gencode.c revision 98533
1/*#define CHASE_CHAIN*/ 2/* 3 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998 4 * The Regents of the University of California. All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that: (1) source code distributions 8 * retain the above copyright notice and this paragraph in its entirety, (2) 9 * distributions including binary code include the above copyright notice and 10 * this paragraph in its entirety in the documentation or other materials 11 * provided with the distribution, and (3) all advertising materials mentioning 12 * features or use of this software display the following acknowledgement: 13 * ``This product includes software developed by the University of California, 14 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 15 * the University nor the names of its contributors may be used to endorse 16 * or promote products derived from this software without specific prior 17 * written permission. 18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 19 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 20 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 21 * 22 * $FreeBSD: head/contrib/libpcap/gencode.c 98533 2002-06-21 01:38:14Z fenner $ 23 */ 24#ifndef lint 25static const char rcsid[] = 26 "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.160 2001/11/30 07:25:48 guy Exp $ (LBL)"; 27#endif 28 29#ifdef HAVE_CONFIG_H 30#include "config.h" 31#endif 32 33#include <sys/types.h> 34#include <sys/socket.h> 35#include <sys/time.h> 36#ifdef __NetBSD__ 37#include <sys/param.h> 38#endif 39 40struct mbuf; 41struct rtentry; 42#include <net/if.h> 43 44#include <netinet/in.h> 45 46#include <stdlib.h> 47#include <string.h> 48#include <memory.h> 49#include <setjmp.h> 50#include <stdarg.h> 51 52#include "pcap-int.h" 53 54#include "ethertype.h" 55#include "nlpid.h" 56#include "llc.h" 57#include "gencode.h" 58#include "ppp.h" 59#include "sll.h" 60#include "arcnet.h" 61#include <pcap-namedb.h> 62#ifdef INET6 63#include <netdb.h> 64#include <sys/socket.h> 65#endif /*INET6*/ 66 67#undef ETHERMTU 68#define ETHERMTU 1500 69 70#ifndef IPPROTO_SCTP 71#define IPPROTO_SCTP 132 72#endif 73 74#ifdef HAVE_OS_PROTO_H 75#include "os-proto.h" 76#endif 77 78#define JMP(c) ((c)|BPF_JMP|BPF_K) 79 80/* Locals */ 81static jmp_buf top_ctx; 82static pcap_t *bpf_pcap; 83 84/* Hack for updating VLAN offsets. */ 85static u_int orig_linktype = -1, orig_nl = -1; 86 87/* XXX */ 88#ifdef PCAP_FDDIPAD 89int pcap_fddipad = PCAP_FDDIPAD; 90#else 91int pcap_fddipad; 92#endif 93 94/* VARARGS */ 95void 96bpf_error(const char *fmt, ...) 97 98{ 99 va_list ap; 100 101 va_start(ap, fmt); 102 if (bpf_pcap != NULL) 103 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE, 104 fmt, ap); 105 va_end(ap); 106 longjmp(top_ctx, 1); 107 /* NOTREACHED */ 108} 109 110static void init_linktype(int); 111 112static int alloc_reg(void); 113static void free_reg(int); 114 115static struct block *root; 116 117/* 118 * We divy out chunks of memory rather than call malloc each time so 119 * we don't have to worry about leaking memory. It's probably 120 * not a big deal if all this memory was wasted but it this ever 121 * goes into a library that would probably not be a good idea. 122 */ 123#define NCHUNKS 16 124#define CHUNK0SIZE 1024 125struct chunk { 126 u_int n_left; 127 void *m; 128}; 129 130static struct chunk chunks[NCHUNKS]; 131static int cur_chunk; 132 133static void *newchunk(u_int); 134static void freechunks(void); 135static inline struct block *new_block(int); 136static inline struct slist *new_stmt(int); 137static struct block *gen_retblk(int); 138static inline void syntax(void); 139 140static void backpatch(struct block *, struct block *); 141static void merge(struct block *, struct block *); 142static struct block *gen_cmp(u_int, u_int, bpf_int32); 143static struct block *gen_cmp_gt(u_int, u_int, bpf_int32); 144static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32); 145static struct block *gen_bcmp(u_int, u_int, const u_char *); 146static struct block *gen_uncond(int); 147static inline struct block *gen_true(void); 148static inline struct block *gen_false(void); 149static struct block *gen_linktype(int); 150static struct block *gen_snap(bpf_u_int32, bpf_u_int32, u_int); 151static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int); 152#ifdef INET6 153static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int); 154#endif 155static struct block *gen_ahostop(const u_char *, int); 156static struct block *gen_ehostop(const u_char *, int); 157static struct block *gen_fhostop(const u_char *, int); 158static struct block *gen_thostop(const u_char *, int); 159static struct block *gen_dnhostop(bpf_u_int32, int, u_int); 160static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int); 161#ifdef INET6 162static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int); 163#endif 164#ifndef INET6 165static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int); 166#endif 167static struct block *gen_ipfrag(void); 168static struct block *gen_portatom(int, bpf_int32); 169#ifdef INET6 170static struct block *gen_portatom6(int, bpf_int32); 171#endif 172struct block *gen_portop(int, int, int); 173static struct block *gen_port(int, int, int); 174#ifdef INET6 175struct block *gen_portop6(int, int, int); 176static struct block *gen_port6(int, int, int); 177#endif 178static int lookup_proto(const char *, int); 179static struct block *gen_protochain(int, int, int); 180static struct block *gen_proto(int, int, int); 181static struct slist *xfer_to_x(struct arth *); 182static struct slist *xfer_to_a(struct arth *); 183static struct block *gen_len(int, int); 184 185static void * 186newchunk(n) 187 u_int n; 188{ 189 struct chunk *cp; 190 int k, size; 191 192#ifndef __NetBSD__ 193 /* XXX Round up to nearest long. */ 194 n = (n + sizeof(long) - 1) & ~(sizeof(long) - 1); 195#else 196 /* XXX Round up to structure boundary. */ 197 n = ALIGN(n); 198#endif 199 200 cp = &chunks[cur_chunk]; 201 if (n > cp->n_left) { 202 ++cp, k = ++cur_chunk; 203 if (k >= NCHUNKS) 204 bpf_error("out of memory"); 205 size = CHUNK0SIZE << k; 206 cp->m = (void *)malloc(size); 207 memset((char *)cp->m, 0, size); 208 cp->n_left = size; 209 if (n > size) 210 bpf_error("out of memory"); 211 } 212 cp->n_left -= n; 213 return (void *)((char *)cp->m + cp->n_left); 214} 215 216static void 217freechunks() 218{ 219 int i; 220 221 cur_chunk = 0; 222 for (i = 0; i < NCHUNKS; ++i) 223 if (chunks[i].m != NULL) { 224 free(chunks[i].m); 225 chunks[i].m = NULL; 226 } 227} 228 229/* 230 * A strdup whose allocations are freed after code generation is over. 231 */ 232char * 233sdup(s) 234 register const char *s; 235{ 236 int n = strlen(s) + 1; 237 char *cp = newchunk(n); 238 239 strlcpy(cp, s, n); 240 return (cp); 241} 242 243static inline struct block * 244new_block(code) 245 int code; 246{ 247 struct block *p; 248 249 p = (struct block *)newchunk(sizeof(*p)); 250 p->s.code = code; 251 p->head = p; 252 253 return p; 254} 255 256static inline struct slist * 257new_stmt(code) 258 int code; 259{ 260 struct slist *p; 261 262 p = (struct slist *)newchunk(sizeof(*p)); 263 p->s.code = code; 264 265 return p; 266} 267 268static struct block * 269gen_retblk(v) 270 int v; 271{ 272 struct block *b = new_block(BPF_RET|BPF_K); 273 274 b->s.k = v; 275 return b; 276} 277 278static inline void 279syntax() 280{ 281 bpf_error("syntax error in filter expression"); 282} 283 284static bpf_u_int32 netmask; 285static int snaplen; 286int no_optimize; 287 288int 289pcap_compile(pcap_t *p, struct bpf_program *program, 290 char *buf, int optimize, bpf_u_int32 mask) 291{ 292 extern int n_errors; 293 int len; 294 295 no_optimize = 0; 296 n_errors = 0; 297 root = NULL; 298 bpf_pcap = p; 299 if (setjmp(top_ctx)) { 300 lex_cleanup(); 301 freechunks(); 302 return (-1); 303 } 304 305 netmask = mask; 306 307 snaplen = pcap_snapshot(p); 308 if (snaplen == 0) { 309 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 310 "snaplen of 0 rejects all packets"); 311 return -1; 312 } 313 314 lex_init(buf ? buf : ""); 315 init_linktype(pcap_datalink(p)); 316 (void)pcap_parse(); 317 318 if (n_errors) 319 syntax(); 320 321 if (root == NULL) 322 root = gen_retblk(snaplen); 323 324 if (optimize && !no_optimize) { 325 bpf_optimize(&root); 326 if (root == NULL || 327 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0)) 328 bpf_error("expression rejects all packets"); 329 } 330 program->bf_insns = icode_to_fcode(root, &len); 331 program->bf_len = len; 332 333 lex_cleanup(); 334 freechunks(); 335 return (0); 336} 337 338/* 339 * entry point for using the compiler with no pcap open 340 * pass in all the stuff that is needed explicitly instead. 341 */ 342int 343pcap_compile_nopcap(int snaplen_arg, int linktype_arg, 344 struct bpf_program *program, 345 char *buf, int optimize, bpf_u_int32 mask) 346{ 347 pcap_t *p; 348 int ret; 349 350 p = pcap_open_dead(linktype_arg, snaplen_arg); 351 if (p == NULL) 352 return (-1); 353 ret = pcap_compile(p, program, buf, optimize, mask); 354 pcap_close(p); 355 return (ret); 356} 357 358/* 359 * Clean up a "struct bpf_program" by freeing all the memory allocated 360 * in it. 361 */ 362void 363pcap_freecode(struct bpf_program *program) 364{ 365 program->bf_len = 0; 366 if (program->bf_insns != NULL) { 367 free((char *)program->bf_insns); 368 program->bf_insns = NULL; 369 } 370} 371 372/* 373 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates 374 * which of the jt and jf fields has been resolved and which is a pointer 375 * back to another unresolved block (or nil). At least one of the fields 376 * in each block is already resolved. 377 */ 378static void 379backpatch(list, target) 380 struct block *list, *target; 381{ 382 struct block *next; 383 384 while (list) { 385 if (!list->sense) { 386 next = JT(list); 387 JT(list) = target; 388 } else { 389 next = JF(list); 390 JF(list) = target; 391 } 392 list = next; 393 } 394} 395 396/* 397 * Merge the lists in b0 and b1, using the 'sense' field to indicate 398 * which of jt and jf is the link. 399 */ 400static void 401merge(b0, b1) 402 struct block *b0, *b1; 403{ 404 register struct block **p = &b0; 405 406 /* Find end of list. */ 407 while (*p) 408 p = !((*p)->sense) ? &JT(*p) : &JF(*p); 409 410 /* Concatenate the lists. */ 411 *p = b1; 412} 413 414void 415finish_parse(p) 416 struct block *p; 417{ 418 backpatch(p, gen_retblk(snaplen)); 419 p->sense = !p->sense; 420 backpatch(p, gen_retblk(0)); 421 root = p->head; 422} 423 424void 425gen_and(b0, b1) 426 struct block *b0, *b1; 427{ 428 backpatch(b0, b1->head); 429 b0->sense = !b0->sense; 430 b1->sense = !b1->sense; 431 merge(b1, b0); 432 b1->sense = !b1->sense; 433 b1->head = b0->head; 434} 435 436void 437gen_or(b0, b1) 438 struct block *b0, *b1; 439{ 440 b0->sense = !b0->sense; 441 backpatch(b0, b1->head); 442 b0->sense = !b0->sense; 443 merge(b1, b0); 444 b1->head = b0->head; 445} 446 447void 448gen_not(b) 449 struct block *b; 450{ 451 b->sense = !b->sense; 452} 453 454static struct block * 455gen_cmp(offset, size, v) 456 u_int offset, size; 457 bpf_int32 v; 458{ 459 struct slist *s; 460 struct block *b; 461 462 s = new_stmt(BPF_LD|BPF_ABS|size); 463 s->s.k = offset; 464 465 b = new_block(JMP(BPF_JEQ)); 466 b->stmts = s; 467 b->s.k = v; 468 469 return b; 470} 471 472static struct block * 473gen_cmp_gt(offset, size, v) 474 u_int offset, size; 475 bpf_int32 v; 476{ 477 struct slist *s; 478 struct block *b; 479 480 s = new_stmt(BPF_LD|BPF_ABS|size); 481 s->s.k = offset; 482 483 b = new_block(JMP(BPF_JGT)); 484 b->stmts = s; 485 b->s.k = v; 486 487 return b; 488} 489 490static struct block * 491gen_mcmp(offset, size, v, mask) 492 u_int offset, size; 493 bpf_int32 v; 494 bpf_u_int32 mask; 495{ 496 struct block *b = gen_cmp(offset, size, v); 497 struct slist *s; 498 499 if (mask != 0xffffffff) { 500 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 501 s->s.k = mask; 502 b->stmts->next = s; 503 } 504 return b; 505} 506 507static struct block * 508gen_bcmp(offset, size, v) 509 register u_int offset, size; 510 register const u_char *v; 511{ 512 register struct block *b, *tmp; 513 514 b = NULL; 515 while (size >= 4) { 516 register const u_char *p = &v[size - 4]; 517 bpf_int32 w = ((bpf_int32)p[0] << 24) | 518 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3]; 519 520 tmp = gen_cmp(offset + size - 4, BPF_W, w); 521 if (b != NULL) 522 gen_and(b, tmp); 523 b = tmp; 524 size -= 4; 525 } 526 while (size >= 2) { 527 register const u_char *p = &v[size - 2]; 528 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1]; 529 530 tmp = gen_cmp(offset + size - 2, BPF_H, w); 531 if (b != NULL) 532 gen_and(b, tmp); 533 b = tmp; 534 size -= 2; 535 } 536 if (size > 0) { 537 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]); 538 if (b != NULL) 539 gen_and(b, tmp); 540 b = tmp; 541 } 542 return b; 543} 544 545/* 546 * Various code constructs need to know the layout of the data link 547 * layer. These variables give the necessary offsets. off_linktype 548 * is set to -1 for no encapsulation, in which case, IP is assumed. 549 */ 550static u_int off_linktype; 551static u_int off_nl; 552static int linktype; 553 554static void 555init_linktype(type) 556 int type; 557{ 558 linktype = type; 559 560 orig_linktype = -1; 561 orig_nl = -1; 562 563 switch (type) { 564 565 case DLT_ARCNET: 566 off_linktype = 2; 567 off_nl = 6; /* XXX in reality, variable! */ 568 return; 569 570 case DLT_EN10MB: 571 off_linktype = 12; 572 off_nl = 14; 573 return; 574 575 case DLT_SLIP: 576 /* 577 * SLIP doesn't have a link level type. The 16 byte 578 * header is hacked into our SLIP driver. 579 */ 580 off_linktype = -1; 581 off_nl = 16; 582 return; 583 584 case DLT_SLIP_BSDOS: 585 /* XXX this may be the same as the DLT_PPP_BSDOS case */ 586 off_linktype = -1; 587 /* XXX end */ 588 off_nl = 24; 589 return; 590 591 case DLT_NULL: 592 case DLT_LOOP: 593 off_linktype = 0; 594 off_nl = 4; 595 return; 596 597 case DLT_PPP: 598 case DLT_C_HDLC: /* BSD/OS Cisco HDLC */ 599 case DLT_PPP_SERIAL: /* NetBSD sync/async serial PPP */ 600 off_linktype = 2; 601 off_nl = 4; 602 return; 603 604 case DLT_PPP_ETHER: 605 /* 606 * This does no include the Ethernet header, and 607 * only covers session state. 608 */ 609 off_linktype = 6; 610 off_nl = 8; 611 return; 612 613 case DLT_PPP_BSDOS: 614 off_linktype = 5; 615 off_nl = 24; 616 return; 617 618 case DLT_FDDI: 619 /* 620 * FDDI doesn't really have a link-level type field. 621 * We set "off_linktype" to the offset of the LLC header. 622 * 623 * To check for Ethernet types, we assume that SSAP = SNAP 624 * is being used and pick out the encapsulated Ethernet type. 625 * XXX - should we generate code to check for SNAP? 626 */ 627 off_linktype = 13; 628#ifdef PCAP_FDDIPAD 629 off_linktype += pcap_fddipad; 630#endif 631 off_nl = 21; 632#ifdef PCAP_FDDIPAD 633 off_nl += pcap_fddipad; 634#endif 635 return; 636 637 case DLT_IEEE802: 638 /* 639 * Token Ring doesn't really have a link-level type field. 640 * We set "off_linktype" to the offset of the LLC header. 641 * 642 * To check for Ethernet types, we assume that SSAP = SNAP 643 * is being used and pick out the encapsulated Ethernet type. 644 * XXX - should we generate code to check for SNAP? 645 * 646 * XXX - the header is actually variable-length. 647 * Some various Linux patched versions gave 38 648 * as "off_linktype" and 40 as "off_nl"; however, 649 * if a token ring packet has *no* routing 650 * information, i.e. is not source-routed, the correct 651 * values are 20 and 22, as they are in the vanilla code. 652 * 653 * A packet is source-routed iff the uppermost bit 654 * of the first byte of the source address, at an 655 * offset of 8, has the uppermost bit set. If the 656 * packet is source-routed, the total number of bytes 657 * of routing information is 2 plus bits 0x1F00 of 658 * the 16-bit value at an offset of 14 (shifted right 659 * 8 - figure out which byte that is). 660 */ 661 off_linktype = 14; 662 off_nl = 22; 663 return; 664 665 case DLT_IEEE802_11: 666 /* 667 * 802.11 doesn't really have a link-level type field. 668 * We set "off_linktype" to the offset of the LLC header. 669 * 670 * To check for Ethernet types, we assume that SSAP = SNAP 671 * is being used and pick out the encapsulated Ethernet type. 672 * XXX - should we generate code to check for SNAP? 673 * 674 * XXX - the header is actually variable-length. We 675 * assume a 24-byte link-layer header, as appears in 676 * data frames in networks with no bridges. 677 */ 678 off_linktype = 24; 679 off_nl = 30; 680 return; 681 682 case DLT_PRISM_HEADER: 683 /* 684 * Same as 802.11, but with an additional header before 685 * the 802.11 header, containing a bunch of additional 686 * information including radio-level information. 687 * 688 * The header is 144 bytes long. 689 * 690 * XXX - same variable-length header problem; at least 691 * the Prism header is fixed-length. 692 */ 693 off_linktype = 144+24; 694 off_nl = 144+30; 695 return; 696 697 case DLT_ATM_RFC1483: 698 /* 699 * assume routed, non-ISO PDUs 700 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00) 701 */ 702 off_linktype = 6; 703 off_nl = 8; 704 return; 705 706 case DLT_RAW: 707 off_linktype = -1; 708 off_nl = 0; 709 return; 710 711 case DLT_ATM_CLIP: /* Linux ATM defines this */ 712 off_linktype = 6; 713 off_nl = 8; 714 return; 715 716 case DLT_LINUX_SLL: /* fake header for Linux cooked socket */ 717 off_linktype = 14; 718 off_nl = 16; 719 return; 720 721 case DLT_LTALK: 722 /* 723 * LocalTalk does have a 1-byte type field in the LLAP header, 724 * but really it just indicates whether there is a "short" or 725 * "long" DDP packet following. 726 */ 727 off_linktype = -1; 728 off_nl = 0; 729 return; 730 } 731 bpf_error("unknown data link type %d", linktype); 732 /* NOTREACHED */ 733} 734 735static struct block * 736gen_uncond(rsense) 737 int rsense; 738{ 739 struct block *b; 740 struct slist *s; 741 742 s = new_stmt(BPF_LD|BPF_IMM); 743 s->s.k = !rsense; 744 b = new_block(JMP(BPF_JEQ)); 745 b->stmts = s; 746 747 return b; 748} 749 750static inline struct block * 751gen_true() 752{ 753 return gen_uncond(1); 754} 755 756static inline struct block * 757gen_false() 758{ 759 return gen_uncond(0); 760} 761 762/* 763 * Byte-swap a 32-bit number. 764 * ("htonl()" or "ntohl()" won't work - we want to byte-swap even on 765 * big-endian platforms.) 766 */ 767#define SWAPLONG(y) \ 768((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff)) 769 770static struct block * 771gen_linktype(proto) 772 register int proto; 773{ 774 struct block *b0, *b1; 775 776 switch (linktype) { 777 778 case DLT_EN10MB: 779 switch (proto) { 780 781 case LLCSAP_ISONS: 782 /* 783 * OSI protocols always use 802.2 encapsulation. 784 * XXX - should we check both the DSAP and the 785 * SSAP, like this, or should we check just the 786 * DSAP? 787 */ 788 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 789 gen_not(b0); 790 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32) 791 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS)); 792 gen_and(b0, b1); 793 return b1; 794 795 case LLCSAP_NETBEUI: 796 /* 797 * NetBEUI always uses 802.2 encapsulation. 798 * XXX - should we check both the DSAP and the 799 * SSAP, like this, or should we check just the 800 * DSAP? 801 */ 802 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 803 gen_not(b0); 804 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32) 805 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI)); 806 gen_and(b0, b1); 807 return b1; 808 809 case LLCSAP_IPX: 810 /* 811 * Check for; 812 * 813 * Ethernet_II frames, which are Ethernet 814 * frames with a frame type of ETHERTYPE_IPX; 815 * 816 * Ethernet_802.3 frames, which are 802.3 817 * frames (i.e., the type/length field is 818 * a length field, <= ETHERMTU, rather than 819 * a type field) with the first two bytes 820 * after the Ethernet/802.3 header being 821 * 0xFFFF; 822 * 823 * Ethernet_802.2 frames, which are 802.3 824 * frames with an 802.2 LLC header and 825 * with the IPX LSAP as the DSAP in the LLC 826 * header; 827 * 828 * Ethernet_SNAP frames, which are 802.3 829 * frames with an LLC header and a SNAP 830 * header and with an OUI of 0x000000 831 * (encapsulated Ethernet) and a protocol 832 * ID of ETHERTYPE_IPX in the SNAP header. 833 * 834 * XXX - should we generate the same code both 835 * for tests for LLCSAP_IPX and for ETHERTYPE_IPX? 836 */ 837 838 /* 839 * This generates code to check both for the 840 * IPX LSAP (Ethernet_802.2) and for Ethernet_802.3. 841 */ 842 b0 = gen_cmp(off_linktype + 2, BPF_B, 843 (bpf_int32)LLCSAP_IPX); 844 b1 = gen_cmp(off_linktype + 2, BPF_H, 845 (bpf_int32)0xFFFF); 846 gen_or(b0, b1); 847 848 /* 849 * Now we add code to check for SNAP frames with 850 * ETHERTYPE_IPX, i.e. Ethernet_SNAP. 851 */ 852 b0 = gen_snap(0x000000, ETHERTYPE_IPX, 14); 853 gen_or(b0, b1); 854 855 /* 856 * Now we generate code to check for 802.3 857 * frames in general. 858 */ 859 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 860 gen_not(b0); 861 862 /* 863 * Now add the check for 802.3 frames before the 864 * check for Ethernet_802.2 and Ethernet_802.3, 865 * as those checks should only be done on 802.3 866 * frames, not on Ethernet frames. 867 */ 868 gen_and(b0, b1); 869 870 /* 871 * Now add the check for Ethernet_II frames, and 872 * do that before checking for the other frame 873 * types. 874 */ 875 b0 = gen_cmp(off_linktype, BPF_H, 876 (bpf_int32)ETHERTYPE_IPX); 877 gen_or(b0, b1); 878 return b1; 879 880 case ETHERTYPE_ATALK: 881 case ETHERTYPE_AARP: 882 /* 883 * EtherTalk (AppleTalk protocols on Ethernet link 884 * layer) may use 802.2 encapsulation. 885 */ 886 887 /* 888 * Check for 802.2 encapsulation (EtherTalk phase 2?); 889 * we check for an Ethernet type field less than 890 * 1500, which means it's an 802.3 length field. 891 */ 892 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 893 gen_not(b0); 894 895 /* 896 * 802.2-encapsulated ETHERTYPE_ATALK packets are 897 * SNAP packets with an organization code of 898 * 0x080007 (Apple, for Appletalk) and a protocol 899 * type of ETHERTYPE_ATALK (Appletalk). 900 * 901 * 802.2-encapsulated ETHERTYPE_AARP packets are 902 * SNAP packets with an organization code of 903 * 0x000000 (encapsulated Ethernet) and a protocol 904 * type of ETHERTYPE_AARP (Appletalk ARP). 905 */ 906 if (proto == ETHERTYPE_ATALK) 907 b1 = gen_snap(0x080007, ETHERTYPE_ATALK, 14); 908 else /* proto == ETHERTYPE_AARP */ 909 b1 = gen_snap(0x000000, ETHERTYPE_AARP, 14); 910 gen_and(b0, b1); 911 912 /* 913 * Check for Ethernet encapsulation (Ethertalk 914 * phase 1?); we just check for the Ethernet 915 * protocol type. 916 */ 917 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 918 919 gen_or(b0, b1); 920 return b1; 921 922 default: 923 if (proto <= ETHERMTU) { 924 /* 925 * This is an LLC SAP value, so the frames 926 * that match would be 802.2 frames. 927 * Check that the frame is an 802.2 frame 928 * (i.e., that the length/type field is 929 * a length field, <= ETHERMTU) and 930 * then check the DSAP. 931 */ 932 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 933 gen_not(b0); 934 b1 = gen_cmp(off_linktype + 2, BPF_B, 935 (bpf_int32)proto); 936 gen_and(b0, b1); 937 return b1; 938 } else { 939 /* 940 * This is an Ethernet type, so compare 941 * the length/type field with it (if 942 * the frame is an 802.2 frame, the length 943 * field will be <= ETHERMTU, and, as 944 * "proto" is > ETHERMTU, this test 945 * will fail and the frame won't match, 946 * which is what we want). 947 */ 948 return gen_cmp(off_linktype, BPF_H, 949 (bpf_int32)proto); 950 } 951 } 952 break; 953 954 case DLT_IEEE802_11: 955 case DLT_PRISM_HEADER: 956 case DLT_FDDI: 957 case DLT_IEEE802: 958 case DLT_ATM_RFC1483: 959 case DLT_ATM_CLIP: 960 /* 961 * XXX - handle token-ring variable-length header. 962 */ 963 switch (proto) { 964 965 case LLCSAP_ISONS: 966 return gen_cmp(off_linktype, BPF_H, (long) 967 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS)); 968 969 case LLCSAP_NETBEUI: 970 return gen_cmp(off_linktype, BPF_H, (long) 971 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI)); 972 973 case LLCSAP_IPX: 974 /* 975 * XXX - are there ever SNAP frames for IPX on 976 * non-Ethernet 802.x networks? 977 */ 978 return gen_cmp(off_linktype, BPF_B, 979 (bpf_int32)LLCSAP_IPX); 980 981 case ETHERTYPE_ATALK: 982 /* 983 * 802.2-encapsulated ETHERTYPE_ATALK packets are 984 * SNAP packets with an organization code of 985 * 0x080007 (Apple, for Appletalk) and a protocol 986 * type of ETHERTYPE_ATALK (Appletalk). 987 * 988 * XXX - check for an organization code of 989 * encapsulated Ethernet as well? 990 */ 991 return gen_snap(0x080007, ETHERTYPE_ATALK, 992 off_linktype); 993 break; 994 995 default: 996 /* 997 * XXX - we don't have to check for IPX 802.3 998 * here, but should we check for the IPX Ethertype? 999 */ 1000 if (proto <= ETHERMTU) { 1001 /* 1002 * This is an LLC SAP value, so check 1003 * the DSAP. 1004 */ 1005 return gen_cmp(off_linktype, BPF_B, 1006 (bpf_int32)proto); 1007 } else { 1008 /* 1009 * This is an Ethernet type; we assume 1010 * that it's unlikely that it'll 1011 * appear in the right place at random, 1012 * and therefore check only the 1013 * location that would hold the Ethernet 1014 * type in a SNAP frame with an organization 1015 * code of 0x000000 (encapsulated Ethernet). 1016 * 1017 * XXX - if we were to check for the SNAP DSAP 1018 * and LSAP, as per XXX, and were also to check 1019 * for an organization code of 0x000000 1020 * (encapsulated Ethernet), we'd do 1021 * 1022 * return gen_snap(0x000000, proto, 1023 * off_linktype); 1024 * 1025 * here; for now, we don't, as per the above. 1026 * I don't know whether it's worth the 1027 * extra CPU time to do the right check 1028 * or not. 1029 */ 1030 return gen_cmp(off_linktype+6, BPF_H, 1031 (bpf_int32)proto); 1032 } 1033 } 1034 break; 1035 1036 case DLT_LINUX_SLL: 1037 switch (proto) { 1038 1039 case LLCSAP_ISONS: 1040 /* 1041 * OSI protocols always use 802.2 encapsulation. 1042 * XXX - should we check both the DSAP and the 1043 * LSAP, like this, or should we check just the 1044 * DSAP? 1045 */ 1046 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2); 1047 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32) 1048 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS)); 1049 gen_and(b0, b1); 1050 return b1; 1051 1052 case LLCSAP_NETBEUI: 1053 /* 1054 * NetBEUI always uses 802.2 encapsulation. 1055 * XXX - should we check both the DSAP and the 1056 * LSAP, like this, or should we check just the 1057 * DSAP? 1058 */ 1059 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2); 1060 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32) 1061 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI)); 1062 gen_and(b0, b1); 1063 return b1; 1064 1065 case LLCSAP_IPX: 1066 /* 1067 * Ethernet_II frames, which are Ethernet 1068 * frames with a frame type of ETHERTYPE_IPX; 1069 * 1070 * Ethernet_802.3 frames, which have a frame 1071 * type of LINUX_SLL_P_802_3; 1072 * 1073 * Ethernet_802.2 frames, which are 802.3 1074 * frames with an 802.2 LLC header (i.e, have 1075 * a frame type of LINUX_SLL_P_802_2) and 1076 * with the IPX LSAP as the DSAP in the LLC 1077 * header; 1078 * 1079 * Ethernet_SNAP frames, which are 802.3 1080 * frames with an LLC header and a SNAP 1081 * header and with an OUI of 0x000000 1082 * (encapsulated Ethernet) and a protocol 1083 * ID of ETHERTYPE_IPX in the SNAP header. 1084 * 1085 * First, do the checks on LINUX_SLL_P_802_2 1086 * frames; generate the check for either 1087 * Ethernet_802.2 or Ethernet_SNAP frames, and 1088 * then put a check for LINUX_SLL_P_802_2 frames 1089 * before it. 1090 */ 1091 b0 = gen_cmp(off_linktype + 2, BPF_B, 1092 (bpf_int32)LLCSAP_IPX); 1093 b1 = gen_snap(0x000000, ETHERTYPE_IPX, 1094 off_linktype + 2); 1095 gen_or(b0, b1); 1096 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2); 1097 gen_and(b0, b1); 1098 1099 /* 1100 * Now check for 802.3 frames and OR that with 1101 * the previous test. 1102 */ 1103 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_3); 1104 gen_or(b0, b1); 1105 1106 /* 1107 * Now add the check for Ethernet_II frames, and 1108 * do that before checking for the other frame 1109 * types. 1110 */ 1111 b0 = gen_cmp(off_linktype, BPF_H, 1112 (bpf_int32)ETHERTYPE_IPX); 1113 gen_or(b0, b1); 1114 return b1; 1115 1116 case ETHERTYPE_ATALK: 1117 case ETHERTYPE_AARP: 1118 /* 1119 * EtherTalk (AppleTalk protocols on Ethernet link 1120 * layer) may use 802.2 encapsulation. 1121 */ 1122 1123 /* 1124 * Check for 802.2 encapsulation (EtherTalk phase 2?); 1125 * we check for the 802.2 protocol type in the 1126 * "Ethernet type" field. 1127 */ 1128 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2); 1129 1130 /* 1131 * 802.2-encapsulated ETHERTYPE_ATALK packets are 1132 * SNAP packets with an organization code of 1133 * 0x080007 (Apple, for Appletalk) and a protocol 1134 * type of ETHERTYPE_ATALK (Appletalk). 1135 * 1136 * 802.2-encapsulated ETHERTYPE_AARP packets are 1137 * SNAP packets with an organization code of 1138 * 0x000000 (encapsulated Ethernet) and a protocol 1139 * type of ETHERTYPE_AARP (Appletalk ARP). 1140 */ 1141 if (proto == ETHERTYPE_ATALK) 1142 b1 = gen_snap(0x080007, ETHERTYPE_ATALK, 1143 off_linktype + 2); 1144 else /* proto == ETHERTYPE_AARP */ 1145 b1 = gen_snap(0x000000, ETHERTYPE_AARP, 1146 off_linktype + 2); 1147 gen_and(b0, b1); 1148 1149 /* 1150 * Check for Ethernet encapsulation (Ethertalk 1151 * phase 1?); we just check for the Ethernet 1152 * protocol type. 1153 */ 1154 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 1155 1156 gen_or(b0, b1); 1157 return b1; 1158 1159 default: 1160 if (proto <= ETHERMTU) { 1161 /* 1162 * This is an LLC SAP value, so the frames 1163 * that match would be 802.2 frames. 1164 * Check for the 802.2 protocol type 1165 * in the "Ethernet type" field, and 1166 * then check the DSAP. 1167 */ 1168 b0 = gen_cmp(off_linktype, BPF_H, 1169 LINUX_SLL_P_802_2); 1170 b1 = gen_cmp(off_linktype + 2, BPF_B, 1171 (bpf_int32)proto); 1172 gen_and(b0, b1); 1173 return b1; 1174 } else { 1175 /* 1176 * This is an Ethernet type, so compare 1177 * the length/type field with it (if 1178 * the frame is an 802.2 frame, the length 1179 * field will be <= ETHERMTU, and, as 1180 * "proto" is > ETHERMTU, this test 1181 * will fail and the frame won't match, 1182 * which is what we want). 1183 */ 1184 return gen_cmp(off_linktype, BPF_H, 1185 (bpf_int32)proto); 1186 } 1187 } 1188 break; 1189 1190 case DLT_SLIP: 1191 case DLT_SLIP_BSDOS: 1192 case DLT_RAW: 1193 /* 1194 * These types don't provide any type field; packets 1195 * are always IP. 1196 * 1197 * XXX - for IPv4, check for a version number of 4, and, 1198 * for IPv6, check for a version number of 6? 1199 */ 1200 switch (proto) { 1201 1202 case ETHERTYPE_IP: 1203#ifdef INET6 1204 case ETHERTYPE_IPV6: 1205#endif 1206 return gen_true(); /* always true */ 1207 1208 default: 1209 return gen_false(); /* always false */ 1210 } 1211 break; 1212 1213 case DLT_PPP: 1214 case DLT_PPP_SERIAL: 1215 case DLT_PPP_ETHER: 1216 /* 1217 * We use Ethernet protocol types inside libpcap; 1218 * map them to the corresponding PPP protocol types. 1219 */ 1220 switch (proto) { 1221 1222 case ETHERTYPE_IP: 1223 proto = PPP_IP; /* XXX was 0x21 */ 1224 break; 1225 1226#ifdef INET6 1227 case ETHERTYPE_IPV6: 1228 proto = PPP_IPV6; 1229 break; 1230#endif 1231 1232 case ETHERTYPE_DN: 1233 proto = PPP_DECNET; 1234 break; 1235 1236 case ETHERTYPE_ATALK: 1237 proto = PPP_APPLE; 1238 break; 1239 1240 case ETHERTYPE_NS: 1241 proto = PPP_NS; 1242 break; 1243 1244 case LLCSAP_ISONS: 1245 proto = PPP_OSI; 1246 break; 1247 1248 case LLCSAP_8021D: 1249 /* 1250 * I'm assuming the "Bridging PDU"s that go 1251 * over PPP are Spanning Tree Protocol 1252 * Bridging PDUs. 1253 */ 1254 proto = PPP_BRPDU; 1255 break; 1256 1257 case LLCSAP_IPX: 1258 proto = PPP_IPX; 1259 break; 1260 } 1261 break; 1262 1263 case DLT_PPP_BSDOS: 1264 /* 1265 * We use Ethernet protocol types inside libpcap; 1266 * map them to the corresponding PPP protocol types. 1267 */ 1268 switch (proto) { 1269 1270 case ETHERTYPE_IP: 1271 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP); 1272 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC); 1273 gen_or(b0, b1); 1274 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC); 1275 gen_or(b1, b0); 1276 return b0; 1277 1278#ifdef INET6 1279 case ETHERTYPE_IPV6: 1280 proto = PPP_IPV6; 1281 /* more to go? */ 1282 break; 1283#endif 1284 1285 case ETHERTYPE_DN: 1286 proto = PPP_DECNET; 1287 break; 1288 1289 case ETHERTYPE_ATALK: 1290 proto = PPP_APPLE; 1291 break; 1292 1293 case ETHERTYPE_NS: 1294 proto = PPP_NS; 1295 break; 1296 1297 case LLCSAP_ISONS: 1298 proto = PPP_OSI; 1299 break; 1300 1301 case LLCSAP_8021D: 1302 /* 1303 * I'm assuming the "Bridging PDU"s that go 1304 * over PPP are Spanning Tree Protocol 1305 * Bridging PDUs. 1306 */ 1307 proto = PPP_BRPDU; 1308 break; 1309 1310 case LLCSAP_IPX: 1311 proto = PPP_IPX; 1312 break; 1313 } 1314 break; 1315 1316 case DLT_NULL: 1317 case DLT_LOOP: 1318 /* 1319 * For DLT_NULL, the link-layer header is a 32-bit 1320 * word containing an AF_ value in *host* byte order. 1321 * 1322 * In addition, if we're reading a saved capture file, 1323 * the host byte order in the capture may not be the 1324 * same as the host byte order on this machine. 1325 * 1326 * For DLT_LOOP, the link-layer header is a 32-bit 1327 * word containing an AF_ value in *network* byte order. 1328 * 1329 * XXX - AF_ values may, unfortunately, be platform- 1330 * dependent; for example, FreeBSD's AF_INET6 is 24 1331 * whilst NetBSD's and OpenBSD's is 26. 1332 * 1333 * This means that, when reading a capture file, just 1334 * checking for our AF_INET6 value won't work if the 1335 * capture file came from another OS. 1336 */ 1337 switch (proto) { 1338 1339 case ETHERTYPE_IP: 1340 proto = AF_INET; 1341 break; 1342 1343#ifdef INET6 1344 case ETHERTYPE_IPV6: 1345 proto = AF_INET6; 1346 break; 1347#endif 1348 1349 default: 1350 /* 1351 * Not a type on which we support filtering. 1352 * XXX - support those that have AF_ values 1353 * #defined on this platform, at least? 1354 */ 1355 return gen_false(); 1356 } 1357 1358 if (linktype == DLT_NULL) { 1359 /* 1360 * The AF_ value is in host byte order, but 1361 * the BPF interpreter will convert it to 1362 * network byte order. 1363 * 1364 * If this is a save file, and it's from a 1365 * machine with the opposite byte order to 1366 * ours, we byte-swap the AF_ value. 1367 * 1368 * Then we run it through "htonl()", and 1369 * generate code to compare against the result. 1370 */ 1371 if (bpf_pcap->sf.rfile != NULL && 1372 bpf_pcap->sf.swapped) 1373 proto = SWAPLONG(proto); 1374 proto = htonl(proto); 1375 } 1376 return (gen_cmp(0, BPF_W, (bpf_int32)proto)); 1377 1378 case DLT_ARCNET: 1379 /* 1380 * XXX should we check for first fragment if the protocol 1381 * uses PHDS? 1382 */ 1383 switch(proto) { 1384 default: 1385 return gen_false(); 1386#ifdef INET6 1387 case ETHERTYPE_IPV6: 1388 return(gen_cmp(2, BPF_B, 1389 (bpf_int32)htonl(ARCTYPE_INET6))); 1390#endif /* INET6 */ 1391 case ETHERTYPE_IP: 1392 b0 = gen_cmp(2, BPF_B, (bpf_int32)htonl(ARCTYPE_IP)); 1393 b1 = gen_cmp(2, BPF_B, 1394 (bpf_int32)htonl(ARCTYPE_IP_OLD)); 1395 gen_or(b0, b1); 1396 return(b1); 1397 case ETHERTYPE_ARP: 1398 b0 = gen_cmp(2, BPF_B, (bpf_int32)htonl(ARCTYPE_ARP)); 1399 b1 = gen_cmp(2, BPF_B, 1400 (bpf_int32)htonl(ARCTYPE_ARP_OLD)); 1401 gen_or(b0, b1); 1402 return(b1); 1403 case ETHERTYPE_REVARP: 1404 return(gen_cmp(2, BPF_B, 1405 (bpf_int32)htonl(ARCTYPE_REVARP))); 1406 case ETHERTYPE_ATALK: 1407 return(gen_cmp(2, BPF_B, 1408 (bpf_int32)htonl(ARCTYPE_ATALK))); 1409 } 1410 break; 1411 1412 case DLT_LTALK: 1413 switch (proto) { 1414 case ETHERTYPE_ATALK: 1415 return gen_true(); 1416 default: 1417 return gen_false(); 1418 } 1419 break; 1420 } 1421 1422 /* 1423 * All the types that have no encapsulation should either be 1424 * handled as DLT_SLIP, DLT_SLIP_BSDOS, and DLT_RAW are, if 1425 * all packets are IP packets, or should be handled in some 1426 * special case, if none of them are (if some are and some 1427 * aren't, the lack of encapsulation is a problem, as we'd 1428 * have to find some other way of determining the packet type). 1429 * 1430 * Therefore, if "off_linktype" is -1, there's an error. 1431 */ 1432 if (off_linktype == -1) 1433 abort(); 1434 1435 /* 1436 * Any type not handled above should always have an Ethernet 1437 * type at an offset of "off_linktype". (PPP is partially 1438 * handled above - the protocol type is mapped from the 1439 * Ethernet and LLC types we use internally to the corresponding 1440 * PPP type - but the PPP type is always specified by a value 1441 * at "off_linktype", so we don't have to do the code generation 1442 * above.) 1443 */ 1444 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 1445} 1446 1447/* 1448 * Check for an LLC SNAP packet with a given organization code and 1449 * protocol type; we check the entire contents of the 802.2 LLC and 1450 * snap headers, checking for DSAP and SSAP of SNAP and a control 1451 * field of 0x03 in the LLC header, and for the specified organization 1452 * code and protocol type in the SNAP header. 1453 */ 1454static struct block * 1455gen_snap(orgcode, ptype, offset) 1456 bpf_u_int32 orgcode; 1457 bpf_u_int32 ptype; 1458 u_int offset; 1459{ 1460 u_char snapblock[8]; 1461 1462 snapblock[0] = LLCSAP_SNAP; /* DSAP = SNAP */ 1463 snapblock[1] = LLCSAP_SNAP; /* SSAP = SNAP */ 1464 snapblock[2] = 0x03; /* control = UI */ 1465 snapblock[3] = (orgcode >> 16); /* upper 8 bits of organization code */ 1466 snapblock[4] = (orgcode >> 8); /* middle 8 bits of organization code */ 1467 snapblock[5] = (orgcode >> 0); /* lower 8 bits of organization code */ 1468 snapblock[6] = (ptype >> 8); /* upper 8 bits of protocol type */ 1469 snapblock[7] = (ptype >> 0); /* lower 8 bits of protocol type */ 1470 return gen_bcmp(offset, 8, snapblock); 1471} 1472 1473static struct block * 1474gen_hostop(addr, mask, dir, proto, src_off, dst_off) 1475 bpf_u_int32 addr; 1476 bpf_u_int32 mask; 1477 int dir, proto; 1478 u_int src_off, dst_off; 1479{ 1480 struct block *b0, *b1; 1481 u_int offset; 1482 1483 switch (dir) { 1484 1485 case Q_SRC: 1486 offset = src_off; 1487 break; 1488 1489 case Q_DST: 1490 offset = dst_off; 1491 break; 1492 1493 case Q_AND: 1494 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off); 1495 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off); 1496 gen_and(b0, b1); 1497 return b1; 1498 1499 case Q_OR: 1500 case Q_DEFAULT: 1501 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off); 1502 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off); 1503 gen_or(b0, b1); 1504 return b1; 1505 1506 default: 1507 abort(); 1508 } 1509 b0 = gen_linktype(proto); 1510 b1 = gen_mcmp(offset, BPF_W, (bpf_int32)addr, mask); 1511 gen_and(b0, b1); 1512 return b1; 1513} 1514 1515#ifdef INET6 1516static struct block * 1517gen_hostop6(addr, mask, dir, proto, src_off, dst_off) 1518 struct in6_addr *addr; 1519 struct in6_addr *mask; 1520 int dir, proto; 1521 u_int src_off, dst_off; 1522{ 1523 struct block *b0, *b1; 1524 u_int offset; 1525 u_int32_t *a, *m; 1526 1527 switch (dir) { 1528 1529 case Q_SRC: 1530 offset = src_off; 1531 break; 1532 1533 case Q_DST: 1534 offset = dst_off; 1535 break; 1536 1537 case Q_AND: 1538 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off); 1539 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off); 1540 gen_and(b0, b1); 1541 return b1; 1542 1543 case Q_OR: 1544 case Q_DEFAULT: 1545 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off); 1546 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off); 1547 gen_or(b0, b1); 1548 return b1; 1549 1550 default: 1551 abort(); 1552 } 1553 /* this order is important */ 1554 a = (u_int32_t *)addr; 1555 m = (u_int32_t *)mask; 1556 b1 = gen_mcmp(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3])); 1557 b0 = gen_mcmp(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2])); 1558 gen_and(b0, b1); 1559 b0 = gen_mcmp(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1])); 1560 gen_and(b0, b1); 1561 b0 = gen_mcmp(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0])); 1562 gen_and(b0, b1); 1563 b0 = gen_linktype(proto); 1564 gen_and(b0, b1); 1565 return b1; 1566} 1567#endif /*INET6*/ 1568 1569static struct block * 1570gen_ehostop(eaddr, dir) 1571 register const u_char *eaddr; 1572 register int dir; 1573{ 1574 register struct block *b0, *b1; 1575 1576 switch (dir) { 1577 case Q_SRC: 1578 return gen_bcmp(6, 6, eaddr); 1579 1580 case Q_DST: 1581 return gen_bcmp(0, 6, eaddr); 1582 1583 case Q_AND: 1584 b0 = gen_ehostop(eaddr, Q_SRC); 1585 b1 = gen_ehostop(eaddr, Q_DST); 1586 gen_and(b0, b1); 1587 return b1; 1588 1589 case Q_DEFAULT: 1590 case Q_OR: 1591 b0 = gen_ehostop(eaddr, Q_SRC); 1592 b1 = gen_ehostop(eaddr, Q_DST); 1593 gen_or(b0, b1); 1594 return b1; 1595 } 1596 abort(); 1597 /* NOTREACHED */ 1598} 1599 1600/* 1601 * Like gen_ehostop, but for DLT_FDDI 1602 */ 1603static struct block * 1604gen_fhostop(eaddr, dir) 1605 register const u_char *eaddr; 1606 register int dir; 1607{ 1608 struct block *b0, *b1; 1609 1610 switch (dir) { 1611 case Q_SRC: 1612#ifdef PCAP_FDDIPAD 1613 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr); 1614#else 1615 return gen_bcmp(6 + 1, 6, eaddr); 1616#endif 1617 1618 case Q_DST: 1619#ifdef PCAP_FDDIPAD 1620 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr); 1621#else 1622 return gen_bcmp(0 + 1, 6, eaddr); 1623#endif 1624 1625 case Q_AND: 1626 b0 = gen_fhostop(eaddr, Q_SRC); 1627 b1 = gen_fhostop(eaddr, Q_DST); 1628 gen_and(b0, b1); 1629 return b1; 1630 1631 case Q_DEFAULT: 1632 case Q_OR: 1633 b0 = gen_fhostop(eaddr, Q_SRC); 1634 b1 = gen_fhostop(eaddr, Q_DST); 1635 gen_or(b0, b1); 1636 return b1; 1637 } 1638 abort(); 1639 /* NOTREACHED */ 1640} 1641 1642/* 1643 * Like gen_ehostop, but for DLT_IEEE802 (Token Ring) 1644 */ 1645static struct block * 1646gen_thostop(eaddr, dir) 1647 register const u_char *eaddr; 1648 register int dir; 1649{ 1650 register struct block *b0, *b1; 1651 1652 switch (dir) { 1653 case Q_SRC: 1654 return gen_bcmp(8, 6, eaddr); 1655 1656 case Q_DST: 1657 return gen_bcmp(2, 6, eaddr); 1658 1659 case Q_AND: 1660 b0 = gen_thostop(eaddr, Q_SRC); 1661 b1 = gen_thostop(eaddr, Q_DST); 1662 gen_and(b0, b1); 1663 return b1; 1664 1665 case Q_DEFAULT: 1666 case Q_OR: 1667 b0 = gen_thostop(eaddr, Q_SRC); 1668 b1 = gen_thostop(eaddr, Q_DST); 1669 gen_or(b0, b1); 1670 return b1; 1671 } 1672 abort(); 1673 /* NOTREACHED */ 1674} 1675 1676/* 1677 * This is quite tricky because there may be pad bytes in front of the 1678 * DECNET header, and then there are two possible data packet formats that 1679 * carry both src and dst addresses, plus 5 packet types in a format that 1680 * carries only the src node, plus 2 types that use a different format and 1681 * also carry just the src node. 1682 * 1683 * Yuck. 1684 * 1685 * Instead of doing those all right, we just look for data packets with 1686 * 0 or 1 bytes of padding. If you want to look at other packets, that 1687 * will require a lot more hacking. 1688 * 1689 * To add support for filtering on DECNET "areas" (network numbers) 1690 * one would want to add a "mask" argument to this routine. That would 1691 * make the filter even more inefficient, although one could be clever 1692 * and not generate masking instructions if the mask is 0xFFFF. 1693 */ 1694static struct block * 1695gen_dnhostop(addr, dir, base_off) 1696 bpf_u_int32 addr; 1697 int dir; 1698 u_int base_off; 1699{ 1700 struct block *b0, *b1, *b2, *tmp; 1701 u_int offset_lh; /* offset if long header is received */ 1702 u_int offset_sh; /* offset if short header is received */ 1703 1704 switch (dir) { 1705 1706 case Q_DST: 1707 offset_sh = 1; /* follows flags */ 1708 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */ 1709 break; 1710 1711 case Q_SRC: 1712 offset_sh = 3; /* follows flags, dstnode */ 1713 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */ 1714 break; 1715 1716 case Q_AND: 1717 /* Inefficient because we do our Calvinball dance twice */ 1718 b0 = gen_dnhostop(addr, Q_SRC, base_off); 1719 b1 = gen_dnhostop(addr, Q_DST, base_off); 1720 gen_and(b0, b1); 1721 return b1; 1722 1723 case Q_OR: 1724 case Q_DEFAULT: 1725 /* Inefficient because we do our Calvinball dance twice */ 1726 b0 = gen_dnhostop(addr, Q_SRC, base_off); 1727 b1 = gen_dnhostop(addr, Q_DST, base_off); 1728 gen_or(b0, b1); 1729 return b1; 1730 1731 case Q_ISO: 1732 bpf_error("ISO host filtering not implemented"); 1733 1734 default: 1735 abort(); 1736 } 1737 b0 = gen_linktype(ETHERTYPE_DN); 1738 /* Check for pad = 1, long header case */ 1739 tmp = gen_mcmp(base_off + 2, BPF_H, 1740 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF)); 1741 b1 = gen_cmp(base_off + 2 + 1 + offset_lh, 1742 BPF_H, (bpf_int32)ntohs(addr)); 1743 gen_and(tmp, b1); 1744 /* Check for pad = 0, long header case */ 1745 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7); 1746 b2 = gen_cmp(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr)); 1747 gen_and(tmp, b2); 1748 gen_or(b2, b1); 1749 /* Check for pad = 1, short header case */ 1750 tmp = gen_mcmp(base_off + 2, BPF_H, 1751 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF)); 1752 b2 = gen_cmp(base_off + 2 + 1 + offset_sh, 1753 BPF_H, (bpf_int32)ntohs(addr)); 1754 gen_and(tmp, b2); 1755 gen_or(b2, b1); 1756 /* Check for pad = 0, short header case */ 1757 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7); 1758 b2 = gen_cmp(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr)); 1759 gen_and(tmp, b2); 1760 gen_or(b2, b1); 1761 1762 /* Combine with test for linktype */ 1763 gen_and(b0, b1); 1764 return b1; 1765} 1766 1767static struct block * 1768gen_host(addr, mask, proto, dir) 1769 bpf_u_int32 addr; 1770 bpf_u_int32 mask; 1771 int proto; 1772 int dir; 1773{ 1774 struct block *b0, *b1; 1775 1776 switch (proto) { 1777 1778 case Q_DEFAULT: 1779 b0 = gen_host(addr, mask, Q_IP, dir); 1780 if (off_linktype != -1) { 1781 b1 = gen_host(addr, mask, Q_ARP, dir); 1782 gen_or(b0, b1); 1783 b0 = gen_host(addr, mask, Q_RARP, dir); 1784 gen_or(b1, b0); 1785 } 1786 return b0; 1787 1788 case Q_IP: 1789 return gen_hostop(addr, mask, dir, ETHERTYPE_IP, 1790 off_nl + 12, off_nl + 16); 1791 1792 case Q_RARP: 1793 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP, 1794 off_nl + 14, off_nl + 24); 1795 1796 case Q_ARP: 1797 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP, 1798 off_nl + 14, off_nl + 24); 1799 1800 case Q_TCP: 1801 bpf_error("'tcp' modifier applied to host"); 1802 1803 case Q_SCTP: 1804 bpf_error("'sctp' modifier applied to host"); 1805 1806 case Q_UDP: 1807 bpf_error("'udp' modifier applied to host"); 1808 1809 case Q_ICMP: 1810 bpf_error("'icmp' modifier applied to host"); 1811 1812 case Q_IGMP: 1813 bpf_error("'igmp' modifier applied to host"); 1814 1815 case Q_IGRP: 1816 bpf_error("'igrp' modifier applied to host"); 1817 1818 case Q_PIM: 1819 bpf_error("'pim' modifier applied to host"); 1820 1821 case Q_VRRP: 1822 bpf_error("'vrrp' modifier applied to host"); 1823 1824 case Q_ATALK: 1825 bpf_error("ATALK host filtering not implemented"); 1826 1827 case Q_AARP: 1828 bpf_error("AARP host filtering not implemented"); 1829 1830 case Q_DECNET: 1831 return gen_dnhostop(addr, dir, off_nl); 1832 1833 case Q_SCA: 1834 bpf_error("SCA host filtering not implemented"); 1835 1836 case Q_LAT: 1837 bpf_error("LAT host filtering not implemented"); 1838 1839 case Q_MOPDL: 1840 bpf_error("MOPDL host filtering not implemented"); 1841 1842 case Q_MOPRC: 1843 bpf_error("MOPRC host filtering not implemented"); 1844 1845#ifdef INET6 1846 case Q_IPV6: 1847 bpf_error("'ip6' modifier applied to ip host"); 1848 1849 case Q_ICMPV6: 1850 bpf_error("'icmp6' modifier applied to host"); 1851#endif /* INET6 */ 1852 1853 case Q_AH: 1854 bpf_error("'ah' modifier applied to host"); 1855 1856 case Q_ESP: 1857 bpf_error("'esp' modifier applied to host"); 1858 1859 case Q_ISO: 1860 bpf_error("ISO host filtering not implemented"); 1861 1862 case Q_ESIS: 1863 bpf_error("'esis' modifier applied to host"); 1864 1865 case Q_ISIS: 1866 bpf_error("'isis' modifier applied to host"); 1867 1868 case Q_CLNP: 1869 bpf_error("'clnp' modifier applied to host"); 1870 1871 case Q_STP: 1872 bpf_error("'stp' modifier applied to host"); 1873 1874 case Q_IPX: 1875 bpf_error("IPX host filtering not implemented"); 1876 1877 case Q_NETBEUI: 1878 bpf_error("'netbeui' modifier applied to host"); 1879 1880 default: 1881 abort(); 1882 } 1883 /* NOTREACHED */ 1884} 1885 1886#ifdef INET6 1887static struct block * 1888gen_host6(addr, mask, proto, dir) 1889 struct in6_addr *addr; 1890 struct in6_addr *mask; 1891 int proto; 1892 int dir; 1893{ 1894 switch (proto) { 1895 1896 case Q_DEFAULT: 1897 return gen_host6(addr, mask, Q_IPV6, dir); 1898 1899 case Q_IP: 1900 bpf_error("'ip' modifier applied to ip6 host"); 1901 1902 case Q_RARP: 1903 bpf_error("'rarp' modifier applied to ip6 host"); 1904 1905 case Q_ARP: 1906 bpf_error("'arp' modifier applied to ip6 host"); 1907 1908 case Q_SCTP: 1909 bpf_error("'sctp' modifier applied to host"); 1910 1911 case Q_TCP: 1912 bpf_error("'tcp' modifier applied to host"); 1913 1914 case Q_UDP: 1915 bpf_error("'udp' modifier applied to host"); 1916 1917 case Q_ICMP: 1918 bpf_error("'icmp' modifier applied to host"); 1919 1920 case Q_IGMP: 1921 bpf_error("'igmp' modifier applied to host"); 1922 1923 case Q_IGRP: 1924 bpf_error("'igrp' modifier applied to host"); 1925 1926 case Q_PIM: 1927 bpf_error("'pim' modifier applied to host"); 1928 1929 case Q_VRRP: 1930 bpf_error("'vrrp' modifier applied to host"); 1931 1932 case Q_ATALK: 1933 bpf_error("ATALK host filtering not implemented"); 1934 1935 case Q_AARP: 1936 bpf_error("AARP host filtering not implemented"); 1937 1938 case Q_DECNET: 1939 bpf_error("'decnet' modifier applied to ip6 host"); 1940 1941 case Q_SCA: 1942 bpf_error("SCA host filtering not implemented"); 1943 1944 case Q_LAT: 1945 bpf_error("LAT host filtering not implemented"); 1946 1947 case Q_MOPDL: 1948 bpf_error("MOPDL host filtering not implemented"); 1949 1950 case Q_MOPRC: 1951 bpf_error("MOPRC host filtering not implemented"); 1952 1953 case Q_IPV6: 1954 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6, 1955 off_nl + 8, off_nl + 24); 1956 1957 case Q_ICMPV6: 1958 bpf_error("'icmp6' modifier applied to host"); 1959 1960 case Q_AH: 1961 bpf_error("'ah' modifier applied to host"); 1962 1963 case Q_ESP: 1964 bpf_error("'esp' modifier applied to host"); 1965 1966 case Q_ISO: 1967 bpf_error("ISO host filtering not implemented"); 1968 1969 case Q_ESIS: 1970 bpf_error("'esis' modifier applied to host"); 1971 1972 case Q_ISIS: 1973 bpf_error("'isis' modifier applied to host"); 1974 1975 case Q_CLNP: 1976 bpf_error("'clnp' modifier applied to host"); 1977 1978 case Q_STP: 1979 bpf_error("'stp' modifier applied to host"); 1980 1981 case Q_IPX: 1982 bpf_error("IPX host filtering not implemented"); 1983 1984 case Q_NETBEUI: 1985 bpf_error("'netbeui' modifier applied to host"); 1986 1987 default: 1988 abort(); 1989 } 1990 /* NOTREACHED */ 1991} 1992#endif /*INET6*/ 1993 1994#ifndef INET6 1995static struct block * 1996gen_gateway(eaddr, alist, proto, dir) 1997 const u_char *eaddr; 1998 bpf_u_int32 **alist; 1999 int proto; 2000 int dir; 2001{ 2002 struct block *b0, *b1, *tmp; 2003 2004 if (dir != 0) 2005 bpf_error("direction applied to 'gateway'"); 2006 2007 switch (proto) { 2008 case Q_DEFAULT: 2009 case Q_IP: 2010 case Q_ARP: 2011 case Q_RARP: 2012 if (linktype == DLT_EN10MB) 2013 b0 = gen_ehostop(eaddr, Q_OR); 2014 else if (linktype == DLT_FDDI) 2015 b0 = gen_fhostop(eaddr, Q_OR); 2016 else if (linktype == DLT_IEEE802) 2017 b0 = gen_thostop(eaddr, Q_OR); 2018 else 2019 bpf_error( 2020 "'gateway' supported only on ethernet, FDDI or token ring"); 2021 2022 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR); 2023 while (*alist) { 2024 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR); 2025 gen_or(b1, tmp); 2026 b1 = tmp; 2027 } 2028 gen_not(b1); 2029 gen_and(b0, b1); 2030 return b1; 2031 } 2032 bpf_error("illegal modifier of 'gateway'"); 2033 /* NOTREACHED */ 2034} 2035#endif 2036 2037struct block * 2038gen_proto_abbrev(proto) 2039 int proto; 2040{ 2041#ifdef INET6 2042 struct block *b0; 2043#endif 2044 struct block *b1; 2045 2046 switch (proto) { 2047 2048 case Q_SCTP: 2049 b1 = gen_proto(IPPROTO_SCTP, Q_IP, Q_DEFAULT); 2050#ifdef INET6 2051 b0 = gen_proto(IPPROTO_SCTP, Q_IPV6, Q_DEFAULT); 2052 gen_or(b0, b1); 2053#endif 2054 break; 2055 2056 case Q_TCP: 2057 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT); 2058#ifdef INET6 2059 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT); 2060 gen_or(b0, b1); 2061#endif 2062 break; 2063 2064 case Q_UDP: 2065 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT); 2066#ifdef INET6 2067 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT); 2068 gen_or(b0, b1); 2069#endif 2070 break; 2071 2072 case Q_ICMP: 2073 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT); 2074 break; 2075 2076#ifndef IPPROTO_IGMP 2077#define IPPROTO_IGMP 2 2078#endif 2079 2080 case Q_IGMP: 2081 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT); 2082 break; 2083 2084#ifndef IPPROTO_IGRP 2085#define IPPROTO_IGRP 9 2086#endif 2087 case Q_IGRP: 2088 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT); 2089 break; 2090 2091#ifndef IPPROTO_PIM 2092#define IPPROTO_PIM 103 2093#endif 2094 2095 case Q_PIM: 2096 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT); 2097#ifdef INET6 2098 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT); 2099 gen_or(b0, b1); 2100#endif 2101 break; 2102 2103#ifndef IPPROTO_VRRP 2104#define IPPROTO_VRRP 112 2105#endif 2106 2107 case Q_VRRP: 2108 b1 = gen_proto(IPPROTO_VRRP, Q_IP, Q_DEFAULT); 2109 break; 2110 2111 case Q_IP: 2112 b1 = gen_linktype(ETHERTYPE_IP); 2113 break; 2114 2115 case Q_ARP: 2116 b1 = gen_linktype(ETHERTYPE_ARP); 2117 break; 2118 2119 case Q_RARP: 2120 b1 = gen_linktype(ETHERTYPE_REVARP); 2121 break; 2122 2123 case Q_LINK: 2124 bpf_error("link layer applied in wrong context"); 2125 2126 case Q_ATALK: 2127 b1 = gen_linktype(ETHERTYPE_ATALK); 2128 break; 2129 2130 case Q_AARP: 2131 b1 = gen_linktype(ETHERTYPE_AARP); 2132 break; 2133 2134 case Q_DECNET: 2135 b1 = gen_linktype(ETHERTYPE_DN); 2136 break; 2137 2138 case Q_SCA: 2139 b1 = gen_linktype(ETHERTYPE_SCA); 2140 break; 2141 2142 case Q_LAT: 2143 b1 = gen_linktype(ETHERTYPE_LAT); 2144 break; 2145 2146 case Q_MOPDL: 2147 b1 = gen_linktype(ETHERTYPE_MOPDL); 2148 break; 2149 2150 case Q_MOPRC: 2151 b1 = gen_linktype(ETHERTYPE_MOPRC); 2152 break; 2153 2154#ifdef INET6 2155 case Q_IPV6: 2156 b1 = gen_linktype(ETHERTYPE_IPV6); 2157 break; 2158 2159#ifndef IPPROTO_ICMPV6 2160#define IPPROTO_ICMPV6 58 2161#endif 2162 case Q_ICMPV6: 2163 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT); 2164 break; 2165#endif /* INET6 */ 2166 2167#ifndef IPPROTO_AH 2168#define IPPROTO_AH 51 2169#endif 2170 case Q_AH: 2171 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT); 2172#ifdef INET6 2173 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT); 2174 gen_or(b0, b1); 2175#endif 2176 break; 2177 2178#ifndef IPPROTO_ESP 2179#define IPPROTO_ESP 50 2180#endif 2181 case Q_ESP: 2182 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT); 2183#ifdef INET6 2184 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT); 2185 gen_or(b0, b1); 2186#endif 2187 break; 2188 2189 case Q_ISO: 2190 b1 = gen_linktype(LLCSAP_ISONS); 2191 break; 2192 2193 case Q_ESIS: 2194 b1 = gen_proto(ISO9542_ESIS, Q_ISO, Q_DEFAULT); 2195 break; 2196 2197 case Q_ISIS: 2198 b1 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT); 2199 break; 2200 2201 case Q_CLNP: 2202 b1 = gen_proto(ISO8473_CLNP, Q_ISO, Q_DEFAULT); 2203 break; 2204 2205 case Q_STP: 2206 b1 = gen_linktype(LLCSAP_8021D); 2207 break; 2208 2209 case Q_IPX: 2210 b1 = gen_linktype(LLCSAP_IPX); 2211 break; 2212 2213 case Q_NETBEUI: 2214 b1 = gen_linktype(LLCSAP_NETBEUI); 2215 break; 2216 2217 default: 2218 abort(); 2219 } 2220 return b1; 2221} 2222 2223static struct block * 2224gen_ipfrag() 2225{ 2226 struct slist *s; 2227 struct block *b; 2228 2229 /* not ip frag */ 2230 s = new_stmt(BPF_LD|BPF_H|BPF_ABS); 2231 s->s.k = off_nl + 6; 2232 b = new_block(JMP(BPF_JSET)); 2233 b->s.k = 0x1fff; 2234 b->stmts = s; 2235 gen_not(b); 2236 2237 return b; 2238} 2239 2240static struct block * 2241gen_portatom(off, v) 2242 int off; 2243 bpf_int32 v; 2244{ 2245 struct slist *s; 2246 struct block *b; 2247 2248 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 2249 s->s.k = off_nl; 2250 2251 s->next = new_stmt(BPF_LD|BPF_IND|BPF_H); 2252 s->next->s.k = off_nl + off; 2253 2254 b = new_block(JMP(BPF_JEQ)); 2255 b->stmts = s; 2256 b->s.k = v; 2257 2258 return b; 2259} 2260 2261#ifdef INET6 2262static struct block * 2263gen_portatom6(off, v) 2264 int off; 2265 bpf_int32 v; 2266{ 2267 return gen_cmp(off_nl + 40 + off, BPF_H, v); 2268} 2269#endif/*INET6*/ 2270 2271struct block * 2272gen_portop(port, proto, dir) 2273 int port, proto, dir; 2274{ 2275 struct block *b0, *b1, *tmp; 2276 2277 /* ip proto 'proto' */ 2278 tmp = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)proto); 2279 b0 = gen_ipfrag(); 2280 gen_and(tmp, b0); 2281 2282 switch (dir) { 2283 case Q_SRC: 2284 b1 = gen_portatom(0, (bpf_int32)port); 2285 break; 2286 2287 case Q_DST: 2288 b1 = gen_portatom(2, (bpf_int32)port); 2289 break; 2290 2291 case Q_OR: 2292 case Q_DEFAULT: 2293 tmp = gen_portatom(0, (bpf_int32)port); 2294 b1 = gen_portatom(2, (bpf_int32)port); 2295 gen_or(tmp, b1); 2296 break; 2297 2298 case Q_AND: 2299 tmp = gen_portatom(0, (bpf_int32)port); 2300 b1 = gen_portatom(2, (bpf_int32)port); 2301 gen_and(tmp, b1); 2302 break; 2303 2304 default: 2305 abort(); 2306 } 2307 gen_and(b0, b1); 2308 2309 return b1; 2310} 2311 2312static struct block * 2313gen_port(port, ip_proto, dir) 2314 int port; 2315 int ip_proto; 2316 int dir; 2317{ 2318 struct block *b0, *b1, *tmp; 2319 2320 /* ether proto ip */ 2321 b0 = gen_linktype(ETHERTYPE_IP); 2322 2323 switch (ip_proto) { 2324 case IPPROTO_UDP: 2325 case IPPROTO_TCP: 2326 case IPPROTO_SCTP: 2327 b1 = gen_portop(port, ip_proto, dir); 2328 break; 2329 2330 case PROTO_UNDEF: 2331 tmp = gen_portop(port, IPPROTO_TCP, dir); 2332 b1 = gen_portop(port, IPPROTO_UDP, dir); 2333 gen_or(tmp, b1); 2334 tmp = gen_portop(port, IPPROTO_SCTP, dir); 2335 gen_or(tmp, b1); 2336 break; 2337 2338 default: 2339 abort(); 2340 } 2341 gen_and(b0, b1); 2342 return b1; 2343} 2344 2345#ifdef INET6 2346struct block * 2347gen_portop6(port, proto, dir) 2348 int port, proto, dir; 2349{ 2350 struct block *b0, *b1, *tmp; 2351 2352 /* ip proto 'proto' */ 2353 b0 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)proto); 2354 2355 switch (dir) { 2356 case Q_SRC: 2357 b1 = gen_portatom6(0, (bpf_int32)port); 2358 break; 2359 2360 case Q_DST: 2361 b1 = gen_portatom6(2, (bpf_int32)port); 2362 break; 2363 2364 case Q_OR: 2365 case Q_DEFAULT: 2366 tmp = gen_portatom6(0, (bpf_int32)port); 2367 b1 = gen_portatom6(2, (bpf_int32)port); 2368 gen_or(tmp, b1); 2369 break; 2370 2371 case Q_AND: 2372 tmp = gen_portatom6(0, (bpf_int32)port); 2373 b1 = gen_portatom6(2, (bpf_int32)port); 2374 gen_and(tmp, b1); 2375 break; 2376 2377 default: 2378 abort(); 2379 } 2380 gen_and(b0, b1); 2381 2382 return b1; 2383} 2384 2385static struct block * 2386gen_port6(port, ip_proto, dir) 2387 int port; 2388 int ip_proto; 2389 int dir; 2390{ 2391 struct block *b0, *b1, *tmp; 2392 2393 /* ether proto ip */ 2394 b0 = gen_linktype(ETHERTYPE_IPV6); 2395 2396 switch (ip_proto) { 2397 case IPPROTO_UDP: 2398 case IPPROTO_TCP: 2399 case IPPROTO_SCTP: 2400 b1 = gen_portop6(port, ip_proto, dir); 2401 break; 2402 2403 case PROTO_UNDEF: 2404 tmp = gen_portop6(port, IPPROTO_TCP, dir); 2405 b1 = gen_portop6(port, IPPROTO_UDP, dir); 2406 gen_or(tmp, b1); 2407 tmp = gen_portop6(port, IPPROTO_SCTP, dir); 2408 gen_or(tmp, b1); 2409 break; 2410 2411 default: 2412 abort(); 2413 } 2414 gen_and(b0, b1); 2415 return b1; 2416} 2417#endif /* INET6 */ 2418 2419static int 2420lookup_proto(name, proto) 2421 register const char *name; 2422 register int proto; 2423{ 2424 register int v; 2425 2426 switch (proto) { 2427 2428 case Q_DEFAULT: 2429 case Q_IP: 2430 case Q_IPV6: 2431 v = pcap_nametoproto(name); 2432 if (v == PROTO_UNDEF) 2433 bpf_error("unknown ip proto '%s'", name); 2434 break; 2435 2436 case Q_LINK: 2437 /* XXX should look up h/w protocol type based on linktype */ 2438 v = pcap_nametoeproto(name); 2439 if (v == PROTO_UNDEF) 2440 bpf_error("unknown ether proto '%s'", name); 2441 break; 2442 2443 case Q_ISO: 2444 if (strcmp(name, "esis") == 0) 2445 v = ISO9542_ESIS; 2446 else if (strcmp(name, "isis") == 0) 2447 v = ISO10589_ISIS; 2448 else if (strcmp(name, "clnp") == 0) 2449 v = ISO8473_CLNP; 2450 else 2451 bpf_error("unknown osi proto '%s'", name); 2452 break; 2453 2454 default: 2455 v = PROTO_UNDEF; 2456 break; 2457 } 2458 return v; 2459} 2460 2461#if 0 2462struct stmt * 2463gen_joinsp(s, n) 2464 struct stmt **s; 2465 int n; 2466{ 2467 return NULL; 2468} 2469#endif 2470 2471static struct block * 2472gen_protochain(v, proto, dir) 2473 int v; 2474 int proto; 2475 int dir; 2476{ 2477#ifdef NO_PROTOCHAIN 2478 return gen_proto(v, proto, dir); 2479#else 2480 struct block *b0, *b; 2481 struct slist *s[100]; 2482 int fix2, fix3, fix4, fix5; 2483 int ahcheck, again, end; 2484 int i, max; 2485 int reg2 = alloc_reg(); 2486 2487 memset(s, 0, sizeof(s)); 2488 fix2 = fix3 = fix4 = fix5 = 0; 2489 2490 switch (proto) { 2491 case Q_IP: 2492 case Q_IPV6: 2493 break; 2494 case Q_DEFAULT: 2495 b0 = gen_protochain(v, Q_IP, dir); 2496 b = gen_protochain(v, Q_IPV6, dir); 2497 gen_or(b0, b); 2498 return b; 2499 default: 2500 bpf_error("bad protocol applied for 'protochain'"); 2501 /*NOTREACHED*/ 2502 } 2503 2504 no_optimize = 1; /*this code is not compatible with optimzer yet */ 2505 2506 /* 2507 * s[0] is a dummy entry to protect other BPF insn from damaged 2508 * by s[fix] = foo with uninitialized variable "fix". It is somewhat 2509 * hard to find interdependency made by jump table fixup. 2510 */ 2511 i = 0; 2512 s[i] = new_stmt(0); /*dummy*/ 2513 i++; 2514 2515 switch (proto) { 2516 case Q_IP: 2517 b0 = gen_linktype(ETHERTYPE_IP); 2518 2519 /* A = ip->ip_p */ 2520 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B); 2521 s[i]->s.k = off_nl + 9; 2522 i++; 2523 /* X = ip->ip_hl << 2 */ 2524 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 2525 s[i]->s.k = off_nl; 2526 i++; 2527 break; 2528#ifdef INET6 2529 case Q_IPV6: 2530 b0 = gen_linktype(ETHERTYPE_IPV6); 2531 2532 /* A = ip6->ip_nxt */ 2533 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B); 2534 s[i]->s.k = off_nl + 6; 2535 i++; 2536 /* X = sizeof(struct ip6_hdr) */ 2537 s[i] = new_stmt(BPF_LDX|BPF_IMM); 2538 s[i]->s.k = 40; 2539 i++; 2540 break; 2541#endif 2542 default: 2543 bpf_error("unsupported proto to gen_protochain"); 2544 /*NOTREACHED*/ 2545 } 2546 2547 /* again: if (A == v) goto end; else fall through; */ 2548 again = i; 2549 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 2550 s[i]->s.k = v; 2551 s[i]->s.jt = NULL; /*later*/ 2552 s[i]->s.jf = NULL; /*update in next stmt*/ 2553 fix5 = i; 2554 i++; 2555 2556#ifndef IPPROTO_NONE 2557#define IPPROTO_NONE 59 2558#endif 2559 /* if (A == IPPROTO_NONE) goto end */ 2560 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 2561 s[i]->s.jt = NULL; /*later*/ 2562 s[i]->s.jf = NULL; /*update in next stmt*/ 2563 s[i]->s.k = IPPROTO_NONE; 2564 s[fix5]->s.jf = s[i]; 2565 fix2 = i; 2566 i++; 2567 2568#ifdef INET6 2569 if (proto == Q_IPV6) { 2570 int v6start, v6end, v6advance, j; 2571 2572 v6start = i; 2573 /* if (A == IPPROTO_HOPOPTS) goto v6advance */ 2574 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 2575 s[i]->s.jt = NULL; /*later*/ 2576 s[i]->s.jf = NULL; /*update in next stmt*/ 2577 s[i]->s.k = IPPROTO_HOPOPTS; 2578 s[fix2]->s.jf = s[i]; 2579 i++; 2580 /* if (A == IPPROTO_DSTOPTS) goto v6advance */ 2581 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 2582 s[i]->s.jt = NULL; /*later*/ 2583 s[i]->s.jf = NULL; /*update in next stmt*/ 2584 s[i]->s.k = IPPROTO_DSTOPTS; 2585 i++; 2586 /* if (A == IPPROTO_ROUTING) goto v6advance */ 2587 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 2588 s[i]->s.jt = NULL; /*later*/ 2589 s[i]->s.jf = NULL; /*update in next stmt*/ 2590 s[i]->s.k = IPPROTO_ROUTING; 2591 i++; 2592 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */ 2593 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 2594 s[i]->s.jt = NULL; /*later*/ 2595 s[i]->s.jf = NULL; /*later*/ 2596 s[i]->s.k = IPPROTO_FRAGMENT; 2597 fix3 = i; 2598 v6end = i; 2599 i++; 2600 2601 /* v6advance: */ 2602 v6advance = i; 2603 2604 /* 2605 * in short, 2606 * A = P[X]; 2607 * X = X + (P[X + 1] + 1) * 8; 2608 */ 2609 /* A = X */ 2610 s[i] = new_stmt(BPF_MISC|BPF_TXA); 2611 i++; 2612 /* A = P[X + packet head] */ 2613 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 2614 s[i]->s.k = off_nl; 2615 i++; 2616 /* MEM[reg2] = A */ 2617 s[i] = new_stmt(BPF_ST); 2618 s[i]->s.k = reg2; 2619 i++; 2620 /* A = X */ 2621 s[i] = new_stmt(BPF_MISC|BPF_TXA); 2622 i++; 2623 /* A += 1 */ 2624 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2625 s[i]->s.k = 1; 2626 i++; 2627 /* X = A */ 2628 s[i] = new_stmt(BPF_MISC|BPF_TAX); 2629 i++; 2630 /* A = P[X + packet head]; */ 2631 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 2632 s[i]->s.k = off_nl; 2633 i++; 2634 /* A += 1 */ 2635 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2636 s[i]->s.k = 1; 2637 i++; 2638 /* A *= 8 */ 2639 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K); 2640 s[i]->s.k = 8; 2641 i++; 2642 /* X = A; */ 2643 s[i] = new_stmt(BPF_MISC|BPF_TAX); 2644 i++; 2645 /* A = MEM[reg2] */ 2646 s[i] = new_stmt(BPF_LD|BPF_MEM); 2647 s[i]->s.k = reg2; 2648 i++; 2649 2650 /* goto again; (must use BPF_JA for backward jump) */ 2651 s[i] = new_stmt(BPF_JMP|BPF_JA); 2652 s[i]->s.k = again - i - 1; 2653 s[i - 1]->s.jf = s[i]; 2654 i++; 2655 2656 /* fixup */ 2657 for (j = v6start; j <= v6end; j++) 2658 s[j]->s.jt = s[v6advance]; 2659 } else 2660#endif 2661 { 2662 /* nop */ 2663 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2664 s[i]->s.k = 0; 2665 s[fix2]->s.jf = s[i]; 2666 i++; 2667 } 2668 2669 /* ahcheck: */ 2670 ahcheck = i; 2671 /* if (A == IPPROTO_AH) then fall through; else goto end; */ 2672 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 2673 s[i]->s.jt = NULL; /*later*/ 2674 s[i]->s.jf = NULL; /*later*/ 2675 s[i]->s.k = IPPROTO_AH; 2676 if (fix3) 2677 s[fix3]->s.jf = s[ahcheck]; 2678 fix4 = i; 2679 i++; 2680 2681 /* 2682 * in short, 2683 * A = P[X]; 2684 * X = X + (P[X + 1] + 2) * 4; 2685 */ 2686 /* A = X */ 2687 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA); 2688 i++; 2689 /* A = P[X + packet head]; */ 2690 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 2691 s[i]->s.k = off_nl; 2692 i++; 2693 /* MEM[reg2] = A */ 2694 s[i] = new_stmt(BPF_ST); 2695 s[i]->s.k = reg2; 2696 i++; 2697 /* A = X */ 2698 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA); 2699 i++; 2700 /* A += 1 */ 2701 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2702 s[i]->s.k = 1; 2703 i++; 2704 /* X = A */ 2705 s[i] = new_stmt(BPF_MISC|BPF_TAX); 2706 i++; 2707 /* A = P[X + packet head] */ 2708 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 2709 s[i]->s.k = off_nl; 2710 i++; 2711 /* A += 2 */ 2712 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2713 s[i]->s.k = 2; 2714 i++; 2715 /* A *= 4 */ 2716 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K); 2717 s[i]->s.k = 4; 2718 i++; 2719 /* X = A; */ 2720 s[i] = new_stmt(BPF_MISC|BPF_TAX); 2721 i++; 2722 /* A = MEM[reg2] */ 2723 s[i] = new_stmt(BPF_LD|BPF_MEM); 2724 s[i]->s.k = reg2; 2725 i++; 2726 2727 /* goto again; (must use BPF_JA for backward jump) */ 2728 s[i] = new_stmt(BPF_JMP|BPF_JA); 2729 s[i]->s.k = again - i - 1; 2730 i++; 2731 2732 /* end: nop */ 2733 end = i; 2734 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2735 s[i]->s.k = 0; 2736 s[fix2]->s.jt = s[end]; 2737 s[fix4]->s.jf = s[end]; 2738 s[fix5]->s.jt = s[end]; 2739 i++; 2740 2741 /* 2742 * make slist chain 2743 */ 2744 max = i; 2745 for (i = 0; i < max - 1; i++) 2746 s[i]->next = s[i + 1]; 2747 s[max - 1]->next = NULL; 2748 2749 /* 2750 * emit final check 2751 */ 2752 b = new_block(JMP(BPF_JEQ)); 2753 b->stmts = s[1]; /*remember, s[0] is dummy*/ 2754 b->s.k = v; 2755 2756 free_reg(reg2); 2757 2758 gen_and(b0, b); 2759 return b; 2760#endif 2761} 2762 2763static struct block * 2764gen_proto(v, proto, dir) 2765 int v; 2766 int proto; 2767 int dir; 2768{ 2769 struct block *b0, *b1; 2770 2771 if (dir != Q_DEFAULT) 2772 bpf_error("direction applied to 'proto'"); 2773 2774 switch (proto) { 2775 case Q_DEFAULT: 2776#ifdef INET6 2777 b0 = gen_proto(v, Q_IP, dir); 2778 b1 = gen_proto(v, Q_IPV6, dir); 2779 gen_or(b0, b1); 2780 return b1; 2781#else 2782 /*FALLTHROUGH*/ 2783#endif 2784 case Q_IP: 2785 b0 = gen_linktype(ETHERTYPE_IP); 2786#ifndef CHASE_CHAIN 2787 b1 = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)v); 2788#else 2789 b1 = gen_protochain(v, Q_IP); 2790#endif 2791 gen_and(b0, b1); 2792 return b1; 2793 2794 case Q_ISO: 2795 b0 = gen_linktype(LLCSAP_ISONS); 2796 b1 = gen_cmp(off_nl + 3, BPF_B, (long)v); 2797 gen_and(b0, b1); 2798 return b1; 2799 2800 case Q_ARP: 2801 bpf_error("arp does not encapsulate another protocol"); 2802 /* NOTREACHED */ 2803 2804 case Q_RARP: 2805 bpf_error("rarp does not encapsulate another protocol"); 2806 /* NOTREACHED */ 2807 2808 case Q_ATALK: 2809 bpf_error("atalk encapsulation is not specifiable"); 2810 /* NOTREACHED */ 2811 2812 case Q_DECNET: 2813 bpf_error("decnet encapsulation is not specifiable"); 2814 /* NOTREACHED */ 2815 2816 case Q_SCA: 2817 bpf_error("sca does not encapsulate another protocol"); 2818 /* NOTREACHED */ 2819 2820 case Q_LAT: 2821 bpf_error("lat does not encapsulate another protocol"); 2822 /* NOTREACHED */ 2823 2824 case Q_MOPRC: 2825 bpf_error("moprc does not encapsulate another protocol"); 2826 /* NOTREACHED */ 2827 2828 case Q_MOPDL: 2829 bpf_error("mopdl does not encapsulate another protocol"); 2830 /* NOTREACHED */ 2831 2832 case Q_LINK: 2833 return gen_linktype(v); 2834 2835 case Q_UDP: 2836 bpf_error("'udp proto' is bogus"); 2837 /* NOTREACHED */ 2838 2839 case Q_TCP: 2840 bpf_error("'tcp proto' is bogus"); 2841 /* NOTREACHED */ 2842 2843 case Q_SCTP: 2844 bpf_error("'sctp proto' is bogus"); 2845 /* NOTREACHED */ 2846 2847 case Q_ICMP: 2848 bpf_error("'icmp proto' is bogus"); 2849 /* NOTREACHED */ 2850 2851 case Q_IGMP: 2852 bpf_error("'igmp proto' is bogus"); 2853 /* NOTREACHED */ 2854 2855 case Q_IGRP: 2856 bpf_error("'igrp proto' is bogus"); 2857 /* NOTREACHED */ 2858 2859 case Q_PIM: 2860 bpf_error("'pim proto' is bogus"); 2861 /* NOTREACHED */ 2862 2863 case Q_VRRP: 2864 bpf_error("'vrrp proto' is bogus"); 2865 /* NOTREACHED */ 2866 2867#ifdef INET6 2868 case Q_IPV6: 2869 b0 = gen_linktype(ETHERTYPE_IPV6); 2870#ifndef CHASE_CHAIN 2871 b1 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)v); 2872#else 2873 b1 = gen_protochain(v, Q_IPV6); 2874#endif 2875 gen_and(b0, b1); 2876 return b1; 2877 2878 case Q_ICMPV6: 2879 bpf_error("'icmp6 proto' is bogus"); 2880#endif /* INET6 */ 2881 2882 case Q_AH: 2883 bpf_error("'ah proto' is bogus"); 2884 2885 case Q_ESP: 2886 bpf_error("'ah proto' is bogus"); 2887 2888 case Q_STP: 2889 bpf_error("'stp proto' is bogus"); 2890 2891 case Q_IPX: 2892 bpf_error("'ipx proto' is bogus"); 2893 2894 case Q_NETBEUI: 2895 bpf_error("'netbeui proto' is bogus"); 2896 2897 default: 2898 abort(); 2899 /* NOTREACHED */ 2900 } 2901 /* NOTREACHED */ 2902} 2903 2904struct block * 2905gen_scode(name, q) 2906 register const char *name; 2907 struct qual q; 2908{ 2909 int proto = q.proto; 2910 int dir = q.dir; 2911 int tproto; 2912 u_char *eaddr; 2913 bpf_u_int32 mask, addr; 2914#ifndef INET6 2915 bpf_u_int32 **alist; 2916#else 2917 int tproto6; 2918 struct sockaddr_in *sin; 2919 struct sockaddr_in6 *sin6; 2920 struct addrinfo *res, *res0; 2921 struct in6_addr mask128; 2922#endif /*INET6*/ 2923 struct block *b, *tmp; 2924 int port, real_proto; 2925 2926 switch (q.addr) { 2927 2928 case Q_NET: 2929 addr = pcap_nametonetaddr(name); 2930 if (addr == 0) 2931 bpf_error("unknown network '%s'", name); 2932 /* Left justify network addr and calculate its network mask */ 2933 mask = 0xffffffff; 2934 while (addr && (addr & 0xff000000) == 0) { 2935 addr <<= 8; 2936 mask <<= 8; 2937 } 2938 return gen_host(addr, mask, proto, dir); 2939 2940 case Q_DEFAULT: 2941 case Q_HOST: 2942 if (proto == Q_LINK) { 2943 switch (linktype) { 2944 2945 case DLT_EN10MB: 2946 eaddr = pcap_ether_hostton(name); 2947 if (eaddr == NULL) 2948 bpf_error( 2949 "unknown ether host '%s'", name); 2950 b = gen_ehostop(eaddr, dir); 2951 free(eaddr); 2952 return b; 2953 2954 case DLT_FDDI: 2955 eaddr = pcap_ether_hostton(name); 2956 if (eaddr == NULL) 2957 bpf_error( 2958 "unknown FDDI host '%s'", name); 2959 b = gen_fhostop(eaddr, dir); 2960 free(eaddr); 2961 return b; 2962 2963 case DLT_IEEE802: 2964 eaddr = pcap_ether_hostton(name); 2965 if (eaddr == NULL) 2966 bpf_error( 2967 "unknown token ring host '%s'", name); 2968 b = gen_thostop(eaddr, dir); 2969 free(eaddr); 2970 return b; 2971 2972 default: 2973 bpf_error( 2974 "only ethernet/FDDI/token ring supports link-level host name"); 2975 break; 2976 } 2977 } else if (proto == Q_DECNET) { 2978 unsigned short dn_addr = __pcap_nametodnaddr(name); 2979 /* 2980 * I don't think DECNET hosts can be multihomed, so 2981 * there is no need to build up a list of addresses 2982 */ 2983 return (gen_host(dn_addr, 0, proto, dir)); 2984 } else { 2985#ifndef INET6 2986 alist = pcap_nametoaddr(name); 2987 if (alist == NULL || *alist == NULL) 2988 bpf_error("unknown host '%s'", name); 2989 tproto = proto; 2990 if (off_linktype == -1 && tproto == Q_DEFAULT) 2991 tproto = Q_IP; 2992 b = gen_host(**alist++, 0xffffffff, tproto, dir); 2993 while (*alist) { 2994 tmp = gen_host(**alist++, 0xffffffff, 2995 tproto, dir); 2996 gen_or(b, tmp); 2997 b = tmp; 2998 } 2999 return b; 3000#else 3001 memset(&mask128, 0xff, sizeof(mask128)); 3002 res0 = res = pcap_nametoaddrinfo(name); 3003 if (res == NULL) 3004 bpf_error("unknown host '%s'", name); 3005 b = tmp = NULL; 3006 tproto = tproto6 = proto; 3007 if (off_linktype == -1 && tproto == Q_DEFAULT) { 3008 tproto = Q_IP; 3009 tproto6 = Q_IPV6; 3010 } 3011 for (res = res0; res; res = res->ai_next) { 3012 switch (res->ai_family) { 3013 case AF_INET: 3014 if (tproto == Q_IPV6) 3015 continue; 3016 3017 sin = (struct sockaddr_in *) 3018 res->ai_addr; 3019 tmp = gen_host(ntohl(sin->sin_addr.s_addr), 3020 0xffffffff, tproto, dir); 3021 break; 3022 case AF_INET6: 3023 if (tproto6 == Q_IP) 3024 continue; 3025 3026 sin6 = (struct sockaddr_in6 *) 3027 res->ai_addr; 3028 tmp = gen_host6(&sin6->sin6_addr, 3029 &mask128, tproto6, dir); 3030 break; 3031 default: 3032 continue; 3033 } 3034 if (b) 3035 gen_or(b, tmp); 3036 b = tmp; 3037 } 3038 freeaddrinfo(res0); 3039 if (b == NULL) { 3040 bpf_error("unknown host '%s'%s", name, 3041 (proto == Q_DEFAULT) 3042 ? "" 3043 : " for specified address family"); 3044 } 3045 return b; 3046#endif /*INET6*/ 3047 } 3048 3049 case Q_PORT: 3050 if (proto != Q_DEFAULT && 3051 proto != Q_UDP && proto != Q_TCP && proto != Q_SCTP) 3052 bpf_error("illegal qualifier of 'port'"); 3053 if (pcap_nametoport(name, &port, &real_proto) == 0) 3054 bpf_error("unknown port '%s'", name); 3055 if (proto == Q_UDP) { 3056 if (real_proto == IPPROTO_TCP) 3057 bpf_error("port '%s' is tcp", name); 3058 else if (real_proto == IPPROTO_SCTP) 3059 bpf_error("port '%s' is sctp", name); 3060 else 3061 /* override PROTO_UNDEF */ 3062 real_proto = IPPROTO_UDP; 3063 } 3064 if (proto == Q_TCP) { 3065 if (real_proto == IPPROTO_UDP) 3066 bpf_error("port '%s' is udp", name); 3067 3068 else if (real_proto == IPPROTO_SCTP) 3069 bpf_error("port '%s' is sctp", name); 3070 else 3071 /* override PROTO_UNDEF */ 3072 real_proto = IPPROTO_TCP; 3073 } 3074 if (proto == Q_SCTP) { 3075 if (real_proto == IPPROTO_UDP) 3076 bpf_error("port '%s' is udp", name); 3077 3078 else if (real_proto == IPPROTO_TCP) 3079 bpf_error("port '%s' is tcp", name); 3080 else 3081 /* override PROTO_UNDEF */ 3082 real_proto = IPPROTO_SCTP; 3083 } 3084#ifndef INET6 3085 return gen_port(port, real_proto, dir); 3086#else 3087 { 3088 struct block *b; 3089 b = gen_port(port, real_proto, dir); 3090 gen_or(gen_port6(port, real_proto, dir), b); 3091 return b; 3092 } 3093#endif /* INET6 */ 3094 3095 case Q_GATEWAY: 3096#ifndef INET6 3097 eaddr = pcap_ether_hostton(name); 3098 if (eaddr == NULL) 3099 bpf_error("unknown ether host: %s", name); 3100 3101 alist = pcap_nametoaddr(name); 3102 if (alist == NULL || *alist == NULL) 3103 bpf_error("unknown host '%s'", name); 3104 b = gen_gateway(eaddr, alist, proto, dir); 3105 free(eaddr); 3106 return b; 3107#else 3108 bpf_error("'gateway' not supported in this configuration"); 3109#endif /*INET6*/ 3110 3111 case Q_PROTO: 3112 real_proto = lookup_proto(name, proto); 3113 if (real_proto >= 0) 3114 return gen_proto(real_proto, proto, dir); 3115 else 3116 bpf_error("unknown protocol: %s", name); 3117 3118 case Q_PROTOCHAIN: 3119 real_proto = lookup_proto(name, proto); 3120 if (real_proto >= 0) 3121 return gen_protochain(real_proto, proto, dir); 3122 else 3123 bpf_error("unknown protocol: %s", name); 3124 3125 3126 case Q_UNDEF: 3127 syntax(); 3128 /* NOTREACHED */ 3129 } 3130 abort(); 3131 /* NOTREACHED */ 3132} 3133 3134struct block * 3135gen_mcode(s1, s2, masklen, q) 3136 register const char *s1, *s2; 3137 register int masklen; 3138 struct qual q; 3139{ 3140 register int nlen, mlen; 3141 bpf_u_int32 n, m; 3142 3143 nlen = __pcap_atoin(s1, &n); 3144 /* Promote short ipaddr */ 3145 n <<= 32 - nlen; 3146 3147 if (s2 != NULL) { 3148 mlen = __pcap_atoin(s2, &m); 3149 /* Promote short ipaddr */ 3150 m <<= 32 - mlen; 3151 if ((n & ~m) != 0) 3152 bpf_error("non-network bits set in \"%s mask %s\"", 3153 s1, s2); 3154 } else { 3155 /* Convert mask len to mask */ 3156 if (masklen > 32) 3157 bpf_error("mask length must be <= 32"); 3158 m = 0xffffffff << (32 - masklen); 3159 if ((n & ~m) != 0) 3160 bpf_error("non-network bits set in \"%s/%d\"", 3161 s1, masklen); 3162 } 3163 3164 switch (q.addr) { 3165 3166 case Q_NET: 3167 return gen_host(n, m, q.proto, q.dir); 3168 3169 default: 3170 bpf_error("Mask syntax for networks only"); 3171 /* NOTREACHED */ 3172 } 3173} 3174 3175struct block * 3176gen_ncode(s, v, q) 3177 register const char *s; 3178 bpf_u_int32 v; 3179 struct qual q; 3180{ 3181 bpf_u_int32 mask; 3182 int proto = q.proto; 3183 int dir = q.dir; 3184 register int vlen; 3185 3186 if (s == NULL) 3187 vlen = 32; 3188 else if (q.proto == Q_DECNET) 3189 vlen = __pcap_atodn(s, &v); 3190 else 3191 vlen = __pcap_atoin(s, &v); 3192 3193 switch (q.addr) { 3194 3195 case Q_DEFAULT: 3196 case Q_HOST: 3197 case Q_NET: 3198 if (proto == Q_DECNET) 3199 return gen_host(v, 0, proto, dir); 3200 else if (proto == Q_LINK) { 3201 bpf_error("illegal link layer address"); 3202 } else { 3203 mask = 0xffffffff; 3204 if (s == NULL && q.addr == Q_NET) { 3205 /* Promote short net number */ 3206 while (v && (v & 0xff000000) == 0) { 3207 v <<= 8; 3208 mask <<= 8; 3209 } 3210 } else { 3211 /* Promote short ipaddr */ 3212 v <<= 32 - vlen; 3213 mask <<= 32 - vlen; 3214 } 3215 return gen_host(v, mask, proto, dir); 3216 } 3217 3218 case Q_PORT: 3219 if (proto == Q_UDP) 3220 proto = IPPROTO_UDP; 3221 else if (proto == Q_TCP) 3222 proto = IPPROTO_TCP; 3223 else if (proto == Q_SCTP) 3224 proto = IPPROTO_SCTP; 3225 else if (proto == Q_DEFAULT) 3226 proto = PROTO_UNDEF; 3227 else 3228 bpf_error("illegal qualifier of 'port'"); 3229 3230#ifndef INET6 3231 return gen_port((int)v, proto, dir); 3232#else 3233 { 3234 struct block *b; 3235 b = gen_port((int)v, proto, dir); 3236 gen_or(gen_port6((int)v, proto, dir), b); 3237 return b; 3238 } 3239#endif /* INET6 */ 3240 3241 case Q_GATEWAY: 3242 bpf_error("'gateway' requires a name"); 3243 /* NOTREACHED */ 3244 3245 case Q_PROTO: 3246 return gen_proto((int)v, proto, dir); 3247 3248 case Q_PROTOCHAIN: 3249 return gen_protochain((int)v, proto, dir); 3250 3251 case Q_UNDEF: 3252 syntax(); 3253 /* NOTREACHED */ 3254 3255 default: 3256 abort(); 3257 /* NOTREACHED */ 3258 } 3259 /* NOTREACHED */ 3260} 3261 3262#ifdef INET6 3263struct block * 3264gen_mcode6(s1, s2, masklen, q) 3265 register const char *s1, *s2; 3266 register int masklen; 3267 struct qual q; 3268{ 3269 struct addrinfo *res; 3270 struct in6_addr *addr; 3271 struct in6_addr mask; 3272 struct block *b; 3273 u_int32_t *a, *m; 3274 3275 if (s2) 3276 bpf_error("no mask %s supported", s2); 3277 3278 res = pcap_nametoaddrinfo(s1); 3279 if (!res) 3280 bpf_error("invalid ip6 address %s", s1); 3281 if (res->ai_next) 3282 bpf_error("%s resolved to multiple address", s1); 3283 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr; 3284 3285 if (sizeof(mask) * 8 < masklen) 3286 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8)); 3287 memset(&mask, 0, sizeof(mask)); 3288 memset(&mask, 0xff, masklen / 8); 3289 if (masklen % 8) { 3290 mask.s6_addr[masklen / 8] = 3291 (0xff << (8 - masklen % 8)) & 0xff; 3292 } 3293 3294 a = (u_int32_t *)addr; 3295 m = (u_int32_t *)&mask; 3296 if ((a[0] & ~m[0]) || (a[1] & ~m[1]) 3297 || (a[2] & ~m[2]) || (a[3] & ~m[3])) { 3298 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen); 3299 } 3300 3301 switch (q.addr) { 3302 3303 case Q_DEFAULT: 3304 case Q_HOST: 3305 if (masklen != 128) 3306 bpf_error("Mask syntax for networks only"); 3307 /* FALLTHROUGH */ 3308 3309 case Q_NET: 3310 b = gen_host6(addr, &mask, q.proto, q.dir); 3311 freeaddrinfo(res); 3312 return b; 3313 3314 default: 3315 bpf_error("invalid qualifier against IPv6 address"); 3316 /* NOTREACHED */ 3317 } 3318} 3319#endif /*INET6*/ 3320 3321struct block * 3322gen_ecode(eaddr, q) 3323 register const u_char *eaddr; 3324 struct qual q; 3325{ 3326 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) { 3327 if (linktype == DLT_EN10MB) 3328 return gen_ehostop(eaddr, (int)q.dir); 3329 if (linktype == DLT_FDDI) 3330 return gen_fhostop(eaddr, (int)q.dir); 3331 if (linktype == DLT_IEEE802) 3332 return gen_thostop(eaddr, (int)q.dir); 3333 bpf_error("ethernet addresses supported only on ethernet, FDDI or token ring"); 3334 } 3335 bpf_error("ethernet address used in non-ether expression"); 3336 /* NOTREACHED */ 3337} 3338 3339void 3340sappend(s0, s1) 3341 struct slist *s0, *s1; 3342{ 3343 /* 3344 * This is definitely not the best way to do this, but the 3345 * lists will rarely get long. 3346 */ 3347 while (s0->next) 3348 s0 = s0->next; 3349 s0->next = s1; 3350} 3351 3352static struct slist * 3353xfer_to_x(a) 3354 struct arth *a; 3355{ 3356 struct slist *s; 3357 3358 s = new_stmt(BPF_LDX|BPF_MEM); 3359 s->s.k = a->regno; 3360 return s; 3361} 3362 3363static struct slist * 3364xfer_to_a(a) 3365 struct arth *a; 3366{ 3367 struct slist *s; 3368 3369 s = new_stmt(BPF_LD|BPF_MEM); 3370 s->s.k = a->regno; 3371 return s; 3372} 3373 3374struct arth * 3375gen_load(proto, index, size) 3376 int proto; 3377 struct arth *index; 3378 int size; 3379{ 3380 struct slist *s, *tmp; 3381 struct block *b; 3382 int regno = alloc_reg(); 3383 3384 free_reg(index->regno); 3385 switch (size) { 3386 3387 default: 3388 bpf_error("data size must be 1, 2, or 4"); 3389 3390 case 1: 3391 size = BPF_B; 3392 break; 3393 3394 case 2: 3395 size = BPF_H; 3396 break; 3397 3398 case 4: 3399 size = BPF_W; 3400 break; 3401 } 3402 switch (proto) { 3403 default: 3404 bpf_error("unsupported index operation"); 3405 3406 case Q_LINK: 3407 s = xfer_to_x(index); 3408 tmp = new_stmt(BPF_LD|BPF_IND|size); 3409 sappend(s, tmp); 3410 sappend(index->s, s); 3411 break; 3412 3413 case Q_IP: 3414 case Q_ARP: 3415 case Q_RARP: 3416 case Q_ATALK: 3417 case Q_DECNET: 3418 case Q_SCA: 3419 case Q_LAT: 3420 case Q_MOPRC: 3421 case Q_MOPDL: 3422#ifdef INET6 3423 case Q_IPV6: 3424#endif 3425 /* XXX Note that we assume a fixed link header here. */ 3426 s = xfer_to_x(index); 3427 tmp = new_stmt(BPF_LD|BPF_IND|size); 3428 tmp->s.k = off_nl; 3429 sappend(s, tmp); 3430 sappend(index->s, s); 3431 3432 b = gen_proto_abbrev(proto); 3433 if (index->b) 3434 gen_and(index->b, b); 3435 index->b = b; 3436 break; 3437 3438 case Q_SCTP: 3439 case Q_TCP: 3440 case Q_UDP: 3441 case Q_ICMP: 3442 case Q_IGMP: 3443 case Q_IGRP: 3444 case Q_PIM: 3445 case Q_VRRP: 3446 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 3447 s->s.k = off_nl; 3448 sappend(s, xfer_to_a(index)); 3449 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X)); 3450 sappend(s, new_stmt(BPF_MISC|BPF_TAX)); 3451 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size)); 3452 tmp->s.k = off_nl; 3453 sappend(index->s, s); 3454 3455 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag()); 3456 if (index->b) 3457 gen_and(index->b, b); 3458#ifdef INET6 3459 gen_and(gen_proto_abbrev(Q_IP), b); 3460#endif 3461 index->b = b; 3462 break; 3463#ifdef INET6 3464 case Q_ICMPV6: 3465 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]"); 3466 /*NOTREACHED*/ 3467#endif 3468 } 3469 index->regno = regno; 3470 s = new_stmt(BPF_ST); 3471 s->s.k = regno; 3472 sappend(index->s, s); 3473 3474 return index; 3475} 3476 3477struct block * 3478gen_relation(code, a0, a1, reversed) 3479 int code; 3480 struct arth *a0, *a1; 3481 int reversed; 3482{ 3483 struct slist *s0, *s1, *s2; 3484 struct block *b, *tmp; 3485 3486 s0 = xfer_to_x(a1); 3487 s1 = xfer_to_a(a0); 3488 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X); 3489 b = new_block(JMP(code)); 3490 if (code == BPF_JGT || code == BPF_JGE) { 3491 reversed = !reversed; 3492 b->s.k = 0x80000000; 3493 } 3494 if (reversed) 3495 gen_not(b); 3496 3497 sappend(s1, s2); 3498 sappend(s0, s1); 3499 sappend(a1->s, s0); 3500 sappend(a0->s, a1->s); 3501 3502 b->stmts = a0->s; 3503 3504 free_reg(a0->regno); 3505 free_reg(a1->regno); 3506 3507 /* 'and' together protocol checks */ 3508 if (a0->b) { 3509 if (a1->b) { 3510 gen_and(a0->b, tmp = a1->b); 3511 } 3512 else 3513 tmp = a0->b; 3514 } else 3515 tmp = a1->b; 3516 3517 if (tmp) 3518 gen_and(tmp, b); 3519 3520 return b; 3521} 3522 3523struct arth * 3524gen_loadlen() 3525{ 3526 int regno = alloc_reg(); 3527 struct arth *a = (struct arth *)newchunk(sizeof(*a)); 3528 struct slist *s; 3529 3530 s = new_stmt(BPF_LD|BPF_LEN); 3531 s->next = new_stmt(BPF_ST); 3532 s->next->s.k = regno; 3533 a->s = s; 3534 a->regno = regno; 3535 3536 return a; 3537} 3538 3539struct arth * 3540gen_loadi(val) 3541 int val; 3542{ 3543 struct arth *a; 3544 struct slist *s; 3545 int reg; 3546 3547 a = (struct arth *)newchunk(sizeof(*a)); 3548 3549 reg = alloc_reg(); 3550 3551 s = new_stmt(BPF_LD|BPF_IMM); 3552 s->s.k = val; 3553 s->next = new_stmt(BPF_ST); 3554 s->next->s.k = reg; 3555 a->s = s; 3556 a->regno = reg; 3557 3558 return a; 3559} 3560 3561struct arth * 3562gen_neg(a) 3563 struct arth *a; 3564{ 3565 struct slist *s; 3566 3567 s = xfer_to_a(a); 3568 sappend(a->s, s); 3569 s = new_stmt(BPF_ALU|BPF_NEG); 3570 s->s.k = 0; 3571 sappend(a->s, s); 3572 s = new_stmt(BPF_ST); 3573 s->s.k = a->regno; 3574 sappend(a->s, s); 3575 3576 return a; 3577} 3578 3579struct arth * 3580gen_arth(code, a0, a1) 3581 int code; 3582 struct arth *a0, *a1; 3583{ 3584 struct slist *s0, *s1, *s2; 3585 3586 s0 = xfer_to_x(a1); 3587 s1 = xfer_to_a(a0); 3588 s2 = new_stmt(BPF_ALU|BPF_X|code); 3589 3590 sappend(s1, s2); 3591 sappend(s0, s1); 3592 sappend(a1->s, s0); 3593 sappend(a0->s, a1->s); 3594 3595 free_reg(a1->regno); 3596 3597 s0 = new_stmt(BPF_ST); 3598 a0->regno = s0->s.k = alloc_reg(); 3599 sappend(a0->s, s0); 3600 3601 return a0; 3602} 3603 3604/* 3605 * Here we handle simple allocation of the scratch registers. 3606 * If too many registers are alloc'd, the allocator punts. 3607 */ 3608static int regused[BPF_MEMWORDS]; 3609static int curreg; 3610 3611/* 3612 * Return the next free register. 3613 */ 3614static int 3615alloc_reg() 3616{ 3617 int n = BPF_MEMWORDS; 3618 3619 while (--n >= 0) { 3620 if (regused[curreg]) 3621 curreg = (curreg + 1) % BPF_MEMWORDS; 3622 else { 3623 regused[curreg] = 1; 3624 return curreg; 3625 } 3626 } 3627 bpf_error("too many registers needed to evaluate expression"); 3628 /* NOTREACHED */ 3629} 3630 3631/* 3632 * Return a register to the table so it can 3633 * be used later. 3634 */ 3635static void 3636free_reg(n) 3637 int n; 3638{ 3639 regused[n] = 0; 3640} 3641 3642static struct block * 3643gen_len(jmp, n) 3644 int jmp, n; 3645{ 3646 struct slist *s; 3647 struct block *b; 3648 3649 s = new_stmt(BPF_LD|BPF_LEN); 3650 b = new_block(JMP(jmp)); 3651 b->stmts = s; 3652 b->s.k = n; 3653 3654 return b; 3655} 3656 3657struct block * 3658gen_greater(n) 3659 int n; 3660{ 3661 return gen_len(BPF_JGE, n); 3662} 3663 3664/* 3665 * Actually, this is less than or equal. 3666 */ 3667struct block * 3668gen_less(n) 3669 int n; 3670{ 3671 struct block *b; 3672 3673 b = gen_len(BPF_JGT, n); 3674 gen_not(b); 3675 3676 return b; 3677} 3678 3679struct block * 3680gen_byteop(op, idx, val) 3681 int op, idx, val; 3682{ 3683 struct block *b; 3684 struct slist *s; 3685 3686 switch (op) { 3687 default: 3688 abort(); 3689 3690 case '=': 3691 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 3692 3693 case '<': 3694 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 3695 b->s.code = JMP(BPF_JGE); 3696 gen_not(b); 3697 return b; 3698 3699 case '>': 3700 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 3701 b->s.code = JMP(BPF_JGT); 3702 return b; 3703 3704 case '|': 3705 s = new_stmt(BPF_ALU|BPF_OR|BPF_K); 3706 break; 3707 3708 case '&': 3709 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 3710 break; 3711 } 3712 s->s.k = val; 3713 b = new_block(JMP(BPF_JEQ)); 3714 b->stmts = s; 3715 gen_not(b); 3716 3717 return b; 3718} 3719 3720static u_char abroadcast[] = { 0x0 }; 3721 3722struct block * 3723gen_broadcast(proto) 3724 int proto; 3725{ 3726 bpf_u_int32 hostmask; 3727 struct block *b0, *b1, *b2; 3728 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 3729 3730 switch (proto) { 3731 3732 case Q_DEFAULT: 3733 case Q_LINK: 3734 if (linktype == DLT_ARCNET) 3735 return gen_ahostop(abroadcast, Q_DST); 3736 if (linktype == DLT_EN10MB) 3737 return gen_ehostop(ebroadcast, Q_DST); 3738 if (linktype == DLT_FDDI) 3739 return gen_fhostop(ebroadcast, Q_DST); 3740 if (linktype == DLT_IEEE802) 3741 return gen_thostop(ebroadcast, Q_DST); 3742 bpf_error("not a broadcast link"); 3743 break; 3744 3745 case Q_IP: 3746 b0 = gen_linktype(ETHERTYPE_IP); 3747 hostmask = ~netmask; 3748 b1 = gen_mcmp(off_nl + 16, BPF_W, (bpf_int32)0, hostmask); 3749 b2 = gen_mcmp(off_nl + 16, BPF_W, 3750 (bpf_int32)(~0 & hostmask), hostmask); 3751 gen_or(b1, b2); 3752 gen_and(b0, b2); 3753 return b2; 3754 } 3755 bpf_error("only ether/ip broadcast filters supported"); 3756} 3757 3758struct block * 3759gen_multicast(proto) 3760 int proto; 3761{ 3762 register struct block *b0, *b1; 3763 register struct slist *s; 3764 3765 switch (proto) { 3766 3767 case Q_DEFAULT: 3768 case Q_LINK: 3769 if (linktype == DLT_ARCNET) 3770 /* all ARCnet multicasts use the same address */ 3771 return gen_ahostop(abroadcast, Q_DST); 3772 3773 if (linktype == DLT_EN10MB) { 3774 /* ether[0] & 1 != 0 */ 3775 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 3776 s->s.k = 0; 3777 b0 = new_block(JMP(BPF_JSET)); 3778 b0->s.k = 1; 3779 b0->stmts = s; 3780 return b0; 3781 } 3782 3783 if (linktype == DLT_FDDI) { 3784 /* XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX */ 3785 /* fddi[1] & 1 != 0 */ 3786 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 3787 s->s.k = 1; 3788 b0 = new_block(JMP(BPF_JSET)); 3789 b0->s.k = 1; 3790 b0->stmts = s; 3791 return b0; 3792 } 3793 3794 /* TODO - check how token ring handles multicast */ 3795 /* if (linktype == DLT_IEEE802) ... */ 3796 3797 /* Link not known to support multicasts */ 3798 break; 3799 3800 case Q_IP: 3801 b0 = gen_linktype(ETHERTYPE_IP); 3802 b1 = gen_cmp(off_nl + 16, BPF_B, (bpf_int32)224); 3803 b1->s.code = JMP(BPF_JGE); 3804 gen_and(b0, b1); 3805 return b1; 3806 3807#ifdef INET6 3808 case Q_IPV6: 3809 b0 = gen_linktype(ETHERTYPE_IPV6); 3810 b1 = gen_cmp(off_nl + 24, BPF_B, (bpf_int32)255); 3811 gen_and(b0, b1); 3812 return b1; 3813#endif /* INET6 */ 3814 } 3815 bpf_error("only IP multicast filters supported on ethernet/FDDI"); 3816} 3817 3818/* 3819 * generate command for inbound/outbound. It's here so we can 3820 * make it link-type specific. 'dir' = 0 implies "inbound", 3821 * = 1 implies "outbound". 3822 */ 3823struct block * 3824gen_inbound(dir) 3825 int dir; 3826{ 3827 register struct block *b0; 3828 3829 /* 3830 * Only some data link types support inbound/outbound qualifiers. 3831 */ 3832 switch (linktype) { 3833 case DLT_SLIP: 3834 case DLT_PPP: 3835 b0 = gen_relation(BPF_JEQ, 3836 gen_load(Q_LINK, gen_loadi(0), 1), 3837 gen_loadi(0), 3838 dir); 3839 break; 3840 3841 default: 3842 bpf_error("inbound/outbound not supported on linktype %d\n", 3843 linktype); 3844 b0 = NULL; 3845 /* NOTREACHED */ 3846 } 3847 return (b0); 3848} 3849 3850struct block * 3851gen_acode(eaddr, q) 3852 register const u_char *eaddr; 3853 struct qual q; 3854{ 3855 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) { 3856 if (linktype == DLT_ARCNET) 3857 return gen_ahostop(eaddr, (int)q.dir); 3858 } 3859 bpf_error("ARCnet address used in non-arc expression"); 3860 /* NOTREACHED */ 3861} 3862 3863static struct block * 3864gen_ahostop(eaddr, dir) 3865 register const u_char *eaddr; 3866 register int dir; 3867{ 3868 register struct block *b0, *b1; 3869 3870 switch (dir) { 3871 /* src comes first, different from Ethernet */ 3872 case Q_SRC: 3873 return gen_bcmp(0, 1, eaddr); 3874 3875 case Q_DST: 3876 return gen_bcmp(1, 1, eaddr); 3877 3878 case Q_AND: 3879 b0 = gen_ahostop(eaddr, Q_SRC); 3880 b1 = gen_ahostop(eaddr, Q_DST); 3881 gen_and(b0, b1); 3882 return b1; 3883 3884 case Q_DEFAULT: 3885 case Q_OR: 3886 b0 = gen_ahostop(eaddr, Q_SRC); 3887 b1 = gen_ahostop(eaddr, Q_DST); 3888 gen_or(b0, b1); 3889 return b1; 3890 } 3891 abort(); 3892 /* NOTREACHED */ 3893} 3894 3895/* 3896 * support IEEE 802.1Q VLAN trunk over ethernet 3897 */ 3898struct block * 3899gen_vlan(vlan_num) 3900 int vlan_num; 3901{ 3902 struct block *b0; 3903 3904 /* 3905 * Change the offsets to point to the type and data fields within 3906 * the VLAN packet. This is somewhat of a kludge. 3907 */ 3908 if (orig_nl == (u_int)-1) { 3909 orig_linktype = off_linktype; /* save original values */ 3910 orig_nl = off_nl; 3911 3912 switch (linktype) { 3913 3914 case DLT_EN10MB: 3915 off_linktype = 16; 3916 off_nl = 18; 3917 break; 3918 3919 default: 3920 bpf_error("no VLAN support for data link type %d", 3921 linktype); 3922 /*NOTREACHED*/ 3923 } 3924 } 3925 3926 /* check for VLAN */ 3927 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q); 3928 3929 /* If a specific VLAN is requested, check VLAN id */ 3930 if (vlan_num >= 0) { 3931 struct block *b1; 3932 3933 b1 = gen_cmp(orig_nl, BPF_H, (bpf_int32)vlan_num); 3934 gen_and(b0, b1); 3935 b0 = b1; 3936 } 3937 3938 return (b0); 3939} 3940