| gencode.c (235426) | gencode.c (241231) |
|---|---|
| 1/*#define CHASE_CHAIN*/ 2/* 3 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998 4 * The Regents of the University of California. All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that: (1) source code distributions 8 * retain the above copyright notice and this paragraph in its entirety, (2) --- 5 unchanged lines hidden (view full) --- 14 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 15 * the University nor the names of its contributors may be used to endorse 16 * or promote products derived from this software without specific prior 17 * written permission. 18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 19 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 20 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 21 * | 1/*#define CHASE_CHAIN*/ 2/* 3 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998 4 * The Regents of the University of California. All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that: (1) source code distributions 8 * retain the above copyright notice and this paragraph in its entirety, (2) --- 5 unchanged lines hidden (view full) --- 14 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 15 * the University nor the names of its contributors may be used to endorse 16 * or promote products derived from this software without specific prior 17 * written permission. 18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 19 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 20 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 21 * |
| 22 * $FreeBSD: head/contrib/libpcap/gencode.c 235426 2012-05-14 05:12:56Z delphij $ | 22 * $FreeBSD: head/contrib/libpcap/gencode.c 241231 2012-10-05 18:42:50Z delphij $ |
| 23 */ 24#ifndef lint 25static const char rcsid[] _U_ = 26 "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.309 2008-12-23 20:13:29 guy Exp $ (LBL)"; 27#endif 28 29#ifdef HAVE_CONFIG_H 30#include "config.h" --- 50 unchanged lines hidden (view full) --- 81#include "gencode.h" 82#include "ieee80211.h" 83#include "atmuni31.h" 84#include "sunatmpos.h" 85#include "ppp.h" 86#include "pcap/sll.h" 87#include "pcap/ipnet.h" 88#include "arcnet.h" | 23 */ 24#ifndef lint 25static const char rcsid[] _U_ = 26 "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.309 2008-12-23 20:13:29 guy Exp $ (LBL)"; 27#endif 28 29#ifdef HAVE_CONFIG_H 30#include "config.h" --- 50 unchanged lines hidden (view full) --- 81#include "gencode.h" 82#include "ieee80211.h" 83#include "atmuni31.h" 84#include "sunatmpos.h" 85#include "ppp.h" 86#include "pcap/sll.h" 87#include "pcap/ipnet.h" 88#include "arcnet.h" |
| 89#if defined(PF_PACKET) && defined(SO_ATTACH_FILTER) 90#include <linux/types.h> 91#include <linux/if_packet.h> 92#include <linux/filter.h> 93#endif |
|
| 89#ifdef HAVE_NET_PFVAR_H 90#include <sys/socket.h> 91#include <net/if.h> 92#include <net/pfvar.h> 93#include <net/if_pflog.h> 94#endif 95#ifndef offsetof 96#define offsetof(s, e) ((size_t)&((s *)0)->e) --- 318 unchanged lines hidden (view full) --- 415#else /* WIN32 */ 416int 417pcap_compile(pcap_t *p, struct bpf_program *program, 418 const char *buf, int optimize, bpf_u_int32 mask) 419#endif /* WIN32 */ 420{ 421 extern int n_errors; 422 const char * volatile xbuf = buf; | 94#ifdef HAVE_NET_PFVAR_H 95#include <sys/socket.h> 96#include <net/if.h> 97#include <net/pfvar.h> 98#include <net/if_pflog.h> 99#endif 100#ifndef offsetof 101#define offsetof(s, e) ((size_t)&((s *)0)->e) --- 318 unchanged lines hidden (view full) --- 420#else /* WIN32 */ 421int 422pcap_compile(pcap_t *p, struct bpf_program *program, 423 const char *buf, int optimize, bpf_u_int32 mask) 424#endif /* WIN32 */ 425{ 426 extern int n_errors; 427 const char * volatile xbuf = buf; |
| 423 int len; | 428 u_int len; |
| 424 425 no_optimize = 0; 426 n_errors = 0; 427 root = NULL; 428 bpf_pcap = p; 429 init_regs(); 430 if (setjmp(top_ctx)) { 431#ifdef INET6 --- 958 unchanged lines hidden (view full) --- 1390 off_dpc = 24; 1391 off_sls = 27; 1392 off_linktype = -1; 1393 off_macpl = -1; 1394 off_nl = -1; 1395 off_nl_nosnap = -1; 1396 return; 1397 | 429 430 no_optimize = 0; 431 n_errors = 0; 432 root = NULL; 433 bpf_pcap = p; 434 init_regs(); 435 if (setjmp(top_ctx)) { 436#ifdef INET6 --- 958 unchanged lines hidden (view full) --- 1395 off_dpc = 24; 1396 off_sls = 27; 1397 off_linktype = -1; 1398 off_macpl = -1; 1399 off_nl = -1; 1400 off_nl_nosnap = -1; 1401 return; 1402 |
| 1398#ifdef DLT_PFSYNC | |
| 1399 case DLT_PFSYNC: 1400 off_linktype = -1; 1401 off_macpl = 4; 1402 off_nl = 0; 1403 off_nl_nosnap = 0; 1404 return; | 1403 case DLT_PFSYNC: 1404 off_linktype = -1; 1405 off_macpl = 4; 1406 off_nl = 0; 1407 off_nl_nosnap = 0; 1408 return; |
| 1405#endif | |
| 1406 1407 case DLT_AX25_KISS: 1408 /* 1409 * Currently, only raw "link[N:M]" filtering is supported. 1410 */ 1411 off_linktype = -1; /* variable, min 15, max 71 steps of 7 */ 1412 off_macpl = -1; 1413 off_nl = -1; /* variable, min 16, max 71 steps of 7 */ --- 1939 unchanged lines hidden (view full) --- 3353 3354 case DLT_MTP2: 3355 case DLT_MTP2_WITH_PHDR: 3356 bpf_error("MTP2 link-layer type filtering not implemented"); 3357 3358 case DLT_ERF: 3359 bpf_error("ERF link-layer type filtering not implemented"); 3360 | 1409 1410 case DLT_AX25_KISS: 1411 /* 1412 * Currently, only raw "link[N:M]" filtering is supported. 1413 */ 1414 off_linktype = -1; /* variable, min 15, max 71 steps of 7 */ 1415 off_macpl = -1; 1416 off_nl = -1; /* variable, min 16, max 71 steps of 7 */ --- 1939 unchanged lines hidden (view full) --- 3356 3357 case DLT_MTP2: 3358 case DLT_MTP2_WITH_PHDR: 3359 bpf_error("MTP2 link-layer type filtering not implemented"); 3360 3361 case DLT_ERF: 3362 bpf_error("ERF link-layer type filtering not implemented"); 3363 |
| 3361#ifdef DLT_PFSYNC | |
| 3362 case DLT_PFSYNC: 3363 bpf_error("PFSYNC link-layer type filtering not implemented"); | 3364 case DLT_PFSYNC: 3365 bpf_error("PFSYNC link-layer type filtering not implemented"); |
| 3364#endif | |
| 3365 3366 case DLT_LINUX_LAPD: 3367 bpf_error("LAPD link-layer type filtering not implemented"); 3368 3369 case DLT_USB: 3370 case DLT_USB_LINUX: 3371 case DLT_USB_LINUX_MMAPPED: 3372 bpf_error("USB link-layer type filtering not implemented"); --- 2443 unchanged lines hidden (view full) --- 5816 */ 5817static struct block * 5818gen_proto(v, proto, dir) 5819 int v; 5820 int proto; 5821 int dir; 5822{ 5823 struct block *b0, *b1; | 3366 3367 case DLT_LINUX_LAPD: 3368 bpf_error("LAPD link-layer type filtering not implemented"); 3369 3370 case DLT_USB: 3371 case DLT_USB_LINUX: 3372 case DLT_USB_LINUX_MMAPPED: 3373 bpf_error("USB link-layer type filtering not implemented"); --- 2443 unchanged lines hidden (view full) --- 5817 */ 5818static struct block * 5819gen_proto(v, proto, dir) 5820 int v; 5821 int proto; 5822 int dir; 5823{ 5824 struct block *b0, *b1; |
| 5825#ifdef INET6 5826#ifndef CHASE_CHAIN 5827 struct block *b2; 5828#endif 5829#endif |
|
| 5824 5825 if (dir != Q_DEFAULT) 5826 bpf_error("direction applied to 'proto'"); 5827 5828 switch (proto) { 5829 case Q_DEFAULT: 5830#ifdef INET6 5831 b0 = gen_proto(v, Q_IP, dir); --- 152 unchanged lines hidden (view full) --- 5984 case Q_CARP: 5985 bpf_error("'carp proto' is bogus"); 5986 /* NOTREACHED */ 5987 5988#ifdef INET6 5989 case Q_IPV6: 5990 b0 = gen_linktype(ETHERTYPE_IPV6); 5991#ifndef CHASE_CHAIN | 5830 5831 if (dir != Q_DEFAULT) 5832 bpf_error("direction applied to 'proto'"); 5833 5834 switch (proto) { 5835 case Q_DEFAULT: 5836#ifdef INET6 5837 b0 = gen_proto(v, Q_IP, dir); --- 152 unchanged lines hidden (view full) --- 5990 case Q_CARP: 5991 bpf_error("'carp proto' is bogus"); 5992 /* NOTREACHED */ 5993 5994#ifdef INET6 5995 case Q_IPV6: 5996 b0 = gen_linktype(ETHERTYPE_IPV6); 5997#ifndef CHASE_CHAIN |
| 5992 b1 = gen_cmp(OR_NET, 6, BPF_B, (bpf_int32)v); | 5998 /* 5999 * Also check for a fragment header before the final 6000 * header. 6001 */ 6002 b2 = gen_cmp(OR_NET, 6, BPF_B, IPPROTO_FRAGMENT); 6003 b1 = gen_cmp(OR_NET, 40, BPF_B, (bpf_int32)v); 6004 gen_and(b2, b1); 6005 b2 = gen_cmp(OR_NET, 6, BPF_B, (bpf_int32)v); 6006 gen_or(b2, b1); |
| 5993#else 5994 b1 = gen_protochain(v, Q_IPV6); 5995#endif 5996 gen_and(b0, b1); 5997 return b1; 5998 5999 case Q_ICMPV6: 6000 bpf_error("'icmp6 proto' is bogus"); --- 1464 unchanged lines hidden (view full) --- 7465#endif /* INET6 */ 7466 } 7467 bpf_error("link-layer multicast filters supported only on ethernet/FDDI/token ring/ARCNET/802.11/ATM LANE/Fibre Channel"); 7468 /* NOTREACHED */ 7469 return NULL; 7470} 7471 7472/* | 6007#else 6008 b1 = gen_protochain(v, Q_IPV6); 6009#endif 6010 gen_and(b0, b1); 6011 return b1; 6012 6013 case Q_ICMPV6: 6014 bpf_error("'icmp6 proto' is bogus"); --- 1464 unchanged lines hidden (view full) --- 7479#endif /* INET6 */ 7480 } 7481 bpf_error("link-layer multicast filters supported only on ethernet/FDDI/token ring/ARCNET/802.11/ATM LANE/Fibre Channel"); 7482 /* NOTREACHED */ 7483 return NULL; 7484} 7485 7486/* |
| 7473 * generate command for inbound/outbound. It's here so we can 7474 * make it link-type specific. 'dir' = 0 implies "inbound", 7475 * = 1 implies "outbound". | 7487 * Filter on inbound (dir == 0) or outbound (dir == 1) traffic. 7488 * Outbound traffic is sent by this machine, while inbound traffic is 7489 * sent by a remote machine (and may include packets destined for a 7490 * unicast or multicast link-layer address we are not subscribing to). 7491 * These are the same definitions implemented by pcap_setdirection(). 7492 * Capturing only unicast traffic destined for this host is probably 7493 * better accomplished using a higher-layer filter. |
| 7476 */ 7477struct block * 7478gen_inbound(dir) 7479 int dir; 7480{ 7481 register struct block *b0; 7482 7483 /* --- 13 unchanged lines hidden (view full) --- 7497 b0 = gen_cmp(OR_LINK, 2, BPF_H, IPNET_OUTBOUND); 7498 } else { 7499 /* match incoming packets */ 7500 b0 = gen_cmp(OR_LINK, 2, BPF_H, IPNET_INBOUND); 7501 } 7502 break; 7503 7504 case DLT_LINUX_SLL: | 7494 */ 7495struct block * 7496gen_inbound(dir) 7497 int dir; 7498{ 7499 register struct block *b0; 7500 7501 /* --- 13 unchanged lines hidden (view full) --- 7515 b0 = gen_cmp(OR_LINK, 2, BPF_H, IPNET_OUTBOUND); 7516 } else { 7517 /* match incoming packets */ 7518 b0 = gen_cmp(OR_LINK, 2, BPF_H, IPNET_INBOUND); 7519 } 7520 break; 7521 7522 case DLT_LINUX_SLL: |
| 7505 if (dir) { 7506 /* 7507 * Match packets sent by this machine. 7508 */ 7509 b0 = gen_cmp(OR_LINK, 0, BPF_H, LINUX_SLL_OUTGOING); 7510 } else { 7511 /* 7512 * Match packets sent to this machine. 7513 * (No broadcast or multicast packets, or 7514 * packets sent to some other machine and 7515 * received promiscuously.) 7516 * 7517 * XXX - packets sent to other machines probably 7518 * shouldn't be matched, but what about broadcast 7519 * or multicast packets we received? 7520 */ 7521 b0 = gen_cmp(OR_LINK, 0, BPF_H, LINUX_SLL_HOST); | 7523 /* match outgoing packets */ 7524 b0 = gen_cmp(OR_LINK, 0, BPF_H, LINUX_SLL_OUTGOING); 7525 if (!dir) { 7526 /* to filter on inbound traffic, invert the match */ 7527 gen_not(b0); |
| 7522 } 7523 break; 7524 7525#ifdef HAVE_NET_PFVAR_H 7526 case DLT_PFLOG: 7527 b0 = gen_cmp(OR_LINK, offsetof(struct pfloghdr, dir), BPF_B, 7528 (bpf_int32)((dir == 0) ? PF_IN : PF_OUT)); 7529 break; --- 39 unchanged lines hidden (view full) --- 7569 b0 = gen_mcmp(OR_LINK, 3, BPF_B, 0, 0x01); 7570 } else { 7571 /* match incoming packets */ 7572 b0 = gen_mcmp(OR_LINK, 3, BPF_B, 1, 0x01); 7573 } 7574 break; 7575 7576 default: | 7528 } 7529 break; 7530 7531#ifdef HAVE_NET_PFVAR_H 7532 case DLT_PFLOG: 7533 b0 = gen_cmp(OR_LINK, offsetof(struct pfloghdr, dir), BPF_B, 7534 (bpf_int32)((dir == 0) ? PF_IN : PF_OUT)); 7535 break; --- 39 unchanged lines hidden (view full) --- 7575 b0 = gen_mcmp(OR_LINK, 3, BPF_B, 0, 0x01); 7576 } else { 7577 /* match incoming packets */ 7578 b0 = gen_mcmp(OR_LINK, 3, BPF_B, 1, 0x01); 7579 } 7580 break; 7581 7582 default: |
| 7583 /* 7584 * If we have packet meta-data indicating a direction, 7585 * check it, otherwise give up as this link-layer type 7586 * has nothing in the packet data. 7587 */ 7588#if defined(PF_PACKET) && defined(SO_ATTACH_FILTER) 7589 /* 7590 * We infer that this is Linux with PF_PACKET support. 7591 * If this is a *live* capture, we can look at 7592 * special meta-data in the filter expression; 7593 * if it's a savefile, we can't. 7594 */ 7595 if (bpf_pcap->sf.rfile != NULL) { 7596 /* We have a FILE *, so this is a savefile */ 7597 bpf_error("inbound/outbound not supported on linktype %d when reading savefiles", 7598 linktype); 7599 b0 = NULL; 7600 /* NOTREACHED */ 7601 } 7602 /* match outgoing packets */ 7603 b0 = gen_cmp(OR_LINK, SKF_AD_OFF + SKF_AD_PKTTYPE, BPF_H, 7604 PACKET_OUTGOING); 7605 if (!dir) { 7606 /* to filter on inbound traffic, invert the match */ 7607 gen_not(b0); 7608 } 7609#else /* defined(PF_PACKET) && defined(SO_ATTACH_FILTER) */ |
|
| 7577 bpf_error("inbound/outbound not supported on linktype %d", 7578 linktype); 7579 b0 = NULL; 7580 /* NOTREACHED */ | 7610 bpf_error("inbound/outbound not supported on linktype %d", 7611 linktype); 7612 b0 = NULL; 7613 /* NOTREACHED */ |
| 7614#endif /* defined(PF_PACKET) && defined(SO_ATTACH_FILTER) */ |
|
| 7581 } 7582 return (b0); 7583} 7584 7585#ifdef HAVE_NET_PFVAR_H 7586/* PF firewall log matched interface */ 7587struct block * 7588gen_pf_ifname(const char *ifname) --- 915 unchanged lines hidden --- | 7615 } 7616 return (b0); 7617} 7618 7619#ifdef HAVE_NET_PFVAR_H 7620/* PF firewall log matched interface */ 7621struct block * 7622gen_pf_ifname(const char *ifname) --- 915 unchanged lines hidden --- |