| 1/*#define CHASE_CHAIN*/ 2/* 3 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998 4 * The Regents of the University of California. All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that: (1) source code distributions 8 * retain the above copyright notice and this paragraph in its entirety, (2) --- 5 unchanged lines hidden (view full) --- 14 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 15 * the University nor the names of its contributors may be used to endorse 16 * or promote products derived from this software without specific prior 17 * written permission. 18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 19 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 20 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 21 * |
| 22 * $FreeBSD: head/contrib/libpcap/gencode.c 241231 2012-10-05 18:42:50Z delphij $ |
| 23 */ 24#ifndef lint 25static const char rcsid[] _U_ = 26 "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.309 2008-12-23 20:13:29 guy Exp $ (LBL)"; 27#endif 28 29#ifdef HAVE_CONFIG_H 30#include "config.h" --- 50 unchanged lines hidden (view full) --- 81#include "gencode.h" 82#include "ieee80211.h" 83#include "atmuni31.h" 84#include "sunatmpos.h" 85#include "ppp.h" 86#include "pcap/sll.h" 87#include "pcap/ipnet.h" 88#include "arcnet.h" |
| 89#if defined(PF_PACKET) && defined(SO_ATTACH_FILTER) 90#include <linux/types.h> 91#include <linux/if_packet.h> 92#include <linux/filter.h> 93#endif |
| 94#ifdef HAVE_NET_PFVAR_H 95#include <sys/socket.h> 96#include <net/if.h> 97#include <net/pfvar.h> 98#include <net/if_pflog.h> 99#endif 100#ifndef offsetof 101#define offsetof(s, e) ((size_t)&((s *)0)->e) --- 318 unchanged lines hidden (view full) --- 420#else /* WIN32 */ 421int 422pcap_compile(pcap_t *p, struct bpf_program *program, 423 const char *buf, int optimize, bpf_u_int32 mask) 424#endif /* WIN32 */ 425{ 426 extern int n_errors; 427 const char * volatile xbuf = buf; |
| 428 u_int len; |
| 429 430 no_optimize = 0; 431 n_errors = 0; 432 root = NULL; 433 bpf_pcap = p; 434 init_regs(); 435 if (setjmp(top_ctx)) { 436#ifdef INET6 --- 958 unchanged lines hidden (view full) --- 1395 off_dpc = 24; 1396 off_sls = 27; 1397 off_linktype = -1; 1398 off_macpl = -1; 1399 off_nl = -1; 1400 off_nl_nosnap = -1; 1401 return; 1402 |
| 1403 case DLT_PFSYNC: 1404 off_linktype = -1; 1405 off_macpl = 4; 1406 off_nl = 0; 1407 off_nl_nosnap = 0; 1408 return; |
| 1409 1410 case DLT_AX25_KISS: 1411 /* 1412 * Currently, only raw "link[N:M]" filtering is supported. 1413 */ 1414 off_linktype = -1; /* variable, min 15, max 71 steps of 7 */ 1415 off_macpl = -1; 1416 off_nl = -1; /* variable, min 16, max 71 steps of 7 */ --- 1939 unchanged lines hidden (view full) --- 3356 3357 case DLT_MTP2: 3358 case DLT_MTP2_WITH_PHDR: 3359 bpf_error("MTP2 link-layer type filtering not implemented"); 3360 3361 case DLT_ERF: 3362 bpf_error("ERF link-layer type filtering not implemented"); 3363 |
| 3364 case DLT_PFSYNC: 3365 bpf_error("PFSYNC link-layer type filtering not implemented"); |
| 3366 3367 case DLT_LINUX_LAPD: 3368 bpf_error("LAPD link-layer type filtering not implemented"); 3369 3370 case DLT_USB: 3371 case DLT_USB_LINUX: 3372 case DLT_USB_LINUX_MMAPPED: 3373 bpf_error("USB link-layer type filtering not implemented"); --- 2443 unchanged lines hidden (view full) --- 5817 */ 5818static struct block * 5819gen_proto(v, proto, dir) 5820 int v; 5821 int proto; 5822 int dir; 5823{ 5824 struct block *b0, *b1; |
| 5825#ifdef INET6 5826#ifndef CHASE_CHAIN 5827 struct block *b2; 5828#endif 5829#endif |
| 5830 5831 if (dir != Q_DEFAULT) 5832 bpf_error("direction applied to 'proto'"); 5833 5834 switch (proto) { 5835 case Q_DEFAULT: 5836#ifdef INET6 5837 b0 = gen_proto(v, Q_IP, dir); --- 152 unchanged lines hidden (view full) --- 5990 case Q_CARP: 5991 bpf_error("'carp proto' is bogus"); 5992 /* NOTREACHED */ 5993 5994#ifdef INET6 5995 case Q_IPV6: 5996 b0 = gen_linktype(ETHERTYPE_IPV6); 5997#ifndef CHASE_CHAIN |
| 5998 /* 5999 * Also check for a fragment header before the final 6000 * header. 6001 */ 6002 b2 = gen_cmp(OR_NET, 6, BPF_B, IPPROTO_FRAGMENT); 6003 b1 = gen_cmp(OR_NET, 40, BPF_B, (bpf_int32)v); 6004 gen_and(b2, b1); 6005 b2 = gen_cmp(OR_NET, 6, BPF_B, (bpf_int32)v); 6006 gen_or(b2, b1); |
| 6007#else 6008 b1 = gen_protochain(v, Q_IPV6); 6009#endif 6010 gen_and(b0, b1); 6011 return b1; 6012 6013 case Q_ICMPV6: 6014 bpf_error("'icmp6 proto' is bogus"); --- 1464 unchanged lines hidden (view full) --- 7479#endif /* INET6 */ 7480 } 7481 bpf_error("link-layer multicast filters supported only on ethernet/FDDI/token ring/ARCNET/802.11/ATM LANE/Fibre Channel"); 7482 /* NOTREACHED */ 7483 return NULL; 7484} 7485 7486/* |
| 7487 * Filter on inbound (dir == 0) or outbound (dir == 1) traffic. 7488 * Outbound traffic is sent by this machine, while inbound traffic is 7489 * sent by a remote machine (and may include packets destined for a 7490 * unicast or multicast link-layer address we are not subscribing to). 7491 * These are the same definitions implemented by pcap_setdirection(). 7492 * Capturing only unicast traffic destined for this host is probably 7493 * better accomplished using a higher-layer filter. |
| 7494 */ 7495struct block * 7496gen_inbound(dir) 7497 int dir; 7498{ 7499 register struct block *b0; 7500 7501 /* --- 13 unchanged lines hidden (view full) --- 7515 b0 = gen_cmp(OR_LINK, 2, BPF_H, IPNET_OUTBOUND); 7516 } else { 7517 /* match incoming packets */ 7518 b0 = gen_cmp(OR_LINK, 2, BPF_H, IPNET_INBOUND); 7519 } 7520 break; 7521 7522 case DLT_LINUX_SLL: |
| 7523 /* match outgoing packets */ 7524 b0 = gen_cmp(OR_LINK, 0, BPF_H, LINUX_SLL_OUTGOING); 7525 if (!dir) { 7526 /* to filter on inbound traffic, invert the match */ 7527 gen_not(b0); |
| 7528 } 7529 break; 7530 7531#ifdef HAVE_NET_PFVAR_H 7532 case DLT_PFLOG: 7533 b0 = gen_cmp(OR_LINK, offsetof(struct pfloghdr, dir), BPF_B, 7534 (bpf_int32)((dir == 0) ? PF_IN : PF_OUT)); 7535 break; --- 39 unchanged lines hidden (view full) --- 7575 b0 = gen_mcmp(OR_LINK, 3, BPF_B, 0, 0x01); 7576 } else { 7577 /* match incoming packets */ 7578 b0 = gen_mcmp(OR_LINK, 3, BPF_B, 1, 0x01); 7579 } 7580 break; 7581 7582 default: |
| 7583 /* 7584 * If we have packet meta-data indicating a direction, 7585 * check it, otherwise give up as this link-layer type 7586 * has nothing in the packet data. 7587 */ 7588#if defined(PF_PACKET) && defined(SO_ATTACH_FILTER) 7589 /* 7590 * We infer that this is Linux with PF_PACKET support. 7591 * If this is a *live* capture, we can look at 7592 * special meta-data in the filter expression; 7593 * if it's a savefile, we can't. 7594 */ 7595 if (bpf_pcap->sf.rfile != NULL) { 7596 /* We have a FILE *, so this is a savefile */ 7597 bpf_error("inbound/outbound not supported on linktype %d when reading savefiles", 7598 linktype); 7599 b0 = NULL; 7600 /* NOTREACHED */ 7601 } 7602 /* match outgoing packets */ 7603 b0 = gen_cmp(OR_LINK, SKF_AD_OFF + SKF_AD_PKTTYPE, BPF_H, 7604 PACKET_OUTGOING); 7605 if (!dir) { 7606 /* to filter on inbound traffic, invert the match */ 7607 gen_not(b0); 7608 } 7609#else /* defined(PF_PACKET) && defined(SO_ATTACH_FILTER) */ |
| 7610 bpf_error("inbound/outbound not supported on linktype %d", 7611 linktype); 7612 b0 = NULL; 7613 /* NOTREACHED */ |
| 7614#endif /* defined(PF_PACKET) && defined(SO_ATTACH_FILTER) */ |
| 7615 } 7616 return (b0); 7617} 7618 7619#ifdef HAVE_NET_PFVAR_H 7620/* PF firewall log matched interface */ 7621struct block * 7622gen_pf_ifname(const char *ifname) --- 915 unchanged lines hidden --- |