1/* $OpenBSD: gencode.c,v 1.66 2024/04/08 02:51:14 jsg Exp $ */ 2 3/* 4 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998 5 * The Regents of the University of California. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that: (1) source code distributions 9 * retain the above copyright notice and this paragraph in its entirety, (2) 10 * distributions including binary code include the above copyright notice and 11 * this paragraph in its entirety in the documentation or other materials 12 * provided with the distribution, and (3) all advertising materials mentioning 13 * features or use of this software display the following acknowledgement: 14 * ``This product includes software developed by the University of California, 15 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 16 * the University nor the names of its contributors may be used to endorse 17 * or promote products derived from this software without specific prior 18 * written permission. 19 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 20 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 21 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 22 */ 23 24#include <sys/types.h> 25#include <sys/socket.h> 26#include <sys/time.h> 27 28#include <net/if.h> 29 30#include <netinet/in.h> 31#include <netinet/if_ether.h> 32 33#include <net/if_pflog.h> 34#include <net/pfvar.h> 35 36#include <netmpls/mpls.h> 37 38#include <net80211/ieee80211.h> 39#include <net80211/ieee80211_radiotap.h> 40 41#include <stdlib.h> 42#include <stddef.h> 43#include <setjmp.h> 44#include <stdarg.h> 45#include <string.h> 46 47#include "pcap-int.h" 48 49#include "ethertype.h" 50#include "llc.h" 51#include "gencode.h" 52#include "ppp.h" 53#include <pcap-namedb.h> 54#ifdef INET6 55#include <netdb.h> 56#endif /*INET6*/ 57 58#ifdef HAVE_OS_PROTO_H 59#include "os-proto.h" 60#endif 61 62#define JMP(c) ((c)|BPF_JMP|BPF_K) 63 64/* Locals */ 65static jmp_buf top_ctx; 66static pcap_t *bpf_pcap; 67 68/* Hack for updating VLAN offsets. */ 69static u_int orig_linktype = -1, orig_nl = -1, orig_nl_nosnap = -1; 70static u_int mpls_stack = 0; 71 72/* XXX */ 73#ifdef PCAP_FDDIPAD 74int pcap_fddipad = PCAP_FDDIPAD; 75#else 76int pcap_fddipad; 77#endif 78 79__dead void 80bpf_error(const char *fmt, ...) 81{ 82 va_list ap; 83 84 va_start(ap, fmt); 85 if (bpf_pcap != NULL) 86 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE, 87 fmt, ap); 88 va_end(ap); 89 longjmp(top_ctx, 1); 90 /* NOTREACHED */ 91} 92 93static void init_linktype(int); 94 95static int alloc_reg(void); 96static void free_reg(int); 97 98static struct block *root; 99 100/* initialization code used for variable link header */ 101static struct slist *init_code = NULL; 102 103/* Flags and registers for variable link type handling */ 104static int variable_nl; 105static int nl_reg, iphl_reg; 106 107/* 108 * Track memory allocations, for bulk freeing at the end 109 */ 110#define NMEMBAG 16 111#define MEMBAG0SIZE (4096 / sizeof (void *)) 112struct membag { 113 u_int total; 114 u_int slot; 115 void **ptrs; /* allocated array[total] to each malloc */ 116}; 117 118static struct membag membag[NMEMBAG]; 119static int cur_membag; 120 121static void *newchunk(size_t); 122static void freechunks(void); 123static __inline struct block *new_block(int); 124static __inline struct slist *new_stmt(int); 125static struct block *gen_retblk(int); 126static __inline void syntax(void); 127 128static void backpatch(struct block *, struct block *); 129static void merge(struct block *, struct block *); 130static struct block *gen_cmp(u_int, u_int, bpf_int32); 131static struct block *gen_cmp_gt(u_int, u_int, bpf_int32); 132static struct block *gen_cmp_nl(u_int, u_int, bpf_int32); 133static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32); 134static struct block *gen_mcmp_nl(u_int, u_int, bpf_int32, bpf_u_int32); 135static struct block *gen_bcmp(u_int, u_int, const u_char *); 136static struct block *gen_uncond(int); 137static __inline struct block *gen_true(void); 138static __inline struct block *gen_false(void); 139static struct block *gen_linktype(int); 140static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int); 141#ifdef INET6 142static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int); 143#endif 144static struct block *gen_ehostop(const u_char *, int); 145static struct block *gen_fhostop(const u_char *, int); 146static struct block *gen_dnhostop(bpf_u_int32, int, u_int); 147static struct block *gen_p80211_hostop(const u_char *, int); 148static struct block *gen_p80211_addr(int, u_int, const u_char *); 149static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int); 150#ifdef INET6 151static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int); 152#endif 153#ifndef INET6 154static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int); 155#endif 156static struct block *gen_ipfrag(void); 157static struct block *gen_portatom(int, bpf_int32); 158#ifdef INET6 159static struct block *gen_portatom6(int, bpf_int32); 160#endif 161struct block *gen_portop(int, int, int); 162static struct block *gen_port(int, int, int); 163#ifdef INET6 164struct block *gen_portop6(int, int, int); 165static struct block *gen_port6(int, int, int); 166#endif 167static int lookup_proto(const char *, int); 168static struct block *gen_protochain(int, int, int); 169static struct block *gen_proto(int, int, int); 170static struct slist *xfer_to_x(struct arth *); 171static struct slist *xfer_to_a(struct arth *); 172static struct block *gen_len(int, int); 173 174static void * 175newchunk(size_t n) 176{ 177 struct membag *m; 178 int k, size; 179 void *p; 180 181 m = &membag[cur_membag]; 182 if (m->total != 0 && m->total - m->slot == 0) { 183 if (++cur_membag == NMEMBAG) 184 bpf_error("out of memory"); 185 m = &membag[cur_membag]; 186 } 187 if (m->total - m->slot == 0) { 188 m->ptrs = calloc(sizeof (char *), MEMBAG0SIZE << cur_membag); 189 if (m->ptrs == NULL) 190 bpf_error("out of memory"); 191 m->total = MEMBAG0SIZE << cur_membag; 192 m->slot = 0; 193 } 194 195 p = calloc(1, n); 196 if (p == NULL) 197 bpf_error("out of memory"); 198 m->ptrs[m->slot++] = p; 199 return (p); 200} 201 202static void 203freechunks(void) 204{ 205 int i, j; 206 207 for (i = 0; i <= cur_membag; i++) { 208 if (membag[i].ptrs == NULL) 209 continue; 210 for (j = 0; j < membag[i].slot; j++) 211 free(membag[i].ptrs[j]); 212 free(membag[i].ptrs); 213 membag[i].ptrs = NULL; 214 membag[i].slot = membag[i].total = 0; 215 } 216 cur_membag = 0; 217} 218 219/* 220 * A strdup whose allocations are freed after code generation is over. 221 */ 222char * 223sdup(const char *s) 224{ 225 int n = strlen(s) + 1; 226 char *cp = newchunk(n); 227 228 strlcpy(cp, s, n); 229 return (cp); 230} 231 232static __inline struct block * 233new_block(int code) 234{ 235 struct block *p; 236 237 p = (struct block *)newchunk(sizeof(*p)); 238 p->s.code = code; 239 p->head = p; 240 241 return p; 242} 243 244static __inline struct slist * 245new_stmt(int code) 246{ 247 struct slist *p; 248 249 p = (struct slist *)newchunk(sizeof(*p)); 250 p->s.code = code; 251 252 return p; 253} 254 255static struct block * 256gen_retblk(int v) 257{ 258 struct block *b = new_block(BPF_RET|BPF_K); 259 260 b->s.k = v; 261 return b; 262} 263 264static __inline void 265syntax(void) 266{ 267 bpf_error("syntax error in filter expression"); 268} 269 270static bpf_u_int32 netmask; 271static int snaplen; 272int no_optimize; 273 274int 275pcap_compile(pcap_t *p, struct bpf_program *program, 276 const char *buf, int optimize, bpf_u_int32 mask) 277{ 278 extern int n_errors; 279 int len; 280 281 no_optimize = 0; 282 n_errors = 0; 283 root = NULL; 284 bpf_pcap = p; 285 if (setjmp(top_ctx)) { 286 freechunks(); 287 return (-1); 288 } 289 290 netmask = mask; 291 snaplen = pcap_snapshot(p); 292 293 lex_init(buf ? buf : ""); 294 init_linktype(pcap_datalink(p)); 295 (void)pcap_parse(); 296 297 if (n_errors) 298 syntax(); 299 300 if (root == NULL) 301 root = gen_retblk(snaplen); 302 303 if (optimize && !no_optimize) { 304 bpf_optimize(&root); 305 if (root == NULL || 306 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0)) 307 bpf_error("expression rejects all packets"); 308 } 309 program->bf_insns = icode_to_fcode(root, &len); 310 program->bf_len = len; 311 312 freechunks(); 313 return (0); 314} 315 316/* 317 * entry point for using the compiler with no pcap open 318 * pass in all the stuff that is needed explicitly instead. 319 */ 320int 321pcap_compile_nopcap(int snaplen_arg, int linktype_arg, 322 struct bpf_program *program, 323 const char *buf, int optimize, bpf_u_int32 mask) 324{ 325 extern int n_errors; 326 int len; 327 328 n_errors = 0; 329 root = NULL; 330 bpf_pcap = NULL; 331 if (setjmp(top_ctx)) { 332 freechunks(); 333 return (-1); 334 } 335 336 netmask = mask; 337 338 /* XXX needed? I don't grok the use of globals here. */ 339 snaplen = snaplen_arg; 340 341 lex_init(buf ? buf : ""); 342 init_linktype(linktype_arg); 343 (void)pcap_parse(); 344 345 if (n_errors) 346 syntax(); 347 348 if (root == NULL) 349 root = gen_retblk(snaplen_arg); 350 351 if (optimize) { 352 bpf_optimize(&root); 353 if (root == NULL || 354 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0)) 355 bpf_error("expression rejects all packets"); 356 } 357 program->bf_insns = icode_to_fcode(root, &len); 358 program->bf_len = len; 359 360 freechunks(); 361 return (0); 362} 363 364/* 365 * Clean up a "struct bpf_program" by freeing all the memory allocated 366 * in it. 367 */ 368void 369pcap_freecode(struct bpf_program *program) 370{ 371 program->bf_len = 0; 372 if (program->bf_insns != NULL) { 373 free((char *)program->bf_insns); 374 program->bf_insns = NULL; 375 } 376} 377 378/* 379 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates 380 * which of the jt and jf fields has been resolved and which is a pointer 381 * back to another unresolved block (or nil). At least one of the fields 382 * in each block is already resolved. 383 */ 384static void 385backpatch(struct block *list, struct block *target) 386{ 387 struct block *next; 388 389 while (list) { 390 if (!list->sense) { 391 next = JT(list); 392 JT(list) = target; 393 } else { 394 next = JF(list); 395 JF(list) = target; 396 } 397 list = next; 398 } 399} 400 401/* 402 * Merge the lists in b0 and b1, using the 'sense' field to indicate 403 * which of jt and jf is the link. 404 */ 405static void 406merge(struct block *b0, struct block *b1) 407{ 408 struct block **p = &b0; 409 410 /* Find end of list. */ 411 while (*p) 412 p = !((*p)->sense) ? &JT(*p) : &JF(*p); 413 414 /* Concatenate the lists. */ 415 *p = b1; 416} 417 418void 419finish_parse(struct block *p) 420{ 421 backpatch(p, gen_retblk(snaplen)); 422 p->sense = !p->sense; 423 backpatch(p, gen_retblk(0)); 424 root = p->head; 425 426 /* prepend initialization code to root */ 427 if (init_code != NULL && root != NULL) { 428 sappend(init_code, root->stmts); 429 root->stmts = init_code; 430 init_code = NULL; 431 } 432 433 if (iphl_reg != -1) { 434 free_reg(iphl_reg); 435 iphl_reg = -1; 436 } 437 if (nl_reg != -1) { 438 free_reg(nl_reg); 439 nl_reg = -1; 440 } 441} 442 443void 444gen_and(struct block *b0, struct block *b1) 445{ 446 backpatch(b0, b1->head); 447 b0->sense = !b0->sense; 448 b1->sense = !b1->sense; 449 merge(b1, b0); 450 b1->sense = !b1->sense; 451 b1->head = b0->head; 452} 453 454void 455gen_or(struct block *b0, struct block *b1) 456{ 457 b0->sense = !b0->sense; 458 backpatch(b0, b1->head); 459 b0->sense = !b0->sense; 460 merge(b1, b0); 461 b1->head = b0->head; 462} 463 464void 465gen_not(struct block *b) 466{ 467 b->sense = !b->sense; 468} 469 470static struct block * 471gen_cmp(u_int offset, u_int size, bpf_int32 v) 472{ 473 struct slist *s; 474 struct block *b; 475 476 s = new_stmt(BPF_LD|BPF_ABS|size); 477 s->s.k = offset; 478 479 b = new_block(JMP(BPF_JEQ)); 480 b->stmts = s; 481 b->s.k = v; 482 483 return b; 484} 485 486static struct block * 487gen_cmp_gt(u_int offset, u_int size, bpf_int32 v) 488{ 489 struct slist *s; 490 struct block *b; 491 492 s = new_stmt(BPF_LD|BPF_ABS|size); 493 s->s.k = offset; 494 495 b = new_block(JMP(BPF_JGT)); 496 b->stmts = s; 497 b->s.k = v; 498 499 return b; 500} 501 502static struct block * 503gen_mcmp(u_int offset, u_int size, bpf_int32 v, bpf_u_int32 mask) 504{ 505 struct block *b = gen_cmp(offset, size, v); 506 struct slist *s; 507 508 if (mask != 0xffffffff) { 509 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 510 s->s.k = mask; 511 sappend(b->stmts, s); 512 } 513 return b; 514} 515 516/* Like gen_mcmp with 'dynamic off_nl' added to the offset */ 517static struct block * 518gen_mcmp_nl(u_int offset, u_int size, bpf_int32 v, bpf_u_int32 mask) 519{ 520 struct block *b = gen_cmp_nl(offset, size, v); 521 struct slist *s; 522 523 if (mask != 0xffffffff) { 524 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 525 s->s.k = mask; 526 sappend(b->stmts, s); 527 } 528 return b; 529} 530 531static struct block * 532gen_bcmp(u_int offset, u_int size, const u_char *v) 533{ 534 struct block *b, *tmp; 535 536 b = NULL; 537 while (size >= 4) { 538 const u_char *p = &v[size - 4]; 539 bpf_int32 w = ((bpf_int32)p[0] << 24) | 540 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3]; 541 542 tmp = gen_cmp(offset + size - 4, BPF_W, w); 543 if (b != NULL) 544 gen_and(b, tmp); 545 b = tmp; 546 size -= 4; 547 } 548 while (size >= 2) { 549 const u_char *p = &v[size - 2]; 550 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1]; 551 552 tmp = gen_cmp(offset + size - 2, BPF_H, w); 553 if (b != NULL) 554 gen_and(b, tmp); 555 b = tmp; 556 size -= 2; 557 } 558 if (size > 0) { 559 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]); 560 if (b != NULL) 561 gen_and(b, tmp); 562 b = tmp; 563 } 564 return b; 565} 566 567/* 568 * Various code constructs need to know the layout of the data link 569 * layer. These variables give the necessary offsets. off_linktype 570 * is set to -1 for no encapsulation, in which case, IP is assumed. 571 */ 572static u_int off_linktype; 573static u_int off_nl; 574static u_int off_nl_nosnap; 575 576static int linktype; 577 578/* Generate code to load the dynamic 'off_nl' to the X register */ 579static struct slist * 580nl2X_stmt(void) 581{ 582 struct slist *s, *tmp; 583 584 if (nl_reg == -1) { 585 switch (linktype) { 586 case DLT_PFLOG: 587 /* The pflog header contains PFLOG_REAL_HDRLEN 588 which does NOT include the padding. Round 589 up to the nearest dword boundary */ 590 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 591 s->s.k = 0; 592 593 tmp = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 594 tmp->s.k = 3; 595 sappend(s, tmp); 596 597 tmp = new_stmt(BPF_ALU|BPF_AND|BPF_K); 598 tmp->s.k = 0xfc; 599 sappend(s, tmp); 600 601 nl_reg = alloc_reg(); 602 tmp = new_stmt(BPF_ST); 603 tmp->s.k = nl_reg; 604 sappend(s, tmp); 605 606 break; 607 default: 608 bpf_error("Unknown header size for link type 0x%x", 609 linktype); 610 } 611 612 if (init_code == NULL) 613 init_code = s; 614 else 615 sappend(init_code, s); 616 } 617 618 s = new_stmt(BPF_LDX|BPF_MEM); 619 s->s.k = nl_reg; 620 621 return s; 622} 623 624/* Like gen_cmp but adds the dynamic 'off_nl' to the offset */ 625static struct block * 626gen_cmp_nl(u_int offset, u_int size, bpf_int32 v) 627{ 628 struct slist *s, *tmp; 629 struct block *b; 630 631 if (variable_nl) { 632 s = nl2X_stmt(); 633 tmp = new_stmt(BPF_LD|BPF_IND|size); 634 tmp->s.k = offset; 635 sappend(s, tmp); 636 } else { 637 s = new_stmt(BPF_LD|BPF_ABS|size); 638 s->s.k = offset + off_nl; 639 } 640 b = new_block(JMP(BPF_JEQ)); 641 b->stmts = s; 642 b->s.k = v; 643 644 return b; 645} 646 647static void 648init_linktype(int type) 649{ 650 linktype = type; 651 init_code = NULL; 652 nl_reg = iphl_reg = -1; 653 654 switch (type) { 655 656 case DLT_EN10MB: 657 off_linktype = 12; 658 off_nl = 14; 659 return; 660 661 case DLT_SLIP: 662 /* 663 * SLIP doesn't have a link level type. The 16 byte 664 * header is hacked into our SLIP driver. 665 */ 666 off_linktype = -1; 667 off_nl = 16; 668 return; 669 670 case DLT_SLIP_BSDOS: 671 /* XXX this may be the same as the DLT_PPP_BSDOS case */ 672 off_linktype = -1; 673 /* XXX end */ 674 off_nl = 24; 675 return; 676 677 case DLT_NULL: 678 off_linktype = 0; 679 off_nl = 4; 680 return; 681 682 case DLT_PPP: 683 off_linktype = 2; 684 off_nl = 4; 685 return; 686 687 case DLT_PPP_SERIAL: 688 off_linktype = -1; 689 off_nl = 2; 690 return; 691 692 case DLT_PPP_ETHER: 693 /* 694 * This does not include the Ethernet header, and 695 * only covers session state. 696 */ 697 off_linktype = 6; 698 off_nl = 8; 699 return; 700 701 case DLT_PPP_BSDOS: 702 off_linktype = 5; 703 off_nl = 24; 704 return; 705 706 case DLT_FDDI: 707 /* 708 * FDDI doesn't really have a link-level type field. 709 * We assume that SSAP = SNAP is being used and pick 710 * out the encapsulated Ethernet type. 711 */ 712 off_linktype = 19; 713#ifdef PCAP_FDDIPAD 714 off_linktype += pcap_fddipad; 715#endif 716 off_nl = 21; 717#ifdef PCAP_FDDIPAD 718 off_nl += pcap_fddipad; 719#endif 720 return; 721 722 case DLT_IEEE802: 723 off_linktype = 20; 724 off_nl = 22; 725 return; 726 727 case DLT_IEEE802_11: 728 off_linktype = 30; /* XXX variable */ 729 off_nl = 32; 730 return; 731 732 case DLT_IEEE802_11_RADIO: /* XXX variable */ 733 off_linktype = 30 + IEEE80211_RADIOTAP_HDRLEN; 734 off_nl = 32 + IEEE80211_RADIOTAP_HDRLEN; 735 return; 736 737 case DLT_ATM_RFC1483: 738 /* 739 * assume routed, non-ISO PDUs 740 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00) 741 */ 742 off_linktype = 6; 743 off_nl = 8; 744 return; 745 746 case DLT_LOOP: 747 off_linktype = 0; 748 off_nl = 4; 749 return; 750 751 case DLT_ENC: 752 off_linktype = -1; 753 off_nl = 12; 754 return; 755 756 case DLT_PFLOG: 757 off_linktype = 0; 758 variable_nl = 1; 759 off_nl = 0; 760 return; 761 762 case DLT_PFSYNC: 763 off_linktype = -1; 764 off_nl = 4; 765 return; 766 767 case DLT_OPENFLOW: 768 off_linktype = -1; 769 off_nl = 12; 770 return; 771 772 case DLT_USBPCAP: 773 /* FALLTHROUGH */ 774 case DLT_RAW: 775 off_linktype = -1; 776 off_nl = 0; 777 return; 778 } 779 bpf_error("unknown data link type 0x%x", linktype); 780 /* NOTREACHED */ 781} 782 783static struct block * 784gen_uncond(int rsense) 785{ 786 struct block *b; 787 struct slist *s; 788 789 s = new_stmt(BPF_LD|BPF_IMM); 790 s->s.k = !rsense; 791 b = new_block(JMP(BPF_JEQ)); 792 b->stmts = s; 793 794 return b; 795} 796 797static __inline struct block * 798gen_true(void) 799{ 800 return gen_uncond(1); 801} 802 803static __inline struct block * 804gen_false(void) 805{ 806 return gen_uncond(0); 807} 808 809static struct block * 810gen_linktype(int proto) 811{ 812 struct block *b0, *b1; 813 814 /* If we're not using encapsulation and checking for IP, we're done */ 815 if ((off_linktype == -1 || mpls_stack > 0) && proto == ETHERTYPE_IP) 816 return gen_true(); 817#ifdef INET6 818 /* this isn't the right thing to do, but sometimes necessary */ 819 if ((off_linktype == -1 || mpls_stack > 0) && proto == ETHERTYPE_IPV6) 820 return gen_true(); 821#endif 822 823 switch (linktype) { 824 825 case DLT_EN10MB: 826 if (proto <= ETHERMTU) { 827 /* This is an LLC SAP value */ 828 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 829 gen_not(b0); 830 b1 = gen_cmp(off_linktype + 2, BPF_B, (bpf_int32)proto); 831 gen_and(b0, b1); 832 return b1; 833 } else { 834 /* This is an Ethernet type */ 835 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 836 } 837 break; 838 839 case DLT_SLIP: 840 return gen_false(); 841 842 case DLT_PPP: 843 case DLT_PPP_ETHER: 844 if (proto == ETHERTYPE_IP) 845 proto = PPP_IP; /* XXX was 0x21 */ 846#ifdef INET6 847 else if (proto == ETHERTYPE_IPV6) 848 proto = PPP_IPV6; 849#endif 850 break; 851 852 case DLT_PPP_BSDOS: 853 switch (proto) { 854 855 case ETHERTYPE_IP: 856 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP); 857 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC); 858 gen_or(b0, b1); 859 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC); 860 gen_or(b1, b0); 861 return b0; 862 863#ifdef INET6 864 case ETHERTYPE_IPV6: 865 proto = PPP_IPV6; 866 /* more to go? */ 867 break; 868#endif /* INET6 */ 869 870 case ETHERTYPE_DN: 871 proto = PPP_DECNET; 872 break; 873 874 case ETHERTYPE_ATALK: 875 proto = PPP_APPLE; 876 break; 877 878 case ETHERTYPE_NS: 879 proto = PPP_NS; 880 break; 881 } 882 break; 883 884 case DLT_LOOP: 885 case DLT_ENC: 886 case DLT_NULL: 887 { 888 int v; 889 890 if (proto == ETHERTYPE_IP) 891 v = AF_INET; 892#ifdef INET6 893 else if (proto == ETHERTYPE_IPV6) 894 v = AF_INET6; 895#endif /* INET6 */ 896 else 897 return gen_false(); 898 899 /* 900 * For DLT_NULL, the link-layer header is a 32-bit word 901 * containing an AF_ value in *host* byte order, and for 902 * DLT_ENC, the link-layer header begins with a 32-bit 903 * word containing an AF_ value in host byte order. 904 * 905 * For DLT_LOOP, the link-layer header is a 32-bit 906 * word containing an AF_ value in *network* byte order. 907 */ 908 if (linktype != DLT_LOOP) 909 v = htonl(v); 910 911 return (gen_cmp(0, BPF_W, (bpf_int32)v)); 912 break; 913 } 914 case DLT_PFLOG: 915 if (proto == ETHERTYPE_IP) 916 return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B, 917 (bpf_int32)AF_INET)); 918#ifdef INET6 919 else if (proto == ETHERTYPE_IPV6) 920 return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B, 921 (bpf_int32)AF_INET6)); 922#endif /* INET6 */ 923 else 924 return gen_false(); 925 break; 926 927 } 928 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 929} 930 931static struct block * 932gen_hostop(bpf_u_int32 addr, bpf_u_int32 mask, int dir, int proto, 933 u_int src_off, u_int dst_off) 934{ 935 struct block *b0, *b1; 936 u_int offset; 937 938 switch (dir) { 939 940 case Q_SRC: 941 offset = src_off; 942 break; 943 944 case Q_DST: 945 offset = dst_off; 946 break; 947 948 case Q_AND: 949 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off); 950 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off); 951 gen_and(b0, b1); 952 return b1; 953 954 case Q_OR: 955 case Q_DEFAULT: 956 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off); 957 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off); 958 gen_or(b0, b1); 959 return b1; 960 961 default: 962 bpf_error("direction not supported on linktype 0x%x", 963 linktype); 964 } 965 b0 = gen_linktype(proto); 966 b1 = gen_mcmp_nl(offset, BPF_W, (bpf_int32)addr, mask); 967 gen_and(b0, b1); 968 return b1; 969} 970 971#ifdef INET6 972static struct block * 973gen_hostop6(struct in6_addr *addr, struct in6_addr *mask, int dir, int proto, 974 u_int src_off, u_int dst_off) 975{ 976 struct block *b0, *b1; 977 u_int offset; 978 u_int32_t *a, *m; 979 980 switch (dir) { 981 982 case Q_SRC: 983 offset = src_off; 984 break; 985 986 case Q_DST: 987 offset = dst_off; 988 break; 989 990 case Q_AND: 991 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off); 992 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off); 993 gen_and(b0, b1); 994 return b1; 995 996 case Q_OR: 997 case Q_DEFAULT: 998 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off); 999 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off); 1000 gen_or(b0, b1); 1001 return b1; 1002 1003 default: 1004 bpf_error("direction not supported on linktype 0x%x", 1005 linktype); 1006 } 1007 /* this order is important */ 1008 a = (u_int32_t *)addr; 1009 m = (u_int32_t *)mask; 1010 b1 = gen_mcmp_nl(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3])); 1011 b0 = gen_mcmp_nl(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2])); 1012 gen_and(b0, b1); 1013 b0 = gen_mcmp_nl(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1])); 1014 gen_and(b0, b1); 1015 b0 = gen_mcmp_nl(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0])); 1016 gen_and(b0, b1); 1017 b0 = gen_linktype(proto); 1018 gen_and(b0, b1); 1019 return b1; 1020} 1021#endif /*INET6*/ 1022 1023static struct block * 1024gen_ehostop(const u_char *eaddr, int dir) 1025{ 1026 struct block *b0, *b1; 1027 1028 switch (dir) { 1029 case Q_SRC: 1030 return gen_bcmp(6, 6, eaddr); 1031 1032 case Q_DST: 1033 return gen_bcmp(0, 6, eaddr); 1034 1035 case Q_AND: 1036 b0 = gen_ehostop(eaddr, Q_SRC); 1037 b1 = gen_ehostop(eaddr, Q_DST); 1038 gen_and(b0, b1); 1039 return b1; 1040 1041 case Q_DEFAULT: 1042 case Q_OR: 1043 b0 = gen_ehostop(eaddr, Q_SRC); 1044 b1 = gen_ehostop(eaddr, Q_DST); 1045 gen_or(b0, b1); 1046 return b1; 1047 default: 1048 bpf_error("direction not supported on linktype 0x%x", 1049 linktype); 1050 } 1051 /* NOTREACHED */ 1052} 1053 1054/* 1055 * Like gen_ehostop, but for DLT_FDDI 1056 */ 1057static struct block * 1058gen_fhostop(const u_char *eaddr, int dir) 1059{ 1060 struct block *b0, *b1; 1061 1062 switch (dir) { 1063 case Q_SRC: 1064#ifdef PCAP_FDDIPAD 1065 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr); 1066#else 1067 return gen_bcmp(6 + 1, 6, eaddr); 1068#endif 1069 1070 case Q_DST: 1071#ifdef PCAP_FDDIPAD 1072 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr); 1073#else 1074 return gen_bcmp(0 + 1, 6, eaddr); 1075#endif 1076 1077 case Q_AND: 1078 b0 = gen_fhostop(eaddr, Q_SRC); 1079 b1 = gen_fhostop(eaddr, Q_DST); 1080 gen_and(b0, b1); 1081 return b1; 1082 1083 case Q_DEFAULT: 1084 case Q_OR: 1085 b0 = gen_fhostop(eaddr, Q_SRC); 1086 b1 = gen_fhostop(eaddr, Q_DST); 1087 gen_or(b0, b1); 1088 return b1; 1089 default: 1090 bpf_error("direction not supported on linktype 0x%x", 1091 linktype); 1092 } 1093 /* NOTREACHED */ 1094} 1095 1096/* 1097 * This is quite tricky because there may be pad bytes in front of the 1098 * DECNET header, and then there are two possible data packet formats that 1099 * carry both src and dst addresses, plus 5 packet types in a format that 1100 * carries only the src node, plus 2 types that use a different format and 1101 * also carry just the src node. 1102 * 1103 * Yuck. 1104 * 1105 * Instead of doing those all right, we just look for data packets with 1106 * 0 or 1 bytes of padding. If you want to look at other packets, that 1107 * will require a lot more hacking. 1108 * 1109 * To add support for filtering on DECNET "areas" (network numbers) 1110 * one would want to add a "mask" argument to this routine. That would 1111 * make the filter even more inefficient, although one could be clever 1112 * and not generate masking instructions if the mask is 0xFFFF. 1113 */ 1114static struct block * 1115gen_dnhostop(bpf_u_int32 addr, int dir, u_int base_off) 1116{ 1117 struct block *b0, *b1, *b2, *tmp; 1118 u_int offset_lh; /* offset if long header is received */ 1119 u_int offset_sh; /* offset if short header is received */ 1120 1121 switch (dir) { 1122 1123 case Q_DST: 1124 offset_sh = 1; /* follows flags */ 1125 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */ 1126 break; 1127 1128 case Q_SRC: 1129 offset_sh = 3; /* follows flags, dstnode */ 1130 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */ 1131 break; 1132 1133 case Q_AND: 1134 /* Inefficient because we do our Calvinball dance twice */ 1135 b0 = gen_dnhostop(addr, Q_SRC, base_off); 1136 b1 = gen_dnhostop(addr, Q_DST, base_off); 1137 gen_and(b0, b1); 1138 return b1; 1139 1140 case Q_OR: 1141 case Q_DEFAULT: 1142 /* Inefficient because we do our Calvinball dance twice */ 1143 b0 = gen_dnhostop(addr, Q_SRC, base_off); 1144 b1 = gen_dnhostop(addr, Q_DST, base_off); 1145 gen_or(b0, b1); 1146 return b1; 1147 1148 default: 1149 bpf_error("direction not supported on linktype 0x%x", 1150 linktype); 1151 } 1152 b0 = gen_linktype(ETHERTYPE_DN); 1153 /* Check for pad = 1, long header case */ 1154 tmp = gen_mcmp_nl(base_off + 2, BPF_H, 1155 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF)); 1156 b1 = gen_cmp_nl(base_off + 2 + 1 + offset_lh, 1157 BPF_H, (bpf_int32)ntohs(addr)); 1158 gen_and(tmp, b1); 1159 /* Check for pad = 0, long header case */ 1160 tmp = gen_mcmp_nl(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7); 1161 b2 = gen_cmp_nl(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr)); 1162 gen_and(tmp, b2); 1163 gen_or(b2, b1); 1164 /* Check for pad = 1, short header case */ 1165 tmp = gen_mcmp_nl(base_off + 2, BPF_H, 1166 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF)); 1167 b2 = gen_cmp_nl(base_off + 2 + 1 + offset_sh, 1168 BPF_H, (bpf_int32)ntohs(addr)); 1169 gen_and(tmp, b2); 1170 gen_or(b2, b1); 1171 /* Check for pad = 0, short header case */ 1172 tmp = gen_mcmp_nl(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7); 1173 b2 = gen_cmp_nl(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr)); 1174 gen_and(tmp, b2); 1175 gen_or(b2, b1); 1176 1177 /* Combine with test for linktype */ 1178 gen_and(b0, b1); 1179 return b1; 1180} 1181 1182static struct block * 1183gen_host(bpf_u_int32 addr, bpf_u_int32 mask, int proto, int dir) 1184{ 1185 struct block *b0, *b1; 1186 1187 switch (proto) { 1188 1189 case Q_DEFAULT: 1190 b0 = gen_host(addr, mask, Q_IP, dir); 1191 b1 = gen_host(addr, mask, Q_ARP, dir); 1192 gen_or(b0, b1); 1193 b0 = gen_host(addr, mask, Q_RARP, dir); 1194 gen_or(b1, b0); 1195 return b0; 1196 1197 case Q_IP: 1198 return gen_hostop(addr, mask, dir, ETHERTYPE_IP, 1199 12, 16); 1200 1201 case Q_RARP: 1202 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP, 1203 14, 24); 1204 1205 case Q_ARP: 1206 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP, 1207 14, 24); 1208 1209 case Q_TCP: 1210 bpf_error("'tcp' modifier applied to host"); 1211 1212 case Q_UDP: 1213 bpf_error("'udp' modifier applied to host"); 1214 1215 case Q_ICMP: 1216 bpf_error("'icmp' modifier applied to host"); 1217 1218 case Q_IGMP: 1219 bpf_error("'igmp' modifier applied to host"); 1220 1221 case Q_IGRP: 1222 bpf_error("'igrp' modifier applied to host"); 1223 1224 case Q_PIM: 1225 bpf_error("'pim' modifier applied to host"); 1226 1227 case Q_STP: 1228 bpf_error("'stp' modifier applied to host"); 1229 1230 case Q_ATALK: 1231 bpf_error("ATALK host filtering not implemented"); 1232 1233 case Q_DECNET: 1234 return gen_dnhostop(addr, dir, 0); 1235 1236 case Q_SCA: 1237 bpf_error("SCA host filtering not implemented"); 1238 1239 case Q_LAT: 1240 bpf_error("LAT host filtering not implemented"); 1241 1242 case Q_MOPDL: 1243 bpf_error("MOPDL host filtering not implemented"); 1244 1245 case Q_MOPRC: 1246 bpf_error("MOPRC host filtering not implemented"); 1247 1248#ifdef INET6 1249 case Q_IPV6: 1250 bpf_error("'ip6' modifier applied to ip host"); 1251 1252 case Q_ICMPV6: 1253 bpf_error("'icmp6' modifier applied to host"); 1254#endif /* INET6 */ 1255 1256 case Q_AH: 1257 bpf_error("'ah' modifier applied to host"); 1258 1259 case Q_ESP: 1260 bpf_error("'esp' modifier applied to host"); 1261 1262 default: 1263 bpf_error("direction not supported on linktype 0x%x", 1264 linktype); 1265 } 1266 /* NOTREACHED */ 1267} 1268 1269#ifdef INET6 1270static struct block * 1271gen_host6(struct in6_addr *addr, struct in6_addr *mask, int proto, int dir) 1272{ 1273 switch (proto) { 1274 1275 case Q_DEFAULT: 1276 return gen_host6(addr, mask, Q_IPV6, dir); 1277 1278 case Q_IP: 1279 bpf_error("'ip' modifier applied to ip6 host"); 1280 1281 case Q_RARP: 1282 bpf_error("'rarp' modifier applied to ip6 host"); 1283 1284 case Q_ARP: 1285 bpf_error("'arp' modifier applied to ip6 host"); 1286 1287 case Q_TCP: 1288 bpf_error("'tcp' modifier applied to host"); 1289 1290 case Q_UDP: 1291 bpf_error("'udp' modifier applied to host"); 1292 1293 case Q_ICMP: 1294 bpf_error("'icmp' modifier applied to host"); 1295 1296 case Q_IGMP: 1297 bpf_error("'igmp' modifier applied to host"); 1298 1299 case Q_IGRP: 1300 bpf_error("'igrp' modifier applied to host"); 1301 1302 case Q_PIM: 1303 bpf_error("'pim' modifier applied to host"); 1304 1305 case Q_STP: 1306 bpf_error("'stp' modifier applied to host"); 1307 1308 case Q_ATALK: 1309 bpf_error("ATALK host filtering not implemented"); 1310 1311 case Q_DECNET: 1312 bpf_error("'decnet' modifier applied to ip6 host"); 1313 1314 case Q_SCA: 1315 bpf_error("SCA host filtering not implemented"); 1316 1317 case Q_LAT: 1318 bpf_error("LAT host filtering not implemented"); 1319 1320 case Q_MOPDL: 1321 bpf_error("MOPDL host filtering not implemented"); 1322 1323 case Q_MOPRC: 1324 bpf_error("MOPRC host filtering not implemented"); 1325 1326 case Q_IPV6: 1327 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6, 1328 8, 24); 1329 1330 case Q_ICMPV6: 1331 bpf_error("'icmp6' modifier applied to host"); 1332 1333 case Q_AH: 1334 bpf_error("'ah' modifier applied to host"); 1335 1336 case Q_ESP: 1337 bpf_error("'esp' modifier applied to host"); 1338 1339 default: 1340 abort(); 1341 } 1342 /* NOTREACHED */ 1343} 1344#endif /*INET6*/ 1345 1346#ifndef INET6 1347static struct block * 1348gen_gateway(const u_char *eaddr, bpf_u_int32 **alist, int proto, int dir) 1349{ 1350 struct block *b0, *b1, *tmp; 1351 1352 if (dir != 0) 1353 bpf_error("direction applied to 'gateway'"); 1354 1355 switch (proto) { 1356 case Q_DEFAULT: 1357 case Q_IP: 1358 case Q_ARP: 1359 case Q_RARP: 1360 if (linktype == DLT_EN10MB) 1361 b0 = gen_ehostop(eaddr, Q_OR); 1362 else if (linktype == DLT_FDDI) 1363 b0 = gen_fhostop(eaddr, Q_OR); 1364 else 1365 bpf_error( 1366 "'gateway' supported only on ethernet or FDDI"); 1367 1368 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR); 1369 while (*alist) { 1370 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR); 1371 gen_or(b1, tmp); 1372 b1 = tmp; 1373 } 1374 gen_not(b1); 1375 gen_and(b0, b1); 1376 return b1; 1377 } 1378 bpf_error("illegal modifier of 'gateway'"); 1379 /* NOTREACHED */ 1380} 1381#endif /*INET6*/ 1382 1383struct block * 1384gen_proto_abbrev(int proto) 1385{ 1386 struct block *b0 = NULL, *b1; 1387 1388 switch (proto) { 1389 1390 case Q_TCP: 1391 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT); 1392#ifdef INET6 1393 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT); 1394 gen_or(b0, b1); 1395#endif 1396 break; 1397 1398 case Q_UDP: 1399 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT); 1400#ifdef INET6 1401 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT); 1402 gen_or(b0, b1); 1403#endif 1404 break; 1405 1406 case Q_ICMP: 1407 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT); 1408 break; 1409 1410#ifndef IPPROTO_IGMP 1411#define IPPROTO_IGMP 2 1412#endif 1413 1414 case Q_IGMP: 1415 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT); 1416 break; 1417 1418#ifndef IPPROTO_IGRP 1419#define IPPROTO_IGRP 9 1420#endif 1421 case Q_IGRP: 1422 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT); 1423 break; 1424 1425#ifndef IPPROTO_PIM 1426#define IPPROTO_PIM 103 1427#endif 1428 1429 case Q_PIM: 1430 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT); 1431#ifdef INET6 1432 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT); 1433 gen_or(b0, b1); 1434#endif 1435 break; 1436 1437 case Q_IP: 1438 b1 = gen_linktype(ETHERTYPE_IP); 1439 break; 1440 1441 case Q_ARP: 1442 b1 = gen_linktype(ETHERTYPE_ARP); 1443 break; 1444 1445 case Q_RARP: 1446 b1 = gen_linktype(ETHERTYPE_REVARP); 1447 break; 1448 1449 case Q_LINK: 1450 bpf_error("link layer applied in wrong context"); 1451 1452 case Q_ATALK: 1453 b1 = gen_linktype(ETHERTYPE_ATALK); 1454 break; 1455 1456 case Q_DECNET: 1457 b1 = gen_linktype(ETHERTYPE_DN); 1458 break; 1459 1460 case Q_SCA: 1461 b1 = gen_linktype(ETHERTYPE_SCA); 1462 break; 1463 1464 case Q_LAT: 1465 b1 = gen_linktype(ETHERTYPE_LAT); 1466 break; 1467 1468 case Q_MOPDL: 1469 b1 = gen_linktype(ETHERTYPE_MOPDL); 1470 break; 1471 1472 case Q_MOPRC: 1473 b1 = gen_linktype(ETHERTYPE_MOPRC); 1474 break; 1475 1476 case Q_STP: 1477 b1 = gen_linktype(LLCSAP_8021D); 1478 break; 1479 1480#ifdef INET6 1481 case Q_IPV6: 1482 b1 = gen_linktype(ETHERTYPE_IPV6); 1483 break; 1484 1485#ifndef IPPROTO_ICMPV6 1486#define IPPROTO_ICMPV6 58 1487#endif 1488 case Q_ICMPV6: 1489 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT); 1490 break; 1491#endif /* INET6 */ 1492 1493#ifndef IPPROTO_AH 1494#define IPPROTO_AH 51 1495#endif 1496 case Q_AH: 1497 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT); 1498#ifdef INET6 1499 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT); 1500 gen_or(b0, b1); 1501#endif 1502 break; 1503 1504#ifndef IPPROTO_ESP 1505#define IPPROTO_ESP 50 1506#endif 1507 case Q_ESP: 1508 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT); 1509#ifdef INET6 1510 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT); 1511 gen_or(b0, b1); 1512#endif 1513 break; 1514 1515 default: 1516 abort(); 1517 } 1518 return b1; 1519} 1520 1521static struct block * 1522gen_ipfrag(void) 1523{ 1524 struct slist *s, *tmp; 1525 struct block *b; 1526 1527 /* not ip frag */ 1528 if (variable_nl) { 1529 s = nl2X_stmt(); 1530 tmp = new_stmt(BPF_LD|BPF_H|BPF_IND); 1531 tmp->s.k = 6; 1532 sappend(s, tmp); 1533 } else { 1534 s = new_stmt(BPF_LD|BPF_H|BPF_ABS); 1535 s->s.k = off_nl + 6; 1536 } 1537 b = new_block(JMP(BPF_JSET)); 1538 b->s.k = 0x1fff; 1539 b->stmts = s; 1540 gen_not(b); 1541 1542 return b; 1543} 1544 1545/* For dynamic off_nl, the BPF_LDX|BPF_MSH instruction does not work 1546 This function generates code to set X to the start of the IP payload 1547 X = off_nl + IP header_len. 1548*/ 1549static struct slist * 1550iphl_to_x(void) 1551{ 1552 struct slist *s, *tmp; 1553 1554 /* XXX clobbers A if variable_nl*/ 1555 if (variable_nl) { 1556 if (iphl_reg == -1) { 1557 /* X <- off_nl */ 1558 s = nl2X_stmt(); 1559 1560 /* A = p[X+0] */ 1561 tmp = new_stmt(BPF_LD|BPF_B|BPF_IND); 1562 tmp->s.k = 0; 1563 sappend(s, tmp); 1564 1565 /* A = A & 0x0f */ 1566 tmp = new_stmt(BPF_ALU|BPF_AND|BPF_K); 1567 tmp->s.k = 0x0f; 1568 sappend(s, tmp); 1569 1570 /* A = A << 2 */ 1571 tmp = new_stmt(BPF_ALU|BPF_LSH|BPF_K); 1572 tmp->s.k = 2; 1573 sappend(s, tmp); 1574 1575 /* A = A + X (add off_nl again to compensate) */ 1576 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X)); 1577 1578 /* MEM[iphl_reg] = A */ 1579 iphl_reg = alloc_reg(); 1580 tmp = new_stmt(BPF_ST); 1581 tmp->s.k = iphl_reg; 1582 sappend(s, tmp); 1583 1584 sappend(init_code, s); 1585 } 1586 s = new_stmt(BPF_LDX|BPF_MEM); 1587 s->s.k = iphl_reg; 1588 1589 } else { 1590 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 1591 s->s.k = off_nl; 1592 } 1593 1594 return s; 1595} 1596 1597static struct block * 1598gen_portatom(int off, bpf_int32 v) 1599{ 1600 struct slist *s, *tmp; 1601 struct block *b; 1602 1603 s = iphl_to_x(); 1604 1605 tmp = new_stmt(BPF_LD|BPF_IND|BPF_H); 1606 tmp->s.k = off_nl + off; /* off_nl == 0 if variable_nl */ 1607 sappend(s, tmp); 1608 1609 b = new_block(JMP(BPF_JEQ)); 1610 b->stmts = s; 1611 b->s.k = v; 1612 1613 return b; 1614} 1615 1616#ifdef INET6 1617static struct block * 1618gen_portatom6(int off, bpf_int32 v) 1619{ 1620 return gen_cmp_nl(40 + off, BPF_H, v); 1621} 1622#endif/*INET6*/ 1623 1624struct block * 1625gen_portop(int port, int proto, int dir) 1626{ 1627 struct block *b0, *b1, *tmp; 1628 1629 /* ip proto 'proto' */ 1630 tmp = gen_cmp_nl(9, BPF_B, (bpf_int32)proto); 1631 b0 = gen_ipfrag(); 1632 gen_and(tmp, b0); 1633 1634 switch (dir) { 1635 case Q_SRC: 1636 b1 = gen_portatom(0, (bpf_int32)port); 1637 break; 1638 1639 case Q_DST: 1640 b1 = gen_portatom(2, (bpf_int32)port); 1641 break; 1642 1643 case Q_OR: 1644 case Q_DEFAULT: 1645 tmp = gen_portatom(0, (bpf_int32)port); 1646 b1 = gen_portatom(2, (bpf_int32)port); 1647 gen_or(tmp, b1); 1648 break; 1649 1650 case Q_AND: 1651 tmp = gen_portatom(0, (bpf_int32)port); 1652 b1 = gen_portatom(2, (bpf_int32)port); 1653 gen_and(tmp, b1); 1654 break; 1655 1656 default: 1657 abort(); 1658 } 1659 gen_and(b0, b1); 1660 1661 return b1; 1662} 1663 1664static struct block * 1665gen_port(int port, int ip_proto, int dir) 1666{ 1667 struct block *b0, *b1, *tmp; 1668 1669 /* ether proto ip */ 1670 b0 = gen_linktype(ETHERTYPE_IP); 1671 1672 switch (ip_proto) { 1673 case IPPROTO_UDP: 1674 case IPPROTO_TCP: 1675 b1 = gen_portop(port, ip_proto, dir); 1676 break; 1677 1678 case PROTO_UNDEF: 1679 tmp = gen_portop(port, IPPROTO_TCP, dir); 1680 b1 = gen_portop(port, IPPROTO_UDP, dir); 1681 gen_or(tmp, b1); 1682 break; 1683 1684 default: 1685 abort(); 1686 } 1687 gen_and(b0, b1); 1688 return b1; 1689} 1690 1691#ifdef INET6 1692struct block * 1693gen_portop6(int port, int proto, int dir) 1694{ 1695 struct block *b0, *b1, *tmp; 1696 1697 /* ip proto 'proto' */ 1698 b0 = gen_cmp_nl(6, BPF_B, (bpf_int32)proto); 1699 1700 switch (dir) { 1701 case Q_SRC: 1702 b1 = gen_portatom6(0, (bpf_int32)port); 1703 break; 1704 1705 case Q_DST: 1706 b1 = gen_portatom6(2, (bpf_int32)port); 1707 break; 1708 1709 case Q_OR: 1710 case Q_DEFAULT: 1711 tmp = gen_portatom6(0, (bpf_int32)port); 1712 b1 = gen_portatom6(2, (bpf_int32)port); 1713 gen_or(tmp, b1); 1714 break; 1715 1716 case Q_AND: 1717 tmp = gen_portatom6(0, (bpf_int32)port); 1718 b1 = gen_portatom6(2, (bpf_int32)port); 1719 gen_and(tmp, b1); 1720 break; 1721 1722 default: 1723 abort(); 1724 } 1725 gen_and(b0, b1); 1726 1727 return b1; 1728} 1729 1730static struct block * 1731gen_port6(int port, int ip_proto, int dir) 1732{ 1733 struct block *b0, *b1, *tmp; 1734 1735 /* ether proto ip */ 1736 b0 = gen_linktype(ETHERTYPE_IPV6); 1737 1738 switch (ip_proto) { 1739 case IPPROTO_UDP: 1740 case IPPROTO_TCP: 1741 b1 = gen_portop6(port, ip_proto, dir); 1742 break; 1743 1744 case PROTO_UNDEF: 1745 tmp = gen_portop6(port, IPPROTO_TCP, dir); 1746 b1 = gen_portop6(port, IPPROTO_UDP, dir); 1747 gen_or(tmp, b1); 1748 break; 1749 1750 default: 1751 abort(); 1752 } 1753 gen_and(b0, b1); 1754 return b1; 1755} 1756#endif /* INET6 */ 1757 1758static int 1759lookup_proto(const char *name, int proto) 1760{ 1761 int v; 1762 1763 switch (proto) { 1764 1765 case Q_DEFAULT: 1766 case Q_IP: 1767 v = pcap_nametoproto(name); 1768 if (v == PROTO_UNDEF) 1769 bpf_error("unknown ip proto '%s'", name); 1770 break; 1771 1772 case Q_LINK: 1773 /* XXX should look up h/w protocol type based on linktype */ 1774 v = pcap_nametoeproto(name); 1775 if (v == PROTO_UNDEF) { 1776 v = pcap_nametollc(name); 1777 if (v == PROTO_UNDEF) 1778 bpf_error("unknown ether proto '%s'", name); 1779 } 1780 break; 1781 1782 default: 1783 v = PROTO_UNDEF; 1784 break; 1785 } 1786 return v; 1787} 1788 1789static struct block * 1790gen_protochain(int v, int proto, int dir) 1791{ 1792 struct block *b0, *b; 1793 struct slist *s[100]; 1794 int fix2, fix3, fix4, fix5; 1795 int ahcheck, again, end; 1796 int i, max; 1797 int reg1 = alloc_reg(); 1798 int reg2 = alloc_reg(); 1799 1800 memset(s, 0, sizeof(s)); 1801 fix2 = fix3 = fix4 = fix5 = 0; 1802 1803 if (variable_nl) { 1804 bpf_error("'gen_protochain' not supported for variable DLTs"); 1805 /*NOTREACHED*/ 1806 } 1807 1808 switch (proto) { 1809 case Q_IP: 1810 case Q_IPV6: 1811 break; 1812 case Q_DEFAULT: 1813 b0 = gen_protochain(v, Q_IP, dir); 1814 b = gen_protochain(v, Q_IPV6, dir); 1815 gen_or(b0, b); 1816 return b; 1817 default: 1818 bpf_error("bad protocol applied for 'protochain'"); 1819 /*NOTREACHED*/ 1820 } 1821 1822 no_optimize = 1; /*this code is not compatible with optimzer yet */ 1823 1824 /* 1825 * s[0] is a dummy entry to protect other BPF insn from damaged 1826 * by s[fix] = foo with uninitialized variable "fix". It is somewhat 1827 * hard to find interdependency made by jump table fixup. 1828 */ 1829 i = 0; 1830 s[i] = new_stmt(0); /*dummy*/ 1831 i++; 1832 1833 switch (proto) { 1834 case Q_IP: 1835 b0 = gen_linktype(ETHERTYPE_IP); 1836 1837 /* A = ip->ip_p */ 1838 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B); 1839 s[i]->s.k = off_nl + 9; 1840 i++; 1841 /* X = ip->ip_hl << 2 */ 1842 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 1843 s[i]->s.k = off_nl; 1844 i++; 1845 break; 1846 case Q_IPV6: 1847 b0 = gen_linktype(ETHERTYPE_IPV6); 1848 1849 /* A = ip6->ip_nxt */ 1850 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B); 1851 s[i]->s.k = off_nl + 6; 1852 i++; 1853 /* X = sizeof(struct ip6_hdr) */ 1854 s[i] = new_stmt(BPF_LDX|BPF_IMM); 1855 s[i]->s.k = 40; 1856 i++; 1857 break; 1858 default: 1859 bpf_error("unsupported proto to gen_protochain"); 1860 /*NOTREACHED*/ 1861 } 1862 1863 /* again: if (A == v) goto end; else fall through; */ 1864 again = i; 1865 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1866 s[i]->s.k = v; 1867 s[i]->s.jt = NULL; /*later*/ 1868 s[i]->s.jf = NULL; /*update in next stmt*/ 1869 fix5 = i; 1870 i++; 1871 1872 /* if (A == IPPROTO_NONE) goto end */ 1873 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1874 s[i]->s.jt = NULL; /*later*/ 1875 s[i]->s.jf = NULL; /*update in next stmt*/ 1876 s[i]->s.k = IPPROTO_NONE; 1877 s[fix5]->s.jf = s[i]; 1878 fix2 = i; 1879 i++; 1880 1881 if (proto == Q_IPV6) { 1882 int v6start, v6end, v6advance, j; 1883 1884 v6start = i; 1885 /* if (A == IPPROTO_HOPOPTS) goto v6advance */ 1886 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1887 s[i]->s.jt = NULL; /*later*/ 1888 s[i]->s.jf = NULL; /*update in next stmt*/ 1889 s[i]->s.k = IPPROTO_HOPOPTS; 1890 s[fix2]->s.jf = s[i]; 1891 i++; 1892 /* if (A == IPPROTO_DSTOPTS) goto v6advance */ 1893 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1894 s[i]->s.jt = NULL; /*later*/ 1895 s[i]->s.jf = NULL; /*update in next stmt*/ 1896 s[i]->s.k = IPPROTO_DSTOPTS; 1897 i++; 1898 /* if (A == IPPROTO_ROUTING) goto v6advance */ 1899 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1900 s[i]->s.jt = NULL; /*later*/ 1901 s[i]->s.jf = NULL; /*update in next stmt*/ 1902 s[i]->s.k = IPPROTO_ROUTING; 1903 i++; 1904 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */ 1905 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1906 s[i]->s.jt = NULL; /*later*/ 1907 s[i]->s.jf = NULL; /*later*/ 1908 s[i]->s.k = IPPROTO_FRAGMENT; 1909 fix3 = i; 1910 v6end = i; 1911 i++; 1912 1913 /* v6advance: */ 1914 v6advance = i; 1915 1916 /* 1917 * in short, 1918 * A = P[X + 1]; 1919 * X = X + (P[X] + 1) * 8; 1920 */ 1921 /* A = X */ 1922 s[i] = new_stmt(BPF_MISC|BPF_TXA); 1923 i++; 1924 /* MEM[reg1] = A */ 1925 s[i] = new_stmt(BPF_ST); 1926 s[i]->s.k = reg1; 1927 i++; 1928 /* A += 1 */ 1929 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 1930 s[i]->s.k = 1; 1931 i++; 1932 /* X = A */ 1933 s[i] = new_stmt(BPF_MISC|BPF_TAX); 1934 i++; 1935 /* A = P[X + packet head]; */ 1936 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 1937 s[i]->s.k = off_nl; 1938 i++; 1939 /* MEM[reg2] = A */ 1940 s[i] = new_stmt(BPF_ST); 1941 s[i]->s.k = reg2; 1942 i++; 1943 /* X = MEM[reg1] */ 1944 s[i] = new_stmt(BPF_LDX|BPF_MEM); 1945 s[i]->s.k = reg1; 1946 i++; 1947 /* A = P[X + packet head] */ 1948 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 1949 s[i]->s.k = off_nl; 1950 i++; 1951 /* A += 1 */ 1952 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 1953 s[i]->s.k = 1; 1954 i++; 1955 /* A *= 8 */ 1956 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K); 1957 s[i]->s.k = 8; 1958 i++; 1959 /* X = A; */ 1960 s[i] = new_stmt(BPF_MISC|BPF_TAX); 1961 i++; 1962 /* A = MEM[reg2] */ 1963 s[i] = new_stmt(BPF_LD|BPF_MEM); 1964 s[i]->s.k = reg2; 1965 i++; 1966 1967 /* goto again; (must use BPF_JA for backward jump) */ 1968 s[i] = new_stmt(BPF_JMP|BPF_JA); 1969 s[i]->s.k = again - i - 1; 1970 s[i - 1]->s.jf = s[i]; 1971 i++; 1972 1973 /* fixup */ 1974 for (j = v6start; j <= v6end; j++) 1975 s[j]->s.jt = s[v6advance]; 1976 } else { 1977 /* nop */ 1978 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 1979 s[i]->s.k = 0; 1980 s[fix2]->s.jf = s[i]; 1981 i++; 1982 } 1983 1984 /* ahcheck: */ 1985 ahcheck = i; 1986 /* if (A == IPPROTO_AH) then fall through; else goto end; */ 1987 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1988 s[i]->s.jt = NULL; /*later*/ 1989 s[i]->s.jf = NULL; /*later*/ 1990 s[i]->s.k = IPPROTO_AH; 1991 if (fix3) 1992 s[fix3]->s.jf = s[ahcheck]; 1993 fix4 = i; 1994 i++; 1995 1996 /* 1997 * in short, 1998 * A = P[X + 1]; 1999 * X = X + (P[X] + 2) * 4; 2000 */ 2001 /* A = X */ 2002 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA); 2003 i++; 2004 /* MEM[reg1] = A */ 2005 s[i] = new_stmt(BPF_ST); 2006 s[i]->s.k = reg1; 2007 i++; 2008 /* A += 1 */ 2009 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2010 s[i]->s.k = 1; 2011 i++; 2012 /* X = A */ 2013 s[i] = new_stmt(BPF_MISC|BPF_TAX); 2014 i++; 2015 /* A = P[X + packet head]; */ 2016 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 2017 s[i]->s.k = off_nl; 2018 i++; 2019 /* MEM[reg2] = A */ 2020 s[i] = new_stmt(BPF_ST); 2021 s[i]->s.k = reg2; 2022 i++; 2023 /* X = MEM[reg1] */ 2024 s[i] = new_stmt(BPF_LDX|BPF_MEM); 2025 s[i]->s.k = reg1; 2026 i++; 2027 /* A = P[X + packet head] */ 2028 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 2029 s[i]->s.k = off_nl; 2030 i++; 2031 /* A += 2 */ 2032 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2033 s[i]->s.k = 2; 2034 i++; 2035 /* A *= 4 */ 2036 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K); 2037 s[i]->s.k = 4; 2038 i++; 2039 /* X = A; */ 2040 s[i] = new_stmt(BPF_MISC|BPF_TAX); 2041 i++; 2042 /* A = MEM[reg2] */ 2043 s[i] = new_stmt(BPF_LD|BPF_MEM); 2044 s[i]->s.k = reg2; 2045 i++; 2046 2047 /* goto again; (must use BPF_JA for backward jump) */ 2048 s[i] = new_stmt(BPF_JMP|BPF_JA); 2049 s[i]->s.k = again - i - 1; 2050 i++; 2051 2052 /* end: nop */ 2053 end = i; 2054 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2055 s[i]->s.k = 0; 2056 s[fix2]->s.jt = s[end]; 2057 s[fix4]->s.jf = s[end]; 2058 s[fix5]->s.jt = s[end]; 2059 i++; 2060 2061 /* 2062 * make slist chain 2063 */ 2064 max = i; 2065 for (i = 0; i < max - 1; i++) 2066 s[i]->next = s[i + 1]; 2067 s[max - 1]->next = NULL; 2068 2069 /* 2070 * emit final check 2071 */ 2072 b = new_block(JMP(BPF_JEQ)); 2073 b->stmts = s[1]; /*remember, s[0] is dummy*/ 2074 b->s.k = v; 2075 2076 free_reg(reg1); 2077 free_reg(reg2); 2078 2079 gen_and(b0, b); 2080 return b; 2081} 2082 2083static struct block * 2084gen_proto(int v, int proto, int dir) 2085{ 2086 struct block *b0, *b1; 2087 2088 if (dir != Q_DEFAULT) 2089 bpf_error("direction applied to 'proto'"); 2090 2091 switch (proto) { 2092 case Q_DEFAULT: 2093#ifdef INET6 2094 b0 = gen_proto(v, Q_IP, dir); 2095 b1 = gen_proto(v, Q_IPV6, dir); 2096 gen_or(b0, b1); 2097 return b1; 2098#else 2099 /*FALLTHROUGH*/ 2100#endif 2101 case Q_IP: 2102 b0 = gen_linktype(ETHERTYPE_IP); 2103#ifndef CHASE_CHAIN 2104 b1 = gen_cmp_nl(9, BPF_B, (bpf_int32)v); 2105#else 2106 b1 = gen_protochain(v, Q_IP); 2107#endif 2108 gen_and(b0, b1); 2109 return b1; 2110 2111 case Q_ARP: 2112 bpf_error("arp does not encapsulate another protocol"); 2113 /* NOTREACHED */ 2114 2115 case Q_RARP: 2116 bpf_error("rarp does not encapsulate another protocol"); 2117 /* NOTREACHED */ 2118 2119 case Q_ATALK: 2120 bpf_error("atalk encapsulation is not specifiable"); 2121 /* NOTREACHED */ 2122 2123 case Q_DECNET: 2124 bpf_error("decnet encapsulation is not specifiable"); 2125 /* NOTREACHED */ 2126 2127 case Q_SCA: 2128 bpf_error("sca does not encapsulate another protocol"); 2129 /* NOTREACHED */ 2130 2131 case Q_LAT: 2132 bpf_error("lat does not encapsulate another protocol"); 2133 /* NOTREACHED */ 2134 2135 case Q_MOPRC: 2136 bpf_error("moprc does not encapsulate another protocol"); 2137 /* NOTREACHED */ 2138 2139 case Q_MOPDL: 2140 bpf_error("mopdl does not encapsulate another protocol"); 2141 /* NOTREACHED */ 2142 2143 case Q_LINK: 2144 return gen_linktype(v); 2145 2146 case Q_UDP: 2147 bpf_error("'udp proto' is bogus"); 2148 /* NOTREACHED */ 2149 2150 case Q_TCP: 2151 bpf_error("'tcp proto' is bogus"); 2152 /* NOTREACHED */ 2153 2154 case Q_ICMP: 2155 bpf_error("'icmp proto' is bogus"); 2156 /* NOTREACHED */ 2157 2158 case Q_IGMP: 2159 bpf_error("'igmp proto' is bogus"); 2160 /* NOTREACHED */ 2161 2162 case Q_IGRP: 2163 bpf_error("'igrp proto' is bogus"); 2164 /* NOTREACHED */ 2165 2166 case Q_PIM: 2167 bpf_error("'pim proto' is bogus"); 2168 /* NOTREACHED */ 2169 2170 case Q_STP: 2171 bpf_error("'stp proto' is bogus"); 2172 /* NOTREACHED */ 2173 2174#ifdef INET6 2175 case Q_IPV6: 2176 b0 = gen_linktype(ETHERTYPE_IPV6); 2177#ifndef CHASE_CHAIN 2178 b1 = gen_cmp_nl(6, BPF_B, (bpf_int32)v); 2179#else 2180 b1 = gen_protochain(v, Q_IPV6); 2181#endif 2182 gen_and(b0, b1); 2183 return b1; 2184 2185 case Q_ICMPV6: 2186 bpf_error("'icmp6 proto' is bogus"); 2187#endif /* INET6 */ 2188 2189 case Q_AH: 2190 bpf_error("'ah proto' is bogus"); 2191 2192 case Q_ESP: 2193 bpf_error("'esp proto' is bogus"); 2194 2195 default: 2196 abort(); 2197 /* NOTREACHED */ 2198 } 2199 /* NOTREACHED */ 2200} 2201 2202struct block * 2203gen_scode(const char *name, struct qual q) 2204{ 2205 int proto = q.proto; 2206 int dir = q.dir; 2207 int tproto; 2208 u_char *eaddr; 2209 bpf_u_int32 mask, addr; 2210#ifndef INET6 2211 bpf_u_int32 **alist; 2212#else 2213 int tproto6; 2214 struct sockaddr_in *sin; 2215 struct sockaddr_in6 *sin6; 2216 struct addrinfo *res, *res0; 2217 struct in6_addr mask128; 2218#endif /*INET6*/ 2219 struct block *b, *tmp; 2220 int port, real_proto; 2221 2222 switch (q.addr) { 2223 2224 case Q_NET: 2225 addr = pcap_nametonetaddr(name); 2226 if (addr == 0) 2227 bpf_error("unknown network '%s'", name); 2228 /* Left justify network addr and calculate its network mask */ 2229 mask = 0xffffffff; 2230 while (addr && (addr & 0xff000000) == 0) { 2231 addr <<= 8; 2232 mask <<= 8; 2233 } 2234 return gen_host(addr, mask, proto, dir); 2235 2236 case Q_DEFAULT: 2237 case Q_HOST: 2238 if (proto == Q_LINK) { 2239 switch (linktype) { 2240 2241 case DLT_EN10MB: 2242 eaddr = pcap_ether_hostton(name); 2243 if (eaddr == NULL) 2244 bpf_error( 2245 "unknown ether host '%s'", name); 2246 return gen_ehostop(eaddr, dir); 2247 2248 case DLT_FDDI: 2249 eaddr = pcap_ether_hostton(name); 2250 if (eaddr == NULL) 2251 bpf_error( 2252 "unknown FDDI host '%s'", name); 2253 return gen_fhostop(eaddr, dir); 2254 2255 case DLT_IEEE802_11: 2256 case DLT_IEEE802_11_RADIO: 2257 eaddr = pcap_ether_hostton(name); 2258 if (eaddr == NULL) 2259 bpf_error( 2260 "unknown 802.11 host '%s'", name); 2261 2262 return gen_p80211_hostop(eaddr, dir); 2263 2264 default: 2265 bpf_error( 2266 "only ethernet/FDDI supports link-level host name"); 2267 break; 2268 } 2269 } else if (proto == Q_DECNET) { 2270 unsigned short dn_addr = __pcap_nametodnaddr(name); 2271 /* 2272 * I don't think DECNET hosts can be multihomed, so 2273 * there is no need to build up a list of addresses 2274 */ 2275 return (gen_host(dn_addr, 0, proto, dir)); 2276 } else { 2277#ifndef INET6 2278 alist = pcap_nametoaddr(name); 2279 if (alist == NULL || *alist == NULL) 2280 bpf_error("unknown host '%s'", name); 2281 tproto = proto; 2282 if (off_linktype == -1 && tproto == Q_DEFAULT) 2283 tproto = Q_IP; 2284 b = gen_host(**alist++, 0xffffffff, tproto, dir); 2285 while (*alist) { 2286 tmp = gen_host(**alist++, 0xffffffff, 2287 tproto, dir); 2288 gen_or(b, tmp); 2289 b = tmp; 2290 } 2291 return b; 2292#else 2293 memset(&mask128, 0xff, sizeof(mask128)); 2294 res0 = res = pcap_nametoaddrinfo(name); 2295 if (res == NULL) 2296 bpf_error("unknown host '%s'", name); 2297 b = tmp = NULL; 2298 tproto = tproto6 = proto; 2299 if (off_linktype == -1 && tproto == Q_DEFAULT) { 2300 tproto = Q_IP; 2301 tproto6 = Q_IPV6; 2302 } 2303 for (res = res0; res; res = res->ai_next) { 2304 switch (res->ai_family) { 2305 case AF_INET: 2306 if (tproto == Q_IPV6) 2307 continue; 2308 2309 sin = (struct sockaddr_in *) 2310 res->ai_addr; 2311 tmp = gen_host(ntohl(sin->sin_addr.s_addr), 2312 0xffffffff, tproto, dir); 2313 break; 2314 case AF_INET6: 2315 if (tproto6 == Q_IP) 2316 continue; 2317 2318 sin6 = (struct sockaddr_in6 *) 2319 res->ai_addr; 2320 tmp = gen_host6(&sin6->sin6_addr, 2321 &mask128, tproto6, dir); 2322 break; 2323 } 2324 if (b) 2325 gen_or(b, tmp); 2326 b = tmp; 2327 } 2328 freeaddrinfo(res0); 2329 if (b == NULL) { 2330 bpf_error("unknown host '%s'%s", name, 2331 (proto == Q_DEFAULT) 2332 ? "" 2333 : " for specified address family"); 2334 } 2335 return b; 2336#endif /*INET6*/ 2337 } 2338 2339 case Q_PORT: 2340 if (proto != Q_DEFAULT && proto != Q_UDP && proto != Q_TCP) 2341 bpf_error("illegal qualifier of 'port'"); 2342 if (pcap_nametoport(name, &port, &real_proto) == 0) 2343 bpf_error("unknown port '%s'", name); 2344 if (proto == Q_UDP) { 2345 if (real_proto == IPPROTO_TCP) 2346 bpf_error("port '%s' is tcp", name); 2347 else 2348 /* override PROTO_UNDEF */ 2349 real_proto = IPPROTO_UDP; 2350 } 2351 if (proto == Q_TCP) { 2352 if (real_proto == IPPROTO_UDP) 2353 bpf_error("port '%s' is udp", name); 2354 else 2355 /* override PROTO_UNDEF */ 2356 real_proto = IPPROTO_TCP; 2357 } 2358#ifndef INET6 2359 return gen_port(port, real_proto, dir); 2360#else 2361 { 2362 struct block *b; 2363 b = gen_port(port, real_proto, dir); 2364 gen_or(gen_port6(port, real_proto, dir), b); 2365 return b; 2366 } 2367#endif /* INET6 */ 2368 2369 case Q_GATEWAY: 2370#ifndef INET6 2371 eaddr = pcap_ether_hostton(name); 2372 if (eaddr == NULL) 2373 bpf_error("unknown ether host: %s", name); 2374 2375 alist = pcap_nametoaddr(name); 2376 if (alist == NULL || *alist == NULL) 2377 bpf_error("unknown host '%s'", name); 2378 return gen_gateway(eaddr, alist, proto, dir); 2379#else 2380 bpf_error("'gateway' not supported in this configuration"); 2381#endif /*INET6*/ 2382 2383 case Q_PROTO: 2384 real_proto = lookup_proto(name, proto); 2385 if (real_proto >= 0) 2386 return gen_proto(real_proto, proto, dir); 2387 else 2388 bpf_error("unknown protocol: %s", name); 2389 2390 case Q_PROTOCHAIN: 2391 real_proto = lookup_proto(name, proto); 2392 if (real_proto >= 0) 2393 return gen_protochain(real_proto, proto, dir); 2394 else 2395 bpf_error("unknown protocol: %s", name); 2396 2397 2398 case Q_UNDEF: 2399 syntax(); 2400 /* NOTREACHED */ 2401 } 2402 abort(); 2403 /* NOTREACHED */ 2404} 2405 2406struct block * 2407gen_mcode(const char *s1, const char *s2, int masklen, struct qual q) 2408{ 2409 int nlen, mlen; 2410 bpf_u_int32 n, m; 2411 2412 nlen = __pcap_atoin(s1, &n); 2413 /* Promote short ipaddr */ 2414 n <<= 32 - nlen; 2415 2416 if (s2 != NULL) { 2417 mlen = __pcap_atoin(s2, &m); 2418 /* Promote short ipaddr */ 2419 m <<= 32 - mlen; 2420 if ((n & ~m) != 0) 2421 bpf_error("non-network bits set in \"%s mask %s\"", 2422 s1, s2); 2423 } else { 2424 /* Convert mask len to mask */ 2425 if (masklen > 32) 2426 bpf_error("mask length must be <= 32"); 2427 m = 0xffffffff << (32 - masklen); 2428 if ((n & ~m) != 0) 2429 bpf_error("non-network bits set in \"%s/%d\"", 2430 s1, masklen); 2431 } 2432 2433 switch (q.addr) { 2434 2435 case Q_NET: 2436 return gen_host(n, m, q.proto, q.dir); 2437 2438 default: 2439 bpf_error("Mask syntax for networks only"); 2440 /* NOTREACHED */ 2441 } 2442} 2443 2444struct block * 2445gen_ncode(const char *s, bpf_u_int32 v, struct qual q) 2446{ 2447 bpf_u_int32 mask; 2448 int proto = q.proto; 2449 int dir = q.dir; 2450 int vlen; 2451 2452 if (s == NULL) 2453 vlen = 32; 2454 else if (q.proto == Q_DECNET) 2455 vlen = __pcap_atodn(s, &v); 2456 else 2457 vlen = __pcap_atoin(s, &v); 2458 2459 switch (q.addr) { 2460 2461 case Q_DEFAULT: 2462 case Q_HOST: 2463 case Q_NET: 2464 if (proto == Q_DECNET) 2465 return gen_host(v, 0, proto, dir); 2466 else if (proto == Q_LINK) { 2467 bpf_error("illegal link layer address"); 2468 } else { 2469 mask = 0xffffffff; 2470 if (s == NULL && q.addr == Q_NET) { 2471 /* Promote short net number */ 2472 while (v && (v & 0xff000000) == 0) { 2473 v <<= 8; 2474 mask <<= 8; 2475 } 2476 } else { 2477 /* Promote short ipaddr */ 2478 v <<= 32 - vlen; 2479 mask <<= 32 - vlen; 2480 } 2481 return gen_host(v, mask, proto, dir); 2482 } 2483 2484 case Q_PORT: 2485 if (proto == Q_UDP) 2486 proto = IPPROTO_UDP; 2487 else if (proto == Q_TCP) 2488 proto = IPPROTO_TCP; 2489 else if (proto == Q_DEFAULT) 2490 proto = PROTO_UNDEF; 2491 else 2492 bpf_error("illegal qualifier of 'port'"); 2493 2494#ifndef INET6 2495 return gen_port((int)v, proto, dir); 2496#else 2497 { 2498 struct block *b; 2499 b = gen_port((int)v, proto, dir); 2500 gen_or(gen_port6((int)v, proto, dir), b); 2501 return b; 2502 } 2503#endif /* INET6 */ 2504 2505 case Q_GATEWAY: 2506 bpf_error("'gateway' requires a name"); 2507 /* NOTREACHED */ 2508 2509 case Q_PROTO: 2510 return gen_proto((int)v, proto, dir); 2511 2512 case Q_PROTOCHAIN: 2513 return gen_protochain((int)v, proto, dir); 2514 2515 case Q_UNDEF: 2516 syntax(); 2517 /* NOTREACHED */ 2518 2519 default: 2520 abort(); 2521 /* NOTREACHED */ 2522 } 2523 /* NOTREACHED */ 2524} 2525 2526#ifdef INET6 2527struct block * 2528gen_mcode6(const char *s1, const char *s2, int masklen, struct qual q) 2529{ 2530 struct addrinfo *res; 2531 struct in6_addr *addr; 2532 struct in6_addr mask; 2533 struct block *b; 2534 u_int32_t *a, *m; 2535 2536 if (s2) 2537 bpf_error("no mask %s supported", s2); 2538 2539 res = pcap_nametoaddrinfo(s1); 2540 if (!res) 2541 bpf_error("invalid ip6 address %s", s1); 2542 if (res->ai_next) 2543 bpf_error("%s resolved to multiple address", s1); 2544 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr; 2545 2546 if (sizeof(mask) * 8 < masklen) 2547 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8)); 2548 memset(&mask, 0, sizeof(mask)); 2549 memset(&mask, 0xff, masklen / 8); 2550 if (masklen % 8) { 2551 mask.s6_addr[masklen / 8] = 2552 (0xff << (8 - masklen % 8)) & 0xff; 2553 } 2554 2555 a = (u_int32_t *)addr; 2556 m = (u_int32_t *)&mask; 2557 if ((a[0] & ~m[0]) || (a[1] & ~m[1]) 2558 || (a[2] & ~m[2]) || (a[3] & ~m[3])) { 2559 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen); 2560 } 2561 2562 switch (q.addr) { 2563 2564 case Q_DEFAULT: 2565 case Q_HOST: 2566 if (masklen != 128) 2567 bpf_error("Mask syntax for networks only"); 2568 /* FALLTHROUGH */ 2569 2570 case Q_NET: 2571 b = gen_host6(addr, &mask, q.proto, q.dir); 2572 freeaddrinfo(res); 2573 return b; 2574 2575 default: 2576 bpf_error("invalid qualifier against IPv6 address"); 2577 /* NOTREACHED */ 2578 } 2579} 2580#endif /*INET6*/ 2581 2582struct block * 2583gen_ecode(const u_char *eaddr, struct qual q) 2584{ 2585 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) { 2586 if (linktype == DLT_EN10MB) 2587 return gen_ehostop(eaddr, (int)q.dir); 2588 if (linktype == DLT_FDDI) 2589 return gen_fhostop(eaddr, (int)q.dir); 2590 if (linktype == DLT_IEEE802_11 || 2591 linktype == DLT_IEEE802_11_RADIO) 2592 return gen_p80211_hostop(eaddr, (int)q.dir); 2593 } 2594 bpf_error("ethernet address used in non-ether expression"); 2595 /* NOTREACHED */ 2596} 2597 2598void 2599sappend(struct slist *s0, struct slist *s1) 2600{ 2601 /* 2602 * This is definitely not the best way to do this, but the 2603 * lists will rarely get long. 2604 */ 2605 while (s0->next) 2606 s0 = s0->next; 2607 s0->next = s1; 2608} 2609 2610static struct slist * 2611xfer_to_x(struct arth *a) 2612{ 2613 struct slist *s; 2614 2615 s = new_stmt(BPF_LDX|BPF_MEM); 2616 s->s.k = a->regno; 2617 return s; 2618} 2619 2620static struct slist * 2621xfer_to_a(struct arth *a) 2622{ 2623 struct slist *s; 2624 2625 s = new_stmt(BPF_LD|BPF_MEM); 2626 s->s.k = a->regno; 2627 return s; 2628} 2629 2630struct arth * 2631gen_load(int proto, struct arth *index, int size) 2632{ 2633 struct slist *s, *tmp; 2634 struct block *b; 2635 int regno = alloc_reg(); 2636 2637 free_reg(index->regno); 2638 switch (size) { 2639 2640 default: 2641 bpf_error("data size must be 1, 2, or 4"); 2642 2643 case 1: 2644 size = BPF_B; 2645 break; 2646 2647 case 2: 2648 size = BPF_H; 2649 break; 2650 2651 case 4: 2652 size = BPF_W; 2653 break; 2654 } 2655 switch (proto) { 2656 default: 2657 bpf_error("unsupported index operation"); 2658 2659 case Q_LINK: 2660 s = xfer_to_x(index); 2661 tmp = new_stmt(BPF_LD|BPF_IND|size); 2662 sappend(s, tmp); 2663 sappend(index->s, s); 2664 break; 2665 2666 case Q_IP: 2667 case Q_ARP: 2668 case Q_RARP: 2669 case Q_ATALK: 2670 case Q_DECNET: 2671 case Q_SCA: 2672 case Q_LAT: 2673 case Q_MOPRC: 2674 case Q_MOPDL: 2675#ifdef INET6 2676 case Q_IPV6: 2677#endif 2678 /* XXX Note that we assume a fixed link header here. */ 2679 if (variable_nl) { 2680 s = nl2X_stmt(); 2681 sappend(s, xfer_to_a(index)); 2682 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X)); 2683 sappend(s, new_stmt(BPF_MISC|BPF_TAX)); 2684 } else { 2685 s = xfer_to_x(index); 2686 } 2687 tmp = new_stmt(BPF_LD|BPF_IND|size); 2688 tmp->s.k = off_nl; /* off_nl == 0 for variable_nl */ 2689 sappend(s, tmp); 2690 sappend(index->s, s); 2691 2692 b = gen_proto_abbrev(proto); 2693 if (index->b) 2694 gen_and(index->b, b); 2695 index->b = b; 2696 break; 2697 2698 case Q_TCP: 2699 case Q_UDP: 2700 case Q_ICMP: 2701 case Q_IGMP: 2702 case Q_IGRP: 2703 case Q_PIM: 2704 s = iphl_to_x(); 2705 sappend(s, xfer_to_a(index)); 2706 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X)); 2707 sappend(s, new_stmt(BPF_MISC|BPF_TAX)); 2708 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size)); 2709 tmp->s.k = off_nl; /* off_nl is 0 if variable_nl */ 2710 sappend(index->s, s); 2711 2712 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag()); 2713 if (index->b) 2714 gen_and(index->b, b); 2715#ifdef INET6 2716 gen_and(gen_proto_abbrev(Q_IP), b); 2717#endif 2718 index->b = b; 2719 break; 2720#ifdef INET6 2721 case Q_ICMPV6: 2722 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]"); 2723 /*NOTREACHED*/ 2724#endif 2725 } 2726 index->regno = regno; 2727 s = new_stmt(BPF_ST); 2728 s->s.k = regno; 2729 sappend(index->s, s); 2730 2731 return index; 2732} 2733 2734struct block * 2735gen_relation(int code, struct arth *a0, struct arth *a1, int reversed) 2736{ 2737 struct slist *s0, *s1, *s2; 2738 struct block *b, *tmp; 2739 2740 s0 = xfer_to_x(a1); 2741 s1 = xfer_to_a(a0); 2742 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X); 2743 b = new_block(JMP(code)); 2744 if (code == BPF_JGT || code == BPF_JGE) { 2745 reversed = !reversed; 2746 b->s.k = 0x80000000; 2747 } 2748 if (reversed) 2749 gen_not(b); 2750 2751 sappend(s1, s2); 2752 sappend(s0, s1); 2753 sappend(a1->s, s0); 2754 sappend(a0->s, a1->s); 2755 2756 b->stmts = a0->s; 2757 2758 free_reg(a0->regno); 2759 free_reg(a1->regno); 2760 2761 /* 'and' together protocol checks */ 2762 if (a0->b) { 2763 if (a1->b) { 2764 gen_and(a0->b, tmp = a1->b); 2765 } 2766 else 2767 tmp = a0->b; 2768 } else 2769 tmp = a1->b; 2770 2771 if (tmp) 2772 gen_and(tmp, b); 2773 2774 return b; 2775} 2776 2777struct arth * 2778gen_loadlen(void) 2779{ 2780 int regno = alloc_reg(); 2781 struct arth *a = (struct arth *)newchunk(sizeof(*a)); 2782 struct slist *s; 2783 2784 s = new_stmt(BPF_LD|BPF_LEN); 2785 s->next = new_stmt(BPF_ST); 2786 s->next->s.k = regno; 2787 a->s = s; 2788 a->regno = regno; 2789 2790 return a; 2791} 2792 2793struct arth * 2794gen_loadrnd(void) 2795{ 2796 int regno = alloc_reg(); 2797 struct arth *a = (struct arth *)newchunk(sizeof(*a)); 2798 struct slist *s; 2799 2800 s = new_stmt(BPF_LD|BPF_RND); 2801 s->next = new_stmt(BPF_ST); 2802 s->next->s.k = regno; 2803 a->s = s; 2804 a->regno = regno; 2805 2806 return a; 2807} 2808 2809struct arth * 2810gen_loadi(int val) 2811{ 2812 struct arth *a; 2813 struct slist *s; 2814 int reg; 2815 2816 a = (struct arth *)newchunk(sizeof(*a)); 2817 2818 reg = alloc_reg(); 2819 2820 s = new_stmt(BPF_LD|BPF_IMM); 2821 s->s.k = val; 2822 s->next = new_stmt(BPF_ST); 2823 s->next->s.k = reg; 2824 a->s = s; 2825 a->regno = reg; 2826 2827 return a; 2828} 2829 2830struct arth * 2831gen_neg(struct arth *a) 2832{ 2833 struct slist *s; 2834 2835 s = xfer_to_a(a); 2836 sappend(a->s, s); 2837 s = new_stmt(BPF_ALU|BPF_NEG); 2838 s->s.k = 0; 2839 sappend(a->s, s); 2840 s = new_stmt(BPF_ST); 2841 s->s.k = a->regno; 2842 sappend(a->s, s); 2843 2844 return a; 2845} 2846 2847struct arth * 2848gen_arth(int code, struct arth *a0, struct arth *a1) 2849{ 2850 struct slist *s0, *s1, *s2; 2851 2852 s0 = xfer_to_x(a1); 2853 s1 = xfer_to_a(a0); 2854 s2 = new_stmt(BPF_ALU|BPF_X|code); 2855 2856 sappend(s1, s2); 2857 sappend(s0, s1); 2858 sappend(a1->s, s0); 2859 sappend(a0->s, a1->s); 2860 2861 free_reg(a1->regno); 2862 2863 s0 = new_stmt(BPF_ST); 2864 a0->regno = s0->s.k = alloc_reg(); 2865 sappend(a0->s, s0); 2866 2867 return a0; 2868} 2869 2870/* 2871 * Here we handle simple allocation of the scratch registers. 2872 * If too many registers are alloc'd, the allocator punts. 2873 */ 2874static int regused[BPF_MEMWORDS]; 2875static int curreg; 2876 2877/* 2878 * Return the next free register. 2879 */ 2880static int 2881alloc_reg(void) 2882{ 2883 int n = BPF_MEMWORDS; 2884 2885 while (--n >= 0) { 2886 if (regused[curreg]) 2887 curreg = (curreg + 1) % BPF_MEMWORDS; 2888 else { 2889 regused[curreg] = 1; 2890 return curreg; 2891 } 2892 } 2893 bpf_error("too many registers needed to evaluate expression"); 2894 /* NOTREACHED */ 2895} 2896 2897/* 2898 * Return a register to the table so it can 2899 * be used later. 2900 */ 2901static void 2902free_reg(int n) 2903{ 2904 regused[n] = 0; 2905} 2906 2907static struct block * 2908gen_len(int jmp, int n) 2909{ 2910 struct slist *s; 2911 struct block *b; 2912 2913 s = new_stmt(BPF_LD|BPF_LEN); 2914 b = new_block(JMP(jmp)); 2915 b->stmts = s; 2916 b->s.k = n; 2917 2918 return b; 2919} 2920 2921struct block * 2922gen_greater(int n) 2923{ 2924 return gen_len(BPF_JGE, n); 2925} 2926 2927struct block * 2928gen_less(int n) 2929{ 2930 struct block *b; 2931 2932 b = gen_len(BPF_JGT, n); 2933 gen_not(b); 2934 2935 return b; 2936} 2937 2938struct block * 2939gen_byteop(int op, int idx, int val) 2940{ 2941 struct block *b; 2942 struct slist *s; 2943 2944 switch (op) { 2945 default: 2946 abort(); 2947 2948 case '=': 2949 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 2950 2951 case '<': 2952 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 2953 b->s.code = JMP(BPF_JGE); 2954 gen_not(b); 2955 return b; 2956 2957 case '>': 2958 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 2959 b->s.code = JMP(BPF_JGT); 2960 return b; 2961 2962 case '|': 2963 s = new_stmt(BPF_ALU|BPF_OR|BPF_K); 2964 break; 2965 2966 case '&': 2967 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 2968 break; 2969 } 2970 s->s.k = val; 2971 b = new_block(JMP(BPF_JEQ)); 2972 b->stmts = s; 2973 gen_not(b); 2974 2975 return b; 2976} 2977 2978struct block * 2979gen_broadcast(int proto) 2980{ 2981 bpf_u_int32 hostmask; 2982 struct block *b0, *b1, *b2; 2983 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 2984 2985 switch (proto) { 2986 2987 case Q_DEFAULT: 2988 case Q_LINK: 2989 if (linktype == DLT_EN10MB) 2990 return gen_ehostop(ebroadcast, Q_DST); 2991 if (linktype == DLT_FDDI) 2992 return gen_fhostop(ebroadcast, Q_DST); 2993 if (linktype == DLT_IEEE802_11 || 2994 linktype == DLT_IEEE802_11_RADIO) 2995 return gen_p80211_hostop(ebroadcast, Q_DST); 2996 bpf_error("not a broadcast link"); 2997 break; 2998 2999 case Q_IP: 3000 /* 3001 * We treat a netmask of PCAP_NETMASK_UNKNOWN (0xffffffff) 3002 * as an indication that we don't know the netmask, and fail 3003 * in that case. 3004 */ 3005 if (netmask == PCAP_NETMASK_UNKNOWN) 3006 bpf_error("netmask not known, so 'ip broadcast' not supported"); 3007 b0 = gen_linktype(ETHERTYPE_IP); 3008 hostmask = ~netmask; 3009 b1 = gen_mcmp_nl(16, BPF_W, (bpf_int32)0, hostmask); 3010 b2 = gen_mcmp_nl(16, BPF_W, 3011 (bpf_int32)(~0 & hostmask), hostmask); 3012 gen_or(b1, b2); 3013 gen_and(b0, b2); 3014 return b2; 3015 } 3016 bpf_error("only ether/ip broadcast filters supported"); 3017} 3018 3019struct block * 3020gen_multicast(int proto) 3021{ 3022 struct block *b0, *b1; 3023 struct slist *s; 3024 3025 switch (proto) { 3026 3027 case Q_DEFAULT: 3028 case Q_LINK: 3029 if (linktype == DLT_EN10MB) { 3030 /* ether[0] & 1 != 0 */ 3031 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 3032 s->s.k = 0; 3033 b0 = new_block(JMP(BPF_JSET)); 3034 b0->s.k = 1; 3035 b0->stmts = s; 3036 return b0; 3037 } 3038 3039 if (linktype == DLT_FDDI) { 3040 /* XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX */ 3041 /* fddi[1] & 1 != 0 */ 3042 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 3043 s->s.k = 1; 3044 b0 = new_block(JMP(BPF_JSET)); 3045 b0->s.k = 1; 3046 b0->stmts = s; 3047 return b0; 3048 } 3049 /* Link not known to support multicasts */ 3050 break; 3051 3052 case Q_IP: 3053 b0 = gen_linktype(ETHERTYPE_IP); 3054 b1 = gen_cmp_nl(16, BPF_B, (bpf_int32)224); 3055 b1->s.code = JMP(BPF_JGE); 3056 gen_and(b0, b1); 3057 return b1; 3058 3059#ifdef INET6 3060 case Q_IPV6: 3061 b0 = gen_linktype(ETHERTYPE_IPV6); 3062 b1 = gen_cmp_nl(24, BPF_B, (bpf_int32)255); 3063 gen_and(b0, b1); 3064 return b1; 3065#endif /* INET6 */ 3066 } 3067 bpf_error("only IP multicast filters supported on ethernet/FDDI"); 3068} 3069 3070/* 3071 * generate command for inbound/outbound. It's here so we can 3072 * make it link-type specific. 'dir' = 0 implies "inbound", 3073 * = 1 implies "outbound". 3074 */ 3075struct block * 3076gen_inbound(int dir) 3077{ 3078 struct block *b0; 3079 3080 /* 3081 * Only SLIP and old-style PPP data link types support 3082 * inbound/outbound qualifiers. 3083 */ 3084 switch (linktype) { 3085 case DLT_SLIP: 3086 case DLT_PPP: 3087 b0 = gen_relation(BPF_JEQ, 3088 gen_load(Q_LINK, gen_loadi(0), 1), 3089 gen_loadi(0), 3090 dir); 3091 break; 3092 3093 case DLT_PFLOG: 3094 b0 = gen_cmp(offsetof(struct pfloghdr, dir), BPF_B, 3095 (bpf_int32)((dir == 0) ? PF_IN : PF_OUT)); 3096 break; 3097 3098 default: 3099 bpf_error("inbound/outbound not supported on linktype 0x%x", 3100 linktype); 3101 /* NOTREACHED */ 3102 } 3103 3104 return (b0); 3105} 3106 3107 3108/* PF firewall log matched interface */ 3109struct block * 3110gen_pf_ifname(char *ifname) 3111{ 3112 struct block *b0; 3113 u_int len, off; 3114 3115 if (linktype == DLT_PFLOG) { 3116 len = sizeof(((struct pfloghdr *)0)->ifname); 3117 off = offsetof(struct pfloghdr, ifname); 3118 } else { 3119 bpf_error("ifname not supported on linktype 0x%x", linktype); 3120 /* NOTREACHED */ 3121 } 3122 if (strlen(ifname) >= len) { 3123 bpf_error("ifname interface names can only be %d characters", 3124 len - 1); 3125 /* NOTREACHED */ 3126 } 3127 b0 = gen_bcmp(off, strlen(ifname) + 1, ifname); 3128 return (b0); 3129} 3130 3131 3132/* PF firewall log ruleset name */ 3133struct block * 3134gen_pf_ruleset(char *ruleset) 3135{ 3136 struct block *b0; 3137 3138 if (linktype != DLT_PFLOG) { 3139 bpf_error("ruleset not supported on linktype 0x%x", linktype); 3140 /* NOTREACHED */ 3141 } 3142 if (strlen(ruleset) >= sizeof(((struct pfloghdr *)0)->ruleset)) { 3143 bpf_error("ruleset names can only be %zu characters", 3144 sizeof(((struct pfloghdr *)0)->ruleset) - 1); 3145 /* NOTREACHED */ 3146 } 3147 b0 = gen_bcmp(offsetof(struct pfloghdr, ruleset), 3148 strlen(ruleset), ruleset); 3149 return (b0); 3150} 3151 3152 3153/* PF firewall log rule number */ 3154struct block * 3155gen_pf_rnr(int rnr) 3156{ 3157 struct block *b0; 3158 3159 if (linktype == DLT_PFLOG) { 3160 b0 = gen_cmp(offsetof(struct pfloghdr, rulenr), BPF_W, 3161 (bpf_int32)rnr); 3162 } else { 3163 bpf_error("rnr not supported on linktype 0x%x", linktype); 3164 /* NOTREACHED */ 3165 } 3166 3167 return (b0); 3168} 3169 3170 3171/* PF firewall log sub-rule number */ 3172struct block * 3173gen_pf_srnr(int srnr) 3174{ 3175 struct block *b0; 3176 3177 if (linktype != DLT_PFLOG) { 3178 bpf_error("srnr not supported on linktype 0x%x", linktype); 3179 /* NOTREACHED */ 3180 } 3181 3182 b0 = gen_cmp(offsetof(struct pfloghdr, subrulenr), BPF_W, 3183 (bpf_int32)srnr); 3184 return (b0); 3185} 3186 3187/* PF firewall log reason code */ 3188struct block * 3189gen_pf_reason(int reason) 3190{ 3191 struct block *b0; 3192 3193 if (linktype == DLT_PFLOG) { 3194 b0 = gen_cmp(offsetof(struct pfloghdr, reason), BPF_B, 3195 (bpf_int32)reason); 3196 } else { 3197 bpf_error("reason not supported on linktype 0x%x", linktype); 3198 /* NOTREACHED */ 3199 } 3200 3201 return (b0); 3202} 3203 3204/* PF firewall log action */ 3205struct block * 3206gen_pf_action(int action) 3207{ 3208 struct block *b0; 3209 3210 if (linktype == DLT_PFLOG) { 3211 b0 = gen_cmp(offsetof(struct pfloghdr, action), BPF_B, 3212 (bpf_int32)action); 3213 } else { 3214 bpf_error("action not supported on linktype 0x%x", linktype); 3215 /* NOTREACHED */ 3216 } 3217 3218 return (b0); 3219} 3220 3221/* IEEE 802.11 wireless header */ 3222struct block * 3223gen_p80211_type(int type, int mask) 3224{ 3225 struct block *b0; 3226 u_int offset; 3227 3228 if (!(linktype == DLT_IEEE802_11 || 3229 linktype == DLT_IEEE802_11_RADIO)) { 3230 bpf_error("type not supported on linktype 0x%x", 3231 linktype); 3232 /* NOTREACHED */ 3233 } 3234 offset = (u_int)offsetof(struct ieee80211_frame, i_fc[0]); 3235 if (linktype == DLT_IEEE802_11_RADIO) 3236 offset += IEEE80211_RADIOTAP_HDRLEN; 3237 3238 b0 = gen_mcmp(offset, BPF_B, (bpf_int32)type, (bpf_u_int32)mask); 3239 3240 return (b0); 3241} 3242 3243static struct block * 3244gen_ahostop(const u_char *eaddr, int dir) 3245{ 3246 struct block *b0, *b1; 3247 3248 switch (dir) { 3249 /* src comes first, different from Ethernet */ 3250 case Q_SRC: 3251 return gen_bcmp(0, 1, eaddr); 3252 3253 case Q_DST: 3254 return gen_bcmp(1, 1, eaddr); 3255 3256 case Q_AND: 3257 b0 = gen_ahostop(eaddr, Q_SRC); 3258 b1 = gen_ahostop(eaddr, Q_DST); 3259 gen_and(b0, b1); 3260 return b1; 3261 3262 case Q_DEFAULT: 3263 case Q_OR: 3264 b0 = gen_ahostop(eaddr, Q_SRC); 3265 b1 = gen_ahostop(eaddr, Q_DST); 3266 gen_or(b0, b1); 3267 return b1; 3268 } 3269 abort(); 3270 /* NOTREACHED */ 3271} 3272 3273struct block * 3274gen_acode(const u_char *eaddr, struct qual q) 3275{ 3276 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) { 3277 if (linktype == DLT_ARCNET) 3278 return gen_ahostop(eaddr, (int)q.dir); 3279 } 3280 bpf_error("ARCnet address used in non-arc expression"); 3281 /* NOTREACHED */ 3282} 3283 3284struct block * 3285gen_mpls(int label) 3286{ 3287 struct block *b0; 3288 3289 if (label > MPLS_LABEL_MAX) 3290 bpf_error("invalid MPLS label : %d", label); 3291 3292 if (mpls_stack > 0) /* Bottom-Of-Label-Stack bit ? */ 3293 b0 = gen_mcmp(off_nl-2, BPF_B, (bpf_int32)0, 0x1); 3294 else 3295 b0 = gen_linktype(ETHERTYPE_MPLS); 3296 3297 if (label >= 0) { 3298 struct block *b1; 3299 3300 b1 = gen_mcmp(off_nl, BPF_W, (bpf_int32)(label << 12), 3301 MPLS_LABEL_MASK); 3302 gen_and(b0, b1); 3303 b0 = b1; 3304 } 3305 off_nl += 4; 3306 off_linktype += 4; 3307 mpls_stack++; 3308 return (b0); 3309} 3310 3311/* 3312 * support IEEE 802.1Q VLAN trunk over ethernet 3313 */ 3314struct block * 3315gen_vlan(int vlan_num) 3316{ 3317 struct block *b0; 3318 3319 if (variable_nl) { 3320 bpf_error("'vlan' not supported for variable DLTs"); 3321 /*NOTREACHED*/ 3322 } 3323 3324 if (vlan_num > 4095) { 3325 bpf_error("invalid VLAN number : %d", vlan_num); 3326 /*NOTREACHED*/ 3327 } 3328 3329 /* 3330 * Change the offsets to point to the type and data fields within 3331 * the VLAN packet. This is somewhat of a kludge. 3332 */ 3333 if (orig_nl == (u_int)-1) { 3334 orig_linktype = off_linktype; /* save original values */ 3335 orig_nl = off_nl; 3336 orig_nl_nosnap = off_nl_nosnap; 3337 3338 switch (linktype) { 3339 3340 case DLT_EN10MB: 3341 off_linktype = 16; 3342 off_nl_nosnap = 18; 3343 off_nl = 18; 3344 break; 3345 3346 default: 3347 bpf_error("no VLAN support for data link type %d", 3348 linktype); 3349 /*NOTREACHED*/ 3350 } 3351 } 3352 3353 /* check for VLAN */ 3354 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q); 3355 3356 /* If a specific VLAN is requested, check VLAN id */ 3357 if (vlan_num >= 0) { 3358 struct block *b1; 3359 3360 b1 = gen_mcmp(orig_nl, BPF_H, (bpf_int32)vlan_num, 0x0FFF); 3361 gen_and(b0, b1); 3362 b0 = b1; 3363 } 3364 3365 return (b0); 3366} 3367 3368struct block * 3369gen_sample(int rate) 3370{ 3371 struct block *b0; 3372 long long threshold = 0x100000000LL; /* 0xffffffff + 1 */ 3373 3374 if (rate < 2) { 3375 bpf_error("sample %d is too low", rate); 3376 /*NOTREACHED*/ 3377 } 3378 if (rate > (1 << 20)) { 3379 bpf_error("sample %d is too high", rate); 3380 /*NOTREACHED*/ 3381 } 3382 3383 threshold /= rate; 3384 b0 = gen_relation(BPF_JGT, gen_loadrnd(), gen_loadi(threshold), 1); 3385 3386 return (b0); 3387} 3388 3389struct block * 3390gen_p80211_fcdir(int fcdir) 3391{ 3392 struct block *b0; 3393 u_int offset; 3394 3395 if (!(linktype == DLT_IEEE802_11 || 3396 linktype == DLT_IEEE802_11_RADIO)) { 3397 bpf_error("frame direction not supported on linktype 0x%x", 3398 linktype); 3399 /* NOTREACHED */ 3400 } 3401 offset = (u_int)offsetof(struct ieee80211_frame, i_fc[1]); 3402 if (linktype == DLT_IEEE802_11_RADIO) 3403 offset += IEEE80211_RADIOTAP_HDRLEN; 3404 3405 b0 = gen_mcmp(offset, BPF_B, (bpf_int32)fcdir, 3406 (bpf_u_int32)IEEE80211_FC1_DIR_MASK); 3407 3408 return (b0); 3409} 3410 3411static struct block * 3412gen_p80211_hostop(const u_char *lladdr, int dir) 3413{ 3414 struct block *b0, *b1, *b2, *b3, *b4; 3415 u_int offset = 0; 3416 3417 if (linktype == DLT_IEEE802_11_RADIO) 3418 offset = IEEE80211_RADIOTAP_HDRLEN; 3419 3420 switch (dir) { 3421 case Q_SRC: 3422 b0 = gen_p80211_addr(IEEE80211_FC1_DIR_NODS, offset + 3423 (u_int)offsetof(struct ieee80211_frame, i_addr2), 3424 lladdr); 3425 b1 = gen_p80211_addr(IEEE80211_FC1_DIR_TODS, offset + 3426 (u_int)offsetof(struct ieee80211_frame, i_addr2), 3427 lladdr); 3428 b2 = gen_p80211_addr(IEEE80211_FC1_DIR_FROMDS, offset + 3429 (u_int)offsetof(struct ieee80211_frame, i_addr3), 3430 lladdr); 3431 b3 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3432 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr4), 3433 lladdr); 3434 b4 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3435 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr2), 3436 lladdr); 3437 3438 gen_or(b0, b1); 3439 gen_or(b1, b2); 3440 gen_or(b2, b3); 3441 gen_or(b3, b4); 3442 return (b4); 3443 3444 case Q_DST: 3445 b0 = gen_p80211_addr(IEEE80211_FC1_DIR_NODS, offset + 3446 (u_int)offsetof(struct ieee80211_frame, i_addr1), 3447 lladdr); 3448 b1 = gen_p80211_addr(IEEE80211_FC1_DIR_TODS, offset + 3449 (u_int)offsetof(struct ieee80211_frame, i_addr3), 3450 lladdr); 3451 b2 = gen_p80211_addr(IEEE80211_FC1_DIR_FROMDS, offset + 3452 (u_int)offsetof(struct ieee80211_frame, i_addr1), 3453 lladdr); 3454 b3 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3455 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr3), 3456 lladdr); 3457 b4 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3458 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr1), 3459 lladdr); 3460 3461 gen_or(b0, b1); 3462 gen_or(b1, b2); 3463 gen_or(b2, b3); 3464 gen_or(b3, b4); 3465 return (b4); 3466 3467 case Q_ADDR1: 3468 return (gen_bcmp(offset + 3469 (u_int)offsetof(struct ieee80211_frame, 3470 i_addr1), IEEE80211_ADDR_LEN, lladdr)); 3471 3472 case Q_ADDR2: 3473 return (gen_bcmp(offset + 3474 (u_int)offsetof(struct ieee80211_frame, 3475 i_addr2), IEEE80211_ADDR_LEN, lladdr)); 3476 3477 case Q_ADDR3: 3478 return (gen_bcmp(offset + 3479 (u_int)offsetof(struct ieee80211_frame, 3480 i_addr3), IEEE80211_ADDR_LEN, lladdr)); 3481 3482 case Q_ADDR4: 3483 return (gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3484 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr4), 3485 lladdr)); 3486 3487 case Q_AND: 3488 b0 = gen_p80211_hostop(lladdr, Q_SRC); 3489 b1 = gen_p80211_hostop(lladdr, Q_DST); 3490 gen_and(b0, b1); 3491 return (b1); 3492 3493 case Q_DEFAULT: 3494 case Q_OR: 3495 b0 = gen_p80211_hostop(lladdr, Q_ADDR1); 3496 b1 = gen_p80211_hostop(lladdr, Q_ADDR2); 3497 b2 = gen_p80211_hostop(lladdr, Q_ADDR3); 3498 b3 = gen_p80211_hostop(lladdr, Q_ADDR4); 3499 gen_or(b0, b1); 3500 gen_or(b1, b2); 3501 gen_or(b2, b3); 3502 return (b3); 3503 3504 default: 3505 bpf_error("direction not supported on linktype 0x%x", 3506 linktype); 3507 } 3508 /* NOTREACHED */ 3509} 3510 3511static struct block * 3512gen_p80211_addr(int fcdir, u_int offset, const u_char *lladdr) 3513{ 3514 struct block *b0, *b1; 3515 3516 b0 = gen_mcmp(offset, BPF_B, (bpf_int32)fcdir, IEEE80211_FC1_DIR_MASK); 3517 b1 = gen_bcmp(offset, IEEE80211_ADDR_LEN, lladdr); 3518 gen_and(b0, b1); 3519 3520 return (b1); 3521} 3522