1 = v2; 3907 v2 = vtemp; 3908 } 3909 3910 b1 = gen_cmp_ge(OR_TRAN_IPV6, off, BPF_H, v1); 3911 b2 = gen_cmp_le(OR_TRAN_IPV6, off, BPF_H, v2); 3912 3913 gen_and(b1, b2); 3914 3915 return b2; 3916} 3917 3918struct block * 3919gen_portrangeop6(port1, port2, proto, dir) 3920 int port1, port2; 3921 int proto; 3922 int dir; 3923{ 3924 struct block b0, b1, tmp; 3925* 3926 /* ip6 proto 'proto' / 3927* b0 = gen_cmp(OR_NET, 6, BPF_B, (bpf_int32)proto); 3928 3929 switch (dir) { 3930 case Q_SRC: 3931 b1 = gen_portrangeatom6(0, (bpf_int32)port1, (bpf_int32)port2); 3932 break; 3933 3934 case Q_DST: 3935 b1 = gen_portrangeatom6(2, (bpf_int32)port1, (bpf_int32)port2); 3936 break; 3937 3938 case Q_OR: 3939 case Q_DEFAULT: 3940 tmp = gen_portrangeatom6(0, (bpf_int32)port1, (bpf_int32)port2); 3941 b1 = gen_portrangeatom6(2, (bpf_int32)port1, (bpf_int32)port2); 3942 gen_or(tmp, b1); 3943 break; 3944 3945 case Q_AND: 3946 tmp = gen_portrangeatom6(0, (bpf_int32)port1, (bpf_int32)port2); 3947 b1 = gen_portrangeatom6(2, (bpf_int32)port1, (bpf_int32)port2); 3948 gen_and(tmp, b1); 3949 break; 3950 3951 default: 3952 abort(); 3953 } 3954 gen_and(b0, b1); 3955 3956 return b1; 3957} 3958 3959static struct block * 3960gen_portrange6(port1, port2, ip_proto, dir) 3961 int port1, port2; 3962 int ip_proto; 3963 int dir; 3964{ 3965 struct block b0, b1, tmp; 3966* 3967 /* link proto ip6 / 3968* b0 = gen_linktype(ETHERTYPE_IPV6); 3969 3970 switch (ip_proto) { 3971 case IPPROTO_UDP: 3972 case IPPROTO_TCP: 3973 case IPPROTO_SCTP: 3974 b1 = gen_portrangeop6(port1, port2, ip_proto, dir); 3975 break; 3976 3977 case PROTO_UNDEF: 3978 tmp = gen_portrangeop6(port1, port2, IPPROTO_TCP, dir); 3979 b1 = gen_portrangeop6(port1, port2, IPPROTO_UDP, dir); 3980 gen_or(tmp, b1); 3981 tmp = gen_portrangeop6(port1, port2, IPPROTO_SCTP, dir); 3982 gen_or(tmp, b1); 3983 break; 3984 3985 default: 3986 abort(); 3987 } 3988 gen_and(b0, b1); 3989 return b1; 3990} 3991#endif /* INET6 / 3992*
3366static int 3367lookup_proto(name, proto) 3368 register const char name; 3369* register int proto; 3370{ 3371 register int v; 3372 3373 switch (proto) { --- 72 unchanged lines hidden (view full) --- 3446 b = gen_protochain(v, Q_IPV6, dir); 3447 gen_or(b0, b); 3448 return b; 3449 default: 3450 bpf_error("bad protocol applied for 'protochain'"); 3451 /NOTREACHED/ 3452 } 3453	3993static int 3994lookup_proto(name, proto) 3995 register const char name; 3996* register int proto; 3997{ 3998 register int v; 3999 4000 switch (proto) { --- 72 unchanged lines hidden (view full) --- 4073 b = gen_protochain(v, Q_IPV6, dir); 4074 gen_or(b0, b); 4075 return b; 4076 default: 4077 bpf_error("bad protocol applied for 'protochain'"); 4078 /NOTREACHED/ 4079 } 4080
	4081 /* 4082 * We don't handle variable-length radiotap here headers yet. 4083 * We might want to add BPF instructions to do the protochain 4084 * work, to simplify that and, on platforms that have a BPF 4085 * interpreter with the new instructions, let the filtering 4086 * be done in the kernel. (We already require a modified BPF 4087 * engine to do the protochain stuff, to support backward 4088 * branches, and backward branch support is unlikely to appear 4089 * in kernel BPF engines.) 4090 / 4091* if (linktype == DLT_IEEE802_11_RADIO) 4092 bpf_error("'protochain' not supported with radiotap headers"); 4093
3454 no_optimize = 1; /this code is not compatible with optimzer yet / 3455 3456 /*	4094 no_optimize = 1; /this code is not compatible with optimzer yet / 4095 4096 /*
3457 * s[0] is a dummy entry to protect other BPF insn from damaged	4097 * s[0] is a dummy entry to protect other BPF insn from damage
3458 * by s[fix] = foo with uninitialized variable "fix". It is somewhat 3459 * hard to find interdependency made by jump table fixup. 3460 / 3461* i = 0; 3462 s[i] = new_stmt(0); /dummy/ 3463 i++; 3464 3465 switch (proto) { --- 239 unchanged lines hidden (view full) --- 3705 3706 free_reg(reg2); 3707 3708 gen_and(b0, b); 3709 return b; 3710#endif 3711} 3712	4098 * by s[fix] = foo with uninitialized variable "fix". It is somewhat 4099 * hard to find interdependency made by jump table fixup. 4100 / 4101* i = 0; 4102 s[i] = new_stmt(0); /dummy/ 4103 i++; 4104 4105 switch (proto) { --- 239 unchanged lines hidden (view full) --- 4345 4346 free_reg(reg2); 4347 4348 gen_and(b0, b); 4349 return b; 4350#endif 4351} 4352
	4353/* 4354 * Generate code that checks whether the packet is a packet for protocol 4355 * <proto> and whether the type field in that protocol's header has 4356 * the value <v>, e.g. if <proto> is Q_IP, it checks whether it's an 4357 * IP packet and checks the protocol number in the IP header against <v>. 4358 * 4359 * If <proto> is Q_DEFAULT, i.e. just "proto" was specified, it checks 4360 * against Q_IP and Q_IPV6. 4361 */
3713static struct block * 3714gen_proto(v, proto, dir) 3715 int v; 3716 int proto; 3717 int dir; 3718{ 3719 struct block b0, b1; 3720 --- 23 unchanged lines hidden (view full) --- 3744 * For LLC-encapsulated ATM/"Classical IP", RFC 1483 and 3745 * RFC 2225 say that SNAP encapsulation is used, not LLC 3746 * encapsulation with LLCSAP_IP. 3747 * 3748 * So we always check for ETHERTYPE_IP. 3749 / 3750* b0 = gen_linktype(ETHERTYPE_IP); 3751#ifndef CHASE_CHAIN	4362static struct block * 4363gen_proto(v, proto, dir) 4364 int v; 4365 int proto; 4366 int dir; 4367{ 4368 struct block b0, b1; 4369 --- 23 unchanged lines hidden (view full) --- 4393 * For LLC-encapsulated ATM/"Classical IP", RFC 1483 and 4394 * RFC 2225 say that SNAP encapsulation is used, not LLC 4395 * encapsulation with LLCSAP_IP. 4396 * 4397 * So we always check for ETHERTYPE_IP. 4398 / 4399* b0 = gen_linktype(ETHERTYPE_IP); 4400#ifndef CHASE_CHAIN
3752 b1 = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)v);	4401 b1 = gen_cmp(OR_NET, 9, BPF_B, (bpf_int32)v);
3753#else 3754 b1 = gen_protochain(v, Q_IP); 3755#endif 3756 gen_and(b0, b1); 3757 return b1; 3758 3759 case Q_ISO: 3760 switch (linktype) { --- 12 unchanged lines hidden (view full) --- 3773 * control field value of UI, i.e. 0x03 followed 3774 * by the NLPID. 3775 * 3776 * XXX - assumes a 2-byte Frame Relay header with 3777 * DLCI and flags. What if the address is longer? 3778 * 3779 * XXX - what about SNAP-encapsulated frames? 3780 */	4402#else 4403 b1 = gen_protochain(v, Q_IP); 4404#endif 4405 gen_and(b0, b1); 4406 return b1; 4407 4408 case Q_ISO: 4409 switch (linktype) { --- 12 unchanged lines hidden (view full) --- 4422 * control field value of UI, i.e. 0x03 followed 4423 * by the NLPID. 4424 * 4425 * XXX - assumes a 2-byte Frame Relay header with 4426 * DLCI and flags. What if the address is longer? 4427 * 4428 * XXX - what about SNAP-encapsulated frames? 4429 */
3781 return gen_cmp(2, BPF_H, (0x03<<8) \| v);	4430 return gen_cmp(OR_LINK, 2, BPF_H, (0x03<<8) \| v);
3782 /NOTREACHED/ 3783 break; 3784 3785 case DLT_C_HDLC: 3786 /* 3787 * Cisco uses an Ethertype lookalike - for OSI, 3788 * it's 0xfefe. 3789 / 3790* b0 = gen_linktype(LLCSAP_ISONS<<8 \| LLCSAP_ISONS); 3791 /* OSI in C-HDLC is stuffed with a fudge byte */	4431 /NOTREACHED/ 4432 break; 4433 4434 case DLT_C_HDLC: 4435 /* 4436 * Cisco uses an Ethertype lookalike - for OSI, 4437 * it's 0xfefe. 4438 / 4439* b0 = gen_linktype(LLCSAP_ISONS<<8 \| LLCSAP_ISONS); 4440 /* OSI in C-HDLC is stuffed with a fudge byte */
3792 b1 = gen_cmp(off_nl_nosnap+1, BPF_B, (long)v);	4441 b1 = gen_cmp(OR_NET_NOSNAP, 1, BPF_B, (long)v);
3793 gen_and(b0, b1); 3794 return b1; 3795 3796 default: 3797 b0 = gen_linktype(LLCSAP_ISONS);	4442 gen_and(b0, b1); 4443 return b1; 4444 4445 default: 4446 b0 = gen_linktype(LLCSAP_ISONS);
3798 b1 = gen_cmp(off_nl_nosnap, BPF_B, (long)v);	4447 b1 = gen_cmp(OR_NET_NOSNAP, 0, BPF_B, (long)v);
3799 gen_and(b0, b1); 3800 return b1; 3801 } 3802 3803 case Q_ISIS: 3804 b0 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT); 3805 /* 3806 * 4 is the offset of the PDU type relative to the IS-IS 3807 * header. 3808 */	4448 gen_and(b0, b1); 4449 return b1; 4450 } 4451 4452 case Q_ISIS: 4453 b0 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT); 4454 /* 4455 * 4 is the offset of the PDU type relative to the IS-IS 4456 * header. 4457 */
3809 b1 = gen_cmp(off_nl_nosnap+4, BPF_B, (long)v);	4458 b1 = gen_cmp(OR_NET_NOSNAP, 4, BPF_B, (long)v);
3810 gen_and(b0, b1); 3811 return b1; 3812 3813 case Q_ARP: 3814 bpf_error("arp does not encapsulate another protocol"); 3815 /* NOTREACHED / 3816* 3817 case Q_RARP: --- 58 unchanged lines hidden (view full) --- 3876 case Q_VRRP: 3877 bpf_error("'vrrp proto' is bogus"); 3878 /* NOTREACHED / 3879* 3880#ifdef INET6 3881 case Q_IPV6: 3882 b0 = gen_linktype(ETHERTYPE_IPV6); 3883#ifndef CHASE_CHAIN	4459 gen_and(b0, b1); 4460 return b1; 4461 4462 case Q_ARP: 4463 bpf_error("arp does not encapsulate another protocol"); 4464 /* NOTREACHED / 4465* 4466 case Q_RARP: --- 58 unchanged lines hidden (view full) --- 4525 case Q_VRRP: 4526 bpf_error("'vrrp proto' is bogus"); 4527 /* NOTREACHED / 4528* 4529#ifdef INET6 4530 case Q_IPV6: 4531 b0 = gen_linktype(ETHERTYPE_IPV6); 4532#ifndef CHASE_CHAIN
3884 b1 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)v);	4533 b1 = gen_cmp(OR_NET, 6, BPF_B, (bpf_int32)v);
3885#else 3886 b1 = gen_protochain(v, Q_IPV6); 3887#endif 3888 gen_and(b0, b1); 3889 return b1; 3890 3891 case Q_ICMPV6: 3892 bpf_error("'icmp6 proto' is bogus"); --- 9 unchanged lines hidden (view full) --- 3902 bpf_error("'stp proto' is bogus"); 3903 3904 case Q_IPX: 3905 bpf_error("'ipx proto' is bogus"); 3906 3907 case Q_NETBEUI: 3908 bpf_error("'netbeui proto' is bogus"); 3909	4534#else 4535 b1 = gen_protochain(v, Q_IPV6); 4536#endif 4537 gen_and(b0, b1); 4538 return b1; 4539 4540 case Q_ICMPV6: 4541 bpf_error("'icmp6 proto' is bogus"); --- 9 unchanged lines hidden (view full) --- 4551 bpf_error("'stp proto' is bogus"); 4552 4553 case Q_IPX: 4554 bpf_error("'ipx proto' is bogus"); 4555 4556 case Q_NETBEUI: 4557 bpf_error("'netbeui proto' is bogus"); 4558
	4559 case Q_RADIO: 4560 bpf_error("'radio proto' is bogus"); 4561
3910 default: 3911 abort(); 3912 /* NOTREACHED / 3913* } 3914 /* NOTREACHED / 3915} 3916* 3917struct block * --- 12 unchanged lines hidden (view full) --- 3930 int tproto6; 3931 struct sockaddr_in sin; 3932* struct sockaddr_in6 sin6; 3933* struct addrinfo res, res0; 3934 struct in6_addr mask128; 3935#endif /INET6/ 3936 struct block b, tmp; 3937 int port, real_proto;	4562 default: 4563 abort(); 4564 /* NOTREACHED / 4565* } 4566 /* NOTREACHED / 4567} 4568* 4569struct block * --- 12 unchanged lines hidden (view full) --- 4582 int tproto6; 4583 struct sockaddr_in sin; 4584* struct sockaddr_in6 sin6; 4585* struct addrinfo res, res0; 4586 struct in6_addr mask128; 4587#endif /INET6/ 4588 struct block b, tmp; 4589 int port, real_proto;
	4590 int port1, port2;
3938 3939 switch (q.addr) { 3940 3941 case Q_NET: 3942 addr = pcap_nametonetaddr(name); 3943 if (addr == 0) 3944 bpf_error("unknown network '%s'", name); 3945 /* Left justify network addr and calculate its network mask / --- 32 unchanged lines hidden* (view full) --- 3978 if (eaddr == NULL) 3979 bpf_error( 3980 "unknown token ring host '%s'", name); 3981 b = gen_thostop(eaddr, dir); 3982 free(eaddr); 3983 return b; 3984 3985 case DLT_IEEE802_11:	4591 4592 switch (q.addr) { 4593 4594 case Q_NET: 4595 addr = pcap_nametonetaddr(name); 4596 if (addr == 0) 4597 bpf_error("unknown network '%s'", name); 4598 /* Left justify network addr and calculate its network mask / --- 32 unchanged lines hidden* (view full) --- 4631 if (eaddr == NULL) 4632 bpf_error( 4633 "unknown token ring host '%s'", name); 4634 b = gen_thostop(eaddr, dir); 4635 free(eaddr); 4636 return b; 4637 4638 case DLT_IEEE802_11:
	4639 case DLT_IEEE802_11_RADIO_AVS: 4640 case DLT_IEEE802_11_RADIO: 4641 case DLT_PRISM_HEADER:
3986 eaddr = pcap_ether_hostton(name); 3987 if (eaddr == NULL) 3988 bpf_error( 3989 "unknown 802.11 host '%s'", name); 3990 b = gen_wlanhostop(eaddr, dir); 3991 free(eaddr); 3992 return b; 3993 --- 10 unchanged lines hidden (view full) --- 4004 if (!is_lane) 4005 break; 4006 4007 /* 4008 * Check that the packet doesn't begin 4009 * with an LE Control marker. (We've 4010 * already generated a test for LANE.) 4011 */	4642 eaddr = pcap_ether_hostton(name); 4643 if (eaddr == NULL) 4644 bpf_error( 4645 "unknown 802.11 host '%s'", name); 4646 b = gen_wlanhostop(eaddr, dir); 4647 free(eaddr); 4648 return b; 4649 --- 10 unchanged lines hidden (view full) --- 4660 if (!is_lane) 4661 break; 4662 4663 /* 4664 * Check that the packet doesn't begin 4665 * with an LE Control marker. (We've 4666 * already generated a test for LANE.) 4667 */
4012 tmp = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 4013 0xFF00);	4668 tmp = gen_cmp(OR_LINK, SUNATM_PKT_BEGIN_POS, 4669 BPF_H, 0xFF00);
4014 gen_not(tmp); 4015 4016 eaddr = pcap_ether_hostton(name); 4017 if (eaddr == NULL) 4018 bpf_error( 4019 "unknown ether host '%s'", name); 4020 b = gen_ehostop(eaddr, dir); 4021 gen_and(tmp, b); --- 115 unchanged lines hidden (view full) --- 4137 { 4138 struct block b; 4139* b = gen_port(port, real_proto, dir); 4140 gen_or(gen_port6(port, real_proto, dir), b); 4141 return b; 4142 } 4143#endif /* INET6 / 4144*	4670 gen_not(tmp); 4671 4672 eaddr = pcap_ether_hostton(name); 4673 if (eaddr == NULL) 4674 bpf_error( 4675 "unknown ether host '%s'", name); 4676 b = gen_ehostop(eaddr, dir); 4677 gen_and(tmp, b); --- 115 unchanged lines hidden (view full) --- 4793 { 4794 struct block b; 4795* b = gen_port(port, real_proto, dir); 4796 gen_or(gen_port6(port, real_proto, dir), b); 4797 return b; 4798 } 4799#endif /* INET6 / 4800*
	4801 case Q_PORTRANGE: 4802 if (proto != Q_DEFAULT && 4803 proto != Q_UDP && proto != Q_TCP && proto != Q_SCTP) 4804 bpf_error("illegal qualifier of 'portrange'"); 4805 if (pcap_nametoportrange(name, &port1, &port2, &real_proto) == 0) 4806 bpf_error("unknown port in range '%s'", name); 4807 if (proto == Q_UDP) { 4808 if (real_proto == IPPROTO_TCP) 4809 bpf_error("port in range '%s' is tcp", name); 4810 else if (real_proto == IPPROTO_SCTP) 4811 bpf_error("port in range '%s' is sctp", name); 4812 else 4813 /* override PROTO_UNDEF / 4814* real_proto = IPPROTO_UDP; 4815 } 4816 if (proto == Q_TCP) { 4817 if (real_proto == IPPROTO_UDP) 4818 bpf_error("port in range '%s' is udp", name); 4819 else if (real_proto == IPPROTO_SCTP) 4820 bpf_error("port in range '%s' is sctp", name); 4821 else 4822 /* override PROTO_UNDEF / 4823* real_proto = IPPROTO_TCP; 4824 } 4825 if (proto == Q_SCTP) { 4826 if (real_proto == IPPROTO_UDP) 4827 bpf_error("port in range '%s' is udp", name); 4828 else if (real_proto == IPPROTO_TCP) 4829 bpf_error("port in range '%s' is tcp", name); 4830 else 4831 /* override PROTO_UNDEF / 4832* real_proto = IPPROTO_SCTP; 4833 } 4834#ifndef INET6 4835 return gen_portrange(port1, port2, real_proto, dir); 4836#else 4837 { 4838 struct block b; 4839* b = gen_portrange(port1, port2, real_proto, dir); 4840 gen_or(gen_portrange6(port1, port2, real_proto, dir), b); 4841 return b; 4842 } 4843#endif /* INET6 / 4844*
4145 case Q_GATEWAY: 4146#ifndef INET6 4147 eaddr = pcap_ether_hostton(name); 4148 if (eaddr == NULL) 4149 bpf_error("unknown ether host: %s", name); 4150 4151 alist = pcap_nametoaddr(name); 4152 if (alist == NULL \|\| alist == NULL) --- 131 unchanged lines hidden* (view full) --- 4284 { 4285 struct block b; 4286* b = gen_port((int)v, proto, dir); 4287 gen_or(gen_port6((int)v, proto, dir), b); 4288 return b; 4289 } 4290#endif /* INET6 / 4291*	4845 case Q_GATEWAY: 4846#ifndef INET6 4847 eaddr = pcap_ether_hostton(name); 4848 if (eaddr == NULL) 4849 bpf_error("unknown ether host: %s", name); 4850 4851 alist = pcap_nametoaddr(name); 4852 if (alist == NULL \|\| alist == NULL) --- 131 unchanged lines hidden* (view full) --- 4984 { 4985 struct block b; 4986* b = gen_port((int)v, proto, dir); 4987 gen_or(gen_port6((int)v, proto, dir), b); 4988 return b; 4989 } 4990#endif /* INET6 / 4991*
	4992 case Q_PORTRANGE: 4993 if (proto == Q_UDP) 4994 proto = IPPROTO_UDP; 4995 else if (proto == Q_TCP) 4996 proto = IPPROTO_TCP; 4997 else if (proto == Q_SCTP) 4998 proto = IPPROTO_SCTP; 4999 else if (proto == Q_DEFAULT) 5000 proto = PROTO_UNDEF; 5001 else 5002 bpf_error("illegal qualifier of 'portrange'"); 5003 5004#ifndef INET6 5005 return gen_portrange((int)v, (int)v, proto, dir); 5006#else 5007 { 5008 struct block b; 5009* b = gen_portrange((int)v, (int)v, proto, dir); 5010 gen_or(gen_portrange6((int)v, (int)v, proto, dir), b); 5011 return b; 5012 } 5013#endif /* INET6 / 5014*
4292 case Q_GATEWAY: 4293 bpf_error("'gateway' requires a name"); 4294 /* NOTREACHED / 4295* 4296 case Q_PROTO: 4297 return gen_proto((int)v, proto, dir); 4298 4299 case Q_PROTOCHAIN: --- 78 unchanged lines hidden (view full) --- 4378 4379 if ((q.addr == Q_HOST \|\| q.addr == Q_DEFAULT) && q.proto == Q_LINK) { 4380 if (linktype == DLT_EN10MB) 4381 return gen_ehostop(eaddr, (int)q.dir); 4382 if (linktype == DLT_FDDI) 4383 return gen_fhostop(eaddr, (int)q.dir); 4384 if (linktype == DLT_IEEE802) 4385 return gen_thostop(eaddr, (int)q.dir);	5015 case Q_GATEWAY: 5016 bpf_error("'gateway' requires a name"); 5017 /* NOTREACHED / 5018* 5019 case Q_PROTO: 5020 return gen_proto((int)v, proto, dir); 5021 5022 case Q_PROTOCHAIN: --- 78 unchanged lines hidden (view full) --- 5101 5102 if ((q.addr == Q_HOST \|\| q.addr == Q_DEFAULT) && q.proto == Q_LINK) { 5103 if (linktype == DLT_EN10MB) 5104 return gen_ehostop(eaddr, (int)q.dir); 5105 if (linktype == DLT_FDDI) 5106 return gen_fhostop(eaddr, (int)q.dir); 5107 if (linktype == DLT_IEEE802) 5108 return gen_thostop(eaddr, (int)q.dir);
4386 if (linktype == DLT_IEEE802_11)	5109 if (linktype == DLT_IEEE802_11 \|\| 5110 linktype == DLT_IEEE802_11_RADIO_AVS \|\| 5111 linktype == DLT_IEEE802_11_RADIO \|\| 5112 linktype == DLT_PRISM_HEADER)
4387 return gen_wlanhostop(eaddr, (int)q.dir); 4388 if (linktype == DLT_SUNATM && is_lane) { 4389 /* 4390 * Check that the packet doesn't begin with an 4391 * LE Control marker. (We've already generated 4392 * a test for LANE.) 4393 */	5113 return gen_wlanhostop(eaddr, (int)q.dir); 5114 if (linktype == DLT_SUNATM && is_lane) { 5115 /* 5116 * Check that the packet doesn't begin with an 5117 * LE Control marker. (We've already generated 5118 * a test for LANE.) 5119 */
4394 tmp = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);	5120 tmp = gen_cmp(OR_LINK, SUNATM_PKT_BEGIN_POS, BPF_H, 5121 0xFF00);
4395 gen_not(tmp); 4396 4397 /* 4398 * Now check the MAC address. 4399 / 4400* b = gen_ehostop(eaddr, (int)q.dir); 4401 gen_and(tmp, b); 4402 return b; --- 36 unchanged lines hidden (view full) --- 4439{ 4440 struct slist s; 4441* 4442 s = new_stmt(BPF_LD\|BPF_MEM); 4443 s->s.k = a->regno; 4444 return s; 4445} 4446	5122 gen_not(tmp); 5123 5124 /* 5125 * Now check the MAC address. 5126 / 5127* b = gen_ehostop(eaddr, (int)q.dir); 5128 gen_and(tmp, b); 5129 return b; --- 36 unchanged lines hidden (view full) --- 5166{ 5167 struct slist s; 5168* 5169 s = new_stmt(BPF_LD\|BPF_MEM); 5170 s->s.k = a->regno; 5171 return s; 5172} 5173
	5174/* 5175 * Modify "index" to use the value stored into its register as an 5176 * offset relative to the beginning of the header for the protocol 5177 * "proto", and allocate a register and put an item "size" bytes long 5178 * (1, 2, or 4) at that offset into that register, making it the register 5179 * for "index". 5180 */
4447struct arth * 4448gen_load(proto, index, size) 4449 int proto; 4450 struct arth index; 4451* int size; 4452{ 4453 struct slist s, tmp; 4454 struct block b; --- 16 unchanged lines hidden* (view full) --- 4471 case 4: 4472 size = BPF_W; 4473 break; 4474 } 4475 switch (proto) { 4476 default: 4477 bpf_error("unsupported index operation"); 4478	5181struct arth * 5182gen_load(proto, index, size) 5183 int proto; 5184 struct arth index; 5185* int size; 5186{ 5187 struct slist s, tmp; 5188 struct block b; --- 16 unchanged lines hidden* (view full) --- 5205 case 4: 5206 size = BPF_W; 5207 break; 5208 } 5209 switch (proto) { 5210 default: 5211 bpf_error("unsupported index operation"); 5212
	5213 case Q_RADIO: 5214 /* 5215 * The offset is relative to the beginning of the packet 5216 * data, if we have a radio header. (If we don't, this 5217 * is an error.) 5218 / 5219* if (linktype != DLT_IEEE802_11_RADIO_AVS && 5220 linktype != DLT_IEEE802_11_RADIO && 5221 linktype != DLT_PRISM_HEADER) 5222 bpf_error("radio information not present in capture"); 5223 5224 /* 5225 * Load into the X register the offset computed into the 5226 * register specifed by "index". 5227 / 5228* s = xfer_to_x(index); 5229 5230 /* 5231 * Load the item at that offset. 5232 / 5233* tmp = new_stmt(BPF_LD\|BPF_IND\|size); 5234 sappend(s, tmp); 5235 sappend(index->s, s); 5236 break; 5237
4479 case Q_LINK: 4480 /*	5238 case Q_LINK: 5239 /*
	5240 * The offset is relative to the beginning of 5241 * the link-layer header. 5242 *
4481 * XXX - what about ATM LANE? Should the index be 4482 * relative to the beginning of the AAL5 frame, so 4483 * that 0 refers to the beginning of the LE Control 4484 * field, or relative to the beginning of the LAN 4485 * frame, so that 0 refers, for Ethernet LANE, to 4486 * the beginning of the destination address? 4487 */	5243 * XXX - what about ATM LANE? Should the index be 5244 * relative to the beginning of the AAL5 frame, so 5245 * that 0 refers to the beginning of the LE Control 5246 * field, or relative to the beginning of the LAN 5247 * frame, so that 0 refers, for Ethernet LANE, to 5248 * the beginning of the destination address? 5249 */
4488 s = xfer_to_x(index);	5250 s = gen_llprefixlen(); 5251 5252 /* 5253 * If "s" is non-null, it has code to arrange that the 5254 * X register contains the length of the prefix preceding 5255 * the link-layer header. Add to it the offset computed 5256 * into the register specified by "index", and move that 5257 * into the X register. Otherwise, just load into the X 5258 * register the offset computed into the register specifed 5259 * by "index". 5260 / 5261* if (s != NULL) { 5262 sappend(s, xfer_to_a(index)); 5263 sappend(s, new_stmt(BPF_ALU\|BPF_ADD\|BPF_X)); 5264 sappend(s, new_stmt(BPF_MISC\|BPF_TAX)); 5265 } else 5266 s = xfer_to_x(index); 5267 5268 /* 5269 * Load the item at the sum of the offset we've put in the 5270 * X register and the offset of the start of the link 5271 * layer header (which is 0 if the radio header is 5272 * variable-length; that header length is what we put 5273 * into the X register and then added to the index). 5274 */
4489 tmp = new_stmt(BPF_LD\|BPF_IND\|size);	5275 tmp = new_stmt(BPF_LD\|BPF_IND\|size);
	5276 tmp->s.k = off_ll;
4490 sappend(s, tmp); 4491 sappend(index->s, s); 4492 break; 4493 4494 case Q_IP: 4495 case Q_ARP: 4496 case Q_RARP: 4497 case Q_ATALK: 4498 case Q_DECNET: 4499 case Q_SCA: 4500 case Q_LAT: 4501 case Q_MOPRC: 4502 case Q_MOPDL: 4503#ifdef INET6 4504 case Q_IPV6: 4505#endif	5277 sappend(s, tmp); 5278 sappend(index->s, s); 5279 break; 5280 5281 case Q_IP: 5282 case Q_ARP: 5283 case Q_RARP: 5284 case Q_ATALK: 5285 case Q_DECNET: 5286 case Q_SCA: 5287 case Q_LAT: 5288 case Q_MOPRC: 5289 case Q_MOPDL: 5290#ifdef INET6 5291 case Q_IPV6: 5292#endif
4506 /* XXX Note that we assume a fixed link header here. / 4507* s = xfer_to_x(index);	5293 /* 5294 * The offset is relative to the beginning of 5295 * the network-layer header. 5296 * XXX - are there any cases where we want 5297 * off_nl_nosnap? 5298 / 5299* s = gen_llprefixlen(); 5300 5301 /* 5302 * If "s" is non-null, it has code to arrange that the 5303 * X register contains the length of the prefix preceding 5304 * the link-layer header. Add to it the offset computed 5305 * into the register specified by "index", and move that 5306 * into the X register. Otherwise, just load into the X 5307 * register the offset computed into the register specifed 5308 * by "index". 5309 / 5310* if (s != NULL) { 5311 sappend(s, xfer_to_a(index)); 5312 sappend(s, new_stmt(BPF_ALU\|BPF_ADD\|BPF_X)); 5313 sappend(s, new_stmt(BPF_MISC\|BPF_TAX)); 5314 } else 5315 s = xfer_to_x(index); 5316 5317 /* 5318 * Load the item at the sum of the offset we've put in the 5319 * X register and the offset of the start of the network 5320 * layer header. 5321 */
4508 tmp = new_stmt(BPF_LD\|BPF_IND\|size); 4509 tmp->s.k = off_nl; 4510 sappend(s, tmp); 4511 sappend(index->s, s); 4512	5322 tmp = new_stmt(BPF_LD\|BPF_IND\|size); 5323 tmp->s.k = off_nl; 5324 sappend(s, tmp); 5325 sappend(index->s, s); 5326
	5327 /* 5328 * Do the computation only if the packet contains 5329 * the protocol in question. 5330 */
4513 b = gen_proto_abbrev(proto); 4514 if (index->b) 4515 gen_and(index->b, b); 4516 index->b = b; 4517 break; 4518 4519 case Q_SCTP: 4520 case Q_TCP: 4521 case Q_UDP: 4522 case Q_ICMP: 4523 case Q_IGMP: 4524 case Q_IGRP: 4525 case Q_PIM: 4526 case Q_VRRP:	5331 b = gen_proto_abbrev(proto); 5332 if (index->b) 5333 gen_and(index->b, b); 5334 index->b = b; 5335 break; 5336 5337 case Q_SCTP: 5338 case Q_TCP: 5339 case Q_UDP: 5340 case Q_ICMP: 5341 case Q_IGMP: 5342 case Q_IGRP: 5343 case Q_PIM: 5344 case Q_VRRP:
4527 s = new_stmt(BPF_LDX\|BPF_MSH\|BPF_B); 4528 s->s.k = off_nl;	5345 /* 5346 * The offset is relative to the beginning of 5347 * the transport-layer header. 5348 * XXX - are there any cases where we want 5349 * off_nl_nosnap? 5350 * XXX - we should, if we're built with 5351 * IPv6 support, generate code to load either 5352 * IPv4, IPv6, or both, as appropriate. 5353 / 5354* s = gen_loadx_iphdrlen(); 5355 5356 /* 5357 * The X register now contains the sum of the offset 5358 * of the beginning of the link-layer header and 5359 * the length of the network-layer header. Load 5360 * into the A register the offset relative to 5361 * the beginning of the transport layer header, 5362 * add the X register to that, move that to the 5363 * X register, and load with an offset from the 5364 * X register equal to the offset of the network 5365 * layer header relative to the beginning of 5366 * the link-layer header. 5367 */
4529 sappend(s, xfer_to_a(index)); 4530 sappend(s, new_stmt(BPF_ALU\|BPF_ADD\|BPF_X)); 4531 sappend(s, new_stmt(BPF_MISC\|BPF_TAX)); 4532 sappend(s, tmp = new_stmt(BPF_LD\|BPF_IND\|size)); 4533 tmp->s.k = off_nl; 4534 sappend(index->s, s); 4535	5368 sappend(s, xfer_to_a(index)); 5369 sappend(s, new_stmt(BPF_ALU\|BPF_ADD\|BPF_X)); 5370 sappend(s, new_stmt(BPF_MISC\|BPF_TAX)); 5371 sappend(s, tmp = new_stmt(BPF_LD\|BPF_IND\|size)); 5372 tmp->s.k = off_nl; 5373 sappend(index->s, s); 5374
	5375 /* 5376 * Do the computation only if the packet contains 5377 * the protocol in question - which is true only 5378 * if this is an IP datagram and is the first or 5379 * only fragment of that datagram. 5380 */
4536 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag()); 4537 if (index->b) 4538 gen_and(index->b, b); 4539#ifdef INET6 4540 gen_and(gen_proto_abbrev(Q_IP), b); 4541#endif 4542 index->b = b; 4543 break; --- 209 unchanged lines hidden (view full) --- 4753 struct block b; 4754* 4755 b = gen_len(BPF_JGT, n); 4756 gen_not(b); 4757 4758 return b; 4759} 4760	5381 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag()); 5382 if (index->b) 5383 gen_and(index->b, b); 5384#ifdef INET6 5385 gen_and(gen_proto_abbrev(Q_IP), b); 5386#endif 5387 index->b = b; 5388 break; --- 209 unchanged lines hidden (view full) --- 5598 struct block b; 5599* 5600 b = gen_len(BPF_JGT, n); 5601 gen_not(b); 5602 5603 return b; 5604} 5605
	5606/* 5607 * This is for "byte {idx} {op} {val}"; "idx" is treated as relative to 5608 * the beginning of the link-layer header. 5609 * XXX - that means you can't test values in the radiotap header, but 5610 * as that header is difficult if not impossible to parse generally 5611 * without a loop, that might not be a severe problem. A new keyword 5612 * "radio" could be added for that, although what you'd really want 5613 * would be a way of testing particular radio header values, which 5614 * would generate code appropriate to the radio header in question. 5615 */
4761struct block * 4762gen_byteop(op, idx, val) 4763 int op, idx, val; 4764{ 4765 struct block b; 4766* struct slist s; 4767* 4768 switch (op) { 4769 default: 4770 abort(); 4771 4772 case '=':	5616struct block * 5617gen_byteop(op, idx, val) 5618 int op, idx, val; 5619{ 5620 struct block b; 5621* struct slist s; 5622* 5623 switch (op) { 5624 default: 5625 abort(); 5626 5627 case '=':
4773 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);	5628 return gen_cmp(OR_LINK, (u_int)idx, BPF_B, (bpf_int32)val);
4774 4775 case '<':	5629 5630 case '<':
4776 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 4777 b->s.code = JMP(BPF_JGE); 4778 gen_not(b);	5631 b = gen_cmp_lt(OR_LINK, (u_int)idx, BPF_B, (bpf_int32)val);
4779 return b; 4780 4781 case '>':	5632 return b; 5633 5634 case '>':
4782 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 4783 b->s.code = JMP(BPF_JGT);	5635 b = gen_cmp_gt(OR_LINK, (u_int)idx, BPF_B, (bpf_int32)val);
4784 return b; 4785 4786 case '\|': 4787 s = new_stmt(BPF_ALU\|BPF_OR\|BPF_K); 4788 break; 4789 4790 case '&': 4791 s = new_stmt(BPF_ALU\|BPF_AND\|BPF_K); --- 24 unchanged lines hidden (view full) --- 4816 if (linktype == DLT_ARCNET \|\| linktype == DLT_ARCNET_LINUX) 4817 return gen_ahostop(abroadcast, Q_DST); 4818 if (linktype == DLT_EN10MB) 4819 return gen_ehostop(ebroadcast, Q_DST); 4820 if (linktype == DLT_FDDI) 4821 return gen_fhostop(ebroadcast, Q_DST); 4822 if (linktype == DLT_IEEE802) 4823 return gen_thostop(ebroadcast, Q_DST);	5636 return b; 5637 5638 case '\|': 5639 s = new_stmt(BPF_ALU\|BPF_OR\|BPF_K); 5640 break; 5641 5642 case '&': 5643 s = new_stmt(BPF_ALU\|BPF_AND\|BPF_K); --- 24 unchanged lines hidden (view full) --- 5668 if (linktype == DLT_ARCNET \|\| linktype == DLT_ARCNET_LINUX) 5669 return gen_ahostop(abroadcast, Q_DST); 5670 if (linktype == DLT_EN10MB) 5671 return gen_ehostop(ebroadcast, Q_DST); 5672 if (linktype == DLT_FDDI) 5673 return gen_fhostop(ebroadcast, Q_DST); 5674 if (linktype == DLT_IEEE802) 5675 return gen_thostop(ebroadcast, Q_DST);
4824 if (linktype == DLT_IEEE802_11)	5676 if (linktype == DLT_IEEE802_11 \|\| 5677 linktype == DLT_IEEE802_11_RADIO_AVS \|\| 5678 linktype == DLT_IEEE802_11_RADIO \|\| 5679 linktype == DLT_PRISM_HEADER)
4825 return gen_wlanhostop(ebroadcast, Q_DST); 4826 if (linktype == DLT_IP_OVER_FC) 4827 return gen_ipfchostop(ebroadcast, Q_DST); 4828 if (linktype == DLT_SUNATM && is_lane) { 4829 /* 4830 * Check that the packet doesn't begin with an 4831 * LE Control marker. (We've already generated 4832 * a test for LANE.) 4833 */	5680 return gen_wlanhostop(ebroadcast, Q_DST); 5681 if (linktype == DLT_IP_OVER_FC) 5682 return gen_ipfchostop(ebroadcast, Q_DST); 5683 if (linktype == DLT_SUNATM && is_lane) { 5684 /* 5685 * Check that the packet doesn't begin with an 5686 * LE Control marker. (We've already generated 5687 * a test for LANE.) 5688 */
4834 b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);	5689 b1 = gen_cmp(OR_LINK, SUNATM_PKT_BEGIN_POS, BPF_H, 5690 0xFF00);
4835 gen_not(b1); 4836 4837 /* 4838 * Now check the MAC address. 4839 / 4840* b0 = gen_ehostop(ebroadcast, Q_DST); 4841 gen_and(b1, b0); 4842 return b0; 4843 } 4844 bpf_error("not a broadcast link"); 4845 break; 4846 4847 case Q_IP: 4848 b0 = gen_linktype(ETHERTYPE_IP); 4849 hostmask = ~netmask;	5691 gen_not(b1); 5692 5693 /* 5694 * Now check the MAC address. 5695 / 5696* b0 = gen_ehostop(ebroadcast, Q_DST); 5697 gen_and(b1, b0); 5698 return b0; 5699 } 5700 bpf_error("not a broadcast link"); 5701 break; 5702 5703 case Q_IP: 5704 b0 = gen_linktype(ETHERTYPE_IP); 5705 hostmask = ~netmask;
4850 b1 = gen_mcmp(off_nl + 16, BPF_W, (bpf_int32)0, hostmask); 4851 b2 = gen_mcmp(off_nl + 16, BPF_W,	5706 b1 = gen_mcmp(OR_NET, 16, BPF_W, (bpf_int32)0, hostmask); 5707 b2 = gen_mcmp(OR_NET, 16, BPF_W,
4852 (bpf_int32)(~0 & hostmask), hostmask); 4853 gen_or(b1, b2); 4854 gen_and(b0, b2); 4855 return b2; 4856 } 4857 bpf_error("only link-layer/IP broadcast filters supported"); 4858 /* NOTREACHED / 4859} --- 5 unchanged lines hidden* (view full) --- 4865static struct block * 4866gen_mac_multicast(offset) 4867 int offset; 4868{ 4869 register struct block b0; 4870* register struct slist s; 4871* 4872 /* link[offset] & 1 != 0 */	5708 (bpf_int32)(~0 & hostmask), hostmask); 5709 gen_or(b1, b2); 5710 gen_and(b0, b2); 5711 return b2; 5712 } 5713 bpf_error("only link-layer/IP broadcast filters supported"); 5714 /* NOTREACHED / 5715} --- 5 unchanged lines hidden* (view full) --- 5721static struct block * 5722gen_mac_multicast(offset) 5723 int offset; 5724{ 5725 register struct block b0; 5726* register struct slist s; 5727* 5728 /* link[offset] & 1 != 0 */
4873 s = new_stmt(BPF_LD\|BPF_B\|BPF_ABS); 4874 s->s.k = offset;	5729 s = gen_load_a(OR_LINK, offset, BPF_B);
4875 b0 = new_block(JMP(BPF_JSET)); 4876 b0->s.k = 1; 4877 b0->stmts = s; 4878 return b0; 4879} 4880 4881struct block * 4882gen_multicast(proto) --- 25 unchanged lines hidden (view full) --- 4908 return gen_mac_multicast(1); 4909 } 4910 4911 if (linktype == DLT_IEEE802) { 4912 /* tr[2] & 1 != 0 / 4913* return gen_mac_multicast(2); 4914 } 4915	5730 b0 = new_block(JMP(BPF_JSET)); 5731 b0->s.k = 1; 5732 b0->stmts = s; 5733 return b0; 5734} 5735 5736struct block * 5737gen_multicast(proto) --- 25 unchanged lines hidden (view full) --- 5763 return gen_mac_multicast(1); 5764 } 5765 5766 if (linktype == DLT_IEEE802) { 5767 /* tr[2] & 1 != 0 / 5768* return gen_mac_multicast(2); 5769 } 5770
4916 if (linktype == DLT_IEEE802_11) {	5771 if (linktype == DLT_IEEE802_11 \|\| 5772 linktype == DLT_IEEE802_11_RADIO_AVS \|\| 5773 linktype == DLT_IEEE802_11_RADIO \|\| 5774 linktype == DLT_PRISM_HEADER) {
4917 /* 4918 * Oh, yuk. 4919 * 4920 * For control frames, there is no DA. 4921 * 4922 * For management frames, DA is at an 4923 * offset of 4 from the beginning of 4924 * the packet. --- 5 unchanged lines hidden (view full) --- 4930 * if To DS is set. 4931 / 4932* 4933 /* 4934 * Generate the tests to be done for data frames. 4935 * 4936 * First, check for To DS set, i.e. "link[1] & 0x01". 4937 */	5775 /* 5776 * Oh, yuk. 5777 * 5778 * For control frames, there is no DA. 5779 * 5780 * For management frames, DA is at an 5781 * offset of 4 from the beginning of 5782 * the packet. --- 5 unchanged lines hidden (view full) --- 5788 * if To DS is set. 5789 / 5790* 5791 /* 5792 * Generate the tests to be done for data frames. 5793 * 5794 * First, check for To DS set, i.e. "link[1] & 0x01". 5795 */
4938 s = new_stmt(BPF_LD\|BPF_B\|BPF_ABS); 4939 s->s.k = 1;	5796 s = gen_load_a(OR_LINK, 1, BPF_B);
4940 b1 = new_block(JMP(BPF_JSET)); 4941 b1->s.k = 0x01; /* To DS / 4942* b1->stmts = s; 4943 4944 /* 4945 * If To DS is set, the DA is at 16. 4946 / 4947* b0 = gen_mac_multicast(16); 4948 gen_and(b1, b0); 4949 4950 /* 4951 * Now, check for To DS not set, i.e. check 4952 * "!(link[1] & 0x01)". 4953 */	5797 b1 = new_block(JMP(BPF_JSET)); 5798 b1->s.k = 0x01; /* To DS / 5799* b1->stmts = s; 5800 5801 /* 5802 * If To DS is set, the DA is at 16. 5803 / 5804* b0 = gen_mac_multicast(16); 5805 gen_and(b1, b0); 5806 5807 /* 5808 * Now, check for To DS not set, i.e. check 5809 * "!(link[1] & 0x01)". 5810 */
4954 s = new_stmt(BPF_LD\|BPF_B\|BPF_ABS); 4955 s->s.k = 1;	5811 s = gen_load_a(OR_LINK, 1, BPF_B);
4956 b2 = new_block(JMP(BPF_JSET)); 4957 b2->s.k = 0x01; /* To DS / 4958* b2->stmts = s; 4959 gen_not(b2); 4960 4961 /* 4962 * If To DS is not set, the DA is at 4. 4963 / --- 5 unchanged lines hidden* (view full) --- 4969 * the complete set of checks for data frames. 4970 / 4971* gen_or(b1, b0); 4972 4973 /* 4974 * Now check for a data frame. 4975 * I.e, check "link[0] & 0x08". 4976 */	5812 b2 = new_block(JMP(BPF_JSET)); 5813 b2->s.k = 0x01; /* To DS / 5814* b2->stmts = s; 5815 gen_not(b2); 5816 5817 /* 5818 * If To DS is not set, the DA is at 4. 5819 / --- 5 unchanged lines hidden* (view full) --- 5825 * the complete set of checks for data frames. 5826 / 5827* gen_or(b1, b0); 5828 5829 /* 5830 * Now check for a data frame. 5831 * I.e, check "link[0] & 0x08". 5832 */
4977 s = new_stmt(BPF_LD\|BPF_B\|BPF_ABS); 4978 s->s.k = 0;	5833 s = gen_load_a(OR_LINK, 0, BPF_B);
4979 b1 = new_block(JMP(BPF_JSET)); 4980 b1->s.k = 0x08; 4981 b1->stmts = s; 4982 4983 /* 4984 * AND that with the checks done for data frames. 4985 / 4986* gen_and(b1, b0); 4987 4988 /* 4989 * If the high-order bit of the type value is 0, this 4990 * is a management frame. 4991 * I.e, check "!(link[0] & 0x08)". 4992 */	5834 b1 = new_block(JMP(BPF_JSET)); 5835 b1->s.k = 0x08; 5836 b1->stmts = s; 5837 5838 /* 5839 * AND that with the checks done for data frames. 5840 / 5841* gen_and(b1, b0); 5842 5843 /* 5844 * If the high-order bit of the type value is 0, this 5845 * is a management frame. 5846 * I.e, check "!(link[0] & 0x08)". 5847 */
4993 s = new_stmt(BPF_LD\|BPF_B\|BPF_ABS); 4994 s->s.k = 0;	5848 s = gen_load_a(OR_LINK, 0, BPF_B);
4995 b2 = new_block(JMP(BPF_JSET)); 4996 b2->s.k = 0x08; 4997 b2->stmts = s; 4998 gen_not(b2); 4999 5000 /* 5001 * For management frames, the DA is at 4. 5002 / --- 10 unchanged lines hidden* (view full) --- 5013 /* 5014 * If the low-order bit of the type value is 1, 5015 * this is either a control frame or a frame 5016 * with a reserved type, and thus not a 5017 * frame with an SA. 5018 * 5019 * I.e., check "!(link[0] & 0x04)". 5020 */	5849 b2 = new_block(JMP(BPF_JSET)); 5850 b2->s.k = 0x08; 5851 b2->stmts = s; 5852 gen_not(b2); 5853 5854 /* 5855 * For management frames, the DA is at 4. 5856 / --- 10 unchanged lines hidden* (view full) --- 5867 /* 5868 * If the low-order bit of the type value is 1, 5869 * this is either a control frame or a frame 5870 * with a reserved type, and thus not a 5871 * frame with an SA. 5872 * 5873 * I.e., check "!(link[0] & 0x04)". 5874 */
5021 s = new_stmt(BPF_LD\|BPF_B\|BPF_ABS); 5022 s->s.k = 0;	5875 s = gen_load_a(OR_LINK, 0, BPF_B);
5023 b1 = new_block(JMP(BPF_JSET)); 5024 b1->s.k = 0x04; 5025 b1->stmts = s; 5026 gen_not(b1); 5027 5028 /* 5029 * AND that with the checks for data and management 5030 * frames. --- 8 unchanged lines hidden (view full) --- 5039 } 5040 5041 if (linktype == DLT_SUNATM && is_lane) { 5042 /* 5043 * Check that the packet doesn't begin with an 5044 * LE Control marker. (We've already generated 5045 * a test for LANE.) 5046 */	5876 b1 = new_block(JMP(BPF_JSET)); 5877 b1->s.k = 0x04; 5878 b1->stmts = s; 5879 gen_not(b1); 5880 5881 /* 5882 * AND that with the checks for data and management 5883 * frames. --- 8 unchanged lines hidden (view full) --- 5892 } 5893 5894 if (linktype == DLT_SUNATM && is_lane) { 5895 /* 5896 * Check that the packet doesn't begin with an 5897 * LE Control marker. (We've already generated 5898 * a test for LANE.) 5899 */
5047 b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);	5900 b1 = gen_cmp(OR_LINK, SUNATM_PKT_BEGIN_POS, BPF_H, 5901 0xFF00);
5048 gen_not(b1); 5049 5050 /* ether[off_mac] & 1 != 0 / 5051* b0 = gen_mac_multicast(off_mac); 5052 gen_and(b1, b0); 5053 return b0; 5054 } 5055 5056 /* Link not known to support multicasts / 5057* break; 5058 5059 case Q_IP: 5060 b0 = gen_linktype(ETHERTYPE_IP);	5902 gen_not(b1); 5903 5904 /* ether[off_mac] & 1 != 0 / 5905* b0 = gen_mac_multicast(off_mac); 5906 gen_and(b1, b0); 5907 return b0; 5908 } 5909 5910 /* Link not known to support multicasts / 5911* break; 5912 5913 case Q_IP: 5914 b0 = gen_linktype(ETHERTYPE_IP);
5061 b1 = gen_cmp(off_nl + 16, BPF_B, (bpf_int32)224); 5062 b1->s.code = JMP(BPF_JGE);	5915 b1 = gen_cmp_ge(OR_NET, 16, BPF_B, (bpf_int32)224);
5063 gen_and(b0, b1); 5064 return b1; 5065 5066#ifdef INET6 5067 case Q_IPV6: 5068 b0 = gen_linktype(ETHERTYPE_IPV6);	5916 gen_and(b0, b1); 5917 return b1; 5918 5919#ifdef INET6 5920 case Q_IPV6: 5921 b0 = gen_linktype(ETHERTYPE_IPV6);
5069 b1 = gen_cmp(off_nl + 24, BPF_B, (bpf_int32)255);	5922 b1 = gen_cmp(OR_NET, 24, BPF_B, (bpf_int32)255);
5070 gen_and(b0, b1); 5071 return b1; 5072#endif /* INET6 / 5073* } 5074 bpf_error("link-layer multicast filters supported only on ethernet/FDDI/token ring/ARCNET/802.11/ATM LANE/Fibre Channel"); 5075 /* NOTREACHED / 5076} 5077* --- 19 unchanged lines hidden (view full) --- 5097 dir); 5098 break; 5099 5100 case DLT_LINUX_SLL: 5101 if (dir) { 5102 /* 5103 * Match packets sent by this machine. 5104 */	5923 gen_and(b0, b1); 5924 return b1; 5925#endif /* INET6 / 5926* } 5927 bpf_error("link-layer multicast filters supported only on ethernet/FDDI/token ring/ARCNET/802.11/ATM LANE/Fibre Channel"); 5928 /* NOTREACHED / 5929} 5930* --- 19 unchanged lines hidden (view full) --- 5950 dir); 5951 break; 5952 5953 case DLT_LINUX_SLL: 5954 if (dir) { 5955 /* 5956 * Match packets sent by this machine. 5957 */
5105 b0 = gen_cmp(0, BPF_H, LINUX_SLL_OUTGOING);	5958 b0 = gen_cmp(OR_LINK, 0, BPF_H, LINUX_SLL_OUTGOING);
5106 } else { 5107 /* 5108 * Match packets sent to this machine. 5109 * (No broadcast or multicast packets, or 5110 * packets sent to some other machine and 5111 * received promiscuously.) 5112 * 5113 * XXX - packets sent to other machines probably 5114 * shouldn't be matched, but what about broadcast 5115 * or multicast packets we received? 5116 */	5959 } else { 5960 /* 5961 * Match packets sent to this machine. 5962 * (No broadcast or multicast packets, or 5963 * packets sent to some other machine and 5964 * received promiscuously.) 5965 * 5966 * XXX - packets sent to other machines probably 5967 * shouldn't be matched, but what about broadcast 5968 * or multicast packets we received? 5969 */
5117 b0 = gen_cmp(0, BPF_H, LINUX_SLL_HOST);	5970 b0 = gen_cmp(OR_LINK, 0, BPF_H, LINUX_SLL_HOST);
5118 } 5119 break; 5120 5121 case DLT_PFLOG:	5971 } 5972 break; 5973 5974 case DLT_PFLOG:
5122 b0 = gen_cmp(offsetof(struct pfloghdr, dir), BPF_B,	5975 b0 = gen_cmp(OR_LINK, offsetof(struct pfloghdr, dir), BPF_B,
5123 (bpf_int32)((dir == 0) ? PF_IN : PF_OUT)); 5124 break; 5125 5126 case DLT_PPP_PPPD: 5127 if (dir) { 5128 /* match outgoing packets */	5976 (bpf_int32)((dir == 0) ? PF_IN : PF_OUT)); 5977 break; 5978 5979 case DLT_PPP_PPPD: 5980 if (dir) { 5981 /* match outgoing packets */
5129 b0 = gen_cmp(0, BPF_B, PPP_PPPD_OUT);	5982 b0 = gen_cmp(OR_LINK, 0, BPF_B, PPP_PPPD_OUT);
5130 } else { 5131 /* match incoming packets */	5983 } else { 5984 /* match incoming packets */
5132 b0 = gen_cmp(0, BPF_B, PPP_PPPD_IN);	5985 b0 = gen_cmp(OR_LINK, 0, BPF_B, PPP_PPPD_IN);
5133 } 5134 break; 5135 5136 case DLT_JUNIPER_MLFR: 5137 case DLT_JUNIPER_MLPPP: 5138 case DLT_JUNIPER_ATM1: 5139 case DLT_JUNIPER_ATM2:	5986 } 5987 break; 5988 5989 case DLT_JUNIPER_MLFR: 5990 case DLT_JUNIPER_MLPPP: 5991 case DLT_JUNIPER_ATM1: 5992 case DLT_JUNIPER_ATM2:
	5993 case DLT_JUNIPER_PPPOE: 5994 case DLT_JUNIPER_PPPOE_ATM: 5995 case DLT_JUNIPER_GGSN: 5996 case DLT_JUNIPER_ES: 5997 case DLT_JUNIPER_MONITOR: 5998 case DLT_JUNIPER_SERVICES:
5140 /* juniper flags (including direction) are stored 5141 * the byte after the 3-byte magic number / 5142* if (dir) { 5143 /* match outgoing packets */	5999 /* juniper flags (including direction) are stored 6000 * the byte after the 3-byte magic number / 6001* if (dir) { 6002 /* match outgoing packets */
5144 b0 = gen_mcmp(3, BPF_B, 0, 0x01);	6003 b0 = gen_mcmp(OR_LINK, 3, BPF_B, 0, 0x01);
5145 } else { 5146 /* match incoming packets */	6004 } else { 6005 /* match incoming packets */
5147 b0 = gen_mcmp(3, BPF_B, 1, 0x01);	6006 b0 = gen_mcmp(OR_LINK, 3, BPF_B, 1, 0x01);
5148 } 5149 break; 5150 5151 default: 5152 bpf_error("inbound/outbound not supported on linktype %d", 5153 linktype); 5154 b0 = NULL; 5155 /* NOTREACHED / --- 15 unchanged lines hidden* (view full) --- 5171 bpf_error("ifname not supported on linktype 0x%x", linktype); 5172 /* NOTREACHED / 5173* } 5174 if (strlen(ifname) >= len) { 5175 bpf_error("ifname interface names can only be %d characters", 5176 len-1); 5177 /* NOTREACHED / 5178* }	6007 } 6008 break; 6009 6010 default: 6011 bpf_error("inbound/outbound not supported on linktype %d", 6012 linktype); 6013 b0 = NULL; 6014 /* NOTREACHED / --- 15 unchanged lines hidden* (view full) --- 6030 bpf_error("ifname not supported on linktype 0x%x", linktype); 6031 /* NOTREACHED / 6032* } 6033 if (strlen(ifname) >= len) { 6034 bpf_error("ifname interface names can only be %d characters", 6035 len-1); 6036 /* NOTREACHED / 6037* }
5179 b0 = gen_bcmp(off, strlen(ifname), (const u_char *)ifname);	6038 b0 = gen_bcmp(OR_LINK, off, strlen(ifname), (const u_char *)ifname);
5180 return (b0); 5181} 5182 5183/* PF firewall log matched interface / 5184struct block 5185gen_pf_ruleset(char ruleset) 5186{ 5187* struct block b0; 5188* 5189 if (linktype != DLT_PFLOG) { 5190 bpf_error("ruleset not supported on linktype 0x%x", linktype); 5191 /* NOTREACHED / 5192* } 5193 if (strlen(ruleset) >= sizeof(((struct pfloghdr )0)->ruleset)) { 5194* bpf_error("ruleset names can only be %ld characters", 5195 (long)(sizeof(((struct pfloghdr )0)->ruleset) - 1)); 5196* /* NOTREACHED / 5197* }	6039 return (b0); 6040} 6041 6042/* PF firewall log matched interface / 6043struct block 6044gen_pf_ruleset(char ruleset) 6045{ 6046* struct block b0; 6047* 6048 if (linktype != DLT_PFLOG) { 6049 bpf_error("ruleset not supported on linktype 0x%x", linktype); 6050 /* NOTREACHED / 6051* } 6052 if (strlen(ruleset) >= sizeof(((struct pfloghdr )0)->ruleset)) { 6053* bpf_error("ruleset names can only be %ld characters", 6054 (long)(sizeof(((struct pfloghdr )0)->ruleset) - 1)); 6055* /* NOTREACHED / 6056* }
5198 b0 = gen_bcmp(offsetof(struct pfloghdr, ruleset),	6057 b0 = gen_bcmp(OR_LINK, offsetof(struct pfloghdr, ruleset),
5199 strlen(ruleset), (const u_char )ruleset); 5200* return (b0); 5201} 5202 5203/* PF firewall log rule number / 5204struct block 5205gen_pf_rnr(int rnr) 5206{ 5207 struct block b0; 5208* 5209 if (linktype == DLT_PFLOG) {	6058 strlen(ruleset), (const u_char )ruleset); 6059* return (b0); 6060} 6061 6062/* PF firewall log rule number / 6063struct block 6064gen_pf_rnr(int rnr) 6065{ 6066 struct block b0; 6067* 6068 if (linktype == DLT_PFLOG) {
5210 b0 = gen_cmp(offsetof(struct pfloghdr, rulenr), BPF_W,	6069 b0 = gen_cmp(OR_LINK, offsetof(struct pfloghdr, rulenr), BPF_W,
5211 (bpf_int32)rnr); 5212 } else { 5213 bpf_error("rnr not supported on linktype 0x%x", linktype); 5214 /* NOTREACHED / 5215* } 5216 5217 return (b0); 5218} --- 4 unchanged lines hidden (view full) --- 5223{ 5224 struct block b0; 5225* 5226 if (linktype != DLT_PFLOG) { 5227 bpf_error("srnr not supported on linktype 0x%x", linktype); 5228 /* NOTREACHED / 5229* } 5230	6070 (bpf_int32)rnr); 6071 } else { 6072 bpf_error("rnr not supported on linktype 0x%x", linktype); 6073 /* NOTREACHED / 6074* } 6075 6076 return (b0); 6077} --- 4 unchanged lines hidden (view full) --- 6082{ 6083 struct block b0; 6084* 6085 if (linktype != DLT_PFLOG) { 6086 bpf_error("srnr not supported on linktype 0x%x", linktype); 6087 /* NOTREACHED / 6088* } 6089
5231 b0 = gen_cmp(offsetof(struct pfloghdr, subrulenr), BPF_W,	6090 b0 = gen_cmp(OR_LINK, offsetof(struct pfloghdr, subrulenr), BPF_W,
5232 (bpf_int32)srnr); 5233 return (b0); 5234} 5235 5236/* PF firewall log reason code / 5237struct block 5238gen_pf_reason(int reason) 5239{ 5240 struct block b0; 5241* 5242 if (linktype == DLT_PFLOG) {	6091 (bpf_int32)srnr); 6092 return (b0); 6093} 6094 6095/* PF firewall log reason code / 6096struct block 6097gen_pf_reason(int reason) 6098{ 6099 struct block b0; 6100* 6101 if (linktype == DLT_PFLOG) {
5243 b0 = gen_cmp(offsetof(struct pfloghdr, reason), BPF_B,	6102 b0 = gen_cmp(OR_LINK, offsetof(struct pfloghdr, reason), BPF_B,
5244 (bpf_int32)reason); 5245 } else { 5246 bpf_error("reason not supported on linktype 0x%x", linktype); 5247 /* NOTREACHED / 5248* } 5249 5250 return (b0); 5251} 5252 5253/* PF firewall log action / 5254struct block 5255gen_pf_action(int action) 5256{ 5257 struct block b0; 5258* 5259 if (linktype == DLT_PFLOG) {	6103 (bpf_int32)reason); 6104 } else { 6105 bpf_error("reason not supported on linktype 0x%x", linktype); 6106 /* NOTREACHED / 6107* } 6108 6109 return (b0); 6110} 6111 6112/* PF firewall log action / 6113struct block 6114gen_pf_action(int action) 6115{ 6116 struct block b0; 6117* 6118 if (linktype == DLT_PFLOG) {
5260 b0 = gen_cmp(offsetof(struct pfloghdr, action), BPF_B,	6119 b0 = gen_cmp(OR_LINK, offsetof(struct pfloghdr, action), BPF_B,
5261 (bpf_int32)action); 5262 } else { 5263 bpf_error("action not supported on linktype 0x%x", linktype); 5264 /* NOTREACHED / 5265* } 5266 5267 return (b0); 5268} --- 16 unchanged lines hidden (view full) --- 5285 register const u_char eaddr; 5286* register int dir; 5287{ 5288 register struct block b0, b1; 5289 5290 switch (dir) { 5291 /* src comes first, different from Ethernet / 5292* case Q_SRC:	6120 (bpf_int32)action); 6121 } else { 6122 bpf_error("action not supported on linktype 0x%x", linktype); 6123 /* NOTREACHED / 6124* } 6125 6126 return (b0); 6127} --- 16 unchanged lines hidden (view full) --- 6144 register const u_char eaddr; 6145* register int dir; 6146{ 6147 register struct block b0, b1; 6148 6149 switch (dir) { 6150 /* src comes first, different from Ethernet / 6151* case Q_SRC:
5293 return gen_bcmp(0, 1, eaddr);	6152 return gen_bcmp(OR_LINK, 0, 1, eaddr);
5294 5295 case Q_DST:	6153 6154 case Q_DST:
5296 return gen_bcmp(1, 1, eaddr);	6155 return gen_bcmp(OR_LINK, 1, 1, eaddr);
5297 5298 case Q_AND: 5299 b0 = gen_ahostop(eaddr, Q_SRC); 5300 b1 = gen_ahostop(eaddr, Q_DST); 5301 gen_and(b0, b1); 5302 return b1; 5303 5304 case Q_DEFAULT: --- 13 unchanged lines hidden (view full) --- 5318struct block * 5319gen_vlan(vlan_num) 5320 int vlan_num; 5321{ 5322 struct block b0; 5323* 5324 /* 5325 * Change the offsets to point to the type and data fields within	6156 6157 case Q_AND: 6158 b0 = gen_ahostop(eaddr, Q_SRC); 6159 b1 = gen_ahostop(eaddr, Q_DST); 6160 gen_and(b0, b1); 6161 return b1; 6162 6163 case Q_DEFAULT: --- 13 unchanged lines hidden (view full) --- 6177struct block * 6178gen_vlan(vlan_num) 6179 int vlan_num; 6180{ 6181 struct block b0; 6182* 6183 /* 6184 * Change the offsets to point to the type and data fields within
5326 * the VLAN packet. This is somewhat of a kludge.	6185 * the VLAN packet. Just increment the offsets, so that we 6186 * can support a hierarchy, e.g. "vlan 300 && vlan 200" to 6187 * capture VLAN 200 encapsulated within VLAN 100. 6188 * 6189 * XXX - this is a bit of a kludge. If we were to split the 6190 * compiler into a parser that parses an expression and 6191 * generates an expression tree, and a code generator that 6192 * takes an expression tree (which could come from our 6193 * parser or from some other parser) and generates BPF code, 6194 * we could perhaps make the offsets parameters of routines 6195 * and, in the handler for an "AND" node, pass to subnodes 6196 * other than the VLAN node the adjusted offsets. 6197 * 6198 * This would mean that "vlan" would, instead of changing the 6199 * behavior of all tests after it, change only the behavior 6200 * of tests ANDed with it. That would change the documented 6201 * semantics of "vlan", which might break some expressions. 6202 * However, it would mean that "(vlan and ip) or ip" would check 6203 * both for VLAN-encapsulated IP and IP-over-Ethernet, rather than 6204 * checking only for VLAN-encapsulated IP, so that could still 6205 * be considered worth doing; it wouldn't break expressions 6206 * that are of the form "vlan and ..." or "vlan N and ...", 6207 * which I suspect are the most common expressions involving 6208 * "vlan". "vlan or ..." doesn't necessarily do what the user 6209 * would really want, now, as all the "or ..." tests would 6210 * be done assuming a VLAN, even though the "or" could be viewed 6211 * as meaning "or, if this isn't a VLAN packet...".
5327 */	6212 */
5328 if (orig_nl == (u_int)-1) { 5329 orig_linktype = off_linktype; /* save original values / 5330* orig_nl = off_nl; 5331 orig_nl_nosnap = off_nl_nosnap;	6213 orig_linktype = off_linktype; /* save original values / 6214* orig_nl = off_nl;
5332	6215
5333 switch (linktype) {	6216 switch (linktype) {
5334	6217
5335 case DLT_EN10MB: 5336 off_linktype = 16; 5337 off_nl_nosnap = 18; 5338 off_nl = 18; 5339 break;	6218 case DLT_EN10MB: 6219 off_linktype += 4; 6220 off_nl_nosnap += 4; 6221 off_nl += 4; 6222 break;
5340	6223
5341 default: 5342 bpf_error("no VLAN support for data link type %d", 5343 linktype); 5344 /NOTREACHED/ 5345 } 5346 }	6224 default: 6225 bpf_error("no VLAN support for data link type %d", 6226 linktype); 6227 /NOTREACHED/ 6228 }
5347 5348 /* check for VLAN */	6229 6230 /* check for VLAN */
5349 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q);	6231 b0 = gen_cmp(OR_LINK, orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q);
5350 5351 /* If a specific VLAN is requested, check VLAN id / 5352* if (vlan_num >= 0) { 5353 struct block b1; 5354*	6232 6233 /* If a specific VLAN is requested, check VLAN id / 6234* if (vlan_num >= 0) { 6235 struct block b1; 6236*
5355 b1 = gen_mcmp(orig_nl, BPF_H, (bpf_int32)vlan_num, 0x0fff);	6237 b1 = gen_mcmp(OR_LINK, orig_nl, BPF_H, (bpf_int32)vlan_num, 6238 0x0fff);
5356 gen_and(b0, b1); 5357 b0 = b1; 5358 } 5359 5360 return (b0); 5361} 5362 5363/* 5364 * support for MPLS 5365 / 5366struct block 5367gen_mpls(label_num) 5368 int label_num; 5369{ 5370 struct block b0; 5371* 5372 /* 5373 * Change the offsets to point to the type and data fields within	6239 gen_and(b0, b1); 6240 b0 = b1; 6241 } 6242 6243 return (b0); 6244} 6245 6246/* 6247 * support for MPLS 6248 / 6249struct block 6250gen_mpls(label_num) 6251 int label_num; 6252{ 6253 struct block b0; 6254* 6255 /* 6256 * Change the offsets to point to the type and data fields within
5374 * the MPLS packet. This is somewhat of a kludge.	6257 * the MPLS packet. Just increment the offsets, so that we 6258 * can support a hierarchy, e.g. "mpls 100000 && mpls 1024" to 6259 * capture packets with an outer label of 100000 and an inner 6260 * label of 1024. 6261 * 6262 * XXX - this is a bit of a kludge. See comments in gen_vlan().
5375 */	6263 */
5376 if (orig_nl == (u_int)-1) { 5377 orig_linktype = off_linktype; /* save original values / 5378* orig_nl = off_nl; 5379 orig_nl_nosnap = off_nl_nosnap;	6264 orig_linktype = off_linktype; /* save original values / 6265* orig_nl = off_nl;
5380	6266
5381 switch (linktype) {	6267 switch (linktype) { 6268 6269 case DLT_C_HDLC: /* fall through / 6270* case DLT_EN10MB: 6271 off_nl_nosnap += 4; 6272 off_nl += 4; 6273 6274 b0 = gen_cmp(OR_LINK, orig_linktype, BPF_H, 6275 (bpf_int32)ETHERTYPE_MPLS); 6276 break;
5382	6277
5383 case DLT_EN10MB: 5384 off_linktype = 16; 5385 off_nl_nosnap = 18; 5386 off_nl = 18;	6278 case DLT_PPP: 6279 off_nl_nosnap += 4; 6280 off_nl += 4;
5387	6281
5388 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_MPLS); 5389 break;	6282 b0 = gen_cmp(OR_LINK, orig_linktype, BPF_H, 6283 (bpf_int32)PPP_MPLS_UCAST); 6284 break;
5390	6285
5391 case DLT_PPP: 5392 off_linktype = 6; 5393 off_nl_nosnap = 8; 5394 off_nl = 8;	6286 /* FIXME add other DLT_s ... 6287 * for Frame-Relay/and ATM this may get messy due to SNAP headers 6288 * leave it for now */
5395	6289
5396 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)PPP_MPLS_UCAST); 5397 break;	6290 default: 6291 bpf_error("no MPLS support for data link type %d", 6292 linktype); 6293 b0 = NULL; 6294 /NOTREACHED/ 6295 break; 6296 }
5398	6297
5399 case DLT_C_HDLC: 5400 off_linktype = 6; 5401 off_nl_nosnap = 8; 5402 off_nl = 8; 5403 5404 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_MPLS); 5405 break; 5406 5407 /* FIXME add other DLT_s ... 5408 * for Frame-Relay/and ATM this may get messy due to SNAP headers 5409 * leave it for now / 5410* 5411 default: 5412 bpf_error("no MPLS support for data link type %d", 5413 linktype); 5414 b0 = NULL; 5415 /NOTREACHED/ 5416 } 5417 } else { 5418 bpf_error("'mpls' can't be combined with 'vlan' or another 'mpls'"); 5419 b0 = NULL; 5420 /NOTREACHED/ 5421 } 5422
5423 /* If a specific MPLS label is requested, check it / 5424* if (label_num >= 0) { 5425 struct block b1; 5426* 5427 label_num = label_num << 12; /* label is shifted 12 bits on the wire */	6298 /* If a specific MPLS label is requested, check it / 6299* if (label_num >= 0) { 6300 struct block b1; 6301* 6302 label_num = label_num << 12; /* label is shifted 12 bits on the wire */
5428 b1 = gen_mcmp(orig_nl, BPF_W, (bpf_int32)label_num, 0xfffff000); /* only compare the first 20 bits */	6303 b1 = gen_mcmp(OR_LINK, orig_nl, BPF_W, (bpf_int32)label_num, 6304 0xfffff000); /* only compare the first 20 bits */
5429 gen_and(b0, b1); 5430 b0 = b1; 5431 } 5432 5433 return (b0); 5434} 5435 5436struct block * 5437gen_atmfield_code(atmfield, jvalue, jtype, reverse) 5438 int atmfield;	6305 gen_and(b0, b1); 6306 b0 = b1; 6307 } 6308 6309 return (b0); 6310} 6311 6312struct block * 6313gen_atmfield_code(atmfield, jvalue, jtype, reverse) 6314 int atmfield;
5439 bpf_u_int32 jvalue;	6315 bpf_int32 jvalue;
5440 bpf_u_int32 jtype; 5441 int reverse; 5442{ 5443 struct block b0; 5444* 5445 switch (atmfield) { 5446 5447 case A_VPI: 5448 if (!is_atm) 5449 bpf_error("'vpi' supported only on raw ATM"); 5450 if (off_vpi == (u_int)-1) 5451 abort();	6316 bpf_u_int32 jtype; 6317 int reverse; 6318{ 6319 struct block b0; 6320* 6321 switch (atmfield) { 6322 6323 case A_VPI: 6324 if (!is_atm) 6325 bpf_error("'vpi' supported only on raw ATM"); 6326 if (off_vpi == (u_int)-1) 6327 abort();
5452 b0 = gen_ncmp(BPF_B, off_vpi, 0xffffffff, (u_int)jtype, 5453 (u_int)jvalue, reverse);	6328 b0 = gen_ncmp(OR_LINK, off_vpi, BPF_B, 0xffffffff, jtype, 6329 reverse, jvalue);
5454 break; 5455 5456 case A_VCI: 5457 if (!is_atm) 5458 bpf_error("'vci' supported only on raw ATM"); 5459 if (off_vci == (u_int)-1) 5460 abort();	6330 break; 6331 6332 case A_VCI: 6333 if (!is_atm) 6334 bpf_error("'vci' supported only on raw ATM"); 6335 if (off_vci == (u_int)-1) 6336 abort();
5461 b0 = gen_ncmp(BPF_H, off_vci, 0xffffffff, (u_int)jtype, 5462 (u_int)jvalue, reverse);	6337 b0 = gen_ncmp(OR_LINK, off_vci, BPF_H, 0xffffffff, jtype, 6338 reverse, jvalue);
5463 break; 5464 5465 case A_PROTOTYPE: 5466 if (off_proto == (u_int)-1) 5467 abort(); /* XXX - this isn't on FreeBSD */	6339 break; 6340 6341 case A_PROTOTYPE: 6342 if (off_proto == (u_int)-1) 6343 abort(); /* XXX - this isn't on FreeBSD */
5468 b0 = gen_ncmp(BPF_B, off_proto, 0x0f, (u_int)jtype, 5469 (u_int)jvalue, reverse);	6344 b0 = gen_ncmp(OR_LINK, off_proto, BPF_B, 0x0f, jtype, 6345 reverse, jvalue);
5470 break; 5471 5472 case A_MSGTYPE: 5473 if (off_payload == (u_int)-1) 5474 abort();	6346 break; 6347 6348 case A_MSGTYPE: 6349 if (off_payload == (u_int)-1) 6350 abort();
5475 b0 = gen_ncmp(BPF_B, off_payload + MSG_TYPE_POS, 0xffffffff, 5476 (u_int)jtype, (u_int)jvalue, reverse);	6351 b0 = gen_ncmp(OR_LINK, off_payload + MSG_TYPE_POS, BPF_B, 6352 0xffffffff, jtype, reverse, jvalue);
5477 break; 5478 5479 case A_CALLREFTYPE: 5480 if (!is_atm) 5481 bpf_error("'callref' supported only on raw ATM"); 5482 if (off_proto == (u_int)-1) 5483 abort();	6353 break; 6354 6355 case A_CALLREFTYPE: 6356 if (!is_atm) 6357 bpf_error("'callref' supported only on raw ATM"); 6358 if (off_proto == (u_int)-1) 6359 abort();
5484 b0 = gen_ncmp(BPF_B, off_proto, 0xffffffff, (u_int)jtype, 5485 (u_int)jvalue, reverse);	6360 b0 = gen_ncmp(OR_LINK, off_proto, BPF_B, 0xffffffff, 6361 jtype, reverse, jvalue);
5486 break; 5487 5488 default: 5489 abort(); 5490 } 5491 return b0; 5492} 5493 --- 93 unchanged lines hidden (view full) --- 5587 break; 5588 5589 default: 5590 abort(); 5591 } 5592 return b1; 5593} 5594	6362 break; 6363 6364 default: 6365 abort(); 6366 } 6367 return b0; 6368} 6369 --- 93 unchanged lines hidden (view full) --- 6463 break; 6464 6465 default: 6466 abort(); 6467 } 6468 return b1; 6469} 6470
	6471struct block * 6472gen_mtp3field_code(mtp3field, jvalue, jtype, reverse) 6473 int mtp3field; 6474 bpf_u_int32 jvalue; 6475 bpf_u_int32 jtype; 6476 int reverse; 6477{ 6478 struct block b0; 6479* bpf_u_int32 val1 , val2 , val3;
5595	6480
	6481 switch (mtp3field) { 6482 6483 case M_SIO: 6484 if (off_sio == (u_int)-1) 6485 bpf_error("'sio' supported only on SS7"); 6486 /* sio coded on 1 byte so max value 255 / 6487* if(jvalue > 255) 6488 bpf_error("sio value %u too big; max value = 255", 6489 jvalue); 6490 b0 = gen_ncmp(OR_PACKET, off_sio, BPF_B, 0xffffffff, 6491 (u_int)jtype, reverse, (u_int)jvalue); 6492 break; 6493 6494 case M_OPC: 6495 if (off_opc == (u_int)-1) 6496 bpf_error("'opc' supported only on SS7"); 6497 /* opc coded on 14 bits so max value 16383 / 6498* if (jvalue > 16383) 6499 bpf_error("opc value %u too big; max value = 16383", 6500 jvalue); 6501 /* the following instructions are made to convert jvalue 6502 * to the form used to write opc in an ss7 message/ 6503* val1 = jvalue & 0x00003c00; 6504 val1 = val1 >>10; 6505 val2 = jvalue & 0x000003fc; 6506 val2 = val2 <<6; 6507 val3 = jvalue & 0x00000003; 6508 val3 = val3 <<22; 6509 jvalue = val1 + val2 + val3; 6510 b0 = gen_ncmp(OR_PACKET, off_opc, BPF_W, 0x00c0ff0f, 6511 (u_int)jtype, reverse, (u_int)jvalue); 6512 break; 6513 6514 case M_DPC: 6515 if (off_dpc == (u_int)-1) 6516 bpf_error("'dpc' supported only on SS7"); 6517 /* dpc coded on 14 bits so max value 16383 / 6518* if (jvalue > 16383) 6519 bpf_error("dpc value %u too big; max value = 16383", 6520 jvalue); 6521 /* the following instructions are made to convert jvalue 6522 * to the forme used to write dpc in an ss7 message/ 6523* val1 = jvalue & 0x000000ff; 6524 val1 = val1 << 24; 6525 val2 = jvalue & 0x00003f00; 6526 val2 = val2 << 8; 6527 jvalue = val1 + val2; 6528 b0 = gen_ncmp(OR_PACKET, off_dpc, BPF_W, 0xff3f0000, 6529 (u_int)jtype, reverse, (u_int)jvalue); 6530 break; 6531 6532 case M_SLS: 6533 if (off_sls == (u_int)-1) 6534 bpf_error("'sls' supported only on SS7"); 6535 /* sls coded on 4 bits so max value 15 / 6536* if (jvalue > 15) 6537 bpf_error("sls value %u too big; max value = 15", 6538 jvalue); 6539 /* the following instruction is made to convert jvalue 6540 * to the forme used to write sls in an ss7 message/ 6541* jvalue = jvalue << 4; 6542 b0 = gen_ncmp(OR_PACKET, off_sls, BPF_B, 0xf0, 6543 (u_int)jtype,reverse, (u_int)jvalue); 6544 break; 6545 6546 default: 6547 abort(); 6548 } 6549 return b0; 6550} 6551
5596static struct block * 5597gen_msg_abbrev(type) 5598 int type; 5599{ 5600 struct block b1; 5601* 5602 /* 5603 * Q.2931 signalling protocol messages for handling virtual circuits --- 102 unchanged lines hidden ---	6552static struct block * 6553gen_msg_abbrev(type) 6554 int type; 6555{ 6556 struct block b1; 6557* 6558 /* 6559 * Q.2931 signalling protocol messages for handling virtual circuits --- 102 unchanged lines hidden ---